diff -Nru opensc-0.11.13/aclocal.m4 opensc-0.12.1/aclocal.m4 --- opensc-0.11.13/aclocal.m4 2010-02-16 09:32:15.000000000 +0000 +++ opensc-0.12.1/aclocal.m4 2011-05-18 05:51:46.000000000 +0000 @@ -1,4 +1,4 @@ -# generated automatically by aclocal 1.11 -*- Autoconf -*- +# generated automatically by aclocal 1.11.1 -*- Autoconf -*- # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, # 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc. @@ -13,13 +13,14 @@ m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl -m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.64],, -[m4_warning([this file was generated for autoconf 2.64. +m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.67],, +[m4_warning([this file was generated for autoconf 2.67. You have another version of autoconf. It may work, but is not guaranteed to. If you have problems, you may need to regenerate the build system entirely. To do so, use the procedure documented by the package, typically `autoreconf'.])]) # pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- +# serial 1 (pkg-config-0.24) # # Copyright © 2004 Scott James Remnant . # @@ -47,7 +48,10 @@ AC_DEFUN([PKG_PROG_PKG_CONFIG], [m4_pattern_forbid([^_?PKG_[A-Z_]+$]) m4_pattern_allow([^PKG_CONFIG(_PATH)?$]) -AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])dnl +AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility]) +AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path]) +AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path]) + if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then AC_PATH_TOOL([PKG_CONFIG], [pkg-config]) fi @@ -60,7 +64,6 @@ AC_MSG_RESULT([no]) PKG_CONFIG="" fi - fi[]dnl ])# PKG_PROG_PKG_CONFIG @@ -69,34 +72,31 @@ # Check to see whether a particular set of modules exists. Similar # to PKG_CHECK_MODULES(), but does not set variables or print errors. # -# -# Similar to PKG_CHECK_MODULES, make sure that the first instance of -# this or PKG_CHECK_MODULES is called, or make sure to call -# PKG_CHECK_EXISTS manually +# Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG]) +# only at the first occurence in configure.ac, so if the first place +# it's called might be skipped (such as if it is within an "if", you +# have to call PKG_CHECK_EXISTS manually # -------------------------------------------------------------- AC_DEFUN([PKG_CHECK_EXISTS], [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl if test -n "$PKG_CONFIG" && \ AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then - m4_ifval([$2], [$2], [:]) + m4_default([$2], [:]) m4_ifvaln([$3], [else $3])dnl fi]) - # _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES]) # --------------------------------------------- m4_define([_PKG_CONFIG], -[if test -n "$PKG_CONFIG"; then - if test -n "$$1"; then - pkg_cv_[]$1="$$1" - else - PKG_CHECK_EXISTS([$3], - [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`], - [pkg_failed=yes]) - fi -else - pkg_failed=untried +[if test -n "$$1"; then + pkg_cv_[]$1="$$1" + elif test -n "$PKG_CONFIG"; then + PKG_CHECK_EXISTS([$3], + [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`], + [pkg_failed=yes]) + else + pkg_failed=untried fi[]dnl ])# _PKG_CONFIG @@ -138,16 +138,17 @@ See the pkg-config man page for more details.]) if test $pkg_failed = yes; then + AC_MSG_RESULT([no]) _PKG_SHORT_ERRORS_SUPPORTED if test $_pkg_short_errors_supported = yes; then - $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "$2"` + $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "$2" 2>&1` else - $1[]_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "$2"` + $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors "$2" 2>&1` fi # Put the nasty error message in config.log where it belongs echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD - ifelse([$4], , [AC_MSG_ERROR(dnl + m4_default([$4], [AC_MSG_ERROR( [Package requirements ($2) were not met: $$1_PKG_ERRORS @@ -155,25 +156,24 @@ Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. -_PKG_TEXT -])], - [AC_MSG_RESULT([no]) - $4]) +_PKG_TEXT])[]dnl + ]) elif test $pkg_failed = untried; then - ifelse([$4], , [AC_MSG_FAILURE(dnl + AC_MSG_RESULT([no]) + m4_default([$4], [AC_MSG_FAILURE( [The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. _PKG_TEXT -To get pkg-config, see .])], - [$4]) +To get pkg-config, see .])[]dnl + ]) else $1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS $1[]_LIBS=$pkg_cv_[]$1[]_LIBS AC_MSG_RESULT([yes]) - ifelse([$3], , :, [$3]) + $3 fi[]dnl ])# PKG_CHECK_MODULES @@ -192,7 +192,7 @@ [am__api_version='1.11' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. -m4_if([$1], [1.11], [], +m4_if([$1], [1.11.1], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) @@ -208,7 +208,7 @@ # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], -[AM_AUTOMAKE_VERSION([1.11])dnl +[AM_AUTOMAKE_VERSION([1.11.1])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) @@ -1108,7 +1108,6 @@ ]) # _AM_PROG_TAR m4_include([m4/acx_pthread.m4]) -m4_include([m4/libassuan.m4]) m4_include([m4/libtool.m4]) m4_include([m4/ltoptions.m4]) m4_include([m4/ltsugar.m4]) diff -Nru opensc-0.11.13/ChangeLog opensc-0.12.1/ChangeLog --- opensc-0.11.13/ChangeLog 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/ChangeLog 2011-05-18 05:51:40.000000000 +0000 @@ -0,0 +1,29269 @@ +2011-05-18 05:35 martin + + * releases/opensc-0.12.1/MacOSX/build-package.in: MacInstaller: + fix distribution style, which accidentially got changed in + r5376. This only affects (corrects) Mac OS X binary packaging. + +2011-05-17 17:02 martin + + * releases/opensc-0.12.1: Release OpenSC 0.12.1 + +2011-05-17 16:59 martin + + * trunk/NEWS, trunk/configure.ac: Release r5449 as OpenSC 0.12.1 + +2011-05-17 14:04 martin + + * trunk/NEWS: NEWS: add pkcs11-tool change to NEWS file + +2011-05-17 13:27 martin + + * trunk/src/tools/pkcs11-tool.c: pkcs11-tool: correct typos about + --login-type option, change id -> ID in help texts. + * trunk/src/tools/pkcs11-tool.c: pkcs11-tool: move --module to the + first position in help text and make it mandatory. + +2011-05-16 08:32 vtarasov + + * trunk/src/libopensc/asn1.c: tools: print value of 'BOOLEAN' asn1 + type + +2011-05-14 18:00 vtarasov + + * trunk/src/tools/pkcs15-tool.c: pkcs15-tool: for PIN object print + 'Auth ID' + +2011-05-13 16:11 vtarasov + + * trunk/src/libopensc/card-iasecc.c: iasecc: no support for SHA256 + in the OpenSSL previous to v0.9.8 + +2011-05-13 15:34 vtarasov + + * trunk/src/libopensc/opensc.h, trunk/src/libopensc/types.h: + libopensc: add description for the 'remote data' data types + +2011-05-13 14:04 vtarasov + + * trunk/configure.ac: suspend commit of SM support until the + nearest release + +2011-05-13 13:27 vtarasov + + * trunk/configure.ac: configure: add configuration option for + support of 'Secure Messaging', desabled by default + +2011-05-13 12:57 vtarasov + + * trunk/src/libopensc/authentic.h, + trunk/src/libopensc/card-authentic.c, + trunk/src/libopensc/iasecc-sdo.c: libopensc: authentIC: use + macros; use common CPLC data type + +2011-05-13 12:50 vtarasov + + * trunk/src/libopensc/errors.c, trunk/src/libopensc/errors.h: + libopensc: SM related errors + +2011-05-13 12:44 vtarasov + + * trunk/src/libopensc/libopensc.exports, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc.c: + libopensc: 'remote data' related procedures: init, allocate, free + +2011-05-13 12:19 vtarasov + + * trunk/src/libopensc/opensc.h, trunk/src/libopensc/types.h: + libopensc: move declaration of 'serial number' related data + types from 'opensc.h' to 'types.h'... also define CPLC and + 'remote_data' data types. + +2011-05-11 16:52 vtarasov + + * trunk/src/minidriver/minidriver.c: minidriver: in + CardAuthenticatePin() the PIN to verify is selected by + ROLE_USER, thanks to HOURY William + http://www.opensc-project.org/pipermail/opensc-devel/2011-May/016633.html + +2011-05-10 08:24 vtarasov + + * trunk/src/libopensc/card-iasecc.c: iasecc: when getting data for + qualified signature, take the last SHAxx block from the input + data ... ... and not from the SHAxx-CTX, to avoid big/little + endian uncertainty + +2011-05-09 17:11 vtarasov + + * trunk/src/pkcs11/framework-pkcs15init.c, + trunk/src/pkcs11/slot.c: pkcs11: Ticket #353: in pkcs15init + framework allocate only one slot with uninitialized token ... + aldo, when allocating existing slot to the card, return an error + if there is no more free virtual slot. + +2011-05-09 15:31 vtarasov + + * trunk/src/libopensc/card-iasecc.c: iasecc: support the digital + signature with RSA scheme PKCS#1 SHA-256 ... in this mode the + final digest (SHA-256) step has to be performed by card. + +2011-05-08 15:53 vtarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: non-unique ID is + forbidden for the public key objects + +2011-05-08 08:10 vtarasov + + * trunk/src/libopensc/libopensc.exports: libopensc: export + 'sc_do_log_noframe' instead of internal 'sc_do_log_va' + +2011-05-08 08:07 vtarasov + + * trunk/src/libopensc/log.c, trunk/src/libopensc/log.h, + trunk/src/minidriver/minidriver.c: libopensc: export the wrapper + for the internal log function dedicated to minidriver + http://www.opensc-project.org/pipermail/opensc-commits/2011-May/011049.html + +2011-05-08 07:59 vtarasov + + * trunk/src/libopensc/asn1.c: asn1: when encoding the OID, make + sure that unused part of input data is properly initialized it's + a supplement to r5355. + +2011-05-05 14:26 martin + + * trunk/src/libopensc/libopensc.exports: MiniDriver: add two + exports used by MiniDriver. PKCS#1 related functions could be + exported, internal logging should be eventually fixed in + MiniDriver instead. + +2011-05-05 14:03 martin + + * trunk/src/libopensc/Makefile.mak, + trunk/src/minidriver/Makefile.mak, + trunk/src/pkcs11/Makefile.mak: WindowsInstaller: don't link + against winscard.lib, winscard.dll is loaded on runtime. Link + minidriver against correct opensc.lib + +2011-05-04 17:17 andre + + * trunk/src/tools/piv-tool.c: piv-tool.c: Leftover from r5412. + +2011-05-04 16:45 andre + + * trunk/src/tools/pkcs11-tool.c: pkcs11-tool.c:54: warning: + missing initializer + * trunk/src/libopensc/pkcs15-pubkey.c: pkcs15-pubkey.c:975: + warning: missing initializer + +2011-05-04 16:28 vtarasov + + * trunk/doc/tools/pkcs11-tool.xml: doc: pkcs11-tool: precise the + usage of 'write-object' argument + +2011-05-04 11:41 vtarasov + + * trunk/src/pkcs15init/pkcs15-iasecc.c: iasecc: pkcs15init: test + for the wrong error code was used ... in 'Delete SDO' procedure + to ignore the 'SDO don not exist' error. Thanks to Gilles Blanc. + +2011-05-04 07:17 vtarasov + + * trunk/src/pkcs11/pkcs11-global.c: pkcs11: hide empty slots ... + The list of slots returned by C_GetSlotList() contains: - if + present, virtual hotplug slot; - any slot with token; - without + token(s), one empty slot per reader; + +2011-05-03 07:55 vtarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: pkcs15init + emulator for PIV card will not be commited + +2011-05-03 07:54 vtarasov + + * trunk/src/pkcs15init/pkcs15-iasecc.c: iasecc: pkcs15init: when + deleting SDO, do not try to overwrite 'non-updateable' SDO + attribut + +2011-05-03 07:50 vtarasov + + * trunk/src/pkcs15init/ias_adele_common.profile: iasecc: obsolete + syntax of the 'Adele Common' card profile + +2011-05-03 05:39 martin + + * trunk/src/tools/opensc-explorer.c: opensc-explorer: use relative + addressing in do_asn1 'asn1' takes a file_id as argument. This + should be selected relative to the currently selected DF instead + of being treated as an ID. (compare with 'get' & 'cat' that also + take a file_id argument) Patch from Peter Marschall + + +2011-05-03 05:38 martin + + * trunk/src/tools/opensc-explorer.c: opensc-explorer: more room + for commands in 'help' In the output of the interacive command + 'help', leave more room for the command names so that they do + not flow into the descrition. Patch from Peter Marschall + + +2011-05-01 20:21 vtarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: more of debug + messages + +2011-05-01 20:14 vtarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: for the EC key + put the EC specific data into the 'params' member of 'key-info' + data ... ; more of debug messages; + +2011-05-01 19:18 vtarasov + + * trunk/src/libopensc/libopensc.exports, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-pubkey.c, + trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h, + trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-rtecp.c: libopensc: introduce + 'key-params' data type that contains pointer, size and 'free' + handler ... + http://www.opensc-project.org/pipermail/opensc-devel/2011-April/016441.html + +2011-05-01 18:44 vtarasov + + * trunk/src/tools/piv-tool.c: piv-tool: remove the Oberthur's + specific features of the PIV card + +2011-04-30 17:51 vtarasov + + * trunk/src/libopensc/card-iasecc.c: iasecc: use atr mask to + accept the Gemalto's IAS/ECC card without MF + +2011-04-29 12:15 martin + + * trunk/doc/tools/cardos-tool.xml, + trunk/doc/tools/cryptoflex-tool.xml, + trunk/doc/tools/netkey-tool.xml, + trunk/doc/tools/opensc-explorer.xml, + trunk/doc/tools/opensc-tool.xml, + trunk/doc/tools/pkcs11-tool.xml, + trunk/doc/tools/pkcs15-profile.xml, + trunk/doc/tools/pkcs15-tool.xml, trunk/doc/tools/tools.xml, + trunk/doc/tools/westcos-tool.xml: manpages: unify the look and + feel of "See also" sections, removing references to missing + manual pages. + +2011-04-29 09:47 martin + + * trunk/NEWS: PreReleases: update NEWS file for 0.12.1-rc1 + +2011-04-29 09:02 martin + + * trunk/configure.ac: NightlyBuilds: prepare for OpenSC 0.12.1-rc1 + PreReleases + +2011-04-27 15:01 vtarasov + + * trunk/doc/tools/pkcs15-tool.xml: doc: describe the 'verify-pin' + option in pkcs15-tool documentation ... Thanks to Juan Antonio. + +2011-04-27 14:45 vtarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: use macro for the + maximal number of linked ACL for one operation ... Thanks to + NdK. + http://www.opensc-project.org/pipermail/opensc-devel/2011-April/016448.html + +2011-04-27 14:37 vtarasov + + * trunk/src/libopensc/iso7816.c: libopensc: in 'READ BINARY' + ignore the 'FILE_END_REACHED' error ... see discussion + http://www.opensc-project.org/pipermail/opensc-devel/2011-April/016413.html + +2011-04-27 14:28 vtarasov + + * trunk/src/libopensc/errors.c, trunk/src/libopensc/errors.h: + libopensc: new error code macros -- 'corrupted data' and 'file + end reached' + +2011-04-27 14:12 vtarasov + + * trunk/src/libopensc/iasecc-sdo.c, + trunk/src/libopensc/iasecc-sdo.h: iasecc: when preparing data to + update PRIVATE KEY SDO use index to enumerate the SDO components + +2011-04-27 14:06 vtarasov + + * trunk/src/libopensc/card-iasecc.c: iasecc: write 'compulsorily + use' data for the new key slot ... Once written the + 'compulsorily use' data cannot be changed. Write this data + immediately after a new key slot has been created. It helps to + avoid further confusion between 'use new key slot' and 'reuse + existing slot'. + +2011-04-27 13:56 vtarasov + + * trunk/src/libopensc/card-iasecc.c, trunk/src/libopensc/iasecc.h: + iasecc: when signing short data sequence with PSO_DST ... ... + 'last-hash-step' APDU do not includes the 'pre-hash' and + 'counter' data -- only the 'last-data-block'. + +2011-04-27 13:45 vtarasov + + * trunk/src/pkcs15init/pkcs15-iasecc.c: iasecc pkcs15init: when + creating key slot, there is no needs to write zero value + components + +2011-04-26 17:32 vtarasov + + * trunk/src/pkcs15init/pkcs15-iasecc.c: iasecc pkcs15init: + create/delete SDO private/public RSA key + +2011-04-26 17:29 vtarasov + + * trunk/src/libopensc/card-iasecc.c, + trunk/src/libopensc/cardctl.h: iasecc: 'DELETE SDO' card ctl ... + to be used by Obertbur's IAS/ECC card. + +2011-04-26 16:42 vtarasov + + * trunk/src/libopensc/card-iasecc.c, + trunk/src/libopensc/cardctl.h: iasecc: 'CREATE SDO' card ctl ... + ; static function dedicated to emulate FCP data of application + DF when it's not returned by card + +2011-04-26 16:34 vtarasov + + * trunk/src/libopensc/iasecc-sdo.c, + trunk/src/libopensc/iasecc-sdo.h: iasecc: encode data for the + SDO creation, ... ; dedicated function to parse ACLs from DOCP + data; ; when converting ACL chack and parse ACLs; ; change + prototype of the internal static functions. + +2011-04-26 16:27 vtarasov + + * trunk/src/pkcs15init/iasecc.profile, + trunk/src/pkcs15init/iasecc_generic_oberthur.profile: iasecc: + pkcs15init profiles: add 'CREATE' acl for the Oberthur's + application DF ... Obertbur's card do not returns FCP for + selected application DF. Newly introduced option will supply the + missing ACL when creating new objects or files. + +2011-04-26 07:29 martin + + * trunk/src/libopensc/apdu.c, + trunk/src/libopensc/libopensc.exports, + trunk/src/libopensc/opensc.h, trunk/src/tools/opensc-explorer.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/piv-tool.c: APDU + parsing: switch to Frank Morgner's implementation Patch by Frank + Morgner, proposed in + http://www.opensc-project.org/pipermail/opensc-devel/2011-April/016419.html + and + http://www.opensc-project.org/pipermail/opensc-devel/2011-April/016420.html: + * replace partly incorrect extended APU parsing implementation + with one factored-out in function sc_bytes2apdu() in apdu.c * + re-factor APDU parsing functions in - opensc-explorer - + opensc-tool - piv-tool to make use of sc_bytes2apdu() Thanks to + Peter Marschall and Frank Morgner This fixes #260 and #351. + +2011-04-25 09:45 alonbl + + * trunk/MacOSX/Makefile.am: maintainer-clean cleanup, thanks to + JONSITO + +2011-04-24 17:57 vtarasov + + * trunk/src/libopensc/card-iasecc.c: iasecc: Oberthur's card + strictly follows specification in 'IO buffer size' ... Most of + the card producers interpret 'send' values in 'IO buffer size' + data as "maximum APDU data size" . The last Oberthur's card + strictly follows specification and interpret these values as + "maximum APDU command size". + +2011-04-23 06:32 vtarasov + + * trunk/src/tools/opensc-explorer.c: opensc-explorer: DF_NAME type + path value should not be appended by the file ID ... When + composing path to file (for ex. to be read), if the type of + parent DF is DF_NAME, the value of the parent path is moved to + the aid path member and file ID takes place of the path value. ; + 'cd ..' command takes into account the parent can be presented + by DF_NAME + +2011-04-22 14:02 vtarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: little correction + of r5386 + +2011-04-22 14:00 vtarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: in + 'change-attribute' procedure use card specific 'update DF' + handler ... ... when it's available. 'Change-attribute' is used + by pkcs15 framework for PKCS#11. + +2011-04-22 13:50 vtarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: use dedicated + function to fix the EC parameters ... ; use pointQ data to + calculate intrinsic ID for the EC keys/certs + +2011-04-22 13:35 vtarasov + + * trunk/src/libopensc/libopensc.exports, + trunk/src/libopensc/pkcs15-pubkey.c, + trunk/src/libopensc/pkcs15.h: EC support: new exported function + to fill up the EC parameters data ... for ex. with the given + named curve fills the 'OID' and 'encoded OID' members + +2011-04-22 13:08 vtarasov + + * trunk/src/libopensc/pkcs15-piv.c, + trunk/src/libopensc/pkcs15-pubkey.c, + trunk/src/libopensc/pkcs15.h, + trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/tools/pkcs15-init.c: EC support: introduce data type + dedicated to EC parameters ... EC parameters can be presented in + a three forms: namedCurve, OID and implicit data. This new data + type will facilitate manipulation of ec-parameters in the OpenSC + tools and library. + +2011-04-21 17:20 vtarasov + + * trunk/src/pkcs15init/iasecc_generic_oberthur.profile: pkcs15init + iasecc: old syntax in the profile of the Oberthur's generic + application + +2011-04-21 16:29 vtarasov + + * trunk/src/pkcs11/framework-pkcs15.c: pkcs11 framework-pkcs15: + add EC key generation mechanism + +2011-04-21 16:18 vtarasov + + * trunk/src/tools/pkcs11-tool.c: pkcs11-tool: add test procedure + for EC keys ... ... for a while it includes key generation and + data signing. + +2011-04-21 16:14 vtarasov + + * trunk/src/pkcs11/framework-pkcs15.c: pkcs11: copy&past issue in + r5356 + +2011-04-21 14:29 vtarasov + + * trunk/src/tools/pkcs11-tool.c: pkcs11-tool: prepare + 'gen_keypair' procedure to generate also the EC keys ... ... + 'prime256v1' and 'secp384r1' + +2011-04-21 14:12 vtarasov + + * trunk/src/libopensc/asn1.c, + trunk/src/libopensc/libopensc.exports, + trunk/src/libopensc/pkcs15.h: pkcs15: new function to encode an + OID in DER format + +2011-04-21 13:46 vtarasov + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/pkcs15.h: asn1: + now sc_der_copy() returns int value + +2011-04-20 14:53 martin + + * trunk/win32/versioninfo.rc.in: WindowsInstaller: Use OpenSC + version information in Windows file version resource. * Fix + license information in file info (GPL->LGPL) + +2011-04-20 13:41 martin + + * trunk/MacOSX/build: MacInstaller: fix 10.5 build script, broken + with previous change. + +2011-04-20 12:14 martin + + * trunk/MacOSX/10.5/resources/ReadMe.html, + trunk/MacOSX/10.5/resources/ReadMe.html.in, + trunk/MacOSX/10.6/resources/ReadMe.html, + trunk/MacOSX/10.6/resources/ReadMe.html.in, + trunk/MacOSX/Makefile.am, trunk/MacOSX/build, + trunk/MacOSX/build-package.in, trunk/Makefile.am, + trunk/configure.ac: MacInstaller: use autoconf to write the + correct version to ReadMe files of installers. * Better version + tagging of generated files * Bundle files necessary for OS X + installer generation to the distribution targzip + +2011-04-19 13:45 andre + + * trunk/src/tools/opensc-tool.c: opensc-tool.c: Fixes literal + names in 'const id2str_t alg_type_names[]'. + +2011-04-19 13:03 andre + + * trunk/src/tools/pkcs11-tool.c: pkcs11-tool.c: Avoid warning: + pkcs11-tool.c:1978: warning: ‘getPUBLIC_EXPONENT’ defined but + not used + +2011-04-19 12:59 andre + + * trunk/src/pkcs15init/profile.c: profile.c: Avoid warning: + profile.c:1212: warning: comparison between signed and unsigned + +2011-04-19 12:34 andre + + * trunk/src/libopensc/types.h: types.h: Avoid warning: + opensc-tool.c:356: warning: comparison between signed and + unsigned + +2011-04-19 11:19 martin + + * trunk/doc/tools/eidenv.xml, trunk/doc/tools/tools.xml: manpages: + add a rudimentary manual page for eidenv command. Fixes #339 + +2011-04-19 10:51 martin + + * trunk/src/tools/opensc-explorer.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/piv-tool.c: Add + reminders to bytes2apdu style code blocks. + * trunk/src/tools/opensc-explorer.c, + trunk/src/tools/opensc-tool.c: opensc-{explorer,tool}: allow + sending extended APDUs In do_apdu() resp send_apdu/(, + flexibilize parsing the APDU string passed so that extended + APDUs are accepted a valid APDUs too. While at it, fix a bug + where more data than available would have been copied, + potentially leading to a SIGSEGV. Signed-off-by: Peter Marschall + + * trunk/src/tools/opensc-tool.c: opensc-tool: convert print_file() + to using tables Use ID<->name tables in print_file() innstead of + arrays of strings where the index was treated like some "magic" + constant. With the new mapping tables, the meaning is obvious. + While on it, fix a bug with ac_ops_df[]: before the conversion, + it was a list of pointers to strings but was in one case treated + like it was a mapping table. With the conversion to a mapping + table, and the adaption of other code parts this bug got fixed + "automagically" ;-) Signed-off-by: Peter Marschall + + * trunk/src/tools/opensc-tool.c: opensc-tool: make + list_algorithms() table driven Use easily extensible tables + instead of explicit coding to display algorithm names and + options in list_algorithms. Leverage the new tables to add more + RSA hashes. Signed-off-by: Peter Marschall + * trunk/src/tools/pkcs15-init.c: Fix a crash on Windows, where + pkcs15-tool -E would always crash in sc_pkcs15_free_card() + * trunk/win32/OpenSC.wxs.in: WindowsInstaller: Fix warning + CNDL1069 about deprecated attribute + +2011-04-19 10:50 martin + + * trunk/win32/OpenSC.wxs.in: WindowsInstaller: Fix Wix warning: + Z:\opensc\win32\OpenSC.wxs(22) : warning CNDL1121 : + Package/@InstallerVersion must be 200 or greater for a 64-bit + package. The value will be changed to 200. Please specify a + value of 200 or greater in order to eliminate this warning. + +2011-04-19 09:18 andre + + * trunk/src/tools/pkcs11-tool.c: pkcs11-tool.c: Avoid warning: + pkcs11-tool.c:2000: warning: comparison between signed and + unsigned + +2011-04-19 09:12 andre + + * trunk/src/pkcs15init/pkcs15-init.h: pkcs15-init.h: Avoid + warning: pkcs15-init.c:1473: warning: assignment discards + qualifiers from pointer target type + +2011-04-18 12:29 andre + + * trunk/src/libopensc/asn1.c: asn1.c: Check boundaries __before__ + accessing memory. + +2011-04-18 10:01 martin + + * trunk/win32/OpenSC.wxs.in: WindowsInstaller: split the + UpgradeCode for x86 and x64, so that both versions could be + installed in parallel on x64 + * trunk/src/libopensc/ctx.c, + trunk/src/libopensc/libopensc.exports, + trunk/src/libopensc/opensc.h, trunk/src/tools/cardos-tool.c, + trunk/src/tools/cryptoflex-tool.c, + trunk/src/tools/netkey-tool.c, + trunk/src/tools/opensc-explorer.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/piv-tool.c, + trunk/src/tools/pkcs15-crypt.c, trunk/src/tools/pkcs15-init.c, + trunk/src/tools/pkcs15-tool.c, trunk/src/tools/westcos-tool.c: + Introduce sc_ctx_log_to_file to set the debug file of libopensc. + On Windows every DLL has their own file descriptor table, thus + specifying -v from any of the OpenSC tools resulted in a crash + when the tool tried to override ctx->debug_file with stderr. + +2011-04-18 09:29 martin + + * trunk/win32/OpenSC.wxs.in: WindowsInstaller: fix "parallel + installs" Before this change, installing a new MSI would create + a new OpenSC entry in "Add/Remove programs". Now correctly a + single instance exists and a seamless upgrade can be done. Make + the URL-s for support information more specific and add the + OpenSC icon to the programs list. + +2011-04-17 18:48 vtarasov + + * trunk/src/pkcs15init/pkcs15-init.h: pkcs15init: different + possible kinds of EC generate key parameters ... named curve, + oid and der + +2011-04-17 18:45 vtarasov + + * trunk/src/pkcs11/framework-pkcs15.c: pkcs11: process the EC key + generation type + +2011-04-17 18:39 vtarasov + + * trunk/src/libopensc/asn1.c: asn1: in encode-object-id procedure + do not stop on zero -- it's a valid value + +2011-04-17 16:58 martin + + * trunk/win32/OpenSC.wxs.in: WindowsInstaller: fix x86 build after + r5351 error CNDL0150 : Undefined preprocessor variable + '$(var.PlatformProgramFilesFolder)'. NMAKE : fatal error U1077: + '"C:\Program Files\Windows Installer XML v3.6\bin\candle.exe"' : + return code '0x96' + +2011-04-17 16:12 martin + + * trunk/win32/OpenSC.wxs.in: WindowsInstaller: Always use a + canonical name for OpenSC related registry entries. This fixes + the 64bit build looking for registry keys under "OpenSC (64 + bit)" which is the name of the package. + +2011-04-17 13:18 martin + + * trunk/win32/OpenSC.wxs.in: WindowsInstaller: One more fix for + x64 installer: opensc.conf + c:\jenkins\workspace\OpenSC_win64_nightly\win32\OpenSC.wxs(61) : + error LGHT0204 : ICE80: This 32BitComponent opensc.conf uses + 64BitDirectory INSTALLDIR NMAKE : fatal error U1077: + '"C:\Program Files (x86)\Windows Installer XML + v3.6\bin\light.exe"' : return code '0xcc' + +2011-04-17 13:05 martin + + * trunk/win32/OpenSC.wxs.in: WindowsInstaller: Add win64 flag even + to platform-independent files. * Install to "System64Folder" on + x64 + +2011-04-17 12:50 martin + + * trunk/win32/OpenSC.wxs.in: WindowsInstaller: fix typo, causing + the x86 installer to claim to be x64 + +2011-04-16 17:57 vtarasov + + * trunk/src/pkcs15init/pkcs15-setcos.c: pkcs15init setcos: no need + of card specific 'delete-object' callback ... there is nothing + specific inside and it's never called by pkcs15init + +2011-04-16 17:35 vtarasov + + * trunk/src/libopensc/card-piv.c: card-piv: store serial number + into the 'serialnr' member of sc_card structure ... ... when + serial number was asked for the first time. Then return the + stored value for the every next request of serial number. + +2011-04-16 14:25 martin + + * trunk/win32/OpenSC.wxs.in: WindowsInstaller: amend r5345, Win64 + is a property of a Component, not File + +2011-04-16 14:14 martin + + * trunk/win32/OpenSC.wxs.in: Add back removed product name + +2011-04-16 14:10 martin + + * trunk/win32/OpenSC.wxs.in: WindowsInstaller: set Win64 flag for + binaries when building for win64 and use the right program files + folder. + +2011-04-15 17:11 vtarasov + + * trunk/src/pkcs15init/myeid.profile, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-myeid.c: pkcs15init myEID: in + profile increase size of xDF files, also ... during + initialization add the all xxDF to the ODF + +2011-04-15 16:50 vtarasov + + * trunk/src/pkcs15init/pkcs15-authentic.c, + trunk/src/pkcs15init/pkcs15-iasecc.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-myeid.c, + trunk/src/pkcs15init/pkcs15-setcos.c: pkcs15init: sipmlify the + 'delete-object' callaback prototype ... now it takes + 'sc_pkcs15_object' argument instead of two arguments - object's + type and object's data. + +2011-04-15 16:35 vtarasov + + * trunk/src/pkcs11/framework-pkcs15.c: framework-pkcs15: minor + coding style issues + +2011-04-15 16:34 vtarasov + + * trunk/src/tools/pkcs15-tool.c: pkcs15-tool: print title and size + of the EC public keys + +2011-04-15 16:33 vtarasov + + * trunk/src/tools/piv-tool.c: piv-tool: increase receive buffer + for the 'send-apdu' command + +2011-04-14 16:51 dengert + + * trunk/src/libopensc/pkcs15-piv.c: PIV piv_get_uid to derive a + better guid from the FASCN or the GUID so that most of the + uniquness is maintained. + +2011-04-12 21:58 alonbl + + * trunk/src/tests/regression/Makefile.am: Use check target for + tests + +2011-04-12 18:08 vtarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: prepare + pkcs15-lib for the EC key type ... use keygen consistency + procedure to return the EC key size; + +2011-04-12 17:59 vtarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: when deleting + object, do not try to select object file without valid path + +2011-04-12 17:55 vtarasov + + * trunk/src/tools/pkcs15-init.c: pkcs15-init tool: in keygen + parameters use 'curve' name without leading separators + +2011-04-12 17:51 vtarasov + + * trunk/src/tools/piv-tool.c: piv-tool: add containers discovery + +2011-04-12 13:23 vtarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: remove useless + function, use OpenSC standard convention for return value + +2011-04-12 11:36 vtarasov + + * trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/tools/pkcs15-init.c: pkcs15init: introduce EC key + generation parameters + +2011-04-12 07:49 martin + + * trunk/src/minidriver/Makefile.mak: WindowsInstaller: amend + r5329, object name is not the target name. + +2011-04-12 07:48 martin + + * trunk/win32/Make.rules.mak: WindowsInstaller: enable zlib by + default. + +2011-04-12 07:40 martin + + * trunk/configure.ac, trunk/etc/opensc.conf.in, + trunk/src/Makefile.am, trunk/src/Makefile.mak, + trunk/src/cardmod/Makefile.am, trunk/src/cardmod/Makefile.mak, + trunk/src/cardmod/cardmod-westcos.reg, + trunk/src/cardmod/cardmod.c, trunk/src/cardmod/cardmod.exports, + trunk/src/cardmod/cardmod.inf.in, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/reader-pcsc.c, + trunk/src/minidriver, trunk/src/minidriver/Makefile.am, + trunk/src/minidriver/Makefile.mak, + trunk/src/minidriver/minidriver-westcos.reg, + trunk/src/minidriver/minidriver.c, + trunk/src/minidriver/minidriver.exports, + trunk/src/minidriver/opensc-minidriver.inf.in, + trunk/win32/Make.rules.mak, trunk/win32/OpenSC.wxs.in: + MiniDriver: rename cardmod to minidriver in source. Also change + some grammar, whitespace (reported by git) and wording + (Opensc->OpenSC) issues. Add some comments here and there. See + http://www.opensc-project.org/pipermail/opensc-devel/2011-April/016261.html + +2011-04-11 14:42 martin + + * trunk/src/tools/Makefile.am, trunk/src/tools/Makefile.mak, + trunk/src/tools/rutoken-tool.c: Fix #337 rutoken-tool is + obsolete and can be removed, thus no manpage is needed. + * trunk/win32/Make.rules.mak, trunk/win32/Makefile.mak: + WindowsInstaller: Correct support for x64 builds + +2011-04-11 13:07 vtarasov + + * trunk/src/tools/pkcs15-tool.c: pkcs15-tool: print EC key label + +2011-04-11 13:00 vtarasov + + * trunk/src/tools/pkcs11-tool.c: pkcs11-tool: now it's possible to + show only the objects of a given type ... when 'type' option is + used with the 'list-objects' actions + +2011-04-11 12:02 vtarasov + + * trunk/doc/tools/piv-tool.xml, trunk/src/tools/piv-tool.c: + piv-tool: new action to print the key slots properties + +2011-04-11 11:55 vtarasov + + * trunk/doc/tools/piv-tool.xml, trunk/src/tools/piv-tool.c: piv: + no 'usepin' authentication mode in PIV tools + +2011-04-11 11:30 vtarasov + + * trunk/src/libopensc/pkcs15.c: pkcs15: include EC private/public + key types into the pkcs#15 object search procedures + +2011-04-11 10:34 andre + + * trunk/src/libopensc/ctx.c: ctx.c: Replaces magic integer -1 with + defined constant value. See + [http://www.opensc-project.org/opensc/browser/trunk/src/libopensc/cards.h?rev=5320#L32 + cards.h] + +2011-04-10 20:08 vtarasov + + * trunk/src/tools/piv-tool.c: piv-tool: in 'send-apdu' command + increase size of response buffer ... 'GET DATA' apdu can return + the code 'data still available' + +2011-04-10 09:20 vtarasov + + * trunk/src/libopensc/card.c: libopensc: use short debug macros in + card.c + +2011-04-10 09:18 vtarasov + + * trunk/src/libopensc/pkcs15.c: libopensc: use short debug macros + in pkcs15.c + +2011-04-10 08:47 vtarasov + + * trunk/src/libopensc/card-piv.c: card-piv: 'emulate' MF selection + by selection of the PIV applet ... so that, PIV card can be used + with the 'opensc-explorer' interactive tool + +2011-04-10 04:09 andre + + * trunk/src/libopensc/pkcs15-gemsafeV1.c, + trunk/src/libopensc/pkcs15-oberthur.c, + trunk/src/libopensc/pkcs15-syn.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/pkcs15.h, trunk/src/pkcs15init/pkcs15-lib.c: + libopensc: Removes useless attribute 'file' in 'struct + sc_pkcs15_df' There is no need to carry around that attribute, + because it's easy to look up the 'file' as needed. This is done + by issuing a single sc_select_file command in + sc_pkcs15init_update_any_df (pkcs15-lib.c). The parameter 'file' + of sc_pkcs15_add_df (pkcs15.c) became useless too and was + removed in turn. + +2011-04-09 19:26 vtarasov + + * trunk/src/libopensc/card-piv.c: card-pin: make working 'external + authenticate' ... 'key-ref' and 'algo' arguments of the + piv_general_external_authenticate() function were not used + +2011-04-08 15:16 vtarasov + + * trunk/src/libopensc/card-piv.c: card-piv: invalid arguments for + SC_TEST_RET macro + +2011-04-08 13:50 andre + + * trunk/src/pkcs11/misc.c, trunk/src/pkcs11/sc-pkcs11.h: pkcs11: + Fixes leftover from r4646. + +2011-04-08 13:30 andre + + * trunk/etc/opensc.conf.in, trunk/src/libopensc/card-flex.c, + trunk/src/libopensc/card-muscle.c, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/opensc.h: libopensc: Re-defines + SC_CARD_FLAG_ONBOARD_KEY_GEN to be local to the file + card-flex.c, because that flag is used nowhere else. In + principle, this patch only reverts some changes made by r2192. + Relates to #296. + +2011-04-08 12:28 vtarasov + + * trunk/src/tools/piv-tool.c: piv-tool: 'admin' and 'genkey' + options need an argument ... + +2011-04-08 10:03 vtarasov + + * trunk/src/tools/pkcs15-tool.c: pkcs15-tool: print GUID for + private key + +2011-04-08 09:57 vtarasov + + * trunk/src/tools/pkcs15-tool.c: pkcs15-tool: print key reference + in a decimal and hexadecimal formats + +2011-04-07 18:16 andre + + * trunk/src/libopensc/card-asepcos.c, + trunk/src/libopensc/card-authentic.c, + trunk/src/libopensc/card-cardos.c, + trunk/src/libopensc/card-iasecc.c, + trunk/src/libopensc/card-muscle.c, + trunk/src/libopensc/card-rtecp.c, + trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/opensc.h, + trunk/src/pkcs15init/pkcs15-cardos.c: libopensc: Removes unused + flag SC_CARD_CAP_RSA_2048. Relates to + [http://www.opensc-project.org/opensc/ticket/296#comment:1 #296]. + +2011-04-07 17:14 vtarasov + + * trunk/win32/OpenSC.wxs.in: msi: no need backslash after + [INSTALLDIR] + +2011-04-07 16:58 vtarasov + + * trunk/src/cardmod/cardmod.c: minidriver: use common routines to + get serialized GUID + +2011-04-07 16:55 vtarasov + + * trunk/src/cardmod/cardmod.c: minidriver: resolve 'unreferenced + variable' and 'comparaison signed with unsigned' warnings + +2011-04-07 16:46 vtarasov + + * trunk/src/libopensc/libopensc.exports: libopensc: export names + of the 'get GUID' routines + +2011-04-07 16:43 vtarasov + + * trunk/src/tools/pkcs15-tool.c: pkcs15-tool: include GUID to the + printed certificate info + +2011-04-07 16:42 vtarasov + + * trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: + libopensc: general routines to get serialized GUID + +2011-04-07 16:18 andre + + * trunk/src/libopensc/opensc.h: opensc.h: Removes unused flag + SC_CARD_CAP_EMV. Relates to + [http://www.opensc-project.org/opensc/ticket/296#comment:1 #296]. + +2011-04-07 15:38 andre + + * trunk/src/libopensc/card-setcos.c: card-setcos.c: Fixes misuse + of SC_CARD_FLAG_ONBOARD_KEY_GEN. From + [http://www.opensc-project.org/opensc/browser/trunk/src/libopensc/opensc.h?rev=5299#L411 + opensc.h]: #define SC_CARD_FLAG_ONBOARD_KEY_GEN 0x00000001 + #define SC_CARD_CAP_APDU_EXT 0x00000001 + +2011-04-06 22:46 andre + + * trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: + pkcs15.h: Fixes type inconsistency, because in + [http://www.opensc-project.org/opensc/browser/trunk/src/libopensc/opensc.h?rev=5190#L148 + opensc.h] algo_ref is defined as unsigned int. + +2011-04-06 15:11 andre + + * trunk/src/libopensc/dir.c: dir.c: Avoid warnings: dir.c:212: + warning: comparison between signed and unsigned dir.c:220: + warning: comparison between signed and unsigned + +2011-04-06 15:06 andre + + * trunk/src/libopensc/asn1.c: asn1.c: Avoid warnings: asn1.c:747: + warning: comparison between signed and unsigned asn1.c:785: + warning: comparison between signed and unsigned + +2011-04-06 08:22 martin + + * trunk/win32/OpenSC.wxs.in: WindowsInstaller: remove variable, + added too early. + +2011-04-06 08:10 martin + + * trunk/win32/Make.rules.mak: WindowsInstaller: reduce the warning + level, parsing error output on level 4 takes Jenkins warnings + plugin 25 minutes. + +2011-04-06 08:07 martin + + * trunk/win32/OpenSC.wxs.in: WindowsInstaller: Simplify the wix + script even further. Thanks to Kalev Lember. + +2011-04-04 10:35 martin + + * trunk/configure.ac, trunk/win32/Makefile.am, + trunk/win32/OpenSC.wxs, trunk/win32/OpenSC.wxs.in: + WindowsInstaller: set the product version programmatically for + MSI + +2011-04-04 08:29 martin + + * trunk/win32/license.rtf: WindowsInstaller: display the LGPL + license in the installer. + +2011-04-04 08:04 martin + + * trunk/win32/OpenSC.wxs: WindowsInstaller: re-work WiX installer + file for OpenSC. Add meaningful components. + * trunk/win32/Make.rules.mak: WindowsInstaller: Using /Wall was a + bad idea, use /W4 instead. + http://stackoverflow.com/questions/4001736/what-with-the-thousands-of-warnings-in-standard-headers-in-msvc-wall + +2011-04-04 07:44 martin + + * trunk/win32/Make.rules.mak: Enable all warnings on MSVC + +2011-04-04 06:42 martin + + * trunk/win32/Makefile.mak: WindowsInstaller: create an internet + shortcut to start menu. Wix invocation change. + +2011-04-03 07:41 martin + + * trunk/win32/Make.rules.mak: WindowsInstaller: Separate makefile + changes for building for x64 and building on x64. + +2011-04-01 08:06 martin + + * trunk/src/common/Makefile.mak, + trunk/src/pkcs15init/Makefile.mak, + trunk/src/scconf/Makefile.mak, trunk/win32/Make.rules.mak: + WindowsInstaller: build for x64 with nmake -f Makefile.mak + BUILD_TYPE=WIN64 + +2011-03-31 12:04 martin + + * trunk/win32/Make.rules.mak: WindowsInstaller: link against + crypt32.lib libeay32MT.lib(e_capi.obj) : error LNK2019: + unresolved external symbol __imp__CertFreeCertificateContext@4 + referenced in function _capi_free_key + +2011-03-31 11:28 martin + + * trunk/win32/Make.rules.mak, trunk/win32/Makefile.mak, + trunk/win32/opensc-msi/Make.rules.mak.works-for-vt, + trunk/win32/opensc-msi/Makefile.mak, + trunk/win32/opensc-msi/README: WindowsInstaller: tune for + default build * remove opensc-msi folder, everything related to + building on/for Windows is in /win32 * OpenSC shall be built in + static mode * set default paths for OpenSSL Win32 installer + locations * build with OpenSSL by default + +2011-03-31 10:34 martin + + * trunk/win32/OpenSC.wxs: WindowsInstaller: opensc.conf is + (incorrectly) generated with make. This is not run on Windows. + Use opensc.conf.in as the template for the *example* config file + on Windows. + +2011-03-31 10:24 martin + + * trunk/win32/OpenSC.wxs: WindowsInstaller: fix .ico path. + Everything related to building on/for Windows is in win32/ + +2011-03-31 09:18 martin + + * trunk/win32/Make.rules.mak, trunk/win32/Makefile.mak, + trunk/win32/OpenSC.ico, trunk/win32/OpenSC.wxs, + trunk/win32/opensc-msi/OpenSC.ico, + trunk/win32/opensc-msi/OpenSC.wxs: WindowsInstaller: Build MSI + by default on native Windows build. + +2011-03-31 07:45 martin + + * trunk/src/tools/opensc-explorer.c: opensc-explorer: use relative + addressing in do_cat 'cat' takes a file_id as argument. This + should be selected relative to the currently selected DF instead + of being treated as an ID. (compare with 'get' that also takes a + file_id argument) See + http://www.opensc-project.org/pipermail/opensc-devel/2011-March/016172.html + Signed-off-by: Peter Marschall + * trunk/src/tools/opensc-explorer.c: opensc-explorer: re-factor + do_cat() * use strlen(..) instead of sizeof(..)-1 - easier to + read - avoids errors if string is defined with explicit size * + bring sfi:-related code closer together See + http://www.opensc-project.org/pipermail/opensc-devel/2011-March/016172.html + Signed-off-by: Peter Marschall + * trunk/src/tools/opensc-explorer.c: opensc-explorer: re-factor + print_file() See + http://www.opensc-project.org/pipermail/opensc-devel/2011-March/016172.html + Signed-off-by: Peter Marschall + +2011-03-31 07:44 martin + + * trunk/src/tools/opensc-explorer.c: opensc-explorer: support + writing to stdout in 'get' Treat the value '-' of the second + parameter to get special. If it is given, use stdout as the file + to write to. See + http://www.opensc-project.org/pipermail/opensc-devel/2011-March/016172.html + Signed-off-by: Peter Marschall + +2011-03-30 10:36 martin + + * trunk/doc/tools/piv-tool.xml: man pages: fix piv-tool XML syntax + tools/piv-tool.xml:28: parser error : Opening and ending tag + mismatch: refsect1 line 21 and para ^ Thanks to Juan + Antonio for noticing: + http://www.opensc-project.org/pipermail/opensc-devel/2011-March/016227.html + +2011-03-29 18:11 dengert + + * trunk/doc/tools/tools.xml: Add piv-tool.xml to list of man pages + to be built + +2011-03-29 18:08 dengert + + * trunk/doc/tools/piv-tool.xml: Add a piv-tool.xml for man page. + See #338 + +2011-03-29 11:36 martin + + * trunk/src/libopensc/reader-pcsc.c: Fix #340: ignore pinpad + properties of readers known to be broken. On Mac OS X the HP + smart card keyboard claims secure PIN entry support but the PIN + is transmitted to host. Disregard the pinpad flag for this + reader. Other readers claiming pinpad support but having + problems to follow in this list. + * trunk/src/tools/eidenv.c: eidenv: update copyright and correct + used license to match the rest of OpenSC. + +2011-03-25 18:19 vtarasov + + * trunk/src/cardmod/cardmod.c: cardmod: when getting serial number + use GET_SERIAL ctl call ... rather then card->serialnr value. + Not all card drivers initialize this member. + +2011-03-23 18:37 vtarasov + + * trunk/src/cardmod/cardmod.c: cardmod: adopt classic form for + container's GUID ... also: - debug function to dump the objects; + - function to get pin by role, used in CardAuthenticateEx(); - + CALG_* flags are not translated into the SC_ALGORITHM_RSA_HASH_* + flags + (http://www.opensc-project.org/pipermail/opensc-devel/2011-March/016130.html); + - minor changes to the procedure to find the keys. tested with + 'ruToken ECP' and 'IAS/ECC' from Sagem + +2011-03-23 17:17 ludovic.rousseau + + * trunk/src/libopensc/pkcs15-oberthur.c: Fix a real bug (and a + compiler warning) pkcs15-oberthur.c: In function + 'sc_pkcs15emu_oberthur_add_pubkey': pkcs15-oberthur.c:585: + warning: statement with no effect pkcs15-oberthur.c: In function + 'sc_pkcs15emu_oberthur_add_cert': pkcs15-oberthur.c:654: + warning: statement with no effect + +2011-03-23 16:12 ludovic.rousseau + + * trunk/src/tools/pkcs15-init.c: Fix compiler warning + pkcs15-init.c: In function 'verify_pin': pkcs15-init.c:2840: + warning: declaration of 'r' shadows a previous local + pkcs15-init.c:2836: warning: shadowed declaration is here + +2011-03-23 16:05 ludovic.rousseau + + * trunk/src/libopensc/pkcs15-itacns.c: Fix compiler warning + pkcs15-itacns.c: In function 'itacns_add_data_files': + pkcs15-itacns.c:478: warning: declaration of 'list_size' shadows + a global declaration ../../src/common/simclist.h:497: warning: + shadowed declaration is here + +2011-03-23 16:02 ludovic.rousseau + + * trunk/src/libopensc/card-iasecc.c: Fix compiler warning + card-iasecc.c: In function 'iasecc_get_serialnr': + card-iasecc.c:2218: warning: declaration of 'ii' shadows a + previous local card-iasecc.c:2165: warning: shadowed declaration + is here + +2011-03-23 16:01 ludovic.rousseau + + * trunk/src/libopensc/card-iasecc.c: Fix compiler warning + card-iasecc.c: In function 'iasecc_select_file': + card-iasecc.c:647: warning: declaration of 'rv' shadows a + previous local card-iasecc.c:635: warning: shadowed declaration + is here + +2011-03-23 16:00 ludovic.rousseau + + * trunk/src/libopensc/card-iasecc.c: Fix compiler warning + card-iasecc.c:1529: warning: declaration of 'ffs' shadows a + global declaration /usr/include/string.h:121: warning: shadowed + declaration is here + +2011-03-23 15:58 ludovic.rousseau + + * trunk/src/libopensc/card-authentic.c: Fix compiler warning by + commenting dead code card-authentic.c:510: warning: + 'authentic_resize_file' defined but not used + +2011-03-23 15:57 ludovic.rousseau + + * trunk/src/libopensc/card-authentic.c: Fix compiler warning + card-authentic.c: In function 'authentic_chv_verify_pinpad': + card-authentic.c:1255: warning: declaration of 'ffs' shadows a + global declaration /usr/include/string.h:121: warning: shadowed + declaration is here + +2011-03-23 15:55 ludovic.rousseau + + * trunk/src/libopensc/card-westcos.c: Fix compiler warning + card-westcos.c: In function 'westcos_init': card-westcos.c:255: + warning: declaration of 'priv_data' shadows a previous local + card-westcos.c:210: warning: shadowed declaration is here + +2011-03-23 15:53 ludovic.rousseau + + * trunk/src/libopensc/card-piv.c: Fix compiler warning by + commenting dead code card-piv.c:179: warning: 'oid_prime256v1' + defined but not used card-piv.c:180: warning: 'oid_secp384r1' + defined but not used + +2011-03-23 15:51 ludovic.rousseau + + * trunk/src/libopensc/card-oberthur.c: Fix compiler warnings + card-oberthur.c: In function 'auth_pin_verify_pinpad': + card-oberthur.c:1581: warning: declaration of 'ffs' shadows a + global declaration /usr/include/string.h:121: warning: shadowed + declaration is here card-oberthur.c: In function + 'auth_pin_reset_oberthur_style': card-oberthur.c:1802: warning: + declaration of 'ffs' shadows a global declaration + /usr/include/string.h:121: warning: shadowed declaration is here + +2011-03-23 15:46 ludovic.rousseau + + * trunk/src/libopensc/reader-pcsc.c: Fix compiler warning + reader-pcsc.c: In function 'refresh_attributes': + reader-pcsc.c:339: warning: declaration of 'rv' shadows a + previous local reader-pcsc.c:273: warning: shadowed declaration + is here + +2011-03-23 15:45 ludovic.rousseau + + * trunk/src/libopensc/reader-pcsc.c: Fix compiler warning + reader-pcsc.c: In function 'refresh_attributes': + reader-pcsc.c:337: warning: declaration of 'state' shadows a + previous local reader-pcsc.c:272: warning: shadowed declaration + is here + +2011-03-23 15:43 ludovic.rousseau + + * trunk/src/libopensc/pkcs15-pubkey.c: Fix compiler warning + pkcs15-pubkey.c: In function + 'sc_pkcs15_pubkey_from_spki_filename': pkcs15-pubkey.c:944: + warning: 'buflen' may be used uninitialized in this function + +2011-03-23 15:41 ludovic.rousseau + + * trunk/src/libopensc/ctx.c: Fix compiler warning ctx.c: In + function 'sc_context_create': ctx.c:646: warning: implicit + declaration of function 'lt_dlinit' ctx.c:646: warning: nested + extern declaration of 'lt_dlinit' + +2011-03-23 15:19 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-iasecc.c: Fix compiler warning + pkcs15-iasecc.c:63: warning: no previous prototype for + 'iasecc_reference_to_pkcs15_id' + +2011-03-23 15:16 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-lib.c: Fix compiler warning + pkcs15-lib.c: In function 'prkey_fixup_rsa': pkcs15-lib.c:1936: + warning: declaration of 'ctx' shadows a previous local + pkcs15-lib.c:1911: warning: shadowed declaration is here + +2011-03-23 15:15 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-lib.c: Fix compiler warning + pkcs15-lib.c: In function 'sc_pkcs15init_store_private_key': + pkcs15-lib.c:1339: warning: declaration of ‘ctx’ shadows a + previous local pkcs15-lib.c:1278: warning: shadowed declaration + is here The ctx variable was already declared with the correct + value. + +2011-03-23 15:12 ludovic.rousseau + + * trunk/src/pkcs15init/profile.c: Remove typedef file_info to + complete the change/cleanup in revision 5250 + +2011-03-23 15:10 ludovic.rousseau + + * trunk/src/pkcs15init/profile.c: Fix compiler warning profile.c: + In function 'sc_profile_get_pin_id_by_reference': profile.c:785: + warning: declaration of ‘pin_info’ shadows a global declaration + profile.c:217: warning: shadowed declaration is here Avoid using + a typedef with a "common" name + +2011-03-23 15:02 ludovic.rousseau + + * trunk/src/common/libscdl.c: Fix compiler warning ibscdl.c:30: + warning: no previous prototype for 'sc_dlopen' libscdl.c:35: + warning: no previous prototype for 'sc_dlsym' libscdl.c:40: + warning: no previous prototype for 'sc_dlerror' libscdl.c:45: + warning: no previous prototype for 'sc_dlclose' + +2011-03-23 15:00 ludovic.rousseau + + * trunk/src/common/libscdl.c: Fix compiler warning libscdl.c: In + function 'sc_dlerror': libscdl.c:38: warning: old-style function + definition + +2011-03-23 14:58 ludovic.rousseau + + * trunk/src/common/libpkcs11.c: Fix compiler warning libpkcs11.c: + In function 'C_LoadModule': libpkcs11.c:37: warning: implicit + declaration of function 'lt_dlinit' libpkcs11.c:37: warning: + nested extern declaration of 'lt_dlinit' + +2011-03-23 14:56 ludovic.rousseau + + * trunk/src/libopensc/cards.h: Fix compiler warning cards.h:221: + warning: function declaration isn’t a prototype + +2011-03-23 14:55 ludovic.rousseau + + * trunk/src/common/libscdl.h: Fix compiler warning libscdl.h:24: + warning: function declaration isn’t a prototype + +2011-03-21 06:54 martin + + * trunk/src/libopensc/reader-ctapi.c: Fix building CT-API after + r5061, noticed by Jenkins autobuild reader-ctapi.c:255: error: + ‘sc_reader_t’ has no member named ‘atr_len’ + +2011-03-20 14:50 ludovic.rousseau + + * trunk/src/libopensc/card-piv.c, + trunk/src/libopensc/pkcs15-pubkey.c: typo: dont -> don't + +2011-03-20 13:17 martin + + * trunk/doc/tools/westcos-tool.xml, + trunk/src/tools/westcos-tool.c: Fix some of the spelling errors + in westcos-tool man page and utility, triggered by lintian I: + opensc: spelling-error-in-manpage + usr/share/man/man1/westcos-tool.1.gz authentification + authentication I: opensc: spelling-error-in-binary + ./usr/bin/westcos-tool attemps attempts Make text in + westcos-tool manpage more readable, harmonize PIN/PUK + capitalization. + +2011-03-20 12:19 martin + + * trunk/src/tools/pkcs15-init.c: Fix a typo reported by lintian I: + opensc: spelling-error-in-binary ./usr/bin/pkcs15-init dont don't + * trunk/doc/tools/netkey-tool.xml: Fix a typo reported by lintian + I: opensc: spelling-error-in-manpage + usr/share/man/man1/netkey-tool.1.gz diplay display + * trunk/src/libopensc/card-atrust-acos.c, + trunk/src/libopensc/card-starcos.c: Fix a typo reported by + lintian I: libopensc3: spelling-error-in-binary + ./usr/lib/libopensc.so.3.0.0 enviroment environment + +2011-03-20 12:18 martin + + * trunk/src/libopensc/pkcs15.c, + trunk/src/pkcs15init/iasecc.profile, + trunk/src/pkcs15init/pkcs15-oberthur-awp.c, + trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h: + Fix a typo reported by lintian I: libopensc3: + spelling-error-in-binary ./usr/lib/libopensc.so.3.0.0 extention + extension + +2011-03-15 12:18 vtarasov + + * trunk/src/libopensc/iso7816.c: iso7816: try to read full amount + of the requested data ... actually, if an error 'Wrong Le' + happens, the APDU with the reduced size is re-transmitted + (http://www.opensc-project.org/opensc/browser/trunk/src/libopensc/apdu.c#L401) + . iso7816_read_binary() returns this reduced amount of data and + do not trying to read the missing part . + +2011-03-15 09:39 vtarasov + + * trunk/src/pkcs15init/entersafe.profile: pkcs15init: EnterSafe: + increase size of the xDF files + http://www.opensc-project.org/pipermail/opensc-devel/2011-February/016051.html + +2011-03-14 20:18 alonbl + + * trunk/src/libopensc/reader-openct.c: openct: Wrong size + +2011-03-14 19:45 alonbl + + * trunk/src/libopensc/reader-openct.c: Make openct compile again + +2011-03-14 18:19 vtarasov + + * trunk/src/libopensc/card-rtecp.c: rtecp: in non-extended APDUs + the 'Le' value cannot be more then 256 bytes ... after r5186 the + SC_MAX_APDU_BUFFER_SIZE has been increased and so existing + defintion of Le value became invalid. + +2011-03-14 18:13 vtarasov + + * trunk/src/libopensc/pkcs15.c: pkcs15: without AID specified + return the first available PKCS#15 application ... revert + accidential commit, thanks to Pierre Ossman. + http://www.opensc-project.org/pipermail/opensc-devel/2011-March/016149.html + +2011-03-14 18:09 vtarasov + + * trunk/src/libopensc/pkcs15.c: pkcs15: accept more then one xDF + file of the same type ... partial revert of r4096, thanks to + Pierre Ossman + http://www.opensc-project.org/pipermail/opensc-devel/2011-March/016148.html + +2011-03-14 18:02 vtarasov + + * trunk/src/libopensc/padding.c: libopensc: fix debug message + +2011-03-14 18:01 vtarasov + + * trunk/src/tools/pkcs15-tool.c: pkcs15-tool: use dedicated + function to free the object memory + +2011-03-13 18:11 vtarasov + + * trunk/src/libopensc/padding.c, trunk/src/libopensc/pkcs15-sec.c: + pkcs15: more of the debug messages + +2011-03-12 15:17 vtarasov + + * trunk/win32/opensc-msi/OpenSC.wxs: msi: fix component ID of the + rutoken profiles + +2011-03-12 14:20 vtarasov + + * trunk/win32/opensc-msi/OpenSC.wxs: msi: include 'cardmod.dll' + and 'rutoken' PKCS#15 profiles into MSI + +2011-03-11 17:57 vtarasov + + * trunk/src/libopensc/card-rutoken.c: ruToken: in non-extended + APDUs the 'Le' value cannot be more then 256 bytes ... in r5186 + the SC_MAX_APDU_BUFFER_SIZE has been increased and so the + previous defintion of Le value became invalid. + +2011-03-07 18:14 andre + + * trunk/src/tools/pkcs15-tool.c: pkcs15-tool.c: Avoid compiler + warnings: pkcs15-tool.c:1111: warning: comparison between signed + and unsigned pkcs15-tool.c:1117: warning: comparison between + signed and unsigned + +2011-03-07 18:10 andre + + * trunk/src/libopensc/pkcs15.c: pkcs15.c: Avoid compiler warning: + pkcs15.c:286: warning: unused variable ‘conf_block’ + +2011-03-07 16:15 andre + + * trunk/src/libopensc/pkcs15-pin.c: pkcs15-pin: Fixing the method + of obtaining objects protected by a particular PIN. Now it's in + accordance with PKCS15. See + [http://www.opensc-project.org/pipermail/opensc-devel/2011-January/015818.html + discussion]. + +2011-03-07 16:00 andre + + * trunk/src/libopensc/pkcs15-piv.c: pkcs15-piv: Remove unused + functionality. These lines made use of the attribute card->flags + which is mostly unused in the whole framework. That attribute + becomes nearly obsolete without these lines. See + [http://www.opensc-project.org/pipermail/opensc-devel/2011-March/016104.html + discussion]. + +2011-03-06 12:35 vtarasov + + * trunk/etc/opensc.conf.in, trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-pubkey.c, + trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: + pkcs15: pin references are always positive integers ... In the + OpenSC versions previous to 0.11.5 the references greater then + 127 were erroneously encoded by one byte (negative value + ecording to the ASN.1 rules). Actually some other proprietary + PKCS#15 cards have also this infirmity. Actual commit makes + general the application of the hack used for 'starcos' card. + http://www.opensc-project.org/pipermail/opensc-devel/2011-February/016062.html + +2011-03-06 11:34 vtarasov + + * trunk/src/libopensc/errors.c, trunk/src/libopensc/errors.h, + trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: #327: unique ID + for the private key objects. Thanks a Diego (NdK) ... + http://www.opensc-project.org/opensc/ticket/327 + +2011-03-04 16:23 andre + + * trunk/src/libopensc/card-authentic.c, + trunk/src/libopensc/card-iasecc.c, + trunk/src/libopensc/card-starcos.c: Fixing misuse of + SC_CARD_FLAG_RNG. From opensc.h : + [http://www.opensc-project.org/opensc/browser/trunk/src/libopensc/opensc.h?rev=5190#L88 + #define SC_ALGORITHM_RSA_PAD_PKCS1 0x00000002] + [http://www.opensc-project.org/opensc/browser/trunk/src/libopensc/opensc.h?rev=5190#L413 + #define SC_CARD_FLAG_RNG 0x00000002] + +2011-03-02 14:18 martin + + * trunk/src/libopensc/reader-pcsc.c: PC/SC: Add "PIN length not in + range" interpretation to PC/SC pinpad code. This way this + condition won't get translated to a generic -1200 error, as + 0x6403 is not a known SW. + +2011-03-01 11:19 martin + + * trunk/etc/opensc.conf.in: EstonianEid: Force T=0 for the newest + ATR as well. + +2011-02-25 17:20 dengert + + * trunk/src/libopensc/pkcs15-piv.c: Allow a key to be used to sign + a certificate request even if the normal usage does not allow + sign. This is need when initializing a card when called by + OpenSSL req -engine + +2011-02-23 08:57 vtarasov + + * trunk/src/libopensc/card-iasecc.c: ias/ecc: do not throw an + error when there is SM or Auth.Ext protection + +2011-02-22 19:00 vtarasov + + * trunk/src/cardmod/cardmod.c: cardmod: fix log printing into the + 'debug_file' ... compiled with VS 10.0 and tested on Vista, + probably can be extended for mingw32 + http://www.opensc-project.org/opensc/browser/trunk/src/cardmod/cardmod.c#L131 + also fix warning C4715: 'check_reader_status' : not all control + paths return a value' + +2011-02-18 20:48 dengert + + * trunk/src/Makefile.mak, trunk/src/cardmod/Makefile.mak, + trunk/win32/Make.rules.mak: opensc-cardmod.dll can now by built + as "static" using the VS. The dll will contain all of OpenSC, + OpenSSL and zlib in a single dll, and thus can reside anywere. + Without this, winlogin would require it to reside in system32. + +2011-02-18 20:37 dengert + + * trunk/src/libopensc/card-piv.c: Fix malloc warning by using + stdlib.h + +2011-02-17 20:46 martin + + * trunk/src/common/Makefile.am, trunk/src/pkcs11/Makefile.am: + Amend r5201: put libscdl.h/libpkcs11.h to distribution package + and link against libltdl where needed. + +2011-02-17 17:26 vtarasov + + * trunk/win32/opensc-msi/Makefile.mak, + trunk/win32/opensc-msi/OpenSC.wxs: opensc-msi: do not install + libltdl + +2011-02-17 17:24 vtarasov + + * trunk/src/libopensc/authentic.h, + trunk/src/libopensc/iasecc-sdo.h, trunk/src/libopensc/iasecc.h: + ias/ecc: use extended path in the 'include' macros + +2011-02-17 14:50 dengert + + * trunk/src/libopensc/card-piv.c: void issues with ssize_t See + r5135 and r5195 + +2011-02-17 13:35 vtarasov + + * trunk/src/libopensc/Makefile.mak, + trunk/src/pkcs15init/pkcs15-lib.c: libopensc: include 'scdl' + library when linking with Visual Studio ... missing 'scdl' + header file in 'pkcs15-lib' + +2011-02-17 09:36 vtarasov + + * trunk/etc/opensc.conf.in: opensc.conf: by default comment out + all IAS/ECC specific configuration lines ... + http://www.opensc-project.org/pipermail/opensc-devel/2011-February/016013.html + +2011-02-17 09:28 vtarasov + + * trunk/src/libopensc/ctx.c: libopensc: fix name of 'LTDL' macro + +2011-02-17 07:45 martin + + * trunk/src/common/Makefile.am, + trunk/src/libopensc/reader-ctapi.c, + trunk/src/pkcs11/Makefile.am, trunk/src/pkcs15init/Makefile.am, + trunk/src/tools/Makefile.am: Amend r5201: also move libltdl + build properties to the right Makefile and other leftovers. + +2011-02-16 21:05 dengert + + * trunk/src/common/Makefile.am: Allow use of seperate build and + source dir when building common/libpkcs11 + +2011-02-16 19:02 martin + + * trunk/configure.ac, trunk/src/common/Makefile.am, + trunk/src/common/Makefile.mak, trunk/src/common/libpkcs11.c, + trunk/src/common/libpkcs11.h, trunk/src/common/libscdl.c, + trunk/src/common/libscdl.h, trunk/src/libopensc/Makefile.mak, + trunk/src/libopensc/ctx.c, trunk/src/libopensc/internal.h, + trunk/src/libopensc/pkcs15-syn.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/reader-ctapi.c, + trunk/src/libopensc/reader-pcsc.c, trunk/src/pkcs11/Makefile.am, + trunk/src/pkcs11/Makefile.mak, trunk/src/pkcs11/libpkcs11.c, + trunk/src/pkcs15init/pkcs15-lib.c, trunk/src/tools/Makefile.am, + trunk/src/tools/Makefile.mak, trunk/win32/Make.rules.mak: core: + reanimate the sc_dlopen API for dynamic loading * shift + libpkcs11 from src/pkcs11 to src/common as it is not used to + implement the OpenSC PKCS#11 module * invent a "libscdl" mini + library that implements either libltdl based dynamic loading or + uses native interfaces * drop hard requirement for libltl to + build OpenSC * native Windows build does not need libltdl any + more * specify CNGSDK include dir to find cardmod.h. CNGSDK only + registers with a handful of compilers Deals with #323 + +2011-02-16 14:05 vtarasov + + * trunk/src/libopensc/card-iasecc.c, + trunk/src/libopensc/iasecc-sdo.c, + trunk/src/pkcs15init/pkcs15-iasecc.c: IAS/ECC: remove dead code + and '//' coments, resolve some warnings ... to be continued, + thanks to Martin + +2011-02-16 11:01 vtarasov + + * trunk/etc/opensc.conf.in: IAS/ECC: for the IAS/ECC cards include + into the OpenSC configuration the 'card_atr' sections + +2011-02-16 10:59 vtarasov + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, trunk/src/libopensc/cardctl.h, + trunk/src/libopensc/cards.h, trunk/src/libopensc/ctx.c, + trunk/src/pkcs15init/Makefile.am, + trunk/src/pkcs15init/Makefile.mak, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c: IAS/ECC: include support of + the IAS/ECC v1.0.1 cards ... + http://www.opensc-project.org/pipermail/opensc-devel/2011-January/015756.html + +2011-02-16 10:55 vtarasov + + * trunk/src/libopensc/card-iasecc.c, + trunk/src/libopensc/iasecc-sdo.c, + trunk/src/libopensc/iasecc-sdo.h, trunk/src/libopensc/iasecc.h, + trunk/src/pkcs15init/ias_adele_admin1.profile, + trunk/src/pkcs15init/ias_adele_admin2.profile, + trunk/src/pkcs15init/ias_adele_common.profile, + trunk/src/pkcs15init/iasecc.profile, + trunk/src/pkcs15init/iasecc_admin_eid.profile, + trunk/src/pkcs15init/iasecc_generic_oberthur.profile, + trunk/src/pkcs15init/iasecc_generic_pki.profile, + trunk/src/pkcs15init/pkcs15-iasecc.c: IAS/ECC: add IAS/ECC card + specific files ... as it was announced in + http://www.opensc-project.org/pipermail/opensc-devel/2011-January/015756.html + +2011-02-16 10:46 vtarasov + + * trunk/src/pkcs15init/pkcs15-myeid.c: pkcs15init: for MyEID card + set tokenInfo flags ... it's a part of demand of the card + driver's maintainer + http://www.opensc-project.org/pipermail/opensc-devel/2011-February/015994.html + +2011-02-16 10:31 vtarasov + + * trunk/src/libopensc/card-piv.c: card-piv: 'ssize_t' is not + defined when compiling with Visual Studio + +2011-02-10 20:31 martin + + * trunk/src/libopensc/pkcs15.c: libopensc: correct ASN.1 parsing + of EF(TokenInfo). Two fields should be optional. This also fixes + #322 Thanks to Toni for finding and Andre for fixing the + problem. See + http://www.opensc-project.org/pipermail/opensc-devel/2011-January/015613.html + +2011-02-10 13:40 martin + + * trunk/MacOSX/build: MacInstaller: use the pre-built + libopensc.dylib for building OpenSC.tokend This way it can be + built without installing OpenSC on a clean machine. + +2011-02-09 17:52 dengert + + * trunk/src/cardmod/cardmod.c, trunk/src/libopensc/reader-pcsc.c: + Fixes to cardmod: The registry in no longer used to pass the + handles provided by BaseCSP. sc_ctx_use_reader is used instead. + (uses r5190) A decryption routine was added as it is needed by + login. Key container names are based on the card serial number + and cert ID. The must be unique as they are searched for in the + certificate store to find the card to insert in some situations. + If the handles change, the association to the reader and card is + refreshed as it may be a different card or reader. (uses r5127) + Extra low lowel debugging was added. To use it the + CARDMOD_LOW_LEVEL_DEBUG but be defined in cardmod.c This can log + entries before and sc_context is established. The use of "texte" + was replaced, as it looked like there could be buffer overflows. + It was replaced with a loghex routine. + SC_ALGORITHM_RSA_HASH_MD5_SHA1 can now be used (IE uses this.) + Several other bugs were fixed. The code can now bue used for AD + login, and was tested with swaping cards duirng login, and with + several readers. The code is still experimental, and for login + to work, the dlls were moved to system32. + +2011-02-09 14:45 dengert + + * trunk/src/tools/piv-tool.c: Remove dependency on + sc_establish_context, and provide appname via + sc_ctx_create_context and ctx_param. + +2011-02-09 14:33 dengert + + * trunk/src/libopensc/ctx.c, + trunk/src/libopensc/libopensc.exports, + trunk/src/libopensc/opensc.h, + trunk/src/libopensc/reader-ctapi.c, + trunk/src/libopensc/reader-openct.c, + trunk/src/libopensc/reader-pcsc.c: Add sc_ctx_use_reader as a + reader driver operation. It is used by cardmod to pass in + pointers to the PC/SC handles provided by the caller of cardmod. + Other drivers will return an error if this routine called. + +2011-02-08 15:49 dengert + + * trunk/src/libopensc/pkcs15-piv.c: Fix #325 add + SC_PKCS15_PRKEY_USAGE_ENCRYPT and SC_PKCS15_PRKEY_USAGE_DECRYPT + to PIV KEY Management keys and certificates, includeing the + Retired keys. This applies to 0.12.0 and needs to be in 0.12.1 + +2011-02-07 16:23 dengert + + * trunk/src/tools/piv-tool.c: Fix uninitialized variables and + warning messages. + +2011-02-06 22:43 andre + + * trunk/src/libopensc/sc.c: Allow hex-strings to be separated by + space characters: opensc-tool -s "00 A4 00 00 02 3F 00 00" + +2011-02-06 22:33 andre + + * trunk/src/libopensc/types.h: Adjust SC_MAX_APDU_BUFFER_SIZE to + maximum size of Short APDU. + +2011-02-06 17:28 andre + + * trunk/src/tools/opensc-explorer.c: Revert r5137, because size_t + is defined as unsigned integer type (without further + qualification). + http://www.opengroup.org/onlinepubs/000095399/basedefs/stddef.h.html + +2011-02-05 22:40 ludovic.rousseau + + * trunk/src/libopensc/card-authentic.c: Remove unused variables + card-authentic.c: In function + ‘authentic_init_oberthur_authentic_3_2’: card-authentic.c:423: + warning: unused variable ‘resp’ card-authentic.c: In function + ‘authentic_process_fci’: card-authentic.c:1042: warning: unused + variable ‘acls_NEVER’ + +2011-02-05 22:37 ludovic.rousseau + + * trunk/src/libopensc/card-piv.c: card-piv.c:564: warning: unused + variable ‘buf_len’ + +2011-02-05 22:17 ludovic.rousseau + + * trunk/src/libopensc/p15card-helper.c: Remove dead code + p15card-helper.c:263:22: warning: Although the value stored to + 'r' is used in the enclosing expression, the value is never + actually read from 'r' ...!= (r = + sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info))) { ^ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + p15card-helper.c:237:22: warning: Although the value stored to + 'r' is used in the enclosing expression, the value is never + actually read from 'r' ...if(SC_SUCCESS != (r = + sc_select_file(card, &cert_info.path, NULL))) { ^ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + p15card-helper.c:224:3: warning: Value stored to 'r' is never + read r = SC_SUCCESS; ^ ~~~~~~~~~~ + +2011-02-05 22:14 ludovic.rousseau + + * trunk/src/libopensc/pkcs15-oberthur.c: Remove dead code + pkcs15-oberthur.c:353:3: warning: Value stored to 'len' is never + read len = sizeof(label) - 1; ^ ~~~~~~~~~~~~~~~~~ + pkcs15-oberthur.c:587:3: warning: Value stored to 'sz' is never + read ...sz = len > sizeof(key_obj.label) - 1 ? + sizeof(key_obj.label) - 1 : len; ^ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + pkcs15-oberthur.c:669:2: warning: Value stored to 'offs' is + never read offs += 2 + len; ^ ~~~~~~~ pkcs15-oberthur.c:656:3: + warning: Value stored to 'sz' is never read ...sz = len > + sizeof(cobj.label) - 1 ? sizeof(cobj.label) - 1 : len; ^ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +2011-02-05 22:12 ludovic.rousseau + + * trunk/src/libopensc/pkcs15-westcos.c: Remove dead code + pkcs15-westcos.c:198:3: warning: Value stored to 'usage' is + never read usage = ^ + +2011-02-05 22:11 ludovic.rousseau + + * trunk/src/libopensc/pkcs15-tccardos.c: Remove dead code + pkcs15-tccardos.c:253:3: warning: Value stored to 'pinType' is + never read pinType = key_descr & TC_CARDOS_PIN_MASK; ^ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +2011-02-05 22:09 ludovic.rousseau + + * trunk/src/libopensc/pkcs15-openpgp.c: Remove dead code + pkcs15-openpgp.c:110:2: warning: Value stored to 'length' is + never read length = r; ^ ~ + +2011-02-05 22:08 ludovic.rousseau + + * trunk/src/libopensc/card-authentic.c: Fix typo in error message + +2011-02-05 22:07 ludovic.rousseau + + * trunk/src/libopensc/card-authentic.c: Add missing checks for + NULL before dereferencing card-authentic.c:913:33: warning: + Field access results in a dereference of a null pointer (loaded + from variable 'apdus') rv = sc_check_sw(card, apdus->sw1, + apdus->sw2); ~~~~~ ^ card-authentic.c:958:33: warning: Field + access results in a dereference of a null pointer (loaded from + variable 'apdus') rv = sc_check_sw(card, apdus->sw1, + apdus->sw2); ~~~~~ ^ card-authentic.c:1001:33: warning: Field + access results in a dereference of a null pointer (loaded from + variable 'apdus') rv = sc_check_sw(card, apdus->sw1, + apdus->sw2); ~~~~~ ^ + +2011-02-05 22:02 ludovic.rousseau + + * trunk/src/libopensc/card-authentic.c: Remove dead code + card-authentic.c:440:2: warning: Value stored to 'resp_len' is + never read resp_len = sizeof(resp); ^ ~~~~~~~~~~~~ + card-authentic.c:1053:4: warning: Value stored to 'acls' is + never read acls = acls_NEVER; ^ ~~~~~~~~~~ + +2011-02-05 22:01 ludovic.rousseau + + * trunk/src/libopensc/card-ias.c: Remove dead code + card-ias.c:132:32: warning: Although the value stored to 'ins' + is used in the enclosing expression, the value is never actually + read from 'ins' r = len = pad = use_pin_pad = ins = p1 = 0; ^ + ~~~~~~ card-ias.c:132:2: warning: Value stored to 'r' is never + read r = len = pad = use_pin_pad = ins = p1 = 0; ^ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ card-ias.c:366:2: + warning: Value stored to 'ctx' is never read ctx = card->ctx; ^ + ~~~~~~~~~ card-ias.c:361:6: warning: Although the value stored + to 'pathlen' is used in the enclosing expression, the value is + never actually read from 'pathlen' r = pathlen = stripped_len = + offset = 0; ^ ~~~~~~~~~~~~~~~~~~~~~~~~~ card-ias.c:361:2: + warning: Value stored to 'r' is never read r = pathlen = + stripped_len = offset = 0; ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + card-ias.c:361:31: warning: Although the value stored to + 'offset' is used in the enclosing expression, the value is never + actually read from 'offset' r = pathlen = stripped_len = offset + = 0; ^ ~ + +2011-02-05 21:58 ludovic.rousseau + + * trunk/src/libopensc/card-westcos.c: Remove dead code + card-westcos.c:1066:4: warning: Value stored to 'r' is never + read r = SC_ERROR_INVALID_ARGUMENTS; ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~ + +2011-02-05 21:57 ludovic.rousseau + + * trunk/src/libopensc/card-asepcos.c: Remove dead code + card-asepcos.c:446:19: warning: Value stored to 'p' during its + initialization is never read u8 buf[64], *p = buf; ^ ~~~ + * trunk/src/libopensc/card-asepcos.c: Add a missing check for NULL + before dereferencing card-asepcos.c:312:52: warning: Dereference + of null pointer r = asepcos_parse_sec_attr(card, *file, + (*file)->s... ^ + +2011-02-05 21:54 ludovic.rousseau + + * trunk/src/libopensc/card-piv.c: Remove dead code + card-piv.c:614:2: warning: Value stored to 'buf_end' is never + read buf_end = rp + buf_len; ^ ~~~~~~~~~~~~ card-piv.c:1129:3: + warning: Value stored to 'r' is never read r = 0; ^ ~ + card-piv.c:1478:2: warning: Value stored to 'q' is never read q + = rbuf; ^ ~~~~ card-piv.c:1628:2: warning: Value stored to 'q' + is never read q = rbuf; ^ ~~~~ card-piv.c:2456:4: warning: Value + stored to 'certobjlen' is never read certobjlen = 0; ^ ~ + +2011-02-05 21:51 ludovic.rousseau + + * trunk/src/libopensc/card-atrust-acos.c: Remove dead code + card-atrust-acos.c:548:2: warning: Value stored to 'keyID' is + never read keyID = env->key_ref[0]; ^ ~~~~~~~~~~~~~~~ + +2011-02-05 21:50 ludovic.rousseau + + * trunk/src/libopensc/card-oberthur.c: Remove a useless test If + card is NULL we can't dereference card->ctx to log an error We + must assume card i snever NULL card-oberthur.c:1537:3: warning: + Field access results in a dereference of a null pointer (loaded + from variable 'card') ...SC_FUNC_RETURN(card->ctx, + SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS)... + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + card-oberthur.c:1537:24: note: instantiated from: + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, ... ~~~~ ^ + card-oberthur.c:2258:3: warning: Field access results in a + dereference of a null pointer (loaded from variable 'card') + ...SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, + SC_ERROR_INVALID_ARGUMENTS)... + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + card-oberthur.c:2258:24: note: instantiated from: + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, ... ~~~~ ^ + +2011-02-05 21:45 ludovic.rousseau + + * trunk/src/libopensc/card-oberthur.c: Remove dead code + card-oberthur.c:1539:2: warning: Value stored to 'prv' is never + read prv = (struct auth_private_data *) card->drv_data; ^ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +2011-02-05 21:44 ludovic.rousseau + + * trunk/src/libopensc/card-starcos.c: Remove dead code + card-starcos.c:657:5: warning: Value stored to 'p' is never read + *p++ = file->record_length & 0xff; ^~~ card-starcos.c:652:5: + warning: Value stored to 'p' is never read *p++ = + file->record_length & 0xff; ^~~ card-starcos.c:647:5: warning: + Value stored to 'p' is never read *p++ = file->size & 0xff; ^~~ + card-starcos.c:609:4: warning: Value stored to 'p' is never read + *p++ = tmp; /* SM ISF */ ^~~ card-starcos.c:572:4: warning: + Value stored to 'p' is never read *p++ = tmp; ^~~ + card-starcos.c:1024:2: warning: Value stored to 'keyID' is never + read keyID = env->key_ref[0]; ^ ~~~~~~~~~~~~~~~ + +2011-02-05 21:41 ludovic.rousseau + + * trunk/src/libopensc/card-mcrd.c: Remove dead code + card-mcrd.c:1023:20: warning: Value stored to 'linep' during its + initialization is never read char line[256], *linep = line; ^ + ~~~~ + +2011-02-05 21:39 ludovic.rousseau + + * trunk/src/libopensc/card-cardos.c: Remove dead code + card-cardos.c:304:3: warning: Value stored to 'r' is never read + r = 256; ^ ~~~ + +2011-02-05 21:35 ludovic.rousseau + + * trunk/src/libopensc/card-flex.c: Remove dead code + card-flex.c:358:2: warning: Value stored to 'left' is never read + left = *p++; ^ ~~~~ card-flex.c:358:10: warning: Value stored to + 'p' is never read left = *p++; ^~~ + +2011-02-05 21:34 ludovic.rousseau + + * trunk/src/libopensc/card-setcos.c: Remove dead code + card-setcos.c:506:3: warning: Value stored to 'bKeyNumber' is + never read bKeyNumber = 0; ^ ~ + +2011-02-05 21:32 ludovic.rousseau + + * trunk/src/libopensc/reader-pcsc.c: Add missing check code for + NULL before dereferencing reader-pcsc.c:1076:3: warning: + Dereference of null pointer (loaded from variable + 'event_reader') *event_reader = NULL; ^~~~~~~~~~~~~ + reader-pcsc.c:1098:3: warning: Dereference of null pointer + (loaded from variable 'event') *event = 0; ^~~~~~ + reader-pcsc.c:1137:6: warning: Dereference of null pointer + (loaded from variable 'event_reader') *event_reader = ... + ^~~~~~~~~~~~~ reader-pcsc.c:1112:6: warning: Dereference of null + pointer (loaded from variable 'event_reader') *event_reader = + NULL; ^~~~~~~~~~~~~ + +2011-02-05 21:18 ludovic.rousseau + + * trunk/src/libopensc/muscle.c: Remove dead code muscle.c:417:2: + warning: Value stored to 'ptr' is never read ptr += + newPinLength; ^ ~~~~~~~~~~~~ muscle.c:918:2: warning: Value + stored to 'inPtr' is never read inPtr += toSend; ^ ~~~~~~ + muscle.c:917:2: warning: Value stored to 'left' is never read + left -= toSend; ^ ~~~~~~ muscle.c:1012:26: warning: Value stored + to 'p' is never read ushort2bebytes(p, use); p+=2; ^ ~ + +2011-02-05 21:16 ludovic.rousseau + + * trunk/src/libopensc/pkcs15-gemsafeV1.c: Remove dead code + pkcs15-gemsafeV1.c:262:5: warning: Value stored to 'endptr' is + never read endptr = (char *)(apdu.resp + apdu.resplen); ^ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +2011-02-05 21:11 ludovic.rousseau + + * trunk/src/libopensc/pkcs15.c: Remove dead code pkcs15.c:1033:3: + warning: Value stored to 'r' is never read r = + sc_pkcs15_parse_df(p15card, df); ^ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ pkcs15.c:1677:3: warning: Value + stored to 'obj_len' is never read obj_len = p - oldp; ^ ~~~~~~~~ + pkcs15.c:1948:4: warning: Value stored to 'r' is never read r = + len; ^ ~~~ pkcs15.c:1942:6: warning: Value stored to + 'record_len' is never read record_len = head[2] * 256 + head[3]; + ^ ~~~~~~~~~~~~~~~~~~~~~~~ + +2011-02-05 21:09 ludovic.rousseau + + * trunk/src/libopensc/apdu.c: Remove dead code apdu.c:166:5: + warning: Value stored to 'p' is never read *p++ = (u8)apdu->le; + ^~~ apdu.c:156:4: warning: Value stored to 'p' is never read p + += apdu->lc & 0xff; ^ ~~~~~~~~~~~~~~~ apdu.c:147:5: warning: + Value stored to 'p' is never read *p++ = (u8)apdu->le; ^~~ + apdu.c:139:3: warning: Value stored to 'p' is never read p += + apdu->lc; ^ ~~~~~~~~ apdu.c:118:3: warning: Value stored to 'p' + is never read p += apdu->lc; ^ ~~~~~~~~ apdu.c:112:5: warning: + Value stored to 'p' is never read *p++ = (u8)apdu->le; ^~~ + apdu.c:107:5: warning: Value stored to 'p' is never read *p++ = + (u8)apdu->le; ^~~ apdu.c:102:4: warning: Value stored to 'p' is + never read *p++ = (u8)apdu->le; ^~~ apdu.c:99:5: warning: Value + stored to 'p' is never read *p++ = (u8)0x00; ^~~ + +2011-02-05 21:04 ludovic.rousseau + + * trunk/src/libopensc/ef-atr.c: Remove dead code ef-atr.c:41:16: + warning: Value stored to 'category' during its initialization is + never read unsigned char category = *buf; ^ ~~~~ + +2011-02-05 21:03 ludovic.rousseau + + * trunk/src/libopensc/asn1.c: Remove dead code asn1.c:1321:3: + warning: Value stored to 'r' is never read r = 0; ^ ~ + +2011-02-05 21:01 ludovic.rousseau + + * trunk/src/libopensc/log.c: Remove dead code log.c:107:2: + warning: Value stored to 'left' is never read left -= r; ^ ~ + log.c:106:2: warning: Value stored to 'p' is never read p += r; + ^ ~ + +2011-02-05 21:00 ludovic.rousseau + + * trunk/src/libopensc/ctx.c: Remove dead code ctx.c:550:25: + warning: Value stored to 'count' is never read + ctx->conf_blocks[count++] = blocks[0]; ^~~~~~~ + +2011-02-05 20:59 ludovic.rousseau + + * trunk/src/libopensc/sc.c: Fix analyzer warnings. The code looked + good. sc.c:667:12: warning: The left operand of '>=' is a + garbage value if (tx[2] >= 0) ~~~~~ ^ sc.c:656:12: warning: The + left operand of '>=' is a garbage value if (tx[0] >= 0) { ~~~~~ ^ + +2011-02-05 20:54 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-authentic.c: Remove dead code + pkcs15-authentic.c:692:2: warning: Value stored to 'caps' is + never read caps = card->caps; ^ ~~~~~~~~~~ + +2011-02-05 20:53 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-oberthur-awp.c: Remove dead code + pkcs15-oberthur-awp.c:143:3: warning: Value stored to 'desc' is + never read desc = "Oberthur AWP container list"; ^ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ pkcs15-oberthur-awp.c:138:3: + warning: Value stored to 'desc' is never read desc = "Oberthur + AWP private object list"; ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + pkcs15-oberthur-awp.c:133:3: warning: Value stored to 'desc' is + never read desc = "Oberthur AWP public object list"; ^ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ pkcs15-oberthur-awp.c:128:3: + warning: Value stored to 'desc' is never read desc = "Oberthur + AWP token info"; ^ ~~~~~~~~~~~~~~~~~~~~~~~~~ + pkcs15-oberthur-awp.c:122:3: warning: Value stored to 'desc' is + never read desc = "Oberthur AWP private data object info"; ^ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + pkcs15-oberthur-awp.c:117:3: warning: Value stored to 'desc' is + never read desc = "Oberthur AWP data object info"; ^ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ pkcs15-oberthur-awp.c:112:3: + warning: Value stored to 'desc' is never read desc = "Oberthur + AWP public key info"; ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + pkcs15-oberthur-awp.c:106:3: warning: Value stored to 'desc' is + never read desc = "Oberthur AWP private key info"; ^ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ pkcs15-oberthur-awp.c:100:3: + warning: Value stored to 'desc' is never read desc = "Oberthur + AWP certificate info"; ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + pkcs15-oberthur-awp.c:338:2: warning: Value stored to 'rec_offs' + is never read rec_offs = 0; ^ ~ pkcs15-oberthur-awp.c:1369:2: + warning: Value stored to 'offs' is never read offs += len; ^ ~~~ + +2011-02-05 20:51 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-oberthur.c: Remove dead code + pkcs15-oberthur.c:457:4: warning: Value stored to 'type' is + never read type = SC_PKCS15INIT_USER_PIN; ^ + ~~~~~~~~~~~~~~~~~~~~~~ pkcs15-oberthur.c:452:4: warning: Value + stored to 'type' is never read type = SC_PKCS15INIT_USER_PUK; ^ + ~~~~~~~~~~~~~~~~~~~~~~ pkcs15-oberthur.c:445:4: warning: Value + stored to 'type' is never read type = SC_PKCS15INIT_SO_PIN; ^ + ~~~~~~~~~~~~~~~~~~~~ + +2011-02-05 20:50 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-myeid.c: Remove dead code + pkcs15-myeid.c:251:4: warning: Value stored to 'type' is never + read type = SC_PKCS15INIT_USER_PIN; ^ ~~~~~~~~~~~~~~~~~~~~~~ + pkcs15-myeid.c:244:4: warning: Value stored to 'type' is never + read type = SC_PKCS15INIT_SO_PIN; ^ ~~~~~~~~~~~~~~~~~~~~ + +2011-02-05 20:48 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-muscle.c: Remove dead code + pkcs15-muscle.c:101:3: warning: Value stored to 'type' is never + read type = SC_PKCS15INIT_USER_PIN; ^ ~~~~~~~~~~~~~~~~~~~~~~ + pkcs15-muscle.c:99:3: warning: Value stored to 'type' is never + read type = SC_PKCS15INIT_SO_PIN; ^ ~~~~~~~~~~~~~~~~~~~~ + +2011-02-05 20:47 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-incrypto34.c: Remove dead code + pkcs15-incrypto34.c:133:7: warning: Although the value stored to + 'r' is used in the enclosing expression, the value is never + actually read from 'r' ...r = + sc_pkcs15init_authenticate(profile, p15card, file, + SC_AC_OP_DELETE)... ^ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +2011-02-05 20:46 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-starcos.c: Remove dead code + pkcs15-starcos.c:158:3: warning: Value stored to 'p' is never + read *p++ = ipf_file->size & 0xff; ^~~ pkcs15-starcos.c:128:3: + warning: Value stored to 'p' is never read *p++ = 0x00; /* SM + ISF: no */ ^~~ pkcs15-starcos.c:239:3: warning: Value stored to + 'p' is never read *p++ = ipf_file->size & 0xff; ^~~ + pkcs15-starcos.c:206:3: warning: Value stored to 'p' is never + read *p++ = 0x00; /* SM ISF: no */ ^~~ pkcs15-starcos.c:636:4: + warning: Value stored to 'p' is never read *p++ = 0x00; ^~~ + pkcs15-starcos.c:613:4: warning: Value stored to 'p' is never + read *p++ = (u8) kinfo->key_reference; /* CHA byte */ ^~~ + pkcs15-starcos.c:699:3: warning: Value stored to 'p' is never + read *p++ = (u8) kinfo->key_reference; /* CHA */ ^~~ + +2011-02-05 20:45 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-jcop.c: Remove dead code + pkcs15-jcop.c:118:17: warning: Value stored to 'type' is never + read type = SC_PKCS15INIT_USER_PIN; ^ ~~~~~~~~~~~~~~~~~~~~~~ + pkcs15-jcop.c:112:17: warning: Value stored to 'type' is never + read type = SC_PKCS15INIT_SO_PIN; ^ ~~~~~~~~~~~~~~~~~~~~ + pkcs15-jcop.c:171:9: warning: Value stored to 'pub_len' is never + read pub_len = 2 + mod_len + exp_len; ^ ~~~~~~~~~~~~~~~~~~~~~ + pkcs15-jcop.c:284:6: warning: Value stored to 'bytes' is never + read bytes = mod_len / 2; ^ ~~~~~~~~~~~ + +2011-02-05 20:42 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-cflex.c: Remove dead code + pkcs15-cflex.c:747:3: warning: Value stored to 'key' is never + read *key++ = 0; ^~~~~ + +2011-02-05 20:41 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-gpk.c: Remode dead code + pkcs15-gpk.c:213:3: warning: Value stored to 'type' is never + read type = SC_PKCS15INIT_USER_PIN; ^ ~~~~~~~~~~~~~~~~~~~~~~ + pkcs15-gpk.c:207:3: warning: Value stored to 'type' is never + read type = SC_PKCS15INIT_SO_PIN; ^ ~~~~~~~~~~~~~~~~~~~~ + pkcs15-gpk.c:853:3: warning: Value stored to 'pe' is never read + pe++; ^~~~ + +2011-02-05 20:38 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-lib.c: Remove dead code + pkcs15-lib.c:727:4: warning: Value stored to 'pin_type' is never + read pin_type = SC_PKCS15INIT_USER_PIN; ^ ~~~~~~~~~~~~~~~~~~~~~~ + pkcs15-lib.c:1011:3: warning: Value stored to 'pin_type' is + never read pin_type = SC_PKCS15INIT_SO_PIN; ^ + ~~~~~~~~~~~~~~~~~~~~ pkcs15-lib.c:1009:3: warning: Value stored + to 'pin_type' is never read pin_type = SC_PKCS15INIT_USER_PUK; ^ + ~~~~~~~~~~~~~~~~~~~~~~ pkcs15-lib.c:1505:2: warning: Value + stored to 'usage' is never read usage = + SC_PKCS15_PRKEY_USAGE_SIGN; ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~ + pkcs15-lib.c:1507:3: warning: Value stored to 'usage' is never + read usage = sc_pkcs15init_map_usage(args->x509_usage, 0); ^ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + pkcs15-lib.c:2560:3: warning: Value stored to 'file' is never + read file = df->file; ^ ~~~~~~~~ + +2011-02-05 20:29 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-lib.c: Fix a memory leak The + initializations are already done a few lines below + pkcs15-lib.c:1938:11: warning: Value stored to 'ctx' during its + initialization is never read BN_CTX *ctx = BN_CTX_new(); ^ + ~~~~~~~~~~~~ pkcs15-lib.c:1937:11: warning: Value stored to + 'aux' during its initialization is never read BIGNUM *aux = + BN_new(); ^ ~~~~~~~~ + +2011-02-05 20:25 ludovic.rousseau + + * trunk/src/scconf/scconf.c: Remove dead code scconf.c:195:2: + warning: Value stored to 'ret' is never read ret = + scconf_put_str(block, option, !value ? "false" : "true"); ^ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + scconf.c:585:3: warning: Value stored to 'r' is never read r = + 0; ^ ~ scconf.c:711:3: warning: Value stored to 'r' is never + read r = 0; ^ ~ + +2011-02-05 17:47 ludovic.rousseau + + * trunk/src/libopensc/card-piv.c: Fix compiler warning + card-piv.c:2014:7: warning: unused variable 'outp' + [-Wunused-variable] u8 * outp = out; ^ + +2011-02-05 17:44 ludovic.rousseau + + * trunk/src/tools/opensc-explorer.c: Fix a compiler warning + opensc-explorer.c:1440:22: warning: conversion specifies type + 'unsigned int' but the argument has type 'size_t' (aka 'unsigned + long') [-Wformat] printf("expecting %u, got only %d bytes.\n", + len, r); ~^ ~~~ %lu + +2011-02-05 17:42 ludovic.rousseau + + * trunk/src/libopensc/pkcs15-westcos.c: Fix compiler warning + pkcs15-westcos.c:247:8: warning: initializing 'char *' with an + expression of type 'char const [8]' discards qualifiers char + *name = "WESTCOS"; ^ ~~~~~~~~~ + +2011-02-05 17:34 ludovic.rousseau + + * trunk/src/libopensc/card-piv.c: Fix a bug. read(2) returns a + signed value. read(2) errors were not detected in the previous + code. card-piv.c:833:10: warning: comparison of unsigned + expression < 0 is always false [-Wsign-compare] if (len < 0) { + ~~~ ^ ~ + +2011-02-05 17:20 ludovic.rousseau + + * trunk/src/libopensc/ctx.c: Fix compiler warning ctx.c:56:1: + warning: control may reach end of non-void function + [-Wreturn-type] } ^ + +2011-02-05 17:16 ludovic.rousseau + + * trunk/src/libopensc/sc.c: Fix compiler warnings sc.c:406:39: + warning: missing field 'usage' initializer + [-Wmissing-field-initializers] SC_AC_NEVER, SC_AC_KEY_REF_NONE, + {{0}}, NULL ^ sc.c:409:38: warning: missing field 'usage' + initializer [-Wmissing-field-initializers] SC_AC_NONE, + SC_AC_KEY_REF_NONE, {{0}}, NULL ^ sc.c:412:41: warning: missing + field 'usage' initializer [-Wmissing-field-initializers] + SC_AC_UNKNOWN, SC_AC_KEY_REF_NONE, {{0}}, NULL ^ + +2011-02-05 17:11 ludovic.rousseau + + * trunk/src/libopensc/card-authentic.c: Fix compiled warnings + card-authentic.c:1770:1: warning: no previous prototype for + function 'authentic_manage_sdo_encode_prvkey' + [-Wmissing-prototypes] authentic_manage_sdo_encode_prvkey(struct + sc_card *card, struct ... ^ card-authentic.c:1832:1: warning: no + previous prototype for function 'authentic_manage_sdo_encode' + [-Wmissing-prototypes] authentic_manage_sdo_encode(struct + sc_card *card, struct ... ^ + +2011-02-05 17:05 ludovic.rousseau + + * trunk/src/libopensc/pkcs15-pubkey.c: Fix compiler warning + pkcs15-pubkey.c:787:5: warning: no previous prototype for + function 'sc_pkcs15_read_der_file' [-Wmissing-prototypes] int + sc_pkcs15_read_der_file(sc_context_t *ctx, char * filename, ^ + +2011-02-05 17:04 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-authentic.c: Fix compiler warning + pkcs15-authentic.c:97:1: warning: no previous prototype for + function 'authentic_reference_to_pkcs15_id' + [-Wmissing-prototypes] authentic_reference_to_pkcs15_id + (unsigned int ref, struct sc_pkcs15_id *id) ^ + +2011-02-05 16:54 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-asepcos.c: Use & for logical and + pkcs15-asepcos.c:518:23: warning: use of logical && with + constant operand; switch to bitwise & or remove constant + [-Wconstant-logical-operand] *p++ = (fileid >> 8) && 0xff; ^ ~~~~ + +2011-02-05 16:37 ludovic.rousseau + + * trunk/src/libopensc/cards.h: Fix compiler warning cards.h:215: + warning: function declaration isn’t a prototype + +2011-02-03 21:18 dengert + + * trunk/src/libopensc/ctx.c, trunk/src/libopensc/internal.h: Add + _sc_delete_reader to allow for a single reader to be deleted + from the ctx->readers list. This will be used by cardmod and for + consistence by sc_release_context. + +2011-02-01 17:32 martin + + * trunk/src/libopensc/card-mcrd.c: EstonianEid: better detection + and workaround for the double tag bug with v3.0 cards See + wiki:EstonianEid for the description of known issues with the + card. + +2011-01-27 22:18 andre + + * trunk/src/libopensc/pkcs15.c: pkcs15.c: Check info->label for + NULL before calling strdup(). Avoids segmentation fault in the + case where info->label == NULL. Fixes #318. Thanks lmamane. + +2011-01-27 14:25 martin + + * trunk/src/libopensc/pkcs15-pin.c: core: Fix PIN caching for PIN + codes protecting user consent keys, broken in r4048 Such PIN + codes were erroneously cached in memory, even though not used + with revalidation.. User consent relates to private keys, not + PIN codes. + * trunk/src/tools/pkcs15-tool.c: pkcs15-tool: check for remaining + PIN tries before changing a PIN. If the card supports it, + changing a blocked PIN will result in an error before PIN entry, + not when the card re-states that the PIN is already blocked. + +2011-01-27 08:43 ep + + * trunk/src/libopensc/pkcs15-itacns.c: Amend and update register + of IC manufacturers for itacns + +2011-01-24 10:59 martin + + * trunk/MacOSX/build: MacInstaller: track Tokend branch in Git + based on OpenSC release. + +2011-01-22 12:53 martin + + * trunk/src/libopensc/ctx.c: libopensc: calling sc_context_create + without parameters is not allowed + +2011-01-20 13:02 martin + + * trunk/src/cardmod/cardmod.c: MiniDriver: MS Visual Studio is + identified by _MSC_VER not VISUAL_STUDIO + http://predef.sourceforge.net/precomp.html#sec35 + +2011-01-20 12:58 martin + + * trunk/src/cardmod/cardmod.c: MiniDriver: change cardmod.h + include style to help building with compilers which don't have + cardmod.h registered in the search path. + * trunk/src/cardmod/Makefile.mak: MiniDriver: embed the manifest + into minidriver DLL + +2011-01-19 15:06 martin + + * trunk/src/cardmod/Makefile.mak: MiniDriver: Create cardmod DLL + with nmake as well. + +2011-01-19 14:47 vtarasov + + * trunk/src/pkcs15init/pkcs15-myeid.c: MyEID: pkcs15init: create + all xDF files at the stage of the card initialisation ... it was + discussed in + http://www.opensc-project.org/pipermail/opensc-devel/2011-January/015620.html + +2011-01-19 14:22 vtarasov + + * trunk/src/libopensc/ef-atr.c: libopensc: initialize 'sc_ef_atr' + type variable + +2011-01-19 14:16 vtarasov + + * trunk/src/pkcs15init/profile.c: pkcs15init: profile: unused + variables + +2011-01-19 08:37 martin + + * trunk/src/libopensc/card-mcrd.c: EstonianEid: add new 2011 card + ATR (18.01.2011+) + +2011-01-18 16:31 vtarasov + + * trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-data.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-pubkey.c: pkcs15: when setting object + data's path, use, if available, the AID from + 'DiscretionaryDataObject' + +2011-01-18 16:17 vtarasov + + * trunk/src/libopensc/pkcs15-pin.c: pkcs15: simplify PIN's path + assignement + +2011-01-18 16:06 vtarasov + + * trunk/src/tools/pkcs15-tool.c: pkcs15-tool: do not print empty + path, print path also when it only has 'aid' member + +2011-01-18 16:02 vtarasov + + * trunk/src/libopensc/pkcs15.c: pkcs15: redesign + sc_pkcs15_make_absolute_path() ... - do nothing if child has + 'aid'; - child inherit the parents's 'aid' if this one exists; - + child inherit parents's path of type 'DF NAME' as 'aid'; - + return if child path is zero length; - finaly concatenate parent + and child paths. + +2011-01-18 10:39 vtarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: when deleting + object ignore the object data file selection error + 'FILE_NOT_FOUND' ... just update the xDF content. + +2011-01-18 09:48 vtarasov + + * trunk/src/libopensc/card-authentic.c, + trunk/src/libopensc/card-oberthur.c, + trunk/src/libopensc/pkcs15-sec.c, + trunk/src/libopensc/pkcs15-tcos.c, trunk/src/libopensc/pkcs15.c, + trunk/src/pkcs15init/pkcs15-asepcos.c, + trunk/src/pkcs15init/pkcs15-starcos.c: libopensc: avoid using of + the not completely initialized 'sc_path' variables + +2011-01-18 04:43 andre + + * trunk/etc/opensc.conf.in: opensc.conf.in: clean up white spaces + +2011-01-17 21:09 andre + + * trunk/src/libopensc/pkcs15-pin.c: pkcs15-pin.c: fixes + segmentation fault in the case where p15card->app == NULL + +2011-01-17 19:00 vtarasov + + * trunk/src/libopensc/card-acos5.c, + trunk/src/libopensc/card-asepcos.c, + trunk/src/libopensc/card-atrust-acos.c, + trunk/src/libopensc/card-entersafe.c, + trunk/src/libopensc/card-ias.c, + trunk/src/libopensc/card-openpgp.c, + trunk/src/libopensc/card-starcos.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-tool.c: + libopensc: avoid the using of not completely initialized + 'sc_path' variables to be continued... + +2011-01-17 16:52 vtarasov + + * trunk/src/pkcs15init/profile.c: pkcs15init: profile: little fix + of the previous commit + +2011-01-17 16:49 vtarasov + + * trunk/src/pkcs15init/profile.c: pkcs15init: profile: use short + form of the log message call + +2011-01-17 16:28 vtarasov + + * trunk/src/libopensc/libopensc.exports, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/tools/pkcs15-init.c: pkcs15init: function to finalize + profile when binding to the application of the multi-application + PKCS#15 card. + +2011-01-17 16:05 vtarasov + + * trunk/src/pkcs15init/profile.c: pkcs15init: profile: redesign + 'sc_profile_find_file_by_path()' ... to take into account the + non-zero 'aid' member in the 'path' parameter or in the path of + the file's instance also take into account the non-zero 'aid' + when getting 'file-id' + +2011-01-17 15:51 vtarasov + + * trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h: + pkcs15init: profile: new function 'get_parent' ... to get + profile instance of the parent of some file presented by it's + profile name. ;accept hexadecimal values presented in 'xAB' + form; ;coding style issues; + +2011-01-17 15:18 vtarasov + + * trunk/src/pkcs15init/profile.c: pkcs15init: profile: handles for + 'profile-extention' and 'exclusive-aid' ... 'profile-extention' + profile parameter used to load from the separate file the AID + dependent profile part. 'exclusive-aid' profile parameter used + to introduce the AID for the DF that do not have file-id and + that can be selected only by 'DF-NAME' selection. + +2011-01-17 14:51 vtarasov + + * trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h: + pkcs15init: profile: sc_profile_finish() accept additional + parameter 'application info' ... Each application of the + multi-application PKCS#15 card has it's own associated + pkcs15init profile file. Profile of the multi-application card + contains an association between the ID of the on-card + application and associated profile name. When + sc_profile_finish() is called - sc_card is connected, - + information on the preset on-card applications is available; - + AID of the applicaition to be binded is known. thus allowing to + sc_profile_finish() to load the final part of the profile. + +2011-01-17 14:03 vtarasov + + * trunk/src/pkcs15init/profile.c: pkcs15init: profile: parse new + AC operation types ... debug messages and some coding style + issues + +2011-01-17 13:11 vtarasov + + * trunk/src/libopensc/pkcs15-pin.c: pkcs15: comments and debug + messages + +2011-01-17 12:54 vtarasov + + * trunk/src/libopensc/pkcs15-pubkey.c: pkcs15: when getting public + key data, return 'direct' object value if available add debug + messages + +2011-01-14 17:12 vtarasov + + * trunk/src/libopensc/pkcs15-sec.c: pkcs15: initialize 'supported + algorithms' in SE data by the ones from tokenInfo for some cards + to prepare security environment for the PSO operation card + driver may need the value of 'algRef' attribut of + tokenInfo.supportedAlgorithm. + +2011-01-14 09:59 flc + + * trunk/src/libopensc/libopensc.exports: remove unset + sc_pkcs15init_finalize_profile function from libopensc.exports + +2011-01-13 15:06 vtarasov + + * trunk/src/libopensc/asn1.c: asn1: spelling of the debug messages + +2011-01-13 14:05 vtarasov + + * trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: + pkcs15: add array with supported algos references to the key + info data type ... and imlement API to access it + +2011-01-13 13:59 vtarasov + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/asn1.h: asn1: + accept long tag ... According to X.690-0207 ch.8.1.2.4 + +2011-01-12 17:41 vtarasov + + * trunk/src/libopensc/libopensc.exports, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/sc.c, + trunk/src/pkcs15init/authentic.profile: libopensc: export + sc_find_app(), remove debug message, ... avoid double '::' + separator in path_print(); touch authentic profile file + +2011-01-11 16:50 vtarasov + + * trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/tools/pkcs15-init.c: pkcs15init: add 'aid' argument to + prototype of sc_pkcs15init_erase_card() ... used to indicate + application to erase + +2011-01-11 16:40 vtarasov + + * trunk/src/libopensc/cardctl.h, + trunk/src/pkcs15init/pkcs15-lib.c: pkcd15init: get PIN reference + from SE number when verifying 'SE' secret type ... + +2011-01-11 10:46 vtarasov + + * trunk/src/libopensc/sc.c, trunk/src/libopensc/types.h: tools: + reserve more place for the print path and AID buffer ... to + insert the '::' indicator of 'AID' or 'DF_NAME' path type + +2011-01-11 10:29 vtarasov + + * trunk/src/libopensc/ef-atr.c, trunk/src/libopensc/iso7816.h: + libopensc: parse EF.ATR: redefine 'STATUS' macros ... thanks to + Andre Zepezauer for his precious remarks + +2011-01-11 10:19 vtarasov + + * trunk/src/libopensc/pkcs15.c: pkcs15: asn1: extend DDO with + 'ddoAID' and 'ddoIIN' ... This extension is used by + multi-applications cards when EF.ODF with EF.tokenInfo and xDF + with (secure) data objects are placed in a different + applications. + +2011-01-11 10:12 vtarasov + + * trunk/src/libopensc/pkcs15-pin.c: pkcs15: asn1: local PIN should + have a path defined ... if there is no 'path' in the + 'PinAttributes', use DDO.AID or application path as a PIN's path. + +2011-01-11 10:08 vtarasov + + * trunk/src/libopensc/dir.c: libopensc: parse EF.DIR: no need to + check the presence of mandatory AID after success of ASN1 + decoding use "struct sc_aid" + +2011-01-10 14:15 vtarasov + + * trunk/src/libopensc/ef-atr.c, trunk/src/libopensc/iso7816.h, + trunk/src/libopensc/opensc.h: libopensc: remove non-ISO7816 + members from the EF.ATR data, thanks to Andre Zepezauer + +2011-01-10 10:44 vtarasov + + * trunk/src/libopensc/asn1.c: asn1: invalid detection of AID + presence in ASN1 path data + +2011-01-09 17:25 vtarasov + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/types.h: asn1: + decode 'extendedPath' + +2011-01-09 17:23 vtarasov + + * trunk/src/libopensc/pkcs15.c: libopensc: adapt + 'make_absolute_path' to the path with valid 'aid' member ... use + make_absolute_path() to compose path to 'ODF' and 'tokenInfo' + +2011-01-09 17:17 vtarasov + + * trunk/src/libopensc/sc.c: libopensc: when printing 'path', print + also the value of 'aid' if available. + +2011-01-09 17:13 vtarasov + + * trunk/src/tools/pkcs15-tool.c: pkcs15-tool: do not print + non-relevant to the 'list-applications' context information + +2011-01-09 10:42 vtarasov + + * trunk/src/libopensc/iso7816.c: iso7816: use already defined + local variable 'ctx' instead of 'card->ctx' + +2011-01-09 10:17 martin + + * trunk/src/libopensc/card-openpgp.c, trunk/src/libopensc/cards.h, + trunk/src/libopensc/ctx.c, trunk/src/libopensc/pkcs15-openpgp.c, + trunk/src/libopensc/pkcs15-syn.c: Initial modifications to + support OpenPGP v2.0 (CryptoStick) * Correct naming: openpgp not + opengpg * Set the card name from ATR table * Add card type enums + * Currently OpenPGP is read-only. + * trunk/src/libopensc/iso7816.c: iso7816: Don't translate a + returned FCP template from SELECT FILE to "unknown data received" + +2011-01-09 10:02 vtarasov + + * trunk/src/libopensc/libopensc.exports, trunk/src/libopensc/sc.c: + libopensc: to be compiled with Visual Studio + +2011-01-09 09:32 vtarasov + + * trunk/src/libopensc/card.c, + trunk/src/libopensc/libopensc.exports: libopensc: procedure to + log the card's cache + +2011-01-09 09:29 vtarasov + + * trunk/src/libopensc/opensc.h, trunk/src/libopensc/types.h: + libopensc: extend DDO data type with the parsed 'aid', 'oid' and + 'iid' members + +2011-01-09 09:25 vtarasov + + * trunk/src/libopensc/opensc.h: libopensc: extend serial number to + the ISO/IEC 7812 PAN definition + +2011-01-09 09:13 vtarasov + + * trunk/src/libopensc/sc.c, trunk/src/libopensc/types.h: + libopensc: add 'crts' array to 'struct sc_acl_entry' ... For + some cards the acl bytes, retrived from 'select' response, can + reference a SE (and not directly PIN). In such case, to proceed + an authentication for the card operation the information about + the SE's CRTs is needed. + +2011-01-09 08:51 vtarasov + + * trunk/src/libopensc/ef-atr.c: libopensc: do not return 'SUCCESS' + if EF.ATR do not exist ... debug messages + +2011-01-09 08:49 vtarasov + + * trunk/src/libopensc/sc.c, trunk/src/tools/opensc-explorer.c: + libopensc: initialize 'sc_path' type variables ... it's needed + to initialize the 'aid' member of 'struct sc_path' + +2011-01-09 08:31 vtarasov + + * trunk/src/libopensc/dir.c: libopensc: use 'calloc' to allocate + application info ... remove unused variable + +2011-01-09 08:28 vtarasov + + * trunk/src/libopensc/iso7816.c, trunk/src/libopensc/iso7816.h: + iso7816: accept 'FCP' tag when processing FCI + +2011-01-07 17:18 vtarasov + + * trunk/src/libopensc/card-atrust-acos.c, + trunk/src/libopensc/card-authentic.c, + trunk/src/libopensc/card-cardos.c, + trunk/src/libopensc/card-itacns.c, + trunk/src/libopensc/card-myeid.c, + trunk/src/libopensc/card-westcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/internal.h, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15-infocamere.c, + trunk/src/libopensc/reader-pcsc.c, trunk/src/libopensc/sc.c, + trunk/src/libopensc/types.h, trunk/src/tests/sc-test.c, + trunk/src/tools/cardos-tool.c, trunk/src/tools/netkey-tool.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/util.c, + trunk/src/tools/westcos-tool.c: libioensc: use 'struct sc_atr' + instead of 'u8 *atr, size_t atr_len' + +2011-01-07 16:09 vtarasov + + * trunk/src/libopensc/pkcs15.c: pkcs15: do not call + sc_parse_ef_atr() ... it should be called in the 'init' handle + of the card driver when EF.ATR is present + +2011-01-07 15:49 vtarasov + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, trunk/src/libopensc/card.c, + trunk/src/libopensc/ef-atr.c, trunk/src/libopensc/iso7816.h, + trunk/src/libopensc/libopensc.exports, + trunk/src/libopensc/opensc.h: libopensc: parse content of the + EF(ATR) file + +2011-01-07 15:47 vtarasov + + * trunk/src/libopensc/asn1.c: opensc-explorer: print raw content + of 'CONTEXT' tag + +2011-01-07 15:44 vtarasov + + * trunk/src/libopensc/card-authentic.c, + trunk/src/libopensc/pkcs15.c: pkcs15: remove unused variables + +2011-01-07 13:31 vtarasov + + * trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: + pkcs15: in sc_pkcs15_card include the pointer to the application + that the card was binded to + +2011-01-07 09:00 vtarasov + + * trunk/src/libopensc/asn1.c: opensc-explorer: in 'asn1' command + print raw content of the ASN1_APPLICATION data + +2011-01-07 08:55 martin + + * trunk/src/libopensc/reader-pcsc.c: PC/SC: don't try to use + SCARD_SHARE_DIRECT if there is a card in the reader. This can + confuse some card/reader combos. + +2011-01-07 08:50 vtarasov + + * trunk/src/tools/pkcs15-tool.c: pkcs15-tool: in help message move + 'list-applications' action to the head of the actions group + +2011-01-06 16:21 vtarasov + + * trunk/doc/tools/pkcs15-tool.xml, trunk/src/tools/pkcs15-tool.c: + pkcs15-tool: new action 'list-applications' + +2011-01-06 16:16 vtarasov + + * trunk/src/libopensc/authentic.h, trunk/src/libopensc/dir.c, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/types.h: libopensc: introduce TLV and LV + data type, use it to store DDO data + +2011-01-06 14:39 vtarasov + + * trunk/doc/tools/pkcs15-crypt.xml, + trunk/doc/tools/pkcs15-init.xml, + trunk/doc/tools/pkcs15-tool.xml, + trunk/src/pkcs15init/authentic.profile, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/tools/pkcs15-crypt.c, trunk/src/tools/pkcs15-init.c, + trunk/src/tools/pkcs15-tool.c: tools: use 'aid' as the name of + option to specify the on-card PKCS#15 application ; update + documentation; ; debug messages; ; cleanup the authentic card + profile. + +2011-01-05 16:04 vtarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: use short debug + message call + +2011-01-05 15:42 vtarasov + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/dir.c, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/pkcs15.h, trunk/src/pkcs15init/pkcs15-lib.c: + libopensc: use 'struct sc_aid' instead of 'u8 *aid, size_t + aid_len' + +2011-01-05 15:39 vtarasov + + * trunk/src/libopensc/types.h: libopensc: add 'sc_aid' member to + 'sc_path' ... not all application DF have and can be selected by + its file-id. So, new member in 'sc_path' will help to describe + the full path to some EF(DF) inside a card. + +2011-01-05 15:22 vtarasov + + * trunk/src/tools/pkcs15-crypt.c, trunk/src/tools/pkcs15-init.c: + pkcs15-tool: new 'bind-to-aid' argument ... to indicate + application to bind when more then one on-card application + detected + +2011-01-05 14:53 vtarasov + + * trunk/src/libopensc/dir.c, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15.c: pkcs15: some changes to the + discovery on-card applications code ... ; 'known' pkcs#15 + applications are moved to the head of the card applications + array; ; card specific 'bind finalization' code moved to the + dedicated procedures; ; remove unused sc_application member, + procedures; ; remove commented code; ; add debug messages; + +2011-01-05 14:33 vtarasov + + * trunk/src/pkcs15init/pkcs15-authentic.c, + trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: debug messages + +2011-01-05 14:32 vtarasov + + * trunk/src/cardmod/cardmod.c: cardmon: 'bind' prototype has been + changed + +2011-01-05 14:29 vtarasov + + * trunk/src/tools/pkcs15-tool.c: pkcs15-tool: new 'bind-to-aid' + argument ... indicate application to bind when multi-application + card is used + +2011-01-05 14:21 vtarasov + + * trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h, + trunk/src/libopensc/types.h, + trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs15init/pkcs15-lib.c, trunk/src/tests/p15dump.c, + trunk/src/tests/pintest.c, trunk/src/tools/pkcs15-crypt.c, + trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-tool.c: + pkcs15: add 'aid' parameter to the prototype of the 'bind' + functions ... prepare for the multi-application support + +2011-01-04 11:33 vtarasov + + * trunk/src/libopensc/card-authentic.c, trunk/src/libopensc/log.c, + trunk/src/libopensc/log.h, + trunk/src/pkcs15init/pkcs15-authentic.c: liopensc: log: use + 'normal' as default debug level ... and make shorter short call + to insert debug message + +2011-01-04 10:52 vtarasov + + * trunk/src/libopensc/authentic.h, + trunk/src/pkcs15init/pkcs15-authentic.c: AuthentIC: remove + unused members of the SDO structure + +2011-01-04 09:19 vtarasov + + * trunk/src/libopensc/card-authentic.c, + trunk/src/pkcs15init/pkcs15-authentic.c: AuthentIC: use short + form to insert 'normal' debug messages + +2011-01-04 09:17 vtarasov + + * trunk/src/libopensc/authentic.h, trunk/src/libopensc/log.c, + trunk/src/libopensc/log.h: libopensc: log: short form to insert + 'normal' debug message + +2011-01-03 16:20 andre + + * trunk/src/pkcs11/openssl.c: openssl.c: Fixes comparsion between + signed and unsigned + +2011-01-03 15:10 andre + + * trunk/src/pkcs11/framework-pkcs15.c: framework-pkcs15.c: Fixes + two warnings: 1 x comparsion between signed und unsigned 1 x + unused parameter 'flags' + +2011-01-03 09:55 vtarasov + + * trunk/src/pkcs15init/pkcs15-oberthur-awp.c, + trunk/src/pkcs15init/pkcs15-oberthur.c: Oberthur: replace + 'SC_ERROR_MEMORY_FAILURE' return code by the + 'SC_ERROR_OUT_OF_MEMORY' + +2011-01-03 09:45 vtarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: when deleting + file by path, try to get 'DELETE' authentication of the file + itself ... then 'DELETE' authentication of parent + +2011-01-03 09:44 vtarasov + + * trunk/src/pkcs15init/profile.c: pkcs15init: more of debug + messages in profile.c + +2011-01-02 16:26 vtarasov + + * trunk/src/libopensc/authentic.h, trunk/src/libopensc/opensc.h, + trunk/src/pkcs15init/pkcs15-authentic.c: AuthentIC: remove + unused macros, code layout + +2011-01-02 15:05 martin + + * trunk/src/libopensc/card.c: Reject creating files bigger than + 64K. Most smart cards currently have only 64K or 128K of EEPROM. + This will give better errors earlier for people trying to import + huge keyfiles with TrueCrypt. + +2011-01-02 15:01 vtarasov + + * trunk/src/libopensc/card-authentic.c, + trunk/src/pkcs15init/pkcs15-authentic.c: AuthentIC: memory + allocation errors, thanks to Martin for memory allocation errors + use SC_ERROR_OUT_MEMORY instead of SC_ERROR_MEMORY_FAILURE + +2011-01-02 14:32 vtarasov + + * trunk/src/libopensc/pkcs15.c: libopensc: more of debug messages, + code layout + +2011-01-02 14:31 vtarasov + + * trunk/src/pkcs15init/authentic.profile: pkcs15-init: AuthentIC: + user PIN reference in card profile + +2011-01-02 14:31 martin + + * trunk/src/tools/opensc-tool.c: opensc-tool: make + --list-algorithms know about GOST keys + +2011-01-02 14:27 vtarasov + + * trunk/src/pkcs15init/profile.c: pkcs15-init: profile: + instantiate 'BSO' file + +2011-01-02 14:25 vtarasov + + * trunk/src/libopensc/pkcs15-pubkey.c: libopensc: encode/decode + 'direct' public key value + +2011-01-02 14:22 vtarasov + + * trunk/src/libopensc/pkcs15.c: libopensc: set 'enumerated' flag + for xDF if corresponding EF file was successfully read ... it's + an extention of r4983, that was not properly working for the + existing but empty xDF files. + +2011-01-02 14:14 vtarasov + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/pkcs15-prkey.c: + libopensc: asn1: allow empty path + +2011-01-02 14:11 vtarasov + + * trunk/src/libopensc/card-authentic.c, + trunk/src/libopensc/opensc.h: AuthentIC: read/write/update + binary card handles can use the 'WAITING-AREA' reader facility + ... when used with virtual reader, the APDUs can be buffered in + the reader's internal buffer, before sending it to the distant + card. + +2011-01-02 14:02 vtarasov + + * trunk/src/pkcs15init/authentic.profile, + trunk/src/pkcs15init/profile.c: pkcs15-init: 'PSO-*' ACL names + in profile + +2011-01-02 13:55 vtarasov + + * trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c: pkcs15-init: no more + 'SPLIT-KEY' flag ... more of debug messages + +2011-01-02 12:55 martin + + * trunk/src/tools/util.c: Fix compiler warning util.c: In function + ‘util_getpass’: util.c:348: warning: comparison between signed + and unsigned + * trunk/src/tools/opensc-tool.c: opensc-tool: combined with + --verbose, --list-readers will show tha ATR and name of the + card, together with extra reader flags + +2011-01-02 12:54 martin + + * trunk/src/tools/util.c: tools: allow to specify an ATR in the + --reader option. This facilitates automated testing on a single + machine with several identical readers with inserted cards. + * trunk/src/libopensc/opensc.h, trunk/src/libopensc/reader-pcsc.c: + PC/SC: add additional flags to indicate readers which are in use + and readers which are in exclusive mode. + * trunk/src/libopensc/card-rtecp.c: AktivRutokenECP: make + opensc-tool -n show the actual token name, based on ATR + +2010-12-31 11:09 vtarasov + + * trunk/src/libopensc/card.c: libopensc: remove '\n' from the + debug message ... 'sc_do_log_va' takes care of line ending + +2010-12-31 10:52 vtarasov + + * trunk/src/libopensc/card-authentic.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-sec.c, + trunk/src/pkcs15init/pkcs15-authentic.c: AuthentIC: cleanup dead + code + +2010-12-31 08:54 vtarasov + + * trunk/src/libopensc/card-authentic.c, + trunk/src/pkcs15init/pkcs15-authentic.c, + trunk/src/pkcs15init/pkcs15-lib.c: AuthentIC: "now there is no + way to build without OpenSSL" (Andre Zepezauer) Thanks for patch. + +2010-12-31 00:50 andre + + * trunk/src/tools/opensc-explorer.c: opensc-explorer.c: Fixes + usage of size_t variables. According to ANSI C the type of + size_t is always an unsigned type. + +2010-12-31 00:00 andre + + * trunk/src/tools/cardos-tool.c: cardos-tool.c: According to ANSI + C the type of size_t is always an unsigned type. + +2010-12-30 15:10 martin + + * trunk/configure.ac, trunk/win32/Makefile.am, + trunk/win32/OpenSC.iss, trunk/win32/OpenSC.iss.in: + WindowsInstaller: generate OpenSC.iss with autotools + +2010-12-30 14:42 vtarasov + + * trunk/src/pkcs15init/authentic.profile: AuthentIC: add profile + +2010-12-30 14:40 vtarasov + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, + trunk/src/libopensc/authentic.h, + trunk/src/libopensc/card-authentic.c, + trunk/src/libopensc/cardctl.h, trunk/src/libopensc/cards.h, + trunk/src/libopensc/ctx.c, trunk/src/libopensc/iso7816.h, + trunk/src/pkcs15init/Makefile.am, + trunk/src/pkcs15init/Makefile.mak, + trunk/src/pkcs15init/pkcs15-authentic.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/win32/opensc-msi/OpenSC.wxs: 'AuthentIC': basic support of + Oberthur's 'COSMO.v7/AuthentIC.v3.2' ... it's the natively + PKCS#15 card + +2010-12-30 13:25 vtarasov + + * trunk/src/libopensc/card.c, + trunk/src/libopensc/libopensc.exports, + trunk/src/libopensc/opensc.h: libopensc: API for the + 'erase-binary' card operation + +2010-12-30 13:20 vtarasov + + * trunk/src/libopensc/opensc.h, trunk/src/libopensc/types.h: + libopensc: add new authentication methods, add ACLs to PIN info, + ... add 'next' member to 'sc_apdu' structure + +2010-12-30 13:10 vtarasov + + * trunk/src/libopensc/card-entersafe.c: libopensc: revert + erroneous commit + +2010-12-30 13:04 vtarasov + + * trunk/src/libopensc/card-atrust-acos.c, + trunk/src/libopensc/card-entersafe.c, + trunk/src/libopensc/card-flex.c, + trunk/src/libopensc/card-oberthur.c, + trunk/src/libopensc/card-starcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/opensc.h: libopensc: Now 'cache-valid' flag + is a member of 'sc_card_cache' ... add 'current_ef' and + 'current_df' member to 'sc_card_cache'. The main purpose of this + is to reduce number of APDU transactions. + +2010-12-30 12:50 vtarasov + + * trunk/src/pkcs15init/pkcs15-asepcos.c, + trunk/src/pkcs15init/pkcs15-cardos.c, + trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-entersafe.c, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-incrypto34.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-jcop.c, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-miocos.c, + trunk/src/pkcs15init/pkcs15-muscle.c, + trunk/src/pkcs15init/pkcs15-myeid.c, + trunk/src/pkcs15init/pkcs15-oberthur.c, + trunk/src/pkcs15init/pkcs15-rtecp.c, + trunk/src/pkcs15init/pkcs15-rutoken.c, + trunk/src/pkcs15init/pkcs15-setcos.c, + trunk/src/pkcs15init/pkcs15-starcos.c, + trunk/src/pkcs15init/pkcs15-westcos.c: pkcs15init: new + 'emulation-store-data' operation ... the first usage is to + update the public key PKCS#15 object attributes and to encode + it's direct value. (support of the Oberthur's AuthentIC V3.2 + card) + +2010-12-30 12:29 vtarasov + + * trunk/src/tools/pkcs15-tool.c: pkcs15-tool: minor change of the + private key info layout + +2010-12-29 10:45 martin + + * trunk/src/libopensc/card-piv.c: libopensc: correctly use + HAVE_MALLOC_H to include malloc.h See + http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/opensc/files/patch-src_libopensc_card-piv.c#rev1.1 + * trunk/src/pkcs11/framework-pkcs15.c: Fix #302: in C_Logout + silently ignore missing card specific logout hooks. + +2010-12-22 21:45 andre + + * trunk/src/libopensc/pkcs15.c: pkcs15.c: Fixes a bug that occurs + in the situation where a PKCS15 EF contains partially invalid + data. I.e. the last object in the EF is broken and thus can't be + decoded successfully. In that case the whole EF becomes never + flagged as enumerated. This in turn results in endless + processing of that EF. Thereby the first valid objects became + attached to the internal obj_list over and over again. That + patch prevents the repeated attachment of objects to obj_list, + because it marks an EF as enumerated as soon the first object + was successfully appended. Left over from #266. + +2010-12-22 17:42 martin + + * trunk/configure.ac: Move towards 0.12.1 + +2010-12-22 17:12 martin + + * trunk/MacOSX/10.5/resources/ReadMe.html, + trunk/MacOSX/10.6/resources/ReadMe.html, trunk/NEWS, + trunk/configure.ac, trunk/win32/OpenSC.iss: Prepare for 0.12.0 + +2010-12-20 08:57 martin + + * trunk/src/libopensc/pkcs15-actalis.c: Fix r4977: C89 style to + support MS Visual Studio + +2010-12-19 11:18 ep + + * trunk/src/libopensc/pkcs15-itacns.c: Wrong structure size + calculation in pkcs15-itacns.c; thanks to Matteo Nastasi for the + heads-up. + * trunk/src/libopensc/pkcs15-actalis.c: Modified patch for Actalis + smart cards. Closes #235. + +2010-12-18 00:44 andre + + * trunk/src/tools/pkcs11-tool.c: pkcs11-tool.c: Avoid compiler + warning 'may be used uninitialized in this function'. + +2010-12-17 23:02 andre + + * trunk/src/tools/pkcs11-tool.c: pkcs11-tool.c: Simplifies + interface to show_key() and avoids more compiler warnings. + +2010-12-17 19:09 andre + + * trunk/src/pkcs11/pkcs11-object.c: pkcs11-object.c: Add missing + initializers. + +2010-12-17 18:47 andre + + * trunk/src/pkcs11/mechanism.c: mechanism.c: Removal of unused + variables. + +2010-12-17 17:54 andre + + * trunk/src/pkcs11/framework-pkcs15.c: framework-pkcs15.c: Avoid + some warnings if the macro USE_PKCS15_INIT is undefined. That is + always the case if build without OpenSSL. + +2010-12-17 17:12 dengert + + * trunk/src/pkcs11/framework-pkcs15.c: More ENABLE_OPENSSL changes + so sc_pkcs11_register_sign_and_hash_mechanism will not fail. + +2010-12-17 16:30 andre + + * trunk/src/pkcs11/framework-pkcs15init.c: framework-pkcs15init.c: + Add missing initializers. + +2010-12-17 10:15 martin + + * trunk/MacOSX/10.5/resources/ReadMe.html, + trunk/MacOSX/10.6/resources/ReadMe.html, trunk/configure.ac, + trunk/win32/OpenSC.iss: Build 0.12.0-rc2 + +2010-12-16 05:04 andre + + * trunk/src/libopensc/card-atrust-acos.c, + trunk/src/libopensc/card-cardos.c, + trunk/src/libopensc/card-entersafe.c, + trunk/src/libopensc/card-incrypto34.c, + trunk/src/libopensc/card-rutoken.c, + trunk/src/libopensc/card-starcos.c, + trunk/src/libopensc/errors.h, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/reader-openct.c: Rename of SC_NO_ERROR to + SC_SUCCESS. + +2010-12-16 03:56 andre + + * trunk/src/pkcs11/framework-pkcs15.c: framework-pkcs15.c: More + specific log messages. Enables better tracking of errors. + +2010-12-16 01:47 andre + + * trunk/src/pkcs15init/pkcs15-asepcos.c, + trunk/src/pkcs15init/pkcs15-cardos.c, + trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-incrypto34.c, + trunk/src/pkcs15init/pkcs15-jcop.c, + trunk/src/pkcs15init/pkcs15-miocos.c, + trunk/src/pkcs15init/pkcs15-muscle.c, + trunk/src/pkcs15init/pkcs15-myeid.c, + trunk/src/pkcs15init/pkcs15-oberthur.c, + trunk/src/pkcs15init/pkcs15-setcos.c, + trunk/src/pkcs15init/pkcs15-starcos.c, + trunk/src/pkcs15init/pkcs15-westcos.c: Add missing initializers. + Left over from r4508. + +2010-12-15 13:47 andre + + * trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: + pkcs15.h: Fixing type of parameter to avoid compiler warning: + 'comparison between signed and unsigned' + +2010-12-14 03:16 andre + + * trunk/etc/opensc.conf.in: opensc.conf: Better wording of + comments on max_x_size. + +2010-12-14 03:11 andre + + * trunk/src/libopensc/pkcs15-algo.c: pkcs15-algo.c: Just making + the compiler happy. + +2010-12-14 03:08 andre + + * trunk/src/libopensc/errors.c, trunk/src/libopensc/log.h, + trunk/src/pkcs11/misc.c: Textual output of SC_ERROR_* return + codes in debug messages. + +2010-12-14 01:30 andre + + * trunk/etc/opensc.conf.in: opensc.conf: Lower the level of + emphasise on the max_x_size options. Users with USB devices + really shouldn't care about them. + +2010-12-14 01:19 andre + + * trunk/src/libopensc/pkcs15-pubkey.c: pkcs11-pubkey.c: Minor + corrections related to r4874 and r4902. + +2010-12-14 01:09 andre + + * trunk/src/libopensc/iso7816.c: iso7816.c: Fixes #301. + +2010-12-13 14:14 martin + + * trunk/MacOSX/build: MacInstaller: add the build date to the DMG + label. + +2010-12-13 06:28 andre + + * trunk/src/pkcs11/pkcs11-display.c: pkcs11-display: Fixing some + type mismatches that the compiler complains about. + +2010-12-12 13:17 vtarasov + + * trunk/etc/Makefile.mak, trunk/src/Makefile.mak: win32: build of + MSI on checkouted trunk ... is possible after 'bootstrap' and + 'configure' + +2010-12-12 11:40 vtarasov + + * trunk/win32/OpenSC.iss: win32: default install dir 'Program + Files\OpenSC Project\OpenSC' + +2010-12-12 10:30 vtarasov + + * trunk/src/cardmod/cardmod.c, trunk/src/libopensc/reader-pcsc.c, + trunk/src/pkcs11/pkcs11-spy.c: win32: change path to the OpenSC + registry keys Now it begins with "SOFTWARE\\OpenSC Project\\..." + . + +2010-12-11 22:07 martin + + * trunk/src/libopensc/card-mcrd.c: EstonianEid: Add + SC_ALGORITHM_RSA_RAW to not make sc_pkcs15_compute_signature + remove the DigestInfo header. + +2010-12-09 19:52 andre + + * trunk/src/libopensc/log.c: log.c: Fixes format string to match + actual type. + +2010-12-09 19:49 andre + + * trunk/src/libopensc/pkcs15.c: pkcs15.c: Use size_t as type of + vector-index. + +2010-12-09 09:38 vtarasov + + * trunk/win32/OpenSC.iss, trunk/win32/opensc-install.bat: win32: + path to OpenSC registry keys have been changed + +2010-12-09 09:23 vtarasov + + * trunk/src/libopensc/ctx.c, trunk/src/pkcs15init/profile.c: + win32: change path to OpenSC windows registers + +2010-12-09 09:21 vtarasov + + * trunk/src/Makefile.mak: win32: test 'BUILD_MSI' condition and + build MSI + +2010-12-09 09:17 vtarasov + + * trunk/src/libopensc/pkcs15-pubkey.c: libopensc: avoid warning + 'not all control paths return a value' + +2010-12-09 09:16 vtarasov + + * trunk/win32/Make.rules.mak, trunk/win32/opensc-msi, + trunk/win32/opensc-msi/Make.rules.mak.works-for-vt, + trunk/win32/opensc-msi/Makefile.mak, + trunk/win32/opensc-msi/OpenSC.ico, + trunk/win32/opensc-msi/OpenSC.wxs, + trunk/win32/opensc-msi/README: win32: build MSI + +2010-12-09 08:23 s + + * trunk/src/libopensc/card.c, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15-sec.c: fix: implicit depending on the + RSA algo_info for GOSTR3410 algo add sc_card_find_gostr3410_alg + function Thanks to Douglas E. Engert + http://www.opensc-project.org/pipermail/opensc-devel/2010-December/015408.html + +2010-12-09 07:23 s + + * trunk/src/pkcs11/mechanism.c: add to r4904: fix calculating of + signature size for CKK_GOSTR3410 + +2010-12-08 08:56 martin + + * trunk/src/libopensc/pkcs15-esteid.c: Fix [4911] + +2010-12-08 03:31 andre + + * trunk/src/pkcs11/framework-pkcs15.c: framework-pkcs15 + [pkcs15_logout]: Better propagation of errors + +2010-12-06 18:59 andre + + * trunk/src/libopensc/pkcs15-pin.c, trunk/src/libopensc/pkcs15.h: + sc_pkcs15_pincache_revalidate: Avoid compiler warning 'discards + qualifiers from pointer target type' + +2010-12-06 18:51 andre + + * trunk/src/common/compat_strlcat.c: compat_strlcat: Avoid + compiler warning 'no newline at end of file' + +2010-12-06 18:35 martin + + * trunk/src/common/simclist.h, trunk/win32/Make.rules.mak: + Complete change, SIMCLIST_DUMPRESTORE is by default off. + +2010-12-06 18:33 andre + + * trunk/src/libopensc/pkcs15-pin.c: pkcs15-pin: If the usage + counter of a cached PIN is expired, then free that cached PIN + instead of freeing the objects content that is protected by the + PIN. If re-validation of a cached PIN fails, then free that + cached PIN to ensure that it isn't used again for re-validation. + +2010-12-06 18:15 andre + + * trunk/src/libopensc/pkcs15.c: pkcs15.c: use int instead of bool + as type of configuration option pin_cache_counter + +2010-12-06 16:28 andre + + * trunk/src/tools/pkcs11-tool.c: pkcs11-tool: replaced + OPENSSL_NO_EDSA with OPENSSL_NO_ECDSA + +2010-12-06 15:49 vtarasov + + * trunk/win32/Make.rules.mak: win32: when cleaning delete also + manifest files + +2010-12-06 15:47 vtarasov + + * trunk/src/Makefile.mak, trunk/win32/Make.rules.mak: win32: + control from Make.rules.mak the including of 'cardmod' + +2010-12-06 15:20 vtarasov + + * trunk/src/tools/Makefile.mak, trunk/win32/Make.rules.mak: win32: + 'netkey' and 'westcos' tools are OpenSSL dependents + +2010-12-06 14:41 martin + + * trunk/src/tools/piv-tool.c, trunk/src/tools/pkcs11-tool.c: + tools: EC(DSA) requires OpenSSL >= 0.9.8. This fixes building + for OS X 10.5. + +2010-12-06 14:18 martin + + * trunk/src/libopensc/card-piv.c: card-piv: remove unused + variables. card-piv.c: In function ‘piv_get_data’: + card-piv.c:879: warning: unused variable ‘filename’ + card-piv.c:878: warning: unused variable ‘dataenvname’ + card-piv.c:877: warning: unused variable ‘keyenvname’ + * trunk/src/libopensc/card-piv.c: PIV: amend [4908], Apple has + /usr/include/malloc/malloc.h + +2010-12-06 12:52 martin + + * trunk/src/libopensc/card-entersafe.c: entersafe: don't list + supported exponents in the dirver. Native keys are generated + with exponent 65537, imported keys can now have any (?) + exponent. Tested with openssl genrsa -3/-f4 keys. Improves r4910 + and closes #297 + * trunk/src/libopensc/pkcs15-esteid.c: EstonianEid: limit + authentication key usage bits. + * trunk/src/libopensc/card-acos5.c, + trunk/src/libopensc/card-atrust-acos.c, + trunk/src/libopensc/card-starcos.c: libopensc: protect for + possible buffer overflows from rogue cards. Reported by Rafael + Dominguez Vega + * trunk/src/libopensc/internal.h, trunk/src/libopensc/muscle.c: + libopensc: move MIN/MAX macros from muscle.c to internal.h + +2010-12-06 12:51 martin + + * trunk/src/libopensc/pkcs15-esteid.c: EstonianEid: correctly free + the used OpenSSL structures. Thanks to Raul Metsma for the patch. + +2010-12-06 09:37 ludovic.rousseau + + * trunk/src/libopensc/card-entersafe.c: entersafe_init(): add + support of RSA exponent 35 Closes: Ticket #297 + +2010-12-06 08:31 vtarasov + + * trunk/win32/winconfig.h.in: win32: _PATH_MAX not defined when + compiling with VS ... use instead the standard FILENAME_MAX + +2010-12-06 08:30 vtarasov + + * trunk/src/libopensc/card-piv.c: card-piv: avoid warning 'differs + in levels of indirection from' ... when compiling with VS + +2010-12-03 15:44 dengert + + * trunk/src/tools/piv-tool.c: Minor corrections to r4906 + +2010-12-03 15:15 dengert + + * trunk/src/tools/piv-tool.c, trunk/src/tools/pkcs11-tool.c: Test + for OPENSSL_NO_EC as some systems build OPENSSL without EC. + +2010-12-02 08:59 martin + + * trunk/src/common/Makefile.am, trunk/src/common/simclist.c, + trunk/src/common/simclist.h: simclist: build with mingw32, + Visual Studio and gcc on Linux. By default dumprestore is OFF. + +2010-12-01 20:08 dengert + + * trunk/src/libopensc/card-piv.c, trunk/src/libopensc/cardctl.h, + trunk/src/libopensc/libopensc.exports, + trunk/src/libopensc/padding.c, + trunk/src/libopensc/pkcs15-algo.c, + trunk/src/libopensc/pkcs15-piv.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-sec.c, + trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/mechanism.c, trunk/src/pkcs11/pkcs11-object.c, + trunk/src/tools/piv-tool.c, trunk/src/tools/pkcs11-tool.c: + Modifications to support EC and ECDSA for emulated cards. True + PKCS#15 cards with EC will need additional changes. Main changes + are in framework-pkcs15.c, mechanism.c, padding.c, pkcs15-algo.c + and pkcs15-sec.c where switch statements for key type, and + testing of flags was modified to make it easier to add + additional key types in the future. The code was tested using + RSA and ECDSA using a PIV card from pkcs11-tool, OpenSSL and + Thunderbird with modifications to NSS-3.12.7 to get ECDSA to + sign e-mail. Only named curves are supported for ECDSA, ECDH is + still needed. pkcs11-tool has only minimal changes need to work + with the -O option to list EC keys. One additional line was + added to pkcs15-sec.c which should get GOSTR sign to work. + libp11 and engine do not yet have EC support. --This line, and + those below, will be ignored-- M src/tools/piv-tool.c M + src/tools/pkcs11-tool.c M src/pkcs11/framework-pkcs15.c M + src/pkcs11/mechanism.c M src/pkcs11/pkcs11-object.c M + src/libopensc/pkcs15-prkey.c M src/libopensc/card-piv.c M + src/libopensc/padding.c M src/libopensc/cardctl.h M + src/libopensc/pkcs15-algo.c M src/libopensc/libopensc.exports M + src/libopensc/pkcs15-piv.c M src/libopensc/pkcs15-sec.c + +2010-11-30 19:30 dengert + + * trunk/src/libopensc/card.c: Additional EC routines + _sc_card_add_ec_alg and sc_card_find_ec_alg + +2010-11-30 19:13 dengert + + * trunk/src/libopensc/internal.h, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15-pubkey.c, + trunk/src/libopensc/pkcs15-syn.c, trunk/src/libopensc/pkcs15.h, + trunk/src/pkcs11/pkcs11.h: Support for ECC keys (part 1) header + files and support routines. Add definitions for EC keys, + parameters and extensions to structures. Add the + sc_card_find_ec_alg, sc_pkcs15_decode_pubkey_ec, + sc_pkcs15_encode_pubkey_ec, sc_pkcs15emu_add_ec_prkey, + sc_pkcs15emu_add_ec_pubkey routines. Only EC named curves are + currently supported. + +2010-11-30 15:57 dengert + + * trunk/src/libopensc/pkcs15.h, + trunk/src/pkcs11/framework-pkcs15.c: Allow emulation routine to + setup an emulated object to be used instead of trying to read a + file. This will be used with the ECC code. + +2010-11-30 15:32 dengert + + * trunk/src/pkcs11/debug.c: SPY does not process + CKA_ALWAYS_AUTHENTICATE + +2010-11-30 12:33 martin + + * trunk/src/libopensc/card-mcrd.c: EstonianEid: Don't leak 1024bit + key to 2048b card properties + * trunk/src/common/simclist.c: simclist: Visual studio does not + have unistd.h + +2010-11-30 11:22 martin + + * trunk/src/common/simclist.c: libopensc: fix building new + simclist with mingw + * trunk/src/libopensc/card-mcrd.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/reader-pcsc.c: + libopensc: make sc_reset() take an additional parameter + "do_cold_reset" which will unpower the card. + +2010-11-29 14:22 martin + + * trunk/src/libopensc/iso7816.c: ISO 7816: if decrypting with 2048 + keys, non-extended APDU cards require command chaining (Lc would + be 257, which is 2 bytes over 255 limit) + * trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/mechanism.c: pkcs11: clean up mechanism + registration * check for out of memory conditions * register + SHA256 as well * key generation depends on onboard key + generation capabilities, not OpenSSL Further adjustments are + needed. + * trunk/etc/opensc.conf.in, trunk/src/libopensc/card-mcrd.c, + trunk/src/libopensc/cards.h, trunk/src/libopensc/esteid.h, + trunk/src/libopensc/pkcs15-esteid.c, + trunk/src/libopensc/pkcs15-syn.c, + trunk/src/pkcs11/pkcs11-global.c, trunk/src/tools/eidenv.c: + EstEID: add support for v 3.0 cards with 2048b keys * Detect + different cards based on ATR-s and on card objects * Set the + card name from the ATR table * Conditionally add support for + 2048b keys * Add workarounds for broken MULTOS and JavaCard + cards. + +2010-11-29 13:56 martin + + * trunk/src/libopensc/reader-pcsc.c: Revert a protocol forcing + change from [4873] which was a mistake. + * trunk/etc/opensc.conf.in, trunk/src/libopensc/reader-pcsc.c: + PC/SC: make (dis)connect actions configurable, SCardDisconnect, + SCardEndTransaction and SCardReconnect actions can now be + configured via opensc.conf in better detail. + +2010-11-29 13:35 martin + + * trunk/src/libopensc/reader-pcsc.c: pcsc: a change in ATR will + not always mean a changed card, rely on PC/SC layer for card + change information. One of the few cards that has two different + ATR-s is the EstonianEid card. The changing ATR (especially if + it has different protocol information and historical bytes) can + cause confusion in many places, like Microsoft BaseCSP or + certain versions of pcsc-lite. + +2010-11-29 13:34 martin + + * trunk/etc/opensc.conf.in: conf: correct comments about + OpenSC.tokend score meaning and default value. + +2010-11-29 08:51 martin + + * trunk/src/libopensc/pkcs15-cert.c: typo: remove double semicolon + which prevents compilation with Visual Studio. + * trunk/win32/OpenSC.iss: WindowsInstaller: overwrite files with + same version to allow nightly builds; replace and delete blocked + files on a reboot. + +2010-11-29 00:58 andre + + * trunk/src/pkcs11/framework-pkcs15.c: framework-pkcs15: Do not + populate the unwrap capability, because the corresponding + function C_UnwrapKey isn't implemented. + http://www.opensc-project.org/opensc/browser/trunk/src/pkcs11/pkcs11-object.c?rev=4885#L969 + +2010-11-28 23:46 andre + + * trunk/src/tools/pkcs11-tool.c: pkcs11-tool: Completing the + output of "Mechanism Information Flags". + +2010-11-28 22:16 andre + + * trunk/src/tools/pkcs11-tool.c: pkcs11-tool: Correcting the + behaviour in the case where C_SignUpdate fails. Quotation from + PKCS#11: "A call to C_SignUpdate which results in an error + terminates the current signature operation." + +2010-11-28 18:09 andre + + * trunk/src/tools/pkcs11-tool.c: pkcs11-tool: Use attributes + MODULUS and PUBLIC_EXPONENT instead of VALUE to retrieve + RSA-Public-Key. The first two attributes are valid whereas the + latter is not. + +2010-11-26 12:57 ludovic.rousseau + + * trunk/src/common/simclist.c, trunk/src/common/simclist.h: Update + from SimCList version 1.5 + http://mij.oltrelinux.com/devel/simclist/ + +2010-11-25 00:20 andre + + * trunk/src/pkcs11/pkcs11-display.c: pkcs11-display.c: more + detailed less verbose output of CK_ATTRIBUTE lists + http://www.opensc-project.org/pipermail/opensc-devel/2010-November/015321.html + +2010-11-24 20:28 dengert + + * trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/pkcs11-display.c, + trunk/src/pkcs11/pkcs11-session.c: Fix support for + CKU_ALWAYS_AUTHENTICATE and CKU_CONTEXT_SPECIFIC spy segfaulted + if CKU_CONTEXT_SPECIFIC was used, pkcs11-session was reseting + the userType before calling framework. Framework will now see + CKU_CONTEXT_SPECIFIC and use slot->login_user to determine which + PIN was used to create the original session, and will send the + PIN to the card. It does not treats CKU_CONTEXT_SPECIFIC as a + full login, only a reassertion of the PIN. + +2010-11-20 09:30 ludovic.rousseau + + * trunk/src/libopensc/libopensc.exports: + sc_pkcs15emu_postponed_load is no more defined Compilation fails + on Mac OS X (but not on GNU/Linux): Undefined symbols: + "_sc_pkcs15emu_postponed_load", referenced from: + -exported_symbol[s_list] command line option ld: symbol(s) not + found + +2010-11-19 18:09 andre + + * trunk/src/libopensc/card.c, trunk/src/libopensc/ctx.c: card.c: + Fixes the overriding of max_x_size limitations. In the result, + the limitations of cards are adjusted to fit the limitations + imposed by the configured reader. ctx.c: Lookup conf_block of + reader_driver by short_name Fixes #269 + +2010-11-18 23:31 andre + + * trunk/src/libopensc/pkcs15-syn.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/pkcs15.h, + trunk/src/pkcs11/framework-pkcs15.c: framework-pkcs15.c: new + logic to discover objects that were hidden before PIN + verification pkcs15.c: object search continues with normal + processing, even if enumeration of some files failed pkcs15.h: + obsolete prototype removed pkcs15-syn.c: now obsolete function + sc_pkcs15emu_postponed_load removed fixes: #266 + +2010-11-18 18:47 andre + + * trunk/src/libopensc/pkcs15.c: {{{more verbose messages for debug + in:__sc_pkcs15_search_objectssc_pkcs15_parse_dfsc_pkcs15_read_file}}} + +2010-11-18 14:56 andre + + * trunk/src/tools/pkcs11-tool.c: In login() the flag + CKF_LOGIN_REQUIRED is now ignored. This makes the behaviour of + login() more predictable. If parameter --login is specified on + the command line, then C_Login() is always called.fixes #220 + +2010-11-08 17:05 dengert + + * trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-pubkey.c, + trunk/src/libopensc/pkcs15.h: Move decoding of subjectPubkeyInfo + from pkcs15-cert.c to pkcs15-pubkey.c and call the new + sc_pkcs15_pubkey_from_spki. Add + sc_pkcs15_pubkey_from_spki_filename to allow a file to contain + the subjectPubkeyInfo, which will be used the the PIV driver + when EC is implemented. The format of the file, is the same as + an X509 certificate subjectPublicKeyInfo and what OpenSSL calls + an EVP_PKEY, which includes the algorithm, any parameters and + the public key. + +2010-11-08 12:37 martin + + * trunk/src/libopensc/card.c, trunk/src/libopensc/internal.h, + trunk/src/libopensc/reader-pcsc.c: PC/SC: move protocol + (T=0/T=1) selection to reader-pcsc.c, where it is used. Also, + check fot the required protocol before connecting to the card + and use the forced prtocol instead of re-connecting. See + http://lists.drizzle.com/pipermail/muscle/2010-November/008671.html + +2010-11-08 12:29 martin + + * trunk/src/common/compat_getopt.h: Amend r4871: prevent mingw32 + from including an incompatible getopt version. + +2010-11-08 11:17 martin + + * trunk/configure.ac, trunk/src/common/Makefile.am, + trunk/src/common/compat_getopt.c, + trunk/src/common/compat_getopt.h: Trac #264: fix mingw32 build + with mingw32-runtime versions <= 3.13 + +2010-11-06 18:07 ludovic.rousseau + + * trunk/src/libopensc/pkcs15-itacns.c: Use 'const char *' instead + of 'char *' for static strings and avoids a lot of "discards + qualifiers from pointer target type" warnings + +2010-11-06 18:05 ludovic.rousseau + + * trunk/src/libopensc/pkcs15-tcos.c: Use 'const char *' instead of + 'char *' for static strings and avoids a lot of "discards + qualifiers from pointer target type" warnings + +2010-11-06 17:07 ludovic.rousseau + + * trunk/src/libopensc/pkcs15-tcos.c: pkcs15-tcos.c: In function + ‘insert_pin’: pkcs15-tcos.c:216: warning: declaration of ‘r’ + shadows a previous local pkcs15-tcos.c:194: warning: shadowed + declaration is here + +2010-11-06 17:05 ludovic.rousseau + + * trunk/src/tools/pkcs15-tool.c: pkcs15-tool.c: In function + ‘verify_pin’: pkcs15-tool.c:976: warning: declaration of ‘r’ + shadows a previous local pkcs15-tool.c:972: warning: shadowed + declaration is here + +2010-11-06 17:04 ludovic.rousseau + + * trunk/src/tools/pkcs15-tool.c: pkcs15-tool.c:150: warning: + initialization discards qualifiers from pointer target type + pkcs15-tool.c:151: warning: initialization discards qualifiers + from pointer target type pkcs15-tool.c:152: warning: + initialization discards qualifiers from pointer target type + pkcs15-tool.c:153: warning: initialization discards qualifiers + from pointer target type pkcs15-tool.c:154: warning: + initialization discards qualifiers from pointer target type + pkcs15-tool.c:155: warning: initialization discards qualifiers + from pointer target type pkcs15-tool.c:156: warning: + initialization discards qualifiers from pointer target type + pkcs15-tool.c:157: warning: initialization discards qualifiers + from pointer target type pkcs15-tool.c:158: warning: + initialization discards qualifiers from pointer target type + pkcs15-tool.c:159: warning: initialization discards qualifiers + from pointer target type pkcs15-tool.c:160: warning: + initialization discards qualifiers from pointer target type + +2010-11-06 17:01 ludovic.rousseau + + * trunk/src/tools/piv-tool.c: piv-tool.c: In function ‘gen_key’: + piv-tool.c:292: warning: declaration of ‘newkey’ shadows a + global declaration piv-tool.c:97: warning: shadowed declaration + is here piv-tool.c: At top level: piv-tool.c:97: warning: + ‘newkey’ defined but not used + +2010-11-06 17:00 ludovic.rousseau + + * trunk/src/pkcs11/pkcs11-object.c: pkcs11-object.c: In function + ‘C_DigestInit’: pkcs11-object.c:455: warning: label ‘out’ + defined but not used + +2010-11-06 16:58 ludovic.rousseau + + * trunk/src/libopensc/pkcs15-pteid.c: pkcs15-pteid.c: In function + ‘sc_pkcs15emu_pteid_init’: pkcs15-pteid.c:56: warning: ‘buf’ may + be used uninitialized in this function + +2010-11-06 16:57 ludovic.rousseau + + * trunk/src/libopensc/ctx.c: ctx.c: In function + ‘sc_ctx_detect_readers’: ctx.c:548: warning: ‘r’ may be used + uninitialized in this function + +2010-11-06 16:54 ludovic.rousseau + + * trunk/src/libopensc/card-itacns.c: Declare internal functions as + static and fix compiler warnings card-itacns.c:90: warning: no + previous prototype for ‘itacns_match_cns_card’ + card-itacns.c:125: warning: no previous prototype for + ‘itacns_match_cie_card’ card-itacns.c:146: warning: no previous + prototype for ‘itacns_match_card’ + +2010-11-06 16:53 ludovic.rousseau + + * trunk/src/tools/opensc-explorer.c: opensc-explorer.c:89: + warning: function declaration isn’t a prototype + +2010-11-06 16:50 ludovic.rousseau + + * trunk/src/libopensc/log.c: sc_do_log_va(): fix compiler warning + log.c:87: warning: format ‘%03ld’ expects type ‘long int’, but + argument 8 has type ‘int’ + +2010-11-06 16:49 ludovic.rousseau + + * trunk/src/pkcs11/libpkcs11.c: C_LoadModule(): Fix compiler + warning libpkcs11.c:58: warning: format ‘%lx’ expects type ‘long + unsigned int’, but argument 3 has type ‘int’ + +2010-11-06 13:03 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-lib.c: Revert revision 4853 because + of a regression when initialing cards + +2010-11-02 08:02 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-lib.c: sc_pkcs15init_read_info(): do + not use affectation and test in the same line of code but use + two different lines so the code is easier to read. + +2010-11-02 07:59 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-lib.c: sc_pkcs15init_read_info(): do + not call sc_pkcs15init_parse_info() if sc_select_file() failed. + Thanks to Andre Zepezauer for the patch + http://www.opensc-project.org/pipermail/opensc-devel/2010-November/015216.html + +2010-11-01 15:44 dengert + + * trunk/src/tools/piv-tool.c: Fix compile warning message. + +2010-10-28 13:33 martin + + * trunk/src/pkcs11/pkcs11-global.c: PC/SC: temporarily disable + blocking C_WaitForSlotEvent until a checked version for + pcsc-lite 1.5.3-1.6.4 exists. + +2010-10-28 13:11 martin + + * trunk/etc/opensc.conf.in, trunk/src/libopensc/card-mcrd.c: + EstonianEid: revert to old behavior and have the T=0 forcing. + Some cards have incorrect ATR-s and can cause troubles if + pcsc-lite by default tries to set T=1 by default. + +2010-10-28 09:44 martin + + * trunk/src/pkcs11/pkcs11-global.c: FIXME: Don't issue SCardCancel + unless the environment is known not to hang (part 1) + +2010-10-28 05:30 martin + + * trunk/etc/opensc.conf.in: EstonianEid: document more ATR-s in + opensc.conf + +2010-10-25 20:58 dengert + + * trunk/src/cardmod/cardmod.c, + trunk/src/libopensc/pkcs15-pubkey.c, + trunk/src/libopensc/pkcs15-westcos.c, + trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/tools/pkcs15-tool.c: Additianl changes to r4805 which + made cert->pubkey a pointer to sc_pkcs15_pubkey_t Thanks to + Andre Zepezauer for pointing out most of these. + +2010-10-23 06:54 s + + * trunk/src/tools/opensc-tool.c: fix: opensc-tool: invalid output + of access control for EF (add to r4509) + +2010-10-22 15:48 martin + + * trunk/etc/opensc.conf.in, trunk/src/libopensc/card-mcrd.c: + EstonianEid: add a broken EstEID ATR to the Micardo driver. + Don't force a protocol for EstEID cards + +2010-10-21 13:53 martin + + * trunk/configure.ac: build: detect xsl-stylesheet location for + latest opensuse. + +2010-10-21 12:17 alonbl + + * trunk/configure.ac: detect man by xslstylesheetsdir too + +2010-10-21 04:28 alonbl + + * trunk/configure.ac: bug#262 - force xsl-stylesheets when using + man/doc + +2010-10-20 15:04 martin + + * trunk/src/libopensc/card-mcrd.c, trunk/src/libopensc/cards.h: + EstEID: remove incorrect ATR matching. A reset is required as + there is no way simpler way to identify a broken card. + +2010-10-20 12:33 martin + + * trunk/src/tools/cardos-tool.c, + trunk/src/tools/cryptoflex-tool.c, + trunk/src/tools/opensc-explorer.c, + trunk/src/tools/opensc-tool.c: Missed these from r4818 + +2010-10-20 08:48 martin + + * trunk/src/libopensc/card-mcrd.c, trunk/src/libopensc/cards.h: + EstEID: add workarond for a buggy card. + +2010-10-20 07:53 martin + + * trunk/src/tools/netkey-tool.c, trunk/src/tools/piv-tool.c, + trunk/src/tools/pkcs15-crypt.c, trunk/src/tools/pkcs15-tool.c, + trunk/src/tools/rutoken-tool.c, trunk/src/tools/westcos-tool.c: + tools: -v sets ctx->debug only if set more than once. -vv also + makes the debug go to stderr. + +2010-10-19 11:25 martin + + * trunk/NEWS, trunk/configure.ac, trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, + trunk/src/libopensc/pkcs15-esteid.c, trunk/win32/Make.rules.mak: + EstonianEid: remove the iconv dependency and use the common name + from the certificate as the card label. This makes it universal, + as some cards don't have the personal data file (Digi-ID) It + also makes it a bit ugly, as the common name is the name and + personal ID code concatenated like "FIRSTNAME,LASTNAME,123456789" + +2010-10-15 14:29 martin + + * trunk/NEWS, trunk/README, trunk/doc/Makefile.am, + trunk/doc/README: Update documentation about about wiki and + package content. + +2010-10-15 13:37 flc + + * trunk/src/cardmod/cardmod.c, trunk/src/libopensc/reader-pcsc.c: + fix sc_pkcs15_card_t struct change in cardmod.c and issue in + reader_pcsc.c for cardmod part too + +2010-10-15 08:07 flc + + * trunk/etc/opensc.conf.in, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/reader-pcsc.c: Fix patch [4709] for cardmod + until build in one static dll + +2010-10-14 19:55 dengert + + * trunk/src/libopensc/card-piv.c: Fix test code so will work with + card with real history object. + +2010-10-14 14:59 dengert + + * trunk/src/libopensc/apdu.c: Fix 253 third fix for same problem. + The first fix r4761 added a test in the wrong place. Second fix + r4804 added the test in the correct place. This fix removes one + of the tests added by r4761 + +2010-10-12 15:26 dengert + + * trunk/src/libopensc/card-piv.c, + trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-gemsafeGPK.c, + trunk/src/libopensc/pkcs15-piv.c, + trunk/src/libopensc/pkcs15-pubkey.c, + trunk/src/libopensc/pkcs15.h, + trunk/src/pkcs11/framework-pkcs15.c: sc_pkcs15_pubkey_from_cert + now uses parse_x509_cert without OpenSSL. sc_pkcs15_cert now has + pointer to sc_pkcs15_pubkey, allowing it to be removed and used + separatly. sc_pkcs15_pubkey now has pointer to sc_algorithm_id + to faclitate addition of other key algorithms and their + parameters. Various code changes to free these structures and + references to the structures have been changed. + +2010-10-08 14:53 dengert + + * trunk/src/libopensc/apdu.c: Fix #253 - Allow caller to read a + partial object by returning all that was read. Related to #257 + which fixed a different path in apdu.c + +2010-10-08 08:36 martin + + * trunk/src/tools/pkcs11-tool.c: pkcs11-tool: handle + non-recognized tokens gracefully. + * trunk/src/tools/pkcs11-tool.c: pkcs11-tool: if no slot is + specified on the command line, try to locate a slot with a + token. A modified patch from Andre Zepezauer. + +2010-10-07 15:12 vtarasov + + * trunk/src/libopensc/pkcs15-oberthur.c, + trunk/src/libopensc/pkcs15.h, trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-oberthur.c: oberthur: from the + common part remove the Oberthur specific tokenInfo flags Thanks + to Andre Zepezauer for the patch. + +2010-10-07 13:43 martin + + * trunk/README: doc: Remove wiki links from README + +2010-10-06 07:54 martin + + * trunk/src/libopensc/reader-pcsc.c: PC/SC: better detection of + card changing events. + * trunk/configure.ac: Prepare for OpenSC 0.12.0-rc1 + +2010-10-06 07:53 martin + + * trunk/win32/installer_from_build.sh: WindowsInstaller: be + flexible with make dist result name. + +2010-10-06 07:15 martin + + * trunk/src/pkcs11/sc-pkcs11.h: Fix leftover from r4646 + +2010-10-06 07:10 martin + + * trunk/win32/installer_from_build.sh: WindowsInstaller: simplify + the installer creation process + * trunk/src/libopensc/internal-winscard.h: WindowsInstaller: Fix + Mingw32 Windows build + +2010-10-05 20:37 alonbl + + * trunk, trunk/MacOSX, trunk/MacOSX/10.5, + trunk/MacOSX/10.5/resources, trunk/MacOSX/10.5/scripts, + trunk/MacOSX/10.6, trunk/MacOSX/10.6/resources, + trunk/MacOSX/10.6/scripts, trunk/doc, trunk/doc/tools, + trunk/etc, trunk/m4, trunk/solaris, trunk/src, + trunk/src/cardmod, trunk/src/common, trunk/src/libopensc, + trunk/src/pkcs11, trunk/src/pkcs15init, trunk/src/scconf, + trunk/src/tests, trunk/src/tests/regression, trunk/src/tools, + trunk/svnignore, trunk/win32: Update svn:ignore + +2010-10-05 20:34 alonbl + + * trunk/Makefile.am, trunk/NEWS, trunk/configure.ac, + trunk/doc/Makefile.am, trunk/doc/api, trunk/doc/api.css, + trunk/doc/html.xsl, trunk/doc/man.xsl: Simplify build system, + remove the generated distributed files. Thread is at [1]. Build + with docs or man now requires xsltproc. + http://www.mail-archive.com/opensc-devel@lists.opensc-project.org/msg06750.html + +2010-10-05 16:10 joao + + * trunk/src/libopensc/card-gemsafeV1.c: Add new ATR for the + Portuguese eID card. + +2010-10-05 16:02 martin + + * trunk/src/libopensc/pkcs15-atrust-acos.c, + trunk/src/libopensc/pkcs15-esteid.c, + trunk/src/libopensc/pkcs15-gemsafeV1.c, + trunk/src/libopensc/pkcs15-itacns.c, + trunk/src/libopensc/pkcs15-openpgp.c, + trunk/src/libopensc/pkcs15-starcert.c, + trunk/src/libopensc/pkcs15-tccardos.c, + trunk/src/libopensc/pkcs15-westcos.c, + trunk/src/libopensc/pkcs15.c, trunk/src/pkcs15init/profile.c: + pkcs15: don't play with TokenInfo.version. 0 means PKCS#15 v1.1. + The flag is not used by OpenSC. + +2010-10-05 15:44 martin + + * trunk/src/libopensc/pkcs15-actalis.c, + trunk/src/libopensc/pkcs15-atrust-acos.c, + trunk/src/libopensc/pkcs15-cache.c, + trunk/src/libopensc/pkcs15-esinit.c, + trunk/src/libopensc/pkcs15-esteid.c, + trunk/src/libopensc/pkcs15-gemsafeGPK.c, + trunk/src/libopensc/pkcs15-gemsafeV1.c, + trunk/src/libopensc/pkcs15-infocamere.c, + trunk/src/libopensc/pkcs15-itacns.c, + trunk/src/libopensc/pkcs15-oberthur.c, + trunk/src/libopensc/pkcs15-openpgp.c, + trunk/src/libopensc/pkcs15-piv.c, + trunk/src/libopensc/pkcs15-postecert.c, + trunk/src/libopensc/pkcs15-pteid.c, + trunk/src/libopensc/pkcs15-starcert.c, + trunk/src/libopensc/pkcs15-tccardos.c, + trunk/src/libopensc/pkcs15-tcos.c, + trunk/src/libopensc/pkcs15-westcos.c, + trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h, + trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-oberthur.c, + trunk/src/pkcs15init/profile.c, trunk/src/tests/print.c, + trunk/src/tools/pkcs15-crypt.c, trunk/src/tools/pkcs15-init.c, + trunk/src/tools/pkcs15-tool.c: libopensc: move TokenInfo fields + from sc_pkcs15_card_t to a separate structure. Thanks to Andre + Zepezauer for the patch. See + http://www.opensc-project.org/pipermail/opensc-devel/2010-September/015076.html + +2010-10-05 15:12 martin + + * trunk/src/libopensc/reader-pcsc.c: Remove now unused variables. + +2010-10-05 14:58 martin + + * trunk/src/libopensc/internal.h: libopensc: remove unused + SC_CTX_MAGIC define + * trunk/src/libopensc/card.c, trunk/src/libopensc/internal.h, + trunk/src/libopensc/libopensc.exports, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15.c: + libopensc: remove meaningless sc_card_valid() + * trunk/src/libopensc/reader-pcsc.c: PC/SC: simplify reader state + detection. This needs to be improved further, based on revision + 5278 of pcsc-lite. + * trunk/src/libopensc/reader-pcsc.c: PC/SC: move reader feature + detection to a separate function. Don't detect features of a + reader that is in exclusive mode. + * trunk/src/tools/opensc-tool.c: opensc-tool: don't print reader + driver (only one is enabled by default), instead print the + presence of a card. + +2010-10-05 14:42 martin + + * trunk/src/pkcs11/pkcs11-spy.c: pkcs11-spy: log matching objects + in hex. Patch from Andre Zepezauer + +2010-10-04 15:58 dengert + + * trunk/src/libopensc/pkcs15-algo.c: Fix erros with freeing + algorithm parameters and last entry of the algorithm_table. + +2010-09-28 13:12 martin + + * trunk/MacOSX/build: MacInstaller: prefer http over git. + +2010-09-27 14:06 martin + + * trunk/MacOSX/build: MacInstaller: allow building a x86 only + version for 10.5 + +2010-09-27 07:50 viktor.tarasov + + * trunk/src/pkcs15init/myeid.profile, + trunk/src/pkcs15init/pkcs15-myeid.c: myeid: applied patch for + MyEID card profile provided by Tony (Aventra development), + thanks. + +2010-09-26 21:30 alonbl + + * trunk/Makefile.am, trunk/configure.ac, trunk/doc/Makefile.am, + trunk/doc/nonpersistent, trunk/doc/svn2cl.xsl: Don't dump wiki + content into distribution package. As requested by Martin[1]. + Before releasing a new formal version, run: $ make + Generate-ChangeLog It generates the ChangeLog out of svn and + autoreconf again for package inclusion. [1] + http://www.opensc-project.org/pipermail/opensc-devel/2010-September/015014.html + +2010-09-25 20:35 viktor.tarasov + + * trunk/src/libopensc/ctx.c, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/padding.c, + trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15.c: libopensc: homogenise line ending + in the debug messages continuating r4759 + +2010-09-25 20:25 viktor.tarasov + + * trunk/src/libopensc/card-myeid.c: myeid: remove windows line + ending because it give the wrong LINE value in the debug + messages that follows + +2010-09-24 20:37 dengert + + * trunk/src/libopensc/card-piv.c, trunk/src/libopensc/cardctl.h, + trunk/src/libopensc/ctx.c, trunk/src/libopensc/pkcs15-piv.c, + trunk/src/tools/piv-tool.c: PIV support for NIST 800-73-3 + objects, PIV driver client can build and run without OpenSSL, + (admin functions and piv-tool still need OpenSSL) define PIV + specific ctrl codes and structures. + +2010-09-24 18:34 dengert + + * trunk/src/libopensc/card-piv.c: Remove max_recv_size checks + +2010-09-24 07:24 martin + + * trunk/src/tools/pkcs11-tool.c: pkcs11-tool: only do hotplug + testing before other activities. Thanks to Andre Zepezauer for + noticing. + +2010-09-23 11:57 flc + + * trunk/src/cardmod/cardmod.c: Fix issue in log message in cardmod + with i386-mingw-gcc v 3.4.5 + +2010-09-22 20:57 dengert + + * trunk/src/libopensc/pkcs15-itacns.c: allow pkcs15-itacns.c + compile without OpenSSL + +2010-09-22 15:12 dengert + + * trunk/src/libopensc/card-piv.c: Another max_recv_size fix + +2010-09-22 14:55 dengert + + * trunk/src/libopensc/apdu.c: Fix #257 Reading partial objects + differs for T=0 vs T=1 + +2010-09-22 14:41 dengert + + * trunk/src/pkcs11/pkcs11-object.c, trunk/src/pkcs11/sc-pkcs11.h: + Allow c_FindObjectsInit to find unlimited objects - #258 + +2010-09-22 12:17 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-oberthur-awp.c, + trunk/src/pkcs15init/pkcs15-oberthur.c: pkcs15init: homogenise + line ending of debug messages + +2010-09-22 12:06 martin + + * trunk/configure.ac: build: darwin specific customizations not + needed, need_dash_r for solaris not used. + +2010-09-22 11:51 viktor.tarasov + + * trunk/src/libopensc/apdu.c: libopensc: remove 'max_xx_size' from + debug message after the 'max_xx_size' stuff has been reverted + +2010-09-22 11:47 martin + + * trunk/MacOSX/build: MacInstaller: simplify configure arguments + * trunk/configure.ac: build: remove ancient and unsupported + platform checks, added in [94] + +2010-09-22 11:46 viktor.tarasov + + * trunk/src/tools/opensc-explorer.c: opensc-explorer: to use AID + of maximal allowed length in 'cd' command + +2010-09-22 10:02 martin + + * trunk/NEWS: Update NEWS. Remove references to local wiki dumps + and an outdated online page. + +2010-09-21 18:14 s + + * trunk/src/pkcs15init/pkcs15-rtecp.c, + trunk/src/pkcs15init/rutoken_ecp.profile: Fix: default count of + attempt (use profile) for new version firmware + +2010-09-21 16:11 martin + + * trunk/src/tools/pkcs11-tool.c: pkcs11-tool: print the token + before asking for a PIN code; shorten CKU_CONTEXT_SPECIFIC prompt + * trunk/src/tools/pkcs11-tool.c: pkcs11-tool: do --test even + without a slot, at least hotplug. print a proper error name for + C_GetSlotInfo + * trunk/src/pkcs11/mechanism.c, trunk/src/pkcs11/pkcs11-global.c: + pkcs11: move around CKR_ARGUMENTS_BAD check + * trunk/doc/tools/pkcs11-tool.xml, trunk/src/tools/pkcs11-tool.c: + pkcs11-tool: pkcs11-tool --verbose does not affect OpenSC + debugging. Document a workaround + * trunk/src/tools/pkcs11-tool.c: pkcs11-tool: cleanup whitespace + and remove unused OpenSSL ERR_* calls. + * trunk/src/tools/pkcs11-tool.c: pkcs11-tool: better separation + between opaqe slot IDs and slot list indexes. --slot will take + the actual CK_SLOT_ID --slot-label will use the token label to + find the correct slot --slot-index will use the N-th slot from + the list returned by C_GetSlotList + +2010-09-21 09:48 ludovic.rousseau + + * trunk/src/common/compat_getopt_main.c: Use "const char *" + instead of "char *" where needed. Fix compiler warnings: + compat_getopt_main.c: In function ‘main’: + compat_getopt_main.c:145: warning: initialization discards + qualifiers from pointer target type compat_getopt_main.c:288: + warning: assignment discards qualifiers from pointer target type + compat_getopt_main.c:336: warning: assignment discards + qualifiers from pointer target type compat_getopt_main.c:366: + warning: passing argument 3 of ‘handle’ discards qualifiers from + pointer target type compat_getopt_main.c:76: note: expected + ‘char *’ but argument is of type ‘const char *’ + +2010-09-21 09:45 ludovic.rousseau + + * trunk/src/common/compat_getopt_main.c: Remove an ugly cast and + fix a compiler warning compat_getopt_main.c: In function + ‘handle’: compat_getopt_main.c:123: warning: format ‘%s’ expects + type ‘char *’, but argument 3 has type ‘long unsigned int’ + +2010-09-21 09:42 ludovic.rousseau + + * trunk/src/common/compat_getopt_main.c: VERSION is already + defined ni config.h included by compat_getopt.h Redefine our own + version of VERSION + +2010-09-21 09:39 ludovic.rousseau + + * trunk/src/common/compat_getopt_main.c: include compat_getopt.h + instead of getopt.h Thanks to Guillaume JEAN for the patch + http://www.opensc-project.org/pipermail/opensc-devel/2010-September/014948.html + +2010-09-21 09:37 ludovic.rousseau + + * trunk/src/common/Makefile.am: build but do not install + compat_getopt_main This is just used for testing the + compat_getopt code in libcompat + +2010-09-20 23:10 martin + + * trunk/src/tools/pkcs15-tool.c: pkcs15-tool: harmonize and align + the output of --dump + * trunk/src/tools/pkcs15-tool.c: pkcs15-tool: only print Auth ID + if present + * trunk/src/tools/pkcs15-tool.c: pkcs15-tool: pretty-print common + object flags. + +2010-09-20 15:01 martin + + * trunk/MacOSX/10.5/libltdl.3.dylib, + trunk/MacOSX/10.5/scripts/postflight, trunk/MacOSX/build, + trunk/src/tools/Makefile.am: MacInstaller: statically link + libltdl for 10.5, as 10.5 PPC comes without the necessary .dylib + (i386 has it) Thanks to Kalev Lember for the original patch. + +2010-09-15 14:15 ludovic.rousseau + + * trunk/src/cardmod/cardmod.c: Remove the traces of C99: declare + variables before any code. Thanks to Guillaume JEAN for the + patch + http://www.opensc-project.org/pipermail/opensc-devel/2010-September/014903.html + +2010-09-15 12:00 martin + + * trunk/src/libopensc/pkcs15-openpgp.c, + trunk/src/libopensc/pkcs15-westcos.c, + trunk/src/libopensc/pkcs15.h, trunk/src/pkcs15init/pkcs15-lib.c: + libopensc: Don't touch TokenInfo.flags->loginRequired See + http://www.opensc-project.org/pipermail/opensc-devel/2010-September/014871.html + +2010-09-15 11:09 martin + + * trunk/src/libopensc/card.c, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/muscle.h: libopensc: check for unset + max_recv/send_size in all places. + +2010-09-14 09:27 martin + + * trunk/src/libopensc/card-mcrd.c: EstEID: buffer is 2 bytes + bigger than max Le. + +2010-09-14 08:49 martin + + * trunk/MacOSX/build: MacInstaller: fix syntax error + * trunk/MacOSX/build: MacInstaller: simplify ./configure calling, + disable assert-s + +2010-09-14 08:17 martin + + * trunk/configure.ac: build: add --disable-assert (enabled by + default) + +2010-09-13 08:08 viktor.tarasov + + * trunk/src/common/Makefile.mak, + trunk/src/tools/opensc-explorer.c: opensc tools: to be compiled + with Visual Studio + +2010-09-13 07:55 viktor.tarasov + + * trunk/src/libopensc/card-myeid.c: MyEID: to be compiled with + Visual Studio + +2010-09-13 07:40 martin + + * trunk/src/libopensc/ctx.c, trunk/src/libopensc/types.h: By + default the reader driver does not have receive/send limitations. + +2010-09-13 07:27 martin + + * trunk/src/libopensc/card.c: Add missing piece from r4706. + +2010-09-11 13:01 martin + + * trunk/src/libopensc/ctx.c: whitespace fix + * trunk/src/libopensc/ctx.c: libopensc: fix "ctx.c:389: warning: + unused parameter ‘opts’" + +2010-09-11 13:00 martin + + * trunk/src/libopensc/ctx.c, trunk/src/libopensc/types.h: + libopensc: remove unused SC_MAX_READER_DRIVERS + * trunk/configure.ac, trunk/doc/tools/opensc-tool.xml, + trunk/etc/opensc.conf.in, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/opensc.h, + trunk/src/libopensc/reader-ctapi.c, + trunk/src/libopensc/reader-openct.c, + trunk/src/libopensc/reader-pcsc.c, + trunk/src/tools/opensc-tool.c: Fix #216: initial go with + multiple reader subsystem removal. * One sc_context has only a + single reader driver. * remove dynamic reader driver loading + capabilities * remove opensc-tool -R command * change the + internal API, we don't need to pass around a "driver data" + pointer as it can be found directly from the context. * check in + ./configure for only a single enabled reader driver + * trunk/src/libopensc/types.h: libopensc: remove SC_MAX_READERS + which is not used. + * trunk/src/libopensc/card-belpic.c: Belpic: remove + BELPIC_SET_LANG and related code, as it is not used in OpenSC + +2010-09-09 18:58 martin + + * trunk/src/libopensc/apdu.c, trunk/src/libopensc/card-akis.c, + trunk/src/libopensc/card-atrust-acos.c, + trunk/src/libopensc/card-entersafe.c, + trunk/src/libopensc/card-gpk.c, trunk/src/libopensc/card-mcrd.c, + trunk/src/libopensc/card-miocos.c, + trunk/src/libopensc/card-muscle.c, + trunk/src/libopensc/card-myeid.c, + trunk/src/libopensc/card-piv.c, + trunk/src/libopensc/card-starcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/pkcs15-gemsafeGPK.c: Revert r4668. Change + the way limitations on max send and receive sizes are set. See + http://www.opensc-project.org/pipermail/opensc-devel/2010-September/014836.html + +2010-09-09 17:28 s + + * trunk/src/libopensc/card-rutoken.c, + trunk/src/pkcs15init/pkcs15-rutoken.c: remove software RSA + support for Rutoken S Migration OpenSC to "new scheme" (further + to r4646) + http://www.opensc-project.org/pipermail/opensc-devel/2010-September/014717.html + +2010-09-09 09:43 martin + + * trunk/MacOSX/10.5/scripts/postflight: MacInstaller: Simplify + file detection + +2010-09-09 09:18 jps + + * trunk/MacOSX/10.5/libltdl.3.dylib, + trunk/MacOSX/10.5/scripts/postflight, trunk/MacOSX/build: MacOSX + 10.5: Install libltdl.3.dylib if needed + +2010-09-08 21:23 ep + + * trunk/src/libopensc/card-itacns.c, + trunk/src/libopensc/pkcs15-itacns.c: Avoid mixed declarations + and code in ItaCNS files, per C90 + +2010-09-08 07:52 flc + + * trunk/src/cardmod/cardmod.c: Fix small log issue + +2010-09-07 12:53 martin + + * trunk/src/libopensc/card-myeid.c: MyEID: force PIN padding + properties (already set by sc_pkcs15* but not present with + opensc-explorer) + +2010-09-07 12:49 martin + + * trunk/src/libopensc/card-myeid.c: MyEID: use ISO7816 pin_cmd. + Fix card_state logic. + +2010-09-07 08:07 jps + + * trunk/MacOSX/opensc-uninstall: On MacOSX, we need to delete the + receipts too, after deleting the application files. + +2010-09-06 09:32 martin + + * trunk/src/libopensc/card-mcrd.c: EstEID: Fix #250. Force a + SELECT FILE by cheating on the internal micardo path cache. + +2010-09-06 08:54 martin + + * trunk/src/libopensc/card-mcrd.c: Micardo: remove redundant + mcrd_decipher. Handled by ISO7816 + +2010-09-05 19:55 martin + + * trunk/src/libopensc/card-jcop.c: card-jcop: remove dummy stubs. + +2010-09-05 19:22 martin + + * trunk/src/libopensc/card-myeid.c: MyEID: remove no-op ISO7816 + wrappers and not implemented stubs. + +2010-09-05 18:21 viktor.tarasov + + * trunk/src/libopensc/card-myeid.c: MyEID: make working + change/unblock PIN tested with pkcs15-tool on Linux and Windows + +2010-09-05 16:53 martin + + * trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/pkcs11-global.c: pkcs11: #250: refresh PIN + counters and associated token flags on every call to + C_GetTokenInfo + * trunk/src/tools/pkcs11-tool.c: pkcs11-tool: recognize user PIN + related token flags + +2010-09-05 16:52 martin + + * trunk/src/libopensc/card-mcrd.c: Micardo: Add + SC_PIN_CMD_GET_INFO support, currently only for EstEID cards. + * trunk/src/libopensc/pkcs15-esteid.c: EstEID: style: use sizeof() + * trunk/src/libopensc/opensc.h: libopensc: add SC_PIN_CMD_GET_INFO + and related fields to sc_pin_cmd_pin + * trunk/src/pkcs11/framework-pkcs15.c: pkcs11: Remove the comment + about max_tries==1 and CKF_USER_PIN_FINAL_TRY Assuming the + driver has correctly set max_tries to 1 then PKCS#11 is very + clear about it: """ True if supplying an incorrect user PIN will + it to become locked. """ + +2010-09-04 20:46 viktor.tarasov + + * trunk/src/libopensc/card-myeid.c, + trunk/src/pkcs15init/myeid.profile, + trunk/src/pkcs15init/pkcs15-myeid.c, + trunk/src/pkcs15init/profile.c: MyEID: For Aventra card applied + Toni's patch, enriched by Andre's proposal see: + http://www.opensc-project.org/pipermail/opensc-devel/2010-August/014662.html + +2010-09-04 20:21 viktor.tarasov + + * trunk/src/libopensc/pkcs15.c: libopensc: pkcs15: more of debug + messages + +2010-09-04 20:19 viktor.tarasov + + * trunk/src/libopensc/pkcs15-sec.c: libopensc: supplement to the + previous commit + +2010-09-04 20:16 viktor.tarasov + + * trunk/src/libopensc/card.c, trunk/src/libopensc/internal.h, + trunk/src/libopensc/libopensc.exports, + trunk/src/libopensc/opensc.h: libopensc: export + 'sc_card_find_rsa_alg' Following proposal of Andre Zepezauer, + see + http://www.opensc-project.org/pipermail/opensc-devel/2010-August/014699.html + +2010-09-04 20:08 viktor.tarasov + + * trunk/src/libopensc/apdu.c, trunk/src/libopensc/iso7816.c: + libopensc: in a supplement to r4668 Use 'max_recv_size' when + building APDU for 'select file' + +2010-09-02 22:58 ep + + * trunk/src/libopensc/pkcs15-itacns.c: Fix signedness issues in + pkcs15-itacns.c + * trunk/src/libopensc/pkcs15-itacns.c: Remove unused variables and + constants from pkcs15-itacns.c + * trunk/src/libopensc/card-itacns.c: Squelch warning about unused + se_num argument in itacns_set_security_env(), as the driver is + computing the right argument from the security environment data. + * trunk/src/libopensc/card-itacns.c: Fix signedness warnings in + card-itacns.c + * trunk/src/libopensc/iso7816.c, trunk/src/libopensc/opensc.h: + Remove unused give_random operation + * trunk/src/tools/opensc-explorer.c: Pass SFI as an + appropriately-sized number + +2010-09-02 18:23 martin + + * trunk/src/tools/pkcs15-tool.c: Fixup for #102: also in command + help. + +2010-09-02 18:21 martin + + * trunk/doc/tools/pkcs15-tool.xml: manpages: #102: --change-pin + also works for a PUK code. + +2010-09-02 13:39 martin + + * trunk/src/libopensc/pkcs15-itacns.c: Style: // -> /**/ + +2010-09-02 13:38 martin + + * trunk/src/pkcs11/libpkcs11.c: libpkcs11: Print error messages + from PKCS#11 module loading + +2010-09-02 09:19 viktor.tarasov + + * trunk/src/pkcs11/framework-pkcs15.c: pkcs11: #250: update slot + PIN flags when verifying slot's auth object + +2010-09-01 11:50 martin + + * trunk/src/libopensc/apdu.c, trunk/src/libopensc/opensc.h: + libopensc: improve max_send/recv_size related code comments. + * trunk/etc/opensc.conf.in: opensc.conf: Better comment for + max_send/recv_size meaning and default values. + * trunk/src/libopensc/apdu.c: Ticket #226: Initial changes as + noted by reporter + +2010-09-01 11:46 martin + + * trunk/src/pkcs11/framework-pkcs15.c: Add a FIXME for keys>2048b + * trunk/src/libopensc/card-mcrd.c: EstEID: small fixes for working + with a modified max_send/recv_size + +2010-09-01 06:23 martin + + * trunk/src/libopensc/pkcs15-pin.c: libopensc: PIN usage counter + is decreased every time it is sent to the card, no matter what + the card replies (should probably reply with success) + * trunk/src/libopensc/pkcs15.c: Whitespace fix + * trunk/src/pkcs11/framework-pkcs15.c: Whitespace fix + * trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/framework-pkcs15init.c, + trunk/src/pkcs11/pkcs11-object.c, trunk/src/pkcs11/sc-pkcs11.h: + pkcs11: C_SeedRandom is not implemented by OpenSC nor most smart + cards, nor does it fit well into PKCS#15 concept. + * trunk/src/libopensc/pkcs15.c, + trunk/src/pkcs11/framework-pkcs15.c: pkcs15: don't override + TokenInfo PRNG flag. pkcs11: announce CKF_RNG if the card driver + supports it, bypassing PKCS#15. GET CHALLENGE and RNG don't + match 1:1 anyway. Thanks to Andre Zepezauer for noticing this. + +2010-08-31 01:24 martin + + * trunk/doc/tools/pkcs15-init.xml: Debian #451155: Document + pkcs15-init --update-certificate/-U in man page. + * trunk/src/libopensc/ctx.c: libopensc: remove the "etoken" alias + for "cardos" cards. + +2010-08-30 16:37 viktor.tarasov + + * trunk/src/tools/pkcs15-tool.c: #73: pkcs15-tool: when changing + PIN, print message if no PIN value supplied + +2010-08-27 09:39 martin + + * trunk/MacOSX/build, trunk/MacOSX/libtool-bundle: MacInstaller: + Add .bundle generation capability from SCA. Thanks to + Jean-Pierre Szikora for the reminder. Adobe Acrobat is one + program that requires the .bundle format. + +2010-08-27 09:28 martin + + * trunk/src/tools/pkcs15-init.c: pkcs15-init: fix leftover from + [4646] + +2010-08-27 08:24 martin + + * trunk/src/libopensc/card-cardos.c: Revert CardOS change from + Italian CNS patch [4627]. Limiting Le for CNS should be done in + pkcs15-itacns.c + +2010-08-25 19:24 s + + * trunk/src/libopensc/card-rtecp.c: add ATR for Rutoken ECP (DS) + Thanks to Aktiv Co. Kirill Mescheryakov for the patch. + +2010-08-25 12:57 martin + + * trunk/win32/OpenSC.iss, trunk/win32/README.rtf, + trunk/win32/installer_from_build.sh: build: add installer files + and a small script to build a win32 installer from build project + binaries. + +2010-08-25 12:51 martin + + * trunk/src/pkcs15init/profile.c: pkcs15init: On Windows, get the + profile directory from registry instead of configuration file. + This allows the installation directory for non-dll files to be + anywhere on the system. + +2010-08-25 09:09 martin + + * trunk/NEWS: Update NEWS for 0.12.0 + +2010-08-25 08:44 martin + + * trunk/MacOSX, trunk/MacOSX/10.5, trunk/MacOSX/10.5/resources, + trunk/MacOSX/10.5/resources/InstallationCheck.strings, + trunk/MacOSX/10.5/resources/License.html, + trunk/MacOSX/10.5/resources/ReadMe.html, + trunk/MacOSX/10.5/resources/background.jpg, + trunk/MacOSX/10.5/scripts, + trunk/MacOSX/10.5/scripts/InstallationCheck, + trunk/MacOSX/10.5/scripts/postflight, trunk/MacOSX/10.6, + trunk/MacOSX/10.6/resources, + trunk/MacOSX/10.6/resources/InstallationCheck.strings, + trunk/MacOSX/10.6/resources/License.html, + trunk/MacOSX/10.6/resources/ReadMe.html, + trunk/MacOSX/10.6/resources/background.jpg, + trunk/MacOSX/10.6/scripts, + trunk/MacOSX/10.6/scripts/InstallationCheck, + trunk/MacOSX/10.6/scripts/postflight, trunk/MacOSX/build, + trunk/MacOSX/opensc-uninstall: Add build script for Mac OS X. + Uses github copies of SVN for source. Includes: Add static + engine_pkcs11.so to the 10.6 installer (#246) Patch from Mart + Randala: add a nice background image and readme file and license + file. Patch from Joo Poupas: fix a typo and also work with + docbook-xsl from macports. + +2010-08-25 08:40 martin + + * trunk/etc/opensc.conf.in: Update OpenSC.tokend related default + config file entries. + +2010-08-25 08:32 martin + + * trunk/src/libopensc/reader-ctapi.c, + trunk/src/libopensc/reader-pcsc.c: CT-API, PC/SC: truncating + atr_len makes no sense. + +2010-08-23 14:47 martin + + * trunk/src/pkcs11/pkcs11-global.c, + trunk/src/pkcs11/pkcs11-object.c, + trunk/src/pkcs11/pkcs11-session.c: pkcs11: check PKCS#11 + function parameters for obvious errors and return + CKR_ARGUMENTS_BAD early without locking the module. + * trunk/doc/tools/pkcs15-init.xml, trunk/etc/opensc.conf.in, + trunk/src/pkcs11/Makefile.am, trunk/src/pkcs11/Makefile.mak, + trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/openssl.c, + trunk/src/pkcs11/pkcs11-object.c, trunk/src/pkcs11/secretkey.c, + trunk/src/tools/pkcs15-init.c: pkcs11/pkcs15-init: remove + automagic software key generation. Remove software based secret + key handling from PKCS#11. Support for importing cleartext keys + is left untouched, but all transparent key generation by either + opensc-pkcs11.so or pkcs15-init is removed, to make the + operation with cleartext keys visible to the user and his + explicit wish. OpenSC is a PKCS#11 library for accessing keys + protected by a smart card. Key material in software is not + protected by smart cards and can leave a false sense of security + to the user. + http://www.opensc-project.org/pipermail/opensc-devel/2010-April/013877.html + +2010-08-23 10:32 martin + + * trunk/src/libopensc/errors.c, trunk/src/libopensc/errors.h, + trunk/src/libopensc/pkcs15-sec.c, + trunk/src/pkcs15init/pkcs15-lib.c: libopensc: Remove unused + internal SC_ERROR_EXTRACTABLE_KEY and correct relevant comments + (native != extractable) + * trunk/src/libopensc/errors.c, trunk/src/libopensc/errors.h: + libopensc: Fix SC_ERROR defines and messages: remove unused + error defines, fix the internal value of some PKCS#15 related + errors. + * trunk/configure.ac: build: don't check for unused functions and + headers. + +2010-08-23 09:34 martin + + * trunk/src/libopensc/card-mcrd.c, + trunk/src/libopensc/pkcs15-esteid.c: EstEID: sc_format_path sets + SC_PATH_TYPE_PATH by default + +2010-08-21 20:12 ep + + * trunk/doc/tools/opensc-explorer.xml, + trunk/src/tools/opensc-explorer.c: Support reading record files + by SFI + * trunk/src/tools/opensc-explorer.c: Only free current_file if it + is set + * trunk/src/libopensc/iso7816.c: If a FCI features tag 84h, then + the file is a DF + +2010-08-20 22:51 ep + + * trunk/src/tools/opensc-explorer.c: Refactored the "select the + file referenced by current_path; die on error" idiom in + opensc-explorer. This version, additionally, skips this step + entirely if there is no current_path; this is useful when + starting with --mf "". + * trunk/doc/tools/opensc-explorer.xml, + trunk/src/tools/opensc-explorer.c: Fix and document + opensc-explorer's new -m, --mf option + +2010-08-18 15:08 ludovic.rousseau + + * trunk/src/libopensc/asn1.c, + trunk/src/libopensc/card-atrust-acos.c, + trunk/src/libopensc/card-belpic.c, + trunk/src/libopensc/card-entersafe.c, + trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/card-jcop.c, + trunk/src/libopensc/card-mcrd.c, + trunk/src/libopensc/card-oberthur.c, + trunk/src/libopensc/card-openpgp.c, + trunk/src/libopensc/card-piv.c, + trunk/src/libopensc/card-starcos.c, + trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/dir.c, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/muscle-filesystem.c, + trunk/src/libopensc/pkcs15-actalis.c, + trunk/src/libopensc/pkcs15-atrust-acos.c, + trunk/src/libopensc/pkcs15-cache.c, + trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-data.c, + trunk/src/libopensc/pkcs15-esinit.c, + trunk/src/libopensc/pkcs15-gemsafeGPK.c, + trunk/src/libopensc/pkcs15-infocamere.c, + trunk/src/libopensc/pkcs15-postecert.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-pubkey.c, + trunk/src/libopensc/pkcs15-starcert.c, + trunk/src/libopensc/pkcs15-syn.c, + trunk/src/libopensc/pkcs15-wrap.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/reader-ctapi.c, + trunk/src/libopensc/reader-pcsc.c, trunk/src/libopensc/sc.c, + trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/libpkcs11.c, trunk/src/pkcs11/mechanism.c, + trunk/src/pkcs11/openssl.c, trunk/src/pkcs11/pkcs11-global.c, + trunk/src/pkcs11/pkcs11-object.c, trunk/src/pkcs11/pkcs11-spy.c, + trunk/src/pkcs11/secretkey.c, + trunk/src/pkcs15init/pkcs15-cardos.c, + trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-entersafe.c, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-incrypto34.c, + trunk/src/pkcs15init/pkcs15-jcop.c, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-myeid.c, + trunk/src/pkcs15init/pkcs15-oberthur.c, + trunk/src/pkcs15init/pkcs15-setcos.c, + trunk/src/pkcs15init/pkcs15-starcos.c, + trunk/src/pkcs15init/profile.c, trunk/src/scconf/parse.c, + trunk/src/scconf/scconf.c, trunk/src/scconf/sclex.c, + trunk/src/scconf/write.c, trunk/src/tests/p15dump.c, + trunk/src/tests/pintest.c, trunk/src/tools/cryptoflex-tool.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/piv-tool.c, + trunk/src/tools/pkcs11-tool.c, trunk/src/tools/pkcs15-init.c, + trunk/src/tools/pkcs15-tool.c, trunk/src/tools/westcos-tool.c: + Do not cast the return value of malloc(3) and calloc(3) From + http://en.wikipedia.org/wiki/Malloc#Casting_and_type_safety " + Casting and type safety malloc returns a void pointer (void *), + which indicates that it is a pointer to a region of unknown data + type. One may "cast" (see type conversion) this pointer to a + specific type, as in int *ptr = (int*)malloc(10 * sizeof (int)); + When using C, this is considered bad practice; it is redundant + under the C standard. Moreover, putting in a cast may mask + failure to include the header stdlib.h, in which the prototype + for malloc is found. In the absence of a prototype for malloc, + the C compiler will assume that malloc returns an int, and will + issue a warning in a context such as the above, provided the + error is not masked by a cast. On certain architectures and data + models (such as LP64 on 64 bit systems, where long and pointers + are 64 bit and int is 32 bit), this error can actually result in + undefined behavior, as the implicitly declared malloc returns a + 32 bit value whereas the actually defined function returns a 64 + bit value. Depending on calling conventions and memory layout, + this may result in stack smashing. The returned pointer need not + be explicitly cast to a more specific pointer type, since ANSI C + defines an implicit conversion between the void pointer type and + other pointers to objects. An explicit cast of malloc's return + value is sometimes performed because malloc originally returned + a char *, but this cast is unnecessary in standard C code.[4][5] + Omitting the cast, however, creates an incompatibility with C++, + which does require it. The lack of a specific pointer type + returned from malloc is type-unsafe behaviour: malloc allocates + based on byte count but not on type. This distinguishes it from + the C++ new operator that returns a pointer whose type relies on + the operand. (see C Type Safety). " See also + http://www.opensc-project.org/pipermail/opensc-devel/2010-August/014586.html + +2010-08-18 13:42 ep + + * trunk/src/libopensc/pkcs15-itacns.c: Use strlcpy(3), strlcat(3) + in pkcs15-itacns.c + * trunk/configure.ac, trunk/src/common/Makefile.am, + trunk/src/common/compat_strlcat.c, + trunk/src/common/compat_strlcat.h, + trunk/src/tools/opensc-explorer.c: strlcat(3) implementation + * trunk/src/libopensc/card-incrypto34.c: Prevent card-incrypto34.c + from catching the Italian CNS card's ATR + * trunk/src/libopensc/pkcs15-itacns.c: Avert potential buffer + overflows in pkcs15-itacns.c + +2010-08-16 09:33 ludovic.rousseau + + * trunk/src/libopensc/internal-winscard.h: Use (SCARD_READERSTATE + *) instead of LPSCARD_READERSTATE since LPSCARD_READERSTATE is + not define in old pcsc-lite (< 1.6.3) nor Mac OS X + +2010-08-16 08:59 martin + + * trunk/etc/opensc.conf.in, trunk/src/pkcs11/slot.c: Fix and + change ignored readers feature introducsed in r4626 for Windows. + strcasestr is GNU specific extension. + * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/ctx.c: + itacns: add itacns.h to distribution targzip, fix card driver + ordering. + * trunk/src/libopensc/internal-winscard.h: PC/SC: Fix building on + OS X and mingw32 after r4626 + +2010-08-16 00:56 ep + + * trunk/etc/opensc.conf.in, trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, + trunk/src/libopensc/card-cardos.c, + trunk/src/libopensc/card-itacns.c, trunk/src/libopensc/cards.h, + trunk/src/libopensc/ctx.c, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/itacns.h, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15-itacns.c, + trunk/src/libopensc/pkcs15-syn.c: New card driver: Italian + CNS/CIE (eID) + +2010-08-15 14:57 ludovic.rousseau + + * trunk/src/libopensc/internal-winscard.h, + trunk/src/libopensc/reader-pcsc.c: Use SCARD_READERSTATE instead + of SCARD_READERSTATE_A SCARD_READERSTATE_A is not used by + Microsoft API and is no more defined/used by pcsc-lite >= 1.6.2 + Thanks to Josef Windorfer for the bug report + http://www.opensc-project.org/pipermail/opensc-user/2010-August/004235.html + +2010-08-15 09:34 martin + + * trunk/src/pkcs11/misc.c: pkcs11: remove outdated config entry + parsing. + +2010-08-15 09:33 martin + + * trunk/etc/opensc.conf.in, trunk/src/pkcs11/slot.c: Implement + simple reader ignoring, to exclude readers from OpenSC PKCS#11 + module. + +2010-08-14 12:18 martin + + * trunk/src/tools/opensc-explorer.c: opensc-tool: Fix ACL + reporting for EF-s. Patch by Emanuele Pucciarelli. + +2010-08-13 09:27 martin + + * trunk/src/libopensc/internal-winscard.h: Add back MAX_ATR_SIZE + which was erroneously removed in r4611. Fixes mingw32 build. + +2010-08-12 21:49 ludovic.rousseau + + * trunk/src/libopensc/card-belpic.c: Correctly use pin2 when + needed. Patch from OpenSUSE. Closes ticket #249. + +2010-07-30 07:09 ludovic.rousseau + + * trunk/src/libopensc/internal-winscard.h: Use || instead of | in + a #if check + +2010-07-27 08:05 martin + + * trunk/configure.ac: configure: Add possible docbook paths on OS + X (Fink, MacPorts) + +2010-07-26 13:16 martin + + * trunk/src/libopensc/cardctl.h, + trunk/src/libopensc/internal-winscard.h, + trunk/src/libopensc/reader-pcsc.c: Trac #244: Fix structure + packing on Apple and SUN. Fix display detection by updating + structure definitions. + +2010-07-26 11:18 martin + + * trunk/src/tools/cardos-tool.c: cardos-tool: fix handing of + --help/--verbose/--debug --debug was not documented and not used + by other tools; --help was not handled. Thanks to Ludolf + Holzheid for noticing this. + +2010-07-26 11:17 martin + + * trunk/src/tools/pkcs15-init.c: pkcs15-init: fix help text + ordering (Ludolf Holzheid) + * trunk/doc/tools/pkcs15-tool.xml: man: use --auth-id instead of + bogus --pin-id in pkcs15-tool man page. [Ludolf Holzheid] + +2010-07-21 09:50 viktor.tarasov + + * trunk/src/tools/pkcs11-tool.c: pkcs11 tool: fix messages + +2010-07-20 07:51 flc + + * trunk/src/cardmod/cardmod.c: minors log message corrections to + build successfully. + +2010-07-08 08:09 viktor.tarasov + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/pkcs15-prkey.c: + #245: pkcs15 asn1: 'subjectName' in 'commonPrivateKeyAttributes' + is optional thanks to Jean-Michel + +2010-07-06 12:40 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-entersafe.c: #229: pkcs15init + entersafe: 'sanity-check' includes the update of the User PIN's + 'pinFlags' + +2010-07-06 09:09 viktor.tarasov + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/pkcs15.h, + trunk/src/tools/pkcs15-tool.c: pkcs15: encode/decode + 'AccessControlRules' in 'CommonObjectAttributes' + +2010-07-05 17:54 martin + + * trunk/src/libopensc/card-muscle.c: Fix MuscleApplet version + detection + +2010-07-05 14:43 viktor.tarasov + + * trunk/src/tools/pkcs11-tool.c: #60: pkcs11-tool: print key sizes + from CK_MECHANISM_INFO + +2010-07-05 13:29 viktor.tarasov + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/asn1.h, + trunk/src/libopensc/pkcs15-oberthur.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-pubkey.c, + trunk/src/libopensc/pkcs15.h: pkcs15: encode/decode + 'subjectName' in 'CommonPrivateKeyAttributes' + +2010-07-05 12:57 viktor.tarasov + + * trunk/src/libopensc/types.h: pkcs15: correct the comments + +2010-07-05 12:54 viktor.tarasov + + * trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/types.h: + pkcs15: decode 'supportedAlgorithms' in 'TokenInfo' + +2010-07-05 09:33 viktor.tarasov + + * trunk/src/libopensc/opensc.h, trunk/src/libopensc/types.h: + re-distribute 'define' macros between types.h and opensc.h move + 'define' macros closer to the definition of the related data + types + +2010-07-02 14:26 viktor.tarasov + + * trunk/src/libopensc/libopensc.exports, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/tools/pkcs15-init.c: pkcs15init: create frame to + implement card specific 'sanity check' procedure + +2010-07-02 13:46 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-oberthur.c: pkcs15init: homogenize + argument order of pkcs15init operations + +2010-07-01 12:31 viktor.tarasov + + * trunk/src/tools/opensc-explorer.c: tools opensc-explorer: for + 'apdu' command accept space separated hexadecimal data + +2010-06-30 17:27 martin + + * trunk/m4/libassuan.m4: Assuan is not used. + +2010-06-21 10:49 viktor.tarasov + + * trunk/src/libopensc/pkcs15-cert.c: pkcs15/pkcs11: encoding of + certificate's attribute 'serialNumber' Applying patch of Andre + Zepezauer. Thanks. + +2010-06-16 21:04 martin + + * trunk/src/tools/pkcs15-init.c: pkcs15-init: only override + --verbose to ctx->debug if it was set on command line. + +2010-06-16 15:08 martin + + * trunk/src/tools/pkcs15-init.c: Revert "pkcs15-init tool: with + the new option 'use-default-debug-settings' the debug settings + from opensc.conf are used" This reverts commit + b7d492fbae6c57f6f5173ef857265efcee42cdf0. + +2010-06-16 14:12 martin + + * trunk/src/libopensc/ctx.c: OSX: For Tokend, set the debug file + by default to /tmp/opensc-debug.log + +2010-06-16 14:11 martin + + * trunk/src/tools/westcos-tool.c: westcos-tool: remove compiler + warnings westcos-tool.c: In function ‘main’: westcos-tool.c:375: + warning: unused variable ‘lecteur’ westcos-tool.c:373: warning: + unused variable ‘card_presente’ westcos-tool.c:372: warning: + unused variable ‘p’ westcos-tool.c:371: warning: unused variable + ‘i’ westcos-tool.c: At top level: westcos-tool.c:43: warning: + ‘version’ defined but not used westcos-tool.c:45: warning: + ‘nom_card’ defined but not used westcos-tool.c:103: warning: + ‘no_lecteur’ defined but not used + +2010-06-16 13:43 martin + + * trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/slot.c: + pkcs11: move the slot list size check to slot creation. + * trunk/src/pkcs11/slot.c: style: space -> tab + +2010-06-16 13:42 martin + + * trunk/src/pkcs11/pkcs11-global.c: pkcs11: Patch from Andre + Zepezauer to remove max_virtual_slots allocation. See + http://www.opensc-project.org/pipermail/opensc-devel/2010-June/014356.html + +2010-06-16 12:01 martin + + * trunk/src/libopensc/cardctl.h, + trunk/src/pkcs15init/pkcs15-oberthur.h: style: // -> /* */ + +2010-06-16 11:43 ludovic.rousseau + + * trunk/src/pkcs11/pkcs11-global.c, + trunk/src/pkcs11/pkcs11-object.c, + trunk/src/pkcs11/pkcs11-session.c: Use CK_RV (defined as + unsigned long) instead of int for the type the return code of + C_* functions Thanks to Martin Vogt for the patch + http://www.opensc-project.org/pipermail/opensc-devel/2010-June/014351.html + +2010-06-16 11:32 ludovic.rousseau + + * trunk/src/pkcs11/pkcs11-global.c: pkcs11-global.c: In function + ‘C_WaitForSlotEvent’: pkcs11-global.c:624: warning: unused + variable ‘ii’ + +2010-06-11 07:36 martin + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, + trunk/src/libopensc/p15emu-westcos.c, + trunk/src/libopensc/pkcs15-westcos.c: Rename p15emu-westcos.c to + pkcs15-westcos.c + +2010-06-11 07:35 martin + + * trunk/src/cardmod/cardmod.c, trunk/src/libopensc/card-piv.c, + trunk/src/libopensc/card-westcos.c, + trunk/src/libopensc/p15emu-westcos.c, + trunk/src/libopensc/reader-pcsc.c, + trunk/src/pkcs11/pkcs11-session.c, trunk/src/pkcs11/slot.c, + trunk/src/tools/netkey-tool.c, trunk/src/tools/westcos-tool.c: + style: // -> /* */ + +2010-06-10 14:49 martin + + * trunk/src/libopensc/card-muscle.c, trunk/src/libopensc/cards.h: + MuscleApplet: Check for protocol version to be + forward-compatible. Remove some whitespace. Remove support for + <1024b keys. + +2010-06-10 09:08 martin + + * trunk/src/libopensc/card-muscle.c: MuscleApplet: Don't set the + file ID as the name of the file. It is redundant and does not + look nice. + +2010-06-09 13:53 martin + + * trunk/src/libopensc/card-entersafe.c, + trunk/src/libopensc/cardctl.h, + trunk/src/pkcs15init/pkcs15-entersafe.c: Entersafe: cache the + presented PIN on personalization, simplify the code a bit. See + http://www.opensc-project.org/pipermail/opensc-devel/2010-June/014312.html + +2010-06-09 13:39 martin + + * trunk/doc/api/api.xml, trunk/doc/api/apps/chapter.xml, + trunk/doc/api/apps/sc_enum_apps.xml, + trunk/doc/api/apps/sc_find_app_by_aid.xml, + trunk/doc/api/apps/sc_find_pkcs15_app.xml, + trunk/doc/api/apps/sc_free_apps.xml, + trunk/doc/api/apps/sc_update_dir.xml, + trunk/doc/api/asn1/chapter.xml, + trunk/doc/api/asn1/sc_asn1_decode.xml, + trunk/doc/api/asn1/sc_asn1_encode.xml, + trunk/doc/api/asn1/sc_asn1_find_tag.xml, + trunk/doc/api/asn1/sc_asn1_print_tags.xml, + trunk/doc/api/asn1/sc_asn1_put_tag.xml, + trunk/doc/api/asn1/sc_asn1_read_tag.xml, + trunk/doc/api/asn1/sc_asn1_skip_tag.xml, + trunk/doc/api/asn1/sc_asn1_verify_tag.xml, + trunk/doc/api/asn1/sc_copy_asn1_entry.xml, + trunk/doc/api/asn1/sc_format_asn1_entry.xml, + trunk/doc/api/card/chapter.xml, + trunk/doc/api/card/sc_card_ctl.xml, + trunk/doc/api/card/sc_check_sw.xml, + trunk/doc/api/card/sc_format_apdu.xml, + trunk/doc/api/card/sc_get_challenge.xml, + trunk/doc/api/card/sc_get_data.xml, + trunk/doc/api/card/sc_lock.xml, + trunk/doc/api/card/sc_put_data.xml, + trunk/doc/api/card/sc_transmit_apdu.xml, + trunk/doc/api/card/sc_unlock.xml, + trunk/doc/api/card/sc_wait_for_event.xml, + trunk/doc/api/file/chapter.xml, + trunk/doc/api/file/sc_append_record.xml, + trunk/doc/api/file/sc_create_file.xml, + trunk/doc/api/file/sc_delete_file.xml, + trunk/doc/api/file/sc_delete_record.xml, + trunk/doc/api/file/sc_file_dup.xml, + trunk/doc/api/file/sc_file_free.xml, + trunk/doc/api/file/sc_file_new.xml, + trunk/doc/api/file/sc_list_files.xml, + trunk/doc/api/file/sc_read_binary.xml, + trunk/doc/api/file/sc_read_record.xml, + trunk/doc/api/file/sc_select_file.xml, + trunk/doc/api/file/sc_update_binary.xml, + trunk/doc/api/file/sc_update_record.xml, + trunk/doc/api/file/sc_write_binary.xml, + trunk/doc/api/file/sc_write_record.xml, + trunk/doc/api/init/chapter.xml, + trunk/doc/api/init/sc_card_valid.xml, + trunk/doc/api/init/sc_connect_card.xml, + trunk/doc/api/init/sc_detect_card_presence.xml, + trunk/doc/api/init/sc_disconnect_card.xml, + trunk/doc/api/init/sc_establish_context.xml, + trunk/doc/api/init/sc_get_cache_dir.xml, + trunk/doc/api/init/sc_make_cache_dir.xml, + trunk/doc/api/init/sc_release_context.xml, + trunk/doc/api/init/sc_set_card_driver.xml, + trunk/doc/api/misc/chapter.xml, trunk/doc/api/types/chapter.xml, + trunk/doc/api/types/sc_app_info_t.xml, + trunk/doc/api/types/sc_asn1_entry.xml, + trunk/doc/api/types/sc_card_t.xml, + trunk/doc/api/types/sc_file_t.xml, + trunk/doc/api/types/sc_path_t.xml, + trunk/doc/api/util/chapter.xml, + trunk/doc/api/util/sc_base64_decode.xml, + trunk/doc/api/util/sc_base64_encode.xml, + trunk/doc/api/util/sc_der_clear.xml, + trunk/doc/api/util/sc_der_copy.xml, + trunk/doc/api/util/sc_strerror.xml: Documentation: there is no + external API, remove the manpage generation. + +2010-06-09 11:18 martin + + * trunk/src/pkcs15init/entersafe.profile: Entersafe: the default + profile should have local PIN-s See + http://www.opensc-project.org/pipermail/opensc-devel/2010-June/014310.html + +2010-06-09 10:06 martin + + * trunk/src/pkcs15init/pkcs15-oberthur.c: Fix compilation without + OpenSSL + +2010-06-08 14:41 jps + + * trunk/src/tools/cardos-tool.c: cardos-tool.c can be now compiled + with OpenSSL 0.9.7 (SHA256 checksum verification is replaced by + SHA1) + +2010-06-08 10:45 martin + + * trunk/src/tools/cardos-tool.c: tools: Mac OS X 10.5 uses OpenSSL + 0.9.7 which does not include SHA256 support. Fix building for + 10.5. + +2010-06-05 08:51 s + + * trunk/src/pkcs11/openssl.c: fix: openssl (lock_dbg_cb): already + locked (mode=9, type=30) at eng_list.c:360 openssl + (lock_dbg_cb): not locked (mode=10, type=30) at eng_table.c:186\ + Thanks to Jan Just Keijser for development and patch + http://www.opensc-project.org/pipermail/opensc-devel/2010-June/014314.html + +2010-06-04 22:23 s + + * trunk/src/pkcs11/openssl.c: fix: 'openssl: double free or + corruption' (load gost engine before loading engine_pkcs11 + (which loading gost engine)) + +2010-06-01 12:28 martin + + * trunk/src/libopensc/ctbcs.c: Fix #223: implement + ctbcs_build_modify_verification_apdu. + * trunk/src/libopensc/reader-ctapi.c: CT-API: Fix the mess left + from broken [3931] and some pieces from [4118]. + +2010-05-31 16:49 martin + + * trunk/src/libopensc/asn1.c: Fix a segfault leftover from r4118 + Thanks to Andre Zepezauer for the report and patch. + +2010-05-30 13:54 s + + * trunk/src/pkcs15init/rutoken.profile: Rutoken S: add 'aid' to + profile (for '-init --create-pkcs15 --so-pin 87654321 --so-puk + -p rutoken+small') + +2010-05-30 13:52 s + + * trunk/src/libopensc/dir.c: fix: SIGSEGV Program received signal + SIGSEGV, Segmentation fault. 0x00007f7d6f29fd55 in free () from + /lib64/libc.so.6 (gdb) bt #0 0x00007f7d6f29fd55 in free () from + /lib64/libc.so.6 #1 0x00007f7d703a4128 in sc_update_dir + (card=0x17463a0, app=) at dir.c:306 #2 + 0x00007f7d7040cb58 in sc_pkcs15init_add_app (card=, profile=0x1754840, args=) + at pkcs15-lib.c:2354 + +2010-05-30 07:56 s + + * trunk/src/pkcs11/slot.c: fix: memory leak (but see FIXME) + ==21111== 1,360 (120 direct, 1,240 indirect) bytes in 1 blocks + are definitely lost in loss record 107 of 109 ==21111== at + 0x4C24F0D: realloc (vg_replace_malloc.c:476) ==21111== by + 0x409D23: sc_pkcs11_register_mechanism (mechanism.c:44) + ==21111== by 0x410595: pkcs15_bind (framework-pkcs15.c:3160) + ==21111== by 0x4085DD: card_detect (slot.c:214) ==21111== by + 0x408887: initialize_reader (slot.c:114) ==21111== by 0x404C50: + C_Initialize (pkcs11-global.c:247) ==21111== by 0x4034C9: main + ==21111== ==21111== LEAK SUMMARY: ==21111== definitely lost: 120 + bytes in 1 blocks + +2010-05-30 07:52 s + + * trunk/src/pkcs11/slot.c: fix: memory leak - next object missed + out to release + +2010-05-30 07:31 s + + * trunk/src/pkcs11/pkcs11-global.c: fix: memory leak example: int + main() { C_Initialize(NULL); C_Finalize(NULL); return 0; } + ==4625== 592 (504 direct, 88 indirect) bytes in 1 blocks are + definitely lost in loss record 9 of 10 ==4625== at 0x4C24137: + calloc (vg_replace_malloc.c:418) ==4625== by 0x407FD9: + create_slot (slot.c:80) ==4625== by 0x40452C: C_Initialize + (pkcs11-global.c:243) ==4625== by 0x40342A: main ==4625== + ==4625== 4,736 (4,032 direct, 704 indirect) bytes in 8 blocks + are definitely lost in loss record 10 of 10 ==4625== at + 0x4C24137: calloc (vg_replace_malloc.c:418) ==4625== by + 0x407FD9: create_slot (slot.c:80) ==4625== by 0x408102: + initialize_reader (slot.c:108) ==4625== by 0x4044E0: + C_Initialize (pkcs11-global.c:247) ==4625== by 0x40342A: main + ==4625== ==4625== LEAK SUMMARY: ==4625== definitely lost: 4,536 + bytes in 9 blocks + +2010-05-27 08:12 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: fix undeclared + variable Noted by Jean-Michel, thanks. + +2010-05-26 14:33 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: do not reuse + existing file when storing object data or updating certificate + merged with r4380:4380 of + https://www.opensc-project.org/svn/opensc/branches/vtarasov/opensc-sm.trunk + +2010-05-25 08:06 viktor.tarasov + + * trunk/src/libopensc/pkcs15-cert.c, + trunk/src/tools/pkcs15-tool.c: pkcs11: DER encoded value for + CKA_SERIAL_NUMBER discussed in + http://www.opensc-project.org/pipermail/opensc-devel/2010-May/014264.html + +2010-05-19 19:49 s + + * trunk/src/pkcs15init/rutoken.profile: fix: Rutoken S: no need to + reserve 5000 bytes for AppDF (pkcs15.profile: size = 5000) + +2010-05-19 09:18 viktor.tarasov + + * trunk/src/libopensc/ctx.c, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/reader-pcsc.c, + trunk/src/pkcs11/pkcs11-global.c, trunk/src/tools/util.c: + pkcs11: resolve 'endless polling' in C_WaitForSlotEvent() + http://www.opensc-project.org/pipermail/opensc-devel/2010-April/013947.html + Tested with Firefox 3.6.3 in WinXP SP3 . + +2010-05-19 08:37 viktor.tarasov + + * trunk/src/libopensc/pkcs15-pin.c: libopensc: in + sc_pkcs15_verify_pin() if no PIN provided try to use pin pad + It's a complement to the r4361. + +2010-05-19 08:26 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: when verifying + PIN, if no value supplied, try to use pin pad + +2010-05-19 08:18 viktor.tarasov + + * trunk/src/libopensc/card.c: libopensc: do not invalidate card + cache in sc_unlock() + +2010-05-19 08:17 viktor.tarasov + + * trunk/etc/opensc.conf.in, trunk/src/pkcs11/misc.c: pkcs11: by + default do not lock login + +2010-05-14 13:37 martin + + * trunk/src/libopensc/card-muscle.c, trunk/src/libopensc/muscle.c: + MuscleApplet: Detect MuscleApplet specific SW-s; re-organize the + source a little. + +2010-05-14 07:40 martin + + * trunk/src/libopensc/card-muscle.c: Muscle: use MuscleApplet as + the name of the card as well as driver + +2010-05-14 07:39 martin + + * trunk/src/libopensc/card-muscle.c: MuscleApplet: remove useless + card detection flagging, don't call the default driver init + operation. + +2010-05-13 21:57 s + + * trunk/src/pkcs11/openssl.c: fix: loading openssl engine with + GOST algorithms Thanks to Jan Just Keijser, Martin Paljak, + Andreas Jellinghaus, Robert Relyea, Dimitrios Siganos see: + http://www.opensc-project.org/pipermail/opensc-devel/2010-April/013956.html + http://www.opensc-project.org/pipermail/opensc-devel/2010-April/013966.html + +2010-05-13 17:47 viktor.tarasov + + * trunk/src/pkcs11/misc.c: plcs11: set default value for + 'lock_login' to 'true' as it' stated by the commets in + opensc.con.in At the origin there were problem of signing with + Feitian card, noted by Ludovic. + http://www.opensc-project.org/pipermail/opensc-devel/2010-May/014180.html + +2010-05-13 17:45 viktor.tarasov + + * trunk/src/pkcs15init/entersafe.profile: in feitian profile set + 'local' flag for the User PIN so that Feitian card profile will + reflect the real card initialisation. At the origin there were + problem of signing with Feitian card, noted by Ludovic. + http://www.opensc-project.org/pipermail/opensc-devel/2010-May/014180.html + +2010-05-11 14:40 flc + + * trunk/src/tools/Makefile.am: wetcos-tools: add util.c to compile. + +2010-05-11 14:35 flc + + * trunk/doc/tools/westcos-tool.xml: update westcos-tools + documentation with new options + +2010-05-11 14:34 flc + + * trunk/src/tools/westcos-tool.c: clean some code and use more + opensc standard + +2010-05-11 14:30 flc + + * trunk/src/tools/opensc-explorer.c: --wait option don't need + argument + +2010-05-10 14:35 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-lib.c: replace spaces by tab + +2010-05-10 09:18 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: add TODO comments + +2010-05-07 12:49 flc + + * trunk/src/libopensc/p15emu-westcos.c: westcos pkcs15 emulate + certificat or public key not both + +2010-05-05 09:31 flc + + * trunk/src/libopensc/reader-pcsc.c: Add cardmod pcsc protocol + detection + +2010-05-03 15:44 viktor.tarasov + + * trunk/src/libopensc/card.c: liopensc: fix debug message + +2010-05-01 12:15 viktor.tarasov + + * trunk/src/common/Makefile.mak, trunk/src/libopensc/Makefile.mak, + trunk/src/pkcs11/Makefile.mak, + trunk/src/pkcs15init/Makefile.mak, + trunk/src/pkcs15init/pkcs15-oberthur.h, + trunk/src/scconf/Makefile.mak, trunk/src/tests/Makefile.mak, + trunk/src/tools/Makefile.mak, trunk/src/tools/cardos-tool.c, + trunk/win32/Make.rules.mak, trunk/win32/Makefile.mak: win32: + merge the branches/vtarasov/opensc-sm.trunk update win32 + compilation; Unix style line ending in + src/pkcs15init/pkcs15-oberthur.h; variables declaration issue in + src/tools/cardos-tool.c. + +2010-04-28 09:20 viktor.tarasov + + * trunk/src/tools/pkcs15-init.c: pkcs15-init tool: remove blank + line after PIN was prompted Noted by Martin. + * trunk/configure.ac, trunk/src/tools/util.c: tools: in local + 'getpass' procedure getline() is not used any more Without GNU C + extention 'getline()' the same code of the local 'getpass' + procedure is used for Mac OS and Linux. + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: in + sc_pkcs15init_update_file() take care about file selection + errors Noted by Ludovic. In sc_pkcs15init_update_file() + procedure the file selection errors other then + SC_ERROR_FILE_NOT_FOUND were not treated. + +2010-04-28 09:16 ludovic.rousseau + + * trunk/src/libopensc/pkcs15-sec.c: Change in r4269 is not correct + since sc_pkcs1_strip_02_padding() returns an int and not a + size_t The new code is also simpler + +2010-04-27 13:25 jps + + * trunk/src/libopensc/pkcs15-sec.c: r4208 breaks key unwrap. + pkcs11-tool -tl gives an error and mail can not be anymore + decrypted (tested with Thunderbird). + +2010-04-27 07:30 viktor.tarasov + + * trunk/src/tools/util.c: tools: thanks to Andreas; for win32 'get + password' procedure uses _getch() instead of getchar() + +2010-04-26 12:29 viktor.tarasov + + * trunk/src/tools/pkcs15-tool.c: pkcd15-tool: use local 'getpass' + procedure + * trunk/configure.ac, trunk/src/tools/util.c: tools: thanks to + Ludovic; check for getline() in configure.ac and use + 'HAVE_GETLINE' macro in get password procedure. + +2010-04-24 17:37 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: when updating + certificate and when there are no ACLs in FCI of selected file + use default ACLs from the card profile Some cards do not include + security attributes into the FCI returned by 'SELECT' command. + For such cards, when updating certificate, to authenticate + 'UPDATE' operation use the 'sc_file' with default ACLs + instantiated from the card profile. + +2010-04-21 14:38 jps + + * trunk/src/libopensc/card-cardos.c, trunk/src/libopensc/cards.h, + trunk/src/pkcs15init/pkcs15-cardos.c, + trunk/src/tools/cardos-tool.c: Support for CardOS 4.4 + +2010-04-21 11:57 ludovic.rousseau + + * trunk/src/pkcs11/misc.c: sc_to_cryptoki_error(): check for the + validity of ctx outside of the for loop to make the code more + natural + +2010-04-21 10:51 viktor.tarasov + + * trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/framework-pkcs15init.c, + trunk/src/pkcs11/misc.c, trunk/src/pkcs11/pkcs11-global.c, + trunk/src/pkcs11/pkcs11-object.c, trunk/src/pkcs11/sc-pkcs11.h, + trunk/src/pkcs11/slot.c: pkcs11: make possible context dependent + 'sc' to 'cryptoki' error conversion + +2010-04-20 17:09 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: fix #96: more + details for the load profiles error + +2010-04-20 15:43 viktor.tarasov + + * trunk/src/tools/opensc-tool.c: fix #118: thanks to Andreas: list + algorithms in opensc-tool + +2010-04-20 15:11 viktor.tarasov + + * trunk/src/pkcs11/framework-pkcs15.c: fix 201: thanks to + Christian Hohnstaedt: delete objects in pkcs11 + +2010-04-19 12:13 viktor.tarasov + + * trunk/src/tools/pkcs15-init.c: pkcs15-init tool: with the new + option 'use-default-debug-settings' the debug settings from + opensc.conf are used + +2010-04-19 12:10 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-cflex.c: cflex pkcs15init: use + temporary PINs that satisfy default pin policy + +2010-04-19 08:31 viktor.tarasov + + * trunk/doc/tools/opensc-explorer.xml: doc: little fix of + opensc-explorer.xml + +2010-04-18 16:38 viktor.tarasov + + * trunk/src/libopensc/pkcs15-oberthur.c, + trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: + emulator fix #125: thanks to Thomas Harning: emulator specific + 'clear' handler + +2010-04-18 16:01 viktor.tarasov + + * trunk/src/tools/pkcs15-init.c: pkcs15-init: #101: use PIN + object's label in the PIN prompt + +2010-04-18 14:51 viktor.tarasov + + * trunk/src/libopensc/pkcs15-oberthur.c, + trunk/src/pkcs15init/oberthur.profile, + trunk/src/pkcs15init/pkcs15-oberthur-awp.c, + trunk/src/pkcs15init/pkcs15-oberthur.h: oberthur: add in + emulator and create in pkcs15init the private data object + +2010-04-18 09:45 viktor.tarasov + + * trunk/src/tools/pkcs11-tool.c, trunk/src/tools/pkcs15-init.c: + pkcs15-init tool: use Ctrl-C sensible 'getpass' + +2010-04-18 08:32 viktor.tarasov + + * trunk/src/tools/pkcs11-tool.c: pkcs11-tool: #120: use 'getpass' + sensible to Ctrl-C, thanks to Andreas + +2010-04-18 08:24 pk + + * trunk/src/libopensc/pkcs15-tcos.c: fixed incorrect IDs of + SigG-PINs from 6,7 to 5,6 + +2010-04-18 07:47 viktor.tarasov + + * trunk/src/tools/util.c, trunk/src/tools/util.h: tools: #120: + 'getpass' sensible to Ctrl-C, thanks to Andreas + +2010-04-18 07:30 viktor.tarasov + + * trunk/src/tools/pkcs11-tool.c: pkcs11-tool: useless assignment + +2010-04-17 19:59 viktor.tarasov + + * trunk/src/tools/pkcs11-tool.c: pkcs11-tool: fix #124; thanks to + Thomas Harnings: for the signature tests cannot be used private + key without corresponding public key or certificate + +2010-04-17 19:03 viktor.tarasov + + * trunk/doc/tools/opensc-explorer.xml: doc: update + 'opensc-explorer' documentation + +2010-04-17 18:51 ludovic.rousseau + + * trunk/src/pkcs11/framework-pkcs15.c: set_cka_label(): remove a + possibly invalid memory access See + http://www.opensc-project.org/pipermail/opensc-devel/2010-April/013990.html + +2010-04-16 19:34 viktor.tarasov + + * trunk/src/libopensc/apdu.c: libopensc: fix #209 In APDU consider + Le=0 as Le=256 Thanks to FrankMpunkt, Martin, ludovic. + +2010-04-15 15:37 viktor.tarasov + + * trunk/src/pkcs11/framework-pkcs15.c: pkcs11: Christian + Hohnstaedt's patch: convert CKA_LABEL to the null-terminated + pkcs15 label + +2010-04-14 11:52 viktor.tarasov + + * trunk/src/libopensc/libopensc.exports, + trunk/src/libopensc/log.c, trunk/src/libopensc/log.h: libopensc + for win32: get working logging when compiled with Visual Studio + +2010-04-14 11:41 viktor.tarasov + + * trunk/src/libopensc/card-entersafe.c: libopensc for win32: to be + compiled + +2010-04-14 11:40 viktor.tarasov + + * trunk/src/common/simclist.c: common for win32: to be compiled + +2010-04-14 11:37 viktor.tarasov + + * trunk/src/common/Makefile.mak: common for win32: add simclist + +2010-04-14 11:36 viktor.tarasov + + * trunk/src/libopensc/card-myeid.c, trunk/src/pkcs11/openssl.c, + trunk/src/pkcs15init/pkcs15-setcos.c: pkcs11, libopensc, + pkkcs15init: not use C99 designated initializers + +2010-04-14 11:34 viktor.tarasov + + * trunk/src/pkcs11/Makefile.mak: pkcs11 for win32: add source for + display functions + +2010-04-13 11:30 martin + + * trunk/src/libopensc/card-jcop.c, trunk/src/libopensc/cardctl.h: + JCOP/BlueZ: remove unused code + +2010-04-13 11:29 martin + + * trunk/src/libopensc/card-incrypto34.c: card-incrypto34: Remove + dead code + * trunk/src/tools/Makefile.am, trunk/src/tools/Makefile.mak, + trunk/src/tools/cardos-info, trunk/src/tools/cardos-info.bat: + Remove cardos-info (renamed to cardos-tool in 2008) + * trunk/src/tools/pkcs15-init.c: pkcs15-init: remove dead code + * trunk/src/tools/piv-tool.c: piv-tool: remove dead code. + * trunk/doc/tools/cardos-tool.xml: docs: the correct name is + cardos-tool + * trunk/src/tools/westcos-tool.c: westcos-tool: fix header, the + file is .c not .exe + * trunk/src/tools/cryptoflex-tool.c: cryptoflex-tool: remove dead + code from 2002 + * trunk/src/tools/cryptoflex-tool.c: cryptoflex-tool: remove dead + code. + * trunk/src/tools/netkey-tool.c: netkey-tool: The tool is included + in OpenSC, no need to have a compilation tip in the file header. + * trunk/src/tools/pkcs15-tool.c: pkcs15-tool: fix help text, + reader must no be a number + * trunk/src/tools/cryptoflex-tool.c: cryptoflex-tool: use the code + in util.c to connect to the card. + * trunk/src/tools/pkcs15-crypt.c: pkcs15-crypt: remove useless #if + 1 + * trunk/src/tools/eidenv.c: eidenv: remove a redundant sc_lock + call, already done in util.c + +2010-04-13 11:28 martin + + * trunk/src/tools/pkcs15-tool.c: pkcs15-tool: Remove a redundant + sc_lock/sc_unlock pair + +2010-04-13 09:12 viktor.tarasov + + * trunk/src/libopensc/Makefile.mak: compile for win32: fix + +2010-04-12 13:48 viktor.tarasov + + * trunk/src/libopensc/Makefile.mak: libopensc in win32: no more + ui.h + +2010-04-12 13:42 viktor.tarasov + + * trunk/src/libopensc/Makefile.mak: libopensc in win32: no more + ui.h + +2010-04-12 13:41 viktor.tarasov + + * trunk/src/pkcs15init/Makefile.mak: pkcs15init: no more + 'keycache' sources + +2010-04-12 13:37 viktor.tarasov + + * trunk/src/pkcs15init/Makefile.mak: pkcs15init: no more + 'keycache' sources + +2010-04-12 08:46 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: corrent debug + messages + +2010-04-12 08:44 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: for the newly + generated key object set public key as it's content + +2010-04-11 17:44 viktor.tarasov + + * trunk/src/tools/pkcs11-tool.c: pkcs11-tool: #75: key for + signature can be selected by object_id + +2010-04-02 14:08 ludovic.rousseau + + * trunk/src/libopensc/card-myeid.c: Use explict field names in the + static initialisation to make it more robust to code change Fix + card-myeid.c:44: warning: missing initializer card-myeid.c:44: + warning: (near initialization for ‘myeid_drv.atr_map’) + +2010-04-02 13:57 ludovic.rousseau + + * trunk/src/libopensc/card-entersafe.c: Do not use a type of + possibly different size. Would fail on PowerPC in 64-bits for + example. Fix card-entersafe.c: In function + ‘entersafe_cipher_apdu’: card-entersafe.c:197: warning: passing + argument 3 of ‘EVP_EncryptUpdate’ from incompatible pointer type + card-entersafe.c: In function ‘entersafe_mac_apdu’: + card-entersafe.c:270: warning: passing argument 3 of + ‘EVP_EncryptUpdate’ from incompatible pointer type + card-entersafe.c:278: warning: passing argument 3 of + ‘EVP_EncryptUpdate’ from incompatible pointer type + card-entersafe.c:286: warning: passing argument 3 of + ‘EVP_EncryptUpdate’ from incompatible pointer type + +2010-04-02 13:51 ludovic.rousseau + + * trunk/src/libopensc/reader-pcsc.c: Use (const char *) for static + C-strings Fix reader-pcsc.c: In function ‘pcsc_detect_readers’: + reader-pcsc.c:856: warning: initialization discards qualifiers + from pointer target type reader-pcsc.c:884: warning: + initialization discards qualifiers from pointer target type + reader-pcsc.c:894: warning: initialization discards qualifiers + from pointer target type + +2010-04-02 13:49 ludovic.rousseau + + * trunk/src/libopensc/muscle.c: Rename variables and parameters + Fix muscle.c: In function ‘msc_create_object’: muscle.c:144: + warning: declaration of ‘read’ shadows a global declaration + /usr/include/unistd.h:477: warning: shadowed declaration is here + muscle.c:144: warning: declaration of ‘write’ shadows a global + declaration /usr/include/unistd.h:513: warning: shadowed + declaration is here muscle.c: In function ‘msc_import_key’: + muscle.c:941: warning: declaration of ‘read’ shadows a global + declaration /usr/include/unistd.h:477: warning: shadowed + declaration is here muscle.c:942: warning: declaration of + ‘write’ shadows a global declaration /usr/include/unistd.h:513: + warning: shadowed declaration is here + +2010-04-02 13:45 ludovic.rousseau + + * trunk/src/libopensc/pkcs15-wrap.c: Do not cast a pointer to a + type of possibly different size. Would fail on PowerPC in + 64-bits for example. pkcs15-wrap.c: In function ‘do_cipher’: + pkcs15-wrap.c:152: warning: dereferencing type-punned pointer + will break strict-aliasing rules pkcs15-wrap.c:159: warning: + dereferencing type-punned pointer will break strict-aliasing + rules + +2010-04-02 13:33 ludovic.rousseau + + * trunk/src/libopensc/pkcs15-sec.c: Do not cast a pointer to a + type of possibly different size. Would fail on PowerPC in + 64-bits for example. pkcs15-sec.c: In function + ‘sc_pkcs15_decipher’: pkcs15-sec.c:136: warning: dereferencing + type-punned pointer will break strict-aliasing rules + +2010-04-02 13:12 ludovic.rousseau + + * trunk/src/libopensc/asn1.c: Remove 2 ugly casts and fix warnings + asn1.c: In function ‘asn1_decode_entry’: asn1.c:979: warning: + dereferencing type-punned pointer will break strict-aliasing + rules asn1.c: In function ‘asn1_encode_entry’: asn1.c:1263: + warning: dereferencing type-punned pointer will break + strict-aliasing rules + +2010-04-02 13:11 martin + + * trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-tool.c: + Revert r4191 "Fix logic in pkcs15-tool/pkcs15-init -v" This + reverts commit a61f61929647ed70f0258b2bcf1657fc5fef0fe1. + +2010-04-02 12:23 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-oberthur-awp.c: Fix + pkcs15-oberthur-awp.c: In function ‘awp_encode_data_info’: + pkcs15-oberthur-awp.c:1211: warning: implicit declaration of + function ‘sc_asn1_encode_object_id’ + +2010-04-02 12:21 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-oberthur-awp.c: Rename variable rand + in rand_buf pkcs15-oberthur-awp.c: In function + ‘awp_new_container_entry’: pkcs15-oberthur-awp.c:241: warning: + declaration of ‘rand’ shadows a global declaration + /usr/include/stdlib.h:176: warning: shadowed declaration is here + +2010-04-02 12:19 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-oberthur.c: Use size_t instead of + int to fix a compiler warning pkcs15-oberthur.c: In function + ‘cosm_write_tokeninfo’: pkcs15-oberthur.c:100: warning: + comparison between signed and unsigned + +2010-04-02 12:15 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-myeid.c: Use size_t instead of int + to fix a compiler warning pkcs15-myeid.c: In function + ‘myeid_generate_key’: pkcs15-myeid.c:687: warning: comparison + between signed and unsigned + +2010-04-02 12:13 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-myeid.c: Fix pkcs15-myeid.c: In + function ‘myeid_new_file’: pkcs15-myeid.c:321: warning: + assignment discards qualifiers from pointer target type + pkcs15-myeid.c:323: warning: assignment discards qualifiers from + pointer target type pkcs15-myeid.c:325: warning: assignment + discards qualifiers from pointer target type pkcs15-myeid.c:327: + warning: assignment discards qualifiers from pointer target type + +2010-04-02 12:12 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-entersafe.c: Fix + pkcs15-entersafe.c:200: warning: initialization discards + qualifiers from pointer target type pkcs15-entersafe.c:201: + warning: initialization discards qualifiers from pointer target + type pkcs15-entersafe.c:202: warning: initialization discards + qualifiers from pointer target type pkcs15-entersafe.c:203: + warning: initialization discards qualifiers from pointer target + type pkcs15-entersafe.c:204: warning: initialization discards + qualifiers from pointer target type pkcs15-entersafe.c:205: + warning: initialization discards qualifiers from pointer target + type pkcs15-entersafe.c:206: warning: initialization discards + qualifiers from pointer target type pkcs15-entersafe.c:207: + warning: initialization discards qualifiers from pointer target + type + +2010-04-02 12:10 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-setcos.c: setcos_generate_key(): use + size_t instead of int to fix a compiler warning + pkcs15-setcos.c:488: warning: comparison between signed and + unsigned + +2010-04-02 12:05 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-setcos.c: Use explict field names in + the static initialisation to make it more robust to code change + pkcs15-setcos.c:588: warning: missing initializer + pkcs15-setcos.c:588: warning: (near initialization for + ‘sc_pkcs15init_setcos_operations.emu_update_dir’) + +2010-04-02 11:58 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-setcos.c: declare a variable (const + char *) to fix compiler warnings pkcs15-setcos.c: In function + ‘setcos_new_file’: pkcs15-setcos.c:263: warning: assignment + discards qualifiers from pointer target type + pkcs15-setcos.c:265: warning: assignment discards qualifiers + from pointer target type pkcs15-setcos.c:267: warning: + assignment discards qualifiers from pointer target type + pkcs15-setcos.c:269: warning: assignment discards qualifiers + from pointer target type + +2010-04-02 11:55 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-lib.c: use (const char *) as return + type to avoid compilation warnings: pkcs15-lib.c: In function + ‘get_template_name_from_object’: pkcs15-lib.c:2152: warning: + return discards qualifiers from pointer target type + pkcs15-lib.c:2154: warning: return discards qualifiers from + pointer target type pkcs15-lib.c:2156: warning: return discards + qualifiers from pointer target type pkcs15-lib.c:2159: warning: + return discards qualifiers from pointer target type + pkcs15-lib.c:2161: warning: return discards qualifiers from + pointer target type pkcs15-lib.c: In function + ‘get_pin_ident_name’: pkcs15-lib.c:2815: warning: return + discards qualifiers from pointer target type pkcs15-lib.c:2817: + warning: return discards qualifiers from pointer target type + pkcs15-lib.c:2819: warning: return discards qualifiers from + pointer target type pkcs15-lib.c:2823: warning: return discards + qualifiers from pointer target type pkcs15-lib.c:2825: warning: + return discards qualifiers from pointer target type + pkcs15-lib.c:2827: warning: return discards qualifiers from + pointer target type pkcs15-lib.c:2829: warning: return discards + qualifiers from pointer target type pkcs15-lib.c:2832: warning: + return discards qualifiers from pointer target type + +2010-04-02 11:43 ludovic.rousseau + + * trunk/src/pkcs11/openssl.c: use explict field names in the + static initialisation to make it more robust to code change + +2010-04-01 14:37 martin + + * trunk/src/pkcs11/pkcs11-session.c: Fix a line ordering error. + Thanks to Roland Schwarz + +2010-04-01 14:16 martin + + * trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/tools/pkcs15-init.c: Fix #198: set correct access + flags to private keys + * trunk/src/tools/pkcs15-init.c: Don't use sc_debug in + src/tools/*, use fprintf(stderr) instead. + +2010-04-01 13:44 martin + + * trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-tool.c: + Fix logic in pkcs15-tool/pkcs15-init -v Only override ctx->debug + if -v given. + +2010-04-01 11:21 ludovic.rousseau + + * trunk/src/tools/cardos-tool.c: Use an argument to + cardos_format() Thanks to Andreas Jellinghaus for the patch + http://www.opensc-project.org/pipermail/opensc-devel/2010-March/013849.html + +2010-04-01 10:14 martin + + * trunk/src/tools/pkcs15-init.c: Remove leftover from r4113, allow + easy side-by-side comparison + +2010-03-31 12:41 viktor.tarasov + + * trunk/src/pkcs15init/muscle.profile: muscle profile: keep + default ACLs for the 'DIR' file + +2010-03-30 06:35 alonbl + + * trunk/src/pkcs11/Makefile.am: Fix r4182, LIBS must never go into + LDFLAGS + +2010-03-29 14:34 ludovic.rousseau + + * trunk/src/pkcs11/openssl.c: Use the correct integer type. Fix + openssl.c:182: warning: passing argument 3 of ‘EVP_DigestFinal’ + from incompatible pointer type + +2010-03-29 14:30 ludovic.rousseau + + * trunk/src/pkcs11/openssl.c: Add missing (optional) initializer + Fix openssl.c:42: warning: missing initializer openssl.c:42: + warning: (near initialization for ‘openssl_sha1_mech.sign_init’) + openssl.c:53: warning: missing initializer openssl.c:53: + warning: (near initialization for + ‘openssl_sha256_mech.sign_init’) openssl.c:63: warning: missing + initializer openssl.c:63: warning: (near initialization for + ‘openssl_sha384_mech.sign_init’) openssl.c:73: warning: missing + initializer openssl.c:73: warning: (near initialization for + ‘openssl_sha512_mech.sign_init’) openssl.c:96: warning: missing + initializer openssl.c:96: warning: (near initialization for + ‘openssl_md5_mech.sign_init’) openssl.c:106: warning: missing + initializer openssl.c:106: warning: (near initialization for + ‘openssl_ripemd160_mech.sign_init’) + +2010-03-29 14:19 ludovic.rousseau + + * trunk/src/pkcs11/pkcs11-display.c: Use a temporary pointer to + avoid a pointer cast. Fix pkcs11-display.c:137: warning: + dereferencing type-punned pointer will break strict-aliasing + rules + +2010-03-29 14:10 ludovic.rousseau + + * trunk/src/tools/pkcs15-crypt.c: Do not cast a pointer to a type + of possibly different size. Would fail on PowerPC in 64-bits for + example. pkcs15-crypt.c: In function ‘sign_ext’: + pkcs15-crypt.c:293: warning: dereferencing type-punned pointer + will break strict-aliasing rules pkcs15-crypt.c:299: warning: + dereferencing type-punned pointer will break strict-aliasing + rules + +2010-03-29 13:30 ludovic.rousseau + + * trunk/src/pkcs11/Makefile.am: Link libpkcs11 to $(LTLIB_LIBS) + since the lib uses ld_dlopen(), etc. Fix a compilation error for + src/tools/pkcs11-tool: /usr/bin/ld: + ../../src/pkcs11/.libs/libpkcs11.a(libpkcs11.o): in function + C_UnloadModule:libpkcs11.c:78: error: undefined reference to + `lt_dlclose' /usr/bin/ld: + ../../src/pkcs11/.libs/libpkcs11.a(libpkcs11.o): in function + C_LoadModule:libpkcs11.c:36: error: undefined reference to + `lt_dlinit' /usr/bin/ld: + ../../src/pkcs11/.libs/libpkcs11.a(libpkcs11.o): in function + C_LoadModule:libpkcs11.c:43: error: undefined reference to + `lt_dlopen' /usr/bin/ld: + ../../src/pkcs11/.libs/libpkcs11.a(libpkcs11.o): in function + C_LoadModule:libpkcs11.c:52: error: undefined reference to + `lt_dlsym' + +2010-03-29 12:55 ludovic.rousseau + + * trunk/src/tools/cardos-tool.c: Use the correct type + (const_DES_cblock *) instead of (const_DES_cblock) for + DES_ecb_encrypt() input and output parameters. I have no idea + how it could have worked. Fix cardos-tool.c: In function + ‘cardos_sm4h’: cardos-tool.c:421: warning: passing argument 1 of + ‘DES_ecb_encrypt’ from incompatible pointer type + cardos-tool.c:421: warning: passing argument 2 of + ‘DES_ecb_encrypt’ from incompatible pointer type + cardos-tool.c:426: warning: passing argument 1 of + ‘DES_ecb_encrypt’ from incompatible pointer type + cardos-tool.c:426: warning: passing argument 2 of + ‘DES_ecb_encrypt’ from incompatible pointer type + cardos-tool.c:432: warning: passing argument 1 of + ‘DES_ecb_encrypt’ from incompatible pointer type + cardos-tool.c:432: warning: passing argument 2 of + ‘DES_ecb_encrypt’ from incompatible pointer type + cardos-tool.c:434: warning: passing argument 1 of + ‘DES_ecb_encrypt’ from incompatible pointer type + cardos-tool.c:434: warning: passing argument 2 of + ‘DES_ecb_encrypt’ from incompatible pointer type + cardos-tool.c:472: warning: passing argument 1 of + ‘DES_ecb3_encrypt’ from incompatible pointer type + cardos-tool.c:472: warning: passing argument 2 of + ‘DES_ecb3_encrypt’ from incompatible pointer type + cardos-tool.c:483: warning: passing argument 1 of + ‘DES_ecb3_encrypt’ from incompatible pointer type + cardos-tool.c:483: warning: passing argument 2 of + ‘DES_ecb3_encrypt’ from incompatible pointer type + +2010-03-29 08:23 ludovic.rousseau + + * trunk/src/tools/util.c: Rename parameter wait in do_wait + util.c:11: warning: declaration of ‘wait’ shadows a global + declaration /usr/include/sys/wait.h:255: warning: shadowed + declaration is here + +2010-03-29 08:20 ludovic.rousseau + + * trunk/src/tools/util.c, trunk/src/tools/util.h: use a (const + char *) for the reader_id and fix 2 warnings + opensc-explorer.c:1606: warning: passing argument 3 of + ‘util_connect_card’ discards qualifiers from pointer target type + rutoken-tool.c:492: warning: passing argument 3 of + ‘util_connect_card’ discards qualifiers from pointer target type + +2010-03-29 08:13 ludovic.rousseau + + * trunk/src/tools/piv-tool.c: Fix piv-tool.c: In function + ‘load_object’: piv-tool.c:130: warning: implicit declaration of + function ‘sc_asn1_find_tag’ piv-tool.c:130: warning: nested + extern declaration of ‘sc_asn1_find_tag’ piv-tool.c:130: + warning: cast from function call of type ‘int’ to non-matching + type ‘u8 *’ piv-tool.c:130: warning: cast to pointer from + integer of different size + +2010-03-29 08:11 ludovic.rousseau + + * trunk/src/tools/piv-tool.c: Fix piv-tool.c:216: warning: suggest + parentheses around comparison in operand of | + +2010-03-28 21:02 ludovic.rousseau + + * trunk/src/libopensc/ctx.c: Use a "const char *" to store a const + C-string ptr. Fix a lot (31) of warning: initialization discards + qualifiers from pointer target type Also cast from now (const + char *) to (void *) for free() + +2010-03-28 21:00 ludovic.rousseau + + * trunk/src/libopensc/card.c, trunk/src/libopensc/internal.h: Use + a "const char *" to store a const C-string ptr. Fix a lot (162) + of warning: initialization discards qualifiers from pointer + target type Also cast from now (const char *) to (void *) for + free() + +2010-03-28 20:40 ludovic.rousseau + + * trunk/src/tools/pkcs11-tool.c: Do not cast to a possibly + different type size. Would fail on PowerPC in 64-bits for + example. Fix pkcs11-tool.c:2954: warning: dereferencing + type-punned pointer will break strict-aliasing rules + +2010-03-28 20:30 ludovic.rousseau + + * trunk/src/tools/pkcs11-tool.c: Use a "const char *" to store a + const C-string ptr. Fix pkcs11-tool.c:1899: warning: assignment + discards qualifiers from pointer target type pkcs11-tool.c:1902: + warning: assignment discards qualifiers from pointer target type + pkcs11-tool.c:1906: warning: assignment discards qualifiers from + pointer target type pkcs11-tool.c:1910: warning: assignment + discards qualifiers from pointer target type pkcs11-tool.c:1914: + warning: assignment discards qualifiers from pointer target type + pkcs11-tool.c:1918: warning: assignment discards qualifiers from + pointer target type pkcs11-tool.c:1922: warning: assignment + discards qualifiers from pointer target type + +2010-03-28 20:16 ludovic.rousseau + + * trunk/src/pkcs11/framework-pkcs15init.c: Fix + framework-pkcs15init.c:175: warning: initialization from + incompatible pointer type + +2010-03-28 20:09 ludovic.rousseau + + * trunk/src/pkcs11/slot.c: Fix slot.c:151: warning: ‘p11card’ may + be used uninitialized in this function + +2010-03-28 20:08 ludovic.rousseau + + * trunk/src/pkcs11/slot.c: Fix slot.c:234: warning: function + declaration isn’t a prototype + +2010-03-28 20:06 ludovic.rousseau + + * trunk/src/pkcs11/sc-pkcs11.h: Fix sc-pkcs11.h:328: warning: + function declaration isn’t a prototype + +2010-03-28 19:57 ludovic.rousseau + + * trunk/src/tools/westcos-tool.c: Use a "const char *" to store a + const C-string ptr. Fix westcos-tool.c:41: warning: + initialization discards qualifiers from pointer target type + westcos-tool.c:43: warning: initialization discards qualifiers + from pointer target type + +2010-03-28 19:55 ludovic.rousseau + + * trunk/src/tools/netkey-tool.c: Use a "const char *" to store a + const C-string ptr. Fix netkey-tool.c:43: warning: + initialization discards qualifiers from pointer target type + netkey-tool.c:63: warning: initialization discards qualifiers + from pointer target type + +2010-03-28 16:15 ludovic.rousseau + + * trunk/src/tools/westcos-tool.c: Use a temporary variable to not + lose negative values (errors) Fix westcos-tool.c:591: warning: + comparison of unsigned expression < 0 is always false + westcos-tool.c:615: warning: comparison of unsigned expression < + 0 is always false + +2010-03-28 15:04 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-westcos.c: + westcos_pkcs15_create_pin(): use a temporary variable to not + lose negative values (errors) Fix pkcs15-westcos.c:135: warning: + comparison of unsigned expression < 0 is always false + pkcs15-westcos.c:159: warning: comparison of unsigned expression + < 0 is always false + +2010-03-28 14:18 ludovic.rousseau + + * trunk/src/scconf/parse.c: Remove useless key argument from + scconf_item_find() Fix parse.c: In function ‘scconf_item_find’: + parse.c:80: warning: unused parameter ‘key’ + +2010-03-28 14:13 ludovic.rousseau + + * trunk/src/scconf/parse.c, trunk/src/scconf/test-conf.c: revert + changes 4154 and 4155 as suggested by Martin Paljak + http://www.opensc-project.org/pipermail/opensc-devel/2010-March/013827.html + +2010-03-28 12:01 ludovic.rousseau + + * trunk/src/libopensc/card-piv.c: Use a "const char *" to store a + const C-string ptr. Fix card-piv.c: In function ‘piv_get_data’: + card-piv.c:612: warning: assignment discards qualifiers from + pointer target type card-piv.c:615: warning: assignment discards + qualifiers from pointer target type card-piv.c:618: warning: + assignment discards qualifiers from pointer target type + card-piv.c:621: warning: assignment discards qualifiers from + pointer target type + +2010-03-28 11:53 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-oberthur-awp.c: Use a "const char *" + to store a const C-string ptr. Fix pkcs15-oberthur-awp.c:97: + warning: assignment discards qualifiers from pointer target type + pkcs15-oberthur-awp.c:98: warning: assignment discards + qualifiers from pointer target type pkcs15-oberthur-awp.c:99: + warning: assignment discards qualifiers from pointer target type + [etc...] + +2010-03-28 11:50 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-oberthur.c: Fix pkcs15-oberthur.c: + In function ‘cosm_write_tokeninfo’: pkcs15-oberthur.c:94: + warning: format not a string literal and no format arguments + pkcs15-oberthur.c:96: warning: format not a string literal and + no format arguments + +2010-03-28 11:46 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-oberthur.c: Fix + pkcs15-oberthur.c:61: warning: redundant redeclaration of + ‘cosm_delete_file’ pkcs15-oberthur.h:93: warning: previous + declaration of ‘cosm_delete_file’ was here + +2010-03-28 11:44 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-westcos.c: Fix pkcs15-westcos.c:41: + warning: redundant redeclaration of ‘sc_check_sw’ + ../../src/libopensc/opensc.h:674: warning: previous declaration + of ‘sc_check_sw’ was here + +2010-03-28 11:43 ludovic.rousseau + + * trunk/src/libopensc/card-piv.c, + trunk/src/libopensc/card-westcos.c, + trunk/src/pkcs15init/pkcs15-westcos.c, + trunk/src/tools/pkcs11-tool.c, trunk/src/tools/pkcs15-init.c: + Remove unused variables. Fix warning: unused variable + +2010-03-28 11:37 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-asepcos.c, + trunk/src/pkcs15init/pkcs15-cardos.c, + trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-entersafe.c, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-incrypto34.c, + trunk/src/pkcs15init/pkcs15-jcop.c, + trunk/src/pkcs15init/pkcs15-miocos.c, + trunk/src/pkcs15init/pkcs15-muscle.c, + trunk/src/pkcs15init/pkcs15-myeid.c, + trunk/src/pkcs15init/pkcs15-rtecp.c, + trunk/src/pkcs15init/pkcs15-rutoken.c, + trunk/src/pkcs15init/pkcs15-starcos.c, + trunk/src/pkcs15init/pkcs15-westcos.c: Fix warning: missing + initializer + +2010-03-28 11:25 ludovic.rousseau + + * trunk/src/scconf/parse.c: Fix parse.c: In function + ‘scconf_item_find’: parse.c:80: warning: unused parameter ‘key’ + +2010-03-28 11:24 ludovic.rousseau + + * trunk/src/scconf/test-conf.c: Fix test-conf.c: In function + ‘ldap_cb’: test-conf.c:32: warning: unused parameter ‘depth’ + test-conf.c: In function ‘card_cb’: test-conf.c:60: warning: + unused parameter ‘entry’ test-conf.c:60: warning: unused + parameter ‘depth’ test-conf.c: In function ‘write_cb’: + test-conf.c:81: warning: unused parameter ‘depth’ + +2010-03-28 11:22 ludovic.rousseau + + * trunk/src/common/simclist.c: Fix simclist.c: In function + ‘list_meter_int8_t’: simclist.c:1337: warning: unused parameter + ‘el’ simclist.c: In function ‘list_meter_int16_t’: + simclist.c:1338: warning: unused parameter ‘el’ simclist.c: In + function ‘list_meter_int32_t’: simclist.c:1339: warning: unused + parameter ‘el’ simclist.c: In function ‘list_meter_int64_t’: + simclist.c:1340: warning: unused parameter ‘el’ simclist.c: In + function ‘list_meter_uint8_t’: simclist.c:1342: warning: unused + parameter ‘el’ simclist.c: In function ‘list_meter_uint16_t’: + simclist.c:1343: warning: unused parameter ‘el’ simclist.c: In + function ‘list_meter_uint32_t’: simclist.c:1344: warning: unused + parameter ‘el’ simclist.c: In function ‘list_meter_uint64_t’: + simclist.c:1345: warning: unused parameter ‘el’ simclist.c: In + function ‘list_meter_float’: simclist.c:1347: warning: unused + parameter ‘el’ simclist.c: In function ‘list_meter_double’: + simclist.c:1348: warning: unused parameter ‘el’ + +2010-03-28 09:45 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-lib.c: Fix pkcs15-lib.c:799: + warning: no previous prototype for ‘sc_pkcs15init_store_puk’ + pkcs15-lib.c:2814: warning: no previous prototype for + ‘get_pin_ident_name’ + +2010-03-28 09:44 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-oberthur-awp.c: Fix + pkcs15-oberthur-awp.c:729: warning: no previous prototype for + ‘awp_update_object_list’ + +2010-03-28 09:43 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-oberthur-awp.c: Fix + pkcs15-oberthur-awp.c:1246: warning: no previous prototype for + ‘awp_set_data_info’ + +2010-03-28 09:41 ludovic.rousseau + + * trunk/src/libopensc/pkcs15.h: Fix pkcs15-pubkey.c:445: warning: + no previous prototype for ‘sc_pkcs15_decode_pubkey_gostr3410’ + pkcs15-pubkey.c:462: warning: no previous prototype for + ‘sc_pkcs15_encode_pubkey_gostr3410’ + +2010-03-28 08:41 ludovic.rousseau + + * trunk/src/libopensc/pkcs15-esinit.c: Fix pkcs15-esinit.c:77: + warning: no previous prototype for + ‘sc_pkcs15emu_entersafe_init_ex’ + +2010-03-28 08:40 ludovic.rousseau + + * trunk/src/libopensc/p15emu-westcos.c: Fix p15emu-westcos.c:248: + warning: no previous prototype for ‘sc_pkcs15emu_westcos_init_ex’ + +2010-03-28 08:33 ludovic.rousseau + + * trunk/src/tools/westcos-tool.c: Fix westcos-tool.c:322: warning: + no previous prototype for ‘usage’ + +2010-03-23 10:03 viktor.tarasov + + * trunk/src/pkcs15init/Makefile.mak: oberthur pkcs15init: sorry, + fix + +2010-03-23 10:02 viktor.tarasov + + * trunk/src/pkcs15init/Makefile.am, + trunk/src/pkcs15init/Makefile.mak: oberthur pkcs15init: + non-install header; join pkcs15-oberthur-awp.obj to object list + for win32 + +2010-03-22 14:17 viktor.tarasov + + * trunk/src/pkcs15init/oberthur.profile, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-oberthur-awp.c, + trunk/src/pkcs15init/pkcs15-oberthur.h: oberthur pkcs15init: + support for creation of the 'public' DATA objects + +2010-03-22 14:14 viktor.tarasov + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/asn1.h, + trunk/src/libopensc/libopensc.exports, + trunk/src/libopensc/pkcs15-oberthur.c: libopensc: export + 'sc_asn1_encode_object_id' + +2010-03-19 09:41 viktor.tarasov + + * trunk/doc/tools/pkcs15-init.xml: doc: in pkcs15-init.xml add + usage case for '--verify-pin' option + +2010-03-19 09:19 viktor.tarasov + + * trunk/doc/tools/pkcs15-tool.xml: man: in pkcs15-tool man page + add 'list-data', 'read-data' actions and update 'list' private + objects + +2010-03-18 17:51 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-oberthur-awp.c: oberthur pkcs15init: + use macro for debug level + +2010-03-18 17:21 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-oberthur.h: oberthur: forgotten + header file + +2010-03-18 12:30 viktor.tarasov + + * trunk/src/libopensc/pkcs15-oberthur.c, + trunk/src/pkcs15init/Makefile.am, + trunk/src/pkcs15init/pkcs15-oberthur-awp.c, + trunk/src/pkcs15init/pkcs15-oberthur.c: oberthur: pkcs15init + emulator Now the native Oberthur card format is supported for + emulation of pkcs15 and pkcs15init. It means that card + personalized with OpenSC and the obejcts created with OpenSC + will be usable with the native Oberthur's middleware and + vice-versa. + +2010-03-18 10:49 viktor.tarasov + + * trunk/src/tools/pkcs11-tool.c: pkcs11-tool: to be compiled + without OpenSSL + +2010-03-18 10:25 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: free cert object + if 'link object' failed + +2010-03-18 10:15 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: use encoded + public key as the 'content' of private and public key pkcs15 + objects + +2010-03-18 09:49 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-init.h: pkcs15init: in pkcs15-init.h + don't use parameters name in the function declarations + +2010-03-18 09:46 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-init.h: pkcs15init: fix pkcs15-init.h + +2010-03-18 09:39 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-init.h: pkcs15init: in + pkcs15-init.h, for the function prototypes, homogenize using + 'struct *' vs. '*_t'; do not use paramters name + +2010-03-18 09:27 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: pkcs15 card flags + Set 'TOKEN INITIALIZED' after an application has been added, set + 'USER PIN INITIALIZED' and 'LOGIN REQUIRED' after User PIN + object has been created. + +2010-03-18 09:20 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init emulation: use + emu_update_tokeninfo() if available + +2010-03-18 09:10 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/tools/pkcs15-init.c: pkcs15init: emulation API Four + method are added to the 'sc_pkcs15init_operations': + emu_update_dir -- create or not the DIR file; emu_update_any_df + -- update the non-pkcs15 descriptors that are equivalents to + pkcs15 xDF files; emu_update_tokeninfo -- update analog of + tokenInfo; emu_write_info -- to not create OPENSC-INFO file; + +2010-03-17 18:24 viktor.tarasov + + * trunk/src/tools/pkcs15-tool.c: pkcs15-tool: 'verify-pin' is not + an action + +2010-03-17 18:16 viktor.tarasov + + * trunk/src/tools/pkcs15-init.c: pkcs15-init tool: make possible + pin verification immidiately after card was binded It's + implemented for the card with emulated pkcs#15 and protected + private object attributes. Update to man pages is comming soon. + +2010-03-17 16:45 viktor.tarasov + + * trunk/src/pkcs15init/oberthur.profile: oberthur: in profile do + not use 'combined' pins in ACLs + +2010-03-17 16:40 viktor.tarasov + + * trunk/src/pkcs15init/oberthur.profile: oberthur: in card profile + set 'do-last-update' to 'false' + +2010-03-17 16:26 viktor.tarasov + + * trunk/src/libopensc/libopensc.exports, + trunk/src/pkcs15init/pkcs15-cardos.c, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: simplify internal + API ; do not pad PIN in pkcs15init. It's already done in + libopensc/pkcs15-pin; ; the 'do_verify_pin()', + 'sc_pkcs15init_verify_key()' and 'do_get_and_verify_secret()' + are replaced by unique 'sc_pkcs15init_verify_secret()'; edit + debug messages; + +2010-03-16 14:59 aj + + * trunk/src/tools/pkcs11-tool.c: don't complain about missing + "--slot" parameter, when you don't need it (if you only + "--list-slots"). + +2010-03-16 14:11 aj + + * trunk/src/tools/pkcs11-tool.c: Add code to write pubkey objects + to pkcs11-tool. By: Jaroslav Benkovsk + Slightly modified by me. + +2010-03-16 13:51 aj + + * trunk/NEWS, trunk/configure.ac: Start documenting changes and + increse libary version (we are no longer compatible with 0.11.* + line). + +2010-03-15 17:58 viktor.tarasov + + * trunk/src/tools/pkcs15-tool.c: fix #202: pkcs15-tool: print + message when there is PIN verify error + +2010-03-15 12:17 aj + + * trunk/src/cardmod/cardmod.c, trunk/src/libopensc/apdu.c, + trunk/src/libopensc/asn1.c, trunk/src/libopensc/card-acos5.c, + trunk/src/libopensc/card-akis.c, + trunk/src/libopensc/card-asepcos.c, + trunk/src/libopensc/card-atrust-acos.c, + trunk/src/libopensc/card-belpic.c, + trunk/src/libopensc/card-cardos.c, + trunk/src/libopensc/card-default.c, + trunk/src/libopensc/card-entersafe.c, + trunk/src/libopensc/card-flex.c, + trunk/src/libopensc/card-gemsafeV1.c, + trunk/src/libopensc/card-gpk.c, trunk/src/libopensc/card-ias.c, + trunk/src/libopensc/card-incrypto34.c, + trunk/src/libopensc/card-jcop.c, + trunk/src/libopensc/card-mcrd.c, + trunk/src/libopensc/card-miocos.c, + trunk/src/libopensc/card-muscle.c, + trunk/src/libopensc/card-myeid.c, + trunk/src/libopensc/card-oberthur.c, + trunk/src/libopensc/card-openpgp.c, + trunk/src/libopensc/card-piv.c, + trunk/src/libopensc/card-rtecp.c, + trunk/src/libopensc/card-rutoken.c, + trunk/src/libopensc/card-setcos.c, + trunk/src/libopensc/card-starcos.c, + trunk/src/libopensc/card-tcos.c, + trunk/src/libopensc/card-westcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/ctbcs.c, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/dir.c, trunk/src/libopensc/internal.h, + trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/libopensc.exports, + trunk/src/libopensc/log.c, trunk/src/libopensc/log.h, + trunk/src/libopensc/muscle.c, + trunk/src/libopensc/p15card-helper.c, + trunk/src/libopensc/p15emu-westcos.c, + trunk/src/libopensc/padding.c, + trunk/src/libopensc/pkcs15-algo.c, + trunk/src/libopensc/pkcs15-cache.c, + trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-data.c, + trunk/src/libopensc/pkcs15-esinit.c, + trunk/src/libopensc/pkcs15-esteid.c, + trunk/src/libopensc/pkcs15-gemsafeGPK.c, + trunk/src/libopensc/pkcs15-gemsafeV1.c, + trunk/src/libopensc/pkcs15-infocamere.c, + trunk/src/libopensc/pkcs15-oberthur.c, + trunk/src/libopensc/pkcs15-openpgp.c, + trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15-piv.c, + trunk/src/libopensc/pkcs15-postecert.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-pteid.c, + trunk/src/libopensc/pkcs15-pubkey.c, + trunk/src/libopensc/pkcs15-sec.c, + trunk/src/libopensc/pkcs15-syn.c, + trunk/src/libopensc/pkcs15-tccardos.c, + trunk/src/libopensc/pkcs15-tcos.c, + trunk/src/libopensc/pkcs15-wrap.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/reader-ctapi.c, + trunk/src/libopensc/reader-openct.c, + trunk/src/libopensc/reader-pcsc.c, trunk/src/libopensc/sc.c, + trunk/src/libopensc/sec.c, trunk/src/pkcs11/debug.c, + trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/misc.c, + trunk/src/pkcs11/openssl.c, trunk/src/pkcs11/pkcs11-global.c, + trunk/src/pkcs11/pkcs11-object.c, + trunk/src/pkcs11/pkcs11-session.c, trunk/src/pkcs11/sc-pkcs11.h, + trunk/src/pkcs11/slot.c, trunk/src/pkcs15init/pkcs15-asepcos.c, + trunk/src/pkcs15init/pkcs15-cardos.c, + trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-entersafe.c, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-incrypto34.c, + trunk/src/pkcs15init/pkcs15-jcop.c, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-miocos.c, + trunk/src/pkcs15init/pkcs15-muscle.c, + trunk/src/pkcs15init/pkcs15-myeid.c, + trunk/src/pkcs15init/pkcs15-oberthur.c, + trunk/src/pkcs15init/pkcs15-rtecp.c, + trunk/src/pkcs15init/pkcs15-rutoken.c, + trunk/src/pkcs15init/pkcs15-setcos.c, + trunk/src/pkcs15init/pkcs15-starcos.c, + trunk/src/pkcs15init/profile.c, + trunk/src/tools/cryptoflex-tool.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/piv-tool.c, + trunk/src/tools/pkcs15-crypt.c, trunk/src/tools/pkcs15-init.c, + trunk/src/tools/pkcs15-tool.c, trunk/src/tools/rutoken-tool.c, + trunk/src/tools/westcos-tool.c: cleanup of the debug code: * + reduce to a few, supported functions. * change all functions to + take the debug level as parameter. * use symbolic names for the + debug levels. * fix tools to pass "verbose"/"opt_debug" as + ctx->debug. + +2010-03-15 10:34 aj + + * trunk/src/tools/pkcs15-crypt.c, trunk/src/tools/pkcs15-init.c, + trunk/src/tools/pkcs15-tool.c: On blank, but otherwise perfectly + supported card, we get an error here (with "Unsupported card"). + This needs to be improved. This patch changes the + "initialization" to "binding", so we at least can tell people: + you need to initialized an empty card first. Needs to be + improved of course. + +2010-03-15 08:36 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: fix second part of #199: + pkcs15init: when freeing pkcs15 object remove it from list + +2010-03-15 07:23 flc + + * trunk/src/libopensc/libopensc.exports: clean libopensc.exports + (2 functions removed) + +2010-03-13 23:35 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: fix #199: to authenticate + 'update' in sc_pkcs15init_update_file() use the file + instantiated from profile, rather then selected one This bug + concerned the card drivers for which the file ACLs cannot be + obtained from the FCI of the selected file. + +2010-03-13 22:52 aj + + * trunk/etc/opensc.conf.in, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/pkcs15.h, + trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs15init/pkcs15-cardos.c, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/tests/regression/README, + trunk/src/tests/regression/functions, + trunk/src/tests/regression/init0001, + trunk/src/tests/regression/init0002, + trunk/src/tests/regression/init0005, + trunk/src/tests/regression/init0007, + trunk/src/tests/regression/init0008, + trunk/src/tests/regression/init0012, + trunk/src/tools/pkcs15-init.c: remove "split-key" option and + emulat sign for sign,decrypt keys with padding and decrypt() for + cardos. + +2010-03-13 22:47 aj + + * trunk/src/tools/pkcs15-tool.c: Redirect output to file given by + "--output" / "-o" option. Closes bug #200. + +2010-03-13 22:26 aj + + * trunk/src/tools/Makefile.am: compile tools with PTHREAD so we + can debug them in GDB. + +2010-03-13 19:54 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: + sc_pkcs15_add_df() has no more 'handler' parameter + +2010-03-13 19:48 viktor.tarasov + + * trunk/src/libopensc/pkcs15-gemsafeV1.c, + trunk/src/libopensc/pkcs15-oberthur.c, + trunk/src/libopensc/pkcs15-syn.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/pkcs15.h: libopensc emu: more general + implementation of the postponed DF parsing In previous version + the card specific 'parse_df' handler was a part of + 'sc_pkcs15_df'. Now the placehold ('sc_pkcs15_operations') + created for the all card emulator specific operations . + +2010-03-11 13:29 viktor.tarasov + + * trunk/src/libopensc/pkcs15-oberthur.c: oberthur emu: create + pkcs15 object for SOPIN; accept non-initialized token; use + 'define' macros for the native file paths + +2010-03-11 13:00 viktor.tarasov + + * trunk/src/tools/pkcs15-tool.c: pkcs15-tool: 'pkcs15_pin_info' + parameter replaced by 'pkcs15_object' + +2010-03-11 11:23 martin + + * trunk/src/tools/pkcs15-init.c: pkcs15-init: sign key usage + shortcut does not expand to non-repudiation. + +2010-03-11 06:41 flc + + * trunk/src/libopensc/card-westcos.c: westcos card small fix + +2010-03-10 15:03 viktor.tarasov + + * trunk/src/pkcs11/framework-pkcs15.c: framework-pkcs15: fix + +2010-03-10 09:23 viktor.tarasov + + * trunk/src/cardmod/cardmod.c, + trunk/src/libopensc/pkcs15-oberthur.c, + trunk/src/libopensc/pkcs15-pin.c, trunk/src/libopensc/pkcs15.h, + trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-lib.c, trunk/src/tests/pintest.c, + trunk/src/tools/pkcs15-crypt.c, trunk/src/tools/pkcs15-tool.c: + libopensc: in pkcs15 PIN commands 'pin_info' parameter replaced + by 'pin_object' + +2010-03-10 07:07 martin + + * trunk/src/libopensc/pkcs15-oberthur.c: there is no ui.h any more. + +2010-03-09 17:43 viktor.tarasov + + * trunk/src/libopensc/Makefile.mak: libopensc: add oberthur pkcs15 + emulator to Makefile.mak + +2010-03-09 17:40 viktor.tarasov + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/pkcs15-oberthur.c, + trunk/src/libopensc/pkcs15-syn.c: oberthur: pkcs15 emulator for + the native cards + +2010-03-09 17:38 viktor.tarasov + + * trunk/src/pkcs11/framework-pkcs15.c: pkcs11 framework-pkc15: at + user login try to do the postponed private keys load + +2010-03-09 17:11 viktor.tarasov + + * trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: + libopensc emu: sorry, fix + +2010-03-09 16:57 viktor.tarasov + + * trunk/etc/opensc.conf.in: pkcs11: configuration option to report + as zero the CKA_ID of CA certificates In fact, the middleware of + the manufacturer of the gemalto (axalto, gemplus) cards reports + the CKA_ID of CA certificates as '0'. But it's not true for the + others middlewares (Oberthur), NSS (afais) and PKCS#11 standard. + +2010-03-09 16:49 viktor.tarasov + + * trunk/src/libopensc/libopensc.exports, + trunk/src/libopensc/pkcs15-gemsafeV1.c, + trunk/src/libopensc/pkcs15-syn.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/pkcs15.h, trunk/src/pkcs15init/pkcs15-lib.c: + libopensc emu: postponed object loading Some non-pkcs15 cards + protect the reading of the private objects attributes. For the + emulated pkcs15 cards, the 'init' emu-handler was the only place + where pkcs15 objects could be loaded. This handler is called + before the card is binded, and so, for an application there was + no 'normal' way to verify PIN and load the objects with + protected attributes. Actually it's possible to complete list of + the pkcs15 objects after the emulated pkcs15 card has been + binded. + +2010-03-09 15:43 viktor.tarasov + + * trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/misc.c, + trunk/src/pkcs11/sc-pkcs11.h: pkcs11: configuration option to + report as zero the CKA_ID of CA certificates In fact, the + middleware of the manufacturer of the gemalto (axalto, gemplus) + cards reports the CKA_ID of CA certificates as '0'. But it's not + true for the others middlewares (Oberthur), NSS (afais) and + PKCS#11 standard. + +2010-03-09 15:05 viktor.tarasov + + * trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/framework-pkcs15init.c, + trunk/src/pkcs11/pkcs11-session.c, trunk/src/pkcs11/sc-pkcs11.h: + pkcs11 framework: change prototype of the 'login' method It + gives the access to the 'slot' object inside the framework + method 'login'. + +2010-03-09 14:51 viktor.tarasov + + * trunk/src/tools/pkcs15-tool.c: pkcs15-tool: add 'verify-pin' + option" src/tools/pkcs15-tool.c Implemented to have the + possibility to verify PIN after binding of the pkcs15 card and + before any 'substantial' operation. + +2010-03-09 13:39 flc + + * trunk/src/libopensc/ctx.c: add windows.h include to ctx.c to + satisfy dependencies and move internal.h include at end of + includes + +2010-03-09 07:41 flc + + * trunk/src/cardmod/cardmod.c, trunk/src/libopensc/ctx.c: + internal.h must be before winreg.h include, and change path for + include log.h in cardmod.c + +2010-03-08 12:32 viktor.tarasov + + * trunk/src/libopensc/pkcs15.c, + trunk/src/pkcs11/framework-pkcs15.c: libopensc: homogenize name + of 'struct sc_pkcs15_card' parameters and variables + +2010-03-05 19:31 martin + + * trunk/win32/Makefile.am: win32/Makefile.am:1: whitespace + following trailing backslash + +2010-03-05 10:37 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-asepcos.c, + trunk/src/pkcs15init/pkcs15-cardos.c, + trunk/src/pkcs15init/pkcs15-incrypto34.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-starcos.c, + trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h: + pkcs15init: homegenize pin reference type in a different + structures; remove unused parameters in the internal procedures; + +2010-03-04 16:19 viktor.tarasov + + * trunk/src/libopensc/pkcs15.h: libopensc: add structure name to + the 'typedef structure' definitions + +2010-03-04 16:14 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: dummy object is + not needed for the sc_pkcs15_find_XX() procedures; coding style + issues + +2010-03-04 13:37 viktor.tarasov + + * trunk/src/pkcs15init/flex.profile, + trunk/src/pkcs15init/pkcs15-cflex.c: pkcs15init cflex: fix + protected initialisation In the 'flex' card profile the ACLs of + the public objects are set to 'NONE'. As the pkcs15init core + currently implemented, the AuthID attribute is not used for the + public objects. Without AuthID the destination 'pin-domain' DF + cannot be determined in a simple and sure manner. That's why + 'pin-domain' works only for private key, private data and the + public objects are placed into the application DF. ; take 'flex' + CHV files settings from the card profile; + +2010-03-04 13:05 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: prepare + instantiation of the pin-domain templates When binding profile + and p15card (in sc_pkcs15init_set_p15card()), add to the profile + EF list the named DF for the path of the all existing AUTH. ; + variables name and coding style issues; ; debug messages; + +2010-03-04 12:55 viktor.tarasov + + * trunk/src/pkcs15init/profile.c: pkcs15init profile: fix indexed + instantiation of pin/key domain; more of debug messages + +2010-03-04 12:49 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-asepcos.c: pkcs15init asepcos: + unused variables + +2010-03-04 08:14 aj + + * trunk/Makefile.mak, trunk/configure.ac, trunk/src/Makefile.am, + trunk/src/Makefile.mak, trunk/src/cardmod/Makefile.am, + trunk/src/cardmod/cardmod.c, trunk/src/common/Makefile.am, + trunk/src/common/compat_getopt.c, + trunk/src/common/compat_getpass.c, + trunk/src/common/compat_strlcpy.c, trunk/src/include, + trunk/src/libopensc/Makefile.am, trunk/src/libopensc/apdu.c, + trunk/src/libopensc/asn1.c, trunk/src/libopensc/asn1.h, + trunk/src/libopensc/base64.c, trunk/src/libopensc/card-acos5.c, + trunk/src/libopensc/card-akis.c, + trunk/src/libopensc/card-asepcos.c, + trunk/src/libopensc/card-atrust-acos.c, + trunk/src/libopensc/card-belpic.c, + trunk/src/libopensc/card-cardos.c, + trunk/src/libopensc/card-default.c, + trunk/src/libopensc/card-entersafe.c, + trunk/src/libopensc/card-flex.c, + trunk/src/libopensc/card-gemsafeV1.c, + trunk/src/libopensc/card-gpk.c, trunk/src/libopensc/card-ias.c, + trunk/src/libopensc/card-incrypto34.c, + trunk/src/libopensc/card-jcop.c, + trunk/src/libopensc/card-mcrd.c, + trunk/src/libopensc/card-miocos.c, + trunk/src/libopensc/card-muscle.c, + trunk/src/libopensc/card-myeid.c, + trunk/src/libopensc/card-oberthur.c, + trunk/src/libopensc/card-openpgp.c, + trunk/src/libopensc/card-piv.c, + trunk/src/libopensc/card-rtecp.c, + trunk/src/libopensc/card-rutoken.c, + trunk/src/libopensc/card-setcos.c, + trunk/src/libopensc/card-starcos.c, + trunk/src/libopensc/card-tcos.c, + trunk/src/libopensc/card-westcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/cardctl.h, trunk/src/libopensc/cards.h, + trunk/src/libopensc/compression.c, + trunk/src/libopensc/compression.h, trunk/src/libopensc/ctbcs.c, + trunk/src/libopensc/ctx.c, trunk/src/libopensc/dir.c, + trunk/src/libopensc/errors.c, trunk/src/libopensc/internal.h, + trunk/src/libopensc/iso7816.c, trunk/src/libopensc/log.c, + trunk/src/libopensc/log.h, + trunk/src/libopensc/muscle-filesystem.c, + trunk/src/libopensc/muscle-filesystem.h, + trunk/src/libopensc/muscle.c, trunk/src/libopensc/muscle.h, + trunk/src/libopensc/opensc.h, + trunk/src/libopensc/p15card-helper.c, + trunk/src/libopensc/p15card-helper.h, + trunk/src/libopensc/p15emu-westcos.c, + trunk/src/libopensc/padding.c, + trunk/src/libopensc/pkcs15-actalis.c, + trunk/src/libopensc/pkcs15-algo.c, + trunk/src/libopensc/pkcs15-atrust-acos.c, + trunk/src/libopensc/pkcs15-cache.c, + trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-data.c, + trunk/src/libopensc/pkcs15-esinit.c, + trunk/src/libopensc/pkcs15-esteid.c, + trunk/src/libopensc/pkcs15-gemsafeGPK.c, + trunk/src/libopensc/pkcs15-gemsafeV1.c, + trunk/src/libopensc/pkcs15-infocamere.c, + trunk/src/libopensc/pkcs15-openpgp.c, + trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15-piv.c, + trunk/src/libopensc/pkcs15-postecert.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-pteid.c, + trunk/src/libopensc/pkcs15-pubkey.c, + trunk/src/libopensc/pkcs15-sec.c, + trunk/src/libopensc/pkcs15-starcert.c, + trunk/src/libopensc/pkcs15-syn.c, + trunk/src/libopensc/pkcs15-tccardos.c, + trunk/src/libopensc/pkcs15-tcos.c, + trunk/src/libopensc/pkcs15-wrap.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/pkcs15.h, + trunk/src/libopensc/reader-ctapi.c, + trunk/src/libopensc/reader-openct.c, + trunk/src/libopensc/reader-pcsc.c, trunk/src/libopensc/sc.c, + trunk/src/libopensc/sec.c, trunk/src/pkcs11/Makefile.am, + trunk/src/pkcs11/debug.c, trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/framework-pkcs15init.c, + trunk/src/pkcs11/libpkcs11.c, trunk/src/pkcs11/mechanism.c, + trunk/src/pkcs11/misc.c, trunk/src/pkcs11/openssl.c, + trunk/src/pkcs11/pkcs11-display.c, + trunk/src/pkcs11/pkcs11-global.c, + trunk/src/pkcs11/pkcs11-object.c, + trunk/src/pkcs11/pkcs11-session.c, + trunk/src/pkcs11/pkcs11-spy.c, trunk/src/pkcs11/sc-pkcs11.h, + trunk/src/pkcs11/secretkey.c, trunk/src/pkcs11/slot.c, + trunk/src/pkcs15init/Makefile.am, + trunk/src/pkcs15init/pkcs15-asepcos.c, + trunk/src/pkcs15init/pkcs15-cardos.c, + trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-entersafe.c, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-incrypto34.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-jcop.c, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-miocos.c, + trunk/src/pkcs15init/pkcs15-muscle.c, + trunk/src/pkcs15init/pkcs15-myeid.c, + trunk/src/pkcs15init/pkcs15-oberthur.c, + trunk/src/pkcs15init/pkcs15-rtecp.c, + trunk/src/pkcs15init/pkcs15-rutoken.c, + trunk/src/pkcs15init/pkcs15-setcos.c, + trunk/src/pkcs15init/pkcs15-starcos.c, + trunk/src/pkcs15init/pkcs15-westcos.c, + trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h, + trunk/src/scconf/Makefile.am, trunk/src/scconf/parse.c, + trunk/src/scconf/scconf.c, trunk/src/scconf/sclex.c, + trunk/src/scconf/test-conf.c, trunk/src/scconf/write.c, + trunk/src/tests/Makefile.am, trunk/src/tests/base64.c, + trunk/src/tests/lottery.c, trunk/src/tests/p15dump.c, + trunk/src/tests/pintest.c, trunk/src/tests/print.c, + trunk/src/tests/prngtest.c, trunk/src/tests/sc-test.c, + trunk/src/tests/sc-test.h, trunk/src/tools/Makefile.am, + trunk/src/tools/cardos-tool.c, + trunk/src/tools/cryptoflex-tool.c, trunk/src/tools/eidenv.c, + trunk/src/tools/netkey-tool.c, + trunk/src/tools/opensc-explorer.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/piv-tool.c, + trunk/src/tools/pkcs11-tool.c, trunk/src/tools/pkcs15-crypt.c, + trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-tool.c, + trunk/src/tools/rutoken-tool.c, trunk/src/tools/util.c, + trunk/src/tools/util.h, trunk/src/tools/westcos-tool.c, + trunk/win32/Makefile.am, trunk/win32/Makefile.mak, + trunk/win32/winconfig.h.in: Header file cleanup. + +2010-03-03 17:22 viktor.tarasov + + * trunk/src/pkcs15init/profile.c: pkcs15init profile: syntax error + can provoke segmentation fault + +2010-03-02 17:03 viktor.tarasov + + * trunk/src/include/opensc/Makefile.am, + trunk/src/libopensc/libopensc.exports, + trunk/src/pkcs15init/Makefile.am, + trunk/src/pkcs15init/keycache.c, + trunk/src/pkcs15init/keycache.h, trunk/src/pkcs15init/profile.h: + pkcs15init: no more need for static keycache + +2010-03-02 16:22 viktor.tarasov + + * trunk/src/libopensc/card-asepcos.c, + trunk/src/libopensc/pkcs15.h, + trunk/src/pkcs15init/pkcs15-asepcos.c, + trunk/src/pkcs15init/pkcs15-lib.c: asepcos: 'trasport PIN' + (global PIN with reference '0') is presented as 'AUT' key ; no + more need of athena dedicated PIN flag 'TRANSPORT KEY'; + +2010-03-02 09:50 viktor.tarasov + + * trunk/src/libopensc/pkcs15.h, + trunk/src/pkcs15init/pkcs15-asepcos.c, + trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init asepcos: fixup + initialisation with protected profile ; new, athena dedicated, + PIN pkcs15 flag 'TRANSPORT_KEY': in the Athena initialization + procedure the 'trasport' SOPIN object is used. This object + references to the pre-existing global SOPIN and is different + from the final SOPIN of the card. This object should be ignored + when fixing up the ACLs of the newly created file; ; the pkcs15 + refereces of the new private keys are derived from the file-id; + ; remove duplicated code; ; some log messages in pkcs15-lib.c; + +2010-03-01 15:29 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: in + sc_pkcs15init_add_object() if DF update fails, remove object + from the list before return + +2010-03-01 14:01 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h: + profile: 'cbs' member of 'struct sc_profile' is not used + +2010-03-01 13:51 viktor.tarasov + + * trunk/src/include/opensc/Makefile.am: include: do not create + link to the non-existing ui.h + +2010-03-01 13:36 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-oberthur.c: pkcs15init oberthur: no + extractable key; for generated key set reference from the key's + path + +2010-02-25 15:16 flc + + * trunk/src/libopensc/card-westcos.c, + trunk/src/tools/westcos-tool.c: add support for westcos card + with crypto component and minor renames to westcos-tool + +2010-02-24 14:06 martin + + * trunk/src/pkcs11/pkcs11-object.c: #47: C_SignRecover is not + implemented at the moment, don't give any promises with + C_SignRecoverInit either. + +2010-02-24 12:20 martin + + * trunk/configure.ac, trunk/doc/tools/opensc-config.xml, + trunk/doc/tools/tools.xml, trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/opensc-config.in: #185: drop opensc-config. + If required, pkg-config and libopensc.pc can be used instead. + +2010-02-24 10:42 martin + + * trunk/src/libopensc/pkcs15.c: #148: clear PIN cache in + sc_pkcs15_unbind() + +2010-02-24 08:57 s + + * trunk/src/pkcs15init/pkcs15-rutoken.c: fix mistake in r4065 + +2010-02-24 08:28 viktor.tarasov + + * trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: + libopensc: re-design 'sc_pkcs15_allocate_object_content' for the + case when the 'new' and 'old' data pointers are the same ;change + the prototype of 'sc_pkcs15_find_pin_by_type_and_reference' to + eliminate the compilation warnings; + +2010-02-24 08:25 aj + + * trunk/configure.ac, trunk/src/Makefile.am, trunk/src/openssh: + Remove openssh/ directory and our patch for openssh, as they + removed the opensc code in favor or new pkcs#11 code. This new + code works out of the box with opensc-pkcs11.so, so we don't + need the patch any more. + +2010-02-24 08:22 s + + * trunk/src/pkcs15init/pkcs15-rtecp.c, + trunk/src/pkcs15init/pkcs15-rutoken.c: add check params; fix: + pkcs15-rutoken.c:208: warning: unused parameter 'puk' + +2010-02-24 07:48 flc + + * trunk/src/libopensc/pkcs15-syn.c: set default auth_method + SC_AC_CHV for emulated cards thanks to Martin Paljak patch + +2010-02-21 20:46 viktor.tarasov + + * trunk/src/libopensc/card-oberthur.c, + trunk/src/libopensc/pkcs15-pin.c, trunk/src/libopensc/pkcs15.c: + libopensc: remove unused variables + +2010-02-21 20:33 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-asepcos.c, + trunk/src/pkcs15init/pkcs15-cardos.c, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: 'defined bu not + used' + +2010-02-21 19:54 martin + + * trunk/src/libopensc/pkcs15-pin.c: pincache: pkcs15-pin.c:515: + warning: unused variable ‘i’ + +2010-02-21 19:53 martin + + * trunk/src/libopensc/pkcs15-pin.c: pincache: correct message for + user consent PINs (it is a matter of policy not software support) + +2010-02-21 19:47 martin + + * trunk/src/libopensc/libopensc.exports: Fix exports file: {{{ + Undefined symbols: "_sc_pkcs15init_fixup_acls", referenced from: + -exported_symbols_list command line option + "_sc_pkcs15init_set_pin_data", referenced from: + -exported_symbols_list command line option + "_sc_pkcs15init_set_secret", referenced from: + -exported_symbols_list command line option }}} + +2010-02-21 18:24 viktor.tarasov + + * trunk/src/pkcs15init/myeid.profile, + trunk/src/pkcs15init/pkcs15-asepcos.c, + trunk/src/pkcs15init/pkcs15-cardos.c, + trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-incrypto34.c, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-setcos.c, + trunk/src/pkcs15init/pkcs15-starcos.c, + trunk/src/tools/pkcs15-init.c: pkcs15init: instead of static + keycache use the pincache as a content of the pkcs15 AUTH object + Tested with cards: CardOS v4.3B; SetCOS 4.4.1B; Oberthur; + Cryptoflex 16k, 32k e-gate, 32k e-gate token; GPK 8K; Athena; + Aventra; Fetian; Rainbow 3000 (STARCOS SPK 2.3) + +2010-02-21 16:21 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-asepcos.c, + trunk/src/pkcs15init/pkcs15-cardos.c, + trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-entersafe.c, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-incrypto34.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-jcop.c, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-miocos.c, + trunk/src/pkcs15init/pkcs15-muscle.c, + trunk/src/pkcs15init/pkcs15-myeid.c, + trunk/src/pkcs15init/pkcs15-oberthur.c, + trunk/src/pkcs15init/pkcs15-rtecp.c, + trunk/src/pkcs15init/pkcs15-rutoken.c, + trunk/src/pkcs15init/pkcs15-setcos.c, + trunk/src/pkcs15init/pkcs15-starcos.c, + trunk/src/pkcs15init/pkcs15-westcos.c, + trunk/src/pkcs15init/profile.c: pkcs15init: in the prototypes of + the internal procedures the 'struct sc_card' argument replaced + with the 'struct sc_pkcs15_card' one This patch is not largely + tested and it will be followed (hope in a few hours) with + another one that will replace the using of the static pincache + with the pincache as the content of the AUTH pkcs15 object. In + the intervention into the card specific part I tried to respect + its creator's coding style. Sorry, if it's not always the case. + +2010-02-21 11:10 martin + + * trunk/configure.ac: Missing piece from [4055] + +2010-02-21 11:02 martin + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/libpkcs15init.pc.in, + trunk/src/libopensc/libscconf.pc.in: libopensc: only one + pkgconfig file is required. + +2010-02-21 09:13 martin + + * trunk/doc/Makefile.am: manpages: don't install sc_* API + documentation. + +2010-02-21 09:09 martin + + * trunk/src/tools/pkcs15-init.c: pkcs15-init: don't suggest using + --erase-card with --create-pkcs15 in help message. + +2010-02-21 09:08 martin + + * trunk/doc/tools/pkcs15-init.xml: manpages: Clarify pkcs15-init + --erase-card usage. Fix XML structure from [4012] + +2010-02-20 23:20 viktor.tarasov + + * trunk/src/pkcs15init/cyberflex.profile: cyberflex: no more + 'protect-certificates' profile option + +2010-02-20 23:14 viktor.tarasov + + * trunk/src/pkcs15init/flex.profile, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h: + pkcs15init: 'protect-certificates' profile option not used + Profile option 'protect-certifcates' was activated by default + for all the cards, was mentioned and commented out only in + 'flex' profile, and finaly is not working 'by design' of + pkcs15-lib.c So, no need to keep this option, untill the valid + arguments to restore it back. Anyway, the access to certificates + is controlled by the file's ACLs defined in profile. ;in profile + use the 'define' macros to define the pin encoding type; + +2010-02-20 22:16 viktor.tarasov + + * trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/pkcs11-session.c: pkcs11: no pincache concept + at the pkcs11 level -- it's implemented at the pkcs15 one + +2010-02-20 22:04 viktor.tarasov + + * trunk/src/libopensc/pkcs15-pin.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/pkcs15.h, trunk/src/pkcs15init/profile.c, + trunk/src/pkcs15init/profile.h: pincache: implement pincache as + the content of the AUTH pkcs15 object ; in 'sc_pkcs15_pin_info' + structure add 'auth_method' member to keep the PIN + authentication method: CHV, AUT or SM; ; in pkcs15init profile + add function to search PIN template by auth method and + reference; ; in 'sc_pkcs15_remove_object' return silently if + object to delete is NULL; ; in 'sc_pkcs15_object' structure add + 'usage_counter' member; ; new + 'sc_pkcs15_find_pin_by_type_and_reference' procedure to search + PIN pkcs15 object by auth method and reference; + +2010-02-20 20:09 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: when updating + 'OpenSC Info' file, cleanup its non-used tail part -- thanks to + Xiaoshuo + +2010-02-20 10:09 viktor.tarasov + + * trunk/src/libopensc/card-entersafe.c: entersafe: fix import key + RSA 2048 bits + +2010-02-20 08:34 martin + + * trunk/src/libopensc/pkcs15.c: PKCS15: set the PRNG flag on + PKCS#15 card object even if it was not set in TokenFlags if RNG + capability is reported by the low level card driver. + +2010-02-20 08:31 martin + + * trunk/src/libopensc/card-entersafe.c: entersafe: don't mix + hexadecimal and decimal in code and comments + +2010-02-19 16:52 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-entersafe.c: entersafe: sorry, fix + +2010-02-19 16:41 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-entersafe.c: entersafe: unify cards + behavior - don't throw error when erasing empty card + +2010-02-19 10:41 flc + + * trunk/src/libopensc/ctx.c: Use cardmod if explicitly request on + config only + +2010-02-18 17:08 viktor.tarasov + + * trunk/src/libopensc/card-myeid.c: MyEID: fix 'Activate Applet' + apdu case + +2010-02-18 10:26 viktor.tarasov + + * trunk/src/libopensc/card-myeid.c: MyEID: 'read until the end' + not supported -- set maximal receiving size to 255 + +2010-02-18 10:08 viktor.tarasov + + * trunk/src/libopensc/card-myeid.c: MyEID: fix + +2010-02-17 17:19 s + + * trunk/src/pkcs15init/pkcs15-rtecp.c: fix: mis-usage of 'type' + (PIN encoding style) Thanks to Viktor TARASOV + http://www.opensc-project.org/pipermail/opensc-devel/2010-February/013454.html + +2010-02-17 07:51 flc + + * trunk/etc/opensc.conf.in, trunk/src/cardmod/cardmod.c, + trunk/src/libopensc/reader-pcsc.c: cardmod updates: - Add + comment to opensc.conf - Use opensc log in cardmod - Minor + corrections on cardmod pcsc driver + +2010-02-16 07:10 aj + + * trunk/Makefile.am, trunk/configure.ac: automake gets packge name + and version from AC_INIT. the old AM_INIT_AUTOMAKE syntax is + deprecated now, switch to the new one. + +2010-02-15 20:55 s + + * trunk/src/pkcs11/framework-pkcs15.c: fix SIGABRT (r4028) *** + glibc detected *** invalid pointer: 0x00007fff9e9f7670 *** + Program received signal SIGABRT, Aborted. 0x00007f971d0a8ea5 in + raise () from /lib64/libc.so.6 (gdb) bt #0 0x00007f971d0a8ea5 in + raise () from /lib64/libc.so.6 #1 0x00007f971d0aaab3 in abort () + from /lib64/libc.so.6 #2 0x00007f971d0e7d58 in __libc_message () + from /lib64/libc.so.6 #3 0x00007f971d0ed7e8 in malloc_printerr + () from /lib64/libc.so.6 #4 0x00007f971d0efda6 in free () from + /lib64/libc.so.6 #5 0x0000000000410f5c in pkcs15_gen_keypair + (p11card=0x72aec0, slot=, pMechanism=, pPubTpl=, ulPubCnt=, pPrivTpl=, ulPrivCnt=6, + phPubKey=0x7fff9e9f7e50, phPrivKey=0x7fff9e9f7e58) at + framework-pkcs15.c:1763 /* see opensc-0.11.13 */ #6 + 0x0000000000409a6e in C_GenerateKeyPair + +2010-02-15 17:47 viktor.tarasov + + * trunk/src/pkcs15init/profile.c: pkcs15init profile: accept the + minimal file-ids difference from GPK profile + +2010-02-12 17:23 s + + * trunk/src/pkcs11/framework-pkcs15.c: fix memory leaks + +2010-02-12 16:53 s + + * trunk/src/libopensc/pkcs15-prkey.c: fix memory leak + +2010-02-11 14:50 martin + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, + trunk/src/libopensc/card-emv.c, trunk/src/libopensc/cards.h, + trunk/src/libopensc/ctx.c, trunk/src/libopensc/opensc.h: Remove + the dummy EMV driver. + +2010-02-11 14:47 viktor.tarasov + + * trunk/src/libopensc/ctx.c: libopensc: 'javacard' driver has to + be the last one before 'default' -- thanks to Andreas + +2010-02-11 14:15 viktor.tarasov + + * trunk/src/libopensc/ctx.c: libopensc: in + +2010-02-11 12:14 viktor.tarasov + + * trunk/src/tools/pkcs15-init.c: pkcs15-init tool: simplify + 'pristine' test - it's ok if MF, DIR or PKCS15-AppDF is not + selectable + +2010-02-11 08:46 flc + + * trunk/src/libopensc/libopensc.exports: remove useless symbol + from libopensc.exports + +2010-02-10 07:59 aj + + * trunk/doc/tools/pkcs15-init.xml: Debian bug report 505396: -P is + not --store-public-key, but --store-pin. I simply remove the + short form "-P" for now (didn't find a good place to add it). + +2010-02-10 07:44 aj + + * trunk/doc/tools/pkcs15-init.xml: AFAIK the default format is + PEM, not DER. + +2010-02-10 07:40 aj + + * trunk/src/libopensc/card-belpic.c: patch from debian bug report + 470637 by Philippe Teuwen: update_binary() was not foreseen by + the middleware creators of BELPIC so I added it, which allows to + write some data in the MF/ID/EF(Preferences) of the card. + +2010-02-09 15:15 viktor.tarasov + + * trunk/src/libopensc/errors.c: libopensc: error message for + success + +2010-02-09 14:45 viktor.tarasov + + * trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: + libopensc: in sc_pkcs15_object introduce the 'content' member + Replace not-used 'der' structure member by the 'content' one. + 'Der' member was introduced to keep the ASN1 encoded object + attributes. Actually it's not used. 'Content' is intended to + keep the object value (AUTH object - pin cache value; CERT + object - der value, ...) + +2010-02-09 14:05 viktor.tarasov + + * trunk/src/libopensc/pkcs15.c, trunk/src/pkcs15init/pkcs15-lib.c: + libopensc: separate 'remove' and 'free' pkcs15 object + +2010-02-09 13:53 viktor.tarasov + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/pkcs15.h: + libopensc: remove not used function + +2010-02-06 12:59 aj + + * trunk/src/libopensc/ctx.c: Add a comment to keep javacard driver + 2nd last. + +2010-02-06 10:56 martin + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, + trunk/src/libopensc/card-javacard.c, + trunk/src/libopensc/cards.h, trunk/src/libopensc/ctx.c: Add a + catch-all for (possibly) blank JavaCards. This way known blank + JavaCards without a supported applet get recognized by + opensc-tool -n. + +2010-02-05 21:39 alonbl + + * trunk/configure.ac, trunk/src/cardmod/Makefile.am, + trunk/src/cardmod/cardmod.c, trunk/src/cardmod/cardmod.exports, + trunk/src/cardmod/cardmod.inf, trunk/src/cardmod/cardmod.inf.in, + trunk/src/libopensc/ctx.c, trunk/src/libopensc/reader-pcsc.c: + cardmod - build fixups and mingw stuff 1. Add --enable-cardmod + to autoconf to enable feature explicitly. 2. Modify + opensc-cardmod.dll to always have bitness suffix eg + opensc-cardmod32.dll 3. Remove complex cardmod.h detection, + could not find any reason for this. 4. Make cardmod.inf a + template and inject opensc version into its version string. 5. + More minor autoconf/automake cleanups. 6. Remove + internal-winscard.h usage in cardmod.c as cardmod.h already + includes winscard.h 7. DllMain is not exportable. Notes: 1. I + may caused other build not to work, will happy to work it out. + 2. Cannot find reason why cardmod.inf cardmod-westcos.reg should + reside in bin directory. + +2010-02-05 13:56 aj + + * trunk/src/cardmod/Makefile.in: Files generated by automake & + friends are not placed in svn. + +2010-02-05 13:05 flc + + * trunk/configure.ac, trunk/etc/opensc.conf.in, + trunk/src/Makefile.am, trunk/src/Makefile.mak, + trunk/src/cardmod, trunk/src/cardmod/Makefile.am, + trunk/src/cardmod/Makefile.in, trunk/src/cardmod/Makefile.mak, + trunk/src/cardmod/cardmod-westcos.reg, + trunk/src/cardmod/cardmod.c, trunk/src/cardmod/cardmod.exports, + trunk/src/cardmod/cardmod.inf, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/internal-winscard.h, + trunk/src/libopensc/internal.h, + trunk/src/libopensc/reader-pcsc.c: add cardmod a minidrivers for + windows + +2010-02-05 11:21 aj + + * trunk/src/libopensc/log.c: fix pthread include for win32/mingw + compilation. + +2010-02-05 06:20 aj + + * trunk/src/libopensc/sc.c: Fix bebytes2ushort function, reported + by Roland Schwarz. + +2010-02-05 06:16 aj + + * trunk/src/libopensc/card-piv.c, trunk/src/tools/piv-tool.c: + Updated piv driver by Douglas E. Engert: the PIV driver no + longer need to set the card max_*_size parameters to get around + emulating read_binary and write_binary. It can now handle + partial reads and writes. The assumptions for write_binary are + that the first chuck will have idx = 0, and the last chunk will + write the last byte. The flags parameter will contain the total + length. The only write_binary operations are done when + initializing a card, and this is only done from piv-tool.c which + was modified to pass in the length and other flags. Piv-tool + continues to be a primative test tool for inializing test cards. + But it has been expanded to be able to write other objects on + test cards. The serial number of a PIV card is obtained from the + CHUID object if present which has a FASC-N which is an ID number + created by the issuer. Normally PIV cards are issued the U.S. + Federal government But there are ways to use the same cards with + a non government CA. This is then be referred to as PIV + Compatible. In this case, the FASC-N should start with an agency + code = 9999 and an RFC 4122 GUID should be present in the CHUID. + If this is the case, the GUID is used as the serial number. + Windows 7 comes with a PIV card card driver, but to get it use + one of these card the CHUID is required. (piv-tool can now write + one. + +2010-02-05 06:14 aj + + * trunk/src/libopensc/apdu.c: Improved chaining for large APDU + commands, by Mats Andersson and Douglas E. Engert. + +2010-02-04 12:18 s + + * trunk/src/pkcs15init/pkcs15-rtecp.c, + trunk/src/pkcs15init/rutoken_ecp.profile: rutoken (ECP): add 4 + DF (reserved for internal use) + +2010-02-04 10:39 s + + * trunk/src/pkcs15init/pkcs15-rtecp.c, + trunk/src/pkcs15init/pkcs15-rutoken.c: rutoken (S and ECP): + never unblock SO PIN + +2010-02-04 06:33 aj + + * trunk/src/tools/Makefile.am, trunk/src/tools/pkcs15-init.c, + trunk/src/tools/ui.c, trunk/src/tools/ui.h: fold ui.c/h into + pkcs15-init. + +2010-02-04 06:22 aj + + * trunk/src/libopensc/log.c: remove log output coloring. + +2010-02-04 06:19 aj + + * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/internal.h, + trunk/src/libopensc/libopensc.exports, + trunk/src/libopensc/log.c, trunk/src/libopensc/ui.c, + trunk/src/libopensc/ui.h, trunk/src/tools/Makefile.am, + trunk/src/tools/pkcs15-init.c, trunk/src/tools/ui.c, + trunk/src/tools/ui.h: remove ui code from library. + +2010-02-03 15:46 martin + + * trunk/src/libopensc/reader-pcsc.c: [PC/SC / MacOSX] Try to + connect to the card twice. On OS X, when you insert a card, + securityd sequentially starts all found Tokend-s to see if a + card can be handled with one. If a non-tokend application waits + for a card insertion with sc_wait_for_event and tries to connect + to the card right after the system sees it, it will fail with + "The reader is in use by another application" 95% of the time. + With this hack connecting to the card succeeds 95% of the time + with the probable penalty of an extra second on initialization + for non-tokend clients. This should only affect applications + that wait for card insertion events. + +2010-02-03 12:10 s + + * trunk/src/pkcs15init/pkcs15-rtecp.c, + trunk/src/pkcs15init/pkcs15-rutoken.c, + trunk/src/pkcs15init/rutoken.profile, + trunk/src/pkcs15init/rutoken_ecp.profile: rutoken (S and ECP): + both PINs are globals (and addition to changeset 3960, 3946) + +2010-02-03 10:10 martin + + * trunk/src/pkcs11/pkcs11-global.c: [PKCS#11] use combined + constants for events + +2010-02-03 09:58 martin + + * trunk/src/tools/util.c: [tools] If started with --wait, also + wait for a reader if necessary. + +2010-02-03 09:54 martin + + * trunk/src/libopensc/reader-pcsc.c: [PC/SC] detect other events + besides card insertion/removal * remove whitespace. * don't use + SC_MAX_READERS and allocate memory dynamically. + +2010-02-02 18:15 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: useless if/else + construction + +2010-02-02 17:29 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: remove + commented-out code + +2010-02-02 17:20 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: little fix + +2010-02-02 17:18 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: remove the old + commented-out code + +2010-02-02 16:45 viktor.tarasov + + * trunk/src/pkcs15init/oberthur.profile, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h: + pkcs15init: remove profile option 'keep-public-key' that was + used only by oberthur + +2010-02-02 14:50 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-asepcos.c, + trunk/src/pkcs15init/pkcs15-cardos.c, + trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-entersafe.c, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-incrypto34.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-jcop.c, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-miocos.c, + trunk/src/pkcs15init/pkcs15-muscle.c, + trunk/src/pkcs15init/pkcs15-myeid.c, + trunk/src/pkcs15init/pkcs15-oberthur.c, + trunk/src/pkcs15init/pkcs15-rtecp.c, + trunk/src/pkcs15init/pkcs15-rutoken.c, + trunk/src/pkcs15init/pkcs15-setcos.c, + trunk/src/pkcs15init/pkcs15-starcos.c, + trunk/src/pkcs15init/pkcs15-westcos.c: pkcs15init: abandon Old + API tested with Oberthur, CardOS and SetCOS. + +2010-02-02 14:50 alonbl + + * trunk/configure.ac, trunk/src/libopensc/Makefile.am, + trunk/src/pkcs11/Makefile.am, trunk/src/pkcs15init/Makefile.am, + trunk/src/tests/Makefile.am, trunk/src/tools/Makefile.am, + trunk/win32/versioninfo.rc.in, trunk/win32/versioninfo.rc.in.in: + [WINDOWS] Remove tool specific file description support resource + file The implementation was based on the previous MSC build, + each tool had its own description in version resource. This + change sets a single version resource to all files, and produces + much simpler build. + +2010-02-02 14:31 viktor.tarasov + + * trunk/src/libopensc/card-oberthur.c: oberthur: clean 'global' + PIN reference flag when getting byte from ACL + +2010-02-02 12:53 martin + + * trunk/src/common/Makefile.am, + trunk/src/include/opensc/Makefile.am, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/types.h: + Include simclist.h to opensc includes to be able to build + OpenSC.tokend + +2010-02-02 12:01 martin + + * trunk/src/libopensc/reader-pcsc.c: PC/SC: Do not try to watch 0 + readers on OS X + +2010-02-02 09:46 viktor.tarasov + + * trunk/src/libopensc/cardctl.h: pkcs15init: migrate MyEID to the + New API Migrated without testing, but normally should work -- + the pkcs15init part of MyEID and SetCOS are sufficiently close. + +2010-02-02 09:44 viktor.tarasov + + * trunk/src/libopensc/card-myeid.c, + trunk/src/pkcs15init/pkcs15-myeid.c: pkcs15init: migrate MyEID + to the New API Migrated without testing, but normally should + work -- the pkcs15init part of MyEID and SetCOS are sufficiently + close. + +2010-02-02 09:33 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-miocos.c, + trunk/src/pkcs15init/pkcs15-oberthur.c, + trunk/src/pkcs15init/pkcs15-setcos.c: pkcs15init: unused + variables + +2010-02-01 15:22 aj + + * trunk/src/libopensc/Makefile.mak, + trunk/src/pkcs15init/Makefile.mak, trunk/src/tools/Makefile.mak: + update windows makefiles: only create one dll. + +2010-02-01 15:20 aj + + * trunk/src/pkcs15init/pkcs15init.exports, + trunk/src/scconf/scconf.exports: remove no longer used export + files. + +2010-02-01 15:12 aj + + * trunk/src/Makefile.am, trunk/src/Makefile.mak, + trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/libopensc.exports, + trunk/src/pkcs11/Makefile.am, trunk/src/pkcs15init/Makefile.am, + trunk/src/scconf/Makefile.am, trunk/src/tools/Makefile.am: build + only one shared library instead of many. + +2010-02-01 10:14 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: sc_verify() has + been deprecated (thanks to Martin) + +2010-02-01 09:04 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-miocos.c: pkcs15init miocos: remove + obsolete code + +2010-01-31 20:29 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-setcos.c: pkcs15init: migrate setcos + to the New API + +2010-01-31 20:26 viktor.tarasov + + * trunk/src/pkcs15init/cardos.profile, + trunk/src/pkcs15init/pkcs15-cardos.c: pkcs15init cardos: fix + update keys When creating application DF ('PKCS15-AppDF'), User + PIN is not yet created, and AC type 'SC_AC_SYMBOLIC' cannot be + resolved. So, in the card profile, the macro '$PIN' cannot be + used to define the ACLs of the application DF. + +2010-01-30 19:25 aj + + * trunk/src/tools/pkcs15-init.c: make erase incompatible with all + other actions. thus we don't need to worry about if the + pin/so-pin was passed for the old structures (before erase) or + the new ones (if used with create). + +2010-01-29 17:41 viktor.tarasov + + * trunk/src/pkcs15init/setcos.profile: sertcos: both PINs are + globals + +2010-01-29 17:40 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: fix putting xPINs + in cache ;when putting SOPIN into the global cache, use the path + from the object info; ;sc_pkcs15init_create_pin() can be called + to create PUK object; + +2010-01-29 17:12 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: one more fix + +2010-01-29 17:08 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: fix + +2010-01-29 10:54 viktor.tarasov + + * trunk/src/libopensc/iso7816.c: libopensc: in iso7816 + process_fci() decode Life Cycle Status byte (ISO 7816-4 2005, + 5.3.3, tag '8A') + +2010-01-28 16:44 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-miocos.c, + trunk/src/pkcs15init/pkcs15-oberthur.c, + trunk/src/pkcs15init/pkcs15-rutoken.c, + trunk/src/pkcs15init/pkcs15-setcos.c: pkcs15init: card specific + pkcs15init has to be ready for pin_reference = -1 Starting from + r3946, the reference of PIN, instantiated from profile, is not + overwritten by 0 in sc_pkcs15init_create_pin(). + http://www.opensc-project.org/opensc/browser/trunk/src/pkcs15init/pkcs15-lib.c?rev=3946#L1064 + So, card specific pkcs15init has to be ready for the + pin_reference = -1. + +2010-01-28 14:53 aj + + * trunk/etc/opensc.conf.in: fix text a bit. + +2010-01-28 14:29 martin + + * trunk/src/libopensc/opensc.h: Add more event type defines, add + declaration of sc_ctx_get_reader_by_id(). + +2010-01-28 14:15 viktor.tarasov + + * trunk/etc/opensc.conf.in, trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/misc.c, trunk/src/pkcs11/sc-pkcs11.h: pkcs11: + by default do not create slot for the User PUK (thanks to + Andreas) + +2010-01-28 12:46 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-miocos.c: miocos: migration to New + API Miocos card owners are heartly invited to test this revision. + +2010-01-28 12:42 viktor.tarasov + + * trunk/src/pkcs11/framework-pkcs15.c: remove debug message + +2010-01-28 12:17 viktor.tarasov + + * trunk/etc/opensc.conf.in: opensc.conf: in pkcs11 section a new + option to disable slot for User PUK + +2010-01-28 12:14 viktor.tarasov + + * trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/misc.c, + trunk/src/pkcs11/sc-pkcs11.h, + trunk/src/pkcs15init/pkcs15-oberthur.c: pkcs11: parametrize + disabling of the slot for PUK + +2010-01-28 08:28 viktor.tarasov + + * trunk/src/pkcs11/framework-pkcs15.c: pkcs11: do not create slot + for PUK Ignore PUK for the 'normal' pkcs11 also, not only for + 'one-pin-pkcs11'. + +2010-01-27 18:18 viktor.tarasov + + * trunk/src/pkcs15init/profile.c: profile: for PIN flags use + rather 'define' macro + +2010-01-27 18:07 viktor.tarasov + + * trunk/src/libopensc/card-oberthur.c, + trunk/src/pkcs15init/oberthur.profile, + trunk/src/pkcs15init/pkcs15-oberthur.c: oberthur: finalize + migration to the NEW API no more 'init_app'. - Oberthur unblock + style is the only one (local SOPIN is used as PUK); - user PIN + and PUK should be everywhere defined as local; - SOPIN is always + global. + +2010-01-27 17:53 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: pkcs15 PinObject + for PUK When creating PIN, if 'puk_id' is defined in 'struct + sc_pkcs15init_pinargs', the pkcs15 PinObject for PUK will be + created. For a moment, PinObject is not created for SO PUK. + +2010-01-27 17:38 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/tools/pkcs15-init.c: pkcs15-init tool: don't ask for + PUK value when creating PIN with 'unblock-disabled' in flags - + prepare pkcs15-init tool for creating a pkcs15 PinObject for PUK. + +2010-01-27 17:08 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: sorry, fix + +2010-01-27 17:03 viktor.tarasov + + * trunk/src/libopensc/pkcs15-pin.c, + trunk/src/pkcs15init/pkcs15-lib.c: libopensc pkcs15: path is + optional for PinAttributes of PinObject - for 'global' PINs path + in not encoded into the AODF; - when selecting pin_reference, + start from value defined in profile. + +2010-01-27 16:04 s + + * trunk/src/pkcs11/pkcs11-object.c: cleanup and correct style + +2010-01-27 14:50 s + + * trunk/src/pkcs11/framework-pkcs15.c: fix: use of uninitialised + value - return parameter (phObject) from C_CreateObject and + C_GenerateKeyPair (In function 'pkcs15_add_object': warning: + unused parameter 'pHandle') Example (C_CreateObject): Breakpoint + 3, C_CreateObject (hSession=134587040, pTemplate=0x8049160, + ulCount=5, phObject=0xbff55560) at pkcs11-object.c:57 57 rv = + sc_pkcs11_lock(); (gdb) x/x phObject 0xbff55560: 0xffffffff + (gdb) finish 0xb7f5c6c0 17:15:09.969 [opensc-pkcs11] + framework-pkcs15.c:657:pkcs15_add_object: Setting object handle + of 0x0 to 0x805ab80 Run till exit from #0 C_CreateObject + (hSession=134587040, pTemplate=0x8049160, ulCount=5, + phObject=0xbff55560) at pkcs11-object.c:57 0x080487a4 in main () + Value returned is $1 = 0 (gdb) x/x 0xbff55560 0xbff55560: + 0xffffffff (gdb) c Continuing. Breakpoint 4, C_DestroyObject + (hSession=134587040, hObject=4294967295) at pkcs11-object.c:106 + 106 rv = sc_pkcs11_lock(); (gdb) p/x hObject $2 = 0xffffffff + (gdb) finish Run till exit from #0 C_DestroyObject + (hSession=134587040, hObject=4294967295) at pkcs11-object.c:106 + 0xb7f5c6c0 17:15:56.581 [opensc-pkcs11] + pkcs11-object.c:110:C_DestroyObject: + C_DestroyObject(hSession=0x805a2a0, hObject=0xffffffff) + 0x080487cb in main () Value returned is $3 = 130 + +2010-01-27 12:22 s + + * trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/pkcs11-object.c: fix SIGSEGV: $ pkcs11-tool + --slot 5 --login --pin "12345678" --label 1 --type data + --private --write-object tmp.txt Generated Data Object: Data + object 0 ... $ pkcs11-tool --slot 5 -O --login --pin "12345678" + Data object 135436368 label: '1' application: '1' app_id: -1 + flags: modifiable private ... (gdb) run Starting program: + /usr/local/bin/pkcs11-tool --slot 5 --login --pin "12345678" + --label 1 --type data --delete-object Program received signal + SIGSEGV, Segmentation fault. [Switching to Thread -1210333504 + (LWP 7193)] 0xb7cc8181 in slot_token_removed (id=5) at + slot.c:319 319 if (object->ops->release) (gdb) bt #0 0xb7cc8181 + in slot_token_removed (id=5) at slot.c:319 #1 0xb7cc82dd in + card_removed (reader=0x811bdf0) at slot.c:132 #2 0xb7cc43e7 in + C_Finalize (pReserved=0x0) at pkcs11-global.c:298 #3 0x08050fc0 + in main (argc=11, argv=0xbf98d6f4) at pkcs11-tool.c:677 + +2010-01-26 12:59 viktor.tarasov + + * trunk/src/libopensc/pkcs15.c, trunk/src/pkcs15init/pkcs15-lib.c: + libopensc: search pkcs15 objects: accept NULL value for the + output argument So that, the dummy object for the 'search pkcs15 + object' calls is not neccessary. + +2010-01-26 10:40 s + + * trunk/src/libopensc/reader-openct.c: fix: reader-openct.c: In + function 'openct_reader_connect': reader-openct.c:204: error: + 'reder' undeclared (first use in this function) + +2010-01-25 16:42 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-oberthur.c: pkcs15init: in + select_object_path() look for the template also outside the + 'key-domain'. To use New API with the cards that do not have + 'key-domain' in their profile, when setting object data path, + the object template has to be also looked for outside the + 'key-domain'. ;migrate Oberthur to the New API; ;use macros + SC_CALLED, SC_TEST_.., SC_RETURN in pkcs15-lib.c + +2010-01-25 16:10 viktor.tarasov + + * trunk/src/libopensc/card-oberthur.c, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/types.h: + libopensc: new operations for access control + +2010-01-25 15:53 viktor.tarasov + + * trunk/src/tools/pkcs15-init.c: pkcs15-init tool: when importing + bunch of certificates, break after the first error + +2010-01-25 15:30 viktor.tarasov + + * trunk/src/libopensc/card-oberthur.c, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/types.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-oberthur.c, + trunk/src/tools/pkcs15-init.c: sorry, commit by error; reverting + back to r3935 + +2010-01-25 15:11 viktor.tarasov + + * trunk/src/libopensc/card-oberthur.c, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/types.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-oberthur.c, + trunk/src/tools/pkcs15-init.c: pkcs15-init tool: when importing + bunch of certificate, break after the first + errorsrc/tools/pkcs15-init.c + +2010-01-24 20:45 martin + + * trunk/src/pkcs11/Makefile.am, + trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/framework-pkcs15init.c, + trunk/src/pkcs11/mechanism.c, trunk/src/pkcs11/misc.c, + trunk/src/pkcs11/pkcs11-global.c, + trunk/src/pkcs11/pkcs11-object.c, + trunk/src/pkcs11/pkcs11-session.c, trunk/src/pkcs11/sc-pkcs11.h, + trunk/src/pkcs11/slot.c: pkcs11: - slots, sessions and objects + are kept as lists. - change the way slots, cards and readers are + managed. - re-implement C_WaitForSlotEvent(/C_Finalize) as + written in PCKS#11 v2.20, canceling pending blocking calls. - + implement a "virtual hotplug slot" with a floating slot id to + keep NSS working with C_WaitForSlotEvent with a new reader. NSS + does not call C_GetSlotList(NULL) to re-fetch the list of + available slots if C_WaitForSlotEvent returns an event in an + already known slot ID. By changing the ID of a slot whenever a + reader attached NSS/Firefox can be tricked into recognizing new + readers when waiting for events with C_WaitForSlotEvent. - + change (possibly break something) sc_to_cryptoki_error() to not + have side-effects - Implement CKU_CONTEXT_SPECIFIC in C_Login to + implement CKA_ALWAYS_AUTHENTICATE (keys with user consent) + +2010-01-24 15:40 martin + + * trunk/src/tests/pintest.c, trunk/src/tests/sc-test.c: tests: + remove slots and sc_disconnect_card API as in r3931 + +2010-01-24 15:29 martin + + * trunk/src/tools/Makefile.am, trunk/src/tools/cardos-tool.c, + trunk/src/tools/cryptoflex-tool.c, trunk/src/tools/eidenv.c, + trunk/src/tools/netkey-tool.c, + trunk/src/tools/opensc-explorer.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/piv-tool.c, + trunk/src/tools/pkcs15-crypt.c, trunk/src/tools/pkcs15-init.c, + trunk/src/tools/pkcs15-tool.c, trunk/src/tools/rutoken-tool.c, + trunk/src/tools/util.c, trunk/src/tools/util.h, + trunk/src/tools/westcos-tool.c: tools: remove slots; implement + change in sc_disconnect_card(); convert + util_connect_card()/--wait to support the changes in r3931 + +2010-01-24 15:26 martin + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: remove slots, + according to r3931 + +2010-01-24 15:25 martin + + * trunk/src/libopensc/apdu.c, trunk/src/libopensc/card-belpic.c, + trunk/src/libopensc/card-gemsafeV1.c, + trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/card-setcos.c, + trunk/src/libopensc/card-westcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/ctbcs.c, trunk/src/libopensc/ctbcs.h, + trunk/src/libopensc/ctx.c, + trunk/src/libopensc/internal-winscard.h, + trunk/src/libopensc/internal.h, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/libopensc.exports, + trunk/src/libopensc/log.c, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/reader-ctapi.c, + trunk/src/libopensc/reader-openct.c, + trunk/src/libopensc/reader-pcsc.c, trunk/src/libopensc/sc.c, + trunk/src/libopensc/types.h: libopensc: - Remove slot + abstraction from internal API and all reader drivers. CT-API + (from where it all comes from) readers with multiple slots (if + still found) can be presented as separate readers, OpenCT should + remove the slot abstraction, PC/SC never knew about it. None of + the tools knew how to use slots. - Add sc_cancel (translates to + SCardCancel) - Re-implement sc_wait_for_event; support a + blocking call. - Replace the "int reader" API with "* + sc_reader_t" style; add "Get reader by name" functionality. - + Remove "action" parameter from sc_disconnect_card() (was not + used) + +2010-01-24 15:14 martin + + * trunk/src/libopensc/card-mcrd.c: Use a constant buffer instead + of malloc. + +2010-01-24 15:05 martin + + * trunk/src/common/Makefile.am, trunk/src/common/simclist.c, + trunk/src/common/simclist.h: Add simclist, also used by + pcsc-lite, for list operations. + +2010-01-24 12:50 martin + + * trunk/src/libopensc/reader-pcsc.c: Missing piece from r3912 + +2010-01-24 12:38 martin + + * trunk/src/libopensc/apdu.c, + trunk/src/libopensc/card-entersafe.c, + trunk/src/libopensc/compression.c, + trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/reader-ctapi.c, + trunk/src/libopensc/reader-openct.c, + trunk/src/libopensc/reader-pcsc.c, trunk/src/pkcs11/misc.c, + trunk/src/pkcs15init/pkcs15-oberthur.c: SC_ERROR_MEMORY_FAILURE + signals EEPROM failures on card. Failures to allocate memory on + host result in SC_ERROR_OUT_OF_MEMORY. + +2010-01-23 19:12 martin + + * trunk/src/libopensc/errors.c, trunk/src/libopensc/errors.h, + trunk/src/libopensc/iso7816.c, trunk/src/pkcs11/misc.c: + Introduce SC_ERROR_NOT_ENOUGH_MEMORY <=> CKR_DEVICE_MEMORY. When + trying to import a too large keyfile as a data object, TrueCrypt + received a CKR_GENERAL_ERROR before this. + +2010-01-23 06:28 martin + + * trunk/src/libopensc/sc.c: OpenSSL 1.0.0-beta series crash when + assembler implementations underflow with 0 byte length call to + OPENSSL_cleanse() and overwrite memory. Avoid it by nut trying + to eraze zero memory. + +2010-01-22 12:11 martin + + * trunk/src/tools/Makefile.am: tools: cardos-tool uses OpenSSL, + link against it. + +2010-01-22 12:01 s + + * trunk/src/pkcs15init/pkcs15-lib.c: fix: CK_MECHANISM rsa_mech = + { CKM_RSA_PKCS_KEY_PAIR_GEN, NULL, 0 }; C_GenerateKeyPair(..., + &rsa_mech, ..., ..., ..., ..., ..., ...); -> ... -> + sc_pkcs15init_store_public_key -> sc_pkcs15init_store_data -> + select_object_path -> sc_pkcs15_get_objects: return 0 -> CKR_OK + ($ pkcs15-tool --list-public-keys: Public RSA Key [Public Key] + ... Path : 3f0050000200 ) CK_MECHANISM gost_mech = { + CKM_GOSTR3410_KEY_PAIR_GEN, NULL, 0 }; C_GenerateKeyPair(..., + &gost_mech, ..., ..., ..., ..., ..., ...); -> ... -> + sc_pkcs15init_store_public_key -> sc_pkcs15init_store_data -> + select_object_path -> sc_pkcs15_get_objects: return 0 -> CKR_OK + ($ pkcs15-tool --list-public-keys: Public RSA Key [Public Key] + ... Path : 3f0050000200 Public GOSTR3410 Key [Public Key] ... + Path : 3f0050000200 ) + +2010-01-21 19:58 martin + + * trunk/src/libopensc/card-flex.c: Fix #193: cryptoflex driver did + not set minimum PIN length. + +2010-01-21 10:58 s + + * trunk/NEWS: update on NEWS + +2010-01-21 10:07 viktor.tarasov + + * trunk/src/pkcs15init/entersafe.profile, + trunk/src/pkcs15init/incrypto34.profile, + trunk/src/pkcs15init/muscle.profile, + trunk/src/pkcs15init/pkcs15-entersafe.c, + trunk/src/pkcs15init/pkcs15-incrypto34.c, + trunk/src/pkcs15init/pkcs15-muscle.c, + trunk/src/pkcs15init/pkcs15-starcos.c, + trunk/src/pkcs15init/pkcs15.profile, + trunk/src/pkcs15init/starcos.profile: pkcs15init profile: + 'private key' as BSO is differenciated from the one as EF + +2010-01-21 09:41 viktor.tarasov + + * trunk/src/libopensc/opensc.h, + trunk/src/pkcs15init/cardos.profile, + trunk/src/pkcs15init/oberthur.profile, + trunk/src/pkcs15init/pkcs15-cardos.c, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h: + pkcs15init: new profile type BSO at the profile level the + difference between EF and BSO is: - BSO path is always the path + of the host DF and do not indexated when template is + instanciated; - EF path is always ending with file-id that is + always indexated when template is instanciated. New non-static + 'sc_profile_get_file_instance' procedure to instanciate + non-template entries. In profile.c get_uint() accepts + hexadecimals. In CardOS profile (I venture to) increase the xDF + sizes and change ACL to permit the key re-importing. + +2010-01-19 13:11 martin + + * trunk/src/libopensc/card-gemsafeV1.c: Add GemSafeXpresso 32K + ATR. The card is available from + http://www.smartcardfocus.com/shop/ilp/id~246/p/index.shtml + +2010-01-17 21:08 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/tools/pkcs15-init.c: pkcs15init: use pinpad + +2010-01-16 21:52 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: dissociate object + file-id and object ID; ;use macros SC_CALLED, SC_RETURN and + SC_TEST_RET; ;change debug level in debug macros; For a new + pkcs15 object of a given type the file index is chosen as a + first value in the range from 'file-id' to 'max-id', excluding + the values that are already assigned to the file indexes of the + existing pkcs15 objects of the same type. 'file-id' is defined + in the template ('key-domain') of the card profile ; 'max-id' is + 'file-id' + hard coded value 0xFE . + +2010-01-16 20:55 viktor.tarasov + + * trunk/src/pkcs15init/profile.c: profile sanity check: in + template check for minimal difference between file-ids + +2010-01-15 15:29 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: pkcs15init: possible error of + 'find_object_by_id' should not be ignored + +2010-01-15 14:08 viktor.tarasov + + * trunk/src/pkcs15init/oberthur.profile, + trunk/src/pkcs15init/pkcs15.profile: oberthur: increase sizes of + xDF files; source tabified + +2010-01-15 09:45 martin + + * trunk/src/libopensc/errors.c, trunk/src/libopensc/errors.h: Add + comments about unused errors and add an error for locked readers. + +2010-01-15 09:36 martin + + * trunk/src/tools/pkcs11-tool.c: pkcs11-tool: test hotplug partial + commit fix + make a slot ID mandatory and parse it as an + unsigned long, not int. + +2010-01-15 09:33 martin + + * trunk/src/tools/pkcs11-tool.c: pkcs11-tool: test hotplugging and + events (C_GetSlotList/C_WaitForSlotEvent) before others tests + and only if --hotplug is given + +2010-01-15 09:27 martin + + * trunk/src/tools/pkcs11-tool.c: pkcs11-tool: Check for + CKA_ALWAYS_AUTHENTICATE and CKU_CONTEXT_SPECIFIC login for + --test operations. + +2010-01-15 09:22 martin + + * trunk/src/tools/pkcs11-tool.c: pkcs11-tool: Call C_Finalize when + a fatal error happens. (Otherwise OSX pcsc locks up) + +2010-01-13 16:39 viktor.tarasov + + * trunk/src/libopensc/card-oberthur.c: oberthur: accept token 'OCS + ID-One Cosmo Card'; ignore warning status 'end of file reached + ...' + +2010-01-13 12:27 aj + + * trunk/src/libopensc/card-entersafe.c: Xiaoshuo Wu: removes the + assert line and some unused code, solves a problem with + ePass3000. + +2010-01-10 21:58 martin + + * trunk/src/pkcs11/pkcs11.h: Remove strange characters. + +2010-01-10 20:33 viktor.tarasov + + * trunk/src/pkcs15init/pkcs15-lib.c: no more 'reuse pkcs15 object' + +2010-01-10 18:44 martin + + * trunk/src/libopensc/internal-winscard.h: PC/SC: Add SCardCancel + to please mingw + +2010-01-08 15:51 viktor.tarasov + + * trunk/src/tests/regression/functions: regression tests: + pkcs11-tool API has been changed + +2010-01-08 15:41 viktor.tarasov + + * trunk/etc/opensc.conf.in, trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/misc.c, trunk/src/pkcs11/pkcs11-session.c, + trunk/src/pkcs11/sc-pkcs11.h, trunk/src/tools/pkcs11-tool.c: + Unlock User PIN with PKCS#11: One of the three unblock methods + can be activated from the 'opensc-pkcs11' section of + opensc.conf: - C_SetPin() in the unlogged sesssion; - C_SetPin() + in the CKU_SPECIFIC_CONTEXT session; - C_InitPin() in CKU_SO + session (inspired by Pierre Ossman). -- This last one works, for + a while, only for the pkcs15 cards without SOPIN auth object. + For the pkcs15 cards with SOPIN, this method will be useful for + the cards that do not have then modes '00' and '01' of ISO + command 'RESET RETRY COUNTER'. Test commands: # pkcs11-tool + --module ./opensc-pkcs11.so --slot 0 --unlock-pin --puk "123456" + --new-pin "9999" # pkcs11-tool --module ./opensc-pkcs11.so + --slot 0 --unlock-pin -l --login-type context-specific --puk + "123456" --new-pin "9999" # pkcs11-tool --module + ./opensc-pkcs11.so --slot 0 --init-pin -l --new-pin "9999" + +2010-01-03 18:26 viktor.tarasov + + * trunk/src/tools/pkcs15-init.c: pkcs15-init tool: delete both key + parts when deleting splitted key Splitted key is stored as the + two private keys with the same ID. (It's not conform to PKCS#15, + but tolerated by OpenSC.) Previously used + 'sc_pkcs15_find_prkey_by_id()' is not appropriated to the case + of splitted key. + +2009-12-18 13:33 aj + + * trunk/NEWS, trunk/etc/opensc.conf.in, + trunk/src/libopensc/asn1.c, trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-pubkey.c, + trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h, + trunk/src/pkcs15init/entersafe.profile, + trunk/src/pkcs15init/pkcs15-lib.c: merge changes 0.11.11 -> + 0.11.12 + +2009-12-10 14:50 s + + * trunk/src/pkcs11/pkcs11-object.c: Fix: any of these calls + C_CreateObject(hSession, NULL_PTR, 1, NULL_PTR); + C_GetAttributeValue(hSession, hObject, NULL_PTR, 1); + C_SetAttributeValue(hSession, hObject, NULL_PTR, 1); + C_FindObjectsInit(hSession, NULL_PTR, 1); + C_FindObjects(hSession, NULL_PTR, 0, NULL_PTR); + C_FindObjects(hSession, NULL_PTR, 1, NULL_PTR); + C_FindObjects(hSession, NULL_PTR, 1, pulObjectCount); + C_DigestInit(hSession, NULL_PTR); C_SignInit(hSession, NULL_PTR, + hKey); C_SignRecoverInit(hSession, NULL_PTR, hKey); + C_DecryptInit(hSession, NULL_PTR, hKey); C_VerifyInit(hSession, + NULL_PTR, hKey); C_GenerateKeyPair(hSession, NULL_PTR, + pubKeyTmpl, arraysize(pubKeyTmpl), prvKeyTmpl, + arraysize(prvKeyTmpl), &hPubKey, &hPrvKey); + C_GenerateKeyPair(hSession, pMechanism, pubKeyTmpl, + arraysize(pubKeyTmpl), NULL_PTR, 1, &hPubKey, &hPrvKey); + C_GenerateKeyPair(hSession, pMechanism, NULL_PTR, 1, prvKeyTmpl, + arraysize(prvKeyTmpl), &hPubKey, &hPrvKey); => Segmentation + fault Remark: Allow calls: C_FindObjectsInit(hSession, NULL_PTR, + 0) C_GenerateKeyPair(hSession, pMechanism, NULL_PTR, 0, + NULL_PTR, 0, phPublicKey, phPrivateKey) C_UnwrapKey(hSession, + pMechanism, hUnwrappingKey, pWrappedKey, ulWrappedKeyLen, + NULL_PTR, 0, phKey) + +2009-12-10 12:34 s + + * trunk/src/pkcs11/pkcs11-session.c: fix: return CKR_ARGUMENTS_BAD + from C_Login, C_InitPIN, C_SetPIN, if pPin == NULL_PTR and + PinLen > 0 PKCS#11: "To log into a token with a protected + authentication path, the pPin parameter to C_Login should be + NULL_PTR." "To initialize the normal user?s PIN on a token with + such a protected authentication path, the pPin parameter to + C_InitPIN should be NULL_PTR." "To modify the current user?s PIN + on a token with such a protected authentication path, the + pOldPin and pNewPin parameters to C_SetPIN should be NULL_PTR." + +2009-12-09 13:59 s + + * trunk/src/pkcs15init/pkcs15-lib.c: fix: return + CKR_USER_NOT_LOGGED_IN (now CKR_GENERAL_ERROR) from + C_GenerateKeyPair for the case where there was no call C_Login + +2009-12-08 18:34 s + + * trunk/src/pkcs11/framework-pkcs15.c: add to changeset 3887 + +2009-12-08 18:28 s + + * trunk/src/pkcs11/framework-pkcs15.c: fix: CK_MECHANISM gostMech + = { CKM_GOSTR3410_KEY_PAIR_GEN, NULL, 0 }; ... + C_GenerateKeyPair(hSession, &gostMech, NULL_PTR, 0, NULL_PTR, 0, + &hPubKey, &hPrvKey); -> CKR_OK and Generate RSA Key Pair + +2009-12-08 14:29 s + + * trunk/src/pkcs11/pkcs11-object.c, + trunk/src/pkcs11/pkcs11-session.c: Fix: return + CKR_SESSION_READ_ONLY from C_InitPIN, C_SetPIN, C_CreateObject, + C_CopyObject, C_DestroyObject, C_SetAttributeValue, + C_GenerateKey, C_GenerateKeyPair, C_UnwrapKey, C_DeriveKey if + session is read-only. PKCS#11: "C_InitPIN can only be called in + the 'R/W SO Functions' state." "C_SetPIN can only be called in + the 'R/W Public Session' state, 'R/W SO Functions' state, or + 'R/W User Functions' state. An attempt to call it from a session + in any other state fails with error CKR_SESSION_READ_ONLY." + "Only session objects can be created/destroyed/modified + (C_CreateObject/C_DestroyObject/C_SetAttributeValue) during a + read-only session." + +2009-12-07 12:50 s + + * trunk/src/pkcs11/pkcs11-object.c: PKCS#11: Spec does not allow + CKR_OBJECT_HANDLE_INVALID from C_EncryptInit, C_DecryptInit, + C_DigestKey, C_SignInit, C_SignRecoverInit, C_VerifyInit, + C_VerifyRecoverInit, C_WrapKey, C_DeriveKey, C_UnwrapKey + +2009-12-03 13:11 viktor.tarasov + + * trunk/src/tools/pkcs15-tool.c: pkcs15-tool: unblock PIN with + pinpad + +2009-12-03 12:51 viktor.tarasov + + * trunk/src/libopensc/card-oberthur.c, + trunk/src/libopensc/pkcs15-pin.c, trunk/src/tools/pkcs15-tool.c: + pkcs15-tool: change PIN with pinpad + +2009-12-03 11:59 viktor.tarasov + + * trunk/src/tools/opensc-explorer.c: opensc-explorer: remove debug + messages + +2009-12-03 11:13 aj + + * trunk/src/tools/opensc-tool.c: Thomas Uhle: Just this morning I + realised that there is a minor mistake in my patch for + opensc_info(). For the Sun Studio 12.1 compiler (__SUNPRO_C == + 0x5100) and later versions also, it must be (__SUNPRO_C >> 4) & + 0xFF to split the micro and mask the major version number. + +2009-12-03 11:11 viktor.tarasov + + * trunk/src/libopensc/card-oberthur.c, + trunk/src/tools/opensc-explorer.c: pinpad support of PIN + changing and unlocking Oberthur and opensc-explorer + +2009-12-03 10:47 viktor.tarasov + + * trunk/src/libopensc/reader-pcsc.c: after Martin's suggestion: + for pcsc do not use '0' protocol when detecting readers + +2009-12-03 07:18 aj + + * trunk/src/libopensc/p15emu-westcos.c: Update westcos emulation + by Franois Leblanc. + +2009-12-03 07:10 aj + + * trunk/src/pkcs15init/pkcs15-westcos.c, + trunk/src/pkcs15init/westcos.profile: Updated westcos driver by + Franois Leblanc + +2009-12-03 07:05 aj + + * trunk/solaris/Makefile: Thomas Uhle: modify Makefile so + configure finds the include files of PC/SC lite. + +2009-12-03 07:03 aj + + * trunk/src/tools/opensc-tool.c: Thomas Uhle: Add information + about sun compiler to opensc-tool. + +2009-12-02 11:10 aj + + * trunk/src/tools/cardos-tool.c: Describe now option for --help. + +2009-12-02 11:07 aj + + * trunk/src/tools/cardos-tool.c: remove dead code for now - easy + to recreate later. + +2009-12-02 09:52 aj + + * trunk/src/tools/cardos-tool.c: fixed and tested by Viktor + TARASOV. Thanks! + +2009-12-01 21:10 aj + + * trunk/src/tools/cardos-tool.c: basic command to change startkey, + so far untested. + +2009-12-01 11:47 viktor.tarasov + + * trunk/src/tools/cardos-tool.c: cardos-tool: invalid parsing of + the 'common system keys' info + +2009-11-27 11:15 s + + * trunk/src/tools/pkcs11-tool.c: add to pkcs11-tool: GOST + mechanisms and GOSTR3410 key to show objects on token + +2009-11-27 11:07 s + + * trunk/src/pkcs11/framework-pkcs15.c: add get + CKA_GOSTR3410_PARAMS attribute for GOST private key + +2009-11-25 18:01 martin + + * trunk/src/tools/pkcs11-tool.c: Always print the slot description + (reader name in case of OpenSC) + +2009-11-24 13:43 martin + + * trunk/src/libopensc/card-ias.c: Patch by Joo Poupino for + Portugese eID card. + +2009-11-23 16:38 s + + * trunk/src/libopensc/card-rutoken.c, + trunk/src/libopensc/cardctl.h, + trunk/src/pkcs15init/pkcs15-rutoken.c, + trunk/src/tools/rutoken-tool.c: Modification Rutoken S binary + interfaces by Aktiv Co. (OpenSC+Rutoken S driver for Windows + works now) + +2009-11-23 13:40 viktor.tarasov + + * trunk/src/libopensc/card-oberthur.c: Oberthur: verify PIN with + pinpad + +2009-11-23 11:41 s + + * trunk/src/libopensc/card-rtecp.c, + trunk/src/libopensc/card-rutoken.c, + trunk/src/libopensc/cardctl.h, + trunk/src/pkcs15init/pkcs15-rutoken.c: correct SEC_ATTR_SIZE + name (add prefix) + +2009-11-20 15:23 s + + * trunk/src/pkcs11/pkcs11-session.c: CKR_USER_ALREADY_LOGGED_IN: + It indicates that the specified user cannot be logged into the + session, because it is already logged into the session. + CKR_USER_ANOTHER_ALREADY_LOGGED_IN: It indicates that the + specified user cannot be logged into the session, because + another user is already logged into the session. + +2009-11-20 13:15 s + + * trunk/src/libopensc/card-rtecp.c: use generic + iso7816_select_file code, remove duplicate code + +2009-11-20 12:26 s + + * trunk/src/libopensc/card-rtecp.c, + trunk/src/libopensc/card-westcos.c: remove dead code (in + compliance with + http://www.opensc-project.org/opensc/changeset/3839#file8) + +2009-11-19 15:41 s + + * trunk/src/libopensc/card-rtecp.c, trunk/src/libopensc/cardctl.h, + trunk/src/libopensc/pkcs15-algo.c, + trunk/src/libopensc/pkcs15-pubkey.c, + trunk/src/libopensc/pkcs15.h, trunk/src/pkcs11/openssl.c, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-rtecp.c, + trunk/src/tools/pkcs15-init.c: Corrected GOSTR3410 public key + structure Working now with GOST R 34.10: $ pkcs15-init + --store-private-key key --key-usage sign,decrypt --auth-id 2 + --id 1 --pin "12345678" $ pkcs15-init --store-certificate + my_cert --id 1 --pin "12345678" But have problem: no + CKA_GOSTR3410_PARAMS by retrieve pub_key from certificate, if + pub_key object was removed (see parse_x509_cert, + asn1_decode_gostr3410_params) + +2009-11-17 13:27 viktor.tarasov + + * trunk/src/libopensc/log.c: logs: time stamp with 1msec + resolution in unix. Thanks to Ludovic Rousseau. + +2009-11-17 12:12 viktor.tarasov + + * trunk/src/libopensc/reader-pcsc.c: reader-pcsc::pcsc_transmit() + add log message with the reader's name + +2009-11-17 11:11 viktor.tarasov + + * trunk/src/libopensc/libopensc.exports, + trunk/src/libopensc/log.c, trunk/src/libopensc/log.h: logs: time + stamp; dump_hex() with the static output buffer - time stamp in + the log messages: for Windows 1msec resolution, otherwise 1sec; + - one more dump hex function, to be easily inserted into the + formatted message. + +2009-11-16 21:41 martin + + * trunk/src/libopensc/pkcs15-pteid.c: Fix C coding style to please + visual studio. By Joo Poupino. + +2009-11-16 20:45 martin + + * trunk/src/libopensc/Makefile.mak: Fix windows build + +2009-11-16 20:35 martin + + * trunk/src/libopensc/card-gemsafeV1.c: Fix C coding style + +2009-11-16 07:32 alonbl + + * trunk/configure.ac: Remove plugindir as plugin was removed + +2009-11-15 18:08 martin + + * trunk/src/libopensc/pkcs15-esteid.c: Estonian eID: fix charset + +2009-11-15 18:03 martin + + * trunk/configure.ac, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/reader-ctapi.c: Allow to turn off CT-API + support + +2009-11-14 21:55 viktor.tarasov + + * trunk/src/tools/opensc-explorer.c: opensc-explorer::do_apdu() + number of bytes in printed message 'Sending' + +2009-11-13 19:28 martin + + * branches/martin/0.12, trunk: Move branches/martin/0.12 to trunk + +2009-11-13 19:01 martin + + * branches/martin/0.12/src/libopensc/card-default.c, + branches/martin/0.12/src/libopensc/errors.c, + branches/martin/0.12/src/libopensc/errors.h, + branches/martin/0.12/src/pkcs11/framework-pkcs15.c, + branches/martin/0.12/src/tools/pkcs15-init.c: merge + [3823:3844/trunk] + +2009-11-13 14:51 martin + + * branches/martin/0.12/doc/tools/opensc-explorer.xml, + branches/martin/0.12/doc/tools/opensc-tool.xml, + branches/martin/0.12/src/tools/opensc-explorer.c: * Update + opensc-tool and opensc-explorer man pages * Remove not + implemented pksign/pkdecrypt commands from opensc-explorer. Use + pkcs15-crypt instead. + +2009-11-13 12:25 martin + + * branches/martin/0.12/doc/tools/pkcs15-init.xml, + branches/martin/0.12/src/tools/pkcs15-init.c: Fix #58: properly + document "pkcs15-init -T" + +2009-11-13 11:48 martin + + * branches/martin/0.12/configure.ac, + branches/martin/0.12/src/Makefile.am, + branches/martin/0.12/src/signer: Remove signer and related + configure elements + +2009-11-13 11:32 martin + + * branches/martin/0.12/src/libopensc/card-acos5.c, + branches/martin/0.12/src/libopensc/card-asepcos.c, + branches/martin/0.12/src/libopensc/card-cardos.c, + branches/martin/0.12/src/libopensc/card-default.c, + branches/martin/0.12/src/libopensc/card-ias.c, + branches/martin/0.12/src/libopensc/card-incrypto34.c, + branches/martin/0.12/src/libopensc/card-miocos.c, + branches/martin/0.12/src/libopensc/card-myeid.c, + branches/martin/0.12/src/libopensc/card-rtecp.c, + branches/martin/0.12/src/libopensc/card-setcos.c: Remove + card->finish() functions that do nothing + +2009-11-13 11:23 martin + + * branches/martin/0.12/src/pkcs11/sc-pkcs11.h: Fix a compiler + warning + +2009-11-13 11:21 martin + + * branches/martin/0.12/src/tools/westcos-tool.c: Fix compiler + warnings + * branches/martin/0.12/src/tools/eidenv.c: Fix compiler warning + * branches/martin/0.12/src/tools/cardos-tool.c: Fix compiler + warnings and a typo + +2009-11-13 11:19 martin + + * branches/martin/0.12/src/pkcs15init/pkcs15-myeid.c: Remove + unused variables & fix line endings. + +2009-11-13 11:15 martin + + * branches/martin/0.12/src/pkcs15init/pkcs15-oberthur.c: Remove + unused variables + +2009-11-13 11:14 martin + + * branches/martin/0.12/src/pkcs11/framework-pkcs15.c: Remove + unused variables + +2009-11-13 11:13 martin + + * branches/martin/0.12/src/libopensc/pkcs15.c: Remove unusued + variables + * branches/martin/0.12/src/libopensc/p15emu-westcos.c: Remove + unused variables + * branches/martin/0.12/src/libopensc/log.c: Remove unused variables + +2009-11-13 11:12 martin + + * branches/martin/0.12/src/libopensc/card-piv.c: Remove unused + variables + * branches/martin/0.12/src/libopensc/card-ias.c: Remove unused + variables + +2009-11-13 11:10 martin + + * branches/martin/0.12/src/libopensc/card-myeid.c: Convert + newlines to unix style, remove compiler warnings. + +2009-11-13 09:45 martin + + * branches/martin/0.12/src/libopensc/card-oberthur.c, + branches/martin/0.12/src/libopensc/card-rutoken.c, + branches/martin/0.12/src/libopensc/libopensc.exports, + branches/martin/0.12/src/libopensc/opensc.h, + branches/martin/0.12/src/libopensc/pkcs15-pubkey.c, + branches/martin/0.12/src/libopensc/pkcs15-syn.c, + branches/martin/0.12/src/libopensc/pkcs15.c, + branches/martin/0.12/src/libopensc/pkcs15.h, + branches/martin/0.12/src/pkcs11/framework-pkcs15.c, + branches/martin/0.12/src/pkcs15init/oberthur.profile, + branches/martin/0.12/src/pkcs15init/pkcs15-init.h, + branches/martin/0.12/src/pkcs15init/pkcs15-lib.c, + branches/martin/0.12/src/pkcs15init/pkcs15-oberthur.c, + branches/martin/0.12/src/pkcs15init/pkcs15.profile, + branches/martin/0.12/src/pkcs15init/profile.c, + branches/martin/0.12/src/pkcs15init/profile.h, + branches/martin/0.12/src/tools/pkcs15-tool.c: Merge + [3804:3822/trunk] + +2009-11-10 10:05 martin + + * branches/martin/0.12/src/libopensc/reader-pcsc.c: Do not + duplicate reader name in private structure. + +2009-11-05 18:27 martin + + * branches/martin/0.12/configure.ac, + branches/martin/0.12/src/libopensc/card-oberthur.c, + branches/martin/0.12/src/pkcs11/framework-pkcs15.c, + branches/martin/0.12/src/pkcs11/openssl.c, + branches/martin/0.12/src/pkcs15init/pkcs15-oberthur.c: Merge + [3794:3803/trunk] + +2009-10-25 20:22 martin + + * branches/martin/0.12/src/libopensc/card-myeid.c, + branches/martin/0.12/src/libopensc/card-westcos.c, + branches/martin/0.12/src/libopensc/cardctl.h, + branches/martin/0.12/src/libopensc/p15emu-westcos.c, + branches/martin/0.12/src/pkcs11/openssl.c, + branches/martin/0.12/src/pkcs15init/myeid.profile, + branches/martin/0.12/src/pkcs15init/pkcs15-myeid.c, + branches/martin/0.12/src/pkcs15init/pkcs15-westcos.c, + branches/martin/0.12/src/tools/westcos-tool.c: Merged + [3783:3794/trunk] + +2009-10-22 09:18 martin + + * branches/martin/0.12/src/libopensc/Makefile.mak, + branches/martin/0.12/src/libopensc/card-entersafe.c, + branches/martin/0.12/src/libopensc/card-myeid.c, + branches/martin/0.12/src/libopensc/card-piv.c, + branches/martin/0.12/src/libopensc/card-rutoken.c, + branches/martin/0.12/src/libopensc/card-tcos.c, + branches/martin/0.12/src/libopensc/card-westcos.c, + branches/martin/0.12/src/libopensc/cardctl.h, + branches/martin/0.12/src/libopensc/muscle.c, + branches/martin/0.12/src/libopensc/muscle.h, + branches/martin/0.12/src/libopensc/opensc.h, + branches/martin/0.12/src/libopensc/pkcs15-esinit.c, + branches/martin/0.12/src/libopensc/reader-pcsc.c, + branches/martin/0.12/src/pkcs11/framework-pkcs15.c, + branches/martin/0.12/src/pkcs11/pkcs11-global.c, + branches/martin/0.12/src/pkcs11/pkcs11-opensc.h, + branches/martin/0.12/src/pkcs15init/keycache.c, + branches/martin/0.12/src/pkcs15init/pkcs15-cardos.c, + branches/martin/0.12/src/pkcs15init/pkcs15-myeid.c, + branches/martin/0.12/src/pkcs15init/pkcs15-westcos.c, + branches/martin/0.12/src/pkcs15init/rutoken.profile, + branches/martin/0.12/src/tools/opensc-explorer.c, + branches/martin/0.12/src/tools/pkcs11-tool.c, + branches/martin/0.12/src/tools/util.c, + branches/martin/0.12/src/tools/westcos-tool.c: Merge + [3758:3783/trunk] + +2009-10-22 08:59 martin + + * branches/martin/0.12/configure.ac, + branches/martin/0.12/etc/opensc.conf.in, + branches/martin/0.12/src/libopensc/libopensc.exports, + branches/martin/0.12/src/libopensc/opensc.h, + branches/martin/0.12/src/libopensc/pkcs15-actalis.c, + branches/martin/0.12/src/libopensc/pkcs15-infocamere.c, + branches/martin/0.12/src/libopensc/pkcs15-pin.c, + branches/martin/0.12/src/libopensc/pkcs15-sec.c, + branches/martin/0.12/src/libopensc/pkcs15.c, + branches/martin/0.12/src/libopensc/pkcs15.h, + branches/martin/0.12/src/libopensc/sc.c, + branches/martin/0.12/src/pkcs11/framework-pkcs15.c, + branches/martin/0.12/src/pkcs11/misc.c, + branches/martin/0.12/src/pkcs11/sc-pkcs11.h, + branches/martin/0.12/src/tools/pkcs15-tool.c: Re-implement PIN + cache on PKCS#15 layer; remove it from PKCS#11. Re-name and log + PKCS#15 options to better reflect the purpose. Data objects and + PKCS#15 init are left broken currently. + +2009-10-13 08:29 martin + + * branches/martin/0.12/src/libopensc/reader-pcsc.c: PC/SC: Log + enabled options. + +2009-10-12 09:26 martin + + * branches/martin/0.12/src/libopensc/apdu.c: Revert [3752] + +2009-10-05 20:10 martin + + * branches/martin/0.12/src/libopensc/card-rtecp.c, + branches/martin/0.12/src/libopensc/cardctl.h, + branches/martin/0.12/src/libopensc/libopensc.exports, + branches/martin/0.12/src/libopensc/opensc.h, + branches/martin/0.12/src/libopensc/pkcs15-algo.c, + branches/martin/0.12/src/libopensc/pkcs15-prkey.c, + branches/martin/0.12/src/libopensc/pkcs15-pubkey.c, + branches/martin/0.12/src/libopensc/pkcs15.c, + branches/martin/0.12/src/libopensc/pkcs15.h, + branches/martin/0.12/src/pkcs11/framework-pkcs15.c, + branches/martin/0.12/src/pkcs11/mechanism.c, + branches/martin/0.12/src/pkcs11/openssl.c, + branches/martin/0.12/src/pkcs11/pkcs11.h, + branches/martin/0.12/src/pkcs11/sc-pkcs11.h, + branches/martin/0.12/src/pkcs15init/pkcs15-init.h, + branches/martin/0.12/src/pkcs15init/pkcs15-lib.c, + branches/martin/0.12/src/pkcs15init/pkcs15-rtecp.c: Merged + r3749:3758 from trunk + +2009-10-05 19:59 martin + + * branches/martin/0.12/src/libopensc/reader-pcsc.c: PC/SC: better + separation between OpenSC and PC/SC types. + +2009-10-03 17:04 martin + + * branches/martin/0.12/src/libopensc/pkcs15-pteid.c: Accidental + sc_error removed. + +2009-10-03 14:41 martin + + * branches/martin/0.12/src/libopensc/Makefile.am, + branches/martin/0.12/src/libopensc/Makefile.mak, + branches/martin/0.12/src/libopensc/card-gemsafeV1.c, + branches/martin/0.12/src/libopensc/card-ias.c, + branches/martin/0.12/src/libopensc/cards.h, + branches/martin/0.12/src/libopensc/ctx.c, + branches/martin/0.12/src/libopensc/dir.c, + branches/martin/0.12/src/libopensc/pkcs15-pteid.c, + branches/martin/0.12/src/libopensc/pkcs15-syn.c: Add support for + Portugese eID on IAS and Gemsafe cards, by Joo Poupino. + +2009-10-03 10:13 martin + + * branches/martin/0.12/src/libopensc/card-cardos.c, + branches/martin/0.12/src/libopensc/cards.h: Cardos security env + patch for Italian CNI card. By Emanuele Pucciarelli, + http://itacns.corp.it/hg/itacns/file/adc0b2ceec86/patches/115-cardos-secenv.patch + +2009-10-03 10:07 martin + + * branches/martin/0.12/src/libopensc/apdu.c: Fix spelling + +2009-10-03 10:06 martin + + * branches/martin/0.12/src/libopensc/apdu.c: Fix APDU sanity + check. By Emanuele Pucciarelli, + http://itacns.corp.it/hg/itacns/file/adc0b2ceec86/patches/010-apdu.patch + +2009-10-03 09:31 martin + + * branches/martin/0.12/src/libopensc/card-akis.c, + branches/martin/0.12/src/libopensc/card-asepcos.c, + branches/martin/0.12/src/libopensc/card-atrust-acos.c, + branches/martin/0.12/src/libopensc/card-cardos.c, + branches/martin/0.12/src/libopensc/card-entersafe.c, + branches/martin/0.12/src/libopensc/card-flex.c, + branches/martin/0.12/src/libopensc/card-gemsafeV1.c, + branches/martin/0.12/src/libopensc/card-gpk.c, + branches/martin/0.12/src/libopensc/card-incrypto34.c, + branches/martin/0.12/src/libopensc/card-jcop.c, + branches/martin/0.12/src/libopensc/card-mcrd.c, + branches/martin/0.12/src/libopensc/card-myeid.c, + branches/martin/0.12/src/libopensc/card-oberthur.c, + branches/martin/0.12/src/libopensc/card-rtecp.c, + branches/martin/0.12/src/libopensc/card-starcos.c, + branches/martin/0.12/src/libopensc/card-westcos.c, + branches/martin/0.12/src/libopensc/iso7816.c, + branches/martin/0.12/src/libopensc/types.h: apdu.sensitive is + not in use since [2868] + +2009-10-03 07:48 martin + + * branches/martin/0.12/src/libopensc/Makefile.am, + branches/martin/0.12/src/libopensc/Makefile.mak, + branches/martin/0.12/src/libopensc/card-entersafe.c, + branches/martin/0.12/src/libopensc/card-myeid.c, + branches/martin/0.12/src/libopensc/card-rtecp.c, + branches/martin/0.12/src/libopensc/cardctl.h, + branches/martin/0.12/src/libopensc/cards.h, + branches/martin/0.12/src/libopensc/ctx.c, + branches/martin/0.12/src/pkcs15init/Makefile.am, + branches/martin/0.12/src/pkcs15init/Makefile.mak, + branches/martin/0.12/src/pkcs15init/keycache.c, + branches/martin/0.12/src/pkcs15init/myeid.profile, + branches/martin/0.12/src/pkcs15init/pkcs15-init.h, + branches/martin/0.12/src/pkcs15init/pkcs15-lib.c, + branches/martin/0.12/src/pkcs15init/pkcs15-myeid.c, + branches/martin/0.12/src/scconf/README.scconf: Merged r3719:3749 + from trunk + +2009-09-25 19:29 martin + + * branches/martin/0.12/src/libopensc/opensc.h, + branches/martin/0.12/src/libopensc/reader-pcsc.c: Implement + pinpad support as used by Portugal eID, by Joo Poupino + +2009-09-20 10:57 martin + + * branches/martin/0.12/configure.ac: Bump the version number + +2009-09-15 12:33 martin + + * branches/martin/0.12/src/libopensc/reader-pcsc.c: PC/SC: Fix + display detection and clean up + +2009-09-15 12:29 martin + + * branches/martin/0.12/src/libopensc/ctx.c: Fix debug file closing. + +2009-09-15 07:59 martin + + * branches/martin/0.12/src/libopensc/pkcs15-esteid.c: EstEID: Fix + compiler warnings, add support for PIN retries related PKCS#11 + token flags, add a version number for debugging. + +2009-09-15 07:51 martin + + * branches/martin/0.12/src/libopensc/card-default.c, + branches/martin/0.12/src/libopensc/card-emv.c: Improve EMV and + default driver + +2009-09-15 07:50 martin + + * branches/martin/0.12/src/libopensc/log.h: Fix "log.h:64:4: + warning: backslash and newline separated by space" + +2009-09-14 12:04 martin + + * branches/martin/0.12/src/libopensc/log.h: Add back needed debug + level check. Thanks to Aleksey Samsonov + +2009-09-14 10:12 martin + + * branches/martin/0.12/src/pkcs11/mechanism.c: PKCS#11: Fix a + crash in C_GetMechanismList if pulCount is NULL + +2009-09-14 10:05 martin + + * branches/martin/0.12/src/libopensc/pkcs15.h, + branches/martin/0.12/src/pkcs11/framework-pkcs15.c: PKCS#11: + Implement more token flags that describe available PIN retries. + +2009-09-14 09:48 martin + + * branches/martin/0.12/etc/opensc.conf.in, + branches/martin/0.12/src/libopensc/card.c, + branches/martin/0.12/src/libopensc/internal-winscard.h, + branches/martin/0.12/src/libopensc/reader-pcsc.c, + branches/martin/0.12/src/tools/opensc-tool.c: PC/SC: Improve + core and pinpad code * Make opensc-tool -l display pinpad + capabilities, if available * Detect reader capabilities when a + reader is found, not when a connection to a card is opened * Fix + unpadded PIN block parameters to not be rejected by the latest + free CCID driver * When locking the card and it has been reset + by some other application (or re-attached), clear cache and lock + again * Enable pinpad detection by default + +2009-09-14 09:35 martin + + * branches/martin/0.12/src/libopensc/log.h: sc_error removal + missing bits + +2009-09-14 09:15 martin + + * branches/martin/0.12/solaris/proto, + branches/martin/0.12/src/include/opensc/Makefile.am, + branches/martin/0.12/src/libopensc/Makefile.am, + branches/martin/0.12/src/libopensc/Makefile.mak, + branches/martin/0.12/src/libopensc/emv.c, + branches/martin/0.12/src/libopensc/emv.h: Remove empty files: + emv.c, emv.h + +2009-09-14 09:08 martin + + * branches/martin/0.12/src/libopensc/pkcs15-syn.c: PKCS#15-emu: + remove dead code + +2009-09-14 09:03 martin + + * branches/martin/0.12/src/libopensc/internal-winscard.h, + branches/martin/0.12/src/libopensc/reader-pcsc.c: PC/SC: More + return codes are handled. + +2009-09-14 08:59 martin + + * branches/martin/0.12/src/pkcs11/pkcs11-global.c: PKCS#11: Spec + does not allow CKR_DEVICE_ERROR from C_Initialize + +2009-09-14 08:56 martin + + * branches/martin/0.12/src/pkcs11/misc.c: PKCS#11: translate + SC_ERROR_CARD_UNRESPONSIVE + +2009-09-14 08:53 martin + + * branches/martin/0.12/src/libopensc/pkcs15-esteid.c: Fix iconv + handle leak + +2009-09-14 08:51 martin + + * branches/martin/0.12/src/pkcs11/framework-pkcs15.c, + branches/martin/0.12/src/pkcs11/pkcs11-display.c, + branches/martin/0.12/src/tools/pkcs11-tool.c: Implement + CKA_ALWAYS_AUTHENTICATE + +2009-09-14 08:46 martin + + * branches/martin/0.12/etc/opensc.conf.in, + branches/martin/0.12/src/libopensc/apdu.c, + branches/martin/0.12/src/libopensc/asn1.c, + branches/martin/0.12/src/libopensc/card-akis.c, + branches/martin/0.12/src/libopensc/card-asepcos.c, + branches/martin/0.12/src/libopensc/card-atrust-acos.c, + branches/martin/0.12/src/libopensc/card-belpic.c, + branches/martin/0.12/src/libopensc/card-cardos.c, + branches/martin/0.12/src/libopensc/card-default.c, + branches/martin/0.12/src/libopensc/card-entersafe.c, + branches/martin/0.12/src/libopensc/card-flex.c, + branches/martin/0.12/src/libopensc/card-gemsafeV1.c, + branches/martin/0.12/src/libopensc/card-gpk.c, + branches/martin/0.12/src/libopensc/card-incrypto34.c, + branches/martin/0.12/src/libopensc/card-jcop.c, + branches/martin/0.12/src/libopensc/card-mcrd.c, + branches/martin/0.12/src/libopensc/card-miocos.c, + branches/martin/0.12/src/libopensc/card-muscle.c, + branches/martin/0.12/src/libopensc/card-oberthur.c, + branches/martin/0.12/src/libopensc/card-openpgp.c, + branches/martin/0.12/src/libopensc/card-piv.c, + branches/martin/0.12/src/libopensc/card-rtecp.c, + branches/martin/0.12/src/libopensc/card-rutoken.c, + branches/martin/0.12/src/libopensc/card-setcos.c, + branches/martin/0.12/src/libopensc/card-starcos.c, + branches/martin/0.12/src/libopensc/card-tcos.c, + branches/martin/0.12/src/libopensc/card-westcos.c, + branches/martin/0.12/src/libopensc/card.c, + branches/martin/0.12/src/libopensc/ctbcs.c, + branches/martin/0.12/src/libopensc/ctx.c, + branches/martin/0.12/src/libopensc/dir.c, + branches/martin/0.12/src/libopensc/iso7816.c, + branches/martin/0.12/src/libopensc/libopensc.exports, + branches/martin/0.12/src/libopensc/log.c, + branches/martin/0.12/src/libopensc/log.h, + branches/martin/0.12/src/libopensc/muscle.c, + branches/martin/0.12/src/libopensc/opensc.h, + branches/martin/0.12/src/libopensc/p15card-helper.c, + branches/martin/0.12/src/libopensc/p15emu-westcos.c, + branches/martin/0.12/src/libopensc/padding.c, + branches/martin/0.12/src/libopensc/pkcs15-algo.c, + branches/martin/0.12/src/libopensc/pkcs15-atrust-acos.c, + branches/martin/0.12/src/libopensc/pkcs15-cache.c, + branches/martin/0.12/src/libopensc/pkcs15-cert.c, + branches/martin/0.12/src/libopensc/pkcs15-gemsafeGPK.c, + branches/martin/0.12/src/libopensc/pkcs15-gemsafeV1.c, + branches/martin/0.12/src/libopensc/pkcs15-infocamere.c, + branches/martin/0.12/src/libopensc/pkcs15-openpgp.c, + branches/martin/0.12/src/libopensc/pkcs15-piv.c, + branches/martin/0.12/src/libopensc/pkcs15-postecert.c, + branches/martin/0.12/src/libopensc/pkcs15-prkey.c, + branches/martin/0.12/src/libopensc/pkcs15-pubkey.c, + branches/martin/0.12/src/libopensc/pkcs15-sec.c, + branches/martin/0.12/src/libopensc/pkcs15-starcert.c, + branches/martin/0.12/src/libopensc/pkcs15-syn.c, + branches/martin/0.12/src/libopensc/pkcs15-tcos.c, + branches/martin/0.12/src/libopensc/pkcs15-wrap.c, + branches/martin/0.12/src/libopensc/pkcs15.c, + branches/martin/0.12/src/libopensc/reader-ctapi.c, + branches/martin/0.12/src/libopensc/reader-openct.c, + branches/martin/0.12/src/libopensc/reader-pcsc.c, + branches/martin/0.12/src/libopensc/sc.c, + branches/martin/0.12/src/libopensc/sec.c, + branches/martin/0.12/src/libopensc/ui.c, + branches/martin/0.12/src/pkcs11/framework-pkcs15init.c, + branches/martin/0.12/src/pkcs11/pkcs11-global.c, + branches/martin/0.12/src/pkcs15init/pkcs15-asepcos.c, + branches/martin/0.12/src/pkcs15init/pkcs15-cardos.c, + branches/martin/0.12/src/pkcs15init/pkcs15-cflex.c, + branches/martin/0.12/src/pkcs15init/pkcs15-entersafe.c, + branches/martin/0.12/src/pkcs15init/pkcs15-gpk.c, + branches/martin/0.12/src/pkcs15init/pkcs15-incrypto34.c, + branches/martin/0.12/src/pkcs15init/pkcs15-jcop.c, + branches/martin/0.12/src/pkcs15init/pkcs15-lib.c, + branches/martin/0.12/src/pkcs15init/pkcs15-miocos.c, + branches/martin/0.12/src/pkcs15init/pkcs15-muscle.c, + branches/martin/0.12/src/pkcs15init/pkcs15-oberthur.c, + branches/martin/0.12/src/pkcs15init/pkcs15-rtecp.c, + branches/martin/0.12/src/pkcs15init/pkcs15-rutoken.c, + branches/martin/0.12/src/pkcs15init/pkcs15-setcos.c, + branches/martin/0.12/src/pkcs15init/pkcs15-starcos.c, + branches/martin/0.12/src/pkcs15init/profile.c, + branches/martin/0.12/src/tests/p15dump.c, + branches/martin/0.12/src/tools/cryptoflex-tool.c, + branches/martin/0.12/src/tools/opensc-explorer.c, + branches/martin/0.12/src/tools/pkcs15-init.c, + branches/martin/0.12/src/tools/westcos-tool.c: Remove sc_error + and sc_ctx_suppress_errors_* in favor of sc_debug/fprintf + +2009-09-12 11:46 martin + + * branches/martin/0.12/NEWS, + branches/martin/0.12/doc/tools/tools.xml, + branches/martin/0.12/doc/tools/westcos-tool.xml, + branches/martin/0.12/src/libopensc/Makefile.am, + branches/martin/0.12/src/libopensc/Makefile.mak, + branches/martin/0.12/src/libopensc/card-westcos.c, + branches/martin/0.12/src/libopensc/cardctl.h, + branches/martin/0.12/src/libopensc/cards.h, + branches/martin/0.12/src/libopensc/ctx.c, + branches/martin/0.12/src/libopensc/p15emu-westcos.c, + branches/martin/0.12/src/libopensc/pkcs15-syn.c, + branches/martin/0.12/src/pkcs15init/Makefile.am, + branches/martin/0.12/src/pkcs15init/Makefile.mak, + branches/martin/0.12/src/pkcs15init/pkcs15-init.h, + branches/martin/0.12/src/pkcs15init/pkcs15-lib.c, + branches/martin/0.12/src/pkcs15init/pkcs15-westcos.c, + branches/martin/0.12/src/pkcs15init/westcos.profile, + branches/martin/0.12/src/tools/Makefile.am, + branches/martin/0.12/src/tools/Makefile.mak, + branches/martin/0.12/src/tools/westcos-tool.c: r3717:3719 from + trunk + +2009-09-06 15:56 martin + + * branches/martin, branches/martin/0.12: Branch for next major + release changes. + +2009-07-29 07:03 aj + + * trunk/configure.ac: trunk is now post release. + +2009-07-29 07:02 aj + + * trunk/NEWS, trunk/configure.ac: Prepare for new release + +2009-07-23 08:56 aj + + * trunk/src/pkcs15init/pkcs15-entersafe.c: Weitao Sun: no one can + create more than 15 files under 5015 df. I increase it from 15 + to 48, and all are OK. + +2009-07-23 08:30 aj + + * trunk/src/pkcs11/pkcs11.h: Latest version from scute svn with + this change: Stef Walter: Make all constants UL that should be. + +2009-07-22 12:24 aj + + * trunk/src/pkcs15init/pkcs15-rtecp.c, + trunk/src/pkcs15init/pkcs15-rutoken.c: Aktiv Co./Aleksey + Samsonov: fix a bug in rutoken driver. + +2009-07-22 10:09 aj + + * trunk/src/libopensc/card-piv.c, + trunk/src/libopensc/pkcs15-piv.c: Douglas E. Engert: major + update for the PIV smartcard. The major issue is with getting + the length of an object or the cert contained in an object. The + PIV card does not have a directory on the card, So the previous + version tried to put off as long as possible the reading of + objects for performance so as to avoid having to read objects + that would not be used. The first standard, NIST 800-73, set + maximum sizes for objects. 800-73-2 removed this for + certificates. A certificate object can contain a certificate + which might be compressed. The only way to get the length of the + compressed certificate is to decompress it. Thus the + decompressed certificate could be larger then the container + object, so even if the PIV card had a directory, one would still + need to decompress the certificate to find its length. OpenSC + sc_read_binary will use the length obtained by using + sc_select_file(...,&file_out), and thus the lengths must be + determined in sc_select_file. Change are to card-piv.c and + pkcs15-piv.c and include: * The old cache code which was not + working was removed. * New cache code was added which caches all + object read from the card * If an object has a cert, the cert is + decompressed and also cached. * As part of reading an object the + first 8 bytes are read and this is then used to allocate a large + buffer to read in the object. * If pkcs15 or pkcs11 asks about a + certificate, the cert object will be read, and the cert + decompressed, to get the actual length. * If piv_select_file is + called with the file_out != NULL the object will be read to get + the length If called with NULL it will not be read. * The + enumeration of the objects now starts with 0. * + sc_ctx_suppress_errors_on and off are used to avoid file not + found messages which are are a by product of not having a + directory. * "Unsigned Card Holder Unique Identifier" object in + card-piv and pkcs15-piv.c had conflicting paths, as NIST + 800-72-1 had two tables with different paths. The enumtag for it + in card-piv.c was also wrong. + +2009-07-22 10:06 aj + + * trunk/src/libopensc/pkcs15-gemsafeV1.c: Douglas E. Engert: The + pkcs15-gemsafeV1.c does not detect of the card present is in + fact a gemsafeV1 card, and thus it can end up issuing commands + to the wrong cards. + +2009-07-02 13:59 jps + + * trunk/src/libopensc/card-muscle.c, trunk/src/libopensc/cards.h: + Add support for JCOP31 v2.4.1 with the modified muscle + applet[1]. This add support for 2048bit key and extended APDU. + [1] + http://www.opensc-project.org/pipermail/opensc-user/2009-June/003147.html + +2009-06-28 10:08 aj + + * trunk/src/pkcs11/Makefile.mak: Kalev Lember: fix + onepin-opensc-pkcs11.dll manifest embedding with Microsoft + compilers. + +2009-06-28 07:26 aj + + * trunk/src/libopensc/card-rtecp.c: Aktiv Co. / Aleksey Samsonov: + use generic code instead of identical funciton (now that the + generic code was fixed). + +2009-06-28 07:25 aj + + * trunk/src/libopensc/card-gemsafeV1.c: Aktiv Co. / Aleksey + Samsonov: use generic set_security_env code, remove duplicate + code. + +2009-06-28 07:23 aj + + * trunk/src/libopensc/iso7816.c: Aktiv Co. / Aleksey Samsonov: + Remove dead code. + +2009-06-28 07:22 aj + + * trunk/src/libopensc/iso7816.c: Aktiv Co. / Aleksey Samsonov: Add + assert() calls to check constant buffer size. + +2009-06-28 07:20 aj + + * trunk/src/libopensc/iso7816.c: Aktiv Co. / Aleksey Samsonov: + Check buffer length (*outlen) + +2009-06-28 07:19 aj + + * trunk/src/libopensc/iso7816.c: Aktiv Co. / Aleksey Samsonov: Fix + for the case when "apdu.resplen < 2" and checked buffer length. + +2009-06-28 07:17 aj + + * trunk/src/libopensc/iso7816.c: Aktiv Co. / Aleksey Samsonov: fix + case depending on length. also no need to null resplen or le + (done by sc_format_apdu). + +2009-06-28 07:11 aj + + * trunk/src/libopensc/ctx.c: Move emv driver to the end. + +2009-06-25 08:45 ludovic.rousseau + + * trunk/src/libopensc/iso7816.c: iso7816_set_security_env(): + correctly set P1 parameter in case of SC_SEC_OPERATION_DECIPHER + Thanks to Aleksey Samsonov for the patch + http://www.opensc-project.org/pipermail/opensc-devel/2009-June/012263.html + +2009-06-24 15:29 aj + + * trunk/NEWS: add a NEWS entry too. + +2009-06-24 15:26 aj + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, + trunk/src/libopensc/card-rtecp.c, trunk/src/libopensc/cardctl.h, + trunk/src/libopensc/cards.h, trunk/src/libopensc/ctx.c, + trunk/src/pkcs15init/Makefile.am, + trunk/src/pkcs15init/Makefile.mak, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-rtecp.c, + trunk/src/pkcs15init/pkcs15init.exports, + trunk/src/pkcs15init/rutoken_ecp.profile: Add new rutoken_ecp + driver by Aktiv Co. / Aleksey Samsonov + +2009-06-16 09:17 ludovic.rousseau + + * trunk/src/tools/opensc-tool.c: print_file(): inverse "write" and + "erase" Thanks to Aleksey Samsonov for the patch + http://www.opensc-project.org/pipermail/opensc-devel/2009-June/012212.html + +2009-05-12 14:35 ludovic.rousseau + + * trunk/src/tools/cardos-tool.c: cardos_sm4h(): fix memory leaks. + Thanks to cppckeck(1) + +2009-05-12 14:29 ludovic.rousseau + + * trunk/src/libopensc/pkcs15-gemsafeV1.c: + sc_pkcs15emu_add_object(): fix a memory leak. thanks to + cppcheck(1) [pkcs15-gemsafeV1.c:419]: (error) Memory leak: obj + +2009-05-12 14:27 ludovic.rousseau + + * trunk/src/libopensc/pkcs15-gemsafeV1.c: do not cast calloc() + return value + +2009-05-07 13:09 aj + + * trunk/configure.ac: prep next release. + +2009-05-07 10:57 aj + + * trunk/NEWS, trunk/src/tools/pkcs11-tool.c: Fix security issue. + +2009-05-06 16:25 ludovic.rousseau + + * trunk/src/tools/cardos-tool.c: avoid a compilation failure with + --disable-openssl + +2009-04-23 18:02 alonbl + + * trunk/doc/Makefile.am: Fix --disable-man install from svn + checkout, by Ludovic Rousseau + +2009-04-23 18:00 alonbl + + * trunk/doc/Makefile.am: Fix --disable-man install from svn + checkout, by Ludovic Rousseau + +2009-04-21 16:43 alonbl + + * trunk/configure.ac: Fix GNU libiconv detection By Kalev Lember + The attached patch fixes GNU libiconv detection by adding an + additional libiconv symbol check to autoconf -liconv link test. + Right now some iconv implementations have only iconv* symbols + (GNU libc), some have only libiconv* (GNU libiconv), and some + have both defined (Mac OS X's iconv), so it's necessary to check + for both variants. + +2009-04-17 07:19 martin + + * trunk/src/libopensc/reader-pcsc.c: Fix SCardDisconnect reset + parameter. + +2009-04-15 07:52 martin + + * trunk/src/libopensc/internal.h, trunk/src/libopensc/opensc.h: + Move sc_check_sw to opensc.h + +2009-04-15 06:18 martin + + * trunk/src/libopensc/libopensc.exports: Export sc_check_sw, + required by external drivers and utilities. Thanks to Marc Rios + Valls. + +2009-04-14 15:21 aj + + * trunk/NEWS: Update news file too. + +2009-04-08 10:31 martin + + * trunk/src/libopensc/reader-pcsc.c: * Correctly set offsets for + PINs for PIN modification operations with pinpads. Thanks to + Robert Konklewski. * Only set messages if the reader has display + capabilities. * Detect rejected pinpad commands * Whitespace + fixes + +2009-04-08 09:40 martin + + * trunk/src/tools/pkcs11-tool.c: Engine API is not used. Thanks to + Robert Konklewski for noticing this. + +2009-04-03 19:54 alonbl + + * trunk/src/libopensc/reader-pcsc.c: Actually print SCardControl + result, thanks to martin + +2009-04-03 19:17 alonbl + + * trunk/src/libopensc/reader-pcsc.c: reader-pcsc - minor cleanups + in reader features 1. Indent fix. 2. Reorder conditions. 3. Do + not print error if SCardControl fails. + +2009-04-02 10:33 aj + + * trunk/NEWS: Document latest change. + +2009-04-02 10:32 aj + + * trunk/src/libopensc/card-entersafe.c, + trunk/src/libopensc/cardctl.h, trunk/src/libopensc/cards.h, + trunk/src/pkcs15init/entersafe.profile, + trunk/src/pkcs15init/pkcs15-entersafe.c: Entersafe changes by + Weitao Sun: 1.Card type FTCOS/PK-01C added. (new) 2.Limit pin + length in range [4,16). (bug fix) 3.Can not unblock PIN. (bug + fix) + +2009-03-25 14:31 ludovic.rousseau + + * trunk/src/libopensc/muscle.c: Do not use msc_crypt_process + (OP_PROCESS). This operation is used to do multipart encryption + when, for example, the data is too big to fit in one APDU. It + basically calls the Cipher.update() method until all data has + been processed. However, the Java Card API documentation advises + against using update(): "This method requires temporary storage + of intermediate results. In addition, if the input data length + is not block aligned (multiple of block size) then additional + internal storage may be allocated at this time to store a + partial input data block. This may result in additional resource + consumption and/or slow performance. This method should only be + used if all the input data required for the cipher is not + available in one byte array. If all the input data required for + the cipher is located in a single byte array, use of the + doFinal() method to process all of the input data is + recommended." As the card's JVM was returning an internal + exception when using OP_PROCESS, it was decided to implement an + msc_crypt_final_object() function in OpenSC that uses the + msc_object_*() functions to read/write all the data from the + card. This way, it is possible to transmit/receive "arbitrarily" + large data chunks to/from the card and use doFinal(). This is + the fallback method when, for example, using 2048 bit keys and + the card doesn't support extended APDUs. Thanks to Joao Poupino + for the patch + http://www.opensc-project.org/pipermail/opensc-devel/2009-March/011978.html + +2009-03-25 14:22 ludovic.rousseau + + * trunk/src/libopensc/reader-pcsc.c: pcsc_internal_transmit(): do + not limit the size of the reception buffer to 258. This check is + no more needed now that pcsc-lite can handle extended APDU. + Thanks to Joao Poupino for the patch + http://www.opensc-project.org/pipermail/opensc-devel/2009-March/011978.html + +2009-03-25 13:55 ludovic.rousseau + + * trunk/src/libopensc/card-muscle.c, trunk/src/libopensc/cards.h: + Detect the eToken 72K and activate RSA 2048 and extended APDU + for it. Thanks to Joao Poupino for the patch + http://www.opensc-project.org/pipermail/opensc-devel/2009-March/011978.html + +2009-03-25 13:50 ludovic.rousseau + + * trunk/src/libopensc/muscle.h: Change MSC_MAX_APDU to make some + buffers larger to support extended APDUs. The change was only + from 256 to 512 bytes since it is more than enough for 2048 bit + keys; Thanks to Joao Poupino for the patch + http://www.opensc-project.org/pipermail/opensc-devel/2009-March/011978.html + +2009-03-25 13:47 ludovic.rousseau + + * trunk/src/libopensc/muscle.c: msc_get_challenge(): return + SC_SUCCESS instead of dataLength in case of success Thanks to + Joao Poupino for the patch + http://www.opensc-project.org/pipermail/opensc-devel/2009-March/011978.html + +2009-03-25 13:42 ludovic.rousseau + + * trunk/src/libopensc/muscle.c: msc_get_challenge(): use 0x62 + instead of 0x72 for GET CHALLENGE as it is the value used by the + Muscle applet (INS_GET_CHALLENGE) Thanks to Joo Poupino for the + patch + http://www.opensc-project.org/pipermail/opensc-devel/2009-March/011978.html + +2009-03-21 11:17 martin + + * trunk/src/libopensc/reader-ctapi.c: Fix typo + +2009-03-21 11:09 martin + + * trunk/src/libopensc/internal-winscard.h, + trunk/src/libopensc/reader-pcsc.c: Add support for LCD detection + on pinpad devices. * Update IOCTL definitions to PC/SC part 10 + v2.02.05 * Return SC_SUCCESS instead of 0 if returning SC_ + codes. * Detect the presence of a display with + FEATURE_IFD_PIN_PROPERTIES Tested with patched CCID driver on OS + X, with SPR532 (no display) and OK3821 (with display) Known CCID + reader with a display: ATMEL_AT91SO.txt: wLcdLayout: 0x0210 + CardMan3821.txt: wLcdLayout: 0x0210 Kobil_EMV_CAP.txt: + wLcdLayout: 0x0210 Xiring_XI-SIGN.txt: wLcdLayout: 0x020C + Xiring_XI-SIGN_6000.txt: wLcdLayout: 0x020C + +2009-03-19 17:54 martin + + * trunk/src/libopensc/reader-pcsc.c: * Display the default CCID + message for PIN verification if the reader has a display * Part + 10 -> PC/SC v2 + +2009-03-18 10:18 martin + + * trunk/src/libopensc/reader-pcsc.c: Fix Global Platform PINs with + CCID pinpads. Thanks to Franois Leblanc for the report: + http://www.opensc-project.org/pipermail/opensc-devel/2009-March/011947.html + +2009-03-12 08:33 ludovic.rousseau + + * trunk/src/tools/pkcs11-tool.c: store the generated public key on + the token. Thanks to Rickard Bondesson for the patch + http://www.opensc-project.org/pipermail/opensc-devel/2009-February/011884.html + +2009-03-07 21:55 alonbl + + * trunk/src/libopensc/internal-winscard.h: Fix Windows PINPAD + mingw issue Thanks to Franois Leblanc + http://www.opensc-project.org/pipermail/opensc-devel/2009-March/011932.html + +2009-03-06 09:30 aj + + * trunk/src/pkcs15init/pkcs15-lib.c: check if len or p is 0/NULL + and return. + +2009-03-06 09:26 aj + + * trunk/src/pkcs15init/pkcs15-lib.c: fix typo. + +2009-03-05 18:37 aj + + * trunk/src/pkcs15init/pkcs15-lib.c: Improve this function even + more. + +2009-03-05 15:28 aj + + * trunk/src/pkcs15init/pkcs15-lib.c: resolve an "undefined code" + situation. the old code was undefined, but ok (variables where + never used again in the "goto error" case). but the new code + should be clearer on this. + +2009-03-05 15:15 aj + + * trunk/src/pkcs15init/gpk.profile: change base id so it does not + overlap with the next one. + +2009-02-26 08:58 aj + + * trunk/NEWS: created final release. + +2009-02-25 09:13 ludovic.rousseau + + * trunk/src/pkcs11/misc.c: removed unused variable misc.c:317: + warning: unused variable 'i' + +2009-02-25 09:10 ludovic.rousseau + + * trunk/src/pkcs11/misc.c: iattr_extract(): use + sizeof(CK_CERTIFICATE_TYPE) for a CKA_CERTIFICATE_TYPE thanks to + Wan-Teh Chang for the better patch + http://www.opensc-project.org/pipermail/opensc-devel/2009-February/011892.html + +2009-02-24 17:15 ludovic.rousseau + + * trunk/src/pkcs11/misc.c: attr_extract(): use sizeof(CK_ULONG) + instead of sizeof(CKA_CERTIFICATE_TYPE) Thanks to Marc Rios + Valles for the patch + http://www.opensc-project.org/pipermail/opensc-devel/2009-February/011890.html + +2009-02-03 20:11 alonbl + + * trunk/configure.ac: Default PCSC CFLAGS from pkg-config + +2009-02-01 08:26 aj + + * trunk/NEWS: update NEWS file from 0.11.7 branch. + +2009-02-01 08:19 aj + + * trunk/configure.ac: trunk code is now working towards 0.11.8 + +2009-01-30 11:59 martin + + * trunk/src/pkcs11/framework-pkcs15.c: typo fix + +2009-01-29 11:50 martin + + * trunk/src/pkcs11/framework-pkcs15.c: hide_empty_tokens should + not affect emulated cards (always on) + +2009-01-29 11:47 martin + + * trunk/src/include/winconfig.h.in, + trunk/src/libopensc/Makefile.mak, trunk/win32/Make.rules.mak: + Fix native windows build, add iconv support + +2009-01-28 12:43 alonbl + + * trunk/src/libopensc/reader-pcsc.c: Optionally load + SCardControl132 on apple + +2009-01-28 12:28 martin + + * trunk/src/libopensc/reader-pcsc.c: Fix pinpads on OS X + +2009-01-28 12:10 alonbl + + * trunk/etc/opensc.conf.in, trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, + trunk/src/libopensc/card-rutoken.c, + trunk/src/libopensc/pkcs15-rutoken.c, + trunk/src/libopensc/pkcs15-syn.c, + trunk/src/pkcs15init/pkcs15-rutoken.c, + trunk/src/pkcs15init/rutoken.profile: Rutoken updates By Aktiv + Co. Aleksey Samsonov - use PKCS#15 (not builtin PKCS#15 + emulator) - rutoken.profile (add privdata) - correct using ACL - + correct erase procedure + +2009-01-23 09:30 alonbl + + * trunk/etc/opensc.conf.in, trunk/src/pkcs11/misc.c: Set default + of hide_empty_tokens to true + +2009-01-23 09:27 alonbl + + * trunk/src/libopensc/Makefile.am: Typo + +2009-01-23 09:14 alonbl + + * trunk/etc/opensc.conf.in, trunk/src/pkcs11/misc.c, + trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/sc-pkcs11.h: + Rename PKCS#11 v2_20_mode option to plug_and_play As it is the + only feature it controls. Also, change the default to true. + +2009-01-23 09:00 alonbl + + * trunk/configure.ac, trunk/src/libopensc/Makefile.am: Finally + remove eval stuff from autoconf + +2009-01-22 14:29 alonbl + + * trunk/configure.ac: Remove unused OPENSC_ETC_PATH + +2009-01-21 13:19 alonbl + + * trunk/src/libopensc/cards.h, trunk/src/libopensc/internal.h, + trunk/src/libopensc/opensc.h: Move all private factories into + private headers, the iso7816 factory is the only one which is + actually exposed + +2009-01-21 13:01 alonbl + + * trunk/src/libopensc/libopensc.exports: Add sc_get_iso7816_driver + as it is required for external drivers + +2009-01-20 08:45 alonbl + + * trunk/src/libopensc/internal-winscard.h: Add SCARD_E_NO_SERVICE + to internal-winscard.h + +2009-01-20 08:42 alonbl + + * trunk/src/libopensc/internal-winscard.h, + trunk/src/pkcs11/pkcs11-global.c: Revert 3630 + +2009-01-19 19:43 alonbl + + * trunk/src/libopensc/internal-winscard.h, + trunk/src/pkcs11/pkcs11-global.c: Add SCARD_E_NO_SERVICE to + internal-winscard.h + +2009-01-19 13:39 alonbl + + * trunk/configure.ac: Add PACKAGE_SUFFIX + +2009-01-19 13:32 alonbl + + * trunk/configure.ac: Expose version components into config.h + +2009-01-19 12:06 martin + + * trunk/etc/opensc.conf.in, trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/framework-pkcs15init.c, + trunk/src/pkcs11/misc.c, trunk/src/pkcs11/pkcs11-global.c, + trunk/src/pkcs11/sc-pkcs11.h: Configurable for PKCS#11 v2.20 + related changes. - Correctly report Cryptoki version if v2.20 is + used. - Consistently report no version for hardware/software we + know no version information about. + +2009-01-19 11:57 martin + + * trunk/src/libopensc/reader-pcsc.c: Correct PC/SC -> OpenSC error + code translation. + +2009-01-18 23:16 martin + + * trunk/src/libopensc/reader-pcsc.c: Recognize SCARD_E_NO_SERIVCE: + {{{ $ /Library/OpenSC/bin/opensc-tool -a [opensc-tool] + reader-pcsc.c:881:pcsc_detect_readers: SCardEstablishContext + failed: 0x8010001d [opensc-tool] + reader-pcsc.c:990:pcsc_detect_readers: returning with: Unknown + error No smart card readers found. }}} + +2009-01-16 21:27 alonbl + + * trunk/etc/opensc.conf.in, trunk/src/pkcs15init/profile.c: Set + hardcoded default for profile_dir + +2009-01-16 20:52 alonbl + + * trunk/configure.ac: More iconv build fixes + +2009-01-16 20:21 alonbl + + * trunk/configure.ac: Fix external iconv override + +2009-01-16 17:48 alonbl + + * trunk/configure.ac, trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/pkcs15-esteid.c: Correct iconv support + +2009-01-16 17:13 alonbl + + * trunk/configure.ac: Revert r3612, the autoconf warning is + correct and be the default in future + +2009-01-16 16:44 martin + + * trunk/etc/opensc.conf.in, trunk/src/pkcs11/misc.c, + trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/sc-pkcs11.h, + trunk/src/pkcs11/slot.c: Make PKCS#11 module default slot + configuration more sensible: * Increase default slot count to + 16, which equals 4 concurrent readers by default * 2 OpenCT + 2 + PC/SC on Linux for example * Rename num_slots to slots_per_card + * Rename internal PKCS#11 variables, remove unneeded defines. + +2009-01-16 16:12 martin + + * trunk/etc/opensc.conf.in, trunk/src/libopensc/reader-openct.c: + Limit virtual OpenCT readers to a sane default of 2 + readers/tokens by default. Most users don't use more than one or + two tokens concurrently. This way default configuration (or with + no configuration file) works even after you insert a PC/SC + reader as OpenCT does not "eat up" all PKCS#11 slots with 5 + virtual readers. + +2009-01-15 23:55 martin + + * trunk/configure.ac: link with iconv on Mac OS X, to support + [3616] + +2009-01-15 23:20 martin + + * trunk/configure.ac, trunk/src/libopensc/pkcs15-esteid.c: Linux + compatible PKCS#11-friendly changes to EstEID PKCS#15 emulation + driver to display the name of the cardholder in token label + field. + +2009-01-15 21:40 martin + + * trunk/src/libopensc/reader-pcsc.c: PC/SC readers have always + only one slot per reader. + +2009-01-15 21:23 martin + + * trunk/src/libopensc/reader-ctapi.c, + trunk/src/libopensc/reader-pcsc.c: Remove some + unused/prehistoric defines. + +2009-01-15 21:08 martin + + * trunk/etc/opensc.conf.in, trunk/src/libopensc/pkcs15-syn.c, + trunk/src/libopensc/pkcs15.h: Fix PKCS#15 emulation handling: * + Work as expected without a configuration file * "Normalize" the + configuration file: show the used default and give examples with + opposite values. * DWIM: * If there is no config file: try all + builtin drivers * If there is a configuration file, allow to + turn emulation off * If there is a configuration file, allow to + filter the list of internal drivers * Introduce a PKCS#15 layer + card flag for emulated cards + +2009-01-15 20:05 martin + + * trunk/configure.ac: Get rid of configure warnings: {{{ + configure: WARNING: winscard.h: accepted by the compiler, + rejected by the preprocessor! configure: WARNING: winscard.h: + proceeding with the compiler's result }}} + +2009-01-15 20:01 martin + + * trunk/configure.ac: Provide default system PCSC_CFLAGS on Mac OS + X + * trunk/src/libopensc/card.c: Mac OS X 10.5.6 fixes the ATR + padding bug. + +2009-01-01 20:55 alonbl + + * trunk/doc/Makefile.am, trunk/doc/nonpersistent/Makefile.am: Fix + doc build issues 1. VPATH issue. 2. Parallel build issue, + suggested by Ludovic Rousseau. + +2008-12-28 21:28 alonbl + + * trunk/src/libopensc/libopensc.exports, + trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h, + trunk/src/tools/pkcs15-init.c: Allow delete data objects by + specifying application-name and label + +2008-12-28 18:45 alonbl + + * trunk/etc/opensc.conf.in: Add PKCS#11 specification limitation + note + +2008-12-28 18:37 alonbl + + * trunk/etc/opensc.conf.in: Typeo + +2008-12-28 16:07 aj + + * trunk/src/pkcs15init/asepcos.profile, + trunk/src/pkcs15init/cardos.profile, + trunk/src/pkcs15init/cyberflex.profile, + trunk/src/pkcs15init/entersafe.profile, + trunk/src/pkcs15init/flex.profile, + trunk/src/pkcs15init/gpk.profile, + trunk/src/pkcs15init/incrypto34.profile, + trunk/src/pkcs15init/jcop.profile, + trunk/src/pkcs15init/muscle.profile, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/starcos.profile: Create new type "privdata" + in all profiles with different ACL settings, and check + C_CreateObject parameter CKA_PRIVATE aka pkcs15_create_data + args.auth_id variable, aka sc_pkcs15init_new_object + object->flags & SC_PKCS15_CO_FLAG_PRIVATE to decide if "data" or + "privdata" profile needs to be used. Tested with cryptoflex 32k + and opensc-explorer, now I no longer can "get" the data object + file stored with "--private". + +2008-12-28 16:01 aj + + * trunk/etc/opensc.conf.in, trunk/src/pkcs11/misc.c: Enable + lock_login by default for security. Disable soft_keygen by + default for security. Make defaults code more readable. + +2008-12-11 09:18 ludovic.rousseau + + * trunk/src/libopensc/internal-winscard.h: #include + on __APPLE__ to define DWORD, LONG, etc. Windows types + +2008-12-06 20:04 martin + + * trunk/src/tools/pkcs11-tool.c: Upgrade to safe and sane values + of late 2008 + +2008-12-06 18:49 alonbl + + * trunk/src/libopensc/opensc-config.in: Fix bug #86, thanks to + ville.skytta + +2008-12-06 11:41 martin + + * trunk/src/tools/opensc-tool.c, trunk/src/tools/util.c: Fixes #109 + +2008-12-05 15:57 martin + + * trunk/src/pkcs11/pkcs11-object.c: Cosmetic fix for [3595] + +2008-12-05 15:53 martin + + * trunk/src/pkcs11/pkcs11-display.c: Remove ancient unused code + +2008-12-05 15:48 martin + + * trunk/src/tools/util.c: DWIM: If you don't specify a reader on + the command line and you have more than one reader (for example, + OpenCT virtual readers and one existing PC/SC reader) the tools + will skip to the first reader that has a card in it. + +2008-11-27 10:44 ludovic.rousseau + + * trunk/src/pkcs11/pkcs11-display.c: add CKM_SHA256* and + CKM_SHA384* logs + +2008-11-24 22:06 martin + + * trunk/src/libopensc/iso7816.c, trunk/src/pkcs11/pkcs11-object.c, + trunk/src/pkcs11/pkcs11-spy.c, trunk/src/tools/pkcs11-tool.c: * + Fix issues with pkcs11-tool testing of + C_GenerateRandom/C_SeedRandom and OpenSC PKCS#11 implementation + of those functions. Thanks goes to Rickard Bondesson who noticed + the issues. + http://www.opensc-project.org/pipermail/opensc-devel/2008-November/011436.html + +2008-11-24 21:55 martin + + * trunk/src/libopensc/card-entersafe.c: typos + +2008-11-24 21:53 martin + + * trunk/src/pkcs11/pkcs11-display.c, + trunk/src/pkcs11/pkcs11-spy.c: Missing SHAs + +2008-11-21 22:34 martin + + * trunk/src/tools/pkcs11-tool.c: Add --list-token-slots / -T to + pkcs11-tool to list only slots with tokens. + +2008-10-27 19:17 alonbl + + * trunk/configure.ac: mingw32->mingw* + +2008-10-27 19:16 alonbl + + * trunk/configure.ac, trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/internal-winscard.h: Re-add pcsc-lite + compile-time dependency Win64 changed the SCARDCONTEXT from LONG + to ULONG_PTR, pcsc-lite did not follow this on 64bit platforms. + This breaks the pcsc module. To solve this we use installed + winscard.h in order to get proper declerations. As mingw32 does + not have winscard.h we keep current types. mingw64 and pcsc-lite + system have winscard.h. + +2008-10-26 19:13 alonbl + + * trunk/src/libopensc/reader-pcsc.c: Add some more debug + information to pcsc + +2008-10-26 14:48 alonbl + + * trunk/src/libopensc/internal-winscard.h: Resolve some conflict + with win64 + +2008-10-20 15:04 ludovic.rousseau + + * trunk/src/libopensc/reader-pcsc.c: use 0x%08lx instead of + 0x08%lx Thanks to Alon Bar-Lev for the patch + +2008-10-20 07:46 ludovic.rousseau + + * trunk/src/libopensc/reader-pcsc.c: display PC/SC error codes as + 0x08%lx instead of %lx to make it explicit they are hex values + +2008-10-20 07:27 ludovic.rousseau + + * trunk/src/libopensc/reader-pcsc.c: use SCARD_S_SUCCESS instead + of 0 + +2008-10-10 09:42 ludovic.rousseau + + * trunk/etc/opensc.conf.in: Add documentation: # + (max_virtual_slots/num_slots) limits the number of readers # + that can be used on the system. Default is then 8/4=2 readers. + +2008-10-10 09:39 ludovic.rousseau + + * trunk/src/pkcs11/slot.c: slot_get_token(): return + CKR_TOKEN_NOT_PRESENT if CKF_TOKEN_PRESENT is not set. Thanks to + Douglas E. Engert for the patch + http://www.opensc-project.org/pipermail/opensc-devel/2008-October/011361.html + +2008-10-09 13:05 ludovic.rousseau + + * trunk/src/pkcs11/slot.c: card_removed(): warning: comparison + between signed and unsigned + +2008-10-09 12:59 ludovic.rousseau + + * trunk/src/pkcs11/slot.c: card_initialize(): correctly associate + a reader to each virtual slot. Thanks to Douglas E. Engert for + the patch + http://www.opensc-project.org/pipermail/opensc-devel/2008-October/011359.html + +2008-10-09 09:02 ludovic.rousseau + + * trunk/doc/Makefile.am: make the * targets depend on only one + dependency to avoid problems on concurrent make (-j) + +2008-10-09 08:35 ludovic.rousseau + + * trunk/doc/Makefile.am: remove html.out and man.out before + filling them to avoid problems when/if they already contain a + html.tmp or man.tmp file (on the 3rd execution of make) + +2008-10-09 08:32 ludovic.rousseau + + * trunk/doc/tools/tools.xml: cardos-info is now cardos-tool + +2008-10-04 19:52 alonbl + + * trunk/src/tools/cardos-info, trunk/src/tools/cardos-info.bat: + Handle spaces correctly + +2008-10-04 19:35 alonbl + + * trunk/src/tools/cardos-info.bat: Make src/tools/cardos-info.bat + DOS format + +2008-10-04 19:33 alonbl + + * trunk/src/tools/cardos-info.bat: Make src/tools/cardos-info.bat + DOS format + +2008-10-04 19:32 alonbl + + * trunk/src/tools/Makefile.am, trunk/src/tools/cardos-info, + trunk/src/tools/cardos-info.bat: Fixup cardos-info scripts 1. + They are not binaries. 2. No need for resources. 3. Put in + separate files. Anyway, do we actually need these? why not just + document that cardos-tool should be used instead? + +2008-09-22 14:36 aj + + * trunk/src/tools/cardos-tool.c: fix apdu length check: 0..3 is + wrong (too short). 4 is ok. 5 is not (length byte for data, but + no data?). 6 or more is ok (length byte and data). checking for + "5" is not important. + +2008-09-22 14:21 jps + + * trunk/src/tools/cardos-tool.c: An erased CardOS with a StartKey + version 0xFF can now be directly formatted. Verbose output + contains now some useful data. + +2008-09-22 10:38 jps + + * trunk/src/tools/cardos-tool.c: fix some bad crash on Mac + +2008-09-22 09:47 jps + + * trunk/src/tools/cardos-tool.c: CardOS 4.2C is working too after + changing Default StartKey to 16 * 0xFF + +2008-09-22 08:35 jps + + * trunk/src/tools/cardos-tool.c: fixing typo + +2008-09-22 07:01 aj + + * trunk/src/tools/cardos-tool.c: Fix a comment and allow cardos + 4.3B too. Thanks to JP for testing. + +2008-09-19 10:21 aj + + * trunk/src/tools/cardos-tool.c, trunk/src/tools/pkcs15-tool.c: + fix a few missing \n + +2008-09-18 17:44 aj + + * trunk/doc/tools/cardos-tool.xml, trunk/src/tools/Makefile.am, + trunk/src/tools/cardos-tool.c: commit changes: cardos-info is + now cardos-tool. and it knows to format, at least some + cards/tokens with cardos. + +2008-09-18 17:43 aj + + * trunk/doc/tools/cardos-info.xml, + trunk/doc/tools/cardos-tool.xml, trunk/src/tools/cardos-info.c, + trunk/src/tools/cardos-tool.c: rename files only. + +2008-09-11 11:39 aj + + * trunk/doc/Makefile.am: the "-" for make must be in the first + line of a multi column command, not somewhere in the middle. + this code makes shell look for "-rm" command which does not + exist. fixing. "-" is not required in these cases, as "rm -f" + always returns 0. + +2008-09-10 12:44 alonbl + + * trunk/src/libopensc/card-entersafe.c, + trunk/src/libopensc/card-gemsafeV1.c: Fix for two apparent C + code bugs By Stanislav Brabec entersafe_init_pin_info() was + declared as int, but defined and used as void, resulting in a + function returning an unused pseudo-random value. + card-gemsafeV1.c uses comparison 'type == "DF"', which is always + false, as it compares pointer to a string with pointer to the + string "DF" in the code. + +2008-09-08 14:04 alonbl + + * trunk/doc/Makefile.am, trunk/doc/nonpersistent/Makefile.am: + Don't removed generated external files during distclean + +2008-08-27 06:19 aj + + * trunk/NEWS, trunk/configure.ac: Update trunk for new release. + +2008-08-20 15:20 aj + + * trunk/NEWS: Document recent changes. + +2008-08-20 15:17 aj + + * trunk/src/libopensc/pkcs15-gemsafeV1.c: Douglas E. Engert: The + pkcs15-gemsafeV1.c code assumes that the key_ref is always 3. + But that is not always the case. In our case it is 4. The patch + tries to determine the key_ref by looking at what appears to be + a table of allocated keys, and picking the first allocated key. + In case this is not always true, the patch will also allow for + the the opensc.conf card flag = n to specify the key_ref as the + low order 4 bits of the flag. + +2008-08-20 05:41 aj + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, + trunk/src/libopensc/card-entersafe.c, + trunk/src/libopensc/cardctl.h, trunk/src/libopensc/cards.h, + trunk/src/libopensc/ctx.c, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15-esinit.c, + trunk/src/libopensc/pkcs15-syn.c, + trunk/src/pkcs15init/Makefile.am, + trunk/src/pkcs15init/Makefile.mak, + trunk/src/pkcs15init/entersafe.profile, + trunk/src/pkcs15init/pkcs15-entersafe.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c: Add new entersafe driver for + ePass 3000 tokens. + +2008-08-12 14:48 aj + + * trunk/src/tools/pkcs15-tool.c: remove check for label - if you + set one with "pkcs15-init -C -l your-label" this check doesn't + work correctly. + +2008-08-12 09:51 ludovic.rousseau + + * trunk/src/pkcs11/pkcs11-display.c: print_mech_info(): replace + printf by fprintf to correctly redirect the log + +2008-07-31 13:25 aj + + * trunk/NEWS, trunk/src/libopensc/card-cardos.c, + trunk/src/tools/pkcs15-tool.c: Apply security fix. + +2008-07-31 12:43 aj + + * trunk/doc/nonpersistent/export-wiki.sh: update export script. + +2008-07-31 12:18 aj + + * trunk/NEWS: and update the date. + +2008-07-31 12:17 aj + + * trunk/NEWS: document this change. + * trunk/etc/opensc.conf.in, trunk/src/libopensc/pkcs15.c: make the + sign_with_decrypt hack configureable. + +2008-07-31 12:13 aj + + * trunk/src/libopensc/pkcs15.c: move checks to pkcs15_bind, where + we can look at the config. + +2008-07-30 14:00 alonbl + + * trunk/NEWS: Update NEWS + +2008-07-30 11:57 aj + + * trunk/NEWS, trunk/configure.ac: update configure and NEWS file. + +2008-07-27 15:50 cg2v + + * trunk/src/libopensc/card-cardos.c: export a GET DATA operation + for cardos so opensc-explorer's do_get works + +2008-07-27 15:18 cg2v + + * trunk/src/tools/pkcs15-tool.c: Don't free uninitialized memory + if pem_encode fails. + +2008-07-21 14:39 aj + + * trunk/src/tools/opensc-explorer.c: Chaskiel Grundman: I found + the following patch to opensc-explorer handy when cleaning up + after some failed keygens (but not all, since you can't delete + private key objects). It switches the card to the admin + lifecycle at startup: + +2008-07-21 14:35 aj + + * trunk/src/pkcs15init/pkcs15-cardos.c: Chaskiel Grundman: Nowhere + in pkcs15init/pkcs15-cardos.c is the user pin ever requested or + presented to the card. Since the update acl for the key object + uses the user pin, the GENERATE KEY operation fails when it + isn't logged in. + +2008-07-02 10:15 martin + + * trunk/win32/Make.rules.mak: Do not delete .exports files on make + clean + +2008-07-02 09:55 alonbl + + * trunk/src/libopensc/reader-pcsc.c: Make PC/SC work on Windows + again + +2008-06-11 10:14 alonbl + + * trunk/configure.ac: Detect libtool-1 or libtool-2 at runtime + +2008-06-09 08:32 alonbl + + * trunk/src/libopensc/Makefile.am: Revert pic changeset + +2008-06-09 08:31 alonbl + + * trunk/Makefile.am, trunk/src/libopensc/Makefile.am: More + aclocal->m4 + +2008-06-09 08:10 ludovic.rousseau + + * trunk/m4/acx_pthread.m4: upgrade from + http://autoconf-archive.cryp.to/acx_pthread.html + +2008-06-05 20:21 alonbl + + * trunk/configure.ac: Revert autoconf version prereq + +2008-06-05 17:06 alonbl + + * trunk/Makefile.am, trunk/aclocal, trunk/configure.ac, trunk/m4, + trunk/m4/acx_pthread.m4, trunk/m4/libassuan.m4: Rename + aclocal->m4 to be more standard + +2008-06-05 17:03 alonbl + + * trunk/Makefile.am, trunk/aclocal, trunk/aclocal/Makefile.am, + trunk/configure.ac, trunk/src/pkcs11/Makefile.am, + trunk/svnignore: Prepare for libtool-2 + +2008-05-26 11:35 alonbl + + * trunk/etc/opensc.conf.in: No point to maintain static list of + available drivers in configuration file, user can always use + opensc-tool to see available drivers + +2008-05-26 10:46 alonbl + + * trunk/src/tools/opensc-explorer.c: opensc-explorer double free + and cleanups $ opensc-explorer OpenSC Explorer version + 0.11.4-svn OpenSC [3F00]> cat only working EFs may be read + OpenSC [3F00]> cat only working EFs may be read opensc-explorer: + sc.c:492: sc_file_free: Assertion `sc_file_valid(file)' failed. + Aborted $ opensc-explorer OpenSC Explorer version 0.11.4-svn + OpenSC [3F00]> cd ff00 OpenSC [3F00/FF00]> cat only working EFs + may be read OpenSC [3F00/FF00]> cd .. opensc-explorer: sc.c:492: + sc_file_free: Assertion `sc_file_valid(file)' failed. Aborted By + Aktiv Co. Aleksey Samsonov And some more Cleanups + +2008-05-26 08:30 ludovic.rousseau + + * trunk/src/pkcs11/pkcs11-display.c: print_generic() & + print_print(): size is a CK_ULONG (unsigned) so compare using + "!= (CK_LONG)(-1)" instead of "> 0" + +2008-05-22 12:37 ludovic.rousseau + + * trunk/src/pkcs11/secretkey.c: completely initialize + pkcs11_secret_key_ops structure with NULL pointers + secretkey.c:225: warning: missing initializer secretkey.c:225: + warning: (near initialization for + 'pkcs11_secret_key_ops.destroy_object') + +2008-05-22 12:30 ludovic.rousseau + + * trunk/src/libopensc/pkcs15-rutoken.c: add missing prototype for + sc_pkcs15emu_rutoken_init_ex() + * trunk/src/libopensc/pkcs15-tcos.c: add missing prototype for + sc_pkcs15emu_tcos_init_ex() + +2008-05-22 12:26 ludovic.rousseau + + * trunk/src/libopensc/card-akis.c: do not use system as a variable + name. system() is also a function card-akis.c:400: warning: + declaration of 'system' shadows a global declaration + /usr/include/stdlib.h:730: warning: shadowed declaration is here + +2008-05-22 12:23 ludovic.rousseau + + * trunk/src/libopensc/reader-pcsc.c: remove two unused variables + reader-pcsc.c:739: warning: unused variable 'rv' + reader-pcsc.c:862: warning: unused variable 'again' + +2008-05-22 12:22 ludovic.rousseau + + * trunk/src/libopensc/reader-pcsc.c: Avoid variable name space + collision reader-pcsc.c:396: warning: declaration of 'priv' + shadows a previous local reader-pcsc.c:367: warning: shadowed + declaration is here reader-pcsc.c:909: warning: declaration of + 'reader' shadows a previous local reader-pcsc.c:901: warning: + shadowed declaration is here + +2008-05-22 12:14 ludovic.rousseau + + * trunk/src/common/compat_dummy.c: add a prototype for + compat_dummy() compat_dummy.c:2: warning: no previous prototype + for 'compat_dummy' + +2008-05-22 12:13 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-cardos.c: use #ifdef instead of #if + pkcs15-cardos.c:547:5: warning: "SET_SM_BYTES" is not defined + pkcs15-cardos.c:585:5: warning: "SET_SM_BYTES" is not defined + +2008-05-20 09:47 ludovic.rousseau + + * trunk/src/pkcs11/pkcs11-spy.c: print_ptr_in(): change log format + +2008-05-20 09:41 ludovic.rousseau + + * trunk/src/pkcs11/pkcs11-spy.c: C_Initialize(): log the value of + the pInitArgs argument + +2008-05-14 18:34 alonbl + + * trunk/configure.ac: Fixup configure help strings + +2008-05-12 09:41 ludovic.rousseau + + * trunk/src/pkcs11/pkcs11-spy.c: C_Finalize(): do not unload the + module since the application may try to make PKCS#11 calls again + +2008-05-10 09:55 alonbl + + * trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/reader-openct.c: Better handle openct reader + replug, revert last change in pkcs11-pin + +2008-05-09 22:22 alonbl + + * trunk/src/libopensc/pkcs15-pin.c: Fix sc_pkcs15_verify_pin() to + handle OpenCT hotplug correctly + +2008-05-05 13:00 ludovic.rousseau + + * trunk/src/libopensc/muscle-filesystem.h, + trunk/src/libopensc/muscle.c, + trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/openssl.c, + trunk/src/pkcs11/pkcs11-display.c, trunk/src/scconf/parse.c, + trunk/src/scconf/sclex.c, trunk/src/signer/dialog.c, + trunk/src/signer/opensc-crypto.h, trunk/src/tests/print.c, + trunk/src/tests/sc-test.h, trunk/src/tools/opensc-explorer.c, + trunk/src/tools/piv-tool.c, trunk/src/tools/pkcs15-init.c: Use + size_t instead of int when needed, plus some other minor changes + Patch bug.1 included in Ticket #176 + +2008-05-05 09:51 ludovic.rousseau + + * trunk/src/tools/pkcs15-tool.c: use type size_t instead of int + since the 3rd argument of sc_format_asn1_entry() is void * using + int will fail on a 64-bits platform Closes Ticket #176 + +2008-05-02 17:56 alonbl + + * trunk/src/libopensc/pkcs15-pin.c: Verify PIN support Plug&Play + If card was reset or reader reconnected, verify can restart + transaction, as upper level will not cache PIN in this case. + +2008-04-29 17:01 alonbl + + * trunk/src/libopensc/ctx.c, + trunk/src/libopensc/internal-winscard.h, + trunk/src/libopensc/libopensc.exports, + trunk/src/libopensc/opensc.h, + trunk/src/libopensc/reader-ctapi.c, + trunk/src/libopensc/reader-openct.c, + trunk/src/libopensc/reader-pcsc.c, + trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/slot.c, + trunk/src/tools/opensc-tool.c: Plug&Play support This is not the + best solution, but focus on smallest code change. Changes: 1. + Add detect_readers() to reader opts, this adds new readers to + the end of the readers list until list is full. 2. Add + sc_ctx_detect_readers() that calls readers' detect_readers(). 3. + Fixup pcsc_lock() so that it reconnect to the card and report + proper error so caller may be notified if session was lost. 4. + Allow context to be created without readers. 5. Call + sc_ctx_detect_readers() from PKCS#11 C_GetSlotList with + NULL_PTR. 6. Allow no reader at detect_card, as reader my be + removed. 7. Since I broke ABI, I updated the external module + version requirement to match OpenSC version. In the future a + separate version should be maintained for each interface, this + should be unrelated to the package version. Alon --- svn merge + -r 3480:3505 + https://www.opensc-project.org/svn/opensc/branches/alonbl/pnp M + src/tools/opensc-tool.c M src/pkcs11/pkcs11-global.c M + src/pkcs11/slot.c M src/libopensc/reader-pcsc.c M + src/libopensc/internal-winscard.h M src/libopensc/ctx.c M + src/libopensc/reader-ctapi.c M src/libopensc/libopensc.exports M + src/libopensc/reader-openct.c M src/libopensc/opensc.h + +2008-04-29 06:11 alonbl + + * trunk/src/libopensc/asn1.c: SIGSEGV print_tags_recursive - fix + Patch opensc-0.11.4.trunk-r3502-fix-segv_print_tags_asn1.diff + (for trunk trunk revision 3502) is draft. Example 1 (SIGSEGV): + OpenSC Explorer version 0.11.4-svn OpenSC [3F00]> cd ff00 OpenSC + [3F00/FF00]> asn1 0001 Printing tags for buffer of length 512 + [Switching to Thread -1211906368 (LWP 25131)] By Aktiv Co. + Aleksey Samsonov + +2008-04-29 06:09 alonbl + + * trunk/src/libopensc/Makefile.mak, trunk/src/pkcs11/Makefile.mak, + trunk/src/pkcs15init/Makefile.mak, trunk/src/tests/Makefile.am, + trunk/src/tests/Makefile.mak, trunk/src/tools/Makefile.mak, + trunk/win32/Make.rules.mak, trunk/win32/versioninfo.rc.in.in: + More MSVC fixups by Douglas E. Engert + +2008-04-28 07:57 ludovic.rousseau + + * trunk/src/libopensc/card-akis.c, + trunk/src/libopensc/card-asepcos.c, + trunk/src/libopensc/card-atrust-acos.c, + trunk/src/libopensc/card-incrypto34.c, + trunk/src/libopensc/card-muscle.c, + trunk/src/libopensc/card-oberthur.c, + trunk/src/libopensc/card-piv.c, trunk/src/libopensc/card-tcos.c, + trunk/src/libopensc/p15card-helper.c, + trunk/src/libopensc/pkcs15-gemsafeV1.c, + trunk/src/libopensc/pkcs15-tcos.c, + trunk/src/libopensc/reader-pcsc.c: convert C++ in C comment + +2008-04-28 07:45 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-oberthur.c: convert C++ comment in C + comment + +2008-04-28 07:44 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-muscle.c: convert a C++ comment in C + comment + +2008-04-28 07:42 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-rutoken.c: rutoken_new_file(): + initialize sec_attr pkcs15-rutoken.c:372: warning: 'sec_attr' + may be used uninitialized in this function + +2008-04-28 07:36 ludovic.rousseau + + * trunk/src/pkcs11/framework-pkcs15init.c: completely initialize + the sc_pkcs11_framework_ops structure (using NULL for undefined + callbacks) + +2008-04-28 07:33 ludovic.rousseau + + * trunk/src/pkcs11/debug.c: completely initialize the struct fmap + fields + +2008-04-28 07:24 ludovic.rousseau + + * trunk/src/libopensc/card.c: card.c:756: warning: unused variable + 'j' + +2008-04-28 07:23 ludovic.rousseau + + * trunk/src/libopensc/ctx.c: convert C++ comment in C comment (ISO + C90) + +2008-04-25 12:49 alonbl + + * trunk/src/tools/rutoken-tool.c: Use O_BINARY at rutoken + +2008-04-25 11:51 alonbl + + * trunk/src/tools/pkcs11-tool.c: Cleanup some Windows issues with + open + +2008-04-24 16:34 alonbl + + * trunk/src/libopensc/card-rutoken.c: rutoken: Some MSVC fixups, + by Aktiv Co. Aleksey Samsonov + +2008-04-24 06:32 alonbl + + * trunk/win32/opensc-install.bat: Add PATH comment for Windows + users + +2008-04-18 20:37 alonbl + + * trunk/bootstrap: Add --force to autoreconf + +2008-04-18 14:08 alonbl + + * trunk/src/include/opensc/Makefile.am, + trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, + trunk/src/libopensc/card-rutoken.c, + trunk/src/libopensc/libopensc.exports, + trunk/src/libopensc/pkcs15-prkey-rutoken.c, + trunk/src/libopensc/pkcs15-rutoken.c, + trunk/src/libopensc/rutoken.h, trunk/src/pkcs15init/Makefile.am, + trunk/src/pkcs15init/pkcs15-rutoken.c, + trunk/src/pkcs15init/rutoken.profile, + trunk/src/tools/rutoken-tool.c: ruToken fixups + http://www.opensc-project.org/pipermail/opensc-devel/2008-April/011057.html + By Aktiv Co. Aleksey Samsonov + +2008-04-17 10:05 alonbl + + * trunk/etc/Makefile.am: Make sure we generate opensc.conf every + time There is no dependency for autoconf variables, and we + provide the opensc.conf for Windows MSCVER build. + +2008-04-16 04:42 alonbl + + * trunk/src/common/Makefile.am, + trunk/src/common/compat_getopt_main.c, trunk/src/common/main.c: + common/main.c is part of getopt package + +2008-04-16 04:32 alonbl + + * trunk/src/libopensc/sc.c: Fix last reference to VERSION and not + PACKAGE_VERSION + +2008-04-13 17:57 alonbl + + * trunk/win32/opensc-install.bat: Add PKCS11-Spy to installer + +2008-04-13 17:51 alonbl + + * trunk/win32/Makefile.am, trunk/win32/opensc-install.bat: Add + simple Windows installer script for OpenSC As nobody want to + maintain UI installer, at least provide an installation script. + The opensc-install.bat should be run from the installed location. + +2008-04-12 21:54 alonbl + + * trunk/src/tools/opensc-tool.c: Add --get-conf-entry, + --set-conf-entry to opensc-tool Although not perfect, will + enable installer/users to perform some simple tasks against + configuration file. + +2008-04-11 12:52 alonbl + + * trunk/doc/Makefile.am, trunk/src/include/Makefile.am, + trunk/src/libopensc/Makefile.am, trunk/src/pkcs11/Makefile.am, + trunk/src/pkcs15init/Makefile.am, trunk/src/scconf/Makefile.am, + trunk/src/tools/Makefile.am: More fixups to maintainer-clean + +2008-04-10 12:21 alonbl + + * trunk/win32/versioninfo.rc.in.in: afxres.h is not needed + +2008-04-08 19:16 alonbl + + * trunk/win32/Makefile.am: No need for Makefile.mak in win32 + anymore + +2008-04-08 18:36 alonbl + + * trunk/Makefile.am, trunk/Makefile.mak, trunk/configure.ac, + trunk/src/include/Makefile.am, trunk/src/include/winconfig.h, + trunk/src/include/winconfig.h.in, + trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, trunk/src/pkcs11/Makefile.am, + trunk/src/pkcs11/Makefile.mak, trunk/src/pkcs15init/Makefile.am, + trunk/src/scconf/Makefile.am, trunk/src/tests/Makefile.mak, + trunk/src/tools/Makefile.am, trunk/src/tools/Makefile.mak, + trunk/win32/Make.rules.mak, trunk/win32/Makefile.am, + trunk/win32/Makefile.mak, trunk/win32/version.rc, + trunk/win32/versioninfo.rc.in, trunk/win32/versioninfo.rc.in.in: + Distribute autoconf generated files for MSVC build Construct + resource files and winconfig.h using autoconf substitutions. + +2008-04-08 17:56 alonbl + + * trunk/doc/Makefile.am: Typeo + +2008-04-07 21:35 alonbl + + * trunk/src/pkcs11/Makefile.mak, trunk/src/scconf/Makefile.mak, + trunk/win32/Make.rules.mak: More MSVC build additions (1) use + the exports for opensc-pkcs11.dll, onepin-opensc-pkcs11.dll, and + pkcs11-spy.dll (2) don't link common.lib with scconf.lib, to + avoid duplicate messages later. (3) add piv-tool to + openssl_programs. By Douglas E. Engert + +2008-04-07 21:28 alonbl + + * trunk/src/include/winconfig.h, trunk/win32/Make.rules.mak: + Support OPENSC_FEATURES for MSC build + +2008-04-07 19:42 alonbl + + * trunk/src/common/Makefile.mak, trunk/src/include/winconfig.h, + trunk/src/libopensc/Makefile.mak, trunk/src/pkcs11/Makefile.mak, + trunk/src/pkcs15init/Makefile.mak, + trunk/src/scconf/Makefile.mak, trunk/src/tools/Makefile.mak, + trunk/src/tools/eidenv.c, trunk/win32/Make.rules.mak, + trunk/win32/Makefile.am, trunk/win32/makedef.pl: Attached are + the latest mode to OpenSC svn 3462 to use the Makefile.mak files + to build on Windows. I got rutoken to compile, and took out the + #ifdef's I had in last week. The rutoken programmer declared + some variables in the middle of a block rather then having all + the declare statements at the beginning of a block as is + normally done in C. The Microsoft compile treats this as an + error. (Actual many errors.) The makedef.pl is no longer needed, + as the exports files can be used. Note that in the original + Makefile.mak files only opensc.def and pkcs15init.def were + created. winconfig.h has a number of changes. As discussed last + week this could be created by autoconf. I also noted that the + Active State Perl that was required for the makedef.pl has a + psed command that could be used like sed to update winconfig.h. + I did not attempt to do this. win32/Make.rules.mak - Use + ENABLE_OPENSSL and ENABLE_ZLIB src/tools/Makefile.mak - add the + rutoken.tool.exe src/tools/eidenv.c - use PACKAGE_VERSION + src/pkcs11/Makefile.mak - reorder the objest to match the list + in the Makefile.am. Makes it easier to read. + src/include/winconfig.h - The windows version of the config.h + Changes based on discussions on the list last week. + src/common/Makefile.mak - renamed modules. + src/pkcs15init/Makefile.mak - reordered, and added back the + rutoken modules replaced the use of makdef.pl to sue the exports + file. src/scconf/Makefile.mak - reordered objects. + src/libopensc/card-rutoken.c - error. Moved the declares to the + beginning of blocks. src/libopensc/Makefile.mak - reorder names, + and add rutoken. Use the libopensc.exports file. + src/libopensc/pkcs15-prkey-rutoken.c - more moving of declare + statements. By Douglas E. Engert + http://www.opensc-project.org/pipermail/opensc-devel/2008-April/011011.html + +2008-04-07 19:25 alonbl + + * trunk/src/libopensc/card-rutoken.c, + trunk/src/libopensc/pkcs15-prkey-rutoken.c: ruToken C fixups + http://www.opensc-project.org/pipermail/opensc-devel/2008-April/011011.html + By Douglas E. Engert + +2008-04-04 20:38 alonbl + + * trunk/src/libopensc/Makefile.am, trunk/src/pkcs11/Makefile.am, + trunk/src/pkcs15init/Makefile.am, trunk/src/scconf/Makefile.am, + trunk/src/signer/Makefile.am, trunk/win32/ltrc.inc: Some more + build cleanups + +2008-04-04 19:21 alonbl + + * trunk/doc/Makefile.am, trunk/doc/nonpersistent/Makefile.am: Fix + future issue with distcheck + +2008-04-04 16:46 alonbl + + * trunk/src/libopensc/internal-winscard.h: Fix some duplicate + symbols with Windows header files. Thanks to Douglas E. Engert. + +2008-04-04 16:21 alonbl + + * trunk/src/pkcs11/pkcs11-global.c: Fix MSVC compiler error + http://www.opensc-project.org/pipermail/opensc-devel/2008-April/010997.html + Thanks to Douglas E. Engert + +2008-04-04 06:05 alonbl + + * trunk/src/libopensc/internal-winscard.h: Fixup WINAPI location + By: Douglas E. Engert (2) Change the typdefs for the SC_*_t + routines. The WINAPI had to be moved. For example from: typedef + PCSC_API LONG (*SCardEstablishContext_t)... to: typedef LONG + (PCSC_API *SCardEstablishContext_t)... + +2008-04-04 05:39 alonbl + + * trunk/src/libopensc/pkcs15-prkey-rutoken.c: Solve some Windows + conflicts + +2008-04-02 19:48 alonbl + + * trunk/configure.ac: Fix default PC/SC provider for darwin, + thanks to Martin Paljak + +2008-04-02 05:44 alonbl + + * trunk/configure.ac, trunk/etc/Makefile.am, + trunk/etc/opensc.conf.in, trunk/src/libopensc/reader-pcsc.c: + Rename PC/SC library into PC/SC provider. Sync symbols between + configuration and source. Put default provider in opensc.conf, + opensc-tool. + +2008-04-01 20:41 alonbl + + * trunk/Makefile.am: Ignore -svn component so distcheck will pass + for svn versions + +2008-04-01 20:32 alonbl + + * trunk/configure.ac: Readd -svn version suffix, removed at + revision 3446 + +2008-04-01 20:10 alonbl + + * trunk/configure.ac: Add --with-pcsc-module to configure + +2008-04-01 19:58 alonbl + + * trunk/Makefile.am, trunk/doc/Makefile.am, + trunk/doc/nonpersistent/Makefile.am: More separate srcdir + fixups, make distcheck work + +2008-04-01 19:04 alonbl + + * trunk/Makefile.am, trunk/aclocal/Makefile.am, + trunk/configure.ac, trunk/doc/Makefile.am, + trunk/doc/nonpersistent/Makefile.am, trunk/etc/Makefile.am, + trunk/src/Makefile.am, trunk/src/common/Makefile.am, + trunk/src/include/Makefile.am, + trunk/src/include/opensc/Makefile.am, + trunk/src/libopensc/Makefile.am, trunk/src/openssh/Makefile.am, + trunk/src/pkcs11/Makefile.am, trunk/src/pkcs15init/Makefile.am, + trunk/src/scconf/Makefile.am, trunk/src/signer/Makefile.am, + trunk/src/signer/npinclude/Makefile.am, + trunk/src/tests/Makefile.am, + trunk/src/tests/regression/Makefile.am, + trunk/src/tools/Makefile.am, trunk/win32/Makefile.am: More + separate srcdir fixups + +2008-04-01 17:08 alonbl + + * trunk/src/libopensc/Makefile.am, trunk/src/pkcs11/Makefile.am, + trunk/src/pkcs15init/Makefile.am, trunk/src/scconf/Makefile.am, + trunk/src/tools/Makefile.am: More separate srcdir fixups + +2008-04-01 16:55 alonbl + + * trunk/doc/Makefile.am, trunk/doc/nonpersistent/Makefile.am, + trunk/etc/Makefile.am: More separate srcdir fixups + +2008-04-01 13:04 ludovic.rousseau + + * trunk/doc/Makefile.am: do not use api/*/*.xml but explicitely + expand the first * to avoid catching + api/xsl-stylesheets/catalog.xml + +2008-04-01 13:01 ludovic.rousseau + + * trunk/configure.ac, trunk/doc/Makefile.am: use $(srcdir) for + dist_noinst_DATA + +2008-04-01 12:43 ludovic.rousseau + + * trunk/doc/nonpersistent/Makefile.am, + trunk/src/libopensc/Makefile.am, trunk/src/pkcs11/Makefile.am, + trunk/src/pkcs15init/Makefile.am, trunk/src/scconf/Makefile.am, + trunk/src/signer/Makefile.am, trunk/src/tests/Makefile.am, + trunk/src/tools/Makefile.am: use $(srcdir) when needed to be + able to build in separate build directories using: cd foobar ; + ../configure srcdir=.. Thanks to Douglas E. Engert for the patch + http://www.opensc-project.org/pipermail/opensc-devel/2008-March/010959.html + +2008-04-01 12:35 ludovic.rousseau + + * trunk/src/libopensc/pkcs15-piv.c, + trunk/src/libopensc/pkcs15-prkey-rutoken.c, + trunk/src/libopensc/pkcs15-rutoken.c: use "pkcs15.h" instead of + (and similar) Thanks to Douglas E. Engert for + the patch + http://www.opensc-project.org/pipermail/opensc-devel/2008-March/010959.html + +2008-04-01 09:32 ludovic.rousseau + + * trunk/src/tools/rutoken-tool.c: #include to + avoid a compilation warning rutoken.h:4: warning: 'struct + sc_pkcs15_prkey' declared inside parameter list rutoken.h:4: + warning: its scope is only this definition or declaration, which + is probably not what you want + +2008-03-29 20:34 alonbl + + * trunk/configure.ac: Trivial + +2008-03-27 14:13 alonbl + + * trunk/src/pkcs11/Makefile.am: Install PKCS#11 providers at bin + for Windows This will place file in more expected location, and + reduce runtime dependencies as dependency DLL will be located at + the same directory. + +2008-03-26 06:24 alonbl + + * trunk/src/include/opensc/Makefile.am, + trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/card-rutoken.c, + trunk/src/libopensc/libopensc.exports, + trunk/src/libopensc/pkcs15-prkey-rutoken.c, + trunk/src/libopensc/rutoken.h, trunk/src/pkcs11/Makefile.am, + trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/pkcs11-opensc.h, trunk/src/pkcs11/pkcs11.h, + trunk/src/pkcs11/sc-pkcs11.h, + trunk/src/pkcs15init/pkcs15-rutoken.c, + trunk/src/tools/pkcs11-tool.c, trunk/src/tools/rutoken-tool.c: + ruToken cleanups Move constants out of standard files. Create + ruToken specific interface. Update symbols. Thread at: + http://www.opensc-project.org/pipermail/opensc-devel/2008-March/010917.html + Cleanup of: + http://www.opensc-project.org/pipermail/opensc-devel/2007-December/010617.html + +2008-03-24 16:05 alonbl + + * trunk/configure.ac: Cleanup conventions to meet other OpenSC + projects + +2008-03-20 13:36 alonbl + + * trunk/configure.ac: Revert last + +2008-03-20 13:06 alonbl + + * trunk/configure.ac: Need AC_LIBTOOL_DLOPEN for PKCS#11 module + +2008-03-19 21:23 alonbl + + * trunk/src/pkcs11/Makefile.am, trunk/src/pkcs11/sc-pkcs11.h: + Cygwin should load .dll version of PKCS#11 + +2008-03-19 20:30 alonbl + + * trunk/src/libopensc/internal-winscard.h: Fixup compile under + cygwin + +2008-03-17 15:17 ludovic.rousseau + + * trunk/src/libopensc/pkcs15-gemsafeV1.c: pkcs15-gemsafeV1.c:478: + warning: 'sc_pkcs15emu_add_pubkey' defined but not used + +2008-03-17 15:09 ludovic.rousseau + + * trunk/src/libopensc/pkcs15-gemsafeV1.c: change type from int to + unsigned int to avoid 2 compiler warnings: + pkcs15-gemsafeV1.c:150: warning: comparison between signed and + unsigned pkcs15-gemsafeV1.c:331: warning: comparison between + signed and unsigned + * trunk/src/libopensc/pkcs15-gemsafeV1.c: rename index -> + index_local to avoid a compiler warning pkcs15-gemsafeV1.c:126: + warning: declaration of 'index' shadows a global declaration + /usr/include/string.h:304: warning: shadowed declaration is here + * trunk/src/libopensc/pkcs15-gemsafeV1.c: use sc_debug/sc_error + instead of fprintf(stderr, ...) + +2008-03-17 15:03 ludovic.rousseau + + * trunk/src/libopensc/card-gemsafeV1.c: add ATR for the + GemSafeXpresso 16k R3.2 + +2008-03-15 19:58 alonbl + + * trunk/etc/Makefile.am: Fix opensc.conf dist again + +2008-03-15 18:12 alonbl + + * trunk/etc/Makefile.am: Don't distribute opensc.conf + +2008-03-15 13:24 alonbl + + * trunk/configure.ac: Fix typo + * trunk/configure.ac: Fixup autoconf detection + +2008-03-15 11:05 alonbl + + * trunk/configure.ac, trunk/src/libopensc/Makefile.am, + trunk/src/pkcs15init/Makefile.am: Fix libtool versioning issues + +2008-03-14 21:26 alonbl + + * trunk/configure.ac: Fixup autoconf help + +2008-03-14 07:44 alonbl + + * trunk/configure.ac: Minor cleanups + +2008-03-10 18:17 alonbl + + * trunk/configure.ac: Support >=autoconf-2.60 + +2008-03-10 16:38 aj + + * trunk/Makefile.am, trunk/doc/Makefile.am: use new MKDIR_P macro, + but depend on automake >= 1.10. + +2008-03-10 07:10 alonbl + + * trunk/configure.ac: Remove emptyline + +2008-03-10 06:45 aj + + * trunk/doc/Makefile.am: automake&co define mkdir_p, not MKDIR_P. + +2008-03-09 21:24 alonbl + + * trunk/Makefile.am, trunk/aclocal/Makefile.am, + trunk/doc/Makefile.am, trunk/doc/nonpersistent/Makefile.am, + trunk/etc/Makefile.am, trunk/src/Makefile.am, + trunk/src/common/Makefile.am, trunk/src/include/Makefile.am, + trunk/src/include/opensc/Makefile.am, + trunk/src/libopensc/Makefile.am, trunk/src/openssh/Makefile.am, + trunk/src/pkcs11/Makefile.am, trunk/src/pkcs15init/Makefile.am, + trunk/src/scconf/Makefile.am, trunk/src/signer/Makefile.am, + trunk/src/signer/npinclude/Makefile.am, + trunk/src/tests/Makefile.am, + trunk/src/tests/regression/Makefile.am, + trunk/src/tools/Makefile.am, trunk/win32/Makefile.am: Remove + useless comments + +2008-03-09 19:44 alonbl + + * trunk/configure.ac: Some build cleanups + +2008-03-09 15:34 alonbl + + * trunk/doc/nonpersistent/Makefile.am, + trunk/doc/nonpersistent/export-wiki.sh: Make export-wiki.sh + static across projects + +2008-03-09 15:13 alonbl + + * trunk/doc/nonpersistent/export-wiki.xsl: export-wiki.xsl now + works with new trac + +2008-03-09 12:01 alonbl + + * trunk/configure.ac, trunk/src/libopensc/Makefile.am, + trunk/src/pkcs15init/Makefile.am: Windows DLL suffix is actually + delta + +2008-03-09 11:48 alonbl + + * trunk/configure.ac: Add some missing AC_PROG + +2008-03-08 15:36 alonbl + + * trunk/Makefile.am: We don't need version constraint + +2008-03-06 16:06 alonbl + + * trunk, trunk/Makefile.am, trunk/aclocal, + trunk/aclocal/Makefile.am, trunk/configure.ac, + trunk/configure.in, trunk/doc, trunk/doc/Makefile.am, + trunk/doc/api, trunk/doc/api/apps, trunk/doc/api/asn1, + trunk/doc/api/card, trunk/doc/api/file, trunk/doc/api/html.xsl, + trunk/doc/api/init, trunk/doc/api/man.xsl, trunk/doc/api/misc, + trunk/doc/api/types, trunk/doc/api/util, trunk/doc/changelog.sh, + trunk/doc/export-wiki.sh, trunk/doc/export-wiki.xsl, + trunk/doc/generate-man.sh, trunk/doc/nonpersistent, + trunk/doc/nonpersistent/Makefile.am, + trunk/doc/nonpersistent/export-wiki.sh, + trunk/doc/nonpersistent/export-wiki.xsl, + trunk/doc/nonpersistent/svn2cl.xsl, trunk/doc/svn2cl.xsl, + trunk/doc/tools, trunk/doc/tools/pkcs15-profile.xml, trunk/etc, + trunk/etc/Makefile.am, trunk/etc/opensc.conf.in, trunk/man, + trunk/solaris, trunk/solaris/Makefile, trunk/src, + trunk/src/Makefile.am, trunk/src/common, + trunk/src/common/ChangeLog, + trunk/src/common/ChangeLog.compat_getopt, + trunk/src/common/LICENSE, + trunk/src/common/LICENSE.compat_getopt, + trunk/src/common/Makefile.am, + trunk/src/common/README.compat_getopt, + trunk/src/common/README.compat_strlcpy, + trunk/src/common/README.my_getopt, + trunk/src/common/README.strlcpy, + trunk/src/common/compat_dummy.c, + trunk/src/common/compat_getopt.3, + trunk/src/common/compat_getopt.c, + trunk/src/common/compat_getopt.h, + trunk/src/common/compat_getopt.txt, + trunk/src/common/compat_getpass.c, + trunk/src/common/compat_getpass.h, + trunk/src/common/compat_strlcpy.3, + trunk/src/common/compat_strlcpy.c, + trunk/src/common/compat_strlcpy.h, trunk/src/common/getopt.3, + trunk/src/common/getopt.txt, trunk/src/common/getpass.c, + trunk/src/common/my_getopt.c, trunk/src/common/my_getopt.h, + trunk/src/common/strlcpy.3, trunk/src/common/strlcpy.c, + trunk/src/common/strlcpy.h, trunk/src/include, + trunk/src/include/Makefile.am, trunk/src/include/opensc, + trunk/src/include/opensc/Makefile.am, + trunk/src/include/opensc/svnignore, trunk/src/libopensc, + trunk/src/libopensc/Makefile.am, trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/card-oberthur.c, + trunk/src/libopensc/card-piv.c, + trunk/src/libopensc/card-rutoken.c, + trunk/src/libopensc/compression.c, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/internal-winscard.h, + trunk/src/libopensc/internal.h, + trunk/src/libopensc/libopensc.exports, + trunk/src/libopensc/log.c, trunk/src/libopensc/log.h, + trunk/src/libopensc/opensc-config.in, + trunk/src/libopensc/p15card-helper.c, + trunk/src/libopensc/part10.h, + trunk/src/libopensc/pkcs15-actalis.c, + trunk/src/libopensc/pkcs15-atrust-acos.c, + trunk/src/libopensc/pkcs15-esteid.c, + trunk/src/libopensc/pkcs15-gemsafeGPK.c, + trunk/src/libopensc/pkcs15-infocamere.c, + trunk/src/libopensc/pkcs15-openpgp.c, + trunk/src/libopensc/pkcs15-piv.c, + trunk/src/libopensc/pkcs15-postecert.c, + trunk/src/libopensc/pkcs15-prkey-rutoken.c, + trunk/src/libopensc/pkcs15-starcert.c, + trunk/src/libopensc/pkcs15-tcos.c, + trunk/src/libopensc/pkcs15-wrap.c, + trunk/src/libopensc/reader-openct.c, + trunk/src/libopensc/reader-pcsc.c, trunk/src/libopensc/sc.c, + trunk/src/libopensc/ui.c, trunk/src/openssh, + trunk/src/openssh/Makefile.am, trunk/src/pkcs11, + trunk/src/pkcs11/Makefile.am, + trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/mechanism.c, + trunk/src/pkcs11/opensc-pkcs11.exports, + trunk/src/pkcs11/openssl.c, trunk/src/pkcs11/pkcs11-display.c, + trunk/src/pkcs11/pkcs11-global.c, + trunk/src/pkcs11/pkcs11-object.c, trunk/src/pkcs11/pkcs11-spy.c, + trunk/src/pkcs11/pkcs11-spy.exports, + trunk/src/pkcs11/sc-pkcs11.h, trunk/src/pkcs15init, + trunk/src/pkcs15init/Makefile.am, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-oberthur.c, + trunk/src/pkcs15init/pkcs15-rutoken.c, + trunk/src/pkcs15init/pkcs15init.exports, + trunk/src/pkcs15init/profile.c, trunk/src/scconf, + trunk/src/scconf/Makefile.am, trunk/src/scconf/parse.c, + trunk/src/scconf/scconf.exports, trunk/src/signer, + trunk/src/signer/Makefile.am, trunk/src/signer/npinclude, + trunk/src/signer/npinclude/Makefile.am, + trunk/src/signer/signer.exports, trunk/src/tests, + trunk/src/tests/Makefile.am, trunk/src/tests/pintest.c, + trunk/src/tests/regression, + trunk/src/tests/regression/Makefile.am, + trunk/src/tests/sc-test.c, trunk/src/tools, + trunk/src/tools/Makefile.am, trunk/src/tools/cardos-info.c, + trunk/src/tools/cryptoflex-tool.c, trunk/src/tools/eidenv.c, + trunk/src/tools/netkey-tool.c, + trunk/src/tools/opensc-explorer.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/piv-tool.c, + trunk/src/tools/pkcs11-tool.c, trunk/src/tools/pkcs15-crypt.c, + trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-tool.c, + trunk/src/tools/rutoken-tool.c, trunk/src/tools/util.c, + trunk/src/tools/util.h, trunk/svnignore, trunk/win32, + trunk/win32/Makefile.am, trunk/win32/ltrc.inc, + trunk/win32/versioninfo.rc.in: Complete rewrite of OpenSC build + system. 1. Build system now supports MinGW (Windows) compilation + using msys and cross compilation. 2. Ability to explicitly + disable and enable dependencies of the package. 3. openct, pcsc + and nsplugins features are disabled by default. 4. Modified pcsc + driver to use pcsc dynamically, no compile time dependency is + required. 5. --enable-pcsc-lite configuration option renamed to + --enable-pcsc. 6. Install opensc.conf file (as opensc.conf.new + if opensc.conf exists). 7. Add--enable-doc configuration option, + allow installing documentation into target. 8. Add --disable-man + configuration option, allow msys mingw32 users to build from svn + without extra dependencies. 9. Add export files to each library + in order to export only required symbols. Windows native build + may use these files instead of scanning objects' symbols. 10. + Add opensc-tool --info to display some general information about + the build. 11. Create compatibility library to be linked against + library instread of recompiling the same source files in + different places. 12. Add different win32 version resource to + each class of outputs. 13. Make xsl-stylesheets location + selectable. 14. Some win32 fixups. 15. Some warning fixups. 16. + Many other autoconf/automake cleanups. Alon Bar-Lev svn diff -r + 3315:3399 + https://www.opensc-project.org/svn/opensc/branches/alonbl/mingw + _M . D configure.in _M src _M src/openssh M + src/openssh/Makefile.am _M src/tools M src/tools/rutoken-tool.c + M src/tools/opensc-tool.c M src/tools/cardos-info.c M + src/tools/pkcs15-crypt.c M src/tools/pkcs15-init.c M + src/tools/piv-tool.c M src/tools/netkey-tool.c M + src/tools/eidenv.c M src/tools/cryptoflex-tool.c M + src/tools/util.c M src/tools/pkcs11-tool.c M + src/tools/pkcs15-tool.c M src/tools/util.h M + src/tools/opensc-explorer.c M src/tools/Makefile.am _M + src/pkcs11 M src/pkcs11/pkcs11-global.c M + src/pkcs11/framework-pkcs15.c M src/pkcs11/mechanism.c M + src/pkcs11/pkcs11-display.c M src/pkcs11/pkcs11-object.c A + src/pkcs11/opensc-pkcs11.exports M src/pkcs11/sc-pkcs11.h M + src/pkcs11/pkcs11-spy.c M src/pkcs11/openssl.c M + src/pkcs11/Makefile.am A src/pkcs11/pkcs11-spy.exports _M + src/tests _M src/tests/regression M + src/tests/regression/Makefile.am M src/tests/sc-test.c M + src/tests/pintest.c M src/tests/Makefile.am _M src/include _M + src/include/opensc M src/include/opensc/Makefile.am A + src/include/opensc/svnignore M src/include/Makefile.am _M + src/signer _M src/signer/npinclude M + src/signer/npinclude/Makefile.am M src/signer/Makefile.am A + src/signer/signer.exports _M src/common A + src/common/compat_dummy.c D src/common/getopt.txt D + src/common/strlcpy.c D src/common/LICENSE A + src/common/compat_getopt.txt A src/common/compat_strlcpy.c A + src/common/LICENSE.compat_getopt A src/common/compat_getopt.c D + src/common/strlcpy.h D src/common/ChangeLog D + src/common/getpass.c D src/common/my_getopt.c A + src/common/compat_strlcpy.h A src/common/compat_getpass.c A + src/common/compat_getopt.h A src/common/ChangeLog.compat_getopt + D src/common/README.strlcpy D src/common/my_getopt.h A + src/common/compat_getpass.h A src/common/README.compat_strlcpy D + src/common/strlcpy.3 A src/common/README.compat_getopt D + src/common/getopt.3 D src/common/README.my_getopt A + src/common/compat_strlcpy.3 A src/common/compat_getopt.3 M + src/common/Makefile.am M src/Makefile.am _M src/pkcs15init M + src/pkcs15init/pkcs15-oberthur.c M src/pkcs15init/profile.c M + src/pkcs15init/pkcs15-lib.c M src/pkcs15init/pkcs15-rutoken.c A + src/pkcs15init/pkcs15init.exports M src/pkcs15init/pkcs15-gpk.c + M src/pkcs15init/Makefile.am _M src/scconf M + src/scconf/Makefile.am M src/scconf/parse.c A + src/scconf/scconf.exports _M src/libopensc M + src/libopensc/card-rutoken.c M src/libopensc/compression.c M + src/libopensc/sc.c M src/libopensc/card-piv.c M + src/libopensc/pkcs15-openpgp.c M + src/libopensc/pkcs15-postecert.c M src/libopensc/pkcs15-tcos.c M + src/libopensc/opensc-config.in M src/libopensc/reader-pcsc.c A + src/libopensc/internal-winscard.h M src/libopensc/ctx.c A + src/libopensc/libopensc.exports M src/libopensc/pkcs15-piv.c M + src/libopensc/pkcs15-infocamere.c M src/libopensc/internal.h M + src/libopensc/pkcs15-actalis.c M src/libopensc/pkcs15-starcert.c + M src/libopensc/card-oberthur.c M + src/libopensc/pkcs15-atrust-acos.c M + src/libopensc/p15card-helper.c D src/libopensc/part10.h M + src/libopensc/ui.c M src/libopensc/card-gpk.c M + src/libopensc/pkcs15-wrap.c M src/libopensc/pkcs15-gemsafeGPK.c + M src/libopensc/log.c M src/libopensc/pkcs15-esteid.c M + src/libopensc/pkcs15-prkey-rutoken.c M src/libopensc/log.h M + src/libopensc/Makefile.am M src/libopensc/reader-openct.c _M + aclocal M aclocal/Makefile.am _M win32 M win32/Makefile.am A + win32/versioninfo.rc.in A win32/ltrc.inc A configure.ac _M doc + _M doc/tools M doc/tools/pkcs15-profile.xml D doc/changelog.sh D + doc/export-wiki.xsl _M doc/api _M doc/api/file M doc/api/man.xsl + _M doc/api/asn1 _M doc/api/apps _M doc/api/init _M doc/api/types + _M doc/api/card M doc/api/html.xsl _M doc/api/misc _M + doc/api/util M doc/Makefile.am D doc/export-wiki.sh AM + doc/nonpersistent A doc/nonpersistent/export-wiki.xsl A + doc/nonpersistent/Makefile.am A doc/nonpersistent/export-wiki.sh + A doc/nonpersistent/svn2cl.xsl D doc/generate-man.sh D + doc/svn2cl.xsl M Makefile.am A svnignore _M etc M + etc/opensc.conf.in M etc/Makefile.am D man _M solaris M + solaris/Makefile + +2008-03-06 15:04 alonbl + + * trunk/etc/opensc.conf.in, trunk/src/pkcs11/misc.c, + trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/sc-pkcs11.h, + trunk/src/pkcs11/slot.c: Convert constant + SC_PKCS11_MAX_VIRTUAL_SLOTS to configuration option. + +2008-03-06 15:00 alonbl + + * trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-tool.c: + Allow specifying application name for data objects at + pkcs15-init. + +2008-03-06 14:56 alonbl + + * trunk/src/pkcs11/pkcs11-global.c: PKCS#11 "Application and + processes" instructs the sequence that should be taken after + fork(). Applications should call C_Initialize() immediately + after fork() to reinitialize the provider. The change monitor + the pid that calls C_Initialize(), if it is different than + previous C_Finalize() is called. + +2008-02-29 15:37 ludovic.rousseau + + * trunk/src/libopensc/asn1.c: + sc_asn1_decode_integer/asn1_encode_integer: correctly manage + negative numbers and some positive numbers like 128 + +2008-02-29 10:18 martin + + * trunk/src/pkcs11/framework-pkcs15.c: * Correctly return + CKR_PIN_INCORRECT if PIN is out of range. * By Alon Bar-Lev from + svn diff -r 3397:3398 + https://www.opensc-project.org/svn/opensc/branches/alonbl/pkcs11-login-rv + +2008-02-25 20:36 nils + + * trunk/src/pkcs15init/asepcos.profile: do not use memory quota + +2008-02-25 19:47 nils + + * trunk/src/pkcs15init/pkcs15-asepcos.c: check tpin before trying + to delete application + +2008-02-14 17:02 martin + + * trunk/src/libopensc/card.c: circumvent the 'padded with zeros' + ATR bug on Mac OS X <=10.5.2 + +2008-02-10 16:13 martin + + * trunk/src/libopensc/reader-pcsc.c: * Fix protocol forcing. + Whenever connecting, use whatever protocol is available / + currently set on card and only force the protocol with a cold + reset when different This fixes + pcsc_lock->pcsc_reconnect->protocol mismatch error escaping from + reader-pcsc.c if some other application has set the card to a + different protocol. * pcsc_reconnect uses PC/SC return values, + pcsc_reset uses OpenSC; 0 -> SC_SUCCESS * CCID driver with + OmniKey 1021 returns SCARD_W_UNPOWERED_CARD when a card is + inserted upside-down. Translate the currently unknown error into + 'Unresponsive card'. + +2008-02-01 14:31 ludovic.rousseau + + * trunk/src/libopensc/card-atrust-acos.c, + trunk/src/libopensc/pkcs15-atrust-acos.c: Add support for the + Austrian A-Trust ACOS card Thanks to Franz Brandl for the patch + http://www.opensc-project.org/pipermail/opensc-devel/2008-February/010675.html + +2008-01-11 16:28 ludovic.rousseau + + * trunk/src/pkcs11/Makefile.am: remove + $(pkcs11dir)/opensc-pkcs11.so so that creating the symbolink + link does not fail if the file already exists. Thanks to + Jean-Pierre Szikora for the bug report + +2008-01-04 13:13 ludovic.rousseau + + * trunk/src/tools/util.c: print_binary(): everything except + printable characters (including space) are displayed in hex + Thanks to Ian Young for the patch + http://www.opensc-project.org/pipermail/opensc-devel/2008-January/010641.html + +2008-01-04 08:57 ludovic.rousseau + + * trunk/src/libopensc/pkcs15-prkey-rutoken.c, + trunk/src/pkcs15init/pkcs15-rutoken.c: add two missing files for + ruToken support Thanks to Ian Young for the bug report + +2008-01-03 09:44 ludovic.rousseau + + * trunk/etc/opensc.conf.in: update comment to reflect the fact + that lock_login is now false by default Thanks to Eric Dorland + for the patch + +2008-01-03 08:59 ludovic.rousseau + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/card-rutoken.c, + trunk/src/libopensc/cardctl.h, + trunk/src/libopensc/pkcs15-rutoken.c, + trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs15init/Makefile.am, + trunk/src/pkcs15init/rutoken.profile, + trunk/src/tools/rutoken-tool.c: new patch for ruToken support + Thanks to Andrew V. Stepanov + http://www.opensc-project.org/pipermail/opensc-devel/2007-December/010631.html + +2007-12-28 18:18 pk + + * trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/cards.h, + trunk/src/libopensc/pkcs15-tcos.c, + trunk/src/tools/opensc-explorer.c: support for TCOS3 + +2007-12-21 16:40 martin + + * trunk/src/libopensc/card-mcrd.c: Remove unused code. + +2007-12-21 16:37 martin + + * trunk/etc/opensc.conf.in: Remove copy of Estonian eID ATR + +2007-12-19 09:58 jps + + * trunk/src/libopensc/card-cardos.c, trunk/src/libopensc/cards.h, + trunk/src/pkcs15init/pkcs15-cardos.c, + trunk/src/tools/cardos-info.c: support for Siemens CardOS V4.2C + +2007-12-17 13:47 ludovic.rousseau + + * trunk/src/tools/rutoken-tool.c: redefine trace macro to avoid + compiler warnings when _DEBUG is not defined rutoken-tool.c:107: + warning: statement with no effect rutoken-tool.c:165: warning: + left-hand operand of comma expression has no effect + +2007-12-17 13:39 ludovic.rousseau + + * trunk/etc/opensc.conf.in, trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/card-rutoken.c, + trunk/src/libopensc/cardctl.h, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-algo.c, + trunk/src/libopensc/pkcs15-rutoken.c, + trunk/src/libopensc/pkcs15-syn.c, + trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/pkcs11.h, + trunk/src/pkcs15init/Makefile.am, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/rutoken.profile, + trunk/src/tools/Makefile.am, trunk/src/tools/pkcs11-tool.c, + trunk/src/tools/rutoken-tool.c: add support of ruToken Thanks to + Andrew V. Stepanov for the patch + http://www.opensc-project.org/pipermail/opensc-devel/2007-December/010617.html + +2007-12-07 09:46 ludovic.rousseau + + * trunk/src/libopensc/card-cardos.c, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15.c: do not add a signature prefix for + D-Trust cards Thanks to Simon Eisenmann for the patch + http://www.opensc-project.org/pipermail/opensc-devel/2007-December/010609.html + +2007-11-15 15:52 ludovic.rousseau + + * trunk/src/libopensc/card-gemsafeV1.c: gemsafe_init(): the applet + supports also SC_ALGORITHM_RSA_HASH_NONE thanks to Douglas E. + Engert for the patch + +2007-11-15 14:07 ludovic.rousseau + + * trunk/src/libopensc/card-gemsafeV1.c: gemsafe_flags2algref(): + return 0x12 instead of 0x13 for SC_ALGORITHM_RSA_PAD_PKCS1 + thanks to Douglas E. Engert for the patch + +2007-11-13 09:38 ludovic.rousseau + + * trunk/configure.in, trunk/src/pkcs11/Makefile.am: add support of + /usr/lib/pkcs11/ directory. See + http://wiki.cacert.org/wiki/Pkcs11TaskForce Thanks to Alon + Bar-Lev for the better patch + +2007-11-13 09:13 ludovic.rousseau + + * trunk/src/libopensc/pkcs15-gemsafeV1.c: + sc_pkcs15emu_gemsafeV1_init(): remove addition of + SC_ALGORITHM_RSA_PAD_PKCS1 algorithm since it is already done in + card-gemsafeV1.c:gemsafe_init() Thanks to Douglas E. Engert for + the patch + +2007-11-13 07:52 ludovic.rousseau + + * trunk/src/libopensc/card-gemsafeV1.c, + trunk/src/libopensc/pkcs15-gemsafeV1.c: remove spaces and tabs + at end of lines + +2007-11-13 07:48 ludovic.rousseau + + * trunk/src/libopensc/pkcs15-gemsafeV1.c: sc_pkcs15emu_add_pin(): + do not devide pin length by 2 in BCD case since it is already + done in sec.c line 262 Thanks to Douglas E. Engert for the patch + +2007-11-12 10:18 ludovic.rousseau + + * trunk/etc/opensc.conf.in, trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/card-gemsafeV1.c, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15-gemsafeV1.c, + trunk/src/libopensc/pkcs15-syn.c: add initial support of Gemsafe + applet V1 cards Thanks to David Mattes for the patch + http://www.opensc-project.org/pipermail/opensc-devel/2007-November/010558.html + +2007-11-12 10:16 ludovic.rousseau + + * trunk/src/libopensc/pkcs15-gemsafeGPK.c: rename + sc_pkcs15emu_gemsafe_init_ex() in + sc_pkcs15emu_gemsafeGPK_init_ex() and + sc_pkcs15emu_gemsafe_init() in sc_pkcs15emu_gemsafeGPK_init() + +2007-11-12 10:09 ludovic.rousseau + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/pkcs15-gemsafe.c, + trunk/src/libopensc/pkcs15-gemsafeGPK.c: rename pkcs15-gemsafe.c + in pkcs15-gemsafeGPK.c + +2007-11-12 09:59 ludovic.rousseau + + * trunk/etc/opensc.conf.in, trunk/src/libopensc/pkcs15-gemsafe.c, + trunk/src/libopensc/pkcs15-syn.c: rename gemsafe in gemsafeGPK + so we can also have gemsafeV1, gemsafeV2, etc. + +2007-11-09 08:35 ludovic.rousseau + + * trunk/src/libopensc/card-piv.c, + trunk/src/libopensc/pkcs15-piv.c: patch from Douglas E. Engert + for bug #165 + +2007-11-09 08:29 ludovic.rousseau + + * trunk/src/libopensc/card-setcos.c: setcos_match_card(): replace + sc_error() by sc_debug() since some cards are not SetCOS bug + respond to the APDU: 00 CA DF 30 05 + +2007-10-06 12:03 gurer + + * trunk/src/libopensc/card-akis.c: This should be limited too. + +2007-09-29 07:43 nils + + * trunk/src/libopensc/card-asepcos.c: ignore paths with a AID in it + +2007-09-28 19:10 nils + + * trunk/src/pkcs15init/pkcs15-asepcos.c: the so-puk is optional + +2007-09-27 18:19 gurer + + * trunk/src/tools/opensc-explorer.c: two new debugging commands. + asn1 2f01 Dumps asn.1 content of a file apdu + 00:20:00:00:04:31:31:32:32 Send the custom APDU inside the + session + +2007-09-27 06:24 gurer + + * trunk/src/tools: cosmetic patch piv-tool and netkey-tool added + to the svn:ignore + +2007-09-23 10:19 gurer + + * trunk/src/libopensc/card-akis.c: AKIS can handle bigger data + blocks, but that causes GET_RESPONSE calls. So for a 300 byte + file, this saves one transaction (244 + 56) instead of (244 + 11 + + 45). + +2007-09-22 20:47 gurer + + * trunk/src/libopensc/card-akis.c: On a third thought, it is + better to not introduce any confusion at all :) + +2007-09-22 20:34 gurer + + * trunk/src/libopensc/card-akis.c: On a second thought, it is + better to stay compatible with released 0.11.4 code, and still + use ISO7814 pin_cmd. + +2007-09-17 11:41 gurer + + * trunk/src/libopensc/card-akis.c: * instead of using a custom PIN + VERIFY command, pin_reference is reported back, and used for + verifying. * PIN CHANGE command is implemented (that is really + different from ISO7816) * max_pin_len is set to 16 in akis_init + +2007-09-10 07:09 aj + + * trunk/doc/Makefile.am: cleanup *.tmp as well. + +2007-09-10 07:03 aj + + * trunk/Makefile.am: Add code to check version information in + several files. done by Peter Stuge. + +2007-09-10 06:41 aj + + * trunk/NEWS: Release 0.11.4 without changes. + +2007-09-10 06:22 aj + + * trunk/src/libopensc/Makefile.mak, trunk/win32/Make.rules.mak: + Appy patch by magog to build a static opensc_a.lib on windows. + Also removes *.lib on "make clean". + +2007-09-04 05:39 aj + + * trunk/src/libopensc/card.c: fix typo found by Grer zen. + +2007-08-29 19:54 nils + + * trunk/src/libopensc/card-asepcos.c: properly check return value + +2007-08-29 19:32 nils + + * trunk/src/libopensc/card-asepcos.c: bugfix: select DF before + setting sec. attributes + +2007-08-28 20:35 aj + + * trunk/src/libopensc/card-akis.c: akis update by Grer zen: + implement logout code. + * trunk/src/libopensc/apdu.c: fix typo, found by Grer zen. + +2007-08-28 20:34 aj + + * trunk/src/pkcs11/framework-pkcs15.c: fix typo, found by Grer + zen. + +2007-08-22 18:38 aj + + * trunk/src/libopensc/card-akis.c: mark supported padding and a + comment - by Grer zen + * trunk/src/libopensc/apdu.c, trunk/src/libopensc/types.h: fix + typos, patch by Grer zen + +2007-08-20 20:20 aj + + * trunk/src/include/winconfig.h, trunk/win32/version.rc: update + version info for windows. + +2007-08-19 18:55 aj + + * trunk/configure.in: trunk now after 0.11.4 release. + * trunk/NEWS: Update news file. + +2007-08-19 18:37 aj + + * trunk/aclocal/libassuan.m4: update libassuan m4 macro package to + current version. + +2007-08-14 06:17 aj + + * trunk/src/libopensc/Makefile.am: fix typo. + +2007-08-14 06:02 aj + + * trunk/src/tools/opensc-explorer.c: restores ability to change + opensc-explorer debug level at runtime, using "debug" command + from opensc prompt. by Jakub Bogusz + +2007-08-14 05:55 aj + + * trunk/aclocal/Makefile.am, trunk/aclocal/libassuan.m4: keep + libassuan as most users will not have this. + +2007-08-13 19:10 aj + + * trunk/src/libopensc/Makefile.am, trunk/src/pkcs11/Makefile.am: + add cflags for ltdl.h where needed. + +2007-08-13 08:32 ludovic.rousseau + + * trunk/src/tests/Makefile.am, trunk/src/tools/Makefile.am: the + commands line tools do not call lt_dlopen() so do not need to + link with libltdl + +2007-08-13 08:30 ludovic.rousseau + + * trunk/configure.in, trunk/src/libopensc/Makefile.am, + trunk/src/pkcs11/Makefile.am: use LTLIB_CFLAGS and LTLIB_LIBS + instead of the global LIBS to find and use libltdl thanks to + Alon Bar-Lev for the patch + +2007-08-10 13:06 ludovic.rousseau + + * trunk/aclocal/Makefile.am, trunk/aclocal/lib-ld.m4, + trunk/aclocal/lib-link.m4, trunk/aclocal/lib-prefix.m4: + lib-link.m4, lib-prefix.m4 and lib-ld.m4 are provided by gettext + but is no more needed after revision 3239 + +2007-08-10 13:05 ludovic.rousseau + + * trunk/aclocal/Makefile.am, trunk/aclocal/pkg.m4: pkg.m4 is an + external dependency provided by pkg-config (or similar) package + +2007-08-10 13:04 ludovic.rousseau + + * trunk/aclocal/Makefile.am, trunk/aclocal/libassuan.m4: + libassuan.m4 is an external dependency provided by libassuan-dev + (or similar) package + +2007-08-10 12:56 ludovic.rousseau + + * trunk/configure.in: do not use AC_LIB_LINKFLAGS() since this + macro is provided by gettext and we do not use gettext. Use + AC_CHECK_LIB() instead + +2007-08-10 12:51 ludovic.rousseau + + * trunk/man: propset svn:ignore to ignore unversioned files + +2007-08-08 20:06 aj + + * trunk/src/libopensc/card-cardos.c, trunk/src/libopensc/cards.h, + trunk/src/pkcs15init/pkcs15-cardos.c, + trunk/src/tools/cardos-info.c: add information about cardos 4.2b + - latest cardos update. + +2007-08-03 07:47 aj + + * trunk/src/libopensc/pkcs15.c: Add same hack for Prime cards. + +2007-08-02 13:53 ludovic.rousseau + + * trunk/src/pkcs15init/Makefile.am: AM_LDFLAGS is not used in + libpkcs15init_la_LDFLAGS so explicitly use it + +2007-07-28 18:27 aj + + * trunk/aclocal/Makefile.am, trunk/aclocal/lib-ld.m4, + trunk/aclocal/lib-link.m4, trunk/aclocal/lib-prefix.m4, + trunk/aclocal/libassuan.m4, trunk/aclocal/pkg.m4: revert + revision 3403 + 3404, seems to break mac os X. + +2007-07-28 18:22 aj + + * trunk/src/tools/pkcs11-tool.c: pkcs11-tool crashes while + printing its usage message. fixed by Ville Skytt. + +2007-07-28 18:18 aj + + * trunk/src/tools/cryptoflex-tool.c: cryptoflex-tool.c:505: + warning: array subscript is above array bounds gcc 4.3 warning, + reported and fixed by novell: Problem found by David Binderman + Patch created by Michal Vaner closes our trac bug #153 and + novell bug 238660 + +2007-07-24 06:42 aj + + * trunk/src/libopensc/card-akis.c: fix a compiler warning. + +2007-07-22 19:56 aj + + * trunk/src/libopensc/card-akis.c: Grer zen: * akis_get_data() + implemented * akis_delete_file() implemented * + akis_set_security_env() implemented, pkcs15 signing works now * + life cycle set/get via cardctl implemented * card_ops commented, + so it is clear whether a function is supported via iso7816 + implementation or not * mark pin apdu as sensitive in + akis_pin_cmd + +2007-07-21 07:31 aj + + * trunk/src/signer/Makefile.am: create plugin directory if it does + not exist. + +2007-07-20 18:50 aj + + * trunk/configure.in, trunk/src/signer/Makefile.am: add explicit + option to enable/disable the ns plugin. patch by Alon Bar-Lev. + +2007-07-20 14:38 aj + + * trunk/src/libopensc/pkcs15-sec.c: oops, define tmplen at start + of block. + +2007-07-20 13:47 aj + + * trunk/src/libopensc/pkcs15-pubkey.c: silence a warning we get + with siemens cards. + +2007-07-20 12:30 aj + + * trunk/src/libopensc/asn1.c: asn1_decode_entry() allocates + (objlen - 1) bytes for SC_ASN1_UTF8STRING types with + SC_ASN1_ALLOC flag, then calls the sc_asn1_decode_utf8string() + function which then fails with BUFFER TOO SMALL cause it wants + to end the string with an extra NULL. allocation size was + supposed to be objlen + 1. Patch by Grer zen + +2007-07-20 12:28 aj + + * trunk/NEWS, trunk/src/libopensc/card-akis.c: Grer zen send + another akis update: * create_file implemented * EF(DIR) hack + removed, it is easier to put a real EF(DIR) * + SC_CARDCTL_GET_SERIALNR implemented + +2007-07-20 12:19 aj + + * trunk/NEWS, trunk/src/libopensc/pkcs15-sec.c, + trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: Sign + by using the decrypt function. + +2007-07-17 20:01 aj + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, + trunk/src/libopensc/card-akis.c, trunk/src/libopensc/cards.h, + trunk/src/libopensc/ctx.c, trunk/src/libopensc/opensc.h: add + akis support by Grer zen. + +2007-07-15 15:29 aj + + * trunk/src/libopensc/pkcs15-piv.c: Douglas E. Engert: The IdAlly + CSP calls C_FindObjectsInit looking for CK_PRIVATE_KEY before + C_Login with a pin. If it does not find any, it fails. The + pkcs15-piv.c in 0.11.3 and 0.11.3-pre3 set the pubkey and prvkey + objects as private. This patch removes the + SC_PKCS15_CO_FLAG_PRIVATE so IdAlly will work with the PIV cards. + +2007-07-11 14:47 aj + + * trunk/configure.in: trunk is now post 0.11.3 release. + +2007-07-11 14:46 aj + + * trunk/NEWS: more updates. + +2007-07-11 09:35 aj + + * trunk/src/tests/regression/crypt0007: put openssl rsautl in raw + signatures mode. + +2007-07-11 09:15 aj + + * trunk/src/tests/regression/functions: allow regression test + suite to work installed as well. + +2007-07-11 09:10 aj + + * trunk/src/tests/regression/Makefile.am, + trunk/src/tests/regression/bintest, + trunk/src/tests/regression/crypt0007: add test for decrypting + binary data of key size. + +2007-07-11 09:07 aj + + * trunk/src/tests/regression/functions: stop using p15dump, switch + to pkcs15-tool --dump. + +2007-07-10 13:03 aj + + * trunk/NEWS, trunk/doc/export-wiki.sh: document latest changes + and update wiki export script. + +2007-07-10 12:04 vtarasov + + * trunk/src/libopensc/ctx.c: typo, manifested when explicitely + using 'reader_drivers = internal;' in opensc.conf + +2007-07-09 14:52 aj + + * trunk/src/tools/pkcs15-init.c: use static without inline - the + compiler can optimize the function as inline or not, whatever it + prefers. "static inline" is not supported by the visual studio c + compiler. + +2007-07-09 14:17 aj + + * trunk/src/pkcs15init/pkcs15-cardos.c, + trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-incrypto34.c: inline is something + the compiler can decide on his own. static is a good hint to the + compiler for that - the function isn't used outside of this + file. "static inline" is not valid, visual studio doesn't + compile that. + +2007-07-09 08:28 aj + + * trunk/configure.in: Revert last change, breaks building opensc: + ../../src/libopensc/.libs/libopensc.so: undefined reference to + `lt_dlopen' ... + +2007-07-07 11:29 nils + + * trunk/src/libopensc/card-cardos.c: improve atr matching for + cardos m4.01[a] + +2007-07-04 14:25 vtarasov + + * trunk/src/libopensc/card-oberthur.c, + trunk/src/pkcs15init/pkcs15-oberthur.c: Enables the second PIN + (one-time PIN) defined for the same application DF + +2007-07-04 09:19 aj + + * trunk/doc/Makefile.am, trunk/doc/export-wiki.sh: add image files + to release tar.gz + +2007-07-04 08:55 ludovic.rousseau + + * trunk/aclocal/Makefile.am: update the list of distributed .m4 + files + +2007-07-04 08:54 ludovic.rousseau + + * trunk/aclocal/lib-ld.m4, trunk/aclocal/lib-link.m4, + trunk/aclocal/lib-prefix.m4, trunk/aclocal/libassuan.m4, + trunk/aclocal/pkg.m4: libassuan.m4 is provided by libassuan-dev + pkg.m4 is provided by pkg-config lib-link.m4, lib-prefix.m4 and + lib-ld.m4 are provided by gettext but should not be needed after + revision 3202 + +2007-07-04 08:46 ludovic.rousseau + + * trunk/configure.in: do not use AC_LIB_LINKFLAGS() since this + macro is provided by gettext and we do not use gettext. Use + AC_CHECK_LIB() instead + +2007-07-04 06:51 aj + + * trunk/NEWS: update NEWS with list of all changes (that I + remember). + +2007-07-03 20:44 nils + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, + trunk/src/libopensc/card-asepcos.c, + trunk/src/libopensc/cardctl.h, trunk/src/libopensc/cards.h, + trunk/src/libopensc/ctx.c, trunk/src/libopensc/opensc.h, + trunk/src/pkcs15init/Makefile.am, + trunk/src/pkcs15init/Makefile.mak, + trunk/src/pkcs15init/asepcos.profile, + trunk/src/pkcs15init/pkcs15-asepcos.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c: add support for asepcos + +2007-07-03 19:42 nils + + * trunk/src/libopensc/card-cardos.c: re-add cardos m4.01a ATR + +2007-07-03 15:33 vtarasov + + * trunk/src/libopensc/card-oberthur.c: PIN unblock error. Internal + pin reference procedure updated. + +2007-07-03 14:15 aj + + * trunk/configure.in, trunk/src/include/winconfig.h, + trunk/win32/version.rc: fix version numbers preparing for next + release. + +2007-07-03 14:14 aj + + * trunk/src/pkcs11/pkcs11.h: update pkcs11.h header file from + scute. + +2007-07-03 13:44 vtarasov + + * trunk/src/libopensc/card-oberthur.c: Error when output + allocation length is not equal to the signature length. + 'Compute_signature' now returns the answer's length + +2007-06-29 14:14 aj + + * trunk/src/tools/eidenv.c: remove unused definition. + +2007-06-29 13:31 aj + + * trunk/src/tools/opensc-tool.c: fix duplicate static. + +2007-06-29 13:19 aj + + * trunk/src/tools/cardos-info.c, + trunk/src/tools/cryptoflex-tool.c, trunk/src/tools/eidenv.c, + trunk/src/tools/opensc-explorer.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/piv-tool.c, + trunk/src/tools/pkcs11-tool.c, trunk/src/tools/pkcs15-crypt.c, + trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-tool.c: + make app_name, options and option_help static. + +2007-06-25 18:01 nils + + * trunk/src/libopensc/card-cardos.c: implement more flexible + cardos detection func + +2007-06-24 21:03 aj + + * trunk/src/tools/pkcs11-tool.c: Douglas E. Engert: fix more + compiler warnings. + +2007-06-21 13:58 aj + + * trunk/src/pkcs11/hack-disabled.c, + trunk/src/pkcs11/hack-enabled.c, + trunk/src/signer/opensc-support.c, + trunk/src/tools/netkey-tool.c, trunk/src/tools/pkcs15-init.c: + silence more warnings by gcc/sparse. + +2007-06-21 13:46 ludovic.rousseau + + * trunk/src/tools/cardos-info.c, + trunk/src/tools/cryptoflex-tool.c, + trunk/src/tools/opensc-explorer.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/piv-tool.c, + trunk/src/tools/pkcs11-tool.c, trunk/src/tools/pkcs15-crypt.c, + trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-tool.c, + trunk/src/tools/util.c, trunk/src/tools/util.h: do not use + global variables app_name, options and option_help so they can + be static + +2007-06-21 13:38 aj + + * trunk/src/tools/cardos-info.c, + trunk/src/tools/cryptoflex-tool.c, trunk/src/tools/eidenv.c, + trunk/src/tools/netkey-tool.c, trunk/src/tools/pkcs11-tool.c, + trunk/src/tools/pkcs15-crypt.c, trunk/src/tools/pkcs15-init.c: + fix more warnings. + +2007-06-21 13:29 ludovic.rousseau + + * trunk/src/tools/eidenv.c: eidenv.c:55: attention : ‘option_help’ + defined but not used + * trunk/src/tests/pintest.c: initialize objs to NULL to avoid: + pintest.c:83: attention : ‘objs’ may be used uninitialized in + this function + +2007-06-21 13:20 ludovic.rousseau + + * trunk/src/tools/pkcs11-tool.c: correct a typo + +2007-06-21 12:58 aj + + * trunk/src/pkcs11/debug.c, trunk/src/signer/dialog.c, + trunk/src/signer/opensc-crypto.c, + trunk/src/signer/opensc-support.c, trunk/src/tests/print.c, + trunk/src/tools/cardos-info.c, + trunk/src/tools/cryptoflex-tool.c, trunk/src/tools/eidenv.c, + trunk/src/tools/netkey-tool.c, trunk/src/tools/piv-tool.c, + trunk/src/tools/pkcs11-tool.c, trunk/src/tools/pkcs15-crypt.c, + trunk/src/tools/pkcs15-tool.c: silence more warnings. + +2007-06-21 12:14 aj + + * trunk/src/pkcs11/pkcs11-display.c, trunk/src/tests/sc-test.h: + fix broken changes. + +2007-06-21 12:06 aj + + * trunk/src/pkcs11/debug.c: make sc_pkcs11_print_attrs non static. + +2007-06-21 12:01 aj + + * trunk/src/libopensc/card-muscle.c, + trunk/src/libopensc/pkcs15-piv.c, trunk/src/pkcs11/debug.c, + trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/openssl.c, + trunk/src/pkcs11/pkcs11-display.c, + trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/pkcs11-spy.c, + trunk/src/tests/lottery.c, trunk/src/tests/p15dump.c, + trunk/src/tests/pintest.c, trunk/src/tests/sc-test.c, + trunk/src/tests/sc-test.h, trunk/src/tools/opensc-explorer.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-tool.c: + silence more gcc/sparse warnings. + +2007-06-21 11:34 aj + + * trunk/src/libopensc/pkcs15-tcos.c: revert change - is needed by + pkcs15-syn.c + +2007-06-21 11:07 aj + + * trunk/src/libopensc/card-mcrd.c, + trunk/src/libopensc/card-muscle.c, + trunk/src/libopensc/card-oberthur.c, + trunk/src/libopensc/card-piv.c, + trunk/src/libopensc/compression.c, + trunk/src/libopensc/pkcs15-atrust-acos.c, + trunk/src/libopensc/pkcs15-gemsafe.c, + trunk/src/libopensc/pkcs15-piv.c, + trunk/src/libopensc/pkcs15-starcert.c, + trunk/src/libopensc/pkcs15-tcos.c, + trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-oberthur.c, + trunk/src/pkcs15init/pkcs15-setcos.c, + trunk/src/pkcs15init/profile.c: fix more warnings found by + gcc/sparse. + +2007-06-21 10:07 aj + + * trunk/src/common/strlcpy.c, trunk/src/libopensc/card-belpic.c, + trunk/src/libopensc/card-cardos.c, + trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/card-incrypto34.c, + trunk/src/libopensc/card-jcop.c, + trunk/src/libopensc/card-mcrd.c, + trunk/src/libopensc/card-oberthur.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/muscle-filesystem.c, + trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-syn.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/reader-openct.c, trunk/src/libopensc/sc.c, + trunk/src/libopensc/ui.c, trunk/src/scconf/test-conf.c: fix + compiler/sparse warnings. + +2007-06-21 09:37 aj + + * trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/misc.c, + trunk/src/pkcs11/pkcs11-object.c, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/tools/pkcs11-tool.c: Alessandro Premoli: add support + for reading, writing and deleting private (require cache_pins) + and public data objects in PKCS11. updated the pkcs11-tool and + fixed a few bugs in the code. Tested on an aladdin etoken. + +2007-06-21 07:11 aj + + * trunk/src/pkcs11/framework-pkcs15.c: Douglas E. Engert: Looking + at framework-pkcs11.c, it looks like there is a bug in the + handling of auth_count, if there is more then one pin, and one + of the pins is a SC_PKCS15_PIN_FLAG_SO_PIN. The for loop at line + 767 will add a slot for each non SO_PIN or UNBLOCKING_PIN. But + at line 812, the auth_count is still set to the number of pins, + even though the SO_PIN did not cause a new slot to be allocated + and thus the test of hide_empty_tokens will not be used. With + the attached patch, I can get the expected behavior when + hide_empty_tokens = yes in the opensc.conf from pkcs11-tool -L, + pkcs11-tool -O and pkcs11-tool -O -l There is only 1 slot + allocated, the pkcs11-tool -O shows all the public objects, and + pkcs11-tool -O -l (after PIN) shows all the objects, and Heimdal + PKINIT still runs. I still think that if two or more slots need + to be allocated for multiple auth pins, then all the public + objects should be added to each. I have an additional mod for + this too. Since the cards I am working with only have 1 pin, the + attached mods works for me. Note it looks like the + pkcs15-openpgp.c might also be affected by this change as it + defines two pins an auth pin and a SO_PIN, much like the PIV + card does. + +2007-06-21 07:07 aj + + * trunk/src/libopensc/card-piv.c, + trunk/src/libopensc/pkcs15-piv.c, trunk/src/tools/piv-tool.c: + Douglas E. Engert: Major improvments in the PIV card modules: * + OpenSC-0.11.2 only supported RSA 1K keys, the patch supports RSA + 2K and 3K keys. * The FASC-N in the CHUID object is used as the + card serial number. * A PIV card may have additional objects. + These can now be read by pkcs11-tool and pkcs15-tool. * The + p15card-helper.c module is no longer used. The code to call the + sc_pkcs15emu_* routines has been moved back into pkcs15-piv.c + and uses existing OpenSC routines to parse the certificate to + find the modulus_len. * pkcs15-piv.c will now get the + modulus_len from the certificates to store into the emulated + prvkey an pubkey objects as they are being created using the + sc_pkcs15emu_* routines. * The caching code that was added to + card-piv.c in 0.11.2 is disabled, as pkcs15-piv.c will cache the + certificate using existing OpenSC routines. * piv-tool will now + print a serial number. * The key-usage bits for prvkey and + pubkey objects are set in pkcs15-piv.c * The PIV "9E" key was + added. It is not a private object, and can be used without a + PIN. It is used with the "Certificate for Card Authenticaiton". + * When used with the OpenSSL engine to generate a certificate + request, the public key saved by piv-tool during a "generate + asymmetric key pair" card command can be read from a file + pointed at by the environment variable PIV_9*_KEY. Where * is A, + C, D or E. * In the card_atr section of opensc.conf, flags = 20; + can be used to only show the PIV Authentication cert. This + feature was in 0.11.1 but was dropped in 0.11.2 when the + p15card-helper.c was introduced. + +2007-05-25 20:10 aj + + * trunk/src/libopensc/log.c: Added the application name to logging + to allow for easier debugging. Since a lot of testing needed + multiple applications to be running, it became important to know + what application was making each log entry. This was reported by + Russell Larner on 5/17/2007 + +2007-05-25 20:09 aj + + * trunk/src/tools/pkcs11-tool.c: If a PKCS11 get attrribute failes + for some reason, pkcs11-tool may return garbage along with the + error message. The attached patch to pkcs11-tool.c initializes + the type to 0 so the attribute will be 0 in case of an error. by + Douglas E. Engert + +2007-05-25 20:06 aj + + * trunk/src/pkcs11/framework-pkcs15.c: The framework-pkcs15 will + filed the modulus in a certificate and copy it to a pubkey or + from apubkey to a privkey object. But it does not copy the + modulus_len. This patch will look at pub_info->modulus_len and + prv_info->modulus_len and copy the modulus_len while copying the + modulus. This will be used with the pkcs15-piv code when it + creates pub and priv objects, as it has no way other then from + the certificates to know the modulus_len. By Douglas E. Engert. + +2007-05-13 15:43 nils + + * trunk/src/libopensc/card-gpk.c: 252 bytes work as well + +2007-05-13 09:32 nils + + * trunk/src/libopensc/card-oberthur.c: fix warning + +2007-05-13 09:31 nils + + * trunk/src/libopensc/card-gpk.c: bugfix: try to read at most 248 + bytes + +2007-05-13 09:30 nils + + * trunk/src/libopensc/apdu.c: bugfix: avoid recursion + +2007-05-04 07:13 aj + + * trunk/doc/export-wiki.sh: fix wiki html export. + +2007-05-04 06:17 aj + + * trunk/NEWS: add date for 0.11.2 + +2007-04-25 06:53 aj + + * trunk/configure.in: probe for readline+ncurses too. + +2007-04-24 07:59 aj + + * trunk/NEWS: update NEWS with latest changes. + +2007-04-24 07:54 aj + + * trunk/etc/opensc.conf.in, trunk/src/pkcs11/misc.c: enable pin + caching by default. + +2007-04-24 07:52 aj + + * trunk/src/libopensc/ctx.c, trunk/src/libopensc/opensc.h: use + 255/256 bytes as max_send/recv_size by default. + +2007-04-23 19:23 nils + + * trunk/src/pkcs15init/pkcs15-cardos.c: increase size of pin buffer + +2007-04-23 19:18 nils + + * trunk/src/tools/pkcs15-tool.c: authenticate if data object is + protected + +2007-04-15 17:26 nils + + * trunk/src/libopensc/card-openpgp.c: request at most for 256 bytes + +2007-04-10 19:49 aj + + * trunk/src/libopensc/muscle.c: Steve Jacobs: fix muscle driver. + +2007-04-01 17:03 nils + + * trunk/src/pkcs11/pkcs11-global.c: bugfix: don't use the size of + a void pointer, thanks to Carl Przybylek + +2007-03-29 10:25 martin + + * trunk/src/pkcs11/Makefile.am, trunk/src/pkcs11/Makefile.mak, + trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/hack-disabled.c, + trunk/src/pkcs11/hack-enabled.c: Build a pkcs11 module with only + one pin exposed to overcome issues described in #132. Closes #132 + +2007-03-21 09:41 martin + + * trunk/src/libopensc/reader-pcsc.c: * Add support for + SCARD_E_NO_READERS_AVAILABLE to describe errors like: {{{ + sc.c:201:sc_detect_card_presence: returning with: Unknown error + SCardGetStatusChange failed: 8010002e }}} * When doing a reset + with pcsc_reconnect do a cold reset instead a warm one to allow + next change * Change the protocol force feature to change the + protocol with a hard reset only when needed to prevent: {{{ + SCardConnect failed: 8010000f card.c:228:sc_connect_card: + returning with: Unknown error }}} + +2007-03-21 09:34 martin + + * trunk/src/libopensc/Makefile.mak: Missing file + +2007-03-21 09:33 martin + + * trunk/src/libopensc/card-mcrd.c: Make sure the right thing is + always selected on the card by bypassing cache + +2007-03-21 09:32 martin + + * trunk/src/libopensc/pkcs15-esteid.c: Simplify esteid detection + +2007-03-18 17:55 aj + + * trunk/src/tools/piv-tool.c: fix --serial option. + +2007-03-16 20:44 aj + + * trunk/configure.in: changes to trunk won#t go into 0.11.2. + +2007-03-16 20:42 aj + + * trunk/NEWS: document changes in this release. + +2007-03-15 07:59 ludovic.rousseau + + * trunk/doc/api/card/sc_format_apdu.xml, + trunk/doc/api/card/sc_get_data.xml, + trunk/doc/api/card/sc_put_data.xml, + trunk/doc/api/file/sc_append_record.xml, + trunk/doc/api/file/sc_delete_record.xml, + trunk/doc/api/file/sc_read_binary.xml, + trunk/doc/api/file/sc_read_record.xml, + trunk/doc/api/file/sc_update_binary.xml, + trunk/doc/api/file/sc_update_record.xml, + trunk/doc/api/file/sc_write_binary.xml, + trunk/doc/api/file/sc_write_record.xml, + trunk/doc/api/init/sc_establish_context.xml: remove Foo that can't be solved and generates + Error: no ID for constraint linkend: foo + +2007-03-14 18:26 aj + + * trunk/src/libopensc/Makefile.am: add missing header file to + noinst_HEADERS. + +2007-03-13 23:10 aj + + * trunk/src/libopensc/card-acos5.c, trunk/src/libopensc/cards.h: + Ian Young: use proper card type for acos5. + +2007-03-13 20:59 aj + + * trunk/src/tools/Makefile.am: Douglas E. Engert: piv-tool needs + openssl, so compile only if it is present. + +2007-03-13 20:57 aj + + * trunk/src/libopensc/compression.c, + trunk/src/libopensc/p15card-helper.c: Patch by Douglas E. + Engert: use c style comments and different header files (for mac + os X?). + +2007-03-13 13:38 aj + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/card-acos5.c, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/opensc.h: Add acos5 driver by Ian Young. + +2007-03-12 20:17 aj + + * trunk/src/libopensc/opensc.h: test new chop size (256 bytes by + default). + +2007-03-12 20:15 aj + + * trunk/etc/opensc.conf.in, trunk/src/libopensc/card-piv.c, + trunk/src/libopensc/compression.c, + trunk/src/libopensc/compression.h, + trunk/src/libopensc/p15card-helper.c, + trunk/src/libopensc/p15card-helper.h, + trunk/src/libopensc/pkcs15-piv.c, trunk/src/pkcs11/Makefile.mak: + changes by Douglas E. Engert: change the do_decompress* to + sc_decompress* and the initialize_* to sc_pkcs15emu_initialize_* + in the new code. + +2007-03-10 10:46 aj + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, + trunk/src/libopensc/card-piv.c, + trunk/src/libopensc/compression.c, + trunk/src/libopensc/compression.h, + trunk/src/libopensc/p15card-helper.c, + trunk/src/libopensc/p15card-helper.h, + trunk/src/libopensc/pkcs15-piv.c, trunk/src/tools/piv-tool.c, + trunk/win32/Make.rules.mak: full piv update by Thomas harning + Jr. and David E. Engert, adding compression etc. Also enables + opensc to be compiled with and without zlib support. + +2007-03-07 21:26 aj + + * trunk/etc/opensc.conf.in: don't set max send/recv size per + defaults. document how to find out if there is an issue. + +2007-03-07 12:39 vtarasov + + * trunk/src/libopensc/card-oberthur.c: after Douglas Engert's + remarks on the coding style + +2007-03-07 09:38 vtarasov + + * trunk/src/libopensc/card-oberthur.c: some ACLs was forgotten; i + compute_signature() le should not be more then 256 + +2007-03-05 17:30 vtarasov + + * trunk/src/pkcs15init/oberthur.profile: change inappropriate + oberthur profile + +2007-03-03 20:24 ludovic.rousseau + + * trunk/src/libopensc/card-incrypto34.c: update Giuseppe Amato + email at his request (he is no more working for ST Incard srl) + +2007-02-09 11:08 martin + + * trunk/src/tests/regression/Makefile.am: Include files from [3113] + +2007-02-06 14:29 ludovic.rousseau + + * trunk/src/pkcs15init/pkcs15-lib.c: comment out static and unused + functions (sc_pkcs15init_read_unusedspace, + sc_pkcs15init_update_unusedspace, merge_paths, + sc_pkcs15init_add_unusedspace and + sc_pkcs15init_remove_unusedspace) + +2007-02-06 14:20 ludovic.rousseau + + * trunk/src/libopensc/card-oberthur.c: correct 3 warning: unused + variable 'entry' + +2007-02-06 14:17 ludovic.rousseau + + * trunk/src/libopensc/reader-pcsc.c: use SCARD_SCOPE_USER instead + of the pcsc-lite specific SCARD_SCOPE_GLOBAL + +2007-02-02 22:15 nils + + * trunk/src/libopensc/card-cardos.c, + trunk/src/libopensc/card-incrypto34.c, + trunk/src/libopensc/internal.h, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/padding.c, trunk/src/libopensc/pkcs15-sec.c, + trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/openssl.c, + trunk/src/pkcs11/pkcs11-display.c, trunk/src/pkcs11/pkcs11.h, + trunk/src/tools/pkcs11-tool.c, trunk/src/tools/pkcs15-crypt.c: + implement support for SHA2 (still experimental) + +2007-01-20 12:46 nils + + * trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc.c, + trunk/src/libopensc/types.h, trunk/src/pkcs15init/profile.c, + trunk/src/tools/opensc-explorer.c: use const, add yet another ACL + +2007-01-19 21:10 nils + + * trunk/src/tests/regression/crypt0005, + trunk/src/tests/regression/crypt0006, + trunk/src/tests/regression/functions: conditionally check 2048 + bit rsa key ops + +2007-01-19 21:08 nils + + * trunk/src/pkcs15init/pkcs15-lib.c: check key size, set so-pin ref + +2007-01-15 20:32 nils + + * trunk/src/tools/opensc-tool.c: increase pointer + +2007-01-09 21:16 nils + + * trunk/src/tests/regression/test.p12: undo last change: + converting a binary file to utf-8 isn't really a good idea ;-) + +2007-01-09 19:41 nils + + * trunk/src/libopensc/apdu.c: improve get_response logic: try to + read at least as much bytes as indicated in the 0x61xx response. + +2007-01-09 07:22 aj + + * trunk/src/libopensc/card.c: improve atr masking code - also mask + atr to match. and add more debugging messages. + +2007-01-08 21:10 nils + + * trunk/src/libopensc/card-oberthur.c: remove unnecessary assertion + +2007-01-08 20:19 nils + + * trunk/src/libopensc/card-piv.c: use EVP API for DES encryption + +2007-01-08 17:04 nils + + * trunk/src/libopensc/card-oberthur.c: use EVP api for DES + encryption + +2007-01-07 23:40 martin + + * trunk/src/libopensc/card-mcrd.c: off by 1 + +2007-01-06 16:35 martin + + * trunk/src/libopensc/card-muscle.c, trunk/src/libopensc/muscle.c: + Stop MS visual studio 2005 complaints. + +2007-01-06 13:23 nils + + * trunk/src/libopensc/card-gpk.c: use EVP api + +2007-01-05 16:36 martin + + * trunk/src/libopensc/reader-pcsc.c: Properly set the defaults for + pcsc reader options even if no configuration file is + found/available + +2007-01-05 16:25 martin + + * trunk/src/libopensc/reader-pcsc.c: * Add a few debug lines * + Remove the locked status from the reader no matter what + SCardEndTransaction thinks - either the card was removed or + broken pcsc allowed to reset the card while in a transaction + (pcsc-lite before Oct. 2006) + +2007-01-05 16:20 martin + + * trunk/src/libopensc/pkcs15-syn.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/pkcs15.h: Allow to specify at compile time + that a card will work only via pkcs15 emulation. This way no + matter what is configured in the config file + (try_emulation_first option) the card is usable via pkcs15 tools. + +2007-01-05 16:13 martin + + * trunk/src/libopensc/card-mcrd.c: Match EstEID based on ATR + contents rather than the full ATR itself. + +2007-01-03 11:44 vtarasov + + * trunk/src/libopensc/card-oberthur.c: change encoding + +2007-01-02 10:06 vtarasov + + * trunk/src/libopensc/cardctl.h: prepare Oberthur card support for + secure messaging + * trunk/src/libopensc/card-oberthur.c, + trunk/src/pkcs15init/oberthur.profile, + trunk/src/pkcs15init/pkcs15-oberthur.c: prepare Oberthur card + support for secure messaging + +2007-01-02 10:04 vtarasov + + * trunk/src/libopensc/iso7816.c, trunk/src/libopensc/types.h: + introduce SC_PATH_TYPE_FROM_CURRENT and SC_PATH_TYPE_PARENT path + types + +2006-12-29 09:44 aj + + * trunk/src/libopensc/apdu.c: only the first apdu (command) tells + us how many bytes we need to get. we need to keep this value and + call get_response as often as needed to get them part by part. + +2006-12-22 12:43 nils + + * trunk/src/libopensc/pkcs15-pin.c: encode max pin length as well + +2006-12-19 22:11 aj + + * trunk/src/tools/pkcs11-tool.c: kill warnings. + +2006-12-19 21:35 aj + + * trunk/src/tools/cardos-info.c, + trunk/src/tools/cryptoflex-tool.c, + trunk/src/tools/opensc-explorer.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/piv-tool.c, + trunk/src/tools/pkcs15-crypt.c, trunk/src/tools/pkcs15-tool.c: + convert to utf-8. + +2006-12-19 21:34 aj + + * trunk/src/signer/testprog.c: replace with an ascii test string. + * trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-miocos.c, + trunk/src/pkcs15init/pkcs15-oberthur.c: convert to utf-8. + +2006-12-19 21:33 aj + + * trunk/src/tests/lottery.c, trunk/src/tests/p15dump.c, + trunk/src/tests/pintest.c, trunk/src/tests/print.c, + trunk/src/tests/prngtest.c, trunk/src/tests/regression/test.p12, + trunk/src/tests/sc-test.c: convert to utf-8. + * trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/framework-pkcs15init.c, + trunk/src/pkcs11/misc.c, trunk/src/pkcs11/pkcs11-global.c, + trunk/src/pkcs11/pkcs11-object.c, + trunk/src/pkcs11/pkcs11-session.c, trunk/src/pkcs11/sc-pkcs11.h, + trunk/src/pkcs11/slot.c: convert to utf-8. + +2006-12-19 21:32 aj + + * trunk/src/libopensc/card-atrust-acos.c, + trunk/src/libopensc/card-cardos.c, + trunk/src/libopensc/card-default.c, + trunk/src/libopensc/card-emv.c, trunk/src/libopensc/card-flex.c, + trunk/src/libopensc/card-incrypto34.c, + trunk/src/libopensc/card-mcrd.c, + trunk/src/libopensc/card-miocos.c, + trunk/src/libopensc/card-oberthur.c, + trunk/src/libopensc/card-piv.c, + trunk/src/libopensc/card-setcos.c, + trunk/src/libopensc/card-starcos.c, + trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/ctx.c: convert to utf-8. + +2006-12-19 21:31 aj + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/asn1.h, + trunk/src/libopensc/base64.c, trunk/src/libopensc/dir.c, + trunk/src/libopensc/emv.c, trunk/src/libopensc/emv.h, + trunk/src/libopensc/errors.c, trunk/src/libopensc/errors.h, + trunk/src/libopensc/internal.h, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/log.c, trunk/src/libopensc/log.h, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/padding.c, + trunk/src/libopensc/pkcs15-cache.c, + trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-pubkey.c, + trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/pkcs15.h, + trunk/src/libopensc/reader-ctapi.c, + trunk/src/libopensc/reader-pcsc.c, trunk/src/libopensc/sc.c, + trunk/src/libopensc/sec.c, trunk/src/libopensc/types.h: convert + to utf-8. + +2006-12-19 21:28 aj + + * trunk/NEWS: convert to utf-8 + * trunk/aclocal/pkg.m4: convert to ascii. + +2006-12-19 20:48 aj + + * trunk/src/common/getopt.txt: convert to unix style line ending. + +2006-12-18 21:58 aj + + * trunk/src/libopensc/card-muscle.c, + trunk/src/libopensc/muscle-filesystem.h, + trunk/src/libopensc/muscle.c, trunk/src/libopensc/muscle.h: + update to latest muscle code. + +2006-12-18 21:34 aj + + * trunk/src/pkcs15init/pkcs15-lib.c: apcos driver is not yet + commited. + +2006-12-18 11:23 nils + + * trunk/src/pkcs15init/pkcs15-lib.c: pad only if necessary + +2006-12-18 11:22 nils + + * trunk/src/pkcs15init/pkcs15-init.h: remove comment + * trunk/src/libopensc/iso7816.c: use net size if available + +2006-12-18 07:42 aj + + * trunk/src/pkcs11/pkcs11.h, trunk/src/pkcs11/sc-pkcs11.h: update + to latest pkcs11.h version. + +2006-12-10 13:33 nils + + * trunk/src/pkcs11/pkcs11.h: make it work with my compiler, add + missing parenthesis + +2006-12-10 07:57 aj + + * trunk/src/pkcs11/pkcs11.h: update to latest pkcs11.h from Marcus. + +2006-12-09 15:46 aj + + * trunk/configure.in: Alon Bar-Lev: enables disabling the linkage + of pcsc-lite and openct, even if they are installed on system. + It adds --disable-openct and --disable-pcsc-lite options. Also a + minor correction for pkg-config (adds PKG_PROG_PKG_CONFIG). + +2006-12-09 15:41 aj + + * trunk/src/pkcs11/pkcs11.h: pkcs11.h with updates from Alon. + +2006-12-08 14:56 jps + + * trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/cards.h: + Initial support for SetCOSXpresso (GemXpresso R4 with EID 2.x + applet) + +2006-12-07 10:53 aj + + * trunk/src/libopensc/muscle-filesystem.c, + trunk/src/libopensc/muscle-filesystem.h, + trunk/src/libopensc/muscle.c: define these constants where used + to kill warnings. + +2006-12-07 10:35 aj + + * trunk/src/libopensc/card-muscle.c: Thomas Harning: patch to fix + the MuscleCard driver to work in the case of forced drivers. + drv_data is used as a flag so that muscle_init knows if the + applet has been selected during initialization. + +2006-11-30 08:14 aj + + * trunk/src/libopensc/card-muscle.c, + trunk/src/libopensc/muscle-filesystem.c, + trunk/src/libopensc/muscle-filesystem.h, + trunk/src/libopensc/muscle.c, trunk/src/libopensc/muscle.h: + update the MuscleCard driver for OpenSC to use an msc_id struct + rather than int/bytes and messing around with byte-swapping for + that. (by Thomas Harning) + +2006-11-30 08:11 aj + + * trunk/configure.in, trunk/src/include/opensc/Makefile.am, + trunk/src/include/opensc/rsaref, trunk/src/pkcs11/Makefile.am, + trunk/src/pkcs11/Makefile.mak, trunk/src/pkcs11/libpkcs11.c, + trunk/src/pkcs11/pkcs11-display.c, + trunk/src/pkcs11/pkcs11-spy.c, trunk/src/pkcs11/pkcs11.h, + trunk/src/pkcs11/rsaref, trunk/src/pkcs11/sc-pkcs11.h: replace + rsa pkcs#11 header files with rewrite. + +2006-11-28 15:54 ludovic.rousseau + + * trunk/configure.in: remove now useless (see revision 3062) + --enable-debug option + +2006-11-28 11:54 martin + + * trunk/src/libopensc/card.c: Have equal number of sc_lock and + sc_unlock loglines to aid debugging locking. + +2006-11-28 11:53 martin + + * trunk/configure.in: Remove unused headers + +2006-11-23 22:40 nils + + * trunk/src/libopensc/reader-ctapi.c, + trunk/src/libopensc/reader-openct.c, + trunk/src/libopensc/reader-pcsc.c: enable APDU logging again + +2006-11-22 19:27 nils + + * trunk/src/libopensc/card-flex.c: remove unused variable, cleanup + +2006-11-21 22:10 nils + + * trunk/src/libopensc/iso7816.c: try to read at most max_recv_size + bytes in GET RESPONSE + +2006-11-18 00:05 pk + + * trunk/src/libopensc/pkcs15-tcos.c: Support for DATEV smartcard + classic + +2006-11-17 11:50 aj + + * trunk/src/signer/dialog.c: size_t is 64bit on 64bit plattforms, + thus use %ld and convert to unsigned long. + +2006-11-12 21:01 nils + + * trunk/src/libopensc/iso7816.c: + +2006-11-11 11:47 nils + + * trunk/src/libopensc/sc.c: fix typo + +2006-11-11 11:46 nils + + * trunk/src/libopensc/iso7816.c: remove useless code + +2006-11-11 11:09 nils + + * trunk/src/libopensc/sc.c: check types before concatenating paths + +2006-11-10 23:07 nils + + * trunk/src/libopensc/pkcs15-gemsafe.c: update; patch supploed by + Douglas E. Engert + +2006-11-09 21:26 nils + + * trunk/src/tools/opensc-explorer.c: fix typo + +2006-11-09 16:05 martin + + * trunk/doc/tools/pkcs15-tool.xml: Fixes #17 + +2006-11-06 11:15 vtarasov + + * trunk/src/libopensc/card-cardos.c, + trunk/src/libopensc/card-piv.c, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/log.h, trunk/src/libopensc/muscle.c: Use do + {...} while(0) construction for SC_TEST_RET, SC_FUNC_RETURN and + SC_FUNC_CALLED defines + +2006-11-02 13:58 nils + + * trunk/src/libopensc/pkcs15-sec.c: set path type; patch supplied + by Thomas Irlet + +2006-11-02 09:19 vtarasov + + * trunk/src/pkcs15init/keycache.c: When forgetting PIN set to + 'null' the corresponding named_pin's entry + +2006-11-02 06:55 aj + + * trunk/src/libopensc/card-muscle.c: Thomas Harning: sc_list_files + doesn't return the length of the applicable buffer, but instead + the # of files. Fixed. + +2006-10-31 17:29 pk + + * trunk/src/libopensc/pkcs15-tcos.c: Netkey E4 emulation + +2006-10-30 18:51 nils + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/asn1.h, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/sc.c, + trunk/src/tools/opensc-explorer.c: add support to parse the + seInfo TokenInfo entry, improve aid support in opensc-explorer + +2006-10-30 11:54 martin + + * trunk/doc/tools/opensc-explorer.xml: Remove invalid + documentation, addresses #95 + +2006-10-30 07:37 ludovic.rousseau + + * trunk/src/libopensc/ctx.c: use the OPENSC_DEBUG environment + variable to overwite the configuration variable debug in + opensc.conf + +2006-10-09 15:09 martin + + * trunk/src/libopensc/card-mcrd.c: New EstEID v1.5 card ATR + +2006-10-04 07:00 ludovic.rousseau + + * trunk/src/libopensc/pkcs15.c: c_asn1_toki[]: the serialNumber + field is not mandatory in ISO 7816-15 see + http://www.opensc-project.org/pipermail/opensc-devel/2006-October/009025.html + +2006-10-02 17:26 nils + + * trunk/src/pkcs11/pkcs11-global.c: make the decision which + locking functions to use more explicit; patch supplied by Martin + +2006-10-02 16:49 nils + + * trunk/src/libopensc/pkcs15.c: restore backward compatibility: + try READ BINARY in case of a unknown file type + +2006-10-02 13:46 ludovic.rousseau + + * trunk/src/libopensc/pkcs15.c: c_asn1_ddo[]: the oid field of the + DDO is not mandatory in ISO 7816-15 See + http://www.opensc-project.org/pipermail/opensc-devel/2006-October/009022.html + +2006-10-02 10:39 nils + + * trunk/doc/tools/pkcs15-crypt.xml: update doc + +2006-10-02 10:34 nils + + * trunk/src/tools/pkcs15-crypt.c: add the possibility to read the + pin from stdin + +2006-10-01 20:52 nils + + * trunk/src/libopensc/card-mcrd.c, + trunk/src/libopensc/reader-pcsc.c: fix warnings + +2006-10-01 20:39 nils + + * trunk/src/libopensc/iso7816.c: fix warning + +2006-09-27 22:10 nils + + * trunk/src/pkcs11/framework-pkcs15.c: set + CKF_USER_PIN_INITIALIZED only if we really have a pin object + +2006-09-27 12:02 ludovic.rousseau + + * trunk/src/libopensc/pkcs15.c: sc_pkcs15_make_absolute_path(): a + 0 length path stays a 0 length pat + +2006-09-27 12:01 ludovic.rousseau + + * trunk/src/libopensc/iso7816.c: iso7816_process_fci(): dump the + filename in Hex + ASCII instead of just ASCII in the debug log + +2006-09-26 18:17 nils + + * trunk/src/libopensc/card-oberthur.c: fix apdu + +2006-09-26 18:01 nils + + * trunk/src/tools/opensc-tool.c: check if the ef type is in range; + thanks to Thomas Irlet + +2006-09-26 10:55 henryk + + * trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-data.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-pubkey.c, + trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: Make + absolute paths from all paths read from the PKCS#15 directories + by prepending the DF(PKCS#15) path if necessary. Fixes + compatibility with Siemens HiPath SIcurity formatted cards which + use relative paths. + +2006-09-26 10:43 henryk + + * trunk/src/libopensc/pkcs15.c: Fix handling for SIMPLE-TLV + records with a three-byte length + +2006-09-26 10:36 henryk + + * trunk/src/libopensc/pkcs15.c: opensc-siemens.diff Adds support + for record-oriented files in linear variable, simple-tlv format. + TODO: Add support for all the other file formats, too. + +2006-09-26 10:31 henryk + + * trunk/src/libopensc/pkcs15.c: Make do { ... } while (...); into + while (...) { ... };. Fixes behaviour with empty files. + +2006-09-24 14:05 nils + + * trunk/src/libopensc/pkcs15.c: implement workaround for the + Taiwanese id card + +2006-09-24 12:50 nils + + * trunk/src/libopensc/sc.c: keep index and count parameters + +2006-09-22 14:34 nils + + * trunk/src/libopensc/card-starcos.c: add starcos spk 2.4 ATR + +2006-09-22 14:18 nils + + * trunk/src/libopensc/card-starcos.c: bugfix + +2006-09-20 13:33 aj + + * trunk/src/scconf/Makefile.mak: scconf needs strlcpy too. + +2006-09-20 12:32 aj + + * trunk/src/libopensc/Makefile.mak: ntohl is in ws2_32.lib / dll. + +2006-09-20 12:10 aj + + * trunk/src/libopensc/Makefile.am: don't forget part10.h (only + used on windows I think). + +2006-09-18 05:30 nils + + * trunk/src/tools/pkcs11-tool.c: add option to write data objects; + patch supplied by Cornelius Klbel + et. al. + +2006-09-17 18:34 nils + + * trunk/src/libopensc/reader-pcsc.c: remove check for T0 as it + seems to work for T1 as well + +2006-09-14 12:56 ludovic.rousseau + + * trunk/doc/tools/opensc-config.xml, + trunk/doc/tools/pkcs11-tool.xml: use for + command arguments + +2006-09-14 12:46 ludovic.rousseau + + * trunk/doc/tools/pkcs11-tool.xml: using --pin with set --login + +2006-09-14 09:17 ludovic.rousseau + + * trunk/doc/tools/pkcs11-tool.xml: explicit that --module is to + load a "PKCS#11 module (or library)" not just a module + +2006-09-14 08:55 ludovic.rousseau + + * trunk/src/pkcs11/pkcs11-global.c: C_GetInfo(): use "OpenSC + (www.opensc-project.org)" instead of "OpenSC Project + (www.opensc-project.org)" for the manufacturerID to avoid a + truncation at 32 characters + +2006-09-04 20:01 martin + + * trunk/src/libopensc/card-mcrd.c: Make sure every new opensc + instance sees the card from the sight starting point. + +2006-09-03 15:58 martin + + * trunk/src/libopensc/pkcs15-esteid.c: Update for [2836] chganges. + +2006-08-27 18:25 aj + + * trunk/src/pkcs11/slot.c: shorten string, fixing #98. + +2006-08-19 08:44 nils + + * trunk/etc/opensc.conf.in: fix typo + +2006-08-16 16:36 martin + + * trunk/src/libopensc/part10.h, trunk/src/libopensc/reader-pcsc.c: + * Fix endianness for PCSCv2 part 10 IOCTLs * Add support for + start/finish style IOCTLs * Add support for the same pinpad + functionality on windows Some code from Robert Konklewski and + Ludovic Rousseau + +2006-08-13 21:20 aj + + * trunk/src/pkcs11/pkcs11-spy.c: Douglas E. Engert: Change + PKCS11-Spy so it looks in HKEY_LOCAL_MACHINE, before + HKEY_LOCAL_USER. This should not cause any problems, as the + HKEY_LOCAL_MACHINE, "Software\PKCS11-Spy" would not normally be + set, accept while the sysadmin of the machine as trying to debug + a login type problem. + +2006-08-03 21:05 nils + + * trunk/src/libopensc/Makefile.mak, trunk/src/pkcs11/Makefile.mak, + trunk/src/pkcs15init/Makefile.mak, trunk/src/tests/Makefile.mak, + trunk/src/tools/Makefile.mak: build fixes for win; patch + supplied by Douglas E. Engert + +2006-08-02 19:43 nils + + * trunk/src/tools/opensc-explorer.c, trunk/src/tools/piv-tool.c, + trunk/src/tools/pkcs15-tool.c: fix warnings + +2006-08-02 19:31 nils + + * trunk/src/common/Makefile.mak, trunk/src/include/winconfig.h, + trunk/src/libopensc/pkcs15-piv.c, trunk/src/pkcs11/Makefile.mak, + trunk/src/tools/eidenv.c, trunk/src/tools/netkey-tool.c, + trunk/src/tools/util.h, trunk/win32/Make.rules.mak: win build + fixes; patch supplied by Douglas E. Engert + +2006-08-01 18:49 nils + + * trunk/src/libopensc/sc.c: fix sc_compare_path_prefix(); patch + supplied by Henryk Pltz + +2006-07-23 08:02 nils + + * trunk/src/tools/pkcs15-tool.c: check the value of the pin type + before accessing the array; patch supplied by Henryk Pltz + + +2006-07-18 20:37 nils + + * trunk/etc/opensc.conf.in: spelling fixes by ville.skytta@iki.fi + +2006-07-14 08:18 nils + + * trunk/src/pkcs15init/profile.c: bugfix: copy the first n + characters (if possible) + +2006-07-13 21:01 nils + + * trunk/src/pkcs15init/pkcs15-cardos.c: cardos v4.3b support + +2006-07-13 20:40 nils + + * trunk/src/libopensc/sc.c: don't accept invalid OIDs + +2006-07-13 20:37 nils + + * trunk/src/libopensc/card-cardos.c: cardos v4.3 + +2006-07-13 20:35 nils + + * trunk/src/libopensc/pkcs15.c: bugfixes ... + +2006-07-13 19:59 nils + + * trunk/src/libopensc/pkcs15.c: initialize pointer + +2006-07-12 08:12 ludovic.rousseau + + * trunk/src/libopensc/card-belpic.c, + trunk/src/libopensc/pkcs15-actalis.c, + trunk/src/libopensc/pkcs15-atrust-acos.c, + trunk/src/libopensc/pkcs15-esteid.c, + trunk/src/libopensc/pkcs15-gemsafe.c, + trunk/src/libopensc/pkcs15-infocamere.c, + trunk/src/libopensc/pkcs15-openpgp.c, + trunk/src/libopensc/pkcs15-piv.c, + trunk/src/libopensc/pkcs15-postecert.c, + trunk/src/libopensc/pkcs15-starcert.c, + trunk/src/libopensc/pkcs15-tcos.c, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/profile.c, trunk/src/scconf/parse.c, + trunk/src/tools/cryptoflex-tool.c, + trunk/src/tools/pkcs15-init.c: - use strlcpy() instead of + strncpy() to always have a terminating NUL-byte - use + sizeof(field) instead of SC_PKCS15_MAX_LABEL_SIZE-1 or + equivalent as the 3rd argument of strlcpy() + +2006-07-12 08:09 ludovic.rousseau + + * trunk/src/scconf/Makefile.am: add + $(top_srcdir)/src/common/strlcpy.c to libscconf_la_SOURCES since + src/scconf/parse.c now uses strlcpy(). Note that, since + libopensc uses libscconf, strlcpy() will be available from any + program linked with libopensc + +2006-07-12 08:06 ludovic.rousseau + + * trunk/src/libopensc/Makefile.am, + trunk/src/pkcs15init/Makefile.am: add -I$(top_srcdir)/src/common + so that strlcpy.h is found + +2006-07-12 08:05 ludovic.rousseau + + * trunk/src/common/Makefile.am, trunk/src/common/README.strlcpy, + trunk/src/common/strlcpy.3, trunk/src/common/strlcpy.c, + trunk/src/common/strlcpy.h: add strlcpy.{c,h} from + ftp://ftp.openbsd.org/pub/OpenBSD/src/lib/libc/string/ + +2006-07-12 07:43 ludovic.rousseau + + * trunk/configure.in, trunk/src/common/Makefile.am, + trunk/src/common/getopt.h, trunk/src/common/my_getopt.c, + trunk/src/common/my_getopt.h, trunk/src/tests/Makefile.am, + trunk/src/tests/sc-test.c, trunk/src/tools/Makefile.am: - remove + src/common/getopt.h since it collide with /usr/include/getopt.h + - replace @GETOPTSRC@ by $(top_srcdir)/src/common/my_getopt.c in + Makefile.am files - change the detection of getopt_long in + configure.in since GETOPTSRC is not used anymore. my_getopt.c is + now always compiled and used but provides getopt_long() only if + HAVE_GETOPT_H is NOT defined (ie. if getopt_long() is not + provided by the system) - src/common/my_getopt.c: the code is + within #ifndef HAVE_GETOPT_H - move the useful lines of + src/common/getopt.h in src/common/my_getopt.h + +2006-07-12 07:32 ludovic.rousseau + + * trunk/src/common/Makefile.am, trunk/src/common/README, + trunk/src/common/README.my_getopt: rename README in + README.my_getopt + +2006-07-12 06:41 ludovic.rousseau + + * trunk/configure.in, trunk/src/signer/Makefile.am: use + LIBASSUAN_* instead of ASSUAN_* so the assuan library is + correctly found and we avoid "undefined symbol: assuan_strerror + (.libs/opensc-signer.so)", etc + +2006-07-11 22:25 nils + + * trunk/src/libopensc/asn1.c: bugfix: return error if OID is + invalid + +2006-07-11 21:43 nils + + * trunk/src/libopensc/card-cardos.c: fix typo + +2006-07-08 12:31 nils + + * trunk/src/libopensc/card-cardos.c: changes for cardos 4.3b + +2006-07-05 19:45 aj + + * trunk/src/libopensc/pkcs15.c: replace static buffer with + dynamically allocated buffer. patch by Tomasz Lemiech to fix a + problem with setec cards. + +2006-07-05 19:36 aj + + * trunk/src/libopensc/pkcs15.c: Tomasz Lemiech wrote: I found that + struct c_asn1_odf[] in pkcs15.c does not define secretKeys + object (as specified in PKCS#15 v. 1.1 standard, par. 6.2). I + consider this to be an omission. My Setec card contains objects + of this type and all PKCS#15 operations fail with "Unable to + parse ODF". Attached patch fixes this issue. + +2006-06-27 21:54 aj + + * trunk/src/libopensc/card-flex.c: add new atr reported by Sven + Loeschner as Cryptoflex 32k Card. + +2006-06-27 17:56 sth + + * trunk/src/libopensc/internal.h: Added doxygen comments + +2006-06-27 17:49 sth + + * trunk/src/libopensc/card-muscle.c, + trunk/src/libopensc/internal.h, trunk/src/libopensc/muscle.c, + trunk/src/libopensc/sc.c: Endian-independent way to convert + numbers to a byte array + vice versa + +2006-06-26 21:03 aj + + * trunk/src/libopensc/ctx.c: check for environment variable first + on windows, too. + +2006-06-23 16:09 nils + + * trunk/src/libopensc/card-oberthur.c: fix apdu types and response + buffer length + +2006-06-21 20:05 nils + + * trunk/src/pkcs11/misc.c: bring implementation in accordance with + the docu in opensc.conf + +2006-06-19 23:04 aj + + * trunk/src/libopensc/card-flex.c: the cryptoflex manual states + the last two bytes of the atr are some software version so we + can ignore them. use the atr mask to do that. + +2006-06-19 19:01 nils + + * trunk/src/libopensc/opensc.h: fix docu + +2006-06-18 20:52 sth + + * trunk/src/libopensc/muscle.c: The applet returns unexpected + values when entering a wrong PIN; this is a work-around by + Thomas Harning + +2006-06-17 15:07 nils + + * trunk/src/libopensc/muscle-filesystem.c, + trunk/src/libopensc/muscle.c: fix warnings + +2006-06-17 12:24 nils + + * trunk/src/libopensc/card-belpic.c, + trunk/src/libopensc/card-cardos.c, + trunk/src/libopensc/card-jcop.c, + trunk/src/libopensc/card-muscle.c, + trunk/src/libopensc/card-openpgp.c, + trunk/src/libopensc/card-piv.c, + trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/cards.h, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/sec.c: remove + iso logout function, remove dummy logout functions and remove + logout call from sc_unlock() + +2006-06-16 20:47 nils + + * trunk/src/libopensc/muscle-filesystem.c: fix warning + +2006-06-08 08:12 aj + + * trunk/src/pkcs15init/Makefile.am: Fix makefile: add muscle files. + +2006-06-07 08:33 sth + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, + trunk/src/libopensc/card-muscle.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/cardctl.h, trunk/src/libopensc/cards.h, + trunk/src/libopensc/ctx.c, + trunk/src/libopensc/muscle-filesystem.c, + trunk/src/libopensc/muscle-filesystem.h, + trunk/src/libopensc/muscle.c, trunk/src/libopensc/muscle.h, + trunk/src/libopensc/opensc.h, trunk/src/pkcs15init/Makefile.mak, + trunk/src/pkcs15init/muscle.profile, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-muscle.c: Added support for + MuscleCard applet. Thanks to Thomas Harning, David Corcoran of + Identity Alliance + +2006-06-06 06:00 aj + + * trunk/src/libopensc/card-cardos.c: add new card reported to work + by Christian Koegler. Thanks Christian! + +2006-05-30 20:59 aj + + * trunk/NEWS: commit NEWS update. + +2006-05-23 20:53 aj + + * trunk/src/pkcs11/framework-pkcs15.c: sprintf bad. maybe even + potential exploitable? bug found by ville skytta using pscan. + +2006-05-23 12:55 aj + + * trunk/src/tools/Makefile.mak: fix compiling netkey-tool on win32. + +2006-05-23 09:09 aj + + * trunk/src/tools/Makefile.mak, trunk/win32/Make.rules.mak: try to + fix windows compile (include netkey-tool and cryptoflex-tool). + +2006-05-20 16:06 aj + + * trunk/src/libopensc/pkcs15-piv.c, + trunk/src/pkcs11/framework-pkcs15.c: make objects on piv card + public. + +2006-05-20 16:05 aj + + * trunk/src/pkcs11/misc.c: revert prior change as it breaks the + regression tests. + +2006-05-17 09:07 ludovic.rousseau + + * trunk/src/libopensc/reader-pcsc.c: pcsc_connect(): use an + explicit debug message if the reader supports PIN + verification/modification but that feature is not enabled in + opensc.conf (enable_pinpad = true) + +2006-05-15 18:48 nils + + * trunk/src/pkcs11/framework-pkcs15.c: check for existing public + key before creating one from the certificate; patch supplied by + Albert Solana + +2006-05-12 20:03 aj + + * trunk/src/libopensc/pkcs15-piv.c: Douglas E. Engert: removes the + private bit on the pubkey. Without this change the openssl req + with engine can not be used to generate a certificate request, + as it will not be able to find the public key that should have + been saved by the piv-tool when the private key was generated on + the card. + +2006-05-12 20:01 aj + + * trunk/src/libopensc/card-mcrd.c, + trunk/src/pkcs11/framework-pkcs15.c: compile fixes for win32. + +2006-05-10 06:18 aj + + * trunk/NEWS: document changes so far. + +2006-05-10 06:14 aj + + * trunk/configure.in: trunk is now used for changed past 0.11.1. + +2006-05-09 21:35 nils + + * trunk/src/pkcs11/framework-pkcs15.c: improve buffer length check + +2006-05-09 19:39 aj + + * trunk/src/include/winconfig.h, trunk/win32/version.rc: oops, we + forgot to update the version. fix that for opensc 0.11.1. + +2006-05-05 10:35 nils + + * trunk/src/pkcs11/misc.c: set the default for lock_login to false + (as documented in opensc.conf) + +2006-05-05 10:10 nils + + * trunk/src/libopensc/card-openpgp.c: if the card doesn't support + a logout functionality it's not an error + +2006-05-05 10:06 nils + + * trunk/src/libopensc/card-openpgp.c: bugfix: Le must be <= buffer + size + +2006-05-04 06:50 aj + + * trunk/src/libopensc/pkcs15-piv.c: piv fixes by Douglas E. + Engert. This patch will allow a flag in the opensc.conf file to + be set to only expose the PIV authentication certificate and + matching keys. + +2006-05-03 07:16 nils + + * trunk/src/libopensc/card-starcos.c: use correct ef attribute in + switch statement; thanks to Chaskiel M Grundman + + +2006-05-01 10:27 aj + + * trunk/src/libopensc/pkcs15-gemsafe.c: close memory leaks. + +2006-05-01 10:26 aj + + * trunk/src/libopensc/card-oberthur.c: close some memory leaks. + +2006-05-01 10:23 aj + + * trunk/src/pkcs15init/pkcs15-lib.c: make sure result is + null-terminated. + +2006-05-01 10:22 aj + + * trunk/src/pkcs15init/pkcs15-lib.c: at least partialy close + memory leak. + +2006-05-01 10:21 aj + + * trunk/src/pkcs15init/pkcs15-lib.c: check df before dereferencing + it. + +2006-05-01 10:20 aj + + * trunk/src/pkcs11/framework-pkcs15.c: free(data) (allocated by + sc_pkcs15_read_data_object, no reference kept anywhere). + +2006-05-01 10:17 aj + + * trunk/src/tools/eidenv.c: if exec() fails, exit with return code + 1. + +2006-05-01 10:16 aj + + * trunk/src/tools/pkcs15-init.c: initialize with NULL, so the + later check for NULL will work. + +2006-05-01 10:12 aj + + * trunk/NEWS, trunk/etc/opensc.conf.in, + trunk/src/libopensc/card-mcrd.c, trunk/src/libopensc/cards.h: + add support for d-trust cards. + +2006-05-01 10:10 aj + + * trunk/src/libopensc/apdu.c: revert bogus change. + +2006-05-01 10:07 aj + + * trunk/src/scconf/test-conf.c: bogus change, no segfault here. + +2006-05-01 10:06 aj + + * trunk/src/libopensc/log.c: revert bogus patch. + +2006-05-01 10:02 aj + + * trunk/NEWS, trunk/src/common/main.c, trunk/src/libopensc/apdu.c, + trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/ui.c, trunk/src/pkcs11/pkcs11-display.c, + trunk/src/pkcs15init/pkcs15-cardos.c, trunk/src/tests/print.c, + trunk/src/tools/netkey-tool.c, + trunk/src/tools/opensc-explorer.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/piv-tool.c, + trunk/src/tools/pkcs11-tool.c, trunk/src/tools/pkcs15-crypt.c, + trunk/src/tools/pkcs15-tool.c: fix printf size_t problem with + "%lu" and (unsigned long) cast. + +2006-05-01 09:20 aj + + * trunk/NEWS: Document changes since 0.10.0-rc2 + +2006-04-29 22:10 pk_opensc + + * trunk/src/libopensc/pkcs15-tcos.c: TCOS-Emulation, support for + Uni-Giessen card + +2006-04-27 20:44 ludovic.rousseau + + * trunk/src/libopensc/reader-ctapi.c, + trunk/src/libopensc/reader-pcsc.c: fix a memory leak that occurs + when the APDU exchange fails + +2006-04-26 11:54 aj + + * trunk/configure.in: trunk will contain work done after 0.11.0 + release + +2006-04-26 11:41 aj + + * trunk/src/pkcs11/openssl.c, trunk/src/pkcs11/pkcs11-display.c, + trunk/src/pkcs11/sc-pkcs11.h, trunk/src/tests/print.c, + trunk/src/tools/eidenv.c, trunk/src/tools/netkey-tool.c, + trunk/src/tools/opensc-explorer.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/piv-tool.c, + trunk/src/tools/pkcs11-tool.c, trunk/src/tools/pkcs15-crypt.c, + trunk/src/tools/pkcs15-tool.c: fix signed and size_t warnings. + +2006-04-26 10:08 aj + + * trunk/src/libopensc/log.c: make sure buffer is 0 terminated. + +2006-04-26 10:07 aj + + * trunk/src/libopensc/apdu.c: fix a memory leak. don't access + buffer beyond length. + +2006-04-26 10:05 aj + + * trunk/src/libopensc/card-oberthur.c: maybe it would be good to + check the return value? + * trunk/src/libopensc/ctx.c: maybe it would be good to check he + return value? + +2006-04-26 10:04 aj + + * trunk/src/libopensc/card-piv.c: fix double free and segfault. + +2006-04-26 10:02 aj + + * trunk/src/libopensc/reader-openct.c: fix memory leak. + +2006-04-26 10:01 aj + + * trunk/src/libopensc/asn1.c: remove dead code. + * trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-gpk.c: close memory leaks. + +2006-04-26 10:00 aj + + * trunk/src/pkcs11/framework-pkcs15.c: not sure it is a good idea + to ignore the return value. + +2006-04-26 09:59 aj + + * trunk/src/scconf/test-conf.c: no idea how to fix, at least + document it. + +2006-04-26 09:58 aj + + * trunk/src/tools/opensc-explorer.c: fix off by one bug. + +2006-04-24 18:41 aj + + * trunk/src/libopensc/card-tcos.c, + trunk/src/libopensc/pkcs15-tcos.c: tcos updates by Peter Koch. + +2006-04-18 15:15 aj + + * trunk/src/pkcs11/pkcs11-spy.c: remove a function that is no + longer used at all. + * trunk/src/tests/regression/Makefile.am, + trunk/src/tests/regression/functions: improve regression tests: + cleanup failed/ and out/ folder. specify path to + opensc-pkcs11.so module. + +2006-04-18 08:16 aj + + * trunk/src/libopensc/card-mcrd.c: Lindent so the result is easier + to read / diff. + +2006-04-11 20:50 aj + + * trunk/src/libopensc/card-piv.c: Douglas E. Engert wrote: The + attached change to card-piv.c is need to recognize a valid PIV + card applet. All of the previous test cards would return in + response to a SELECT the full AID where as they should have + returned the the PIX portion of the AID. The newest test cards + are now doing this correctly. This change will recognize either + as a PIV applet. + +2006-04-06 18:41 sth + + * trunk/src/pkcs15init/flex.profile: There doesn't seem to be a + need to leave the certs (and CDF) unprotected. In case there do + are problems, please revert this change + +2006-04-06 18:38 sth + + * trunk/src/pkcs15init/pkcs15-lib.c: Set the user pin reference + when writing a cert. If not, there's a problem with the onepin + profile option: the CDF (and certs) will be created with NONE + ACs instead of ACs that refer to the user PIN + +2006-04-06 18:35 sth + + * trunk/src/pkcs15init/profile.c: protect certs by default + +2006-04-03 10:42 nils + + * trunk/src/libopensc/errors.c, trunk/src/libopensc/errors.h, + trunk/src/libopensc/iso7816.c: return an error if offset is too + large + +2006-03-24 23:54 aj + + * trunk/src/signer/Makefile.am: install signer in libdir like + everything else. + +2006-03-24 10:55 nils + + * trunk/src/pkcs11/framework-pkcs15.c: check the private flag of + public key objects; patch supplied by Albert Solana + +2006-03-24 08:06 martin + + * trunk/src/libopensc/card.c: Threading: Reader locking can fail + as well + +2006-03-22 21:44 nils + + * trunk/src/libopensc/card.c, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/reader-pcsc.c: add function sc_reset() to + reset a card; patch supplied by Josep Mons Teixidor + + +2006-03-22 17:12 nils + + * trunk/src/tools/opensc-explorer.c: fix ACs; patch supplied by + njustin@idealx.com + +2006-03-16 21:37 aj + + * trunk/configure.in: simply the revision, drop the m4 code. it + didn't turn out the way I wanted it (does not contain the + _repository_/_branch_ revision). + +2006-03-09 20:35 nils + + * trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/cards.h: + initial support for the Swedish NIDEL card + +2006-03-07 07:22 ludovic.rousseau + + * trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h, + trunk/src/pkcs15init/pkcs15-lib.c: sc_pkcs15_parse_tokeninfo() + and sc_pkcs15_encode_tokeninfo() now use a + (sc_pkcs15_tokeninfo_t *) instead of struct (sc_pkcs15_card *) + +2006-03-06 09:21 ludovic.rousseau + + * trunk/src/libopensc/ui.c: __sc_ui_read_pin(): use "%lu" and + (unsigned long) cast to print a (size_t) value (size_t is 32 or + 64 bits depending on the platform) + +2006-03-06 07:58 aj + + * trunk/doc/tools/pkcs15-tool.xml: small fix - \& was left from + cut&paste from a man page. + +2006-03-05 19:43 aj + + * trunk/doc/tools/pkcs15-tool.xml: document --unblock-pin / -u + option. + +2006-03-03 22:56 nils + + * trunk/configure.in, trunk/src/libopensc/apdu.c, + trunk/src/libopensc/internal.h, + trunk/src/libopensc/reader-ctapi.c, + trunk/src/libopensc/reader-openct.c, + trunk/src/libopensc/reader-pcsc.c: - move logging to the reader + driver - log APDUs only if DEBUG is defined (sensitive APDUs + should never be logged and we cannot know whether a APDU is + sensitive or not => enable APDU logging only in a non-production + debug build) - remove OPENSC_DONT_LOG_SENSITIVE configure option + as it's needed anymore + +2006-03-03 21:10 nils + + * trunk/src/libopensc/opensc.h: add some doxygen comments + +2006-03-02 18:24 nils + + * trunk/src/libopensc/opensc.h: add note + +2006-03-02 16:17 nils + + * trunk/src/libopensc/pkcs15-piv.c: remove useless code + +2006-03-02 14:16 ludovic.rousseau + + * trunk/src/libopensc/pkcs15-actalis.c: + sc_pkcs15emu_actalis_init(): define 3 variables only #ifdef + HAVE_ZLIB_H since they are used in this case only + +2006-03-02 14:12 ludovic.rousseau + + * trunk/src/libopensc/ui.c: __sc_ui_read_pin(): use %lu instead of + %u to avoid a warning: format '%u' expects type 'unsigned int', + but argument 3 has t ype 'size_t' + +2006-03-01 22:34 nils + + * trunk/src/libopensc/opensc.h: mark second parameter of + sc_disconnect_card() as unused + +2006-03-01 09:45 martin + + * trunk/src/libopensc/card.c, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/reader-ctapi.c, + trunk/src/libopensc/reader-openct.c, + trunk/src/libopensc/reader-pcsc.c: Remove the disconnect action + from internal reader api + +2006-02-27 20:11 nils + + * trunk/src/tools/pkcs15-tool.c: use absolute paths when caching + files + +2006-02-23 19:15 nils + + * trunk/src/libopensc/pkcs15-tcos.c: change name + fix warning + +2006-02-23 18:43 nils + + * trunk/src/libopensc/card-piv.c, + trunk/src/libopensc/pkcs15-tccardos.c: fix some warnings + +2006-02-23 13:40 martin + + * trunk/src/libopensc/ctx.c: Fix for a segfaul. Patch provided by + Albert Solana Berengu + +2006-02-23 11:49 martin + + * trunk/etc/opensc.conf.in, trunk/src/libopensc/card-piv.c: Add an + example config entry for PIV cards and remove a card matching + black hole + +2006-02-23 11:02 martin + + * trunk/src/include/winconfig.h, trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, trunk/src/libopensc/card.c, + trunk/src/libopensc/pkcs15-gemsafe.c, + trunk/src/libopensc/pkcs15-openpgp.c, + trunk/src/libopensc/pkcs15-postecert.c, + trunk/src/libopensc/pkcs15-tccardos.c, + trunk/src/libopensc/pkcs15-tcos.c, + trunk/src/pkcs11/pkcs11-global.c, trunk/win32/Make.rules.mak, + trunk/win32/Makefile.mak, trunk/win32/version.rc: Small fixes + for windows compilation (Visual Studio Express 2005) + +2006-02-23 11:01 martin + + * trunk/etc/opensc.conf.in: Add a section for tokend + +2006-02-23 08:10 nils + + * trunk/src/libopensc/pkcs15-piv.c: NIST 800-73-1 certs aren't + protected by a pin anymore; patch supplied by Douglas E. Engert + + +2006-02-22 20:35 nils + + * trunk/src/libopensc/pkcs15-piv.c: use sc_format_oid() + +2006-02-17 21:06 nils + + * trunk/src/libopensc/card-piv.c, trunk/src/libopensc/ctx.c: fix + warnings + +2006-02-17 11:22 martin + + * trunk/src/libopensc/reader-pcsc.c, trunk/win32/Make.rules.mak: * + Also delete .pdb files on windows when doing a clean * Call + directly internal pcsc transmit method for pcsc pinpad calls. + +2006-02-16 21:45 nils + + * trunk/src/libopensc/pkcs15-tcos.c: add support a TCOS card used + at the uni Giessen; this is still experimental + +2006-02-15 17:29 nils + + * trunk/src/tools/cryptoflex-tool.c, trunk/src/tools/eidenv.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/util.c: use + sc_ctx_get_reader() etc. instead of of accessing the structure + members directly + +2006-02-15 17:05 nils + + * trunk/src/scconf/test-conf.c, trunk/src/tools/eidenv.c, + trunk/src/tools/netkey-tool.c, trunk/src/tools/pkcs11-tool.c: + fix some warnings + cleanup + +2006-02-15 08:10 nils + + * trunk/src/tools/piv-tool.c: fix warnings + +2006-02-15 08:07 nils + + * trunk/src/tools/pkcs15-tool.c: fix warning + +2006-02-14 22:46 nils + + * trunk/src/pkcs11/framework-pkcs15.c: a unblocking pin could be + used for authentication as well + +2006-02-14 22:41 nils + + * trunk/src/libopensc/pkcs15-tcos.c: undo commit in pkcs15-tcos.c + +2006-02-14 22:09 nils + + * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/card-piv.c, + trunk/src/libopensc/cards.h, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-piv.c, + trunk/src/libopensc/pkcs15-syn.c, + trunk/src/libopensc/pkcs15-tcos.c, trunk/src/tools/Makefile.am, + trunk/src/tools/Makefile.mak, trunk/src/tools/piv-tool.c, + trunk/src/tools/pkcs15-tool.c: add initial PIV card support; + patch supplied by Douglas E. Engert + +2006-02-14 22:04 nils + + * trunk/src/tools/util.c: fix warning + +2006-02-12 18:30 nils + + * trunk/src/libopensc/card-mcrd.c, + trunk/src/pkcs15init/pkcs15-cardos.c: add support for two byte + tags in sc_asn1_find_tag() + normalize return value + +2006-02-12 18:29 nils + + * trunk/src/libopensc/asn1.c: add support for two byte tags in + sc_asn1_find_tag() + normalize return value + +2006-02-12 17:37 nils + + * trunk/src/tools/pkcs15-tool.c: don't bind the pkcs15 card twice + +2006-02-12 17:07 nils + + * trunk/src/pkcs15init/pkcs15-lib.c: fix memory leak + +2006-02-09 20:05 nils + + * trunk/src/pkcs11/framework-pkcs15.c: support private + certificates; patch supplied by Douglas E. Engert + + +2006-02-08 22:25 nils + + * trunk/src/libopensc/pkcs15-tcos.c: pkcs15 emulation changes for + the TCOS cards, patch supplied by Peter Koch + +2006-02-08 16:29 martin + + * trunk/etc/opensc.conf.in: apdu_masquerade is gone + +2006-02-07 20:14 nils + + * trunk/src/tests/sc-test.c, trunk/src/tools/cardos-info.c, + trunk/src/tools/cryptoflex-tool.c, trunk/src/tools/eidenv.c, + trunk/src/tools/netkey-tool.c, + trunk/src/tools/opensc-explorer.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-crypt.c, + trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-tool.c: + use sc_context_create instead of sc_establish_context + +2006-02-05 19:35 nils + + * trunk/src/libopensc/card.c, trunk/src/libopensc/ctbcs.c, + trunk/src/libopensc/ctx.c, trunk/src/libopensc/internal.h, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc.c, + trunk/src/pkcs11/pkcs11-global.c: sc_mutex_destroy should have a + return value + +2006-02-05 19:00 nils + + * trunk/src/libopensc/apdu.c, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/internal.h, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/reader-ctapi.c, + trunk/src/libopensc/reader-openct.c, + trunk/src/libopensc/reader-pcsc.c: - move APDU encoding to the + reader layer - remove APDU masquerading code, it shouldn't be + necessary anymore + +2006-02-03 21:24 nils + + * trunk/src/libopensc/apdu.c: fix typo + +2006-02-01 22:59 nils + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, trunk/src/libopensc/card.c, + trunk/src/libopensc/ctbcs.c, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/internal.h, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/portability.c, trunk/src/libopensc/sc.c, + trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/sc-pkcs11.h, + trunk/src/pkcs15init/pkcs15-gpk.c: - remove dependence on a + specific threading library - add two new structures: + sc_thread_context_t which let the user specify the mutex + functions to use and sc_context_param_t to specify parameters + for the sc_context_t creation (including mutex functions) using + sc_create_context() - add new function sc_context_create() - + remove timestamp code from libopensc + +2006-01-31 15:53 martin + + * trunk/src/libopensc/card.c, trunk/src/libopensc/internal.h, + trunk/src/libopensc/opensc.h, + trunk/src/libopensc/reader-openct.c, + trunk/src/libopensc/reader-pcsc.c: Rename: _get_conf_block -> + sc_get_conf_block and put it into opensc.h This way it can be + used by OpenSC tokend module. + +2006-01-26 19:02 aj + + * trunk/src/libopensc/card-cardos.c, trunk/src/libopensc/cards.h, + trunk/src/tools/cardos-info.c: add atr and os identification for + cardos 4.3 (plain, not b, not likely to be ever seen, but 100% + compatible to 4.3b as far as I know - only slower). + +2006-01-23 22:02 aj + + * trunk/src/pkcs15init/pkcs15-cardos.c, + trunk/src/pkcs15init/pkcs15-init.h: rename lower level function, + fix typo. + +2006-01-23 21:48 aj + + * trunk/src/pkcs15init/Makefile.am, + trunk/src/pkcs15init/Makefile.mak, + trunk/src/pkcs15init/cardos.profile, + trunk/src/pkcs15init/etoken.profile, + trunk/src/pkcs15init/pkcs15-cardos.c, + trunk/src/pkcs15init/pkcs15-etoken.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c: big rename etoken -> cardos, + part II. + +2006-01-23 21:44 aj + + * trunk/src/libopensc/ctx.c: move renames. + +2006-01-23 21:43 aj + + * trunk/src/libopensc/card-cardos.c, + trunk/src/libopensc/cardctl.h, trunk/src/libopensc/cards.h, + trunk/src/libopensc/opensc.h: rename everything namend "etoken" + to "cardos" :) + +2006-01-23 21:39 aj + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, + trunk/src/libopensc/card-cardos.c, + trunk/src/libopensc/card-etoken.c: rename card-etoken.c to + card-cardos.c + +2006-01-23 18:09 martin + + * trunk/src/libopensc/card.c: If, for some reasons, card can not + be initialized (broken) then we must make sure that we release + all resources (disconnect the card). If not we can only have 16 + tries with a longrunning application (number of contexts inside + pcsclite). + +2006-01-23 17:37 martin + + * trunk/src/libopensc/card-mcrd.c, + trunk/src/libopensc/pkcs15-esteid.c: Some cleanup/fixes in + micardo/esteid code related to new apdu.c Now it works again ;) + +2006-01-23 17:29 martin + + * trunk/src/libopensc/pkcs15-cache.c, + trunk/src/libopensc/pkcs15.c: Negative r has a meaning in the + cached file logic, so be sure to reset it to -1 after + sc_print_path has returned a value. + +2006-01-22 21:15 aj + + * trunk/NEWS, trunk/README, trunk/src/pkcs11/pkcs11-global.c, + trunk/src/pkcs11/slot.c, trunk/src/tools/netkey-tool.c, + trunk/src/tools/pkcs15-tool.c: change more opensc.org references + to opensc-project.org till dns is back. + +2006-01-22 21:07 aj + + * trunk/doc/README, trunk/doc/export-wiki.sh: moved to + opensc-project till opensc.org dns is back. fix openct + references to opensc. + +2006-01-21 11:53 nils + + * trunk/src/pkcs15init/etoken.profile: increase size for bigger + keys + +2006-01-20 20:52 nils + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/asn1.h, + trunk/src/libopensc/pkcs15-algo.c, + trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-data.c, + trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-pubkey.c, + trunk/src/libopensc/pkcs15-wrap.c, trunk/src/libopensc/pkcs15.c, + trunk/src/tools/pkcs15-tool.c: use more opensc specific names + for ASN.1 tags to avoid name conflicts with other ASN.1 libraries + +2006-01-12 09:37 aj + + * trunk/configure.in: doc/old is gone. + +2006-01-12 09:36 aj + + * trunk/man/old: remove old man pages (replaced by new man pages + in xml format). + * trunk/doc/Makefile.am, trunk/doc/old: remove old documentation + (replaced by wiki). + +2006-01-11 23:41 nils + + * trunk/src/libopensc/card-atrust-acos.c, + trunk/src/libopensc/card-flex.c, + trunk/src/libopensc/card-oberthur.c, + trunk/src/libopensc/card-starcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/sc.c, trunk/src/libopensc/types.h, + trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-oberthur.c, + trunk/src/pkcs15init/profile.c: - implement thread-safe path + printing function sc_path_print() and use it src/libopensc/ and + src/pkcs15init/ - use size_t for the certlen parameter of + sc_pkcs15init_update_certificate() + +2006-01-07 23:40 martin + + * trunk/src/libopensc/card-mcrd.c: Get rid of handwritten + sc_read_record calls + +2006-01-05 22:21 nils + + * trunk/src/scconf/test-conf.c: the current code requires a + pointer to a integer, note: it's actually not a bug when + foo_item is NULL as the necessary scconf_item object is created + by scconf_item_add_internal + +2006-01-04 18:52 nils + + * trunk/src/libopensc/ctx.c: don't segfault if no config file + could be found (win); thanks to Nicolas Justin + + +2006-01-03 22:46 nils + + * trunk/src/libopensc/pkcs15-actalis.c: increase buffer size for + the serial number to 9 as we need 8 bytes for serial number plus + 1 byte for the terminating 0 character + +2006-01-03 16:24 sth + + * trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/tools/pkcs15-init.c: Add possibility to change pkcs15 + attributes (currently only the label) + +2006-01-03 14:42 sth + + * trunk/src/pkcs15init/pkcs15.profile: Forgotten to add in r2773 + +2006-01-01 23:11 nils + + * trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc.c: summary: + -add more general path concatenation function + sc_concatenate_path() and let sc_append_path use it. -add + function sc_compare_path_prefix to check whether a path starts + with a certain sub-path (prefix). -add some doxygen docu to some + path handling functions + +2005-12-30 10:34 sth + + * trunk/src/tools/pkcs15-tool.c: Typo fixes + +2005-12-28 20:20 aj + + * trunk/src/tools/opensc-explorer.c: "cat xxxx" is not supposed to + create errors (on record structured files). so silence it. + +2005-12-28 20:15 nils + + * trunk/src/libopensc/card-incrypto34.c, + trunk/src/libopensc/reader-openct.c, + trunk/src/libopensc/reader-pcsc.c: fix warnings + +2005-12-28 20:05 nils + + * trunk/src/libopensc/pkcs15-tccardos.c: + +2005-12-28 20:01 nils + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, trunk/src/libopensc/apdu.c, + trunk/src/libopensc/card.c, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/types.h: + summary: -complete rewrite of the APDU/transmission handling + code (should now support extended APDUs and is hopefully better + documented. Note: support for the T0 ENVELOPE command is still + missing due to a lack of test cards). -add new APDU case + constants SC_APDU_CASE_2 etc. which let OpenSC decides, based on + the card capabilities, whether to use short or extended APDUs. + -add new capability SC_CARD_CAP_RSA_2048 for cards supporting + 2048 bit RSA operations (note: this is more a preliminary hack) + +2005-12-28 19:41 nils + + * trunk/src/pkcs15init/pkcs15-lib.c: remove unused variable + +2005-12-28 19:38 nils + + * trunk/src/libopensc/card-etoken.c, trunk/src/libopensc/cards.h, + trunk/src/pkcs15init/pkcs15-etoken.c: add support for cardos + m4.2 (still experimental) + +2005-12-27 14:11 martin + + * trunk/src/libopensc/iso7816.c: If there's less data ina + file/record than requested do not fail but return as much data + as was available. This behaviour is similar to read(2). + +2005-12-27 13:41 martin + + * trunk/src/libopensc/reader-pcsc.c: If SCardControl fails there's + nothing bad going on - just there's no support for this feature. + +2005-12-27 13:39 martin + + * trunk/etc/opensc.conf.in: hav commented configuration lines have + the opposite values of hardcoded defaults. + +2005-12-26 23:09 aj + + * trunk/configure.in: use svn revision based version numbers. + +2005-12-26 18:50 aj + + * trunk/src/libopensc/pkcs15-tcos.c, + trunk/src/tools/netkey-tool.c: tcos update by peter koch, adds + interoperability with th darmstadt cards. + +2005-12-23 11:23 sth + + * trunk/etc/opensc.conf.in: Added default debug/log file locations + for Windows + +2005-12-23 10:15 sth + + * trunk/src/libopensc/log.c, trunk/src/pkcs11/pkcs11-global.c: + Referted the 'Fireofox 1.5' fix in log.c and replaced it by + letting a blocking C_WaitForSlotEvent() return + CKR_FUNCTION_NOT_SUPPORTED. This isn't a solution for the + multihread problems (things hang or try to log to a released + context) but at least it solves the Ff 1.5 problems + +2005-12-22 15:54 nils + + * trunk/src/libopensc/card-flex.c: use correct apdu case and set + Le value + +2005-12-21 21:19 nils + + * trunk/src/tests/p15dump.c: suppress errors when EF(unusedSpace) + is missing + +2005-12-18 07:54 sth + + * trunk/src/pkcs15init/pkcs15.profile: Belongs to the rev. 2769 + patch for adding EF(UnusedSpace) support + +2005-12-17 21:52 nils + + * trunk/src/libopensc/pkcs15.c: remove unused variables + +2005-12-17 20:54 nils + + * trunk/src/pkcs15init/pkcs15-lib.c: fix key usage flags and + ensure that we are in the correct lifecycle + +2005-12-17 19:53 sth + + * trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/profile.c, trunk/src/tests/p15dump.c: Add + support for reading and writing from/to an EF(UnusedSpace) file; + this functionality can be used for deleting and creating pkcs15 + objects (that reside in a file) + +2005-12-16 20:52 nils + + * trunk/src/tools/cardos-info.c: add cardos m4.2 and print the + startkey version in hex + +2005-12-14 10:59 aj + + * trunk/src/tools/Makefile.am: pkcs15-tool needs openssl_libs + also, if it is available. only older gcc versions found this + problem, it seems. + +2005-12-12 20:38 nils + + * trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/card-starcos.c: fix APDU case + +2005-12-08 20:25 sth + + * trunk/src/libopensc/log.c, trunk/src/pkcs11/pkcs11-global.c: Fix + for ticket #45: Firefox 1.5 and new Mozilla's crash when they + are closed because there's a blocking C_WaitForSlotEvent() + called from another thread then the 'main' thread that calls + C_Finalize(); and this cause C_WaitForSlotEvent() to log to a + NULL context -> assertion failure. + +2005-12-08 09:05 ludovic.rousseau + + * trunk/src/libopensc/card-setcos.c: etcos_create_file_44(): use + sizeof(pins)/sizeof(pins[0]) instead of a constant (7) + +2005-12-05 22:09 aj + + * trunk/src/scconf/scconf.c: oops, parm points to the first char, + not to a pointer to the string. + +2005-12-05 22:07 aj + + * trunk/src/scconf/scconf.c: remove unused variable item in + scconf_put_str. remove unused variable ret in scconf_put_int. + from the readme: "if parm not NULL, then ... parm points to ..." + so we need to get the value of the location where it points to. + +2005-12-05 21:59 aj + + * trunk/src/pkcs15init/pkcs15-oberthur.c: free pub_buff in error + path. removed unused pubfile variable and dead code. check + prvfile != NULL. + +2005-12-05 21:58 aj + + * trunk/src/pkcs15init/pkcs15-cflex.c: check prkf != NULL. + +2005-12-05 21:57 aj + + * trunk/src/pkcs15init/pkcs15-lib.c: free profilke and pin_obj in + the error path. check res_obj and keybits/keyargs before + dereferencing. + +2005-12-05 21:55 aj + + * trunk/src/pkcs15init/profile.c: check p15card != NULL before + accessing it. in the error path free file if it was allocated. + +2005-12-05 21:53 aj + + * trunk/src/pkcs11/secretkey.c: no code change, only easier to + parse :) + +2005-12-05 21:52 aj + + * trunk/src/signer/opensc-crypto.c: also check that priv->p15card + is not NULL. + +2005-12-05 21:51 aj + + * trunk/src/libopensc/pkcs15-infocamere.c: for example if the card + was removed, select file on the main folder will fail. so I + think it is best to return the error. + +2005-12-05 21:50 aj + + * trunk/src/libopensc/pkcs15-postecert.c: even select_file can + fail (if card was removed etc.) so better check the error and + return the problem, right? + +2005-12-05 21:49 aj + + * trunk/src/libopensc/pkcs15-algo.c: fix typo on *paramp test. + check alg_info always, not only in some case. + +2005-12-05 21:48 aj + + * trunk/src/libopensc/pkcs15-syn.c: check scconf_find_blocks + returning NULL add a free(obj) to the error path. + +2005-12-05 21:43 aj + + * trunk/src/libopensc/card-oberthur.c: check file parameter. set + file=NULL after freeing it to avoid potential double free. check + key_file parameter before dereferencing it. check card first, + then derefence it. + +2005-12-05 21:41 aj + + * trunk/src/libopensc/card-setcos.c: sizeof(int[7]) is 28. I think + bCommands_pin should have 7 elements, too. + +2005-12-05 21:39 aj + + * trunk/src/libopensc/card-openpgp.c: remove unneeded if(1) block. + free temp in error paths. + * trunk/src/libopensc/card-belpic.c: check if scconf_find_blocks + returned NULL + +2005-12-05 21:38 aj + + * trunk/src/libopensc/reader-ctapi.c: check if scconf_find_blocks + returned NULL + +2005-12-05 21:37 aj + + * trunk/src/libopensc/pkcs15.c: check if scconf_find_blocks + returned NULL. + * trunk/src/libopensc/iso7816.c: add proper free to error path. + +2005-12-05 21:36 aj + + * trunk/src/libopensc/sc.c: simply code / remove dead code. + * trunk/src/libopensc/card.c: check if scconf_find_blocks returns + NULL; + +2005-12-05 21:35 aj + + * trunk/src/libopensc/ctx.c: add paranoia: what if + scconf_find_bloicks returns NULL? + +2005-12-05 21:33 aj + + * trunk/src/libopensc/pkcs15-wrap.c: add paranoia: check all + arguments before dereferencing them to prevent segfaults. + * trunk/src/libopensc/dir.c: free allocated variable in error + path. set rec=NULL after freeing it to prevent double free'ing. + +2005-12-05 21:31 aj + + * trunk/src/tools/cryptoflex-tool.c: free buf if pin was entered + incorrectly. check if file is not NULL (out of memory). free + file, if something goes wrong. free pin/puk once no longer + needed. + +2005-12-05 21:29 aj + + * trunk/src/tools/pkcs15-init.c: make code easier by removing + match variable. check if cert was returned != NULL. free cert if + there is some error. set variables to NULL after being freed, to + avoid potential double free bugs. + +2005-12-05 21:27 aj + + * trunk/src/tools/opensc-explorer.c: proper cleanup: close files + if something goes wrong. + * trunk/src/tools/pkcs15-tool.c: check publickey variable before + de-referencing. change newpin to NULL so it can't get free'd + twice. allocate buf from heap, not stack (quite large). + +2005-12-05 21:25 aj + + * trunk/src/tools/pkcs11-tool.c: #if out the dead code. remove + some dead code in the hexdump code. + +2005-12-05 21:22 aj + + * trunk/src/scconf/test-conf.c: does not work, will segfault. also + no need to assign foo_item all the time, scconf_item_add returns + the item parameter, so it does not change. + +2005-12-05 21:21 aj + + * trunk/src/scconf/parse.c: add a few sanity checks. + +2005-12-04 23:23 nils + + * trunk/src/pkcs11/framework-pkcs15.c: fix problem with + uninitialized pointer; this patch resolves opensc ticket #61 + +2005-12-02 22:24 nils + + * trunk/src/libopensc/card-incrypto34.c, + trunk/src/pkcs15init/pkcs15-incrypto34.c: fix pkcs15 + initialization + fix DIRECTORY command; patch supplied by + Giuseppe AMATO + +2005-12-01 22:18 aj + + * trunk/src/libopensc/card-flex.c: fix for the combination of + cryptoflex, 2048bit keys and some smart card readers by + Jean-Pierre Szikora + +2005-11-29 20:56 nils + + * trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-tool.c: + use sc_print_path + +2005-11-28 23:07 nils + + * trunk/src/tests/print.c: use sc_print_path + +2005-11-26 10:03 nils + + * trunk/src/libopensc/card-atrust-acos.c, + trunk/src/libopensc/card-starcos.c: remove senseless and + inconsistent checks + cleanup + +2005-11-25 19:11 nils + + * trunk/src/libopensc/reader-pcsc.c: use unsigned int instead of + uint16_t + +2005-11-20 21:53 nils + + * trunk/src/libopensc/card-starcos.c: remove disabled code, + request FCI only if a file object has been specified + +2005-11-17 10:23 nils + + * trunk/src/libopensc/opensc.h: fix ac for file deletion + +2005-11-01 22:34 aj + + * trunk/src/tools/cardos-info.c: add more cardos versions. + +2005-11-01 08:31 nils + + * trunk/src/tests/regression/init0005: use 1024 bit keys for + testing to avoid problems with starcos tokens + +2005-10-31 19:31 sth + + * trunk/src/tools/pkcs15-init.c: Let --assert-pristine work for + Setcos 4.4 cards + +2005-10-31 18:44 nils + + * trunk/src/libopensc/card.c, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/opensc.h: fix GET RESPONSE handling + +2005-10-30 21:44 nils + + * trunk/src/pkcs11/slot.c: use sc_ctx_get_reader + +2005-10-30 21:42 nils + + * trunk/src/libopensc/pkcs15-actalis.c, + trunk/src/libopensc/pkcs15-infocamere.c, + trunk/src/libopensc/pkcs15-postecert.c, + trunk/src/libopensc/pkcs15-syn.c, trunk/src/libopensc/pkcs15.h: + remove deprecated pkcs15 emulation api. Add temporary wrappers + for the new functions in some pkcs15 emulation drivers. + +2005-10-30 21:17 nils + + * trunk/src/libopensc/card.c: fix warning + +2005-10-30 20:37 nils + + * trunk/src/libopensc/card.c, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/opensc.h: summary: - improve support for + extended APDUs - add experimental support for command chaining - + simplify get_response prototype + +2005-10-30 19:55 nils + + * trunk/src/libopensc/pkcs15-syn.c, trunk/src/libopensc/pkcs15.h: + add pkcs15 emu function for data objects + +2005-10-30 19:08 nils + + * trunk/src/libopensc/card-atrust-acos.c, + trunk/src/libopensc/card-etoken.c, + trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/card-incrypto34.c, + trunk/src/libopensc/card-jcop.c, + trunk/src/libopensc/card-mcrd.c, + trunk/src/libopensc/card-openpgp.c, + trunk/src/libopensc/card-setcos.c, + trunk/src/libopensc/card-starcos.c, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/dir.c, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15-atrust-acos.c, + trunk/src/libopensc/pkcs15-gemsafe.c, + trunk/src/libopensc/pkcs15-infocamere.c, + trunk/src/libopensc/pkcs15-starcert.c, + trunk/src/libopensc/pkcs15-tcos.c, trunk/src/libopensc/pkcs15.c, + trunk/src/pkcs11/framework-pkcs15init.c, + trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-oberthur.c, + trunk/src/pkcs15init/pkcs15-setcos.c, + trunk/src/pkcs15init/pkcs15-starcos.c, + trunk/src/tools/cryptoflex-tool.c, + trunk/src/tools/pkcs15-init.c: add functions void + sc_ctx_suppress_errors_on(sc_context_t *ctx); void + sc_ctx_suppress_errors_off(sc_context_t *ctx); to turn on/off + error suppression (to avoid accessing sc_context_t directly) and + use it. + +2005-10-30 18:05 nils + + * trunk/src/libopensc/internal.h, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/sc.c, trunk/src/tools/pkcs11-tool.c, + trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-tool.c, + trunk/src/tools/util.c, trunk/src/tools/util.h: summary: - add + new function sc_format_oid to libopensc - cleanup libopensc api + +2005-10-29 21:17 martin + + * trunk/src/libopensc/reader-pcsc.c: Update pcsc pinpad code to + latest pcsc-lite code, limit to pcsc-lite only. Verify works + fine, modify needs some debugging-testing. + +2005-10-28 18:10 nils + + * trunk/src/libopensc/pkcs15-infocamere.c: update from Sirio + Capizzi + +2005-10-27 21:39 martin + + * trunk/src/libopensc/card-etoken.c: This works better. + +2005-10-27 20:16 nils + + * trunk/src/libopensc/card-etoken.c: add another cardos ATR, + supplied by graaf@virgilio.it + +2005-10-24 22:00 aj + + * trunk/CodingStyle, trunk/INSTALL, trunk/Makefile.am, trunk/NEWS, + trunk/README: remove outdated files, improve documentation + slightly. + +2005-10-24 21:58 nils + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, + trunk/src/libopensc/card-incrypto34.c, + trunk/src/libopensc/cardctl.h, trunk/src/libopensc/cards.h, + trunk/src/libopensc/ctx.c, trunk/src/libopensc/log.h, + trunk/src/libopensc/opensc.h, trunk/src/pkcs15init/Makefile.am, + trunk/src/pkcs15init/Makefile.mak, + trunk/src/pkcs15init/incrypto34.profile, + trunk/src/pkcs15init/pkcs15-incrypto34.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c: add support for the Italian + Incrypto34 smartcard; patch supplied by Giuseppe AMATO + + +2005-10-24 21:18 aj + + * trunk/man/Makefile.am: fix man page installation. + +2005-10-24 15:19 martin + + * trunk/etc/opensc.conf.in: More comments on default config options + +2005-10-21 20:12 aj + + * trunk/configure.in: not compatible with 0.9.*. increse library + major revision. + +2005-10-21 19:40 nils + + * trunk/src/tools/pkcs11-tool.c: fix typo + +2005-10-21 17:34 aj + + * trunk/NEWS, trunk/doc/old/doxygen.conf, + trunk/src/include/winconfig.h, trunk/win32/version.rc: prepare + 0.10.0 release. + +2005-10-20 12:55 aj + + * trunk/Makefile.am, trunk/QUICKSTART, trunk/README: remove + QUICKSTART (outdated and replaced by wiki documentation + "QuickStart") and add README pointing people to our wiki / html + documentation. + +2005-10-17 08:00 aj + + * trunk/src/libopensc/card-tcos.c: update by Peter Koch. still one + problem left in pkcs11-tool, but lots of improvements. + +2005-10-15 14:53 martin + + * trunk/etc/opensc.conf.in: Comment config file lines that have + default values. + +2005-10-13 11:19 sth + + * trunk/src/tools/pkcs11-tool.c: Compiler warning fix: use 'char * + argv[]' in main() because getopt_long() does so too + +2005-10-12 17:52 nils + + * trunk/src/libopensc/card-setcos.c: bugfix for a potential + segfault in card-setcos.c when the acl "pointer" is one of the + special values 1,2,3 Patch supplied by Jakub Bogusz + + +2005-10-12 13:37 ludovic.rousseau + + * trunk/man/Makefile.am: use *.[1-7] instead of *.1 *.3 *.5 *.7 to + avoid the (harmless) error "ls: *.7: No such file or directory" + +2005-10-11 20:57 aj + + * trunk/src/tools/pkcs11-tool.c, trunk/src/tools/util.h: fix + compiling on solaris9. Thanks to Douglas E. Engert + +2005-10-10 19:24 aj + + * trunk/etc/opensc.conf.in: masquerading is no longer needed on + windows or mac os X and never was on linux. + +2005-10-10 08:07 aj + + * trunk/doc/tools/netkey-tool.xml: fix typo. + +2005-10-09 22:15 nils + + * trunk/src/libopensc/sc.c: fix build with openssl 0.9.8: move + "#include up and remove unnecessary include + for asn1.h + +2005-10-09 12:00 nils + + * trunk/src/libopensc/card.c: fix typo + +2005-10-08 11:08 nils + + * trunk/src/libopensc/dir.c, trunk/src/libopensc/pkcs15.c: + suppress errors in pkcs15 card detection if we don't know + whether we really have a pkcs15 card + +2005-10-07 20:04 nils + + * trunk/src/libopensc/pkcs15-infocamere.c: set the ca certificate + only if it's really present + +2005-10-07 19:58 nils + + * trunk/src/tools/pkcs15-tool.c: print lastUpdate field as well + +2005-10-07 11:40 martin + + * trunk/configure.in: define HAVE_PCSC on darwin with native pcsc + +2005-10-07 07:06 aj + + * trunk/src/tools/pkcs15-tool.c: add a few details about the card, + also by Antonio Iacono. + +2005-10-06 19:30 aj + + * trunk/src/tools/pkcs15-tool.c: add --dump option, thanks to + antonio + +2005-10-06 18:23 aj + + * trunk/etc/opensc.conf.in: enable masquerading by default for + pcsc. + +2005-10-06 10:28 martin + + * trunk/configure.in: Fix the #define in pcsc probing, move + pkg-config code before the darwin-specific code so that if a + pkg-config enabled pcsc is installed you can simply use + PKG_CONFIG_PATH to detect it. + +2005-10-06 06:57 aj + + * trunk/configure.in, trunk/src/libopensc/reader-pcsc.c: Better + name, as suggested by Ludovic. + +2005-10-05 15:25 aj + + * trunk/configure.in, trunk/src/libopensc/reader-pcsc.c: __APPLE__ + does not need special handly. Only the broken pcsc-lite shipped + in mac os X does, so use define set by configure on mac os X, if + the default pcsc is used, but not if a self compiled is used. + teach configure new getopt source file names. + +2005-10-05 15:23 aj + + * trunk/src/common/ChangeLog, trunk/src/common/LICENSE, + trunk/src/common/Makefile.am, trunk/src/common/Makefile.mak, + trunk/src/common/README, trunk/src/common/getopt.3, + trunk/src/common/getopt.c, trunk/src/common/getopt.h, + trunk/src/common/getopt.txt, trunk/src/common/getopt1.c, + trunk/src/common/getopt_int.h, trunk/src/common/main.c, + trunk/src/common/my_getopt.c, trunk/src/common/my_getopt.h: + replace GNU/glibc getopt (LGPL) with my_getopt (BSD). + +2005-10-01 18:51 sth + + * trunk/src/pkcs11/framework-pkcs15.c: Do an sc_lock() before an + sc_pkcs15init_bind(). Reason: in sc_pkcs15init_bind() an + sc_lock() and sc_unlock() is done; and when the lock_login + config option is set to false, the sc_unlock() will call + logout() which for some cards means a SELECT(3F00) -> unwanted + change of the current EF/DF causing errors + +2005-09-30 17:44 aj + + * trunk/src/pkcs11/pkcs11.h: reomve unneeded ifdefs. + +2005-09-30 11:17 sth + + * trunk/src/pkcs11/pkcs11.h: Removed the bundle on Mac + +2005-09-30 06:35 aj + + * trunk/src/libopensc/errors.c: "Unsupported" might be easier to + understand. + +2005-09-28 14:52 sth + + * trunk/src/tools/pkcs15-init.c: Fix: deleting a cert chain with 1 + or more intermediate CA's crashed + +2005-09-27 17:22 nils + + * trunk/src/tools/pkcs11-tool.c: add option to specify the key + length + +2005-09-24 17:45 aj + + * trunk/src/libopensc/card-tcos.c: new tcos atr provided by Gerald + Richter. + +2005-09-23 15:47 aj + + * trunk/src/common/Makefile.am, trunk/src/common/getopt.c, + trunk/src/common/getopt.h, trunk/src/common/getopt1.c, + trunk/src/common/getopt_int.h: replace gpl'ed and old version + with new lgpl'ed version from glibc. + +2005-09-23 15:46 aj + + * trunk/doc/Makefile.am: proper reference to src dir. + +2005-09-23 15:45 aj + + * trunk/aclocal/Makefile.am: list all current macro packages. + +2005-09-22 14:53 aj + + * trunk/doc/old/Makefile.am, trunk/doc/old/init_perso_guide.html, + trunk/doc/old/init_perso_guide.txt: add init perso guide by Nils. + +2005-09-22 14:51 aj + + * trunk/src/libp11, trunk/src/scdl, trunk/src/sslengines: scdl is + replaced by ltdl, libp11 and sslengines are not standalone. + +2005-09-22 13:15 aj + + * trunk/src/pkcs11/rsaref/Makefile.am, + trunk/src/pkcs11/rsaref/README: Document cryptoki header files. + +2005-09-22 12:45 sth + + * trunk/src/pkcs15init/pkcs15-lib.c: No SC_AC_OP_DELETE for EFs + +2005-09-22 08:50 martin + + * trunk/configure.in: Also remove the bundle stuff from configure + +2005-09-21 20:18 aj + + * trunk/src/pkcs11/Makefile.mak: scconf no longer needed for + pkcs#11 spy. + +2005-09-21 20:17 aj + + * trunk/src/pkcs11/Makefile.am: do not install bundles on mac os + X. no reason to. + +2005-09-21 18:55 bert + + * trunk/doc/tools/netkey-tool.xml, trunk/doc/tools/tools.xml: + Added Peter Koch's netkey-tool manpage + +2005-09-21 12:52 martin + + * trunk/Makefile.am, trunk/configure.in, + trunk/src/pkcs11/Makefile.mak: Fix makefiles + +2005-09-21 10:10 martin + + * trunk/win32/Make.rules.mak: It actually helps to have make clean + on windows too + +2005-09-21 10:09 martin + + * trunk/macos: don't know what it was for but it's not needed now. + +2005-09-20 22:22 nils + + * trunk/src/libopensc/card.c: fix TPDU if T0 is used + +2005-09-20 07:32 aj + + * trunk/aclocal/libtool.m4: adding libtool.m4 was a bad idea and + causes problems. undo. + +2005-09-19 16:37 nils + + * trunk/src/tools/pkcs15-init.c: remove unused variable + +2005-09-19 08:09 ludovic.rousseau + + * trunk/src/libopensc/ui.c: use_color(): add "rxvt-unicode" to the + list of terminals supporting colors + +2005-09-18 20:29 aj + + * trunk/src/libopensc/card.c: undo change 2397 as it breaks openct + and you can use apd_masquerade = case4as3 instead. + +2005-09-18 12:33 aj + + * trunk/etc/opensc.conf.in, trunk/src/libopensc/reader-openct.c: + make openct readers configureable. + +2005-09-18 11:00 aj + + * trunk/etc/opensc.conf.in, trunk/src/pkcs11/Makefile.am, + trunk/src/pkcs11/pkcs11-spy.c: pkcs11-spy no longer uses a + config file. + +2005-09-17 10:44 nils + + * trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/card-oberthur.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/ctx.c, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-pubkey.c, + trunk/src/libopensc/pkcs15-sec.c, + trunk/src/libopensc/reader-openct.c, trunk/src/libopensc/sc.c, + trunk/src/libopensc/ui.c, trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs15init/keycache.c: add a new function void + sc_mem_clear(void *ptr, size_t len); to clear a memory buffer. + If OpenSSL is used this function is a wrapper for + OPENSSL_cleanse, otherwise memset is currenlty used. Use this + function to clear memory buffers with sensitive content. + +2005-09-17 09:40 nils + + * trunk/src/libopensc/reader-ctapi.c, + trunk/src/libopensc/reader-pcsc.c, + trunk/src/signer/opensc-support.c: use calloc instead of malloc + + memset + +2005-09-17 08:53 nils + + * trunk/src/libopensc/card-belpic.c: remove useless memset + +2005-09-17 08:20 nils + + * trunk/src/libopensc/iso7816.c: don't use static buffer in + iso7816_build_pin_apdu + +2005-09-17 08:04 nils + + * trunk/src/libopensc/pkcs15-infocamere.c: fix warning + +2005-09-16 20:31 nils + + * trunk/src/libopensc/ctx.c, trunk/src/libopensc/pkcs15-syn.c, + trunk/src/libopensc/reader-ctapi.c, trunk/src/libopensc/ui.c, + trunk/src/pkcs15init/pkcs15-lib.c: log dlerror message when + dlopen failed + +2005-09-16 10:18 nils + + * trunk/src/libopensc/ctx.c, trunk/src/libopensc/opensc.h, + trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/slot.c: add + two new functions sc_reader_t *sc_ctx_get_reader(sc_context_t + *ctx, unsigned int i); unsigned int + sc_ctx_get_reader_count(sc_context_t *ctx); to access the + reader_count and the sc_reader objects (to avoid accessing the + sc_context members directly). Use these functions in src/pkcs11 + + error checking to avoid accessing invalid sc_reader objects. + +2005-09-16 08:55 nils + + * trunk/etc/opensc.conf.in, trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, + trunk/src/libopensc/pkcs15-syn.c, + trunk/src/libopensc/pkcs15-tccardos.c: add pkcs15 emulation + support for a cardos based id card issued by tc trustcenter + +2005-09-15 19:40 sth + + * trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/tools/pkcs15-init.c: Added certificate update + functionality + +2005-09-15 05:55 sth + + * trunk/INSTALL, trunk/src/libopensc/Makefile.mak, + trunk/src/pkcs11/Makefile.mak, + trunk/src/pkcs15init/Makefile.mak, trunk/win32/Make.rules.mak: + Win32: we now need the external libtool package + +2005-09-15 05:41 sth + + * trunk/src/libopensc/ctx.c: Fix warning on Windows compiler + +2005-09-14 09:50 ludovic.rousseau + + * trunk/doc/export-wiki.sh: use -nv instead of --non-verbose since + wget 1.10 now uses --no-verbose instead. Grr! + +2005-09-13 10:46 aj + + * trunk/doc/Makefile.am: fix ChangeLog generation. + +2005-09-13 09:42 aj + + * trunk/doc/Makefile.am: generate and ship ChangeLog and HTML. + +2005-09-13 08:13 sth + + * trunk/src/pkcs15init/Makefile.am: Added setcos.profile (thx JP + Szikora) + +2005-09-12 21:16 aj + + * trunk/doc/changelog.sh, trunk/doc/export-wiki.sh, + trunk/doc/generate-man.sh: disable network connections by + xsltproc. + +2005-09-12 21:09 nils + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/card-setcos.c, + trunk/src/libopensc/pkcs15-actalis.c, + trunk/src/libopensc/pkcs15-atrust-acos.c, + trunk/src/libopensc/pkcs15-gemsafe.c, + trunk/src/libopensc/pkcs15-infocamere.c, + trunk/src/libopensc/reader-pcsc.c: fix compiler warnings + +2005-09-12 20:13 aj + + * trunk/doc/Makefile.am, trunk/doc/changelog.sh, + trunk/doc/generate-man.sh, trunk/doc/svn2cl.xsl: more makefile + fixes for man page stuff. add ChangeLog generation using svn2cl. + +2005-09-12 17:34 aj + + * trunk/doc/Makefile.am, trunk/doc/generate-man.sh: remove html + files on "make maintainer-clean". + +2005-09-12 17:32 aj + + * trunk/man/Makefile.am: remove man files on "make + maintainer-clean". + * trunk/doc/tools/pkcs15-profile.xml, + trunk/doc/tools/pkcs15-profile.xml.in: rename *.xml.in to *.xml. + +2005-09-12 17:12 aj + + * trunk/man/Makefile.am: simplified make. + * trunk/configure.in, trunk/doc/Makefile.am, + trunk/doc/generate-man.sh, trunk/doc/src: remove doc/src, add + replacement script to render these files. + +2005-09-12 17:07 aj + + * trunk/doc/api, trunk/doc/src/api, trunk/doc/src/tools, + trunk/doc/tools: remove one unneeded sublevel. + * trunk/configure.in: don't touch pkcs15-profile.5.in. + +2005-09-12 17:06 aj + + * trunk/man/cardos-info.1, trunk/man/cryptoflex-tool.1, + trunk/man/netkey-tool.1, trunk/man/old, + trunk/man/old/cardos-info.1, trunk/man/old/cryptoflex-tool.1, + trunk/man/old/netkey-tool.1, trunk/man/old/opensc-config.1, + trunk/man/old/opensc-explorer.1, trunk/man/old/opensc-tool.1, + trunk/man/old/opensc.7, trunk/man/old/pkcs11-tool.1, + trunk/man/old/pkcs15-crypt.1, trunk/man/old/pkcs15-init.1, + trunk/man/old/pkcs15-profile.5.in, trunk/man/old/pkcs15-tool.1, + trunk/man/old/pkcs15.7, trunk/man/old/sc_connect_card.3, + trunk/man/old/sc_detect_card_presence.3, + trunk/man/old/sc_disconnect_card.3, + trunk/man/old/sc_establish_context.3, trunk/man/old/sc_file.3, + trunk/man/old/sc_file_free.3, trunk/man/old/sc_file_new.3, + trunk/man/old/sc_list_files.3, trunk/man/old/sc_lock.3, + trunk/man/old/sc_pkcs15_compute_signature.3, + trunk/man/old/sc_read_binary.3, trunk/man/old/sc_read_record.3, + trunk/man/old/sc_release_context.3, + trunk/man/old/sc_select_file.3, trunk/man/opensc-config.1, + trunk/man/opensc-explorer.1, trunk/man/opensc-tool.1, + trunk/man/opensc.7, trunk/man/pkcs11-tool.1, + trunk/man/pkcs15-crypt.1, trunk/man/pkcs15-init.1, + trunk/man/pkcs15-profile.5.in, trunk/man/pkcs15-tool.1, + trunk/man/pkcs15.7, trunk/man/sc_connect_card.3, + trunk/man/sc_detect_card_presence.3, + trunk/man/sc_disconnect_card.3, + trunk/man/sc_establish_context.3, trunk/man/sc_file.3, + trunk/man/sc_file_free.3, trunk/man/sc_file_new.3, + trunk/man/sc_list_files.3, trunk/man/sc_lock.3, + trunk/man/sc_pkcs15_compute_signature.3, + trunk/man/sc_read_binary.3, trunk/man/sc_read_record.3, + trunk/man/sc_release_context.3, trunk/man/sc_select_file.3: move + old manpages to old/. + +2005-09-12 08:32 nils + + * trunk/etc/opensc.conf.in: add gemsafe as well + +2005-09-12 06:42 nils + + * trunk/etc/opensc.conf.in: tcos not netkey + +2005-09-11 21:06 nils + + * trunk/src/libopensc/cards.h: remove superfluous comma + +2005-09-11 21:05 nils + + * trunk/src/libopensc/ui.c: more pointer madness to make the + compiler happy + +2005-09-11 20:40 nils + + * trunk/src/libopensc/ctx.c: fix function pointers + +2005-09-11 19:57 sth + + * trunk/src/pkcs11/pkcs11-spy.c: Typo fix + +2005-09-11 19:49 aj + + * trunk/configure.in: set assuan status for the summary at the end. + * trunk/ChangeLog: "NEWS" is the file for manual editing, and + doc/ChangeLog will be auto generated from the svn repository / + log. + +2005-09-11 19:48 aj + + * trunk/ANNOUNCE, trunk/AUTHORS, trunk/Makefile.am, trunk/README: + AUTHORS: now in the wiki. README: now in the wiki. people will + find the "doc/" directory, I'm sure. remove ANNONCE, as it is + always outdated. + +2005-09-09 19:51 nils + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, + trunk/src/libopensc/pkcs15-netkey.c, + trunk/src/libopensc/pkcs15-syn.c, + trunk/src/libopensc/pkcs15-tcos.c: pkcs15-netkey.c -> + pkcs15-tcos.c + +2005-09-09 19:30 nils + + * trunk/src/libopensc/pkcs15-netkey.c: update tcos pkcs15 + emulation drivers; patch supplied by Peter Koch + + +2005-09-09 14:43 aj + + * trunk/src/Makefile.mak, trunk/src/libp11/Makefile.mak, + trunk/src/pkcs11/Makefile.mak, trunk/src/tools/Makefile.mak, + trunk/win32/Make.rules.mak: use ltdl not scdl. + +2005-09-09 12:45 aj + + * trunk/configure.in: add autoconf voodoo to circumvent the + caching. + +2005-09-09 12:32 aj + + * trunk/configure.in: oops, ugly bug in configure script. set + those variables, if the user did *NOT* supply any of them + himself. + +2005-09-09 11:32 martin + + * trunk/configure.in: No ENGINE_MSG in configure.in + +2005-09-09 11:31 martin + + * trunk/etc/opensc.conf.in: RIP, scam + +2005-09-09 07:15 nils + + * trunk/src/pkcs15init/pkcs15-starcos.c: select file even if no + acl for writting is set; patch supplied by Tarasov Viktor + + +2005-09-08 17:21 aj + + * trunk/src/libopensc/Makefile.am, trunk/src/pkcs11/Makefile.am, + trunk/src/tests/Makefile.am, trunk/src/tools/Makefile.am: we use + libtool for linking, so it can calucalte the dependencies using + LTLIBLTDL better. Thanks to Ralf Wildenhues. + +2005-09-08 17:15 aj + + * trunk/src/libopensc/Makefile.am, trunk/src/pkcs11/Makefile.am, + trunk/src/pkcs15init/Makefile.am, trunk/src/scconf/Makefile.am, + trunk/src/signer/Makefile.am, trunk/src/tests/Makefile.am, + trunk/src/tools/Makefile.am: AC_SUBSTed variables are better + used with $(..). Thanks to Ralf Wildenhues. + +2005-09-08 17:06 aj + + * trunk/configure.in: fix AC_MSG_ERROR usage. thanks to Ralf + Wildenhues. + +2005-09-08 16:52 aj + + * trunk/Makefile.am, trunk/bootstrap: aclocal -I aclocal/ (as + suggested by Ralf Wildenhues) + +2005-09-08 14:27 aj + + * trunk/configure.in: proper use of CFLAGS push/pop. fix + overwriting CFLAGS. + +2005-09-08 11:35 martin + + * trunk/etc/opensc.conf.in, trunk/src/libopensc/card-mcrd.c, + trunk/src/libopensc/reader-pcsc.c, + trunk/src/pkcs11/Makefile.mak: * Get rid of reset card error + that comes from pcsc only and deal with reset situations with + SCardReconnect * Add some options to control pcsc behavior. + +2005-09-07 20:05 nils + + * trunk/src/pkcs11/Makefile.am, trunk/src/pkcs11/pkcs11-spy.c: + remove dependence on libopensc, instead use scconf directly. + Note: this code is still experimental ! + +2005-09-07 09:34 nils + + * trunk/src/pkcs11/pkcs11-session.c: fix warning + +2005-09-07 09:32 nils + + * trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/tools/pkcs15-init.c: cleanup key usage handling, + cleanup + +2005-09-07 09:20 nils + + * trunk/src/tests/Makefile.am: we need libltdl + +2005-09-07 09:05 nils + + * trunk/configure.in: fix openssl configure message + +2005-09-07 08:47 nils + + * trunk/src/libopensc/card-jcop.c: let src/libopensc/ compile with + -Wall -W -Wno-unused-parameter -Werror + +2005-09-07 08:33 nils + + * trunk/src/libopensc/card-atrust-acos.c, + trunk/src/libopensc/card-belpic.c, + trunk/src/libopensc/card-default.c, + trunk/src/libopensc/card-emv.c, + trunk/src/libopensc/card-etoken.c, + trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/card-mcrd.c, + trunk/src/libopensc/card-miocos.c, + trunk/src/libopensc/card-oberthur.c, + trunk/src/libopensc/card-openpgp.c, + trunk/src/libopensc/card-setcos.c, + trunk/src/libopensc/card-starcos.c, + trunk/src/libopensc/card-tcos.c, + trunk/src/libopensc/reader-ctapi.c, + trunk/src/libopensc/reader-pcsc.c: let src/libopensc/ compile + with -Wall -W -Wno-unused-parameter -Werror + +2005-09-06 21:18 nils + + * trunk/src/tools/pkcs15-init.c: adjust key usage bits + +2005-09-06 20:22 aj + + * trunk/src/pkcs11/Makefile.am: users of libpcs11.c also need + @LIBLTDL@ libraries. + +2005-09-06 12:40 aj + + * trunk/man/pkcs15-init.1, trunk/man/pkcs15-profile.5.in, + trunk/man/pkcs15.7: man page fixes from the debian diff. + +2005-09-05 20:44 aj + + * trunk/src/libopensc/Makefile.am, trunk/src/tools/Makefile.am: + fix compiling with ltdl. + +2005-09-05 20:15 aj + + * trunk/configure.in: fix openct detection. fix assuan detection. + improve libltdl detection code. + * trunk/aclocal/lib-ld.m4, trunk/aclocal/lib-link.m4, + trunk/aclocal/lib-prefix.m4: add macro packages used by opensc. + +2005-09-05 20:13 aj + + * trunk/aclocal/libassuan.m4, trunk/aclocal/libtool.m4: add + additional m4 macro packages used by opensc. + +2005-09-05 17:05 nils + + * trunk/src/pkcs11/libpkcs11.c: we need lt_dlinit() + +2005-09-05 11:29 martin + + * trunk/src/libopensc/reader-pcsc.c: Include reader.h if found. + +2005-09-05 06:44 ludovic.rousseau + + * trunk/doc/export-wiki.sh: make export-wiki.sh executable + +2005-09-04 09:23 nils + + * trunk/src/libopensc/card-setcos.c: yet another atr + cleanup + +2005-09-04 08:57 nils + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/internal.h: + remove unused internal function + +2005-09-02 16:53 aj + + * trunk/Makefile.am, trunk/doc/Makefile.am: one more change to + "make dist" style documentation generation. + +2005-09-02 09:51 aj + + * trunk/Makefile.am: "doc" does not work well, it is the + subdirectory name. + +2005-09-02 09:29 aj + + * trunk/Makefile.am: dist-hook: is too late, need to generate the + documentation before automake "make dist" copied files around. + +2005-09-01 20:51 aj + + * trunk/src/pkcs15init/Makefile.am, trunk/src/tools/Makefile.am: + fix compiling with openssl installed in a non-standard location. + +2005-09-01 17:18 aj + + * trunk/doc/Makefile.am, trunk/doc/old/Makefile.am: proper + documentation cleanup. + +2005-09-01 14:01 aj + + * trunk/Makefile.am, trunk/bootstrap, trunk/configure.in, + trunk/src/Makefile.am, trunk/src/include/opensc/Makefile.am, + trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/pkcs15-syn.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/reader-ctapi.c, trunk/src/libopensc/ui.c, + trunk/src/pkcs11/Makefile.am, trunk/src/pkcs11/Makefile.mak, + trunk/src/pkcs11/libpkcs11.c, trunk/src/pkcs15init/Makefile.mak, + trunk/src/pkcs15init/pkcs15-lib.c, trunk/src/signer/Makefile.am, + trunk/src/tools/Makefile.am: big configure update. use + pkg-config for openct, openssl, pcsc. do not compilke libp11. do + not compile sslengines. remove scdl. use libltdl instead. use + libassuan.m4 macro for m4 detection. + +2005-09-01 14:00 aj + + * trunk/doc/old/generate.sh, trunk/doc/trac.css: remove trac.css + from svn. add script to generate documentation (old one). + +2005-09-01 13:59 aj + + * trunk/doc/AladdinEtokenPro.html, trunk/doc/AutoVersions.html, + trunk/doc/BelgianEid.html, trunk/doc/CardOs.html, + trunk/doc/CardReaders_CTAPI.html, + trunk/doc/CardReaders_SPR532.html, + trunk/doc/CardsAndTokens.html, + trunk/doc/CompatibilityIssues.html, + trunk/doc/CompatiblityIssues.html, + trunk/doc/CryptoIdendityItsec.html, trunk/doc/Cryptoflex.html, + trunk/doc/Cyberflex.html, trunk/doc/DesignDiscussion.html, + trunk/doc/DesignDiscussion_UserInterface.html, + trunk/doc/EstonianEid.html, trunk/doc/FinnishEid.html, + trunk/doc/GemplusGpk.html, trunk/doc/GermanEid.html, + trunk/doc/ItalianEid.html, trunk/doc/ItalianPostecert.html, + trunk/doc/LinuxDistributions.html, trunk/doc/MacOsX.html, + trunk/doc/Makefile.am, trunk/doc/MartinBlog.html, + trunk/doc/MartinBlogMuscle.html, + trunk/doc/MartinBlogPlatform.html, trunk/doc/OpenPgp.html, + trunk/doc/OpenSsh.html, trunk/doc/OpensslEngines.html, + trunk/doc/PinpadReaders.html, trunk/doc/PuTTYcard.html, + trunk/doc/RainbowIkeyThree.html, + trunk/doc/RecentTestresults.html, trunk/doc/ReleaseHowto.html, + trunk/doc/ReplacingCertificates.html, trunk/doc/RoadMap.html, + trunk/doc/SchlumbergerEgate.html, + trunk/doc/SmartCardApplications.html, trunk/doc/SpanishEid.html, + trunk/doc/SubversionRepository.html, + trunk/doc/SupportedHardware.html, trunk/doc/SwedishEid.html, + trunk/doc/TaiwanEid.html, trunk/doc/TelseCos.html, + trunk/doc/TroubleShooting.html, trunk/doc/WindowsCsp.html, + trunk/doc/export-wiki.sh, trunk/doc/index.html, + trunk/doc/old/Makefile.am, trunk/doc/old/opensc-es.html, + trunk/doc/old/opensc.html, trunk/doc/pkcs11_keypair_gen.html: + big documentation update. remove html from svn. + +2005-08-29 20:48 sth + + * trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15.profile, + trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h: + The lastUpdate field is in the EF(TokenInfo), not in the ODF + (thx Nils) + +2005-08-29 12:49 sth + + * trunk/src/pkcs11/pkcs11-display.c: Added Netscape/Mozilla + specific types etc. + +2005-08-28 20:18 aj + + * trunk/configure.in, trunk/src/Makefile.am, + trunk/src/Makefile.mak, trunk/win32/Make.rules.mak: stop + building libp11 and the ssl engines. + +2005-08-26 19:35 sth + + * trunk/src/pkcs15init/pkcs15-setcos.c: Fix in new_file(): if + there's already a key with such ID, take next one + +2005-08-26 19:33 sth + + * trunk/src/libopensc/card-setcos.c: Return the real pinref + +2005-08-24 16:18 nils + + * trunk/src/tools/eidenv.c: fix compiler warning + +2005-08-24 16:11 sth + + * trunk/src/pkcs15init/setcos.profile: Improved ACs + +2005-08-24 15:59 nils + + * trunk/src/tools/pkcs15-init.c: add missing include, removed + unused variable and initialize variable + +2005-08-24 15:54 nils + + * trunk/src/libopensc/pkcs15.c: decode preferredLanguage field if + present + +2005-08-24 14:25 ludovic.rousseau + + * trunk/src/libp11/libp11-int.h, trunk/src/libp11/libp11.h: move + PKCS11_open_session() from libp11-int.h to libp11.h + +2005-08-24 09:50 sth + + * trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15.profile, + trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h: + Have the option not to update the ODF (the lastUpdate field), + this is usefull for cards that don't have an ODF that is + un-writable or too small + +2005-08-24 08:00 nils + + * trunk/src/libopensc/asn1.c: de-/encode printable strings as well + +2005-08-23 21:16 nils + + * trunk/src/libopensc/card-gpk.c: cleanup + +2005-08-23 09:01 sth + + * trunk/src/tools/pkcs15-init.c: Added set_userpin_ref() to link a + PIN value to a PIN ref for an existing user PIN + +2005-08-22 12:53 sth + + * trunk/ChangeLog: Add support for SetCOS 4.4.1 card. Add support + for deleting pkcs15 objects. + +2005-08-22 09:37 nils + + * trunk/src/pkcs15init/pkcs15-lib.c: mark card/profile as dirty + when an object has been deleted + * trunk/src/libopensc/cardctl.h: avoid warning + +2005-08-22 09:23 sth + + * trunk/src/tools/pkcs15-init.c: Added support for deleting pkcs15 + objects (if the pkcs15init card driver for that card supports it) + +2005-08-22 09:22 nils + + * trunk/src/libopensc/card.c, trunk/src/libopensc/internal.h: fix + parameter type + +2005-08-22 09:20 sth + + * trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-etoken.c, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-jcop.c, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-miocos.c, + trunk/src/pkcs15init/pkcs15-oberthur.c, + trunk/src/pkcs15init/pkcs15-setcos.c, + trunk/src/pkcs15init/pkcs15-starcos.c: Added support for + deleting pkcs15 objects, each card driver should implement its + delete_object() operation in order to support it + +2005-08-22 09:17 nils + + * trunk/src/libopensc/card-oberthur.c: add support for serial + number in card-oberthur.c; supplied by Tarasov Viktor + + +2005-08-22 09:15 nils + + * trunk/src/libopensc/reader-pcsc.c: add missing variable + +2005-08-21 18:44 martin + + * trunk/src/libopensc/card.c, trunk/src/libopensc/internal.h, + trunk/src/libopensc/reader-pcsc.c: Make the pcsc pinpad option + work. + +2005-08-21 18:39 martin + + * trunk/src/pkcs11/framework-pkcs15.c: Don't cache pins that + protect a userconsent slot. + +2005-08-20 13:39 nils + + * trunk/src/libopensc/iso7816.c: use compile time initialization + for the iso_ops structure + +2005-08-20 11:06 nils + + * trunk/src/libopensc/pkcs15-netkey.c: use non-repudiation flag + only for the signature key + +2005-08-19 17:56 nils + + * trunk/src/libopensc/card-jcop.c, trunk/src/libopensc/pkcs15.c, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-oberthur.c, + trunk/src/pkcs15init/profile.c: check result of sc_file_dup + + some cleanup + +2005-08-19 06:39 nils + + * trunk/src/libopensc/sc.c: sc_file_dup(): copy attributes as + well, use explicit assignement and check return values + +2005-08-18 22:43 nils + + * trunk/src/libopensc/sc.c: use calloc instead of malloc + memset + +2005-08-18 21:14 sth + + * trunk/src/pkcs15init/pkcs15-lib.c: Fix: object type contains not + only the class + +2005-08-18 14:01 sth + + * trunk/src/libopensc/card-belpic.c, + trunk/src/libopensc/pkcs15-sec.c: Undo-ing accidential commit of + card-belpic.c and pkcs15-sec.c + +2005-08-18 13:55 sth + + * trunk/src/libopensc/card-belpic.c, + trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c: + The lengths of the ASN.1 entries are used outside the if blocks + -> declare them outside the blocks + +2005-08-18 08:39 ludovic.rousseau + + * trunk/src/libp11/libp11.h: use _LIB11_H instead of _LIB11_INT_H + +2005-08-18 07:06 ludovic.rousseau + + * trunk/src/libp11/p11_load.c: PKCS11_CTX_unload(): do not call + ERR_free_strings() and ERR_remove_state() since OpenSSL strings + may be used by the application and we can't know + +2005-08-16 21:35 nils + + * trunk/src/libopensc/card-tcos.c: add support for signature + generation with a decryption key; patch supplied by Peter Koch + + +2005-08-16 12:10 nils + + * trunk/src/libp11/libp11.h: use ERR_LIB_USER instead of 42 + +2005-08-16 11:05 ludovic.rousseau + + * trunk/src/libp11/libp11.h, trunk/src/libp11/p11_err.c, + trunk/src/libp11/p11_slot.c: add PKCS11_change_pin() function + +2005-08-16 10:58 nils + + * trunk/src/sslengines/engine_pkcs11.c: summary: - do not use key + enumeration as a test of login status, as this will not work for + all PKCS#11 libraries - replace magic number used for PIN length + with a constant - add documentation for set_pin, as well as + testing for NULL input and checking for strdup failure - made + the global variable 'pin' static (TODO check if other global + variables can be declared static) - if a PIN is allocated, then + check for NULL - if a PIN is to be freed, then whiten the memory + first - if the token has a secure authentication path, then the + PIN shoud be NULL (as per PKCS#11 v2, p. 126) - replaced some + fprintf statements with 'fail' (TODO all fprintf calls should be + replaced with log functions) Patch supplied by Geoff Elgey + + +2005-08-14 22:33 nils + + * trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-etoken.c, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-jcop.c, + trunk/src/pkcs15init/pkcs15-miocos.c, + trunk/src/pkcs15init/pkcs15-oberthur.c, + trunk/src/pkcs15init/pkcs15-setcos.c, + trunk/src/pkcs15init/pkcs15-starcos.c: make old compilers happy + +2005-08-14 22:00 nils + + * trunk/src/libopensc/card-oberthur.c: fix typo + +2005-08-13 13:26 martin + + * trunk/etc/opensc.conf.in, trunk/src/libopensc/reader-pcsc.c: * + Clean up some whitespace * class2->part10 * Make pinpad + detection a configurable option + +2005-08-13 13:14 martin + + * trunk/configure.in: Add a check for reader.h + +2005-08-13 13:10 martin + + * trunk/Makefile.am, trunk/PAM_README, trunk/solaris/proto: * + Remove PAM_README as it is not valid any more * Remove dead + files from Solaris package script + +2005-08-13 13:04 martin + + * trunk/etc/opensc.conf.in, trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: + Remove the (stupid) use_pinpad option from pkcs15 structures + +2005-08-11 19:14 nils + + * trunk/src/libopensc/card-oberthur.c, + trunk/src/pkcs15init/oberthur.profile: two small fixes from + Tarasov Viktor + +2005-08-10 21:31 nils + + * trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-etoken.c, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-jcop.c, + trunk/src/pkcs15init/pkcs15-miocos.c, + trunk/src/pkcs15init/pkcs15-oberthur.c, + trunk/src/pkcs15init/pkcs15-starcos.c: initialize + sc_pkcs15init_operations at compile time + +2005-08-10 21:00 nils + + * trunk/src/libopensc/asn1.c: set obj to NULL to avoid double free + in case of an error + +2005-08-10 19:04 nils + + * trunk/configure.in, trunk/src/tools/pkcs15-tool.c: use + inttypes.h instead of stdint.h; disable read_ssh_key when no + uint32_t is available + +2005-08-10 18:20 nils + + * trunk/src/tools/pkcs15-init.c: initialize the oid object, patch + supplied by Tarasov Viktor + +2005-08-09 21:27 nils + + * trunk/src/pkcs11/debug.c, trunk/src/tools/pkcs15-tool.c: include + sys/types.h if stdint.h doesn't exist + fix typo + +2005-08-09 21:13 nils + + * trunk/configure.in: check for stdint.h and remove checks for pam + stuff + +2005-08-09 18:21 nils + + * trunk/src/tools/opensc-explorer.c: allow up to 64 byte long pins + +2005-08-09 11:51 ludovic.rousseau + + * trunk/src/libp11/libp11.h, trunk/src/libp11/p11_slot.c: + PKCS11_login(), PKCS11_init_token(), PKCS11_init_pin(): use + "const char *" instead of "char *" for pin arguments + +2005-08-09 11:48 ludovic.rousseau + + * trunk/src/libp11/p11_misc.c: pkcs11_strdup(): use "return NULL;" + instead of just "NULL;" + +2005-08-09 07:53 nils + + * trunk/src/libopensc/card-oberthur.c, + trunk/src/pkcs15init/pkcs15-oberthur.c: oberthur updates from + Tarasov Viktor + +2005-08-08 14:25 sth + + * trunk/src/tools/eidenv.c: One of the memset()s appears to write + too much zeros on some systems -> put all the data in a struct + and memset() this instead of each field separately. Thx to JP + Szikora for notifying. + +2005-08-08 10:22 nils + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/asn1.h, + trunk/src/libopensc/card-atrust-acos.c, + trunk/src/libopensc/card-starcos.c, + trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/pkcs15-postecert.c, + trunk/src/libopensc/pkcs15-syn.c, + trunk/src/pkcs15init/pkcs15-starcos.c: cleanup, mostly + signed/unsigned issues + +2005-08-05 19:07 nils + + * trunk/ChangeLog, trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-setcos.c, + trunk/src/pkcs15init/pkcs15-starcos.c, + trunk/src/pkcs15init/profile.h: Add support for the lastUpdate + field to pkcs15init. Add flag to indicate whether some data has + been changed to the profile structure and set the flag in the + functions which change the card contents. + +2005-08-05 17:18 nils + + * trunk/src/libopensc/card-atrust-acos.c, + trunk/src/libopensc/card-etoken.c, + trunk/src/libopensc/card-starcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/internal.h, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/opensc.h: the apdu error codes are unsigned + => change sc_check_sw and the card ops check_sw + +2005-08-05 16:24 nils + + * trunk/ChangeLog, trunk/src/libopensc/pkcs15-cache.c, + trunk/src/libopensc/pkcs15-syn.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/pkcs15.h: - Initial support for + TokenUpdate;;lastUpdate field. Change pkcs15 caching code to use + the card serial number and lastUpdate field (if present) to + specify the cache file. - consistently use unsigned data types + to specify object types - make sc_pkcs15emu_get_df a local + function (it's not used outside pkcs15-syn.c and honestly I see + no reason to export it). - start of a new ChangeLog file (with + some intial entries) + +2005-08-05 15:03 nils + + * trunk/src/libopensc/pkcs15-atrust-acos.c, + trunk/src/libopensc/pkcs15-gemsafe.c, + trunk/src/libopensc/pkcs15-netkey.c, + trunk/src/libopensc/pkcs15-starcert.c: more cleanup + +2005-08-05 07:28 nils + + * trunk/src/libopensc/asn1.c: improve generalizedTime support + + more cleanup + +2005-08-05 07:24 nils + + * trunk/src/libopensc/dir.c, trunk/src/libopensc/pkcs15-algo.c, + trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-data.c, + trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-pubkey.c, + trunk/src/libopensc/pkcs15-wrap.c: properly initialize + sc_asn1_entry elements + some cleanup + +2005-08-04 06:29 sth + + * trunk/src/libopensc/pkcs15.h: Reverse the export of function + parse_x509_cert() + +2005-08-03 18:43 nils + + * trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc.c: change + sc_bin_to_hex separator parameter from char to int as character + constants are integers in c + +2005-08-03 18:29 nils + + * trunk/src/libopensc/card-belpic.c, + trunk/src/libopensc/pkcs15-gemsafe.c, + trunk/src/libopensc/pkcs15-openpgp.c: cleanup + +2005-08-03 11:33 sth + + * trunk/src/tools/eidenv.c: More typo fixes, from JP Zikora + +2005-08-03 09:07 sth + + * trunk/src/libopensc/pkcs15-cert.c, trunk/src/libopensc/pkcs15.h: + Export function parse_x509_cert() + +2005-08-03 09:05 sth + + * trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: + Allow to seach a data object by it's application OID + +2005-08-03 09:00 sth + + * trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc.c: Added + function sc_compare_oid() + +2005-08-02 21:13 nils + + * trunk/src/libopensc/base64.c, trunk/src/libopensc/card-belpic.c, + trunk/src/libopensc/card-etoken.c, + trunk/src/libopensc/iso7816.c: cleanup + +2005-08-02 20:48 sth + + * trunk/src/tools/eidenv.c: Typo fix + +2005-08-01 08:59 nils + + * trunk/src/libp11/p11_misc.c: check malloc return value + +2005-07-29 21:21 sth + + * trunk/src/tools/eidenv.c: Added support for the Belgian EID card + (shows the contents of the ID and Address files) + +2005-07-29 21:15 sth + + * trunk/src/tools/Makefile.mak: Add eidenv.exe tool + +2005-07-29 21:14 sth + + * trunk/src/tools/eidenv.c: Now compiles on Win32 + +2005-07-29 14:38 mb + + * trunk/src/tests/print.c: Fixed a warning (comparison between + signed and unsigned). + +2005-07-24 14:06 nils + + * trunk/etc/opensc.conf.in, trunk/src/pkcs11/framework-pkcs15.c: + apply Stef's patch which puts all public objects in first slot + if only one pin is present (and hide_empty_tokens is true) + +2005-07-21 21:05 aj + + * trunk/src/pkcs11/framework-pkcs15.c: fix compiling without + openssl. + +2005-07-20 18:19 nils + + * trunk/src/libopensc/reader-openct.c, + trunk/src/pkcs15init/pkcs15-cflex.c: fix memory leak; patch + supplied by Imanishi Masayuki + +2005-07-20 17:58 nils + + * trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/tools/pkcs15-init.c: fix use of x509v3 key usage + extension value + +2005-07-20 00:47 bert + + * trunk/opensc: oops, how did I create that... + +2005-07-20 00:43 bert + + * trunk/doc/src/tools, trunk/doc/src/tools/cardos-info.xml, + trunk/doc/src/tools/cryptoflex-tool.xml, + trunk/doc/src/tools/opensc-config.xml, + trunk/doc/src/tools/opensc-explorer.xml, + trunk/doc/src/tools/opensc-tool.xml, + trunk/doc/src/tools/pkcs11-tool.xml, + trunk/doc/src/tools/pkcs15-crypt.xml, + trunk/doc/src/tools/pkcs15-init.xml, + trunk/doc/src/tools/pkcs15-profile.xml.in, + trunk/doc/src/tools/pkcs15-tool.xml, + trunk/doc/src/tools/tools.xml: added docbook XML source for + tools manpages + +2005-07-19 23:28 bert + + * trunk/opensc: Initial import. + +2005-07-19 21:03 aj + + * trunk/src/libopensc/card-etoken.c: sorry, not compatible :( + +2005-07-19 11:57 nils + + * trunk/src/libp11/p11_load.c: free error strings on when + destroying context + +2005-07-19 11:20 sth + + * trunk/src/libp11/p11_key.c, + trunk/src/sslengines/engine_pkcs11.c: #ifndef strncasecmp + doesn't work because strncasecmp is no macro (thx Nils) + +2005-07-18 22:33 aj + + * trunk/src/libopensc/card-etoken.c: add new atr. + +2005-07-18 21:30 nils + + * trunk/src/libopensc/card-starcos.c: only copy resp if the + operation was successful + +2005-07-18 20:20 nils + + * trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/openssl.c, + trunk/src/pkcs11/pkcs11-object.c, trunk/src/pkcs11/sc-pkcs11.h: + don't use software prng + +2005-07-18 12:20 sth + + * trunk/src/tools/pkcs15-tool.c: Added #ifdef HAVE_OPENSSL for + read_ssh_key() + +2005-07-18 12:13 sth + + * trunk/src/Makefile.mak, trunk/win32/Make.rules.mak: Don't build + libp11 if we don't have OpenSSL support + +2005-07-18 12:12 sth + + * trunk/win32/Make.rules.mak: Get include files also from + include\opensc, this is a temporary fix so the compiler finds + the rsaref/ dir when reaching '#include ' in + libp11-int.h + +2005-07-18 11:56 sth + + * trunk/src/sslengines/Makefile.mak: Changes in .obj and .lib + files now we have the new libp11 + +2005-07-18 11:54 sth + + * trunk/src/sslengines/engine_pkcs11.c: No strncasecmp() on Windows + +2005-07-18 11:53 sth + + * trunk/src/libp11/Makefile.mak: Install libp11.h + small fixes + +2005-07-18 11:51 sth + + * trunk/src/libp11/p11_key.c: No strncasecmp() on Windows + +2005-07-18 09:15 aj + + * trunk/src/libp11/p11_slot.c: open a session if there is none. + +2005-07-18 07:26 nils + + * trunk/src/libopensc/card-starcos.c: starcos has a GET CHALLENGE + command ... useless flag + +2005-07-17 21:19 aj + + * trunk/src/libp11/libp11.h, trunk/src/libp11/p11_slot.c: add + functions to access smart card as random number generator. + +2005-07-17 20:40 aj + + * trunk/configure.in: fix scconf linking. + +2005-07-17 20:31 aj + + * trunk/src/libopensc/Makefile.am: oops, ldap/scam is no more. + +2005-07-17 20:27 aj + + * trunk/doc/Makefile, trunk/doc/src/Makefile.am: fix two small + makefile gliches. + +2005-07-17 20:23 aj + + * trunk/configure.in, trunk/etc/Makefile.am, + trunk/etc/scldap.conf.in, trunk/src/libopensc/libscam.pc.in, + trunk/src/libopensc/libscldap.pc.in: remove scldap.conf, and + pkg-config files for libscldap and libscam. + +2005-07-17 20:19 aj + + * trunk/src/include/opensc/Makefile.am: remove ldap/random related + makefile commands. + +2005-07-17 20:18 aj + + * trunk/src/include/opensc/Makefile.am, + trunk/src/pkcs11/Makefile.am, trunk/src/pkcs11/Makefile.mak, + trunk/src/pkcs11/openssl.c, trunk/src/pkcs11/pkcs11-object.c: + remove code dealing with random numbers for now. + +2005-07-17 20:11 aj + + * trunk/configure.in: remove random/prng related code from + configure.in + +2005-07-17 20:10 aj + + * trunk/configure.in, trunk/src/Makefile.am, + trunk/src/Makefile.mak, trunk/src/scrandom: remove scrandom + code. We will implement proper code to get random data from the + card itself. + +2005-07-17 20:09 aj + + * trunk/configure.in: remove pam/ldap/sia specific code from + configure.in + +2005-07-17 20:08 aj + + * trunk/configure.in, trunk/src/Makefile.am, trunk/src/pam, + trunk/src/scam, trunk/src/scldap, trunk/src/sia: pam module + obsoleted by pam_pkcs11 and pam_p11. + +2005-07-17 20:06 aj + + * trunk/man/Makefile.am: add Makefile for man/ directory. + +2005-07-17 19:59 aj + + * trunk/Makefile.am, trunk/configure.in, trunk/doc/Makefile.am, + trunk/doc/old/Makefile.am, trunk/doc/src/Makefile.am: additionl + cleanup from doc / docs merge. New include api documentation + (xml files at least). Not yet installed. + +2005-07-17 19:50 aj + + * trunk/doc/AladdinEtokenPro.html, trunk/doc/AutoVersions.html, + trunk/doc/BelgianEid.html, trunk/doc/CardOs.html, + trunk/doc/CardReaders_CTAPI.html, + trunk/doc/CardReaders_SPR532.html, + trunk/doc/CardsAndTokens.html, + trunk/doc/CompatibilityIssues.html, + trunk/doc/CompatiblityIssues.html, + trunk/doc/CryptoIdendityItsec.html, trunk/doc/Cryptoflex.html, + trunk/doc/Cyberflex.html, trunk/doc/DesignDiscussion.html, + trunk/doc/DesignDiscussion_UserInterface.html, + trunk/doc/EstonianEid.html, trunk/doc/FinnishEid.html, + trunk/doc/GemplusGpk.html, trunk/doc/GermanEid.html, + trunk/doc/ItalianEid.html, trunk/doc/ItalianPostecert.html, + trunk/doc/LinuxDistributions.html, trunk/doc/MacOsX.html, + trunk/doc/Makefile.am, trunk/doc/MartinBlog.html, + trunk/doc/MartinBlogMuscle.html, + trunk/doc/MartinBlogPlatform.html, trunk/doc/OpenPgp.html, + trunk/doc/OpenSsh.html, trunk/doc/OpensslEngines.html, + trunk/doc/PinpadReaders.html, trunk/doc/PuTTYcard.html, + trunk/doc/README, trunk/doc/RainbowIkeyThree.html, + trunk/doc/RecentTestresults.html, trunk/doc/ReleaseHowto.html, + trunk/doc/ReplacingCertificates.html, trunk/doc/RoadMap.html, + trunk/doc/SchlumbergerEgate.html, + trunk/doc/SmartCardApplications.html, trunk/doc/SpanishEid.html, + trunk/doc/SubversionRepository.html, + trunk/doc/SupportedHardware.html, trunk/doc/SwedishEid.html, + trunk/doc/TaiwanEid.html, trunk/doc/TelseCos.html, + trunk/doc/TroubleShooting.html, trunk/doc/WindowsCsp.html, + trunk/doc/export-wiki.sh, trunk/doc/export-wiki.xsl, + trunk/doc/index.html, trunk/doc/pkcs11_keypair_gen.html, + trunk/doc/trac.css: Add wiki snapshot. + +2005-07-17 19:49 aj + + * trunk/doc/old, trunk/docs: move docs/ to do/. mark it "old" + (plan is to use the wiki). + +2005-07-17 19:19 aj + + * trunk/Makefile.am, trunk/configure.in, trunk/docs/cardos-info.1, + trunk/docs/cryptoflex-tool.1, trunk/docs/netkey-tool.1, + trunk/docs/opensc-config.1, trunk/docs/opensc-explorer.1, + trunk/docs/opensc-tool.1, trunk/docs/opensc.7, + trunk/docs/pkcs11-tool.1, trunk/docs/pkcs15-crypt.1, + trunk/docs/pkcs15-init.1, trunk/docs/pkcs15-profile.5.in, + trunk/docs/pkcs15-tool.1, trunk/docs/pkcs15.7, + trunk/docs/sc_connect_card.3, + trunk/docs/sc_detect_card_presence.3, + trunk/docs/sc_disconnect_card.3, + trunk/docs/sc_establish_context.3, trunk/docs/sc_file.3, + trunk/docs/sc_file_free.3, trunk/docs/sc_file_new.3, + trunk/docs/sc_list_files.3, trunk/docs/sc_lock.3, + trunk/docs/sc_pkcs15_compute_signature.3, + trunk/docs/sc_read_binary.3, trunk/docs/sc_read_record.3, + trunk/docs/sc_release_context.3, trunk/docs/sc_select_file.3, + trunk/man, trunk/man/cardos-info.1, trunk/man/cryptoflex-tool.1, + trunk/man/netkey-tool.1, trunk/man/opensc-config.1, + trunk/man/opensc-explorer.1, trunk/man/opensc-tool.1, + trunk/man/opensc.7, trunk/man/pkcs11-tool.1, + trunk/man/pkcs15-crypt.1, trunk/man/pkcs15-init.1, + trunk/man/pkcs15-profile.5.in, trunk/man/pkcs15-tool.1, + trunk/man/pkcs15.7, trunk/man/sc_connect_card.3, + trunk/man/sc_detect_card_presence.3, + trunk/man/sc_disconnect_card.3, + trunk/man/sc_establish_context.3, trunk/man/sc_file.3, + trunk/man/sc_file_free.3, trunk/man/sc_file_new.3, + trunk/man/sc_list_files.3, trunk/man/sc_lock.3, + trunk/man/sc_pkcs15_compute_signature.3, + trunk/man/sc_read_binary.3, trunk/man/sc_read_record.3, + trunk/man/sc_release_context.3, trunk/man/sc_select_file.3: move + man pages to man/ directory. + +2005-07-17 09:39 aj + + * trunk/src/libp11/p11_key.c: fail() returned NULL, windows need + return 0; + +2005-07-15 13:37 sth + + * trunk/src/tools/pkcs11-tool.c: If we want to test signing, first + see if the key can do this + +2005-07-15 13:32 sth + + * trunk/src/pkcs15init/pkcs15-lib.c: Cast correctly + +2005-07-14 10:38 aj + + * trunk/src/libp11/libp11-int.h, trunk/src/libp11/libp11.h, + trunk/src/libp11/p11_key.c: cert to key is even more interesting + than key to cert. + +2005-07-13 17:11 aj + + * trunk/src/libp11/p11_load.c: Unload twice causes segfault. + +2005-07-13 17:10 aj + + * trunk/src/libp11/libp11-int.h, trunk/src/libp11/libp11.h, + trunk/src/libp11/p11_ops.c, trunk/src/libp11/p11_rsa.c: make the + sign/encrypt/decrypt opterations public. + +2005-07-13 13:50 aj + + * trunk/src/sslengines/engine_pkcs11.c: first step to eleminate + libpkcs11. + +2005-07-13 13:48 aj + + * trunk/src/libp11/Makefile.am, trunk/src/libp11/libp11-int.h, + trunk/src/libp11/libp11.h, trunk/src/libp11/p11_rsa.c: commit + latest code, improve include file split, first steps towards + eleminating libpkcs11. + +2005-07-13 11:47 aj + + * trunk/src/libp11/libp11-int.h: add new internal header file. + +2005-07-13 11:41 aj + + * trunk/src/libp11/Makefile.am, trunk/src/libp11/libp11.h, + trunk/src/libp11/p11_attr.c, trunk/src/libp11/p11_cert.c, + trunk/src/libp11/p11_err.c, trunk/src/libp11/p11_key.c, + trunk/src/libp11/p11_load.c, trunk/src/libp11/p11_misc.c, + trunk/src/libp11/p11_ops.c, trunk/src/libp11/p11_rsa.c, + trunk/src/libp11/p11_slot.c: split libp11.h in an internal and a + public part. add p11_ops.c and other code by kevin stefanik. + +2005-07-13 10:24 aj + + * trunk/src/libp11/Makefile.am: install header file, fix linking. + +2005-07-13 08:25 sth + + * trunk/src/libp11/libp11.h: Increased the ID length + +2005-07-12 21:03 nils + + * trunk/src/libopensc/dir.c: interpret rec_nr == 0 as a request to + create a new record, fix for bug report #21 + +2005-07-11 21:31 nils + + * trunk/src/libopensc/card.c: in case of T0 the Le value is + omitted for case 4 APDUs; patch supplied by + richard.musil@bigfoot.com + +2005-07-11 21:28 nils + + * trunk/src/libopensc/iso7816.c, trunk/src/pkcs15init/profile.c: + fix file descriptor byte and ef_structure type; patch supplied + by richard.musil@bigfoot.com + +2005-07-11 08:26 aj + + * trunk/src/sslengines/Makefile.am: remove reference to no longer + existing file pkcs11-internal.h + +2005-07-10 20:32 aj + + * trunk/src/libp11/Makefile.am: fix compiling and distribution + package. + +2005-07-10 18:40 aj + + * trunk/src/sslengines/Makefile.am, + trunk/src/sslengines/engine_pkcs11.c, + trunk/src/sslengines/hw_pkcs11.c: use new libp11.h header from + libp11. + +2005-07-10 18:38 aj + + * trunk/src/libp11/p11_attr.c, trunk/src/libp11/p11_cert.c, + trunk/src/libp11/p11_err.c, trunk/src/libp11/p11_key.c, + trunk/src/libp11/p11_load.c, trunk/src/libp11/p11_misc.c, + trunk/src/libp11/p11_rsa.c, trunk/src/libp11/p11_slot.c: use new + name in include syntax. + +2005-07-10 18:37 aj + + * trunk/configure.in, trunk/src/libp11/Makefile.am, + trunk/src/libp11/libp11.pc.in: enable libp11.pc pkg-config file. + +2005-07-10 18:36 aj + + * trunk/src/libp11/libp11.h, + trunk/src/sslengines/pkcs11-internal.h: move and rename + pkcs11-internal.h to libp11.h + +2005-07-10 17:03 aj + + * trunk/src/libp11/Makefile.am, trunk/src/libp11/Makefile.mak: add + Makefiles for libp11 + * trunk/src/pkcs11/Makefile.am: do not install libpkcs11 as shared + library. + +2005-07-10 17:01 aj + + * trunk/src/Makefile.am, trunk/src/Makefile.mak, trunk/src/libp11, + trunk/src/libp11/p11_attr.c, trunk/src/libp11/p11_cert.c, + trunk/src/libp11/p11_err.c, trunk/src/libp11/p11_key.c, + trunk/src/libp11/p11_load.c, trunk/src/libp11/p11_misc.c, + trunk/src/libp11/p11_rsa.c, trunk/src/libp11/p11_slot.c, + trunk/src/sslengines/Makefile.am, + trunk/src/sslengines/p11_attr.c, + trunk/src/sslengines/p11_cert.c, trunk/src/sslengines/p11_err.c, + trunk/src/sslengines/p11_key.c, trunk/src/sslengines/p11_load.c, + trunk/src/sslengines/p11_misc.c, trunk/src/sslengines/p11_rsa.c, + trunk/src/sslengines/p11_slot.c: move p11_* into a new library. + +2005-07-08 21:16 nils + + * trunk/src/pkcs11/pkcs11-display.c, + trunk/src/pkcs11/rsaref/pkcs11t.h: enhance attribute support; + patch supplied by supplied by Marc Bevand + +2005-07-08 21:04 nils + + * trunk/src/pkcs11/pkcs11-spy.c: fix check of the return value in + C_GetAttributeValue; supplied by Marc Bevand + +2005-07-06 12:59 sth + + * trunk/src/tools/pkcs11-tool.c: Oops, shouldn't have changed the + serial number size in x509cert_info to 256 + +2005-07-06 12:23 sth + + * trunk/src/tools/pkcs15-tool.c: No uint32_t type in MS VS + +2005-07-05 17:45 sth + + * trunk/src/pkcs15init/pkcs15-lib.c: Don't ignore the + profile_option -- remark from Victor Tarasov + +2005-07-05 17:43 sth + + * trunk/src/tools/pkcs15-init.c: Print an error if + sc_pkcs15init_bind() fails + +2005-07-05 15:27 sth + + * trunk/src/tools/pkcs11-tool.c: Increased sizes in rsakey_info + struct + +2005-07-05 15:22 sth + + * trunk/src/pkcs15init/setcos.profile: Typo fix + * trunk/src/libopensc/card-setcos.c: SetCOS 4.4.1 supports keypair + generation, keysizes of 512, 768 and 1024 are fine + +2005-07-05 13:34 sth + + * trunk/src/sslengines/p11_rsa.c: Macro cleanup, patch received + some time ago but appearently not committed + +2005-07-01 22:37 nils + + * trunk/src/pkcs15init/pkcs15-etoken.c: remove unnecessary include + +2005-07-01 08:40 nils + + * trunk/etc/opensc.conf.in: remove duplicate entry + +2005-07-01 08:26 nils + + * trunk/etc/opensc.conf.in, trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, + trunk/src/libopensc/card-atrust-acos.c, + trunk/src/libopensc/ctx.c, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15-atrust-acos.c, + trunk/src/libopensc/pkcs15-syn.c: add initial support for atrust + acos cards; patch supplied by Franz Brandl + +2005-07-01 07:17 nils + + * trunk/src/pkcs15init/pkcs15-etoken.c: remove unused variable + +2005-07-01 06:27 nils + + * trunk/src/libopensc/card-etoken.c, + trunk/src/libopensc/cardctl.h, + trunk/src/pkcs15init/pkcs15-etoken.c: GIVE RANDOM is for sm, so + remove it from the etoken key generation code + +2005-06-29 11:32 martin + + * trunk/src/libopensc/pkcs15-esteid.c: Make the names fit in + pkcs11 limits + +2005-06-28 21:16 aj + + * trunk/src/tools/pkcs15-tool.c: oops, missed a #endif. + +2005-06-28 20:33 aj + + * trunk/src/tools/pkcs15-tool.c: use uint32_t, it is a c++ stdtype + and should work on all plattforms. + +2005-06-28 13:50 sth + + * trunk/src/tools/pkcs15-tool.c: Use uint32_t on Mac + +2005-06-28 04:09 aj + + * trunk/src/openssh/ask-for-pin.diff: rediffed against openssh + 4.1p1 + +2005-06-27 21:49 aj + + * trunk/src/openscd: openscd code hasn't been used by anyone in + years. + +2005-06-27 13:52 martin + + * trunk/src/pkcs11/framework-pkcs15.c: Annoying typo + +2005-06-27 13:51 martin + + * trunk/src/libopensc/card-mcrd.c: Adjust function name to reflect + documented functionality + +2005-06-27 11:51 sth + + * trunk/src/tools/pkcs15-tool.c: No asm/types.h on MacOSX either + +2005-06-27 11:47 aj + + * trunk/src/tests/regression/test.p12: add working file. + * trunk/src/tests/regression/test.p12: remove broken file. + +2005-06-27 10:08 martin + + * trunk/src/libopensc/reader-pcsc.c: Log in hex format of course... + +2005-06-22 10:32 sth + + * trunk/src/tools/pkcs15-tool.c: Windows: no _uu32 in MS VS + +2005-06-17 19:34 aj + + * trunk/docs/opensc.xml: add comment about usb crypto tokens. + +2005-06-17 15:47 sth + + * trunk/src/libopensc/reader-pcsc.c: Fix: if a card is inserted, + the SC_SLOT_CARD_CHANGED flag must be set + +2005-06-16 20:15 aj + + * trunk/src/sslengines/Makefile.am: small makefile fix. + +2005-06-16 19:39 aj + + * trunk/src/tools/pkcs15-tool.c: make it compile without openssl. + +2005-06-16 19:35 aj + + * trunk/QUICKSTART, trunk/doc/src/api/card/sc_card_ctl.xml, + trunk/doc/src/api/card/sc_wait_for_event.xml, + trunk/doc/src/api/file/sc_delete_record.xml, + trunk/doc/src/api/init/sc_connect_card.xml, + trunk/doc/src/api/init/sc_detect_card_presence.xml, + trunk/doc/src/api/init/sc_disconnect_card.xml, + trunk/doc/src/api/init/sc_set_card_driver.xml, + trunk/doc/src/api/types/sc_app_info_t.xml, + trunk/src/libopensc/card.c, trunk/src/libopensc/ctbcs.h, + trunk/src/libopensc/errors.c, + trunk/src/openssh/ask-for-pin.diff, + trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/sc-pkcs11.h, + trunk/src/pkcs11/slot.c, trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/signer/opensc-crypto.c, trunk/src/signer/signer.c, + trunk/src/sslengines/engine_opensc.c, + trunk/src/tools/opensc-explorer.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-crypt.c, + trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-tool.c: + "smart card" not "smartcard" or "SmartCard". + +2005-06-16 19:28 aj + + * trunk/docs/netkey-tool.1, trunk/docs/opensc-es.html, + trunk/docs/opensc.html, trunk/docs/opensc.xml: "smart card" not + smartcard or SmartCards. + +2005-06-16 18:13 aj + + * trunk/aclocal/pkg.m4: update to current version of pkg.m4 from + pkg-config. + +2005-06-15 08:57 aj + + * trunk/src/tools/pkcs15-tool.c: add options for displaying + openssh keys. + +2005-06-15 08:56 aj + + * trunk/src/pkcs11/Makefile.am, trunk/src/sslengines/Makefile.am: + move libraries from lib/pkcs11 to lib/, rename the engine dir to + engine, and make it "openssl" so openssl can load the engines + automaticaly. + +2005-06-14 21:37 nils + + * trunk/docs/Makefile.am, trunk/docs/netkey-tool.1, + trunk/src/tools/Makefile.am, trunk/src/tools/netkey-tool.c: add + netkey-tool from Peter Koch + +2005-06-07 14:31 martin + + * trunk/src/libopensc/reader-pcsc.c: It is plain wrong to call + again pcsc layer locking methods as card.c:sc_lock() already + does it when somebody goes to the card the very first time and + thus begins a transaction. iso7816.c methods should lock the + card in iso7816_pin_cmd() on card level if anything. + +2005-06-07 12:43 martin + + * trunk/src/libopensc/card-oberthur.c: Add support for pinpad PIN + verification. Patch from Andreas Steffen + +2005-05-22 20:07 nils + + * trunk/src/tools/pkcs11-tool.c: microsoft's vs 6.0 doesn't like + initialization during declaration. let's use memset instead + +2005-05-21 10:21 nils + + * trunk/docs/pkcs11-tool.1, trunk/src/tools/pkcs11-tool.c: enhance + object writting support, patch supplied by Marc Bevand + + +2005-05-20 09:55 nils + + * trunk/src/pkcs11/pkcs11-display.c: cleanup, patch supplied by + Marc Bevand + +2005-05-17 21:51 nils + + * trunk/src/libopensc/pkcs15-netkey.c: update from Peter Koch + +2005-05-11 14:00 sth + + * trunk/src/pkcs11/framework-pkcs15.c: Don't used cashed PINs for + a UserConsent key! + +2005-05-10 19:58 sth + + * trunk/src/pkcs15init/setcos.profile: Better choices for the + sizes/FIDs + typo fix + +2005-05-10 12:59 nils + + * trunk/src/libopensc/pkcs15-actalis.c: add certs only when we + have zlib support + +2005-05-09 11:46 sth + + * trunk/src/pkcs15init/pkcs15-lib.c: If an object is added to a + pkcs15_card, don't call sc_pkcs15_free_object() on it + +2005-05-08 21:30 nils + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, + trunk/src/libopensc/pkcs15-actalis.c, + trunk/src/libopensc/pkcs15-syn.c: add support for Actalis card; + patch supplied by Andrea Frigido + +2005-05-07 22:22 nils + + * trunk/docs/pkcs11-tool.1, trunk/src/tools/pkcs11-tool.c: add + initialization support for token/pin; supplied by Marc Bevand + + +2005-05-06 13:52 sth + + * trunk/src/pkcs15init/pkcs15-setcos.c: Fix: re-link the SO-PIN to + the pkcs15 DF, otherwise the AC's in sc_pkcs15init_add_app() are + ignored resulting in a.o. an unprotected pkcs15 DF + +2005-05-06 11:31 sth + + * trunk/src/pkcs15init/pkcs15-setcos.c, + trunk/src/pkcs15init/setcos.profile: Fixed handling of pkcs15 + types and added support for storing pkcs15 data objects + +2005-05-04 13:17 sth + + * trunk/src/pkcs15init/Makefile.mak: Have pkcs15init as a DLL + instead of as a static lib file + +2005-05-03 09:33 martin + + * trunk/src/tests/pintest.c: Announce the capabilities of the + terminal 'press enter for pinpad'-enable the pintest utility + +2005-05-02 19:17 sth + + * trunk/src/libopensc/card.c: Removed double line -- thx Nils + +2005-05-02 18:48 sth + + * trunk/src/libopensc/card.c: atr table reallocation fix by + William Wanders + +2005-05-02 09:43 sth + + * trunk/src/sslengines/engine_pkcs11.c: Removed unnessary + #includes from previous path + +2005-05-02 09:41 sth + + * trunk/src/sslengines/engine_pkcs11.c: Typo fix -- causes compile + error on MS VS + +2005-04-30 10:07 nils + + * trunk/src/sslengines/engine_pkcs11.c: free pin when ending a + pkcs11 session; patch supplied by Douglas E. Engert + + +2005-04-29 20:23 aj + + * trunk/QUICKSTART: create a key that does signing and decryption. + +2005-04-26 09:09 aj + + * trunk/NEWS: Oops, didn't update news file yesterday before the + release. So at least document it now. + +2005-04-25 21:00 nils + + * trunk/src/libopensc/pkcs15-infocamere.c: changes from Antonino + Iacono + +2005-04-25 19:21 aj + + * trunk/src/libopensc/ui.c: Ludovic Rousseau: rxvt can also do + color so here is a patch. + +2005-04-24 16:17 nils + + * trunk/src/libopensc/pkcs15-infocamere.c: changes from Antonino + Iacono + +2005-04-24 09:28 nils + + * trunk/src/pkcs11/pkcs11-display.c: bugfix; supplied by Marc + Bevand + +2005-04-23 12:26 nils + + * trunk/src/sslengines/engine_opensc.c, + trunk/src/sslengines/engine_pkcs11.c: add callback_data + parameter to get_pin; supplied by Douglas E. Engert + + +2005-04-23 11:20 nils + + * trunk/src/libopensc/pkcs15-gemsafe.c: try file id if selection + via df name doesn't work; Douglas E. Engert + +2005-04-19 18:38 nils + + * trunk/src/libopensc/pkcs15-gemsafe.c: fix problem with unsigned + int; pointe out by Douglas E. Engert + +2005-04-17 16:43 nils + + * trunk/src/libopensc/pkcs15-infocamere.c: add support for yet + another infocamere card, submitted by Sirio Capizzi + + +2005-04-16 13:42 nils + + * trunk/configure.in: check for zlib + +2005-04-16 13:36 nils + + * trunk/src/libopensc/card-etoken.c: add yet another atr to + card-etoken.c + +2005-04-16 12:06 nils + + * trunk/src/libopensc/card-flex.c: added yet another atr to + card-flex, supplied by: Giuseppe Raspanti + +2005-04-16 10:40 nils + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, + trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/pkcs15-gemsafe.c, + trunk/src/libopensc/pkcs15-syn.c: add support for gpk16k gemsafe + cards, Douglas E. Engert et al + +2005-04-16 10:37 nils + + * trunk/src/libopensc/card-setcos.c, + trunk/src/pkcs15init/pkcs15-setcos.c: cleanup + +2005-04-16 10:21 martin + + * trunk/src/pkcs15init/pkcs15-starcos.c: scrandom interface is not + used by starcos + +2005-04-12 20:46 aj + + * trunk/configure.in: set the version to "WIP" (work in progress) + for the snapshot script. + +2005-04-11 06:36 nils + + * trunk/configure.in: make it work again (at least for me) + +2005-04-10 21:58 nils + + * trunk/src/libopensc/pkcs15-syn.c: remove broken code, add + skeleton for a new function + +2005-04-10 20:59 nils + + * trunk/src/libopensc/pkcs15-infocamere.c: disabled auth key/pin + as the IDs are wrong + +2005-04-09 13:32 nils + + * trunk/src/libopensc/card-setcos.c: fix compiler warnings + +2005-04-09 13:23 nils + + * trunk/src/sslengines/engine_pkcs11.c, + trunk/src/sslengines/engine_pkcs11.h, + trunk/src/sslengines/hw_pkcs11.c, + trunk/src/sslengines/test_engine.sh: add support cert loading, + patch supplied by Douglas E. Engert + +2005-04-07 19:45 martin + + * trunk/NEWS, trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/reader-pcsc.c: Small fixes in the teletrust + spec support code and related NEWS item + +2005-04-07 08:45 aj + + * trunk/QUICKSTART: files were renamed - adjust QUICKSTART file. + +2005-04-07 07:29 aj + + * trunk/Makefile.am, trunk/NEWS, trunk/solaris/opensc.conf-dist: + update trunk: include solaris/* files in tar file, update NEWS + with 0.9.6 changes, add profile_dir to solaris/openscc.conf-dist + +2005-04-04 21:52 nils + + * trunk/src/libopensc/padding.c, trunk/src/libopensc/pkcs15.c: + cleanup + +2005-04-04 09:30 sth + + * trunk/src/libopensc/card-setcos.c, + trunk/src/libopensc/cardctl.h, trunk/src/libopensc/cards.h, + trunk/src/pkcs15init/Makefile.am, + trunk/src/pkcs15init/Makefile.mak, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-setcos.c, + trunk/src/pkcs15init/setcos.profile: Added initial support for + SetCOS 4.4 cards + +2005-03-30 18:25 sth + + * trunk/src/libopensc/opensc.h, trunk/src/pkcs15init/pkcs15-lib.c: + If the SC_CARD_CAP_USE_FCI_AC flag is set, + sc_pkcs15init_authenticate() will check the file's ACs on the + card instead of relying on the ones in the profile file + +2005-03-30 18:18 sth + + * trunk/src/libopensc/opensc.h: Added another life cycle state + +2005-03-30 16:40 nils + + * branches/opensc-0.9/src/libopensc/asn1.c, + trunk/src/libopensc/asn1.c: bools are int; pointed out by + William Wanders + +2005-03-29 19:59 nils + + * trunk/src/tools/eidenv.c: fix for solaris; patch supplied by + Douglas E. Engert + +2005-03-29 07:30 aj + + * trunk/solaris, trunk/solaris/Makefile, trunk/solaris/README, + trunk/solaris/checkinstall.in, trunk/solaris/opensc.conf-dist, + trunk/solaris/pkginfo.in, trunk/solaris/proto: Add solaris/ + subdir and files to make using opensc on solaris easier. + +2005-03-26 20:10 sth + + * trunk/src/pkcs15init/pkcs15-lib.c: Moved init-card() till after + the pin-initialisation, this allows init-card() to do operation + with a pin without doing the pin stuff again. Shouldn't break + anything -- if it does, we'll undo this. + +2005-03-26 20:00 sth + + * trunk/src/pkcs11/misc.c: Added opensc-to-pks11 error mapping + +2005-03-26 19:48 sth + + * trunk/src/libopensc/sc.c: Prevent doubles in the ACL entries + +2005-03-26 19:47 sth + + * trunk/src/libopensc/iso7816.c: Allow an empty path in + iso7816_delete_file(), to indicate that the current DF should be + deleted. + +2005-03-26 19:35 sth + + * trunk/src/libopensc/opensc.h: No unistd.h on Windows + +2005-03-26 19:33 sth + + * trunk/src/libopensc/Makefile.mak: Removed pinpad-ccid + +2005-03-24 16:57 martin + + * trunk/src/libopensc/pkcs15-esteid.c: Parentheses too.. + +2005-03-24 16:54 martin + + * trunk/src/libopensc/pkcs15-esteid.c, + trunk/src/libopensc/reader-pcsc.c: * fix an return code from + ctbcs spec * make sure pins and puk are correctly associated in + esteid emu + +2005-03-23 23:24 aj + + * trunk/src/libopensc/opensc.h, trunk/src/libopensc/reader-pcsc.c: + silence a few warnings. + +2005-03-23 23:16 aj + + * trunk/etc/Makefile.am: use tab, not spaces. + +2005-03-23 23:12 aj + + * trunk/etc/opensc.conf.in: fill in profile_dir in config file. + * trunk/etc/Makefile.am, trunk/etc/opensc.conf.example, + trunk/etc/opensc.conf.in, trunk/etc/scldap.conf.example, + trunk/etc/scldap.conf.in: generate config file code with the + configure'd profile dir in opensc.conf. + +2005-03-23 23:10 aj + + * trunk/src/libopensc/ctx.c, trunk/src/pkcs15init/profile.c, + trunk/src/pkcs15init/profile.h: apply improved profile handling + code. + +2005-03-23 22:58 aj + + * trunk/src/include/winconfig.h: remove winreg.h as global include + (not needed in 99.9% of all files), remove obsolete config file + / profile dir definitions. + +2005-03-23 22:44 aj + + * trunk/src/libopensc/card-flex.c: fix egate token with cryptoflex + on windows. + +2005-03-23 22:37 aj + + * trunk/src/pkcs11/pkcs11-global.c: put new version in + pkcs11-global.c, too. + +2005-03-23 21:31 aj + + * trunk/configure.in: library was changed in an incompatible way + since 0.8, so we need to go from 0 to 1. + +2005-03-23 21:26 aj + + * trunk/NEWS: import news from 0.9 branch / releases. + +2005-03-23 21:08 aj + + * trunk/.cvsignore, trunk/aclocal/.cvsignore, + trunk/doc/.cvsignore, trunk/docs/.cvsignore, + trunk/etc/.cvsignore, trunk/macos/.cvsignore, + trunk/src/.cvsignore, trunk/src/common/.cvsignore, + trunk/src/include/.cvsignore, + trunk/src/include/opensc/.cvsignore, + trunk/src/include/opensc/rsaref/.cvsignore, + trunk/src/libopensc/.cvsignore, trunk/src/openscd/.cvsignore, + trunk/src/openssh/.cvsignore, trunk/src/pam/.cvsignore, + trunk/src/pkcs11/.cvsignore, trunk/src/pkcs11/rsaref/.cvsignore, + trunk/src/pkcs15init/.cvsignore, trunk/src/scam/.cvsignore, + trunk/src/scconf/.cvsignore, trunk/src/scdl/.cvsignore, + trunk/src/scldap/.cvsignore, trunk/src/scrandom/.cvsignore, + trunk/src/sia/.cvsignore, trunk/src/signer/.cvsignore, + trunk/src/signer/npinclude/.cvsignore, + trunk/src/sslengines/.cvsignore, trunk/src/tests/.cvsignore, + trunk/src/tests/regression/.cvsignore, + trunk/src/tools/.cvsignore, trunk/win32/.cvsignore: remove + .cvsignore files. + +2005-03-23 21:07 aj + + * trunk/debian: remove debian/ as it is obsolete and was not + maintained at all. this was eric can commit the current debian/ + used by the official debian packages. + +2005-03-18 20:36 nils + + * trunk/src/libopensc/pkcs15-esteid.c, + trunk/src/libopensc/pkcs15-infocamere.c, + trunk/src/libopensc/pkcs15-netkey.c, + trunk/src/libopensc/pkcs15-openpgp.c, + trunk/src/libopensc/pkcs15-postecert.c: fix free argument, + pointed out by Giuseppe Sacco + + +2005-03-09 12:46 pisi + + * trunk/src/libopensc/pkcs15-pin.c: common pin validity check, + supprot (still disabled) for pinpads in modify and unblock + +2005-03-09 12:44 pisi + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/pinpad-ccid.c, + trunk/src/libopensc/pinpad-ccid.h, + trunk/src/libopensc/reader-pcsc.c: Introduce TeleTrust Class 2 + spec compliant pinpad functionality and incorporate the pinpad + functions directly to reader-pcsc.c. Mainly because the code + requires access to internal pcsc-only structures and splitting + some definitions to an extra header would not be very nice. + Also, the API is pcsc based and usable with other ifdhandlers + too, not just CCID. + +2005-03-09 12:25 pisi + + * trunk/src/libopensc/card-mcrd.c: Minor additions + +2005-03-09 11:45 pisi + + * trunk/etc/opensc.conf.example, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/pkcs15.h: A single flag for all pkcs15 layer + applications to detect a) if pinpad is present b) and if we + should make use of it. Also remove the CCID specific option for + pinpad detection - if detected, the flag will anyway always be + set as it reflects the capabilities of the actual reader. Also, + the detection mechanism is changed to be crossplatform. + +2005-03-09 11:14 pisi + + * trunk/src/libopensc/card.c, trunk/src/libopensc/internal.h: + copypaste ****s. Introduce a common internal function that + removes several copypastes + +2005-03-09 10:47 pisi + + * trunk/src/libopensc/asn1.c: Space cleanups + +2005-03-09 00:04 bert + + * trunk/src/openscd/commands.c, + trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/misc.c, + trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/pkcs11-spy.c, + trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-etoken.c, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-jcop.c, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-miocos.c, + trunk/src/pkcs15init/pkcs15-oberthur.c, + trunk/src/pkcs15init/pkcs15-starcos.c, + trunk/src/pkcs15init/profile.c, trunk/src/scam/p15_eid.c, + trunk/src/scam/p15_ldap.c, trunk/src/tests/sc-test.c, + trunk/src/tools/cardos-info.c, + trunk/src/tools/cryptoflex-tool.c, trunk/src/tools/eidenv.c, + trunk/src/tools/opensc-explorer.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-crypt.c, + trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-tool.c, + trunk/src/tools/util.c: API fixup: use defined type instead of + struct for exposed structs (part 2) + +2005-03-08 20:59 bert + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/card-belpic.c, + trunk/src/libopensc/card-default.c, + trunk/src/libopensc/card-emv.c, + trunk/src/libopensc/card-etoken.c, + trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/card-jcop.c, + trunk/src/libopensc/card-mcrd.c, + trunk/src/libopensc/card-miocos.c, + trunk/src/libopensc/card-oberthur.c, + trunk/src/libopensc/card-setcos.c, + trunk/src/libopensc/card-starcos.c, + trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/ctbcs.c, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/dir.c, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/log.c, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/padding.c, + trunk/src/libopensc/pinpad-ccid.c, + trunk/src/libopensc/pkcs15-algo.c, + trunk/src/libopensc/pkcs15-cache.c, + trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-data.c, + trunk/src/libopensc/pkcs15-infocamere.c, + trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15-postecert.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-pubkey.c, + trunk/src/libopensc/pkcs15-sec.c, + trunk/src/libopensc/pkcs15-starcert.c, + trunk/src/libopensc/pkcs15-wrap.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/reader-ctapi.c, + trunk/src/libopensc/reader-openct.c, + trunk/src/libopensc/reader-pcsc.c, trunk/src/libopensc/sc.c, + trunk/src/libopensc/sec.c: API fixup: use defined type instead + of struct for exposed structs + +2005-03-07 14:00 aet + + * trunk/etc/opensc.conf.example, trunk/src/include/winconfig.h, + trunk/src/libopensc/ctx.c, trunk/src/pkcs15init/profile.c, + trunk/src/pkcs15init/profile.h: - Add support for getting + location of the configuration file from Windows registry + (HKCU/HKLM) - Handle OPENSC_CONF environment variable on unix - + Add configuration option "profile_dir" to bypass build time + setting for pkcs15 initialization profiles directory Patch by + Andreas Jellinghaus, with minor enhancements from me. + +2005-03-06 14:37 pisi + + * trunk/src/libopensc/card-flex.c: whitespace cleanups + +2005-03-04 01:41 pisi + + * trunk/src/libopensc/reader-pcsc.c: consistent naming and trimmed + lines + +2005-03-03 18:12 aet + + * trunk/src/tools, trunk/src/tools/.cvsignore, + trunk/src/tools/Makefile.am: - eidenv cleanup + +2005-03-02 09:03 aet + + * trunk/src/tools/eidenv.c: - Minor fixes, convert crlf -> lf + +2005-03-02 09:02 aet + + * trunk/configure.in: - Disable openscd + +2005-03-02 08:11 pisi + + * trunk/src/Makefile.am: Removed openscd from + automake/distribution as it should be dead code. + +2005-03-02 08:05 pisi + + * trunk/src/tools/Makefile.am, trunk/src/tools/eidenv.c: eidenv - + small utility for Estonian ID card *nix only) + +2005-03-02 06:03 sth + + * trunk/src/libopensc/pkcs15-cache.c: Correctly check for reading + out of file bounds, thx to Sirio Capizi + +2005-03-02 02:06 bert + + * trunk/doc/src/api/apps/sc_enum_apps.xml, + trunk/doc/src/api/apps/sc_find_app_by_aid.xml, + trunk/doc/src/api/apps/sc_find_pkcs15_app.xml, + trunk/doc/src/api/apps/sc_free_apps.xml, + trunk/doc/src/api/apps/sc_update_dir.xml, + trunk/doc/src/api/asn1/sc_asn1_decode.xml, + trunk/doc/src/api/asn1/sc_asn1_encode.xml, + trunk/doc/src/api/asn1/sc_asn1_find_tag.xml, + trunk/doc/src/api/asn1/sc_asn1_print_tags.xml, + trunk/doc/src/api/asn1/sc_asn1_put_tag.xml, + trunk/doc/src/api/asn1/sc_asn1_read_tag.xml, + trunk/doc/src/api/asn1/sc_asn1_skip_tag.xml, + trunk/doc/src/api/asn1/sc_asn1_verify_tag.xml, + trunk/doc/src/api/asn1/sc_copy_asn1_entry.xml, + trunk/doc/src/api/asn1/sc_format_asn1_entry.xml: Add XML header + + manual title + +2005-03-02 02:01 bert + + * trunk/doc/src/api/init/sc_set_card_driver.xml, + trunk/doc/src/api/types/sc_file_t.xml, + trunk/doc/src/api/types/sc_path_t.xml: Work around simplelist bug + +2005-03-02 00:30 bert + + * trunk/doc/src/api/card/sc_card_ctl.xml, + trunk/doc/src/api/card/sc_check_sw.xml, + trunk/doc/src/api/card/sc_format_apdu.xml, + trunk/doc/src/api/card/sc_get_challenge.xml, + trunk/doc/src/api/card/sc_get_data.xml, + trunk/doc/src/api/card/sc_lock.xml, + trunk/doc/src/api/card/sc_put_data.xml, + trunk/doc/src/api/card/sc_transmit_apdu.xml, + trunk/doc/src/api/card/sc_unlock.xml: Add proper XML header + +2005-03-02 00:10 bert + + * trunk/doc/src/api/util/sc_base64_decode.xml, + trunk/doc/src/api/util/sc_base64_encode.xml, + trunk/doc/src/api/util/sc_der_clear.xml, + trunk/doc/src/api/util/sc_der_copy.xml, + trunk/doc/src/api/util/sc_strerror.xml: Add proper XML header + +2005-03-02 00:08 bert + + * trunk/doc/src/api/init/sc_wait_for_event.xml: removed + sc_wait_for_event() + +2005-03-01 23:33 bert + + * trunk/doc/src/api/file/chapter.xml, + trunk/doc/src/api/file/sc_append_record.xml, + trunk/doc/src/api/file/sc_create_file.xml, + trunk/doc/src/api/file/sc_delete_file.xml, + trunk/doc/src/api/file/sc_delete_record.xml, + trunk/doc/src/api/file/sc_file_dup.xml, + trunk/doc/src/api/file/sc_file_free.xml, + trunk/doc/src/api/file/sc_file_new.xml, + trunk/doc/src/api/file/sc_list_files.xml, + trunk/doc/src/api/file/sc_read_binary.xml, + trunk/doc/src/api/file/sc_read_record.xml, + trunk/doc/src/api/file/sc_select_file.xml, + trunk/doc/src/api/file/sc_update_binary.xml, + trunk/doc/src/api/file/sc_update_record.xml, + trunk/doc/src/api/file/sc_write_binary.xml, + trunk/doc/src/api/file/sc_write_record.xml: cleanup headers + + add manual title + +2005-03-01 23:18 bert + + * trunk/doc/src/api/init/sc_card_valid.xml, + trunk/doc/src/api/init/sc_connect_card.xml, + trunk/doc/src/api/init/sc_detect_card_presence.xml, + trunk/doc/src/api/init/sc_disconnect_card.xml, + trunk/doc/src/api/init/sc_establish_context.xml, + trunk/doc/src/api/init/sc_get_cache_dir.xml, + trunk/doc/src/api/init/sc_make_cache_dir.xml, + trunk/doc/src/api/init/sc_release_context.xml, + trunk/doc/src/api/init/sc_set_card_driver.xml: clean up headers + + add manual title + +2005-03-01 23:13 bert + + * trunk/doc/src/api/card/sc_wait_for_event.xml: fix typo's + +2005-03-01 23:02 bert + + * trunk/doc/src/api/card/chapter.xml, + trunk/doc/src/api/card/sc_wait_for_event.xml, + trunk/doc/src/api/init/chapter.xml: Moved sc_wait_for_event() to + card ops + +2005-03-01 22:58 bert + + * trunk/doc/src/api/init/chapter.xml, + trunk/doc/src/api/init/sc_wait_for_event.xml: Added + sc_wait_for_event() + +2005-03-01 16:28 bert + + * trunk/doc/src/api/util/sc_base64_decode.xml, + trunk/doc/src/api/util/sc_base64_encode.xml, + trunk/doc/src/api/util/sc_der_clear.xml, + trunk/doc/src/api/util/sc_der_copy.xml, + trunk/doc/src/api/util/sc_strerror.xml: Added manual title + +2005-03-01 16:11 bert + + * trunk/doc/src/api/types/chapter.xml: header file cleanup + +2005-03-01 16:09 bert + + * trunk/doc/src/api/types/sc_app_info_t.xml, + trunk/doc/src/api/types/sc_asn1_entry.xml, + trunk/doc/src/api/types/sc_card_t.xml, + trunk/doc/src/api/types/sc_file_t.xml, + trunk/doc/src/api/types/sc_path_t.xml: header file cleanup + + manual title + +2005-03-01 16:01 bert + + * trunk/doc, trunk/doc/.cvsignore: cvsignore + +2005-03-01 15:56 bert + + * trunk/doc/Makefile, trunk/doc/src/api/api.xml, + trunk/doc/src/api/html.xsl, trunk/doc/src/api/man.xsl: New doc + build system + +2005-02-28 20:08 bert + + * trunk/doc/src/api/init/sc_set_card_driver.xml, + trunk/doc/src/api/types/sc_card_t.xml: * openpgp card, not + opengpg * add atr_len field to sc_card_t + +2005-02-27 07:25 sth + + * trunk/src/tools/pkcs15-crypt.c: Typo fix (thx Andreas, sorry Juha + +2005-02-26 19:47 sth + + * trunk/src/tools/pkcs15-crypt.c: 'pinpad-enable' pkcs15-crypt: if + it's a pinpad and you press enter when being asked for a PIN, + you can enter the PIN on the reader + +2005-02-25 23:57 bert + + * trunk/doc/src/api/api.css, trunk/doc/src/api/api.xml, + trunk/doc/src/api/types/sc_app_info_t.xml, + trunk/doc/src/api/types/sc_asn1_entry.xml, + trunk/doc/src/api/util/sc_strerror.xml: Added sc_app_info_t, + sc_asn1_entry and sc_strerror() + +2005-02-25 23:56 bert + + * trunk/doc/src/api/asn1/sc_asn1_decode.xml, + trunk/doc/src/api/asn1/sc_copy_asn1_entry.xml, + trunk/doc/src/api/asn1/sc_format_asn1_entry.xml: Docbook + validation fixes + +2005-02-25 23:55 bert + + * trunk/doc/src/api/apps/chapter.xml, + trunk/doc/src/api/asn1/chapter.xml, + trunk/doc/src/api/card/chapter.xml, + trunk/doc/src/api/file/chapter.xml, + trunk/doc/src/api/init/chapter.xml, + trunk/doc/src/api/types/chapter.xml, + trunk/doc/src/api/util/chapter.xml: Validation fixes + +2005-02-25 21:17 pisi + + * trunk/src/sslengines/engine_pkcs11.c, + trunk/src/sslengines/p11_slot.c, + trunk/src/sslengines/pkcs11-internal.h: If the PKCS#11 token can + itself authenticate the user, we let it do it and ask nothing. + First because many applications that might link to the openssl + library would never-ever implement it and anyway it is the task + of the pkcs11 module to take care of the authentication however + the module/token feels feasible. + +2005-02-24 11:11 aet + + * trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/cards.h: + - Some fine-tuning to get previous, current and future FinEID + cards working. + +2005-02-23 23:36 bert + + * trunk/doc/src/api/api.xml, trunk/doc/src/api/apps, + trunk/doc/src/api/apps/chapter.xml, + trunk/doc/src/api/apps/sc_enum_apps.xml, + trunk/doc/src/api/apps/sc_find_app_by_aid.xml, + trunk/doc/src/api/apps/sc_find_pkcs15_app.xml, + trunk/doc/src/api/apps/sc_free_apps.xml, + trunk/doc/src/api/apps/sc_update_dir.xml, + trunk/doc/src/api/types/sc_card_t.xml: Added application + functions from dir.c Added app list to sc_card_t docs + +2005-02-23 19:34 aet + + * trunk/src/tests/lottery.c, trunk/src/tests/prngtest.c: - Don't + loop forever + +2005-02-23 19:09 aet + + * trunk/src/libopensc/opensc.h: - For completeness sake, add + SC_CARD_FLAG_VENDOR_MASK + +2005-02-23 10:44 aet + + * trunk/NEWS: - Preliminary update for the next release + +2005-02-23 10:39 aet + + * trunk/src/libopensc/card-openpgp.c: - Case cleanup + +2005-02-23 02:52 bert + + * trunk/doc, trunk/doc/src, trunk/doc/src/api, + trunk/doc/src/api/api.css, trunk/doc/src/api/api.xml, + trunk/doc/src/api/asn1, trunk/doc/src/api/asn1/chapter.xml, + trunk/doc/src/api/asn1/sc_asn1_decode.xml, + trunk/doc/src/api/asn1/sc_asn1_encode.xml, + trunk/doc/src/api/asn1/sc_asn1_find_tag.xml, + trunk/doc/src/api/asn1/sc_asn1_print_tags.xml, + trunk/doc/src/api/asn1/sc_asn1_put_tag.xml, + trunk/doc/src/api/asn1/sc_asn1_read_tag.xml, + trunk/doc/src/api/asn1/sc_asn1_skip_tag.xml, + trunk/doc/src/api/asn1/sc_asn1_verify_tag.xml, + trunk/doc/src/api/asn1/sc_copy_asn1_entry.xml, + trunk/doc/src/api/asn1/sc_format_asn1_entry.xml, + trunk/doc/src/api/card, trunk/doc/src/api/card/chapter.xml, + trunk/doc/src/api/card/sc_card_ctl.xml, + trunk/doc/src/api/card/sc_check_sw.xml, + trunk/doc/src/api/card/sc_format_apdu.xml, + trunk/doc/src/api/card/sc_get_challenge.xml, + trunk/doc/src/api/card/sc_get_data.xml, + trunk/doc/src/api/card/sc_lock.xml, + trunk/doc/src/api/card/sc_put_data.xml, + trunk/doc/src/api/card/sc_transmit_apdu.xml, + trunk/doc/src/api/card/sc_unlock.xml, trunk/doc/src/api/file, + trunk/doc/src/api/file/chapter.xml, + trunk/doc/src/api/file/sc_append_record.xml, + trunk/doc/src/api/file/sc_create_file.xml, + trunk/doc/src/api/file/sc_delete_file.xml, + trunk/doc/src/api/file/sc_delete_record.xml, + trunk/doc/src/api/file/sc_file_dup.xml, + trunk/doc/src/api/file/sc_file_free.xml, + trunk/doc/src/api/file/sc_file_new.xml, + trunk/doc/src/api/file/sc_list_files.xml, + trunk/doc/src/api/file/sc_read_binary.xml, + trunk/doc/src/api/file/sc_read_record.xml, + trunk/doc/src/api/file/sc_select_file.xml, + trunk/doc/src/api/file/sc_update_binary.xml, + trunk/doc/src/api/file/sc_update_record.xml, + trunk/doc/src/api/file/sc_write_binary.xml, + trunk/doc/src/api/file/sc_write_record.xml, + trunk/doc/src/api/init, trunk/doc/src/api/init/chapter.xml, + trunk/doc/src/api/init/sc_card_valid.xml, + trunk/doc/src/api/init/sc_connect_card.xml, + trunk/doc/src/api/init/sc_detect_card_presence.xml, + trunk/doc/src/api/init/sc_disconnect_card.xml, + trunk/doc/src/api/init/sc_establish_context.xml, + trunk/doc/src/api/init/sc_get_cache_dir.xml, + trunk/doc/src/api/init/sc_make_cache_dir.xml, + trunk/doc/src/api/init/sc_release_context.xml, + trunk/doc/src/api/init/sc_set_card_driver.xml, + trunk/doc/src/api/init/sc_wait_for_event.xml, + trunk/doc/src/api/misc, trunk/doc/src/api/misc/chapter.xml, + trunk/doc/src/api/types, trunk/doc/src/api/types/chapter.xml, + trunk/doc/src/api/types/sc_card_t.xml, + trunk/doc/src/api/types/sc_file_t.xml, + trunk/doc/src/api/types/sc_path_t.xml, trunk/doc/src/api/util, + trunk/doc/src/api/util/chapter.xml, + trunk/doc/src/api/util/sc_base64_decode.xml, + trunk/doc/src/api/util/sc_base64_encode.xml, + trunk/doc/src/api/util/sc_der_clear.xml, + trunk/doc/src/api/util/sc_der_copy.xml: Initial checkin of new + docs + +2005-02-22 21:03 nils + + * trunk/src/signer/opensc-crypto.c: bugfix + +2005-02-22 07:59 aet + + * trunk/etc/opensc.conf.example, trunk/src/libopensc/card-flex.c, + trunk/src/libopensc/card.c, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/internal.h, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15-syn.c, + trunk/src/libopensc/reader-pcsc.c: - Introduce a new powerful + card_atr mechanism to opensc configuration file to handle any + configuring related to certain card / cards using atrmask. - + Rewrite Martin's force_protocol to _sc_check_forced_protocol() + to make it possible to share the code with other reader driver + implementations than pcsc. - Implement _sc_match_atr_block() to + help out with force protocol and pkcs15 emulation layers, to + find information that's not stored directly to sc_atr_table. + +2005-02-20 08:26 aet + + * trunk/etc/opensc.conf.example, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/internal.h, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15-syn.c: - Increase + SC_MAX_READER_DRIVERS / SC_MAX_CARD_DRIVERS - Some cleanups + before future commits + +2005-02-15 14:41 pisi + + * trunk/src/pkcs11/libpkcs11.c: test label + +2005-02-14 09:13 aet + + * trunk/src/libopensc/card-setcos.c: - Typo + +2005-02-14 09:12 aet + + * trunk/src/libopensc/card.c, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/internal.h: - Fix a long-standing issue for + user configured atrs in the configuration file; free allocated + memory from the card_driver structures. + +2005-02-13 18:24 aet + + * trunk/src/libopensc/card-etoken.c, trunk/src/libopensc/cards.h: + - Correct some information for Italian eid cards, I suppose. + +2005-02-13 17:58 sth + + * trunk/src/libopensc/pinpad-ccid.c: Typo fix + +2005-02-13 11:41 aet + + * trunk/src/Makefile.mak: - Fixed a typo (Bernhard Froehlich) + +2005-02-13 08:43 aet + + * trunk/src/sslengines/engine_opensc.c, + trunk/src/sslengines/engine_pkcs11.c, + trunk/src/sslengines/hw_opensc.c, + trunk/src/sslengines/hw_pkcs11.c, + trunk/src/sslengines/p11_rsa.c: - Fix a pin issue with pinpad + readers (Bernhard Froehlich, Martin Paljak) - + UI_add_input_string enhancements (Martin Paljak) - printf + cleanups + +2005-02-12 10:29 aet + + * trunk/QUICKSTART: - Update the atr example output + +2005-02-11 20:43 aet + + * trunk/configure.in: - Merge between opensc / openct + +2005-02-11 20:09 aet + + * trunk/src/libopensc/card-mcrd.c, + trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/pinpad-ccid.c, + trunk/src/libopensc/pkcs15-esteid.c, + trunk/src/libopensc/pkcs15.c, + trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/misc.c, + trunk/src/pkcs11/pkcs11-global.c, + trunk/src/pkcs11/pkcs11-object.c, + trunk/src/pkcs11/pkcs11-session.c, trunk/src/pkcs11/sc-pkcs11.h, + trunk/src/pkcs11/slot.c, trunk/src/sslengines/engine_opensc.c, + trunk/src/tools/opensc-explorer.c, + trunk/src/tools/pkcs11-tool.c, trunk/src/tools/pkcs15-tool.c: - + Whitespace cleanup from me and Martin Paljak + +2005-02-11 20:02 aet + + * trunk/configure.in: - make use of AC_HELP_STRING in configure.in + (Martin Paljak) + +2005-02-11 10:05 aet + + * trunk/src/libopensc/pkcs15.c: - A fix for ISO 7816-15 cards I'm + playing with. No feedback received about the patch, let's move + on. The patch shouldn't affect any current behaviour. + +2005-02-11 10:03 aet + + * trunk/src/libopensc/pinpad-ccid.c: - A patch for belpic and + other global platform pin cards (Martin Paljak) + +2005-02-11 10:01 aet + + * trunk/src/libopensc/Makefile.am: - Add cards.h + +2005-02-10 14:30 aet + + * trunk/docs/opensc.html, trunk/docs/opensc.xml: - Remove entries + from TODO list (Martin Paljak) + +2005-02-10 12:48 aet + + * trunk/src/libopensc/card-flex.c: - Add ATR for a CryptoFlex card + from Mario Strasser, that I forgot to add over six months ago. + +2005-02-10 10:09 aet + + * trunk/src/libopensc/internal.h: - Change sc_atr_table->id to + type, so the name is synced between sc_atr_table and sc_card + structures. + +2005-02-10 10:08 aet + + * trunk/src/libopensc/cards.h: - Add cards.h + +2005-02-10 10:07 aet + + * trunk/src/libopensc/card-belpic.c, + trunk/src/libopensc/card-etoken.c, + trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/card-jcop.c, + trunk/src/libopensc/card-mcrd.c, + trunk/src/libopensc/card-miocos.c, + trunk/src/libopensc/card-oberthur.c, + trunk/src/libopensc/card-openpgp.c, + trunk/src/libopensc/card-setcos.c, + trunk/src/libopensc/card-starcos.c, + trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/pkcs15-esteid.c, + trunk/src/pkcs15init/pkcs15-gpk.c: - First stab towards + standardized card types + +2005-02-10 09:57 aet + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/card-oberthur.h, + trunk/src/pkcs15init/pkcs15-oberthur.c: - Remove card-oberthur.h + +2005-02-10 09:56 aet + + * trunk/src/include/opensc/Makefile.am, + trunk/src/libopensc/Makefile.mak: - Add cards.h + +2005-02-09 20:16 aet + + * trunk/src/libopensc/cardctl.h: - Remove outdated comment, part + of the information wasn't even correct. + +2005-02-09 20:03 aet + + * trunk/src/libopensc/card-flex.c, trunk/src/libopensc/cardctl.h: + - Cleanup + +2005-02-09 19:15 aet + + * trunk/src/libopensc/cardctl.h, trunk/src/libopensc/esteid.h, + trunk/src/libopensc/ui.h: - Cleanup + +2005-02-09 14:47 aet + + * trunk/src/libopensc/card-belpic.c, + trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/card-miocos.c, + trunk/src/libopensc/card-setcos.c, + trunk/src/libopensc/card-starcos.c, + trunk/src/libopensc/card-tcos.c: - Unify a bit the output of + commands like opensc-tool -D + +2005-02-09 14:09 aet + + * trunk/src/libopensc/card.c: - Fix for the previous commit + +2005-02-09 14:07 aet + + * trunk/src/libopensc/card.c: - _sc_match_atr: add support for + atrmask field in sc_atr_table + +2005-02-09 14:05 aet + + * trunk/src/libopensc/card-setcos.c: - Cleanup + * trunk/src/libopensc/internal.h: - Add comments + +2005-02-09 11:37 aet + + * trunk/src/libopensc/card-setcos.c: - Checkpoint commit, add + support for the next generation FinEID cards with ISO/IEC + 7816-15 layout. + +2005-02-09 11:33 aet + + * trunk/src/libopensc/card-belpic.c, + trunk/src/libopensc/card-etoken.c, + trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/card-jcop.c, + trunk/src/libopensc/card-mcrd.c, + trunk/src/libopensc/card-miocos.c, + trunk/src/libopensc/card-oberthur.c, + trunk/src/libopensc/card-openpgp.c, + trunk/src/libopensc/card-starcos.c, + trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/internal.h: + - Add atrmask to sc_atr_table + +2005-02-08 19:49 nils + + * trunk/src/pkcs15init/pkcs15.profile: remove unused profile entry + +2005-02-08 19:33 nils + + * trunk/src/pkcs15init/pkcs15-lib.c: remove unused define + +2005-02-08 09:51 aet + + * trunk/src/tools/pkcs15-init.c: - Warning fix + +2005-02-07 22:43 nils + + * trunk/src/libopensc/card.c: workaround for broken cashmouse + driver + +2005-02-07 17:03 aet + + * trunk/src/libopensc/dir.c, trunk/src/libopensc/pkcs15-esteid.c, + trunk/src/libopensc/pkcs15-syn.c: - Fixed typos + +2005-02-07 11:40 aet + + * trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/reader-pcsc.c: - Cleanup + +2005-02-07 10:58 nils + + * trunk/src/libopensc/pkcs15-pin.c: remove outdated comment + +2005-02-07 10:53 nils + + * trunk/src/libopensc/pkcs15-pin.c: fix usage of + sc_pkcs15_pin_info_t::max_length etc. + +2005-02-06 21:38 nils + + * trunk/src/libopensc/pkcs15-openpgp.c: no need to include + internal.h and asn1.h + +2005-02-06 21:34 nils + + * trunk/src/libopensc/pkcs15-openpgp.c: update, note: this totally + untested + +2005-02-06 21:32 nils + + * trunk/src/libopensc/pkcs15-syn.c: fix type flag + +2005-02-06 21:01 nils + + * trunk/src/tools/pkcs15-init.c: const fixes etc. + +2005-02-06 20:46 nils + + * trunk/src/libopensc/pkcs15-infocamere.c, + trunk/src/libopensc/pkcs15-postecert.c: as every card structure + has an own copy of the card ops struc, allocating a new one + shouldn't be necessary + +2005-02-06 20:14 aet + + * trunk/src/libopensc/card.c: - Ahm, fixed a typo in the previous + commit + +2005-02-06 19:40 aet + + * trunk/src/libopensc/card-belpic.c, + trunk/src/libopensc/card-etoken.c, + trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/card-jcop.c, + trunk/src/libopensc/card-mcrd.c, + trunk/src/libopensc/card-miocos.c, + trunk/src/libopensc/card-oberthur.c, + trunk/src/libopensc/card-openpgp.c, + trunk/src/libopensc/card-setcos.c, + trunk/src/libopensc/card-starcos.c, + trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/ctx.c, trunk/src/libopensc/internal.h, + trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15-esteid.c, trunk/src/libopensc/sc.c: - + Optimize a few cpu cycles from _sc_match_atr_hex - Replace + struct sc_atr_table / _sc_match_atr with recently introduced + _hex variants - Rewrote _add_atr - Introduce int type variable + to sc_card_t, so that every other card driver won't have to glue + around with this - Card driver cleanups, optimize the number of + sc_match_atr called per card driver. Also always try direct + match with _sc_match_atr first, before relying on eg. historical + bytes information on some card drivers - Fixed a memory leak + from the miocos driver + +2005-02-06 10:28 nils + + * trunk/src/pkcs11/pkcs11-display.c, + trunk/src/pkcs11/pkcs11-display.h, + trunk/src/pkcs11/pkcs11-spy.c: declare some functions static + + some type fixes + +2005-02-06 10:06 aet + + * trunk/src/tools/pkcs11-tool.c, trunk/src/tools/pkcs15-init.c: - + Warning fix + +2005-02-06 09:09 aet + + * trunk/configure.in: - Give up, just use CoreFoundation framework + instead of -lobjc + +2005-02-06 08:57 aet + + * trunk/src/libopensc/card-oberthur.c: - Cleanup + +2005-02-06 08:53 aet + + * trunk/src/pam/pam_support.c: - Warning fix, build fix + +2005-02-05 10:02 nils + + * trunk/src/tools/opensc-tool.c: even more cleanup + +2005-02-05 09:54 nils + + * trunk/src/tools/cryptoflex-tool.c: cleanup + +2005-02-04 22:52 nils + + * trunk/src/tools/pkcs15-crypt.c, trunk/src/tools/pkcs15-tool.c: + declare some functions static plus some type fixes + +2005-02-04 22:33 nils + + * trunk/src/tools/pkcs11-tool.c: remove unreachable code, make + some functions static and fix parameter type + +2005-02-04 22:11 nils + + * trunk/src/libopensc/card-starcos.c: cleanup + +2005-02-04 20:29 aet + + * trunk/src/libopensc/card-belpic.c, + trunk/src/libopensc/card-etoken.c, + trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/card-jcop.c, + trunk/src/libopensc/card-mcrd.c, + trunk/src/libopensc/card-miocos.c, + trunk/src/libopensc/card-oberthur.c, + trunk/src/libopensc/card-oberthur.h, + trunk/src/libopensc/card-openpgp.c, + trunk/src/libopensc/card-setcos.c, + trunk/src/libopensc/card-starcos.c, + trunk/src/libopensc/card-tcos.c, + trunk/src/libopensc/pkcs15-esteid.c: - Unify all card drivers + ATR matching code to use _sc_match_atr_hex, untested as of yet. + +2005-02-04 18:10 nils + + * trunk/src/tools/opensc-explorer.c: fix some compiler warnings + +2005-02-04 17:32 aet + + * trunk/src/libopensc/pkcs15-postecert.c: - Indent cleanups + +2005-02-04 17:29 aet + + * trunk/src/libopensc/pkcs15-starcert.c: - Revert previous patch, + it's unnecessary after recent changes + +2005-02-04 15:57 aet + + * trunk/src/libopensc/card.c, trunk/src/libopensc/internal.h: - + Introduce _sc_match_atr_hex / struct sc_atr_table_hex. + +2005-02-04 14:38 aet + + * trunk/src/tests/sc-test.c: - Cleanup ATR dumping code + +2005-02-04 11:43 aet + + * trunk/src/libopensc/pkcs15-starcert.c: - Add internal.h, that's + where the config.h and other general stuff comes from. + +2005-02-04 09:27 nils + + * trunk/src/libopensc/pkcs15-esteid.c, + trunk/src/libopensc/pkcs15-netkey.c, + trunk/src/libopensc/pkcs15-starcert.c: use strncpy instead of + snprintf + update of pkcs15-netkey.c + +2005-02-03 22:44 nils + + * trunk/src/libopensc/cardctl.h, trunk/src/libopensc/esteid.h, + trunk/src/libopensc/pinpad-ccid.c, + trunk/src/libopensc/pkcs15-esteid.c, + trunk/src/pkcs11/framework-pkcs15.c: indent fixes and cleanup by + Martin Paljak + +2005-02-02 22:18 nils + + * trunk/src/libopensc/pkcs15-starcert.c: make win compilers happy + (include config.h) + +2005-02-02 21:18 nils + + * trunk/src/libopensc/pkcs15-esteid.c, + trunk/src/libopensc/pkcs15-starcert.c, + trunk/src/libopensc/pkcs15-syn.c, trunk/src/libopensc/pkcs15.h: + first part of a pkcs15 emulation driver cleanup/rework: use new + api the create pkcs15 objects (note: the part enclosed in + '#ifndef OPENSC_NO_DEPRECATED' statement will be removed in + someday). At first only for pkcs15-esteid.c and + pkcs15-starcert.c but the others will follow soon (including + some documentation) + +2005-02-02 10:21 aet + + * trunk/src/libopensc/asn1.h, trunk/src/libopensc/cardctl.h, + trunk/src/libopensc/emv.h, trunk/src/libopensc/errors.h, + trunk/src/libopensc/internal.h, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/types.h, + trunk/src/pkcs15init/keycache.h, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/profile.h, + trunk/src/sslengines/pkcs11-internal.h, + trunk/src/tests/sc-test.h, trunk/src/tools/util.h: - Cleanup, + typo fix + +2005-02-01 19:09 nils + + * trunk/src/libopensc/pkcs15-sec.c: fix indent + +2005-02-01 19:03 nils + + * trunk/src/libopensc/card-starcos.c: add debugging output + +2005-02-01 19:02 nils + + * trunk/src/pkcs11/framework-pkcs15.c: bugfix: reselect + application directory when lock_login=false is set (at the + moment only for pkcs15_prkey_sign and pkcs15_prkey_decrypt), + see: + http://www.opensc.org/pipermail/opensc-devel/2005-January/005345.html + +2005-02-01 07:53 sth + + * trunk/src/libopensc/card-belpic.c: Work-around for the lack of + FCI info, so the card can be used with opensc-explorer + +2005-02-01 07:52 sth + + * trunk/src/libopensc/opensc.h, trunk/src/tools/opensc-explorer.c: + Work-around for cards that don't return FCI info + +2005-01-30 19:20 sth + + * trunk/src/include/winconfig.h, + trunk/src/libopensc/card-belpic.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/opensc.h: Have the option add a delay before + resending an APDU (after a 6CXX response). Is needed for most + current belpic cards on fast readers + +2005-01-30 13:50 aet + + * trunk/src/libopensc/card-belpic.c: - Indent source + +2005-01-30 13:29 aet + + * trunk/src/libopensc/card-belpic.c: - Cleanups + +2005-01-29 12:14 sth + + * trunk/src/libopensc/card-belpic.c: Added belpic card driver + +2005-01-29 12:10 sth + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/opensc.h: src/libopensc/card-belpic.c + +2005-01-29 10:51 aet + + * trunk/configure.in: - Show package version when configure is + finished + +2005-01-29 10:49 aet + + * trunk/src/libopensc/ctbcs.c, trunk/src/libopensc/ctbcs.h, + trunk/src/libopensc/ctx.c, trunk/src/libopensc/reader-ctapi.c: - + Add experimental multi-slot support for CT-API and CT-BCS 1.0 + enhancements. (Bernhard Froehlich ) - Enable + CT-API for win32 + +2005-01-29 10:44 aet + + * trunk/src/libopensc/reader-pcsc.c: - Build fix + +2005-01-29 09:13 aet + + * trunk/src/libopensc, trunk/src/libopensc/.cvsignore: Update + +2005-01-29 09:12 aet + + * trunk/Makefile.am: - Require automake 1.5 or later + +2005-01-28 21:22 nils + + * trunk/src/libopensc/card.c: yet another fix + +2005-01-28 20:41 sth + + * trunk/src/libopensc/Makefile.mak: Added pinpad-ccid.obj + +2005-01-28 20:39 sth + + * trunk/src/libopensc/pinpad-ccid.h, + trunk/src/libopensc/reader-pcsc.c: Windows fix: SCARD_CTL_CODE + is already #defined in a Windows header + +2005-01-27 22:52 nils + + * trunk/src/pkcs15init/pkcs15-lib.c: fix last commit + +2005-01-27 21:35 sth + + * trunk/src/libopensc/asn1.c: Fix: stop parsing at the end of the + file, not when finding padding bytes + +2005-01-25 11:45 aet + + * trunk/src/libopensc/reader-pcsc.c: - Build fix + +2005-01-25 11:11 aet + + * trunk/etc/opensc.conf.example, + trunk/src/libopensc/reader-pcsc.c: - Add use_ccid_pin_cmd + boolean to opensc.conf, for now. + +2005-01-24 22:10 nils + + * trunk/src/libopensc/card.c: fix lock/unlock mismatch + +2005-01-24 19:46 aet + + * trunk/src/libopensc/ctbcs.c, trunk/src/libopensc/pinpad-ccid.c: + - Cleanup + +2005-01-24 18:30 aet + + * trunk/configure.in, trunk/src/libopensc/card.c, + trunk/src/libopensc/pinpad-ccid.c, + trunk/src/libopensc/pinpad-ccid.h, + trunk/src/libopensc/reader-pcsc.c: - Early ccid pinpad cleanups, + more to follow + +2005-01-24 17:20 nils + + * trunk/configure.in: add two more options: one for Martin's + pinpad stuff and one for enable/disable logging of sensitive + apdu data + +2005-01-24 17:19 nils + + * trunk/src/libopensc/card.c: make it configurable whether or not + allow logging of sensitive apdu command data at all (to please + the Belgian EID guys ;-) + +2005-01-24 11:31 nils + + * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pinpad-ccid.c, + trunk/src/libopensc/pinpad-ccid.h, + trunk/src/libopensc/reader-ctapi.c, + trunk/src/libopensc/reader-openct.c, + trunk/src/libopensc/reader-pcsc.c: merge Martin Paljak's ccid + pinpad changes from the OPENSC_0_9 branch to the cvs head + +2005-01-23 19:48 nils + + * trunk/src/tools/pkcs11-tool.c: just issue a warning in case of a + missing attribute, patch supplied by Philipp Marek (with some + changes from me) + +2005-01-23 10:14 aet + + * trunk/aclocal/Makefile.am, trunk/aclocal/pkg.m4: - Add pkg.m4 + for pkg-config depencies + +2005-01-21 18:47 nils + + * trunk/src/tools/opensc-explorer.c: more indent fixes from Martin + Paljak + +2005-01-21 18:31 nils + + * trunk/src/pkcs15init/pkcs15-lib.c: fix more memory leaks + +2005-01-21 18:25 nils + + * trunk/src/tools/pkcs15-init.c: fix memory leak + +2005-01-21 11:06 nils + + * trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-lib.c: fix memory leaks + +2005-01-21 10:04 nils + + * trunk/src/pkcs15init/profile.c: fix memory leak: use object + specific release method + +2005-01-19 20:39 nils + + * trunk/src/tools/opensc-tool.c: print the atr in standard opensc + hex format, patch supplied by Martin Paljak + +2005-01-19 20:12 nils + + * trunk/src/pkcs11/pkcs11-object.c: even more indent issues + +2005-01-19 19:56 nils + + * trunk/src/libopensc/card-mcrd.c: fix debug message + remove + empty lines, patch supplied by Martin Paljak + +2005-01-19 19:52 nils + + * trunk/src/pkcs11/slot.c: fix indent again + +2005-01-19 18:15 nils + + * trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/misc.c, + trunk/src/pkcs11/pkcs11-display.c, + trunk/src/pkcs11/pkcs11-global.c, + trunk/src/pkcs11/pkcs11-object.c, + trunk/src/pkcs11/pkcs11-session.c, + trunk/src/pkcs11/pkcs11-spy.c, trunk/src/pkcs11/sc-pkcs11.h, + trunk/src/pkcs11/slot.c: some indent fixes from Martin Paljak + plus some additional changes from me + +2005-01-19 16:17 nils + + * trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15-sec.c, + trunk/src/libopensc/reader-pcsc.c, trunk/src/libopensc/sec.c: + fix indent, patch supplied by Martin Paljak + +2005-01-19 16:12 nils + + * trunk/src/tools/pkcs11-tool.c: don't print key length in case of + a private key (as private key doesn't have the CKA_MODULUS_BITS + attribute) + +2005-01-19 08:00 nils + + * trunk/src/common/getpass.c, trunk/src/tools/opensc-explorer.c: + fix indent, patch supplied by Martin Paljak + +2005-01-18 21:42 nils + + * trunk/src/libopensc/pkcs15-pin.c, trunk/src/libopensc/sec.c: + cleanup pin handling (set and use sc_pin_cmd_pin->pad_length + + use pkcs15 puk object if existing) + +2005-01-17 09:10 nils + + * trunk/src/libopensc/sec.c: of course we should not do it + +2005-01-16 21:12 sth + + * trunk/src/Makefile.mak, trunk/src/libopensc/Makefile.mak, + trunk/src/pkcs11/Makefile.mak, + trunk/src/sslengines/Makefile.mak, trunk/src/tools/Makefile.mak, + trunk/win32/Make.rules.mak: Simplified the procedure to link + with openssl on Windows: now you only need to slightly change + Make.rules.mak instead of hacking in several Makefile.mak files + +2005-01-16 14:24 aet + + * trunk/src/libopensc/reader-ctapi.c: - Add dynamic loading + support for win32, Bernhard Froehlich + +2005-01-16 13:29 aet + + * trunk/QUICKSTART: - Spell checks + +2005-01-14 23:14 nils + + * trunk/src/pkcs15init/pkcs15-lib.c: in case of SC_AC_UNKNOWN it + doesn't make much sense to verify something + add missing + suppress_errors-- + +2005-01-13 21:52 nils + + * trunk/docs/pkcs15-init.1, trunk/src/tools/pkcs15-init.c, + trunk/src/tools/pkcs15-tool.c: change auth_id -> id, show pin + type, update pkcs15-init manpage + +2005-01-13 20:28 nils + + * trunk/src/libopensc/card-starcos.c, + trunk/src/libopensc/iso7816.c: starcos: use iso decipher, + iso7816: set le to 256 == 0x00 + +2005-01-09 20:10 nils + + * trunk/src/libopensc/pkcs15-pin.c: remove misleading comment + +2005-01-08 10:20 nils + + * trunk/src/libopensc/pkcs15-pin.c: evaluate pkcs15 pin type + +2005-01-07 18:50 nils + + * trunk/src/libopensc/opensc.h: types are unsigned int + +2005-01-04 19:45 aet + + * trunk/src/libopensc/reader-ctapi.c: - fixed a typo, pointed out + by Bernhard Froehlich + +2005-01-03 17:47 nils + + * trunk/src/libopensc/ctx.c: dump version info in the log + +2005-01-03 17:25 nils + + * trunk/src/pkcs11/openssl.c, trunk/src/pkcs11/pkcs11-session.c, + trunk/src/pkcs11/secretkey.c, trunk/src/pkcs15init/keycache.c, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/profile.c: some cleanup + improved error + checking + +2005-01-03 17:20 nils + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/ctx.c, trunk/src/libopensc/pkcs15-algo.c, + trunk/src/libopensc/pkcs15.c: some cleanup + improved error + checking + +2004-12-29 23:20 nils + + * trunk/src/libopensc/pkcs15-syn.c: check calloc return value + +2004-12-29 23:11 nils + + * trunk/src/libopensc/pkcs15-syn.c: bugfix, pointed out by David + Mattes + +2004-12-27 14:33 nils + + * trunk/src/libopensc/ctx.c: cleanup + +2004-12-27 13:22 nils + + * trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-pubkey.c, + trunk/src/libopensc/pkcs15.h: add data field for subject + Common{Private|Public}KeyAttributes + +2004-12-24 23:24 nils + + * trunk/src/libopensc/card-flex.c: implement serial number support + for cryptoflex cards + +2004-12-23 10:49 nils + + * trunk/src/libopensc/asn1.c: fix type, found by T.Fujita + + +2004-12-23 09:28 aet + + * trunk/src/signer/Makefile.am: - Revert the previous patch, as it + broke the snapshot generation and has been broken since.. July? + No new automatic snapshots until some hardware issues have been + solved. + +2004-12-22 10:17 nils + + * trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/pkcs11-global.c: cleanup ... + +2004-12-22 09:54 nils + + * trunk/src/libopensc/cardctl.h, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15.h: flags/types are unsigned int, the + exponent shouldn't be negative and more const + +2004-12-22 09:48 nils + + * trunk/src/pkcs15init/keycache.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-miocos.c, + trunk/src/pkcs15init/pkcs15-oberthur.c, + trunk/src/pkcs15init/pkcs15-starcos.c, + trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h: + cleanup: -index shadows a variable in /usr/include/string.h + -some signed vs. unsigned issues -and some const cleanup + +2004-12-21 22:38 nils + + * trunk/src/libopensc/card-oberthur.c, + trunk/src/libopensc/card-oberthur.h, + trunk/src/libopensc/cardctl.h: cleanup: signed vs. unsigned and + some const + +2004-12-21 21:52 nils + + * trunk/src/libopensc/pkcs15-openpgp.c: more const ... + +2004-12-21 21:47 nils + + * trunk/src/libopensc/pkcs15-esteid.c: more const + +2004-12-21 21:43 nils + + * trunk/src/libopensc/pkcs15-netkey.c: cleanup: declare structures + as const + +2004-12-21 15:00 nils + + * trunk/src/libopensc/card-miocos.c: signed vs. unsigned + +2004-12-21 14:01 nils + + * trunk/src/libopensc/log.c: char * -> const char * + +2004-12-21 13:56 nils + + * trunk/src/libopensc/ctbcs.c: disable unused functions + +2004-12-21 13:22 nils + + * trunk/src/libopensc/reader-pcsc.c: fix compiler warnings + +2004-12-21 11:03 nils + + * trunk/src/libopensc/reader-pcsc.c: remove superfluous code, + Martin Paljak + +2004-12-21 09:54 nils + + * trunk/etc/opensc.conf.example, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/reader-pcsc.c: + force_protocol cleanup from Martin Paljak + +2004-12-20 20:05 nils + + * trunk/src/tools/pkcs11-tool.c: fix help message (supplied by + Philipp Marek) + +2004-12-20 19:44 nils + + * trunk/src/pkcs11/framework-pkcs15.c: fix public key reference + +2004-12-20 08:03 nils + + * trunk/src/tools/opensc-tool.c: dump serial number only if we + have one + +2004-12-18 14:14 nils + + * trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-data.c, + trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-pubkey.c, + trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h, + trunk/src/pkcs11/framework-pkcs15.c: fix memory leak, cleanup: + use object specific release method + +2004-12-16 08:50 nils + + * trunk/docs/opensc-tool.1, trunk/src/tools/opensc-tool.c: serial + number support for opensc-tool + +2004-12-15 19:59 nils + + * trunk/src/libopensc/card-gpk.c: implement serial number support + for gpk 16k cards + +2004-12-15 18:18 aet + + * trunk/configure.in: - Big bunch of OpenSSL and some other fixes + +2004-12-15 18:10 aet + + * trunk/src/libopensc/Makefile.am, + trunk/src/sslengines/Makefile.am: - Cleanups + +2004-12-15 18:01 aet + + * trunk/src/libopensc/card-oberthur.c: - Build fixes + +2004-12-15 17:34 nils + + * trunk/src/libopensc/card-etoken.c, + trunk/src/libopensc/card-oberthur.c, + trunk/src/libopensc/card-openpgp.c, + trunk/src/libopensc/pkcs15-esteid.c, + trunk/src/libopensc/pkcs15-infocamere.c, + trunk/src/libopensc/pkcs15-netkey.c, + trunk/src/libopensc/pkcs15-openpgp.c, + trunk/src/libopensc/pkcs15-postecert.c, + trunk/src/libopensc/pkcs15-starcert.c: cleanup ... + +2004-12-15 15:42 aet + + * trunk/src/include/winconfig.h: - Update version for win32 build + +2004-12-15 14:47 aet + + * trunk/src/pkcs15init/pkcs15-oberthur.c: - Cleanup + +2004-12-15 13:57 aet + + * trunk/ANNOUNCE, trunk/NEWS, trunk/QUICKSTART: - Preparations for + the next release + +2004-12-15 13:53 aet + + * trunk/src/libopensc/card-starcos.c, + trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/pkcs15-esteid.c, + trunk/src/libopensc/pkcs15-infocamere.c, + trunk/src/libopensc/pkcs15-netkey.c, + trunk/src/libopensc/pkcs15-postecert.c, + trunk/src/libopensc/pkcs15-starcert.c, + trunk/src/libopensc/reader-ctapi.c, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-oberthur.c, + trunk/src/pkcs15init/pkcs15-starcos.c, + trunk/src/scam/cert_support.c, trunk/src/sslengines/p11_rsa.c, + trunk/src/tools/opensc-explorer.c, + trunk/src/tools/pkcs11-tool.c: - Build / warning fixes + +2004-12-15 10:56 aet + + * trunk/src/libopensc/card-mcrd.c, + trunk/src/libopensc/card-oberthur.c, + trunk/src/libopensc/pkcs15-esteid.c, + trunk/src/pkcs15init/pkcs15-oberthur.c, + trunk/src/sslengines/engine_pkcs11.c: - Convert C++ comments + into C to avoid compiler errors on some platforms + +2004-12-15 09:35 nils + + * trunk/src/libopensc/card-jcop.c, + trunk/src/libopensc/card-mcrd.c, + trunk/src/libopensc/card-oberthur.c, + trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/pkcs15-infocamere.c: cleanup: declare local + functions as static, renamed shadowed variables etc. + +2004-12-15 08:38 nils + + * trunk/src/libopensc/card-flex.c: cleanup + +2004-12-13 20:58 nils + + * trunk/src/libopensc/padding.c: do a memcpy only if source and + dest are different + +2004-12-13 11:24 nils + + * trunk/src/libopensc/card-etoken.c: local functions should be + static + +2004-12-13 09:48 nils + + * trunk/src/libopensc/ctx.c: don't close stdout/stderr + +2004-12-12 21:51 nils + + * trunk/src/libopensc/pkcs15-pubkey.c: fix memory leak + +2004-12-12 20:41 nils + + * trunk/src/libopensc/ctx.c: close files when the context is + destroyed + +2004-12-12 19:13 nils + + * trunk/src/pkcs11/framework-pkcs15.c: use object specific release + method (if existing) + +2004-12-12 17:17 nils + + * trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-starcert.c: fix (potential) memory + leak + +2004-12-09 08:23 nils + + * trunk/src/tools/pkcs11-tool.c: bugfix: don't try to get the + CKA_MODULUS_BITS attribute from a private key + +2004-12-08 20:57 nils + + * trunk/src/libopensc/pkcs15-syn.c: fix memory leak + +2004-12-05 19:04 aj + + * trunk/configure.in: the big openssl fix. hope everything still + works. + +2004-12-05 19:03 aj + + * trunk/src/libopensc/pkcs15-infocamere.c, + trunk/src/libopensc/pkcs15-postecert.c: make functions static, + so the names don't conflict. + +2004-12-05 16:35 nils + + * trunk/src/libopensc/card-etoken.c: suppress error message when + testing signature alg + +2004-11-30 21:32 aj + + * trunk/src/sslengines/engine_opensc.c, + trunk/src/sslengines/engine_opensc.h, + trunk/src/sslengines/hw_opensc.c: new pin handling to make + opensc engine work with wpa-supplicant. + +2004-11-26 08:43 nils + + * trunk/src/libopensc/pkcs15-syn.c: bugfix + +2004-11-24 17:00 nils + + * trunk/etc/opensc.conf.example, trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, + trunk/src/libopensc/pkcs15-postecert.c, + trunk/src/libopensc/pkcs15-syn.c: add pkcs15 emulation support + for the Italian postecert card + +2004-11-15 09:39 nils + + * trunk/src/pkcs15init/etoken.profile: try to avoid conflicts with + file ids of different file types + +2004-11-12 19:49 sth + + * trunk/src/sslengines/engine_pkcs11.c: Don't check if the token + is initialised + +2004-11-12 16:59 nils + + * trunk/src/pkcs15init/gpk.profile: try to avoid conflicts with + file ids of different file types + +2004-11-05 21:04 nils + + * trunk/src/libopensc/pkcs15-infocamere.c: bugfix from Antonio + Iacono + +2004-11-05 18:48 aj + + * trunk/docs/opensc-es.html: add spanish translation. + +2004-11-05 18:31 aj + + * trunk/src/libopensc/libpkcs15init.pc.in, + trunk/src/libopensc/libscam.pc.in, + trunk/src/libopensc/libscconf.pc.in, + trunk/src/libopensc/libscldap.pc.in: add more *.pc files for all + other libraries as well. + +2004-11-05 18:30 aj + + * trunk/configure.in, trunk/docs/Makefile.am, + trunk/docs/opensc-es.xml, trunk/src/libopensc/Makefile.am: Add + spanish manual by Jonsy (teleline) + +2004-11-04 19:14 aj + + * trunk/configure.in, trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/libopensc.pc.in, + trunk/src/openscd/Makefile.am, trunk/src/pam/Makefile.am, + trunk/src/pkcs15init/Makefile.am, trunk/src/sia/Makefile.am, + trunk/src/tests/Makefile.am, trunk/src/tools/Makefile.am: build + fixes by Vile Skytt�. + +2004-11-03 21:39 nils + + * trunk/src/libopensc/pkcs15-infocamere.c: bugfix from Antonio + Iacono + +2004-11-03 18:14 nils + + * trunk/src/tools/pkcs11-tool.c: check only for attributes which + can be present + +2004-11-02 21:46 nils + + * trunk/src/libopensc/pkcs15-infocamere.c: update for the + Infocamere support, supplied by Antonio Iacono + +2004-11-01 21:13 aj + + * trunk/src/libopensc/card-mcrd.c: fix select_file in mcrd. by + Martin Paljak + +2004-11-01 11:41 aj + + * trunk/etc/opensc.conf.example, trunk/src/libopensc/card-mcrd.c: + clarify micardo situtation. + +2004-10-29 20:08 nils + + * trunk/src/libopensc/card.c, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/pkcs15.c: cleanup + +2004-10-27 16:10 nils + + * trunk/src/libopensc/ui.c: fix last commit + +2004-10-27 06:41 nils + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, + trunk/src/libopensc/internal.h, trunk/src/libopensc/module.c: + remove obsolete module support in libopensc (scdl should now be + used) + +2004-10-27 05:10 sth + + * trunk/src/pkcs11/Makefile.mak, trunk/src/tools/Makefile.mak: + scdl.lib needed for for the link step due to the recent changes + in dynamic loading + +2004-10-25 10:43 nils + + * trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/profile.h: support for dynamic pkcs15init + drivers + +2004-10-24 17:20 nils + + * branches/opensc-0.9/src/pkcs15init/profile.c, + trunk/src/tools/pkcs15-init.c: fix memory leak + +2004-10-24 17:17 nils + + * trunk/src/pkcs15init/profile.c: fix memory leak + +2004-10-22 07:29 nils + + * trunk/src/libopensc/card-mcrd.c, trunk/src/libopensc/opensc.h: + two patches from Marin Paljak : - + remove unnecessary function from the reader ops - add a field + for pinpad support - cleanup + fix indent in card-mcrd.c + +2004-10-20 06:53 nils + + * trunk/src/libopensc/reader-ctapi.c: sc_module_*() -> scdl_*() + +2004-10-18 21:35 nils + + * trunk/src/libopensc/reader-ctapi.c, trunk/src/libopensc/ui.c: + sc_module_*() -> scdl_*() + +2004-10-18 08:24 nils + + * trunk/docs/opensc.xml, trunk/etc/opensc.conf.example, + trunk/src/libopensc/ctx.c, trunk/src/libopensc/opensc.h: + implement dynamic card/reader support from Juan Antonio Martinez + (with some input from me) + +2004-10-17 20:40 nils + + * trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/sec.c: fix + compiler warnings + +2004-10-17 20:20 nils + + * trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: some + cleanup: 'int' -> 'unsigned int' for flags, 'int' -> 'size_t' + for length + remove some compiler warnings + +2004-10-17 18:34 nils + + * trunk/src/libopensc/dir.c: fix compiler warnings + +2004-10-17 16:46 nils + + * trunk/src/libopensc/pkcs15.h: flags should be stored in a + 'unsigned int' (at least this seems to be the convention in + libopensc) => change tokenInfo flags from 'unsigned long' to + 'unsigned int' + +2004-10-17 16:20 nils + + * trunk/src/libopensc/sc.c: fix signed vs. unsigned mismatch + +2004-10-17 15:59 nils + + * trunk/src/libopensc/pkcs15-syn.c: sc_module_* -> scdl_* + +2004-10-14 06:37 nils + + * trunk/src/libopensc/dir.c: suppress annoying (but unimportant) + error message + +2004-10-13 19:07 nils + + * trunk/src/libopensc/pkcs15-cache.c: fix compiler warning + +2004-10-13 18:57 nils + + * trunk/etc/opensc.conf.example: update opensc.conf for the new + pkcs15 emulation stuff + +2004-10-13 18:54 nils + + * trunk/src/libopensc/card.c: fix int vs. size_t mismatch + +2004-10-13 18:02 nils + + * trunk/src/scdl/scdl.c: initialize pointer to NULL + +2004-10-13 07:19 sth + + * trunk/src/pkcs15init/cyberflex.profile, + trunk/src/pkcs15init/flex.profile: Added info for EF data files + +2004-10-12 19:36 sth + + * trunk/src/sslengines/p11_rsa.c: Added RSA decryption (Robert + Pragai) + +2004-10-12 06:24 nils + + * trunk/docs/sc_release_context.3: bugfix from Hubert Sokolowski + + +2004-10-11 21:22 nils + + * trunk/src/sslengines/engine_opensc.c, + trunk/src/sslengines/engine_opensc.h: u_char -> unsigned char + +2004-10-08 21:29 nils + + * trunk/src/libopensc/module.c, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15-esteid.c, + trunk/src/libopensc/pkcs15-infocamere.c, + trunk/src/libopensc/pkcs15-netkey.c, + trunk/src/libopensc/pkcs15-openpgp.c, + trunk/src/libopensc/pkcs15-starcert.c, + trunk/src/libopensc/pkcs15-syn.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/pkcs15.h: update pkcs15 emulation stuff + +2004-10-08 21:25 nils + + * trunk/src/scdl/scdl.c: don't search the LD_LIBARY_PATH in case + of a absolute path + +2004-10-08 07:11 aj + + * trunk/src/sslengines/engine_pkcs11.c: forget pin if it was wrong. + +2004-10-06 14:07 sth + + * trunk/src/tools/pkcs15-init.c: If you do pkcs15-init -C with the + onepin option, you can now specify --pin and --puk instead of + --so-pin and --so-puk (also allowed for backward compatibility) + +2004-09-28 20:06 nils + + * trunk/src/libopensc/card-starcos.c, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-starcos.c, + trunk/src/pkcs15init/starcos.profile: fix starcos spk 2.3 + "onepin" profile support + +2004-09-27 08:38 sth + + * trunk/src/tools/pkcs11-tool.c: Don't use 0 as input to test + signature-verification + +2004-09-24 08:54 nils + + * trunk/src/libopensc/pkcs15-netkey.c: improved card detection + + cleanup + +2004-09-20 09:47 nils + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/base64.c, + trunk/src/libopensc/ctx.c, trunk/src/libopensc/log.c, + trunk/src/libopensc/padding.c: fix some compiler warnings + +2004-09-19 19:50 nils + + * trunk/src/libopensc/pkcs15-infocamere.c, + trunk/src/libopensc/pkcs15-netkey.c, + trunk/src/libopensc/pkcs15-starcert.c: correct tries_left entries + +2004-09-19 19:47 nils + + * trunk/src/tools/pkcs15-tool.c: print 'tries_left' only if the + value is >= 0 + +2004-09-17 19:27 nils + + * trunk/src/libopensc/card-tcos.c, + trunk/src/libopensc/pkcs15-netkey.c: add support for + sc_card_ctl(*, SC_CARDCTL_GET_SERIALNR, *) for TCOS cards (and + use it in the netkey support) + +2004-09-17 19:13 nils + + * trunk/src/libopensc/card-starcos.c, + trunk/src/libopensc/pkcs15-starcert.c, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/tools/pkcs15-init.c: rename "StarCOS" -> "STARCOS SPK + 2.3" + +2004-08-31 17:31 nils + + * trunk/src/libopensc/reader-pcsc.c: fix definition of + SCARD_PROTOCOL_ANY patch supplied by Ludovic Rousseau + + +2004-08-25 20:55 nils + + * trunk/src/tools/pkcs15-tool.c: fix tab indentation and adds the + tries left field to the --list-pins output patch supplied by + Martin Paljak + +2004-08-25 20:45 nils + + * trunk/src/libopensc/ctbcs.c: bugfix: fix segfaults when using a + pin-pad for pin verification thanks to Joachim Bauch + + +2004-08-21 14:26 nils + + * trunk/docs/pkcs15-crypt.1, trunk/src/tools/pkcs15-crypt.c: add + "--raw" option patch supplied by Jari Eskelinen + + +2004-08-21 14:24 nils + + * trunk/src/pkcs15init/pkcs15-starcos.c: bugfix + +2004-08-21 10:54 nils + + * trunk/src/pkcs15init/pkcs15-lib.c: two small fixes to let + pkcs15-init work with starcos spk 2.3 + +2004-08-21 10:53 nils + + * trunk/src/libopensc/card-starcos.c, + trunk/src/pkcs15init/pkcs15-starcos.c, + trunk/src/pkcs15init/starcos.profile: update starcos spk 2.3 + pkcs15-init support change summary: - some bug fixes - support + for global so-pins - use so-pin (if present) to protect key + creation etc. + +2004-08-19 08:55 nils + + * trunk/src/libopensc/ctx.c, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/reader-pcsc.c: add support to force pcsc to + use a certain protocol patch supplied by Martin Paljak + + +2004-08-19 08:41 nils + + * trunk/src/libopensc/card-mcrd.c: add additional atr patch + supplied by Martin Paljak + +2004-08-19 08:39 nils + + * trunk/src/libopensc/ctx.c: move the emv driver to the end of list + +2004-08-14 13:43 nils + + * trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/tools/pkcs15-tool.c, trunk/src/tools/util.c, + trunk/src/tools/util.h: improve pkcs15-init + pkcs15-tool + support for data objects + +2004-08-05 22:34 nils + + * trunk/src/sslengines/engine_opensc.c, + trunk/src/sslengines/engine_pkcs11.c: set ui_method if and only + if it's not NULL patch supplied by Michael Bell + +2004-08-05 22:28 nils + + * trunk/src/sslengines/engine_opensc.c: improved error detection + +2004-08-05 22:27 nils + + * trunk/configure.in: fix openssl detection, patch supplied by + Victor Tarasov + +2004-07-28 20:02 nils + + * trunk/PAM_README, trunk/docs/opensc-explorer.1, + trunk/docs/pkcs15-crypt.1, trunk/docs/pkcs15-init.1, + trunk/docs/pkcs15-tool.1, + trunk/docs/sc_pkcs15_compute_signature.3: minor docu update + thanks to Ville Skytt� + +2004-07-27 19:14 nils + + * trunk/src/sslengines/engine_opensc.c: set padding flags + accordingly (for the decipher operation) + +2004-07-26 19:18 nils + + * trunk/src/tools/pkcs15-tool.c: improve output for pkcs15 data + objects + +2004-07-26 18:47 nils + + * trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/pkcs11-global.c, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/tools/pkcs11-tool.c, trunk/src/tools/pkcs15-init.c, + trunk/src/tools/util.c, trunk/src/tools/util.h: pkcs15-init etc. + support for pkcs15 data objects patch supplied by Victor Tarasov + + +2004-07-26 04:53 aj + + * trunk/src/scconf/Makefile.am, trunk/src/scldap/Makefile.am: + properly split LDFLAGS into LDADD and LDFLAGS to make parallel + build work. Thanks to Ville Skytt�. + +2004-07-25 12:35 aj + + * trunk/ANNOUNCE, trunk/Makefile.am, trunk/NEWS, trunk/PAM_README, + trunk/QUICKSTART, trunk/configure.in: small configure + improvements, documentation updates. + +2004-07-24 21:08 aj + + * trunk/src/scam/p15_eid.c: Permission checks and support for + several certificates in the authorized_certificates file. Code + written by Fritz Elfert. + +2004-07-23 20:29 nils + + * trunk/src/libopensc/pkcs15-data.c: fix default values for OIDs + patch supplied by Victor Tarasov + +2004-07-23 16:52 nils + + * trunk/src/libopensc/card-oberthur.c: one more ATR for Oberthur + 64K card patch supplied by Victor Tarasov + +2004-07-23 16:11 nils + + * trunk/src/libopensc/asn1.c: fix ASN1 NULL handling and avoid + malloc(0) + +2004-07-22 20:52 aj + + * trunk/src/libopensc/card-oberthur.c: There is a problem with + decipher() of the oberthur card driver. Manifested when caller + allocates more then needed memory for the result. Thanks to the + regression tests, Viktor. + +2004-07-21 22:11 aj + + * trunk/src/tools/pkcs11-tool.c: Bug found by Stef Hoeben. + +2004-07-21 22:10 aj + + * trunk/src/libopensc/Makefile.mak: Typo found by Stef Hoeben. + +2004-07-21 22:02 aj + + * trunk/src/tools/Makefile.am: pkcs11-tool and pkcs15-crypt use + libcrypto, so they need to link with it. Found by Dirk Gouders. + +2004-07-21 21:56 aj + + * trunk/configure.in: fix a typo. + +2004-07-20 22:11 aj + + * trunk/QUICKSTART: Add a quick start file, a simple text document. + * trunk/Makefile.am: Add some text documentation. + +2004-07-20 20:52 aj + + * trunk/configure.in, trunk/src/libopensc/reader-pcsc.c: Deal with + new pcsc-lite code changes. + +2004-07-19 19:37 aj + + * trunk/configure.in, trunk/src/libopensc/Makefile.am: try + pkg-config, fall back to conventional code. + +2004-07-19 16:58 nils + + * trunk/src/pkcs15init/pkcs15-lib.c: try to get the card serialnr + via sc_card_ctl (unless it has been explicitly specified by the + user) + +2004-07-19 16:51 nils + + * trunk/src/libopensc/card-etoken.c, + trunk/src/libopensc/card-starcos.c, + trunk/src/libopensc/cardctl.h, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15-starcert.c: experimental support for + card serial numbers (at first only for starcos spk 2.3 and + cardos m4) + +2004-07-19 16:18 nils + + * trunk/src/libopensc/card-oberthur.h: int -> size_t + +2004-07-19 16:12 nils + + * trunk/src/libopensc/card-oberthur.c, + trunk/src/libopensc/pkcs15-infocamere.c, + trunk/src/libopensc/sec.c: fix compiler warning + +2004-07-19 15:42 nils + + * trunk/src/libopensc/card-oberthur.c: support OpenSSL version < + 0.9.7 in card-oberthur.c + +2004-07-14 22:11 aj + + * trunk/src/libopensc/card-mcrd.c: kill two warnings about unused + variables. + +2004-07-14 21:13 aj + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, + trunk/src/libopensc/card-mcrd.c, trunk/src/libopensc/esteid.h, + trunk/src/libopensc/pkcs15-esteid.c, + trunk/src/libopensc/pkcs15-syn.c: Add support for Estonian ID + card. Written by Martin Paljak. + +2004-07-12 15:19 nils + + * trunk/src/common/getpass.c: fix off-by-one bug, pointed out by + Michael Bell + +2004-07-12 08:42 nils + + * trunk/src/tools/pkcs15-init.c: check return value + +2004-07-12 08:26 nils + + * trunk/src/tools/pkcs15-init.c: fix/cleanup passphrase input + Michael Bell and Nils Larsch + +2004-07-09 21:33 aj + + * trunk/configure.in: As far as I know we did some incompatible + changes since 0.8.1 + +2004-07-09 21:30 aj + + * trunk/src/openssh/Makefile.am: add README and ask-for-pin.diff + to the distribution. + +2004-07-09 21:28 aj + + * trunk/src/tests/regression/Makefile.am: Add missing scripts + init0012 pin0001 pin0002 to distribution. + +2004-07-09 15:33 sth + + * trunk/src/pkcs11/slot.c: Fix: if a card couldnt be read (e.g. + inverted upside down), allow to retry it later when asked + +2004-07-09 15:31 sth + + * trunk/src/libopensc/reader-pcsc.c: Fix: don't free anything in + the connect() function because it can be called multiple times + +2004-06-30 21:37 aj + + * trunk/src/openssh/README, trunk/src/openssh/ask-for-pin.diff: a + small patch to make openssh ask for a pin. and a README. this + patch is a hack, not production quality, and will not be + accepted by openssh. But a clean solution requires changes in + openssh, and that will not be easy. + +2004-06-30 21:35 aj + + * trunk/src/openssh/Makefile.am: Add current patch for openssh so + it can ask for the pin. + +2004-06-30 17:26 nils + + * trunk/src/libopensc/card-tcos.c: fix TCOS decipher operation + +2004-06-29 20:34 aj + + * trunk/configure.in, trunk/src/sslengines/Makefile.am: openssl + 0.9.7d and later require and support linking engines with + -lcrypto. for older versions we need to link with libcrypto.a or + skip the engines alltogether. + +2004-06-28 22:54 aj + + * trunk/src/signer/Makefile.am: small makefile improvement by + Ville Skytt� + +2004-06-28 16:42 nils + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, + trunk/src/libopensc/pkcs15-netkey.c, + trunk/src/libopensc/pkcs15-syn.c: add support for Telesec NetKey + cards (still experimental) + +2004-06-25 15:44 nils + + * trunk/src/tools/pkcs15-init.c: use opt_passphrase, if present, + before asking the user patch supplied by Michael Bell + + +2004-06-24 17:25 nils + + * trunk/src/tools/opensc-explorer.c: Add two new commands: + update_binary and update_record. update_binary can be used to + write arbitrary data data (entered as hex values) to transparent + files and update_record can be used to do the same to record + files. Patch supplied by Victor Tarasov + and Nils Larsch + +2004-06-24 17:03 nils + + * trunk/src/pkcs15init/oberthur.profile: patch supplied by Victor + Tarasov + +2004-06-24 06:29 nils + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, + trunk/src/libopensc/pkcs15-starcert.c, + trunk/src/libopensc/pkcs15-syn.c: add (partial) pkcs15 emu + support for StarCert V2.2 cards + +2004-06-22 17:46 nils + + * trunk/src/pkcs15init/pkcs15-starcos.c: clean up access rights + for updating pin/puk + +2004-06-21 21:20 nils + + * trunk/src/libopensc/card-flex.c: use the padding character from + the pkcs15 objects + +2004-06-20 13:37 aj + + * trunk/src/libopensc/card-oberthur.c: the older generation of + oberthur card is not supported by the current driver. better not + detect them at all. + +2004-06-18 20:49 nils + + * trunk/src/libopensc/pkcs15-cert.c: fix usage of asn1 flags + +2004-06-18 09:33 aj + + * trunk/src/libopensc/card-etoken.c: One more italian eID card, + this time from gemplus. reported by Antonio Iacono. + +2004-06-18 09:30 aj + + * trunk/src/libopensc/Makefile.mak, + trunk/src/pkcs15init/Makefile.mak: Also add oberthur files to + Makefile.mak. oops, sorry for forgetting. Reported by novakv and + fixed by Nils Larsch. + +2004-06-18 09:12 aj + + * trunk/src/tools/cardos-info.c, + trunk/src/tools/cryptoflex-tool.c, + trunk/src/tools/opensc-explorer.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs11-tool.c, + trunk/src/tools/pkcs15-crypt.c, trunk/src/tools/pkcs15-tool.c: + fix short options as well. + +2004-06-16 20:59 aj + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/card-oberthur.c, + trunk/src/libopensc/card-oberthur.h, + trunk/src/libopensc/cardctl.h, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/opensc.h, trunk/src/pkcs15init/Makefile.am, + trunk/src/pkcs15init/oberthur.profile, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-oberthur.c, + trunk/src/pkcs15init/pkcs15.profile: Very basic and untested + oberthur driver. Could possibly work, as only non-essential + parts stripped (or at least that was the plan). Written by + Viktor Tarasov of idealx. All bugs by Andreas Jellinghaus, + please don't blame anyone else. + +2004-06-13 20:13 aj + + * trunk/docs/cardos-info.1, trunk/docs/cryptoflex-tool.1, + trunk/docs/opensc-explorer.1, trunk/docs/opensc-tool.1, + trunk/docs/pkcs11-tool.1, trunk/docs/pkcs15-crypt.1, + trunk/docs/pkcs15-init.1, trunk/docs/pkcs15-tool.1, + trunk/src/sslengines/engine_opensc.c, + trunk/src/sslengines/engine_pkcs11.c, + trunk/src/sslengines/engine_pkcs11.h, + trunk/src/sslengines/hw_pkcs11.c, + trunk/src/tests/regression/functions, + trunk/src/tools/cardos-info.c, + trunk/src/tools/cryptoflex-tool.c, + trunk/src/tools/opensc-explorer.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs11-tool.c, + trunk/src/tools/pkcs15-crypt.c, trunk/src/tools/pkcs15-init.c, + trunk/src/tools/pkcs15-tool.c, trunk/src/tools/util.c, + trunk/src/tools/util.h: cleanup debug/quiet/verbose handling. + now all tools accept "-v" for verbose operation, and you can + specify -v several times to get more verbose i.e. debugging + output. + +2004-06-13 20:04 aj + + * trunk/src/tools/pkcs15-init.c: oops, forgot the select. + +2004-06-13 19:45 aj + + * trunk/src/tools/pkcs15-init.c: fixed a small bug (!= instead of + ==) and made the code hopefully more readable. + +2004-06-09 18:40 nils + + * trunk/src/scam/cert_support.c, trunk/src/scam/p15_ldap.c: + replace X509_NAME_oneline with X509_NAME_print_ex Patch supplied + by Gregor Kroesen and Nils Larsch + +2004-06-08 20:22 nils + + * trunk/src/sslengines/engine_pkcs11.c: fix module name handling + patch supplied by Michael Bell + +2004-05-30 16:23 nils + + * trunk/src/scam/cert_support.c: don't omit the first extension + Thanks to Gregor Kroesen + +2004-05-21 10:15 nils + + * trunk/src/libopensc/dir.c: fix usage flag Thanks to Peter Koch + + +2004-05-20 09:36 nils + + * trunk/src/libopensc/pkcs15-sec.c: only set the key_reference if + present Thanks to Andrej Komelj + +2004-05-20 09:09 nils + + * trunk/src/libopensc/pkcs15-pin.c: call sc_select_file only if + pin->path is actually set Thanks to Andrej Komelj + + +2004-05-04 18:13 nils + + * trunk/src/libopensc/pkcs15-infocamere.c: add pkcs15-syn support + for infocamere cards + +2004-05-04 18:12 nils + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, + trunk/src/libopensc/pkcs15-syn.c: add pkcs15-syn support for + infocamere card + +2004-05-04 17:58 nils + + * trunk/src/libopensc/pkcs15-openpgp.c, + trunk/src/libopensc/pkcs15-syn.c, trunk/src/libopensc/pkcs15.h: + include common object attributes in the sc_pkcs15emu_add_* api + +2004-04-27 17:41 nils + + * trunk/src/libopensc/reader-pcsc.c: proper checking of the + SCardListReaders return values + +2004-04-23 17:29 nils + + * trunk/src/libopensc/pkcs15-pin.c: use pin_cmd for + sc_pkcs15_change_pin and sc_pkcs15_unblock_pin as well + +2004-04-22 07:04 aj + + * trunk/src/tools/pkcs11-tool.c: oops. O_BINARY is for windows, + not linux. + +2004-04-21 21:11 aj + + * trunk/src/pkcs11/slot.c: better checking for null values. found + and fixed reported by Victor Tarasov + +2004-04-21 20:11 nils + + * trunk/src/tools/pkcs15-init.c: "--assert-pristine" workaround + for Starcos cards (see comment in the patch) + +2004-04-21 18:10 nils + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/pkcs15-algo.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/sc.c, trunk/src/scconf/scconf.c, + trunk/src/scconf/write.c, trunk/src/sslengines/p11_cert.c, + trunk/src/sslengines/p11_key.c: fix incorrect use of realloc (x + = realloc(x, y) doesn't free the x in case of a failure) + +2004-04-21 16:52 nils + + * trunk/src/libopensc/dir.c: fix memory leak Discovered by Victor + Tarasov (thanks) + +2004-04-21 07:41 aj + + * trunk/src/pkcs15init/Makefile.mak: Add pkcs15-starcos to windows + makefile. + +2004-04-21 07:33 aj + + * trunk/src/tools/pkcs11-tool.c: Open file with O_BINARY on + windows. + +2004-04-18 18:42 nils + + * trunk/src/pkcs15init/keycache.c: remove pointer to freed secret + object Patch supplied by Victor Tarasov + +2004-04-18 18:14 aj + + * trunk/src/sslengines/p11_rsa.c: Adds message digest and DER + encoding if necessary. Patch by Mathias Brossard + + +2004-04-18 18:06 aj + + * trunk/src/sslengines/engine_pkcs11.c: Converts all printf(...) + tofprintf(stderr, ...) and condition output on all non-error + calls to the'quiet' (pre-existing) variable. Patch by Mathias + Brossard + +2004-04-18 18:05 aj + + * trunk/src/sslengines/engine_pkcs11.c, + trunk/src/sslengines/engine_pkcs11.h, + trunk/src/sslengines/hw_pkcs11.c: adds three options PIN, QUIET, + VERBOSE to theengine allowing respectively to set the PIN code, + reduce output, augmentoutput. First one is obvious, the 2 others + need the second patch to beuseful. Patch by Mathias Brossard + + +2004-04-17 22:21 nils + + * trunk/src/sslengines/engine_opensc.c: add support for split keys + in engine_opensc.c (backported from the opensc stuff in openssh) + Thanks to Neil Dunbar + +2004-04-17 09:25 nils + + * trunk/src/tools/pkcs15-init.c: add support for "finalize" to + pkcs15-init to activate the ACs for starcos + +2004-04-17 09:23 nils + + * trunk/src/pkcs15init/Makefile.am, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c: bind the new starcos spk 2.3 + support to the pkcs15init code + +2004-04-17 09:20 nils + + * trunk/src/pkcs15init/pkcs15-starcos.c, + trunk/src/pkcs15init/starcos.profile: initial pkcs15-init + support for starcos spk 2.3 cards/tokens + +2004-04-17 09:15 nils + + * trunk/src/libopensc/pkcs15-syn.c: ensure that init_func is not + NULL (even if the config file is not correct) + +2004-04-17 09:05 nils + + * trunk/src/libopensc/card-starcos.c, + trunk/src/libopensc/cardctl.h: update starcos spk 2.3 support + (add create file + key gen) + +2004-04-14 22:09 aj + + * trunk/src/sslengines/p11_rsa.c: while we don't have code to + extract a key, tread extractable keys like non extractable ones. + +2004-03-29 20:34 aj + + * trunk/src/pkcs11/misc.c: check parameters in strcpy_bp + +2004-03-29 07:56 aj + + * trunk/src/libopensc/card-flex.c: cryptoflex 32k e-gate v4 also + has on board key generation. thanks for reporting to Pierre + JUHEN. + +2004-03-28 20:30 aj + + * trunk/src/libopensc/pkcs15.c: it is legal to read all bytes of + the file (e.g. offset 0, len 10, fil->len 10). Bug found by + Antonio Iacono. + +2004-03-28 20:26 aj + + * trunk/src/pkcs15init/pkcs15-lib.c: len is the number of + character, we need to alloc len+1 for the \0 terminator. Bug + found by Victor Tarasov. + +2004-03-14 19:53 aj + + * trunk/src/tools/opensc-explorer.c: add "rm" alias for "delete" + and "exit" alias for "quit". + +2004-03-08 13:59 sth + + * trunk/src/libopensc/pkcs15-openpgp.c, + trunk/src/libopensc/pkcs15-syn.c, trunk/src/libopensc/pkcs15.h: + Moved the sc_pkcs15emu_xxx() functions to pkcs15_syn.c + +2004-03-03 16:25 sth + + * trunk/src/libopensc/pkcs15-sec.c: Allow file_app in struct + sc_pkcs15_card to be NULL (may be the case for pkcs15-emulated + cards) + +2004-02-16 12:29 aj + + * trunk/src/libopensc/card-etoken.c: remove + CARDOS_TYPE_ETOKEN_PRO, the name does not fit. annotate atr with + version number 4.0 / 4.01 / 4.01a. + +2004-02-15 23:00 aj + + * trunk/src/libopensc/card-etoken.c: added cardos M4.01a atr. + thanks to Laurian Gridinoc for reporting. + +2004-02-03 14:51 okir + + * trunk/src/libopensc/card-etoken.c: - properly identify Italian + eID card + +2004-02-03 10:25 okir + + * trunk/src/pkcs15init/profile.c: - Properly handle max-length in + PIN statements; added new stored-length: PIN blah { max-length = + 8; stored-length = 4; } Bug spotted by Victor Tarasov + +2004-02-02 10:24 okir + + * trunk/src/pkcs11/framework-pkcs15.c: - Don't crash if + card->serial_number is NULL + +2004-01-29 09:36 aj + + * trunk/src/libopensc/card-default.c: memset is defined in string.h + +2004-01-29 09:21 okir + + * trunk/src/libopensc/card-default.c: - apdu wasn't completely + initialized (Renzo Tomaselli) + +2004-01-27 09:03 okir + + * trunk/src/tools/pkcs15-tool.c: - Allocate the right amount of + memory when base64 encoding for PEM + +2004-01-24 20:55 sth + + * trunk/src/tools/pkcs15-init.c: Added --cert-label option, + usefull to specify the user cert label if you do a + --store-private-key + +2004-01-23 09:27 okir + + * trunk/etc/opensc.conf.example: - documented max_{send,recv}_size + paramaters + +2004-01-22 22:04 aj + + * trunk/debian/changelog, trunk/debian/libopensc0.files: new + debian packages: added pkcs11-spy, undid library merge. + +2004-01-22 12:37 aet + + * trunk/src/scconf/parse.c: - Allow lists to end as ,; + +2004-01-22 10:13 aet + + * trunk/src/scconf/Makefile.am, trunk/src/scconf/README.scconf: - + Added a short introduction to scconf as an API and a file format + (Jamie Honan) + +2004-01-20 11:21 okir + + * trunk/src/libopensc/reader-openct.c: - fix crash with pkcs11 + module and token disconnect + +2004-01-19 19:52 aet + + * trunk/src/pkcs15init/Makefile.am, trunk/src/scam/Makefile.am, + trunk/src/scconf/Makefile.am, trunk/src/scldap/Makefile.am: - + Revert previous patch + +2004-01-19 18:54 aj + + * trunk/src/pkcs15init/Makefile.am, trunk/src/scam/Makefile.am, + trunk/src/scconf/Makefile.am, trunk/src/scldap/Makefile.am: make + these libraries not standalone (pkcs15init, scam, scconf, + scldap). + +2004-01-19 18:53 aj + + * trunk/debian/changelog, trunk/debian/libopensc-dev.files, + trunk/debian/libopensc0.files: several debian fixes, new version. + +2004-01-14 10:43 aj + + * trunk/debian/files, trunk/debian/postinst, trunk/debian/postrm, + trunk/debian/preinst, trunk/debian/prerm: From: Ludovic Rousseau + > You still have some unecessary + files in CVS debian/ ... thanks for the hint. + +2004-01-10 23:13 aet + + * trunk/configure.in: - Fixed a typo in the previous commit + +2004-01-10 20:24 aet + + * trunk/src/scam/Makefile.am: - Add versioning + +2004-01-10 19:49 aet + + * trunk/configure.in: - Move the variable substitution of + exec_prefix and sysincludedir to make-level (Lars T. Mikkelsen) + +2004-01-08 18:38 aj + + * trunk/debian/libopensc0.postinst, + trunk/debian/libopensc0.postinst.debhelper, + trunk/debian/libopensc0.postrm, + trunk/debian/libopensc0.postrm.debhelper: Unneeded files, + debhelper does everything we need automaticaly. + +2004-01-08 15:23 aet + + * trunk/src/libopensc/card-jcop.c, + trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-jcop.c: - Warning fixes + +2004-01-08 14:16 sth + + * trunk/src/pkcs11/framework-pkcs15.c: Fix: no keycaching if + USE_PKCS15_INIT is not #defined + +2004-01-08 14:08 aj + + * trunk/debian/changelog, trunk/debian/libopensc0.conffiles, + trunk/debian/libopensc0.files: I had removed the wrong file + while cleaning up. fixed + +2004-01-08 14:05 aet + + * trunk/src/pkcs11/sc-pkcs11.h: - Unify with pkcs11.h + +2004-01-08 13:21 aet + + * trunk/debian/rules: - There is no --with-pcsc, replace it with + --with-pcsclite which supposedly works the same way as no + argument at all. :) + +2004-01-08 13:04 aet + + * trunk/etc/opensc.conf.example: - Revert previous patch. Instead + of providing a configuration file with all lines commented away, + provide a sane configuration that works for most people + out-of-the-box without user interaction. + +2004-01-08 13:01 aet + + * trunk/etc/scldap.conf.example: - Revert previous patch + +2004-01-08 11:59 aj + + * trunk/debian/README.Debian, trunk/debian/TODO.Debian, + trunk/debian/changelog, trunk/debian/compat, + trunk/debian/control, trunk/debian/copyright, + trunk/debian/files, trunk/debian/libopensc-dev.files, + trunk/debian/libopensc-dev.manpages, + trunk/debian/libopensc0.conffiles, trunk/debian/libopensc0.dirs, + trunk/debian/libopensc0.docs, trunk/debian/libopensc0.files, + trunk/debian/libopensc0.postinst, + trunk/debian/libopensc0.postinst.debhelper, + trunk/debian/libopensc0.postrm, + trunk/debian/libopensc0.postrm.debhelper, + trunk/debian/libopensc0.substvars, + trunk/debian/libpam-opensc.dirs, + trunk/debian/libpam-opensc.files, + trunk/debian/libpam-opensc.substvars, trunk/debian/opensc.dirs, + trunk/debian/opensc.docs, trunk/debian/opensc.files, + trunk/debian/opensc.manpages, trunk/debian/opensc.substvars, + trunk/debian/rules: big rewrite on debian/ files, originaly + based on Joe Phillips debianisation, reworked by Andreas + Jellinghaus, and with many changes and suggestions by Ludovic + Rousseau + +2004-01-08 11:57 aj + + * trunk/docs/opensc.html: changes caused by new docbook stylesheet. + +2004-01-08 11:56 aj + + * trunk/etc/opensc.conf.example, trunk/etc/scldap.conf.example: + commented out everything. now you can install those files to + your etc, it will not hurt you. + +2004-01-08 11:54 aj + + * trunk/src/pkcs11/pkcs11.h: config.h is not used in pkcs11.h or + any file included by it. but pkcs11.h is a public header file, + so it shouldn't do so anyway. + +2004-01-08 11:53 aj + + * trunk/src/scconf/Makefile.am: cleanup a generated file. + +2004-01-08 10:50 okir + + * trunk/src/tests/regression/functions: - fixed placement of + "function atexit" wrt shell exit trap handler + * trunk/src/tests/regression/init0012: - fixed test case + +2004-01-08 09:47 sth + + * trunk/src/pkcs11/framework-pkcs15.c: If the maximum allowed + number of virtual slots per card is reached, then silently + discard all objects that haven't been added yet instead of + returning an error + +2004-01-08 08:32 sth + + * trunk/src/pkcs11/framework-pkcs15.c: Update to the new keycache + functions for caching the user and SO PINs + +2004-01-07 10:11 okir + + * trunk/src/libopensc/card-gpk.c: - fixed GPK16K key gen, as + suggested by Chaskiel + +2004-01-07 10:10 okir + + * trunk/src/pkcs15init/pkcs15-lib.c: - When zapping the contents + of a DF, write the whole file (data + padding) in one go. + Otherwise the GPK driver may barf if the file offset in + sc_update_binary isn't word aligned. + +2004-01-07 09:51 sth + + * trunk/src/libopensc/pkcs15.h: Increased the maximum number of + PINs and removed some unused #defines + +2004-01-07 09:49 sth + + * trunk/src/sslengines/engine_pkcs11.c: Fixed some comments and + added an NULL pointer test + +2004-01-07 09:32 okir + + * trunk/src/tools/pkcs11-tool.c: - improved C_Decrypt testing + +2004-01-06 14:30 okir + + * trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h: + - Implemented keep-public-key and sc_pkcs15init_remove_object as + suggested by Victor Tarasov. + +2004-01-06 13:40 okir + + * trunk/src/libopensc/pkcs15.c: - in sc_pkcs15_read_file, properly + destroy objects in case of error (Victor Tarasov) + +2004-01-06 13:33 okir + + * trunk/src/libopensc/card.c, trunk/src/libopensc/opensc.h: - + implement sc_delete_record (Victor Tarasov) + +2004-01-05 18:44 aet + + * trunk/src/pam/pam_opensc.c, trunk/src/pam/pam_support.c, + trunk/src/pam/pam_support.h: - pam_opensc rewrite checkpoint + commit - rename some functions + +2004-01-05 08:56 okir + + * trunk/src/tools/pkcs15-init.c: - properly handle pubkey_label in + key generation + +2003-12-30 08:20 okir + + * trunk/src/pkcs11/framework-pkcs15.c: - Another fix from Remo wrt + keygen_args.pubkey_label + +2003-12-30 08:00 okir + + * trunk/src/pkcs11/pkcs11-session.c: - C_CloseAllSessions would + block on some Win32 versions because it tried to acquire the + global pkcs11 mutex twice. + +2003-12-29 23:21 okir + + * trunk/src/libopensc/card-jcop.c: - small jcop driver fix from + Chaskiel + +2003-12-29 20:50 sth + + * trunk/src/libopensc/Makefile.mak, + trunk/src/pkcs15init/Makefile.mak: Add the JCOP card code + +2003-12-29 16:54 aet + + * trunk/src/pkcs11/rsaref/Makefile.am: - Install unix.h and + win32.h as well + +2003-12-29 13:15 okir + + * trunk/src/tools/pkcs11-tool.c: - signature tests would fail on + cards with several keys of different size (fix by Chaskiel) + +2003-12-29 13:06 okir + + * trunk/src/tools/cardos-info.c, + trunk/src/tools/opensc-explorer.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-crypt.c, + trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-tool.c, + trunk/src/tools/util.c: - util.c:connect_card() now locks the + card; removed sc_lock calls from calling applications (based on + a bug report by Chaskiel) + +2003-12-29 13:03 okir + + * trunk/src/tools/pkcs11-tool.c: - When testing signatures, don't + bail out of C_SignInit returns CKR_MECHANISM_INVALID (Chaskiel + Grundman) + +2003-12-29 12:42 okir + + * trunk/docs/cardos-info.1, trunk/docs/pkcs11-tool.1: - minor + fixes to the new manpages + +2003-12-29 12:28 okir + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/card-jcop.c, trunk/src/libopensc/cardctl.h, + trunk/src/libopensc/ctx.c, trunk/src/libopensc/opensc.h, + trunk/src/pkcs15init/Makefile.am, + trunk/src/pkcs15init/jcop.profile, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-jcop.c, + trunk/src/pkcs15init/pkcs15-lib.c: - Added support for + JCOP/BlueZ cards, contributed by Chaskiel M Grundman + +2003-12-29 12:01 aj + + * trunk/docs/Makefile.am, trunk/docs/cardos-info.1, + trunk/docs/pkcs11-tool.1, trunk/src/tools/pkcs11-tool.c: new + manpages for cardos-info and pkcs11-tool, both written my Joe + Phillips. + +2003-12-29 11:52 okir + + * trunk/src/pkcs15init/pkcs15-lib.c: - Minor bug fix in new_pin(), + patch by Victor Tarasov + +2003-12-23 16:31 sth + + * trunk/src/tools/pkcs11-tool.c: Made a seperate function for the + login functionality, and split test_kpgen_certwrite() into 2 + parts, with a logout - unload lib - load lib - login between them + +2003-12-23 10:48 sth + + * trunk/src/libopensc/padding.c: Fix: no copying done from in to + out in case of SC_ALGORITHM_RSA_PAD_NONE padding (by Chaskiel) + +2003-12-22 22:07 aet + + * trunk/src/pam/Makefile.am: - Linking changes, don't link libpam + to pam_opensc etc. + +2003-12-20 14:41 aet + + * trunk/src/pkcs15init/pkcs15-cflex.c: - Warning fix + +2003-12-19 09:56 okir + + * trunk/src/libopensc/card-etoken.c: - in pin_cmd, don't overwrite + max_length if set by caller + +2003-12-19 09:29 okir + + * trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c: - created new function + profile->ops->init_card for card-specific initialization at the + pkcs15 creation stage - Added cryptoflex init_card from Stef. + This function reads the card's serial number from 3F000002 and + puts it into the pkcs15 serial number + +2003-12-19 06:52 sth + + * trunk/src/include/winconfig.h: sleep(sec) = Sleep(1000 * ms) on + Windows + +2003-12-18 21:37 aet + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/card-flex.c, + trunk/src/libopensc/card-openpgp.c, + trunk/src/libopensc/pkcs15-openpgp.c, + trunk/src/libopensc/pkcs15-sec.c, trunk/src/openscd/commands.c, + trunk/src/openscd/mkdtemp.c, trunk/src/openscd/openscd.c, + trunk/src/openscd/openscd.h, trunk/src/pkcs15init/keycache.c, + trunk/src/pkcs15init/keycache.h, + trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, trunk/src/scconf/sclex.c, + trunk/src/tools/opensc-explorer.c, + trunk/src/tools/pkcs15-tool.c: - Minor build and C++ warning + fixes - pkcs15init: Use u8 for pin variable declarations like + libopensc does + +2003-12-18 21:30 aet + + * trunk/src/pkcs15init/TODO: - Obsolete + +2003-12-18 19:13 aet + + * trunk/src/libopensc/ctx.c: - Revert parts of the previous patch, + use void *func instead of struct sc_reader_driver *(*func(void); + as _sc_driver_entry is used for both, reader and card driver + lists. + +2003-12-18 16:35 okir + + * trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/card-miocos.c, + trunk/src/libopensc/card-starcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/ctx.c, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/opensc.h, + trunk/src/libopensc/reader-ctapi.c, + trunk/src/libopensc/reader-openct.c, + trunk/src/libopensc/reader-pcsc.c: - made apdu_masquerade + functionality available to all readers, not just pcsc - added + new parameters max_send_size and max_recv_size, roughly + corresponding to the old max_le (SC_APDU_CHOP_SIZE) parameter. + You can now set this chop limit per driver class (pcsc, openct, + ctapi), which sets driver->max_{send,recv}_size. This value is + copied to card->max_{send,recv}_size in sc_connect_card, and can + be overridden by the card driver. + +2003-12-18 08:00 okir + + * trunk/src/pkcs15init/pkcs15-lib.c: - do not access file + afterdeleting it (S Bakkal) + +2003-12-17 12:15 aet + + * trunk/src/pkcs15init/pkcs15-gpk.c: - Add HAVE_UNISTD_H + +2003-12-17 07:35 okir + + * trunk/src/pkcs15init/pkcs15-gpk.c: - properly set key usage + +2003-12-16 14:41 okir + + * trunk/src/tools/pkcs15-init.c: - Display better pin prompts + +2003-12-16 14:32 okir + + * trunk/src/libopensc/card-gpk.c, trunk/src/libopensc/cardctl.h, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-lib.c: - added GPK on-board keygen + (based on code by Chaskiel) + +2003-12-16 14:31 okir + + * trunk/src/libopensc/card.c: - reduced sc_lock/unlock debug + messages even more + +2003-12-16 11:07 okir + + * trunk/src/libopensc/card-etoken.c: - added ATR for Italian eID + card + +2003-12-16 11:04 okir + + * trunk/src/libopensc/asn1.c: - Updated previous patch + +2003-12-16 08:01 sth + + * trunk/src/libopensc/asn1.c: Prevent running off the end of the + buffer if the asn.1 is invalid (Chaskiel G.) + +2003-12-15 11:28 aet + + * trunk/src/signer/opensc-crypto.c: - Ach, forget the previous + commit. Just use DBG(printf()); for debugging purposes + +2003-12-15 10:51 aet + + * trunk/src/signer/opensc-crypto.c: - error/debug -> + sc_error/sc_debug + +2003-12-12 09:32 aet + + * trunk/src/pkcs11/Makefile.am, trunk/src/sslengines/Makefile.am: + - Minor bundle handling fixes + +2003-12-10 15:13 aet + + * trunk/ANNOUNCE: - Another typo fix + +2003-12-10 14:52 aet + + * trunk/ANNOUNCE, trunk/configure.in, trunk/debian/rules, + trunk/docs/opensc.7, trunk/docs/opensc.html, + trunk/docs/opensc.xml, trunk/docs/sc_detect_card_presence.3, + trunk/docs/sc_lock.3, trunk/src/libopensc/card-flex.c, + trunk/src/libopensc/reader-openct.c, + trunk/src/libopensc/reader-pcsc.c, + trunk/src/pkcs11/framework-pkcs15.c: - Minor naming convention + harmonisation for pc/sc and ct-api related things + +2003-12-09 19:37 aet + + * trunk/aclocal/acx_pthread.m4: - Probe for -lpthread before + -pthread, as we did in the previous version. + +2003-12-09 19:35 aet + + * trunk/src/pam/pam_support.c: - Fix for the previous commit + +2003-12-09 15:41 okir + + * trunk/src/tools/pkcs15-crypt.c: - removed some dead debugging + code + +2003-12-09 13:57 okir + + * trunk/src/libopensc/card-flex.c, + trunk/src/pkcs15init/cyberflex.profile, + trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-lib.c: - More cyberflex fixes from + Martin Buechler + +2003-12-09 12:01 okir + + * trunk/src/pkcs15init/pkcs15-lib.c: - turned key-domain printf + into sc_debug call + +2003-12-08 12:02 okir + + * trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/tools/pkcs15-init.c: - When generating a key in + pkcs15init, allow the caller to specify a public key label (Remo + Inverardi) + +2003-12-08 11:43 okir + + * trunk/src/pkcs15init/Makefile.am, + trunk/src/pkcs15init/cyberflex.profile, + trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c: - Added support for Cyberflex + Access 16K, based on a patch by Martin Buechler + +2003-12-08 10:54 okir + + * trunk/src/libopensc/card-default.c, + trunk/src/libopensc/card-flex.c, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/opensc.h: - Matched Cyberflex patch from + Martin Buechler. Created a new driver named cyberflex which + shares a lot of code with the original flex driver. This is a + lot cleaner than having to create if/else monsters. + +2003-12-08 10:52 okir + + * trunk/src/pkcs15init/pkcs15-lib.c: - use full + OPENSC_INFO_FILEPATH when reading info file + +2003-12-04 16:43 sth + + * trunk/src/tools/pkcs11-tool.c: Added a check for NSS-like + keypair generation + +2003-12-04 16:42 sth + + * trunk/src/pkcs11/framework-pkcs15.c: Fix: allow a + C_GetAttributeValue(privkey, CKA_MODULUS) after a + C_GenerateKeyPair() -- M. Buechler + +2003-12-04 15:07 sth + + * trunk/src/pkcs11/pkcs11-spy.c: Little fix: forgotten to log an + input param + +2003-12-03 14:09 aet + + * trunk/src/libopensc/ctx.c, trunk/src/pkcs15init/profile.c, + trunk/src/scconf/parse.c, trunk/src/scconf/scconf.h, + trunk/src/scconf/test-conf.c, trunk/src/scldap/scldap.c: - Avoid + breaking source compatibility, add char *errmsg to scconf_context + +2003-12-03 12:07 okir + + * trunk/src/libopensc/ctx.c, trunk/src/pkcs15init/profile.c, + trunk/src/scconf/parse.c, trunk/src/scconf/scconf.h, + trunk/src/scconf/test-conf.c, trunk/src/scldap/scldap.c: - + scconf_parse and scconf_parse_string now return an error message + if something went wrong + +2003-12-03 12:02 aet + + * trunk/src/scconf/sclex.c: - Fixed a return value for new + scconf_lex_parse + +2003-12-03 11:11 okir + + * trunk/src/libopensc/card-gpk.c: - Fix the "get_info failed" + error; based on a patch by Ludovic Rousseau. + +2003-12-03 10:56 aet + + * trunk/configure.in: - Add AM_MAINTAINER_MODE + +2003-12-03 09:09 okir + + * trunk/etc/opensc.conf.example: - Updated comments to reflect new + apdu_masquerade parameter + +2003-12-02 19:03 aet + + * trunk/configure.in: - Add check for functions vsyslog, setlocale + - Add check for header locale.h + +2003-12-02 17:51 aet + + * trunk/src/libopensc/pkcs15-syn.c: - Fixed a typo + +2003-12-02 15:58 okir + + * trunk/docs/pkcs15-init.1: - Fixed a few glaring errors. + Marginally better, but not really great yet. + +2003-12-02 15:51 sth + + * trunk/src/pkcs15init/pkcs15-lib.c: Moved the cardinfo file to + the pkcs15 DF, changed it's FID to 4946, and protected it + against unauthorized changes + +2003-11-30 17:19 aet + + * trunk/ChangeLog: - Fixed an embarrassing typo from the ChangeLog + URL + +2003-11-26 16:19 okir + + * trunk/src/tests/regression/init0012: - fixed test for onepin + option + +2003-11-26 15:49 okir + + * trunk/src/tools/opensc-explorer.c: - another fix to verify pin + +2003-11-26 15:37 okir + + * trunk/src/libopensc/pkcs15-pubkey.c: - fixed problem with pubkey + encoding/decoding + +2003-11-26 15:35 okir + + * trunk/src/libopensc/asn1.c: - improved support for CHOICE + +2003-11-26 13:12 okir + + * trunk/src/pkcs11/framework-pkcs15.c: - Support raw RSA on + decryption (Martin Buechler) + +2003-11-26 11:56 aet + + * trunk/docs/pkcs15-init.1, trunk/docs/pkcs15-profile.5.in, + trunk/docs/pkcs15.7: - Add missing .SH NAME for some man pages + (Ludovic Rousseau) + +2003-11-25 11:17 aet + + * trunk/configure.in, trunk/docs, trunk/docs/.cvsignore, + trunk/docs/Makefile.am, trunk/docs/opensc.html, + trunk/docs/opensc.xml, trunk/docs/usbtoken.html, + trunk/docs/usbtoken.xml, trunk/src/Makefile.am, + trunk/src/libopensc/Makefile.am, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/opensc.h, + trunk/src/libopensc/reader-usbtoken.c, trunk/src/usbtoken: - + Remove all references to usbtoken, use OpenCT instead + +2003-11-25 10:37 okir + + * trunk/src/pkcs15init/pkcs15-lib.c: - fixed suppress_error + handling in sc_pkcs15init_write_info + +2003-11-24 10:21 okir + + * trunk/src/pkcs15init/pkcs15-lib.c: - set ACLs on the profile + info file + +2003-11-23 16:11 sth + + * trunk/src/libopensc/pkcs15-sec.c, + trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/openssl.c: + Removed the exceptional (and incorrect) handling of the + signature inputs of 16 and 20 bytes with pkcs11's CKM_RSA_PKCS11 + signaturemechanism; and made sc_pkcs15_compute_signature() a bit + more powerfull: if a digestinfo+hash input is given but the card + only accepts hashes, the digestinfo is removed + +2003-11-23 15:43 sth + + * trunk/src/tools/pkcs11-tool.c: Little fix in test_signature() + +2003-11-23 15:33 sth + + * trunk/src/libopensc/errors.c, trunk/src/libopensc/errors.h, + trunk/src/pkcs11/misc.c: Added an error code + +2003-11-22 18:50 aet + + * trunk/src/scconf/sclex.c: - Back out Olaf's change, as it seems + to break existing behaviour while parsing pkcs15 profile files. + Although officially any list value with an equal sign or braces + should be enclosured with quotation marks, but anyway. + +2003-11-21 12:33 aet + + * trunk/src/scconf/Makefile.am, trunk/src/scconf/Makefile.mak: - + Replace the default lex based parser with Jamie's version. + Please notify if you run into any problems with the new parser. + +2003-11-20 20:46 aet + + * trunk/src/libopensc/reader-pcsc.c: - Warning fix + +2003-11-20 20:37 aet + + * trunk/aclocal/acx_pthread.m4: - Replace the patched file with a + new upstream version + +2003-11-20 17:48 aet + + * trunk/src/scconf/sclex.c: - Fixed CRLF parsing + +2003-11-20 16:10 okir + + * trunk/src/scconf/sclex.c: - allow stuff such as blabla= + foofaah{} to work + +2003-11-20 16:01 okir + + * trunk/src/tools/opensc-explorer.c: - opensc-explorer.c ceased to + accept verify data in hex notation, fix by Martin Buechler + +2003-11-20 15:42 okir + + * trunk/src/tools/pkcs15-tool.c: - Deal with cards that require + authentication before you can extract the public key + +2003-11-20 15:41 okir + + * trunk/src/libopensc/card-openpgp.c, + trunk/src/libopensc/pkcs15-openpgp.c: - Improved OpenPGP + handling; we're now able to sign things + +2003-11-20 15:40 okir + + * trunk/src/libopensc/ui.c: - Append newline to error/debug + messages if not supplied by caller + * trunk/src/libopensc/sc.c: - in sc_format_path, initialize + path->count = -1 + +2003-11-20 15:39 okir + + * trunk/src/libopensc/opensc.h: - increase SC_MAX_PIN_SIZE to 256 + (OpenPGP cards have 254 max) + * trunk/src/libopensc/log.c: - if ctx->suppress_errors is + non-zero, log suppressed error messages at least to the debug log + +2003-11-20 15:38 okir + + * trunk/src/libopensc/iso7816.c: - SW 6A88 (referenced data not + found) is now translated to SC_ERROR_DATA_OBJECT_NOT_FOUND + +2003-11-20 14:16 okir + + * trunk/src/pkcs11/Makefile.am: - Link the spy against libopensc + (Patch by Mathias Brossard) + +2003-11-20 14:15 aet + + * trunk/src/scconf/internal.h, trunk/src/scconf/parse.c, + trunk/src/scconf/sclex.c: - Add new hand written replacement for + the lex parser by Jamie Honan, not much tested yet. + +2003-11-20 14:13 aet + + * trunk/src/scconf/scconf.c, trunk/src/scconf/scconf.h: - Add + scconf_list_toarray() by Jamie Honan + +2003-11-20 09:17 sth + + * trunk/src/pkcs11/pkcs11-object.c: Support comparison of large + object attributes + +2003-11-19 20:37 okir + + * trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15.profile, + trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h: + - Support direct encoding of certificates - Allow more than one + profile option (e.g. pkcs15+small+direct-cert) - While creating + the basic pcks15 structure, store profile options in a special + file on the card (3F002F01). All susequent operations (adding + PINs etc) will use this information instead of what's given on + the command line. + +2003-11-19 20:33 okir + + * trunk/src/tests/print.c: - sc_pkcs15_print_id now prints to a + buffer instead of stdout - Now pretty printing Common Object + Flags + +2003-11-19 20:31 okir + + * trunk/src/libopensc/pkcs15.h: - Support direct encoding of certs + in the CDF - Added prototypes for sc_der_{copy,clear} - Changed + sc_pkcs15_print_id to return const char * + +2003-11-19 20:30 okir + + * trunk/src/libopensc/pkcs15.c: - Somewhat improved debugging + output - sc_pkcs15_print_id changed to sprintf to a buffer + rather than printing to stdout. + +2003-11-19 20:29 okir + + * trunk/src/libopensc/pkcs15-prkey.c: - The changed code in asn1.c + requires that the PrKDF subClassAttributes for + private{RSA,DSA}Key be marked OPTIONAL (our handling of CHOICE + is still somewhat limited) + +2003-11-19 20:28 okir + + * trunk/src/libopensc/pkcs15-cert.c: - Read and write CDF entries + with directly encoded certificates + +2003-11-19 20:22 okir + + * trunk/src/libopensc/asn1.c: - When encoding a path, either + encode _neither_ index/count, or both. - Added new functions + sc_der_copy, sc_der_clear to handle DER blobs - Somewhat + improved debug output + +2003-11-17 18:54 aet + + * trunk/src/libopensc/ui.h: - snapshot build fix + +2003-11-17 14:52 aj + + * trunk/docs/opensc.xml: fixed "version>" to "version<" in xml + file (html file was already fixed by tidy, no change necessary). + +2003-11-17 14:49 aj + + * trunk/docs/opensc.html, trunk/docs/opensc.xml: Applied changes + by Stef, updated html file. + +2003-11-16 16:24 aet + + * trunk/src/libopensc/ui.c: - Test commit + +2003-11-14 10:14 sth + + * trunk/src/libopensc/reader-pcsc.c: Add room for SW1-SW2 in case + of maximum reply size (256 bytes) + +2003-11-12 19:06 sth + + * trunk/src/pkcs11/framework-pkcs15.c: Fix: correctly set the + labels of the public and private key during keypairgeneration + (Remo Inverardi) + +2003-11-12 18:28 sth + + * trunk/src/pkcs11/misc.c: Fix: allow keypair generation of keys + other then the default length (Victor Tarasov) + +2003-11-11 21:30 aet + + * trunk/src/scdl/scdl.c: - ifdef RTLD_NOW + +2003-11-07 11:15 okir + + * trunk/src/tests/pintest.c: - do not test unblocking pins + +2003-11-06 10:43 okir + + * trunk/src/pam/pam_opensc.c, trunk/src/pam/pam_support.c: - + security: prevent format string attacks + +2003-11-03 10:20 okir + + * trunk/src/libopensc/reader-pcsc.c: - remain backward compatible + - apdu_masq patch shouldn't break existing config files that use + apdu_fix + +2003-11-03 10:16 okir + + * trunk/src/libopensc/reader-pcsc.c: - merged apdu_masq patch from + Chaskiel Grundman + +2003-11-03 06:54 okir + + * trunk/src/tools/opensc-explorer.c: - prevent problem with + get/get_do ambiguity + +2003-11-01 19:13 sth + + * trunk/src/pkcs11/framework-pkcs15.c: Fix: link the simbolic PIN + to the real name + +2003-10-31 17:18 okir + + * trunk/src/tools/opensc-explorer.c: - Undid some of the previous + changes. We now have a pseudo file system on the openpgp card + +2003-10-31 16:06 okir + + * trunk/src/pkcs15init/keycache.c: - fixed put_key(SC_AC_SYMBOLIC) + +2003-10-31 16:02 okir + + * trunk/src/tests/print.c: - dont print prkey path if empty + * trunk/src/tests/p15dump.c: - use sc_test_print_card instead of + sc_pkcs15_print_card + +2003-10-31 16:01 okir + + * trunk/src/libopensc/pkcs15-openpgp.c: - Updated, now registers + key objects as well (untested) + * trunk/src/libopensc/card-openpgp.c: - OpenPGP card now supports + a fake file hierarchy (basically all objects and constructed + objects reprented as DFs and EFs) + +2003-10-31 13:59 aet + + * trunk/src/libopensc/Makefile.mak: - Add new files + +2003-10-31 12:31 okir + + * trunk/src/libopensc/pkcs15-pin.c: - initialize tries_left field + to -1 when parsing AODF + +2003-10-31 12:29 okir + + * trunk/src/tests/print.c: - Moved p15 print_card function here - + print preferred_language, if given - don't print pin path if + there is none - print tries_left if present + +2003-10-31 12:28 okir + + * trunk/src/tests/sc-test.h: - moved p15 print_card to + tests/print.c + +2003-10-31 12:27 okir + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/pkcs15-openpgp.c, + trunk/src/libopensc/pkcs15-syn.c: - Rewrote + sc_pkcs15_bind_synthetic a little - Started work on pkcs15 + emulation for OpenPGP card + +2003-10-31 12:26 okir + + * trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: - + Moved sc_pkcs15_bind_synthetic to a separate file - Moved + sc_pkcs15_print_card to ../tests/print.c - added dll_handle and + preferred_language fields to p15card + +2003-10-31 07:48 sth + + * trunk/src/pkcs15init/pkcs15.profile: Make the PIN for the + 'onepin' option look like a user PIN instead of an SO PIN + +2003-10-30 17:04 okir + + * trunk/src/tools/opensc-explorer.c: - added some support for + OpenPGP cards + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/card-openpgp.c, trunk/src/libopensc/ctx.c: - + added initial support for openpgp card driver + * trunk/src/libopensc/opensc.h: - added sc_get_data/sc_put_data - + added openpgp card driver + +2003-10-30 17:03 okir + + * trunk/src/libopensc/card.c: - added sc_get_data/sc_put_data + * trunk/src/libopensc/errors.c, trunk/src/libopensc/errors.h: - + added SC_ERROR_DATA_OBJECT_NOT_FOUND + +2003-10-30 15:43 okir + + * trunk/src/libopensc/card-mcrd.c: - small fix in mcrd_finish + +2003-10-30 12:03 okir + + * trunk/src/pkcs15init/pkcs15-cflex.c: - return error if + cflex_create_dummy_chvs fails + +2003-10-30 11:47 okir + + * trunk/src/pkcs15init/pkcs15-lib.c: - Another broken commit + message :-/ What the previous commit was all about: If we store + a pkcs12 files on the card, it stores a key @45, and a CA certs + @46. When storing another p12 file, we must make sure we don't + grab the next free key ID (46), because the corresponding CERT + ID is already taken. We must skip all IDs for which a key or + cert exists. + +2003-10-30 11:43 okir + + * trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: - + Changed the internal object search machinery quite a bit so it + can search for more than one type of object at the same time. - + When enumerating a DF as part of the search, no longer ignore + all errors. - When parsing a DF, SC_ERROR_ASN1_END_OF_CONTENTS + really means we've just reached the end of data in the file, so + return 0 instead + +2003-10-30 11:38 okir + + * trunk/src/libopensc/asn1.c: - When encountering the end of a + SEQUENCE, while there should be more items, we used to return + SC_ERROR_ASN1_END_OF_CONTENTS. That error code is reserved for + the real end of content markers though. Changed the return code + to SC_ERROR_ASN1_OBJECT_NOT_FOUND + +2003-10-30 11:36 okir + + * trunk/src/tools/pkcs15-init.c: - When storing a p12 bag, check + if the CA cert is already present and skip it if so. + +2003-10-30 11:13 okir + + * trunk/src/pkcs15init/flex.profile, + trunk/src/pkcs15init/pkcs15-lib.c: - added recommendation about + 2 cert/key pairs + +2003-10-28 12:50 okir + + * trunk/src/libopensc/ui.c: - don't call sc_module_get_address + when we dont have a dll handle + +2003-10-24 13:20 okir + + * trunk/src/tools/pkcs15-init.c: - now uses new sc_ui_get_pin + function + +2003-10-24 13:18 okir + + * trunk/src/libopensc/ui.c, trunk/src/libopensc/ui.h: - Changed ui + API to offer more knobs and dials + +2003-10-23 09:12 aet + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak: - Merging between + Makefile.am<>Makefile.mak - Add ui.h to main distribution + tarball, snapshots have been broken for a few days + +2003-10-22 18:16 aet + + * trunk/src/libopensc/ctx.c, trunk/src/libopensc/internal.h, + trunk/src/libopensc/log.c, trunk/src/libopensc/ui.c: - Minor + cleanups and a warning fix - sc_release_context: free + ctx->preferred_language if set + +2003-10-22 08:51 aet + + * trunk/src/libopensc/ui.c: - Replace WIN32 with HAVE_UNISTD_H + instead + +2003-10-22 08:43 sth + + * trunk/src/libopensc/Makefile.mak, trunk/src/libopensc/ui.c: Let + the new UI code compile under Windows + +2003-10-22 06:56 sth + + * trunk/src/pkcs15init/Makefile.mak: 'Export' keychache.h + * trunk/src/sslengines/engine_opensc.c, + trunk/src/sslengines/engine_pkcs11.c: Fix: spurious error + message (Chaskiel & Kevin) + +2003-10-22 06:51 okir + + * trunk/src/tests/regression/functions: - allow to call scripts + with --soft and -d + +2003-10-22 06:49 okir + + * trunk/src/libopensc/card-flex.c, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/log.c, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/ui.c: - added error/debug message support to + ui.c - sc_error/sc_debug now use the new ui code - added + language support + +2003-10-22 05:43 okir + + * trunk/src/pkcs15init/pkcs15-lib.c: - do an sc_select_file inside + do_get_pin_and_verify in case we called a pkcs15 function that + enumerated the AODF + +2003-10-21 13:30 okir + + * trunk/src/tools/pkcs15-init.c: - call sc_pkcs15init_set_p15card + +2003-10-21 12:50 aet + + * trunk/src/signer/Makefile.am, trunk/src/sslengines/Makefile.am: + - Add necessary automake conditionals to install-exec-local + rule, as it seems to be executed even though lib_LTLIBRARIES is + empty in some cases. + +2003-10-21 12:48 aet + + * trunk/src/include/opensc/Makefile.am: - Sort filenames + +2003-10-21 12:27 aet + + * trunk/configure.in: - Add gcc option -fno-strict-aliasing + +2003-10-21 11:12 okir + + * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/ui.c, + trunk/src/libopensc/ui.h: - Added new user interface code (not + used yet) + * trunk/src/include/opensc/Makefile.am: - install ui.h + +2003-10-21 11:11 okir + + * trunk/src/libopensc/errors.c: - added message for + SC_ERROR_CANNOT_LOAD_MODULE - changed the wording of some + SC_ERROR_KEYPAD_* messages + * trunk/src/libopensc/errors.h: - added SC_ERROR_CANNOT_LOAD_MODULE + +2003-10-21 11:05 okir + + * trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h: + - sc_pkcs15_find_pin_by_reference now searches by reference + _and_path_ - profile->p15_card renamed to p15_spec, as it + reflects what _should_ be on the card - added profile->p15_data, + which is what _is_ on the card - make do_get_pin_and_verify use + the sc_pkcs15_find_pin_by_reference properly. + +2003-10-21 11:02 okir + + * trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: - + sc_pkcs15_find_pin_by_reference now searches by reference and + path + +2003-10-21 08:59 okir + + * trunk/src/libopensc/iso7816.c, + trunk/src/tools/opensc-explorer.c: - fixed change/unblock pin + with implicit test + +2003-10-21 08:32 okir + + * trunk/src/pkcs15init/etoken.profile: - disallow UPDATE on the + Application DF + +2003-10-21 08:31 okir + + * trunk/src/libopensc/card-etoken.c: - support UPDATE ACLs when + creating a DF + +2003-10-19 18:05 okir + + * trunk/src/libopensc/dir.c, trunk/src/libopensc/opensc.h: - bump + max number of apps per card to 8 + +2003-10-19 18:02 okir + + * trunk/src/libopensc/card-tcos.c: - tcos_card_ctl shoudlnt + complain about unknown cardctls + +2003-10-18 17:07 okir + + * trunk/src/tools/pkcs11-tool.c: - Do not overflow signature test + for 2K bit keys (fix by Chaskiel Grundman) + +2003-10-18 17:02 okir + + * trunk/src/pkcs15init/pkcs15-lib.c: - dont pin protect pubkey + +2003-10-18 12:51 okir + + * trunk/src/pkcs15init/etoken.profile: - data files had + ERASE=NEVER; which is obviously bad + +2003-10-18 12:41 okir + + * trunk/src/tools/opensc-explorer.c: - previous patch was + bogus/incomplete + +2003-10-18 12:40 okir + + * trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/tools/opensc-explorer.c: pkcs11/framework-pkcs15.c + +2003-10-18 12:35 okir + + * trunk/src/tools/pkcs11-tool.c: - honor --pin argument for pin + pad readers, too + +2003-10-18 08:39 okir + + * trunk/src/libopensc/card-flex.c, trunk/src/libopensc/cardctl.h, + trunk/src/pkcs15init/pkcs15-cflex.c: - fix cflex key generation + +2003-10-18 08:08 okir + + * trunk/src/pkcs15init/pkcs15-cflex.c: - fix for cryptoflex key + download + +2003-10-17 11:21 okir + + * trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-etoken.c, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c: - Prepare for userConsent + support: changed ops->create_pin to take a sc_pkcs15_object_t + instead of sc_pkcs15_pin_info_t argument. + +2003-10-16 20:41 aet + + * trunk/macos/libtool-bundle: - Merge with recent OpenCT changes + +2003-10-16 14:32 okir + + * trunk/src/pkcs15init/pkcs15-lib.c: - some more cleanup + +2003-10-16 14:31 okir + + * trunk/src/pkcs15init/pkcs15-etoken.c: - On-board generation of + non-repudiation keys did not work - Minor cleanup + +2003-10-16 11:41 okir + + * trunk/debian, trunk/debian/README.Debian, + trunk/debian/TODO.Debian, trunk/debian/changelog, + trunk/debian/control, trunk/debian/copyright, + trunk/debian/libopensc-dev.dirs, + trunk/debian/libopensc-dev.doc-base, + trunk/debian/libopensc-dev.docs, + trunk/debian/libopensc-dev.files, + trunk/debian/libopensc0.conffiles, trunk/debian/libopensc0.dirs, + trunk/debian/libopensc0.doc-base, trunk/debian/libopensc0.docs, + trunk/debian/libopensc0.files, trunk/debian/libpam-opensc.dirs, + trunk/debian/libpam-opensc.docs, + trunk/debian/libpam-opensc.files, trunk/debian/opensc.dirs, + trunk/debian/opensc.docs, trunk/debian/opensc.files, + trunk/debian/postinst, trunk/debian/postrm, + trunk/debian/preinst, trunk/debian/prerm, trunk/debian/rules, + trunk/docs/pkcs15-init.1, trunk/src/pkcs15init/pkcs15-lib.c: - + added debian packaging files from Joe Phillips + +2003-10-15 13:21 okir + + * trunk/src/pkcs15init/pkcs15-etoken.c: - pin protection for keys + was broken + +2003-10-15 09:36 okir + + * trunk/src/pkcs15init/pkcs15-lib.c: - one suppress_errors-- too + many + * trunk/src/pkcs15init/pkcs15-etoken.c: - removed debugging print + +2003-10-14 22:11 aet + + * trunk/src/pkcs11/framework-pkcs15.c: - Forgot to commit + +2003-10-14 21:56 aet + + * trunk/src/include/opensc/Makefile.am, + trunk/src/libopensc/internal.h, trunk/src/libopensc/opensc.h, + trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/pkcs11-global.c, + trunk/src/pkcs15init/keycache.h: - Fixed nightly snapshot + generation - Link keycache.h to src/include/opensc - Move mutex + function declarations to opensc.h + +2003-10-14 11:23 sth + + * trunk/src/tools/opensc-tool.c: Change setlinebuf() to setbuf(), + which is also availabel for MSVS + +2003-10-14 10:42 aet + + * trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/tools/pkcs15-init.c: - Remove old callback error/debug + functions + +2003-10-14 10:10 okir + + * trunk/src/tools/opensc-tool.c: - dont barf on empty directories + +2003-10-14 09:58 okir + + * trunk/src/pkcs15init/Makefile.am, + trunk/src/pkcs15init/flex_onepin.profile, + trunk/src/pkcs15init/flex_so.profile, + trunk/src/pkcs15init/pkcs15-small.profile: - removed obsolete + profiles + +2003-10-14 09:57 okir + + * trunk/src/pkcs11/framework-pkcs15init.c, + trunk/src/tools/cryptoflex-tool.c, + trunk/src/tools/pkcs15-init.c: - Error logging changes: replace + ctx->log_errors with ctx->suppress_errors + * trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-etoken.c, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-miocos.c, + trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h: + - Error logging changes: replace ctx->log_errors with + ctx->suppress_errors - remove error/debug callbacks; always use + sc_error/sc_debug + +2003-10-14 09:56 okir + + * trunk/src/libopensc/card-gpk.c, trunk/src/libopensc/card-mcrd.c, + trunk/src/libopensc/card.c, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/dir.c, trunk/src/libopensc/log.c, + trunk/src/libopensc/log.h, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15.c: - Error logging changes: replace + ctx->log_errors with ctx->suppress_errors, so that we can nest + error suppression using suppress_errors++/suppress_errors-- + +2003-10-14 09:14 okir + + * trunk/src/tools/opensc-tool.c: - removed unused variable + +2003-10-14 09:02 okir + + * trunk/src/libopensc/card-gpk.c: - the previous patch was bad; + fixed it + +2003-10-14 08:33 okir + + * trunk/src/pkcs11/framework-pkcs15.c: - replace + sc_pkcs15init_set_pin_data -> sc_keycache_put_key + +2003-10-14 08:17 okir + + * trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-etoken.c, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-lib.c: - removed some dead code + inside #if 0/#endif + +2003-10-14 08:10 okir + + * trunk/src/tools/opensc-tool.c: - Don't limit the number of times + the --send-apdu option may be given + +2003-10-13 20:41 aet + + * trunk/src/pkcs15init/keycache.c, + trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-etoken.c, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-miocos.c: - Some build/portability + fixes for the pkcs15init rewrite - Add + sc_pkcs15_get__ops(), yet untested + +2003-10-13 20:28 aet + + * trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-etoken.c, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-miocos.c: - Revert previous patch, + an alternative patch to work around non-C99 and/or gcc issues + coming up soon. + +2003-10-13 20:16 sth + + * trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-etoken.c, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-miocos.c: Small changes to make it + work on non-C99 compilers + +2003-10-13 16:13 okir + + * trunk/src/tests/regression/functions, + trunk/src/tests/regression/init0001, + trunk/src/tests/regression/init0002, + trunk/src/tests/regression/init0005, + trunk/src/tests/regression/init0007, + trunk/src/tests/regression/init0008, + trunk/src/tests/regression/init0012, + trunk/src/tests/regression/pin0001, + trunk/src/tests/regression/pin0002, + trunk/src/tests/regression/run-all: - updated/added tests + * trunk/src/pkcs15init/Makefile.am, + trunk/src/pkcs15init/Makefile.mak, + trunk/src/pkcs15init/etoken.profile, + trunk/src/pkcs15init/flex.profile, + trunk/src/pkcs15init/gpk.profile, + trunk/src/pkcs15init/keycache.c, + trunk/src/pkcs15init/keycache.h, + trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-etoken.c, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-miocos.c, + trunk/src/pkcs15init/pkcs15.profile, + trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h, + trunk/src/tools/pkcs15-init.c: - pkcs15 rewrite + +2003-10-13 14:52 okir + + * trunk/src/libopensc/pkcs15.c: - fixed a bug in the previous patch + +2003-10-13 14:35 okir + + * trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: - + added sc_pkcs15_find_prkey_by_reference + +2003-10-13 14:34 okir + + * trunk/src/libopensc/errors.c, trunk/src/libopensc/errors.h: - + added some more errors + * trunk/src/libopensc/card.c: - slightly enhanced debugging output + * trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc.c: - new + path functions: sc_append_file_id, sc_compare_path + +2003-10-12 19:57 okir + + * trunk/src/tools/pkcs15-tool.c: - allow all pins/puks to be + specified on the command line for testing + +2003-10-12 08:34 aet + + * trunk/src/pkcs15init/pkcs15-cflex.c: - Remove unused variable + +2003-10-11 21:02 sth + + * trunk/src/pkcs15init/flex_onepin.profile, + trunk/src/pkcs15init/pkcs15-cflex.c: Security fix: the + flex_onepin profile doesn't allow the AUT1 key to change the PIN + anymore. Also: it's possible now to add the SO pin to the + flex_onepin profile + +2003-10-11 20:58 aet + + * trunk/src/openscd/commands.c, trunk/src/openscd/openscd.c, + trunk/src/signer/Makefile.am: - Add missing error->sc_error + conversions and other Assuan specific build fixes + +2003-10-11 12:41 okir + + * trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c: + - some commands used the wrong APDU case + +2003-10-10 14:48 sth + + * trunk/src/tools/pkcs15-crypt.c: Fix: don't free() a static + buffer (Ivo) + +2003-10-10 14:24 sth + + * trunk/src/pkcs11/Makefile.mak: Fix: added all required OpenSC + libs to the link dependencies (Ivo) + +2003-10-10 14:11 sth + + * trunk/src/sslengines/Makefile.mak: Fix: added scdl.lib to the + link list, and added all required OpenSSL libs to the link + dependencies (Ivo) + +2003-10-08 06:46 aet + + * trunk/src/libopensc/reader-openct.c: Minor cleanup + +2003-10-07 19:15 sth + + * trunk/etc/opensc.conf.example: Fix: wrong option name + +2003-10-07 16:05 aet + + * trunk/win32/Make.rules.mak: Remove hardcoded VERSION define, + you'll need need to update versions from winconfig.h and also + version.rc. + +2003-10-06 14:22 sth + + * trunk/src/libopensc/pkcs15-algo.c: Fix: add room for a + 'last-flag' object (Ivo Pieck) + +2003-10-02 12:21 sth + + * trunk/src/pkcs15init/pkcs15-lib.c: Fix: when doing a + sc_pkcs15init_generate_key(), the auth_id for the public key + wasn't put into the PuKDF + +2003-10-02 09:21 sth + + * trunk/src/tools/pkcs15-tool.c: Allow the pkcs15 data to be + fetched by label instead of ID, as pkcs15 data objects don't + have an ID (Danny De Cock) + +2003-10-02 09:18 sth + + * trunk/src/pkcs15init/pkcs15-lib.c: Correctly add the label to a + pkcs15 data object + +2003-10-02 08:29 aet + + * trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/mechanism.c, trunk/src/pkcs11/sc-pkcs11.h, + trunk/src/tools/pkcs11-tool.c: Tweak out some compiler warnings + +2003-10-01 06:51 sth + + * trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/mechanism.c, trunk/src/pkcs11/pkcs11-object.c, + trunk/src/pkcs11/sc-pkcs11.h, trunk/src/tools/pkcs11-tool.c: + Added C_DecryptInit() and C_Decrypt() for RSA keys + +2003-09-30 20:43 sth + + * trunk/src/tools/pkcs15-init.c: Fix: read data as a binary file, + not as ASCII + +2003-09-30 09:40 aet + + * trunk/win32/Makefile.am: Add Makefile.mak and version.rc to the + distribution tarball. + +2003-09-30 09:19 sth + + * trunk/src/libopensc/Makefile.mak, trunk/src/tools/Makefile.mak: + Fix: don't link by default with openssl + +2003-09-30 07:40 aet + + * trunk/NEWS: Add OpenSC 0.8.1 release date. + +2003-09-29 14:29 sth + + * trunk/src/pkcs11/Makefile.mak: Some fixes that accidentially + crept in + +2003-09-29 13:54 sth + + * trunk/src/pkcs11/mechanism.c: Fix: the hash-based RSA algo's can + only do sign/verify, no wrap, encrypt, ...) + +2003-09-29 13:45 sth + + * trunk/src/tools/pkcs11-tool.c: Fixed a bug in the mechanism + listing and made it more general + +2003-09-29 09:00 aet + + * trunk/src/pkcs11/pkcs11-spy.c: Cleanups to scconf handling + +2003-09-29 08:59 aet + + * trunk/etc/opensc.conf.example: - Fix a typo - Rename init block + into spy instead + +2003-09-28 19:22 sth + + * trunk/etc/opensc.conf.example, trunk/src/pkcs11/Makefile.am, + trunk/src/pkcs11/Makefile.mak, trunk/src/pkcs11/pkcs11-spy.c: + Some changes for the spy: (1) renamed opens-spy to pkcs11-spy, + (2) exported all pkcs11 functions, (3) start the log with the + name of the module-to-be-loaded, (4) first look in the + opensc.conf file for the module and log names + +2003-09-26 08:15 aet + + * releases/opensc-0.8.1/configure.in, + trunk/src/include/winconfig.h: Rename HAVE_PCSCLITE to + HAVE_PCSC, which is more correct. + * trunk/configure.in: Rename HAVE_PCSCLITE to HAVE_PCSC, which is + more correct. + * releases/opensc-0.8.1/src/include/winconfig.h, + trunk/src/libopensc/reader-pcsc.c: Rename HAVE_PCSCLITE to + HAVE_PCSC, which is more correct. + * releases/opensc-0.8.1/src/libopensc/reader-pcsc.c, + trunk/src/libopensc/ctx.c: Rename HAVE_PCSCLITE to HAVE_PCSC, + which is more correct. + +2003-09-25 15:52 aet + + * trunk/configure.in: Fix OpenCT probe issues + +2003-09-25 09:33 aet + + * trunk/src/libopensc/dir.c, trunk/src/libopensc/pkcs15-sec.c, + trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/tools/opensc-explorer.c, + trunk/src/tools/pkcs11-tool.c: Fix various C compiler warnings + and C++ errors / name conflicts + +2003-09-24 19:58 aet + + * trunk/macos/libtool-bundle: Oops, remove hardcoded bundle + creator / type + +2003-09-24 10:17 aet + + * trunk/ChangeLog: Remove old ChangeLog, add URL to the new + location. + +2003-09-24 09:20 aet + + * trunk/docs/opensc.html, trunk/docs/opensc.xml: TODO update + +2003-09-18 09:18 aet + + * trunk/src/openssh/Makefile.am, + trunk/src/openssh/openssh-3.6.1p2.README, + trunk/src/openssh/openssh-3.6.1p2.diff: Remove old patches for + OpenSSH 3.6.1p2, anyone interested is probably already using + version 3.7.1p1. + +2003-09-17 19:03 aet + + * trunk/configure.in, trunk/src/scam/scam.c: Back out previous + change, wrong branch. + +2003-09-17 18:59 aet + + * trunk/configure.in: Set version as 0.8.1. + * trunk/src/scam/scam.c: Disable pkcs15-ldap from the 0.8.1 + release. + +2003-09-17 18:43 aet + + * trunk/ANNOUNCE, trunk/NEWS, trunk/src/include/winconfig.h, + trunk/win32/version.rc: Updates for the 0.8.1 release. + +2003-09-17 16:20 aet + + * trunk/docs/opensc.html, trunk/docs/opensc.xml: Use <version> + instead of hardcoded version number. + +2003-09-16 06:36 sth + + * trunk/src/libopensc/dir.c: Bugfix: return SC_ERROR_OUT_OF_MEMORY + if malloc() fails (Kevin Stefanik) + +2003-09-14 10:27 aet + + * trunk/configure.in, trunk/src/sslengines/Makefile.am: Fix + bootstrap issues with Debian/automake-1.4 + +2003-09-12 10:36 aet + + * trunk/src/pkcs11/pkcs11-global.c: Update PKCS#11 library version + to 0.8. + +2003-09-12 06:48 aet + + * trunk/configure.in: The previous libsocket/libresolv configure + cleanup broke LDAP support for at least Solaris. Therefore + assume, that if we have to use libsocket, probe for libresolv as + well although OpenSC's internals don't use it. + +2003-09-11 12:11 sth + + * trunk/src/pkcs11/framework-pkcs15.c: Fix: C_GenerateKeyPair(), + C_CreateObject() returned CKR_USER_NOT_LOGGED_IN if lock_login + is set to false in the config file, because then the pkcs15_init + functions do a logoff internally + +2003-09-11 08:01 sth + + * trunk/src/common/getopt.c, trunk/src/common/getopt1.c: Removed + compiler errors under Win32 + +2003-09-11 06:02 sth + + * trunk/src/include/winconfig.h: First include , + otherwise the #include turns wchar_t into an + (unsigned) short (Unicode) + +2003-09-10 22:20 aet + + * trunk/src/libopensc/card-etoken.c, + trunk/src/libopensc/card-starcos.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-init.c, + trunk/src/tools/pkcs15-tool.c: C++ warning fixes + +2003-09-10 14:08 sth + + * trunk/Makefile.mak, trunk/src/libopensc/Makefile.mak, + trunk/src/pkcs11/Makefile.mak, trunk/src/tests/Makefile.mak, + trunk/src/tools/Makefile.mak, trunk/win32/Makefile.mak, + trunk/win32/version.rc: Added version info to the Win32 + binaries, and set the version number to 0.8.0.0 (4 numbers seems + to be needed) + +2003-09-10 10:42 aet + + * trunk/src/scam/cert_support.c: Build fix for MacOS X. + +2003-09-10 10:41 aet + + * trunk/src/pkcs11/pkcs11.h: Remove extra semicolons + +2003-09-10 10:03 aet + + * trunk/configure.in: Accidently changed the version number, fixed. + +2003-09-10 10:02 aet + + * trunk/configure.in: Replace overly complex and old configure + magic for connect() and friends, just check for socket() in + libsocket. + +2003-09-09 15:02 aet + + * trunk/src/scam/Makefile.am, trunk/src/scam/cert_support.c, + trunk/src/scam/cert_support.h: Add cert_support.c for + pkcs15-ldap support, old legacy code that needs to be removed at + some point. Implemented against OpenSSL 0.9.6, not much tested + against 0.9.7. + +2003-09-09 15:00 aet + + * trunk/src/scam/p15_ldap.c: Add very preliminary and quick port + of an old scam code that implements ldap-authentication support, + needs to be rewritten for more specific OpenSC usage some other + day. Work in progress, only tested with FINEID cards. + +2003-09-09 14:47 aet + + * trunk/src/scam/scam.c: Remove old cruft, enable p15-ldap support + (PAM option auth_method=pkcs15-ldap) + +2003-09-08 13:38 sth + + * trunk/src/libopensc/log.c: Increase log buffer size, so that 255 + hex bytes still can be logged + +2003-09-06 19:18 aet + + * trunk/src/pkcs15init/pkcs15-lib.c: Warning fix + +2003-09-06 18:30 aet + + * trunk/NEWS: Preliminary update for the upcoming release + +2003-09-06 17:56 aet + + * trunk/src/sslengines/engine_opensc.c, + trunk/src/sslengines/engine_opensc.h, + trunk/src/sslengines/engine_pkcs11.c, + trunk/src/sslengines/engine_pkcs11.h, + trunk/src/sslengines/hw_opensc.c, + trunk/src/sslengines/hw_pkcs11.c, + trunk/src/sslengines/p11_attr.c, + trunk/src/sslengines/p11_cert.c, trunk/src/sslengines/p11_err.c, + trunk/src/sslengines/p11_key.c, trunk/src/sslengines/p11_load.c, + trunk/src/sslengines/p11_misc.c, trunk/src/sslengines/p11_rsa.c, + trunk/src/sslengines/p11_slot.c, + trunk/src/sslengines/pkcs11-internal.h: Indent sources + +2003-09-06 17:29 aet + + * trunk/src/sslengines/engine_opensc.c, + trunk/src/sslengines/engine_opensc.h, + trunk/src/sslengines/engine_pkcs11.c, + trunk/src/sslengines/engine_pkcs11.h, + trunk/src/sslengines/hw_opensc.c, + trunk/src/sslengines/p11_attr.c, + trunk/src/sslengines/p11_cert.c, trunk/src/sslengines/p11_key.c, + trunk/src/sslengines/p11_load.c, + trunk/src/sslengines/p11_misc.c, trunk/src/sslengines/p11_rsa.c, + trunk/src/sslengines/p11_slot.c, + trunk/src/sslengines/pkcs11-internal.h: Bunch of generic + compiler warning and C++ fixes before indenting the sources, + apparently OpenSSL engines are not under a heavy development + anymore. + +2003-09-06 16:18 aet + + * trunk/src/pkcs11/libpkcs11.c, trunk/src/pkcs11/pkcs11-spy.c, + trunk/src/pkcs11/pkcs11.h, trunk/src/scdl/scdl.c, + trunk/src/scdl/scdl.h, trunk/src/sslengines/p11_load.c, + trunk/src/tools/pkcs11-tool.c: Don't bother exposing + sc_pkcs11_module_t and scdl_context_t to public headers, use + void instead. + +2003-09-06 13:36 sth + + * trunk/src/pkcs11/pkcs11-display.c: Fix: don't print the contents + of a NULL pointer + +2003-09-06 13:35 sth + + * trunk/src/pkcs11/Makefile.mak: Typo fix + +2003-09-06 13:13 sth + + * trunk/src/pkcs11/Makefile.mak: Build the pkcs11 spy on Win32 + +2003-09-06 05:57 sth + + * trunk/src/tools/opensc-explorer.c: Fix: handle the 3rd argument + of the Change PIN and Unblock PIN commands correctly + +2003-09-05 20:16 sth + + * trunk/src/libopensc/card-flex.c: Fix: let this card driver do + the unblocking itself, don't send it to the iso7816 code (Victor + Tarasov) + +2003-09-05 07:22 aet + + * trunk/src/libopensc/reader-openct.c, + trunk/src/libopensc/reader-usbtoken.c: Warning fix + +2003-09-04 16:41 aet + + * trunk/src/libopensc/reader-ctapi.c, + trunk/src/libopensc/reader-openct.c, + trunk/src/libopensc/reader-pcsc.c, + trunk/src/libopensc/reader-usbtoken.c: Remove gcc specific code + from usbtoken/openct drivers, untested. + +2003-09-04 13:50 aet + + * trunk/src/pkcs11/pkcs11-display.h, + trunk/src/pkcs11/pkcs11-spy.c: PKCS#11 spy fixes by Mathias + Brossard + +2003-09-03 21:53 aet + + * trunk/src/pkcs11/Makefile.am: Fix make distcheck to work again, + weird that it stopped working only after the opensc-spy patching. + +2003-09-03 21:31 aet + + * trunk/src/libopensc/card-etoken.c: error -> sc_error + +2003-09-03 18:55 okir + + * trunk/src/libopensc/card-etoken.c, + trunk/src/libopensc/cardctl.h: - Properly detect CarDOS + lifecycle MANUFACTURING and report it as "OTHER" + +2003-09-03 18:21 aet + + * trunk/src/libopensc/portability.c: Typo fix + +2003-09-03 18:18 aet + + * trunk/src/include/winconfig.h, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/portability.c, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/profile.c, trunk/src/scrandom/scrandom.c: + Move #include to winconfig.h in order to minimize + win32 specific code sections. + +2003-09-03 18:08 aet + + * trunk/src/pkcs11/Makefile.am, trunk/src/pkcs11/pkcs11-display.c, + trunk/src/pkcs11/pkcs11-display.h, + trunk/src/pkcs11/pkcs11-spy.c: - Linking cleanups for libpkcs11 + / opensc-pkcs11 - Build fixes for PKCS#11 spy module by Mathias, + so far untested. TODO: C_UnloadModule? + +2003-09-03 17:59 aet + + * trunk/src/libopensc/asn1.h, trunk/src/libopensc/log.h: SC -> + OPENSC, old legacy from the libsc days + +2003-09-03 17:19 aet + + * trunk/src/pkcs11/pkcs11-display.c, + trunk/src/pkcs11/pkcs11-display.h, + trunk/src/pkcs11/pkcs11-spy.c: Add PKCS#11 spy sources by + Mathias Brossard + +2003-09-03 17:07 aet + + * trunk/src/pkcs11/libpkcs11.c, trunk/src/pkcs11/pkcs11.h, + trunk/src/sslengines/Makefile.am, + trunk/src/sslengines/engine_opensc.c, + trunk/src/sslengines/engine_opensc.h, + trunk/src/sslengines/engine_pkcs11.c, + trunk/src/sslengines/engine_pkcs11.h, + trunk/src/sslengines/hw_opensc.c, + trunk/src/sslengines/hw_pkcs11.c, + trunk/src/sslengines/libpkcs11.h, + trunk/src/sslengines/p11_attr.c, + trunk/src/sslengines/p11_cert.c, trunk/src/sslengines/p11_err.c, + trunk/src/sslengines/p11_key.c, trunk/src/sslengines/p11_load.c, + trunk/src/sslengines/p11_misc.c, trunk/src/sslengines/p11_rsa.c, + trunk/src/sslengines/p11_slot.c, + trunk/src/sslengines/pkcs11-internal.h: - Remove + sslengines/libpkcs11.h, it's almost identical to libpkcs11's + pkcs11.h. - Move default PKCS#11 library defines to pkcs11.h, so + they can be used by 3rdparty applications as well. - Minor + cleanups + +2003-09-03 09:28 aet + + * trunk/src/include/winconfig.h, trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, trunk/src/libopensc/asn1.c, + trunk/src/libopensc/card-default.c, + trunk/src/libopensc/card-emv.c, + trunk/src/libopensc/card-etoken.c, + trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/card-mcrd.c, + trunk/src/libopensc/card-miocos.c, + trunk/src/libopensc/card-setcos.c, + trunk/src/libopensc/card-starcos.c, + trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/ctbcs.c, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/dir.c, trunk/src/libopensc/internal.h, + trunk/src/libopensc/iso7816.c, trunk/src/libopensc/log.c, + trunk/src/libopensc/module.c, trunk/src/libopensc/padding.c, + trunk/src/libopensc/pkcs15-algo.c, + trunk/src/libopensc/pkcs15-cache.c, + trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-data.c, + trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-pubkey.c, + trunk/src/libopensc/pkcs15-sec.c, + trunk/src/libopensc/pkcs15-wrap.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/portability.c, + trunk/src/libopensc/reader-ctapi.c, + trunk/src/libopensc/reader-openct.c, + trunk/src/libopensc/reader-pcsc.c, + trunk/src/libopensc/reader-usbtoken.c, trunk/src/libopensc/sc.c, + trunk/src/libopensc/sec.c: - Stop using unflexible automake + conditionals when building PC/SC, OpenCT or USBToken support, + use ifdef's directly in source. - Because of above, add + HAVE_PCSCLITE for winconfig.h - Remove unnecessary includes for + log.h, opensc.h and errors.h in libopensc sources, they're + already taken care by internal.h. + +2003-09-02 20:44 aet + + * trunk/macos/libtool-bundle: Generate minimal Info.plist and + PkgInfo for bundles + +2003-09-01 08:48 aet + + * trunk/src/scdl/scdl.h: EUSER: Cut'n'paste error + +2003-09-01 08:43 aet + + * trunk/configure.in, trunk/src/Makefile.am, + trunk/src/Makefile.mak, trunk/src/include/opensc/Makefile.am, + trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, trunk/src/libopensc/module.c, + trunk/src/pkcs11/Makefile.am, trunk/src/pkcs11/Makefile.mak, + trunk/src/pkcs11/libpkcs11.c, trunk/src/scdl, + trunk/src/scdl/.cvsignore, trunk/src/scdl/Makefile.am, + trunk/src/scdl/Makefile.mak, trunk/src/scdl/scdl.c, + trunk/src/scdl/scdl.h: Move scdl to it's own subdirectory, + although it's merely for internal purposes only. + +2003-08-29 16:29 aet + + * trunk/src/libopensc/module.c, trunk/src/pkcs11/libpkcs11.c, + trunk/src/scdl, trunk/src/scdl/scdl.c: - Move all dynamic + loading related code to src/common/scdl.c, probably needs some + more work. As a side bonus, we now have a working CT-API support + for MacOS X. + +2003-08-29 16:26 aet + + * trunk/src/libopensc/ctx.c, trunk/src/libopensc/log.c: Cleanups + +2003-08-29 12:55 okir + + * trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc.c: - added + sc_print_path + * trunk/src/libopensc/card.c, trunk/src/libopensc/log.h: - + slightly improved debugging output + +2003-08-29 12:54 okir + + * trunk/src/libopensc/card-flex.c: - path cache wasn't cleared on + error in flex_select_file - slightly better debugging output + +2003-08-28 13:08 aet + + * trunk/configure.in, trunk/src/libopensc/Makefile.am, + trunk/src/scam/Makefile.am, trunk/src/scldap/Makefile.am: - + Cleanups to Makefile.am if / endif mess - Don't bother checking + OpenSSL engine LDFLAGS if no engine detected + +2003-08-28 12:51 okir + + * trunk/src/libopensc/asn1.c: - added missing newline to error msg + +2003-08-28 12:50 okir + + * trunk/src/libopensc/card-gpk.c: - added missing intialization of + apdu struct + +2003-08-27 08:47 aj + + * trunk/docs/opensc.html, trunk/docs/opensc.xml: Documentation + fixes by Ville Skytt��. + +2003-08-26 10:55 aet + + * trunk/configure.in: Merge with OpenCT + +2003-08-25 14:21 aet + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/card-default.c, + trunk/src/libopensc/card-emv.c, + trunk/src/libopensc/card-etoken.c, + trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/card-mcrd.c, + trunk/src/libopensc/card-miocos.c, + trunk/src/libopensc/card-setcos.c, + trunk/src/libopensc/card-starcos.c, + trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/ctbcs.c, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/dir.c, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/log.c, trunk/src/libopensc/log.h, + trunk/src/libopensc/module.c, trunk/src/libopensc/padding.c, + trunk/src/libopensc/pkcs15-algo.c, + trunk/src/libopensc/pkcs15-cache.c, + trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-pubkey.c, + trunk/src/libopensc/pkcs15-sec.c, + trunk/src/libopensc/pkcs15-wrap.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/reader-ctapi.c, + trunk/src/libopensc/reader-openct.c, + trunk/src/libopensc/reader-pcsc.c, + trunk/src/libopensc/reader-usbtoken.c, trunk/src/libopensc/sc.c, + trunk/src/libopensc/sec.c, trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/misc.c, trunk/src/pkcs11/openssl.c, + trunk/src/pkcs11/pkcs11-global.c, + trunk/src/pkcs11/pkcs11-object.c, + trunk/src/pkcs11/pkcs11-session.c, trunk/src/pkcs11/slot.c: + Rename libopensc specific error/debug to sc_error/sc_debug We + should have done this ages ago. + +2003-08-25 10:21 aet + + * trunk/configure.in: Remove old cruft, minor reorganizing changes + +2003-08-25 09:29 aet + + * trunk/src/scconf/lex-parse.l: Add fix by Olaf to handle CRLF + style text files as well + +2003-08-25 09:28 aet + + * trunk/src/pkcs15init/flex_so.profile: CRLF->LF + +2003-08-22 13:44 aet + + * trunk/configure.in: Allow MacOS X users to disable the use of + PC/SC using --with-pcsclite=no. + +2003-08-22 11:47 aet + + * trunk/bootstrap: Merge with recent OpenCT changes + +2003-08-21 05:39 okir + + * trunk/src/libopensc/asn1.c: - Do not barf on empty SEQUENCEs if + all elements inside are OPTIONAL + +2003-08-20 14:15 sth + + * trunk/src/libopensc/pkcs15-data.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/tools/pkcs15-init.c: Fix: don't DER-en/decode the data + in a pkcs15 object + +2003-08-18 14:54 aet + + * trunk/src/libopensc/opensc.h, trunk/src/libopensc/portability.c, + trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/sc-pkcs11.h: + - Rename sysdep_timestamp_t to sc_timestamp_t - Add missing + function prototype for sc_current_time + +2003-08-18 14:28 aet + + * trunk/configure.in, trunk/src/libopensc/Makefile.am, + trunk/src/pkcs11/Makefile.am, trunk/src/pkcs15init/Makefile.am, + trunk/src/scconf/Makefile.am, trunk/src/scldap/Makefile.am: Add + common versioning to all libraries + +2003-08-18 13:45 aet + + * trunk/src/pkcs11/Makefile.am, trunk/src/pkcs11/libpkcs11.c, + trunk/src/signer/Makefile.am, trunk/src/sslengines/Makefile.am: + - Install OpenSSL engines as bundles as well - Don't bother + "renaming" opensc-pkcs11.so when installing as bundle. - More + irrelevant cleanups + +2003-08-18 12:06 aet + + * trunk/src/libopensc/Makefile.am, trunk/src/pkcs11/Makefile.am, + trunk/src/pkcs11/rsaref/Makefile.am, + trunk/src/pkcs15init/Makefile.am, trunk/src/scconf/Makefile.am, + trunk/src/scldap/Makefile.am, trunk/src/scrandom/Makefile.am: + Minor cleanups + +2003-08-18 12:05 aet + + * trunk/configure.in: Fix for --without-ldap-ssl + +2003-08-18 11:15 aet + + * trunk/configure.in: Fix OpenSSL engine linking for MacOS X. + Somewhat works on patched OpenSSL 0.9.7b linked again dlcompat. + Macosx's default openssl (0.9.6) does not include engine support + and fink's openssl 0.9.7 doesn't include any support for dynamic + loading, but that's hardly not our problem. + +2003-08-18 08:18 aj + + * trunk/src/openscd/commands.c: fix for compiling openscd, thanks + for help to werner koch. + +2003-08-15 11:30 aet + + * trunk/Makefile.am: Add ANNOUNCE to distribution tarball + +2003-08-15 10:07 aet + + * trunk/Makefile.am: Add macos + +2003-08-15 09:00 okir + + * trunk/ANNOUNCE: - Updated gnupg statement + +2003-08-14 16:05 aj + + * trunk/NEWS: Let's not advertise buggy code. Usbtoken is only a + fall back solution, openct is working far better. + +2003-08-14 15:34 aet + + * trunk/NEWS: Updates for the upcoming release. + +2003-08-14 12:45 aet + + * trunk/src/pkcs11/libpkcs11.c: - Allow MacOS X build to be able + to support simultaneously loading of .dylibs, .bundles (native + MacOS X) and bundle objects (.so) created by GNU libtool, if + dlcompat is found. Otherwise just support .dylibs and .bundles. + +2003-08-14 11:47 aet + + * trunk/src/pkcs11/libpkcs11.c: Cleanups + +2003-08-14 11:37 aet + + * trunk/configure.in, trunk/macos, trunk/macos/.cvsignore, + trunk/macos/Makefile.am, trunk/macos/libtool-bundle, + trunk/src/pkcs11/Makefile.am: - Minor cleanups - Add preliminary + support for MacOS X bundle installation + +2003-08-14 07:13 sth + + * trunk/src/libopensc/sec.c: Global Platform PIN Encoding: 1. Fix + for pin changes: use the real length instead of the max length + -- 2. Check for valid pin chars + +2003-08-12 11:44 aet + + * trunk/configure.in: - More cleanups - Add '-no-cpp-precomp' + check for MacOS X - Rename --with-ssl-dir to --with-openssl + +2003-08-12 09:34 aj + + * trunk/configure.in: improve configure code for openssl. + +2003-08-11 15:26 aet + + * trunk/configure.in: More cleanups + +2003-08-11 14:52 aet + + * trunk/configure.in: Rewrite parts of the OpenSSL detection + +2003-08-11 14:39 okir + + * trunk/src/pkcs11/framework-pkcs15.c: - first stab at + user_consent handling + +2003-08-11 13:56 okir + + * trunk/src/libopensc/card.c: - suppress stupid debug messages for + sc_lock/sc_unlock for debug level < 7 + +2003-08-11 13:55 okir + + * trunk/src/tests/print.c: - print user_consent field + +2003-08-09 10:42 aj + + * trunk/configure.in: stupid bug, set those variables if empty... + +2003-08-08 20:46 okir + + * trunk/ANNOUNCE: - Added announcement + +2003-08-08 08:44 okir + + * trunk/src/tools/pkcs15-crypt.c: - when asked to sign data, also + consider SIGNRECOVER and NONREPUDIATION keys - properly + interpret return value of get_key + +2003-08-08 08:41 aj + + * trunk/configure.in: "-lcrypt" is always wrong for CRYPTOA, and + we always need a path to find libcrypto.a. So default to /usr. + +2003-08-08 08:34 okir + + * trunk/src/tools/pkcs15-tool.c: - cleaned up formatting + +2003-08-07 06:47 sth + + * trunk/src/sslengines/p11_slot.c: Fix: use of uninitalised + variable + +2003-08-06 13:01 aet + + * trunk/NEWS, trunk/docs/opensc.html, trunk/docs/opensc.xml: + Status update + +2003-08-06 12:13 sth + + * trunk/src/libopensc/Makefile.mak: correct makefile so that the + depending libopensc is updated when a new scconf.lib exist (Ivo + Pieck) + +2003-08-06 12:01 aet + + * trunk/src/pkcs11/libpkcs11.c: Blah, unify the string handling a + bit + +2003-08-06 11:18 sth + + * trunk/src/tools/pkcs11-tool.c: Removed some unnecessary output + +2003-08-06 08:45 aet + + * trunk/src/pkcs11/libpkcs11.c: - Fixed a mac specific compiler + warning - Fixed libdl-specific code to work with Fink's dlcompat + package + +2003-08-06 07:36 aet + + * trunk/src/pkcs11/openssl.c: Fixed a typo + +2003-08-05 19:26 sth + + * trunk/src/pkcs11/openssl.c: Fixed the verification, so that it + corresponds completely with the signature functions (more + specifically: the special cases are provided for SHA-1 and MD5 + signatures with the RSA_PKCS1_PADDING mechanism) + +2003-08-05 17:28 aet + + * trunk/src/libopensc/iso7816.c, + trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/pkcs11-object.c, + trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/tools/pkcs11-tool.c: Remove some compiler warnings + +2003-08-05 10:34 okir + + * trunk/src/tests/regression/functions: - accept option -T - added + function skip_unless_card + * trunk/src/tests/regression/run-all: - accept option -T + +2003-08-05 10:12 sth + + * trunk/src/scconf/Makefile.mak: Under Windows, flex generates + lex_parse_win32.c, because the default lex_parse.c that is in + the snapshots and in the releases won't compile on Windows + +2003-08-05 09:50 okir + + * trunk/src/pkcs15init/Makefile.am, + trunk/src/pkcs15init/pkcs15-small.profile, + trunk/src/pkcs15init/pkcs15.profile: - doubled file size of + PrKDF, PuKDF, CDF etc - provided old profile as + pkcs15-small.profile for e.g. GPK4K + +2003-08-05 09:08 sth + + * trunk/docs/sc_pkcs15_compute_signature.3: Added info about + SC_ALGORITHM_RSA_HASH_NONE, to comply with the 0.8.0 release + +2003-08-05 07:09 aet + + * trunk/src/pam, trunk/src/pam/.cvsignore, + trunk/src/pam/Makefile.am: Renamed pam_opensc-test to test-pam + +2003-08-04 15:11 aet + + * trunk/configure.in, trunk/src/pam/misc_conv.c, + trunk/src/pam/pam_support.h: Add support for native MacOS X pam + header location + +2003-08-01 07:03 aj + + * trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc.c, + trunk/src/pkcs15init/pkcs15-lib.c: seperator is written to an + u8, so it should be a char or u8 anyway. + +2003-07-31 21:16 okir + + * trunk/src/pkcs15init/pkcs15-lib.c: - warn if EF is too small for + the amount of data we want to write + +2003-07-31 19:06 okir + + * trunk/src/libopensc/card.c: - fixed error message + +2003-07-31 08:27 sth + + * trunk/src/libopensc/opensc.h: Removed a call for a (not yet) + existing driver, which I accidentally added along with another + change + +2003-07-31 08:10 okir + + * trunk/src/pkcs11/framework-pkcs15.c: - indentation fix + +2003-07-30 14:46 sth + + * trunk/src/pkcs11/framework-pkcs15.c: Fix: if a pkcs11 attribute + is requested that valid for that type of object, but that we + don't have, then we should return length = 0 instead of + returning CKR_ATTRIBUTE_TYPE_INVALID + +2003-07-30 12:51 aet + + * trunk/configure.in, trunk/src/sslengines/Makefile.am: Add + support for probing the correct extra magic needed for linking + sslengines. Probably not perfect, but it's a start. + +2003-07-30 11:07 okir + + * trunk/src/libopensc/card-gpk.c: - fixed VERIFY handling + +2003-07-30 09:50 aet + + * trunk/configure.in, trunk/src/libopensc/Makefile.am, + trunk/src/openscd/Makefile.am, trunk/src/pam/Makefile.am, + trunk/src/pkcs11/Makefile.am, trunk/src/pkcs15init/Makefile.am, + trunk/src/scam/Makefile.am, trunk/src/sia/Makefile.am, + trunk/src/signer/Makefile.am, trunk/src/sslengines/Makefile.am, + trunk/src/tests/Makefile.am, trunk/src/tools/Makefile.am: Remove + CFLAGS_OPENSC, cleanups to INCLUDES handling. + +2003-07-29 11:52 aet + + * trunk/configure.in: Fix OpenSSL engine detection for cases using + --with-ssl-dir. + +2003-07-29 11:50 aet + + * trunk/src/scam/Makefile.am: Fix for the MacOS X pam module + installation + +2003-07-29 10:17 aet + + * trunk/src/scrandom/Makefile.am: Remove old references to OpenSSL + +2003-07-29 10:04 aet + + * trunk/Makefile.am, trunk/docs/Makefile.am, + trunk/src/include/opensc/Makefile.am, + trunk/src/include/opensc/rsaref/Makefile.am, + trunk/src/pkcs15init/Makefile.am, trunk/src/signer/Makefile.am, + trunk/src/tests/regression/Makefile.am: More consistent + indentation for multi-line variables + +2003-07-28 13:19 sth + + * trunk/src/libopensc/iso7816.c, trunk/src/libopensc/opensc.h: + Added struct sc_card to process_fci(), just like it's done with + the orhter card operations + +2003-07-28 12:17 aet + + * trunk/docs/doxygen.conf: Upgrade the version number. + +2003-07-28 12:11 aet + + * trunk/Makefile.am, trunk/docs/Makefile.am, + trunk/etc/Makefile.am, trunk/src/include/opensc/Makefile.am, + trunk/src/include/opensc/rsaref/Makefile.am, + trunk/src/libopensc/Makefile.am, trunk/src/openssh/Makefile.am, + trunk/src/pkcs11/Makefile.am, + trunk/src/pkcs11/rsaref/Makefile.am, + trunk/src/pkcs15init/Makefile.am, trunk/src/scam/Makefile.am, + trunk/src/scrandom/Makefile.am, trunk/src/signer/Makefile.am, + trunk/src/signer/npinclude/Makefile.am, + trunk/src/sslengines/Makefile.am, trunk/src/tests/Makefile.am, + trunk/src/tests/regression/Makefile.am, + trunk/src/tools/Makefile.am, trunk/src/usbtoken/Makefile.am, + trunk/win32/Makefile.am: Minor cleanups + +2003-07-28 11:10 aet + + * trunk/src/pam/Makefile.am, trunk/src/pam/test-pam.c: Fix the + pam_opensc-test linking problem for AIX5.1+ and MacOS X MacOS X + doesn't have /usr/include/security so you'll need to symlink + /usr/include/pam to /usr/include/security yourself at the moment. + +2003-07-28 10:02 aet + + * trunk/configure.in, trunk/src/libopensc/reader-pcsc.c: Add + support for MacOS X with PC/SC framework using autoconfigure. + Tested using Panther (WWDC build) + fink. Should work without + fink, too. + +2003-07-27 16:51 aet + + * trunk/src/sslengines/Makefile.am: Renamed test_engine.s to + test_engine.sh + +2003-07-27 16:50 sth + + * trunk/src/libopensc/pkcs15-sec.c: Fix: allways set pag_flags = + SC_ALGORITHM_RSA_HASH_NONE if sc_pkcs15_compute_signature() is + called with this flag + +2003-07-27 16:31 aj + + * trunk/src/usbtoken/DEPRECATED, trunk/src/usbtoken/Makefile.am: + Add a big fat warning not to use usbtoken. + +2003-07-25 09:01 aet + + * trunk/src/sia/Makefile.am: Build fix + +2003-07-24 14:27 sth + + * trunk/src/libopensc/padding.c: Fix: don't give an error if the + hash algo is SC_ALGORITHM_RSA_HASH_NONE + +2003-07-24 13:10 aet + + * trunk/src/libopensc/reader-pcsc.c, + trunk/src/sslengines/engine_opensc.c, + trunk/src/sslengines/engine_opensc.h, + trunk/src/sslengines/pkcs11-internal.h: - Build fixes + +2003-07-24 11:29 sth + + * trunk/src/tools/pkcs11-tool.c: Added test code for Mozilla-like + keypair generation and the writing of a certificate + +2003-07-24 10:00 aet + + * trunk/configure.in, trunk/src/Makefile.am, + trunk/src/openscd/Makefile.am, trunk/src/openscd/commands.c, + trunk/src/openscd/mkdtemp.c, trunk/src/openscd/openscd.c, + trunk/src/openscd/openscd.h, trunk/src/openscd/test.c: - Remove + src/assuan, what's the point of having --with-assuan if we're + including our own version? Besides, opensc-signer and openscd + both are incomplete versions, I don't know if they work at all. + - Minor cleanups to openscd. + +2003-07-24 09:09 aet + + * trunk/src/tools/opensc-tool.c: Add missing 'n' for getopt_long + +2003-07-24 08:35 sth + + * trunk/src/tools/pkcs11-tool.c: Little fix in test_verify() + +2003-07-24 06:47 aj + + * trunk/src/libopensc/card-starcos.c: Nils fixes to starcos. + +2003-07-24 06:46 aj + + * trunk/docs/opensc.html, trunk/docs/opensc.xml: Add Nils and + J��rn to Authors. + +2003-07-23 18:12 aj + + * trunk/src/openssh/openssh-3.6.1p2.diff: updated patch. changes: + - add Nils fix for split keys. - changed "ask for pin" code. The + later is ugly and needs to be changed. however it is open how we + can do that. Maybe it will require changes in openssh, so lets + keep it till those issues are solved. + +2003-07-23 16:11 aet + + * trunk/src/scam/p15_ldap.c: Resync with p15_eid changes. No, it + still won't work. + +2003-07-23 15:07 aet + + * trunk/configure.in, trunk/src/scam/p15_eid.c, + trunk/src/scam/p15_ldap.c, trunk/src/scam/scam.c, + trunk/src/scam/scam.h: Remove the rest of old, obsolete SCIDI + related crap. + +2003-07-23 14:31 sth + + * trunk/src/libopensc/iso7816.c, trunk/src/libopensc/opensc.h: + Made the construct_fci() a card operaton, just like it has been + done with process_fci() before + +2003-07-22 15:51 aj + + * trunk/src/libopensc/pkcs15.c: find the keys by usage (patch by + Nils Lars) + +2003-07-22 15:50 aj + + * trunk/Makefile.am: clean *.m4 files. + +2003-07-22 15:13 aj + + * trunk/src/pkcs15init/profile.c: somewhat improved profile search. + +2003-07-22 09:54 sth + + * trunk/src/tools/pkcs11-tool.c: Added test code for the new + Verify functions + +2003-07-21 13:03 aj + + * trunk/docs/opensc.html, trunk/docs/opensc.xml: add id's to all + chapter and section tags. add documentation on Eutron + CryptoIdendity IT-SEC. + +2003-07-19 10:52 aj + + * trunk/Makefile.am: set automake option. + +2003-07-18 09:34 sth + + * trunk/src/tools/pkcs15-crypt.c: Read the file's contents as + binary + +2003-07-18 09:32 sth + + * trunk/src/tools/opensc-explorer.c: Read/write the file's + contents as binary + +2003-07-17 23:03 okir + + * trunk/docs/Makefile.am, + trunk/docs/sc_pkcs15_compute_signature.3: - added + sc_pkcs15_compute_signature.3 draft + * trunk/docs/sc_read_binary.3: - fixed typo + +2003-07-17 22:59 sth + + * trunk/src/pkcs11/misc.c: Added some debugging info + +2003-07-17 22:53 sth + + * trunk/src/pkcs11/openssl.c: Added some debugging info + +2003-07-17 22:09 sth + + * trunk/src/pkcs11/mechanism.c: Fix: if a pkcs11 operation fails, + it should be ended + +2003-07-17 16:50 aet + + * trunk/configure.in: Don't leave -lpcsclite to LIBS, use LIBPCSC + instead. We really don't want to directly link -lpcsclite to + every single library and program. + +2003-07-17 15:13 aet + + * trunk/configure.in: Use $LIBDL instead of hardcoding to -ldl + +2003-07-17 15:09 sth + + * trunk/src/include/winconfig.h: Little fix for Windows + +2003-07-17 13:09 aet + + * trunk/bootstrap: For crying out loud, hands off. There is a + fucking reason for these files to be removed manually. + +2003-07-17 13:07 aet + + * trunk/configure.in: Remove the use of AC_FUNC_MALLOC and + AC_FUNC_MEMCMP as they don't work correctly with autoconf 2.57, + we don't really need them for anything anyway. + +2003-07-17 13:05 aet + + * trunk/src/sslengines/engine_opensc.c, + trunk/src/sslengines/engine_pkcs11.h: Remove C++-style // + comments. Yes, I know that they are ok in C99 spec, but who says + that all compilers are already C99 compatible. + +2003-07-17 12:39 aet + + * trunk, trunk/.cvsignore, trunk/aclocal, + trunk/aclocal/.cvsignore, trunk/docs, trunk/docs/.cvsignore, + trunk/etc, trunk/etc/.cvsignore, trunk/src, + trunk/src/.cvsignore, trunk/src/common, + trunk/src/common/.cvsignore, trunk/src/include, + trunk/src/include/.cvsignore, trunk/src/include/opensc, + trunk/src/include/opensc/.cvsignore, + trunk/src/include/opensc/rsaref, + trunk/src/include/opensc/rsaref/.cvsignore, trunk/src/libopensc, + trunk/src/libopensc/.cvsignore, trunk/src/openscd, + trunk/src/openscd/.cvsignore, trunk/src/openssh, + trunk/src/openssh/.cvsignore, trunk/src/pam, + trunk/src/pam/.cvsignore, trunk/src/pkcs11, + trunk/src/pkcs11/.cvsignore, trunk/src/pkcs11/rsaref, + trunk/src/pkcs11/rsaref/.cvsignore, trunk/src/pkcs15init, + trunk/src/pkcs15init/.cvsignore, trunk/src/scam, + trunk/src/scam/.cvsignore, trunk/src/scconf, + trunk/src/scconf/.cvsignore, trunk/src/scldap, + trunk/src/scldap/.cvsignore, trunk/src/scrandom, + trunk/src/scrandom/.cvsignore, trunk/src/sia, + trunk/src/sia/.cvsignore, trunk/src/signer, + trunk/src/signer/.cvsignore, trunk/src/signer/npinclude, + trunk/src/signer/npinclude/.cvsignore, trunk/src/sslengines, + trunk/src/sslengines/.cvsignore, trunk/src/tests, + trunk/src/tests/.cvsignore, trunk/src/tests/regression, + trunk/src/tests/regression/.cvsignore, trunk/src/tools, + trunk/src/tools/.cvsignore, trunk/src/usbtoken, + trunk/src/usbtoken/.cvsignore, trunk/win32, + trunk/win32/.cvsignore: Resync .cvsignore files + +2003-07-17 11:04 aj + + * trunk/Makefile.am, trunk/bootstrap: real cleanup via + MAINTAINERCLEANFILES. include depcomp in distribution. + +2003-07-17 10:59 aj + + * trunk/configure.in: The CVS HEAD should always have a version + "CVS". For stable releases we should create a branch I guess. + +2003-07-16 15:17 okir + + * trunk/etc/opensc.conf.example, trunk/src/libopensc/errors.c, + trunk/src/libopensc/errors.h, trunk/src/libopensc/module.c, + trunk/src/libopensc/pkcs15.c: - patch for synthetic p15 cards by + Nils Larsch + +2003-07-16 15:10 aet + + * trunk/bootstrap: rm -f depcomp and friends so that we don't have + to use -f flag for autoreconf. Fixed an issue noticed after + upgrading to autoconf 2.52 -> 2.57, automake 1.5 -> 1.7 and + libtool 1.4.2 -> 1.5. + +2003-07-16 11:52 sth + + * trunk/src/libopensc/Makefile.mak: Moved padding from + pkcs15-sec.c to padding.c + +2003-07-16 05:20 sth + + * trunk/src/pkcs11/framework-pkcs15.c: Fix of the previous patch: + show only 1 public key if both public key and cert exist + +2003-07-15 10:49 okir + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/card-starcos.c, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/padding.c, + trunk/src/libopensc/pkcs15-sec.c: - Change padding functions + +2003-07-14 17:39 sth + + * trunk/src/libopensc/iso7816.c, trunk/src/libopensc/opensc.h: + Have process_fci() as a card operation instead of being called + internally by iso7816_select_file(). This way card drivers can + implement a select_file() and process_fci() independently + +2003-07-14 17:34 sth + + * trunk/src/pkcs11/framework-pkcs15.c: Fix of the previous patch: + if there are a public key and cert with the same ID, show the + public key derived from the cert + +2003-07-14 17:28 sth + + * trunk/src/pkcs11/framework-pkcs15.c: Fix: if there was a public + key and cert with the same ID, you'd see the public key twice in + pkcs11: once the 'real' one and once the one derived from the + cert + +2003-07-14 16:56 okir + + * trunk/src/libopensc/errors.h: - added SC_ERROR_WRONG_PADDING + * trunk/src/libopensc/errors.c: - added missing error messages + +2003-07-14 16:55 okir + + * trunk/src/libopensc/card-etoken.c: - try to deal with RSA_SIG + keys (first try RSA_PURE_SIG, then RSA_SIG) + +2003-07-14 13:20 sth + + * trunk/src/libopensc/opensc.h, trunk/src/libopensc/sec.c: Added + 'Global Platform' PIN encoding + +2003-07-12 17:19 aj + + * trunk/src/include/opensc/Makefile.am, + trunk/src/include/opensc/rsaref/Makefile.am: remove files in + "make distclean" instead of "make maintainer-clean" to match the + distribution tar file. + +2003-07-12 12:58 jey + + * trunk/configure.in: - Fixed OpenSSL detection (at least with + Debian) + +2003-07-11 20:14 sth + + * trunk/src/pkcs11/framework-pkcs15.c: If C_SetAttributeValue() + wants to change the CKA_SUBJECT, simply return OK. This is OK as + we don't save the CKA_SUBJECT of a public key anyway, and it's + needed for doing keypair gen + cert writing with Mozilla + +2003-07-11 18:16 aet + + * trunk/configure.in, trunk/src/sslengines/engine_pkcs11.c: + Cleanups, fix --with-common-dir work with OpenSSL engine + detection + +2003-07-11 16:33 aet + + * trunk, trunk/.cvsignore: Forgot this one + +2003-07-11 16:31 aet + + * trunk/AUTHORS, trunk/Makefile.am, trunk/README, + trunk/configure.in, trunk/src/pkcs11/libpkcs11.c, + trunk/src/pkcs11/openssl.c, trunk/src/pkcs11/pkcs11-object.c, + trunk/src/scrandom/scrandom.c, trunk/src/tests/regression, + trunk/src/tests/regression/.cvsignore, + trunk/src/tools/pkcs11-tool.c, trunk/src/usbtoken/Makefile.am, + trunk/win32, trunk/win32/.cvsignore: - Various build fixes for + various operating systems and compilers - Add missing .cvsignore + files - Remove tools/ and make configure to work again + +2003-07-11 11:18 sth + + * trunk/src/sslengines/Makefile.am: Changed libpkcs11.a to + libpkcs11.la (by Ville Skytta) + +2003-07-11 11:16 sth + + * trunk/src/sslengines/engine_pkcs11.c: Fix: use strncasecmp() + instead of strnicmp() + +2003-07-11 09:40 sth + + * trunk/src/libopensc/card.c: Bug fix: let sc_transmit_apdu() + returns a negative number or 0 (no positive number) + +2003-07-10 22:31 aj + + * trunk/src/libopensc/reader-usbtoken.c: Forgot to init + slot[0].flags to SC_CARD_PRESENT + +2003-07-10 11:38 sth + + * trunk/src/libopensc/card.c, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/opensc.h: Implemented the get_response card + operation, is now explicitely called by sc_transmit_apdu() + +2003-07-10 11:13 aj + + * trunk/Makefile.am, trunk/docs/Makefile.am, + trunk/src/openssh/Makefile.am: Fix makefiles. + +2003-07-10 10:44 aj + + * trunk/AUTHORS, trunk/README, trunk/README.Win32, + trunk/README.cards, trunk/README.signer, trunk/THANKS, + trunk/TODO, trunk/docs/pkcs11.txt, trunk/src/openssh/README, + trunk/src/pam/README, trunk/src/pkcs11/README, + trunk/src/sslengines/README: remove old text files. new + documentation is in opensc/docs/opensc.html (and .xml) + +2003-07-10 10:33 aj + + * trunk/configure.in: updated configure to newer init calls. set + automake strictnes to foreign. + +2003-07-02 20:47 aj + + * trunk/docs/opensc.html, trunk/docs/opensc.xml: Some of + additional documentation. + +2003-07-02 17:58 aj + + * trunk/docs/usbtoken.html, trunk/docs/usbtoken.xml: usbtoken is + now obsoleted by openct. Update the documentation. This patch + was made possible by the INKA e.V. ISP and the Hoepfner Brewery + and Beergarden. Thanks for free Internet! + +2003-07-01 17:34 aj + + * trunk/configure.in, trunk/src/libopensc/ctx.c: disable usbtoken + by default. put usbtokens readers behind openct readers. + +2003-06-30 18:25 aj + + * trunk/src/libopensc/card-flex.c: Xander Soldaat + reported this ATR, the card works for him + "like a charm." + +2003-06-28 07:02 sth + + * trunk/src/libopensc/pkcs15.h: Increased the pkcs15 ID size from + 16 to 255 + +2003-06-27 23:01 aj + + * trunk/src/libopensc/card-starcos.c, + trunk/src/libopensc/cardctl.h: attached is patch for + card-starcos.c This patch generalizes the handling of the driver + internal extra data (for example this will be usefull to supply + the card driver with the necessary information to create + MF/DF/EF). I also added a workaround for certain profiles which + require that the pin is only verified once (i.e. the state + doesn't change after a signature verification). And finally I + changed the order of some starcos function (at first the + init/free function and then the rest). If nobody has objections + it would be nice if someone could commit this patch to the CVS. + +2003-06-27 15:26 sth + + * trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/mechanism.c, trunk/src/pkcs11/openssl.c, + trunk/src/pkcs11/pkcs11-object.c, trunk/src/pkcs11/sc-pkcs11.h: + Implemented the C_VerifyXXX() functions + +2003-06-27 13:29 sth + + * trunk/src/pkcs11/framework-pkcs15.c: Removed the + CKF_WRITE_PROTECTED tokeninfo flag + +2003-06-27 12:59 sth + + * trunk/src/include/winconfig.h, + trunk/src/pkcs15init/pkcs15-lib.c: Placing #include + in wincofig.h causes compiler problems, better put it in each + file that uses _MAX_PATH + +2003-06-27 12:32 sth + + * trunk/README.Win32, trunk/src/Makefile.mak, + trunk/src/include/winconfig.h: Some Windows fixes + +2003-06-27 12:11 sth + + * trunk/src/pkcs11/framework-pkcs15.c: Fix: register + CKF_GENERATE_KEY_PAIR in a correct way + +2003-06-27 12:02 sth + + * trunk/src/tools/pkcs11-tool.c: Added test code for + C_SetAttributeValue() + +2003-06-27 12:00 sth + + * trunk/src/pkcs11/framework-pkcs15.c: Implemented + C_SetAttributeValue() that can change the CKA_VALUE and CKA_ID + +2003-06-27 11:59 sth + + * trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c: Added + sc_pkcs15init_change_attrib() that can change the label and ID + of a pkcs15 key or cert + +2003-06-27 11:32 sth + + * trunk/src/sslengines/README, + trunk/src/sslengines/engine_pkcs11.c: Use a better notation for + the -key option + +2003-06-26 16:47 aj + + * trunk/docs/Makefile.am, trunk/docs/opensc.html, + trunk/docs/usbtoken.html: run tidy on html files (ignore if it + is not available). tidy html files, so they are readable. + +2003-06-26 10:38 aj + + * trunk/docs/opensc.html, trunk/docs/opensc.xml: ssl engine update + (key format), pkcs11.txt integrated. both done by stef, I'm only + commiting (and updateing the html file). + +2003-06-25 20:20 aj + + * trunk/docs/Makefile.am, trunk/docs/opensc.css, + trunk/docs/opensc.html, trunk/docs/opensc.xml, + trunk/docs/opensc.xsl: xml/html based documentation. This can + replace: README README.Win32 README.cards README.signer THANKS + TODO AUTHORS src/openssh/README src/pkcs11/README src/pam/README + src/sslengines/README + +2003-06-25 10:57 sth + + * trunk/src/pkcs11/pkcs11-object.c: Added a little extra logging + to C_GenerateKeyPair() + +2003-06-25 10:19 aj + + * trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/profile.c: PATH_MAX is defined via limits.h + (I hope that exists on all systems). MAX_PATH is a typo. int r + was never used. + +2003-06-25 08:42 aj + + * trunk/docs/Makefile.am, trunk/docs/usbtoken.html: make live + easier for other developers: html file is now also in the + repository, and I will update always both at the same time. So + not even developers will need docbook dtd + xsl + xsltproc. + +2003-06-24 22:29 aj + + * trunk/configure.in: removed pkcs15-init.sh reference (oops, when + did that creep in? shouldn't be.) + +2003-06-24 11:31 sth + + * trunk/src/pkcs11/framework-pkcs15.c: Changed SC_PKCS15_MAX_PINS + to MAX_OBJECTS in pkcs15_create_tokens() + +2003-06-24 11:26 sth + + * trunk/src/pkcs11/framework-pkcs15.c: Added a safer locking + mechanism, based on sc_lock/sc_unlock (Olaf) + +2003-06-24 11:11 sth + + * trunk/src/pkcs11/slot.c: In slot_initialize(): Bugfix in a + memset and added a pool_initialize() + +2003-06-24 09:14 sth + + * trunk/src/tools/pkcs11-tool.c: Some fixes/improvements, e.g. an + ID now has to be entered in the same way as in pkcs15-init + +2003-06-24 09:11 sth + + * trunk/src/sslengines/README, + trunk/src/sslengines/engine_pkcs11.c, + trunk/src/sslengines/p11_cert.c, trunk/src/sslengines/p11_key.c, + trunk/src/sslengines/pkcs11-internal.h: Added support for + selecting keys by slot and by key ID; and added newlines to some + error messages + +2003-06-23 12:56 okir + + * trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/iso7816.c, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/reader-ctapi.c, + trunk/src/libopensc/reader-openct.c, + trunk/src/libopensc/reader-pcsc.c: - added pinpad support for + OpenCT + +2003-06-18 20:49 sth + + * trunk/src/tools/pkcs11-tool.c: Some improvements to + gen_keypair() and write_object() + +2003-06-18 12:38 sth + + * trunk/src/include/winconfig.h, trunk/src/pkcs15init/profile.c: + Let sc_profile_locate() behave about the same way under Win32 + than under Linux + +2003-06-18 08:07 sth + + * trunk/docs/pkcs15-init.1, trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/framework-pkcs15init.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/tools/pkcs15-init.c: Now you can specify your card + profile for pkcs15init, both on the command line if you use the + pkcs15init tool and in the opensc.conf file. Not specifying + gives the default one, like before. + +2003-06-17 11:31 sth + + * trunk/src/libopensc/ctx.c: Changed strcat to strncat + +2003-06-16 09:45 aj + + * trunk/src/openssh/README, + trunk/src/openssh/openssh-3.6.1p2.diff: The code now asks for + the passphrase. + +2003-06-16 07:40 okir + + * trunk/src/pkcs15init/profile.c: - when loading a profile, check + all variations of .conf before itself + +2003-06-15 22:22 aj + + * trunk/src/tests/regression/Makefile.am: added makefile so + regression files will be included in tarball. + +2003-06-15 22:21 aj + + * trunk/src/openssh/openssh-3.6.1p2.README, + trunk/src/openssh/openssh-3.6.1p2.diff: current patch for + openssh. does not work. + +2003-06-15 22:20 aj + + * trunk/configure.in, trunk/src/pkcs15init/Makefile.am, + trunk/src/sslengines/Makefile.am, trunk/src/tests/Makefile.am: + makefile fixes, so the tarball will contain all files. + +2003-06-15 22:19 aj + + * trunk/src/openssh/Makefile.am: Doesn't work, but added current + openssh patch anyway. + +2003-06-15 12:56 okir + + * trunk/src/libopensc/iso7816.c: - iso7816_logout now invalidates + the path cache + +2003-06-15 11:56 jey + + * trunk/configure.in: A small fix in OpenCT detection. Bumped the + version number up to 0.8.0-rc2. + +2003-06-15 11:55 okir + + * trunk/docs/Makefile.am: - put HAVE_DOCBOOK conditional around + %.html rule + +2003-06-15 11:54 okir + + * trunk/configure.in: - added --without docbook + +2003-06-14 12:31 sth + + * trunk/src/pkcs15init/pkcs15-init.h: Add AuthID for pkcs15 data + objects + +2003-06-13 12:45 sth + + * trunk/src/Makefile.mak: Also compile the sslengines dir under + Windows + +2003-06-13 06:51 sth + + * trunk/src/pkcs11/openssl.c: Added #include , this + is needed for openssl 0.9.8 and higher where openssl/evp.h wont + include the algorithms anymore (Nils) + +2003-06-12 21:35 sth + + * trunk/src/pkcs15init/flex_onepin.profile, + trunk/src/pkcs15init/pkcs15-cflex.c: Added support for a new + cryptoflex profile, where the user (CHV1) is in charge of the + pkcs15 DF + +2003-06-12 21:23 sth + + * trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/tools/pkcs15-init.c: Add the AuthID when writing + pkcs15 data objects + +2003-06-12 21:14 sth + + * trunk/src/libopensc/asn1.c: Add support for non-optional ASN.1 + object that are empty + +2003-06-11 11:03 sth + + * trunk/src/pkcs15init/flex_so.profile: Added some info + +2003-06-11 10:56 okir + + * trunk/src/libopensc/card-starcos.c, + trunk/src/libopensc/cardctl.h: - starcos fixes from Nils + * trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-sec.c: + - New public function sc_add_padding + +2003-06-11 10:54 okir + + * trunk/configure.in: - another fix for --without-openct + +2003-06-11 10:53 okir + + * trunk/docs/Makefile.am: - dont fail if we dont have xsltproc + +2003-06-10 16:45 aj + + * trunk/src/pkcs15init/Makefile.am: added flex_so.profile, moved + list of all profiles to PROFILE + +2003-06-10 12:54 aj + + * trunk/docs/Makefile.am: makefile fix by Robert Bihlmeyer: + include usbtoken.html in distribution tarball. + +2003-06-10 06:32 okir + + * trunk/src/tests/p15dump.c: - prevent excessive calls to logout + +2003-06-10 06:31 okir + + * trunk/src/libopensc/iso7816.c: - iso7816_logout should call + driver specific select_file function, not the iso7816 generic + version + +2003-06-07 07:17 sth + + * trunk/src/pkcs15init/Makefile.am, + trunk/src/pkcs15init/flex_so.profile, + trunk/src/pkcs15init/pkcs15-cflex.c: Add support for a new + cryptoflex profile in which the SO (CHV1) is in charge of the + pkcs15 DF + +2003-06-04 19:17 sth + + * trunk/src/pkcs11/framework-pkcs15.c: Fix in + pkcs15_gen_keypair(): labels didnt work + +2003-06-04 18:37 sth + + * trunk/src/pkcs15init/pkcs15-lib.c: Fixed a type in previous patch + +2003-06-04 12:30 sth + + * trunk/src/tools/pkcs11-tool.c: A first implementation of + write_object(), mostly for testing purposes + +2003-06-04 12:26 sth + + * trunk/src/pkcs11/framework-pkcs15.c: some fixes to + pkcs15_create_object() and pkcs15_gen_keypair() + +2003-06-04 12:24 sth + + * trunk/src/pkcs11/misc.c: added a check for CKA_CERTIFICATE_TYPE + to attr_extract() + +2003-06-03 13:57 sth + + * trunk/etc/opensc.conf.example, + trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/misc.c, + trunk/src/pkcs11/openssl.c, trunk/src/pkcs11/pkcs11-object.c, + trunk/src/pkcs11/sc-pkcs11.h, trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/tools/pkcs11-tool.c: First implementation of + C_GenerateKeyPair() + +2003-05-30 09:54 okir + + * trunk/src/libopensc/pkcs15.h: - fixed typodef in + sc_pkcs15_*_info_t (spotted by Nils) + +2003-05-30 09:45 sth + + * trunk/src/pkcs15init/pkcs15-cflex.c: Compiler warning (result of + malloc not casted) + +2003-05-30 08:54 okir + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/base64.c, + trunk/src/libopensc/card-etoken.c, + trunk/src/libopensc/card-flex.c, + trunk/src/libopensc/card-mcrd.c, + trunk/src/libopensc/card-starcos.c, + trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/dir.c, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/log.c, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15-algo.c, + trunk/src/libopensc/pkcs15-cache.c, + trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/pkcs15.h: - remove signedness warnings + printed by new gcc + +2003-05-30 08:33 okir + + * trunk/src/tools/opensc-tool.c: - added --name option + +2003-05-28 20:52 okir + + * trunk/src/tests/regression/functions, + trunk/src/tests/regression/init0002: - added function + skip_if_card to allow tests to be skipped for certain cards + * trunk/src/libopensc/card-default.c, + trunk/src/libopensc/card-etoken.c, + trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/card-mcrd.c, + trunk/src/libopensc/card-miocos.c, + trunk/src/libopensc/card-setcos.c, + trunk/src/libopensc/card-starcos.c, + trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/opensc.h: - added card name to struct + sc_card to allow upper level apps to identify card type more + precisely + +2003-05-28 18:05 okir + + * trunk/src/tests/regression/erase: - added + +2003-05-28 13:36 okir + + * trunk/src/tests/regression/crypt0001, + trunk/src/tests/regression/crypt0002, + trunk/src/tests/regression/crypt0003, + trunk/src/tests/regression/crypt0004: - specify user pin when + erasing card + * trunk/src/tests/regression/run-all: - better handling of failures + +2003-05-28 08:30 okir + + * trunk/src/tests/regression/run-all: - allow specifying the list + of tests to be run on the command line + +2003-05-28 05:25 okir + + * trunk/src/tests/regression/crypt0001, + trunk/src/tests/regression/crypt0002, + trunk/src/tests/regression/crypt0003, + trunk/src/tests/regression/crypt0004, + trunk/src/tests/regression/functions: - fixed crypt* tests to + work with cryptoflex + +2003-05-28 05:24 okir + + * trunk/src/tests/regression/run-all: - added + +2003-05-27 15:58 aj + + * trunk/src/pam/Makefile.am, trunk/src/pam/pam_opensc.c, + trunk/src/pam/test-pam.c: moved main() function into it's own + file, killed duplicate compiling, made older + autoconf/make/libtool happy. + +2003-05-27 09:58 okir + + * trunk/src/pkcs11/framework-pkcs15.c: - return value of + pkcs15_login was ignored + +2003-05-26 09:30 aj + + * trunk/Makefile.am, trunk/configure.in: move autoconf helper + files to tools/ subdirectory. + +2003-05-24 19:31 aj + + * trunk/configure.in, trunk/src/libopensc/Makefile.am: configure + now accepts a path with --with-openct, and that directory is + searched, and variables OPENCT_CFLAGS, LIBS, LDFLAGS are set + (and used in src/libopensc/Makefile). + +2003-05-23 10:10 okir + + * trunk/src/tests/regression/functions, + trunk/src/tests/regression/init0001, + trunk/src/tests/regression/init0002, + trunk/src/tests/regression/init0003, + trunk/src/tests/regression/init0004, + trunk/src/tests/regression/init0005, + trunk/src/tests/regression/init0006, + trunk/src/tests/regression/init0007, + trunk/src/tests/regression/init0008, + trunk/src/tests/regression/init0009, + trunk/src/tests/regression/init0010, + trunk/src/tests/regression/init0011: - erase card using --secret + +2003-05-23 10:05 okir + + * trunk/src/pkcs15init/pkcs15-cflex.c: - fixed pin handling in + generate key + * trunk/src/libopensc/card-flex.c: - in pin_cmd, dont assume the + caller has properly initialized max_length and encoding + +2003-05-22 21:04 okir + + * trunk/src/pkcs15init/pkcs15-cflex.c: - fixed cryptoflex keygen + +2003-05-22 20:53 okir + + * trunk/src/libopensc/card-flex.c, trunk/src/libopensc/cardctl.h, + trunk/src/pkcs15init/pkcs15-cflex.c: - added cryptoflex RSA key + generation (not yet functional) + +2003-05-22 20:51 okir + + * trunk/src/libopensc/reader-openct.c: - less verbose debug + messages + +2003-05-22 19:34 okir + + * trunk/src/libopensc/card.c: - change debug level for + sc_lock/unlock + +2003-05-22 13:59 okir + + * trunk/src/libopensc/card.c: - fixed the hang with logout() + +2003-05-20 10:53 aj + + * trunk/aclocal/Makefile.am, trunk/aclocal/libtool.m4: libtool.m4 + is not required, and a version too old causes problems anyway. + +2003-05-20 08:30 sth + + * trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/iso7816.c, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/sec.c, trunk/src/pkcs11/framework-pkcs15.c: + added sc_logout() functionality + +2003-05-18 10:08 okir + + * trunk/src/tools/pkcs15-init.c: - added option --secret + +2003-05-18 10:05 okir + + * trunk/src/pkcs15init/pkcs15-lib.c: - do_get_any_verify_pin: try + to look up p15 pin info from card + +2003-05-17 13:30 aj + + * trunk/aclocal/libtool.m4: replaced it with a newer version. + +2003-05-17 10:55 aj + + * trunk/src/tests/regression/functions, + trunk/src/tests/regression/init0003, + trunk/src/tests/regression/init0004, + trunk/src/tests/regression/init0005, + trunk/src/tests/regression/init0006, + trunk/src/tests/regression/init0008, + trunk/src/tests/regression/init0009, + trunk/src/tests/regression/init0010, + trunk/src/tests/regression/init0011: always create and use a + pin. removed --split-key, cardOS users have to specify it. three + new tests. + +2003-05-17 10:54 aj + + * trunk/src/tools/pkcs15-tool.c: Added --pin option to pkcs15-tool + +2003-05-17 09:18 okir + + * trunk/src/tests/regression/functions: - Disable colors for now - + use --assert-pristine to ensure card is pristine + +2003-05-17 09:10 okir + + * trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c: - added + sc_pkcs15init_set_secret + +2003-05-16 22:08 aj + + * trunk/src/pkcs11/Makefile.am, + trunk/src/pkcs11/rsaref/Makefile.am: fix include paths. include + files are supposed to be in opensc/ and opensc/rsaref/. + +2003-05-16 19:12 okir + + * trunk/src/tools/pkcs15-init.c: - redid option handling (you can + now call it with -ECPa 01 -G rsa/1024 - except there's a little + bug that prevents this from working properly) - implemented + --assert-pristine + +2003-05-16 19:11 okir + + * trunk/src/tools/util.c: - fix for previous change + +2003-05-16 16:41 okir + + * trunk/src/tools/util.c: - print_usage_and_die: skip hidden + options + +2003-05-16 16:33 okir + + * trunk/src/tools/pkcs11-tool.c: - in test_signature: check + CKA_SIGN before doing any signature tests + +2003-05-16 15:30 aj + + * trunk/src/libopensc/card-flex.c: egate cryptoflex 32 card can + generate key. updated the flags. + +2003-05-16 14:25 okir + + * trunk/src/tools/opensc-explorer.c: - display LIST_FILES and + CRYPTO ACs as well + +2003-05-16 14:24 okir + + * trunk/src/tests/regression/init0004: - minor fix + +2003-05-16 14:16 okir + + * trunk/src/pkcs15init/flex.profile: - make sure CREATE/DELETE are + protected + +2003-05-16 14:15 okir + + * trunk/src/libopensc/card-flex.c: - select file: do not interpret + INVALIDATE/REHAB AC bits for DFs + +2003-05-16 09:51 okir + + * trunk/src/tests/regression/functions: - added some color + +2003-05-16 09:34 okir + + * trunk/src/pkcs15init/pkcs15.profile: - bump the CDF size, as we + now put the subject name in the label + +2003-05-16 09:27 okir + + * trunk/src/tests/regression/init0008, + trunk/src/tests/regression/test.p12: - added pkcs15-init pkcs12 + test case + +2003-05-16 09:14 okir + + * trunk/src/tests/regression/crypt0001, + trunk/src/tests/regression/crypt0002, + trunk/src/tests/regression/crypt0003, + trunk/src/tests/regression/crypt0004, + trunk/src/tests/regression/functions: - updated test scripts + +2003-05-16 07:42 okir + + * trunk/src/tests/regression/functions: - test set didnt abort if + p15_validate failed + +2003-05-15 15:42 okir + + * trunk/src/libopensc/card-miocos.c: - it seems the upper limit + for r/w binary is 244 + +2003-05-15 15:30 okir + + * trunk/src/tests/regression/README, + trunk/src/tests/regression/functions, + trunk/src/tests/regression/init0001, + trunk/src/tests/regression/init0002, + trunk/src/tests/regression/init0003, + trunk/src/tests/regression/init0004, + trunk/src/tests/regression/init0005, + trunk/src/tests/regression/init0006, + trunk/src/tests/regression/init0007: - more tests + +2003-05-15 15:29 okir + + * trunk/src/tools/pkcs15-init.c: - Allow "pkcs1-init --erase" + without further options + +2003-05-15 15:28 okir + + * trunk/src/tools/pkcs11-tool.c: - Do not try to C_Login if the + token doesn't require a login + +2003-05-15 15:27 okir + + * trunk/src/pkcs11/pkcs11-object.c, + trunk/src/pkcs11/pkcs11-session.c: - allow full access to keys + not protected by a PIN + +2003-05-15 15:26 okir + + * trunk/src/pkcs15init/etoken.profile: - increase size of PrKDF, + so that we have room for 2x2 split keys + +2003-05-15 13:33 okir + + * trunk/src/tools/pkcs15-init.c: - added --no-prompt + * trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h: + - erase card fixes: forget cached secrets, and use sc_free_apps + +2003-05-15 13:32 okir + + * trunk/src/libopensc/card.c, trunk/src/libopensc/dir.c, + trunk/src/libopensc/opensc.h: - added sc_free_apps to undo + sc_enum_apps + +2003-05-15 11:41 okir + + * trunk/src/libopensc/card-flex.c: - fixed card_ctl error message + +2003-05-15 11:39 okir + + * trunk/src/tools/pkcs15-init.c: - keygen: when --split-key is + given, try hardware keygen if usage permits + +2003-05-15 11:33 okir + + * trunk/src/tests/regression/functions, + trunk/src/tests/regression/init0001: - improved test cases + slightly + +2003-05-15 11:32 okir + + * trunk/src/tools/pkcs11-tool.c: - added --slot-label option to + find slot by label + +2003-05-15 11:31 okir + + * trunk/src/tools/pkcs15-init.c: - get_pin_callback takes an + additional label argument - add split key support to key + generation + +2003-05-15 11:30 okir + + * trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c: - get_pin callback now takes + additional label argument - call get_pin for ALL pins, not just + those listed in the profile - add split key support to + sc_pkcs15init_generate_key + +2003-05-15 11:29 okir + + * trunk/src/pkcs15init/pkcs15-etoken.c: - etoken_erase don't + assume PIN 0 is always the SO PIN + +2003-05-15 11:27 okir + + * trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: - + added sc_pkcs15_find_pin_by_reference + +2003-05-15 10:34 sth + + * trunk/src/pkcs11/framework-pkcs15.c: If signing/decryption fails + because the card lost its security status, try to log in again + and then do another attempt to sign/decrypt + +2003-05-14 19:13 okir + + * trunk/src/tests/regression/functions: - dont say all tests were + successful when we failed + * trunk/src/tests/regression/crypt0004: - show output of + pkcs15-init commands + +2003-05-14 16:29 okir + + * trunk/src/libopensc/pkcs15.c: - bumped buffer sizes for + EF(TokenInfo) labels + +2003-05-14 16:22 okir + + * trunk/src/tools/pkcs15-init.c: - minor usability updates + +2003-05-14 16:21 okir + + * trunk/src/tests/regression/functions, + trunk/src/tests/regression/init0001: - some tests for pkcs15-init + +2003-05-14 13:13 sth + + * trunk/src/sslengines/Makefile.mak, + trunk/src/sslengines/engine_pkcs11.c, + trunk/src/sslengines/engine_pkcs11.def, + trunk/src/sslengines/engine_pkcs11.h, + trunk/src/sslengines/hw_opensc.c, + trunk/src/sslengines/hw_pkcs11.c, + trunk/src/sslengines/p11_load.c, trunk/src/sslengines/p11_rsa.c, + trunk/src/sslengines/pkcs11-internal.h: Ported to Win32 + +2003-05-14 12:25 okir + + * trunk/src/libopensc/card-miocos.c: - restrict max read/write + size to 128 + +2003-05-14 12:00 okir + + * trunk/src/libopensc/reader-pcsc.c: - do not mess with Case 4 + APDUs unless we're doing T=0 + +2003-05-14 08:47 sth + + * trunk/src/libopensc/card-starcos.c: Some typos fixed and fixed + the algos for use in OpenSSH (Nils Larsch) + +2003-05-13 20:24 okir + + * trunk/src/libopensc/pkcs15-sec.c: - + sc_pkcs15_compute_signature(RSA_RAW): zero pad input if shorter + than modulus length + +2003-05-13 14:29 aj + + * trunk/src/libopensc/libopensc.pc.in: OpenSC header files are + included as #include Thus it has to be + -I/path/to/opensc/include and not + -I/path/to/opensc/include/opensc + +2003-05-13 14:06 aj + + * trunk/src/sslengines/p11_attr.c, + trunk/src/sslengines/p11_cert.c, trunk/src/sslengines/p11_key.c, + trunk/src/sslengines/p11_misc.c, trunk/src/sslengines/p11_rsa.c, + trunk/src/sslengines/p11_slot.c: added #include + killing warnings. + +2003-05-13 13:43 aj + + * trunk/src/libopensc/pkcs15.h: At least the rainbow ikey 3000 + need bigger labels. Label size should be 255, as per pkcs15. + +2003-05-13 07:06 sth + + * trunk/src/libopensc/pkcs15.c: Make sc_pkcs15_read_file() work if + the pkcs15 files contain only FIDs instead of file paths (Nils + Larsch) + +2003-05-12 20:37 aj + + * trunk/src/sslengines/Makefile.am: libpkcs11.h was missing from + EXTRA_DIST + +2003-05-12 20:21 aj + + * trunk/src/sslengines, trunk/src/sslengines/.cvsignore, + trunk/src/sslengines/Makefile.am, + trunk/src/sslengines/engine_opensc.c, + trunk/src/sslengines/engine_opensc.h, + trunk/src/sslengines/engine_pkcs11.c, + trunk/src/sslengines/engine_pkcs11.h, + trunk/src/sslengines/hw_opensc.c, + trunk/src/sslengines/hw_pkcs11.c, + trunk/src/sslengines/libpkcs11.h, + trunk/src/sslengines/p11_attr.c, + trunk/src/sslengines/p11_cert.c, trunk/src/sslengines/p11_err.c, + trunk/src/sslengines/p11_key.c, trunk/src/sslengines/p11_load.c, + trunk/src/sslengines/p11_misc.c, trunk/src/sslengines/p11_rsa.c, + trunk/src/sslengines/p11_slot.c, + trunk/src/sslengines/pkcs11-internal.h, + trunk/src/sslengines/test_engine.sh: new sslengines + implementation with pkcs11 and opensc backend. + +2003-05-12 20:18 aj + + * trunk/configure.in, trunk/src/Makefile.am: Add sslengines. + +2003-05-12 11:51 sth + + * trunk/src/libopensc/card-flex.c: Added decryption functionality + +2003-05-11 07:22 sth + + * trunk/src/libopensc/pkcs15-cert.c: Fixed: support for X.509 V1 + certs + +2003-05-08 10:42 sth + + * trunk/src/libopensc/card-gpk.c: Fix of the previous Win32 patch + related to the assumed absence of OPENSSL_cleanse(): this + function does is present on OpenSSL 0.9.7 but not on the beta4 + version + +2003-05-08 07:54 sth + + * trunk/src/pkcs11/libpkcs11.c: Added support for Mac bundles + +2003-05-02 15:12 aj + + * trunk/src/pkcs11/Makefile.am: oops, didn't remove reference to + sslrandom.c. fixed. + +2003-05-02 15:03 aj + + * trunk/src/openscd/Makefile.am, trunk/src/pam/Makefile.am, + trunk/src/pkcs11/Makefile.am, trunk/src/scam/Makefile.am, + trunk/src/scrandom/Makefile.am: this should fix the libscrandom + issue: the obvious solution is to create libscrandom.la (not .a) + and link with ../scrandom/libscrandom.la (not -lscrandom). + +2003-05-02 15:01 aj + + * trunk/src/usbtoken/main.c, trunk/src/usbtoken/pid.c: - added a + "nofork" parameter - changed the initialization order to fix a + race condition where the first usbtoken uses the id 1 and not 0 + - fixed a bug where all tokens always used id 0. now several + tokens work at the same time. - fixed a bug: pid files were + empty. + +2003-05-02 15:00 aj + + * trunk/src/libopensc/reader-usbtoken.c: - indent (maybe not such + a good idea?) - improved some error messages + +2003-05-02 14:57 aj + + * trunk/src/tools/opensc-explorer.c: improved "get" function: - + path is now by default like 3F00_5015_5031 instead of "3F00" - + the final message shows not only number of bytes but also the + filename. + +2003-05-02 14:33 sth + + * trunk/src/libopensc/card-gpk.c: Fix for Win32 where there's no + OPENSSL_cleanse() + +2003-05-02 13:38 sth + + * trunk/README.Win32: Little update on how to add OpenSSL support + +2003-05-02 08:01 sth + + * trunk/docs/Makefile.am, trunk/docs/pkcs11.txt: Added info about + the pkcs11 lib + +2003-05-01 14:09 aj + + * trunk/src/pam/Makefile.am, trunk/src/pkcs11/Makefile.am, + trunk/src/scam/Makefile.am, trunk/src/scrandom/Makefile.am: + Patch by Robert Bihlmeyer: - remove liscrandom - use scrandom.c + directly (list as part of the SOURCES) + +2003-04-30 12:24 sth + + * trunk/src/tools/pkcs11-tool.c: Dont give errors with -t option + if the private key doesnt support key unwrap + +2003-04-29 11:37 jey + + * trunk/src/libopensc/card-starcos.c: - Yet another test commit + +2003-04-29 11:10 sth + + * trunk/configure.in, trunk/src/pkcs11/Makefile.am, + trunk/src/scrandom/Makefile.am: Build libscrandom in both .a and + .so versions (by R. Bihlmeyer) + +2003-04-29 09:27 sth + + * trunk/src/libopensc/asn1.c: Removed some compiler warnings + +2003-04-28 16:34 jey + + * trunk/src/libopensc/card-starcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/iso7816.c, trunk/src/libopensc/opensc.h: - + Renamed card->chopsize to max_le, which is more descriptive - + Changed a few checks to asserts + +2003-04-28 16:29 aj + + * trunk/src/libopensc/asn1.c: Nils fixed asn1 code to detect two + byte "file name" versus longer real paths. + * trunk/src/libopensc/card-starcos.c: Comment fixed by Nils: + should be 0x80 or 128, but not "80 bytes". + +2003-04-28 09:55 sth + + * trunk/src/pkcs11/pkcs11-global.c: Avoid an Assertion Failed + (ctx!=NULL) in log.c if sc_establish_context() fails in + C_Initialize() + +2003-04-27 19:08 aj + + * trunk/src/libopensc/card-starcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/iso7816.c, trunk/src/libopensc/opensc.h: + create card->chopsize, init it with SC_APDU_CHOP_SIZE, allow + cards to change that value, and add code to starcos_init to set + chopsize to 80. chopsize is used with read_binary and friends to + chop the data into small requests, read/write them, and + reassemble. + +2003-04-27 15:05 aj + + * trunk/src/libopensc/asn1.c: Only look at first byte for end of + data detection. That way not only 0,0 and ff,ff is recognized + and 0,ff,ff,ff... will not cause trouble. + +2003-04-25 10:03 aj + + * trunk/src/libopensc/card-starcos.c, + trunk/src/libopensc/pkcs15-pin.c, trunk/src/tools/pkcs11-tool.c: + Nils Larsch: here is a patch to remove a bug in card-starcos.c + and two warnings: card-starcos.c: fix apdu.le value + pkcs15-pin.c: remove unused labels => avoid compiler warnings + pkcs11-tool.c : remove memory leak (a RSA_free() was missing) + and simplify code (+ remove warning). + +2003-04-25 07:51 sth + + * trunk/src/libopensc/pkcs15-sec.c: Allow empty key file paths in + compute_signature and decipher + +2003-04-24 07:03 sth + + * trunk/src/pkcs11/README, trunk/src/pkcs11/pkcs11-global.c: Have + a compile option to enable PTHREAD locking at the pkcs11 level + +2003-04-23 11:46 sth + + * trunk/src/libopensc/ctx.c: Extended caching for single-user + Windows OSes (Win98) + +2003-04-23 10:40 aj + + * trunk/AUTHORS: Changed Roberts email address as requested. + +2003-04-23 09:52 sth + + * trunk/src/pkcs11/pkcs11-global.c: Disabled OS thread locking on + OSes with PTHREAD due to closing problems with Mozilla + +2003-04-23 08:47 sth + + * trunk/src/libopensc/pkcs15-sec.c: Added + SC_PKCS15_PRKEY_USAGE_NONREPUDIATION as a valid signature usage + +2003-04-22 20:43 sth + + * trunk/src/tools/pkcs11-tool.c: Fix in case no OpenSSL is present + +2003-04-22 17:02 aj + + * trunk/Makefile.am, trunk/src/pkcs11/Makefile.am, + trunk/src/pkcs11/rsaref/Makefile.am, trunk/src/scam/Makefile.am: + remove references to SCIDI sanitize pkcs11 include header + references (now they are installed in rsaref/ subdir, and + pkcs11.h is *not* overwritten). remove automake 1.5 requirement + (automake 1.4 on debian stable/woody works fine) + +2003-04-22 17:00 aj + + * trunk/AUTHORS, trunk/configure.in, trunk/docs/Makefile.am, + trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/reader-usbtoken.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, trunk/src/scam/p15_eid.c, + trunk/src/signer/Makefile.am, trunk/src/tools/pkcs11-tool.c: - + add robert to Authors as contributor of bug fixes - configure + code finally working. engine is detected and path to libcrypto.a + is also set. - roberts fix for reader-usbtoken.c - card-gpk.c + migraton to DES_ routines with #define for 0.9.6 openssl. - man + pages: do not ship pkcs15-profile.5 (.in is in the tarfile) - + assuan: replace "strcpy(stpcpy(.., ..), ..)" with + "strcat(strcpy(.., ..), ..)" which looks good, but nobody uses + assuan I guess ? - declaration of sc_pkcs15init_set_lifecycle + kills a warning - #include kills a warning (or + compile problem?) - removed unused txt[256]; from p15_eid (kills + a warning) - now "ln -s" the signer plugin to the plugin + directory. - moved key_out direction to the beginning of a + function (kills a warning or compile error) - changed + pkcs11-tool option "quiet" to "verbose" to conform to other + tools. - made algo argument to wrap_unwrap a "const" (kills + several warnings) + +2003-04-22 12:41 sth + + * trunk/README.Win32, trunk/win32/Makefile.am, + trunk/win32/readme.txt: Moved win32/readme.txt to README.Win32, + and updated this file + +2003-04-22 12:26 sth + + * trunk/src/tools/pkcs11-tool.c: Fixed an OpenSSL issue with MacOSX + +2003-04-22 07:51 sth + + * trunk/src/libopensc/reader-pcsc.c: Correction of the previous + insert-remove fix + +2003-04-21 15:02 jey + + * trunk/docs, trunk/docs/.cvsignore, trunk/win32/Makefile.am: - + added missing win32/Makefile.am - added usbtoken.html to + docs/.cvsignore + +2003-04-21 15:01 jey + + * trunk/Makefile.am, trunk/configure.in, trunk/docs/Makefile.am, + trunk/src/Makefile.am, trunk/src/include/Makefile.am, + trunk/src/libopensc/Makefile.am, trunk/src/openscd/Makefile.am, + trunk/src/openscd/openscd.c, trunk/src/pkcs11/Makefile.am, + trunk/src/pkcs15init/Makefile.am, trunk/src/scconf/Makefile.am, + trunk/src/scrandom/Makefile.am, trunk/src/tests/Makefile.am: - + applied build fixes from Andreas + +2003-04-21 12:52 jey + + * trunk/AUTHORS: - fixed Olaf's e-mail address in AUTHORS =) + +2003-04-21 12:45 jey + + * trunk/bootstrap: - trimmed bootstrap script a bit as suggested + by Andreas + +2003-04-21 12:39 jey + + * trunk/src/signer/opensc-crypto.c: - fixed a typo + +2003-04-21 12:36 jey + + * trunk/src/openscd/Makefile.am: - Do not install openscd for now + +2003-04-21 12:29 jey + + * trunk/src/libopensc/pkcs15-sec.c: - fixed add_padding() in the + case where padding is request, but input isn't a hash. + +2003-04-21 12:01 jey + + * trunk/NEWS: - NEWS entry for 0.8.0 + +2003-04-21 11:40 jey + + * trunk/src/libopensc/card-flex.c: - fixed CHV changing with a + CryptoFlex + +2003-04-18 15:42 sth + + * trunk/src/pkcs11/framework-pkcs15.c: Allow non-repudation as a + signature usage + +2003-04-18 14:57 sth + + * trunk, trunk/.cvsignore, trunk/src/common, + trunk/src/common/.cvsignore, trunk/src/libopensc, + trunk/src/libopensc/.cvsignore, trunk/src/pkcs11, + trunk/src/pkcs11/.cvsignore, trunk/src/pkcs15init, + trunk/src/pkcs15init/.cvsignore, trunk/src/scconf, + trunk/src/scconf/.cvsignore, trunk/src/scrandom, + trunk/src/scrandom/.cvsignore, trunk/src/tests, + trunk/src/tests/.cvsignore, trunk/src/tools, + trunk/src/tools/.cvsignore, trunk/src/usbtoken, + trunk/src/usbtoken/.cvsignore: Added some files to ignore, also + for Windows + +2003-04-18 11:58 sth + + * trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/sc-pkcs11.h: + Have a sec delay in C_GetSlotInfo() per reader instead of a + global delay + +2003-04-18 11:55 sth + + * trunk/src/pkcs11/libpkcs11.c: Added code for MacOSX + +2003-04-17 14:39 okir + + * trunk/src/tools/pkcs11-tool.c: - added tests for key unwrap + +2003-04-17 14:38 okir + + * trunk/src/pkcs11/framework-pkcs15.c: - bugfix for unwrap - + support getattr(CKA_VALUE) for public key objects + +2003-04-17 14:35 sth + + * trunk/src/libopensc/reader-pcsc.c: More robust detection of + removal/insertion events + +2003-04-17 13:25 okir + + * trunk/configure.in: - another fix to the engine test + +2003-04-17 13:23 okir + + * trunk/configure.in: - fixed test clause + +2003-04-17 13:13 okir + + * trunk/src/pkcs11/framework-pkcs15.c: - fixed signing and + hopefully unwrap for split keys + +2003-04-17 13:03 okir + + * trunk/src/pkcs11/framework-pkcs15.c: - fix for the previous + change + +2003-04-17 12:47 okir + + * trunk/configure.in: - only build sslengine if OpenSSL supports it + +2003-04-17 12:38 okir + + * trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/pkcs15.h, + trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/sc-pkcs11.h, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, trunk/src/scam/p15_eid.c, + trunk/src/scam/p15_ldap.c, trunk/src/signer/opensc-crypto.c, + trunk/src/tools/pkcs15-crypt.c, trunk/src/tools/pkcs15-init.c: - + implemented split-key support for CardOS + +2003-04-17 11:04 okir + + * trunk/src/pkcs11/pkcs11-object.c: - fixed compiler warning + +2003-04-17 09:39 okir + + * trunk/src/tools/pkcs15-init.c: - Allow command line --key-usage + to be more restrictive than the usage given by the certificate + (pkcs12) + +2003-04-17 09:37 okir + + * trunk/src/scam/p15_eid.c: - when no specific reader is required, + just select the first one that holds a card - when computing RSA + signatures, don't assume the card supports raw RSA - the it the + challenge is a sha1 digest instead. + +2003-04-16 20:52 okir + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/asn1.h, + trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-pubkey.c, + trunk/src/libopensc/pkcs15.c: - fixed endianness problem with + encoding/deconding of bit fields + +2003-04-16 19:50 sth + + * trunk/src/pkcs11/Makefile.mak: Added debug.obj + +2003-04-16 19:49 sth + + * trunk/src/libopensc/Makefile.mak: Added card-starcos + +2003-04-16 19:03 okir + + * trunk/configure.in, trunk/src/Makefile.am: - merged SSL ENGINE + patch from Kevin Stefanik + +2003-04-16 17:00 okir + + * trunk/src/scam/Makefile.am: - removed SCIDI stuff + +2003-04-16 16:59 okir + + * trunk/src/libopensc/ctx.c, trunk/src/libopensc/opensc.h: - + integrate starcos driver + +2003-04-16 16:01 okir + + * trunk/src/libopensc/card-gpk.c: - fixed some compiler warnings + +2003-04-16 15:58 okir + + * trunk/src/libopensc/opensc.h: - added + SC_SEC_OPERATION_AUTHENTICATE for starcos driver + +2003-04-16 15:56 okir + + * trunk/src/libopensc/reader-pcsc.c: - get rid of warning + +2003-04-16 15:53 okir + + * trunk/src/tools/pkcs11-tool.c: - getting CKA_LABEL would not + 0-terminate the string + +2003-04-16 14:38 okir + + * trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/tools/pkcs15-init.c: - moved the lifecycle stuff to + libpkcs15init + +2003-04-16 14:27 okir + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/card-starcos.c: - Added starcos driver + +2003-04-16 14:20 okir + + * trunk/src/openscd/Makefile.am, trunk/src/pam/Makefile.am, + trunk/src/pkcs11/Makefile.am, trunk/src/pkcs15init/Makefile.am, + trunk/src/scam/Makefile.am, trunk/src/sia/Makefile.am, + trunk/src/tests/Makefile.am, trunk/src/tools/Makefile.am: - + backed out AM_LDFLAGS change + +2003-04-16 14:18 okir + + * trunk/src/pkcs11/Makefile.am, trunk/src/pkcs11/debug.c, + trunk/src/pkcs11/misc.c, trunk/src/pkcs11/pkcs11-object.c, + trunk/src/pkcs11/sc-pkcs11.h: - improved debugging output of + CK_ATTRIBUTE data + +2003-04-16 14:17 okir + + * trunk/src/pkcs11/framework-pkcs15.c: - in getattr(CKA_LABEL), do + not include trailing NUL + +2003-04-16 14:16 okir + + * trunk/src/tools/pkcs15-init.c: - when getting certs from a p12 + file, put the subject name into the cert labels + +2003-04-16 12:01 sth + + * trunk/src/libopensc/reader-pcsc.c: Correction of the previous + patch for MacOSX + +2003-04-16 11:50 okir + + * trunk/src/tools/pkcs15-init.c: - import all certs from a pkcs12 + file + +2003-04-16 10:20 okir + + * trunk/src/libopensc/errors.c, trunk/src/libopensc/errors.h: - + new error code SC_ERROR_CANNOT_LOAD_KEY + +2003-04-16 10:19 okir + + * trunk/src/libopensc/card.c: - don't complain about + read/write/update binary with a length of 0 + +2003-04-16 08:33 okir + + * trunk/src/libopensc/reader-openct.c: - dont return error in + detect_card_presence if there is no reader + +2003-04-15 20:06 okir + + * trunk/src/tools/cardos-info.c, trunk/src/usbtoken/etoken.c, + trunk/src/usbtoken/main.c: - a few more changes from Andreas + +2003-04-15 17:10 sth + + * trunk/src/libopensc/ctx.c: First thing written in the debug log + will be ========== + +2003-04-15 15:59 sth + + * trunk/src/libopensc/reader-pcsc.c: include for MacOSX added + +2003-04-14 17:29 sth + + * trunk/src/pkcs11/framework-pkcs15.c: Have allways a label in + CK_TOKEN_INFO + +2003-04-14 15:19 okir + + * trunk/src/libopensc/card-etoken.c: - fix pkcs11 signatures with + etoken + +2003-04-14 14:51 okir + + * trunk/docs/pkcs15-tool.1, trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15.h, trunk/src/tools/pkcs15-tool.c: - + added pkcs15 unblock functionality + +2003-04-14 14:49 okir + + * trunk/AUTHORS: Update + +2003-04-14 10:57 okir + + * trunk/configure.in: - changed version to CVS + +2003-04-14 10:33 okir + + * trunk/src/libopensc/card-etoken.c: - explicitly mention we do + raw RSA + +2003-04-14 08:17 okir + + * trunk/src/libopensc/card-gpk.c, trunk/src/libopensc/card.c: - + suppress "not supported" error messages from sc_card_ctl + +2003-04-14 07:44 okir + + * trunk/src/tools/opensc-explorer.c: - fixed unblock command when + puk given in hex notation + +2003-04-11 15:29 okir + + * trunk/configure.in, trunk/docs/usbtoken.xml, + trunk/src/libopensc/Makefile.am, trunk/src/tools/Makefile.am, + trunk/src/tools/cardos-info.c, trunk/src/usbtoken/etoken.c: - + more fixes from Andreas + +2003-04-11 15:26 sth + + * trunk/src/tools/Makefile.mak: Added cardos-info.exe + +2003-04-11 14:48 okir + + * trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-etoken.c, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-miocos.c: - reverted previous patch + +2003-04-11 14:42 okir + + * trunk/src/libopensc/reader-openct.c: - try to deal more + gracefully with hotplug events + * trunk/src/libopensc/ctx.c: - include config.h + * trunk/src/libopensc/errors.c, trunk/src/libopensc/errors.h: - + added hotplug errors + +2003-04-11 14:22 sth + + * trunk/src/pkcs11/pkcs11-global.c: Removed some errors that + occured with unsupported cards + +2003-04-11 13:55 okir + + * trunk/src/tools/cardos-info.c: - added + +2003-04-11 11:48 okir + + * trunk/src/tools/Makefile.am: - new tool cardos-info from Andreas + +2003-04-11 11:47 okir + + * trunk/src/libopensc/card-etoken.c, + trunk/src/libopensc/cardctl.h, trunk/src/tools/pkcs15-init.c: - + support for lifecycle cardctl; cardos lifecycle support + +2003-04-11 11:46 okir + + * trunk/AUTHORS, trunk/docs/usbtoken.xml, + trunk/src/libopensc/reader-usbtoken.c, trunk/src/usbtoken/atr.c, + trunk/src/usbtoken/etoken.c, trunk/src/usbtoken/eutron.c, + trunk/src/usbtoken/ikey2k.c, trunk/src/usbtoken/ikey3k.c, + trunk/src/usbtoken/main.c, trunk/src/usbtoken/pid.c, + trunk/src/usbtoken/socket.c, trunk/src/usbtoken/t1.c, + trunk/src/usbtoken/usb.c, trunk/src/usbtoken/usbtoken.h: - + usbtoken fixes from Andreas + * trunk/src/openscd/Makefile.am, trunk/src/pam/Makefile.am, + trunk/src/pkcs11/Makefile.am, trunk/src/pkcs15init/Makefile.am, + trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-etoken.c, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-miocos.c, + trunk/src/scam/Makefile.am, trunk/src/sia/Makefile.am, + trunk/src/tests/Makefile.am, trunk/src/tools/Makefile.am: - + build fixes from Andreas + +2003-04-11 11:42 okir + + * trunk/configure.in: - added --enable-usbtoken - added + --with-openct + +2003-04-11 11:41 okir + + * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/opensc.h, + trunk/src/libopensc/reader-openct.c: - Added OpenCT reader + support + +2003-04-11 11:28 okir + + * trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs11-tool.c, + trunk/src/tools/pkcs15-crypt.c, trunk/src/tools/pkcs15-tool.c: - + getopt cleanup from aj + +2003-04-11 11:19 okir + + * trunk/src/scconf/lex-parse.l: - fix for newer flex versions + +2003-04-11 10:32 okir + + * trunk/src/tests/print.c: - Textual representation of PIN + encoding instead of "Type: 1" + * trunk/src/pkcs15init/profile.c: - Don't set PIN defaults until + after we've parsed _all_ cardinfo blocks + +2003-04-11 10:31 okir + + * trunk/src/pkcs15init/flex.profile, + trunk/src/pkcs15init/pkcs15-cflex.c: - fix for 2048 bit keys on + cflex + +2003-04-11 10:30 okir + + * trunk/src/libopensc/pkcs15.h: - added SC_PKCS15_PIN_TYPE_* + defines for weirdo encodings + +2003-04-10 09:16 okir + + * trunk/src/libopensc/card-flex.c, + trunk/src/libopensc/reader-pcsc.c: - fixes for le=00/lc=00 + problems + +2003-04-09 20:19 sth + + * trunk/src/libopensc/pkcs15.c: better fix then the previous for + the assertion failed bug + +2003-04-07 10:44 sth + + * trunk/win32/makedef.pl: Dont include DllMain in the exports + +2003-04-04 09:52 sth + + * trunk/src/libopensc/pkcs15.c: Fix: assertion failed + (lock_count>=0) in sc_pkcs15_bind() + +2003-04-03 18:19 okir + + * trunk/src/libopensc/card.c: - fix sc_transmit_apdu to properly + deal with le=00 + +2003-04-03 14:38 okir + + * trunk/docs/Makefile.am: - added *.3 manpages + +2003-04-03 14:34 okir + + * trunk/docs/sc_connect_card.3, + trunk/docs/sc_detect_card_presence.3, + trunk/docs/sc_disconnect_card.3, + trunk/docs/sc_establish_context.3, trunk/docs/sc_file.3, + trunk/docs/sc_file_free.3, trunk/docs/sc_file_new.3, + trunk/docs/sc_list_files.3, trunk/docs/sc_lock.3, + trunk/docs/sc_read_binary.3, trunk/docs/sc_read_record.3, + trunk/docs/sc_release_context.3, trunk/docs/sc_select_file.3: - + wrote a bunch of manual pages + +2003-04-03 13:18 okir + + * trunk/src/libopensc/opensc.h: - added sc_reader_t + +2003-04-03 09:53 okir + + * trunk/docs/usbtoken.xml, trunk/src/usbtoken/Makefile.am, + trunk/src/usbtoken/atr.c, trunk/src/usbtoken/eutron.c, + trunk/src/usbtoken/main.c, trunk/src/usbtoken/socket.c: - + usbtoken fixes from Andreas + * trunk/src/libopensc/card-etoken.c: - changed description + +2003-04-03 09:52 okir + + * trunk/src/tools/opensc-tool.c: - opensc-tool -f: don't crash on + large or record structured files + +2003-04-03 09:51 okir + + * trunk/src/tools/pkcs15-tool.c: - minor printf fix + +2003-04-03 09:46 okir + + * trunk/src/libopensc/pkcs15.c: - stubs for "synthetic" pkcs15 + tokens + +2003-04-02 06:59 sth + + * trunk/src/pkcs11/pkcs11-global.c: Fix: card detection in + C_GetSlotInfo is done at most once a second + +2003-04-02 06:58 sth + + * trunk/src/libopensc/opensc.h, trunk/src/libopensc/portability.c: + Added sc_current_time + +2003-03-28 13:28 okir + + * trunk/src/tools/opensc-tool.c: - opensc-tool -f should handle + files > 2K gracefully + +2003-03-28 13:26 okir + + * trunk/src/libopensc/card-etoken.c: - Remove workaround for t=1 + bug in etoken driver. + +2003-03-27 16:08 sth + + * trunk/src/pkcs11/framework-pkcs15.c: Fix: root certs could be + shown more then once + +2003-03-27 12:40 okir + + * trunk/docs/Makefile.am: - add usbtoken.html to dist files + +2003-03-27 10:20 okir + + * trunk/docs/Makefile.am: - usbtoken.html was listed twice + * trunk/configure.in: - autoconf fixes from Andreas J + +2003-03-27 10:19 okir + + * trunk/docs/Makefile.am, trunk/docs/usbtoken.xml: - added + usbtoken docs + +2003-03-27 10:14 okir + + * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/opensc.h, + trunk/src/libopensc/reader-usbtoken.c: - added reader driver for + usbtoken + +2003-03-27 10:12 okir + + * trunk/src/pkcs11/rsaref/Makefile.am: - added missing win32.h + +2003-03-27 10:08 okir + + * trunk/src/Makefile.am, trunk/src/include/opensc/Makefile.am, + trunk/src/include/opensc/rsaref/Makefile.am, + trunk/src/pam/Makefile.am: - top_srcdir/top_builddir fixes (aj) + +2003-03-27 10:06 okir + + * trunk/src/libopensc/libopensc.pc.in: - added + +2003-03-27 10:05 okir + + * trunk/src/pkcs15init/profile.c: - properly set max pin length + attr + +2003-03-27 10:02 okir + + * trunk/src/usbtoken, trunk/src/usbtoken/Makefile.am, + trunk/src/usbtoken/atr.c, trunk/src/usbtoken/etoken.c, + trunk/src/usbtoken/eutron.c, trunk/src/usbtoken/ikey2k.c, + trunk/src/usbtoken/ikey3k.c, trunk/src/usbtoken/main.c, + trunk/src/usbtoken/pid.c, trunk/src/usbtoken/socket.c, + trunk/src/usbtoken/t1.c, trunk/src/usbtoken/usb.c, + trunk/src/usbtoken/usbtoken.h: - Merged Andreas' usbtoken code + +2003-03-25 11:19 okir + + * trunk/src/tools/opensc-tool.c: - make sure all APDU fields are + zero when processing -s option + +2003-03-20 12:52 sth + + * trunk/src/libopensc/reader-pcsc.c: card remove/insert dection + for Win32 + +2003-03-12 10:20 okir + + * trunk/src/libopensc/card-gpk.c: - use OPENSSL_cleanse instead of + memset to zap DES key (Nils Larsch) + +2003-03-11 12:41 okir + + * trunk/configure.in: - libdir -> pcsc_libdir to avoid name clashes + +2003-03-11 11:00 okir + + * trunk/src/libopensc/ctx.c: - changed HAVE_LIBPCSCLITE -> + HAVE_PCSCLITE + +2003-03-11 10:59 okir + + * trunk/configure.in: - Updated PCSC test code; allow building + --without-pcsc + +2003-03-11 10:52 okir + + * trunk/bootstrap: - abort on errors + +2003-03-10 21:35 okir + + * trunk/src/pkcs11/Makefile.am: - dont install + rsaref/{unix.h,win32.h} + +2003-03-10 21:23 okir + + * trunk/src/libopensc/reader-pcsc.c: - minor cosmetic change + +2003-03-10 21:22 okir + + * trunk/src/libopensc/opensc.h: - bump SC_MAX_READERS to 16 + +2003-03-10 11:44 okir + + * trunk/Makefile.am, trunk/src/include/opensc/Makefile.am, + trunk/src/pkcs15init/Makefile.am, trunk/src/tests/Makefile.am: - + makefile cleanups + +2003-03-07 14:18 sth + + * trunk/src/pkcs11/slot.c: remove/insert fix: restore the + slot->reader in slot_token_removed + +2003-03-06 12:13 sth + + * trunk/win32/readme.txt: Corrections/additions for compiling with + OpenSSL on Windows + +2003-03-06 12:08 sth + + * trunk/win32/Make.rules.mak: Compile with /MD (multithreaded) + instead of /ML + +2003-03-04 15:47 sth + + * trunk/src/libopensc/card.c: bug fix in sc_connect_card: only the + first ATR in a config file was accepted + +2003-03-04 09:38 okir + + * trunk/src/libopensc/card-etoken.c: - fixed ATR + +2003-03-03 21:07 sth + + * trunk/src/pkcs11/misc.c: added error msg SC_ERROR_KEYPAD_TIMEOUT + +2003-03-03 13:07 okir + + * trunk/src/pkcs11/pkcs11-global.c: - more robust handling of + concurrent WaitForSlotEvent vs Finalize + +2003-03-03 13:03 sth + + * trunk/src/pkcs11/slot.c: fix: clear the CK_SLOT_INFO flags in + slot_token_removed + +2003-02-28 15:16 sth + + * trunk/src/pkcs11/framework-pkcs15.c: take the last 8 bytes of + the card as the pkcs11 serialNumber + +2003-02-28 12:47 sth + + * trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/slot.c: fix + in C_GetSlotInfo that previously cleared the slotDescription and + didnt clear the CKF_TOKEN_PRESENT flag + +2003-02-28 11:07 okir + + * trunk/src/tools/pkcs15-init.c: - renamed connect() to + open_reader_and_card() + +2003-02-26 07:27 sth + + * trunk/src/pkcs11/misc.c: added error code CKR_PIN_INVALID + +2003-02-23 20:10 sth + + * trunk/src/pkcs11/pkcs11-global.c: fixed wrong return value in + C_Finalize + +2003-02-23 19:38 sth + + * trunk/src/pkcs11/pkcs11-global.c: fixed some thread dead-lock + bugs + +2003-02-23 17:50 okir + + * trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/sc-pkcs11.h: - new pkcs15 object creation stuff + +2003-02-22 21:27 sth + + * trunk/src/libopensc/card.c: buf fix in sc_connect_card + +2003-02-21 15:40 sth + + * trunk/src/pkcs11/pkcs11-global.c: little fix in C_GetInfo + +2003-02-21 12:47 okir + + * trunk/src/pkcs11/pkcs11-session.c: - prevent compiler warning + +2003-02-21 12:29 sth + + * trunk/src/pkcs11/pkcs11-session.c: extra check in C_Logout + +2003-02-21 12:27 sth + + * trunk/src/pkcs11/framework-pkcs15.c: login should return + CKR_ARGUMENTS_BAD if wrong pin length + +2003-02-20 23:20 sth + + * trunk/src/tools/pkcs11-tool.c: removed unnecessary debugging + +2003-02-20 23:19 sth + + * trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15.h, + trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs15init/pkcs15-lib.c, trunk/src/signer/dialog.c, + trunk/src/tests/pintest.c, trunk/src/tests/print.c, + trunk/src/tools/pkcs15-crypt.c, trunk/src/tools/pkcs15-init.c, + trunk/src/tools/pkcs15-tool.c: added support for max pin length + +2003-02-20 18:55 sth + + * trunk/src/pkcs11/pkcs11-session.c: NULL_PTR check added + +2003-02-20 18:54 sth + + * trunk/src/pkcs11/pkcs11-object.c: Let C_FindObjectsInit return + correctly + +2003-02-20 13:03 sth + + * trunk/src/libopensc/opensc.h: little fix of the previous commit + +2003-02-20 12:51 sth + + * trunk/src/libopensc/card-default.c, + trunk/src/libopensc/card-emv.c, + trunk/src/libopensc/card-etoken.c, + trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/card-mcrd.c, + trunk/src/libopensc/card-miocos.c, + trunk/src/libopensc/card-setcos.c, + trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/iso7816.c, trunk/src/libopensc/opensc.h: + removed const in sc_card_driver (caused win32 crash) + +2003-02-19 21:10 sth + + * trunk/src/pkcs11/pkcs11-global.c, + trunk/src/pkcs11/pkcs11-session.c: more parameter checks + fix + in previous checks + +2003-02-19 13:44 sth + + * trunk/src/pkcs11/pkcs11-global.c, + trunk/src/pkcs11/pkcs11-object.c, + trunk/src/pkcs11/pkcs11-session.c, trunk/src/pkcs11/sc-pkcs11.h: + added check for NULL pointers and uninitialized pkcs11 lib + +2003-02-19 13:36 sth + + * trunk/src/libopensc/errors.c, trunk/src/libopensc/errors.h, + trunk/src/libopensc/reader-pcsc.c: added error: unresponsive card + +2003-02-17 16:53 sth + + * trunk/src/pkcs11/pkcs11-global.c: correct behaviour of + C_GetSlotInfo at empty slots + +2003-02-17 14:57 okir + + * trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/sc-pkcs11.h, + trunk/src/pkcs11/slot.c: - made card_detect() available to + everyone - C_GetSlotInfo now always does card detection, but + only for the reader which which the slot is associated + +2003-02-17 14:21 okir + + * trunk/src/pkcs11/pkcs11-global.c, + trunk/src/pkcs11/pkcs11-object.c, + trunk/src/pkcs11/pkcs11-session.c, trunk/src/pkcs11/sc-pkcs11.h, + trunk/src/pkcs11/slot.c: - Introduce locks around all pkcs11 + operations, in case the caller is multithreaded and wants to + access us from different threads. + +2003-02-17 11:09 sth + + * trunk/src/tools/pkcs11-tool.c: some cleared messages + +2003-02-16 20:25 okir + + * trunk/src/libopensc/card-gpk.c: - fixed change/unblock pin for + GPK + +2003-02-16 18:09 sth + + * trunk/src/pkcs11/misc.c: added error code CKR_USER_NOT_LOGGED_IN + +2003-02-14 16:59 sth + + * trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/sc-pkcs11.h, + trunk/src/pkcs11/slot.c: reset first_free_slot during + C_Initialize + +2003-02-12 14:20 sth + + * trunk/src/pkcs11/misc.c: added the CKR_DEVICE_REMOVED return code + * trunk/src/libopensc/reader-pcsc.c: get the right error code on + card removal + +2003-02-11 10:38 sth + + * trunk/src/pkcs11/misc.c: added p11 error CKR_PIN_LOCKED + +2003-02-10 14:08 okir + + * trunk/src/tools/pkcs11-tool.c: - fixed minor compile warning + * trunk/src/pkcs11/sc-pkcs11.h, trunk/src/pkcs11/slot.c: - Each + reader now gets a fixed range of slots - Each slot now shows the + reader name in the description field + +2003-02-06 14:46 sth + + * trunk/src/libopensc/pkcs15-sec.c: added locking to + sc_pkcs15_decipher and sc_pkcs15_compute_signature + +2003-02-05 15:43 okir + + * trunk/src/libopensc/dir.c, trunk/src/libopensc/pkcs15.c: - fixed + typo in previous patch + +2003-02-05 15:39 okir + + * trunk/src/libopensc/pkcs15.c: - fixed typo in previous patch + +2003-02-05 14:45 okir + + * trunk/src/libopensc/dir.c, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15.c: - Support Belgian eID - be less + pedantic about the AID listed in EF(DIR) + +2003-02-05 13:55 sth + + * trunk/src/tools/pkcs11-tool.c: added support for pin pad readers + + change pin + +2003-02-03 12:32 okir + + * trunk/src/pkcs11/slot.c: - suppress bogus insertion events + +2003-02-03 12:23 okir + + * trunk/src/tools/pkcs11-tool.c: - Added test for WaitForSlotEvent + - fixed a bunch of compiler warnings + +2003-02-03 12:20 okir + + * trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/sc-pkcs11.h, + trunk/src/pkcs11/slot.c: - merged Stef's WaitForSlotEvent patches + * trunk/src/pkcs11/openssl.c: - fixed compiled warning + +2003-02-03 12:17 okir + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/asn1.h, + trunk/src/libopensc/pkcs15-pubkey.c: - pubkey asn.1 encoding fix + +2003-02-01 20:26 sth + + * trunk/src/tools/pkcs15-tool.c: now also caching if file->size + differs from what sc_read_binary() returns + +2003-01-31 15:32 sth + + * trunk/src/tools/pkcs11-tool.c: added signature test for all keys + +2003-01-31 12:50 sth + + * trunk/src/pkcs11/misc.c: added: opensc SC_ERROR_KEYPAD_CANCELLED + -> pkcs11 CKR_FUNCTION_CANCELED + +2003-01-30 09:45 sth + + * trunk/src/libopensc/dir.c: file size fix + removed unnecessary + code from previous commit + +2003-01-28 15:39 sth + + * trunk/src/pkcs11/slot.c: the slot's slotDescription is now the + reader name + +2003-01-28 15:37 sth + + * trunk/src/pkcs11/framework-pkcs15.c: selection between SHA-1 and + RIPEMD160 sigs when 35 bytes supplied + +2003-01-28 15:36 sth + + * trunk/src/libopensc/dir.c: made buf[1024] dynamic (malloc) + +2003-01-27 13:43 sth + + * trunk/src/pkcs11/slot.c: typo fix + +2003-01-27 13:33 sth + + * trunk/src/tools/pkcs11-tool.c: some fixes + added cert viewing + for -O option + +2003-01-27 13:17 sth + + * trunk/src/pkcs11/slot.c: added return value + fix (needed if + hide_empty_slots = true + +2003-01-27 13:01 sth + + * trunk/src/libopensc/reader-pcsc.c: Fixes for Windows, who's + PC/SC has more events that interfere with insert/removal events + +2003-01-24 15:24 jey + + * trunk/configure.in: - Remove openscd for now + +2003-01-22 08:34 okir + + * trunk/src/libopensc/card-flex.c: - cflex 32k v4 supports keygen + +2003-01-21 15:29 okir + + * trunk/src/tools/pkcs11-tool.c: - fixed two minor issues in p11 + test code + +2003-01-20 12:09 okir + + * trunk/src/libopensc/ctx.c: - fixed previous %windir% change + +2003-01-20 11:40 okir + + * trunk/src/libopensc/card-etoken.c: - new ATR for eToken PRO 32k + reported by Kevin Stefanik + +2003-01-20 10:22 okir + + * trunk/src/libopensc/pkcs15.c: - sc_pkcs15_read_file: gracefully + deal with short reads + +2003-01-20 10:12 okir + + * trunk/src/include/winconfig.h, trunk/src/libopensc/ctx.c: - Get + opensc.conf from %windir% rather than hard-coded C:\\WINNT (Stef) + +2003-01-20 10:02 okir + + * trunk/src/tools/pkcs11-tool.c: - a few minor changes from Stef + +2003-01-20 09:57 okir + + * trunk/src/pkcs11/Makefile.am: - link against libscrandom.a, no + libscrandom.la + +2003-01-20 09:56 okir + + * trunk/src/pkcs11/mechanism.c: - fixed typo in previous patch + * trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-pubkey.c, + trunk/src/libopensc/pkcs15.c: - slightly more verbose error + messages when ASN.1 parsing fails + +2003-01-20 09:53 okir + + * trunk/src/libopensc/asn1.c: - do not encode zero length sequences + +2003-01-20 09:52 okir + + * trunk/src/pkcs11/mechanism.c: - fix sc_pkcs11_signature_size to + return modulus size in bytes, not bits (Stef) + +2003-01-20 09:50 okir + + * trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/sc-pkcs11.h, + trunk/src/pkcs11/slot.c: - added card_detect_all + +2003-01-19 17:47 okir + + * trunk/TODO, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/reader-ctapi.c, + trunk/src/libopensc/reader-pcsc.c, trunk/src/pkcs11/Makefile.am, + trunk/src/pkcs11/slot.c, trunk/src/scam/scam.c, + trunk/src/tests/sc-test.c, trunk/src/tools/cryptoflex-tool.c, + trunk/src/tools/pkcs11-tool.c, trunk/src/tools/util.c: - add + some support for card removal in pkcs11 + +2003-01-16 20:10 okir + + * trunk/src/pkcs11/Makefile.mak, + trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/framework-pkcs15init.c, + trunk/src/pkcs11/openssl.c, trunk/src/pkcs11/pkcs11-object.c, + trunk/src/pkcs11/sc-pkcs11.h, trunk/src/scrandom/Makefile.mak, + trunk/src/tools/pkcs11-tool.c: - Patches from Stef implementing + PKCS11 RNG related functions + +2003-01-15 13:20 okir + + * trunk/src/tools/opensc-explorer.c: - added command "random" + * trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/opensc.h: + - added SC_CARD_CAP_RNG + +2003-01-14 19:55 aet + + * trunk/src/libopensc/card-flex.c, trunk/src/libopensc/ctbcs.c, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-data.c, + trunk/src/libopensc/pkcs15.c, trunk/src/pkcs11/openssl.c, + trunk/src/tests/base64.c, trunk/src/tools/pkcs11-tool.c, + trunk/src/tools/pkcs15-init.c: C++ warning fixes (assuan + excluded) + +2003-01-14 16:49 okir + + * trunk/src/libopensc/card-flex.c: - mask out additional flags in + the card type byte when asked for the AAK + +2003-01-14 16:44 okir + + * trunk/src/libopensc/card-flex.c: - added ATR for Cryptoflex 32k + v4 + +2003-01-14 14:26 okir + + * trunk/src/libopensc/Makefile.mak, + trunk/src/libopensc/portability.c: - win32 fixes for mutex change + +2003-01-14 13:31 aet + + * trunk/src/libopensc/portability.c: A small warning / compile fix + +2003-01-14 11:22 okir + + * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/card.c, + trunk/src/libopensc/ctx.c, trunk/src/libopensc/internal.h, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/portability.c: + - merged mutex patches from Serge Koganovitsch (Zetes) - created + new file portability.c and moved the whole mutex stuff there (so + we don't pollute public header files with #ifdef HAVE_XXX + anymore) + +2003-01-13 21:38 okir + + * trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/framework-pkcs15init.c, + trunk/src/pkcs11/misc.c, trunk/src/pkcs11/pkcs11-global.c, + trunk/src/pkcs11/sc-pkcs11.h, trunk/src/pkcs11/slot.c: - Another + go at the empty slot/empty token issue + +2003-01-09 12:33 okir + + * trunk/src/libopensc/pkcs15.c: - fix to previous patch: if + use_cache is given in both the default and the application conf + block, use the latter + +2003-01-09 12:31 okir + + * trunk/src/libopensc/pkcs15.c: - actually honor the use_cache + config option + +2003-01-09 11:41 okir + + * trunk/src/include/winconfig.h: - PATH_MAX fix for win32 (Stef) + +2003-01-09 09:18 okir + + * trunk/src/libopensc/ctx.c, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15-cache.c: - when caching pkcs15 files, + transparently create the cache dir if not there + +2003-01-09 09:14 okir + + * trunk/src/tools/pkcs15-tool.c: - learn_card: the cache directory + is now created by libopensc + +2003-01-09 09:09 okir + + * trunk/src/tools/pkcs15-init.c: - reordered options for help + message + * trunk/src/tools/util.c: - fix the help message for + --very-long-options + +2003-01-09 08:46 okir + + * trunk/src/libopensc/pkcs15-cache.c: - use "wb" rather than "w" + in fopen (Stef) + +2003-01-09 08:45 okir + + * trunk/src/tools/pkcs15-tool.c: - fixed message in --learn-card + +2003-01-09 07:31 okir + + * trunk/src/libopensc/card-gpk.c: - prevent segfault in + opensc-explorer create command + +2003-01-06 23:47 aet + + * trunk/src/tools, trunk/src/tools/.cvsignore: Add pkcs11-tool + +2003-01-06 23:46 aet + + * trunk/src/libopensc/sec.c, trunk/src/pkcs11/mechanism.c, + trunk/src/pkcs11/sc-pkcs11.h, trunk/src/tests/base64.c, + trunk/src/tools/pkcs11-tool.c: Fix compiler warnings + +2003-01-06 21:46 aet + + * trunk/src/libopensc/log.c, trunk/src/libopensc/log.h: Cleanups + and logging improvements for non-GCC compilers + +2003-01-06 19:52 okir + + * trunk/win32/readme.txt: Update from Stef + * trunk/src/pkcs11/Makefile.mak, trunk/src/pkcs11/openssl.c, + trunk/src/tools/pkcs11-tool.c: - Win32 fixes in case openssl is + not present (Stef) + +2003-01-06 19:37 okir + + * trunk/src/libopensc/iso7816.c: - fixed minor pin pad bug + +2003-01-06 19:36 okir + + * trunk/src/libopensc/pkcs15-pin.c: - sc_pkcs15_change_pin: small + pin pad change from Stef + +2003-01-06 19:28 okir + + * trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/misc.c: - + pin pad changes from Stef + +2003-01-06 17:45 okir + + * trunk/src/libopensc/reader-pcsc.c: - DEF_APDU_FIX wasn't used + unless you install a config file. + +2003-01-06 12:06 aet + + * trunk/src/tools/pkcs15-init.c: Add missing case 'w' to + handle_option + +2003-01-06 11:03 okir + + * trunk/src/tools/util.c: - Tools did not work unless -w switch + was given + +2003-01-06 10:53 aet + + * trunk/configure.in, trunk/src/openscd/Makefile.am: Minor cleanups + +2003-01-06 10:48 aet + + * trunk/src/include/opensc/rsaref, + trunk/src/include/opensc/rsaref/.cvsignore, trunk/src/openscd, + trunk/src/openscd/.cvsignore: Add .cvsignore + +2003-01-05 18:06 okir + + * trunk/src/libopensc/reader-pcsc.c: - vertain platforms need + time.h to understand time_t + +2003-01-05 17:59 okir + + * trunk/src/libopensc/opensc.h: - fixed comment before + sc_wait_for_event + * trunk/src/libopensc/reader-pcsc.c: - fixed problem with infinite + tiemout in sc_wait_for_event + +2003-01-04 13:17 aet + + * trunk/src/libopensc/errors.c: canelled -> cancelled + +2003-01-03 17:07 okir + + * trunk/src/tools/opensc-explorer.c, + trunk/src/tools/pkcs15-crypt.c, trunk/src/tools/pkcs15-tool.c: - + fixed help messages broken by previous patch + * trunk/src/tools/pkcs15-init.c: - instead of calling + sc_connect_card, use new function connect_card from util.c This + function will take care of the fine print and optionally wait + for card insertion too. + +2003-01-03 16:58 okir + + * trunk/src/tools/opensc-explorer.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-crypt.c, + trunk/src/tools/pkcs15-tool.c: - instead of calling + sc_connect_card, use new function connect_card from util.c This + function will take care of the fine print and optionally wait + for card insertion too. + +2003-01-03 16:57 okir + + * trunk/src/tools/util.c, trunk/src/tools/util.h: - New function + connect_card() - this does all the work of connecting to the + card, optionally waiting for card insertion using + sc_wait_for_event + +2003-01-03 16:32 okir + + * trunk/src/libopensc/opensc.h, trunk/src/libopensc/reader-pcsc.c, + trunk/src/libopensc/sc.c: - Patch from Stef to implement + sc_wait_for_event, slightly enhanced by yours truly. + +2003-01-03 16:30 okir + + * trunk/src/libopensc/errors.c, trunk/src/libopensc/errors.h: - + new error code (wait_for_event timeout) + +2003-01-03 14:33 okir + + * trunk/src/tools/pkcs11-tool.c: - Patch from Stef: add support + for --pin and --test + +2003-01-03 14:28 okir + + * trunk/src/pkcs11/mechanism.c, trunk/src/pkcs11/pkcs11-object.c, + trunk/src/pkcs11/sc-pkcs11.h: - C_Sign* and C_Digest* now return + the proper codes when the output buffer is too small, or when + the caller is doing and output buffer size query + +2003-01-03 13:27 okir + + * trunk/src/libopensc/reader-pcsc.c: - default apdu_fix=1 on win32 + +2003-01-03 13:26 okir + + * trunk/src/libopensc/ctx.c: - allow hard-coded config options + +2003-01-03 11:54 okir + + * trunk/src/scconf/internal.h, trunk/src/scconf/lex-parse.l, + trunk/src/scconf/parse.c, trunk/src/scconf/scconf.h: - added + support for parsing a static configuration string + +2003-01-03 11:40 okir + + * trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/pkcs11-global.c: - Try to fix + pkcs11.hide_empty_slots + +2003-01-03 11:39 okir + + * trunk/src/pkcs11/sc-pkcs11.h: - sc_pkcs11_slot_t typedef added + +2003-01-03 11:09 okir + + * trunk/etc/opensc.conf.example, + trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/misc.c, + trunk/src/pkcs11/sc-pkcs11.h: - Added run-time option + pkcs11.cache_pins, default false + +2003-01-03 10:49 okir + + * trunk/etc/opensc.conf.example, + trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/misc.c, + trunk/src/pkcs11/sc-pkcs11.h: - Added run-time option + pkcs11.lock_login + +2003-01-02 15:31 okir + + * trunk/src/libopensc/Makefile.mak, + trunk/src/libopensc/reader-pcsc.c: - win32 fixes from stef + +2003-01-02 15:23 okir + + * trunk/src/pkcs11/framework-pkcs15.c: - Getattr(CKA_MODULUS_BITS) + would fail for keys w/o certificate + +2002-12-23 19:17 okir + + * trunk/TODO: Update + +2002-12-23 18:47 okir + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/card-etoken.c, + trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/card-mcrd.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/ctbcs.c, trunk/src/libopensc/ctbcs.h, + trunk/src/libopensc/errors.c, trunk/src/libopensc/errors.h, + trunk/src/libopensc/iso7816.c, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/reader-ctapi.c, + trunk/src/libopensc/reader-pcsc.c, trunk/src/libopensc/sec.c, + trunk/src/libopensc/types.h: - Implemented new PIN + verify/change/unblock framework. All PIN operations are routed + through sc_pin_cmd(), which builds the APDU and either passes it + to the card directly, or to the card reader along with a request + to read the PIN(s) from the reader's keypad. Currently, entering + PIN in the standard way (i.e. via the application) should still + work - I have verified GPK and eToken; Cryptoflex verify should + work as well. Anything else needs additional testing, and + support for keypad input in particular (I cannot test this at + the moment for lack of a suitable reader). + +2002-12-23 18:43 okir + + * trunk/src/pkcs15init/pkcs15-etoken.c: - the AC CHANGE condition + of the PIN objects we created referenced the PUK, rather than + the PIN. This caused the standard sc_change_reference_data + operation to fail. + +2002-12-23 17:02 okir + + * trunk/src/pkcs11/framework-pkcs15.c: - NUL-terminate strings + returned by getattr(CKA_LABEL) + +2002-12-22 23:16 okir + + * trunk/src/tools/pkcs11-tool.c: - Added --hash/-h to hash data + (Stef Hoeben) - Added function to translate CKR_* error codes to + strings. + +2002-12-22 20:50 okir + + * trunk/src/pkcs11/sc-pkcs11.h: - define enough reader slots + +2002-12-22 14:43 aet + + * trunk/src/include/winconfig.h, trunk/src/pkcs15init/profile.c, + trunk/src/tools/pkcs11-tool.c, trunk/src/tools/pkcs15-init.c, + trunk/src/tools/pkcs15-tool.c: - Add access, mkdir and getpass + wrappers into winconfig.h + +2002-12-22 11:50 okir + + * trunk/etc/opensc.conf.example, + trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/misc.c, + trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/sc-pkcs11.h: + - slightly changed previous patch; new flag hide_empty_slots + +2002-12-21 16:45 okir + + * trunk/etc/opensc.conf.example, + trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/misc.c, + trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/sc-pkcs11.h, + trunk/src/pkcs11/slot.c: - Allow the admin to configure how many + slots are used per card (opensc.conf; pkcs11.num_slots) + +2002-12-21 14:10 okir + + * trunk/src/libopensc/ctx.c: - clarified use of conf_blocks in + process_config_file + +2002-12-20 14:55 okir + + * trunk/src/libopensc/card.c: - prevent buffer overflow + +2002-12-19 21:17 okir + + * trunk/src/libopensc/sc.c: - minor signedness issue + +2002-12-19 19:42 okir + + * trunk/src/tools/opensc-explorer.c: - implemented unblock command + +2002-12-19 16:16 okir + + * trunk/src/libopensc/ctx.c, trunk/src/libopensc/opensc.h: - get + rid of warnings when calling load_card_driver_options + +2002-12-19 14:26 okir + + * trunk/src/libopensc/pkcs15-data.c, trunk/src/libopensc/pkcs15.h: + - attempt to fix DODF encoding/decoding + +2002-12-19 10:49 okir + + * trunk/src/tools/pkcs11-tool.c: - add missing help message for + --module + +2002-12-19 09:34 okir + + * trunk/TODO: Update + +2002-12-19 09:27 okir + + * trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/framework-pkcs15init.c, + trunk/src/pkcs11/mechanism.c, trunk/src/pkcs11/sc-pkcs11.h: - + Another fix to mechanism handling: ripemd160 signatures should + work now - Got rid of get_mechanism_{list,info} in + framework_ops, as they're not needed anymore. + +2002-12-19 09:24 okir + + * trunk/src/tools/pkcs11-tool.c: - fixed rsa-ripemd160 signatures + - Added new option --module + +2002-12-18 19:28 okir + + * trunk/win32/Make.rules.mak: Compile fix from Serge Koganovitsch + +2002-12-18 19:26 okir + + * trunk/src/pkcs11/framework-pkcs15.c: - Values of CKA_SIGN and + similar attributes now based on the pkcs15 usage flags rather + than on some hardwired defaults. + +2002-12-18 12:15 okir + + * trunk/src/libopensc/pkcs15-sec.c: - fixed pkcs1-ripemd160 + signature header + +2002-12-18 11:40 okir + + * trunk/TODO: Update + +2002-12-18 11:34 okir + + * trunk/src/tools/pkcs15-init.c: - Added helpful comment about + --use-default-transport-keys + +2002-12-18 10:17 okir + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, + trunk/src/libopensc/pkcs15-data.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/pkcs15.h, trunk/src/pkcs15init/gpk.profile, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15.profile, trunk/src/tests/p15dump.c, + trunk/src/tests/print.c, trunk/src/tools/pkcs15-init.c, + trunk/src/tools/pkcs15-tool.c: - First shot at pkcs15 data + objects from Danny De Cock + +2002-12-18 09:23 okir + + * trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-gpk.c: - removed some dead code + +2002-12-17 22:13 okir + + * trunk/TODO: Update + +2002-12-17 20:44 okir + + * trunk/src/pkcs11/Makefile.mak, trunk/src/pkcs11/libpkcs11.c, + trunk/win32/readme.txt: - More win32 fixes from Stef + +2002-12-17 20:20 okir + + * trunk/TODO: Update + +2002-12-17 20:16 okir + + * trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/mechanism.c, trunk/src/pkcs11/sc-pkcs11.h: - + Register only those mechanisms the card actually supports + +2002-12-17 20:15 okir + + * trunk/src/tools/pkcs11-tool.c: - Added shorthand rsa-ripemd160 + * trunk/src/libopensc/pkcs15-sec.c: - Added support for + SC_ALGORITHM_RSA_HASH_RIPEMD160 in sc_pkcs15_compute_signature - + rewrote add_padding + +2002-12-17 20:14 okir + + * trunk/src/libopensc/opensc.h: - Added + SC_ALGORITHM_RSA_HASH_RIPEMD160 + +2002-12-17 16:00 okir + + * trunk/src/Makefile.mak, trunk/src/pkcs11/Makefile.mak, + trunk/src/pkcs11/libpkcs11.c, trunk/src/tools/Makefile.mak, + trunk/src/tools/pkcs11-tool.c, trunk/win32/Make.rules.mak: - + more win32 fixes from Stef + +2002-12-17 12:37 okir + + * trunk/configure.in, trunk/src/include/opensc/Makefile.am, + trunk/src/include/opensc/rsaref, + trunk/src/include/opensc/rsaref/Makefile.am: - generate header + symlinks for libpkcs11 + +2002-12-17 11:51 okir + + * trunk/src/Makefile.am: - build pkcs11 before tools, as + pkcs11-tool needs libpkcs11 + +2002-12-17 11:50 okir + + * trunk/src/tools/Makefile.am, trunk/src/tools/pkcs11-tool.c: - + New application: pkcs11-tool + +2002-12-17 11:49 okir + + * trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/mechanism.c, trunk/src/pkcs11/misc.c, + trunk/src/pkcs11/openssl.c, trunk/src/pkcs11/pkcs11-global.c, + trunk/src/pkcs11/pkcs11-object.c, trunk/src/pkcs11/sc-pkcs11.h: + - New mechanism framework + +2002-12-17 11:48 okir + + * trunk/src/pkcs11/Makefile.am: - New mechanism framework - New + libpkcs11 utility library + * trunk/src/pkcs11/libpkcs11.c, trunk/src/pkcs11/pkcs11.h: - New + utility library libpkcs11 - supposed to provide easy loading and + unloading of modules, and possibly a few other features in the + future. Needed by pkcs11-tool + +2002-12-12 10:08 okir + + * trunk/src/Makefile.mak, trunk/src/pkcs15init/Makefile.mak, + trunk/src/tests/Makefile.mak, trunk/src/tools/Makefile.mak: - + more Makefile.mak fixes from Stef + +2002-12-11 08:54 okir + + * trunk/src/libopensc/pkcs15.c: - do not segfault when we fail to + parse a pkcs15 DF + +2002-12-10 17:53 okir + + * trunk/src/pkcs15init/Makefile.mak, + trunk/src/scrandom/Makefile.mak, trunk/src/tests/Makefile.mak, + trunk/win32/readme.txt: - win32 patch from Stef Hoeben + +2002-12-10 17:47 okir + + * trunk/src/Makefile.mak, trunk/src/pkcs11/Makefile.mak, + trunk/src/pkcs11/framework-pkcs15init.c, + trunk/src/pkcs15init/profile.c, trunk/src/scrandom/scrandom.c, + trunk/src/tools/Makefile.mak, trunk/src/tools/pkcs15-init.c, + trunk/src/tools/pkcs15-tool.c: - win32 patch from Stef Hoeben + * trunk/src/pkcs11/framework-pkcs15.c: - Added support for + CKM_RSA_X_509 (Stef Hoeben) + +2002-12-10 14:44 jey + + * trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc.c, + trunk/src/openscd/commands.c: - Added support for separator + characters in sc_bin_to_hex() + +2002-12-10 14:31 okir + + * trunk/bootstrap: - rm -rf autom4te.cache - it's a directory + +2002-12-10 14:22 okir + + * trunk/src/tools/pkcs15-tool.c: - When exporting the public key, + fall back to the certificate object if there's no public key + with the given ID. + +2002-12-10 14:14 jey + + * trunk/src/tests/base64.c: - Modified base64 test so it actually + tests base64 stuff + +2002-12-10 13:43 jey + + * trunk/configure.in, trunk/src/Makefile.am, trunk/src/openscd, + trunk/src/openscd/Makefile.am, trunk/src/openscd/commands.c, + trunk/src/openscd/mkdtemp.c, trunk/src/openscd/openscd.c, + trunk/src/openscd/openscd.h, trunk/src/openscd/test.c: - Added + openscd and Assuan + +2002-12-10 13:41 jey + + * trunk/src/scrandom/scrandom.c: - Small bugfix + +2002-12-10 13:27 jey + + * trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: - + Keep the DER encoding of each PKCS #15 object in memory + +2002-12-10 13:26 jey + + * trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc.c: - + Changed sc_bin_to_hex() prototype a bit and removed the ':' + characters + +2002-12-09 13:33 okir + + * trunk/src/pkcs11/misc.c: - translate SC_ERROR_WRONG_LENGTH to + CKR_DATA_RANGE + +2002-12-06 21:40 okir + + * trunk/src/libopensc/reader-pcsc.c: - changed + pcsc_detect_card_presence to call refresh_slot_attributes. This + eliminates duplicate code, and that we also pick up the new ATR + if another card was inserted in the meanwhil. + +2002-12-06 12:49 okir + + * trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc.c: - added + sc_bin_to_hex + +2002-12-05 09:34 okir + + * trunk/src/libopensc/sc.c: - sc_parse_atr: initialize + slot->atr_info.hist_bytes even if the ATR is bad + +2002-12-05 08:58 okir + + * trunk/src/scam/p15_eid.c: - we expect an RSA key, so better make + sure it _is_ RSA + +2002-12-04 15:36 okir + + * trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/sc.c: - + Parsing pkcs11 IDs and paths with an odd number of bytes would + scan past the end of the string. Made sc_hex_to_bin more robust + and change various place to use it rather than doing it on their + own with scanf(%02x) + +2002-12-04 14:56 okir + + * trunk/src/tools/pkcs15-init.c: - pass the --label argument as + the token label when creating the pkcs15 app + * trunk/src/pkcs15init/pkcs15-lib.c: - properly set the TokenInfo + label from user input + +2002-12-04 14:28 okir + + * trunk/src/pkcs15init/README: - added comment on pkcs12 files + +2002-12-04 13:50 okir + + * trunk/src/pkcs11/framework-pkcs15.c: - Fixed CKM_SHA1_RSA_PKCS: + if OpenSSL is available, use it to hash the supplied data. If + OpenSSL is unavailable, CKM_SHA1_RSA_PKCS is not advertised to + the user. + +2002-12-04 13:25 okir + + * trunk/src/pkcs15init/pkcs15-lib.c: - make sure we don't assign + the same ID more than once + +2002-12-04 13:24 okir + + * trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-init.h: - Added + sc_pkcs15init_get_secret so that the GPK driver can get the MF + secure messaging key. + +2002-12-04 12:33 okir + + * trunk/src/libopensc/errors.c, trunk/src/libopensc/errors.h: - + updated pkcs15init error codes + +2002-12-04 12:09 okir + + * trunk/src/libopensc/card-flex.c: - fixed ATR for Cryptoflex 32K + e-gate + +2002-12-04 11:57 okir + + * trunk/src/pkcs15init/flex.profile, + trunk/src/pkcs15init/gpk.profile: - got rid of default transport + keys + +2002-12-04 11:56 okir + + * trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-tool.c: - + implement get_key callback + * trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c: - Change the way we handle + default transport keys, attempt to reduce the risk of users + entering the wrong keys and locking their cards. Here's how we + do it: - ask the card driver (via cardctl GET_DEFAULT_KEY) for + default key - invoke the front-end's get_key callback. If the + card driver gave us a default key, pass it as default value - + front end is free to use default key as-is, or prompt user + +2002-12-04 09:59 okir + + * trunk/src/libopensc/card-flex.c: - implemented + SC_CARDCTL_GET_DEFAULT_KEY for the flex driver; will return the + default AAKs for Cryptoflex and Cyberflex Access. Hope I got + them right. + +2002-12-04 09:26 okir + + * trunk/src/libopensc/card-gpk.c, trunk/src/libopensc/cardctl.h, + trunk/src/libopensc/errors.h: - added new cardctl + SC_CARDCTL_GET_DEFAULT_KEY to get default transport keys + +2002-12-04 09:24 okir + + * trunk/src/libopensc/asn1.c: - fixed asn1_encode_path - include + length value if given + +2002-12-03 15:40 okir + + * trunk/etc/opensc.conf.example: - "document" new card_driver.atr + feature + * trunk/src/libopensc/card.c, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/internal.h, trunk/src/libopensc/opensc.h: - + support ATR maps in /etc/opensc.conf, e.g. card_driver flex { + atr = 11:22:33:44; atr = 55:66:77:88; } + +2002-12-03 12:44 okir + + * trunk/src/pkcs15init/flex.profile: - disabled default AAK for now + +2002-12-03 12:27 okir + + * trunk/src/libopensc/card-flex.c: - added Cryptoflex 32k e-gate + +2002-12-02 14:40 okir + + * trunk/src/pkcs11/framework-pkcs15.c: - Avoid segfaults: if we + cannot parse the certificate, do not create a cert object. + +2002-12-02 13:42 okir + + * trunk/src/libopensc/types.h: - added length value to sc_path + +2002-12-02 13:39 okir + + * trunk/src/libopensc/pkcs15-cert.c: - sc_pkcs15_read_certificate + now uses sc_pkcs15_read_file + +2002-12-02 13:38 okir + + * trunk/src/libopensc/pkcs15-cache.c, + trunk/src/libopensc/pkcs15.c: sc_pkcs15_read{,_cached}_file now + honor the index/length parameters from Path + * trunk/src/libopensc/asn1.c: - When decoding Path, decode + "length" value as well (if present) - a few int -> size_t + changes to suppress gcc3 warnings. + +2002-11-29 10:54 okir + + * trunk/src/pkcs11/pkcs11-session.c: - do not crash if the + application tries to log into a token w/o PIN + +2002-11-29 08:56 okir + + * trunk/src/pam/Makefile.am, trunk/src/pkcs11/Makefile.am, + trunk/src/sia/Makefile.am: - use @libdir@ instead of + ${exec_prefix}/lib - some platforms (such as s390x and ppc64) + put libraries into /usr/lib64 + +2002-11-28 16:38 okir + + * trunk/src/tools/pkcs15-tool.c: - fixed typo + +2002-11-28 15:58 okir + + * trunk/docs/Makefile.am, trunk/docs/cryptoflex-tool.1, + trunk/docs/opensc-config.1, trunk/docs/opensc-explorer.1, + trunk/docs/opensc-tool.1, trunk/docs/opensc.7, + trunk/docs/pkcs15-profile.5.in, trunk/docs/pkcs15-tool.1: - lots + of new manpages from Joe Phillips + +2002-11-28 15:44 okir + + * trunk/src/tools/opensc-explorer.c: - Fix from Joe Phillips: fix + help message + +2002-11-28 15:43 okir + + * trunk/src/tools/opensc-tool.c: - Fix from Joe Phillips: option + mismatch in --help message + +2002-11-28 15:38 okir + + * trunk/src/tools/pkcs15-tool.c: - Fix from Stef Hoeben for win32 + +2002-11-27 14:27 okir + + * trunk/src/libopensc/ctx.c: - Fix from Stef Hoeben to get the + eid-cache stuff working on win32 + +2002-11-25 09:03 okir + + * trunk/src/tools/opensc-explorer.c: - --card-driver was mapped to + -D, but should have been -c. + +2002-11-22 09:10 okir + + * trunk/src/pkcs11/misc.c, trunk/src/pkcs11/pkcs11-global.c, + trunk/src/pkcs11/sc-pkcs11.h, trunk/src/pkcs11/slot.c: - in case + of an invalid session/object handle, return + OBJECT_HANDLE_INVALID or SESSION_HANDLE_INVALID instead of + FUNCTION_DAILED + +2002-11-22 09:09 okir + + * trunk/src/pkcs11/pkcs11-object.c: - Return correct error codes + in GetAttributeValue in case of ATTRIBUTE_TYPE_INVALID and + ATTRIBUTE_SENSITIVE + +2002-11-22 09:07 okir + + * trunk/src/pkcs11/framework-pkcs15.c: - get_mechanism_list now + reports correct number of mechanisms + +2002-11-18 09:05 aet + + * trunk/src/libopensc/log.c, trunk/src/libopensc/log.h: Duh, + revert previous patch. + +2002-11-17 20:26 aet + + * trunk/src/Makefile.mak: Build PKCS#11 module for win32 port. + +2002-11-17 20:23 aet + + * trunk/src/libopensc/log.c, trunk/src/libopensc/log.h: Add usage + of __FILE__, __LINE__ and __FUNCTION__ macros for non-GCC + compilers too, where available. (Based on patch by Stef Hoeben) + +2002-11-12 14:32 aet + + * trunk/src/scconf/scconf.c: Merge with dvbsak.sf.net + +2002-11-12 11:35 aet + + * trunk/src/scconf/lex-parse.l: Free yy_current_buffer since lex + doesn't do it, take 2. + +2002-11-12 10:33 aet + + * trunk/src/tests/sc-test.c: add HAVE_GETOPT_H + +2002-11-11 22:40 aet + + * trunk/src/tests/Makefile.am: Add @GETOPTSRC@ + +2002-11-11 22:26 aet + + * trunk/src/scconf/parse.c, trunk/src/scconf/scconf.c, + trunk/src/scconf/scconf.h, trunk/src/scconf/test-conf.c: Added + new functions: scconf_put_{str,int,bool} scconf_write_entries + TODO: - Cleanups, add more sanity checks - Rewrite parts of the + API for LDAP support + +2002-11-11 14:27 aet + + * trunk/src/scconf/scconf.c: Oops + +2002-11-11 14:08 aet + + * trunk/src/scconf/parse.c, trunk/src/scconf/scconf.c, + trunk/src/scconf/scconf.h, trunk/src/scconf/test-conf.c, + trunk/src/scconf/write.c: Checkpoint commit. Added new + functions: scconf_block_{add,copy} + scconf_item_{add,copy,destroy} scconf_list_copy + +2002-11-11 08:22 fabled + + * trunk/src/include/winconfig.h, trunk/src/libopensc/Makefile.mak: + Updated win32 port for recent updates. Noticed by Stef Hoeben. + +2002-11-08 14:14 okir + + * trunk/src/libopensc/opensc.h: - added SC_ALGORITHM_NEED_USAGE + * trunk/src/pkcs15init/pkcs15-lib.c: - handle + SC_ALGORITHM_NEED_USAGE flag + * trunk/src/libopensc/card-etoken.c: - set SC_ALGORITHM_NEED_USAGE + flag in algo info + +2002-11-08 13:50 okir + + * trunk/src/libopensc/card-gpk.c, trunk/src/libopensc/cardctl.h, + trunk/src/pkcs15init/pkcs15-gpk.c: - detect when a GPK card is + already personalized + +2002-11-08 13:04 okir + + * trunk/README.cards: added + * trunk/src/libopensc/card-etoken.c: - make sc_get_driver static + +2002-11-08 12:10 okir + + * trunk/src/libopensc/card-gpk.c: - GemSafe cards have a directory + 0200 with an AIDF file in it, and will return a 0x6F file info + block when selecting this DF. Try to parse it, as far as we + understand it. + +2002-11-07 14:48 okir + + * trunk/src/tools/opensc-explorer.c: - fixed segfault in + mkdir/create - minor cosmetic change in do_verify + +2002-11-05 13:47 okir + + * trunk/src/tests/sc-test.c: - added getopt option parsing (-r + reader -c driver -dddd) What's a test app when you can't enable + debugging?! + +2002-10-20 09:20 aet + + * trunk/src/pkcs15init/pkcs15-etoken.c: Another build fix + +2002-10-19 16:51 aet + + * trunk/src/libopensc/card-mcrd.c, + trunk/src/libopensc/pkcs15-wrap.c, trunk/src/pam/misc_conv.c, + trunk/src/pkcs15init/pkcs15-etoken.c, + trunk/src/signer/opensc-crypto.c, trunk/src/signer/signer.c, + trunk/src/tests/base64.c, trunk/src/tests/lottery.c, + trunk/src/tests/p15dump.c, trunk/src/tests/pintest.c, + trunk/src/tests/print.c, trunk/src/tests/prngtest.c, + trunk/src/tests/sc-test.c: Various build fixes + +2002-10-19 14:04 aet + + * trunk/configure.in, trunk/src/Makefile.am, + trunk/src/include/winconfig.h, + trunk/src/libopensc/card-default.c, trunk/src/libopensc/log.c, + trunk/src/libopensc/module.c, + trunk/src/libopensc/pkcs15-cache.c, + trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-sec.c, + trunk/src/libopensc/reader-pcsc.c, trunk/src/libopensc/sc.c, + trunk/src/libopensc/sec.c, trunk/src/pam/misc_conv.c, + trunk/src/pam/pam_opensc.c, trunk/src/pam/pam_support.c, + trunk/src/pkcs11/rsaref/pkcs11.h, trunk/src/pkcs11/sc-pkcs11.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/profile.c, trunk/src/scam/p15_eid.c, + trunk/src/scam/p15_ldap.c, trunk/src/scldap/scldap.c, + trunk/src/scldap/test-ldap.c, trunk/src/scrandom/scrandom.c, + trunk/src/tests/lottery.c, trunk/src/tests/prngtest.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-crypt.c, + trunk/src/tools/util.h: Cleanups for initial win32 port, + untested. + +2002-10-02 10:55 okir + + * trunk/src/tools/pkcs15-init.c: - fixed typos in help output + +2002-10-02 10:50 okir + + * trunk/src/tools/pkcs15-init.c: - added --reader, --key-usage + command line args + * trunk/src/pkcs15init/pkcs15-etoken.c: - allow to generate/store + decryption keys + +2002-10-02 10:49 okir + + * trunk/src/libopensc/iso7816.c: - fixed deciphering (apdu.le was + not set) + +2002-09-30 20:24 okir + + * trunk/src/tools/pkcs15-init.c: - during card initialization, + allow to enter SO PIN interactively + +2002-09-30 20:03 okir + + * trunk/src/tools/pkcs15-init.c: - when entering new PINs on + stdin, make the user re-type the PIN to avoid typos + +2002-08-21 10:34 jey + + * trunk/src/libopensc/pkcs15-pin.c: - Also removed the ref variable + * trunk/src/libopensc/pkcs15-pin.c: - Removed the last goof I made + +2002-08-21 10:22 jey + + * trunk/src/libopensc/pkcs15.h: - Fixed prototype for + sc_pkcs15_card_new() + * trunk/src/libopensc/pkcs15-cert.c: - Used cert->key instead of + key in parse_x509_cert() + +2002-08-21 10:20 jey + + * trunk/src/libopensc/pkcs15-pin.c: - Set bit 8 in key reference, + if PIN_FLAG_LOCAL is set + +2002-08-21 10:16 jey + + * trunk/src/libopensc/iso7816.c: - Brown paper-bag fix + +2002-08-21 10:15 jey + + * trunk/src/libopensc/card-mcrd.c, + trunk/src/libopensc/card-tcos.c: - Removed error list + +2002-08-21 10:14 jey + + * trunk/src/libopensc/Makefile.am: - Added card-mcrd.c + +2002-08-21 10:13 jey + + * trunk/src/libopensc/card-mcrd.c, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/opensc.h: - Added driver for MICARDO 2 cards + +2002-08-21 10:06 jey + + * trunk/src/libopensc/iso7816.c: - Added some new error codes to + sc_iso7816_check_sw() + +2002-08-21 10:02 jey + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/internal.h: - + Renamed read_tag to sc_asn1_read_tag and made it a non-static + function + +2002-08-20 08:59 okir + + * trunk/src/libopensc/card-gpk.c: - Merged GPK patches from Steve + Henson (signing fixes) and Joe Phillips (GPK16K ATR matching + code). + +2002-08-20 08:39 okir + + * trunk/src/tools/opensc-tool.c: - Accessed file->type after + freeing file (S. Henson) + +2002-08-20 08:28 okir + + * trunk/src/libopensc/card-gpk.c: - GPK16K: wildcard RSA exponent + is 0 not -1 + +2002-08-19 17:13 okir + + * trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/framework-pkcs15init.c, + trunk/src/pkcs11/sc-pkcs11.h, trunk/src/pkcs11/slot.c: - put the + definition of USE_PKCS15_INIT into a place where it can actually + work + +2002-08-08 20:53 jey + + * trunk/src/pkcs11/framework-pkcs15init.c, + trunk/src/pkcs11/slot.c: - Fixed functionality when pkcs15init + is not compiled + +2002-08-06 13:51 okir + + * trunk/src/libopensc/pkcs15-cert.c: - certificate version is + optional (v1) + +2002-07-28 18:22 jey + + * trunk/src/libopensc/card-gpk.c: - Added ATR for GPK16000 + +2002-07-10 06:28 fabled + + * trunk/src/pkcs11/rsaref/win32.h: - PKCS#11 module definitions; + not PKCS#11 application. Removes compiler and linker warnings. + +2002-06-20 13:16 fabled + + * trunk/src/pkcs11/Makefile.mak, + trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/framework-pkcs15init.c, + trunk/src/pkcs11/rsaref/pkcs11.h, + trunk/src/pkcs11/rsaref/win32.h, trunk/src/pkcs11/sc-pkcs11.h, + trunk/src/pkcs11/slot.c: - Ported pkcs11 module to win32. + +2002-06-20 12:14 fabled + + * trunk/src/common/Makefile.mak, trunk/src/libopensc/Makefile.mak, + trunk/src/scconf/Makefile.mak, trunk/win32/Make.rules.mak: - + Win32 build fixes. Should work now. + +2002-06-20 12:08 fabled + + * trunk/src/common/getpass.c: - Added missing getpass.c for win32 + compatibility + +2002-06-18 18:18 okir + + * trunk/src/pkcs15init/pkcs15-etoken.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c: - implemented generic + erase_card functionality + * trunk/src/pkcs15init/pkcs15-cflex.c: - implemented erase_card + +2002-06-18 15:17 okir + + * trunk/src/libopensc/errors.c: - error message fixup + +2002-06-18 12:20 okir + + * trunk/src/libopensc/card-gpk.c: - fixed compute_signature for + gpk8000 + +2002-06-17 15:26 okir + + * trunk/src/pkcs15init/pkcs15-gpk.c: - fixed pkcs15init for GPK + 8000 + +2002-06-17 15:24 okir + + * trunk/src/libopensc/card-gpk.c, trunk/src/libopensc/cardctl.h: - + added cardctl SC_CARDCTL_GPK_VARIANT + +2002-06-17 11:18 okir + + * trunk/src/tests/regression/crypt0003, + trunk/src/tests/regression/crypt0004, + trunk/src/tests/regression/functions: - more tests + +2002-06-17 11:17 okir + + * trunk/src/tools/pkcs15-crypt.c: - allow output of signature to + stdout + +2002-06-17 10:58 okir + + * trunk/src/pkcs15init/etoken.profile, + trunk/src/pkcs15init/pkcs15-etoken.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c: - various changes for + on-board key generation - key download and key generation for + eToken works now + +2002-06-17 10:55 okir + + * trunk/src/libopensc/card-etoken.c: - more eToken fixes + +2002-06-17 10:54 okir + + * trunk/src/libopensc/pkcs15-sec.c: - RSA padding header for sha1 + was still broken + +2002-06-16 21:19 jey + + * trunk/src/libopensc/card.c: - Renamed sc_transceive_t0 to + sc_transceive to avoid confusion =) + +2002-06-16 21:18 jey + + * trunk/src/libopensc/pkcs15-sec.c: - + sc_pkcs15_compute_signature() and sc_pkcs15_decipher() now + select the whole path specified in a private key object + +2002-06-14 12:52 fabled + + * trunk/Makefile.mak, trunk/README.Win32, trunk/src/Makefile.am, + trunk/src/Makefile.mak, trunk/src/common/Makefile.am, + trunk/src/common/Makefile.mak, trunk/src/include/Makefile.mak, + trunk/src/include/winconfig.h, trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/Makefile.mak, trunk/src/libopensc/asn1.c, + trunk/src/libopensc/card-default.c, + trunk/src/libopensc/card-etoken.c, + trunk/src/libopensc/card-flex.c, + trunk/src/libopensc/card-miocos.c, + trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/ctx.c, trunk/src/libopensc/log.c, + trunk/src/libopensc/log.h, trunk/src/libopensc/module.c, + trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15-cache.c, + trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-sec.c, + trunk/src/libopensc/reader-pcsc.c, trunk/src/libopensc/sc.c, + trunk/src/libopensc/sec.c, trunk/src/scconf/Makefile.am, + trunk/src/scconf/Makefile.mak, trunk/src/scconf/parse.c, + trunk/src/scconf/scconf.c, trunk/src/tests/Makefile.am, + trunk/src/tests/pintest.c, trunk/src/tests/sc-test.c, + trunk/src/tools/Makefile.am, trunk/src/tools/Makefile.mak, + trunk/src/tools/opensc-explorer.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-crypt.c, + trunk/src/tools/util.h, trunk/win32, trunk/win32/Make.rules.mak, + trunk/win32/makedef.pl: - Initial support for win32 + +2002-06-14 12:29 jey + + * trunk/src/libopensc/iso7816.c: - Fix apdu->le in + sc_compute_signature() + +2002-06-14 12:18 jey + + * trunk/src/libopensc/pkcs15-sec.c: - Reverted Olaf's patch in + sc_compute_signature(). It breaks government issued (e.g. + FINEID) cards. + +2002-06-14 11:52 jey + + * trunk/etc/opensc.conf.example: - Added template for PC/SC + 'apdu_fix' + +2002-06-14 11:43 jey + + * trunk/src/libopensc/reader-pcsc.c: - Fix for last commit. It now + compiles, at least. + +2002-06-14 11:33 jey + + * trunk/src/libopensc/reader-pcsc.c: - Preliminary fix for Case 4 + APDU sending on Win32 + +2002-06-13 11:20 okir + + * trunk/src/libopensc/pkcs15-sec.c: - added comment/question + +2002-06-13 11:18 okir + + * trunk/src/libopensc/iso7816.c: - changed APDU base from 3 to 4 + on sign/decipher + +2002-06-11 18:17 okir + + * trunk/src/tools/opensc-explorer.c: - corrected info output for + Linear variable TLV EFs + +2002-06-11 18:16 okir + + * trunk/src/tools/pkcs15-init.c: - added switch to force software + key generation + +2002-06-11 18:15 okir + + * trunk/src/pkcs15init/pkcs15-etoken.c: - more code towards signing + +2002-06-11 18:14 okir + + * trunk/src/libopensc/card-etoken.c: - support for security + environment create/restore/set - support for signature + computation (non functional yet) + +2002-06-11 18:13 okir + + * trunk/src/libopensc/cardctl.h: - added support for PUT_SECI + * trunk/src/libopensc/pkcs15-sec.c: - experimental: support for + cards such as eToken that store keys in "objects" below the DF + +2002-06-07 20:29 okir + + * trunk/src/pkcs15init/etoken.profile, + trunk/src/pkcs15init/pkcs15-etoken.c, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15.profile: - first steps toward eToken + key download + +2002-06-07 20:28 okir + + * trunk/src/libopensc/card-etoken.c: - properly identify supported + algorithms + +2002-06-07 20:21 okir + + * trunk/src/tools/pkcs15-crypt.c: - do not try to check PIN if key + isn't pin-protected at all + +2002-06-06 13:38 jey + + * trunk/src/pkcs15init/pkcs15-lib.c: - Protected OpenSSL includes + with #ifdef HAVE_OPENSSL + +2002-06-06 09:18 okir + + * trunk/src/pkcs15init/etoken.profile, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c: - started to implement + on-token key gen support + +2002-06-06 09:17 okir + + * trunk/src/libopensc/card-etoken.c, + trunk/src/libopensc/cardctl.h, + trunk/src/pkcs15init/pkcs15-etoken.c: - started to implement + eToken key generation + +2002-06-05 17:51 okir + + * trunk/src/tools/pkcs15-init.c: - fix a few error messages + +2002-06-05 15:08 okir + + * trunk/src/pkcs15init/Makefile.am: - install etoken profile, too + +2002-06-05 15:02 okir + + * trunk/src/pkcs15init/pkcs15-etoken.c: - implemented --erase for + etoken through a recursive remove + * trunk/src/pkcs15init/etoken.profile: - set ERASE=$SOPIN for AODF + +2002-06-05 12:53 okir + + * trunk/src/pkcs15init/pkcs15-etoken.c: - implemented setting of + user pins; minor pin code cleanup + +2002-06-04 20:11 okir + + * trunk/src/pkcs15init/pkcs15-etoken.c: - p15 PIN entries should + now have a valid path + +2002-06-04 20:07 okir + + * trunk/src/pkcs15init/etoken.profile: - whoops, forgot to check + this in + +2002-06-04 20:06 okir + + * trunk/src/pkcs15init/pkcs15-etoken.c: - setting an SO pin works + now + +2002-06-04 19:43 okir + + * trunk/src/pkcs15init/pkcs15-etoken.c: - first stage of pkcs15 + initialization sort of functional + +2002-06-04 19:42 okir + + * trunk/src/pkcs15init/pkcs15-lib.c: - fixed bad return value in + do_init_app + * trunk/src/libopensc/card-etoken.c: - pin verification works now + +2002-06-04 09:38 aet + + * trunk/configure.in: LDAP detection fix, require ldap.h. + +2002-06-04 08:51 okir + + * trunk/src/pkcs15init/Makefile.am, + trunk/src/pkcs15init/pkcs15-etoken.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c: - added some eToken code (not + functional yet) + +2002-06-04 08:50 okir + + * trunk/src/libopensc/cardctl.h: - added eToken specific cardctls + * trunk/src/libopensc/card-etoken.c: - fixed some minor glitches + (potential buffer overflow in read_dir; missing SW check) - + added card_ctl for put_data_fci - added some debug output + +2002-06-03 15:28 aet + + * trunk/src/pkcs11/sc-pkcs11.h: Fix for previous commit + +2002-06-03 15:18 aet + + * trunk/src/libopensc/reader-pcsc.c, + trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/framework-pkcs15init.c, + trunk/src/pkcs11/misc.c, trunk/src/pkcs11/pkcs11-object.c, + trunk/src/pkcs11/pkcs11-session.c, trunk/src/pkcs11/sc-pkcs11.h, + trunk/src/pkcs11/secretkey.c: Preliminary MacOS X build support, + untested so far. + +2002-06-03 15:05 jey + + * trunk/src/libopensc/card-miocos.c, + trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/iso7816.c, trunk/src/libopensc/log.c: - + iso7816_set_security_env now has correct values for P1 - + Improved detection of SetCOS cards - Changed the default CLA + byte in card-setcos.c to 0x80 + +2002-06-02 21:43 jey + + * trunk/NEWS, trunk/README, trunk/TODO, trunk/configure.in: - + Preparation for version 0.7.0 + +2002-06-02 21:39 okir + + * trunk/src/libopensc/card-etoken.c: - do our own chunking in + read/write binary + +2002-06-02 21:04 aet + + * trunk/src/openssh/README: Upgrade for the OpenSSH 3.2.x release + +2002-06-02 20:46 aet + + * trunk/src/scam/scam.c: Disable pkcs15-ldap until it's working. + +2002-05-27 10:03 aet + + * trunk/src/pam/Makefile.am, trunk/src/scam/p15_eid.c, + trunk/src/scam/p15_ldap.c, trunk/src/scam/scam.c: Minor build + fixes + +2002-05-27 06:41 aet + + * trunk/src/libopensc/asn1.c: Build fix for previous commit + +2002-05-26 12:31 jey + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-pubkey.c, + trunk/src/libopensc/pkcs15.c, + trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/tools/pkcs15-crypt.c: - Several patches to fix + behaviour on 64-bit architectures (by Jochen Friedrich) - Fixed + one bug in sc_copy_asn1_entry(), one in + sc_pkcs15init_add_object() and one in pkcs15-crypt (patches also + by Jochen) + +2002-05-21 19:41 jey + + * trunk/src/pkcs15init/profile.c: - Fixed parsing of AUT keys in + pkcs15init (patch by Jochen Friedrich ) + +2002-05-21 14:19 aet + + * trunk/configure.in: scidi merge + +2002-05-20 09:19 aet + + * trunk/src/libopensc/base64.c, trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/profile.c, trunk/src/scconf/parse.c, + trunk/src/scconf/scconf.c, trunk/src/scldap/scldap.c, + trunk/src/signer/npinclude/npapi.h, trunk/src/tools/util.h: + Minor GCC warning fixes + +2002-05-19 22:50 aet + + * trunk/aclocal/acx_pthread.m4: AIX gcc fix + +2002-05-14 19:20 aet + + * trunk/configure.in: check readline.h fix + +2002-05-13 12:23 aet + + * trunk/src/scrandom/scrandom.h: Add comments + * trunk/src/libopensc/card-tcos.c: Warning fixes + +2002-05-09 10:34 jey + + * trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/cardctl.h, + trunk/src/libopensc/pkcs15-pin.c: - Applied a patch by Werner + Koch that brings the TCOS driver up-to-speed + +2002-05-09 10:22 jey + + * trunk/src/libopensc/card-default.c, + trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c: - + Applied a patch by Matthias Bruestle : - + Changed the case of GET RESPONSE in card-default.c to 2 short - + Added ATRs to Flex, GPK and TCOS drivers - Changed value of + maximum Lc in card.c to be 255 + +2002-05-08 08:15 aet + + * trunk/src/scrandom/scrandom.c: More cleanups + +2002-05-08 07:04 aet + + * trunk/docs, trunk/docs/.cvsignore: Add pkcs15-profile.5 + +2002-05-08 06:50 aet + + * trunk/configure.in, trunk/docs/Makefile.am, + trunk/docs/pkcs15-profile.5, trunk/docs/pkcs15-profile.5.in: + pkcs15-profile.5 $(pkgdatadir) fix + +2002-05-07 12:49 aet + + * trunk/src/pam/Makefile.am, trunk/src/pkcs11/Makefile.am, + trunk/src/sia/Makefile.am: Minor ${prefix} -> ${exec_prefix} + changes + +2002-05-07 09:35 aet + + * trunk/src/openssh/Makefile.am, trunk/src/openssh/README, + trunk/src/openssh/opensc-ssh.c: Removed opensc-ssh Updated README + +2002-05-06 14:06 aet + + * trunk/src/scldap/scldap.c: Add comments for previous fix + +2002-05-06 06:36 aet + + * trunk/configure.in, trunk/src/scam/Makefile.am, + trunk/src/scam/p15_eid.c, trunk/src/scam/p15_ldap.c, + trunk/src/scrandom/Makefile.am, trunk/src/scrandom/scrandom.c: + Reworked scrandom ugliness, no longer builds a shared library + nor seeds OpenSSL internally, if available. + +2002-04-30 13:35 okir + + * trunk/aclocal/libtool.m4: - another linux-gnu* => linux* fix + +2002-04-30 11:55 okir + + * trunk/aclocal/libtool.m4: - make it compile on SuSE 8.0 + +2002-04-30 09:46 okir + + * trunk/src/pam/Makefile.am: - work around brain damage in + automake 1.6.1 (shouldn't they change the name to autobreak?) + +2002-04-26 07:56 aet + + * trunk/src/scldap/scldap.c: Disable a sanity check that was + needed at least with OpenLDAP 1.2.x, it seems to block + certificate CRL fetches with more recent versions of OpenLDAP + (2.x) + +2002-04-26 06:35 aet + + * trunk/configure.in: Fix SSL/TLS support for OpenLDAP + +2002-04-23 09:17 aet + + * trunk/src/signer/opensc-crypto.c: API upgrade + +2002-04-23 08:18 okir + + * trunk/src/tests/regression, trunk/src/tests/regression/README, + trunk/src/tests/regression/crypt0001, + trunk/src/tests/regression/crypt0002, + trunk/src/tests/regression/functions: - added two regression + test scripts + +2002-04-23 08:17 okir + + * trunk/src/libopensc/errors.h, trunk/src/libopensc/pkcs15-sec.c, + trunk/src/libopensc/pkcs15.h, + trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/tools/pkcs15-crypt.c: - sc_pkcs15_decipher now takes a + flags argument, so we know when to strip off any pkcs#1 padding. + +2002-04-22 23:01 jey + + * trunk/src/libopensc/card-etoken.c: - Applied a patch to + card-etoken.c that gives ACL support; patch by Markus Frield + +2002-04-22 18:37 okir + + * trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/tools/pkcs15-init.c: - allow setting the cert_info + authority flag + +2002-04-22 18:03 okir + + * trunk/src/libopensc/pkcs15-sec.c: - fixed pkcs1 padding for + rsa-md5 signatures + +2002-04-22 08:00 okir + + * trunk/src/pkcs15init/pkcs15-lib.c: - changed do_select_parent + per request from Juha. Hope this doesn't break anything... :) + +2002-04-21 18:54 aet + + * trunk/src/libopensc/pkcs15-cert.c, trunk/src/libopensc/pkcs15.h: + Extract certificate crlDistributionPoints and store it in + sc_pkcs15_cert + +2002-04-19 20:07 jey + + * trunk/TODO, trunk/etc/opensc.conf.example, + trunk/src/libopensc/ctx.c: - Added 'force_card_driver' option + +2002-04-19 18:01 jey + + * trunk/src/pkcs15init/miocos.profile, + trunk/src/pkcs15init/pkcs15-miocos.c: - Small update to MioCOS + pkcs15init driver + +2002-04-19 17:24 jey + + * trunk/TODO: - Update TODO + +2002-04-19 17:02 jey + + * trunk/src/libopensc/card-miocos.c, + trunk/src/pkcs15init/miocos.profile, + trunk/src/pkcs15init/pkcs15-miocos.c: - Some fixes to the MioCOS + driver + * trunk/src/pkcs15init/flex.profile, + trunk/src/pkcs15init/pkcs15-cflex.c: - Added support for + extractable keys on the Cryptoflex + +2002-04-19 14:23 aet + + * trunk/configure.in, trunk/src/libopensc/asn1.c, + trunk/src/libopensc/asn1.h, trunk/src/libopensc/base64.c, + trunk/src/libopensc/card-etoken.c, + trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/card-miocos.c, + trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/cardctl.h, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/dir.c, trunk/src/libopensc/emv.h, + trunk/src/libopensc/errors.h, trunk/src/libopensc/internal.h, + trunk/src/libopensc/iso7816.c, trunk/src/libopensc/log.h, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-algo.c, + trunk/src/libopensc/pkcs15-cache.c, + trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-pubkey.c, + trunk/src/libopensc/pkcs15-sec.c, + trunk/src/libopensc/pkcs15-wrap.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/pkcs15.h, + trunk/src/libopensc/reader-ctapi.c, + trunk/src/libopensc/reader-pcsc.c, trunk/src/libopensc/sc.c, + trunk/src/libopensc/types.h, trunk/src/openssh/opensc-ssh.c, + trunk/src/pam/pam_opensc.c, trunk/src/pam/pam_support.c, + trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/pkcs11-global.c, + trunk/src/pkcs11/pkcs11-object.c, trunk/src/pkcs11/sc-pkcs11.h, + trunk/src/pkcs11/secretkey.c, + trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/profile.h, trunk/src/scam, + trunk/src/scam/.cvsignore, trunk/src/scam/p15_eid.c, + trunk/src/scam/p15_ldap.c, trunk/src/scconf/parse.c, + trunk/src/scconf/scconf.c, trunk/src/scconf/write.c, + trunk/src/scldap/scldap.c, trunk/src/scldap/test-ldap.c, + trunk/src/scrandom/scrandom.c, trunk/src/scrandom/test-random.c, + trunk/src/signer/dialog.c, trunk/src/signer/opensc-crypto.c, + trunk/src/signer/opensc-support.c, trunk/src/signer/signer.c, + trunk/src/tests/p15dump.c, trunk/src/tests/print.c, + trunk/src/tests/sc-test.c, trunk/src/tests/sc-test.h, + trunk/src/tools/cryptoflex-tool.c, + trunk/src/tools/pkcs15-crypt.c, trunk/src/tools/pkcs15-init.c, + trunk/src/tools/pkcs15-tool.c, trunk/src/tools/util.c, + trunk/src/tools/util.h: - C++ support. Compiles with gcc/g++ for + Linux, otherwise completely untested. + +2002-04-19 10:01 okir + + * trunk/src/pkcs15init/pkcs15-lib.c: - fixed DF handling + +2002-04-19 09:22 jey + + * trunk/TODO, trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-pubkey.c, + trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/tools/cryptoflex-tool.c, + trunk/src/tools/pkcs15-tool.c: - PKCS #15 objects and DFs are + now stored with linked lists in struct sc_pkcs15_card; this way + we can have 'floating' objects that don't belong in any DF, for + e.g. generating public key objects from certificates - Removed + some unused function prototypes + +2002-04-18 15:01 jey + + * trunk/src/libopensc/pkcs15.c: - sc_pkcs15_find_prkey_by_id and + sc_pkcs15_find_cert_by_id now return all private keys and + certificates instead of only RSA keys and X.509 certificates - + Removed some obsolete PKCS #15 initialization code + +2002-04-18 14:59 jey + + * trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-pubkey.c: - Added a missing + SC_ASN1_CTX flag to DSA key ASN.1 entries + +2002-04-18 11:59 aet + + * trunk/src/tools/pkcs15-crypt.c: Minor warning fixes + +2002-04-18 11:00 okir + + * trunk/src/tools/pkcs15-crypt.c: - DSA signature support + +2002-04-18 10:59 okir + + * trunk/src/libopensc/pkcs15.h: - added a bunch of prototypes + * trunk/src/libopensc/pkcs15.c: - sc_pkcs15_find_pubkey_by_id + +2002-04-18 10:58 okir + + * trunk/src/libopensc/pkcs15-pubkey.c: - fixed bug with DSA pubkey + de/encoding + * trunk/src/libopensc/pkcs15-prkey.c: - small fix for reading the + private key file - added sc_pkcs15_{erase,free}_prkey + +2002-04-18 09:13 okir + + * trunk/src/tests/print.c: - don't print modulus length for DSA + keys + +2002-04-18 09:12 okir + + * trunk/src/tools/pkcs15-init.c: - fix for storing DSA public keys + * trunk/src/pkcs15init/pkcs15-lib.c: - bug in + check_key_compatibility() + +2002-04-18 09:11 okir + + * trunk/src/libopensc/pkcs15-wrap.c: - encryptedContent didn't + have proper ASN.1 + +2002-04-18 09:10 okir + + * trunk/src/libopensc/pkcs15-pubkey.c: - properly encode/decode + DSA public keys + * trunk/src/libopensc/pkcs15-algo.c: - fix algorithm_id decoding + +2002-04-17 20:47 okir + + * trunk/src/pkcs15init/gpk.profile, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/tools/pkcs15-init.c: - starting to support extractable + keys + +2002-04-17 20:46 okir + + * trunk/src/tests/p15dump.c, trunk/src/tests/print.c: - display + non-RSA keys + +2002-04-17 20:45 okir + + * trunk/src/libopensc/pkcs15.h: - missing prototypes for + {de,en}code_prkey + +2002-04-17 20:44 okir + + * trunk/src/libopensc/pkcs15.c: - return objects when searching + for a generic type (e.g. all PRKEY objects) + * trunk/src/libopensc/pkcs15-wrap.c: - correctly initialize PKCDF2 + params + * trunk/src/libopensc/pkcs15-prkey.c: - fixes for PrKDF + encoding/decoding for indirect-protected + +2002-04-17 20:43 okir + + * trunk/src/libopensc/asn1.c: - fix for decoding CHOICE + +2002-04-17 20:42 okir + + * trunk/src/libopensc/errors.h: - new error code + SC_ERROR_INCOMPATIBLE_KEY + +2002-04-17 18:34 okir + + * trunk/src/pkcs11/framework-pkcs15.c: - handle non-RSA keys as + well + +2002-04-17 18:33 okir + + * trunk/src/libopensc/pkcs15-pubkey.c, + trunk/src/libopensc/pkcs15.h: - eliminated RSA specific code to + support generic pubkeys instead + +2002-04-17 18:32 okir + + * trunk/src/libopensc/pkcs15-cert.c: - use SC_ASN1_ALGORITHM_ID + when decoding x509 certs - handle certificates with non-RSA keys + as well + +2002-04-17 13:36 okir + + * trunk/src/libopensc/card-etoken.c, + trunk/src/libopensc/iso7816.c, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/sc.c, trunk/src/libopensc/types.h: - eToken + patches from Markus Friedl + +2002-04-17 13:34 okir + + * trunk/src/libopensc/pkcs15-wrap.c: - some fixes to the ASN.1 we + generate + +2002-04-17 13:13 aet + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/pkcs15-wrap.c: + Minor warning fixes + +2002-04-17 12:20 okir + + * trunk/src/tools/pkcs15-tool.c: - --read-public-key will work for + non-rsa keys too + +2002-04-17 12:19 okir + + * trunk/src/libopensc/asn1.c: - support NULL tag for + encoding/decoding + * trunk/src/libopensc/pkcs15-algo.c: - correctly encode + AlgorithmIdentifier w/o params as OID+NULL + +2002-04-17 10:33 okir + + * trunk/src/libopensc/pkcs15-algo.c: - minor bugfix + +2002-04-17 09:06 okir + + * trunk/src/libopensc/pkcs15-sec.c: - error out for non-native keys + * trunk/src/libopensc/errors.h: - new error code + SC_ERROR_EXTRACTABLE_KEY + +2002-04-17 09:01 okir + + * trunk/src/libopensc/Makefile.am: - added new files + * trunk/src/libopensc/pkcs15-wrap.c: - functions for file content + protection + * trunk/src/libopensc/types.h: - new file path type + SC_PATH_TYPE_PATH_PROT + +2002-04-17 09:00 okir + + * trunk/src/libopensc/pkcs15.h: - new generic function + sc_pkcs15_read_file - structs and functions for data wrap/unwrap + * trunk/src/libopensc/pkcs15.c: - new generic function + sc_pkcs15_read_file + +2002-04-17 08:59 okir + + * trunk/src/libopensc/pkcs15-pubkey.c: - renamed + sc_pkcs15_parse_pubkey_rsa -> sc_pkcs15_decode_pubkey_rsa - + added sc_pkcs15_decode_pubkey_dsa - sc_pkcs15_read_pubkey now + uses sc_pkcs15_read_file + +2002-04-17 08:58 okir + + * trunk/src/libopensc/pkcs15-prkey.c: - initial support for + non-native keys - implemented generic functions + sc_pkcs15_{encode,decode,read}_prkey + +2002-04-17 08:57 okir + + * trunk/src/libopensc/pkcs15-cert.c: - renamed + sc_pkcs15_parse_pubkey_rsa -> sc_pkcs15_decode_pubkey_rsa + +2002-04-17 08:56 okir + + * trunk/src/libopensc/opensc.h: - added + SC_ALGORITHM_{MD5,SHA1,PBKDF2,PBES2} and corresponding + AlgorithmIdentifier parameter structs - added params pointer to + struct sc_algorithm_id + +2002-04-17 08:55 okir + + * trunk/src/libopensc/errors.h: - new error code + SC_ERROR_PASSPHRASE_REQUIRED + * trunk/src/libopensc/pkcs15-algo.c: - Moved ASN.1 handling of + AlgorithmIdentifier to separate file + +2002-04-17 08:54 okir + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/asn1.h: - + implemented encoding of OBJECT IDENTIFIER - enhanced support for + encoding/decoding of CHOICE - moved encoding/decoding of + AlgorithmIdentifier to separate file, and added + encoding/decoding of algorithm parameters + +2002-04-16 10:33 aet + + * trunk/src/scldap/scldap.c: Minor Solaris fixes + +2002-04-15 18:03 aet + + * trunk/src/pkcs15init/pkcs15-gpk.c: Add stdlib.h + +2002-04-15 13:42 okir + + * trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-pubkey.c, + trunk/src/libopensc/pkcs15.h, trunk/src/pkcs11/Makefile.am, + trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/framework-pkcs15init.c, + trunk/src/pkcs11/sc-pkcs11.h, trunk/src/pkcs11/slot.c, + trunk/src/pkcs15init/Makefile.am, + trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-miocos.c, + trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h, + trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-tool.c: - + pkcs15-init does not require openssl anymore + +2002-04-14 13:52 aet + + * trunk/src/openssh/opensc-ssh.c, + trunk/src/signer/opensc-crypto.c: libsc -> opensc + +2002-04-14 12:43 jey + + * trunk/src/libopensc/card-miocos.c: - Fixed ACL handling in + MioCOS driver + +2002-04-13 19:00 okir + + * trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/misc.c: - + C_CreateObject now understands X509 certs (untested) + +2002-04-11 15:53 okir + + * trunk/src/pkcs11/framework-pkcs15.c: - minor fix + +2002-04-11 15:17 okir + + * trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/misc.c, + trunk/src/pkcs11/pkcs11-object.c, trunk/src/pkcs11/sc-pkcs11.h: + - implemented C_CreateObject for public and private key objects + +2002-04-11 15:14 okir + + * trunk/src/tools/pkcs15-init.c: - changed to reflext + pkcs15init_store_foobar update + * trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c: - all + sc_pkcs15init_store_foobar functions now take an additional + struct sc_pkcs15_object ** argument + +2002-04-11 15:13 okir + + * trunk/src/libopensc/pkcs15-sec.c: - avoid unchecked memcpy + +2002-04-11 15:12 okir + + * trunk/src/libopensc/card-gpk.c: - in set_security_env, select + the PK file prior to read_record + +2002-04-11 14:31 aet + + * trunk/src/openssh/Makefile.am: Remove openssh-3.0.2p1-patch.diff + +2002-04-10 23:10 jey + + * trunk/src/libopensc/card-etoken.c: - Added a missing file from a + previous commit + +2002-04-10 23:00 jey + + * trunk/src/libopensc/iso7816.c: - Changed an error code as per + Andreas' suggestion + +2002-04-10 22:25 jey + + * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/opensc.h: - Added support for Aladdin eToken + PRO; patch by Andreas Jellinghaus + +2002-04-09 13:26 aet + + * trunk/src/scam/scam.c, trunk/src/scam/scam.h: Minor cleanups + +2002-04-09 12:32 aet + + * trunk/src/openssh/README, + trunk/src/openssh/openssh-3.0.2p1-patch.diff: - Update ChangeLog + - Update src/openssh/README - Removed obsolete patch for + openssh-3.0.2p1 + +2002-04-09 12:20 aet + + * trunk/src/openssh/opensc-ssh.c: sc-ssh -> opensc-ssh + +2002-04-09 11:34 aet + + * trunk/src/scldap/scldap.c: Free memory + +2002-04-09 11:24 aet + + * trunk/src/scconf/lex-parse.l: - Revert previous patch since it + leads to a sigsegv if we parse file multiple times. Damn it, so + lex allocates a 16kB buffer that it won't free any time. At + least this could be solved some other time by rewriting a + separate line parser without lex. + +2002-04-09 11:01 aet + + * trunk/src/scconf/lex-parse.l: Free yy_current_buffer since lex + doesn't do it + +2002-04-09 10:59 jey + + * trunk/src/scam/scam.c: - Added a missing include file + +2002-04-08 15:51 okir + + * trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/framework-pkcs15init.c, + trunk/src/pkcs11/pkcs11-global.c, + trunk/src/pkcs11/pkcs11-session.c, trunk/src/pkcs11/sc-pkcs11.h: + - implemented C_InitPIN (based on pkcs15init) - C_Login now + understands the SO PIN. + +2002-04-08 15:50 okir + + * trunk/src/pkcs15init/profile.h: - cleanup + * trunk/src/pkcs15init/profile.c: - free some more memory in + sc_profile_free + +2002-04-08 15:49 okir + + * trunk/src/pkcs15init/pkcs15-lib.c: - SO PIN is now optionally: + if you want to use it, pass a PIN to sc_pkcs15init_add_app. If + you don't, don't. - sc_pkcs15init_erase_card checks whether the + erase_card funcion ptr is NULL - check SO pin len in + sc_pkcs15init_add_app - In sc_pkcs15init_store_pin, if the + caller didn't specify the auth_id, select one automatically - + added sc_pkcs15init_unbind + +2002-04-08 15:46 okir + + * trunk/src/pkcs15init/pkcs15-init.h: - added sc_pkcs15init_unbind + * trunk/src/pkcs15init/pkcs15-gpk.c: - SO PIN path was not + propagated to the caller + +2002-04-08 15:45 okir + + * trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: - + implemented sc_pkcs15_find_so_pin + * trunk/src/libopensc/card-gpk.c: - When the application selected + the EF, then the container DF, all PIN info would be lost. + +2002-04-08 14:57 aet + + * trunk/src/scam/p15_eid.c, trunk/src/scam/p15_ldap.c, + trunk/src/scam/scam.h: Remove scam_framework_ops->atrs + +2002-04-08 09:29 okir + + * trunk/src/pkcs15init/pkcs15-lib.c: - store SO PIN entry in AODF + * trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h: + - textual pin flags; defer pin file lookup until + sc_profile_finish + +2002-04-08 09:28 okir + + * trunk/src/pkcs15init/pkcs15-gpk.c: - implemented SO PIN handling + * trunk/src/pkcs15init/gpk.profile: - enable SO PIN + +2002-04-08 09:27 okir + + * trunk/src/pkcs15init/pkcs15.profile: - add pin descriptions + +2002-04-08 09:23 okir + + * trunk/src/libopensc/pkcs15-pin.c: - pin flags were not encoded + correctly + +2002-04-08 08:27 aet + + * trunk/src/pam/pam_opensc.c, trunk/src/scam/p15_eid.c, + trunk/src/scam/p15_ldap.c, trunk/src/scam/scam.c, + trunk/src/scam/scam.h, trunk/src/sia/sia_opensc.c: - Upgrade all + modules to store method specific internal data to + scam_context->method_data + +2002-04-07 19:36 aet + + * trunk/src/pam/Makefile.am, trunk/src/pam/pam_opensc.c, + trunk/src/pam/pam_support.c, trunk/src/pam/pam_support.h, + trunk/src/scam/Makefile.am, trunk/src/scam/p15_eid.c, + trunk/src/scam/p15_ldap.c, trunk/src/scam/scam.c, + trunk/src/scam/scam.h, trunk/src/sia/Makefile.am, + trunk/src/sia/sia_opensc.c: Started to rewrite parts of scam: - + Combine lib{pam,sia}scam into libscam - Get rid of the need for + handles, printmsg and logmsg in the scam_framework_ops structure. + +2002-04-07 13:15 jey + + * trunk/src/pkcs15init/flex.profile, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/profile.c, trunk/src/tools/pkcs15-init.c: - + Added support for user-defined serial numbers in pkcs15-init and + PIN flags in profiles + +2002-04-07 10:21 aet + + * trunk/src/libopensc/errors.c: Warning fixes + +2002-04-06 15:04 jey + + * trunk/src/libopensc/card-miocos.c: - Changed CLA byte to 0xA0 in + miocos_delete_file() + +2002-04-06 14:52 jey + + * trunk/src/pkcs15init/pkcs15-lib.c: - Added user PIN finding to + sc_pkcs15init_store_certificate() + +2002-04-06 14:21 jey + + * trunk/src/pkcs15init/flex.profile, + trunk/src/pkcs15init/miocos.profile: - Added certificate + templates + +2002-04-06 12:14 jey + + * trunk/docs/Makefile.am, trunk/docs/pkcs-15v1_1.asn: - Added PCKS + #15 ASN.1 module + +2002-04-06 12:02 jey + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/card.c, trunk/src/libopensc/errors.c, + trunk/src/libopensc/errors.h, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/reader-pcsc.c, trunk/src/libopensc/sc.c, + trunk/src/libopensc/types.h, trunk/src/pkcs11/misc.c: - Divided + errors into different groups, added new ones and renamed some - + Moved sc_strerror() to errors.c - Added a 'sensitive' flag to + struct sc_apdu + +2002-04-06 08:21 aet + + * trunk/src/libopensc/emv.h, trunk/src/libopensc/log.h: Fix some + typos + +2002-04-06 08:02 aet + + * trunk/src/libopensc/Makefile.am: Add errors.h and types.h + +2002-04-05 18:49 okir + + * trunk/src/tools/opensc-explorer.c: - include/opensc fix + +2002-04-05 18:19 okir + + * trunk/src/pkcs11/framework-pkcs15init.c: - C_InitToken: after + creating the application DF, switch to the normal pkcs15 + framework on the fly and mark all tokens as initialized. + +2002-04-05 18:10 aet + + * trunk/src/libopensc/internal.h, trunk/src/libopensc/module.c, + trunk/src/libopensc/reader-ctapi.c: Change calling convention + for sc_module_close() + +2002-04-05 15:51 aet + + * trunk/src/pkcs11/framework-pkcs15init.c, + trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-miocos.c: Minor warning fixes + +2002-04-05 15:06 jey + + * trunk/src/include/opensc/Makefile.am, + trunk/src/libopensc/errors.h, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/types.h: - Started to split opensc.h into + smaller parts + +2002-04-05 15:04 okir + + * trunk/src/tools/opensc-explorer.c: - added erase command + +2002-04-05 15:03 okir + + * trunk/src/pkcs11/Makefile.am, + trunk/src/pkcs11/framework-pkcs15init.c, + trunk/src/pkcs11/slot.c: - added new pkcs15init framework that + implements C_InitToken + +2002-04-05 15:02 okir + + * trunk/src/pkcs11/sc-pkcs11.h: - added initialize() function to + card ops vector + * trunk/src/pkcs11/pkcs11-global.c: - Added C_Initialize - Minor + bugfix in C_Finalize + +2002-04-05 15:01 okir + + * trunk/src/pkcs11/framework-pkcs15.c: - add CKF_TOKEN_INITIALIZED + flag + +2002-04-05 14:56 okir + + * trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c: - implemented + sc_pkcs15init_get_{serial,amnufacturer}, fixed bug + +2002-04-05 14:55 okir + + * trunk/src/pkcs15init/profile.c: - try to free all memory we + allocated + * trunk/src/pkcs15init/pkcs15-gpk.c: - during add_app, just + complain about SO PINs but don't error out + +2002-04-05 14:46 jey + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/asn1.h, + trunk/src/libopensc/base64.c, + trunk/src/libopensc/card-default.c, + trunk/src/libopensc/card-emv.c, trunk/src/libopensc/card-flex.c, + trunk/src/libopensc/card-miocos.c, + trunk/src/libopensc/card-setcos.c, + trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/ctx.c, trunk/src/libopensc/dir.c, + trunk/src/libopensc/emv.c, trunk/src/libopensc/emv.h, + trunk/src/libopensc/internal.h, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/log.c, trunk/src/libopensc/log.h, + trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15-cache.c, + trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/pkcs15.h, + trunk/src/libopensc/reader-ctapi.c, + trunk/src/libopensc/reader-pcsc.c, trunk/src/libopensc/sc.c, + trunk/src/libopensc/sec.c: - Added SC_ERROR_FILE_ALREADY_EXISTS + - Changed call convention for reader finish() - CT-API driver + now frees its resources correctly - Added year 2002 to some of + the copyright statements - sc_pkcs15_decipher() and + sc_pkcs15_compute_signature() now select only the parent DF of + the private key file + +2002-04-05 14:23 aet + + * trunk/src/include/opensc/Makefile.am: Symlink all necessary + headers + +2002-04-05 14:00 jey + + * trunk/src/pkcs15init/pkcs15-lib.c: - Fixed a bug in + sc_pkcs15init_bind() - Added PIN code padding in do_verify_pin() + +2002-04-05 13:49 aet + + * trunk/src/Makefile.am: Add missing directory + +2002-04-05 13:48 aet + + * trunk/configure.in, trunk/src/include, + trunk/src/include/.cvsignore, trunk/src/include/Makefile.am, + trunk/src/include/opensc, trunk/src/include/opensc/.cvsignore, + trunk/src/include/opensc/Makefile.am, + trunk/src/libopensc/asn1.h, trunk/src/libopensc/emv.c, + trunk/src/libopensc/emv.h, trunk/src/libopensc/log.h, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15.h, + trunk/src/openssh/opensc-ssh.c, + trunk/src/openssh/openssh-3.0.2p1-patch.diff, + trunk/src/pkcs11/sc-pkcs11.h, + trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-miocos.c, + trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h, + trunk/src/scam/Makefile.am, trunk/src/scam/p15_eid.c, + trunk/src/scam/p15_ldap.c, trunk/src/scam/scam.c, + trunk/src/scldap/scldap.h, trunk/src/scldap/test-ldap.c, + trunk/src/signer/opensc-crypto.h, trunk/src/signer/signer.h, + trunk/src/tests/base64.c, trunk/src/tests/lottery.c, + trunk/src/tests/p15dump.c, trunk/src/tests/pintest.c, + trunk/src/tests/print.c, trunk/src/tests/prngtest.c, + trunk/src/tests/sc-test.c, trunk/src/tools/Makefile.am, + trunk/src/tools/cryptoflex-tool.c, + trunk/src/tools/opensc-explorer.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-crypt.c, + trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-tool.c, + trunk/src/tools/util.h: Rework the header structure Currently + fails to compile, unless you symlink all the necessary headers + to src/include/opensc by yourself. + +2002-04-05 10:44 aet + + * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/asn1.c, + trunk/src/libopensc/asn1.h, trunk/src/libopensc/base64.c, + trunk/src/libopensc/card-default.c, + trunk/src/libopensc/card-emv.c, trunk/src/libopensc/card-flex.c, + trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/card-miocos.c, + trunk/src/libopensc/card-setcos.c, + trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/ctx.c, trunk/src/libopensc/dir.c, + trunk/src/libopensc/emv.c, trunk/src/libopensc/internal.h, + trunk/src/libopensc/iso7816.c, trunk/src/libopensc/log.c, + trunk/src/libopensc/log.h, trunk/src/libopensc/module.c, + trunk/src/libopensc/pkcs15-cache.c, + trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-pubkey.c, + trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/pkcs15.h, + trunk/src/libopensc/reader-ctapi.c, + trunk/src/libopensc/reader-pcsc.c, trunk/src/libopensc/sc.c, + trunk/src/libopensc/sec.c, trunk/src/openssh/opensc-ssh.c, + trunk/src/openssh/openssh-3.0.2p1-patch.diff, + trunk/src/pkcs11/sc-pkcs11.h, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/profile.h, trunk/src/scam/p15_eid.c, + trunk/src/scam/p15_ldap.c, trunk/src/signer/opensc-crypto.h, + trunk/src/signer/signer.h, trunk/src/tests/base64.c, + trunk/src/tests/p15dump.c, trunk/src/tests/pintest.c, + trunk/src/tests/print.c, trunk/src/tools/cryptoflex-tool.c, + trunk/src/tools/pkcs15-crypt.c, trunk/src/tools/pkcs15-init.c, + trunk/src/tools/pkcs15-tool.c: Upgrade sources to use new + headers, part #1 + +2002-04-05 10:37 aet + + * trunk/src/libopensc/opensc-emv.h, + trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/sc-asn1.h, + trunk/src/libopensc/sc-internal.h, trunk/src/libopensc/sc-log.h: + Obsolete. opensc-emv.h, opensc-pkcs15.h --> emv.h, pkcs15.h + sc-asn1.h, sc-internal.h, sc-log.h --> asn1.h, internal.h, log.h + +2002-04-05 10:25 aet + + * trunk/src/libopensc/Makefile.am, trunk/src/pam/Makefile.am, + trunk/src/pkcs11/Makefile.am, trunk/src/pkcs15init/Makefile.am, + trunk/src/scconf/Makefile.am, trunk/src/scldap/Makefile.am, + trunk/src/scrandom/Makefile.am, trunk/src/sia/Makefile.am, + trunk/src/signer/Makefile.am: Install headers to + ${prefix}/include/opensc + +2002-04-05 10:06 okir + + * trunk/src/tools/pkcs15-init.c: - don't include profile.h anymore + +2002-04-05 10:05 okir + + * trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h: + - miniscule API changes so that applications don't need to + include profile.h anymore + +2002-04-05 08:45 okir + + * trunk/src/pkcs15init/profile.c: - file type is now also a struct + map + +2002-04-04 22:10 jey + + * trunk/src/pkcs15init/Makefile.am, + trunk/src/pkcs15init/flex.profile, + trunk/src/pkcs15init/miocos.profile, + trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-miocos.c: - Cryptoflex now works + with the new pkcs15init stuff + +2002-04-04 20:49 jey + + * trunk/configure.in: - Small typos corrected + +2002-04-04 20:42 jey + + * trunk/src/pkcs15init/Makefile.am, + trunk/src/pkcs15init/miocos.profile, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-miocos.c: - Partial support for PKCS + #15 generation on MioCOS cards - Some other small fixes to the + pkcs15init code + +2002-04-04 20:40 jey + + * trunk/src/libopensc/card-miocos.c, + trunk/src/libopensc/cardctl.h, trunk/src/libopensc/pkcs15.c: - + Cleaned up MioCOS driver and added PIN code creation - Added an + error message in case ODF parsing fails + +2002-04-04 20:38 jey + + * trunk/src/libopensc/asn1.c: - DER decoder now treats 0xFF tags + the same way as 0x00 tags + +2002-04-04 20:37 jey + + * trunk/src/tools/opensc-explorer.c: - Made clearer the error + message resulting from an incorrect PIN code entry + +2002-04-04 19:58 okir + + * trunk/src/pkcs15init/pkcs15-lib.c: - the previous fix broke + do_verify_pin + +2002-04-04 15:06 aet + + * trunk/src/pkcs15init/pkcs15-lib.c: Minor warning fix + +2002-04-04 15:02 aet + + * trunk/src/libopensc/pkcs15-cert.c: Workaround for a compiler + problem (Sun WorkShop 6 update 2 C 5.3 Patch 111679-05 + 2002/02/07) Still lots of bogus warnings, but at least + everything compiles + +2002-04-04 14:34 okir + + * trunk/src/pkcs15init/profile.c: - added internal-ef for juha + +2002-04-04 14:21 aet + + * trunk/src/scam/p15_eid.c, trunk/src/scam/p15_ldap.c, + trunk/src/sia/sia_opensc.c, trunk/src/sia/sia_support.h: + Checkpoint commit for SIA support, doesn't work yet + +2002-04-04 12:44 aet + + * trunk/src/libopensc/card-gpk.c, trunk/src/libopensc/cardctl.h: + Fix minor compiler warnings + +2002-04-04 11:14 aet + + * trunk/Makefile.am, trunk/README.signer, trunk/TODO, + trunk/src/libopensc/Makefile.am: Update TODO and Changelog 'make + dist' fixes Add missing README for OpenSC-Signer + +2002-04-04 10:56 aet + + * trunk/configure.in: OpenSC-Signer merge complete. + +2002-04-04 10:40 aet + + * trunk/configure.in, trunk/src/Makefile.am, + trunk/src/signer/Makefile.am: Merge opensc-signer to + opensc/src/signer, part #1 + +2002-04-04 09:20 jey + + * trunk/src/libopensc/reader-ctapi.c: - ctapi_release() now calls + CT_close(), as it should + * trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/pkcs15.h: - Added typedefs for the most + common structs + +2002-04-03 14:16 jey + + * trunk/src/libopensc/ctx.c: - fixed a typo + +2002-04-03 14:15 okir + + * trunk/src/pkcs15init/pkcs15-lib.c: - shouldn't set key_reference + +2002-04-03 12:59 aet + + * trunk/src/libopensc/card-setcos.c: Minor warning fix + +2002-04-03 12:53 okir + + * trunk/src/pkcs15init/pkcs15.profile, + trunk/src/pkcs15init/profile.c: - renamed PKCS15-DIR to DIR per + juha's request + +2002-04-03 12:46 okir + + * trunk/src/pkcs15init/gpk.profile, + trunk/src/pkcs15init/pkcs15.profile: - moved gpk specific MF ACL + to the gpk profile, where it belongs + +2002-04-03 11:57 okir + + * trunk/src/pkcs15init/TODO: - updated TODO list + +2002-04-03 11:56 okir + + * trunk/src/tools/pkcs15-init.c: - fixed exit code + +2002-04-03 11:55 okir + + * trunk/src/pkcs15init/gpk.profile, + trunk/src/pkcs15init/pkcs15.profile: - rewrote config files to + match new parser + +2002-04-03 11:52 okir + + * trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h: + - rewrote parser to use Antti's scconf + +2002-04-03 11:51 okir + + * trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc.c: - added + two new error codes for pkcs15init + +2002-04-02 21:26 jey + + * trunk/src/libopensc/card-setcos.c: - fixed a small bug regarding + prop_attr in the SetCOS driver + +2002-04-02 20:58 aet + + * trunk/src/pkcs15init/profile.c, trunk/src/tools/pkcs15-init.c: + Minor compiler warning fixes + +2002-04-02 14:46 okir + + * trunk/src/tools/pkcs15-init.c: - support for SO pin during app + initialization + +2002-04-02 14:45 okir + + * trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c: pkcs15-gpk.c + +2002-04-02 14:27 okir + + * trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c: - added + sc_pkcs15init_present_pin for juha + +2002-04-02 13:43 aet + + * trunk/src/pkcs15init, trunk/src/pkcs15init/.cvsignore: Add + .cvsignore + +2002-04-02 13:38 aet + + * trunk/configure.in, trunk/src/pkcs15init/Makefile.am: Generate + src/pkcs15init/Makefile + +2002-04-02 13:30 okir + + * trunk/src/Makefile.am: - added new subdir pkcs15init + +2002-04-02 13:29 okir + + * trunk/src/tools/flex.profile, trunk/src/tools/gpk.profile, + trunk/src/tools/miocos.profile, trunk/src/tools/pkcs15-cflex.c, + trunk/src/tools/pkcs15-gpk.c, trunk/src/tools/pkcs15-init.h, + trunk/src/tools/pkcs15-miocos.c, trunk/src/tools/pkcs15.profile, + trunk/src/tools/profile.c, trunk/src/tools/profile.h: - moved + most of the pkcs15init stuff to libpkcs15init + +2002-04-02 13:28 okir + + * trunk/src/tools/Makefile.am, trunk/src/tools/pkcs15-init.c: - + rewrote pkcs15-init; much of the init stuff moved to separate + library + +2002-04-02 13:26 okir + + * trunk/src/pkcs15init, trunk/src/pkcs15init/Makefile.am, + trunk/src/pkcs15init/README, trunk/src/pkcs15init/TODO, + trunk/src/pkcs15init/flex.profile, + trunk/src/pkcs15init/gpk.profile, + trunk/src/pkcs15init/miocos.profile, + trunk/src/pkcs15init/pkcs15-cflex.c, + trunk/src/pkcs15init/pkcs15-gpk.c, + trunk/src/pkcs15init/pkcs15-init.h, + trunk/src/pkcs15init/pkcs15-lib.c, + trunk/src/pkcs15init/pkcs15-miocos.c, + trunk/src/pkcs15init/pkcs15.profile, + trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h: + - rewrite of the pkcs15-init stuff + +2002-04-02 12:58 okir + + * trunk/src/libopensc/pkcs15.c: - sc_pkcs15_get_objects() now lets + you search for generic types (e.g. SC_PKCS15_TYPE_PRKEY) too. + +2002-04-02 12:57 okir + + * trunk/src/libopensc/opensc.h: - added SC_AC_SYMBOLIC for + pkcs15init support + +2002-04-02 11:41 okir + + * trunk/src/tests/print.c: - indentation fix + +2002-04-02 09:38 aet + + * trunk/Makefile.am, trunk/aclocal/Makefile.am, + trunk/docs/Makefile.am, trunk/etc/Makefile.am, + trunk/src/Makefile.am, trunk/src/common/Makefile.am, + trunk/src/libopensc/Makefile.am, trunk/src/openssh/Makefile.am, + trunk/src/pam/Makefile.am, trunk/src/pkcs11/Makefile.am, + trunk/src/pkcs11/rsaref/Makefile.am, trunk/src/scam/Makefile.am, + trunk/src/scconf/Makefile.am, trunk/src/scldap/Makefile.am, + trunk/src/scrandom/Makefile.am, trunk/src/sia/Makefile.am, + trunk/src/signer/Makefile.am, + trunk/src/signer/npinclude/Makefile.am, + trunk/src/tests/Makefile.am, trunk/src/tools/Makefile.am: Add + maintainer-clean patch by Andreas Jellinghaus + + +2002-03-31 19:15 aet + + * trunk/src/scconf/scconf.c, trunk/src/scconf/scconf.h, + trunk/src/scconf/test-conf.c, trunk/src/scldap/scldap.c: Remove + flag SCCONF_OPTIONAL, add SCCONF_MANDATORY + +2002-03-31 16:32 aet + + * trunk/src/libopensc/ctx.c, trunk/src/libopensc/module.c, + trunk/src/libopensc/sc.c: Remove #include "config.h", + sc-internal.h already does that + +2002-03-31 16:00 aet + + * trunk/src/scconf/scconf.c: Include header stdio.h + +2002-03-31 15:26 aet + + * trunk/src/libopensc/reader-ctapi.c, + trunk/src/scconf/test-conf.c, trunk/src/scldap/scldap.c: - + Upgrade scldap to use scconf_parse_entries(); - Fix compiler + warnings for ct-api driver, untested. + +2002-03-31 13:00 aet + + * trunk/src/scconf/scconf.c, trunk/src/scconf/test-conf.c: Upgrade + test-conf to use scconf_parse_entries(); NOTE: Handles ldap/card + blocks for scldap.conf + +2002-03-31 11:30 aet + + * trunk/src/scconf/parse.c, trunk/src/scconf/scconf.c, + trunk/src/scconf/scconf.h: Add functions scconf_list_add and + scconf_parse_entries, getting the values in user code is now + pretty much the same as it is in ASN.1 decoder. + +2002-03-28 14:13 jey + + * trunk/src/libopensc/card-miocos.c, + trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/iso7816.c, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/sc.c: - sec_attr and prop_attr are now + dynamically allocated in struct sc_file + +2002-03-28 13:34 aet + + * trunk/src/libopensc/ctx.c, trunk/src/tests/sc-test.c: - Added + sanity check for sc_establish_context. If no readers are found, + fail and return SC_ERROR_NO_READERS_FOUND. + +2002-03-28 13:10 aet + + * trunk/src/libopensc/Makefile.am: Add missing @LIBDL@ to + libopensc linking + +2002-03-27 13:13 aet + + * trunk/configure.in, trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/ctx.c, trunk/src/libopensc/internal.h, + trunk/src/libopensc/module.c, + trunk/src/libopensc/reader-ctapi.c, + trunk/src/libopensc/sc-internal.h, + trunk/src/openssh/Makefile.am, trunk/src/pam/Makefile.am, + trunk/src/scam/Makefile.am, trunk/src/scldap/Makefile.am, + trunk/src/scldap/scldap.c, trunk/src/scrandom/Makefile.am, + trunk/src/sia/Makefile.am, trunk/src/signer/Makefile.am: - Minor + cleanups to build process - Add header check for dlfcn.h - Add + internal functions sc_module_{open,close,get_address} - Use + environ instead __environ for scldap_search, should be more + portable. - Fix compiler warnings noticed by Tru64 / AIX cc + +2002-03-26 23:06 aet + + * trunk/src/scam/p15_eid.c, trunk/src/scam/p15_ldap.c: Reduce the + scidi specific code to bare minimum + +2002-03-26 20:59 aet + + * trunk/src/scldap/scldap.h: Add missing character + +2002-03-26 20:56 aet + + * trunk/src/libopensc/ctx.c, trunk/src/scconf/scconf.c, + trunk/src/scconf/scconf.h, trunk/src/scconf/test-conf.c, + trunk/src/scldap/scldap.c, trunk/src/scldap/scldap.h: Rename + scconf_init to scconf_new Rename scconf_deinit to scconf_free + Add initial comments to scldap.h + +2002-03-26 20:05 okir + + * trunk/src/pkcs11/framework-pkcs15.c: - fix signing of raw + md5/sha1 hash w/o pkcs1 gunk prefix + +2002-03-26 11:38 jey + + * trunk/etc/opensc.conf.example, trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/ctbcs.h, trunk/src/libopensc/ctx.c, + trunk/src/libopensc/internal.h, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/reader-ctapi.c, + trunk/src/libopensc/reader-pcsc.c, + trunk/src/libopensc/sc-internal.h, trunk/src/libopensc/sc.c: - + Added support for CT-API - Improved config file loading - + Implemented ATR parsing + +2002-03-25 22:39 aet + + * trunk/src/libopensc/ctx.c, trunk/src/scconf/scconf.c, + trunk/src/scconf/scconf.h, trunk/src/scconf/test-conf.c, + trunk/src/scldap/scldap.c: Rename scconf_find_value to + scconf_find_list Rename scconf_find_value_first to + scconf_get_str Add functions scconf_get_int and scconf_get_bool + +2002-03-25 21:23 aet + + * trunk/src/libopensc/ctx.c, trunk/src/scconf/parse.c, + trunk/src/scconf/scconf.c, trunk/src/scconf/test-conf.c, + trunk/src/scldap/scldap.c: Always allocate scconf_list for block + structure + +2002-03-25 20:10 aet + + * trunk/src/libopensc/ctx.c, trunk/src/scconf/scconf.c, + trunk/src/scconf/scconf.h, trunk/src/scconf/test-conf.c, + trunk/src/scldap/scldap.c: Add sanity checks and more comments + Add new parameter for scconf_find_blocks + +2002-03-25 12:39 aet + + * trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/misc.c, + trunk/src/pkcs11/pkcs11-global.c, + trunk/src/pkcs11/pkcs11-object.c, + trunk/src/pkcs11/pkcs11-session.c, trunk/src/pkcs11/sc-pkcs11.h, + trunk/src/pkcs11/secretkey.c, trunk/src/pkcs11/slot.c: Add + support for config.h Remove old, obsolete and dead code + +2002-03-25 11:54 aet + + * trunk/configure.in, trunk/etc/scldap.conf.example, + trunk/src/scldap/scldap.c: Still changes for libreadline checks + output Clear environment before calling ldap_init, as suggested + by Olaf + +2002-03-25 10:19 okir + + * trunk/configure.in: - pick up -lresolv on systems with glibc + 2.2.4 (needed by openldap 2.x) + +2002-03-24 23:20 jey + + * trunk/TODO: - updated TODO + +2002-03-24 22:54 jey + + * trunk/src/libopensc/ctx.c: - fixed some memory leaks in + sc_establish_context + +2002-03-24 22:47 jey + + * trunk/etc/opensc.conf.example, trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/ctx.c, trunk/src/libopensc/reader-pcsc.c, + trunk/src/libopensc/sc.c: - Moved functions from sc.c to ctx.c - + Card and reader drivers are now configurable + +2002-03-24 21:56 aet + + * trunk/src/pkcs11/pkcs11-global.c, trunk/src/scam/p15_eid.c, + trunk/src/scam/p15_ldap.c, trunk/src/tests/sc-test.c, + trunk/src/tools/cryptoflex-tool.c, + trunk/src/tools/opensc-explorer.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-crypt.c, + trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-tool.c: + Don't hardcode initial debugging level and error/debug_file + pointers to the code, get the values from opensc.conf instead. + +2002-03-24 20:30 aet + + * trunk/configure.in: Add missing AC_MSG_RESULT texts to + libreadline check + +2002-03-24 20:04 aet + + * trunk/src/scconf/test-conf.c: Allow user to specify input/output + filenames + +2002-03-24 17:50 aet + + * trunk/etc/opensc.conf.example: Fix syntax errors + +2002-03-24 17:09 aet + + * trunk/src/libopensc/sc.c: Oops, scconf_parse was called twice. + Fixed. + +2002-03-24 16:57 aet + + * trunk/etc/opensc.conf.example, trunk/src/libopensc/sc.c: - Fix a + potential segfault for the new sc_establish_context - Keep the + variable names in opensc.conf the same as they are in code + structs. Always try to parse app default { } first, then upgrade + the settings with the application specific configuration block. + +2002-03-24 15:41 aet + + * trunk/Makefile.am, trunk/configure.in, trunk/etc, + trunk/etc/.cvsignore, trunk/etc/Makefile.am, + trunk/etc/scldap.conf.example, trunk/src/libopensc/Makefile.am, + trunk/src/openssh/openssh-3.0.2p1-patch.diff, + trunk/src/pkcs11/pkcs11-global.c, trunk/src/scam/Makefile.am, + trunk/src/scam/p15_ldap.c, trunk/src/scam/scam.c, + trunk/src/scldap/Makefile.am, trunk/src/scldap/scldap.h, + trunk/src/scldap/test-ldap.c, trunk/src/signer/opensc-crypto.c, + trunk/src/signer/opensc-support.c: Move opensc/src/scldap/etc to + opensc/etc SCLDAP_CONFIG -> SCLDAP_CONF_PATH Upgrade the rest of + the programs to use new core API + +2002-03-24 14:15 jey + + * trunk/etc/opensc.conf.example: - second version of the default + config file + +2002-03-24 14:12 jey + + * trunk/configure.in, trunk/etc, trunk/etc/opensc.conf.example, + trunk/src/libopensc/Makefile.am, trunk/src/libopensc/internal.h, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc-internal.h, + trunk/src/libopensc/sc.c, trunk/src/openssh/opensc-ssh.c, + trunk/src/pkcs11/pkcs11-global.c, trunk/src/scam/p15_eid.c, + trunk/src/scam/p15_ldap.c, trunk/src/scam/scam.c, + trunk/src/tests/sc-test.c, trunk/src/tools/cryptoflex-tool.c, + trunk/src/tools/opensc-explorer.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-crypt.c, + trunk/src/tools/pkcs15-gpk.c, trunk/src/tools/pkcs15-init.c, + trunk/src/tools/pkcs15-tool.c, trunk/src/tools/profile.c, + trunk/src/tools/util.c, trunk/src/tools/util.h: - Started to add + configuration file support to libopensc - Added typedefs for + some basic structs (e.g. struct sc_card --> sc_card_t) - Added a + second argument to sc_establish_context() to identify the + calling application - Renamed sc_destroy_context() to + sc_release_context() + +2002-03-24 14:06 jey + + * trunk/src/libopensc/card-setcos.c: - fixed a typo in one ATR + string + +2002-03-24 12:14 aet + + * trunk/src/pam/pam_opensc.c, trunk/src/tools/opensc-explorer.c, + trunk/src/tools/pkcs15-init.c, trunk/src/tools/profile.c: - Fix + compiler warnings for Solaris - Use of PAM_MODULE_UNKNOWN broke + pam_opensc for Sun based PAM implementations, fixed. + +2002-03-24 10:03 aet + + * trunk/src/scam/p15_eid.c, trunk/src/scam/p15_ldap.c, + trunk/src/scam/scam.c: Make sure everything compiles even if we + don't have an LDAP implementation and/or OpenSSL library. + +2002-03-23 19:37 aet + + * trunk/configure.in: Restructuring and merges with scidi + +2002-03-23 16:28 aet + + * trunk/src/pam/README, trunk/src/scam/p15_eid.c, + trunk/src/scam/p15_ldap.c: Strip off "opensc-" prefix from the + p15 module names + +2002-03-22 13:56 aet + + * trunk/src/tools/Makefile.am: 'make dist' fixes + +2002-03-22 09:50 aet + + * trunk/bootstrap: Test if Makefile exists before doing make + distclean Remove --gnu from autoreconf + +2002-03-22 01:14 aet + + * trunk/src/scldap/scldap.c: Disable a debugging message that got + activated because of log_messagex -> fprintf renames. + +2002-03-22 00:13 aet + + * trunk/src/tests/base64.c, trunk/src/tests/lottery.c, + trunk/src/tests/p15dump.c, trunk/src/tests/pintest.c, + trunk/src/tests/print.c, trunk/src/tests/prngtest.c, + trunk/src/tests/sc-test.c, trunk/src/tests/sc-test.h: Fix memory + leaks Indent lines + +2002-03-21 23:45 aet + + * trunk/src/libopensc/pkcs15-cert.c, trunk/src/scam/p15_eid.c, + trunk/src/scam/p15_ldap.c: Remove bogus "len = len;" statement + from pkcs15-cert Other minor cleanups + +2002-03-21 19:12 aet + + * trunk/src/pam/README: Merge bits of information from + pam_pkcs15's README for opensc-pkcs15-eid + +2002-03-21 18:37 aet + + * trunk/configure.in: Fix a typo Add missing conditional + +2002-03-21 18:02 aet + + * trunk/src/pam/pam_opensc.c, trunk/src/pam/pam_support.c, + trunk/src/pam/pam_support.h: Move get_login() to pam_support.c + +2002-03-21 17:41 aet + + * trunk/configure.in, trunk/src/pam/Makefile.am, + trunk/src/pam/README, trunk/src/pam/pam_opensc.c, + trunk/src/scam/Makefile.am, trunk/src/scam/p15_eid.c, + trunk/src/scam/p15_ldap.c, trunk/src/scam/scam.c, + trunk/src/scam/scam.h, trunk/src/sia/Makefile.am, + trunk/src/sia/sia_opensc.c, trunk/src/sia/sia_support.c: + Cleanups for PAM and SIA build process + +2002-03-21 14:05 aet + + * trunk/Makefile.am, trunk/configure.in, + trunk/src/pam/Makefile.am, trunk/src/pam/pam_opensc.c, + trunk/src/pam/pam_support.c, trunk/src/scam/Makefile.am, + trunk/src/scam/p15_eid.c, trunk/src/scam/p15_ldap.c, + trunk/src/scam/scam.c, trunk/src/scldap/scldap.c, + trunk/src/scldap/test-ldap.c, trunk/src/scrandom/scrandom.c, + trunk/src/sia/Makefile.am: Merge configure.ac stuff from SCIDI, + needs some cleanups Add missing functions Replace + log_message{x}() calls with fprintf, for now Everything compiles + with vanilla opensc tree, yet untested. + +2002-03-21 13:11 aet + + * trunk/src/scconf/parse.c, trunk/src/scconf/write.c: Build fixes + +2002-03-21 11:56 aet + + * trunk/src/sia, trunk/src/sia/.cvsignore, + trunk/src/sia/Makefile.am, trunk/src/sia/sia_opensc.c, + trunk/src/sia/sia_support.c, trunk/src/sia/sia_support.h, + trunk/src/sia/test-sia.c: Add preliminary version of SIA module + for Tru64 Compiles, doesn't work yet. To be finished when + someone returns my development alpha. :) + +2002-03-21 11:35 aet + + * trunk/src/pam/pam_support.h: Oops, indent fixes + +2002-03-21 10:43 aet + + * trunk/src/Makefile.am, trunk/src/pam/Makefile.am, + trunk/src/scam/p15_eid.c, trunk/src/scam/p15_ldap.c, + trunk/src/scldap/Makefile.am, trunk/src/scldap/test-ldap.c, + trunk/src/scrandom/Makefile.am, + trunk/src/scrandom/test-random.c: Build fixes + +2002-03-21 09:36 okir + + * trunk/src/libopensc/card-emv.c, trunk/src/libopensc/card-flex.c, + trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/iso7816.c, trunk/src/openssh/opensc-ssh.c, + trunk/src/pkcs11/misc.c, trunk/src/pkcs11/pkcs11-global.c, + trunk/src/pkcs11/pkcs11-session.c, trunk/src/pkcs11/slot.c, + trunk/src/tests/pintest.c: - added some #include string.h + statements for RH 7.2 + +2002-03-20 23:21 aet + + * trunk/src/pam, trunk/src/pam/.cvsignore, + trunk/src/pam/Makefile.am, trunk/src/pam/README, + trunk/src/pam/misc_conv.c, trunk/src/pam/pam_opensc.c, + trunk/src/pam/pam_pkcs15.c, trunk/src/pam/pam_support.c, + trunk/src/pam/pam_support.h, trunk/src/scam, + trunk/src/scam/.cvsignore, trunk/src/scam/Makefile.am, + trunk/src/scam/p15_eid.c, trunk/src/scam/p15_ldap.c, + trunk/src/scam/scam.c, trunk/src/scam/scam.h, trunk/src/scconf, + trunk/src/scconf/.cvsignore, trunk/src/scconf/Makefile.am, + trunk/src/scconf/internal.h, trunk/src/scconf/lex-parse.l, + trunk/src/scconf/parse.c, trunk/src/scconf/scconf.c, + trunk/src/scconf/scconf.h, trunk/src/scconf/test-conf.c, + trunk/src/scconf/write.c, trunk/src/scldap, + trunk/src/scldap/.cvsignore, trunk/src/scldap/Makefile.am, + trunk/src/scldap/scldap.c, trunk/src/scldap/scldap.h, + trunk/src/scldap/test-ldap.c, trunk/src/scrandom, + trunk/src/scrandom/.cvsignore, trunk/src/scrandom/Makefile.am, + trunk/src/scrandom/scrandom.c, trunk/src/scrandom/scrandom.h, + trunk/src/scrandom/test-random.c: Start merging various sources + from project SCIDI - smart card identification infrastructure by + Helsinki University of Technology. Breaks current PAM build, + lot's of stuff from configure.ac missing, some references to + unknown sources and functions. Time to get some sleep, i'll + continue merging tomorrow. + +2002-03-20 19:37 jey + + * trunk/NEWS, trunk/configure.in: - Bumped up version number to + 0.6.1 - Wrote a NEWS entry + +2002-03-20 19:33 aet + + * trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/misc.c, + trunk/src/pkcs11/pkcs11-object.c, + trunk/src/pkcs11/pkcs11-session.c, trunk/src/pkcs11/secretkey.c: + #include cleanups to get rid of compiler warnings + +2002-03-20 19:31 jey + + * trunk/src/pkcs11/framework-pkcs15.c: - Added Olaf's ASN.1 + wrapping magic + +2002-03-20 17:17 jey + + * trunk/src/pkcs11/framework-pkcs15.c: - Fixed debug output in + pkcs15_create_slot() + +2002-03-20 15:04 okir + + * trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/pkcs11-session.c, trunk/src/pkcs11/sc-pkcs11.h: + - implemented C_ChangePIN + +2002-03-20 13:08 okir + + * trunk/src/pkcs11/framework-pkcs15.c: - implemented CKA_SUBJECT + * trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/pkcs15-cert.c, trunk/src/libopensc/pkcs15.h: + - now extracting issuer from certificate + +2002-03-19 10:04 jey + + * trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/pkcs15-cert.c, trunk/src/libopensc/pkcs15.c: + - Fixed a couple of memory leaks - Fixed a bug in decoding + EF(TokenInfo) + +2002-03-18 13:24 okir + + * trunk/src/tools/opensc-explorer.c: - make it compile with + readline versions that declare readline(char *); + +2002-03-18 12:49 okir + + * trunk/src/pkcs11/framework-pkcs15.c: - by default, the token is + marked write_protected - fixed debug output when creating a slot + with no PIN + * trunk/src/pkcs11/README: - do not enable the RSA flag n netscape + +2002-03-18 11:05 okir + + * trunk/src/pkcs11/README, trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/misc.c, trunk/src/pkcs11/pkcs11-object.c, + trunk/src/pkcs11/pkcs11-session.c, trunk/src/pkcs11/sc-pkcs11.h, + trunk/src/pkcs11/secretkey.c: - made email decryption work in + netscape + +2002-03-15 15:22 okir + + * trunk/src/pkcs11/Makefile.am, + trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/pkcs11-object.c, trunk/src/pkcs11/sc-pkcs11.h, + trunk/src/pkcs11/secretkey.c: - first stab at C_Unwrap + +2002-03-15 15:19 okir + + * trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/pkcs15-cert.c, trunk/src/libopensc/pkcs15.h: + - extract certificate issuer and store it in sc_pkcs15_cert + +2002-03-15 12:48 jey + + * trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15.h: - started adding support for DSA + private keys + +2002-03-15 12:37 okir + + * trunk/src/pkcs11/framework-pkcs15.c: - email signing now works + from navigator + +2002-03-15 11:41 okir + + * trunk/src/pkcs11/pkcs11-global.c: - set debug log file and + libopensc debug level via environment vars + +2002-03-15 10:40 jey + + * trunk/src/tools/opensc-explorer.c: *** empty log message *** + +2002-03-15 10:10 jey + + * trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/pkcs15-cert.c, trunk/src/libopensc/pkcs15.h: + - Added support for big serial numbers in certificates + +2002-03-15 10:05 okir + + * trunk/src/tools/pkcs15-tool.c: - now uses sc_pkcs15_free_pubkey + +2002-03-15 10:01 okir + + * trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/pkcs15-pubkey.c, + trunk/src/libopensc/pkcs15.h: - implemented sc_pkcs15_free_pubkey + +2002-03-15 09:43 okir + + * trunk/src/libopensc/cardctl.h: - removed + SC_CARDCTL_GET_PK_ALGORITHMS card_ctl + * trunk/src/libopensc/card-gpk.c: - implemented decipher() + operation - removed SC_CARDCTL_GET_PK_ALGORITHMS card_ctl - + minor signing fixes + +2002-03-15 09:42 okir + + * trunk/src/libopensc/iso7816.c, trunk/src/libopensc/sec.c: - + moved sc_decipher implementation to iso7816.c + +2002-03-15 09:01 okir + + * trunk/src/tools/pkcs15-tool.c: - fixed PEM public key header + +2002-03-14 17:02 okir + + * trunk/src/tools/pkcs15-crypt.c: - add option --md5 + +2002-03-14 16:57 okir + + * trunk/src/tools/pkcs15-tool.c: - list and extract public keys + +2002-03-14 11:50 aet + + * trunk/src/libopensc/pkcs15.c: Add missing static for + parse_tokeninfo(); + +2002-03-14 11:50 okir + + * trunk/src/libopensc/pkcs15.c: - fixed a typo that caused bad + auth_id's + +2002-03-13 23:11 aet + + * trunk/src/tools/pkcs15-cflex.c, trunk/src/tools/pkcs15-init.c: + Fix minor compiler warnings + +2002-03-13 20:25 okir + + * trunk/src/libopensc/card-gpk.c: - if the offset shift is 2 in + update binary et al, make sure the application provided offset + is a multiple of 4. + +2002-03-13 20:24 okir + + * trunk/src/libopensc/opensc.h: - make sure SC_APDU_CHOP_SIZE is a + multiple of 4 (otherwise, update binary et al of large files + will fail on the GPK) + +2002-03-13 20:23 okir + + * trunk/src/tools/pkcs15-init.c: - fixed certificate download + +2002-03-13 15:18 aet + + * trunk/docs, trunk/docs/.cvsignore: Add missing files + +2002-03-13 13:21 jey + + * trunk/configure.in: - added docs/Makefile to AC_OUTPUT + +2002-03-13 13:17 jey + + * trunk/Makefile.am: - removed README.Cryptoflex from EXTRA_DIST + +2002-03-13 13:09 okir + + * trunk/Makefile.am: - added docs subdirectory so that manpages + get installed + * trunk/docs/Makefile.am: - added Makefile.am for manpages + * trunk/docs/pkcs15-crypt.1, trunk/docs/pkcs15-init.1, + trunk/docs/pkcs15-profile.5, trunk/docs/pkcs15.7: - added a + bunch of manpages + +2002-03-13 12:42 aet + + * trunk/src/signer/dialog.c: - Ahem, decrease the version number a + bit - assuan_transact is now API compatible with the latest + version of Assuan (newpg/assuan) + +2002-03-13 11:36 jey + + * trunk/src/signer/opensc-crypto.c: - fixed a small core-dumping + bug + +2002-03-13 10:51 jey + + * trunk/README.Cryptoflex: - Preparation for release 0.6.0 - + Removed obsolete README.Cryptoflex + +2002-03-13 10:48 jey + + * trunk/NEWS, trunk/src/openssh/README, + trunk/src/openssh/openssh-3.0.2p1-patch.diff, + trunk/src/tools/miocos.profile, trunk/src/tools/pkcs15-cflex.c, + trunk/src/tools/pkcs15-miocos.c: *** empty log message *** + +2002-03-13 10:34 jey + + * trunk/src/pkcs11/framework-pkcs15.c: - some autodetection magic + in pkcs15_prkey_sign() + +2002-03-13 09:51 jey + + * trunk/src/pkcs11/framework-pkcs15.c: - reverted a change in + pkcs15_prkey_sign + +2002-03-13 08:54 jey + + * trunk/src/signer/dialog.c, trunk/src/signer/opensc-crypto.c: - + Fixed signature generation - Assuan API is now compatible with + newer versions + +2002-03-12 16:27 okir + + * trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-init.h: - + added pkcs12 support + * trunk/src/tools/pkcs15.profile: - Make the default size for DF + files 128 bytes (FIXME: we need to be able to set this on a per + card basis in $cardname.profile + +2002-03-12 14:36 okir + + * trunk/src/pkcs11/framework-pkcs15.c: - add support for PuKDF + objects. - lock the card in C_Login, and unlock it in C_Logout. + * trunk/src/pkcs11/sc-pkcs11.h: - keep track of number of sessions + +2002-03-12 14:35 okir + + * trunk/src/pkcs11/pkcs11-session.c: - keep track of the number of + sessions per slot, and do a C_Logout when the last session is + closed. + +2002-03-12 13:41 okir + + * trunk/src/tools/Makefile.am: - Make sure profiles get installed + in $(pkgdatadir), and propagate this directory name to profile.c + (icky automake stuff) + +2002-03-12 13:00 jey + + * trunk/configure.in, trunk/src/libopensc/card-flex.c, + trunk/src/libopensc/card-miocos.c, trunk/src/libopensc/dir.c, + trunk/src/libopensc/iso7816.c, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/sc.c, trunk/src/tools/flex.profile, + trunk/src/tools/pkcs15-cflex.c, trunk/src/tools/pkcs15-init.c, + trunk/src/tools/profile.c, trunk/src/tools/profile.h: - Fixed + PKCS #15 structure generation on Cryptoflex cards and + implemented a default profile - Cryptoflex now reports its + supported PK algorithms correctly - Various pkcs15-init fixes + +2002-03-12 10:08 okir + + * trunk/src/tools/gpk.profile, trunk/src/tools/pkcs15-gpk.c, + trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-init.h, + trunk/src/tools/pkcs15.profile, trunk/src/tools/profile.c, + trunk/src/tools/profile.h: - Implemented download of public keys + and X509 certificates + +2002-03-11 14:13 okir + + * trunk/src/tools/pkcs15-init.c: - now creating EF(DIR) + +2002-03-11 14:12 okir + + * trunk/src/libopensc/opensc.h: - exporting sc_update_dir to + applications + +2002-03-11 12:41 okir + + * trunk/src/libopensc/card-gpk.c: - we cache just the DF portion + of the currently selected file path, excluding the EF's FID - + when sending the hash to the card (as part of + compute_signature), revert the sequence of hashed bytes + +2002-03-11 11:52 okir + + * trunk/src/tools/pkcs15-init.c: - When storing a private key, + always store the public portion as well + +2002-03-11 11:40 jey + + * trunk/src/libopensc/log.c: *** empty log message *** + +2002-03-11 10:18 okir + + * trunk/src/tools/profile.c: - forgot to add DFs to the profile's + file list + +2002-03-11 09:14 okir + + * trunk/src/tools/gpk.profile, trunk/src/tools/pkcs15-init.c, + trunk/src/tools/pkcs15.profile, trunk/src/tools/profile.c, + trunk/src/tools/profile.h: - Implemented Parent/FileID stuff + according to Juha's proposal + +2002-03-10 11:48 jey + + * trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/card-miocos.c, + trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/internal.h, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/sc-internal.h: - GPK now reports it's PK + abilities correctly + +2002-03-09 17:54 aet + + * trunk/src/libopensc/card-miocos.c, + trunk/src/libopensc/card-setcos.c, + trunk/src/libopensc/pkcs15-sec.c, + trunk/src/tools/pkcs15-cflex.c, trunk/src/tools/pkcs15-init.c, + trunk/src/tools/profile.c: Include stdlib.h where needed Warning + fixes for various OS's mcheck.h is not portable, so remove it + +2002-03-09 17:27 aet + + * trunk/src/tools/flex.profile, trunk/src/tools/gpk.profile, + trunk/src/tools/miocos.profile: Standardize the first header + comment a bit between various profiles + +2002-03-09 17:21 aet + + * trunk/src/tools/Makefile.am: Add flex.profile to EXTRA_DIST + Rename miocos-rw.profile to miocos.profile + +2002-03-09 15:11 jey + + * trunk/src/libopensc/card-flex.c, + trunk/src/libopensc/card-miocos.c, trunk/src/libopensc/opensc.h, + trunk/src/tools/Makefile.am, trunk/src/tools/cryptoflex-tool.c, + trunk/src/tools/flex.profile, trunk/src/tools/miocos-rw.profile, + trunk/src/tools/miocos.profile, + trunk/src/tools/opensc-explorer.c, + trunk/src/tools/pkcs15-cflex.c, trunk/src/tools/pkcs15-init.c, + trunk/src/tools/pkcs15-init.h, trunk/src/tools/profile.c: - + Improved support for MioCOS cards - Removed PKCS #15 creation + from cryptoflex-tool - Added PIN pad character option to + profile.c + +2002-03-08 19:47 okir + + * trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-pubkey.c, + trunk/src/libopensc/pkcs15.h: - added sc_pkcs15_read_pubkey to + retrieve public key from a public key file + +2002-03-08 19:46 okir + + * trunk/src/libopensc/card-gpk.c: - specify sc_algorithm_info + +2002-03-08 16:06 aet + + * trunk/Makefile.am, trunk/src/tools/Makefile.am, + trunk/src/tools/profile.h, trunk/src/tools/util.h: 'make dist' + fixes Minor cleanups + +2002-03-08 15:18 aet + + * trunk/src/signer/opensc-crypto.c: SC_PKCS15_HASH_SHA1 -> + SC_ALGORITHM_RSA_HASH_SHA1 + +2002-03-08 14:47 aet + + * trunk/src/openssh/opensc-ssh.c: Fixed opensc-ssh to work with + recent p15 API changes + +2002-03-08 05:59 jey + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/asn1.h, + trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/card-miocos.c, + trunk/src/libopensc/card-setcos.c, + trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/internal.h, + trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-sec.c, + trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/sc-asn1.h, + trunk/src/libopensc/sc-internal.h, trunk/src/pam/pam_pkcs15.c, + trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/tools/pkcs15-crypt.c: - Added X.509 algorithm id + decoding and encoding to asn1.c - Implemented a generic ATR + matching helper function - Made signing much smarter (should + even work now) - Added info about supported crypto algorithms to + struct sc_card + +2002-03-07 13:06 okir + + * trunk/src/tools/pkcs15-init.c, trunk/src/tools/profile.c: - + fixed attributes etc of PuKDF entry + +2002-03-07 13:03 okir + + * trunk/src/tests/p15dump.c: - moved object printing stuff to + separate file - dump public key info if present + * trunk/src/tests/Makefile.am, trunk/src/tests/print.c, + trunk/src/tests/sc-test.h: - moved object printing stuff to + separate file + +2002-03-07 13:02 okir + + * trunk/src/tests/pintest.c: - fixed pintest to work with p15 API + changes + +2002-03-07 12:33 okir + + * trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: - + sc_pkcs15_parse_df now understands PuKDFs + +2002-03-07 12:26 okir + + * trunk/src/tools/pkcs15-init.c: - fixed error code handling + +2002-03-07 12:25 okir + + * trunk/src/tools/pkcs15-gpk.c: - fixed memory corruption problem + +2002-03-07 11:57 fabled + + * trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/pkcs11-session.c: - Patch from Olaf Kirch to + implement of RSA exponent and modulus retrievel in pkcs11 code - + Fixed the checking of PIN length in pkcs11 login + +2002-03-06 17:49 okir + + * trunk/src/tools/gpk-rw.profile, trunk/src/tools/gpk.profile, + trunk/src/tools/pkcs15-gpk.c, trunk/src/tools/pkcs15-init.c, + trunk/src/tools/pkcs15-init.h, trunk/src/tools/pkcs15-miocos.c, + trunk/src/tools/pkcs15.profile, trunk/src/tools/profile.c, + trunk/src/tools/profile.h: - Rewrote large parts of pkcs15-init + for greater flexibility, and with an eye towards separating some + of the stuff into a library that can be used by pkcs11. + +2002-03-06 13:22 okir + + * trunk/src/libopensc/card.c: - in sc_select_file, remember the + file path in the returned struct sc_file + +2002-03-06 13:21 okir + + * trunk/src/libopensc/pkcs15.c: - another buffer overflow + +2002-03-06 12:33 okir + + * trunk/src/libopensc/card-gpk.c: - Added + {read,write,update}_binary handlers that shift the offset + +2002-03-06 12:32 okir + + * trunk/src/libopensc/pkcs15.c: - SECURITY: Fixed buffer overflow + +2002-03-05 16:52 jey + + * trunk/src/signer/dialog.c, trunk/src/signer/opensc-crypto.c, + trunk/src/signer/opensc-support.c: - now works with the new API + +2002-03-05 13:26 okir + + * trunk/configure.in: - make sure HAVE_OPENSSL is defined even + when reading openssldir from config.cache + +2002-03-05 13:16 okir + + * trunk/configure.in: - make sure HAVE_LIBPCSCLITE is defined when + using --with-pcsclite + +2002-03-05 09:30 okir + + * trunk/src/libopensc/pkcs15-pubkey.c: - small typo + +2002-03-04 10:33 okir + + * trunk/src/tools/gpk-rw.profile, trunk/src/tools/pkcs15-init.c, + trunk/src/tools/profile.c, trunk/src/tools/profile.h: - started + to work on PuKDF stuff + +2002-03-04 09:33 okir + + * trunk/src/tools/profile.h: - Added support for Juha's latest API + changes + +2002-03-04 09:32 okir + + * trunk/src/tools/profile.c: - Fixes for Juha's rewrite of + sc_pkcs15_object and friends - changes some names - allow + profile to set private key access flags + +2002-03-04 09:31 okir + + * trunk/src/tools/gpk-rw.profile: - Added default access_flags for + private key objects + +2002-03-04 08:35 okir + + * trunk/src/tests/p15dump.c: - adapted to juha's latest changes + +2002-03-04 06:58 fabled + + * trunk/src/pkcs11/pkcs11-object.c, trunk/src/pkcs11/sc-pkcs11.h: + - Fixed buffer overflow in C_FindObjectsInit (patch from Olaf + Kirch ) + +2002-03-03 17:36 fabled + + * trunk/src/pkcs11/framework-pkcs15.c: - Fixed PKCS #11 module to + use the new PKCS #15 API + +2002-03-03 00:32 jey + + * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/asn1.c, + trunk/src/libopensc/asn1.h, trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-pubkey.c, + trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h, + trunk/src/libopensc/sc-asn1.h, trunk/src/libopensc/sc.c, + trunk/src/tools/Makefile.am, trunk/src/tools/cryptoflex-tool.c, + trunk/src/tools/pkcs15-crypt.c, trunk/src/tools/pkcs15-tool.c: - + Reworked PKCS #15 structure a bit (MANY THINGS WILL BREAK) - + Added support for public key DFs (not tested yet) + +2002-03-02 14:03 okir + + * trunk/src/tools/pkcs15-init.c: - if required, read pin from + stdin (fixed key download) + +2002-03-01 11:52 jey + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/card-miocos.c, + trunk/src/libopensc/card-setcos.c, + trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/internal.h, + trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/sc-internal.h, + trunk/src/tools/opensc-tool.c: - intermediary checkin + +2002-02-27 22:15 okir + + * trunk/src/libopensc/card-gpk.c: - Implemented GET_PK_ALGORITHMS + card_ctl + * trunk/src/libopensc/cardctl.h: - Fixed typo on _CTL_PREFIX - + Added SC_CARDCTL_GET_PK_ALGORITHMS + +2002-02-26 21:15 okir + + * trunk/configure.in: - some platforms need -ltermcap to go with + -lreadline + +2002-02-26 21:11 okir + + * trunk/src/tools/opensc-explorer.c: - we may have readline.h but + may still not be able to link the lib + +2002-02-26 16:34 okir + + * trunk/src/libopensc/card-gpk.c: - implemented change/unblock pin + +2002-02-26 11:27 jey + + * trunk/docs, trunk/docs/.cvsignore, + trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/card-setcos.c, + trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/sc.c, trunk/src/tools/miocos-rw.profile, + trunk/src/tools/pkcs15-miocos.c: - added some missing files - + renamed card-setec.c to card-setcos.c + +2002-02-26 11:23 jey + + * trunk/AUTHORS, trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/card-default.c, + trunk/src/libopensc/card-miocos.c, + trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/dir.c, + trunk/src/libopensc/iso7816.c, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/sc.c, trunk/src/tools/Makefile.am, + trunk/src/tools/opensc-explorer.c, + trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-init.h: - + added a driver for MioCOS cards by Miotec - implemented EF(DIR) + updating + +2002-02-25 22:42 okir + + * trunk/src/libopensc/card-gpk.c: - fixed sc_card_driver + initalization + +2002-02-25 18:58 okir + + * trunk/TODO: - test commit + +2002-02-25 18:50 okir + + * trunk/src/tools/pkcs15-gpk.c, trunk/src/tools/pkcs15-init.c, + trunk/src/tools/profile.c, trunk/src/tools/profile.h: - cleanup + and misc minor fixes + +2002-02-25 18:48 okir + + * trunk/src/libopensc/card-gpk.c: - first stab at signatures + +2002-02-25 18:47 okir + + * trunk/src/libopensc/pkcs15-sec.c: - avoid integer underflow for + outlen < 11 + +2002-02-25 18:43 aet + + * trunk/configure.in, trunk/src/tools/opensc-explorer.c: Minor + fixes to libreadline checking + +2002-02-25 16:30 aet + + * trunk/configure.in, trunk/src/tools/Makefile.am, + trunk/src/tools/cryptoflex-tool.c, + trunk/src/tools/opensc-explorer.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-crypt.c, + trunk/src/tools/pkcs15-gpk.c, trunk/src/tools/pkcs15-init.c, + trunk/src/tools/pkcs15-tool.c, trunk/src/tools/profile.c, + trunk/src/tools/util.c: Added support for checking libreadline + and use it for opensc-explorer if one is found. + +2002-02-25 15:40 aet + + * trunk/configure.in: Minor fix for HAVE_PCSCLITE conditional + +2002-02-25 14:13 jey + + * trunk/src/libopensc/asn1.c: - small bug fixed in + encode_bit_string; patch by Olaf Kirch + +2002-02-25 13:51 aet + + * trunk/src/tools/pkcs15-init.c: Add missing help text for + --passphrase + +2002-02-25 12:37 aet + + * trunk/src/tests/filetest.c, trunk/src/tests/hst-test.c: Obsolete + +2002-02-25 12:04 aet + + * trunk/src/openssh/opensc-ssh.c, trunk/src/pam/pam_pkcs15.c, + trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/slot.c, + trunk/src/signer/opensc-crypto.c, + trunk/src/signer/opensc-support.c, trunk/src/signer/signer.h, + trunk/src/tests/hst-test.c, trunk/src/tests/lottery.c, + trunk/src/tests/p15dump.c, trunk/src/tests/pintest.c, + trunk/src/tests/prngtest.c, trunk/src/tests/sc-test.c: Upgrade + to current OpenSC API Compiles, so far untested + +2002-02-25 11:50 aet + + * trunk/src/tools, trunk/src/tools/.cvsignore: Add pkcs15-init + +2002-02-25 11:13 aet + + * trunk/src/libopensc/Makefile.am, trunk/src/tools/Makefile.am: + HAVE_SSL cleanups + +2002-02-25 11:06 aet + + * trunk/src/signer/Makefile.am: Get rid of PC/SC specific flags + (thank god) + +2002-02-25 11:05 aet + + * trunk/configure.in, trunk/src/libopensc/Makefile.am, + trunk/src/openssh/Makefile.am, trunk/src/pam/Makefile.am, + trunk/src/pkcs11/Makefile.am, trunk/src/pkcs11/sc-pkcs11.h, + trunk/src/tests/Makefile.am, trunk/src/tools/Makefile.am: + winscard.h / CFLAGS_PCSC cleanups Merge OpenSSL configure + changes with SCIDI Build process changes for future CT-API + support + +2002-02-24 21:14 aet + + * trunk/src/libopensc/reader-pcsc.c: Fix segfault for pcsc_finish + +2002-02-24 20:16 aet + + * trunk/src/libopensc/reader-pcsc.c: Add missing SC_STATUS_TIMEOUT + that was removed from sc-internal.h + +2002-02-24 19:32 jey + + * trunk/CodingStyle, trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/card-default.c, + trunk/src/libopensc/card-emv.c, trunk/src/libopensc/card-flex.c, + trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/card-setcos.c, + trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/internal.h, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/reader-pcsc.c, + trunk/src/libopensc/sc-internal.h, trunk/src/libopensc/sc.c, + trunk/src/libopensc/sec.c, trunk/src/tools/cryptoflex-tool.c, + trunk/src/tools/opensc-explorer.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-crypt.c, + trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-tool.c: - + implemented reader abstraction layer; now it's easier to add + support for e.g. CT-API - renamed ops_data field to drv_data in + struct sc_card - copied coding style document from Linux kernel + +2002-02-24 16:50 aet + + * trunk/src/libopensc/card-gpk.c, trunk/src/libopensc/pkcs15.c, + trunk/src/tools/pkcs15-gpk.c, trunk/src/tools/pkcs15-init.c, + trunk/src/tools/profile.c, trunk/src/tools/profile.h: Minor + changes to get rid of compiler warnings for various OS's + +2002-02-23 13:38 jey + + * trunk/src/libopensc/card-gpk.c, trunk/src/libopensc/cardctl.h, + trunk/src/tools/gpk-rw.profile, trunk/src/tools/pkcs15-gpk.c, + trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-init.h, + trunk/src/tools/profile.c, trunk/src/tools/profile.h: - + implemented RSA and DSA key downloading to GPK cards + +2002-02-22 20:46 jey + + * trunk/src/tools/opensc-explorer.c: - a small fix + +2002-02-22 07:18 jey + + * trunk/src/libopensc/cardctl.h, trunk/src/tools/gpk-rw.profile, + trunk/src/tools/pkcs15-gpk.c, trunk/src/tools/pkcs15-init.c, + trunk/src/tools/pkcs15-init.h, trunk/src/tools/profile.c, + trunk/src/tools/profile.h: - added some missing files from last + commits, whoops + +2002-02-21 19:23 jey + + * trunk/src/libopensc/card.c, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/opensc.h: - added sc_update_binary(), + sc_append_binary() and sc_write_binary() with their + corresponding ISO 7816-4 reference functions + +2002-02-21 18:53 jey + + * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/sc.c, + trunk/src/tools/Makefile.am, trunk/src/tools/opensc-explorer.c, + trunk/src/tools/util.c, trunk/src/tools/util.h: - added ATR for + RSA SecurID 3100 - exported pkcs15_encode_* functions - minor + modification to sc_file_add_acl_entry() - boosted up + opensc-explorer - added error(), warn() and fatal() - + implemented a generic PKCS #15 structure generation tool + +2002-02-20 18:42 aet + + * trunk/src/libopensc/sc.c: Fix memory leak for + sc_establish_context + +2002-02-20 09:56 jey + + * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/card-emv.c, + trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/card-setcos.c, + trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/dir.c, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/sc.c, + trunk/src/tests/Makefile.am, trunk/src/tools/cryptoflex-tool.c, + trunk/src/tools/opensc-explorer.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-tool.c, + trunk/src/tools/util.c, trunk/src/tools/util.h: - all instances + struct sc_file should now be dynamically allocated with + sc_file_new() and released with sc_file_free() - improved ACL's + - moved struct sc_card_error to opensc.h - moved EF(DIR) parsing + and encoding to dir.c (encoding is not working yet) - removed + hst-test.c and filetest.c + +2002-02-17 21:55 aet + + * trunk/src/libopensc/sc.c: Bugfix for sc_destroy_context, + pcsc_ctx was never released + +2002-02-15 23:17 jey + + * trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/internal.h, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc-internal.h, + trunk/src/libopensc/sc.c, trunk/src/libopensc/sec.c: - added + error reporting for several new SWs - added check_sw function to + sc_card_operations + +2002-02-11 15:55 jey + + * trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/card-default.c, + trunk/src/libopensc/card-setcos.c, + trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/iso7816.c, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/sc.c, trunk/src/tools/opensc-explorer.c, + trunk/src/tools/opensc-tool.c: - added partial support for TCOS + 2.0 cards - default card driver now tries to do a GET RESPONSE + instead of SELECT FILE to detect the correct CLA byte - moved + security attribute parsing from iso7816.c to card-setec.c - + added some more sanity checking to sc_check_apdu - added 'debug' + command line option to opensc-explorer + +2002-02-11 11:01 aet + + * trunk/src/libopensc/card-gpk.c: AIX cc fixes + +2002-02-11 10:49 aet + + * trunk/src/libopensc/card-gpk.c: Portability fixes + +2002-02-10 18:09 jey + + * trunk/src/libopensc/card-gpk.c: - added a license notice to + card-gpk.c + +2002-02-10 18:04 jey + + * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/card-gpk.c, + trunk/src/libopensc/iso7816.c, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15-pin.c, trunk/src/libopensc/sc.c, + trunk/src/libopensc/sec.c, trunk/src/tools/Makefile.am, + trunk/src/tools/opensc-explorer.c: - added partial support for + GPK 4000 - made line parsing in opensc-explorer saner - moved + change_reference_data and reset_retry_counter to iso7816.c, + where they belong - added partial libreadline support to + opensc-explorer + +2002-02-07 13:10 aet + + * trunk/configure.in: small #define HAVE_OPENSSL fixes + +2002-02-06 12:32 aet + + * trunk/src/pkcs11/Makefile.am: Add install-exec-local and remove + opensc-pkcs11.{la,a}, like we do with opensc-signer + +2002-02-06 10:36 aet + + * trunk/aclocal/acx_pthread.m4: Tru64: Fix for + PTHREAD_CREATE_JOINABLE $ok + +2002-01-29 14:38 aet + + * trunk/src/signer/Makefile.am: Add install-exec-local and remove + opensc-signer.{la,a}, any better way to do this? + +2002-01-28 21:04 jey + + * trunk/src/libopensc/card.c, trunk/src/libopensc/opensc.h: - + added support for T=1 protocol + +2002-01-28 19:29 fabled + + * trunk/src/pkcs11/opensc_pkcs11_install.js: Testing version. Use + if you dare. + +2002-01-28 12:16 aet + + * trunk/README: Change OpenSC web site url to + http://www.opensc.org/ + +2002-01-26 21:16 aet + + * trunk/src/libopensc, trunk/src/libopensc/.cvsignore: Add + opensc-config + +2002-01-26 16:03 jey + + * trunk/configure.in, trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/card-flex.c, + trunk/src/libopensc/opensc-config.in: - added opensc-config + script - added ATR string for Cryptoflex 8k + +2002-01-26 12:16 aet + + * trunk/src/libopensc/pkcs15-cache.c, + trunk/src/pkcs11/framework-pkcs15.c: Fix compiler warnings + +2002-01-24 18:37 jey + + * trunk/Makefile.am, trunk/NEWS, trunk/README.Cryptoflex, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15.c, trunk/src/tests/sc-test.c, + trunk/src/tools/cryptoflex-tool.c: - last minute changes before + the new release + +2002-01-24 16:27 fabled + + * trunk/src/pkcs11/Makefile.am, + trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/pkcs11-object.c, + trunk/src/pkcs11/pkcs11-session.c, trunk/src/pkcs11/slot.c: - + many bug fixes in pkcs #11 module - pkcs #11 module now creates + public key objects too + +2002-01-24 16:24 jey + + * trunk/README.Cryptoflex, trunk/configure.in, + trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/pkcs15-pin.c, trunk/src/libopensc/pkcs15.h: + - added README.Cryptoflex - modified ChangeLog - _really_ bumped + up the version number this time + +2002-01-24 16:02 jey + + * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/log.c, trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15-cache.c, + trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h, + trunk/src/libopensc/sc.c, trunk/src/pam/pam_pkcs15.c, + trunk/src/pkcs11/pkcs11-global.c, + trunk/src/tools/cryptoflex-tool.c, + trunk/src/tools/opensc-explorer.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-crypt.c, + trunk/src/tools/pkcs15-tool.c, trunk/src/tools/util.c, + trunk/src/tools/util.h: - bumped up version number in + preparation of the new release - unified PKCS #15 DF decoding - + added PKCS #15 file caching + +2002-01-24 12:56 aet + + * trunk/src/pkcs11/README, trunk/src/pkcs11/pkcs11-global.c: + Silence debug messages by default for upcoming release README + update + +2002-01-22 17:41 aet + + * trunk/aclocal/acx_pthread.m4: Fix pthread.h checking for recent + releases of Tru64 + +2002-01-22 16:43 jey + + * trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/pkcs11-global.c: - fixed a few typos + +2002-01-22 16:26 aet + + * trunk/src/libopensc/card-flex.c, + trunk/src/tools/cryptoflex-tool.c: Fix compiler warnings, for + digital cc this time + +2002-01-22 14:54 fabled + + * trunk/src/pkcs11/misc.c: * many bugfixes in pkcs11 module * + memory corruption fix in pkcs15 framework * pool node deletion + fixed in misc.c * now detects smartcards in C_GetSlotInfo too + +2002-01-22 14:44 fabled + + * trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/slot.c: Many + bugfixes including segfault in card detection and C_GetSlotInfo + now detects the cards too. + +2002-01-21 15:37 jey + + * trunk/src/tools/cryptoflex-tool.c: - changed PIN1 path in PKCS + #15 structure + +2002-01-21 15:11 jey + + * trunk/src/libopensc/card-flex.c: - added KEY verification to + Cryptoflex driver + +2002-01-21 12:49 jey + + * trunk/src/libopensc/card-flex.c, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/sc.c, + trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/tools/cryptoflex-tool.c: - added PKCS #15 structure + generation to cryptoflex-tool + +2002-01-21 11:22 aet + + * trunk/src/signer, trunk/src/signer/.cvsignore: Add *.u + +2002-01-21 10:56 aet + + * trunk/src/libopensc/log.h, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/sc-log.h, trunk/src/tools/cryptoflex-tool.c, + trunk/src/tools/opensc-explorer.c: Compiler warning fixups for + various compilers + * trunk/src/libopensc, trunk/src/libopensc/.cvsignore, + trunk/src/tools, trunk/src/tools/.cvsignore: Add *.u and + cryptoflex-tool to .cvsignore + +2002-01-21 09:05 jey + + * trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card.c, + trunk/src/pkcs11/framework-pkcs15.c, + trunk/src/pkcs11/pkcs11-global.c, + trunk/src/tools/pkcs15-crypt.c: - improved file selection on + Cryptoflex cards - fixed an incompatability in PKCS #11 module + +2002-01-20 21:20 jey + + * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/asn1.c, + trunk/src/libopensc/card-flex.c, + trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/defaults.c, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/log.h, trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15-defaults.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/sc-log.h, + trunk/src/libopensc/sc.c, trunk/src/libopensc/sec.c, + trunk/src/pam/pam_pkcs15.c, trunk/src/tools/Makefile.am, + trunk/src/tools/cryptoflex-tool.c, + trunk/src/tools/opensc-explorer.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-crypt.c, + trunk/src/tools/pkcs15-tool.c: - fixed a bug with file + permissions in flex_create_file() - added RSA signature + generation with Cryptoflex cards - improved security environment + handling - implemented cryptoflex-tool + +2002-01-20 18:24 aet + + * trunk/src/openssh/README, trunk/src/pam/README, + trunk/src/tests/hst-test.c: README updates after not so recent + filename changes sc-log.h cleanup for hst-test + +2002-01-17 23:47 jey + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/card-flex.c, + trunk/src/libopensc/log.c, trunk/src/libopensc/log.h, + trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h, + trunk/src/libopensc/sc-log.h, trunk/src/tools/pkcs15-crypt.c: - + PKCS #15 generation is now in a semi-working state - started + coding crypto support for Cryptoflexes + +2002-01-17 12:05 aet + + * trunk/src/pkcs11/README, trunk/src/pkcs11/misc.c, + trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/sc-pkcs11.h: + README cleanups Fix compiler warnings + +2002-01-17 12:04 aet + + * trunk/src/pkcs11/Makefile.am, trunk/src/tools/Makefile.am: + Remove gcc-specific options + * trunk/src/libopensc/log.c, trunk/src/libopensc/log.h, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc-log.h: int + error -> int sc_error, since it conflicts with error() and + results to compiler error with various compilers. + +2002-01-17 11:50 jey + + * trunk/src/tools/opensc-explorer.c: - small bugfix + +2002-01-17 11:44 jey + + * trunk/src/libopensc/card-flex.c, + trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/iso7816.c, trunk/src/libopensc/log.c, + trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h, + trunk/src/libopensc/sec.c: - improved PKCS #15 generation + +2002-01-17 09:37 aet + + * trunk/src/pkcs11/rsaref, trunk/src/pkcs11/rsaref/.cvsignore: Add + missing .cvsignore + +2002-01-17 00:25 jey + + * trunk/src/tools/Makefile.am: - fixed a goof in last commit + +2002-01-16 23:59 jey + + * trunk/THANKS, trunk/src/libopensc/asn1.c, + trunk/src/libopensc/asn1.h, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/log.c, trunk/src/libopensc/log.h, + trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/sc-asn1.h, + trunk/src/libopensc/sc-log.h, trunk/src/libopensc/sc.c, + trunk/src/libopensc/sec.c, trunk/src/tools/Makefile.am, + trunk/src/tools/opensc-explorer.c, + trunk/src/tools/pkcs15-crypt.c: - continued to improve PKCS #15 + generation - fixed a few problems in sc_set_security_env - + started to implement Better (tm) object handling for PKCS #15 + objects + +2002-01-16 22:52 fabled + + * trunk/configure.in: Changed pkcs11 header directory to rsaref. + +2002-01-16 22:50 fabled + + * trunk/src/pkcs11/rsaref, trunk/src/pkcs11/rsaref/Makefile.am, + trunk/src/pkcs11/rsaref/pkcs11.h, + trunk/src/pkcs11/rsaref/pkcs11f.h, + trunk/src/pkcs11/rsaref/pkcs11t.h, + trunk/src/pkcs11/rsaref/unix.h: RSA header files. + +2002-01-16 22:49 fabled + + * trunk/src/pkcs11/Makefile.am, trunk/src/pkcs11/README, + trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/misc.c, + trunk/src/pkcs11/pkcs11-global.c, + trunk/src/pkcs11/pkcs11-object.c, + trunk/src/pkcs11/pkcs11-session.c, trunk/src/pkcs11/sc-pkcs11.h, + trunk/src/pkcs11/slot.c: Rewritten implementation of pkcs#11 + module. Semiworking. + +2002-01-16 22:43 fabled + + * trunk/src/pkcs11/Makefile.am, trunk/src/pkcs11/README, + trunk/src/pkcs11/digestsign.c, trunk/src/pkcs11/endecrypt.c, + trunk/src/pkcs11/function_table.c, trunk/src/pkcs11/generic.c, + trunk/src/pkcs11/misc.c, trunk/src/pkcs11/object.c, + trunk/src/pkcs11/sc-pkcs11.h, trunk/src/pkcs11/session.c, + trunk/src/pkcs11/slot.c, trunk/src/pkcs11/verify.c: Preparing to + commit new implementation of pkcs#11 module. + +2002-01-16 20:20 jey + + * trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/sec.c: - + better ISO 7816-8 compatibility with various cards + +2002-01-15 18:54 aet + + * trunk/src/libopensc/pkcs15.c, trunk/src/tools/opensc-explorer.c: + Fix compiler warnings + +2002-01-13 23:56 jey + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/card-flex.c, + trunk/src/libopensc/card.c, trunk/src/libopensc/internal.h, + trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h, + trunk/src/libopensc/sc-internal.h, + trunk/src/tools/opensc-explorer.c, trunk/src/tools/util.c: - + pretty much finished the DER encoder - added delete and create + file support for 'flex cards - PKCS #15 DF's are now stored more + flexibly; this makes adding new types of DF's (such as PuKDF's) + easier - added 'get' and 'put' commands to opensc-explorer + +2002-01-10 23:14 jey + + * trunk/docs, trunk/docs/doxygen.conf: - added doxygen.conf + +2002-01-10 23:02 jey + + * trunk/src/libopensc/card-emv.c, + trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/iso7816.c, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15-pin.c, trunk/src/libopensc/sec.c, + trunk/src/tools/opensc-explorer.c: - added PIN verification, + file creation and file deletion to opensc-explorer - documented + the core API a bit using doxygen + +2002-01-10 13:49 aet + + * trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/pkcs15-cert.c, trunk/src/tests/hst-test.c, + trunk/src/tools/opensc-explorer.c: Fix compiler warnings + +2002-01-10 12:33 jey + + * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/asn1.c, + trunk/src/libopensc/asn1.h, trunk/src/libopensc/card-default.c, + trunk/src/libopensc/card-flex.c, + trunk/src/libopensc/card-multiflex.c, + trunk/src/libopensc/card.c, trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/sc-asn1.h, + trunk/src/libopensc/sc.c, trunk/src/libopensc/sec.c, + trunk/src/pam/pam_pkcs15.c, trunk/src/tools/opensc-explorer.c, + trunk/src/tools/opensc-tool.c: - added preliminary ASN.1 + encoding support - modified ASN.1 decoding to make it easier to + port decoder structures to the encoder - fixed a recently + introduced bug in card driver handling - opensc-explorer will + now allow only DF's to be cd'd into + +2002-01-09 22:15 aet + + * trunk/configure.in: Oops, fixed --with-pcsclite multiple + directory probing to actually work. + +2002-01-09 18:28 aet + + * trunk/src/pkcs11/README: libsc -> opensc + +2002-01-09 13:50 aet + + * trunk/src/tools, trunk/src/tools/.cvsignore: Add opensc-explorer + +2002-01-09 01:03 jey + + * trunk/src/libopensc/card-multiflex.c, + trunk/src/libopensc/card.c, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/log.c, trunk/src/libopensc/opensc.h, + trunk/src/tools/Makefile.am, trunk/src/tools/opensc-explorer.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/util.c, + trunk/src/tools/util.h: - created opensc-explorer tool - + increased support for CryptoFlex cards + +2002-01-08 20:03 aet + + * trunk/src/tests, trunk/src/tests/.cvsignore, trunk/src/tools, + trunk/src/tools/.cvsignore: Add missing executables to .cvsignore + +2002-01-08 13:56 jey + + * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/asn1.c, + trunk/src/libopensc/base64.c, + trunk/src/libopensc/card-default.c, + trunk/src/libopensc/card-emv.c, + trunk/src/libopensc/card-multiflex.c, + trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/defaults.c, trunk/src/libopensc/emv.c, + trunk/src/libopensc/emv.h, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/log.c, trunk/src/libopensc/log.h, + trunk/src/libopensc/opensc-emv.h, + trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-defaults.c, + trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h, + trunk/src/libopensc/sc-log.h, trunk/src/libopensc/sc.c, + trunk/src/tests/Makefile.am, trunk/src/tests/filetest.c, + trunk/src/tests/hst-test.c, trunk/src/tests/sc-test.c, + trunk/src/tools/Makefile.am, trunk/src/tools/opensc-crypt.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-crypt.c, + trunk/src/tools/pkcs15-tool.c, trunk/src/tools/util.c, + trunk/src/tools/util.h: - added preliminary CryptoFlex 16k + support - added short names to card drivers - moved various ISO + 7816-9 functions to their correct places - added write binary + support - renamed opensc-crypt to pkcs15-crypt - split a part + opensc-tool to pkcs15-tool + +2002-01-07 18:32 jey + + * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/asn1.c, + trunk/src/libopensc/log.c, trunk/src/libopensc/opensc.h: - + finished removing sc- prefix from the .c files + +2002-01-07 18:23 jey + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/asn1.h, + trunk/src/libopensc/card.c, trunk/src/libopensc/log.c, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/sc-asn1.h, + trunk/src/libopensc/sc.c, trunk/src/tools/opensc-tool.c: - + renamed sc_asn1_parse to sc_asn1_decode - added capabilities and + flags fields to struct sc_card - added a mutex to sc_context for + future use + +2002-01-07 16:24 aet + + * trunk/configure.in: Oops, accidently removed all pc/sc related + stuff while merging changes to opensc-signer/configure.ac, fixed. + +2002-01-07 12:41 aet + + * trunk/src/signer/Makefile.am: Add npinclude to SUBDIRS + +2002-01-06 23:41 aet + + * trunk/src/common/getopt.c: Fix another compiler warning + +2002-01-06 22:17 aet + + * trunk/src/signer/opensc-crypto.c: #include fixup + +2002-01-06 21:26 aet + + * trunk/src/signer/dialog.c, trunk/src/signer/signer.c: Fix few + compiler warnings on Tru64 + +2002-01-06 20:35 aet + + * trunk/configure.in: Sync with opensc-signer's configure.ac + +2002-01-06 20:06 aet + + * trunk/configure.in: Add CFLAGS_PCSC, CFLAGS_OPENSC, LIBOPENSC + +2002-01-06 19:40 aet + + * trunk/src/signer/Makefile.am, trunk/src/signer/dialog.c, + trunk/src/signer/opensc-crypto.c, + trunk/src/signer/opensc-crypto.h, + trunk/src/signer/opensc-support.c, + trunk/src/signer/opensc-support.h, trunk/src/signer/signer.c, + trunk/src/signer/signer.h, trunk/src/signer/testprog.c: Add + CFLAGS_PCSC, CFLAGS_OPENSC, CFLAGS_ASSUAN, LIBOPENSC Add + PIN_ENTRY instead of hardcoding it to "/usr/local/bin/gpinentry" + * trunk/src/libopensc/Makefile.am, trunk/src/openssh/Makefile.am, + trunk/src/pam/Makefile.am, trunk/src/pkcs11/Makefile.am, + trunk/src/tests/Makefile.am, trunk/src/tools/Makefile.am: Add + CFLAGS_PCSC, CFLAGS_OPENSC and LIBOPENSC, use them instead of + hardcoding paths into ../libopensc.la, -I../libopensc, etc. + +2002-01-05 22:24 aet + + * trunk/src/signer/npinclude/Makefile.am: Syncing with OpenSC's + source tree + +2002-01-05 21:46 aet + + * trunk/src/signer, trunk/src/signer/.cvsignore, + trunk/src/signer/npinclude, + trunk/src/signer/npinclude/.cvsignore: Add .cvsignore + +2002-01-05 19:05 aet + + * trunk/src/libopensc/internal.h, + trunk/src/libopensc/sc-internal.h: Fix typo + +2002-01-05 19:01 aet + + * trunk/src/libopensc/card.c, trunk/src/libopensc/internal.h, + trunk/src/libopensc/sc-internal.h, trunk/src/libopensc/sc.c: + SCardGetStatusChange/rgReaderStates changes for compatibility + with older and/or modified pcsc-lite releases. + +2002-01-05 14:56 jey + + * trunk/src/pkcs11/generic.c: - added new versions of PKCS #11 + header files - fixed a typo in generic.c + +2002-01-05 14:47 jey + + * trunk/src/pkcs11/generic.c: - blank padding added to some string + values - changed a few hardcoded values + +2002-01-03 08:47 aet + + * trunk/src/common/getopt.c: Warning fixes + +2002-01-03 07:33 aet + + * trunk/src/tools/opensc-tool.c: AIX cc fix + +2002-01-03 07:32 aet + + * trunk/configure.in: Slight fixes for getopt_long hack, so it + will work for systems without getopt.h at all. + +2002-01-02 22:15 aet + + * trunk/configure.in, trunk/src/Makefile.am, trunk/src/common, + trunk/src/common/.cvsignore, trunk/src/common/Makefile.am, + trunk/src/common/getopt.c, trunk/src/common/getopt.h, + trunk/src/common/getopt1.c, trunk/src/openssh/Makefile.am, + trunk/src/tools/Makefile.am: Add getopt/getopt_long sources from + GNU C Library. Use them only if platform lacks support for + getopt_long, like most commercial operating systems do. + +2002-01-01 19:56 aet + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15.c: More size_t fixes + +2002-01-01 19:54 aet + + * trunk/src/libopensc/log.c: Use \33 instead of \e. + +2002-01-01 18:25 jey + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/asn1.h, + trunk/src/libopensc/card-multiflex.c, trunk/src/libopensc/log.c, + trunk/src/libopensc/sc-asn1.h: - changed \\e back to \e in + sc_log.c - changed function prototypes in sc-asn1.c (int --> + size_t) + +2002-01-01 17:25 jey + + * trunk/src/libopensc/card-multiflex.c, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/sc.c, trunk/src/pkcs11/generic.c, + trunk/src/pkcs11/slot.c: - some fixes to the PKCS #11 module + +2001-12-31 14:47 aet + + * trunk/src/pkcs11/Makefile.am: Use -avoid-version, as we do with + pam module. + +2001-12-31 14:39 aet + + * trunk/src/pam/Makefile.am: Remove unneeded install-exec-local + +2001-12-31 13:30 jey + + * trunk/src/pkcs11/slot.c: - a small bugfix + +2001-12-30 21:30 aet + + * trunk/src/tools/opensc-crypt.c, trunk/src/tools/opensc-tool.c: + sc- -> opensc- + +2001-12-30 21:17 aet + + * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/asn1.c, + trunk/src/libopensc/base64.c, + trunk/src/libopensc/card-multiflex.c, + trunk/src/libopensc/card-setcos.c, + trunk/src/libopensc/internal.h, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/log.c, trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-defaults.c, + trunk/src/libopensc/pkcs15-pin.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/sc-internal.h, + trunk/src/openssh/Makefile.am, trunk/src/openssh/opensc-ssh.c, + trunk/src/pam/Makefile.am, trunk/src/pam/pam_pkcs15.c, + trunk/src/pkcs11/Makefile.am, trunk/src/pkcs11/session.c, + trunk/src/tests/Makefile.am, trunk/src/tests/base64.c, + trunk/src/tests/hst-test.c, trunk/src/tests/pintest.c, + trunk/src/tools/Makefile.am, trunk/src/tools/opensc-crypt.c, + trunk/src/tools/opensc-tool.c, trunk/src/tools/util.c: Merges + with SCIDI to help integrating build process with it Remove some + gcc specific flags from Makefile.am Rename some header defines + size_t vs. int fixups opensc.h: Define inline as null for other + compilers than gcc, for now Port pam_pkcs15 to compile for + Solaris and HP-UX, untested Fix compiler warnings OpenSC now + compiles cleanly for Tru64, AIX and HP-UX. The only problem is + the tools using getopt_long() (GNU extension), to be fixed + later.. + +2001-12-29 19:03 jey + + * trunk/NEWS, trunk/src/libopensc/asn1.c, + trunk/src/libopensc/asn1.h, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/pkcs15-cert.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/sc-asn1.h: - ported certificate reading to + new ASN.1 code + +2001-12-29 18:14 jey + + * trunk/src/libopensc/Makefile.am: - renamed LIBPCSCLITE to LIBPCSC + +2001-12-29 12:44 jey + + * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/card-emv.c, + trunk/src/libopensc/iso7816.c, trunk/src/libopensc/sc-emv.c: - + another portability fix - renamed sc-emv.c to sc-card-emv.c + +2001-12-29 12:39 jey + + * trunk/src/libopensc/iso7816.c: - fixed a portability problem + +2001-12-29 12:26 aet + + * trunk/configure.in: Use -Werror if compiling with gcc Add check + for getopt.h + +2001-12-29 12:03 jey + + * trunk/src/tools/util.c, trunk/src/tools/util.h: - added missing + files + +2001-12-29 11:57 jey + + * trunk/src/libopensc/sec.c: - fixed resplen values in sc_decipher + and sc_compute_signature + +2001-12-29 02:07 jey + + * trunk/NEWS, trunk/configure.in, trunk/src/libopensc/asn1.c, + trunk/src/libopensc/card-default.c, + trunk/src/libopensc/card-multiflex.c, + trunk/src/libopensc/card.c, trunk/src/libopensc/internal.h, + trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h, + trunk/src/libopensc/sc-emv.c, trunk/src/libopensc/sc-internal.h, + trunk/src/libopensc/sc.c, trunk/src/tests/hst-test.c, + trunk/src/tools/Makefile.am, trunk/src/tools/opensc-crypt.c, + trunk/src/tools/opensc-tool.c: - added preliminary support for + EMV cards - changed a few function prototypes - implemented + access control lists to files - added sc_read_record() function + - updated the NEWS file + +2001-12-28 14:24 aet + + * trunk/src/pkcs11/digestsign.c, + trunk/src/pkcs11/function_table.c, trunk/src/pkcs11/generic.c, + trunk/src/pkcs11/object.c, trunk/src/pkcs11/sc-pkcs11.h, + trunk/src/pkcs11/session.c, trunk/src/pkcs11/slot.c: Move + hex_dump() to generic.c Convert all C++-style comments to + C-style Fix compiler warnings for various platforms + +2001-12-28 14:23 jey + + * trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/pkcs15-pin.c, trunk/src/libopensc/pkcs15.h: + - sc_pkcs15_change_pin() prototype changed + +2001-12-28 14:19 jey + + * trunk/TODO, trunk/src/openssh/opensc-ssh.c, + trunk/src/tests/Makefile.am, trunk/src/tests/base64.c, + trunk/src/tests/hst-test.c, trunk/src/tests/p15dump.c, + trunk/src/tests/pintest.c, trunk/src/tools/opensc-crypt.c, + trunk/src/tools/opensc-tool.c: - fixed some compile warnings - + updated TODO + +2001-12-27 17:25 jey + + * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/internal.h, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc-emv.c, + trunk/src/libopensc/sc-internal.h, trunk/src/libopensc/sc.c, + trunk/src/tools/opensc-tool.c: - added preliminary EMV support - + made a few bug fixes relating to select_file operation + +2001-12-25 20:45 jey + + * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/asn1.c, + trunk/src/libopensc/base64.c, + trunk/src/libopensc/card-default.c, + trunk/src/libopensc/card-multiflex.c, + trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/defaults.c, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/sc.c, trunk/src/libopensc/sec.c, + trunk/src/pam/Makefile.am, trunk/src/pkcs11/Makefile.am, + trunk/src/tools/opensc-crypt.c, trunk/src/tools/opensc-tool.c: - + added default driver for unidentified cards - added select_file + operation in Multiflex driver - added 'list-drivers' command to + opensc-tool - moved stuff from opensc.h to sc-internal.h - + improved locking behaviour + +2001-12-25 20:38 jey + + * trunk/src/signer/signer.c: - added plugin description strings + +2001-12-24 15:48 jey + + * trunk/src/pam/Makefile.am: - added "-avoid-version" to LDFLAGS + +2001-12-23 15:48 jey + + * trunk/src/signer/dialog.c, trunk/src/signer/opensc-crypto.c, + trunk/src/signer/opensc-support.c: - updated to support latest + version of OpenSC + +2001-12-23 14:33 jey + + * trunk/NEWS, trunk/README: - updated NEWS and README + +2001-12-23 14:17 aet + + * trunk/configure.in, trunk/src/openssh/Makefile.am, + trunk/src/pam/Makefile.am: Add HAVE_SSL_AND_SSL conditional + because automake isn't flexible enough Minor fixes for + libpcsclite probe + +2001-12-22 23:51 jey + + * trunk, trunk/.cvsignore, trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/card-multiflex.c, + trunk/src/libopensc/card.c, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, + trunk/src/tests/hst-test.c: - changed call convention of + sc_select_file() - begun to add support for Multiflex cards + +2001-12-22 23:14 aet + + * trunk/src/openssh/Makefile.am, trunk/src/tests/Makefile.am: + 'make dist' fixes + +2001-12-22 23:13 aet + + * trunk/bootstrap: Disable --force for automake + +2001-12-22 23:07 jey + + * trunk, trunk/.cvsignore: - added some filenames to .cvsignore + +2001-12-22 23:06 jey + + * trunk/AUTHORS: - added authors Anssi Tapaninen and Timo Ter�s + +2001-12-22 22:55 aet + + * trunk/bootstrap, trunk/configure.in, trunk/src/pam/Makefile.am: + Fix LIBPCSCLITE Rename COMPILE_PAM conditional to HAVE_PAM + Remove lex check from configure.ac + +2001-12-22 22:27 aet + + * trunk/Makefile.am, trunk/bootstrap, trunk/configure.in, + trunk/src/Makefile.am, trunk/src/libopensc/Makefile.am, + trunk/src/openssh/Makefile.am, trunk/src/pam/Makefile.am, + trunk/src/pkcs11/Makefile.am, trunk/src/tests/Makefile.am, + trunk/src/tools/Makefile.am: Autotools update. Add bunch of + stuff to configure.in to make building of libopensc more + portable to various operating systems. Requires autoconf 2.52 + and automake 1.5. Add all necessary files except Makefile.in, so + you still need to run ./bootstrap though. There's not much point + adding config.guess and friends without them, maybe later. + +2001-12-22 22:20 aet + + * trunk/aclocal/Makefile.am, trunk/aclocal/acx_pthread.m4, + trunk/aclocal/libtool.m4: Add directory aclocal for m4 macros. + * trunk/src/openssh, trunk/src/openssh/.cvsignore, trunk/src/pam, + trunk/src/pam/.cvsignore, trunk/src/tests, + trunk/src/tests/.cvsignore, trunk/src/tools, + trunk/src/tools/.cvsignore: Add opensc-ssh, pam_pkcs15-test, + bas64, hst-test, lottery, p15dump, pintest, prngtest, + opensc-crypt and opensc-tool binary to .cvsignore. + +2001-12-22 22:11 aet + + * trunk, trunk/.cvsignore, trunk/aclocal, + trunk/aclocal/.cvsignore, trunk/src, trunk/src/.cvsignore, + trunk/src/libopensc, trunk/src/libopensc/.cvsignore, + trunk/src/openssh, trunk/src/openssh/.cvsignore, trunk/src/pam, + trunk/src/pam/.cvsignore, trunk/src/pkcs11, + trunk/src/pkcs11/.cvsignore, trunk/src/tests, + trunk/src/tests/.cvsignore, trunk/src/tools, + trunk/src/tools/.cvsignore: Add .cvsignore skeleton + +2001-12-22 20:52 jey + + * trunk/src/openssh/opensc-ssh.c, + trunk/src/openssh/openssh-3.0.2p1-patch.diff, + trunk/src/pam/pam_pkcs15.c, trunk/src/pkcs11/slot.c, + trunk/src/tests/hst-test.c, trunk/src/tests/lottery.c, + trunk/src/tests/p15dump.c, trunk/src/tests/pintest.c, + trunk/src/tests/prngtest.c, trunk/src/tools/opensc-crypt.c, + trunk/src/tools/opensc-tool.c: - updated to work with latest + library version + +2001-12-22 20:43 jey + + * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/asn1.c, + trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/card.c, + trunk/src/libopensc/defaults.c, trunk/src/libopensc/iso7816.c, + trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/sc.c: - added + card abstraction layer support - pretty much finished migrating + to new ASN.1 code - changed call semantics for sc_select_file() + - moved functions around + +2001-12-22 13:38 jey + + * trunk/src/libopensc/base64.c, trunk/src/libopensc/log.c, + trunk/src/libopensc/log.h, trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15.h, + trunk/src/libopensc/sc-log.h, trunk/src/libopensc/sc.c, + trunk/src/libopensc/sec.c: - LINT fixes + +2001-12-21 23:34 jey + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/log.c, + trunk/src/libopensc/log.h, trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/sc-log.h, + trunk/src/libopensc/sc.c, trunk/src/libopensc/sec.c: - continued + improving ASN.1 decoding - improved debug levels - added some + PC/SC Lite workarounds + +2001-12-20 13:57 jey + + * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/asn1.c, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/sc.c, trunk/src/libopensc/sec.c: - paving + way for dynamic card modules - fixed a few memory leaks + +2001-12-20 12:22 jey + + * trunk/src/libopensc/pkcs15-sec.c: - added basic logging to + sc-pkcs15-sec.c + +2001-12-20 12:16 jey + + * trunk/src/tests/base64.c, trunk/src/tests/hst-test.c, + trunk/src/tests/sc-test.c, trunk/src/tools/opensc-crypt.c, + trunk/src/tools/opensc-tool.c: - added base64 conversion tool - + updated to work with latest version of OpenSC library + +2001-12-19 21:58 jey + + * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/asn1.c, + trunk/src/libopensc/asn1.h, trunk/src/libopensc/log.c, + trunk/src/libopensc/log.h, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15-cert.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/sc-asn1.h, trunk/src/libopensc/sc-log.h, + trunk/src/libopensc/sc.c: - remembered ChangeLog - moved some + functions from sc.c to sc-iso7816-4.c - added fancy colors to + log output =) - removed global sc_debug variable, moved it to + sc_context - fixed new ASN.1 code (possibly still unstable) + +2001-12-17 21:36 jey + + * trunk/src/pkcs11/slot.c: - applied a patch by Antti Tapaninen + that fixes a memory leak + +2001-12-16 20:30 jey + + * trunk/src/libopensc/pkcs15-cert.c: - added a small fix. Swedish + Posten eID cards are now supported. + +2001-12-16 18:46 jey + + * trunk/configure.in, trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/asn1.c, trunk/src/libopensc/asn1.h, + trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-defaults.c, + trunk/src/libopensc/pkcs15-pin.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/sc-asn1.h, + trunk/src/libopensc/sc.c: - bumped version number up to 0.4.0 - + improved ASN.1 decoding _lots_ + +2001-12-15 01:48 jey + + * trunk/NEWS: - latest breaking news + +2001-12-15 01:44 jey + + * trunk/TODO, trunk/src/openssh/README, + trunk/src/openssh/openssh-3.0.2p1-patch.diff: - updated OpenSSH + support + +2001-12-15 01:29 jey + + * trunk/README, trunk/configure.in, + trunk/src/libopensc/Makefile.am, trunk/src/libopensc/log.c, + trunk/src/libopensc/log.h, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/sc-log.h, + trunk/src/libopensc/sc.c, trunk/src/libopensc/sec.c: - paving + way for version 0.3.5 + +2001-12-15 01:27 jey + + * trunk/src/tools/opensc-crypt.c: - meddled with command + abbreviations + +2001-12-15 01:10 jey + + * trunk/src/signer/Makefile.am, trunk/src/signer/dialog.h: - fixed + distribution tarball generation + +2001-12-15 01:08 jey + + * trunk/src/signer/npinclude/npunix.c, trunk/src/signer/npunix.c: + - moved npunix.c + +2001-12-15 00:57 jey + + * trunk/src/signer/Makefile.am: - fixed changed "include" to + "npinclude" - added a note about assuan to README + +2001-12-15 00:46 jey + + * trunk/src/signer/dialog.c: - removed unnecessary assuan cruft + +2001-12-15 00:39 jey + + * trunk/src/signer/Makefile, trunk/src/signer/Makefile.am, + trunk/src/signer/dialog.c, trunk/src/signer/dialog.cpp, + trunk/src/signer/dialog.h, trunk/src/signer/npinclude, + trunk/src/signer/npinclude/jri.h, + trunk/src/signer/npinclude/jri_md.h, + trunk/src/signer/npinclude/jritypes.h, + trunk/src/signer/npinclude/npapi.h, + trunk/src/signer/npinclude/npupp.h, + trunk/src/signer/opensc-crypto.c, trunk/src/signer/signer.c, + trunk/src/signer/signer.h: - added include files from Netscape + plugin SDK - removed hardcoded PIN - added PIN dialog through + assuan + +2001-12-14 16:37 jey + + * trunk/src/tests/sc-test.c, trunk/src/tools/opensc-crypt.c, + trunk/src/tools/opensc-tool.c: - updated tools to support latest + version of the library + +2001-12-13 21:19 jey + + * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/base64.c, + trunk/src/libopensc/log.c, trunk/src/libopensc/log.h, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/sc-log.h, + trunk/src/libopensc/sc.c, trunk/src/libopensc/sec.c: - improved + logging facilities - removed a few compiler warnings + +2001-12-11 14:53 jey + + * trunk/src/tools/opensc-tool.c: - added "learn-card" command to + opensc-tool + +2001-12-11 14:52 jey + + * trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/pkcs15-cert.c, trunk/src/libopensc/pkcs15.h: + - improved certificate caching + +2001-12-08 15:35 jey + + * trunk/Makefile.am: - added depcomp to AUX_DIST + +2001-12-08 15:27 jey + + * trunk/Makefile.am, trunk/bootstrap, trunk/configure.in, + trunk/src/libopensc/defaults.c, + trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15.h, + trunk/src/libopensc/sc.c: - removed config directory - fixed + compiling with C++ - added error SC_ERROR_CARD_RESET + +2001-12-08 14:19 jey + + * trunk/src/signer/Makefile, trunk/src/signer/dialog.cpp, + trunk/src/signer/dialog.h, trunk/src/signer/signer.c, + trunk/src/signer/signer.h, trunk/src/signer/testprog.c: - begun + to implement PIN dialog + +2001-12-07 00:57 jey + + * trunk/src/signer/Makefile, trunk/src/signer/opensc-crypto.c, + trunk/src/signer/opensc-crypto.h, + trunk/src/signer/opensc-support.c, + trunk/src/signer/opensc-support.h, trunk/src/signer/signer.c, + trunk/src/signer/signer.h, trunk/src/signer/testprog.c: - first + working version of signer plugin + +2001-12-02 19:21 jey + + * trunk/configure.in, trunk/src/libopensc/Makefile.am, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/sec.c: - fixed sc_pkcs15_change_pin() + +2001-12-02 19:17 jey + + * trunk/src/libopensc/base64.c, trunk/src/libopensc/opensc.h: - + added support for Base64 decoding + +2001-11-30 11:57 jey + + * trunk/src/pkcs11/digestsign.c, trunk/src/signer/signer.c, + trunk/src/tools/opensc-tool.c: - added PIN changing support - + started to work on nsplugin + +2001-11-27 23:37 jey + + * trunk/README: - small changes in README + +2001-11-27 21:25 jey + + * trunk/src/pkcs11/sc-pkcs11.h, trunk/src/tests/hst-test.c, + trunk/src/tests/p15dump.c: - a few fixes for libopensc 0.3.2 + support + +2001-11-27 21:11 jey + + * trunk/Makefile.am, trunk/NEWS, trunk/README, trunk/configure.in, + trunk/src/libopensc/Makefile.am, trunk/src/libopensc/sc.c: - + fixed a few bugs in Autotools support + +2001-11-26 20:14 jey + + * trunk/AUTHORS, trunk/INSTALL, trunk/Makefile.am, trunk/NEWS, + trunk/README, trunk/THANKS, trunk/bootstrap, trunk/configure.in, + trunk/src/libopensc/Makefile.am, trunk/src/libopensc/sc.c: - + started to migrate to GNU Autotools + +2001-11-26 16:14 jey + + * trunk/src/libopensc/defaults.c, + trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-defaults.c, + trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h, + trunk/src/libopensc/sc.c, trunk/src/libopensc/sec.c, + trunk/src/pam/pam_pkcs15.c: - added defaults for FINEID S4-2 + (organization) cards - fixed a few typos - renamed + _sc_sw_to_errorcode() to sc_sw_to_errorcode() - PAM module now + uses RSA_sign instead of RSA_public_encrypt + +2001-11-24 15:12 jey + + * trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/pkcs15.h: - changed "sc.h" to "opensc.h" + +2001-11-24 13:34 jey + + * trunk/src/openssh/opensc-ssh.c: - changed project name to OpenSC + - removed obsolete rsa_libsc.c + +2001-11-24 13:32 jey + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/base64.c, + trunk/src/libopensc/defaults.c, + trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/sc.c, + trunk/src/libopensc/sec.c, trunk/src/pam/pam_pkcs15.c, + trunk/src/pkcs11/generic.c, trunk/src/tests/hst-test.c, + trunk/src/tests/lottery.c, trunk/src/tests/p15dump.c, + trunk/src/tests/pintest.c, trunk/src/tests/prngtest.c, + trunk/src/tests/sc-test.c, trunk/src/tools/opensc-crypt.c, + trunk/src/tools/opensc-tool.c: - changed project name to OpenSC + +2001-11-22 15:40 jey + + * trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/sc.c, + trunk/src/libopensc/sec.c, trunk/src/tools/opensc-crypt.c, + trunk/src/tools/opensc-tool.c: - added sc-crypt program + +2001-11-21 23:28 jey + + * trunk/src/pkcs11/digestsign.c: - converted C_Sign() to use the + new API + +2001-11-21 22:40 jey + + * trunk/src/tools/opensc-tool.c: - small fix in sc-tool.c + +2001-11-21 21:19 jey + + * trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.h, + trunk/src/libopensc/sc.c, trunk/src/openssh/README, + trunk/src/openssh/opensc-ssh.c: - added install target to libsc + Makefile - added a few functions - added a patch against OpenSSH + 3.0.1p1 to enable libsc support + +2001-11-20 22:21 jey + + * trunk/src/libopensc/defaults.c, + trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/sc.c, + trunk/src/libopensc/sec.c, trunk/src/openssh, + trunk/src/openssh/opensc-ssh.c, trunk/src/pam/README, + trunk/src/pam/pam_pkcs15.c, trunk/src/signer/Makefile, + trunk/src/signer/signer.c, trunk/src/tests/hst-test.c, + trunk/src/tests/pintest.c, trunk/src/tools/opensc-tool.c: - + added very partial SSH support - rearranged some functions - + added several new functions - fixed handling of SW's + +2001-11-18 20:36 jey + + * trunk/src/tools/opensc-tool.c: - small bug fixed + +2001-11-18 01:52 jey + + * trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/sc.c, trunk/src/tests/hst-test.c, + trunk/src/tests/sc-test.c, trunk/src/tools, + trunk/src/tools/opensc-tool.c: - added sc-tool - removed + certtest.c + +2001-11-17 15:48 jey + + * trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-pin.c, trunk/src/libopensc/sc.c, + trunk/src/pam/README, trunk/src/pam/pam_pkcs15.c, + trunk/src/tests/p15dump.c: - added README for PAM module - added + a few error messages - fixed certificate caching (which is still + kludgy) + +2001-11-17 14:55 jey + + * trunk/src/libopensc/defaults.c, + trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h, + trunk/src/libopensc/sc.c, trunk/src/pam/pam_pkcs15.c, + trunk/src/tests/p15dump.c: - added defaults; full PKCS#15 + parsing is no-longer required at startup + +2001-11-17 00:11 jey + + * trunk/src/libopensc/asn1.c, trunk/src/libopensc/asn1.h, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc-asn1.h, + trunk/src/libopensc/sc.c, trunk/src/pam/pam_pkcs15.c, + trunk/src/tests/hst-test.c, trunk/src/tests/lottery.c: - PAM + module is semi-working now - added sc_asn1_put_tag() and + sc_restore_security_env() functions - preliminary support for + CREATE FILE and DELETE FILE commands + +2001-11-15 14:44 jey + + * trunk/src/pam, trunk/src/pam/pam_pkcs15.c: - added a PAM module + playground directory + +2001-11-14 13:43 jey + + * trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/sc.c: - committed a patch from Antti + Tapaninen + +2001-11-07 14:36 jey + + * trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/sc.c, trunk/src/tests/hst-test.c: - moved + sc_list_files() to sc.c + +2001-11-07 13:45 jey + + * trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc.c, + trunk/src/tests/sc-test.c: - fixed sc_get_random() - added ATR + to struct sc_card + +2001-11-06 18:43 fabled + + * trunk/src/pkcs11/digestsign.c, trunk/src/pkcs11/endecrypt.c, + trunk/src/pkcs11/function_table.c, trunk/src/pkcs11/generic.c, + trunk/src/pkcs11/misc.c, trunk/src/pkcs11/object.c, + trunk/src/pkcs11/sc-pkcs11.h, trunk/src/pkcs11/session.c, + trunk/src/pkcs11/slot.c, trunk/src/pkcs11/verify.c: Updated + license to LGPL. Added short description. + +2001-11-06 18:34 jey + + * trunk/COPYING, trunk/src/libopensc/asn1.c, + trunk/src/libopensc/asn1.h, trunk/src/libopensc/base64.c, + trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/sc-asn1.h, + trunk/src/libopensc/sc.c, trunk/src/pkcs11/README, + trunk/src/tests/p15dump.c: - changed license to LGPL - moved + ASN.1 function definitions from sc.h to sc-asn1.h + +2001-11-05 19:39 jey + + * trunk/src/libopensc/base64.c, + trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/sc.c, + trunk/src/tests/hst-test.c, trunk/src/tests/lottery.c, + trunk/src/tests/prngtest.c: - fixed base64 encoding function - + added file listing test to hst-test.c + +2001-11-04 14:08 jey + + * trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc.c, + trunk/src/tests/lottery.c, trunk/src/tests/p15dump.c, + trunk/src/tests/pintest.c, trunk/src/tests/sc-test.c: assorted + small fixes + +2001-11-04 13:57 jey + + * trunk/src/libopensc/base64.c, trunk/src/libopensc/opensc.h, + trunk/src/libopensc/pkcs15-cert.c, trunk/src/libopensc/sc.c, + trunk/src/tests/prngtest.c: - added support for base64 encoding + - added certtest tool + +2001-11-01 15:44 jey + + * trunk/src/tests/sc-test.c: - added a 'return 0' statement + +2001-11-01 15:43 jey + + * trunk/src/libopensc, trunk/src/libopensc/asn1.c, + trunk/src/libopensc/asn1.h, trunk/src/libopensc/opensc-pkcs15.h, + trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, + trunk/src/libopensc/pkcs15-pin.c, + trunk/src/libopensc/pkcs15-prkey.c, + trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, + trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/sc-asn1.h, + trunk/src/libopensc/sc.c, trunk/src/libopensc/sec.c, + trunk/src/pkcs11/generic.c, trunk/src/pkcs11/sc-pkcs11.h, + trunk/src/signer, trunk/src/signer/Makefile, + trunk/src/signer/npunix.c, trunk/src/signer/stubs.c, + trunk/src/tests/hst-test.c, trunk/src/tests/lottery.c, + trunk/src/tests/p15dump.c, trunk/src/tests/pintest.c, + trunk/src/tests/prngtest.c, trunk/src/tests/sc-test.c, + trunk/src/tests/sc-test.h: - moved libsc to its own directory - + added non-working MIME plugin for "text/x-text-to-sign" - added + pseudo-random number generator support - split hst-test.c into + smaller files + +2001-10-30 16:16 fabled + + * trunk/src/pkcs11/digestsign.c, trunk/src/pkcs11/endecrypt.c, + trunk/src/pkcs11/function_table.c, trunk/src/pkcs11/generic.c, + trunk/src/pkcs11/misc.c, trunk/src/pkcs11/object.c, + trunk/src/pkcs11/sc-pkcs11.h, trunk/src/pkcs11/session.c, + trunk/src/pkcs11/slot.c, trunk/src/pkcs11/verify.c: Added + copyright notes. + +2001-10-29 15:52 jey + + * trunk/src/tests/hst-test.c: - updated README.decrypt - fixed a + few compiler warnings + +2001-10-25 11:56 jey + + * trunk/src/pkcs11/generic.c, trunk/src/pkcs11/session.c, + trunk/src/pkcs11/slot.c, trunk/src/tests/hst-test.c: added: - + certificate parsing - support for reading RSA public key modulus + on the fly - support for ASN.1 object id decoding and printing - + fixed a lot of u8 * --> const u8 * + +2001-10-24 14:48 jey + + * trunk/src/tests/hst-test.c: removed hard-coded PIN code... =) + +2001-10-24 14:02 jey + + * trunk/src/pkcs11/generic.c, trunk/src/pkcs11/object.c, + trunk/src/pkcs11/slot.c, trunk/src/tests/hst-test.c: latest + version + +2001-10-24 09:31 jey + + * trunk/COPYING: added COPYING file + +2001-10-22 21:09 fabled + + * trunk/src/pkcs11/digestsign.c, trunk/src/pkcs11/sc-pkcs11.h, + trunk/src/pkcs11/slot.c: Implementid basic signing functionality. + +2001-10-22 21:05 jey + + * trunk/src/tests/hst-test.c: dirty fix + +2001-10-22 20:43 jey + + * trunk/src/tests/hst-test.c: - quick and dirty fix applied + +2001-10-22 20:07 jey + + * trunk/src/tests/hst-test.c: - added ability to compute digital + signatures - split functions to different files + +2001-10-22 14:51 jey + + * trunk/src/tests/hst-test.c: - implemented decrypt support - + split PIN related functions to a separate file + +2001-10-21 22:25 fabled + + * trunk/src/pkcs11/README, trunk/src/pkcs11/generic.c, + trunk/src/pkcs11/object.c, trunk/src/pkcs11/session.c, + trunk/src/pkcs11/slot.c, trunk/src/pkcs11/verify.c: Updates. + +2001-10-21 21:26 jey + + * trunk/src/tests/hst-test.c: small bug-fix in + sc_enum_certificates() + +2001-10-21 21:22 jey + + * trunk/src/tests/hst-test.c: - added struct sc_path - implemented + private key enumeration + +2001-10-21 19:42 jey + + * trunk/src/pkcs11/generic.c, trunk/src/pkcs11/session.c, + trunk/src/pkcs11/slot.c, trunk/src/tests/hst-test.c: fixed PIN + info reading + +2001-10-21 19:06 jey + + * trunk/src/tests/hst-test.c: sc_pkcs15_read_certificate now + dynamically allocates output buffer + +2001-10-21 18:55 jey + + * trunk/src/tests/hst-test.c: - implemented certificate reading - + started to implement private key enumeration + +2001-10-21 18:12 jey + + * trunk/src/pkcs11/slot.c, trunk/src/tests/hst-test.c: - given + ASN.1 decoding routines a facelift - implemented certificate + enumeration + +2001-10-21 16:26 fabled + + * trunk/src/pkcs11/object.c, trunk/src/pkcs11/session.c: Minor bug + fixes. Implemented the object finding properly. + +2001-10-21 16:01 fabled + + * trunk/src/pkcs11/digestsign.c, trunk/src/pkcs11/endecrypt.c, + trunk/src/pkcs11/generic.c, trunk/src/pkcs11/object.c, + trunk/src/pkcs11/sc-pkcs11.h, trunk/src/pkcs11/session.c, + trunk/src/pkcs11/slot.c: Basic skeleton for object manipulation. + Some testing stuff. + +2001-10-21 15:42 jey + + * trunk/src/pkcs11/generic.c, trunk/src/tests/hst-test.c: fixed + tokenInfo parsing + +2001-10-20 23:51 fabled + + * trunk/src/pkcs11/function_table.c, trunk/src/pkcs11/generic.c, + trunk/src/pkcs11/sc-pkcs11.h, trunk/src/pkcs11/session.c: Added + basic session management. Implemented login, logout and change + pin functions. Improved card management. + +2001-10-20 20:33 jey + + * trunk/src/tests/hst-test.c: fixed a weird escaping bug in + sc_read_binary(). this could affect other functions too. needs + more research. + +2001-10-20 16:54 jey + + * trunk/src/tests/hst-test.c: lots and lots of changes. + +2001-10-20 16:53 jey + + * trunk/src/pkcs11/generic.c: modified to use latest SC API + +2001-10-19 23:23 jey + + * trunk/src/tests/hst-test.c: Major additions and fixes to core API + +2001-10-19 19:52 fabled + + * trunk/src/pkcs11, trunk/src/pkcs11/README, + trunk/src/pkcs11/digestsign.c, trunk/src/pkcs11/endecrypt.c, + trunk/src/pkcs11/function_table.c, trunk/src/pkcs11/generic.c, + trunk/src/pkcs11/misc.c, trunk/src/pkcs11/object.c, + trunk/src/pkcs11/sc-pkcs11.h, trunk/src/pkcs11/session.c, + trunk/src/pkcs11/verify.c: Implemented dummy functions for + PKCS#15 module with functionality to read card reader names. + +2001-10-19 17:30 jey + + * trunk/src/tests/hst-test.c: some structural changes; might not + even compile + +2001-10-19 17:26 jey + + * trunk/src, trunk/src/tests, trunk/src/tests/hst-test.c: initial + commit + +2001-10-19 17:26 + + * branches, releases, trunk: New repository initialized by cvs2svn. + diff -Nru opensc-0.11.13/config.guess opensc-0.12.1/config.guess --- opensc-0.11.13/config.guess 2010-02-16 09:32:17.000000000 +0000 +++ opensc-0.12.1/config.guess 2011-05-18 05:51:48.000000000 +0000 @@ -1,10 +1,10 @@ #! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 # Free Software Foundation, Inc. -timestamp='2009-04-27' +timestamp='2009-12-30' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -27,16 +27,16 @@ # the same distribution terms that you use for the rest of that program. -# Originally written by Per Bothner . -# Please send patches to . Submit a context -# diff and a properly formatted ChangeLog entry. +# Originally written by Per Bothner. Please send patches (context +# diff format) to and include a ChangeLog +# entry. # # This script attempts to guess a canonical system name similar to # config.sub. If it succeeds, it prints the system name on stdout, and # exits with 0. Otherwise, it exits with 1. # -# The plan is that this can be called by configure scripts if you -# don't specify an explicit build system type. +# You can get the latest version of this script from: +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD me=`echo "$0" | sed -e 's,.*/,,'` @@ -56,8 +56,9 @@ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, -2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, +2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free +Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -170,7 +171,7 @@ arm*|i386|m68k|ns32k|sh3*|sparc|vax) eval $set_cc_for_build if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ - | grep __ELF__ >/dev/null + | grep -q __ELF__ then # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). # Return netbsd for either. FIX? @@ -333,6 +334,9 @@ sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; + i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) + echo i386-pc-auroraux${UNAME_RELEASE} + exit ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) eval $set_cc_for_build SUN_ARCH="i386" @@ -656,7 +660,7 @@ # => hppa64-hp-hpux11.23 if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | - grep __LP64__ >/dev/null + grep -q __LP64__ then HP_ARCH="hppa2.0w" else @@ -807,12 +811,12 @@ i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 exit ;; - *:Interix*:[3456]*) + *:Interix*:*) case ${UNAME_MACHINE} in x86) echo i586-pc-interix${UNAME_RELEASE} exit ;; - EM64T | authenticamd | genuineintel) + authenticamd | genuineintel | EM64T) echo x86_64-unknown-interix${UNAME_RELEASE} exit ;; IA64) @@ -822,6 +826,9 @@ [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) echo i${UNAME_MACHINE}-pc-mks exit ;; + 8664:Windows_NT:*) + echo x86_64-pc-mks + exit ;; i*:Windows_NT*:* | Pentium*:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we @@ -851,6 +858,20 @@ i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; + EV56) UNAME_MACHINE=alphaev56 ;; + PCA56) UNAME_MACHINE=alphapca56 ;; + PCA57) UNAME_MACHINE=alphapca56 ;; + EV6) UNAME_MACHINE=alphaev6 ;; + EV67) UNAME_MACHINE=alphaev67 ;; + EV68*) UNAME_MACHINE=alphaev68 ;; + esac + objdump --private-headers /bin/sh | grep -q ld.so.1 + if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi + echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} + exit ;; arm*:Linux:*:*) eval $set_cc_for_build if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ @@ -873,6 +894,17 @@ frv:Linux:*:*) echo frv-unknown-linux-gnu exit ;; + i*86:Linux:*:*) + LIBC=gnu + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #ifdef __dietlibc__ + LIBC=dietlibc + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` + echo "${UNAME_MACHINE}-pc-linux-${LIBC}" + exit ;; ia64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; @@ -882,78 +914,34 @@ m68*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; - mips:Linux:*:*) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #undef CPU - #undef mips - #undef mipsel - #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) - CPU=mipsel - #else - #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) - CPU=mips - #else - CPU= - #endif - #endif -EOF - eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' - /^CPU/{ - s: ::g - p - }'`" - test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } - ;; - mips64:Linux:*:*) + mips:Linux:*:* | mips64:Linux:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #undef CPU - #undef mips64 - #undef mips64el + #undef ${UNAME_MACHINE} + #undef ${UNAME_MACHINE}el #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) - CPU=mips64el + CPU=${UNAME_MACHINE}el #else #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) - CPU=mips64 + CPU=${UNAME_MACHINE} #else CPU= #endif #endif EOF - eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' - /^CPU/{ - s: ::g - p - }'`" + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ;; or32:Linux:*:*) echo or32-unknown-linux-gnu exit ;; - ppc:Linux:*:*) - echo powerpc-unknown-linux-gnu - exit ;; - ppc64:Linux:*:*) - echo powerpc64-unknown-linux-gnu - exit ;; - alpha:Linux:*:*) - case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in - EV5) UNAME_MACHINE=alphaev5 ;; - EV56) UNAME_MACHINE=alphaev56 ;; - PCA56) UNAME_MACHINE=alphapca56 ;; - PCA57) UNAME_MACHINE=alphapca56 ;; - EV6) UNAME_MACHINE=alphaev6 ;; - EV67) UNAME_MACHINE=alphaev67 ;; - EV68*) UNAME_MACHINE=alphaev68 ;; - esac - objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null - if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi - echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} - exit ;; padre:Linux:*:*) echo sparc-unknown-linux-gnu exit ;; + parisc64:Linux:*:* | hppa64:Linux:*:*) + echo hppa64-unknown-linux-gnu + exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in @@ -962,8 +950,11 @@ *) echo hppa-unknown-linux-gnu ;; esac exit ;; - parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-unknown-linux-gnu + ppc64:Linux:*:*) + echo powerpc64-unknown-linux-gnu + exit ;; + ppc:Linux:*:*) + echo powerpc-unknown-linux-gnu exit ;; s390:Linux:*:* | s390x:Linux:*:*) echo ${UNAME_MACHINE}-ibm-linux @@ -986,66 +977,6 @@ xtensa*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; - i*86:Linux:*:*) - # The BFD linker knows what the default object file format is, so - # first see if it will tell us. cd to the root directory to prevent - # problems with other programs or directories called `ld' in the path. - # Set LC_ALL=C to ensure ld outputs messages in English. - ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \ - | sed -ne '/supported targets:/!d - s/[ ][ ]*/ /g - s/.*supported targets: *// - s/ .*// - p'` - case "$ld_supported_targets" in - elf32-i386) - TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu" - ;; - a.out-i386-linux) - echo "${UNAME_MACHINE}-pc-linux-gnuaout" - exit ;; - "") - # Either a pre-BFD a.out linker (linux-gnuoldld) or - # one that does not give us useful --help. - echo "${UNAME_MACHINE}-pc-linux-gnuoldld" - exit ;; - esac - # Determine whether the default compiler is a.out or elf - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #include - #ifdef __ELF__ - # ifdef __GLIBC__ - # if __GLIBC__ >= 2 - LIBC=gnu - # else - LIBC=gnulibc1 - # endif - # else - LIBC=gnulibc1 - # endif - #else - #if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC) - LIBC=gnu - #else - LIBC=gnuaout - #endif - #endif - #ifdef __dietlibc__ - LIBC=dietlibc - #endif -EOF - eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' - /^LIBC/{ - s: ::g - p - }'`" - test x"${LIBC}" != x && { - echo "${UNAME_MACHINE}-pc-linux-${LIBC}" - exit - } - test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; } - ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. # earlier versions are messed up and put the nodename in both @@ -1074,7 +1005,7 @@ i*86:syllable:*:*) echo ${UNAME_MACHINE}-pc-syllable exit ;; - i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*) + i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) echo i386-unknown-lynxos${UNAME_RELEASE} exit ;; i*86:*DOS:*:*) @@ -1182,7 +1113,7 @@ rs6000:LynxOS:2.*:*) echo rs6000-unknown-lynxos${UNAME_RELEASE} exit ;; - PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*) + PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) echo powerpc-unknown-lynxos${UNAME_RELEASE} exit ;; SM[BE]S:UNIX_SV:*:*) @@ -1275,6 +1206,16 @@ *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown case $UNAME_PROCESSOR in + i386) + eval $set_cc_for_build + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + UNAME_PROCESSOR="x86_64" + fi + fi ;; unknown) UNAME_PROCESSOR=powerpc ;; esac echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} diff -Nru opensc-0.11.13/config.h.in opensc-0.12.1/config.h.in --- opensc-0.11.13/config.h.in 2010-02-16 09:32:17.000000000 +0000 +++ opensc-0.12.1/config.h.in 2011-05-18 05:51:47.000000000 +0000 @@ -6,8 +6,11 @@ /* Default PC/SC provider */ #undef DEFAULT_PCSC_PROVIDER -/* Use iconv libraries and header files */ -#undef ENABLE_ICONV +/* Enable CT-API support */ +#undef ENABLE_CTAPI + +/* Enable minidriver support */ +#undef ENABLE_MINIDRIVER /* Have OpenCT libraries and header files */ #undef ENABLE_OPENCT @@ -42,20 +45,20 @@ /* Define to 1 if you have the `getopt_long' function. */ #undef HAVE_GETOPT_LONG +/* Define to 1 if you have the `getopt_long_only' function. */ +#undef HAVE_GETOPT_LONG_ONLY + /* Define to 1 if you have the `getpass' function. */ #undef HAVE_GETPASS /* Define to 1 if you have the `gettimeofday' function. */ #undef HAVE_GETTIMEOFDAY -/* Define to 1 if you have the header file. */ -#undef HAVE_ICONV_H - /* Define to 1 if you have the header file. */ #undef HAVE_INTTYPES_H -/* Define to 1 if you have the header file. */ -#undef HAVE_LOCALE_H +/* Define to 1 if you have the header file. */ +#undef HAVE_LTDL_H /* Define to 1 if you have the header file. */ #undef HAVE_MALLOC_H @@ -75,12 +78,6 @@ /* Define to 1 if you have the header file. */ #undef HAVE_READLINE_READLINE_H -/* Define to 1 if you have the `setlocale' function. */ -#undef HAVE_SETLOCALE - -/* Define to 1 if you have the `setutent' function. */ -#undef HAVE_SETUTENT - /* Define to 1 if `stat' has the bug that it succeeds when given the zero-length file name argument. */ #undef HAVE_STAT_EMPTY_STRING_BUG @@ -103,9 +100,15 @@ /* Define to 1 if you have the header file. */ #undef HAVE_STRING_H +/* Define to 1 if you have the `strlcat' function. */ +#undef HAVE_STRLCAT + /* Define to 1 if you have the `strlcpy' function. */ #undef HAVE_STRLCPY +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_MMAN_H + /* Define to 1 if you have the header file. */ #undef HAVE_SYS_STAT_H @@ -124,9 +127,6 @@ /* Define to 1 if you have the `vprintf' function. */ #undef HAVE_VPRINTF -/* Define to 1 if you have the `vsyslog' function. */ -#undef HAVE_VSYSLOG - /* Define to 1 if you have the header file. */ #undef HAVE_WINSCARD_H @@ -141,6 +141,9 @@ */ #undef LT_OBJDIR +/* Define to 1 if assertions should be disabled. */ +#undef NDEBUG + /* Enabled OpenSC features */ #undef OPENSC_FEATURES @@ -174,13 +177,13 @@ /* Define to the version of this package. */ #undef PACKAGE_VERSION -/* PIN-entry program for OpenSC Signer */ -#undef PIN_ENTRY - /* Define to necessary symbol if this constant uses a non-standard name on your system. */ #undef PTHREAD_CREATE_JOINABLE +/* The size of `void *', as computed by sizeof. */ +#undef SIZEOF_VOID_P + /* Define to 1 if you have the ANSI C header files. */ #undef STDC_HEADERS diff -Nru opensc-0.11.13/config.sub opensc-0.12.1/config.sub --- opensc-0.11.13/config.sub 2010-02-16 09:32:17.000000000 +0000 +++ opensc-0.12.1/config.sub 2011-05-18 05:51:48.000000000 +0000 @@ -1,10 +1,10 @@ #! /bin/sh # Configuration validation subroutine script. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 # Free Software Foundation, Inc. -timestamp='2009-04-17' +timestamp='2010-01-22' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software @@ -32,13 +32,16 @@ # Please send patches to . Submit a context -# diff and a properly formatted ChangeLog entry. +# diff and a properly formatted GNU ChangeLog entry. # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. # If it is invalid, we print an error message on stderr and exit with code 1. # Otherwise, we print the canonical config type on stdout and succeed. +# You can get the latest version of this script from: +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD + # This file is supposed to be the same for all GNU packages # and recognize all the CPU types, system types and aliases # that are meaningful with *any* GNU software. @@ -72,8 +75,9 @@ version="\ GNU config.sub ($timestamp) -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, -2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, +2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free +Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -149,10 +153,13 @@ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ - -apple | -axis | -knuth | -cray) + -apple | -axis | -knuth | -cray | -microblaze) os= basic_machine=$1 ;; + -bluegene*) + os=-cnk + ;; -sim | -cisco | -oki | -wec | -winbond) os= basic_machine=$1 @@ -281,6 +288,7 @@ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ | pyramid \ + | rx \ | score \ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ @@ -288,13 +296,14 @@ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ | spu | strongarm \ | tahoe | thumb | tic4x | tic80 | tron \ + | ubicom32 \ | v850 | v850e \ | we32k \ | x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \ | z8k | z80) basic_machine=$basic_machine-unknown ;; - m6811 | m68hc11 | m6812 | m68hc12) + m6811 | m68hc11 | m6812 | m68hc12 | picochip) # Motorola 68HC11/12. basic_machine=$basic_machine-unknown os=-none @@ -337,7 +346,7 @@ | lm32-* \ | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ + | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips16-* \ | mips64-* | mips64el-* \ @@ -365,15 +374,17 @@ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ | pyramid-* \ - | romp-* | rs6000-* \ + | romp-* | rs6000-* | rx-* \ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \ | tahoe-* | thumb-* \ - | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* | tile-* \ + | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ + | tile-* | tilegx-* \ | tron-* \ + | ubicom32-* \ | v850-* | v850e-* | vax-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \ @@ -467,6 +478,10 @@ basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` os=-linux ;; + bluegene*) + basic_machine=powerpc-ibm + os=-cnk + ;; c90) basic_machine=c90-cray os=-unicos @@ -719,6 +734,9 @@ basic_machine=ns32k-utek os=-sysv ;; + microblaze) + basic_machine=microblaze-xilinx + ;; mingw32) basic_machine=i386-pc os=-mingw32 @@ -1069,6 +1087,11 @@ basic_machine=tic6x-unknown os=-coff ;; + # This must be matched before tile*. + tilegx*) + basic_machine=tilegx-unknown + os=-linux-gnu + ;; tile*) basic_machine=tile-unknown os=-linux-gnu @@ -1240,6 +1263,9 @@ # First match some system type aliases # that might get confused with valid system types. # -solaris* is a basic system type, with this one exception. + -auroraux) + os=-auroraux + ;; -solaris1 | -solaris1.*) os=`echo $os | sed -e 's|solaris1|sunos4|'` ;; @@ -1260,9 +1286,9 @@ # Each alternative MUST END IN A *, to match a version number. # -sysv* is not here because it comes later, after sysvr4. -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ - | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ - | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ - | -kopensolaris* \ + | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ + | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ + | -sym* | -kopensolaris* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ | -aos* | -aros* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ @@ -1283,7 +1309,7 @@ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos* | -toppers* | -drops*) + | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1416,6 +1442,8 @@ -dicos*) os=-dicos ;; + -nacl*) + ;; -none) ;; *) @@ -1613,7 +1641,7 @@ -sunos*) vendor=sun ;; - -aix*) + -cnk*|-aix*) vendor=ibm ;; -beos*) diff -Nru opensc-0.11.13/configure opensc-0.12.1/configure --- opensc-0.11.13/configure 2010-02-16 09:32:16.000000000 +0000 +++ opensc-0.12.1/configure 2011-05-18 05:51:47.000000000 +0000 @@ -1,11 +1,13 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.64 for opensc 0.11.13. +# Generated by GNU Autoconf 2.67 for opensc 0.12.1. +# # # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, -# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software +# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software # Foundation, Inc. # +# # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. ## -------------------- ## @@ -314,7 +316,7 @@ test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" - } || test -d "$as_dir" || as_fn_error "cannot create directory $as_dir" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p @@ -354,19 +356,19 @@ fi # as_fn_arith -# as_fn_error ERROR [LINENO LOG_FD] -# --------------------------------- +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the -# script with status $?, using 1 if that was 0. +# script with STATUS, using 1 if that was 0. as_fn_error () { - as_status=$?; test $as_status -eq 0 && as_status=1 - if test "$3"; then - as_lineno=${as_lineno-"$2"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - $as_echo "$as_me:${as_lineno-$LINENO}: error: $1" >&$3 + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi - $as_echo "$as_me: error: $1" >&2 + $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error @@ -673,10 +675,11 @@ -exec 7<&0 &1 +test -n "$DJDIR" || exec 7<&0 &1 # Name of the host. -# hostname on some systems (SVR3.2, Linux) returns a bogus exit status, +# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, # so uname gets run too. ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` @@ -695,8 +698,8 @@ # Identity of this package. PACKAGE_NAME='opensc' PACKAGE_TARNAME='opensc' -PACKAGE_VERSION='0.11.13' -PACKAGE_STRING='opensc 0.11.13' +PACKAGE_VERSION='0.12.1' +PACKAGE_STRING='opensc 0.12.1' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -740,35 +743,30 @@ ac_subst_vars='am__EXEEXT_FALSE am__EXEEXT_TRUE LTLIBOBJS +ENABLE_MINIDRIVER_FALSE +ENABLE_MINIDRIVER_TRUE CYGWIN_FALSE CYGWIN_TRUE WIN32_FALSE WIN32_TRUE ENABLE_DOC_FALSE ENABLE_DOC_TRUE -ENABLE_NSPLUGIN_FALSE -ENABLE_NSPLUGIN_TRUE ENABLE_OPENCT_FALSE ENABLE_OPENCT_TRUE ENABLE_OPENSSL_FALSE ENABLE_OPENSSL_TRUE -ENABLE_ICONV_FALSE -ENABLE_ICONV_TRUE ENABLE_READLINE_FALSE ENABLE_READLINE_TRUE ENABLE_ZLIB_FALSE ENABLE_ZLIB_TRUE ENABLE_MAN_FALSE ENABLE_MAN_TRUE -SVN_CHECKOUT_FALSE -SVN_CHECKOUT_TRUE +LIBRARY_BITNESS OPTIONAL_PCSC_CFLAGS OPTIONAL_OPENCT_LIBS OPTIONAL_OPENCT_CFLAGS OPTIONAL_OPENSSL_LIBS OPTIONAL_OPENSSL_CFLAGS -OPTIONAL_ICONV_LIBS -OPTIONAL_ICONV_CFLAGS OPTIONAL_READLINE_LIBS OPTIONAL_READLINE_CFLAGS OPTIONAL_ZLIB_LIBS @@ -783,21 +781,13 @@ OPENSC_VERSION_MINOR OPENSC_VERSION_MAJOR xslstylesheetsdir -pkgconfigdir -plugindir pkcs11dir -openscincludedir -LIBASSUAN_LIBS -LIBASSUAN_CFLAGS -LIBASSUAN_CONFIG PCSC_LIBS PCSC_CFLAGS OPENCT_LIBS OPENCT_CFLAGS OPENSSL_LIBS OPENSSL_CFLAGS -ICONV_LIBS -ICONV_CFLAGS READLINE_LIBS READLINE_CFLAGS ZLIB_LIBS @@ -809,11 +799,8 @@ LTLIB_LIBS LTLIB_CFLAGS LIBOBJS -TR -WGET_OPTS -WGET -SVN XSLTPROC +SVN RC OTOOL64 OTOOL @@ -837,6 +824,8 @@ EGREP GREP CPP +PKG_CONFIG_LIBDIR +PKG_CONFIG_PATH PKG_CONFIG am__fastdepCC_FALSE am__fastdepCC_TRUE @@ -932,24 +921,22 @@ enable_pedantic enable_zlib enable_readline -enable_iconv enable_openssl enable_openct enable_pcsc -enable_nsplugin +enable_ctapi +enable_minidriver enable_man enable_doc with_xsl_stylesheetsdir -with_plugindir with_pcsc_provider -with_pinentry enable_shared enable_static with_pic enable_fast_install with_gnu_ld enable_libtool_lock -with_libassuan_prefix +enable_assert ' ac_precious_vars='build_alias host_alias @@ -960,20 +947,17 @@ LIBS CPPFLAGS PKG_CONFIG +PKG_CONFIG_PATH +PKG_CONFIG_LIBDIR CPP -XSLTPROC SVN -WGET -WGET_OPTS -TR +XSLTPROC LTLIB_CFLAGS LTLIB_LIBS ZLIB_CFLAGS ZLIB_LIBS READLINE_CFLAGS READLINE_LIBS -ICONV_CFLAGS -ICONV_LIBS OPENSSL_CFLAGS OPENSSL_LIBS OPENCT_CFLAGS @@ -1042,8 +1026,9 @@ fi case $ac_option in - *=*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; - *) ac_optarg=yes ;; + *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; + *=) ac_optarg= ;; + *) ac_optarg=yes ;; esac # Accept the important Cygnus configure options, so we can diagnose typos. @@ -1088,7 +1073,7 @@ ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error "invalid feature name: $ac_useropt" + as_fn_error $? "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -1114,7 +1099,7 @@ ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error "invalid feature name: $ac_useropt" + as_fn_error $? "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -1318,7 +1303,7 @@ ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error "invalid package name: $ac_useropt" + as_fn_error $? "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -1334,7 +1319,7 @@ ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error "invalid package name: $ac_useropt" + as_fn_error $? "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -1364,8 +1349,8 @@ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) x_libraries=$ac_optarg ;; - -*) as_fn_error "unrecognized option: \`$ac_option' -Try \`$0 --help' for more information." + -*) as_fn_error $? "unrecognized option: \`$ac_option' +Try \`$0 --help' for more information" ;; *=*) @@ -1373,7 +1358,7 @@ # Reject names that are not valid shell variable names. case $ac_envvar in #( '' | [0-9]* | *[!_$as_cr_alnum]* ) - as_fn_error "invalid variable name: \`$ac_envvar'" ;; + as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; esac eval $ac_envvar=\$ac_optarg export $ac_envvar ;; @@ -1391,13 +1376,13 @@ if test -n "$ac_prev"; then ac_option=--`echo $ac_prev | sed 's/_/-/g'` - as_fn_error "missing argument to $ac_option" + as_fn_error $? "missing argument to $ac_option" fi if test -n "$ac_unrecognized_opts"; then case $enable_option_checking in no) ;; - fatal) as_fn_error "unrecognized options: $ac_unrecognized_opts" ;; + fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; esac fi @@ -1420,7 +1405,7 @@ [\\/$]* | ?:[\\/]* ) continue;; NONE | '' ) case $ac_var in *prefix ) continue;; esac;; esac - as_fn_error "expected an absolute directory name for --$ac_var: $ac_val" + as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" done # There might be people who depend on the old broken behavior: `$host' @@ -1434,8 +1419,8 @@ if test "x$host_alias" != x; then if test "x$build_alias" = x; then cross_compiling=maybe - $as_echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host. - If a cross compiler is detected then cross compile mode will be used." >&2 + $as_echo "$as_me: WARNING: if you wanted to set the --build type, don't use --host. + If a cross compiler is detected then cross compile mode will be used" >&2 elif test "x$build_alias" != "x$host_alias"; then cross_compiling=yes fi @@ -1450,9 +1435,9 @@ ac_pwd=`pwd` && test -n "$ac_pwd" && ac_ls_di=`ls -di .` && ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || - as_fn_error "working directory cannot be determined" + as_fn_error $? "working directory cannot be determined" test "X$ac_ls_di" = "X$ac_pwd_ls_di" || - as_fn_error "pwd does not report name of working directory" + as_fn_error $? "pwd does not report name of working directory" # Find the source files, if location was not specified. @@ -1491,11 +1476,11 @@ fi if test ! -r "$srcdir/$ac_unique_file"; then test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." - as_fn_error "cannot find sources ($ac_unique_file) in $srcdir" + as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" fi ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" ac_abs_confdir=`( - cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error "$ac_msg" + cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" pwd)` # When building in place, set srcdir=. if test "$ac_abs_confdir" = "$ac_pwd"; then @@ -1521,7 +1506,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures opensc 0.11.13 to adapt to many kinds of systems. +\`configure' configures opensc 0.12.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1535,7 +1520,7 @@ --help=short display options specific to this package --help=recursive display the short help of all the included packages -V, --version display version information and exit - -q, --quiet, --silent do not print \`checking...' messages + -q, --quiet, --silent do not print \`checking ...' messages --cache-file=FILE cache test results in FILE [disabled] -C, --config-cache alias for \`--cache-file=config.cache' -n, --no-create do not create output files @@ -1591,7 +1576,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of opensc 0.11.13:";; + short | recursive ) echo "Configuration of opensc 0.12.1:";; esac cat <<\_ACEOF @@ -1605,11 +1590,11 @@ --enable-pedantic enable pedantic compile mode [disabled] --enable-zlib enable zlib linkage [detect] --enable-readline enable readline linkage [detect] - --enable-iconv enable iconv linkage [detect] --enable-openssl enable openssl linkage [detect] --enable-openct enable openct linkage [disabled] - --enable-pcsc enable pcsc support [disabled] - --enable-nsplugin enable nsplugin (signer) [disabled] + --disable-pcsc disable pcsc support [enabled] + --enable-ctapi enable CT-API support [disabled] + --enable-minidriver enable minidriver on Windows [disabled] --disable-man disable installation of manuals [enabled for none Windows] --enable-doc enable installation of documents [disabled] @@ -1618,6 +1603,7 @@ --enable-fast-install[=PKGS] optimize for fast installation [default=yes] --disable-libtool-lock avoid locking (might break parallel builds) + --disable-assert turn off assertions Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] @@ -1625,17 +1611,11 @@ --with-cygwin-native compile native win32 --with-xsl-stylesheetsdir=PATH docbook xsl-stylesheets for svn build [detect] - --with-plugindir=PATH install Mozilla plugin to PATH - [LIBDIR/mozilla/plugins] --with-pcsc-provider=PATH Path to system pcsc provider [system default] - --with-pinentry=PROG run PROG as PIN-entry for OpenSC Signer - @<:/usr/bin/gpinentry:>@ --with-pic try to use only PIC/non-PIC objects [default=use both] --with-gnu-ld assume the C compiler uses GNU ld [default=no] - --with-libassuan-prefix=PFX - prefix where LIBASSUAN is installed (optional) Some influential environment variables: CC C compiler command @@ -1643,15 +1623,16 @@ LDFLAGS linker flags, e.g. -L if you have libraries in a nonstandard directory LIBS libraries to pass to the linker, e.g. -l - CPPFLAGS C/C++/Objective C preprocessor flags, e.g. -I if + CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I if you have headers in a nonstandard directory PKG_CONFIG path to pkg-config utility + PKG_CONFIG_PATH + directories to add to pkg-config's search path + PKG_CONFIG_LIBDIR + path overriding pkg-config's built-in search path CPP C preprocessor - XSLTPROC xsltproc utility SVN subversion utility - WGET wget utility - WGET_OPTS wget options - TR tr utility + XSLTPROC xsltproc utility LTLIB_CFLAGS C compiler flags for libltdl LTLIB_LIBS linker flags for libltdl @@ -1661,9 +1642,6 @@ C compiler flags for readline READLINE_LIBS linker flags for readline - ICONV_CFLAGS - C compiler flags for iconv - ICONV_LIBS linker flags for iconv OPENSSL_CFLAGS C compiler flags for OPENSSL, overriding pkg-config OPENSSL_LIBS @@ -1740,10 +1718,10 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -opensc configure 0.11.13 -generated by GNU Autoconf 2.64 +opensc configure 0.12.1 +generated by GNU Autoconf 2.67 -Copyright (C) 2009 Free Software Foundation, Inc. +Copyright (C) 2010 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF @@ -1788,7 +1766,7 @@ ac_retval=1 fi eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} - return $ac_retval + as_fn_set_status $ac_retval } # ac_fn_c_try_compile @@ -1830,7 +1808,7 @@ fi rm -rf conftest.dSYM conftest_ipa8_conftest.oo eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} - return $ac_retval + as_fn_set_status $ac_retval } # ac_fn_c_try_run @@ -1855,7 +1833,7 @@ mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } >/dev/null && { + test $ac_status = 0; } > conftest.i && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then : @@ -1867,7 +1845,7 @@ ac_retval=1 fi eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} - return $ac_retval + as_fn_set_status $ac_retval } # ac_fn_c_try_cpp @@ -1880,7 +1858,7 @@ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } -if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : +if eval "test \"\${$3+set}\"" = set; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -1944,7 +1922,7 @@ # left behind by Apple's compiler. We do this before executing the actions. rm -rf conftest.dSYM conftest_ipa8_conftest.oo eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} - return $ac_retval + as_fn_set_status $ac_retval } # ac_fn_c_try_link @@ -1956,7 +1934,7 @@ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } -if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : +if eval "test \"\${$3+set}\"" = set; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -2023,10 +2001,10 @@ ac_fn_c_check_header_mongrel () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : + if eval "test \"\${$3+set}\"" = set; then : { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } -if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : +if eval "test \"\${$3+set}\"" = set; then : $as_echo_n "(cached) " >&6 fi eval ac_res=\$$3 @@ -2062,7 +2040,7 @@ else ac_header_preproc=no fi -rm -f conftest.err conftest.$ac_ext +rm -f conftest.err conftest.i conftest.$ac_ext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } @@ -2089,7 +2067,7 @@ esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } -if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : +if eval "test \"\${$3+set}\"" = set; then : $as_echo_n "(cached) " >&6 else eval "$3=\$ac_header_compiler" @@ -2111,7 +2089,7 @@ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } -if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : +if eval "test \"\${$3+set}\"" = set; then : $as_echo_n "(cached) " >&6 else eval "$3=no" @@ -2155,12 +2133,190 @@ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} } # ac_fn_c_check_type + +# ac_fn_c_compute_int LINENO EXPR VAR INCLUDES +# -------------------------------------------- +# Tries to find the compile-time value of EXPR in a program that includes +# INCLUDES, setting VAR accordingly. Returns whether the value could be +# computed +ac_fn_c_compute_int () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if test "$cross_compiling" = yes; then + # Depending upon the size, compute the lo and hi bounds. +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +static int test_array [1 - 2 * !(($2) >= 0)]; +test_array [0] = 0 + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_lo=0 ac_mid=0 + while :; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +static int test_array [1 - 2 * !(($2) <= $ac_mid)]; +test_array [0] = 0 + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_hi=$ac_mid; break +else + as_fn_arith $ac_mid + 1 && ac_lo=$as_val + if test $ac_lo -le $ac_mid; then + ac_lo= ac_hi= + break + fi + as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + done +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +static int test_array [1 - 2 * !(($2) < 0)]; +test_array [0] = 0 + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_hi=-1 ac_mid=-1 + while :; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +static int test_array [1 - 2 * !(($2) >= $ac_mid)]; +test_array [0] = 0 + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_lo=$ac_mid; break +else + as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val + if test $ac_mid -le $ac_hi; then + ac_lo= ac_hi= + break + fi + as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + done +else + ac_lo= ac_hi= +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +# Binary search between lo and hi bounds. +while test "x$ac_lo" != "x$ac_hi"; do + as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +static int test_array [1 - 2 * !(($2) <= $ac_mid)]; +test_array [0] = 0 + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_hi=$ac_mid +else + as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +done +case $ac_lo in #(( +?*) eval "$3=\$ac_lo"; ac_retval=0 ;; +'') ac_retval=1 ;; +esac + else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +static long int longval () { return $2; } +static unsigned long int ulongval () { return $2; } +#include +#include +int +main () +{ + + FILE *f = fopen ("conftest.val", "w"); + if (! f) + return 1; + if (($2) < 0) + { + long int i = longval (); + if (i != ($2)) + return 1; + fprintf (f, "%ld", i); + } + else + { + unsigned long int i = ulongval (); + if (i != ($2)) + return 1; + fprintf (f, "%lu", i); + } + /* Do not output a trailing newline, as this causes \r\n confusion + on some platforms. */ + return ferror (f) || fclose (f) != 0; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + echo >>conftest.val; read $3 config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by opensc $as_me 0.11.13, which was -generated by GNU Autoconf 2.64. Invocation command line was +It was created by opensc $as_me 0.12.1, which was +generated by GNU Autoconf 2.67. Invocation command line was $ $0 $@ @@ -2270,11 +2426,9 @@ { echo - cat <<\_ASBOX -## ---------------- ## + $as_echo "## ---------------- ## ## Cache variables. ## -## ---------------- ## -_ASBOX +## ---------------- ##" echo # The following way of writing the cache mishandles newlines in values, ( @@ -2308,11 +2462,9 @@ ) echo - cat <<\_ASBOX -## ----------------- ## + $as_echo "## ----------------- ## ## Output variables. ## -## ----------------- ## -_ASBOX +## ----------------- ##" echo for ac_var in $ac_subst_vars do @@ -2325,11 +2477,9 @@ echo if test -n "$ac_subst_files"; then - cat <<\_ASBOX -## ------------------- ## + $as_echo "## ------------------- ## ## File substitutions. ## -## ------------------- ## -_ASBOX +## ------------------- ##" echo for ac_var in $ac_subst_files do @@ -2343,11 +2493,9 @@ fi if test -s confdefs.h; then - cat <<\_ASBOX -## ----------- ## + $as_echo "## ----------- ## ## confdefs.h. ## -## ----------- ## -_ASBOX +## ----------- ##" echo cat confdefs.h echo @@ -2402,7 +2550,12 @@ ac_site_file1=NONE ac_site_file2=NONE if test -n "$CONFIG_SITE"; then - ac_site_file1=$CONFIG_SITE + # We do not want a PATH search for config.site. + case $CONFIG_SITE in #(( + -*) ac_site_file1=./$CONFIG_SITE;; + */*) ac_site_file1=$CONFIG_SITE;; + *) ac_site_file1=./$CONFIG_SITE;; + esac elif test "x$prefix" != xNONE; then ac_site_file1=$prefix/share/config.site ac_site_file2=$prefix/etc/config.site @@ -2413,18 +2566,22 @@ for ac_site_file in "$ac_site_file1" "$ac_site_file2" do test "x$ac_site_file" = xNONE && continue - if test -r "$ac_site_file"; then + if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 $as_echo "$as_me: loading site script $ac_site_file" >&6;} sed 's/^/| /' "$ac_site_file" >&5 - . "$ac_site_file" + . "$ac_site_file" \ + || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "failed to load site script $ac_site_file +See \`config.log' for more details" "$LINENO" 5 ; } fi done if test -r "$cache_file"; then - # Some versions of bash will fail to source /dev/null (special - # files actually), so we avoid doing that. - if test -f "$cache_file"; then + # Some versions of bash will fail to source /dev/null (special files + # actually), so we avoid doing that. DJGPP emulates it as a regular file. + if test /dev/null != "$cache_file" && test -f "$cache_file"; then { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 $as_echo "$as_me: loading cache $cache_file" >&6;} case $cache_file in @@ -2493,7 +2650,7 @@ $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 $as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} - as_fn_error "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 + as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 fi ## -------------------- ## ## Main body of script. ## @@ -2508,16 +2665,22 @@ ac_aux_dir= for ac_dir in . "$srcdir"/.; do - for ac_t in install-sh install.sh shtool; do - if test -f "$ac_dir/$ac_t"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/$ac_t -c" - break 2 - fi - done + if test -f "$ac_dir/install-sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install-sh -c" + break + elif test -f "$ac_dir/install.sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install.sh -c" + break + elif test -f "$ac_dir/shtool"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/shtool install -c" + break + fi done if test -z "$ac_aux_dir"; then - as_fn_error "cannot find install-sh, install.sh, or shtool in . \"$srcdir\"/." "$LINENO" 5 + as_fn_error $? "cannot find install-sh, install.sh, or shtool in . \"$srcdir\"/." "$LINENO" 5 fi # These three variables are undocumented and unsupported, @@ -2638,11 +2801,11 @@ ' case `pwd` in *[\\\"\#\$\&\'\`$am_lf]*) - as_fn_error "unsafe absolute working directory name" "$LINENO" 5;; + as_fn_error $? "unsafe absolute working directory name" "$LINENO" 5 ;; esac case $srcdir in *[\\\"\#\$\&\'\`$am_lf\ \ ]*) - as_fn_error "unsafe srcdir value: \`$srcdir'" "$LINENO" 5;; + as_fn_error $? "unsafe srcdir value: \`$srcdir'" "$LINENO" 5 ;; esac # Do `set' in a subshell so we don't clobber the current shell's @@ -2664,7 +2827,7 @@ # if, for instance, CONFIG_SHELL is bash and it inherits a # broken ls alias from the environment. This has actually # happened. Such a system could not be considered "sane". - as_fn_error "ls -t appears to fail. Make sure there is not a broken + as_fn_error $? "ls -t appears to fail. Make sure there is not a broken alias in your environment" "$LINENO" 5 fi @@ -2674,7 +2837,7 @@ # Ok. : else - as_fn_error "newly created file is older than distributed files! + as_fn_error $? "newly created file is older than distributed files! Check your system clock" "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 @@ -2846,6 +3009,7 @@ fi + test -d ./--version && rmdir ./--version if test "${ac_cv_path_mkdir+set}" = set; then MKDIR_P="$ac_cv_path_mkdir -p" else @@ -2853,7 +3017,6 @@ # value for MKDIR_P within a source directory, because that will # break other packages using the cache if that directory is # removed, or if the value is a relative name. - test -d ./--version && rmdir ./--version MKDIR_P="$ac_install_sh -d" fi fi @@ -2912,7 +3075,7 @@ $as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } set x ${MAKE-make} ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` -if { as_var=ac_cv_prog_make_${ac_make}_set; eval "test \"\${$as_var+set}\" = set"; }; then : +if eval "test \"\${ac_cv_prog_make_${ac_make}_set+set}\"" = set; then : $as_echo_n "(cached) " >&6 else cat >conftest.make <<\_ACEOF @@ -2920,7 +3083,7 @@ all: @echo '@@@%%%=$(MAKE)=@@@%%%' _ACEOF -# GNU make sometimes prints "make[1]: Entering...", which would confuse us. +# GNU make sometimes prints "make[1]: Entering ...", which would confuse us. case `${MAKE-make} -f conftest.make 2>/dev/null` in *@@@%%%=?*=@@@%%%*) eval ac_cv_prog_make_${ac_make}_set=yes;; @@ -2954,7 +3117,7 @@ am__isrc=' -I$(srcdir)' # test to see if srcdir already configured if test -f $srcdir/config.status; then - as_fn_error "source directory already configured; run \"make distclean\" there first" "$LINENO" 5 + as_fn_error $? "source directory already configured; run \"make distclean\" there first" "$LINENO" 5 fi fi @@ -2969,8 +3132,8 @@ # Define the identity of the package. - PACKAGE=${PACKAGE_NAME} - VERSION=${PACKAGE_VERSION} + PACKAGE='opensc' + VERSION='0.12.1' cat >>confdefs.h <<_ACEOF @@ -3012,15 +3175,15 @@ OPENSC_VERSION_MAJOR="0" -OPENSC_VERSION_MINOR="11" -OPENSC_VERSION_FIX="13" +OPENSC_VERSION_MINOR="12" +OPENSC_VERSION_FIX="1" # LT Version numbers, remember to change them just *before* a release. # (Code changed: REVISION++) # (Oldest interface removed: OLDEST++) # (Interfaces added: CURRENT++, REVISION=0) -OPENSC_LT_CURRENT="2" -OPENSC_LT_OLDEST="2" +OPENSC_LT_CURRENT="3" +OPENSC_LT_OLDEST="3" OPENSC_LT_REVISION="0" OPENSC_LT_AGE="0" OPENSC_LT_AGE="$((${OPENSC_LT_CURRENT}-${OPENSC_LT_OLDEST}))" @@ -3029,7 +3192,7 @@ # Make sure we can run config.sub. $SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || - as_fn_error "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 + as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 $as_echo_n "checking build system type... " >&6; } @@ -3040,16 +3203,16 @@ test "x$ac_build_alias" = x && ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` test "x$ac_build_alias" = x && - as_fn_error "cannot guess build type; you must specify one" "$LINENO" 5 + as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || - as_fn_error "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 + as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 $as_echo "$ac_cv_build" >&6; } case $ac_cv_build in *-*-*) ;; -*) as_fn_error "invalid value of canonical build" "$LINENO" 5;; +*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5 ;; esac build=$ac_cv_build ac_save_IFS=$IFS; IFS='-' @@ -3074,7 +3237,7 @@ ac_cv_host=$ac_cv_build else ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || - as_fn_error "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 + as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 fi fi @@ -3082,7 +3245,7 @@ $as_echo "$ac_cv_host" >&6; } case $ac_cv_host in *-*-*) ;; -*) as_fn_error "invalid value of canonical host" "$LINENO" 5;; +*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5 ;; esac host=$ac_cv_host ac_save_IFS=$IFS; IFS='-' @@ -3398,8 +3561,8 @@ test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error "no acceptable C compiler found in \$PATH -See \`config.log' for more details." "$LINENO" 5; } +as_fn_error $? "no acceptable C compiler found in \$PATH +See \`config.log' for more details" "$LINENO" 5 ; } # Provide some information about the compiler. $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 @@ -3420,32 +3583,30 @@ ... rest of stderr output deleted ... 10q' conftest.err >conftest.er1 cat conftest.er1 >&5 - rm -f conftest.er1 conftest.err fi + rm -f conftest.er1 conftest.err $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } done cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include + int main () { -FILE *f = fopen ("conftest.out", "w"); - return ferror (f) || fclose (f) != 0; ; return 0; } _ACEOF ac_clean_files_save=$ac_clean_files -ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out conftest.out" +ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" # Try to create an executable without -o first, disregard a.out. # It will help us diagnose broken compilers, and finding out an intuition # of exeext. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 -$as_echo_n "checking for C compiler default output file name... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 +$as_echo_n "checking whether the C compiler works... " >&6; } ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` # The possible output files: @@ -3507,62 +3668,28 @@ else ac_file='' fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 -$as_echo "$ac_file" >&6; } if test -z "$ac_file"; then : - $as_echo "$as_me: failed program was:" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +$as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -{ as_fn_set_status 77 -as_fn_error "C compiler cannot create executables -See \`config.log' for more details." "$LINENO" 5; }; } +as_fn_error 77 "C compiler cannot create executables +See \`config.log' for more details" "$LINENO" 5 ; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 +$as_echo_n "checking for C compiler default output file name... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 +$as_echo "$ac_file" >&6; } ac_exeext=$ac_cv_exeext -# Check that the compiler produces executables we can run. If not, either -# the compiler is broken, or we cross compile. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 -$as_echo_n "checking whether the C compiler works... " >&6; } -# If not cross compiling, check that we can run a simple program. -if test "$cross_compiling" != yes; then - if { ac_try='./$ac_file' - { { case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; }; then - cross_compiling=no - else - if test "$cross_compiling" = maybe; then - cross_compiling=yes - else - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error "cannot run C compiled programs. -If you meant to cross compile, use \`--host'. -See \`config.log' for more details." "$LINENO" 5; } - fi - fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out conftest.out +rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out ac_clean_files=$ac_clean_files_save -# Check that the compiler produces executables we can run. If not, either -# the compiler is broken, or we cross compile. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 -$as_echo_n "checking whether we are cross compiling... " >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 -$as_echo "$cross_compiling" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 $as_echo_n "checking for suffix of executables... " >&6; } if { { ac_try="$ac_link" @@ -3592,16 +3719,75 @@ else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error "cannot compute suffix of executables: cannot compile and link -See \`config.log' for more details." "$LINENO" 5; } +as_fn_error $? "cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details" "$LINENO" 5 ; } fi -rm -f conftest$ac_cv_exeext +rm -f conftest conftest$ac_cv_exeext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 $as_echo "$ac_cv_exeext" >&6; } rm -f conftest.$ac_ext EXEEXT=$ac_cv_exeext ac_exeext=$EXEEXT +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +FILE *f = fopen ("conftest.out", "w"); + return ferror (f) || fclose (f) != 0; + + ; + return 0; +} +_ACEOF +ac_clean_files="$ac_clean_files conftest.out" +# Check that the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 +$as_echo_n "checking whether we are cross compiling... " >&6; } +if test "$cross_compiling" != yes; then + { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if { ac_try='./conftest$ac_cv_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then + cross_compiling=no + else + if test "$cross_compiling" = maybe; then + cross_compiling=yes + else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot run C compiled programs. +If you meant to cross compile, use \`--host'. +See \`config.log' for more details" "$LINENO" 5 ; } + fi + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 +$as_echo "$cross_compiling" >&6; } + +rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out +ac_clean_files=$ac_clean_files_save { $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 $as_echo_n "checking for suffix of object files... " >&6; } if test "${ac_cv_objext+set}" = set; then : @@ -3644,8 +3830,8 @@ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error "cannot compute suffix of object files: cannot compile -See \`config.log' for more details." "$LINENO" 5; } +as_fn_error $? "cannot compute suffix of object files: cannot compile +See \`config.log' for more details" "$LINENO" 5 ; } fi rm -f conftest.$ac_cv_objext conftest.$ac_ext fi @@ -4056,6 +4242,10 @@ + + + + if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. @@ -4168,7 +4358,6 @@ $as_echo "no" >&6; } PKG_CONFIG="" fi - fi ac_ext=c @@ -4213,7 +4402,7 @@ # Broken: fails on valid input. continue fi -rm -f conftest.err conftest.$ac_ext +rm -f conftest.err conftest.i conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. @@ -4229,11 +4418,11 @@ ac_preproc_ok=: break fi -rm -f conftest.err conftest.$ac_ext +rm -f conftest.err conftest.i conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.err conftest.$ac_ext +rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok; then : break fi @@ -4272,7 +4461,7 @@ # Broken: fails on valid input. continue fi -rm -f conftest.err conftest.$ac_ext +rm -f conftest.err conftest.i conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. @@ -4288,18 +4477,18 @@ ac_preproc_ok=: break fi -rm -f conftest.err conftest.$ac_ext +rm -f conftest.err conftest.i conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.err conftest.$ac_ext +rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok; then : else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error "C preprocessor \"$CPP\" fails sanity check -See \`config.log' for more details." "$LINENO" 5; } +as_fn_error $? "C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details" "$LINENO" 5 ; } fi ac_ext=c @@ -4360,7 +4549,7 @@ done IFS=$as_save_IFS if test -z "$ac_cv_path_GREP"; then - as_fn_error "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_GREP=$GREP @@ -4426,7 +4615,7 @@ done IFS=$as_save_IFS if test -z "$ac_cv_path_EGREP"; then - as_fn_error "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_EGREP=$EGREP @@ -4558,8 +4747,7 @@ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default " -eval as_val=\$$as_ac_Header - if test "x$as_val" = x""yes; then : +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF @@ -4789,21 +4977,11 @@ ;; #( *) - as_fn_error "unknown endianness - presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;; + as_fn_error $? "unknown endianness + presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;; esac -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking svn checkout" >&5 -$as_echo_n "checking svn checkout... " >&6; } -if test -e "${srcdir}/packaged"; then - svn_checkout="no" -else - svn_checkout="yes" -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: ${svn_checkout}" >&5 -$as_echo "${svn_checkout}" >&6; } - # Check whether --with-cygwin-native was given. if test "${with_cygwin_native+set}" = set; then : @@ -4817,37 +4995,14 @@ test -z "${WIN32}" && WIN32="no" test -z "${CYGWIN}" && CYGWIN="no" case "${host}" in - *-*-hpux*) - CPPFLAGS="${CPPFLAGS} -D_HPUX_SOURCE -D_XOPEN_SOURCE_EXTENDED" - ;; *-*-solaris*) CPPFLAGS="${CPPFLAGS} -I/usr/local/include" LDFLAGS="${LDFLAGS} -L/usr/local/lib -R/usr/local/lib" - need_dash_r="1" ;; - *-*-sunos4*) - CPPFLAGS="${CPPFLAGS} -DSUNOS4" - ;; - *-*-aix*) - CPPFLAGS="${CPPFLAGS} -I/usr/local/include" - LDFLAGS="${LDFLAGS} -L/usr/local/lib" - if test "${LD}" != "gcc" -a -z "${blibpath}"; then - blibpath="/usr/lib:/lib:/usr/local/lib" - fi - ;; - *-*-osf*) - CPPFLAGS="${CPPFLAGS} -D_POSIX_PII_SOCKET" - ;; - *-*-darwin*) - LIBS="${LIBS} -Wl,-framework,CoreFoundation" - if test "${GCC}" = "yes"; then - CFLAGS="${CFLAGS} -no-cpp-precomp" - fi - ;; - *-mingw*|*-winnt*) - WIN32="yes" - CPPFLAGS="${CPPFLAGS} -DWIN32_LEAN_AND_MEAN" - WIN_LIBPREFIX="lib" + *-mingw*|*-winnt*) + WIN32="yes" + CPPFLAGS="${CPPFLAGS} -DWIN32_LEAN_AND_MEAN" + WIN_LIBPREFIX="lib" ;; *-cygwin*) { $as_echo "$as_me:${as_lineno-$LINENO}: checking cygwin mode to use" >&5 @@ -4907,15 +5062,6 @@ fi -# Check whether --enable-iconv was given. -if test "${enable_iconv+set}" = set; then : - enableval=$enable_iconv; -else - enable_iconv="detect" - -fi - - # Check whether --enable-openssl was given. if test "${enable_openssl+set}" = set; then : enableval=$enable_openssl; @@ -4938,16 +5084,25 @@ if test "${enable_pcsc+set}" = set; then : enableval=$enable_pcsc; else - enable_pcsc="no" + enable_pcsc="yes" fi -# Check whether --enable-nsplugin was given. -if test "${enable_nsplugin+set}" = set; then : - enableval=$enable_nsplugin; +# Check whether --enable-ctapi was given. +if test "${enable_ctapi+set}" = set; then : + enableval=$enable_ctapi; else - enable_nsplugin="no" + enable_ctapi="no" + +fi + + +# Check whether --enable-minidriver was given. +if test "${enable_minidriver+set}" = set; then : + enableval=$enable_minidriver; +else + enable_minidriver="no" fi @@ -4956,13 +5111,7 @@ if test "${enable_man+set}" = set; then : enableval=$enable_man; else - - if test "${WIN32}" = "yes"; then - enable_man="no" - else - enable_man="yes" - fi - + enable_man="detect" fi @@ -4987,16 +5136,6 @@ -# Check whether --with-plugindir was given. -if test "${with_plugindir+set}" = set; then : - withval=$with_plugindir; plugindir="${withval}" -else - plugindir="\$(libdir)/mozilla/plugins" - -fi - - - # Check whether --with-pcsc-provider was given. if test "${with_pcsc_provider+set}" = set; then : withval=$with_pcsc_provider; @@ -5005,17 +5144,14 @@ fi - - -# Check whether --with-pinentry was given. -if test "${with_pinentry+set}" = set; then : - withval=$with_pinentry; -else - with_pinentry="/usr/bin/gpinentry" - +reader_count="" +for rdriver in "${enable_pcsc}" "${enable_openct}" "${enable_ctapi}"; do + test "${rdriver}" = "yes" && reader_count="${reader_count}x" +done +if test "${reader_count}" != "x"; then + as_fn_error $? "Only one of --enable-pcsc, --enable-openct, --enable-ctapi can be specified!" "$LINENO" 5 fi - ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' @@ -5058,7 +5194,7 @@ # Broken: fails on valid input. continue fi -rm -f conftest.err conftest.$ac_ext +rm -f conftest.err conftest.i conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. @@ -5074,11 +5210,11 @@ ac_preproc_ok=: break fi -rm -f conftest.err conftest.$ac_ext +rm -f conftest.err conftest.i conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.err conftest.$ac_ext +rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok; then : break fi @@ -5117,7 +5253,7 @@ # Broken: fails on valid input. continue fi -rm -f conftest.err conftest.$ac_ext +rm -f conftest.err conftest.i conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. @@ -5133,18 +5269,18 @@ ac_preproc_ok=: break fi -rm -f conftest.err conftest.$ac_ext +rm -f conftest.err conftest.i conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.err conftest.$ac_ext +rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok; then : else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error "C preprocessor \"$CPP\" fails sanity check -See \`config.log' for more details." "$LINENO" 5; } +as_fn_error $? "C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details" "$LINENO" 5 ; } fi ac_ext=c @@ -5223,7 +5359,7 @@ done IFS=$as_save_IFS if test -z "$ac_cv_path_SED"; then - as_fn_error "no acceptable sed could be found in \$PATH" "$LINENO" 5 + as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5 fi else ac_cv_path_SED=$SED @@ -5239,7 +5375,7 @@ $as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } set x ${MAKE-make} ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` -if { as_var=ac_cv_prog_make_${ac_make}_set; eval "test \"\${$as_var+set}\" = set"; }; then : +if eval "test \"\${ac_cv_prog_make_${ac_make}_set+set}\"" = set; then : $as_echo_n "(cached) " >&6 else cat >conftest.make <<\_ACEOF @@ -5247,7 +5383,7 @@ all: @echo '@@@%%%=$(MAKE)=@@@%%%' _ACEOF -# GNU make sometimes prints "make[1]: Entering...", which would confuse us. +# GNU make sometimes prints "make[1]: Entering ...", which would confuse us. case `${MAKE-make} -f conftest.make 2>/dev/null` in *@@@%%%=?*=@@@%%%*) eval ac_cv_prog_make_${ac_make}_set=yes;; @@ -5276,8 +5412,8 @@ -macro_version='2.2.6' -macro_revision='1.3012' +macro_version='2.2.6b' +macro_revision='1.3017' @@ -5350,7 +5486,7 @@ done IFS=$as_save_IFS if test -z "$ac_cv_path_SED"; then - as_fn_error "no acceptable sed could be found in \$PATH" "$LINENO" 5 + as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5 fi else ac_cv_path_SED=$SED @@ -5429,7 +5565,7 @@ done IFS=$as_save_IFS if test -z "$ac_cv_path_FGREP"; then - as_fn_error "no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + as_fn_error $? "no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_FGREP=$FGREP @@ -5545,7 +5681,7 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi -test -z "$LD" && as_fn_error "no acceptable ld found in \$PATH" "$LINENO" 5 +test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 $as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; } if test "${lt_cv_prog_gnu_ld+set}" = set; then : @@ -5747,13 +5883,13 @@ else lt_cv_nm_interface="BSD nm" echo "int some_variable = 0;" > conftest.$ac_ext - (eval echo "\"\$as_me:5750: $ac_compile\"" >&5) + (eval echo "\"\$as_me:5886: $ac_compile\"" >&5) (eval "$ac_compile" 2>conftest.err) cat conftest.err >&5 - (eval echo "\"\$as_me:5753: $NM \\\"conftest.$ac_objext\\\"\"" >&5) + (eval echo "\"\$as_me:5889: $NM \\\"conftest.$ac_objext\\\"\"" >&5) (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) cat conftest.err >&5 - (eval echo "\"\$as_me:5756: output\"" >&5) + (eval echo "\"\$as_me:5892: output\"" >&5) cat conftest.out >&5 if $GREP 'External.*some_variable' conftest.out > /dev/null; then lt_cv_nm_interface="MS dumpbin" @@ -6205,7 +6341,7 @@ ;; # This must be Linux ELF. -linux* | k*bsd*-gnu) +linux* | k*bsd*-gnu | kopensolaris*-gnu) lt_cv_deplibs_check_method=pass_all ;; @@ -6944,7 +7080,7 @@ ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 6947 "configure"' > conftest.$ac_ext + echo '#line 7083 "configure"' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -8504,11 +8640,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8507: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8643: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:8511: \$? = $ac_status" >&5 + echo "$as_me:8647: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -8673,7 +8809,7 @@ lt_prog_compiler_static='-non_shared' ;; - linux* | k*bsd*-gnu) + linux* | k*bsd*-gnu | kopensolaris*-gnu) case $cc_basename in # old Intel for x86_64 which still supported -KPIC. ecc*) @@ -8843,11 +8979,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8846: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8982: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:8850: \$? = $ac_status" >&5 + echo "$as_me:8986: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -8948,11 +9084,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8951: $lt_compile\"" >&5) + (eval echo "\"\$as_me:9087: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:8955: \$? = $ac_status" >&5 + echo "$as_me:9091: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -9003,11 +9139,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:9006: $lt_compile\"" >&5) + (eval echo "\"\$as_me:9142: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:9010: \$? = $ac_status" >&5 + echo "$as_me:9146: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -9146,6 +9282,7 @@ fi supports_anon_versioning=no case `$LD -v 2>&1` in + *GNU\ gold*) supports_anon_versioning=yes ;; *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11 *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... @@ -9237,7 +9374,7 @@ archive_expsym_cmds='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' ;; - gnu* | linux* | tpf* | k*bsd*-gnu) + gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) tmp_diet=no if test "$host_os" = linux-dietlibc; then case $cc_basename in @@ -10699,7 +10836,7 @@ ;; # This must be Linux ELF. -linux* | k*bsd*-gnu) +linux* | k*bsd*-gnu | kopensolaris*-gnu) version_type=linux need_lib_prefix=no need_version=no @@ -11386,7 +11523,7 @@ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 11389 "configure" +#line 11526 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -11482,7 +11619,7 @@ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 11485 "configure" +#line 11622 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -11887,51 +12024,6 @@ - - - -for ac_prog in xsltproc -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_XSLTPROC+set}" = set; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$XSLTPROC"; then - ac_cv_prog_XSLTPROC="$XSLTPROC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_XSLTPROC="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -XSLTPROC=$ac_cv_prog_XSLTPROC -if test -n "$XSLTPROC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $XSLTPROC" >&5 -$as_echo "$XSLTPROC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$XSLTPROC" && break -done - for ac_prog in svn do # Extract the first word of "$ac_prog", so it can be a program name with args. @@ -11974,59 +12066,17 @@ test -n "$SVN" && break done -for ac_prog in wget -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_WGET+set}" = set; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$WGET"; then - ac_cv_prog_WGET="$WGET" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_WGET="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -WGET=$ac_cv_prog_WGET -if test -n "$WGET"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $WGET" >&5 -$as_echo "$WGET" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$WGET" && break -done - -for ac_prog in tr +for ac_prog in xsltproc do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_TR+set}" = set; then : +if test "${ac_cv_prog_XSLTPROC+set}" = set; then : $as_echo_n "(cached) " >&6 else - if test -n "$TR"; then - ac_cv_prog_TR="$TR" # Let the user override the test. + if test -n "$XSLTPROC"; then + ac_cv_prog_XSLTPROC="$XSLTPROC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH @@ -12035,7 +12085,7 @@ test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_TR="$ac_prog" + ac_cv_prog_XSLTPROC="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi @@ -12045,72 +12095,38 @@ fi fi -TR=$ac_cv_prog_TR -if test -n "$TR"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $TR" >&5 -$as_echo "$TR" >&6; } +XSLTPROC=$ac_cv_prog_XSLTPROC +if test -n "$XSLTPROC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $XSLTPROC" >&5 +$as_echo "$XSLTPROC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi - test -n "$TR" && break + test -n "$XSLTPROC" && break done -test -z "${WGET_OPTS}" && WGET_OPTS="-nv" -if test "${xslstylesheetsdir}" = "detect"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking xsl-stylesheets" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking xsl-stylesheets" >&5 $as_echo_n "checking xsl-stylesheets... " >&6; } +if test "${xslstylesheetsdir}" = "detect"; then xslstylesheetsdir="no" for f in \ /usr/share/xml/docbook/stylesheet/nwalsh \ + /usr/share/xml/docbook/stylesheet/nwalsh/current \ + /opt/local/share/xsl/docbook-xsl \ + /sw/share/xml/xsl/docbook-xsl \ /usr/share/sgml/docbook/*; do test -e "${f}/html/docbook.xsl" && xslstylesheetsdir="${f}" done - { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${xslstylesheetsdir}" >&5 -$as_echo "${xslstylesheetsdir}" >&6; } elif test "${xslstylesheetsdir}" != "no"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking xsl-stylesheets" >&5 -$as_echo_n "checking xsl-stylesheets... " >&6; } - test -e "${xslstylesheetsdir}/html/docbook.xsl" || as_fn_error "invalid" "$LINENO" 5 -fi - -if test "${svn_checkout}" = "yes"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking XSLTPROC requirement" >&5 -$as_echo_n "checking XSLTPROC requirement... " >&6; } - if test -n "${XSLTPROC}"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 -$as_echo "ok" >&6; } - else - if test "${enable_man}" = "yes" -o "${enable_doc}" = "yes"; then - as_fn_error "Missing XSLTPROC svn build with man or doc" "$LINENO" 5 - else - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"make dist\" will not work" >&5 -$as_echo "$as_me: WARNING: \"make dist\" will not work" >&2;} - fi - fi - - if test "${enable_man}" = "yes"; then - test "${xslstylesheetsdir}" = "no" && as_fn_error "xsl-stylesheets are required for svn build with man" "$LINENO" 5 - fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking svn doc build dependencies" >&5 -$as_echo_n "checking svn doc build dependencies... " >&6; } - if test -n "${SVN}" -a -n "${TR}" -a -n "${WGET}"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 -$as_echo "ok" >&6; } - else - if test "${enable_doc}" = "yes"; then - as_fn_error "Missing SVN, TR or WGET for svn doc build" "$LINENO" 5 - else - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"make dist\" will not work" >&5 -$as_echo "$as_me: WARNING: \"make dist\" will not work" >&2;} - fi - fi + test -e "${xslstylesheetsdir}/html/docbook.xsl" || as_fn_error $? "invalid" "$LINENO" 5 fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: ${xslstylesheetsdir}" >&5 +$as_echo "${xslstylesheetsdir}" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5 $as_echo_n "checking for inline... " >&6; } @@ -12308,16 +12324,37 @@ fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable assertions" >&5 +$as_echo_n "checking whether to enable assertions... " >&6; } + # Check whether --enable-assert was given. +if test "${enable_assert+set}" = set; then : + enableval=$enable_assert; ac_enable_assert=$enableval + if test "x$enableval" = xno; then : + +$as_echo "#define NDEBUG 1" >>confdefs.h + +elif test "x$enableval" != xyes; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: invalid argument supplied to --enable-assert" >&5 +$as_echo "$as_me: WARNING: invalid argument supplied to --enable-assert" >&2;} + ac_enable_assert=yes +fi +else + ac_enable_assert=yes +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_enable_assert" >&5 +$as_echo "$ac_enable_assert" >&6; } + for ac_header in \ errno.h fcntl.h malloc.h stdlib.h \ inttypes.h string.h strings.h \ - sys/time.h unistd.h locale.h getopt.h + sys/time.h unistd.h getopt.h sys/mman.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -eval as_val=\$$as_ac_Header - if test "x$as_val" = x""yes; then : +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF @@ -12519,8 +12556,8 @@ fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether lstat dereferences a symlink specified with a trailing slash" >&5 -$as_echo_n "checking whether lstat dereferences a symlink specified with a trailing slash... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether lstat correctly handles trailing slash" >&5 +$as_echo_n "checking whether lstat correctly handles trailing slash... " >&6; } if test "${ac_cv_func_lstat_dereferences_slashed_symlink+set}" = set; then : $as_echo_n "(cached) " >&6 else @@ -12537,7 +12574,7 @@ main () { struct stat sbuf; - /* Linux will dereference the symlink and fail. + /* Linux will dereference the symlink and fail, as required by POSIX. That is better in the sense that it means we will not have to compile and use the lstat wrapper. */ return lstat ("conftest.sym/", &sbuf) == 0; @@ -12572,7 +12609,7 @@ _ACEOF -if test $ac_cv_func_lstat_dereferences_slashed_symlink = no; then +if test "x$ac_cv_func_lstat_dereferences_slashed_symlink" = xno; then case " $LIBOBJS " in *" lstat.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS lstat.$ac_objext" @@ -12648,15 +12685,13 @@ for ac_func in \ getpass gettimeofday memset mkdir \ - strdup strerror setutent vsyslog \ - setlocale getopt_long \ - strlcpy + strdup strerror getopt_long getopt_long_only \ + strlcpy strlcat do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -eval as_val=\$$as_ac_var - if test "x$as_val" = x""yes; then : +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF @@ -12664,6 +12699,44 @@ fi done +# The cast to long int works around a bug in the HP C Compiler +# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects +# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. +# This bug is HP SR number 8606223364. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of void *" >&5 +$as_echo_n "checking size of void *... " >&6; } +if test "${ac_cv_sizeof_void_p+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (void *))" "ac_cv_sizeof_void_p" "$ac_includes_default"; then : + +else + if test "$ac_cv_type_void_p" = yes; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot compute sizeof (void *) +See \`config.log' for more details" "$LINENO" 5 ; } + else + ac_cv_sizeof_void_p=0 + fi +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_void_p" >&5 +$as_echo "$ac_cv_sizeof_void_p" >&6; } + + + +cat >>confdefs.h <<_ACEOF +#define SIZEOF_VOID_P $ac_cv_sizeof_void_p +_ACEOF + + +if test "${ac_cv_sizeof_void_p}" = 8; then + LIBRARY_BITNESS="64" +else + LIBRARY_BITNESS="32" +fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lsocket" >&5 $as_echo_n "checking for socket in -lsocket... " >&6; } @@ -12791,22 +12864,24 @@ $as_echo "$ac_cv_lib_ltdl_lt_dlopen" >&6; } if test "x$ac_cv_lib_ltdl_lt_dlopen" = x""yes; then : LTLIB_LIBS="-lltdl" -else - as_fn_error "ltdl not found, please install libltdl and/or libtool" "$LINENO" 5 fi fi + saved_CFLAGS="${CFLAGS}" CFLAGS="${CFLAGS} ${LTLIB_CFLAGS}" -ac_fn_c_check_header_mongrel "$LINENO" "ltdl.h" "ac_cv_header_ltdl_h" "$ac_includes_default" +for ac_header in ltdl.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "ltdl.h" "ac_cv_header_ltdl_h" "$ac_includes_default" if test "x$ac_cv_header_ltdl_h" = x""yes; then : - -else - as_fn_error "ltdl.h not found, please install libltdl and/or libtool" "$LINENO" 5 + cat >>confdefs.h <<_ACEOF +#define HAVE_LTDL_H 1 +_ACEOF fi +done CFLAGS="${saved_CFLAGS}" @@ -13148,7 +13223,7 @@ : else acx_pthread_ok=no - as_fn_error "POSIX thread support required" "$LINENO" 5 + as_fn_error $? "POSIX thread support required" "$LINENO" 5 fi ac_ext=c @@ -13161,6 +13236,21 @@ CC="${PTHREAD_CC}" fi +if test "${enable_minidriver}" = "yes"; then + ac_fn_c_check_header_mongrel "$LINENO" "cardmod.h" "ac_cv_header_cardmod_h" "$ac_includes_default" +if test "x$ac_cv_header_cardmod_h" = x""yes; then : + +else + as_fn_error $? "cardmod.h is not found and required for minidriver" "$LINENO" 5 + +fi + + + +$as_echo "#define ENABLE_MINIDRIVER 1" >>confdefs.h + +fi + if test -z "${ZLIB_LIBS}"; then @@ -13242,7 +13332,7 @@ $as_echo "#define ENABLE_ZLIB 1" >>confdefs.h else - as_fn_error "zlib linkage required, but no zlib was found" "$LINENO" 5 + as_fn_error $? "zlib linkage required, but no zlib was found" "$LINENO" 5 fi fi @@ -13331,200 +13421,7 @@ $as_echo "#define ENABLE_READLINE 1" >>confdefs.h else - as_fn_error "readline linkage required, but no readline was found" "$LINENO" 5 - fi -fi - - - -if test -n "${ICONV_LIBS}"; then - ac_cv_lib_iconv="yes" -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if iconv library available within libc" >&5 -$as_echo_n "checking if iconv library available within libc... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -/* Define iconv to an innocuous variant, in case declares iconv. - For example, HP-UX 11i declares gettimeofday. */ -#define iconv innocuous_iconv - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char iconv (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef iconv - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char iconv (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_iconv || defined __stub___iconv -choke me -#endif - -int -main () -{ -return iconv (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - ac_cv_lib_iconv="yes" - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for iconv in -liconv" >&5 -$as_echo_n "checking for iconv in -liconv... " >&6; } -if test "${ac_cv_lib_iconv_iconv+set}" = set; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-liconv $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char iconv (); -int -main () -{ -return iconv (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_iconv_iconv=yes -else - ac_cv_lib_iconv_iconv=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_iconv_iconv" >&5 -$as_echo "$ac_cv_lib_iconv_iconv" >&6; } -if test "x$ac_cv_lib_iconv_iconv" = x""yes; then : - - ac_cv_lib_iconv="yes" - ICONV_LIBS="-liconv" - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libiconv in -liconv" >&5 -$as_echo_n "checking for libiconv in -liconv... " >&6; } -if test "${ac_cv_lib_iconv_libiconv+set}" = set; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-liconv $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char libiconv (); -int -main () -{ -return libiconv (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_iconv_libiconv=yes -else - ac_cv_lib_iconv_libiconv=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_iconv_libiconv" >&5 -$as_echo "$ac_cv_lib_iconv_libiconv" >&6; } -if test "x$ac_cv_lib_iconv_libiconv" = x""yes; then : - - ac_cv_lib_iconv="yes" - ICONV_LIBS="-liconv" - - -fi - - -fi - - - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -fi -saved_CFLAGS="${CFLAGS}" -CFLAGS="${CFLAGS} ${ICONV_CFLAGS}" -for ac_header in iconv.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "iconv.h" "ac_cv_header_iconv_h" "$ac_includes_default" -if test "x$ac_cv_header_iconv_h" = x""yes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_ICONV_H 1 -_ACEOF - -fi - -done - -CFLAGS="${saved_CFLAGS}" -test "${ac_cv_lib_iconv}" = "yes" -a "${ac_cv_header_iconv_h}" = "yes" && have_iconv="yes" - -case "${enable_iconv}" in - no) - have_iconv="no" - ;; - detect) - if test "${have_iconv}" = "yes"; then - enable_iconv="yes" - else - enable_iconv="no" - fi - ;; -esac - -if test "${enable_iconv}" = "yes"; then - if test "${have_iconv}" = "yes"; then - -$as_echo "#define ENABLE_ICONV 1" >>confdefs.h - - else - as_fn_error "iconv linkage required, but no iconv was found" "$LINENO" 5 + as_fn_error $? "readline linkage required, but no readline was found" "$LINENO" 5 fi fi @@ -13533,11 +13430,10 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OPENSSL" >&5 $as_echo_n "checking for OPENSSL... " >&6; } -if test -n "$PKG_CONFIG"; then - if test -n "$OPENSSL_CFLAGS"; then - pkg_cv_OPENSSL_CFLAGS="$OPENSSL_CFLAGS" - else - if test -n "$PKG_CONFIG" && \ +if test -n "$OPENSSL_CFLAGS"; then + pkg_cv_OPENSSL_CFLAGS="$OPENSSL_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libcrypto >= 0.9.7\""; } >&5 ($PKG_CONFIG --exists --print-errors "libcrypto >= 0.9.7") 2>&5 ac_status=$? @@ -13547,15 +13443,13 @@ else pkg_failed=yes fi - fi -else - pkg_failed=untried + else + pkg_failed=untried fi -if test -n "$PKG_CONFIG"; then - if test -n "$OPENSSL_LIBS"; then - pkg_cv_OPENSSL_LIBS="$OPENSSL_LIBS" - else - if test -n "$PKG_CONFIG" && \ +if test -n "$OPENSSL_LIBS"; then + pkg_cv_OPENSSL_LIBS="$OPENSSL_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libcrypto >= 0.9.7\""; } >&5 ($PKG_CONFIG --exists --print-errors "libcrypto >= 0.9.7") 2>&5 ac_status=$? @@ -13565,14 +13459,15 @@ else pkg_failed=yes fi - fi -else - pkg_failed=untried + else + pkg_failed=untried fi if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes @@ -13580,25 +13475,22 @@ _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then - OPENSSL_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "libcrypto >= 0.9.7"` + OPENSSL_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "libcrypto >= 0.9.7" 2>&1` else - OPENSSL_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "libcrypto >= 0.9.7"` + OPENSSL_PKG_ERRORS=`$PKG_CONFIG --print-errors "libcrypto >= 0.9.7" 2>&1` fi # Put the nasty error message in config.log where it belongs echo "$OPENSSL_PKG_ERRORS" >&5 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OPENSSL" >&5 $as_echo_n "checking for OPENSSL... " >&6; } -if test -n "$PKG_CONFIG"; then - if test -n "$OPENSSL_CFLAGS"; then - pkg_cv_OPENSSL_CFLAGS="$OPENSSL_CFLAGS" - else - if test -n "$PKG_CONFIG" && \ +if test -n "$OPENSSL_CFLAGS"; then + pkg_cv_OPENSSL_CFLAGS="$OPENSSL_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl >= 0.9.7\""; } >&5 ($PKG_CONFIG --exists --print-errors "openssl >= 0.9.7") 2>&5 ac_status=$? @@ -13608,15 +13500,13 @@ else pkg_failed=yes fi - fi -else - pkg_failed=untried + else + pkg_failed=untried fi -if test -n "$PKG_CONFIG"; then - if test -n "$OPENSSL_LIBS"; then - pkg_cv_OPENSSL_LIBS="$OPENSSL_LIBS" - else - if test -n "$PKG_CONFIG" && \ +if test -n "$OPENSSL_LIBS"; then + pkg_cv_OPENSSL_LIBS="$OPENSSL_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl >= 0.9.7\""; } >&5 ($PKG_CONFIG --exists --print-errors "openssl >= 0.9.7") 2>&5 ac_status=$? @@ -13626,14 +13516,15 @@ else pkg_failed=yes fi - fi -else - pkg_failed=untried + else + pkg_failed=untried fi if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes @@ -13641,16 +13532,14 @@ _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then - OPENSSL_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "openssl >= 0.9.7"` + OPENSSL_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "openssl >= 0.9.7" 2>&1` else - OPENSSL_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "openssl >= 0.9.7"` + OPENSSL_PKG_ERRORS=`$PKG_CONFIG --print-errors "openssl >= 0.9.7" 2>&1` fi # Put the nasty error message in config.log where it belongs echo "$OPENSSL_PKG_ERRORS" >&5 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for RSA_version in -lcrypto" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for RSA_version in -lcrypto" >&5 $as_echo_n "checking for RSA_version in -lcrypto... " >&6; } if test "${ac_cv_lib_crypto_RSA_version+set}" = set; then : $as_echo_n "(cached) " >&6 @@ -13698,6 +13587,8 @@ elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking for RSA_version in -lcrypto" >&5 $as_echo_n "checking for RSA_version in -lcrypto... " >&6; } if test "${ac_cv_lib_crypto_RSA_version+set}" = set; then : @@ -13754,16 +13645,17 @@ fi elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OPENSSL" >&5 $as_echo_n "checking for OPENSSL... " >&6; } -if test -n "$PKG_CONFIG"; then - if test -n "$OPENSSL_CFLAGS"; then - pkg_cv_OPENSSL_CFLAGS="$OPENSSL_CFLAGS" - else - if test -n "$PKG_CONFIG" && \ +if test -n "$OPENSSL_CFLAGS"; then + pkg_cv_OPENSSL_CFLAGS="$OPENSSL_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl >= 0.9.7\""; } >&5 ($PKG_CONFIG --exists --print-errors "openssl >= 0.9.7") 2>&5 ac_status=$? @@ -13773,15 +13665,13 @@ else pkg_failed=yes fi - fi -else - pkg_failed=untried + else + pkg_failed=untried fi -if test -n "$PKG_CONFIG"; then - if test -n "$OPENSSL_LIBS"; then - pkg_cv_OPENSSL_LIBS="$OPENSSL_LIBS" - else - if test -n "$PKG_CONFIG" && \ +if test -n "$OPENSSL_LIBS"; then + pkg_cv_OPENSSL_LIBS="$OPENSSL_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl >= 0.9.7\""; } >&5 ($PKG_CONFIG --exists --print-errors "openssl >= 0.9.7") 2>&5 ac_status=$? @@ -13791,14 +13681,15 @@ else pkg_failed=yes fi - fi -else - pkg_failed=untried + else + pkg_failed=untried fi if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes @@ -13806,16 +13697,14 @@ _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then - OPENSSL_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "openssl >= 0.9.7"` + OPENSSL_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "openssl >= 0.9.7" 2>&1` else - OPENSSL_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "openssl >= 0.9.7"` + OPENSSL_PKG_ERRORS=`$PKG_CONFIG --print-errors "openssl >= 0.9.7" 2>&1` fi # Put the nasty error message in config.log where it belongs echo "$OPENSSL_PKG_ERRORS" >&5 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for RSA_version in -lcrypto" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for RSA_version in -lcrypto" >&5 $as_echo_n "checking for RSA_version in -lcrypto... " >&6; } if test "${ac_cv_lib_crypto_RSA_version+set}" = set; then : $as_echo_n "(cached) " >&6 @@ -13863,6 +13752,8 @@ elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking for RSA_version in -lcrypto" >&5 $as_echo_n "checking for RSA_version in -lcrypto... " >&6; } if test "${ac_cv_lib_crypto_RSA_version+set}" = set; then : @@ -13945,7 +13836,7 @@ $as_echo "#define ENABLE_OPENSSL 1" >>confdefs.h else - as_fn_error "OpenSSL linkage required, but no OpenSSL was found" "$LINENO" 5 + as_fn_error $? "OpenSSL linkage required, but no OpenSSL was found" "$LINENO" 5 fi fi @@ -13955,11 +13846,10 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OPENCT" >&5 $as_echo_n "checking for OPENCT... " >&6; } -if test -n "$PKG_CONFIG"; then - if test -n "$OPENCT_CFLAGS"; then - pkg_cv_OPENCT_CFLAGS="$OPENCT_CFLAGS" - else - if test -n "$PKG_CONFIG" && \ +if test -n "$OPENCT_CFLAGS"; then + pkg_cv_OPENCT_CFLAGS="$OPENCT_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libopenct\""; } >&5 ($PKG_CONFIG --exists --print-errors "libopenct") 2>&5 ac_status=$? @@ -13969,15 +13859,13 @@ else pkg_failed=yes fi - fi -else - pkg_failed=untried + else + pkg_failed=untried fi -if test -n "$PKG_CONFIG"; then - if test -n "$OPENCT_LIBS"; then - pkg_cv_OPENCT_LIBS="$OPENCT_LIBS" - else - if test -n "$PKG_CONFIG" && \ +if test -n "$OPENCT_LIBS"; then + pkg_cv_OPENCT_LIBS="$OPENCT_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libopenct\""; } >&5 ($PKG_CONFIG --exists --print-errors "libopenct") 2>&5 ac_status=$? @@ -13987,14 +13875,15 @@ else pkg_failed=yes fi - fi -else - pkg_failed=untried + else + pkg_failed=untried fi if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes @@ -14002,19 +13891,19 @@ _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then - OPENCT_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "libopenct"` + OPENCT_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "libopenct" 2>&1` else - OPENCT_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "libopenct"` + OPENCT_PKG_ERRORS=`$PKG_CONFIG --print-errors "libopenct" 2>&1` fi # Put the nasty error message in config.log where it belongs echo "$OPENCT_PKG_ERRORS" >&5 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - as_fn_error "openct requested but not available" "$LINENO" 5 + as_fn_error $? "openct requested but not available" "$LINENO" 5 elif test $pkg_failed = untried; then - as_fn_error "openct requested but not available" "$LINENO" 5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + as_fn_error $? "openct requested but not available" "$LINENO" 5 else OPENCT_CFLAGS=$pkg_cv_OPENCT_CFLAGS @@ -14027,6 +13916,12 @@ fi fi +if test "${enable_ctapi}" = "yes"; then + +$as_echo "#define ENABLE_CTAPI 1" >>confdefs.h + +fi + if test "${enable_pcsc}" = "yes"; then if test "${WIN32}" != "yes"; then if test -n "$PKG_CONFIG" && \ @@ -14040,11 +13935,10 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for PCSC" >&5 $as_echo_n "checking for PCSC... " >&6; } -if test -n "$PKG_CONFIG"; then - if test -n "$PCSC_CFLAGS"; then - pkg_cv_PCSC_CFLAGS="$PCSC_CFLAGS" - else - if test -n "$PKG_CONFIG" && \ +if test -n "$PCSC_CFLAGS"; then + pkg_cv_PCSC_CFLAGS="$PCSC_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libpcsclite\""; } >&5 ($PKG_CONFIG --exists --print-errors "libpcsclite") 2>&5 ac_status=$? @@ -14054,15 +13948,13 @@ else pkg_failed=yes fi - fi -else - pkg_failed=untried + else + pkg_failed=untried fi -if test -n "$PKG_CONFIG"; then - if test -n "$PCSC_LIBS"; then - pkg_cv_PCSC_LIBS="$PCSC_LIBS" - else - if test -n "$PKG_CONFIG" && \ +if test -n "$PCSC_LIBS"; then + pkg_cv_PCSC_LIBS="$PCSC_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libpcsclite\""; } >&5 ($PKG_CONFIG --exists --print-errors "libpcsclite") 2>&5 ac_status=$? @@ -14072,14 +13964,15 @@ else pkg_failed=yes fi - fi -else - pkg_failed=untried + else + pkg_failed=untried fi if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes @@ -14087,14 +13980,14 @@ _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then - PCSC_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "libpcsclite"` + PCSC_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "libpcsclite" 2>&1` else - PCSC_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "libpcsclite"` + PCSC_PKG_ERRORS=`$PKG_CONFIG --print-errors "libpcsclite" 2>&1` fi # Put the nasty error message in config.log where it belongs echo "$PCSC_PKG_ERRORS" >&5 - as_fn_error "Package requirements (libpcsclite) were not met: + as_fn_error $? "Package requirements (libpcsclite) were not met: $PCSC_PKG_ERRORS @@ -14103,12 +13996,13 @@ Alternatively, you may set the environment variables PCSC_CFLAGS and PCSC_LIBS to avoid the need to call pkg-config. -See the pkg-config man page for more details. -" "$LINENO" 5 +See the pkg-config man page for more details." "$LINENO" 5 elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error "The pkg-config script could not be found or is too old. Make sure it +as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. @@ -14117,13 +14011,13 @@ See the pkg-config man page for more details. To get pkg-config, see . -See \`config.log' for more details." "$LINENO" 5; } +See \`config.log' for more details" "$LINENO" 5 ; } else PCSC_CFLAGS=$pkg_cv_PCSC_CFLAGS PCSC_LIBS=$pkg_cv_PCSC_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } - : + fi fi @@ -14151,7 +14045,7 @@ _ACEOF else - test "${WIN32}" != "yes" && as_fn_error "winscard.h is required for pcsc" "$LINENO" 5 + test "${WIN32}" != "yes" && as_fn_error $? "winscard.h is required for pcsc" "$LINENO" 5 fi done @@ -14167,7 +14061,7 @@ DEFAULT_PCSC_PROVIDER="winscard.dll" ;; *) - DEFAULT_PCSC_PROVIDER="/usr/lib${libdir##*/lib}/libpcsclite.so.1" + DEFAULT_PCSC_PROVIDER="libpcsclite.so.1" ;; esac else @@ -14183,155 +14077,23 @@ fi - -# Check whether --with-libassuan-prefix was given. -if test "${with_libassuan_prefix+set}" = set; then : - withval=$with_libassuan_prefix; libassuan_config_prefix="$withval" -else - libassuan_config_prefix="" -fi - - if test x$libassuan_config_prefix != x ; then - libassuan_config_args="$libassuan_config_args --prefix=$libassuan_config_prefix" - if test x${LIBASSUAN_CONFIG+set} != xset ; then - LIBASSUAN_CONFIG=$libassuan_config_prefix/bin/libassuan-config - fi - fi - # Extract the first word of "libassuan-config", so it can be a program name with args. -set dummy libassuan-config; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_path_LIBASSUAN_CONFIG+set}" = set; then : - $as_echo_n "(cached) " >&6 -else - case $LIBASSUAN_CONFIG in - [\\/]* | ?:[\\/]*) - ac_cv_path_LIBASSUAN_CONFIG="$LIBASSUAN_CONFIG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_path_LIBASSUAN_CONFIG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - test -z "$ac_cv_path_LIBASSUAN_CONFIG" && ac_cv_path_LIBASSUAN_CONFIG="no" - ;; -esac -fi -LIBASSUAN_CONFIG=$ac_cv_path_LIBASSUAN_CONFIG -if test -n "$LIBASSUAN_CONFIG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBASSUAN_CONFIG" >&5 -$as_echo "$LIBASSUAN_CONFIG" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } +if test "${enable_man}" = "detect"; then + if test "${WIN32}" = "yes"; then + enable_man="no" + elif test -n "${XSLTPROC}" -a "${xslstylesheetsdir}" != "no"; then + enable_man="yes" + else + enable_man="no" + fi fi - - - tmp=1:0.9.2 - if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then - req_libassuan_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'` - min_libassuan_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'` - else - req_libassuan_api=0 - min_libassuan_version="$tmp" - fi - - if test "$LIBASSUAN_CONFIG" != "no" ; then - libassuan_version=`$LIBASSUAN_CONFIG --version` - fi - libassuan_version_major=`echo $libassuan_version | \ - sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\1/'` - libassuan_version_minor=`echo $libassuan_version | \ - sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\2/'` - libassuan_version_micro=`echo $libassuan_version | \ - sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\3/'` - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for LIBASSUAN - version >= $min_libassuan_version" >&5 -$as_echo_n "checking for LIBASSUAN - version >= $min_libassuan_version... " >&6; } - ok=no - if test "$LIBASSUAN_CONFIG" != "no" ; then - - req_major=`echo $min_libassuan_version | \ - sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\1/'` - req_minor=`echo $min_libassuan_version | \ - sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\2/'` - req_micro=`echo $min_libassuan_version | \ - sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\3/'` - if test "$libassuan_version_major" -gt "$req_major"; then - ok=yes - else - if test "$libassuan_version_major" -eq "$req_major"; then - if test "$libassuan_version_minor" -gt "$req_minor"; then - ok=yes - else - if test "$libassuan_version_minor" -eq "$req_minor"; then - if test "$libassuan_version_micro" -ge "$req_micro"; then - ok=yes - fi - fi - fi - fi - fi - - fi - - if test $ok = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - fi - - if test $ok = yes; then - if test "$req_libassuan_api" -gt 0 ; then - tmp=`$LIBASSUAN_CONFIG --api-version 2>/dev/null || echo 0` - if test "$tmp" -gt 0 ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking LIBASSUAN API version" >&5 -$as_echo_n "checking LIBASSUAN API version... " >&6; } - if test "$req_libassuan_api" -eq "$tmp" ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: okay" >&5 -$as_echo "okay" >&6; } - else - ok=no - { $as_echo "$as_me:${as_lineno-$LINENO}: result: does not match. want=$req_libassuan_api got=$tmp." >&5 -$as_echo "does not match. want=$req_libassuan_api got=$tmp." >&6; } - fi - fi - fi - fi - - - if test $ok = yes; then - LIBASSUAN_CFLAGS=`$LIBASSUAN_CONFIG $libassuan_config_args --cflags` - LIBASSUAN_LIBS=`$LIBASSUAN_CONFIG $libassuan_config_args --libs` - have_assuan="yes" - else - LIBASSUAN_CFLAGS="" - LIBASSUAN_LIBS="" - have_assuan="no" - - fi - - - - -if test "${enable_nsplugin}" = "yes"; then - if test "x${have_assuan}" != "xyes" -o "x${have_openssl}" != "xyes"; then - as_fn_error "nsplugin requires assuan and openssl" "$LINENO" 5 - fi +if test "${enable_man}" = "yes" -o "${enable_doc}" = "yes"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking XSLTPROC requirement" >&5 +$as_echo_n "checking XSLTPROC requirement... " >&6; } + test -n "${XSLTPROC}" || as_fn_error $? "Missing XSLTPROC svn build with man or doc" "$LINENO" 5 + test "${xslstylesheetsdir}" != "no" || as_fn_error $? "Missing xslstylesheetsdir" "$LINENO" 5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 +$as_echo "ok" >&6; } fi OPENSC_FEATURES="" @@ -14345,11 +14107,6 @@ OPTIONAL_READLINE_CFLAGS="${READLINE_CFLAGS}" OPTIONAL_READLINE_LIBS="${READLINE_LIBS}" fi -if test "${enable_iconv}" = "yes"; then - OPENSC_FEATURES="${OPENSC_FEATURES} iconv" - OPTIONAL_ICONV_CFLAGS="${ICONV_CFLAGS}" - OPTIONAL_ICONV_LIBS="${ICONV_LIBS}" -fi if test "${enable_openssl}" = "yes"; then OPENSC_FEATURES="${OPENSC_FEATURES} openssl" OPTIONAL_OPENSSL_CFLAGS="${OPENSSL_CFLAGS}" @@ -14364,7 +14121,9 @@ OPENSC_FEATURES="${OPENSC_FEATURES} pcsc(${DEFAULT_PCSC_PROVIDER})" OPTIONAL_PCSC_CFLAGS="${PCSC_CFLAGS}" fi -test "${enable_nsplugin}" = "yes" && OPENSC_FEATURES="${OPENSC_FEATURES} nsplugin" +if test "${enable_ctapi}" = "yes"; then + OPENSC_FEATURES="${OPENSC_FEATURES} ctapi" +fi cat >>confdefs.h <<_ACEOF @@ -14381,22 +14140,13 @@ #define OPENSC_VERSION_FIX ${OPENSC_VERSION_FIX} _ACEOF -test "${with_pinentry}" != "no" && -cat >>confdefs.h <<_ACEOF -#define PIN_ENTRY "${with_pinentry}" -_ACEOF - cat >>confdefs.h <<_ACEOF #define OPENSC_FEATURES "${OPENSC_FEATURES}" _ACEOF -openscincludedir="\$(includedir)/opensc" pkcs11dir="\$(libdir)/pkcs11" -pkgconfigdir="\$(libdir)/pkgconfig" - - @@ -14420,16 +14170,6 @@ - - - if test "${svn_checkout}" = "yes"; then - SVN_CHECKOUT_TRUE= - SVN_CHECKOUT_FALSE='#' -else - SVN_CHECKOUT_TRUE='#' - SVN_CHECKOUT_FALSE= -fi - if test "${enable_man}" = "yes"; then ENABLE_MAN_TRUE= ENABLE_MAN_FALSE='#' @@ -14454,14 +14194,6 @@ ENABLE_READLINE_FALSE= fi - if test "${enable_iconv}" = "yes"; then - ENABLE_ICONV_TRUE= - ENABLE_ICONV_FALSE='#' -else - ENABLE_ICONV_TRUE='#' - ENABLE_ICONV_FALSE= -fi - if test "${enable_openssl}" = "yes"; then ENABLE_OPENSSL_TRUE= ENABLE_OPENSSL_FALSE='#' @@ -14478,14 +14210,6 @@ ENABLE_OPENCT_FALSE= fi - if test "${enable_nsplugin}" = "yes"; then - ENABLE_NSPLUGIN_TRUE= - ENABLE_NSPLUGIN_FALSE='#' -else - ENABLE_NSPLUGIN_TRUE='#' - ENABLE_NSPLUGIN_FALSE= -fi - if test "${enable_doc}" = "yes"; then ENABLE_DOC_TRUE= ENABLE_DOC_FALSE='#' @@ -14510,6 +14234,14 @@ CYGWIN_FALSE= fi + if test "${enable_minidriver}" = "yes"; then + ENABLE_MINIDRIVER_TRUE= + ENABLE_MINIDRIVER_FALSE='#' +else + ENABLE_MINIDRIVER_TRUE='#' + ENABLE_MINIDRIVER_FALSE= +fi + if test "${enable_pedantic}" = "yes"; then enable_strict="yes"; @@ -14523,7 +14255,7 @@ CFLAGS="-fno-strict-aliasing ${CFLAGS}" fi -ac_config_files="$ac_config_files Makefile doc/Makefile doc/nonpersistent/Makefile etc/Makefile src/Makefile src/common/Makefile src/include/Makefile src/include/winconfig.h src/include/opensc/Makefile src/libopensc/Makefile src/libopensc/opensc-config src/libopensc/libopensc.pc src/libopensc/libpkcs15init.pc src/libopensc/libscconf.pc src/openssh/Makefile src/pkcs11/Makefile src/pkcs15init/Makefile src/scconf/Makefile src/signer/Makefile src/signer/npinclude/Makefile src/tests/Makefile src/tests/regression/Makefile src/tools/Makefile win32/Makefile win32/versioninfo.rc.in" +ac_config_files="$ac_config_files Makefile doc/Makefile etc/Makefile src/Makefile src/common/Makefile src/libopensc/Makefile src/libopensc/libopensc.pc src/pkcs11/Makefile src/pkcs15init/Makefile src/scconf/Makefile src/tests/Makefile src/tests/regression/Makefile src/tools/Makefile src/minidriver/Makefile src/minidriver/opensc-minidriver.inf win32/Makefile win32/versioninfo.rc win32/winconfig.h win32/OpenSC.iss win32/OpenSC.wxs MacOSX/Makefile MacOSX/build-package MacOSX/10.5/resources/ReadMe.html MacOSX/10.6/resources/ReadMe.html" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure @@ -14608,6 +14340,7 @@ ac_libobjs= ac_ltlibobjs= +U= for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue # 1. Remove the extension, and $U if already installed. ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' @@ -14631,56 +14364,48 @@ fi if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then - as_fn_error "conditional \"AMDEP\" was never defined. + as_fn_error $? "conditional \"AMDEP\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then - as_fn_error "conditional \"am__fastdepCC\" was never defined. + as_fn_error $? "conditional \"am__fastdepCC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi -if test -z "${SVN_CHECKOUT_TRUE}" && test -z "${SVN_CHECKOUT_FALSE}"; then - as_fn_error "conditional \"SVN_CHECKOUT\" was never defined. -Usually this means the macro was only invoked conditionally." "$LINENO" 5 -fi if test -z "${ENABLE_MAN_TRUE}" && test -z "${ENABLE_MAN_FALSE}"; then - as_fn_error "conditional \"ENABLE_MAN\" was never defined. + as_fn_error $? "conditional \"ENABLE_MAN\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${ENABLE_ZLIB_TRUE}" && test -z "${ENABLE_ZLIB_FALSE}"; then - as_fn_error "conditional \"ENABLE_ZLIB\" was never defined. + as_fn_error $? "conditional \"ENABLE_ZLIB\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${ENABLE_READLINE_TRUE}" && test -z "${ENABLE_READLINE_FALSE}"; then - as_fn_error "conditional \"ENABLE_READLINE\" was never defined. -Usually this means the macro was only invoked conditionally." "$LINENO" 5 -fi -if test -z "${ENABLE_ICONV_TRUE}" && test -z "${ENABLE_ICONV_FALSE}"; then - as_fn_error "conditional \"ENABLE_ICONV\" was never defined. + as_fn_error $? "conditional \"ENABLE_READLINE\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${ENABLE_OPENSSL_TRUE}" && test -z "${ENABLE_OPENSSL_FALSE}"; then - as_fn_error "conditional \"ENABLE_OPENSSL\" was never defined. + as_fn_error $? "conditional \"ENABLE_OPENSSL\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${ENABLE_OPENCT_TRUE}" && test -z "${ENABLE_OPENCT_FALSE}"; then - as_fn_error "conditional \"ENABLE_OPENCT\" was never defined. -Usually this means the macro was only invoked conditionally." "$LINENO" 5 -fi -if test -z "${ENABLE_NSPLUGIN_TRUE}" && test -z "${ENABLE_NSPLUGIN_FALSE}"; then - as_fn_error "conditional \"ENABLE_NSPLUGIN\" was never defined. + as_fn_error $? "conditional \"ENABLE_OPENCT\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${ENABLE_DOC_TRUE}" && test -z "${ENABLE_DOC_FALSE}"; then - as_fn_error "conditional \"ENABLE_DOC\" was never defined. + as_fn_error $? "conditional \"ENABLE_DOC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${WIN32_TRUE}" && test -z "${WIN32_FALSE}"; then - as_fn_error "conditional \"WIN32\" was never defined. + as_fn_error $? "conditional \"WIN32\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${CYGWIN_TRUE}" && test -z "${CYGWIN_FALSE}"; then - as_fn_error "conditional \"CYGWIN\" was never defined. + as_fn_error $? "conditional \"CYGWIN\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ENABLE_MINIDRIVER_TRUE}" && test -z "${ENABLE_MINIDRIVER_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_MINIDRIVER\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi @@ -14830,19 +14555,19 @@ (unset CDPATH) >/dev/null 2>&1 && unset CDPATH -# as_fn_error ERROR [LINENO LOG_FD] -# --------------------------------- +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the -# script with status $?, using 1 if that was 0. +# script with STATUS, using 1 if that was 0. as_fn_error () { - as_status=$?; test $as_status -eq 0 && as_status=1 - if test "$3"; then - as_lineno=${as_lineno-"$2"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - $as_echo "$as_me:${as_lineno-$LINENO}: error: $1" >&$3 + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi - $as_echo "$as_me: error: $1" >&2 + $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error @@ -15038,7 +14763,7 @@ test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" - } || test -d "$as_dir" || as_fn_error "cannot create directory $as_dir" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p @@ -15091,8 +14816,8 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by opensc $as_me 0.11.13, which was -generated by GNU Autoconf 2.64. Invocation command line was +This file was extended by opensc $as_me 0.12.1, which was +generated by GNU Autoconf 2.67. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS @@ -15132,6 +14857,7 @@ -h, --help print this help, then exit -V, --version print version number and configuration settings, then exit + --config print configuration, then exit -q, --quiet, --silent do not print progress messages -d, --debug don't remove temporary files @@ -15154,12 +14880,13 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -opensc config.status 0.11.13 -configured by $0, generated by GNU Autoconf 2.64, - with options \\"`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" +opensc config.status 0.12.1 +configured by $0, generated by GNU Autoconf 2.67, + with options \\"\$ac_cs_config\\" -Copyright (C) 2009 Free Software Foundation, Inc. +Copyright (C) 2010 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." @@ -15177,11 +14904,16 @@ while test $# != 0 do case $1 in - --*=*) + --*=?*) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` ac_shift=: ;; + --*=) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg= + ac_shift=: + ;; *) ac_option=$1 ac_optarg=$2 @@ -15195,12 +14927,15 @@ ac_cs_recheck=: ;; --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) $as_echo "$ac_cs_version"; exit ;; + --config | --confi | --conf | --con | --co | --c ) + $as_echo "$ac_cs_config"; exit ;; --debug | --debu | --deb | --de | --d | -d ) debug=: ;; --file | --fil | --fi | --f ) $ac_shift case $ac_optarg in *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + '') as_fn_error $? "missing file argument" ;; esac as_fn_append CONFIG_FILES " '$ac_optarg'" ac_need_defaults=false;; @@ -15213,7 +14948,7 @@ ac_need_defaults=false;; --he | --h) # Conflict between --help and --header - as_fn_error "ambiguous option: \`$1' + as_fn_error $? "ambiguous option: \`$1' Try \`$0 --help' for more information.";; --help | --hel | -h ) $as_echo "$ac_cs_usage"; exit ;; @@ -15222,7 +14957,7 @@ ac_cs_silent=: ;; # This is an error. - -*) as_fn_error "unrecognized option: \`$1' + -*) as_fn_error $? "unrecognized option: \`$1' Try \`$0 --help' for more information." ;; *) as_fn_append ac_config_targets " $1" @@ -15609,31 +15344,30 @@ "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;; "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;; - "doc/nonpersistent/Makefile") CONFIG_FILES="$CONFIG_FILES doc/nonpersistent/Makefile" ;; "etc/Makefile") CONFIG_FILES="$CONFIG_FILES etc/Makefile" ;; "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; "src/common/Makefile") CONFIG_FILES="$CONFIG_FILES src/common/Makefile" ;; - "src/include/Makefile") CONFIG_FILES="$CONFIG_FILES src/include/Makefile" ;; - "src/include/winconfig.h") CONFIG_FILES="$CONFIG_FILES src/include/winconfig.h" ;; - "src/include/opensc/Makefile") CONFIG_FILES="$CONFIG_FILES src/include/opensc/Makefile" ;; "src/libopensc/Makefile") CONFIG_FILES="$CONFIG_FILES src/libopensc/Makefile" ;; - "src/libopensc/opensc-config") CONFIG_FILES="$CONFIG_FILES src/libopensc/opensc-config" ;; "src/libopensc/libopensc.pc") CONFIG_FILES="$CONFIG_FILES src/libopensc/libopensc.pc" ;; - "src/libopensc/libpkcs15init.pc") CONFIG_FILES="$CONFIG_FILES src/libopensc/libpkcs15init.pc" ;; - "src/libopensc/libscconf.pc") CONFIG_FILES="$CONFIG_FILES src/libopensc/libscconf.pc" ;; - "src/openssh/Makefile") CONFIG_FILES="$CONFIG_FILES src/openssh/Makefile" ;; "src/pkcs11/Makefile") CONFIG_FILES="$CONFIG_FILES src/pkcs11/Makefile" ;; "src/pkcs15init/Makefile") CONFIG_FILES="$CONFIG_FILES src/pkcs15init/Makefile" ;; "src/scconf/Makefile") CONFIG_FILES="$CONFIG_FILES src/scconf/Makefile" ;; - "src/signer/Makefile") CONFIG_FILES="$CONFIG_FILES src/signer/Makefile" ;; - "src/signer/npinclude/Makefile") CONFIG_FILES="$CONFIG_FILES src/signer/npinclude/Makefile" ;; "src/tests/Makefile") CONFIG_FILES="$CONFIG_FILES src/tests/Makefile" ;; "src/tests/regression/Makefile") CONFIG_FILES="$CONFIG_FILES src/tests/regression/Makefile" ;; "src/tools/Makefile") CONFIG_FILES="$CONFIG_FILES src/tools/Makefile" ;; + "src/minidriver/Makefile") CONFIG_FILES="$CONFIG_FILES src/minidriver/Makefile" ;; + "src/minidriver/opensc-minidriver.inf") CONFIG_FILES="$CONFIG_FILES src/minidriver/opensc-minidriver.inf" ;; "win32/Makefile") CONFIG_FILES="$CONFIG_FILES win32/Makefile" ;; - "win32/versioninfo.rc.in") CONFIG_FILES="$CONFIG_FILES win32/versioninfo.rc.in" ;; + "win32/versioninfo.rc") CONFIG_FILES="$CONFIG_FILES win32/versioninfo.rc" ;; + "win32/winconfig.h") CONFIG_FILES="$CONFIG_FILES win32/winconfig.h" ;; + "win32/OpenSC.iss") CONFIG_FILES="$CONFIG_FILES win32/OpenSC.iss" ;; + "win32/OpenSC.wxs") CONFIG_FILES="$CONFIG_FILES win32/OpenSC.wxs" ;; + "MacOSX/Makefile") CONFIG_FILES="$CONFIG_FILES MacOSX/Makefile" ;; + "MacOSX/build-package") CONFIG_FILES="$CONFIG_FILES MacOSX/build-package" ;; + "MacOSX/10.5/resources/ReadMe.html") CONFIG_FILES="$CONFIG_FILES MacOSX/10.5/resources/ReadMe.html" ;; + "MacOSX/10.6/resources/ReadMe.html") CONFIG_FILES="$CONFIG_FILES MacOSX/10.6/resources/ReadMe.html" ;; - *) as_fn_error "invalid argument: \`$ac_config_target'" "$LINENO" 5;; + *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5 ;; esac done @@ -15671,7 +15405,7 @@ { tmp=./conf$$-$RANDOM (umask 077 && mkdir "$tmp") -} || as_fn_error "cannot create a temporary directory in ." "$LINENO" 5 +} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 # Set up the scripts for CONFIG_FILES section. # No need to generate them if there are no CONFIG_FILES. @@ -15688,7 +15422,7 @@ fi ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then - ac_cs_awk_cr='\r' + ac_cs_awk_cr='\\r' else ac_cs_awk_cr=$ac_cr fi @@ -15702,18 +15436,18 @@ echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && echo "_ACEOF" } >conf$$subs.sh || - as_fn_error "could not make $CONFIG_STATUS" "$LINENO" 5 -ac_delim_num=`echo "$ac_subst_vars" | grep -c '$'` + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 +ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` ac_delim='%!_!# ' for ac_last_try in false false false false false :; do . ./conf$$subs.sh || - as_fn_error "could not make $CONFIG_STATUS" "$LINENO" 5 + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` if test $ac_delim_n = $ac_delim_num; then break elif $ac_last_try; then - as_fn_error "could not make $CONFIG_STATUS" "$LINENO" 5 + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi @@ -15735,7 +15469,7 @@ t delim :nl h -s/\(.\{148\}\).*/\1/ +s/\(.\{148\}\)..*/\1/ t more1 s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ p @@ -15749,7 +15483,7 @@ t nl :delim h -s/\(.\{148\}\).*/\1/ +s/\(.\{148\}\)..*/\1/ t more2 s/["\\]/\\&/g; s/^/"/; s/$/"/ p @@ -15802,20 +15536,28 @@ else cat fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \ - || as_fn_error "could not setup config files machinery" "$LINENO" 5 + || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 _ACEOF -# VPATH may cause trouble with some makes, so we remove $(srcdir), -# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and +# VPATH may cause trouble with some makes, so we remove sole $(srcdir), +# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and # trailing colons and then remove the whole line if VPATH becomes empty # (actually we leave an empty line to preserve line numbers). if test "x$srcdir" = x.; then - ac_vpsub='/^[ ]*VPATH[ ]*=/{ -s/:*\$(srcdir):*/:/ -s/:*\${srcdir}:*/:/ -s/:*@srcdir@:*/:/ -s/^\([^=]*=[ ]*\):*/\1/ + ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ +h +s/// +s/^/:/ +s/[ ]*$/:/ +s/:\$(srcdir):/:/g +s/:\${srcdir}:/:/g +s/:@srcdir@:/:/g +s/^:*// s/:*$// +x +s/\(=[ ]*\).*/\1/ +G +s/\n// s/^[^=]*=[ ]*$// }' fi @@ -15843,7 +15585,7 @@ if test -z "$ac_t"; then break elif $ac_last_try; then - as_fn_error "could not make $CONFIG_HEADERS" "$LINENO" 5 + as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5 else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi @@ -15928,7 +15670,7 @@ _ACAWK _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 - as_fn_error "could not setup config headers machinery" "$LINENO" 5 + as_fn_error $? "could not setup config headers machinery" "$LINENO" 5 fi # test -n "$CONFIG_HEADERS" @@ -15941,7 +15683,7 @@ esac case $ac_mode$ac_tag in :[FHL]*:*);; - :L* | :C*:*) as_fn_error "invalid tag \`$ac_tag'" "$LINENO" 5;; + :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5 ;; :[FH]-) ac_tag=-:-;; :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; esac @@ -15969,7 +15711,7 @@ [\\/$]*) false;; *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; esac || - as_fn_error "cannot find input file: \`$ac_f'" "$LINENO" 5;; + as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5 ;; esac case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac as_fn_append ac_file_inputs " '$ac_f'" @@ -15996,7 +15738,7 @@ case $ac_tag in *:-:* | *:-) cat >"$tmp/stdin" \ - || as_fn_error "could not create $ac_file" "$LINENO" 5 ;; + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; esac ;; esac @@ -16133,22 +15875,22 @@ $ac_datarootdir_hack " eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$tmp/subs.awk" >$tmp/out \ - || as_fn_error "could not create $ac_file" "$LINENO" 5 + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } && { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } && { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' -which seems to be undefined. Please make sure it is defined." >&5 +which seems to be undefined. Please make sure it is defined" >&5 $as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' -which seems to be undefined. Please make sure it is defined." >&2;} +which seems to be undefined. Please make sure it is defined" >&2;} rm -f "$tmp/stdin" case $ac_file in -) cat "$tmp/out" && rm -f "$tmp/out";; *) rm -f "$ac_file" && mv "$tmp/out" "$ac_file";; esac \ - || as_fn_error "could not create $ac_file" "$LINENO" 5 + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; :H) # @@ -16159,19 +15901,19 @@ $as_echo "/* $configure_input */" \ && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs" } >"$tmp/config.h" \ - || as_fn_error "could not create $ac_file" "$LINENO" 5 + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 if diff "$ac_file" "$tmp/config.h" >/dev/null 2>&1; then { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 $as_echo "$as_me: $ac_file is unchanged" >&6;} else rm -f "$ac_file" mv "$tmp/config.h" "$ac_file" \ - || as_fn_error "could not create $ac_file" "$LINENO" 5 + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 fi else $as_echo "/* $configure_input */" \ && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs" \ - || as_fn_error "could not create -" "$LINENO" 5 + || as_fn_error $? "could not create -" "$LINENO" 5 fi # Compute "$ac_file"'s index in $config_headers. _am_arg="$ac_file" @@ -17101,7 +16843,7 @@ ac_clean_files=$ac_clean_files_save test $ac_write_fail = 0 || - as_fn_error "write failure creating $CONFIG_STATUS" "$LINENO" 5 + as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 # configure is writing to config.log, and then calls config.status. @@ -17122,7 +16864,7 @@ exec 5>>config.log # Use ||, not &&, to avoid exiting from the if with $? = 1, which # would make configure fail if this is the last instruction. - $ac_cs_success || as_fn_exit $? + $ac_cs_success || as_fn_exit 1 fi if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 @@ -17144,14 +16886,13 @@ doc support: ${enable_doc} zlib support: ${enable_zlib} readline support: ${enable_readline} -iconv support: ${enable_iconv} OpenSSL support: ${enable_openssl} PC/SC support: ${enable_pcsc} OpenCT support: ${enable_openct} -NSPlugin support: ${enable_nsplugin} +CT-API support: ${enable_ctapi} +minidriver support: ${enable_minidriver} PC/SC default provider: ${DEFAULT_PCSC_PROVIDER} -pinentry: ${with_pinentry} Host: ${host} Compiler: ${CC} @@ -17166,15 +16907,11 @@ READLINE_LIBS: ${READLINE_LIBS} ZLIB_CFLAGS: ${ZLIB_CFLAGS} ZLIB_LIBS: ${ZLIB_LIBS} -ICONV_CFLAGS: ${ICONV_CFLAGS} -ICONV_LIBS: ${ICONV_LIBS} OPENSSL_CFLAGS: ${OPENSSL_CFLAGS} OPENSSL_LIBS: ${OPENSSL_LIBS} OPENCT_CFLAGS: ${OPENCT_CFLAGS} OPENCT_LIBS: ${OPENCT_LIBS} PCSC_CFLAGS: ${PCSC_CFLAGS} -LIBASSUAN_CFLAGS: ${LIBASSUAN_CFLAGS} -LIBASSUAN_LIBS: ${LIBASSUAN_LIBS} EOF diff -Nru opensc-0.11.13/configure.ac opensc-0.12.1/configure.ac --- opensc-0.11.13/configure.ac 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/configure.ac 2011-05-17 17:07:00.000000000 +0000 @@ -3,15 +3,15 @@ AC_PREREQ(2.60) define([PACKAGE_VERSION_MAJOR], [0]) -define([PACKAGE_VERSION_MINOR], [11]) -define([PACKAGE_VERSION_FIX], [13]) +define([PACKAGE_VERSION_MINOR], [12]) +define([PACKAGE_VERSION_FIX], [1]) define([PACKAGE_SUFFIX], []) AC_INIT([opensc],[PACKAGE_VERSION_MAJOR.PACKAGE_VERSION_MINOR.PACKAGE_VERSION_FIX[]PACKAGE_SUFFIX]) AC_CONFIG_AUX_DIR([.]) AC_CONFIG_HEADERS([config.h]) AC_CONFIG_MACRO_DIR([m4]) -AM_INIT_AUTOMAKE([${PACKAGE_NAME}], [${PACKAGE_VERSION}]) +AM_INIT_AUTOMAKE(foreign 1.10) OPENSC_VERSION_MAJOR="PACKAGE_VERSION_MAJOR" OPENSC_VERSION_MINOR="PACKAGE_VERSION_MINOR" @@ -21,8 +21,8 @@ # (Code changed: REVISION++) # (Oldest interface removed: OLDEST++) # (Interfaces added: CURRENT++, REVISION=0) -OPENSC_LT_CURRENT="2" -OPENSC_LT_OLDEST="2" +OPENSC_LT_CURRENT="3" +OPENSC_LT_OLDEST="3" OPENSC_LT_REVISION="0" OPENSC_LT_AGE="0" OPENSC_LT_AGE="$((${OPENSC_LT_CURRENT}-${OPENSC_LT_OLDEST}))" @@ -34,14 +34,6 @@ PKG_PROG_PKG_CONFIG AC_C_BIGENDIAN -AC_MSG_CHECKING([svn checkout]) -if test -e "${srcdir}/packaged"; then - svn_checkout="no" -else - svn_checkout="yes" -fi -AC_MSG_RESULT([${svn_checkout}]) - AC_ARG_WITH( [cygwin-native], [AS_HELP_STRING([--with-cygwin-native],[compile native win32])], @@ -53,32 +45,9 @@ test -z "${WIN32}" && WIN32="no" test -z "${CYGWIN}" && CYGWIN="no" case "${host}" in - *-*-hpux*) - CPPFLAGS="${CPPFLAGS} -D_HPUX_SOURCE -D_XOPEN_SOURCE_EXTENDED" - ;; *-*-solaris*) CPPFLAGS="${CPPFLAGS} -I/usr/local/include" LDFLAGS="${LDFLAGS} -L/usr/local/lib -R/usr/local/lib" - need_dash_r="1" - ;; - *-*-sunos4*) - CPPFLAGS="${CPPFLAGS} -DSUNOS4" - ;; - *-*-aix*) - CPPFLAGS="${CPPFLAGS} -I/usr/local/include" - LDFLAGS="${LDFLAGS} -L/usr/local/lib" - if test "${LD}" != "gcc" -a -z "${blibpath}"; then - blibpath="/usr/lib:/lib:/usr/local/lib" - fi - ;; - *-*-osf*) - CPPFLAGS="${CPPFLAGS} -D_POSIX_PII_SOCKET" - ;; - *-*-darwin*) - LIBS="${LIBS} -Wl,-framework,CoreFoundation" - if test "${GCC}" = "yes"; then - CFLAGS="${CFLAGS} -no-cpp-precomp" - fi ;; *-mingw*|*-winnt*) WIN32="yes" @@ -131,13 +100,6 @@ ) AC_ARG_ENABLE( - [iconv], - [AS_HELP_STRING([--enable-iconv],[enable iconv linkage @<:@detect@:>@])], - , - [enable_iconv="detect"] -) - -AC_ARG_ENABLE( [openssl], [AS_HELP_STRING([--enable-openssl],[enable openssl linkage @<:@detect@:>@])], , @@ -153,29 +115,30 @@ AC_ARG_ENABLE( [pcsc], - [AS_HELP_STRING([--enable-pcsc],[enable pcsc support @<:@disabled@:>@])], + [AS_HELP_STRING([--disable-pcsc],[disable pcsc support @<:@enabled@:>@])], , - [enable_pcsc="no"] + [enable_pcsc="yes"] ) AC_ARG_ENABLE( - [nsplugin], - [AS_HELP_STRING([--enable-nsplugin],[enable nsplugin (signer) @<:@disabled@:>@])], + [ctapi], + [AS_HELP_STRING([--enable-ctapi],[enable CT-API support @<:@disabled@:>@])], , - [enable_nsplugin="no"] + [enable_ctapi="no"] +) + +AC_ARG_ENABLE( + [minidriver], + [AS_HELP_STRING([--enable-minidriver],[enable minidriver on Windows @<:@disabled@:>@])], + , + [enable_minidriver="no"] ) AC_ARG_ENABLE( [man], [AS_HELP_STRING([--disable-man],[disable installation of manuals @<:@enabled for none Windows@:>@])], , - [ - if test "${WIN32}" = "yes"; then - enable_man="no" - else - enable_man="yes" - fi - ] + [enable_man="detect"] ) AC_ARG_ENABLE( @@ -193,26 +156,20 @@ ) AC_ARG_WITH( - [plugindir], - [AS_HELP_STRING([--with-plugindir=PATH],[install Mozilla plugin to PATH @<:@LIBDIR/mozilla/plugins@:>@])], - [plugindir="${withval}"], - [plugindir="\$(libdir)/mozilla/plugins"] -) - -AC_ARG_WITH( [pcsc-provider], [AS_HELP_STRING([--with-pcsc-provider=PATH],[Path to system pcsc provider @<:@system default@:>@])], , [with_pcsc_provider="detect"] ) - -AC_ARG_WITH( - [pinentry], - [AS_HELP_STRING([--with-pinentry=PROG],[run PROG as PIN-entry for OpenSC Signer @<:/usr/bin/gpinentry:>@])], - , - [with_pinentry="/usr/bin/gpinentry"] -) - +dnl ./configure check +reader_count="" +for rdriver in "${enable_pcsc}" "${enable_openct}" "${enable_ctapi}"; do + test "${rdriver}" = "yes" && reader_count="${reader_count}x" +done +if test "${reader_count}" != "x"; then + AC_MSG_ERROR([Only one of --enable-pcsc, --enable-openct, --enable-ctapi can be specified!]) +fi + dnl Checks for programs. AC_PROG_CPP AC_PROG_INSTALL @@ -236,60 +193,27 @@ ) dnl These required for svn checkout -AC_ARG_VAR([XSLTPROC], [xsltproc utility]) AC_ARG_VAR([SVN], [subversion utility]) -AC_ARG_VAR([WGET], [wget utility]) -AC_ARG_VAR([WGET_OPTS], [wget options]) -AC_ARG_VAR([TR], [tr utility]) -AC_CHECK_PROGS([XSLTPROC],[xsltproc]) +AC_ARG_VAR([XSLTPROC], [xsltproc utility]) AC_CHECK_PROGS([SVN],[svn]) -AC_CHECK_PROGS([WGET],[wget]) -AC_CHECK_PROGS([TR],[tr]) -test -z "${WGET_OPTS}" && WGET_OPTS="-nv" +AC_CHECK_PROGS([XSLTPROC],[xsltproc]) +AC_MSG_CHECKING([xsl-stylesheets]) if test "${xslstylesheetsdir}" = "detect"; then - AC_MSG_CHECKING([xsl-stylesheets]) xslstylesheetsdir="no" for f in \ /usr/share/xml/docbook/stylesheet/nwalsh \ + /usr/share/xml/docbook/stylesheet/nwalsh/current \ + /opt/local/share/xsl/docbook-xsl \ + /sw/share/xml/xsl/docbook-xsl \ /usr/share/sgml/docbook/*; do test -e "${f}/html/docbook.xsl" && xslstylesheetsdir="${f}" done - AC_MSG_RESULT([${xslstylesheetsdir}]) elif test "${xslstylesheetsdir}" != "no"; then - AC_MSG_CHECKING([xsl-stylesheets]) test -e "${xslstylesheetsdir}/html/docbook.xsl" || AC_MSG_ERROR([invalid]) fi - -dnl svn checkout dependencies -if test "${svn_checkout}" = "yes"; then - AC_MSG_CHECKING([XSLTPROC requirement]) - if test -n "${XSLTPROC}"; then - AC_MSG_RESULT([ok]) - else - if test "${enable_man}" = "yes" -o "${enable_doc}" = "yes"; then - AC_MSG_ERROR([Missing XSLTPROC svn build with man or doc]) - else - AC_MSG_WARN(["make dist" will not work]) - fi - fi - - if test "${enable_man}" = "yes"; then - test "${xslstylesheetsdir}" = "no" && AC_MSG_ERROR([xsl-stylesheets are required for svn build with man]) - fi - - AC_MSG_CHECKING([svn doc build dependencies]) - if test -n "${SVN}" -a -n "${TR}" -a -n "${WGET}"; then - AC_MSG_RESULT([ok]) - else - if test "${enable_doc}" = "yes"; then - AC_MSG_ERROR([Missing SVN, TR or WGET for svn doc build]) - else - AC_MSG_WARN(["make dist" will not work]) - fi - fi -fi +AC_MSG_RESULT([${xslstylesheetsdir}]) dnl C Compiler features AC_C_INLINE @@ -297,10 +221,11 @@ dnl Checks for header files. AC_HEADER_STDC AC_HEADER_SYS_WAIT +AC_HEADER_ASSERT AC_CHECK_HEADERS([ \ errno.h fcntl.h malloc.h stdlib.h \ inttypes.h string.h strings.h \ - sys/time.h unistd.h locale.h getopt.h + sys/time.h unistd.h getopt.h sys/mman.h ]) dnl Checks for typedefs, structures, and compiler characteristics. @@ -315,10 +240,15 @@ AC_FUNC_VPRINTF AC_CHECK_FUNCS([ \ getpass gettimeofday memset mkdir \ - strdup strerror setutent vsyslog \ - setlocale getopt_long \ - strlcpy + strdup strerror getopt_long getopt_long_only \ + strlcpy strlcat ]) +AC_CHECK_SIZEOF(void *) +if test "${ac_cv_sizeof_void_p}" = 8; then + LIBRARY_BITNESS="64" +else + LIBRARY_BITNESS="32" +fi dnl See if socket() is found from libsocket AC_CHECK_LIB( @@ -334,23 +264,20 @@ ] ) +dnl check for libltdl. If libltdl is not found, native dlopen/LoadLibrary is used AC_ARG_VAR([LTLIB_CFLAGS], [C compiler flags for libltdl]) AC_ARG_VAR([LTLIB_LIBS], [linker flags for libltdl]) if test -z "${LTLIB_LIBS}"; then AC_CHECK_LIB( [ltdl], [lt_dlopen], - [LTLIB_LIBS="-lltdl"], - [AC_MSG_ERROR([ltdl not found, please install libltdl and/or libtool])] + [LTLIB_LIBS="-lltdl"] ) fi + saved_CFLAGS="${CFLAGS}" CFLAGS="${CFLAGS} ${LTLIB_CFLAGS}" -AC_CHECK_HEADER( - [ltdl.h], - , - [AC_MSG_ERROR([ltdl.h not found, please install libltdl and/or libtool])] -) +AC_CHECK_HEADERS([ltdl.h]) CFLAGS="${saved_CFLAGS}" if test "${WIN32}" = "no"; then @@ -366,6 +293,16 @@ CC="${PTHREAD_CC}" fi +if test "${enable_minidriver}" = "yes"; then + dnl win32 special test for minidriver + AC_CHECK_HEADER( + [cardmod.h], + , + [AC_MSG_ERROR([cardmod.h is not found and required for minidriver])] + ) + AC_DEFINE([ENABLE_MINIDRIVER], [1], [Enable minidriver support]) +fi + AC_ARG_VAR([ZLIB_CFLAGS], [C compiler flags for zlib]) AC_ARG_VAR([ZLIB_LIBS], [linker flags for zlib]) if test -z "${ZLIB_LIBS}"; then @@ -444,66 +381,6 @@ fi fi -AC_ARG_VAR([ICONV_CFLAGS], [C compiler flags for iconv]) -AC_ARG_VAR([ICONV_LIBS], [linker flags for iconv]) -if test -n "${ICONV_LIBS}"; then - ac_cv_lib_iconv="yes" -else - AC_MSG_CHECKING([if iconv library available within libc]) - AC_LINK_IFELSE( - [AC_LANG_FUNC_LINK_TRY([iconv])], - [ - AC_MSG_RESULT([yes]) - ac_cv_lib_iconv="yes" - ], - [ - AC_MSG_RESULT([no]) - AC_CHECK_LIB( - [iconv], - [iconv], - [ - ac_cv_lib_iconv="yes" - ICONV_LIBS="-liconv" - ], - [AC_CHECK_LIB( - [iconv], - [libiconv], - [ - ac_cv_lib_iconv="yes" - ICONV_LIBS="-liconv" - ] - )] - ) - ] - ) -fi -saved_CFLAGS="${CFLAGS}" -CFLAGS="${CFLAGS} ${ICONV_CFLAGS}" -AC_CHECK_HEADERS([iconv.h]) -CFLAGS="${saved_CFLAGS}" -test "${ac_cv_lib_iconv}" = "yes" -a "${ac_cv_header_iconv_h}" = "yes" && have_iconv="yes" - -case "${enable_iconv}" in - no) - have_iconv="no" - ;; - detect) - if test "${have_iconv}" = "yes"; then - enable_iconv="yes" - else - enable_iconv="no" - fi - ;; -esac - -if test "${enable_iconv}" = "yes"; then - if test "${have_iconv}" = "yes"; then - AC_DEFINE([ENABLE_ICONV], [1], [Use iconv libraries and header files]) - else - AC_MSG_ERROR([iconv linkage required, but no iconv was found]) - fi -fi - PKG_CHECK_MODULES( [OPENSSL], [libcrypto >= 0.9.7], @@ -554,6 +431,10 @@ ) fi +if test "${enable_ctapi}" = "yes"; then + AC_DEFINE([ENABLE_CTAPI], [1], [Enable CT-API support]) +fi + if test "${enable_pcsc}" = "yes"; then if test "${WIN32}" != "yes"; then PKG_CHECK_EXISTS( @@ -587,7 +468,7 @@ DEFAULT_PCSC_PROVIDER="winscard.dll" ;; *) - DEFAULT_PCSC_PROVIDER="/usr/lib${libdir##*/lib}/libpcsclite.so.1" + DEFAULT_PCSC_PROVIDER="libpcsclite.so.1" ;; esac else @@ -597,21 +478,23 @@ AC_DEFINE([ENABLE_PCSC], [1], [Define if PC/SC is to be enabled]) fi -dnl AM_PATH_LIBASSUAN([MINIMUM-VERSION, -dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) -dnl Test for libassuan and define LIBASSUAN_CFLAGS and LIBASSUAN_LIBS -AM_PATH_LIBASSUAN( - , - [have_assuan="yes"], - [have_assuan="no"] -) - -if test "${enable_nsplugin}" = "yes"; then - if test "x${have_assuan}" != "xyes" -o "x${have_openssl}" != "xyes"; then - AC_MSG_ERROR([nsplugin requires assuan and openssl]) +if test "${enable_man}" = "detect"; then + if test "${WIN32}" = "yes"; then + enable_man="no" + elif test -n "${XSLTPROC}" -a "${xslstylesheetsdir}" != "no"; then + enable_man="yes" + else + enable_man="no" fi fi +if test "${enable_man}" = "yes" -o "${enable_doc}" = "yes"; then + AC_MSG_CHECKING([XSLTPROC requirement]) + test -n "${XSLTPROC}" || AC_MSG_ERROR([Missing XSLTPROC svn build with man or doc]) + test "${xslstylesheetsdir}" != "no" || AC_MSG_ERROR([Missing xslstylesheetsdir]) + AC_MSG_RESULT([ok]) +fi + OPENSC_FEATURES="" if test "${enable_zlib}" = "yes"; then OPENSC_FEATURES="${OPENSC_FEATURES} zlib" @@ -623,11 +506,6 @@ OPTIONAL_READLINE_CFLAGS="${READLINE_CFLAGS}" OPTIONAL_READLINE_LIBS="${READLINE_LIBS}" fi -if test "${enable_iconv}" = "yes"; then - OPENSC_FEATURES="${OPENSC_FEATURES} iconv" - OPTIONAL_ICONV_CFLAGS="${ICONV_CFLAGS}" - OPTIONAL_ICONV_LIBS="${ICONV_LIBS}" -fi if test "${enable_openssl}" = "yes"; then OPENSC_FEATURES="${OPENSC_FEATURES} openssl" OPTIONAL_OPENSSL_CFLAGS="${OPENSSL_CFLAGS}" @@ -642,22 +520,18 @@ OPENSC_FEATURES="${OPENSC_FEATURES} pcsc(${DEFAULT_PCSC_PROVIDER})" OPTIONAL_PCSC_CFLAGS="${PCSC_CFLAGS}" fi -test "${enable_nsplugin}" = "yes" && OPENSC_FEATURES="${OPENSC_FEATURES} nsplugin" +if test "${enable_ctapi}" = "yes"; then + OPENSC_FEATURES="${OPENSC_FEATURES} ctapi" +fi AC_DEFINE_UNQUOTED([OPENSC_VERSION_MAJOR], [${OPENSC_VERSION_MAJOR}], [OpenSC version major component]) AC_DEFINE_UNQUOTED([OPENSC_VERSION_MINOR], [${OPENSC_VERSION_MINOR}], [OpenSC version minor component]) AC_DEFINE_UNQUOTED([OPENSC_VERSION_FIX], [${OPENSC_VERSION_FIX}], [OpenSC version fix component]) -test "${with_pinentry}" != "no" && AC_DEFINE_UNQUOTED([PIN_ENTRY], ["${with_pinentry}"], [PIN-entry program for OpenSC Signer]) AC_DEFINE_UNQUOTED([OPENSC_FEATURES], ["${OPENSC_FEATURES}"], [Enabled OpenSC features]) -openscincludedir="\$(includedir)/opensc" pkcs11dir="\$(libdir)/pkcs11" -pkgconfigdir="\$(libdir)/pkgconfig" -AC_SUBST([openscincludedir]) AC_SUBST([pkcs11dir]) -AC_SUBST([plugindir]) -AC_SUBST([pkgconfigdir]) AC_SUBST([xslstylesheetsdir]) AC_SUBST([OPENSC_VERSION_MAJOR]) AC_SUBST([OPENSC_VERSION_MINOR]) @@ -672,25 +546,22 @@ AC_SUBST([OPTIONAL_ZLIB_LIBS]) AC_SUBST([OPTIONAL_READLINE_CFLAGS]) AC_SUBST([OPTIONAL_READLINE_LIBS]) -AC_SUBST([OPTIONAL_ICONV_CFLAGS]) -AC_SUBST([OPTIONAL_ICONV_LIBS]) AC_SUBST([OPTIONAL_OPENSSL_CFLAGS]) AC_SUBST([OPTIONAL_OPENSSL_LIBS]) AC_SUBST([OPTIONAL_OPENCT_CFLAGS]) AC_SUBST([OPTIONAL_OPENCT_LIBS]) AC_SUBST([OPTIONAL_PCSC_CFLAGS]) +AC_SUBST([LIBRARY_BITNESS]) -AM_CONDITIONAL([SVN_CHECKOUT], [test "${svn_checkout}" = "yes"]) AM_CONDITIONAL([ENABLE_MAN], [test "${enable_man}" = "yes"]) AM_CONDITIONAL([ENABLE_ZLIB], [test "${enable_zlib}" = "yes"]) AM_CONDITIONAL([ENABLE_READLINE], [test "${enable_readline}" = "yes"]) -AM_CONDITIONAL([ENABLE_ICONV], [test "${enable_iconv}" = "yes"]) AM_CONDITIONAL([ENABLE_OPENSSL], [test "${enable_openssl}" = "yes"]) AM_CONDITIONAL([ENABLE_OPENCT], [test "${enable_openct}" = "yes"]) -AM_CONDITIONAL([ENABLE_NSPLUGIN], [test "${enable_nsplugin}" = "yes"]) AM_CONDITIONAL([ENABLE_DOC], [test "${enable_doc}" = "yes"]) AM_CONDITIONAL([WIN32], [test "${WIN32}" = "yes"]) AM_CONDITIONAL([CYGWIN], [test "${CYGWIN}" = "yes"]) +AM_CONDITIONAL([ENABLE_MINIDRIVER], [test "${enable_minidriver}" = "yes"]) if test "${enable_pedantic}" = "yes"; then enable_strict="yes"; @@ -707,29 +578,28 @@ AC_CONFIG_FILES([ Makefile doc/Makefile - doc/nonpersistent/Makefile etc/Makefile src/Makefile src/common/Makefile - src/include/Makefile - src/include/winconfig.h - src/include/opensc/Makefile src/libopensc/Makefile - src/libopensc/opensc-config src/libopensc/libopensc.pc - src/libopensc/libpkcs15init.pc - src/libopensc/libscconf.pc - src/openssh/Makefile src/pkcs11/Makefile src/pkcs15init/Makefile src/scconf/Makefile - src/signer/Makefile - src/signer/npinclude/Makefile src/tests/Makefile src/tests/regression/Makefile src/tools/Makefile + src/minidriver/Makefile + src/minidriver/opensc-minidriver.inf win32/Makefile - win32/versioninfo.rc.in + win32/versioninfo.rc + win32/winconfig.h + win32/OpenSC.iss + win32/OpenSC.wxs + MacOSX/Makefile + MacOSX/build-package + MacOSX/10.5/resources/ReadMe.html + MacOSX/10.6/resources/ReadMe.html ]) AC_OUTPUT @@ -747,14 +617,13 @@ doc support: ${enable_doc} zlib support: ${enable_zlib} readline support: ${enable_readline} -iconv support: ${enable_iconv} OpenSSL support: ${enable_openssl} PC/SC support: ${enable_pcsc} OpenCT support: ${enable_openct} -NSPlugin support: ${enable_nsplugin} +CT-API support: ${enable_ctapi} +minidriver support: ${enable_minidriver} PC/SC default provider: ${DEFAULT_PCSC_PROVIDER} -pinentry: ${with_pinentry} Host: ${host} Compiler: ${CC} @@ -769,15 +638,11 @@ READLINE_LIBS: ${READLINE_LIBS} ZLIB_CFLAGS: ${ZLIB_CFLAGS} ZLIB_LIBS: ${ZLIB_LIBS} -ICONV_CFLAGS: ${ICONV_CFLAGS} -ICONV_LIBS: ${ICONV_LIBS} OPENSSL_CFLAGS: ${OPENSSL_CFLAGS} OPENSSL_LIBS: ${OPENSSL_LIBS} OPENCT_CFLAGS: ${OPENCT_CFLAGS} OPENCT_LIBS: ${OPENCT_LIBS} PCSC_CFLAGS: ${PCSC_CFLAGS} -LIBASSUAN_CFLAGS: ${LIBASSUAN_CFLAGS} -LIBASSUAN_LIBS: ${LIBASSUAN_LIBS} EOF diff -Nru opensc-0.11.13/debian/changelog opensc-0.12.1/debian/changelog --- opensc-0.11.13/debian/changelog 2011-02-22 14:21:52.000000000 +0000 +++ opensc-0.12.1/debian/changelog 2011-05-29 12:47:25.000000000 +0000 @@ -1,3 +1,18 @@ +opensc (0.12.1-1~ppa0~natty) natty; urgency=low + + * Upload to PPA + * debian/rules modified + - rewrite from scratch + - removed unsupported configure flags + - added symbolik link to /lib/opensc from /lib/pkcs11 + * adedd debian/*.dirs + * debian/*.install modified + - included eidenv manpage + - included piv-tool manpage + - included all needed .h files in the -dev package + + -- Marco Giorgi Sat, 28 May 2011 13:28:52 +0100 + opensc (0.11.13-1ubuntu5) natty; urgency=low * Drop the symlinks in legacy plugin folders diff -Nru opensc-0.11.13/debian/control opensc-0.12.1/debian/control --- opensc-0.11.13/debian/control 2010-06-30 21:56:26.000000000 +0000 +++ opensc-0.12.1/debian/control 2011-05-28 22:42:44.000000000 +0000 @@ -1,10 +1,10 @@ Source: opensc Priority: extra Section: utils -Maintainer: Ubuntu Developers +Maintainer: Marco Giorgi XSBC-Original-Maintainer: Eric Dorland -Build-Depends: debhelper (>= 7.0.50), libltdl3-dev, libssl-dev (>= 0.9.7d-3), libpcsclite-dev (>= 1.2.9-beta1), libassuan-dev (>= 0.6.4-2), libopenct1-dev, libxt-dev, flex, pkg-config -Standards-Version: 3.8.3 +Build-Depends: debhelper (>= 7.0.50), libltdl3-dev, libssl-dev (>= 0.9.7d-3), libpcsclite-dev (>= 1.2.9-beta1), libassuan-dev (>= 0.6.4-2), libopenct1-dev, libxt-dev, flex, pkg-config, libreadline5-dev, docbook-xsl, xsltproc +Standards-Version: 3.9.1 Homepage: http://www.opensc-project.org/ Vcs-Git: git://git.debian.org/git/pkg-opensc/opensc.git Vcs-Browser: http://git.debian.org/?p=pkg-opensc/opensc.git @@ -24,20 +24,20 @@ well. . Before purchasing any cards, please read carefully documentation in - /usr/share/doc/opensc/html/wiki/index.html - only some cards are - supported. Not only does card type matters, but also card version, + http://www.opensc-project.org/opensc/wiki/SupportedHardware - only some cards + are supported. Not only does card type matters, but also card version, card OS version and preloaded applet. Only a subset of possible operations may be supported for your card. Card initialization may require third party proprietary software. -Package: libopensc2-dev +Package: libopensc3-dev Section: libdevel Priority: optional Architecture: any -Conflicts: libopensc0-dev, libopensc1-dev -Replaces: libopensc0-dev, libopensc1-dev, libscam1 (<< 0.9.4-5) +Conflicts: libopensc0-dev, libopensc1-dev, libopensc2-dev +Replaces: libopensc0-dev, libopensc1-dev, libopensc1-dev, libscam1 (<< 0.9.4-5) Provides: libopensc-dev -Depends: libopensc2 (= ${binary:Version}), libssl-dev, ${misc:Depends} +Depends: libopensc3 (= ${binary:Version}), libssl-dev, ${misc:Depends} Description: OpenSC development files OpenSC provides a set of libraries and utilities to access smart cards. It mainly focuses on cards that support cryptographic @@ -51,12 +51,12 @@ This package contains files necessary for developing applications with the libopensc libraries from OpenSC.org. -Package: libopensc2 +Package: libopensc3 Section: libs Priority: optional Architecture: any -Conflicts: libopensc0, libopensc1 -Replaces: libopensc0, libopensc1 +Conflicts: libopensc0, libopensc1, libopensc2 +Replaces: libopensc0, libopensc1, libopensc2 Depends: ${shlibs:Depends}, ${misc:Depends} Description: Smart card library with support for PKCS#15 compatible smart cards OpenSC provides a set of libraries and utilities to access smart @@ -72,25 +72,13 @@ . Card initialization can be performed by utilities in the opensc package. -Package: libopensc2-dbg +Package: libopensc3-dbg Section: debug Priority: extra Architecture: any -Depends: libopensc2 (= ${binary:Version}), ${misc:Depends} -Description: Debugging symbols for libopensc2 +Depends: libopensc3 (= ${binary:Version}), ${misc:Depends} +Description: Debugging symbols for libopensc3 This package contains the debugging symbols for the libopensc library from OpenSC.org. . Card initialization can be performed by utilities in the opensc package. - -Package: mozilla-opensc -Section: web -Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends} -Recommends: pinentry-gtk2 | pinentry-x11 -Replaces: libopensc-openssl (<< 0.9.4-6) -Description: Mozilla plugin for authentication using OpenSC - A plugin for mozilla that allows S/MIME and SSL authentication using - OpenSC. - . - Card initialization can be performed by utilities in the opensc package. diff -Nru opensc-0.11.13/debian/docs opensc-0.12.1/debian/docs --- opensc-0.11.13/debian/docs 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/debian/docs 2011-05-28 11:53:38.000000000 +0000 @@ -0,0 +1,2 @@ +NEWS +README diff -Nru opensc-0.11.13/debian/libopensc2-dev.docs opensc-0.12.1/debian/libopensc2-dev.docs --- opensc-0.11.13/debian/libopensc2-dev.docs 2010-03-01 05:58:15.000000000 +0000 +++ opensc-0.12.1/debian/libopensc2-dev.docs 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -doc/html.out/api.html diff -Nru opensc-0.11.13/debian/libopensc2-dev.install opensc-0.12.1/debian/libopensc2-dev.install --- opensc-0.11.13/debian/libopensc2-dev.install 2010-03-01 05:58:15.000000000 +0000 +++ opensc-0.12.1/debian/libopensc2-dev.install 1970-01-01 00:00:00.000000000 +0000 @@ -1,9 +0,0 @@ -debian/tmp/usr/include/* -debian/tmp/usr/lib/*.a -debian/tmp/usr/lib/lib*.so -debian/tmp/usr/lib/lib*.la -debian/tmp/usr/bin/opensc-config -debian/tmp/usr/lib/pkgconfig -debian/tmp/usr/share/man/man1/opensc-config.1 -debian/tmp/usr/share/man/man3/* - diff -Nru opensc-0.11.13/debian/libopensc2.examples opensc-0.12.1/debian/libopensc2.examples --- opensc-0.11.13/debian/libopensc2.examples 2010-03-01 05:58:15.000000000 +0000 +++ opensc-0.12.1/debian/libopensc2.examples 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -etc/opensc.conf diff -Nru opensc-0.11.13/debian/libopensc2.install opensc-0.12.1/debian/libopensc2.install --- opensc-0.11.13/debian/libopensc2.install 2010-03-01 05:58:15.000000000 +0000 +++ opensc-0.12.1/debian/libopensc2.install 1970-01-01 00:00:00.000000000 +0000 @@ -1,11 +0,0 @@ -debian/tmp/usr/lib/libopensc.so.* -debian/tmp/usr/lib/libpkcs15init.so.* -debian/tmp/usr/lib/libscconf.so.* -debian/tmp/usr/share/opensc/*.profile -debian/tmp/usr/lib/onepin-opensc-pkcs11.so -debian/tmp/usr/lib/onepin-opensc-pkcs11.la -debian/tmp/usr/lib/opensc-pkcs11.so -debian/tmp/usr/lib/opensc-pkcs11.la -debian/tmp/usr/lib/pkcs11-spy.so -debian/tmp/usr/lib/pkcs11-spy.la -etc/opensc.conf etc/opensc diff -Nru opensc-0.11.13/debian/libopensc2.links opensc-0.12.1/debian/libopensc2.links --- opensc-0.11.13/debian/libopensc2.links 2010-03-01 05:58:15.000000000 +0000 +++ opensc-0.12.1/debian/libopensc2.links 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -usr/lib/opensc-pkcs11.so usr/lib/opensc/opensc-pkcs11.so diff -Nru opensc-0.11.13/debian/libopensc2.symbols opensc-0.12.1/debian/libopensc2.symbols --- opensc-0.11.13/debian/libopensc2.symbols 2010-03-01 05:58:15.000000000 +0000 +++ opensc-0.12.1/debian/libopensc2.symbols 1970-01-01 00:00:00.000000000 +0000 @@ -1,509 +0,0 @@ -libopensc.so.2 libopensc2 #MINVER# - _sc_asn1_decode@Base 0.11.4 - _sc_asn1_encode@Base 0.11.4 - _sc_debug@Base 0.11.7 - _sc_error@Base 0.11.7 - sc_append_file_id@Base 0.11.4 - sc_append_path@Base 0.11.4 - sc_append_path_id@Base 0.11.4 - sc_append_record@Base 0.11.4 - sc_asn1_clear_algorithm_id@Base 0.11.4 - sc_asn1_decode@Base 0.11.4 - sc_asn1_decode_algorithm_id@Base 0.11.4 - sc_asn1_decode_bit_string@Base 0.11.4 - sc_asn1_decode_bit_string_ni@Base 0.11.4 - sc_asn1_decode_choice@Base 0.11.4 - sc_asn1_decode_integer@Base 0.11.4 - sc_asn1_decode_object_id@Base 0.11.4 - sc_asn1_encode@Base 0.11.4 - sc_asn1_encode_algorithm_id@Base 0.11.4 - sc_asn1_find_tag@Base 0.11.4 - sc_asn1_print_tags@Base 0.11.4 - sc_asn1_put_tag@Base 0.11.4 - sc_asn1_skip_tag@Base 0.11.4 - sc_asn1_verify_tag@Base 0.11.4 - sc_base64_decode@Base 0.11.4 - sc_base64_encode@Base 0.11.4 - sc_bin_to_hex@Base 0.11.4 - sc_build_pin@Base 0.11.4 - sc_card_ctl@Base 0.11.4 - sc_card_valid@Base 0.11.4 - sc_change_reference_data@Base 0.11.4 - sc_check_sw@Base 0.11.8 - sc_compare_oid@Base 0.11.4 - sc_compare_path@Base 0.11.4 - sc_compare_path_prefix@Base 0.11.4 - sc_compute_signature@Base 0.11.4 - sc_concatenate_path@Base 0.11.4 - sc_connect_card@Base 0.11.4 - sc_context_create@Base 0.11.4 - sc_copy_asn1_entry@Base 0.11.4 - sc_create_file@Base 0.11.4 - sc_ctx_detect_readers@Base 0.11.7 - sc_ctx_get_reader@Base 0.11.4 - sc_ctx_get_reader_count@Base 0.11.4 - sc_ctx_suppress_errors_off@Base 0.11.4 - sc_ctx_suppress_errors_on@Base 0.11.4 - sc_decipher@Base 0.11.4 - sc_delete_file@Base 0.11.4 - sc_delete_record@Base 0.11.4 - sc_der_clear@Base 0.11.4 - sc_der_copy@Base 0.11.4 - sc_detect_card_presence@Base 0.11.4 - sc_disconnect_card@Base 0.11.4 - sc_do_log@Base 0.11.4 - sc_do_log_va@Base 0.11.4 - sc_enum_apps@Base 0.11.4 - sc_establish_context@Base 0.11.4 - sc_file_add_acl_entry@Base 0.11.4 - sc_file_clear_acl_entries@Base 0.11.4 - sc_file_dup@Base 0.11.4 - sc_file_free@Base 0.11.4 - sc_file_get_acl_entry@Base 0.11.4 - sc_file_new@Base 0.11.4 - sc_file_set_prop_attr@Base 0.11.4 - sc_file_set_sec_attr@Base 0.11.4 - sc_file_set_type_attr@Base 0.11.4 - sc_file_valid@Base 0.11.4 - sc_find_app_by_aid@Base 0.11.4 - sc_find_pkcs15_app@Base 0.11.4 - sc_format_apdu@Base 0.11.4 - sc_format_asn1_entry@Base 0.11.4 - sc_format_oid@Base 0.11.4 - sc_format_path@Base 0.11.4 - sc_free_apps@Base 0.11.4 - sc_get_cache_dir@Base 0.11.4 - sc_get_challenge@Base 0.11.4 - sc_get_conf_block@Base 0.11.4 - sc_get_data@Base 0.11.4 - sc_get_iso7816_driver@Base 0.11.4 - sc_get_mf_path@Base 0.11.4 - sc_get_version@Base 0.11.4 - sc_hex_dump@Base 0.11.4 - sc_hex_to_bin@Base 0.11.4 - sc_list_files@Base 0.11.4 - sc_lock@Base 0.11.4 - sc_logout@Base 0.11.4 - sc_make_cache_dir@Base 0.11.4 - sc_mem_clear@Base 0.11.4 - sc_path_print@Base 0.11.4 - sc_path_set@Base 0.11.4 - sc_pin_cmd@Base 0.11.4 - sc_pkcs15_add_df@Base 0.11.4 - sc_pkcs15_add_object@Base 0.11.4 - sc_pkcs15_add_unusedspace@Base 0.11.4 - sc_pkcs15_bind@Base 0.11.4 - sc_pkcs15_bind_synthetic@Base 0.11.4 - sc_pkcs15_cache_file@Base 0.11.4 - sc_pkcs15_card_clear@Base 0.11.4 - sc_pkcs15_card_free@Base 0.11.4 - sc_pkcs15_card_new@Base 0.11.4 - sc_pkcs15_change_pin@Base 0.11.4 - sc_pkcs15_compare_id@Base 0.11.4 - sc_pkcs15_compute_signature@Base 0.11.4 - sc_pkcs15_decipher@Base 0.11.4 - sc_pkcs15_decode_aodf_entry@Base 0.11.4 - sc_pkcs15_decode_cdf_entry@Base 0.11.4 - sc_pkcs15_decode_dodf_entry@Base 0.11.4 - sc_pkcs15_decode_enveloped_data@Base 0.11.4 - sc_pkcs15_decode_prkdf_entry@Base 0.11.4 - sc_pkcs15_decode_prkey@Base 0.11.4 - sc_pkcs15_decode_pubkey@Base 0.11.4 - sc_pkcs15_decode_pubkey_dsa@Base 0.11.4 - sc_pkcs15_decode_pubkey_gostr3410@Base 0.11.12 - sc_pkcs15_decode_pubkey_rsa@Base 0.11.4 - sc_pkcs15_decode_pukdf_entry@Base 0.11.4 - sc_pkcs15_encode_aodf_entry@Base 0.11.4 - sc_pkcs15_encode_cdf_entry@Base 0.11.4 - sc_pkcs15_encode_df@Base 0.11.4 - sc_pkcs15_encode_dodf_entry@Base 0.11.4 - sc_pkcs15_encode_enveloped_data@Base 0.11.4 - sc_pkcs15_encode_odf@Base 0.11.4 - sc_pkcs15_encode_prkdf_entry@Base 0.11.4 - sc_pkcs15_encode_prkey@Base 0.11.4 - sc_pkcs15_encode_pubkey@Base 0.11.4 - sc_pkcs15_encode_pubkey_dsa@Base 0.11.4 - sc_pkcs15_encode_pubkey_gostr3410@Base 0.11.12 - sc_pkcs15_encode_pubkey_rsa@Base 0.11.4 - sc_pkcs15_encode_pukdf_entry@Base 0.11.4 - sc_pkcs15_encode_tokeninfo@Base 0.11.4 - sc_pkcs15_encode_unusedspace@Base 0.11.4 - sc_pkcs15_erase_prkey@Base 0.11.4 - sc_pkcs15_erase_pubkey@Base 0.11.4 - sc_pkcs15_find_cert_by_id@Base 0.11.4 - sc_pkcs15_find_data_object_by_app_oid@Base 0.11.4 - sc_pkcs15_find_data_object_by_id@Base 0.11.4 - sc_pkcs15_find_data_object_by_name@Base 0.11.7 - sc_pkcs15_find_object_by_id@Base 0.11.4 - sc_pkcs15_find_pin_by_auth_id@Base 0.11.4 - sc_pkcs15_find_pin_by_reference@Base 0.11.4 - sc_pkcs15_find_prkey_by_id@Base 0.11.4 - sc_pkcs15_find_prkey_by_id_usage@Base 0.11.4 - sc_pkcs15_find_prkey_by_reference@Base 0.11.4 - sc_pkcs15_find_pubkey_by_id@Base 0.11.4 - sc_pkcs15_find_so_pin@Base 0.11.4 - sc_pkcs15_format_id@Base 0.11.4 - sc_pkcs15_free_cert_info@Base 0.11.4 - sc_pkcs15_free_certificate@Base 0.11.4 - sc_pkcs15_free_data_info@Base 0.11.4 - sc_pkcs15_free_data_object@Base 0.11.4 - sc_pkcs15_free_object@Base 0.11.4 - sc_pkcs15_free_pin_info@Base 0.11.4 - sc_pkcs15_free_prkey@Base 0.11.4 - sc_pkcs15_free_prkey_info@Base 0.11.4 - sc_pkcs15_free_pubkey@Base 0.11.4 - sc_pkcs15_free_pubkey_info@Base 0.11.4 - sc_pkcs15_get_objects@Base 0.11.4 - sc_pkcs15_get_objects_cond@Base 0.11.4 - sc_pkcs15_hex_string_to_id@Base 0.11.4 - sc_pkcs15_is_emulation_only@Base 0.11.4 - sc_pkcs15_make_absolute_path@Base 0.11.4 - sc_pkcs15_parse_df@Base 0.11.4 - sc_pkcs15_parse_tokeninfo@Base 0.11.4 - sc_pkcs15_parse_unusedspace@Base 0.11.4 - sc_pkcs15_print_id@Base 0.11.4 - sc_pkcs15_read_cached_file@Base 0.11.4 - sc_pkcs15_read_certificate@Base 0.11.4 - sc_pkcs15_read_data_object@Base 0.11.4 - sc_pkcs15_read_file@Base 0.11.4 - sc_pkcs15_read_prkey@Base 0.11.4 - sc_pkcs15_read_pubkey@Base 0.11.4 - sc_pkcs15_remove_df@Base 0.11.4 - sc_pkcs15_remove_object@Base 0.11.4 - sc_pkcs15_remove_unusedspace@Base 0.11.4 - sc_pkcs15_search_objects@Base 0.11.4 - sc_pkcs15_unbind@Base 0.11.4 - sc_pkcs15_unblock_pin@Base 0.11.4 - sc_pkcs15_unwrap_data@Base 0.11.4 - sc_pkcs15_verify_pin@Base 0.11.4 - sc_pkcs15_wrap_data@Base 0.11.4 - sc_pkcs15emu_add_data_object@Base 0.11.4 - sc_pkcs15emu_add_pin_obj@Base 0.11.4 - sc_pkcs15emu_add_rsa_prkey@Base 0.11.4 - sc_pkcs15emu_add_rsa_pubkey@Base 0.11.4 - sc_pkcs15emu_add_x509_cert@Base 0.11.4 - sc_pkcs15emu_object_add@Base 0.11.4 - sc_print_path@Base 0.11.4 - sc_put_data@Base 0.11.4 - sc_read_binary@Base 0.11.4 - sc_read_record@Base 0.11.4 - sc_release_context@Base 0.11.4 - sc_reset@Base 0.11.4 - sc_reset_retry_counter@Base 0.11.4 - sc_restore_security_env@Base 0.11.4 - sc_select_file@Base 0.11.4 - sc_set_card_driver@Base 0.11.4 - sc_set_security_env@Base 0.11.4 - sc_strerror@Base 0.11.4 - sc_transmit_apdu@Base 0.11.4 - sc_ui_display_debug@Base 0.11.4 - sc_ui_display_error@Base 0.11.4 - sc_ui_get_pin@Base 0.11.4 - sc_ui_get_pin_pair@Base 0.11.4 - sc_ui_set_language@Base 0.11.4 - sc_unlock@Base 0.11.4 - sc_update_binary@Base 0.11.4 - sc_update_dir@Base 0.11.4 - sc_update_record@Base 0.11.4 - sc_verify@Base 0.11.4 - sc_wait_for_event@Base 0.11.4 - sc_write_binary@Base 0.11.4 - sc_write_record@Base 0.11.4 -libpkcs15init.so.2 libopensc2 #MINVER# - sc_keycache_find_named_pin@Base 0.11.4 - sc_keycache_forget_key@Base 0.11.4 - sc_keycache_get_key@Base 0.11.4 - sc_keycache_get_pin@Base 0.11.4 - sc_keycache_get_pin_name@Base 0.11.4 - sc_keycache_put_key@Base 0.11.4 - sc_keycache_put_pin@Base 0.11.4 - sc_keycache_set_pin_name@Base 0.11.4 - sc_pkcs15init_add_app@Base 0.11.4 - sc_pkcs15init_authenticate@Base 0.11.4 - sc_pkcs15init_bind@Base 0.11.4 - sc_pkcs15init_change_attrib@Base 0.11.4 - sc_pkcs15init_create_file@Base 0.11.4 - sc_pkcs15init_delete_by_path@Base 0.11.4 - sc_pkcs15init_delete_object@Base 0.11.4 - sc_pkcs15init_erase_card@Base 0.11.4 - sc_pkcs15init_erase_card_recursively@Base 0.11.4 - sc_pkcs15init_finalize_card@Base 0.11.4 - sc_pkcs15init_fixup_acls@Base 0.11.4 - sc_pkcs15init_fixup_file@Base 0.11.4 - sc_pkcs15init_generate_key@Base 0.11.4 - sc_pkcs15init_get_asepcos_ops@Base 0.11.4 - sc_pkcs15init_get_cardos_ops@Base 0.11.4 - sc_pkcs15init_get_cryptoflex_ops@Base 0.11.4 - sc_pkcs15init_get_cyberflex_ops@Base 0.11.4 - sc_pkcs15init_get_gpk_ops@Base 0.11.4 - sc_pkcs15init_get_incrypto34_ops@Base 0.11.4 - sc_pkcs15init_get_jcop_ops@Base 0.11.4 - sc_pkcs15init_get_label@Base 0.11.4 - sc_pkcs15init_get_manufacturer@Base 0.11.4 - sc_pkcs15init_get_miocos_ops@Base 0.11.4 - sc_pkcs15init_get_muscle_ops@Base 0.11.4 - sc_pkcs15init_get_oberthur_ops@Base 0.11.4 - sc_pkcs15init_get_pin_info@Base 0.11.4 - sc_pkcs15init_get_rtecp_ops@Base 0.11.9 - sc_pkcs15init_get_rutoken_ops@Base 0.11.7 - sc_pkcs15init_get_serial@Base 0.11.4 - sc_pkcs15init_get_setcos_ops@Base 0.11.4 - sc_pkcs15init_get_starcos_ops@Base 0.11.4 - sc_pkcs15init_requires_restrictive_usage@Base 0.11.4 - sc_pkcs15init_rmdir@Base 0.11.4 - sc_pkcs15init_set_callbacks@Base 0.11.4 - sc_pkcs15init_set_lifecycle@Base 0.11.4 - sc_pkcs15init_set_p15card@Base 0.11.4 - sc_pkcs15init_set_pin_data@Base 0.11.4 - sc_pkcs15init_set_secret@Base 0.11.4 - sc_pkcs15init_set_serial@Base 0.11.4 - sc_pkcs15init_store_certificate@Base 0.11.4 - sc_pkcs15init_store_data_object@Base 0.11.4 - sc_pkcs15init_store_pin@Base 0.11.4 - sc_pkcs15init_store_private_key@Base 0.11.4 - sc_pkcs15init_store_public_key@Base 0.11.4 - sc_pkcs15init_store_split_key@Base 0.11.4 - sc_pkcs15init_unbind@Base 0.11.4 - sc_pkcs15init_update_any_df@Base 0.11.4 - sc_pkcs15init_update_certificate@Base 0.11.4 - sc_pkcs15init_update_file@Base 0.11.4 - sc_pkcs15init_verify_key@Base 0.11.4 -libscconf.so.2 libopensc2 #MINVER# - scconf_block_add@Base 0.11.4 - scconf_block_copy@Base 0.11.4 - scconf_block_destroy@Base 0.11.4 - scconf_find_block@Base 0.11.4 - scconf_find_blocks@Base 0.11.4 - scconf_find_list@Base 0.11.4 - scconf_free@Base 0.11.4 - scconf_get_bool@Base 0.11.4 - scconf_get_int@Base 0.11.4 - scconf_get_str@Base 0.11.4 - scconf_item_add@Base 0.11.4 - scconf_item_copy@Base 0.11.4 - scconf_item_destroy@Base 0.11.4 - scconf_list_add@Base 0.11.4 - scconf_list_array_length@Base 0.11.4 - scconf_list_copy@Base 0.11.4 - scconf_list_destroy@Base 0.11.4 - scconf_list_strdup@Base 0.11.4 - scconf_list_strings_length@Base 0.11.4 - scconf_list_toarray@Base 0.11.4 - scconf_new@Base 0.11.4 - scconf_parse@Base 0.11.4 - scconf_parse_entries@Base 0.11.4 - scconf_parse_string@Base 0.11.4 - scconf_put_bool@Base 0.11.4 - scconf_put_int@Base 0.11.4 - scconf_put_str@Base 0.11.4 - scconf_write@Base 0.11.4 - scconf_write_entries@Base 0.11.4 -onepin-opensc-pkcs11.so libopensc2 #MINVER# - C_CancelFunction@Base 0.11.4 - C_CloseAllSessions@Base 0.11.4 - C_CloseSession@Base 0.11.4 - C_CopyObject@Base 0.11.4 - C_CreateObject@Base 0.11.4 - C_Decrypt@Base 0.11.4 - C_DecryptDigestUpdate@Base 0.11.4 - C_DecryptFinal@Base 0.11.4 - C_DecryptInit@Base 0.11.4 - C_DecryptUpdate@Base 0.11.4 - C_DecryptVerifyUpdate@Base 0.11.4 - C_DeriveKey@Base 0.11.4 - C_DestroyObject@Base 0.11.4 - C_Digest@Base 0.11.4 - C_DigestEncryptUpdate@Base 0.11.4 - C_DigestFinal@Base 0.11.4 - C_DigestInit@Base 0.11.4 - C_DigestKey@Base 0.11.4 - C_DigestUpdate@Base 0.11.4 - C_Encrypt@Base 0.11.4 - C_EncryptFinal@Base 0.11.4 - C_EncryptInit@Base 0.11.4 - C_EncryptUpdate@Base 0.11.4 - C_Finalize@Base 0.11.4 - C_FindObjects@Base 0.11.4 - C_FindObjectsFinal@Base 0.11.4 - C_FindObjectsInit@Base 0.11.4 - C_GenerateKey@Base 0.11.4 - C_GenerateKeyPair@Base 0.11.4 - C_GenerateRandom@Base 0.11.4 - C_GetAttributeValue@Base 0.11.4 - C_GetFunctionList@Base 0.11.4 - C_GetFunctionStatus@Base 0.11.4 - C_GetInfo@Base 0.11.4 - C_GetMechanismInfo@Base 0.11.4 - C_GetMechanismList@Base 0.11.4 - C_GetObjectSize@Base 0.11.4 - C_GetOperationState@Base 0.11.4 - C_GetSessionInfo@Base 0.11.4 - C_GetSlotInfo@Base 0.11.4 - C_GetSlotList@Base 0.11.4 - C_GetTokenInfo@Base 0.11.4 - C_InitPIN@Base 0.11.4 - C_InitToken@Base 0.11.4 - C_Initialize@Base 0.11.4 - C_Login@Base 0.11.4 - C_Logout@Base 0.11.4 - C_OpenSession@Base 0.11.4 - C_SeedRandom@Base 0.11.4 - C_SetAttributeValue@Base 0.11.4 - C_SetOperationState@Base 0.11.4 - C_SetPIN@Base 0.11.4 - C_Sign@Base 0.11.4 - C_SignEncryptUpdate@Base 0.11.4 - C_SignFinal@Base 0.11.4 - C_SignInit@Base 0.11.4 - C_SignRecover@Base 0.11.4 - C_SignRecoverInit@Base 0.11.4 - C_SignUpdate@Base 0.11.4 - C_UnwrapKey@Base 0.11.4 - C_Verify@Base 0.11.4 - C_VerifyFinal@Base 0.11.4 - C_VerifyInit@Base 0.11.4 - C_VerifyRecover@Base 0.11.4 - C_VerifyRecoverInit@Base 0.11.4 - C_VerifyUpdate@Base 0.11.4 - C_WaitForSlotEvent@Base 0.11.4 - C_WrapKey@Base 0.11.4 -opensc-pkcs11.so libopensc2 #MINVER# - C_CancelFunction@Base 0.11.4 - C_CloseAllSessions@Base 0.11.4 - C_CloseSession@Base 0.11.4 - C_CopyObject@Base 0.11.4 - C_CreateObject@Base 0.11.4 - C_Decrypt@Base 0.11.4 - C_DecryptDigestUpdate@Base 0.11.4 - C_DecryptFinal@Base 0.11.4 - C_DecryptInit@Base 0.11.4 - C_DecryptUpdate@Base 0.11.4 - C_DecryptVerifyUpdate@Base 0.11.4 - C_DeriveKey@Base 0.11.4 - C_DestroyObject@Base 0.11.4 - C_Digest@Base 0.11.4 - C_DigestEncryptUpdate@Base 0.11.4 - C_DigestFinal@Base 0.11.4 - C_DigestInit@Base 0.11.4 - C_DigestKey@Base 0.11.4 - C_DigestUpdate@Base 0.11.4 - C_Encrypt@Base 0.11.4 - C_EncryptFinal@Base 0.11.4 - C_EncryptInit@Base 0.11.4 - C_EncryptUpdate@Base 0.11.4 - C_Finalize@Base 0.11.4 - C_FindObjects@Base 0.11.4 - C_FindObjectsFinal@Base 0.11.4 - C_FindObjectsInit@Base 0.11.4 - C_GenerateKey@Base 0.11.4 - C_GenerateKeyPair@Base 0.11.4 - C_GenerateRandom@Base 0.11.4 - C_GetAttributeValue@Base 0.11.4 - C_GetFunctionList@Base 0.11.4 - C_GetFunctionStatus@Base 0.11.4 - C_GetInfo@Base 0.11.4 - C_GetMechanismInfo@Base 0.11.4 - C_GetMechanismList@Base 0.11.4 - C_GetObjectSize@Base 0.11.4 - C_GetOperationState@Base 0.11.4 - C_GetSessionInfo@Base 0.11.4 - C_GetSlotInfo@Base 0.11.4 - C_GetSlotList@Base 0.11.4 - C_GetTokenInfo@Base 0.11.4 - C_InitPIN@Base 0.11.4 - C_InitToken@Base 0.11.4 - C_Initialize@Base 0.11.4 - C_Login@Base 0.11.4 - C_Logout@Base 0.11.4 - C_OpenSession@Base 0.11.4 - C_SeedRandom@Base 0.11.4 - C_SetAttributeValue@Base 0.11.4 - C_SetOperationState@Base 0.11.4 - C_SetPIN@Base 0.11.4 - C_Sign@Base 0.11.4 - C_SignEncryptUpdate@Base 0.11.4 - C_SignFinal@Base 0.11.4 - C_SignInit@Base 0.11.4 - C_SignRecover@Base 0.11.4 - C_SignRecoverInit@Base 0.11.4 - C_SignUpdate@Base 0.11.4 - C_UnwrapKey@Base 0.11.4 - C_Verify@Base 0.11.4 - C_VerifyFinal@Base 0.11.4 - C_VerifyInit@Base 0.11.4 - C_VerifyRecover@Base 0.11.4 - C_VerifyRecoverInit@Base 0.11.4 - C_VerifyUpdate@Base 0.11.4 - C_WaitForSlotEvent@Base 0.11.4 - C_WrapKey@Base 0.11.4 -pkcs11-spy.so libopensc2 #MINVER# - C_CancelFunction@Base 0.11.4 - C_CloseAllSessions@Base 0.11.4 - C_CloseSession@Base 0.11.4 - C_CopyObject@Base 0.11.4 - C_CreateObject@Base 0.11.4 - C_Decrypt@Base 0.11.4 - C_DecryptDigestUpdate@Base 0.11.4 - C_DecryptFinal@Base 0.11.4 - C_DecryptInit@Base 0.11.4 - C_DecryptUpdate@Base 0.11.4 - C_DecryptVerifyUpdate@Base 0.11.4 - C_DeriveKey@Base 0.11.4 - C_DestroyObject@Base 0.11.4 - C_Digest@Base 0.11.4 - C_DigestEncryptUpdate@Base 0.11.4 - C_DigestFinal@Base 0.11.4 - C_DigestInit@Base 0.11.4 - C_DigestKey@Base 0.11.4 - C_DigestUpdate@Base 0.11.4 - C_Encrypt@Base 0.11.4 - C_EncryptFinal@Base 0.11.4 - C_EncryptInit@Base 0.11.4 - C_EncryptUpdate@Base 0.11.4 - C_Finalize@Base 0.11.4 - C_FindObjects@Base 0.11.4 - C_FindObjectsFinal@Base 0.11.4 - C_FindObjectsInit@Base 0.11.4 - C_GenerateKey@Base 0.11.4 - C_GenerateKeyPair@Base 0.11.4 - C_GenerateRandom@Base 0.11.4 - C_GetAttributeValue@Base 0.11.4 - C_GetFunctionList@Base 0.11.4 - C_GetFunctionStatus@Base 0.11.4 - C_GetInfo@Base 0.11.4 - C_GetMechanismInfo@Base 0.11.4 - C_GetMechanismList@Base 0.11.4 - C_GetObjectSize@Base 0.11.4 - C_GetOperationState@Base 0.11.4 - C_GetSessionInfo@Base 0.11.4 - C_GetSlotInfo@Base 0.11.4 - C_GetSlotList@Base 0.11.4 - C_GetTokenInfo@Base 0.11.4 - C_InitPIN@Base 0.11.4 - C_InitToken@Base 0.11.4 - C_Initialize@Base 0.11.4 - C_LoadModule@Base 0.11.4 - C_Login@Base 0.11.4 - C_Logout@Base 0.11.4 - C_OpenSession@Base 0.11.4 - C_SeedRandom@Base 0.11.4 - C_SetAttributeValue@Base 0.11.4 - C_SetOperationState@Base 0.11.4 - C_SetPIN@Base 0.11.4 - C_Sign@Base 0.11.4 - C_SignEncryptUpdate@Base 0.11.4 - C_SignFinal@Base 0.11.4 - C_SignInit@Base 0.11.4 - C_SignRecover@Base 0.11.4 - C_SignRecoverInit@Base 0.11.4 - C_SignUpdate@Base 0.11.4 - C_UnloadModule@Base 0.11.4 - C_UnwrapKey@Base 0.11.4 - C_Verify@Base 0.11.4 - C_VerifyFinal@Base 0.11.4 - C_VerifyInit@Base 0.11.4 - C_VerifyRecover@Base 0.11.4 - C_VerifyRecoverInit@Base 0.11.4 - C_VerifyUpdate@Base 0.11.4 - C_WaitForSlotEvent@Base 0.11.4 - C_WrapKey@Base 0.11.4 diff -Nru opensc-0.11.13/debian/libopensc3-dev.dirs opensc-0.12.1/debian/libopensc3-dev.dirs --- opensc-0.11.13/debian/libopensc3-dev.dirs 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/debian/libopensc3-dev.dirs 2011-05-29 08:50:31.000000000 +0000 @@ -0,0 +1,7 @@ +usr/lib/ +usr/lib/pkgconfig/ +usr/include/common +usr/include/libopensc +usr/include/pkcs11 +usr/include/pkcs15init +usr/include/scconf diff -Nru opensc-0.11.13/debian/libopensc3-dev.docs opensc-0.12.1/debian/libopensc3-dev.docs --- opensc-0.11.13/debian/libopensc3-dev.docs 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/debian/libopensc3-dev.docs 2011-05-26 08:51:00.000000000 +0000 @@ -0,0 +1,4 @@ +#doc/html.out/api.html +#doc/api.work/api.css +#doc/api.work/html.xsl +#doc/api.work/man.xsl \ No newline at end of file diff -Nru opensc-0.11.13/debian/libopensc3-dev.install opensc-0.12.1/debian/libopensc3-dev.install --- opensc-0.11.13/debian/libopensc3-dev.install 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/debian/libopensc3-dev.install 2011-05-29 09:18:34.000000000 +0000 @@ -0,0 +1,11 @@ +debian/tmp/usr/lib/*.a +debian/tmp/usr/lib/lib*.so +debian/tmp/usr/lib/lib*.la + +src/libopensc/*.pc /usr/lib/pkgconfig/ + +src/common/*.h /usr/include/common/ +src/libopensc/*.h /usr/include/libopensc/ +src/pkcs11/*.h /usr/include/pkcs11/ +src/pkcs15init/*.h /usr/include/pkcs15init/ +src/scconf/*.h /usr/include/scconf/ diff -Nru opensc-0.11.13/debian/libopensc3.dirs opensc-0.12.1/debian/libopensc3.dirs --- opensc-0.11.13/debian/libopensc3.dirs 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/debian/libopensc3.dirs 2011-05-29 14:39:27.000000000 +0000 @@ -0,0 +1,3 @@ +usr/lib/ +usr/share/opensc/ +etc/opensc/ diff -Nru opensc-0.11.13/debian/libopensc3.examples opensc-0.12.1/debian/libopensc3.examples --- opensc-0.11.13/debian/libopensc3.examples 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/debian/libopensc3.examples 2011-05-25 21:31:54.000000000 +0000 @@ -0,0 +1 @@ +etc/opensc.conf diff -Nru opensc-0.11.13/debian/libopensc3.install opensc-0.12.1/debian/libopensc3.install --- opensc-0.11.13/debian/libopensc3.install 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/debian/libopensc3.install 2011-05-29 15:11:45.000000000 +0000 @@ -0,0 +1,11 @@ +debian/tmp/usr/lib/libopensc.so.* +debian/tmp/usr/lib/onepin-opensc-pkcs11.so +debian/tmp/usr/lib/onepin-opensc-pkcs11.la +debian/tmp/usr/lib/opensc-pkcs11.so +debian/tmp/usr/lib/opensc-pkcs11.la +debian/tmp/usr/lib/pkcs11-spy.so +debian/tmp/usr/lib/pkcs11-spy.la +debian/tmp/usr/lib/pkcs11/*.so + +debian/tmp/usr/share/opensc/*.profile +etc/opensc.conf /etc/opensc diff -Nru opensc-0.11.13/debian/libopensc3.links opensc-0.12.1/debian/libopensc3.links --- opensc-0.11.13/debian/libopensc3.links 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/debian/libopensc3.links 2011-05-29 14:39:57.000000000 +0000 @@ -0,0 +1 @@ +usr/lib/pkcs11 usr/lib/opensc diff -Nru opensc-0.11.13/debian/mozilla-opensc.install opensc-0.12.1/debian/mozilla-opensc.install --- opensc-0.11.13/debian/mozilla-opensc.install 2010-03-01 05:58:15.000000000 +0000 +++ opensc-0.12.1/debian/mozilla-opensc.install 1970-01-01 00:00:00.000000000 +0000 @@ -1,2 +0,0 @@ -debian/tmp/usr/lib/opensc-signer.so -debian/tmp/usr/lib/opensc-signer.la diff -Nru opensc-0.11.13/debian/mozilla-opensc.links opensc-0.12.1/debian/mozilla-opensc.links --- opensc-0.11.13/debian/mozilla-opensc.links 2011-02-22 14:21:06.000000000 +0000 +++ opensc-0.12.1/debian/mozilla-opensc.links 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -usr/lib/opensc-signer.so usr/lib/mozilla/plugins/opensc-signer.so diff -Nru opensc-0.11.13/debian/opensc.dirs opensc-0.12.1/debian/opensc.dirs --- opensc-0.11.13/debian/opensc.dirs 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/debian/opensc.dirs 2011-05-29 00:03:40.000000000 +0000 @@ -0,0 +1,4 @@ +usr/bin/ +usr/share/man/man5/ +usr/share/man/man1/ +usr/share/doc/opensc/ diff -Nru opensc-0.11.13/debian/opensc.docs opensc-0.12.1/debian/opensc.docs --- opensc-0.11.13/debian/opensc.docs 2010-06-30 21:56:26.000000000 +0000 +++ opensc-0.12.1/debian/opensc.docs 2011-05-29 08:46:21.000000000 +0000 @@ -1,4 +1,4 @@ -doc/html.out/tools.html -doc/nonpersistent/wiki.out/*.html -doc/nonpersistent/wiki.out/*.css +#doc/nonpersistent/wiki.out/*.html +#doc/nonpersistent/wiki.out/*.css +doc/html.out/tools.html diff -Nru opensc-0.11.13/debian/opensc.install opensc-0.12.1/debian/opensc.install --- opensc-0.11.13/debian/opensc.install 2010-06-30 21:56:26.000000000 +0000 +++ opensc-0.12.1/debian/opensc.install 2011-05-29 15:11:17.000000000 +0000 @@ -1,4 +1,3 @@ -debian/tmp/usr/bin/cardos-info debian/tmp/usr/bin/cardos-tool debian/tmp/usr/bin/cryptoflex-tool debian/tmp/usr/bin/eidenv @@ -8,15 +7,16 @@ debian/tmp/usr/bin/piv-tool debian/tmp/usr/bin/pkcs11-tool debian/tmp/usr/bin/pkcs15* -debian/tmp/usr/bin/rutoken-tool debian/tmp/usr/bin/westcos-tool debian/tmp/usr/share/man/man5/* debian/tmp/usr/share/man/man1/cardos-tool.1 debian/tmp/usr/share/man/man1/cryptoflex-tool.1 +debian/tmp/usr/share/man/man1/eidenv.1 debian/tmp/usr/share/man/man1/netkey-tool.1 debian/tmp/usr/share/man/man1/opensc-tool.1 debian/tmp/usr/share/man/man1/opensc-explorer.1 +debian/tmp/usr/share/man/man1/piv-tool.1 debian/tmp/usr/share/man/man1/pkcs11-tool.1 debian/tmp/usr/share/man/man1/pkcs15*.1 debian/tmp/usr/share/man/man1/westcos-tool.1 diff -Nru opensc-0.11.13/debian/patches/buffer-overflow.patch opensc-0.12.1/debian/patches/buffer-overflow.patch --- opensc-0.11.13/debian/patches/buffer-overflow.patch 2010-12-21 14:02:31.000000000 +0000 +++ opensc-0.12.1/debian/patches/buffer-overflow.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,48 +0,0 @@ -## Description: Fix buffer overflow -## Origin: upstream, https://www.opensc-project.org/opensc/changeset/4913 -## Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483 -Index: opensc-0.11.13/src/libopensc/card-acos5.c -=================================================================== ---- opensc-0.11.13.orig/src/libopensc/card-acos5.c 2010-12-21 09:50:31.963758002 +0100 -+++ opensc-0.11.13/src/libopensc/card-acos5.c 2010-12-21 09:50:28.265608001 +0100 -@@ -140,8 +140,8 @@ - /* - * Cache serial number. - */ -- memcpy(card->serialnr.value, apdu.resp, apdu.resplen); -- card->serialnr.len = apdu.resplen; -+ memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR)); -+ card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR); - - /* - * Copy and return serial number. -Index: opensc-0.11.13/src/libopensc/card-atrust-acos.c -=================================================================== ---- opensc-0.11.13.orig/src/libopensc/card-atrust-acos.c 2010-12-21 09:50:31.903788002 +0100 -+++ opensc-0.11.13/src/libopensc/card-atrust-acos.c 2010-12-21 09:50:28.265608001 +0100 -@@ -853,8 +853,8 @@ - if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00) - return SC_ERROR_INTERNAL; - /* cache serial number */ -- memcpy(card->serialnr.value, apdu.resp, apdu.resplen); -- card->serialnr.len = apdu.resplen; -+ memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR)); -+ card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR); - /* copy and return serial number */ - memcpy(serial, &card->serialnr, sizeof(*serial)); - return SC_SUCCESS; -Index: opensc-0.11.13/src/libopensc/card-starcos.c -=================================================================== ---- opensc-0.11.13.orig/src/libopensc/card-starcos.c 2010-12-21 09:50:32.043718002 +0100 -+++ opensc-0.11.13/src/libopensc/card-starcos.c 2010-12-21 09:50:28.265608001 +0100 -@@ -1289,8 +1289,8 @@ - if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00) - return SC_ERROR_INTERNAL; - /* cache serial number */ -- memcpy(card->serialnr.value, apdu.resp, apdu.resplen); -- card->serialnr.len = apdu.resplen; -+ memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR)); -+ card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR); - /* copy and return serial number */ - memcpy(serial, &card->serialnr, sizeof(*serial)); - return SC_SUCCESS; diff -Nru opensc-0.11.13/debian/patches/debian-changes opensc-0.12.1/debian/patches/debian-changes --- opensc-0.11.13/debian/patches/debian-changes 2011-02-22 14:22:40.000000000 +0000 +++ opensc-0.12.1/debian/patches/debian-changes 1970-01-01 00:00:00.000000000 +0000 @@ -1,12 +0,0 @@ -Please use the git repo for development. ---- opensc-0.11.13.orig/src/signer/dialog.c -+++ opensc-0.11.13/src/signer/dialog.c -@@ -3,7 +3,7 @@ - #include - - #ifndef PIN_ENTRY --#define PIN_ENTRY "/usr/local/bin/gpinentry" -+#define PIN_ENTRY "/usr/bin/pinentry" - #endif - - extern int ask_and_verify_pin_code(struct sc_pkcs15_card *p15card, diff -Nru opensc-0.11.13/debian/patches/fix-storing-key-on-entersafe opensc-0.12.1/debian/patches/fix-storing-key-on-entersafe --- opensc-0.11.13/debian/patches/fix-storing-key-on-entersafe 2010-08-23 12:42:57.000000000 +0000 +++ opensc-0.12.1/debian/patches/fix-storing-key-on-entersafe 1970-01-01 00:00:00.000000000 +0000 @@ -1,155 +0,0 @@ -Description: Fix storing keys on EnterSafe cards. -Origin: http://www.opensc-project.org/opensc/changeset/3906 - http://www.opensc-project.org/opensc/changeset/4046 -Bug-Ubuntu: http://launchpad.net/bugs/622319 - -Index: opensc-0.11.13/src/libopensc/card-entersafe.c -=================================================================== ---- opensc-0.11.13.orig/src/libopensc/card-entersafe.c 2010-08-23 14:25:54.051977214 +0200 -+++ opensc-0.11.13/src/libopensc/card-entersafe.c 2010-08-23 14:31:39.611999773 +0200 -@@ -1044,14 +1044,13 @@ - u8 *p=*ptr; - - *p++=tag; -- assert(0); -- if(bignum.len<256) -+ if(bignum.len<128) - { - *p++=(u8)bignum.len; - } - else - { -- u8 bytes=0; -+ u8 bytes=1; - size_t len=bignum.len; - while(len) - { -@@ -1069,6 +1068,7 @@ - memcpy(p,bignum.data,bignum.len); - entersafe_reverse_buffer(p,bignum.len); - p+=bignum.len; -+ *ptr = p; - } - - static int entersafe_write_small_rsa_key(sc_card_t *card,u8 key_id,struct sc_pkcs15_prkey_rsa *rsa) -@@ -1253,7 +1253,7 @@ - switch(data->usage) - { - case 0x22: -- if(rsa->modulus.len<=1024) -+ if(rsa->modulus.len < 256) - return entersafe_write_small_rsa_key(card,data->key_id,rsa); - else - return entersafe_write_large_rsa_key(card,data->key_id,rsa); -@@ -1375,71 +1375,6 @@ - SC_FUNC_RETURN(card->ctx,4,SC_SUCCESS); - } - --#if 0 --static int entersafe_preinstall_rsa_1024(sc_card_t *card,u8 key_id) --{ -- u8 sbuf[SC_MAX_APDU_BUFFER_SIZE]; -- sc_apdu_t apdu; -- int ret=0; -- static u8 const rsa_key_e[] = -- { -- 'E', 0x04, 0x01, 0x00, 0x01, 0x00 -- }; -- -- SC_FUNC_CALLED(card->ctx, 1); -- -- /* create rsa item in IKF */ -- sbuf[0] = 0x00;/* key len extern */ -- sbuf[1] = 0x8a;/* key len */ -- sbuf[2] = 0x22; /* USAGE */ -- sbuf[3] = 0x34; /* user ac */ -- sbuf[4] = 0x04; /* change ac */ -- sbuf[5] = 0x34; /* UPDATE AC */ -- sbuf[6] = 0x40; /* ALGO */ -- sbuf[7] = 0x00; /* EC */ -- sbuf[8] = 0x00; /* VER */ -- memcpy(&sbuf[9], rsa_key_e, sizeof(rsa_key_e)); -- sbuf[9 + sizeof(rsa_key_e) + 0] = 'D'; -- sbuf[9 + sizeof(rsa_key_e) + 1] = 0x82; -- sbuf[9 + sizeof(rsa_key_e) + 2] = 0x00; -- sbuf[9 + sizeof(rsa_key_e) + 3] = 0x80; -- -- sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT,0xF0,0x00,key_id); -- apdu.cla=0x84; -- apdu.data=sbuf; -- apdu.lc=apdu.datalen=9 + sizeof(rsa_key_e) + 4; -- -- ret = entersafe_transmit_apdu(card,&apdu,init_key,sizeof(init_key),0,1); -- SC_TEST_RET(card->ctx, ret, "Preinstall rsa failed"); -- -- /* create rsa item in PKF */ -- sbuf[0] = 0x01; /* key len extern */ -- sbuf[1] = 0x0A; /* key len */ -- sbuf[2] = 0x2A; /* USAGE */ -- sbuf[3] = ENTERSAFE_AC_ALWAYS; /* user ac */ -- sbuf[4] = 0x04; /* change ac */ -- sbuf[5] = ENTERSAFE_AC_ALWAYS; /* UPDATE AC */ -- sbuf[6] = 0x40; /* ALGO */ -- sbuf[7] = 0x00; /* EC */ -- sbuf[8] = 0x00; /* VER */ -- memcpy(&sbuf[9], rsa_key_e, sizeof(rsa_key_e)); -- sbuf[9 + sizeof(rsa_key_e) + 0] = 'N'; -- sbuf[9 + sizeof(rsa_key_e) + 1] = 0x82; -- sbuf[9 + sizeof(rsa_key_e) + 2] = 0x01; -- sbuf[9 + sizeof(rsa_key_e) + 3] = 0x00; -- -- sc_format_apdu(card,&apdu,SC_APDU_CASE_3_SHORT,0xF0,0x00,key_id); -- apdu.cla=0x84; -- apdu.data=sbuf; -- apdu.lc=apdu.datalen=9 + sizeof(rsa_key_e) + 4; -- -- ret=entersafe_transmit_apdu(card,&apdu,init_key,sizeof(init_key),0,1); -- SC_TEST_RET(card->ctx, ret, "Preinstall rsa failed"); -- -- SC_FUNC_RETURN(card->ctx,4,SC_SUCCESS); --} --#endif -- - static int entersafe_preinstall_rsa_2048(sc_card_t *card,u8 key_id) - { - u8 sbuf[SC_MAX_APDU_BUFFER_SIZE]; -@@ -1590,39 +1525,6 @@ - SC_FUNC_RETURN(card->ctx,4,SC_SUCCESS); - } - --#if 0 --static int entersafe_card_ctl_1024(sc_card_t *card, unsigned long cmd, void *ptr) --{ -- sc_entersafe_create_data * tmp = (sc_entersafe_create_data *)ptr; -- SC_FUNC_CALLED(card->ctx, 1); -- -- switch (cmd) -- { -- case SC_CARDCTL_ENTERSAFE_CREATE_FILE: -- if (tmp->type == SC_ENTERSAFE_MF_DATA) -- return entersafe_create_mf(card, tmp); -- else if (tmp->type == SC_ENTERSAFE_DF_DATA) -- return entersafe_create_df(card, tmp); -- else if (tmp->type == SC_ENTERSAFE_EF_DATA) -- return entersafe_create_ef(card, tmp); -- else -- return SC_ERROR_INTERNAL; -- case SC_CARDCTL_ENTERSAFE_WRITE_KEY: -- return entersafe_write_key(card, (sc_entersafe_wkey_data *)ptr); -- case SC_CARDCTL_ENTERSAFE_GENERATE_KEY: -- return entersafe_gen_key(card, (sc_entersafe_gen_key_data *)ptr); -- case SC_CARDCTL_ERASE_CARD: -- return entersafe_erase_card(card); -- case SC_CARDCTL_GET_SERIALNR: -- return entersafe_get_serialnr(card, (sc_serial_number_t *)ptr); -- case SC_CARDCTL_ENTERSAFE_PREINSTALL_KEYS: -- return entersafe_preinstall_keys(card,entersafe_preinstall_rsa_1024); -- default: -- return SC_ERROR_NOT_SUPPORTED; -- } --} --#endif -- - static int entersafe_card_ctl_2048(sc_card_t *card, unsigned long cmd, void *ptr) - { - sc_entersafe_create_data *tmp = (sc_entersafe_create_data *)ptr; diff -Nru opensc-0.11.13/debian/patches/min-max.patch opensc-0.12.1/debian/patches/min-max.patch --- opensc-0.11.13/debian/patches/min-max.patch 2010-12-21 14:02:31.000000000 +0000 +++ opensc-0.12.1/debian/patches/min-max.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,39 +0,0 @@ -## Description: Add MIN and MAX macros for buffer overflow patch -## Origin: upstream, https://www.opensc-project.org/opensc/changeset/4912 -## Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483 -Index: opensc-0.11.13/src/libopensc/internal.h -=================================================================== ---- opensc-0.11.13.orig/src/libopensc/internal.h 2010-12-21 09:51:32.763343000 +0100 -+++ opensc-0.11.13/src/libopensc/internal.h 2010-12-21 09:51:29.894778002 +0100 -@@ -48,6 +48,13 @@ - #else - #define msleep(t) Sleep(t) - #define sleep(t) Sleep((t) * 1000) -+#endif -+ -+#ifndef MAX -+#define MAX(x, y) (((x) > (y)) ? (x) : (y)) -+#endif -+#ifndef MIN -+#define MIN(x, y) (((x) < (y)) ? (x) : (y)) - #endif - - struct sc_atr_table { -Index: opensc-0.11.13/src/libopensc/muscle.c -=================================================================== ---- opensc-0.11.13.orig/src/libopensc/muscle.c 2010-12-21 09:51:32.693378000 +0100 -+++ opensc-0.11.13/src/libopensc/muscle.c 2010-12-21 09:51:29.894778002 +0100 -@@ -28,13 +28,6 @@ - #define MSC_DSA_PUBLIC 0x04 - #define MSC_DSA_PRIVATE 0x05 - --#ifndef MAX --#define MAX(x, y) (((x) > (y)) ? (x) : (y)) --#endif --#ifndef MIN --#define MIN(x, y) (((x) < (y)) ? (x) : (y)) --#endif -- - static msc_id inputId = { { 0xFF, 0xFF, 0xFF, 0xFF } }; - static msc_id outputId = { { 0xFF, 0xFF, 0xFF, 0xFE } }; - diff -Nru opensc-0.11.13/debian/patches/missing-libs.patch opensc-0.12.1/debian/patches/missing-libs.patch --- opensc-0.11.13/debian/patches/missing-libs.patch 2010-12-20 14:52:25.000000000 +0000 +++ opensc-0.12.1/debian/patches/missing-libs.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,37 +0,0 @@ -## Description: Add missing libraries to Makefile.in due to compiler change -## Origin/Author: Torsten Spindler (Canonical) -## Bug: https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692571 -Index: opensc-0.11.13/src/tools/Makefile.in -=================================================================== ---- opensc-0.11.13.orig/src/tools/Makefile.in 2010-12-20 15:14:48.001277002 +0100 -+++ opensc-0.11.13/src/tools/Makefile.in 2010-12-20 15:14:41.131277002 +0100 -@@ -85,7 +85,8 @@ - am_cardos_tool_OBJECTS = cardos-tool.$(OBJEXT) util.$(OBJEXT) \ - $(am__objects_1) - cardos_tool_OBJECTS = $(am_cardos_tool_OBJECTS) --cardos_tool_LDADD = $(LDADD) -+cardos_tool_LDADD = $(LDADD) \ -+ -lcrypto - am__cryptoflex_tool_SOURCES_DIST = cryptoflex-tool.c util.c \ - versioninfo.rc - am_cryptoflex_tool_OBJECTS = cryptoflex-tool.$(OBJEXT) util.$(OBJEXT) \ -@@ -249,7 +250,8 @@ - LIBASSUAN_LIBS = @LIBASSUAN_LIBS@ - LIBOBJS = @LIBOBJS@ - LIBS = $(top_builddir)/src/libopensc/libopensc.la \ -- $(top_builddir)/src/common/libcompat.la -+ $(top_builddir)/src/common/libcompat.la \ -+ $(top_builddir)/src/scconf/libscconf.la - - LIBTOOL = @LIBTOOL@ - LIPO = @LIPO@ -@@ -398,7 +400,8 @@ - pkcs15_tool_LDADD = $(OPTIONAL_OPENSSL_LIBS) - pkcs11_tool_SOURCES = pkcs11-tool.c util.c $(am__append_7) - pkcs11_tool_LDADD = $(OPTIONAL_OPENSSL_LIBS) \ -- $(top_builddir)/src/pkcs11/libpkcs11.la -+ $(top_builddir)/src/pkcs11/libpkcs11.la \ -+ -lltdl - - pkcs15_crypt_SOURCES = pkcs15-crypt.c util.c $(am__append_8) - pkcs15_crypt_LDADD = $(OPTIONAL_OPENSSL_LIBS) diff -Nru opensc-0.11.13/debian/patches/series opensc-0.12.1/debian/patches/series --- opensc-0.11.13/debian/patches/series 2010-12-21 14:02:31.000000000 +0000 +++ opensc-0.12.1/debian/patches/series 1970-01-01 00:00:00.000000000 +0000 @@ -1,5 +0,0 @@ -debian-changes -fix-storing-key-on-entersafe -missing-libs.patch -buffer-overflow.patch -min-max.patch diff -Nru opensc-0.11.13/debian/rules opensc-0.12.1/debian/rules --- opensc-0.11.13/debian/rules 2010-06-30 21:56:26.000000000 +0000 +++ opensc-0.12.1/debian/rules 2011-05-29 14:41:07.000000000 +0000 @@ -1,22 +1,86 @@ #!/usr/bin/make -f +# -*- makefile -*- +# Sample debian/rules that uses debhelper. +# This file is public domain software, originally written by Joey Hess. -%: - dh $@ +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 -override_dh_auto_configure: - dh_auto_configure -- --sysconfdir=/etc/opensc \ - --enable-nsplugin \ - --enable-pcsc \ - --enable-openct \ - --enable-doc \ - --with-pcsc-provider=/lib/libpcsclite.so.1 \ - --htmldir=/usr/share/doc/opensc/html +# This has to be exported to make some magic below work. +export DH_OPTIONS -override_dh_strip: - dh_strip --dbg-package=libopensc2-dbg -override_dh_installchangelogs: - dh_installchangelogs doc/nonpersistent/ChangeLog +configure: configure-stamp +configure-stamp: + dh_testdir + # Add here commands to configure the package. -override_dh_installdocs: - dh_installdocs -A README NEWS + #rm -f config.h + ./configure --enable-doc \ + --sysconfdir=/etc/opensc \ + --htmldir=/usr/share/doc/opensc/html \ + --with-pcsc-provider=/lib/libpcsclite.so.1 \ + --prefix=/usr + + touch configure-stamp + #touch stamp-h1 + + +build: build-stamp +build-stamp: configure-stamp + dh_testdir + + # Add here commands to compile the package. + $(MAKE) + + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp configure-stamp + + # Add here commands to clean up after the build process. + $(MAKE) clean || true + $(MAKE) distclean || true + + dh_clean + + +install: build + dh_testdir + dh_testroot + dh_prep + dh_installdirs + + # Add here commands to install the package into debian/ + #$(MAKE) prefix=`pwd`/debian/`dh_listpackages`/usr install + $(MAKE) install DESTDIR=`pwd`/debian/tmp + + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir -a + dh_testroot -a + dh_installchangelogs ChangeLog -a + dh_installdocs -a + dh_installexamples -a + dh_install -a + dh_installdebconf -a + dh_link -a + dh_strip --dbg-package=libopensc3-dbg -a + dh_compress -a + dh_fixperms -a + dh_makeshlibs + dh_installdeb -a + dh_shlibdeps -a + dh_gencontrol -a + dh_md5sums -a + dh_builddeb -a + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure diff -Nru opensc-0.11.13/debian/source/options opensc-0.12.1/debian/source/options --- opensc-0.11.13/debian/source/options 2010-03-01 05:58:15.000000000 +0000 +++ opensc-0.12.1/debian/source/options 1970-01-01 00:00:00.000000000 +0000 @@ -1,5 +0,0 @@ -# let dpkg-source create a debian.tar.bz2 with maximal compression -compression = "bzip2" -compression-level = 9 -# use debian/patches/debian-changes as automatic patch -single-debian-patch diff -Nru opensc-0.11.13/debian/source/patch-header opensc-0.12.1/debian/source/patch-header --- opensc-0.11.13/debian/source/patch-header 2010-03-01 05:58:15.000000000 +0000 +++ opensc-0.12.1/debian/source/patch-header 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -Please use the git repo for development. diff -Nru opensc-0.11.13/doc/api/api.css opensc-0.12.1/doc/api/api.css --- opensc-0.11.13/doc/api/api.css 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/api.css 1970-01-01 00:00:00.000000000 +0000 @@ -1,43 +0,0 @@ -body { - font-family: Verdana, Arial; - font-size: 0.9em; -} - -.title { - font-size: 1.5em; - text-align: center; -} - -.toc b { - font-size: 1.2em; - border-bottom: dashed 1px black; -} - -a { - color: blue; - text-decoration: none; -} - -a:visited { - color: blue; - text-decoration: none; -} - -pre.programlisting { - font-size: 1.1em; - background-color: #EEEEEE ; - border: 1px solid #006600 ; - padding: 1em; -} - -span.symbol { - font-weight: bold; -} - -span.errorname { - font-weight: bold; -} - -span.errortext { - font-style: italic; -} diff -Nru opensc-0.11.13/doc/api/api.xml opensc-0.12.1/doc/api/api.xml --- opensc-0.11.13/doc/api/api.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/api.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,18 +0,0 @@ - - - -]> - - - OpenSC API reference - - - - - - - - diff -Nru opensc-0.11.13/doc/api/apps/chapter.xml opensc-0.12.1/doc/api/apps/chapter.xml --- opensc-0.11.13/doc/api/apps/chapter.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/apps/chapter.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,20 +0,0 @@ - - - - - - - -]> - - - Applications - &scenumapps; - &scfindappbyaid; - &scfindpkcs15app; - &scupdatedir; - &scfreeapps; - - diff -Nru opensc-0.11.13/doc/api/apps/sc_enum_apps.xml opensc-0.12.1/doc/api/apps/sc_enum_apps.xml --- opensc-0.11.13/doc/api/apps/sc_enum_apps.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/apps/sc_enum_apps.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,43 +0,0 @@ - - - OpenSC API Reference - - sc_enum_apps - 3 - opensc - - - - sc_enum_apps - Enumerate the applications on a card - - - - Synopsis - - -#include <opensc.h> - -int sc_enum_apps(struct sc_card *card); - - - - - - Description - - This function enumerates the applications on card, and - stores them in the structure. The list of applications can then later be - searched with sc_find_app_by_aid() or - sc_find_pkcs15_app(). - - - - - Return value - - Returns the number of applications on the card, or a negative value in case - of error. - - - diff -Nru opensc-0.11.13/doc/api/apps/sc_find_app_by_aid.xml opensc-0.12.1/doc/api/apps/sc_find_app_by_aid.xml --- opensc-0.11.13/doc/api/apps/sc_find_app_by_aid.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/apps/sc_find_app_by_aid.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,50 +0,0 @@ - - - OpenSC API Reference - - sc_find_app_by_aid - 3 - opensc - - - - sc_find_app_by_aid - Find an application on a card - - - - Synopsis - - -#include <opensc.h> - -const sc_app_info_t *sc_find_app_by_aid(sc_card_t *card, - const unsigned char *aid, - size_t aid_len); - - - - - - Description - - This function finds an application on card by its - aid. The AID's length is specified in - aid_len. - - - - Before calling this function, you MUST call sc_enum_apps() first. - - - - - Return value - - Returns a sc_app_info_t structure - describing the application corresponding to aid, or NULL - if none was found. - - - diff -Nru opensc-0.11.13/doc/api/apps/sc_find_pkcs15_app.xml opensc-0.12.1/doc/api/apps/sc_find_pkcs15_app.xml --- opensc-0.11.13/doc/api/apps/sc_find_pkcs15_app.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/apps/sc_find_pkcs15_app.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,47 +0,0 @@ - - - OpenSC API Reference - - sc_find_pkcs15_app - 3 - opensc - - - - sc_find_pkcs15_app - Find a PKCS#15 application on a card - - - - Synopsis - - -#include <opensc.h> - -const sc_app_info_t *sc_find_pkcs15_app(sc_card_t *card); - - - - - - Description - - This function attempts to find a PKCS#15 application on - card. Currently, this means either a standard PKCS#15 - implementation or a Belgian eID. - - - - Before calling this function, you MUST call sc_enum_apps() first. - - - - - Return value - - Returns a sc_app_info_t structure - describing the PKCS#15 application, or NULL if none was found. - - - diff -Nru opensc-0.11.13/doc/api/apps/sc_free_apps.xml opensc-0.12.1/doc/api/apps/sc_free_apps.xml --- opensc-0.11.13/doc/api/apps/sc_free_apps.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/apps/sc_free_apps.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,34 +0,0 @@ - - - OpenSC API Reference - - sc_free_apps - 3 - opensc - - - - sc_free_apps - Free application list - - - - Synopsis - - -#include <opensc.h> - -void sc_free_apps(struct sc_card *card); - - - - - - Description - - This functions releases all memory associated with the list of applications - on card, as obtained by a call to sc_enum_apps(). - - - diff -Nru opensc-0.11.13/doc/api/apps/sc_update_dir.xml opensc-0.12.1/doc/api/apps/sc_update_dir.xml --- opensc-0.11.13/doc/api/apps/sc_update_dir.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/apps/sc_update_dir.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,47 +0,0 @@ - - - OpenSC API Reference - - sc_update_dir - 3 - opensc - - - - sc_update_dir - Update application directory on a card - - - - Synopsis - - -#include <opensc.h> - -int sc_update_dir(sc_card_t *card, sc_app_info_t *app); - - - - - - Description - - This function updates the application directory on card. - If the card has a record-structured directory file, app - may contain the application to update. Otherwise, the entire directory file - is updated. - - - - Before calling this function, you MUST call sc_enum_apps() first. - - - - - Return value - - Returns 0 if successful, or a negative value in case of error. - - - diff -Nru opensc-0.11.13/doc/api/asn1/chapter.xml opensc-0.12.1/doc/api/asn1/chapter.xml --- opensc-0.11.13/doc/api/asn1/chapter.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/asn1/chapter.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,31 +0,0 @@ - - - - - - - - - - - - -]> - - - ASN.1 functions - &scasn1encode; - &scasn1decode; - &scformatasn1entry; - &sccopyasn1entry; - &scasn1printtags; - &scasn1skiptag; - &scasn1verifytag; - &scasn1readtag; - &scasn1findtag; - &scasn1puttag; - - diff -Nru opensc-0.11.13/doc/api/asn1/sc_asn1_decode.xml opensc-0.12.1/doc/api/asn1/sc_asn1_decode.xml --- opensc-0.11.13/doc/api/asn1/sc_asn1_decode.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/asn1/sc_asn1_decode.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,62 +0,0 @@ - - - OpenSC API Reference - - sc_asn1_decode - 3 - opensc - - - - sc_asn1_decode - Extract entries from an ASN.1 stream - - - - Synopsis - - -#include <opensc.h> - -int sc_asn1_decode(struct sc_context *ctx, struct sc_asn1_entry *asn1, - const unsigned char *inbuf, size_t len, - const unsigned char **newbuf, size_t *len_left); - - - - - - Description - - This function extracts information from the ASN.1 stream pointed to by inbuf - (which is len bytes in size) and stores it into the array of - struct sc_asn_1 entries pointed to by - asn1. The array must be big enough to contain all the entries that will be - found, or an error will be flagged. The last entry in the array must be a NULL entry, i.e. the - name field must be set to NULL. - - - - The structure of the expected data must be encoded in the entries in asn1 - before calling this function; specifically the name, - type, tag and - flags fields must be filled in. - - - - The function will then scan the stream and fill in the remaining fields. - newbuf will point to the byte immediately following the extracted record, and - len_left will contain the number of bytes left in the buffer. Thus, the - newbuf and len_left fields may be passed in to - sc_asn1_decode() again, as the inbuf and len parameters, - until len reaches 0. - - - - - Return value - - Returns 0 if successful, or a negative value in case of error. - - - diff -Nru opensc-0.11.13/doc/api/asn1/sc_asn1_encode.xml opensc-0.12.1/doc/api/asn1/sc_asn1_encode.xml --- opensc-0.11.13/doc/api/asn1/sc_asn1_encode.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/asn1/sc_asn1_encode.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,48 +0,0 @@ - - - OpenSC API Reference - - sc_asn1_encode - 3 - opensc - - - - sc_asn1_encode - Encode ASN.1 entries into a stream - - - - Synopsis - - -#include <opensc.h> - -int sc_asn1_encode(struct sc_context *ctx, const struct sc_asn1_entry *asn1, - unsigned char **newbuf, size_t *size); - - - - - - Description - - This function encodes an array of entries pointed to by asn1 and terminated - by a NULL entry (i.e. where the name field of the entry is NULL) into - a newly allocated buffer. - - - - The new buffer containing the ASN.1 stream will be stored in newbuf, and the - size of this buffer is stored in size. The application must free this buffer - after use. - - - - - Return value - - Returns 0 if successful, or a negative value in case of error. - - - diff -Nru opensc-0.11.13/doc/api/asn1/sc_asn1_find_tag.xml opensc-0.12.1/doc/api/asn1/sc_asn1_find_tag.xml --- opensc-0.11.13/doc/api/asn1/sc_asn1_find_tag.xml 2005-12-29 12:36:26.000000000 +0000 +++ opensc-0.12.1/doc/api/asn1/sc_asn1_find_tag.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,44 +0,0 @@ - - - OpenSC API Reference - - sc_asn1_find_tag - 3 - opensc - - - - sc_asn1_find_tag - Find a tag in an ASN.1 stream - - - - Synopsis - - -#include <opensc.h> - -const unsigned char *sc_asn1_find_tag(struct sc_context *ctx, - const unsigned char *buf, size_t buflen, - unsigned int tag_in, size_t *taglen_in); - - - - - - Description - - This function tries to find an ASN.1 tag matching tag_in in the buffer - pointed to by buf, which is of size buflen. The buffer - should contain a series of ASN.1 entries. - - - - - Return value - - If the specified tag was not found, NULL is returned. If found, the address where it was found is - returned, and taglen_in is set to the length of the found tag. - - - diff -Nru opensc-0.11.13/doc/api/asn1/sc_asn1_print_tags.xml opensc-0.12.1/doc/api/asn1/sc_asn1_print_tags.xml --- opensc-0.11.13/doc/api/asn1/sc_asn1_print_tags.xml 2005-12-29 12:36:26.000000000 +0000 +++ opensc-0.12.1/doc/api/asn1/sc_asn1_print_tags.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,33 +0,0 @@ - - - OpenSC API Reference - - sc_asn1_print_tags - 3 - opensc - - - - sc_asn1_print_tags - Print an ASN.1 stream to stdout - - - - Synopsis - - -#include <opensc.h> - -void sc_asn1_print_tags(const unsigned char *buf, size_t buflen); - - - - - - Description - - This function prints the ASN.1 stream pointed to by buf, which is of size - buflen, to stdout. This is useful for debugging. - - - diff -Nru opensc-0.11.13/doc/api/asn1/sc_asn1_put_tag.xml opensc-0.12.1/doc/api/asn1/sc_asn1_put_tag.xml --- opensc-0.11.13/doc/api/asn1/sc_asn1_put_tag.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/asn1/sc_asn1_put_tag.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,48 +0,0 @@ - - - OpenSC API Reference - - sc_asn1_put_tag - 3 - opensc - - - - sc_asn1_put_tag - Construct an ASN.1 entry in a buffer - - - - Synopsis - - -#include <opensc.h> - -int sc_asn1_put_tag(int tag, const unsigned char *data, int datalen, - unsigned char *out, int outlen, unsigned char **nextbuf); - - - - - - Description - - This function constructs a single entry in an ASN.1 stream, at the buffer pointed to by - out (which is outlen bytes long). The tag to be used - is in tag, and the entry payload is pointed to by data, - which is datalen bytes long. - - - - If nextbuf is not NULL, it will be filled in with a pointer to the buffer - address immediately following the newly copied entry. - - - - - Return value - - Returns 0 if successful, or a negative value in case of error. - - - diff -Nru opensc-0.11.13/doc/api/asn1/sc_asn1_read_tag.xml opensc-0.12.1/doc/api/asn1/sc_asn1_read_tag.xml --- opensc-0.11.13/doc/api/asn1/sc_asn1_read_tag.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/asn1/sc_asn1_read_tag.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,44 +0,0 @@ - - - OpenSC API Reference - - sc_asn1_read_tag - 3 - opensc - - - - sc_asn1_read_tag - Extract a tag from an ASN.1 entry - - - - Synopsis - - -#include <opensc.h> - -int sc_asn1_read_tag(const unsigned char **buf, size_t buflen, - unsigned int *cla_out, unsigned int *tag_out, size_t *taglen); - - - - - - Description - - This function extracts a tag from an ASN.1 entry at the buffer pointed to by - the pointer in buf. The buffer is buflen bytes long. - The tag class will be stored in cla_out, the tag itself in - tag_out, and the length of the extracted tag in - tag_len. - - - - - Return value - - Returns 1 if successful, or -1 in case of error. - - - diff -Nru opensc-0.11.13/doc/api/asn1/sc_asn1_skip_tag.xml opensc-0.12.1/doc/api/asn1/sc_asn1_skip_tag.xml --- opensc-0.11.13/doc/api/asn1/sc_asn1_skip_tag.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/asn1/sc_asn1_skip_tag.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,42 +0,0 @@ - - - OpenSC API Reference - - sc_asn1_skip_tag - 3 - opensc - - - - sc_asn1_skip_tag - - - - - Synopsis - - -#include <opensc.h> - -const unsigned char *sc_asn1_skip_tag(struct sc_context *ctx, - const unsigned char **buf, size_t *buflen, - unsigned int tag_in, size_t *taglen_out); - - - - - - Description - - - - - - - - - Return value - - - - diff -Nru opensc-0.11.13/doc/api/asn1/sc_asn1_verify_tag.xml opensc-0.12.1/doc/api/asn1/sc_asn1_verify_tag.xml --- opensc-0.11.13/doc/api/asn1/sc_asn1_verify_tag.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/asn1/sc_asn1_verify_tag.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,34 +0,0 @@ - - - OpenSC API Reference - - sc_asn1_verify_tag - 3 - opensc - - - - sc_asn1_verify_tag - Verify validity of an ASN.1 tag - - - - Synopsis - - -#include <opensc.h> - -const unsigned char *sc_asn1_verify_tag(struct sc_context *ctx, - const unsigned char *buf, size_t buflen, - unsigned int tag_in, size_t *taglen_out); - - - - - - Description - - This is an alias for the sc_asn1_skip_tag() function. - - - diff -Nru opensc-0.11.13/doc/api/asn1/sc_copy_asn1_entry.xml opensc-0.12.1/doc/api/asn1/sc_copy_asn1_entry.xml --- opensc-0.11.13/doc/api/asn1/sc_copy_asn1_entry.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/asn1/sc_copy_asn1_entry.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,36 +0,0 @@ - - - OpenSC API Reference - - sc_copy_asn1_entry - 3 - opensc - - - - sc_copy_asn1_entry - Copy an ASN.1 entry - - - - Synopsis - - -#include <opensc.h> - -void sc_copy_asn1_entry(const struct sc_asn1_entry *src, struct sc_asn1_entry *dest); - - - - - - Description - - This function copies an array of struct - sc_asn1_entry entries pointed to be src to - dest. The array must be NULL-terminated (that is, the last entry must have - its name field set to NULL). There must be enough space available in - dest. - - - diff -Nru opensc-0.11.13/doc/api/asn1/sc_format_asn1_entry.xml opensc-0.12.1/doc/api/asn1/sc_format_asn1_entry.xml --- opensc-0.11.13/doc/api/asn1/sc_format_asn1_entry.xml 2005-12-29 12:36:26.000000000 +0000 +++ opensc-0.12.1/doc/api/asn1/sc_format_asn1_entry.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,36 +0,0 @@ - - - OpenSC API Reference - - sc_format_asn1_entry - 3 - opensc - - - - sc_format_asn1_entry - Fill in an ASN.1 entry structure - - - - Synopsis - - -#include <opensc.h> - -void sc_format_asn1_entry(struct sc_asn1_entry *entry, void *parm, void *arg, int set_present); - - - - - - Description - - This function stores the parm and arg pointers in the - struct sc_asn1_entry - entry. No checking is done. Since the pointers are copied directly, the - storage they point to must not be freed by the calling application until the entry itself is - destroyed. - - - diff -Nru opensc-0.11.13/doc/api/card/chapter.xml opensc-0.12.1/doc/api/card/chapter.xml --- opensc-0.11.13/doc/api/card/chapter.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/card/chapter.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,31 +0,0 @@ - - - - - - - - - - - - -]> - - - Card operations - &sccardctl; - &sclock; - &scunlock; - &scwaitforevent; - &scformatapdu; - &sctransmitapdu; - &scchecksw; - &scgetchallenge; - &scgetdata; - &scputdata; - - diff -Nru opensc-0.11.13/doc/api/card/sc_card_ctl.xml opensc-0.12.1/doc/api/card/sc_card_ctl.xml --- opensc-0.11.13/doc/api/card/sc_card_ctl.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/card/sc_card_ctl.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,46 +0,0 @@ - - - OpenSC API Reference - - sc_card_ctl - 3 - opensc - - - - sc_card_ctl - Send a control command to a card - - - - Synopsis - - -#include <opensc.h> - -int sc_card_ctl(struct sc_card *card, unsigned long cmd, void *args); - - - - - - - Description - This function is used to send various control commands to the smart card associated with - card. The command is specified in cmd, and any - command-specific arguments are pointed to by args. - - - - Commands are specific to cards. For more details on which cards accept which - commands, check the documentation for your card. - - - - - Return value - - Returns 0 if successful, or a negative value in case of error. - - - diff -Nru opensc-0.11.13/doc/api/card/sc_check_sw.xml opensc-0.12.1/doc/api/card/sc_check_sw.xml --- opensc-0.11.13/doc/api/card/sc_check_sw.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/card/sc_check_sw.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,49 +0,0 @@ - - - OpenSC API Reference - - sc_check_sw - 3 - opensc - - - - sc_check_sw - Check return status from a card transaction - - - - Synopsis - - -#include <opensc.h> - -int sc_check_sw(struct sc_card *card, int sw1, int sw2); - - - - - - Description - - This function checks the return status as given in sw1 - and sw2 against the card-specific errors of - card. These are set by sc_transmit_apdu() in the - apdu.sw1 and apdu.sw2 - fields, respectively. - - - - The function should be called after every APDU transmission, to convert the - card's status code to an OpenSC error code. - - - - - Return value - - Returns 0 if successful, or a negative value in case of error. - - - diff -Nru opensc-0.11.13/doc/api/card/sc_format_apdu.xml opensc-0.12.1/doc/api/card/sc_format_apdu.xml --- opensc-0.11.13/doc/api/card/sc_format_apdu.xml 2009-12-13 07:44:41.000000000 +0000 +++ opensc-0.12.1/doc/api/card/sc_format_apdu.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,38 +0,0 @@ - - - OpenSC API Reference - - sc_format_apdu - 3 - opensc - - - - sc_format_apdu - Populate an APDU structure - - - - Synopsis - - -#include <opensc.h> - -void sc_format_apdu(struct sc_card *card, sc_apdu_t *apdu, - int cse, int ins, int p1, int p2); - - - - - - Description - - This function populates the sc_apdu_t structure - pointed to by apdu on card. It does - not allocate memory. The cse, ins, - p1 and p2 parameters correspond to - the respective APDU parameters as described in the - ISO 7816 standard. - - - diff -Nru opensc-0.11.13/doc/api/card/sc_get_challenge.xml opensc-0.12.1/doc/api/card/sc_get_challenge.xml --- opensc-0.11.13/doc/api/card/sc_get_challenge.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/card/sc_get_challenge.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,41 +0,0 @@ - - - OpenSC API Reference - - sc_get_challenge - 3 - opensc - - - - sc_get_challenge - Request a challenge from a card - - - - Synopsis - - -#include <opensc.h> - -int sc_get_challenge(struct sc_card *card, unsigned char *rnd, size_t len); - - - - - - Description - - This function requests a challenge (i.e. random bytes) from - card. The returned data will be stored in - rnd, and will be len bytes long. - - - - - Return value - - Returns 0 if successful, or a negative value in case of error. - - - diff -Nru opensc-0.11.13/doc/api/card/sc_get_data.xml opensc-0.12.1/doc/api/card/sc_get_data.xml --- opensc-0.11.13/doc/api/card/sc_get_data.xml 2009-12-13 07:44:41.000000000 +0000 +++ opensc-0.12.1/doc/api/card/sc_get_data.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,48 +0,0 @@ - - - OpenSC API Reference - - sc_get_data - 3 - opensc - - - - sc_get_data - Get a primitive data object from a card - - - - Synopsis - - -#include <opensc.h> - -int sc_get_data(sc_card_t *card, unsigned int tag, - unsigned char *buf, size_t buflen); - - - - - - Description - - This function is used to retrieve a primitive data object from - card. It corresponds to the GET DATA command in the - ISO 7816 standard. The data is stored in - buf, which is buflen bytes long. - - - - The tag parameter specifies the object to be retrieved. - Refer to the standard for the correct values to use. - - - - - Return value - - Returns 0 if successful, or a negative value in case of error. - - - diff -Nru opensc-0.11.13/doc/api/card/sc_lock.xml opensc-0.12.1/doc/api/card/sc_lock.xml --- opensc-0.11.13/doc/api/card/sc_lock.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/card/sc_lock.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,41 +0,0 @@ - - - OpenSC API Reference - - sc_lock - 3 - opensc - - - - sc_lock - Lock a card for exclusive use - - - - Synopsis - - -#include <opensc.h> - -int sc_lock(struct sc_card *card); - - - - - - Description - - This function locks the card against modification from other threads or processes. The function - may be called several times; a counter will be increased, and the card will be unlocked only - when this counter reaches zero. - - - - - Return value - - Returns 0 on success, or a negative value in case of error. - - - diff -Nru opensc-0.11.13/doc/api/card/sc_put_data.xml opensc-0.12.1/doc/api/card/sc_put_data.xml --- opensc-0.11.13/doc/api/card/sc_put_data.xml 2009-12-13 07:44:41.000000000 +0000 +++ opensc-0.12.1/doc/api/card/sc_put_data.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,49 +0,0 @@ - - - OpenSC API Reference - - sc_put_data - 3 - opensc - - - - sc_put_data - Store a primitive data object on a card - - - - Synopsis - - -#include <opensc.h> - -int sc_put_data(sc_card_t *card, unsigned int tag, - const unsigned char *buf, size_t len); - - - - - - Description - - This function is used to store a primitive data object on - card. It corresponds to the PUT DATA command in the - ISO 7816 standard. The data to be sent to the - card is stored in buf, which is - buflen bytes long. - - - - The tag parameter specifies the object to be stored. - Refer to the standard for the correct values to use. - - - - - Return value - - Returns 0 if successful, or a negative value in case of error. - - - diff -Nru opensc-0.11.13/doc/api/card/sc_transmit_apdu.xml opensc-0.12.1/doc/api/card/sc_transmit_apdu.xml --- opensc-0.11.13/doc/api/card/sc_transmit_apdu.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/card/sc_transmit_apdu.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,40 +0,0 @@ - - - OpenSC API Reference - - sc_transmit_apdu - 3 - opensc - - - - sc_transmit_apdu - Transmit an APDU structure - - - - Synopsis - - -#include <opensc.h> - -int sc_transmit_apdu(struct sc_card *card, sc_apdu_t *apdu); - - - - - - Description - - This function transmits the APDU in apdu to - card. - - - - - Return value - - Returns 0 if successful, or a negative value in case of error. - - - diff -Nru opensc-0.11.13/doc/api/card/sc_unlock.xml opensc-0.12.1/doc/api/card/sc_unlock.xml --- opensc-0.11.13/doc/api/card/sc_unlock.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/card/sc_unlock.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,40 +0,0 @@ - - - OpenSC API Reference - - sc_unlock - 3 - opensc - - - - sc_unlock - Unlock a card - - - - Synopsis - - -#include <opensc.h> - -int sc_unlock(struct sc_card *card); - - - - - - Description - - This function unlocks card. That is, the lock count is decreased, and the - card unlocked if it reaches zero. - - - - - Return value - - Returns 0 if successful, or a negative value in case of error. - - - diff -Nru opensc-0.11.13/doc/api/card/sc_wait_for_event.xml opensc-0.12.1/doc/api/card/sc_wait_for_event.xml --- opensc-0.11.13/doc/api/card/sc_wait_for_event.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/card/sc_wait_for_event.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,71 +0,0 @@ - - - OpenSC API Reference - - sc_wait_for_event - 3 - opensc - - - - sc_wait_for_event - Wait for an event on a smart card reader - - - - Synopsis - - -#include <opensc.h> - -int sc_wait_for_event(sc_reader_t *readers[], int slots[], size_t numslots, - unsigned int event_mask, - int *reader, unsigned int *event, int timeout); - - - - - - Description - - This function blocks until an event occurs on any of the - readers/slots specified. The readers and slots - fields list the readers and - respective slots to be watched. num_slots - holds the total number of slots passed. The event_mask - parameter specifies the types of events to wait for. This may be a - combination of the following flags: - - - SC_EVENT_CARD_REMOVED - A card was removed from the reader/slot. - - - SC_EVENT_CARD_INSERTED - A card was inserted into the reader/slot. - - - - - - On returning, the reader parameter holds the - reader which generated an event, and event holds - the event flag, as in event_mask. - - - - The timeout parameter may be used to specify the maximum amount of - time to wait for an event, in milliseconds. This may be set to -1 - to wait forever. - - - - - Return value - - Returns 0 if successful, 1 if a timeout occurred, or a negative - value in case of error. - - - - diff -Nru opensc-0.11.13/doc/api/file/chapter.xml opensc-0.12.1/doc/api/file/chapter.xml --- opensc-0.11.13/doc/api/file/chapter.xml 2005-12-29 12:36:26.000000000 +0000 +++ opensc-0.12.1/doc/api/file/chapter.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,40 +0,0 @@ - - - - - - - - - - - - - - - - - -]> - - - File operations - &scfilenew; - &scfiledup; - &sccreatefile; - &scselectfile; - &scfilefree; - &sclistfiles; - &scdeletefile; - &screadbinary; - &scupdatebinary; - &scwritebinary; - &screadrecord; - &scwriterecord; - &scupdaterecord; - &scappendrecord; - &scdeleterecord; - diff -Nru opensc-0.11.13/doc/api/file/sc_append_record.xml opensc-0.12.1/doc/api/file/sc_append_record.xml --- opensc-0.11.13/doc/api/file/sc_append_record.xml 2009-12-13 07:44:41.000000000 +0000 +++ opensc-0.12.1/doc/api/file/sc_append_record.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,45 +0,0 @@ - - - OpenSC API Reference - - sc_append_record - 3 - opensc - - - - sc_append_record - Append a record to a file - - - - Synopsis - - -#include <opensc.h> - -int sc_append_record(struct sc_card *card, - const unsigned char *buf, size_t buflen, - unsigned long flags); - - - - - - Description - - This function appends a record that is buflen bytes long from the buffer - pointed to by buf to a record-structured elementary file (EF) on - card. The function corresponds to the ISO - 7816 APPEND RECORD function. Call sc_select_file() - first to select the file to write to. - - - - - Return value - - Returns the number of bytes written if successful, or a negative value in case of error. - - - diff -Nru opensc-0.11.13/doc/api/file/sc_create_file.xml opensc-0.12.1/doc/api/file/sc_create_file.xml --- opensc-0.11.13/doc/api/file/sc_create_file.xml 2005-12-29 12:36:26.000000000 +0000 +++ opensc-0.12.1/doc/api/file/sc_create_file.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,34 +0,0 @@ - - - OpenSC API Reference - - sc_create_file - 3 - opensc - - - - sc_create_file - Create a file object - - - - Synopsis - - -#include <opensc.h> - -int sc_create_file(sc_card_t *card, sc_file_t *file); - - - - - - Description - - This function creates a file on card. The file must - have been created with a call to sc_file_new() beforehand. - - - - diff -Nru opensc-0.11.13/doc/api/file/sc_delete_file.xml opensc-0.12.1/doc/api/file/sc_delete_file.xml --- opensc-0.11.13/doc/api/file/sc_delete_file.xml 2005-12-29 12:36:26.000000000 +0000 +++ opensc-0.12.1/doc/api/file/sc_delete_file.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,40 +0,0 @@ - - - OpenSC API Reference - - sc_delete_file - 3 - opensc - - - - sc_delete_file - Delete a file - - - - Synopsis - - -#include <opensc.h> - -int sc_delete_file(struct sc_card *card, const struct sc_path *path); - - - - - - Description - - This function deletes a file specified by path on - card. - - - - - Return value - - Returns 0 if successful, or a negative value in case of error. - - - diff -Nru opensc-0.11.13/doc/api/file/sc_delete_record.xml opensc-0.12.1/doc/api/file/sc_delete_record.xml --- opensc-0.11.13/doc/api/file/sc_delete_record.xml 2009-12-13 07:44:41.000000000 +0000 +++ opensc-0.12.1/doc/api/file/sc_delete_record.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,42 +0,0 @@ - - - OpenSC API Reference - - sc_delete_record - 3 - opensc - - - - sc_delete_record - Delete a record from a file - - - - Synopsis - - -#include <opensc.h> - -int sc_delete_record(struct sc_card *card, unsigned int rec_nr); - - - - - - Description - - This function deletes a record specified by rec_nr on - card. This is not a standard ISO - 7816 operation, and is currently only supported on the - Oberthur smart cards. - - - - - Return value - - Returns 0 if successful, or a negative value in case of error. - - - diff -Nru opensc-0.11.13/doc/api/file/sc_file_dup.xml opensc-0.12.1/doc/api/file/sc_file_dup.xml --- opensc-0.11.13/doc/api/file/sc_file_dup.xml 2005-12-29 12:36:26.000000000 +0000 +++ opensc-0.12.1/doc/api/file/sc_file_dup.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,37 +0,0 @@ - - - OpenSC API Reference - - sc_file_dup - 3 - opensc - - - - sc_file_dup - Duplicate a file object - - - - Synopsis - - -#include <opensc.h> - -void sc_file_dup(sc_file_t **dest, const sc_file_t *src) - - - - - - Description - - This function creates a new file object, duplicates all file information from - src into it, and stores it in the pointer pointed to by - dest. This object must be released with sc_file_free() after use. - - - - diff -Nru opensc-0.11.13/doc/api/file/sc_file_free.xml opensc-0.12.1/doc/api/file/sc_file_free.xml --- opensc-0.11.13/doc/api/file/sc_file_free.xml 2005-12-29 12:36:26.000000000 +0000 +++ opensc-0.12.1/doc/api/file/sc_file_free.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,35 +0,0 @@ - - - OpenSC API Reference - - sc_file_free - 3 - opensc - - - - sc_file_free - Free file object - - - - Synopsis - - -#include <opensc.h> - -void sc_file_free(sc_file_t *file); - - - - - - Description - - This function releases a file object previously allocated by sc_select_file(). - - - - - diff -Nru opensc-0.11.13/doc/api/file/sc_file_new.xml opensc-0.12.1/doc/api/file/sc_file_new.xml --- opensc-0.11.13/doc/api/file/sc_file_new.xml 2005-12-29 12:36:26.000000000 +0000 +++ opensc-0.12.1/doc/api/file/sc_file_new.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,34 +0,0 @@ - - - OpenSC API Reference - - sc_file_new - 3 - opensc - - - - sc_file_new - Create a file object - - - - Synopsis - - -#include <opensc.h> - -sc_file_t *sc_file_new(void); - - - - - - Description - - This function creates an empty OpenSC file object, which can later be passed to sc_create_file(). - - - - diff -Nru opensc-0.11.13/doc/api/file/sc_list_files.xml opensc-0.12.1/doc/api/file/sc_list_files.xml --- opensc-0.11.13/doc/api/file/sc_list_files.xml 2005-12-29 12:36:26.000000000 +0000 +++ opensc-0.12.1/doc/api/file/sc_list_files.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,42 +0,0 @@ - - - OpenSC API Reference - - sc_list_files - 3 - opensc - - - - sc_list_files - List files - - - - Synopsis - - -#include <opensc.h> - -int sc_list_files(struct sc_card *card, unsigned char *buf, size_t buflen); - - - - - - Description - - This function lists all files in the currently selected DF, and stores the file IDs as big-endian - 16-bit words in buffer, which is buflen bytes long. If - the supplied buffer is too small to hold all file IDs, the listing is silently truncated. - - - - - Return value - - Returns the number of bytes stored in buffer, or a negative value in case of - error. - - - diff -Nru opensc-0.11.13/doc/api/file/sc_read_binary.xml opensc-0.12.1/doc/api/file/sc_read_binary.xml --- opensc-0.11.13/doc/api/file/sc_read_binary.xml 2009-12-13 07:44:41.000000000 +0000 +++ opensc-0.12.1/doc/api/file/sc_read_binary.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,54 +0,0 @@ - - - OpenSC API Reference - - sc_read_binary - 3 - opensc - - - - sc_read_binary - Read a file - - - - Synopsis - - -#include <opensc.h> - -int sc_read_binary(struct sc_card *card, unsigned int offset, - unsigned char *buf, size_t count, - unsigned long flags); - - - - - - Description - - This function reads from a transparent elementary file (EF) on card. It - corresponds to the ISO 7816 READ BINARY function. Call sc_select_file() first to select the file to read from. - - - - The data read from the file is stored in buf, which is - count bytes long. - - - - The offset argument specifies the file offset in bytes. The - flags argument is currently not used, and should be set to 0. - - - - - Return value - - If successful, the number of bytes read is returned. Otherwise, a negative value is - returned. - - - diff -Nru opensc-0.11.13/doc/api/file/sc_read_record.xml opensc-0.12.1/doc/api/file/sc_read_record.xml --- opensc-0.11.13/doc/api/file/sc_read_record.xml 2009-12-13 07:44:41.000000000 +0000 +++ opensc-0.12.1/doc/api/file/sc_read_record.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,54 +0,0 @@ - - - OpenSC API Reference - - sc_read_record - 3 - opensc - - - - sc_read_record - Read a record from a file - - - - Synopsis - - -#include <opensc.h> - -int sc_read_record(struct sc_card *card, unsigned int record, - unsigned char *buf, size_t buflen, - unsigned long flags); - - - - - - Description - - This function reads a record-structured elementary file (EF) from card. The - function corresponds to the ISO 7816 READ RECORD function. Call - sc_select_file() first to select the file to read from. - - - - record specifies the ID of the record to be read, or, if - flags is set to SC_RECORD_BY_REC_NR, the record number. If - record is set to zero, the current record will be read. - - - - The read data is stored in buf, which is buflen bytes - long. - - - - - Return value - - Returns the number of bytes read if successful, or a negative value in case of error. - - - diff -Nru opensc-0.11.13/doc/api/file/sc_select_file.xml opensc-0.12.1/doc/api/file/sc_select_file.xml --- opensc-0.11.13/doc/api/file/sc_select_file.xml 2005-12-29 12:36:26.000000000 +0000 +++ opensc-0.12.1/doc/api/file/sc_select_file.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,55 +0,0 @@ - - - OpenSC API Reference - - sc_select_file - 3 - opensc - - - - sc_select_file - Select a file on a smart card - - - - Synopsis - - -#include <opensc.h> - -int sc_select_file(sc_card_t *card, - const sc_path_t *path, - sc_file_t **result); - - - - - - - Description - - This function selects the file specified by path. If - path specifies a file within the currently selected DF, sc_select_file() will - not select the MF first, but interpret the path relative to the current DF. - It does this in order to prevent losing any authorizations previously established with the card - (e.g. by presenting a PIN). - - - - If result is not NULL, an sc_file_t object is - created, and the pointer to this object is stored in the location pointed to by - result. This handle should later be released using sc_file_free(). - - - - - - Return value - - If an error occurred, a negative error code is returned. Otherwise, the function will return 0. - - - - diff -Nru opensc-0.11.13/doc/api/file/sc_update_binary.xml opensc-0.12.1/doc/api/file/sc_update_binary.xml --- opensc-0.11.13/doc/api/file/sc_update_binary.xml 2009-12-13 07:44:41.000000000 +0000 +++ opensc-0.12.1/doc/api/file/sc_update_binary.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,56 +0,0 @@ - - - OpenSC API Reference - - sc_update_binary - 3 - opensc - - - - sc_update_binary - Write to an existing file - - - - Synopsis - - -#include <opensc.h> - -int sc_update_binary(struct sc_card *card, unsigned int offset, - const unsigned char *buf, size_t count, - unsigned long flags); - - - - - - Description - - This function writes count bytes from the buffer pointed to by - buf to a transparent elementary file (EF) on card. It - corresponds to the ISO 7816 UPDATE BINARY function. Call sc_select_file() first to select the file to write to. - - - - This function can only be used to write to a file region previously written to. For writing to a - newly created file, or a new region of an existing file, use sc_write_binary(). - - - - The offset argument specifies the file offset in bytes. The - flags argument is currently not used, and should be set to 0. - - - - - Return value - - If successful, the number of bytes written is returned. Otherwise, a negative value is - returned. - - - diff -Nru opensc-0.11.13/doc/api/file/sc_update_record.xml opensc-0.12.1/doc/api/file/sc_update_record.xml --- opensc-0.11.13/doc/api/file/sc_update_record.xml 2009-12-13 07:44:41.000000000 +0000 +++ opensc-0.12.1/doc/api/file/sc_update_record.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,56 +0,0 @@ - - - OpenSC API Reference - - sc_update_record - 3 - opensc - - - - sc_update_record - Write a record to an existing file - - - - Synopsis - - -#include <opensc.h> - -int sc_update_record(struct sc_card *card, unsigned int record, - const unsigned char *buf, size_t buflen, - unsigned long flags); - - - - - - Description - - This function writes a record that is buflen bytes long from the buffer - pointed to by buf to a record-structured elementary file (EF) on - card. The function corresponds to the ISO - 7816 UPDATE RECORD function. Call sc_select_file() - first to select the file to write to. - - - - record specifies the ID of the record to be written, or, if - flags is set to SC_RECORD_BY_REC_NR, the record number. If - record is set to zero, the current record will be read. - - - - This function can be used for overwriting existing records only; for appending to - files, see the sc_append_record() function. - - - - - Return value - - Returns the number of bytes written if successful, or a negative value in case of error. - - - diff -Nru opensc-0.11.13/doc/api/file/sc_write_binary.xml opensc-0.12.1/doc/api/file/sc_write_binary.xml --- opensc-0.11.13/doc/api/file/sc_write_binary.xml 2009-12-13 07:44:41.000000000 +0000 +++ opensc-0.12.1/doc/api/file/sc_write_binary.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,56 +0,0 @@ - - - OpenSC API Reference - - sc_write_binary - 3 - opensc - - - - sc_write_binary - Write to a new file - - - - Synopsis - - -#include <opensc.h> - -int sc_write_binary(struct sc_card *card, unsigned int offset, - const unsigned char *buf, size_t count, - unsigned long flags); - - - - - - Description - - This function writes count bytes from the buffer pointed to by - buf to a transparent elementary file (EF) on card. It - corresponds to the ISO 7816 WRITE BINARY function. Call sc_select_file() first to select the file to write to. - - - - This function is used to write to a newly created file, or to a a previously unused portion of a - file. For updating an existing file, use the sc_update_binary() function. - - - - The offset argument specifies the file offset in bytes. The - flags argument is currently not used, and should be set to 0. - - - - - Return value - - If successful, the number of bytes written is returned. Otherwise, a negative value is - returned. - - - diff -Nru opensc-0.11.13/doc/api/file/sc_write_record.xml opensc-0.12.1/doc/api/file/sc_write_record.xml --- opensc-0.11.13/doc/api/file/sc_write_record.xml 2009-12-13 07:44:41.000000000 +0000 +++ opensc-0.12.1/doc/api/file/sc_write_record.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,57 +0,0 @@ - - - OpenSC API Reference - - sc_write_record - 3 - opensc - - - - sc_write_record - Write a record to a file - - - - Synopsis - - -#include <opensc.h> - -int sc_write_record(struct sc_card *card, unsigned int record, - const unsigned char *buf, size_t buflen, - unsigned long flags); - - - - - - Description - - This function writes a record that is buflen bytes long from the buffer - pointed to by buf to a record-structured elementary file (EF) on - card. The function corresponds to the ISO - 7816 WRITE RECORD function. Call sc_select_file() - first to select the file to write to. - - - - record specifies the ID of the record to be written, or, if - flags is set to SC_RECORD_BY_REC_NR, the record number. If - record is set to zero, the current record will be read. - - - - This function is used for newly created files only; for updating or appending to - existing files, see the sc_update_record() and sc_append_record() functions, respectively. - - - - - Return value - - Returns the number of bytes written if successful, or a negative value in case of error. - - - diff -Nru opensc-0.11.13/doc/api/html.xsl opensc-0.12.1/doc/api/html.xsl --- opensc-0.11.13/doc/api/html.xsl 2009-12-13 09:14:26.000000000 +0000 +++ opensc-0.12.1/doc/api/html.xsl 1970-01-01 00:00:00.000000000 +0000 @@ -1,16 +0,0 @@ - - -]> - - - - - - - - diff -Nru opensc-0.11.13/doc/api/init/chapter.xml opensc-0.12.1/doc/api/init/chapter.xml --- opensc-0.11.13/doc/api/init/chapter.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/init/chapter.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,26 +0,0 @@ - - - - - - - - - - -]> - - - Initialization - &scestablishcontext; - &screleasecontext; - &scgetcachedir; - &scmakecachedir; - &scconnectcard; - &scdisconnectcard; - &scdetectcardpresence; - &sccardvalid; - &scsetcarddriver; - diff -Nru opensc-0.11.13/doc/api/init/sc_card_valid.xml opensc-0.12.1/doc/api/init/sc_card_valid.xml --- opensc-0.11.13/doc/api/init/sc_card_valid.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/init/sc_card_valid.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,41 +0,0 @@ - - - OpenSC API Reference - - sc_card_valid - 3 - opensc - - - - sc_card_valid - Check if a card is valid - - - - Synopsis - - -#include <opensc.h> - -int sc_card_valid(const sc_card_t *card); - - - - - - Description - - Checks if card is a valid sc_card_t object. - Mostly used internally by the library. - - - - - Return value - - Returns 1 if card is a valid object. - - - - diff -Nru opensc-0.11.13/doc/api/init/sc_connect_card.xml opensc-0.12.1/doc/api/init/sc_connect_card.xml --- opensc-0.11.13/doc/api/init/sc_connect_card.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/init/sc_connect_card.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,50 +0,0 @@ - - - OpenSC API Reference - - sc_connect_card - 3 - opensc - - - - sc_connect_card - Connect to smart card in reader - - - - Synopsis - - -#include <opensc.h> - -int sc_connect_card(sc_reader_t *reader, int slot, sc_card_t **card); - - - - - - Description - - This function connects to a card in a reader, resets the card and retrieves the ATR (Answer To - Reset). Based on the ATR, it tries to auto-detect which card driver to use. - - - - The slot parameter identifies the card reader's slot. Slots are numbered - consecutively, starting at 0. - - - - If OpenSC was able to connect to the card, a pointer to the sc_card_t object is stored in the - location pointer to by the card parameter. The card handle should be - released with sc_disconnect_card when no longer in use. - - - - - Return value - Returns 0 if successful, or a negative value in case of error. - - - diff -Nru opensc-0.11.13/doc/api/init/sc_detect_card_presence.xml opensc-0.12.1/doc/api/init/sc_detect_card_presence.xml --- opensc-0.11.13/doc/api/init/sc_detect_card_presence.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/init/sc_detect_card_presence.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,43 +0,0 @@ - - - OpenSC API Reference - - sc_detect_card_presence - 3 - opensc - - - - sc_detect_card_presence - Detect presence of smart card in a reader - - - - Synopsis - - -#include <opensc.h> - -int sc_detect_card_presence(sc_reader_t *reader, int slot_id); - - - - - - Description - - This function checks whether reader has a card present in - slot_id. - - - - - Return value - - If an error occurred, the return value is a a negative OpenSC error code. If no card is present, 0 - is returned. Otherwise, a positive value is returned, which is a combination of flags. The flag - SC_SLOT_CARD_PRESENT is always set. In addition, if the card was exchanged, the - SC_SLOT_CARD_CHANGED flag is set. - - - diff -Nru opensc-0.11.13/doc/api/init/sc_disconnect_card.xml opensc-0.12.1/doc/api/init/sc_disconnect_card.xml --- opensc-0.11.13/doc/api/init/sc_disconnect_card.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/init/sc_disconnect_card.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,47 +0,0 @@ - - - OpenSC API Reference - - sc_disconnect_card - 3 - opensc - - - - sc_disconnect_card - Disconnect from a smart card - - - - Synopsis - - -#include <opensc.h> - -int sc_disconnect_card(sc_card_t *card, int action); - - - - - - Description - - This function disconnects from card, and frees the card structure. Any locks made - by the application must be released before calling this function. - - - - The action parameter is not used at the moment and should be set to 0. - - - - The card is not reset nor powered down after the operation. - - - - - Return value - Returns 0 if successful, or a negative value in case of error. - - - diff -Nru opensc-0.11.13/doc/api/init/sc_establish_context.xml opensc-0.12.1/doc/api/init/sc_establish_context.xml --- opensc-0.11.13/doc/api/init/sc_establish_context.xml 2009-12-13 07:44:41.000000000 +0000 +++ opensc-0.12.1/doc/api/init/sc_establish_context.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,85 +0,0 @@ - - - OpenSC API Reference - - sc_establish_context - 3 - opensc - - - - sc_establish_context - Establish an OpenSC context - - - - Synopsis - - -#include <opensc.h> - -int sc_establish_context(sc_context_t **ctx, - const char *appname); - - - - - - Description - - This function establishes an OpenSC context. This context is required - in all subsequent calls to OpenSC functions. - - - ctx is a pointer to a pointer that will receive the allocated context. - - - - appname is a string that identifies the application. This string will - be used to apply application-specific settings from the - opensc.conf configuration file. If NULL is passed, only the - settings specified in the default section apply; otherwise, settings from the section - identified by appname will be applied as well. - - - - The sc_context structure contains the following members: - - - - -#define SC_MAX_READERS 16 - -typedef struct sc_context { - struct sc_reader *reader[SC_MAX_READERS]; - int reader_count; -} sc_context_t; - - - - - The reader_count field contains the number of readers found. Information on - the individual card readers is stored in sc_reader objects, defined as - follows: - - - - -typedef struct sc_reader { - char *name; - int slot_count; -}; sc_reader_t; - - - - In this structure, name contains a printable name of the reader, and - slot_count has the number of slots supported by this device. - - - - - Return value - Returns 0 if successful, or a negative value in case of error. - - - diff -Nru opensc-0.11.13/doc/api/init/sc_get_cache_dir.xml opensc-0.12.1/doc/api/init/sc_get_cache_dir.xml --- opensc-0.11.13/doc/api/init/sc_get_cache_dir.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/init/sc_get_cache_dir.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,40 +0,0 @@ - - - OpenSC API Reference - - sc_get_cache_dir - 3 - opensc - - - - sc_get_cache_dir - Get the OpenSC cache directory - - - - Synopsis - - -#include <opensc.h> - -int sc_get_cache_dir(struct sc_context *ctx, char *buf, size_t bufsize); - - - - - - Description - - This function stores the OpenSC cache directory for the current user in the buffer pointed to by - buf, which is bufsize bytes long. - - - - - Return value - - Returns 0 if successful, or a negative value in case of error. - - - diff -Nru opensc-0.11.13/doc/api/init/sc_make_cache_dir.xml opensc-0.12.1/doc/api/init/sc_make_cache_dir.xml --- opensc-0.11.13/doc/api/init/sc_make_cache_dir.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/init/sc_make_cache_dir.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,41 +0,0 @@ - - - OpenSC API Reference - - sc_make_cache_dir - 3 - opensc - - - - sc_make_cache_dir - Create the OpenSC cache directory - - - - Synopsis - - -#include <opensc.h> - -int sc_make_cache_dir(struct sc_context *ctx); - - - - - - Description - - This function creates the OpenSC cache directory for the current user, and any directories - leading up to it. - - - - - Return value - - Returns 0 if successful, or a negative value in case of error. - - - - diff -Nru opensc-0.11.13/doc/api/init/sc_release_context.xml opensc-0.12.1/doc/api/init/sc_release_context.xml --- opensc-0.11.13/doc/api/init/sc_release_context.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/init/sc_release_context.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,41 +0,0 @@ - - - OpenSC API Reference - - sc_release_context - 3 - opensc - - - - sc_release_context - Release an OpenSC context - - - - Synopsis - - -#include <opensc.h> - -int sc_release_context(sc_context_t *ctx); - - - - - - Description - - - This function releases OpenSC context ctx previously obtained through a call - to sc_establish_context(). No further calls to OpenSC - using this context are possible after this. - - - - - Return value - This function always return 0, indicating success. - - - diff -Nru opensc-0.11.13/doc/api/init/sc_set_card_driver.xml opensc-0.12.1/doc/api/init/sc_set_card_driver.xml --- opensc-0.11.13/doc/api/init/sc_set_card_driver.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/init/sc_set_card_driver.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,66 +0,0 @@ - - - OpenSC API Reference - - sc_set_card_driver - 3 - opensc - - - - sc_set_card_driver - Force the use of a specified smart card driver - - - - Synopsis - - -#include <opensc.h> - -int sc_set_card_driver(struct sc_context *ctx, const char *short_name); - - - - - - Description - - This function forces the use of a a specific card driver to be used in context - ctx. The name of the driver is specified in short_name. - Possible options are: - - etoken - flex - cyberflex - gpk - miocos - mcrd - setcos - starcos - tcos - openpgp - jcop - oberthur - belpic - emv - - - - - This function only needs to be called if OpenSC fails to auto-detect your card. If used, it - should be called immediately after establishing a new context with sc_establish_context(), but before doing anything else with - the context. - - - - - Return value - - If an error occurred, a negative value is returned indicating the error. Otherwise, 0 is - returned. - - - - diff -Nru opensc-0.11.13/doc/api/man.xsl opensc-0.12.1/doc/api/man.xsl --- opensc-0.11.13/doc/api/man.xsl 2009-12-13 09:14:26.000000000 +0000 +++ opensc-0.12.1/doc/api/man.xsl 1970-01-01 00:00:00.000000000 +0000 @@ -1,4 +0,0 @@ - - - - diff -Nru opensc-0.11.13/doc/api/misc/chapter.xml opensc-0.12.1/doc/api/misc/chapter.xml --- opensc-0.11.13/doc/api/misc/chapter.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/misc/chapter.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,11 +0,0 @@ - - - - - Unsorted functions - - diff -Nru opensc-0.11.13/doc/api/types/chapter.xml opensc-0.12.1/doc/api/types/chapter.xml --- opensc-0.11.13/doc/api/types/chapter.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/types/chapter.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,23 +0,0 @@ - - - - - - -]> - - - Data types - - This chapter defines the structures OpenSC uses to store information. Fields internal to - OpenSC are not shown. - - &sccardt; - &scpatht; - &scfilet; - &scappinfot; - &scasn1entry; - - diff -Nru opensc-0.11.13/doc/api/types/sc_app_info_t.xml opensc-0.12.1/doc/api/types/sc_app_info_t.xml --- opensc-0.11.13/doc/api/types/sc_app_info_t.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/types/sc_app_info_t.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,97 +0,0 @@ - - - OpenSC API Reference - - sc_app_info_t - 3 - opensc - - - - sc_app_info_t - OpenSC application structure - - - - Synopsis - - -#include <opensc.h> - -#define SC_MAX_AID_SIZE 16 - -typedef struct sc_app_info { - unsigned char aid[SC_MAX_AID_SIZE]; - size_t aid_len; - char *label; - sc_path_t path; - unsigned char *ddo; - size_t ddo_len; - - const char *desc; - int rec_nr; -} sc_app_info_t; - - - - - - Description - - This structure describes a smart card application. It contains the following - members: - - - - aid - The applications's AID. An AID uniquely identifies an - application, and consists of an RID (a 5-byte "Registered Application - Provider Identifier") and a PIX, which identifies an application by that - provider. For example, the RID for PKCS#15 consists of the bytes A0 00 00 - 00 63, and the PIX is the string "PKCS-15". Thus, the AID of a PKCS#15 - application on a smart card is A0 00 00 00 63 50 4B 43 53 2D 31. - - - - - aid_len - The length of the AID in bytes. - - - - label - A UTF-8 string describing the application. - - - - path - The application's full path on the card, starting at the MF. - - - - ddo - - - - - ddo_len - - - - - desc - A description of the application, if available. - - - - rec_nr - If the EF(DIR) file is record-structured, this has the - record number in which this application is stored. Otherwise, this is -1. - - - - - - - - diff -Nru opensc-0.11.13/doc/api/types/sc_asn1_entry.xml opensc-0.12.1/doc/api/types/sc_asn1_entry.xml --- opensc-0.11.13/doc/api/types/sc_asn1_entry.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/types/sc_asn1_entry.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,72 +0,0 @@ - - - OpenSC API Reference - - sc_asn1_entry - 3 - opensc - - - - sc_asn1_entry - OpenSC ASN1 entry structure - - - - Synopsis - - -#include <opensc.h> - -struct sc_asn1_entry { - const char *name; - unsigned int type; - unsigned int tag; - unsigned int flags; - void *parm; - void *arg; -}; - - - - - - Description - - This structure describes an ASN1 entry structure. It contains the following - members: - - - name - - - - - type - - - - - tag - - - - - flags - - - - - parm - - - - - arg - - - - - - - diff -Nru opensc-0.11.13/doc/api/types/sc_card_t.xml opensc-0.12.1/doc/api/types/sc_card_t.xml --- opensc-0.11.13/doc/api/types/sc_card_t.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/types/sc_card_t.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,73 +0,0 @@ - - - OpenSC API Reference - - sc_card_t - 3 - opensc - - - - sc_card_t - OpenSC card structure - - - - Synopsis - - -#include <opensc.h> - -#define SC_MAX_ATR_SIZE 33 -#define SC_MAX_CARD_APPS 8 - -typedef struct sc_card { - struct sc_context *ctx; - struct sc_reader *reader; - struct sc_slot_info *slot; - struct sc_app_info *app[SC_MAX_CARD_APPS]; - unsigned char atr[SC_MAX_ATR_SIZE]; - size_t atr_len; -} sc_card_t; - - - - - - - Description - - This structure describes a smart card object. It contains the following - members: - - - - ctx - The context this card is associated with. - - - - reader - The reader this card is inserted into. - - - - slot - The slot on the reader this card is inserted into. - - - - atr - The ATR (Answer To Reset) of the card. - - - - atr_len - The length of the atr field - - - - - - - diff -Nru opensc-0.11.13/doc/api/types/sc_file_t.xml opensc-0.12.1/doc/api/types/sc_file_t.xml --- opensc-0.11.13/doc/api/types/sc_file_t.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/types/sc_file_t.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,98 +0,0 @@ - - - OpenSC API Reference - - sc_file_t - 3 - opensc - - - - sc_file_t - OpenSC file structure - - - - Synopsis - - -#include <opensc.h> - -typedef struct sc_file { - struct sc_path path; - int type, ef_structure; - size_t size; - int id; - - /* record structured files only */ - int record_length; - int record_count; -} sc_file_t; - - - - - - Description - - This structure describes a file object on a smart card. It contains the following members: - - - - path - This is full the path to the file, starting at the MF. - - - - type - This is the file type. It can be one of SC_FILE_TYPE_DF, - SC_FILE_TYPE_WORKING_EF, or SC_FILE_TYPE_INTERNAL_EF. - The latter is used by some cards only, and you normally shouldn't have to deal with these - files. - - - - ef_structure - For elementary files (EFs), this field describes the file's structure. - It can be one of: - - SC_FILE_EF_TRANSPARENT - SC_FILE_EF_LINEAR_FIXED - SC_FILE_EF_LINEAR_FIXED_TLV - SC_FILE_EF_LINEAR_VARIABLE - SC_FILE_EF_LINEAR_VARIABLE_TLV - SC_FILE_EF_CYCLIC - SC_FILE_EF_CYCLIC_TLV - SC_FILE_EF_UNKNOWN - - - - - - size - gives the file's size in bytes. - - - - id - gives the file's ID, as a 16-bit number. - - - - record_count, record_length - For record structured files, record_sount - specifies the number of records in the file. For files with fixed length records, - record_length contains the record length. - - - - - - - - - - - - - diff -Nru opensc-0.11.13/doc/api/types/sc_path_t.xml opensc-0.12.1/doc/api/types/sc_path_t.xml --- opensc-0.11.13/doc/api/types/sc_path_t.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/types/sc_path_t.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,83 +0,0 @@ - - - OpenSC API Reference - - sc_path_t - 3 - opensc - - - - sc_file_t - OpenSC path structure - - - - Synopsis - - -#include <opensc.h> - -#define SC_MAX_PATH_SIZE 16 - -typedef struct sc_path { - unsigned char value[SC_MAX_PATH_SIZE]; - size_t len; - - int index; - int count; - - int type; -} sc_path_t; - - - - - - - Description - - This structure describes a path object on a smart card. It contains the following - members: - - - - value - This is the full path to the file, starting at the MF. - - - - length - The length of the path. - - - - index - Used only in PKCS15, this indicates the offset into the file. - - - - - count - Used only in PKCS15, this indicates the number of octets in the - record, starting from index above. - - - - type - The path type. This can be one of: - - SC_PATH_TYPE_FILE_ID - SC_PATH_TYPE_DF_NAME - SC_PATH_TYPE_PATH - SC_PATH_TYPE_PATH_PROT - - - - - - - - - - diff -Nru opensc-0.11.13/doc/api/util/chapter.xml opensc-0.12.1/doc/api/util/chapter.xml --- opensc-0.11.13/doc/api/util/chapter.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/util/chapter.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,21 +0,0 @@ - - - - - - - -]> - - - Miscellaneous utility functions - &scstrerror; - &scbase64encode; - &scbase64decode; - &scdercopy; - &scderclear; - - diff -Nru opensc-0.11.13/doc/api/util/sc_base64_decode.xml opensc-0.12.1/doc/api/util/sc_base64_decode.xml --- opensc-0.11.13/doc/api/util/sc_base64_decode.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/util/sc_base64_decode.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,42 +0,0 @@ - - - OpenSC API Reference - - sc_base64_decode - 3 - opensc - - - - sc_base64_decode - Decode a base64 stream - - - - Synopsis - - -#include <opensc.h> - -int sc_base64_decode(const char *inbuf, - unsigned char *outbuf, size_t outlen); - - - - - - Description - - This function decodes the base64 stream in inbuf, which is NULL-terminated, - to the buffer pointed to by outbuf (which is outlen - bytes long); - - - - - Return value - - Returns 0 if successful, or a negative value in case of error. - - - diff -Nru opensc-0.11.13/doc/api/util/sc_base64_encode.xml opensc-0.12.1/doc/api/util/sc_base64_encode.xml --- opensc-0.11.13/doc/api/util/sc_base64_encode.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/util/sc_base64_encode.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,49 +0,0 @@ - - - OpenSC API Reference - - sc_base64_encode - 3 - opensc - - - - sc_base64_encode - Encode a stream to base64 - - - - Synopsis - - -#include <opensc.h> - -int sc_base64_encode(const unsigned char *inbuf, size_t inlen, - unsigned char *outbuf, size_t outlen, - size_t linelength); - - - - - - Description - - This function encodes the buffer pointed to by inbuf of size - inlen as base64, and stores the result in outbuf, which - is outlen bytes long. A linefeed (\n) will be inserted every - linelength bytes in the output buffer. - - - - You must ensure outbuf has enough space to store the base64-encoded version - of inbuf. - - - - - Return value - - Returns 0 if successful, or a negative value in case of error. - - - diff -Nru opensc-0.11.13/doc/api/util/sc_der_clear.xml opensc-0.12.1/doc/api/util/sc_der_clear.xml --- opensc-0.11.13/doc/api/util/sc_der_clear.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/util/sc_der_clear.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,32 +0,0 @@ - - - OpenSC API Reference - - sc_der_clear - 3 - opensc - - - - sc_der_clear - Clear DER structure - - - - Synopsis - - -#include <opensc.h> - -void sc_der_clear(sc_pkcs15_der_t *der); - - - - - - Description - - This function clears the OpenSC DER structure pointed to by der. - - - diff -Nru opensc-0.11.13/doc/api/util/sc_der_copy.xml opensc-0.12.1/doc/api/util/sc_der_copy.xml --- opensc-0.11.13/doc/api/util/sc_der_copy.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/util/sc_der_copy.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,33 +0,0 @@ - - - OpenSC API Reference - - sc_der_copy - 3 - opensc - - - - sc_der_copy - Copy a DER structure - - - - Synopsis - - -#include <opensc.h> - -void sc_der_copy(sc_pkcs15_der_t *dst, const sc_pkcs15_der_t *src); - - - - - - Description - - This function copies the OpenSC DER structure pointed to by src to - dst, which must point to enough space to hold this structure. - - - diff -Nru opensc-0.11.13/doc/api/util/sc_strerror.xml opensc-0.12.1/doc/api/util/sc_strerror.xml --- opensc-0.11.13/doc/api/util/sc_strerror.xml 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/doc/api/util/sc_strerror.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,33 +0,0 @@ - - - OpenSC API Reference - - sc_strerror - 3 - opensc - - - - sc_strerror - Return string describing error code - - - - Synopsis - - -#include <opensc.h> - -const char *sc_strerror(int error); - - - - - - Description - - This function returns a string describing error. It may - be used with a negative errorcode returned by any OpenSC function call. - - - diff -Nru opensc-0.11.13/doc/api.css opensc-0.12.1/doc/api.css --- opensc-0.11.13/doc/api.css 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/doc/api.css 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,43 @@ +body { + font-family: Verdana, Arial; + font-size: 0.9em; +} + +.title { + font-size: 1.5em; + text-align: center; +} + +.toc b { + font-size: 1.2em; + border-bottom: dashed 1px black; +} + +a { + color: blue; + text-decoration: none; +} + +a:visited { + color: blue; + text-decoration: none; +} + +pre.programlisting { + font-size: 1.1em; + background-color: #EEEEEE ; + border: 1px solid #006600 ; + padding: 1em; +} + +span.symbol { + font-weight: bold; +} + +span.errorname { + font-weight: bold; +} + +span.errortext { + font-style: italic; +} diff -Nru opensc-0.11.13/doc/html.out/api.html opensc-0.12.1/doc/html.out/api.html --- opensc-0.11.13/doc/html.out/api.html 2010-02-16 09:35:20.000000000 +0000 +++ opensc-0.12.1/doc/html.out/api.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,981 +0,0 @@ -OpenSC API reference

OpenSC API reference

Table of Contents

1. Initialization
2. Card operations
3. File operations
4. Applications
5. ASN.1 functions
6. Miscellaneous utility functions
7. Data types

Chapter1.Initialization

Table of Contents

sc_establish_context — Establish an OpenSC context
sc_release_context — Release an OpenSC context
sc_get_cache_dir — Get the OpenSC cache directory
sc_make_cache_dir — Create the OpenSC cache directory
sc_connect_card — Connect to smart card in reader
sc_disconnect_card — Disconnect from a smart card
sc_detect_card_presence — Detect presence of smart card in a reader
sc_card_valid — Check if a card is valid
sc_set_card_driver — Force the use of a specified smart card driver

Name

sc_establish_context — Establish an OpenSC context

Synopsis

- 

-#include <opensc.h>
-
-int sc_establish_context(sc_context_t **ctx,
-                         const char *appname);
-

-

Description

- This function establishes an OpenSC context. This context is required - in all subsequent calls to OpenSC functions. -

- ctx is a pointer to a pointer that will receive the allocated context. -

- appname is a string that identifies the application. This string will - be used to apply application-specific settings from the - opensc.conf configuration file. If NULL is passed, only the - settings specified in the default section apply; otherwise, settings from the section - identified by appname will be applied as well. -

- The sc_context structure contains the following members: -

- 

-#define SC_MAX_READERS			16
-
-typedef struct sc_context {
-	struct sc_reader *reader[SC_MAX_READERS];
-	int reader_count;
-} sc_context_t;
-

-

- The reader_count field contains the number of readers found. Information on - the individual card readers is stored in sc_reader objects, defined as - follows: -

- 

-typedef struct sc_reader {
-	char *name;
-	int slot_count;
-}; sc_reader_t;
-

-

In this structure, name contains a printable name of the reader, and - slot_count has the number of slots supported by this device. -

Return value

Returns 0 if successful, or a negative value in case of error.

Name

sc_release_context — Release an OpenSC context

Synopsis

- 

-#include <opensc.h>
-
-int sc_release_context(sc_context_t *ctx);
-

-

Description

- This function releases OpenSC context ctx previously obtained through a call - to sc_establish_context(). No further calls to OpenSC - using this context are possible after this. -

Return value

This function always return 0, indicating success.

Name

sc_get_cache_dir — Get the OpenSC cache directory

Synopsis

- 

-#include <opensc.h>
-
-int sc_get_cache_dir(struct sc_context *ctx, char *buf, size_t bufsize);
-

-

Description

- This function stores the OpenSC cache directory for the current user in the buffer pointed to by - buf, which is bufsize bytes long. -

Return value

- Returns 0 if successful, or a negative value in case of error. -

Name

sc_make_cache_dir — Create the OpenSC cache directory

Synopsis

- 

-#include <opensc.h>
-
-int sc_make_cache_dir(struct sc_context *ctx);
-

-

Description

- This function creates the OpenSC cache directory for the current user, and any directories - leading up to it. -

Return value

- Returns 0 if successful, or a negative value in case of error. -

Name

sc_connect_card — Connect to smart card in reader

Synopsis

- 

-#include <opensc.h>
-
-int sc_connect_card(sc_reader_t *reader, int slot, sc_card_t **card);
-

-

Description

- This function connects to a card in a reader, resets the card and retrieves the ATR (Answer To - Reset). Based on the ATR, it tries to auto-detect which card driver to use. -

- The slot parameter identifies the card reader's slot. Slots are numbered - consecutively, starting at 0. -

- If OpenSC was able to connect to the card, a pointer to the sc_card_t object is stored in the - location pointer to by the card parameter. The card handle should be - released with sc_disconnect_card when no longer in use. -

Return value

Returns 0 if successful, or a negative value in case of error.

Name

sc_disconnect_card — Disconnect from a smart card

Synopsis

- 

-#include <opensc.h>
-
-int sc_disconnect_card(sc_card_t *card, int action);
-

-

Description

- This function disconnects from card, and frees the card structure. Any locks made - by the application must be released before calling this function. -

- The action parameter is not used at the moment and should be set to 0. -

- The card is not reset nor powered down after the operation. -

Return value

Returns 0 if successful, or a negative value in case of error.

Name

sc_detect_card_presence — Detect presence of smart card in a reader

Synopsis

- 

-#include <opensc.h>
-
-int sc_detect_card_presence(sc_reader_t *reader, int slot_id);
-

-

Description

- This function checks whether reader has a card present in - slot_id. -

Return value

- If an error occurred, the return value is a a negative OpenSC error code. If no card is present, 0 - is returned. Otherwise, a positive value is returned, which is a combination of flags. The flag - SC_SLOT_CARD_PRESENT is always set. In addition, if the card was exchanged, the - SC_SLOT_CARD_CHANGED flag is set. -

Name

sc_card_valid — Check if a card is valid

Synopsis

- 

-#include <opensc.h>
-
-int sc_card_valid(const sc_card_t *card);
-

-

Description

- Checks if card is a valid sc_card_t object. - Mostly used internally by the library. -

Return value

- Returns 1 if card is a valid object. -

Name

sc_set_card_driver — Force the use of a specified smart card driver

Synopsis

- 

-#include <opensc.h>
-
-int sc_set_card_driver(struct sc_context *ctx, const char *short_name);
-

-

Description

- This function forces the use of a a specific card driver to be used in context - ctx. The name of the driver is specified in short_name. - Possible options are: -

etoken
flex
cyberflex
gpk
miocos
mcrd
setcos
starcos
tcos
openpgp
jcop
oberthur
belpic
emv

-

- This function only needs to be called if OpenSC fails to auto-detect your card. If used, it - should be called immediately after establishing a new context with sc_establish_context(), but before doing anything else with - the context. -

Return value

- If an error occurred, a negative value is returned indicating the error. Otherwise, 0 is - returned. -

Chapter2.Card operations

Table of Contents

sc_card_ctl — Send a control command to a card
sc_lock — Lock a card for exclusive use
sc_unlock — Unlock a card
sc_wait_for_event — Wait for an event on a smart card reader
sc_format_apdu — Populate an APDU structure
sc_transmit_apdu — Transmit an APDU structure
sc_check_sw — Check return status from a card transaction
sc_get_challenge — Request a challenge from a card
sc_get_data — Get a primitive data object from a card
sc_put_data — Store a primitive data object on a card

Name

sc_card_ctl — Send a control command to a card

Synopsis

- 

-#include <opensc.h>
-
-int sc_card_ctl(struct sc_card *card, unsigned long cmd, void *args);
-
-

-

Description

This function is used to send various control commands to the smart card associated with - card. The command is specified in cmd, and any - command-specific arguments are pointed to by args. -

- Commands are specific to cards. For more details on which cards accept which - commands, check the documentation for your card. -

Return value

- Returns 0 if successful, or a negative value in case of error. -

Name

sc_lock — Lock a card for exclusive use

Synopsis

- 

-#include <opensc.h>
-
-int sc_lock(struct sc_card *card);
-

-

Description

- This function locks the card against modification from other threads or processes. The function - may be called several times; a counter will be increased, and the card will be unlocked only - when this counter reaches zero. -

Return value

- Returns 0 on success, or a negative value in case of error. -

Name

sc_unlock — Unlock a card

Synopsis

- 

-#include <opensc.h>
-
-int sc_unlock(struct sc_card *card);
-

-

Description

- This function unlocks card. That is, the lock count is decreased, and the - card unlocked if it reaches zero. -

Return value

- Returns 0 if successful, or a negative value in case of error. -

Name

sc_wait_for_event — Wait for an event on a smart card reader

Synopsis

- 

-#include <opensc.h>
-
-int sc_wait_for_event(sc_reader_t *readers[], int slots[], size_t numslots,
-                      unsigned int event_mask,
-                      int *reader, unsigned int *event, int timeout);
-

-

Description

- This function blocks until an event occurs on any of the - readers/slots specified. The readers and slots - fields list the readers and - respective slots to be watched. num_slots - holds the total number of slots passed. The event_mask - parameter specifies the types of events to wait for. This may be a - combination of the following flags: -

SC_EVENT_CARD_REMOVED

A card was removed from the reader/slot.

SC_EVENT_CARD_INSERTED

A card was inserted into the reader/slot.

-

- On returning, the reader parameter holds the - reader which generated an event, and event holds - the event flag, as in event_mask. -

- The timeout parameter may be used to specify the maximum amount of - time to wait for an event, in milliseconds. This may be set to -1 - to wait forever. -

Return value

- Returns 0 if successful, 1 if a timeout occurred, or a negative - value in case of error. -

Name

sc_format_apdu — Populate an APDU structure

Synopsis

- 

-#include <opensc.h>
-
-void sc_format_apdu(struct sc_card *card, sc_apdu_t *apdu,
-                    int cse, int ins, int p1, int p2);
-

-

Description

- This function populates the sc_apdu_t structure - pointed to by apdu on card. It does - not allocate memory. The cse, ins, - p1 and p2 parameters correspond to - the respective APDU parameters as described in the - ISO 7816 standard. -

Name

sc_transmit_apdu — Transmit an APDU structure

Synopsis

- 

-#include <opensc.h>
-
-int sc_transmit_apdu(struct sc_card *card, sc_apdu_t *apdu);
-

-

Description

- This function transmits the APDU in apdu to - card. -

Return value

- Returns 0 if successful, or a negative value in case of error. -

Name

sc_check_sw — Check return status from a card transaction

Synopsis

- 

-#include <opensc.h>
-
-int sc_check_sw(struct sc_card *card, int sw1, int sw2);
-

-

Description

- This function checks the return status as given in sw1 - and sw2 against the card-specific errors of - card. These are set by sc_transmit_apdu() in the - apdu.sw1 and apdu.sw2 - fields, respectively. -

- The function should be called after every APDU transmission, to convert the - card's status code to an OpenSC error code. -

Return value

- Returns 0 if successful, or a negative value in case of error. -

Name

sc_get_challenge — Request a challenge from a card

Synopsis

- 

-#include <opensc.h>
-
-int sc_get_challenge(struct sc_card *card, unsigned char *rnd, size_t len);
-

-

Description

- This function requests a challenge (i.e. random bytes) from - card. The returned data will be stored in - rnd, and will be len bytes long. -

Return value

- Returns 0 if successful, or a negative value in case of error. -

Name

sc_get_data — Get a primitive data object from a card

Synopsis

- 

-#include <opensc.h>
-
-int sc_get_data(sc_card_t *card, unsigned int tag,
-                unsigned char *buf, size_t buflen);
-

-

Description

- This function is used to retrieve a primitive data object from - card. It corresponds to the GET DATA command in the - ISO 7816 standard. The data is stored in - buf, which is buflen bytes long. -

- The tag parameter specifies the object to be retrieved. - Refer to the standard for the correct values to use. -

Return value

- Returns 0 if successful, or a negative value in case of error. -

Name

sc_put_data — Store a primitive data object on a card

Synopsis

- 

-#include <opensc.h>
-
-int sc_put_data(sc_card_t *card, unsigned int tag,
-                const unsigned char *buf, size_t len);
-

-

Description

- This function is used to store a primitive data object on - card. It corresponds to the PUT DATA command in the - ISO 7816 standard. The data to be sent to the - card is stored in buf, which is - buflen bytes long. -

- The tag parameter specifies the object to be stored. - Refer to the standard for the correct values to use. -

Return value

- Returns 0 if successful, or a negative value in case of error. -

Chapter3.File operations

Table of Contents

sc_file_new — Create a file object
sc_file_dup — Duplicate a file object
sc_create_file — Create a file object
sc_select_file — Select a file on a smart card
sc_file_free — Free file object
sc_list_files — List files
sc_delete_file — Delete a file
sc_read_binary — Read a file
sc_update_binary — Write to an existing file
sc_write_binary — Write to a new file
sc_read_record — Read a record from a file
sc_write_record — Write a record to a file
sc_update_record — Write a record to an existing file
sc_append_record — Append a record to a file
sc_delete_record — Delete a record from a file

Name

sc_file_new — Create a file object

Synopsis

- 

-#include <opensc.h>
-
-sc_file_t *sc_file_new(void);
-

-

Description

- This function creates an empty OpenSC file object, which can later be passed to sc_create_file(). -

Name

sc_file_dup — Duplicate a file object

Synopsis

- 

-#include <opensc.h>
-
-void sc_file_dup(sc_file_t **dest, const sc_file_t *src)
-

-

Description

- This function creates a new file object, duplicates all file information from - src into it, and stores it in the pointer pointed to by - dest. This object must be released with sc_file_free() after use. -

Name

sc_create_file — Create a file object

Synopsis

- 

-#include <opensc.h>
-
-int sc_create_file(sc_card_t *card, sc_file_t *file);
-

-

Description

- This function creates a file on card. The file must - have been created with a call to sc_file_new() beforehand. -

Name

sc_select_file — Select a file on a smart card

Synopsis

- 

-#include <opensc.h>
-
-int sc_select_file(sc_card_t *card,
-                   const sc_path_t *path,
-                   sc_file_t **result);
-
-

-

Description

- This function selects the file specified by path. If - path specifies a file within the currently selected DF, sc_select_file() will - not select the MF first, but interpret the path relative to the current DF. - It does this in order to prevent losing any authorizations previously established with the card - (e.g. by presenting a PIN). -

- If result is not NULL, an sc_file_t object is - created, and the pointer to this object is stored in the location pointed to by - result. This handle should later be released using sc_file_free(). -

Return value

- If an error occurred, a negative error code is returned. Otherwise, the function will return 0. -

Name

sc_file_free — Free file object

Synopsis

- 

-#include <opensc.h>
-
-void sc_file_free(sc_file_t *file);
-

-

Description

- This function releases a file object previously allocated by sc_select_file(). -

Name

sc_list_files — List files

Synopsis

- 

-#include <opensc.h>
-
-int sc_list_files(struct sc_card *card, unsigned char *buf, size_t buflen);
-

-

Description

- This function lists all files in the currently selected DF, and stores the file IDs as big-endian - 16-bit words in buffer, which is buflen bytes long. If - the supplied buffer is too small to hold all file IDs, the listing is silently truncated. -

Return value

- Returns the number of bytes stored in buffer, or a negative value in case of - error. -

Name

sc_delete_file — Delete a file

Synopsis

- 

-#include <opensc.h>
-
-int sc_delete_file(struct sc_card *card, const struct sc_path *path);
-

-

Description

- This function deletes a file specified by path on - card. -

Return value

- Returns 0 if successful, or a negative value in case of error. -

Name

sc_read_binary — Read a file

Synopsis

- 

-#include <opensc.h>
-
-int sc_read_binary(struct sc_card *card, unsigned int offset,
-                   unsigned char *buf, size_t count,
-                   unsigned long flags);
-

-

Description

- This function reads from a transparent elementary file (EF) on card. It - corresponds to the ISO 7816 READ BINARY function. Call sc_select_file() first to select the file to read from. -

- The data read from the file is stored in buf, which is - count bytes long. -

- The offset argument specifies the file offset in bytes. The - flags argument is currently not used, and should be set to 0. -

Return value

- If successful, the number of bytes read is returned. Otherwise, a negative value is - returned. -

Name

sc_update_binary — Write to an existing file

Synopsis

- 

-#include <opensc.h>
-
-int sc_update_binary(struct sc_card *card, unsigned int offset,
-                     const unsigned char *buf, size_t count,
-                     unsigned long flags);
-

-

Description

- This function writes count bytes from the buffer pointed to by - buf to a transparent elementary file (EF) on card. It - corresponds to the ISO 7816 UPDATE BINARY function. Call sc_select_file() first to select the file to write to. -

- This function can only be used to write to a file region previously written to. For writing to a - newly created file, or a new region of an existing file, use sc_write_binary(). -

- The offset argument specifies the file offset in bytes. The - flags argument is currently not used, and should be set to 0. -

Return value

- If successful, the number of bytes written is returned. Otherwise, a negative value is - returned. -

Name

sc_write_binary — Write to a new file

Synopsis

- 

-#include <opensc.h>
-
-int sc_write_binary(struct sc_card *card, unsigned int offset,
-                    const unsigned char *buf, size_t count,
-                    unsigned long flags);
-

-

Description

- This function writes count bytes from the buffer pointed to by - buf to a transparent elementary file (EF) on card. It - corresponds to the ISO 7816 WRITE BINARY function. Call sc_select_file() first to select the file to write to. -

- This function is used to write to a newly created file, or to a a previously unused portion of a - file. For updating an existing file, use the sc_update_binary() function. -

- The offset argument specifies the file offset in bytes. The - flags argument is currently not used, and should be set to 0. -

Return value

- If successful, the number of bytes written is returned. Otherwise, a negative value is - returned. -

Name

sc_read_record — Read a record from a file

Synopsis

- 

-#include <opensc.h>
-
-int sc_read_record(struct sc_card *card, unsigned int record,
-                   unsigned char *buf, size_t buflen,
-                   unsigned long flags);
-

-

Description

- This function reads a record-structured elementary file (EF) from card. The - function corresponds to the ISO 7816 READ RECORD function. Call - sc_select_file() first to select the file to read from. -

- record specifies the ID of the record to be read, or, if - flags is set to SC_RECORD_BY_REC_NR, the record number. If - record is set to zero, the current record will be read. -

- The read data is stored in buf, which is buflen bytes - long. -

Return value

- Returns the number of bytes read if successful, or a negative value in case of error. -

Name

sc_write_record — Write a record to a file

Synopsis

- 

-#include <opensc.h>
-
-int sc_write_record(struct sc_card *card, unsigned int record,
-                    const unsigned char *buf, size_t buflen,
-                    unsigned long flags);
-

-

Description

- This function writes a record that is buflen bytes long from the buffer - pointed to by buf to a record-structured elementary file (EF) on - card. The function corresponds to the ISO - 7816 WRITE RECORD function. Call sc_select_file() - first to select the file to write to. -

- record specifies the ID of the record to be written, or, if - flags is set to SC_RECORD_BY_REC_NR, the record number. If - record is set to zero, the current record will be read. -

- This function is used for newly created files only; for updating or appending to - existing files, see the sc_update_record() and sc_append_record() functions, respectively. -

Return value

- Returns the number of bytes written if successful, or a negative value in case of error. -

Name

sc_update_record — Write a record to an existing file

Synopsis

- 

-#include <opensc.h>
-
-int sc_update_record(struct sc_card *card, unsigned int record,
-                     const unsigned char *buf, size_t buflen,
-                     unsigned long flags);
-

-

Description

- This function writes a record that is buflen bytes long from the buffer - pointed to by buf to a record-structured elementary file (EF) on - card. The function corresponds to the ISO - 7816 UPDATE RECORD function. Call sc_select_file() - first to select the file to write to. -

- record specifies the ID of the record to be written, or, if - flags is set to SC_RECORD_BY_REC_NR, the record number. If - record is set to zero, the current record will be read. -

- This function can be used for overwriting existing records only; for appending to - files, see the sc_append_record() function. -

Return value

- Returns the number of bytes written if successful, or a negative value in case of error. -

Name

sc_append_record — Append a record to a file

Synopsis

- 

-#include <opensc.h>
-
-int sc_append_record(struct sc_card *card,
-                     const unsigned char *buf, size_t buflen,
-                     unsigned long flags);
-

-

Description

- This function appends a record that is buflen bytes long from the buffer - pointed to by buf to a record-structured elementary file (EF) on - card. The function corresponds to the ISO - 7816 APPEND RECORD function. Call sc_select_file() - first to select the file to write to. -

Return value

- Returns the number of bytes written if successful, or a negative value in case of error. -

Name

sc_delete_record — Delete a record from a file

Synopsis

- 

-#include <opensc.h>
-
-int sc_delete_record(struct sc_card *card, unsigned int rec_nr);
-

-

Description

- This function deletes a record specified by rec_nr on - card. This is not a standard ISO - 7816 operation, and is currently only supported on the - Oberthur smart cards. -

Return value

- Returns 0 if successful, or a negative value in case of error. -

Chapter4.Applications

Table of Contents

sc_enum_apps — Enumerate the applications on a card
sc_find_app_by_aid — Find an application on a card
sc_find_pkcs15_app — Find a PKCS#15 application on a card
sc_update_dir — Update application directory on a card
sc_free_apps — Free application list

Name

sc_enum_apps — Enumerate the applications on a card

Synopsis

- 

-#include <opensc.h>
-
-int sc_enum_apps(struct sc_card *card);
-

-

Description

- This function enumerates the applications on card, and - stores them in the structure. The list of applications can then later be - searched with sc_find_app_by_aid() or - sc_find_pkcs15_app(). -

Return value

- Returns the number of applications on the card, or a negative value in case - of error. -

Name

sc_find_app_by_aid — Find an application on a card

Synopsis

- 

-#include <opensc.h>
-
-const sc_app_info_t *sc_find_app_by_aid(sc_card_t *card,
-                                        const unsigned char *aid,
-                                        size_t aid_len);
-

-

Description

- This function finds an application on card by its - aid. The AID's length is specified in - aid_len. -

- Before calling this function, you MUST call sc_enum_apps() first. -

Return value

- Returns a sc_app_info_t structure - describing the application corresponding to aid, or NULL - if none was found. -

Name

sc_find_pkcs15_app — Find a PKCS#15 application on a card

Synopsis

- 

-#include <opensc.h>
-
-const sc_app_info_t *sc_find_pkcs15_app(sc_card_t *card);
-

-

Description

- This function attempts to find a PKCS#15 application on - card. Currently, this means either a standard PKCS#15 - implementation or a Belgian eID. -

- Before calling this function, you MUST call sc_enum_apps() first. -

Return value

- Returns a sc_app_info_t structure - describing the PKCS#15 application, or NULL if none was found. -

Name

sc_update_dir — Update application directory on a card

Synopsis

- 

-#include <opensc.h>
-
-int sc_update_dir(sc_card_t *card, sc_app_info_t *app);
-

-

Description

- This function updates the application directory on card. - If the card has a record-structured directory file, app - may contain the application to update. Otherwise, the entire directory file - is updated. -

- Before calling this function, you MUST call sc_enum_apps() first. -

Return value

- Returns 0 if successful, or a negative value in case of error. -

Name

sc_free_apps — Free application list

Synopsis

- 

-#include <opensc.h>
-
-void sc_free_apps(struct sc_card *card);
-

-

Description

- This functions releases all memory associated with the list of applications - on card, as obtained by a call to sc_enum_apps(). -

Chapter5.ASN.1 functions

Table of Contents

sc_asn1_encode — Encode ASN.1 entries into a stream
sc_asn1_decode — Extract entries from an ASN.1 stream
sc_format_asn1_entry — Fill in an ASN.1 entry structure
sc_copy_asn1_entry — Copy an ASN.1 entry
sc_asn1_print_tags — Print an ASN.1 stream to stdout
sc_asn1_skip_tag
sc_asn1_verify_tag — Verify validity of an ASN.1 tag
sc_asn1_read_tag — Extract a tag from an ASN.1 entry
sc_asn1_find_tag — Find a tag in an ASN.1 stream
sc_asn1_put_tag — Construct an ASN.1 entry in a buffer

Name

sc_asn1_encode — Encode ASN.1 entries into a stream

Synopsis

- 

-#include <opensc.h>
-
-int sc_asn1_encode(struct sc_context *ctx, const struct sc_asn1_entry *asn1,
-                   unsigned char **newbuf, size_t *size);
-

-

Description

- This function encodes an array of entries pointed to by asn1 and terminated - by a NULL entry (i.e. where the name field of the entry is NULL) into - a newly allocated buffer. -

- The new buffer containing the ASN.1 stream will be stored in newbuf, and the - size of this buffer is stored in size. The application must free this buffer - after use. -

Return value

- Returns 0 if successful, or a negative value in case of error. -

Name

sc_asn1_decode — Extract entries from an ASN.1 stream

Synopsis

- 

-#include <opensc.h>
-
-int sc_asn1_decode(struct sc_context *ctx, struct sc_asn1_entry *asn1,
-                   const unsigned char *inbuf, size_t len,
-                   const unsigned char **newbuf, size_t *len_left);
-

-

Description

- This function extracts information from the ASN.1 stream pointed to by inbuf - (which is len bytes in size) and stores it into the array of - struct sc_asn_1 entries pointed to by - asn1. The array must be big enough to contain all the entries that will be - found, or an error will be flagged. The last entry in the array must be a NULL entry, i.e. the - name field must be set to NULL. -

- The structure of the expected data must be encoded in the entries in asn1 - before calling this function; specifically the name, - type, tag and - flags fields must be filled in. -

- The function will then scan the stream and fill in the remaining fields. - newbuf will point to the byte immediately following the extracted record, and - len_left will contain the number of bytes left in the buffer. Thus, the - newbuf and len_left fields may be passed in to - sc_asn1_decode() again, as the inbuf and len parameters, - until len reaches 0. -

Return value

- Returns 0 if successful, or a negative value in case of error. -

Name

sc_format_asn1_entry — Fill in an ASN.1 entry structure

Synopsis

- 

-#include <opensc.h>
-
-void sc_format_asn1_entry(struct sc_asn1_entry *entry, void *parm, void *arg, int set_present);
-

-

Description

- This function stores the parm and arg pointers in the - struct sc_asn1_entry - entry. No checking is done. Since the pointers are copied directly, the - storage they point to must not be freed by the calling application until the entry itself is - destroyed. -

Name

sc_copy_asn1_entry — Copy an ASN.1 entry

Synopsis

- 

-#include <opensc.h>
-
-void sc_copy_asn1_entry(const struct sc_asn1_entry *src, struct sc_asn1_entry *dest);
-

-

Description

- This function copies an array of struct - sc_asn1_entry entries pointed to be src to - dest. The array must be NULL-terminated (that is, the last entry must have - its name field set to NULL). There must be enough space available in - dest. -

Name

sc_asn1_print_tags — Print an ASN.1 stream to stdout

Synopsis

- 

-#include <opensc.h>
-
-void sc_asn1_print_tags(const unsigned char *buf, size_t buflen);
-

-

Description

- This function prints the ASN.1 stream pointed to by buf, which is of size - buflen, to stdout. This is useful for debugging. -

Name

sc_asn1_skip_tag

Synopsis

- 

-#include <opensc.h>
-
-const unsigned char *sc_asn1_skip_tag(struct sc_context *ctx,
-                                      const unsigned char **buf, size_t *buflen,
-                                      unsigned int tag_in, size_t *taglen_out);
-

-

Description

-

-

Return value

-

Name

sc_asn1_verify_tag — Verify validity of an ASN.1 tag

Synopsis

- 

-#include <opensc.h>
-
-const unsigned char *sc_asn1_verify_tag(struct sc_context *ctx,
-                                        const unsigned char *buf, size_t buflen,
-                                        unsigned int tag_in, size_t *taglen_out);
-

-

Description

- This is an alias for the sc_asn1_skip_tag() function. -

Name

sc_asn1_read_tag — Extract a tag from an ASN.1 entry

Synopsis

- 

-#include <opensc.h>
-
-int sc_asn1_read_tag(const unsigned char **buf, size_t buflen,
-                     unsigned int *cla_out, unsigned int *tag_out, size_t *taglen);
-

-

Description

- This function extracts a tag from an ASN.1 entry at the buffer pointed to by - the pointer in buf. The buffer is buflen bytes long. - The tag class will be stored in cla_out, the tag itself in - tag_out, and the length of the extracted tag in - tag_len. -

Return value

- Returns 1 if successful, or -1 in case of error. -

Name

sc_asn1_find_tag — Find a tag in an ASN.1 stream

Synopsis

- 

-#include <opensc.h>
-
-const unsigned char *sc_asn1_find_tag(struct sc_context *ctx,
-                                      const unsigned char *buf, size_t buflen,
-                                      unsigned int tag_in, size_t *taglen_in);
-

-

Description

- This function tries to find an ASN.1 tag matching tag_in in the buffer - pointed to by buf, which is of size buflen. The buffer - should contain a series of ASN.1 entries. -

Return value

- If the specified tag was not found, NULL is returned. If found, the address where it was found is - returned, and taglen_in is set to the length of the found tag. -

Name

sc_asn1_put_tag — Construct an ASN.1 entry in a buffer

Synopsis

- 

-#include <opensc.h>
-
-int sc_asn1_put_tag(int tag, const unsigned char *data, int datalen,
-                    unsigned char *out, int outlen, unsigned char **nextbuf);
-

-

Description

- This function constructs a single entry in an ASN.1 stream, at the buffer pointed to by - out (which is outlen bytes long). The tag to be used - is in tag, and the entry payload is pointed to by data, - which is datalen bytes long. -

- If nextbuf is not NULL, it will be filled in with a pointer to the buffer - address immediately following the newly copied entry. -

Return value

- Returns 0 if successful, or a negative value in case of error. -

Chapter6.Miscellaneous utility functions

Table of Contents

sc_strerror — Return string describing error code
sc_base64_encode — Encode a stream to base64
sc_base64_decode — Decode a base64 stream
sc_der_copy — Copy a DER structure
sc_der_clear — Clear DER structure

Name

sc_strerror — Return string describing error code

Synopsis

- 

-#include <opensc.h>
-
-const char *sc_strerror(int error);
-

-

Description

- This function returns a string describing error. It may - be used with a negative errorcode returned by any OpenSC function call. -

Name

sc_base64_encode — Encode a stream to base64

Synopsis

- 

-#include <opensc.h>
-
-int sc_base64_encode(const unsigned char *inbuf, size_t inlen,
-                     unsigned char *outbuf, size_t outlen,
-                     size_t linelength);
-

-

Description

- This function encodes the buffer pointed to by inbuf of size - inlen as base64, and stores the result in outbuf, which - is outlen bytes long. A linefeed (\n) will be inserted every - linelength bytes in the output buffer. -

- You must ensure outbuf has enough space to store the base64-encoded version - of inbuf. -

Return value

- Returns 0 if successful, or a negative value in case of error. -

Name

sc_base64_decode — Decode a base64 stream

Synopsis

- 

-#include <opensc.h>
-
-int sc_base64_decode(const char *inbuf,
-                     unsigned char *outbuf, size_t outlen);
-

-

Description

- This function decodes the base64 stream in inbuf, which is NULL-terminated, - to the buffer pointed to by outbuf (which is outlen - bytes long); -

Return value

- Returns 0 if successful, or a negative value in case of error. -

Name

sc_der_copy — Copy a DER structure

Synopsis

- 

-#include <opensc.h>
-
-void sc_der_copy(sc_pkcs15_der_t *dst, const sc_pkcs15_der_t *src);
-

-

Description

- This function copies the OpenSC DER structure pointed to by src to - dst, which must point to enough space to hold this structure. -

Name

sc_der_clear — Clear DER structure

Synopsis

- 

-#include <opensc.h>
-
-void sc_der_clear(sc_pkcs15_der_t *der);
-

-

Description

- This function clears the OpenSC DER structure pointed to by der. -

Chapter7.Data types

Table of Contents

sc_card_t — OpenSC card structure
sc_path_t — OpenSC path structure
sc_file_t — OpenSC file structure
sc_app_info_t — OpenSC application structure
sc_asn1_entry — OpenSC ASN1 entry structure

- This chapter defines the structures OpenSC uses to store information. Fields internal to - OpenSC are not shown. -

Name

sc_card_t — OpenSC card structure

Synopsis

- 

-#include <opensc.h>
-
-#define SC_MAX_ATR_SIZE         33
-#define SC_MAX_CARD_APPS         8
-
-typedef struct sc_card {
-	struct sc_context *ctx;
-	struct sc_reader *reader;
-	struct sc_slot_info *slot;
-	struct sc_app_info *app[SC_MAX_CARD_APPS];
-	unsigned char atr[SC_MAX_ATR_SIZE];
-	size_t atr_len;
-} sc_card_t;
-
-

-

Description

- This structure describes a smart card object. It contains the following - members: -

ctx

The context this card is associated with.

reader

The reader this card is inserted into.

slot

The slot on the reader this card is inserted into.

atr

The ATR (Answer To Reset) of the card.

atr_len

The length of the atr field

-

Name

sc_file_t — OpenSC path structure

Synopsis

- 

-#include <opensc.h>
-
-#define SC_MAX_PATH_SIZE		16
-
-typedef struct sc_path {
-	unsigned char value[SC_MAX_PATH_SIZE];
-	size_t len;
-
-	int index;
-	int count;
-
-	int type;
-} sc_path_t;
-
-

-

Description

- This structure describes a path object on a smart card. It contains the following - members: -

value

This is the full path to the file, starting at the MF.

length

The length of the path.

index

Used only in PKCS15, this indicates the offset into the file. -

count

Used only in PKCS15, this indicates the number of octets in the - record, starting from index above.

type

The path type. This can be one of: -

SC_PATH_TYPE_FILE_ID
SC_PATH_TYPE_DF_NAME
SC_PATH_TYPE_PATH
SC_PATH_TYPE_PATH_PROT

-

-

Name

sc_file_t — OpenSC file structure

Synopsis

- 

-#include <opensc.h>
-
-typedef struct sc_file {
-    struct sc_path    path;
-    int               type, ef_structure;
-    size_t            size;
-    int               id;
-
-    /* record structured files only */
-    int               record_length;
-    int               record_count;
-} sc_file_t;
-

-

Description

- This structure describes a file object on a smart card. It contains the following members: -

path

This is full the path to the file, starting at the MF.

type

This is the file type. It can be one of SC_FILE_TYPE_DF, - SC_FILE_TYPE_WORKING_EF, or SC_FILE_TYPE_INTERNAL_EF. - The latter is used by some cards only, and you normally shouldn't have to deal with these - files.

ef_structure

For elementary files (EFs), this field describes the file's structure. - It can be one of: -

SC_FILE_EF_TRANSPARENT
SC_FILE_EF_LINEAR_FIXED
SC_FILE_EF_LINEAR_FIXED_TLV
SC_FILE_EF_LINEAR_VARIABLE
SC_FILE_EF_LINEAR_VARIABLE_TLV
SC_FILE_EF_CYCLIC
SC_FILE_EF_CYCLIC_TLV
SC_FILE_EF_UNKNOWN

-

size

gives the file's size in bytes.

id

gives the file's ID, as a 16-bit number.

record_count, record_length

For record structured files, record_sount - specifies the number of records in the file. For files with fixed length records, - record_length contains the record length.

-

Name

sc_app_info_t — OpenSC application structure

Synopsis

- 

-#include <opensc.h>
-
-#define SC_MAX_AID_SIZE            16
-
-typedef struct sc_app_info {
-	unsigned char aid[SC_MAX_AID_SIZE];
-	size_t aid_len;
-	char *label;
-	sc_path_t path;
-	unsigned char *ddo;
-	size_t ddo_len;
-
-	const char *desc;
-	int rec_nr;
-} sc_app_info_t;
-

-

Description

- This structure describes a smart card application. It contains the following - members: -

aid

The applications's AID. An AID uniquely identifies an - application, and consists of an RID (a 5-byte "Registered Application - Provider Identifier") and a PIX, which identifies an application by that - provider. For example, the RID for PKCS#15 consists of the bytes A0 00 00 - 00 63, and the PIX is the string "PKCS-15". Thus, the AID of a PKCS#15 - application on a smart card is A0 00 00 00 63 50 4B 43 53 2D 31.

aid_len

The length of the AID in bytes.

label

A UTF-8 string describing the application.

path

The application's full path on the card, starting at the MF.

ddo

ddo_len

desc

A description of the application, if available.

rec_nr

If the EF(DIR) file is record-structured, this has the - record number in which this application is stored. Otherwise, this is -1. -

-

Name

sc_asn1_entry — OpenSC ASN1 entry structure

Synopsis

- 

-#include <opensc.h>
-
-struct sc_asn1_entry {
-	const char *name;
-	unsigned int type;
-	unsigned int tag;
-	unsigned int flags;
-	void *parm;
-	void *arg;
-};
-

-

Description

- This structure describes an ASN1 entry structure. It contains the following - members: -

name

type

tag

flags

parm

arg

-

diff -Nru opensc-0.11.13/doc/html.out/tools.html opensc-0.12.1/doc/html.out/tools.html --- opensc-0.11.13/doc/html.out/tools.html 2010-02-16 09:35:22.000000000 +0000 +++ opensc-0.12.1/doc/html.out/tools.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,633 +0,0 @@ -OpenSC tools

OpenSC tools

Table of Contents

I. OpenSC

OpenSC

Table of Contents

opensc-config — a tool to get information about the installed version of OpenSC
opensc-tool — generic smart card utility
opensc-explorer — - generic interactive utility for accessing smart card - and similar security token functions -
pkcs11-tool — utility for managing and using PKCS #11 security tokens
pkcs15-crypt — perform crypto operations using pkcs15 smart card
pkcs15-tool — utility for manipulating PKCS #15 data structures - on smart cards and similar security tokens
pkcs15-init — smart card personalization utility
pkcs15-profile — format of profile for pkcs15-init
cardos-tool — displays information about Card OS-based security tokens or format them -
cryptoflex-tool — utility for manipulating Schlumberger Cryptoflex data structures
netkey-tool — administrative utility for Netkey E4 cards
westcos-tool — utility for manipulating data structure - on westcos smart card and similar security tokens

Name

opensc-config — a tool to get information about the installed version of OpenSC

Synopsis

- opensc-config [OPTIONS] -

Description

- opensc-config is a tool that is used to get various information - about the installed version of OpenSC. It is particularly useful in determining - compiler and linker flags necessary to build programs with the OpenSC libraries. -

Options

- opensc-config accepts the following options: -

--version

Print the installed version of OpenSC to standard output.

--libs

Print the linker flags that are needed to compile a program - to use the OpenSC libraries.

--cflags

Print the compiler flags that are needed to compile a program - to use the OpenSC libraries.

--prefix=PREFIX

If specified, use PREFIX instead of the installation - prefix that OpenSC was built with when computing the output - for the --cflags - and --libs options. This option is also used for the exec - prefix if --exec-prefix was not specified. This option must be specified - before any --libs or --cflags options.

--exec-prefix=PREFIX

If specified, use PREFIX instead of the installation - exec prefix that OpenSC was built with when computing the output for - the --cflags and --libs - options. This option must be specified before any - --libs or --cflags options.

-

See also

opensc(7)

Name

opensc-tool — generic smart card utility

Synopsis

- opensc-tool [OPTIONS] -

Description

- The opensc-tool utility can be used from the command line to perform - miscellaneous smart card operations such as getting the card ATR or - sending arbitrary APDU commands to a card. -

Options

-

--atr, -a

Print the Answer To Reset (ATR) of the card, - output is in hex byte format

--serial

Print the card serial number (normally the ICCSN), output is in hex byte -format

--send-apdu apdu, -s apdu

Sends an arbitrary APDU to the card in the format AA:BB:CC:DD:EE:FF...

--list-files, -f

Recursively lists all files stored on card

--list-readers, -l

Lists all configured readers

--list-drivers, -D

Lists all installed card drivers

--list-rdrivers, -R

Lists all installed reader drivers

--reader num, -r num

Use the given reader number. The default is 0, the first reader -in the system.

--card-driver driver, -c driver

Use the given card driver. The default is auto-detected.

--verbose, -v

Causes opensc-tool to be more verbose. Specify this flag several times -to enable debug output in the opensc library.

-

See also

opensc(7), opensc-explorer(1)

Name

opensc-explorer — - generic interactive utility for accessing smart card - and similar security token functions -

Synopsis

- opensc-explorer [OPTIONS] -

Description

- The opensc-explorer utility can be - used interactively to perform miscellaneous operations - such as exploring the contents of or sending arbitrary - APDU commands to a smart card or similar security token. -

Options

- The following are the command-line options for - opensc-explorer. There are additional - interactive commands available once it is running. -

- --reader num, - -r num -

- Use the given reader number. The default - is 0, the first reader in the system. -

- --card-driver driver, - -c driver -

- Use the given card driver. The default is - auto-detected. -

--verbose, -v

- Causes opensc-explorer to be more - verbose. Specify this flag several times to enable - debug output in the opensc library. -

-

Commands

- The following commands are supported at the opensc-explorer - interactive prompt. -

ls

list all files in the current DF

cd file-id

change to another DF specified by file-id

cat

print the contents of the currently selected EF

info [file-id]

display attributes of a file specified by file-id. - If file-id is not supplied, - the attributes of the current file are printed.

create file-id size

create a new EF. file-id specifies the - id number and size is the size of the new file. -

delete file-id

remove the EF or DF specified by file-id

verify key-typekey-id - [key]

present a PIN or key to the card. Where key-type - can be one of CHV, KEY or PRO. key-id is a number representing the - key or PIN number. key is the key or PIN to be verified in hex. -

- Example: verify CHV0 31:32:33:34:00:00:00:00 -

change CHVid [old-pin] new-pin

change a PIN

- Example: change CHV0 31:32:33:34:00:00:00:00 'secret' -

put file-id [input]

copy a local file to the card. The local file is specified - by input while the card file is specified by file-id -

get file-id [output]

copy an EF to a local file. The local file is specified - by output while the card file is specified by file-id. -

mkdir file-id size

create a DF. file-id specifies the id number - and size is the size of the new file.

pksign

create a public key signature. NOTE: This command is currently not implemented. -

pkdecrypt

perform a public key decryption. NOTE: This command is currently not implemented. -

erase

erase the card, if the card supports it.

quit

exit the program

-

See also

opensc(7), opensc-tool(1)

Name

pkcs11-tool — utility for managing and using PKCS #11 security tokens

Synopsis

- pkcs11-tool [OPTIONS] -

Description

- The pkcs11-tool utility is used to manage the - data objects on smart cards and similar PKCS #11 security tokens. - Users can list and read PINs, keys and certificates stored on the - token. User PIN authentication is performed for those operations - that require it. -

Options

-

--login, -l

Authenticate to the token before performing - other operations. This option is not needed if a PIN is - provided on the command line.

--pin pin, - -p pin

Use the given pin for - token operations. WARNING: Be careful using this option - as other users may be able to read the command line from - the system or if it is embedded in a script.

This option will also set - the --login option.

--so-pin pin

Use the given pin as the - Security Officer PIN for some token operations (token - initialization, user PIN initialization, etc). The same - warning as --pin also applies here.

--init-token

Initializes a token: set the token label as - well as a Security Officer PIN (the label must be specified - using --label).

--init-pin

Initializes the user PIN. This option - differs from --change-pin in that it sets the user PIN - for the first time. Once set, the user PIN can be changed - using --change-pin.

--change-pin, -c

Change the user PIN on the token

--test, -t

Performs some tests on the token. This - option is most useful when used with either --login - or --pin.

--show-info, -I

Displays general token information.

--list-slots, -L

Displays a list of available slots on the token.

--list-mechanisms, -M

Displays a list of mechanisms supported by the token.

--list-objects, -O

Displays a list of objects.

--sign, s

Sign some data.

--hash, -h

Hash some data.

--mechanism mechanism, - -m mechanism

Use the specified mechanism - for token operations. See -M for a list - of mechanisms supported by your token.

--keypairgen, -k

Generate a new key pair (public and private pair.)

--write-object id, - -w id

Write a key or certificate object to the token.

--type type, - -y type

Specify the type of object to operate on. - Examples are cert, privkey - and pubkey.

--id id, - -d id

Specify the id of the object to operate on.

--label name, - -a name

Specify the name of the object to operate on - (or the token label when --init-token - is used).

--slot id

Specify the id of the slot to use.

--slot-id name

Specify the name of the slot to use.

--set-id id, - -e id

Set the CKA_ID of the object.

--attr-from path

Extract information from path - (DER-encoded certificate file) and create the corresponding - attributes when writing an object to the token. Example: the - certificate subject name is used to create the CKA_SUBJECT - attribute.

--input-file path, - -i path

Specify the path to a file for input.

--output-file path, - -o path

Specify the path to a file for output.

--module mod

Specify a PKCS#11 module (or library) to - load.

--moz-cert path, - -z path

Tests a Mozilla-like keypair generation - and certificate request. Specify the path - to the certificate file.

--verbose, -v

Causes pkcs11-tool to be - more verbose. Specify this flag several times to enable debug - output in the OpenSC library.

-

See also

opensc(7)

Name

pkcs15-crypt — perform crypto operations using pkcs15 smart card

Synopsis

- pkcs15-crypt [OPTIONS] -

Description

- The pkcs15-crypt utility can be used from the - command line to perform cryptographic operations such as computing - digital signatures or decrypting data, using keys stored on a PKCS - #15 compliant smart card. -

Options

-

--sign, -s

Perform digital signature operation on - the data read from a file specified using the input - option. By default, the contents of the file are assumed to - be the result of an MD5 hash operation. Note that pkcs15-crypt - expects the data in binary representation, not ASCII.

The digital signature is stored, in binary representation, - in the file specified by the output option. If - this option is not given, the signature is printed on standard - output, displaying non-printable characters using their hex notation - xNN (see also --raw).

--pkcs1

By default, pkcs15-crypt - assumes that input data has been padded to the correct length - (i.e. when computing an RSA signature using a 1024 bit key, - the input must be padded to 128 bytes to match the modulus - length). When giving the --pkcs1 option, - however, pkcs15-crypt will perform the - required padding using the algorithm outlined in the - PKCS #1 standard version 1.5.

--sha-1

This option tells pkcs15-crypt - that the input file is the result of an SHA1 hash operation, - rather than an MD5 hash. Again, the data must be in binary - representation.

--decipher, -c

Decrypt the contents of the file specified by - the --input option. The result of the - decryption operation is written to the file specified by the - --output option. If this option is not given, - the decrypted data is printed to standard output, displaying - non-printable characters using their hex notation xNN (see also - --raw).

--key id, - -k id

Selects the ID of the key to use.

--reader N, - -r N

Selects the N-th smart - card reader configured by the system. If unspecified, - pkcs15-crypt will use the first reader - found.

--input file, - -i file

Specifies the input file to use.

--output file, - -o file

Any output will be sent to the specified file.

--raw, -R

Outputs raw 8 bit data.

--pin pin, - -p pin

When the cryptographic operation requires a - PIN to access the key, pkcs15-crypt will - prompt the user for the PIN on the terminal. Using this option - allows you to specify the PIN on the command line.

Note that on most operating systems, the command line of - a process can be displayed by any user using the ps(1) - command. It is therefore a security risk to specify - secret information such as PINs on the command line. - If you specify '-' as PIN, it will be read from STDIN.

--verbose, -v

Causes pkcs15-crypt to be more - verbose. Specify this flag several times to enable debug output - in the OpenSC library.

-

See also

pkcs15-init(1), pkcs15-tool(1)

Name

pkcs15-tool — utility for manipulating PKCS #15 data structures - on smart cards and similar security tokens

Synopsis

- pkcs15-tool [OPTIONS] -

Description

- The pkcs15-tool utility is used to manipulate - the PKCS #15 data structures on smart cards and similar security - tokens. Users can list and read PINs, keys and certificates stored - on the token. User PIN authentication is performed for those - operations that require it. -

Options

-

--learn-card, -L

Cache PKCS #15 token data to the local filesystem. - Subsequent operations are performed on the cached data where possible. - If the cache becomes out-of-sync with the token state (eg. new key is - generated and stored on the token), the cache should be updated or - operations may show stale results.

--read-certificate cert, - -r cert

Reads the certificate with the given id.

--list-certificates, -c

Lists all certificates stored on the token.

--list-pins

Lists all PINs stored on the token. General information - about each PIN is listed (eg. PIN name). Actual PIN values are not shown.

--change-pin

Changes a PIN stored on the token. User authentication - is required for this operation.

--unblock-pin, -u

Unblocks a PIN stored on the token. Knowledge of the Pin Unblock Key (PUK) is required for this operation.

--list-keys, -k

Lists all private keys stored on the token. General - information about each private key is listed (eg. key name, id and - algorithm). Actual private key values are not displayed.

--list-public-keys

Lists all public keys stored on the token, including - key name, id, algorithm and length information.

--read-public-key id

Reads the public key with id id, - allowing the user to extract and store or use the public key.

--read-ssh-key id

Reads the public key with id id, - writing the output in format suitable for $HOME/.ssh/authorized_keys.

--output filename, - -o filename

Specifies where key output should be written. - If filename already exists, it will be overwritten. - If this option is not given, keys will be printed to standard output.

--no-cache

Disables token data caching.

--pin-id pin, - -a pin

Specifies the auth id of the PIN to use for the - operation. This is useful with the --change-pin operation.

--reader num

Forces pkcs15-tool to use reader - number num for operations. The default is to use - reader number 0, the first reader in the system.

--verbose, -v

Causes pkcs15-tool to be more - verbose. Specify this flag several times to enable debug output - in the OpenSC library.

-

See also

opensc(7), pkcs15-init(1), pkcs15-crypt(1)

Name

pkcs15-init — smart card personalization utility

Description

- The pkcs15-init utility can be used to create a PKCS #15 - structure on a smart card, and add key or certificate objects. Details of the - structure that will be created are controlled via profiles. -

- The profile used by default is pkcs15. Alternative - profiles can be specified via the -p switch. -

PIN Usage

- pkcs15-init can be used to create a PKCS #15 structure on - your smart card, create PINs, and install keys and certificates on the card. - This process is also called personalization. -

- An OpenSC card can have one security officer PIN, and zero or more user PINs. - PIN stands for Personal Identification Number, and is a secret code you need - to present to the card before being allowed to perform certain operations, - such as using one of the stored RSA keys to sign a document, or modifying - the card itself. -

- Usually, PINs are a sequence of decimal digits, but some cards will accept - arbitrary ASCII characters. Be aware however that using characters other - than digits will make the card unusable with PIN pad readers, because those - usually have keys for entering digits only. -

- The security officer (SO) PIN is special; it is used to protect meta data - information on the card, such as the PKCS #15 structure itself. Setting - the SO PIN is optional, because the worst that can usually happen is that - someone finding your card can mess it up. To extract any of your secret - keys stored on the card, an attacker will still need your user PIN, at - least for the default OpenSC profiles. However, it is possible to create - card profiles that will allow the security officer to override user PINs. -

- For each PIN, you can specify a PUK (also called unblock PIN). - The PUK can be used to overwrite or unlock a PIN if too many incorrect values - have been entered in a row. -

Modes of operation

Initialization

This is the first step during card personalization, and will create the - basic files on the card. To create the initial PKCS #15 structure, invoke the - utility as -

- pkcs15-init --create-pkcs15

- You will then be asked for several the security officer PIN and PUK. Simply - pressing return at the SO PIN prompt will skip installation of an SO PIN. -

- If the card supports it, you can also request that the card is erased prior - to creating the PKCS #15 structure, by specifying the --erase-card - option. -

User PIN Installation

- Before installing any user objects such as private keys, you need at least one - PIN to protect these objects. you can do this using -

- pkcs15-init --store-pin --id " nn -

- where nn is a PKCS #15 ID in hexadecimal notation. Common - values are 01, 02, etc. -

- Entering the command above will ask you for the user's PIN and PUK. If you do - not wish to install an unblock PIN, simply press return at the PUK prompt. -

- To set a label for this PIN object (which can be used by applications to display - a meaningful prompt to the user), use the --label command line option. -

Key generation

- pkcs15-init lets you generate a new key and store it on the card. - You can do this using: -

- pkcs15-init --generate-key " keyspec " --auth-id " nn -

- where keyspec describes the algorithm and length of the - key to be created, such as rsa/512. This will create a 512 bit - RSA key. Currently, only RSA key generation is supported. Note that cards - usually support just a few different key lengths. Almost all cards will support - 512 and 1024 bit keys, some will support 768 or 2048 as well. -

- nn is the ID of a user PIN installed previously, e.g. 01. -

- In addition to storing the private portion of the key on the card, - pkcs15-init will also store the the public portion of the - key as a PKCS #15 public key object. -

- By default, pkcs15-init will try to use the card's - on-board key generation facilities, if available. If the card does not - support on-board key generation, pkcs15-init will fall - back to software key generation. -

Private Key Download

- You can use a private key generated by other means and download it to the card. - For instance, to download a private key contained in a file named - okir.pem, which is in PEM format, you would use -

- pkcs15-init --store-private-key okir.pem --id 45 --auth-id 01 -

- If the key is protected by a pass phrase, pkcs15-init - will prompt you for a pass phrase to unlock the key. -

- In addition to storing the private portion of the key on the card, - pkcs15-init will also store the the public portion of the - key as a PKCS #15 public key object. -

- Note the use of the --id option. The current - pkcs15 profile defines two key templates, one for - authentication (key ID 45), and one for non-repudiation purposes (key ID 46). - Other key templates will probably be added in the future. Note that if you don't - specify a key ID, pkcs15-init will pick just the first key - template defined by the profile. -

- In addition to the PEM key file format, pkcs15-init also - supports DER encoded keys, and PKCS #12 files. The latter is the file format - used by Netscape Navigator (among others) when exporting certificates to - a file. A PKCS #12 file usually contains the X.509 certificate corresponding - to the private key. If that is the case, pkcs15-init will - store the certificate instead of the public key portion. -

Public Key Download

- You can also download individual public keys to the card using the - --store-public-key option, which takes a filename as an - argument. This file is supposed to contain the public key. If you don't - specify a key file format using the --format option, - pkcs15-init will assume PEM format. The only other - supported public key file format is DER. -

- Since the corresponding public keys are always downloaded automatically - when generating a new key, or when downloading a private key, you will - probably use this option only very rarely. -

Certificate Download

- You can download certificates to the card using the - --store-certificate option, which takes a filename as - an argument. This file is supposed to contain the DER encoded X.509 - certificate. -

Downloading PKCS #12 bags

- Most browsers nowadays use PKCS #12 format files when you ask them to - export your key and certificate to a file. pkcs15-init - is capable of parsing these files, and storing their contents on the - card in a single operation. This works just like storing a private key, - except that you need to specify the file format: -

- pkcs15-init --store-private-key okir.p12 --format pkcs12 --auth-id - 01 -

- This will install the private key contained in the file okir.p12, - and protect it with the PIN referenced by authentication ID 01. - It will also store any X.509 certificates contained in the file, which is - usually the user certificate that goes with the key, as well as the CA certificate. -

Options

-

--profile name, - -p name

- Tells pkcs15-init to load the specified general - profile. Currently, the only application profile defined is - pkcs15, but you can write your own profiles and - specify them using this option. -

- The profile name can be combined with one or more profile - options, which slightly modify the profile's behavior. - For instance, the default OpenSC profile supports the - openpin option, which installs a single PIN during - card initialization. This PIN is then used both as the SO PIN as - well as the user PIN for all keys stored on the card. -

- Profile name and options are separated by a + - character, as in pkcs15+onepin. -

--card-profile name, - -c name

- Tells pkcs15-init to load the specified card - profile option. You will rarely need this option. -

--create-pkcs15, -C

- This tells pkcs15-init to create a PKCS #15 - structure on the card, and initialize any PINs. -

--erase-card, -E

- This will erase the card prior to creating the PKCS #15 structure, - if the card supports it. If the card does not support erasing, - pkcs15-init will fail. -

--generate-key keyspec, - -G keyspec

- Tells the card to generate new key and store it on the card. - keyspec consists of an algorithm name - (currently, the only supported name is RSA), - optionally followed by a slash and the length of the key in bits. - It is a good idea to specify the key ID along with this command, - using the id option. -

--store-private-key filename, - -S filename

- Tells pkcs15-init to download the specified - private key to the card. This command will also create a public - key object containing the public key portion. By default, the - file is assumed to contain the key in PEM format. Alternative - formats can be specified using --format. - It is a good idea to specify the key ID along with this command, - using the --id option. -

--store-public-key filename, - -P filename

- Tells pkcs15-init to download the specified - public key to the card and create a public key object with the - key ID specified via the --id. By default, - the file is assumed to contain the key in PEM format. Alternative - formats can be specified using --format. -

--store-certificate filename, - -X filename

- Tells pkcs15-init to store the certificate given - in filename on the card, creating a certificate - object with the ID specified via the --id option. - The file is assumed to contain the DER encoded certificate. -

--so-pin, --so-puk, --pin, --puk

- These options can be used to specify PIN/PUK values on the command - line. Note that on most operation systems, any user can display - the command line of any process on the system using utilities such - as ps(1). Therefore, you should use these options - only on a secured system, or in an options file specified with - --options-file. -

--passphrase

- When downloading a private key, this option can be used to specify - the pass phrase to unlock the private key. The same caveat applies - here as in the case of the --pin options. -

--options-file filename

- Tells pkcs15-init to read additional options - from filename. The file is supposed to - contain one long option per line, without the leading dashes, - for instance: -

-	pin		frank
-	puk		zappa
-

-

- You can specify --options-file several times. -

--verbose, -v

- Causes pkcs15-init to be more verbose. Specify this - flag several times to enable debug output in the OpenSC library. -

-

See also

pkcs15-profile(5)

Name

pkcs15-profile — format of profile for pkcs15-init

Synopsis

- -

Description

- The pkcs15-init utility for PKCS #15 smart card - personalization is controlled via profiles. When starting, it will read two - such profiles at the moment, a generic application profile, and a card - specific profile. The generic profile must be specified on the command line, - while the card-specific file is selected based on the type of card detected. -

- The generic application profile defines general information about the card - layout, such as the path of the application DF, various PKCS #15 files within - that directory, and the access conditions on these files. It also defines - general information about PIN, key and certificate objects. Currently, there - is only one such generic profile, pkcs15.profile. -

- The card specific profile contains additional information required during - card intialization, such as location of PIN files, key references etc. - Profiles currently reside in @pkgdatadir@ -

Syntax

- This section should contain information about the profile syntax. Will add - this soonishly. -

See also

- pkcs15(7), pkcs15-init(1), - pkcs15-crypt(1), opensc(7), -

Name

cardos-tool — displays information about Card OS-based security tokens or format them -

Synopsis

- cardos-tool [OPTIONS] -

Description

- The cardos-tool utility is used to display information about -smart cards and similar security tokens based on Siemens Card/OS M4. -

Options

-

--info, -i

Display information about the card or token.

--format, -f

Format the card or token.

--reader number, -r number

Specify the reader number number to use. - The default is reader 0.

--card-driver name, -c driver

Use the card driver specified by name. The default - is to auto-detect the correct card driver.

--wait, -w

Causes cardos-info to wait for the token - to be inserted into reader.

--verbose, -v

Causes cardos-info to be more verbose. Specify this flag several times -to enable debug output in the opensc library.

-

See also

opensc(7)

Name

cryptoflex-tool — utility for manipulating Schlumberger Cryptoflex data structures

Synopsis

- cryptoflex-tool [OPTIONS] -

Description

- cryptoflex-tool is used to manipulate PKCS - data structures on Schlumberger Cryptoflex smart cards. Users - can create, list and read PINs and keys stored on the smart card. - User PIN authentication is performed for those operations that require it. -

Options

-

--verify-pin, -V

Verifies CHV1 before issuing commands

--list-keys, -l

Lists all keys stored in a public key file

--create-key-files arg, - -c arg

Creates new RSA key files for arg keys

--create-pin-files id, - -P id

Creates new PIN file for CHVid

--generate-key, -g

Generate a new RSA key pair

--read-key

Reads a public key from the card, allowing the user to - extract and store or use the public key -

--key-num num, - -k num

Specifies the key number to operate on. The default is - key number 1.

--app-df num, - -a num

Specifies the DF to operate in

--prkey-file id, - -p id

Specifies the private key file id, id, - to use

--pubkey-file id, - -u id

Specifies the public key file id, id, - to use

--exponent exp, - -e exp

Specifies the RSA exponent, exp, - to use in key generation. The default value is 3.

--modulus-length length, - -m length

Specifies the modulus length to use - in key generation. The default value is 1024.

--reader num, - -r num

Forces cryptoflex-tool to use - reader number num for operations. The default - is to use reader number 0, the first reader in the system.

--verbose, -v

Causes cryptoflex-tool to be more - verbose. Specify this flag several times to enable debug output in - the opensc library.

-

See also

opensc(7), pkcs15-tool(1)

Name

netkey-tool — administrative utility for Netkey E4 cards

Synopsis

netkey-tool [OPTIONS] [COMMAND]

Description

The netkey-tool utility can be used from the - command line to perform some smart card operations with NetKey E4 cards - that cannot be done easily with other OpenSC-tools, such as changing local - PINs, storing certificates into empty NetKey E4 cert-files or displaying - the initial PUK-value.

Options

-

--help, -h

Displays a short help message.

--reader number, -r number

Use smart card in specified reader. Default is reader 0.

-v

Causes netkey-tool to be more verbose. This - options may be specified multiple times to increase verbosity.

--pin pin-value, -p pin-value

Specifies the current value of the global PIN.

--puk pin-value, -u pin-value

Specifies the current value of the global PUK.

--pin0 pin-value, -0 pin-value

Specifies the current value of the local PIN0 (aka local PIN).

--pin1 pin-value, -1 pin-value

Specifies the current value of the local PIN1 (aka local PUK).

-

PIN format

With the -p, -u, -0 or the -1 - one of the cards pins may be specified. You may use plain ascii-strings (i.e. 123456) or a hex-string - (i.e. 31:32:33:34:35:36). A hex-string must consists of exacly n 2-digit hexnumbers separated by n-1 colons. - Otherwise it will be interpreted as an ascii string. For example :12:34: and 1:2:3:4 are both pins of - length 7, while 12:34 and 01:02:03:04 are pins of length 2 and 4.

Commands

When used without any options or commands, netkey-tool will - display information about the smart cards pins and certificates. This will not change - your card in any aspect (assumed there are no bugs in netkey-tool). - In particular the tries-left counters of the pins are investigated without doing - actual pin-verifications.

If you specify the global PIN via the --pin option, - netkey-tool will also display the initial value of the cards - global PUK. If your global PUK was changed netkey-tool will still - diplay its initial value. There's no way to recover a lost global PUK once it was changed. - There's also no way to display the initial value of your global PUK without knowing the - current value of your global PIN.

For most of the commands that netkey-tool can execute, you have - to specify one pin. One notable exeption is the nullpin command, but - this command can only be executed once in the lifetime of a NetKey E4 card.

-

unblock { pin | pin0 | - pin1 }

This unblocks the specified pin. You must specify another pin - to be able to do this and if you don't specify a correct one, - netkey-tool will tell you which one is needed.

change { pin | puk | - pin0 | pin1 } new-pin

This changes the value of the specified pin to the given new value. - You must specify either the current value of the pin or another pin to be able to do - this and if you don't specify a correct one, netkey-tool will tell - you which one is needed.

nullpin initial-pin

This command can be executed only if the global PIN of your card is - in nullpin-state. There's no way to return back to nullpin-state once you have changed - your global PIN. You don't need a pin to execute the nullpin-command. After a succesfull - nullpin-command netkey-tool will display your cards initial - PUK-value.

cert number filename

This command will read one of your cards certificates (as specified by - number) and save this certificate into file filename - in PEM-format. Certificates on a NetKey E4 card are readable without a pin, so you don't - have to specify one.

cert filename number

This command will read the first PEM-encoded certificate from file - filename and store this into your smart cards certificate file - number. Some of your smart cards certificate files might be readonly, so - this will not work with all values of number. If a certificate file is - writable you must specify a pin in order to change it. If you try to use this command - without specifying a pin, netkey-tool will tell you which one is - needed.

-

See also

opensc(7), opensc-explorer(1)

Authors

netkey-tool was written by - Peter Koch .

Name

westcos-tool — utility for manipulating data structure - on westcos smart card and similar security tokens

Synopsis

- westcos-tool [OPTIONS] -

Description

- The westcos-tool utility is used to manipulate - the westcos data structures on 2 Ko smart cards. Users can create PINs, - keys and certificates stored on the token. User PIN authentication is - performed for those operations that require it. -

Options

-

-G

Generate a private key on smart card. The smart card must be - not finalized and pin installed (ig. file for pin must be created, see option - -i). By default key length is 1536 bits. User authentication is required for - this operation.

-L length

Change the length of private key, use with -G. -

-i

Install pin file in token, you must provide pin value - with -pin.

-pin value

set value of pin.

-puk value

set value of puk (or value of new pin for change pin - command see -n).

-n

Changes a PIN stored on the token. User authentication - is required for this operation.

-u

Unblocks a PIN stored on the token. Knowledge of the Pin - Unblock Key (PUK) is required for this operation.

-cert file

Write certificate file in pem format on the - card. User authentication is required for this operation.

-F

Finalize the card, once finalize default key is invalidate so pin and puk - can'be changed anymore without user authentification. Warning, smart cards not finalized are - unsecure because pin can be changed without user authentification (knowledge of default key - is enougth).

-r n

Forces westcos-tool to use reader - number n for operations.

-gf path

Get the file path the file is written - on disk with path name. User authentication - is required for this operation.

-pf path

Put the file with name path from disk - to card the file is written in path. User authentication - is required for this operation.

-v

Causes westcos-tool to be more - verbose. Specify this flag several times to enable debug output - in the OpenSC library.

-h

Print help message on screen.

-

See also

opensc(7)

Authors

westcos-tool was written by - Francois Leblanc .

diff -Nru opensc-0.11.13/doc/html.xsl opensc-0.12.1/doc/html.xsl --- opensc-0.11.13/doc/html.xsl 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/doc/html.xsl 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,16 @@ + + +]> + + + + + + + + diff -Nru opensc-0.11.13/doc/Makefile.am opensc-0.12.1/doc/Makefile.am --- opensc-0.11.13/doc/Makefile.am 2009-12-13 09:14:26.000000000 +0000 +++ opensc-0.12.1/doc/Makefile.am 2011-05-17 17:07:00.000000000 +0000 @@ -1,64 +1,31 @@ MAINTAINERCLEANFILES = $(srcdir)/Makefile.in -wikidir=$(htmldir)/wiki - -if ENABLE_DOC -SUBDIRS = nonpersistent -endif -DIST_SUBDIRS = nonpersistent - -dist_noinst_DATA = $(srcdir)/tools/*.xml \ - $(srcdir)/api/*.xml \ - $(srcdir)/api/apps/*.xml \ - $(srcdir)/api/asn1/*.xml \ - $(srcdir)/api/card/*.xml \ - $(srcdir)/api/file/*.xml \ - $(srcdir)/api/init/*.xml \ - $(srcdir)/api/misc/*.xml \ - $(srcdir)/api/types/*.xml \ - $(srcdir)/api/util/*.xml \ - $(srcdir)/api/api.css \ - $(srcdir)/api/*.xsl - +dist_noinst_SCRIPTS = svn2cl.xsl html.xsl man.xsl +dist_noinst_DATA = $(srcdir)/tools/*.xml api.css if ENABLE_DOC -dist_html_DATA = html.out/* -else -dist_noinst_DATA += html.out/* +html_DATA = html.out/* endif -dist_doc_DATA = README if ENABLE_MAN -if WIN32 -dist_noinst_DATA += man.out/*.1 man.out/*.3 man.out/*.5 -else -dist_man1_MANS = man.out/*.1 -dist_man3_MANS = man.out/*.3 -dist_man5_MANS = man.out/*.5 +man1_MANS = man.out/*.1 +man5_MANS = man.out/*.5 endif -endif - -if SVN_CHECKOUT -if ENABLE_MAN html.out/*: html.out html.out: api.work - test -n "$(XSLTPROC)" -rm -fr html.tmp html.out $(MKDIR_P) html.tmp - $(XSLTPROC) --nonet --path "$(srcdir)/api" --xinclude -o "html.tmp/api.html" "api.work/html.xsl" "$(srcdir)/api/api.xml" $(XSLTPROC) --nonet --path "$(srcdir)/api" --xinclude -o "html.tmp/tools.html" "api.work/html.xsl" "$(srcdir)/tools/tools.xml" mv html.tmp html.out man.out/*.1: man.out man.out: api.work - test -n "$(XSLTPROC)" -rm -fr man.tmp man.out $(MKDIR_P) man.tmp - $(XSLTPROC) --nonet --path "$(srcdir)/api" --xinclude -o "man.tmp/" "api.work/man.xsl" "$(srcdir)/api/api.xml" $(XSLTPROC) --nonet --path "$(srcdir)/api" --xinclude -o "man.tmp/" "api.work/man.xsl" "$(srcdir)/tools/tools.xml" mv man.tmp man.out -man.out/*.3 man.out/*.5: man.out/*.1 +man.out/*.5: man.out/*.1 # # This part is needed as found no @@ -66,42 +33,15 @@ # in builddir while xsl on srcdir # api.work: \ - $(abs_srcdir)/api/html.xsl \ - $(abs_srcdir)/api/man.xsl + $(abs_srcdir)/html.xsl \ + $(abs_srcdir)/man.xsl \ + $(abs_srcdir)/api.css -rm -fr api.work $(MKDIR_P) api.work - $(LN_S) "$(abs_srcdir)/api/html.xsl" api.work/html.xsl - $(LN_S) "$(abs_srcdir)/api/man.xsl" api.work/man.xsl + $(LN_S) "$(abs_srcdir)/html.xsl" api.work/html.xsl + $(LN_S) "$(abs_srcdir)/man.xsl" api.work/man.xsl + $(LN_S) "$(abs_srcdir)/api.css" api.work/api.css $(LN_S) "$(xslstylesheetsdir)" api.work/xsl-stylesheets -else - -html.out/*: -man.out/*.1: -man.out/*.3 man.out/*.5: man.out/*.1 - -endif -else - -html.out/*: $(abs_builddir)/html.out -$(abs_builddir)/html.out: - $(LN_S) "$(srcdir)/html.out" html.out - -man.out/*.3 man.out/*.5 man.out/*.1: $(abs_builddir)/man.out -$(abs_builddir)/man.out: - $(LN_S) "$(srcdir)/man.out" man.out - -endif - -maintainer-clean-local: - -rm -rf "$(srcdir)/html.out" "$(srcdir)/man.out" - -distclean-local: - -rm -fr html.tmp man.tmp api.work - if test -L html.out; then \ - rm -rf html.out; \ - fi - if test -L man.out; then \ - rm -rf man.out; \ - fi - +clean-local: + -rm -fr html.tmp man.tmp api.work html.out man.out diff -Nru opensc-0.11.13/doc/Makefile.in opensc-0.12.1/doc/Makefile.in --- opensc-0.11.13/doc/Makefile.in 2010-02-16 09:32:17.000000000 +0000 +++ opensc-0.12.1/doc/Makefile.in 2011-05-18 05:51:48.000000000 +0000 @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -15,6 +15,7 @@ @SET_MAKE@ + VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ @@ -34,34 +35,23 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -@ENABLE_DOC_FALSE@am__append_1 = html.out/* -@ENABLE_MAN_TRUE@@WIN32_TRUE@am__append_2 = man.out/*.1 man.out/*.3 man.out/*.5 subdir = doc -DIST_COMMON = README $(am__dist_html_DATA_DIST) \ - $(am__dist_noinst_DATA_DIST) $(dist_doc_DATA) \ - $(dist_man1_MANS) $(dist_man3_MANS) $(dist_man5_MANS) \ +DIST_COMMON = $(dist_noinst_DATA) $(dist_noinst_SCRIPTS) \ $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/acx_pthread.m4 \ - $(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.ac + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = +SCRIPTS = $(dist_noinst_SCRIPTS) SOURCES = DIST_SOURCES = -RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ - html-recursive info-recursive install-data-recursive \ - install-dvi-recursive install-exec-recursive \ - install-html-recursive install-info-recursive \ - install-pdf-recursive install-ps-recursive install-recursive \ - installcheck-recursive installdirs-recursive pdf-recursive \ - ps-recursive uninstall-recursive am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ @@ -84,55 +74,13 @@ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' man1dir = $(mandir)/man1 -am__installdirs = "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man3dir)" \ - "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(docdir)" \ +am__installdirs = "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man5dir)" \ "$(DESTDIR)$(htmldir)" -man3dir = $(mandir)/man3 man5dir = $(mandir)/man5 NROFF = nroff -MANS = $(dist_man1_MANS) $(dist_man3_MANS) $(dist_man5_MANS) -am__dist_html_DATA_DIST = html.out/* -am__dist_noinst_DATA_DIST = $(srcdir)/tools/*.xml $(srcdir)/api/*.xml \ - $(srcdir)/api/apps/*.xml $(srcdir)/api/asn1/*.xml \ - $(srcdir)/api/card/*.xml $(srcdir)/api/file/*.xml \ - $(srcdir)/api/init/*.xml $(srcdir)/api/misc/*.xml \ - $(srcdir)/api/types/*.xml $(srcdir)/api/util/*.xml \ - $(srcdir)/api/api.css $(srcdir)/api/*.xsl html.out/* \ - man.out/*.1 man.out/*.3 man.out/*.5 -DATA = $(dist_doc_DATA) $(dist_html_DATA) $(dist_noinst_DATA) -RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ - distclean-recursive maintainer-clean-recursive -AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ - $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ - distdir -ETAGS = etags -CTAGS = ctags +MANS = $(man1_MANS) $(man5_MANS) +DATA = $(dist_noinst_DATA) $(html_DATA) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -am__relativize = \ - dir0=`pwd`; \ - sed_first='s,^\([^/]*\)/.*$$,\1,'; \ - sed_rest='s,^[^/]*/*,,'; \ - sed_last='s,^.*/\([^/]*\)$$,\1,'; \ - sed_butlast='s,/*[^/]*$$,,'; \ - while test -n "$$dir1"; do \ - first=`echo "$$dir1" | sed -e "$$sed_first"`; \ - if test "$$first" != "."; then \ - if test "$$first" = ".."; then \ - dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ - dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ - else \ - first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ - if test "$$first2" = "$$first"; then \ - dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ - else \ - dir2="../$$dir2"; \ - fi; \ - dir0="$$dir0"/"$$first"; \ - fi; \ - fi; \ - dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ - done; \ - reldir="$$dir2" ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ @@ -160,8 +108,6 @@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ -ICONV_CFLAGS = @ICONV_CFLAGS@ -ICONV_LIBS = @ICONV_LIBS@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ @@ -169,10 +115,8 @@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LD = @LD@ LDFLAGS = @LDFLAGS@ -LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@ -LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@ -LIBASSUAN_LIBS = @LIBASSUAN_LIBS@ LIBOBJS = @LIBOBJS@ +LIBRARY_BITNESS = @LIBRARY_BITNESS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ @@ -197,8 +141,6 @@ OPENSC_VERSION_MINOR = @OPENSC_VERSION_MINOR@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ -OPTIONAL_ICONV_CFLAGS = @OPTIONAL_ICONV_CFLAGS@ -OPTIONAL_ICONV_LIBS = @OPTIONAL_ICONV_LIBS@ OPTIONAL_OPENCT_CFLAGS = @OPTIONAL_OPENCT_CFLAGS@ OPTIONAL_OPENCT_LIBS = @OPTIONAL_OPENCT_LIBS@ OPTIONAL_OPENSSL_CFLAGS = @OPTIONAL_OPENSSL_CFLAGS@ @@ -221,6 +163,8 @@ PCSC_CFLAGS = @PCSC_CFLAGS@ PCSC_LIBS = @PCSC_LIBS@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ @@ -233,10 +177,7 @@ SHELL = @SHELL@ STRIP = @STRIP@ SVN = @SVN@ -TR = @TR@ VERSION = @VERSION@ -WGET = @WGET@ -WGET_OPTS = @WGET_OPTS@ WIN_LIBPREFIX = @WIN_LIBPREFIX@ XSLTPROC = @XSLTPROC@ ZLIB_CFLAGS = @ZLIB_CFLAGS@ @@ -282,11 +223,8 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ -openscincludedir = @openscincludedir@ pdfdir = @pdfdir@ pkcs11dir = @pkcs11dir@ -pkgconfigdir = @pkgconfigdir@ -plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -300,22 +238,12 @@ top_srcdir = @top_srcdir@ xslstylesheetsdir = @xslstylesheetsdir@ MAINTAINERCLEANFILES = $(srcdir)/Makefile.in -wikidir = $(htmldir)/wiki -@ENABLE_DOC_TRUE@SUBDIRS = nonpersistent -DIST_SUBDIRS = nonpersistent -dist_noinst_DATA = $(srcdir)/tools/*.xml $(srcdir)/api/*.xml \ - $(srcdir)/api/apps/*.xml $(srcdir)/api/asn1/*.xml \ - $(srcdir)/api/card/*.xml $(srcdir)/api/file/*.xml \ - $(srcdir)/api/init/*.xml $(srcdir)/api/misc/*.xml \ - $(srcdir)/api/types/*.xml $(srcdir)/api/util/*.xml \ - $(srcdir)/api/api.css $(srcdir)/api/*.xsl $(am__append_1) \ - $(am__append_2) -@ENABLE_DOC_TRUE@dist_html_DATA = html.out/* -dist_doc_DATA = README -@ENABLE_MAN_TRUE@@WIN32_FALSE@dist_man1_MANS = man.out/*.1 -@ENABLE_MAN_TRUE@@WIN32_FALSE@dist_man3_MANS = man.out/*.3 -@ENABLE_MAN_TRUE@@WIN32_FALSE@dist_man5_MANS = man.out/*.5 -all: all-recursive +dist_noinst_SCRIPTS = svn2cl.xsl html.xsl man.xsl +dist_noinst_DATA = $(srcdir)/tools/*.xml api.css +@ENABLE_DOC_TRUE@html_DATA = html.out/* +@ENABLE_MAN_TRUE@man1_MANS = man.out/*.1 +@ENABLE_MAN_TRUE@man5_MANS = man.out/*.5 +all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @@ -327,9 +255,9 @@ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign doc/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu doc/Makefile + $(AUTOMAKE) --foreign doc/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -354,10 +282,10 @@ clean-libtool: -rm -rf .libs _libs -install-man1: $(dist_man1_MANS) +install-man1: $(man1_MANS) @$(NORMAL_INSTALL) test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)" - @list='$(dist_man1_MANS)'; test -n "$(man1dir)" || exit 0; \ + @list='$(man1_MANS)'; test -n "$(man1dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ @@ -381,51 +309,17 @@ uninstall-man1: @$(NORMAL_UNINSTALL) - @list='$(dist_man1_MANS)'; test -n "$(man1dir)" || exit 0; \ + @list='$(man1_MANS)'; test -n "$(man1dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man1dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man1dir)" && rm -f $$files; } -install-man3: $(dist_man3_MANS) - @$(NORMAL_INSTALL) - test -z "$(man3dir)" || $(MKDIR_P) "$(DESTDIR)$(man3dir)" - @list='$(dist_man3_MANS)'; test -n "$(man3dir)" || exit 0; \ - { for i in $$list; do echo "$$i"; done; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ - done | \ - sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ - sed 'N;N;s,\n, ,g' | { \ - list=; while read file base inst; do \ - if test "$$base" = "$$inst"; then list="$$list $$file"; else \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst" || exit $$?; \ - fi; \ - done; \ - for i in $$list; do echo "$$i"; done | $(am__base_list) | \ - while read files; do \ - test -z "$$files" || { \ - echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man3dir)'"; \ - $(INSTALL_DATA) $$files "$(DESTDIR)$(man3dir)" || exit $$?; }; \ - done; } - -uninstall-man3: - @$(NORMAL_UNINSTALL) - @list='$(dist_man3_MANS)'; test -n "$(man3dir)" || exit 0; \ - files=`{ for i in $$list; do echo "$$i"; done; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ - test -z "$$files" || { \ - echo " ( cd '$(DESTDIR)$(man3dir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(man3dir)" && rm -f $$files; } -install-man5: $(dist_man5_MANS) +install-man5: $(man5_MANS) @$(NORMAL_INSTALL) test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)" - @list='$(dist_man5_MANS)'; test -n "$(man5dir)" || exit 0; \ + @list='$(man5_MANS)'; test -n "$(man5dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ @@ -449,37 +343,17 @@ uninstall-man5: @$(NORMAL_UNINSTALL) - @list='$(dist_man5_MANS)'; test -n "$(man5dir)" || exit 0; \ + @list='$(man5_MANS)'; test -n "$(man5dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man5dir)" && rm -f $$files; } -install-dist_docDATA: $(dist_doc_DATA) - @$(NORMAL_INSTALL) - test -z "$(docdir)" || $(MKDIR_P) "$(DESTDIR)$(docdir)" - @list='$(dist_doc_DATA)'; test -n "$(docdir)" || list=; \ - for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; \ - done | $(am__base_list) | \ - while read files; do \ - echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(docdir)'"; \ - $(INSTALL_DATA) $$files "$(DESTDIR)$(docdir)" || exit $$?; \ - done - -uninstall-dist_docDATA: - @$(NORMAL_UNINSTALL) - @list='$(dist_doc_DATA)'; test -n "$(docdir)" || list=; \ - files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ - test -n "$$files" || exit 0; \ - echo " ( cd '$(DESTDIR)$(docdir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(docdir)" && rm -f $$files -install-dist_htmlDATA: $(dist_html_DATA) +install-htmlDATA: $(html_DATA) @$(NORMAL_INSTALL) test -z "$(htmldir)" || $(MKDIR_P) "$(DESTDIR)$(htmldir)" - @list='$(dist_html_DATA)'; test -n "$(htmldir)" || list=; \ + @list='$(html_DATA)'; test -n "$(htmldir)" || list=; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ @@ -489,148 +363,19 @@ $(INSTALL_DATA) $$files "$(DESTDIR)$(htmldir)" || exit $$?; \ done -uninstall-dist_htmlDATA: +uninstall-htmlDATA: @$(NORMAL_UNINSTALL) - @list='$(dist_html_DATA)'; test -n "$(htmldir)" || list=; \ + @list='$(html_DATA)'; test -n "$(htmldir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ test -n "$$files" || exit 0; \ echo " ( cd '$(DESTDIR)$(htmldir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(htmldir)" && rm -f $$files - -# This directory's subdirectories are mostly independent; you can cd -# into them and run `make' without going through this Makefile. -# To change the values of `make' variables: instead of editing Makefiles, -# (1) if the variable is set in `config.status', edit `config.status' -# (which will cause the Makefiles to be regenerated when you run `make'); -# (2) otherwise, pass the desired values on the `make' command line. -$(RECURSIVE_TARGETS): - @failcom='exit 1'; \ - for f in x $$MAKEFLAGS; do \ - case $$f in \ - *=* | --[!k]*);; \ - *k*) failcom='fail=yes';; \ - esac; \ - done; \ - dot_seen=no; \ - target=`echo $@ | sed s/-recursive//`; \ - list='$(SUBDIRS)'; for subdir in $$list; do \ - echo "Making $$target in $$subdir"; \ - if test "$$subdir" = "."; then \ - dot_seen=yes; \ - local_target="$$target-am"; \ - else \ - local_target="$$target"; \ - fi; \ - ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ - || eval $$failcom; \ - done; \ - if test "$$dot_seen" = "no"; then \ - $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ - fi; test -z "$$fail" - -$(RECURSIVE_CLEAN_TARGETS): - @failcom='exit 1'; \ - for f in x $$MAKEFLAGS; do \ - case $$f in \ - *=* | --[!k]*);; \ - *k*) failcom='fail=yes';; \ - esac; \ - done; \ - dot_seen=no; \ - case "$@" in \ - distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ - *) list='$(SUBDIRS)' ;; \ - esac; \ - rev=''; for subdir in $$list; do \ - if test "$$subdir" = "."; then :; else \ - rev="$$subdir $$rev"; \ - fi; \ - done; \ - rev="$$rev ."; \ - target=`echo $@ | sed s/-recursive//`; \ - for subdir in $$rev; do \ - echo "Making $$target in $$subdir"; \ - if test "$$subdir" = "."; then \ - local_target="$$target-am"; \ - else \ - local_target="$$target"; \ - fi; \ - ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ - || eval $$failcom; \ - done && test -z "$$fail" -tags-recursive: - list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ - done -ctags-recursive: - list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ - done - -ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - mkid -fID $$unique tags: TAGS +TAGS: -TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - set x; \ - here=`pwd`; \ - if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ - include_option=--etags-include; \ - empty_fix=.; \ - else \ - include_option=--include; \ - empty_fix=; \ - fi; \ - list='$(SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" = .; then :; else \ - test ! -f $$subdir/TAGS || \ - set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ - fi; \ - done; \ - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi ctags: CTAGS -CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" +CTAGS: -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ @@ -675,51 +420,22 @@ || exit 1; \ fi; \ done - @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" = .; then :; else \ - test -d "$(distdir)/$$subdir" \ - || $(MKDIR_P) "$(distdir)/$$subdir" \ - || exit 1; \ - fi; \ - done - @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" = .; then :; else \ - dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ - $(am__relativize); \ - new_distdir=$$reldir; \ - dir1=$$subdir; dir2="$(top_distdir)"; \ - $(am__relativize); \ - new_top_distdir=$$reldir; \ - echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ - echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ - ($(am__cd) $$subdir && \ - $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="$$new_top_distdir" \ - distdir="$$new_distdir" \ - am__remove_distdir=: \ - am__skip_length_check=: \ - am__skip_mode_fix=: \ - distdir) \ - || exit 1; \ - fi; \ - done check-am: all-am -check: check-recursive -all-am: Makefile $(MANS) $(DATA) -installdirs: installdirs-recursive -installdirs-am: - for dir in "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(docdir)" "$(DESTDIR)$(htmldir)"; do \ +check: check-am +all-am: Makefile $(SCRIPTS) $(MANS) $(DATA) +installdirs: + for dir in "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(htmldir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done -install: install-recursive -install-exec: install-exec-recursive -install-data: install-data-recursive -uninstall: uninstall-recursive +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am -installcheck: installcheck-recursive +installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ @@ -737,157 +453,124 @@ @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) -clean: clean-recursive +clean: clean-am -clean-am: clean-generic clean-libtool mostlyclean-am +clean-am: clean-generic clean-libtool clean-local mostlyclean-am -distclean: distclean-recursive +distclean: distclean-am -rm -f Makefile -distclean-am: clean-am distclean-generic distclean-local \ - distclean-tags +distclean-am: clean-am distclean-generic -dvi: dvi-recursive +dvi: dvi-am dvi-am: -html: html-recursive +html: html-am html-am: -info: info-recursive +info: info-am info-am: -install-data-am: install-dist_docDATA install-dist_htmlDATA \ - install-man +install-data-am: install-htmlDATA install-man -install-dvi: install-dvi-recursive +install-dvi: install-dvi-am install-dvi-am: install-exec-am: -install-html: install-html-recursive +install-html: install-html-am install-html-am: -install-info: install-info-recursive +install-info: install-info-am install-info-am: -install-man: install-man1 install-man3 install-man5 +install-man: install-man1 install-man5 -install-pdf: install-pdf-recursive +install-pdf: install-pdf-am install-pdf-am: -install-ps: install-ps-recursive +install-ps: install-ps-am install-ps-am: installcheck-am: -maintainer-clean: maintainer-clean-recursive +maintainer-clean: maintainer-clean-am -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic \ - maintainer-clean-local +maintainer-clean-am: distclean-am maintainer-clean-generic -mostlyclean: mostlyclean-recursive +mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic mostlyclean-libtool -pdf: pdf-recursive +pdf: pdf-am pdf-am: -ps: ps-recursive +ps: ps-am ps-am: -uninstall-am: uninstall-dist_docDATA uninstall-dist_htmlDATA \ - uninstall-man +uninstall-am: uninstall-htmlDATA uninstall-man -uninstall-man: uninstall-man1 uninstall-man3 uninstall-man5 +uninstall-man: uninstall-man1 uninstall-man5 -.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \ - install-am install-strip tags-recursive +.MAKE: install-am install-strip -.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ - all all-am check check-am clean clean-generic clean-libtool \ - ctags ctags-recursive distclean distclean-generic \ - distclean-libtool distclean-local distclean-tags distdir dvi \ - dvi-am html html-am info info-am install install-am \ - install-data install-data-am install-dist_docDATA \ - install-dist_htmlDATA install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am install-info \ - install-info-am install-man install-man1 install-man3 \ - install-man5 install-pdf install-pdf-am install-ps \ - install-ps-am install-strip installcheck installcheck-am \ - installdirs installdirs-am maintainer-clean \ - maintainer-clean-generic maintainer-clean-local mostlyclean \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags tags-recursive uninstall uninstall-am \ - uninstall-dist_docDATA uninstall-dist_htmlDATA uninstall-man \ - uninstall-man1 uninstall-man3 uninstall-man5 - - -@ENABLE_MAN_TRUE@@SVN_CHECKOUT_TRUE@html.out/*: html.out -@ENABLE_MAN_TRUE@@SVN_CHECKOUT_TRUE@html.out: api.work -@ENABLE_MAN_TRUE@@SVN_CHECKOUT_TRUE@ test -n "$(XSLTPROC)" -@ENABLE_MAN_TRUE@@SVN_CHECKOUT_TRUE@ -rm -fr html.tmp html.out -@ENABLE_MAN_TRUE@@SVN_CHECKOUT_TRUE@ $(MKDIR_P) html.tmp -@ENABLE_MAN_TRUE@@SVN_CHECKOUT_TRUE@ $(XSLTPROC) --nonet --path "$(srcdir)/api" --xinclude -o "html.tmp/api.html" "api.work/html.xsl" "$(srcdir)/api/api.xml" -@ENABLE_MAN_TRUE@@SVN_CHECKOUT_TRUE@ $(XSLTPROC) --nonet --path "$(srcdir)/api" --xinclude -o "html.tmp/tools.html" "api.work/html.xsl" "$(srcdir)/tools/tools.xml" -@ENABLE_MAN_TRUE@@SVN_CHECKOUT_TRUE@ mv html.tmp html.out - -@ENABLE_MAN_TRUE@@SVN_CHECKOUT_TRUE@man.out/*.1: man.out -@ENABLE_MAN_TRUE@@SVN_CHECKOUT_TRUE@man.out: api.work -@ENABLE_MAN_TRUE@@SVN_CHECKOUT_TRUE@ test -n "$(XSLTPROC)" -@ENABLE_MAN_TRUE@@SVN_CHECKOUT_TRUE@ -rm -fr man.tmp man.out -@ENABLE_MAN_TRUE@@SVN_CHECKOUT_TRUE@ $(MKDIR_P) man.tmp -@ENABLE_MAN_TRUE@@SVN_CHECKOUT_TRUE@ $(XSLTPROC) --nonet --path "$(srcdir)/api" --xinclude -o "man.tmp/" "api.work/man.xsl" "$(srcdir)/api/api.xml" -@ENABLE_MAN_TRUE@@SVN_CHECKOUT_TRUE@ $(XSLTPROC) --nonet --path "$(srcdir)/api" --xinclude -o "man.tmp/" "api.work/man.xsl" "$(srcdir)/tools/tools.xml" -@ENABLE_MAN_TRUE@@SVN_CHECKOUT_TRUE@ mv man.tmp man.out +.PHONY: all all-am check check-am clean clean-generic clean-libtool \ + clean-local distclean distclean-generic distclean-libtool \ + distdir dvi dvi-am html html-am info info-am install \ + install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-htmlDATA install-info install-info-am \ + install-man install-man1 install-man5 install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am uninstall uninstall-am \ + uninstall-htmlDATA uninstall-man uninstall-man1 uninstall-man5 + + +html.out/*: html.out +html.out: api.work + -rm -fr html.tmp html.out + $(MKDIR_P) html.tmp + $(XSLTPROC) --nonet --path "$(srcdir)/api" --xinclude -o "html.tmp/tools.html" "api.work/html.xsl" "$(srcdir)/tools/tools.xml" + mv html.tmp html.out + +man.out/*.1: man.out +man.out: api.work + -rm -fr man.tmp man.out + $(MKDIR_P) man.tmp + $(XSLTPROC) --nonet --path "$(srcdir)/api" --xinclude -o "man.tmp/" "api.work/man.xsl" "$(srcdir)/tools/tools.xml" + mv man.tmp man.out -@ENABLE_MAN_TRUE@@SVN_CHECKOUT_TRUE@man.out/*.3 man.out/*.5: man.out/*.1 +man.out/*.5: man.out/*.1 # # This part is needed as found no # way to make xsltproc find xsl-stylesheets # in builddir while xsl on srcdir # -@ENABLE_MAN_TRUE@@SVN_CHECKOUT_TRUE@api.work: \ -@ENABLE_MAN_TRUE@@SVN_CHECKOUT_TRUE@ $(abs_srcdir)/api/html.xsl \ -@ENABLE_MAN_TRUE@@SVN_CHECKOUT_TRUE@ $(abs_srcdir)/api/man.xsl -@ENABLE_MAN_TRUE@@SVN_CHECKOUT_TRUE@ -rm -fr api.work -@ENABLE_MAN_TRUE@@SVN_CHECKOUT_TRUE@ $(MKDIR_P) api.work -@ENABLE_MAN_TRUE@@SVN_CHECKOUT_TRUE@ $(LN_S) "$(abs_srcdir)/api/html.xsl" api.work/html.xsl -@ENABLE_MAN_TRUE@@SVN_CHECKOUT_TRUE@ $(LN_S) "$(abs_srcdir)/api/man.xsl" api.work/man.xsl -@ENABLE_MAN_TRUE@@SVN_CHECKOUT_TRUE@ $(LN_S) "$(xslstylesheetsdir)" api.work/xsl-stylesheets - -@ENABLE_MAN_FALSE@@SVN_CHECKOUT_TRUE@html.out/*: -@ENABLE_MAN_FALSE@@SVN_CHECKOUT_TRUE@man.out/*.1: -@ENABLE_MAN_FALSE@@SVN_CHECKOUT_TRUE@man.out/*.3 man.out/*.5: man.out/*.1 - -@SVN_CHECKOUT_FALSE@html.out/*: $(abs_builddir)/html.out -@SVN_CHECKOUT_FALSE@$(abs_builddir)/html.out: -@SVN_CHECKOUT_FALSE@ $(LN_S) "$(srcdir)/html.out" html.out - -@SVN_CHECKOUT_FALSE@man.out/*.3 man.out/*.5 man.out/*.1: $(abs_builddir)/man.out -@SVN_CHECKOUT_FALSE@$(abs_builddir)/man.out: -@SVN_CHECKOUT_FALSE@ $(LN_S) "$(srcdir)/man.out" man.out - -maintainer-clean-local: - -rm -rf "$(srcdir)/html.out" "$(srcdir)/man.out" - -distclean-local: - -rm -fr html.tmp man.tmp api.work - if test -L html.out; then \ - rm -rf html.out; \ - fi - if test -L man.out; then \ - rm -rf man.out; \ - fi +api.work: \ + $(abs_srcdir)/html.xsl \ + $(abs_srcdir)/man.xsl \ + $(abs_srcdir)/api.css + -rm -fr api.work + $(MKDIR_P) api.work + $(LN_S) "$(abs_srcdir)/html.xsl" api.work/html.xsl + $(LN_S) "$(abs_srcdir)/man.xsl" api.work/man.xsl + $(LN_S) "$(abs_srcdir)/api.css" api.work/api.css + $(LN_S) "$(xslstylesheetsdir)" api.work/xsl-stylesheets + +clean-local: + -rm -fr html.tmp man.tmp api.work html.out man.out # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff -Nru opensc-0.11.13/doc/man.out/cardos-tool.1 opensc-0.12.1/doc/man.out/cardos-tool.1 --- opensc-0.11.13/doc/man.out/cardos-tool.1 2010-02-16 09:35:18.000000000 +0000 +++ opensc-0.12.1/doc/man.out/cardos-tool.1 1970-01-01 00:00:00.000000000 +0000 @@ -1,74 +0,0 @@ -'\" t -.\" Title: cardos-tool -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC tools -.\" Source: opensc -.\" Language: English -.\" -.TH "CARDOS\-TOOL" "1" "02/16/2010" "opensc" "OpenSC tools" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -cardos-tool \- displays information about Card OS\-based security tokens or format them -.SH "SYNOPSIS" -.PP - -\fBcardos\-tool\fR -[OPTIONS] -.SH "DESCRIPTION" -.PP -The -\fBcardos\-tool\fR -utility is used to display information about smart cards and similar security tokens based on Siemens Card/OS M4\&. -.SH "OPTIONS" -.PP -.PP -\fB\-\-info\fR, \fB\-i\fR -.RS 4 -Display information about the card or token\&. -.RE -.PP -\fB\-\-format\fR, \fB\-f\fR -.RS 4 -Format the card or token\&. -.RE -.PP -\fB\-\-reader\fR number, \fB\-r\fR number -.RS 4 -Specify the reader number -\fInumber\fR -to use\&. The default is reader 0\&. -.RE -.PP -\fB\-\-card\-driver\fR name, \fB\-c\fR driver -.RS 4 -Use the card driver specified by -\fIname\fR\&. The default is to auto\-detect the correct card driver\&. -.RE -.PP -\fB\-\-wait, \-w\fR -.RS 4 -Causes -\fBcardos\-info\fR -to wait for the token to be inserted into reader\&. -.RE -.PP -\fB\-\-verbose, \-v\fR -.RS 4 -Causes -\fBcardos\-info\fR -to be more verbose\&. Specify this flag several times to enable debug output in the opensc library\&. -.RE -.SH "SEE ALSO" -.PP -opensc(7) diff -Nru opensc-0.11.13/doc/man.out/cryptoflex-tool.1 opensc-0.12.1/doc/man.out/cryptoflex-tool.1 --- opensc-0.11.13/doc/man.out/cryptoflex-tool.1 2010-02-16 09:35:18.000000000 +0000 +++ opensc-0.12.1/doc/man.out/cryptoflex-tool.1 1970-01-01 00:00:00.000000000 +0000 @@ -1,120 +0,0 @@ -'\" t -.\" Title: cryptoflex-tool -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC tools -.\" Source: opensc -.\" Language: English -.\" -.TH "CRYPTOFLEX\-TOOL" "1" "02/16/2010" "opensc" "OpenSC tools" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -cryptoflex-tool \- utility for manipulating Schlumberger Cryptoflex data structures -.SH "SYNOPSIS" -.PP - -\fBcryptoflex\-tool\fR -[OPTIONS] -.SH "DESCRIPTION" -.PP - -\fBcryptoflex\-tool\fR -is used to manipulate PKCS data structures on Schlumberger Cryptoflex smart cards\&. Users can create, list and read PINs and keys stored on the smart card\&. User PIN authentication is performed for those operations that require it\&. -.SH "OPTIONS" -.PP -.PP -\fB\-\-verify\-pin, \-V\fR -.RS 4 -Verifies CHV1 before issuing commands -.RE -.PP -\fB\-\-list\-keys, \-l\fR -.RS 4 -Lists all keys stored in a public key file -.RE -.PP -\fB\-\-create\-key\-files\fR \fIarg\fR, \fB\-c\fR \fIarg\fR -.RS 4 -Creates new RSA key files for -\fIarg\fR -keys -.RE -.PP -\fB\-\-create\-pin\-files\fR \fIid\fR, \fB\-P\fR \fIid\fR -.RS 4 -Creates new PIN file for CHV\fIid\fR -.RE -.PP -\fB\-\-generate\-key, \-g\fR -.RS 4 -Generate a new RSA key pair -.RE -.PP -\fB\-\-read\-key\fR -.RS 4 -Reads a public key from the card, allowing the user to extract and store or use the public key -.RE -.PP -\fB\-\-key\-num\fR \fInum\fR, \fB\-k\fR \fInum\fR -.RS 4 -Specifies the key number to operate on\&. The default is key number 1\&. -.RE -.PP -\fB\-\-app\-df\fR \fInum\fR, \fB\-a\fR \fInum\fR -.RS 4 -Specifies the DF to operate in -.RE -.PP -\fB\-\-prkey\-file\fR \fIid\fR, \fB\-p\fR \fIid\fR -.RS 4 -Specifies the private key file id, -\fIid\fR, to use -.RE -.PP -\fB\-\-pubkey\-file\fR \fIid\fR, \fB\-u\fR \fIid\fR -.RS 4 -Specifies the public key file id, -\fIid\fR, to use -.RE -.PP -\fB\-\-exponent\fR \fIexp\fR, \fB\-e\fR \fIexp\fR -.RS 4 -Specifies the RSA exponent, -\fIexp\fR, to use in key generation\&. The default value is 3\&. -.RE -.PP -\fB\-\-modulus\-length\fR \fIlength\fR, \fB\-m\fR \fIlength\fR -.RS 4 -Specifies the modulus -\fIlength\fR -to use in key generation\&. The default value is 1024\&. -.RE -.PP -\fB\-\-reader\fR \fInum\fR, \fB\-r\fR \fInum\fR -.RS 4 -Forces -\fBcryptoflex\-tool\fR -to use reader number -\fInum\fR -for operations\&. The default is to use reader number 0, the first reader in the system\&. -.RE -.PP -\fB\-\-verbose, \-v\fR -.RS 4 -Causes -\fBcryptoflex\-tool\fR -to be more verbose\&. Specify this flag several times to enable debug output in the opensc library\&. -.RE -.SH "SEE ALSO" -.PP -opensc(7), pkcs15\-tool(1) diff -Nru opensc-0.11.13/doc/man.out/netkey-tool.1 opensc-0.12.1/doc/man.out/netkey-tool.1 --- opensc-0.11.13/doc/man.out/netkey-tool.1 2010-02-16 09:35:18.000000000 +0000 +++ opensc-0.12.1/doc/man.out/netkey-tool.1 1970-01-01 00:00:00.000000000 +0000 @@ -1,148 +0,0 @@ -'\" t -.\" Title: netkey-tool -.\" Author: [see the "Authors" section] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC tools -.\" Source: opensc -.\" Language: English -.\" -.TH "NETKEY\-TOOL" "1" "02/16/2010" "opensc" "OpenSC tools" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -netkey-tool \- administrative utility for Netkey E4 cards -.SH "SYNOPSIS" -.PP -\fBnetkey\-tool\fR -[OPTIONS] [COMMAND] -.SH "DESCRIPTION" -.PP -The -\fBnetkey\-tool\fR -utility can be used from the command line to perform some smart card operations with NetKey E4 cards that cannot be done easily with other OpenSC\-tools, such as changing local PINs, storing certificates into empty NetKey E4 cert\-files or displaying the initial PUK\-value\&. -.SH "OPTIONS" -.PP -.PP -\fB\-\-help\fR, \fB\-h\fR -.RS 4 -Displays a short help message\&. -.RE -.PP -\fB\-\-reader\fR number, \fB\-r\fR number -.RS 4 -Use smart card in specified reader\&. Default is reader 0\&. -.RE -.PP -\fB\-v\fR -.RS 4 -Causes -\fBnetkey\-tool\fR -to be more verbose\&. This options may be specified multiple times to increase verbosity\&. -.RE -.PP -\fB\-\-pin\fR pin\-value, \fB\-p\fR pin\-value -.RS 4 -Specifies the current value of the global PIN\&. -.RE -.PP -\fB\-\-puk\fR pin\-value, \fB\-u\fR pin\-value -.RS 4 -Specifies the current value of the global PUK\&. -.RE -.PP -\fB\-\-pin0\fR pin\-value, \fB\-0\fR pin\-value -.RS 4 -Specifies the current value of the local PIN0 (aka local PIN)\&. -.RE -.PP -\fB\-\-pin1\fR pin\-value, \fB\-1\fR pin\-value -.RS 4 -Specifies the current value of the local PIN1 (aka local PUK)\&. -.RE -.SH "PIN FORMAT" -.PP -With the -\fB\-p\fR, -\fB\-u\fR, -\fB\-0\fR -or the -\fB\-1\fR -one of the cards pins may be specified\&. You may use plain ascii\-strings (i\&.e\&. 123456) or a hex\-string (i\&.e\&. 31:32:33:34:35:36)\&. A hex\-string must consists of exacly n 2\-digit hexnumbers separated by n\-1 colons\&. Otherwise it will be interpreted as an ascii string\&. For example :12:34: and 1:2:3:4 are both pins of length 7, while 12:34 and 01:02:03:04 are pins of length 2 and 4\&. -.SH "COMMANDS" -.PP -When used without any options or commands, -\fBnetkey\-tool\fR -will display information about the smart cards pins and certificates\&. This will not change your card in any aspect (assumed there are no bugs in -\fBnetkey\-tool\fR)\&. In particular the tries\-left counters of the pins are investigated without doing actual pin\-verifications\&. -.PP -If you specify the global PIN via the -\fB\-\-pin\fR -option, -\fBnetkey\-tool\fR -will also display the initial value of the cards global PUK\&. If your global PUK was changed -\fBnetkey\-tool\fR -will still diplay its initial value\&. There\'s no way to recover a lost global PUK once it was changed\&. There\'s also no way to display the initial value of your global PUK without knowing the current value of your global PIN\&. -.PP -For most of the commands that -\fBnetkey\-tool\fR -can execute, you have to specify one pin\&. One notable exeption is the -\fBnullpin\fR -command, but this command can only be executed once in the lifetime of a NetKey E4 card\&. -.PP -.PP -\fBunblock\fR { \fBpin\fR | \fBpin0\fR | \fBpin1\fR } -.RS 4 -This unblocks the specified pin\&. You must specify another pin to be able to do this and if you don\'t specify a correct one, -\fBnetkey\-tool\fR -will tell you which one is needed\&. -.RE -.PP -\fBchange\fR { \fBpin\fR | \fBpuk\fR | \fBpin0\fR | \fBpin1\fR } new\-pin -.RS 4 -This changes the value of the specified pin to the given new value\&. You must specify either the current value of the pin or another pin to be able to do this and if you don\'t specify a correct one, -\fBnetkey\-tool\fR -will tell you which one is needed\&. -.RE -.PP -\fBnullpin\fR initial\-pin -.RS 4 -This command can be executed only if the global PIN of your card is in nullpin\-state\&. There\'s no way to return back to nullpin\-state once you have changed your global PIN\&. You don\'t need a pin to execute the nullpin\-command\&. After a succesfull nullpin\-command -\fBnetkey\-tool\fR -will display your cards initial PUK\-value\&. -.RE -.PP -\fBcert\fR number filename -.RS 4 -This command will read one of your cards certificates (as specified by -\fBnumber\fR) and save this certificate into file -\fBfilename\fR -in PEM\-format\&. Certificates on a NetKey E4 card are readable without a pin, so you don\'t have to specify one\&. -.RE -.PP -\fBcert\fR filename number -.RS 4 -This command will read the first PEM\-encoded certificate from file -\fBfilename\fR -and store this into your smart cards certificate file -\fBnumber\fR\&. Some of your smart cards certificate files might be readonly, so this will not work with all values of -\fBnumber\fR\&. If a certificate file is writable you must specify a pin in order to change it\&. If you try to use this command without specifying a pin, -\fBnetkey\-tool\fR -will tell you which one is needed\&. -.RE -.SH "SEE ALSO" -.PP -opensc(7), opensc\-explorer(1) -.SH "AUTHORS" -.PP -\fBnetkey\-tool\fR -was written by Peter Koch -pk_opensc@web\&.de\&. diff -Nru opensc-0.11.13/doc/man.out/opensc-config.1 opensc-0.12.1/doc/man.out/opensc-config.1 --- opensc-0.11.13/doc/man.out/opensc-config.1 2010-02-16 09:35:17.000000000 +0000 +++ opensc-0.12.1/doc/man.out/opensc-config.1 1970-01-01 00:00:00.000000000 +0000 @@ -1,73 +0,0 @@ -'\" t -.\" Title: opensc-config -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC tools -.\" Source: opensc -.\" Language: English -.\" -.TH "OPENSC\-CONFIG" "1" "02/16/2010" "opensc" "OpenSC tools" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -opensc-config \- a tool to get information about the installed version of OpenSC -.SH "SYNOPSIS" -.PP - -\fBopensc\-config\fR -[OPTIONS] -.SH "DESCRIPTION" -.PP - -\fBopensc\-config\fR -is a tool that is used to get various information about the installed version of OpenSC\&. It is particularly useful in determining compiler and linker flags necessary to build programs with the OpenSC libraries\&. -.SH "OPTIONS" -.PP - -\fBopensc\-config\fR -accepts the following options: -.PP -\fB\-\-version\fR -.RS 4 -Print the installed version of OpenSC to standard output\&. -.RE -.PP -\fB\-\-libs\fR -.RS 4 -Print the linker flags that are needed to compile a program to use the OpenSC libraries\&. -.RE -.PP -\fB\-\-cflags\fR -.RS 4 -Print the compiler flags that are needed to compile a program to use the OpenSC libraries\&. -.RE -.PP -\fB\-\-prefix=PREFIX\fR -.RS 4 -If specified, use PREFIX instead of the installation prefix that OpenSC was built with when computing the output for the -\fB\-\-cflags\fR -and -\fB\-\-libs\fR -options\&. This option is also used for the exec prefix if \-\-exec\-prefix was not specified\&. This option must be specified before any \-\-libs or \-\-cflags options\&. -.RE -.PP -\fB\-\-exec\-prefix=PREFIX\fR -.RS 4 -If specified, use PREFIX instead of the installation exec prefix that OpenSC was built with when computing the output for the -\fB\-\-cflags\fR -and -\fB\-\-libs\fR -options\&. This option must be specified before any \-\-libs or \-\-cflags options\&. -.RE -.SH "SEE ALSO" -.PP -opensc(7) diff -Nru opensc-0.11.13/doc/man.out/opensc-explorer.1 opensc-0.12.1/doc/man.out/opensc-explorer.1 --- opensc-0.11.13/doc/man.out/opensc-explorer.1 2010-02-16 09:35:17.000000000 +0000 +++ opensc-0.12.1/doc/man.out/opensc-explorer.1 1970-01-01 00:00:00.000000000 +0000 @@ -1,165 +0,0 @@ -'\" t -.\" Title: opensc-explorer -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC tools -.\" Source: opensc -.\" Language: English -.\" -.TH "OPENSC\-EXPLORER" "1" "02/16/2010" "opensc" "OpenSC tools" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -opensc-explorer \- generic interactive utility for accessing smart card and similar security token functions -.SH "SYNOPSIS" -.PP - -\fBopensc\-explorer\fR -[OPTIONS] -.SH "DESCRIPTION" -.PP -The -\fBopensc\-explorer\fR -utility can be used interactively to perform miscellaneous operations such as exploring the contents of or sending arbitrary APDU commands to a smart card or similar security token\&. -.SH "OPTIONS" -.PP -The following are the command\-line options for -\fBopensc\-explorer\fR\&. There are additional interactive commands available once it is running\&. -.PP -\fB\-\-reader\fR num, \fB\-r\fR num -.RS 4 -Use the given reader number\&. The default is 0, the first reader in the system\&. -.RE -.PP -\fB\-\-card\-driver\fR driver, \fB\-c\fR driver -.RS 4 -Use the given card driver\&. The default is auto\-detected\&. -.RE -.PP -\fB\-\-verbose, \-v\fR -.RS 4 -Causes -\fBopensc\-explorer\fR -to be more verbose\&. Specify this flag several times to enable debug output in the opensc library\&. -.RE -.SH "COMMANDS" -.PP -The following commands are supported at the -\fBopensc\-explorer\fR -interactive prompt\&. -.PP -\fBls\fR -.RS 4 -list all files in the current DF -.RE -.PP -\fBcd\fR \fIfile\-id\fR -.RS 4 -change to another DF specified by -\fIfile\-id\fR -.RE -.PP -\fBcat\fR -.RS 4 -print the contents of the currently selected EF -.RE -.PP -\fBinfo\fR [\fIfile\-id\fR] -.RS 4 -display attributes of a file specified by -\fIfile\-id\fR\&. If -\fIfile\-id\fR -is not supplied, the attributes of the current file are printed\&. -.RE -.PP -\fBcreate\fR \fIfile\-id\fR \fIsize\fR -.RS 4 -create a new EF\&. -\fIfile\-id\fR -specifies the id number and -\fIsize\fR -is the size of the new file\&. -.RE -.PP -\fBdelete\fR \fIfile\-id\fR -.RS 4 -remove the EF or DF specified by -\fIfile\-id\fR -.RE -.PP -\fBverify\fR \fIkey\-type\fR\fIkey\-id\fR [\fIkey\fR] -.RS 4 -present a PIN or key to the card\&. Where -\fIkey\-type\fR -can be one of CHV, KEY or PRO\&. -\fIkey\-id\fR -is a number representing the key or PIN number\&. -\fIkey\fR -is the key or PIN to be verified in hex\&. -.sp -Example: verify CHV0 31:32:33:34:00:00:00:00 -.RE -.PP -\fBchange CHV\fR\fIid [old\-pin] new\-pin\fR -.RS 4 -change a PIN -.sp -Example: change CHV0 31:32:33:34:00:00:00:00 \'secret\' -.RE -.PP -\fBput\fR \fIfile\-id\fR [\fIinput\fR] -.RS 4 -copy a local file to the card\&. The local file is specified by -\fIinput\fR -while the card file is specified by -\fIfile\-id\fR -.RE -.PP -\fBget\fR \fIfile\-id\fR [\fIoutput\fR] -.RS 4 -copy an EF to a local file\&. The local file is specified by -\fIoutput\fR -while the card file is specified by -\fIfile\-id\fR\&. -.RE -.PP -\fBmkdir\fR \fIfile\-id\fR \fIsize\fR -.RS 4 -create a DF\&. -\fIfile\-id\fR -specifies the id number and -\fIsize\fR -is the size of the new file\&. -.RE -.PP -\fBpksign\fR -.RS 4 -create a public key signature\&. NOTE: This command is currently not implemented\&. -.RE -.PP -\fBpkdecrypt\fR -.RS 4 -perform a public key decryption\&. NOTE: This command is currently not implemented\&. -.RE -.PP -\fBerase\fR -.RS 4 -erase the card, if the card supports it\&. -.RE -.PP -\fBquit\fR -.RS 4 -exit the program -.RE -.SH "SEE ALSO" -.PP -opensc(7), opensc\-tool(1) diff -Nru opensc-0.11.13/doc/man.out/opensc-tool.1 opensc-0.12.1/doc/man.out/opensc-tool.1 --- opensc-0.11.13/doc/man.out/opensc-tool.1 2010-02-16 09:35:17.000000000 +0000 +++ opensc-0.12.1/doc/man.out/opensc-tool.1 1970-01-01 00:00:00.000000000 +0000 @@ -1,89 +0,0 @@ -'\" t -.\" Title: opensc-tool -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC tools -.\" Source: opensc -.\" Language: English -.\" -.TH "OPENSC\-TOOL" "1" "02/16/2010" "opensc" "OpenSC tools" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -opensc-tool \- generic smart card utility -.SH "SYNOPSIS" -.PP - -\fBopensc\-tool\fR -[OPTIONS] -.SH "DESCRIPTION" -.PP -The -\fBopensc\-tool\fR -utility can be used from the command line to perform miscellaneous smart card operations such as getting the card ATR or sending arbitrary APDU commands to a card\&. -.SH "OPTIONS" -.PP -.PP -\fB\-\-atr, \-a\fR -.RS 4 -Print the Answer To Reset (ATR) of the card, output is in hex byte format -.RE -.PP -\fB\-\-serial\fR -.RS 4 -Print the card serial number (normally the ICCSN), output is in hex byte format -.RE -.PP -\fB\-\-send\-apdu\fR apdu, \fB\-s\fR apdu -.RS 4 -Sends an arbitrary APDU to the card in the format AA:BB:CC:DD:EE:FF\&.\&.\&. -.RE -.PP -\fB\-\-list\-files, \-f\fR -.RS 4 -Recursively lists all files stored on card -.RE -.PP -\fB\-\-list\-readers, \-l\fR -.RS 4 -Lists all configured readers -.RE -.PP -\fB\-\-list\-drivers, \-D\fR -.RS 4 -Lists all installed card drivers -.RE -.PP -\fB\-\-list\-rdrivers, \-R\fR -.RS 4 -Lists all installed reader drivers -.RE -.PP -\fB\-\-reader\fR num, \fB\-r\fR num -.RS 4 -Use the given reader number\&. The default is 0, the first reader in the system\&. -.RE -.PP -\fB\-\-card\-driver\fR driver, \fB\-c\fR driver -.RS 4 -Use the given card driver\&. The default is auto\-detected\&. -.RE -.PP -\fB\-\-verbose, \-v\fR -.RS 4 -Causes -\fBopensc\-tool\fR -to be more verbose\&. Specify this flag several times to enable debug output in the opensc library\&. -.RE -.SH "SEE ALSO" -.PP -opensc(7), opensc\-explorer(1) diff -Nru opensc-0.11.13/doc/man.out/pkcs11-tool.1 opensc-0.12.1/doc/man.out/pkcs11-tool.1 --- opensc-0.11.13/doc/man.out/pkcs11-tool.1 2010-02-16 09:35:17.000000000 +0000 +++ opensc-0.12.1/doc/man.out/pkcs11-tool.1 1970-01-01 00:00:00.000000000 +0000 @@ -1,208 +0,0 @@ -'\" t -.\" Title: pkcs11-tool -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC tools -.\" Source: opensc -.\" Language: English -.\" -.TH "PKCS11\-TOOL" "1" "02/16/2010" "opensc" "OpenSC tools" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -pkcs11-tool \- utility for managing and using PKCS #11 security tokens -.SH "SYNOPSIS" -.PP - -\fBpkcs11\-tool\fR -[OPTIONS] -.SH "DESCRIPTION" -.PP -The -\fBpkcs11\-tool\fR -utility is used to manage the data objects on smart cards and similar PKCS #11 security tokens\&. Users can list and read PINs, keys and certificates stored on the token\&. User PIN authentication is performed for those operations that require it\&. -.SH "OPTIONS" -.PP -.PP -\fB\-\-login, \-l\fR -.RS 4 -Authenticate to the token before performing other operations\&. This option is not needed if a PIN is provided on the command line\&. -.RE -.PP -\fB\-\-pin\fR \fIpin\fR, \fB\-p\fR \fIpin\fR -.RS 4 -Use the given -\fIpin\fR -for token operations\&. WARNING: Be careful using this option as other users may be able to read the command line from the system or if it is embedded in a script\&. -.sp -This option will also set the -\fB\-\-login\fR -option\&. -.RE -.PP -\fB\-\-so\-pin\fR \fIpin\fR -.RS 4 -Use the given -\fIpin\fR -as the Security Officer PIN for some token operations (token initialization, user PIN initialization, etc)\&. The same warning as -\fB\-\-pin\fR -also applies here\&. -.RE -.PP -\fB\-\-init\-token\fR -.RS 4 -Initializes a token: set the token label as well as a Security Officer PIN (the label must be specified using -\fB\-\-label\fR)\&. -.RE -.PP -\fB\-\-init\-pin\fR -.RS 4 -Initializes the user PIN\&. This option differs from \-\-change\-pin in that it sets the user PIN for the first time\&. Once set, the user PIN can be changed using -\fB\-\-change\-pin\fR\&. -.RE -.PP -\fB\-\-change\-pin, \-c\fR -.RS 4 -Change the user PIN on the token -.RE -.PP -\fB\-\-test, \-t\fR -.RS 4 -Performs some tests on the token\&. This option is most useful when used with either -\fB\-\-login\fR -or -\fB\-\-pin\fR\&. -.RE -.PP -\fB\-\-show\-info, \-I\fR -.RS 4 -Displays general token information\&. -.RE -.PP -\fB\-\-list\-slots, \-L\fR -.RS 4 -Displays a list of available slots on the token\&. -.RE -.PP -\fB\-\-list\-mechanisms, \-M\fR -.RS 4 -Displays a list of mechanisms supported by the token\&. -.RE -.PP -\fB\-\-list\-objects, \-O\fR -.RS 4 -Displays a list of objects\&. -.RE -.PP -\fB\-\-sign, s\fR -.RS 4 -Sign some data\&. -.RE -.PP -\fB\-\-hash, \-h\fR -.RS 4 -Hash some data\&. -.RE -.PP -\fB\-\-mechanism\fR \fImechanism\fR, \fB\-m\fR \fImechanism\fR -.RS 4 -Use the specified -\fImechanism\fR -for token operations\&. See -\fB\-M\fR -for a list of mechanisms supported by your token\&. -.RE -.PP -\fB\-\-keypairgen, \-k\fR -.RS 4 -Generate a new key pair (public and private pair\&.) -.RE -.PP -\fB\-\-write\-object\fR \fIid\fR, \fB\-w\fR \fIid\fR -.RS 4 -Write a key or certificate object to the token\&. -.RE -.PP -\fB\-\-type\fR \fItype\fR, \fB\-y\fR \fItype\fR -.RS 4 -Specify the type of object to operate on\&. Examples are -\fIcert\fR, -\fIprivkey\fR -and -\fIpubkey\fR\&. -.RE -.PP -\fB\-\-id\fR \fIid\fR, \fB\-d\fR \fIid\fR -.RS 4 -Specify the id of the object to operate on\&. -.RE -.PP -\fB\-\-label\fR \fIname\fR, \fB\-a\fR \fIname\fR -.RS 4 -Specify the name of the object to operate on (or the token label when -\fB\-\-init\-token\fR -is used)\&. -.RE -.PP -\fB\-\-slot\fR \fIid\fR -.RS 4 -Specify the id of the slot to use\&. -.RE -.PP -\fB\-\-slot\-id\fR \fIname\fR -.RS 4 -Specify the name of the slot to use\&. -.RE -.PP -\fB\-\-set\-id\fR \fIid\fR, \fB\-e\fR \fIid\fR -.RS 4 -Set the CKA_ID of the object\&. -.RE -.PP -\fB\-\-attr\-from\fR \fIpath\fR -.RS 4 -Extract information from -\fIpath\fR -(DER\-encoded certificate file) and create the corresponding attributes when writing an object to the token\&. Example: the certificate subject name is used to create the CKA_SUBJECT attribute\&. -.RE -.PP -\fB\-\-input\-file\fR \fIpath\fR, \fB\-i\fR \fIpath\fR -.RS 4 -Specify the path to a file for input\&. -.RE -.PP -\fB\-\-output\-file\fR \fIpath\fR, \fB\-o\fR \fIpath\fR -.RS 4 -Specify the path to a file for output\&. -.RE -.PP -\fB\-\-module\fR \fImod\fR -.RS 4 -Specify a PKCS#11 module (or library) to load\&. -.RE -.PP -\fB\-\-moz\-cert\fR \fIpath\fR, \fB\-z\fR \fIpath\fR -.RS 4 -Tests a Mozilla\-like keypair generation and certificate request\&. Specify the -\fIpath\fR -to the certificate file\&. -.RE -.PP -\fB\-\-verbose, \-v\fR -.RS 4 -Causes -\fBpkcs11\-tool\fR -to be more verbose\&. Specify this flag several times to enable debug output in the OpenSC library\&. -.RE -.SH "SEE ALSO" -.PP -opensc(7) diff -Nru opensc-0.11.13/doc/man.out/pkcs15-crypt.1 opensc-0.12.1/doc/man.out/pkcs15-crypt.1 --- opensc-0.11.13/doc/man.out/pkcs15-crypt.1 2010-02-16 09:35:17.000000000 +0000 +++ opensc-0.12.1/doc/man.out/pkcs15-crypt.1 1970-01-01 00:00:00.000000000 +0000 @@ -1,123 +0,0 @@ -'\" t -.\" Title: pkcs15-crypt -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC tools -.\" Source: opensc -.\" Language: English -.\" -.TH "PKCS15\-CRYPT" "1" "02/16/2010" "opensc" "OpenSC tools" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -pkcs15-crypt \- perform crypto operations using pkcs15 smart card -.SH "SYNOPSIS" -.PP - -\fBpkcs15\-crypt\fR -[OPTIONS] -.SH "DESCRIPTION" -.PP -The -\fBpkcs15\-crypt\fR -utility can be used from the command line to perform cryptographic operations such as computing digital signatures or decrypting data, using keys stored on a PKCS #15 compliant smart card\&. -.SH "OPTIONS" -.PP -.PP -\fB\-\-sign, \-s\fR -.RS 4 -Perform digital signature operation on the data read from a file specified using the -\fBinput\fR -option\&. By default, the contents of the file are assumed to be the result of an MD5 hash operation\&. Note that -\fBpkcs15\-crypt\fR -expects the data in binary representation, not ASCII\&. -.sp -The digital signature is stored, in binary representation, in the file specified by the -\fBoutput\fR -option\&. If this option is not given, the signature is printed on standard output, displaying non\-printable characters using their hex notation xNN (see also -\fB\-\-raw\fR)\&. -.RE -.PP -\fB\-\-pkcs1\fR -.RS 4 -By default, -\fBpkcs15\-crypt\fR -assumes that input data has been padded to the correct length (i\&.e\&. when computing an RSA signature using a 1024 bit key, the input must be padded to 128 bytes to match the modulus length)\&. When giving the -\fB\-\-pkcs1\fR -option, however, -\fBpkcs15\-crypt\fR -will perform the required padding using the algorithm outlined in the PKCS #1 standard version 1\&.5\&. -.RE -.PP -\fB\-\-sha\-1\fR -.RS 4 -This option tells -\fBpkcs15\-crypt\fR -that the input file is the result of an SHA1 hash operation, rather than an MD5 hash\&. Again, the data must be in binary representation\&. -.RE -.PP -\fB\-\-decipher, \-c\fR -.RS 4 -Decrypt the contents of the file specified by the -\fB\-\-input\fR -option\&. The result of the decryption operation is written to the file specified by the -\fB\-\-output\fR -option\&. If this option is not given, the decrypted data is printed to standard output, displaying non\-printable characters using their hex notation xNN (see also -\fB\-\-raw\fR)\&. -.RE -.PP -\fB\-\-key\fR \fIid\fR, \fB\-k\fR \fIid\fR -.RS 4 -Selects the ID of the key to use\&. -.RE -.PP -\fB\-\-reader\fR \fIN\fR, \fB\-r\fR \fIN\fR -.RS 4 -Selects the -\fIN\fR\-th smart card reader configured by the system\&. If unspecified, -\fBpkcs15\-crypt\fR -will use the first reader found\&. -.RE -.PP -\fB\-\-input\fR \fIfile\fR, \fB\-i\fR \fIfile\fR -.RS 4 -Specifies the input file to use\&. -.RE -.PP -\fB\-\-output\fR \fIfile\fR, \fB\-o\fR \fIfile\fR -.RS 4 -Any output will be sent to the specified file\&. -.RE -.PP -\fB\-\-raw, \-R\fR -.RS 4 -Outputs raw 8 bit data\&. -.RE -.PP -\fB\-\-pin\fR \fIpin\fR, \fB\-p\fR \fIpin\fR -.RS 4 -When the cryptographic operation requires a PIN to access the key, -\fBpkcs15\-crypt\fR -will prompt the user for the PIN on the terminal\&. Using this option allows you to specify the PIN on the command line\&. -.sp -Note that on most operating systems, the command line of a process can be displayed by any user using the ps(1) command\&. It is therefore a security risk to specify secret information such as PINs on the command line\&. If you specify \'\-\' as PIN, it will be read from STDIN\&. -.RE -.PP -\fB\-\-verbose, \-v\fR -.RS 4 -Causes -\fBpkcs15\-crypt\fR -to be more verbose\&. Specify this flag several times to enable debug output in the OpenSC library\&. -.RE -.SH "SEE ALSO" -.PP -pkcs15\-init(1), pkcs15\-tool(1) diff -Nru opensc-0.11.13/doc/man.out/pkcs15-init.1 opensc-0.12.1/doc/man.out/pkcs15-init.1 --- opensc-0.11.13/doc/man.out/pkcs15-init.1 2010-02-16 09:35:18.000000000 +0000 +++ opensc-0.12.1/doc/man.out/pkcs15-init.1 1970-01-01 00:00:00.000000000 +0000 @@ -1,288 +0,0 @@ -'\" t -.\" Title: pkcs15-init -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC tools -.\" Source: opensc -.\" Language: English -.\" -.TH "PKCS15\-INIT" "1" "02/16/2010" "opensc" "OpenSC tools" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -pkcs15-init \- smart card personalization utility -.SH "DESCRIPTION" -.PP -The -\fBpkcs15\-init\fR -utility can be used to create a PKCS #15 structure on a smart card, and add key or certificate objects\&. Details of the structure that will be created are controlled via profiles\&. -.PP -The profile used by default is -\fBpkcs15\fR\&. Alternative profiles can be specified via the -\fB\-p\fR -switch\&. -.SH "PIN USAGE" -.PP - -\fBpkcs15\-init\fR -can be used to create a PKCS #15 structure on your smart card, create PINs, and install keys and certificates on the card\&. This process is also called -\fIpersonalization\fR\&. -.PP -An OpenSC card can have one security officer PIN, and zero or more user PINs\&. PIN stands for Personal Identification Number, and is a secret code you need to present to the card before being allowed to perform certain operations, such as using one of the stored RSA keys to sign a document, or modifying the card itself\&. -.PP -Usually, PINs are a sequence of decimal digits, but some cards will accept arbitrary ASCII characters\&. Be aware however that using characters other than digits will make the card unusable with PIN pad readers, because those usually have keys for entering digits only\&. -.PP -The security officer (SO) PIN is special; it is used to protect meta data information on the card, such as the PKCS #15 structure itself\&. Setting the SO PIN is optional, because the worst that can usually happen is that someone finding your card can mess it up\&. To extract any of your secret keys stored on the card, an attacker will still need your user PIN, at least for the default OpenSC profiles\&. However, it is possible to create card profiles that will allow the security officer to override user PINs\&. -.PP -For each PIN, you can specify a PUK (also called -\fIunblock PIN\fR)\&. The PUK can be used to overwrite or unlock a PIN if too many incorrect values have been entered in a row\&. -.SH "MODES OF OPERATION" -.SS "Initialization" -.PP -This is the first step during card personalization, and will create the basic files on the card\&. To create the initial PKCS #15 structure, invoke the utility as -.PP - -\fBpkcs15\-init \-\-create\-pkcs15\fR -.PP -You will then be asked for several the security officer PIN and PUK\&. Simply pressing return at the SO PIN prompt will skip installation of an SO PIN\&. -.PP -If the card supports it, you can also request that the card is erased prior to creating the PKCS #15 structure, by specifying the -\fB\-\-erase\-card\fR -option\&. -.SS "User PIN Installation" -.PP -Before installing any user objects such as private keys, you need at least one PIN to protect these objects\&. you can do this using -.PP - -\fBpkcs15\-init \-\-store\-pin \-\-id " nn\fR -.PP -where -\fInn\fR -is a PKCS #15 ID in hexadecimal notation\&. Common values are 01, 02, etc\&. -.PP -Entering the command above will ask you for the user\'s PIN and PUK\&. If you do not wish to install an unblock PIN, simply press return at the PUK prompt\&. -.PP -To set a label for this PIN object (which can be used by applications to display a meaningful prompt to the user), use the -\fB\-\-label\fR -command line option\&. -.SS "Key generation" -.PP - -\fBpkcs15\-init\fR -lets you generate a new key and store it on the card\&. You can do this using: -.PP - -\fBpkcs15\-init \-\-generate\-key " keyspec " \-\-auth\-id " nn\fR -.PP -where -\fBkeyspec\fR -describes the algorithm and length of the key to be created, such as -\fBrsa/512\fR\&. This will create a 512 bit RSA key\&. Currently, only RSA key generation is supported\&. Note that cards usually support just a few different key lengths\&. Almost all cards will support 512 and 1024 bit keys, some will support 768 or 2048 as well\&. -.PP - -\fBnn\fR -is the ID of a user PIN installed previously, e\&.g\&. 01\&. -.PP -In addition to storing the private portion of the key on the card, -\fBpkcs15\-init\fR -will also store the the public portion of the key as a PKCS #15 public key object\&. -.PP -By default, -\fBpkcs15\-init\fR -will try to use the card\'s on\-board key generation facilities, if available\&. If the card does not support on\-board key generation, -\fBpkcs15\-init\fR -will fall back to software key generation\&. -.SS "Private Key Download" -.PP -You can use a private key generated by other means and download it to the card\&. For instance, to download a private key contained in a file named -\fIokir\&.pem\fR, which is in PEM format, you would use -.PP - -\fBpkcs15\-init \-\-store\-private\-key okir\&.pem \-\-id 45 \-\-auth\-id 01\fR -.PP -If the key is protected by a pass phrase, -\fBpkcs15\-init\fR -will prompt you for a pass phrase to unlock the key\&. -.PP -In addition to storing the private portion of the key on the card, -\fBpkcs15\-init\fR -will also store the the public portion of the key as a PKCS #15 public key object\&. -.PP -Note the use of the -\fB\-\-id\fR -option\&. The current -\fBpkcs15\fR -profile defines two key templates, one for authentication (key ID 45), and one for non\-repudiation purposes (key ID 46)\&. Other key templates will probably be added in the future\&. Note that if you don\'t specify a key ID, -\fBpkcs15\-init\fR -will pick just the first key template defined by the profile\&. -.PP -In addition to the PEM key file format, -\fBpkcs15\-init\fR -also supports DER encoded keys, and PKCS #12 files\&. The latter is the file format used by Netscape Navigator (among others) when exporting certificates to a file\&. A PKCS #12 file usually contains the X\&.509 certificate corresponding to the private key\&. If that is the case, -\fBpkcs15\-init\fR -will store the certificate instead of the public key portion\&. -.SS "Public Key Download" -.PP -You can also download individual public keys to the card using the -\fB\-\-store\-public\-key\fR -option, which takes a filename as an argument\&. This file is supposed to contain the public key\&. If you don\'t specify a key file format using the -\fB\-\-format\fR -option, -\fBpkcs15\-init\fR -will assume PEM format\&. The only other supported public key file format is DER\&. -.PP -Since the corresponding public keys are always downloaded automatically when generating a new key, or when downloading a private key, you will probably use this option only very rarely\&. -.SS "Certificate Download" -.PP -You can download certificates to the card using the -\fB\-\-store\-certificate\fR -option, which takes a filename as an argument\&. This file is supposed to contain the DER encoded X\&.509 certificate\&. -.SS "Downloading PKCS #12 bags" -.PP -Most browsers nowadays use PKCS #12 format files when you ask them to export your key and certificate to a file\&. -\fBpkcs15\-init\fR -is capable of parsing these files, and storing their contents on the card in a single operation\&. This works just like storing a private key, except that you need to specify the file format: -.PP - -\fBpkcs15\-init \-\-store\-private\-key okir\&.p12 \-\-format pkcs12 \-\-auth\-id 01\fR -.PP -This will install the private key contained in the file -\fIokir\&.p12\fR, and protect it with the PIN referenced by authentication ID -\fI01\fR\&. It will also store any X\&.509 certificates contained in the file, which is usually the user certificate that goes with the key, as well as the CA certificate\&. -.SH "OPTIONS" -.PP -.PP -\fB\-\-profile\fR \fIname\fR, \fB\-p\fR \fIname\fR -.RS 4 -Tells -\fBpkcs15\-init\fR -to load the specified general profile\&. Currently, the only application profile defined is -\fBpkcs15\fR, but you can write your own profiles and specify them using this option\&. -.sp -The profile name can be combined with one or more -\fIprofile options\fR, which slightly modify the profile\'s behavior\&. For instance, the default OpenSC profile supports the -\fBopenpin\fR -option, which installs a single PIN during card initialization\&. This PIN is then used both as the SO PIN as well as the user PIN for all keys stored on the card\&. -.sp -Profile name and options are separated by a -\fB+\fR -character, as in -\fBpkcs15+onepin\fR\&. -.RE -.PP -\fB\-\-card\-profile\fR \fIname\fR, \fB\-c\fR \fIname\fR -.RS 4 -Tells -\fBpkcs15\-init\fR -to load the specified card profile option\&. You will rarely need this option\&. -.RE -.PP -\fB\-\-create\-pkcs15, \-C\fR -.RS 4 -This tells -\fBpkcs15\-init\fR -to create a PKCS #15 structure on the card, and initialize any PINs\&. -.RE -.PP -\fB\-\-erase\-card, \-E\fR -.RS 4 -This will erase the card prior to creating the PKCS #15 structure, if the card supports it\&. If the card does not support erasing, -\fBpkcs15\-init\fR -will fail\&. -.RE -.PP -\fB\-\-generate\-key\fR \fIkeyspec\fR, \fB\-G\fR \fIkeyspec\fR -.RS 4 -Tells the card to generate new key and store it on the card\&. -\fIkeyspec\fR -consists of an algorithm name (currently, the only supported name is -\fBRSA\fR), optionally followed by a slash and the length of the key in bits\&. It is a good idea to specify the key ID along with this command, using the -\fBid\fR -option\&. -.RE -.PP -\fB\-\-store\-private\-key\fR \fIfilename\fR, \fB\-S\fR \fIfilename\fR -.RS 4 -Tells -\fBpkcs15\-init\fR -to download the specified private key to the card\&. This command will also create a public key object containing the public key portion\&. By default, the file is assumed to contain the key in PEM format\&. Alternative formats can be specified using -\fB\-\-format\fR\&. It is a good idea to specify the key ID along with this command, using the -\fB\-\-id\fR -option\&. -.RE -.PP -\fB\-\-store\-public\-key\fR \fIfilename\fR, \fB\-P\fR \fIfilename\fR -.RS 4 -Tells -\fBpkcs15\-init\fR -to download the specified public key to the card and create a public key object with the key ID specified via the -\fB\-\-id\fR\&. By default, the file is assumed to contain the key in PEM format\&. Alternative formats can be specified using -\fB\-\-format\fR\&. -.RE -.PP -\fB\-\-store\-certificate\fR \fIfilename\fR, \fB\-X\fR \fIfilename\fR -.RS 4 -Tells -\fBpkcs15\-init\fR -to store the certificate given in -\fBfilename\fR -on the card, creating a certificate object with the ID specified via the -\fB\-\-id\fR -option\&. The file is assumed to contain the DER encoded certificate\&. -.RE -.PP -\fB\-\-so\-pin, \-\-so\-puk, \-\-pin, \-\-puk\fR -.RS 4 -These options can be used to specify PIN/PUK values on the command line\&. Note that on most operation systems, any user can display the command line of any process on the system using utilities such as -\fBps(1)\fR\&. Therefore, you should use these options only on a secured system, or in an options file specified with -\fB\-\-options\-file\fR\&. -.RE -.PP -\fB\-\-passphrase\fR -.RS 4 -When downloading a private key, this option can be used to specify the pass phrase to unlock the private key\&. The same caveat applies here as in the case of the -\fB\-\-pin\fR -options\&. -.RE -.PP -\fB\-\-options\-file\fR \fIfilename\fR -.RS 4 -Tells -\fBpkcs15\-init\fR -to read additional options from -\fIfilename\fR\&. The file is supposed to contain one long option per line, without the leading dashes, for instance: -.sp -.if n \{\ -.RS 4 -.\} -.nf - pin frank - puk zappa -.fi -.if n \{\ -.RE -.\} -.sp -You can specify -\fB\-\-options\-file\fR -several times\&. -.RE -.PP -\fB\-\-verbose, \-v\fR -.RS 4 -Causes -\fBpkcs15\-init\fR -to be more verbose\&. Specify this flag several times to enable debug output in the OpenSC library\&. -.RE -.SH "SEE ALSO" -.PP -pkcs15\-profile(5) diff -Nru opensc-0.11.13/doc/man.out/pkcs15-profile.5 opensc-0.12.1/doc/man.out/pkcs15-profile.5 --- opensc-0.11.13/doc/man.out/pkcs15-profile.5 2010-02-16 09:35:18.000000000 +0000 +++ opensc-0.12.1/doc/man.out/pkcs15-profile.5 1970-01-01 00:00:00.000000000 +0000 @@ -1,46 +0,0 @@ -'\" t -.\" Title: pkcs15-profile -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC tools -.\" Source: opensc -.\" Language: English -.\" -.TH "PKCS15\-PROFILE" "5" "02/16/2010" "opensc" "OpenSC tools" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -pkcs15-profile \- format of profile for \fBpkcs15\-init\fR -.SH "SYNOPSIS" -.PP - -.SH "DESCRIPTION" -.PP -The -\fBpkcs15\-init\fR -utility for PKCS #15 smart card personalization is controlled via profiles\&. When starting, it will read two such profiles at the moment, a generic application profile, and a card specific profile\&. The generic profile must be specified on the command line, while the card\-specific file is selected based on the type of card detected\&. -.PP -The generic application profile defines general information about the card layout, such as the path of the application DF, various PKCS #15 files within that directory, and the access conditions on these files\&. It also defines general information about PIN, key and certificate objects\&. Currently, there is only one such generic profile, -\fBpkcs15\&.profile\fR\&. -.PP -The card specific profile contains additional information required during card intialization, such as location of PIN files, key references etc\&. Profiles currently reside in -\fB@pkgdatadir@\fR -.SH "SYNTAX" -.PP -This section should contain information about the profile syntax\&. Will add this soonishly\&. -.SH "SEE ALSO" -.PP - -\fBpkcs15\fR(7), -\fBpkcs15\-init\fR(1), -\fBpkcs15\-crypt\fR(1), -\fBopensc\fR(7), diff -Nru opensc-0.11.13/doc/man.out/pkcs15-tool.1 opensc-0.12.1/doc/man.out/pkcs15-tool.1 --- opensc-0.11.13/doc/man.out/pkcs15-tool.1 2010-02-16 09:35:17.000000000 +0000 +++ opensc-0.12.1/doc/man.out/pkcs15-tool.1 1970-01-01 00:00:00.000000000 +0000 @@ -1,122 +0,0 @@ -'\" t -.\" Title: pkcs15-tool -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC tools -.\" Source: opensc -.\" Language: English -.\" -.TH "PKCS15\-TOOL" "1" "02/16/2010" "opensc" "OpenSC tools" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -pkcs15-tool \- utility for manipulating PKCS #15 data structures on smart cards and similar security tokens -.SH "SYNOPSIS" -.PP - -\fBpkcs15\-tool\fR -[OPTIONS] -.SH "DESCRIPTION" -.PP -The -\fBpkcs15\-tool\fR -utility is used to manipulate the PKCS #15 data structures on smart cards and similar security tokens\&. Users can list and read PINs, keys and certificates stored on the token\&. User PIN authentication is performed for those operations that require it\&. -.SH "OPTIONS" -.PP -.PP -\fB\-\-learn\-card, \-L\fR -.RS 4 -Cache PKCS #15 token data to the local filesystem\&. Subsequent operations are performed on the cached data where possible\&. If the cache becomes out\-of\-sync with the token state (eg\&. new key is generated and stored on the token), the cache should be updated or operations may show stale results\&. -.RE -.PP -\fB\-\-read\-certificate\fR \fIcert\fR, \fB\-r\fR \fIcert\fR -.RS 4 -Reads the certificate with the given id\&. -.RE -.PP -\fB\-\-list\-certificates, \-c\fR -.RS 4 -Lists all certificates stored on the token\&. -.RE -.PP -\fB\-\-list\-pins\fR -.RS 4 -Lists all PINs stored on the token\&. General information about each PIN is listed (eg\&. PIN name)\&. Actual PIN values are not shown\&. -.RE -.PP -\fB\-\-change\-pin\fR -.RS 4 -Changes a PIN stored on the token\&. User authentication is required for this operation\&. -.RE -.PP -\fB\-\-unblock\-pin, \-u\fR -.RS 4 -Unblocks a PIN stored on the token\&. Knowledge of the Pin Unblock Key (PUK) is required for this operation\&. -.RE -.PP -\fB\-\-list\-keys, \-k\fR -.RS 4 -Lists all private keys stored on the token\&. General information about each private key is listed (eg\&. key name, id and algorithm)\&. Actual private key values are not displayed\&. -.RE -.PP -\fB\-\-list\-public\-keys\fR -.RS 4 -Lists all public keys stored on the token, including key name, id, algorithm and length information\&. -.RE -.PP -\fB\-\-read\-public\-key\fR \fIid\fR -.RS 4 -Reads the public key with id -\fIid\fR, allowing the user to extract and store or use the public key\&. -.RE -.PP -\fB\-\-read\-ssh\-key\fR \fIid\fR -.RS 4 -Reads the public key with id -\fIid\fR, writing the output in format suitable for $HOME/\&.ssh/authorized_keys\&. -.RE -.PP -\fB\-\-output\fR \fIfilename\fR, \fB\-o\fR \fIfilename\fR -.RS 4 -Specifies where key output should be written\&. If -\fIfilename\fR -already exists, it will be overwritten\&. If this option is not given, keys will be printed to standard output\&. -.RE -.PP -\fB\-\-no\-cache\fR -.RS 4 -Disables token data caching\&. -.RE -.PP -\fB\-\-pin\-id\fR \fIpin\fR, \fB\-a\fR \fIpin\fR -.RS 4 -Specifies the auth id of the PIN to use for the operation\&. This is useful with the \-\-change\-pin operation\&. -.RE -.PP -\fB\-\-reader\fR \fInum\fR -.RS 4 -Forces -\fBpkcs15\-tool\fR -to use reader number -\fInum\fR -for operations\&. The default is to use reader number 0, the first reader in the system\&. -.RE -.PP -\fB\-\-verbose, \-v\fR -.RS 4 -Causes -\fBpkcs15\-tool\fR -to be more verbose\&. Specify this flag several times to enable debug output in the OpenSC library\&. -.RE -.SH "SEE ALSO" -.PP -opensc(7), pkcs15\-init(1), pkcs15\-crypt(1) diff -Nru opensc-0.11.13/doc/man.out/sc_append_record.3 opensc-0.12.1/doc/man.out/sc_append_record.3 --- opensc-0.11.13/doc/man.out/sc_append_record.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_append_record.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,54 +0,0 @@ -'\" t -.\" Title: sc_append_record -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_APPEND_RECORD" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_append_record \- Append a record to a file -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_append_record(struct sc_card *card, - const unsigned char *buf, size_t buflen, - unsigned long flags); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function appends a record that is -\fIbuflen\fR -bytes long from the buffer pointed to by -\fIbuf\fR -to a record\-structured elementary file (EF) on -\fIcard\fR\&. The function corresponds to the ISO 7816 APPEND RECORD function\&. Call -sc_select_file() -first to select the file to write to\&. -.SH "RETURN VALUE" -.PP -Returns the number of bytes written if successful, or a negative value in case of error\&. diff -Nru opensc-0.11.13/doc/man.out/sc_app_info_t.3 opensc-0.12.1/doc/man.out/sc_app_info_t.3 --- opensc-0.11.13/doc/man.out/sc_app_info_t.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_app_info_t.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,92 +0,0 @@ -'\" t -.\" Title: sc_app_info_t -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_APP_INFO_T" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_app_info_t \- OpenSC application structure -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -#define SC_MAX_AID_SIZE 16 - -typedef struct sc_app_info { - unsigned char aid[SC_MAX_AID_SIZE]; - size_t aid_len; - char *label; - sc_path_t path; - unsigned char *ddo; - size_t ddo_len; - - const char *desc; - int rec_nr; -} sc_app_info_t; - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This structure describes a smart card application\&. It contains the following members: -.PP -\fIaid\fR -.RS 4 -The applications\'s AID\&. An AID uniquely identifies an application, and consists of an RID (a 5\-byte "Registered Application Provider Identifier") and a PIX, which identifies an application by that provider\&. For example, the RID for PKCS#15 consists of the bytes A0 00 00 00 63, and the PIX is the string "PKCS\-15"\&. Thus, the AID of a PKCS#15 application on a smart card is A0 00 00 00 63 50 4B 43 53 2D 31\&. -.RE -.PP -\fIaid_len\fR -.RS 4 -The length of the AID in bytes\&. -.RE -.PP -\fIlabel\fR -.RS 4 -A UTF\-8 string describing the application\&. -.RE -.PP -\fIpath\fR -.RS 4 -The application\'s full path on the card, starting at the MF\&. -.RE -.PP -\fIddo\fR -.RS 4 -.RE -.PP -\fIddo_len\fR -.RS 4 -.RE -.PP -\fIdesc\fR -.RS 4 -A description of the application, if available\&. -.RE -.PP -\fIrec_nr\fR -.RS 4 -If the EF(DIR) file is record\-structured, this has the record number in which this application is stored\&. Otherwise, this is \-1\&. -.RE diff -Nru opensc-0.11.13/doc/man.out/sc_asn1_decode.3 opensc-0.12.1/doc/man.out/sc_asn1_decode.3 --- opensc-0.11.13/doc/man.out/sc_asn1_decode.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_asn1_decode.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,82 +0,0 @@ -'\" t -.\" Title: sc_asn1_decode -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_ASN1_DECODE" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_asn1_decode \- Extract entries from an ASN\&.1 stream -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_asn1_decode(struct sc_context *ctx, struct sc_asn1_entry *asn1, - const unsigned char *inbuf, size_t len, - const unsigned char **newbuf, size_t *len_left); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function extracts information from the ASN\&.1 stream pointed to by -\fIinbuf\fR -(which is -\fIlen\fR -bytes in size) and stores it into the array of -struct sc_asn_1 -entries pointed to by -\fIasn1\fR\&. The array must be big enough to contain all the entries that will be found, or an error will be flagged\&. The last entry in the array must be a NULL entry, i\&.e\&. the -\fIname\fR -field must be set to NULL\&. -.PP -The structure of the expected data must be encoded in the entries in -\fIasn1\fR -before calling this function; specifically the -\fIname\fR, -\fItype\fR, -\fItag\fR -and -\fIflags\fR -fields must be filled in\&. -.PP -The function will then scan the stream and fill in the remaining fields\&. -\fInewbuf\fR -will point to the byte immediately following the extracted record, and -\fIlen_left\fR -will contain the number of bytes left in the buffer\&. Thus, the -\fInewbuf\fR -and -\fIlen_left\fR -fields may be passed in to sc_asn1_decode() again, as the -\fIinbuf\fR -and -\fIlen\fR -parameters, until -\fIlen\fR -reaches 0\&. -.SH "RETURN VALUE" -.PP -Returns 0 if successful, or a negative value in case of error\&. diff -Nru opensc-0.11.13/doc/man.out/sc_asn1_encode.3 opensc-0.12.1/doc/man.out/sc_asn1_encode.3 --- opensc-0.11.13/doc/man.out/sc_asn1_encode.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_asn1_encode.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,54 +0,0 @@ -'\" t -.\" Title: sc_asn1_encode -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_ASN1_ENCODE" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_asn1_encode \- Encode ASN\&.1 entries into a stream -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_asn1_encode(struct sc_context *ctx, const struct sc_asn1_entry *asn1, - unsigned char **newbuf, size_t *size); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function encodes an array of entries pointed to by -\fIasn1\fR -and terminated by a NULL entry (i\&.e\&. where the -\fIname\fR -field of the entry is NULL) into a newly allocated buffer\&. -.PP -The new buffer containing the ASN\&.1 stream will be stored in -\fInewbuf\fR, and the size of this buffer is stored in -\fIsize\fR\&. The application must free this buffer after use\&. -.SH "RETURN VALUE" -.PP -Returns 0 if successful, or a negative value in case of error\&. diff -Nru opensc-0.11.13/doc/man.out/sc_asn1_entry.3 opensc-0.12.1/doc/man.out/sc_asn1_entry.3 --- opensc-0.11.13/doc/man.out/sc_asn1_entry.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_asn1_entry.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,73 +0,0 @@ -'\" t -.\" Title: sc_asn1_entry -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_ASN1_ENTRY" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_asn1_entry \- OpenSC ASN1 entry structure -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -struct sc_asn1_entry { - const char *name; - unsigned int type; - unsigned int tag; - unsigned int flags; - void *parm; - void *arg; -}; - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This structure describes an ASN1 entry structure\&. It contains the following members: -.PP -\fIname\fR -.RS 4 -.RE -.PP -\fItype\fR -.RS 4 -.RE -.PP -\fItag\fR -.RS 4 -.RE -.PP -\fIflags\fR -.RS 4 -.RE -.PP -\fIparm\fR -.RS 4 -.RE -.PP -\fIarg\fR -.RS 4 -.RE diff -Nru opensc-0.11.13/doc/man.out/sc_asn1_find_tag.3 opensc-0.12.1/doc/man.out/sc_asn1_find_tag.3 --- opensc-0.11.13/doc/man.out/sc_asn1_find_tag.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_asn1_find_tag.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,53 +0,0 @@ -'\" t -.\" Title: sc_asn1_find_tag -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_ASN1_FIND_TAG" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_asn1_find_tag \- Find a tag in an ASN\&.1 stream -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -const unsigned char *sc_asn1_find_tag(struct sc_context *ctx, - const unsigned char *buf, size_t buflen, - unsigned int tag_in, size_t *taglen_in); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function tries to find an ASN\&.1 tag matching -\fItag_in\fR -in the buffer pointed to by -\fIbuf\fR, which is of size -\fIbuflen\fR\&. The buffer should contain a series of ASN\&.1 entries\&. -.SH "RETURN VALUE" -.PP -If the specified tag was not found, NULL is returned\&. If found, the address where it was found is returned, and -\fItaglen_in\fR -is set to the length of the found tag\&. diff -Nru opensc-0.11.13/doc/man.out/sc_asn1_print_tags.3 opensc-0.12.1/doc/man.out/sc_asn1_print_tags.3 --- opensc-0.11.13/doc/man.out/sc_asn1_print_tags.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_asn1_print_tags.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,44 +0,0 @@ -'\" t -.\" Title: sc_asn1_print_tags -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_ASN1_PRINT_TAGS" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_asn1_print_tags \- Print an ASN\&.1 stream to stdout -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -void sc_asn1_print_tags(const unsigned char *buf, size_t buflen); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function prints the ASN\&.1 stream pointed to by -\fIbuf\fR, which is of size -\fIbuflen\fR, to stdout\&. This is useful for debugging\&. diff -Nru opensc-0.11.13/doc/man.out/sc_asn1_put_tag.3 opensc-0.12.1/doc/man.out/sc_asn1_put_tag.3 --- opensc-0.11.13/doc/man.out/sc_asn1_put_tag.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_asn1_put_tag.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,58 +0,0 @@ -'\" t -.\" Title: sc_asn1_put_tag -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_ASN1_PUT_TAG" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_asn1_put_tag \- Construct an ASN\&.1 entry in a buffer -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_asn1_put_tag(int tag, const unsigned char *data, int datalen, - unsigned char *out, int outlen, unsigned char **nextbuf); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function constructs a single entry in an ASN\&.1 stream, at the buffer pointed to by -\fIout\fR -(which is -\fIoutlen\fR -bytes long)\&. The tag to be used is in -\fItag\fR, and the entry payload is pointed to by -\fIdata\fR, which is -\fIdatalen\fR -bytes long\&. -.PP -If -\fInextbuf\fR -is not NULL, it will be filled in with a pointer to the buffer address immediately following the newly copied entry\&. -.SH "RETURN VALUE" -.PP -Returns 0 if successful, or a negative value in case of error\&. diff -Nru opensc-0.11.13/doc/man.out/sc_asn1_read_tag.3 opensc-0.12.1/doc/man.out/sc_asn1_read_tag.3 --- opensc-0.11.13/doc/man.out/sc_asn1_read_tag.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_asn1_read_tag.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,52 +0,0 @@ -'\" t -.\" Title: sc_asn1_read_tag -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_ASN1_READ_TAG" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_asn1_read_tag \- Extract a tag from an ASN\&.1 entry -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_asn1_read_tag(const unsigned char **buf, size_t buflen, - unsigned int *cla_out, unsigned int *tag_out, size_t *taglen); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function extracts a tag from an ASN\&.1 entry at the buffer pointed to by the pointer in -\fIbuf\fR\&. The buffer is -\fIbuflen\fR -bytes long\&. The tag class will be stored in -\fIcla_out\fR, the tag itself in -\fItag_out\fR, and the length of the extracted tag in -\fItag_len\fR\&. -.SH "RETURN VALUE" -.PP -Returns 1 if successful, or \-1 in case of error\&. diff -Nru opensc-0.11.13/doc/man.out/sc_asn1_skip_tag.3 opensc-0.12.1/doc/man.out/sc_asn1_skip_tag.3 --- opensc-0.11.13/doc/man.out/sc_asn1_skip_tag.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_asn1_skip_tag.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,47 +0,0 @@ -'\" t -.\" Title: sc_asn1_skip_tag -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_ASN1_SKIP_TAG" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_asn1_skip_tag -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -const unsigned char *sc_asn1_skip_tag(struct sc_context *ctx, - const unsigned char **buf, size_t *buflen, - unsigned int tag_in, size_t *taglen_out); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -.PP -.SH "RETURN VALUE" -.PP - diff -Nru opensc-0.11.13/doc/man.out/sc_asn1_verify_tag.3 opensc-0.12.1/doc/man.out/sc_asn1_verify_tag.3 --- opensc-0.11.13/doc/man.out/sc_asn1_verify_tag.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_asn1_verify_tag.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,46 +0,0 @@ -'\" t -.\" Title: sc_asn1_verify_tag -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_ASN1_VERIFY_TAG" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_asn1_verify_tag \- Verify validity of an ASN\&.1 tag -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -const unsigned char *sc_asn1_verify_tag(struct sc_context *ctx, - const unsigned char *buf, size_t buflen, - unsigned int tag_in, size_t *taglen_out); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This is an alias for the -sc_asn1_skip_tag() -function\&. diff -Nru opensc-0.11.13/doc/man.out/sc_base64_decode.3 opensc-0.12.1/doc/man.out/sc_base64_decode.3 --- opensc-0.11.13/doc/man.out/sc_base64_decode.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_base64_decode.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,51 +0,0 @@ -'\" t -.\" Title: sc_base64_decode -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_BASE64_DECODE" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_base64_decode \- Decode a base64 stream -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_base64_decode(const char *inbuf, - unsigned char *outbuf, size_t outlen); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function decodes the base64 stream in -\fIinbuf\fR, which is NULL\-terminated, to the buffer pointed to by -\fIoutbuf\fR -(which is -\fIoutlen\fR -bytes long); -.SH "RETURN VALUE" -.PP -Returns 0 if successful, or a negative value in case of error\&. diff -Nru opensc-0.11.13/doc/man.out/sc_base64_encode.3 opensc-0.12.1/doc/man.out/sc_base64_encode.3 --- opensc-0.11.13/doc/man.out/sc_base64_encode.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_base64_encode.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,61 +0,0 @@ -'\" t -.\" Title: sc_base64_encode -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_BASE64_ENCODE" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_base64_encode \- Encode a stream to base64 -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_base64_encode(const unsigned char *inbuf, size_t inlen, - unsigned char *outbuf, size_t outlen, - size_t linelength); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function encodes the buffer pointed to by -\fIinbuf\fR -of size -\fIinlen\fR -as base64, and stores the result in -\fIoutbuf\fR, which is -\fIoutlen\fR -bytes long\&. A linefeed (\en) will be inserted every -\fIlinelength\fR -bytes in the output buffer\&. -.PP -You must ensure -\fIoutbuf\fR -has enough space to store the base64\-encoded version of -\fIinbuf\fR\&. -.SH "RETURN VALUE" -.PP -Returns 0 if successful, or a negative value in case of error\&. diff -Nru opensc-0.11.13/doc/man.out/sc_card_ctl.3 opensc-0.12.1/doc/man.out/sc_card_ctl.3 --- opensc-0.11.13/doc/man.out/sc_card_ctl.3 2010-02-16 09:35:15.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_card_ctl.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,51 +0,0 @@ -'\" t -.\" Title: sc_card_ctl -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_CARD_CTL" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_card_ctl \- Send a control command to a card -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_card_ctl(struct sc_card *card, unsigned long cmd, void *args); - - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function is used to send various control commands to the smart card associated with -\fIcard\fR\&. The command is specified in -\fIcmd\fR, and any command\-specific arguments are pointed to by -\fIargs\fR\&. -.PP -Commands are specific to cards\&. For more details on which cards accept which commands, check the documentation for your card\&. -.SH "RETURN VALUE" -.PP -Returns 0 if successful, or a negative value in case of error\&. diff -Nru opensc-0.11.13/doc/man.out/sc_card_t.3 opensc-0.12.1/doc/man.out/sc_card_t.3 --- opensc-0.11.13/doc/man.out/sc_card_t.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_card_t.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,80 +0,0 @@ -'\" t -.\" Title: sc_card_t -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_CARD_T" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_card_t \- OpenSC card structure -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -#define SC_MAX_ATR_SIZE 33 -#define SC_MAX_CARD_APPS 8 - -typedef struct sc_card { - struct sc_context *ctx; - struct sc_reader *reader; - struct sc_slot_info *slot; - struct sc_app_info *app[SC_MAX_CARD_APPS]; - unsigned char atr[SC_MAX_ATR_SIZE]; - size_t atr_len; -} sc_card_t; - - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This structure describes a smart card object\&. It contains the following members: -.PP -\fIctx\fR -.RS 4 -The context this card is associated with\&. -.RE -.PP -\fIreader\fR -.RS 4 -The reader this card is inserted into\&. -.RE -.PP -\fIslot\fR -.RS 4 -The slot on the reader this card is inserted into\&. -.RE -.PP -\fIatr\fR -.RS 4 -The ATR (Answer To Reset) of the card\&. -.RE -.PP -\fIatr_len\fR -.RS 4 -The length of the -\fIatr\fR -field -.RE diff -Nru opensc-0.11.13/doc/man.out/sc_card_valid.3 opensc-0.12.1/doc/man.out/sc_card_valid.3 --- opensc-0.11.13/doc/man.out/sc_card_valid.3 2010-02-16 09:35:15.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_card_valid.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,51 +0,0 @@ -'\" t -.\" Title: sc_card_valid -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_CARD_VALID" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_card_valid \- Check if a card is valid -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_card_valid(const sc_card_t *card); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -Checks if -\fIcard\fR -is a valid -sc_card_t -object\&. Mostly used internally by the library\&. -.SH "RETURN VALUE" -.PP -Returns 1 if -\fIcard\fR -is a valid object\&. diff -Nru opensc-0.11.13/doc/man.out/sc_check_sw.3 opensc-0.12.1/doc/man.out/sc_check_sw.3 --- opensc-0.11.13/doc/man.out/sc_check_sw.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_check_sw.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,58 +0,0 @@ -'\" t -.\" Title: sc_check_sw -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_CHECK_SW" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_check_sw \- Check return status from a card transaction -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_check_sw(struct sc_card *card, int sw1, int sw2); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function checks the return status as given in -\fIsw1\fR -and -\fIsw2\fR -against the card\-specific errors of -\fIcard\fR\&. These are set by -sc_transmit_apdu() -in the -\fIapdu\&.sw1\fR -and -\fIapdu\&.sw2\fR -fields, respectively\&. -.PP -The function should be called after every APDU transmission, to convert the card\'s status code to an OpenSC error code\&. -.SH "RETURN VALUE" -.PP -Returns 0 if successful, or a negative value in case of error\&. diff -Nru opensc-0.11.13/doc/man.out/sc_connect_card.3 opensc-0.12.1/doc/man.out/sc_connect_card.3 --- opensc-0.11.13/doc/man.out/sc_connect_card.3 2010-02-16 09:35:15.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_connect_card.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,55 +0,0 @@ -'\" t -.\" Title: sc_connect_card -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_CONNECT_CARD" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_connect_card \- Connect to smart card in reader -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_connect_card(sc_reader_t *reader, int slot, sc_card_t **card); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function connects to a card in a reader, resets the card and retrieves the ATR (Answer To Reset)\&. Based on the ATR, it tries to auto\-detect which card driver to use\&. -.PP -The -\fIslot\fR -parameter identifies the card reader\'s slot\&. Slots are numbered consecutively, starting at 0\&. -.PP -If OpenSC was able to connect to the card, a pointer to the sc_card_t object is stored in the location pointer to by the -\fIcard\fR -parameter\&. The card handle should be released with -sc_disconnect_card -when no longer in use\&. -.SH "RETURN VALUE" -.PP -Returns 0 if successful, or a negative value in case of error\&. diff -Nru opensc-0.11.13/doc/man.out/sc_copy_asn1_entry.3 opensc-0.12.1/doc/man.out/sc_copy_asn1_entry.3 --- opensc-0.11.13/doc/man.out/sc_copy_asn1_entry.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_copy_asn1_entry.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,50 +0,0 @@ -'\" t -.\" Title: sc_copy_asn1_entry -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_COPY_ASN1_ENTRY" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_copy_asn1_entry \- Copy an ASN\&.1 entry -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -void sc_copy_asn1_entry(const struct sc_asn1_entry *src, struct sc_asn1_entry *dest); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function copies an array of -struct sc_asn1_entry -entries pointed to be -\fIsrc\fR -to -\fIdest\fR\&. The array must be NULL\-terminated (that is, the last entry must have its -\fIname\fR -field set to NULL)\&. There must be enough space available in -\fIdest\fR\&. diff -Nru opensc-0.11.13/doc/man.out/sc_create_file.3 opensc-0.12.1/doc/man.out/sc_create_file.3 --- opensc-0.11.13/doc/man.out/sc_create_file.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_create_file.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,47 +0,0 @@ -'\" t -.\" Title: sc_create_file -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_CREATE_FILE" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_create_file \- Create a file object -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_create_file(sc_card_t *card, sc_file_t *file); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function creates a file on -\fIcard\fR\&. The -\fIfile\fR -must have been created with a call to -sc_file_new() -beforehand\&. diff -Nru opensc-0.11.13/doc/man.out/sc_delete_file.3 opensc-0.12.1/doc/man.out/sc_delete_file.3 --- opensc-0.11.13/doc/man.out/sc_delete_file.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_delete_file.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,48 +0,0 @@ -'\" t -.\" Title: sc_delete_file -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_DELETE_FILE" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_delete_file \- Delete a file -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_delete_file(struct sc_card *card, const struct sc_path *path); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function deletes a file specified by -\fIpath\fR -on -\fIcard\fR\&. -.SH "RETURN VALUE" -.PP -Returns 0 if successful, or a negative value in case of error\&. diff -Nru opensc-0.11.13/doc/man.out/sc_delete_record.3 opensc-0.12.1/doc/man.out/sc_delete_record.3 --- opensc-0.11.13/doc/man.out/sc_delete_record.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_delete_record.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,48 +0,0 @@ -'\" t -.\" Title: sc_delete_record -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_DELETE_RECORD" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_delete_record \- Delete a record from a file -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_delete_record(struct sc_card *card, unsigned int rec_nr); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function deletes a record specified by -\fIrec_nr\fR -on -\fIcard\fR\&. This is not a standard ISO 7816 operation, and is currently only supported on the Oberthur smart cards\&. -.SH "RETURN VALUE" -.PP -Returns 0 if successful, or a negative value in case of error\&. diff -Nru opensc-0.11.13/doc/man.out/sc_der_clear.3 opensc-0.12.1/doc/man.out/sc_der_clear.3 --- opensc-0.11.13/doc/man.out/sc_der_clear.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_der_clear.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,43 +0,0 @@ -'\" t -.\" Title: sc_der_clear -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_DER_CLEAR" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_der_clear \- Clear DER structure -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -void sc_der_clear(sc_pkcs15_der_t *der); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function clears the OpenSC DER structure pointed to by -\fIder\fR\&. diff -Nru opensc-0.11.13/doc/man.out/sc_der_copy.3 opensc-0.12.1/doc/man.out/sc_der_copy.3 --- opensc-0.11.13/doc/man.out/sc_der_copy.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_der_copy.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,45 +0,0 @@ -'\" t -.\" Title: sc_der_copy -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_DER_COPY" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_der_copy \- Copy a DER structure -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -void sc_der_copy(sc_pkcs15_der_t *dst, const sc_pkcs15_der_t *src); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function copies the OpenSC DER structure pointed to by -\fIsrc\fR -to -\fIdst\fR, which must point to enough space to hold this structure\&. diff -Nru opensc-0.11.13/doc/man.out/sc_detect_card_presence.3 opensc-0.12.1/doc/man.out/sc_detect_card_presence.3 --- opensc-0.11.13/doc/man.out/sc_detect_card_presence.3 2010-02-16 09:35:15.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_detect_card_presence.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,48 +0,0 @@ -'\" t -.\" Title: sc_detect_card_presence -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_DETECT_CARD_PRESE" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_detect_card_presence \- Detect presence of smart card in a reader -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_detect_card_presence(sc_reader_t *reader, int slot_id); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function checks whether -\fIreader\fR -has a card present in -\fIslot_id\fR\&. -.SH "RETURN VALUE" -.PP -If an error occurred, the return value is a a negative OpenSC error code\&. If no card is present, 0 is returned\&. Otherwise, a positive value is returned, which is a combination of flags\&. The flag SC_SLOT_CARD_PRESENT is always set\&. In addition, if the card was exchanged, the SC_SLOT_CARD_CHANGED flag is set\&. diff -Nru opensc-0.11.13/doc/man.out/sc_disconnect_card.3 opensc-0.12.1/doc/man.out/sc_disconnect_card.3 --- opensc-0.11.13/doc/man.out/sc_disconnect_card.3 2010-02-16 09:35:15.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_disconnect_card.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,52 +0,0 @@ -'\" t -.\" Title: sc_disconnect_card -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_DISCONNECT_CARD" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_disconnect_card \- Disconnect from a smart card -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_disconnect_card(sc_card_t *card, int action); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function disconnects from -\fIcard\fR, and frees the card structure\&. Any locks made by the application must be released before calling this function\&. -.PP -The -\fIaction\fR -parameter is not used at the moment and should be set to 0\&. -.PP -The card is not reset nor powered down after the operation\&. -.SH "RETURN VALUE" -.PP -Returns 0 if successful, or a negative value in case of error\&. diff -Nru opensc-0.11.13/doc/man.out/sc_enum_apps.3 opensc-0.12.1/doc/man.out/sc_enum_apps.3 --- opensc-0.11.13/doc/man.out/sc_enum_apps.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_enum_apps.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,49 +0,0 @@ -'\" t -.\" Title: sc_enum_apps -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_ENUM_APPS" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_enum_apps \- Enumerate the applications on a card -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_enum_apps(struct sc_card *card); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function enumerates the applications on -\fIcard\fR, and stores them in the structure\&. The list of applications can then later be searched with -sc_find_app_by_aid() -or -sc_find_pkcs15_app()\&. -.SH "RETURN VALUE" -.PP -Returns the number of applications on the card, or a negative value in case of error\&. diff -Nru opensc-0.11.13/doc/man.out/sc_establish_context.3 opensc-0.12.1/doc/man.out/sc_establish_context.3 --- opensc-0.11.13/doc/man.out/sc_establish_context.3 2010-02-16 09:35:15.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_establish_context.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,106 +0,0 @@ -'\" t -.\" Title: sc_establish_context -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_ESTABLISH_CONTEXT" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_establish_context \- Establish an OpenSC context -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_establish_context(sc_context_t **ctx, - const char *appname); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function establishes an OpenSC context\&. This context is required in all subsequent calls to OpenSC functions\&. -.PP - -\fIctx\fR -is a pointer to a pointer that will receive the allocated context\&. -.PP - -\fIappname\fR -is a string that identifies the application\&. This string will be used to apply application\-specific settings from the opensc\&.conf configuration file\&. If NULL is passed, only the settings specified in the default section apply; otherwise, settings from the section identified by -\fIappname\fR -will be applied as well\&. -.PP -The -sc_context -structure contains the following members: -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#define SC_MAX_READERS 16 - -typedef struct sc_context { - struct sc_reader *reader[SC_MAX_READERS]; - int reader_count; -} sc_context_t; - -.fi -.if n \{\ -.RE -.\} -.PP -The -\fIreader_count\fR -field contains the number of readers found\&. Information on the individual card readers is stored in -\fIsc_reader\fR -objects, defined as follows: -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -typedef struct sc_reader { - char *name; - int slot_count; -}; sc_reader_t; - -.fi -.if n \{\ -.RE -.\} -.PP -In this structure, -\fIname\fR -contains a printable name of the reader, and -\fIslot_count\fR -has the number of slots supported by this device\&. -.SH "RETURN VALUE" -.PP -Returns 0 if successful, or a negative value in case of error\&. diff -Nru opensc-0.11.13/doc/man.out/sc_file_dup.3 opensc-0.12.1/doc/man.out/sc_file_dup.3 --- opensc-0.11.13/doc/man.out/sc_file_dup.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_file_dup.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,47 +0,0 @@ -'\" t -.\" Title: sc_file_dup -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_FILE_DUP" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_file_dup \- Duplicate a file object -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -void sc_file_dup(sc_file_t **dest, const sc_file_t *src) - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function creates a new file object, duplicates all file information from -\fIsrc\fR -into it, and stores it in the pointer pointed to by -\fIdest\fR\&. This object must be released with -sc_file_free() -after use\&. diff -Nru opensc-0.11.13/doc/man.out/sc_file_free.3 opensc-0.12.1/doc/man.out/sc_file_free.3 --- opensc-0.11.13/doc/man.out/sc_file_free.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_file_free.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,43 +0,0 @@ -'\" t -.\" Title: sc_file_free -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_FILE_FREE" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_file_free \- Free file object -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -void sc_file_free(sc_file_t *file); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function releases a file object previously allocated by -sc_select_file()\&. diff -Nru opensc-0.11.13/doc/man.out/sc_file_new.3 opensc-0.12.1/doc/man.out/sc_file_new.3 --- opensc-0.11.13/doc/man.out/sc_file_new.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_file_new.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,43 +0,0 @@ -'\" t -.\" Title: sc_file_new -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_FILE_NEW" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_file_new \- Create a file object -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -sc_file_t *sc_file_new(void); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function creates an empty OpenSC file object, which can later be passed to -sc_create_file()\&. diff -Nru opensc-0.11.13/doc/man.out/sc_file_t.3 opensc-0.12.1/doc/man.out/sc_file_t.3 --- opensc-0.11.13/doc/man.out/sc_file_t.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_file_t.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,112 +0,0 @@ -'\" t -.\" Title: sc_file_t -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_FILE_T" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_file_t \- OpenSC file structure -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -typedef struct sc_file { - struct sc_path path; - int type, ef_structure; - size_t size; - int id; - - /* record structured files only */ - int record_length; - int record_count; -} sc_file_t; - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This structure describes a file object on a smart card\&. It contains the following members: -.PP -\fIpath\fR -.RS 4 -This is full the path to the file, starting at the MF\&. -.RE -.PP -\fItype\fR -.RS 4 -This is the file type\&. It can be one of -SC_FILE_TYPE_DF, -SC_FILE_TYPE_WORKING_EF, or -SC_FILE_TYPE_INTERNAL_EF\&. The latter is used by some cards only, and you normally shouldn\'t have to deal with these files\&. -.RE -.PP -\fIef_structure\fR -.RS 4 -For elementary files (EFs), this field describes the file\'s structure\&. It can be one of: -.RS 4 -SC_FILE_EF_TRANSPARENT -.RE -.RS 4 -SC_FILE_EF_LINEAR_FIXED -.RE -.RS 4 -SC_FILE_EF_LINEAR_FIXED_TLV -.RE -.RS 4 -SC_FILE_EF_LINEAR_VARIABLE -.RE -.RS 4 -SC_FILE_EF_LINEAR_VARIABLE_TLV -.RE -.RS 4 -SC_FILE_EF_CYCLIC -.RE -.RS 4 -SC_FILE_EF_CYCLIC_TLV -.RE -.RS 4 -SC_FILE_EF_UNKNOWN -.RE -.RE -.PP -\fIsize\fR -.RS 4 -gives the file\'s size in bytes\&. -.RE -.PP -\fIid\fR -.RS 4 -gives the file\'s ID, as a 16\-bit number\&. -.RE -.PP -\fIrecord_count, record_length\fR -.RS 4 -For record structured files, -\fIrecord_sount\fR -specifies the number of records in the file\&. For files with fixed length records, -\fIrecord_length\fR -contains the record length\&. -.RE diff -Nru opensc-0.11.13/doc/man.out/sc_find_app_by_aid.3 opensc-0.12.1/doc/man.out/sc_find_app_by_aid.3 --- opensc-0.11.13/doc/man.out/sc_find_app_by_aid.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_find_app_by_aid.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,58 +0,0 @@ -'\" t -.\" Title: sc_find_app_by_aid -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_FIND_APP_BY_AID" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_find_app_by_aid \- Find an application on a card -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -const sc_app_info_t *sc_find_app_by_aid(sc_card_t *card, - const unsigned char *aid, - size_t aid_len); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function finds an application on -\fIcard\fR -by its -\fIaid\fR\&. The AID\'s length is specified in -\fIaid_len\fR\&. -.PP -Before calling this function, you MUST call -sc_enum_apps() -first\&. -.SH "RETURN VALUE" -.PP -Returns a -sc_app_info_t -structure describing the application corresponding to -\fIaid\fR, or NULL if none was found\&. diff -Nru opensc-0.11.13/doc/man.out/sc_find_pkcs15_app.3 opensc-0.12.1/doc/man.out/sc_find_pkcs15_app.3 --- opensc-0.11.13/doc/man.out/sc_find_pkcs15_app.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_find_pkcs15_app.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,52 +0,0 @@ -'\" t -.\" Title: sc_find_pkcs15_app -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_FIND_PKCS15_APP" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_find_pkcs15_app \- Find a PKCS#15 application on a card -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -const sc_app_info_t *sc_find_pkcs15_app(sc_card_t *card); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function attempts to find a PKCS#15 application on -\fIcard\fR\&. Currently, this means either a standard PKCS#15 implementation or a Belgian eID\&. -.PP -Before calling this function, you MUST call -sc_enum_apps() -first\&. -.SH "RETURN VALUE" -.PP -Returns a -sc_app_info_t -structure describing the PKCS#15 application, or NULL if none was found\&. diff -Nru opensc-0.11.13/doc/man.out/sc_format_apdu.3 opensc-0.12.1/doc/man.out/sc_format_apdu.3 --- opensc-0.11.13/doc/man.out/sc_format_apdu.3 2010-02-16 09:35:15.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_format_apdu.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,52 +0,0 @@ -'\" t -.\" Title: sc_format_apdu -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_FORMAT_APDU" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_format_apdu \- Populate an APDU structure -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -void sc_format_apdu(struct sc_card *card, sc_apdu_t *apdu, - int cse, int ins, int p1, int p2); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function populates the sc_apdu_t structure pointed to by -\fIapdu\fR -on -\fIcard\fR\&. It does not allocate memory\&. The -\fIcse\fR, -\fIins\fR, -\fIp1\fR -and -\fIp2\fR -parameters correspond to the respective APDU parameters as described in the ISO 7816 standard\&. diff -Nru opensc-0.11.13/doc/man.out/sc_format_asn1_entry.3 opensc-0.12.1/doc/man.out/sc_format_asn1_entry.3 --- opensc-0.11.13/doc/man.out/sc_format_asn1_entry.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_format_asn1_entry.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,48 +0,0 @@ -'\" t -.\" Title: sc_format_asn1_entry -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_FORMAT_ASN1_ENTRY" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_format_asn1_entry \- Fill in an ASN\&.1 entry structure -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -void sc_format_asn1_entry(struct sc_asn1_entry *entry, void *parm, void *arg, int set_present); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function stores the -\fIparm\fR -and -\fIarg\fR -pointers in the -struct sc_asn1_entry -\fIentry\fR\&. No checking is done\&. Since the pointers are copied directly, the storage they point to must not be freed by the calling application until the entry itself is destroyed\&. diff -Nru opensc-0.11.13/doc/man.out/sc_free_apps.3 opensc-0.12.1/doc/man.out/sc_free_apps.3 --- opensc-0.11.13/doc/man.out/sc_free_apps.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_free_apps.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,44 +0,0 @@ -'\" t -.\" Title: sc_free_apps -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_FREE_APPS" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_free_apps \- Free application list -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -void sc_free_apps(struct sc_card *card); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This functions releases all memory associated with the list of applications on -\fIcard\fR, as obtained by a call to -sc_enum_apps()\&. diff -Nru opensc-0.11.13/doc/man.out/sc_get_cache_dir.3 opensc-0.12.1/doc/man.out/sc_get_cache_dir.3 --- opensc-0.11.13/doc/man.out/sc_get_cache_dir.3 2010-02-16 09:35:15.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_get_cache_dir.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,48 +0,0 @@ -'\" t -.\" Title: sc_get_cache_dir -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_GET_CACHE_DIR" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_get_cache_dir \- Get the OpenSC cache directory -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_get_cache_dir(struct sc_context *ctx, char *buf, size_t bufsize); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function stores the OpenSC cache directory for the current user in the buffer pointed to by -\fIbuf\fR, which is -\fIbufsize\fR -bytes long\&. -.SH "RETURN VALUE" -.PP -Returns 0 if successful, or a negative value in case of error\&. diff -Nru opensc-0.11.13/doc/man.out/sc_get_challenge.3 opensc-0.12.1/doc/man.out/sc_get_challenge.3 --- opensc-0.11.13/doc/man.out/sc_get_challenge.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_get_challenge.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,49 +0,0 @@ -'\" t -.\" Title: sc_get_challenge -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_GET_CHALLENGE" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_get_challenge \- Request a challenge from a card -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_get_challenge(struct sc_card *card, unsigned char *rnd, size_t len); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function requests a challenge (i\&.e\&. random bytes) from -\fIcard\fR\&. The returned data will be stored in -\fIrnd\fR, and will be -\fIlen\fR -bytes long\&. -.SH "RETURN VALUE" -.PP -Returns 0 if successful, or a negative value in case of error\&. diff -Nru opensc-0.11.13/doc/man.out/sc_get_data.3 opensc-0.12.1/doc/man.out/sc_get_data.3 --- opensc-0.11.13/doc/man.out/sc_get_data.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_get_data.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,54 +0,0 @@ -'\" t -.\" Title: sc_get_data -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_GET_DATA" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_get_data \- Get a primitive data object from a card -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_get_data(sc_card_t *card, unsigned int tag, - unsigned char *buf, size_t buflen); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function is used to retrieve a primitive data object from -\fIcard\fR\&. It corresponds to the GET DATA command in the ISO 7816 standard\&. The data is stored in -\fIbuf\fR, which is -\fIbuflen\fR -bytes long\&. -.PP -The -\fItag\fR -parameter specifies the object to be retrieved\&. Refer to the standard for the correct values to use\&. -.SH "RETURN VALUE" -.PP -Returns 0 if successful, or a negative value in case of error\&. diff -Nru opensc-0.11.13/doc/man.out/sc_list_files.3 opensc-0.12.1/doc/man.out/sc_list_files.3 --- opensc-0.11.13/doc/man.out/sc_list_files.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_list_files.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,49 +0,0 @@ -'\" t -.\" Title: sc_list_files -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_LIST_FILES" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_list_files \- List files -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_list_files(struct sc_card *card, unsigned char *buf, size_t buflen); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function lists all files in the currently selected DF, and stores the file IDs as big\-endian 16\-bit words in -\fIbuffer\fR, which is -\fIbuflen\fR -bytes long\&. If the supplied buffer is too small to hold all file IDs, the listing is silently truncated\&. -.SH "RETURN VALUE" -.PP -Returns the number of bytes stored in -\fIbuffer\fR, or a negative value in case of error\&. diff -Nru opensc-0.11.13/doc/man.out/sc_lock.3 opensc-0.12.1/doc/man.out/sc_lock.3 --- opensc-0.11.13/doc/man.out/sc_lock.3 2010-02-16 09:35:15.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_lock.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,45 +0,0 @@ -'\" t -.\" Title: sc_lock -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_LOCK" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_lock \- Lock a card for exclusive use -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_lock(struct sc_card *card); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function locks the card against modification from other threads or processes\&. The function may be called several times; a counter will be increased, and the card will be unlocked only when this counter reaches zero\&. -.SH "RETURN VALUE" -.PP -Returns 0 on success, or a negative value in case of error\&. diff -Nru opensc-0.11.13/doc/man.out/sc_make_cache_dir.3 opensc-0.12.1/doc/man.out/sc_make_cache_dir.3 --- opensc-0.11.13/doc/man.out/sc_make_cache_dir.3 2010-02-16 09:35:15.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_make_cache_dir.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,45 +0,0 @@ -'\" t -.\" Title: sc_make_cache_dir -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_MAKE_CACHE_DIR" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_make_cache_dir \- Create the OpenSC cache directory -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_make_cache_dir(struct sc_context *ctx); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function creates the OpenSC cache directory for the current user, and any directories leading up to it\&. -.SH "RETURN VALUE" -.PP -Returns 0 if successful, or a negative value in case of error\&. diff -Nru opensc-0.11.13/doc/man.out/sc_put_data.3 opensc-0.12.1/doc/man.out/sc_put_data.3 --- opensc-0.11.13/doc/man.out/sc_put_data.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_put_data.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,54 +0,0 @@ -'\" t -.\" Title: sc_put_data -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_PUT_DATA" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_put_data \- Store a primitive data object on a card -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_put_data(sc_card_t *card, unsigned int tag, - const unsigned char *buf, size_t len); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function is used to store a primitive data object on -\fIcard\fR\&. It corresponds to the PUT DATA command in the ISO 7816 standard\&. The data to be sent to the card is stored in -\fIbuf\fR, which is -\fIbuflen\fR -bytes long\&. -.PP -The -\fItag\fR -parameter specifies the object to be stored\&. Refer to the standard for the correct values to use\&. -.SH "RETURN VALUE" -.PP -Returns 0 if successful, or a negative value in case of error\&. diff -Nru opensc-0.11.13/doc/man.out/sc_read_binary.3 opensc-0.12.1/doc/man.out/sc_read_binary.3 --- opensc-0.11.13/doc/man.out/sc_read_binary.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_read_binary.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,61 +0,0 @@ -'\" t -.\" Title: sc_read_binary -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_READ_BINARY" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_read_binary \- Read a file -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_read_binary(struct sc_card *card, unsigned int offset, - unsigned char *buf, size_t count, - unsigned long flags); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function reads from a transparent elementary file (EF) on -\fIcard\fR\&. It corresponds to the ISO 7816 READ BINARY function\&. Call -sc_select_file() -first to select the file to read from\&. -.PP -The data read from the file is stored in -\fIbuf\fR, which is -\fIcount\fR -bytes long\&. -.PP -The -\fIoffset\fR -argument specifies the file offset in bytes\&. The -\fIflags\fR -argument is currently not used, and should be set to 0\&. -.SH "RETURN VALUE" -.PP -If successful, the number of bytes read is returned\&. Otherwise, a negative value is returned\&. diff -Nru opensc-0.11.13/doc/man.out/sc_read_record.3 opensc-0.12.1/doc/man.out/sc_read_record.3 --- opensc-0.11.13/doc/man.out/sc_read_record.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_read_record.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,64 +0,0 @@ -'\" t -.\" Title: sc_read_record -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_READ_RECORD" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_read_record \- Read a record from a file -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_read_record(struct sc_card *card, unsigned int record, - unsigned char *buf, size_t buflen, - unsigned long flags); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function reads a record\-structured elementary file (EF) from -\fIcard\fR\&. The function corresponds to the ISO 7816 READ RECORD function\&. Call -sc_select_file() -first to select the file to read from\&. -.PP - -\fIrecord\fR -specifies the ID of the record to be read, or, if -\fIflags\fR -is set to -SC_RECORD_BY_REC_NR, the record number\&. If -\fIrecord\fR -is set to zero, the current record will be read\&. -.PP -The read data is stored in -\fIbuf\fR, which is -\fIbuflen\fR -bytes long\&. -.SH "RETURN VALUE" -.PP -Returns the number of bytes read if successful, or a negative value in case of error\&. diff -Nru opensc-0.11.13/doc/man.out/sc_release_context.3 opensc-0.12.1/doc/man.out/sc_release_context.3 --- opensc-0.11.13/doc/man.out/sc_release_context.3 2010-02-16 09:35:15.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_release_context.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,48 +0,0 @@ -'\" t -.\" Title: sc_release_context -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_RELEASE_CONTEXT" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_release_context \- Release an OpenSC context -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_release_context(sc_context_t *ctx); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function releases OpenSC context -\fIctx\fR -previously obtained through a call to -sc_establish_context()\&. No further calls to OpenSC using this context are possible after this\&. -.SH "RETURN VALUE" -.PP -This function always return 0, indicating success\&. diff -Nru opensc-0.11.13/doc/man.out/sc_select_file.3 opensc-0.12.1/doc/man.out/sc_select_file.3 --- opensc-0.11.13/doc/man.out/sc_select_file.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_select_file.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,61 +0,0 @@ -'\" t -.\" Title: sc_select_file -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_SELECT_FILE" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_select_file \- Select a file on a smart card -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_select_file(sc_card_t *card, - const sc_path_t *path, - sc_file_t **result); - - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function selects the file specified by -\fIpath\fR\&. If -\fIpath\fR -specifies a file within the currently selected DF, sc_select_file() will -\fInot\fR -select the MF first, but interpret the path relative to the current DF\&. It does this in order to prevent losing any authorizations previously established with the card (e\&.g\&. by presenting a PIN)\&. -.PP -If -\fIresult\fR -is not NULL, an -sc_file_t -object is created, and the pointer to this object is stored in the location pointed to by -\fIresult\fR\&. This handle should later be released using -sc_file_free()\&. -.SH "RETURN VALUE" -.PP -If an error occurred, a negative error code is returned\&. Otherwise, the function will return 0\&. diff -Nru opensc-0.11.13/doc/man.out/sc_set_card_driver.3 opensc-0.12.1/doc/man.out/sc_set_card_driver.3 --- opensc-0.11.13/doc/man.out/sc_set_card_driver.3 2010-02-16 09:35:15.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_set_card_driver.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,92 +0,0 @@ -'\" t -.\" Title: sc_set_card_driver -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_SET_CARD_DRIVER" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_set_card_driver \- Force the use of a specified smart card driver -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_set_card_driver(struct sc_context *ctx, const char *short_name); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function forces the use of a a specific card driver to be used in context -\fIctx\fR\&. The name of the driver is specified in -\fIshort_name\fR\&. Possible options are: -.RS 4 -etoken -.RE -.RS 4 -flex -.RE -.RS 4 -cyberflex -.RE -.RS 4 -gpk -.RE -.RS 4 -miocos -.RE -.RS 4 -mcrd -.RE -.RS 4 -setcos -.RE -.RS 4 -starcos -.RE -.RS 4 -tcos -.RE -.RS 4 -openpgp -.RE -.RS 4 -jcop -.RE -.RS 4 -oberthur -.RE -.RS 4 -belpic -.RE -.RS 4 -emv -.RE -.PP -This function only needs to be called if OpenSC fails to auto\-detect your card\&. If used, it should be called immediately after establishing a new context with -sc_establish_context(), but before doing anything else with the context\&. -.SH "RETURN VALUE" -.PP -If an error occurred, a negative value is returned indicating the error\&. Otherwise, 0 is returned\&. diff -Nru opensc-0.11.13/doc/man.out/sc_strerror.3 opensc-0.12.1/doc/man.out/sc_strerror.3 --- opensc-0.11.13/doc/man.out/sc_strerror.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_strerror.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,43 +0,0 @@ -'\" t -.\" Title: sc_strerror -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_STRERROR" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_strerror \- Return string describing error code -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -const char *sc_strerror(int error); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function returns a string describing -\fIerror\fR\&. It may be used with a negative errorcode returned by any OpenSC function call\&. diff -Nru opensc-0.11.13/doc/man.out/sc_transmit_apdu.3 opensc-0.12.1/doc/man.out/sc_transmit_apdu.3 --- opensc-0.11.13/doc/man.out/sc_transmit_apdu.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_transmit_apdu.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,48 +0,0 @@ -'\" t -.\" Title: sc_transmit_apdu -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_TRANSMIT_APDU" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_transmit_apdu \- Transmit an APDU structure -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_transmit_apdu(struct sc_card *card, sc_apdu_t *apdu); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function transmits the APDU in -\fIapdu\fR -to -\fIcard\fR\&. -.SH "RETURN VALUE" -.PP -Returns 0 if successful, or a negative value in case of error\&. diff -Nru opensc-0.11.13/doc/man.out/sc_unlock.3 opensc-0.12.1/doc/man.out/sc_unlock.3 --- opensc-0.11.13/doc/man.out/sc_unlock.3 2010-02-16 09:35:15.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_unlock.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,46 +0,0 @@ -'\" t -.\" Title: sc_unlock -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_UNLOCK" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_unlock \- Unlock a card -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_unlock(struct sc_card *card); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function unlocks -\fIcard\fR\&. That is, the lock count is decreased, and the card unlocked if it reaches zero\&. -.SH "RETURN VALUE" -.PP -Returns 0 if successful, or a negative value in case of error\&. diff -Nru opensc-0.11.13/doc/man.out/sc_update_binary.3 opensc-0.12.1/doc/man.out/sc_update_binary.3 --- opensc-0.11.13/doc/man.out/sc_update_binary.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_update_binary.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,63 +0,0 @@ -'\" t -.\" Title: sc_update_binary -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_UPDATE_BINARY" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_update_binary \- Write to an existing file -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_update_binary(struct sc_card *card, unsigned int offset, - const unsigned char *buf, size_t count, - unsigned long flags); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function writes -\fIcount\fR -bytes from the buffer pointed to by -\fIbuf\fR -to a transparent elementary file (EF) on -\fIcard\fR\&. It corresponds to the ISO 7816 UPDATE BINARY function\&. Call -sc_select_file() -first to select the file to write to\&. -.PP -This function can only be used to write to a file region previously written to\&. For writing to a newly created file, or a new region of an existing file, use -sc_write_binary()\&. -.PP -The -\fIoffset\fR -argument specifies the file offset in bytes\&. The -\fIflags\fR -argument is currently not used, and should be set to 0\&. -.SH "RETURN VALUE" -.PP -If successful, the number of bytes written is returned\&. Otherwise, a negative value is returned\&. diff -Nru opensc-0.11.13/doc/man.out/sc_update_dir.3 opensc-0.12.1/doc/man.out/sc_update_dir.3 --- opensc-0.11.13/doc/man.out/sc_update_dir.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_update_dir.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,52 +0,0 @@ -'\" t -.\" Title: sc_update_dir -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_UPDATE_DIR" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_update_dir \- Update application directory on a card -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_update_dir(sc_card_t *card, sc_app_info_t *app); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function updates the application directory on -\fIcard\fR\&. If the card has a record\-structured directory file, -\fIapp\fR -may contain the application to update\&. Otherwise, the entire directory file is updated\&. -.PP -Before calling this function, you MUST call -sc_enum_apps() -first\&. -.SH "RETURN VALUE" -.PP -Returns 0 if successful, or a negative value in case of error\&. diff -Nru opensc-0.11.13/doc/man.out/sc_update_record.3 opensc-0.12.1/doc/man.out/sc_update_record.3 --- opensc-0.11.13/doc/man.out/sc_update_record.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_update_record.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,67 +0,0 @@ -'\" t -.\" Title: sc_update_record -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_UPDATE_RECORD" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_update_record \- Write a record to an existing file -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_update_record(struct sc_card *card, unsigned int record, - const unsigned char *buf, size_t buflen, - unsigned long flags); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function writes a record that is -\fIbuflen\fR -bytes long from the buffer pointed to by -\fIbuf\fR -to a record\-structured elementary file (EF) on -\fIcard\fR\&. The function corresponds to the ISO 7816 UPDATE RECORD function\&. Call -sc_select_file() -first to select the file to write to\&. -.PP - -\fIrecord\fR -specifies the ID of the record to be written, or, if -\fIflags\fR -is set to -SC_RECORD_BY_REC_NR, the record number\&. If -\fIrecord\fR -is set to zero, the current record will be read\&. -.PP -This function can be used for overwriting existing records only; for appending to files, see the -sc_append_record() -function\&. -.SH "RETURN VALUE" -.PP -Returns the number of bytes written if successful, or a negative value in case of error\&. diff -Nru opensc-0.11.13/doc/man.out/sc_wait_for_event.3 opensc-0.12.1/doc/man.out/sc_wait_for_event.3 --- opensc-0.11.13/doc/man.out/sc_wait_for_event.3 2010-02-16 09:35:15.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_wait_for_event.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,74 +0,0 @@ -'\" t -.\" Title: sc_wait_for_event -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_WAIT_FOR_EVENT" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_wait_for_event \- Wait for an event on a smart card reader -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_wait_for_event(sc_reader_t *readers[], int slots[], size_t numslots, - unsigned int event_mask, - int *reader, unsigned int *event, int timeout); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function blocks until an event occurs on any of the readers/slots specified\&. The -\fIreaders\fR -and -\fIslots\fR -fields list the readers and respective slots to be watched\&. -\fInum_slots\fR -holds the total number of slots passed\&. The -\fIevent_mask\fR -parameter specifies the types of events to wait for\&. This may be a combination of the following flags: -.PP -SC_EVENT_CARD_REMOVED -.RS 4 -A card was removed from the reader/slot\&. -.RE -.PP -SC_EVENT_CARD_INSERTED -.RS 4 -A card was inserted into the reader/slot\&. -.RE -.PP -On returning, the -\fIreader\fR -parameter holds the reader which generated an event, and -\fIevent\fR -holds the event flag, as in -\fIevent_mask\fR\&. -.PP -The timeout parameter may be used to specify the maximum amount of time to wait for an event, in milliseconds\&. This may be set to \-1 to wait forever\&. -.SH "RETURN VALUE" -.PP -Returns 0 if successful, 1 if a timeout occurred, or a negative value in case of error\&. diff -Nru opensc-0.11.13/doc/man.out/sc_write_binary.3 opensc-0.12.1/doc/man.out/sc_write_binary.3 --- opensc-0.11.13/doc/man.out/sc_write_binary.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_write_binary.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,64 +0,0 @@ -'\" t -.\" Title: sc_write_binary -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_WRITE_BINARY" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_write_binary \- Write to a new file -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_write_binary(struct sc_card *card, unsigned int offset, - const unsigned char *buf, size_t count, - unsigned long flags); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function writes -\fIcount\fR -bytes from the buffer pointed to by -\fIbuf\fR -to a transparent elementary file (EF) on -\fIcard\fR\&. It corresponds to the ISO 7816 WRITE BINARY function\&. Call -sc_select_file() -first to select the file to write to\&. -.PP -This function is used to write to a newly created file, or to a a previously unused portion of a file\&. For updating an existing file, use the -sc_update_binary() -function\&. -.PP -The -\fIoffset\fR -argument specifies the file offset in bytes\&. The -\fIflags\fR -argument is currently not used, and should be set to 0\&. -.SH "RETURN VALUE" -.PP -If successful, the number of bytes written is returned\&. Otherwise, a negative value is returned\&. diff -Nru opensc-0.11.13/doc/man.out/sc_write_record.3 opensc-0.12.1/doc/man.out/sc_write_record.3 --- opensc-0.11.13/doc/man.out/sc_write_record.3 2010-02-16 09:35:16.000000000 +0000 +++ opensc-0.12.1/doc/man.out/sc_write_record.3 1970-01-01 00:00:00.000000000 +0000 @@ -1,69 +0,0 @@ -'\" t -.\" Title: sc_write_record -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC API reference -.\" Source: opensc -.\" Language: English -.\" -.TH "SC_WRITE_RECORD" "3" "02/16/2010" "opensc" "OpenSC API reference" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sc_write_record \- Write a record to a file -.SH "SYNOPSIS" -.PP - -.sp -.if n \{\ -.RS 4 -.\} -.nf -#include - -int sc_write_record(struct sc_card *card, unsigned int record, - const unsigned char *buf, size_t buflen, - unsigned long flags); - -.fi -.if n \{\ -.RE -.\} -.sp -.SH "DESCRIPTION" -.PP -This function writes a record that is -\fIbuflen\fR -bytes long from the buffer pointed to by -\fIbuf\fR -to a record\-structured elementary file (EF) on -\fIcard\fR\&. The function corresponds to the ISO 7816 WRITE RECORD function\&. Call -sc_select_file() -first to select the file to write to\&. -.PP - -\fIrecord\fR -specifies the ID of the record to be written, or, if -\fIflags\fR -is set to -SC_RECORD_BY_REC_NR, the record number\&. If -\fIrecord\fR -is set to zero, the current record will be read\&. -.PP -This function is used for newly created files only; for updating or appending to existing files, see the -sc_update_record() -and -sc_append_record() -functions, respectively\&. -.SH "RETURN VALUE" -.PP -Returns the number of bytes written if successful, or a negative value in case of error\&. diff -Nru opensc-0.11.13/doc/man.out/westcos-tool.1 opensc-0.12.1/doc/man.out/westcos-tool.1 --- opensc-0.11.13/doc/man.out/westcos-tool.1 2010-02-16 09:35:18.000000000 +0000 +++ opensc-0.12.1/doc/man.out/westcos-tool.1 1970-01-01 00:00:00.000000000 +0000 @@ -1,130 +0,0 @@ -'\" t -.\" Title: westcos-tool -.\" Author: [see the "Authors" section] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/16/2010 -.\" Manual: OpenSC tools -.\" Source: opensc -.\" Language: English -.\" -.TH "WESTCOS\-TOOL" "1" "02/16/2010" "opensc" "OpenSC tools" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -westcos-tool \- utility for manipulating data structure on westcos smart card and similar security tokens -.SH "SYNOPSIS" -.PP - -\fBwestcos\-tool\fR -[OPTIONS] -.SH "DESCRIPTION" -.PP -The -\fBwestcos\-tool\fR -utility is used to manipulate the westcos data structures on 2 Ko smart cards\&. Users can create PINs, keys and certificates stored on the token\&. User PIN authentication is performed for those operations that require it\&. -.SH "OPTIONS" -.PP -.PP -\fB\-G\fR -.RS 4 -Generate a private key on smart card\&. The smart card must be not finalized and pin installed (ig\&. file for pin must be created, see option \-i)\&. By default key length is 1536 bits\&. User authentication is required for this operation\&. -.RE -.PP -\fB\-L\fR \fIlength\fR -.RS 4 -Change the length of private key, use with -\fB\-G\fR\&. -.RE -.PP -\fB\-i\fR -.RS 4 -Install pin file in token, you must provide pin value with -\fB\-pin\fR\&. -.RE -.PP -\fB\-pin\fR \fIvalue\fR -.RS 4 -set value of pin\&. -.RE -.PP -\fB\-puk\fR \fIvalue\fR -.RS 4 -set value of puk (or value of new pin for change pin command see -\fB\-n\fR)\&. -.RE -.PP -\fB\-n\fR -.RS 4 -Changes a PIN stored on the token\&. User authentication is required for this operation\&. -.RE -.PP -\fB\-u\fR -.RS 4 -Unblocks a PIN stored on the token\&. Knowledge of the Pin Unblock Key (PUK) is required for this operation\&. -.RE -.PP -\fB\-cert\fR \fIfile\fR -.RS 4 -Write certificate -\fIfile\fR -in pem format on the card\&. User authentication is required for this operation\&. -.RE -.PP -\fB\-F\fR -.RS 4 -Finalize the card, once finalize default key is invalidate so pin and puk can\'be changed anymore without user authentification\&. Warning, smart cards not finalized are unsecure because pin can be changed without user authentification (knowledge of default key is enougth)\&. -.RE -.PP -\fB\-r\fR \fIn\fR -.RS 4 -Forces -\fBwestcos\-tool\fR -to use reader number -\fIn\fR -for operations\&. -.RE -.PP -\fB\-gf\fR \fIpath\fR -.RS 4 -Get the file -\fIpath\fR -the file is written on disk with -\fIpath\fR -name\&. User authentication is required for this operation\&. -.RE -.PP -\fB\-pf\fR \fIpath\fR -.RS 4 -Put the file with name -\fIpath\fR -from disk to card the file is written in -\fIpath\fR\&. User authentication is required for this operation\&. -.RE -.PP -\fB\-v\fR -.RS 4 -Causes -\fBwestcos\-tool\fR -to be more verbose\&. Specify this flag several times to enable debug output in the OpenSC library\&. -.RE -.PP -\fB\-h\fR -.RS 4 -Print help message on screen\&. -.RE -.SH "SEE ALSO" -.PP -opensc(7) -.SH "AUTHORS" -.PP -\fBwestcos\-tool\fR -was written by Francois Leblanc -francois\&.leblanc@cev\-sa\&.com\&. diff -Nru opensc-0.11.13/doc/man.xsl opensc-0.12.1/doc/man.xsl --- opensc-0.11.13/doc/man.xsl 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/doc/man.xsl 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,4 @@ + + + + diff -Nru opensc-0.11.13/doc/nonpersistent/ChangeLog opensc-0.12.1/doc/nonpersistent/ChangeLog --- opensc-0.11.13/doc/nonpersistent/ChangeLog 2010-02-16 09:34:46.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/ChangeLog 1970-01-01 00:00:00.000000000 +0000 @@ -1,20454 +0,0 @@ -2010-02-16 09:02 aj - - * releases/opensc-0.11.13/NEWS, - releases/opensc-0.11.13/configure.ac: Prepare final release - 0.11.13. - -2010-02-15 20:57 s - - * releases/opensc-0.11.13/src/pkcs11/framework-pkcs15.c: backport - r4032: fix SIGABRT - -2010-02-15 20:10 s - - * releases/opensc-0.11.13/src/libopensc/pkcs15-prkey.c, - releases/opensc-0.11.13/src/pkcs11/framework-pkcs15.c: backport - r4027 r4028: fix leaks - -2010-02-15 15:17 aj - - * releases/opensc-0.11.13/src/libopensc/sc.c: backport of revision - r3999 Fix bebytes2ushort function, reported by Roland Schwarz. - (The broken code causes musclecard to fail in some situations...) - -2010-02-12 15:40 s - - * releases/opensc-0.11.13/NEWS: update on NEWS - -2010-02-12 14:38 s - - * releases/opensc-0.11.13/src/libopensc/sc.c: backport r3925 - -2010-02-12 14:36 s - - * releases/opensc-0.11.13/src/libopensc/card-rtecp.c, - releases/opensc-0.11.13/src/libopensc/card-rutoken.c, - releases/opensc-0.11.13/src/libopensc/cardctl.h, - releases/opensc-0.11.13/src/pkcs15init/pkcs15-rutoken.c, - releases/opensc-0.11.13/src/tools/rutoken-tool.c: backport r3811 - r3863 r3865: fix Rutoken S ABI - -2010-02-12 14:22 s - - * releases/opensc-0.11.13/src/libopensc/card-rtecp.c, - releases/opensc-0.11.13/src/libopensc/cardctl.h, - releases/opensc-0.11.13/src/libopensc/errors.h, - releases/opensc-0.11.13/src/libopensc/pkcs15-algo.c, - releases/opensc-0.11.13/src/libopensc/pkcs15-pubkey.c, - releases/opensc-0.11.13/src/libopensc/pkcs15.h, - releases/opensc-0.11.13/src/pkcs11/framework-pkcs15.c, - releases/opensc-0.11.13/src/pkcs11/openssl.c, - releases/opensc-0.11.13/src/pkcs15init/pkcs15-rtecp.c: backport - r3800 r3845 r3859 r3868: fix leak and GOSTR3410 pub_key - -2010-02-12 14:12 s - - * releases/opensc-0.11.13/src/pkcs11/framework-pkcs15.c: backport - r3798 r3799: fix leaks - -2010-02-11 14:12 aj - - * releases/opensc-0.11.13/NEWS, - releases/opensc-0.11.13/configure.ac: 0.11.13 release will be - created here. - -2010-02-11 14:07 aj - - * releases/opensc-0.11.13: prepare for 0.11.13 release. - -2009-12-18 13:22 aj - - * releases/opensc-0.11.12/WORKAROUND: remove temp. workaround. - -2009-12-18 13:21 aj - - * releases/opensc-0.11.12/NEWS, - releases/opensc-0.11.12/configure.ac: Create OpenSC 0.11.12 - Release. - -2009-12-18 13:20 aj - - * releases/opensc-0.11.12/NEWS, - releases/opensc-0.11.12/src/pkcs15init/entersafe.profile: Fix - entersafe profile - by xiaoshuo from ftsafe, thanks to Marc for - testing. - -2009-12-14 18:19 aj - - * releases/opensc-0.11.12/configure.ac, - releases/opensc-0.11.12/src/libopensc/pkcs15-pin.c, - releases/opensc-0.11.12/src/libopensc/pkcs15-prkey.c, - releases/opensc-0.11.12/src/libopensc/pkcs15-pubkey.c, - releases/opensc-0.11.12/src/libopensc/pkcs15.h, - releases/opensc-0.11.12/src/pkcs15init/pkcs15-lib.c: Fix integer - workaround code. improve pkcs15 flags (p15_card->flags) - situation: don't write our internal flags to the card. - -2009-12-14 15:50 aj - - * releases/opensc-0.11.12/etc/opensc.conf.in, - releases/opensc-0.11.12/src/libopensc/asn1.c, - releases/opensc-0.11.12/src/libopensc/pkcs15-pin.c, - releases/opensc-0.11.12/src/libopensc/pkcs15-prkey.c, - releases/opensc-0.11.12/src/libopensc/pkcs15-pubkey.c, - releases/opensc-0.11.12/src/libopensc/pkcs15.c, - releases/opensc-0.11.12/src/libopensc/pkcs15.h: add workaround - for OpenSC <= 0.11.4 with bad encoding of Integers in asn.1: fix - starcos cards with negative keyReference or pinReference by - adding 256. - -2009-12-14 15:25 aj - - * releases/opensc-0.11.12/NEWS, - releases/opensc-0.11.12/WORKAROUND, - releases/opensc-0.11.12/configure.ac: document changes so far. - -2009-12-14 14:47 aj - - * releases/opensc-0.11.12: We need a new 0.11.12 release with the - integer fix / workaround. - -2009-10-26 19:49 aj - - * releases/opensc-0.11.11/NEWS, - releases/opensc-0.11.11/configure.ac: create final release. - -2009-10-24 06:29 aj - - * releases/opensc-0.11.11/NEWS, - releases/opensc-0.11.11/configure.ac: New rc2, should compile - with openssl 1.0.0 too. - -2009-10-24 06:28 aj - - * releases/opensc-0.11.11/src/pkcs11/openssl.c: fix: compile with - openssl-1.0 beta3 - http://www.opensc-project.org/pipermail/opensc-devel/2009-October/012702.html - Thanks to Kalev Lember, Patch by Aleksey Samsonov - -2009-10-23 13:10 aj - - * releases/opensc-0.11.11: Prepare release candidate. - -2009-10-23 13:09 aj - - * trunk/NEWS, trunk/configure.ac: Prepare release candidate. - -2009-10-23 13:08 aj - - * trunk/src/libopensc/card-myeid.c, - trunk/src/pkcs15init/myeid.profile, - trunk/src/pkcs15init/pkcs15-myeid.c: Improved myeid driver (by - Aventra) - -2009-10-23 12:12 ludovic.rousseau - - * trunk/configure.ac: Default PCSC provider is libpcsclite.so.1 - instead of libpcsclite.so See Debian bug #511344 - -2009-10-22 18:28 aj - - * trunk/src/libopensc/card-westcos.c, - trunk/src/libopensc/cardctl.h, - trunk/src/libopensc/p15emu-westcos.c, - trunk/src/pkcs15init/pkcs15-westcos.c, - trunk/src/tools/westcos-tool.c: Cleanup westcos driver to remove - warnings - by Franois Leblanc. - -2009-10-21 09:23 aj - - * trunk/NEWS: latest changes. - -2009-10-21 09:08 aj - - * trunk/src/pkcs15init/pkcs15-westcos.c, - trunk/src/tools/westcos-tool.c: rewrite code to support openssl - 0.9.7 so rsa variable is properly set. - -2009-10-21 07:27 aj - - * trunk/src/pkcs15init/pkcs15-westcos.c, - trunk/src/tools/westcos-tool.c: Make opensc / westcos driver - compile with openssl 0.9.7: It tests the version of openssl and - uses the old RSA_gererate_key if older the 0.9.8. By Douglas E. - Engert. - -2009-10-21 07:24 aj - - * trunk/src/libopensc/card-piv.c: remove the variable not - initialized error for "tag", and to fix another error when - loading a 3des key when the string passed to sc_hex_to_bin is - not terminated. By Douglas E. Engert - -2009-10-21 07:22 aj - - * trunk/src/libopensc/muscle.c, trunk/src/libopensc/muscle.h: Fix - warnings in muscle code - by Joo Poupino. - -2009-10-20 12:27 aj - - * trunk/NEWS, trunk/configure.ac: next release could be 0.11.11, - trunk is "-svn" preview. - -2009-10-20 12:25 aj - - * trunk/NEWS, trunk/configure.ac: Create new release 0.11.10 - -2009-10-13 14:20 s - - * trunk/src/pkcs11/framework-pkcs15.c: fix misprint - -2009-10-09 13:03 martin - - * trunk/src/libopensc/Makefile.mak: Fix windows/nmake build - -2009-10-09 05:46 s - - * trunk/src/pkcs15init/keycache.c: rollback: "fix pkcs11 access - with multiple PINs" - http://www.opensc-project.org/pipermail/opensc-devel/2009-October/012607.html - -2009-10-06 13:46 s - - * trunk/src/pkcs11/framework-pkcs15.c: framework-pkcs15.c:683: - warning: comparison of distinct pointer types lacks a cast - -2009-10-06 13:32 s - - * trunk/src/pkcs11/framework-pkcs15.c: fix OpenSC PKCS#11 object - grouping Thanks to Pierre Ossman - http://www.opensc-project.org/pipermail/opensc-devel/2009-October/012553.html - http://www.opensc-project.org/pipermail/opensc-devel/2009-October/012580.html - http://www.opensc-project.org/pipermail/opensc-devel/2009-October/012582.html - -2009-10-06 11:17 s - - * trunk/src/libopensc/cardctl.h: fix: key id for automatic - selection of the predefined directory (for rutoken-tool) - -2009-10-06 10:59 s - - * trunk/src/libopensc/card-rutoken.c, - trunk/src/libopensc/opensc.h, - trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/pkcs11-opensc.h, trunk/src/tools/pkcs11-tool.c: - remove dead code - -2009-10-06 08:22 s - - * trunk/src/pkcs15init/rutoken.profile: correct options "small" - and "default" in rutoken.profile - -2009-10-06 07:36 aj - - * trunk/src/libopensc/card-entersafe.c, - trunk/src/libopensc/card-myeid.c, - trunk/src/libopensc/card-piv.c, trunk/src/libopensc/card-tcos.c, - trunk/src/libopensc/card-westcos.c, - trunk/src/libopensc/pkcs15-esinit.c, - trunk/src/libopensc/reader-pcsc.c, - trunk/src/pkcs11/pkcs11-global.c, - trunk/src/pkcs15init/keycache.c, - trunk/src/pkcs15init/pkcs15-cardos.c, - trunk/src/pkcs15init/pkcs15-myeid.c, - trunk/src/pkcs15init/pkcs15-westcos.c, - trunk/src/tools/opensc-explorer.c, trunk/src/tools/util.c: kill - lots of warnings (unused variables, unsigned/signed comparison - etc.) - -2009-10-06 07:25 aj - - * trunk/NEWS, trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/card-gemsafeV2.c, - trunk/src/libopensc/cards.h, trunk/src/libopensc/ctx.c, - trunk/src/libopensc/dir.c, trunk/src/libopensc/pkcs15-pubkey.c, - trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: - remove gemsafeV2 code - not working properly, not maintained. - -2009-10-06 06:40 aj - - * trunk/NEWS: Add more NEWS entries. - -2009-10-06 06:36 aj - - * trunk/src/libopensc/card-westcos.c: westcos: use generic - select_file function (Aleksey Samsonov). - -2009-10-06 06:34 aj - - * trunk/src/libopensc/card-westcos.c, - trunk/src/pkcs15init/pkcs15-westcos.c: Allow building westcos - without openssl. (Franois Leblanc) - -2009-10-06 06:32 aj - - * trunk/NEWS, trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/card-gemsafeV2.c, - trunk/src/libopensc/cards.h, trunk/src/libopensc/ctx.c, - trunk/src/libopensc/dir.c, trunk/src/libopensc/pkcs15-pubkey.c, - trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: New - GemsafeV2 Emulation code by Georges Bart - -2009-10-05 18:40 s - - * trunk/src/libopensc/card-rtecp.c, trunk/src/libopensc/cardctl.h, - trunk/src/libopensc/libopensc.exports, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-algo.c, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15-pubkey.c, - trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h, - trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/mechanism.c, trunk/src/pkcs11/openssl.c, - trunk/src/pkcs11/pkcs11.h, trunk/src/pkcs11/sc-pkcs11.h, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/pkcs15-rtecp.c: add GOST R 34.10-2001 - algorithm (only PKCS#11) by Aktiv Co. - -2009-10-02 10:56 ludovic.rousseau - - * trunk/src/libopensc/card-entersafe.c: Move the declaration of - sbuff[] to avoid a compiler warning card-entersafe.c: In - function ‘entersafe_write_rsa_key_factor’: - card-entersafe.c:1131: warning: declaration of ‘sbuff’ shadows a - previous local card-entersafe.c:1126: warning: shadowed - declaration is here - -2009-10-02 10:54 ludovic.rousseau - - * trunk/src/libopensc/card-entersafe.c: comment out 2 unused - static functions card-entersafe.c:1591: warning: - ‘entersafe_card_ctl_1024’ defined but not used - card-entersafe.c:1378: warning: ‘entersafe_preinstall_rsa_1024’ - defined but not used - -2009-10-02 10:52 ludovic.rousseau - - * trunk/src/libopensc/card-entersafe.c: remove unused variables - card-entersafe.c: In function ‘entersafe_cipher_apdu’: - card-entersafe.c:172: warning: unused variable ‘r’ - card-entersafe.c:172: warning: unused variable ‘i’ - card-entersafe.c: In function ‘entersafe_process_fci’: - card-entersafe.c:434: warning: unused variable ‘len’ - card-entersafe.c:434: warning: unused variable ‘taglen’ - card-entersafe.c:433: warning: unused variable ‘p’ - card-entersafe.c:433: warning: unused variable ‘tag’ - card-entersafe.c: In function ‘entersafe_create_file’: - card-entersafe.c:775: warning: unused variable ‘r’ - -2009-10-02 10:49 ludovic.rousseau - - * trunk/src/libopensc/card-entersafe.c: card-entersafe.c:226: - warning: ‘tmp_rounded’ may be used uninitialized in this - function card-entersafe.c:226: note: ‘tmp_rounded’ was declared - here - -2009-10-02 10:48 ludovic.rousseau - - * trunk/src/libopensc/card-entersafe.c: card-entersafe.c:496: - warning: ‘r’ may be used uninitialized in this function - card-entersafe.c:496: note: ‘r’ was declared here - -2009-09-21 11:59 ludovic.rousseau - - * trunk/src/scconf/README.scconf: remove spaces at end of line - -2009-09-18 11:54 ludovic.rousseau - - * trunk/src/pkcs15init/keycache.c: fix pkcs11 access with multiple - PINs Thanks to Roman Himmes for the patch - http://www.opensc-project.org/pipermail/opensc-devel/2009-September/012426.html - -2009-09-17 07:50 aj - - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/Makefile.mak, - trunk/src/libopensc/card-myeid.c, trunk/src/libopensc/cardctl.h, - trunk/src/libopensc/cards.h, trunk/src/libopensc/ctx.c, - trunk/src/pkcs15init/Makefile.am, - trunk/src/pkcs15init/Makefile.mak, - trunk/src/pkcs15init/myeid.profile, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/pkcs15-myeid.c: Add myeid driver by Aventra. - -2009-09-16 11:29 martin - - * trunk/src/libopensc/card-rtecp.c: Fix "serial->len is used - uninitialized", By Aleksey Samsonov - -2009-09-12 07:04 aj - - * trunk/src/libopensc/card-westcos.c: More Westcos cleanups by - Aleksey Samsonov - -2009-09-11 09:48 aj - - * trunk/NEWS, trunk/doc/tools/tools.xml, - trunk/doc/tools/westcos-tool.xml, - trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/Makefile.mak, - trunk/src/libopensc/card-westcos.c, - trunk/src/libopensc/cardctl.h, trunk/src/libopensc/cards.h, - trunk/src/libopensc/ctx.c, trunk/src/libopensc/p15emu-westcos.c, - trunk/src/libopensc/pkcs15-syn.c, - trunk/src/pkcs15init/Makefile.am, - trunk/src/pkcs15init/Makefile.mak, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/pkcs15-westcos.c, - trunk/src/pkcs15init/westcos.profile, - trunk/src/tools/Makefile.am, trunk/src/tools/Makefile.mak, - trunk/src/tools/westcos-tool.c: New westcos driver by Franois - Leblanc. - -2009-07-29 07:03 aj - - * trunk/configure.ac: trunk is now post release. - -2009-07-29 07:02 aj - - * trunk/NEWS, trunk/configure.ac: Prepare for new release - -2009-07-23 08:56 aj - - * trunk/src/pkcs15init/pkcs15-entersafe.c: Weitao Sun: no one can - create more than 15 files under 5015 df. I increase it from 15 - to 48, and all are OK. - -2009-07-23 08:30 aj - - * trunk/src/pkcs11/pkcs11.h: Latest version from scute svn with - this change: Stef Walter: Make all constants UL that should be. - -2009-07-22 12:24 aj - - * trunk/src/pkcs15init/pkcs15-rtecp.c, - trunk/src/pkcs15init/pkcs15-rutoken.c: Aktiv Co./Aleksey - Samsonov: fix a bug in rutoken driver. - -2009-07-22 10:09 aj - - * trunk/src/libopensc/card-piv.c, - trunk/src/libopensc/pkcs15-piv.c: Douglas E. Engert: major - update for the PIV smartcard. The major issue is with getting - the length of an object or the cert contained in an object. The - PIV card does not have a directory on the card, So the previous - version tried to put off as long as possible the reading of - objects for performance so as to avoid having to read objects - that would not be used. The first standard, NIST 800-73, set - maximum sizes for objects. 800-73-2 removed this for - certificates. A certificate object can contain a certificate - which might be compressed. The only way to get the length of the - compressed certificate is to decompress it. Thus the - decompressed certificate could be larger then the container - object, so even if the PIV card had a directory, one would still - need to decompress the certificate to find its length. OpenSC - sc_read_binary will use the length obtained by using - sc_select_file(...,&file_out), and thus the lengths must be - determined in sc_select_file. Change are to card-piv.c and - pkcs15-piv.c and include: * The old cache code which was not - working was removed. * New cache code was added which caches all - object read from the card * If an object has a cert, the cert is - decompressed and also cached. * As part of reading an object the - first 8 bytes are read and this is then used to allocate a large - buffer to read in the object. * If pkcs15 or pkcs11 asks about a - certificate, the cert object will be read, and the cert - decompressed, to get the actual length. * If piv_select_file is - called with the file_out != NULL the object will be read to get - the length If called with NULL it will not be read. * The - enumeration of the objects now starts with 0. * - sc_ctx_suppress_errors_on and off are used to avoid file not - found messages which are are a by product of not having a - directory. * "Unsigned Card Holder Unique Identifier" object in - card-piv and pkcs15-piv.c had conflicting paths, as NIST - 800-72-1 had two tables with different paths. The enumtag for it - in card-piv.c was also wrong. - -2009-07-22 10:06 aj - - * trunk/src/libopensc/pkcs15-gemsafeV1.c: Douglas E. Engert: The - pkcs15-gemsafeV1.c does not detect of the card present is in - fact a gemsafeV1 card, and thus it can end up issuing commands - to the wrong cards. - -2009-07-02 13:59 jps - - * trunk/src/libopensc/card-muscle.c, trunk/src/libopensc/cards.h: - Add support for JCOP31 v2.4.1 with the modified muscle - applet[1]. This add support for 2048bit key and extended APDU. - [1] - http://www.opensc-project.org/pipermail/opensc-user/2009-June/003147.html - -2009-06-28 10:08 aj - - * trunk/src/pkcs11/Makefile.mak: Kalev Lember: fix - onepin-opensc-pkcs11.dll manifest embedding with Microsoft - compilers. - -2009-06-28 07:26 aj - - * trunk/src/libopensc/card-rtecp.c: Aktiv Co. / Aleksey Samsonov: - use generic code instead of identical funciton (now that the - generic code was fixed). - -2009-06-28 07:25 aj - - * trunk/src/libopensc/card-gemsafeV1.c: Aktiv Co. / Aleksey - Samsonov: use generic set_security_env code, remove duplicate - code. - -2009-06-28 07:23 aj - - * trunk/src/libopensc/iso7816.c: Aktiv Co. / Aleksey Samsonov: - Remove dead code. - -2009-06-28 07:22 aj - - * trunk/src/libopensc/iso7816.c: Aktiv Co. / Aleksey Samsonov: Add - assert() calls to check constant buffer size. - -2009-06-28 07:20 aj - - * trunk/src/libopensc/iso7816.c: Aktiv Co. / Aleksey Samsonov: - Check buffer length (*outlen) - -2009-06-28 07:19 aj - - * trunk/src/libopensc/iso7816.c: Aktiv Co. / Aleksey Samsonov: Fix - for the case when "apdu.resplen < 2" and checked buffer length. - -2009-06-28 07:17 aj - - * trunk/src/libopensc/iso7816.c: Aktiv Co. / Aleksey Samsonov: fix - case depending on length. also no need to null resplen or le - (done by sc_format_apdu). - -2009-06-28 07:11 aj - - * trunk/src/libopensc/ctx.c: Move emv driver to the end. - -2009-06-25 08:45 ludovic.rousseau - - * trunk/src/libopensc/iso7816.c: iso7816_set_security_env(): - correctly set P1 parameter in case of SC_SEC_OPERATION_DECIPHER - Thanks to Aleksey Samsonov for the patch - http://www.opensc-project.org/pipermail/opensc-devel/2009-June/012263.html - -2009-06-24 15:29 aj - - * trunk/NEWS: add a NEWS entry too. - -2009-06-24 15:26 aj - - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/Makefile.mak, - trunk/src/libopensc/card-rtecp.c, trunk/src/libopensc/cardctl.h, - trunk/src/libopensc/cards.h, trunk/src/libopensc/ctx.c, - trunk/src/pkcs15init/Makefile.am, - trunk/src/pkcs15init/Makefile.mak, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/pkcs15-rtecp.c, - trunk/src/pkcs15init/pkcs15init.exports, - trunk/src/pkcs15init/rutoken_ecp.profile: Add new rutoken_ecp - driver by Aktiv Co. / Aleksey Samsonov - -2009-06-16 09:17 ludovic.rousseau - - * trunk/src/tools/opensc-tool.c: print_file(): inverse "write" and - "erase" Thanks to Aleksey Samsonov for the patch - http://www.opensc-project.org/pipermail/opensc-devel/2009-June/012212.html - -2009-05-12 14:35 ludovic.rousseau - - * trunk/src/tools/cardos-tool.c: cardos_sm4h(): fix memory leaks. - Thanks to cppckeck(1) - -2009-05-12 14:29 ludovic.rousseau - - * trunk/src/libopensc/pkcs15-gemsafeV1.c: - sc_pkcs15emu_add_object(): fix a memory leak. thanks to - cppcheck(1) [pkcs15-gemsafeV1.c:419]: (error) Memory leak: obj - -2009-05-12 14:27 ludovic.rousseau - - * trunk/src/libopensc/pkcs15-gemsafeV1.c: do not cast calloc() - return value - -2009-05-07 13:09 aj - - * trunk/configure.ac: prep next release. - -2009-05-07 10:57 aj - - * trunk/NEWS, trunk/src/tools/pkcs11-tool.c: Fix security issue. - -2009-05-06 16:25 ludovic.rousseau - - * trunk/src/tools/cardos-tool.c: avoid a compilation failure with - --disable-openssl - -2009-04-23 18:02 alonbl - - * trunk/doc/Makefile.am: Fix --disable-man install from svn - checkout, by Ludovic Rousseau - -2009-04-23 18:00 alonbl - - * trunk/doc/Makefile.am: Fix --disable-man install from svn - checkout, by Ludovic Rousseau - -2009-04-21 16:43 alonbl - - * trunk/configure.ac: Fix GNU libiconv detection By Kalev Lember - The attached patch fixes GNU libiconv detection by adding an - additional libiconv symbol check to autoconf -liconv link test. - Right now some iconv implementations have only iconv* symbols - (GNU libc), some have only libiconv* (GNU libiconv), and some - have both defined (Mac OS X's iconv), so it's necessary to check - for both variants. - -2009-04-17 07:19 martin - - * trunk/src/libopensc/reader-pcsc.c: Fix SCardDisconnect reset - parameter. - -2009-04-15 07:52 martin - - * trunk/src/libopensc/internal.h, trunk/src/libopensc/opensc.h: - Move sc_check_sw to opensc.h - -2009-04-15 06:18 martin - - * trunk/src/libopensc/libopensc.exports: Export sc_check_sw, - required by external drivers and utilities. Thanks to Marc Rios - Valls. - -2009-04-14 15:21 aj - - * trunk/NEWS: Update news file too. - -2009-04-08 10:31 martin - - * trunk/src/libopensc/reader-pcsc.c: * Correctly set offsets for - PINs for PIN modification operations with pinpads. Thanks to - Robert Konklewski. * Only set messages if the reader has display - capabilities. * Detect rejected pinpad commands * Whitespace - fixes - -2009-04-08 09:40 martin - - * trunk/src/tools/pkcs11-tool.c: Engine API is not used. Thanks to - Robert Konklewski for noticing this. - -2009-04-03 19:54 alonbl - - * trunk/src/libopensc/reader-pcsc.c: Actually print SCardControl - result, thanks to martin - -2009-04-03 19:17 alonbl - - * trunk/src/libopensc/reader-pcsc.c: reader-pcsc - minor cleanups - in reader features 1. Indent fix. 2. Reorder conditions. 3. Do - not print error if SCardControl fails. - -2009-04-02 10:33 aj - - * trunk/NEWS: Document latest change. - -2009-04-02 10:32 aj - - * trunk/src/libopensc/card-entersafe.c, - trunk/src/libopensc/cardctl.h, trunk/src/libopensc/cards.h, - trunk/src/pkcs15init/entersafe.profile, - trunk/src/pkcs15init/pkcs15-entersafe.c: Entersafe changes by - Weitao Sun: 1.Card type FTCOS/PK-01C added. (new) 2.Limit pin - length in range [4,16). (bug fix) 3.Can not unblock PIN. (bug - fix) - -2009-03-25 14:31 ludovic.rousseau - - * trunk/src/libopensc/muscle.c: Do not use msc_crypt_process - (OP_PROCESS). This operation is used to do multipart encryption - when, for example, the data is too big to fit in one APDU. It - basically calls the Cipher.update() method until all data has - been processed. However, the Java Card API documentation advises - against using update(): "This method requires temporary storage - of intermediate results. In addition, if the input data length - is not block aligned (multiple of block size) then additional - internal storage may be allocated at this time to store a - partial input data block. This may result in additional resource - consumption and/or slow performance. This method should only be - used if all the input data required for the cipher is not - available in one byte array. If all the input data required for - the cipher is located in a single byte array, use of the - doFinal() method to process all of the input data is - recommended." As the card's JVM was returning an internal - exception when using OP_PROCESS, it was decided to implement an - msc_crypt_final_object() function in OpenSC that uses the - msc_object_*() functions to read/write all the data from the - card. This way, it is possible to transmit/receive "arbitrarily" - large data chunks to/from the card and use doFinal(). This is - the fallback method when, for example, using 2048 bit keys and - the card doesn't support extended APDUs. Thanks to Joao Poupino - for the patch - http://www.opensc-project.org/pipermail/opensc-devel/2009-March/011978.html - -2009-03-25 14:22 ludovic.rousseau - - * trunk/src/libopensc/reader-pcsc.c: pcsc_internal_transmit(): do - not limit the size of the reception buffer to 258. This check is - no more needed now that pcsc-lite can handle extended APDU. - Thanks to Joao Poupino for the patch - http://www.opensc-project.org/pipermail/opensc-devel/2009-March/011978.html - -2009-03-25 13:55 ludovic.rousseau - - * trunk/src/libopensc/card-muscle.c, trunk/src/libopensc/cards.h: - Detect the eToken 72K and activate RSA 2048 and extended APDU - for it. Thanks to Joao Poupino for the patch - http://www.opensc-project.org/pipermail/opensc-devel/2009-March/011978.html - -2009-03-25 13:50 ludovic.rousseau - - * trunk/src/libopensc/muscle.h: Change MSC_MAX_APDU to make some - buffers larger to support extended APDUs. The change was only - from 256 to 512 bytes since it is more than enough for 2048 bit - keys; Thanks to Joao Poupino for the patch - http://www.opensc-project.org/pipermail/opensc-devel/2009-March/011978.html - -2009-03-25 13:47 ludovic.rousseau - - * trunk/src/libopensc/muscle.c: msc_get_challenge(): return - SC_SUCCESS instead of dataLength in case of success Thanks to - Joao Poupino for the patch - http://www.opensc-project.org/pipermail/opensc-devel/2009-March/011978.html - -2009-03-25 13:42 ludovic.rousseau - - * trunk/src/libopensc/muscle.c: msc_get_challenge(): use 0x62 - instead of 0x72 for GET CHALLENGE as it is the value used by the - Muscle applet (INS_GET_CHALLENGE) Thanks to Joo Poupino for the - patch - http://www.opensc-project.org/pipermail/opensc-devel/2009-March/011978.html - -2009-03-21 11:17 martin - - * trunk/src/libopensc/reader-ctapi.c: Fix typo - -2009-03-21 11:09 martin - - * trunk/src/libopensc/internal-winscard.h, - trunk/src/libopensc/reader-pcsc.c: Add support for LCD detection - on pinpad devices. * Update IOCTL definitions to PC/SC part 10 - v2.02.05 * Return SC_SUCCESS instead of 0 if returning SC_ - codes. * Detect the presence of a display with - FEATURE_IFD_PIN_PROPERTIES Tested with patched CCID driver on OS - X, with SPR532 (no display) and OK3821 (with display) Known CCID - reader with a display: ATMEL_AT91SO.txt: wLcdLayout: 0x0210 - CardMan3821.txt: wLcdLayout: 0x0210 Kobil_EMV_CAP.txt: - wLcdLayout: 0x0210 Xiring_XI-SIGN.txt: wLcdLayout: 0x020C - Xiring_XI-SIGN_6000.txt: wLcdLayout: 0x020C - -2009-03-19 17:54 martin - - * trunk/src/libopensc/reader-pcsc.c: * Display the default CCID - message for PIN verification if the reader has a display * Part - 10 -> PC/SC v2 - -2009-03-18 10:18 martin - - * trunk/src/libopensc/reader-pcsc.c: Fix Global Platform PINs with - CCID pinpads. Thanks to Franois Leblanc for the report: - http://www.opensc-project.org/pipermail/opensc-devel/2009-March/011947.html - -2009-03-12 08:33 ludovic.rousseau - - * trunk/src/tools/pkcs11-tool.c: store the generated public key on - the token. Thanks to Rickard Bondesson for the patch - http://www.opensc-project.org/pipermail/opensc-devel/2009-February/011884.html - -2009-03-07 21:55 alonbl - - * trunk/src/libopensc/internal-winscard.h: Fix Windows PINPAD - mingw issue Thanks to Franois Leblanc - http://www.opensc-project.org/pipermail/opensc-devel/2009-March/011932.html - -2009-03-06 09:30 aj - - * trunk/src/pkcs15init/pkcs15-lib.c: check if len or p is 0/NULL - and return. - -2009-03-06 09:26 aj - - * trunk/src/pkcs15init/pkcs15-lib.c: fix typo. - -2009-03-05 18:37 aj - - * trunk/src/pkcs15init/pkcs15-lib.c: Improve this function even - more. - -2009-03-05 15:28 aj - - * trunk/src/pkcs15init/pkcs15-lib.c: resolve an "undefined code" - situation. the old code was undefined, but ok (variables where - never used again in the "goto error" case). but the new code - should be clearer on this. - -2009-03-05 15:15 aj - - * trunk/src/pkcs15init/gpk.profile: change base id so it does not - overlap with the next one. - -2009-02-26 08:58 aj - - * trunk/NEWS: created final release. - -2009-02-25 09:13 ludovic.rousseau - - * trunk/src/pkcs11/misc.c: removed unused variable misc.c:317: - warning: unused variable 'i' - -2009-02-25 09:10 ludovic.rousseau - - * trunk/src/pkcs11/misc.c: iattr_extract(): use - sizeof(CK_CERTIFICATE_TYPE) for a CKA_CERTIFICATE_TYPE thanks to - Wan-Teh Chang for the better patch - http://www.opensc-project.org/pipermail/opensc-devel/2009-February/011892.html - -2009-02-24 17:15 ludovic.rousseau - - * trunk/src/pkcs11/misc.c: attr_extract(): use sizeof(CK_ULONG) - instead of sizeof(CKA_CERTIFICATE_TYPE) Thanks to Marc Rios - Valles for the patch - http://www.opensc-project.org/pipermail/opensc-devel/2009-February/011890.html - -2009-02-03 20:11 alonbl - - * trunk/configure.ac: Default PCSC CFLAGS from pkg-config - -2009-02-01 08:26 aj - - * trunk/NEWS: update NEWS file from 0.11.7 branch. - -2009-02-01 08:19 aj - - * trunk/configure.ac: trunk code is now working towards 0.11.8 - -2009-01-30 11:59 martin - - * trunk/src/pkcs11/framework-pkcs15.c: typo fix - -2009-01-29 11:50 martin - - * trunk/src/pkcs11/framework-pkcs15.c: hide_empty_tokens should - not affect emulated cards (always on) - -2009-01-29 11:47 martin - - * trunk/src/include/winconfig.h.in, - trunk/src/libopensc/Makefile.mak, trunk/win32/Make.rules.mak: - Fix native windows build, add iconv support - -2009-01-28 12:43 alonbl - - * trunk/src/libopensc/reader-pcsc.c: Optionally load - SCardControl132 on apple - -2009-01-28 12:28 martin - - * trunk/src/libopensc/reader-pcsc.c: Fix pinpads on OS X - -2009-01-28 12:10 alonbl - - * trunk/etc/opensc.conf.in, trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/Makefile.mak, - trunk/src/libopensc/card-rutoken.c, - trunk/src/libopensc/pkcs15-rutoken.c, - trunk/src/libopensc/pkcs15-syn.c, - trunk/src/pkcs15init/pkcs15-rutoken.c, - trunk/src/pkcs15init/rutoken.profile: Rutoken updates By Aktiv - Co. Aleksey Samsonov - use PKCS#15 (not builtin PKCS#15 - emulator) - rutoken.profile (add privdata) - correct using ACL - - correct erase procedure - -2009-01-23 09:30 alonbl - - * trunk/etc/opensc.conf.in, trunk/src/pkcs11/misc.c: Set default - of hide_empty_tokens to true - -2009-01-23 09:27 alonbl - - * trunk/src/libopensc/Makefile.am: Typo - -2009-01-23 09:14 alonbl - - * trunk/etc/opensc.conf.in, trunk/src/pkcs11/misc.c, - trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/sc-pkcs11.h: - Rename PKCS#11 v2_20_mode option to plug_and_play As it is the - only feature it controls. Also, change the default to true. - -2009-01-23 09:00 alonbl - - * trunk/configure.ac, trunk/src/libopensc/Makefile.am: Finally - remove eval stuff from autoconf - -2009-01-22 14:29 alonbl - - * trunk/configure.ac: Remove unused OPENSC_ETC_PATH - -2009-01-21 13:19 alonbl - - * trunk/src/libopensc/cards.h, trunk/src/libopensc/internal.h, - trunk/src/libopensc/opensc.h: Move all private factories into - private headers, the iso7816 factory is the only one which is - actually exposed - -2009-01-21 13:01 alonbl - - * trunk/src/libopensc/libopensc.exports: Add sc_get_iso7816_driver - as it is required for external drivers - -2009-01-20 08:45 alonbl - - * trunk/src/libopensc/internal-winscard.h: Add SCARD_E_NO_SERVICE - to internal-winscard.h - -2009-01-20 08:42 alonbl - - * trunk/src/libopensc/internal-winscard.h, - trunk/src/pkcs11/pkcs11-global.c: Revert 3630 - -2009-01-19 19:43 alonbl - - * trunk/src/libopensc/internal-winscard.h, - trunk/src/pkcs11/pkcs11-global.c: Add SCARD_E_NO_SERVICE to - internal-winscard.h - -2009-01-19 13:39 alonbl - - * trunk/configure.ac: Add PACKAGE_SUFFIX - -2009-01-19 13:32 alonbl - - * trunk/configure.ac: Expose version components into config.h - -2009-01-19 12:06 martin - - * trunk/etc/opensc.conf.in, trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/framework-pkcs15init.c, - trunk/src/pkcs11/misc.c, trunk/src/pkcs11/pkcs11-global.c, - trunk/src/pkcs11/sc-pkcs11.h: Configurable for PKCS#11 v2.20 - related changes. - Correctly report Cryptoki version if v2.20 is - used. - Consistently report no version for hardware/software we - know no version information about. - -2009-01-19 11:57 martin - - * trunk/src/libopensc/reader-pcsc.c: Correct PC/SC -> OpenSC error - code translation. - -2009-01-18 23:16 martin - - * trunk/src/libopensc/reader-pcsc.c: Recognize SCARD_E_NO_SERIVCE: - {{{ $ /Library/OpenSC/bin/opensc-tool -a [opensc-tool] - reader-pcsc.c:881:pcsc_detect_readers: SCardEstablishContext - failed: 0x8010001d [opensc-tool] - reader-pcsc.c:990:pcsc_detect_readers: returning with: Unknown - error No smart card readers found. }}} - -2009-01-16 21:27 alonbl - - * trunk/etc/opensc.conf.in, trunk/src/pkcs15init/profile.c: Set - hardcoded default for profile_dir - -2009-01-16 20:52 alonbl - - * trunk/configure.ac: More iconv build fixes - -2009-01-16 20:21 alonbl - - * trunk/configure.ac: Fix external iconv override - -2009-01-16 17:48 alonbl - - * trunk/configure.ac, trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/pkcs15-esteid.c: Correct iconv support - -2009-01-16 17:13 alonbl - - * trunk/configure.ac: Revert r3612, the autoconf warning is - correct and be the default in future - -2009-01-16 16:44 martin - - * trunk/etc/opensc.conf.in, trunk/src/pkcs11/misc.c, - trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/sc-pkcs11.h, - trunk/src/pkcs11/slot.c: Make PKCS#11 module default slot - configuration more sensible: * Increase default slot count to - 16, which equals 4 concurrent readers by default * 2 OpenCT + 2 - PC/SC on Linux for example * Rename num_slots to slots_per_card - * Rename internal PKCS#11 variables, remove unneeded defines. - -2009-01-16 16:12 martin - - * trunk/etc/opensc.conf.in, trunk/src/libopensc/reader-openct.c: - Limit virtual OpenCT readers to a sane default of 2 - readers/tokens by default. Most users don't use more than one or - two tokens concurrently. This way default configuration (or with - no configuration file) works even after you insert a PC/SC - reader as OpenCT does not "eat up" all PKCS#11 slots with 5 - virtual readers. - -2009-01-15 23:55 martin - - * trunk/configure.ac: link with iconv on Mac OS X, to support - [3616] - -2009-01-15 23:20 martin - - * trunk/configure.ac, trunk/src/libopensc/pkcs15-esteid.c: Linux - compatible PKCS#11-friendly changes to EstEID PKCS#15 emulation - driver to display the name of the cardholder in token label - field. - -2009-01-15 21:40 martin - - * trunk/src/libopensc/reader-pcsc.c: PC/SC readers have always - only one slot per reader. - -2009-01-15 21:23 martin - - * trunk/src/libopensc/reader-ctapi.c, - trunk/src/libopensc/reader-pcsc.c: Remove some - unused/prehistoric defines. - -2009-01-15 21:08 martin - - * trunk/etc/opensc.conf.in, trunk/src/libopensc/pkcs15-syn.c, - trunk/src/libopensc/pkcs15.h: Fix PKCS#15 emulation handling: * - Work as expected without a configuration file * "Normalize" the - configuration file: show the used default and give examples with - opposite values. * DWIM: * If there is no config file: try all - builtin drivers * If there is a configuration file, allow to - turn emulation off * If there is a configuration file, allow to - filter the list of internal drivers * Introduce a PKCS#15 layer - card flag for emulated cards - -2009-01-15 20:05 martin - - * trunk/configure.ac: Get rid of configure warnings: {{{ - configure: WARNING: winscard.h: accepted by the compiler, - rejected by the preprocessor! configure: WARNING: winscard.h: - proceeding with the compiler's result }}} - -2009-01-15 20:01 martin - - * trunk/configure.ac: Provide default system PCSC_CFLAGS on Mac OS - X - * trunk/src/libopensc/card.c: Mac OS X 10.5.6 fixes the ATR - padding bug. - -2009-01-01 20:55 alonbl - - * trunk/doc/Makefile.am, trunk/doc/nonpersistent/Makefile.am: Fix - doc build issues 1. VPATH issue. 2. Parallel build issue, - suggested by Ludovic Rousseau. - -2008-12-28 21:28 alonbl - - * trunk/src/libopensc/libopensc.exports, - trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h, - trunk/src/tools/pkcs15-init.c: Allow delete data objects by - specifying application-name and label - -2008-12-28 18:45 alonbl - - * trunk/etc/opensc.conf.in: Add PKCS#11 specification limitation - note - -2008-12-28 18:37 alonbl - - * trunk/etc/opensc.conf.in: Typeo - -2008-12-28 16:07 aj - - * trunk/src/pkcs15init/asepcos.profile, - trunk/src/pkcs15init/cardos.profile, - trunk/src/pkcs15init/cyberflex.profile, - trunk/src/pkcs15init/entersafe.profile, - trunk/src/pkcs15init/flex.profile, - trunk/src/pkcs15init/gpk.profile, - trunk/src/pkcs15init/incrypto34.profile, - trunk/src/pkcs15init/jcop.profile, - trunk/src/pkcs15init/muscle.profile, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/starcos.profile: Create new type "privdata" - in all profiles with different ACL settings, and check - C_CreateObject parameter CKA_PRIVATE aka pkcs15_create_data - args.auth_id variable, aka sc_pkcs15init_new_object - object->flags & SC_PKCS15_CO_FLAG_PRIVATE to decide if "data" or - "privdata" profile needs to be used. Tested with cryptoflex 32k - and opensc-explorer, now I no longer can "get" the data object - file stored with "--private". - -2008-12-28 16:01 aj - - * trunk/etc/opensc.conf.in, trunk/src/pkcs11/misc.c: Enable - lock_login by default for security. Disable soft_keygen by - default for security. Make defaults code more readable. - -2008-12-11 09:18 ludovic.rousseau - - * trunk/src/libopensc/internal-winscard.h: #include - on __APPLE__ to define DWORD, LONG, etc. Windows types - -2008-12-06 20:04 martin - - * trunk/src/tools/pkcs11-tool.c: Upgrade to safe and sane values - of late 2008 - -2008-12-06 18:49 alonbl - - * trunk/src/libopensc/opensc-config.in: Fix bug #86, thanks to - ville.skytta - -2008-12-06 11:41 martin - - * trunk/src/tools/opensc-tool.c, trunk/src/tools/util.c: Fixes #109 - -2008-12-05 15:57 martin - - * trunk/src/pkcs11/pkcs11-object.c: Cosmetic fix for [3595] - -2008-12-05 15:53 martin - - * trunk/src/pkcs11/pkcs11-display.c: Remove ancient unused code - -2008-12-05 15:48 martin - - * trunk/src/tools/util.c: DWIM: If you don't specify a reader on - the command line and you have more than one reader (for example, - OpenCT virtual readers and one existing PC/SC reader) the tools - will skip to the first reader that has a card in it. - -2008-11-27 10:44 ludovic.rousseau - - * trunk/src/pkcs11/pkcs11-display.c: add CKM_SHA256* and - CKM_SHA384* logs - -2008-11-24 22:06 martin - - * trunk/src/libopensc/iso7816.c, trunk/src/pkcs11/pkcs11-object.c, - trunk/src/pkcs11/pkcs11-spy.c, trunk/src/tools/pkcs11-tool.c: * - Fix issues with pkcs11-tool testing of - C_GenerateRandom/C_SeedRandom and OpenSC PKCS#11 implementation - of those functions. Thanks goes to Rickard Bondesson who noticed - the issues. - http://www.opensc-project.org/pipermail/opensc-devel/2008-November/011436.html - -2008-11-24 21:55 martin - - * trunk/src/libopensc/card-entersafe.c: typos - -2008-11-24 21:53 martin - - * trunk/src/pkcs11/pkcs11-display.c, - trunk/src/pkcs11/pkcs11-spy.c: Missing SHAs - -2008-11-21 22:34 martin - - * trunk/src/tools/pkcs11-tool.c: Add --list-token-slots / -T to - pkcs11-tool to list only slots with tokens. - -2008-10-27 19:17 alonbl - - * trunk/configure.ac: mingw32->mingw* - -2008-10-27 19:16 alonbl - - * trunk/configure.ac, trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/internal-winscard.h: Re-add pcsc-lite - compile-time dependency Win64 changed the SCARDCONTEXT from LONG - to ULONG_PTR, pcsc-lite did not follow this on 64bit platforms. - This breaks the pcsc module. To solve this we use installed - winscard.h in order to get proper declerations. As mingw32 does - not have winscard.h we keep current types. mingw64 and pcsc-lite - system have winscard.h. - -2008-10-26 19:13 alonbl - - * trunk/src/libopensc/reader-pcsc.c: Add some more debug - information to pcsc - -2008-10-26 14:48 alonbl - - * trunk/src/libopensc/internal-winscard.h: Resolve some conflict - with win64 - -2008-10-20 15:04 ludovic.rousseau - - * trunk/src/libopensc/reader-pcsc.c: use 0x%08lx instead of - 0x08%lx Thanks to Alon Bar-Lev for the patch - -2008-10-20 07:46 ludovic.rousseau - - * trunk/src/libopensc/reader-pcsc.c: display PC/SC error codes as - 0x08%lx instead of %lx to make it explicit they are hex values - -2008-10-20 07:27 ludovic.rousseau - - * trunk/src/libopensc/reader-pcsc.c: use SCARD_S_SUCCESS instead - of 0 - -2008-10-10 09:42 ludovic.rousseau - - * trunk/etc/opensc.conf.in: Add documentation: # - (max_virtual_slots/num_slots) limits the number of readers # - that can be used on the system. Default is then 8/4=2 readers. - -2008-10-10 09:39 ludovic.rousseau - - * trunk/src/pkcs11/slot.c: slot_get_token(): return - CKR_TOKEN_NOT_PRESENT if CKF_TOKEN_PRESENT is not set. Thanks to - Douglas E. Engert for the patch - http://www.opensc-project.org/pipermail/opensc-devel/2008-October/011361.html - -2008-10-09 13:05 ludovic.rousseau - - * trunk/src/pkcs11/slot.c: card_removed(): warning: comparison - between signed and unsigned - -2008-10-09 12:59 ludovic.rousseau - - * trunk/src/pkcs11/slot.c: card_initialize(): correctly associate - a reader to each virtual slot. Thanks to Douglas E. Engert for - the patch - http://www.opensc-project.org/pipermail/opensc-devel/2008-October/011359.html - -2008-10-09 09:02 ludovic.rousseau - - * trunk/doc/Makefile.am: make the * targets depend on only one - dependency to avoid problems on concurrent make (-j) - -2008-10-09 08:35 ludovic.rousseau - - * trunk/doc/Makefile.am: remove html.out and man.out before - filling them to avoid problems when/if they already contain a - html.tmp or man.tmp file (on the 3rd execution of make) - -2008-10-09 08:32 ludovic.rousseau - - * trunk/doc/tools/tools.xml: cardos-info is now cardos-tool - -2008-10-04 19:52 alonbl - - * trunk/src/tools/cardos-info, trunk/src/tools/cardos-info.bat: - Handle spaces correctly - -2008-10-04 19:35 alonbl - - * trunk/src/tools/cardos-info.bat: Make src/tools/cardos-info.bat - DOS format - -2008-10-04 19:33 alonbl - - * trunk/src/tools/cardos-info.bat: Make src/tools/cardos-info.bat - DOS format - -2008-10-04 19:32 alonbl - - * trunk/src/tools/Makefile.am, trunk/src/tools/cardos-info, - trunk/src/tools/cardos-info.bat: Fixup cardos-info scripts 1. - They are not binaries. 2. No need for resources. 3. Put in - separate files. Anyway, do we actually need these? why not just - document that cardos-tool should be used instead? - -2008-09-22 14:36 aj - - * trunk/src/tools/cardos-tool.c: fix apdu length check: 0..3 is - wrong (too short). 4 is ok. 5 is not (length byte for data, but - no data?). 6 or more is ok (length byte and data). checking for - "5" is not important. - -2008-09-22 14:21 jps - - * trunk/src/tools/cardos-tool.c: An erased CardOS with a StartKey - version 0xFF can now be directly formatted. Verbose output - contains now some useful data. - -2008-09-22 10:38 jps - - * trunk/src/tools/cardos-tool.c: fix some bad crash on Mac - -2008-09-22 09:47 jps - - * trunk/src/tools/cardos-tool.c: CardOS 4.2C is working too after - changing Default StartKey to 16 * 0xFF - -2008-09-22 08:35 jps - - * trunk/src/tools/cardos-tool.c: fixing typo - -2008-09-22 07:01 aj - - * trunk/src/tools/cardos-tool.c: Fix a comment and allow cardos - 4.3B too. Thanks to JP for testing. - -2008-09-19 10:21 aj - - * trunk/src/tools/cardos-tool.c, trunk/src/tools/pkcs15-tool.c: - fix a few missing \n - -2008-09-18 17:44 aj - - * trunk/doc/tools/cardos-tool.xml, trunk/src/tools/Makefile.am, - trunk/src/tools/cardos-tool.c: commit changes: cardos-info is - now cardos-tool. and it knows to format, at least some - cards/tokens with cardos. - -2008-09-18 17:43 aj - - * trunk/doc/tools/cardos-info.xml, - trunk/doc/tools/cardos-tool.xml, trunk/src/tools/cardos-info.c, - trunk/src/tools/cardos-tool.c: rename files only. - -2008-09-11 11:39 aj - - * trunk/doc/Makefile.am: the "-" for make must be in the first - line of a multi column command, not somewhere in the middle. - this code makes shell look for "-rm" command which does not - exist. fixing. "-" is not required in these cases, as "rm -f" - always returns 0. - -2008-09-10 12:44 alonbl - - * trunk/src/libopensc/card-entersafe.c, - trunk/src/libopensc/card-gemsafeV1.c: Fix for two apparent C - code bugs By Stanislav Brabec entersafe_init_pin_info() was - declared as int, but defined and used as void, resulting in a - function returning an unused pseudo-random value. - card-gemsafeV1.c uses comparison 'type == "DF"', which is always - false, as it compares pointer to a string with pointer to the - string "DF" in the code. - -2008-09-08 14:04 alonbl - - * trunk/doc/Makefile.am, trunk/doc/nonpersistent/Makefile.am: - Don't removed generated external files during distclean - -2008-08-27 06:19 aj - - * trunk/NEWS, trunk/configure.ac: Update trunk for new release. - -2008-08-20 15:20 aj - - * trunk/NEWS: Document recent changes. - -2008-08-20 15:17 aj - - * trunk/src/libopensc/pkcs15-gemsafeV1.c: Douglas E. Engert: The - pkcs15-gemsafeV1.c code assumes that the key_ref is always 3. - But that is not always the case. In our case it is 4. The patch - tries to determine the key_ref by looking at what appears to be - a table of allocated keys, and picking the first allocated key. - In case this is not always true, the patch will also allow for - the the opensc.conf card flag = n to specify the key_ref as the - low order 4 bits of the flag. - -2008-08-20 05:41 aj - - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/Makefile.mak, - trunk/src/libopensc/card-entersafe.c, - trunk/src/libopensc/cardctl.h, trunk/src/libopensc/cards.h, - trunk/src/libopensc/ctx.c, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/pkcs15-esinit.c, - trunk/src/libopensc/pkcs15-syn.c, - trunk/src/pkcs15init/Makefile.am, - trunk/src/pkcs15init/Makefile.mak, - trunk/src/pkcs15init/entersafe.profile, - trunk/src/pkcs15init/pkcs15-entersafe.c, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c: Add new entersafe driver for - ePass 3000 tokens. - -2008-08-12 14:48 aj - - * trunk/src/tools/pkcs15-tool.c: remove check for label - if you - set one with "pkcs15-init -C -l your-label" this check doesn't - work correctly. - -2008-08-12 09:51 ludovic.rousseau - - * trunk/src/pkcs11/pkcs11-display.c: print_mech_info(): replace - printf by fprintf to correctly redirect the log - -2008-07-31 13:25 aj - - * trunk/NEWS, trunk/src/libopensc/card-cardos.c, - trunk/src/tools/pkcs15-tool.c: Apply security fix. - -2008-07-31 12:43 aj - - * trunk/doc/nonpersistent/export-wiki.sh: update export script. - -2008-07-31 12:18 aj - - * trunk/NEWS: and update the date. - -2008-07-31 12:17 aj - - * trunk/NEWS: document this change. - * trunk/etc/opensc.conf.in, trunk/src/libopensc/pkcs15.c: make the - sign_with_decrypt hack configureable. - -2008-07-31 12:13 aj - - * trunk/src/libopensc/pkcs15.c: move checks to pkcs15_bind, where - we can look at the config. - -2008-07-30 14:00 alonbl - - * trunk/NEWS: Update NEWS - -2008-07-30 11:57 aj - - * trunk/NEWS, trunk/configure.ac: update configure and NEWS file. - -2008-07-27 15:50 cg2v - - * trunk/src/libopensc/card-cardos.c: export a GET DATA operation - for cardos so opensc-explorer's do_get works - -2008-07-27 15:18 cg2v - - * trunk/src/tools/pkcs15-tool.c: Don't free uninitialized memory - if pem_encode fails. - -2008-07-21 14:39 aj - - * trunk/src/tools/opensc-explorer.c: Chaskiel Grundman: I found - the following patch to opensc-explorer handy when cleaning up - after some failed keygens (but not all, since you can't delete - private key objects). It switches the card to the admin - lifecycle at startup: - -2008-07-21 14:35 aj - - * trunk/src/pkcs15init/pkcs15-cardos.c: Chaskiel Grundman: Nowhere - in pkcs15init/pkcs15-cardos.c is the user pin ever requested or - presented to the card. Since the update acl for the key object - uses the user pin, the GENERATE KEY operation fails when it - isn't logged in. - -2008-07-02 10:15 martin - - * trunk/win32/Make.rules.mak: Do not delete .exports files on make - clean - -2008-07-02 09:55 alonbl - - * trunk/src/libopensc/reader-pcsc.c: Make PC/SC work on Windows - again - -2008-06-11 10:14 alonbl - - * trunk/configure.ac: Detect libtool-1 or libtool-2 at runtime - -2008-06-09 08:32 alonbl - - * trunk/src/libopensc/Makefile.am: Revert pic changeset - -2008-06-09 08:31 alonbl - - * trunk/Makefile.am, trunk/src/libopensc/Makefile.am: More - aclocal->m4 - -2008-06-09 08:10 ludovic.rousseau - - * trunk/m4/acx_pthread.m4: upgrade from - http://autoconf-archive.cryp.to/acx_pthread.html - -2008-06-05 20:21 alonbl - - * trunk/configure.ac: Revert autoconf version prereq - -2008-06-05 17:06 alonbl - - * trunk/Makefile.am, trunk/aclocal, trunk/configure.ac, trunk/m4, - trunk/m4/acx_pthread.m4, trunk/m4/libassuan.m4: Rename - aclocal->m4 to be more standard - -2008-06-05 17:03 alonbl - - * trunk/Makefile.am, trunk/aclocal, trunk/aclocal/Makefile.am, - trunk/configure.ac, trunk/src/pkcs11/Makefile.am, - trunk/svnignore: Prepare for libtool-2 - -2008-05-26 11:35 alonbl - - * trunk/etc/opensc.conf.in: No point to maintain static list of - available drivers in configuration file, user can always use - opensc-tool to see available drivers - -2008-05-26 10:46 alonbl - - * trunk/src/tools/opensc-explorer.c: opensc-explorer double free - and cleanups $ opensc-explorer OpenSC Explorer version - 0.11.4-svn OpenSC [3F00]> cat only working EFs may be read - OpenSC [3F00]> cat only working EFs may be read opensc-explorer: - sc.c:492: sc_file_free: Assertion `sc_file_valid(file)' failed. - Aborted $ opensc-explorer OpenSC Explorer version 0.11.4-svn - OpenSC [3F00]> cd ff00 OpenSC [3F00/FF00]> cat only working EFs - may be read OpenSC [3F00/FF00]> cd .. opensc-explorer: sc.c:492: - sc_file_free: Assertion `sc_file_valid(file)' failed. Aborted By - Aktiv Co. Aleksey Samsonov And some more Cleanups - -2008-05-26 08:30 ludovic.rousseau - - * trunk/src/pkcs11/pkcs11-display.c: print_generic() & - print_print(): size is a CK_ULONG (unsigned) so compare using - "!= (CK_LONG)(-1)" instead of "> 0" - -2008-05-22 12:37 ludovic.rousseau - - * trunk/src/pkcs11/secretkey.c: completely initialize - pkcs11_secret_key_ops structure with NULL pointers - secretkey.c:225: warning: missing initializer secretkey.c:225: - warning: (near initialization for - 'pkcs11_secret_key_ops.destroy_object') - -2008-05-22 12:30 ludovic.rousseau - - * trunk/src/libopensc/pkcs15-rutoken.c: add missing prototype for - sc_pkcs15emu_rutoken_init_ex() - * trunk/src/libopensc/pkcs15-tcos.c: add missing prototype for - sc_pkcs15emu_tcos_init_ex() - -2008-05-22 12:26 ludovic.rousseau - - * trunk/src/libopensc/card-akis.c: do not use system as a variable - name. system() is also a function card-akis.c:400: warning: - declaration of 'system' shadows a global declaration - /usr/include/stdlib.h:730: warning: shadowed declaration is here - -2008-05-22 12:23 ludovic.rousseau - - * trunk/src/libopensc/reader-pcsc.c: remove two unused variables - reader-pcsc.c:739: warning: unused variable 'rv' - reader-pcsc.c:862: warning: unused variable 'again' - -2008-05-22 12:22 ludovic.rousseau - - * trunk/src/libopensc/reader-pcsc.c: Avoid variable name space - collision reader-pcsc.c:396: warning: declaration of 'priv' - shadows a previous local reader-pcsc.c:367: warning: shadowed - declaration is here reader-pcsc.c:909: warning: declaration of - 'reader' shadows a previous local reader-pcsc.c:901: warning: - shadowed declaration is here - -2008-05-22 12:14 ludovic.rousseau - - * trunk/src/common/compat_dummy.c: add a prototype for - compat_dummy() compat_dummy.c:2: warning: no previous prototype - for 'compat_dummy' - -2008-05-22 12:13 ludovic.rousseau - - * trunk/src/pkcs15init/pkcs15-cardos.c: use #ifdef instead of #if - pkcs15-cardos.c:547:5: warning: "SET_SM_BYTES" is not defined - pkcs15-cardos.c:585:5: warning: "SET_SM_BYTES" is not defined - -2008-05-20 09:47 ludovic.rousseau - - * trunk/src/pkcs11/pkcs11-spy.c: print_ptr_in(): change log format - -2008-05-20 09:41 ludovic.rousseau - - * trunk/src/pkcs11/pkcs11-spy.c: C_Initialize(): log the value of - the pInitArgs argument - -2008-05-14 18:34 alonbl - - * trunk/configure.ac: Fixup configure help strings - -2008-05-12 09:41 ludovic.rousseau - - * trunk/src/pkcs11/pkcs11-spy.c: C_Finalize(): do not unload the - module since the application may try to make PKCS#11 calls again - -2008-05-10 09:55 alonbl - - * trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/reader-openct.c: Better handle openct reader - replug, revert last change in pkcs11-pin - -2008-05-09 22:22 alonbl - - * trunk/src/libopensc/pkcs15-pin.c: Fix sc_pkcs15_verify_pin() to - handle OpenCT hotplug correctly - -2008-05-05 13:00 ludovic.rousseau - - * trunk/src/libopensc/muscle-filesystem.h, - trunk/src/libopensc/muscle.c, - trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/openssl.c, - trunk/src/pkcs11/pkcs11-display.c, trunk/src/scconf/parse.c, - trunk/src/scconf/sclex.c, trunk/src/signer/dialog.c, - trunk/src/signer/opensc-crypto.h, trunk/src/tests/print.c, - trunk/src/tests/sc-test.h, trunk/src/tools/opensc-explorer.c, - trunk/src/tools/piv-tool.c, trunk/src/tools/pkcs15-init.c: Use - size_t instead of int when needed, plus some other minor changes - Patch bug.1 included in Ticket #176 - -2008-05-05 09:51 ludovic.rousseau - - * trunk/src/tools/pkcs15-tool.c: use type size_t instead of int - since the 3rd argument of sc_format_asn1_entry() is void * using - int will fail on a 64-bits platform Closes Ticket #176 - -2008-05-02 17:56 alonbl - - * trunk/src/libopensc/pkcs15-pin.c: Verify PIN support Plug&Play - If card was reset or reader reconnected, verify can restart - transaction, as upper level will not cache PIN in this case. - -2008-04-29 17:01 alonbl - - * trunk/src/libopensc/ctx.c, - trunk/src/libopensc/internal-winscard.h, - trunk/src/libopensc/libopensc.exports, - trunk/src/libopensc/opensc.h, - trunk/src/libopensc/reader-ctapi.c, - trunk/src/libopensc/reader-openct.c, - trunk/src/libopensc/reader-pcsc.c, - trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/slot.c, - trunk/src/tools/opensc-tool.c: Plug&Play support This is not the - best solution, but focus on smallest code change. Changes: 1. - Add detect_readers() to reader opts, this adds new readers to - the end of the readers list until list is full. 2. Add - sc_ctx_detect_readers() that calls readers' detect_readers(). 3. - Fixup pcsc_lock() so that it reconnect to the card and report - proper error so caller may be notified if session was lost. 4. - Allow context to be created without readers. 5. Call - sc_ctx_detect_readers() from PKCS#11 C_GetSlotList with - NULL_PTR. 6. Allow no reader at detect_card, as reader my be - removed. 7. Since I broke ABI, I updated the external module - version requirement to match OpenSC version. In the future a - separate version should be maintained for each interface, this - should be unrelated to the package version. Alon --- svn merge - -r 3480:3505 - https://www.opensc-project.org/svn/opensc/branches/alonbl/pnp M - src/tools/opensc-tool.c M src/pkcs11/pkcs11-global.c M - src/pkcs11/slot.c M src/libopensc/reader-pcsc.c M - src/libopensc/internal-winscard.h M src/libopensc/ctx.c M - src/libopensc/reader-ctapi.c M src/libopensc/libopensc.exports M - src/libopensc/reader-openct.c M src/libopensc/opensc.h - -2008-04-29 06:11 alonbl - - * trunk/src/libopensc/asn1.c: SIGSEGV print_tags_recursive - fix - Patch opensc-0.11.4.trunk-r3502-fix-segv_print_tags_asn1.diff - (for trunk trunk revision 3502) is draft. Example 1 (SIGSEGV): - OpenSC Explorer version 0.11.4-svn OpenSC [3F00]> cd ff00 OpenSC - [3F00/FF00]> asn1 0001 Printing tags for buffer of length 512 - [Switching to Thread -1211906368 (LWP 25131)] By Aktiv Co. - Aleksey Samsonov - -2008-04-29 06:09 alonbl - - * trunk/src/libopensc/Makefile.mak, trunk/src/pkcs11/Makefile.mak, - trunk/src/pkcs15init/Makefile.mak, trunk/src/tests/Makefile.am, - trunk/src/tests/Makefile.mak, trunk/src/tools/Makefile.mak, - trunk/win32/Make.rules.mak, trunk/win32/versioninfo.rc.in.in: - More MSVC fixups by Douglas E. Engert - -2008-04-28 07:57 ludovic.rousseau - - * trunk/src/libopensc/card-akis.c, - trunk/src/libopensc/card-asepcos.c, - trunk/src/libopensc/card-atrust-acos.c, - trunk/src/libopensc/card-incrypto34.c, - trunk/src/libopensc/card-muscle.c, - trunk/src/libopensc/card-oberthur.c, - trunk/src/libopensc/card-piv.c, trunk/src/libopensc/card-tcos.c, - trunk/src/libopensc/p15card-helper.c, - trunk/src/libopensc/pkcs15-gemsafeV1.c, - trunk/src/libopensc/pkcs15-tcos.c, - trunk/src/libopensc/reader-pcsc.c: convert C++ in C comment - -2008-04-28 07:45 ludovic.rousseau - - * trunk/src/pkcs15init/pkcs15-oberthur.c: convert C++ comment in C - comment - -2008-04-28 07:44 ludovic.rousseau - - * trunk/src/pkcs15init/pkcs15-muscle.c: convert a C++ comment in C - comment - -2008-04-28 07:42 ludovic.rousseau - - * trunk/src/pkcs15init/pkcs15-rutoken.c: rutoken_new_file(): - initialize sec_attr pkcs15-rutoken.c:372: warning: 'sec_attr' - may be used uninitialized in this function - -2008-04-28 07:36 ludovic.rousseau - - * trunk/src/pkcs11/framework-pkcs15init.c: completely initialize - the sc_pkcs11_framework_ops structure (using NULL for undefined - callbacks) - -2008-04-28 07:33 ludovic.rousseau - - * trunk/src/pkcs11/debug.c: completely initialize the struct fmap - fields - -2008-04-28 07:24 ludovic.rousseau - - * trunk/src/libopensc/card.c: card.c:756: warning: unused variable - 'j' - -2008-04-28 07:23 ludovic.rousseau - - * trunk/src/libopensc/ctx.c: convert C++ comment in C comment (ISO - C90) - -2008-04-25 12:49 alonbl - - * trunk/src/tools/rutoken-tool.c: Use O_BINARY at rutoken - -2008-04-25 11:51 alonbl - - * trunk/src/tools/pkcs11-tool.c: Cleanup some Windows issues with - open - -2008-04-24 16:34 alonbl - - * trunk/src/libopensc/card-rutoken.c: rutoken: Some MSVC fixups, - by Aktiv Co. Aleksey Samsonov - -2008-04-24 06:32 alonbl - - * trunk/win32/opensc-install.bat: Add PATH comment for Windows - users - -2008-04-18 20:37 alonbl - - * trunk/bootstrap: Add --force to autoreconf - -2008-04-18 14:08 alonbl - - * trunk/src/include/opensc/Makefile.am, - trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/Makefile.mak, - trunk/src/libopensc/card-rutoken.c, - trunk/src/libopensc/libopensc.exports, - trunk/src/libopensc/pkcs15-prkey-rutoken.c, - trunk/src/libopensc/pkcs15-rutoken.c, - trunk/src/libopensc/rutoken.h, trunk/src/pkcs15init/Makefile.am, - trunk/src/pkcs15init/pkcs15-rutoken.c, - trunk/src/pkcs15init/rutoken.profile, - trunk/src/tools/rutoken-tool.c: ruToken fixups - http://www.opensc-project.org/pipermail/opensc-devel/2008-April/011057.html - By Aktiv Co. Aleksey Samsonov - -2008-04-17 10:05 alonbl - - * trunk/etc/Makefile.am: Make sure we generate opensc.conf every - time There is no dependency for autoconf variables, and we - provide the opensc.conf for Windows MSCVER build. - -2008-04-16 04:42 alonbl - - * trunk/src/common/Makefile.am, - trunk/src/common/compat_getopt_main.c, trunk/src/common/main.c: - common/main.c is part of getopt package - -2008-04-16 04:32 alonbl - - * trunk/src/libopensc/sc.c: Fix last reference to VERSION and not - PACKAGE_VERSION - -2008-04-13 17:57 alonbl - - * trunk/win32/opensc-install.bat: Add PKCS11-Spy to installer - -2008-04-13 17:51 alonbl - - * trunk/win32/Makefile.am, trunk/win32/opensc-install.bat: Add - simple Windows installer script for OpenSC As nobody want to - maintain UI installer, at least provide an installation script. - The opensc-install.bat should be run from the installed location. - -2008-04-12 21:54 alonbl - - * trunk/src/tools/opensc-tool.c: Add --get-conf-entry, - --set-conf-entry to opensc-tool Although not perfect, will - enable installer/users to perform some simple tasks against - configuration file. - -2008-04-11 12:52 alonbl - - * trunk/doc/Makefile.am, trunk/src/include/Makefile.am, - trunk/src/libopensc/Makefile.am, trunk/src/pkcs11/Makefile.am, - trunk/src/pkcs15init/Makefile.am, trunk/src/scconf/Makefile.am, - trunk/src/tools/Makefile.am: More fixups to maintainer-clean - -2008-04-10 12:21 alonbl - - * trunk/win32/versioninfo.rc.in.in: afxres.h is not needed - -2008-04-08 19:16 alonbl - - * trunk/win32/Makefile.am: No need for Makefile.mak in win32 - anymore - -2008-04-08 18:36 alonbl - - * trunk/Makefile.am, trunk/Makefile.mak, trunk/configure.ac, - trunk/src/include/Makefile.am, trunk/src/include/winconfig.h, - trunk/src/include/winconfig.h.in, - trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/Makefile.mak, trunk/src/pkcs11/Makefile.am, - trunk/src/pkcs11/Makefile.mak, trunk/src/pkcs15init/Makefile.am, - trunk/src/scconf/Makefile.am, trunk/src/tests/Makefile.mak, - trunk/src/tools/Makefile.am, trunk/src/tools/Makefile.mak, - trunk/win32/Make.rules.mak, trunk/win32/Makefile.am, - trunk/win32/Makefile.mak, trunk/win32/version.rc, - trunk/win32/versioninfo.rc.in, trunk/win32/versioninfo.rc.in.in: - Distribute autoconf generated files for MSVC build Construct - resource files and winconfig.h using autoconf substitutions. - -2008-04-08 17:56 alonbl - - * trunk/doc/Makefile.am: Typeo - -2008-04-07 21:35 alonbl - - * trunk/src/pkcs11/Makefile.mak, trunk/src/scconf/Makefile.mak, - trunk/win32/Make.rules.mak: More MSVC build additions (1) use - the exports for opensc-pkcs11.dll, onepin-opensc-pkcs11.dll, and - pkcs11-spy.dll (2) don't link common.lib with scconf.lib, to - avoid duplicate messages later. (3) add piv-tool to - openssl_programs. By Douglas E. Engert - -2008-04-07 21:28 alonbl - - * trunk/src/include/winconfig.h, trunk/win32/Make.rules.mak: - Support OPENSC_FEATURES for MSC build - -2008-04-07 19:42 alonbl - - * trunk/src/common/Makefile.mak, trunk/src/include/winconfig.h, - trunk/src/libopensc/Makefile.mak, trunk/src/pkcs11/Makefile.mak, - trunk/src/pkcs15init/Makefile.mak, - trunk/src/scconf/Makefile.mak, trunk/src/tools/Makefile.mak, - trunk/src/tools/eidenv.c, trunk/win32/Make.rules.mak, - trunk/win32/Makefile.am, trunk/win32/makedef.pl: Attached are - the latest mode to OpenSC svn 3462 to use the Makefile.mak files - to build on Windows. I got rutoken to compile, and took out the - #ifdef's I had in last week. The rutoken programmer declared - some variables in the middle of a block rather then having all - the declare statements at the beginning of a block as is - normally done in C. The Microsoft compile treats this as an - error. (Actual many errors.) The makedef.pl is no longer needed, - as the exports files can be used. Note that in the original - Makefile.mak files only opensc.def and pkcs15init.def were - created. winconfig.h has a number of changes. As discussed last - week this could be created by autoconf. I also noted that the - Active State Perl that was required for the makedef.pl has a - psed command that could be used like sed to update winconfig.h. - I did not attempt to do this. win32/Make.rules.mak - Use - ENABLE_OPENSSL and ENABLE_ZLIB src/tools/Makefile.mak - add the - rutoken.tool.exe src/tools/eidenv.c - use PACKAGE_VERSION - src/pkcs11/Makefile.mak - reorder the objest to match the list - in the Makefile.am. Makes it easier to read. - src/include/winconfig.h - The windows version of the config.h - Changes based on discussions on the list last week. - src/common/Makefile.mak - renamed modules. - src/pkcs15init/Makefile.mak - reordered, and added back the - rutoken modules replaced the use of makdef.pl to sue the exports - file. src/scconf/Makefile.mak - reordered objects. - src/libopensc/card-rutoken.c - error. Moved the declares to the - beginning of blocks. src/libopensc/Makefile.mak - reorder names, - and add rutoken. Use the libopensc.exports file. - src/libopensc/pkcs15-prkey-rutoken.c - more moving of declare - statements. By Douglas E. Engert - http://www.opensc-project.org/pipermail/opensc-devel/2008-April/011011.html - -2008-04-07 19:25 alonbl - - * trunk/src/libopensc/card-rutoken.c, - trunk/src/libopensc/pkcs15-prkey-rutoken.c: ruToken C fixups - http://www.opensc-project.org/pipermail/opensc-devel/2008-April/011011.html - By Douglas E. Engert - -2008-04-04 20:38 alonbl - - * trunk/src/libopensc/Makefile.am, trunk/src/pkcs11/Makefile.am, - trunk/src/pkcs15init/Makefile.am, trunk/src/scconf/Makefile.am, - trunk/src/signer/Makefile.am, trunk/win32/ltrc.inc: Some more - build cleanups - -2008-04-04 19:21 alonbl - - * trunk/doc/Makefile.am, trunk/doc/nonpersistent/Makefile.am: Fix - future issue with distcheck - -2008-04-04 16:46 alonbl - - * trunk/src/libopensc/internal-winscard.h: Fix some duplicate - symbols with Windows header files. Thanks to Douglas E. Engert. - -2008-04-04 16:21 alonbl - - * trunk/src/pkcs11/pkcs11-global.c: Fix MSVC compiler error - http://www.opensc-project.org/pipermail/opensc-devel/2008-April/010997.html - Thanks to Douglas E. Engert - -2008-04-04 06:05 alonbl - - * trunk/src/libopensc/internal-winscard.h: Fixup WINAPI location - By: Douglas E. Engert (2) Change the typdefs for the SC_*_t - routines. The WINAPI had to be moved. For example from: typedef - PCSC_API LONG (*SCardEstablishContext_t)... to: typedef LONG - (PCSC_API *SCardEstablishContext_t)... - -2008-04-04 05:39 alonbl - - * trunk/src/libopensc/pkcs15-prkey-rutoken.c: Solve some Windows - conflicts - -2008-04-02 19:48 alonbl - - * trunk/configure.ac: Fix default PC/SC provider for darwin, - thanks to Martin Paljak - -2008-04-02 05:44 alonbl - - * trunk/configure.ac, trunk/etc/Makefile.am, - trunk/etc/opensc.conf.in, trunk/src/libopensc/reader-pcsc.c: - Rename PC/SC library into PC/SC provider. Sync symbols between - configuration and source. Put default provider in opensc.conf, - opensc-tool. - -2008-04-01 20:41 alonbl - - * trunk/Makefile.am: Ignore -svn component so distcheck will pass - for svn versions - -2008-04-01 20:32 alonbl - - * trunk/configure.ac: Readd -svn version suffix, removed at - revision 3446 - -2008-04-01 20:10 alonbl - - * trunk/configure.ac: Add --with-pcsc-module to configure - -2008-04-01 19:58 alonbl - - * trunk/Makefile.am, trunk/doc/Makefile.am, - trunk/doc/nonpersistent/Makefile.am: More separate srcdir - fixups, make distcheck work - -2008-04-01 19:04 alonbl - - * trunk/Makefile.am, trunk/aclocal/Makefile.am, - trunk/configure.ac, trunk/doc/Makefile.am, - trunk/doc/nonpersistent/Makefile.am, trunk/etc/Makefile.am, - trunk/src/Makefile.am, trunk/src/common/Makefile.am, - trunk/src/include/Makefile.am, - trunk/src/include/opensc/Makefile.am, - trunk/src/libopensc/Makefile.am, trunk/src/openssh/Makefile.am, - trunk/src/pkcs11/Makefile.am, trunk/src/pkcs15init/Makefile.am, - trunk/src/scconf/Makefile.am, trunk/src/signer/Makefile.am, - trunk/src/signer/npinclude/Makefile.am, - trunk/src/tests/Makefile.am, - trunk/src/tests/regression/Makefile.am, - trunk/src/tools/Makefile.am, trunk/win32/Makefile.am: More - separate srcdir fixups - -2008-04-01 17:08 alonbl - - * trunk/src/libopensc/Makefile.am, trunk/src/pkcs11/Makefile.am, - trunk/src/pkcs15init/Makefile.am, trunk/src/scconf/Makefile.am, - trunk/src/tools/Makefile.am: More separate srcdir fixups - -2008-04-01 16:55 alonbl - - * trunk/doc/Makefile.am, trunk/doc/nonpersistent/Makefile.am, - trunk/etc/Makefile.am: More separate srcdir fixups - -2008-04-01 13:04 ludovic.rousseau - - * trunk/doc/Makefile.am: do not use api/*/*.xml but explicitely - expand the first * to avoid catching - api/xsl-stylesheets/catalog.xml - -2008-04-01 13:01 ludovic.rousseau - - * trunk/configure.ac, trunk/doc/Makefile.am: use $(srcdir) for - dist_noinst_DATA - -2008-04-01 12:43 ludovic.rousseau - - * trunk/doc/nonpersistent/Makefile.am, - trunk/src/libopensc/Makefile.am, trunk/src/pkcs11/Makefile.am, - trunk/src/pkcs15init/Makefile.am, trunk/src/scconf/Makefile.am, - trunk/src/signer/Makefile.am, trunk/src/tests/Makefile.am, - trunk/src/tools/Makefile.am: use $(srcdir) when needed to be - able to build in separate build directories using: cd foobar ; - ../configure srcdir=.. Thanks to Douglas E. Engert for the patch - http://www.opensc-project.org/pipermail/opensc-devel/2008-March/010959.html - -2008-04-01 12:35 ludovic.rousseau - - * trunk/src/libopensc/pkcs15-piv.c, - trunk/src/libopensc/pkcs15-prkey-rutoken.c, - trunk/src/libopensc/pkcs15-rutoken.c: use "pkcs15.h" instead of - (and similar) Thanks to Douglas E. Engert for - the patch - http://www.opensc-project.org/pipermail/opensc-devel/2008-March/010959.html - -2008-04-01 09:32 ludovic.rousseau - - * trunk/src/tools/rutoken-tool.c: #include to - avoid a compilation warning rutoken.h:4: warning: 'struct - sc_pkcs15_prkey' declared inside parameter list rutoken.h:4: - warning: its scope is only this definition or declaration, which - is probably not what you want - -2008-03-29 20:34 alonbl - - * trunk/configure.ac: Trivial - -2008-03-27 14:13 alonbl - - * trunk/src/pkcs11/Makefile.am: Install PKCS#11 providers at bin - for Windows This will place file in more expected location, and - reduce runtime dependencies as dependency DLL will be located at - the same directory. - -2008-03-26 06:24 alonbl - - * trunk/src/include/opensc/Makefile.am, - trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/card-rutoken.c, - trunk/src/libopensc/libopensc.exports, - trunk/src/libopensc/pkcs15-prkey-rutoken.c, - trunk/src/libopensc/rutoken.h, trunk/src/pkcs11/Makefile.am, - trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/pkcs11-opensc.h, trunk/src/pkcs11/pkcs11.h, - trunk/src/pkcs11/sc-pkcs11.h, - trunk/src/pkcs15init/pkcs15-rutoken.c, - trunk/src/tools/pkcs11-tool.c, trunk/src/tools/rutoken-tool.c: - ruToken cleanups Move constants out of standard files. Create - ruToken specific interface. Update symbols. Thread at: - http://www.opensc-project.org/pipermail/opensc-devel/2008-March/010917.html - Cleanup of: - http://www.opensc-project.org/pipermail/opensc-devel/2007-December/010617.html - -2008-03-24 16:05 alonbl - - * trunk/configure.ac: Cleanup conventions to meet other OpenSC - projects - -2008-03-20 13:36 alonbl - - * trunk/configure.ac: Revert last - -2008-03-20 13:06 alonbl - - * trunk/configure.ac: Need AC_LIBTOOL_DLOPEN for PKCS#11 module - -2008-03-19 21:23 alonbl - - * trunk/src/pkcs11/Makefile.am, trunk/src/pkcs11/sc-pkcs11.h: - Cygwin should load .dll version of PKCS#11 - -2008-03-19 20:30 alonbl - - * trunk/src/libopensc/internal-winscard.h: Fixup compile under - cygwin - -2008-03-17 15:17 ludovic.rousseau - - * trunk/src/libopensc/pkcs15-gemsafeV1.c: pkcs15-gemsafeV1.c:478: - warning: 'sc_pkcs15emu_add_pubkey' defined but not used - -2008-03-17 15:09 ludovic.rousseau - - * trunk/src/libopensc/pkcs15-gemsafeV1.c: change type from int to - unsigned int to avoid 2 compiler warnings: - pkcs15-gemsafeV1.c:150: warning: comparison between signed and - unsigned pkcs15-gemsafeV1.c:331: warning: comparison between - signed and unsigned - * trunk/src/libopensc/pkcs15-gemsafeV1.c: rename index -> - index_local to avoid a compiler warning pkcs15-gemsafeV1.c:126: - warning: declaration of 'index' shadows a global declaration - /usr/include/string.h:304: warning: shadowed declaration is here - * trunk/src/libopensc/pkcs15-gemsafeV1.c: use sc_debug/sc_error - instead of fprintf(stderr, ...) - -2008-03-17 15:03 ludovic.rousseau - - * trunk/src/libopensc/card-gemsafeV1.c: add ATR for the - GemSafeXpresso 16k R3.2 - -2008-03-15 19:58 alonbl - - * trunk/etc/Makefile.am: Fix opensc.conf dist again - -2008-03-15 18:12 alonbl - - * trunk/etc/Makefile.am: Don't distribute opensc.conf - -2008-03-15 13:24 alonbl - - * trunk/configure.ac: Fix typo - * trunk/configure.ac: Fixup autoconf detection - -2008-03-15 11:05 alonbl - - * trunk/configure.ac, trunk/src/libopensc/Makefile.am, - trunk/src/pkcs15init/Makefile.am: Fix libtool versioning issues - -2008-03-14 21:26 alonbl - - * trunk/configure.ac: Fixup autoconf help - -2008-03-14 07:44 alonbl - - * trunk/configure.ac: Minor cleanups - -2008-03-10 18:17 alonbl - - * trunk/configure.ac: Support >=autoconf-2.60 - -2008-03-10 16:38 aj - - * trunk/Makefile.am, trunk/doc/Makefile.am: use new MKDIR_P macro, - but depend on automake >= 1.10. - -2008-03-10 07:10 alonbl - - * trunk/configure.ac: Remove emptyline - -2008-03-10 06:45 aj - - * trunk/doc/Makefile.am: automake&co define mkdir_p, not MKDIR_P. - -2008-03-09 21:24 alonbl - - * trunk/Makefile.am, trunk/aclocal/Makefile.am, - trunk/doc/Makefile.am, trunk/doc/nonpersistent/Makefile.am, - trunk/etc/Makefile.am, trunk/src/Makefile.am, - trunk/src/common/Makefile.am, trunk/src/include/Makefile.am, - trunk/src/include/opensc/Makefile.am, - trunk/src/libopensc/Makefile.am, trunk/src/openssh/Makefile.am, - trunk/src/pkcs11/Makefile.am, trunk/src/pkcs15init/Makefile.am, - trunk/src/scconf/Makefile.am, trunk/src/signer/Makefile.am, - trunk/src/signer/npinclude/Makefile.am, - trunk/src/tests/Makefile.am, - trunk/src/tests/regression/Makefile.am, - trunk/src/tools/Makefile.am, trunk/win32/Makefile.am: Remove - useless comments - -2008-03-09 19:44 alonbl - - * trunk/configure.ac: Some build cleanups - -2008-03-09 15:34 alonbl - - * trunk/doc/nonpersistent/Makefile.am, - trunk/doc/nonpersistent/export-wiki.sh: Make export-wiki.sh - static across projects - -2008-03-09 15:13 alonbl - - * trunk/doc/nonpersistent/export-wiki.xsl: export-wiki.xsl now - works with new trac - -2008-03-09 12:01 alonbl - - * trunk/configure.ac, trunk/src/libopensc/Makefile.am, - trunk/src/pkcs15init/Makefile.am: Windows DLL suffix is actually - delta - -2008-03-09 11:48 alonbl - - * trunk/configure.ac: Add some missing AC_PROG - -2008-03-08 15:36 alonbl - - * trunk/Makefile.am: We don't need version constraint - -2008-03-06 16:06 alonbl - - * trunk, trunk/Makefile.am, trunk/aclocal, - trunk/aclocal/Makefile.am, trunk/configure.ac, - trunk/configure.in, trunk/doc, trunk/doc/Makefile.am, - trunk/doc/api, trunk/doc/api/apps, trunk/doc/api/asn1, - trunk/doc/api/card, trunk/doc/api/file, trunk/doc/api/html.xsl, - trunk/doc/api/init, trunk/doc/api/man.xsl, trunk/doc/api/misc, - trunk/doc/api/types, trunk/doc/api/util, trunk/doc/changelog.sh, - trunk/doc/export-wiki.sh, trunk/doc/export-wiki.xsl, - trunk/doc/generate-man.sh, trunk/doc/nonpersistent, - trunk/doc/nonpersistent/Makefile.am, - trunk/doc/nonpersistent/export-wiki.sh, - trunk/doc/nonpersistent/export-wiki.xsl, - trunk/doc/nonpersistent/svn2cl.xsl, trunk/doc/svn2cl.xsl, - trunk/doc/tools, trunk/doc/tools/pkcs15-profile.xml, trunk/etc, - trunk/etc/Makefile.am, trunk/etc/opensc.conf.in, trunk/man, - trunk/solaris, trunk/solaris/Makefile, trunk/src, - trunk/src/Makefile.am, trunk/src/common, - trunk/src/common/ChangeLog, - trunk/src/common/ChangeLog.compat_getopt, - trunk/src/common/LICENSE, - trunk/src/common/LICENSE.compat_getopt, - trunk/src/common/Makefile.am, - trunk/src/common/README.compat_getopt, - trunk/src/common/README.compat_strlcpy, - trunk/src/common/README.my_getopt, - trunk/src/common/README.strlcpy, - trunk/src/common/compat_dummy.c, - trunk/src/common/compat_getopt.3, - trunk/src/common/compat_getopt.c, - trunk/src/common/compat_getopt.h, - trunk/src/common/compat_getopt.txt, - trunk/src/common/compat_getpass.c, - trunk/src/common/compat_getpass.h, - trunk/src/common/compat_strlcpy.3, - trunk/src/common/compat_strlcpy.c, - trunk/src/common/compat_strlcpy.h, trunk/src/common/getopt.3, - trunk/src/common/getopt.txt, trunk/src/common/getpass.c, - trunk/src/common/my_getopt.c, trunk/src/common/my_getopt.h, - trunk/src/common/strlcpy.3, trunk/src/common/strlcpy.c, - trunk/src/common/strlcpy.h, trunk/src/include, - trunk/src/include/Makefile.am, trunk/src/include/opensc, - trunk/src/include/opensc/Makefile.am, - trunk/src/include/opensc/svnignore, trunk/src/libopensc, - trunk/src/libopensc/Makefile.am, trunk/src/libopensc/card-gpk.c, - trunk/src/libopensc/card-oberthur.c, - trunk/src/libopensc/card-piv.c, - trunk/src/libopensc/card-rutoken.c, - trunk/src/libopensc/compression.c, trunk/src/libopensc/ctx.c, - trunk/src/libopensc/internal-winscard.h, - trunk/src/libopensc/internal.h, - trunk/src/libopensc/libopensc.exports, - trunk/src/libopensc/log.c, trunk/src/libopensc/log.h, - trunk/src/libopensc/opensc-config.in, - trunk/src/libopensc/p15card-helper.c, - trunk/src/libopensc/part10.h, - trunk/src/libopensc/pkcs15-actalis.c, - trunk/src/libopensc/pkcs15-atrust-acos.c, - trunk/src/libopensc/pkcs15-esteid.c, - trunk/src/libopensc/pkcs15-gemsafeGPK.c, - trunk/src/libopensc/pkcs15-infocamere.c, - trunk/src/libopensc/pkcs15-openpgp.c, - trunk/src/libopensc/pkcs15-piv.c, - trunk/src/libopensc/pkcs15-postecert.c, - trunk/src/libopensc/pkcs15-prkey-rutoken.c, - trunk/src/libopensc/pkcs15-starcert.c, - trunk/src/libopensc/pkcs15-tcos.c, - trunk/src/libopensc/pkcs15-wrap.c, - trunk/src/libopensc/reader-openct.c, - trunk/src/libopensc/reader-pcsc.c, trunk/src/libopensc/sc.c, - trunk/src/libopensc/ui.c, trunk/src/openssh, - trunk/src/openssh/Makefile.am, trunk/src/pkcs11, - trunk/src/pkcs11/Makefile.am, - trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/mechanism.c, - trunk/src/pkcs11/opensc-pkcs11.exports, - trunk/src/pkcs11/openssl.c, trunk/src/pkcs11/pkcs11-display.c, - trunk/src/pkcs11/pkcs11-global.c, - trunk/src/pkcs11/pkcs11-object.c, trunk/src/pkcs11/pkcs11-spy.c, - trunk/src/pkcs11/pkcs11-spy.exports, - trunk/src/pkcs11/sc-pkcs11.h, trunk/src/pkcs15init, - trunk/src/pkcs15init/Makefile.am, - trunk/src/pkcs15init/pkcs15-gpk.c, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/pkcs15-oberthur.c, - trunk/src/pkcs15init/pkcs15-rutoken.c, - trunk/src/pkcs15init/pkcs15init.exports, - trunk/src/pkcs15init/profile.c, trunk/src/scconf, - trunk/src/scconf/Makefile.am, trunk/src/scconf/parse.c, - trunk/src/scconf/scconf.exports, trunk/src/signer, - trunk/src/signer/Makefile.am, trunk/src/signer/npinclude, - trunk/src/signer/npinclude/Makefile.am, - trunk/src/signer/signer.exports, trunk/src/tests, - trunk/src/tests/Makefile.am, trunk/src/tests/pintest.c, - trunk/src/tests/regression, - trunk/src/tests/regression/Makefile.am, - trunk/src/tests/sc-test.c, trunk/src/tools, - trunk/src/tools/Makefile.am, trunk/src/tools/cardos-info.c, - trunk/src/tools/cryptoflex-tool.c, trunk/src/tools/eidenv.c, - trunk/src/tools/netkey-tool.c, - trunk/src/tools/opensc-explorer.c, - trunk/src/tools/opensc-tool.c, trunk/src/tools/piv-tool.c, - trunk/src/tools/pkcs11-tool.c, trunk/src/tools/pkcs15-crypt.c, - trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-tool.c, - trunk/src/tools/rutoken-tool.c, trunk/src/tools/util.c, - trunk/src/tools/util.h, trunk/svnignore, trunk/win32, - trunk/win32/Makefile.am, trunk/win32/ltrc.inc, - trunk/win32/versioninfo.rc.in: Complete rewrite of OpenSC build - system. 1. Build system now supports MinGW (Windows) compilation - using msys and cross compilation. 2. Ability to explicitly - disable and enable dependencies of the package. 3. openct, pcsc - and nsplugins features are disabled by default. 4. Modified pcsc - driver to use pcsc dynamically, no compile time dependency is - required. 5. --enable-pcsc-lite configuration option renamed to - --enable-pcsc. 6. Install opensc.conf file (as opensc.conf.new - if opensc.conf exists). 7. Add--enable-doc configuration option, - allow installing documentation into target. 8. Add --disable-man - configuration option, allow msys mingw32 users to build from svn - without extra dependencies. 9. Add export files to each library - in order to export only required symbols. Windows native build - may use these files instead of scanning objects' symbols. 10. - Add opensc-tool --info to display some general information about - the build. 11. Create compatibility library to be linked against - library instread of recompiling the same source files in - different places. 12. Add different win32 version resource to - each class of outputs. 13. Make xsl-stylesheets location - selectable. 14. Some win32 fixups. 15. Some warning fixups. 16. - Many other autoconf/automake cleanups. Alon Bar-Lev svn diff -r - 3315:3399 - https://www.opensc-project.org/svn/opensc/branches/alonbl/mingw - _M . D configure.in _M src _M src/openssh M - src/openssh/Makefile.am _M src/tools M src/tools/rutoken-tool.c - M src/tools/opensc-tool.c M src/tools/cardos-info.c M - src/tools/pkcs15-crypt.c M src/tools/pkcs15-init.c M - src/tools/piv-tool.c M src/tools/netkey-tool.c M - src/tools/eidenv.c M src/tools/cryptoflex-tool.c M - src/tools/util.c M src/tools/pkcs11-tool.c M - src/tools/pkcs15-tool.c M src/tools/util.h M - src/tools/opensc-explorer.c M src/tools/Makefile.am _M - src/pkcs11 M src/pkcs11/pkcs11-global.c M - src/pkcs11/framework-pkcs15.c M src/pkcs11/mechanism.c M - src/pkcs11/pkcs11-display.c M src/pkcs11/pkcs11-object.c A - src/pkcs11/opensc-pkcs11.exports M src/pkcs11/sc-pkcs11.h M - src/pkcs11/pkcs11-spy.c M src/pkcs11/openssl.c M - src/pkcs11/Makefile.am A src/pkcs11/pkcs11-spy.exports _M - src/tests _M src/tests/regression M - src/tests/regression/Makefile.am M src/tests/sc-test.c M - src/tests/pintest.c M src/tests/Makefile.am _M src/include _M - src/include/opensc M src/include/opensc/Makefile.am A - src/include/opensc/svnignore M src/include/Makefile.am _M - src/signer _M src/signer/npinclude M - src/signer/npinclude/Makefile.am M src/signer/Makefile.am A - src/signer/signer.exports _M src/common A - src/common/compat_dummy.c D src/common/getopt.txt D - src/common/strlcpy.c D src/common/LICENSE A - src/common/compat_getopt.txt A src/common/compat_strlcpy.c A - src/common/LICENSE.compat_getopt A src/common/compat_getopt.c D - src/common/strlcpy.h D src/common/ChangeLog D - src/common/getpass.c D src/common/my_getopt.c A - src/common/compat_strlcpy.h A src/common/compat_getpass.c A - src/common/compat_getopt.h A src/common/ChangeLog.compat_getopt - D src/common/README.strlcpy D src/common/my_getopt.h A - src/common/compat_getpass.h A src/common/README.compat_strlcpy D - src/common/strlcpy.3 A src/common/README.compat_getopt D - src/common/getopt.3 D src/common/README.my_getopt A - src/common/compat_strlcpy.3 A src/common/compat_getopt.3 M - src/common/Makefile.am M src/Makefile.am _M src/pkcs15init M - src/pkcs15init/pkcs15-oberthur.c M src/pkcs15init/profile.c M - src/pkcs15init/pkcs15-lib.c M src/pkcs15init/pkcs15-rutoken.c A - src/pkcs15init/pkcs15init.exports M src/pkcs15init/pkcs15-gpk.c - M src/pkcs15init/Makefile.am _M src/scconf M - src/scconf/Makefile.am M src/scconf/parse.c A - src/scconf/scconf.exports _M src/libopensc M - src/libopensc/card-rutoken.c M src/libopensc/compression.c M - src/libopensc/sc.c M src/libopensc/card-piv.c M - src/libopensc/pkcs15-openpgp.c M - src/libopensc/pkcs15-postecert.c M src/libopensc/pkcs15-tcos.c M - src/libopensc/opensc-config.in M src/libopensc/reader-pcsc.c A - src/libopensc/internal-winscard.h M src/libopensc/ctx.c A - src/libopensc/libopensc.exports M src/libopensc/pkcs15-piv.c M - src/libopensc/pkcs15-infocamere.c M src/libopensc/internal.h M - src/libopensc/pkcs15-actalis.c M src/libopensc/pkcs15-starcert.c - M src/libopensc/card-oberthur.c M - src/libopensc/pkcs15-atrust-acos.c M - src/libopensc/p15card-helper.c D src/libopensc/part10.h M - src/libopensc/ui.c M src/libopensc/card-gpk.c M - src/libopensc/pkcs15-wrap.c M src/libopensc/pkcs15-gemsafeGPK.c - M src/libopensc/log.c M src/libopensc/pkcs15-esteid.c M - src/libopensc/pkcs15-prkey-rutoken.c M src/libopensc/log.h M - src/libopensc/Makefile.am M src/libopensc/reader-openct.c _M - aclocal M aclocal/Makefile.am _M win32 M win32/Makefile.am A - win32/versioninfo.rc.in A win32/ltrc.inc A configure.ac _M doc - _M doc/tools M doc/tools/pkcs15-profile.xml D doc/changelog.sh D - doc/export-wiki.xsl _M doc/api _M doc/api/file M doc/api/man.xsl - _M doc/api/asn1 _M doc/api/apps _M doc/api/init _M doc/api/types - _M doc/api/card M doc/api/html.xsl _M doc/api/misc _M - doc/api/util M doc/Makefile.am D doc/export-wiki.sh AM - doc/nonpersistent A doc/nonpersistent/export-wiki.xsl A - doc/nonpersistent/Makefile.am A doc/nonpersistent/export-wiki.sh - A doc/nonpersistent/svn2cl.xsl D doc/generate-man.sh D - doc/svn2cl.xsl M Makefile.am A svnignore _M etc M - etc/opensc.conf.in M etc/Makefile.am D man _M solaris M - solaris/Makefile - -2008-03-06 15:04 alonbl - - * trunk/etc/opensc.conf.in, trunk/src/pkcs11/misc.c, - trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/sc-pkcs11.h, - trunk/src/pkcs11/slot.c: Convert constant - SC_PKCS11_MAX_VIRTUAL_SLOTS to configuration option. - -2008-03-06 15:00 alonbl - - * trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-tool.c: - Allow specifying application name for data objects at - pkcs15-init. - -2008-03-06 14:56 alonbl - - * trunk/src/pkcs11/pkcs11-global.c: PKCS#11 "Application and - processes" instructs the sequence that should be taken after - fork(). Applications should call C_Initialize() immediately - after fork() to reinitialize the provider. The change monitor - the pid that calls C_Initialize(), if it is different than - previous C_Finalize() is called. - -2008-02-29 15:37 ludovic.rousseau - - * trunk/src/libopensc/asn1.c: - sc_asn1_decode_integer/asn1_encode_integer: correctly manage - negative numbers and some positive numbers like 128 - -2008-02-29 10:18 martin - - * trunk/src/pkcs11/framework-pkcs15.c: * Correctly return - CKR_PIN_INCORRECT if PIN is out of range. * By Alon Bar-Lev from - svn diff -r 3397:3398 - https://www.opensc-project.org/svn/opensc/branches/alonbl/pkcs11-login-rv - -2008-02-25 20:36 nils - - * trunk/src/pkcs15init/asepcos.profile: do not use memory quota - -2008-02-25 19:47 nils - - * trunk/src/pkcs15init/pkcs15-asepcos.c: check tpin before trying - to delete application - -2008-02-14 17:02 martin - - * trunk/src/libopensc/card.c: circumvent the 'padded with zeros' - ATR bug on Mac OS X <=10.5.2 - -2008-02-10 16:13 martin - - * trunk/src/libopensc/reader-pcsc.c: * Fix protocol forcing. - Whenever connecting, use whatever protocol is available / - currently set on card and only force the protocol with a cold - reset when different This fixes - pcsc_lock->pcsc_reconnect->protocol mismatch error escaping from - reader-pcsc.c if some other application has set the card to a - different protocol. * pcsc_reconnect uses PC/SC return values, - pcsc_reset uses OpenSC; 0 -> SC_SUCCESS * CCID driver with - OmniKey 1021 returns SCARD_W_UNPOWERED_CARD when a card is - inserted upside-down. Translate the currently unknown error into - 'Unresponsive card'. - -2008-02-01 14:31 ludovic.rousseau - - * trunk/src/libopensc/card-atrust-acos.c, - trunk/src/libopensc/pkcs15-atrust-acos.c: Add support for the - Austrian A-Trust ACOS card Thanks to Franz Brandl for the patch - http://www.opensc-project.org/pipermail/opensc-devel/2008-February/010675.html - -2008-01-11 16:28 ludovic.rousseau - - * trunk/src/pkcs11/Makefile.am: remove - $(pkcs11dir)/opensc-pkcs11.so so that creating the symbolink - link does not fail if the file already exists. Thanks to - Jean-Pierre Szikora for the bug report - -2008-01-04 13:13 ludovic.rousseau - - * trunk/src/tools/util.c: print_binary(): everything except - printable characters (including space) are displayed in hex - Thanks to Ian Young for the patch - http://www.opensc-project.org/pipermail/opensc-devel/2008-January/010641.html - -2008-01-04 08:57 ludovic.rousseau - - * trunk/src/libopensc/pkcs15-prkey-rutoken.c, - trunk/src/pkcs15init/pkcs15-rutoken.c: add two missing files for - ruToken support Thanks to Ian Young for the bug report - -2008-01-03 09:44 ludovic.rousseau - - * trunk/etc/opensc.conf.in: update comment to reflect the fact - that lock_login is now false by default Thanks to Eric Dorland - for the patch - -2008-01-03 08:59 ludovic.rousseau - - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/card-rutoken.c, - trunk/src/libopensc/cardctl.h, - trunk/src/libopensc/pkcs15-rutoken.c, - trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs15init/Makefile.am, - trunk/src/pkcs15init/rutoken.profile, - trunk/src/tools/rutoken-tool.c: new patch for ruToken support - Thanks to Andrew V. Stepanov - http://www.opensc-project.org/pipermail/opensc-devel/2007-December/010631.html - -2007-12-28 18:18 pk - - * trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/cards.h, - trunk/src/libopensc/pkcs15-tcos.c, - trunk/src/tools/opensc-explorer.c: support for TCOS3 - -2007-12-21 16:40 martin - - * trunk/src/libopensc/card-mcrd.c: Remove unused code. - -2007-12-21 16:37 martin - - * trunk/etc/opensc.conf.in: Remove copy of Estonian eID ATR - -2007-12-19 09:58 jps - - * trunk/src/libopensc/card-cardos.c, trunk/src/libopensc/cards.h, - trunk/src/pkcs15init/pkcs15-cardos.c, - trunk/src/tools/cardos-info.c: support for Siemens CardOS V4.2C - -2007-12-17 13:47 ludovic.rousseau - - * trunk/src/tools/rutoken-tool.c: redefine trace macro to avoid - compiler warnings when _DEBUG is not defined rutoken-tool.c:107: - warning: statement with no effect rutoken-tool.c:165: warning: - left-hand operand of comma expression has no effect - -2007-12-17 13:39 ludovic.rousseau - - * trunk/etc/opensc.conf.in, trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/card-rutoken.c, - trunk/src/libopensc/cardctl.h, trunk/src/libopensc/ctx.c, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-algo.c, - trunk/src/libopensc/pkcs15-rutoken.c, - trunk/src/libopensc/pkcs15-syn.c, - trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/pkcs11.h, - trunk/src/pkcs15init/Makefile.am, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/rutoken.profile, - trunk/src/tools/Makefile.am, trunk/src/tools/pkcs11-tool.c, - trunk/src/tools/rutoken-tool.c: add support of ruToken Thanks to - Andrew V. Stepanov for the patch - http://www.opensc-project.org/pipermail/opensc-devel/2007-December/010617.html - -2007-12-07 09:46 ludovic.rousseau - - * trunk/src/libopensc/card-cardos.c, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/pkcs15.c: do not add a signature prefix for - D-Trust cards Thanks to Simon Eisenmann for the patch - http://www.opensc-project.org/pipermail/opensc-devel/2007-December/010609.html - -2007-11-15 15:52 ludovic.rousseau - - * trunk/src/libopensc/card-gemsafeV1.c: gemsafe_init(): the applet - supports also SC_ALGORITHM_RSA_HASH_NONE thanks to Douglas E. - Engert for the patch - -2007-11-15 14:07 ludovic.rousseau - - * trunk/src/libopensc/card-gemsafeV1.c: gemsafe_flags2algref(): - return 0x12 instead of 0x13 for SC_ALGORITHM_RSA_PAD_PKCS1 - thanks to Douglas E. Engert for the patch - -2007-11-13 09:38 ludovic.rousseau - - * trunk/configure.in, trunk/src/pkcs11/Makefile.am: add support of - /usr/lib/pkcs11/ directory. See - http://wiki.cacert.org/wiki/Pkcs11TaskForce Thanks to Alon - Bar-Lev for the better patch - -2007-11-13 09:13 ludovic.rousseau - - * trunk/src/libopensc/pkcs15-gemsafeV1.c: - sc_pkcs15emu_gemsafeV1_init(): remove addition of - SC_ALGORITHM_RSA_PAD_PKCS1 algorithm since it is already done in - card-gemsafeV1.c:gemsafe_init() Thanks to Douglas E. Engert for - the patch - -2007-11-13 07:52 ludovic.rousseau - - * trunk/src/libopensc/card-gemsafeV1.c, - trunk/src/libopensc/pkcs15-gemsafeV1.c: remove spaces and tabs - at end of lines - -2007-11-13 07:48 ludovic.rousseau - - * trunk/src/libopensc/pkcs15-gemsafeV1.c: sc_pkcs15emu_add_pin(): - do not devide pin length by 2 in BCD case since it is already - done in sec.c line 262 Thanks to Douglas E. Engert for the patch - -2007-11-12 10:18 ludovic.rousseau - - * trunk/etc/opensc.conf.in, trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/card-gemsafeV1.c, trunk/src/libopensc/ctx.c, - trunk/src/libopensc/opensc.h, - trunk/src/libopensc/pkcs15-gemsafeV1.c, - trunk/src/libopensc/pkcs15-syn.c: add initial support of Gemsafe - applet V1 cards Thanks to David Mattes for the patch - http://www.opensc-project.org/pipermail/opensc-devel/2007-November/010558.html - -2007-11-12 10:16 ludovic.rousseau - - * trunk/src/libopensc/pkcs15-gemsafeGPK.c: rename - sc_pkcs15emu_gemsafe_init_ex() in - sc_pkcs15emu_gemsafeGPK_init_ex() and - sc_pkcs15emu_gemsafe_init() in sc_pkcs15emu_gemsafeGPK_init() - -2007-11-12 10:09 ludovic.rousseau - - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/pkcs15-gemsafe.c, - trunk/src/libopensc/pkcs15-gemsafeGPK.c: rename pkcs15-gemsafe.c - in pkcs15-gemsafeGPK.c - -2007-11-12 09:59 ludovic.rousseau - - * trunk/etc/opensc.conf.in, trunk/src/libopensc/pkcs15-gemsafe.c, - trunk/src/libopensc/pkcs15-syn.c: rename gemsafe in gemsafeGPK - so we can also have gemsafeV1, gemsafeV2, etc. - -2007-11-09 08:35 ludovic.rousseau - - * trunk/src/libopensc/card-piv.c, - trunk/src/libopensc/pkcs15-piv.c: patch from Douglas E. Engert - for bug #165 - -2007-11-09 08:29 ludovic.rousseau - - * trunk/src/libopensc/card-setcos.c: setcos_match_card(): replace - sc_error() by sc_debug() since some cards are not SetCOS bug - respond to the APDU: 00 CA DF 30 05 - -2007-10-06 12:03 gurer - - * trunk/src/libopensc/card-akis.c: This should be limited too. - -2007-09-29 07:43 nils - - * trunk/src/libopensc/card-asepcos.c: ignore paths with a AID in it - -2007-09-28 19:10 nils - - * trunk/src/pkcs15init/pkcs15-asepcos.c: the so-puk is optional - -2007-09-27 18:19 gurer - - * trunk/src/tools/opensc-explorer.c: two new debugging commands. - asn1 2f01 Dumps asn.1 content of a file apdu - 00:20:00:00:04:31:31:32:32 Send the custom APDU inside the - session - -2007-09-27 06:24 gurer - - * trunk/src/tools: cosmetic patch piv-tool and netkey-tool added - to the svn:ignore - -2007-09-23 10:19 gurer - - * trunk/src/libopensc/card-akis.c: AKIS can handle bigger data - blocks, but that causes GET_RESPONSE calls. So for a 300 byte - file, this saves one transaction (244 + 56) instead of (244 + 11 - + 45). - -2007-09-22 20:47 gurer - - * trunk/src/libopensc/card-akis.c: On a third thought, it is - better to not introduce any confusion at all :) - -2007-09-22 20:34 gurer - - * trunk/src/libopensc/card-akis.c: On a second thought, it is - better to stay compatible with released 0.11.4 code, and still - use ISO7814 pin_cmd. - -2007-09-17 11:41 gurer - - * trunk/src/libopensc/card-akis.c: * instead of using a custom PIN - VERIFY command, pin_reference is reported back, and used for - verifying. * PIN CHANGE command is implemented (that is really - different from ISO7816) * max_pin_len is set to 16 in akis_init - -2007-09-10 07:09 aj - - * trunk/doc/Makefile.am: cleanup *.tmp as well. - -2007-09-10 07:03 aj - - * trunk/Makefile.am: Add code to check version information in - several files. done by Peter Stuge. - -2007-09-10 06:41 aj - - * trunk/NEWS: Release 0.11.4 without changes. - -2007-09-10 06:22 aj - - * trunk/src/libopensc/Makefile.mak, trunk/win32/Make.rules.mak: - Appy patch by magog to build a static opensc_a.lib on windows. - Also removes *.lib on "make clean". - -2007-09-04 05:39 aj - - * trunk/src/libopensc/card.c: fix typo found by Grer zen. - -2007-08-29 19:54 nils - - * trunk/src/libopensc/card-asepcos.c: properly check return value - -2007-08-29 19:32 nils - - * trunk/src/libopensc/card-asepcos.c: bugfix: select DF before - setting sec. attributes - -2007-08-28 20:35 aj - - * trunk/src/libopensc/card-akis.c: akis update by Grer zen: - implement logout code. - * trunk/src/libopensc/apdu.c: fix typo, found by Grer zen. - -2007-08-28 20:34 aj - - * trunk/src/pkcs11/framework-pkcs15.c: fix typo, found by Grer - zen. - -2007-08-22 18:38 aj - - * trunk/src/libopensc/card-akis.c: mark supported padding and a - comment - by Grer zen - * trunk/src/libopensc/apdu.c, trunk/src/libopensc/types.h: fix - typos, patch by Grer zen - -2007-08-20 20:20 aj - - * trunk/src/include/winconfig.h, trunk/win32/version.rc: update - version info for windows. - -2007-08-19 18:55 aj - - * trunk/configure.in: trunk now after 0.11.4 release. - * trunk/NEWS: Update news file. - -2007-08-19 18:37 aj - - * trunk/aclocal/libassuan.m4: update libassuan m4 macro package to - current version. - -2007-08-14 06:17 aj - - * trunk/src/libopensc/Makefile.am: fix typo. - -2007-08-14 06:02 aj - - * trunk/src/tools/opensc-explorer.c: restores ability to change - opensc-explorer debug level at runtime, using "debug" command - from opensc prompt. by Jakub Bogusz - -2007-08-14 05:55 aj - - * trunk/aclocal/Makefile.am, trunk/aclocal/libassuan.m4: keep - libassuan as most users will not have this. - -2007-08-13 19:10 aj - - * trunk/src/libopensc/Makefile.am, trunk/src/pkcs11/Makefile.am: - add cflags for ltdl.h where needed. - -2007-08-13 08:32 ludovic.rousseau - - * trunk/src/tests/Makefile.am, trunk/src/tools/Makefile.am: the - commands line tools do not call lt_dlopen() so do not need to - link with libltdl - -2007-08-13 08:30 ludovic.rousseau - - * trunk/configure.in, trunk/src/libopensc/Makefile.am, - trunk/src/pkcs11/Makefile.am: use LTLIB_CFLAGS and LTLIB_LIBS - instead of the global LIBS to find and use libltdl thanks to - Alon Bar-Lev for the patch - -2007-08-10 13:06 ludovic.rousseau - - * trunk/aclocal/Makefile.am, trunk/aclocal/lib-ld.m4, - trunk/aclocal/lib-link.m4, trunk/aclocal/lib-prefix.m4: - lib-link.m4, lib-prefix.m4 and lib-ld.m4 are provided by gettext - but is no more needed after revision 3239 - -2007-08-10 13:05 ludovic.rousseau - - * trunk/aclocal/Makefile.am, trunk/aclocal/pkg.m4: pkg.m4 is an - external dependency provided by pkg-config (or similar) package - -2007-08-10 13:04 ludovic.rousseau - - * trunk/aclocal/Makefile.am, trunk/aclocal/libassuan.m4: - libassuan.m4 is an external dependency provided by libassuan-dev - (or similar) package - -2007-08-10 12:56 ludovic.rousseau - - * trunk/configure.in: do not use AC_LIB_LINKFLAGS() since this - macro is provided by gettext and we do not use gettext. Use - AC_CHECK_LIB() instead - -2007-08-10 12:51 ludovic.rousseau - - * trunk/man: propset svn:ignore to ignore unversioned files - -2007-08-08 20:06 aj - - * trunk/src/libopensc/card-cardos.c, trunk/src/libopensc/cards.h, - trunk/src/pkcs15init/pkcs15-cardos.c, - trunk/src/tools/cardos-info.c: add information about cardos 4.2b - - latest cardos update. - -2007-08-03 07:47 aj - - * trunk/src/libopensc/pkcs15.c: Add same hack for Prime cards. - -2007-08-02 13:53 ludovic.rousseau - - * trunk/src/pkcs15init/Makefile.am: AM_LDFLAGS is not used in - libpkcs15init_la_LDFLAGS so explicitly use it - -2007-07-28 18:27 aj - - * trunk/aclocal/Makefile.am, trunk/aclocal/lib-ld.m4, - trunk/aclocal/lib-link.m4, trunk/aclocal/lib-prefix.m4, - trunk/aclocal/libassuan.m4, trunk/aclocal/pkg.m4: revert - revision 3403 + 3404, seems to break mac os X. - -2007-07-28 18:22 aj - - * trunk/src/tools/pkcs11-tool.c: pkcs11-tool crashes while - printing its usage message. fixed by Ville Skytt. - -2007-07-28 18:18 aj - - * trunk/src/tools/cryptoflex-tool.c: cryptoflex-tool.c:505: - warning: array subscript is above array bounds gcc 4.3 warning, - reported and fixed by novell: Problem found by David Binderman - Patch created by Michal Vaner closes our trac bug #153 and - novell bug 238660 - -2007-07-24 06:42 aj - - * trunk/src/libopensc/card-akis.c: fix a compiler warning. - -2007-07-22 19:56 aj - - * trunk/src/libopensc/card-akis.c: Grer zen: * akis_get_data() - implemented * akis_delete_file() implemented * - akis_set_security_env() implemented, pkcs15 signing works now * - life cycle set/get via cardctl implemented * card_ops commented, - so it is clear whether a function is supported via iso7816 - implementation or not * mark pin apdu as sensitive in - akis_pin_cmd - -2007-07-21 07:31 aj - - * trunk/src/signer/Makefile.am: create plugin directory if it does - not exist. - -2007-07-20 18:50 aj - - * trunk/configure.in, trunk/src/signer/Makefile.am: add explicit - option to enable/disable the ns plugin. patch by Alon Bar-Lev. - -2007-07-20 14:38 aj - - * trunk/src/libopensc/pkcs15-sec.c: oops, define tmplen at start - of block. - -2007-07-20 13:47 aj - - * trunk/src/libopensc/pkcs15-pubkey.c: silence a warning we get - with siemens cards. - -2007-07-20 12:30 aj - - * trunk/src/libopensc/asn1.c: asn1_decode_entry() allocates - (objlen - 1) bytes for SC_ASN1_UTF8STRING types with - SC_ASN1_ALLOC flag, then calls the sc_asn1_decode_utf8string() - function which then fails with BUFFER TOO SMALL cause it wants - to end the string with an extra NULL. allocation size was - supposed to be objlen + 1. Patch by Grer zen - -2007-07-20 12:28 aj - - * trunk/NEWS, trunk/src/libopensc/card-akis.c: Grer zen send - another akis update: * create_file implemented * EF(DIR) hack - removed, it is easier to put a real EF(DIR) * - SC_CARDCTL_GET_SERIALNR implemented - -2007-07-20 12:19 aj - - * trunk/NEWS, trunk/src/libopensc/pkcs15-sec.c, - trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: Sign - by using the decrypt function. - -2007-07-17 20:01 aj - - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/Makefile.mak, - trunk/src/libopensc/card-akis.c, trunk/src/libopensc/cards.h, - trunk/src/libopensc/ctx.c, trunk/src/libopensc/opensc.h: add - akis support by Grer zen. - -2007-07-15 15:29 aj - - * trunk/src/libopensc/pkcs15-piv.c: Douglas E. Engert: The IdAlly - CSP calls C_FindObjectsInit looking for CK_PRIVATE_KEY before - C_Login with a pin. If it does not find any, it fails. The - pkcs15-piv.c in 0.11.3 and 0.11.3-pre3 set the pubkey and prvkey - objects as private. This patch removes the - SC_PKCS15_CO_FLAG_PRIVATE so IdAlly will work with the PIV cards. - -2007-07-11 14:47 aj - - * trunk/configure.in: trunk is now post 0.11.3 release. - -2007-07-11 14:46 aj - - * trunk/NEWS: more updates. - -2007-07-11 09:35 aj - - * trunk/src/tests/regression/crypt0007: put openssl rsautl in raw - signatures mode. - -2007-07-11 09:15 aj - - * trunk/src/tests/regression/functions: allow regression test - suite to work installed as well. - -2007-07-11 09:10 aj - - * trunk/src/tests/regression/Makefile.am, - trunk/src/tests/regression/bintest, - trunk/src/tests/regression/crypt0007: add test for decrypting - binary data of key size. - -2007-07-11 09:07 aj - - * trunk/src/tests/regression/functions: stop using p15dump, switch - to pkcs15-tool --dump. - -2007-07-10 13:03 aj - - * trunk/NEWS, trunk/doc/export-wiki.sh: document latest changes - and update wiki export script. - -2007-07-10 12:04 vtarasov - - * trunk/src/libopensc/ctx.c: typo, manifested when explicitely - using 'reader_drivers = internal;' in opensc.conf - -2007-07-09 14:52 aj - - * trunk/src/tools/pkcs15-init.c: use static without inline - the - compiler can optimize the function as inline or not, whatever it - prefers. "static inline" is not supported by the visual studio c - compiler. - -2007-07-09 14:17 aj - - * trunk/src/pkcs15init/pkcs15-cardos.c, - trunk/src/pkcs15init/pkcs15-cflex.c, - trunk/src/pkcs15init/pkcs15-incrypto34.c: inline is something - the compiler can decide on his own. static is a good hint to the - compiler for that - the function isn't used outside of this - file. "static inline" is not valid, visual studio doesn't - compile that. - -2007-07-09 08:28 aj - - * trunk/configure.in: Revert last change, breaks building opensc: - ../../src/libopensc/.libs/libopensc.so: undefined reference to - `lt_dlopen' ... - -2007-07-07 11:29 nils - - * trunk/src/libopensc/card-cardos.c: improve atr matching for - cardos m4.01[a] - -2007-07-04 14:25 vtarasov - - * trunk/src/libopensc/card-oberthur.c, - trunk/src/pkcs15init/pkcs15-oberthur.c: Enables the second PIN - (one-time PIN) defined for the same application DF - -2007-07-04 09:19 aj - - * trunk/doc/Makefile.am, trunk/doc/export-wiki.sh: add image files - to release tar.gz - -2007-07-04 08:55 ludovic.rousseau - - * trunk/aclocal/Makefile.am: update the list of distributed .m4 - files - -2007-07-04 08:54 ludovic.rousseau - - * trunk/aclocal/lib-ld.m4, trunk/aclocal/lib-link.m4, - trunk/aclocal/lib-prefix.m4, trunk/aclocal/libassuan.m4, - trunk/aclocal/pkg.m4: libassuan.m4 is provided by libassuan-dev - pkg.m4 is provided by pkg-config lib-link.m4, lib-prefix.m4 and - lib-ld.m4 are provided by gettext but should not be needed after - revision 3202 - -2007-07-04 08:46 ludovic.rousseau - - * trunk/configure.in: do not use AC_LIB_LINKFLAGS() since this - macro is provided by gettext and we do not use gettext. Use - AC_CHECK_LIB() instead - -2007-07-04 06:51 aj - - * trunk/NEWS: update NEWS with list of all changes (that I - remember). - -2007-07-03 20:44 nils - - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/Makefile.mak, - trunk/src/libopensc/card-asepcos.c, - trunk/src/libopensc/cardctl.h, trunk/src/libopensc/cards.h, - trunk/src/libopensc/ctx.c, trunk/src/libopensc/opensc.h, - trunk/src/pkcs15init/Makefile.am, - trunk/src/pkcs15init/Makefile.mak, - trunk/src/pkcs15init/asepcos.profile, - trunk/src/pkcs15init/pkcs15-asepcos.c, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c: add support for asepcos - -2007-07-03 19:42 nils - - * trunk/src/libopensc/card-cardos.c: re-add cardos m4.01a ATR - -2007-07-03 15:33 vtarasov - - * trunk/src/libopensc/card-oberthur.c: PIN unblock error. Internal - pin reference procedure updated. - -2007-07-03 14:15 aj - - * trunk/configure.in, trunk/src/include/winconfig.h, - trunk/win32/version.rc: fix version numbers preparing for next - release. - -2007-07-03 14:14 aj - - * trunk/src/pkcs11/pkcs11.h: update pkcs11.h header file from - scute. - -2007-07-03 13:44 vtarasov - - * trunk/src/libopensc/card-oberthur.c: Error when output - allocation length is not equal to the signature length. - 'Compute_signature' now returns the answer's length - -2007-06-29 14:14 aj - - * trunk/src/tools/eidenv.c: remove unused definition. - -2007-06-29 13:31 aj - - * trunk/src/tools/opensc-tool.c: fix duplicate static. - -2007-06-29 13:19 aj - - * trunk/src/tools/cardos-info.c, - trunk/src/tools/cryptoflex-tool.c, trunk/src/tools/eidenv.c, - trunk/src/tools/opensc-explorer.c, - trunk/src/tools/opensc-tool.c, trunk/src/tools/piv-tool.c, - trunk/src/tools/pkcs11-tool.c, trunk/src/tools/pkcs15-crypt.c, - trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-tool.c: - make app_name, options and option_help static. - -2007-06-25 18:01 nils - - * trunk/src/libopensc/card-cardos.c: implement more flexible - cardos detection func - -2007-06-24 21:03 aj - - * trunk/src/tools/pkcs11-tool.c: Douglas E. Engert: fix more - compiler warnings. - -2007-06-21 13:58 aj - - * trunk/src/pkcs11/hack-disabled.c, - trunk/src/pkcs11/hack-enabled.c, - trunk/src/signer/opensc-support.c, - trunk/src/tools/netkey-tool.c, trunk/src/tools/pkcs15-init.c: - silence more warnings by gcc/sparse. - -2007-06-21 13:46 ludovic.rousseau - - * trunk/src/tools/cardos-info.c, - trunk/src/tools/cryptoflex-tool.c, - trunk/src/tools/opensc-explorer.c, - trunk/src/tools/opensc-tool.c, trunk/src/tools/piv-tool.c, - trunk/src/tools/pkcs11-tool.c, trunk/src/tools/pkcs15-crypt.c, - trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-tool.c, - trunk/src/tools/util.c, trunk/src/tools/util.h: do not use - global variables app_name, options and option_help so they can - be static - -2007-06-21 13:38 aj - - * trunk/src/tools/cardos-info.c, - trunk/src/tools/cryptoflex-tool.c, trunk/src/tools/eidenv.c, - trunk/src/tools/netkey-tool.c, trunk/src/tools/pkcs11-tool.c, - trunk/src/tools/pkcs15-crypt.c, trunk/src/tools/pkcs15-init.c: - fix more warnings. - -2007-06-21 13:29 ludovic.rousseau - - * trunk/src/tools/eidenv.c: eidenv.c:55: attention : ‘option_help’ - defined but not used - * trunk/src/tests/pintest.c: initialize objs to NULL to avoid: - pintest.c:83: attention : ‘objs’ may be used uninitialized in - this function - -2007-06-21 13:20 ludovic.rousseau - - * trunk/src/tools/pkcs11-tool.c: correct a typo - -2007-06-21 12:58 aj - - * trunk/src/pkcs11/debug.c, trunk/src/signer/dialog.c, - trunk/src/signer/opensc-crypto.c, - trunk/src/signer/opensc-support.c, trunk/src/tests/print.c, - trunk/src/tools/cardos-info.c, - trunk/src/tools/cryptoflex-tool.c, trunk/src/tools/eidenv.c, - trunk/src/tools/netkey-tool.c, trunk/src/tools/piv-tool.c, - trunk/src/tools/pkcs11-tool.c, trunk/src/tools/pkcs15-crypt.c, - trunk/src/tools/pkcs15-tool.c: silence more warnings. - -2007-06-21 12:14 aj - - * trunk/src/pkcs11/pkcs11-display.c, trunk/src/tests/sc-test.h: - fix broken changes. - -2007-06-21 12:06 aj - - * trunk/src/pkcs11/debug.c: make sc_pkcs11_print_attrs non static. - -2007-06-21 12:01 aj - - * trunk/src/libopensc/card-muscle.c, - trunk/src/libopensc/pkcs15-piv.c, trunk/src/pkcs11/debug.c, - trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/openssl.c, - trunk/src/pkcs11/pkcs11-display.c, - trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/pkcs11-spy.c, - trunk/src/tests/lottery.c, trunk/src/tests/p15dump.c, - trunk/src/tests/pintest.c, trunk/src/tests/sc-test.c, - trunk/src/tests/sc-test.h, trunk/src/tools/opensc-explorer.c, - trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-tool.c: - silence more gcc/sparse warnings. - -2007-06-21 11:34 aj - - * trunk/src/libopensc/pkcs15-tcos.c: revert change - is needed by - pkcs15-syn.c - -2007-06-21 11:07 aj - - * trunk/src/libopensc/card-mcrd.c, - trunk/src/libopensc/card-muscle.c, - trunk/src/libopensc/card-oberthur.c, - trunk/src/libopensc/card-piv.c, - trunk/src/libopensc/compression.c, - trunk/src/libopensc/pkcs15-atrust-acos.c, - trunk/src/libopensc/pkcs15-gemsafe.c, - trunk/src/libopensc/pkcs15-piv.c, - trunk/src/libopensc/pkcs15-starcert.c, - trunk/src/libopensc/pkcs15-tcos.c, - trunk/src/pkcs15init/pkcs15-cflex.c, - trunk/src/pkcs15init/pkcs15-gpk.c, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/pkcs15-oberthur.c, - trunk/src/pkcs15init/pkcs15-setcos.c, - trunk/src/pkcs15init/profile.c: fix more warnings found by - gcc/sparse. - -2007-06-21 10:07 aj - - * trunk/src/common/strlcpy.c, trunk/src/libopensc/card-belpic.c, - trunk/src/libopensc/card-cardos.c, - trunk/src/libopensc/card-gpk.c, - trunk/src/libopensc/card-incrypto34.c, - trunk/src/libopensc/card-jcop.c, - trunk/src/libopensc/card-mcrd.c, - trunk/src/libopensc/card-oberthur.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/muscle-filesystem.c, - trunk/src/libopensc/opensc.h, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15-syn.c, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/reader-openct.c, trunk/src/libopensc/sc.c, - trunk/src/libopensc/ui.c, trunk/src/scconf/test-conf.c: fix - compiler/sparse warnings. - -2007-06-21 09:37 aj - - * trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/misc.c, - trunk/src/pkcs11/pkcs11-object.c, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/tools/pkcs11-tool.c: Alessandro Premoli: add support - for reading, writing and deleting private (require cache_pins) - and public data objects in PKCS11. updated the pkcs11-tool and - fixed a few bugs in the code. Tested on an aladdin etoken. - -2007-06-21 07:11 aj - - * trunk/src/pkcs11/framework-pkcs15.c: Douglas E. Engert: Looking - at framework-pkcs11.c, it looks like there is a bug in the - handling of auth_count, if there is more then one pin, and one - of the pins is a SC_PKCS15_PIN_FLAG_SO_PIN. The for loop at line - 767 will add a slot for each non SO_PIN or UNBLOCKING_PIN. But - at line 812, the auth_count is still set to the number of pins, - even though the SO_PIN did not cause a new slot to be allocated - and thus the test of hide_empty_tokens will not be used. With - the attached patch, I can get the expected behavior when - hide_empty_tokens = yes in the opensc.conf from pkcs11-tool -L, - pkcs11-tool -O and pkcs11-tool -O -l There is only 1 slot - allocated, the pkcs11-tool -O shows all the public objects, and - pkcs11-tool -O -l (after PIN) shows all the objects, and Heimdal - PKINIT still runs. I still think that if two or more slots need - to be allocated for multiple auth pins, then all the public - objects should be added to each. I have an additional mod for - this too. Since the cards I am working with only have 1 pin, the - attached mods works for me. Note it looks like the - pkcs15-openpgp.c might also be affected by this change as it - defines two pins an auth pin and a SO_PIN, much like the PIV - card does. - -2007-06-21 07:07 aj - - * trunk/src/libopensc/card-piv.c, - trunk/src/libopensc/pkcs15-piv.c, trunk/src/tools/piv-tool.c: - Douglas E. Engert: Major improvments in the PIV card modules: * - OpenSC-0.11.2 only supported RSA 1K keys, the patch supports RSA - 2K and 3K keys. * The FASC-N in the CHUID object is used as the - card serial number. * A PIV card may have additional objects. - These can now be read by pkcs11-tool and pkcs15-tool. * The - p15card-helper.c module is no longer used. The code to call the - sc_pkcs15emu_* routines has been moved back into pkcs15-piv.c - and uses existing OpenSC routines to parse the certificate to - find the modulus_len. * pkcs15-piv.c will now get the - modulus_len from the certificates to store into the emulated - prvkey an pubkey objects as they are being created using the - sc_pkcs15emu_* routines. * The caching code that was added to - card-piv.c in 0.11.2 is disabled, as pkcs15-piv.c will cache the - certificate using existing OpenSC routines. * piv-tool will now - print a serial number. * The key-usage bits for prvkey and - pubkey objects are set in pkcs15-piv.c * The PIV "9E" key was - added. It is not a private object, and can be used without a - PIN. It is used with the "Certificate for Card Authenticaiton". - * When used with the OpenSSL engine to generate a certificate - request, the public key saved by piv-tool during a "generate - asymmetric key pair" card command can be read from a file - pointed at by the environment variable PIV_9*_KEY. Where * is A, - C, D or E. * In the card_atr section of opensc.conf, flags = 20; - can be used to only show the PIV Authentication cert. This - feature was in 0.11.1 but was dropped in 0.11.2 when the - p15card-helper.c was introduced. - -2007-05-25 20:10 aj - - * trunk/src/libopensc/log.c: Added the application name to logging - to allow for easier debugging. Since a lot of testing needed - multiple applications to be running, it became important to know - what application was making each log entry. This was reported by - Russell Larner on 5/17/2007 - -2007-05-25 20:09 aj - - * trunk/src/tools/pkcs11-tool.c: If a PKCS11 get attrribute failes - for some reason, pkcs11-tool may return garbage along with the - error message. The attached patch to pkcs11-tool.c initializes - the type to 0 so the attribute will be 0 in case of an error. by - Douglas E. Engert - -2007-05-25 20:06 aj - - * trunk/src/pkcs11/framework-pkcs15.c: The framework-pkcs15 will - filed the modulus in a certificate and copy it to a pubkey or - from apubkey to a privkey object. But it does not copy the - modulus_len. This patch will look at pub_info->modulus_len and - prv_info->modulus_len and copy the modulus_len while copying the - modulus. This will be used with the pkcs15-piv code when it - creates pub and priv objects, as it has no way other then from - the certificates to know the modulus_len. By Douglas E. Engert. - -2007-05-13 15:43 nils - - * trunk/src/libopensc/card-gpk.c: 252 bytes work as well - -2007-05-13 09:32 nils - - * trunk/src/libopensc/card-oberthur.c: fix warning - -2007-05-13 09:31 nils - - * trunk/src/libopensc/card-gpk.c: bugfix: try to read at most 248 - bytes - -2007-05-13 09:30 nils - - * trunk/src/libopensc/apdu.c: bugfix: avoid recursion - -2007-05-04 07:13 aj - - * trunk/doc/export-wiki.sh: fix wiki html export. - -2007-05-04 06:17 aj - - * trunk/NEWS: add date for 0.11.2 - -2007-04-25 06:53 aj - - * trunk/configure.in: probe for readline+ncurses too. - -2007-04-24 07:59 aj - - * trunk/NEWS: update NEWS with latest changes. - -2007-04-24 07:54 aj - - * trunk/etc/opensc.conf.in, trunk/src/pkcs11/misc.c: enable pin - caching by default. - -2007-04-24 07:52 aj - - * trunk/src/libopensc/ctx.c, trunk/src/libopensc/opensc.h: use - 255/256 bytes as max_send/recv_size by default. - -2007-04-23 19:23 nils - - * trunk/src/pkcs15init/pkcs15-cardos.c: increase size of pin buffer - -2007-04-23 19:18 nils - - * trunk/src/tools/pkcs15-tool.c: authenticate if data object is - protected - -2007-04-15 17:26 nils - - * trunk/src/libopensc/card-openpgp.c: request at most for 256 bytes - -2007-04-10 19:49 aj - - * trunk/src/libopensc/muscle.c: Steve Jacobs: fix muscle driver. - -2007-04-01 17:03 nils - - * trunk/src/pkcs11/pkcs11-global.c: bugfix: don't use the size of - a void pointer, thanks to Carl Przybylek - -2007-03-29 10:25 martin - - * trunk/src/pkcs11/Makefile.am, trunk/src/pkcs11/Makefile.mak, - trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/hack-disabled.c, - trunk/src/pkcs11/hack-enabled.c: Build a pkcs11 module with only - one pin exposed to overcome issues described in #132. Closes #132 - -2007-03-21 09:41 martin - - * trunk/src/libopensc/reader-pcsc.c: * Add support for - SCARD_E_NO_READERS_AVAILABLE to describe errors like: {{{ - sc.c:201:sc_detect_card_presence: returning with: Unknown error - SCardGetStatusChange failed: 8010002e }}} * When doing a reset - with pcsc_reconnect do a cold reset instead a warm one to allow - next change * Change the protocol force feature to change the - protocol with a hard reset only when needed to prevent: {{{ - SCardConnect failed: 8010000f card.c:228:sc_connect_card: - returning with: Unknown error }}} - -2007-03-21 09:34 martin - - * trunk/src/libopensc/Makefile.mak: Missing file - -2007-03-21 09:33 martin - - * trunk/src/libopensc/card-mcrd.c: Make sure the right thing is - always selected on the card by bypassing cache - -2007-03-21 09:32 martin - - * trunk/src/libopensc/pkcs15-esteid.c: Simplify esteid detection - -2007-03-18 17:55 aj - - * trunk/src/tools/piv-tool.c: fix --serial option. - -2007-03-16 20:44 aj - - * trunk/configure.in: changes to trunk won#t go into 0.11.2. - -2007-03-16 20:42 aj - - * trunk/NEWS: document changes in this release. - -2007-03-15 07:59 ludovic.rousseau - - * trunk/doc/api/card/sc_format_apdu.xml, - trunk/doc/api/card/sc_get_data.xml, - trunk/doc/api/card/sc_put_data.xml, - trunk/doc/api/file/sc_append_record.xml, - trunk/doc/api/file/sc_delete_record.xml, - trunk/doc/api/file/sc_read_binary.xml, - trunk/doc/api/file/sc_read_record.xml, - trunk/doc/api/file/sc_update_binary.xml, - trunk/doc/api/file/sc_update_record.xml, - trunk/doc/api/file/sc_write_binary.xml, - trunk/doc/api/file/sc_write_record.xml, - trunk/doc/api/init/sc_establish_context.xml: remove Foo that can't be solved and generates - Error: no ID for constraint linkend: foo - -2007-03-14 18:26 aj - - * trunk/src/libopensc/Makefile.am: add missing header file to - noinst_HEADERS. - -2007-03-13 23:10 aj - - * trunk/src/libopensc/card-acos5.c, trunk/src/libopensc/cards.h: - Ian Young: use proper card type for acos5. - -2007-03-13 20:59 aj - - * trunk/src/tools/Makefile.am: Douglas E. Engert: piv-tool needs - openssl, so compile only if it is present. - -2007-03-13 20:57 aj - - * trunk/src/libopensc/compression.c, - trunk/src/libopensc/p15card-helper.c: Patch by Douglas E. - Engert: use c style comments and different header files (for mac - os X?). - -2007-03-13 13:38 aj - - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/card-acos5.c, trunk/src/libopensc/ctx.c, - trunk/src/libopensc/opensc.h: Add acos5 driver by Ian Young. - -2007-03-12 20:17 aj - - * trunk/src/libopensc/opensc.h: test new chop size (256 bytes by - default). - -2007-03-12 20:15 aj - - * trunk/etc/opensc.conf.in, trunk/src/libopensc/card-piv.c, - trunk/src/libopensc/compression.c, - trunk/src/libopensc/compression.h, - trunk/src/libopensc/p15card-helper.c, - trunk/src/libopensc/p15card-helper.h, - trunk/src/libopensc/pkcs15-piv.c, trunk/src/pkcs11/Makefile.mak: - changes by Douglas E. Engert: change the do_decompress* to - sc_decompress* and the initialize_* to sc_pkcs15emu_initialize_* - in the new code. - -2007-03-10 10:46 aj - - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/Makefile.mak, - trunk/src/libopensc/card-piv.c, - trunk/src/libopensc/compression.c, - trunk/src/libopensc/compression.h, - trunk/src/libopensc/p15card-helper.c, - trunk/src/libopensc/p15card-helper.h, - trunk/src/libopensc/pkcs15-piv.c, trunk/src/tools/piv-tool.c, - trunk/win32/Make.rules.mak: full piv update by Thomas harning - Jr. and David E. Engert, adding compression etc. Also enables - opensc to be compiled with and without zlib support. - -2007-03-07 21:26 aj - - * trunk/etc/opensc.conf.in: don't set max send/recv size per - defaults. document how to find out if there is an issue. - -2007-03-07 12:39 vtarasov - - * trunk/src/libopensc/card-oberthur.c: after Douglas Engert's - remarks on the coding style - -2007-03-07 09:38 vtarasov - - * trunk/src/libopensc/card-oberthur.c: some ACLs was forgotten; i - compute_signature() le should not be more then 256 - -2007-03-05 17:30 vtarasov - - * trunk/src/pkcs15init/oberthur.profile: change inappropriate - oberthur profile - -2007-03-03 20:24 ludovic.rousseau - - * trunk/src/libopensc/card-incrypto34.c: update Giuseppe Amato - email at his request (he is no more working for ST Incard srl) - -2007-02-09 11:08 martin - - * trunk/src/tests/regression/Makefile.am: Include files from [3113] - -2007-02-06 14:29 ludovic.rousseau - - * trunk/src/pkcs15init/pkcs15-lib.c: comment out static and unused - functions (sc_pkcs15init_read_unusedspace, - sc_pkcs15init_update_unusedspace, merge_paths, - sc_pkcs15init_add_unusedspace and - sc_pkcs15init_remove_unusedspace) - -2007-02-06 14:20 ludovic.rousseau - - * trunk/src/libopensc/card-oberthur.c: correct 3 warning: unused - variable 'entry' - -2007-02-06 14:17 ludovic.rousseau - - * trunk/src/libopensc/reader-pcsc.c: use SCARD_SCOPE_USER instead - of the pcsc-lite specific SCARD_SCOPE_GLOBAL - -2007-02-02 22:15 nils - - * trunk/src/libopensc/card-cardos.c, - trunk/src/libopensc/card-incrypto34.c, - trunk/src/libopensc/internal.h, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/padding.c, trunk/src/libopensc/pkcs15-sec.c, - trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/openssl.c, - trunk/src/pkcs11/pkcs11-display.c, trunk/src/pkcs11/pkcs11.h, - trunk/src/tools/pkcs11-tool.c, trunk/src/tools/pkcs15-crypt.c: - implement support for SHA2 (still experimental) - -2007-01-20 12:46 nils - - * trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc.c, - trunk/src/libopensc/types.h, trunk/src/pkcs15init/profile.c, - trunk/src/tools/opensc-explorer.c: use const, add yet another ACL - -2007-01-19 21:10 nils - - * trunk/src/tests/regression/crypt0005, - trunk/src/tests/regression/crypt0006, - trunk/src/tests/regression/functions: conditionally check 2048 - bit rsa key ops - -2007-01-19 21:08 nils - - * trunk/src/pkcs15init/pkcs15-lib.c: check key size, set so-pin ref - -2007-01-15 20:32 nils - - * trunk/src/tools/opensc-tool.c: increase pointer - -2007-01-09 21:16 nils - - * trunk/src/tests/regression/test.p12: undo last change: - converting a binary file to utf-8 isn't really a good idea ;-) - -2007-01-09 19:41 nils - - * trunk/src/libopensc/apdu.c: improve get_response logic: try to - read at least as much bytes as indicated in the 0x61xx response. - -2007-01-09 07:22 aj - - * trunk/src/libopensc/card.c: improve atr masking code - also mask - atr to match. and add more debugging messages. - -2007-01-08 21:10 nils - - * trunk/src/libopensc/card-oberthur.c: remove unnecessary assertion - -2007-01-08 20:19 nils - - * trunk/src/libopensc/card-piv.c: use EVP API for DES encryption - -2007-01-08 17:04 nils - - * trunk/src/libopensc/card-oberthur.c: use EVP api for DES - encryption - -2007-01-07 23:40 martin - - * trunk/src/libopensc/card-mcrd.c: off by 1 - -2007-01-06 16:35 martin - - * trunk/src/libopensc/card-muscle.c, trunk/src/libopensc/muscle.c: - Stop MS visual studio 2005 complaints. - -2007-01-06 13:23 nils - - * trunk/src/libopensc/card-gpk.c: use EVP api - -2007-01-05 16:36 martin - - * trunk/src/libopensc/reader-pcsc.c: Properly set the defaults for - pcsc reader options even if no configuration file is - found/available - -2007-01-05 16:25 martin - - * trunk/src/libopensc/reader-pcsc.c: * Add a few debug lines * - Remove the locked status from the reader no matter what - SCardEndTransaction thinks - either the card was removed or - broken pcsc allowed to reset the card while in a transaction - (pcsc-lite before Oct. 2006) - -2007-01-05 16:20 martin - - * trunk/src/libopensc/pkcs15-syn.c, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/pkcs15.h: Allow to specify at compile time - that a card will work only via pkcs15 emulation. This way no - matter what is configured in the config file - (try_emulation_first option) the card is usable via pkcs15 tools. - -2007-01-05 16:13 martin - - * trunk/src/libopensc/card-mcrd.c: Match EstEID based on ATR - contents rather than the full ATR itself. - -2007-01-03 11:44 vtarasov - - * trunk/src/libopensc/card-oberthur.c: change encoding - -2007-01-02 10:06 vtarasov - - * trunk/src/libopensc/cardctl.h: prepare Oberthur card support for - secure messaging - * trunk/src/libopensc/card-oberthur.c, - trunk/src/pkcs15init/oberthur.profile, - trunk/src/pkcs15init/pkcs15-oberthur.c: prepare Oberthur card - support for secure messaging - -2007-01-02 10:04 vtarasov - - * trunk/src/libopensc/iso7816.c, trunk/src/libopensc/types.h: - introduce SC_PATH_TYPE_FROM_CURRENT and SC_PATH_TYPE_PARENT path - types - -2006-12-29 09:44 aj - - * trunk/src/libopensc/apdu.c: only the first apdu (command) tells - us how many bytes we need to get. we need to keep this value and - call get_response as often as needed to get them part by part. - -2006-12-22 12:43 nils - - * trunk/src/libopensc/pkcs15-pin.c: encode max pin length as well - -2006-12-19 22:11 aj - - * trunk/src/tools/pkcs11-tool.c: kill warnings. - -2006-12-19 21:35 aj - - * trunk/src/tools/cardos-info.c, - trunk/src/tools/cryptoflex-tool.c, - trunk/src/tools/opensc-explorer.c, - trunk/src/tools/opensc-tool.c, trunk/src/tools/piv-tool.c, - trunk/src/tools/pkcs15-crypt.c, trunk/src/tools/pkcs15-tool.c: - convert to utf-8. - -2006-12-19 21:34 aj - - * trunk/src/signer/testprog.c: replace with an ascii test string. - * trunk/src/pkcs15init/pkcs15-cflex.c, - trunk/src/pkcs15init/pkcs15-miocos.c, - trunk/src/pkcs15init/pkcs15-oberthur.c: convert to utf-8. - -2006-12-19 21:33 aj - - * trunk/src/tests/lottery.c, trunk/src/tests/p15dump.c, - trunk/src/tests/pintest.c, trunk/src/tests/print.c, - trunk/src/tests/prngtest.c, trunk/src/tests/regression/test.p12, - trunk/src/tests/sc-test.c: convert to utf-8. - * trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/framework-pkcs15init.c, - trunk/src/pkcs11/misc.c, trunk/src/pkcs11/pkcs11-global.c, - trunk/src/pkcs11/pkcs11-object.c, - trunk/src/pkcs11/pkcs11-session.c, trunk/src/pkcs11/sc-pkcs11.h, - trunk/src/pkcs11/slot.c: convert to utf-8. - -2006-12-19 21:32 aj - - * trunk/src/libopensc/card-atrust-acos.c, - trunk/src/libopensc/card-cardos.c, - trunk/src/libopensc/card-default.c, - trunk/src/libopensc/card-emv.c, trunk/src/libopensc/card-flex.c, - trunk/src/libopensc/card-incrypto34.c, - trunk/src/libopensc/card-mcrd.c, - trunk/src/libopensc/card-miocos.c, - trunk/src/libopensc/card-oberthur.c, - trunk/src/libopensc/card-piv.c, - trunk/src/libopensc/card-setcos.c, - trunk/src/libopensc/card-starcos.c, - trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/ctx.c: convert to utf-8. - -2006-12-19 21:31 aj - - * trunk/src/libopensc/asn1.c, trunk/src/libopensc/asn1.h, - trunk/src/libopensc/base64.c, trunk/src/libopensc/dir.c, - trunk/src/libopensc/emv.c, trunk/src/libopensc/emv.h, - trunk/src/libopensc/errors.c, trunk/src/libopensc/errors.h, - trunk/src/libopensc/internal.h, trunk/src/libopensc/iso7816.c, - trunk/src/libopensc/log.c, trunk/src/libopensc/log.h, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/padding.c, - trunk/src/libopensc/pkcs15-cache.c, - trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15-pubkey.c, - trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/pkcs15.h, - trunk/src/libopensc/reader-ctapi.c, - trunk/src/libopensc/reader-pcsc.c, trunk/src/libopensc/sc.c, - trunk/src/libopensc/sec.c, trunk/src/libopensc/types.h: convert - to utf-8. - -2006-12-19 21:28 aj - - * trunk/NEWS: convert to utf-8 - * trunk/aclocal/pkg.m4: convert to ascii. - -2006-12-19 20:48 aj - - * trunk/src/common/getopt.txt: convert to unix style line ending. - -2006-12-18 21:58 aj - - * trunk/src/libopensc/card-muscle.c, - trunk/src/libopensc/muscle-filesystem.h, - trunk/src/libopensc/muscle.c, trunk/src/libopensc/muscle.h: - update to latest muscle code. - -2006-12-18 21:34 aj - - * trunk/src/pkcs15init/pkcs15-lib.c: apcos driver is not yet - commited. - -2006-12-18 11:23 nils - - * trunk/src/pkcs15init/pkcs15-lib.c: pad only if necessary - -2006-12-18 11:22 nils - - * trunk/src/pkcs15init/pkcs15-init.h: remove comment - * trunk/src/libopensc/iso7816.c: use net size if available - -2006-12-18 07:42 aj - - * trunk/src/pkcs11/pkcs11.h, trunk/src/pkcs11/sc-pkcs11.h: update - to latest pkcs11.h version. - -2006-12-10 13:33 nils - - * trunk/src/pkcs11/pkcs11.h: make it work with my compiler, add - missing parenthesis - -2006-12-10 07:57 aj - - * trunk/src/pkcs11/pkcs11.h: update to latest pkcs11.h from Marcus. - -2006-12-09 15:46 aj - - * trunk/configure.in: Alon Bar-Lev: enables disabling the linkage - of pcsc-lite and openct, even if they are installed on system. - It adds --disable-openct and --disable-pcsc-lite options. Also a - minor correction for pkg-config (adds PKG_PROG_PKG_CONFIG). - -2006-12-09 15:41 aj - - * trunk/src/pkcs11/pkcs11.h: pkcs11.h with updates from Alon. - -2006-12-08 14:56 jps - - * trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/cards.h: - Initial support for SetCOSXpresso (GemXpresso R4 with EID 2.x - applet) - -2006-12-07 10:53 aj - - * trunk/src/libopensc/muscle-filesystem.c, - trunk/src/libopensc/muscle-filesystem.h, - trunk/src/libopensc/muscle.c: define these constants where used - to kill warnings. - -2006-12-07 10:35 aj - - * trunk/src/libopensc/card-muscle.c: Thomas Harning: patch to fix - the MuscleCard driver to work in the case of forced drivers. - drv_data is used as a flag so that muscle_init knows if the - applet has been selected during initialization. - -2006-11-30 08:14 aj - - * trunk/src/libopensc/card-muscle.c, - trunk/src/libopensc/muscle-filesystem.c, - trunk/src/libopensc/muscle-filesystem.h, - trunk/src/libopensc/muscle.c, trunk/src/libopensc/muscle.h: - update the MuscleCard driver for OpenSC to use an msc_id struct - rather than int/bytes and messing around with byte-swapping for - that. (by Thomas Harning) - -2006-11-30 08:11 aj - - * trunk/configure.in, trunk/src/include/opensc/Makefile.am, - trunk/src/include/opensc/rsaref, trunk/src/pkcs11/Makefile.am, - trunk/src/pkcs11/Makefile.mak, trunk/src/pkcs11/libpkcs11.c, - trunk/src/pkcs11/pkcs11-display.c, - trunk/src/pkcs11/pkcs11-spy.c, trunk/src/pkcs11/pkcs11.h, - trunk/src/pkcs11/rsaref, trunk/src/pkcs11/sc-pkcs11.h: replace - rsa pkcs#11 header files with rewrite. - -2006-11-28 15:54 ludovic.rousseau - - * trunk/configure.in: remove now useless (see revision 3062) - --enable-debug option - -2006-11-28 11:54 martin - - * trunk/src/libopensc/card.c: Have equal number of sc_lock and - sc_unlock loglines to aid debugging locking. - -2006-11-28 11:53 martin - - * trunk/configure.in: Remove unused headers - -2006-11-23 22:40 nils - - * trunk/src/libopensc/reader-ctapi.c, - trunk/src/libopensc/reader-openct.c, - trunk/src/libopensc/reader-pcsc.c: enable APDU logging again - -2006-11-22 19:27 nils - - * trunk/src/libopensc/card-flex.c: remove unused variable, cleanup - -2006-11-21 22:10 nils - - * trunk/src/libopensc/iso7816.c: try to read at most max_recv_size - bytes in GET RESPONSE - -2006-11-18 00:05 pk - - * trunk/src/libopensc/pkcs15-tcos.c: Support for DATEV smartcard - classic - -2006-11-17 11:50 aj - - * trunk/src/signer/dialog.c: size_t is 64bit on 64bit plattforms, - thus use %ld and convert to unsigned long. - -2006-11-12 21:01 nils - - * trunk/src/libopensc/iso7816.c: - -2006-11-11 11:47 nils - - * trunk/src/libopensc/sc.c: fix typo - -2006-11-11 11:46 nils - - * trunk/src/libopensc/iso7816.c: remove useless code - -2006-11-11 11:09 nils - - * trunk/src/libopensc/sc.c: check types before concatenating paths - -2006-11-10 23:07 nils - - * trunk/src/libopensc/pkcs15-gemsafe.c: update; patch supploed by - Douglas E. Engert - -2006-11-09 21:26 nils - - * trunk/src/tools/opensc-explorer.c: fix typo - -2006-11-09 16:05 martin - - * trunk/doc/tools/pkcs15-tool.xml: Fixes #17 - -2006-11-06 11:15 vtarasov - - * trunk/src/libopensc/card-cardos.c, - trunk/src/libopensc/card-piv.c, trunk/src/libopensc/iso7816.c, - trunk/src/libopensc/log.h, trunk/src/libopensc/muscle.c: Use do - {...} while(0) construction for SC_TEST_RET, SC_FUNC_RETURN and - SC_FUNC_CALLED defines - -2006-11-02 13:58 nils - - * trunk/src/libopensc/pkcs15-sec.c: set path type; patch supplied - by Thomas Irlet - -2006-11-02 09:19 vtarasov - - * trunk/src/pkcs15init/keycache.c: When forgetting PIN set to - 'null' the corresponding named_pin's entry - -2006-11-02 06:55 aj - - * trunk/src/libopensc/card-muscle.c: Thomas Harning: sc_list_files - doesn't return the length of the applicable buffer, but instead - the # of files. Fixed. - -2006-10-31 17:29 pk - - * trunk/src/libopensc/pkcs15-tcos.c: Netkey E4 emulation - -2006-10-30 18:51 nils - - * trunk/src/libopensc/asn1.c, trunk/src/libopensc/asn1.h, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/sc.c, - trunk/src/tools/opensc-explorer.c: add support to parse the - seInfo TokenInfo entry, improve aid support in opensc-explorer - -2006-10-30 11:54 martin - - * trunk/doc/tools/opensc-explorer.xml: Remove invalid - documentation, addresses #95 - -2006-10-30 07:37 ludovic.rousseau - - * trunk/src/libopensc/ctx.c: use the OPENSC_DEBUG environment - variable to overwite the configuration variable debug in - opensc.conf - -2006-10-09 15:09 martin - - * trunk/src/libopensc/card-mcrd.c: New EstEID v1.5 card ATR - -2006-10-04 07:00 ludovic.rousseau - - * trunk/src/libopensc/pkcs15.c: c_asn1_toki[]: the serialNumber - field is not mandatory in ISO 7816-15 see - http://www.opensc-project.org/pipermail/opensc-devel/2006-October/009025.html - -2006-10-02 17:26 nils - - * trunk/src/pkcs11/pkcs11-global.c: make the decision which - locking functions to use more explicit; patch supplied by Martin - -2006-10-02 16:49 nils - - * trunk/src/libopensc/pkcs15.c: restore backward compatibility: - try READ BINARY in case of a unknown file type - -2006-10-02 13:46 ludovic.rousseau - - * trunk/src/libopensc/pkcs15.c: c_asn1_ddo[]: the oid field of the - DDO is not mandatory in ISO 7816-15 See - http://www.opensc-project.org/pipermail/opensc-devel/2006-October/009022.html - -2006-10-02 10:39 nils - - * trunk/doc/tools/pkcs15-crypt.xml: update doc - -2006-10-02 10:34 nils - - * trunk/src/tools/pkcs15-crypt.c: add the possibility to read the - pin from stdin - -2006-10-01 20:52 nils - - * trunk/src/libopensc/card-mcrd.c, - trunk/src/libopensc/reader-pcsc.c: fix warnings - -2006-10-01 20:39 nils - - * trunk/src/libopensc/iso7816.c: fix warning - -2006-09-27 22:10 nils - - * trunk/src/pkcs11/framework-pkcs15.c: set - CKF_USER_PIN_INITIALIZED only if we really have a pin object - -2006-09-27 12:02 ludovic.rousseau - - * trunk/src/libopensc/pkcs15.c: sc_pkcs15_make_absolute_path(): a - 0 length path stays a 0 length pat - -2006-09-27 12:01 ludovic.rousseau - - * trunk/src/libopensc/iso7816.c: iso7816_process_fci(): dump the - filename in Hex + ASCII instead of just ASCII in the debug log - -2006-09-26 18:17 nils - - * trunk/src/libopensc/card-oberthur.c: fix apdu - -2006-09-26 18:01 nils - - * trunk/src/tools/opensc-tool.c: check if the ef type is in range; - thanks to Thomas Irlet - -2006-09-26 10:55 henryk - - * trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-data.c, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15-pubkey.c, - trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: Make - absolute paths from all paths read from the PKCS#15 directories - by prepending the DF(PKCS#15) path if necessary. Fixes - compatibility with Siemens HiPath SIcurity formatted cards which - use relative paths. - -2006-09-26 10:43 henryk - - * trunk/src/libopensc/pkcs15.c: Fix handling for SIMPLE-TLV - records with a three-byte length - -2006-09-26 10:36 henryk - - * trunk/src/libopensc/pkcs15.c: opensc-siemens.diff Adds support - for record-oriented files in linear variable, simple-tlv format. - TODO: Add support for all the other file formats, too. - -2006-09-26 10:31 henryk - - * trunk/src/libopensc/pkcs15.c: Make do { ... } while (...); into - while (...) { ... };. Fixes behaviour with empty files. - -2006-09-24 14:05 nils - - * trunk/src/libopensc/pkcs15.c: implement workaround for the - Taiwanese id card - -2006-09-24 12:50 nils - - * trunk/src/libopensc/sc.c: keep index and count parameters - -2006-09-22 14:34 nils - - * trunk/src/libopensc/card-starcos.c: add starcos spk 2.4 ATR - -2006-09-22 14:18 nils - - * trunk/src/libopensc/card-starcos.c: bugfix - -2006-09-20 13:33 aj - - * trunk/src/scconf/Makefile.mak: scconf needs strlcpy too. - -2006-09-20 12:32 aj - - * trunk/src/libopensc/Makefile.mak: ntohl is in ws2_32.lib / dll. - -2006-09-20 12:10 aj - - * trunk/src/libopensc/Makefile.am: don't forget part10.h (only - used on windows I think). - -2006-09-18 05:30 nils - - * trunk/src/tools/pkcs11-tool.c: add option to write data objects; - patch supplied by Cornelius Klbel - et. al. - -2006-09-17 18:34 nils - - * trunk/src/libopensc/reader-pcsc.c: remove check for T0 as it - seems to work for T1 as well - -2006-09-14 12:56 ludovic.rousseau - - * trunk/doc/tools/opensc-config.xml, - trunk/doc/tools/pkcs11-tool.xml: use for - command arguments - -2006-09-14 12:46 ludovic.rousseau - - * trunk/doc/tools/pkcs11-tool.xml: using --pin with set --login - -2006-09-14 09:17 ludovic.rousseau - - * trunk/doc/tools/pkcs11-tool.xml: explicit that --module is to - load a "PKCS#11 module (or library)" not just a module - -2006-09-14 08:55 ludovic.rousseau - - * trunk/src/pkcs11/pkcs11-global.c: C_GetInfo(): use "OpenSC - (www.opensc-project.org)" instead of "OpenSC Project - (www.opensc-project.org)" for the manufacturerID to avoid a - truncation at 32 characters - -2006-09-04 20:01 martin - - * trunk/src/libopensc/card-mcrd.c: Make sure every new opensc - instance sees the card from the sight starting point. - -2006-09-03 15:58 martin - - * trunk/src/libopensc/pkcs15-esteid.c: Update for [2836] chganges. - -2006-08-27 18:25 aj - - * trunk/src/pkcs11/slot.c: shorten string, fixing #98. - -2006-08-19 08:44 nils - - * trunk/etc/opensc.conf.in: fix typo - -2006-08-16 16:36 martin - - * trunk/src/libopensc/part10.h, trunk/src/libopensc/reader-pcsc.c: - * Fix endianness for PCSCv2 part 10 IOCTLs * Add support for - start/finish style IOCTLs * Add support for the same pinpad - functionality on windows Some code from Robert Konklewski and - Ludovic Rousseau - -2006-08-13 21:20 aj - - * trunk/src/pkcs11/pkcs11-spy.c: Douglas E. Engert: Change - PKCS11-Spy so it looks in HKEY_LOCAL_MACHINE, before - HKEY_LOCAL_USER. This should not cause any problems, as the - HKEY_LOCAL_MACHINE, "Software\PKCS11-Spy" would not normally be - set, accept while the sysadmin of the machine as trying to debug - a login type problem. - -2006-08-03 21:05 nils - - * trunk/src/libopensc/Makefile.mak, trunk/src/pkcs11/Makefile.mak, - trunk/src/pkcs15init/Makefile.mak, trunk/src/tests/Makefile.mak, - trunk/src/tools/Makefile.mak: build fixes for win; patch - supplied by Douglas E. Engert - -2006-08-02 19:43 nils - - * trunk/src/tools/opensc-explorer.c, trunk/src/tools/piv-tool.c, - trunk/src/tools/pkcs15-tool.c: fix warnings - -2006-08-02 19:31 nils - - * trunk/src/common/Makefile.mak, trunk/src/include/winconfig.h, - trunk/src/libopensc/pkcs15-piv.c, trunk/src/pkcs11/Makefile.mak, - trunk/src/tools/eidenv.c, trunk/src/tools/netkey-tool.c, - trunk/src/tools/util.h, trunk/win32/Make.rules.mak: win build - fixes; patch supplied by Douglas E. Engert - -2006-08-01 18:49 nils - - * trunk/src/libopensc/sc.c: fix sc_compare_path_prefix(); patch - supplied by Henryk Pltz - -2006-07-23 08:02 nils - - * trunk/src/tools/pkcs15-tool.c: check the value of the pin type - before accessing the array; patch supplied by Henryk Pltz - - -2006-07-18 20:37 nils - - * trunk/etc/opensc.conf.in: spelling fixes by ville.skytta@iki.fi - -2006-07-14 08:18 nils - - * trunk/src/pkcs15init/profile.c: bugfix: copy the first n - characters (if possible) - -2006-07-13 21:01 nils - - * trunk/src/pkcs15init/pkcs15-cardos.c: cardos v4.3b support - -2006-07-13 20:40 nils - - * trunk/src/libopensc/sc.c: don't accept invalid OIDs - -2006-07-13 20:37 nils - - * trunk/src/libopensc/card-cardos.c: cardos v4.3 - -2006-07-13 20:35 nils - - * trunk/src/libopensc/pkcs15.c: bugfixes ... - -2006-07-13 19:59 nils - - * trunk/src/libopensc/pkcs15.c: initialize pointer - -2006-07-12 08:12 ludovic.rousseau - - * trunk/src/libopensc/card-belpic.c, - trunk/src/libopensc/pkcs15-actalis.c, - trunk/src/libopensc/pkcs15-atrust-acos.c, - trunk/src/libopensc/pkcs15-esteid.c, - trunk/src/libopensc/pkcs15-gemsafe.c, - trunk/src/libopensc/pkcs15-infocamere.c, - trunk/src/libopensc/pkcs15-openpgp.c, - trunk/src/libopensc/pkcs15-piv.c, - trunk/src/libopensc/pkcs15-postecert.c, - trunk/src/libopensc/pkcs15-starcert.c, - trunk/src/libopensc/pkcs15-tcos.c, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/profile.c, trunk/src/scconf/parse.c, - trunk/src/tools/cryptoflex-tool.c, - trunk/src/tools/pkcs15-init.c: - use strlcpy() instead of - strncpy() to always have a terminating NUL-byte - use - sizeof(field) instead of SC_PKCS15_MAX_LABEL_SIZE-1 or - equivalent as the 3rd argument of strlcpy() - -2006-07-12 08:09 ludovic.rousseau - - * trunk/src/scconf/Makefile.am: add - $(top_srcdir)/src/common/strlcpy.c to libscconf_la_SOURCES since - src/scconf/parse.c now uses strlcpy(). Note that, since - libopensc uses libscconf, strlcpy() will be available from any - program linked with libopensc - -2006-07-12 08:06 ludovic.rousseau - - * trunk/src/libopensc/Makefile.am, - trunk/src/pkcs15init/Makefile.am: add -I$(top_srcdir)/src/common - so that strlcpy.h is found - -2006-07-12 08:05 ludovic.rousseau - - * trunk/src/common/Makefile.am, trunk/src/common/README.strlcpy, - trunk/src/common/strlcpy.3, trunk/src/common/strlcpy.c, - trunk/src/common/strlcpy.h: add strlcpy.{c,h} from - ftp://ftp.openbsd.org/pub/OpenBSD/src/lib/libc/string/ - -2006-07-12 07:43 ludovic.rousseau - - * trunk/configure.in, trunk/src/common/Makefile.am, - trunk/src/common/getopt.h, trunk/src/common/my_getopt.c, - trunk/src/common/my_getopt.h, trunk/src/tests/Makefile.am, - trunk/src/tests/sc-test.c, trunk/src/tools/Makefile.am: - remove - src/common/getopt.h since it collide with /usr/include/getopt.h - - replace @GETOPTSRC@ by $(top_srcdir)/src/common/my_getopt.c in - Makefile.am files - change the detection of getopt_long in - configure.in since GETOPTSRC is not used anymore. my_getopt.c is - now always compiled and used but provides getopt_long() only if - HAVE_GETOPT_H is NOT defined (ie. if getopt_long() is not - provided by the system) - src/common/my_getopt.c: the code is - within #ifndef HAVE_GETOPT_H - move the useful lines of - src/common/getopt.h in src/common/my_getopt.h - -2006-07-12 07:32 ludovic.rousseau - - * trunk/src/common/Makefile.am, trunk/src/common/README, - trunk/src/common/README.my_getopt: rename README in - README.my_getopt - -2006-07-12 06:41 ludovic.rousseau - - * trunk/configure.in, trunk/src/signer/Makefile.am: use - LIBASSUAN_* instead of ASSUAN_* so the assuan library is - correctly found and we avoid "undefined symbol: assuan_strerror - (.libs/opensc-signer.so)", etc - -2006-07-11 22:25 nils - - * trunk/src/libopensc/asn1.c: bugfix: return error if OID is - invalid - -2006-07-11 21:43 nils - - * trunk/src/libopensc/card-cardos.c: fix typo - -2006-07-08 12:31 nils - - * trunk/src/libopensc/card-cardos.c: changes for cardos 4.3b - -2006-07-05 19:45 aj - - * trunk/src/libopensc/pkcs15.c: replace static buffer with - dynamically allocated buffer. patch by Tomasz Lemiech to fix a - problem with setec cards. - -2006-07-05 19:36 aj - - * trunk/src/libopensc/pkcs15.c: Tomasz Lemiech wrote: I found that - struct c_asn1_odf[] in pkcs15.c does not define secretKeys - object (as specified in PKCS#15 v. 1.1 standard, par. 6.2). I - consider this to be an omission. My Setec card contains objects - of this type and all PKCS#15 operations fail with "Unable to - parse ODF". Attached patch fixes this issue. - -2006-06-27 21:54 aj - - * trunk/src/libopensc/card-flex.c: add new atr reported by Sven - Loeschner as Cryptoflex 32k Card. - -2006-06-27 17:56 sth - - * trunk/src/libopensc/internal.h: Added doxygen comments - -2006-06-27 17:49 sth - - * trunk/src/libopensc/card-muscle.c, - trunk/src/libopensc/internal.h, trunk/src/libopensc/muscle.c, - trunk/src/libopensc/sc.c: Endian-independent way to convert - numbers to a byte array + vice versa - -2006-06-26 21:03 aj - - * trunk/src/libopensc/ctx.c: check for environment variable first - on windows, too. - -2006-06-23 16:09 nils - - * trunk/src/libopensc/card-oberthur.c: fix apdu types and response - buffer length - -2006-06-21 20:05 nils - - * trunk/src/pkcs11/misc.c: bring implementation in accordance with - the docu in opensc.conf - -2006-06-19 23:04 aj - - * trunk/src/libopensc/card-flex.c: the cryptoflex manual states - the last two bytes of the atr are some software version so we - can ignore them. use the atr mask to do that. - -2006-06-19 19:01 nils - - * trunk/src/libopensc/opensc.h: fix docu - -2006-06-18 20:52 sth - - * trunk/src/libopensc/muscle.c: The applet returns unexpected - values when entering a wrong PIN; this is a work-around by - Thomas Harning - -2006-06-17 15:07 nils - - * trunk/src/libopensc/muscle-filesystem.c, - trunk/src/libopensc/muscle.c: fix warnings - -2006-06-17 12:24 nils - - * trunk/src/libopensc/card-belpic.c, - trunk/src/libopensc/card-cardos.c, - trunk/src/libopensc/card-jcop.c, - trunk/src/libopensc/card-muscle.c, - trunk/src/libopensc/card-openpgp.c, - trunk/src/libopensc/card-piv.c, - trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/cards.h, trunk/src/libopensc/iso7816.c, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/sec.c: remove - iso logout function, remove dummy logout functions and remove - logout call from sc_unlock() - -2006-06-16 20:47 nils - - * trunk/src/libopensc/muscle-filesystem.c: fix warning - -2006-06-08 08:12 aj - - * trunk/src/pkcs15init/Makefile.am: Fix makefile: add muscle files. - -2006-06-07 08:33 sth - - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/Makefile.mak, - trunk/src/libopensc/card-muscle.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/cardctl.h, trunk/src/libopensc/cards.h, - trunk/src/libopensc/ctx.c, - trunk/src/libopensc/muscle-filesystem.c, - trunk/src/libopensc/muscle-filesystem.h, - trunk/src/libopensc/muscle.c, trunk/src/libopensc/muscle.h, - trunk/src/libopensc/opensc.h, trunk/src/pkcs15init/Makefile.mak, - trunk/src/pkcs15init/muscle.profile, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/pkcs15-muscle.c: Added support for - MuscleCard applet. Thanks to Thomas Harning, David Corcoran of - Identity Alliance - -2006-06-06 06:00 aj - - * trunk/src/libopensc/card-cardos.c: add new card reported to work - by Christian Koegler. Thanks Christian! - -2006-05-30 20:59 aj - - * trunk/NEWS: commit NEWS update. - -2006-05-23 20:53 aj - - * trunk/src/pkcs11/framework-pkcs15.c: sprintf bad. maybe even - potential exploitable? bug found by ville skytta using pscan. - -2006-05-23 12:55 aj - - * trunk/src/tools/Makefile.mak: fix compiling netkey-tool on win32. - -2006-05-23 09:09 aj - - * trunk/src/tools/Makefile.mak, trunk/win32/Make.rules.mak: try to - fix windows compile (include netkey-tool and cryptoflex-tool). - -2006-05-20 16:06 aj - - * trunk/src/libopensc/pkcs15-piv.c, - trunk/src/pkcs11/framework-pkcs15.c: make objects on piv card - public. - -2006-05-20 16:05 aj - - * trunk/src/pkcs11/misc.c: revert prior change as it breaks the - regression tests. - -2006-05-17 09:07 ludovic.rousseau - - * trunk/src/libopensc/reader-pcsc.c: pcsc_connect(): use an - explicit debug message if the reader supports PIN - verification/modification but that feature is not enabled in - opensc.conf (enable_pinpad = true) - -2006-05-15 18:48 nils - - * trunk/src/pkcs11/framework-pkcs15.c: check for existing public - key before creating one from the certificate; patch supplied by - Albert Solana - -2006-05-12 20:03 aj - - * trunk/src/libopensc/pkcs15-piv.c: Douglas E. Engert: removes the - private bit on the pubkey. Without this change the openssl req - with engine can not be used to generate a certificate request, - as it will not be able to find the public key that should have - been saved by the piv-tool when the private key was generated on - the card. - -2006-05-12 20:01 aj - - * trunk/src/libopensc/card-mcrd.c, - trunk/src/pkcs11/framework-pkcs15.c: compile fixes for win32. - -2006-05-10 06:18 aj - - * trunk/NEWS: document changes so far. - -2006-05-10 06:14 aj - - * trunk/configure.in: trunk is now used for changed past 0.11.1. - -2006-05-09 21:35 nils - - * trunk/src/pkcs11/framework-pkcs15.c: improve buffer length check - -2006-05-09 19:39 aj - - * trunk/src/include/winconfig.h, trunk/win32/version.rc: oops, we - forgot to update the version. fix that for opensc 0.11.1. - -2006-05-05 10:35 nils - - * trunk/src/pkcs11/misc.c: set the default for lock_login to false - (as documented in opensc.conf) - -2006-05-05 10:10 nils - - * trunk/src/libopensc/card-openpgp.c: if the card doesn't support - a logout functionality it's not an error - -2006-05-05 10:06 nils - - * trunk/src/libopensc/card-openpgp.c: bugfix: Le must be <= buffer - size - -2006-05-04 06:50 aj - - * trunk/src/libopensc/pkcs15-piv.c: piv fixes by Douglas E. - Engert. This patch will allow a flag in the opensc.conf file to - be set to only expose the PIV authentication certificate and - matching keys. - -2006-05-03 07:16 nils - - * trunk/src/libopensc/card-starcos.c: use correct ef attribute in - switch statement; thanks to Chaskiel M Grundman - - -2006-05-01 10:27 aj - - * trunk/src/libopensc/pkcs15-gemsafe.c: close memory leaks. - -2006-05-01 10:26 aj - - * trunk/src/libopensc/card-oberthur.c: close some memory leaks. - -2006-05-01 10:23 aj - - * trunk/src/pkcs15init/pkcs15-lib.c: make sure result is - null-terminated. - -2006-05-01 10:22 aj - - * trunk/src/pkcs15init/pkcs15-lib.c: at least partialy close - memory leak. - -2006-05-01 10:21 aj - - * trunk/src/pkcs15init/pkcs15-lib.c: check df before dereferencing - it. - -2006-05-01 10:20 aj - - * trunk/src/pkcs11/framework-pkcs15.c: free(data) (allocated by - sc_pkcs15_read_data_object, no reference kept anywhere). - -2006-05-01 10:17 aj - - * trunk/src/tools/eidenv.c: if exec() fails, exit with return code - 1. - -2006-05-01 10:16 aj - - * trunk/src/tools/pkcs15-init.c: initialize with NULL, so the - later check for NULL will work. - -2006-05-01 10:12 aj - - * trunk/NEWS, trunk/etc/opensc.conf.in, - trunk/src/libopensc/card-mcrd.c, trunk/src/libopensc/cards.h: - add support for d-trust cards. - -2006-05-01 10:10 aj - - * trunk/src/libopensc/apdu.c: revert bogus change. - -2006-05-01 10:07 aj - - * trunk/src/scconf/test-conf.c: bogus change, no segfault here. - -2006-05-01 10:06 aj - - * trunk/src/libopensc/log.c: revert bogus patch. - -2006-05-01 10:02 aj - - * trunk/NEWS, trunk/src/common/main.c, trunk/src/libopensc/apdu.c, - trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/ui.c, trunk/src/pkcs11/pkcs11-display.c, - trunk/src/pkcs15init/pkcs15-cardos.c, trunk/src/tests/print.c, - trunk/src/tools/netkey-tool.c, - trunk/src/tools/opensc-explorer.c, - trunk/src/tools/opensc-tool.c, trunk/src/tools/piv-tool.c, - trunk/src/tools/pkcs11-tool.c, trunk/src/tools/pkcs15-crypt.c, - trunk/src/tools/pkcs15-tool.c: fix printf size_t problem with - "%lu" and (unsigned long) cast. - -2006-05-01 09:20 aj - - * trunk/NEWS: Document changes since 0.10.0-rc2 - -2006-04-29 22:10 pk_opensc - - * trunk/src/libopensc/pkcs15-tcos.c: TCOS-Emulation, support for - Uni-Giessen card - -2006-04-27 20:44 ludovic.rousseau - - * trunk/src/libopensc/reader-ctapi.c, - trunk/src/libopensc/reader-pcsc.c: fix a memory leak that occurs - when the APDU exchange fails - -2006-04-26 11:54 aj - - * trunk/configure.in: trunk will contain work done after 0.11.0 - release - -2006-04-26 11:41 aj - - * trunk/src/pkcs11/openssl.c, trunk/src/pkcs11/pkcs11-display.c, - trunk/src/pkcs11/sc-pkcs11.h, trunk/src/tests/print.c, - trunk/src/tools/eidenv.c, trunk/src/tools/netkey-tool.c, - trunk/src/tools/opensc-explorer.c, - trunk/src/tools/opensc-tool.c, trunk/src/tools/piv-tool.c, - trunk/src/tools/pkcs11-tool.c, trunk/src/tools/pkcs15-crypt.c, - trunk/src/tools/pkcs15-tool.c: fix signed and size_t warnings. - -2006-04-26 10:08 aj - - * trunk/src/libopensc/log.c: make sure buffer is 0 terminated. - -2006-04-26 10:07 aj - - * trunk/src/libopensc/apdu.c: fix a memory leak. don't access - buffer beyond length. - -2006-04-26 10:05 aj - - * trunk/src/libopensc/card-oberthur.c: maybe it would be good to - check the return value? - * trunk/src/libopensc/ctx.c: maybe it would be good to check he - return value? - -2006-04-26 10:04 aj - - * trunk/src/libopensc/card-piv.c: fix double free and segfault. - -2006-04-26 10:02 aj - - * trunk/src/libopensc/reader-openct.c: fix memory leak. - -2006-04-26 10:01 aj - - * trunk/src/libopensc/asn1.c: remove dead code. - * trunk/src/pkcs15init/pkcs15-cflex.c, - trunk/src/pkcs15init/pkcs15-gpk.c: close memory leaks. - -2006-04-26 10:00 aj - - * trunk/src/pkcs11/framework-pkcs15.c: not sure it is a good idea - to ignore the return value. - -2006-04-26 09:59 aj - - * trunk/src/scconf/test-conf.c: no idea how to fix, at least - document it. - -2006-04-26 09:58 aj - - * trunk/src/tools/opensc-explorer.c: fix off by one bug. - -2006-04-24 18:41 aj - - * trunk/src/libopensc/card-tcos.c, - trunk/src/libopensc/pkcs15-tcos.c: tcos updates by Peter Koch. - -2006-04-18 15:15 aj - - * trunk/src/pkcs11/pkcs11-spy.c: remove a function that is no - longer used at all. - * trunk/src/tests/regression/Makefile.am, - trunk/src/tests/regression/functions: improve regression tests: - cleanup failed/ and out/ folder. specify path to - opensc-pkcs11.so module. - -2006-04-18 08:16 aj - - * trunk/src/libopensc/card-mcrd.c: Lindent so the result is easier - to read / diff. - -2006-04-11 20:50 aj - - * trunk/src/libopensc/card-piv.c: Douglas E. Engert wrote: The - attached change to card-piv.c is need to recognize a valid PIV - card applet. All of the previous test cards would return in - response to a SELECT the full AID where as they should have - returned the the PIX portion of the AID. The newest test cards - are now doing this correctly. This change will recognize either - as a PIV applet. - -2006-04-06 18:41 sth - - * trunk/src/pkcs15init/flex.profile: There doesn't seem to be a - need to leave the certs (and CDF) unprotected. In case there do - are problems, please revert this change - -2006-04-06 18:38 sth - - * trunk/src/pkcs15init/pkcs15-lib.c: Set the user pin reference - when writing a cert. If not, there's a problem with the onepin - profile option: the CDF (and certs) will be created with NONE - ACs instead of ACs that refer to the user PIN - -2006-04-06 18:35 sth - - * trunk/src/pkcs15init/profile.c: protect certs by default - -2006-04-03 10:42 nils - - * trunk/src/libopensc/errors.c, trunk/src/libopensc/errors.h, - trunk/src/libopensc/iso7816.c: return an error if offset is too - large - -2006-03-24 23:54 aj - - * trunk/src/signer/Makefile.am: install signer in libdir like - everything else. - -2006-03-24 10:55 nils - - * trunk/src/pkcs11/framework-pkcs15.c: check the private flag of - public key objects; patch supplied by Albert Solana - -2006-03-24 08:06 martin - - * trunk/src/libopensc/card.c: Threading: Reader locking can fail - as well - -2006-03-22 21:44 nils - - * trunk/src/libopensc/card.c, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/reader-pcsc.c: add function sc_reset() to - reset a card; patch supplied by Josep Mons Teixidor - - -2006-03-22 17:12 nils - - * trunk/src/tools/opensc-explorer.c: fix ACs; patch supplied by - njustin@idealx.com - -2006-03-16 21:37 aj - - * trunk/configure.in: simply the revision, drop the m4 code. it - didn't turn out the way I wanted it (does not contain the - _repository_/_branch_ revision). - -2006-03-09 20:35 nils - - * trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/cards.h: - initial support for the Swedish NIDEL card - -2006-03-07 07:22 ludovic.rousseau - - * trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h, - trunk/src/pkcs15init/pkcs15-lib.c: sc_pkcs15_parse_tokeninfo() - and sc_pkcs15_encode_tokeninfo() now use a - (sc_pkcs15_tokeninfo_t *) instead of struct (sc_pkcs15_card *) - -2006-03-06 09:21 ludovic.rousseau - - * trunk/src/libopensc/ui.c: __sc_ui_read_pin(): use "%lu" and - (unsigned long) cast to print a (size_t) value (size_t is 32 or - 64 bits depending on the platform) - -2006-03-06 07:58 aj - - * trunk/doc/tools/pkcs15-tool.xml: small fix - \& was left from - cut&paste from a man page. - -2006-03-05 19:43 aj - - * trunk/doc/tools/pkcs15-tool.xml: document --unblock-pin / -u - option. - -2006-03-03 22:56 nils - - * trunk/configure.in, trunk/src/libopensc/apdu.c, - trunk/src/libopensc/internal.h, - trunk/src/libopensc/reader-ctapi.c, - trunk/src/libopensc/reader-openct.c, - trunk/src/libopensc/reader-pcsc.c: - move logging to the reader - driver - log APDUs only if DEBUG is defined (sensitive APDUs - should never be logged and we cannot know whether a APDU is - sensitive or not => enable APDU logging only in a non-production - debug build) - remove OPENSC_DONT_LOG_SENSITIVE configure option - as it's needed anymore - -2006-03-03 21:10 nils - - * trunk/src/libopensc/opensc.h: add some doxygen comments - -2006-03-02 18:24 nils - - * trunk/src/libopensc/opensc.h: add note - -2006-03-02 16:17 nils - - * trunk/src/libopensc/pkcs15-piv.c: remove useless code - -2006-03-02 14:16 ludovic.rousseau - - * trunk/src/libopensc/pkcs15-actalis.c: - sc_pkcs15emu_actalis_init(): define 3 variables only #ifdef - HAVE_ZLIB_H since they are used in this case only - -2006-03-02 14:12 ludovic.rousseau - - * trunk/src/libopensc/ui.c: __sc_ui_read_pin(): use %lu instead of - %u to avoid a warning: format '%u' expects type 'unsigned int', - but argument 3 has t ype 'size_t' - -2006-03-01 22:34 nils - - * trunk/src/libopensc/opensc.h: mark second parameter of - sc_disconnect_card() as unused - -2006-03-01 09:45 martin - - * trunk/src/libopensc/card.c, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/reader-ctapi.c, - trunk/src/libopensc/reader-openct.c, - trunk/src/libopensc/reader-pcsc.c: Remove the disconnect action - from internal reader api - -2006-02-27 20:11 nils - - * trunk/src/tools/pkcs15-tool.c: use absolute paths when caching - files - -2006-02-23 19:15 nils - - * trunk/src/libopensc/pkcs15-tcos.c: change name + fix warning - -2006-02-23 18:43 nils - - * trunk/src/libopensc/card-piv.c, - trunk/src/libopensc/pkcs15-tccardos.c: fix some warnings - -2006-02-23 13:40 martin - - * trunk/src/libopensc/ctx.c: Fix for a segfaul. Patch provided by - Albert Solana Berengu - -2006-02-23 11:49 martin - - * trunk/etc/opensc.conf.in, trunk/src/libopensc/card-piv.c: Add an - example config entry for PIV cards and remove a card matching - black hole - -2006-02-23 11:02 martin - - * trunk/src/include/winconfig.h, trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/Makefile.mak, trunk/src/libopensc/card.c, - trunk/src/libopensc/pkcs15-gemsafe.c, - trunk/src/libopensc/pkcs15-openpgp.c, - trunk/src/libopensc/pkcs15-postecert.c, - trunk/src/libopensc/pkcs15-tccardos.c, - trunk/src/libopensc/pkcs15-tcos.c, - trunk/src/pkcs11/pkcs11-global.c, trunk/win32/Make.rules.mak, - trunk/win32/Makefile.mak, trunk/win32/version.rc: Small fixes - for windows compilation (Visual Studio Express 2005) - -2006-02-23 11:01 martin - - * trunk/etc/opensc.conf.in: Add a section for tokend - -2006-02-23 08:10 nils - - * trunk/src/libopensc/pkcs15-piv.c: NIST 800-73-1 certs aren't - protected by a pin anymore; patch supplied by Douglas E. Engert - - -2006-02-22 20:35 nils - - * trunk/src/libopensc/pkcs15-piv.c: use sc_format_oid() - -2006-02-17 21:06 nils - - * trunk/src/libopensc/card-piv.c, trunk/src/libopensc/ctx.c: fix - warnings - -2006-02-17 11:22 martin - - * trunk/src/libopensc/reader-pcsc.c, trunk/win32/Make.rules.mak: * - Also delete .pdb files on windows when doing a clean * Call - directly internal pcsc transmit method for pcsc pinpad calls. - -2006-02-16 21:45 nils - - * trunk/src/libopensc/pkcs15-tcos.c: add support a TCOS card used - at the uni Giessen; this is still experimental - -2006-02-15 17:29 nils - - * trunk/src/tools/cryptoflex-tool.c, trunk/src/tools/eidenv.c, - trunk/src/tools/opensc-tool.c, trunk/src/tools/util.c: use - sc_ctx_get_reader() etc. instead of of accessing the structure - members directly - -2006-02-15 17:05 nils - - * trunk/src/scconf/test-conf.c, trunk/src/tools/eidenv.c, - trunk/src/tools/netkey-tool.c, trunk/src/tools/pkcs11-tool.c: - fix some warnings + cleanup - -2006-02-15 08:10 nils - - * trunk/src/tools/piv-tool.c: fix warnings - -2006-02-15 08:07 nils - - * trunk/src/tools/pkcs15-tool.c: fix warning - -2006-02-14 22:46 nils - - * trunk/src/pkcs11/framework-pkcs15.c: a unblocking pin could be - used for authentication as well - -2006-02-14 22:41 nils - - * trunk/src/libopensc/pkcs15-tcos.c: undo commit in pkcs15-tcos.c - -2006-02-14 22:09 nils - - * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/card-piv.c, - trunk/src/libopensc/cards.h, trunk/src/libopensc/ctx.c, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-piv.c, - trunk/src/libopensc/pkcs15-syn.c, - trunk/src/libopensc/pkcs15-tcos.c, trunk/src/tools/Makefile.am, - trunk/src/tools/Makefile.mak, trunk/src/tools/piv-tool.c, - trunk/src/tools/pkcs15-tool.c: add initial PIV card support; - patch supplied by Douglas E. Engert - -2006-02-14 22:04 nils - - * trunk/src/tools/util.c: fix warning - -2006-02-12 18:30 nils - - * trunk/src/libopensc/card-mcrd.c, - trunk/src/pkcs15init/pkcs15-cardos.c: add support for two byte - tags in sc_asn1_find_tag() + normalize return value - -2006-02-12 18:29 nils - - * trunk/src/libopensc/asn1.c: add support for two byte tags in - sc_asn1_find_tag() + normalize return value - -2006-02-12 17:37 nils - - * trunk/src/tools/pkcs15-tool.c: don't bind the pkcs15 card twice - -2006-02-12 17:07 nils - - * trunk/src/pkcs15init/pkcs15-lib.c: fix memory leak - -2006-02-09 20:05 nils - - * trunk/src/pkcs11/framework-pkcs15.c: support private - certificates; patch supplied by Douglas E. Engert - - -2006-02-08 22:25 nils - - * trunk/src/libopensc/pkcs15-tcos.c: pkcs15 emulation changes for - the TCOS cards, patch supplied by Peter Koch - -2006-02-08 16:29 martin - - * trunk/etc/opensc.conf.in: apdu_masquerade is gone - -2006-02-07 20:14 nils - - * trunk/src/tests/sc-test.c, trunk/src/tools/cardos-info.c, - trunk/src/tools/cryptoflex-tool.c, trunk/src/tools/eidenv.c, - trunk/src/tools/netkey-tool.c, - trunk/src/tools/opensc-explorer.c, - trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-crypt.c, - trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-tool.c: - use sc_context_create instead of sc_establish_context - -2006-02-05 19:35 nils - - * trunk/src/libopensc/card.c, trunk/src/libopensc/ctbcs.c, - trunk/src/libopensc/ctx.c, trunk/src/libopensc/internal.h, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc.c, - trunk/src/pkcs11/pkcs11-global.c: sc_mutex_destroy should have a - return value - -2006-02-05 19:00 nils - - * trunk/src/libopensc/apdu.c, trunk/src/libopensc/ctx.c, - trunk/src/libopensc/internal.h, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/reader-ctapi.c, - trunk/src/libopensc/reader-openct.c, - trunk/src/libopensc/reader-pcsc.c: - move APDU encoding to the - reader layer - remove APDU masquerading code, it shouldn't be - necessary anymore - -2006-02-03 21:24 nils - - * trunk/src/libopensc/apdu.c: fix typo - -2006-02-01 22:59 nils - - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/Makefile.mak, trunk/src/libopensc/card.c, - trunk/src/libopensc/ctbcs.c, trunk/src/libopensc/ctx.c, - trunk/src/libopensc/internal.h, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/portability.c, trunk/src/libopensc/sc.c, - trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/sc-pkcs11.h, - trunk/src/pkcs15init/pkcs15-gpk.c: - remove dependence on a - specific threading library - add two new structures: - sc_thread_context_t which let the user specify the mutex - functions to use and sc_context_param_t to specify parameters - for the sc_context_t creation (including mutex functions) using - sc_create_context() - add new function sc_context_create() - - remove timestamp code from libopensc - -2006-01-31 15:53 martin - - * trunk/src/libopensc/card.c, trunk/src/libopensc/internal.h, - trunk/src/libopensc/opensc.h, - trunk/src/libopensc/reader-openct.c, - trunk/src/libopensc/reader-pcsc.c: Rename: _get_conf_block -> - sc_get_conf_block and put it into opensc.h This way it can be - used by OpenSC tokend module. - -2006-01-26 19:02 aj - - * trunk/src/libopensc/card-cardos.c, trunk/src/libopensc/cards.h, - trunk/src/tools/cardos-info.c: add atr and os identification for - cardos 4.3 (plain, not b, not likely to be ever seen, but 100% - compatible to 4.3b as far as I know - only slower). - -2006-01-23 22:02 aj - - * trunk/src/pkcs15init/pkcs15-cardos.c, - trunk/src/pkcs15init/pkcs15-init.h: rename lower level function, - fix typo. - -2006-01-23 21:48 aj - - * trunk/src/pkcs15init/Makefile.am, - trunk/src/pkcs15init/Makefile.mak, - trunk/src/pkcs15init/cardos.profile, - trunk/src/pkcs15init/etoken.profile, - trunk/src/pkcs15init/pkcs15-cardos.c, - trunk/src/pkcs15init/pkcs15-etoken.c, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c: big rename etoken -> cardos, - part II. - -2006-01-23 21:44 aj - - * trunk/src/libopensc/ctx.c: move renames. - -2006-01-23 21:43 aj - - * trunk/src/libopensc/card-cardos.c, - trunk/src/libopensc/cardctl.h, trunk/src/libopensc/cards.h, - trunk/src/libopensc/opensc.h: rename everything namend "etoken" - to "cardos" :) - -2006-01-23 21:39 aj - - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/Makefile.mak, - trunk/src/libopensc/card-cardos.c, - trunk/src/libopensc/card-etoken.c: rename card-etoken.c to - card-cardos.c - -2006-01-23 18:09 martin - - * trunk/src/libopensc/card.c: If, for some reasons, card can not - be initialized (broken) then we must make sure that we release - all resources (disconnect the card). If not we can only have 16 - tries with a longrunning application (number of contexts inside - pcsclite). - -2006-01-23 17:37 martin - - * trunk/src/libopensc/card-mcrd.c, - trunk/src/libopensc/pkcs15-esteid.c: Some cleanup/fixes in - micardo/esteid code related to new apdu.c Now it works again ;) - -2006-01-23 17:29 martin - - * trunk/src/libopensc/pkcs15-cache.c, - trunk/src/libopensc/pkcs15.c: Negative r has a meaning in the - cached file logic, so be sure to reset it to -1 after - sc_print_path has returned a value. - -2006-01-22 21:15 aj - - * trunk/NEWS, trunk/README, trunk/src/pkcs11/pkcs11-global.c, - trunk/src/pkcs11/slot.c, trunk/src/tools/netkey-tool.c, - trunk/src/tools/pkcs15-tool.c: change more opensc.org references - to opensc-project.org till dns is back. - -2006-01-22 21:07 aj - - * trunk/doc/README, trunk/doc/export-wiki.sh: moved to - opensc-project till opensc.org dns is back. fix openct - references to opensc. - -2006-01-21 11:53 nils - - * trunk/src/pkcs15init/etoken.profile: increase size for bigger - keys - -2006-01-20 20:52 nils - - * trunk/src/libopensc/asn1.c, trunk/src/libopensc/asn1.h, - trunk/src/libopensc/pkcs15-algo.c, - trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-data.c, - trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15-pubkey.c, - trunk/src/libopensc/pkcs15-wrap.c, trunk/src/libopensc/pkcs15.c, - trunk/src/tools/pkcs15-tool.c: use more opensc specific names - for ASN.1 tags to avoid name conflicts with other ASN.1 libraries - -2006-01-12 09:37 aj - - * trunk/configure.in: doc/old is gone. - -2006-01-12 09:36 aj - - * trunk/man/old: remove old man pages (replaced by new man pages - in xml format). - * trunk/doc/Makefile.am, trunk/doc/old: remove old documentation - (replaced by wiki). - -2006-01-11 23:41 nils - - * trunk/src/libopensc/card-atrust-acos.c, - trunk/src/libopensc/card-flex.c, - trunk/src/libopensc/card-oberthur.c, - trunk/src/libopensc/card-starcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/sc.c, trunk/src/libopensc/types.h, - trunk/src/pkcs15init/pkcs15-cflex.c, - trunk/src/pkcs15init/pkcs15-gpk.c, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/pkcs15-oberthur.c, - trunk/src/pkcs15init/profile.c: - implement thread-safe path - printing function sc_path_print() and use it src/libopensc/ and - src/pkcs15init/ - use size_t for the certlen parameter of - sc_pkcs15init_update_certificate() - -2006-01-07 23:40 martin - - * trunk/src/libopensc/card-mcrd.c: Get rid of handwritten - sc_read_record calls - -2006-01-05 22:21 nils - - * trunk/src/scconf/test-conf.c: the current code requires a - pointer to a integer, note: it's actually not a bug when - foo_item is NULL as the necessary scconf_item object is created - by scconf_item_add_internal - -2006-01-04 18:52 nils - - * trunk/src/libopensc/ctx.c: don't segfault if no config file - could be found (win); thanks to Nicolas Justin - - -2006-01-03 22:46 nils - - * trunk/src/libopensc/pkcs15-actalis.c: increase buffer size for - the serial number to 9 as we need 8 bytes for serial number plus - 1 byte for the terminating 0 character - -2006-01-03 16:24 sth - - * trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/tools/pkcs15-init.c: Add possibility to change pkcs15 - attributes (currently only the label) - -2006-01-03 14:42 sth - - * trunk/src/pkcs15init/pkcs15.profile: Forgotten to add in r2773 - -2006-01-01 23:11 nils - - * trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc.c: summary: - -add more general path concatenation function - sc_concatenate_path() and let sc_append_path use it. -add - function sc_compare_path_prefix to check whether a path starts - with a certain sub-path (prefix). -add some doxygen docu to some - path handling functions - -2005-12-30 10:34 sth - - * trunk/src/tools/pkcs15-tool.c: Typo fixes - -2005-12-28 20:20 aj - - * trunk/src/tools/opensc-explorer.c: "cat xxxx" is not supposed to - create errors (on record structured files). so silence it. - -2005-12-28 20:15 nils - - * trunk/src/libopensc/card-incrypto34.c, - trunk/src/libopensc/reader-openct.c, - trunk/src/libopensc/reader-pcsc.c: fix warnings - -2005-12-28 20:05 nils - - * trunk/src/libopensc/pkcs15-tccardos.c: - -2005-12-28 20:01 nils - - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/Makefile.mak, trunk/src/libopensc/apdu.c, - trunk/src/libopensc/card.c, trunk/src/libopensc/iso7816.c, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/types.h: - summary: -complete rewrite of the APDU/transmission handling - code (should now support extended APDUs and is hopefully better - documented. Note: support for the T0 ENVELOPE command is still - missing due to a lack of test cards). -add new APDU case - constants SC_APDU_CASE_2 etc. which let OpenSC decides, based on - the card capabilities, whether to use short or extended APDUs. - -add new capability SC_CARD_CAP_RSA_2048 for cards supporting - 2048 bit RSA operations (note: this is more a preliminary hack) - -2005-12-28 19:41 nils - - * trunk/src/pkcs15init/pkcs15-lib.c: remove unused variable - -2005-12-28 19:38 nils - - * trunk/src/libopensc/card-etoken.c, trunk/src/libopensc/cards.h, - trunk/src/pkcs15init/pkcs15-etoken.c: add support for cardos - m4.2 (still experimental) - -2005-12-27 14:11 martin - - * trunk/src/libopensc/iso7816.c: If there's less data ina - file/record than requested do not fail but return as much data - as was available. This behaviour is similar to read(2). - -2005-12-27 13:41 martin - - * trunk/src/libopensc/reader-pcsc.c: If SCardControl fails there's - nothing bad going on - just there's no support for this feature. - -2005-12-27 13:39 martin - - * trunk/etc/opensc.conf.in: hav commented configuration lines have - the opposite values of hardcoded defaults. - -2005-12-26 23:09 aj - - * trunk/configure.in: use svn revision based version numbers. - -2005-12-26 18:50 aj - - * trunk/src/libopensc/pkcs15-tcos.c, - trunk/src/tools/netkey-tool.c: tcos update by peter koch, adds - interoperability with th darmstadt cards. - -2005-12-23 11:23 sth - - * trunk/etc/opensc.conf.in: Added default debug/log file locations - for Windows - -2005-12-23 10:15 sth - - * trunk/src/libopensc/log.c, trunk/src/pkcs11/pkcs11-global.c: - Referted the 'Fireofox 1.5' fix in log.c and replaced it by - letting a blocking C_WaitForSlotEvent() return - CKR_FUNCTION_NOT_SUPPORTED. This isn't a solution for the - multihread problems (things hang or try to log to a released - context) but at least it solves the Ff 1.5 problems - -2005-12-22 15:54 nils - - * trunk/src/libopensc/card-flex.c: use correct apdu case and set - Le value - -2005-12-21 21:19 nils - - * trunk/src/tests/p15dump.c: suppress errors when EF(unusedSpace) - is missing - -2005-12-18 07:54 sth - - * trunk/src/pkcs15init/pkcs15.profile: Belongs to the rev. 2769 - patch for adding EF(UnusedSpace) support - -2005-12-17 21:52 nils - - * trunk/src/libopensc/pkcs15.c: remove unused variables - -2005-12-17 20:54 nils - - * trunk/src/pkcs15init/pkcs15-lib.c: fix key usage flags and - ensure that we are in the correct lifecycle - -2005-12-17 19:53 sth - - * trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/profile.c, trunk/src/tests/p15dump.c: Add - support for reading and writing from/to an EF(UnusedSpace) file; - this functionality can be used for deleting and creating pkcs15 - objects (that reside in a file) - -2005-12-16 20:52 nils - - * trunk/src/tools/cardos-info.c: add cardos m4.2 and print the - startkey version in hex - -2005-12-14 10:59 aj - - * trunk/src/tools/Makefile.am: pkcs15-tool needs openssl_libs - also, if it is available. only older gcc versions found this - problem, it seems. - -2005-12-12 20:38 nils - - * trunk/src/libopensc/card-gpk.c, - trunk/src/libopensc/card-starcos.c: fix APDU case - -2005-12-08 20:25 sth - - * trunk/src/libopensc/log.c, trunk/src/pkcs11/pkcs11-global.c: Fix - for ticket #45: Firefox 1.5 and new Mozilla's crash when they - are closed because there's a blocking C_WaitForSlotEvent() - called from another thread then the 'main' thread that calls - C_Finalize(); and this cause C_WaitForSlotEvent() to log to a - NULL context -> assertion failure. - -2005-12-08 09:05 ludovic.rousseau - - * trunk/src/libopensc/card-setcos.c: etcos_create_file_44(): use - sizeof(pins)/sizeof(pins[0]) instead of a constant (7) - -2005-12-05 22:09 aj - - * trunk/src/scconf/scconf.c: oops, parm points to the first char, - not to a pointer to the string. - -2005-12-05 22:07 aj - - * trunk/src/scconf/scconf.c: remove unused variable item in - scconf_put_str. remove unused variable ret in scconf_put_int. - from the readme: "if parm not NULL, then ... parm points to ..." - so we need to get the value of the location where it points to. - -2005-12-05 21:59 aj - - * trunk/src/pkcs15init/pkcs15-oberthur.c: free pub_buff in error - path. removed unused pubfile variable and dead code. check - prvfile != NULL. - -2005-12-05 21:58 aj - - * trunk/src/pkcs15init/pkcs15-cflex.c: check prkf != NULL. - -2005-12-05 21:57 aj - - * trunk/src/pkcs15init/pkcs15-lib.c: free profilke and pin_obj in - the error path. check res_obj and keybits/keyargs before - dereferencing. - -2005-12-05 21:55 aj - - * trunk/src/pkcs15init/profile.c: check p15card != NULL before - accessing it. in the error path free file if it was allocated. - -2005-12-05 21:53 aj - - * trunk/src/pkcs11/secretkey.c: no code change, only easier to - parse :) - -2005-12-05 21:52 aj - - * trunk/src/signer/opensc-crypto.c: also check that priv->p15card - is not NULL. - -2005-12-05 21:51 aj - - * trunk/src/libopensc/pkcs15-infocamere.c: for example if the card - was removed, select file on the main folder will fail. so I - think it is best to return the error. - -2005-12-05 21:50 aj - - * trunk/src/libopensc/pkcs15-postecert.c: even select_file can - fail (if card was removed etc.) so better check the error and - return the problem, right? - -2005-12-05 21:49 aj - - * trunk/src/libopensc/pkcs15-algo.c: fix typo on *paramp test. - check alg_info always, not only in some case. - -2005-12-05 21:48 aj - - * trunk/src/libopensc/pkcs15-syn.c: check scconf_find_blocks - returning NULL add a free(obj) to the error path. - -2005-12-05 21:43 aj - - * trunk/src/libopensc/card-oberthur.c: check file parameter. set - file=NULL after freeing it to avoid potential double free. check - key_file parameter before dereferencing it. check card first, - then derefence it. - -2005-12-05 21:41 aj - - * trunk/src/libopensc/card-setcos.c: sizeof(int[7]) is 28. I think - bCommands_pin should have 7 elements, too. - -2005-12-05 21:39 aj - - * trunk/src/libopensc/card-openpgp.c: remove unneeded if(1) block. - free temp in error paths. - * trunk/src/libopensc/card-belpic.c: check if scconf_find_blocks - returned NULL - -2005-12-05 21:38 aj - - * trunk/src/libopensc/reader-ctapi.c: check if scconf_find_blocks - returned NULL - -2005-12-05 21:37 aj - - * trunk/src/libopensc/pkcs15.c: check if scconf_find_blocks - returned NULL. - * trunk/src/libopensc/iso7816.c: add proper free to error path. - -2005-12-05 21:36 aj - - * trunk/src/libopensc/sc.c: simply code / remove dead code. - * trunk/src/libopensc/card.c: check if scconf_find_blocks returns - NULL; - -2005-12-05 21:35 aj - - * trunk/src/libopensc/ctx.c: add paranoia: what if - scconf_find_bloicks returns NULL? - -2005-12-05 21:33 aj - - * trunk/src/libopensc/pkcs15-wrap.c: add paranoia: check all - arguments before dereferencing them to prevent segfaults. - * trunk/src/libopensc/dir.c: free allocated variable in error - path. set rec=NULL after freeing it to prevent double free'ing. - -2005-12-05 21:31 aj - - * trunk/src/tools/cryptoflex-tool.c: free buf if pin was entered - incorrectly. check if file is not NULL (out of memory). free - file, if something goes wrong. free pin/puk once no longer - needed. - -2005-12-05 21:29 aj - - * trunk/src/tools/pkcs15-init.c: make code easier by removing - match variable. check if cert was returned != NULL. free cert if - there is some error. set variables to NULL after being freed, to - avoid potential double free bugs. - -2005-12-05 21:27 aj - - * trunk/src/tools/opensc-explorer.c: proper cleanup: close files - if something goes wrong. - * trunk/src/tools/pkcs15-tool.c: check publickey variable before - de-referencing. change newpin to NULL so it can't get free'd - twice. allocate buf from heap, not stack (quite large). - -2005-12-05 21:25 aj - - * trunk/src/tools/pkcs11-tool.c: #if out the dead code. remove - some dead code in the hexdump code. - -2005-12-05 21:22 aj - - * trunk/src/scconf/test-conf.c: does not work, will segfault. also - no need to assign foo_item all the time, scconf_item_add returns - the item parameter, so it does not change. - -2005-12-05 21:21 aj - - * trunk/src/scconf/parse.c: add a few sanity checks. - -2005-12-04 23:23 nils - - * trunk/src/pkcs11/framework-pkcs15.c: fix problem with - uninitialized pointer; this patch resolves opensc ticket #61 - -2005-12-02 22:24 nils - - * trunk/src/libopensc/card-incrypto34.c, - trunk/src/pkcs15init/pkcs15-incrypto34.c: fix pkcs15 - initialization + fix DIRECTORY command; patch supplied by - Giuseppe AMATO - -2005-12-01 22:18 aj - - * trunk/src/libopensc/card-flex.c: fix for the combination of - cryptoflex, 2048bit keys and some smart card readers by - Jean-Pierre Szikora - -2005-11-29 20:56 nils - - * trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-tool.c: - use sc_print_path - -2005-11-28 23:07 nils - - * trunk/src/tests/print.c: use sc_print_path - -2005-11-26 10:03 nils - - * trunk/src/libopensc/card-atrust-acos.c, - trunk/src/libopensc/card-starcos.c: remove senseless and - inconsistent checks + cleanup - -2005-11-25 19:11 nils - - * trunk/src/libopensc/reader-pcsc.c: use unsigned int instead of - uint16_t - -2005-11-20 21:53 nils - - * trunk/src/libopensc/card-starcos.c: remove disabled code, - request FCI only if a file object has been specified - -2005-11-17 10:23 nils - - * trunk/src/libopensc/opensc.h: fix ac for file deletion - -2005-11-01 22:34 aj - - * trunk/src/tools/cardos-info.c: add more cardos versions. - -2005-11-01 08:31 nils - - * trunk/src/tests/regression/init0005: use 1024 bit keys for - testing to avoid problems with starcos tokens - -2005-10-31 19:31 sth - - * trunk/src/tools/pkcs15-init.c: Let --assert-pristine work for - Setcos 4.4 cards - -2005-10-31 18:44 nils - - * trunk/src/libopensc/card.c, trunk/src/libopensc/iso7816.c, - trunk/src/libopensc/opensc.h: fix GET RESPONSE handling - -2005-10-30 21:44 nils - - * trunk/src/pkcs11/slot.c: use sc_ctx_get_reader - -2005-10-30 21:42 nils - - * trunk/src/libopensc/pkcs15-actalis.c, - trunk/src/libopensc/pkcs15-infocamere.c, - trunk/src/libopensc/pkcs15-postecert.c, - trunk/src/libopensc/pkcs15-syn.c, trunk/src/libopensc/pkcs15.h: - remove deprecated pkcs15 emulation api. Add temporary wrappers - for the new functions in some pkcs15 emulation drivers. - -2005-10-30 21:17 nils - - * trunk/src/libopensc/card.c: fix warning - -2005-10-30 20:37 nils - - * trunk/src/libopensc/card.c, trunk/src/libopensc/iso7816.c, - trunk/src/libopensc/opensc.h: summary: - improve support for - extended APDUs - add experimental support for command chaining - - simplify get_response prototype - -2005-10-30 19:55 nils - - * trunk/src/libopensc/pkcs15-syn.c, trunk/src/libopensc/pkcs15.h: - add pkcs15 emu function for data objects - -2005-10-30 19:08 nils - - * trunk/src/libopensc/card-atrust-acos.c, - trunk/src/libopensc/card-etoken.c, - trunk/src/libopensc/card-gpk.c, - trunk/src/libopensc/card-incrypto34.c, - trunk/src/libopensc/card-jcop.c, - trunk/src/libopensc/card-mcrd.c, - trunk/src/libopensc/card-openpgp.c, - trunk/src/libopensc/card-setcos.c, - trunk/src/libopensc/card-starcos.c, trunk/src/libopensc/ctx.c, - trunk/src/libopensc/dir.c, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/pkcs15-atrust-acos.c, - trunk/src/libopensc/pkcs15-gemsafe.c, - trunk/src/libopensc/pkcs15-infocamere.c, - trunk/src/libopensc/pkcs15-starcert.c, - trunk/src/libopensc/pkcs15-tcos.c, trunk/src/libopensc/pkcs15.c, - trunk/src/pkcs11/framework-pkcs15init.c, - trunk/src/pkcs15init/pkcs15-cflex.c, - trunk/src/pkcs15init/pkcs15-gpk.c, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/pkcs15-oberthur.c, - trunk/src/pkcs15init/pkcs15-setcos.c, - trunk/src/pkcs15init/pkcs15-starcos.c, - trunk/src/tools/cryptoflex-tool.c, - trunk/src/tools/pkcs15-init.c: add functions void - sc_ctx_suppress_errors_on(sc_context_t *ctx); void - sc_ctx_suppress_errors_off(sc_context_t *ctx); to turn on/off - error suppression (to avoid accessing sc_context_t directly) and - use it. - -2005-10-30 18:05 nils - - * trunk/src/libopensc/internal.h, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/sc.c, trunk/src/tools/pkcs11-tool.c, - trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-tool.c, - trunk/src/tools/util.c, trunk/src/tools/util.h: summary: - add - new function sc_format_oid to libopensc - cleanup libopensc api - -2005-10-29 21:17 martin - - * trunk/src/libopensc/reader-pcsc.c: Update pcsc pinpad code to - latest pcsc-lite code, limit to pcsc-lite only. Verify works - fine, modify needs some debugging-testing. - -2005-10-28 18:10 nils - - * trunk/src/libopensc/pkcs15-infocamere.c: update from Sirio - Capizzi - -2005-10-27 21:39 martin - - * trunk/src/libopensc/card-etoken.c: This works better. - -2005-10-27 20:16 nils - - * trunk/src/libopensc/card-etoken.c: add another cardos ATR, - supplied by graaf@virgilio.it - -2005-10-24 22:00 aj - - * trunk/CodingStyle, trunk/INSTALL, trunk/Makefile.am, trunk/NEWS, - trunk/README: remove outdated files, improve documentation - slightly. - -2005-10-24 21:58 nils - - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/Makefile.mak, - trunk/src/libopensc/card-incrypto34.c, - trunk/src/libopensc/cardctl.h, trunk/src/libopensc/cards.h, - trunk/src/libopensc/ctx.c, trunk/src/libopensc/log.h, - trunk/src/libopensc/opensc.h, trunk/src/pkcs15init/Makefile.am, - trunk/src/pkcs15init/Makefile.mak, - trunk/src/pkcs15init/incrypto34.profile, - trunk/src/pkcs15init/pkcs15-incrypto34.c, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c: add support for the Italian - Incrypto34 smartcard; patch supplied by Giuseppe AMATO - - -2005-10-24 21:18 aj - - * trunk/man/Makefile.am: fix man page installation. - -2005-10-24 15:19 martin - - * trunk/etc/opensc.conf.in: More comments on default config options - -2005-10-21 20:12 aj - - * trunk/configure.in: not compatible with 0.9.*. increse library - major revision. - -2005-10-21 19:40 nils - - * trunk/src/tools/pkcs11-tool.c: fix typo - -2005-10-21 17:34 aj - - * trunk/NEWS, trunk/doc/old/doxygen.conf, - trunk/src/include/winconfig.h, trunk/win32/version.rc: prepare - 0.10.0 release. - -2005-10-20 12:55 aj - - * trunk/Makefile.am, trunk/QUICKSTART, trunk/README: remove - QUICKSTART (outdated and replaced by wiki documentation - "QuickStart") and add README pointing people to our wiki / html - documentation. - -2005-10-17 08:00 aj - - * trunk/src/libopensc/card-tcos.c: update by Peter Koch. still one - problem left in pkcs11-tool, but lots of improvements. - -2005-10-15 14:53 martin - - * trunk/etc/opensc.conf.in: Comment config file lines that have - default values. - -2005-10-13 11:19 sth - - * trunk/src/tools/pkcs11-tool.c: Compiler warning fix: use 'char * - argv[]' in main() because getopt_long() does so too - -2005-10-12 17:52 nils - - * trunk/src/libopensc/card-setcos.c: bugfix for a potential - segfault in card-setcos.c when the acl "pointer" is one of the - special values 1,2,3 Patch supplied by Jakub Bogusz - - -2005-10-12 13:37 ludovic.rousseau - - * trunk/man/Makefile.am: use *.[1-7] instead of *.1 *.3 *.5 *.7 to - avoid the (harmless) error "ls: *.7: No such file or directory" - -2005-10-11 20:57 aj - - * trunk/src/tools/pkcs11-tool.c, trunk/src/tools/util.h: fix - compiling on solaris9. Thanks to Douglas E. Engert - -2005-10-10 19:24 aj - - * trunk/etc/opensc.conf.in: masquerading is no longer needed on - windows or mac os X and never was on linux. - -2005-10-10 08:07 aj - - * trunk/doc/tools/netkey-tool.xml: fix typo. - -2005-10-09 22:15 nils - - * trunk/src/libopensc/sc.c: fix build with openssl 0.9.8: move - "#include up and remove unnecessary include - for asn1.h - -2005-10-09 12:00 nils - - * trunk/src/libopensc/card.c: fix typo - -2005-10-08 11:08 nils - - * trunk/src/libopensc/dir.c, trunk/src/libopensc/pkcs15.c: - suppress errors in pkcs15 card detection if we don't know - whether we really have a pkcs15 card - -2005-10-07 20:04 nils - - * trunk/src/libopensc/pkcs15-infocamere.c: set the ca certificate - only if it's really present - -2005-10-07 19:58 nils - - * trunk/src/tools/pkcs15-tool.c: print lastUpdate field as well - -2005-10-07 11:40 martin - - * trunk/configure.in: define HAVE_PCSC on darwin with native pcsc - -2005-10-07 07:06 aj - - * trunk/src/tools/pkcs15-tool.c: add a few details about the card, - also by Antonio Iacono. - -2005-10-06 19:30 aj - - * trunk/src/tools/pkcs15-tool.c: add --dump option, thanks to - antonio - -2005-10-06 18:23 aj - - * trunk/etc/opensc.conf.in: enable masquerading by default for - pcsc. - -2005-10-06 10:28 martin - - * trunk/configure.in: Fix the #define in pcsc probing, move - pkg-config code before the darwin-specific code so that if a - pkg-config enabled pcsc is installed you can simply use - PKG_CONFIG_PATH to detect it. - -2005-10-06 06:57 aj - - * trunk/configure.in, trunk/src/libopensc/reader-pcsc.c: Better - name, as suggested by Ludovic. - -2005-10-05 15:25 aj - - * trunk/configure.in, trunk/src/libopensc/reader-pcsc.c: __APPLE__ - does not need special handly. Only the broken pcsc-lite shipped - in mac os X does, so use define set by configure on mac os X, if - the default pcsc is used, but not if a self compiled is used. - teach configure new getopt source file names. - -2005-10-05 15:23 aj - - * trunk/src/common/ChangeLog, trunk/src/common/LICENSE, - trunk/src/common/Makefile.am, trunk/src/common/Makefile.mak, - trunk/src/common/README, trunk/src/common/getopt.3, - trunk/src/common/getopt.c, trunk/src/common/getopt.h, - trunk/src/common/getopt.txt, trunk/src/common/getopt1.c, - trunk/src/common/getopt_int.h, trunk/src/common/main.c, - trunk/src/common/my_getopt.c, trunk/src/common/my_getopt.h: - replace GNU/glibc getopt (LGPL) with my_getopt (BSD). - -2005-10-01 18:51 sth - - * trunk/src/pkcs11/framework-pkcs15.c: Do an sc_lock() before an - sc_pkcs15init_bind(). Reason: in sc_pkcs15init_bind() an - sc_lock() and sc_unlock() is done; and when the lock_login - config option is set to false, the sc_unlock() will call - logout() which for some cards means a SELECT(3F00) -> unwanted - change of the current EF/DF causing errors - -2005-09-30 17:44 aj - - * trunk/src/pkcs11/pkcs11.h: reomve unneeded ifdefs. - -2005-09-30 11:17 sth - - * trunk/src/pkcs11/pkcs11.h: Removed the bundle on Mac - -2005-09-30 06:35 aj - - * trunk/src/libopensc/errors.c: "Unsupported" might be easier to - understand. - -2005-09-28 14:52 sth - - * trunk/src/tools/pkcs15-init.c: Fix: deleting a cert chain with 1 - or more intermediate CA's crashed - -2005-09-27 17:22 nils - - * trunk/src/tools/pkcs11-tool.c: add option to specify the key - length - -2005-09-24 17:45 aj - - * trunk/src/libopensc/card-tcos.c: new tcos atr provided by Gerald - Richter. - -2005-09-23 15:47 aj - - * trunk/src/common/Makefile.am, trunk/src/common/getopt.c, - trunk/src/common/getopt.h, trunk/src/common/getopt1.c, - trunk/src/common/getopt_int.h: replace gpl'ed and old version - with new lgpl'ed version from glibc. - -2005-09-23 15:46 aj - - * trunk/doc/Makefile.am: proper reference to src dir. - -2005-09-23 15:45 aj - - * trunk/aclocal/Makefile.am: list all current macro packages. - -2005-09-22 14:53 aj - - * trunk/doc/old/Makefile.am, trunk/doc/old/init_perso_guide.html, - trunk/doc/old/init_perso_guide.txt: add init perso guide by Nils. - -2005-09-22 14:51 aj - - * trunk/src/libp11, trunk/src/scdl, trunk/src/sslengines: scdl is - replaced by ltdl, libp11 and sslengines are not standalone. - -2005-09-22 13:15 aj - - * trunk/src/pkcs11/rsaref/Makefile.am, - trunk/src/pkcs11/rsaref/README: Document cryptoki header files. - -2005-09-22 12:45 sth - - * trunk/src/pkcs15init/pkcs15-lib.c: No SC_AC_OP_DELETE for EFs - -2005-09-22 08:50 martin - - * trunk/configure.in: Also remove the bundle stuff from configure - -2005-09-21 20:18 aj - - * trunk/src/pkcs11/Makefile.mak: scconf no longer needed for - pkcs#11 spy. - -2005-09-21 20:17 aj - - * trunk/src/pkcs11/Makefile.am: do not install bundles on mac os - X. no reason to. - -2005-09-21 18:55 bert - - * trunk/doc/tools/netkey-tool.xml, trunk/doc/tools/tools.xml: - Added Peter Koch's netkey-tool manpage - -2005-09-21 12:52 martin - - * trunk/Makefile.am, trunk/configure.in, - trunk/src/pkcs11/Makefile.mak: Fix makefiles - -2005-09-21 10:10 martin - - * trunk/win32/Make.rules.mak: It actually helps to have make clean - on windows too - -2005-09-21 10:09 martin - - * trunk/macos: don't know what it was for but it's not needed now. - -2005-09-20 22:22 nils - - * trunk/src/libopensc/card.c: fix TPDU if T0 is used - -2005-09-20 07:32 aj - - * trunk/aclocal/libtool.m4: adding libtool.m4 was a bad idea and - causes problems. undo. - -2005-09-19 16:37 nils - - * trunk/src/tools/pkcs15-init.c: remove unused variable - -2005-09-19 08:09 ludovic.rousseau - - * trunk/src/libopensc/ui.c: use_color(): add "rxvt-unicode" to the - list of terminals supporting colors - -2005-09-18 20:29 aj - - * trunk/src/libopensc/card.c: undo change 2397 as it breaks openct - and you can use apd_masquerade = case4as3 instead. - -2005-09-18 12:33 aj - - * trunk/etc/opensc.conf.in, trunk/src/libopensc/reader-openct.c: - make openct readers configureable. - -2005-09-18 11:00 aj - - * trunk/etc/opensc.conf.in, trunk/src/pkcs11/Makefile.am, - trunk/src/pkcs11/pkcs11-spy.c: pkcs11-spy no longer uses a - config file. - -2005-09-17 10:44 nils - - * trunk/src/libopensc/card-gpk.c, - trunk/src/libopensc/card-oberthur.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/ctx.c, trunk/src/libopensc/iso7816.c, - trunk/src/libopensc/opensc.h, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15-pubkey.c, - trunk/src/libopensc/pkcs15-sec.c, - trunk/src/libopensc/reader-openct.c, trunk/src/libopensc/sc.c, - trunk/src/libopensc/ui.c, trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs15init/keycache.c: add a new function void - sc_mem_clear(void *ptr, size_t len); to clear a memory buffer. - If OpenSSL is used this function is a wrapper for - OPENSSL_cleanse, otherwise memset is currenlty used. Use this - function to clear memory buffers with sensitive content. - -2005-09-17 09:40 nils - - * trunk/src/libopensc/reader-ctapi.c, - trunk/src/libopensc/reader-pcsc.c, - trunk/src/signer/opensc-support.c: use calloc instead of malloc - + memset - -2005-09-17 08:53 nils - - * trunk/src/libopensc/card-belpic.c: remove useless memset - -2005-09-17 08:20 nils - - * trunk/src/libopensc/iso7816.c: don't use static buffer in - iso7816_build_pin_apdu - -2005-09-17 08:04 nils - - * trunk/src/libopensc/pkcs15-infocamere.c: fix warning - -2005-09-16 20:31 nils - - * trunk/src/libopensc/ctx.c, trunk/src/libopensc/pkcs15-syn.c, - trunk/src/libopensc/reader-ctapi.c, trunk/src/libopensc/ui.c, - trunk/src/pkcs15init/pkcs15-lib.c: log dlerror message when - dlopen failed - -2005-09-16 10:18 nils - - * trunk/src/libopensc/ctx.c, trunk/src/libopensc/opensc.h, - trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/slot.c: add - two new functions sc_reader_t *sc_ctx_get_reader(sc_context_t - *ctx, unsigned int i); unsigned int - sc_ctx_get_reader_count(sc_context_t *ctx); to access the - reader_count and the sc_reader objects (to avoid accessing the - sc_context members directly). Use these functions in src/pkcs11 - + error checking to avoid accessing invalid sc_reader objects. - -2005-09-16 08:55 nils - - * trunk/etc/opensc.conf.in, trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/Makefile.mak, - trunk/src/libopensc/pkcs15-syn.c, - trunk/src/libopensc/pkcs15-tccardos.c: add pkcs15 emulation - support for a cardos based id card issued by tc trustcenter - -2005-09-15 19:40 sth - - * trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/tools/pkcs15-init.c: Added certificate update - functionality - -2005-09-15 05:55 sth - - * trunk/INSTALL, trunk/src/libopensc/Makefile.mak, - trunk/src/pkcs11/Makefile.mak, - trunk/src/pkcs15init/Makefile.mak, trunk/win32/Make.rules.mak: - Win32: we now need the external libtool package - -2005-09-15 05:41 sth - - * trunk/src/libopensc/ctx.c: Fix warning on Windows compiler - -2005-09-14 09:50 ludovic.rousseau - - * trunk/doc/export-wiki.sh: use -nv instead of --non-verbose since - wget 1.10 now uses --no-verbose instead. Grr! - -2005-09-13 10:46 aj - - * trunk/doc/Makefile.am: fix ChangeLog generation. - -2005-09-13 09:42 aj - - * trunk/doc/Makefile.am: generate and ship ChangeLog and HTML. - -2005-09-13 08:13 sth - - * trunk/src/pkcs15init/Makefile.am: Added setcos.profile (thx JP - Szikora) - -2005-09-12 21:16 aj - - * trunk/doc/changelog.sh, trunk/doc/export-wiki.sh, - trunk/doc/generate-man.sh: disable network connections by - xsltproc. - -2005-09-12 21:09 nils - - * trunk/src/libopensc/asn1.c, trunk/src/libopensc/card-setcos.c, - trunk/src/libopensc/pkcs15-actalis.c, - trunk/src/libopensc/pkcs15-atrust-acos.c, - trunk/src/libopensc/pkcs15-gemsafe.c, - trunk/src/libopensc/pkcs15-infocamere.c, - trunk/src/libopensc/reader-pcsc.c: fix compiler warnings - -2005-09-12 20:13 aj - - * trunk/doc/Makefile.am, trunk/doc/changelog.sh, - trunk/doc/generate-man.sh, trunk/doc/svn2cl.xsl: more makefile - fixes for man page stuff. add ChangeLog generation using svn2cl. - -2005-09-12 17:34 aj - - * trunk/doc/Makefile.am, trunk/doc/generate-man.sh: remove html - files on "make maintainer-clean". - -2005-09-12 17:32 aj - - * trunk/man/Makefile.am: remove man files on "make - maintainer-clean". - * trunk/doc/tools/pkcs15-profile.xml, - trunk/doc/tools/pkcs15-profile.xml.in: rename *.xml.in to *.xml. - -2005-09-12 17:12 aj - - * trunk/man/Makefile.am: simplified make. - * trunk/configure.in, trunk/doc/Makefile.am, - trunk/doc/generate-man.sh, trunk/doc/src: remove doc/src, add - replacement script to render these files. - -2005-09-12 17:07 aj - - * trunk/doc/api, trunk/doc/src/api, trunk/doc/src/tools, - trunk/doc/tools: remove one unneeded sublevel. - * trunk/configure.in: don't touch pkcs15-profile.5.in. - -2005-09-12 17:06 aj - - * trunk/man/cardos-info.1, trunk/man/cryptoflex-tool.1, - trunk/man/netkey-tool.1, trunk/man/old, - trunk/man/old/cardos-info.1, trunk/man/old/cryptoflex-tool.1, - trunk/man/old/netkey-tool.1, trunk/man/old/opensc-config.1, - trunk/man/old/opensc-explorer.1, trunk/man/old/opensc-tool.1, - trunk/man/old/opensc.7, trunk/man/old/pkcs11-tool.1, - trunk/man/old/pkcs15-crypt.1, trunk/man/old/pkcs15-init.1, - trunk/man/old/pkcs15-profile.5.in, trunk/man/old/pkcs15-tool.1, - trunk/man/old/pkcs15.7, trunk/man/old/sc_connect_card.3, - trunk/man/old/sc_detect_card_presence.3, - trunk/man/old/sc_disconnect_card.3, - trunk/man/old/sc_establish_context.3, trunk/man/old/sc_file.3, - trunk/man/old/sc_file_free.3, trunk/man/old/sc_file_new.3, - trunk/man/old/sc_list_files.3, trunk/man/old/sc_lock.3, - trunk/man/old/sc_pkcs15_compute_signature.3, - trunk/man/old/sc_read_binary.3, trunk/man/old/sc_read_record.3, - trunk/man/old/sc_release_context.3, - trunk/man/old/sc_select_file.3, trunk/man/opensc-config.1, - trunk/man/opensc-explorer.1, trunk/man/opensc-tool.1, - trunk/man/opensc.7, trunk/man/pkcs11-tool.1, - trunk/man/pkcs15-crypt.1, trunk/man/pkcs15-init.1, - trunk/man/pkcs15-profile.5.in, trunk/man/pkcs15-tool.1, - trunk/man/pkcs15.7, trunk/man/sc_connect_card.3, - trunk/man/sc_detect_card_presence.3, - trunk/man/sc_disconnect_card.3, - trunk/man/sc_establish_context.3, trunk/man/sc_file.3, - trunk/man/sc_file_free.3, trunk/man/sc_file_new.3, - trunk/man/sc_list_files.3, trunk/man/sc_lock.3, - trunk/man/sc_pkcs15_compute_signature.3, - trunk/man/sc_read_binary.3, trunk/man/sc_read_record.3, - trunk/man/sc_release_context.3, trunk/man/sc_select_file.3: move - old manpages to old/. - -2005-09-12 08:32 nils - - * trunk/etc/opensc.conf.in: add gemsafe as well - -2005-09-12 06:42 nils - - * trunk/etc/opensc.conf.in: tcos not netkey - -2005-09-11 21:06 nils - - * trunk/src/libopensc/cards.h: remove superfluous comma - -2005-09-11 21:05 nils - - * trunk/src/libopensc/ui.c: more pointer madness to make the - compiler happy - -2005-09-11 20:40 nils - - * trunk/src/libopensc/ctx.c: fix function pointers - -2005-09-11 19:57 sth - - * trunk/src/pkcs11/pkcs11-spy.c: Typo fix - -2005-09-11 19:49 aj - - * trunk/configure.in: set assuan status for the summary at the end. - * trunk/ChangeLog: "NEWS" is the file for manual editing, and - doc/ChangeLog will be auto generated from the svn repository / - log. - -2005-09-11 19:48 aj - - * trunk/ANNOUNCE, trunk/AUTHORS, trunk/Makefile.am, trunk/README: - AUTHORS: now in the wiki. README: now in the wiki. people will - find the "doc/" directory, I'm sure. remove ANNONCE, as it is - always outdated. - -2005-09-09 19:51 nils - - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/Makefile.mak, - trunk/src/libopensc/pkcs15-netkey.c, - trunk/src/libopensc/pkcs15-syn.c, - trunk/src/libopensc/pkcs15-tcos.c: pkcs15-netkey.c -> - pkcs15-tcos.c - -2005-09-09 19:30 nils - - * trunk/src/libopensc/pkcs15-netkey.c: update tcos pkcs15 - emulation drivers; patch supplied by Peter Koch - - -2005-09-09 14:43 aj - - * trunk/src/Makefile.mak, trunk/src/libp11/Makefile.mak, - trunk/src/pkcs11/Makefile.mak, trunk/src/tools/Makefile.mak, - trunk/win32/Make.rules.mak: use ltdl not scdl. - -2005-09-09 12:45 aj - - * trunk/configure.in: add autoconf voodoo to circumvent the - caching. - -2005-09-09 12:32 aj - - * trunk/configure.in: oops, ugly bug in configure script. set - those variables, if the user did *NOT* supply any of them - himself. - -2005-09-09 11:32 martin - - * trunk/configure.in: No ENGINE_MSG in configure.in - -2005-09-09 11:31 martin - - * trunk/etc/opensc.conf.in: RIP, scam - -2005-09-09 07:15 nils - - * trunk/src/pkcs15init/pkcs15-starcos.c: select file even if no - acl for writting is set; patch supplied by Tarasov Viktor - - -2005-09-08 17:21 aj - - * trunk/src/libopensc/Makefile.am, trunk/src/pkcs11/Makefile.am, - trunk/src/tests/Makefile.am, trunk/src/tools/Makefile.am: we use - libtool for linking, so it can calucalte the dependencies using - LTLIBLTDL better. Thanks to Ralf Wildenhues. - -2005-09-08 17:15 aj - - * trunk/src/libopensc/Makefile.am, trunk/src/pkcs11/Makefile.am, - trunk/src/pkcs15init/Makefile.am, trunk/src/scconf/Makefile.am, - trunk/src/signer/Makefile.am, trunk/src/tests/Makefile.am, - trunk/src/tools/Makefile.am: AC_SUBSTed variables are better - used with $(..). Thanks to Ralf Wildenhues. - -2005-09-08 17:06 aj - - * trunk/configure.in: fix AC_MSG_ERROR usage. thanks to Ralf - Wildenhues. - -2005-09-08 16:52 aj - - * trunk/Makefile.am, trunk/bootstrap: aclocal -I aclocal/ (as - suggested by Ralf Wildenhues) - -2005-09-08 14:27 aj - - * trunk/configure.in: proper use of CFLAGS push/pop. fix - overwriting CFLAGS. - -2005-09-08 11:35 martin - - * trunk/etc/opensc.conf.in, trunk/src/libopensc/card-mcrd.c, - trunk/src/libopensc/reader-pcsc.c, - trunk/src/pkcs11/Makefile.mak: * Get rid of reset card error - that comes from pcsc only and deal with reset situations with - SCardReconnect * Add some options to control pcsc behavior. - -2005-09-07 20:05 nils - - * trunk/src/pkcs11/Makefile.am, trunk/src/pkcs11/pkcs11-spy.c: - remove dependence on libopensc, instead use scconf directly. - Note: this code is still experimental ! - -2005-09-07 09:34 nils - - * trunk/src/pkcs11/pkcs11-session.c: fix warning - -2005-09-07 09:32 nils - - * trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs15init/pkcs15-cflex.c, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/tools/pkcs15-init.c: cleanup key usage handling, - cleanup - -2005-09-07 09:20 nils - - * trunk/src/tests/Makefile.am: we need libltdl - -2005-09-07 09:05 nils - - * trunk/configure.in: fix openssl configure message - -2005-09-07 08:47 nils - - * trunk/src/libopensc/card-jcop.c: let src/libopensc/ compile with - -Wall -W -Wno-unused-parameter -Werror - -2005-09-07 08:33 nils - - * trunk/src/libopensc/card-atrust-acos.c, - trunk/src/libopensc/card-belpic.c, - trunk/src/libopensc/card-default.c, - trunk/src/libopensc/card-emv.c, - trunk/src/libopensc/card-etoken.c, - trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c, - trunk/src/libopensc/card-mcrd.c, - trunk/src/libopensc/card-miocos.c, - trunk/src/libopensc/card-oberthur.c, - trunk/src/libopensc/card-openpgp.c, - trunk/src/libopensc/card-setcos.c, - trunk/src/libopensc/card-starcos.c, - trunk/src/libopensc/card-tcos.c, - trunk/src/libopensc/reader-ctapi.c, - trunk/src/libopensc/reader-pcsc.c: let src/libopensc/ compile - with -Wall -W -Wno-unused-parameter -Werror - -2005-09-06 21:18 nils - - * trunk/src/tools/pkcs15-init.c: adjust key usage bits - -2005-09-06 20:22 aj - - * trunk/src/pkcs11/Makefile.am: users of libpcs11.c also need - @LIBLTDL@ libraries. - -2005-09-06 12:40 aj - - * trunk/man/pkcs15-init.1, trunk/man/pkcs15-profile.5.in, - trunk/man/pkcs15.7: man page fixes from the debian diff. - -2005-09-05 20:44 aj - - * trunk/src/libopensc/Makefile.am, trunk/src/tools/Makefile.am: - fix compiling with ltdl. - -2005-09-05 20:15 aj - - * trunk/configure.in: fix openct detection. fix assuan detection. - improve libltdl detection code. - * trunk/aclocal/lib-ld.m4, trunk/aclocal/lib-link.m4, - trunk/aclocal/lib-prefix.m4: add macro packages used by opensc. - -2005-09-05 20:13 aj - - * trunk/aclocal/libassuan.m4, trunk/aclocal/libtool.m4: add - additional m4 macro packages used by opensc. - -2005-09-05 17:05 nils - - * trunk/src/pkcs11/libpkcs11.c: we need lt_dlinit() - -2005-09-05 11:29 martin - - * trunk/src/libopensc/reader-pcsc.c: Include reader.h if found. - -2005-09-05 06:44 ludovic.rousseau - - * trunk/doc/export-wiki.sh: make export-wiki.sh executable - -2005-09-04 09:23 nils - - * trunk/src/libopensc/card-setcos.c: yet another atr + cleanup - -2005-09-04 08:57 nils - - * trunk/src/libopensc/asn1.c, trunk/src/libopensc/internal.h: - remove unused internal function - -2005-09-02 16:53 aj - - * trunk/Makefile.am, trunk/doc/Makefile.am: one more change to - "make dist" style documentation generation. - -2005-09-02 09:51 aj - - * trunk/Makefile.am: "doc" does not work well, it is the - subdirectory name. - -2005-09-02 09:29 aj - - * trunk/Makefile.am: dist-hook: is too late, need to generate the - documentation before automake "make dist" copied files around. - -2005-09-01 20:51 aj - - * trunk/src/pkcs15init/Makefile.am, trunk/src/tools/Makefile.am: - fix compiling with openssl installed in a non-standard location. - -2005-09-01 17:18 aj - - * trunk/doc/Makefile.am, trunk/doc/old/Makefile.am: proper - documentation cleanup. - -2005-09-01 14:01 aj - - * trunk/Makefile.am, trunk/bootstrap, trunk/configure.in, - trunk/src/Makefile.am, trunk/src/include/opensc/Makefile.am, - trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/Makefile.mak, trunk/src/libopensc/ctx.c, - trunk/src/libopensc/pkcs15-syn.c, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/reader-ctapi.c, trunk/src/libopensc/ui.c, - trunk/src/pkcs11/Makefile.am, trunk/src/pkcs11/Makefile.mak, - trunk/src/pkcs11/libpkcs11.c, trunk/src/pkcs15init/Makefile.mak, - trunk/src/pkcs15init/pkcs15-lib.c, trunk/src/signer/Makefile.am, - trunk/src/tools/Makefile.am: big configure update. use - pkg-config for openct, openssl, pcsc. do not compilke libp11. do - not compile sslengines. remove scdl. use libltdl instead. use - libassuan.m4 macro for m4 detection. - -2005-09-01 14:00 aj - - * trunk/doc/old/generate.sh, trunk/doc/trac.css: remove trac.css - from svn. add script to generate documentation (old one). - -2005-09-01 13:59 aj - - * trunk/doc/AladdinEtokenPro.html, trunk/doc/AutoVersions.html, - trunk/doc/BelgianEid.html, trunk/doc/CardOs.html, - trunk/doc/CardReaders_CTAPI.html, - trunk/doc/CardReaders_SPR532.html, - trunk/doc/CardsAndTokens.html, - trunk/doc/CompatibilityIssues.html, - trunk/doc/CompatiblityIssues.html, - trunk/doc/CryptoIdendityItsec.html, trunk/doc/Cryptoflex.html, - trunk/doc/Cyberflex.html, trunk/doc/DesignDiscussion.html, - trunk/doc/DesignDiscussion_UserInterface.html, - trunk/doc/EstonianEid.html, trunk/doc/FinnishEid.html, - trunk/doc/GemplusGpk.html, trunk/doc/GermanEid.html, - trunk/doc/ItalianEid.html, trunk/doc/ItalianPostecert.html, - trunk/doc/LinuxDistributions.html, trunk/doc/MacOsX.html, - trunk/doc/Makefile.am, trunk/doc/MartinBlog.html, - trunk/doc/MartinBlogMuscle.html, - trunk/doc/MartinBlogPlatform.html, trunk/doc/OpenPgp.html, - trunk/doc/OpenSsh.html, trunk/doc/OpensslEngines.html, - trunk/doc/PinpadReaders.html, trunk/doc/PuTTYcard.html, - trunk/doc/RainbowIkeyThree.html, - trunk/doc/RecentTestresults.html, trunk/doc/ReleaseHowto.html, - trunk/doc/ReplacingCertificates.html, trunk/doc/RoadMap.html, - trunk/doc/SchlumbergerEgate.html, - trunk/doc/SmartCardApplications.html, trunk/doc/SpanishEid.html, - trunk/doc/SubversionRepository.html, - trunk/doc/SupportedHardware.html, trunk/doc/SwedishEid.html, - trunk/doc/TaiwanEid.html, trunk/doc/TelseCos.html, - trunk/doc/TroubleShooting.html, trunk/doc/WindowsCsp.html, - trunk/doc/export-wiki.sh, trunk/doc/index.html, - trunk/doc/old/Makefile.am, trunk/doc/old/opensc-es.html, - trunk/doc/old/opensc.html, trunk/doc/pkcs11_keypair_gen.html: - big documentation update. remove html from svn. - -2005-08-29 20:48 sth - - * trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/pkcs15.profile, - trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h: - The lastUpdate field is in the EF(TokenInfo), not in the ODF - (thx Nils) - -2005-08-29 12:49 sth - - * trunk/src/pkcs11/pkcs11-display.c: Added Netscape/Mozilla - specific types etc. - -2005-08-28 20:18 aj - - * trunk/configure.in, trunk/src/Makefile.am, - trunk/src/Makefile.mak, trunk/win32/Make.rules.mak: stop - building libp11 and the ssl engines. - -2005-08-26 19:35 sth - - * trunk/src/pkcs15init/pkcs15-setcos.c: Fix in new_file(): if - there's already a key with such ID, take next one - -2005-08-26 19:33 sth - - * trunk/src/libopensc/card-setcos.c: Return the real pinref - -2005-08-24 16:18 nils - - * trunk/src/tools/eidenv.c: fix compiler warning - -2005-08-24 16:11 sth - - * trunk/src/pkcs15init/setcos.profile: Improved ACs - -2005-08-24 15:59 nils - - * trunk/src/tools/pkcs15-init.c: add missing include, removed - unused variable and initialize variable - -2005-08-24 15:54 nils - - * trunk/src/libopensc/pkcs15.c: decode preferredLanguage field if - present - -2005-08-24 14:25 ludovic.rousseau - - * trunk/src/libp11/libp11-int.h, trunk/src/libp11/libp11.h: move - PKCS11_open_session() from libp11-int.h to libp11.h - -2005-08-24 09:50 sth - - * trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/pkcs15.profile, - trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h: - Have the option not to update the ODF (the lastUpdate field), - this is usefull for cards that don't have an ODF that is - un-writable or too small - -2005-08-24 08:00 nils - - * trunk/src/libopensc/asn1.c: de-/encode printable strings as well - -2005-08-23 21:16 nils - - * trunk/src/libopensc/card-gpk.c: cleanup - -2005-08-23 09:01 sth - - * trunk/src/tools/pkcs15-init.c: Added set_userpin_ref() to link a - PIN value to a PIN ref for an existing user PIN - -2005-08-22 12:53 sth - - * trunk/ChangeLog: Add support for SetCOS 4.4.1 card. Add support - for deleting pkcs15 objects. - -2005-08-22 09:37 nils - - * trunk/src/pkcs15init/pkcs15-lib.c: mark card/profile as dirty - when an object has been deleted - * trunk/src/libopensc/cardctl.h: avoid warning - -2005-08-22 09:23 sth - - * trunk/src/tools/pkcs15-init.c: Added support for deleting pkcs15 - objects (if the pkcs15init card driver for that card supports it) - -2005-08-22 09:22 nils - - * trunk/src/libopensc/card.c, trunk/src/libopensc/internal.h: fix - parameter type - -2005-08-22 09:20 sth - - * trunk/src/pkcs15init/pkcs15-cflex.c, - trunk/src/pkcs15init/pkcs15-etoken.c, - trunk/src/pkcs15init/pkcs15-gpk.c, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-jcop.c, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/pkcs15-miocos.c, - trunk/src/pkcs15init/pkcs15-oberthur.c, - trunk/src/pkcs15init/pkcs15-setcos.c, - trunk/src/pkcs15init/pkcs15-starcos.c: Added support for - deleting pkcs15 objects, each card driver should implement its - delete_object() operation in order to support it - -2005-08-22 09:17 nils - - * trunk/src/libopensc/card-oberthur.c: add support for serial - number in card-oberthur.c; supplied by Tarasov Viktor - - -2005-08-22 09:15 nils - - * trunk/src/libopensc/reader-pcsc.c: add missing variable - -2005-08-21 18:44 martin - - * trunk/src/libopensc/card.c, trunk/src/libopensc/internal.h, - trunk/src/libopensc/reader-pcsc.c: Make the pcsc pinpad option - work. - -2005-08-21 18:39 martin - - * trunk/src/pkcs11/framework-pkcs15.c: Don't cache pins that - protect a userconsent slot. - -2005-08-20 13:39 nils - - * trunk/src/libopensc/iso7816.c: use compile time initialization - for the iso_ops structure - -2005-08-20 11:06 nils - - * trunk/src/libopensc/pkcs15-netkey.c: use non-repudiation flag - only for the signature key - -2005-08-19 17:56 nils - - * trunk/src/libopensc/card-jcop.c, trunk/src/libopensc/pkcs15.c, - trunk/src/pkcs15init/pkcs15-gpk.c, - trunk/src/pkcs15init/pkcs15-oberthur.c, - trunk/src/pkcs15init/profile.c: check result of sc_file_dup + - some cleanup - -2005-08-19 06:39 nils - - * trunk/src/libopensc/sc.c: sc_file_dup(): copy attributes as - well, use explicit assignement and check return values - -2005-08-18 22:43 nils - - * trunk/src/libopensc/sc.c: use calloc instead of malloc + memset - -2005-08-18 21:14 sth - - * trunk/src/pkcs15init/pkcs15-lib.c: Fix: object type contains not - only the class - -2005-08-18 14:01 sth - - * trunk/src/libopensc/card-belpic.c, - trunk/src/libopensc/pkcs15-sec.c: Undo-ing accidential commit of - card-belpic.c and pkcs15-sec.c - -2005-08-18 13:55 sth - - * trunk/src/libopensc/card-belpic.c, - trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c: - The lengths of the ASN.1 entries are used outside the if blocks - -> declare them outside the blocks - -2005-08-18 08:39 ludovic.rousseau - - * trunk/src/libp11/libp11.h: use _LIB11_H instead of _LIB11_INT_H - -2005-08-18 07:06 ludovic.rousseau - - * trunk/src/libp11/p11_load.c: PKCS11_CTX_unload(): do not call - ERR_free_strings() and ERR_remove_state() since OpenSSL strings - may be used by the application and we can't know - -2005-08-16 21:35 nils - - * trunk/src/libopensc/card-tcos.c: add support for signature - generation with a decryption key; patch supplied by Peter Koch - - -2005-08-16 12:10 nils - - * trunk/src/libp11/libp11.h: use ERR_LIB_USER instead of 42 - -2005-08-16 11:05 ludovic.rousseau - - * trunk/src/libp11/libp11.h, trunk/src/libp11/p11_err.c, - trunk/src/libp11/p11_slot.c: add PKCS11_change_pin() function - -2005-08-16 10:58 nils - - * trunk/src/sslengines/engine_pkcs11.c: summary: - do not use key - enumeration as a test of login status, as this will not work for - all PKCS#11 libraries - replace magic number used for PIN length - with a constant - add documentation for set_pin, as well as - testing for NULL input and checking for strdup failure - made - the global variable 'pin' static (TODO check if other global - variables can be declared static) - if a PIN is allocated, then - check for NULL - if a PIN is to be freed, then whiten the memory - first - if the token has a secure authentication path, then the - PIN shoud be NULL (as per PKCS#11 v2, p. 126) - replaced some - fprintf statements with 'fail' (TODO all fprintf calls should be - replaced with log functions) Patch supplied by Geoff Elgey - - -2005-08-14 22:33 nils - - * trunk/src/pkcs15init/pkcs15-cflex.c, - trunk/src/pkcs15init/pkcs15-etoken.c, - trunk/src/pkcs15init/pkcs15-gpk.c, - trunk/src/pkcs15init/pkcs15-jcop.c, - trunk/src/pkcs15init/pkcs15-miocos.c, - trunk/src/pkcs15init/pkcs15-oberthur.c, - trunk/src/pkcs15init/pkcs15-setcos.c, - trunk/src/pkcs15init/pkcs15-starcos.c: make old compilers happy - -2005-08-14 22:00 nils - - * trunk/src/libopensc/card-oberthur.c: fix typo - -2005-08-13 13:26 martin - - * trunk/etc/opensc.conf.in, trunk/src/libopensc/reader-pcsc.c: * - Clean up some whitespace * class2->part10 * Make pinpad - detection a configurable option - -2005-08-13 13:14 martin - - * trunk/configure.in: Add a check for reader.h - -2005-08-13 13:10 martin - - * trunk/Makefile.am, trunk/PAM_README, trunk/solaris/proto: * - Remove PAM_README as it is not valid any more * Remove dead - files from Solaris package script - -2005-08-13 13:04 martin - - * trunk/etc/opensc.conf.in, trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: - Remove the (stupid) use_pinpad option from pkcs15 structures - -2005-08-11 19:14 nils - - * trunk/src/libopensc/card-oberthur.c, - trunk/src/pkcs15init/oberthur.profile: two small fixes from - Tarasov Viktor - -2005-08-10 21:31 nils - - * trunk/src/pkcs15init/pkcs15-cflex.c, - trunk/src/pkcs15init/pkcs15-etoken.c, - trunk/src/pkcs15init/pkcs15-gpk.c, - trunk/src/pkcs15init/pkcs15-jcop.c, - trunk/src/pkcs15init/pkcs15-miocos.c, - trunk/src/pkcs15init/pkcs15-oberthur.c, - trunk/src/pkcs15init/pkcs15-starcos.c: initialize - sc_pkcs15init_operations at compile time - -2005-08-10 21:00 nils - - * trunk/src/libopensc/asn1.c: set obj to NULL to avoid double free - in case of an error - -2005-08-10 19:04 nils - - * trunk/configure.in, trunk/src/tools/pkcs15-tool.c: use - inttypes.h instead of stdint.h; disable read_ssh_key when no - uint32_t is available - -2005-08-10 18:20 nils - - * trunk/src/tools/pkcs15-init.c: initialize the oid object, patch - supplied by Tarasov Viktor - -2005-08-09 21:27 nils - - * trunk/src/pkcs11/debug.c, trunk/src/tools/pkcs15-tool.c: include - sys/types.h if stdint.h doesn't exist + fix typo - -2005-08-09 21:13 nils - - * trunk/configure.in: check for stdint.h and remove checks for pam - stuff - -2005-08-09 18:21 nils - - * trunk/src/tools/opensc-explorer.c: allow up to 64 byte long pins - -2005-08-09 11:51 ludovic.rousseau - - * trunk/src/libp11/libp11.h, trunk/src/libp11/p11_slot.c: - PKCS11_login(), PKCS11_init_token(), PKCS11_init_pin(): use - "const char *" instead of "char *" for pin arguments - -2005-08-09 11:48 ludovic.rousseau - - * trunk/src/libp11/p11_misc.c: pkcs11_strdup(): use "return NULL;" - instead of just "NULL;" - -2005-08-09 07:53 nils - - * trunk/src/libopensc/card-oberthur.c, - trunk/src/pkcs15init/pkcs15-oberthur.c: oberthur updates from - Tarasov Viktor - -2005-08-08 14:25 sth - - * trunk/src/tools/eidenv.c: One of the memset()s appears to write - too much zeros on some systems -> put all the data in a struct - and memset() this instead of each field separately. Thx to JP - Szikora for notifying. - -2005-08-08 10:22 nils - - * trunk/src/libopensc/asn1.c, trunk/src/libopensc/asn1.h, - trunk/src/libopensc/card-atrust-acos.c, - trunk/src/libopensc/card-starcos.c, - trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/iso7816.c, - trunk/src/libopensc/pkcs15-postecert.c, - trunk/src/libopensc/pkcs15-syn.c, - trunk/src/pkcs15init/pkcs15-starcos.c: cleanup, mostly - signed/unsigned issues - -2005-08-05 19:07 nils - - * trunk/ChangeLog, trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/pkcs15-setcos.c, - trunk/src/pkcs15init/pkcs15-starcos.c, - trunk/src/pkcs15init/profile.h: Add support for the lastUpdate - field to pkcs15init. Add flag to indicate whether some data has - been changed to the profile structure and set the flag in the - functions which change the card contents. - -2005-08-05 17:18 nils - - * trunk/src/libopensc/card-atrust-acos.c, - trunk/src/libopensc/card-etoken.c, - trunk/src/libopensc/card-starcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/internal.h, trunk/src/libopensc/iso7816.c, - trunk/src/libopensc/opensc.h: the apdu error codes are unsigned - => change sc_check_sw and the card ops check_sw - -2005-08-05 16:24 nils - - * trunk/ChangeLog, trunk/src/libopensc/pkcs15-cache.c, - trunk/src/libopensc/pkcs15-syn.c, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/pkcs15.h: - Initial support for - TokenUpdate;;lastUpdate field. Change pkcs15 caching code to use - the card serial number and lastUpdate field (if present) to - specify the cache file. - consistently use unsigned data types - to specify object types - make sc_pkcs15emu_get_df a local - function (it's not used outside pkcs15-syn.c and honestly I see - no reason to export it). - start of a new ChangeLog file (with - some intial entries) - -2005-08-05 15:03 nils - - * trunk/src/libopensc/pkcs15-atrust-acos.c, - trunk/src/libopensc/pkcs15-gemsafe.c, - trunk/src/libopensc/pkcs15-netkey.c, - trunk/src/libopensc/pkcs15-starcert.c: more cleanup - -2005-08-05 07:28 nils - - * trunk/src/libopensc/asn1.c: improve generalizedTime support + - more cleanup - -2005-08-05 07:24 nils - - * trunk/src/libopensc/dir.c, trunk/src/libopensc/pkcs15-algo.c, - trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-data.c, - trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15-pubkey.c, - trunk/src/libopensc/pkcs15-wrap.c: properly initialize - sc_asn1_entry elements + some cleanup - -2005-08-04 06:29 sth - - * trunk/src/libopensc/pkcs15.h: Reverse the export of function - parse_x509_cert() - -2005-08-03 18:43 nils - - * trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc.c: change - sc_bin_to_hex separator parameter from char to int as character - constants are integers in c - -2005-08-03 18:29 nils - - * trunk/src/libopensc/card-belpic.c, - trunk/src/libopensc/pkcs15-gemsafe.c, - trunk/src/libopensc/pkcs15-openpgp.c: cleanup - -2005-08-03 11:33 sth - - * trunk/src/tools/eidenv.c: More typo fixes, from JP Zikora - -2005-08-03 09:07 sth - - * trunk/src/libopensc/pkcs15-cert.c, trunk/src/libopensc/pkcs15.h: - Export function parse_x509_cert() - -2005-08-03 09:05 sth - - * trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: - Allow to seach a data object by it's application OID - -2005-08-03 09:00 sth - - * trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc.c: Added - function sc_compare_oid() - -2005-08-02 21:13 nils - - * trunk/src/libopensc/base64.c, trunk/src/libopensc/card-belpic.c, - trunk/src/libopensc/card-etoken.c, - trunk/src/libopensc/iso7816.c: cleanup - -2005-08-02 20:48 sth - - * trunk/src/tools/eidenv.c: Typo fix - -2005-08-01 08:59 nils - - * trunk/src/libp11/p11_misc.c: check malloc return value - -2005-07-29 21:21 sth - - * trunk/src/tools/eidenv.c: Added support for the Belgian EID card - (shows the contents of the ID and Address files) - -2005-07-29 21:15 sth - - * trunk/src/tools/Makefile.mak: Add eidenv.exe tool - -2005-07-29 21:14 sth - - * trunk/src/tools/eidenv.c: Now compiles on Win32 - -2005-07-29 14:38 mb - - * trunk/src/tests/print.c: Fixed a warning (comparison between - signed and unsigned). - -2005-07-24 14:06 nils - - * trunk/etc/opensc.conf.in, trunk/src/pkcs11/framework-pkcs15.c: - apply Stef's patch which puts all public objects in first slot - if only one pin is present (and hide_empty_tokens is true) - -2005-07-21 21:05 aj - - * trunk/src/pkcs11/framework-pkcs15.c: fix compiling without - openssl. - -2005-07-20 18:19 nils - - * trunk/src/libopensc/reader-openct.c, - trunk/src/pkcs15init/pkcs15-cflex.c: fix memory leak; patch - supplied by Imanishi Masayuki - -2005-07-20 17:58 nils - - * trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/tools/pkcs15-init.c: fix use of x509v3 key usage - extension value - -2005-07-20 00:47 bert - - * trunk/opensc: oops, how did I create that... - -2005-07-20 00:43 bert - - * trunk/doc/src/tools, trunk/doc/src/tools/cardos-info.xml, - trunk/doc/src/tools/cryptoflex-tool.xml, - trunk/doc/src/tools/opensc-config.xml, - trunk/doc/src/tools/opensc-explorer.xml, - trunk/doc/src/tools/opensc-tool.xml, - trunk/doc/src/tools/pkcs11-tool.xml, - trunk/doc/src/tools/pkcs15-crypt.xml, - trunk/doc/src/tools/pkcs15-init.xml, - trunk/doc/src/tools/pkcs15-profile.xml.in, - trunk/doc/src/tools/pkcs15-tool.xml, - trunk/doc/src/tools/tools.xml: added docbook XML source for - tools manpages - -2005-07-19 23:28 bert - - * trunk/opensc: Initial import. - -2005-07-19 21:03 aj - - * trunk/src/libopensc/card-etoken.c: sorry, not compatible :( - -2005-07-19 11:57 nils - - * trunk/src/libp11/p11_load.c: free error strings on when - destroying context - -2005-07-19 11:20 sth - - * trunk/src/libp11/p11_key.c, - trunk/src/sslengines/engine_pkcs11.c: #ifndef strncasecmp - doesn't work because strncasecmp is no macro (thx Nils) - -2005-07-18 22:33 aj - - * trunk/src/libopensc/card-etoken.c: add new atr. - -2005-07-18 21:30 nils - - * trunk/src/libopensc/card-starcos.c: only copy resp if the - operation was successful - -2005-07-18 20:20 nils - - * trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/openssl.c, - trunk/src/pkcs11/pkcs11-object.c, trunk/src/pkcs11/sc-pkcs11.h: - don't use software prng - -2005-07-18 12:20 sth - - * trunk/src/tools/pkcs15-tool.c: Added #ifdef HAVE_OPENSSL for - read_ssh_key() - -2005-07-18 12:13 sth - - * trunk/src/Makefile.mak, trunk/win32/Make.rules.mak: Don't build - libp11 if we don't have OpenSSL support - -2005-07-18 12:12 sth - - * trunk/win32/Make.rules.mak: Get include files also from - include\opensc, this is a temporary fix so the compiler finds - the rsaref/ dir when reaching '#include ' in - libp11-int.h - -2005-07-18 11:56 sth - - * trunk/src/sslengines/Makefile.mak: Changes in .obj and .lib - files now we have the new libp11 - -2005-07-18 11:54 sth - - * trunk/src/sslengines/engine_pkcs11.c: No strncasecmp() on Windows - -2005-07-18 11:53 sth - - * trunk/src/libp11/Makefile.mak: Install libp11.h + small fixes - -2005-07-18 11:51 sth - - * trunk/src/libp11/p11_key.c: No strncasecmp() on Windows - -2005-07-18 09:15 aj - - * trunk/src/libp11/p11_slot.c: open a session if there is none. - -2005-07-18 07:26 nils - - * trunk/src/libopensc/card-starcos.c: starcos has a GET CHALLENGE - command ... useless flag - -2005-07-17 21:19 aj - - * trunk/src/libp11/libp11.h, trunk/src/libp11/p11_slot.c: add - functions to access smart card as random number generator. - -2005-07-17 20:40 aj - - * trunk/configure.in: fix scconf linking. - -2005-07-17 20:31 aj - - * trunk/src/libopensc/Makefile.am: oops, ldap/scam is no more. - -2005-07-17 20:27 aj - - * trunk/doc/Makefile, trunk/doc/src/Makefile.am: fix two small - makefile gliches. - -2005-07-17 20:23 aj - - * trunk/configure.in, trunk/etc/Makefile.am, - trunk/etc/scldap.conf.in, trunk/src/libopensc/libscam.pc.in, - trunk/src/libopensc/libscldap.pc.in: remove scldap.conf, and - pkg-config files for libscldap and libscam. - -2005-07-17 20:19 aj - - * trunk/src/include/opensc/Makefile.am: remove ldap/random related - makefile commands. - -2005-07-17 20:18 aj - - * trunk/src/include/opensc/Makefile.am, - trunk/src/pkcs11/Makefile.am, trunk/src/pkcs11/Makefile.mak, - trunk/src/pkcs11/openssl.c, trunk/src/pkcs11/pkcs11-object.c: - remove code dealing with random numbers for now. - -2005-07-17 20:11 aj - - * trunk/configure.in: remove random/prng related code from - configure.in - -2005-07-17 20:10 aj - - * trunk/configure.in, trunk/src/Makefile.am, - trunk/src/Makefile.mak, trunk/src/scrandom: remove scrandom - code. We will implement proper code to get random data from the - card itself. - -2005-07-17 20:09 aj - - * trunk/configure.in: remove pam/ldap/sia specific code from - configure.in - -2005-07-17 20:08 aj - - * trunk/configure.in, trunk/src/Makefile.am, trunk/src/pam, - trunk/src/scam, trunk/src/scldap, trunk/src/sia: pam module - obsoleted by pam_pkcs11 and pam_p11. - -2005-07-17 20:06 aj - - * trunk/man/Makefile.am: add Makefile for man/ directory. - -2005-07-17 19:59 aj - - * trunk/Makefile.am, trunk/configure.in, trunk/doc/Makefile.am, - trunk/doc/old/Makefile.am, trunk/doc/src/Makefile.am: additionl - cleanup from doc / docs merge. New include api documentation - (xml files at least). Not yet installed. - -2005-07-17 19:50 aj - - * trunk/doc/AladdinEtokenPro.html, trunk/doc/AutoVersions.html, - trunk/doc/BelgianEid.html, trunk/doc/CardOs.html, - trunk/doc/CardReaders_CTAPI.html, - trunk/doc/CardReaders_SPR532.html, - trunk/doc/CardsAndTokens.html, - trunk/doc/CompatibilityIssues.html, - trunk/doc/CompatiblityIssues.html, - trunk/doc/CryptoIdendityItsec.html, trunk/doc/Cryptoflex.html, - trunk/doc/Cyberflex.html, trunk/doc/DesignDiscussion.html, - trunk/doc/DesignDiscussion_UserInterface.html, - trunk/doc/EstonianEid.html, trunk/doc/FinnishEid.html, - trunk/doc/GemplusGpk.html, trunk/doc/GermanEid.html, - trunk/doc/ItalianEid.html, trunk/doc/ItalianPostecert.html, - trunk/doc/LinuxDistributions.html, trunk/doc/MacOsX.html, - trunk/doc/Makefile.am, trunk/doc/MartinBlog.html, - trunk/doc/MartinBlogMuscle.html, - trunk/doc/MartinBlogPlatform.html, trunk/doc/OpenPgp.html, - trunk/doc/OpenSsh.html, trunk/doc/OpensslEngines.html, - trunk/doc/PinpadReaders.html, trunk/doc/PuTTYcard.html, - trunk/doc/README, trunk/doc/RainbowIkeyThree.html, - trunk/doc/RecentTestresults.html, trunk/doc/ReleaseHowto.html, - trunk/doc/ReplacingCertificates.html, trunk/doc/RoadMap.html, - trunk/doc/SchlumbergerEgate.html, - trunk/doc/SmartCardApplications.html, trunk/doc/SpanishEid.html, - trunk/doc/SubversionRepository.html, - trunk/doc/SupportedHardware.html, trunk/doc/SwedishEid.html, - trunk/doc/TaiwanEid.html, trunk/doc/TelseCos.html, - trunk/doc/TroubleShooting.html, trunk/doc/WindowsCsp.html, - trunk/doc/export-wiki.sh, trunk/doc/export-wiki.xsl, - trunk/doc/index.html, trunk/doc/pkcs11_keypair_gen.html, - trunk/doc/trac.css: Add wiki snapshot. - -2005-07-17 19:49 aj - - * trunk/doc/old, trunk/docs: move docs/ to do/. mark it "old" - (plan is to use the wiki). - -2005-07-17 19:19 aj - - * trunk/Makefile.am, trunk/configure.in, trunk/docs/cardos-info.1, - trunk/docs/cryptoflex-tool.1, trunk/docs/netkey-tool.1, - trunk/docs/opensc-config.1, trunk/docs/opensc-explorer.1, - trunk/docs/opensc-tool.1, trunk/docs/opensc.7, - trunk/docs/pkcs11-tool.1, trunk/docs/pkcs15-crypt.1, - trunk/docs/pkcs15-init.1, trunk/docs/pkcs15-profile.5.in, - trunk/docs/pkcs15-tool.1, trunk/docs/pkcs15.7, - trunk/docs/sc_connect_card.3, - trunk/docs/sc_detect_card_presence.3, - trunk/docs/sc_disconnect_card.3, - trunk/docs/sc_establish_context.3, trunk/docs/sc_file.3, - trunk/docs/sc_file_free.3, trunk/docs/sc_file_new.3, - trunk/docs/sc_list_files.3, trunk/docs/sc_lock.3, - trunk/docs/sc_pkcs15_compute_signature.3, - trunk/docs/sc_read_binary.3, trunk/docs/sc_read_record.3, - trunk/docs/sc_release_context.3, trunk/docs/sc_select_file.3, - trunk/man, trunk/man/cardos-info.1, trunk/man/cryptoflex-tool.1, - trunk/man/netkey-tool.1, trunk/man/opensc-config.1, - trunk/man/opensc-explorer.1, trunk/man/opensc-tool.1, - trunk/man/opensc.7, trunk/man/pkcs11-tool.1, - trunk/man/pkcs15-crypt.1, trunk/man/pkcs15-init.1, - trunk/man/pkcs15-profile.5.in, trunk/man/pkcs15-tool.1, - trunk/man/pkcs15.7, trunk/man/sc_connect_card.3, - trunk/man/sc_detect_card_presence.3, - trunk/man/sc_disconnect_card.3, - trunk/man/sc_establish_context.3, trunk/man/sc_file.3, - trunk/man/sc_file_free.3, trunk/man/sc_file_new.3, - trunk/man/sc_list_files.3, trunk/man/sc_lock.3, - trunk/man/sc_pkcs15_compute_signature.3, - trunk/man/sc_read_binary.3, trunk/man/sc_read_record.3, - trunk/man/sc_release_context.3, trunk/man/sc_select_file.3: move - man pages to man/ directory. - -2005-07-17 09:39 aj - - * trunk/src/libp11/p11_key.c: fail() returned NULL, windows need - return 0; - -2005-07-15 13:37 sth - - * trunk/src/tools/pkcs11-tool.c: If we want to test signing, first - see if the key can do this - -2005-07-15 13:32 sth - - * trunk/src/pkcs15init/pkcs15-lib.c: Cast correctly - -2005-07-14 10:38 aj - - * trunk/src/libp11/libp11-int.h, trunk/src/libp11/libp11.h, - trunk/src/libp11/p11_key.c: cert to key is even more interesting - than key to cert. - -2005-07-13 17:11 aj - - * trunk/src/libp11/p11_load.c: Unload twice causes segfault. - -2005-07-13 17:10 aj - - * trunk/src/libp11/libp11-int.h, trunk/src/libp11/libp11.h, - trunk/src/libp11/p11_ops.c, trunk/src/libp11/p11_rsa.c: make the - sign/encrypt/decrypt opterations public. - -2005-07-13 13:50 aj - - * trunk/src/sslengines/engine_pkcs11.c: first step to eleminate - libpkcs11. - -2005-07-13 13:48 aj - - * trunk/src/libp11/Makefile.am, trunk/src/libp11/libp11-int.h, - trunk/src/libp11/libp11.h, trunk/src/libp11/p11_rsa.c: commit - latest code, improve include file split, first steps towards - eleminating libpkcs11. - -2005-07-13 11:47 aj - - * trunk/src/libp11/libp11-int.h: add new internal header file. - -2005-07-13 11:41 aj - - * trunk/src/libp11/Makefile.am, trunk/src/libp11/libp11.h, - trunk/src/libp11/p11_attr.c, trunk/src/libp11/p11_cert.c, - trunk/src/libp11/p11_err.c, trunk/src/libp11/p11_key.c, - trunk/src/libp11/p11_load.c, trunk/src/libp11/p11_misc.c, - trunk/src/libp11/p11_ops.c, trunk/src/libp11/p11_rsa.c, - trunk/src/libp11/p11_slot.c: split libp11.h in an internal and a - public part. add p11_ops.c and other code by kevin stefanik. - -2005-07-13 10:24 aj - - * trunk/src/libp11/Makefile.am: install header file, fix linking. - -2005-07-13 08:25 sth - - * trunk/src/libp11/libp11.h: Increased the ID length - -2005-07-12 21:03 nils - - * trunk/src/libopensc/dir.c: interpret rec_nr == 0 as a request to - create a new record, fix for bug report #21 - -2005-07-11 21:31 nils - - * trunk/src/libopensc/card.c: in case of T0 the Le value is - omitted for case 4 APDUs; patch supplied by - richard.musil@bigfoot.com - -2005-07-11 21:28 nils - - * trunk/src/libopensc/iso7816.c, trunk/src/pkcs15init/profile.c: - fix file descriptor byte and ef_structure type; patch supplied - by richard.musil@bigfoot.com - -2005-07-11 08:26 aj - - * trunk/src/sslengines/Makefile.am: remove reference to no longer - existing file pkcs11-internal.h - -2005-07-10 20:32 aj - - * trunk/src/libp11/Makefile.am: fix compiling and distribution - package. - -2005-07-10 18:40 aj - - * trunk/src/sslengines/Makefile.am, - trunk/src/sslengines/engine_pkcs11.c, - trunk/src/sslengines/hw_pkcs11.c: use new libp11.h header from - libp11. - -2005-07-10 18:38 aj - - * trunk/src/libp11/p11_attr.c, trunk/src/libp11/p11_cert.c, - trunk/src/libp11/p11_err.c, trunk/src/libp11/p11_key.c, - trunk/src/libp11/p11_load.c, trunk/src/libp11/p11_misc.c, - trunk/src/libp11/p11_rsa.c, trunk/src/libp11/p11_slot.c: use new - name in include syntax. - -2005-07-10 18:37 aj - - * trunk/configure.in, trunk/src/libp11/Makefile.am, - trunk/src/libp11/libp11.pc.in: enable libp11.pc pkg-config file. - -2005-07-10 18:36 aj - - * trunk/src/libp11/libp11.h, - trunk/src/sslengines/pkcs11-internal.h: move and rename - pkcs11-internal.h to libp11.h - -2005-07-10 17:03 aj - - * trunk/src/libp11/Makefile.am, trunk/src/libp11/Makefile.mak: add - Makefiles for libp11 - * trunk/src/pkcs11/Makefile.am: do not install libpkcs11 as shared - library. - -2005-07-10 17:01 aj - - * trunk/src/Makefile.am, trunk/src/Makefile.mak, trunk/src/libp11, - trunk/src/libp11/p11_attr.c, trunk/src/libp11/p11_cert.c, - trunk/src/libp11/p11_err.c, trunk/src/libp11/p11_key.c, - trunk/src/libp11/p11_load.c, trunk/src/libp11/p11_misc.c, - trunk/src/libp11/p11_rsa.c, trunk/src/libp11/p11_slot.c, - trunk/src/sslengines/Makefile.am, - trunk/src/sslengines/p11_attr.c, - trunk/src/sslengines/p11_cert.c, trunk/src/sslengines/p11_err.c, - trunk/src/sslengines/p11_key.c, trunk/src/sslengines/p11_load.c, - trunk/src/sslengines/p11_misc.c, trunk/src/sslengines/p11_rsa.c, - trunk/src/sslengines/p11_slot.c: move p11_* into a new library. - -2005-07-08 21:16 nils - - * trunk/src/pkcs11/pkcs11-display.c, - trunk/src/pkcs11/rsaref/pkcs11t.h: enhance attribute support; - patch supplied by supplied by Marc Bevand - -2005-07-08 21:04 nils - - * trunk/src/pkcs11/pkcs11-spy.c: fix check of the return value in - C_GetAttributeValue; supplied by Marc Bevand - -2005-07-06 12:59 sth - - * trunk/src/tools/pkcs11-tool.c: Oops, shouldn't have changed the - serial number size in x509cert_info to 256 - -2005-07-06 12:23 sth - - * trunk/src/tools/pkcs15-tool.c: No uint32_t type in MS VS - -2005-07-05 17:45 sth - - * trunk/src/pkcs15init/pkcs15-lib.c: Don't ignore the - profile_option -- remark from Victor Tarasov - -2005-07-05 17:43 sth - - * trunk/src/tools/pkcs15-init.c: Print an error if - sc_pkcs15init_bind() fails - -2005-07-05 15:27 sth - - * trunk/src/tools/pkcs11-tool.c: Increased sizes in rsakey_info - struct - -2005-07-05 15:22 sth - - * trunk/src/pkcs15init/setcos.profile: Typo fix - * trunk/src/libopensc/card-setcos.c: SetCOS 4.4.1 supports keypair - generation, keysizes of 512, 768 and 1024 are fine - -2005-07-05 13:34 sth - - * trunk/src/sslengines/p11_rsa.c: Macro cleanup, patch received - some time ago but appearently not committed - -2005-07-01 22:37 nils - - * trunk/src/pkcs15init/pkcs15-etoken.c: remove unnecessary include - -2005-07-01 08:40 nils - - * trunk/etc/opensc.conf.in: remove duplicate entry - -2005-07-01 08:26 nils - - * trunk/etc/opensc.conf.in, trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/Makefile.mak, - trunk/src/libopensc/card-atrust-acos.c, - trunk/src/libopensc/ctx.c, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/pkcs15-atrust-acos.c, - trunk/src/libopensc/pkcs15-syn.c: add initial support for atrust - acos cards; patch supplied by Franz Brandl - -2005-07-01 07:17 nils - - * trunk/src/pkcs15init/pkcs15-etoken.c: remove unused variable - -2005-07-01 06:27 nils - - * trunk/src/libopensc/card-etoken.c, - trunk/src/libopensc/cardctl.h, - trunk/src/pkcs15init/pkcs15-etoken.c: GIVE RANDOM is for sm, so - remove it from the etoken key generation code - -2005-06-29 11:32 martin - - * trunk/src/libopensc/pkcs15-esteid.c: Make the names fit in - pkcs11 limits - -2005-06-28 21:16 aj - - * trunk/src/tools/pkcs15-tool.c: oops, missed a #endif. - -2005-06-28 20:33 aj - - * trunk/src/tools/pkcs15-tool.c: use uint32_t, it is a c++ stdtype - and should work on all plattforms. - -2005-06-28 13:50 sth - - * trunk/src/tools/pkcs15-tool.c: Use uint32_t on Mac - -2005-06-28 04:09 aj - - * trunk/src/openssh/ask-for-pin.diff: rediffed against openssh - 4.1p1 - -2005-06-27 21:49 aj - - * trunk/src/openscd: openscd code hasn't been used by anyone in - years. - -2005-06-27 13:52 martin - - * trunk/src/pkcs11/framework-pkcs15.c: Annoying typo - -2005-06-27 13:51 martin - - * trunk/src/libopensc/card-mcrd.c: Adjust function name to reflect - documented functionality - -2005-06-27 11:51 sth - - * trunk/src/tools/pkcs15-tool.c: No asm/types.h on MacOSX either - -2005-06-27 11:47 aj - - * trunk/src/tests/regression/test.p12: add working file. - * trunk/src/tests/regression/test.p12: remove broken file. - -2005-06-27 10:08 martin - - * trunk/src/libopensc/reader-pcsc.c: Log in hex format of course... - -2005-06-22 10:32 sth - - * trunk/src/tools/pkcs15-tool.c: Windows: no _uu32 in MS VS - -2005-06-17 19:34 aj - - * trunk/docs/opensc.xml: add comment about usb crypto tokens. - -2005-06-17 15:47 sth - - * trunk/src/libopensc/reader-pcsc.c: Fix: if a card is inserted, - the SC_SLOT_CARD_CHANGED flag must be set - -2005-06-16 20:15 aj - - * trunk/src/sslengines/Makefile.am: small makefile fix. - -2005-06-16 19:39 aj - - * trunk/src/tools/pkcs15-tool.c: make it compile without openssl. - -2005-06-16 19:35 aj - - * trunk/QUICKSTART, trunk/doc/src/api/card/sc_card_ctl.xml, - trunk/doc/src/api/card/sc_wait_for_event.xml, - trunk/doc/src/api/file/sc_delete_record.xml, - trunk/doc/src/api/init/sc_connect_card.xml, - trunk/doc/src/api/init/sc_detect_card_presence.xml, - trunk/doc/src/api/init/sc_disconnect_card.xml, - trunk/doc/src/api/init/sc_set_card_driver.xml, - trunk/doc/src/api/types/sc_app_info_t.xml, - trunk/src/libopensc/card.c, trunk/src/libopensc/ctbcs.h, - trunk/src/libopensc/errors.c, - trunk/src/openssh/ask-for-pin.diff, - trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/sc-pkcs11.h, - trunk/src/pkcs11/slot.c, trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/signer/opensc-crypto.c, trunk/src/signer/signer.c, - trunk/src/sslengines/engine_opensc.c, - trunk/src/tools/opensc-explorer.c, - trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-crypt.c, - trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-tool.c: - "smart card" not "smartcard" or "SmartCard". - -2005-06-16 19:28 aj - - * trunk/docs/netkey-tool.1, trunk/docs/opensc-es.html, - trunk/docs/opensc.html, trunk/docs/opensc.xml: "smart card" not - smartcard or SmartCards. - -2005-06-16 18:13 aj - - * trunk/aclocal/pkg.m4: update to current version of pkg.m4 from - pkg-config. - -2005-06-15 08:57 aj - - * trunk/src/tools/pkcs15-tool.c: add options for displaying - openssh keys. - -2005-06-15 08:56 aj - - * trunk/src/pkcs11/Makefile.am, trunk/src/sslengines/Makefile.am: - move libraries from lib/pkcs11 to lib/, rename the engine dir to - engine, and make it "openssl" so openssl can load the engines - automaticaly. - -2005-06-14 21:37 nils - - * trunk/docs/Makefile.am, trunk/docs/netkey-tool.1, - trunk/src/tools/Makefile.am, trunk/src/tools/netkey-tool.c: add - netkey-tool from Peter Koch - -2005-06-07 14:31 martin - - * trunk/src/libopensc/reader-pcsc.c: It is plain wrong to call - again pcsc layer locking methods as card.c:sc_lock() already - does it when somebody goes to the card the very first time and - thus begins a transaction. iso7816.c methods should lock the - card in iso7816_pin_cmd() on card level if anything. - -2005-06-07 12:43 martin - - * trunk/src/libopensc/card-oberthur.c: Add support for pinpad PIN - verification. Patch from Andreas Steffen - -2005-05-22 20:07 nils - - * trunk/src/tools/pkcs11-tool.c: microsoft's vs 6.0 doesn't like - initialization during declaration. let's use memset instead - -2005-05-21 10:21 nils - - * trunk/docs/pkcs11-tool.1, trunk/src/tools/pkcs11-tool.c: enhance - object writting support, patch supplied by Marc Bevand - - -2005-05-20 09:55 nils - - * trunk/src/pkcs11/pkcs11-display.c: cleanup, patch supplied by - Marc Bevand - -2005-05-17 21:51 nils - - * trunk/src/libopensc/pkcs15-netkey.c: update from Peter Koch - -2005-05-11 14:00 sth - - * trunk/src/pkcs11/framework-pkcs15.c: Don't used cashed PINs for - a UserConsent key! - -2005-05-10 19:58 sth - - * trunk/src/pkcs15init/setcos.profile: Better choices for the - sizes/FIDs + typo fix - -2005-05-10 12:59 nils - - * trunk/src/libopensc/pkcs15-actalis.c: add certs only when we - have zlib support - -2005-05-09 11:46 sth - - * trunk/src/pkcs15init/pkcs15-lib.c: If an object is added to a - pkcs15_card, don't call sc_pkcs15_free_object() on it - -2005-05-08 21:30 nils - - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/Makefile.mak, - trunk/src/libopensc/pkcs15-actalis.c, - trunk/src/libopensc/pkcs15-syn.c: add support for Actalis card; - patch supplied by Andrea Frigido - -2005-05-07 22:22 nils - - * trunk/docs/pkcs11-tool.1, trunk/src/tools/pkcs11-tool.c: add - initialization support for token/pin; supplied by Marc Bevand - - -2005-05-06 13:52 sth - - * trunk/src/pkcs15init/pkcs15-setcos.c: Fix: re-link the SO-PIN to - the pkcs15 DF, otherwise the AC's in sc_pkcs15init_add_app() are - ignored resulting in a.o. an unprotected pkcs15 DF - -2005-05-06 11:31 sth - - * trunk/src/pkcs15init/pkcs15-setcos.c, - trunk/src/pkcs15init/setcos.profile: Fixed handling of pkcs15 - types and added support for storing pkcs15 data objects - -2005-05-04 13:17 sth - - * trunk/src/pkcs15init/Makefile.mak: Have pkcs15init as a DLL - instead of as a static lib file - -2005-05-03 09:33 martin - - * trunk/src/tests/pintest.c: Announce the capabilities of the - terminal 'press enter for pinpad'-enable the pintest utility - -2005-05-02 19:17 sth - - * trunk/src/libopensc/card.c: Removed double line -- thx Nils - -2005-05-02 18:48 sth - - * trunk/src/libopensc/card.c: atr table reallocation fix by - William Wanders - -2005-05-02 09:43 sth - - * trunk/src/sslengines/engine_pkcs11.c: Removed unnessary - #includes from previous path - -2005-05-02 09:41 sth - - * trunk/src/sslengines/engine_pkcs11.c: Typo fix -- causes compile - error on MS VS - -2005-04-30 10:07 nils - - * trunk/src/sslengines/engine_pkcs11.c: free pin when ending a - pkcs11 session; patch supplied by Douglas E. Engert - - -2005-04-29 20:23 aj - - * trunk/QUICKSTART: create a key that does signing and decryption. - -2005-04-26 09:09 aj - - * trunk/NEWS: Oops, didn't update news file yesterday before the - release. So at least document it now. - -2005-04-25 21:00 nils - - * trunk/src/libopensc/pkcs15-infocamere.c: changes from Antonino - Iacono - -2005-04-25 19:21 aj - - * trunk/src/libopensc/ui.c: Ludovic Rousseau: rxvt can also do - color so here is a patch. - -2005-04-24 16:17 nils - - * trunk/src/libopensc/pkcs15-infocamere.c: changes from Antonino - Iacono - -2005-04-24 09:28 nils - - * trunk/src/pkcs11/pkcs11-display.c: bugfix; supplied by Marc - Bevand - -2005-04-23 12:26 nils - - * trunk/src/sslengines/engine_opensc.c, - trunk/src/sslengines/engine_pkcs11.c: add callback_data - parameter to get_pin; supplied by Douglas E. Engert - - -2005-04-23 11:20 nils - - * trunk/src/libopensc/pkcs15-gemsafe.c: try file id if selection - via df name doesn't work; Douglas E. Engert - -2005-04-19 18:38 nils - - * trunk/src/libopensc/pkcs15-gemsafe.c: fix problem with unsigned - int; pointe out by Douglas E. Engert - -2005-04-17 16:43 nils - - * trunk/src/libopensc/pkcs15-infocamere.c: add support for yet - another infocamere card, submitted by Sirio Capizzi - - -2005-04-16 13:42 nils - - * trunk/configure.in: check for zlib - -2005-04-16 13:36 nils - - * trunk/src/libopensc/card-etoken.c: add yet another atr to - card-etoken.c - -2005-04-16 12:06 nils - - * trunk/src/libopensc/card-flex.c: added yet another atr to - card-flex, supplied by: Giuseppe Raspanti - -2005-04-16 10:40 nils - - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/Makefile.mak, - trunk/src/libopensc/card-gpk.c, - trunk/src/libopensc/pkcs15-gemsafe.c, - trunk/src/libopensc/pkcs15-syn.c: add support for gpk16k gemsafe - cards, Douglas E. Engert et al - -2005-04-16 10:37 nils - - * trunk/src/libopensc/card-setcos.c, - trunk/src/pkcs15init/pkcs15-setcos.c: cleanup - -2005-04-16 10:21 martin - - * trunk/src/pkcs15init/pkcs15-starcos.c: scrandom interface is not - used by starcos - -2005-04-12 20:46 aj - - * trunk/configure.in: set the version to "WIP" (work in progress) - for the snapshot script. - -2005-04-11 06:36 nils - - * trunk/configure.in: make it work again (at least for me) - -2005-04-10 21:58 nils - - * trunk/src/libopensc/pkcs15-syn.c: remove broken code, add - skeleton for a new function - -2005-04-10 20:59 nils - - * trunk/src/libopensc/pkcs15-infocamere.c: disabled auth key/pin - as the IDs are wrong - -2005-04-09 13:32 nils - - * trunk/src/libopensc/card-setcos.c: fix compiler warnings - -2005-04-09 13:23 nils - - * trunk/src/sslengines/engine_pkcs11.c, - trunk/src/sslengines/engine_pkcs11.h, - trunk/src/sslengines/hw_pkcs11.c, - trunk/src/sslengines/test_engine.sh: add support cert loading, - patch supplied by Douglas E. Engert - -2005-04-07 19:45 martin - - * trunk/NEWS, trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/reader-pcsc.c: Small fixes in the teletrust - spec support code and related NEWS item - -2005-04-07 08:45 aj - - * trunk/QUICKSTART: files were renamed - adjust QUICKSTART file. - -2005-04-07 07:29 aj - - * trunk/Makefile.am, trunk/NEWS, trunk/solaris/opensc.conf-dist: - update trunk: include solaris/* files in tar file, update NEWS - with 0.9.6 changes, add profile_dir to solaris/openscc.conf-dist - -2005-04-04 21:52 nils - - * trunk/src/libopensc/padding.c, trunk/src/libopensc/pkcs15.c: - cleanup - -2005-04-04 09:30 sth - - * trunk/src/libopensc/card-setcos.c, - trunk/src/libopensc/cardctl.h, trunk/src/libopensc/cards.h, - trunk/src/pkcs15init/Makefile.am, - trunk/src/pkcs15init/Makefile.mak, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/pkcs15-setcos.c, - trunk/src/pkcs15init/setcos.profile: Added initial support for - SetCOS 4.4 cards - -2005-03-30 18:25 sth - - * trunk/src/libopensc/opensc.h, trunk/src/pkcs15init/pkcs15-lib.c: - If the SC_CARD_CAP_USE_FCI_AC flag is set, - sc_pkcs15init_authenticate() will check the file's ACs on the - card instead of relying on the ones in the profile file - -2005-03-30 18:18 sth - - * trunk/src/libopensc/opensc.h: Added another life cycle state - -2005-03-30 16:40 nils - - * branches/opensc-0.9/src/libopensc/asn1.c, - trunk/src/libopensc/asn1.c: bools are int; pointed out by - William Wanders - -2005-03-29 19:59 nils - - * trunk/src/tools/eidenv.c: fix for solaris; patch supplied by - Douglas E. Engert - -2005-03-29 07:30 aj - - * trunk/solaris, trunk/solaris/Makefile, trunk/solaris/README, - trunk/solaris/checkinstall.in, trunk/solaris/opensc.conf-dist, - trunk/solaris/pkginfo.in, trunk/solaris/proto: Add solaris/ - subdir and files to make using opensc on solaris easier. - -2005-03-26 20:10 sth - - * trunk/src/pkcs15init/pkcs15-lib.c: Moved init-card() till after - the pin-initialisation, this allows init-card() to do operation - with a pin without doing the pin stuff again. Shouldn't break - anything -- if it does, we'll undo this. - -2005-03-26 20:00 sth - - * trunk/src/pkcs11/misc.c: Added opensc-to-pks11 error mapping - -2005-03-26 19:48 sth - - * trunk/src/libopensc/sc.c: Prevent doubles in the ACL entries - -2005-03-26 19:47 sth - - * trunk/src/libopensc/iso7816.c: Allow an empty path in - iso7816_delete_file(), to indicate that the current DF should be - deleted. - -2005-03-26 19:35 sth - - * trunk/src/libopensc/opensc.h: No unistd.h on Windows - -2005-03-26 19:33 sth - - * trunk/src/libopensc/Makefile.mak: Removed pinpad-ccid - -2005-03-24 16:57 martin - - * trunk/src/libopensc/pkcs15-esteid.c: Parentheses too.. - -2005-03-24 16:54 martin - - * trunk/src/libopensc/pkcs15-esteid.c, - trunk/src/libopensc/reader-pcsc.c: * fix an return code from - ctbcs spec * make sure pins and puk are correctly associated in - esteid emu - -2005-03-23 23:24 aj - - * trunk/src/libopensc/opensc.h, trunk/src/libopensc/reader-pcsc.c: - silence a few warnings. - -2005-03-23 23:16 aj - - * trunk/etc/Makefile.am: use tab, not spaces. - -2005-03-23 23:12 aj - - * trunk/etc/opensc.conf.in: fill in profile_dir in config file. - * trunk/etc/Makefile.am, trunk/etc/opensc.conf.example, - trunk/etc/opensc.conf.in, trunk/etc/scldap.conf.example, - trunk/etc/scldap.conf.in: generate config file code with the - configure'd profile dir in opensc.conf. - -2005-03-23 23:10 aj - - * trunk/src/libopensc/ctx.c, trunk/src/pkcs15init/profile.c, - trunk/src/pkcs15init/profile.h: apply improved profile handling - code. - -2005-03-23 22:58 aj - - * trunk/src/include/winconfig.h: remove winreg.h as global include - (not needed in 99.9% of all files), remove obsolete config file - / profile dir definitions. - -2005-03-23 22:44 aj - - * trunk/src/libopensc/card-flex.c: fix egate token with cryptoflex - on windows. - -2005-03-23 22:37 aj - - * trunk/src/pkcs11/pkcs11-global.c: put new version in - pkcs11-global.c, too. - -2005-03-23 21:31 aj - - * trunk/configure.in: library was changed in an incompatible way - since 0.8, so we need to go from 0 to 1. - -2005-03-23 21:26 aj - - * trunk/NEWS: import news from 0.9 branch / releases. - -2005-03-23 21:08 aj - - * trunk/.cvsignore, trunk/aclocal/.cvsignore, - trunk/doc/.cvsignore, trunk/docs/.cvsignore, - trunk/etc/.cvsignore, trunk/macos/.cvsignore, - trunk/src/.cvsignore, trunk/src/common/.cvsignore, - trunk/src/include/.cvsignore, - trunk/src/include/opensc/.cvsignore, - trunk/src/include/opensc/rsaref/.cvsignore, - trunk/src/libopensc/.cvsignore, trunk/src/openscd/.cvsignore, - trunk/src/openssh/.cvsignore, trunk/src/pam/.cvsignore, - trunk/src/pkcs11/.cvsignore, trunk/src/pkcs11/rsaref/.cvsignore, - trunk/src/pkcs15init/.cvsignore, trunk/src/scam/.cvsignore, - trunk/src/scconf/.cvsignore, trunk/src/scdl/.cvsignore, - trunk/src/scldap/.cvsignore, trunk/src/scrandom/.cvsignore, - trunk/src/sia/.cvsignore, trunk/src/signer/.cvsignore, - trunk/src/signer/npinclude/.cvsignore, - trunk/src/sslengines/.cvsignore, trunk/src/tests/.cvsignore, - trunk/src/tests/regression/.cvsignore, - trunk/src/tools/.cvsignore, trunk/win32/.cvsignore: remove - .cvsignore files. - -2005-03-23 21:07 aj - - * trunk/debian: remove debian/ as it is obsolete and was not - maintained at all. this was eric can commit the current debian/ - used by the official debian packages. - -2005-03-18 20:36 nils - - * trunk/src/libopensc/pkcs15-esteid.c, - trunk/src/libopensc/pkcs15-infocamere.c, - trunk/src/libopensc/pkcs15-netkey.c, - trunk/src/libopensc/pkcs15-openpgp.c, - trunk/src/libopensc/pkcs15-postecert.c: fix free argument, - pointed out by Giuseppe Sacco - - -2005-03-09 12:46 pisi - - * trunk/src/libopensc/pkcs15-pin.c: common pin validity check, - supprot (still disabled) for pinpads in modify and unblock - -2005-03-09 12:44 pisi - - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/pinpad-ccid.c, - trunk/src/libopensc/pinpad-ccid.h, - trunk/src/libopensc/reader-pcsc.c: Introduce TeleTrust Class 2 - spec compliant pinpad functionality and incorporate the pinpad - functions directly to reader-pcsc.c. Mainly because the code - requires access to internal pcsc-only structures and splitting - some definitions to an extra header would not be very nice. - Also, the API is pcsc based and usable with other ifdhandlers - too, not just CCID. - -2005-03-09 12:25 pisi - - * trunk/src/libopensc/card-mcrd.c: Minor additions - -2005-03-09 11:45 pisi - - * trunk/etc/opensc.conf.example, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/pkcs15.h: A single flag for all pkcs15 layer - applications to detect a) if pinpad is present b) and if we - should make use of it. Also remove the CCID specific option for - pinpad detection - if detected, the flag will anyway always be - set as it reflects the capabilities of the actual reader. Also, - the detection mechanism is changed to be crossplatform. - -2005-03-09 11:14 pisi - - * trunk/src/libopensc/card.c, trunk/src/libopensc/internal.h: - copypaste ****s. Introduce a common internal function that - removes several copypastes - -2005-03-09 10:47 pisi - - * trunk/src/libopensc/asn1.c: Space cleanups - -2005-03-09 00:04 bert - - * trunk/src/openscd/commands.c, - trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/misc.c, - trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/pkcs11-spy.c, - trunk/src/pkcs15init/pkcs15-cflex.c, - trunk/src/pkcs15init/pkcs15-etoken.c, - trunk/src/pkcs15init/pkcs15-gpk.c, - trunk/src/pkcs15init/pkcs15-jcop.c, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/pkcs15-miocos.c, - trunk/src/pkcs15init/pkcs15-oberthur.c, - trunk/src/pkcs15init/pkcs15-starcos.c, - trunk/src/pkcs15init/profile.c, trunk/src/scam/p15_eid.c, - trunk/src/scam/p15_ldap.c, trunk/src/tests/sc-test.c, - trunk/src/tools/cardos-info.c, - trunk/src/tools/cryptoflex-tool.c, trunk/src/tools/eidenv.c, - trunk/src/tools/opensc-explorer.c, - trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-crypt.c, - trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-tool.c, - trunk/src/tools/util.c: API fixup: use defined type instead of - struct for exposed structs (part 2) - -2005-03-08 20:59 bert - - * trunk/src/libopensc/asn1.c, trunk/src/libopensc/card-belpic.c, - trunk/src/libopensc/card-default.c, - trunk/src/libopensc/card-emv.c, - trunk/src/libopensc/card-etoken.c, - trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c, - trunk/src/libopensc/card-jcop.c, - trunk/src/libopensc/card-mcrd.c, - trunk/src/libopensc/card-miocos.c, - trunk/src/libopensc/card-oberthur.c, - trunk/src/libopensc/card-setcos.c, - trunk/src/libopensc/card-starcos.c, - trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/ctbcs.c, trunk/src/libopensc/ctx.c, - trunk/src/libopensc/dir.c, trunk/src/libopensc/iso7816.c, - trunk/src/libopensc/log.c, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/padding.c, - trunk/src/libopensc/pinpad-ccid.c, - trunk/src/libopensc/pkcs15-algo.c, - trunk/src/libopensc/pkcs15-cache.c, - trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-data.c, - trunk/src/libopensc/pkcs15-infocamere.c, - trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/pkcs15-postecert.c, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15-pubkey.c, - trunk/src/libopensc/pkcs15-sec.c, - trunk/src/libopensc/pkcs15-starcert.c, - trunk/src/libopensc/pkcs15-wrap.c, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/reader-ctapi.c, - trunk/src/libopensc/reader-openct.c, - trunk/src/libopensc/reader-pcsc.c, trunk/src/libopensc/sc.c, - trunk/src/libopensc/sec.c: API fixup: use defined type instead - of struct for exposed structs - -2005-03-07 14:00 aet - - * trunk/etc/opensc.conf.example, trunk/src/include/winconfig.h, - trunk/src/libopensc/ctx.c, trunk/src/pkcs15init/profile.c, - trunk/src/pkcs15init/profile.h: - Add support for getting - location of the configuration file from Windows registry - (HKCU/HKLM) - Handle OPENSC_CONF environment variable on unix - - Add configuration option "profile_dir" to bypass build time - setting for pkcs15 initialization profiles directory Patch by - Andreas Jellinghaus, with minor enhancements from me. - -2005-03-06 14:37 pisi - - * trunk/src/libopensc/card-flex.c: whitespace cleanups - -2005-03-04 01:41 pisi - - * trunk/src/libopensc/reader-pcsc.c: consistent naming and trimmed - lines - -2005-03-03 18:12 aet - - * trunk/src/tools, trunk/src/tools/.cvsignore, - trunk/src/tools/Makefile.am: - eidenv cleanup - -2005-03-02 09:03 aet - - * trunk/src/tools/eidenv.c: - Minor fixes, convert crlf -> lf - -2005-03-02 09:02 aet - - * trunk/configure.in: - Disable openscd - -2005-03-02 08:11 pisi - - * trunk/src/Makefile.am: Removed openscd from - automake/distribution as it should be dead code. - -2005-03-02 08:05 pisi - - * trunk/src/tools/Makefile.am, trunk/src/tools/eidenv.c: eidenv - - small utility for Estonian ID card *nix only) - -2005-03-02 06:03 sth - - * trunk/src/libopensc/pkcs15-cache.c: Correctly check for reading - out of file bounds, thx to Sirio Capizi - -2005-03-02 02:06 bert - - * trunk/doc/src/api/apps/sc_enum_apps.xml, - trunk/doc/src/api/apps/sc_find_app_by_aid.xml, - trunk/doc/src/api/apps/sc_find_pkcs15_app.xml, - trunk/doc/src/api/apps/sc_free_apps.xml, - trunk/doc/src/api/apps/sc_update_dir.xml, - trunk/doc/src/api/asn1/sc_asn1_decode.xml, - trunk/doc/src/api/asn1/sc_asn1_encode.xml, - trunk/doc/src/api/asn1/sc_asn1_find_tag.xml, - trunk/doc/src/api/asn1/sc_asn1_print_tags.xml, - trunk/doc/src/api/asn1/sc_asn1_put_tag.xml, - trunk/doc/src/api/asn1/sc_asn1_read_tag.xml, - trunk/doc/src/api/asn1/sc_asn1_skip_tag.xml, - trunk/doc/src/api/asn1/sc_asn1_verify_tag.xml, - trunk/doc/src/api/asn1/sc_copy_asn1_entry.xml, - trunk/doc/src/api/asn1/sc_format_asn1_entry.xml: Add XML header - + manual title - -2005-03-02 02:01 bert - - * trunk/doc/src/api/init/sc_set_card_driver.xml, - trunk/doc/src/api/types/sc_file_t.xml, - trunk/doc/src/api/types/sc_path_t.xml: Work around simplelist bug - -2005-03-02 00:30 bert - - * trunk/doc/src/api/card/sc_card_ctl.xml, - trunk/doc/src/api/card/sc_check_sw.xml, - trunk/doc/src/api/card/sc_format_apdu.xml, - trunk/doc/src/api/card/sc_get_challenge.xml, - trunk/doc/src/api/card/sc_get_data.xml, - trunk/doc/src/api/card/sc_lock.xml, - trunk/doc/src/api/card/sc_put_data.xml, - trunk/doc/src/api/card/sc_transmit_apdu.xml, - trunk/doc/src/api/card/sc_unlock.xml: Add proper XML header - -2005-03-02 00:10 bert - - * trunk/doc/src/api/util/sc_base64_decode.xml, - trunk/doc/src/api/util/sc_base64_encode.xml, - trunk/doc/src/api/util/sc_der_clear.xml, - trunk/doc/src/api/util/sc_der_copy.xml, - trunk/doc/src/api/util/sc_strerror.xml: Add proper XML header - -2005-03-02 00:08 bert - - * trunk/doc/src/api/init/sc_wait_for_event.xml: removed - sc_wait_for_event() - -2005-03-01 23:33 bert - - * trunk/doc/src/api/file/chapter.xml, - trunk/doc/src/api/file/sc_append_record.xml, - trunk/doc/src/api/file/sc_create_file.xml, - trunk/doc/src/api/file/sc_delete_file.xml, - trunk/doc/src/api/file/sc_delete_record.xml, - trunk/doc/src/api/file/sc_file_dup.xml, - trunk/doc/src/api/file/sc_file_free.xml, - trunk/doc/src/api/file/sc_file_new.xml, - trunk/doc/src/api/file/sc_list_files.xml, - trunk/doc/src/api/file/sc_read_binary.xml, - trunk/doc/src/api/file/sc_read_record.xml, - trunk/doc/src/api/file/sc_select_file.xml, - trunk/doc/src/api/file/sc_update_binary.xml, - trunk/doc/src/api/file/sc_update_record.xml, - trunk/doc/src/api/file/sc_write_binary.xml, - trunk/doc/src/api/file/sc_write_record.xml: cleanup headers + - add manual title - -2005-03-01 23:18 bert - - * trunk/doc/src/api/init/sc_card_valid.xml, - trunk/doc/src/api/init/sc_connect_card.xml, - trunk/doc/src/api/init/sc_detect_card_presence.xml, - trunk/doc/src/api/init/sc_disconnect_card.xml, - trunk/doc/src/api/init/sc_establish_context.xml, - trunk/doc/src/api/init/sc_get_cache_dir.xml, - trunk/doc/src/api/init/sc_make_cache_dir.xml, - trunk/doc/src/api/init/sc_release_context.xml, - trunk/doc/src/api/init/sc_set_card_driver.xml: clean up headers - + add manual title - -2005-03-01 23:13 bert - - * trunk/doc/src/api/card/sc_wait_for_event.xml: fix typo's - -2005-03-01 23:02 bert - - * trunk/doc/src/api/card/chapter.xml, - trunk/doc/src/api/card/sc_wait_for_event.xml, - trunk/doc/src/api/init/chapter.xml: Moved sc_wait_for_event() to - card ops - -2005-03-01 22:58 bert - - * trunk/doc/src/api/init/chapter.xml, - trunk/doc/src/api/init/sc_wait_for_event.xml: Added - sc_wait_for_event() - -2005-03-01 16:28 bert - - * trunk/doc/src/api/util/sc_base64_decode.xml, - trunk/doc/src/api/util/sc_base64_encode.xml, - trunk/doc/src/api/util/sc_der_clear.xml, - trunk/doc/src/api/util/sc_der_copy.xml, - trunk/doc/src/api/util/sc_strerror.xml: Added manual title - -2005-03-01 16:11 bert - - * trunk/doc/src/api/types/chapter.xml: header file cleanup - -2005-03-01 16:09 bert - - * trunk/doc/src/api/types/sc_app_info_t.xml, - trunk/doc/src/api/types/sc_asn1_entry.xml, - trunk/doc/src/api/types/sc_card_t.xml, - trunk/doc/src/api/types/sc_file_t.xml, - trunk/doc/src/api/types/sc_path_t.xml: header file cleanup + - manual title - -2005-03-01 16:01 bert - - * trunk/doc, trunk/doc/.cvsignore: cvsignore - -2005-03-01 15:56 bert - - * trunk/doc/Makefile, trunk/doc/src/api/api.xml, - trunk/doc/src/api/html.xsl, trunk/doc/src/api/man.xsl: New doc - build system - -2005-02-28 20:08 bert - - * trunk/doc/src/api/init/sc_set_card_driver.xml, - trunk/doc/src/api/types/sc_card_t.xml: * openpgp card, not - opengpg * add atr_len field to sc_card_t - -2005-02-27 07:25 sth - - * trunk/src/tools/pkcs15-crypt.c: Typo fix (thx Andreas, sorry Juha - -2005-02-26 19:47 sth - - * trunk/src/tools/pkcs15-crypt.c: 'pinpad-enable' pkcs15-crypt: if - it's a pinpad and you press enter when being asked for a PIN, - you can enter the PIN on the reader - -2005-02-25 23:57 bert - - * trunk/doc/src/api/api.css, trunk/doc/src/api/api.xml, - trunk/doc/src/api/types/sc_app_info_t.xml, - trunk/doc/src/api/types/sc_asn1_entry.xml, - trunk/doc/src/api/util/sc_strerror.xml: Added sc_app_info_t, - sc_asn1_entry and sc_strerror() - -2005-02-25 23:56 bert - - * trunk/doc/src/api/asn1/sc_asn1_decode.xml, - trunk/doc/src/api/asn1/sc_copy_asn1_entry.xml, - trunk/doc/src/api/asn1/sc_format_asn1_entry.xml: Docbook - validation fixes - -2005-02-25 23:55 bert - - * trunk/doc/src/api/apps/chapter.xml, - trunk/doc/src/api/asn1/chapter.xml, - trunk/doc/src/api/card/chapter.xml, - trunk/doc/src/api/file/chapter.xml, - trunk/doc/src/api/init/chapter.xml, - trunk/doc/src/api/types/chapter.xml, - trunk/doc/src/api/util/chapter.xml: Validation fixes - -2005-02-25 21:17 pisi - - * trunk/src/sslengines/engine_pkcs11.c, - trunk/src/sslengines/p11_slot.c, - trunk/src/sslengines/pkcs11-internal.h: If the PKCS#11 token can - itself authenticate the user, we let it do it and ask nothing. - First because many applications that might link to the openssl - library would never-ever implement it and anyway it is the task - of the pkcs11 module to take care of the authentication however - the module/token feels feasible. - -2005-02-24 11:11 aet - - * trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/cards.h: - - Some fine-tuning to get previous, current and future FinEID - cards working. - -2005-02-23 23:36 bert - - * trunk/doc/src/api/api.xml, trunk/doc/src/api/apps, - trunk/doc/src/api/apps/chapter.xml, - trunk/doc/src/api/apps/sc_enum_apps.xml, - trunk/doc/src/api/apps/sc_find_app_by_aid.xml, - trunk/doc/src/api/apps/sc_find_pkcs15_app.xml, - trunk/doc/src/api/apps/sc_free_apps.xml, - trunk/doc/src/api/apps/sc_update_dir.xml, - trunk/doc/src/api/types/sc_card_t.xml: Added application - functions from dir.c Added app list to sc_card_t docs - -2005-02-23 19:34 aet - - * trunk/src/tests/lottery.c, trunk/src/tests/prngtest.c: - Don't - loop forever - -2005-02-23 19:09 aet - - * trunk/src/libopensc/opensc.h: - For completeness sake, add - SC_CARD_FLAG_VENDOR_MASK - -2005-02-23 10:44 aet - - * trunk/NEWS: - Preliminary update for the next release - -2005-02-23 10:39 aet - - * trunk/src/libopensc/card-openpgp.c: - Case cleanup - -2005-02-23 02:52 bert - - * trunk/doc, trunk/doc/src, trunk/doc/src/api, - trunk/doc/src/api/api.css, trunk/doc/src/api/api.xml, - trunk/doc/src/api/asn1, trunk/doc/src/api/asn1/chapter.xml, - trunk/doc/src/api/asn1/sc_asn1_decode.xml, - trunk/doc/src/api/asn1/sc_asn1_encode.xml, - trunk/doc/src/api/asn1/sc_asn1_find_tag.xml, - trunk/doc/src/api/asn1/sc_asn1_print_tags.xml, - trunk/doc/src/api/asn1/sc_asn1_put_tag.xml, - trunk/doc/src/api/asn1/sc_asn1_read_tag.xml, - trunk/doc/src/api/asn1/sc_asn1_skip_tag.xml, - trunk/doc/src/api/asn1/sc_asn1_verify_tag.xml, - trunk/doc/src/api/asn1/sc_copy_asn1_entry.xml, - trunk/doc/src/api/asn1/sc_format_asn1_entry.xml, - trunk/doc/src/api/card, trunk/doc/src/api/card/chapter.xml, - trunk/doc/src/api/card/sc_card_ctl.xml, - trunk/doc/src/api/card/sc_check_sw.xml, - trunk/doc/src/api/card/sc_format_apdu.xml, - trunk/doc/src/api/card/sc_get_challenge.xml, - trunk/doc/src/api/card/sc_get_data.xml, - trunk/doc/src/api/card/sc_lock.xml, - trunk/doc/src/api/card/sc_put_data.xml, - trunk/doc/src/api/card/sc_transmit_apdu.xml, - trunk/doc/src/api/card/sc_unlock.xml, trunk/doc/src/api/file, - trunk/doc/src/api/file/chapter.xml, - trunk/doc/src/api/file/sc_append_record.xml, - trunk/doc/src/api/file/sc_create_file.xml, - trunk/doc/src/api/file/sc_delete_file.xml, - trunk/doc/src/api/file/sc_delete_record.xml, - trunk/doc/src/api/file/sc_file_dup.xml, - trunk/doc/src/api/file/sc_file_free.xml, - trunk/doc/src/api/file/sc_file_new.xml, - trunk/doc/src/api/file/sc_list_files.xml, - trunk/doc/src/api/file/sc_read_binary.xml, - trunk/doc/src/api/file/sc_read_record.xml, - trunk/doc/src/api/file/sc_select_file.xml, - trunk/doc/src/api/file/sc_update_binary.xml, - trunk/doc/src/api/file/sc_update_record.xml, - trunk/doc/src/api/file/sc_write_binary.xml, - trunk/doc/src/api/file/sc_write_record.xml, - trunk/doc/src/api/init, trunk/doc/src/api/init/chapter.xml, - trunk/doc/src/api/init/sc_card_valid.xml, - trunk/doc/src/api/init/sc_connect_card.xml, - trunk/doc/src/api/init/sc_detect_card_presence.xml, - trunk/doc/src/api/init/sc_disconnect_card.xml, - trunk/doc/src/api/init/sc_establish_context.xml, - trunk/doc/src/api/init/sc_get_cache_dir.xml, - trunk/doc/src/api/init/sc_make_cache_dir.xml, - trunk/doc/src/api/init/sc_release_context.xml, - trunk/doc/src/api/init/sc_set_card_driver.xml, - trunk/doc/src/api/init/sc_wait_for_event.xml, - trunk/doc/src/api/misc, trunk/doc/src/api/misc/chapter.xml, - trunk/doc/src/api/types, trunk/doc/src/api/types/chapter.xml, - trunk/doc/src/api/types/sc_card_t.xml, - trunk/doc/src/api/types/sc_file_t.xml, - trunk/doc/src/api/types/sc_path_t.xml, trunk/doc/src/api/util, - trunk/doc/src/api/util/chapter.xml, - trunk/doc/src/api/util/sc_base64_decode.xml, - trunk/doc/src/api/util/sc_base64_encode.xml, - trunk/doc/src/api/util/sc_der_clear.xml, - trunk/doc/src/api/util/sc_der_copy.xml: Initial checkin of new - docs - -2005-02-22 21:03 nils - - * trunk/src/signer/opensc-crypto.c: bugfix - -2005-02-22 07:59 aet - - * trunk/etc/opensc.conf.example, trunk/src/libopensc/card-flex.c, - trunk/src/libopensc/card.c, trunk/src/libopensc/ctx.c, - trunk/src/libopensc/internal.h, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/pkcs15-syn.c, - trunk/src/libopensc/reader-pcsc.c: - Introduce a new powerful - card_atr mechanism to opensc configuration file to handle any - configuring related to certain card / cards using atrmask. - - Rewrite Martin's force_protocol to _sc_check_forced_protocol() - to make it possible to share the code with other reader driver - implementations than pcsc. - Implement _sc_match_atr_block() to - help out with force protocol and pkcs15 emulation layers, to - find information that's not stored directly to sc_atr_table. - -2005-02-20 08:26 aet - - * trunk/etc/opensc.conf.example, trunk/src/libopensc/ctx.c, - trunk/src/libopensc/internal.h, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/pkcs15-syn.c: - Increase - SC_MAX_READER_DRIVERS / SC_MAX_CARD_DRIVERS - Some cleanups - before future commits - -2005-02-15 14:41 pisi - - * trunk/src/pkcs11/libpkcs11.c: test label - -2005-02-14 09:13 aet - - * trunk/src/libopensc/card-setcos.c: - Typo - -2005-02-14 09:12 aet - - * trunk/src/libopensc/card.c, trunk/src/libopensc/ctx.c, - trunk/src/libopensc/internal.h: - Fix a long-standing issue for - user configured atrs in the configuration file; free allocated - memory from the card_driver structures. - -2005-02-13 18:24 aet - - * trunk/src/libopensc/card-etoken.c, trunk/src/libopensc/cards.h: - - Correct some information for Italian eid cards, I suppose. - -2005-02-13 17:58 sth - - * trunk/src/libopensc/pinpad-ccid.c: Typo fix - -2005-02-13 11:41 aet - - * trunk/src/Makefile.mak: - Fixed a typo (Bernhard Froehlich) - -2005-02-13 08:43 aet - - * trunk/src/sslengines/engine_opensc.c, - trunk/src/sslengines/engine_pkcs11.c, - trunk/src/sslengines/hw_opensc.c, - trunk/src/sslengines/hw_pkcs11.c, - trunk/src/sslengines/p11_rsa.c: - Fix a pin issue with pinpad - readers (Bernhard Froehlich, Martin Paljak) - - UI_add_input_string enhancements (Martin Paljak) - printf - cleanups - -2005-02-12 10:29 aet - - * trunk/QUICKSTART: - Update the atr example output - -2005-02-11 20:43 aet - - * trunk/configure.in: - Merge between opensc / openct - -2005-02-11 20:09 aet - - * trunk/src/libopensc/card-mcrd.c, - trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/pinpad-ccid.c, - trunk/src/libopensc/pkcs15-esteid.c, - trunk/src/libopensc/pkcs15.c, - trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/misc.c, - trunk/src/pkcs11/pkcs11-global.c, - trunk/src/pkcs11/pkcs11-object.c, - trunk/src/pkcs11/pkcs11-session.c, trunk/src/pkcs11/sc-pkcs11.h, - trunk/src/pkcs11/slot.c, trunk/src/sslengines/engine_opensc.c, - trunk/src/tools/opensc-explorer.c, - trunk/src/tools/pkcs11-tool.c, trunk/src/tools/pkcs15-tool.c: - - Whitespace cleanup from me and Martin Paljak - -2005-02-11 20:02 aet - - * trunk/configure.in: - make use of AC_HELP_STRING in configure.in - (Martin Paljak) - -2005-02-11 10:05 aet - - * trunk/src/libopensc/pkcs15.c: - A fix for ISO 7816-15 cards I'm - playing with. No feedback received about the patch, let's move - on. The patch shouldn't affect any current behaviour. - -2005-02-11 10:03 aet - - * trunk/src/libopensc/pinpad-ccid.c: - A patch for belpic and - other global platform pin cards (Martin Paljak) - -2005-02-11 10:01 aet - - * trunk/src/libopensc/Makefile.am: - Add cards.h - -2005-02-10 14:30 aet - - * trunk/docs/opensc.html, trunk/docs/opensc.xml: - Remove entries - from TODO list (Martin Paljak) - -2005-02-10 12:48 aet - - * trunk/src/libopensc/card-flex.c: - Add ATR for a CryptoFlex card - from Mario Strasser, that I forgot to add over six months ago. - -2005-02-10 10:09 aet - - * trunk/src/libopensc/internal.h: - Change sc_atr_table->id to - type, so the name is synced between sc_atr_table and sc_card - structures. - -2005-02-10 10:08 aet - - * trunk/src/libopensc/cards.h: - Add cards.h - -2005-02-10 10:07 aet - - * trunk/src/libopensc/card-belpic.c, - trunk/src/libopensc/card-etoken.c, - trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c, - trunk/src/libopensc/card-jcop.c, - trunk/src/libopensc/card-mcrd.c, - trunk/src/libopensc/card-miocos.c, - trunk/src/libopensc/card-oberthur.c, - trunk/src/libopensc/card-openpgp.c, - trunk/src/libopensc/card-setcos.c, - trunk/src/libopensc/card-starcos.c, - trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/pkcs15-esteid.c, - trunk/src/pkcs15init/pkcs15-gpk.c: - First stab towards - standardized card types - -2005-02-10 09:57 aet - - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/card-oberthur.h, - trunk/src/pkcs15init/pkcs15-oberthur.c: - Remove card-oberthur.h - -2005-02-10 09:56 aet - - * trunk/src/include/opensc/Makefile.am, - trunk/src/libopensc/Makefile.mak: - Add cards.h - -2005-02-09 20:16 aet - - * trunk/src/libopensc/cardctl.h: - Remove outdated comment, part - of the information wasn't even correct. - -2005-02-09 20:03 aet - - * trunk/src/libopensc/card-flex.c, trunk/src/libopensc/cardctl.h: - - Cleanup - -2005-02-09 19:15 aet - - * trunk/src/libopensc/cardctl.h, trunk/src/libopensc/esteid.h, - trunk/src/libopensc/ui.h: - Cleanup - -2005-02-09 14:47 aet - - * trunk/src/libopensc/card-belpic.c, - trunk/src/libopensc/card-gpk.c, - trunk/src/libopensc/card-miocos.c, - trunk/src/libopensc/card-setcos.c, - trunk/src/libopensc/card-starcos.c, - trunk/src/libopensc/card-tcos.c: - Unify a bit the output of - commands like opensc-tool -D - -2005-02-09 14:09 aet - - * trunk/src/libopensc/card.c: - Fix for the previous commit - -2005-02-09 14:07 aet - - * trunk/src/libopensc/card.c: - _sc_match_atr: add support for - atrmask field in sc_atr_table - -2005-02-09 14:05 aet - - * trunk/src/libopensc/card-setcos.c: - Cleanup - * trunk/src/libopensc/internal.h: - Add comments - -2005-02-09 11:37 aet - - * trunk/src/libopensc/card-setcos.c: - Checkpoint commit, add - support for the next generation FinEID cards with ISO/IEC - 7816-15 layout. - -2005-02-09 11:33 aet - - * trunk/src/libopensc/card-belpic.c, - trunk/src/libopensc/card-etoken.c, - trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c, - trunk/src/libopensc/card-jcop.c, - trunk/src/libopensc/card-mcrd.c, - trunk/src/libopensc/card-miocos.c, - trunk/src/libopensc/card-oberthur.c, - trunk/src/libopensc/card-openpgp.c, - trunk/src/libopensc/card-starcos.c, - trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/internal.h: - - Add atrmask to sc_atr_table - -2005-02-08 19:49 nils - - * trunk/src/pkcs15init/pkcs15.profile: remove unused profile entry - -2005-02-08 19:33 nils - - * trunk/src/pkcs15init/pkcs15-lib.c: remove unused define - -2005-02-08 09:51 aet - - * trunk/src/tools/pkcs15-init.c: - Warning fix - -2005-02-07 22:43 nils - - * trunk/src/libopensc/card.c: workaround for broken cashmouse - driver - -2005-02-07 17:03 aet - - * trunk/src/libopensc/dir.c, trunk/src/libopensc/pkcs15-esteid.c, - trunk/src/libopensc/pkcs15-syn.c: - Fixed typos - -2005-02-07 11:40 aet - - * trunk/src/libopensc/card-gpk.c, - trunk/src/libopensc/reader-pcsc.c: - Cleanup - -2005-02-07 10:58 nils - - * trunk/src/libopensc/pkcs15-pin.c: remove outdated comment - -2005-02-07 10:53 nils - - * trunk/src/libopensc/pkcs15-pin.c: fix usage of - sc_pkcs15_pin_info_t::max_length etc. - -2005-02-06 21:38 nils - - * trunk/src/libopensc/pkcs15-openpgp.c: no need to include - internal.h and asn1.h - -2005-02-06 21:34 nils - - * trunk/src/libopensc/pkcs15-openpgp.c: update, note: this totally - untested - -2005-02-06 21:32 nils - - * trunk/src/libopensc/pkcs15-syn.c: fix type flag - -2005-02-06 21:01 nils - - * trunk/src/tools/pkcs15-init.c: const fixes etc. - -2005-02-06 20:46 nils - - * trunk/src/libopensc/pkcs15-infocamere.c, - trunk/src/libopensc/pkcs15-postecert.c: as every card structure - has an own copy of the card ops struc, allocating a new one - shouldn't be necessary - -2005-02-06 20:14 aet - - * trunk/src/libopensc/card.c: - Ahm, fixed a typo in the previous - commit - -2005-02-06 19:40 aet - - * trunk/src/libopensc/card-belpic.c, - trunk/src/libopensc/card-etoken.c, - trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c, - trunk/src/libopensc/card-jcop.c, - trunk/src/libopensc/card-mcrd.c, - trunk/src/libopensc/card-miocos.c, - trunk/src/libopensc/card-oberthur.c, - trunk/src/libopensc/card-openpgp.c, - trunk/src/libopensc/card-setcos.c, - trunk/src/libopensc/card-starcos.c, - trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/ctx.c, trunk/src/libopensc/internal.h, - trunk/src/libopensc/opensc.h, - trunk/src/libopensc/pkcs15-esteid.c, trunk/src/libopensc/sc.c: - - Optimize a few cpu cycles from _sc_match_atr_hex - Replace - struct sc_atr_table / _sc_match_atr with recently introduced - _hex variants - Rewrote _add_atr - Introduce int type variable - to sc_card_t, so that every other card driver won't have to glue - around with this - Card driver cleanups, optimize the number of - sc_match_atr called per card driver. Also always try direct - match with _sc_match_atr first, before relying on eg. historical - bytes information on some card drivers - Fixed a memory leak - from the miocos driver - -2005-02-06 10:28 nils - - * trunk/src/pkcs11/pkcs11-display.c, - trunk/src/pkcs11/pkcs11-display.h, - trunk/src/pkcs11/pkcs11-spy.c: declare some functions static + - some type fixes - -2005-02-06 10:06 aet - - * trunk/src/tools/pkcs11-tool.c, trunk/src/tools/pkcs15-init.c: - - Warning fix - -2005-02-06 09:09 aet - - * trunk/configure.in: - Give up, just use CoreFoundation framework - instead of -lobjc - -2005-02-06 08:57 aet - - * trunk/src/libopensc/card-oberthur.c: - Cleanup - -2005-02-06 08:53 aet - - * trunk/src/pam/pam_support.c: - Warning fix, build fix - -2005-02-05 10:02 nils - - * trunk/src/tools/opensc-tool.c: even more cleanup - -2005-02-05 09:54 nils - - * trunk/src/tools/cryptoflex-tool.c: cleanup - -2005-02-04 22:52 nils - - * trunk/src/tools/pkcs15-crypt.c, trunk/src/tools/pkcs15-tool.c: - declare some functions static plus some type fixes - -2005-02-04 22:33 nils - - * trunk/src/tools/pkcs11-tool.c: remove unreachable code, make - some functions static and fix parameter type - -2005-02-04 22:11 nils - - * trunk/src/libopensc/card-starcos.c: cleanup - -2005-02-04 20:29 aet - - * trunk/src/libopensc/card-belpic.c, - trunk/src/libopensc/card-etoken.c, - trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c, - trunk/src/libopensc/card-jcop.c, - trunk/src/libopensc/card-mcrd.c, - trunk/src/libopensc/card-miocos.c, - trunk/src/libopensc/card-oberthur.c, - trunk/src/libopensc/card-oberthur.h, - trunk/src/libopensc/card-openpgp.c, - trunk/src/libopensc/card-setcos.c, - trunk/src/libopensc/card-starcos.c, - trunk/src/libopensc/card-tcos.c, - trunk/src/libopensc/pkcs15-esteid.c: - Unify all card drivers - ATR matching code to use _sc_match_atr_hex, untested as of yet. - -2005-02-04 18:10 nils - - * trunk/src/tools/opensc-explorer.c: fix some compiler warnings - -2005-02-04 17:32 aet - - * trunk/src/libopensc/pkcs15-postecert.c: - Indent cleanups - -2005-02-04 17:29 aet - - * trunk/src/libopensc/pkcs15-starcert.c: - Revert previous patch, - it's unnecessary after recent changes - -2005-02-04 15:57 aet - - * trunk/src/libopensc/card.c, trunk/src/libopensc/internal.h: - - Introduce _sc_match_atr_hex / struct sc_atr_table_hex. - -2005-02-04 14:38 aet - - * trunk/src/tests/sc-test.c: - Cleanup ATR dumping code - -2005-02-04 11:43 aet - - * trunk/src/libopensc/pkcs15-starcert.c: - Add internal.h, that's - where the config.h and other general stuff comes from. - -2005-02-04 09:27 nils - - * trunk/src/libopensc/pkcs15-esteid.c, - trunk/src/libopensc/pkcs15-netkey.c, - trunk/src/libopensc/pkcs15-starcert.c: use strncpy instead of - snprintf + update of pkcs15-netkey.c - -2005-02-03 22:44 nils - - * trunk/src/libopensc/cardctl.h, trunk/src/libopensc/esteid.h, - trunk/src/libopensc/pinpad-ccid.c, - trunk/src/libopensc/pkcs15-esteid.c, - trunk/src/pkcs11/framework-pkcs15.c: indent fixes and cleanup by - Martin Paljak - -2005-02-02 22:18 nils - - * trunk/src/libopensc/pkcs15-starcert.c: make win compilers happy - (include config.h) - -2005-02-02 21:18 nils - - * trunk/src/libopensc/pkcs15-esteid.c, - trunk/src/libopensc/pkcs15-starcert.c, - trunk/src/libopensc/pkcs15-syn.c, trunk/src/libopensc/pkcs15.h: - first part of a pkcs15 emulation driver cleanup/rework: use new - api the create pkcs15 objects (note: the part enclosed in - '#ifndef OPENSC_NO_DEPRECATED' statement will be removed in - someday). At first only for pkcs15-esteid.c and - pkcs15-starcert.c but the others will follow soon (including - some documentation) - -2005-02-02 10:21 aet - - * trunk/src/libopensc/asn1.h, trunk/src/libopensc/cardctl.h, - trunk/src/libopensc/emv.h, trunk/src/libopensc/errors.h, - trunk/src/libopensc/internal.h, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/types.h, - trunk/src/pkcs15init/keycache.h, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/profile.h, - trunk/src/sslengines/pkcs11-internal.h, - trunk/src/tests/sc-test.h, trunk/src/tools/util.h: - Cleanup, - typo fix - -2005-02-01 19:09 nils - - * trunk/src/libopensc/pkcs15-sec.c: fix indent - -2005-02-01 19:03 nils - - * trunk/src/libopensc/card-starcos.c: add debugging output - -2005-02-01 19:02 nils - - * trunk/src/pkcs11/framework-pkcs15.c: bugfix: reselect - application directory when lock_login=false is set (at the - moment only for pkcs15_prkey_sign and pkcs15_prkey_decrypt), - see: - http://www.opensc.org/pipermail/opensc-devel/2005-January/005345.html - -2005-02-01 07:53 sth - - * trunk/src/libopensc/card-belpic.c: Work-around for the lack of - FCI info, so the card can be used with opensc-explorer - -2005-02-01 07:52 sth - - * trunk/src/libopensc/opensc.h, trunk/src/tools/opensc-explorer.c: - Work-around for cards that don't return FCI info - -2005-01-30 19:20 sth - - * trunk/src/include/winconfig.h, - trunk/src/libopensc/card-belpic.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/opensc.h: Have the option add a delay before - resending an APDU (after a 6CXX response). Is needed for most - current belpic cards on fast readers - -2005-01-30 13:50 aet - - * trunk/src/libopensc/card-belpic.c: - Indent source - -2005-01-30 13:29 aet - - * trunk/src/libopensc/card-belpic.c: - Cleanups - -2005-01-29 12:14 sth - - * trunk/src/libopensc/card-belpic.c: Added belpic card driver - -2005-01-29 12:10 sth - - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/Makefile.mak, trunk/src/libopensc/ctx.c, - trunk/src/libopensc/opensc.h: src/libopensc/card-belpic.c - -2005-01-29 10:51 aet - - * trunk/configure.in: - Show package version when configure is - finished - -2005-01-29 10:49 aet - - * trunk/src/libopensc/ctbcs.c, trunk/src/libopensc/ctbcs.h, - trunk/src/libopensc/ctx.c, trunk/src/libopensc/reader-ctapi.c: - - Add experimental multi-slot support for CT-API and CT-BCS 1.0 - enhancements. (Bernhard Froehlich ) - Enable - CT-API for win32 - -2005-01-29 10:44 aet - - * trunk/src/libopensc/reader-pcsc.c: - Build fix - -2005-01-29 09:13 aet - - * trunk/src/libopensc, trunk/src/libopensc/.cvsignore: Update - -2005-01-29 09:12 aet - - * trunk/Makefile.am: - Require automake 1.5 or later - -2005-01-28 21:22 nils - - * trunk/src/libopensc/card.c: yet another fix - -2005-01-28 20:41 sth - - * trunk/src/libopensc/Makefile.mak: Added pinpad-ccid.obj - -2005-01-28 20:39 sth - - * trunk/src/libopensc/pinpad-ccid.h, - trunk/src/libopensc/reader-pcsc.c: Windows fix: SCARD_CTL_CODE - is already #defined in a Windows header - -2005-01-27 22:52 nils - - * trunk/src/pkcs15init/pkcs15-lib.c: fix last commit - -2005-01-27 21:35 sth - - * trunk/src/libopensc/asn1.c: Fix: stop parsing at the end of the - file, not when finding padding bytes - -2005-01-25 11:45 aet - - * trunk/src/libopensc/reader-pcsc.c: - Build fix - -2005-01-25 11:11 aet - - * trunk/etc/opensc.conf.example, - trunk/src/libopensc/reader-pcsc.c: - Add use_ccid_pin_cmd - boolean to opensc.conf, for now. - -2005-01-24 22:10 nils - - * trunk/src/libopensc/card.c: fix lock/unlock mismatch - -2005-01-24 19:46 aet - - * trunk/src/libopensc/ctbcs.c, trunk/src/libopensc/pinpad-ccid.c: - - Cleanup - -2005-01-24 18:30 aet - - * trunk/configure.in, trunk/src/libopensc/card.c, - trunk/src/libopensc/pinpad-ccid.c, - trunk/src/libopensc/pinpad-ccid.h, - trunk/src/libopensc/reader-pcsc.c: - Early ccid pinpad cleanups, - more to follow - -2005-01-24 17:20 nils - - * trunk/configure.in: add two more options: one for Martin's - pinpad stuff and one for enable/disable logging of sensitive - apdu data - -2005-01-24 17:19 nils - - * trunk/src/libopensc/card.c: make it configurable whether or not - allow logging of sensitive apdu command data at all (to please - the Belgian EID guys ;-) - -2005-01-24 11:31 nils - - * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/pinpad-ccid.c, - trunk/src/libopensc/pinpad-ccid.h, - trunk/src/libopensc/reader-ctapi.c, - trunk/src/libopensc/reader-openct.c, - trunk/src/libopensc/reader-pcsc.c: merge Martin Paljak's ccid - pinpad changes from the OPENSC_0_9 branch to the cvs head - -2005-01-23 19:48 nils - - * trunk/src/tools/pkcs11-tool.c: just issue a warning in case of a - missing attribute, patch supplied by Philipp Marek (with some - changes from me) - -2005-01-23 10:14 aet - - * trunk/aclocal/Makefile.am, trunk/aclocal/pkg.m4: - Add pkg.m4 - for pkg-config depencies - -2005-01-21 18:47 nils - - * trunk/src/tools/opensc-explorer.c: more indent fixes from Martin - Paljak - -2005-01-21 18:31 nils - - * trunk/src/pkcs15init/pkcs15-lib.c: fix more memory leaks - -2005-01-21 18:25 nils - - * trunk/src/tools/pkcs15-init.c: fix memory leak - -2005-01-21 11:06 nils - - * trunk/src/pkcs15init/pkcs15-gpk.c, - trunk/src/pkcs15init/pkcs15-lib.c: fix memory leaks - -2005-01-21 10:04 nils - - * trunk/src/pkcs15init/profile.c: fix memory leak: use object - specific release method - -2005-01-19 20:39 nils - - * trunk/src/tools/opensc-tool.c: print the atr in standard opensc - hex format, patch supplied by Martin Paljak - -2005-01-19 20:12 nils - - * trunk/src/pkcs11/pkcs11-object.c: even more indent issues - -2005-01-19 19:56 nils - - * trunk/src/libopensc/card-mcrd.c: fix debug message + remove - empty lines, patch supplied by Martin Paljak - -2005-01-19 19:52 nils - - * trunk/src/pkcs11/slot.c: fix indent again - -2005-01-19 18:15 nils - - * trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/misc.c, - trunk/src/pkcs11/pkcs11-display.c, - trunk/src/pkcs11/pkcs11-global.c, - trunk/src/pkcs11/pkcs11-object.c, - trunk/src/pkcs11/pkcs11-session.c, - trunk/src/pkcs11/pkcs11-spy.c, trunk/src/pkcs11/sc-pkcs11.h, - trunk/src/pkcs11/slot.c: some indent fixes from Martin Paljak - plus some additional changes from me - -2005-01-19 16:17 nils - - * trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/pkcs15-sec.c, - trunk/src/libopensc/reader-pcsc.c, trunk/src/libopensc/sec.c: - fix indent, patch supplied by Martin Paljak - -2005-01-19 16:12 nils - - * trunk/src/tools/pkcs11-tool.c: don't print key length in case of - a private key (as private key doesn't have the CKA_MODULUS_BITS - attribute) - -2005-01-19 08:00 nils - - * trunk/src/common/getpass.c, trunk/src/tools/opensc-explorer.c: - fix indent, patch supplied by Martin Paljak - -2005-01-18 21:42 nils - - * trunk/src/libopensc/pkcs15-pin.c, trunk/src/libopensc/sec.c: - cleanup pin handling (set and use sc_pin_cmd_pin->pad_length + - use pkcs15 puk object if existing) - -2005-01-17 09:10 nils - - * trunk/src/libopensc/sec.c: of course we should not do it - -2005-01-16 21:12 sth - - * trunk/src/Makefile.mak, trunk/src/libopensc/Makefile.mak, - trunk/src/pkcs11/Makefile.mak, - trunk/src/sslengines/Makefile.mak, trunk/src/tools/Makefile.mak, - trunk/win32/Make.rules.mak: Simplified the procedure to link - with openssl on Windows: now you only need to slightly change - Make.rules.mak instead of hacking in several Makefile.mak files - -2005-01-16 14:24 aet - - * trunk/src/libopensc/reader-ctapi.c: - Add dynamic loading - support for win32, Bernhard Froehlich - -2005-01-16 13:29 aet - - * trunk/QUICKSTART: - Spell checks - -2005-01-14 23:14 nils - - * trunk/src/pkcs15init/pkcs15-lib.c: in case of SC_AC_UNKNOWN it - doesn't make much sense to verify something + add missing - suppress_errors-- - -2005-01-13 21:52 nils - - * trunk/docs/pkcs15-init.1, trunk/src/tools/pkcs15-init.c, - trunk/src/tools/pkcs15-tool.c: change auth_id -> id, show pin - type, update pkcs15-init manpage - -2005-01-13 20:28 nils - - * trunk/src/libopensc/card-starcos.c, - trunk/src/libopensc/iso7816.c: starcos: use iso decipher, - iso7816: set le to 256 == 0x00 - -2005-01-09 20:10 nils - - * trunk/src/libopensc/pkcs15-pin.c: remove misleading comment - -2005-01-08 10:20 nils - - * trunk/src/libopensc/pkcs15-pin.c: evaluate pkcs15 pin type - -2005-01-07 18:50 nils - - * trunk/src/libopensc/opensc.h: types are unsigned int - -2005-01-04 19:45 aet - - * trunk/src/libopensc/reader-ctapi.c: - fixed a typo, pointed out - by Bernhard Froehlich - -2005-01-03 17:47 nils - - * trunk/src/libopensc/ctx.c: dump version info in the log - -2005-01-03 17:25 nils - - * trunk/src/pkcs11/openssl.c, trunk/src/pkcs11/pkcs11-session.c, - trunk/src/pkcs11/secretkey.c, trunk/src/pkcs15init/keycache.c, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/profile.c: some cleanup + improved error - checking - -2005-01-03 17:20 nils - - * trunk/src/libopensc/asn1.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/ctx.c, trunk/src/libopensc/pkcs15-algo.c, - trunk/src/libopensc/pkcs15.c: some cleanup + improved error - checking - -2004-12-29 23:20 nils - - * trunk/src/libopensc/pkcs15-syn.c: check calloc return value - -2004-12-29 23:11 nils - - * trunk/src/libopensc/pkcs15-syn.c: bugfix, pointed out by David - Mattes - -2004-12-27 14:33 nils - - * trunk/src/libopensc/ctx.c: cleanup - -2004-12-27 13:22 nils - - * trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15-pubkey.c, - trunk/src/libopensc/pkcs15.h: add data field for subject - Common{Private|Public}KeyAttributes - -2004-12-24 23:24 nils - - * trunk/src/libopensc/card-flex.c: implement serial number support - for cryptoflex cards - -2004-12-23 10:49 nils - - * trunk/src/libopensc/asn1.c: fix type, found by T.Fujita - - -2004-12-23 09:28 aet - - * trunk/src/signer/Makefile.am: - Revert the previous patch, as it - broke the snapshot generation and has been broken since.. July? - No new automatic snapshots until some hardware issues have been - solved. - -2004-12-22 10:17 nils - - * trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/pkcs11-global.c: cleanup ... - -2004-12-22 09:54 nils - - * trunk/src/libopensc/cardctl.h, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/pkcs15.h: flags/types are unsigned int, the - exponent shouldn't be negative and more const - -2004-12-22 09:48 nils - - * trunk/src/pkcs15init/keycache.c, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/pkcs15-miocos.c, - trunk/src/pkcs15init/pkcs15-oberthur.c, - trunk/src/pkcs15init/pkcs15-starcos.c, - trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h: - cleanup: -index shadows a variable in /usr/include/string.h - -some signed vs. unsigned issues -and some const cleanup - -2004-12-21 22:38 nils - - * trunk/src/libopensc/card-oberthur.c, - trunk/src/libopensc/card-oberthur.h, - trunk/src/libopensc/cardctl.h: cleanup: signed vs. unsigned and - some const - -2004-12-21 21:52 nils - - * trunk/src/libopensc/pkcs15-openpgp.c: more const ... - -2004-12-21 21:47 nils - - * trunk/src/libopensc/pkcs15-esteid.c: more const - -2004-12-21 21:43 nils - - * trunk/src/libopensc/pkcs15-netkey.c: cleanup: declare structures - as const - -2004-12-21 15:00 nils - - * trunk/src/libopensc/card-miocos.c: signed vs. unsigned - -2004-12-21 14:01 nils - - * trunk/src/libopensc/log.c: char * -> const char * - -2004-12-21 13:56 nils - - * trunk/src/libopensc/ctbcs.c: disable unused functions - -2004-12-21 13:22 nils - - * trunk/src/libopensc/reader-pcsc.c: fix compiler warnings - -2004-12-21 11:03 nils - - * trunk/src/libopensc/reader-pcsc.c: remove superfluous code, - Martin Paljak - -2004-12-21 09:54 nils - - * trunk/etc/opensc.conf.example, trunk/src/libopensc/ctx.c, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/reader-pcsc.c: - force_protocol cleanup from Martin Paljak - -2004-12-20 20:05 nils - - * trunk/src/tools/pkcs11-tool.c: fix help message (supplied by - Philipp Marek) - -2004-12-20 19:44 nils - - * trunk/src/pkcs11/framework-pkcs15.c: fix public key reference - -2004-12-20 08:03 nils - - * trunk/src/tools/opensc-tool.c: dump serial number only if we - have one - -2004-12-18 14:14 nils - - * trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-data.c, - trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15-pubkey.c, - trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h, - trunk/src/pkcs11/framework-pkcs15.c: fix memory leak, cleanup: - use object specific release method - -2004-12-16 08:50 nils - - * trunk/docs/opensc-tool.1, trunk/src/tools/opensc-tool.c: serial - number support for opensc-tool - -2004-12-15 19:59 nils - - * trunk/src/libopensc/card-gpk.c: implement serial number support - for gpk 16k cards - -2004-12-15 18:18 aet - - * trunk/configure.in: - Big bunch of OpenSSL and some other fixes - -2004-12-15 18:10 aet - - * trunk/src/libopensc/Makefile.am, - trunk/src/sslengines/Makefile.am: - Cleanups - -2004-12-15 18:01 aet - - * trunk/src/libopensc/card-oberthur.c: - Build fixes - -2004-12-15 17:34 nils - - * trunk/src/libopensc/card-etoken.c, - trunk/src/libopensc/card-oberthur.c, - trunk/src/libopensc/card-openpgp.c, - trunk/src/libopensc/pkcs15-esteid.c, - trunk/src/libopensc/pkcs15-infocamere.c, - trunk/src/libopensc/pkcs15-netkey.c, - trunk/src/libopensc/pkcs15-openpgp.c, - trunk/src/libopensc/pkcs15-postecert.c, - trunk/src/libopensc/pkcs15-starcert.c: cleanup ... - -2004-12-15 15:42 aet - - * trunk/src/include/winconfig.h: - Update version for win32 build - -2004-12-15 14:47 aet - - * trunk/src/pkcs15init/pkcs15-oberthur.c: - Cleanup - -2004-12-15 13:57 aet - - * trunk/ANNOUNCE, trunk/NEWS, trunk/QUICKSTART: - Preparations for - the next release - -2004-12-15 13:53 aet - - * trunk/src/libopensc/card-starcos.c, - trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/ctx.c, - trunk/src/libopensc/pkcs15-esteid.c, - trunk/src/libopensc/pkcs15-infocamere.c, - trunk/src/libopensc/pkcs15-netkey.c, - trunk/src/libopensc/pkcs15-postecert.c, - trunk/src/libopensc/pkcs15-starcert.c, - trunk/src/libopensc/reader-ctapi.c, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/pkcs15-oberthur.c, - trunk/src/pkcs15init/pkcs15-starcos.c, - trunk/src/scam/cert_support.c, trunk/src/sslengines/p11_rsa.c, - trunk/src/tools/opensc-explorer.c, - trunk/src/tools/pkcs11-tool.c: - Build / warning fixes - -2004-12-15 10:56 aet - - * trunk/src/libopensc/card-mcrd.c, - trunk/src/libopensc/card-oberthur.c, - trunk/src/libopensc/pkcs15-esteid.c, - trunk/src/pkcs15init/pkcs15-oberthur.c, - trunk/src/sslengines/engine_pkcs11.c: - Convert C++ comments - into C to avoid compiler errors on some platforms - -2004-12-15 09:35 nils - - * trunk/src/libopensc/card-jcop.c, - trunk/src/libopensc/card-mcrd.c, - trunk/src/libopensc/card-oberthur.c, - trunk/src/libopensc/iso7816.c, - trunk/src/libopensc/pkcs15-infocamere.c: cleanup: declare local - functions as static, renamed shadowed variables etc. - -2004-12-15 08:38 nils - - * trunk/src/libopensc/card-flex.c: cleanup - -2004-12-13 20:58 nils - - * trunk/src/libopensc/padding.c: do a memcpy only if source and - dest are different - -2004-12-13 11:24 nils - - * trunk/src/libopensc/card-etoken.c: local functions should be - static - -2004-12-13 09:48 nils - - * trunk/src/libopensc/ctx.c: don't close stdout/stderr - -2004-12-12 21:51 nils - - * trunk/src/libopensc/pkcs15-pubkey.c: fix memory leak - -2004-12-12 20:41 nils - - * trunk/src/libopensc/ctx.c: close files when the context is - destroyed - -2004-12-12 19:13 nils - - * trunk/src/pkcs11/framework-pkcs15.c: use object specific release - method (if existing) - -2004-12-12 17:17 nils - - * trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-starcert.c: fix (potential) memory - leak - -2004-12-09 08:23 nils - - * trunk/src/tools/pkcs11-tool.c: bugfix: don't try to get the - CKA_MODULUS_BITS attribute from a private key - -2004-12-08 20:57 nils - - * trunk/src/libopensc/pkcs15-syn.c: fix memory leak - -2004-12-05 19:04 aj - - * trunk/configure.in: the big openssl fix. hope everything still - works. - -2004-12-05 19:03 aj - - * trunk/src/libopensc/pkcs15-infocamere.c, - trunk/src/libopensc/pkcs15-postecert.c: make functions static, - so the names don't conflict. - -2004-12-05 16:35 nils - - * trunk/src/libopensc/card-etoken.c: suppress error message when - testing signature alg - -2004-11-30 21:32 aj - - * trunk/src/sslengines/engine_opensc.c, - trunk/src/sslengines/engine_opensc.h, - trunk/src/sslengines/hw_opensc.c: new pin handling to make - opensc engine work with wpa-supplicant. - -2004-11-26 08:43 nils - - * trunk/src/libopensc/pkcs15-syn.c: bugfix - -2004-11-24 17:00 nils - - * trunk/etc/opensc.conf.example, trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/Makefile.mak, - trunk/src/libopensc/pkcs15-postecert.c, - trunk/src/libopensc/pkcs15-syn.c: add pkcs15 emulation support - for the Italian postecert card - -2004-11-15 09:39 nils - - * trunk/src/pkcs15init/etoken.profile: try to avoid conflicts with - file ids of different file types - -2004-11-12 19:49 sth - - * trunk/src/sslengines/engine_pkcs11.c: Don't check if the token - is initialised - -2004-11-12 16:59 nils - - * trunk/src/pkcs15init/gpk.profile: try to avoid conflicts with - file ids of different file types - -2004-11-05 21:04 nils - - * trunk/src/libopensc/pkcs15-infocamere.c: bugfix from Antonio - Iacono - -2004-11-05 18:48 aj - - * trunk/docs/opensc-es.html: add spanish translation. - -2004-11-05 18:31 aj - - * trunk/src/libopensc/libpkcs15init.pc.in, - trunk/src/libopensc/libscam.pc.in, - trunk/src/libopensc/libscconf.pc.in, - trunk/src/libopensc/libscldap.pc.in: add more *.pc files for all - other libraries as well. - -2004-11-05 18:30 aj - - * trunk/configure.in, trunk/docs/Makefile.am, - trunk/docs/opensc-es.xml, trunk/src/libopensc/Makefile.am: Add - spanish manual by Jonsy (teleline) - -2004-11-04 19:14 aj - - * trunk/configure.in, trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/libopensc.pc.in, - trunk/src/openscd/Makefile.am, trunk/src/pam/Makefile.am, - trunk/src/pkcs15init/Makefile.am, trunk/src/sia/Makefile.am, - trunk/src/tests/Makefile.am, trunk/src/tools/Makefile.am: build - fixes by Vile Skytt�. - -2004-11-03 21:39 nils - - * trunk/src/libopensc/pkcs15-infocamere.c: bugfix from Antonio - Iacono - -2004-11-03 18:14 nils - - * trunk/src/tools/pkcs11-tool.c: check only for attributes which - can be present - -2004-11-02 21:46 nils - - * trunk/src/libopensc/pkcs15-infocamere.c: update for the - Infocamere support, supplied by Antonio Iacono - -2004-11-01 21:13 aj - - * trunk/src/libopensc/card-mcrd.c: fix select_file in mcrd. by - Martin Paljak - -2004-11-01 11:41 aj - - * trunk/etc/opensc.conf.example, trunk/src/libopensc/card-mcrd.c: - clarify micardo situtation. - -2004-10-29 20:08 nils - - * trunk/src/libopensc/card.c, trunk/src/libopensc/ctx.c, - trunk/src/libopensc/pkcs15.c: cleanup - -2004-10-27 16:10 nils - - * trunk/src/libopensc/ui.c: fix last commit - -2004-10-27 06:41 nils - - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/Makefile.mak, - trunk/src/libopensc/internal.h, trunk/src/libopensc/module.c: - remove obsolete module support in libopensc (scdl should now be - used) - -2004-10-27 05:10 sth - - * trunk/src/pkcs11/Makefile.mak, trunk/src/tools/Makefile.mak: - scdl.lib needed for for the link step due to the recent changes - in dynamic loading - -2004-10-25 10:43 nils - - * trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/profile.h: support for dynamic pkcs15init - drivers - -2004-10-24 17:20 nils - - * branches/opensc-0.9/src/pkcs15init/profile.c, - trunk/src/tools/pkcs15-init.c: fix memory leak - -2004-10-24 17:17 nils - - * trunk/src/pkcs15init/profile.c: fix memory leak - -2004-10-22 07:29 nils - - * trunk/src/libopensc/card-mcrd.c, trunk/src/libopensc/opensc.h: - two patches from Marin Paljak : - - remove unnecessary function from the reader ops - add a field - for pinpad support - cleanup + fix indent in card-mcrd.c - -2004-10-20 06:53 nils - - * trunk/src/libopensc/reader-ctapi.c: sc_module_*() -> scdl_*() - -2004-10-18 21:35 nils - - * trunk/src/libopensc/reader-ctapi.c, trunk/src/libopensc/ui.c: - sc_module_*() -> scdl_*() - -2004-10-18 08:24 nils - - * trunk/docs/opensc.xml, trunk/etc/opensc.conf.example, - trunk/src/libopensc/ctx.c, trunk/src/libopensc/opensc.h: - implement dynamic card/reader support from Juan Antonio Martinez - (with some input from me) - -2004-10-17 20:40 nils - - * trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/sec.c: fix - compiler warnings - -2004-10-17 20:20 nils - - * trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: some - cleanup: 'int' -> 'unsigned int' for flags, 'int' -> 'size_t' - for length + remove some compiler warnings - -2004-10-17 18:34 nils - - * trunk/src/libopensc/dir.c: fix compiler warnings - -2004-10-17 16:46 nils - - * trunk/src/libopensc/pkcs15.h: flags should be stored in a - 'unsigned int' (at least this seems to be the convention in - libopensc) => change tokenInfo flags from 'unsigned long' to - 'unsigned int' - -2004-10-17 16:20 nils - - * trunk/src/libopensc/sc.c: fix signed vs. unsigned mismatch - -2004-10-17 15:59 nils - - * trunk/src/libopensc/pkcs15-syn.c: sc_module_* -> scdl_* - -2004-10-14 06:37 nils - - * trunk/src/libopensc/dir.c: suppress annoying (but unimportant) - error message - -2004-10-13 19:07 nils - - * trunk/src/libopensc/pkcs15-cache.c: fix compiler warning - -2004-10-13 18:57 nils - - * trunk/etc/opensc.conf.example: update opensc.conf for the new - pkcs15 emulation stuff - -2004-10-13 18:54 nils - - * trunk/src/libopensc/card.c: fix int vs. size_t mismatch - -2004-10-13 18:02 nils - - * trunk/src/scdl/scdl.c: initialize pointer to NULL - -2004-10-13 07:19 sth - - * trunk/src/pkcs15init/cyberflex.profile, - trunk/src/pkcs15init/flex.profile: Added info for EF data files - -2004-10-12 19:36 sth - - * trunk/src/sslengines/p11_rsa.c: Added RSA decryption (Robert - Pragai) - -2004-10-12 06:24 nils - - * trunk/docs/sc_release_context.3: bugfix from Hubert Sokolowski - - -2004-10-11 21:22 nils - - * trunk/src/sslengines/engine_opensc.c, - trunk/src/sslengines/engine_opensc.h: u_char -> unsigned char - -2004-10-08 21:29 nils - - * trunk/src/libopensc/module.c, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/pkcs15-esteid.c, - trunk/src/libopensc/pkcs15-infocamere.c, - trunk/src/libopensc/pkcs15-netkey.c, - trunk/src/libopensc/pkcs15-openpgp.c, - trunk/src/libopensc/pkcs15-starcert.c, - trunk/src/libopensc/pkcs15-syn.c, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/pkcs15.h: update pkcs15 emulation stuff - -2004-10-08 21:25 nils - - * trunk/src/scdl/scdl.c: don't search the LD_LIBARY_PATH in case - of a absolute path - -2004-10-08 07:11 aj - - * trunk/src/sslengines/engine_pkcs11.c: forget pin if it was wrong. - -2004-10-06 14:07 sth - - * trunk/src/tools/pkcs15-init.c: If you do pkcs15-init -C with the - onepin option, you can now specify --pin and --puk instead of - --so-pin and --so-puk (also allowed for backward compatibility) - -2004-09-28 20:06 nils - - * trunk/src/libopensc/card-starcos.c, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/pkcs15-starcos.c, - trunk/src/pkcs15init/starcos.profile: fix starcos spk 2.3 - "onepin" profile support - -2004-09-27 08:38 sth - - * trunk/src/tools/pkcs11-tool.c: Don't use 0 as input to test - signature-verification - -2004-09-24 08:54 nils - - * trunk/src/libopensc/pkcs15-netkey.c: improved card detection + - cleanup - -2004-09-20 09:47 nils - - * trunk/src/libopensc/asn1.c, trunk/src/libopensc/base64.c, - trunk/src/libopensc/ctx.c, trunk/src/libopensc/log.c, - trunk/src/libopensc/padding.c: fix some compiler warnings - -2004-09-19 19:50 nils - - * trunk/src/libopensc/pkcs15-infocamere.c, - trunk/src/libopensc/pkcs15-netkey.c, - trunk/src/libopensc/pkcs15-starcert.c: correct tries_left entries - -2004-09-19 19:47 nils - - * trunk/src/tools/pkcs15-tool.c: print 'tries_left' only if the - value is >= 0 - -2004-09-17 19:27 nils - - * trunk/src/libopensc/card-tcos.c, - trunk/src/libopensc/pkcs15-netkey.c: add support for - sc_card_ctl(*, SC_CARDCTL_GET_SERIALNR, *) for TCOS cards (and - use it in the netkey support) - -2004-09-17 19:13 nils - - * trunk/src/libopensc/card-starcos.c, - trunk/src/libopensc/pkcs15-starcert.c, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/tools/pkcs15-init.c: rename "StarCOS" -> "STARCOS SPK - 2.3" - -2004-08-31 17:31 nils - - * trunk/src/libopensc/reader-pcsc.c: fix definition of - SCARD_PROTOCOL_ANY patch supplied by Ludovic Rousseau - - -2004-08-25 20:55 nils - - * trunk/src/tools/pkcs15-tool.c: fix tab indentation and adds the - tries left field to the --list-pins output patch supplied by - Martin Paljak - -2004-08-25 20:45 nils - - * trunk/src/libopensc/ctbcs.c: bugfix: fix segfaults when using a - pin-pad for pin verification thanks to Joachim Bauch - - -2004-08-21 14:26 nils - - * trunk/docs/pkcs15-crypt.1, trunk/src/tools/pkcs15-crypt.c: add - "--raw" option patch supplied by Jari Eskelinen - - -2004-08-21 14:24 nils - - * trunk/src/pkcs15init/pkcs15-starcos.c: bugfix - -2004-08-21 10:54 nils - - * trunk/src/pkcs15init/pkcs15-lib.c: two small fixes to let - pkcs15-init work with starcos spk 2.3 - -2004-08-21 10:53 nils - - * trunk/src/libopensc/card-starcos.c, - trunk/src/pkcs15init/pkcs15-starcos.c, - trunk/src/pkcs15init/starcos.profile: update starcos spk 2.3 - pkcs15-init support change summary: - some bug fixes - support - for global so-pins - use so-pin (if present) to protect key - creation etc. - -2004-08-19 08:55 nils - - * trunk/src/libopensc/ctx.c, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/reader-pcsc.c: add support to force pcsc to - use a certain protocol patch supplied by Martin Paljak - - -2004-08-19 08:41 nils - - * trunk/src/libopensc/card-mcrd.c: add additional atr patch - supplied by Martin Paljak - -2004-08-19 08:39 nils - - * trunk/src/libopensc/ctx.c: move the emv driver to the end of list - -2004-08-14 13:43 nils - - * trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/tools/pkcs15-tool.c, trunk/src/tools/util.c, - trunk/src/tools/util.h: improve pkcs15-init + pkcs15-tool - support for data objects - -2004-08-05 22:34 nils - - * trunk/src/sslengines/engine_opensc.c, - trunk/src/sslengines/engine_pkcs11.c: set ui_method if and only - if it's not NULL patch supplied by Michael Bell - -2004-08-05 22:28 nils - - * trunk/src/sslengines/engine_opensc.c: improved error detection - -2004-08-05 22:27 nils - - * trunk/configure.in: fix openssl detection, patch supplied by - Victor Tarasov - -2004-07-28 20:02 nils - - * trunk/PAM_README, trunk/docs/opensc-explorer.1, - trunk/docs/pkcs15-crypt.1, trunk/docs/pkcs15-init.1, - trunk/docs/pkcs15-tool.1, - trunk/docs/sc_pkcs15_compute_signature.3: minor docu update - thanks to Ville Skytt� - -2004-07-27 19:14 nils - - * trunk/src/sslengines/engine_opensc.c: set padding flags - accordingly (for the decipher operation) - -2004-07-26 19:18 nils - - * trunk/src/tools/pkcs15-tool.c: improve output for pkcs15 data - objects - -2004-07-26 18:47 nils - - * trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/pkcs11-global.c, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/tools/pkcs11-tool.c, trunk/src/tools/pkcs15-init.c, - trunk/src/tools/util.c, trunk/src/tools/util.h: pkcs15-init etc. - support for pkcs15 data objects patch supplied by Victor Tarasov - - -2004-07-26 04:53 aj - - * trunk/src/scconf/Makefile.am, trunk/src/scldap/Makefile.am: - properly split LDFLAGS into LDADD and LDFLAGS to make parallel - build work. Thanks to Ville Skytt�. - -2004-07-25 12:35 aj - - * trunk/ANNOUNCE, trunk/Makefile.am, trunk/NEWS, trunk/PAM_README, - trunk/QUICKSTART, trunk/configure.in: small configure - improvements, documentation updates. - -2004-07-24 21:08 aj - - * trunk/src/scam/p15_eid.c: Permission checks and support for - several certificates in the authorized_certificates file. Code - written by Fritz Elfert. - -2004-07-23 20:29 nils - - * trunk/src/libopensc/pkcs15-data.c: fix default values for OIDs - patch supplied by Victor Tarasov - -2004-07-23 16:52 nils - - * trunk/src/libopensc/card-oberthur.c: one more ATR for Oberthur - 64K card patch supplied by Victor Tarasov - -2004-07-23 16:11 nils - - * trunk/src/libopensc/asn1.c: fix ASN1 NULL handling and avoid - malloc(0) - -2004-07-22 20:52 aj - - * trunk/src/libopensc/card-oberthur.c: There is a problem with - decipher() of the oberthur card driver. Manifested when caller - allocates more then needed memory for the result. Thanks to the - regression tests, Viktor. - -2004-07-21 22:11 aj - - * trunk/src/tools/pkcs11-tool.c: Bug found by Stef Hoeben. - -2004-07-21 22:10 aj - - * trunk/src/libopensc/Makefile.mak: Typo found by Stef Hoeben. - -2004-07-21 22:02 aj - - * trunk/src/tools/Makefile.am: pkcs11-tool and pkcs15-crypt use - libcrypto, so they need to link with it. Found by Dirk Gouders. - -2004-07-21 21:56 aj - - * trunk/configure.in: fix a typo. - -2004-07-20 22:11 aj - - * trunk/QUICKSTART: Add a quick start file, a simple text document. - * trunk/Makefile.am: Add some text documentation. - -2004-07-20 20:52 aj - - * trunk/configure.in, trunk/src/libopensc/reader-pcsc.c: Deal with - new pcsc-lite code changes. - -2004-07-19 19:37 aj - - * trunk/configure.in, trunk/src/libopensc/Makefile.am: try - pkg-config, fall back to conventional code. - -2004-07-19 16:58 nils - - * trunk/src/pkcs15init/pkcs15-lib.c: try to get the card serialnr - via sc_card_ctl (unless it has been explicitly specified by the - user) - -2004-07-19 16:51 nils - - * trunk/src/libopensc/card-etoken.c, - trunk/src/libopensc/card-starcos.c, - trunk/src/libopensc/cardctl.h, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/pkcs15-starcert.c: experimental support for - card serial numbers (at first only for starcos spk 2.3 and - cardos m4) - -2004-07-19 16:18 nils - - * trunk/src/libopensc/card-oberthur.h: int -> size_t - -2004-07-19 16:12 nils - - * trunk/src/libopensc/card-oberthur.c, - trunk/src/libopensc/pkcs15-infocamere.c, - trunk/src/libopensc/sec.c: fix compiler warning - -2004-07-19 15:42 nils - - * trunk/src/libopensc/card-oberthur.c: support OpenSSL version < - 0.9.7 in card-oberthur.c - -2004-07-14 22:11 aj - - * trunk/src/libopensc/card-mcrd.c: kill two warnings about unused - variables. - -2004-07-14 21:13 aj - - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/Makefile.mak, - trunk/src/libopensc/card-mcrd.c, trunk/src/libopensc/esteid.h, - trunk/src/libopensc/pkcs15-esteid.c, - trunk/src/libopensc/pkcs15-syn.c: Add support for Estonian ID - card. Written by Martin Paljak. - -2004-07-12 15:19 nils - - * trunk/src/common/getpass.c: fix off-by-one bug, pointed out by - Michael Bell - -2004-07-12 08:42 nils - - * trunk/src/tools/pkcs15-init.c: check return value - -2004-07-12 08:26 nils - - * trunk/src/tools/pkcs15-init.c: fix/cleanup passphrase input - Michael Bell and Nils Larsch - -2004-07-09 21:33 aj - - * trunk/configure.in: As far as I know we did some incompatible - changes since 0.8.1 - -2004-07-09 21:30 aj - - * trunk/src/openssh/Makefile.am: add README and ask-for-pin.diff - to the distribution. - -2004-07-09 21:28 aj - - * trunk/src/tests/regression/Makefile.am: Add missing scripts - init0012 pin0001 pin0002 to distribution. - -2004-07-09 15:33 sth - - * trunk/src/pkcs11/slot.c: Fix: if a card couldnt be read (e.g. - inverted upside down), allow to retry it later when asked - -2004-07-09 15:31 sth - - * trunk/src/libopensc/reader-pcsc.c: Fix: don't free anything in - the connect() function because it can be called multiple times - -2004-06-30 21:37 aj - - * trunk/src/openssh/README, trunk/src/openssh/ask-for-pin.diff: a - small patch to make openssh ask for a pin. and a README. this - patch is a hack, not production quality, and will not be - accepted by openssh. But a clean solution requires changes in - openssh, and that will not be easy. - -2004-06-30 21:35 aj - - * trunk/src/openssh/Makefile.am: Add current patch for openssh so - it can ask for the pin. - -2004-06-30 17:26 nils - - * trunk/src/libopensc/card-tcos.c: fix TCOS decipher operation - -2004-06-29 20:34 aj - - * trunk/configure.in, trunk/src/sslengines/Makefile.am: openssl - 0.9.7d and later require and support linking engines with - -lcrypto. for older versions we need to link with libcrypto.a or - skip the engines alltogether. - -2004-06-28 22:54 aj - - * trunk/src/signer/Makefile.am: small makefile improvement by - Ville Skytt� - -2004-06-28 16:42 nils - - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/Makefile.mak, - trunk/src/libopensc/pkcs15-netkey.c, - trunk/src/libopensc/pkcs15-syn.c: add support for Telesec NetKey - cards (still experimental) - -2004-06-25 15:44 nils - - * trunk/src/tools/pkcs15-init.c: use opt_passphrase, if present, - before asking the user patch supplied by Michael Bell - - -2004-06-24 17:25 nils - - * trunk/src/tools/opensc-explorer.c: Add two new commands: - update_binary and update_record. update_binary can be used to - write arbitrary data data (entered as hex values) to transparent - files and update_record can be used to do the same to record - files. Patch supplied by Victor Tarasov - and Nils Larsch - -2004-06-24 17:03 nils - - * trunk/src/pkcs15init/oberthur.profile: patch supplied by Victor - Tarasov - -2004-06-24 06:29 nils - - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/Makefile.mak, - trunk/src/libopensc/pkcs15-starcert.c, - trunk/src/libopensc/pkcs15-syn.c: add (partial) pkcs15 emu - support for StarCert V2.2 cards - -2004-06-22 17:46 nils - - * trunk/src/pkcs15init/pkcs15-starcos.c: clean up access rights - for updating pin/puk - -2004-06-21 21:20 nils - - * trunk/src/libopensc/card-flex.c: use the padding character from - the pkcs15 objects - -2004-06-20 13:37 aj - - * trunk/src/libopensc/card-oberthur.c: the older generation of - oberthur card is not supported by the current driver. better not - detect them at all. - -2004-06-18 20:49 nils - - * trunk/src/libopensc/pkcs15-cert.c: fix usage of asn1 flags - -2004-06-18 09:33 aj - - * trunk/src/libopensc/card-etoken.c: One more italian eID card, - this time from gemplus. reported by Antonio Iacono. - -2004-06-18 09:30 aj - - * trunk/src/libopensc/Makefile.mak, - trunk/src/pkcs15init/Makefile.mak: Also add oberthur files to - Makefile.mak. oops, sorry for forgetting. Reported by novakv and - fixed by Nils Larsch. - -2004-06-18 09:12 aj - - * trunk/src/tools/cardos-info.c, - trunk/src/tools/cryptoflex-tool.c, - trunk/src/tools/opensc-explorer.c, - trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs11-tool.c, - trunk/src/tools/pkcs15-crypt.c, trunk/src/tools/pkcs15-tool.c: - fix short options as well. - -2004-06-16 20:59 aj - - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/card-oberthur.c, - trunk/src/libopensc/card-oberthur.h, - trunk/src/libopensc/cardctl.h, trunk/src/libopensc/ctx.c, - trunk/src/libopensc/opensc.h, trunk/src/pkcs15init/Makefile.am, - trunk/src/pkcs15init/oberthur.profile, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/pkcs15-oberthur.c, - trunk/src/pkcs15init/pkcs15.profile: Very basic and untested - oberthur driver. Could possibly work, as only non-essential - parts stripped (or at least that was the plan). Written by - Viktor Tarasov of idealx. All bugs by Andreas Jellinghaus, - please don't blame anyone else. - -2004-06-13 20:13 aj - - * trunk/docs/cardos-info.1, trunk/docs/cryptoflex-tool.1, - trunk/docs/opensc-explorer.1, trunk/docs/opensc-tool.1, - trunk/docs/pkcs11-tool.1, trunk/docs/pkcs15-crypt.1, - trunk/docs/pkcs15-init.1, trunk/docs/pkcs15-tool.1, - trunk/src/sslengines/engine_opensc.c, - trunk/src/sslengines/engine_pkcs11.c, - trunk/src/sslengines/engine_pkcs11.h, - trunk/src/sslengines/hw_pkcs11.c, - trunk/src/tests/regression/functions, - trunk/src/tools/cardos-info.c, - trunk/src/tools/cryptoflex-tool.c, - trunk/src/tools/opensc-explorer.c, - trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs11-tool.c, - trunk/src/tools/pkcs15-crypt.c, trunk/src/tools/pkcs15-init.c, - trunk/src/tools/pkcs15-tool.c, trunk/src/tools/util.c, - trunk/src/tools/util.h: cleanup debug/quiet/verbose handling. - now all tools accept "-v" for verbose operation, and you can - specify -v several times to get more verbose i.e. debugging - output. - -2004-06-13 20:04 aj - - * trunk/src/tools/pkcs15-init.c: oops, forgot the select. - -2004-06-13 19:45 aj - - * trunk/src/tools/pkcs15-init.c: fixed a small bug (!= instead of - ==) and made the code hopefully more readable. - -2004-06-09 18:40 nils - - * trunk/src/scam/cert_support.c, trunk/src/scam/p15_ldap.c: - replace X509_NAME_oneline with X509_NAME_print_ex Patch supplied - by Gregor Kroesen and Nils Larsch - -2004-06-08 20:22 nils - - * trunk/src/sslengines/engine_pkcs11.c: fix module name handling - patch supplied by Michael Bell - -2004-05-30 16:23 nils - - * trunk/src/scam/cert_support.c: don't omit the first extension - Thanks to Gregor Kroesen - -2004-05-21 10:15 nils - - * trunk/src/libopensc/dir.c: fix usage flag Thanks to Peter Koch - - -2004-05-20 09:36 nils - - * trunk/src/libopensc/pkcs15-sec.c: only set the key_reference if - present Thanks to Andrej Komelj - -2004-05-20 09:09 nils - - * trunk/src/libopensc/pkcs15-pin.c: call sc_select_file only if - pin->path is actually set Thanks to Andrej Komelj - - -2004-05-04 18:13 nils - - * trunk/src/libopensc/pkcs15-infocamere.c: add pkcs15-syn support - for infocamere cards - -2004-05-04 18:12 nils - - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/Makefile.mak, - trunk/src/libopensc/pkcs15-syn.c: add pkcs15-syn support for - infocamere card - -2004-05-04 17:58 nils - - * trunk/src/libopensc/pkcs15-openpgp.c, - trunk/src/libopensc/pkcs15-syn.c, trunk/src/libopensc/pkcs15.h: - include common object attributes in the sc_pkcs15emu_add_* api - -2004-04-27 17:41 nils - - * trunk/src/libopensc/reader-pcsc.c: proper checking of the - SCardListReaders return values - -2004-04-23 17:29 nils - - * trunk/src/libopensc/pkcs15-pin.c: use pin_cmd for - sc_pkcs15_change_pin and sc_pkcs15_unblock_pin as well - -2004-04-22 07:04 aj - - * trunk/src/tools/pkcs11-tool.c: oops. O_BINARY is for windows, - not linux. - -2004-04-21 21:11 aj - - * trunk/src/pkcs11/slot.c: better checking for null values. found - and fixed reported by Victor Tarasov - -2004-04-21 20:11 nils - - * trunk/src/tools/pkcs15-init.c: "--assert-pristine" workaround - for Starcos cards (see comment in the patch) - -2004-04-21 18:10 nils - - * trunk/src/libopensc/asn1.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/pkcs15-algo.c, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/sc.c, trunk/src/scconf/scconf.c, - trunk/src/scconf/write.c, trunk/src/sslengines/p11_cert.c, - trunk/src/sslengines/p11_key.c: fix incorrect use of realloc (x - = realloc(x, y) doesn't free the x in case of a failure) - -2004-04-21 16:52 nils - - * trunk/src/libopensc/dir.c: fix memory leak Discovered by Victor - Tarasov (thanks) - -2004-04-21 07:41 aj - - * trunk/src/pkcs15init/Makefile.mak: Add pkcs15-starcos to windows - makefile. - -2004-04-21 07:33 aj - - * trunk/src/tools/pkcs11-tool.c: Open file with O_BINARY on - windows. - -2004-04-18 18:42 nils - - * trunk/src/pkcs15init/keycache.c: remove pointer to freed secret - object Patch supplied by Victor Tarasov - -2004-04-18 18:14 aj - - * trunk/src/sslengines/p11_rsa.c: Adds message digest and DER - encoding if necessary. Patch by Mathias Brossard - - -2004-04-18 18:06 aj - - * trunk/src/sslengines/engine_pkcs11.c: Converts all printf(...) - tofprintf(stderr, ...) and condition output on all non-error - calls to the'quiet' (pre-existing) variable. Patch by Mathias - Brossard - -2004-04-18 18:05 aj - - * trunk/src/sslengines/engine_pkcs11.c, - trunk/src/sslengines/engine_pkcs11.h, - trunk/src/sslengines/hw_pkcs11.c: adds three options PIN, QUIET, - VERBOSE to theengine allowing respectively to set the PIN code, - reduce output, augmentoutput. First one is obvious, the 2 others - need the second patch to beuseful. Patch by Mathias Brossard - - -2004-04-17 22:21 nils - - * trunk/src/sslengines/engine_opensc.c: add support for split keys - in engine_opensc.c (backported from the opensc stuff in openssh) - Thanks to Neil Dunbar - -2004-04-17 09:25 nils - - * trunk/src/tools/pkcs15-init.c: add support for "finalize" to - pkcs15-init to activate the ACs for starcos - -2004-04-17 09:23 nils - - * trunk/src/pkcs15init/Makefile.am, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c: bind the new starcos spk 2.3 - support to the pkcs15init code - -2004-04-17 09:20 nils - - * trunk/src/pkcs15init/pkcs15-starcos.c, - trunk/src/pkcs15init/starcos.profile: initial pkcs15-init - support for starcos spk 2.3 cards/tokens - -2004-04-17 09:15 nils - - * trunk/src/libopensc/pkcs15-syn.c: ensure that init_func is not - NULL (even if the config file is not correct) - -2004-04-17 09:05 nils - - * trunk/src/libopensc/card-starcos.c, - trunk/src/libopensc/cardctl.h: update starcos spk 2.3 support - (add create file + key gen) - -2004-04-14 22:09 aj - - * trunk/src/sslengines/p11_rsa.c: while we don't have code to - extract a key, tread extractable keys like non extractable ones. - -2004-03-29 20:34 aj - - * trunk/src/pkcs11/misc.c: check parameters in strcpy_bp - -2004-03-29 07:56 aj - - * trunk/src/libopensc/card-flex.c: cryptoflex 32k e-gate v4 also - has on board key generation. thanks for reporting to Pierre - JUHEN. - -2004-03-28 20:30 aj - - * trunk/src/libopensc/pkcs15.c: it is legal to read all bytes of - the file (e.g. offset 0, len 10, fil->len 10). Bug found by - Antonio Iacono. - -2004-03-28 20:26 aj - - * trunk/src/pkcs15init/pkcs15-lib.c: len is the number of - character, we need to alloc len+1 for the \0 terminator. Bug - found by Victor Tarasov. - -2004-03-14 19:53 aj - - * trunk/src/tools/opensc-explorer.c: add "rm" alias for "delete" - and "exit" alias for "quit". - -2004-03-08 13:59 sth - - * trunk/src/libopensc/pkcs15-openpgp.c, - trunk/src/libopensc/pkcs15-syn.c, trunk/src/libopensc/pkcs15.h: - Moved the sc_pkcs15emu_xxx() functions to pkcs15_syn.c - -2004-03-03 16:25 sth - - * trunk/src/libopensc/pkcs15-sec.c: Allow file_app in struct - sc_pkcs15_card to be NULL (may be the case for pkcs15-emulated - cards) - -2004-02-16 12:29 aj - - * trunk/src/libopensc/card-etoken.c: remove - CARDOS_TYPE_ETOKEN_PRO, the name does not fit. annotate atr with - version number 4.0 / 4.01 / 4.01a. - -2004-02-15 23:00 aj - - * trunk/src/libopensc/card-etoken.c: added cardos M4.01a atr. - thanks to Laurian Gridinoc for reporting. - -2004-02-03 14:51 okir - - * trunk/src/libopensc/card-etoken.c: - properly identify Italian - eID card - -2004-02-03 10:25 okir - - * trunk/src/pkcs15init/profile.c: - Properly handle max-length in - PIN statements; added new stored-length: PIN blah { max-length = - 8; stored-length = 4; } Bug spotted by Victor Tarasov - -2004-02-02 10:24 okir - - * trunk/src/pkcs11/framework-pkcs15.c: - Don't crash if - card->serial_number is NULL - -2004-01-29 09:36 aj - - * trunk/src/libopensc/card-default.c: memset is defined in string.h - -2004-01-29 09:21 okir - - * trunk/src/libopensc/card-default.c: - apdu wasn't completely - initialized (Renzo Tomaselli) - -2004-01-27 09:03 okir - - * trunk/src/tools/pkcs15-tool.c: - Allocate the right amount of - memory when base64 encoding for PEM - -2004-01-24 20:55 sth - - * trunk/src/tools/pkcs15-init.c: Added --cert-label option, - usefull to specify the user cert label if you do a - --store-private-key - -2004-01-23 09:27 okir - - * trunk/etc/opensc.conf.example: - documented max_{send,recv}_size - paramaters - -2004-01-22 22:04 aj - - * trunk/debian/changelog, trunk/debian/libopensc0.files: new - debian packages: added pkcs11-spy, undid library merge. - -2004-01-22 12:37 aet - - * trunk/src/scconf/parse.c: - Allow lists to end as ,; - -2004-01-22 10:13 aet - - * trunk/src/scconf/Makefile.am, trunk/src/scconf/README.scconf: - - Added a short introduction to scconf as an API and a file format - (Jamie Honan) - -2004-01-20 11:21 okir - - * trunk/src/libopensc/reader-openct.c: - fix crash with pkcs11 - module and token disconnect - -2004-01-19 19:52 aet - - * trunk/src/pkcs15init/Makefile.am, trunk/src/scam/Makefile.am, - trunk/src/scconf/Makefile.am, trunk/src/scldap/Makefile.am: - - Revert previous patch - -2004-01-19 18:54 aj - - * trunk/src/pkcs15init/Makefile.am, trunk/src/scam/Makefile.am, - trunk/src/scconf/Makefile.am, trunk/src/scldap/Makefile.am: make - these libraries not standalone (pkcs15init, scam, scconf, - scldap). - -2004-01-19 18:53 aj - - * trunk/debian/changelog, trunk/debian/libopensc-dev.files, - trunk/debian/libopensc0.files: several debian fixes, new version. - -2004-01-14 10:43 aj - - * trunk/debian/files, trunk/debian/postinst, trunk/debian/postrm, - trunk/debian/preinst, trunk/debian/prerm: From: Ludovic Rousseau - > You still have some unecessary - files in CVS debian/ ... thanks for the hint. - -2004-01-10 23:13 aet - - * trunk/configure.in: - Fixed a typo in the previous commit - -2004-01-10 20:24 aet - - * trunk/src/scam/Makefile.am: - Add versioning - -2004-01-10 19:49 aet - - * trunk/configure.in: - Move the variable substitution of - exec_prefix and sysincludedir to make-level (Lars T. Mikkelsen) - -2004-01-08 18:38 aj - - * trunk/debian/libopensc0.postinst, - trunk/debian/libopensc0.postinst.debhelper, - trunk/debian/libopensc0.postrm, - trunk/debian/libopensc0.postrm.debhelper: Unneeded files, - debhelper does everything we need automaticaly. - -2004-01-08 15:23 aet - - * trunk/src/libopensc/card-jcop.c, - trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs15init/pkcs15-cflex.c, - trunk/src/pkcs15init/pkcs15-jcop.c: - Warning fixes - -2004-01-08 14:16 sth - - * trunk/src/pkcs11/framework-pkcs15.c: Fix: no keycaching if - USE_PKCS15_INIT is not #defined - -2004-01-08 14:08 aj - - * trunk/debian/changelog, trunk/debian/libopensc0.conffiles, - trunk/debian/libopensc0.files: I had removed the wrong file - while cleaning up. fixed - -2004-01-08 14:05 aet - - * trunk/src/pkcs11/sc-pkcs11.h: - Unify with pkcs11.h - -2004-01-08 13:21 aet - - * trunk/debian/rules: - There is no --with-pcsc, replace it with - --with-pcsclite which supposedly works the same way as no - argument at all. :) - -2004-01-08 13:04 aet - - * trunk/etc/opensc.conf.example: - Revert previous patch. Instead - of providing a configuration file with all lines commented away, - provide a sane configuration that works for most people - out-of-the-box without user interaction. - -2004-01-08 13:01 aet - - * trunk/etc/scldap.conf.example: - Revert previous patch - -2004-01-08 11:59 aj - - * trunk/debian/README.Debian, trunk/debian/TODO.Debian, - trunk/debian/changelog, trunk/debian/compat, - trunk/debian/control, trunk/debian/copyright, - trunk/debian/files, trunk/debian/libopensc-dev.files, - trunk/debian/libopensc-dev.manpages, - trunk/debian/libopensc0.conffiles, trunk/debian/libopensc0.dirs, - trunk/debian/libopensc0.docs, trunk/debian/libopensc0.files, - trunk/debian/libopensc0.postinst, - trunk/debian/libopensc0.postinst.debhelper, - trunk/debian/libopensc0.postrm, - trunk/debian/libopensc0.postrm.debhelper, - trunk/debian/libopensc0.substvars, - trunk/debian/libpam-opensc.dirs, - trunk/debian/libpam-opensc.files, - trunk/debian/libpam-opensc.substvars, trunk/debian/opensc.dirs, - trunk/debian/opensc.docs, trunk/debian/opensc.files, - trunk/debian/opensc.manpages, trunk/debian/opensc.substvars, - trunk/debian/rules: big rewrite on debian/ files, originaly - based on Joe Phillips debianisation, reworked by Andreas - Jellinghaus, and with many changes and suggestions by Ludovic - Rousseau - -2004-01-08 11:57 aj - - * trunk/docs/opensc.html: changes caused by new docbook stylesheet. - -2004-01-08 11:56 aj - - * trunk/etc/opensc.conf.example, trunk/etc/scldap.conf.example: - commented out everything. now you can install those files to - your etc, it will not hurt you. - -2004-01-08 11:54 aj - - * trunk/src/pkcs11/pkcs11.h: config.h is not used in pkcs11.h or - any file included by it. but pkcs11.h is a public header file, - so it shouldn't do so anyway. - -2004-01-08 11:53 aj - - * trunk/src/scconf/Makefile.am: cleanup a generated file. - -2004-01-08 10:50 okir - - * trunk/src/tests/regression/functions: - fixed placement of - "function atexit" wrt shell exit trap handler - * trunk/src/tests/regression/init0012: - fixed test case - -2004-01-08 09:47 sth - - * trunk/src/pkcs11/framework-pkcs15.c: If the maximum allowed - number of virtual slots per card is reached, then silently - discard all objects that haven't been added yet instead of - returning an error - -2004-01-08 08:32 sth - - * trunk/src/pkcs11/framework-pkcs15.c: Update to the new keycache - functions for caching the user and SO PINs - -2004-01-07 10:11 okir - - * trunk/src/libopensc/card-gpk.c: - fixed GPK16K key gen, as - suggested by Chaskiel - -2004-01-07 10:10 okir - - * trunk/src/pkcs15init/pkcs15-lib.c: - When zapping the contents - of a DF, write the whole file (data + padding) in one go. - Otherwise the GPK driver may barf if the file offset in - sc_update_binary isn't word aligned. - -2004-01-07 09:51 sth - - * trunk/src/libopensc/pkcs15.h: Increased the maximum number of - PINs and removed some unused #defines - -2004-01-07 09:49 sth - - * trunk/src/sslengines/engine_pkcs11.c: Fixed some comments and - added an NULL pointer test - -2004-01-07 09:32 okir - - * trunk/src/tools/pkcs11-tool.c: - improved C_Decrypt testing - -2004-01-06 14:30 okir - - * trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h: - - Implemented keep-public-key and sc_pkcs15init_remove_object as - suggested by Victor Tarasov. - -2004-01-06 13:40 okir - - * trunk/src/libopensc/pkcs15.c: - in sc_pkcs15_read_file, properly - destroy objects in case of error (Victor Tarasov) - -2004-01-06 13:33 okir - - * trunk/src/libopensc/card.c, trunk/src/libopensc/opensc.h: - - implement sc_delete_record (Victor Tarasov) - -2004-01-05 18:44 aet - - * trunk/src/pam/pam_opensc.c, trunk/src/pam/pam_support.c, - trunk/src/pam/pam_support.h: - pam_opensc rewrite checkpoint - commit - rename some functions - -2004-01-05 08:56 okir - - * trunk/src/tools/pkcs15-init.c: - properly handle pubkey_label in - key generation - -2003-12-30 08:20 okir - - * trunk/src/pkcs11/framework-pkcs15.c: - Another fix from Remo wrt - keygen_args.pubkey_label - -2003-12-30 08:00 okir - - * trunk/src/pkcs11/pkcs11-session.c: - C_CloseAllSessions would - block on some Win32 versions because it tried to acquire the - global pkcs11 mutex twice. - -2003-12-29 23:21 okir - - * trunk/src/libopensc/card-jcop.c: - small jcop driver fix from - Chaskiel - -2003-12-29 20:50 sth - - * trunk/src/libopensc/Makefile.mak, - trunk/src/pkcs15init/Makefile.mak: Add the JCOP card code - -2003-12-29 16:54 aet - - * trunk/src/pkcs11/rsaref/Makefile.am: - Install unix.h and - win32.h as well - -2003-12-29 13:15 okir - - * trunk/src/tools/pkcs11-tool.c: - signature tests would fail on - cards with several keys of different size (fix by Chaskiel) - -2003-12-29 13:06 okir - - * trunk/src/tools/cardos-info.c, - trunk/src/tools/opensc-explorer.c, - trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-crypt.c, - trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-tool.c, - trunk/src/tools/util.c: - util.c:connect_card() now locks the - card; removed sc_lock calls from calling applications (based on - a bug report by Chaskiel) - -2003-12-29 13:03 okir - - * trunk/src/tools/pkcs11-tool.c: - When testing signatures, don't - bail out of C_SignInit returns CKR_MECHANISM_INVALID (Chaskiel - Grundman) - -2003-12-29 12:42 okir - - * trunk/docs/cardos-info.1, trunk/docs/pkcs11-tool.1: - minor - fixes to the new manpages - -2003-12-29 12:28 okir - - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/card-jcop.c, trunk/src/libopensc/cardctl.h, - trunk/src/libopensc/ctx.c, trunk/src/libopensc/opensc.h, - trunk/src/pkcs15init/Makefile.am, - trunk/src/pkcs15init/jcop.profile, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-jcop.c, - trunk/src/pkcs15init/pkcs15-lib.c: - Added support for - JCOP/BlueZ cards, contributed by Chaskiel M Grundman - -2003-12-29 12:01 aj - - * trunk/docs/Makefile.am, trunk/docs/cardos-info.1, - trunk/docs/pkcs11-tool.1, trunk/src/tools/pkcs11-tool.c: new - manpages for cardos-info and pkcs11-tool, both written my Joe - Phillips. - -2003-12-29 11:52 okir - - * trunk/src/pkcs15init/pkcs15-lib.c: - Minor bug fix in new_pin(), - patch by Victor Tarasov - -2003-12-23 16:31 sth - - * trunk/src/tools/pkcs11-tool.c: Made a seperate function for the - login functionality, and split test_kpgen_certwrite() into 2 - parts, with a logout - unload lib - load lib - login between them - -2003-12-23 10:48 sth - - * trunk/src/libopensc/padding.c: Fix: no copying done from in to - out in case of SC_ALGORITHM_RSA_PAD_NONE padding (by Chaskiel) - -2003-12-22 22:07 aet - - * trunk/src/pam/Makefile.am: - Linking changes, don't link libpam - to pam_opensc etc. - -2003-12-20 14:41 aet - - * trunk/src/pkcs15init/pkcs15-cflex.c: - Warning fix - -2003-12-19 09:56 okir - - * trunk/src/libopensc/card-etoken.c: - in pin_cmd, don't overwrite - max_length if set by caller - -2003-12-19 09:29 okir - - * trunk/src/pkcs15init/pkcs15-cflex.c, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c: - created new function - profile->ops->init_card for card-specific initialization at the - pkcs15 creation stage - Added cryptoflex init_card from Stef. - This function reads the card's serial number from 3F000002 and - puts it into the pkcs15 serial number - -2003-12-19 06:52 sth - - * trunk/src/include/winconfig.h: sleep(sec) = Sleep(1000 * ms) on - Windows - -2003-12-18 21:37 aet - - * trunk/src/libopensc/asn1.c, trunk/src/libopensc/card-flex.c, - trunk/src/libopensc/card-openpgp.c, - trunk/src/libopensc/pkcs15-openpgp.c, - trunk/src/libopensc/pkcs15-sec.c, trunk/src/openscd/commands.c, - trunk/src/openscd/mkdtemp.c, trunk/src/openscd/openscd.c, - trunk/src/openscd/openscd.h, trunk/src/pkcs15init/keycache.c, - trunk/src/pkcs15init/keycache.h, - trunk/src/pkcs15init/pkcs15-cflex.c, - trunk/src/pkcs15init/pkcs15-gpk.c, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c, trunk/src/scconf/sclex.c, - trunk/src/tools/opensc-explorer.c, - trunk/src/tools/pkcs15-tool.c: - Minor build and C++ warning - fixes - pkcs15init: Use u8 for pin variable declarations like - libopensc does - -2003-12-18 21:30 aet - - * trunk/src/pkcs15init/TODO: - Obsolete - -2003-12-18 19:13 aet - - * trunk/src/libopensc/ctx.c: - Revert parts of the previous patch, - use void *func instead of struct sc_reader_driver *(*func(void); - as _sc_driver_entry is used for both, reader and card driver - lists. - -2003-12-18 16:35 okir - - * trunk/src/libopensc/card-gpk.c, - trunk/src/libopensc/card-miocos.c, - trunk/src/libopensc/card-starcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/ctx.c, trunk/src/libopensc/iso7816.c, - trunk/src/libopensc/opensc.h, - trunk/src/libopensc/reader-ctapi.c, - trunk/src/libopensc/reader-openct.c, - trunk/src/libopensc/reader-pcsc.c: - made apdu_masquerade - functionality available to all readers, not just pcsc - added - new parameters max_send_size and max_recv_size, roughly - corresponding to the old max_le (SC_APDU_CHOP_SIZE) parameter. - You can now set this chop limit per driver class (pcsc, openct, - ctapi), which sets driver->max_{send,recv}_size. This value is - copied to card->max_{send,recv}_size in sc_connect_card, and can - be overridden by the card driver. - -2003-12-18 08:00 okir - - * trunk/src/pkcs15init/pkcs15-lib.c: - do not access file - afterdeleting it (S Bakkal) - -2003-12-17 12:15 aet - - * trunk/src/pkcs15init/pkcs15-gpk.c: - Add HAVE_UNISTD_H - -2003-12-17 07:35 okir - - * trunk/src/pkcs15init/pkcs15-gpk.c: - properly set key usage - -2003-12-16 14:41 okir - - * trunk/src/tools/pkcs15-init.c: - Display better pin prompts - -2003-12-16 14:32 okir - - * trunk/src/libopensc/card-gpk.c, trunk/src/libopensc/cardctl.h, - trunk/src/pkcs15init/pkcs15-gpk.c, - trunk/src/pkcs15init/pkcs15-lib.c: - added GPK on-board keygen - (based on code by Chaskiel) - -2003-12-16 14:31 okir - - * trunk/src/libopensc/card.c: - reduced sc_lock/unlock debug - messages even more - -2003-12-16 11:07 okir - - * trunk/src/libopensc/card-etoken.c: - added ATR for Italian eID - card - -2003-12-16 11:04 okir - - * trunk/src/libopensc/asn1.c: - Updated previous patch - -2003-12-16 08:01 sth - - * trunk/src/libopensc/asn1.c: Prevent running off the end of the - buffer if the asn.1 is invalid (Chaskiel G.) - -2003-12-15 11:28 aet - - * trunk/src/signer/opensc-crypto.c: - Ach, forget the previous - commit. Just use DBG(printf()); for debugging purposes - -2003-12-15 10:51 aet - - * trunk/src/signer/opensc-crypto.c: - error/debug -> - sc_error/sc_debug - -2003-12-12 09:32 aet - - * trunk/src/pkcs11/Makefile.am, trunk/src/sslengines/Makefile.am: - - Minor bundle handling fixes - -2003-12-10 15:13 aet - - * trunk/ANNOUNCE: - Another typo fix - -2003-12-10 14:52 aet - - * trunk/ANNOUNCE, trunk/configure.in, trunk/debian/rules, - trunk/docs/opensc.7, trunk/docs/opensc.html, - trunk/docs/opensc.xml, trunk/docs/sc_detect_card_presence.3, - trunk/docs/sc_lock.3, trunk/src/libopensc/card-flex.c, - trunk/src/libopensc/reader-openct.c, - trunk/src/libopensc/reader-pcsc.c, - trunk/src/pkcs11/framework-pkcs15.c: - Minor naming convention - harmonisation for pc/sc and ct-api related things - -2003-12-09 19:37 aet - - * trunk/aclocal/acx_pthread.m4: - Probe for -lpthread before - -pthread, as we did in the previous version. - -2003-12-09 19:35 aet - - * trunk/src/pam/pam_support.c: - Fix for the previous commit - -2003-12-09 15:41 okir - - * trunk/src/tools/pkcs15-crypt.c: - removed some dead debugging - code - -2003-12-09 13:57 okir - - * trunk/src/libopensc/card-flex.c, - trunk/src/pkcs15init/cyberflex.profile, - trunk/src/pkcs15init/pkcs15-cflex.c, - trunk/src/pkcs15init/pkcs15-lib.c: - More cyberflex fixes from - Martin Buechler - -2003-12-09 12:01 okir - - * trunk/src/pkcs15init/pkcs15-lib.c: - turned key-domain printf - into sc_debug call - -2003-12-08 12:02 okir - - * trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/tools/pkcs15-init.c: - When generating a key in - pkcs15init, allow the caller to specify a public key label (Remo - Inverardi) - -2003-12-08 11:43 okir - - * trunk/src/pkcs15init/Makefile.am, - trunk/src/pkcs15init/cyberflex.profile, - trunk/src/pkcs15init/pkcs15-cflex.c, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c: - Added support for Cyberflex - Access 16K, based on a patch by Martin Buechler - -2003-12-08 10:54 okir - - * trunk/src/libopensc/card-default.c, - trunk/src/libopensc/card-flex.c, trunk/src/libopensc/ctx.c, - trunk/src/libopensc/opensc.h: - Matched Cyberflex patch from - Martin Buechler. Created a new driver named cyberflex which - shares a lot of code with the original flex driver. This is a - lot cleaner than having to create if/else monsters. - -2003-12-08 10:52 okir - - * trunk/src/pkcs15init/pkcs15-lib.c: - use full - OPENSC_INFO_FILEPATH when reading info file - -2003-12-04 16:43 sth - - * trunk/src/tools/pkcs11-tool.c: Added a check for NSS-like - keypair generation - -2003-12-04 16:42 sth - - * trunk/src/pkcs11/framework-pkcs15.c: Fix: allow a - C_GetAttributeValue(privkey, CKA_MODULUS) after a - C_GenerateKeyPair() -- M. Buechler - -2003-12-04 15:07 sth - - * trunk/src/pkcs11/pkcs11-spy.c: Little fix: forgotten to log an - input param - -2003-12-03 14:09 aet - - * trunk/src/libopensc/ctx.c, trunk/src/pkcs15init/profile.c, - trunk/src/scconf/parse.c, trunk/src/scconf/scconf.h, - trunk/src/scconf/test-conf.c, trunk/src/scldap/scldap.c: - Avoid - breaking source compatibility, add char *errmsg to scconf_context - -2003-12-03 12:07 okir - - * trunk/src/libopensc/ctx.c, trunk/src/pkcs15init/profile.c, - trunk/src/scconf/parse.c, trunk/src/scconf/scconf.h, - trunk/src/scconf/test-conf.c, trunk/src/scldap/scldap.c: - - scconf_parse and scconf_parse_string now return an error message - if something went wrong - -2003-12-03 12:02 aet - - * trunk/src/scconf/sclex.c: - Fixed a return value for new - scconf_lex_parse - -2003-12-03 11:11 okir - - * trunk/src/libopensc/card-gpk.c: - Fix the "get_info failed" - error; based on a patch by Ludovic Rousseau. - -2003-12-03 10:56 aet - - * trunk/configure.in: - Add AM_MAINTAINER_MODE - -2003-12-03 09:09 okir - - * trunk/etc/opensc.conf.example: - Updated comments to reflect new - apdu_masquerade parameter - -2003-12-02 19:03 aet - - * trunk/configure.in: - Add check for functions vsyslog, setlocale - - Add check for header locale.h - -2003-12-02 17:51 aet - - * trunk/src/libopensc/pkcs15-syn.c: - Fixed a typo - -2003-12-02 15:58 okir - - * trunk/docs/pkcs15-init.1: - Fixed a few glaring errors. - Marginally better, but not really great yet. - -2003-12-02 15:51 sth - - * trunk/src/pkcs15init/pkcs15-lib.c: Moved the cardinfo file to - the pkcs15 DF, changed it's FID to 4946, and protected it - against unauthorized changes - -2003-11-30 17:19 aet - - * trunk/ChangeLog: - Fixed an embarrassing typo from the ChangeLog - URL - -2003-11-26 16:19 okir - - * trunk/src/tests/regression/init0012: - fixed test for onepin - option - -2003-11-26 15:49 okir - - * trunk/src/tools/opensc-explorer.c: - another fix to verify pin - -2003-11-26 15:37 okir - - * trunk/src/libopensc/pkcs15-pubkey.c: - fixed problem with pubkey - encoding/decoding - -2003-11-26 15:35 okir - - * trunk/src/libopensc/asn1.c: - improved support for CHOICE - -2003-11-26 13:12 okir - - * trunk/src/pkcs11/framework-pkcs15.c: - Support raw RSA on - decryption (Martin Buechler) - -2003-11-26 11:56 aet - - * trunk/docs/pkcs15-init.1, trunk/docs/pkcs15-profile.5.in, - trunk/docs/pkcs15.7: - Add missing .SH NAME for some man pages - (Ludovic Rousseau) - -2003-11-25 11:17 aet - - * trunk/configure.in, trunk/docs, trunk/docs/.cvsignore, - trunk/docs/Makefile.am, trunk/docs/opensc.html, - trunk/docs/opensc.xml, trunk/docs/usbtoken.html, - trunk/docs/usbtoken.xml, trunk/src/Makefile.am, - trunk/src/libopensc/Makefile.am, trunk/src/libopensc/ctx.c, - trunk/src/libopensc/opensc.h, - trunk/src/libopensc/reader-usbtoken.c, trunk/src/usbtoken: - - Remove all references to usbtoken, use OpenCT instead - -2003-11-25 10:37 okir - - * trunk/src/pkcs15init/pkcs15-lib.c: - fixed suppress_error - handling in sc_pkcs15init_write_info - -2003-11-24 10:21 okir - - * trunk/src/pkcs15init/pkcs15-lib.c: - set ACLs on the profile - info file - -2003-11-23 16:11 sth - - * trunk/src/libopensc/pkcs15-sec.c, - trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/openssl.c: - Removed the exceptional (and incorrect) handling of the - signature inputs of 16 and 20 bytes with pkcs11's CKM_RSA_PKCS11 - signaturemechanism; and made sc_pkcs15_compute_signature() a bit - more powerfull: if a digestinfo+hash input is given but the card - only accepts hashes, the digestinfo is removed - -2003-11-23 15:43 sth - - * trunk/src/tools/pkcs11-tool.c: Little fix in test_signature() - -2003-11-23 15:33 sth - - * trunk/src/libopensc/errors.c, trunk/src/libopensc/errors.h, - trunk/src/pkcs11/misc.c: Added an error code - -2003-11-22 18:50 aet - - * trunk/src/scconf/sclex.c: - Back out Olaf's change, as it seems - to break existing behaviour while parsing pkcs15 profile files. - Although officially any list value with an equal sign or braces - should be enclosured with quotation marks, but anyway. - -2003-11-21 12:33 aet - - * trunk/src/scconf/Makefile.am, trunk/src/scconf/Makefile.mak: - - Replace the default lex based parser with Jamie's version. - Please notify if you run into any problems with the new parser. - -2003-11-20 20:46 aet - - * trunk/src/libopensc/reader-pcsc.c: - Warning fix - -2003-11-20 20:37 aet - - * trunk/aclocal/acx_pthread.m4: - Replace the patched file with a - new upstream version - -2003-11-20 17:48 aet - - * trunk/src/scconf/sclex.c: - Fixed CRLF parsing - -2003-11-20 16:10 okir - - * trunk/src/scconf/sclex.c: - allow stuff such as blabla= - foofaah{} to work - -2003-11-20 16:01 okir - - * trunk/src/tools/opensc-explorer.c: - opensc-explorer.c ceased to - accept verify data in hex notation, fix by Martin Buechler - -2003-11-20 15:42 okir - - * trunk/src/tools/pkcs15-tool.c: - Deal with cards that require - authentication before you can extract the public key - -2003-11-20 15:41 okir - - * trunk/src/libopensc/card-openpgp.c, - trunk/src/libopensc/pkcs15-openpgp.c: - Improved OpenPGP - handling; we're now able to sign things - -2003-11-20 15:40 okir - - * trunk/src/libopensc/ui.c: - Append newline to error/debug - messages if not supplied by caller - * trunk/src/libopensc/sc.c: - in sc_format_path, initialize - path->count = -1 - -2003-11-20 15:39 okir - - * trunk/src/libopensc/opensc.h: - increase SC_MAX_PIN_SIZE to 256 - (OpenPGP cards have 254 max) - * trunk/src/libopensc/log.c: - if ctx->suppress_errors is - non-zero, log suppressed error messages at least to the debug log - -2003-11-20 15:38 okir - - * trunk/src/libopensc/iso7816.c: - SW 6A88 (referenced data not - found) is now translated to SC_ERROR_DATA_OBJECT_NOT_FOUND - -2003-11-20 14:16 okir - - * trunk/src/pkcs11/Makefile.am: - Link the spy against libopensc - (Patch by Mathias Brossard) - -2003-11-20 14:15 aet - - * trunk/src/scconf/internal.h, trunk/src/scconf/parse.c, - trunk/src/scconf/sclex.c: - Add new hand written replacement for - the lex parser by Jamie Honan, not much tested yet. - -2003-11-20 14:13 aet - - * trunk/src/scconf/scconf.c, trunk/src/scconf/scconf.h: - Add - scconf_list_toarray() by Jamie Honan - -2003-11-20 09:17 sth - - * trunk/src/pkcs11/pkcs11-object.c: Support comparison of large - object attributes - -2003-11-19 20:37 okir - - * trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/pkcs15.profile, - trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h: - - Support direct encoding of certificates - Allow more than one - profile option (e.g. pkcs15+small+direct-cert) - While creating - the basic pcks15 structure, store profile options in a special - file on the card (3F002F01). All susequent operations (adding - PINs etc) will use this information instead of what's given on - the command line. - -2003-11-19 20:33 okir - - * trunk/src/tests/print.c: - sc_pkcs15_print_id now prints to a - buffer instead of stdout - Now pretty printing Common Object - Flags - -2003-11-19 20:31 okir - - * trunk/src/libopensc/pkcs15.h: - Support direct encoding of certs - in the CDF - Added prototypes for sc_der_{copy,clear} - Changed - sc_pkcs15_print_id to return const char * - -2003-11-19 20:30 okir - - * trunk/src/libopensc/pkcs15.c: - Somewhat improved debugging - output - sc_pkcs15_print_id changed to sprintf to a buffer - rather than printing to stdout. - -2003-11-19 20:29 okir - - * trunk/src/libopensc/pkcs15-prkey.c: - The changed code in asn1.c - requires that the PrKDF subClassAttributes for - private{RSA,DSA}Key be marked OPTIONAL (our handling of CHOICE - is still somewhat limited) - -2003-11-19 20:28 okir - - * trunk/src/libopensc/pkcs15-cert.c: - Read and write CDF entries - with directly encoded certificates - -2003-11-19 20:22 okir - - * trunk/src/libopensc/asn1.c: - When encoding a path, either - encode _neither_ index/count, or both. - Added new functions - sc_der_copy, sc_der_clear to handle DER blobs - Somewhat - improved debug output - -2003-11-17 18:54 aet - - * trunk/src/libopensc/ui.h: - snapshot build fix - -2003-11-17 14:52 aj - - * trunk/docs/opensc.xml: fixed "version>" to "version<" in xml - file (html file was already fixed by tidy, no change necessary). - -2003-11-17 14:49 aj - - * trunk/docs/opensc.html, trunk/docs/opensc.xml: Applied changes - by Stef, updated html file. - -2003-11-16 16:24 aet - - * trunk/src/libopensc/ui.c: - Test commit - -2003-11-14 10:14 sth - - * trunk/src/libopensc/reader-pcsc.c: Add room for SW1-SW2 in case - of maximum reply size (256 bytes) - -2003-11-12 19:06 sth - - * trunk/src/pkcs11/framework-pkcs15.c: Fix: correctly set the - labels of the public and private key during keypairgeneration - (Remo Inverardi) - -2003-11-12 18:28 sth - - * trunk/src/pkcs11/misc.c: Fix: allow keypair generation of keys - other then the default length (Victor Tarasov) - -2003-11-11 21:30 aet - - * trunk/src/scdl/scdl.c: - ifdef RTLD_NOW - -2003-11-07 11:15 okir - - * trunk/src/tests/pintest.c: - do not test unblocking pins - -2003-11-06 10:43 okir - - * trunk/src/pam/pam_opensc.c, trunk/src/pam/pam_support.c: - - security: prevent format string attacks - -2003-11-03 10:20 okir - - * trunk/src/libopensc/reader-pcsc.c: - remain backward compatible - - apdu_masq patch shouldn't break existing config files that use - apdu_fix - -2003-11-03 10:16 okir - - * trunk/src/libopensc/reader-pcsc.c: - merged apdu_masq patch from - Chaskiel Grundman - -2003-11-03 06:54 okir - - * trunk/src/tools/opensc-explorer.c: - prevent problem with - get/get_do ambiguity - -2003-11-01 19:13 sth - - * trunk/src/pkcs11/framework-pkcs15.c: Fix: link the simbolic PIN - to the real name - -2003-10-31 17:18 okir - - * trunk/src/tools/opensc-explorer.c: - Undid some of the previous - changes. We now have a pseudo file system on the openpgp card - -2003-10-31 16:06 okir - - * trunk/src/pkcs15init/keycache.c: - fixed put_key(SC_AC_SYMBOLIC) - -2003-10-31 16:02 okir - - * trunk/src/tests/print.c: - dont print prkey path if empty - * trunk/src/tests/p15dump.c: - use sc_test_print_card instead of - sc_pkcs15_print_card - -2003-10-31 16:01 okir - - * trunk/src/libopensc/pkcs15-openpgp.c: - Updated, now registers - key objects as well (untested) - * trunk/src/libopensc/card-openpgp.c: - OpenPGP card now supports - a fake file hierarchy (basically all objects and constructed - objects reprented as DFs and EFs) - -2003-10-31 13:59 aet - - * trunk/src/libopensc/Makefile.mak: - Add new files - -2003-10-31 12:31 okir - - * trunk/src/libopensc/pkcs15-pin.c: - initialize tries_left field - to -1 when parsing AODF - -2003-10-31 12:29 okir - - * trunk/src/tests/print.c: - Moved p15 print_card function here - - print preferred_language, if given - don't print pin path if - there is none - print tries_left if present - -2003-10-31 12:28 okir - - * trunk/src/tests/sc-test.h: - moved p15 print_card to - tests/print.c - -2003-10-31 12:27 okir - - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/pkcs15-openpgp.c, - trunk/src/libopensc/pkcs15-syn.c: - Rewrote - sc_pkcs15_bind_synthetic a little - Started work on pkcs15 - emulation for OpenPGP card - -2003-10-31 12:26 okir - - * trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: - - Moved sc_pkcs15_bind_synthetic to a separate file - Moved - sc_pkcs15_print_card to ../tests/print.c - added dll_handle and - preferred_language fields to p15card - -2003-10-31 07:48 sth - - * trunk/src/pkcs15init/pkcs15.profile: Make the PIN for the - 'onepin' option look like a user PIN instead of an SO PIN - -2003-10-30 17:04 okir - - * trunk/src/tools/opensc-explorer.c: - added some support for - OpenPGP cards - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/card-openpgp.c, trunk/src/libopensc/ctx.c: - - added initial support for openpgp card driver - * trunk/src/libopensc/opensc.h: - added sc_get_data/sc_put_data - - added openpgp card driver - -2003-10-30 17:03 okir - - * trunk/src/libopensc/card.c: - added sc_get_data/sc_put_data - * trunk/src/libopensc/errors.c, trunk/src/libopensc/errors.h: - - added SC_ERROR_DATA_OBJECT_NOT_FOUND - -2003-10-30 15:43 okir - - * trunk/src/libopensc/card-mcrd.c: - small fix in mcrd_finish - -2003-10-30 12:03 okir - - * trunk/src/pkcs15init/pkcs15-cflex.c: - return error if - cflex_create_dummy_chvs fails - -2003-10-30 11:47 okir - - * trunk/src/pkcs15init/pkcs15-lib.c: - Another broken commit - message :-/ What the previous commit was all about: If we store - a pkcs12 files on the card, it stores a key @45, and a CA certs - @46. When storing another p12 file, we must make sure we don't - grab the next free key ID (46), because the corresponding CERT - ID is already taken. We must skip all IDs for which a key or - cert exists. - -2003-10-30 11:43 okir - - * trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: - - Changed the internal object search machinery quite a bit so it - can search for more than one type of object at the same time. - - When enumerating a DF as part of the search, no longer ignore - all errors. - When parsing a DF, SC_ERROR_ASN1_END_OF_CONTENTS - really means we've just reached the end of data in the file, so - return 0 instead - -2003-10-30 11:38 okir - - * trunk/src/libopensc/asn1.c: - When encountering the end of a - SEQUENCE, while there should be more items, we used to return - SC_ERROR_ASN1_END_OF_CONTENTS. That error code is reserved for - the real end of content markers though. Changed the return code - to SC_ERROR_ASN1_OBJECT_NOT_FOUND - -2003-10-30 11:36 okir - - * trunk/src/tools/pkcs15-init.c: - When storing a p12 bag, check - if the CA cert is already present and skip it if so. - -2003-10-30 11:13 okir - - * trunk/src/pkcs15init/flex.profile, - trunk/src/pkcs15init/pkcs15-lib.c: - added recommendation about - 2 cert/key pairs - -2003-10-28 12:50 okir - - * trunk/src/libopensc/ui.c: - don't call sc_module_get_address - when we dont have a dll handle - -2003-10-24 13:20 okir - - * trunk/src/tools/pkcs15-init.c: - now uses new sc_ui_get_pin - function - -2003-10-24 13:18 okir - - * trunk/src/libopensc/ui.c, trunk/src/libopensc/ui.h: - Changed ui - API to offer more knobs and dials - -2003-10-23 09:12 aet - - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/Makefile.mak: - Merging between - Makefile.am<>Makefile.mak - Add ui.h to main distribution - tarball, snapshots have been broken for a few days - -2003-10-22 18:16 aet - - * trunk/src/libopensc/ctx.c, trunk/src/libopensc/internal.h, - trunk/src/libopensc/log.c, trunk/src/libopensc/ui.c: - Minor - cleanups and a warning fix - sc_release_context: free - ctx->preferred_language if set - -2003-10-22 08:51 aet - - * trunk/src/libopensc/ui.c: - Replace WIN32 with HAVE_UNISTD_H - instead - -2003-10-22 08:43 sth - - * trunk/src/libopensc/Makefile.mak, trunk/src/libopensc/ui.c: Let - the new UI code compile under Windows - -2003-10-22 06:56 sth - - * trunk/src/pkcs15init/Makefile.mak: 'Export' keychache.h - * trunk/src/sslengines/engine_opensc.c, - trunk/src/sslengines/engine_pkcs11.c: Fix: spurious error - message (Chaskiel & Kevin) - -2003-10-22 06:51 okir - - * trunk/src/tests/regression/functions: - allow to call scripts - with --soft and -d - -2003-10-22 06:49 okir - - * trunk/src/libopensc/card-flex.c, trunk/src/libopensc/ctx.c, - trunk/src/libopensc/log.c, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/ui.c: - added error/debug message support to - ui.c - sc_error/sc_debug now use the new ui code - added - language support - -2003-10-22 05:43 okir - - * trunk/src/pkcs15init/pkcs15-lib.c: - do an sc_select_file inside - do_get_pin_and_verify in case we called a pkcs15 function that - enumerated the AODF - -2003-10-21 13:30 okir - - * trunk/src/tools/pkcs15-init.c: - call sc_pkcs15init_set_p15card - -2003-10-21 12:50 aet - - * trunk/src/signer/Makefile.am, trunk/src/sslengines/Makefile.am: - - Add necessary automake conditionals to install-exec-local - rule, as it seems to be executed even though lib_LTLIBRARIES is - empty in some cases. - -2003-10-21 12:48 aet - - * trunk/src/include/opensc/Makefile.am: - Sort filenames - -2003-10-21 12:27 aet - - * trunk/configure.in: - Add gcc option -fno-strict-aliasing - -2003-10-21 11:12 okir - - * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/ui.c, - trunk/src/libopensc/ui.h: - Added new user interface code (not - used yet) - * trunk/src/include/opensc/Makefile.am: - install ui.h - -2003-10-21 11:11 okir - - * trunk/src/libopensc/errors.c: - added message for - SC_ERROR_CANNOT_LOAD_MODULE - changed the wording of some - SC_ERROR_KEYPAD_* messages - * trunk/src/libopensc/errors.h: - added SC_ERROR_CANNOT_LOAD_MODULE - -2003-10-21 11:05 okir - - * trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h: - - sc_pkcs15_find_pin_by_reference now searches by reference - _and_path_ - profile->p15_card renamed to p15_spec, as it - reflects what _should_ be on the card - added profile->p15_data, - which is what _is_ on the card - make do_get_pin_and_verify use - the sc_pkcs15_find_pin_by_reference properly. - -2003-10-21 11:02 okir - - * trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: - - sc_pkcs15_find_pin_by_reference now searches by reference and - path - -2003-10-21 08:59 okir - - * trunk/src/libopensc/iso7816.c, - trunk/src/tools/opensc-explorer.c: - fixed change/unblock pin - with implicit test - -2003-10-21 08:32 okir - - * trunk/src/pkcs15init/etoken.profile: - disallow UPDATE on the - Application DF - -2003-10-21 08:31 okir - - * trunk/src/libopensc/card-etoken.c: - support UPDATE ACLs when - creating a DF - -2003-10-19 18:05 okir - - * trunk/src/libopensc/dir.c, trunk/src/libopensc/opensc.h: - bump - max number of apps per card to 8 - -2003-10-19 18:02 okir - - * trunk/src/libopensc/card-tcos.c: - tcos_card_ctl shoudlnt - complain about unknown cardctls - -2003-10-18 17:07 okir - - * trunk/src/tools/pkcs11-tool.c: - Do not overflow signature test - for 2K bit keys (fix by Chaskiel Grundman) - -2003-10-18 17:02 okir - - * trunk/src/pkcs15init/pkcs15-lib.c: - dont pin protect pubkey - -2003-10-18 12:51 okir - - * trunk/src/pkcs15init/etoken.profile: - data files had - ERASE=NEVER; which is obviously bad - -2003-10-18 12:41 okir - - * trunk/src/tools/opensc-explorer.c: - previous patch was - bogus/incomplete - -2003-10-18 12:40 okir - - * trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/tools/opensc-explorer.c: pkcs11/framework-pkcs15.c - -2003-10-18 12:35 okir - - * trunk/src/tools/pkcs11-tool.c: - honor --pin argument for pin - pad readers, too - -2003-10-18 08:39 okir - - * trunk/src/libopensc/card-flex.c, trunk/src/libopensc/cardctl.h, - trunk/src/pkcs15init/pkcs15-cflex.c: - fix cflex key generation - -2003-10-18 08:08 okir - - * trunk/src/pkcs15init/pkcs15-cflex.c: - fix for cryptoflex key - download - -2003-10-17 11:21 okir - - * trunk/src/pkcs15init/pkcs15-cflex.c, - trunk/src/pkcs15init/pkcs15-etoken.c, - trunk/src/pkcs15init/pkcs15-gpk.c, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c: - Prepare for userConsent - support: changed ops->create_pin to take a sc_pkcs15_object_t - instead of sc_pkcs15_pin_info_t argument. - -2003-10-16 20:41 aet - - * trunk/macos/libtool-bundle: - Merge with recent OpenCT changes - -2003-10-16 14:32 okir - - * trunk/src/pkcs15init/pkcs15-lib.c: - some more cleanup - -2003-10-16 14:31 okir - - * trunk/src/pkcs15init/pkcs15-etoken.c: - On-board generation of - non-repudiation keys did not work - Minor cleanup - -2003-10-16 11:41 okir - - * trunk/debian, trunk/debian/README.Debian, - trunk/debian/TODO.Debian, trunk/debian/changelog, - trunk/debian/control, trunk/debian/copyright, - trunk/debian/libopensc-dev.dirs, - trunk/debian/libopensc-dev.doc-base, - trunk/debian/libopensc-dev.docs, - trunk/debian/libopensc-dev.files, - trunk/debian/libopensc0.conffiles, trunk/debian/libopensc0.dirs, - trunk/debian/libopensc0.doc-base, trunk/debian/libopensc0.docs, - trunk/debian/libopensc0.files, trunk/debian/libpam-opensc.dirs, - trunk/debian/libpam-opensc.docs, - trunk/debian/libpam-opensc.files, trunk/debian/opensc.dirs, - trunk/debian/opensc.docs, trunk/debian/opensc.files, - trunk/debian/postinst, trunk/debian/postrm, - trunk/debian/preinst, trunk/debian/prerm, trunk/debian/rules, - trunk/docs/pkcs15-init.1, trunk/src/pkcs15init/pkcs15-lib.c: - - added debian packaging files from Joe Phillips - -2003-10-15 13:21 okir - - * trunk/src/pkcs15init/pkcs15-etoken.c: - pin protection for keys - was broken - -2003-10-15 09:36 okir - - * trunk/src/pkcs15init/pkcs15-lib.c: - one suppress_errors-- too - many - * trunk/src/pkcs15init/pkcs15-etoken.c: - removed debugging print - -2003-10-14 22:11 aet - - * trunk/src/pkcs11/framework-pkcs15.c: - Forgot to commit - -2003-10-14 21:56 aet - - * trunk/src/include/opensc/Makefile.am, - trunk/src/libopensc/internal.h, trunk/src/libopensc/opensc.h, - trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/pkcs11-global.c, - trunk/src/pkcs15init/keycache.h: - Fixed nightly snapshot - generation - Link keycache.h to src/include/opensc - Move mutex - function declarations to opensc.h - -2003-10-14 11:23 sth - - * trunk/src/tools/opensc-tool.c: Change setlinebuf() to setbuf(), - which is also availabel for MSVS - -2003-10-14 10:42 aet - - * trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/tools/pkcs15-init.c: - Remove old callback error/debug - functions - -2003-10-14 10:10 okir - - * trunk/src/tools/opensc-tool.c: - dont barf on empty directories - -2003-10-14 09:58 okir - - * trunk/src/pkcs15init/Makefile.am, - trunk/src/pkcs15init/flex_onepin.profile, - trunk/src/pkcs15init/flex_so.profile, - trunk/src/pkcs15init/pkcs15-small.profile: - removed obsolete - profiles - -2003-10-14 09:57 okir - - * trunk/src/pkcs11/framework-pkcs15init.c, - trunk/src/tools/cryptoflex-tool.c, - trunk/src/tools/pkcs15-init.c: - Error logging changes: replace - ctx->log_errors with ctx->suppress_errors - * trunk/src/pkcs15init/pkcs15-cflex.c, - trunk/src/pkcs15init/pkcs15-etoken.c, - trunk/src/pkcs15init/pkcs15-gpk.c, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/pkcs15-miocos.c, - trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h: - - Error logging changes: replace ctx->log_errors with - ctx->suppress_errors - remove error/debug callbacks; always use - sc_error/sc_debug - -2003-10-14 09:56 okir - - * trunk/src/libopensc/card-gpk.c, trunk/src/libopensc/card-mcrd.c, - trunk/src/libopensc/card.c, trunk/src/libopensc/ctx.c, - trunk/src/libopensc/dir.c, trunk/src/libopensc/log.c, - trunk/src/libopensc/log.h, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/pkcs15.c: - Error logging changes: replace - ctx->log_errors with ctx->suppress_errors, so that we can nest - error suppression using suppress_errors++/suppress_errors-- - -2003-10-14 09:14 okir - - * trunk/src/tools/opensc-tool.c: - removed unused variable - -2003-10-14 09:02 okir - - * trunk/src/libopensc/card-gpk.c: - the previous patch was bad; - fixed it - -2003-10-14 08:33 okir - - * trunk/src/pkcs11/framework-pkcs15.c: - replace - sc_pkcs15init_set_pin_data -> sc_keycache_put_key - -2003-10-14 08:17 okir - - * trunk/src/pkcs15init/pkcs15-cflex.c, - trunk/src/pkcs15init/pkcs15-etoken.c, - trunk/src/pkcs15init/pkcs15-gpk.c, - trunk/src/pkcs15init/pkcs15-lib.c: - removed some dead code - inside #if 0/#endif - -2003-10-14 08:10 okir - - * trunk/src/tools/opensc-tool.c: - Don't limit the number of times - the --send-apdu option may be given - -2003-10-13 20:41 aet - - * trunk/src/pkcs15init/keycache.c, - trunk/src/pkcs15init/pkcs15-cflex.c, - trunk/src/pkcs15init/pkcs15-etoken.c, - trunk/src/pkcs15init/pkcs15-gpk.c, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/pkcs15-miocos.c: - Some build/portability - fixes for the pkcs15init rewrite - Add - sc_pkcs15_get__ops(), yet untested - -2003-10-13 20:28 aet - - * trunk/src/pkcs15init/pkcs15-cflex.c, - trunk/src/pkcs15init/pkcs15-etoken.c, - trunk/src/pkcs15init/pkcs15-gpk.c, - trunk/src/pkcs15init/pkcs15-miocos.c: - Revert previous patch, - an alternative patch to work around non-C99 and/or gcc issues - coming up soon. - -2003-10-13 20:16 sth - - * trunk/src/pkcs15init/pkcs15-cflex.c, - trunk/src/pkcs15init/pkcs15-etoken.c, - trunk/src/pkcs15init/pkcs15-gpk.c, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/pkcs15-miocos.c: Small changes to make it - work on non-C99 compilers - -2003-10-13 16:13 okir - - * trunk/src/tests/regression/functions, - trunk/src/tests/regression/init0001, - trunk/src/tests/regression/init0002, - trunk/src/tests/regression/init0005, - trunk/src/tests/regression/init0007, - trunk/src/tests/regression/init0008, - trunk/src/tests/regression/init0012, - trunk/src/tests/regression/pin0001, - trunk/src/tests/regression/pin0002, - trunk/src/tests/regression/run-all: - updated/added tests - * trunk/src/pkcs15init/Makefile.am, - trunk/src/pkcs15init/Makefile.mak, - trunk/src/pkcs15init/etoken.profile, - trunk/src/pkcs15init/flex.profile, - trunk/src/pkcs15init/gpk.profile, - trunk/src/pkcs15init/keycache.c, - trunk/src/pkcs15init/keycache.h, - trunk/src/pkcs15init/pkcs15-cflex.c, - trunk/src/pkcs15init/pkcs15-etoken.c, - trunk/src/pkcs15init/pkcs15-gpk.c, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/pkcs15-miocos.c, - trunk/src/pkcs15init/pkcs15.profile, - trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h, - trunk/src/tools/pkcs15-init.c: - pkcs15 rewrite - -2003-10-13 14:52 okir - - * trunk/src/libopensc/pkcs15.c: - fixed a bug in the previous patch - -2003-10-13 14:35 okir - - * trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: - - added sc_pkcs15_find_prkey_by_reference - -2003-10-13 14:34 okir - - * trunk/src/libopensc/errors.c, trunk/src/libopensc/errors.h: - - added some more errors - * trunk/src/libopensc/card.c: - slightly enhanced debugging output - * trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc.c: - new - path functions: sc_append_file_id, sc_compare_path - -2003-10-12 19:57 okir - - * trunk/src/tools/pkcs15-tool.c: - allow all pins/puks to be - specified on the command line for testing - -2003-10-12 08:34 aet - - * trunk/src/pkcs15init/pkcs15-cflex.c: - Remove unused variable - -2003-10-11 21:02 sth - - * trunk/src/pkcs15init/flex_onepin.profile, - trunk/src/pkcs15init/pkcs15-cflex.c: Security fix: the - flex_onepin profile doesn't allow the AUT1 key to change the PIN - anymore. Also: it's possible now to add the SO pin to the - flex_onepin profile - -2003-10-11 20:58 aet - - * trunk/src/openscd/commands.c, trunk/src/openscd/openscd.c, - trunk/src/signer/Makefile.am: - Add missing error->sc_error - conversions and other Assuan specific build fixes - -2003-10-11 12:41 okir - - * trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c: - - some commands used the wrong APDU case - -2003-10-10 14:48 sth - - * trunk/src/tools/pkcs15-crypt.c: Fix: don't free() a static - buffer (Ivo) - -2003-10-10 14:24 sth - - * trunk/src/pkcs11/Makefile.mak: Fix: added all required OpenSC - libs to the link dependencies (Ivo) - -2003-10-10 14:11 sth - - * trunk/src/sslengines/Makefile.mak: Fix: added scdl.lib to the - link list, and added all required OpenSSL libs to the link - dependencies (Ivo) - -2003-10-08 06:46 aet - - * trunk/src/libopensc/reader-openct.c: Minor cleanup - -2003-10-07 19:15 sth - - * trunk/etc/opensc.conf.example: Fix: wrong option name - -2003-10-07 16:05 aet - - * trunk/win32/Make.rules.mak: Remove hardcoded VERSION define, - you'll need need to update versions from winconfig.h and also - version.rc. - -2003-10-06 14:22 sth - - * trunk/src/libopensc/pkcs15-algo.c: Fix: add room for a - 'last-flag' object (Ivo Pieck) - -2003-10-02 12:21 sth - - * trunk/src/pkcs15init/pkcs15-lib.c: Fix: when doing a - sc_pkcs15init_generate_key(), the auth_id for the public key - wasn't put into the PuKDF - -2003-10-02 09:21 sth - - * trunk/src/tools/pkcs15-tool.c: Allow the pkcs15 data to be - fetched by label instead of ID, as pkcs15 data objects don't - have an ID (Danny De Cock) - -2003-10-02 09:18 sth - - * trunk/src/pkcs15init/pkcs15-lib.c: Correctly add the label to a - pkcs15 data object - -2003-10-02 08:29 aet - - * trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/mechanism.c, trunk/src/pkcs11/sc-pkcs11.h, - trunk/src/tools/pkcs11-tool.c: Tweak out some compiler warnings - -2003-10-01 06:51 sth - - * trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/mechanism.c, trunk/src/pkcs11/pkcs11-object.c, - trunk/src/pkcs11/sc-pkcs11.h, trunk/src/tools/pkcs11-tool.c: - Added C_DecryptInit() and C_Decrypt() for RSA keys - -2003-09-30 20:43 sth - - * trunk/src/tools/pkcs15-init.c: Fix: read data as a binary file, - not as ASCII - -2003-09-30 09:40 aet - - * trunk/win32/Makefile.am: Add Makefile.mak and version.rc to the - distribution tarball. - -2003-09-30 09:19 sth - - * trunk/src/libopensc/Makefile.mak, trunk/src/tools/Makefile.mak: - Fix: don't link by default with openssl - -2003-09-30 07:40 aet - - * trunk/NEWS: Add OpenSC 0.8.1 release date. - -2003-09-29 14:29 sth - - * trunk/src/pkcs11/Makefile.mak: Some fixes that accidentially - crept in - -2003-09-29 13:54 sth - - * trunk/src/pkcs11/mechanism.c: Fix: the hash-based RSA algo's can - only do sign/verify, no wrap, encrypt, ...) - -2003-09-29 13:45 sth - - * trunk/src/tools/pkcs11-tool.c: Fixed a bug in the mechanism - listing and made it more general - -2003-09-29 09:00 aet - - * trunk/src/pkcs11/pkcs11-spy.c: Cleanups to scconf handling - -2003-09-29 08:59 aet - - * trunk/etc/opensc.conf.example: - Fix a typo - Rename init block - into spy instead - -2003-09-28 19:22 sth - - * trunk/etc/opensc.conf.example, trunk/src/pkcs11/Makefile.am, - trunk/src/pkcs11/Makefile.mak, trunk/src/pkcs11/pkcs11-spy.c: - Some changes for the spy: (1) renamed opens-spy to pkcs11-spy, - (2) exported all pkcs11 functions, (3) start the log with the - name of the module-to-be-loaded, (4) first look in the - opensc.conf file for the module and log names - -2003-09-26 08:15 aet - - * releases/opensc-0.8.1/configure.in, - trunk/src/include/winconfig.h: Rename HAVE_PCSCLITE to - HAVE_PCSC, which is more correct. - * trunk/configure.in: Rename HAVE_PCSCLITE to HAVE_PCSC, which is - more correct. - * releases/opensc-0.8.1/src/include/winconfig.h, - trunk/src/libopensc/reader-pcsc.c: Rename HAVE_PCSCLITE to - HAVE_PCSC, which is more correct. - * releases/opensc-0.8.1/src/libopensc/reader-pcsc.c, - trunk/src/libopensc/ctx.c: Rename HAVE_PCSCLITE to HAVE_PCSC, - which is more correct. - -2003-09-25 15:52 aet - - * trunk/configure.in: Fix OpenCT probe issues - -2003-09-25 09:33 aet - - * trunk/src/libopensc/dir.c, trunk/src/libopensc/pkcs15-sec.c, - trunk/src/pkcs15init/pkcs15-cflex.c, - trunk/src/tools/opensc-explorer.c, - trunk/src/tools/pkcs11-tool.c: Fix various C compiler warnings - and C++ errors / name conflicts - -2003-09-24 19:58 aet - - * trunk/macos/libtool-bundle: Oops, remove hardcoded bundle - creator / type - -2003-09-24 10:17 aet - - * trunk/ChangeLog: Remove old ChangeLog, add URL to the new - location. - -2003-09-24 09:20 aet - - * trunk/docs/opensc.html, trunk/docs/opensc.xml: TODO update - -2003-09-18 09:18 aet - - * trunk/src/openssh/Makefile.am, - trunk/src/openssh/openssh-3.6.1p2.README, - trunk/src/openssh/openssh-3.6.1p2.diff: Remove old patches for - OpenSSH 3.6.1p2, anyone interested is probably already using - version 3.7.1p1. - -2003-09-17 19:03 aet - - * trunk/configure.in, trunk/src/scam/scam.c: Back out previous - change, wrong branch. - -2003-09-17 18:59 aet - - * trunk/configure.in: Set version as 0.8.1. - * trunk/src/scam/scam.c: Disable pkcs15-ldap from the 0.8.1 - release. - -2003-09-17 18:43 aet - - * trunk/ANNOUNCE, trunk/NEWS, trunk/src/include/winconfig.h, - trunk/win32/version.rc: Updates for the 0.8.1 release. - -2003-09-17 16:20 aet - - * trunk/docs/opensc.html, trunk/docs/opensc.xml: Use <version> - instead of hardcoded version number. - -2003-09-16 06:36 sth - - * trunk/src/libopensc/dir.c: Bugfix: return SC_ERROR_OUT_OF_MEMORY - if malloc() fails (Kevin Stefanik) - -2003-09-14 10:27 aet - - * trunk/configure.in, trunk/src/sslengines/Makefile.am: Fix - bootstrap issues with Debian/automake-1.4 - -2003-09-12 10:36 aet - - * trunk/src/pkcs11/pkcs11-global.c: Update PKCS#11 library version - to 0.8. - -2003-09-12 06:48 aet - - * trunk/configure.in: The previous libsocket/libresolv configure - cleanup broke LDAP support for at least Solaris. Therefore - assume, that if we have to use libsocket, probe for libresolv as - well although OpenSC's internals don't use it. - -2003-09-11 12:11 sth - - * trunk/src/pkcs11/framework-pkcs15.c: Fix: C_GenerateKeyPair(), - C_CreateObject() returned CKR_USER_NOT_LOGGED_IN if lock_login - is set to false in the config file, because then the pkcs15_init - functions do a logoff internally - -2003-09-11 08:01 sth - - * trunk/src/common/getopt.c, trunk/src/common/getopt1.c: Removed - compiler errors under Win32 - -2003-09-11 06:02 sth - - * trunk/src/include/winconfig.h: First include , - otherwise the #include turns wchar_t into an - (unsigned) short (Unicode) - -2003-09-10 22:20 aet - - * trunk/src/libopensc/card-etoken.c, - trunk/src/libopensc/card-starcos.c, - trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-init.c, - trunk/src/tools/pkcs15-tool.c: C++ warning fixes - -2003-09-10 14:08 sth - - * trunk/Makefile.mak, trunk/src/libopensc/Makefile.mak, - trunk/src/pkcs11/Makefile.mak, trunk/src/tests/Makefile.mak, - trunk/src/tools/Makefile.mak, trunk/win32/Makefile.mak, - trunk/win32/version.rc: Added version info to the Win32 - binaries, and set the version number to 0.8.0.0 (4 numbers seems - to be needed) - -2003-09-10 10:42 aet - - * trunk/src/scam/cert_support.c: Build fix for MacOS X. - -2003-09-10 10:41 aet - - * trunk/src/pkcs11/pkcs11.h: Remove extra semicolons - -2003-09-10 10:03 aet - - * trunk/configure.in: Accidently changed the version number, fixed. - -2003-09-10 10:02 aet - - * trunk/configure.in: Replace overly complex and old configure - magic for connect() and friends, just check for socket() in - libsocket. - -2003-09-09 15:02 aet - - * trunk/src/scam/Makefile.am, trunk/src/scam/cert_support.c, - trunk/src/scam/cert_support.h: Add cert_support.c for - pkcs15-ldap support, old legacy code that needs to be removed at - some point. Implemented against OpenSSL 0.9.6, not much tested - against 0.9.7. - -2003-09-09 15:00 aet - - * trunk/src/scam/p15_ldap.c: Add very preliminary and quick port - of an old scam code that implements ldap-authentication support, - needs to be rewritten for more specific OpenSC usage some other - day. Work in progress, only tested with FINEID cards. - -2003-09-09 14:47 aet - - * trunk/src/scam/scam.c: Remove old cruft, enable p15-ldap support - (PAM option auth_method=pkcs15-ldap) - -2003-09-08 13:38 sth - - * trunk/src/libopensc/log.c: Increase log buffer size, so that 255 - hex bytes still can be logged - -2003-09-06 19:18 aet - - * trunk/src/pkcs15init/pkcs15-lib.c: Warning fix - -2003-09-06 18:30 aet - - * trunk/NEWS: Preliminary update for the upcoming release - -2003-09-06 17:56 aet - - * trunk/src/sslengines/engine_opensc.c, - trunk/src/sslengines/engine_opensc.h, - trunk/src/sslengines/engine_pkcs11.c, - trunk/src/sslengines/engine_pkcs11.h, - trunk/src/sslengines/hw_opensc.c, - trunk/src/sslengines/hw_pkcs11.c, - trunk/src/sslengines/p11_attr.c, - trunk/src/sslengines/p11_cert.c, trunk/src/sslengines/p11_err.c, - trunk/src/sslengines/p11_key.c, trunk/src/sslengines/p11_load.c, - trunk/src/sslengines/p11_misc.c, trunk/src/sslengines/p11_rsa.c, - trunk/src/sslengines/p11_slot.c, - trunk/src/sslengines/pkcs11-internal.h: Indent sources - -2003-09-06 17:29 aet - - * trunk/src/sslengines/engine_opensc.c, - trunk/src/sslengines/engine_opensc.h, - trunk/src/sslengines/engine_pkcs11.c, - trunk/src/sslengines/engine_pkcs11.h, - trunk/src/sslengines/hw_opensc.c, - trunk/src/sslengines/p11_attr.c, - trunk/src/sslengines/p11_cert.c, trunk/src/sslengines/p11_key.c, - trunk/src/sslengines/p11_load.c, - trunk/src/sslengines/p11_misc.c, trunk/src/sslengines/p11_rsa.c, - trunk/src/sslengines/p11_slot.c, - trunk/src/sslengines/pkcs11-internal.h: Bunch of generic - compiler warning and C++ fixes before indenting the sources, - apparently OpenSSL engines are not under a heavy development - anymore. - -2003-09-06 16:18 aet - - * trunk/src/pkcs11/libpkcs11.c, trunk/src/pkcs11/pkcs11-spy.c, - trunk/src/pkcs11/pkcs11.h, trunk/src/scdl/scdl.c, - trunk/src/scdl/scdl.h, trunk/src/sslengines/p11_load.c, - trunk/src/tools/pkcs11-tool.c: Don't bother exposing - sc_pkcs11_module_t and scdl_context_t to public headers, use - void instead. - -2003-09-06 13:36 sth - - * trunk/src/pkcs11/pkcs11-display.c: Fix: don't print the contents - of a NULL pointer - -2003-09-06 13:35 sth - - * trunk/src/pkcs11/Makefile.mak: Typo fix - -2003-09-06 13:13 sth - - * trunk/src/pkcs11/Makefile.mak: Build the pkcs11 spy on Win32 - -2003-09-06 05:57 sth - - * trunk/src/tools/opensc-explorer.c: Fix: handle the 3rd argument - of the Change PIN and Unblock PIN commands correctly - -2003-09-05 20:16 sth - - * trunk/src/libopensc/card-flex.c: Fix: let this card driver do - the unblocking itself, don't send it to the iso7816 code (Victor - Tarasov) - -2003-09-05 07:22 aet - - * trunk/src/libopensc/reader-openct.c, - trunk/src/libopensc/reader-usbtoken.c: Warning fix - -2003-09-04 16:41 aet - - * trunk/src/libopensc/reader-ctapi.c, - trunk/src/libopensc/reader-openct.c, - trunk/src/libopensc/reader-pcsc.c, - trunk/src/libopensc/reader-usbtoken.c: Remove gcc specific code - from usbtoken/openct drivers, untested. - -2003-09-04 13:50 aet - - * trunk/src/pkcs11/pkcs11-display.h, - trunk/src/pkcs11/pkcs11-spy.c: PKCS#11 spy fixes by Mathias - Brossard - -2003-09-03 21:53 aet - - * trunk/src/pkcs11/Makefile.am: Fix make distcheck to work again, - weird that it stopped working only after the opensc-spy patching. - -2003-09-03 21:31 aet - - * trunk/src/libopensc/card-etoken.c: error -> sc_error - -2003-09-03 18:55 okir - - * trunk/src/libopensc/card-etoken.c, - trunk/src/libopensc/cardctl.h: - Properly detect CarDOS - lifecycle MANUFACTURING and report it as "OTHER" - -2003-09-03 18:21 aet - - * trunk/src/libopensc/portability.c: Typo fix - -2003-09-03 18:18 aet - - * trunk/src/include/winconfig.h, trunk/src/libopensc/ctx.c, - trunk/src/libopensc/portability.c, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/profile.c, trunk/src/scrandom/scrandom.c: - Move #include to winconfig.h in order to minimize - win32 specific code sections. - -2003-09-03 18:08 aet - - * trunk/src/pkcs11/Makefile.am, trunk/src/pkcs11/pkcs11-display.c, - trunk/src/pkcs11/pkcs11-display.h, - trunk/src/pkcs11/pkcs11-spy.c: - Linking cleanups for libpkcs11 - / opensc-pkcs11 - Build fixes for PKCS#11 spy module by Mathias, - so far untested. TODO: C_UnloadModule? - -2003-09-03 17:59 aet - - * trunk/src/libopensc/asn1.h, trunk/src/libopensc/log.h: SC -> - OPENSC, old legacy from the libsc days - -2003-09-03 17:19 aet - - * trunk/src/pkcs11/pkcs11-display.c, - trunk/src/pkcs11/pkcs11-display.h, - trunk/src/pkcs11/pkcs11-spy.c: Add PKCS#11 spy sources by - Mathias Brossard - -2003-09-03 17:07 aet - - * trunk/src/pkcs11/libpkcs11.c, trunk/src/pkcs11/pkcs11.h, - trunk/src/sslengines/Makefile.am, - trunk/src/sslengines/engine_opensc.c, - trunk/src/sslengines/engine_opensc.h, - trunk/src/sslengines/engine_pkcs11.c, - trunk/src/sslengines/engine_pkcs11.h, - trunk/src/sslengines/hw_opensc.c, - trunk/src/sslengines/hw_pkcs11.c, - trunk/src/sslengines/libpkcs11.h, - trunk/src/sslengines/p11_attr.c, - trunk/src/sslengines/p11_cert.c, trunk/src/sslengines/p11_err.c, - trunk/src/sslengines/p11_key.c, trunk/src/sslengines/p11_load.c, - trunk/src/sslengines/p11_misc.c, trunk/src/sslengines/p11_rsa.c, - trunk/src/sslengines/p11_slot.c, - trunk/src/sslengines/pkcs11-internal.h: - Remove - sslengines/libpkcs11.h, it's almost identical to libpkcs11's - pkcs11.h. - Move default PKCS#11 library defines to pkcs11.h, so - they can be used by 3rdparty applications as well. - Minor - cleanups - -2003-09-03 09:28 aet - - * trunk/src/include/winconfig.h, trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/Makefile.mak, trunk/src/libopensc/asn1.c, - trunk/src/libopensc/card-default.c, - trunk/src/libopensc/card-emv.c, - trunk/src/libopensc/card-etoken.c, - trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c, - trunk/src/libopensc/card-mcrd.c, - trunk/src/libopensc/card-miocos.c, - trunk/src/libopensc/card-setcos.c, - trunk/src/libopensc/card-starcos.c, - trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/ctbcs.c, trunk/src/libopensc/ctx.c, - trunk/src/libopensc/dir.c, trunk/src/libopensc/internal.h, - trunk/src/libopensc/iso7816.c, trunk/src/libopensc/log.c, - trunk/src/libopensc/module.c, trunk/src/libopensc/padding.c, - trunk/src/libopensc/pkcs15-algo.c, - trunk/src/libopensc/pkcs15-cache.c, - trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-data.c, - trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15-pubkey.c, - trunk/src/libopensc/pkcs15-sec.c, - trunk/src/libopensc/pkcs15-wrap.c, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/portability.c, - trunk/src/libopensc/reader-ctapi.c, - trunk/src/libopensc/reader-openct.c, - trunk/src/libopensc/reader-pcsc.c, - trunk/src/libopensc/reader-usbtoken.c, trunk/src/libopensc/sc.c, - trunk/src/libopensc/sec.c: - Stop using unflexible automake - conditionals when building PC/SC, OpenCT or USBToken support, - use ifdef's directly in source. - Because of above, add - HAVE_PCSCLITE for winconfig.h - Remove unnecessary includes for - log.h, opensc.h and errors.h in libopensc sources, they're - already taken care by internal.h. - -2003-09-02 20:44 aet - - * trunk/macos/libtool-bundle: Generate minimal Info.plist and - PkgInfo for bundles - -2003-09-01 08:48 aet - - * trunk/src/scdl/scdl.h: EUSER: Cut'n'paste error - -2003-09-01 08:43 aet - - * trunk/configure.in, trunk/src/Makefile.am, - trunk/src/Makefile.mak, trunk/src/include/opensc/Makefile.am, - trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/Makefile.mak, trunk/src/libopensc/module.c, - trunk/src/pkcs11/Makefile.am, trunk/src/pkcs11/Makefile.mak, - trunk/src/pkcs11/libpkcs11.c, trunk/src/scdl, - trunk/src/scdl/.cvsignore, trunk/src/scdl/Makefile.am, - trunk/src/scdl/Makefile.mak, trunk/src/scdl/scdl.c, - trunk/src/scdl/scdl.h: Move scdl to it's own subdirectory, - although it's merely for internal purposes only. - -2003-08-29 16:29 aet - - * trunk/src/libopensc/module.c, trunk/src/pkcs11/libpkcs11.c, - trunk/src/scdl, trunk/src/scdl/scdl.c: - Move all dynamic - loading related code to src/common/scdl.c, probably needs some - more work. As a side bonus, we now have a working CT-API support - for MacOS X. - -2003-08-29 16:26 aet - - * trunk/src/libopensc/ctx.c, trunk/src/libopensc/log.c: Cleanups - -2003-08-29 12:55 okir - - * trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc.c: - added - sc_print_path - * trunk/src/libopensc/card.c, trunk/src/libopensc/log.h: - - slightly improved debugging output - -2003-08-29 12:54 okir - - * trunk/src/libopensc/card-flex.c: - path cache wasn't cleared on - error in flex_select_file - slightly better debugging output - -2003-08-28 13:08 aet - - * trunk/configure.in, trunk/src/libopensc/Makefile.am, - trunk/src/scam/Makefile.am, trunk/src/scldap/Makefile.am: - - Cleanups to Makefile.am if / endif mess - Don't bother checking - OpenSSL engine LDFLAGS if no engine detected - -2003-08-28 12:51 okir - - * trunk/src/libopensc/asn1.c: - added missing newline to error msg - -2003-08-28 12:50 okir - - * trunk/src/libopensc/card-gpk.c: - added missing intialization of - apdu struct - -2003-08-27 08:47 aj - - * trunk/docs/opensc.html, trunk/docs/opensc.xml: Documentation - fixes by Ville Skytt��. - -2003-08-26 10:55 aet - - * trunk/configure.in: Merge with OpenCT - -2003-08-25 14:21 aet - - * trunk/src/libopensc/asn1.c, trunk/src/libopensc/card-default.c, - trunk/src/libopensc/card-emv.c, - trunk/src/libopensc/card-etoken.c, - trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c, - trunk/src/libopensc/card-mcrd.c, - trunk/src/libopensc/card-miocos.c, - trunk/src/libopensc/card-setcos.c, - trunk/src/libopensc/card-starcos.c, - trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/ctbcs.c, trunk/src/libopensc/ctx.c, - trunk/src/libopensc/dir.c, trunk/src/libopensc/iso7816.c, - trunk/src/libopensc/log.c, trunk/src/libopensc/log.h, - trunk/src/libopensc/module.c, trunk/src/libopensc/padding.c, - trunk/src/libopensc/pkcs15-algo.c, - trunk/src/libopensc/pkcs15-cache.c, - trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15-pubkey.c, - trunk/src/libopensc/pkcs15-sec.c, - trunk/src/libopensc/pkcs15-wrap.c, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/reader-ctapi.c, - trunk/src/libopensc/reader-openct.c, - trunk/src/libopensc/reader-pcsc.c, - trunk/src/libopensc/reader-usbtoken.c, trunk/src/libopensc/sc.c, - trunk/src/libopensc/sec.c, trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/misc.c, trunk/src/pkcs11/openssl.c, - trunk/src/pkcs11/pkcs11-global.c, - trunk/src/pkcs11/pkcs11-object.c, - trunk/src/pkcs11/pkcs11-session.c, trunk/src/pkcs11/slot.c: - Rename libopensc specific error/debug to sc_error/sc_debug We - should have done this ages ago. - -2003-08-25 10:21 aet - - * trunk/configure.in: Remove old cruft, minor reorganizing changes - -2003-08-25 09:29 aet - - * trunk/src/scconf/lex-parse.l: Add fix by Olaf to handle CRLF - style text files as well - -2003-08-25 09:28 aet - - * trunk/src/pkcs15init/flex_so.profile: CRLF->LF - -2003-08-22 13:44 aet - - * trunk/configure.in: Allow MacOS X users to disable the use of - PC/SC using --with-pcsclite=no. - -2003-08-22 11:47 aet - - * trunk/bootstrap: Merge with recent OpenCT changes - -2003-08-21 05:39 okir - - * trunk/src/libopensc/asn1.c: - Do not barf on empty SEQUENCEs if - all elements inside are OPTIONAL - -2003-08-20 14:15 sth - - * trunk/src/libopensc/pkcs15-data.c, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/tools/pkcs15-init.c: Fix: don't DER-en/decode the data - in a pkcs15 object - -2003-08-18 14:54 aet - - * trunk/src/libopensc/opensc.h, trunk/src/libopensc/portability.c, - trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/sc-pkcs11.h: - - Rename sysdep_timestamp_t to sc_timestamp_t - Add missing - function prototype for sc_current_time - -2003-08-18 14:28 aet - - * trunk/configure.in, trunk/src/libopensc/Makefile.am, - trunk/src/pkcs11/Makefile.am, trunk/src/pkcs15init/Makefile.am, - trunk/src/scconf/Makefile.am, trunk/src/scldap/Makefile.am: Add - common versioning to all libraries - -2003-08-18 13:45 aet - - * trunk/src/pkcs11/Makefile.am, trunk/src/pkcs11/libpkcs11.c, - trunk/src/signer/Makefile.am, trunk/src/sslengines/Makefile.am: - - Install OpenSSL engines as bundles as well - Don't bother - "renaming" opensc-pkcs11.so when installing as bundle. - More - irrelevant cleanups - -2003-08-18 12:06 aet - - * trunk/src/libopensc/Makefile.am, trunk/src/pkcs11/Makefile.am, - trunk/src/pkcs11/rsaref/Makefile.am, - trunk/src/pkcs15init/Makefile.am, trunk/src/scconf/Makefile.am, - trunk/src/scldap/Makefile.am, trunk/src/scrandom/Makefile.am: - Minor cleanups - -2003-08-18 12:05 aet - - * trunk/configure.in: Fix for --without-ldap-ssl - -2003-08-18 11:15 aet - - * trunk/configure.in: Fix OpenSSL engine linking for MacOS X. - Somewhat works on patched OpenSSL 0.9.7b linked again dlcompat. - Macosx's default openssl (0.9.6) does not include engine support - and fink's openssl 0.9.7 doesn't include any support for dynamic - loading, but that's hardly not our problem. - -2003-08-18 08:18 aj - - * trunk/src/openscd/commands.c: fix for compiling openscd, thanks - for help to werner koch. - -2003-08-15 11:30 aet - - * trunk/Makefile.am: Add ANNOUNCE to distribution tarball - -2003-08-15 10:07 aet - - * trunk/Makefile.am: Add macos - -2003-08-15 09:00 okir - - * trunk/ANNOUNCE: - Updated gnupg statement - -2003-08-14 16:05 aj - - * trunk/NEWS: Let's not advertise buggy code. Usbtoken is only a - fall back solution, openct is working far better. - -2003-08-14 15:34 aet - - * trunk/NEWS: Updates for the upcoming release. - -2003-08-14 12:45 aet - - * trunk/src/pkcs11/libpkcs11.c: - Allow MacOS X build to be able - to support simultaneously loading of .dylibs, .bundles (native - MacOS X) and bundle objects (.so) created by GNU libtool, if - dlcompat is found. Otherwise just support .dylibs and .bundles. - -2003-08-14 11:47 aet - - * trunk/src/pkcs11/libpkcs11.c: Cleanups - -2003-08-14 11:37 aet - - * trunk/configure.in, trunk/macos, trunk/macos/.cvsignore, - trunk/macos/Makefile.am, trunk/macos/libtool-bundle, - trunk/src/pkcs11/Makefile.am: - Minor cleanups - Add preliminary - support for MacOS X bundle installation - -2003-08-14 07:13 sth - - * trunk/src/libopensc/sec.c: Global Platform PIN Encoding: 1. Fix - for pin changes: use the real length instead of the max length - -- 2. Check for valid pin chars - -2003-08-12 11:44 aet - - * trunk/configure.in: - More cleanups - Add '-no-cpp-precomp' - check for MacOS X - Rename --with-ssl-dir to --with-openssl - -2003-08-12 09:34 aj - - * trunk/configure.in: improve configure code for openssl. - -2003-08-11 15:26 aet - - * trunk/configure.in: More cleanups - -2003-08-11 14:52 aet - - * trunk/configure.in: Rewrite parts of the OpenSSL detection - -2003-08-11 14:39 okir - - * trunk/src/pkcs11/framework-pkcs15.c: - first stab at - user_consent handling - -2003-08-11 13:56 okir - - * trunk/src/libopensc/card.c: - suppress stupid debug messages for - sc_lock/sc_unlock for debug level < 7 - -2003-08-11 13:55 okir - - * trunk/src/tests/print.c: - print user_consent field - -2003-08-09 10:42 aj - - * trunk/configure.in: stupid bug, set those variables if empty... - -2003-08-08 20:46 okir - - * trunk/ANNOUNCE: - Added announcement - -2003-08-08 08:44 okir - - * trunk/src/tools/pkcs15-crypt.c: - when asked to sign data, also - consider SIGNRECOVER and NONREPUDIATION keys - properly - interpret return value of get_key - -2003-08-08 08:41 aj - - * trunk/configure.in: "-lcrypt" is always wrong for CRYPTOA, and - we always need a path to find libcrypto.a. So default to /usr. - -2003-08-08 08:34 okir - - * trunk/src/tools/pkcs15-tool.c: - cleaned up formatting - -2003-08-07 06:47 sth - - * trunk/src/sslengines/p11_slot.c: Fix: use of uninitalised - variable - -2003-08-06 13:01 aet - - * trunk/NEWS, trunk/docs/opensc.html, trunk/docs/opensc.xml: - Status update - -2003-08-06 12:13 sth - - * trunk/src/libopensc/Makefile.mak: correct makefile so that the - depending libopensc is updated when a new scconf.lib exist (Ivo - Pieck) - -2003-08-06 12:01 aet - - * trunk/src/pkcs11/libpkcs11.c: Blah, unify the string handling a - bit - -2003-08-06 11:18 sth - - * trunk/src/tools/pkcs11-tool.c: Removed some unnecessary output - -2003-08-06 08:45 aet - - * trunk/src/pkcs11/libpkcs11.c: - Fixed a mac specific compiler - warning - Fixed libdl-specific code to work with Fink's dlcompat - package - -2003-08-06 07:36 aet - - * trunk/src/pkcs11/openssl.c: Fixed a typo - -2003-08-05 19:26 sth - - * trunk/src/pkcs11/openssl.c: Fixed the verification, so that it - corresponds completely with the signature functions (more - specifically: the special cases are provided for SHA-1 and MD5 - signatures with the RSA_PKCS1_PADDING mechanism) - -2003-08-05 17:28 aet - - * trunk/src/libopensc/iso7816.c, - trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/pkcs11-object.c, - trunk/src/pkcs15init/pkcs15-cflex.c, - trunk/src/tools/pkcs11-tool.c: Remove some compiler warnings - -2003-08-05 10:34 okir - - * trunk/src/tests/regression/functions: - accept option -T - added - function skip_unless_card - * trunk/src/tests/regression/run-all: - accept option -T - -2003-08-05 10:12 sth - - * trunk/src/scconf/Makefile.mak: Under Windows, flex generates - lex_parse_win32.c, because the default lex_parse.c that is in - the snapshots and in the releases won't compile on Windows - -2003-08-05 09:50 okir - - * trunk/src/pkcs15init/Makefile.am, - trunk/src/pkcs15init/pkcs15-small.profile, - trunk/src/pkcs15init/pkcs15.profile: - doubled file size of - PrKDF, PuKDF, CDF etc - provided old profile as - pkcs15-small.profile for e.g. GPK4K - -2003-08-05 09:08 sth - - * trunk/docs/sc_pkcs15_compute_signature.3: Added info about - SC_ALGORITHM_RSA_HASH_NONE, to comply with the 0.8.0 release - -2003-08-05 07:09 aet - - * trunk/src/pam, trunk/src/pam/.cvsignore, - trunk/src/pam/Makefile.am: Renamed pam_opensc-test to test-pam - -2003-08-04 15:11 aet - - * trunk/configure.in, trunk/src/pam/misc_conv.c, - trunk/src/pam/pam_support.h: Add support for native MacOS X pam - header location - -2003-08-01 07:03 aj - - * trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc.c, - trunk/src/pkcs15init/pkcs15-lib.c: seperator is written to an - u8, so it should be a char or u8 anyway. - -2003-07-31 21:16 okir - - * trunk/src/pkcs15init/pkcs15-lib.c: - warn if EF is too small for - the amount of data we want to write - -2003-07-31 19:06 okir - - * trunk/src/libopensc/card.c: - fixed error message - -2003-07-31 08:27 sth - - * trunk/src/libopensc/opensc.h: Removed a call for a (not yet) - existing driver, which I accidentally added along with another - change - -2003-07-31 08:10 okir - - * trunk/src/pkcs11/framework-pkcs15.c: - indentation fix - -2003-07-30 14:46 sth - - * trunk/src/pkcs11/framework-pkcs15.c: Fix: if a pkcs11 attribute - is requested that valid for that type of object, but that we - don't have, then we should return length = 0 instead of - returning CKR_ATTRIBUTE_TYPE_INVALID - -2003-07-30 12:51 aet - - * trunk/configure.in, trunk/src/sslengines/Makefile.am: Add - support for probing the correct extra magic needed for linking - sslengines. Probably not perfect, but it's a start. - -2003-07-30 11:07 okir - - * trunk/src/libopensc/card-gpk.c: - fixed VERIFY handling - -2003-07-30 09:50 aet - - * trunk/configure.in, trunk/src/libopensc/Makefile.am, - trunk/src/openscd/Makefile.am, trunk/src/pam/Makefile.am, - trunk/src/pkcs11/Makefile.am, trunk/src/pkcs15init/Makefile.am, - trunk/src/scam/Makefile.am, trunk/src/sia/Makefile.am, - trunk/src/signer/Makefile.am, trunk/src/sslengines/Makefile.am, - trunk/src/tests/Makefile.am, trunk/src/tools/Makefile.am: Remove - CFLAGS_OPENSC, cleanups to INCLUDES handling. - -2003-07-29 11:52 aet - - * trunk/configure.in: Fix OpenSSL engine detection for cases using - --with-ssl-dir. - -2003-07-29 11:50 aet - - * trunk/src/scam/Makefile.am: Fix for the MacOS X pam module - installation - -2003-07-29 10:17 aet - - * trunk/src/scrandom/Makefile.am: Remove old references to OpenSSL - -2003-07-29 10:04 aet - - * trunk/Makefile.am, trunk/docs/Makefile.am, - trunk/src/include/opensc/Makefile.am, - trunk/src/include/opensc/rsaref/Makefile.am, - trunk/src/pkcs15init/Makefile.am, trunk/src/signer/Makefile.am, - trunk/src/tests/regression/Makefile.am: More consistent - indentation for multi-line variables - -2003-07-28 13:19 sth - - * trunk/src/libopensc/iso7816.c, trunk/src/libopensc/opensc.h: - Added struct sc_card to process_fci(), just like it's done with - the orhter card operations - -2003-07-28 12:17 aet - - * trunk/docs/doxygen.conf: Upgrade the version number. - -2003-07-28 12:11 aet - - * trunk/Makefile.am, trunk/docs/Makefile.am, - trunk/etc/Makefile.am, trunk/src/include/opensc/Makefile.am, - trunk/src/include/opensc/rsaref/Makefile.am, - trunk/src/libopensc/Makefile.am, trunk/src/openssh/Makefile.am, - trunk/src/pkcs11/Makefile.am, - trunk/src/pkcs11/rsaref/Makefile.am, - trunk/src/pkcs15init/Makefile.am, trunk/src/scam/Makefile.am, - trunk/src/scrandom/Makefile.am, trunk/src/signer/Makefile.am, - trunk/src/signer/npinclude/Makefile.am, - trunk/src/sslengines/Makefile.am, trunk/src/tests/Makefile.am, - trunk/src/tests/regression/Makefile.am, - trunk/src/tools/Makefile.am, trunk/src/usbtoken/Makefile.am, - trunk/win32/Makefile.am: Minor cleanups - -2003-07-28 11:10 aet - - * trunk/src/pam/Makefile.am, trunk/src/pam/test-pam.c: Fix the - pam_opensc-test linking problem for AIX5.1+ and MacOS X MacOS X - doesn't have /usr/include/security so you'll need to symlink - /usr/include/pam to /usr/include/security yourself at the moment. - -2003-07-28 10:02 aet - - * trunk/configure.in, trunk/src/libopensc/reader-pcsc.c: Add - support for MacOS X with PC/SC framework using autoconfigure. - Tested using Panther (WWDC build) + fink. Should work without - fink, too. - -2003-07-27 16:51 aet - - * trunk/src/sslengines/Makefile.am: Renamed test_engine.s to - test_engine.sh - -2003-07-27 16:50 sth - - * trunk/src/libopensc/pkcs15-sec.c: Fix: allways set pag_flags = - SC_ALGORITHM_RSA_HASH_NONE if sc_pkcs15_compute_signature() is - called with this flag - -2003-07-27 16:31 aj - - * trunk/src/usbtoken/DEPRECATED, trunk/src/usbtoken/Makefile.am: - Add a big fat warning not to use usbtoken. - -2003-07-25 09:01 aet - - * trunk/src/sia/Makefile.am: Build fix - -2003-07-24 14:27 sth - - * trunk/src/libopensc/padding.c: Fix: don't give an error if the - hash algo is SC_ALGORITHM_RSA_HASH_NONE - -2003-07-24 13:10 aet - - * trunk/src/libopensc/reader-pcsc.c, - trunk/src/sslengines/engine_opensc.c, - trunk/src/sslengines/engine_opensc.h, - trunk/src/sslengines/pkcs11-internal.h: - Build fixes - -2003-07-24 11:29 sth - - * trunk/src/tools/pkcs11-tool.c: Added test code for Mozilla-like - keypair generation and the writing of a certificate - -2003-07-24 10:00 aet - - * trunk/configure.in, trunk/src/Makefile.am, - trunk/src/openscd/Makefile.am, trunk/src/openscd/commands.c, - trunk/src/openscd/mkdtemp.c, trunk/src/openscd/openscd.c, - trunk/src/openscd/openscd.h, trunk/src/openscd/test.c: - Remove - src/assuan, what's the point of having --with-assuan if we're - including our own version? Besides, opensc-signer and openscd - both are incomplete versions, I don't know if they work at all. - - Minor cleanups to openscd. - -2003-07-24 09:09 aet - - * trunk/src/tools/opensc-tool.c: Add missing 'n' for getopt_long - -2003-07-24 08:35 sth - - * trunk/src/tools/pkcs11-tool.c: Little fix in test_verify() - -2003-07-24 06:47 aj - - * trunk/src/libopensc/card-starcos.c: Nils fixes to starcos. - -2003-07-24 06:46 aj - - * trunk/docs/opensc.html, trunk/docs/opensc.xml: Add Nils and - J��rn to Authors. - -2003-07-23 18:12 aj - - * trunk/src/openssh/openssh-3.6.1p2.diff: updated patch. changes: - - add Nils fix for split keys. - changed "ask for pin" code. The - later is ugly and needs to be changed. however it is open how we - can do that. Maybe it will require changes in openssh, so lets - keep it till those issues are solved. - -2003-07-23 16:11 aet - - * trunk/src/scam/p15_ldap.c: Resync with p15_eid changes. No, it - still won't work. - -2003-07-23 15:07 aet - - * trunk/configure.in, trunk/src/scam/p15_eid.c, - trunk/src/scam/p15_ldap.c, trunk/src/scam/scam.c, - trunk/src/scam/scam.h: Remove the rest of old, obsolete SCIDI - related crap. - -2003-07-23 14:31 sth - - * trunk/src/libopensc/iso7816.c, trunk/src/libopensc/opensc.h: - Made the construct_fci() a card operaton, just like it has been - done with process_fci() before - -2003-07-22 15:51 aj - - * trunk/src/libopensc/pkcs15.c: find the keys by usage (patch by - Nils Lars) - -2003-07-22 15:50 aj - - * trunk/Makefile.am: clean *.m4 files. - -2003-07-22 15:13 aj - - * trunk/src/pkcs15init/profile.c: somewhat improved profile search. - -2003-07-22 09:54 sth - - * trunk/src/tools/pkcs11-tool.c: Added test code for the new - Verify functions - -2003-07-21 13:03 aj - - * trunk/docs/opensc.html, trunk/docs/opensc.xml: add id's to all - chapter and section tags. add documentation on Eutron - CryptoIdendity IT-SEC. - -2003-07-19 10:52 aj - - * trunk/Makefile.am: set automake option. - -2003-07-18 09:34 sth - - * trunk/src/tools/pkcs15-crypt.c: Read the file's contents as - binary - -2003-07-18 09:32 sth - - * trunk/src/tools/opensc-explorer.c: Read/write the file's - contents as binary - -2003-07-17 23:03 okir - - * trunk/docs/Makefile.am, - trunk/docs/sc_pkcs15_compute_signature.3: - added - sc_pkcs15_compute_signature.3 draft - * trunk/docs/sc_read_binary.3: - fixed typo - -2003-07-17 22:59 sth - - * trunk/src/pkcs11/misc.c: Added some debugging info - -2003-07-17 22:53 sth - - * trunk/src/pkcs11/openssl.c: Added some debugging info - -2003-07-17 22:09 sth - - * trunk/src/pkcs11/mechanism.c: Fix: if a pkcs11 operation fails, - it should be ended - -2003-07-17 16:50 aet - - * trunk/configure.in: Don't leave -lpcsclite to LIBS, use LIBPCSC - instead. We really don't want to directly link -lpcsclite to - every single library and program. - -2003-07-17 15:13 aet - - * trunk/configure.in: Use $LIBDL instead of hardcoding to -ldl - -2003-07-17 15:09 sth - - * trunk/src/include/winconfig.h: Little fix for Windows - -2003-07-17 13:09 aet - - * trunk/bootstrap: For crying out loud, hands off. There is a - fucking reason for these files to be removed manually. - -2003-07-17 13:07 aet - - * trunk/configure.in: Remove the use of AC_FUNC_MALLOC and - AC_FUNC_MEMCMP as they don't work correctly with autoconf 2.57, - we don't really need them for anything anyway. - -2003-07-17 13:05 aet - - * trunk/src/sslengines/engine_opensc.c, - trunk/src/sslengines/engine_pkcs11.h: Remove C++-style // - comments. Yes, I know that they are ok in C99 spec, but who says - that all compilers are already C99 compatible. - -2003-07-17 12:39 aet - - * trunk, trunk/.cvsignore, trunk/aclocal, - trunk/aclocal/.cvsignore, trunk/docs, trunk/docs/.cvsignore, - trunk/etc, trunk/etc/.cvsignore, trunk/src, - trunk/src/.cvsignore, trunk/src/common, - trunk/src/common/.cvsignore, trunk/src/include, - trunk/src/include/.cvsignore, trunk/src/include/opensc, - trunk/src/include/opensc/.cvsignore, - trunk/src/include/opensc/rsaref, - trunk/src/include/opensc/rsaref/.cvsignore, trunk/src/libopensc, - trunk/src/libopensc/.cvsignore, trunk/src/openscd, - trunk/src/openscd/.cvsignore, trunk/src/openssh, - trunk/src/openssh/.cvsignore, trunk/src/pam, - trunk/src/pam/.cvsignore, trunk/src/pkcs11, - trunk/src/pkcs11/.cvsignore, trunk/src/pkcs11/rsaref, - trunk/src/pkcs11/rsaref/.cvsignore, trunk/src/pkcs15init, - trunk/src/pkcs15init/.cvsignore, trunk/src/scam, - trunk/src/scam/.cvsignore, trunk/src/scconf, - trunk/src/scconf/.cvsignore, trunk/src/scldap, - trunk/src/scldap/.cvsignore, trunk/src/scrandom, - trunk/src/scrandom/.cvsignore, trunk/src/sia, - trunk/src/sia/.cvsignore, trunk/src/signer, - trunk/src/signer/.cvsignore, trunk/src/signer/npinclude, - trunk/src/signer/npinclude/.cvsignore, trunk/src/sslengines, - trunk/src/sslengines/.cvsignore, trunk/src/tests, - trunk/src/tests/.cvsignore, trunk/src/tests/regression, - trunk/src/tests/regression/.cvsignore, trunk/src/tools, - trunk/src/tools/.cvsignore, trunk/src/usbtoken, - trunk/src/usbtoken/.cvsignore, trunk/win32, - trunk/win32/.cvsignore: Resync .cvsignore files - -2003-07-17 11:04 aj - - * trunk/Makefile.am, trunk/bootstrap: real cleanup via - MAINTAINERCLEANFILES. include depcomp in distribution. - -2003-07-17 10:59 aj - - * trunk/configure.in: The CVS HEAD should always have a version - "CVS". For stable releases we should create a branch I guess. - -2003-07-16 15:17 okir - - * trunk/etc/opensc.conf.example, trunk/src/libopensc/errors.c, - trunk/src/libopensc/errors.h, trunk/src/libopensc/module.c, - trunk/src/libopensc/pkcs15.c: - patch for synthetic p15 cards by - Nils Larsch - -2003-07-16 15:10 aet - - * trunk/bootstrap: rm -f depcomp and friends so that we don't have - to use -f flag for autoreconf. Fixed an issue noticed after - upgrading to autoconf 2.52 -> 2.57, automake 1.5 -> 1.7 and - libtool 1.4.2 -> 1.5. - -2003-07-16 11:52 sth - - * trunk/src/libopensc/Makefile.mak: Moved padding from - pkcs15-sec.c to padding.c - -2003-07-16 05:20 sth - - * trunk/src/pkcs11/framework-pkcs15.c: Fix of the previous patch: - show only 1 public key if both public key and cert exist - -2003-07-15 10:49 okir - - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/card-starcos.c, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/padding.c, - trunk/src/libopensc/pkcs15-sec.c: - Change padding functions - -2003-07-14 17:39 sth - - * trunk/src/libopensc/iso7816.c, trunk/src/libopensc/opensc.h: - Have process_fci() as a card operation instead of being called - internally by iso7816_select_file(). This way card drivers can - implement a select_file() and process_fci() independently - -2003-07-14 17:34 sth - - * trunk/src/pkcs11/framework-pkcs15.c: Fix of the previous patch: - if there are a public key and cert with the same ID, show the - public key derived from the cert - -2003-07-14 17:28 sth - - * trunk/src/pkcs11/framework-pkcs15.c: Fix: if there was a public - key and cert with the same ID, you'd see the public key twice in - pkcs11: once the 'real' one and once the one derived from the - cert - -2003-07-14 16:56 okir - - * trunk/src/libopensc/errors.h: - added SC_ERROR_WRONG_PADDING - * trunk/src/libopensc/errors.c: - added missing error messages - -2003-07-14 16:55 okir - - * trunk/src/libopensc/card-etoken.c: - try to deal with RSA_SIG - keys (first try RSA_PURE_SIG, then RSA_SIG) - -2003-07-14 13:20 sth - - * trunk/src/libopensc/opensc.h, trunk/src/libopensc/sec.c: Added - 'Global Platform' PIN encoding - -2003-07-12 17:19 aj - - * trunk/src/include/opensc/Makefile.am, - trunk/src/include/opensc/rsaref/Makefile.am: remove files in - "make distclean" instead of "make maintainer-clean" to match the - distribution tar file. - -2003-07-12 12:58 jey - - * trunk/configure.in: - Fixed OpenSSL detection (at least with - Debian) - -2003-07-11 20:14 sth - - * trunk/src/pkcs11/framework-pkcs15.c: If C_SetAttributeValue() - wants to change the CKA_SUBJECT, simply return OK. This is OK as - we don't save the CKA_SUBJECT of a public key anyway, and it's - needed for doing keypair gen + cert writing with Mozilla - -2003-07-11 18:16 aet - - * trunk/configure.in, trunk/src/sslengines/engine_pkcs11.c: - Cleanups, fix --with-common-dir work with OpenSSL engine - detection - -2003-07-11 16:33 aet - - * trunk, trunk/.cvsignore: Forgot this one - -2003-07-11 16:31 aet - - * trunk/AUTHORS, trunk/Makefile.am, trunk/README, - trunk/configure.in, trunk/src/pkcs11/libpkcs11.c, - trunk/src/pkcs11/openssl.c, trunk/src/pkcs11/pkcs11-object.c, - trunk/src/scrandom/scrandom.c, trunk/src/tests/regression, - trunk/src/tests/regression/.cvsignore, - trunk/src/tools/pkcs11-tool.c, trunk/src/usbtoken/Makefile.am, - trunk/win32, trunk/win32/.cvsignore: - Various build fixes for - various operating systems and compilers - Add missing .cvsignore - files - Remove tools/ and make configure to work again - -2003-07-11 11:18 sth - - * trunk/src/sslengines/Makefile.am: Changed libpkcs11.a to - libpkcs11.la (by Ville Skytta) - -2003-07-11 11:16 sth - - * trunk/src/sslengines/engine_pkcs11.c: Fix: use strncasecmp() - instead of strnicmp() - -2003-07-11 09:40 sth - - * trunk/src/libopensc/card.c: Bug fix: let sc_transmit_apdu() - returns a negative number or 0 (no positive number) - -2003-07-10 22:31 aj - - * trunk/src/libopensc/reader-usbtoken.c: Forgot to init - slot[0].flags to SC_CARD_PRESENT - -2003-07-10 11:38 sth - - * trunk/src/libopensc/card.c, trunk/src/libopensc/iso7816.c, - trunk/src/libopensc/opensc.h: Implemented the get_response card - operation, is now explicitely called by sc_transmit_apdu() - -2003-07-10 11:13 aj - - * trunk/Makefile.am, trunk/docs/Makefile.am, - trunk/src/openssh/Makefile.am: Fix makefiles. - -2003-07-10 10:44 aj - - * trunk/AUTHORS, trunk/README, trunk/README.Win32, - trunk/README.cards, trunk/README.signer, trunk/THANKS, - trunk/TODO, trunk/docs/pkcs11.txt, trunk/src/openssh/README, - trunk/src/pam/README, trunk/src/pkcs11/README, - trunk/src/sslengines/README: remove old text files. new - documentation is in opensc/docs/opensc.html (and .xml) - -2003-07-10 10:33 aj - - * trunk/configure.in: updated configure to newer init calls. set - automake strictnes to foreign. - -2003-07-02 20:47 aj - - * trunk/docs/opensc.html, trunk/docs/opensc.xml: Some of - additional documentation. - -2003-07-02 17:58 aj - - * trunk/docs/usbtoken.html, trunk/docs/usbtoken.xml: usbtoken is - now obsoleted by openct. Update the documentation. This patch - was made possible by the INKA e.V. ISP and the Hoepfner Brewery - and Beergarden. Thanks for free Internet! - -2003-07-01 17:34 aj - - * trunk/configure.in, trunk/src/libopensc/ctx.c: disable usbtoken - by default. put usbtokens readers behind openct readers. - -2003-06-30 18:25 aj - - * trunk/src/libopensc/card-flex.c: Xander Soldaat - reported this ATR, the card works for him - "like a charm." - -2003-06-28 07:02 sth - - * trunk/src/libopensc/pkcs15.h: Increased the pkcs15 ID size from - 16 to 255 - -2003-06-27 23:01 aj - - * trunk/src/libopensc/card-starcos.c, - trunk/src/libopensc/cardctl.h: attached is patch for - card-starcos.c This patch generalizes the handling of the driver - internal extra data (for example this will be usefull to supply - the card driver with the necessary information to create - MF/DF/EF). I also added a workaround for certain profiles which - require that the pin is only verified once (i.e. the state - doesn't change after a signature verification). And finally I - changed the order of some starcos function (at first the - init/free function and then the rest). If nobody has objections - it would be nice if someone could commit this patch to the CVS. - -2003-06-27 15:26 sth - - * trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/mechanism.c, trunk/src/pkcs11/openssl.c, - trunk/src/pkcs11/pkcs11-object.c, trunk/src/pkcs11/sc-pkcs11.h: - Implemented the C_VerifyXXX() functions - -2003-06-27 13:29 sth - - * trunk/src/pkcs11/framework-pkcs15.c: Removed the - CKF_WRITE_PROTECTED tokeninfo flag - -2003-06-27 12:59 sth - - * trunk/src/include/winconfig.h, - trunk/src/pkcs15init/pkcs15-lib.c: Placing #include - in wincofig.h causes compiler problems, better put it in each - file that uses _MAX_PATH - -2003-06-27 12:32 sth - - * trunk/README.Win32, trunk/src/Makefile.mak, - trunk/src/include/winconfig.h: Some Windows fixes - -2003-06-27 12:11 sth - - * trunk/src/pkcs11/framework-pkcs15.c: Fix: register - CKF_GENERATE_KEY_PAIR in a correct way - -2003-06-27 12:02 sth - - * trunk/src/tools/pkcs11-tool.c: Added test code for - C_SetAttributeValue() - -2003-06-27 12:00 sth - - * trunk/src/pkcs11/framework-pkcs15.c: Implemented - C_SetAttributeValue() that can change the CKA_VALUE and CKA_ID - -2003-06-27 11:59 sth - - * trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c: Added - sc_pkcs15init_change_attrib() that can change the label and ID - of a pkcs15 key or cert - -2003-06-27 11:32 sth - - * trunk/src/sslengines/README, - trunk/src/sslengines/engine_pkcs11.c: Use a better notation for - the -key option - -2003-06-26 16:47 aj - - * trunk/docs/Makefile.am, trunk/docs/opensc.html, - trunk/docs/usbtoken.html: run tidy on html files (ignore if it - is not available). tidy html files, so they are readable. - -2003-06-26 10:38 aj - - * trunk/docs/opensc.html, trunk/docs/opensc.xml: ssl engine update - (key format), pkcs11.txt integrated. both done by stef, I'm only - commiting (and updateing the html file). - -2003-06-25 20:20 aj - - * trunk/docs/Makefile.am, trunk/docs/opensc.css, - trunk/docs/opensc.html, trunk/docs/opensc.xml, - trunk/docs/opensc.xsl: xml/html based documentation. This can - replace: README README.Win32 README.cards README.signer THANKS - TODO AUTHORS src/openssh/README src/pkcs11/README src/pam/README - src/sslengines/README - -2003-06-25 10:57 sth - - * trunk/src/pkcs11/pkcs11-object.c: Added a little extra logging - to C_GenerateKeyPair() - -2003-06-25 10:19 aj - - * trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/profile.c: PATH_MAX is defined via limits.h - (I hope that exists on all systems). MAX_PATH is a typo. int r - was never used. - -2003-06-25 08:42 aj - - * trunk/docs/Makefile.am, trunk/docs/usbtoken.html: make live - easier for other developers: html file is now also in the - repository, and I will update always both at the same time. So - not even developers will need docbook dtd + xsl + xsltproc. - -2003-06-24 22:29 aj - - * trunk/configure.in: removed pkcs15-init.sh reference (oops, when - did that creep in? shouldn't be.) - -2003-06-24 11:31 sth - - * trunk/src/pkcs11/framework-pkcs15.c: Changed SC_PKCS15_MAX_PINS - to MAX_OBJECTS in pkcs15_create_tokens() - -2003-06-24 11:26 sth - - * trunk/src/pkcs11/framework-pkcs15.c: Added a safer locking - mechanism, based on sc_lock/sc_unlock (Olaf) - -2003-06-24 11:11 sth - - * trunk/src/pkcs11/slot.c: In slot_initialize(): Bugfix in a - memset and added a pool_initialize() - -2003-06-24 09:14 sth - - * trunk/src/tools/pkcs11-tool.c: Some fixes/improvements, e.g. an - ID now has to be entered in the same way as in pkcs15-init - -2003-06-24 09:11 sth - - * trunk/src/sslengines/README, - trunk/src/sslengines/engine_pkcs11.c, - trunk/src/sslengines/p11_cert.c, trunk/src/sslengines/p11_key.c, - trunk/src/sslengines/pkcs11-internal.h: Added support for - selecting keys by slot and by key ID; and added newlines to some - error messages - -2003-06-23 12:56 okir - - * trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c, - trunk/src/libopensc/iso7816.c, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/reader-ctapi.c, - trunk/src/libopensc/reader-openct.c, - trunk/src/libopensc/reader-pcsc.c: - added pinpad support for - OpenCT - -2003-06-18 20:49 sth - - * trunk/src/tools/pkcs11-tool.c: Some improvements to - gen_keypair() and write_object() - -2003-06-18 12:38 sth - - * trunk/src/include/winconfig.h, trunk/src/pkcs15init/profile.c: - Let sc_profile_locate() behave about the same way under Win32 - than under Linux - -2003-06-18 08:07 sth - - * trunk/docs/pkcs15-init.1, trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/framework-pkcs15init.c, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/tools/pkcs15-init.c: Now you can specify your card - profile for pkcs15init, both on the command line if you use the - pkcs15init tool and in the opensc.conf file. Not specifying - gives the default one, like before. - -2003-06-17 11:31 sth - - * trunk/src/libopensc/ctx.c: Changed strcat to strncat - -2003-06-16 09:45 aj - - * trunk/src/openssh/README, - trunk/src/openssh/openssh-3.6.1p2.diff: The code now asks for - the passphrase. - -2003-06-16 07:40 okir - - * trunk/src/pkcs15init/profile.c: - when loading a profile, check - all variations of .conf before itself - -2003-06-15 22:22 aj - - * trunk/src/tests/regression/Makefile.am: added makefile so - regression files will be included in tarball. - -2003-06-15 22:21 aj - - * trunk/src/openssh/openssh-3.6.1p2.README, - trunk/src/openssh/openssh-3.6.1p2.diff: current patch for - openssh. does not work. - -2003-06-15 22:20 aj - - * trunk/configure.in, trunk/src/pkcs15init/Makefile.am, - trunk/src/sslengines/Makefile.am, trunk/src/tests/Makefile.am: - makefile fixes, so the tarball will contain all files. - -2003-06-15 22:19 aj - - * trunk/src/openssh/Makefile.am: Doesn't work, but added current - openssh patch anyway. - -2003-06-15 12:56 okir - - * trunk/src/libopensc/iso7816.c: - iso7816_logout now invalidates - the path cache - -2003-06-15 11:56 jey - - * trunk/configure.in: A small fix in OpenCT detection. Bumped the - version number up to 0.8.0-rc2. - -2003-06-15 11:55 okir - - * trunk/docs/Makefile.am: - put HAVE_DOCBOOK conditional around - %.html rule - -2003-06-15 11:54 okir - - * trunk/configure.in: - added --without docbook - -2003-06-14 12:31 sth - - * trunk/src/pkcs15init/pkcs15-init.h: Add AuthID for pkcs15 data - objects - -2003-06-13 12:45 sth - - * trunk/src/Makefile.mak: Also compile the sslengines dir under - Windows - -2003-06-13 06:51 sth - - * trunk/src/pkcs11/openssl.c: Added #include , this - is needed for openssl 0.9.8 and higher where openssl/evp.h wont - include the algorithms anymore (Nils) - -2003-06-12 21:35 sth - - * trunk/src/pkcs15init/flex_onepin.profile, - trunk/src/pkcs15init/pkcs15-cflex.c: Added support for a new - cryptoflex profile, where the user (CHV1) is in charge of the - pkcs15 DF - -2003-06-12 21:23 sth - - * trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/tools/pkcs15-init.c: Add the AuthID when writing - pkcs15 data objects - -2003-06-12 21:14 sth - - * trunk/src/libopensc/asn1.c: Add support for non-optional ASN.1 - object that are empty - -2003-06-11 11:03 sth - - * trunk/src/pkcs15init/flex_so.profile: Added some info - -2003-06-11 10:56 okir - - * trunk/src/libopensc/card-starcos.c, - trunk/src/libopensc/cardctl.h: - starcos fixes from Nils - * trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-sec.c: - - New public function sc_add_padding - -2003-06-11 10:54 okir - - * trunk/configure.in: - another fix for --without-openct - -2003-06-11 10:53 okir - - * trunk/docs/Makefile.am: - dont fail if we dont have xsltproc - -2003-06-10 16:45 aj - - * trunk/src/pkcs15init/Makefile.am: added flex_so.profile, moved - list of all profiles to PROFILE - -2003-06-10 12:54 aj - - * trunk/docs/Makefile.am: makefile fix by Robert Bihlmeyer: - include usbtoken.html in distribution tarball. - -2003-06-10 06:32 okir - - * trunk/src/tests/p15dump.c: - prevent excessive calls to logout - -2003-06-10 06:31 okir - - * trunk/src/libopensc/iso7816.c: - iso7816_logout should call - driver specific select_file function, not the iso7816 generic - version - -2003-06-07 07:17 sth - - * trunk/src/pkcs15init/Makefile.am, - trunk/src/pkcs15init/flex_so.profile, - trunk/src/pkcs15init/pkcs15-cflex.c: Add support for a new - cryptoflex profile in which the SO (CHV1) is in charge of the - pkcs15 DF - -2003-06-04 19:17 sth - - * trunk/src/pkcs11/framework-pkcs15.c: Fix in - pkcs15_gen_keypair(): labels didnt work - -2003-06-04 18:37 sth - - * trunk/src/pkcs15init/pkcs15-lib.c: Fixed a type in previous patch - -2003-06-04 12:30 sth - - * trunk/src/tools/pkcs11-tool.c: A first implementation of - write_object(), mostly for testing purposes - -2003-06-04 12:26 sth - - * trunk/src/pkcs11/framework-pkcs15.c: some fixes to - pkcs15_create_object() and pkcs15_gen_keypair() - -2003-06-04 12:24 sth - - * trunk/src/pkcs11/misc.c: added a check for CKA_CERTIFICATE_TYPE - to attr_extract() - -2003-06-03 13:57 sth - - * trunk/etc/opensc.conf.example, - trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/misc.c, - trunk/src/pkcs11/openssl.c, trunk/src/pkcs11/pkcs11-object.c, - trunk/src/pkcs11/sc-pkcs11.h, trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/tools/pkcs11-tool.c: First implementation of - C_GenerateKeyPair() - -2003-05-30 09:54 okir - - * trunk/src/libopensc/pkcs15.h: - fixed typodef in - sc_pkcs15_*_info_t (spotted by Nils) - -2003-05-30 09:45 sth - - * trunk/src/pkcs15init/pkcs15-cflex.c: Compiler warning (result of - malloc not casted) - -2003-05-30 08:54 okir - - * trunk/src/libopensc/asn1.c, trunk/src/libopensc/base64.c, - trunk/src/libopensc/card-etoken.c, - trunk/src/libopensc/card-flex.c, - trunk/src/libopensc/card-mcrd.c, - trunk/src/libopensc/card-starcos.c, - trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/dir.c, trunk/src/libopensc/iso7816.c, - trunk/src/libopensc/log.c, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/pkcs15-algo.c, - trunk/src/libopensc/pkcs15-cache.c, - trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/pkcs15.h: - remove signedness warnings - printed by new gcc - -2003-05-30 08:33 okir - - * trunk/src/tools/opensc-tool.c: - added --name option - -2003-05-28 20:52 okir - - * trunk/src/tests/regression/functions, - trunk/src/tests/regression/init0002: - added function - skip_if_card to allow tests to be skipped for certain cards - * trunk/src/libopensc/card-default.c, - trunk/src/libopensc/card-etoken.c, - trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c, - trunk/src/libopensc/card-mcrd.c, - trunk/src/libopensc/card-miocos.c, - trunk/src/libopensc/card-setcos.c, - trunk/src/libopensc/card-starcos.c, - trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/opensc.h: - added card name to struct - sc_card to allow upper level apps to identify card type more - precisely - -2003-05-28 18:05 okir - - * trunk/src/tests/regression/erase: - added - -2003-05-28 13:36 okir - - * trunk/src/tests/regression/crypt0001, - trunk/src/tests/regression/crypt0002, - trunk/src/tests/regression/crypt0003, - trunk/src/tests/regression/crypt0004: - specify user pin when - erasing card - * trunk/src/tests/regression/run-all: - better handling of failures - -2003-05-28 08:30 okir - - * trunk/src/tests/regression/run-all: - allow specifying the list - of tests to be run on the command line - -2003-05-28 05:25 okir - - * trunk/src/tests/regression/crypt0001, - trunk/src/tests/regression/crypt0002, - trunk/src/tests/regression/crypt0003, - trunk/src/tests/regression/crypt0004, - trunk/src/tests/regression/functions: - fixed crypt* tests to - work with cryptoflex - -2003-05-28 05:24 okir - - * trunk/src/tests/regression/run-all: - added - -2003-05-27 15:58 aj - - * trunk/src/pam/Makefile.am, trunk/src/pam/pam_opensc.c, - trunk/src/pam/test-pam.c: moved main() function into it's own - file, killed duplicate compiling, made older - autoconf/make/libtool happy. - -2003-05-27 09:58 okir - - * trunk/src/pkcs11/framework-pkcs15.c: - return value of - pkcs15_login was ignored - -2003-05-26 09:30 aj - - * trunk/Makefile.am, trunk/configure.in: move autoconf helper - files to tools/ subdirectory. - -2003-05-24 19:31 aj - - * trunk/configure.in, trunk/src/libopensc/Makefile.am: configure - now accepts a path with --with-openct, and that directory is - searched, and variables OPENCT_CFLAGS, LIBS, LDFLAGS are set - (and used in src/libopensc/Makefile). - -2003-05-23 10:10 okir - - * trunk/src/tests/regression/functions, - trunk/src/tests/regression/init0001, - trunk/src/tests/regression/init0002, - trunk/src/tests/regression/init0003, - trunk/src/tests/regression/init0004, - trunk/src/tests/regression/init0005, - trunk/src/tests/regression/init0006, - trunk/src/tests/regression/init0007, - trunk/src/tests/regression/init0008, - trunk/src/tests/regression/init0009, - trunk/src/tests/regression/init0010, - trunk/src/tests/regression/init0011: - erase card using --secret - -2003-05-23 10:05 okir - - * trunk/src/pkcs15init/pkcs15-cflex.c: - fixed pin handling in - generate key - * trunk/src/libopensc/card-flex.c: - in pin_cmd, dont assume the - caller has properly initialized max_length and encoding - -2003-05-22 21:04 okir - - * trunk/src/pkcs15init/pkcs15-cflex.c: - fixed cryptoflex keygen - -2003-05-22 20:53 okir - - * trunk/src/libopensc/card-flex.c, trunk/src/libopensc/cardctl.h, - trunk/src/pkcs15init/pkcs15-cflex.c: - added cryptoflex RSA key - generation (not yet functional) - -2003-05-22 20:51 okir - - * trunk/src/libopensc/reader-openct.c: - less verbose debug - messages - -2003-05-22 19:34 okir - - * trunk/src/libopensc/card.c: - change debug level for - sc_lock/unlock - -2003-05-22 13:59 okir - - * trunk/src/libopensc/card.c: - fixed the hang with logout() - -2003-05-20 10:53 aj - - * trunk/aclocal/Makefile.am, trunk/aclocal/libtool.m4: libtool.m4 - is not required, and a version too old causes problems anyway. - -2003-05-20 08:30 sth - - * trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/iso7816.c, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/sec.c, trunk/src/pkcs11/framework-pkcs15.c: - added sc_logout() functionality - -2003-05-18 10:08 okir - - * trunk/src/tools/pkcs15-init.c: - added option --secret - -2003-05-18 10:05 okir - - * trunk/src/pkcs15init/pkcs15-lib.c: - do_get_any_verify_pin: try - to look up p15 pin info from card - -2003-05-17 13:30 aj - - * trunk/aclocal/libtool.m4: replaced it with a newer version. - -2003-05-17 10:55 aj - - * trunk/src/tests/regression/functions, - trunk/src/tests/regression/init0003, - trunk/src/tests/regression/init0004, - trunk/src/tests/regression/init0005, - trunk/src/tests/regression/init0006, - trunk/src/tests/regression/init0008, - trunk/src/tests/regression/init0009, - trunk/src/tests/regression/init0010, - trunk/src/tests/regression/init0011: always create and use a - pin. removed --split-key, cardOS users have to specify it. three - new tests. - -2003-05-17 10:54 aj - - * trunk/src/tools/pkcs15-tool.c: Added --pin option to pkcs15-tool - -2003-05-17 09:18 okir - - * trunk/src/tests/regression/functions: - Disable colors for now - - use --assert-pristine to ensure card is pristine - -2003-05-17 09:10 okir - - * trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c: - added - sc_pkcs15init_set_secret - -2003-05-16 22:08 aj - - * trunk/src/pkcs11/Makefile.am, - trunk/src/pkcs11/rsaref/Makefile.am: fix include paths. include - files are supposed to be in opensc/ and opensc/rsaref/. - -2003-05-16 19:12 okir - - * trunk/src/tools/pkcs15-init.c: - redid option handling (you can - now call it with -ECPa 01 -G rsa/1024 - except there's a little - bug that prevents this from working properly) - implemented - --assert-pristine - -2003-05-16 19:11 okir - - * trunk/src/tools/util.c: - fix for previous change - -2003-05-16 16:41 okir - - * trunk/src/tools/util.c: - print_usage_and_die: skip hidden - options - -2003-05-16 16:33 okir - - * trunk/src/tools/pkcs11-tool.c: - in test_signature: check - CKA_SIGN before doing any signature tests - -2003-05-16 15:30 aj - - * trunk/src/libopensc/card-flex.c: egate cryptoflex 32 card can - generate key. updated the flags. - -2003-05-16 14:25 okir - - * trunk/src/tools/opensc-explorer.c: - display LIST_FILES and - CRYPTO ACs as well - -2003-05-16 14:24 okir - - * trunk/src/tests/regression/init0004: - minor fix - -2003-05-16 14:16 okir - - * trunk/src/pkcs15init/flex.profile: - make sure CREATE/DELETE are - protected - -2003-05-16 14:15 okir - - * trunk/src/libopensc/card-flex.c: - select file: do not interpret - INVALIDATE/REHAB AC bits for DFs - -2003-05-16 09:51 okir - - * trunk/src/tests/regression/functions: - added some color - -2003-05-16 09:34 okir - - * trunk/src/pkcs15init/pkcs15.profile: - bump the CDF size, as we - now put the subject name in the label - -2003-05-16 09:27 okir - - * trunk/src/tests/regression/init0008, - trunk/src/tests/regression/test.p12: - added pkcs15-init pkcs12 - test case - -2003-05-16 09:14 okir - - * trunk/src/tests/regression/crypt0001, - trunk/src/tests/regression/crypt0002, - trunk/src/tests/regression/crypt0003, - trunk/src/tests/regression/crypt0004, - trunk/src/tests/regression/functions: - updated test scripts - -2003-05-16 07:42 okir - - * trunk/src/tests/regression/functions: - test set didnt abort if - p15_validate failed - -2003-05-15 15:42 okir - - * trunk/src/libopensc/card-miocos.c: - it seems the upper limit - for r/w binary is 244 - -2003-05-15 15:30 okir - - * trunk/src/tests/regression/README, - trunk/src/tests/regression/functions, - trunk/src/tests/regression/init0001, - trunk/src/tests/regression/init0002, - trunk/src/tests/regression/init0003, - trunk/src/tests/regression/init0004, - trunk/src/tests/regression/init0005, - trunk/src/tests/regression/init0006, - trunk/src/tests/regression/init0007: - more tests - -2003-05-15 15:29 okir - - * trunk/src/tools/pkcs15-init.c: - Allow "pkcs1-init --erase" - without further options - -2003-05-15 15:28 okir - - * trunk/src/tools/pkcs11-tool.c: - Do not try to C_Login if the - token doesn't require a login - -2003-05-15 15:27 okir - - * trunk/src/pkcs11/pkcs11-object.c, - trunk/src/pkcs11/pkcs11-session.c: - allow full access to keys - not protected by a PIN - -2003-05-15 15:26 okir - - * trunk/src/pkcs15init/etoken.profile: - increase size of PrKDF, - so that we have room for 2x2 split keys - -2003-05-15 13:33 okir - - * trunk/src/tools/pkcs15-init.c: - added --no-prompt - * trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h: - - erase card fixes: forget cached secrets, and use sc_free_apps - -2003-05-15 13:32 okir - - * trunk/src/libopensc/card.c, trunk/src/libopensc/dir.c, - trunk/src/libopensc/opensc.h: - added sc_free_apps to undo - sc_enum_apps - -2003-05-15 11:41 okir - - * trunk/src/libopensc/card-flex.c: - fixed card_ctl error message - -2003-05-15 11:39 okir - - * trunk/src/tools/pkcs15-init.c: - keygen: when --split-key is - given, try hardware keygen if usage permits - -2003-05-15 11:33 okir - - * trunk/src/tests/regression/functions, - trunk/src/tests/regression/init0001: - improved test cases - slightly - -2003-05-15 11:32 okir - - * trunk/src/tools/pkcs11-tool.c: - added --slot-label option to - find slot by label - -2003-05-15 11:31 okir - - * trunk/src/tools/pkcs15-init.c: - get_pin_callback takes an - additional label argument - add split key support to key - generation - -2003-05-15 11:30 okir - - * trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c: - get_pin callback now takes - additional label argument - call get_pin for ALL pins, not just - those listed in the profile - add split key support to - sc_pkcs15init_generate_key - -2003-05-15 11:29 okir - - * trunk/src/pkcs15init/pkcs15-etoken.c: - etoken_erase don't - assume PIN 0 is always the SO PIN - -2003-05-15 11:27 okir - - * trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: - - added sc_pkcs15_find_pin_by_reference - -2003-05-15 10:34 sth - - * trunk/src/pkcs11/framework-pkcs15.c: If signing/decryption fails - because the card lost its security status, try to log in again - and then do another attempt to sign/decrypt - -2003-05-14 19:13 okir - - * trunk/src/tests/regression/functions: - dont say all tests were - successful when we failed - * trunk/src/tests/regression/crypt0004: - show output of - pkcs15-init commands - -2003-05-14 16:29 okir - - * trunk/src/libopensc/pkcs15.c: - bumped buffer sizes for - EF(TokenInfo) labels - -2003-05-14 16:22 okir - - * trunk/src/tools/pkcs15-init.c: - minor usability updates - -2003-05-14 16:21 okir - - * trunk/src/tests/regression/functions, - trunk/src/tests/regression/init0001: - some tests for pkcs15-init - -2003-05-14 13:13 sth - - * trunk/src/sslengines/Makefile.mak, - trunk/src/sslengines/engine_pkcs11.c, - trunk/src/sslengines/engine_pkcs11.def, - trunk/src/sslengines/engine_pkcs11.h, - trunk/src/sslengines/hw_opensc.c, - trunk/src/sslengines/hw_pkcs11.c, - trunk/src/sslengines/p11_load.c, trunk/src/sslengines/p11_rsa.c, - trunk/src/sslengines/pkcs11-internal.h: Ported to Win32 - -2003-05-14 12:25 okir - - * trunk/src/libopensc/card-miocos.c: - restrict max read/write - size to 128 - -2003-05-14 12:00 okir - - * trunk/src/libopensc/reader-pcsc.c: - do not mess with Case 4 - APDUs unless we're doing T=0 - -2003-05-14 08:47 sth - - * trunk/src/libopensc/card-starcos.c: Some typos fixed and fixed - the algos for use in OpenSSH (Nils Larsch) - -2003-05-13 20:24 okir - - * trunk/src/libopensc/pkcs15-sec.c: - - sc_pkcs15_compute_signature(RSA_RAW): zero pad input if shorter - than modulus length - -2003-05-13 14:29 aj - - * trunk/src/libopensc/libopensc.pc.in: OpenSC header files are - included as #include Thus it has to be - -I/path/to/opensc/include and not - -I/path/to/opensc/include/opensc - -2003-05-13 14:06 aj - - * trunk/src/sslengines/p11_attr.c, - trunk/src/sslengines/p11_cert.c, trunk/src/sslengines/p11_key.c, - trunk/src/sslengines/p11_misc.c, trunk/src/sslengines/p11_rsa.c, - trunk/src/sslengines/p11_slot.c: added #include - killing warnings. - -2003-05-13 13:43 aj - - * trunk/src/libopensc/pkcs15.h: At least the rainbow ikey 3000 - need bigger labels. Label size should be 255, as per pkcs15. - -2003-05-13 07:06 sth - - * trunk/src/libopensc/pkcs15.c: Make sc_pkcs15_read_file() work if - the pkcs15 files contain only FIDs instead of file paths (Nils - Larsch) - -2003-05-12 20:37 aj - - * trunk/src/sslengines/Makefile.am: libpkcs11.h was missing from - EXTRA_DIST - -2003-05-12 20:21 aj - - * trunk/src/sslengines, trunk/src/sslengines/.cvsignore, - trunk/src/sslengines/Makefile.am, - trunk/src/sslengines/engine_opensc.c, - trunk/src/sslengines/engine_opensc.h, - trunk/src/sslengines/engine_pkcs11.c, - trunk/src/sslengines/engine_pkcs11.h, - trunk/src/sslengines/hw_opensc.c, - trunk/src/sslengines/hw_pkcs11.c, - trunk/src/sslengines/libpkcs11.h, - trunk/src/sslengines/p11_attr.c, - trunk/src/sslengines/p11_cert.c, trunk/src/sslengines/p11_err.c, - trunk/src/sslengines/p11_key.c, trunk/src/sslengines/p11_load.c, - trunk/src/sslengines/p11_misc.c, trunk/src/sslengines/p11_rsa.c, - trunk/src/sslengines/p11_slot.c, - trunk/src/sslengines/pkcs11-internal.h, - trunk/src/sslengines/test_engine.sh: new sslengines - implementation with pkcs11 and opensc backend. - -2003-05-12 20:18 aj - - * trunk/configure.in, trunk/src/Makefile.am: Add sslengines. - -2003-05-12 11:51 sth - - * trunk/src/libopensc/card-flex.c: Added decryption functionality - -2003-05-11 07:22 sth - - * trunk/src/libopensc/pkcs15-cert.c: Fixed: support for X.509 V1 - certs - -2003-05-08 10:42 sth - - * trunk/src/libopensc/card-gpk.c: Fix of the previous Win32 patch - related to the assumed absence of OPENSSL_cleanse(): this - function does is present on OpenSSL 0.9.7 but not on the beta4 - version - -2003-05-08 07:54 sth - - * trunk/src/pkcs11/libpkcs11.c: Added support for Mac bundles - -2003-05-02 15:12 aj - - * trunk/src/pkcs11/Makefile.am: oops, didn't remove reference to - sslrandom.c. fixed. - -2003-05-02 15:03 aj - - * trunk/src/openscd/Makefile.am, trunk/src/pam/Makefile.am, - trunk/src/pkcs11/Makefile.am, trunk/src/scam/Makefile.am, - trunk/src/scrandom/Makefile.am: this should fix the libscrandom - issue: the obvious solution is to create libscrandom.la (not .a) - and link with ../scrandom/libscrandom.la (not -lscrandom). - -2003-05-02 15:01 aj - - * trunk/src/usbtoken/main.c, trunk/src/usbtoken/pid.c: - added a - "nofork" parameter - changed the initialization order to fix a - race condition where the first usbtoken uses the id 1 and not 0 - - fixed a bug where all tokens always used id 0. now several - tokens work at the same time. - fixed a bug: pid files were - empty. - -2003-05-02 15:00 aj - - * trunk/src/libopensc/reader-usbtoken.c: - indent (maybe not such - a good idea?) - improved some error messages - -2003-05-02 14:57 aj - - * trunk/src/tools/opensc-explorer.c: improved "get" function: - - path is now by default like 3F00_5015_5031 instead of "3F00" - - the final message shows not only number of bytes but also the - filename. - -2003-05-02 14:33 sth - - * trunk/src/libopensc/card-gpk.c: Fix for Win32 where there's no - OPENSSL_cleanse() - -2003-05-02 13:38 sth - - * trunk/README.Win32: Little update on how to add OpenSSL support - -2003-05-02 08:01 sth - - * trunk/docs/Makefile.am, trunk/docs/pkcs11.txt: Added info about - the pkcs11 lib - -2003-05-01 14:09 aj - - * trunk/src/pam/Makefile.am, trunk/src/pkcs11/Makefile.am, - trunk/src/scam/Makefile.am, trunk/src/scrandom/Makefile.am: - Patch by Robert Bihlmeyer: - remove liscrandom - use scrandom.c - directly (list as part of the SOURCES) - -2003-04-30 12:24 sth - - * trunk/src/tools/pkcs11-tool.c: Dont give errors with -t option - if the private key doesnt support key unwrap - -2003-04-29 11:37 jey - - * trunk/src/libopensc/card-starcos.c: - Yet another test commit - -2003-04-29 11:10 sth - - * trunk/configure.in, trunk/src/pkcs11/Makefile.am, - trunk/src/scrandom/Makefile.am: Build libscrandom in both .a and - .so versions (by R. Bihlmeyer) - -2003-04-29 09:27 sth - - * trunk/src/libopensc/asn1.c: Removed some compiler warnings - -2003-04-28 16:34 jey - - * trunk/src/libopensc/card-starcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/iso7816.c, trunk/src/libopensc/opensc.h: - - Renamed card->chopsize to max_le, which is more descriptive - - Changed a few checks to asserts - -2003-04-28 16:29 aj - - * trunk/src/libopensc/asn1.c: Nils fixed asn1 code to detect two - byte "file name" versus longer real paths. - * trunk/src/libopensc/card-starcos.c: Comment fixed by Nils: - should be 0x80 or 128, but not "80 bytes". - -2003-04-28 09:55 sth - - * trunk/src/pkcs11/pkcs11-global.c: Avoid an Assertion Failed - (ctx!=NULL) in log.c if sc_establish_context() fails in - C_Initialize() - -2003-04-27 19:08 aj - - * trunk/src/libopensc/card-starcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/iso7816.c, trunk/src/libopensc/opensc.h: - create card->chopsize, init it with SC_APDU_CHOP_SIZE, allow - cards to change that value, and add code to starcos_init to set - chopsize to 80. chopsize is used with read_binary and friends to - chop the data into small requests, read/write them, and - reassemble. - -2003-04-27 15:05 aj - - * trunk/src/libopensc/asn1.c: Only look at first byte for end of - data detection. That way not only 0,0 and ff,ff is recognized - and 0,ff,ff,ff... will not cause trouble. - -2003-04-25 10:03 aj - - * trunk/src/libopensc/card-starcos.c, - trunk/src/libopensc/pkcs15-pin.c, trunk/src/tools/pkcs11-tool.c: - Nils Larsch: here is a patch to remove a bug in card-starcos.c - and two warnings: card-starcos.c: fix apdu.le value - pkcs15-pin.c: remove unused labels => avoid compiler warnings - pkcs11-tool.c : remove memory leak (a RSA_free() was missing) - and simplify code (+ remove warning). - -2003-04-25 07:51 sth - - * trunk/src/libopensc/pkcs15-sec.c: Allow empty key file paths in - compute_signature and decipher - -2003-04-24 07:03 sth - - * trunk/src/pkcs11/README, trunk/src/pkcs11/pkcs11-global.c: Have - a compile option to enable PTHREAD locking at the pkcs11 level - -2003-04-23 11:46 sth - - * trunk/src/libopensc/ctx.c: Extended caching for single-user - Windows OSes (Win98) - -2003-04-23 10:40 aj - - * trunk/AUTHORS: Changed Roberts email address as requested. - -2003-04-23 09:52 sth - - * trunk/src/pkcs11/pkcs11-global.c: Disabled OS thread locking on - OSes with PTHREAD due to closing problems with Mozilla - -2003-04-23 08:47 sth - - * trunk/src/libopensc/pkcs15-sec.c: Added - SC_PKCS15_PRKEY_USAGE_NONREPUDIATION as a valid signature usage - -2003-04-22 20:43 sth - - * trunk/src/tools/pkcs11-tool.c: Fix in case no OpenSSL is present - -2003-04-22 17:02 aj - - * trunk/Makefile.am, trunk/src/pkcs11/Makefile.am, - trunk/src/pkcs11/rsaref/Makefile.am, trunk/src/scam/Makefile.am: - remove references to SCIDI sanitize pkcs11 include header - references (now they are installed in rsaref/ subdir, and - pkcs11.h is *not* overwritten). remove automake 1.5 requirement - (automake 1.4 on debian stable/woody works fine) - -2003-04-22 17:00 aj - - * trunk/AUTHORS, trunk/configure.in, trunk/docs/Makefile.am, - trunk/src/libopensc/card-gpk.c, - trunk/src/libopensc/reader-usbtoken.c, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c, trunk/src/scam/p15_eid.c, - trunk/src/signer/Makefile.am, trunk/src/tools/pkcs11-tool.c: - - add robert to Authors as contributor of bug fixes - configure - code finally working. engine is detected and path to libcrypto.a - is also set. - roberts fix for reader-usbtoken.c - card-gpk.c - migraton to DES_ routines with #define for 0.9.6 openssl. - man - pages: do not ship pkcs15-profile.5 (.in is in the tarfile) - - assuan: replace "strcpy(stpcpy(.., ..), ..)" with - "strcat(strcpy(.., ..), ..)" which looks good, but nobody uses - assuan I guess ? - declaration of sc_pkcs15init_set_lifecycle - kills a warning - #include kills a warning (or - compile problem?) - removed unused txt[256]; from p15_eid (kills - a warning) - now "ln -s" the signer plugin to the plugin - directory. - moved key_out direction to the beginning of a - function (kills a warning or compile error) - changed - pkcs11-tool option "quiet" to "verbose" to conform to other - tools. - made algo argument to wrap_unwrap a "const" (kills - several warnings) - -2003-04-22 12:41 sth - - * trunk/README.Win32, trunk/win32/Makefile.am, - trunk/win32/readme.txt: Moved win32/readme.txt to README.Win32, - and updated this file - -2003-04-22 12:26 sth - - * trunk/src/tools/pkcs11-tool.c: Fixed an OpenSSL issue with MacOSX - -2003-04-22 07:51 sth - - * trunk/src/libopensc/reader-pcsc.c: Correction of the previous - insert-remove fix - -2003-04-21 15:02 jey - - * trunk/docs, trunk/docs/.cvsignore, trunk/win32/Makefile.am: - - added missing win32/Makefile.am - added usbtoken.html to - docs/.cvsignore - -2003-04-21 15:01 jey - - * trunk/Makefile.am, trunk/configure.in, trunk/docs/Makefile.am, - trunk/src/Makefile.am, trunk/src/include/Makefile.am, - trunk/src/libopensc/Makefile.am, trunk/src/openscd/Makefile.am, - trunk/src/openscd/openscd.c, trunk/src/pkcs11/Makefile.am, - trunk/src/pkcs15init/Makefile.am, trunk/src/scconf/Makefile.am, - trunk/src/scrandom/Makefile.am, trunk/src/tests/Makefile.am: - - applied build fixes from Andreas - -2003-04-21 12:52 jey - - * trunk/AUTHORS: - fixed Olaf's e-mail address in AUTHORS =) - -2003-04-21 12:45 jey - - * trunk/bootstrap: - trimmed bootstrap script a bit as suggested - by Andreas - -2003-04-21 12:39 jey - - * trunk/src/signer/opensc-crypto.c: - fixed a typo - -2003-04-21 12:36 jey - - * trunk/src/openscd/Makefile.am: - Do not install openscd for now - -2003-04-21 12:29 jey - - * trunk/src/libopensc/pkcs15-sec.c: - fixed add_padding() in the - case where padding is request, but input isn't a hash. - -2003-04-21 12:01 jey - - * trunk/NEWS: - NEWS entry for 0.8.0 - -2003-04-21 11:40 jey - - * trunk/src/libopensc/card-flex.c: - fixed CHV changing with a - CryptoFlex - -2003-04-18 15:42 sth - - * trunk/src/pkcs11/framework-pkcs15.c: Allow non-repudation as a - signature usage - -2003-04-18 14:57 sth - - * trunk, trunk/.cvsignore, trunk/src/common, - trunk/src/common/.cvsignore, trunk/src/libopensc, - trunk/src/libopensc/.cvsignore, trunk/src/pkcs11, - trunk/src/pkcs11/.cvsignore, trunk/src/pkcs15init, - trunk/src/pkcs15init/.cvsignore, trunk/src/scconf, - trunk/src/scconf/.cvsignore, trunk/src/scrandom, - trunk/src/scrandom/.cvsignore, trunk/src/tests, - trunk/src/tests/.cvsignore, trunk/src/tools, - trunk/src/tools/.cvsignore, trunk/src/usbtoken, - trunk/src/usbtoken/.cvsignore: Added some files to ignore, also - for Windows - -2003-04-18 11:58 sth - - * trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/sc-pkcs11.h: - Have a sec delay in C_GetSlotInfo() per reader instead of a - global delay - -2003-04-18 11:55 sth - - * trunk/src/pkcs11/libpkcs11.c: Added code for MacOSX - -2003-04-17 14:39 okir - - * trunk/src/tools/pkcs11-tool.c: - added tests for key unwrap - -2003-04-17 14:38 okir - - * trunk/src/pkcs11/framework-pkcs15.c: - bugfix for unwrap - - support getattr(CKA_VALUE) for public key objects - -2003-04-17 14:35 sth - - * trunk/src/libopensc/reader-pcsc.c: More robust detection of - removal/insertion events - -2003-04-17 13:25 okir - - * trunk/configure.in: - another fix to the engine test - -2003-04-17 13:23 okir - - * trunk/configure.in: - fixed test clause - -2003-04-17 13:13 okir - - * trunk/src/pkcs11/framework-pkcs15.c: - fixed signing and - hopefully unwrap for split keys - -2003-04-17 13:03 okir - - * trunk/src/pkcs11/framework-pkcs15.c: - fix for the previous - change - -2003-04-17 12:47 okir - - * trunk/configure.in: - only build sslengine if OpenSSL supports it - -2003-04-17 12:38 okir - - * trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/pkcs15.h, - trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/sc-pkcs11.h, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c, trunk/src/scam/p15_eid.c, - trunk/src/scam/p15_ldap.c, trunk/src/signer/opensc-crypto.c, - trunk/src/tools/pkcs15-crypt.c, trunk/src/tools/pkcs15-init.c: - - implemented split-key support for CardOS - -2003-04-17 11:04 okir - - * trunk/src/pkcs11/pkcs11-object.c: - fixed compiler warning - -2003-04-17 09:39 okir - - * trunk/src/tools/pkcs15-init.c: - Allow command line --key-usage - to be more restrictive than the usage given by the certificate - (pkcs12) - -2003-04-17 09:37 okir - - * trunk/src/scam/p15_eid.c: - when no specific reader is required, - just select the first one that holds a card - when computing RSA - signatures, don't assume the card supports raw RSA - the it the - challenge is a sha1 digest instead. - -2003-04-16 20:52 okir - - * trunk/src/libopensc/asn1.c, trunk/src/libopensc/asn1.h, - trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15-pubkey.c, - trunk/src/libopensc/pkcs15.c: - fixed endianness problem with - encoding/deconding of bit fields - -2003-04-16 19:50 sth - - * trunk/src/pkcs11/Makefile.mak: Added debug.obj - -2003-04-16 19:49 sth - - * trunk/src/libopensc/Makefile.mak: Added card-starcos - -2003-04-16 19:03 okir - - * trunk/configure.in, trunk/src/Makefile.am: - merged SSL ENGINE - patch from Kevin Stefanik - -2003-04-16 17:00 okir - - * trunk/src/scam/Makefile.am: - removed SCIDI stuff - -2003-04-16 16:59 okir - - * trunk/src/libopensc/ctx.c, trunk/src/libopensc/opensc.h: - - integrate starcos driver - -2003-04-16 16:01 okir - - * trunk/src/libopensc/card-gpk.c: - fixed some compiler warnings - -2003-04-16 15:58 okir - - * trunk/src/libopensc/opensc.h: - added - SC_SEC_OPERATION_AUTHENTICATE for starcos driver - -2003-04-16 15:56 okir - - * trunk/src/libopensc/reader-pcsc.c: - get rid of warning - -2003-04-16 15:53 okir - - * trunk/src/tools/pkcs11-tool.c: - getting CKA_LABEL would not - 0-terminate the string - -2003-04-16 14:38 okir - - * trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/tools/pkcs15-init.c: - moved the lifecycle stuff to - libpkcs15init - -2003-04-16 14:27 okir - - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/card-starcos.c: - Added starcos driver - -2003-04-16 14:20 okir - - * trunk/src/openscd/Makefile.am, trunk/src/pam/Makefile.am, - trunk/src/pkcs11/Makefile.am, trunk/src/pkcs15init/Makefile.am, - trunk/src/scam/Makefile.am, trunk/src/sia/Makefile.am, - trunk/src/tests/Makefile.am, trunk/src/tools/Makefile.am: - - backed out AM_LDFLAGS change - -2003-04-16 14:18 okir - - * trunk/src/pkcs11/Makefile.am, trunk/src/pkcs11/debug.c, - trunk/src/pkcs11/misc.c, trunk/src/pkcs11/pkcs11-object.c, - trunk/src/pkcs11/sc-pkcs11.h: - improved debugging output of - CK_ATTRIBUTE data - -2003-04-16 14:17 okir - - * trunk/src/pkcs11/framework-pkcs15.c: - in getattr(CKA_LABEL), do - not include trailing NUL - -2003-04-16 14:16 okir - - * trunk/src/tools/pkcs15-init.c: - when getting certs from a p12 - file, put the subject name into the cert labels - -2003-04-16 12:01 sth - - * trunk/src/libopensc/reader-pcsc.c: Correction of the previous - patch for MacOSX - -2003-04-16 11:50 okir - - * trunk/src/tools/pkcs15-init.c: - import all certs from a pkcs12 - file - -2003-04-16 10:20 okir - - * trunk/src/libopensc/errors.c, trunk/src/libopensc/errors.h: - - new error code SC_ERROR_CANNOT_LOAD_KEY - -2003-04-16 10:19 okir - - * trunk/src/libopensc/card.c: - don't complain about - read/write/update binary with a length of 0 - -2003-04-16 08:33 okir - - * trunk/src/libopensc/reader-openct.c: - dont return error in - detect_card_presence if there is no reader - -2003-04-15 20:06 okir - - * trunk/src/tools/cardos-info.c, trunk/src/usbtoken/etoken.c, - trunk/src/usbtoken/main.c: - a few more changes from Andreas - -2003-04-15 17:10 sth - - * trunk/src/libopensc/ctx.c: First thing written in the debug log - will be ========== - -2003-04-15 15:59 sth - - * trunk/src/libopensc/reader-pcsc.c: include for MacOSX added - -2003-04-14 17:29 sth - - * trunk/src/pkcs11/framework-pkcs15.c: Have allways a label in - CK_TOKEN_INFO - -2003-04-14 15:19 okir - - * trunk/src/libopensc/card-etoken.c: - fix pkcs11 signatures with - etoken - -2003-04-14 14:51 okir - - * trunk/docs/pkcs15-tool.1, trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/pkcs15.h, trunk/src/tools/pkcs15-tool.c: - - added pkcs15 unblock functionality - -2003-04-14 14:49 okir - - * trunk/AUTHORS: Update - -2003-04-14 10:57 okir - - * trunk/configure.in: - changed version to CVS - -2003-04-14 10:33 okir - - * trunk/src/libopensc/card-etoken.c: - explicitly mention we do - raw RSA - -2003-04-14 08:17 okir - - * trunk/src/libopensc/card-gpk.c, trunk/src/libopensc/card.c: - - suppress "not supported" error messages from sc_card_ctl - -2003-04-14 07:44 okir - - * trunk/src/tools/opensc-explorer.c: - fixed unblock command when - puk given in hex notation - -2003-04-11 15:29 okir - - * trunk/configure.in, trunk/docs/usbtoken.xml, - trunk/src/libopensc/Makefile.am, trunk/src/tools/Makefile.am, - trunk/src/tools/cardos-info.c, trunk/src/usbtoken/etoken.c: - - more fixes from Andreas - -2003-04-11 15:26 sth - - * trunk/src/tools/Makefile.mak: Added cardos-info.exe - -2003-04-11 14:48 okir - - * trunk/src/pkcs15init/pkcs15-cflex.c, - trunk/src/pkcs15init/pkcs15-etoken.c, - trunk/src/pkcs15init/pkcs15-gpk.c, - trunk/src/pkcs15init/pkcs15-miocos.c: - reverted previous patch - -2003-04-11 14:42 okir - - * trunk/src/libopensc/reader-openct.c: - try to deal more - gracefully with hotplug events - * trunk/src/libopensc/ctx.c: - include config.h - * trunk/src/libopensc/errors.c, trunk/src/libopensc/errors.h: - - added hotplug errors - -2003-04-11 14:22 sth - - * trunk/src/pkcs11/pkcs11-global.c: Removed some errors that - occured with unsupported cards - -2003-04-11 13:55 okir - - * trunk/src/tools/cardos-info.c: - added - -2003-04-11 11:48 okir - - * trunk/src/tools/Makefile.am: - new tool cardos-info from Andreas - -2003-04-11 11:47 okir - - * trunk/src/libopensc/card-etoken.c, - trunk/src/libopensc/cardctl.h, trunk/src/tools/pkcs15-init.c: - - support for lifecycle cardctl; cardos lifecycle support - -2003-04-11 11:46 okir - - * trunk/AUTHORS, trunk/docs/usbtoken.xml, - trunk/src/libopensc/reader-usbtoken.c, trunk/src/usbtoken/atr.c, - trunk/src/usbtoken/etoken.c, trunk/src/usbtoken/eutron.c, - trunk/src/usbtoken/ikey2k.c, trunk/src/usbtoken/ikey3k.c, - trunk/src/usbtoken/main.c, trunk/src/usbtoken/pid.c, - trunk/src/usbtoken/socket.c, trunk/src/usbtoken/t1.c, - trunk/src/usbtoken/usb.c, trunk/src/usbtoken/usbtoken.h: - - usbtoken fixes from Andreas - * trunk/src/openscd/Makefile.am, trunk/src/pam/Makefile.am, - trunk/src/pkcs11/Makefile.am, trunk/src/pkcs15init/Makefile.am, - trunk/src/pkcs15init/pkcs15-cflex.c, - trunk/src/pkcs15init/pkcs15-etoken.c, - trunk/src/pkcs15init/pkcs15-gpk.c, - trunk/src/pkcs15init/pkcs15-miocos.c, - trunk/src/scam/Makefile.am, trunk/src/sia/Makefile.am, - trunk/src/tests/Makefile.am, trunk/src/tools/Makefile.am: - - build fixes from Andreas - -2003-04-11 11:42 okir - - * trunk/configure.in: - added --enable-usbtoken - added - --with-openct - -2003-04-11 11:41 okir - - * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/ctx.c, - trunk/src/libopensc/opensc.h, - trunk/src/libopensc/reader-openct.c: - Added OpenCT reader - support - -2003-04-11 11:28 okir - - * trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs11-tool.c, - trunk/src/tools/pkcs15-crypt.c, trunk/src/tools/pkcs15-tool.c: - - getopt cleanup from aj - -2003-04-11 11:19 okir - - * trunk/src/scconf/lex-parse.l: - fix for newer flex versions - -2003-04-11 10:32 okir - - * trunk/src/tests/print.c: - Textual representation of PIN - encoding instead of "Type: 1" - * trunk/src/pkcs15init/profile.c: - Don't set PIN defaults until - after we've parsed _all_ cardinfo blocks - -2003-04-11 10:31 okir - - * trunk/src/pkcs15init/flex.profile, - trunk/src/pkcs15init/pkcs15-cflex.c: - fix for 2048 bit keys on - cflex - -2003-04-11 10:30 okir - - * trunk/src/libopensc/pkcs15.h: - added SC_PKCS15_PIN_TYPE_* - defines for weirdo encodings - -2003-04-10 09:16 okir - - * trunk/src/libopensc/card-flex.c, - trunk/src/libopensc/reader-pcsc.c: - fixes for le=00/lc=00 - problems - -2003-04-09 20:19 sth - - * trunk/src/libopensc/pkcs15.c: better fix then the previous for - the assertion failed bug - -2003-04-07 10:44 sth - - * trunk/win32/makedef.pl: Dont include DllMain in the exports - -2003-04-04 09:52 sth - - * trunk/src/libopensc/pkcs15.c: Fix: assertion failed - (lock_count>=0) in sc_pkcs15_bind() - -2003-04-03 18:19 okir - - * trunk/src/libopensc/card.c: - fix sc_transmit_apdu to properly - deal with le=00 - -2003-04-03 14:38 okir - - * trunk/docs/Makefile.am: - added *.3 manpages - -2003-04-03 14:34 okir - - * trunk/docs/sc_connect_card.3, - trunk/docs/sc_detect_card_presence.3, - trunk/docs/sc_disconnect_card.3, - trunk/docs/sc_establish_context.3, trunk/docs/sc_file.3, - trunk/docs/sc_file_free.3, trunk/docs/sc_file_new.3, - trunk/docs/sc_list_files.3, trunk/docs/sc_lock.3, - trunk/docs/sc_read_binary.3, trunk/docs/sc_read_record.3, - trunk/docs/sc_release_context.3, trunk/docs/sc_select_file.3: - - wrote a bunch of manual pages - -2003-04-03 13:18 okir - - * trunk/src/libopensc/opensc.h: - added sc_reader_t - -2003-04-03 09:53 okir - - * trunk/docs/usbtoken.xml, trunk/src/usbtoken/Makefile.am, - trunk/src/usbtoken/atr.c, trunk/src/usbtoken/eutron.c, - trunk/src/usbtoken/main.c, trunk/src/usbtoken/socket.c: - - usbtoken fixes from Andreas - * trunk/src/libopensc/card-etoken.c: - changed description - -2003-04-03 09:52 okir - - * trunk/src/tools/opensc-tool.c: - opensc-tool -f: don't crash on - large or record structured files - -2003-04-03 09:51 okir - - * trunk/src/tools/pkcs15-tool.c: - minor printf fix - -2003-04-03 09:46 okir - - * trunk/src/libopensc/pkcs15.c: - stubs for "synthetic" pkcs15 - tokens - -2003-04-02 06:59 sth - - * trunk/src/pkcs11/pkcs11-global.c: Fix: card detection in - C_GetSlotInfo is done at most once a second - -2003-04-02 06:58 sth - - * trunk/src/libopensc/opensc.h, trunk/src/libopensc/portability.c: - Added sc_current_time - -2003-03-28 13:28 okir - - * trunk/src/tools/opensc-tool.c: - opensc-tool -f should handle - files > 2K gracefully - -2003-03-28 13:26 okir - - * trunk/src/libopensc/card-etoken.c: - Remove workaround for t=1 - bug in etoken driver. - -2003-03-27 16:08 sth - - * trunk/src/pkcs11/framework-pkcs15.c: Fix: root certs could be - shown more then once - -2003-03-27 12:40 okir - - * trunk/docs/Makefile.am: - add usbtoken.html to dist files - -2003-03-27 10:20 okir - - * trunk/docs/Makefile.am: - usbtoken.html was listed twice - * trunk/configure.in: - autoconf fixes from Andreas J - -2003-03-27 10:19 okir - - * trunk/docs/Makefile.am, trunk/docs/usbtoken.xml: - added - usbtoken docs - -2003-03-27 10:14 okir - - * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/ctx.c, - trunk/src/libopensc/opensc.h, - trunk/src/libopensc/reader-usbtoken.c: - added reader driver for - usbtoken - -2003-03-27 10:12 okir - - * trunk/src/pkcs11/rsaref/Makefile.am: - added missing win32.h - -2003-03-27 10:08 okir - - * trunk/src/Makefile.am, trunk/src/include/opensc/Makefile.am, - trunk/src/include/opensc/rsaref/Makefile.am, - trunk/src/pam/Makefile.am: - top_srcdir/top_builddir fixes (aj) - -2003-03-27 10:06 okir - - * trunk/src/libopensc/libopensc.pc.in: - added - -2003-03-27 10:05 okir - - * trunk/src/pkcs15init/profile.c: - properly set max pin length - attr - -2003-03-27 10:02 okir - - * trunk/src/usbtoken, trunk/src/usbtoken/Makefile.am, - trunk/src/usbtoken/atr.c, trunk/src/usbtoken/etoken.c, - trunk/src/usbtoken/eutron.c, trunk/src/usbtoken/ikey2k.c, - trunk/src/usbtoken/ikey3k.c, trunk/src/usbtoken/main.c, - trunk/src/usbtoken/pid.c, trunk/src/usbtoken/socket.c, - trunk/src/usbtoken/t1.c, trunk/src/usbtoken/usb.c, - trunk/src/usbtoken/usbtoken.h: - Merged Andreas' usbtoken code - -2003-03-25 11:19 okir - - * trunk/src/tools/opensc-tool.c: - make sure all APDU fields are - zero when processing -s option - -2003-03-20 12:52 sth - - * trunk/src/libopensc/reader-pcsc.c: card remove/insert dection - for Win32 - -2003-03-12 10:20 okir - - * trunk/src/libopensc/card-gpk.c: - use OPENSSL_cleanse instead of - memset to zap DES key (Nils Larsch) - -2003-03-11 12:41 okir - - * trunk/configure.in: - libdir -> pcsc_libdir to avoid name clashes - -2003-03-11 11:00 okir - - * trunk/src/libopensc/ctx.c: - changed HAVE_LIBPCSCLITE -> - HAVE_PCSCLITE - -2003-03-11 10:59 okir - - * trunk/configure.in: - Updated PCSC test code; allow building - --without-pcsc - -2003-03-11 10:52 okir - - * trunk/bootstrap: - abort on errors - -2003-03-10 21:35 okir - - * trunk/src/pkcs11/Makefile.am: - dont install - rsaref/{unix.h,win32.h} - -2003-03-10 21:23 okir - - * trunk/src/libopensc/reader-pcsc.c: - minor cosmetic change - -2003-03-10 21:22 okir - - * trunk/src/libopensc/opensc.h: - bump SC_MAX_READERS to 16 - -2003-03-10 11:44 okir - - * trunk/Makefile.am, trunk/src/include/opensc/Makefile.am, - trunk/src/pkcs15init/Makefile.am, trunk/src/tests/Makefile.am: - - makefile cleanups - -2003-03-07 14:18 sth - - * trunk/src/pkcs11/slot.c: remove/insert fix: restore the - slot->reader in slot_token_removed - -2003-03-06 12:13 sth - - * trunk/win32/readme.txt: Corrections/additions for compiling with - OpenSSL on Windows - -2003-03-06 12:08 sth - - * trunk/win32/Make.rules.mak: Compile with /MD (multithreaded) - instead of /ML - -2003-03-04 15:47 sth - - * trunk/src/libopensc/card.c: bug fix in sc_connect_card: only the - first ATR in a config file was accepted - -2003-03-04 09:38 okir - - * trunk/src/libopensc/card-etoken.c: - fixed ATR - -2003-03-03 21:07 sth - - * trunk/src/pkcs11/misc.c: added error msg SC_ERROR_KEYPAD_TIMEOUT - -2003-03-03 13:07 okir - - * trunk/src/pkcs11/pkcs11-global.c: - more robust handling of - concurrent WaitForSlotEvent vs Finalize - -2003-03-03 13:03 sth - - * trunk/src/pkcs11/slot.c: fix: clear the CK_SLOT_INFO flags in - slot_token_removed - -2003-02-28 15:16 sth - - * trunk/src/pkcs11/framework-pkcs15.c: take the last 8 bytes of - the card as the pkcs11 serialNumber - -2003-02-28 12:47 sth - - * trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/slot.c: fix - in C_GetSlotInfo that previously cleared the slotDescription and - didnt clear the CKF_TOKEN_PRESENT flag - -2003-02-28 11:07 okir - - * trunk/src/tools/pkcs15-init.c: - renamed connect() to - open_reader_and_card() - -2003-02-26 07:27 sth - - * trunk/src/pkcs11/misc.c: added error code CKR_PIN_INVALID - -2003-02-23 20:10 sth - - * trunk/src/pkcs11/pkcs11-global.c: fixed wrong return value in - C_Finalize - -2003-02-23 19:38 sth - - * trunk/src/pkcs11/pkcs11-global.c: fixed some thread dead-lock - bugs - -2003-02-23 17:50 okir - - * trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/sc-pkcs11.h: - new pkcs15 object creation stuff - -2003-02-22 21:27 sth - - * trunk/src/libopensc/card.c: buf fix in sc_connect_card - -2003-02-21 15:40 sth - - * trunk/src/pkcs11/pkcs11-global.c: little fix in C_GetInfo - -2003-02-21 12:47 okir - - * trunk/src/pkcs11/pkcs11-session.c: - prevent compiler warning - -2003-02-21 12:29 sth - - * trunk/src/pkcs11/pkcs11-session.c: extra check in C_Logout - -2003-02-21 12:27 sth - - * trunk/src/pkcs11/framework-pkcs15.c: login should return - CKR_ARGUMENTS_BAD if wrong pin length - -2003-02-20 23:20 sth - - * trunk/src/tools/pkcs11-tool.c: removed unnecessary debugging - -2003-02-20 23:19 sth - - * trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/pkcs15.h, - trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs15init/pkcs15-lib.c, trunk/src/signer/dialog.c, - trunk/src/tests/pintest.c, trunk/src/tests/print.c, - trunk/src/tools/pkcs15-crypt.c, trunk/src/tools/pkcs15-init.c, - trunk/src/tools/pkcs15-tool.c: added support for max pin length - -2003-02-20 18:55 sth - - * trunk/src/pkcs11/pkcs11-session.c: NULL_PTR check added - -2003-02-20 18:54 sth - - * trunk/src/pkcs11/pkcs11-object.c: Let C_FindObjectsInit return - correctly - -2003-02-20 13:03 sth - - * trunk/src/libopensc/opensc.h: little fix of the previous commit - -2003-02-20 12:51 sth - - * trunk/src/libopensc/card-default.c, - trunk/src/libopensc/card-emv.c, - trunk/src/libopensc/card-etoken.c, - trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c, - trunk/src/libopensc/card-mcrd.c, - trunk/src/libopensc/card-miocos.c, - trunk/src/libopensc/card-setcos.c, - trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/iso7816.c, trunk/src/libopensc/opensc.h: - removed const in sc_card_driver (caused win32 crash) - -2003-02-19 21:10 sth - - * trunk/src/pkcs11/pkcs11-global.c, - trunk/src/pkcs11/pkcs11-session.c: more parameter checks + fix - in previous checks - -2003-02-19 13:44 sth - - * trunk/src/pkcs11/pkcs11-global.c, - trunk/src/pkcs11/pkcs11-object.c, - trunk/src/pkcs11/pkcs11-session.c, trunk/src/pkcs11/sc-pkcs11.h: - added check for NULL pointers and uninitialized pkcs11 lib - -2003-02-19 13:36 sth - - * trunk/src/libopensc/errors.c, trunk/src/libopensc/errors.h, - trunk/src/libopensc/reader-pcsc.c: added error: unresponsive card - -2003-02-17 16:53 sth - - * trunk/src/pkcs11/pkcs11-global.c: correct behaviour of - C_GetSlotInfo at empty slots - -2003-02-17 14:57 okir - - * trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/sc-pkcs11.h, - trunk/src/pkcs11/slot.c: - made card_detect() available to - everyone - C_GetSlotInfo now always does card detection, but - only for the reader which which the slot is associated - -2003-02-17 14:21 okir - - * trunk/src/pkcs11/pkcs11-global.c, - trunk/src/pkcs11/pkcs11-object.c, - trunk/src/pkcs11/pkcs11-session.c, trunk/src/pkcs11/sc-pkcs11.h, - trunk/src/pkcs11/slot.c: - Introduce locks around all pkcs11 - operations, in case the caller is multithreaded and wants to - access us from different threads. - -2003-02-17 11:09 sth - - * trunk/src/tools/pkcs11-tool.c: some cleared messages - -2003-02-16 20:25 okir - - * trunk/src/libopensc/card-gpk.c: - fixed change/unblock pin for - GPK - -2003-02-16 18:09 sth - - * trunk/src/pkcs11/misc.c: added error code CKR_USER_NOT_LOGGED_IN - -2003-02-14 16:59 sth - - * trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/sc-pkcs11.h, - trunk/src/pkcs11/slot.c: reset first_free_slot during - C_Initialize - -2003-02-12 14:20 sth - - * trunk/src/pkcs11/misc.c: added the CKR_DEVICE_REMOVED return code - * trunk/src/libopensc/reader-pcsc.c: get the right error code on - card removal - -2003-02-11 10:38 sth - - * trunk/src/pkcs11/misc.c: added p11 error CKR_PIN_LOCKED - -2003-02-10 14:08 okir - - * trunk/src/tools/pkcs11-tool.c: - fixed minor compile warning - * trunk/src/pkcs11/sc-pkcs11.h, trunk/src/pkcs11/slot.c: - Each - reader now gets a fixed range of slots - Each slot now shows the - reader name in the description field - -2003-02-06 14:46 sth - - * trunk/src/libopensc/pkcs15-sec.c: added locking to - sc_pkcs15_decipher and sc_pkcs15_compute_signature - -2003-02-05 15:43 okir - - * trunk/src/libopensc/dir.c, trunk/src/libopensc/pkcs15.c: - fixed - typo in previous patch - -2003-02-05 15:39 okir - - * trunk/src/libopensc/pkcs15.c: - fixed typo in previous patch - -2003-02-05 14:45 okir - - * trunk/src/libopensc/dir.c, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/pkcs15.c: - Support Belgian eID - be less - pedantic about the AID listed in EF(DIR) - -2003-02-05 13:55 sth - - * trunk/src/tools/pkcs11-tool.c: added support for pin pad readers - + change pin - -2003-02-03 12:32 okir - - * trunk/src/pkcs11/slot.c: - suppress bogus insertion events - -2003-02-03 12:23 okir - - * trunk/src/tools/pkcs11-tool.c: - Added test for WaitForSlotEvent - - fixed a bunch of compiler warnings - -2003-02-03 12:20 okir - - * trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/sc-pkcs11.h, - trunk/src/pkcs11/slot.c: - merged Stef's WaitForSlotEvent patches - * trunk/src/pkcs11/openssl.c: - fixed compiled warning - -2003-02-03 12:17 okir - - * trunk/src/libopensc/asn1.c, trunk/src/libopensc/asn1.h, - trunk/src/libopensc/pkcs15-pubkey.c: - pubkey asn.1 encoding fix - -2003-02-01 20:26 sth - - * trunk/src/tools/pkcs15-tool.c: now also caching if file->size - differs from what sc_read_binary() returns - -2003-01-31 15:32 sth - - * trunk/src/tools/pkcs11-tool.c: added signature test for all keys - -2003-01-31 12:50 sth - - * trunk/src/pkcs11/misc.c: added: opensc SC_ERROR_KEYPAD_CANCELLED - -> pkcs11 CKR_FUNCTION_CANCELED - -2003-01-30 09:45 sth - - * trunk/src/libopensc/dir.c: file size fix + removed unnecessary - code from previous commit - -2003-01-28 15:39 sth - - * trunk/src/pkcs11/slot.c: the slot's slotDescription is now the - reader name - -2003-01-28 15:37 sth - - * trunk/src/pkcs11/framework-pkcs15.c: selection between SHA-1 and - RIPEMD160 sigs when 35 bytes supplied - -2003-01-28 15:36 sth - - * trunk/src/libopensc/dir.c: made buf[1024] dynamic (malloc) - -2003-01-27 13:43 sth - - * trunk/src/pkcs11/slot.c: typo fix - -2003-01-27 13:33 sth - - * trunk/src/tools/pkcs11-tool.c: some fixes + added cert viewing - for -O option - -2003-01-27 13:17 sth - - * trunk/src/pkcs11/slot.c: added return value + fix (needed if - hide_empty_slots = true - -2003-01-27 13:01 sth - - * trunk/src/libopensc/reader-pcsc.c: Fixes for Windows, who's - PC/SC has more events that interfere with insert/removal events - -2003-01-24 15:24 jey - - * trunk/configure.in: - Remove openscd for now - -2003-01-22 08:34 okir - - * trunk/src/libopensc/card-flex.c: - cflex 32k v4 supports keygen - -2003-01-21 15:29 okir - - * trunk/src/tools/pkcs11-tool.c: - fixed two minor issues in p11 - test code - -2003-01-20 12:09 okir - - * trunk/src/libopensc/ctx.c: - fixed previous %windir% change - -2003-01-20 11:40 okir - - * trunk/src/libopensc/card-etoken.c: - new ATR for eToken PRO 32k - reported by Kevin Stefanik - -2003-01-20 10:22 okir - - * trunk/src/libopensc/pkcs15.c: - sc_pkcs15_read_file: gracefully - deal with short reads - -2003-01-20 10:12 okir - - * trunk/src/include/winconfig.h, trunk/src/libopensc/ctx.c: - Get - opensc.conf from %windir% rather than hard-coded C:\\WINNT (Stef) - -2003-01-20 10:02 okir - - * trunk/src/tools/pkcs11-tool.c: - a few minor changes from Stef - -2003-01-20 09:57 okir - - * trunk/src/pkcs11/Makefile.am: - link against libscrandom.a, no - libscrandom.la - -2003-01-20 09:56 okir - - * trunk/src/pkcs11/mechanism.c: - fixed typo in previous patch - * trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-pubkey.c, - trunk/src/libopensc/pkcs15.c: - slightly more verbose error - messages when ASN.1 parsing fails - -2003-01-20 09:53 okir - - * trunk/src/libopensc/asn1.c: - do not encode zero length sequences - -2003-01-20 09:52 okir - - * trunk/src/pkcs11/mechanism.c: - fix sc_pkcs11_signature_size to - return modulus size in bytes, not bits (Stef) - -2003-01-20 09:50 okir - - * trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/sc-pkcs11.h, - trunk/src/pkcs11/slot.c: - added card_detect_all - -2003-01-19 17:47 okir - - * trunk/TODO, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/reader-ctapi.c, - trunk/src/libopensc/reader-pcsc.c, trunk/src/pkcs11/Makefile.am, - trunk/src/pkcs11/slot.c, trunk/src/scam/scam.c, - trunk/src/tests/sc-test.c, trunk/src/tools/cryptoflex-tool.c, - trunk/src/tools/pkcs11-tool.c, trunk/src/tools/util.c: - add - some support for card removal in pkcs11 - -2003-01-16 20:10 okir - - * trunk/src/pkcs11/Makefile.mak, - trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/framework-pkcs15init.c, - trunk/src/pkcs11/openssl.c, trunk/src/pkcs11/pkcs11-object.c, - trunk/src/pkcs11/sc-pkcs11.h, trunk/src/scrandom/Makefile.mak, - trunk/src/tools/pkcs11-tool.c: - Patches from Stef implementing - PKCS11 RNG related functions - -2003-01-15 13:20 okir - - * trunk/src/tools/opensc-explorer.c: - added command "random" - * trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c, - trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/opensc.h: - - added SC_CARD_CAP_RNG - -2003-01-14 19:55 aet - - * trunk/src/libopensc/card-flex.c, trunk/src/libopensc/ctbcs.c, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-data.c, - trunk/src/libopensc/pkcs15.c, trunk/src/pkcs11/openssl.c, - trunk/src/tests/base64.c, trunk/src/tools/pkcs11-tool.c, - trunk/src/tools/pkcs15-init.c: C++ warning fixes (assuan - excluded) - -2003-01-14 16:49 okir - - * trunk/src/libopensc/card-flex.c: - mask out additional flags in - the card type byte when asked for the AAK - -2003-01-14 16:44 okir - - * trunk/src/libopensc/card-flex.c: - added ATR for Cryptoflex 32k - v4 - -2003-01-14 14:26 okir - - * trunk/src/libopensc/Makefile.mak, - trunk/src/libopensc/portability.c: - win32 fixes for mutex change - -2003-01-14 13:31 aet - - * trunk/src/libopensc/portability.c: A small warning / compile fix - -2003-01-14 11:22 okir - - * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/card.c, - trunk/src/libopensc/ctx.c, trunk/src/libopensc/internal.h, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/portability.c: - - merged mutex patches from Serge Koganovitsch (Zetes) - created - new file portability.c and moved the whole mutex stuff there (so - we don't pollute public header files with #ifdef HAVE_XXX - anymore) - -2003-01-13 21:38 okir - - * trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/framework-pkcs15init.c, - trunk/src/pkcs11/misc.c, trunk/src/pkcs11/pkcs11-global.c, - trunk/src/pkcs11/sc-pkcs11.h, trunk/src/pkcs11/slot.c: - Another - go at the empty slot/empty token issue - -2003-01-09 12:33 okir - - * trunk/src/libopensc/pkcs15.c: - fix to previous patch: if - use_cache is given in both the default and the application conf - block, use the latter - -2003-01-09 12:31 okir - - * trunk/src/libopensc/pkcs15.c: - actually honor the use_cache - config option - -2003-01-09 11:41 okir - - * trunk/src/include/winconfig.h: - PATH_MAX fix for win32 (Stef) - -2003-01-09 09:18 okir - - * trunk/src/libopensc/ctx.c, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/pkcs15-cache.c: - when caching pkcs15 files, - transparently create the cache dir if not there - -2003-01-09 09:14 okir - - * trunk/src/tools/pkcs15-tool.c: - learn_card: the cache directory - is now created by libopensc - -2003-01-09 09:09 okir - - * trunk/src/tools/pkcs15-init.c: - reordered options for help - message - * trunk/src/tools/util.c: - fix the help message for - --very-long-options - -2003-01-09 08:46 okir - - * trunk/src/libopensc/pkcs15-cache.c: - use "wb" rather than "w" - in fopen (Stef) - -2003-01-09 08:45 okir - - * trunk/src/tools/pkcs15-tool.c: - fixed message in --learn-card - -2003-01-09 07:31 okir - - * trunk/src/libopensc/card-gpk.c: - prevent segfault in - opensc-explorer create command - -2003-01-06 23:47 aet - - * trunk/src/tools, trunk/src/tools/.cvsignore: Add pkcs11-tool - -2003-01-06 23:46 aet - - * trunk/src/libopensc/sec.c, trunk/src/pkcs11/mechanism.c, - trunk/src/pkcs11/sc-pkcs11.h, trunk/src/tests/base64.c, - trunk/src/tools/pkcs11-tool.c: Fix compiler warnings - -2003-01-06 21:46 aet - - * trunk/src/libopensc/log.c, trunk/src/libopensc/log.h: Cleanups - and logging improvements for non-GCC compilers - -2003-01-06 19:52 okir - - * trunk/win32/readme.txt: Update from Stef - * trunk/src/pkcs11/Makefile.mak, trunk/src/pkcs11/openssl.c, - trunk/src/tools/pkcs11-tool.c: - Win32 fixes in case openssl is - not present (Stef) - -2003-01-06 19:37 okir - - * trunk/src/libopensc/iso7816.c: - fixed minor pin pad bug - -2003-01-06 19:36 okir - - * trunk/src/libopensc/pkcs15-pin.c: - sc_pkcs15_change_pin: small - pin pad change from Stef - -2003-01-06 19:28 okir - - * trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/misc.c: - - pin pad changes from Stef - -2003-01-06 17:45 okir - - * trunk/src/libopensc/reader-pcsc.c: - DEF_APDU_FIX wasn't used - unless you install a config file. - -2003-01-06 12:06 aet - - * trunk/src/tools/pkcs15-init.c: Add missing case 'w' to - handle_option - -2003-01-06 11:03 okir - - * trunk/src/tools/util.c: - Tools did not work unless -w switch - was given - -2003-01-06 10:53 aet - - * trunk/configure.in, trunk/src/openscd/Makefile.am: Minor cleanups - -2003-01-06 10:48 aet - - * trunk/src/include/opensc/rsaref, - trunk/src/include/opensc/rsaref/.cvsignore, trunk/src/openscd, - trunk/src/openscd/.cvsignore: Add .cvsignore - -2003-01-05 18:06 okir - - * trunk/src/libopensc/reader-pcsc.c: - vertain platforms need - time.h to understand time_t - -2003-01-05 17:59 okir - - * trunk/src/libopensc/opensc.h: - fixed comment before - sc_wait_for_event - * trunk/src/libopensc/reader-pcsc.c: - fixed problem with infinite - tiemout in sc_wait_for_event - -2003-01-04 13:17 aet - - * trunk/src/libopensc/errors.c: canelled -> cancelled - -2003-01-03 17:07 okir - - * trunk/src/tools/opensc-explorer.c, - trunk/src/tools/pkcs15-crypt.c, trunk/src/tools/pkcs15-tool.c: - - fixed help messages broken by previous patch - * trunk/src/tools/pkcs15-init.c: - instead of calling - sc_connect_card, use new function connect_card from util.c This - function will take care of the fine print and optionally wait - for card insertion too. - -2003-01-03 16:58 okir - - * trunk/src/tools/opensc-explorer.c, - trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-crypt.c, - trunk/src/tools/pkcs15-tool.c: - instead of calling - sc_connect_card, use new function connect_card from util.c This - function will take care of the fine print and optionally wait - for card insertion too. - -2003-01-03 16:57 okir - - * trunk/src/tools/util.c, trunk/src/tools/util.h: - New function - connect_card() - this does all the work of connecting to the - card, optionally waiting for card insertion using - sc_wait_for_event - -2003-01-03 16:32 okir - - * trunk/src/libopensc/opensc.h, trunk/src/libopensc/reader-pcsc.c, - trunk/src/libopensc/sc.c: - Patch from Stef to implement - sc_wait_for_event, slightly enhanced by yours truly. - -2003-01-03 16:30 okir - - * trunk/src/libopensc/errors.c, trunk/src/libopensc/errors.h: - - new error code (wait_for_event timeout) - -2003-01-03 14:33 okir - - * trunk/src/tools/pkcs11-tool.c: - Patch from Stef: add support - for --pin and --test - -2003-01-03 14:28 okir - - * trunk/src/pkcs11/mechanism.c, trunk/src/pkcs11/pkcs11-object.c, - trunk/src/pkcs11/sc-pkcs11.h: - C_Sign* and C_Digest* now return - the proper codes when the output buffer is too small, or when - the caller is doing and output buffer size query - -2003-01-03 13:27 okir - - * trunk/src/libopensc/reader-pcsc.c: - default apdu_fix=1 on win32 - -2003-01-03 13:26 okir - - * trunk/src/libopensc/ctx.c: - allow hard-coded config options - -2003-01-03 11:54 okir - - * trunk/src/scconf/internal.h, trunk/src/scconf/lex-parse.l, - trunk/src/scconf/parse.c, trunk/src/scconf/scconf.h: - added - support for parsing a static configuration string - -2003-01-03 11:40 okir - - * trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/pkcs11-global.c: - Try to fix - pkcs11.hide_empty_slots - -2003-01-03 11:39 okir - - * trunk/src/pkcs11/sc-pkcs11.h: - sc_pkcs11_slot_t typedef added - -2003-01-03 11:09 okir - - * trunk/etc/opensc.conf.example, - trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/misc.c, - trunk/src/pkcs11/sc-pkcs11.h: - Added run-time option - pkcs11.cache_pins, default false - -2003-01-03 10:49 okir - - * trunk/etc/opensc.conf.example, - trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/misc.c, - trunk/src/pkcs11/sc-pkcs11.h: - Added run-time option - pkcs11.lock_login - -2003-01-02 15:31 okir - - * trunk/src/libopensc/Makefile.mak, - trunk/src/libopensc/reader-pcsc.c: - win32 fixes from stef - -2003-01-02 15:23 okir - - * trunk/src/pkcs11/framework-pkcs15.c: - Getattr(CKA_MODULUS_BITS) - would fail for keys w/o certificate - -2002-12-23 19:17 okir - - * trunk/TODO: Update - -2002-12-23 18:47 okir - - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/card-etoken.c, - trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c, - trunk/src/libopensc/card-mcrd.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/ctbcs.c, trunk/src/libopensc/ctbcs.h, - trunk/src/libopensc/errors.c, trunk/src/libopensc/errors.h, - trunk/src/libopensc/iso7816.c, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/reader-ctapi.c, - trunk/src/libopensc/reader-pcsc.c, trunk/src/libopensc/sec.c, - trunk/src/libopensc/types.h: - Implemented new PIN - verify/change/unblock framework. All PIN operations are routed - through sc_pin_cmd(), which builds the APDU and either passes it - to the card directly, or to the card reader along with a request - to read the PIN(s) from the reader's keypad. Currently, entering - PIN in the standard way (i.e. via the application) should still - work - I have verified GPK and eToken; Cryptoflex verify should - work as well. Anything else needs additional testing, and - support for keypad input in particular (I cannot test this at - the moment for lack of a suitable reader). - -2002-12-23 18:43 okir - - * trunk/src/pkcs15init/pkcs15-etoken.c: - the AC CHANGE condition - of the PIN objects we created referenced the PUK, rather than - the PIN. This caused the standard sc_change_reference_data - operation to fail. - -2002-12-23 17:02 okir - - * trunk/src/pkcs11/framework-pkcs15.c: - NUL-terminate strings - returned by getattr(CKA_LABEL) - -2002-12-22 23:16 okir - - * trunk/src/tools/pkcs11-tool.c: - Added --hash/-h to hash data - (Stef Hoeben) - Added function to translate CKR_* error codes to - strings. - -2002-12-22 20:50 okir - - * trunk/src/pkcs11/sc-pkcs11.h: - define enough reader slots - -2002-12-22 14:43 aet - - * trunk/src/include/winconfig.h, trunk/src/pkcs15init/profile.c, - trunk/src/tools/pkcs11-tool.c, trunk/src/tools/pkcs15-init.c, - trunk/src/tools/pkcs15-tool.c: - Add access, mkdir and getpass - wrappers into winconfig.h - -2002-12-22 11:50 okir - - * trunk/etc/opensc.conf.example, - trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/misc.c, - trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/sc-pkcs11.h: - - slightly changed previous patch; new flag hide_empty_slots - -2002-12-21 16:45 okir - - * trunk/etc/opensc.conf.example, - trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/misc.c, - trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/sc-pkcs11.h, - trunk/src/pkcs11/slot.c: - Allow the admin to configure how many - slots are used per card (opensc.conf; pkcs11.num_slots) - -2002-12-21 14:10 okir - - * trunk/src/libopensc/ctx.c: - clarified use of conf_blocks in - process_config_file - -2002-12-20 14:55 okir - - * trunk/src/libopensc/card.c: - prevent buffer overflow - -2002-12-19 21:17 okir - - * trunk/src/libopensc/sc.c: - minor signedness issue - -2002-12-19 19:42 okir - - * trunk/src/tools/opensc-explorer.c: - implemented unblock command - -2002-12-19 16:16 okir - - * trunk/src/libopensc/ctx.c, trunk/src/libopensc/opensc.h: - get - rid of warnings when calling load_card_driver_options - -2002-12-19 14:26 okir - - * trunk/src/libopensc/pkcs15-data.c, trunk/src/libopensc/pkcs15.h: - - attempt to fix DODF encoding/decoding - -2002-12-19 10:49 okir - - * trunk/src/tools/pkcs11-tool.c: - add missing help message for - --module - -2002-12-19 09:34 okir - - * trunk/TODO: Update - -2002-12-19 09:27 okir - - * trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/framework-pkcs15init.c, - trunk/src/pkcs11/mechanism.c, trunk/src/pkcs11/sc-pkcs11.h: - - Another fix to mechanism handling: ripemd160 signatures should - work now - Got rid of get_mechanism_{list,info} in - framework_ops, as they're not needed anymore. - -2002-12-19 09:24 okir - - * trunk/src/tools/pkcs11-tool.c: - fixed rsa-ripemd160 signatures - - Added new option --module - -2002-12-18 19:28 okir - - * trunk/win32/Make.rules.mak: Compile fix from Serge Koganovitsch - -2002-12-18 19:26 okir - - * trunk/src/pkcs11/framework-pkcs15.c: - Values of CKA_SIGN and - similar attributes now based on the pkcs15 usage flags rather - than on some hardwired defaults. - -2002-12-18 12:15 okir - - * trunk/src/libopensc/pkcs15-sec.c: - fixed pkcs1-ripemd160 - signature header - -2002-12-18 11:40 okir - - * trunk/TODO: Update - -2002-12-18 11:34 okir - - * trunk/src/tools/pkcs15-init.c: - Added helpful comment about - --use-default-transport-keys - -2002-12-18 10:17 okir - - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/Makefile.mak, - trunk/src/libopensc/pkcs15-data.c, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/pkcs15.h, trunk/src/pkcs15init/gpk.profile, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/pkcs15.profile, trunk/src/tests/p15dump.c, - trunk/src/tests/print.c, trunk/src/tools/pkcs15-init.c, - trunk/src/tools/pkcs15-tool.c: - First shot at pkcs15 data - objects from Danny De Cock - -2002-12-18 09:23 okir - - * trunk/src/pkcs15init/pkcs15-cflex.c, - trunk/src/pkcs15init/pkcs15-gpk.c: - removed some dead code - -2002-12-17 22:13 okir - - * trunk/TODO: Update - -2002-12-17 20:44 okir - - * trunk/src/pkcs11/Makefile.mak, trunk/src/pkcs11/libpkcs11.c, - trunk/win32/readme.txt: - More win32 fixes from Stef - -2002-12-17 20:20 okir - - * trunk/TODO: Update - -2002-12-17 20:16 okir - - * trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/mechanism.c, trunk/src/pkcs11/sc-pkcs11.h: - - Register only those mechanisms the card actually supports - -2002-12-17 20:15 okir - - * trunk/src/tools/pkcs11-tool.c: - Added shorthand rsa-ripemd160 - * trunk/src/libopensc/pkcs15-sec.c: - Added support for - SC_ALGORITHM_RSA_HASH_RIPEMD160 in sc_pkcs15_compute_signature - - rewrote add_padding - -2002-12-17 20:14 okir - - * trunk/src/libopensc/opensc.h: - Added - SC_ALGORITHM_RSA_HASH_RIPEMD160 - -2002-12-17 16:00 okir - - * trunk/src/Makefile.mak, trunk/src/pkcs11/Makefile.mak, - trunk/src/pkcs11/libpkcs11.c, trunk/src/tools/Makefile.mak, - trunk/src/tools/pkcs11-tool.c, trunk/win32/Make.rules.mak: - - more win32 fixes from Stef - -2002-12-17 12:37 okir - - * trunk/configure.in, trunk/src/include/opensc/Makefile.am, - trunk/src/include/opensc/rsaref, - trunk/src/include/opensc/rsaref/Makefile.am: - generate header - symlinks for libpkcs11 - -2002-12-17 11:51 okir - - * trunk/src/Makefile.am: - build pkcs11 before tools, as - pkcs11-tool needs libpkcs11 - -2002-12-17 11:50 okir - - * trunk/src/tools/Makefile.am, trunk/src/tools/pkcs11-tool.c: - - New application: pkcs11-tool - -2002-12-17 11:49 okir - - * trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/mechanism.c, trunk/src/pkcs11/misc.c, - trunk/src/pkcs11/openssl.c, trunk/src/pkcs11/pkcs11-global.c, - trunk/src/pkcs11/pkcs11-object.c, trunk/src/pkcs11/sc-pkcs11.h: - - New mechanism framework - -2002-12-17 11:48 okir - - * trunk/src/pkcs11/Makefile.am: - New mechanism framework - New - libpkcs11 utility library - * trunk/src/pkcs11/libpkcs11.c, trunk/src/pkcs11/pkcs11.h: - New - utility library libpkcs11 - supposed to provide easy loading and - unloading of modules, and possibly a few other features in the - future. Needed by pkcs11-tool - -2002-12-12 10:08 okir - - * trunk/src/Makefile.mak, trunk/src/pkcs15init/Makefile.mak, - trunk/src/tests/Makefile.mak, trunk/src/tools/Makefile.mak: - - more Makefile.mak fixes from Stef - -2002-12-11 08:54 okir - - * trunk/src/libopensc/pkcs15.c: - do not segfault when we fail to - parse a pkcs15 DF - -2002-12-10 17:53 okir - - * trunk/src/pkcs15init/Makefile.mak, - trunk/src/scrandom/Makefile.mak, trunk/src/tests/Makefile.mak, - trunk/win32/readme.txt: - win32 patch from Stef Hoeben - -2002-12-10 17:47 okir - - * trunk/src/Makefile.mak, trunk/src/pkcs11/Makefile.mak, - trunk/src/pkcs11/framework-pkcs15init.c, - trunk/src/pkcs15init/profile.c, trunk/src/scrandom/scrandom.c, - trunk/src/tools/Makefile.mak, trunk/src/tools/pkcs15-init.c, - trunk/src/tools/pkcs15-tool.c: - win32 patch from Stef Hoeben - * trunk/src/pkcs11/framework-pkcs15.c: - Added support for - CKM_RSA_X_509 (Stef Hoeben) - -2002-12-10 14:44 jey - - * trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc.c, - trunk/src/openscd/commands.c: - Added support for separator - characters in sc_bin_to_hex() - -2002-12-10 14:31 okir - - * trunk/bootstrap: - rm -rf autom4te.cache - it's a directory - -2002-12-10 14:22 okir - - * trunk/src/tools/pkcs15-tool.c: - When exporting the public key, - fall back to the certificate object if there's no public key - with the given ID. - -2002-12-10 14:14 jey - - * trunk/src/tests/base64.c: - Modified base64 test so it actually - tests base64 stuff - -2002-12-10 13:43 jey - - * trunk/configure.in, trunk/src/Makefile.am, trunk/src/openscd, - trunk/src/openscd/Makefile.am, trunk/src/openscd/commands.c, - trunk/src/openscd/mkdtemp.c, trunk/src/openscd/openscd.c, - trunk/src/openscd/openscd.h, trunk/src/openscd/test.c: - Added - openscd and Assuan - -2002-12-10 13:41 jey - - * trunk/src/scrandom/scrandom.c: - Small bugfix - -2002-12-10 13:27 jey - - * trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: - - Keep the DER encoding of each PKCS #15 object in memory - -2002-12-10 13:26 jey - - * trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc.c: - - Changed sc_bin_to_hex() prototype a bit and removed the ':' - characters - -2002-12-09 13:33 okir - - * trunk/src/pkcs11/misc.c: - translate SC_ERROR_WRONG_LENGTH to - CKR_DATA_RANGE - -2002-12-06 21:40 okir - - * trunk/src/libopensc/reader-pcsc.c: - changed - pcsc_detect_card_presence to call refresh_slot_attributes. This - eliminates duplicate code, and that we also pick up the new ATR - if another card was inserted in the meanwhil. - -2002-12-06 12:49 okir - - * trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc.c: - added - sc_bin_to_hex - -2002-12-05 09:34 okir - - * trunk/src/libopensc/sc.c: - sc_parse_atr: initialize - slot->atr_info.hist_bytes even if the ATR is bad - -2002-12-05 08:58 okir - - * trunk/src/scam/p15_eid.c: - we expect an RSA key, so better make - sure it _is_ RSA - -2002-12-04 15:36 okir - - * trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/sc.c: - - Parsing pkcs11 IDs and paths with an odd number of bytes would - scan past the end of the string. Made sc_hex_to_bin more robust - and change various place to use it rather than doing it on their - own with scanf(%02x) - -2002-12-04 14:56 okir - - * trunk/src/tools/pkcs15-init.c: - pass the --label argument as - the token label when creating the pkcs15 app - * trunk/src/pkcs15init/pkcs15-lib.c: - properly set the TokenInfo - label from user input - -2002-12-04 14:28 okir - - * trunk/src/pkcs15init/README: - added comment on pkcs12 files - -2002-12-04 13:50 okir - - * trunk/src/pkcs11/framework-pkcs15.c: - Fixed CKM_SHA1_RSA_PKCS: - if OpenSSL is available, use it to hash the supplied data. If - OpenSSL is unavailable, CKM_SHA1_RSA_PKCS is not advertised to - the user. - -2002-12-04 13:25 okir - - * trunk/src/pkcs15init/pkcs15-lib.c: - make sure we don't assign - the same ID more than once - -2002-12-04 13:24 okir - - * trunk/src/pkcs15init/pkcs15-gpk.c, - trunk/src/pkcs15init/pkcs15-init.h: - Added - sc_pkcs15init_get_secret so that the GPK driver can get the MF - secure messaging key. - -2002-12-04 12:33 okir - - * trunk/src/libopensc/errors.c, trunk/src/libopensc/errors.h: - - updated pkcs15init error codes - -2002-12-04 12:09 okir - - * trunk/src/libopensc/card-flex.c: - fixed ATR for Cryptoflex 32K - e-gate - -2002-12-04 11:57 okir - - * trunk/src/pkcs15init/flex.profile, - trunk/src/pkcs15init/gpk.profile: - got rid of default transport - keys - -2002-12-04 11:56 okir - - * trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-tool.c: - - implement get_key callback - * trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c: - Change the way we handle - default transport keys, attempt to reduce the risk of users - entering the wrong keys and locking their cards. Here's how we - do it: - ask the card driver (via cardctl GET_DEFAULT_KEY) for - default key - invoke the front-end's get_key callback. If the - card driver gave us a default key, pass it as default value - - front end is free to use default key as-is, or prompt user - -2002-12-04 09:59 okir - - * trunk/src/libopensc/card-flex.c: - implemented - SC_CARDCTL_GET_DEFAULT_KEY for the flex driver; will return the - default AAKs for Cryptoflex and Cyberflex Access. Hope I got - them right. - -2002-12-04 09:26 okir - - * trunk/src/libopensc/card-gpk.c, trunk/src/libopensc/cardctl.h, - trunk/src/libopensc/errors.h: - added new cardctl - SC_CARDCTL_GET_DEFAULT_KEY to get default transport keys - -2002-12-04 09:24 okir - - * trunk/src/libopensc/asn1.c: - fixed asn1_encode_path - include - length value if given - -2002-12-03 15:40 okir - - * trunk/etc/opensc.conf.example: - "document" new card_driver.atr - feature - * trunk/src/libopensc/card.c, trunk/src/libopensc/ctx.c, - trunk/src/libopensc/internal.h, trunk/src/libopensc/opensc.h: - - support ATR maps in /etc/opensc.conf, e.g. card_driver flex { - atr = 11:22:33:44; atr = 55:66:77:88; } - -2002-12-03 12:44 okir - - * trunk/src/pkcs15init/flex.profile: - disabled default AAK for now - -2002-12-03 12:27 okir - - * trunk/src/libopensc/card-flex.c: - added Cryptoflex 32k e-gate - -2002-12-02 14:40 okir - - * trunk/src/pkcs11/framework-pkcs15.c: - Avoid segfaults: if we - cannot parse the certificate, do not create a cert object. - -2002-12-02 13:42 okir - - * trunk/src/libopensc/types.h: - added length value to sc_path - -2002-12-02 13:39 okir - - * trunk/src/libopensc/pkcs15-cert.c: - sc_pkcs15_read_certificate - now uses sc_pkcs15_read_file - -2002-12-02 13:38 okir - - * trunk/src/libopensc/pkcs15-cache.c, - trunk/src/libopensc/pkcs15.c: sc_pkcs15_read{,_cached}_file now - honor the index/length parameters from Path - * trunk/src/libopensc/asn1.c: - When decoding Path, decode - "length" value as well (if present) - a few int -> size_t - changes to suppress gcc3 warnings. - -2002-11-29 10:54 okir - - * trunk/src/pkcs11/pkcs11-session.c: - do not crash if the - application tries to log into a token w/o PIN - -2002-11-29 08:56 okir - - * trunk/src/pam/Makefile.am, trunk/src/pkcs11/Makefile.am, - trunk/src/sia/Makefile.am: - use @libdir@ instead of - ${exec_prefix}/lib - some platforms (such as s390x and ppc64) - put libraries into /usr/lib64 - -2002-11-28 16:38 okir - - * trunk/src/tools/pkcs15-tool.c: - fixed typo - -2002-11-28 15:58 okir - - * trunk/docs/Makefile.am, trunk/docs/cryptoflex-tool.1, - trunk/docs/opensc-config.1, trunk/docs/opensc-explorer.1, - trunk/docs/opensc-tool.1, trunk/docs/opensc.7, - trunk/docs/pkcs15-profile.5.in, trunk/docs/pkcs15-tool.1: - lots - of new manpages from Joe Phillips - -2002-11-28 15:44 okir - - * trunk/src/tools/opensc-explorer.c: - Fix from Joe Phillips: fix - help message - -2002-11-28 15:43 okir - - * trunk/src/tools/opensc-tool.c: - Fix from Joe Phillips: option - mismatch in --help message - -2002-11-28 15:38 okir - - * trunk/src/tools/pkcs15-tool.c: - Fix from Stef Hoeben for win32 - -2002-11-27 14:27 okir - - * trunk/src/libopensc/ctx.c: - Fix from Stef Hoeben to get the - eid-cache stuff working on win32 - -2002-11-25 09:03 okir - - * trunk/src/tools/opensc-explorer.c: - --card-driver was mapped to - -D, but should have been -c. - -2002-11-22 09:10 okir - - * trunk/src/pkcs11/misc.c, trunk/src/pkcs11/pkcs11-global.c, - trunk/src/pkcs11/sc-pkcs11.h, trunk/src/pkcs11/slot.c: - in case - of an invalid session/object handle, return - OBJECT_HANDLE_INVALID or SESSION_HANDLE_INVALID instead of - FUNCTION_DAILED - -2002-11-22 09:09 okir - - * trunk/src/pkcs11/pkcs11-object.c: - Return correct error codes - in GetAttributeValue in case of ATTRIBUTE_TYPE_INVALID and - ATTRIBUTE_SENSITIVE - -2002-11-22 09:07 okir - - * trunk/src/pkcs11/framework-pkcs15.c: - get_mechanism_list now - reports correct number of mechanisms - -2002-11-18 09:05 aet - - * trunk/src/libopensc/log.c, trunk/src/libopensc/log.h: Duh, - revert previous patch. - -2002-11-17 20:26 aet - - * trunk/src/Makefile.mak: Build PKCS#11 module for win32 port. - -2002-11-17 20:23 aet - - * trunk/src/libopensc/log.c, trunk/src/libopensc/log.h: Add usage - of __FILE__, __LINE__ and __FUNCTION__ macros for non-GCC - compilers too, where available. (Based on patch by Stef Hoeben) - -2002-11-12 14:32 aet - - * trunk/src/scconf/scconf.c: Merge with dvbsak.sf.net - -2002-11-12 11:35 aet - - * trunk/src/scconf/lex-parse.l: Free yy_current_buffer since lex - doesn't do it, take 2. - -2002-11-12 10:33 aet - - * trunk/src/tests/sc-test.c: add HAVE_GETOPT_H - -2002-11-11 22:40 aet - - * trunk/src/tests/Makefile.am: Add @GETOPTSRC@ - -2002-11-11 22:26 aet - - * trunk/src/scconf/parse.c, trunk/src/scconf/scconf.c, - trunk/src/scconf/scconf.h, trunk/src/scconf/test-conf.c: Added - new functions: scconf_put_{str,int,bool} scconf_write_entries - TODO: - Cleanups, add more sanity checks - Rewrite parts of the - API for LDAP support - -2002-11-11 14:27 aet - - * trunk/src/scconf/scconf.c: Oops - -2002-11-11 14:08 aet - - * trunk/src/scconf/parse.c, trunk/src/scconf/scconf.c, - trunk/src/scconf/scconf.h, trunk/src/scconf/test-conf.c, - trunk/src/scconf/write.c: Checkpoint commit. Added new - functions: scconf_block_{add,copy} - scconf_item_{add,copy,destroy} scconf_list_copy - -2002-11-11 08:22 fabled - - * trunk/src/include/winconfig.h, trunk/src/libopensc/Makefile.mak: - Updated win32 port for recent updates. Noticed by Stef Hoeben. - -2002-11-08 14:14 okir - - * trunk/src/libopensc/opensc.h: - added SC_ALGORITHM_NEED_USAGE - * trunk/src/pkcs15init/pkcs15-lib.c: - handle - SC_ALGORITHM_NEED_USAGE flag - * trunk/src/libopensc/card-etoken.c: - set SC_ALGORITHM_NEED_USAGE - flag in algo info - -2002-11-08 13:50 okir - - * trunk/src/libopensc/card-gpk.c, trunk/src/libopensc/cardctl.h, - trunk/src/pkcs15init/pkcs15-gpk.c: - detect when a GPK card is - already personalized - -2002-11-08 13:04 okir - - * trunk/README.cards: added - * trunk/src/libopensc/card-etoken.c: - make sc_get_driver static - -2002-11-08 12:10 okir - - * trunk/src/libopensc/card-gpk.c: - GemSafe cards have a directory - 0200 with an AIDF file in it, and will return a 0x6F file info - block when selecting this DF. Try to parse it, as far as we - understand it. - -2002-11-07 14:48 okir - - * trunk/src/tools/opensc-explorer.c: - fixed segfault in - mkdir/create - minor cosmetic change in do_verify - -2002-11-05 13:47 okir - - * trunk/src/tests/sc-test.c: - added getopt option parsing (-r - reader -c driver -dddd) What's a test app when you can't enable - debugging?! - -2002-10-20 09:20 aet - - * trunk/src/pkcs15init/pkcs15-etoken.c: Another build fix - -2002-10-19 16:51 aet - - * trunk/src/libopensc/card-mcrd.c, - trunk/src/libopensc/pkcs15-wrap.c, trunk/src/pam/misc_conv.c, - trunk/src/pkcs15init/pkcs15-etoken.c, - trunk/src/signer/opensc-crypto.c, trunk/src/signer/signer.c, - trunk/src/tests/base64.c, trunk/src/tests/lottery.c, - trunk/src/tests/p15dump.c, trunk/src/tests/pintest.c, - trunk/src/tests/print.c, trunk/src/tests/prngtest.c, - trunk/src/tests/sc-test.c: Various build fixes - -2002-10-19 14:04 aet - - * trunk/configure.in, trunk/src/Makefile.am, - trunk/src/include/winconfig.h, - trunk/src/libopensc/card-default.c, trunk/src/libopensc/log.c, - trunk/src/libopensc/module.c, - trunk/src/libopensc/pkcs15-cache.c, - trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-sec.c, - trunk/src/libopensc/reader-pcsc.c, trunk/src/libopensc/sc.c, - trunk/src/libopensc/sec.c, trunk/src/pam/misc_conv.c, - trunk/src/pam/pam_opensc.c, trunk/src/pam/pam_support.c, - trunk/src/pkcs11/rsaref/pkcs11.h, trunk/src/pkcs11/sc-pkcs11.h, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/profile.c, trunk/src/scam/p15_eid.c, - trunk/src/scam/p15_ldap.c, trunk/src/scldap/scldap.c, - trunk/src/scldap/test-ldap.c, trunk/src/scrandom/scrandom.c, - trunk/src/tests/lottery.c, trunk/src/tests/prngtest.c, - trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-crypt.c, - trunk/src/tools/util.h: Cleanups for initial win32 port, - untested. - -2002-10-02 10:55 okir - - * trunk/src/tools/pkcs15-init.c: - fixed typos in help output - -2002-10-02 10:50 okir - - * trunk/src/tools/pkcs15-init.c: - added --reader, --key-usage - command line args - * trunk/src/pkcs15init/pkcs15-etoken.c: - allow to generate/store - decryption keys - -2002-10-02 10:49 okir - - * trunk/src/libopensc/iso7816.c: - fixed deciphering (apdu.le was - not set) - -2002-09-30 20:24 okir - - * trunk/src/tools/pkcs15-init.c: - during card initialization, - allow to enter SO PIN interactively - -2002-09-30 20:03 okir - - * trunk/src/tools/pkcs15-init.c: - when entering new PINs on - stdin, make the user re-type the PIN to avoid typos - -2002-08-21 10:34 jey - - * trunk/src/libopensc/pkcs15-pin.c: - Also removed the ref variable - * trunk/src/libopensc/pkcs15-pin.c: - Removed the last goof I made - -2002-08-21 10:22 jey - - * trunk/src/libopensc/pkcs15.h: - Fixed prototype for - sc_pkcs15_card_new() - * trunk/src/libopensc/pkcs15-cert.c: - Used cert->key instead of - key in parse_x509_cert() - -2002-08-21 10:20 jey - - * trunk/src/libopensc/pkcs15-pin.c: - Set bit 8 in key reference, - if PIN_FLAG_LOCAL is set - -2002-08-21 10:16 jey - - * trunk/src/libopensc/iso7816.c: - Brown paper-bag fix - -2002-08-21 10:15 jey - - * trunk/src/libopensc/card-mcrd.c, - trunk/src/libopensc/card-tcos.c: - Removed error list - -2002-08-21 10:14 jey - - * trunk/src/libopensc/Makefile.am: - Added card-mcrd.c - -2002-08-21 10:13 jey - - * trunk/src/libopensc/card-mcrd.c, trunk/src/libopensc/ctx.c, - trunk/src/libopensc/opensc.h: - Added driver for MICARDO 2 cards - -2002-08-21 10:06 jey - - * trunk/src/libopensc/iso7816.c: - Added some new error codes to - sc_iso7816_check_sw() - -2002-08-21 10:02 jey - - * trunk/src/libopensc/asn1.c, trunk/src/libopensc/internal.h: - - Renamed read_tag to sc_asn1_read_tag and made it a non-static - function - -2002-08-20 08:59 okir - - * trunk/src/libopensc/card-gpk.c: - Merged GPK patches from Steve - Henson (signing fixes) and Joe Phillips (GPK16K ATR matching - code). - -2002-08-20 08:39 okir - - * trunk/src/tools/opensc-tool.c: - Accessed file->type after - freeing file (S. Henson) - -2002-08-20 08:28 okir - - * trunk/src/libopensc/card-gpk.c: - GPK16K: wildcard RSA exponent - is 0 not -1 - -2002-08-19 17:13 okir - - * trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/framework-pkcs15init.c, - trunk/src/pkcs11/sc-pkcs11.h, trunk/src/pkcs11/slot.c: - put the - definition of USE_PKCS15_INIT into a place where it can actually - work - -2002-08-08 20:53 jey - - * trunk/src/pkcs11/framework-pkcs15init.c, - trunk/src/pkcs11/slot.c: - Fixed functionality when pkcs15init - is not compiled - -2002-08-06 13:51 okir - - * trunk/src/libopensc/pkcs15-cert.c: - certificate version is - optional (v1) - -2002-07-28 18:22 jey - - * trunk/src/libopensc/card-gpk.c: - Added ATR for GPK16000 - -2002-07-10 06:28 fabled - - * trunk/src/pkcs11/rsaref/win32.h: - PKCS#11 module definitions; - not PKCS#11 application. Removes compiler and linker warnings. - -2002-06-20 13:16 fabled - - * trunk/src/pkcs11/Makefile.mak, - trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/framework-pkcs15init.c, - trunk/src/pkcs11/rsaref/pkcs11.h, - trunk/src/pkcs11/rsaref/win32.h, trunk/src/pkcs11/sc-pkcs11.h, - trunk/src/pkcs11/slot.c: - Ported pkcs11 module to win32. - -2002-06-20 12:14 fabled - - * trunk/src/common/Makefile.mak, trunk/src/libopensc/Makefile.mak, - trunk/src/scconf/Makefile.mak, trunk/win32/Make.rules.mak: - - Win32 build fixes. Should work now. - -2002-06-20 12:08 fabled - - * trunk/src/common/getpass.c: - Added missing getpass.c for win32 - compatibility - -2002-06-18 18:18 okir - - * trunk/src/pkcs15init/pkcs15-etoken.c, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c: - implemented generic - erase_card functionality - * trunk/src/pkcs15init/pkcs15-cflex.c: - implemented erase_card - -2002-06-18 15:17 okir - - * trunk/src/libopensc/errors.c: - error message fixup - -2002-06-18 12:20 okir - - * trunk/src/libopensc/card-gpk.c: - fixed compute_signature for - gpk8000 - -2002-06-17 15:26 okir - - * trunk/src/pkcs15init/pkcs15-gpk.c: - fixed pkcs15init for GPK - 8000 - -2002-06-17 15:24 okir - - * trunk/src/libopensc/card-gpk.c, trunk/src/libopensc/cardctl.h: - - added cardctl SC_CARDCTL_GPK_VARIANT - -2002-06-17 11:18 okir - - * trunk/src/tests/regression/crypt0003, - trunk/src/tests/regression/crypt0004, - trunk/src/tests/regression/functions: - more tests - -2002-06-17 11:17 okir - - * trunk/src/tools/pkcs15-crypt.c: - allow output of signature to - stdout - -2002-06-17 10:58 okir - - * trunk/src/pkcs15init/etoken.profile, - trunk/src/pkcs15init/pkcs15-etoken.c, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c: - various changes for - on-board key generation - key download and key generation for - eToken works now - -2002-06-17 10:55 okir - - * trunk/src/libopensc/card-etoken.c: - more eToken fixes - -2002-06-17 10:54 okir - - * trunk/src/libopensc/pkcs15-sec.c: - RSA padding header for sha1 - was still broken - -2002-06-16 21:19 jey - - * trunk/src/libopensc/card.c: - Renamed sc_transceive_t0 to - sc_transceive to avoid confusion =) - -2002-06-16 21:18 jey - - * trunk/src/libopensc/pkcs15-sec.c: - - sc_pkcs15_compute_signature() and sc_pkcs15_decipher() now - select the whole path specified in a private key object - -2002-06-14 12:52 fabled - - * trunk/Makefile.mak, trunk/README.Win32, trunk/src/Makefile.am, - trunk/src/Makefile.mak, trunk/src/common/Makefile.am, - trunk/src/common/Makefile.mak, trunk/src/include/Makefile.mak, - trunk/src/include/winconfig.h, trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/Makefile.mak, trunk/src/libopensc/asn1.c, - trunk/src/libopensc/card-default.c, - trunk/src/libopensc/card-etoken.c, - trunk/src/libopensc/card-flex.c, - trunk/src/libopensc/card-miocos.c, - trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/ctx.c, trunk/src/libopensc/log.c, - trunk/src/libopensc/log.h, trunk/src/libopensc/module.c, - trunk/src/libopensc/opensc.h, - trunk/src/libopensc/pkcs15-cache.c, - trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-sec.c, - trunk/src/libopensc/reader-pcsc.c, trunk/src/libopensc/sc.c, - trunk/src/libopensc/sec.c, trunk/src/scconf/Makefile.am, - trunk/src/scconf/Makefile.mak, trunk/src/scconf/parse.c, - trunk/src/scconf/scconf.c, trunk/src/tests/Makefile.am, - trunk/src/tests/pintest.c, trunk/src/tests/sc-test.c, - trunk/src/tools/Makefile.am, trunk/src/tools/Makefile.mak, - trunk/src/tools/opensc-explorer.c, - trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-crypt.c, - trunk/src/tools/util.h, trunk/win32, trunk/win32/Make.rules.mak, - trunk/win32/makedef.pl: - Initial support for win32 - -2002-06-14 12:29 jey - - * trunk/src/libopensc/iso7816.c: - Fix apdu->le in - sc_compute_signature() - -2002-06-14 12:18 jey - - * trunk/src/libopensc/pkcs15-sec.c: - Reverted Olaf's patch in - sc_compute_signature(). It breaks government issued (e.g. - FINEID) cards. - -2002-06-14 11:52 jey - - * trunk/etc/opensc.conf.example: - Added template for PC/SC - 'apdu_fix' - -2002-06-14 11:43 jey - - * trunk/src/libopensc/reader-pcsc.c: - Fix for last commit. It now - compiles, at least. - -2002-06-14 11:33 jey - - * trunk/src/libopensc/reader-pcsc.c: - Preliminary fix for Case 4 - APDU sending on Win32 - -2002-06-13 11:20 okir - - * trunk/src/libopensc/pkcs15-sec.c: - added comment/question - -2002-06-13 11:18 okir - - * trunk/src/libopensc/iso7816.c: - changed APDU base from 3 to 4 - on sign/decipher - -2002-06-11 18:17 okir - - * trunk/src/tools/opensc-explorer.c: - corrected info output for - Linear variable TLV EFs - -2002-06-11 18:16 okir - - * trunk/src/tools/pkcs15-init.c: - added switch to force software - key generation - -2002-06-11 18:15 okir - - * trunk/src/pkcs15init/pkcs15-etoken.c: - more code towards signing - -2002-06-11 18:14 okir - - * trunk/src/libopensc/card-etoken.c: - support for security - environment create/restore/set - support for signature - computation (non functional yet) - -2002-06-11 18:13 okir - - * trunk/src/libopensc/cardctl.h: - added support for PUT_SECI - * trunk/src/libopensc/pkcs15-sec.c: - experimental: support for - cards such as eToken that store keys in "objects" below the DF - -2002-06-07 20:29 okir - - * trunk/src/pkcs15init/etoken.profile, - trunk/src/pkcs15init/pkcs15-etoken.c, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/pkcs15.profile: - first steps toward eToken - key download - -2002-06-07 20:28 okir - - * trunk/src/libopensc/card-etoken.c: - properly identify supported - algorithms - -2002-06-07 20:21 okir - - * trunk/src/tools/pkcs15-crypt.c: - do not try to check PIN if key - isn't pin-protected at all - -2002-06-06 13:38 jey - - * trunk/src/pkcs15init/pkcs15-lib.c: - Protected OpenSSL includes - with #ifdef HAVE_OPENSSL - -2002-06-06 09:18 okir - - * trunk/src/pkcs15init/etoken.profile, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c: - started to implement - on-token key gen support - -2002-06-06 09:17 okir - - * trunk/src/libopensc/card-etoken.c, - trunk/src/libopensc/cardctl.h, - trunk/src/pkcs15init/pkcs15-etoken.c: - started to implement - eToken key generation - -2002-06-05 17:51 okir - - * trunk/src/tools/pkcs15-init.c: - fix a few error messages - -2002-06-05 15:08 okir - - * trunk/src/pkcs15init/Makefile.am: - install etoken profile, too - -2002-06-05 15:02 okir - - * trunk/src/pkcs15init/pkcs15-etoken.c: - implemented --erase for - etoken through a recursive remove - * trunk/src/pkcs15init/etoken.profile: - set ERASE=$SOPIN for AODF - -2002-06-05 12:53 okir - - * trunk/src/pkcs15init/pkcs15-etoken.c: - implemented setting of - user pins; minor pin code cleanup - -2002-06-04 20:11 okir - - * trunk/src/pkcs15init/pkcs15-etoken.c: - p15 PIN entries should - now have a valid path - -2002-06-04 20:07 okir - - * trunk/src/pkcs15init/etoken.profile: - whoops, forgot to check - this in - -2002-06-04 20:06 okir - - * trunk/src/pkcs15init/pkcs15-etoken.c: - setting an SO pin works - now - -2002-06-04 19:43 okir - - * trunk/src/pkcs15init/pkcs15-etoken.c: - first stage of pkcs15 - initialization sort of functional - -2002-06-04 19:42 okir - - * trunk/src/pkcs15init/pkcs15-lib.c: - fixed bad return value in - do_init_app - * trunk/src/libopensc/card-etoken.c: - pin verification works now - -2002-06-04 09:38 aet - - * trunk/configure.in: LDAP detection fix, require ldap.h. - -2002-06-04 08:51 okir - - * trunk/src/pkcs15init/Makefile.am, - trunk/src/pkcs15init/pkcs15-etoken.c, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c: - added some eToken code (not - functional yet) - -2002-06-04 08:50 okir - - * trunk/src/libopensc/cardctl.h: - added eToken specific cardctls - * trunk/src/libopensc/card-etoken.c: - fixed some minor glitches - (potential buffer overflow in read_dir; missing SW check) - - added card_ctl for put_data_fci - added some debug output - -2002-06-03 15:28 aet - - * trunk/src/pkcs11/sc-pkcs11.h: Fix for previous commit - -2002-06-03 15:18 aet - - * trunk/src/libopensc/reader-pcsc.c, - trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/framework-pkcs15init.c, - trunk/src/pkcs11/misc.c, trunk/src/pkcs11/pkcs11-object.c, - trunk/src/pkcs11/pkcs11-session.c, trunk/src/pkcs11/sc-pkcs11.h, - trunk/src/pkcs11/secretkey.c: Preliminary MacOS X build support, - untested so far. - -2002-06-03 15:05 jey - - * trunk/src/libopensc/card-miocos.c, - trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/iso7816.c, trunk/src/libopensc/log.c: - - iso7816_set_security_env now has correct values for P1 - - Improved detection of SetCOS cards - Changed the default CLA - byte in card-setcos.c to 0x80 - -2002-06-02 21:43 jey - - * trunk/NEWS, trunk/README, trunk/TODO, trunk/configure.in: - - Preparation for version 0.7.0 - -2002-06-02 21:39 okir - - * trunk/src/libopensc/card-etoken.c: - do our own chunking in - read/write binary - -2002-06-02 21:04 aet - - * trunk/src/openssh/README: Upgrade for the OpenSSH 3.2.x release - -2002-06-02 20:46 aet - - * trunk/src/scam/scam.c: Disable pkcs15-ldap until it's working. - -2002-05-27 10:03 aet - - * trunk/src/pam/Makefile.am, trunk/src/scam/p15_eid.c, - trunk/src/scam/p15_ldap.c, trunk/src/scam/scam.c: Minor build - fixes - -2002-05-27 06:41 aet - - * trunk/src/libopensc/asn1.c: Build fix for previous commit - -2002-05-26 12:31 jey - - * trunk/src/libopensc/asn1.c, trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15-pubkey.c, - trunk/src/libopensc/pkcs15.c, - trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/tools/pkcs15-crypt.c: - Several patches to fix - behaviour on 64-bit architectures (by Jochen Friedrich) - Fixed - one bug in sc_copy_asn1_entry(), one in - sc_pkcs15init_add_object() and one in pkcs15-crypt (patches also - by Jochen) - -2002-05-21 19:41 jey - - * trunk/src/pkcs15init/profile.c: - Fixed parsing of AUT keys in - pkcs15init (patch by Jochen Friedrich ) - -2002-05-21 14:19 aet - - * trunk/configure.in: scidi merge - -2002-05-20 09:19 aet - - * trunk/src/libopensc/base64.c, trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/profile.c, trunk/src/scconf/parse.c, - trunk/src/scconf/scconf.c, trunk/src/scldap/scldap.c, - trunk/src/signer/npinclude/npapi.h, trunk/src/tools/util.h: - Minor GCC warning fixes - -2002-05-19 22:50 aet - - * trunk/aclocal/acx_pthread.m4: AIX gcc fix - -2002-05-14 19:20 aet - - * trunk/configure.in: check readline.h fix - -2002-05-13 12:23 aet - - * trunk/src/scrandom/scrandom.h: Add comments - * trunk/src/libopensc/card-tcos.c: Warning fixes - -2002-05-09 10:34 jey - - * trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/cardctl.h, - trunk/src/libopensc/pkcs15-pin.c: - Applied a patch by Werner - Koch that brings the TCOS driver up-to-speed - -2002-05-09 10:22 jey - - * trunk/src/libopensc/card-default.c, - trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c, - trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c: - - Applied a patch by Matthias Bruestle : - - Changed the case of GET RESPONSE in card-default.c to 2 short - - Added ATRs to Flex, GPK and TCOS drivers - Changed value of - maximum Lc in card.c to be 255 - -2002-05-08 08:15 aet - - * trunk/src/scrandom/scrandom.c: More cleanups - -2002-05-08 07:04 aet - - * trunk/docs, trunk/docs/.cvsignore: Add pkcs15-profile.5 - -2002-05-08 06:50 aet - - * trunk/configure.in, trunk/docs/Makefile.am, - trunk/docs/pkcs15-profile.5, trunk/docs/pkcs15-profile.5.in: - pkcs15-profile.5 $(pkgdatadir) fix - -2002-05-07 12:49 aet - - * trunk/src/pam/Makefile.am, trunk/src/pkcs11/Makefile.am, - trunk/src/sia/Makefile.am: Minor ${prefix} -> ${exec_prefix} - changes - -2002-05-07 09:35 aet - - * trunk/src/openssh/Makefile.am, trunk/src/openssh/README, - trunk/src/openssh/opensc-ssh.c: Removed opensc-ssh Updated README - -2002-05-06 14:06 aet - - * trunk/src/scldap/scldap.c: Add comments for previous fix - -2002-05-06 06:36 aet - - * trunk/configure.in, trunk/src/scam/Makefile.am, - trunk/src/scam/p15_eid.c, trunk/src/scam/p15_ldap.c, - trunk/src/scrandom/Makefile.am, trunk/src/scrandom/scrandom.c: - Reworked scrandom ugliness, no longer builds a shared library - nor seeds OpenSSL internally, if available. - -2002-04-30 13:35 okir - - * trunk/aclocal/libtool.m4: - another linux-gnu* => linux* fix - -2002-04-30 11:55 okir - - * trunk/aclocal/libtool.m4: - make it compile on SuSE 8.0 - -2002-04-30 09:46 okir - - * trunk/src/pam/Makefile.am: - work around brain damage in - automake 1.6.1 (shouldn't they change the name to autobreak?) - -2002-04-26 07:56 aet - - * trunk/src/scldap/scldap.c: Disable a sanity check that was - needed at least with OpenLDAP 1.2.x, it seems to block - certificate CRL fetches with more recent versions of OpenLDAP - (2.x) - -2002-04-26 06:35 aet - - * trunk/configure.in: Fix SSL/TLS support for OpenLDAP - -2002-04-23 09:17 aet - - * trunk/src/signer/opensc-crypto.c: API upgrade - -2002-04-23 08:18 okir - - * trunk/src/tests/regression, trunk/src/tests/regression/README, - trunk/src/tests/regression/crypt0001, - trunk/src/tests/regression/crypt0002, - trunk/src/tests/regression/functions: - added two regression - test scripts - -2002-04-23 08:17 okir - - * trunk/src/libopensc/errors.h, trunk/src/libopensc/pkcs15-sec.c, - trunk/src/libopensc/pkcs15.h, - trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/tools/pkcs15-crypt.c: - sc_pkcs15_decipher now takes a - flags argument, so we know when to strip off any pkcs#1 padding. - -2002-04-22 23:01 jey - - * trunk/src/libopensc/card-etoken.c: - Applied a patch to - card-etoken.c that gives ACL support; patch by Markus Frield - -2002-04-22 18:37 okir - - * trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/tools/pkcs15-init.c: - allow setting the cert_info - authority flag - -2002-04-22 18:03 okir - - * trunk/src/libopensc/pkcs15-sec.c: - fixed pkcs1 padding for - rsa-md5 signatures - -2002-04-22 08:00 okir - - * trunk/src/pkcs15init/pkcs15-lib.c: - changed do_select_parent - per request from Juha. Hope this doesn't break anything... :) - -2002-04-21 18:54 aet - - * trunk/src/libopensc/pkcs15-cert.c, trunk/src/libopensc/pkcs15.h: - Extract certificate crlDistributionPoints and store it in - sc_pkcs15_cert - -2002-04-19 20:07 jey - - * trunk/TODO, trunk/etc/opensc.conf.example, - trunk/src/libopensc/ctx.c: - Added 'force_card_driver' option - -2002-04-19 18:01 jey - - * trunk/src/pkcs15init/miocos.profile, - trunk/src/pkcs15init/pkcs15-miocos.c: - Small update to MioCOS - pkcs15init driver - -2002-04-19 17:24 jey - - * trunk/TODO: - Update TODO - -2002-04-19 17:02 jey - - * trunk/src/libopensc/card-miocos.c, - trunk/src/pkcs15init/miocos.profile, - trunk/src/pkcs15init/pkcs15-miocos.c: - Some fixes to the MioCOS - driver - * trunk/src/pkcs15init/flex.profile, - trunk/src/pkcs15init/pkcs15-cflex.c: - Added support for - extractable keys on the Cryptoflex - -2002-04-19 14:23 aet - - * trunk/configure.in, trunk/src/libopensc/asn1.c, - trunk/src/libopensc/asn1.h, trunk/src/libopensc/base64.c, - trunk/src/libopensc/card-etoken.c, - trunk/src/libopensc/card-gpk.c, - trunk/src/libopensc/card-miocos.c, - trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/cardctl.h, trunk/src/libopensc/ctx.c, - trunk/src/libopensc/dir.c, trunk/src/libopensc/emv.h, - trunk/src/libopensc/errors.h, trunk/src/libopensc/internal.h, - trunk/src/libopensc/iso7816.c, trunk/src/libopensc/log.h, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-algo.c, - trunk/src/libopensc/pkcs15-cache.c, - trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15-pubkey.c, - trunk/src/libopensc/pkcs15-sec.c, - trunk/src/libopensc/pkcs15-wrap.c, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/pkcs15.h, - trunk/src/libopensc/reader-ctapi.c, - trunk/src/libopensc/reader-pcsc.c, trunk/src/libopensc/sc.c, - trunk/src/libopensc/types.h, trunk/src/openssh/opensc-ssh.c, - trunk/src/pam/pam_opensc.c, trunk/src/pam/pam_support.c, - trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/pkcs11-global.c, - trunk/src/pkcs11/pkcs11-object.c, trunk/src/pkcs11/sc-pkcs11.h, - trunk/src/pkcs11/secretkey.c, - trunk/src/pkcs15init/pkcs15-cflex.c, - trunk/src/pkcs15init/pkcs15-gpk.c, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/profile.h, trunk/src/scam, - trunk/src/scam/.cvsignore, trunk/src/scam/p15_eid.c, - trunk/src/scam/p15_ldap.c, trunk/src/scconf/parse.c, - trunk/src/scconf/scconf.c, trunk/src/scconf/write.c, - trunk/src/scldap/scldap.c, trunk/src/scldap/test-ldap.c, - trunk/src/scrandom/scrandom.c, trunk/src/scrandom/test-random.c, - trunk/src/signer/dialog.c, trunk/src/signer/opensc-crypto.c, - trunk/src/signer/opensc-support.c, trunk/src/signer/signer.c, - trunk/src/tests/p15dump.c, trunk/src/tests/print.c, - trunk/src/tests/sc-test.c, trunk/src/tests/sc-test.h, - trunk/src/tools/cryptoflex-tool.c, - trunk/src/tools/pkcs15-crypt.c, trunk/src/tools/pkcs15-init.c, - trunk/src/tools/pkcs15-tool.c, trunk/src/tools/util.c, - trunk/src/tools/util.h: - C++ support. Compiles with gcc/g++ for - Linux, otherwise completely untested. - -2002-04-19 10:01 okir - - * trunk/src/pkcs15init/pkcs15-lib.c: - fixed DF handling - -2002-04-19 09:22 jey - - * trunk/TODO, trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15-pubkey.c, - trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/tools/cryptoflex-tool.c, - trunk/src/tools/pkcs15-tool.c: - PKCS #15 objects and DFs are - now stored with linked lists in struct sc_pkcs15_card; this way - we can have 'floating' objects that don't belong in any DF, for - e.g. generating public key objects from certificates - Removed - some unused function prototypes - -2002-04-18 15:01 jey - - * trunk/src/libopensc/pkcs15.c: - sc_pkcs15_find_prkey_by_id and - sc_pkcs15_find_cert_by_id now return all private keys and - certificates instead of only RSA keys and X.509 certificates - - Removed some obsolete PKCS #15 initialization code - -2002-04-18 14:59 jey - - * trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15-pubkey.c: - Added a missing - SC_ASN1_CTX flag to DSA key ASN.1 entries - -2002-04-18 11:59 aet - - * trunk/src/tools/pkcs15-crypt.c: Minor warning fixes - -2002-04-18 11:00 okir - - * trunk/src/tools/pkcs15-crypt.c: - DSA signature support - -2002-04-18 10:59 okir - - * trunk/src/libopensc/pkcs15.h: - added a bunch of prototypes - * trunk/src/libopensc/pkcs15.c: - sc_pkcs15_find_pubkey_by_id - -2002-04-18 10:58 okir - - * trunk/src/libopensc/pkcs15-pubkey.c: - fixed bug with DSA pubkey - de/encoding - * trunk/src/libopensc/pkcs15-prkey.c: - small fix for reading the - private key file - added sc_pkcs15_{erase,free}_prkey - -2002-04-18 09:13 okir - - * trunk/src/tests/print.c: - don't print modulus length for DSA - keys - -2002-04-18 09:12 okir - - * trunk/src/tools/pkcs15-init.c: - fix for storing DSA public keys - * trunk/src/pkcs15init/pkcs15-lib.c: - bug in - check_key_compatibility() - -2002-04-18 09:11 okir - - * trunk/src/libopensc/pkcs15-wrap.c: - encryptedContent didn't - have proper ASN.1 - -2002-04-18 09:10 okir - - * trunk/src/libopensc/pkcs15-pubkey.c: - properly encode/decode - DSA public keys - * trunk/src/libopensc/pkcs15-algo.c: - fix algorithm_id decoding - -2002-04-17 20:47 okir - - * trunk/src/pkcs15init/gpk.profile, - trunk/src/pkcs15init/pkcs15-gpk.c, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/tools/pkcs15-init.c: - starting to support extractable - keys - -2002-04-17 20:46 okir - - * trunk/src/tests/p15dump.c, trunk/src/tests/print.c: - display - non-RSA keys - -2002-04-17 20:45 okir - - * trunk/src/libopensc/pkcs15.h: - missing prototypes for - {de,en}code_prkey - -2002-04-17 20:44 okir - - * trunk/src/libopensc/pkcs15.c: - return objects when searching - for a generic type (e.g. all PRKEY objects) - * trunk/src/libopensc/pkcs15-wrap.c: - correctly initialize PKCDF2 - params - * trunk/src/libopensc/pkcs15-prkey.c: - fixes for PrKDF - encoding/decoding for indirect-protected - -2002-04-17 20:43 okir - - * trunk/src/libopensc/asn1.c: - fix for decoding CHOICE - -2002-04-17 20:42 okir - - * trunk/src/libopensc/errors.h: - new error code - SC_ERROR_INCOMPATIBLE_KEY - -2002-04-17 18:34 okir - - * trunk/src/pkcs11/framework-pkcs15.c: - handle non-RSA keys as - well - -2002-04-17 18:33 okir - - * trunk/src/libopensc/pkcs15-pubkey.c, - trunk/src/libopensc/pkcs15.h: - eliminated RSA specific code to - support generic pubkeys instead - -2002-04-17 18:32 okir - - * trunk/src/libopensc/pkcs15-cert.c: - use SC_ASN1_ALGORITHM_ID - when decoding x509 certs - handle certificates with non-RSA keys - as well - -2002-04-17 13:36 okir - - * trunk/src/libopensc/card-etoken.c, - trunk/src/libopensc/iso7816.c, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/sc.c, trunk/src/libopensc/types.h: - eToken - patches from Markus Friedl - -2002-04-17 13:34 okir - - * trunk/src/libopensc/pkcs15-wrap.c: - some fixes to the ASN.1 we - generate - -2002-04-17 13:13 aet - - * trunk/src/libopensc/asn1.c, trunk/src/libopensc/pkcs15-wrap.c: - Minor warning fixes - -2002-04-17 12:20 okir - - * trunk/src/tools/pkcs15-tool.c: - --read-public-key will work for - non-rsa keys too - -2002-04-17 12:19 okir - - * trunk/src/libopensc/asn1.c: - support NULL tag for - encoding/decoding - * trunk/src/libopensc/pkcs15-algo.c: - correctly encode - AlgorithmIdentifier w/o params as OID+NULL - -2002-04-17 10:33 okir - - * trunk/src/libopensc/pkcs15-algo.c: - minor bugfix - -2002-04-17 09:06 okir - - * trunk/src/libopensc/pkcs15-sec.c: - error out for non-native keys - * trunk/src/libopensc/errors.h: - new error code - SC_ERROR_EXTRACTABLE_KEY - -2002-04-17 09:01 okir - - * trunk/src/libopensc/Makefile.am: - added new files - * trunk/src/libopensc/pkcs15-wrap.c: - functions for file content - protection - * trunk/src/libopensc/types.h: - new file path type - SC_PATH_TYPE_PATH_PROT - -2002-04-17 09:00 okir - - * trunk/src/libopensc/pkcs15.h: - new generic function - sc_pkcs15_read_file - structs and functions for data wrap/unwrap - * trunk/src/libopensc/pkcs15.c: - new generic function - sc_pkcs15_read_file - -2002-04-17 08:59 okir - - * trunk/src/libopensc/pkcs15-pubkey.c: - renamed - sc_pkcs15_parse_pubkey_rsa -> sc_pkcs15_decode_pubkey_rsa - - added sc_pkcs15_decode_pubkey_dsa - sc_pkcs15_read_pubkey now - uses sc_pkcs15_read_file - -2002-04-17 08:58 okir - - * trunk/src/libopensc/pkcs15-prkey.c: - initial support for - non-native keys - implemented generic functions - sc_pkcs15_{encode,decode,read}_prkey - -2002-04-17 08:57 okir - - * trunk/src/libopensc/pkcs15-cert.c: - renamed - sc_pkcs15_parse_pubkey_rsa -> sc_pkcs15_decode_pubkey_rsa - -2002-04-17 08:56 okir - - * trunk/src/libopensc/opensc.h: - added - SC_ALGORITHM_{MD5,SHA1,PBKDF2,PBES2} and corresponding - AlgorithmIdentifier parameter structs - added params pointer to - struct sc_algorithm_id - -2002-04-17 08:55 okir - - * trunk/src/libopensc/errors.h: - new error code - SC_ERROR_PASSPHRASE_REQUIRED - * trunk/src/libopensc/pkcs15-algo.c: - Moved ASN.1 handling of - AlgorithmIdentifier to separate file - -2002-04-17 08:54 okir - - * trunk/src/libopensc/asn1.c, trunk/src/libopensc/asn1.h: - - implemented encoding of OBJECT IDENTIFIER - enhanced support for - encoding/decoding of CHOICE - moved encoding/decoding of - AlgorithmIdentifier to separate file, and added - encoding/decoding of algorithm parameters - -2002-04-16 10:33 aet - - * trunk/src/scldap/scldap.c: Minor Solaris fixes - -2002-04-15 18:03 aet - - * trunk/src/pkcs15init/pkcs15-gpk.c: Add stdlib.h - -2002-04-15 13:42 okir - - * trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-pubkey.c, - trunk/src/libopensc/pkcs15.h, trunk/src/pkcs11/Makefile.am, - trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/framework-pkcs15init.c, - trunk/src/pkcs11/sc-pkcs11.h, trunk/src/pkcs11/slot.c, - trunk/src/pkcs15init/Makefile.am, - trunk/src/pkcs15init/pkcs15-cflex.c, - trunk/src/pkcs15init/pkcs15-gpk.c, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/pkcs15-miocos.c, - trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h, - trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-tool.c: - - pkcs15-init does not require openssl anymore - -2002-04-14 13:52 aet - - * trunk/src/openssh/opensc-ssh.c, - trunk/src/signer/opensc-crypto.c: libsc -> opensc - -2002-04-14 12:43 jey - - * trunk/src/libopensc/card-miocos.c: - Fixed ACL handling in - MioCOS driver - -2002-04-13 19:00 okir - - * trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/misc.c: - - C_CreateObject now understands X509 certs (untested) - -2002-04-11 15:53 okir - - * trunk/src/pkcs11/framework-pkcs15.c: - minor fix - -2002-04-11 15:17 okir - - * trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/misc.c, - trunk/src/pkcs11/pkcs11-object.c, trunk/src/pkcs11/sc-pkcs11.h: - - implemented C_CreateObject for public and private key objects - -2002-04-11 15:14 okir - - * trunk/src/tools/pkcs15-init.c: - changed to reflext - pkcs15init_store_foobar update - * trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c: - all - sc_pkcs15init_store_foobar functions now take an additional - struct sc_pkcs15_object ** argument - -2002-04-11 15:13 okir - - * trunk/src/libopensc/pkcs15-sec.c: - avoid unchecked memcpy - -2002-04-11 15:12 okir - - * trunk/src/libopensc/card-gpk.c: - in set_security_env, select - the PK file prior to read_record - -2002-04-11 14:31 aet - - * trunk/src/openssh/Makefile.am: Remove openssh-3.0.2p1-patch.diff - -2002-04-10 23:10 jey - - * trunk/src/libopensc/card-etoken.c: - Added a missing file from a - previous commit - -2002-04-10 23:00 jey - - * trunk/src/libopensc/iso7816.c: - Changed an error code as per - Andreas' suggestion - -2002-04-10 22:25 jey - - * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/ctx.c, - trunk/src/libopensc/opensc.h: - Added support for Aladdin eToken - PRO; patch by Andreas Jellinghaus - -2002-04-09 13:26 aet - - * trunk/src/scam/scam.c, trunk/src/scam/scam.h: Minor cleanups - -2002-04-09 12:32 aet - - * trunk/src/openssh/README, - trunk/src/openssh/openssh-3.0.2p1-patch.diff: - Update ChangeLog - - Update src/openssh/README - Removed obsolete patch for - openssh-3.0.2p1 - -2002-04-09 12:20 aet - - * trunk/src/openssh/opensc-ssh.c: sc-ssh -> opensc-ssh - -2002-04-09 11:34 aet - - * trunk/src/scldap/scldap.c: Free memory - -2002-04-09 11:24 aet - - * trunk/src/scconf/lex-parse.l: - Revert previous patch since it - leads to a sigsegv if we parse file multiple times. Damn it, so - lex allocates a 16kB buffer that it won't free any time. At - least this could be solved some other time by rewriting a - separate line parser without lex. - -2002-04-09 11:01 aet - - * trunk/src/scconf/lex-parse.l: Free yy_current_buffer since lex - doesn't do it - -2002-04-09 10:59 jey - - * trunk/src/scam/scam.c: - Added a missing include file - -2002-04-08 15:51 okir - - * trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/framework-pkcs15init.c, - trunk/src/pkcs11/pkcs11-global.c, - trunk/src/pkcs11/pkcs11-session.c, trunk/src/pkcs11/sc-pkcs11.h: - - implemented C_InitPIN (based on pkcs15init) - C_Login now - understands the SO PIN. - -2002-04-08 15:50 okir - - * trunk/src/pkcs15init/profile.h: - cleanup - * trunk/src/pkcs15init/profile.c: - free some more memory in - sc_profile_free - -2002-04-08 15:49 okir - - * trunk/src/pkcs15init/pkcs15-lib.c: - SO PIN is now optionally: - if you want to use it, pass a PIN to sc_pkcs15init_add_app. If - you don't, don't. - sc_pkcs15init_erase_card checks whether the - erase_card funcion ptr is NULL - check SO pin len in - sc_pkcs15init_add_app - In sc_pkcs15init_store_pin, if the - caller didn't specify the auth_id, select one automatically - - added sc_pkcs15init_unbind - -2002-04-08 15:46 okir - - * trunk/src/pkcs15init/pkcs15-init.h: - added sc_pkcs15init_unbind - * trunk/src/pkcs15init/pkcs15-gpk.c: - SO PIN path was not - propagated to the caller - -2002-04-08 15:45 okir - - * trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: - - implemented sc_pkcs15_find_so_pin - * trunk/src/libopensc/card-gpk.c: - When the application selected - the EF, then the container DF, all PIN info would be lost. - -2002-04-08 14:57 aet - - * trunk/src/scam/p15_eid.c, trunk/src/scam/p15_ldap.c, - trunk/src/scam/scam.h: Remove scam_framework_ops->atrs - -2002-04-08 09:29 okir - - * trunk/src/pkcs15init/pkcs15-lib.c: - store SO PIN entry in AODF - * trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h: - - textual pin flags; defer pin file lookup until - sc_profile_finish - -2002-04-08 09:28 okir - - * trunk/src/pkcs15init/pkcs15-gpk.c: - implemented SO PIN handling - * trunk/src/pkcs15init/gpk.profile: - enable SO PIN - -2002-04-08 09:27 okir - - * trunk/src/pkcs15init/pkcs15.profile: - add pin descriptions - -2002-04-08 09:23 okir - - * trunk/src/libopensc/pkcs15-pin.c: - pin flags were not encoded - correctly - -2002-04-08 08:27 aet - - * trunk/src/pam/pam_opensc.c, trunk/src/scam/p15_eid.c, - trunk/src/scam/p15_ldap.c, trunk/src/scam/scam.c, - trunk/src/scam/scam.h, trunk/src/sia/sia_opensc.c: - Upgrade all - modules to store method specific internal data to - scam_context->method_data - -2002-04-07 19:36 aet - - * trunk/src/pam/Makefile.am, trunk/src/pam/pam_opensc.c, - trunk/src/pam/pam_support.c, trunk/src/pam/pam_support.h, - trunk/src/scam/Makefile.am, trunk/src/scam/p15_eid.c, - trunk/src/scam/p15_ldap.c, trunk/src/scam/scam.c, - trunk/src/scam/scam.h, trunk/src/sia/Makefile.am, - trunk/src/sia/sia_opensc.c: Started to rewrite parts of scam: - - Combine lib{pam,sia}scam into libscam - Get rid of the need for - handles, printmsg and logmsg in the scam_framework_ops structure. - -2002-04-07 13:15 jey - - * trunk/src/pkcs15init/flex.profile, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/profile.c, trunk/src/tools/pkcs15-init.c: - - Added support for user-defined serial numbers in pkcs15-init and - PIN flags in profiles - -2002-04-07 10:21 aet - - * trunk/src/libopensc/errors.c: Warning fixes - -2002-04-06 15:04 jey - - * trunk/src/libopensc/card-miocos.c: - Changed CLA byte to 0xA0 in - miocos_delete_file() - -2002-04-06 14:52 jey - - * trunk/src/pkcs15init/pkcs15-lib.c: - Added user PIN finding to - sc_pkcs15init_store_certificate() - -2002-04-06 14:21 jey - - * trunk/src/pkcs15init/flex.profile, - trunk/src/pkcs15init/miocos.profile: - Added certificate - templates - -2002-04-06 12:14 jey - - * trunk/docs/Makefile.am, trunk/docs/pkcs-15v1_1.asn: - Added PCKS - #15 ASN.1 module - -2002-04-06 12:02 jey - - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c, - trunk/src/libopensc/card.c, trunk/src/libopensc/errors.c, - trunk/src/libopensc/errors.h, trunk/src/libopensc/iso7816.c, - trunk/src/libopensc/reader-pcsc.c, trunk/src/libopensc/sc.c, - trunk/src/libopensc/types.h, trunk/src/pkcs11/misc.c: - Divided - errors into different groups, added new ones and renamed some - - Moved sc_strerror() to errors.c - Added a 'sensitive' flag to - struct sc_apdu - -2002-04-06 08:21 aet - - * trunk/src/libopensc/emv.h, trunk/src/libopensc/log.h: Fix some - typos - -2002-04-06 08:02 aet - - * trunk/src/libopensc/Makefile.am: Add errors.h and types.h - -2002-04-05 18:49 okir - - * trunk/src/tools/opensc-explorer.c: - include/opensc fix - -2002-04-05 18:19 okir - - * trunk/src/pkcs11/framework-pkcs15init.c: - C_InitToken: after - creating the application DF, switch to the normal pkcs15 - framework on the fly and mark all tokens as initialized. - -2002-04-05 18:10 aet - - * trunk/src/libopensc/internal.h, trunk/src/libopensc/module.c, - trunk/src/libopensc/reader-ctapi.c: Change calling convention - for sc_module_close() - -2002-04-05 15:51 aet - - * trunk/src/pkcs11/framework-pkcs15init.c, - trunk/src/pkcs15init/pkcs15-cflex.c, - trunk/src/pkcs15init/pkcs15-miocos.c: Minor warning fixes - -2002-04-05 15:06 jey - - * trunk/src/include/opensc/Makefile.am, - trunk/src/libopensc/errors.h, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/types.h: - Started to split opensc.h into - smaller parts - -2002-04-05 15:04 okir - - * trunk/src/tools/opensc-explorer.c: - added erase command - -2002-04-05 15:03 okir - - * trunk/src/pkcs11/Makefile.am, - trunk/src/pkcs11/framework-pkcs15init.c, - trunk/src/pkcs11/slot.c: - added new pkcs15init framework that - implements C_InitToken - -2002-04-05 15:02 okir - - * trunk/src/pkcs11/sc-pkcs11.h: - added initialize() function to - card ops vector - * trunk/src/pkcs11/pkcs11-global.c: - Added C_Initialize - Minor - bugfix in C_Finalize - -2002-04-05 15:01 okir - - * trunk/src/pkcs11/framework-pkcs15.c: - add CKF_TOKEN_INITIALIZED - flag - -2002-04-05 14:56 okir - - * trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c: - implemented - sc_pkcs15init_get_{serial,amnufacturer}, fixed bug - -2002-04-05 14:55 okir - - * trunk/src/pkcs15init/profile.c: - try to free all memory we - allocated - * trunk/src/pkcs15init/pkcs15-gpk.c: - during add_app, just - complain about SO PINs but don't error out - -2002-04-05 14:46 jey - - * trunk/src/libopensc/asn1.c, trunk/src/libopensc/asn1.h, - trunk/src/libopensc/base64.c, - trunk/src/libopensc/card-default.c, - trunk/src/libopensc/card-emv.c, trunk/src/libopensc/card-flex.c, - trunk/src/libopensc/card-miocos.c, - trunk/src/libopensc/card-setcos.c, - trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/ctx.c, trunk/src/libopensc/dir.c, - trunk/src/libopensc/emv.c, trunk/src/libopensc/emv.h, - trunk/src/libopensc/internal.h, trunk/src/libopensc/iso7816.c, - trunk/src/libopensc/log.c, trunk/src/libopensc/log.h, - trunk/src/libopensc/opensc.h, - trunk/src/libopensc/pkcs15-cache.c, - trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/pkcs15.h, - trunk/src/libopensc/reader-ctapi.c, - trunk/src/libopensc/reader-pcsc.c, trunk/src/libopensc/sc.c, - trunk/src/libopensc/sec.c: - Added SC_ERROR_FILE_ALREADY_EXISTS - - Changed call convention for reader finish() - CT-API driver - now frees its resources correctly - Added year 2002 to some of - the copyright statements - sc_pkcs15_decipher() and - sc_pkcs15_compute_signature() now select only the parent DF of - the private key file - -2002-04-05 14:23 aet - - * trunk/src/include/opensc/Makefile.am: Symlink all necessary - headers - -2002-04-05 14:00 jey - - * trunk/src/pkcs15init/pkcs15-lib.c: - Fixed a bug in - sc_pkcs15init_bind() - Added PIN code padding in do_verify_pin() - -2002-04-05 13:49 aet - - * trunk/src/Makefile.am: Add missing directory - -2002-04-05 13:48 aet - - * trunk/configure.in, trunk/src/include, - trunk/src/include/.cvsignore, trunk/src/include/Makefile.am, - trunk/src/include/opensc, trunk/src/include/opensc/.cvsignore, - trunk/src/include/opensc/Makefile.am, - trunk/src/libopensc/asn1.h, trunk/src/libopensc/emv.c, - trunk/src/libopensc/emv.h, trunk/src/libopensc/log.h, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15.h, - trunk/src/openssh/opensc-ssh.c, - trunk/src/openssh/openssh-3.0.2p1-patch.diff, - trunk/src/pkcs11/sc-pkcs11.h, - trunk/src/pkcs15init/pkcs15-cflex.c, - trunk/src/pkcs15init/pkcs15-gpk.c, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/pkcs15-miocos.c, - trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h, - trunk/src/scam/Makefile.am, trunk/src/scam/p15_eid.c, - trunk/src/scam/p15_ldap.c, trunk/src/scam/scam.c, - trunk/src/scldap/scldap.h, trunk/src/scldap/test-ldap.c, - trunk/src/signer/opensc-crypto.h, trunk/src/signer/signer.h, - trunk/src/tests/base64.c, trunk/src/tests/lottery.c, - trunk/src/tests/p15dump.c, trunk/src/tests/pintest.c, - trunk/src/tests/print.c, trunk/src/tests/prngtest.c, - trunk/src/tests/sc-test.c, trunk/src/tools/Makefile.am, - trunk/src/tools/cryptoflex-tool.c, - trunk/src/tools/opensc-explorer.c, - trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-crypt.c, - trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-tool.c, - trunk/src/tools/util.h: Rework the header structure Currently - fails to compile, unless you symlink all the necessary headers - to src/include/opensc by yourself. - -2002-04-05 10:44 aet - - * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/asn1.c, - trunk/src/libopensc/asn1.h, trunk/src/libopensc/base64.c, - trunk/src/libopensc/card-default.c, - trunk/src/libopensc/card-emv.c, trunk/src/libopensc/card-flex.c, - trunk/src/libopensc/card-gpk.c, - trunk/src/libopensc/card-miocos.c, - trunk/src/libopensc/card-setcos.c, - trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/ctx.c, trunk/src/libopensc/dir.c, - trunk/src/libopensc/emv.c, trunk/src/libopensc/internal.h, - trunk/src/libopensc/iso7816.c, trunk/src/libopensc/log.c, - trunk/src/libopensc/log.h, trunk/src/libopensc/module.c, - trunk/src/libopensc/pkcs15-cache.c, - trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15-pubkey.c, - trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/pkcs15.h, - trunk/src/libopensc/reader-ctapi.c, - trunk/src/libopensc/reader-pcsc.c, trunk/src/libopensc/sc.c, - trunk/src/libopensc/sec.c, trunk/src/openssh/opensc-ssh.c, - trunk/src/openssh/openssh-3.0.2p1-patch.diff, - trunk/src/pkcs11/sc-pkcs11.h, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/profile.h, trunk/src/scam/p15_eid.c, - trunk/src/scam/p15_ldap.c, trunk/src/signer/opensc-crypto.h, - trunk/src/signer/signer.h, trunk/src/tests/base64.c, - trunk/src/tests/p15dump.c, trunk/src/tests/pintest.c, - trunk/src/tests/print.c, trunk/src/tools/cryptoflex-tool.c, - trunk/src/tools/pkcs15-crypt.c, trunk/src/tools/pkcs15-init.c, - trunk/src/tools/pkcs15-tool.c: Upgrade sources to use new - headers, part #1 - -2002-04-05 10:37 aet - - * trunk/src/libopensc/opensc-emv.h, - trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/sc-asn1.h, - trunk/src/libopensc/sc-internal.h, trunk/src/libopensc/sc-log.h: - Obsolete. opensc-emv.h, opensc-pkcs15.h --> emv.h, pkcs15.h - sc-asn1.h, sc-internal.h, sc-log.h --> asn1.h, internal.h, log.h - -2002-04-05 10:25 aet - - * trunk/src/libopensc/Makefile.am, trunk/src/pam/Makefile.am, - trunk/src/pkcs11/Makefile.am, trunk/src/pkcs15init/Makefile.am, - trunk/src/scconf/Makefile.am, trunk/src/scldap/Makefile.am, - trunk/src/scrandom/Makefile.am, trunk/src/sia/Makefile.am, - trunk/src/signer/Makefile.am: Install headers to - ${prefix}/include/opensc - -2002-04-05 10:06 okir - - * trunk/src/tools/pkcs15-init.c: - don't include profile.h anymore - -2002-04-05 10:05 okir - - * trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h: - - miniscule API changes so that applications don't need to - include profile.h anymore - -2002-04-05 08:45 okir - - * trunk/src/pkcs15init/profile.c: - file type is now also a struct - map - -2002-04-04 22:10 jey - - * trunk/src/pkcs15init/Makefile.am, - trunk/src/pkcs15init/flex.profile, - trunk/src/pkcs15init/miocos.profile, - trunk/src/pkcs15init/pkcs15-cflex.c, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/pkcs15-miocos.c: - Cryptoflex now works - with the new pkcs15init stuff - -2002-04-04 20:49 jey - - * trunk/configure.in: - Small typos corrected - -2002-04-04 20:42 jey - - * trunk/src/pkcs15init/Makefile.am, - trunk/src/pkcs15init/miocos.profile, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/pkcs15-miocos.c: - Partial support for PKCS - #15 generation on MioCOS cards - Some other small fixes to the - pkcs15init code - -2002-04-04 20:40 jey - - * trunk/src/libopensc/card-miocos.c, - trunk/src/libopensc/cardctl.h, trunk/src/libopensc/pkcs15.c: - - Cleaned up MioCOS driver and added PIN code creation - Added an - error message in case ODF parsing fails - -2002-04-04 20:38 jey - - * trunk/src/libopensc/asn1.c: - DER decoder now treats 0xFF tags - the same way as 0x00 tags - -2002-04-04 20:37 jey - - * trunk/src/tools/opensc-explorer.c: - Made clearer the error - message resulting from an incorrect PIN code entry - -2002-04-04 19:58 okir - - * trunk/src/pkcs15init/pkcs15-lib.c: - the previous fix broke - do_verify_pin - -2002-04-04 15:06 aet - - * trunk/src/pkcs15init/pkcs15-lib.c: Minor warning fix - -2002-04-04 15:02 aet - - * trunk/src/libopensc/pkcs15-cert.c: Workaround for a compiler - problem (Sun WorkShop 6 update 2 C 5.3 Patch 111679-05 - 2002/02/07) Still lots of bogus warnings, but at least - everything compiles - -2002-04-04 14:34 okir - - * trunk/src/pkcs15init/profile.c: - added internal-ef for juha - -2002-04-04 14:21 aet - - * trunk/src/scam/p15_eid.c, trunk/src/scam/p15_ldap.c, - trunk/src/sia/sia_opensc.c, trunk/src/sia/sia_support.h: - Checkpoint commit for SIA support, doesn't work yet - -2002-04-04 12:44 aet - - * trunk/src/libopensc/card-gpk.c, trunk/src/libopensc/cardctl.h: - Fix minor compiler warnings - -2002-04-04 11:14 aet - - * trunk/Makefile.am, trunk/README.signer, trunk/TODO, - trunk/src/libopensc/Makefile.am: Update TODO and Changelog 'make - dist' fixes Add missing README for OpenSC-Signer - -2002-04-04 10:56 aet - - * trunk/configure.in: OpenSC-Signer merge complete. - -2002-04-04 10:40 aet - - * trunk/configure.in, trunk/src/Makefile.am, - trunk/src/signer/Makefile.am: Merge opensc-signer to - opensc/src/signer, part #1 - -2002-04-04 09:20 jey - - * trunk/src/libopensc/reader-ctapi.c: - ctapi_release() now calls - CT_close(), as it should - * trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/pkcs15.h: - Added typedefs for the most - common structs - -2002-04-03 14:16 jey - - * trunk/src/libopensc/ctx.c: - fixed a typo - -2002-04-03 14:15 okir - - * trunk/src/pkcs15init/pkcs15-lib.c: - shouldn't set key_reference - -2002-04-03 12:59 aet - - * trunk/src/libopensc/card-setcos.c: Minor warning fix - -2002-04-03 12:53 okir - - * trunk/src/pkcs15init/pkcs15.profile, - trunk/src/pkcs15init/profile.c: - renamed PKCS15-DIR to DIR per - juha's request - -2002-04-03 12:46 okir - - * trunk/src/pkcs15init/gpk.profile, - trunk/src/pkcs15init/pkcs15.profile: - moved gpk specific MF ACL - to the gpk profile, where it belongs - -2002-04-03 11:57 okir - - * trunk/src/pkcs15init/TODO: - updated TODO list - -2002-04-03 11:56 okir - - * trunk/src/tools/pkcs15-init.c: - fixed exit code - -2002-04-03 11:55 okir - - * trunk/src/pkcs15init/gpk.profile, - trunk/src/pkcs15init/pkcs15.profile: - rewrote config files to - match new parser - -2002-04-03 11:52 okir - - * trunk/src/pkcs15init/pkcs15-gpk.c, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h: - - rewrote parser to use Antti's scconf - -2002-04-03 11:51 okir - - * trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc.c: - added - two new error codes for pkcs15init - -2002-04-02 21:26 jey - - * trunk/src/libopensc/card-setcos.c: - fixed a small bug regarding - prop_attr in the SetCOS driver - -2002-04-02 20:58 aet - - * trunk/src/pkcs15init/profile.c, trunk/src/tools/pkcs15-init.c: - Minor compiler warning fixes - -2002-04-02 14:46 okir - - * trunk/src/tools/pkcs15-init.c: - support for SO pin during app - initialization - -2002-04-02 14:45 okir - - * trunk/src/pkcs15init/pkcs15-gpk.c, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c: pkcs15-gpk.c - -2002-04-02 14:27 okir - - * trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c: - added - sc_pkcs15init_present_pin for juha - -2002-04-02 13:43 aet - - * trunk/src/pkcs15init, trunk/src/pkcs15init/.cvsignore: Add - .cvsignore - -2002-04-02 13:38 aet - - * trunk/configure.in, trunk/src/pkcs15init/Makefile.am: Generate - src/pkcs15init/Makefile - -2002-04-02 13:30 okir - - * trunk/src/Makefile.am: - added new subdir pkcs15init - -2002-04-02 13:29 okir - - * trunk/src/tools/flex.profile, trunk/src/tools/gpk.profile, - trunk/src/tools/miocos.profile, trunk/src/tools/pkcs15-cflex.c, - trunk/src/tools/pkcs15-gpk.c, trunk/src/tools/pkcs15-init.h, - trunk/src/tools/pkcs15-miocos.c, trunk/src/tools/pkcs15.profile, - trunk/src/tools/profile.c, trunk/src/tools/profile.h: - moved - most of the pkcs15init stuff to libpkcs15init - -2002-04-02 13:28 okir - - * trunk/src/tools/Makefile.am, trunk/src/tools/pkcs15-init.c: - - rewrote pkcs15-init; much of the init stuff moved to separate - library - -2002-04-02 13:26 okir - - * trunk/src/pkcs15init, trunk/src/pkcs15init/Makefile.am, - trunk/src/pkcs15init/README, trunk/src/pkcs15init/TODO, - trunk/src/pkcs15init/flex.profile, - trunk/src/pkcs15init/gpk.profile, - trunk/src/pkcs15init/miocos.profile, - trunk/src/pkcs15init/pkcs15-cflex.c, - trunk/src/pkcs15init/pkcs15-gpk.c, - trunk/src/pkcs15init/pkcs15-init.h, - trunk/src/pkcs15init/pkcs15-lib.c, - trunk/src/pkcs15init/pkcs15-miocos.c, - trunk/src/pkcs15init/pkcs15.profile, - trunk/src/pkcs15init/profile.c, trunk/src/pkcs15init/profile.h: - - rewrite of the pkcs15-init stuff - -2002-04-02 12:58 okir - - * trunk/src/libopensc/pkcs15.c: - sc_pkcs15_get_objects() now lets - you search for generic types (e.g. SC_PKCS15_TYPE_PRKEY) too. - -2002-04-02 12:57 okir - - * trunk/src/libopensc/opensc.h: - added SC_AC_SYMBOLIC for - pkcs15init support - -2002-04-02 11:41 okir - - * trunk/src/tests/print.c: - indentation fix - -2002-04-02 09:38 aet - - * trunk/Makefile.am, trunk/aclocal/Makefile.am, - trunk/docs/Makefile.am, trunk/etc/Makefile.am, - trunk/src/Makefile.am, trunk/src/common/Makefile.am, - trunk/src/libopensc/Makefile.am, trunk/src/openssh/Makefile.am, - trunk/src/pam/Makefile.am, trunk/src/pkcs11/Makefile.am, - trunk/src/pkcs11/rsaref/Makefile.am, trunk/src/scam/Makefile.am, - trunk/src/scconf/Makefile.am, trunk/src/scldap/Makefile.am, - trunk/src/scrandom/Makefile.am, trunk/src/sia/Makefile.am, - trunk/src/signer/Makefile.am, - trunk/src/signer/npinclude/Makefile.am, - trunk/src/tests/Makefile.am, trunk/src/tools/Makefile.am: Add - maintainer-clean patch by Andreas Jellinghaus - - -2002-03-31 19:15 aet - - * trunk/src/scconf/scconf.c, trunk/src/scconf/scconf.h, - trunk/src/scconf/test-conf.c, trunk/src/scldap/scldap.c: Remove - flag SCCONF_OPTIONAL, add SCCONF_MANDATORY - -2002-03-31 16:32 aet - - * trunk/src/libopensc/ctx.c, trunk/src/libopensc/module.c, - trunk/src/libopensc/sc.c: Remove #include "config.h", - sc-internal.h already does that - -2002-03-31 16:00 aet - - * trunk/src/scconf/scconf.c: Include header stdio.h - -2002-03-31 15:26 aet - - * trunk/src/libopensc/reader-ctapi.c, - trunk/src/scconf/test-conf.c, trunk/src/scldap/scldap.c: - - Upgrade scldap to use scconf_parse_entries(); - Fix compiler - warnings for ct-api driver, untested. - -2002-03-31 13:00 aet - - * trunk/src/scconf/scconf.c, trunk/src/scconf/test-conf.c: Upgrade - test-conf to use scconf_parse_entries(); NOTE: Handles ldap/card - blocks for scldap.conf - -2002-03-31 11:30 aet - - * trunk/src/scconf/parse.c, trunk/src/scconf/scconf.c, - trunk/src/scconf/scconf.h: Add functions scconf_list_add and - scconf_parse_entries, getting the values in user code is now - pretty much the same as it is in ASN.1 decoder. - -2002-03-28 14:13 jey - - * trunk/src/libopensc/card-miocos.c, - trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/ctx.c, - trunk/src/libopensc/iso7816.c, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/sc.c: - sec_attr and prop_attr are now - dynamically allocated in struct sc_file - -2002-03-28 13:34 aet - - * trunk/src/libopensc/ctx.c, trunk/src/tests/sc-test.c: - Added - sanity check for sc_establish_context. If no readers are found, - fail and return SC_ERROR_NO_READERS_FOUND. - -2002-03-28 13:10 aet - - * trunk/src/libopensc/Makefile.am: Add missing @LIBDL@ to - libopensc linking - -2002-03-27 13:13 aet - - * trunk/configure.in, trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/ctx.c, trunk/src/libopensc/internal.h, - trunk/src/libopensc/module.c, - trunk/src/libopensc/reader-ctapi.c, - trunk/src/libopensc/sc-internal.h, - trunk/src/openssh/Makefile.am, trunk/src/pam/Makefile.am, - trunk/src/scam/Makefile.am, trunk/src/scldap/Makefile.am, - trunk/src/scldap/scldap.c, trunk/src/scrandom/Makefile.am, - trunk/src/sia/Makefile.am, trunk/src/signer/Makefile.am: - Minor - cleanups to build process - Add header check for dlfcn.h - Add - internal functions sc_module_{open,close,get_address} - Use - environ instead __environ for scldap_search, should be more - portable. - Fix compiler warnings noticed by Tru64 / AIX cc - -2002-03-26 23:06 aet - - * trunk/src/scam/p15_eid.c, trunk/src/scam/p15_ldap.c: Reduce the - scidi specific code to bare minimum - -2002-03-26 20:59 aet - - * trunk/src/scldap/scldap.h: Add missing character - -2002-03-26 20:56 aet - - * trunk/src/libopensc/ctx.c, trunk/src/scconf/scconf.c, - trunk/src/scconf/scconf.h, trunk/src/scconf/test-conf.c, - trunk/src/scldap/scldap.c, trunk/src/scldap/scldap.h: Rename - scconf_init to scconf_new Rename scconf_deinit to scconf_free - Add initial comments to scldap.h - -2002-03-26 20:05 okir - - * trunk/src/pkcs11/framework-pkcs15.c: - fix signing of raw - md5/sha1 hash w/o pkcs1 gunk prefix - -2002-03-26 11:38 jey - - * trunk/etc/opensc.conf.example, trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/ctbcs.h, trunk/src/libopensc/ctx.c, - trunk/src/libopensc/internal.h, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/reader-ctapi.c, - trunk/src/libopensc/reader-pcsc.c, - trunk/src/libopensc/sc-internal.h, trunk/src/libopensc/sc.c: - - Added support for CT-API - Improved config file loading - - Implemented ATR parsing - -2002-03-25 22:39 aet - - * trunk/src/libopensc/ctx.c, trunk/src/scconf/scconf.c, - trunk/src/scconf/scconf.h, trunk/src/scconf/test-conf.c, - trunk/src/scldap/scldap.c: Rename scconf_find_value to - scconf_find_list Rename scconf_find_value_first to - scconf_get_str Add functions scconf_get_int and scconf_get_bool - -2002-03-25 21:23 aet - - * trunk/src/libopensc/ctx.c, trunk/src/scconf/parse.c, - trunk/src/scconf/scconf.c, trunk/src/scconf/test-conf.c, - trunk/src/scldap/scldap.c: Always allocate scconf_list for block - structure - -2002-03-25 20:10 aet - - * trunk/src/libopensc/ctx.c, trunk/src/scconf/scconf.c, - trunk/src/scconf/scconf.h, trunk/src/scconf/test-conf.c, - trunk/src/scldap/scldap.c: Add sanity checks and more comments - Add new parameter for scconf_find_blocks - -2002-03-25 12:39 aet - - * trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/misc.c, - trunk/src/pkcs11/pkcs11-global.c, - trunk/src/pkcs11/pkcs11-object.c, - trunk/src/pkcs11/pkcs11-session.c, trunk/src/pkcs11/sc-pkcs11.h, - trunk/src/pkcs11/secretkey.c, trunk/src/pkcs11/slot.c: Add - support for config.h Remove old, obsolete and dead code - -2002-03-25 11:54 aet - - * trunk/configure.in, trunk/etc/scldap.conf.example, - trunk/src/scldap/scldap.c: Still changes for libreadline checks - output Clear environment before calling ldap_init, as suggested - by Olaf - -2002-03-25 10:19 okir - - * trunk/configure.in: - pick up -lresolv on systems with glibc - 2.2.4 (needed by openldap 2.x) - -2002-03-24 23:20 jey - - * trunk/TODO: - updated TODO - -2002-03-24 22:54 jey - - * trunk/src/libopensc/ctx.c: - fixed some memory leaks in - sc_establish_context - -2002-03-24 22:47 jey - - * trunk/etc/opensc.conf.example, trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/ctx.c, trunk/src/libopensc/reader-pcsc.c, - trunk/src/libopensc/sc.c: - Moved functions from sc.c to ctx.c - - Card and reader drivers are now configurable - -2002-03-24 21:56 aet - - * trunk/src/pkcs11/pkcs11-global.c, trunk/src/scam/p15_eid.c, - trunk/src/scam/p15_ldap.c, trunk/src/tests/sc-test.c, - trunk/src/tools/cryptoflex-tool.c, - trunk/src/tools/opensc-explorer.c, - trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-crypt.c, - trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-tool.c: - Don't hardcode initial debugging level and error/debug_file - pointers to the code, get the values from opensc.conf instead. - -2002-03-24 20:30 aet - - * trunk/configure.in: Add missing AC_MSG_RESULT texts to - libreadline check - -2002-03-24 20:04 aet - - * trunk/src/scconf/test-conf.c: Allow user to specify input/output - filenames - -2002-03-24 17:50 aet - - * trunk/etc/opensc.conf.example: Fix syntax errors - -2002-03-24 17:09 aet - - * trunk/src/libopensc/sc.c: Oops, scconf_parse was called twice. - Fixed. - -2002-03-24 16:57 aet - - * trunk/etc/opensc.conf.example, trunk/src/libopensc/sc.c: - Fix a - potential segfault for the new sc_establish_context - Keep the - variable names in opensc.conf the same as they are in code - structs. Always try to parse app default { } first, then upgrade - the settings with the application specific configuration block. - -2002-03-24 15:41 aet - - * trunk/Makefile.am, trunk/configure.in, trunk/etc, - trunk/etc/.cvsignore, trunk/etc/Makefile.am, - trunk/etc/scldap.conf.example, trunk/src/libopensc/Makefile.am, - trunk/src/openssh/openssh-3.0.2p1-patch.diff, - trunk/src/pkcs11/pkcs11-global.c, trunk/src/scam/Makefile.am, - trunk/src/scam/p15_ldap.c, trunk/src/scam/scam.c, - trunk/src/scldap/Makefile.am, trunk/src/scldap/scldap.h, - trunk/src/scldap/test-ldap.c, trunk/src/signer/opensc-crypto.c, - trunk/src/signer/opensc-support.c: Move opensc/src/scldap/etc to - opensc/etc SCLDAP_CONFIG -> SCLDAP_CONF_PATH Upgrade the rest of - the programs to use new core API - -2002-03-24 14:15 jey - - * trunk/etc/opensc.conf.example: - second version of the default - config file - -2002-03-24 14:12 jey - - * trunk/configure.in, trunk/etc, trunk/etc/opensc.conf.example, - trunk/src/libopensc/Makefile.am, trunk/src/libopensc/internal.h, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc-internal.h, - trunk/src/libopensc/sc.c, trunk/src/openssh/opensc-ssh.c, - trunk/src/pkcs11/pkcs11-global.c, trunk/src/scam/p15_eid.c, - trunk/src/scam/p15_ldap.c, trunk/src/scam/scam.c, - trunk/src/tests/sc-test.c, trunk/src/tools/cryptoflex-tool.c, - trunk/src/tools/opensc-explorer.c, - trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-crypt.c, - trunk/src/tools/pkcs15-gpk.c, trunk/src/tools/pkcs15-init.c, - trunk/src/tools/pkcs15-tool.c, trunk/src/tools/profile.c, - trunk/src/tools/util.c, trunk/src/tools/util.h: - Started to add - configuration file support to libopensc - Added typedefs for - some basic structs (e.g. struct sc_card --> sc_card_t) - Added a - second argument to sc_establish_context() to identify the - calling application - Renamed sc_destroy_context() to - sc_release_context() - -2002-03-24 14:06 jey - - * trunk/src/libopensc/card-setcos.c: - fixed a typo in one ATR - string - -2002-03-24 12:14 aet - - * trunk/src/pam/pam_opensc.c, trunk/src/tools/opensc-explorer.c, - trunk/src/tools/pkcs15-init.c, trunk/src/tools/profile.c: - Fix - compiler warnings for Solaris - Use of PAM_MODULE_UNKNOWN broke - pam_opensc for Sun based PAM implementations, fixed. - -2002-03-24 10:03 aet - - * trunk/src/scam/p15_eid.c, trunk/src/scam/p15_ldap.c, - trunk/src/scam/scam.c: Make sure everything compiles even if we - don't have an LDAP implementation and/or OpenSSL library. - -2002-03-23 19:37 aet - - * trunk/configure.in: Restructuring and merges with scidi - -2002-03-23 16:28 aet - - * trunk/src/pam/README, trunk/src/scam/p15_eid.c, - trunk/src/scam/p15_ldap.c: Strip off "opensc-" prefix from the - p15 module names - -2002-03-22 13:56 aet - - * trunk/src/tools/Makefile.am: 'make dist' fixes - -2002-03-22 09:50 aet - - * trunk/bootstrap: Test if Makefile exists before doing make - distclean Remove --gnu from autoreconf - -2002-03-22 01:14 aet - - * trunk/src/scldap/scldap.c: Disable a debugging message that got - activated because of log_messagex -> fprintf renames. - -2002-03-22 00:13 aet - - * trunk/src/tests/base64.c, trunk/src/tests/lottery.c, - trunk/src/tests/p15dump.c, trunk/src/tests/pintest.c, - trunk/src/tests/print.c, trunk/src/tests/prngtest.c, - trunk/src/tests/sc-test.c, trunk/src/tests/sc-test.h: Fix memory - leaks Indent lines - -2002-03-21 23:45 aet - - * trunk/src/libopensc/pkcs15-cert.c, trunk/src/scam/p15_eid.c, - trunk/src/scam/p15_ldap.c: Remove bogus "len = len;" statement - from pkcs15-cert Other minor cleanups - -2002-03-21 19:12 aet - - * trunk/src/pam/README: Merge bits of information from - pam_pkcs15's README for opensc-pkcs15-eid - -2002-03-21 18:37 aet - - * trunk/configure.in: Fix a typo Add missing conditional - -2002-03-21 18:02 aet - - * trunk/src/pam/pam_opensc.c, trunk/src/pam/pam_support.c, - trunk/src/pam/pam_support.h: Move get_login() to pam_support.c - -2002-03-21 17:41 aet - - * trunk/configure.in, trunk/src/pam/Makefile.am, - trunk/src/pam/README, trunk/src/pam/pam_opensc.c, - trunk/src/scam/Makefile.am, trunk/src/scam/p15_eid.c, - trunk/src/scam/p15_ldap.c, trunk/src/scam/scam.c, - trunk/src/scam/scam.h, trunk/src/sia/Makefile.am, - trunk/src/sia/sia_opensc.c, trunk/src/sia/sia_support.c: - Cleanups for PAM and SIA build process - -2002-03-21 14:05 aet - - * trunk/Makefile.am, trunk/configure.in, - trunk/src/pam/Makefile.am, trunk/src/pam/pam_opensc.c, - trunk/src/pam/pam_support.c, trunk/src/scam/Makefile.am, - trunk/src/scam/p15_eid.c, trunk/src/scam/p15_ldap.c, - trunk/src/scam/scam.c, trunk/src/scldap/scldap.c, - trunk/src/scldap/test-ldap.c, trunk/src/scrandom/scrandom.c, - trunk/src/sia/Makefile.am: Merge configure.ac stuff from SCIDI, - needs some cleanups Add missing functions Replace - log_message{x}() calls with fprintf, for now Everything compiles - with vanilla opensc tree, yet untested. - -2002-03-21 13:11 aet - - * trunk/src/scconf/parse.c, trunk/src/scconf/write.c: Build fixes - -2002-03-21 11:56 aet - - * trunk/src/sia, trunk/src/sia/.cvsignore, - trunk/src/sia/Makefile.am, trunk/src/sia/sia_opensc.c, - trunk/src/sia/sia_support.c, trunk/src/sia/sia_support.h, - trunk/src/sia/test-sia.c: Add preliminary version of SIA module - for Tru64 Compiles, doesn't work yet. To be finished when - someone returns my development alpha. :) - -2002-03-21 11:35 aet - - * trunk/src/pam/pam_support.h: Oops, indent fixes - -2002-03-21 10:43 aet - - * trunk/src/Makefile.am, trunk/src/pam/Makefile.am, - trunk/src/scam/p15_eid.c, trunk/src/scam/p15_ldap.c, - trunk/src/scldap/Makefile.am, trunk/src/scldap/test-ldap.c, - trunk/src/scrandom/Makefile.am, - trunk/src/scrandom/test-random.c: Build fixes - -2002-03-21 09:36 okir - - * trunk/src/libopensc/card-emv.c, trunk/src/libopensc/card-flex.c, - trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/iso7816.c, trunk/src/openssh/opensc-ssh.c, - trunk/src/pkcs11/misc.c, trunk/src/pkcs11/pkcs11-global.c, - trunk/src/pkcs11/pkcs11-session.c, trunk/src/pkcs11/slot.c, - trunk/src/tests/pintest.c: - added some #include string.h - statements for RH 7.2 - -2002-03-20 23:21 aet - - * trunk/src/pam, trunk/src/pam/.cvsignore, - trunk/src/pam/Makefile.am, trunk/src/pam/README, - trunk/src/pam/misc_conv.c, trunk/src/pam/pam_opensc.c, - trunk/src/pam/pam_pkcs15.c, trunk/src/pam/pam_support.c, - trunk/src/pam/pam_support.h, trunk/src/scam, - trunk/src/scam/.cvsignore, trunk/src/scam/Makefile.am, - trunk/src/scam/p15_eid.c, trunk/src/scam/p15_ldap.c, - trunk/src/scam/scam.c, trunk/src/scam/scam.h, trunk/src/scconf, - trunk/src/scconf/.cvsignore, trunk/src/scconf/Makefile.am, - trunk/src/scconf/internal.h, trunk/src/scconf/lex-parse.l, - trunk/src/scconf/parse.c, trunk/src/scconf/scconf.c, - trunk/src/scconf/scconf.h, trunk/src/scconf/test-conf.c, - trunk/src/scconf/write.c, trunk/src/scldap, - trunk/src/scldap/.cvsignore, trunk/src/scldap/Makefile.am, - trunk/src/scldap/scldap.c, trunk/src/scldap/scldap.h, - trunk/src/scldap/test-ldap.c, trunk/src/scrandom, - trunk/src/scrandom/.cvsignore, trunk/src/scrandom/Makefile.am, - trunk/src/scrandom/scrandom.c, trunk/src/scrandom/scrandom.h, - trunk/src/scrandom/test-random.c: Start merging various sources - from project SCIDI - smart card identification infrastructure by - Helsinki University of Technology. Breaks current PAM build, - lot's of stuff from configure.ac missing, some references to - unknown sources and functions. Time to get some sleep, i'll - continue merging tomorrow. - -2002-03-20 19:37 jey - - * trunk/NEWS, trunk/configure.in: - Bumped up version number to - 0.6.1 - Wrote a NEWS entry - -2002-03-20 19:33 aet - - * trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/misc.c, - trunk/src/pkcs11/pkcs11-object.c, - trunk/src/pkcs11/pkcs11-session.c, trunk/src/pkcs11/secretkey.c: - #include cleanups to get rid of compiler warnings - -2002-03-20 19:31 jey - - * trunk/src/pkcs11/framework-pkcs15.c: - Added Olaf's ASN.1 - wrapping magic - -2002-03-20 17:17 jey - - * trunk/src/pkcs11/framework-pkcs15.c: - Fixed debug output in - pkcs15_create_slot() - -2002-03-20 15:04 okir - - * trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/pkcs11-session.c, trunk/src/pkcs11/sc-pkcs11.h: - - implemented C_ChangePIN - -2002-03-20 13:08 okir - - * trunk/src/pkcs11/framework-pkcs15.c: - implemented CKA_SUBJECT - * trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/pkcs15-cert.c, trunk/src/libopensc/pkcs15.h: - - now extracting issuer from certificate - -2002-03-19 10:04 jey - - * trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/pkcs15-cert.c, trunk/src/libopensc/pkcs15.c: - - Fixed a couple of memory leaks - Fixed a bug in decoding - EF(TokenInfo) - -2002-03-18 13:24 okir - - * trunk/src/tools/opensc-explorer.c: - make it compile with - readline versions that declare readline(char *); - -2002-03-18 12:49 okir - - * trunk/src/pkcs11/framework-pkcs15.c: - by default, the token is - marked write_protected - fixed debug output when creating a slot - with no PIN - * trunk/src/pkcs11/README: - do not enable the RSA flag n netscape - -2002-03-18 11:05 okir - - * trunk/src/pkcs11/README, trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/misc.c, trunk/src/pkcs11/pkcs11-object.c, - trunk/src/pkcs11/pkcs11-session.c, trunk/src/pkcs11/sc-pkcs11.h, - trunk/src/pkcs11/secretkey.c: - made email decryption work in - netscape - -2002-03-15 15:22 okir - - * trunk/src/pkcs11/Makefile.am, - trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/pkcs11-object.c, trunk/src/pkcs11/sc-pkcs11.h, - trunk/src/pkcs11/secretkey.c: - first stab at C_Unwrap - -2002-03-15 15:19 okir - - * trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/pkcs15-cert.c, trunk/src/libopensc/pkcs15.h: - - extract certificate issuer and store it in sc_pkcs15_cert - -2002-03-15 12:48 jey - - * trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15.h: - started adding support for DSA - private keys - -2002-03-15 12:37 okir - - * trunk/src/pkcs11/framework-pkcs15.c: - email signing now works - from navigator - -2002-03-15 11:41 okir - - * trunk/src/pkcs11/pkcs11-global.c: - set debug log file and - libopensc debug level via environment vars - -2002-03-15 10:40 jey - - * trunk/src/tools/opensc-explorer.c: *** empty log message *** - -2002-03-15 10:10 jey - - * trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/pkcs15-cert.c, trunk/src/libopensc/pkcs15.h: - - Added support for big serial numbers in certificates - -2002-03-15 10:05 okir - - * trunk/src/tools/pkcs15-tool.c: - now uses sc_pkcs15_free_pubkey - -2002-03-15 10:01 okir - - * trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/pkcs15-pubkey.c, - trunk/src/libopensc/pkcs15.h: - implemented sc_pkcs15_free_pubkey - -2002-03-15 09:43 okir - - * trunk/src/libopensc/cardctl.h: - removed - SC_CARDCTL_GET_PK_ALGORITHMS card_ctl - * trunk/src/libopensc/card-gpk.c: - implemented decipher() - operation - removed SC_CARDCTL_GET_PK_ALGORITHMS card_ctl - - minor signing fixes - -2002-03-15 09:42 okir - - * trunk/src/libopensc/iso7816.c, trunk/src/libopensc/sec.c: - - moved sc_decipher implementation to iso7816.c - -2002-03-15 09:01 okir - - * trunk/src/tools/pkcs15-tool.c: - fixed PEM public key header - -2002-03-14 17:02 okir - - * trunk/src/tools/pkcs15-crypt.c: - add option --md5 - -2002-03-14 16:57 okir - - * trunk/src/tools/pkcs15-tool.c: - list and extract public keys - -2002-03-14 11:50 aet - - * trunk/src/libopensc/pkcs15.c: Add missing static for - parse_tokeninfo(); - -2002-03-14 11:50 okir - - * trunk/src/libopensc/pkcs15.c: - fixed a typo that caused bad - auth_id's - -2002-03-13 23:11 aet - - * trunk/src/tools/pkcs15-cflex.c, trunk/src/tools/pkcs15-init.c: - Fix minor compiler warnings - -2002-03-13 20:25 okir - - * trunk/src/libopensc/card-gpk.c: - if the offset shift is 2 in - update binary et al, make sure the application provided offset - is a multiple of 4. - -2002-03-13 20:24 okir - - * trunk/src/libopensc/opensc.h: - make sure SC_APDU_CHOP_SIZE is a - multiple of 4 (otherwise, update binary et al of large files - will fail on the GPK) - -2002-03-13 20:23 okir - - * trunk/src/tools/pkcs15-init.c: - fixed certificate download - -2002-03-13 15:18 aet - - * trunk/docs, trunk/docs/.cvsignore: Add missing files - -2002-03-13 13:21 jey - - * trunk/configure.in: - added docs/Makefile to AC_OUTPUT - -2002-03-13 13:17 jey - - * trunk/Makefile.am: - removed README.Cryptoflex from EXTRA_DIST - -2002-03-13 13:09 okir - - * trunk/Makefile.am: - added docs subdirectory so that manpages - get installed - * trunk/docs/Makefile.am: - added Makefile.am for manpages - * trunk/docs/pkcs15-crypt.1, trunk/docs/pkcs15-init.1, - trunk/docs/pkcs15-profile.5, trunk/docs/pkcs15.7: - added a - bunch of manpages - -2002-03-13 12:42 aet - - * trunk/src/signer/dialog.c: - Ahem, decrease the version number a - bit - assuan_transact is now API compatible with the latest - version of Assuan (newpg/assuan) - -2002-03-13 11:36 jey - - * trunk/src/signer/opensc-crypto.c: - fixed a small core-dumping - bug - -2002-03-13 10:51 jey - - * trunk/README.Cryptoflex: - Preparation for release 0.6.0 - - Removed obsolete README.Cryptoflex - -2002-03-13 10:48 jey - - * trunk/NEWS, trunk/src/openssh/README, - trunk/src/openssh/openssh-3.0.2p1-patch.diff, - trunk/src/tools/miocos.profile, trunk/src/tools/pkcs15-cflex.c, - trunk/src/tools/pkcs15-miocos.c: *** empty log message *** - -2002-03-13 10:34 jey - - * trunk/src/pkcs11/framework-pkcs15.c: - some autodetection magic - in pkcs15_prkey_sign() - -2002-03-13 09:51 jey - - * trunk/src/pkcs11/framework-pkcs15.c: - reverted a change in - pkcs15_prkey_sign - -2002-03-13 08:54 jey - - * trunk/src/signer/dialog.c, trunk/src/signer/opensc-crypto.c: - - Fixed signature generation - Assuan API is now compatible with - newer versions - -2002-03-12 16:27 okir - - * trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-init.h: - - added pkcs12 support - * trunk/src/tools/pkcs15.profile: - Make the default size for DF - files 128 bytes (FIXME: we need to be able to set this on a per - card basis in $cardname.profile - -2002-03-12 14:36 okir - - * trunk/src/pkcs11/framework-pkcs15.c: - add support for PuKDF - objects. - lock the card in C_Login, and unlock it in C_Logout. - * trunk/src/pkcs11/sc-pkcs11.h: - keep track of number of sessions - -2002-03-12 14:35 okir - - * trunk/src/pkcs11/pkcs11-session.c: - keep track of the number of - sessions per slot, and do a C_Logout when the last session is - closed. - -2002-03-12 13:41 okir - - * trunk/src/tools/Makefile.am: - Make sure profiles get installed - in $(pkgdatadir), and propagate this directory name to profile.c - (icky automake stuff) - -2002-03-12 13:00 jey - - * trunk/configure.in, trunk/src/libopensc/card-flex.c, - trunk/src/libopensc/card-miocos.c, trunk/src/libopensc/dir.c, - trunk/src/libopensc/iso7816.c, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/sc.c, trunk/src/tools/flex.profile, - trunk/src/tools/pkcs15-cflex.c, trunk/src/tools/pkcs15-init.c, - trunk/src/tools/profile.c, trunk/src/tools/profile.h: - Fixed - PKCS #15 structure generation on Cryptoflex cards and - implemented a default profile - Cryptoflex now reports its - supported PK algorithms correctly - Various pkcs15-init fixes - -2002-03-12 10:08 okir - - * trunk/src/tools/gpk.profile, trunk/src/tools/pkcs15-gpk.c, - trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-init.h, - trunk/src/tools/pkcs15.profile, trunk/src/tools/profile.c, - trunk/src/tools/profile.h: - Implemented download of public keys - and X509 certificates - -2002-03-11 14:13 okir - - * trunk/src/tools/pkcs15-init.c: - now creating EF(DIR) - -2002-03-11 14:12 okir - - * trunk/src/libopensc/opensc.h: - exporting sc_update_dir to - applications - -2002-03-11 12:41 okir - - * trunk/src/libopensc/card-gpk.c: - we cache just the DF portion - of the currently selected file path, excluding the EF's FID - - when sending the hash to the card (as part of - compute_signature), revert the sequence of hashed bytes - -2002-03-11 11:52 okir - - * trunk/src/tools/pkcs15-init.c: - When storing a private key, - always store the public portion as well - -2002-03-11 11:40 jey - - * trunk/src/libopensc/log.c: *** empty log message *** - -2002-03-11 10:18 okir - - * trunk/src/tools/profile.c: - forgot to add DFs to the profile's - file list - -2002-03-11 09:14 okir - - * trunk/src/tools/gpk.profile, trunk/src/tools/pkcs15-init.c, - trunk/src/tools/pkcs15.profile, trunk/src/tools/profile.c, - trunk/src/tools/profile.h: - Implemented Parent/FileID stuff - according to Juha's proposal - -2002-03-10 11:48 jey - - * trunk/src/libopensc/card-gpk.c, - trunk/src/libopensc/card-miocos.c, - trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/internal.h, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/sc-internal.h: - GPK now reports it's PK - abilities correctly - -2002-03-09 17:54 aet - - * trunk/src/libopensc/card-miocos.c, - trunk/src/libopensc/card-setcos.c, - trunk/src/libopensc/pkcs15-sec.c, - trunk/src/tools/pkcs15-cflex.c, trunk/src/tools/pkcs15-init.c, - trunk/src/tools/profile.c: Include stdlib.h where needed Warning - fixes for various OS's mcheck.h is not portable, so remove it - -2002-03-09 17:27 aet - - * trunk/src/tools/flex.profile, trunk/src/tools/gpk.profile, - trunk/src/tools/miocos.profile: Standardize the first header - comment a bit between various profiles - -2002-03-09 17:21 aet - - * trunk/src/tools/Makefile.am: Add flex.profile to EXTRA_DIST - Rename miocos-rw.profile to miocos.profile - -2002-03-09 15:11 jey - - * trunk/src/libopensc/card-flex.c, - trunk/src/libopensc/card-miocos.c, trunk/src/libopensc/opensc.h, - trunk/src/tools/Makefile.am, trunk/src/tools/cryptoflex-tool.c, - trunk/src/tools/flex.profile, trunk/src/tools/miocos-rw.profile, - trunk/src/tools/miocos.profile, - trunk/src/tools/opensc-explorer.c, - trunk/src/tools/pkcs15-cflex.c, trunk/src/tools/pkcs15-init.c, - trunk/src/tools/pkcs15-init.h, trunk/src/tools/profile.c: - - Improved support for MioCOS cards - Removed PKCS #15 creation - from cryptoflex-tool - Added PIN pad character option to - profile.c - -2002-03-08 19:47 okir - - * trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-pubkey.c, - trunk/src/libopensc/pkcs15.h: - added sc_pkcs15_read_pubkey to - retrieve public key from a public key file - -2002-03-08 19:46 okir - - * trunk/src/libopensc/card-gpk.c: - specify sc_algorithm_info - -2002-03-08 16:06 aet - - * trunk/Makefile.am, trunk/src/tools/Makefile.am, - trunk/src/tools/profile.h, trunk/src/tools/util.h: 'make dist' - fixes Minor cleanups - -2002-03-08 15:18 aet - - * trunk/src/signer/opensc-crypto.c: SC_PKCS15_HASH_SHA1 -> - SC_ALGORITHM_RSA_HASH_SHA1 - -2002-03-08 14:47 aet - - * trunk/src/openssh/opensc-ssh.c: Fixed opensc-ssh to work with - recent p15 API changes - -2002-03-08 05:59 jey - - * trunk/src/libopensc/asn1.c, trunk/src/libopensc/asn1.h, - trunk/src/libopensc/card-gpk.c, - trunk/src/libopensc/card-miocos.c, - trunk/src/libopensc/card-setcos.c, - trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/internal.h, - trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-sec.c, - trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/sc-asn1.h, - trunk/src/libopensc/sc-internal.h, trunk/src/pam/pam_pkcs15.c, - trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/tools/pkcs15-crypt.c: - Added X.509 algorithm id - decoding and encoding to asn1.c - Implemented a generic ATR - matching helper function - Made signing much smarter (should - even work now) - Added info about supported crypto algorithms to - struct sc_card - -2002-03-07 13:06 okir - - * trunk/src/tools/pkcs15-init.c, trunk/src/tools/profile.c: - - fixed attributes etc of PuKDF entry - -2002-03-07 13:03 okir - - * trunk/src/tests/p15dump.c: - moved object printing stuff to - separate file - dump public key info if present - * trunk/src/tests/Makefile.am, trunk/src/tests/print.c, - trunk/src/tests/sc-test.h: - moved object printing stuff to - separate file - -2002-03-07 13:02 okir - - * trunk/src/tests/pintest.c: - fixed pintest to work with p15 API - changes - -2002-03-07 12:33 okir - - * trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h: - - sc_pkcs15_parse_df now understands PuKDFs - -2002-03-07 12:26 okir - - * trunk/src/tools/pkcs15-init.c: - fixed error code handling - -2002-03-07 12:25 okir - - * trunk/src/tools/pkcs15-gpk.c: - fixed memory corruption problem - -2002-03-07 11:57 fabled - - * trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/pkcs11-session.c: - Patch from Olaf Kirch to - implement of RSA exponent and modulus retrievel in pkcs11 code - - Fixed the checking of PIN length in pkcs11 login - -2002-03-06 17:49 okir - - * trunk/src/tools/gpk-rw.profile, trunk/src/tools/gpk.profile, - trunk/src/tools/pkcs15-gpk.c, trunk/src/tools/pkcs15-init.c, - trunk/src/tools/pkcs15-init.h, trunk/src/tools/pkcs15-miocos.c, - trunk/src/tools/pkcs15.profile, trunk/src/tools/profile.c, - trunk/src/tools/profile.h: - Rewrote large parts of pkcs15-init - for greater flexibility, and with an eye towards separating some - of the stuff into a library that can be used by pkcs11. - -2002-03-06 13:22 okir - - * trunk/src/libopensc/card.c: - in sc_select_file, remember the - file path in the returned struct sc_file - -2002-03-06 13:21 okir - - * trunk/src/libopensc/pkcs15.c: - another buffer overflow - -2002-03-06 12:33 okir - - * trunk/src/libopensc/card-gpk.c: - Added - {read,write,update}_binary handlers that shift the offset - -2002-03-06 12:32 okir - - * trunk/src/libopensc/pkcs15.c: - SECURITY: Fixed buffer overflow - -2002-03-05 16:52 jey - - * trunk/src/signer/dialog.c, trunk/src/signer/opensc-crypto.c, - trunk/src/signer/opensc-support.c: - now works with the new API - -2002-03-05 13:26 okir - - * trunk/configure.in: - make sure HAVE_OPENSSL is defined even - when reading openssldir from config.cache - -2002-03-05 13:16 okir - - * trunk/configure.in: - make sure HAVE_LIBPCSCLITE is defined when - using --with-pcsclite - -2002-03-05 09:30 okir - - * trunk/src/libopensc/pkcs15-pubkey.c: - small typo - -2002-03-04 10:33 okir - - * trunk/src/tools/gpk-rw.profile, trunk/src/tools/pkcs15-init.c, - trunk/src/tools/profile.c, trunk/src/tools/profile.h: - started - to work on PuKDF stuff - -2002-03-04 09:33 okir - - * trunk/src/tools/profile.h: - Added support for Juha's latest API - changes - -2002-03-04 09:32 okir - - * trunk/src/tools/profile.c: - Fixes for Juha's rewrite of - sc_pkcs15_object and friends - changes some names - allow - profile to set private key access flags - -2002-03-04 09:31 okir - - * trunk/src/tools/gpk-rw.profile: - Added default access_flags for - private key objects - -2002-03-04 08:35 okir - - * trunk/src/tests/p15dump.c: - adapted to juha's latest changes - -2002-03-04 06:58 fabled - - * trunk/src/pkcs11/pkcs11-object.c, trunk/src/pkcs11/sc-pkcs11.h: - - Fixed buffer overflow in C_FindObjectsInit (patch from Olaf - Kirch ) - -2002-03-03 17:36 fabled - - * trunk/src/pkcs11/framework-pkcs15.c: - Fixed PKCS #11 module to - use the new PKCS #15 API - -2002-03-03 00:32 jey - - * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/asn1.c, - trunk/src/libopensc/asn1.h, trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15-pubkey.c, - trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h, - trunk/src/libopensc/sc-asn1.h, trunk/src/libopensc/sc.c, - trunk/src/tools/Makefile.am, trunk/src/tools/cryptoflex-tool.c, - trunk/src/tools/pkcs15-crypt.c, trunk/src/tools/pkcs15-tool.c: - - Reworked PKCS #15 structure a bit (MANY THINGS WILL BREAK) - - Added support for public key DFs (not tested yet) - -2002-03-02 14:03 okir - - * trunk/src/tools/pkcs15-init.c: - if required, read pin from - stdin (fixed key download) - -2002-03-01 11:52 jey - - * trunk/src/libopensc/asn1.c, trunk/src/libopensc/card-miocos.c, - trunk/src/libopensc/card-setcos.c, - trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/internal.h, - trunk/src/libopensc/opensc.h, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/sc-internal.h, - trunk/src/tools/opensc-tool.c: - intermediary checkin - -2002-02-27 22:15 okir - - * trunk/src/libopensc/card-gpk.c: - Implemented GET_PK_ALGORITHMS - card_ctl - * trunk/src/libopensc/cardctl.h: - Fixed typo on _CTL_PREFIX - - Added SC_CARDCTL_GET_PK_ALGORITHMS - -2002-02-26 21:15 okir - - * trunk/configure.in: - some platforms need -ltermcap to go with - -lreadline - -2002-02-26 21:11 okir - - * trunk/src/tools/opensc-explorer.c: - we may have readline.h but - may still not be able to link the lib - -2002-02-26 16:34 okir - - * trunk/src/libopensc/card-gpk.c: - implemented change/unblock pin - -2002-02-26 11:27 jey - - * trunk/docs, trunk/docs/.cvsignore, - trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/card-setcos.c, - trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/sc.c, trunk/src/tools/miocos-rw.profile, - trunk/src/tools/pkcs15-miocos.c: - added some missing files - - renamed card-setec.c to card-setcos.c - -2002-02-26 11:23 jey - - * trunk/AUTHORS, trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/card-default.c, - trunk/src/libopensc/card-miocos.c, - trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/dir.c, - trunk/src/libopensc/iso7816.c, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/sc.c, trunk/src/tools/Makefile.am, - trunk/src/tools/opensc-explorer.c, - trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-init.h: - - added a driver for MioCOS cards by Miotec - implemented EF(DIR) - updating - -2002-02-25 22:42 okir - - * trunk/src/libopensc/card-gpk.c: - fixed sc_card_driver - initalization - -2002-02-25 18:58 okir - - * trunk/TODO: - test commit - -2002-02-25 18:50 okir - - * trunk/src/tools/pkcs15-gpk.c, trunk/src/tools/pkcs15-init.c, - trunk/src/tools/profile.c, trunk/src/tools/profile.h: - cleanup - and misc minor fixes - -2002-02-25 18:48 okir - - * trunk/src/libopensc/card-gpk.c: - first stab at signatures - -2002-02-25 18:47 okir - - * trunk/src/libopensc/pkcs15-sec.c: - avoid integer underflow for - outlen < 11 - -2002-02-25 18:43 aet - - * trunk/configure.in, trunk/src/tools/opensc-explorer.c: Minor - fixes to libreadline checking - -2002-02-25 16:30 aet - - * trunk/configure.in, trunk/src/tools/Makefile.am, - trunk/src/tools/cryptoflex-tool.c, - trunk/src/tools/opensc-explorer.c, - trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-crypt.c, - trunk/src/tools/pkcs15-gpk.c, trunk/src/tools/pkcs15-init.c, - trunk/src/tools/pkcs15-tool.c, trunk/src/tools/profile.c, - trunk/src/tools/util.c: Added support for checking libreadline - and use it for opensc-explorer if one is found. - -2002-02-25 15:40 aet - - * trunk/configure.in: Minor fix for HAVE_PCSCLITE conditional - -2002-02-25 14:13 jey - - * trunk/src/libopensc/asn1.c: - small bug fixed in - encode_bit_string; patch by Olaf Kirch - -2002-02-25 13:51 aet - - * trunk/src/tools/pkcs15-init.c: Add missing help text for - --passphrase - -2002-02-25 12:37 aet - - * trunk/src/tests/filetest.c, trunk/src/tests/hst-test.c: Obsolete - -2002-02-25 12:04 aet - - * trunk/src/openssh/opensc-ssh.c, trunk/src/pam/pam_pkcs15.c, - trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/slot.c, - trunk/src/signer/opensc-crypto.c, - trunk/src/signer/opensc-support.c, trunk/src/signer/signer.h, - trunk/src/tests/hst-test.c, trunk/src/tests/lottery.c, - trunk/src/tests/p15dump.c, trunk/src/tests/pintest.c, - trunk/src/tests/prngtest.c, trunk/src/tests/sc-test.c: Upgrade - to current OpenSC API Compiles, so far untested - -2002-02-25 11:50 aet - - * trunk/src/tools, trunk/src/tools/.cvsignore: Add pkcs15-init - -2002-02-25 11:13 aet - - * trunk/src/libopensc/Makefile.am, trunk/src/tools/Makefile.am: - HAVE_SSL cleanups - -2002-02-25 11:06 aet - - * trunk/src/signer/Makefile.am: Get rid of PC/SC specific flags - (thank god) - -2002-02-25 11:05 aet - - * trunk/configure.in, trunk/src/libopensc/Makefile.am, - trunk/src/openssh/Makefile.am, trunk/src/pam/Makefile.am, - trunk/src/pkcs11/Makefile.am, trunk/src/pkcs11/sc-pkcs11.h, - trunk/src/tests/Makefile.am, trunk/src/tools/Makefile.am: - winscard.h / CFLAGS_PCSC cleanups Merge OpenSSL configure - changes with SCIDI Build process changes for future CT-API - support - -2002-02-24 21:14 aet - - * trunk/src/libopensc/reader-pcsc.c: Fix segfault for pcsc_finish - -2002-02-24 20:16 aet - - * trunk/src/libopensc/reader-pcsc.c: Add missing SC_STATUS_TIMEOUT - that was removed from sc-internal.h - -2002-02-24 19:32 jey - - * trunk/CodingStyle, trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/card-default.c, - trunk/src/libopensc/card-emv.c, trunk/src/libopensc/card-flex.c, - trunk/src/libopensc/card-gpk.c, - trunk/src/libopensc/card-setcos.c, - trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/internal.h, trunk/src/libopensc/iso7816.c, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/reader-pcsc.c, - trunk/src/libopensc/sc-internal.h, trunk/src/libopensc/sc.c, - trunk/src/libopensc/sec.c, trunk/src/tools/cryptoflex-tool.c, - trunk/src/tools/opensc-explorer.c, - trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-crypt.c, - trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-tool.c: - - implemented reader abstraction layer; now it's easier to add - support for e.g. CT-API - renamed ops_data field to drv_data in - struct sc_card - copied coding style document from Linux kernel - -2002-02-24 16:50 aet - - * trunk/src/libopensc/card-gpk.c, trunk/src/libopensc/pkcs15.c, - trunk/src/tools/pkcs15-gpk.c, trunk/src/tools/pkcs15-init.c, - trunk/src/tools/profile.c, trunk/src/tools/profile.h: Minor - changes to get rid of compiler warnings for various OS's - -2002-02-23 13:38 jey - - * trunk/src/libopensc/card-gpk.c, trunk/src/libopensc/cardctl.h, - trunk/src/tools/gpk-rw.profile, trunk/src/tools/pkcs15-gpk.c, - trunk/src/tools/pkcs15-init.c, trunk/src/tools/pkcs15-init.h, - trunk/src/tools/profile.c, trunk/src/tools/profile.h: - - implemented RSA and DSA key downloading to GPK cards - -2002-02-22 20:46 jey - - * trunk/src/tools/opensc-explorer.c: - a small fix - -2002-02-22 07:18 jey - - * trunk/src/libopensc/cardctl.h, trunk/src/tools/gpk-rw.profile, - trunk/src/tools/pkcs15-gpk.c, trunk/src/tools/pkcs15-init.c, - trunk/src/tools/pkcs15-init.h, trunk/src/tools/profile.c, - trunk/src/tools/profile.h: - added some missing files from last - commits, whoops - -2002-02-21 19:23 jey - - * trunk/src/libopensc/card.c, trunk/src/libopensc/iso7816.c, - trunk/src/libopensc/opensc.h: - added sc_update_binary(), - sc_append_binary() and sc_write_binary() with their - corresponding ISO 7816-4 reference functions - -2002-02-21 18:53 jey - - * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/card-gpk.c, - trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/sc.c, - trunk/src/tools/Makefile.am, trunk/src/tools/opensc-explorer.c, - trunk/src/tools/util.c, trunk/src/tools/util.h: - added ATR for - RSA SecurID 3100 - exported pkcs15_encode_* functions - minor - modification to sc_file_add_acl_entry() - boosted up - opensc-explorer - added error(), warn() and fatal() - - implemented a generic PKCS #15 structure generation tool - -2002-02-20 18:42 aet - - * trunk/src/libopensc/sc.c: Fix memory leak for - sc_establish_context - -2002-02-20 09:56 jey - - * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/card-emv.c, - trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c, - trunk/src/libopensc/card-setcos.c, - trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/dir.c, trunk/src/libopensc/iso7816.c, - trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/sc.c, - trunk/src/tests/Makefile.am, trunk/src/tools/cryptoflex-tool.c, - trunk/src/tools/opensc-explorer.c, - trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-tool.c, - trunk/src/tools/util.c, trunk/src/tools/util.h: - all instances - struct sc_file should now be dynamically allocated with - sc_file_new() and released with sc_file_free() - improved ACL's - - moved struct sc_card_error to opensc.h - moved EF(DIR) parsing - and encoding to dir.c (encoding is not working yet) - removed - hst-test.c and filetest.c - -2002-02-17 21:55 aet - - * trunk/src/libopensc/sc.c: Bugfix for sc_destroy_context, - pcsc_ctx was never released - -2002-02-15 23:17 jey - - * trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card-gpk.c, - trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/internal.h, trunk/src/libopensc/iso7816.c, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc-internal.h, - trunk/src/libopensc/sc.c, trunk/src/libopensc/sec.c: - added - error reporting for several new SWs - added check_sw function to - sc_card_operations - -2002-02-11 15:55 jey - - * trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/card-default.c, - trunk/src/libopensc/card-setcos.c, - trunk/src/libopensc/card-tcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/iso7816.c, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/sc.c, trunk/src/tools/opensc-explorer.c, - trunk/src/tools/opensc-tool.c: - added partial support for TCOS - 2.0 cards - default card driver now tries to do a GET RESPONSE - instead of SELECT FILE to detect the correct CLA byte - moved - security attribute parsing from iso7816.c to card-setec.c - - added some more sanity checking to sc_check_apdu - added 'debug' - command line option to opensc-explorer - -2002-02-11 11:01 aet - - * trunk/src/libopensc/card-gpk.c: AIX cc fixes - -2002-02-11 10:49 aet - - * trunk/src/libopensc/card-gpk.c: Portability fixes - -2002-02-10 18:09 jey - - * trunk/src/libopensc/card-gpk.c: - added a license notice to - card-gpk.c - -2002-02-10 18:04 jey - - * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/card-gpk.c, - trunk/src/libopensc/iso7816.c, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/pkcs15-pin.c, trunk/src/libopensc/sc.c, - trunk/src/libopensc/sec.c, trunk/src/tools/Makefile.am, - trunk/src/tools/opensc-explorer.c: - added partial support for - GPK 4000 - made line parsing in opensc-explorer saner - moved - change_reference_data and reset_retry_counter to iso7816.c, - where they belong - added partial libreadline support to - opensc-explorer - -2002-02-07 13:10 aet - - * trunk/configure.in: small #define HAVE_OPENSSL fixes - -2002-02-06 12:32 aet - - * trunk/src/pkcs11/Makefile.am: Add install-exec-local and remove - opensc-pkcs11.{la,a}, like we do with opensc-signer - -2002-02-06 10:36 aet - - * trunk/aclocal/acx_pthread.m4: Tru64: Fix for - PTHREAD_CREATE_JOINABLE $ok - -2002-01-29 14:38 aet - - * trunk/src/signer/Makefile.am: Add install-exec-local and remove - opensc-signer.{la,a}, any better way to do this? - -2002-01-28 21:04 jey - - * trunk/src/libopensc/card.c, trunk/src/libopensc/opensc.h: - - added support for T=1 protocol - -2002-01-28 19:29 fabled - - * trunk/src/pkcs11/opensc_pkcs11_install.js: Testing version. Use - if you dare. - -2002-01-28 12:16 aet - - * trunk/README: Change OpenSC web site url to - http://www.opensc.org/ - -2002-01-26 21:16 aet - - * trunk/src/libopensc, trunk/src/libopensc/.cvsignore: Add - opensc-config - -2002-01-26 16:03 jey - - * trunk/configure.in, trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/card-flex.c, - trunk/src/libopensc/opensc-config.in: - added opensc-config - script - added ATR string for Cryptoflex 8k - -2002-01-26 12:16 aet - - * trunk/src/libopensc/pkcs15-cache.c, - trunk/src/pkcs11/framework-pkcs15.c: Fix compiler warnings - -2002-01-24 18:37 jey - - * trunk/Makefile.am, trunk/NEWS, trunk/README.Cryptoflex, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15.c, trunk/src/tests/sc-test.c, - trunk/src/tools/cryptoflex-tool.c: - last minute changes before - the new release - -2002-01-24 16:27 fabled - - * trunk/src/pkcs11/Makefile.am, - trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/pkcs11-object.c, - trunk/src/pkcs11/pkcs11-session.c, trunk/src/pkcs11/slot.c: - - many bug fixes in pkcs #11 module - pkcs #11 module now creates - public key objects too - -2002-01-24 16:24 jey - - * trunk/README.Cryptoflex, trunk/configure.in, - trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/pkcs15-pin.c, trunk/src/libopensc/pkcs15.h: - - added README.Cryptoflex - modified ChangeLog - _really_ bumped - up the version number this time - -2002-01-24 16:02 jey - - * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/iso7816.c, - trunk/src/libopensc/log.c, trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/opensc.h, - trunk/src/libopensc/pkcs15-cache.c, - trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h, - trunk/src/libopensc/sc.c, trunk/src/pam/pam_pkcs15.c, - trunk/src/pkcs11/pkcs11-global.c, - trunk/src/tools/cryptoflex-tool.c, - trunk/src/tools/opensc-explorer.c, - trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-crypt.c, - trunk/src/tools/pkcs15-tool.c, trunk/src/tools/util.c, - trunk/src/tools/util.h: - bumped up version number in - preparation of the new release - unified PKCS #15 DF decoding - - added PKCS #15 file caching - -2002-01-24 12:56 aet - - * trunk/src/pkcs11/README, trunk/src/pkcs11/pkcs11-global.c: - Silence debug messages by default for upcoming release README - update - -2002-01-22 17:41 aet - - * trunk/aclocal/acx_pthread.m4: Fix pthread.h checking for recent - releases of Tru64 - -2002-01-22 16:43 jey - - * trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/pkcs11-global.c: - fixed a few typos - -2002-01-22 16:26 aet - - * trunk/src/libopensc/card-flex.c, - trunk/src/tools/cryptoflex-tool.c: Fix compiler warnings, for - digital cc this time - -2002-01-22 14:54 fabled - - * trunk/src/pkcs11/misc.c: * many bugfixes in pkcs11 module * - memory corruption fix in pkcs15 framework * pool node deletion - fixed in misc.c * now detects smartcards in C_GetSlotInfo too - -2002-01-22 14:44 fabled - - * trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/slot.c: Many - bugfixes including segfault in card detection and C_GetSlotInfo - now detects the cards too. - -2002-01-21 15:37 jey - - * trunk/src/tools/cryptoflex-tool.c: - changed PIN1 path in PKCS - #15 structure - -2002-01-21 15:11 jey - - * trunk/src/libopensc/card-flex.c: - added KEY verification to - Cryptoflex driver - -2002-01-21 12:49 jey - - * trunk/src/libopensc/card-flex.c, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/sc.c, - trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/tools/cryptoflex-tool.c: - added PKCS #15 structure - generation to cryptoflex-tool - -2002-01-21 11:22 aet - - * trunk/src/signer, trunk/src/signer/.cvsignore: Add *.u - -2002-01-21 10:56 aet - - * trunk/src/libopensc/log.h, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/sc-log.h, trunk/src/tools/cryptoflex-tool.c, - trunk/src/tools/opensc-explorer.c: Compiler warning fixups for - various compilers - * trunk/src/libopensc, trunk/src/libopensc/.cvsignore, - trunk/src/tools, trunk/src/tools/.cvsignore: Add *.u and - cryptoflex-tool to .cvsignore - -2002-01-21 09:05 jey - - * trunk/src/libopensc/card-flex.c, trunk/src/libopensc/card.c, - trunk/src/pkcs11/framework-pkcs15.c, - trunk/src/pkcs11/pkcs11-global.c, - trunk/src/tools/pkcs15-crypt.c: - improved file selection on - Cryptoflex cards - fixed an incompatability in PKCS #11 module - -2002-01-20 21:20 jey - - * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/asn1.c, - trunk/src/libopensc/card-flex.c, - trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/defaults.c, trunk/src/libopensc/iso7816.c, - trunk/src/libopensc/log.h, trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/opensc.h, - trunk/src/libopensc/pkcs15-defaults.c, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/sc-log.h, - trunk/src/libopensc/sc.c, trunk/src/libopensc/sec.c, - trunk/src/pam/pam_pkcs15.c, trunk/src/tools/Makefile.am, - trunk/src/tools/cryptoflex-tool.c, - trunk/src/tools/opensc-explorer.c, - trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-crypt.c, - trunk/src/tools/pkcs15-tool.c: - fixed a bug with file - permissions in flex_create_file() - added RSA signature - generation with Cryptoflex cards - improved security environment - handling - implemented cryptoflex-tool - -2002-01-20 18:24 aet - - * trunk/src/openssh/README, trunk/src/pam/README, - trunk/src/tests/hst-test.c: README updates after not so recent - filename changes sc-log.h cleanup for hst-test - -2002-01-17 23:47 jey - - * trunk/src/libopensc/asn1.c, trunk/src/libopensc/card-flex.c, - trunk/src/libopensc/log.c, trunk/src/libopensc/log.h, - trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h, - trunk/src/libopensc/sc-log.h, trunk/src/tools/pkcs15-crypt.c: - - PKCS #15 generation is now in a semi-working state - started - coding crypto support for Cryptoflexes - -2002-01-17 12:05 aet - - * trunk/src/pkcs11/README, trunk/src/pkcs11/misc.c, - trunk/src/pkcs11/pkcs11-global.c, trunk/src/pkcs11/sc-pkcs11.h: - README cleanups Fix compiler warnings - -2002-01-17 12:04 aet - - * trunk/src/pkcs11/Makefile.am, trunk/src/tools/Makefile.am: - Remove gcc-specific options - * trunk/src/libopensc/log.c, trunk/src/libopensc/log.h, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc-log.h: int - error -> int sc_error, since it conflicts with error() and - results to compiler error with various compilers. - -2002-01-17 11:50 jey - - * trunk/src/tools/opensc-explorer.c: - small bugfix - -2002-01-17 11:44 jey - - * trunk/src/libopensc/card-flex.c, - trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/iso7816.c, trunk/src/libopensc/log.c, - trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h, - trunk/src/libopensc/sec.c: - improved PKCS #15 generation - -2002-01-17 09:37 aet - - * trunk/src/pkcs11/rsaref, trunk/src/pkcs11/rsaref/.cvsignore: Add - missing .cvsignore - -2002-01-17 00:25 jey - - * trunk/src/tools/Makefile.am: - fixed a goof in last commit - -2002-01-16 23:59 jey - - * trunk/THANKS, trunk/src/libopensc/asn1.c, - trunk/src/libopensc/asn1.h, trunk/src/libopensc/iso7816.c, - trunk/src/libopensc/log.c, trunk/src/libopensc/log.h, - trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/sc-asn1.h, - trunk/src/libopensc/sc-log.h, trunk/src/libopensc/sc.c, - trunk/src/libopensc/sec.c, trunk/src/tools/Makefile.am, - trunk/src/tools/opensc-explorer.c, - trunk/src/tools/pkcs15-crypt.c: - continued to improve PKCS #15 - generation - fixed a few problems in sc_set_security_env - - started to implement Better (tm) object handling for PKCS #15 - objects - -2002-01-16 22:52 fabled - - * trunk/configure.in: Changed pkcs11 header directory to rsaref. - -2002-01-16 22:50 fabled - - * trunk/src/pkcs11/rsaref, trunk/src/pkcs11/rsaref/Makefile.am, - trunk/src/pkcs11/rsaref/pkcs11.h, - trunk/src/pkcs11/rsaref/pkcs11f.h, - trunk/src/pkcs11/rsaref/pkcs11t.h, - trunk/src/pkcs11/rsaref/unix.h: RSA header files. - -2002-01-16 22:49 fabled - - * trunk/src/pkcs11/Makefile.am, trunk/src/pkcs11/README, - trunk/src/pkcs11/framework-pkcs15.c, trunk/src/pkcs11/misc.c, - trunk/src/pkcs11/pkcs11-global.c, - trunk/src/pkcs11/pkcs11-object.c, - trunk/src/pkcs11/pkcs11-session.c, trunk/src/pkcs11/sc-pkcs11.h, - trunk/src/pkcs11/slot.c: Rewritten implementation of pkcs#11 - module. Semiworking. - -2002-01-16 22:43 fabled - - * trunk/src/pkcs11/Makefile.am, trunk/src/pkcs11/README, - trunk/src/pkcs11/digestsign.c, trunk/src/pkcs11/endecrypt.c, - trunk/src/pkcs11/function_table.c, trunk/src/pkcs11/generic.c, - trunk/src/pkcs11/misc.c, trunk/src/pkcs11/object.c, - trunk/src/pkcs11/sc-pkcs11.h, trunk/src/pkcs11/session.c, - trunk/src/pkcs11/slot.c, trunk/src/pkcs11/verify.c: Preparing to - commit new implementation of pkcs#11 module. - -2002-01-16 20:20 jey - - * trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/sec.c: - - better ISO 7816-8 compatibility with various cards - -2002-01-15 18:54 aet - - * trunk/src/libopensc/pkcs15.c, trunk/src/tools/opensc-explorer.c: - Fix compiler warnings - -2002-01-13 23:56 jey - - * trunk/src/libopensc/asn1.c, trunk/src/libopensc/card-flex.c, - trunk/src/libopensc/card.c, trunk/src/libopensc/internal.h, - trunk/src/libopensc/iso7816.c, - trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h, - trunk/src/libopensc/sc-internal.h, - trunk/src/tools/opensc-explorer.c, trunk/src/tools/util.c: - - pretty much finished the DER encoder - added delete and create - file support for 'flex cards - PKCS #15 DF's are now stored more - flexibly; this makes adding new types of DF's (such as PuKDF's) - easier - added 'get' and 'put' commands to opensc-explorer - -2002-01-10 23:14 jey - - * trunk/docs, trunk/docs/doxygen.conf: - added doxygen.conf - -2002-01-10 23:02 jey - - * trunk/src/libopensc/card-emv.c, - trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/iso7816.c, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/pkcs15-pin.c, trunk/src/libopensc/sec.c, - trunk/src/tools/opensc-explorer.c: - added PIN verification, - file creation and file deletion to opensc-explorer - documented - the core API a bit using doxygen - -2002-01-10 13:49 aet - - * trunk/src/libopensc/iso7816.c, - trunk/src/libopensc/pkcs15-cert.c, trunk/src/tests/hst-test.c, - trunk/src/tools/opensc-explorer.c: Fix compiler warnings - -2002-01-10 12:33 jey - - * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/asn1.c, - trunk/src/libopensc/asn1.h, trunk/src/libopensc/card-default.c, - trunk/src/libopensc/card-flex.c, - trunk/src/libopensc/card-multiflex.c, - trunk/src/libopensc/card.c, trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/sc-asn1.h, - trunk/src/libopensc/sc.c, trunk/src/libopensc/sec.c, - trunk/src/pam/pam_pkcs15.c, trunk/src/tools/opensc-explorer.c, - trunk/src/tools/opensc-tool.c: - added preliminary ASN.1 - encoding support - modified ASN.1 decoding to make it easier to - port decoder structures to the encoder - fixed a recently - introduced bug in card driver handling - opensc-explorer will - now allow only DF's to be cd'd into - -2002-01-09 22:15 aet - - * trunk/configure.in: Oops, fixed --with-pcsclite multiple - directory probing to actually work. - -2002-01-09 18:28 aet - - * trunk/src/pkcs11/README: libsc -> opensc - -2002-01-09 13:50 aet - - * trunk/src/tools, trunk/src/tools/.cvsignore: Add opensc-explorer - -2002-01-09 01:03 jey - - * trunk/src/libopensc/card-multiflex.c, - trunk/src/libopensc/card.c, trunk/src/libopensc/iso7816.c, - trunk/src/libopensc/log.c, trunk/src/libopensc/opensc.h, - trunk/src/tools/Makefile.am, trunk/src/tools/opensc-explorer.c, - trunk/src/tools/opensc-tool.c, trunk/src/tools/util.c, - trunk/src/tools/util.h: - created opensc-explorer tool - - increased support for CryptoFlex cards - -2002-01-08 20:03 aet - - * trunk/src/tests, trunk/src/tests/.cvsignore, trunk/src/tools, - trunk/src/tools/.cvsignore: Add missing executables to .cvsignore - -2002-01-08 13:56 jey - - * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/asn1.c, - trunk/src/libopensc/base64.c, - trunk/src/libopensc/card-default.c, - trunk/src/libopensc/card-emv.c, - trunk/src/libopensc/card-multiflex.c, - trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/defaults.c, trunk/src/libopensc/emv.c, - trunk/src/libopensc/emv.h, trunk/src/libopensc/iso7816.c, - trunk/src/libopensc/log.c, trunk/src/libopensc/log.h, - trunk/src/libopensc/opensc-emv.h, - trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-defaults.c, - trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h, - trunk/src/libopensc/sc-log.h, trunk/src/libopensc/sc.c, - trunk/src/tests/Makefile.am, trunk/src/tests/filetest.c, - trunk/src/tests/hst-test.c, trunk/src/tests/sc-test.c, - trunk/src/tools/Makefile.am, trunk/src/tools/opensc-crypt.c, - trunk/src/tools/opensc-tool.c, trunk/src/tools/pkcs15-crypt.c, - trunk/src/tools/pkcs15-tool.c, trunk/src/tools/util.c, - trunk/src/tools/util.h: - added preliminary CryptoFlex 16k - support - added short names to card drivers - moved various ISO - 7816-9 functions to their correct places - added write binary - support - renamed opensc-crypt to pkcs15-crypt - split a part - opensc-tool to pkcs15-tool - -2002-01-07 18:32 jey - - * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/asn1.c, - trunk/src/libopensc/log.c, trunk/src/libopensc/opensc.h: - - finished removing sc- prefix from the .c files - -2002-01-07 18:23 jey - - * trunk/src/libopensc/asn1.c, trunk/src/libopensc/asn1.h, - trunk/src/libopensc/card.c, trunk/src/libopensc/log.c, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/sc-asn1.h, - trunk/src/libopensc/sc.c, trunk/src/tools/opensc-tool.c: - - renamed sc_asn1_parse to sc_asn1_decode - added capabilities and - flags fields to struct sc_card - added a mutex to sc_context for - future use - -2002-01-07 16:24 aet - - * trunk/configure.in: Oops, accidently removed all pc/sc related - stuff while merging changes to opensc-signer/configure.ac, fixed. - -2002-01-07 12:41 aet - - * trunk/src/signer/Makefile.am: Add npinclude to SUBDIRS - -2002-01-06 23:41 aet - - * trunk/src/common/getopt.c: Fix another compiler warning - -2002-01-06 22:17 aet - - * trunk/src/signer/opensc-crypto.c: #include fixup - -2002-01-06 21:26 aet - - * trunk/src/signer/dialog.c, trunk/src/signer/signer.c: Fix few - compiler warnings on Tru64 - -2002-01-06 20:35 aet - - * trunk/configure.in: Sync with opensc-signer's configure.ac - -2002-01-06 20:06 aet - - * trunk/configure.in: Add CFLAGS_PCSC, CFLAGS_OPENSC, LIBOPENSC - -2002-01-06 19:40 aet - - * trunk/src/signer/Makefile.am, trunk/src/signer/dialog.c, - trunk/src/signer/opensc-crypto.c, - trunk/src/signer/opensc-crypto.h, - trunk/src/signer/opensc-support.c, - trunk/src/signer/opensc-support.h, trunk/src/signer/signer.c, - trunk/src/signer/signer.h, trunk/src/signer/testprog.c: Add - CFLAGS_PCSC, CFLAGS_OPENSC, CFLAGS_ASSUAN, LIBOPENSC Add - PIN_ENTRY instead of hardcoding it to "/usr/local/bin/gpinentry" - * trunk/src/libopensc/Makefile.am, trunk/src/openssh/Makefile.am, - trunk/src/pam/Makefile.am, trunk/src/pkcs11/Makefile.am, - trunk/src/tests/Makefile.am, trunk/src/tools/Makefile.am: Add - CFLAGS_PCSC, CFLAGS_OPENSC and LIBOPENSC, use them instead of - hardcoding paths into ../libopensc.la, -I../libopensc, etc. - -2002-01-05 22:24 aet - - * trunk/src/signer/npinclude/Makefile.am: Syncing with OpenSC's - source tree - -2002-01-05 21:46 aet - - * trunk/src/signer, trunk/src/signer/.cvsignore, - trunk/src/signer/npinclude, - trunk/src/signer/npinclude/.cvsignore: Add .cvsignore - -2002-01-05 19:05 aet - - * trunk/src/libopensc/internal.h, - trunk/src/libopensc/sc-internal.h: Fix typo - -2002-01-05 19:01 aet - - * trunk/src/libopensc/card.c, trunk/src/libopensc/internal.h, - trunk/src/libopensc/sc-internal.h, trunk/src/libopensc/sc.c: - SCardGetStatusChange/rgReaderStates changes for compatibility - with older and/or modified pcsc-lite releases. - -2002-01-05 14:56 jey - - * trunk/src/pkcs11/generic.c: - added new versions of PKCS #11 - header files - fixed a typo in generic.c - -2002-01-05 14:47 jey - - * trunk/src/pkcs11/generic.c: - blank padding added to some string - values - changed a few hardcoded values - -2002-01-03 08:47 aet - - * trunk/src/common/getopt.c: Warning fixes - -2002-01-03 07:33 aet - - * trunk/src/tools/opensc-tool.c: AIX cc fix - -2002-01-03 07:32 aet - - * trunk/configure.in: Slight fixes for getopt_long hack, so it - will work for systems without getopt.h at all. - -2002-01-02 22:15 aet - - * trunk/configure.in, trunk/src/Makefile.am, trunk/src/common, - trunk/src/common/.cvsignore, trunk/src/common/Makefile.am, - trunk/src/common/getopt.c, trunk/src/common/getopt.h, - trunk/src/common/getopt1.c, trunk/src/openssh/Makefile.am, - trunk/src/tools/Makefile.am: Add getopt/getopt_long sources from - GNU C Library. Use them only if platform lacks support for - getopt_long, like most commercial operating systems do. - -2002-01-01 19:56 aet - - * trunk/src/libopensc/asn1.c, trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15.c: More size_t fixes - -2002-01-01 19:54 aet - - * trunk/src/libopensc/log.c: Use \33 instead of \e. - -2002-01-01 18:25 jey - - * trunk/src/libopensc/asn1.c, trunk/src/libopensc/asn1.h, - trunk/src/libopensc/card-multiflex.c, trunk/src/libopensc/log.c, - trunk/src/libopensc/sc-asn1.h: - changed \\e back to \e in - sc_log.c - changed function prototypes in sc-asn1.c (int --> - size_t) - -2002-01-01 17:25 jey - - * trunk/src/libopensc/card-multiflex.c, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/sc.c, trunk/src/pkcs11/generic.c, - trunk/src/pkcs11/slot.c: - some fixes to the PKCS #11 module - -2001-12-31 14:47 aet - - * trunk/src/pkcs11/Makefile.am: Use -avoid-version, as we do with - pam module. - -2001-12-31 14:39 aet - - * trunk/src/pam/Makefile.am: Remove unneeded install-exec-local - -2001-12-31 13:30 jey - - * trunk/src/pkcs11/slot.c: - a small bugfix - -2001-12-30 21:30 aet - - * trunk/src/tools/opensc-crypt.c, trunk/src/tools/opensc-tool.c: - sc- -> opensc- - -2001-12-30 21:17 aet - - * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/asn1.c, - trunk/src/libopensc/base64.c, - trunk/src/libopensc/card-multiflex.c, - trunk/src/libopensc/card-setcos.c, - trunk/src/libopensc/internal.h, trunk/src/libopensc/iso7816.c, - trunk/src/libopensc/log.c, trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-defaults.c, - trunk/src/libopensc/pkcs15-pin.c, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/sc-internal.h, - trunk/src/openssh/Makefile.am, trunk/src/openssh/opensc-ssh.c, - trunk/src/pam/Makefile.am, trunk/src/pam/pam_pkcs15.c, - trunk/src/pkcs11/Makefile.am, trunk/src/pkcs11/session.c, - trunk/src/tests/Makefile.am, trunk/src/tests/base64.c, - trunk/src/tests/hst-test.c, trunk/src/tests/pintest.c, - trunk/src/tools/Makefile.am, trunk/src/tools/opensc-crypt.c, - trunk/src/tools/opensc-tool.c, trunk/src/tools/util.c: Merges - with SCIDI to help integrating build process with it Remove some - gcc specific flags from Makefile.am Rename some header defines - size_t vs. int fixups opensc.h: Define inline as null for other - compilers than gcc, for now Port pam_pkcs15 to compile for - Solaris and HP-UX, untested Fix compiler warnings OpenSC now - compiles cleanly for Tru64, AIX and HP-UX. The only problem is - the tools using getopt_long() (GNU extension), to be fixed - later.. - -2001-12-29 19:03 jey - - * trunk/NEWS, trunk/src/libopensc/asn1.c, - trunk/src/libopensc/asn1.h, trunk/src/libopensc/iso7816.c, - trunk/src/libopensc/pkcs15-cert.c, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/sc-asn1.h: - ported certificate reading to - new ASN.1 code - -2001-12-29 18:14 jey - - * trunk/src/libopensc/Makefile.am: - renamed LIBPCSCLITE to LIBPCSC - -2001-12-29 12:44 jey - - * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/card-emv.c, - trunk/src/libopensc/iso7816.c, trunk/src/libopensc/sc-emv.c: - - another portability fix - renamed sc-emv.c to sc-card-emv.c - -2001-12-29 12:39 jey - - * trunk/src/libopensc/iso7816.c: - fixed a portability problem - -2001-12-29 12:26 aet - - * trunk/configure.in: Use -Werror if compiling with gcc Add check - for getopt.h - -2001-12-29 12:03 jey - - * trunk/src/tools/util.c, trunk/src/tools/util.h: - added missing - files - -2001-12-29 11:57 jey - - * trunk/src/libopensc/sec.c: - fixed resplen values in sc_decipher - and sc_compute_signature - -2001-12-29 02:07 jey - - * trunk/NEWS, trunk/configure.in, trunk/src/libopensc/asn1.c, - trunk/src/libopensc/card-default.c, - trunk/src/libopensc/card-multiflex.c, - trunk/src/libopensc/card.c, trunk/src/libopensc/internal.h, - trunk/src/libopensc/iso7816.c, - trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h, - trunk/src/libopensc/sc-emv.c, trunk/src/libopensc/sc-internal.h, - trunk/src/libopensc/sc.c, trunk/src/tests/hst-test.c, - trunk/src/tools/Makefile.am, trunk/src/tools/opensc-crypt.c, - trunk/src/tools/opensc-tool.c: - added preliminary support for - EMV cards - changed a few function prototypes - implemented - access control lists to files - added sc_read_record() function - - updated the NEWS file - -2001-12-28 14:24 aet - - * trunk/src/pkcs11/digestsign.c, - trunk/src/pkcs11/function_table.c, trunk/src/pkcs11/generic.c, - trunk/src/pkcs11/object.c, trunk/src/pkcs11/sc-pkcs11.h, - trunk/src/pkcs11/session.c, trunk/src/pkcs11/slot.c: Move - hex_dump() to generic.c Convert all C++-style comments to - C-style Fix compiler warnings for various platforms - -2001-12-28 14:23 jey - - * trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/pkcs15-pin.c, trunk/src/libopensc/pkcs15.h: - - sc_pkcs15_change_pin() prototype changed - -2001-12-28 14:19 jey - - * trunk/TODO, trunk/src/openssh/opensc-ssh.c, - trunk/src/tests/Makefile.am, trunk/src/tests/base64.c, - trunk/src/tests/hst-test.c, trunk/src/tests/p15dump.c, - trunk/src/tests/pintest.c, trunk/src/tools/opensc-crypt.c, - trunk/src/tools/opensc-tool.c: - fixed some compile warnings - - updated TODO - -2001-12-27 17:25 jey - - * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/internal.h, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc-emv.c, - trunk/src/libopensc/sc-internal.h, trunk/src/libopensc/sc.c, - trunk/src/tools/opensc-tool.c: - added preliminary EMV support - - made a few bug fixes relating to select_file operation - -2001-12-25 20:45 jey - - * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/asn1.c, - trunk/src/libopensc/base64.c, - trunk/src/libopensc/card-default.c, - trunk/src/libopensc/card-multiflex.c, - trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/defaults.c, trunk/src/libopensc/iso7816.c, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/sc.c, trunk/src/libopensc/sec.c, - trunk/src/pam/Makefile.am, trunk/src/pkcs11/Makefile.am, - trunk/src/tools/opensc-crypt.c, trunk/src/tools/opensc-tool.c: - - added default driver for unidentified cards - added select_file - operation in Multiflex driver - added 'list-drivers' command to - opensc-tool - moved stuff from opensc.h to sc-internal.h - - improved locking behaviour - -2001-12-25 20:38 jey - - * trunk/src/signer/signer.c: - added plugin description strings - -2001-12-24 15:48 jey - - * trunk/src/pam/Makefile.am: - added "-avoid-version" to LDFLAGS - -2001-12-23 15:48 jey - - * trunk/src/signer/dialog.c, trunk/src/signer/opensc-crypto.c, - trunk/src/signer/opensc-support.c: - updated to support latest - version of OpenSC - -2001-12-23 14:33 jey - - * trunk/NEWS, trunk/README: - updated NEWS and README - -2001-12-23 14:17 aet - - * trunk/configure.in, trunk/src/openssh/Makefile.am, - trunk/src/pam/Makefile.am: Add HAVE_SSL_AND_SSL conditional - because automake isn't flexible enough Minor fixes for - libpcsclite probe - -2001-12-22 23:51 jey - - * trunk, trunk/.cvsignore, trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/card-multiflex.c, - trunk/src/libopensc/card.c, trunk/src/libopensc/iso7816.c, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, - trunk/src/tests/hst-test.c: - changed call convention of - sc_select_file() - begun to add support for Multiflex cards - -2001-12-22 23:14 aet - - * trunk/src/openssh/Makefile.am, trunk/src/tests/Makefile.am: - 'make dist' fixes - -2001-12-22 23:13 aet - - * trunk/bootstrap: Disable --force for automake - -2001-12-22 23:07 jey - - * trunk, trunk/.cvsignore: - added some filenames to .cvsignore - -2001-12-22 23:06 jey - - * trunk/AUTHORS: - added authors Anssi Tapaninen and Timo Ter�s - -2001-12-22 22:55 aet - - * trunk/bootstrap, trunk/configure.in, trunk/src/pam/Makefile.am: - Fix LIBPCSCLITE Rename COMPILE_PAM conditional to HAVE_PAM - Remove lex check from configure.ac - -2001-12-22 22:27 aet - - * trunk/Makefile.am, trunk/bootstrap, trunk/configure.in, - trunk/src/Makefile.am, trunk/src/libopensc/Makefile.am, - trunk/src/openssh/Makefile.am, trunk/src/pam/Makefile.am, - trunk/src/pkcs11/Makefile.am, trunk/src/tests/Makefile.am, - trunk/src/tools/Makefile.am: Autotools update. Add bunch of - stuff to configure.in to make building of libopensc more - portable to various operating systems. Requires autoconf 2.52 - and automake 1.5. Add all necessary files except Makefile.in, so - you still need to run ./bootstrap though. There's not much point - adding config.guess and friends without them, maybe later. - -2001-12-22 22:20 aet - - * trunk/aclocal/Makefile.am, trunk/aclocal/acx_pthread.m4, - trunk/aclocal/libtool.m4: Add directory aclocal for m4 macros. - * trunk/src/openssh, trunk/src/openssh/.cvsignore, trunk/src/pam, - trunk/src/pam/.cvsignore, trunk/src/tests, - trunk/src/tests/.cvsignore, trunk/src/tools, - trunk/src/tools/.cvsignore: Add opensc-ssh, pam_pkcs15-test, - bas64, hst-test, lottery, p15dump, pintest, prngtest, - opensc-crypt and opensc-tool binary to .cvsignore. - -2001-12-22 22:11 aet - - * trunk, trunk/.cvsignore, trunk/aclocal, - trunk/aclocal/.cvsignore, trunk/src, trunk/src/.cvsignore, - trunk/src/libopensc, trunk/src/libopensc/.cvsignore, - trunk/src/openssh, trunk/src/openssh/.cvsignore, trunk/src/pam, - trunk/src/pam/.cvsignore, trunk/src/pkcs11, - trunk/src/pkcs11/.cvsignore, trunk/src/tests, - trunk/src/tests/.cvsignore, trunk/src/tools, - trunk/src/tools/.cvsignore: Add .cvsignore skeleton - -2001-12-22 20:52 jey - - * trunk/src/openssh/opensc-ssh.c, - trunk/src/openssh/openssh-3.0.2p1-patch.diff, - trunk/src/pam/pam_pkcs15.c, trunk/src/pkcs11/slot.c, - trunk/src/tests/hst-test.c, trunk/src/tests/lottery.c, - trunk/src/tests/p15dump.c, trunk/src/tests/pintest.c, - trunk/src/tests/prngtest.c, trunk/src/tools/opensc-crypt.c, - trunk/src/tools/opensc-tool.c: - updated to work with latest - library version - -2001-12-22 20:43 jey - - * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/asn1.c, - trunk/src/libopensc/card-setcos.c, trunk/src/libopensc/card.c, - trunk/src/libopensc/defaults.c, trunk/src/libopensc/iso7816.c, - trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/sc.c: - added - card abstraction layer support - pretty much finished migrating - to new ASN.1 code - changed call semantics for sc_select_file() - - moved functions around - -2001-12-22 13:38 jey - - * trunk/src/libopensc/base64.c, trunk/src/libopensc/log.c, - trunk/src/libopensc/log.h, trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15.h, - trunk/src/libopensc/sc-log.h, trunk/src/libopensc/sc.c, - trunk/src/libopensc/sec.c: - LINT fixes - -2001-12-21 23:34 jey - - * trunk/src/libopensc/asn1.c, trunk/src/libopensc/log.c, - trunk/src/libopensc/log.h, trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/sc-log.h, - trunk/src/libopensc/sc.c, trunk/src/libopensc/sec.c: - continued - improving ASN.1 decoding - improved debug levels - added some - PC/SC Lite workarounds - -2001-12-20 13:57 jey - - * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/asn1.c, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/sc.c, trunk/src/libopensc/sec.c: - paving - way for dynamic card modules - fixed a few memory leaks - -2001-12-20 12:22 jey - - * trunk/src/libopensc/pkcs15-sec.c: - added basic logging to - sc-pkcs15-sec.c - -2001-12-20 12:16 jey - - * trunk/src/tests/base64.c, trunk/src/tests/hst-test.c, - trunk/src/tests/sc-test.c, trunk/src/tools/opensc-crypt.c, - trunk/src/tools/opensc-tool.c: - added base64 conversion tool - - updated to work with latest version of OpenSC library - -2001-12-19 21:58 jey - - * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/asn1.c, - trunk/src/libopensc/asn1.h, trunk/src/libopensc/log.c, - trunk/src/libopensc/log.h, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/pkcs15-cert.c, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/sc-asn1.h, trunk/src/libopensc/sc-log.h, - trunk/src/libopensc/sc.c: - remembered ChangeLog - moved some - functions from sc.c to sc-iso7816-4.c - added fancy colors to - log output =) - removed global sc_debug variable, moved it to - sc_context - fixed new ASN.1 code (possibly still unstable) - -2001-12-17 21:36 jey - - * trunk/src/pkcs11/slot.c: - applied a patch by Antti Tapaninen - that fixes a memory leak - -2001-12-16 20:30 jey - - * trunk/src/libopensc/pkcs15-cert.c: - added a small fix. Swedish - Posten eID cards are now supported. - -2001-12-16 18:46 jey - - * trunk/configure.in, trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/asn1.c, trunk/src/libopensc/asn1.h, - trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-defaults.c, - trunk/src/libopensc/pkcs15-pin.c, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/sc-asn1.h, - trunk/src/libopensc/sc.c: - bumped version number up to 0.4.0 - - improved ASN.1 decoding _lots_ - -2001-12-15 01:48 jey - - * trunk/NEWS: - latest breaking news - -2001-12-15 01:44 jey - - * trunk/TODO, trunk/src/openssh/README, - trunk/src/openssh/openssh-3.0.2p1-patch.diff: - updated OpenSSH - support - -2001-12-15 01:29 jey - - * trunk/README, trunk/configure.in, - trunk/src/libopensc/Makefile.am, trunk/src/libopensc/log.c, - trunk/src/libopensc/log.h, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/sc-log.h, - trunk/src/libopensc/sc.c, trunk/src/libopensc/sec.c: - paving - way for version 0.3.5 - -2001-12-15 01:27 jey - - * trunk/src/tools/opensc-crypt.c: - meddled with command - abbreviations - -2001-12-15 01:10 jey - - * trunk/src/signer/Makefile.am, trunk/src/signer/dialog.h: - fixed - distribution tarball generation - -2001-12-15 01:08 jey - - * trunk/src/signer/npinclude/npunix.c, trunk/src/signer/npunix.c: - - moved npunix.c - -2001-12-15 00:57 jey - - * trunk/src/signer/Makefile.am: - fixed changed "include" to - "npinclude" - added a note about assuan to README - -2001-12-15 00:46 jey - - * trunk/src/signer/dialog.c: - removed unnecessary assuan cruft - -2001-12-15 00:39 jey - - * trunk/src/signer/Makefile, trunk/src/signer/Makefile.am, - trunk/src/signer/dialog.c, trunk/src/signer/dialog.cpp, - trunk/src/signer/dialog.h, trunk/src/signer/npinclude, - trunk/src/signer/npinclude/jri.h, - trunk/src/signer/npinclude/jri_md.h, - trunk/src/signer/npinclude/jritypes.h, - trunk/src/signer/npinclude/npapi.h, - trunk/src/signer/npinclude/npupp.h, - trunk/src/signer/opensc-crypto.c, trunk/src/signer/signer.c, - trunk/src/signer/signer.h: - added include files from Netscape - plugin SDK - removed hardcoded PIN - added PIN dialog through - assuan - -2001-12-14 16:37 jey - - * trunk/src/tests/sc-test.c, trunk/src/tools/opensc-crypt.c, - trunk/src/tools/opensc-tool.c: - updated tools to support latest - version of the library - -2001-12-13 21:19 jey - - * trunk/src/libopensc/Makefile.am, trunk/src/libopensc/base64.c, - trunk/src/libopensc/log.c, trunk/src/libopensc/log.h, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/sc-log.h, - trunk/src/libopensc/sc.c, trunk/src/libopensc/sec.c: - improved - logging facilities - removed a few compiler warnings - -2001-12-11 14:53 jey - - * trunk/src/tools/opensc-tool.c: - added "learn-card" command to - opensc-tool - -2001-12-11 14:52 jey - - * trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/pkcs15-cert.c, trunk/src/libopensc/pkcs15.h: - - improved certificate caching - -2001-12-08 15:35 jey - - * trunk/Makefile.am: - added depcomp to AUX_DIST - -2001-12-08 15:27 jey - - * trunk/Makefile.am, trunk/bootstrap, trunk/configure.in, - trunk/src/libopensc/defaults.c, - trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15.h, - trunk/src/libopensc/sc.c: - removed config directory - fixed - compiling with C++ - added error SC_ERROR_CARD_RESET - -2001-12-08 14:19 jey - - * trunk/src/signer/Makefile, trunk/src/signer/dialog.cpp, - trunk/src/signer/dialog.h, trunk/src/signer/signer.c, - trunk/src/signer/signer.h, trunk/src/signer/testprog.c: - begun - to implement PIN dialog - -2001-12-07 00:57 jey - - * trunk/src/signer/Makefile, trunk/src/signer/opensc-crypto.c, - trunk/src/signer/opensc-crypto.h, - trunk/src/signer/opensc-support.c, - trunk/src/signer/opensc-support.h, trunk/src/signer/signer.c, - trunk/src/signer/signer.h, trunk/src/signer/testprog.c: - first - working version of signer plugin - -2001-12-02 19:21 jey - - * trunk/configure.in, trunk/src/libopensc/Makefile.am, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/sec.c: - fixed sc_pkcs15_change_pin() - -2001-12-02 19:17 jey - - * trunk/src/libopensc/base64.c, trunk/src/libopensc/opensc.h: - - added support for Base64 decoding - -2001-11-30 11:57 jey - - * trunk/src/pkcs11/digestsign.c, trunk/src/signer/signer.c, - trunk/src/tools/opensc-tool.c: - added PIN changing support - - started to work on nsplugin - -2001-11-27 23:37 jey - - * trunk/README: - small changes in README - -2001-11-27 21:25 jey - - * trunk/src/pkcs11/sc-pkcs11.h, trunk/src/tests/hst-test.c, - trunk/src/tests/p15dump.c: - a few fixes for libopensc 0.3.2 - support - -2001-11-27 21:11 jey - - * trunk/Makefile.am, trunk/NEWS, trunk/README, trunk/configure.in, - trunk/src/libopensc/Makefile.am, trunk/src/libopensc/sc.c: - - fixed a few bugs in Autotools support - -2001-11-26 20:14 jey - - * trunk/AUTHORS, trunk/INSTALL, trunk/Makefile.am, trunk/NEWS, - trunk/README, trunk/THANKS, trunk/bootstrap, trunk/configure.in, - trunk/src/libopensc/Makefile.am, trunk/src/libopensc/sc.c: - - started to migrate to GNU Autotools - -2001-11-26 16:14 jey - - * trunk/src/libopensc/defaults.c, - trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-defaults.c, - trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h, - trunk/src/libopensc/sc.c, trunk/src/libopensc/sec.c, - trunk/src/pam/pam_pkcs15.c: - added defaults for FINEID S4-2 - (organization) cards - fixed a few typos - renamed - _sc_sw_to_errorcode() to sc_sw_to_errorcode() - PAM module now - uses RSA_sign instead of RSA_public_encrypt - -2001-11-24 15:12 jey - - * trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/pkcs15.h: - changed "sc.h" to "opensc.h" - -2001-11-24 13:34 jey - - * trunk/src/openssh/opensc-ssh.c: - changed project name to OpenSC - - removed obsolete rsa_libsc.c - -2001-11-24 13:32 jey - - * trunk/src/libopensc/asn1.c, trunk/src/libopensc/base64.c, - trunk/src/libopensc/defaults.c, - trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/sc.c, - trunk/src/libopensc/sec.c, trunk/src/pam/pam_pkcs15.c, - trunk/src/pkcs11/generic.c, trunk/src/tests/hst-test.c, - trunk/src/tests/lottery.c, trunk/src/tests/p15dump.c, - trunk/src/tests/pintest.c, trunk/src/tests/prngtest.c, - trunk/src/tests/sc-test.c, trunk/src/tools/opensc-crypt.c, - trunk/src/tools/opensc-tool.c: - changed project name to OpenSC - -2001-11-22 15:40 jey - - * trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/sc.c, - trunk/src/libopensc/sec.c, trunk/src/tools/opensc-crypt.c, - trunk/src/tools/opensc-tool.c: - added sc-crypt program - -2001-11-21 23:28 jey - - * trunk/src/pkcs11/digestsign.c: - converted C_Sign() to use the - new API - -2001-11-21 22:40 jey - - * trunk/src/tools/opensc-tool.c: - small fix in sc-tool.c - -2001-11-21 21:19 jey - - * trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.h, - trunk/src/libopensc/sc.c, trunk/src/openssh/README, - trunk/src/openssh/opensc-ssh.c: - added install target to libsc - Makefile - added a few functions - added a patch against OpenSSH - 3.0.1p1 to enable libsc support - -2001-11-20 22:21 jey - - * trunk/src/libopensc/defaults.c, - trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/sc.c, - trunk/src/libopensc/sec.c, trunk/src/openssh, - trunk/src/openssh/opensc-ssh.c, trunk/src/pam/README, - trunk/src/pam/pam_pkcs15.c, trunk/src/signer/Makefile, - trunk/src/signer/signer.c, trunk/src/tests/hst-test.c, - trunk/src/tests/pintest.c, trunk/src/tools/opensc-tool.c: - - added very partial SSH support - rearranged some functions - - added several new functions - fixed handling of SW's - -2001-11-18 20:36 jey - - * trunk/src/tools/opensc-tool.c: - small bug fixed - -2001-11-18 01:52 jey - - * trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/sc.c, trunk/src/tests/hst-test.c, - trunk/src/tests/sc-test.c, trunk/src/tools, - trunk/src/tools/opensc-tool.c: - added sc-tool - removed - certtest.c - -2001-11-17 15:48 jey - - * trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-pin.c, trunk/src/libopensc/sc.c, - trunk/src/pam/README, trunk/src/pam/pam_pkcs15.c, - trunk/src/tests/p15dump.c: - added README for PAM module - added - a few error messages - fixed certificate caching (which is still - kludgy) - -2001-11-17 14:55 jey - - * trunk/src/libopensc/defaults.c, - trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15.c, trunk/src/libopensc/pkcs15.h, - trunk/src/libopensc/sc.c, trunk/src/pam/pam_pkcs15.c, - trunk/src/tests/p15dump.c: - added defaults; full PKCS#15 - parsing is no-longer required at startup - -2001-11-17 00:11 jey - - * trunk/src/libopensc/asn1.c, trunk/src/libopensc/asn1.h, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc-asn1.h, - trunk/src/libopensc/sc.c, trunk/src/pam/pam_pkcs15.c, - trunk/src/tests/hst-test.c, trunk/src/tests/lottery.c: - PAM - module is semi-working now - added sc_asn1_put_tag() and - sc_restore_security_env() functions - preliminary support for - CREATE FILE and DELETE FILE commands - -2001-11-15 14:44 jey - - * trunk/src/pam, trunk/src/pam/pam_pkcs15.c: - added a PAM module - playground directory - -2001-11-14 13:43 jey - - * trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/sc.c: - committed a patch from Antti - Tapaninen - -2001-11-07 14:36 jey - - * trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/sc.c, trunk/src/tests/hst-test.c: - moved - sc_list_files() to sc.c - -2001-11-07 13:45 jey - - * trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc.c, - trunk/src/tests/sc-test.c: - fixed sc_get_random() - added ATR - to struct sc_card - -2001-11-06 18:43 fabled - - * trunk/src/pkcs11/digestsign.c, trunk/src/pkcs11/endecrypt.c, - trunk/src/pkcs11/function_table.c, trunk/src/pkcs11/generic.c, - trunk/src/pkcs11/misc.c, trunk/src/pkcs11/object.c, - trunk/src/pkcs11/sc-pkcs11.h, trunk/src/pkcs11/session.c, - trunk/src/pkcs11/slot.c, trunk/src/pkcs11/verify.c: Updated - license to LGPL. Added short description. - -2001-11-06 18:34 jey - - * trunk/COPYING, trunk/src/libopensc/asn1.c, - trunk/src/libopensc/asn1.h, trunk/src/libopensc/base64.c, - trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/sc-asn1.h, - trunk/src/libopensc/sc.c, trunk/src/pkcs11/README, - trunk/src/tests/p15dump.c: - changed license to LGPL - moved - ASN.1 function definitions from sc.h to sc-asn1.h - -2001-11-05 19:39 jey - - * trunk/src/libopensc/base64.c, - trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/sc.c, - trunk/src/tests/hst-test.c, trunk/src/tests/lottery.c, - trunk/src/tests/prngtest.c: - fixed base64 encoding function - - added file listing test to hst-test.c - -2001-11-04 14:08 jey - - * trunk/src/libopensc/opensc.h, trunk/src/libopensc/sc.c, - trunk/src/tests/lottery.c, trunk/src/tests/p15dump.c, - trunk/src/tests/pintest.c, trunk/src/tests/sc-test.c: assorted - small fixes - -2001-11-04 13:57 jey - - * trunk/src/libopensc/base64.c, trunk/src/libopensc/opensc.h, - trunk/src/libopensc/pkcs15-cert.c, trunk/src/libopensc/sc.c, - trunk/src/tests/prngtest.c: - added support for base64 encoding - - added certtest tool - -2001-11-01 15:44 jey - - * trunk/src/tests/sc-test.c: - added a 'return 0' statement - -2001-11-01 15:43 jey - - * trunk/src/libopensc, trunk/src/libopensc/asn1.c, - trunk/src/libopensc/asn1.h, trunk/src/libopensc/opensc-pkcs15.h, - trunk/src/libopensc/opensc.h, trunk/src/libopensc/pkcs15-cert.c, - trunk/src/libopensc/pkcs15-pin.c, - trunk/src/libopensc/pkcs15-prkey.c, - trunk/src/libopensc/pkcs15-sec.c, trunk/src/libopensc/pkcs15.c, - trunk/src/libopensc/pkcs15.h, trunk/src/libopensc/sc-asn1.h, - trunk/src/libopensc/sc.c, trunk/src/libopensc/sec.c, - trunk/src/pkcs11/generic.c, trunk/src/pkcs11/sc-pkcs11.h, - trunk/src/signer, trunk/src/signer/Makefile, - trunk/src/signer/npunix.c, trunk/src/signer/stubs.c, - trunk/src/tests/hst-test.c, trunk/src/tests/lottery.c, - trunk/src/tests/p15dump.c, trunk/src/tests/pintest.c, - trunk/src/tests/prngtest.c, trunk/src/tests/sc-test.c, - trunk/src/tests/sc-test.h: - moved libsc to its own directory - - added non-working MIME plugin for "text/x-text-to-sign" - added - pseudo-random number generator support - split hst-test.c into - smaller files - -2001-10-30 16:16 fabled - - * trunk/src/pkcs11/digestsign.c, trunk/src/pkcs11/endecrypt.c, - trunk/src/pkcs11/function_table.c, trunk/src/pkcs11/generic.c, - trunk/src/pkcs11/misc.c, trunk/src/pkcs11/object.c, - trunk/src/pkcs11/sc-pkcs11.h, trunk/src/pkcs11/session.c, - trunk/src/pkcs11/slot.c, trunk/src/pkcs11/verify.c: Added - copyright notes. - -2001-10-29 15:52 jey - - * trunk/src/tests/hst-test.c: - updated README.decrypt - fixed a - few compiler warnings - -2001-10-25 11:56 jey - - * trunk/src/pkcs11/generic.c, trunk/src/pkcs11/session.c, - trunk/src/pkcs11/slot.c, trunk/src/tests/hst-test.c: added: - - certificate parsing - support for reading RSA public key modulus - on the fly - support for ASN.1 object id decoding and printing - - fixed a lot of u8 * --> const u8 * - -2001-10-24 14:48 jey - - * trunk/src/tests/hst-test.c: removed hard-coded PIN code... =) - -2001-10-24 14:02 jey - - * trunk/src/pkcs11/generic.c, trunk/src/pkcs11/object.c, - trunk/src/pkcs11/slot.c, trunk/src/tests/hst-test.c: latest - version - -2001-10-24 09:31 jey - - * trunk/COPYING: added COPYING file - -2001-10-22 21:09 fabled - - * trunk/src/pkcs11/digestsign.c, trunk/src/pkcs11/sc-pkcs11.h, - trunk/src/pkcs11/slot.c: Implementid basic signing functionality. - -2001-10-22 21:05 jey - - * trunk/src/tests/hst-test.c: dirty fix - -2001-10-22 20:43 jey - - * trunk/src/tests/hst-test.c: - quick and dirty fix applied - -2001-10-22 20:07 jey - - * trunk/src/tests/hst-test.c: - added ability to compute digital - signatures - split functions to different files - -2001-10-22 14:51 jey - - * trunk/src/tests/hst-test.c: - implemented decrypt support - - split PIN related functions to a separate file - -2001-10-21 22:25 fabled - - * trunk/src/pkcs11/README, trunk/src/pkcs11/generic.c, - trunk/src/pkcs11/object.c, trunk/src/pkcs11/session.c, - trunk/src/pkcs11/slot.c, trunk/src/pkcs11/verify.c: Updates. - -2001-10-21 21:26 jey - - * trunk/src/tests/hst-test.c: small bug-fix in - sc_enum_certificates() - -2001-10-21 21:22 jey - - * trunk/src/tests/hst-test.c: - added struct sc_path - implemented - private key enumeration - -2001-10-21 19:42 jey - - * trunk/src/pkcs11/generic.c, trunk/src/pkcs11/session.c, - trunk/src/pkcs11/slot.c, trunk/src/tests/hst-test.c: fixed PIN - info reading - -2001-10-21 19:06 jey - - * trunk/src/tests/hst-test.c: sc_pkcs15_read_certificate now - dynamically allocates output buffer - -2001-10-21 18:55 jey - - * trunk/src/tests/hst-test.c: - implemented certificate reading - - started to implement private key enumeration - -2001-10-21 18:12 jey - - * trunk/src/pkcs11/slot.c, trunk/src/tests/hst-test.c: - given - ASN.1 decoding routines a facelift - implemented certificate - enumeration - -2001-10-21 16:26 fabled - - * trunk/src/pkcs11/object.c, trunk/src/pkcs11/session.c: Minor bug - fixes. Implemented the object finding properly. - -2001-10-21 16:01 fabled - - * trunk/src/pkcs11/digestsign.c, trunk/src/pkcs11/endecrypt.c, - trunk/src/pkcs11/generic.c, trunk/src/pkcs11/object.c, - trunk/src/pkcs11/sc-pkcs11.h, trunk/src/pkcs11/session.c, - trunk/src/pkcs11/slot.c: Basic skeleton for object manipulation. - Some testing stuff. - -2001-10-21 15:42 jey - - * trunk/src/pkcs11/generic.c, trunk/src/tests/hst-test.c: fixed - tokenInfo parsing - -2001-10-20 23:51 fabled - - * trunk/src/pkcs11/function_table.c, trunk/src/pkcs11/generic.c, - trunk/src/pkcs11/sc-pkcs11.h, trunk/src/pkcs11/session.c: Added - basic session management. Implemented login, logout and change - pin functions. Improved card management. - -2001-10-20 20:33 jey - - * trunk/src/tests/hst-test.c: fixed a weird escaping bug in - sc_read_binary(). this could affect other functions too. needs - more research. - -2001-10-20 16:54 jey - - * trunk/src/tests/hst-test.c: lots and lots of changes. - -2001-10-20 16:53 jey - - * trunk/src/pkcs11/generic.c: modified to use latest SC API - -2001-10-19 23:23 jey - - * trunk/src/tests/hst-test.c: Major additions and fixes to core API - -2001-10-19 19:52 fabled - - * trunk/src/pkcs11, trunk/src/pkcs11/README, - trunk/src/pkcs11/digestsign.c, trunk/src/pkcs11/endecrypt.c, - trunk/src/pkcs11/function_table.c, trunk/src/pkcs11/generic.c, - trunk/src/pkcs11/misc.c, trunk/src/pkcs11/object.c, - trunk/src/pkcs11/sc-pkcs11.h, trunk/src/pkcs11/session.c, - trunk/src/pkcs11/verify.c: Implemented dummy functions for - PKCS#15 module with functionality to read card reader names. - -2001-10-19 17:30 jey - - * trunk/src/tests/hst-test.c: some structural changes; might not - even compile - -2001-10-19 17:26 jey - - * trunk/src, trunk/src/tests, trunk/src/tests/hst-test.c: initial - commit - -2001-10-19 17:26 - - * branches, releases, trunk: New repository initialized by cvs2svn. - diff -Nru opensc-0.11.13/doc/nonpersistent/export-wiki.sh opensc-0.12.1/doc/nonpersistent/export-wiki.sh --- opensc-0.11.13/doc/nonpersistent/export-wiki.sh 2009-12-13 09:14:26.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/export-wiki.sh 1970-01-01 00:00:00.000000000 +0000 @@ -1,72 +0,0 @@ -#!/bin/sh - -set -e - -test -z "$XSLTPROC" && XSLTPROC="xsltproc" -test -z "$WGET" && WGET="wget" -test -z "$WGET_OPTS" && WGET_OPTS="$WGET_OPTS" -test -z "$SED" && SED="sed" -test -z "$TR" && TR="tr" - -test -z "$SERVER" && SERVER="http://www.opensc-project.org" -test -z "$PROJECT" && PROJECT="opensc" - -SRCDIR=. -OUTDIR=. -test -n "$1" && SRCDIR="$1" -test -n "$2" && OUTDIR="$2" - -WIKI="$PROJECT/wiki" -XSL="$SRCDIR/export-wiki.xsl" - -test -f "$SRCDIR"/`basename $0` - -test -e "$OUTDIR" && rm -fr "$OUTDIR" - -mkdir "$OUTDIR" || exit 1 - -$WGET $WGET_OPTS $SERVER/$WIKI/TitleIndex -O "$OUTDIR"/TitleIndex.tmp - -$SED -e "s##\n#g" < "$OUTDIR"/TitleIndex.tmp \ - | grep "\"/$WIKI/[^\"]*\"" \ - |$SED -e "s#.*\"/$WIKI/\([^\"]*\)\".*#\1#g" \ - > "$OUTDIR"/WikiWords.tmp -$SED -e /^Trac/d -e /^Wiki/d -e /^TitleIndex/d -e /^RecentChanges/d \ - -e /^CamelCase/d -e /^SandBox/d -e /^InterMapTxt/d -e /^InterWiki/d \ - -e /^InterTrac/d -i "$OUTDIR"/WikiWords.tmp - - -for A in WikiStart `cat "$OUTDIR"/WikiWords.tmp` -do - F=`echo $A|$SED -e 's/\//_/g'` - $WGET $WGET_OPTS $SERVER/$WIKI/$A -O "$OUTDIR"/$F.tmp - $XSLTPROC --nonet --output "$OUTDIR"/$F.html "$XSL" "$OUTDIR"/$F.tmp - $SED -e "s# - - - - - - - - - - - <xsl:value-of select="/html:html/html:head/html:title" /> - - - - -
-
-

Back to Index

-
- - - - - - - - Wiki Index - - - -

Index of Wiki Pages

-
    - -
- - - - - -
    • -     - - - - - - - - - diff -Nru opensc-0.11.13/doc/nonpersistent/Makefile.am opensc-0.12.1/doc/nonpersistent/Makefile.am --- opensc-0.11.13/doc/nonpersistent/Makefile.am 2009-12-13 09:14:26.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/Makefile.am 1970-01-01 00:00:00.000000000 +0000 @@ -1,59 +0,0 @@ -MAINTAINERCLEANFILES = \ - $(srcdir)/Makefile.in - -wikidir=$(htmldir)/wiki - -dist_noinst_SCRIPTS = export-wiki.sh export-wiki.xsl \ - svn2cl.xsl -dist_wiki_DATA = wiki.out/* -dist_noinst_DATA = ChangeLog - -if SVN_CHECKOUT - -wiki.out/*: wiki.out -wiki.out: - -rm -fr wiki.out - test -n "$(WGET)" -a -n "$(SED)" -a -n "$(TR)" -a -n "$(XSLTPROC)" - WGET="$(WGET)" WGET_OPTS="$(WGET_OPTS)" SED="$(SED)" TR="$(TR)" XSLTPROC="$(XSLTPROC)" \ - PROJECT="@PACKAGE_NAME@" \ - $(SHELL) "$(srcdir)/export-wiki.sh" "$(srcdir)" "wiki.tmp" - mv wiki.tmp wiki.out - -ChangeLog: - test -n "$(SVN)" -a -n "$(XSLTPROC)" - if test -d "$(top_srcdir)/.svn"; then \ - $(SVN) --verbose --xml log "$(top_srcdir)" | \ - $(XSLTPROC) --nonet --stringparam linelen 75 \ - --stringparam groupbyday no \ - --stringparam include-rev no \ - "$(srcdir)/svn2cl.xsl" - > ChangeLog.tmp; \ - else \ - echo "Warning: Unable to generate ChangeLog from none svn checkout" >&2; \ - echo > ChangeLog.tmp; \ - fi - mv ChangeLog.tmp ChangeLog - -else - -wiki.out/*: $(abs_builddir)/wiki.out -$(abs_builddir)/wiki.out: - $(LN_S) "$(srcdir)/wiki.out" wiki.out - -ChangeLog: - $(LN_S) "$(srcdir)/ChangeLog" ChangeLog - -endif - -distclean-local: - -rm -rf wiki.tmp - if test -L wiki.out; then \ - rm -fr wiki.out; \ - fi - -rm -fr ChangeLog.tmp - if test -L ChangeLog; then \ - rm -fr ChangeLog; \ - fi - -maintainer-clean-local: - -rm -rf "$(srcdir)/wiki.out" - -rm -rf "$(srcdir)/ChangeLog" diff -Nru opensc-0.11.13/doc/nonpersistent/Makefile.in opensc-0.12.1/doc/nonpersistent/Makefile.in --- opensc-0.11.13/doc/nonpersistent/Makefile.in 2010-02-16 09:32:17.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/Makefile.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,514 +0,0 @@ -# Makefile.in generated by automake 1.11 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, -# Inc. -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - - -VPATH = @srcdir@ -pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -subdir = doc/nonpersistent -DIST_COMMON = $(dist_noinst_DATA) $(dist_noinst_SCRIPTS) \ - $(dist_wiki_DATA) $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ - ChangeLog -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/acx_pthread.m4 \ - $(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -SCRIPTS = $(dist_noinst_SCRIPTS) -SOURCES = -DIST_SOURCES = -am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; -am__vpath_adj = case $$p in \ - $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ - *) f=$$p;; \ - esac; -am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; -am__install_max = 40 -am__nobase_strip_setup = \ - srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` -am__nobase_strip = \ - for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" -am__nobase_list = $(am__nobase_strip_setup); \ - for p in $$list; do echo "$$p $$p"; done | \ - sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ - $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ - if (++n[$$2] == $(am__install_max)) \ - { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ - END { for (dir in files) print dir, files[dir] }' -am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -am__installdirs = "$(DESTDIR)$(wikidir)" -DATA = $(dist_noinst_DATA) $(dist_wiki_DATA) -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -AMTAR = @AMTAR@ -AR = @AR@ -AS = @AS@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CYGPATH_W = @CYGPATH_W@ -DEFAULT_PCSC_PROVIDER = @DEFAULT_PCSC_PROVIDER@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -DLLTOOL = @DLLTOOL@ -DSYMUTIL = @DSYMUTIL@ -DUMPBIN = @DUMPBIN@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -FGREP = @FGREP@ -GREP = @GREP@ -ICONV_CFLAGS = @ICONV_CFLAGS@ -ICONV_LIBS = @ICONV_LIBS@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -LD = @LD@ -LDFLAGS = @LDFLAGS@ -LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@ -LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@ -LIBASSUAN_LIBS = @LIBASSUAN_LIBS@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIPO = @LIPO@ -LN_S = @LN_S@ -LTLIBOBJS = @LTLIBOBJS@ -LTLIB_CFLAGS = @LTLIB_CFLAGS@ -LTLIB_LIBS = @LTLIB_LIBS@ -MAKEINFO = @MAKEINFO@ -MKDIR_P = @MKDIR_P@ -NM = @NM@ -NMEDIT = @NMEDIT@ -OBJDUMP = @OBJDUMP@ -OBJEXT = @OBJEXT@ -OPENCT_CFLAGS = @OPENCT_CFLAGS@ -OPENCT_LIBS = @OPENCT_LIBS@ -OPENSC_LT_AGE = @OPENSC_LT_AGE@ -OPENSC_LT_CURRENT = @OPENSC_LT_CURRENT@ -OPENSC_LT_OLDEST = @OPENSC_LT_OLDEST@ -OPENSC_LT_REVISION = @OPENSC_LT_REVISION@ -OPENSC_VERSION_FIX = @OPENSC_VERSION_FIX@ -OPENSC_VERSION_MAJOR = @OPENSC_VERSION_MAJOR@ -OPENSC_VERSION_MINOR = @OPENSC_VERSION_MINOR@ -OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ -OPENSSL_LIBS = @OPENSSL_LIBS@ -OPTIONAL_ICONV_CFLAGS = @OPTIONAL_ICONV_CFLAGS@ -OPTIONAL_ICONV_LIBS = @OPTIONAL_ICONV_LIBS@ -OPTIONAL_OPENCT_CFLAGS = @OPTIONAL_OPENCT_CFLAGS@ -OPTIONAL_OPENCT_LIBS = @OPTIONAL_OPENCT_LIBS@ -OPTIONAL_OPENSSL_CFLAGS = @OPTIONAL_OPENSSL_CFLAGS@ -OPTIONAL_OPENSSL_LIBS = @OPTIONAL_OPENSSL_LIBS@ -OPTIONAL_PCSC_CFLAGS = @OPTIONAL_PCSC_CFLAGS@ -OPTIONAL_READLINE_CFLAGS = @OPTIONAL_READLINE_CFLAGS@ -OPTIONAL_READLINE_LIBS = @OPTIONAL_READLINE_LIBS@ -OPTIONAL_ZLIB_CFLAGS = @OPTIONAL_ZLIB_CFLAGS@ -OPTIONAL_ZLIB_LIBS = @OPTIONAL_ZLIB_LIBS@ -OTOOL = @OTOOL@ -OTOOL64 = @OTOOL64@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_URL = @PACKAGE_URL@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PCSC_CFLAGS = @PCSC_CFLAGS@ -PCSC_LIBS = @PCSC_LIBS@ -PKG_CONFIG = @PKG_CONFIG@ -PTHREAD_CC = @PTHREAD_CC@ -PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ -PTHREAD_LIBS = @PTHREAD_LIBS@ -RANLIB = @RANLIB@ -RC = @RC@ -READLINE_CFLAGS = @READLINE_CFLAGS@ -READLINE_LIBS = @READLINE_LIBS@ -SED = @SED@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -STRIP = @STRIP@ -SVN = @SVN@ -TR = @TR@ -VERSION = @VERSION@ -WGET = @WGET@ -WGET_OPTS = @WGET_OPTS@ -WIN_LIBPREFIX = @WIN_LIBPREFIX@ -XSLTPROC = @XSLTPROC@ -ZLIB_CFLAGS = @ZLIB_CFLAGS@ -ZLIB_LIBS = @ZLIB_LIBS@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -acx_pthread_config = @acx_pthread_config@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -libdir = @libdir@ -libexecdir = @libexecdir@ -localedir = @localedir@ -localstatedir = @localstatedir@ -lt_ECHO = @lt_ECHO@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -openscincludedir = @openscincludedir@ -pdfdir = @pdfdir@ -pkcs11dir = @pkcs11dir@ -pkgconfigdir = @pkgconfigdir@ -plugindir = @plugindir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ -sysconfdir = @sysconfdir@ -target_alias = @target_alias@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -xslstylesheetsdir = @xslstylesheetsdir@ -MAINTAINERCLEANFILES = \ - $(srcdir)/Makefile.in - -wikidir = $(htmldir)/wiki -dist_noinst_SCRIPTS = export-wiki.sh export-wiki.xsl \ - svn2cl.xsl - -dist_wiki_DATA = wiki.out/* -dist_noinst_DATA = ChangeLog -all: all-am - -.SUFFIXES: -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/nonpersistent/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu doc/nonpersistent/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs -install-dist_wikiDATA: $(dist_wiki_DATA) - @$(NORMAL_INSTALL) - test -z "$(wikidir)" || $(MKDIR_P) "$(DESTDIR)$(wikidir)" - @list='$(dist_wiki_DATA)'; test -n "$(wikidir)" || list=; \ - for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; \ - done | $(am__base_list) | \ - while read files; do \ - echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(wikidir)'"; \ - $(INSTALL_DATA) $$files "$(DESTDIR)$(wikidir)" || exit $$?; \ - done - -uninstall-dist_wikiDATA: - @$(NORMAL_UNINSTALL) - @list='$(dist_wiki_DATA)'; test -n "$(wikidir)" || list=; \ - files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ - test -n "$$files" || exit 0; \ - echo " ( cd '$(DESTDIR)$(wikidir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(wikidir)" && rm -f $$files -tags: TAGS -TAGS: - -ctags: CTAGS -CTAGS: - - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-am -all-am: Makefile $(SCRIPTS) $(DATA) -installdirs: - for dir in "$(DESTDIR)$(wikidir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ - done -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." - -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) -clean: clean-am - -clean-am: clean-generic clean-libtool mostlyclean-am - -distclean: distclean-am - -rm -f Makefile -distclean-am: clean-am distclean-generic distclean-local - -dvi: dvi-am - -dvi-am: - -html: html-am - -html-am: - -info: info-am - -info-am: - -install-data-am: install-dist_wikiDATA - -install-dvi: install-dvi-am - -install-dvi-am: - -install-exec-am: - -install-html: install-html-am - -install-html-am: - -install-info: install-info-am - -install-info-am: - -install-man: - -install-pdf: install-pdf-am - -install-pdf-am: - -install-ps: install-ps-am - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic \ - maintainer-clean-local - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-generic mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: uninstall-dist_wikiDATA - -.MAKE: install-am install-strip - -.PHONY: all all-am check check-am clean clean-generic clean-libtool \ - distclean distclean-generic distclean-libtool distclean-local \ - distdir dvi dvi-am html html-am info info-am install \ - install-am install-data install-data-am install-dist_wikiDATA \ - install-dvi install-dvi-am install-exec install-exec-am \ - install-html install-html-am install-info install-info-am \ - install-man install-pdf install-pdf-am install-ps \ - install-ps-am install-strip installcheck installcheck-am \ - installdirs maintainer-clean maintainer-clean-generic \ - maintainer-clean-local mostlyclean mostlyclean-generic \ - mostlyclean-libtool pdf pdf-am ps ps-am uninstall uninstall-am \ - uninstall-dist_wikiDATA - - -@SVN_CHECKOUT_TRUE@wiki.out/*: wiki.out -@SVN_CHECKOUT_TRUE@wiki.out: -@SVN_CHECKOUT_TRUE@ -rm -fr wiki.out -@SVN_CHECKOUT_TRUE@ test -n "$(WGET)" -a -n "$(SED)" -a -n "$(TR)" -a -n "$(XSLTPROC)" -@SVN_CHECKOUT_TRUE@ WGET="$(WGET)" WGET_OPTS="$(WGET_OPTS)" SED="$(SED)" TR="$(TR)" XSLTPROC="$(XSLTPROC)" \ -@SVN_CHECKOUT_TRUE@ PROJECT="@PACKAGE_NAME@" \ -@SVN_CHECKOUT_TRUE@ $(SHELL) "$(srcdir)/export-wiki.sh" "$(srcdir)" "wiki.tmp" -@SVN_CHECKOUT_TRUE@ mv wiki.tmp wiki.out - -@SVN_CHECKOUT_TRUE@ChangeLog: -@SVN_CHECKOUT_TRUE@ test -n "$(SVN)" -a -n "$(XSLTPROC)" -@SVN_CHECKOUT_TRUE@ if test -d "$(top_srcdir)/.svn"; then \ -@SVN_CHECKOUT_TRUE@ $(SVN) --verbose --xml log "$(top_srcdir)" | \ -@SVN_CHECKOUT_TRUE@ $(XSLTPROC) --nonet --stringparam linelen 75 \ -@SVN_CHECKOUT_TRUE@ --stringparam groupbyday no \ -@SVN_CHECKOUT_TRUE@ --stringparam include-rev no \ -@SVN_CHECKOUT_TRUE@ "$(srcdir)/svn2cl.xsl" - > ChangeLog.tmp; \ -@SVN_CHECKOUT_TRUE@ else \ -@SVN_CHECKOUT_TRUE@ echo "Warning: Unable to generate ChangeLog from none svn checkout" >&2; \ -@SVN_CHECKOUT_TRUE@ echo > ChangeLog.tmp; \ -@SVN_CHECKOUT_TRUE@ fi -@SVN_CHECKOUT_TRUE@ mv ChangeLog.tmp ChangeLog - -@SVN_CHECKOUT_FALSE@wiki.out/*: $(abs_builddir)/wiki.out -@SVN_CHECKOUT_FALSE@$(abs_builddir)/wiki.out: -@SVN_CHECKOUT_FALSE@ $(LN_S) "$(srcdir)/wiki.out" wiki.out - -@SVN_CHECKOUT_FALSE@ChangeLog: -@SVN_CHECKOUT_FALSE@ $(LN_S) "$(srcdir)/ChangeLog" ChangeLog - -distclean-local: - -rm -rf wiki.tmp - if test -L wiki.out; then \ - rm -fr wiki.out; \ - fi - -rm -fr ChangeLog.tmp - if test -L ChangeLog; then \ - rm -fr ChangeLog; \ - fi - -maintainer-clean-local: - -rm -rf "$(srcdir)/wiki.out" - -rm -rf "$(srcdir)/ChangeLog" - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff -Nru opensc-0.11.13/doc/nonpersistent/svn2cl.xsl opensc-0.12.1/doc/nonpersistent/svn2cl.xsl --- opensc-0.11.13/doc/nonpersistent/svn2cl.xsl 2009-12-13 09:14:26.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/svn2cl.xsl 1970-01-01 00:00:00.000000000 +0000 @@ -1,295 +0,0 @@ - - - - - - - -]> - - - - - - - - - - - - - - - - - - - - - - - - - &newl; - - - - - - - - - - - - - - - - - - - - - - - - - - - &newl; - - - - - &space;&space; - - - - &newl;&newl; - - - - - - - - - [r - - ]&space; - - - - &tab;*&space; - - - - - - - - - - - - - - &space; - - - - - - - - - - - - - - - - ,&space; - - - - - - :&space; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - . - - - - - - - - - - - - - - - - &newl; - - - - - - - - - - - - - - - - - - - &newl;&tab;&space;&space; - - - - - - - - - - - - - - - - - - - - - - - - diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/AKIS.html opensc-0.12.1/doc/nonpersistent/wiki.out/AKIS.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/AKIS.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/AKIS.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,37 +0,0 @@ - - - AKIS – OpenSC -
    -
    - -

    AKiS SMARTCARDS

    -

    -AKiS is a smart card operating system which can be used in personal identification, digital sign, health care system, smart logon, secure email, etc. It is developed within The National Research Institute Of Electronics And Cryptology ( UEKAE), a subsidiary of The Scientific & Technological Research Council of Turkey ( TUBITAK). -

    -

    -Card is sold to the public by  http://www.plastkart.com -

    -

    -AKIS: -

    -
    • Communicates with the PC via card reader according to ISO/IEC 7816-4 T = 1 protocol, -
    • Implements user and interface authentication, -
    • Is capable of binary file operations (open, write, read), -
    • Supports fixed length linear, variable length linear, fixed length cyclic file structures and file operations (open, write record, read record), -
    • Follows the life cycles (activation, manufacturing, initialization, personalization, administration, operation and death) and operates functions according to the present life cycle, -
    • Encrypts, decrypts, digitally signs and verifies with RSA (2048)/DES/3DES cryptographic algorithms, -
    • Calculates SHA-1 hash. -
    • Has Common Criteria EAL4+ assurance level. -

    -AKIS support in OpenSC is in development and currently features file level access (select, list, read, write, create, delete, verify), digital signing, and PKCS-15 support (except pkcs15-init). -

    -

    -It is also only available in OpenSC svn /trunk/ and not included in any OpenSC release yet. -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/AktivRutokenECP.html opensc-0.12.1/doc/nonpersistent/wiki.out/AktivRutokenECP.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/AktivRutokenECP.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/AktivRutokenECP.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,44 +0,0 @@ - - - AktivRutokenECP – OpenSC -
    -
    - -

    Aktiv Co. Rutoken ECP

    -

    - Aktiv Co. offers the  Rutoken ECP, an USB crypto token with 64K memory and support for RSA keys up to 2048bit key length. -

    -

    Rutoken ECP

    -
    • USB IDs: 0a89:0030 -
    • Memory: 64K -

    On-board cryptographic functions

    -
    • RSA (with RSA keys up to 2048 bits) -
    • GOST R 34.10-2001 -
    • GOST 34.11-94 -
    • GOST 28147-89 -
    • Key generation: ElGamal? and Diffie-Hellman schemes -

    Authentication

    -
    • 3 categories of owners: Administrator, User, Guest -
    • 2 Global PIN-codes: Administrator and User -
    • Local PIN-codes -
    • Combined authentication -
    • The possibility of simultaneous control of the access rights by the 7 Local PIN-codes -

    File system features

    -
    • File structure of ISO/IEC 7816-4 -
    • The level of subdirectory - limited by space available for file system -
    • Number of file objects inside directory - up to 255, inclusive -
    • Using files Rutoken Special File (RSF-files) to store keys and PIN-codes -
    • Storage of private and symmetric keys, without the possibility of exports from device -
    • Predefined directory for storing different kinds of key information (RSF-files) and automatic selection of the predefined directories -
    • The total amount of memory for file structure - 64 kB -

    Initialize

    -
    $ pkcs15-init --erase-card
-$ pkcs15-init --create-pkcs15 --so-pin "87654321" --so-puk ""
-$ pkcs15-init --store-pin --label "User PIN" --auth-id 02 --pin "12345678" --puk "" --so-pin "87654321" --finalize
-
    - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/AktivRutokenS.html opensc-0.12.1/doc/nonpersistent/wiki.out/AktivRutokenS.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/AktivRutokenS.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/AktivRutokenS.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,32 +0,0 @@ - - - AktivRutokenS – OpenSC -
    -
    - -

    Aktiv Co. Rutoken S

    -

    - Aktiv Co. offers the Rutoken S, an USB crypto token with 8K, 32K, 64K or 128K memory. -

    -

    Rutoken S

    -
    • USB IDs: 0a89:0020 -
    • Memory: 8K, 32K, 64K or 128K -

    On-board cryptographic functions

    -
    • GOST 28147-89 -

    Authentication

    -
    • 3 categories of owners: Administrator, User, Guest -
    • 2 Global PIN-codes: Administrator and User -

    File system features

    -
    • File structure of ISO/IEC 7816-4 -
    • Storage of symmetric keys, without the possibility of exports from device -

    Initialize

    -
    $ pkcs15-init --erase-card
-$ pkcs15-init --create-pkcs15 --so-pin "87654321" --so-puk ""
-$ pkcs15-init --store-pin --label "User PIN" --auth-id 02 --pin "12345678" --puk ""
-
    - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/AladdinEtokenPro.html opensc-0.12.1/doc/nonpersistent/wiki.out/AladdinEtokenPro.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/AladdinEtokenPro.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/AladdinEtokenPro.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,154 +0,0 @@ - - - AladdinEtokenPro – OpenSC -
    -
    - -

    Aladdin eToken PRO

    -

    -Image of eToken PRO 32K -

    -

    - Aladdin offers the  eToken PRO, an USB crypto token with 32k or 64k memory and support for RSA keys up to 2048bit key length. -

    -

    -The eToken PRO is fully supported by OpenSC and is well tested. -

    -

    Models

    -

    -The precise model of your token can be determined from the text moulded in the plastic enclosure. -

    -

    Unsupported models

    -

    -There is a rare version of the Aladdin eToken PRO with a G&D Starcos smart card inside. This version never went into mass production as far as we know, and is not supported by OpenSC. -

    -

    -Also there are some smart cards with the "Aladdin eToken" Name on them too. These cards are too old, they are not supported by OpenSC, as they lack some required features. -

    -

    eToken R1 and R2

    -

    -Those were the first generation of tokens produced. They use a proprietary protocol for communication between the host and token. -

    -
    • USB IDs: 0529:030b through 0529:042a -
    • Memory: (?) -
    • Maximum RSA key size: (?) -
    • Crypto chip: (?) -
    • On-Chip OS: (?) -

    eToken PRO 4.2B

    -

    -This is the second public release of the device, that use a proprietary protocol for communication. These can still (2009) be found on the cheap on EBay or otherwise. -

    -
    • USB IDs: 0529:0600 -
    • Memory: 32k -
    • Maximum RSA key size: 2048 bits (it takes a long while to generate one such key, and the LED turns black while it does. Don't panic!) -
    • Crypto chip: Infineon -
    • On-Chip OS: Siemens CardOS M4.2B -

    eToken 64

    -
    • Memory: 64k -
    • Maximum RSA key size: (?) -
    • Crypto chip: (?) -
    • On-Chip OS: CardOS M4.20 (?) or CardOS M4.3b (?) -

     eToken PRO (Java) v4.29

    -

    Supported Cryptographic Services

    -
    • Random Number Generator: DRNG (ANSI X9.31 two key TDES deterministic RNG seeded with the hardware RNG) -
    • Message Digests: SHA-1, SHA-256 -
    • Signatures: RSA PKCS#1 (1024- to 2048-bit in 32-bit increments) -
    • Ciphers: TDES (112- and 168-bit ECB and CBC), TDES MAC (vendor affirmed), AES (128-, 192- and 256-bit ECB and CBC), RSA (1024- to 2048-bit in 32-bit increments) -
    • On-Card Key Generation: RSA PKCS#1 (1024- to 2048-bit in 32-bit increments) -
    • Key Establishment: RSA (1024- to 2048-bit in 32-bit increments [strength 80-bits for RSA 1024 to 112-bits for RSA 2048]) -

    -There seems to be three different physical versions available: the regular PRO, the PRO HD (a hardened version offering additional physical security compliant with FIPS 140-1 Level 3 requirements), and the PRO SC (a smart card). However, differentiating between the PRO and PRO HD is difficult, as there is little info specific to the HD version available online, and the image used in the FIPS Security Policy documents is identical for the PRO and PRO HD. -

    -

     eToken NG-OTP

    -

    -This device (and the others below) are compliant with the USB CCID (Chip/Smart Card Interface Devices) standard (see section “Smart Card Class” on  http://www.usb.org/developers/devclass_docs). As such, they don't require a proprietary driver to work with OpenSC. -

    -
    • USB IDs: (?) -
    • Memory: (?) -
    • Maximum RSA key size: (?) -
    • Crypto chip: (?) -
    • On-Chip OS: Siemens CardOS M4.20 (?) -

    Support

    -

    -Aladdin is maybe the oldest player in the USB token field, and their hardware and software predates the standards such as CCID and PKCS#15, so you can't really blame them for not conforming to these standards (especially for older token hardware). See also the Thanks section below, they are a fair player! -

    -

    -Aladdin has an SDK with Documentation on their ftp server for public download, but to implement the OpenSC driver further documentation was necessary (by Siemens and available only under NDA as far as we know). -

    -

    CardOS-based versions

    -

    -CardOS versions up to and including M4.20 are supported. (Is CardOS M4.3b also working?) This includes all the CardOS-based token versions listed above except the evaluation boards. In order to make these work with OpenSC, one has to install the proprietary middleware; the proprietary key manager is not needed. See below. -

    -

    -One minor misfeature of the Siemens CardOS M4 is that an RSA key cannot be used for both signing and decryption. OpenSC has implemented a workaround: software key generation and storing that key twice, once marked as decryption key and once marked as signing key. To enable this workaround specify "--split-key" on the command line, when creating the key. -

    -

    Installation Notes

    -

    -Aladdin provides their own software, which comprises both the middleware (necessary for all CardOS-based tokens) and the key-management tool ( also for Linux) which is not compatible with PKCS#15. (However, as long as enough memory is available on the chip, it is possible to initialize the token with both OpenSC and this proprietary key manager, and thus install files and keys side by side - each software can then only handle their own structures.) -

    -

    Mac OS X

    -

    -Download the  PKIClient 4.55 software package. If you are only interested in the middleware (and not the proprietary key manager), don't install everything at once; rather, follow these steps: -

    -
    1. unpack and mount the pkiclient.4.55.41.dmg file -
    2. explore the eToken PKI Client 4.55.mpkg directory on it (Ctrl-click then “Show package contents”), then open “Contents” and “Packages” -
    3. double-click on the following packages in this order so as to install them: -
      • etokenframework.pkg: those are the shared libraries (that will go into /Library/Frameworks/eToken.framework) needed by all the other packages; -
      • etokendriversleopard.pkg (for Mac OS 10.5.x) or etokendriverstiger.pkg (for Mac OS 10.4.x): this is the middleware, that goes under /usr/libexec/SmartCardServices/drivers/eTokenIfdh.bundle/ . It consists of an auxillary daemon that will be run by pcscd in order to perform the necessary USB I/O. -

    -To test this setup, plug your token in, then open a terminal and type the following commands: -

    -
    sudo killall pcscd
-sudo /usr/sbin/pcscd -a -d -f
-

    -pcscd should start chatting, and the diode on the token should turn on. If pcscd instead says: -

    -
    Error loading /usr/libexec/SmartCardServices/drivers/eTokenIfdh.bundle/Contents/MacOS/eTokenIfdh:  dlopen(/usr/libexec/SmartCardServices/drivers/eTokenIfdh.bundle/Contents/MacOS/eTokenIfdh, 262)
-

    -it means that the middleware is corectly installed, but etokenframework.pkg is not. This happens when one installs the former first (!) In that case, run the Uninstall eToken PKI Client 4.55 program from the .dmg image and start over. -

    -

    Linux

    -

    -The middleware for Linux is available here:  ftp://ftp.ealaddin.com/pub/etoken/Linux ; and a third party provides the the  key-management tool for Linux (you don't need the latter if you just want your token to work with OpenSC). -

    -

    Thanks

    -

    -Big thanks to  Aladdin, they sponsored an OpenSC workshop in 2003 by donating 30 Aladdin eToken PRO! -

    -

    -Big thanks to  Startcom and Eddy Nigg for lots of time and support in adding support -for the Aladdin eToken PRO 64, for lots of testing and for donating one to us. -

    -

    -Big thanks to  ASW, they donated two Aladdin eToken PRO 64, so we could test our support for -those Tokens (not yet released, will be included in the next release). -

    -

    -Big thanks to Josef Gillhuber from  Aladdin. He donated two eToken PRO (32k and 64k) on LinuxTag 2006. -

    -

    -Thanks to Roman Stahl, he donated two Aladdin eToken PRO 32k (4.2B), so we could verify: they work fine too. -

    - - - -
    -

    Attachments

    -
      -
    • - eToken.gif - Download - (3.5 KB) - added by pk - 3 years ago. - Image of eToken PRO 32K -
      • -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/AppleCSP.html opensc-0.12.1/doc/nonpersistent/wiki.out/AppleCSP.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/AppleCSP.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/AppleCSP.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,21 +0,0 @@ - - - AppleCSP – OpenSC -
    -
    - -

    Mac OS X CSP

    -

    -Mac OS X has CDSA/Keychain for cryptographic operations and a Tokend subsystem for accessing smart cards (much like BaseCSP and minidrivers on recent Windows) -Links -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/ASEPCOS.html opensc-0.12.1/doc/nonpersistent/wiki.out/ASEPCOS.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/ASEPCOS.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/ASEPCOS.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,32 +0,0 @@ - - - ASEPCOS – OpenSC -
    -
    - -

    Athena ASEPCOS

    -

    - Athena ASEPCOS smartcards and tokens are supported as for OpenSC-0.11.6. -

    -

    -Full PKCS#15 emulation is supported. -

    -

    -Athena cooperates with the OpenSC project and provides any required information. -

    -

    -If you are interested in Athena's tokens (ASEKey), make sure you order the CCID compliant version. -

    -

    -Another issue you may encouter is failure to initialize the PKCS#15 structure. This may be due to pre-formated smartcard using Athena proprietary provider. If you have this issue, ask for help in OpenSC MailingList?. -

    -

    -Athena also makes JavaCards?, which require a supported applet. -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/Australia.html opensc-0.12.1/doc/nonpersistent/wiki.out/Australia.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/Australia.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/Australia.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,27 +0,0 @@ - - - Australia – OpenSC -
    -
    - -

    Australian national ID card

    -

    - Sydney Morning Herald reports there -will be a national card in australia containing a smart card by 2010. See also the  discussion on slashdot. -

    -

    -We don't know anything about it so far, but of course we want OpenSC to support that card. If you know how we can get a demo card or a spec, -please contact us. -

    -

    -Other interesting links -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/AustrianEid.html opensc-0.12.1/doc/nonpersistent/wiki.out/AustrianEid.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/AustrianEid.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/AustrianEid.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,47 +0,0 @@ - - - AustrianEid – OpenSC -
    -
    - -

    Austrian "Bürgerkarte"

    -

    -Austria has several laws for smart cards (most important the "Signaturgesetz"), and all cards conforming to those laws are using the custom-built  ACOS card operating system. Mostly electronic banking cards (Bankomatkarte) with a new chip and the "a-sign premium" logo on the back can be used to add an official certificate to it. These certificate can then be used for several government communications (tax reports, electronic receiving of orders, bank logins etc). -

    -

    - A-Trust, the only accredited provider of certificates suitable for the Signaturgesetz, provides a pkcs#11 Library (for Mozilla/Firefox/Thunderbird) to access the card: - http://www.a-trust.at/xpi/atrusttools/info.asp -

    -

    -The card itself does not have a pkcs#15 structure on it. Some support for the atrust-acos OS is already in opensc. It detects the card as an a-Trust ACOS card, however, I haven't been able to do anything else yet (using opensc 0.10.1). -

    -

    -Links: -

    -

    Austrian e-card

    -

    -Since 2005, all Austrians have a health card, called e-card: -

    -

    - http://www.chipkarte.at/esv_images/cc/home/karte_neu.jpg -

    -

    -I don't have enough informations about these cards to make OpenSC support them. If you do have any such information, please let us know or add a link to the list below: -

    -

    -Information about the Austrian e-card: -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/AuthorsAndCredits.html opensc-0.12.1/doc/nonpersistent/wiki.out/AuthorsAndCredits.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/AuthorsAndCredits.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/AuthorsAndCredits.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,201 +0,0 @@ - - - AuthorsAndCredits – OpenSC -
    -
    - -

    OpenSC Credits

    -

    -OpenSC was written by (or uses code copied from): -

    -
    • Alon Bar-Lev -
    • Andrea Frigido -
    • Andreas Jellinghaus -
    • Antonino Iacono -
    • Antti Partanen -
    • Antti Tapaninen -
    • Benjamin Bender -
    • Bert Vermeulen -
    • Boris Kröger -
    • Bud P. Bruegger -
    • Carlos Prados -
    • Chaskiel Grundman -
    • Danny De Cock -
    • David Corcoran -
    • Douglas E. Engert -
    • Eric Dorland -
    • Franz Brandl -
    • Geoff Thorpe -
    • Gürer Özen for TUBITAK / UEKAE -
    • Jamie Honan -
    • Jean-Pierre Szikora -
    • Joe Phillips -
    • Juan Antonio Martinez -
    • Juha Yrjölä -
    • Jörn Zukowski -
    • Kevin Stefanik -
    • Ludovic Rousseau -
    • Marc Bevand -
    • Marie Fischer -
    • Markus Friedl -
    • Martin Paljak -
    • Mathias Brossard -
    • Matthias Brüstle -
    • Nils Larsch -
    • Olaf Kirch -
    • Peter Koch -
    • Priit Randla -
    • Robert Bihlmeyer -
    • Sirio Capizzi -
    • Stef Hoeben -
    • Timo Teräs -
    • Todd C. Miller -
    • Viktor Tarasov -
    • Villy Skyttä -
    • Weitao Sun -
    • Werner Koch -
    • William Wanders -

    -and -

    -

    License

    -
     * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-

    -OpenSC does not include the official PKCS#11 header file, because that file is under -a non-free license. Instead OpenSC contains a rewritten header file from scute project -under this license: -

    -
    /* pkcs11.h
-   Copyright 2006, 2007 g10 Code GmbH
-   Copyright 2006 Andreas Jellinghaus
-
-   This file is free software; as a special exception the author gives
-   unlimited permission to copy and/or distribute it, with or without
-   modifications, as long as this notice is preserved.
-
-   This file is distributed in the hope that it will be useful, but
-   WITHOUT ANY WARRANTY, to the extent permitted by law; without even
-   the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-   PURPOSE.  */
-

    -OpenSC (signer) also includes header file: -

    -
    Java Runtime Interface
-Copyright (c) 1996 Netscape Communications Corporation. All rights reserved.
-dp Suresh <dp@netscape.com>
-

    -OpenSC also includes a copy of  my_getopt: -

    -
    my_getopt - a command-line argument parser
-Copyright 1997-2001, Benjamin Sittler
-
-Permission is hereby granted, free of charge, to any person
-obtaining a copy of this software and associated documentation
-files (the "Software"), to deal in the Software without
-restriction, including without limitation the rights to use, copy,
-modify, merge, publish, distribute, sublicense, and/or sell copies
-of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT.  IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
-HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
-WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
-DEALINGS IN THE SOFTWARE.
-

    -OpenSC can be compiled with OpenSSL: -

    -
    This product includes software developed by the OpenSSL Project
-for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)
-
-This product includes cryptographic software written by Eric Young
-(eay@cryptsoft.com).  This product includes software written by Tim
-Hudson (tjh@cryptsoft.com).
-

    -OpenSC uses autoconf m4 macros by -

    -
    m4/autoconf macros by Bruno Haible
-Copyright (C) 2001-2005 Free Software Foundation, Inc.
-
-Copyright (C) 2002, 2003 Free Software Foundation, Inc.
-
-using pkg-config and pkg.,4 autoconf macro by
-Copyright (C) 2004 Scott James Remnant
-

    -OpenSC includes svn2cl by -

    -
    svn2cl Arthur de Jong
-   Copyright (C) 2004, 2005 Arthur de Jong.
-
-   Redistribution and use in source and binary forms, with or without
-   modification, are permitted provided that the following conditions
-   are met:
-   1. Redistributions of source code must retain the above copyright
-      notice, this list of conditions and the following disclaimer.
-   2. Redistributions in binary form must reproduce the above copyright
-      notice, this list of conditions and the following disclaimer in
-      the documentation and/or other materials provided with the
-      distribution.
-   3. The name of the author may not be used to endorse or promote
-      products derived from this software without specific prior
-      written permission.
-
-   THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
-   IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-   WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-   ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
-   DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-   DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
-   GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-   INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
-   IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
-   OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-   IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-

    -OpenSC includes strlcpy.c (from  ftp://ftp.openbsd.org/pub/OpenBSD/src/lib/libc/string/) by -

    -
     Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
- THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-

    -Please see each file for the detailed copyright information. -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/BelgianEid.html opensc-0.12.1/doc/nonpersistent/wiki.out/BelgianEid.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/BelgianEid.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/BelgianEid.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,35 +0,0 @@ - - - BelgianEid – OpenSC -
    -
    - -

    Belgian Belpic

    -

    -Belgium has released an  official software for their eID card. -That software is a modified version of OpenSC. The source code for this software has been - published as well. -

    -

    -OpenSC 0.10.* will include support for the Belgian eID card, except for legally binding signatures (with the -so-called Signature key) as this requires a GUI, which is not yet available/implemented. -Till that new release please use the "belpic" software available from the belgian state. -

    -

    -For more info: -

    -

    -Thanks to Belgium for choosing OpenSC as basis for their software and donating the full source code back to use under LGPL license. -Thanks to Zetes for their support of OpenSC. -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/CardOs.html opensc-0.12.1/doc/nonpersistent/wiki.out/CardOs.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/CardOs.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/CardOs.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,36 +0,0 @@ - - - CardOs – OpenSC -
    -
    - -

    Siemens CardOS M4

    -

    -Siemens CardOS M4 smart card should work fine with OpenSC. -

    -

    -Supported smart cards are the Aladdin eToken PRO and the Eutron ITSEC-I USB tokens. -

    -

    -Currently only the Aladdin eToken PRO is tested often (a usb crypto dongle that contains a card with this operating system). It works fine, so all other smart cards with the same card operating system should work fine, too. -

    -

    -Siemens CardOS M4 does not allow a key to be used for signing and decryption. OpenSC has a workaround for this restriction, you can generate or store a private key with the "--split-key" flag which will store the key twice, with different usage options, but hide this detail. -

    -

    -Some documentation is available from Aladdin for their eToken PRO, but for an in-depth documentation you need the Siemens card manual, which requires signing an NDA. -

    -

    -The versions of CardOS M4 are: M4.0, M4.01, M4.2, M4.3, M4.3b, M4.2b and M4.2c in this order. Yes, M4.2c is the latest and greatest and later than M4.3 and M4.3B. -

    -

    -Also note that M4.0 needs special "packages" (i.e. signed firmware addons by siemens) installed to work properly. Best not to use that ancient version -if you can. -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/CardReaders_CTAPI.html opensc-0.12.1/doc/nonpersistent/wiki.out/CardReaders_CTAPI.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/CardReaders_CTAPI.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/CardReaders_CTAPI.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,65 +0,0 @@ - - - CardReaders/CTAPI – OpenSC -
    -

    - CardReaders/CTAPI -

    -

    -
    - -

    Using pinpad readers with CT-API

    -

    -On Win32 a pinpad reader usually supplies a PC/SC driver and a CT-API driver, since pinpad usage with PC/SC currently is vendor specific. There are some rumours about pinpad standardisation for PC/SC drivers, but I guess this will still need some time till it is widely adopted. Another alternative would be to use the CCID specification for USB readers, but there still are (and IMHO will be for some time) lots of non-CCID compliant pinpad readers. -

    -

    -So till another standard finds its way into OpenSC you can try the somewhat less user friendly CT-API if you want to use your pinpad with OpenSC. -

    -

    Configuring CT-API in opensc.conf

    -

    -To activate the CT-API driver you have to add the token "ctapi" to the reader_drivers attribute of the app default section (or whatever app you are using). -Then the reader's parameters, that is the library and port number, have to be configured in the "reader_driver ctapi" secion. -

    -

    -Use this as an example: -

    -
      app default {
-    reader_drivers = ctapi;
-    reader_driver ctapi {
-      module c:\winnt\system32\CTRSCT32.DLL {
-        ports = 1;
-      }
-    }
-
-  # All the other OpenCT-Parameters...
-  .
-  .
-  .
-  }
-

    -Notes -

    -
    • Some drivers use port number 0 for the first reader, others start counting with 1. -
    • You can use multiple readers. Just add more "module"-sections if they use other drivers or add port numbers with a comma for the same driver. You can even mix PC/SC drivers and CT-API drivers for different readers. -
    • The same approach should work with Unix if you can find the CT-API library for your reader. -

    -After this you can try "opensc-tool -l" and hope to see something like -

    -
    C:\work\opensc\src\tools>opensc-tool -l
-Readers known about:
-Nr.    Driver     Name
-0      ctapi      CT-API c:\winnt\system32\CTRSCT32.DLL, port 1
-

    -If you are using a pinpad aware application (I still don't know any except my private pintest) you are ready. Some other applications (like the PKCS#11 plugin for Mozilla or the OpensslEngines?) will use the pinpad if you hit return after being asked for a PIN. -

    -

    -Note that up to date PIN modification or unblocking is not supported with CT-API driver, there still is some work to do... ;) -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/CardReaders_SPR532.html opensc-0.12.1/doc/nonpersistent/wiki.out/CardReaders_SPR532.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/CardReaders_SPR532.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/CardReaders_SPR532.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,54 +0,0 @@ - - - CardReaders/SPR532 – OpenSC -
    -

    - CardReaders/SPR532 -

    -

    -
    - -

    PinPad AKA SPR532 and OpenSC mini-howto

    -

    -To get feedback as early as possible, here's a small tutorial how to get going with SPR532 and pinpad. There are other PinpadReaders and other interfaces but the given interface makes use of  PC/SC version 2.0 spec Part 10. -

    -

    -Things you need to try it out: -

    -
    • get yourself a SPR532 reader from www.scmmicro.com -
    • upgrade the firmware to the latest (at least 5.05) version using stuff from here:  http://www.scmmicro.com/support/pcs_downloads.html?PID=70&s1=6&s2 -
      • Note that this upgrade will make your reader's pinpad unusable under Windows if your application only supports the older and broken firmware! -
    • install  pcsc-lite (version 1.3.3 or later) -
    • install  ccid driver (version 1.2.1 or later) -
    • install the latest opensc trunk -
      • After installation, make sure you have opensc.conf in the location told by configure and make sure that enable_pinpad is set to 'true' -

    - -Notes: -

    -

    -What you can do: -

    -
    1. test and provide feedback -
    2. help to argue how things should look like in different places and how we shall solve some issues - see DesignDiscussion -

    -Known issues: -

    -
    1. It is known to work with SPR532 under Linux as well as Windows XP (latest firmware and PCSC drivers, at least for pin verification) -
    2. Support for pinpad operations in general might lag behind your needs. Patches most welcome :) -
    3. It should work with many newer pinpad readers that provide the right driver on Windows, but currently only SPR 532 has been tested. If you have a nice reader on windows, try out the latest SCB to see it it works! -

    -Open questions: -

    -
    1. SCM seems to also offer a CCID driver for LINUX:  http://www.scmmicro.com/support/pcs_product_drivers.html Has anyone tested it? Does it work? martin: the usual 'binary only' whining applies. Also, there should be no difference from the pcsc v2 part 10 point of view. (I tried SCMs CCID-"driver" on april 3rd 2007 - it's just a link to Ludovics site!!) -
    - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/CompatibilityIssues.html opensc-0.12.1/doc/nonpersistent/wiki.out/CompatibilityIssues.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/CompatibilityIssues.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/CompatibilityIssues.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,60 +0,0 @@ - - - CompatibilityIssues – OpenSC -
    -
    - -

    Software compatibility

    -

    -In general all smart cards are incompatible. That is the sad truth. -

    -

    -First, every card has different commands. Some of them conform to the standard ISO 7816 Part 4 and higher, but -most cards have at least some commands, that are special, or the commands require a special data structure. -

    -

    -Second, even if the same card is used, two different software companies tend to use the card in incompatible -ways. However there is hope for this problem:  PKCS#15 is a standard designed to solve that issue. -

    -

    -OpenSC implements PKCS#15, so cards initialized with OpenSC should work with other software implementing -it and vice versa. Note however, that usualy a card can only be modified with the software that was used -for initializing it in the first place. In that case you can only read the data with the compatible software, -use the keys, and most likely change pin and puk numbers. -

    -

    -Sometimes it is possible to live side by side. Think of a cd or a disk drive, with a picture and a text -file on it. Your text application can only open and change the text, and your graphics application can -only open and change the graphic, but if the medium can hold both files, you can store both on it. -

    -

    -That happends for example with the "Aladdin eToken PRO" (a usb crypto token) and OpenSC and the Aladdin -Software. OpenSC creates the file "2f00" and the directory "5015" as per PKCS#15 standard, and fills -both with data/keys/certificates. Aladdin does the same in the directory "6666". Still no software knows -how to deal with the other ones data/keys/certificates. -

    -

    Compatible Software

    -

    -But at least some software is compatible: -

    -

    -Giesecke & Devrient ship the  Starcos -smart card and usb tokens based on that card. The software bundled with both is called StarSign. That software implements -the PKCS#15 standard, too, so it should be fully compatible with OpenSC and vise versa. If there is any issue, please -let us know (the last test was quite a while in the past). -

    -

    -If you know other software implementing PKCS#15, please add a paragraph. -

    -

    National ID cards

    -

    -National ID cards often are a standard of their own. OpenSC has PKCS#15 emulations for these cards, so you can use -them anway. See NationalIdCards? for a list of supported cards. -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/CompatiblityIssues.html opensc-0.12.1/doc/nonpersistent/wiki.out/CompatiblityIssues.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/CompatiblityIssues.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/CompatiblityIssues.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,13 +0,0 @@ - - - CompatiblityIssues – OpenSC -
    -
    - - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/CompilingInstalling.html opensc-0.12.1/doc/nonpersistent/wiki.out/CompilingInstalling.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/CompilingInstalling.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/CompilingInstalling.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,191 +0,0 @@ - - - CompilingInstalling – OpenSC -
    -
    - -

    Compiling and Installing OpenSC

    -

    -This page has all the details on compiling and installing OpenSC. -First some general instructions for Linux (and all unix operating -systems not mentioned), and then the special cases for Solaris, -Mac OS X and Windows. -

    -

    -First a small warning: do not use gcc 4.0.1/2, opensc will segfault. -The backtraces we have show some stack corruption, and we haven't been -able to isolate the issue yet. So in the meantime we can only ask you -to use gcc 3.3 or 3.4, they work well, and we are not aware of any -issue. Exception: the apple gcc 4.0 on Mac OS X is fine, so far no -problem reports. -

    -

    -To compile OpenSC you need to have installed: -pkg-config, openssl (runtime and development), openct and/or pcsc-lite -(runtime and development), libltdl (runtime and development) and if you want the signer part: -libassuan (runtime and development) and x libraries (runtime and development). -

    -

    -OpenSC tries to auto-detect all libraries using the pkg-config system. -Most big software projects like KDE or Gnome use it already for a long -time, so most users will have it installed. -

    -

    -Note: if you don't have libassuan installed, the signer won't be built. -Most users and developers neither use nor need it. Also note the configure -script does currently not properly check for x11 libraries and development -files, it simply tries to build the signer if libassuan is found, and possibly -fails, if x11 libs and development files are missing. -

    -

    -If you don't have pkg-config installed, and don't want to, you can -use environment variables to tell configure, how to link with some -library: -

    -
    • OPENCT_CFLAGS and OPENCT_LIBS for OpenCT -
    • PCSC_CFLAGS and PCSC_LIBS for PC/SC-Lite -
    • OPENSSL_CFLAGS and OPENSSL_LIBS for OpenSSL -
    • ASSUAN_CFLAGS and ASSUAN_LIBS for Assuan -

    -But most of the time it is easier to let pkg-config handle the -automatic detection. If some libraries are not installed in -typical locations, you need to tell pkg-config where to find the -*.pc files. You can do this with the PKG_CONFIG_PATH environment -variable, for example: -

    -
    export PKG_CONFIG_PATH=/usr/lib/pkgconfig:/usr/local/lib/pkgconfig:/opt/mystuff/liv/pkgconfig
-

    Typical Installation

    -

    -But most users use whatever their linux distributions or other operating -systems provide, and thus don't need any of this. We suggest to install -OpenSC into /usr and to put the configfile into /etc. The default -however would be /usr/local and /usr/local/etcc, so you might want -to change those. We suggest to compile OpenSC like this: -

    -
    tar xfvz opensc-a.b.c.tar.gz
-cd opensc-a.b.c
-./configure --prefix=/usr --sysconfdir=/etc
-make
-make install
-cp etc/opensc.conf /etc/
-

    OpenCT

    -

    -By default configure script tries to locate openct automatically, -this can be disabled by --disable-openct option. -

    -

    PC/SC-Lite

    -

    -Most distributions will include pcsc-lite version 1.2.0. -However if you want to use pinpad readers, at least those -that support the new PC/SC v2 Part 10 standard for pinpad -readers, then you need to have pcsc-lite 1.2.9-beta8 or later. -

    -

    -By default configure script tries to locate pcsc-lite automatically, -this can be disabled by --disable-pcsc-lite option. -

    -

    -The configure script will tell you about this: -

    -
    checking for PCSC_CFLAGS... -I/usr/include/PCSC
-checking for PCSC_LIBS... -lpcsclite
-checking for reader.h... no
-configure: WARNING: reader.h not found, install pcsc-lite 1.2.9-beta8 or later, or use PCSC_CFLAGS=... ./configure
-

    -In this example pcsc-lite was found, but only an older version without -support for the new PCSC v2 part 10 standard. This is fine, except -for suport of modern pinpad readers. -

    -

    Mac OS X

    -

    -Apple did not include pkg-config in Mac OS X, changed the pcsc-lite -header files and includes a version of pcsc-lite that does not -support the new PCSC v2 part 10 pinpad reader standard. -

    -

    -To compile OpenSC on Mac OS X we suggest: -

    -
    export OPENSSL_CFLAGS="-I/usr/include"
-export OPENSSL_LIBS="-L/usr/lib -lcrypto"
-tar xfvz opensc-a.b.c.tar.gz
-cd opensc-a.b.c
-./configure --prefix=/usr --sysconfdir=/etc
-make
-make install
-cp etc/opensc.conf /etc/
-

    Microsoft Windows

    -

    -if you have Visual Studio .NET installed already you need not download either of these. -

    -

    - -To compile OpenSC: -

    -

    -1) Unpack the opensc-a.b.c.tar.gz -

    -

    -2) You need to edit the file win32/Make.rules.mak -- Point the variable LIBLTDL_INCL = %LIBLTDL_HOME%\include -- Point the variable LIBLTDL_LIB = %LIBLTDL_HOME%\lib\libltdl.lib -Where LIBLTDL_HOME is where you installed LibTool?. -

    -

    -3) Set the variable OPENSSL_DEF = /DHAVE_OPENSSL -- if you wish to use OpenSSL (suggested) you can get it  here -- if you opted yes to use OpenSSL -

    -

    --- Set OPENSSL_INCL_DIR=/I%OPENSSL_HOME\include\ -

    -

    --- Set OPENSSL_LIB=%OPENSSL_HOME\lib\VC\libeay32MD.lib -

    -

    --- Set PROGRAMS_OPENSSL=pkcs15-init.exe cryptoflex-tool.exe netkey-tool.exe -

    -

    -- Alternatively, if your compiler seems to think that the above variables are actually input file arguments, you can comment them out and install them as environment variables. If someone knows why this might happen, please clear up this point. -

    -

    -4) In some versions of Visual Studio .NET you MAY have to make a change to \opensc-a.b.b\src\include\opensc\log.h to solve a minor compiling error. You need to replace __FUNCTION__ by __SCFUNCTION__. In 7.1 (.NET 2003) this was NOT necessary -

    -

    -5) Unconfirmed is if you are using Mircrosoft Visual Sudio .NET development environment, you need to copy three files from Visual Studio .NET, namely afxres.h, winres.h and afsxres.rx, to \opensc-a.b.b\src\include sub-directory before compiling. This is unverified but being left incase you have wierd issues -

    -

    -6) Compiling OpenSC is done with -

    -

    -- The Visual Studio Command Prompt or -

    -

    --- Alternatively with the regular command prompt (cmd). But, you MUST runs vcvars32.bat. This should already be in your path. If not, check your Platform SDK or .NET bin directory -

    -
    cd opensc-a.b.c
-nmake /f Makefile.mak
-

    -Configuration instructions for building inside of the IDE directly are coming. -

    -
    -
    - - - -
    -

    Attachments

    -
      -
    • - Make.rules.mak - Download - (1.6 KB) - added by wiredland@… - 4 years ago. - Sample of opensc-0.10.0\win32\Make.rules.mak -
      • -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/Cryptoflex.html opensc-0.12.1/doc/nonpersistent/wiki.out/Cryptoflex.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/Cryptoflex.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/Cryptoflex.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,33 +0,0 @@ - - - Cryptoflex – OpenSC -
    -
    - -

    Schlumberger / Axalto Cryptoflex

    -

    -All Cryptoflex cards are supported by OpenSC, tested very often and work fine. -

    -

    -If you initialize Cryptoflex cards with OpenSC, you need to know the so called transport key for this, and for creating PIN objects as well. The card can later be erased by anyone knowing the transport key only (knowing the SO-PIN or PIN is not required). -

    -

    -Cryptoflex 8k cards however are too small, so the default profile does not fit on the card. Not even the small option is small enough to make it fit on the card. However you could edit the profile file to make it even smaller, then it should work again. -

    -

    -Documentation is available on the internet, for example  http://www.polman-software.com.pl/pdf/CryptoflexPG.pdf. -

    -

    -Cryptoflex cards are also available as SchlumbergerEgate - a version of Cryptoflex cards that natively support Full speed USB on their chip and only require a small adapter/connector to interface to the USB bus of the PC, either in token (sim) format of full ISO format. -

    -

    Test Results

    -

    -Works fine in smart acrd bundle 0.3rc2 on windows xp (cryptoflex 32k with plug in egate token adapter, driver 2.6.0). -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/CryptoIdentity.html opensc-0.12.1/doc/nonpersistent/wiki.out/CryptoIdentity.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/CryptoIdentity.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/CryptoIdentity.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,23 +0,0 @@ - - - CryptoIdentity – OpenSC -
    -
    - -

    -CryptoIdentity combines the functions of a Smart Card to those of its reader, as in a single device it offers: -

    -

    -- The technology of a chip Smart Card in compliance with the standard ISO 7816 3-4, including the operating system that can benefit from the encryption functions of the same chip and manage a strong file system on-board. -- The USB connecting standard, which is recognized as the communication and data transfer multi-platform technology in I.T. -

    -

    -See more on:  http://www.cryptoidentity.eutron.com/ -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/CryptoIdentityItsec.html opensc-0.12.1/doc/nonpersistent/wiki.out/CryptoIdentityItsec.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/CryptoIdentityItsec.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/CryptoIdentityItsec.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,130 +0,0 @@ - - - CryptoIdentityItsec – OpenSC -
    -
    - -

    Eutron CryptoIdentity ITSEC-I & ITSEC-P

    -

    - Eutron offers the  CryptoIdentity  ITSEC-I &  ITSEC-P, an  USB readerless smart card / crypto token with 32k memory and support for RSA keys up to 1024bit key length. -

    -

    -The CryptoIdentity ITSEC-I & ITSEC-P is fully supported by OpenSC, but has not been tested for a while. -

    -

    -Note that Eutron also offers two other crypto tokens in the CryptoIdentity line, but those -are not supported at all (no documentation available);  combo models are also available -offering USB flash memory mass-storage functionality in addiction to smart card features. -

    -

    -The smart card inside is an Infineon Chip with the Siemens CardOS M4 smart card operating system ( ITSEC-I model) or Philips Chip with the StarCOS SPK 2.3/2.4 operating system ( ITSEC-P, model). -The driver is called "etoken" because this was the first device with that smart card that was tested with OpenSC. Only the usb -interface differs, the rest seems to be the same. -

    -

    -One minor feature of the Siemens CardOS M4 is, that a rsa key cannot be used for both signing -and decryption. OpenSC has implemented a workaround: software key generation and storing that -key twice, once marked as decryption key and once marked as signing key. To enable this workaround -specifiy "--split-key" on the command line, when creating the key. -

    -

    -Eutron has their own software for windows. This software does not implement PKCS#15 and thus is not -compatible with OpenSC. As long as the card has memory, you can initialize the card with both software -packages, and thus install files and keys side by side - each software can only handle their own structures. -

    -

    -Documentation was not necessary, as the driver for the smart card inside was already implemented. -

    -

    -However there is no official tool to format a token (for example if you lock it up by accident), you must contact Eutron in this case. -

    -

    -For price and availability, please contact Eutron directly. -

    -

    Thanks

    -

    -Big thanks to Eutron, they donated several tokens and a sim card reader. We are working on -improving our support for the cards. Thanks! -

    -

    Problem with current ITSEC-I tokens

    -

    -As of 2006-06-17 there are known problems with ITSEC-I toekn, which have been initialized by Eutron for their own software. -As a symptom you encounter the following error when trying to generate a private key atop of an existing PIN: -

    -
    $ pkcs15-init -G rsa/1024 -a 1 -i 45 -u sign --so-pin 11111111 --pin 11112222            
-card-cardos.c:225:cardos_check_sw: required access right not granted
-card-cardos.c:907:cardos_put_data_oci: Card returned error: Security status 
-not satisfied
-card.c:686:sc_card_ctl: returning with: Security status not satisfied
-Failed to generate key: Security status not satisfied
-

    -You might also come across the following error, if you try to generate an PIN-protected private key more than once, -after you have got the above error message: -

    -
    $ pkcs15-init -G rsa/1024 -a 1 -i 46 -u sign
-card-cardos.c:225:cardos_check_sw: invalid parameters in data field
-card.c:376:sc_create_file: returning with: Incorrect parameters in APDU
-Failed to generate key: Incorrect parameters in APDU
-

    -The reason for the above error messages is, that the Token is in the wrong cardos-lifecycle "operational", where some operations -like key generation do not seem to be suported. You can get the current lifecycle of a token using the cardos-info command: -

    -
    # cardos-info
-Info : CardOS/M4.01a (C) Siemens AG 1994-2002
-Chip type: 108
-Serial number: 24 72 7b 03 1c 0a
-Full prom dump:
-33 66 00 1F DD DD DD DD 6C FF 24 72 7B 03 1C 0A 3f......l.$r{...
-00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
-OS Version: 200.4 (that's CardOS M4.01a)
-Current life cycle: 16 (operational)
-Security Status of current DF:
-Free memory : 1000
-ATR Status: 0x0 ROM-ATR
-Packages installed:
-01 04 07 02 C8 04 01 04 13 04 C8 04 ............
-Ram size: 4, Eeprom size: 32, cpu type: 66, chip config: 63
-Free eeprom memory: 20596
-System keys: PackageLoadKey (version 0x00, retries 10)
-System keys: StartKey (version 0xff, retries 10)
-Path to current DF:
-

    -In the above snippet you see, that this token is in the "operational" lifecycle and is hence subject to the above mentioned problems. -As a side effect of the wrong operational mode, opensc is not alble to delete any DFs/MFs when the private key generation fails. -In such a case you will discover a temporary object EF 5015/7EAD on your token, which triggers the second problem mentioned above. -

    -
    $ opensc-explorer
-OpenSC Explorer version 0.11.0
-OpenSC [3F00]> cd 5015
-OpenSC [3F00/5015]> ls
-FileID  Type  Size
- 4401    wEF   256
- 5031    wEF   256
- 5032    wEF    42
- 4946    wEF   128
- 4402    wEF   256
- 3048    wEF   142
- 4403    wEF   256
- 7EAD    wEF   512
-OpenSC [3F00/5015]> quit
-

    -Nils Larsch has kindly provided me with a workaround for the problem of deleting EFs/MFs, however there's no benefit for the end-user, because -you neither will be able to generate a private key if you can delete the temporatry object. If you are interested in the whole story, -mail me (wolfgang dot wglas at ev-i dot at). -

    -

    -A satisfying solution of this problem is unfortunately tied to the solution of the initialization problem. Eutron has been so kind to provide me with Tokens, which are in the "manufactured" lifecycle, which means that these tokens are not initialized with any software package. In this state, these tokens are not usable for opensc, because you need some APDU-initalization scripts from Siemens in order to initialize the software packages on the chip. -

    -

    -The  Eutron entry in the openct Wiki has some informations on an initialization tool, which is available from Eutron, but this tool is not very helpful, since is restores the token to the state described above. -

    -

    -We are currently trying to find a solution for this problem together with Siemens, Eutron and Andreas Jellinghaus. If we make further progress with this issue, we will publish them on this Wiki page as soon as possible. -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/Cyberflex.html opensc-0.12.1/doc/nonpersistent/wiki.out/Cyberflex.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/Cyberflex.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/Cyberflex.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,173 +0,0 @@ - - - Cyberflex – OpenSC -
    -
    - -

    Schlumberger / Axalto Cyberflex

    -

    -Earlier versions of Cyberflex cards have the same or a very similiar filesystem interface like the Cryptoflex cards. -Those cards work well with OpenSC. -

    -

    -Newer versions however are pure JavaCards and will not work without a JavaApplet. -

    -

    - MuscleCard is an open source software containing a Java Cardlet for several smart cards -implementing the JavaCard standard. Starting with OpenSC 0.11.2 support for MuscleCard has been added. -

    -

    -Current Test Status: Only for the brave! This might kill your card! No warranty whatsoever! But initialization with OpenSC works. -

    -

    Reader configuration

    -

    -If you have an e-gate token, you need to configure it for PC/SC properly, as the tools used for loading the applet into the card only speak PC/SC. -

    -

    Installing GlobalPlatform tools

    -

    -First you need to install gpshell from the  GlobalPlatform open source project: -

    -
    wget http://heanet.dl.sourceforge.net/sourceforge/globalplatform/globalplatform-5.0.0.tar.gz
-tar xfvz globalplatform-5.0.0.tar.gz
-cd globalplatform-5.0.0
-./configure --prefix=/usr
-make
-sudo make install
-cd ..
-
-wget http://heanet.dl.sourceforge.net/sourceforge/globalplatform/gpshell-1.4.0.tar.gz
-tar xfvz gpshell-1.4.0.tar.gz
-cd gpshell-1.4.0
-./configure --prefix=/usr
-make
-sudo make install
-cd ..
-

    -Note: gpshell 1.4.1 and later do not work with these instructions and give an error: -

    -
    install -file CardEdgeII.ijc -nvDataLimit 12000 -instParam 00 -priv 2
-Command --> 80E602001B05A00000000107A0000000030000000AEF08C6023100C8022EE00000
-Wrapped command --> 84E602002305A00000000107A0000000030000000AEF08C6023100C8022EE0002C197064B44B6AC700
-Response <-- 6A80
-install_for_load() returns 0x80206A80 (6A80: Wrong data / Incorrect values in command data.)
-

    -Bug @ sf.net:  https://sourceforge.net/tracker2/?func=detail&aid=2406176&group_id=143343&atid=755201 -

    -

    Loading MuscleCard Applet

    -

    -The Muscle Web page is at  http://www.musclecard.com/ but you can download the Applet directly from  http://www.identityalliance.com/CardEdgeII.ijc. A recent copy is also attached to this wiki attachment:CardEdgeII.ijc Download -

    -

    -You need to run gpshell with these commands: -

    -
    $ gpshell
-mode_201
-enable_trace
-establish_context
-card_connect -readerNumber 1 // Depends on your reader
-select -AID a0000000030000
-open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel
-delete -AID A0000003230101
-delete -AID A00000032301
-delete -AID A00000000101
-delete -AID A000000001
-install -file CardEdgeII.ijc -nvDataLimit 12000 -instParam 00 -priv 2
-card_disconnect
-release_context
-

    -The last two "delete" commands will remove an older version of the applet. -

    -

    -Next you need to set the PIN codes to "00000000", so you can initialize the card. -

    -
    opensc-tool -s 00:A4:04:00:06:A0:00:00:00:01:01  -s B0:2A:00:00:38:08:4D:75:73:63:6C:65:30:30:04:01:08:30:30:30:30:30:30:30:30:08:30:30:30:30:30:30:30:30:05:02:08:30:30:30:30:30:30:30:30:08:30:30:30:30:30:30:30:30:00:00:17:70:00:02:01
-

    -Now the token has a working MuscleCard Applet and is ready for use with OpenSC. -

    -

    Using the Token with OpenSC

    -
    pkcs15-init -EC -p pkcs15+onepin
-

    -If you're asked for "Unspecified PIN [reference 1] required", use "00000000". -

    -
    $ pkcs15-init -EC -p pkcs15+onepin --pin 1234 --puk 12345678
-Using reader with a card: Eutron SIM Pocket Combo 01 00
-Unspecified PIN [reference 1] required.
-Please enter Unspecified PIN [reference 1]: 
-$ pkcs15-tool -D
-Using reader with a card: Eutron SIM Pocket Combo 01 00
-PKCS#15 Card [MUSCLE]:
-	Version        : 1
-	Serial number  : 0000
-	Manufacturer ID: Identity Alliance
-	Last update    : 20081207120153Z
-	Flags          : EID compliant
-
-PIN [User PIN]
-	Com. Flags: 0x3
-	ID        : 01
-	Flags     : [0x10], initialized
-	Length    : min_len:4, max_len:8, stored_len:8
-	Pad char  : 0x00
-	Reference : 1
-	Type      : ascii-numeric
-	Path      : 3f005015
-
-
-

    FAQ

    -

    What to do on Windows ?

    -

    - http://sourceforge.net/projects/globalplatform has a download package of GPShell.exe for windows, so no need to compile it on your own. -

    -

    -Download -

    -

    -and unzip both in the current directory. Run the same commands mentioned above and you should be fine. Note however that this is 100% untested, -please report back if it works (or not) on the opensc-user or opensc-devel MailingLists. Thanks for your feedback! -

    -

    Is there a tool for it?

    -

    -A small tool to get some information about the cards can be found here:  http://www.contrib.andrew.cmu.edu/~cg2v/jcop-opensc-0.2.tar.gz -It was written for IBM JCop cards but should work as well with Cyberflex cards. Note: Does not work with latest OpenSC as sc_check_sw symbol is not exported from libopensc. -

    -

    How can I format or update cards with the old applet?

    -

    -If you use ID Ally - it will delete the old applet before installation of the new. gpshell should allow you to delete: -first A00000000101 -then A000000001 -

    -

    What can I do if I specified a too small size?

    -

    -Delete A00000000101 (instance) and reinstantiate to a larger size. -(this will delete all data / key / ... ) -

    -

    I'm asked about Unspecified PIN [Reference 1]

    -

    -There are two APDUs that have to be run first if you use GPShell (which sets the default pins, puks, etc): -

    -

    -00 A4 04 00 06 A0 00 00 00 01 01 and -B0 2A 00 00 38 08 4D 75 73 63 6C 65 30 30 04 01 08 30 30 30 30 30 30 30 30 08 30 30 30 30 30 30 30 30 05 02 08 30 30 30 30 30 30 30 30 08 30 30 30 30 30 30 30 30 00 00 17 70 00 02 01 -

    -

    -Both need to be send in one go - without card reset in between. The first selects the muscle applet, the second sets the default pins to "00000000". You can copypaste the above opensc-tool line to execute these commands. -

    - - - -
    -

    Attachments

    - -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/DesignDiscussion.html opensc-0.12.1/doc/nonpersistent/wiki.out/DesignDiscussion.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/DesignDiscussion.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/DesignDiscussion.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,50 +0,0 @@ - - - DesignDiscussion – OpenSC -
    -
    - -

    Design issues

    -

    -Every change that is not a small fix or minor enhancement requires some kind of design. In order to discuss design decisions as much as possible and leave some kind of track about decisions made and design in place other than source code and comments and maybe even documentation, this sector of the wiki could be used. As always - feel free to comment (but please leave your name after your comment). -

    -

    Pinpad functionality

    -

    -(Martin) -Current state of secure pin entry methods in OpenSC is somewhat limited and hairy. Checks and features and functionality spans several component borders (application, library, card driver, reader, pkcs15 layer, etc). The target is to provide smooth pinpad support. -

    -

    -In theory different layers affect the total pinpad-oriented functioning: -

    -
    1. Reader capabilities - actual reader capabilities detected and enabled by the reader (ctapi, pcsc, openct) -
    2. Reader driver and how-if-what verify methods it implements (though the name verify is not correct if we talk about full pin operations) -
    3. Card driver and if it implements the new pin command interface or if it is possible at all for the given card (maybe it uses some other method, maybe it uses non-numeric passwords) -
    4. pkcs15 layer - what it thinks about underlying hardware capacities and if/how it makes use of it -
    5. pkcs11 layer - exports PROTECTED_AUTHENTICATION_PATH to indicate 'secure authentication (aka pinpad)' and itself feeds data to pkcs15 layer. -
    6. applications - how they interpret various parameters (like slot capabilities, pkcs11 features, etc), how/if they react or should react on empty pins etc. -
    7. Library internal UI functionality - instead of asking for a pin who should notify the user to insert the pin to the pinpad and how? -

    -All these should be put to work for a common goal in a nice way. -

    -

    Requirements

    -
    • Slot flags must correctly state the capabilities of the slot and all functionality must strictly check this flag. -
    • A card driver should have a possibility to disable pinpad enabled functionality even if the slot tells it can do it - for reasons like character passwords -
    • It should be possible to disable pinpad functionality on reader(driver)/global layer as a configuration option - this will result the slot capabilities to be hidden -
    • It should be possible to disable pinpad functionality on a higher level - as a global option. This could result in different -
    • pkcs11 flag about secure authentication flag can be affected by any of the previous config options. -
    • One reader should support different verification methods (you can talk class2 via pcsc and you can talk ctbcs) -

    Things to keep in mind

    -
    • Backwards compatibility -
    • User interaction. -

    Decisions

    -
    • Implement pinpad functionality in a proper way (err, small decisions should be outlined now) -

    -... to be continued ... -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/DesignDiscussion_UserInterface.html opensc-0.12.1/doc/nonpersistent/wiki.out/DesignDiscussion_UserInterface.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/DesignDiscussion_UserInterface.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/DesignDiscussion_UserInterface.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,31 +0,0 @@ - - - DesignDiscussion/UserInterface – OpenSC -
    -

    - DesignDiscussion/UserInterface -

    -

    -
    - -

    User Interface

    -

    -OpenSC is all about SmartCards?. SmartCards? are all about cryptography. Cryptography is something users don't care much about nor want to know about. At the same time - SmartCards? are usually tightly tied to the cardholder. So user interaction and UserInterface? are actually important components of the overall solutions that SmartCards? provide. -

    -

    -To sum up where exactly and how user interaction takes place, can take place or should take place, we need to know what layers and standards affect this area. Then we can find the most convinient and optimal path so that the whole usage of smartcards can be somewhat hidden and convenient for the user. To be more precise: user interaction is everything that the user _must_ do in normal cases - so user _has_ to authenticate to the card somehow, but she must not start other interactions - some application can have the initiative. Information to the end user (errors etc) falls into this category too. -

    -

    To be continued

    -
    • pkcs11 defines login functions, what means user interaction is done by the application to get the pin -
    • pkcs11 also defines secure authentication path variable, what leaves the authentication process outside of the scope of pkcs11 -
    • pkcs15 defines user consent attribute, that must result in user interaction. -
    • opensc includes ui* functions that should deal with some of the problems described here -
    • applications (utilities) deal with user interaction - this should happen in a unified manner -
    • help to fill in! -
    - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/DeveloperHardware.html opensc-0.12.1/doc/nonpersistent/wiki.out/DeveloperHardware.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/DeveloperHardware.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/DeveloperHardware.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,47 +0,0 @@ - - - DeveloperHardware – OpenSC -
    -
    - -

    Developer Hardware

    -

    -We can only test what we have. And we can only write drivers for documented smart cards. -You can ask around, but most developers won't sign an NDA as it is too risky for a private person. -

    -

    -Andreas Jellinghaus: -

    -
    • SCR 332 USB smart card reader -
    • Serial+PS and Serial towitoko readers -
    • SPR 532 USB/Serial+PS2 smart card reader -
    • Rainbow ikey 3000 -
    • Aladdin eToken PRO (the old, not the new PRO 64 or PRO NT-OTP) -
    • Schlumberger/Axalto Cryptoflex 32k + egate -
    • Gemplus PK (one card, I guess 16 Kb) -
    • Cryptoflex 16Kb -
    • Cryptoflex 8Kb (too small for recent profiles - not tested) -

    -Martin Paljak: -

    -
    • SCM SPR 532 -
    • SCM SCR 331 -
    • SCM SCR 243 -
    • OmniKey CardMan 3121 -
    • OmniKey CardMan 2020 -
    • Eutron SimPocket Combo -
    • Micardo 2.1 (EstEID 1.0) -
    • GPK16000 GemSAFE -
    • Cyberflex 32k + egate -
    • Windows XP SP2, OS X 10.4.4, GNU/Linux 2.6 (Debian 3.1) -

    -Additional hardware is very welcome. For donations please contact opensc-devel or -any of the developers directly. -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/DevelopmentPolicy.html opensc-0.12.1/doc/nonpersistent/wiki.out/DevelopmentPolicy.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/DevelopmentPolicy.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/DevelopmentPolicy.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,56 +0,0 @@ - - - DevelopmentPolicy – OpenSC -
    -
    - -

    Development Policy

    -

    -It is easier for all developers if the whole software of a project is homogenous, -follows the same basic rules for function names, coding style, and so on. None of -the rules mentioned in this document are set in stone, however please follow the -rules for now, and if you feel something should be changed: start a discussion -on the opensc-devel mailing list. -

    -
    • Coding Style: we follow mostly the coding style as the linux kernel. So you -can have a look at the "Documentation/CodingStyle" document in the linux -kernel source for details, and use the "scripts/Lindent" script from linux -kernel source to indent source files. ("-npro -kr -i8 -ts8 -sob -l80 -ss -ncs") -
    -
    -

    -Note that indenting is meant to make the code more readable. Please check if the -indent tool actualy made it more readable, and only commit your changes if it did. -Sometimes functions are too nested and it is very hard to rewrite the code with -less nesting. It is prefectly fine to deviate from the norm in such cases. -

    -
    -
    -
    • usualy we define a "something_t" typedef for every "struct something" and use -the something_t name. -
    • build system: we use autoconf, automake and libtool to make the building as easy -as possible. We test on debian sarge (autoconf 2.59, automake 1.9.5, libtool 1.5.6), if you have -different versions of these tools and run into problems, please let us know. -Note: for security reasons (insecure use of tmp files) automake 1.9+ is recommended. -
    • we use and/or provide pkg-config files, to ease linking with our libraries and detecting -libraries. While alternatives might be marginaly better, the additional work might be -not worth it. -
    • svn files: we store only files in subversion that are not generated in any way. -bootstrap will generate most files like configure and Makefile.in. "make dist" will -generate or update the documentation. To do that it uses wget to get snapshots of -our wiki webpage. -
    • "cvs is not a replacement for developer documentation." That rule works well for subversion, too. -We think it is very important all changes are discussed first before commiting. We welcome new -developers, but ask you to post any changes to the opensc-devel mailing list for peer review, -if everything is fine one of the few developers with svn write access will commit the changes. -Once we see someone is sending patches that can be applied without discussion we get lazy and -hand out write access. -
    - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/e-gate.html opensc-0.12.1/doc/nonpersistent/wiki.out/e-gate.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/e-gate.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/e-gate.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,47 +0,0 @@ - - - e-gate – OpenSC -
    -
    - -

    Using Schlumberger e-gate on Linux

    -

    -You have two options: PC/SC or OpenCT. -

    -

    Using OpenCT as a PC/SC reader

    -

    -TODO: This should be moved to OpenCT Wiki -

    -
    cat > /etc/reader.conf.d/openct <<EOF
-FRIENDLYNAME    OpenCT
-DEVICENAME      /dev/null
-LIBPATH         /usr/lib/openct-ifd.so
-CHANNELID       0
-EOF
-update-reader.conf
-/etc/init.d/pcscd restart
-opensc-tool -l
-opensc-tool -a -r 0
-

    -/etc/reader.conf.d/ feature is available on debian/ubuntu and on fedora as far as I know, users of other distributions will want -to edit (NOT OVERWRITE) /etc/reader.conf directly. Also only debian/ubuntu users need to run update-reader.conf command. -opensc-tool -l should show the OpenCT reader via pcsc, and be able to read the atr from it. -

    - - - -
    -

    Attachments

    - -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/Emv.html opensc-0.12.1/doc/nonpersistent/wiki.out/Emv.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/Emv.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/Emv.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,21 +0,0 @@ - - - Emv – OpenSC -
    -
    - -

    EMV cards

    -

    -OpenSC does not support EMV cards. OpenSC does include a dummy card driver for EMV cards that knows how to match some EMV atr-s, but even basic file operations are not implemented by this driver. -

    - -

    - http://www.emvco.com/ -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/EMV.html opensc-0.12.1/doc/nonpersistent/wiki.out/EMV.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/EMV.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/EMV.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,20 +0,0 @@ - - - EMV – OpenSC -
    -
    - -

    EMV (Europay, Mastercard, VISA)

    -

    -OpenSC versions before v0.12 included a dummy EMV driver. EMV cards (bank cards with a chip) are usually not capable of doing crypto operations, unless they have support for DDA (Dynamic Data Authentication). Not many cards, even if issued recently, support DDA. -

    -

    -Also note that the EMV "Chip and PIN" is broken:  http://www.cl.cam.ac.uk/research/security/banking/nopin/oakland10chipbroken.pdf -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/EnvironmentVariables.html opensc-0.12.1/doc/nonpersistent/wiki.out/EnvironmentVariables.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/EnvironmentVariables.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/EnvironmentVariables.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,54 +0,0 @@ - - - EnvironmentVariables – OpenSC -
    -
    - -

    Environment variables

    -

    -You can set different environment variables to change the behavior of OpenSC. -

    -

    HOME

    -

    -The cache directory is set to $HOME/.eid/cache/ on Unix. -

    -

    OPENSC_CONF

    -

    -Specify an alternative opensc.conf file. -

    -

    OPENSC_DEBUG

    -

    -See UsingOpensc -

    -

    PIV_9A06_KEY

    -

    -See PivTool Points at file with public key used when generating a certificate request. -

    -

    PIV_EXT_AUTH_KEY

    -

    -See PivTool Used with PIV cards during initialization. -

    -

    PKCS11SPY

    -

    -See UsingOpensc -

    -

    PKCS11SPY_OUTPUT

    -

    -See UsingOpensc -

    -

    POSIXLY_CORRECT

    -

    TERM

    -

    -Is used to know if the terminal supports color or not. Supported color terminals are: "linux", "xterm", "Eterm", "rxvt", "rxvt-unicode" -

    -

    USERPROFILE

    -

    -The cache directory is set to $USERPROFILE/eid-cache/ on Windows. -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/ePass3000.html opensc-0.12.1/doc/nonpersistent/wiki.out/ePass3000.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/ePass3000.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/ePass3000.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,37 +0,0 @@ - - - ePass3000 – OpenSC -
    -
    - -

    Feitian ePass3000

    -

    - Feitian offers the  ePass3000, an USB crypto token with 32-bit high performance smart card chip and support for accelerated hardware computation. -

    -

    -The driver of ePass3000 in OpenSC is called "entersafe". -

    -

    -Feitian has their own software for windows, GNU/linux and MAC OSX. This software does not implement PKCS15 and thus is not compatible with OpenSC. Because Feitian's software reserves all storage, its data cannot be co-existed with OpenSC's in the USB token. In addition, there may be unexpected errors if both softwares exists in the operating system concurrently, since Feitian's software assumes there is one and only one software manipulates the token. -

    -

    -Token initialized with Feitian's private format can not be directly used by OpenSC. Unless it is totally erased by command "pkcs15-init -E" (all data including private keys inside the token will be lost), and then the token can be re-initialized to OpenSC format by command "pkcs15-init -p pkcs15+onepin -C". -

    -

    -The APDU level manual and further documentation to implement OpenSC are available only under NDA as far as we know. -

    -

    -The USB Interface of the ePass3000 is not public but there is -a binary only driver package available for download for free for both Linux and Mac OS X at  http://www.entersafe.com/ePass3000.html. Recent OpenCT also has support for this token. -

    -

    Thanks

    -

    -Big thanks to  EnterSafe division of  Feitian, for their technical help in adding support for the ePass3000, and donating hardware tokens. -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/EstonianEid.html opensc-0.12.1/doc/nonpersistent/wiki.out/EstonianEid.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/EstonianEid.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/EstonianEid.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,113 +0,0 @@ - - - EstonianEid – OpenSC -
    -
    - -

    Estonian eID

    -

    -OpenSC is the official software for the Estonian eID card for non-WinCSP platforms as well as PKCS#11 provider on all three supported platforms: Windows, Mac OS X, Linux/BSD/*nix -

    -

    -Resources: -

    -

    -Estonian eID card uses Micardo card driver or a similar MULTOS application. This is what is available on the card (Isikutuvastus = authentication, allkirjastamine = digital signature): -

    -
    martin$ pkcs15-tool -D
-Using reader with a card: SCM SPR 532 00 00
-PKCS#15 Card [MARTIN PALJAK]:
-	Version        : 2
-	Serial number  : A1528610
-	Manufacturer ID: AS Sertifitseerimiskeskus
-	Flags          : Read-only, PRN generation, EID compliant
-
-PIN [PIN1]
-	Com. Flags: 0x0
-	ID        : 01
-	Flags     : [0x00]
-	Length    : min_len:4, max_len:12, stored_len:12
-	Pad char  : 0x00
-	Reference : 1
-	Type      : ascii-numeric
-	Path      : 
-	Tries left: 3
-
-PIN [PIN2]
-	Com. Flags: 0x0
-	ID        : 02
-	Flags     : [0x00]
-	Length    : min_len:5, max_len:12, stored_len:12
-	Pad char  : 0x00
-	Reference : 2
-	Type      : ascii-numeric
-	Path      : 
-	Tries left: 3
-
-PIN [PUK]
-	Com. Flags: 0x40
-	ID        : 03
-	Flags     : [0x40], unblockingPin
-	Length    : min_len:8, max_len:12, stored_len:12
-	Pad char  : 0x00
-	Reference : 0
-	Type      : ascii-numeric
-	Path      : 
-	Tries left: 3
-
-Private RSA Key [Isikutuvastus]
-	Com. Flags  : 1
-	User consent: no
-	Usage       : [0x3F], encrypt, decrypt, sign, signRecover, wrap, unwrap
-	Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract, local
-	ModLength   : 1024
-	Key ref     : 1
-	Native      : yes
-	Path        : 
-	Auth ID     : 01
-	ID          : 01
-
-Private RSA Key [Allkirjastamine]
-	Com. Flags  : 1
-	User consent: yes
-	Usage       : [0x200], nonRepudiation
-	Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract, local
-	ModLength   : 1024
-	Key ref     : 2
-	Native      : yes
-	Path        : 
-	Auth ID     : 02
-	ID          : 02
-
-X.509 Certificate [Isikutuvastus]
-	Flags    : 0
-	Authority: no
-	Path     : 3f00eeeeaace
-	ID       : 01
-
-X.509 Certificate [Allkirjastamine]
-	Flags    : 0
-	Authority: no
-	Path     : 3f00eeeeddce
-	ID       : 02
-

    -Known ATR-s of the card are: -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/FeiTian.html opensc-0.12.1/doc/nonpersistent/wiki.out/FeiTian.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/FeiTian.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/FeiTian.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,48 +0,0 @@ - - - FeiTian – OpenSC -
    -
    - -

    -Feitian Technologies is a solution provider and manufacturer of USB security devices used for software protection, network authentication and secure applications. - -

    -

    -Our mission is to protect the information and software assets of your business by providing cost effective products that allow you to easily build security into your applications and network. -

    -

    -Contact Us  http://www.ftsafe.com/ -

    -

    About Feitian

    -

    -Feitian Technologies was organized in 1998 with the mission of creating world class software security products. Feitian expanded quickly. Within a few years it opened offices in Shanghai and Guangzhou. In 2003 it opened yet another office in Chengdu to provide strong coverage of the major markets on the China mainland. Feitian's product lines expanded as well. ROCKEY1 was among the first commercial dongles manufactured in China and reflected the leading standards of the time. Today Feitian has emerged as an innovator in the field. The ROCKEY5 dongle employs the latest in smart card technology. Feitian intends to continue to leverage its core competency in smart card related development to provide our customers with stronger and more flexible solutions for enforcing their licensing agreements. -

    -

    - -

    -

    -In 2000 Feitian released the ePass1000 network authentication token along with its first PKCS and CAPI middleware for the Windows platform. Development on the ePass2000 token began several months later. ePass2000 uses a smart card to securely store digital certificates and internally process encryption algorithms. -

    -

    - -

    -

    -The ROCKEY100 and ROCKEY200 smart card reader technology followed the ePass development efforts. ROCKEY100/200 are USB attached smart card readers that support the PC/SC interface and relevant ISO standards. -

    -

    - -

    -

    -Today Feitian is a fast growing privately held firm with a growing stake in markets outside of China. Feitian's commitment to the IT security field may be seen in its growing roster of product lines and development partners. -

    -

    -NOTE: I'm pretty sure such commercial texts do not belong to this wiki. -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/FinnishEid.html opensc-0.12.1/doc/nonpersistent/wiki.out/FinnishEid.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/FinnishEid.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/FinnishEid.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,67 +0,0 @@ - - - FinnishEid – OpenSC -
    -
    - -

    Finnish FINEID

    -

    -The FINEID cards are available to the private citizens and organisations. -All the new personal identity cards are FINEID cards and they are applied from the police. -(The eid certificates are also available to some banking cards and mobile SIM cards) -

    -

    -The eid certificates are issued by the Population Register Centre (VRK). -Naturally, one cannot alter the eid certificates and keys on the cards. -

    -

    -There are two generations of the Finnish eid cards. -OpenSC should work fine with the eid application following the version 1.x specification that is using a PKCS#15 file structure. -The version 2 of the eid specification address the ISO/IEC 7816-15 file structure and somewhat different command parameters to the version 1 specification. According to the VRK, the version 2 application is implemented in the personal identity cards manufactured since 10.6.2005. -

    -

    -FIXME:did anyone test lately with version 2 cards? -

    -

    -The eid application has two pin codes, one for the identification/encryption -and the other for the signing operations. Both pin codes can be changed by the owner. -

    -

    -FIXME:pin changes in OpenSC? -

    -

    -The FINEID cards allow storing extra data (say, home-made PKI keypairs). -

    -

    -FIXME: save extra data with OpenSC? -

    -
    -

    Unlocking a FINEID electronic identity card

    -

    -You can ask the police for advice on the use of electronic identity cards. You can also test your electronic identity card at police stations. -

    -

    -If your electronic identity card has become locked, you can unlock it at a police station. You must have the correct PUK number with you to unlock the PIN number. -

    -

    -If you have lost your PUK number, the police can on request order a new PUK number, which will be sent by mail to the address you provide. The new number can then be used to unlock your PIN number. -

    -

    -Fees: -Unlocking a PIN number EUR 10 -New PUK number EUR 18 -

    -

    Links

    -

    - http://www.fineid.fi/ -

    -

    - http://www.vaestorekisterikeskus.fi/ -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/FrequentlyAskedQuestions.html opensc-0.12.1/doc/nonpersistent/wiki.out/FrequentlyAskedQuestions.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/FrequentlyAskedQuestions.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/FrequentlyAskedQuestions.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,335 +0,0 @@ - - - FrequentlyAskedQuestions – OpenSC -
    -
    - -

    -Frequently Asked Questions -

    -

    -State of OpenSC -

    -

    -I believe that security software should be simple, well designed, well writen and actively maintained by a dedicated team. -

    -

    -I'm sad to inform you that OpenSC is a rather large and complex software, the design shows that is clearly grown over the years. Most developers stopped being interested in smart cards many years ago, only few are left, of those nearly noone actually uses smart cards day to day. Time for improving OpenSC is scarce if it exists at all, and not a single developer knows the OpenSC core code in detail. -

    -

    -OpenSC is working fine for some applications, like using it with openssh for smart card authenticated ssh login, or for console login with a pam module, or testing and learning about smart cards. But in general you need to judge yourself if the state of OpenSC is compatible with your requirements. -

    -

    -The projects needs more developers and a new project maintainer. If you are interested in spending your free time to work with smart cards, we would like to welcome you to the project, and will try to help you and support your work. -

    -

    -Concepts -

    -

    -PKCS Standards -

    -

    -PKCS is the Public Key Cryptography Standard - a series of standards created by RSA Labs. Each standard is about a different topic, they complement each other. See the RSA Labs page for details. -

    -

    -PKCS#11 - Cryptoki -

    -

    -PKCS#11 is also known as Cryptoki or as "RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki)". It is an API and ABI standard for writing software that uses smart cards or other way to provide cryptography. This standard is implemented for example by Mozilla, Firefox and Thunderbird on the application side and OpenSC and Muscle on the token side. -

    -

    -Mozilla and friends have implemented the standard, so they can load modules in PKCS#11 format (DLLs under Windows, shared objects under Linux / Unix). OpenSC and Muscle implement the standard to provide such a module that can be loaded by these appications. -

    -

    -The standard defines the module interface (ABI and API), for example functions for signing, decrypting, listing keys and certificates, pin handling and so on. -

    -

    -PKCS#15 - Cryptographic Token Information Format Standard -

    -

    -PKCS#11 can be implemented in any way - using smart cards, using normal files, using other special hardware. But what if several people implement PKCS#11, even for the same smart card? Will the same card work with both implementations? -

    -

    -The answer to that is: No, unless both implementations conform to PKCS#15. It defines a standard how to store keys, certificates (and other objects) on smaart cards, manage them and retrieve them again. It defines directory files that link file names to identifiers, labels and flags, so you can see what is on a smart card and what it can be used for and all that. -

    -

    -OpenSC implements PKCS#15 and thus stores everything in the directory 5015, creates certain files in defined formats, subdirectories and so on. Most old software does not implement PKCS#15, for example Aladdin Knowledge System has an old Software that stores everything in the 6666 directory in a format only known to them. Even if we see there is something we are not sure what it is and how it is meant to be used - unless the format is well documented like PKCS#15. -

    -

    -Note that many countries have electronic ID cards for their citizens with keys for digital signatures, and often those cards and not in PKCS#15 format. But OpenSC implements emulations for a number of other documented formats, so these cards can still be used. -

    -

    -Also note that while all cards created with PKCS#15 compatible software can be used by each other software, that does not include changes to the card - only few small changes like changing the PIN code can be done with cards initialized with other software. Big changes like adding keys, removing keys, replacing certificates and so on will often need the software that was used to initilize it in PKCS#15 format in the first place. So PKCS#15 standard helps only for using cards, not for altering them. -

    -

    -Middleware and Readers -

    -

    -How do you talk to a smart card and the smart card reader? Using some software provided by the vendor of the smart card reader. But how do you exactly talk to it? Well, it needs to conform to one of the standards, so the application author knows how to access it. -

    -

    -OpenSC on Linux uses all three alternatives provided here, but you can turn off the ones you don't need in the config file (see below). -

    -

    -CT-API and CT-BCS -

    -

    -CT-API was developed in the 1980ies for DOS. It defines a very simple API, so vendors can ship their smart card readers with some software, and applications authors can use that software, but don't need to know or care what kind of smart card reader he customer will use. -

    -

    -CT-BCS is a sister standard to CT-API. With it application authors can send commands similar to the commands send to smart cards also to the smart card reader. Either the reader or the driver will interpret the command and send an answer. Typical commands would be "is a card in the reader?" or "please reset the card". Drivers in CT-API format implement both CT-API and CT-BCS at the same time, so don't worry if you see only CT-API. -

    -

    -The CT-API is very limited and meant for machines with one user only and one application only and thus doesn't fit well into todays world with many applications running at the same time and maybe even several users running software on the same computer at the same time. -

    -

    -PC/SC -

    -

    -PC/SC is a modern alternative to CT-API and most important implemented and shipped with all modern versions of Windows. While CT-API is a flat standard between the Application and the Driver, with PC/SC there now is a middle ware: The application talks to the Middleware with PC/SC interface, and the middleware talks to the reader drivers in Ifdhandler format. -

    -

    -The good thing about PC/SC is that all companies in the smart card reader business and Microsoft support it. Also it is a modern standard: designed for modern operating systems with many applications, users, drivers, smart cards and it manages all that. -

    -

    -But implementing several drivers for PC/SC in ifdhandler format is no fun: authors were given maximum flexibility and thus they have maximum of work to do. The code for two drivers might differ in less then hundred lines of source code, all the rest can be the same, but needs to be there in each driver, so several copies of the same need to be maintained etc. -

    -

    -From an application point of view there are also issues. For example an application cannot check if some reader is in use, and if that is the case skip it and look at the other readers. It can only try to connect some reader, and if that one is in use, it won't get any notification, but is blocked till the reader is idle again. Several applications using differnt readers is thus not practical. -

    -

    -Finally some parts were added to the standard very late, like using smart card readers with display and/or pinpad. Only in version 2 of PC/SC that was added, and the only thing five companies could agree on was adding all five mechanism of each of them and call it a standard. As a result an application author needs to implement all these mechanism and then check at run time which one is supported by the driver of the smart card reader. Not very nice. -

    -

    -OpenCT -

    -

    -Some developers here didn't like CT-API and PC/SC too much, so we wrote our own code and our own middleware and called it OpenCT. It is no standard, but if you want to write a driver for a smart card reader to be used under Linux, adding a driver to OpenCT might be the best thing you can do. OpenCT has its own API and OpenSC uses it directly. -

    -

    -But we also know that many other applications are written to for CT-API or PC/SC, and thus as a result OpenCT also implements those two alternatives, so applications can use it. But those interfaces are not as much tested as the OpenCT native interface itself. -

    -

    -USB Standards -

    -

    -CCID -

    -

    -If you buy a smart card reader with usb interface, look out for the CCID standard. Readers implementing this don't need special drivers on Windows (XP and later), and for linux the excelent ccid driver for pcsc-lite or opensc with the ccid driver will work with those devices. -

    -

    -Note however that using Displays and Pinpads on your readers is hard, currently works on linux only using the ccid driver with pcsc-lite (i.e. not with openct), and even then only some readers are supported/tested. -

    -

    -ICCD -

    -

    -Not sure what ICCD exactly is, I think it is a subset of CCID and meant for usb crypto tokens. Thus usb crypto tokens implementing that should work with normal ccid drivers on Windows and Linux and will not need special drivers either. But I'm not 100% sure. -

    -

    -Application Guide -

    -

    -OpenSC Error Messages -

    -

    -Cannot open public shared file: /var/run/pcscd.pub -

    -

    -OpenSC has support for three driver types below it: PCSC, OpenCT and CT-API. If you want to use OpenSC with OpenCT only, please edit opensc.conf, look for reader_drivers like and remove the pcsc driver. -

    -

    -/var/run/openct/status: No such file or directory -

    -

    -OpenSC has support for three driver types below it: PCSC, OpenCT and CT-API. If you want to use OpenSC with PC/SC-Lite only, please edit opensc.conf, look for reader_drivers like and remove the openct driver. -

    -

    -If you get this message, but want to use OpenSC with OpenCT, then you have not properly installed OpenCT. Please have a look at the QuickStart docucument in OpenCT, most likely you didn't start the init script or it was not properly installed or something like that. -

    -

    -OpenSSH -

    -

    -Can I store my ssh private key on a smart card? -

    -

    -Most people prefer to use a smart card with a key that was generated on the card and cannot ever leave it. In fact everyone seems to do that. So while it might be technically possible to convert a private key in ssh format into pem format and then store it on a smart card, until now no one wrote such a code, so you can't. If you really need it, please ask on the mailing list, maybe it is only a few hours work. Please also remember that nearly all software using smart cards works with X.509 certificates, so you might need to generate a dummy X.509 certificate for that key and store it next to the key before being able to use it. -

    -

    -Engine PKCS#11 -

    -

    -... doesn't work for some reason? -

    -

    -Known issue right now, please edit opensc.conf and set lock_login to true. -

    -

    -GnuPG -

    -

    -Can I store my gnupg key on a smart card? Can I use gnupg with OpenSC? -

    -

    -As far as we know the stable version of GnuPG has not support for smart cards at all. The unstable development tree had support for smart cards based on OpenSC for a while, but at some point it was rewritten to not use OpenSC and do everything themself. Thus currently GnuPG (development version) has its own smart card code and doesn't use OpenSC. And vice versa. -

    -

    -If you are interested in the topic, as far as we know we can add support for GnuPG by writting a GPG-Agent that uses OpenSC to talk to smart cards. It doesn't look very difficult, but that could be wrong. Anyone who is interested, please contact us using the opensc-devel mailing list. -

    -

    -I want to use my OpenPGP smart card / FSFE fellowship smart card with OpenSC -

    -

    -Unfortunatly the OpenPGP card is very limited: to our knowledge it can only contain three RSA keys of only 1024 bit size on it, and it cannot contain X.509 certificates. Nearly all smart card software expects keys and X.509 certificates on a smart card, so most of that software will not work with this card. Also the OpenSC support for this card is read/use-only, i.e. you need to use GnuPG to initialize and modify the card, after that is done you can use OpenSC to look at it and use the keys. -

    -

    -Card related problems -

    -

    -2048 bit RSA problems -

    -

    -We found out that some smart cards that only support T=0 procol (such as the Schlumberger/Axalto/Gemalto Cryptoflex) in some readers don't work when signatures with 2048 bit rsa keys are created. The problem is, the card creates a signature of 256 byte size, but the card readers do not allow to download it in one go. So OpenSC needs to download the signature from the card in several chunks. With OpenSC 0.11.2-pre3 we added code to do that, but it is not turned on by default. Instead you need to edit opensc.conf and set max_send_size and max_recv_size to a lower value (like 240). This can be done in all reader drivers (the example is only in the pcsc driver, but it can be done in the openct driver too). -

    -

    -Gemplus smart cards (GemSafe?) -

    -

    -The GemSAFE profile is proprietary and not publicly documented. The OpenSC support for GemSAFE cards should be considered very experimental and as Gemplus is not willing to give the documentation without signing an NDA it is very unlikely that this will change. We recommend you make sure to buy blank smart cards instead (e.g. Gemplus GPK 16k) or cards from a different vendor. -

    -

    -Buyers Guide -

    -

    -Lawfull Signature Cards -

    -

    -Germany -

    -

    -Every company certified by the Bundesnetzagentur can issue lawfull smart cards (for "qualified signature" as the highest security level is called in Germany). As a result lawyers, notary and tax advisors can ask their regional organisation to issue a card (tax advisors can also ask DATEV). Everyone else has the option of Signtrust, Telesec, DTRUST, S-Trust, TC Trustcenter. -

    -

    -The result is always the same (a card with a key and certificates for lawfull "qualified" signatures), even though there are small technical differences. OpenSC support for german signature cards is described on a separate page in the OpenSC-Wiki. -

    -

    -All other countries -

    -

    -No idea, please send feedback to opensc-devel mailing list. -

    -

    -Blank Smart Cards -

    -

    -OpenSC supports a big number of smart cards, but does not support initializing all of them. -

    -

    -Siemens CardOS M4 -

    -

    -Initializing is supported, except for the latest 4.3B version. Documentation is only available under NDA. Cards are usualy sold in "Manufacturing" state so you need some proprietory software first to get it into "operational mode" (i.e. format the card, update firmware or add firmware add-on packages etc.). -

    -

    -Gieseke & Devrient Starcos -

    -

    -Cards should work fine and at least version 2.3 SPK is supported by OpenSC (FIXME: 2.4? 3.0?). Documentation is open (simply send a mail to them asking for the manual) and as a plus the normal software used with those cards (Starsign by A.E.T.) also creates PKCS#15 structures, so you can use the cards with either software no matter who initialized it (but changes other than pin changes need to be done with the same software). Note however the license of that other software might now allow you to use cards created with it with OpenSC or vice verse. That is silly of course, and a hidden recommendation to use OpenSC everywhere :) -

    -

    -Schlumberger/Axalto Cryptoflex 16k, 32k, 32k egate -

    -

    -Great cards, cheap and fast, and completely open documented (manual as PDF on the web). The egate card is the fastest card we know, as it implements USB directly on card. Highly recommended and used by very many happy users. -

    -

    -Schlumberger/Axalto Cyberflex -

    -

    -Javacards. Older versions work like Cryptoflex and thus are supported. Newer cards are pure Javacards and thus don't work without a java cardlet. With the recent musclecard support added to OpenSC they will work too (untest, work in progress). -

    -

    -Gemplus PK cards -

    -

    -Work fine, but so far only tested with one old Gemplus PK 16k card. There is no manual (or only available via NDA?), if there is a newer version it was not tested so far. -

    -

    -Smart Card Readers -

    -

    -Unless stated otherwise all recommendations are for linux only. -

    -

    -simple serial or ps2 readers -

    -

    -Towitoko readers (serial, or serial+ps2) work fine. There are drivers both in OpenCT as well for PC/SC-Lite. -

    -

    -USB readers without Display or Pinpad -

    -

    -SCM 332 is the classic USB simple reader and works well with both OpenCT or CCID driver for PC/SC-Lite. -

    -

    -USB readers with Display or Pinpad -

    -

    -SCM 532 has a pinpad and with latest firmware and a recent CCID driver for a recent PC/SC-Lite and OpenSC the pinpad can be used. -

    -

    -Other readers -Omnikey Cardman 4040 works fine as pcmcia reader (requires linux kernel 2.6.16.17 or higher and recent OpenCT). -

    -

    -USB Crypto Tokens -

    -

    -All recommendations are for linux only, unless stated otherwise. -

    -

    -Schlumberger/Axalto Cryptoflex 32k e-gate card (pre-cut) plus an e-gate token adapter -

    -

    -make a cheap, but very fast usb crypto token. The trick is that the card speaks USB itself and that is fast. The adapter is a pure passive device. -

    -

    -Problem 1) The adapter seems to be not available at the moment, but that should change soon, we hope. Update: no change in the last two months :( -

    -

    -Problem 2) The adapter seems to break easily. But we still recommend it (simply buy a few extra and handle with care). The good part is: if the adapter breaks, you can remove the card, put it into a new adapter, and it works again. If a solid usb token breaks, the smart card/keys/certificates are usualy lost. -

    -

    -E-gate is also supported by the SCA package for Mac OS X (we include a driver for those devices), and there are drivers for Windows where it also works well. -

    -

    -Aladdin eToken PRO -

    -

    -are working very fine with OpenCT and OpenSC. (Aladdin also has their own software if you prefer.) However only the normal 32k version and now also the 64k version are supported. The NG-OTP variant however is not supported by OpenCT and OpenSC. -

    -

    -Where to buy -

    -

    -This is a short list of shops we know and where we successfully bought cards without trouble, so we hope the stores will be good to you to. Whatever you buy, remember to make sure it is supported by OpenCT/OpenSC first. Don't only look at the main page, also check the detailed page for each card/reader and check if it was recently tested with success. -

    -

    - http://www.market.axalto.com/ is the online shop of Schlumberger/Axalto/Gemalto in Texas/USA, and sells Reflex readers and Cryptoflex and Cyberflex cards. -

    -

    - http://www.cardomatic.de/ is a german online store with Omnikey Readers, ACR Readers, Chipdrive Readers, ACOS5 and JCop Cards. -

    -

    - http://www.cryptoshop.com/ is an austrian online store with a big selection or Readers (Omnikey, SCM, Rainer, ACS, Cherry, Gemplus, Todos), Cards (CardOS, Starcos, TCOS) and Tokens (Gem e-Seal). -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/FTCOSPK01C.html opensc-0.12.1/doc/nonpersistent/wiki.out/FTCOSPK01C.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/FTCOSPK01C.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/FTCOSPK01C.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,40 +0,0 @@ - - - FTCOSPK01C – OpenSC -
    -
    - -

    Feitian PKI card

    -

    -http://www.ftsafe.com/images/products/card/pki.jpg -

    -

    - Feitian offers the  PKI card, also called Feitian FTCOS/PK-01C . -

    -

    -The Feitian PKI card is a recent cryptographic card, with nice and powerful features: -

    -
    • Support T=0, T=1 or USB communication. -
    • Ability to generate 1024 bits or 2048 bits RSA key pair. -
    • Ability to transfer key pairs and certificates to card. -
    • Support ISO 7816 compliant cryptographic operations, authentication and access control. -
    • Support ISO 7816 part 12 contacts USB electrical interface. -
    • Support cryptographic algorithm of DES, 3DES, MD5, SHA-1, SHA-256, RSA 1024,RSA 2048. -

    -The driver of FTCOS/PK-01C in OpenSC is called "entersafe". It's supported in OpenSC 0.11.8 and later version. -

    -

    -Feitian has their own software for windows, cards writen by Feitian can be read by OpenSC, and vice versa. -Since Feitian's software support PKCS11 and windows CAPI, cards writen by it can not be writen any more by OpenSC, and vice versa. -

    -

    Thanks

    -

    -Many thanks to  EnterSafe division of  Feitian, for their technical help in adding support for the FTCOS/PK-01C. -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/GemplusGpk.html opensc-0.12.1/doc/nonpersistent/wiki.out/GemplusGpk.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/GemplusGpk.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/GemplusGpk.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,26 +0,0 @@ - - - GemplusGpk – OpenSC -
    -
    - -

    Gemplus GPK 16k

    -

    -Gemplus GPK 16k cards are supported by OpenSC -

    -

    -FIXME: GemSAFE emulation -

    -

    -FIXME:Links,Documentation -

    -

    -Gemplus obsolete GPK 16k at 2005. -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/GermanApi.html opensc-0.12.1/doc/nonpersistent/wiki.out/GermanApi.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/GermanApi.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/GermanApi.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,30 +0,0 @@ - - - GermanApi – OpenSC -
    -
    - -

    German ePass, ePA

    -

    -Germany already uses a passport with builtin contactless smart card (ePass = elektronischer Reisepass). Germany plans to introduce an identification card with similar functionality (ePA = elektronischer Personalausweis) in 2010. -

    -

    -If you have informations about ePass or ePA, please let us know or add a link to the list below: -

    -

    -Information about the german ePass / ePA: -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/GermanEGK.html opensc-0.12.1/doc/nonpersistent/wiki.out/GermanEGK.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/GermanEGK.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/GermanEGK.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,47 +0,0 @@ - - - GermanEGK – OpenSC -
    -
    - -

    German eHBA, eGK

    -

    -Image of german eHBA and eGK -

    -

    -Sometime in the future all german physicians and apothecaries will be equipped with a smartcard, the so called eHBA (elektronischer Heilberufeausweis). And all german citizens that are a member of a public health insurance company (gesetzliche Krankenkasse) will get a similar card, the so called eGK (elektronische Gesundheitskarte). This means that virtually every german citizen will have a smartcard soon (actually I wrote this sentence in 2006, so be carefull when interpreting the word "soon"). -

    -

    -We do have eHBA test cards and they are StarCos 3.0 based. So in order to support these kind of eHBA we do need a StarCos 3.0 driver first. If you have informations about eHBAs, please let us know or add a link to the list below: -

    -

    -We also got eGK test cards but so far I had no time to test them. If you are interested, please contact me. -

    -

    -Information about the german eHBA / eGK: -

    - - - -
    -

    Attachments

    - -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/GermanEid.html opensc-0.12.1/doc/nonpersistent/wiki.out/GermanEid.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/GermanEid.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/GermanEid.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,133 +0,0 @@ - - - GermanEid – OpenSC -
    -
    - -

    German ID Cards

    -

    -Germany has several laws for smart cards. Until 2006 most ID cards conforming to those laws were using the TCOS 2.0X card operating -system. One exception was the 1024bit D-Trust card which was Micardo based. -

    -

    -Until the end of 2007 the german government (i.e. the Bundesnetzagentur) required a minimal keylength of 1024 bit. Since the beginning of 2008/2009 this requirement was raised to 1280/1536 bit. Therefore all german trust centers now offer 2048 bit cards. 2048 bit fulfills Bundesnetzagentur-requirements at least until 2015. -

    -

    -The german government was using the RipeMD 160 hash algorithm within their 1024 bit root-certificates ignoring the fact that the rest of the world was using MD5, SHA-1 or SHA-256 instead. One consequence was that you were not able to store the RipeMD160-based german 1024bit root certificate within the trusted keystore of almost all popular signature aware products like IE, Outlook, Mozilla, Thunderbird, Acrobat, etc. This changed when the keylength of the german root certificates was increased from 1024 bit to 2048 bit. Now the Bundesnetzagentur uses SHA-512 within their 2048 bit root-certificates (12R-CA 1:PN and 13R-CA 1:PN) which is supported by recent versions of some of the above products. -

    -

    -Since july 2008 german signature cards must not use SHA-1 anymore but must use RIPEMD160, SHA-224, SHA-256, SHA-384 or SHA-512. This forced some trust center to replace all of their signature card in the middle of 2008 (of course after they had replaced all of their signature cards at the beginning of 2008 due to the increased keylength). -

    -

    -You find the 2009-regulations  here. -

    -

    -As of March 2009 you may get signature cards from the following Trust center in germany: -

    -
    • TeleSec GmbH (akkreditiert seit 22.12.1998). -
    • D-Trust GmbH (akkreditiert seit 8.3.2002). -
    • Deutsche Post (akkreditiert seit 17.9.2004). -
    • TC Trust Center GmbH (akkreditiert seit 24.5.2006). -
    • DGN Deutsches Gesundheitsnetz Service GmbH (akkreditiert seit 9.8.2007). -
    • medisign GmbH (akkreditiert seit 28.8.2008) -
    • Deutscher Sparkassen Verlag GmbH (akkreditiert seit 12.11.2008). -

    -In 2010 Germany will issue new eID cards to citizens. ( source) -

    -

    TeleSec, NetKey cards

    -

    -TeleSec GmbH is the manufacturer of TCOS cards and they offer TCOS based signature cards, i.e. NetKey E4 cards. Until the end of 2007 theses card were TCOS2 based with a miximal keylength of 1024 bit. Since october 2007 TeleSec offers 2048 bit signature cards which are TCOS3 based. -

    -

    -TCOS2 cards work well with OpenSC 0.10.0 or later. TCOS3 support was added in december 2007 and is included in OpenSC 0.11.5. Unfortunately the 2048 bit NetKey card contains one key (the one that conforms to the german signature law) that can be used only over a secure channel. So if you want to use this particular key with OpenSC you must wait until OpenSC supports Secure Messaging. NetKeyV3Sign is a (non-free) library that creates signatures with NetKey cards. Let me know if you are interested. -

    -

    -You will find more information about NetKey cards on a separate Wikipage on TCOS based cards. -

    -

    Deutsche Post, SignTrust card

    -

    -1024 bit SignTrust cards are TCOS 2 based. They work well with OpenSC and you will find more informations about this card on a separate Wikipage on TCOS based cards. -

    -

    -The new 2048 bit SignTrust cards are StarCos 3.0 based. This card operating system is not supported by OpenSC yet. Also 2048 SignTrust cards only support SHA-1 and RIPEMD160. If you want to create signatures with your SignTrust card that conform to the german signature law you must use RIPEMD160. -

    -

    -The qualified signature certificate on a 2048bit SignTrust is signed by a CA-certificate from Deutsche Post which itself was signed by a 2048 bit german root certificate (12R-CA 1:PN). All other certificates on a SignTrust card are signed by a CA-certificate that Deutsche Post signed with a self generated root certificate. -

    -

    D-Trust

    -

    -1024 bit signature cards from D-Trust are Micardo based and were cessfully tested with OpenSC 0.11.1. 2048 bit D-Trust cards are CardOS 4.3 based. D-TRUST cards 2.0 2cc conform to the PKCS#15 standard and work well with OpenSC 0.11.4. D-Trust uses strange IDs though. Here's some demo output: -

    -
    $ pkcs15-tool -r 000102030405060708090a0b0c0d0e0f | openssl x509 -noout -text -certopt no_pubkey,no_sigdump
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 234973 (0x395dd)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=DE, O=D-Trust GmbH, CN=D-TRUST Qualified CA 1 2006:PN
-        Validity
-            Not Before: Jul 25 10:20:31 2007 GMT
-            Not After : Aug  4 10:20:31 2009 GMT
-        Subject: C=DE, CN=Peter Koch, GN=Peter, SN=Koch/serialNumber=DTRWE181908128430122
-        X509v3 extensions:
-            X509v3 Authority Key Identifier:
-                keyid:84:20:88:7F:C1:8F:53:45:C0:3B:B3:7F:F4:B5:53:3B:73:59:CC:84
-            Authority Information Access:
-                OCSP - URI:http://qual.ocsp.d-trust.net
-            X509v3 Certificate Policies:
-                Policy: 1.3.6.1.4.1.4788.2.30.1
-            X509v3 CRL Distribution Points:
-                URI:http://www.d-trust.net/crl/d-trust_qualified_ca_1_2006.crl
-            X509v3 Issuer Alternative Name:
-                email:info@d-trust.net, URI:http://www.d-trust.net
-            X509v3 Subject Key Identifier:
-                88:66:AB:03:C0:DE:72:D6:5D:57:9A:D7:14:69:59:B3:BD:BD:9E:47
-            X509v3 Key Usage: critical
-                Non Repudiation
-

    -You may download D-Trust CA certificates  here. All CA-certificates that D-Trust uses were signed by a self generated root certificates from D-Trust. The following output lists the verifiction chain of the above 2048 bit qualified "SigG signature certificate". Despite the fact that D-Trust is an accredited trust center they do not use CA-certificates that were signed by the root-certificates of the Bundesnetzagentur. -

    -

    -Here's what D-Trust told me on 2008 Cebit (sorry, but I cannot translate this, I'm not even sure wether I understand it): -

    -

    -"D-Trust ist ein akkreditierter Zertifizierungsdiensteanbieter. Die Akkreditierung bezieht sich auf D-Trust selber, nicht auf die von D-Trust angebotenen Produkte. Es gibt prinzipiell keine akkreditierten Produkte, sondern nur akkreditierte Zertifizierungsdiensteanbieter. Die Annahme, dass alle qualifizierten Signaturkarten eines akkreditierten Zertifizierungsdiensteanbieter auch aus dem Trust-Center stammen, für das der Zertifizierungsdiensteanbieter akkreditiert wurde, ist falsch. Ein akkreditierter Zertifizierungsdiensteanbieter kann vielmehr auch weitere Trust-Center betreiben und als akkreditierter Zertifizierungsdiensteanbieter Signaturkarten vertreiben, die aus diesen anderen Trust-Centern stammen. Genau das macht D-Trust: Es betreibt zusätzlich zum Trust-Center, das sich im akkreditierten Betrieb befindet, ein weiteres Trust-Center und aus diesem Trust-Center stammen die qualifizierten Signaturkarten. Qualifizierte Signaturkaten aus dem im akkreditierten Betrieb befindlichen Trust-Center sind nicht allgemein verfügbar." -

    -
    $ openssl x509 -inform der -in D-TRUST_Qualified_CA_1_2006.crt -noout -subject -issuer -dates
-subject= /C=DE/O=D-Trust GmbH/CN=D-TRUST Qualified CA 1 2006:PN
-issuer=  /C=DE/O=D-Trust GmbH/CN=D-TRUST Qualified Root CA 1 2006:PN
-notBefore=Apr 27 12:40:54 2006 GMT
-notAfter= Apr 27 12:40:54 2011 GMT
-
-$ openssl x509 -inform der -in D-TRUST_Qualified_Root_CA_1_2006.crt -noout -subject -issuer -dates
-subject= /C=DE/O=D-Trust GmbH/CN=D-TRUST Qualified Root CA 1 2006:PN
-issuer=  /C=DE/O=D-Trust GmbH/CN=D-TRUST Qualified Root CA 1 2006:PN
-notBefore=Apr 27 12:40:54 2006 GMT
-notAfter= Apr 27 12:40:54 2011 GMT
-

    Sparkassenverlag, S-Trust card

    -

    -Sparkassenverlag is another trust center in germany. -

    -

    -OpenSC does not support the S-Trust card of Sparkassenverlag. There cards are SECCOS based, and can also contain 'Geldkarte' and 'HBCI' Applications. They are comparably inexpensive, my card was €9, plus 'qualified certificate' at about €20 per year. -

    -

    TC Trust Center

    -

    -I don't have informations about this Trust center. If you do - please add them! -

    -

    DGN, Medisign card

    -

    -I don't have informations about this Trust center. If you do - please add them! -

    -

    Datev

    -

    -Datev had a Trustcenter in Germany that was closed in 2007. Their 1024 bit cards were TCOS 2.0 based and are -described on a separate Wikipage on TCOS based cards. -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/HBCI.html opensc-0.12.1/doc/nonpersistent/wiki.out/HBCI.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/HBCI.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/HBCI.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,27 +0,0 @@ - - - HBCI – OpenSC -
    -
    - -

    HBCI homebanking

    -

    -HBCI is a standard that is used by many banks in Germany. -Those banks offer either banking with PIN and TAN lists, or -using smart cards. -

    -

    - KMyMoney is a KDE application you can use for homebanking under linux. -It used  LibChipcard, a library for chip card access, and that library in turn -can use OpenSC. -

    -

    -You might need to use the latest snapshot packages. Feedback is very welcome. -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/IbmJcop.html opensc-0.12.1/doc/nonpersistent/wiki.out/IbmJcop.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/IbmJcop.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/IbmJcop.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,37 +0,0 @@ - - - IbmJcop – OpenSC -
    -
    - -

    IBM JCOP with BlueZ applet

    -

    -Supported cards: jcop31bio cards that include the "bluez" applet in their rom mask. -

    -

    -This includes the sample cards that you can sometimes (but not presently) buy from IBM. -We do not know if any of the manufacturers/resellers of non-application-specific 'jcop30' -cards provide this rom (or even if any of the providers will provide cards -that are still in the OP_READY state). -

    -

    -jcop21id cards could work, they are fips compliant and thus require -secure messaging, and the opensc code has secure messaging, but -noone gave us feedback this far whether or not it works, so we have -assume that it does not :( -

    -

    -Note that pkcs15-init cannot initialize or erase jcop cards. There are no -free tools to do that in OpenSC. -

    -

    -A small tool to get some information about the cards can be found here: - http://www.contrib.andrew.cmu.edu/~cg2v/jcop-opensc-0.2.tar.gz -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/index.html opensc-0.12.1/doc/nonpersistent/wiki.out/index.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/index.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/index.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,164 +0,0 @@ - - - OpenSC -
    -
    - -

    OpenSC

    -

    -OpenSC provides a set of libraries and utilities to access smart -cards. Its main focus is on cards that support cryptographic operations, -and facilitate their use in security applications such as mail encryption, -authentication, and digital signature. OpenSC implements the  PKCS#11 API -so applications supporting this API such as Mozilla Firefox and Thunderbird -can use it. OpenSC implements the  PKCS#15 standard and aims to be compatible -with every software that does so, too. -

    -

    -See our OverView page for more details. -

    -

    -OpenSC was written by an international team and is licensed as - Open Source software under the - LGPL license. -For a list of all authors and contributers as well as detailed -license information see AuthorsAndCredits. -

    -

    -Please note: typical smart cards are completely undocumented and incompatible -with all other existing smart cards. Thus please check these lists below, and review -each page to find out which specific smart card is supported by opensc. -

    -

    -For programmable JavaCards?: only certain pre-loaded applets and blank JavaCards? are supported (after you load a supported applet to the card). If you can't load applets to the card and your applet is not supported, OpenSC won't work for you. -

    -

    National ID Cards

    -

    -These are usually pre-initialized read-only cards. -Supported eID cards: -

    -

    -

    -Unclear/unsupported eID cards: -

    -

    -

    Smart Cards

    -

    -Each entry on this list represents a whole family of cards. See each page to find out which modells are supported. -

    -

    USB Tokens

    -

    -Each entry on this list represents a whole family of cards. See each page to find out which modells are supported. -

    -

    Unsupported stuff

    -

    -Things that we have (some) code for but which are known to be incomplete, broken or largely useless -

    -

    -

    OpenSC forks

    -

    -

    -

    -

    Starting Points

    -

    Application Support

    -
    • PKCS11 Module - OpenSC includes a PKCS#11 module "opensc-pkcs11.so" that works with many applications. -
    • Tools - OpenSC includes a number of command line tools for exploring, initializing, automatisation and debugging. -
    • OpenSSL can use a so called engine to delegate cryptographic operations to your smart card. -
    • WindowsCSP - on Windows a Cryptographic Service Provider (CSP) offers your smart card to all applications. -
    • AppleCSP - on Mac OS X a Cryptographic Service Provider (CSP) offers your smart card to all applications. -
    • Mozilla, Firefox and Thunderbird all can use OpenSC for authentication, signing and decryption -
    • PamModules - allow people to login using their smart card. -
    • SecureShell - use ssh network connections with smart card authentication. -
    • PKI - Public Key Infrastructures are used to manage certificates, including those on smart cards. -
    • VPN - build private networks using smart card authentication. -
    • WPA - use WPA to secure your wireless network including smart card authentication. -
    • PGP - email can be signed and crypted in PGP format using smart cards. -
    • Sign arbitrary data and documents using smart cards. -
    • XML advanced signatures can be created with smart cards. -
    • HBCI homebanking with a smart card (HBCI is a standard common in Germany). -

    Developers Corner

    -
    • SubversionRepository has our latest source code, if you want to test it or improve it. -
    • All changes are listed in the [file:ChangeLog ChangeLog] in the source code or online. -
    • Bug reports are  reported and  viewed best online. -
    • DeveloperHardware is always welcome. Thanks for your donation! -
    • ReleaseHowto documents our release process. -
    • ReleaseTodo lists the things we want to do before our next release. -
    • Interoperability is best discussed on an the  interopeid mailing list for national id cards. -
    • RecentTestresults has the test course we aim to do with each release, and help is always very welcome! -
    • ResourcesLinks -- Standards, Documents, etc. -
    • DevelopmentPolicy -- the how and why of OpenSC development. -
    • SslChoice -- if you want to write an SSL enabled application you can choose between many libraries. -
    • MacOsXTokend -- a Tokend implementation for Mac OS 10.4, based on OpenSC -
    • GermanApi -- Information about new eCardAPI published by german goverment -
    - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/ItalianCNS.html opensc-0.12.1/doc/nonpersistent/wiki.out/ItalianCNS.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/ItalianCNS.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/ItalianCNS.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,47 +0,0 @@ - - - ItalianCNS – OpenSC -
    -
    - -

    Italian CNS and CIE

    -

    -The patch in ticket #177 adds support for the Italian CNS and CIE through the itacns card driver and PKCS#15 emulator. -

    -

    -The patch is under development and testing; you can grab the latest version with Mercurial at  http://itacns.corp.it/hg/itacns/ or  download (tar.bz2) it directly. -

    -

    -CNS stands for Carta Nazionale dei Servizi (National Service Card); CIE stands for Carta d'Identità Elettronica (Electronic Identity Card). From the viewpoint of the software there is not much difference between them: the basic filesystem layout is very similar and the Functional Specifications detailing the APDU commands are almost identical. The two cards exist because: -

    -
    • The CIE can be used as a physical ID card, but not the CNS; -
    • A single citizen can own any number of CNS cards, but at most one CIE card (in place of the "paper" version). -
    • The CNS is issued by Public Administrations, leveraging on services provided by a qualified Certification Authority. -
    • The CIE is issued by the italian Ministry of Interior, Municipalities act as Registration Autorities. -
    • CNS cannot be issued to a citizen who already owns a CIE. -

    -The filesystem layout is flexible. A lot of different administrations issue CNS cards; each administration personalizes the card with its own "service installation" public key. Authentication with the matching private key provides the ability to add support for custom additional objects after the card has been issued. Some Regions have prepared their cards to store medical data in accordance to the NETLINK standard; Chambers of Commerce issue CNS cards with additional signature keys. Third parties can register with the CNIPA government agency and obtain the  allocation of file IDs for their applications; then the CNS issuer may install the files. -

    -

    -All CNS/CIE cards carry one X.509 certificate with its public and private keys, mostly used for on-line authentication via SSL. Encryption, decryption, signature with this certificate is the basic functionality currently supported by the itacns driver. -

    -

    References

    -

    - CNS tech specs: -

    -

    - CIE specs: (leave the search box empty and hit "Inizia la ricerca" to get a full listing of the documents)]: -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/ItalianEid.html opensc-0.12.1/doc/nonpersistent/wiki.out/ItalianEid.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/ItalianEid.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/ItalianEid.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,22 +0,0 @@ - - - ItalianEid – OpenSC -
    -
    - -

    Italian Infocamere

    -

    -OpenSC 0.10.0 supports types 1202, 1203, 1400 and 1600 of the Italian Infocamere card. -

    - -

    - https://www.firma.infocert.it

    - http://opensignature.sourceforge.net/english.php -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/ItalianPostecert.html opensc-0.12.1/doc/nonpersistent/wiki.out/ItalianPostecert.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/ItalianPostecert.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/ItalianPostecert.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,26 +0,0 @@ - - - ItalianPostecert – OpenSC -
    -
    - -

    Italian Postecert

    -

    -Some versions of the italisn postecert card are supported by OpenSC. -

    -

    -FIXME:read-only? pin changes? -

    -

    -FIXME:did anyone test recently? -

    -

    -FIXME:documentation, pointers, etc.? -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/JavaCard.html opensc-0.12.1/doc/nonpersistent/wiki.out/JavaCard.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/JavaCard.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/JavaCard.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,46 +0,0 @@ - - - JavaCard – OpenSC -
    -
    - -

    JavaCards?

    -

    -OpenSC (including initialization) works with JavaCards? if you have a supported applet on the card. -JavaCards? can come in different flavors: empty, pre-loaded with an applet in EEPROM, with an applet in ROM, with a pre-loaded applet in a finalized state (can't be deleted). -

    -

    -Some JavaCards? come with a pre-loaded filesystem applet like IBM BlueZ PKCS#15 applet found on some JCOP and older Cyberflex cards. OpenSC 0.11.2 and later support the open source  MuscleApplet applet which can be loaded to any blank JavaCard. -

    -

    -OpenSC only works with contact interface. -

    -

    Supported cards

    -

    -Things to consider when buying JavaCards? -

    -
    • EEPROM size. 32K, 64K, 72K and 128K sizes are common. Bigger is better. -
    • JavaCard version: 2.1.1, 2.2.1, 2.2.2. Older API versions don't support fancier features. Bigger is better. -
    • GlobalPlatform? version: 2.0.1 and 2.1.1 GP deals with loading applets onto cards. -

    Obtaining an applet

    -

    -Some open source applets usable with OpenSC -

    -

    -Other interesting applets: -

    -

    Loading the applet

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/LinuxDistributions.html opensc-0.12.1/doc/nonpersistent/wiki.out/LinuxDistributions.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/LinuxDistributions.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/LinuxDistributions.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,48 +0,0 @@ - - - LinuxDistributions – OpenSC -
    -
    - -

    Linux Distributions

    -

    -For GNU/Linux users the best solution is, if the distribution already includes recent packages -of OpenSC. Here is a survey of recent distributions. If you have additional infomation, -please add it. -

    - - -
    Debian woody (old stable)  does not contain OpenSC packages -
    Debian sarge (stable)  OpenSC 0.9.6 included -
    Debian sid (development)  OpenSC 0.9.6 included -
    Fedora Core 3  OpenSC 0.9.4 included -
    Fedora Core 4  OpenSC 0.9.6 included -
    Gentoo Portage  OpenSC 0.9.6 in dev-libs/opensc -
    Mandrake  OpenSC 0.8.1 in contrib -
    Novell/SUSE LINUX Enterprise Server 9 for x86  OpenSC 0.8.0 included -
    OpenPKG  not included -
    Rock Linux  OpenSC 0.9.4 included -
    OpenSuse? 10.0 Beta 1  OpenSC 0.9.6 included -
    Suse 9.3  OpenSC 0.9.4 included -
    Suse 9.2  OpenSC 0.8.1 included -
    Suse 9.1  OpenSC 0.8.0 included -
    -

    - ATrpms lists some RPM based distributions. -

    -

    -Other operating systems: -

    - -
    NetBSD  not included -
    FreeBSD  OpenSC 0.9.4 included -
    OpenBSD not included -
    fink / Mac OS X  not included -
    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/MacOsX.html opensc-0.12.1/doc/nonpersistent/wiki.out/MacOsX.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/MacOsX.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/MacOsX.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,73 +0,0 @@ - - - MacOsX – OpenSC -
    -
    - -

    Using OpenSC on Mac OS X

    -

    -First you need Mac OS X Version 10.4 or later. Older version are supposed to not work well, -but if you try and have success, please report here. -I report! -it worked for me under 10.3.9 G4 1,2Ghz, and i can use my mpmanF50 again. Thanks. -reach me nicolasb at gmaildotcom. French tutorial here :  http://nicolasbizard.free.fr/blog -

    -

    -Then you need a driver for your smart card reader. Hier is an examle for Axalto e-gate tokens: -* Download and install libusb.  http://libusb.sourceforge.net/ -* Download ifd-egate from  http://www.luusa.org/~wbx/sc/ifd-egate-0.05-patched.tar.gz -

    -

    -To install libusb, you need to extract the files, configure it, make, make install: -

    -
    wget http://switch.dl.sourceforge.net/sourceforge/libusb/libusb-0.1.10a.tar.gz
-tar xfvz libusb-0.1.10a.tar.gz
-cd libusb-0.1.10a
-./configure --prefix=/opt/smartcard
-make
-make install
-cd ..
-

    -To install ifd-egate you need to extract the files, and use some environment variables to make sure it finds everything (or edit the -compile options in the Makefile directly): -

    -
    wget http://www.luusa.org/~wbx/sc/ifd-egate-0.05-patched.tar.gz
-tar xfvz ifd-egate-0.05-patched.tar.gz
-cd ifd-egate-0.05
-export USB_CFLAGS="-I/opt/smartcard/include -I/System/Library/Frameworks/PCSC.framework/Headers"
-export USB_LDFLAGS="-L/opt/smartcard/lib -lusb -Wl,-framework -Wl,PCSC"
-make -f Makefile-OSX clean
-make -f Makefile-OSX 
-make -f Makefile-OSX install
-export USB_CFLAGS=
-export USB_LDFLAGS=
-cd ..
-

    -Last you need to download and install opensc. This is straight forward: download, extract, configure, make, make install. -

    -
    wget http://www.opensc-project.org/files/opensc/opensc-0.9.6.tar.gz
-tar xfvz opensc-0.9.6.tar.gz
-cd  opensc-0.9.6
-./configure --prefix=/opt/smartcard --sysconfdir=/etc
-make
-make install
-cd ..
-

    SSH with smartcard support

    -

    -Mac OS X does include openssh, but unfortunatly compiled without smartcard support. -Here is how you can recompile openssh with it: -

    -
    wget ftp://ftp.leo.org/pub/OpenBSD/OpenSSH/portable/openssh-4.1p1.tar.gz 
-tar xfvz openssh-4.1p1.tar.gz
-cd  openssh-4.1p1
-./configure --prefix=/opt/smartcard --sysconfdir=/etc --with-opensc=/opt/smartcard
-make
-make install
-cd ..
-
    - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/MacOSX.html opensc-0.12.1/doc/nonpersistent/wiki.out/MacOSX.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/MacOSX.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/MacOSX.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,35 +0,0 @@ - - - MacOSX – OpenSC -
    -
    - -

    Mac OS X

    -

    Using smart cards from Java on OS X (10.6)

    -
    -

    -Add the two attached files to /Library/Java/Extensions -

    -
    - - - -
    -

    Attachments

    - -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/MacOsXTokend.html opensc-0.12.1/doc/nonpersistent/wiki.out/MacOsXTokend.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/MacOsXTokend.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/MacOsXTokend.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,17 +0,0 @@ - - - MacOsXTokend – OpenSC -
    -
    - -

    OpenSC Tokend

    -

    -This page is located now here. -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/MailingLists.html opensc-0.12.1/doc/nonpersistent/wiki.out/MailingLists.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/MailingLists.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/MailingLists.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,52 +0,0 @@ - - - MailingLists – OpenSC -
    -
    - -

    Mailing lists

    -
    • opensc-annouce - Announcements of new releases, bugfixes and security warnings -
    • opensc-devel - Discussion of developement issues for OpenSC, OpenCT and SCB -
    • opensc-user - Discussion of end-user questions for OpenSC, OpenCT and SCB -
    • opensc-commits - commit notifications for all projects hosted at opensc-project.org -

    -To subscribe, unsubscribe or browse the archive, please visit -our mailing list manager. -

    -

    -Please: -

    -
    • Post to one of these mailing list. -
    • Do not post to several lists, one is enough, we read all of them. -
    • Do not send carbon copies to the developers. We read all postings on the mailing list. -
    • Do not mail developers directly, we read all the mailing lists and the bugs address. -

    -Direct email on OpenCT and OpenSC is more work for us. Also see - this faq for explanations why. -

    -

    -If you are subscribed to the mailing list, your posting will be distributed -immideatly. If you are not subscribed, it will be put on hold, till someone has -reviewed it so we can filter spam. We usualy review postings at least once a day, -so be patient. You can also cancel the posting, subscribe to the mailing list -and post again. -

    -

    Bug reports

    -

    -Please file bug reports using the new ticket link. -You can also send bug reports to bugs@… via email. -

    -

    Greylisting

    -

    -The opensc-project.org and lists.opensc-project.org mail servers are protected from spam by using a mechanism -called greylisting. Usualy this only causes a short delay for the first mail we receive from -you, and no trouble at all. Still if for whatever reason you cannot send mail to opensc-project.org, -please contact Andreas Jellinghaus at aj@…. Thanks. -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/Micardo.html opensc-0.12.1/doc/nonpersistent/wiki.out/Micardo.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/Micardo.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/Micardo.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,26 +0,0 @@ - - - Micardo – OpenSC -
    -
    - -

    Micardo 2.1 driver

    -

    -The Micardo 2.1 driver supports Estonian ID cards. -

    -

    -It perfectly works with Estonian ID cards and OpenSC is the official software -used in Estonia for these cards (on Linux, Mac OS X and for PKCS#11 in Mozillas on Windows). -For more information see the EstonianEid page. -

    -

    -The micardo driver also supports German BMI cards, but we haven't heard anything -about those cards in years. If you have such a card, please test and let us know. -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/MiniDriver.html opensc-0.12.1/doc/nonpersistent/wiki.out/MiniDriver.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/MiniDriver.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/MiniDriver.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,89 +0,0 @@ - - - MiniDriver – OpenSC -
    -
    - -

    MS BaseCSP MiniDriver

    -
    -

    -Description of BaseCSP/CardMod architecture. -

    -
    -

    Build

    -

    -Now Minidriver is added to opensc for experimental and improvement. -

    -

    -To build use build tool provided : -

    -

    -http://www.opensc-project.org/build/ -

    -

    -I use the command: -

    -

    -CHOST=i386-mingw32 CBUILD=i686-pc-linux CFLAGS=-I"/XXXX/trunk/include" EXTRA_OPENSC_CONFIG=--enable-cardmod build -

    -

    -where XXX is the PATH where you install opens sc build system -

    -

    -for mingw32 some include file can missings, you should add them from the SDK WINDOWS

    -

    -

    -Winscard.h, SCardErr.h and Winsmcr.h put all them in include directory in build system -

    -

    Testing

    -

    -For testing install opensc tree on your systeme (prefer c:\Program Files\opensc) -you must absolutly add opensc directory on PATH environnement.

    -

    -

    -Prefer the install way, if you have makensis installed you should have after

    -building an opensc-setup-XXX.exe ready to install. -

    -

    XP & VISTA

    -

    -in opensc/bin copy cardmod-westcos.reg to cardmod-yourcardname.reg -edit it change ATR and ATRmask for yours card -

    -

    7

    -

    -Plug your card and have a look on device manager you should have a device not installed due -to the lacks of driver. You have to read the device id give by windows to your card start -like CID_0066xxxxxxxxxxxxxxx -

    -

    -You have to add this to cardmod.inf and make windows update driver point to cardmod.inf. -

    -

    -To test if it's working you can run : -

    -

    -certutil.exe -SCinfo -

    -

    -You should be asked for pin code and can view certificats on card... -

    -

    -Warning: certutil.exe not present on XP system -

    - - - -
    -

    Attachments

    -
      -
    • - OpenSCCardMod.png - Download - (35.7 KB) - added by martin - 13 days ago. - Description of BaseCSP/CardMod architecture. -
      • -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/MoreDocumentation.html opensc-0.12.1/doc/nonpersistent/wiki.out/MoreDocumentation.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/MoreDocumentation.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/MoreDocumentation.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,37 +0,0 @@ - - - MoreDocumentation – OpenSC -
    -
    - -

    More Documentation

    -

    -The old opensc manual is [file:old/opensc.html included in the distribution] -and also available online. -

    -

    -The old opensc manual in spanish is [file:old/opensc-es.html included in the distribution] -and also available online. -

    -

    -The guide on initializing a smart card with PKCS#15 format is -[file:old/init_perso_guide.html included in the distribution] and also available -online. -There is also a text version ([file:old/init_perso_guide.txt included]/online). -

    -

    -Olaf Kirch held a talk about smart cards on the Linux Kongress 2003. His paper is -available online. -

    -

    -Daniel Struck wrote a technical guide on OpenSSL user authentication with Apache using -x.509 certificates on smart cards which is also available -online. -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/Mozilla.html opensc-0.12.1/doc/nonpersistent/wiki.out/Mozilla.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/Mozilla.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/Mozilla.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,37 +0,0 @@ - - - Mozilla – OpenSC -
    -
    - -

    Mozilla Applications

    -

    -All Mozilla applications can use OpenSC PKCS#11 module "opensc-pkcs11.so" for authentication, signing and decryption. -

    -

    -A step by step guide how to install the OpenSC PKCS#11 module here: MozillaSteps. -

    -

    -Once the module is installed you can use it to access web pages with https and client certificates. -Firefox will ask you to provide a certificate and you can select one from your smart card. -

    -

    -Keypair generation, certificate request -and writing the requested cert through an on-line CA should also be possible. -

    -

    -In Thunderbird and Mozilla Mail you can select the certificate for signing and decryption exactly -like you would do with normal certificates. -

    -

    -Note: some people do not recommend to use smart card with email encryption&decryption, unless you -have a way to backup your private key. It would be a pity if your smart card was damaged and -you had no way to decrypt private emails. -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/MozillaSteps.html opensc-0.12.1/doc/nonpersistent/wiki.out/MozillaSteps.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/MozillaSteps.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/MozillaSteps.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,176 +0,0 @@ - - - MozillaSteps – OpenSC -
    -
    - -

    Installing OpenSC PKCS#11 Module in Firefox, Step by Step

    -

    -This is how you enable smart cards in Mozilla Firefox -(for the old Mozilla and Thunderbird it is mostly the same): -

    -
    -

    -1.) Start Mozilla or Firefox or Thunderbird. -

    -

    -add step 1 -

    -
    -

    -2.) Select "Tools" on the menu bar, select "Option...". -

    -

    -add step 2 -

    -
    -

    -3.) Select "Advanced" Options. Unfold the "Certificates" section. Click on "Manage Security Devices". -

    -

    -add step 3 -

    -
    -

    -4.) Click on "Load" -

    -

    -add step 4 -

    -
    -

    -5.) Change the name to "OpenSC PKCS#11 Module". Click on "Browse." -

    -

    -add step 5 -

    -
    -

    -6.) Select the installation directory. On windows this is usualy "C:\Program Files\Smart card bundle". On Linux and Mac OS X choose "/usr/lib/". -Click on "opensc-pkcs11.dll" (windows) or "opensc-pkcs11.so" (Linux, Mac OS X). Click "Open". -

    -

    -add step 6 -

    -
    -

    -7.) Click "Ok". -

    -

    -add step 7 -

    -
    -

    -8.) Click "Ok". -

    -

    -add step 8 -

    -
    -

    -9.) Click "Ok". -

    -

    -add step 9 -

    -
    -

    -10.) Click "Ok". -

    -

    -add step 10 -

    -
    -

    -11.) Click "Ok". -

    -

    -add step 11 -

    - - - -
    -

    Attachments

    - -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/MyEID.html opensc-0.12.1/doc/nonpersistent/wiki.out/MyEID.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/MyEID.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/MyEID.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,117 +0,0 @@ - - - MyEID – OpenSC -
    -
    - -

    Aventra MyEID PKI card

    -

    -Aventra MyEID PKI Card is a cryptographic smart card conforming to common Public Key Infrastructure standards like ISO7816 and PKCS#15. It can be used for various tasks requiring strong cryptography, e. g. logging securely to Windows, encrypting e-mail, authentication, and electronic signatures. The card is also available as a Dual Interface version, compatible with T=CL protocol and also emulating Mifare™. -

    -

    -The card material is PVC as standard, making it suitable for visual personalisation using thermal transfer or dye sublimation printers. Customer specific layouts can be delivered in offset and silk screen printing. Optional features include magnetic stripe, signature panel, holograms, security printing etc. -

    -

    -The cards can be personalised both visually and electrically by Aventra according to customer specifications, or the customers can personalise the cards themselves using ActivePerso Manager developed by Aventra, or software from other parties. -

    -

    Aventra MyEID applet

    -

    -The MyEID applet implements all the basic functionality of a Public Key Infrastructure (PKI) token specified in the most common international PKI standards, such as PKCS#15. The users optionally have a choice between different authentication methods to the token. Besides the standard PIN number, there are currently two other authentication mechanisms available. The GrIDsure® one time PIN is based on a pop-up challenge grid that is used to form a onetime PIN that cannot be used by outsiders watching the authentication. MyEID tokens are also compatible with PalmSecure™ biometric technology, which is based on the unique blood vein patterns in the palm of the user’s hand replacing the PIN. The MyEID applet is compatible with the Aventra ActiveSecurity Client Suite. -

    -

    Technical details

    -

    -Platform -

    -
    • JavaCard™ from 2.2.1 and above, Global Platform 2.1.1 -

    -Supported standards and specifications -

    -
    • ISO/IEC 7816-4 to 7816-9 -
    • ISO/IEC 14443 T=CL and Mifare™ -
    • PKCS#15 -
    • FINEID S4-1 and S4-2 -

    -Other features -

    -
    • 512 bit to 2048 bit RSA cryptographic operations with on card key generation -
    • Secure random number generator (FIPS 140-2) -
    • DES, 3DES, AES128, AES256 symmetric encryption algorithms -
    • 72K EEPROM memory -

    -Compatible software -

    -
    • Aventra ActiveSecurity™ MyClient Suite -
    • Fujitsu mPollux DigiSign™ middleware -
    • OpenSC -
    • Large number of third party software products that support CSP for Microsoft™ CryptoAPI or PKCS#11 Token Interface -

    OpenSC support

    -

    -OpenSC 0.11.4 was the first version that had support for the MyEID card. At that time the patch required was provided by Aventra when requested. Since the version 0.11.10 support for the MyEID card is included to the official release. PKCS#15 initialization is not supported. -

    -

    -In OpenSC only normal PIN codes can be used. GrIDsure® and PalmSecure technologies are not supported. These require our ActiveSecurity MyClient software. -

    -

    Smart card reader configuration

    -

    -MyEID card uses T=1 protocol. This basically means that the response data is sent with the answer to the command/request. In T=0 protocol the smart card will first answer to the command and tell how much data it will send. Data is then sent separately. -

    -

    -Most readers don't support sending the default amount of data (254). Problems will only appear when reading larger files from the card (e.g. certificates). So if you have problems with reading the card with no apparent reason, try set this to 192, be on the safe side. You can then try to iterate to find the maximum for your card reader. -

    -

    -The setting in the opensc.conf (usually in /etc) config file is the following for the used reader: -

    -
    ...
-	reader_driver pcsc {
-		# This sets the maximum send and receive sizes.
-		# Some reader drivers have limitations, so you need
-		# to set these values. For usb devices check the
-		# properties with lsusb -vv for dwMaxIFSD
-		#
-		# max_send_size = 254;
-		# max_recv_size = 254;
-		max_recv_size = 192;
-...		
-	}
-
-	reader_driver openct {
-...
-		# max_send_size = 252;
-		# max_recv_size = 252;
-		max_recv_size = 192;
-...
-	};
-

    Links & other information

    -

    -Cards can be bought from Aventra Ltd. as blank cards or according to customer specifications regarding appearance etc. -

    -

    - Aventra Ltd. -

    -

    About Aventra

    -

    -Aventra is a high tech company specialising in information security products and services. We are especially focusing on Public Key Infrastructure technologies. Most of our products are developed in house. -

    -

    -Aventra offers a complete portfolio of card products ranging from simple plastic cards to high security smart cards and tokens. Our most recent product line features security solutions for mobile applications. We also provide complete services and systems for issuing and managing cards and secure tokens, including card printers and materials. -

    -

    -Aventra Ltd. logo -

    - - - -
    -

    Attachments

    - -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/OberThur.html opensc-0.12.1/doc/nonpersistent/wiki.out/OberThur.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/OberThur.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/OberThur.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,39 +0,0 @@ - - - OberThur – OpenSC -
    -
    - -

    Oberthur AuthentiIC applet

    -

    -The oberthur driver supports Oberthur 64k Java-cards in the Versions v4/2.1.1, v5 and v5/2.2.0 and CosmopolIC v5.2/2.2, -that contains applet AuthentIC. -

    -

    -The driver was written by Viktor Tarasov of Idealx. Thanks for donating this driver! -

    -

    -The last fully tested driver is included into OpenSC-0.9.6 . -

    -

    -The OpenSC Oberthur driver is fully tested but not widely used. -

    -

    - "Industrial" driver includes support of the native Oberthur's AWP (and so, the smartcard can be used with both OpenSC and Oberthur's Windows middleware). -It also uses Mozilla style for the choice of pkcs15 object ID. The reason is that in some applications the smartcard personalization is finalized and then smartcard is used -with web-browsers and PKI environment. -

    -

    -Opberthur also provides blank JavaCards? that work with a supported open source applet. -

    -

    Links

    -

    - http://www.oberthurusa.com/pns-sc-prod-ecom-cosmo.asp (with a little precision that card CosmopolIC 64k has about 60k of memory that is really available for application). -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/OpenPgp.html opensc-0.12.1/doc/nonpersistent/wiki.out/OpenPgp.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/OpenPgp.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/OpenPgp.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,32 +0,0 @@ - - - OpenPgp – OpenSC -
    -
    - -

    OpenPGP card

    -

    -OpenPGP card  v1.0/ 1.1 should work with OpenSC. -

    -

    -However the card can only be modified with GnuPG. So you need to use GnuPG to create/store keys etc. -

    -

    -Related code existing in OpenSC has not been tested lately and there has not been any feedback from users for a long time. Feedback is most welcome. -

    -

    -OpenPGP v1 cards can contain only 3 (three) 1024b keys. -

    -

    -Latest information indicates the card cannot store X.509 certificates. -

    -

    -OpenPGP card  v2.0 is not currently supported by OpenSC. -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/OpenSSL.html opensc-0.12.1/doc/nonpersistent/wiki.out/OpenSSL.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/OpenSSL.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/OpenSSL.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,32 +0,0 @@ - - - OpenSSL – OpenSC -
    -
    - -

    OpenSSL Engines

    -

    -The  OpenSSL project offers the possibility to source out cryptographic functionality to plugin modules called engines. Usually there is one of two reasons for doing this, performance and security. -

    -

    -The performance reason is rather obvious, specialized hardware can do cryptography much faster than a general purpose computer. -

    -

    -The reason for using an engine with opensc typically is a security reason. If you are storing your private keys on a harddisk there is a lot of things an administrator (or a virus with root privileges) can do to steal your key. If the key is on a smart card there is usually no way to export the private key, so if you pull the card from the reader noone can use your keys. And if you use a certified and sealed reader device you can even be reasonably sure that noone can steal your PIN. -

    -

    -OpenSC up to version 0.9.6 included two engines directly - engine_opensc and engine_pkcs11. The former was only a proof of concept code and -has several issues. The later works fine. Starting with OpenSC 0.10.0 this engine was splitted off and is now in an independend project, -as it can be used with any PKCS#11 implementation, not only OpenSC. -

    -

    -Please visit the engine_pkcs11 homepage for more details. Also see the QuickStart file for an example -how to sign a certificate using openssl and your smart card. -

    - - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/OperatingSystems.html opensc-0.12.1/doc/nonpersistent/wiki.out/OperatingSystems.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/OperatingSystems.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/OperatingSystems.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,42 +0,0 @@ - - - OperatingSystems – OpenSC -
    -
    - -

    Operating Systems

    -

    -If you haven't already, please first read the OverView document and then come back here. -

    -

    Linux

    -
    • If you want to compile OpenSC, you need to install either OpenCT or PCSC-Lite first, to use those drivers/middleware. -Install both the runtime and the development package. Also it is highly suggested to install OpenSSL (including development) -as some smart card drivers require it. If you want to use the signer applet in mozilla, you also need libassuan from the -gnupg (like always, both runtime and development packages). See QuickStart for configure options and testing if OpenSC works. -
    • Developers can work on tar.gz files, like the latest release, or the nightly snapshots provided on http://www.opensc-project.org/files/opensc/snapshots/ -
    • Developers can also check out the current source code using subversion. See SubversionReposity? for details. You will need autoconf, -automake and libtool at least. "make dist" uses wget to download the wiki and xsltproc to create html files and man pages, and svn -to create the ChangeLog?. -

    Mac OS X

    -
    • Mac OS X installer is available for 10.4.4 and later. -

    Windows

    -

    - -

    -
    • Windows NT, 2000 and XP contains the windows smart card middleware. For older versions you can download it from -Microsoft.com (FIXME: Name, download link, ...) -
    • You might be best off with our installer package containing OpenSSL, OpenSC, Libp11, Engine_pkcs11 and Putty. -The latest version is available on at the smart card bundle project page. -
    • Note that applications like Outlook or Internet Explorer as well as many other Windows native application -use the so called Crypto API. If you combine OpenSC with a Crypto Service Provide those applications can -use Smart Cards without any change. More details on the WindowsCSP page. -
    - - -
    -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/OverView.html opensc-0.12.1/doc/nonpersistent/wiki.out/OverView.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/OverView.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/OverView.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,154 +0,0 @@ - - - OverView – OpenSC -
    -
    - -

    Overview

    -

    -So you want to use a smart card with some application? Here is a small introductions on the parts you need. -

    -
    • Application -
    • Smart card library -
    • Middleware -
    • Driver for your smart card reader -

    -OpenSC is a smart card library. It also comes with tools to manage your smart cards. -

    -

    Application Interface

    -

    -Applications need to use the smart card library using some interface. Unfortunatly there -are several different interfaces. PKCS#11 is a standard interface available on all operating -systems. OpenSC implements this interface as smart card library, and Applications such as Mozilla, -Firefox and Thunderbird implement it as applications. Thus you can use these applications with -OpenSC on all platforms. -

    -

    -Native Windows applications often use the Crypto API interface. OpenSC does not implement -the matching interface - CSP - but with the help of an additional software it does. See -WindowsCSP for details. The advantage of Crypto API/CSP is that applications -do not need special code to use smart cards, all applications gain that feature automaticaly. -

    -

    -Native Mac OS X applications also have a special interface called CDSA or CSP. See -AppleCSP for details. At this moment OpenSC does not support that interface -and also there is no bridge to do so. But you can still use applications on Mac OS X -that implement the PKCS#11 interface like Mozilla, Firefox or Thunderbird. -

    -

    -Under Linux, BSD, Solaris and under Unix PKCS#11 is the preferred interface for all -applications. -

    -

    -Some Open Source applications use the non standardized native OpenSC interface directly. -These days we promote PKCS#11 as interface, but for the time being these applications -also work well with OpenSC. -

    -

    Driver Interface

    -

    -Windows implements the PC/SC standard. That means OpenSC will use the PCSC interface to talk -to the middleware, and the middleware will use drivers in "IfdHandler" format to talk to the -hardware. Nearly all vendors of smart card readers ship such drivers, or the driver is even -included in Windows, so there shouldn't be any issue. OpenSC will be able to talk to your -smart card just fine. -

    -

    -Windows NT/2000/XP and newer include the PC/SC middleware. For older versions you need to install -an addon package from Microsoft first. -

    -

    -Apple/Mac OS X also implements the PC/SC standard, same situation as Windows, except few -vendors ship drivers for Mac OS X, but most smart card readers will work with the generic -driver included in Mac OS X. OpenSC will talk to the reader using the PC/SC Middleware -and thus be able to talk to your smart card just fine. -

    -

    -Apple includes a modified copy of pcsc-lite, an open source implementation of the PC/SC -standard. Most of the time you will be fine, but in some cases it is necessary to install -an updated version of pcsc-lite, for example if you have a smart card reader with a pinpad -and would like to use that capability. -

    -

    -On Linux you might want to use the open source project OpenCT -for smart card drivers. It implements support for many drivers at the same time, is still -small and lean, and OpenSC can use it directly without the need for any middleware. -Many OpenSC developers also work on OpenCT so this combination is best tested. Most Linux -distributions include the latest version of OpenCT. -

    -

    -On Linux you can also use pcsc-lite and drivers in ifdhandler format. Many distributions -include pcsc-lite and some open source drivers, and some vendors also offer binary drivers -for Linux in ifdhandler format. -

    -

    -Solaris situation is like Linux, except Sun has some special stuff for their Sunray -terminals that contain smart card readers. You can use OpenCT -with those terminals; source contains a solaris/ subdirectory with a README files and -additional files to make using OpenCT on solaris easy. OpenCT hides the differences, -so OpenSC works on Solaris well, just like on other plattforms. -

    -

    -There is also a very old interface called CT-API which was developed many years ago while -people were using DOS. It only works well if you have a single application with a single -user on your system. It is still being used for specialised machines like ticket point of -sales, but usualy not used with modern multi-user, multi-application computers. OpenSC -can use drivers in CT-API format directly, without any middleware, on all operating sytems. -

    -

    Smart card support

    -

    -Basicaly you can get smart card in two states: either blank or initialized. -

    -

    -For blank cards OpenSC has code to initialize the card in PKCS#15 format. -

    -

    -You can't change initialized cards at all, or only with the software that -was used to initialize it. But you can use the card with OpenSC if OpenSC -knows the format. So the format has either to be PKCS#15 (very few -softwares implement that standard, however), or maybe the format was published -and OpenSC contains an emulation for that format. -

    -

    -Check the list on the main page to see if your card is supported. Also -check the page itself, as some cards have not been tested for a while, -or only some members of a card family are supported. -

    -

    -Also if you want to buy blank cards and initialize them yourself, -make sure you buy really blank cards. Many vendors have also a -half initialized version, and those can be only changed with the -vendor software, and the result is not compatible with OpenSC unless -OpenSC has an emulation code. Even then OpenSC can only offer you to -use the card, but not to alter it. -

    -

    -As a general rule OpenSC only supports cards with a filesystem and -cryptographic functions (RSA). That excludes nearly all Java Cards, -as they usually don't have a filesystem. Please check the - Musclecard project - they offer -open source software for using many different Java Cards. -

    -

    Technical overview

    -

    -The following picture describes the overall architecture of OpenSC and external interfaces: -

    -

    -OpenSC -

    - - - -
    -

    Attachments

    - -

    Back to Index

    diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/PageTemplates.html opensc-0.12.1/doc/nonpersistent/wiki.out/PageTemplates.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/PageTemplates.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/PageTemplates.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,40 +0,0 @@ - - - PageTemplates – OpenSC -
    -
    - -

    Wiki Page Templates

    -
    -

    -(since  0.11) -

    -
    -

    -The default content for a new wiki page can be chosen from a list of page templates. -

    -

    -That list is made up from all the existing wiki pages having a name starting with PageTemplates/. -The initial content of a new page will simply be the content of the chosen template page, or a blank page if the special (blank page) entry is selected. When there's actually no wiki pages matching that prefix, the initial content will always be the blank page and the list selector will not be shown (i.e. this matches the behavior we had up to now). -

    -

    -To create a new template, simply create a new page having a name starting with PageTemplates/. -

    -

    -(Hint: one could even create a PageTemplates/Template for facilitating the creation of new templates!) -

    -

    -Available templates: -

      -

      -
      -

      -See also: TracWiki -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/PamModules.html opensc-0.12.1/doc/nonpersistent/wiki.out/PamModules.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/PamModules.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/PamModules.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,33 +0,0 @@ - - - PamModules – OpenSC -
      -
      - -

      Pam Modules

      -

      -OpenSC up to 0.9.6 included its own pam module pam_opensc. -This module was removed in OpenSC 0.10.0. -

      -

      -Instead you can use either of these pam modules: -

      -
      • Pam_p11 is a very simple pam module, perfect for small and simple setups (no ca, no crl, no signature checks, -
      -
      -

      -simply authenticating with the keys you added to a file). Pam_p11 contains two modules: pam_p11_opensc and pam_p11_openssh. -

      -
      -
      -
      • pam_p11_opensc is the successor of the old pam_opensc module (eid mode). simply add certificates in pem format to the .eid/authorized_certificates file and any smart card with a matching certificate and key can login. -
      • pam_p11_openssh looks at .ssh/authorized_keys format (the well known openssh file), and lets a user login, if he has a smart card with a matching key. -
      • Pam_PKCS11 is fully featured, it does all those ca checks, can work with ldap, kerberos and other -mechanisms and has many different so called mappers for a very flexible mapping of smart cards to users. -
      - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/PGP.html opensc-0.12.1/doc/nonpersistent/wiki.out/PGP.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/PGP.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/PGP.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,25 +0,0 @@ - - - PGP – OpenSC -
      -
      - -

      PGP signed/encrypted email

      -

      -Most people use the  GnuPG program to do that. -The experimental development version gnupg 1.9 used to include support -for using smart cards using opensc. But since the code has changed and -now GnuPG has its own smart card code. -

      -

      -In practice many cards that work well with OpenSC should also work well -with GnuPG. If that is not the case, you need to contact GnuPG developers, -as their code is completely independent. -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/PinHandling.html opensc-0.12.1/doc/nonpersistent/wiki.out/PinHandling.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/PinHandling.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/PinHandling.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,17 +0,0 @@ - - - PinHandling – OpenSC -
      -
      - -

      PIN handling in OpenSC

      -

      -Description of PIN formats, PIN policies and associations on card, PIN handling (entry, caching, use of pinpads) -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/PinpadReaders.html opensc-0.12.1/doc/nonpersistent/wiki.out/PinpadReaders.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/PinpadReaders.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/PinpadReaders.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,94 +0,0 @@ - - - PinpadReaders – OpenSC -
      -
      - -

      Pinpad Readers

      -

      -OpenSC supports two types of pinpad readers: PC/SC and CT-API. -

      -

      -PC/SC functionality is based on  PC/SC v2 part 10 v2.02.05 and is supported by drivers on Windows (check your hardware manufacturer for latest drivers), Linux and Mac OS X Leopard with the  open source CCID driver ( CCID spec). Make sure that you have the latest released versions (or SVN snapshots) of all relevant software: operating system, pcsc-lite, reader driver, reader firmware. -

      -

      -CT-API drivers are most used and available on Windows. -

      -

      -Pinpads tend to be buggy and not all combinations of cards and readers and PIN formats or pinpad reader features (such as displays) have been tested so far, so make sure you report issues to the MailingLists (opensc-devel) -

      -

      Known and tested pinpad readers with CT-API drivers on Windows

      -

      -Please feel free to add your hardware and experiences here. -

      -

      -Class 2 readers have a pinpad for secure pin entry. Sometimes they are plugged between computer and keyboard so they use the keyboard for pin entry but capture the keystrokes before they reach the computer. -

      -

      -Class 3 readers have pinpad and a display. -

      - -
      Reader OS Type CT-API library Comments -
      SCM STR 391 "CashMouse?" Win32 Class 3 USB CTRSRW32.dll Works fine with Win32, no Unix support planned -
      Cherry G83-6700 Smartboard Win32 Class 2 PS/2 CTMGR.DLL A keyboard integrated reader which uses the keyboard for pin entry. Buggy CT-API driver, I got it working but not without patching OpenCT. No known Unix support -
      Reiner SCT cyberJack pinpad Win32 Class 2 USB CTRSCT32.DLL According to the manufacturer's website it should also run on Linux, but I haven't managed it. -
      Reiner SCT cyberJack keyboard Win32 Class 2 PS/2 CTRSCT32.DLL A cheap class 2 solution. It uses the keyboard for pin entry. No known Unix support. -
      SCM SPR 332, 532 "Chipdrive Pinpad" Win32 & Linux Class 2 USB CTPCSC32.dll A widely used CCID compliant reader. I also got it working on Linux following Martin's CardReaders?/SPR532 suggestions -
      Xiring XiPass Win32 Class 3 PS/2 PC/SC only Works well with Win32, pinpad entry works with EstEID CSP, no official Unix support, still there is an openct driver for it. -
      Reiner SCT cyberjack pinpad Mac OS XClass 2 USBwith pcscdIf you start the pcscd per hand it works well with the Drivers provided by Reiner SCT. I haven't managed to entry the pin with the Reader's keyboard -
       Reiner SCT cyberJack pinpad LinuxClass 2 USB Reiner SCT CT-API driverClass 2 Smartcard reader with  official LGPL drivers (packages for most linux distributions). Pinpad fully supported (tested on SuSE 10.2). Good Linux support! -
      -

      -Kobil and OmniKey also offer pinpad readers, if someone could test one of those with OpenSC feedback would be appreceated. -

      -

      Testing Pinpad

      -

      -In opensc source you will find src/tests/pintest tool. It allows you to test if your card+reader combination -support pinpad. -

      -

      -Before testing pinpad, you may need to erase and initialise pin. Make sure you understand what you are doing, as these commands will erase your smart card: -

      -
      pkcs15-init -E
-pkcs15-init --create-pkcs15 --profile pkcs15+onepin \
-            --use-default-transport-key --pin 0000 --puk 111111 \
-            --label "Test"
-
-

      -Then run the pin test: -

      -
      cd opensc/src/tests;
-./pintest
-

      -The following messages are displayed: -

      -
      Using libopensc version 0.12.0-svn.
-Card detected in reader 'Feitian SCR301 00 00'
-Connecting... connected.
-ATR = 3b:9f:95:81:31:fe:9f:00:65:46:53:05:30:06:71:df:00:00:00:81:61:10:c6
-Looking for a PKCS#15 compatible Smart Card... found.
-Enumerating PIN codes...
-PIN [User PIN]
-	Com. Flags  : private, modifiable
-	Auth ID     : 01
-	Flags       : [0x30], initialized, needs-padding
-	Length      : min_len:4, max_len:16, stored_len:16
-	Pad char    : 0x00
-	Reference   : 1
-	Encoding    : ASCII-numeric
-	Path        : 3f005015
-Please enter PIN code [User PIN]: 
-

      -Enter pin code. You should read: -

      -
      PIN code correct.
-

      -When using a smart card reader with pinpad, you may need to hit return on the computer keyboard and then enter pin on the pinpad reader. -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/PivTool.html opensc-0.12.1/doc/nonpersistent/wiki.out/PivTool.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/PivTool.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/PivTool.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,236 +0,0 @@ - - - PivTool – OpenSC -
      -
      - -

      Name

      -

      -piv-tool perform some very primitive card administration operation on PIV cards. - -

      -

      Description

      -

      -piv-tool can be used to do some very primitive card administration operations on PIV cards. -Card administration operations may vary from vendor to vendor. This tool is meant for testing -during development and is by no means complete. -

      -

      -Before an administrative card operation can be preformed, authentication of the piv-tool to the -card may be needed. After the card is personalized, addition command my be needed to complete the -personalization. See your vendor's instructions for more details, including the difference between -Mutual authentication and External authentication. - -piv-tool is similar to opensc-tool but takes some additional parameters for use with the PIV cards. - -See  NIST 800-73-1 -Table 12 for definitions of <ref> and <alg> and section 7.2.4 for the difference between -Mutual and External Authentication. -

      -

      Synopsis

      -

      -piv-tool [options] -

      -

      Options

      -

      ---serial -

      -
      -

      -(as of 0.11.1 the serial number is not implemented.) -

      -
      -

      ---name -

      -
      -

      -Print name of card. PIV-II -

      -
      -

      ---admin, -A <{M|A}>:<ref>:<alg> - -

      -
      -

      -Authenticate using reference and algorithm. -

      -
      -

      - -

      -
      -

      -The environment variable PIV_EXT_AUTH_KEY must point to a file with the key. -The file format is NN:NN:NN:...:NN where a 3des key would have 24 NN pairs. -Oberthur cards use "-A A:9B:03", GemAlto cards use "-A M:9B:03" Both use 3des keys. -

      -
      -

      ---usepin, -P -

      -
      -

      -authenticate with pin (only early beta cards used this option.) -

      -
      -

      ---genkey, -G <ref>:<alg> -

      -
      -

      -Generate a key pair for <ref> with algorithm <alg> -and write public key to --out <file>. -

      -
      -

      ---cert, -C <ref> -

      -
      -

      -read cert from --in <file> and write the cert to the card. -

      -
      -

      ---req, -R -

      -
      -

      -(not yet implemented. see examples below.) -

      -
      -

      ---out, -o <file> -

      -
      -

      -file name to use for any output type operation. -

      -
      -

      ---in, -i <file> -

      -
      -

      -file name for input operation. -

      -
      -

      ---send-apdu, -s <arg> -

      -
      -

      -send an APDU after doing any -A operation. APDU is -in the form AA:BB:CC:DD... -

      -
      -

      ---reader, -r <arg> -

      -
      -

      -Use the given reader number. The default is 0, the first reader in the system. -

      -
      -

      ---card-driver, -c <arg> -

      -
      -

      -Use the given card driver. The default is auto-detected -

      -
      -

      ---wait, -w -

      -
      -

      -wait for card to be inserted -

      -
      -

      ---verbose, -v -

      -
      -

      -several times for more debugging output. -

      -
      -

      Examples

      -

      -In the following examples $CARD is used by your scripts to -identify the specific card. -

      -

      Generate a key pair

      -

      -The card can have 4 different keys and matching certificates. -These correspond to <ref> 9A, 9B, 9C and 9D. With pkcs#11 -these correspond with ID: 1, 2, 3, 4. -We will create the key for the "X.509 Certificate for PIV Authentication" -which matchs the key reference of 9A using a RSA 1024 bit key, and pkcs#11 ID 1. - -

      -
       PIV_EXT_AUTH_KEY=card/external.3des.key.$CARD
- export PIV_EXT_AUTH_KEY
- piv-tool -A A:9B:03 -G 9A:06 -o card/pubkey.1.$CARD
-

      Clear a certificate on the card

      -

      -There is no delete object command. Therefore write an object with a tag -of zero, using External Authenticate to the card using authentication: -

      -
       piv-tool -A A:9B:03 -s 00:DB:3F:FF:09:5C:03:5F:C1:05:53:00:00:00
-

      -(This needs to done if there is already a certificate on the card, otherwise -a generate cert request may use the public key from the old certificate, -rather the the one just generated.) -

      -

      Generate a certificate request

      -

      -Using OpenSSL, with the engine make sure the environment variable PIV_9A06_KEY -is set pointing at the file created by the generate key pair operation. -

      -
       PIV_9A06_KEY=card/pubkey.1.$CARD
- export PIV_9A06_KEY
- openssl << EOT
- engine dynamic -vvvv -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so \
-      -pre ID:pkcs11 -pre NO_VCHECK:1 \
-      -pre LIST_ADD:1 -pre LOAD  \
-      -pre MODULE_PATH:/usr/lib/opensc-pkcs11.so
- version
- req $SSLEAY_CONFIG -engine pkcs11 -md5 -new  \
-     -key slot_0-id_1 -keyform engine -out card/newreq.1.$CARD.pem -text
- EOT
-

      -(Note back slashes added for readability.) -

      -

      -When using the engine the environment variable PIV_9A06_KEY points at the -public key being used in the request, even if the <ref> and <alg> are not 9A -and 06. The pkcs#11 ID is defined in -key slot_0-id_<N> where -<N> = 1,2,3,4. -(TODO: change name to not include 9A06) -

      -

      Signing the request

      -

      -This step is independent of OpenSC and depends on your CA. For example, the -certificate request file could be pasted into your CA's web page. When signed, -save the certificate as card/cert.1.$CARD.pem for the next step. -

      -

      Load a Certificate

      -
       PIV_EXT_AUTH_KEY=card/external.3des.key.$CARD
- export PIV_EXT_AUTH_KEY
-
- piv-tool -A A:9B:03 -C 9A -i card/cert.1.$CARD.pem
-

      - -

      -

      - -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/PKCS11.html opensc-0.12.1/doc/nonpersistent/wiki.out/PKCS11.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/PKCS11.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/PKCS11.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,79 +0,0 @@ - - - PKCS11 – OpenSC -
      -
      - -

      PKCS11 Module

      -

      - PKCS #11: Cryptographic Token Interface Standard OpenSC implements v2.11 of the standard. -

      -

      -General -

      -

      -This standard specifies an API, called Cryptoki, to devices which hold cryptographic information and perform cryptographic functions. Cryptoki, pronounced crypto-key and short for cryptographic token interface, follows a simple object-based approach, addressing the goals of technology independence (any kind of device) and resource sharing (multiple applications accessing multiple devices), presenting to applications a common, logical view of the device called a cryptographic token. -

      -

      -OpenSC implements this standard in "opensc-pkcs11.so" module (on Windows: opensc-pkcs11.dll). -Every Software that can use cryptographic tokens such as Mozilla, Firefox and Thunderbird can -simply load this module and use all smart card supported by OpenSC for authentication, signing -and decryption. -

      -

      -Virtual slots -

      -

      -Smart cards can have several pins, and make the keys available to only some of those. -PKCS#11 interface however does not know about several pins. What OpenSC does is a trick: -if you have more than one pin, you will see several card / slot, each with the name of that pin -holder, and with the certificates/keys that pin can access. This feature is called virtual_slots -and can be configured in the config file. -

      -

      -Example: Take a card with 2 PINs. Each PIN protects a private key and each private key has a corresponding cert chain. And then there are 3 other roots certs that have nothing to do with the other data. Now if num_slots = 4, hide_empty_tokens = false; and if you put the card your second card reader, you'll get the following: -

      -
      • token in slot 4: PIN 1, key 1, cert chain 1 -
      • token in slot 5: PIN 2, key 2, cert chain 2 -
      • token in slot 6: the 3 other root certs -
      • token in slot 7: no data -

      -If hide_empty_tokens would have been true, slot 7 wouldn't show a token. -

      -

      -Note: if in the example the 2 cert chain would have common certificates, those certificates would appear in the tokens in slots 4 and 5. (Which would cause a problem if those certs were deleted, this hasn't been solved yet in OpenSC). -

      -

      -Another good-to-know: the number of virtual slots has been hard-coded (it is 8 at the moment). So if num_slots = 4, only the first 2 readers will be visible. Or if you'd put num_slots to 3, the first 2 readers will have 3 virtual slots and the third reader will have 2. -

      -

      -Installation -

      -

      -In OpenSC up to 0.9.6 the module was installed in /usr/lib/pkcs11 on linux, also some libraries -used by that module, and this cause some problems. The easiest way to fix it is to copy or symlink -all files to /usr/lib. -

      -

      -OpenSC starting with 0.10.0 does it right and installs all libraries and the opensc-pkcs11.so plugin -in /usr/lib. -

      -

      -Visibility of private keys -

      -

      -The PKCS11 standard requires that you provide a PIN before you can see info about the private keys -that are protected by the PIN. This isn't realy needed for the OpenSC library (not sensitive things -in the private key info) but a standard is a standard... -It's also a problem if you want to see if there are keys on the cards without providing a PIN first. -There's no real solution to this; perhaps the best way is to enumerate the certs, and assume that -each non-CA cert has a corresponding private key on the card (this requires to parse the certs, you -can't get this info from PKCS11). -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/pkcs11_keypair_gen.html opensc-0.12.1/doc/nonpersistent/wiki.out/pkcs11_keypair_gen.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/pkcs11_keypair_gen.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/pkcs11_keypair_gen.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,35 +0,0 @@ - - - pkcs11_keypair_gen – OpenSC -
      -
      - -

      -PKCS11 Keypair generation, certificate request and writing the requested cert to the card -

      -

      -You can use the the pkcs11 library (opensc-pkcs11.so or opensc-pkcs11.dll) with Mozilla/Firefox/Netscape to go to an on-line CA (Certificate Authority). In this case, the browser will: -

      -
      • ask the pkcs11 lib to generate a keypair on your card, -
      • create a certificate request, -
      • ask the pkcs11 lib to sign the cert request, -
      • send the cert request to the CA, -
      • (at a later time, when the CA is done) download the requested cert, -
      • and ask the pkcs11 lib to store the cert on your card. -

      -However in order to work: -

      -
      • you have to format your card with the "onepin" profile option: -
        • pkcs15-init -E -
        • pkcs15-init -C -p pkcs15+onepin --pin xxxx --puk yyyy -
      • you have set cache_pins should to true in opensc.conf -

      -Currently, only 1 certificate can be requested this way. The reason is that Mozilla changes the ID of the key and cert into a hash of 20 bytes, and this confuses our pkcs15init library (used to 1-byte IDs) who will attempt to create a new key on the place of the first key (which fails)... -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/Pkcs15Init.html opensc-0.12.1/doc/nonpersistent/wiki.out/Pkcs15Init.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/Pkcs15Init.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/Pkcs15Init.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,443 +0,0 @@ - - - Pkcs15Init – OpenSC -
      -
      - -

      1. Introduction

      -
      -

      -Nothing is impossible for the man who doesn't -have to do it himself. -- A.H. Weiler -

      -
      -

      -This guide is about initialising and personalising (no distinction made) cards -with the OpenSC library and tools (mostly pkcs15-init). -

      -

      -Some knowlegde about smart cards is assumed. Below is a short overview of some -key words and concepts. For more info, see the opensc.html manual. -

      -

      -Filesystem - MF - DF - EF - FID

      -A smart cards has a non-volatile memory (EEPROM) in which usually a -PC-like file system is implemented. The directories are called Dedicated Files -(DF) and the files are called Elementary Files (EF). They are identified by a -a File ID (FID) on 2 bytes. For example, the root of the file system (called -Master File or MF) has FID = 3F 00 (hex). -

      -

      -Commands - APDUs

      -It is possible to send commands (APDUs) to the card to select, read, write, -create, list, delete, ... EFs and DFs (not all cards allow all commands). -

      -

      -Access control, PIN, PUK

      -The file system usually implements some sort of access control on EFs and DFs. -This is usually done by PINs or Keys: you have to provide a PIN or show -knowledge of a key before you can perform some command on some EF/DF. A PIN -is usually accompanied by a PUK (Pin Unblock Key), which can be used to reset -(or unblock) that PIN. -

      -

      -Cryptographic keys

      -On crypto cards, it is also possible to sign, decrypt, generate a key pair -(what can be done exactly depends on the card). on some cards, key and/or PINs -are files in the filesystem, on other cards, they don't exist in the -filesystem but are referenced through an ID. -

      -

      -Reader - PC/SC - OpenCT - CT-API

      -Smart card readers come with a library that can be used on a PC to send APDUs -to the card. Commonly used APIs for those libraries are PC/SC, OpenCT and -CT-API. -

      -

      -PKCS#15

      -There are standards (e.g. ISO7816, parts 4-...) that specify how to select, -read, write, EFs and DFs, and how to sign, decrypt, login, ... -However, there is also a need to know which files contain what, or where the -keys, PINs, .. can be found. -

      -

      -For crypto cards, PKCS15 adresses this need by defining some files that contain -info on where to find keys, certificates, PINs, and other data. For example, -there is a PrKDF (Private Key Directory File) that contains the EFs or ID of -the private keys, what those keys can be used for, by which PINs they are -protected, ... -

      -

      -So a "PCKS#5 card" is nothing but any other card on which the right set of -files has been added. -In short: PKCS15 allows you to describe where to find PINs, keys, certificates -and data on a card, plus all the info that is needed to use them. -

      -

      A little PKCS#15 example

      -

      -Here's the textual contents of 3 PKCS#15 files: the AODF (Authentication -Object Directory File), PrKDF (Private Key Directory File) and CDF -(Certificate Directory File) that contain info on resp. the PINs, private -keys and certificates. Each of them contains 1 entry. -

      -
      AODF:
-    Com. Flags  : private, modifiable
-    Auth ID     : 01
-    Flags       : [0x32], local, initialized, needs-padding
-    Length      : min_len:4, max_len:8, stored_len:8
-    Pad char    : 0x00
-    Reference   : 1
-    Encoding    : ASCII-numeric
-    Path        : 3F005015
-
-PrKDF:
-    Com. Flags  : private, modifiable
-    Com. Auth ID: 01
-    Usage       : [0x32E], decrypt, sign, signRecover, unwrap, derive, nonRep
-    Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract, local
-    ModLength   : 1024
-    Key ref     : 0
-    Native      : yes
-    Path        : 3F00501530450012
-    ID          : 45
-
-X.509 Certificate [/C=BE/ST=...]
-    Com. Flags  : modifiable
-    Authority   : no
-    Path        : 3f0050154545
-    ID          : 45
-

      -Some things to note: -

      -
      • The Auth ID (01) of the private key is the same as the one of the PIN which means that you first have to do a login with this PIN before you can use this key. -
      • The key is in an EF with ID = 0012 in the DF with ID = 3045, which on its turn is a DF with ID = 5015, which on its turn is a DF of the MF (3F00). -
      • The private key and certificate share the same ID (45), which means that they belong together. -
      • The cert is in the EF with as path: 3F00\5015\4545 and is no CA cert. -

      -Use the pkcs15-tool --dump tool to see yourself what pkcs15 data is on -your card, or opensc-explorer to browse through the files. -

      -

      -Have the PKCS#15 files a fixed place so everyone can find them? No, there's -only one: the EF(DIR) in the MF and with ID 2F00. That's the starting place. -

      -

      2. The OpenSC pkcs15-init library and profiles

      -

      -Reading and writing files, PIN verification, signing and decryption happen in -much the same way on all cards. Therefore, the "normal life" commands have -been implemented in OpenSC for all supported cards. -

      -

      -However, creating and deleting files, PINs and keys is very card specific and -has not yet been implemented for all cards. Currently, pkcs15-init is -implemented for: Cryptoflex, Cyberflex, CardOS (etoken), GPK, Miocos, Starcos -JCOP and Oberthur. (Check src/pkcs15init/pkcs15-*.c for possible updates). -Because of this, and because pkcs15-init is not necessary for "normal life" -operations, it has been put in a separate library and in a separate directory. -

      -

      -Profile

      -Because the initialisation/personalisation is so card-specific, it would be -very hard to make a tool or API that accepts all parameters for all current -and future cards. Therefore, a profile file has been made in OpenSC that -contains all the card-specific parameters. This card-specific profile is read -by card-specific code in the pkcs15-init library each time this library is -used on that card. -See the *.profile files in src/pkcs15init/. There is one general file -(pkcs15.profile) and one card-specific profile for each card. -

      -

      -Profile options

      -There are currently 3 options you can specify to modify a profile: -

      -
      • default: creation/deletion/generation is controlled by the SO PIN (SO = -Security Officer, different from the regular user of the card) -
      • onepin: creation/deletion/generation is controlled by the user PIN and thus -by the user. As a result, only 1 user PIN is possible -
      • small: like default, but suitable for card with little memory -

      3. pkcs15-init tool

      -

      -This is a command-line tool that uses the pkcs15-init library. It allows you -to do all the init/perso things, e.g. add/delete keys, certificates, PINs and -data, generate keys, ... while specifying key usage, which PIN protects -which key, ... -

      -

      -As said before, not all cards are supported in the pkcs15-init library. In that -case, the pkcs15-init tool won't work (top 5 questions on the mailing list :-). -To find out which card you have, try "opensc-tool -n" -

      -

      -Below is explained how to do the operations that are supported by pkcs15-tool. -Not all options are explained (run "pkcs15-tool -h" to see them) because some -are card-specific or obsolete (or we don't know about them). Feel free to -experiment and explain them here. -

      -

      -So the things in this section are fairly general but not guaranteed to work -for all cards. See also the section on "card-specific issues". -

      -

      -The --reader or -r can be given with any command. By default the first reader -is used. Do "opensc-tool -l" to see the list of available readers. -

      -

      -The typical order of the commands is: -

      -
      • erase (-E) the card if needed -
      • create (-C) the PKCS15 files -
      • add a user PIN (unless you did a '-C' with the 'onepin' profile option) -
      • add a key + cert (-S) or generate a key (-G) + a add a cert (-W) -

      -To see the results of what you did, you can do one of the following: -

      -
         pkcs15-tool --list-pins --list-public-keys -k -c -C
-   pkcs15-tool --dump
-

      -To see/dump the content of any file, use the opensc-explorer tool. -

      -

      Create the PKCS15 files

      -
            pkcs15-init -C {-T} {-p <profile>}
-         --so-pin <PIN> --so-puk <PUK> | --no-so-pin | --pin <PIN> --puk <PUK>
-

      -This will create the PKCS15 DF (5015) and all the PKCS15 files (some of which -will be empty until a key, PIN, ... will be added). It must be done before you -can do any of the operations below. -

      -
      • This operation usually requires a 'transport' key. pkcs15-init will ask you -for this key and propose the default one for that card. With -T, the default -key will be used without asking. NOTE: if you get a "Failed to erase card: -PIN code or key incorrect", the transport key is wrong. Find this key and -then try again, DO NOT try with the default key again! -
      • If you want an SO PIN and PUK, do so with the --so-pin and --so-puk options, -or specify --no-so-pin if you don't want them. If you use the onepin profile, -there is no SO PIN so you should specify --pin and --puk instead. -(So you get: pkcs15-init -CT -p pkcs15+onepin --pin <PIN> --puk <PUK>) -
      • To specify the profile file + option. The profile file can only be "pkcs15" -for the moment, so you can have: -
            pkcs15+default : the default (not needed to specify it)
-    pkcs15+onepin  : for the onepin profile option
-    pkcs15+small   : for the small profile option
-

      Erase the card's content

      -
            pkcs15-init -E {-T}
-

      -This will delete all keys, PINs, certificates, data that were listed in PKCS15 -files, along with the PKCS15 files themselves. -

      -
      • This operation usually requires a 'transport' key. pkcs15-init will ask you -for this key and propose the default one for that card. With -T, the default -key will be used without asking. NOTE: if you get a "Failed to erase card: -PIN code or key incorrect", the transport key is wrong. Find this key and -then try again, DO NOT try the default key again! -

      -Note: you can combine erase/create (-E -C or -EC) to erase and then create -the card's contents, except when you change the profile option. -

      -

      Add a PIN (not possible with the onepin profile option)

      -
            pkcs15-init -P {-a <AuthID>} {--pin <PIN>} {--puk <PUK>} {-l <label>}
-
      • You can specify the AuthID with -a, if you don't do so, a value that didn't -exist yet on the card will be used. -
      • Specify the PIN and PUK with --pin and --puk, if you don't do so, the tool -will prompt you for one. -
      • Specify the label (name) of the PIN with -l, or accept the default label. -

      Generate a key pair (on card or in software on the PC)

      -
            pkcs15-init -G <keyspec> -a <AuthID> --insecure {-i <ID>} {--soft}
-                  {-u <keyusage>}
-                  {-l <privkeylabel>} {--public-key-label <pubkeylabel>}
-

      -This will generate a public and private key pair. -

      -
      • The keyspec consist of the key type, rsa or dsa (depends on what your card -supports), and optinally a slash followed by the keysize in bits. E.g. -"rsa/1024" specifies a 1024-bit RSA key pair. Note: dsa is not fully -supported. -
      • Specify the AuthID of the PIN that protects this key (protect from being -used in a signature or decryption operation) with -a; or specify --insecure -if you want the private key to be used without first providing a PIN. -
      • Specify the ID of the key with -i, otherwise the tool will choose one. -
      • Specify --soft if you don't want the key pair to be generated on card. -
      • Specify the usage of the private key with -u; if you add a -corresponding certificate later, it should have the same key usage. -(Do "pkcs15-init -u help" for help). -
      • Specify the label (name) of the private key with -l, or accept the default -label. -
      • Specify the label (name) of the public key with --public-key-label, or -accept the default label. -
      • Depending on your card and profile option, you will be prompted to provide -your SO PIN and/or PIN; if you don't want to be prompted, add them to the -command line with --so-pin <SOPIN> and/or --pin <PIN>. -

      -NOTE: see the SSL engines (below) on how to make a certificate request with -the key you generated. -

      -

      Add a private key

      -
            pkcs15-init -S <keyfile> {-f <keyformat>} -a <AuthID> --insecure
-                  {-i <ID>} {-u <keyusage>} {--passphrase <password>}
-                  {-l <label>}
-
      • The keyfile should be in DER (binary) or PEM format. -
      • The keyformat should be PEM (default) or DER. -
      • Specify the AuthID of the PIN that protects the private key (from being used -in a signature or decryption operation) with -a; or specify --insecure if -you want the private key to be used without first providing a PIN -
      • Specify the ID of the key with -i -
      • Specify the usage of the private key with -u; if you add a -corresponding certificate later, it should have the same key usage. -(Do "pkcs15-init -u help" for help). -
      • Specify the label (name) of the with -l, or accept the default label if -you don't do so. -
      • Depending on your card and profile option, you will be prompted to provide -your SO PIN and/or PIN; if you don't want to be prompted, add them to the -command line with --so-pin <SOPIN> and/or --pin <PIN>. -

      Add a private key + certificate(s) (in a pkcs12 file)

      -
            pkcs15-init -S <pkcs12file> -f PKCS12 -a <AuthID> {--insecure} {-i <ID>}
-        {-u <keyusage>} {--passphrase <password>}
-        {-l <privkeylabel>} {--cert-label <usercertlabel>}
-

      -This adds the private key and certificate chain to the card. If a certificate -already exists in the card, it won't be added again. -

      -
      • Specify the AuthID of the PIN that protects this key (protect from being -used in a signature or decryption operation) with -a; or specify --insecure -if you want the private key to be used without first providing a PIN. -
      • Specify the ID of the key and the corresponding certificate with -i, -otherwise the tool with choose one; only the 'user cert' will get the same -ID as the key, -the other certificates will get 'authority' status and another ID. -
      • You can specify the key-usage, but it is advised not to do this so the key -usage is fetched from the certificate. -
      • Specify the password of the pkcs12 key file if you don't want to be prompted -for one. -
      • Specify the label (name) of the private key with -l, or accept the default -label if you don't do so. -
      • Specify the label (name) of the user certificate with --cert-label, or -accept the default label if you don't do so. -
      • Depending on your card and profile option, you will be prompted to provide -your SO PIN and/or PIN; if you don't want to be prompted, add them to the -command line with --so-pin <SOPIN> and/or --pin <PIN>. -

      Add a certificate

      -
            pkcs15-init -X <certfile> {-f <certformat>} {-i <ID>} {--authority}
-
      • The certfile should be in DER (binary) or PEM format -
      • The certformat should be PEM (default) or DER -
      • Specify the ID of the certificate with -i, otherwise the tool with choose -one; if the certificate corresponds to a private and/or public key, you -should specify the same ID as that key. -
      • Specify --authority if it is a CA certificate. -
      • Depending on your card and profile option, you will be prompted to provide -your SO PIN and/or PIN; if you don't want to be prompted, add them to the -command line with --so-pin <SOPIN> and/or --pin <PIN>. -

      Add a public key

      -
            pkcs15-init --store-public-key <keyfile> {-f <keyformat>} {-i <ID>}
-                  {-l <label>}
-
      • The keyfile should be in DER (binary) or PEM format -
      • The keyformat should be PEM (default) or DER -
      • Specify the ID of the key with -i, otherwise the tool with choose one; -if the key corresponds to a private key and/or certificate, you should -specify the same ID as that private key and/or certificate. -
      • Specify the label (name) of the with -l, or accept the default label if -you don't do so. -
      • Depending on your card and profile option, you will be prompted to provide -your SO PIN and/or PIN; if you don't want to be prompted, add them to the -command line with --so-pin <SOPIN> and/or --pin <PIN>. -

      Add data

      -
            pkcs15-init -W <datafile> {-i <ID>} {-l <label>}
-
-
      • The datafile is stored "as is" onto the card. -
      • Specify the ID of the data with -i, or accept the default ID. -
      • Specify the label (name) of the data with -l, or accept the default label. -
      • Depending on your card and profile option, you will be prompted to provide -your SO PIN and/or PIN; if you don't want to be prompted, add them to the -command line with --so-pin <SOPIN> and/or --pin <PIN>. -

      Update a certificate

      -
            pkcs15-init -U <certfile> -f <format> -i <ID> {-a <pinid>}
-
      • Specify path to the cert file with -U, default format = PEM -
      • Specify the cert format (DER or PEM) with -f -
      • Specify the ID of the cert with -i. -
      • Specify the ID of the PIN needed to update the cert file (and if needed -to delete it and create and write a new one) with -a. -
      • Depending on your card and profile option, you will be prompted to provide -your SO PIN and/or PIN; if you don't want to be prompted, add them to the -command line with --so-pin <SOPIN> and/or --pin <PIN>. -
      • NOTE: if the new cert is bigger then the old one, the tool will try to delete -the old cert file and create a new one. This won't work for most card -(probably SetCOS 4.4.1 is the only one where it works..) -

      Change attributes (currently only the label)

      -
            pkcs15-init -A <type> -i <ID> -l <label> {-a <pinid>}
-

      -This allows you to modify the label of a certain PKCS15 object. -

      -
      • The type of the object should be one of the following: privkey, pubkey, cert, data. -
      • Specify the ID of the object with -i. -
      • Specify the new label with -l. -
      • Specify the ID of the PIN needed to update the corresponding PKCS15 file with -a. -
      • Depending on your card and profile option, you will be prompted to provide -your SO PIN and/or PIN; if you don't want to be prompted, add them to the -command line with --so-pin <SOPIN> and/or --pin <PIN>. -

      4. Other tools

      -

      SSL-engines

      -

      -These libraries can be loaded in OpenSSL so you can do a certificate request -with the openssl tool; the signature of the certificate request will then be -made using the smart card. The result can then be sent to a CA for -certification or the resulting certificate can be put on the card with pkcs15-init -or pkcs11-tool. -

      -
      • Run openssl -
      • On the openssl command prompt, type -
            engine dynamic -pre SO_PATH:engine_pkcs11 -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD
-
        to use the PKCS #11 engine -
      • Then type (on the openssl command prompt) -
            req -engine pkcs11 -new -key <ID> -keyform engine -out <cert_req>
-
        in which ID is the slot+ID in the following format: -[slot_<slotID>][-][id_<ID>], e.g. id_45 or slot_0-id_45 -

      pkcs11-tool and Mozilla/Netscape

      -

      -You can use the OpenSC pkcs11 library to generate a key pair in Mozilla or -Netscape, and let the browser generate a certificate request that is sent -to an on-line CA to issue and send your a certificate that is then added to the -card. -

      -

      -Just go to an online CA (Globalsign, Thawte, ...) and follow their guidelines. -Because such a request either costs you or at least requires you to provide a -valid mail address, it is advisable to first try you card with -"pkcs11-tool --moz-cert <cert_file_in_der_format> --login". -

      -

      -NOTE: This can only be done with the onepin profile option (because the browser -won't ask for an SO PIN, only for the user PIN). -

      -

      5. Card-specific issues

      -
      -

      -Experience is that marvelous thing that enables you to recognize -a mistake when you make it again. -- Franklin P. Jones -

      -
      -

      -Cryptoflex: -

      -
      • DFs and EFs in a DF have to be deleted in reverse order of creation. -OpenSC relies on this fact for security, but also has some downsides. For -example, if you did a "pkcs15-init -C" and then added some EFs or DFs in the -MF, you won't be able to do a "pkcs15-init -E" afterwards to remove the -PKCS15 DF (5015). So you'll first have to manually remove all EFs/DFs you -created in the MF before being able remove the pkcs15 DF. -

      -Starcos SPK 2.3: -

      -
      • Due to the way Starcos SPK 2.3 manages access rights it is necessary -to manually call "pkcs15-init --finalize" after card personalization -if no SO-PIN has been specified. Once the card has been finalized it is -not possible to add new private/secret keys or PINs. If a SO-PIN is -used the card will automatically be finalized after the SO-PIN has -been stored. -
      • If an SO-PIN is used and if there is enough space in the key file left, -then the owner of the SO-PIN can access/use every protected item by -creating a PIN for the necessary state. -
      - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/PKCSCSPDesc.html opensc-0.12.1/doc/nonpersistent/wiki.out/PKCSCSPDesc.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/PKCSCSPDesc.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/PKCSCSPDesc.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,19 +0,0 @@ - - - PKCSCSPDesc – OpenSC -
      -
      - -

      -This is a more detailed description of PKCS CSP Cryptographic Service Provider -

      -

      -Look inside the  http://www.ilex.fr/download/pkcscsp.zip archive for the doc directory, there is an english version for the documentation. -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/PKI.html opensc-0.12.1/doc/nonpersistent/wiki.out/PKI.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/PKI.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/PKI.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,39 +0,0 @@ - - - PKI – OpenSC -
      -
      - -

      Public Key Infrastructure

      -

      -There are many different PKI systems out there. We expect most of them will be able to use -PKCS#11 modules or CSP modules on Windows, and OpenSC should work fine with most of them. -

      -

      -Here is a list of those we got feedback from: -

      -

      OpenCA

      -

      - OpenCA is an open source CA offering PKI services. -It should work with OpenSC as far as we know, but this is not 100% sure. -FIXME: add details. -

      -

      -OpenCA is web based, uses the apache server, ldap or sql servers etc. -

      -

      IDX-PKI

      -

      - IDX-PKI is an Open Source implementation -of a Public Key Infrastructure which aims to be IETF compliant for PKIX recommendations. -IDX-PKI is already used by companies and public agencies. -

      -

      -IDX-PKI is also web based, uses the apache server, ldap etc. -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/PortugeseEid.html opensc-0.12.1/doc/nonpersistent/wiki.out/PortugeseEid.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/PortugeseEid.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/PortugeseEid.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,23 +0,0 @@ - - - PortugeseEid – OpenSC -
      -
      - -

      Portuguese eID

      -

      -Portugal also has an eID card -  http://www.cartaodocidadao.pt -

      -

      -The  software download page lists software for windows/mac/linux where the unix software seems to be based on opensc (custom libopensc provided with the software). No source code seems to be provided. -

      -

      -Work is currently underway to support the Portuguese eID card in OpenSC. -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/PortugueseEid.html opensc-0.12.1/doc/nonpersistent/wiki.out/PortugueseEid.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/PortugueseEid.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/PortugueseEid.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,35 +0,0 @@ - - - PortugueseEid – OpenSC -
      -
      - -

      Portuguese eID

      -

      -Portugal also has an eID card. More info at  http://www.cartaodocidadao.pt. -

      -

      Card Versions

      -

      -It appears that two versions of the card exist. One is based on the Gemsafe applet and the other on the IAS specification. -

      -

      Official Middleware

      -

      -The  software download page lists software for Windows, Mac OS X and Linux. Parts of the software are based on OpenSC (custom libopensc provided with the software). -

      -

      -At this time, the Mac version does not provide a Tokend, so the card is not supported by applications which use the CDSA/CSSM API. Also, no source code is provided. -

      -

      OpenSC support

      -

      -OpenSC trunk currently supports the Portuguese eID card. -

      -

      -Mac OS X full support is available through OpenSC.Tokend. -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/PrimeCard.html opensc-0.12.1/doc/nonpersistent/wiki.out/PrimeCard.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/PrimeCard.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/PrimeCard.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,16 +0,0 @@ - - - PrimeCard – OpenSC -
      -
      - -

      -Card produced by the card personalisation system. See  http://primekey.se/primekey/en/Products/PrimeCard.html -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/PuTTYcard.html opensc-0.12.1/doc/nonpersistent/wiki.out/PuTTYcard.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/PuTTYcard.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/PuTTYcard.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,287 +0,0 @@ - - - PuTTYcard – OpenSC -
      -
      - -

      PuTTYcard

      -

      -The idea behind PuTTYcard was to extend the capabilities -of PuTTY without adding dependencies to PuTTY. Therefore -all smart card routines were realized within a seperate -DLL (namely PuTTYcard.dll). Pageant.exe would try to open -this DLL. If it could not find it, it would behave like -a "normal" Pageant. -

      -

      -This only needed about 20 lines of codes within the source -of pageant.exe and I was hoping that the PuTTY team would -include this into future PuTTY-packages. They did not :-( -

      -

      -Therefore I merged the source code of PuTTYcard.dll with -the source code of pageant.exe and released a smart card -enabled version of pageant.exe. If you are interested you -may download it at - http://smartcard-auth.de/ssh-en.html. -

      -

      -You must register your public key if you want to use -some features (for example secure PIN entry). -If you used PuTTYcard in the past or are willing to test -my smart card enabled version of pageant.exe with a new -card or a new card reader I will send you a free licence. -Just let me know at pk@…. -

      -

      PuTTYcard

      -

      -PuTTYcard is an extension to PuTTY, the free SSH-client -from Simon Tatham. With this extension PuTTY can use -RSA-keys from external devices, ie. smart cards, usb-tokens. -

      -

      -If pageant is called with one argument, it will interpret -this argument as the name of a key-file. Pageant will then -load this ppk-file into its keylist, or if another instance of -Pageant is already running into the keylist of that instance. -

      -

      -The pageant-version from PuTTYcard-0.58-V1.2.zip (can be downloaded -from OpenSCs contrib area) will do exactly the same thing -with one exception. If the first line of the ppk-file -has the form: -

      -
      PuTTYcard,<path to DLL>,<arguments for the DLL>
-

      -then Pageant will NOT read the key from the ppk-file. Instead -it loads the DLL and calls a function from that DLL passing -the arguments from the ppk-file to this function. -

      -

      -The function may then fetch a public RSA key from any -source. Possbile choices are: files, smart cards, PKCS11 -libraries, Cryptographic Service Providers, etc. -

      -

      -PuTTYcard-0.58-V1.2.zip contains PuTTYiso7816.dll. This -DLL will load an RSA key from any ISO-7816-8 compatible -smart card. PuTTYiso7816 need additional information -from the ppk-file, namely the location of the RSA key -on your specific smartcard. -

      -

      -This information is given as 4 hexadecimal numbers, i.e. -your ppk-file should look like -

      -
      PuTTYcard,PuTTYiso7816.dll,<path>,AA,BB,CCCC
-

      -<path> is the DF on your smart card that contains the RSA-key. -This must be specified as a 4,8,12 or 16digit hexadecimal -number. Do NOT prefix the path with 3F00. -AA is the key-reference of the private key, BB is the -pin-reference of the pin that protects your private key. -CCCC is the ID of a file on your card that contains your -public key. This file must either contain the public key -as two ASN1-encoded records or it must be a certificate file -from which the pulic key will be extracted. -

      -

      How do I find the above mentiones numbers?

      -

      -One of the first actions of PuTTYcard -is to change its working DF to the DF given by the -<path>-argument. The remaining information -(private and public key, PIN and maybe a certificate) -will then be read from that DF. Try pkcs15-tool -k -to list all of your keys and that should give you the -information you need. -

      -

      -Here's the output for my Netkey E4 card: -

      -
      $ pkcs15-tool -k
-Private RSA Key [Signatur-Schlüssel]
-        Com. Flags  : 1
-        Usage       : [0x204], sign, nonRepudiation
-        Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract, local
-        ModLength   : 1024
-        Key ref     : 128
-        Native      : yes
-        Path        : DF015331
-        Auth ID     : 04
-        ID          : 01
-
-Private RSA Key [Authentifizierungs-Schlüssel]
-        Com. Flags  : 1
-        Usage       : [0x207], encrypt, decrypt, sign, nonRepudiation
-        Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract, local
-        ModLength   : 1024
-        Key ref     : 130
-        Native      : yes
-        Path        : DF015371
-        Auth ID     : 04
-        ID          : 02
-
-Private RSA Key [Verschlüsselungs-Schlüssel]
-        Com. Flags  : 1
-        Usage       : [0x207], encrypt, decrypt, sign, nonRepudiation
-        Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract, local
-        ModLength   : 1024
-        Key ref     : 129
-        Native      : yes
-        Path        : DF0153B1
-        Auth ID     : 03
-        ID          : 03
-

      -This card has three keys all of which are stored in DF DF01. -This is your <path>-value. Do not include the last component of the -path from the pkcs15-tool-output as this is the ID of the -private key itself. -

      -

      -The next information you need is the key reference. This value -is included as a decimal number in the above output (ie. 128, 130 and 129). -This value must be converted to a 2-digit hexadcimal number. Let's -use the second key, so your AA-value is 82. -

      -

      -Your private key is protected by a PIN and the pkcs15-tool -k-output -contains the Auth-ID of this PIN. Here it is 04. This is not -your PIN-reference. Use pkcs15-tool --list-pins to list all -your PINs and use the PIN-reference of the PIN that has the same Id -as the Auth-Id of your key. -

      -
      $ pkcs15-tool --list-pins
-PIN [globale PIN]
-        Com. Flags: 0x3
-        ID        : 01
-        Flags     : [0x51], case-sensitive, initialized, unblockingPin
-        Length    : min_len:6, max_len:16, stored_len:16
-        Pad char  : 0x00
-        Reference : 0
-        Type      : ascii-numeric
-        Path      : 5000
-        Tries left: 3
-
-PIN [globale PUK]
-        Com. Flags: 0x3
-        ID        : 02
-        Flags     : [0xD1], case-sensitive, initialized, unblockingPin, soPin
-        Length    : min_len:8, max_len:16, stored_len:16
-        Pad char  : 0x00
-        Reference : 1
-        Type      : ascii-numeric
-        Path      : 5001
-        Tries left: 3
-
-PIN [lokale PIN0]
-        Com. Flags: 0x3
-        ID        : 03
-        Flags     : [0x13], case-sensitive, local, initialized
-        Length    : min_len:6, max_len:16, stored_len:16
-        Pad char  : 0x00
-        Reference : 128
-        Type      : ascii-numeric
-        Path      : DF015080
-        Tries left: 3
-
-PIN [lokale PIN1]
-        Com. Flags: 0x3
-        ID        : 04
-        Flags     : [0xD3], case-sensitive, local, initialized, unblockingPin, soPin
-        Length    : min_len:6, max_len:16, stored_len:16
-        Pad char  : 0x00
-        Reference : 129
-        Type      : ascii-numeric
-        Path      : DF015081
-        Tries left: 3
-

      -Again the PIN-reference is given in decimal (here it is 129) and must be -converted to a 2-digit hexdecimal number, namely 81. This is -your BB-value. -

      -

      -Finally you need the file-ID of the public key or a certificate file -from which he public key could be extracted. -

      -

      -So either use pkcs15-tool --list-public-keys or -pkcs15-tool -c. With my Netkey card pkcs15-tool --list-public-keys -does not show any keys. This is because my Netkey card -contains the public key, but it cannot be used for cryptographic -operations. From other sources (ie. card doku) I know that -the public key is stored in file DF01:4571, so one possible -CCCC-value is 4571. -

      -

      -If I list all my certificates I get: -

      -
      $ pkcs15-tool -c                
-X.509 Certificate [Telesec Signatur Zertifikat]
-        Flags    : 0
-        Authority: no
-        Path     : DF01C000
-        ID       : 01
-
-X.509 Certificate [User Signatur Zertifikat 1]
-        Flags    : 2
-        Authority: no
-        Path     : DF014331
-        ID       : 01
-
-X.509 Certificate [User Signatur Zertifikat 2]
-        Flags    : 2
-        Authority: no
-        Path     : DF014332
-        ID       : 01
-
-X.509 Certificate [Telesec Authentifizierungs Zertifikat]
-        Flags    : 0
-        Authority: no
-        Path     : DF01C100
-        ID       : 02
-
-X.509 Certificate [User Authentifizierungs Zertifikat 1]
-        Flags    : 2
-        Authority: no
-        Path     : DF014371
-        ID       : 02
-
-X.509 Certificate [Telesec Verschlüsselungs Zertifikat]
-        Flags    : 0
-        Authority: no
-        Path     : DF01C200
-        ID       : 03
-
-X.509 Certificate [User Verschlüsselungs Zertifikat 1]
-        Flags    : 2
-        Authority: no
-        Path     : DF0143B1
-        ID       : 03
-

      -A certificate contains the right public key, if it has the -same ID as the private key (here 02). My card has two such -certificates namely DF01:C100 and DF01:4371 so two other -possible CCCC-values are C100 and 4371 -

      -

      -On a Netkey card a private key may be protected by more than -one PIN. So instead of PIN-reference 81 (which references -local PIN1) I may alternatively use PIN-reference 00 (which -references global PIN0) -

      -

      -So all of the following six lines will work: -

      -
      PuTTYcard,PuTTYiso7816.dll,DF01,82,81,4571
-PuTTYcard,PuTTYiso7816.dll,DF01,82,81,C100
-PuTTYcard,PuTTYiso7816.dll,DF01,82,81,4371
-PuTTYcard,PuTTYiso7816.dll,DF01,82,00,4571
-PuTTYcard,PuTTYiso7816.dll,DF01,82,00,C100
-PuTTYcard,PuTTYiso7816.dll,DF01,82,00,4371
-
      - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/QuickStart.html opensc-0.12.1/doc/nonpersistent/wiki.out/QuickStart.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/QuickStart.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/QuickStart.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,257 +0,0 @@ - - - QuickStart – OpenSC -
      -
      - -

      Quick Start with OpenSC

      -

      -If you haven't already, please first take a look at our OverView page, the -OperatingSystems page and the CompilingInstalling page. -

      -

      Before we start…

      -

      -A word of warning: these experiments can destroy your card (e.g. if we -have a bug. there is _NO WARRANTY_ on opensc of any kind). Also -be sure to make notes of everything you do, especially the pin and -puk and so-pin and so-puk you set, as it is not possible to erase some -cards without these! -

      -

      Install the required middleware

      -

      -Many card readers (or standalone USB tokens) use a nonstandard wire format for communicating between the computer and the device. You will need to get the corresponding (often proprietary) software up and running first. For USB tokens see the respective page on this Wiki (eg for Aladdin EToken, Rainbow IKey 3000). For card readers, you should get to the point where the LED turns on when you plug it into the USB socket. -

      -

      Install OpenSC

      -

      -For Mac OS X, download and install SCA. -

      -

      -For Windows, visit the build project. -

      -

      -For Linux, either use your distribution's package manager or install from source. -

      -

      Test OpenSC

      -

      -First check if your smart card reader is found: -

      -
      $ opensc-tool --list-readers
-Readers known about:
-Nr.    Driver     Name
-0      openct     Towitoko Chipdrive Micro
-1      openct     Aladdin eToken PRO
-2      openct     OpenCT reader (detached)
-3      openct     OpenCT reader (detached)
-4      openct     OpenCT reader (detached)
-

      -You can see, openct claims five slots, but only two are used. -This is done to support hotplugging, those slots can be filled -later by additional readers you plugin via usb. -

      -

      -Next test is to see if your card is found. Every card has a so -called ATR ("Answer to reset"), a hex string used for identifying -the card type. -

      -
      $ opensc-tool --reader 0 --atr
-3b:e2:00:ff:c1:10:31:fe:55:c8:02:9c
-

      -Lets see if that card is supported by OpenSC. If so, we should -know the name of the card: -

      -
      $ opensc-tool --reader 0 --name
-Cryptoflex 32K e-gate
-

      -OpenSC has a small low level tool for exploring your smart card. -This is useful if you have a new card and want to look at it, -or check some details. -

      -
      $ opensc-explorer
-

      -However opensc-explorer only works with known cards and -even then: some cards don't have then required functionality, -for example no "ls" command. -

      -

      Quick start guide to initializing a blank card

      -

      -The best way to use all features of OpenSC is to start -with a blank card and initialize it with OpenSC. Make sure -your vendor sold you a real blank card, many vendors -also have pre-initialized cards, and those only work -with the vendors software, but not or only limited with -OpenSC. -

      -

      -'Warning: 'before writing any data on the token please -read the smartcard os specific wiki pages as some smartcards cannot be -deleted once initialized. -

      -

      -You can add "-v" to all of these commands, to get a more verbose -output. Adding "-v" more than once will enable debugging or increase -the debugging level. -

      -

      -First you need to create the basic structure. At this step you are -asked to enter a "security office" pin. Only with this pin you can -alter the card, but that pin is not needed to use the keys. -

      -
      $ pkcs15-init --create-pkcs15
-New Security Officer PIN (Optional - press return for no PIN).
-Please enter Security Officer PIN: 
-Please type again to verify: 
-Unblock Code for New User PIN (Optional - press return for no PIN).
-Please enter User unblocking PIN (PUK): 
-Please type again to verify: 
-

      -Next step is to create a user and a pin. That pin is needed for -using the keys we will create later. -

      -
      $ pkcs15-init --store-pin --auth-id 01 --label "Andreas Jellinghaus"
-New User PIN.
-Please enter User PIN: 
-Please type again to verify: 
-Unblock Code for New User PIN (Optional - press return for no PIN).
-Please enter User unblocking PIN (PUK): 
-Please type again to verify: 
-Security officer PIN required.
-Please enter Security officer PIN: 
-

      -Now create a key. Both pins are needed for this. -

      -
      $ pkcs15-init --generate-key rsa/1024 --auth-id 01
-Security officer PIN required.
-Please enter Security officer PIN: 
-User PIN required.
-Please enter User PIN: 
-Security officer PIN required.
-Please enter Security officer PIN: 
-

      -You can list the keys on the token with -

      -
      $ pkcs15-tool --list-keys
-Private RSA Key [Private Key]
-        Com. Flags  : 3
-        Usage       : [0x4], sign
-        Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract, local
-        ModLength   : 1024
-        Key ref     : 16
-        Native      : yes
-        Path        : 3F005015
-        Auth ID     : 01
-        ID          : 45
-

      Testing using OpenSSL

      -

      -If you followed thus far, your token is now fitted with a private RSA key that it generated itself and never divulged to anybody (not even the host computer). Assuming engine_pkcs11 is installed, we can use this key and openssl to create -a self signed certificate, still without divulging the key; the necessary cryptographic computations will occur on-token. -

      -

      -Let's start the OpenSSL interactive shell and load the engine pkcs11 so that OpenSSL can ask the token to do the crypto (as opposed to doing it from your computer's CPU). -

      -
      • Linux: open a terminal and type this (skipping the prompts): -
        $ openssl
-OpenSSL> engine dynamic -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:opensc-pkcs11.so
-
      • Mac OS X: open a terminal and type this (skipping the prompts): -
        $ /Library/OpenSC/bin/openssl
-OpenSSL> engine dynamic -pre SO_PATH:/Library/OpenSC/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/lib/opensc-pkcs11.so
-

      -In both cases, OpenSSL should respond with something like -

      -
      (dynamic) Dynamic engine loading support
-[Success]: SO_PATH:/usr/lib/engines/engine_pkcs11.so
-[Success]: ID:pkcs11
-[Success]: LIST_ADD:1
-[Success]: LOAD
-Loaded: (pkcs11) pkcs11 engine
-OpenSSL>
-

      -It is important to enter the whole long command in one single command -line. I usually copy&paste the command, to make sure I don't mistype -anything. -

      -

      -Staying at the OpenSSL prompt, now type: -

      -
      OpenSSL> req -engine pkcs11 -new -key id_45 -keyform engine -x509 -out cert.pem -text
-SmartCard PIN: 
-You are about to be asked to enter information that will be incorporated
-into your certificate request.
-What you are about to enter is what is called a Distinguished Name or a DN.
-There are quite a few fields but you can leave some blank
-For some fields there will be a default value,
-If you enter '.', the field will be left blank.
------
-Country Name (2 letter code) [AU]:.
-State or Province Name (full name) [Some-State]:.
-Locality Name (eg, city) []:.
-Organization Name (eg, company) [Internet Widgits Pty Ltd]:.
-Organizational Unit Name (eg, section) []:.
-Common Name (eg, YOUR name) []:Andreas Jellinghaus
-Email Address []:aj@dungeon.inka.de
-
-Please enter the following 'extra' attributes
-to be sent with your certificate request
-A challenge password []:
-An optional company name []:
-OpenSSL> 
-

      -This creates a signed certificate as file cert.pem (again, without divulging the private key). You can verify that it is indeed self-signed (the private key is not required for this): exit OpenSSL and type -

      -
      $ openssl verify -CAfile cert.pem cert.pem
-cert.pem: OK
-

      -If instead you remove the "-x509" flag in the req OpenSSL command, you get a certificate signing request. Send it to the CA, wait till you get it back, signed, and -proceed. -

      -

      -Now we can store the certificate side by side with the key on the -token, as a piece of public (but read-only) data. It is important to -save the certificate under the same ID as the key, so that applications wanting to use that certificate on your behalf can find the private key as well. You can get a list -of all keys and their details (including the ID) with: -

      -
      $ pkcs15-tool --list-keys
-Private RSA Key [Private Key]
-        Com. Flags  : 3
-        Usage       : [0x4], sign
-        Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract, local
-        ModLength   : 1024
-        Key ref     : 16
-        Native      : yes
-        Path        : 3F005015
-        Auth ID     : 01
-        ID          : 45
-

      -So lets store the certificate that we created: -

      -
      $ pkcs15-init --store-certificate cert.pem --auth-id 01 --id 45 --format pem 
-Security officer PIN required.
-Please enter Security officer PIN: 
-

      -Now we are ready to go. If you want to add more certificates (e.g. the root -certificate of the CA that signed your key, or some intermediate certificates -in the chain to the root CA) simply put those into pem files, and add them -to id 46, 47 and so on. You don't need the private key for these obviously. -

      -

      Now what?

      -

      -You probably want to make your token work with other applications than -pkcs15-init and OpenSSL: see Application Support on the main page. -

      -

      -If you want to login to your computer with your smart card or crypto -token, please note that OpenSC 0.10 does not include the pam module -and the openssl engine any more. We suggest you install -libp11, -engine_pkcs11 and one -of pam_p11 (a simple -authentication module) or pam_pkcs11 (a full featured authentication module). -

      -

      Links

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/RainbowIkeyFour.html opensc-0.12.1/doc/nonpersistent/wiki.out/RainbowIkeyFour.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/RainbowIkeyFour.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/RainbowIkeyFour.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,23 +0,0 @@ - - - RainbowIkeyFour – OpenSC -
      -
      - -

      iKey 4000

      -

      -The new SafeSign? iKey 4000 is not supported by opensc. -To add support someone would need the APDU level documentation -and the time and energy to write a new driver. -

      -

      -APDU level documentation is available if you sign an NDA, -please contact Andreas Kroehnert <andreas.kroehnert _at_ de.safenet-inc.com> -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/RainbowIkeyThree.html opensc-0.12.1/doc/nonpersistent/wiki.out/RainbowIkeyThree.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/RainbowIkeyThree.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/RainbowIkeyThree.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,33 +0,0 @@ - - - RainbowIkeyThree – OpenSC -
      -
      - -

      iKey 3000

      -

      - SafeNet offers the iKey 3000 (known as Rainbow iKey before), an USB crypto token with 32k memory and support for RSA keys up to 1024bit key length. -

      -

      -The iKey 3000 is fully supported by OpenSC and is well tested. You need to obtain a USB driver for the token, you can use OpenCT on Linux. -

      -

      -The smart card inside is a starcos card by Giesecke & Devrient. -

      -

      -One minor feature of Starcos is that a PIN can only be unblocked if it is blocked. For this reason the regression test pin0002 fails, but this is a harmless and known issue, so please ignore. -

      -

      -iKey 3000 is bundled with StarSign software by A.E.T. (to be exact the A.E.T. middleware is called SafeSign) which follows the PKCS#15 standard. Thus key -can be initialized with either OpenSC or StarSign and will work with both. -

      -

      -Documentation for the Starcos Smartcard is available upon request from G&D. -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/RecentTestresults.html opensc-0.12.1/doc/nonpersistent/wiki.out/RecentTestresults.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/RecentTestresults.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/RecentTestresults.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,265 +0,0 @@ - - - RecentTestresults – OpenSC -
      -
      - -

      Recent test results for various smart cards

      -

      -Providing test results is a bit difficult, since a test includes -

      -
      • OpenSC (Version) -
      • Smart card (Name, Variant, blank or pre-initialized) -
      • Operating Sytem (Name, Version, Architecture) -
      • Smart card reader (Name, Modell, Firmware version) -
      • Software for the smart card reader driver (Name of the driver, version) -
      • Middleware (PC/SC-Lite? Version? Configuration?) -
      • opensc.conf configuration -

      -And of course the features that were tested. Here is a list: -

      -
      • src/test/regression test suite, run-all script. -
      • pkcs15-init (manual init, keygen, certificate store, cert+key store) -
      • pkcs11-tool (manual, "pkcs11-tool --test --login") -
      • openssl command line tool with opensc engine -
      • openssl command line tool with pkcs11 engine -
      • firefox with pkcs11 module (https authentication with a client certificate and key) -
      • thunderbird with pkcs11 module (email signing and decryption) -
      • mozilla with the same tests as firefox and thunderbird -
      • netscape with the same tests as firefox and thunderbird -
      • key generation and certificate store via some web site (e.g. thawte community) -
      • openssh with smart card authentication (or putty on windows) -
      • openssh agent with smart card authentication (or pageant on windows) -
      • login with pam module (with local .eid/authorized_certificates) -
      • login with pam module (with the certificate in an ldap server) -
      • free/open/stronswan vpn with x.509 certificate authentication using a smart card -
      • accessing a wireless lan protected with wpa, 802.1x, eap-tls using the wpa_supplicant, with a smart card -
      • testing the Identity Alliance CSP on windows with the opensc-pkcs11.dll: using internet explorer for client certificate authentication at some website. -
      • testing the Identity Alliance CSP on windows with the opensc-pkcs11.dll: using outlook to sign and decrypt emails. -
      • testing CSP #11 on windows with the opensc-pkcs11.dll: using internet explorer for client certificate authentication at some website -
      • testing CSP #11 on windows with the opensc-pkcs11.dll: using outlook to sign an decrypt emails. -

      -We can't test all combinations of OpenSC, card, Reader, driver software with all features. -

      -

      -So the basic regression tests (or pkcs11-tool for pre-initialized cards) is done with as many cards -as possible on at least one plattform. Once we know the cards work with OpenSC on this plattform, the next test is -to test as many features as possible on many plattforms, but it is ok to test only with a few or only once card. -

      -

      -Which cards passed the src/test/regression/run-all test suite? -

      -
      - --------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      Card NameOpenSCDateReaderReader driverResultTester
      Aladdin eToken PRO0.9.52005-01-13Aladdin eToken PROOpenCT 0.6.3All ok.Andreas Jellinghaus
      Cryptoflex 32k0.9.52005-01-13eGate TokenOpenCT 0.6.3All ok.Andreas Jellinghaus
      Rainbow iKey 30000.9.52005-01-13Rainbow iKey 3000OpenCT 0.6.3All ok.Andreas Jellinghaus
      -
      -

      -Note that Rainbow iKey 3000 has a Starcos SPK 2.3 operating system, and thus the pin0002 test will -fail, but this is ok as the Starcos SPK 2.3 implementation of the ISO 7816 RESET RETRY COUNTER command -is not ISO compliant. -

      -

      -Which cards passed the "pkcs11-tool --test --login" test? (Only for pre-initialized cards) -

      -
      - --------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      Card NameOpenSCDateReaderReader driverResultTester
      Signtrust TCOS0.9.52005-03-04Towitoko SerialOpenCT 0.6.3???Andreas Jellinghaus
      Signtrust TCOS0.10.02005-11-01Kobil KaanPCSC-lite 1.2.0OK 1)Peter Koch
      TeleSec TCOS0.10.02005-11-01Kobil KaanPCSC-lite 1.2.0OK 1)Peter Koch
      -
      -

      -1) TCOS supports raw RSA padding and therefor pkcs11-tool tries raw RSA padding with ALL keys. -But TCOS supports RSA padding for decryption keys ONLY, so pkcs11-tool fails when it tests -raw RSA padding with the signature key. This is a minor problem as regular application will -NOT do signature operations with raw RSA padding but use PKCS1 padding instead. The latter -works fine with both signature and decryption keys. -

      -

      -Which operating system works fine with OpenSC? Add one line for every feature that works or not. -

      -
      - --------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      Operating SystemVersionArchitectureOpenSCFeatureResultTester
      Windows XPPRO SP2i3860.9.5+winfixespkcs15-initAll ok.Andreas Jellinghaus
      Windows XPPRO SP2i3860.9.5+winfixespkcs11-toolAll ok.Andreas Jellinghaus
      Windows XPPRO SP2i3860.9.5+winfixesputtyAll ok.Andreas Jellinghaus
      Windows XPPRO SP2i3860.9.5+winfixesfirefoxCrashes.Andreas Jellinghaus
      Debian GNU/LinuxSargei3860.9.5pkcs15-initAll ok.Andreas Jellinghaus
      Debian GNU/LinuxSargei3860.9.5pkcs15-initAll ok.Andreas Jellinghaus
      Debian GNU/LinuxSargei3860.9.5pkcs15-initAll ok.Andreas Jellinghaus
      Debian GNU/LinuxSargei3860.9.5pkcs15-initAll ok.Andreas Jellinghaus
      -
      -

      -After you have tested some hardware, please let us know by adding a line. -If something does not work as expected, please also open a new ticket -with a detailed bug report. -

      -

      -Note: adding your name as tester is optional. I think it might be nice so one can ask more details if necessary. -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/ReleaseHowto.html opensc-0.12.1/doc/nonpersistent/wiki.out/ReleaseHowto.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/ReleaseHowto.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/ReleaseHowto.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,43 +0,0 @@ - - - ReleaseHowto – OpenSC -
      -
      - -

      OpenSC Release Howto

      -

      -Announcement -

      -
      • Write announcement. Write short version (600 bytes) for freshmeat. -
      • find someone to proofread announcement -

      -The OpenSC version must be updated in these files: -

      -
      • configure.in -
      • win32/version.rc -
      • src/include/winconfig.h -
      • docs/doxygen.conf -

      -The News file needs to be edited: put in Name and Date. -

      -

      -The library version must be updated in these files: -

      -
      • configure.in -
      • src/pkcs11/pkcs11-global.c -

      -Announce: -

      -
      • change LATEST file in svn/web/trunk -
      • add file to svn/web/trunk/news/ -
      • via mail to opensc-announce,users,devel -
      • update freshmeat entry -
      • (root@opensc): trac-admin /home/trac/opensc version add 0.X.Y -
      • (root@opensc): edit /home/trac/opensc/conf/trac.ini change default_version -
      - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/ReleaseTodo.html opensc-0.12.1/doc/nonpersistent/wiki.out/ReleaseTodo.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/ReleaseTodo.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/ReleaseTodo.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,33 +0,0 @@ - - - ReleaseTodo – OpenSC -
      -
      - -

      To do before the next release

      -

      -Also check roadmap -

      -
      • configure code cleanup, move to pkg-config where possible -
      • require openssl? -
      • replace openssl libcrypto.a code with a config option? -
      • improve documentation (wiki) -
      • add all documentation from old/ directory? -
      • replace old man pages with new ones from doc/src xml documentation? -
      • make number of openct readers configurearble? -
      • document: pam module is gone. add howto for upgrading / replacement. -
      • add new regression test: openssl engine loader -
      • add new regression test: pkcs11 initialisation -
      • add new regression test: pkcs11 key generation -
      • fix sslengines/ and libp11/ code seperation (sslengine should only use PKCS11_ functions) -
      • prepare libp11 for a standalone release -
      • increase version numbers etc. -
      • test-a-lot -
      • port-a-lot (windows, mac os X, *bsd, ...) -
      - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/ReplacingCertificates.html opensc-0.12.1/doc/nonpersistent/wiki.out/ReplacingCertificates.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/ReplacingCertificates.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/ReplacingCertificates.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,82 +0,0 @@ - - - ReplacingCertificates – OpenSC -
      -
      - -

      Replacing a certificate on a card

      -

      -Unfortunatly not all cards allow to replace a certificate with a new one. -Here is a small HOWTO for Aladdin eToken PRO (should work with any cardos card). -

      -

      -1. Create a new certificate. If it's a self signed certificate, don't forget to add the -days attribute, else you'll have to do this process very often. -

      -

      -2. If you have the certificate PEM encoded (this is very likely if you use the default settings of openssl) then convert it to DER encoded: -

      -
      $ openssl x509 -in mycert.pem -outform DER -out mycert.der
-

      -3. Now get the path of the certificate: -

      -
       $ pkcs15-tool -c
-X.509 Certificate [Certificate]
-        Flags    : 2
-        Authority: no
-        Path     : 3F0050154301
-        ID       : 45
-
-

      -The path here is: 3F0050154301 -

      -

      -4. open up opensc-explorer -

      -
      OpenSC > cd 5015
-

      -5. present the valid key for the certificate file, usually the normal pin. You can get info about wich pin to use by executing: -

      -
      OpenSC > info [EF]
-

      -where [EF] is the name of the cert EF (in the above example 4301) -

      -

      -You'll need the key in hexadecimal format, an example how to convert it: -

      -
       $ export HISTFILE=
- $ php -r 'echo bin2hex("pssword")."\n";'
-707373776f7264
-

      -You'll have to add the colons manually. If your password is shorter than 8 characters, fill it up with 00-s. So with the above example you enter at the opensc-explorer: -

      -
      OpenSC > verify CHV3 70:73:73:77:6f:72:64:00
-

      -Code correct. -

      -

      -6. Now you can load the data from the DER encoded file into the EF on the card: -

      -
      OpenSC > put 4301 mycert.der
-

      -If you get no errors, then you're done. -

      -

      -Remarks: -

      -
      • This isn't the preferred way for everyday users to replace the certificates. Maybe this isn't even for the user's mailing list, but I couldn't find any description how to solve this dangerous yet very urging problem. -
      • This may not work on some cards. -
      • Since the key isn't changed, after replacing the old certificate you -

      -_won't_ need to replace your .eid/authorized_certificates, or .ssh/authorized_keys files. -

      -
      • I had to delete the contents of the .eid/cache/ directory for Mozilla to see the new certificate correctly. -

      -Thanks to Attila Nagy for this information. -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/ResourcesLinks.html opensc-0.12.1/doc/nonpersistent/wiki.out/ResourcesLinks.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/ResourcesLinks.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/ResourcesLinks.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,60 +0,0 @@ - - - ResourcesLinks – OpenSC -
      -
      - -

      Resources, Links

      -

      Standard Documents

      -

      -Smart cards are defined in ISO 7816 standards. You need to buy those from ISO, -but  some pages -have overviews on what is in those standards. -

      -

      - PC/SC Workgroup -defines the PC/SC standard that is used on windows, but -thanks to PC/SC-Lite software also on Linux, Mac OS X and BSD. -You can  download -all parts of the specification. -

      -

      -The Multifunctional Card Terminal specification suite includes CT-API and -it's co-specification CT-BCS. The whole suite is available for download -in  english -and  german. -

      -

      -Public Key Cryptography was partialy defined by the RSA Labs in the PKCS series. -Important standards are: -

      -
      •  PKCS #15: Cryptographic Token Information Format Standard -
      •  PKCS #11: Cryptographic Token Interface Standard -
      •  PKCS #7: Cryptographic Message Syntax Standard -

      -Personal Identification Cards it an upcoming standard in the USA. NIST has a - document with details. -

      -

      Software

      -

      -OpenCT implements drivers for -several smart card readers. OpenSC can use OpenCT directly without the -need for an additional middleware, and this combination is preferred by -some authors and tested all the time, works perfectly. -

      -

      -The  M.U.S.C.L.E. project offers -the open source software  PC/SC-Lite and links to many drivers -in ifdhandler format, and also to some applications. -

      -

      -Some drivers in CT-API format are available for download at - Gregor's CT-API-Page. -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/RoadMap.html opensc-0.12.1/doc/nonpersistent/wiki.out/RoadMap.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/RoadMap.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/RoadMap.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,31 +0,0 @@ - - - RoadMap – OpenSC -
      -
      - -

      Roadmap for OpenSC

      -

      -This page should be a place for discussions about future developments of OpenSC in free form untill something clear comes out so that a reference to the Roadmap module and an exact ticket can be made. Issues not directly concerning OpenSC go here too. Feel free to add comments (also state your name in parentheses after your comment!) and ideas for others to digest. This way the targets can be analysed, grouped etc. DesignDiscussion complements this page. -

      -
      -

      -Some assumptions/facts by martin: -

      -
      • There are two main card oriented interests in OpenSC -
        1. Pure pkcs15 -
        2. Everything else - mostly read-only, (pkcs15 emulation) NationalIdCards? -
      • Whataver the case - most used component is pkcs11 module -
      • Though there are several different SmartCards? popping into the wallets of people lately - the biggest userbase will be (is?) NationalIdCards? owners -

      -Based on those assumptions, I'd suggest to focus the efforts on these aspects: -

      -
      • Improve, test (upgrade to pkcs11 v2.20?) the pkcs11 implementation. Who wins: most users. For 'normal people' and majority of applications this is the only useful interface to the library. -
      • Improve security - secure pin operations, UserConsent? style issues (CKA_ALWAYS_AUTHENTICATE flag in pkcs11 v2.20) etc. Who wins: everybody, especially DigitalSignature? functionality users of various NationalIdCards?. After we have pretty solid support for different cards and different usages, it is about time to focus on security - one reason smartcards exist in the first place. -
      - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/SchlumbergerEgate.html opensc-0.12.1/doc/nonpersistent/wiki.out/SchlumbergerEgate.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/SchlumbergerEgate.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/SchlumbergerEgate.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,21 +0,0 @@ - - - SchlumbergerEgate – OpenSC -
      -
      - -

      Schlumberger / Axalto / Gemalto e-gate

      -

      - Schlumberger/Axalto offers the e-gate adapter, an USB adapter for Schlumberger / Axalto -wiki:Cryptoflex and wiki:Cyberflex cards. See the wiki page of e-gate for USB driver information and card pages for card related information. -

      -

      -As of 2009 the e-gate adapter and both Cryptofles and Cyberflex are discontinued products. -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/Seccos.html opensc-0.12.1/doc/nonpersistent/wiki.out/Seccos.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/Seccos.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/Seccos.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,19 +0,0 @@ - - - Seccos – OpenSC -
      -
      - -

      -Seccos is not supported by OpenSC at the moment. Seccos cards are recognized as "Unidentified card". -

      -

      -SECCOS is a product of Giesecke & Devrient, a company whose core business is printing paper money. Opening up specifications is not something they believe in. About the only public information about the OS is that the name stands for 'Secure Chip Card Operating System'. -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/SecureSetup.html opensc-0.12.1/doc/nonpersistent/wiki.out/SecureSetup.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/SecureSetup.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/SecureSetup.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,67 +0,0 @@ - - - SecureSetup – OpenSC -
      -
      - -

      OpenSC Security Configuration

      -

      Command line arguments

      -

      -The OpenSC tools allow you to specify PINs and keys on the command line. This is only suitable for testing or when you are the only user of the machine. If there are multiple users, other users usually are able to run things like 'ps' or 'top', and probably are able to see the arguments given to some process, too. Also, the arguments probably get logged to some shell history file like ~/.bash_history. -

      -

      -The solution is to use a script or, in the case of the pkcs15-init tool to put PINS and keys into a file and used through the --options-file options. -

      -

      Access to the card

      -

      -Some other problems if multiple users have access to the reader(s): -

      -

      -If the user forgets a card to the reader while the session isn't locked, a malicious other user could run PIN verify commands to the card and probably lock the PIN, or even lock the card for good. If a user is logged in to the card but the session isn't locked, a malicious user could use the previleged functionality (e.g. doing a signature, writing data to the card). -

      -

      -A solution is to add the user to a specific "scard" group after they've logged in through xdm. pcsc-lite's pcscd runs as pseudouser/group scard/scard, and limit the access to the server socket (pcscd.comm) as 770 scard:scard. This way, other possible users that may have logged in through ssh won't have any access to the local card readers. Not a perfect solution, but works for single-reader workstations well enough. -

      -

      -In case your application uses the pkcs11 library, that application will have, exclusive access access to the card once you provided a PIN. This is the default setting. If you would like multiple apps to use the pkcs11 library, you can set 'lock_login = false;' in the opensc.conf file, but this leaves your card open to other user's applications as well. -

      -

      -Other tools/libs (signer, openssh, pam) don't provide unique access once you are logged in. -

      -

      Protection of cards made with the pkcs15-init tool

      -

      -Most cards have a default transport key that is used to create a pkcs15 directory on the card. Within the pkcs15 directory, files and keys are protected by PINs so the transport key has no power there. -

      -

      -This means that your keys and sensitive data are safe against others (who know the default transport key), in the sense that they can't be read or used. -

      -

      -However, depending on the smartcard os and the card profile anyone who knows the transport key and has access to your card can delete the pkcs15 directory with all it's keys, certs, data, ... -

      -

      -On itself, that may be a good thing if you lost your card, but there's another problem: If your card contains trusted certificates, and an adversary steals your card, puts another pkcs15 dir with other certs on the card and puts it back without you knowing, you may not find out until you put trust in those untrusted certs. Bottomline: be very carefull when using the card as a tamper-resistant storage -- make them PIN-protected for example. (Note: this if often not the case: the trusted certificates are stored usually stored in the application using them.) -

      -

      Storing config, profile and pkcs15 cache files

      -

      -While the opensc.conf and xxx.profile files don't contain any sensitive information, it is very important that they are not tampered with. -

      -

      -Some examples of what an adversary with write access to those files or an absent-minded administrator could do: -

      -
      • Set the debug level to 6, which means all sensitive info (like PINs) is logged -
      • Change the access conditions in the profiles, so that a card that is initialised with pkcs15-init will be wide open for anyone to read/write/sign -
      • Change trusted certs in the pkcs15 cache -

      -By default, the config and profile files can only be written by root/Adminstrator and the cache files are in the user home dir, so this is OK. Note however, that if there are profile files in the current dir, it will be those files that are used instead of the ones that were installed in a system dir! -

      -

      Root access

      -

      -From the above, it follows that you can't protect your card, nor use your card to protect something against someone with root access or who can change the config/profile files, binaries or sniff/modify the communication with the card. -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/SecureShell.html opensc-0.12.1/doc/nonpersistent/wiki.out/SecureShell.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/SecureShell.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/SecureShell.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,129 +0,0 @@ - - - SecureShell – OpenSC -
      -
      - -

      SSH Secure Shell

      -

      -On Windows you can use putty to establish secure shell connections with smart card authentication. -The normal putty doesn't have smart card support, but if you install the  PuTTY SC, -it contains PKCS#11 support for Putty. -

      -

      -On Linux and Mac OS X you can use OpenSSH. OpenSSH does support smart card authentication, you have -two alternatives: -

      -
      • Mainline - only if the support for OpenSC is enabled during compile time. Most distributions however ship a binary package that does not include OpenSC support. You can simply download the source code or source rpm package, and recompile it using "configure --with-opensc=/usr". -
      • PKCS#11 - external patch available from  here, this works with most smartcards, even ones that are not supported directly by OpenSC project. -

      -Note that OpenSSH has a small issue: the "ssh" command does not ask for the smart card pin. -This is known to the OpenSSH developers as  bug 608. -OpenSC includes a patch to fix OpenSSH in src/openssh/ask-for-pin.diff, we suggest to patch -openssh source code with this file before compiling OpenSSH. -

      -

      -You can test if your openssh supports smart cards: -

      -
      $ ssh -I 0 user@server.example.org
-no support for smartcards.
-

      -If your openssh is compiled with smart card support, it will instead use the smart card in reader 0. -Users of the ssh-agent can use "ssh-add -s 0" to send the pin to your agent, so you don't need to enter -it for every connection. -

      -

      PuttyCard

      -

      -PuTTYcard is a second, independent implementation to add smart card support to putty. -Read more about it here, and download the files from -opensc-project.org contrib directory. -

      -

      old content

      -

      OpenSSH and OpenSC

      -

      -OpenSSH contains support for opensc, if it was compiled with "--with-opensc". -Unfortunately the openssh version included in most distributions is not compiled -this way. You can recompile openssh yourself. Ready-to-use binary packages are -available here: -

      - -
      Distribution Download URL -
      Name ADD URL -
      Gentoo The USE-flag "smartcard" makes the openssh ebuild depend on opensc and apply appropriate patches. Add the USE-flag system-wide to /etc/make.conf or just for OpenSSH in /etc/portage/package.use and re-emerge openssh. USE=smartcard emerge openssh will still work but is discouraged by Gentoo. -
      -

      -If you compile OpenSSH yourself: Please apply the patch in opensc-0.9.6/src/openssh/ask-for-pin.diff. -This patch fixes a small issue: openssh "ssh" command will not ask for a pin and thus not work well -with smart cards. Ssh-add will ask for a pin, and thus ssh plus ssh-agent will work well. This patch -adds code so that ssh will ask for the smartcard pin, too. This patch was not accepted upstream so -far, the openssh development team has a concept for a rewrite towards a cleaner solution, but this -is still pending. So for now the patch is our best option. -Seel also:  OpenSSH bug 608 -

      -

      Using OpenSSH with a smartcard

      -
      ssh -I 0 root@somehost
-

      -will use the smart card in reader 0 and private authentication keys on the card to authenticate as root on host somehost. -This will of course only work if root@somehost has a ".ssh/authorized_keys" file and the public key -related to this private key is in that file. -

      -
      ssh-keygen -D 0 
-

      -will download the public key from your smart card and print it in ssh1 and ssh2 format. You only need -one of those two lines. Put it into ".ssh/authorized_keys" on the target host and account like you do -with a normal .ssh/id_rsa.pub file. You can add a space char and a comment at the end of the line, -I usually add something like " aj@smartcard" so I know this is the key from my smartcard. -

      -

      -Starting with the next OpenSC release you can also use pkcs15-tool to display a public key in openssh -format. To do this type -

      -
      pkcs15-tool --read-ssh-key [--reader 0] [--id 45]
-

      -the default reader is 0 and the default id is 45, so typically you don't need those options. -(This might be useful for windows, since putty/pageant currently has no equivalent of "ssh-keygen -D 0".) -

      -

      -The OpenSSH public key format is defined at - http://www.ietf.org/internet-drafts/draft-ietf-secsh-publickeyfile-09.txt -

      -

      -TODO: it would be propably nicer to have one --read-public-key parameter, and a second optional parameter ---format with possible values der, pem, ssh1, ssh2. A patch to implement this would be very welcome. -

      -

      Using an agent

      -

      -Most convinient way to do frequent authentications it to use the ssh-agent store your key. To do this you have to make sure ssh-agent is running, and it is accessible from your environment. Using XWindows the best way to start the agent is to edit the /etc/X11/Xsession.options file, and add this line: -

      -
      use-ssh-agent
-

      -This will automatically start the agent when you log in, and it will shut it down upon logout. -

      -

      -To see if the agent is accessible just type: -

      -
      $ ssh-add -l
-The agent has no identities.
-

      -If the agent is not accessible you'll get an error message. This command is also usefull to list the certificates you've already added to the agent. -

      -

      -To add your certificate to the agent you should type -

      -
      $ ssh-add -s 0
-

      -where 0 is the number of your certificate. The agent will ask for your pin, then it will store it decrypted for later use. Now you can simply ssh to the given hosts, without the need to type the pin again. -

      -

      -If you're accessing multiple hosts through ssh you can turn agent-forwarding on. -

      -

      -Using ssh-agent on a unix system has some security issues. Please make yourself clear with them before using these features. -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/SetCos.html opensc-0.12.1/doc/nonpersistent/wiki.out/SetCos.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/SetCos.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/SetCos.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,24 +0,0 @@ - - - SetCos – OpenSC -
      -
      - -

      Setcos driver

      -

      -The Setcos card driver supports: -

      -
      • FinnishEid cards -
      • Setcos 4.4.1 cards -
      • Setcos cards with Nokia brand on them -
      • RSA SecurID 3100 cards -

      -For the Setcos 4.4.1 cards, a pkcs15-init driver has been written so you can use OpenSC to personalise the cards yourself. -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/Sign.html opensc-0.12.1/doc/nonpersistent/wiki.out/Sign.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/Sign.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/Sign.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,40 +0,0 @@ - - - Sign – OpenSC -
      -
      - -

      Digital Signatures

      -

      -OpenSC has a basic command line tool that can sign data: pkcs15-crypt -(see man page, doc/tools/index.html or online manpage). -

      -

      -But most users would prefer a nice graphical tool to display the content they are bout to sign -and show the details of the smart card they are using. -

      -

      Open Signature

      -

      - OpenSignature is a graphical user interface for Windows, Linux and Mac OS X for signing documents. Binaries are available from the web page. The software is released as Open Source software under the GNU General Public License, full source code is available. -

      -

      -OpenSignature has a focus on Italian eID cards. -

      -

      Cryptonit

      -

      - Cryptonit is a multi plattform application for signing, and encryptiong files and decrypting them. It can use smart cards via PKCS#11 modules. Binaries and soruce code are available from the  sourceforge project. The software is released as Open Source software under the GNU General Public License, full source code is available. -

      -

      -FIXME: not tested -

      -

      Sinadura

      -

      - Sinadura is a multi platform (GNU Linux, MacOSX, Windows) application for digitally signing PDF documents. It supports batch signing, smart cards via PKCS#11 modules, software certificates via PKCS12, PDF417. Multilingual. The software is released as Open Source software under the GNU General Public License, full source is available. -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/SmartCardApplications.html opensc-0.12.1/doc/nonpersistent/wiki.out/SmartCardApplications.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/SmartCardApplications.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/SmartCardApplications.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,19 +0,0 @@ - - - SmartCardApplications – OpenSC -
      -
      - -

      Smart Card Applications

      -

      -OpenSC comes with a bunch of utilities to test, debug and initialize smartcards. In addition to these smart card targeted utilities other applications can be made 'smartcard aware' using: -

      -
      • OpenSC PKCS#11 module opensc-pkcs11 (or pkcs11-spy if one has to debug PKCS#11 issues). This is the preferred interface. -
      • OpenSSL engine - engine_pkcs11 (together with a/the PKCS#11 module) and engine_opensc (deprecated). This can be used in scripts via the openssl utility or existing OpenSSL based applications can be extended to support dynamic openssl engines. -
      - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/SpanishEid.html opensc-0.12.1/doc/nonpersistent/wiki.out/SpanishEid.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/SpanishEid.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/SpanishEid.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,24 +0,0 @@ - - - SpanishEid – OpenSC -
      -
      - -

      Spanish Ceres

      -

      -The spanish ceres cards are using OpenSC for their official software. -

      -

      -To use ceres cards however you need to use the official software, which consists of OpenSC and an additional binary only module. -OpenSC is licensed under LGPL license and allowes to do this. -

      -

      -More details are available at  http://opensc-ceres.software-libre.org/. -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/SslChoice.html opensc-0.12.1/doc/nonpersistent/wiki.out/SslChoice.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/SslChoice.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/SslChoice.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,54 +0,0 @@ - - - SslChoice – OpenSC -
      -
      - -

      SSL Choices

      -

      -If you want to write an SSL enabled application and use smart cards for client authentication, -you need a library that offers this. Here we list SSL libraries we know and whether they work -with OpenSC. -

      -

      -We aim to provide example code, but so far there is none. -

      -

      Windows

      -

      -If you plan a windows only application and want to develop with Visual C/C++/C#/.Net you can use those. As far as we know you don't need to do anything special to enable using smart card in your application, as the Crypto API and a CSP module will take care of everything. -

      -

      Mac OS X

      -

      -In theory the same situation (use Mac OS X developer tools, use the Apple CDSA/CSP API). -

      -

      -In practice there is no bridge between OpenSC and the Apple CDSA/CSP API, so currently you won't be able to use OpenSC. But work is in progress, see http://www.opensc-project.org/sca/wiki/OpenscTokend. -

      -

      Linux

      -

      -There are many different crypto libraries such as OpenSSL, GnuTLS, LibNSS, cryptlib, QCA and others. We will try to discuss each. -

      -

      - OpenSSL has an easy way to integrate smart card support. Our sister project -libp11 has code to make using OpenSC PKCS#11 module with OpenSSL quite easy and should include example code for using SSL with client certificate authentication using a smart card soo. Also the engine_pkcs11 project has a so called engine so you can change any code using OpenSSL to move the crypto operation from your CPU to your smart card with only a few small changes. Wpa_supplicant is an example of an application using OpenSSL and this engine for smart card support. -

      -

      - GnuTLS unfortunatly lacks any ability to redirect crypto -operations to a module. Thus we don't know of any way to enable smart card support in a GnuTLS based application. -

      -

      - NSS is the netscape security layer used in applications like Mozilla, Firefox and Thunderbird. It includes support for using PKCS#11 modules like the OpenSC PKCS#11 module, but we don't have example code how to do that right now. -

      -

      - cryptlib is a library by Peter Gutmann and seems to implement every crypto standard we ever heard of, including smart card support using PKCS#11 modules. However we are not sure what the license of this library is, and we have no experience in using it or writing applications that use smart cards with it. -

      -

      - QCA is the Qt Cryptographic Architecture is an addon for Qt that adds crypto operations. QCA has been moved to the kdesupport part of the kde source code and will be part of the next KDE release. As far as we know some recent versions of QCA include the ability to use PKCS#11 modules such as OpenSC, but we don't know the details yet. Feedback is very welcome. -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/Starcos.html opensc-0.12.1/doc/nonpersistent/wiki.out/Starcos.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/Starcos.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/Starcos.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,45 +0,0 @@ - - - Starcos – OpenSC -
      -
      - -

      StarCOS cards

      -

      Version 2.3

      -

      -Version 2.3 is supported by OpenSC.to be precise: iKey 3000 which contains Starcos). -The StarKey 100 (USB) token from G&D doesn't seem to work. It features Starcos SPK 2.3, but adding -usb:096e/0005 to the ikey3k driver ids in openct.conf still won't access the card. -

      -

      -Currently only Starcos SPK 2.3 is tested. If you have a newer version, please report back. -

      -

      Version 3.0

      -

      -Version 3.0 is not supported by the OpenSC Starcos driver yet. -

      -

      Version 3.1

      -

      -There also seems to be Version 3.1 which only does ECC signatures instead of RSA. This is not yet supported by OpenSC as well. -

      -

      -G&D is a very nice company, their APDU manuals are public available, all you need to do -is send an email asking for them, and they send you the latest version. This is great! -Thanks G&D! -

      -

      Erasing cards

      -

      -Only test cards with StarCOS are erasable. If the last byte of the return -value of "opensc-tool -s 80:f6:00:01" is 0x00 the card is afaik not -erasable, if it's 0xc0 it should be erasble. -

      -

      -Eutron CryptoIdendity? ITSEC-P tokens contain normal cards and thus are not eraseable. -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/StarKey.html opensc-0.12.1/doc/nonpersistent/wiki.out/StarKey.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/StarKey.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/StarKey.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,37 +0,0 @@ - - - StarKey – OpenSC -
      -
      - -

      -StarSign® USB Token -

      -

      -The user-friendly combination of chip card and card reader -

      -

      -StarSign USB Token belongs to a new generation of manipulation-proof IT security products, designed for costeffective use in PKI systems. It combines the security features of a chip card with the advantages of USB devices. StarSign USB Token contributes to the improved efficiency of IT applications, reduces costs, and offers optimum flexibility. The token is small, light, and so conveniently sized that it fits on a key chain. It requires no additional reader since it connects directly to the PC via USB interface. In many environments, such as Wireless LAN, it can be used for authentication as an alternative or supplement to the conventional combination of chip card and reader. -

      -

      -An intelligent solution that ensures high-level security -

      -

      -Two-factor authentication ensures that the user can only access the system with the combination of StarSign USB Token and PIN. Unless both match, the user is not authorized to access the corresponding applications and data. StarSign USB Token offers recognized and certified security. Sensitive information is securely saved on the token. All actions, e.g. encryption or digital signatures, are executed on the token itself. This ensures that private keys cannot be read or copied from the token. Compared to software-based solutions, this provides a considerably higher level of security. -

      -

      -Flash memory for saving further data -

      -

      -On request the StarSign USB Token is available with additional flash memory. It does not only securely store the user’s data such as personal profiles and X.509 digital certificates, but also offers the user a memory capacity of up to 1 GB. This can be used for saving further data and applications. -

      -

      -See more on:  http://www.gi-de.com/portal/page?_pageid=42,104630&_dad=portal&_schema=PORTAL -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/StarSign.html opensc-0.12.1/doc/nonpersistent/wiki.out/StarSign.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/StarSign.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/StarSign.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,22 +0,0 @@ - - - StarSign – OpenSC -
      -
      - -

      -StarSign Token -

      -

      -StarSign Token is a product familiy of  Giesecke & Devrient containing smartcards, USB tokens with smartcard technology and software. -StarSign has it's own PKCS11/CSP middleware, which is called SafeSign. -The cards and tokens which are working with the middleware can have various operating systems such as STARCOS SPK2.3, SPK2.4, SPK2.5, STARCOS 3 and JavaCard based systems called SmartCafe Expert. -For more information see the  StarSign Token homepage. -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/SubversionRepository.html opensc-0.12.1/doc/nonpersistent/wiki.out/SubversionRepository.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/SubversionRepository.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/SubversionRepository.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,69 +0,0 @@ - - - SubversionRepository – OpenSC -
      -
      - -

      Subversion Repository

      -

      -OpenSC is using subversion as version control system. You can find out more about subversion at -

      -

      -In our subversion repository we have -

      -
      • trunk/ contains the current development code -
      • branches/opensc-0.10 contains the 0.10 maintenance branch -
      • releases/opensc-0.10.0 contains the opensc 0.10.0 release code. -

      -You can checkout these with the subversion commands -

      -
      svn co http://www.opensc-project.org/svn/opensc/trunk/
-svn co http://www.opensc-project.org/svn/opensc/branches/opensc-0.10/
-svn co http://www.opensc-project.org/svn/opensc/releases/opensc-0.10.0/
-

      -Note that the subversion repository only contains development files. -Before compiling the code you need to run the "./bootstrap" script -to create many files like "configure" and "Makefile.in". You need to have -autoconf, automake and libtool installed on your system to do that (see AutoVersions?) -

      -

      -Some people have reported problems with some http proxies. If you find some problem, -you can maybe solve it by using https instead. Try to checkout the repository -like this: -

      -
      svn co --non-interactive https://www.opensc-project.org/svn/opensc/trunk/
-svn co --non-interactive https://www.opensc-project.org/svn/opensc/branches/opensc-0.10/
-svn co --non-interactive https://www.opensc-project.org/svn/opensc/releases/opensc-0.10.0/
-

      Write access for developers

      -

      -Developers with write access usualy access the repository via https with authentication -using ssl client certificates. You might want to put something like this into your -~/.subversion/servers file to point subversion to your client certificate: -

      -
      [groups]
-opensc = www.opensc-project.org
-
-[opensc]
-ssl-client-cert-file=/home/aj/.subversion/aj.p12  
-

      -You can access the repositories: -

      -
      svn co https://www.opensc-project.org/svn/opensc/trunk/
-svn co https://www.opensc-project.org/svn/opensc/branches/opensc-0.10/
-svn co https://www.opensc-project.org/svn/opensc/releases/opensc-0.10.0/
-

      Creating distribution packages

      -

      -To package OpenSC as tar.gz file you only need to type "make dist". However building -documentation etc. has been moved to scripts only called when you do this, so you might -need to install these tools to create a fully functional release: -

      -
      wget, xsltproc, docbook-xsl, w3c-dtd-xhtml, doxygen
-
      - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/SwedishEid.html opensc-0.12.1/doc/nonpersistent/wiki.out/SwedishEid.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/SwedishEid.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/SwedishEid.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,33 +0,0 @@ - - - SwedishEid – OpenSC -
      -
      - -

      Swedish ePosten card

      -

      -The swedish eposten card is supported by OpenSC. -

      -

      -It can only be used, not altered. -

      -

      -FIXME:Pin changes? -

      -

      -FIXME:Did anyone test recently? -

      -

      -FIXME:Documentation etc? -

      -

      Links

      -

      - http://digitalid.postnet.se/ used to have informtion on it, currently unreachable. -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/TaiwanEid.html opensc-0.12.1/doc/nonpersistent/wiki.out/TaiwanEid.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/TaiwanEid.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/TaiwanEid.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,25 +0,0 @@ - - - TaiwanEid – OpenSC -
      -
      - -

      Taiwan

      -

      - Giesecke & Devrient tells us Taiwan is using StarSign based tokens for a nation-wide PKI project. As StarSign is afaik a PKCS15 compliant -profile it should be supported in OpenSC. However due to a bug in an older version of the StarSign software -used for at least for some tokens the profile on these tokens are not PKCS15 compliant and hence these -smartcards are currently not supported in OpenSC. -

      -

      -To implement a workaround for these tokens shouldn't be too difficult, however due to a lack of test tokens -it hasn't been implemented yet. If you have one of these tokens and are interested in OpenSC support for it -please send a mail to opensc-devel@…. The related ticket is #30 -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/TCOS.html opensc-0.12.1/doc/nonpersistent/wiki.out/TCOS.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/TCOS.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/TCOS.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,242 +0,0 @@ - - - TCOS – OpenSC -
      -
      - -

      TCOS based preformatted cards

      -

      -Images of TCOS cards -

      -

      -TeleSec (part of T-Systems), Deutsche Post and DATEV are german companies that sold TCOS 2 based preformatted cards until 2007, i.e NetKey E4 cards, SignTrust 1024bit cards and DATEV-cards. All these cards have a TCOS 2.03 operating system and an almost PKCS#15 compatible file-layout. OpenSC has read-only support for these kind of cards. -

      -

      -If OpenSC would fully support TCOS, one could erase the preformatted card and initialize the card with a PKCS#15 filesystem. This is not possible right now as OpenSC lacks support for initializing a PKCS#15 layout on an empty card with TCOS operation system. -

      -

      -The good news are: With the help of an emulation layer OpenSC can use cards that are almost PKCS#15 compatible. For the above mentioned cards such an emulation layer exists. The emulation cannot store certificates, keys or pins on the card, but you can use whatever is visible through the emulation layer. -

      -

      -Since late 2006 TCOS 3.0 cards are available from TeleSec and a test card plus excellent doku reached me in december 2006. Besides 2048 bit keys TCOS 3.0 has some other new features. In december 2007 the TCOS 2.0 driver was extended such that it supports TCOS 3.0 cards as well. OpenSC 0.11.5 was the first version that had TCOS3 support. -

      -

      -The 2048 bit NetKey E4 V3 cards are TCOS 3.0 based. The signature key of this new card can be used only with secure messaging. Since OpenSC does not have support for secure messaging the signature key will not be supported soon. -

      -

      -All other trust center that were using TCOS2 cards until the end of 2007 do not offer TCOS based cards anymore. SignTrust now uses a StartCos 3.0 based card and Datev is out of business. -

      -

      NetKey E4 filesystem layout

      -

      -NetKey E4 cards contain different applications. Two of them, namely application NKS and application SIGG, are made visible through the NetKey emulation layer. The NKS application contains 3 keypairs (4 on TCOS3-cards), 3 read only certificates, 6 empty certificate files, 2 PINs and one signature-counter. The SigG application contains one keypair that can be used according to german signature law, 1 certificate and 1 PIN. The NetKey emulation layer will show you all these keys and certificates. With TCOS2-cards you can use all of them, with TCOS3-cards you can only use the keys within the NKS application. To use the signature key on TCOS3-cards a secure channel MUST be created and this is something OpenSC does not support yet. I'm working on a workaround, which will temporarily create a secure channel before the signature key is used and closes this channel immediately after the key was used. Let me know if you want to use the signature key of TCOS3 based cards with OpenSC. If nobody is interested I will work on other thinks. -

      -
        pkcs15-tool -c
-

      -will list all certificates. It will not list empty certificate files. Here's the output for my NetKey E4 V3 card: -

      -
      $ pkcs15-tool -c
-X.509 Certificate [Telesec Signatur Zertifikat]
-        Flags    : 0
-        Authority: no
-        Path     : df02c000
-        ID       : 45
-
-X.509 Certificate [Telesec Verschluesselungs Zertifikat]
-        Flags    : 0
-        Authority: no
-        Path     : df02c200
-        ID       : 46
-
-X.509 Certificate [Telesec Authentifizierungs Zertifikat]
-        Flags    : 0
-        Authority: no
-        Path     : df02c500
-        ID       : 47
-
-X.509 Certificate [Telesec 1024bit Zertifikat]
-        Flags    : 0
-        Authority: no
-        Path     : df02c201
-        ID       : 48
-
-X.509 Certificate [SigG Zertifikat 1]
-        Flags    : 2
-        Authority: no
-        Path     : df01c000
-        ID       : 49
-

      -The public-keys on NetKey cards are record-based transparent files and cannot be used for cryptographic operations. They are on the card for convenience only. OpenSC extracts the public keys from the certificates and does not use the public key files. -

      -

      -The Signature-Key can do signature-operations only. All other private keys can be used for decryption- and signature operations. -

      -

      How do I store additional certificates into the above mentioned empty certificate-files?

      -

      -You (and OpenSC) don't see the empty certificate files through the emulation layer. One consequence is that you cannot store your own certificates into these files with pkcs11-tool or pkcs15-init. -

      -

      -You must use opensc-explorer and store the certificate directly into the right position or use netkey-tool, a small program, that I wrote exactly for that purpose. Since version 0.7 of SCB netkey-tool is contained in the Windows version too. As of march 2009 netkey-tool does support NetKey E4 cards only. Let me know if you want to use netkey-tool with NetKey E4 V3 cards. -

      -

      -In general (and in particular with TCOS-cards) it's a lot more complicated to create a new file on a smartcard than updating an existing one. That's the reason why there are empty certificate files on a NetKey E4 card. They contain 1536 0xFF-bytes and you can overwrite them with your own certificate (if your certificate has at most 1536 bytes). -

      -

      -There is one problem with many PKCS#11 or PKCS#15 smartcard-applications. They assume that the ID of a certificate uniquely identifies the certificate itself. This is wrong as the ID only identifies the private/public keypair that belongs to the certificate. So if you have more than one certificate for the same keypair all these certificates will share the same ID-value. OpenSC has this problem with NetKey cards too. Have a look at the -r option of pkcs15-tool. In order to select a certificate you can only specify its ID and pkcs15-tool will output the first certificate from the card that has such an ID-value. -

      -

      -If you have stored a certificate on your NetKey card, you most likely want to use this certificate (and not the readonly-one). Therefore the emulation will add the user-certificates first into its internal list. -

      -

      Some remarks about the pins of a TCOS2-based NetKey card

      -

      -There are two global pins on a TCOS2 based NetKey-card and some of the directories contain further pins. TCOS3-based cards are slightly different buth since netkey-tool does not support TCOS3-cards yet I will not explain the differences. -

      -

      -The NetKey emuation will list the two global pins (PIN and PUK) and the two local pins contained in directory DF01 (PIN0 and PIN1). The TCOS card operation system can protect a private key by more than one pin. OpenSC does NOT support this and will always ask for one specific pin. If a key is protected by both a global pin and a local pin OpenSC will always ask for the local one. -

      -

      -Now that you know that you MUST use local PIN0 or local PIN1 and cannot use your global PIN instead you probably want to know the initial value of those local pins. But these local pins were set to a random 6-digit number when TeleSec Gmbh produced your card. So you cannot know them until you changed them. -

      -

      -You can change local PIN0 only if you know either local PIN0 itself or your global PIN. And you cannot change a pin once it was blocked. So if your local PIN0 is blocked (for example because you provided you global PIN when OpenSC asked you for the local one and you did that for at least three times) then you must unblock it first. -

      -

      -Here's an example about how to unblock your local PIN0, how to change its value to 111111 with your global PIN and then change its value from 111111 to 222222. It assumes that your global PIN is 123456 -

      -
      netkey-tool --pin 123456 unblock pin0
-netkey-tool --pin 123456 change pin0 111111
-netkey-tool --pin0 111111 change pin0 222222
-

      -One more hint: Your global PUK was set to an 8-digit random number at production time of your TCOS2-based NetKey card. This random number is stored on your card in a transparent file. This transparent file is read-protected by your global PIN. If you ever block your global PIN you will need your global PUK. But once your global PIN is blocked you cannot read the initial value of your global PUK anymore. -

      -

      -netkey-tool --pin <your_global_pin> will print out the initial PUK-value. If you changed your global PUK to some other value the transparent file on your card will still contain the initial value. -

      -

      -netkey-tool does not support the SigG application. If you want to change your SigG-PIN or read/write yout SigG-certificates with netkey-tool please let me know. -

      -

      SignTrust layout

      -

      -The following information applies to 1024 bit SignTrust cards only. 2048 bit SignTrust cards do not contain a TCOS chip but are StarCos 3.0 based. They layout is very similar, but this information won't help OpenSC-users as OpenSC does not support StarCos 3.0 as of march 2009. -

      -

      -SignTrust cards contain three applications (i.e. directories). Each of them contain one certificate, one private key and one pin. -

      -

      -The signature-key is restricted such that it can create signatures only, the other keys can be used for decryption- and signature operations. There are no empty certificate files on a SignTrust card (as with NetKey cards) so you cannot store your own certificates on a SignTrust card. -

      -

      -The certificate from the signature-application can ba used to create SigG (german signature law) conforming digital signatures. -Neither the CA-certificate nor the Root-Certificate is stored on the card but you can download them - here. -

      -

      -Here's some output that shows the SigG-certificate of my 1024bit SignTrust card, which expired in 2007: -

      -
      $ pkcs15-tool -r 45 | openssl x509 -noout -text -certopt no_pubkey,no_sigdump
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 32322 (0x7e42)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=DE, O=Deutsche Post Com GmbH, OU=Signtrust, CN=CA DP Com 5:PN
-        Validity
-            Not Before: Sep 21 10:19:04 2005 GMT
-            Not After : Sep 21 10:19:04 2007 GMT
-        Subject: CN=Peter Koch, SN=Koch, GN=Peter, C=DE/serialNumber=1
-        X509v3 extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:22:BB:26:65:07:57:15:DE:06:EB:10:1E:CC:77:82:A7:13:79:74:C6
-                DirName:/C=DE/O=Bundesnetzagentur/CN=10R-CA 1:PN
-                serial:AE
-            X509v3 Key Usage: critical
-                Non Repudiation
-            X509v3 Certificate Policies: 
-                Policy: 1.3.36.8.1.1
-            X509v3 CRL Distribution Points: 
-                URI:ldap://dir.signtrust.de/o=Deutsche%20Post%20Com%20GmbH,c=de
-                CRLissuer:<UNSUPPORTED>
-            Authority Information Access: 
-                OCSP - URI:http://dir.signtrust.de/Signtrust/OCSP/servlet/httpGateway.PostHandler
-

      -The remaining certificates (from the authentication and encryption application) are signed by -a selfsigned Root-certificate from Deutsche Post. -

      -

      University cards

      -

      -There are two universities in germany (that I know of) which use TCOS2-cards. These cards have their own layout and the emulation tries its best to support them. One card is the  student card of the Technical University of Darmstadt and the other on is the  student card of the University of Giessen. Both cards contain one application with one private key, one public key file and one certificate, protected by one global PIN and PUK. -

      -

      -Here's some output that shows the layout of a TUD-card: -

      -
      $ pkcs15-tool -D
-PKCS#15 Card [TUD Card]:
-        Version        : 0
-        Serial number  : 8949017200003335855
-        Manufacturer ID: TU Darmstadt
-        Flags          :
-
-PIN [PIN]
-        Com. Flags: 0x3
-        ID        : 01
-        Flags     : [0x51], case-sensitive, initialized, unblockingPin
-        Length    : min_len:6, max_len:16, stored_len:16
-        Pad char  : 0x00
-        Reference : 0
-        Type      : ascii-numeric
-        Path      : 5000
-        Tries left: 3
-
-PIN [PUK]
-        Com. Flags: 0x3
-        ID        : 02
-        Flags     : [0xD1], case-sensitive, initialized, unblockingPin, soPin
-        Length    : min_len:8, max_len:16, stored_len:16
-        Pad char  : 0x00
-        Reference : 1
-        Type      : ascii-numeric
-        Path      : 5008
-        Tries left: 2
-
-Private RSA Key [Schluessel 1]
-        Com. Flags  : 1
-        Usage       : [0x7], encrypt, decrypt, sign
-        Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract, local
-        ModLength   : 1024
-        Key ref     : 131
-        Native      : yes
-        Path        : 41015103
-        Auth ID     : 01
-        ID          : 45
-
-X.509 Certificate [Zertifikat 1]
-        Flags    : 2
-        Authority: no
-        Path     : 41014352
-        ID       : 45
-

      -Since TCOS2-cards are not produced anymore both universities are planning to use a different card. -

      -

      DATEV cards

      -

      -As of april 2008 Datev does not run a Trustcenter anymore, so the following information is of historical interest only: -

      -

      -DATEV offered different smart cards. Some were NetKey cards (those that can create signatures in accordance with the german signature law) and will be detected as such. One model was not (named DATEV Smartcard classic) and this card has a seperate emulation. It contains two application. One application has one certificate and one keypair while the other application contains two certificates and two keypairs. There's only one global PIN that protects all keys. -

      - - - -
      -

      Attachments

      - -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/Tools.html opensc-0.12.1/doc/nonpersistent/wiki.out/Tools.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/Tools.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/Tools.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,33 +0,0 @@ - - - Tools – OpenSC -
      -
      - -

      OpenSC tools

      -

      -OpenSC includes a number of command line tools to personalize, explore, debug and test smart cards. The tools are (with links to the online man pages): -

      -

      low level tools

      -
      • opensc-tool is the basic test tool. With "-l" you can see the readers, with "-n" you can see if opensc identifies the card correctly. Both are necessary for OpenSC to work. -
      • opensc-explorer is a small tool so you can browse your smart card with commands like ls, get information about files, read and write files and so on. Only works on some cards, as not all cards have the required functionality (for example no "ls"/"dir" command). Use pkcs15-tool (below) instead. -

      high level tools

      -
      • pkcs15-init can erase your smart card, initialize it, create pins, generate keys, store certificates and keys or complete p12 bundle files on the card. -
      • pkcs15-tool will show you what is on your card, lets you browse pins, certificates and keys, and lets you unblock and change pins. -
      • pkcs15-crypt offers access to the crypto functionality, such as signing data or decrypting data. -
      • pkcs11-tool does all these things too, but uses the OpenSC PKCS#11 module. As such it works like mozilla and thus is nice for testing. It also has a test mode to check most operations. pkcs11-tool uses OpenSC PKCS#11 module by default, but will work well with any other PKCS#11 implementation specified with "--module", too. -

      card specific tools

      -
      • cardos-info prints some information for Siemens CardOS/M4 cards. will not work at all with other cards. -
      • cryptoflex-tool can help you with cryptoflex cards, will not work with any other card. -
      • eidenv lets you access the extra data on belgian eid cards, like card holder, photo, etc. -
      • netkey-tool can help you with tcos cards in netkey format. will not work with any other card. -
      • piv-tool used to do primative card administration operations on PIV cards. Some vendor's cards may have additional functions not handled by the piv-tool. -

      development tools

      -
      • (DEPRECATED) opensc-config was meant to ease developing with opensc, but now we recommend to use pkg-config instead. Only provided for backwards compatibility. -
      - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/trac.css opensc-0.12.1/doc/nonpersistent/wiki.out/trac.css --- opensc-0.11.13/doc/nonpersistent/wiki.out/trac.css 2009-09-18 09:43:18.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/trac.css 1970-01-01 00:00:00.000000000 +0000 @@ -1,576 +0,0 @@ -body { background: #fff; color: #000; margin: 10px; padding: 0; } -body, th, td { - font: normal 13px Verdana,Arial,'Bitstream Vera Sans',Helvetica,sans-serif; -} -h1, h2, h3, h4 { - font-family: Arial,Verdana,'Bitstream Vera Sans',Helvetica,sans-serif; - font-weight: bold; - letter-spacing: -0.018em; - page-break-after: avoid; -} -h1 { font-size: 19px; margin: .15em 1em 0.5em 0 } -h2 { font-size: 16px } -h3 { font-size: 14px } -hr { border: none; border-top: 1px solid #ccb; margin: 2em 0 } -address { font-style: normal } -img { border: none } - -.underline { text-decoration: underline } -ol.loweralpha { list-style-type: lower-alpha } -ol.upperalpha { list-style-type: upper-alpha } -ol.lowerroman { list-style-type: lower-roman } -ol.upperroman { list-style-type: upper-roman } -ol.arabic { list-style-type: decimal } - -/* Link styles */ -:link, :visited { - text-decoration: none; - color: #b00; - border-bottom: 1px dotted #bbb; -} -:link:hover, :visited:hover { background-color: #eee; color: #555 } -h1 :link, h1 :visited ,h2 :link, h2 :visited, h3 :link, h3 :visited, -h4 :link, h4 :visited, h5 :link, h5 :visited, h6 :link, h6 :visited { - color: inherit; -} -.trac-rawlink { border-bottom: none } - -/* Heading anchors */ -.anchor:link, .anchor:visited { - border: none; - color: #d7d7d7; - font-size: .8em; - vertical-align: text-top; -} -* > .anchor:link, * > .anchor:visited { - visibility: hidden; -} -h1:hover .anchor, h2:hover .anchor, h3:hover .anchor, -h4:hover .anchor, h5:hover .anchor, h6:hover .anchor { - visibility: visible; -} - -@media screen { - a.ext-link .icon { - background: url(../extlink.gif) center center no-repeat; - padding-left: 12px; - } - a.mail-link .icon { - background: url(../envelope.png) center center no-repeat; - padding-left: 14px; - } -} - -/* Forms */ -input, textarea, select { margin: 2px } -input, select { vertical-align: middle } -input[type=button], input[type=submit], input[type=reset] { - background: #eee; - color: #222; - border: 1px outset #ccc; - padding: .1em .5em; -} -input[type=button]:hover, input[type=submit]:hover, input[type=reset]:hover { - background: #ccb; -} -input[type=button][disabled], input[type=submit][disabled], -input[type=reset][disabled] { - background: #f6f6f6; - border-style: solid; - color: #999; -} -input[type=text], input.textwidget, textarea { border: 1px solid #d7d7d7 } -input[type=text], input.textwidget { padding: .25em .5em } -input[type=text]:focus, input.textwidget:focus, textarea:focus { - border: 1px solid #886; -} -option { border-bottom: 1px dotted #d7d7d7 } -fieldset { border: 1px solid #d7d7d7; padding: .5em; margin: 1em 0 } -form p.hint, form span.hint { color: #666; font-size: 85%; font-style: italic; margin: .5em 0; - padding-left: 1em; -} -fieldset.iefix { - background: transparent; - border: none; - padding: 0; - margin: 0; -} -* html fieldset.iefix { width: 98% } -fieldset.iefix p { margin: 0 } -legend { color: #999; padding: 0 .25em; font-size: 90%; font-weight: bold } -label.disabled { color: #d7d7d7 } -.buttons { margin: .5em .5em .5em 0 } -.buttons form, .buttons form div { display: inline } -.buttons input { margin: 1em .5em .1em 0 } -.inlinebuttons input { - font-size: 70%; - border-width: 1px; - border-style: dotted; - margin: 0 .1em; - padding: 0.1em; - background: none; -} - -/* Header */ -#header hr { display: none } -#header h1 { margin: 1.5em 0 -1.5em; } -#header img { border: none; margin: 0 0 -3em } -#header :link, #header :visited, #header :link:hover, #header :visited:hover { - background: transparent; - color: #555; - margin-bottom: 2px; - border: none; -} -#header h1 :link:hover, #header h1 :visited:hover { color: #000 } - -/* Quick search */ -#search { - clear: both; - font-size: 10px; - height: 2.2em; - margin: 0 0 1em; - text-align: right; -} -#search input { font-size: 10px } -#search label { display: none } - -/* Navigation */ -.nav h2, .nav hr { display: none } -.nav ul { font-size: 10px; list-style: none; margin: 0; text-align: right } -.nav li { - border-right: 1px solid #d7d7d7; - display: inline; - padding: 0 .75em; - white-space: nowrap; -} -.nav li.last { border-right: none } - -/* Main navigation bar */ -#mainnav { - background: #f7f7f7 url(../topbar_gradient.png) 0 0; - border: 1px solid #000; - font: normal 10px verdana,'Bitstream Vera Sans',helvetica,arial,sans-serif; - margin: .66em 0 .33em; - padding: .2em 0; -} -#mainnav li { border-right: none; padding: .25em 0 } -#mainnav :link, #mainnav :visited { - background: url(../dots.gif) 0 0 no-repeat; - border-right: 1px solid #fff; - border-bottom: none; - border-left: 1px solid #555; - color: #000; - padding: .2em 20px; -} -* html #mainnav :link, * html #mainnav :visited { background-position: 1px 0 } -#mainnav :link:hover, #mainnav :visited:hover { - background-color: #ccc; - border-right: 1px solid #ddd; -} -#mainnav .active :link, #mainnav .active :visited { - background: #333 url(../topbar_gradient2.png) 0 0 repeat-x; - border-top: none; - border-right: 1px solid #000; - color: #eee; - font-weight: bold; -} -#mainnav .active :link:hover, #mainnav .active :visited:hover { - border-right: 1px solid #000; -} - -/* Context-dependent navigation links */ -#ctxtnav { height: 1em } -#ctxtnav li ul { - background: #f7f7f7; - color: #ccc; - border: 1px solid; - padding: 0; - display: inline; - margin: 0; -} -#ctxtnav li li { padding: 0; } -#ctxtnav li li :link, #ctxtnav li li :visited { padding: 0 1em } -#ctxtnav li li :link:hover, #ctxtnav li li :visited:hover { - background: #bba; - color: #fff; -} - -/* Alternate links */ -#altlinks { clear: both; text-align: center } -#altlinks h3 { font-size: 12px; letter-spacing: normal; margin: 0 } -#altlinks ul { list-style: none; margin: 0; padding: 0 0 1em } -#altlinks li { - border-right: 1px solid #d7d7d7; - display: inline; - font-size: 11px; - line-height: 1.5; - padding: 0 1em; - white-space: nowrap; -} -#altlinks li.last { border-right: none } -#altlinks li :link, #altlinks li :visited { - background-repeat: no-repeat; - color: #666; - border: none; - padding: 0 0 2px; -} -#altlinks li a.ics { background-image: url(../ics.png); padding-left: 22px } -#altlinks li a.rss { background-image: url(../feed.png); padding-left: 20px } - -/* Footer */ -#footer { - clear: both; - color: #bbb; - font-size: 10px; - border-top: 1px solid; - height: 31px; - padding: .25em 0; -} -#footer :link, #footer :visited { color: #bbb; } -#footer hr { display: none } -#footer #tracpowered { border: 0; float: left } -#footer #tracpowered:hover { background: transparent } -#footer p { margin: 0 } -#footer p.left { - float: left; - margin-left: 1em; - padding: 0 1em; - border-left: 1px solid #d7d7d7; - border-right: 1px solid #d7d7d7; -} -#footer p.right { - float: right; - text-align: right; -} - -#content { padding-bottom: 2em; position: relative } - -#help { - clear: both; - color: #999; - font-size: 90%; - margin: 1em; - text-align: right; -} -#help :link, #help :visited { cursor: help } -#help hr { display: none } - -/* Page preferences form */ -#prefs { - background: #f7f7f0; - border: 1px outset #998; - float: right; - font-size: 9px; - padding: .8em; - position: relative; - margin: 0 1em 1em; -} -* html #prefs { width: 26em } /* Set width only for IE */ -#prefs input, #prefs select { font-size: 9px; vertical-align: middle } -#prefs fieldset { - background: transparent; - border: none; - margin: .5em; - padding: 0; -} -#prefs fieldset legend { - background: transparent; - color: #000; - font-size: 9px; - font-weight: normal; - margin: 0 0 0 -1.5em; - padding: 0; -} -#prefs .buttons { text-align: right } - -/* Version information (browser, wiki, attachments) */ -#info { - margin: 1em 0 0 0; - background: #f7f7f0; - border: 1px solid #d7d7d7; - border-collapse: collapse; - border-spacing: 0; - clear: both; - width: 100%; -} -#info th, #info td { font-size: 85%; padding: 2px .5em; vertical-align: top } -#info th { font-weight: bold; text-align: left; white-space: nowrap } -#info td.message { width: 100% } -#info .message ul { padding: 0; margin: 0 2em } -#info .message p { margin: 0; padding: 0 } - -/* Wiki */ -.wikipage { padding-left: 18px } -.wikipage h1, .wikipage h2, .wikipage h3 { margin-left: -18px } - -a.missing:link, a.missing:visited, a.missing, span.missing, -a.forbidden, span.forbidden { color: #998 } -a.missing:hover { color: #000 } -a.closed:link, a.closed:visited, span.closed { text-decoration: line-through } - -/* User-selectable styles for blocks */ -.important { - background: #fcb; - border: 1px dotted #d00; - color: #500; - padding: 0 .5em 0 .5em; - margin: .5em; -} - -dl.wiki dt { font-weight: bold } -dl.compact dt { float: left; padding-right: .5em } -dl.compact dd { margin: 0; padding: 0 } - -pre.wiki, pre.literal-block { - background: #f7f7f7; - border: 1px solid #d7d7d7; - margin: 1em 1.75em; - padding: .25em; - overflow: auto; -} - -blockquote.citation { - margin: -0.6em 0; - border-style: solid; - border-width: 0 0 0 2px; - padding-left: .5em; - border-color: #b44; -} -.citation blockquote.citation { border-color: #4b4; } -.citation .citation blockquote.citation { border-color: #44b; } -.citation .citation .citation blockquote.citation { border-color: #c55; } - -table.wiki { - border: 2px solid #ccc; - border-collapse: collapse; - border-spacing: 0; -} -table.wiki td { border: 1px solid #ccc; padding: .1em .25em; } - -.wikitoolbar { - margin-top: 0.3em; - margin-left: 2px; - border: solid #d7d7d7; - border-width: 1px 1px 1px 0; - height: 18px; - width: 234px; -} -.wikitoolbar :link, .wikitoolbar :visited { - background: transparent url(../edit_toolbar.png) no-repeat; - border: 1px solid #fff; - border-left-color: #d7d7d7; - cursor: default; - display: block; - float: left; - width: 24px; - height: 16px; -} -.wikitoolbar :link:hover, .wikitoolbar :visited:hover { - background-color: transparent; - border: 1px solid #fb2; -} -.wikitoolbar a#em { background-position: 0 0 } -.wikitoolbar a#strong { background-position: 0 -16px } -.wikitoolbar a#heading { background-position: 0 -32px } -.wikitoolbar a#link { background-position: 0 -48px } -.wikitoolbar a#code { background-position: 0 -64px } -.wikitoolbar a#hr { background-position: 0 -80px } -.wikitoolbar a#np { background-position: 0 -96px } -.wikitoolbar a#br { background-position: 0 -112px } -.wikitoolbar a#img { background-position: 0 -128px } - -/* Styles for the form for adding attachments. */ -#attachment .field { margin-top: 1.3em } -#attachment label { padding-left: .2em } -#attachment fieldset { margin-top: 2em } -#attachment fieldset .field { float: left; margin: 0 1em .5em 0 } -#attachment .options { float: left; padding: 0 0 1em 1em } -#attachment br { clear: left } -.attachment #preview { margin-top: 1em } - -/* Styles for the list of attachments. */ -#attachments { border: 1px outset #996; padding: 1em } -#attachments .attachments { margin-left: 2em; padding: 0 } -#attachments dt { display: list-item; list-style: square; } -#attachments dd { font-style: italic; margin-left: 0; padding-left: 0; } - -/* Styles for tabular listings such as those used for displaying directory - contents and report results. */ -table.listing { - clear: both; - border-bottom: 1px solid #d7d7d7; - border-collapse: collapse; - border-spacing: 0; - margin-top: 1em; - width: 100%; -} -table.listing th { text-align: left; padding: 0 1em .1em 0; font-size: 12px } -table.listing thead { background: #f7f7f0 } -table.listing thead th { - border: 1px solid #d7d7d7; - border-bottom-color: #999; - font-size: 11px; - font-weight: bold; - padding: 2px .5em; - vertical-align: bottom; -} -table.listing thead th :link:hover, table.listing thead th :visited:hover { - background-color: transparent; -} -table.listing thead th a { border: none; padding-right: 12px } -table.listing th.asc a, table.listing th.desc a { font-weight: bold } -table.listing th.asc a, table.listing th.desc a { - background-position: 100% 50%; - background-repeat: no-repeat; -} -table.listing th.asc a { background-image: url(../asc.png) } -table.listing th.desc a { background-image: url(../desc.png) } -table.listing tbody td, table.listing tbody th { - border: 1px dotted #ddd; - padding: .3em .5em; - vertical-align: top; -} -table.listing tbody td a:hover, table.listing tbody th a:hover { - background-color: transparent; -} -table.listing tbody tr { border-top: 1px solid #ddd } -table.listing tbody tr.even { background-color: #fcfcfc } -table.listing tbody tr.odd { background-color: #f7f7f7 } -table.listing tbody tr:hover { background: #eed !important } -table.listing tbody tr.focus { background: #ddf !important } - -/* Styles for the page history table - (extends the styles for "table.listing") */ -#fieldhist td { padding: 0 .5em } -#fieldhist td.date, #fieldhist td.diff, #fieldhist td.version, -#fieldhist td.author { - white-space: nowrap; -} -#fieldhist td.version { text-align: center } -#fieldhist td.comment { width: 100% } - -/* Auto-completion interface */ -.suggestions { background: #fff; border: 1px solid #886; color: #222; } -.suggestions ul { - font-family: sans-serif; - max-height: 20em; - min-height: 3em; - list-style: none; - margin: 0; - overflow: auto; - padding: 0; - width: 440px; -} -* html .suggestions ul { height: 10em; } -.suggestions li { background: #fff; cursor: pointer; padding: 2px 5px } -.suggestions li.selected { background: #b9b9b9 } - -/* Styles for the error page (and rst errors) */ -#content.error .message, div.system-message { - background: #fdc; - border: 2px solid #d00; - color: #500; - padding: .5em; - margin: 1em 0; -} -#content.error div.message pre, div.system-message pre { - margin-left: 1em; - overflow: hidden; - white-space: normal; -} -div.system-message p { margin: 0; } -div.system-message p.system-message-title { font-weight: bold; } - -#warning.system-message { background: #ffb; border: 1px solid #000; } -#warning.system-message li { list-style-type: square; } - -#notice.system-message { background: #dfd; border: 1px solid #000; } -#notice.system-message li { list-style-type: square; } - -#content.error form.newticket { display: inline; } -#content.error form.newticket textarea { display: none; } - -#content.error #systeminfo { margin: 1em; width: auto; } -#content.error #systeminfo th { font-weight: bold; text-align: right; } - -#content.error #traceback { margin-left: 1em; } -#content.error #traceback :link, #content.error #traceback :visited { - border: none; -} -#content.error #tbtoggle { font-size: 80%; } -#content.error #traceback div { margin-left: 1em; } -#content.error #traceback h3 { font-size: 95%; margin: .5em 0 0; } -#content.error #traceback :link var, #content.error #traceback :visited var { - font-family: monospace; - font-style: normal; - font-weight: bold; -} -#content.error #traceback span.file { color: #666; font-size: 85%; } -#content.error #traceback ul { list-style: none; margin: .5em 0; padding: 0; } -#content.error #traceback ol { - border: 1px dotted #d7d7d7; - color: #999; - font-size: 85%; - line-height: 1; - margin: .5em 0; -} -#content.error #traceback ol li { white-space: pre; } -#content.error #traceback ol li.current { background: #e6e6e6; color: #333; } -#content.error #traceback ol li code { color: #666; } -#content.error #traceback ol li.current code { color: #000; } -#content.error #traceback table { margin: .5em 0 1em; } -#content.error #traceback th, #content.error #traceback td { - font-size: 85%; padding: 1px; -} -#content.error #traceback th var { - font-family: monospace; - font-style: normal; -} -#content.error #traceback td code { white-space: pre; } -#content.error #traceback pre { font-size: 95%; } - -#content .paging { margin: 0 0 2em; padding: .5em 0 0; - font-size: 85%; line-height: 2em; text-align: center; -} -#content .paging .current { - padding: .1em .3em; - border: 1px solid #333; - background: #999; color: #fff; -} - -#content .paging :link, #content .paging :visited { - padding: .1em .3em; - border: 1px solid #666; - background: transparent; color: #666; -} -#content .paging :link:hover, #content .paging :visited:hover { - background: #999; color: #fff; border-color: #333; -} -#content .paging .previous a, -#content .paging .next a { - font-size: 150%; font-weight: bold; border: none; -} -#content .paging .previous a:hover, -#content .paging .next a:hover { - background: transparent; color: #666; -} - -#content h2 .numresults { color: #666; font-size: 90%; } - -/* Styles for search word highlighting */ -@media screen { - .searchword0 { background: #ff9 } - .searchword1 { background: #cfc } - .searchword2 { background: #cff } - .searchword3 { background: #ccf } - .searchword4 { background: #fcf } -} - -@media print { - #header, #altlinks, #footer, #help { display: none } - .nav, form, .buttons form, form .buttons, form .inlinebuttons, - .noprint, .trac-rawlink { - display: none; - } - form.printableform { display: block } -} diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/TroubleShooting.html opensc-0.12.1/doc/nonpersistent/wiki.out/TroubleShooting.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/TroubleShooting.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/TroubleShooting.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,82 +0,0 @@ - - - TroubleShooting – OpenSC -
      -
      - -

      Debugging OpenSC

      -
      opensc-tool -l
-

      -will give you a list of readers opensc has found. If your reader isn't listed, you have -a problem with that reader. For OpenCT see http://www.opensc-project.org/openct/wiki/TroubleShooting for details. -For PCSC/Lite see it's documentation (FIXME: a link would be nice). For CT-API readers, edit the -opensc.conf and make sure the reader is properly configured. If it still doesn't help, increase -debugging to level 5 or higher in opensc.conf, run "opensc-tool -l" again and send a debug log -to the mailing list (see ContactInfo? for details). -

      -

      -FIXME: more help for debugging opensc. -

      -

      Unsupported INS byte in APDU

      -

      -This is a common error message. The best translation is: -

      -
      Sorry, we don't know that card.
-

      -Each card is identified by it so called ATR ("Answer to reset"). -You can get this identification code by running -

      -
      opensc-tool --atr
-

      -OpenSC contains a compiled in list of atr it knows in each card driver. -To check if any card driver knows about your card, please run -

      -
      opensc-tool --name
-

      -So if that name is "Default driver for unknown cards" then either your card -is not supported at all, or it is a brand new version of an old and supported -card, and if it is compatible with the older version it might work. -

      -

      -In case it is only a new version, but still compatible, you can edit opensc.conf -and configure some driver to also accept this new atr. opensc.conf already contains -a configuration example, you only need to change the atr and driver and enable it. -Here is that example code: -

      -
              # GPK card driver additional ATR entry:
-        card_driver gpk {
-                atr = 00:11:22;
-        }
-
-

      -Replace "gpk" with the card driver of your card and "00:11:22" with the atr -printed by "opensc-tool --atr". WARNING: this can damage your card and render -it useless (in case the driver is not compatible with your card). So don't do -this, unless you are absolutely sure of what you are doing. If you are not -sure, please contact the OpenSC Team (see MailingLists for details). -

      -

      -Also note: more and more drivers have internal flags, for example for subtypes -of cards or for certain properties, like whether or nor a card can generate -keys (very old smartcards can't do that). Currently it is not possible to set -those flags in the config file, so often it might be necessary to edit OpenSC -source code and recompile OpenSC. -

      -

      -If you have a card with some new format, and you are not sure whether some -emulation layer in OpenSC supports it, you can try this command and send us -the output: -

      -
      opensc-tool -f
-

      -It will read all directories, files, permissions and file content, i.e. -all public content on the card, thus we can have a look, maybe it is something -we already know. -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/TurkishEid.html opensc-0.12.1/doc/nonpersistent/wiki.out/TurkishEid.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/TurkishEid.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/TurkishEid.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,13 +0,0 @@ - - - TurkishEid – OpenSC -
      -
      - - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/UnitedStatesPIV.html opensc-0.12.1/doc/nonpersistent/wiki.out/UnitedStatesPIV.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/UnitedStatesPIV.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/UnitedStatesPIV.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,129 +0,0 @@ - - - UnitedStatesPIV – OpenSC -
      -
      - -

      US PIV

      -

      -The  National Institute of Standards and Technology, U.S. Department of Commerce has defined a -smart card application. Although not a "national ID card", it is expected to be used widely in the -U.S.federal government and its contractors. Cards with this application are commonly referred to as PIV cards. -

      -

      -NIST Spical Publication 800-73-2 (See below) and related -documents define PIV. Part 2 of 800-73-2 defines the ADPU commands accepted -by the PIV application on the card. The standard does not define all the commands needed to -administer a card, leaving this up to the card vendors and card administration software vendors. -

      -

      -The non-administrative commands are standardized, and so any vendor's card with the PIV application -should inter operate with any vendor's client software. The -pkcs11-tool can be used -to read the objects on the card and to change the user PIN. -

      -

      -The piv-tool is provided to allow for some card administration in testing, such as generating -a key pair, and loading a certificate or other object on the card. You may need more information -from your card vendor. -

      -

      -The PIV is not a PKCS#15 type card, but rather an object based application. OpenSC provides -a PKCS#15 emulator to access the four certificates and keys, along with the data objects. -Thus for example the "X.509 Certificate for PIV Authentication" can be used with PKCS#11 for -login or web access. -

      -

      -OpenSC 0.11.1 did not search arbitrary cards for the PIV application, and set the max_send_size and max_recv_size -to low for PIV cards. With 0.11.1 you needed to add the ATR of specific vendor's cards to the opensc.conf. -The ATR of your card can be read using the opensc-tool. -

      -

      -OpenSC 0.11.2 added support for certificates that are gzip'ed. But only 1024 bit RSA keys are supported. -

      -

      -OpenSC 0.11.3 added support for 2048 and 3072 bit RSA keys. -

      -

      -OpenSC 0.11.4 added support to read all the objects on the card via PKCS#11, pkcs11-tool and pkcs15-tool. -

      -

      -OpenSC 0.11.5 added support for 800-73-2. -

      -

      -OpenSC 0.11.9 fixed bug: highly compressed certificates were only being partially read. If any problems are found in previous versions, please update to at least this version. -

      -

      -OpenSC 0.11.10 fixed bug when using piv-tool to authenticate to card using 3DES key. -

      -

      -OpenSC (commited for 0.12) The card serial number is derived from the CHUID using the FASC-N. If the Agency Code = 9999, and a GUID is present, it is used as the serial number. Piv-tool can now write any object to the card. (Piv-tool continues to be for creating test cards only.) -

      -

      -No changes are needed to the opensc.conf file when using 0.11.4 and above, but here are sample changes needed for 0.11.1 in the opensc.conf file to use some GemAalto and Oberthur PIV cards. If other vendors produce PIV cards, you may have to add their ATRs: -

      -
      ...
-    reader_driver xxxxx {
-...
-        max_send_size = 255;
-        max_recv_size = 256;
-...
-    }
-...
-    card_atr 3B:7D:96:00:00:80:31:80:65:B0:83:11:11:AC:83:00:90:00 {
-            # GemAlto
-            name = "PIV-II";
-            driver = "piv";
-        }
-    card_atr 3b:db:96:00:81:b1:fe:45:1f:03:80:f9:a0:00:00:03:08:00:00:10:00:18 {
-            #    Oberthur 
-            name = "PIV-II";
-            driver = "piv";
-        }
-...
-    framework pkcs15 {
-...
-        emulate PIV-II {
-        }
-...
-    }
-...
-

      Links

      -

      PIV Overview

      -
      -

      - http://csrc.ncsl.nist.gov/piv-program/ -

      -
      -

      PIV, PIV Interoperable and PIV Compatible

      -
      -

      - http://www.idmanagement.gov/documents/PIV_IO_NonFed_Issuers_May2009.pdf -

      -
      -

      -Recomendations on how PIV cards can used outside of the U.S. Goverenment. - -

      -

      NIST Special Publications - 800-73-3

      -
      -

      - http://csrc.nist.gov/publications/PubsSPs.html -

      -
      -

      -Look for 800-73-3 (draft). Part 2 has the ADPU commands. All four parts: -

      -

      PIV Approved Cards, Readers, Middleware etc

      -
      -

      - http://fips201ep.cio.gov/apl.php -

      -
      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/UsingOpensc.html opensc-0.12.1/doc/nonpersistent/wiki.out/UsingOpensc.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/UsingOpensc.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/UsingOpensc.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,62 +0,0 @@ - - - UsingOpensc – OpenSC -
      -
      - -

      Using OpenSC

      -

      -opensc-pkcs11.so and many tools need the opensc config file to work properly. -On Linux and Mac OS X the location of the config file is set when calling -configure and then compiled in. However you can use the OPENSC_CONF environment -variable to specify a different config file. See also the EnvironmentVariables page. -

      -

      -On windows the opensc config file is found using the registry key -HKML\Software\OpenSC\ConfigFile. If you compile and install OpenSC from -source you need to set this registry key to point to the install file. -Users can set HKMU\Software\OpenSC\ConfigFile to override the system -wide settings. Also users can use the OPENSC_CONF environment variable -to override both registry settings. -

      -

      Debug level

      -

      -The OpenSC configuration (in general /etc/opensc.conf) has a debug level variable: debug. It is possible to overwrite this value using the OPENSC_DEBUG environment variable. For example you can use: -

      -
      $ OPENSC_DEBUG=9 pkcs11-tool --list-slots
-

      PKCS #11 Spy

      -

      -PKCS#11 Spy is a special PKCS#11 Module that sits between your application -and your real PKCS#11 Module, and creates a log file with all functions calls -by the application and return values by the real PKCS#11 Module. It does not -change the communication in any way. Be aware such log files are security -sensitive, as all information is logged, including PIN, PUK, signatures -and so on. So you should only use it for debugging, and preferable only with -test keys. -

      -

      -On Linux and Mac OS X you can use PKCS#11 Spy with environment variables: -by default stderr will be used for logging, but you can set PKCS11SPY_OUTPUT -to a filename, and that file will be appended. You need to set PKCS11SPY -to your readl PKCS#11 Module such as opensc-pkcs11.so (but use an absolute -path) to use PKCS#11 Module. -

      -

      -On windows the read PKCS#11 Module is found using HKLM\Software\PKCS11-Spy\Module -and the output is written to the file specified in HKLM\Software\PKCS11-Spy\Output. -Again users can override these system wide settings using HKLU, and again user -can use environment variables to override the registry settings. -

      -

      -Note that PKCS#11 Spy no longer reads the OpenSC config file and the settings -in that config file (up to OpenSC version 0.9.*) are no longer valid. Now it -is absolutely necessary to set at least the module via environment variables -(or registry on windows). -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/VPN.html opensc-0.12.1/doc/nonpersistent/wiki.out/VPN.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/VPN.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/VPN.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,29 +0,0 @@ - - - VPN – OpenSC -
      -
      - -

      Virtual Private Networks

      -

      -The common standard for Virtual Private Networks is IPSEC. For linux there are four implementations of IPSEC: -

      -
      •  FreeS/WAN has no support for smart cards, unless patched with the X.509 patch. -That patch comes with documentation how to use smart cards. FreeS/WAN project has ended, you might want to -use Openswan or strongSwan instead. -
      •  Openswan supports OpenSC natively and must be compiled with OpenSC support. -If that is done, you can find more details in the Openswan documentation: - README.x509 has a chapter 8 about Smartcard support. -
      •  strongSwan supports smart card authentication using PKCS#11 API. It should -work fine with opensc-pkcs11.so, please report your results. Detailed documentation is part of the - strongSwan documentation. -
      •  Racoon does currently not support smart card authentication. -
      •  OpenVPN does support PKCS#11 in current devel version. Successfuly -tested OpenSC with OpenVPN 2.1beta.7. They have a howto with details on it at  http://openvpn.net/howto.html -
      - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/WhatsNew.html opensc-0.12.1/doc/nonpersistent/wiki.out/WhatsNew.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/WhatsNew.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/WhatsNew.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,73 +0,0 @@ - - - WhatsNew – OpenSC -
      -
      - -

      What is new in OpenSC

      -

      -OpenSC has split into several smaller parts so maintenance becomes easier: -

      -
      • OpenSC itself - the opensc and pkcs15init library, the PKCS#11 module and the tools. -
      • libp11 - a new library designed to make using smart cards easier. Works with OpenSC PKCS#11 and every other PKCS#11 module. -
      • pam_p11 - a new plugable authenticaion module so you can log in with your smart card. Uses libp11. -
      • engine_pkcs11 - the well known sslengine for using PKCS#11 modules is now a standalone project. It also uses libp11. -

      -The last major OpenSC release was nearly a year ago. With several smaller modules we hope to -release new versions much faster. -

      -

      Documentation

      -

      -OpenSC documentation is now managed in the wiki web page at http://www.opensc-project.org/opensc/. -The old manual is still included, but it is deprecated and all content will be moved to the -wiki page (most likely all content is already there). -

      -

      -OpenSC man pages are now in xml format and rendered to man and html. The tar file includes -both versions, the html version is also online at http://www.opensc-project.org/doc/opensc/html/ -

      -

      Incompatible

      -

      -You need to recompile applications using OpenSC as the ABI changed. OpenSC 0.9.* had the library -version 1.0.0, OpenSC 0.10.* uses library version 2.0.0. Also you need to upgrade your config file, -as we added some new sections / parameters. Most important: you need to point to your profile dir -using that setting in your config file. -

      -

      -Now OpenSC installs all libraries and opensc-pkcs11.so in the lib/ directory. Older versions installed -those files in lib/, in lib/opensc/ or in lib/pkcs11/ and caused some confusion, or even didn't work -at all. Now all files are in lib/. If you have applications using opensc-pkcs11.so, you might need -to adjust the configuration to reflect this change. -

      -

      New drivers

      -

      -New drivers include the belpic driver for belgium eid cards (thanks to Belgium and Zetes), -the atrust-acos driver for Austrian eID cards (thanks to A-Trust) and an improved -tcos driver for tcos cards including german signature cards (thanks to Peter Koch). -

      -

      New Pinpad support

      -

      -OpenSC now implements the new PCSC v2 Part 10 standard for entering pins on the pinpad -(thanks to Martin Paljak). -

      -

      New Windows binaries

      -

      -Maybe you already noticed, we now have a new windows package called -smart card bundle containing OpenSC, OpenSSL, -Putty and Pageant, so you can use smart cards on windows easily. -We also highly recommend the  CSP#11 -cryptographic software provider for windows, so you can use OpenSC -with native applications like Internet Explorer or Outlook. -

      -

      New installer for Apple Mac OS X

      -

      -This is a new package. This is in early stage, and does currently only include -OpenSC, we will add more parts in future version. More info here -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/WindowsCSP.html opensc-0.12.1/doc/nonpersistent/wiki.out/WindowsCSP.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/WindowsCSP.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/WindowsCSP.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,84 +0,0 @@ - - - WindowsCSP – OpenSC -
      -
      - -

      Windows CSP

      -

      -On Windows usualy all Applications use the Crypto API - a very high level and very generic framework. -If Applications use this framework, no changes are needed to use certificates and keys -not only from either files/registry but also from smart cards. -

      -

      -Such Applications can not use OpenSC directly. Instead they access the Crypto API on the upper side, -and a Crypto Service Provider needs to register smart card resource on the lower side. -That CSP can use OpenSC via the PKCS#11 API. -

      -

      -And of course you need the PC/SC Middleware and a driver for your smart card reader. -PC/SC is already included in Windows NT, 2000, XP and later. -

      -

      -The whole picture with all layers is: -

      -
      +------------------------------------+
-|           Application              |
-+------------------------------------+
-+============Crypto API==============+
-|            Middleware              |
-+==Crypto Server Provider Interface===+
-+------------------------------------+
-|        Crypto Service Provider     |
-+--------------PKCS#11---------------+
-|         OpenSC-PKCS11.dll          |
-+--------------PC/SC-----------------+
-|         PC/SC Middleware           |
-+-------------Ifdhandler-------------+
-|      Smart card Reader Driver      |
-+------------------------------------+
-

      CSP#11

      -

      -CSP#11 is an open source implementation of the Crypto Service Provider API. It works with any PKCS#11 module -including the OpenSC-PKCS11.DLL included in OpenSC. -

      -

      -You can download CSP#11 at  http://csp11.labs.libre-entreprise.org/. -

      -

      -Smart card bundle is our windows installer and it has a more detailed -web page about CSP11. -

      -

      Idendity Alliance CSP

      -

      -Idendity Alliance also offers a CSP implementation in their - ID Ally package. -(free for personal use, 30 days use for evaluation.) -

      -

      -Smart card bundle is our windows installer and it has a more detailed -web page about ID Ally. -

      -

      PKCS CSP

      -

      -PKCS CSP is an open-source CSP to use PKCS#11 modules. It was developed by Ilex and may be downloaded free of charge. The package contains the source files needed to build the CSP as well as documentation in English and French. -

      -

      - http://www.ilex.fr/en/opensource/pkcscsp.htm -

      -

      -* Description -

      -

      Windows Vista

      -

      -It looks like Microsoft will replace Crypto API with something new, but still -support Crypto API. More information can be found in this presentation: - http://blog.blanar.net/files/FUN210_Ben-Menahem_Tucker.ppt -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/WPA.html opensc-0.12.1/doc/nonpersistent/wiki.out/WPA.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/WPA.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/WPA.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,73 +0,0 @@ - - - WPA – OpenSC -
      -
      - -

      Wireless authentication

      -

      -Wireless network used to be protected by the WEP standard, but WEP turned out to be insecure and thus useless. -These days wireless networks are usualy protected using WPA - Wi-Fi Protected Access. -

      -

      -Unfortunatly WPA is available in several flavors and versions, see -the  Wi-Fi Alliance website for details. -

      -

      -If your wireless network is set up to ask for authentication using client certificates, -then you can use it with those certificates and keys on your smart card. -

      -

      -For windows the windows build in WPA client should work well, if you have a CSP installed that works with OpenSC. -This is untested, please report your results. -

      -

      -For linux you can use the  WPA Supplicant or  Xsupplicant with OpenSC. -The support for smart cards is implemented in both via the PKCS#11 Engine for OpenSSL. -

      -

      WPA Supplicant

      -

      -To use WPA Suppplicant with smart card authentication you need to compile it with smart card support. Your config file should include this line: -

      -
      # Smartcard support (i.e., private key on a smartcard), e.g., with openssl
-# engine.
-CONFIG_SMARTCARD=y
-

      -Also you need to edit wpa_supplicant.conf like this: -

      -
      # OpenSSL Engine support
-# These options can be used to load OpenSSL engines.
-# make the pkcs11 engine available
-pkcs11_engine_path=/usr/lib/engine/engine_pkcs11.so
-# configure the path to the pkcs11 module required by the pkcs11 engine
-pkcs11_module_path=/usr/lib/engine/opensc-pkcs11.so
-

      X Supplicant

      -

      -It looks like xsupplicant is always compiled with smart card support. -

      -

      -To enable it, edit the xsupplicant.conf config file and look for lines -like these: -

      -
           # this section configures the smartcard used with eap-tls
-     # for now the smartcard PIN is handled the same way as the 
-     # password for a private key
-     smartcard {
-        # this line actually enables the smartcard and makes xsupplicant use
-        # the opensc engine
-        engine_id = pkcs11
-        # set the path to the engine
-        opensc_so_path = "/usr/lib/engine/engine_pkcs11.so"
-        # set the key id on the smartcard
-        key_id = 45
-     }
-

      -FIXME: someone should test this and check if it works as advertised. -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/nonpersistent/wiki.out/XML.html opensc-0.12.1/doc/nonpersistent/wiki.out/XML.html --- opensc-0.11.13/doc/nonpersistent/wiki.out/XML.html 2010-02-16 09:35:14.000000000 +0000 +++ opensc-0.12.1/doc/nonpersistent/wiki.out/XML.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,24 +0,0 @@ - - - XML – OpenSC -
      -
      - -

      XML Advanced Electronic Signatures (XAdES)

      -

      -XML Advanced Electronic Signatures are defined in the ETSI standard  ETSI TS 101 903 V1.1.1. -

      -

      - OpenXAdES implements that standard in a library, and - GNU DigiDoc a graphical user interface application built on top the libdigidoc (AKA OpenXAdES). -

      -

      -libdigidoc uses PKCS#11 for smartcard access on non-windows platforms and works well with OpenSC. -

      - - - -
      -

      Back to Index

      diff -Nru opensc-0.11.13/doc/README opensc-0.12.1/doc/README --- opensc-0.11.13/doc/README 2006-01-22 22:27:38.000000000 +0000 +++ opensc-0.12.1/doc/README 1970-01-01 00:00:00.000000000 +0000 @@ -1,10 +0,0 @@ -This directory contains a snapshot of the OpenSC Wiki -===================================================== - -The original wiki page is at http://www.opensc-project.org/opensc/ -and includes a bug tracker and source browser. - -The wiki was transformed to html using the export-wiki shell -script and xsl style sheet. The original version is at - http://www.twdata.org/trac-howto/ - diff -Nru opensc-0.11.13/doc/svn2cl.xsl opensc-0.12.1/doc/svn2cl.xsl --- opensc-0.11.13/doc/svn2cl.xsl 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/doc/svn2cl.xsl 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,295 @@ + + + + + + + +]> + + + + + + + + + + + + + + + + + + + + + + + + + &newl; + + + + + + + + + + + + + + + + + + + + + + + + + + + &newl; + + + + + &space;&space; + + + + &newl;&newl; + + + + + + + + + [r + + ]&space; + + + + &tab;*&space; + + + + + + + + + + + + + + &space; + + + + + + + + + + + + + + + + ,&space; + + + + + + :&space; + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + . + + + + + + + + + + + + + + + + &newl; + + + + + + + + + + + + + + + + + + + &newl;&tab;&space;&space; + + + + + + + + + + + + + + + + + + + + + + + + diff -Nru opensc-0.11.13/doc/tools/cardos-tool.xml opensc-0.12.1/doc/tools/cardos-tool.xml --- opensc-0.11.13/doc/tools/cardos-tool.xml 2009-12-13 09:14:26.000000000 +0000 +++ opensc-0.12.1/doc/tools/cardos-tool.xml 2011-05-17 17:07:00.000000000 +0000 @@ -51,22 +51,16 @@ - Causes cardos-info to wait for the token + Causes cardos-tool to wait for the token to be inserted into reader. - Causes cardos-info to be more verbose. Specify this flag several times + Causes cardos-tool to be more verbose. Specify this flag several times to enable debug output in the opensc library. - - - See also - opensc(7) - - diff -Nru opensc-0.11.13/doc/tools/cryptoflex-tool.xml opensc-0.12.1/doc/tools/cryptoflex-tool.xml --- opensc-0.11.13/doc/tools/cryptoflex-tool.xml 2005-12-29 12:36:26.000000000 +0000 +++ opensc-0.12.1/doc/tools/cryptoflex-tool.xml 2011-05-17 17:07:00.000000000 +0000 @@ -128,7 +128,7 @@ See also - opensc(7), pkcs15-tool(1) + pkcs15-tool(1) diff -Nru opensc-0.11.13/doc/tools/eidenv.xml opensc-0.12.1/doc/tools/eidenv.xml --- opensc-0.11.13/doc/tools/eidenv.xml 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/doc/tools/eidenv.xml 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,90 @@ + + + + eidenv + 1 + opensc + + + + eidenv + utility for accessing visible data from + electronic identity cards + + + + Synopsis + + eidenv [OPTIONS] + + + + + Description + + The eidenv utility is used for + accessing data from electronic identity cards (like + national eID cards) which might not be present in + PKCS#15 objects but available in custom files on the + card. The data can be printed on screen or used by + other programs via environment variables. + + + + + Options + + + + num + + Use the given reader. The default is the first reader with a card. + + + + + + Wait for a card to be inserted + + + + + Print help message on screen. + + + + + Prints the version + of the utility and exits. + + + + + Prints all data + fields from the card, like validity + period, document number etc. + + + + + Prints key usage statistics + (only for Estonian ID card). + + + + prog + Executes the given program with + data in environment variables. + + + + + + + + Authors + eidenv utility was written by + Stef Hoeben and Martin Paljak martin@martinpaljak.net. + + + diff -Nru opensc-0.11.13/doc/tools/netkey-tool.xml opensc-0.12.1/doc/tools/netkey-tool.xml --- opensc-0.11.13/doc/tools/netkey-tool.xml 2005-12-29 12:36:26.000000000 +0000 +++ opensc-0.12.1/doc/tools/netkey-tool.xml 2011-05-17 17:07:00.000000000 +0000 @@ -82,7 +82,7 @@ If you specify the global PIN via the option, netkey-tool will also display the initial value of the cards global PUK. If your global PUK was changed netkey-tool will still - diplay its initial value. There's no way to recover a lost global PUK once it was changed. + display its initial value. There's no way to recover a lost global PUK once it was changed. There's also no way to display the initial value of your global PUK without knowing the current value of your global PIN. @@ -138,7 +138,7 @@ See also - opensc(7), opensc-explorer(1) + opensc-explorer(1) diff -Nru opensc-0.11.13/doc/tools/opensc-config.xml opensc-0.12.1/doc/tools/opensc-config.xml --- opensc-0.11.13/doc/tools/opensc-config.xml 2009-12-13 07:44:41.000000000 +0000 +++ opensc-0.12.1/doc/tools/opensc-config.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,79 +0,0 @@ - - - - opensc-config - 1 - opensc - - - - opensc-config - a tool to get information about the installed version of OpenSC - - - - Synopsis - - opensc-config [OPTIONS] - - - - - Description - - opensc-config is a tool that is used to get various information - about the installed version of OpenSC. It is particularly useful in determining - compiler and linker flags necessary to build programs with the OpenSC libraries. - - - - - Options - - opensc-config accepts the following options: - - - - Print the installed version of OpenSC to standard output. - - - - - Print the linker flags that are needed to compile a program - to use the OpenSC libraries. - - - - - Print the compiler flags that are needed to compile a program - to use the OpenSC libraries. - - - - - If specified, use PREFIX instead of the installation - prefix that OpenSC was built with when computing the output - for the - and options. This option is also used for the exec - prefix if --exec-prefix was not specified. This option must be specified - before any --libs or --cflags options. - - - - - If specified, use PREFIX instead of the installation - exec prefix that OpenSC was built with when computing the output for - the and - options. This option must be specified before any - --libs or --cflags options. - - - - - - - See also - opensc(7) - - - diff -Nru opensc-0.11.13/doc/tools/opensc-explorer.xml opensc-0.12.1/doc/tools/opensc-explorer.xml --- opensc-0.11.13/doc/tools/opensc-explorer.xml 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/doc/tools/opensc-explorer.xml 2011-05-17 17:07:00.000000000 +0000 @@ -59,6 +59,22 @@ + + path, + path + + + Select the file referenced by the given path on + startup. The default is the path to the standard master file, + 3F00. If path is empty (e.g. opensc-explorer + --mf ""), then no file is explicitly selected. + + + + + Wait for a card to be inserted + + Causes opensc-explorer to be more @@ -87,8 +103,12 @@ - - print the contents of the currently selected EF + [file-id] + sfi:sfi-id + print the contents of the currently selected EF or the contents of a file + specified by file-id + or sfi-id. + @@ -111,12 +131,20 @@ + file-id + remove the EF or DF specified by file-id + + + key-typekey-id [key] present a PIN or key to the card. Where key-type can be one of CHV, KEY or PRO. key-id is a number representing the - key or PIN number. key is the key or PIN to be verified in hex. + key or PIN reference. key is the key or PIN to be verified in hex. + + If key is omitted, PIN will be verified with PIN-Pad. + Example: verify CHV0 31:32:33:34:00:00:00:00 @@ -124,26 +152,67 @@ - id [old-pin] new-pin - change a PIN + id + [[old-pin] new-pin] + change a PIN, where id is the PIN reference - Example: change CHV0 31:32:33:34:00:00:00:00 'secret' + Examples: + + + Change PIN: change CHV2 00:00:00:00:00:00 "foobar" + + + Set PIN: change CHV2 "foobar" + + + Change PIN with pinpad: change CHV2 - file-id [input] + file-id input copy a local file to the card. The local file is specified - by input while the card file is specified by file-id + by input while the card file is specified by file-id. file-id [output] - copy an EF to a local file. The local file is specified - by output while the card file is specified by file-id. - + + copy an EF to a local file. The local file is specified + by output while the card file is specified by file-id. + + + If output is ommited, the name of the output file will be + derivated from the full card path to file-id. + + + + + + hex-tag input + + update internal card's 'tagged' data. + hex-tag is the tag of the card's data. + input is the filename of the source file or the literal data presented as + a sequence of hexadecimal values or '"' enclosed string. + + + + + + hex-tag [output] + + copy the internal card's 'tagged' data into the local file. + The local file is specified by output while the tag of + the card's data is specified by hex-tag. + + + If output is ommited, the name of the output file will be + derivated from hex-tag. + + @@ -153,25 +222,67 @@ - - create a public key signature. NOTE: This command is currently not implemented. - + + erase the card, if the card supports it. - - perform a public key decryption. NOTE: This command is currently not implemented. - + count + + generate random sequence of count bytes. + - - erase the card, if the card supports it. + file-id rec_nr + rec_offs data + + update record specified by rec_nr of the file + specified by file-id with the literal data + data starting from offset specified by + rec_offs. + data can be supplied as a sequence of the hex values or + as a '"' encolsed string. + + + + + file-id offs + data + + binary update of the file specified by file-id with the literal data + data starting from offset specified by offs. + data can be supplied as a sequence of the hex values or + as a '"' encolsed string. + + + + + [level] + + set OpenSC debug level to level. + If level is ommited the current debug level will be shown. + + + + + hex_data + + send a custom APDU command hex_data. + + + + + file-id + + parse and print the ASN1 encoded content of the file specified by + file-id. + - exit the program + exit the program. @@ -180,7 +291,7 @@ See also - opensc(7), opensc-tool(1) + opensc-tool(1) diff -Nru opensc-0.11.13/doc/tools/opensc-tool.xml opensc-0.12.1/doc/tools/opensc-tool.xml --- opensc-0.11.13/doc/tools/opensc-tool.xml 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/doc/tools/opensc-tool.xml 2011-05-17 17:07:00.000000000 +0000 @@ -32,11 +32,20 @@ + + Print information about OpenSC, such as version and enabled components + + + Print the Answer To Reset (ATR) of the card, output is in hex byte format + + Print the name of the inserted card (driver) + + Print the card serial number (normally the ICCSN), output is in hex byte format @@ -58,10 +67,6 @@ Lists all installed card drivers - - Lists all installed reader drivers - - num, num Use the given reader number. The default is 0, the first reader in the system. @@ -71,6 +76,10 @@ Use the given card driver. The default is auto-detected. + + Wait for a card to be inserted + + Causes opensc-tool to be more verbose. Specify this flag several times to enable debug output in the opensc library. @@ -81,7 +90,7 @@ See also - opensc(7), opensc-explorer(1) + opensc-explorer(1) diff -Nru opensc-0.11.13/doc/tools/piv-tool.xml opensc-0.12.1/doc/tools/piv-tool.xml --- opensc-0.11.13/doc/tools/piv-tool.xml 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/doc/tools/piv-tool.xml 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,130 @@ + + + + piv-tool + 1 + opensc + + + + piv-tool + smart card utility for HSPD-12 PIV cards + + + + Synopsis + + piv-tool [OPTIONS] + + + + + + The piv-tool utility can be used from the command line to perform + miscellaneous smart card operations on a HSPD-12 PIV smart card as defined in NIST 800-73-3. + It is intened for use with test cards only. It can be used to load objects, and generate + key pairs, as well as send arbitrary APDU commands to a card after having authenticated + to the card using the card key provided by the card vendor. + + + + + Options + + + + + Print the derived card serial number from the CHUID object if any. + output is in hex byte format. + + + + Print the name of the inserted card (driver) + + + argument, arguement + Authenticate to the card using a 2DES or 3DES key. + An arguement {A|M}:{ref}:{alg} is required, were A uses "EXTERNAL AUTHENTICATION" + and M uses "MUTUAL AUTHENTICATION". ref is normally 9B, and alg is 03 for + 3DES. The key is provided by card vendor, and the environment variable + PIV_EXT_AUTH_KEY must point to a text file with the key in the format: + XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX + + + + argument, argument + Generate a key pair on the card and output the public key. + An argument {ref}:{alg} is required, where ref is 9A, 9C, 9D or 9E and alg is + 06, 07, 11 or 14 for RSA 1024, RSA 2048, ECC 256 or ECC 384. + + + + ContainerID, ContainerID + Load an object on to the card. The ContainerID is defined + in NIST 800-73-n without leading 0x. Example: CHUID object is 3000 + + + + + ref, ref + Load a certificate on to the card. ref is 9A, 9C, 9D or 9E + + + + ref, ref + Load a certificate that has been gziped on to the card. + ref is 9A, 9C, 9D or 9E + + + + file, file + Output file for any operation that produces output. + + + + + file, file + Input file for any operation that requires an input file. + + + + + file + Print properties of the key slots. Needs 'admin' authentication. + + + + + apdu, apdu + Sends an arbitrary APDU to the card in the format AA:BB:CC:DD:EE:FF... + This option may be repeated. + + + + num + Use the given reader number. The default is 0, + the first reader in the system. + + + driver, driver + Use the given card driver. The default is auto-detected. + + + + Wait for a card to be inserted + + + + Causes piv-tool to be more verbose. + Specify this flag several times to enable debug output in the opensc library. + + + + + + + See also + opensc-tool(1) + + + diff -Nru opensc-0.11.13/doc/tools/pkcs11-tool.xml opensc-0.12.1/doc/tools/pkcs11-tool.xml --- opensc-0.11.13/doc/tools/pkcs11-tool.xml 2009-12-13 07:44:41.000000000 +0000 +++ opensc-0.12.1/doc/tools/pkcs11-tool.xml 2011-05-17 17:07:00.000000000 +0000 @@ -131,8 +131,10 @@ id, - id - Write a key or certificate object to the token. + path + Write a key or certificate object to the token. + path points to the DER-encoded certificate or key file. + @@ -211,17 +213,13 @@ Causes pkcs11-tool to be - more verbose. Specify this flag several times to enable debug - output in the OpenSC library. + more verbose.NB! This does not affect + OpenSC debugging level! To set OpenSC PKCS#11 module into debug + mode, set the OPENSC_DEBUG environment variable to a + non-zero number. - - - See also - opensc(7) - - diff -Nru opensc-0.11.13/doc/tools/pkcs15-crypt.xml opensc-0.12.1/doc/tools/pkcs15-crypt.xml --- opensc-0.11.13/doc/tools/pkcs15-crypt.xml 2009-12-13 07:44:41.000000000 +0000 +++ opensc-0.12.1/doc/tools/pkcs15-crypt.xml 2011-05-17 17:07:00.000000000 +0000 @@ -124,6 +124,12 @@ + aid + Specify in a hexadecimal form the AID of the on-card PKCS#15 + application to be binded to. + + + Causes pkcs15-crypt to be more verbose. Specify this flag several times to enable debug output diff -Nru opensc-0.11.13/doc/tools/pkcs15-init.xml opensc-0.12.1/doc/tools/pkcs15-init.xml --- opensc-0.11.13/doc/tools/pkcs15-init.xml 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/doc/tools/pkcs15-init.xml 2011-05-17 17:07:00.000000000 +0000 @@ -58,6 +58,12 @@ The PUK can be used to overwrite or unlock a PIN if too many incorrect values have been entered in a row. + + For some cards that use the PKCS#15 emulation, the attributes of private objects + are protected and cannot be parsed without authentication (usually with User PIN). + This authentication need to be done immediately after the card binding. + In such cases has to be used. + @@ -71,13 +77,12 @@ pkcs15-init --create-pkcs15 - You will then be asked for several the security officer PIN and PUK. Simply + You will then be asked for the security officer PIN and PUK. Simply pressing return at the SO PIN prompt will skip installation of an SO PIN. - If the card supports it, you can also request that the card is erased prior - to creating the PKCS #15 structure, by specifying the - option. + If the card supports it, you should erase the contents of the card with + pkcs15-init --erase-card before creating the PKCS#15 structure. @@ -128,12 +133,6 @@ pkcs15-init will also store the the public portion of the key as a PKCS #15 public key object. - - By default, pkcs15-init will try to use the card's - on-board key generation facilities, if available. If the card does not - support on-board key generation, pkcs15-init will fall - back to software key generation. - @@ -195,7 +194,7 @@ You can download certificates to the card using the option, which takes a filename as - an argument. This file is supposed to contain the DER encoded X.509 + an argument. This file is supposed to contain the PEM encoded X.509 certificate. @@ -293,7 +292,12 @@ (currently, the only supported name is ), optionally followed by a slash and the length of the key in bits. It is a good idea to specify the key ID along with this command, - using the option. + using the option, otherwise an intrinsic ID + will be calculated from the key material. Look the description of + the 'pkcs15-id-style' attribut in the 'pkcs15.profile' for the details + about the algorithm used to calculate intrinsic ID. + For the multi-application cards the target PKCS#15 application can be + specified by the hexadecimal AID value of the option. @@ -309,14 +313,18 @@ file is assumed to contain the key in PEM format. Alternative formats can be specified using . It is a good idea to specify the key ID along with this command, - using the option. + using the option, otherwise an intrinsic ID + will be calculated from the key material. Look the description of + the 'pkcs15-id-style' attribut in the 'pkcs15.profile' for the details + about the algorithm used to calculate intrinsic ID. + For the multi-application cards the target PKCS#15 application can be + specified by the hexadecimal AID value of the option. - filename, - filename + filename Tells pkcs15-init to download the specified @@ -336,7 +344,41 @@ Tells pkcs15-init to store the certificate given in on the card, creating a certificate object with the ID specified via the option. - The file is assumed to contain the DER encoded certificate. + Without supplied ID an intrisic ID will be calculated from the + certificate's public key. Look the description of the 'pkcs15-id-style' + attribut in the 'pkcs15.profile' for the details + about the algorithm used to calculate intrinsic ID. + The file is assumed to contain the PEM encoded certificate. + For the multi-application cards the target application can be specified + by the hexadecimal AID value of the option. + + + + + + filename, + filename + + + Tells pkcs15-init to update the certificate + object with the ID specified via the option + with the certificate in . + The file is assumed to contain a PEM encoded certificate. + + Pay extra attention when updating mail decryption certificates, as + missing certificates can render e-mail messages unreadable! + + + + + + + , + + + + Tells pkcs15-init to not ask for the transport + keys and use default keys, as known by the card driver. diff -Nru opensc-0.11.13/doc/tools/pkcs15-profile.xml opensc-0.12.1/doc/tools/pkcs15-profile.xml --- opensc-0.11.13/doc/tools/pkcs15-profile.xml 2009-12-13 09:14:26.000000000 +0000 +++ opensc-0.12.1/doc/tools/pkcs15-profile.xml 2011-05-17 17:07:00.000000000 +0000 @@ -51,10 +51,7 @@ See also - - pkcs15(7), pkcs15-init(1), - pkcs15-crypt(1), opensc(7), - + pkcs15-init(1), pkcs15-crypt(1) diff -Nru opensc-0.11.13/doc/tools/pkcs15-tool.xml opensc-0.12.1/doc/tools/pkcs15-tool.xml --- opensc-0.11.13/doc/tools/pkcs15-tool.xml 2009-12-13 07:44:41.000000000 +0000 +++ opensc-0.12.1/doc/tools/pkcs15-tool.xml 2011-05-17 17:07:00.000000000 +0000 @@ -44,6 +44,11 @@ + + List the on-card PKCS#15 applications + + + cert, cert Reads the certificate with the given id. @@ -55,27 +60,58 @@ + cert, + data + Reads data object with OID, applicationName or label. + + + + + + Verify PIN after card binding and before issuing any command + (without 'auth-id' the first non-SO, non-Unblock PIN will be verified) + + + + + Lists all data objects stored on the token. + For some cards the PKCS#15 attributes of the private data objects are + protected for reading and need the authentication with the User PIN. + In such a case the option has to be used. + + + + Lists all PINs stored on the token. General information about each PIN is listed (eg. PIN name). Actual PIN values are not shown. + + Dump card objects. + + + - Changes a PIN stored on the token. User authentication + Changes a PIN or PUK stored on the token. User authentication is required for this operation. - Unblocks a PIN stored on the token. Knowledge of the Pin Unblock Key (PUK) is required for this operation. + Unblocks a PIN stored on the token. Knowledge of the + Pin Unblock Key (PUK) is required for this operation. Lists all private keys stored on the token. General information about each private key is listed (eg. key name, id and - algorithm). Actual private key values are not displayed. + algorithm). Actual private key values are not displayed. + For some cards the PKCS#15 attributes of the private keys are protected for reading + and need the authentication with the User PIN. + In such a case the option has to be used. @@ -110,12 +146,18 @@ - pin, + pin, pin Specifies the auth id of the PIN to use for the operation. This is useful with the --change-pin operation. + + aid + Specify in a hexadecimal form the AID of the on-card PKCS#15 + application to be binded to. + + num Forces pkcs15-tool to use reader @@ -136,7 +178,7 @@ See also - opensc(7), pkcs15-init(1), pkcs15-crypt(1) + pkcs15-init(1), pkcs15-crypt(1) diff -Nru opensc-0.11.13/doc/tools/tools.xml opensc-0.12.1/doc/tools/tools.xml --- opensc-0.11.13/doc/tools/tools.xml 2009-12-13 09:14:26.000000000 +0000 +++ opensc-0.12.1/doc/tools/tools.xml 2011-05-17 17:07:00.000000000 +0000 @@ -8,21 +8,19 @@ OpenSC - + + + + + - - - - + + - - diff -Nru opensc-0.11.13/doc/tools/westcos-tool.xml opensc-0.12.1/doc/tools/westcos-tool.xml --- opensc-0.11.13/doc/tools/westcos-tool.xml 2009-12-13 09:14:26.000000000 +0000 +++ opensc-0.12.1/doc/tools/westcos-tool.xml 2011-05-17 17:07:00.000000000 +0000 @@ -8,8 +8,8 @@ westcos-tool - utility for manipulating data structure - on westcos smart card and similar security tokens + utility for manipulating data structures + on westcos smart cards @@ -34,80 +34,114 @@ - + num + + Use the given reader. The default is the first reader with a card. + + + + + + Wait for a card to be inserted + + + + Generate a private key on smart card. The smart card must be - not finalized and pin installed (ig. file for pin must be created, see option + not finalized and a PIN must be installed (ie. file for PIN must be created, see option -i). By default key length is 1536 bits. User authentication is required for this operation. - + + + + Overwrite the key if there is already a key on card. + + - length - Change the length of private key, use with . + + length, + length + + Change the length of private key, use with . - - Install pin file in token, you must provide pin value - with . + + Install PIN file in token, you must provide PIN value + with . - value - set value of pin. + + value, + value + + set value of PIN. - value - set value of puk (or value of new pin for change pin + + value, + value + + set value of PUK (or value of new PIN for change PIN command see ). - + Changes a PIN stored on the token. User authentication is required for this operation. - - Unblocks a PIN stored on the token. Knowledge of the Pin - Unblock Key (PUK) is required for this operation. + + Unblocks a PIN stored on the token. Knowledge of the + PIN Unblock Key (PUK) is required for this operation. - file - Write certificate file in pem format on the + + file, + file + + Write certificate file in PEM format to the card. User authentication is required for this operation. - - Finalize the card, once finalize default key is invalidate so pin and puk - can'be changed anymore without user authentification. Warning, smart cards not finalized are - unsecure because pin can be changed without user authentification (knowledge of default key - is enougth). + + Finalize the card. Once finalized the default key is invalidated so PIN and PUK + can't be changed anymore without user authentication. Warning, + un-finalized are insecure because PIN can be changed without user authentication (knowledge of default key + is enough). - n - Forces westcos-tool to use reader - number n for operations. + + path, + path + + Get the file path the file is written + on disk with path name. User authentication + is required for this operation. - path - Get the file path the file is written - on disk with path name. User authentication + + path, + path + + Put the file with name path from disk + to card the file is written in path. User authentication is required for this operation. - path - Put the file with name path from disk - to card the file is written in path. User authentication - is required for this operation. + + Print help message on screen. @@ -117,19 +151,9 @@ in the OpenSC library. - - - Print help message on screen. - - - - - See also - opensc(7) - Authors diff -Nru opensc-0.11.13/etc/Makefile.in opensc-0.12.1/etc/Makefile.in --- opensc-0.11.13/etc/Makefile.in 2010-02-16 09:32:17.000000000 +0000 +++ opensc-0.12.1/etc/Makefile.in 2011-05-18 05:51:48.000000000 +0000 @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -39,10 +39,9 @@ $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/acx_pthread.m4 \ - $(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.ac + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d @@ -102,8 +101,6 @@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ -ICONV_CFLAGS = @ICONV_CFLAGS@ -ICONV_LIBS = @ICONV_LIBS@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ @@ -111,10 +108,8 @@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LD = @LD@ LDFLAGS = @LDFLAGS@ -LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@ -LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@ -LIBASSUAN_LIBS = @LIBASSUAN_LIBS@ LIBOBJS = @LIBOBJS@ +LIBRARY_BITNESS = @LIBRARY_BITNESS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ @@ -139,8 +134,6 @@ OPENSC_VERSION_MINOR = @OPENSC_VERSION_MINOR@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ -OPTIONAL_ICONV_CFLAGS = @OPTIONAL_ICONV_CFLAGS@ -OPTIONAL_ICONV_LIBS = @OPTIONAL_ICONV_LIBS@ OPTIONAL_OPENCT_CFLAGS = @OPTIONAL_OPENCT_CFLAGS@ OPTIONAL_OPENCT_LIBS = @OPTIONAL_OPENCT_LIBS@ OPTIONAL_OPENSSL_CFLAGS = @OPTIONAL_OPENSSL_CFLAGS@ @@ -163,6 +156,8 @@ PCSC_CFLAGS = @PCSC_CFLAGS@ PCSC_LIBS = @PCSC_LIBS@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ @@ -175,10 +170,7 @@ SHELL = @SHELL@ STRIP = @STRIP@ SVN = @SVN@ -TR = @TR@ VERSION = @VERSION@ -WGET = @WGET@ -WGET_OPTS = @WGET_OPTS@ WIN_LIBPREFIX = @WIN_LIBPREFIX@ XSLTPROC = @XSLTPROC@ ZLIB_CFLAGS = @ZLIB_CFLAGS@ @@ -224,11 +216,8 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ -openscincludedir = @openscincludedir@ pdfdir = @pdfdir@ pkcs11dir = @pkcs11dir@ -pkgconfigdir = @pkgconfigdir@ -plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -260,9 +249,9 @@ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu etc/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign etc/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu etc/Makefile + $(AUTOMAKE) --foreign etc/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ diff -Nru opensc-0.11.13/etc/opensc.conf.in opensc-0.12.1/etc/opensc.conf.in --- opensc-0.11.13/etc/opensc.conf.in 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/etc/opensc.conf.in 2011-05-17 17:07:00.000000000 +0000 @@ -16,38 +16,19 @@ # The file to which debug output will be written # - # A special value of 'stdout' is recognized. - # Default: stdout + # Special values 'stdout' and 'stderr' are recognized. + # Default: stderr # # debug_file = /tmp/opensc-debug.log; # debug_file = "C:\Documents and Settings\All Users\Documents\opensc-debug.log"; - # The file to which errors will be written - # - # A special value of 'stderr' is recognized. - # Default: stderr - # - # error_file = /tmp/opensc-errors.log; - # error_file = "C:\Documents and Settings\All Users\Documents\opensc-errors.log"; - # PKCS#15 initialization / personalization # profiles directory for pkcs15-init. # Default: @pkgdatadir@ # # profile_dir = @pkgdatadir@; - # What reader drivers to load at start-up - # - # A special value of 'internal' will load all - # statically linked drivers. If an unknown (ie. not - # internal) driver is supplied, a separate configuration - # configuration block has to be written for the driver. - # Default: internal - # NOTE: if "internal" keyword is used, must be the - # last entry in reader_drivers list - # - # reader_drivers = openct, pcsc, ctapi; - + # CT-API module configuration. reader_driver ctapi { # module /usr/local/towitoko/lib/libtowitoko.so { # CT-API ports: @@ -59,35 +40,37 @@ # } } - # Define parameters specific to your readers. - # The following section shows definitions for PC/SC readers, - # but the same set of variables are applicable to ctapi and - # openct readers, simply by using "reader_driver ctapi" and - # "reader_driver openct", respectively. + # The following section shows definitions for PC/SC readers. reader_driver pcsc { - # This sets the maximum send and receive sizes. - # Some reader drivers have limitations, so you need - # to set these values. For usb devices check the - # properties with lsusb -vv for dwMaxIFSD + # Limit command and response sizes. + # Default: n/a + # max_send_size = 255; + # max_recv_size = 256; # - # max_send_size = 252; - # max_recv_size = 252; - - # Connect to reader in exclusive mode. + # Connect to reader in exclusive mode? # Default: false # connect_exclusive = true; # - # Reset the card after disconnect. - # Default: true - # connect_reset = false; - # - # Reset the card after each transaction. - # Default: false - # transaction_reset = true; + # What to do when disconnecting from a card (SCardDisconnect) + # Valid values: leave, reset, unpower. + # Default: reset + # disconnect_action = unpower; + # + # What to do at the end of a transaction (SCardEndTransaction) + # Valid values: leave, reset, unpower. + # Default: leave + # transaction_end_action = reset; + # + # What to do when reconnection to a card (SCardReconnect) + # Valid values: leave, reset, unpower. + # Note that this affects only the internal reconnect (after a SCARD_W_RESET_CARD). + # A forced reset via sc_reset() always does a full powerup. + # Default: leave + # reconnect_action = reset; # # Enable pinpad if detected (PC/SC v2.0.2 Part 10) - # Default: false - # enable_pinpad = true; + # Default: true + # enable_pinpad = false; # # Use specific pcsc provider. # Default: @DEFAULT_PCSC_PROVIDER@ @@ -99,14 +82,11 @@ # Virtual readers to allocate. # Default: 2 # readers = 5; - - # This sets the maximum send and receive sizes. - # Some reader drivers have limitations, so you need - # to set these values. For usb devices check the - # properties with lsusb -vv for dwMaxIFSD # - # max_send_size = 252; - # max_recv_size = 252; + # Limit command and response sizes. + # Default: n/a + # max_send_size = 255; + # max_recv_size = 256; }; # What card drivers to load at start-up @@ -195,10 +175,9 @@ # Optionally, some known parameters # can be specified as strings: # - # keygen - On-board key generation capability # rng - On-board random number source # - # flags = "keygen", "rng", "0x80000000"; + # flags = "rng", "0x80000000"; # # Context: PKCS#15 emulation layer @@ -224,16 +203,48 @@ # driver = "piv"; # } - # Estonian ID card and Micardo driver currently play together with T=0 - # only. In theory only the 'cold' ATR should be specified, as T=0 will + # Estonian ID card and Micardo driver sometimes only play together with T=0 + # In theory only the 'cold' ATR should be specified, as T=0 will # be the preferred protocol once you boot it up with T=0, but be # paranoid. + # + # Warm ATR v1 card_atr 3b:6e:00:ff:45:73:74:45:49:44:20:76:65:72:20:31:2e:30 { force_protocol = t0; } + # Cold ATR v1 card_atr 3b:fe:94:00:ff:80:b1:fa:45:1f:03:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:43 { force_protocol = t0; } + # Warm ATR v2 + card_atr 3b:5e:11:ff:45:73:74:45:49:44:20:76:65:72:20:31:2e:30 { + force_protocol = t0; + } + # Cold ATR v2 + card_atr 3b:de:18:ff:c0:80:b1:fe:45:1f:03:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:2b { + force_protocol = t0; + } + # Digi-ID cold ATR. The same card has the same warm ATR as "Cold ATR v1" above + # The card is claimed to only support T=0 but in fact (sometimes) works with T=1, even if not advertised in ATR. + card_atr 3b:6e:00:00:45:73:74:45:49:44:20:76:65:72:20:31:2e:30 { + force_protocol = t0; + } + # Cold ATR v3 dev1 + card_atr 3b:fe:18:00:00:80:31:fe:45:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:a8 { + force_protocol = t0; + } + # Warm ATR v3 dev1 + card_atr 3b:fe:18:00:00:80:31:fe:45:80:31:80:66:40:90:a4:56:1b:16:83:01:90:00:86 { + force_protocol = t0; + } + # Warm ATR v3 dev2 + card_atr 3b:fe:18:00:00:80:31:fe:45:80:31:80:66:40:90:a4:16:2a:00:83:01:90:00:e1 { + force_protocol = t0; + } + # Warm ATR v3 (18.01.2011) + card_atr 3b:fe:18:00:00:80:31:fe:45:80:31:80:66:40:90:a4:16:2a:00:83:0f:90:00:ef { + force_protocol = t0; + } # D-Trust cards are also based on micardo and need T=0 for some reason card_atr 3b:ff:94:00:ff:80:b1:fe:45:1f:03:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00:23 { @@ -242,6 +253,27 @@ card_atr 3b:ff:11:00:ff:80:b1:fe:45:1f:03:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00:a6 { force_protocol = t0; } + + # IAS/ECC cards + #card_atr 3B:7F:96:00:00:00:31:B9:64:40:70:14:10:73:94:01:80:82:90:00 { + # type = 25001; + # driver = "iasecc"; + # name = "Gemalto MultiApp IAS/ECC v1.0.1"; + # # secure_messaging = local_gemalto_iam; + # # secure_messaging = local_adele; + #} + #card_atr 3B:DD:18:00:81:31:FE:45:80:F9:A0:00:00:00:77:01:08:00:07:90:00:FE { + # type = 25002; + # driver = "iasecc"; + # name = "Oberthur IAS/ECC v1.0.1"; + # # No 'admin' application for this card -- no secure messaging + #} + #card_atr 3B:7F:18:00:00:00:31:B8:64:50:23:EC:C1:73:94:01:80:82:90:00 { + # type = 25003; + # driver = "iasecc"; + # name = "Morpho YpsID S3 IAS/ECC"; + # # secure_messaging = local_morpho_YpsID_S3; + #} # Below are the framework specific configuration blocks. @@ -256,14 +288,25 @@ # WARNING: Caching shouldn't be used in setuid root # applications. # Default: false - use_caching = true; - + # use_file_caching = true; + # + # Use PIN caching? + # Default: true + # use_pin_caching = false; + # + # How many times to use a PIN from cache before re-authenticating it? + # Default: 10 + # pin_cache_counter = 3; + # # Enable pkcs15 emulation. # Default: yes # enable_pkcs15_emulation = no; # # Prefer pkcs15 emulation code before # the normal pkcs15 processing. + # Some cards (like esteid and pteid) work in emu-only mode, + # and do not depend on this option. + # # Default: no # try_emulation_first = yes; @@ -272,7 +315,7 @@ # enable_builtin_emulation = no; # # List of the builtin pkcs15 emulators to test - # Default: esteid, openpgp, tcos, starcert, infocamere, postecert, actalis, atrust-acos, gemsafeGPK, gemsafeV1, tccardos, PIV-II; + # Default: esteid, openpgp, tcos, starcert, itacns, infocamere, postecert, actalis, atrust-acos, gemsafeGPK, gemsafeV1, tccardos, PIV-II; # builtin_emulators = openpgp; # additional settings per driver @@ -285,32 +328,6 @@ # The location of the driver library # module = /usr/lib/opensc/drivers/p15emu_custom.so; # } - - # workaround: use rsa decrypt operation for signing - # some cardos cards need this, if initializes with certain - # versions of the siemens software - # we have an auto detection, but it is not 100% reliable, - # so you can turn it off, if it misbehaves. - # this option only affects cardos cards right now. - # Default: yes - # enable_sign_with_decrypt_workaround = no; - - # workaround: fix keyReference and pinReference values - # OpenSC 0.11.4 and older have a bug: integers were not - # properly encoded in asn.1 structures. So far only - # starcos cards were found to have a problem with this, - # and only these two values were found to be filled with - # the wrong value. - # - # Fortunatly those values (if present) need to be positive. - # Thus we can check if these are available and negative, - # and if so fix them by adding 256 to get the correct value. - # - # To be on the safe side, this workaround/fix can be turned - # off. - # - # Default: yes - # enable_fix_asn1_integers = no; } } @@ -347,53 +364,97 @@ # Default: true # hide_empty_tokens = false; - # By default, the OpenSC PKCS#11 module will lock your card - # once you authenticate to the card via C_Login. - # This is to prevent other users or other applications - # from connecting to the card and perform crypto operations - # (which may be possible because you have already authenticated - # with the card). Thus this setting is very secure. - # - # This behavior is a known violation of PKCS#11 specification, - # and is forced due to limitation of the OpenSC framework. - # - # However now once one application has started using your - # card with C_Login, no other application can use it, until - # the first is done and calls C_Logout or C_Finalize. - # In the case of many PKCS#11 application this does not happen - # until you exit the application. - # - # Thus it is impossible to use several smart card aware - # applications at the same time, e.g. you cannot run both - # Firefox and Thunderbird at the same time, if both are - # configured to use your smart card. - # - # Default: true - # lock_login = false; - - # Normally, the pkcs11 module will not cache PINs - # presented via C_Login. However, some cards - # may not work properly with OpenSC; for instance - # when you have two keys on your card that get - # stored in two different directories. + # By default, the OpenSC PKCS#11 module will not lock your card + # once you authenticate to the card via C_Login. # - # In this case, you can turn on PIN caching by setting - # cache_pins = true + # Thus the other users or other applications is not prevented + # from connecting to the card and perform crypto operations + # (which may be possible because you have already authenticated + # with the card). This setting is not very secure. + # + # Also, if your card is not locked, you can enconter problems + # due to limitation of the OpenSC framework, that still is not + # thoroughly tested in the multi threads environment. + # + # Your settings will be more secure if you choose to lock your + # card. Nevertheless this behavior is a known violation of PKCS#11 + # specification. Now once one application has started using your + # card with C_Login, no other application can use it, until + # the first is done and calls C_Logout or C_Finalize. In the case + # of many PKCS#11 application this does not happen until you exit + # the application. + # Thus it is impossible to use several smart card aware applications + # at the same time, e.g. you cannot run both Firefox and Thunderbird at + # the same time, if both are configured to use your smart card. # - # Default: true - # cache_pins = false; + # Default: false + # lock_login = true; + + # User PIN unblock style + # none: PIN unblock is not possible with PKCS#11 API; + # set_pin_in_unlogged_session: C_SetPIN() in unlogged session: + # PUK is passed as the 'OldPin' argument of the C_SetPIN() call. + # set_pin_in_specific_context: C_SetPIN() in the CKU_SPECIFIC_CONTEXT logged session: + # PUK is passed as the 'OldPin' argument of the C_SetPIN() call. + # init_pin_in_so_session: C_InitPIN() in CKU_SO logged session: + # User PIN 'UNBLOCK' is protected by SOPIN. (PUK == SOPIN). + # # Actually this style works only for the PKCS15 contents without SOPIN. + # # For those with SOPIN, this mode will be usefull for the cards without + # # modes 00 and 01 of ISO command 'RESET RETRY COUNTER'. --vt + # + # Default: none + # user_pin_unblock_style = set_pin_in_unlogged_session; + + # Create slot for unblocking PIN with PUK + # This way PKCS#11 API can be used to login with PUK and + # change a PIN. + # Warning: causes problems with some applications like + # firefox and thunderbird. Thus turned off by default + # + # Default: false + # create_puk_slot = true; - # Set this value to true if you want to allow off-card - # keypair generation (in software on your pc) + # Report as 'zero' the CKA_ID attribute of CA certificate + # For the unknown reason the middleware of the manufacturer of gemalto (axalto, gemplus) + # card reports as '0' the CKA_ID of CA cartificates. + # Maybe someone else will need it. (Would be nice to know who and what for -- VTA) # # Default: false - # soft_keygen_allowed = true; + # zero_ckaid_for_ca_certs = true; + + # List of readers to ignore + # If any of the strings listed below is matched (case sensitive) in a reader name, + # the reader is ignored by the PKCS#11 module. + # + # Default: empty + # ignored_readers = "CardMan 1021", "SPR 532"; } } +# Used by OpenSC.tokend on Mac OS X only. app tokend { - # Score for OpenSC.tokend + # The file to which debug log will be written + # Default: /tmp/opensc-tokend.log + # + # debug_file = /Library/Logs/OpenSC.tokend.log + framework tokend { - score = 10; + # Score for OpenSC.tokend + # The tokend with the highest score shall be used. + # Default: 300 + # + # score = 10; + } +} + +# XXX: remove cardmod pseudodriver +app cardmod { + # cardmod app name use special pcsc reader subset + # fix options for this reader driver here. + + reader_driver cardmod { + # Enable pinpad if detected (PC/SC v2.0.2 Part 10) + # Default: true + # enable_pinpad = false; } } diff -Nru opensc-0.11.13/ltmain.sh opensc-0.12.1/ltmain.sh --- opensc-0.11.13/ltmain.sh 2010-02-16 09:32:09.000000000 +0000 +++ opensc-0.12.1/ltmain.sh 2011-05-18 05:51:44.000000000 +0000 @@ -1,6 +1,6 @@ # Generated from ltmain.m4sh. -# ltmain.sh (GNU libtool) 2.2.6 +# ltmain.sh (GNU libtool) 2.2.6b # Written by Gordon Matzigkeit , 1996 # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, 2007 2008 Free Software Foundation, Inc. @@ -65,7 +65,7 @@ # compiler: $LTCC # compiler flags: $LTCFLAGS # linker: $LD (gnu? $with_gnu_ld) -# $progname: (GNU libtool) 2.2.6 Debian-2.2.6a-4 +# $progname: (GNU libtool) 2.2.6b Debian-2.2.6b-2ubuntu3 # automake: $automake_version # autoconf: $autoconf_version # @@ -73,9 +73,9 @@ PROGRAM=ltmain.sh PACKAGE=libtool -VERSION="2.2.6 Debian-2.2.6a-4" +VERSION="2.2.6b Debian-2.2.6b-2ubuntu3" TIMESTAMP="" -package_revision=1.3012 +package_revision=1.3017 # Be Bourne compatible if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then diff -Nru opensc-0.11.13/m4/libassuan.m4 opensc-0.12.1/m4/libassuan.m4 --- opensc-0.11.13/m4/libassuan.m4 2009-12-13 09:14:26.000000000 +0000 +++ opensc-0.12.1/m4/libassuan.m4 1970-01-01 00:00:00.000000000 +0000 @@ -1,160 +0,0 @@ -dnl Autoconf macros for libassuan -dnl Copyright (C) 2002, 2003 Free Software Foundation, Inc. -dnl -dnl This file is free software; as a special exception the author gives -dnl unlimited permission to copy and/or distribute it, with or without -dnl modifications, as long as this notice is preserved. -dnl -dnl This file is distributed in the hope that it will be useful, but -dnl WITHOUT ANY WARRANTY, to the extent permitted by law; without even the -dnl implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - -dnl -dnl Common code used for libassuan detection [internal] -dnl Returns ok set to yes or no. -dnl -AC_DEFUN([_AM_PATH_LIBASSUAN_COMMON], -[ AC_ARG_WITH(libassuan-prefix, - AC_HELP_STRING([--with-libassuan-prefix=PFX], - [prefix where LIBASSUAN is installed (optional)]), - libassuan_config_prefix="$withval", libassuan_config_prefix="") - if test x$libassuan_config_prefix != x ; then - libassuan_config_args="$libassuan_config_args --prefix=$libassuan_config_prefix" - if test x${LIBASSUAN_CONFIG+set} != xset ; then - LIBASSUAN_CONFIG=$libassuan_config_prefix/bin/libassuan-config - fi - fi - AC_PATH_PROG(LIBASSUAN_CONFIG, libassuan-config, no) - - tmp=ifelse([$1], ,1:0.9.2,$1) - if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then - req_libassuan_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'` - min_libassuan_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'` - else - req_libassuan_api=0 - min_libassuan_version="$tmp" - fi - - if test "$LIBASSUAN_CONFIG" != "no" ; then - libassuan_version=`$LIBASSUAN_CONFIG --version` - fi - libassuan_version_major=`echo $libassuan_version | \ - sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'` - libassuan_version_minor=`echo $libassuan_version | \ - sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'` - libassuan_version_micro=`echo $libassuan_version | \ - sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'` - - AC_MSG_CHECKING(for LIBASSUAN ifelse([$2], ,,[$2 ])- version >= $min_libassuan_version) - ok=no - if test "$LIBASSUAN_CONFIG" != "no" ; then - ifelse([$2], ,,[if `$LIBASSUAN_CONFIG --thread=$2 2> /dev/null` ; then]) - req_major=`echo $min_libassuan_version | \ - sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'` - req_minor=`echo $min_libassuan_version | \ - sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'` - req_micro=`echo $min_libassuan_version | \ - sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'` - if test "$libassuan_version_major" -gt "$req_major"; then - ok=yes - else - if test "$libassuan_version_major" -eq "$req_major"; then - if test "$libassuan_version_minor" -gt "$req_minor"; then - ok=yes - else - if test "$libassuan_version_minor" -eq "$req_minor"; then - if test "$libassuan_version_micro" -ge "$req_micro"; then - ok=yes - fi - fi - fi - fi - fi - ifelse([$2], ,,[fi]) - fi - - if test $ok = yes; then - AC_MSG_RESULT(yes) - else - AC_MSG_RESULT(no) - fi - - if test $ok = yes; then - if test "$req_libassuan_api" -gt 0 ; then - tmp=`$LIBASSUAN_CONFIG --api-version 2>/dev/null || echo 0` - if test "$tmp" -gt 0 ; then - AC_MSG_CHECKING([LIBASSUAN ifelse([$2], ,,[$2 ])API version]) - if test "$req_libassuan_api" -eq "$tmp" ; then - AC_MSG_RESULT(okay) - else - ok=no - AC_MSG_RESULT([does not match. want=$req_libassuan_api got=$tmp.]) - fi - fi - fi - fi - -]) - - - -dnl AM_PATH_LIBASSUAN([MINIMUM-VERSION, -dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) -dnl Test for libassuan and define LIBASSUAN_CFLAGS and LIBASSUAN_LIBS -dnl -AC_DEFUN([AM_PATH_LIBASSUAN], -[ _AM_PATH_LIBASSUAN_COMMON($1) - if test $ok = yes; then - LIBASSUAN_CFLAGS=`$LIBASSUAN_CONFIG $libassuan_config_args --cflags` - LIBASSUAN_LIBS=`$LIBASSUAN_CONFIG $libassuan_config_args --libs` - ifelse([$2], , :, [$2]) - else - LIBASSUAN_CFLAGS="" - LIBASSUAN_LIBS="" - ifelse([$3], , :, [$3]) - fi - AC_SUBST(LIBASSUAN_CFLAGS) - AC_SUBST(LIBASSUAN_LIBS) -]) - - -dnl AM_PATH_LIBASSUAN_PTH([MINIMUM-VERSION, -dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) -dnl Test for libassuan and define LIBASSUAN_PTH_CFLAGS and LIBASSUAN_PTH_LIBS -dnl -AC_DEFUN([AM_PATH_LIBASSUAN_PTH], -[ _AM_PATH_LIBASSUAN_COMMON($1,pth) - if test $ok = yes; then - LIBASSUAN_PTH_CFLAGS=`$LIBASSUAN_CONFIG $libassuan_config_args --thread=pth --cflags` - LIBASSUAN_PTH_LIBS=`$LIBASSUAN_CONFIG $libassuan_config_args --thread=pth --libs` - ifelse([$2], , :, [$2]) - else - LIBASSUAN_PTH_CFLAGS="" - LIBASSUAN_PTH_LIBS="" - ifelse([$3], , :, [$3]) - fi - AC_SUBST(LIBASSUAN_PTH_CFLAGS) - AC_SUBST(LIBASSUAN_PTH_LIBS) -]) - - -dnl AM_PATH_LIBASSUAN_PTHREAD([MINIMUM-VERSION, -dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) -dnl Test for libassuan and define LIBASSUAN_PTHREAD_CFLAGS -dnl and LIBASSUAN_PTHREAD_LIBS -dnl -AC_DEFUN([AM_PATH_LIBASSUAN_PTHREAD], -[ _AM_PATH_LIBASSUAN_COMMON($1,pthread) - if test $ok = yes; then - LIBASSUAN_PTHREAD_CFLAGS=`$LIBASSUAN_CONFIG $libassuan_config_args --thread=pthread --cflags` - LIBASSUAN_PTHREAD_LIBS=`$LIBASSUAN_CONFIG $libassuan_config_args --thread=pthread --libs` - ifelse([$2], , :, [$2]) - else - LIBASSUAN_PTHREAD_CFLAGS="" - LIBASSUAN_PTHREAD_LIBS="" - ifelse([$3], , :, [$3]) - fi - AC_SUBST(LIBASSUAN_PTHREAD_CFLAGS) - AC_SUBST(LIBASSUAN_PTHREAD_LIBS) -]) - diff -Nru opensc-0.11.13/m4/libtool.m4 opensc-0.12.1/m4/libtool.m4 --- opensc-0.11.13/m4/libtool.m4 2010-02-16 09:32:09.000000000 +0000 +++ opensc-0.12.1/m4/libtool.m4 2011-05-18 05:51:44.000000000 +0000 @@ -2445,7 +2445,7 @@ ;; # This must be Linux ELF. -linux* | k*bsd*-gnu) +linux* | k*bsd*-gnu | kopensolaris*-gnu) version_type=linux need_lib_prefix=no need_version=no @@ -3084,7 +3084,7 @@ ;; # This must be Linux ELF. -linux* | k*bsd*-gnu) +linux* | k*bsd*-gnu | kopensolaris*-gnu) lt_cv_deplibs_check_method=pass_all ;; @@ -3705,7 +3705,7 @@ ;; esac ;; - linux* | k*bsd*-gnu) + linux* | k*bsd*-gnu | kopensolaris*-gnu) case $cc_basename in KCC*) # KAI C++ Compiler @@ -3989,7 +3989,7 @@ _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; - linux* | k*bsd*-gnu) + linux* | k*bsd*-gnu | kopensolaris*-gnu) case $cc_basename in # old Intel for x86_64 which still supported -KPIC. ecc*) @@ -4285,6 +4285,7 @@ fi supports_anon_versioning=no case `$LD -v 2>&1` in + *GNU\ gold*) supports_anon_versioning=yes ;; *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11 *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... @@ -4376,7 +4377,7 @@ _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' ;; - gnu* | linux* | tpf* | k*bsd*-gnu) + gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) tmp_diet=no if test "$host_os" = linux-dietlibc; then case $cc_basename in @@ -5860,7 +5861,7 @@ _LT_TAGVAR(inherit_rpath, $1)=yes ;; - linux* | k*bsd*-gnu) + linux* | k*bsd*-gnu | kopensolaris*-gnu) case $cc_basename in KCC*) # Kuck and Associates, Inc. (KAI) C++ Compiler diff -Nru opensc-0.11.13/m4/ltversion.m4 opensc-0.12.1/m4/ltversion.m4 --- opensc-0.11.13/m4/ltversion.m4 2010-02-16 09:32:10.000000000 +0000 +++ opensc-0.12.1/m4/ltversion.m4 2011-05-18 05:51:44.000000000 +0000 @@ -9,15 +9,15 @@ # Generated from ltversion.in. -# serial 3012 ltversion.m4 +# serial 3017 ltversion.m4 # This file is part of GNU Libtool -m4_define([LT_PACKAGE_VERSION], [2.2.6]) -m4_define([LT_PACKAGE_REVISION], [1.3012]) +m4_define([LT_PACKAGE_VERSION], [2.2.6b]) +m4_define([LT_PACKAGE_REVISION], [1.3017]) AC_DEFUN([LTVERSION_VERSION], -[macro_version='2.2.6' -macro_revision='1.3012' +[macro_version='2.2.6b' +macro_revision='1.3017' _LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?]) _LT_DECL(, macro_revision, 0) ]) Binary files /tmp/Q81bsdjytI/opensc-0.11.13/MacOSX/10.5/resources/background.jpg and /tmp/sbCDyUPpn6/opensc-0.12.1/MacOSX/10.5/resources/background.jpg differ Binary files /tmp/Q81bsdjytI/opensc-0.11.13/MacOSX/10.5/resources/InstallationCheck.strings and /tmp/sbCDyUPpn6/opensc-0.12.1/MacOSX/10.5/resources/InstallationCheck.strings differ diff -Nru opensc-0.11.13/MacOSX/10.5/resources/License.html opensc-0.12.1/MacOSX/10.5/resources/License.html --- opensc-0.11.13/MacOSX/10.5/resources/License.html 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/10.5/resources/License.html 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,170 @@ + + + + EST Install OpenSC + + + + + +

      GNU LESSER GENERAL PUBLIC LICENSE

      +

      Version 2.1, February 1999

      + +
      +

      Copyright (C) 1991, 1999 Free Software Foundation, Inc. +59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +Everyone is permitted to copy and distribute verbatim copies +of this license document, but changing it is not allowed.

      + +

      [This is the first released version of the Lesser GPL. It also counts + as the successor of the GNU Library Public License, version 2, hence + the version number 2.1.]

      + +

      Preamble

      + +

      The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users.

      + +

      This license, the Lesser General Public License, applies to some specially designated software packages--typically libraries--of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below. +

      +

      When we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things.

      + +

      To protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it. +

      +

      For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights.

      + +

      We protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library.

      + +

      To protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others.

      +

      + Finally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license.

      + +

      Most GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs.

      + +

      When a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library.

      + +

      We call this license the "Lesser" General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances.

      + +

      For example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License. +

      +

      In other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system.

      + +

      Although the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library. +

      +

      The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, whereas the latter must be combined with the library in order to run.

      + +

      TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

      + +

      0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called "this License"). Each licensee is addressed as "you".

      + +

      A "library" means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables.

      + +

      The "Library", below, refers to any such software library or work which has been distributed under these terms. A "work based on the Library" means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term "modification".)

      + +

      "Source code" for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library.

      + +

      Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does.

      + +

      1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library. +

      +

      You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.

      + +

      2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: +

      + +
      +

      a) The modified work must itself be a software library.

      +

      b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change.

      +

      c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License.

      +

      d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful.

      + + +

      (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.) +

      +

      These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. +

      +

      Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library. +

      +

      In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. +

      +

      3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices.

      + +

      Once this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy. +

      +

      This option is useful when you wish to copy part of the code of the Library into a program that is not a library. +

      +

      4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange. +

      + +

      If distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code.

      + +

      5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a "work that uses the Library". Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License.

      + +

      However, linking a "work that uses the Library" with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables.

      + +

      When a "work that uses the Library" uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law.

      + +

      If such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.)

      + +

      Otherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself.

      + +

      6. As an exception to the Sections above, you may also combine or link a "work that uses the Library" with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications.

      +

      + You must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things:

      + +

      a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable "work that uses the Library", as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.)

      + +

      b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with.

      +

      +c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution.

      + +

      d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place.

      + +

      e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy.

      +
      + +

      For an executable, the required form of the "work that uses the Library" must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.

      + +

      It may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute.

      + +

      7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things:

      + +
      +

      a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above.

      + +

      b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work.

      + +

      8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.

      +

      +9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it.

      +

      +10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License.

      + +

      11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library.

      +

      +If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances.

      + +

      It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.

      + +

      This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.

      +

      +12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.

      +

      +13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.

      + +

      Each version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation.

      +

      +14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.

      +

      +NO WARRANTY

      +

      +15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.

      +

      +16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

      + + + \ No newline at end of file diff -Nru opensc-0.11.13/MacOSX/10.5/resources/ReadMe.html opensc-0.12.1/MacOSX/10.5/resources/ReadMe.html --- opensc-0.11.13/MacOSX/10.5/resources/ReadMe.html 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/10.5/resources/ReadMe.html 2011-05-18 05:52:09.000000000 +0000 @@ -0,0 +1,26 @@ + + + + + + + + + +

      OpenSC, version 0.12.1

      +

      for Mac OS X 10.5 (Leopard), universal (32-bit i386 and ppc)

      + +

      OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures.

      + +

      OpenSC implements the PKCS#11 API so applications supporting this API (such as Mozilla Firefox and Thunderbird) can use it. On the card OpenSC implements the PKCS#15 standard and aims to be compatible with every software/card that does so, too.

      + +

      Documentation:

      +

      The OpenSC Wiki is available at: http://www.opensc-project.org/opensc and should be consulted for further documentation and support.

      + + + diff -Nru opensc-0.11.13/MacOSX/10.5/resources/ReadMe.html.in opensc-0.12.1/MacOSX/10.5/resources/ReadMe.html.in --- opensc-0.11.13/MacOSX/10.5/resources/ReadMe.html.in 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/10.5/resources/ReadMe.html.in 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,26 @@ + + + + + + + + + +

      OpenSC, version @PACKAGE_VERSION@

      +

      for Mac OS X 10.5 (Leopard), universal (32-bit i386 and ppc)

      + +

      OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures.

      + +

      OpenSC implements the PKCS#11 API so applications supporting this API (such as Mozilla Firefox and Thunderbird) can use it. On the card OpenSC implements the PKCS#15 standard and aims to be compatible with every software/card that does so, too.

      + +

      Documentation:

      +

      The OpenSC Wiki is available at: http://www.opensc-project.org/opensc and should be consulted for further documentation and support.

      + + + \ No newline at end of file diff -Nru opensc-0.11.13/MacOSX/10.5/resources/.svn/dir-prop-base opensc-0.12.1/MacOSX/10.5/resources/.svn/dir-prop-base --- opensc-0.11.13/MacOSX/10.5/resources/.svn/dir-prop-base 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/10.5/resources/.svn/dir-prop-base 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,84 @@ +K 10 +svn:ignore +V 658 +Makefile +Makefile.in +core +archive +acinclude.m4 +aclocal.m4 +autom4te.cache +compile +confdefs.h +config.* +configure +conftest +conftest.c +depcomp +install-sh +libtool +libtool.m4 +lt*.m4 +ltmain.sh +missing +mkinstalldirs +so_locations +stamp-h* + +.deps +.libs +.#*# +.*.bak +.*.orig +.*.rej +.*~ +#*# +*.bak +*.d +*.def +*.dll +*.exe +*.la +*.lib +*.lo +*.orig +*.pdb +*.rej +*.u +*.rc +*.pc +*~ +*.gz +*.bz2 +*.[0-9] +*.html +*.gif +*.css +*.out +*.tmp + +ChangeLog +opensc.conf +xsl-stylesheets +opensc-config +test-conf +pkcs15-tool +pkcs15-crypt +pkcs15-init +piv-tool +eidenv +opensc-explorer +opensc-tool +rutoken-tool +cardos-info +cryptoflex-tool +netkey-tool +pkcs11-tool +pintest +p15dump +prngtest +base64 +lottery + + +END diff -Nru opensc-0.11.13/MacOSX/10.5/resources/.svn/entries opensc-0.12.1/MacOSX/10.5/resources/.svn/entries --- opensc-0.11.13/MacOSX/10.5/resources/.svn/entries 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/10.5/resources/.svn/entries 2011-05-18 05:45:18.000000000 +0000 @@ -0,0 +1,164 @@ +10 + +dir +5454 +https://www.opensc-project.org/svnp/opensc/releases/opensc-0.12.1/MacOSX/10.5/resources +https://www.opensc-project.org/svnp/opensc + + + +2011-05-17T17:02:31.671713Z +5451 +martin +has-props + + + + + + + + + + + + + +c6295689-39f2-0310-b995-f0e70906c6a9 + +License.html +file + + + + +2011-05-17T17:07:00.836747Z +0fc74441df0a64f03759964bf39ebaa4 +2011-05-17T17:02:31.671713Z +5451 +martin + + + + + + + + + + + + + + + + + + + + + +25442 + +ReadMe.html.in +file + + + + +2011-05-17T17:07:00.836747Z +b5a087b776fe98a2a9becc44b6985b74 +2011-05-17T17:02:31.671713Z +5451 +martin + + + + + + + + + + + + + + + + + + + + + +1419 + +InstallationCheck.strings +file + + + + +2011-05-17T17:07:00.836747Z +2f618f5f75d2cc8f12f578099cb040e2 +2011-05-17T17:02:31.671713Z +5451 +martin + + + + + + + + + + + + + + + + + + + + + +322 + +background.jpg +file + + + + +2011-05-17T17:07:00.826747Z +d602d4d996b5ece5951df01107b14b64 +2011-05-17T17:02:31.671713Z +5451 +martin + + + + + + + + + + + + + + + + + + + + + +13125 + Binary files /tmp/Q81bsdjytI/opensc-0.11.13/MacOSX/10.5/resources/.svn/text-base/background.jpg.svn-base and /tmp/sbCDyUPpn6/opensc-0.12.1/MacOSX/10.5/resources/.svn/text-base/background.jpg.svn-base differ Binary files /tmp/Q81bsdjytI/opensc-0.11.13/MacOSX/10.5/resources/.svn/text-base/InstallationCheck.strings.svn-base and /tmp/sbCDyUPpn6/opensc-0.12.1/MacOSX/10.5/resources/.svn/text-base/InstallationCheck.strings.svn-base differ diff -Nru opensc-0.11.13/MacOSX/10.5/resources/.svn/text-base/License.html.svn-base opensc-0.12.1/MacOSX/10.5/resources/.svn/text-base/License.html.svn-base --- opensc-0.11.13/MacOSX/10.5/resources/.svn/text-base/License.html.svn-base 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/10.5/resources/.svn/text-base/License.html.svn-base 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,170 @@ + + + + EST Install OpenSC + + + + + +

      GNU LESSER GENERAL PUBLIC LICENSE

      +

      Version 2.1, February 1999

      + +
      +

      Copyright (C) 1991, 1999 Free Software Foundation, Inc. +59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +Everyone is permitted to copy and distribute verbatim copies +of this license document, but changing it is not allowed.

      + +

      [This is the first released version of the Lesser GPL. It also counts + as the successor of the GNU Library Public License, version 2, hence + the version number 2.1.]

      + +

      Preamble

      + +

      The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users.

      + +

      This license, the Lesser General Public License, applies to some specially designated software packages--typically libraries--of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below. +

      +

      When we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things.

      + +

      To protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it. +

      +

      For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights.

      + +

      We protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library.

      + +

      To protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others.

      +

      + Finally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license.

      + +

      Most GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs.

      + +

      When a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library.

      + +

      We call this license the "Lesser" General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances.

      + +

      For example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License. +

      +

      In other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system.

      + +

      Although the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library. +

      +

      The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, whereas the latter must be combined with the library in order to run.

      + +

      TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

      + +

      0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called "this License"). Each licensee is addressed as "you".

      + +

      A "library" means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables.

      + +

      The "Library", below, refers to any such software library or work which has been distributed under these terms. A "work based on the Library" means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term "modification".)

      + +

      "Source code" for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library.

      + +

      Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does.

      + +

      1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library. +

      +

      You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.

      + +

      2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: +

      + +
      +

      a) The modified work must itself be a software library.

      +

      b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change.

      +

      c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License.

      +

      d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful.

      + + +

      (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.) +

      +

      These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. +

      +

      Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library. +

      +

      In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. +

      +

      3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices.

      + +

      Once this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy. +

      +

      This option is useful when you wish to copy part of the code of the Library into a program that is not a library. +

      +

      4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange. +

      + +

      If distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code.

      + +

      5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a "work that uses the Library". Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License.

      + +

      However, linking a "work that uses the Library" with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables.

      + +

      When a "work that uses the Library" uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law.

      + +

      If such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.)

      + +

      Otherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself.

      + +

      6. As an exception to the Sections above, you may also combine or link a "work that uses the Library" with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications.

      +

      + You must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things:

      + +

      a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable "work that uses the Library", as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.)

      + +

      b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with.

      +

      +c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution.

      + +

      d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place.

      + +

      e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy.

      +
      + +

      For an executable, the required form of the "work that uses the Library" must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.

      + +

      It may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute.

      + +

      7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things:

      + +
      +

      a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above.

      + +

      b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work.

      + +

      8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.

      +

      +9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it.

      +

      +10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License.

      + +

      11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library.

      +

      +If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances.

      + +

      It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.

      + +

      This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.

      +

      +12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.

      +

      +13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.

      + +

      Each version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation.

      +

      +14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.

      +

      +NO WARRANTY

      +

      +15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.

      +

      +16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

      + + + \ No newline at end of file diff -Nru opensc-0.11.13/MacOSX/10.5/resources/.svn/text-base/ReadMe.html.in.svn-base opensc-0.12.1/MacOSX/10.5/resources/.svn/text-base/ReadMe.html.in.svn-base --- opensc-0.11.13/MacOSX/10.5/resources/.svn/text-base/ReadMe.html.in.svn-base 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/10.5/resources/.svn/text-base/ReadMe.html.in.svn-base 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,26 @@ + + + + + + + + + +

      OpenSC, version @PACKAGE_VERSION@

      +

      for Mac OS X 10.5 (Leopard), universal (32-bit i386 and ppc)

      + +

      OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures.

      + +

      OpenSC implements the PKCS#11 API so applications supporting this API (such as Mozilla Firefox and Thunderbird) can use it. On the card OpenSC implements the PKCS#15 standard and aims to be compatible with every software/card that does so, too.

      + +

      Documentation:

      +

      The OpenSC Wiki is available at: http://www.opensc-project.org/opensc and should be consulted for further documentation and support.

      + + + \ No newline at end of file diff -Nru opensc-0.11.13/MacOSX/10.5/scripts/InstallationCheck opensc-0.12.1/MacOSX/10.5/scripts/InstallationCheck --- opensc-0.11.13/MacOSX/10.5/scripts/InstallationCheck 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/10.5/scripts/InstallationCheck 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,116 @@ +#!/usr/bin/perl + +my $SYSTEM_VERS = "/System/Library/CoreServices/SystemVersion.plist"; +my $EXIT_VALUE = 0; + +if ( $ENV{OS_INSTALL} == 1) { + exit (0); +} + +DO_CHECKS: { + # 10.5.8 or higher system must be active + if(CheckVersion("$SYSTEM_VERS", "10.5.8", "ProductVersion", "<")) { + $EXIT_VALUE = ((1 << 6) | ( 1 << 5 ) | 17 ); + last; + } + # 10.5 system must be active + if(CheckVersion("$SYSTEM_VERS", "10.6", "ProductVersion", ">")) { + $EXIT_VALUE = ((1 << 6) | ( 1 << 5 ) | 18 ); + last; + } +} +exit($EXIT_VALUE); + +### + +sub CheckVersion +{ + my $path = $_[0]; + my $version = $_[1]; + my $keyName = $_[2]; + my $operator = $_[3]; + + if (! -e $path) { + return 0; + } + + if (!$operator) { + $operator = "=="; + } + + my $oldSeperator = $/; + $/ = \0; + + open( PLIST, "$path") || do { + return 0; + }; + + $plistData = ; + $plistData =~ /(.*?)<\/dict>/gis; + + @items = split(//, $plistData); + + shift @items; + foreach $item (@items) { + $item =~ /(.*?)<\/key>.*?(.*?)<\/string>/gis; + $versiondata{ $1 } = $2; + } + + close(PLIST); + + $/ = $oldSeperator; + + @theVersionArray = split(/\./, $versiondata{$keyName}); + for ($i = 0; $i < 3; $i++) { + if(!$theVersionArray[$i]) { + $theVersionArray[$i] = '0'; + } + } + + @versionArray = split(/\./, $version); + + my $actualVersion; + + for ($i = 0; $i < 3; $i++) { + if (($theVersionArray[$i] != $versionArray[$i]) or ($i == 2)) { + + $actualVersion = $theVersionArray[$i]; + $version = $versionArray[$i]; + + last; + } + } + + my $expression = '$actualVersion ' . $operator . ' $version'; + if( eval ($expression) ) + { + return 1; + } + else + { + return 0; + } + +} + +sub CheckIOReg +{ + $RESULT = 0; + + open(IOREGOUT, "/usr/sbin/ioreg |"); + + foreach $LINE () { + $BUF .= $LINE; + } + close(IOREGOUT); + + foreach $ITEM (@_) { + if($BUF =~ /$ITEM/g) { + $RESULT = 1; + last; + } + } + + return($RESULT); +} + diff -Nru opensc-0.11.13/MacOSX/10.5/scripts/postflight opensc-0.12.1/MacOSX/10.5/scripts/postflight --- opensc-0.11.13/MacOSX/10.5/scripts/postflight 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/10.5/scripts/postflight 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,25 @@ +#!/bin/bash + +if !([ -e "/usr/lib/opensc-pkcs11.so" ]) +then + ln -s /Library/OpenSC/lib/opensc-pkcs11.so /usr/lib/opensc-pkcs11.so +fi +if [ -e "/Library/OpenSC/etc/opensc.conf.md5" ] +then + read cs_fromfile file < "/Library/OpenSC/etc/opensc.conf.md5" + cs_calculated=$( md5 -q "/Library/OpenSC/etc/opensc.conf") + if [ "$cs_fromfile" = "$cs_calculated" ] + then + mv /Library/OpenSC/etc/opensc.conf.orig /Library/OpenSC/etc/opensc.conf + md5 -r /Library/OpenSC/etc/opensc.conf > /Library/OpenSC/etc/opensc.conf.md5 + fi +else + mv /Library/OpenSC/etc/opensc.conf.orig /Library/OpenSC/etc/opensc.conf + md5 -r /Library/OpenSC/etc/opensc.conf > /Library/OpenSC/etc/opensc.conf.md5 +fi +for f in /Library/OpenSC/bin/* +do + ln -sf $f /usr/local/bin +done + +exit 0 diff -Nru opensc-0.11.13/MacOSX/10.5/scripts/.svn/dir-prop-base opensc-0.12.1/MacOSX/10.5/scripts/.svn/dir-prop-base --- opensc-0.11.13/MacOSX/10.5/scripts/.svn/dir-prop-base 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/10.5/scripts/.svn/dir-prop-base 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,84 @@ +K 10 +svn:ignore +V 658 +Makefile +Makefile.in +core +archive +acinclude.m4 +aclocal.m4 +autom4te.cache +compile +confdefs.h +config.* +configure +conftest +conftest.c +depcomp +install-sh +libtool +libtool.m4 +lt*.m4 +ltmain.sh +missing +mkinstalldirs +so_locations +stamp-h* + +.deps +.libs +.#*# +.*.bak +.*.orig +.*.rej +.*~ +#*# +*.bak +*.d +*.def +*.dll +*.exe +*.la +*.lib +*.lo +*.orig +*.pdb +*.rej +*.u +*.rc +*.pc +*~ +*.gz +*.bz2 +*.[0-9] +*.html +*.gif +*.css +*.out +*.tmp + +ChangeLog +opensc.conf +xsl-stylesheets +opensc-config +test-conf +pkcs15-tool +pkcs15-crypt +pkcs15-init +piv-tool +eidenv +opensc-explorer +opensc-tool +rutoken-tool +cardos-info +cryptoflex-tool +netkey-tool +pkcs11-tool +pintest +p15dump +prngtest +base64 +lottery + + +END diff -Nru opensc-0.11.13/MacOSX/10.5/scripts/.svn/entries opensc-0.12.1/MacOSX/10.5/scripts/.svn/entries --- opensc-0.11.13/MacOSX/10.5/scripts/.svn/entries 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/10.5/scripts/.svn/entries 2011-05-18 05:45:18.000000000 +0000 @@ -0,0 +1,96 @@ +10 + +dir +5454 +https://www.opensc-project.org/svnp/opensc/releases/opensc-0.12.1/MacOSX/10.5/scripts +https://www.opensc-project.org/svnp/opensc + + + +2011-05-17T17:02:31.671713Z +5451 +martin +has-props + + + + + + + + + + + + + +c6295689-39f2-0310-b995-f0e70906c6a9 + +InstallationCheck +file + + + + +2011-05-17T17:07:00.826747Z +04c4f6fcb87fd6a591ce622d592e0aa5 +2011-05-17T17:02:31.671713Z +5451 +martin +has-props + + + + + + + + + + + + + + + + + + + + +2219 + +postflight +file + + + + +2011-05-17T17:07:00.826747Z +76754a03430b561b2f6dfe59f08e26c7 +2011-05-17T17:02:31.671713Z +5451 +martin +has-props + + + + + + + + + + + + + + + + + + + + +747 + diff -Nru opensc-0.11.13/MacOSX/10.5/scripts/.svn/prop-base/InstallationCheck.svn-base opensc-0.12.1/MacOSX/10.5/scripts/.svn/prop-base/InstallationCheck.svn-base --- opensc-0.11.13/MacOSX/10.5/scripts/.svn/prop-base/InstallationCheck.svn-base 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/10.5/scripts/.svn/prop-base/InstallationCheck.svn-base 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,5 @@ +K 14 +svn:executable +V 1 +* +END diff -Nru opensc-0.11.13/MacOSX/10.5/scripts/.svn/prop-base/postflight.svn-base opensc-0.12.1/MacOSX/10.5/scripts/.svn/prop-base/postflight.svn-base --- opensc-0.11.13/MacOSX/10.5/scripts/.svn/prop-base/postflight.svn-base 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/10.5/scripts/.svn/prop-base/postflight.svn-base 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,5 @@ +K 14 +svn:executable +V 1 +* +END diff -Nru opensc-0.11.13/MacOSX/10.5/scripts/.svn/text-base/InstallationCheck.svn-base opensc-0.12.1/MacOSX/10.5/scripts/.svn/text-base/InstallationCheck.svn-base --- opensc-0.11.13/MacOSX/10.5/scripts/.svn/text-base/InstallationCheck.svn-base 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/10.5/scripts/.svn/text-base/InstallationCheck.svn-base 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,116 @@ +#!/usr/bin/perl + +my $SYSTEM_VERS = "/System/Library/CoreServices/SystemVersion.plist"; +my $EXIT_VALUE = 0; + +if ( $ENV{OS_INSTALL} == 1) { + exit (0); +} + +DO_CHECKS: { + # 10.5.8 or higher system must be active + if(CheckVersion("$SYSTEM_VERS", "10.5.8", "ProductVersion", "<")) { + $EXIT_VALUE = ((1 << 6) | ( 1 << 5 ) | 17 ); + last; + } + # 10.5 system must be active + if(CheckVersion("$SYSTEM_VERS", "10.6", "ProductVersion", ">")) { + $EXIT_VALUE = ((1 << 6) | ( 1 << 5 ) | 18 ); + last; + } +} +exit($EXIT_VALUE); + +### + +sub CheckVersion +{ + my $path = $_[0]; + my $version = $_[1]; + my $keyName = $_[2]; + my $operator = $_[3]; + + if (! -e $path) { + return 0; + } + + if (!$operator) { + $operator = "=="; + } + + my $oldSeperator = $/; + $/ = \0; + + open( PLIST, "$path") || do { + return 0; + }; + + $plistData = ; + $plistData =~ /(.*?)<\/dict>/gis; + + @items = split(//, $plistData); + + shift @items; + foreach $item (@items) { + $item =~ /(.*?)<\/key>.*?(.*?)<\/string>/gis; + $versiondata{ $1 } = $2; + } + + close(PLIST); + + $/ = $oldSeperator; + + @theVersionArray = split(/\./, $versiondata{$keyName}); + for ($i = 0; $i < 3; $i++) { + if(!$theVersionArray[$i]) { + $theVersionArray[$i] = '0'; + } + } + + @versionArray = split(/\./, $version); + + my $actualVersion; + + for ($i = 0; $i < 3; $i++) { + if (($theVersionArray[$i] != $versionArray[$i]) or ($i == 2)) { + + $actualVersion = $theVersionArray[$i]; + $version = $versionArray[$i]; + + last; + } + } + + my $expression = '$actualVersion ' . $operator . ' $version'; + if( eval ($expression) ) + { + return 1; + } + else + { + return 0; + } + +} + +sub CheckIOReg +{ + $RESULT = 0; + + open(IOREGOUT, "/usr/sbin/ioreg |"); + + foreach $LINE () { + $BUF .= $LINE; + } + close(IOREGOUT); + + foreach $ITEM (@_) { + if($BUF =~ /$ITEM/g) { + $RESULT = 1; + last; + } + } + + return($RESULT); +} + diff -Nru opensc-0.11.13/MacOSX/10.5/scripts/.svn/text-base/postflight.svn-base opensc-0.12.1/MacOSX/10.5/scripts/.svn/text-base/postflight.svn-base --- opensc-0.11.13/MacOSX/10.5/scripts/.svn/text-base/postflight.svn-base 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/10.5/scripts/.svn/text-base/postflight.svn-base 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,25 @@ +#!/bin/bash + +if !([ -e "/usr/lib/opensc-pkcs11.so" ]) +then + ln -s /Library/OpenSC/lib/opensc-pkcs11.so /usr/lib/opensc-pkcs11.so +fi +if [ -e "/Library/OpenSC/etc/opensc.conf.md5" ] +then + read cs_fromfile file < "/Library/OpenSC/etc/opensc.conf.md5" + cs_calculated=$( md5 -q "/Library/OpenSC/etc/opensc.conf") + if [ "$cs_fromfile" = "$cs_calculated" ] + then + mv /Library/OpenSC/etc/opensc.conf.orig /Library/OpenSC/etc/opensc.conf + md5 -r /Library/OpenSC/etc/opensc.conf > /Library/OpenSC/etc/opensc.conf.md5 + fi +else + mv /Library/OpenSC/etc/opensc.conf.orig /Library/OpenSC/etc/opensc.conf + md5 -r /Library/OpenSC/etc/opensc.conf > /Library/OpenSC/etc/opensc.conf.md5 +fi +for f in /Library/OpenSC/bin/* +do + ln -sf $f /usr/local/bin +done + +exit 0 Binary files /tmp/Q81bsdjytI/opensc-0.11.13/MacOSX/10.6/resources/background.jpg and /tmp/sbCDyUPpn6/opensc-0.12.1/MacOSX/10.6/resources/background.jpg differ Binary files /tmp/Q81bsdjytI/opensc-0.11.13/MacOSX/10.6/resources/InstallationCheck.strings and /tmp/sbCDyUPpn6/opensc-0.12.1/MacOSX/10.6/resources/InstallationCheck.strings differ diff -Nru opensc-0.11.13/MacOSX/10.6/resources/License.html opensc-0.12.1/MacOSX/10.6/resources/License.html --- opensc-0.11.13/MacOSX/10.6/resources/License.html 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/10.6/resources/License.html 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,170 @@ + + + + EST Install OpenSC + + + + + +

      GNU LESSER GENERAL PUBLIC LICENSE

      +

      Version 2.1, February 1999

      + +
      +

      Copyright (C) 1991, 1999 Free Software Foundation, Inc. +59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +Everyone is permitted to copy and distribute verbatim copies +of this license document, but changing it is not allowed.

      + +

      [This is the first released version of the Lesser GPL. It also counts + as the successor of the GNU Library Public License, version 2, hence + the version number 2.1.]

      + +

      Preamble

      + +

      The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users.

      + +

      This license, the Lesser General Public License, applies to some specially designated software packages--typically libraries--of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below. +

      +

      When we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things.

      + +

      To protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it. +

      +

      For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights.

      + +

      We protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library.

      + +

      To protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others.

      +

      + Finally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license.

      + +

      Most GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs.

      + +

      When a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library.

      + +

      We call this license the "Lesser" General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances.

      + +

      For example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License. +

      +

      In other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system.

      + +

      Although the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library. +

      +

      The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, whereas the latter must be combined with the library in order to run.

      + +

      TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

      + +

      0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called "this License"). Each licensee is addressed as "you".

      + +

      A "library" means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables.

      + +

      The "Library", below, refers to any such software library or work which has been distributed under these terms. A "work based on the Library" means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term "modification".)

      + +

      "Source code" for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library.

      + +

      Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does.

      + +

      1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library. +

      +

      You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.

      + +

      2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: +

      + +
      +

      a) The modified work must itself be a software library.

      +

      b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change.

      +

      c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License.

      +

      d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful.

      + + +

      (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.) +

      +

      These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. +

      +

      Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library. +

      +

      In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. +

      +

      3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices.

      + +

      Once this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy. +

      +

      This option is useful when you wish to copy part of the code of the Library into a program that is not a library. +

      +

      4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange. +

      + +

      If distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code.

      + +

      5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a "work that uses the Library". Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License.

      + +

      However, linking a "work that uses the Library" with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables.

      + +

      When a "work that uses the Library" uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law.

      + +

      If such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.)

      + +

      Otherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself.

      + +

      6. As an exception to the Sections above, you may also combine or link a "work that uses the Library" with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications.

      +

      + You must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things:

      + +

      a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable "work that uses the Library", as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.)

      + +

      b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with.

      +

      +c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution.

      + +

      d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place.

      + +

      e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy.

      +
      + +

      For an executable, the required form of the "work that uses the Library" must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.

      + +

      It may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute.

      + +

      7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things:

      + +
      +

      a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above.

      + +

      b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work.

      + +

      8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.

      +

      +9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it.

      +

      +10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License.

      + +

      11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library.

      +

      +If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances.

      + +

      It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.

      + +

      This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.

      +

      +12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.

      +

      +13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.

      + +

      Each version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation.

      +

      +14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.

      +

      +NO WARRANTY

      +

      +15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.

      +

      +16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

      + + + \ No newline at end of file diff -Nru opensc-0.11.13/MacOSX/10.6/resources/ReadMe.html opensc-0.12.1/MacOSX/10.6/resources/ReadMe.html --- opensc-0.11.13/MacOSX/10.6/resources/ReadMe.html 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/10.6/resources/ReadMe.html 2011-05-18 05:52:09.000000000 +0000 @@ -0,0 +1,26 @@ + + + + + + + + + +

      OpenSC, version 0.12.1

      +

      for Mac OS X 10.6 (Snow Leopard), universal (32-bit and 64-bit)

      + +

      OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures.

      + +

      OpenSC implements the PKCS#11 API so applications supporting this API (such as Mozilla Firefox and Thunderbird) can use it. On the card OpenSC implements the PKCS#15 standard and aims to be compatible with every software/card that does so, too.

      + +

      Documentation:

      +

      The OpenSC Wiki is available at: http://www.opensc-project.org/opensc and should be consulted for further documentation and support.

      + + + diff -Nru opensc-0.11.13/MacOSX/10.6/resources/ReadMe.html.in opensc-0.12.1/MacOSX/10.6/resources/ReadMe.html.in --- opensc-0.11.13/MacOSX/10.6/resources/ReadMe.html.in 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/10.6/resources/ReadMe.html.in 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,26 @@ + + + + + + + + + +

      OpenSC, version @PACKAGE_VERSION@

      +

      for Mac OS X 10.6 (Snow Leopard), universal (32-bit and 64-bit)

      + +

      OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures.

      + +

      OpenSC implements the PKCS#11 API so applications supporting this API (such as Mozilla Firefox and Thunderbird) can use it. On the card OpenSC implements the PKCS#15 standard and aims to be compatible with every software/card that does so, too.

      + +

      Documentation:

      +

      The OpenSC Wiki is available at: http://www.opensc-project.org/opensc and should be consulted for further documentation and support.

      + + + \ No newline at end of file diff -Nru opensc-0.11.13/MacOSX/10.6/resources/.svn/dir-prop-base opensc-0.12.1/MacOSX/10.6/resources/.svn/dir-prop-base --- opensc-0.11.13/MacOSX/10.6/resources/.svn/dir-prop-base 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/10.6/resources/.svn/dir-prop-base 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,84 @@ +K 10 +svn:ignore +V 658 +Makefile +Makefile.in +core +archive +acinclude.m4 +aclocal.m4 +autom4te.cache +compile +confdefs.h +config.* +configure +conftest +conftest.c +depcomp +install-sh +libtool +libtool.m4 +lt*.m4 +ltmain.sh +missing +mkinstalldirs +so_locations +stamp-h* + +.deps +.libs +.#*# +.*.bak +.*.orig +.*.rej +.*~ +#*# +*.bak +*.d +*.def +*.dll +*.exe +*.la +*.lib +*.lo +*.orig +*.pdb +*.rej +*.u +*.rc +*.pc +*~ +*.gz +*.bz2 +*.[0-9] +*.html +*.gif +*.css +*.out +*.tmp + +ChangeLog +opensc.conf +xsl-stylesheets +opensc-config +test-conf +pkcs15-tool +pkcs15-crypt +pkcs15-init +piv-tool +eidenv +opensc-explorer +opensc-tool +rutoken-tool +cardos-info +cryptoflex-tool +netkey-tool +pkcs11-tool +pintest +p15dump +prngtest +base64 +lottery + + +END diff -Nru opensc-0.11.13/MacOSX/10.6/resources/.svn/entries opensc-0.12.1/MacOSX/10.6/resources/.svn/entries --- opensc-0.11.13/MacOSX/10.6/resources/.svn/entries 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/10.6/resources/.svn/entries 2011-05-18 05:45:18.000000000 +0000 @@ -0,0 +1,164 @@ +10 + +dir +5454 +https://www.opensc-project.org/svnp/opensc/releases/opensc-0.12.1/MacOSX/10.6/resources +https://www.opensc-project.org/svnp/opensc + + + +2011-05-17T17:02:31.671713Z +5451 +martin +has-props + + + + + + + + + + + + + +c6295689-39f2-0310-b995-f0e70906c6a9 + +License.html +file + + + + +2011-05-17T17:07:00.856747Z +0fc74441df0a64f03759964bf39ebaa4 +2011-05-17T17:02:31.671713Z +5451 +martin + + + + + + + + + + + + + + + + + + + + + +25442 + +ReadMe.html.in +file + + + + +2011-05-17T17:07:00.856747Z +b96725320ce24eacc9c0cf51412ac68f +2011-05-17T17:02:31.671713Z +5451 +martin + + + + + + + + + + + + + + + + + + + + + +1422 + +InstallationCheck.strings +file + + + + +2011-05-17T17:07:00.856747Z +98f8f94e2acdfd6757f0963b4e0cc443 +2011-05-17T17:02:31.671713Z +5451 +martin + + + + + + + + + + + + + + + + + + + + + +410 + +background.jpg +file + + + + +2011-05-17T17:07:00.846747Z +d602d4d996b5ece5951df01107b14b64 +2011-05-17T17:02:31.671713Z +5451 +martin + + + + + + + + + + + + + + + + + + + + + +13125 + Binary files /tmp/Q81bsdjytI/opensc-0.11.13/MacOSX/10.6/resources/.svn/text-base/background.jpg.svn-base and /tmp/sbCDyUPpn6/opensc-0.12.1/MacOSX/10.6/resources/.svn/text-base/background.jpg.svn-base differ Binary files /tmp/Q81bsdjytI/opensc-0.11.13/MacOSX/10.6/resources/.svn/text-base/InstallationCheck.strings.svn-base and /tmp/sbCDyUPpn6/opensc-0.12.1/MacOSX/10.6/resources/.svn/text-base/InstallationCheck.strings.svn-base differ diff -Nru opensc-0.11.13/MacOSX/10.6/resources/.svn/text-base/License.html.svn-base opensc-0.12.1/MacOSX/10.6/resources/.svn/text-base/License.html.svn-base --- opensc-0.11.13/MacOSX/10.6/resources/.svn/text-base/License.html.svn-base 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/10.6/resources/.svn/text-base/License.html.svn-base 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,170 @@ + + + + EST Install OpenSC + + + + + +

      GNU LESSER GENERAL PUBLIC LICENSE

      +

      Version 2.1, February 1999

      + +
      +

      Copyright (C) 1991, 1999 Free Software Foundation, Inc. +59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +Everyone is permitted to copy and distribute verbatim copies +of this license document, but changing it is not allowed.

      + +

      [This is the first released version of the Lesser GPL. It also counts + as the successor of the GNU Library Public License, version 2, hence + the version number 2.1.]

      + +

      Preamble

      + +

      The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users.

      + +

      This license, the Lesser General Public License, applies to some specially designated software packages--typically libraries--of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below. +

      +

      When we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things.

      + +

      To protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it. +

      +

      For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights.

      + +

      We protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library.

      + +

      To protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others.

      +

      + Finally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license.

      + +

      Most GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs.

      + +

      When a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library.

      + +

      We call this license the "Lesser" General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances.

      + +

      For example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License. +

      +

      In other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system.

      + +

      Although the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library. +

      +

      The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, whereas the latter must be combined with the library in order to run.

      + +

      TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

      + +

      0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called "this License"). Each licensee is addressed as "you".

      + +

      A "library" means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables.

      + +

      The "Library", below, refers to any such software library or work which has been distributed under these terms. A "work based on the Library" means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term "modification".)

      + +

      "Source code" for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library.

      + +

      Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does.

      + +

      1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library. +

      +

      You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.

      + +

      2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: +

      + +
      +

      a) The modified work must itself be a software library.

      +

      b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change.

      +

      c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License.

      +

      d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful.

      + + +

      (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.) +

      +

      These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. +

      +

      Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library. +

      +

      In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. +

      +

      3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices.

      + +

      Once this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy. +

      +

      This option is useful when you wish to copy part of the code of the Library into a program that is not a library. +

      +

      4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange. +

      + +

      If distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code.

      + +

      5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a "work that uses the Library". Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License.

      + +

      However, linking a "work that uses the Library" with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables.

      + +

      When a "work that uses the Library" uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law.

      + +

      If such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.)

      + +

      Otherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself.

      + +

      6. As an exception to the Sections above, you may also combine or link a "work that uses the Library" with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications.

      +

      + You must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things:

      + +

      a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable "work that uses the Library", as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.)

      + +

      b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with.

      +

      +c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution.

      + +

      d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place.

      + +

      e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy.

      +
      + +

      For an executable, the required form of the "work that uses the Library" must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.

      + +

      It may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute.

      + +

      7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things:

      + +
      +

      a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above.

      + +

      b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work.

      + +

      8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.

      +

      +9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it.

      +

      +10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License.

      + +

      11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library.

      +

      +If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances.

      + +

      It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.

      + +

      This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.

      +

      +12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.

      +

      +13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.

      + +

      Each version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation.

      +

      +14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.

      +

      +NO WARRANTY

      +

      +15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.

      +

      +16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

      + + + \ No newline at end of file diff -Nru opensc-0.11.13/MacOSX/10.6/resources/.svn/text-base/ReadMe.html.in.svn-base opensc-0.12.1/MacOSX/10.6/resources/.svn/text-base/ReadMe.html.in.svn-base --- opensc-0.11.13/MacOSX/10.6/resources/.svn/text-base/ReadMe.html.in.svn-base 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/10.6/resources/.svn/text-base/ReadMe.html.in.svn-base 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,26 @@ + + + + + + + + + +

      OpenSC, version @PACKAGE_VERSION@

      +

      for Mac OS X 10.6 (Snow Leopard), universal (32-bit and 64-bit)

      + +

      OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures.

      + +

      OpenSC implements the PKCS#11 API so applications supporting this API (such as Mozilla Firefox and Thunderbird) can use it. On the card OpenSC implements the PKCS#15 standard and aims to be compatible with every software/card that does so, too.

      + +

      Documentation:

      +

      The OpenSC Wiki is available at: http://www.opensc-project.org/opensc and should be consulted for further documentation and support.

      + + + \ No newline at end of file diff -Nru opensc-0.11.13/MacOSX/10.6/scripts/InstallationCheck opensc-0.12.1/MacOSX/10.6/scripts/InstallationCheck --- opensc-0.11.13/MacOSX/10.6/scripts/InstallationCheck 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/10.6/scripts/InstallationCheck 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,116 @@ +#!/usr/bin/perl + +my $SYSTEM_VERS = "/System/Library/CoreServices/SystemVersion.plist"; +my $EXIT_VALUE = 0; + +if ( $ENV{OS_INSTALL} == 1) { + exit (0); +} + +DO_CHECKS: { + # 10.6.3 or higher system must be active + if(CheckVersion("$SYSTEM_VERS", "10.6.4", "ProductVersion", "<")) { + $EXIT_VALUE = ((1 << 6) | ( 1 << 5 ) | 17 ); + last; + } + # 10.6 system must be active + if(CheckVersion("$SYSTEM_VERS", "10.7.0", "ProductVersion", ">")) { + $EXIT_VALUE = ((1 << 6) | ( 1 << 5 ) | 18 ); + last; + } +} +exit($EXIT_VALUE); + +### + +sub CheckVersion +{ + my $path = $_[0]; + my $version = $_[1]; + my $keyName = $_[2]; + my $operator = $_[3]; + + if (! -e $path) { + return 0; + } + + if (!$operator) { + $operator = "=="; + } + + my $oldSeperator = $/; + $/ = \0; + + open( PLIST, "$path") || do { + return 0; + }; + + $plistData = ; + $plistData =~ /(.*?)<\/dict>/gis; + + @items = split(//, $plistData); + + shift @items; + foreach $item (@items) { + $item =~ /(.*?)<\/key>.*?(.*?)<\/string>/gis; + $versiondata{ $1 } = $2; + } + + close(PLIST); + + $/ = $oldSeperator; + + @theVersionArray = split(/\./, $versiondata{$keyName}); + for ($i = 0; $i < 3; $i++) { + if(!$theVersionArray[$i]) { + $theVersionArray[$i] = '0'; + } + } + + @versionArray = split(/\./, $version); + + my $actualVersion; + + for ($i = 0; $i < 3; $i++) { + if (($theVersionArray[$i] != $versionArray[$i]) or ($i == 2)) { + + $actualVersion = $theVersionArray[$i]; + $version = $versionArray[$i]; + + last; + } + } + + my $expression = '$actualVersion ' . $operator . ' $version'; + if( eval ($expression) ) + { + return 1; + } + else + { + return 0; + } + +} + +sub CheckIOReg +{ + $RESULT = 0; + + open(IOREGOUT, "/usr/sbin/ioreg |"); + + foreach $LINE () { + $BUF .= $LINE; + } + close(IOREGOUT); + + foreach $ITEM (@_) { + if($BUF =~ /$ITEM/g) { + $RESULT = 1; + last; + } + } + + return($RESULT); +} + diff -Nru opensc-0.11.13/MacOSX/10.6/scripts/postflight opensc-0.12.1/MacOSX/10.6/scripts/postflight --- opensc-0.11.13/MacOSX/10.6/scripts/postflight 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/10.6/scripts/postflight 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,24 @@ +#!/bin/bash + +if !([ -e "/usr/lib/opensc-pkcs11.so" ]) +then + ln -s /Library/OpenSC/lib/opensc-pkcs11.so /usr/lib/opensc-pkcs11.so +fi +if [ -e "/Library/OpenSC/etc/opensc.conf.md5" ] +then + read cs_fromfile file < "/Library/OpenSC/etc/opensc.conf.md5" + cs_calculated=$( md5 -q "/Library/OpenSC/etc/opensc.conf") + if [ "$cs_fromfile" = "$cs_calculated" ] + then + mv /Library/OpenSC/etc/opensc.conf.orig /Library/OpenSC/etc/opensc.conf + md5 -r /Library/OpenSC/etc/opensc.conf > /Library/OpenSC/etc/opensc.conf.md5 + fi +else + mv /Library/OpenSC/etc/opensc.conf.orig /Library/OpenSC/etc/opensc.conf + md5 -r /Library/OpenSC/etc/opensc.conf > /Library/OpenSC/etc/opensc.conf.md5 +fi +for f in /Library/OpenSC/bin/* +do + ln -sf $f /usr/local/bin +done +exit 0 diff -Nru opensc-0.11.13/MacOSX/10.6/scripts/.svn/dir-prop-base opensc-0.12.1/MacOSX/10.6/scripts/.svn/dir-prop-base --- opensc-0.11.13/MacOSX/10.6/scripts/.svn/dir-prop-base 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/10.6/scripts/.svn/dir-prop-base 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,84 @@ +K 10 +svn:ignore +V 658 +Makefile +Makefile.in +core +archive +acinclude.m4 +aclocal.m4 +autom4te.cache +compile +confdefs.h +config.* +configure +conftest +conftest.c +depcomp +install-sh +libtool +libtool.m4 +lt*.m4 +ltmain.sh +missing +mkinstalldirs +so_locations +stamp-h* + +.deps +.libs +.#*# +.*.bak +.*.orig +.*.rej +.*~ +#*# +*.bak +*.d +*.def +*.dll +*.exe +*.la +*.lib +*.lo +*.orig +*.pdb +*.rej +*.u +*.rc +*.pc +*~ +*.gz +*.bz2 +*.[0-9] +*.html +*.gif +*.css +*.out +*.tmp + +ChangeLog +opensc.conf +xsl-stylesheets +opensc-config +test-conf +pkcs15-tool +pkcs15-crypt +pkcs15-init +piv-tool +eidenv +opensc-explorer +opensc-tool +rutoken-tool +cardos-info +cryptoflex-tool +netkey-tool +pkcs11-tool +pintest +p15dump +prngtest +base64 +lottery + + +END diff -Nru opensc-0.11.13/MacOSX/10.6/scripts/.svn/entries opensc-0.12.1/MacOSX/10.6/scripts/.svn/entries --- opensc-0.11.13/MacOSX/10.6/scripts/.svn/entries 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/10.6/scripts/.svn/entries 2011-05-18 05:45:18.000000000 +0000 @@ -0,0 +1,96 @@ +10 + +dir +5454 +https://www.opensc-project.org/svnp/opensc/releases/opensc-0.12.1/MacOSX/10.6/scripts +https://www.opensc-project.org/svnp/opensc + + + +2011-05-17T17:02:31.671713Z +5451 +martin +has-props + + + + + + + + + + + + + +c6295689-39f2-0310-b995-f0e70906c6a9 + +InstallationCheck +file + + + + +2011-05-17T17:07:00.846747Z +9ed64082b437c443b703fe15a3eb2113 +2011-05-17T17:02:31.671713Z +5451 +martin +has-props + + + + + + + + + + + + + + + + + + + + +2221 + +postflight +file + + + + +2011-05-17T17:07:00.846747Z +5f05d5c53521e46eeb1dce01084175dd +2011-05-17T17:02:31.671713Z +5451 +martin +has-props + + + + + + + + + + + + + + + + + + + + +746 + diff -Nru opensc-0.11.13/MacOSX/10.6/scripts/.svn/prop-base/InstallationCheck.svn-base opensc-0.12.1/MacOSX/10.6/scripts/.svn/prop-base/InstallationCheck.svn-base --- opensc-0.11.13/MacOSX/10.6/scripts/.svn/prop-base/InstallationCheck.svn-base 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/10.6/scripts/.svn/prop-base/InstallationCheck.svn-base 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,5 @@ +K 14 +svn:executable +V 1 +* +END diff -Nru opensc-0.11.13/MacOSX/10.6/scripts/.svn/prop-base/postflight.svn-base opensc-0.12.1/MacOSX/10.6/scripts/.svn/prop-base/postflight.svn-base --- opensc-0.11.13/MacOSX/10.6/scripts/.svn/prop-base/postflight.svn-base 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/10.6/scripts/.svn/prop-base/postflight.svn-base 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,5 @@ +K 14 +svn:executable +V 1 +* +END diff -Nru opensc-0.11.13/MacOSX/10.6/scripts/.svn/text-base/InstallationCheck.svn-base opensc-0.12.1/MacOSX/10.6/scripts/.svn/text-base/InstallationCheck.svn-base --- opensc-0.11.13/MacOSX/10.6/scripts/.svn/text-base/InstallationCheck.svn-base 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/10.6/scripts/.svn/text-base/InstallationCheck.svn-base 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,116 @@ +#!/usr/bin/perl + +my $SYSTEM_VERS = "/System/Library/CoreServices/SystemVersion.plist"; +my $EXIT_VALUE = 0; + +if ( $ENV{OS_INSTALL} == 1) { + exit (0); +} + +DO_CHECKS: { + # 10.6.3 or higher system must be active + if(CheckVersion("$SYSTEM_VERS", "10.6.4", "ProductVersion", "<")) { + $EXIT_VALUE = ((1 << 6) | ( 1 << 5 ) | 17 ); + last; + } + # 10.6 system must be active + if(CheckVersion("$SYSTEM_VERS", "10.7.0", "ProductVersion", ">")) { + $EXIT_VALUE = ((1 << 6) | ( 1 << 5 ) | 18 ); + last; + } +} +exit($EXIT_VALUE); + +### + +sub CheckVersion +{ + my $path = $_[0]; + my $version = $_[1]; + my $keyName = $_[2]; + my $operator = $_[3]; + + if (! -e $path) { + return 0; + } + + if (!$operator) { + $operator = "=="; + } + + my $oldSeperator = $/; + $/ = \0; + + open( PLIST, "$path") || do { + return 0; + }; + + $plistData = ; + $plistData =~ /(.*?)<\/dict>/gis; + + @items = split(//, $plistData); + + shift @items; + foreach $item (@items) { + $item =~ /(.*?)<\/key>.*?(.*?)<\/string>/gis; + $versiondata{ $1 } = $2; + } + + close(PLIST); + + $/ = $oldSeperator; + + @theVersionArray = split(/\./, $versiondata{$keyName}); + for ($i = 0; $i < 3; $i++) { + if(!$theVersionArray[$i]) { + $theVersionArray[$i] = '0'; + } + } + + @versionArray = split(/\./, $version); + + my $actualVersion; + + for ($i = 0; $i < 3; $i++) { + if (($theVersionArray[$i] != $versionArray[$i]) or ($i == 2)) { + + $actualVersion = $theVersionArray[$i]; + $version = $versionArray[$i]; + + last; + } + } + + my $expression = '$actualVersion ' . $operator . ' $version'; + if( eval ($expression) ) + { + return 1; + } + else + { + return 0; + } + +} + +sub CheckIOReg +{ + $RESULT = 0; + + open(IOREGOUT, "/usr/sbin/ioreg |"); + + foreach $LINE () { + $BUF .= $LINE; + } + close(IOREGOUT); + + foreach $ITEM (@_) { + if($BUF =~ /$ITEM/g) { + $RESULT = 1; + last; + } + } + + return($RESULT); +} + diff -Nru opensc-0.11.13/MacOSX/10.6/scripts/.svn/text-base/postflight.svn-base opensc-0.12.1/MacOSX/10.6/scripts/.svn/text-base/postflight.svn-base --- opensc-0.11.13/MacOSX/10.6/scripts/.svn/text-base/postflight.svn-base 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/10.6/scripts/.svn/text-base/postflight.svn-base 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,24 @@ +#!/bin/bash + +if !([ -e "/usr/lib/opensc-pkcs11.so" ]) +then + ln -s /Library/OpenSC/lib/opensc-pkcs11.so /usr/lib/opensc-pkcs11.so +fi +if [ -e "/Library/OpenSC/etc/opensc.conf.md5" ] +then + read cs_fromfile file < "/Library/OpenSC/etc/opensc.conf.md5" + cs_calculated=$( md5 -q "/Library/OpenSC/etc/opensc.conf") + if [ "$cs_fromfile" = "$cs_calculated" ] + then + mv /Library/OpenSC/etc/opensc.conf.orig /Library/OpenSC/etc/opensc.conf + md5 -r /Library/OpenSC/etc/opensc.conf > /Library/OpenSC/etc/opensc.conf.md5 + fi +else + mv /Library/OpenSC/etc/opensc.conf.orig /Library/OpenSC/etc/opensc.conf + md5 -r /Library/OpenSC/etc/opensc.conf > /Library/OpenSC/etc/opensc.conf.md5 +fi +for f in /Library/OpenSC/bin/* +do + ln -sf $f /usr/local/bin +done +exit 0 diff -Nru opensc-0.11.13/MacOSX/build opensc-0.12.1/MacOSX/build --- opensc-0.11.13/MacOSX/build 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/build 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,8 @@ +#!/bin/bash +set -ex +# generate configure +test -x ./configure || ./bootstrap +# configure once to set the version in build script +./configure +# build and package installer +bash ./MacOSX/build-package $@ diff -Nru opensc-0.11.13/MacOSX/build-package.in opensc-0.12.1/MacOSX/build-package.in --- opensc-0.11.13/MacOSX/build-package.in 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/build-package.in 2011-05-18 05:45:18.000000000 +0000 @@ -0,0 +1,141 @@ +#!/bin/bash +set -ex +OSX_RELEASE=${1:-10.6} +INTEL_ONLY=${INTEL_ONLY:-no} +test -x ./configure || ./bootstrap +BUILDPATH=${PWD} +case ${OSX_RELEASE} in + "10.5") + if test ${INTEL_ONLY} = "yes"; then + export CFLAGS="-isysroot /Developer/SDKs/MacOSX10.5.sdk -arch i386 -mmacosx-version-min=10.5 -g" + else + export CFLAGS="-isysroot /Developer/SDKs/MacOSX10.5.sdk -arch i386 -arch ppc7400 -mmacosx-version-min=10.5 -g" + fi + ;; + "10.6") + export CFLAGS="-isysroot /Developer/SDKs/MacOSX10.6.sdk -arch i386 -arch x86_64 -mmacosx-version-min=10.6 -g" + ;; + *) + echo "OSX ${OSX_RELEASE} is not supported!" + exit 1 + ;; +esac + +export SED=/usr/bin/sed +PREFIX=/Library/OpenSC +export PKG_CONFIG_PATH=/usr/lib/pkgconfig + +# In case of OSX 10.5, link against static libltdl to work around +# missing libltdl.3.dylib in 10.5 PPC version +test ${OSX_RELEASE} = "10.5" && export LTLIB_LIBS="/Developer/SDKs/MacOSX10.5.sdk/usr/lib/libltdl.a" + +./configure --prefix=$PREFIX \ +--sysconfdir=$PREFIX/etc \ +--disable-dependency-tracking \ +--enable-shared \ +--disable-static \ +--enable-strict \ +--disable-assert + + +# check if make install is required +case "${OSX_RELEASE}" in + "10.5") if test ${INTEL_ONLY} = "yes"; then required_arch="i386"; else required_arch="ppc7400"; fi ;; + "10.6") required_arch="x86_64" ;; +esac + +if !(test -e src/libopensc/.libs/libopensc.dylib && (file src/libopensc/.libs/libopensc.dylib | grep $required_arch)); then + make clean +fi + +# compile +make -j 2 + +# copy files +rm -rf target +make install DESTDIR=${BUILDPATH}/target + +# remove garbage +rm target/Library/OpenSC/lib/onepin-opensc-pkcs11.la +rm target/Library/OpenSC/lib/opensc-pkcs11.la +rm target/Library/OpenSC/lib/pkcs11-spy.la +rm target/Library/OpenSC/lib/libopensc.la + +# generate .bundle (required by Adobe Acrobat) +./MacOSX/libtool-bundle target/Library/OpenSC/lib/opensc-pkcs11.so target/Library/OpenSC/lib + +if test ${OSX_RELEASE} = "10.6"; then + # Build libp11+engine_pkcs11. Attention! Uses modified branches from github! + test -d libp11 || git clone http://github.com/martinpaljak/libp11.git -b martin + (cd libp11 + test -x confiure || ./bootstrap + ./configure --enable-static --disable-shared --disable-dependency-tracking --prefix=${BUILDPATH}/build && make && make install + cd ..) + test -d engine_pkcs11 || git clone http://github.com/martinpaljak/engine_pkcs11.git -b martin + (cd engine_pkcs11 + git checkout origin/martin + test -x configure || ./bootstrap + PKG_CONFIG_PATH=${BUILDPATH}/build/lib/pkgconfig ./configure --disable-dependency-tracking --prefix=/Library/OpenSC && make + make install DESTDIR=${BUILDPATH}/target) +fi + +if ! test -e OpenSC.tokend; then + git clone http://github.com/martinpaljak/OpenSC.tokend.git +fi + +case "${OSX_RELEASE}" in + "10.5") git --git-dir OpenSC.tokend/.git --work-tree OpenSC.tokend checkout --force origin/10.5-0.12.1; rm -rf OpenSC.tokend/build + if test ${INTEL_ONLY} = "yes"; then + sed -e 's/ ppc7400//g' OpenSC.tokend/Tokend.xcodeproj/project.pbxproj > project.tmp + mv project.tmp OpenSC.tokend/Tokend.xcodeproj/project.pbxproj + fi + ;; + "10.6") git --git-dir OpenSC.tokend/.git --work-tree OpenSC.tokend checkout --force origin/10.6-0.12.1; rm -rf OpenSC.tokend/build ;; +esac + +if ! test -e build-${OSX_RELEASE}.tar.gz; then + case ${OSX_RELEASE} in + "10.5") + curl http://martinpaljak.net/download/build-10.5.tar.gz -o build-${OSX_RELEASE}.tar.gz + ;; + "10.6") + curl http://martinpaljak.net/download/build-10.6.tar.gz -o build-${OSX_RELEASE}.tar.gz + ;; + esac +fi + +# Unpack the binary building components +if ! test -e OpenSC.tokend/build; then + tar -C OpenSC.tokend -xzvf build-${OSX_RELEASE}.tar.gz +fi + +# Create the symlink to OpenSC sources +test -L OpenSC.tokend/build/opensc-src || ln -sf ${BUILDPATH}/src OpenSC.tokend/build/opensc-src + +# build and copy OpenSC.tokend +xcodebuild -configuration Deployment -project OpenSC.tokend/Tokend.xcodeproj +mkdir -p target/System/Library/Security/tokend +mv OpenSC.tokend/build/OpenSC.tokend target/System/Library/Security/tokend + +# The "UnInstaller" +mkdir -p target/usr/local/bin +cp MacOSX/opensc-uninstall target/usr/local/bin + +# Build installer package +/Developer/Applications/Utilities/PackageMaker.app/Contents/MacOS/PackageMaker \ +-r target \ +-o OpenSC-@PACKAGE_VERSION@-${OSX_RELEASE}.pkg \ +-t "OpenSC @PACKAGE_VERSION@ for Mac OS X ${OSX_RELEASE}" \ +-i org.opensc-project.mac \ +-n @PACKAGE_VERSION@ \ +-g 10.4 \ +-b \ +-v \ +--no-relocate \ +-e MacOSX/${OSX_RELEASE}/resources \ +-s MacOSX/${OSX_RELEASE}/scripts + +# Create .dmg +rm -f OpenSC-@PACKAGE_VERSION@-${OSX_RELEASE}.dmg +TIMESTAMP=$(date +%Y.%m.%d) +hdiutil create -srcfolder OpenSC-@PACKAGE_VERSION@-${OSX_RELEASE}.pkg -volname "OpenSC @PACKAGE_VERSION@ for Mac OS X ${OSX_RELEASE} (${TIMESTAMP})" OpenSC-@PACKAGE_VERSION@-${OSX_RELEASE}.dmg diff -Nru opensc-0.11.13/MacOSX/libtool-bundle opensc-0.12.1/MacOSX/libtool-bundle --- opensc-0.11.13/MacOSX/libtool-bundle 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/libtool-bundle 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,104 @@ +#!/bin/sh +# A shell script to create MacOS X bundles +# from files created by GNU libtool. +# Incomplete, but works. +# +# $Id: libtool-bundle 1533 2003-10-16 20:41:34Z aet $ +# +# + +set -e +verbose=0 + +verbose_msg () +{ + if [ $verbose -ne 0 ]; then + echo "libtool-bundle: $@" + fi +} + +error_msg () +{ + echo 1>&2 "libtool-bundle: $@" +} + +usage () +{ + error_msg "Usage: $0 [-e extra XML data] [Mach-O bundle file] [destination directory] " + exit 1 +} + +case $1 in + -e) shift; if [ "$1" ]; then extradata=$1; shift; else usage; fi; ;; +esac + +[ $# -le 1 -o $# -ge 4 ] && usage + +sofile=$1 +[ ! -f $sofile ] && error_msg "Not a file or file not found: $sofile" && exit 1 +case "$sofile" in +*.so*) + # Assume it's ok + ;; +*) + error_msg "Invalid bundle: $sofile" + exit 1 + ;; +esac + +destdir=$2 +[ ! -d $destdir -o ! -w $destdir ] && error_msg "Not a directory or no write access: $destdir" && exit 1 + +name="$sofile" +[ $# -eq 3 ] && name=$3 +name=`echo $name | sed -e "s@.*/@@" -e "s@\.so.*@@"` +root="$destdir/${name}.bundle" + +verbose_msg "sofile: $sofile" +verbose_msg "destdir: $destdir" +verbose_msg "name: $name" +verbose_msg "root: $root" + +arch=`uname` +[ x$arch = xDarwin ] && arch=MacOS +type="BNDL" +creator="????" + +# Overwrite existing bundle +[ -d "$root" ] && rm -rf "$root" + +mkdir -p "$root"/Contents/$arch +cp "$sofile" "$root"/Contents/$arch/"$name" +echo "$type$creator" > "$root"/Contents/PkgInfo + +create_info_plist () +{ + echo "" + echo "" + echo "" + echo "" + echo " CFBundleDevelopmentRegion" + echo " English" + echo " CFBundleExecutable" + echo " $name" + echo " CFBundleInfoDictionaryVersion" + echo " 6.0" + echo " CFBundleName" + echo " $name" + echo " CFBundlePackageType" + echo " $type" + echo " CFBundleSignature" + echo " $creator" + echo " CFBundleVersion" + echo " 0.0.1d1" + if [ "$extradata" ]; then + echo "" + [ -f "$extradata" ]; cat $extradata + fi + echo "" + echo "" +} + +create_info_plist > "$root"/Contents/Info.plist + +echo "Installed $sofile as $root" diff -Nru opensc-0.11.13/MacOSX/Makefile.am opensc-0.12.1/MacOSX/Makefile.am --- opensc-0.11.13/MacOSX/Makefile.am 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/Makefile.am 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,18 @@ +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in +EXTRA_DIST = build build-package.in libtool-bundle opensc-uninstall \ + 10.5/resources \ + 10.5/resources/background.jpg \ + 10.5/resources/InstallationCheck.strings \ + 10.5/resources/License.html \ + 10.5/resources/ReadMe.html.in \ + 10.5/scripts \ + 10.5/scripts/InstallationCheck \ + 10.5/scripts/postflight \ + 10.6/resources \ + 10.6/resources/background.jpg \ + 10.6/resources/InstallationCheck.strings \ + 10.6/resources/License.html \ + 10.6/resources/ReadMe.html.in \ + 10.6/scripts \ + 10.6/scripts/InstallationCheck \ + 10.6/scripts/postflight diff -Nru opensc-0.11.13/MacOSX/Makefile.in opensc-0.12.1/MacOSX/Makefile.in --- opensc-0.11.13/MacOSX/Makefile.in 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/Makefile.in 2011-05-18 05:51:48.000000000 +0000 @@ -0,0 +1,418 @@ +# Makefile.in generated by automake 1.11.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = MacOSX +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ + $(srcdir)/build-package.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/acx_pthread.m4 \ + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = build-package +CONFIG_CLEAN_VPATH_FILES = +SOURCES = +DIST_SOURCES = +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AR = @AR@ +AS = @AS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFAULT_PCSC_PROVIDER = @DEFAULT_PCSC_PROVIDER@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBRARY_BITNESS = @LIBRARY_BITNESS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LTLIB_CFLAGS = @LTLIB_CFLAGS@ +LTLIB_LIBS = @LTLIB_LIBS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENCT_CFLAGS = @OPENCT_CFLAGS@ +OPENCT_LIBS = @OPENCT_LIBS@ +OPENSC_LT_AGE = @OPENSC_LT_AGE@ +OPENSC_LT_CURRENT = @OPENSC_LT_CURRENT@ +OPENSC_LT_OLDEST = @OPENSC_LT_OLDEST@ +OPENSC_LT_REVISION = @OPENSC_LT_REVISION@ +OPENSC_VERSION_FIX = @OPENSC_VERSION_FIX@ +OPENSC_VERSION_MAJOR = @OPENSC_VERSION_MAJOR@ +OPENSC_VERSION_MINOR = @OPENSC_VERSION_MINOR@ +OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ +OPENSSL_LIBS = @OPENSSL_LIBS@ +OPTIONAL_OPENCT_CFLAGS = @OPTIONAL_OPENCT_CFLAGS@ +OPTIONAL_OPENCT_LIBS = @OPTIONAL_OPENCT_LIBS@ +OPTIONAL_OPENSSL_CFLAGS = @OPTIONAL_OPENSSL_CFLAGS@ +OPTIONAL_OPENSSL_LIBS = @OPTIONAL_OPENSSL_LIBS@ +OPTIONAL_PCSC_CFLAGS = @OPTIONAL_PCSC_CFLAGS@ +OPTIONAL_READLINE_CFLAGS = @OPTIONAL_READLINE_CFLAGS@ +OPTIONAL_READLINE_LIBS = @OPTIONAL_READLINE_LIBS@ +OPTIONAL_ZLIB_CFLAGS = @OPTIONAL_ZLIB_CFLAGS@ +OPTIONAL_ZLIB_LIBS = @OPTIONAL_ZLIB_LIBS@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PCSC_CFLAGS = @PCSC_CFLAGS@ +PCSC_LIBS = @PCSC_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PTHREAD_CC = @PTHREAD_CC@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LIBS = @PTHREAD_LIBS@ +RANLIB = @RANLIB@ +RC = @RC@ +READLINE_CFLAGS = @READLINE_CFLAGS@ +READLINE_LIBS = @READLINE_LIBS@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +SVN = @SVN@ +VERSION = @VERSION@ +WIN_LIBPREFIX = @WIN_LIBPREFIX@ +XSLTPROC = @XSLTPROC@ +ZLIB_CFLAGS = @ZLIB_CFLAGS@ +ZLIB_LIBS = @ZLIB_LIBS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +acx_pthread_config = @acx_pthread_config@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +pkcs11dir = @pkcs11dir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +xslstylesheetsdir = @xslstylesheetsdir@ +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in +EXTRA_DIST = build build-package.in libtool-bundle opensc-uninstall \ + 10.5/resources \ + 10.5/resources/background.jpg \ + 10.5/resources/InstallationCheck.strings \ + 10.5/resources/License.html \ + 10.5/resources/ReadMe.html.in \ + 10.5/scripts \ + 10.5/scripts/InstallationCheck \ + 10.5/scripts/postflight \ + 10.6/resources \ + 10.6/resources/background.jpg \ + 10.6/resources/InstallationCheck.strings \ + 10.6/resources/License.html \ + 10.6/resources/ReadMe.html.in \ + 10.6/scripts \ + 10.6/scripts/InstallationCheck \ + 10.6/scripts/postflight + +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign MacOSX/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign MacOSX/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +build-package: $(top_builddir)/config.status $(srcdir)/build-package.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +tags: TAGS +TAGS: + +ctags: CTAGS +CTAGS: + + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile +installdirs: +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." + -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) +clean: clean-am + +clean-am: clean-generic clean-libtool mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: + +.MAKE: install-am install-strip + +.PHONY: all all-am check check-am clean clean-generic clean-libtool \ + distclean distclean-generic distclean-libtool distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am uninstall uninstall-am + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff -Nru opensc-0.11.13/MacOSX/opensc-uninstall opensc-0.12.1/MacOSX/opensc-uninstall --- opensc-0.11.13/MacOSX/opensc-uninstall 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/MacOSX/opensc-uninstall 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,25 @@ +#!/bin/bash +if [ "$(id -u)" != "0" ]; then + echo "This script must be run as root:" 1>&2 + echo "" 1>&2 + echo "sudo /usr/local/bin/opensc-uninstall" 1>&2 + exit 1 +fi + +rm -rf /Library/OpenSC +rm -rf /System/Library/Security/tokend/OpenSC.tokend + +for file in /usr/lib/opensc-pkcs11.so /usr/local/bin/cryptoflex-tool /usr/local/bin/eidenv /usr/local/bin/netkey-tool /usr/local/bin/opensc-explorer /usr/local/bin/opensc-tool /usr/local/bin/piv-tool /usr/local/bin/pkcs11-tool /usr/local/bin/pkcs15-crypt /usr/local/bin/pkcs15-init /usr/local/bin/pkcs15-tool /usr/local/bin/rutoken-tool /usr/local/bin/westcos-tool; do + test -L $file && rm -f $file +done +rm -f /usr/local/bin/opensc-uninstall + +# delete receipts on 10.6 +for file in /var/db/receipts/org.opensc-project.mac.bom /var/db/receipts/org.opensc-project.mac.plist; do + test -f $file && rm -f $file +done + +# delete receipts on 10.5 +test -d /Library/Receipts/OpenSC-10.5.pkg && rm -rf /Library/Receipts/OpenSC-10.5.pkg + +echo "OpenSC has been removed from your system. See you again!" diff -Nru opensc-0.11.13/Makefile.am opensc-0.12.1/Makefile.am --- opensc-0.11.13/Makefile.am 2009-12-13 09:14:28.000000000 +0000 +++ opensc-0.12.1/Makefile.am 2011-05-17 17:07:00.000000000 +0000 @@ -1,4 +1,3 @@ -AUTOMAKE_OPTIONS = foreign 1.10 ACLOCAL_AMFLAGS = -I m4 MAINTAINERCLEANFILES = \ @@ -14,7 +13,7 @@ $(srcdir)/packaged EXTRA_DIST = Makefile.mak svnignore -SUBDIRS = etc src win32 doc +SUBDIRS = etc src win32 doc MacOSX dist_noinst_SCRIPTS = bootstrap dist_noinst_DATA = README \ @@ -22,6 +21,18 @@ solaris/opensc.conf-dist solaris/pkginfo.in solaris/proto dist_doc_DATA = NEWS -# Allow detection of packaged tarball -dist-hook: - echo > "$(distdir)/packaged" +Generate-ChangeLog: + rm -f ChangeLog.tmp "$(srcdir)/ChangeLog" + test -n "$(SVN)" -a -n "$(XSLTPROC)" + if test -d "$(top_srcdir)/.svn"; then \ + $(SVN) --verbose --xml log "$(top_srcdir)" | \ + $(XSLTPROC) --nonet --stringparam linelen 75 \ + --stringparam groupbyday no \ + --stringparam include-rev no \ + "$(top_srcdir)/doc/svn2cl.xsl" - > ChangeLog.tmp; \ + else \ + echo "Warning: Unable to generate ChangeLog from none svn checkout" >&2; \ + echo > ChangeLog.tmp; \ + fi + mv ChangeLog.tmp "$(srcdir)/ChangeLog" + ( cd "$(srcdir)" && autoreconf -ivf ) diff -Nru opensc-0.11.13/Makefile.in opensc-0.12.1/Makefile.in --- opensc-0.11.13/Makefile.in 2010-02-16 09:32:19.000000000 +0000 +++ opensc-0.12.1/Makefile.in 2011-05-18 05:51:48.000000000 +0000 @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -39,21 +39,24 @@ DIST_COMMON = README $(am__configure_deps) $(dist_doc_DATA) \ $(dist_noinst_DATA) $(dist_noinst_SCRIPTS) \ $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ - $(srcdir)/config.h.in $(top_srcdir)/configure COPYING NEWS \ - config.guess config.sub depcomp install-sh ltmain.sh missing + $(srcdir)/config.h.in \ + $(top_srcdir)/MacOSX/10.5/resources/ReadMe.html.in \ + $(top_srcdir)/MacOSX/10.6/resources/ReadMe.html.in \ + $(top_srcdir)/configure COPYING ChangeLog NEWS config.guess \ + config.sub depcomp install-sh ltmain.sh missing ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/acx_pthread.m4 \ - $(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.ac + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ configure.lineno config.status.lineno mkinstalldirs = $(install_sh) -d CONFIG_HEADER = config.h -CONFIG_CLEAN_FILES = +CONFIG_CLEAN_FILES = MacOSX/10.5/resources/ReadMe.html \ + MacOSX/10.6/resources/ReadMe.html CONFIG_CLEAN_VPATH_FILES = SCRIPTS = $(dist_noinst_SCRIPTS) SOURCES = @@ -159,8 +162,6 @@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ -ICONV_CFLAGS = @ICONV_CFLAGS@ -ICONV_LIBS = @ICONV_LIBS@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ @@ -168,10 +169,8 @@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LD = @LD@ LDFLAGS = @LDFLAGS@ -LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@ -LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@ -LIBASSUAN_LIBS = @LIBASSUAN_LIBS@ LIBOBJS = @LIBOBJS@ +LIBRARY_BITNESS = @LIBRARY_BITNESS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ @@ -196,8 +195,6 @@ OPENSC_VERSION_MINOR = @OPENSC_VERSION_MINOR@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ -OPTIONAL_ICONV_CFLAGS = @OPTIONAL_ICONV_CFLAGS@ -OPTIONAL_ICONV_LIBS = @OPTIONAL_ICONV_LIBS@ OPTIONAL_OPENCT_CFLAGS = @OPTIONAL_OPENCT_CFLAGS@ OPTIONAL_OPENCT_LIBS = @OPTIONAL_OPENCT_LIBS@ OPTIONAL_OPENSSL_CFLAGS = @OPTIONAL_OPENSSL_CFLAGS@ @@ -220,6 +217,8 @@ PCSC_CFLAGS = @PCSC_CFLAGS@ PCSC_LIBS = @PCSC_LIBS@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ @@ -232,10 +231,7 @@ SHELL = @SHELL@ STRIP = @STRIP@ SVN = @SVN@ -TR = @TR@ VERSION = @VERSION@ -WGET = @WGET@ -WGET_OPTS = @WGET_OPTS@ WIN_LIBPREFIX = @WIN_LIBPREFIX@ XSLTPROC = @XSLTPROC@ ZLIB_CFLAGS = @ZLIB_CFLAGS@ @@ -281,11 +277,8 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ -openscincludedir = @openscincludedir@ pdfdir = @pdfdir@ pkcs11dir = @pkcs11dir@ -pkgconfigdir = @pkgconfigdir@ -plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -298,7 +291,6 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ xslstylesheetsdir = @xslstylesheetsdir@ -AUTOMAKE_OPTIONS = foreign 1.10 ACLOCAL_AMFLAGS = -I m4 MAINTAINERCLEANFILES = \ config.log config.status \ @@ -313,7 +305,7 @@ $(srcdir)/packaged EXTRA_DIST = Makefile.mak svnignore -SUBDIRS = etc src win32 doc +SUBDIRS = etc src win32 doc MacOSX dist_noinst_SCRIPTS = bootstrap dist_noinst_DATA = README \ solaris/Makefile solaris/README solaris/checkinstall.in \ @@ -375,6 +367,10 @@ distclean-hdr: -rm -f config.h stamp-h1 +MacOSX/10.5/resources/ReadMe.html: $(top_builddir)/config.status $(top_srcdir)/MacOSX/10.5/resources/ReadMe.html.in + cd $(top_builddir) && $(SHELL) ./config.status $@ +MacOSX/10.6/resources/ReadMe.html: $(top_builddir)/config.status $(top_srcdir)/MacOSX/10.6/resources/ReadMe.html.in + cd $(top_builddir) && $(SHELL) ./config.status $@ mostlyclean-libtool: -rm -f *.lo @@ -412,7 +408,7 @@ # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. $(RECURSIVE_TARGETS): - @failcom='exit 1'; \ + @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ @@ -437,7 +433,7 @@ fi; test -z "$$fail" $(RECURSIVE_CLEAN_TARGETS): - @failcom='exit 1'; \ + @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ @@ -600,11 +596,9 @@ || exit 1; \ fi; \ done - $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="$(top_distdir)" distdir="$(distdir)" \ - dist-hook -test -n "$(am__skip_mode_fix)" \ - || find "$(distdir)" -type d ! -perm -777 -exec chmod a+rwx {} \; -o \ + || find "$(distdir)" -type d ! -perm -755 \ + -exec chmod u+rwx,go+rx {} \; -o \ ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \ ! -type d ! -perm -400 -exec chmod a+r {} \; -o \ ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \ @@ -648,17 +642,17 @@ distcheck: dist case '$(DIST_ARCHIVES)' in \ *.tar.gz*) \ - GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\ + GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\ *.tar.bz2*) \ - bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\ + bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ *.tar.lzma*) \ - unlzma -c $(distdir).tar.lzma | $(am__untar) ;;\ + lzma -dc $(distdir).tar.lzma | $(am__untar) ;;\ *.tar.xz*) \ xz -dc $(distdir).tar.xz | $(am__untar) ;;\ *.tar.Z*) \ uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ *.shar.gz*) \ - GZIP=$(GZIP_ENV) gunzip -c $(distdir).shar.gz | unshar ;;\ + GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\ *.zip*) \ unzip $(distdir).zip ;;\ esac @@ -827,8 +821,8 @@ .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am am--refresh check check-am clean clean-generic \ clean-libtool ctags ctags-recursive dist dist-all dist-bzip2 \ - dist-gzip dist-hook dist-lzma dist-shar dist-tarZ dist-xz \ - dist-zip distcheck distclean distclean-generic distclean-hdr \ + dist-gzip dist-lzma dist-shar dist-tarZ dist-xz dist-zip \ + distcheck distclean distclean-generic distclean-hdr \ distclean-libtool distclean-tags distcleancheck distdir \ distuninstallcheck dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am \ @@ -842,9 +836,21 @@ uninstall uninstall-am uninstall-dist_docDATA -# Allow detection of packaged tarball -dist-hook: - echo > "$(distdir)/packaged" +Generate-ChangeLog: + rm -f ChangeLog.tmp "$(srcdir)/ChangeLog" + test -n "$(SVN)" -a -n "$(XSLTPROC)" + if test -d "$(top_srcdir)/.svn"; then \ + $(SVN) --verbose --xml log "$(top_srcdir)" | \ + $(XSLTPROC) --nonet --stringparam linelen 75 \ + --stringparam groupbyday no \ + --stringparam include-rev no \ + "$(top_srcdir)/doc/svn2cl.xsl" - > ChangeLog.tmp; \ + else \ + echo "Warning: Unable to generate ChangeLog from none svn checkout" >&2; \ + echo > ChangeLog.tmp; \ + fi + mv ChangeLog.tmp "$(srcdir)/ChangeLog" + ( cd "$(srcdir)" && autoreconf -ivf ) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff -Nru opensc-0.11.13/Makefile.mak opensc-0.12.1/Makefile.mak --- opensc-0.11.13/Makefile.mak 2009-12-13 09:14:28.000000000 +0000 +++ opensc-0.12.1/Makefile.mak 2011-05-17 17:07:00.000000000 +0000 @@ -1,5 +1,5 @@ -SUBDIRS = src +SUBDIRS = win32 src all:: diff -Nru opensc-0.11.13/NEWS opensc-0.12.1/NEWS --- opensc-0.11.13/NEWS 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/NEWS 2011-05-17 17:07:00.000000000 +0000 @@ -1,31 +1,76 @@ NEWS for OpenSC -- History of user visible changes -Please also see doc/WhatsNew.html or -http://www.opensc-project.org/opensc/wiki/WhatsNew +Complete change history is available online: +http://www.opensc-project.org/opensc/timeline -Also see the svn changelog using svn command -or doc/nonpersistent/ChangeLog. - -New in 0.11.13; 2010-02-16; Andreas Jellinghaus +New in 0.12.1; 2011-05-17 +* New card driver: IAS/ECC 1.0.1 +* rutoken-tool has been deprecated and removed. +* eidenv and piv-tool utilities now have manual pages. +* pkcs11-tool now requires the use of --module parameter. +* All tools can now use an ATR as an argument to --reader, to skip to the + card with given ATR. +* opensc-tool -l with -v now shows information about the inserted cards. +* Creating files have an enforced upper size limit, 64K +* Support for multiple PKCS#15 applications with different AID-s. + PKCS#15 applications can be listed with pkcs15-tool --list-applications. + Binding to a specific AID with PKCS#15 tools can be done with --aid. +* Hex strings (like card ATR or APDU-s) can now be separated by space, in + addition to colons. +* Pinpad readers known to be bogus are now ignored by OpenSC. At the moment + only "HP USB Smart Card Keyboard" is disabled. +* Windows installer is now distributed as a statically built MSI, for both + x86 and x64. +* Numerous compiler warnings, unused code and internal bugs have been + eliminated. + +New in 0.12.0; 2010-12-22 +* OpenSC uses a single reader driver, specified at compile time. +* New card driver: Italian eID (CNS) by Emanuele Pucciarelli. +* New card driver: Portuguese eID by João Poupino. +* New card driver: westcos by François Leblanc. +* pkcs11-tool can use a slot based on ID, label or index in the slot list. +* PIN flags are updated from supported cards when C_GetTokenInfo is called. +* Support for CardOS 4.4 cards added. +* Fature to exclude readers from OpenSC PKCS#11 via "ignored_readers" + configuration file entry. +* #229: Support semi-automatic fixes to cards personalized with older and + broken OpenSC versions. +* Software keys removed from pkcs15-init and the PKCS#11 module. OpenSC + can either generate keys on card or import plaintext keys to the card, but + will never generate plaintext key material in software by itself. + All traces of a software token (PKCS#15 Section 7) shall be removed. +* Updates to PC/SC driver to build with pcsc-lite >= 1.6.2 +* Build script for a binary Mac OS X installer for 10.5 and 10.6 systems. + Binary installer includes OpenSC.tokend for platform integration. + 10.6 installer includes engine_pkcs11. * Modify Rutoken S binary interfaces by Aktiv Co. -* Muscle driver fixed (acl reading issue) -* Many small fixes (e.g. mem leaks) -* Compiling with openssl 1.0.0-beta fixed - +* Support GOST R 34.10-2001 and GOST R 34.11-94 by Aktiv Co. +* CardOS driver now emulates sign on rsa keys with sign+decrypt usage + with padding and decrypt(). This is compatible with old cards and + card initialized by Siemens software. Removed "--split-key" option, + as it is no longer needed. +* Improved debugging support: debug level 3 will show everything + except of ASN1 and card matching debugging (usualy not needed). +* Massive changes to libopensc. This library is now internal, only + used by opensc-pkcs11.so and command line tools. Header files are + no longer installed, library should not be used by other applications. + Please use generic PKCS#11 interface instead. +* #include file statements cleaned up: first include "config.h", then + system headers, then additional libraries, then headers in opensc + (but from other directories), then header files from same directory. + Fix path to reference headers, remove src/include/ directory. +* Various source code fixes and improvements. +* OpenSC now depends on xsltproc utility and docbook-xsl to build docs and man +* Remove iconv dependency. EstEID driver now uses the commonName from the + certificate for card label. +* Possibility to change the default behavior for card resets via + opensc.conf. + New in 0.11.12; 2009-12-18; Andreas Jellinghaus * Document integer problem in OpenSC and implement workaround * Improve entersafe profile to support private data objects -New in 0.11.11; 2009-10-26; Andreas Jellinghaus -* Now again compatible with OpenSSL 0.9.7 and OpenSSL 1.0.0 -* A few warnings and minor bugs were fixed -* Updated myeid driver by Aventra - -New in 0.11.10; 2009-10-20; Andreas Jellinghaus -* New westcos driver by François Leblanc -* Initial support for MyEid card (Aventra) -* GOST algorithm supported by Rutoken driver (Aleksey Samsonov) - New in 0.11.9; 2009-07-29; Andreas Jellinghaus * New rutoken_ecp driver by Aktiv Co. / Aleksey Samsonov * Allow more keys/certificates/files etc. with entersafe tokens diff -Nru opensc-0.11.13/packaged opensc-0.12.1/packaged --- opensc-0.11.13/packaged 2010-02-16 09:35:26.000000000 +0000 +++ opensc-0.12.1/packaged 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ - diff -Nru opensc-0.11.13/README opensc-0.12.1/README --- opensc-0.11.13/README 2006-01-22 22:27:41.000000000 +0000 +++ opensc-0.12.1/README 2011-05-17 17:07:00.000000000 +0000 @@ -1,39 +1,4 @@ -OpenSC documentation is now maintained in our online wiki at +OpenSC documentation wiki is available online at http://www.opensc-project.org/opensc/ -and a copy in html format is provided in the doc/ directory -with all releases or snapshots of OpenSC in tar.gz files. -Please take a look at the documentation before trying to -install OpenSC. Most important are the pages - - OverView -A short introduction what OpenSC is and how it fits into the big picture. - - WhatsNew -What is new, what has changed since the last major release? -Also see this section for a list of incompatibilities. - -Short list: libopensc is now version 2.0.0, i.e. you need to -recompile applications using opensc. And all libraries and -the opensc-pkcs11.so module moved from lib/pkcs11/ or lib/opensc/ -to simply lib/. That fixes a number of problems, but you might -need to change some configuration. - - OperatingSystems -What your operating system needs to have for OpenSC to work. - - CompilingInstalling -How to compile and install OpenSC yourself. - - QuickStart -installation and basic steps to initialize a blank smart card. - - UsingOpensc -options when using OpenSC. - - -Also check the specific pages of the smart cards or crypto tokens you want -to use. If you have any trouble the MailingLists page will tell you how -to contact us for help. - -Regards, the OpenSC Team. +Please take a look at the documentation before trying to use OpenSC. diff -Nru opensc-0.11.13/solaris/Makefile opensc-0.12.1/solaris/Makefile --- opensc-0.11.13/solaris/Makefile 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/solaris/Makefile 2011-05-17 17:07:00.000000000 +0000 @@ -6,14 +6,14 @@ CONFIGURE=${CONFIGURE_PREFIX}/configure CONFIGURE_ARGS=--prefix=/usr --sysconfdir=/etc/opensc --mandir=/usr/share/man --enable-pcsc --enable-openct CONFIG_GUESS=${CONFIGURE_PREFIX}/config.guess -UNAME_ARCH=/sbin/uname -p +UNAME_ARCH=/usr/bin/uname -p PLATFORM = $(CONFIG_GUESS:sh) ARCH = $(UNAME_ARCH:sh) build: @echo "Setup platform specific build directory build-${PLATFORM}" mkdir -p build-${PLATFORM} - ( cd build-${PLATFORM}; CC=cc ${CONFIGURE} ${CONFIGURE_ARGS}; make ) + ( cd build-${PLATFORM}; CC=cc PCSC_CFLAGS=-I/usr/include/smartcard ${CONFIGURE} ${CONFIGURE_ARGS}; make ) dist: @echo "Setup platform specific dist directory dist-${PLATFORM}" diff -Nru opensc-0.11.13/solaris/proto opensc-0.12.1/solaris/proto --- opensc-0.11.13/solaris/proto 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/solaris/proto 2011-05-17 17:07:00.000000000 +0000 @@ -92,7 +92,6 @@ f none usr/include/opensc/scconf.h 0644 root bin f none usr/include/opensc/opensc.h 0644 root bin f none usr/include/opensc/pkcs15.h 0644 root bin -f none usr/include/opensc/emv.h 0644 root bin f none usr/include/opensc/cardctl.h 0644 root bin f none usr/include/opensc/asn1.h 0644 root bin f none usr/include/opensc/log.h 0644 root bin diff -Nru opensc-0.11.13/src/common/compat_getopt.c opensc-0.12.1/src/common/compat_getopt.c --- opensc-0.11.13/src/common/compat_getopt.c 2009-12-13 09:14:27.000000000 +0000 +++ opensc-0.12.1/src/common/compat_getopt.c 2011-05-17 17:07:00.000000000 +0000 @@ -23,16 +23,15 @@ * DEALINGS IN THE SOFTWARE. */ -#ifdef HAVE_CONFIG_H #include "config.h" -#endif -#ifndef HAVE_GETOPT_H +#if ! ( defined(HAVE_GETOPT_H) && defined(HAVE_GETOPT_LONG) && defined(HAVE_GETOPT_LONG_ONLY) ) #include #include #include #include + #include "compat_getopt.h" int my_optind=1, my_opterr=1, my_optopt=0; diff -Nru opensc-0.11.13/src/common/compat_getopt.h opensc-0.12.1/src/common/compat_getopt.h --- opensc-0.11.13/src/common/compat_getopt.h 2009-12-13 09:14:27.000000000 +0000 +++ opensc-0.12.1/src/common/compat_getopt.h 2011-05-17 17:07:00.000000000 +0000 @@ -30,10 +30,13 @@ #include "config.h" #endif -#ifdef HAVE_GETOPT_H +#if defined(HAVE_GETOPT_H) && defined(HAVE_GETOPT_LONG) && defined(HAVE_GETOPT_LONG_ONLY) #include #else +/* Prevent mingw32 from including an incompatible getopt implementation */ +#define __GETOPT_H__ + #ifdef __cplusplus extern "C" { #endif @@ -83,6 +86,6 @@ } #endif -#endif /* HAVE_GETOPT_H */ +#endif /* HAVE_GETOPT_H && HAVE_GETOPT_LONG && HAVE_GETOPT_LONG_ONLY */ #endif /* MY_GETOPT_H_INCLUDED */ diff -Nru opensc-0.11.13/src/common/compat_getopt_main.c opensc-0.12.1/src/common/compat_getopt_main.c --- opensc-0.11.13/src/common/compat_getopt_main.c 2009-12-13 09:14:27.000000000 +0000 +++ opensc-0.12.1/src/common/compat_getopt_main.c 2011-05-17 17:07:00.000000000 +0000 @@ -4,9 +4,6 @@ * This program is in the public domain. */ -#define VERSION \ -"0.3" - #define COPYRIGHT \ "This program is in the public domain." @@ -17,7 +14,10 @@ #include /* for my getopt() re-implementation */ -#include "getopt.h" +#include "compat_getopt.h" + +#undef VERSION +#define VERSION "0.3" /* the default verbosity level is 0 (no verbose reporting) */ static unsigned verbose = 0; @@ -74,8 +74,8 @@ /* input file handler -- returns nonzero or exit()s on failure */ static int handle(char *progname, - FILE *infile, char *infilename, - FILE *outfile, char *outfilename, + FILE *infile, const char *infilename, + FILE *outfile, const char *outfilename, int rotate) { int c; @@ -119,8 +119,7 @@ { fprintf(stderr, "%s: %lu bytes copied from `%s' to `%s'\n", - (unsigned long) progname, bytes_copied, infilename, - outfilename); + progname, bytes_copied, infilename, outfilename); } return 0; } @@ -134,7 +133,7 @@ /* during argument parsing, opt contains the return value from getopt() */ int opt; /* the output filename is initially 0 (a.k.a. stdout) */ - char *outfilename = 0; + const char *outfilename = 0; /* the default return value is initially 0 (success) */ int retval = 0; /* initially we truncate */ @@ -143,7 +142,7 @@ int rotate = 0; /* short options string */ - char *shortopts = "Vho:r::v::"; + const char *shortopts = "Vho:r::v::"; /* long options list */ struct option longopts[] = { @@ -327,7 +326,7 @@ for (argindex = optind; argindex < argc; argindex ++) { - char *infilename = argv[argindex]; + const char *infilename = argv[argindex]; FILE *infile; /* we allow "-" as a synonym for stdin here */ diff -Nru opensc-0.11.13/src/common/compat_getpass.c opensc-0.12.1/src/common/compat_getpass.c --- opensc-0.11.13/src/common/compat_getpass.c 2009-12-13 09:14:27.000000000 +0000 +++ opensc-0.12.1/src/common/compat_getpass.c 2011-05-17 17:07:00.000000000 +0000 @@ -1,9 +1,10 @@ -#ifdef HAVE_CONFIG_H -#include -#endif -#ifndef HAVE_GETPASS +#include "config.h" + +#ifndef HAVE_GETPASS /* empty file if getpass is available */ #include + #include "compat_getpass.h" + #ifdef _WIN32 char *getpass(const char *prompt) { @@ -24,4 +25,4 @@ #else #error Need getpass implementation #endif -#endif +#endif /* HAVE_GETPASS */ diff -Nru opensc-0.11.13/src/common/compat_strlcat.c opensc-0.12.1/src/common/compat_strlcat.c --- opensc-0.11.13/src/common/compat_strlcat.c 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/common/compat_strlcat.c 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,73 @@ +/* $OpenBSD: strlcat.c,v 1.2 1999/06/17 16:28:58 millert Exp $ */ + +/*- + * Copyright (c) 1998 Todd C. Miller + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL + * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; + * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" + +#ifndef HAVE_STRLCAT +#include +#include + +#include "compat_strlcat.h" + +/* + * Appends src to string dst of size siz (unlike strncat, siz is the + * full size of dst, not space left). At most siz-1 characters + * will be copied. Always NUL terminates (unless siz <= strlen(dst)). + * Returns strlen(src) + MIN(siz, strlen(initial dst)). + * If retval >= siz, truncation occurred. + */ +size_t +strlcat(char *dst, const char *src, size_t siz) +{ + char *d = dst; + const char *s = src; + size_t n = siz; + size_t dlen; + + /* Find the end of dst and adjust bytes left but don't go past end */ + while (n-- != 0 && *d != '\0') + d++; + dlen = d - dst; + n = siz - dlen; + + if (n == 0) + return(dlen + strlen(s)); + while (*s != '\0') { + if (n != 1) { + *d++ = *s; + n--; + } + s++; + } + *d = '\0'; + + return(dlen + (s - src)); /* count does not include NUL */ +} +#endif + diff -Nru opensc-0.11.13/src/common/compat_strlcat.h opensc-0.12.1/src/common/compat_strlcat.h --- opensc-0.11.13/src/common/compat_strlcat.h 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/common/compat_strlcat.h 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,8 @@ +/** + * @file + * @brief prototypes of strlcpy()/strlcat() imported from OpenBSD + */ + +#ifndef HAVE_STRLCAT +size_t strlcat(char *dst, const char *src, size_t siz); +#endif diff -Nru opensc-0.11.13/src/common/compat_strlcpy.c opensc-0.12.1/src/common/compat_strlcpy.c --- opensc-0.11.13/src/common/compat_strlcpy.c 2009-12-13 09:14:27.000000000 +0000 +++ opensc-0.12.1/src/common/compat_strlcpy.c 2011-05-17 17:07:00.000000000 +0000 @@ -17,8 +17,8 @@ */ #include "config.h" -#ifndef HAVE_STRLCPY +#ifndef HAVE_STRLCPY /* empty file if strlcpy is available */ #include #include @@ -55,4 +55,4 @@ return(s - src - 1); /* count does not include NUL */ } -#endif +#endif /* HAVE_STRLCPY */ diff -Nru opensc-0.11.13/src/common/libpkcs11.c opensc-0.12.1/src/common/libpkcs11.c --- opensc-0.11.13/src/common/libpkcs11.c 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/common/libpkcs11.c 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,87 @@ +/* + * Convenience pkcs11 library that can be linked into an application, + * and will bind to a specific pkcs11 module. + * + * Copyright (C) 2002 Olaf Kirch + */ + +#include "config.h" + +#include +#include +#include +#ifdef HAVE_LTDL_H +#include +#endif + +#include "pkcs11/pkcs11.h" + +#include "common/libscdl.h" +#include "common/libpkcs11.h" + +#define MAGIC 0xd00bed00 + +struct sc_pkcs11_module { + unsigned int _magic; + void *handle; +}; +typedef struct sc_pkcs11_module sc_pkcs11_module_t; + +/* + * Load a module - this will load the shared object, call + * C_Initialize, and get the list of function pointers + */ +void * +C_LoadModule(const char *mspec, CK_FUNCTION_LIST_PTR_PTR funcs) +{ + sc_pkcs11_module_t *mod; + CK_RV rv, (*c_get_function_list)(CK_FUNCTION_LIST_PTR_PTR); +#ifdef HAVE_LTDL_H + lt_dlinit(); +#endif + mod = calloc(1, sizeof(*mod)); + mod->_magic = MAGIC; + + if (mspec == NULL) + return NULL; + mod->handle = sc_dlopen(mspec); + if (mod->handle == NULL) { + fprintf(stderr, "sc_dlopen failed: %s\n", sc_dlerror()); + goto failed; + } + + /* Get the list of function pointers */ + c_get_function_list = (CK_RV (*)(CK_FUNCTION_LIST_PTR_PTR)) + sc_dlsym(mod->handle, "C_GetFunctionList"); + if (!c_get_function_list) + goto failed; + rv = c_get_function_list(funcs); + if (rv == CKR_OK) + return (void *) mod; + else + fprintf(stderr, "C_GetFunctionList failed %lx", rv); +failed: + C_UnloadModule((void *) mod); + return NULL; +} + +/* + * Unload a pkcs11 module. + * The calling application is responsible for cleaning up + * and calling C_Finalize + */ +CK_RV +C_UnloadModule(void *module) +{ + sc_pkcs11_module_t *mod = (sc_pkcs11_module_t *) module; + + if (!mod || mod->_magic != MAGIC) + return CKR_ARGUMENTS_BAD; + + if (sc_dlclose(mod->handle) < 0) + return CKR_FUNCTION_FAILED; + + memset(mod, 0, sizeof(*mod)); + free(mod); + return CKR_OK; +} diff -Nru opensc-0.11.13/src/common/libpkcs11.h opensc-0.12.1/src/common/libpkcs11.h --- opensc-0.11.13/src/common/libpkcs11.h 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/common/libpkcs11.h 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,22 @@ +/* + * libpkcs11.h: Function definitions for the PKCS#11 module loading minilibrary + * + * Copyright (C) 2010 Martin Paljak + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +void *C_LoadModule(const char *name, CK_FUNCTION_LIST_PTR_PTR); +CK_RV C_UnloadModule(void *module); diff -Nru opensc-0.11.13/src/common/libscdl.c opensc-0.12.1/src/common/libscdl.c --- opensc-0.11.13/src/common/libscdl.c 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/common/libscdl.c 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,119 @@ +/* + * libscdl.c: wrappers for dlfcn() interfaces + * + * Copyright (C) 2010 Martin Paljak + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#include "config.h" + +#include "libscdl.h" + +#ifdef HAVE_LTDL_H +#include +/* libltdl is present, pass all calls to it */ + +void *sc_dlopen(const char *filename) +{ + return (void *)lt_dlopen(filename); +} + +void *sc_dlsym(void *handle, const char *symbol) +{ + return lt_dlsym((lt_dlhandle)handle, symbol); +} + +const char *sc_dlerror(void) +{ + return lt_dlerror(); +} + +int sc_dlclose(void *handle) +{ + return lt_dlclose((lt_dlhandle)handle); +} + +#else +/* Small wrappers for native functions, bypassing libltdl */ +#ifdef _WIN32 +/* Use Windows calls */ +void *sc_dlopen(const char *filename) +{ + return (void *)LoadLibrary(filename); +} + +void *sc_dlsym(void *handle, const char *symbol) +{ + return GetProcAddress(handle, symbol); +} + +const char *sc_dlerror() +{ + return "LoadLibrary/GetProcAddress failed"; +} + +int sc_dlclose(void *handle) +{ + return FreeLibrary(handle); +} + +#elif defined(HAVE_DLFCN_H) +#include +/* Use native interfaces */ +void *sc_dlopen(const char *filename) +{ + return (void *)dlopen(filename, RTLD_LAZY); +} + +void *sc_dlsym(void *handle, const char *symbol) +{ + return dlsym(handle, symbol); +} + +const char *sc_dlerror() +{ + return dlerror(); +} + +int sc_dlclose(void *handle) +{ + return dlclose(handle); +} + +#else +/* Dynamic loading is not available */ +void *sc_dlopen(const char *filename) +{ + return NULL; +} + +void *sc_dlsym(void *handle, const char *symbol) +{ + return NULL; +} + +const char *sc_dlerror() +{ + return "dlopen() functionality not available"; +} + +int sc_dlclose(void *handle) +{ + return 0; +} + +#endif +#endif diff -Nru opensc-0.11.13/src/common/libscdl.h opensc-0.12.1/src/common/libscdl.h --- opensc-0.11.13/src/common/libscdl.h 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/common/libscdl.h 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,24 @@ +/* + * libscdl.h: Function definitions for the dynamic loading minilibrary. + * + * Copyright (C) 2010 Martin Paljak + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +void *sc_dlopen(const char *filename); +void *sc_dlsym(void *handle, const char *symbol); +int sc_dlclose(void *handle); +const char *sc_dlerror(void); diff -Nru opensc-0.11.13/src/common/Makefile.am opensc-0.12.1/src/common/Makefile.am --- opensc-0.11.13/src/common/Makefile.am 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/common/Makefile.am 2011-05-17 17:07:00.000000000 +0000 @@ -1,15 +1,28 @@ MAINTAINERCLEANFILES = $(srcdir)/Makefile.in EXTRA_DIST = Makefile.mak -noinst_LTLIBRARIES = libcompat.la +noinst_LTLIBRARIES = libcompat.la libpkcs11.la libscdl.la +noinst_PROGRAMS = compat_getopt_main dist_noinst_DATA = \ README.compat_getopt ChangeLog.compat_getopt \ LICENSE.compat_getopt compat_getopt.txt \ compat_getopt_main.c \ README.compat_strlcpy compat_strlcpy.3 +AM_CFLAGS = $(LTLIB_CFLAGS) +INCLUDES = -I$(top_srcdir)/src + libcompat_la_SOURCES = \ compat_dummy.c \ + compat_strlcat.h compat_strlcat.c \ compat_strlcpy.h compat_strlcpy.c \ compat_getpass.h compat_getpass.c \ - compat_getopt.h compat_getopt.c + compat_getopt.h compat_getopt.c \ + simclist.c simclist.h libscdl.c + +compat_getopt_main_LDADD = libcompat.la + +libpkcs11_la_SOURCES = libpkcs11.c libpkcs11.h +libpkcs11_la_LIBADD = libscdl.la + +libscdl_la_SOURCES = libscdl.c libscdl.h diff -Nru opensc-0.11.13/src/common/Makefile.in opensc-0.12.1/src/common/Makefile.in --- opensc-0.11.13/src/common/Makefile.in 2010-02-16 09:32:18.000000000 +0000 +++ opensc-0.12.1/src/common/Makefile.in 2011-05-18 05:51:48.000000000 +0000 @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,7 @@ @SET_MAKE@ + VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ @@ -35,15 +36,15 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ +noinst_PROGRAMS = compat_getopt_main$(EXEEXT) subdir = src/common DIST_COMMON = $(dist_noinst_DATA) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/acx_pthread.m4 \ - $(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.ac + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d @@ -52,9 +53,20 @@ CONFIG_CLEAN_VPATH_FILES = LTLIBRARIES = $(noinst_LTLIBRARIES) libcompat_la_LIBADD = -am_libcompat_la_OBJECTS = compat_dummy.lo compat_strlcpy.lo \ - compat_getpass.lo compat_getopt.lo +am_libcompat_la_OBJECTS = compat_dummy.lo compat_strlcat.lo \ + compat_strlcpy.lo compat_getpass.lo compat_getopt.lo \ + simclist.lo libscdl.lo libcompat_la_OBJECTS = $(am_libcompat_la_OBJECTS) +libpkcs11_la_DEPENDENCIES = libscdl.la +am_libpkcs11_la_OBJECTS = libpkcs11.lo +libpkcs11_la_OBJECTS = $(am_libpkcs11_la_OBJECTS) +libscdl_la_LIBADD = +am_libscdl_la_OBJECTS = libscdl.lo +libscdl_la_OBJECTS = $(am_libscdl_la_OBJECTS) +PROGRAMS = $(noinst_PROGRAMS) +compat_getopt_main_SOURCES = compat_getopt_main.c +compat_getopt_main_OBJECTS = compat_getopt_main.$(OBJEXT) +compat_getopt_main_DEPENDENCIES = libcompat.la DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -68,8 +80,10 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ -SOURCES = $(libcompat_la_SOURCES) -DIST_SOURCES = $(libcompat_la_SOURCES) +SOURCES = $(libcompat_la_SOURCES) $(libpkcs11_la_SOURCES) \ + $(libscdl_la_SOURCES) compat_getopt_main.c +DIST_SOURCES = $(libcompat_la_SOURCES) $(libpkcs11_la_SOURCES) \ + $(libscdl_la_SOURCES) compat_getopt_main.c DATA = $(dist_noinst_DATA) ETAGS = etags CTAGS = ctags @@ -101,8 +115,6 @@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ -ICONV_CFLAGS = @ICONV_CFLAGS@ -ICONV_LIBS = @ICONV_LIBS@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ @@ -110,10 +122,8 @@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LD = @LD@ LDFLAGS = @LDFLAGS@ -LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@ -LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@ -LIBASSUAN_LIBS = @LIBASSUAN_LIBS@ LIBOBJS = @LIBOBJS@ +LIBRARY_BITNESS = @LIBRARY_BITNESS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ @@ -138,8 +148,6 @@ OPENSC_VERSION_MINOR = @OPENSC_VERSION_MINOR@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ -OPTIONAL_ICONV_CFLAGS = @OPTIONAL_ICONV_CFLAGS@ -OPTIONAL_ICONV_LIBS = @OPTIONAL_ICONV_LIBS@ OPTIONAL_OPENCT_CFLAGS = @OPTIONAL_OPENCT_CFLAGS@ OPTIONAL_OPENCT_LIBS = @OPTIONAL_OPENCT_LIBS@ OPTIONAL_OPENSSL_CFLAGS = @OPTIONAL_OPENSSL_CFLAGS@ @@ -162,6 +170,8 @@ PCSC_CFLAGS = @PCSC_CFLAGS@ PCSC_LIBS = @PCSC_LIBS@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ @@ -174,10 +184,7 @@ SHELL = @SHELL@ STRIP = @STRIP@ SVN = @SVN@ -TR = @TR@ VERSION = @VERSION@ -WGET = @WGET@ -WGET_OPTS = @WGET_OPTS@ WIN_LIBPREFIX = @WIN_LIBPREFIX@ XSLTPROC = @XSLTPROC@ ZLIB_CFLAGS = @ZLIB_CFLAGS@ @@ -223,11 +230,8 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ -openscincludedir = @openscincludedir@ pdfdir = @pdfdir@ pkcs11dir = @pkcs11dir@ -pkgconfigdir = @pkgconfigdir@ -plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -242,19 +246,27 @@ xslstylesheetsdir = @xslstylesheetsdir@ MAINTAINERCLEANFILES = $(srcdir)/Makefile.in EXTRA_DIST = Makefile.mak -noinst_LTLIBRARIES = libcompat.la +noinst_LTLIBRARIES = libcompat.la libpkcs11.la libscdl.la dist_noinst_DATA = \ README.compat_getopt ChangeLog.compat_getopt \ LICENSE.compat_getopt compat_getopt.txt \ compat_getopt_main.c \ README.compat_strlcpy compat_strlcpy.3 +AM_CFLAGS = $(LTLIB_CFLAGS) +INCLUDES = -I$(top_srcdir)/src libcompat_la_SOURCES = \ compat_dummy.c \ + compat_strlcat.h compat_strlcat.c \ compat_strlcpy.h compat_strlcpy.c \ compat_getpass.h compat_getpass.c \ - compat_getopt.h compat_getopt.c + compat_getopt.h compat_getopt.c \ + simclist.c simclist.h libscdl.c +compat_getopt_main_LDADD = libcompat.la +libpkcs11_la_SOURCES = libpkcs11.c libpkcs11.h +libpkcs11_la_LIBADD = libscdl.la +libscdl_la_SOURCES = libscdl.c libscdl.h all: all-am .SUFFIXES: @@ -268,9 +280,9 @@ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/common/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/common/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/common/Makefile + $(AUTOMAKE) --foreign src/common/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -300,6 +312,22 @@ done libcompat.la: $(libcompat_la_OBJECTS) $(libcompat_la_DEPENDENCIES) $(LINK) $(libcompat_la_OBJECTS) $(libcompat_la_LIBADD) $(LIBS) +libpkcs11.la: $(libpkcs11_la_OBJECTS) $(libpkcs11_la_DEPENDENCIES) + $(LINK) $(libpkcs11_la_OBJECTS) $(libpkcs11_la_LIBADD) $(LIBS) +libscdl.la: $(libscdl_la_OBJECTS) $(libscdl_la_DEPENDENCIES) + $(LINK) $(libscdl_la_OBJECTS) $(libscdl_la_LIBADD) $(LIBS) + +clean-noinstPROGRAMS: + @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +compat_getopt_main$(EXEEXT): $(compat_getopt_main_OBJECTS) $(compat_getopt_main_DEPENDENCIES) + @rm -f compat_getopt_main$(EXEEXT) + $(LINK) $(compat_getopt_main_OBJECTS) $(compat_getopt_main_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -309,8 +337,13 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/compat_dummy.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/compat_getopt.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/compat_getopt_main.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/compat_getpass.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/compat_strlcat.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/compat_strlcpy.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpkcs11.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libscdl.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/simclist.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @@ -423,7 +456,7 @@ done check-am: all-am check: check-am -all-am: Makefile $(LTLIBRARIES) $(DATA) +all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(DATA) installdirs: install: install-am install-exec: install-exec-am @@ -454,7 +487,7 @@ clean: clean-am clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ - mostlyclean-am + clean-noinstPROGRAMS mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -525,17 +558,18 @@ .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-noinstLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-ps install-ps-am \ - install-strip installcheck installcheck-am installdirs \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ - pdf pdf-am ps ps-am tags uninstall uninstall-am + clean-libtool clean-noinstLTLIBRARIES clean-noinstPROGRAMS \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. diff -Nru opensc-0.11.13/src/common/Makefile.mak opensc-0.12.1/src/common/Makefile.mak --- opensc-0.11.13/src/common/Makefile.mak 2009-12-13 09:14:27.000000000 +0000 +++ opensc-0.12.1/src/common/Makefile.mak 2011-05-17 17:07:00.000000000 +0000 @@ -1,14 +1,17 @@ TOPDIR = ..\.. -HEADERS = compat_getpass.h compat_getopt.h compat_strlcpy.h -HEADERSDIR = $(TOPDIR)\src\include -TARGET = common.lib -OBJECTS = compat_getpass.obj compat_getopt.obj compat_strlcpy.obj +COMMON_OBJECTS = compat_getpass.obj compat_getopt.obj compat_strlcpy.obj compat_strlcat.obj simclist.obj -all: install-headers $(TARGET) +all: common.lib libpkcs11.lib libscdl.lib -$(TARGET): $(OBJECTS) - lib /nologo /machine:ix86 /out:$(TARGET) $(OBJECTS) +common.lib: $(COMMON_OBJECTS) + lib $(LIBFLAGS) /out:common.lib $(COMMON_OBJECTS) + +libpkcs11.lib: libpkcs11.obj libscdl.obj + lib $(LIBFLAGS) /out:libpkcs11.lib libpkcs11.obj libscdl.obj + +libscdl.lib: libscdl.obj + lib $(LIBFLAGS) /out:libscdl.lib libscdl.obj !INCLUDE $(TOPDIR)\win32\Make.rules.mak diff -Nru opensc-0.11.13/src/common/simclist.c opensc-0.12.1/src/common/simclist.c --- opensc-0.11.13/src/common/simclist.c 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/common/simclist.c 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,1488 @@ +/* + * Copyright (c) 2007,2008,2009,2010 Mij + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + + +/* + * SimCList library. See http://mij.oltrelinux.com/devel/simclist + */ + +/* SimCList implementation, version 1.5, with local modifications */ + +#include +#include +#include /* for setting errno */ +#include +#if !defined(_WIN32) +#include /* for htons() */ +#include +#include /* for gettimeofday() */ +#include +#else +#include +#endif +#ifdef SIMCLIST_DUMPRESTORE +#ifndef _WIN32 +#include /* for READ_ERRCHECK() and write() */ +#endif +#include /* for open() etc */ +#endif +#include /* for time() for random seed */ +#include /* for open()'s access modes S_IRUSR etc */ +#include + + +#ifdef SIMCLIST_DUMPRESTORE +/* convert 64bit integers from host to network format */ +#define hton64(x) (\ + htons(1) == 1 ? \ + (uint64_t)x /* big endian */ \ + : /* little endian */ \ + ((uint64_t)((((uint64_t)(x) & 0xff00000000000000ULL) >> 56) | \ + (((uint64_t)(x) & 0x00ff000000000000ULL) >> 40) | \ + (((uint64_t)(x) & 0x0000ff0000000000ULL) >> 24) | \ + (((uint64_t)(x) & 0x000000ff00000000ULL) >> 8) | \ + (((uint64_t)(x) & 0x00000000ff000000ULL) << 8) | \ + (((uint64_t)(x) & 0x0000000000ff0000ULL) << 24) | \ + (((uint64_t)(x) & 0x000000000000ff00ULL) << 40) | \ + (((uint64_t)(x) & 0x00000000000000ffULL) << 56))) \ + ) + +/* convert 64bit integers from network to host format */ +#define ntoh64(x) (hton64(x)) +#endif + +/* some OSes don't have EPROTO (eg OpenBSD) */ +#ifndef EPROTO +#define EPROTO EIO +#endif + +/* disable asserts */ +#ifndef SIMCLIST_DEBUG +#define NDEBUG +#endif + +#include + +#ifdef SIMCLIST_WITH_THREADS +/* limit (approx) to the number of threads running + * for threaded operations. Only meant when + * SIMCLIST_WITH_THREADS is defined */ +#define SIMCLIST_MAXTHREADS 2 +#endif + +/* + * how many elems to keep as spare. During a deletion, an element + * can be saved in a "free-list", not free()d immediately. When + * latter insertions are performed, spare elems can be used instead + * of malloc()ing new elems. + * + * about this param, some values for appending + * 10 million elems into an empty list: + * (#, time[sec], gain[%], gain/no[%]) + * 0 2,164 0,00 0,00 <-- feature disabled + * 1 1,815 34,9 34,9 + * 2 1,446 71,8 35,9 <-- MAX gain/no + * 3 1,347 81,7 27,23 + * 5 1,213 95,1 19,02 + * 8 1,064 110,0 13,75 + * 10 1,015 114,9 11,49 <-- MAX gain w/ likely sol + * 15 1,019 114,5 7,63 + * 25 0,985 117,9 4,72 + * 50 1,088 107,6 2,15 + * 75 1,016 114,8 1,53 + * 100 0,988 117,6 1,18 + * 150 1,022 114,2 0,76 + * 200 0,939 122,5 0,61 <-- MIN time + */ +#ifndef SIMCLIST_MAX_SPARE_ELEMS +#define SIMCLIST_MAX_SPARE_ELEMS 5 +#endif + + +#ifdef SIMCLIST_WITH_THREADS +#include +#endif + +#include "simclist.h" + + +/* minumum number of elements for sorting with quicksort instead of insertion */ +#define SIMCLIST_MINQUICKSORTELS 24 + + +/* list dump declarations */ +#define SIMCLIST_DUMPFORMAT_VERSION 1 /* (short integer) version of fileformat managed by _dump* and _restore* functions */ + +#define SIMCLIST_DUMPFORMAT_HEADERLEN 30 /* length of the header */ + +/* header for a list dump */ +struct list_dump_header_s { + uint16_t ver; /* version */ + int64_t timestamp; /* dump timestamp */ + int32_t rndterm; /* random value terminator -- terminates the data sequence */ + + uint32_t totlistlen; /* sum of every element' size, bytes */ + uint32_t numels; /* number of elements */ + uint32_t elemlen; /* bytes length of an element, for constant-size lists, <= 0 otherwise */ + int32_t listhash; /* hash of the list at the time of dumping, or 0 if to be ignored */ +}; + + + +/* deletes tmp from list, with care wrt its position (head, tail, middle) */ +static int list_drop_elem(list_t *restrict l, struct list_entry_s *tmp, unsigned int pos); + +/* set default values for initialized lists */ +static int list_attributes_setdefaults(list_t *restrict l); + +#ifndef NDEBUG +/* check whether the list internal REPresentation is valid -- Costs O(n) */ +static int list_repOk(const list_t *restrict l); + +/* check whether the list attribute set is valid -- Costs O(1) */ +static int list_attrOk(const list_t *restrict l); +#endif + +/* do not inline, this is recursive */ +static void list_sort_quicksort(list_t *restrict l, int versus, + unsigned int first, struct list_entry_s *fel, + unsigned int last, struct list_entry_s *lel); + +static inline void list_sort_selectionsort(list_t *restrict l, int versus, + unsigned int first, struct list_entry_s *fel, + unsigned int last, struct list_entry_s *lel); + +static void *list_get_minmax(const list_t *restrict l, int versus); + +static inline struct list_entry_s *list_findpos(const list_t *restrict l, int posstart); + +#ifdef SIMCLIST_DUMPRESTORE +/* write() decorated with error checking logic */ +#define WRITE_ERRCHECK(fd, msgbuf, msglen) do { \ + if (write(fd, msgbuf, msglen) < 0) return -1; \ + } while (0); +/* READ_ERRCHECK() decorated with error checking logic */ +#define READ_ERRCHECK(fd, msgbuf, msglen) do { \ + if (read(fd, msgbuf, msglen) != msglen) { \ + /*errno = EPROTO;*/ \ + return -1; \ + } \ + } while (0); +#endif + +/* + * Random Number Generator + * + * The user is expected to seed the RNG (ie call srand()) if + * SIMCLIST_SYSTEM_RNG is defined. + * + * Otherwise, a self-contained RNG based on LCG is used; see + * http://en.wikipedia.org/wiki/Linear_congruential_generator . + * + * Facts pro local RNG: + * 1. no need for the user to call srand() on his own + * 2. very fast, possibly faster than OS + * 3. avoid interference with user's RNG + * + * Facts pro system RNG: + * 1. may be more accurate (irrelevant for SimCList randno purposes) + * 2. why reinvent the wheel + * + * Default to local RNG for user's ease of use. + */ + +#ifdef SIMCLIST_SYSTEM_RNG +/* keep track whether we initialized already (non-0) or not (0) */ +static unsigned random_seed = 0; + +/* use local RNG */ +static inline void seed_random() { + if (random_seed == 0) + random_seed = (unsigned)getpid() ^ (unsigned)time(NULL); +} + +static inline long get_random() { + random_seed = (1664525 * random_seed + 1013904223); + return random_seed; +} + +#else +/* use OS's random generator */ +# define seed_random() +# define get_random() (rand()) +#endif + + +/* list initialization */ +int list_init(list_t *restrict l) { + if (l == NULL) return -1; + + seed_random(); + + l->numels = 0; + + /* head/tail sentinels and mid pointer */ + l->head_sentinel = (struct list_entry_s *)malloc(sizeof(struct list_entry_s)); + l->tail_sentinel = (struct list_entry_s *)malloc(sizeof(struct list_entry_s)); + l->head_sentinel->next = l->tail_sentinel; + l->tail_sentinel->prev = l->head_sentinel; + l->head_sentinel->prev = l->tail_sentinel->next = l->mid = NULL; + l->head_sentinel->data = l->tail_sentinel->data = NULL; + + /* iteration attributes */ + l->iter_active = 0; + l->iter_pos = 0; + l->iter_curentry = NULL; + + /* free-list attributes */ + l->spareels = (struct list_entry_s **)malloc(SIMCLIST_MAX_SPARE_ELEMS * sizeof(struct list_entry_s *)); + l->spareelsnum = 0; + +#ifdef SIMCLIST_WITH_THREADS + l->threadcount = 0; +#endif + + list_attributes_setdefaults(l); + + assert(list_repOk(l)); + assert(list_attrOk(l)); + + return 0; +} + +void list_destroy(list_t *restrict l) { + unsigned int i; + + list_clear(l); + for (i = 0; i < l->spareelsnum; i++) { + free(l->spareels[i]); + } + free(l->spareels); + free(l->head_sentinel); + free(l->tail_sentinel); +} + +int list_attributes_setdefaults(list_t *restrict l) { + l->attrs.comparator = NULL; + l->attrs.seeker = NULL; + + /* also free() element data when removing and element from the list */ + l->attrs.meter = NULL; + l->attrs.copy_data = 0; + + l->attrs.hasher = NULL; + + /* serializer/unserializer */ + l->attrs.serializer = NULL; + l->attrs.unserializer = NULL; + + assert(list_attrOk(l)); + + return 0; +} + +/* setting list properties */ +int list_attributes_comparator(list_t *restrict l, element_comparator comparator_fun) { + if (l == NULL) return -1; + + l->attrs.comparator = comparator_fun; + + assert(list_attrOk(l)); + + return 0; +} + +int list_attributes_seeker(list_t *restrict l, element_seeker seeker_fun) { + if (l == NULL) return -1; + + l->attrs.seeker = seeker_fun; + assert(list_attrOk(l)); + + return 0; +} + +int list_attributes_copy(list_t *restrict l, element_meter metric_fun, int copy_data) { + if (l == NULL || (metric_fun == NULL && copy_data != 0)) return -1; + + l->attrs.meter = metric_fun; + l->attrs.copy_data = copy_data; + + assert(list_attrOk(l)); + + return 0; +} + +int list_attributes_hash_computer(list_t *restrict l, element_hash_computer hash_computer_fun) { + if (l == NULL) return -1; + + l->attrs.hasher = hash_computer_fun; + assert(list_attrOk(l)); + return 0; +} + +int list_attributes_serializer(list_t *restrict l, element_serializer serializer_fun) { + if (l == NULL) return -1; + + l->attrs.serializer = serializer_fun; + assert(list_attrOk(l)); + return 0; +} + +int list_attributes_unserializer(list_t *restrict l, element_unserializer unserializer_fun) { + if (l == NULL) return -1; + + l->attrs.unserializer = unserializer_fun; + assert(list_attrOk(l)); + return 0; +} + +int list_append(list_t *restrict l, const void *data) { + return list_insert_at(l, data, l->numels); +} + +int list_prepend(list_t *restrict l, const void *data) { + return list_insert_at(l, data, 0); +} + +void *list_fetch(list_t *restrict l) { + return list_extract_at(l, 0); +} + +void *list_get_at(const list_t *restrict l, unsigned int pos) { + struct list_entry_s *tmp; + + tmp = list_findpos(l, pos); + + return (tmp != NULL ? tmp->data : NULL); +} + +void *list_get_max(const list_t *restrict l) { + return list_get_minmax(l, +1); +} + +void *list_get_min(const list_t *restrict l) { + return list_get_minmax(l, -1); +} + +/* REQUIRES {list->numels >= 1} + * return the min (versus < 0) or max value (v > 0) in l */ +static void *list_get_minmax(const list_t *restrict l, int versus) { + void *curminmax; + struct list_entry_s *s; + + if (l->attrs.comparator == NULL || l->numels == 0) + return NULL; + + curminmax = l->head_sentinel->next->data; + for (s = l->head_sentinel->next->next; s != l->tail_sentinel; s = s->next) { + if (l->attrs.comparator(curminmax, s->data) * versus > 0) + curminmax = s->data; + } + + return curminmax; +} + +/* set tmp to point to element at index posstart in l */ +static inline struct list_entry_s *list_findpos(const list_t *restrict l, int posstart) { + struct list_entry_s *ptr; + float x; + int i; + + /* accept 1 slot overflow for fetching head and tail sentinels */ + if (posstart < -1 || posstart > (int)l->numels) return NULL; + + x = (float)(posstart+1) / l->numels; + if (x <= 0.25) { + /* first quarter: get to posstart from head */ + for (i = -1, ptr = l->head_sentinel; i < posstart; ptr = ptr->next, i++); + } else if (x < 0.5) { + /* second quarter: get to posstart from mid */ + for (i = (l->numels-1)/2, ptr = l->mid; i > posstart; ptr = ptr->prev, i--); + } else if (x <= 0.75) { + /* third quarter: get to posstart from mid */ + for (i = (l->numels-1)/2, ptr = l->mid; i < posstart; ptr = ptr->next, i++); + } else { + /* fourth quarter: get to posstart from tail */ + for (i = l->numels, ptr = l->tail_sentinel; i > posstart; ptr = ptr->prev, i--); + } + + return ptr; +} + +void *list_extract_at(list_t *restrict l, unsigned int pos) { + struct list_entry_s *tmp; + void *data; + + if (l->iter_active || pos >= l->numels) return NULL; + + tmp = list_findpos(l, pos); + data = tmp->data; + + tmp->data = NULL; /* save data from list_drop_elem() free() */ + list_drop_elem(l, tmp, pos); + l->numels--; + + assert(list_repOk(l)); + + return data; +} + +int list_insert_at(list_t *restrict l, const void *data, unsigned int pos) { + struct list_entry_s *lent, *succ, *prec; + + if (l->iter_active || pos > l->numels) return -1; + + /* this code optimizes malloc() with a free-list */ + if (l->spareelsnum > 0) { + lent = l->spareels[l->spareelsnum-1]; + l->spareelsnum--; + } else { + lent = (struct list_entry_s *)malloc(sizeof(struct list_entry_s)); + if (lent == NULL) + return -1; + } + + if (l->attrs.copy_data) { + /* make room for user' data (has to be copied) */ + size_t datalen = l->attrs.meter(data); + lent->data = (struct list_entry_s *)malloc(datalen); + memcpy(lent->data, data, datalen); + } else { + lent->data = (void*)data; + } + + /* actually append element */ + prec = list_findpos(l, pos-1); + succ = prec->next; + + prec->next = lent; + lent->prev = prec; + lent->next = succ; + succ->prev = lent; + + l->numels++; + + /* fix mid pointer */ + if (l->numels == 1) { /* first element, set pointer */ + l->mid = lent; + } else if (l->numels % 2) { /* now odd */ + if (pos >= (l->numels-1)/2) l->mid = l->mid->next; + } else { /* now even */ + if (pos <= (l->numels-1)/2) l->mid = l->mid->prev; + } + + assert(list_repOk(l)); + + return 1; +} + +int list_delete(list_t *restrict l, const void *data) { + int pos, r; + + pos = list_locate(l, data); + if (pos < 0) + return -1; + + r = list_delete_at(l, pos); + if (r < 0) + return -1; + + assert(list_repOk(l)); + + return 0; +} + +int list_delete_at(list_t *restrict l, unsigned int pos) { + struct list_entry_s *delendo; + + + if (l->iter_active || pos >= l->numels) return -1; + + delendo = list_findpos(l, pos); + + list_drop_elem(l, delendo, pos); + + l->numels--; + + + assert(list_repOk(l)); + + return 0; +} + +int list_delete_range(list_t *restrict l, unsigned int posstart, unsigned int posend) { + struct list_entry_s *lastvalid, *tmp, *tmp2; + unsigned int i; + int movedx; + unsigned int numdel, midposafter; + + if (l->iter_active || posend < posstart || posend >= l->numels) return -1; + + tmp = list_findpos(l, posstart); /* first el to be deleted */ + lastvalid = tmp->prev; /* last valid element */ + + numdel = posend - posstart + 1; + midposafter = (l->numels-1-numdel)/2; + + midposafter = midposafter < posstart ? midposafter : midposafter+numdel; + movedx = midposafter - (l->numels-1)/2; + + if (movedx > 0) { /* move right */ + for (i = 0; i < (unsigned int)movedx; l->mid = l->mid->next, i++); + } else { /* move left */ + movedx = -movedx; + for (i = 0; i < (unsigned int)movedx; l->mid = l->mid->prev, i++); + } + + assert(posstart == 0 || lastvalid != l->head_sentinel); + i = posstart; + if (l->attrs.copy_data) { + /* also free element data */ + for (; i <= posend; i++) { + tmp2 = tmp; + tmp = tmp->next; + if (tmp2->data != NULL) free(tmp2->data); + if (l->spareelsnum < SIMCLIST_MAX_SPARE_ELEMS) { + l->spareels[l->spareelsnum++] = tmp2; + } else { + free(tmp2); + } + } + } else { + /* only free containers */ + for (; i <= posend; i++) { + tmp2 = tmp; + tmp = tmp->next; + if (l->spareelsnum < SIMCLIST_MAX_SPARE_ELEMS) { + l->spareels[l->spareelsnum++] = tmp2; + } else { + free(tmp2); + } + } + } + assert(i == posend+1 && (posend != l->numels || tmp == l->tail_sentinel)); + + lastvalid->next = tmp; + tmp->prev = lastvalid; + + l->numels -= posend - posstart + 1; + + assert(list_repOk(l)); + + return 0; +} + +int list_clear(list_t *restrict l) { + struct list_entry_s *s; + + if (l->iter_active) return -1; + + if (l->attrs.copy_data) { /* also free user data */ + /* spare a loop conditional with two loops: spareing elems and freeing elems */ + for (s = l->head_sentinel->next; l->spareelsnum < SIMCLIST_MAX_SPARE_ELEMS && s != l->tail_sentinel; s = s->next) { + /* move elements as spares as long as there is room */ + if (s->data != NULL) free(s->data); + l->spareels[l->spareelsnum++] = s; + } + while (s != l->tail_sentinel) { + /* free the remaining elems */ + if (s->data != NULL) free(s->data); + s = s->next; + free(s->prev); + } + l->head_sentinel->next = l->tail_sentinel; + l->tail_sentinel->prev = l->head_sentinel; + } else { /* only free element containers */ + /* spare a loop conditional with two loops: spareing elems and freeing elems */ + for (s = l->head_sentinel->next; l->spareelsnum < SIMCLIST_MAX_SPARE_ELEMS && s != l->tail_sentinel; s = s->next) { + /* move elements as spares as long as there is room */ + l->spareels[l->spareelsnum++] = s; + } + while (s != l->tail_sentinel) { + /* free the remaining elems */ + s = s->next; + free(s->prev); + } + l->head_sentinel->next = l->tail_sentinel; + l->tail_sentinel->prev = l->head_sentinel; + } + l->numels = 0; + l->mid = NULL; + + assert(list_repOk(l)); + + return 0; +} + +unsigned int list_size(const list_t *restrict l) { + return l->numels; +} + +int list_empty(const list_t *restrict l) { + return (l->numels == 0); +} + +int list_locate(const list_t *restrict l, const void *data) { + struct list_entry_s *el; + int pos = 0; + + if (l->attrs.comparator != NULL) { + /* use comparator */ + for (el = l->head_sentinel->next; el != l->tail_sentinel; el = el->next, pos++) { + if (l->attrs.comparator(data, el->data) == 0) break; + } + } else { + /* compare references */ + for (el = l->head_sentinel->next; el != l->tail_sentinel; el = el->next, pos++) { + if (el->data == data) break; + } + } + if (el == l->tail_sentinel) return -1; + + return pos; +} + +void *list_seek(list_t *restrict l, const void *indicator) { + const struct list_entry_s *iter; + + if (l->attrs.seeker == NULL) return NULL; + + for (iter = l->head_sentinel->next; iter != l->tail_sentinel; iter = iter->next) { + if (l->attrs.seeker(iter->data, indicator) != 0) return iter->data; + } + + return NULL; +} + +int list_contains(const list_t *restrict l, const void *data) { + return (list_locate(l, data) >= 0); +} + +int list_concat(const list_t *l1, const list_t *l2, list_t *restrict dest) { + struct list_entry_s *el, *srcel; + unsigned int cnt; + int err; + + + if (l1 == NULL || l2 == NULL || dest == NULL || l1 == dest || l2 == dest) + return -1; + + list_init(dest); + + dest->numels = l1->numels + l2->numels; + if (dest->numels == 0) + return 0; + + /* copy list1 */ + srcel = l1->head_sentinel->next; + el = dest->head_sentinel; + while (srcel != l1->tail_sentinel) { + el->next = (struct list_entry_s *)malloc(sizeof(struct list_entry_s)); + el->next->prev = el; + el = el->next; + el->data = srcel->data; + srcel = srcel->next; + } + dest->mid = el; /* approximate position (adjust later) */ + /* copy list 2 */ + srcel = l2->head_sentinel->next; + while (srcel != l2->tail_sentinel) { + el->next = (struct list_entry_s *)malloc(sizeof(struct list_entry_s)); + el->next->prev = el; + el = el->next; + el->data = srcel->data; + srcel = srcel->next; + } + el->next = dest->tail_sentinel; + dest->tail_sentinel->prev = el; + + /* fix mid pointer */ + err = l2->numels - l1->numels; + if ((err+1)/2 > 0) { /* correct pos RIGHT (err-1)/2 moves */ + err = (err+1)/2; + for (cnt = 0; cnt < (unsigned int)err; cnt++) dest->mid = dest->mid->next; + } else if (err/2 < 0) { /* correct pos LEFT (err/2)-1 moves */ + err = -err/2; + for (cnt = 0; cnt < (unsigned int)err; cnt++) dest->mid = dest->mid->prev; + } + + assert(!(list_repOk(l1) && list_repOk(l2)) || list_repOk(dest)); + + return 0; +} + +int list_sort(list_t *restrict l, int versus) { + if (l->iter_active || l->attrs.comparator == NULL) /* cannot modify list in the middle of an iteration */ + return -1; + + if (l->numels <= 1) + return 0; + list_sort_quicksort(l, versus, 0, l->head_sentinel->next, l->numels-1, l->tail_sentinel->prev); + assert(list_repOk(l)); + return 0; +} + +#ifdef SIMCLIST_WITH_THREADS +struct list_sort_wrappedparams { + list_t *restrict l; + int versus; + unsigned int first, last; + struct list_entry_s *fel, *lel; +}; + +static void *list_sort_quicksort_threadwrapper(void *wrapped_params) { + struct list_sort_wrappedparams *wp = (struct list_sort_wrappedparams *)wrapped_params; + list_sort_quicksort(wp->l, wp->versus, wp->first, wp->fel, wp->last, wp->lel); + free(wp); + pthread_exit(NULL); + return NULL; +} +#endif + +static inline void list_sort_selectionsort(list_t *restrict l, int versus, + unsigned int first, struct list_entry_s *fel, + unsigned int last, struct list_entry_s *lel) { + struct list_entry_s *cursor, *toswap, *firstunsorted; + void *tmpdata; + + if (last <= first) /* <= 1-element lists are always sorted */ + return; + + for (firstunsorted = fel; firstunsorted != lel; firstunsorted = firstunsorted->next) { + /* find min or max in the remainder of the list */ + for (toswap = firstunsorted, cursor = firstunsorted->next; cursor != lel->next; cursor = cursor->next) + if (l->attrs.comparator(toswap->data, cursor->data) * -versus > 0) toswap = cursor; + if (toswap != firstunsorted) { /* swap firstunsorted with toswap */ + tmpdata = firstunsorted->data; + firstunsorted->data = toswap->data; + toswap->data = tmpdata; + } + } +} + +static void list_sort_quicksort(list_t *restrict l, int versus, + unsigned int first, struct list_entry_s *fel, + unsigned int last, struct list_entry_s *lel) { + unsigned int pivotid; + unsigned int i; + register struct list_entry_s *pivot; + struct list_entry_s *left, *right; + void *tmpdata; +#ifdef SIMCLIST_WITH_THREADS + pthread_t tid; + int traised; +#endif + + + if (last <= first) /* <= 1-element lists are always sorted */ + return; + + if (last - first+1 <= SIMCLIST_MINQUICKSORTELS) { + list_sort_selectionsort(l, versus, first, fel, last, lel); + return; + } + + /* base of iteration: one element list */ + if (! (last > first)) return; + + pivotid = (get_random() % (last - first + 1)); + /* pivotid = (last - first + 1) / 2; */ + + /* find pivot */ + if (pivotid < (last - first + 1)/2) { + for (i = 0, pivot = fel; i < pivotid; pivot = pivot->next, i++); + } else { + for (i = last - first, pivot = lel; i > pivotid; pivot = pivot->prev, i--); + } + + /* smaller PIVOT bigger */ + left = fel; + right = lel; + /* iterate --- left ---> PIV <--- right --- */ + while (left != pivot && right != pivot) { + for (; left != pivot && (l->attrs.comparator(left->data, pivot->data) * -versus <= 0); left = left->next); + /* left points to a smaller element, or to pivot */ + for (; right != pivot && (l->attrs.comparator(right->data, pivot->data) * -versus >= 0); right = right->prev); + /* right points to a bigger element, or to pivot */ + if (left != pivot && right != pivot) { + /* swap, then move iterators */ + tmpdata = left->data; + left->data = right->data; + right->data = tmpdata; + + left = left->next; + right = right->prev; + } + } + + /* now either left points to pivot (end run), or right */ + if (right == pivot) { /* left part longer */ + while (left != pivot) { + if (l->attrs.comparator(left->data, pivot->data) * -versus > 0) { + tmpdata = left->data; + left->data = pivot->prev->data; + pivot->prev->data = pivot->data; + pivot->data = tmpdata; + pivot = pivot->prev; + pivotid--; + if (pivot == left) break; + } else { + left = left->next; + } + } + } else { /* right part longer */ + while (right != pivot) { + if (l->attrs.comparator(right->data, pivot->data) * -versus < 0) { + /* move current right before pivot */ + tmpdata = right->data; + right->data = pivot->next->data; + pivot->next->data = pivot->data; + pivot->data = tmpdata; + pivot = pivot->next; + pivotid++; + if (pivot == right) break; + } else { + right = right->prev; + } + } + } + + /* sort sublists A and B : |---A---| pivot |---B---| */ + +#ifdef SIMCLIST_WITH_THREADS + traised = 0; + if (pivotid > 0) { + /* prepare wrapped args, then start thread */ + if (l->threadcount < SIMCLIST_MAXTHREADS-1) { + struct list_sort_wrappedparams *wp = (struct list_sort_wrappedparams *)malloc(sizeof(struct list_sort_wrappedparams)); + l->threadcount++; + traised = 1; + wp->l = l; + wp->versus = versus; + wp->first = first; + wp->fel = fel; + wp->last = first+pivotid-1; + wp->lel = pivot->prev; + if (pthread_create(&tid, NULL, list_sort_quicksort_threadwrapper, wp) != 0) { + free(wp); + traised = 0; + list_sort_quicksort(l, versus, first, fel, first+pivotid-1, pivot->prev); + } + } else { + list_sort_quicksort(l, versus, first, fel, first+pivotid-1, pivot->prev); + } + } + if (first + pivotid < last) list_sort_quicksort(l, versus, first+pivotid+1, pivot->next, last, lel); + if (traised) { + pthread_join(tid, (void **)NULL); + l->threadcount--; + } +#else + if (pivotid > 0) list_sort_quicksort(l, versus, first, fel, first+pivotid-1, pivot->prev); + if (first + pivotid < last) list_sort_quicksort(l, versus, first+pivotid+1, pivot->next, last, lel); +#endif +} + +int list_iterator_start(list_t *restrict l) { + if (l->iter_active) return 0; + l->iter_pos = 0; + l->iter_active = 1; + l->iter_curentry = l->head_sentinel->next; + return 1; +} + +void *list_iterator_next(list_t *restrict l) { + void *toret; + + if (! l->iter_active) return NULL; + + toret = l->iter_curentry->data; + l->iter_curentry = l->iter_curentry->next; + l->iter_pos++; + + return toret; +} + +int list_iterator_hasnext(const list_t *restrict l) { + if (! l->iter_active) return 0; + return (l->iter_pos < l->numels); +} + +int list_iterator_stop(list_t *restrict l) { + if (! l->iter_active) return 0; + l->iter_pos = 0; + l->iter_active = 0; + return 1; +} + +int list_hash(const list_t *restrict l, list_hash_t *restrict hash) { + struct list_entry_s *x; + list_hash_t tmphash; + + assert(hash != NULL); + + tmphash = l->numels * 2 + 100; + if (l->attrs.hasher == NULL) { +#ifdef SIMCLIST_ALLOW_LOCATIONBASED_HASHES + /* ENABLE WITH CARE !! */ +#warning "Memlocation-based hash is consistent only for testing modification in the same program run." + int i; + + /* only use element references */ + for (x = l->head_sentinel->next; x != l->tail_sentinel; x = x->next) { + for (i = 0; i < sizeof(x->data); i++) { + tmphash += (tmphash ^ (uintptr_t)x->data); + } + tmphash += tmphash % l->numels; + } +#else + return -1; +#endif + } else { + /* hash each element with the user-given function */ + for (x = l->head_sentinel->next; x != l->tail_sentinel; x = x->next) { + tmphash += tmphash ^ l->attrs.hasher(x->data); + tmphash +=* hash % l->numels; + } + } + + *hash = tmphash; + + return 0; +} + +#ifdef SIMCLIST_DUMPRESTORE +/* Workaround for a missing gettimeofday on Windows */ +#if defined(_MSC_VER) || defined(__MINGW32__) +int gettimeofday(struct timeval* tp, void* tzp) { + DWORD t; + t = timeGetTime(); + tp->tv_sec = t / 1000; + tp->tv_usec = t % 1000; + return 0; +} +#endif +int list_dump_getinfo_filedescriptor(int fd, list_dump_info_t *restrict info) { + int32_t terminator_head, terminator_tail; + uint32_t elemlen; + off_t hop; + + + /* version */ + READ_ERRCHECK(fd, & info->version, sizeof(info->version)); + info->version = ntohs(info->version); + if (info->version > SIMCLIST_DUMPFORMAT_VERSION) { + errno = EILSEQ; + return -1; + } + + /* timestamp */ + READ_ERRCHECK(fd, & info->timestamp, sizeof(info->timestamp)); + info->timestamp = hton64(info->timestamp); + + /* list terminator (to check thereafter) */ + READ_ERRCHECK(fd, & terminator_head, sizeof(terminator_head)); + terminator_head = ntohl(terminator_head); + + /* list size */ + READ_ERRCHECK(fd, & info->list_size, sizeof(info->list_size)); + info->list_size = ntohl(info->list_size); + + /* number of elements */ + READ_ERRCHECK(fd, & info->list_numels, sizeof(info->list_numels)); + info->list_numels = ntohl(info->list_numels); + + /* length of each element (for checking for consistency) */ + READ_ERRCHECK(fd, & elemlen, sizeof(elemlen)); + elemlen = ntohl(elemlen); + + /* list hash */ + READ_ERRCHECK(fd, & info->list_hash, sizeof(info->list_hash)); + info->list_hash = ntohl(info->list_hash); + + /* check consistency */ + if (elemlen > 0) { + /* constant length, hop by size only */ + hop = info->list_size; + } else { + /* non-constant length, hop by size + all element length blocks */ + hop = info->list_size + elemlen*info->list_numels; + } + if (lseek(fd, hop, SEEK_CUR) == -1) { + return -1; + } + + /* read the trailing value and compare with terminator_head */ + READ_ERRCHECK(fd, & terminator_tail, sizeof(terminator_tail)); + terminator_tail = ntohl(terminator_tail); + + if (terminator_head == terminator_tail) + info->consistent = 1; + else + info->consistent = 0; + + return 0; +} + +int list_dump_getinfo_file(const char *restrict filename, list_dump_info_t *restrict info) { + int fd, ret; + + fd = open(filename, O_RDONLY, 0); + if (fd < 0) return -1; + + ret = list_dump_getinfo_filedescriptor(fd, info); + close(fd); + + return ret; +} + +int list_dump_filedescriptor(const list_t *restrict l, int fd, size_t *restrict len) { + struct list_entry_s *x; + void *ser_buf; + uint32_t bufsize; + struct timeval timeofday; + struct list_dump_header_s header; + + if (l->attrs.meter == NULL && l->attrs.serializer == NULL) { + errno = ENOTTY; + return -1; + } + + /**** DUMP FORMAT **** + + [ ver timestamp | totlen numels elemlen hash | DATA ] + + where DATA can be: + @ for constant-size list (element size is constant; elemlen > 0) + [ elem elem ... elem ] + @ for other lists (element size dictated by element_meter each time; elemlen <= 0) + [ size elem size elem ... size elem ] + + all integers are encoded in NETWORK BYTE FORMAT + *****/ + + + /* prepare HEADER */ + /* version */ + header.ver = htons( SIMCLIST_DUMPFORMAT_VERSION ); + + /* timestamp */ + gettimeofday(&timeofday, NULL); + header.timestamp = (int64_t)timeofday.tv_sec * 1000000 + (int64_t)timeofday.tv_usec; + header.timestamp = hton64(header.timestamp); + + header.rndterm = htonl((int32_t)get_random()); + + /* total list size is postprocessed afterwards */ + + /* number of elements */ + header.numels = htonl(l->numels); + + /* include an hash, if possible */ + if (l->attrs.hasher != NULL) { + if (htonl(list_hash(l, & header.listhash)) != 0) { + /* could not compute list hash! */ + return -1; + } + } else { + header.listhash = htonl(0); + } + + header.totlistlen = header.elemlen = 0; + + /* leave room for the header at the beginning of the file */ + if (lseek(fd, SIMCLIST_DUMPFORMAT_HEADERLEN, SEEK_SET) < 0) { + /* errno set by lseek() */ + return -1; + } + + /* write CONTENT */ + if (l->numels > 0) { + /* SPECULATE that the list has constant element size */ + + if (l->attrs.serializer != NULL) { /* user user-specified serializer */ + /* get preliminary length of serialized element in header.elemlen */ + ser_buf = l->attrs.serializer(l->head_sentinel->next->data, & header.elemlen); + free(ser_buf); + /* request custom serialization of each element */ + for (x = l->head_sentinel->next; x != l->tail_sentinel; x = x->next) { + ser_buf = l->attrs.serializer(x->data, &bufsize); + header.totlistlen += bufsize; + if (header.elemlen != 0) { /* continue on speculation */ + if (header.elemlen != bufsize) { + free(ser_buf); + /* constant element length speculation broken! */ + header.elemlen = 0; + header.totlistlen = 0; + x = l->head_sentinel; + if (lseek(fd, SIMCLIST_DUMPFORMAT_HEADERLEN, SEEK_SET) < 0) { + /* errno set by lseek() */ + return -1; + } + /* restart from the beginning */ + continue; + } + /* speculation confirmed */ + WRITE_ERRCHECK(fd, ser_buf, bufsize); + } else { /* speculation found broken */ + WRITE_ERRCHECK(fd, & bufsize, sizeof(size_t)); + WRITE_ERRCHECK(fd, ser_buf, bufsize); + } + free(ser_buf); + } + } else if (l->attrs.meter != NULL) { + header.elemlen = (uint32_t)l->attrs.meter(l->head_sentinel->next->data); + + /* serialize the element straight from its data */ + for (x = l->head_sentinel->next; x != l->tail_sentinel; x = x->next) { + bufsize = l->attrs.meter(x->data); + header.totlistlen += bufsize; + if (header.elemlen != 0) { + if (header.elemlen != bufsize) { + /* constant element length speculation broken! */ + header.elemlen = 0; + header.totlistlen = 0; + x = l->head_sentinel; + /* restart from the beginning */ + continue; + } + WRITE_ERRCHECK(fd, x->data, bufsize); + } else { + WRITE_ERRCHECK(fd, &bufsize, sizeof(size_t)); + WRITE_ERRCHECK(fd, x->data, bufsize); + } + } + } + /* adjust endianness */ + header.elemlen = htonl(header.elemlen); + header.totlistlen = htonl(header.totlistlen); + } + + /* write random terminator */ + WRITE_ERRCHECK(fd, & header.rndterm, sizeof(header.rndterm)); /* list terminator */ + + + /* write header */ + lseek(fd, 0, SEEK_SET); + + WRITE_ERRCHECK(fd, & header.ver, sizeof(header.ver)); /* version */ + WRITE_ERRCHECK(fd, & header.timestamp, sizeof(header.timestamp)); /* timestamp */ + WRITE_ERRCHECK(fd, & header.rndterm, sizeof(header.rndterm)); /* random terminator */ + + WRITE_ERRCHECK(fd, & header.totlistlen, sizeof(header.totlistlen)); /* total length of elements */ + WRITE_ERRCHECK(fd, & header.numels, sizeof(header.numels)); /* number of elements */ + WRITE_ERRCHECK(fd, & header.elemlen, sizeof(header.elemlen)); /* size of each element, or 0 for independent */ + WRITE_ERRCHECK(fd, & header.listhash, sizeof(header.listhash)); /* list hash, or 0 for "ignore" */ + + + /* possibly store total written length in "len" */ + if (len != NULL) { + *len = sizeof(header) + ntohl(header.totlistlen); + } + + return 0; +} + +int list_restore_filedescriptor(list_t *restrict l, int fd, size_t *restrict len) { + struct list_dump_header_s header; + unsigned long cnt; + void *buf; + uint32_t elsize, totreadlen, totmemorylen; + + memset(& header, 0, sizeof(header)); + + /* read header */ + + /* version */ + READ_ERRCHECK(fd, &header.ver, sizeof(header.ver)); + header.ver = ntohs(header.ver); + if (header.ver != SIMCLIST_DUMPFORMAT_VERSION) { + errno = EILSEQ; + return -1; + } + + /* timestamp */ + READ_ERRCHECK(fd, & header.timestamp, sizeof(header.timestamp)); + + /* list terminator */ + READ_ERRCHECK(fd, & header.rndterm, sizeof(header.rndterm)); + + header.rndterm = ntohl(header.rndterm); + + /* total list size */ + READ_ERRCHECK(fd, & header.totlistlen, sizeof(header.totlistlen)); + header.totlistlen = ntohl(header.totlistlen); + + /* number of elements */ + READ_ERRCHECK(fd, & header.numels, sizeof(header.numels)); + header.numels = ntohl(header.numels); + + /* length of every element, or '0' = variable */ + READ_ERRCHECK(fd, & header.elemlen, sizeof(header.elemlen)); + header.elemlen = ntohl(header.elemlen); + + /* list hash, or 0 = 'ignore' */ + READ_ERRCHECK(fd, & header.listhash, sizeof(header.listhash)); + header.listhash = ntohl(header.listhash); + + + /* read content */ + totreadlen = totmemorylen = 0; + if (header.elemlen > 0) { + /* elements have constant size = header.elemlen */ + if (l->attrs.unserializer != NULL) { + /* use unserializer */ + buf = malloc(header.elemlen); + for (cnt = 0; cnt < header.numels; cnt++) { + READ_ERRCHECK(fd, buf, header.elemlen); + list_append(l, l->attrs.unserializer(buf, & elsize)); + totmemorylen += elsize; + } + } else { + /* copy verbatim into memory */ + for (cnt = 0; cnt < header.numels; cnt++) { + buf = malloc(header.elemlen); + READ_ERRCHECK(fd, buf, header.elemlen); + list_append(l, buf); + } + totmemorylen = header.numels * header.elemlen; + } + totreadlen = header.numels * header.elemlen; + } else { + /* elements have variable size. Each element is preceded by its size */ + if (l->attrs.unserializer != NULL) { + /* use unserializer */ + for (cnt = 0; cnt < header.numels; cnt++) { + READ_ERRCHECK(fd, & elsize, sizeof(elsize)); + buf = malloc((size_t)elsize); + READ_ERRCHECK(fd, buf, elsize); + totreadlen += elsize; + list_append(l, l->attrs.unserializer(buf, & elsize)); + totmemorylen += elsize; + } + } else { + /* copy verbatim into memory */ + for (cnt = 0; cnt < header.numels; cnt++) { + READ_ERRCHECK(fd, & elsize, sizeof(elsize)); + buf = malloc(elsize); + READ_ERRCHECK(fd, buf, elsize); + totreadlen += elsize; + list_append(l, buf); + } + totmemorylen = totreadlen; + } + } + + READ_ERRCHECK(fd, &elsize, sizeof(elsize)); /* read list terminator */ + elsize = ntohl(elsize); + + /* possibly verify the list consistency */ + /* wrt hash */ + /* don't do that + if (header.listhash != 0 && header.listhash != list_hash(l)) { + errno = ECANCELED; + return -1; + } + */ + + /* wrt header */ + if (totreadlen != header.totlistlen && (int32_t)elsize == header.rndterm) { + errno = EPROTO; + return -1; + } + + /* wrt file */ + if (lseek(fd, 0, SEEK_CUR) != lseek(fd, 0, SEEK_END)) { + errno = EPROTO; + return -1; + } + + if (len != NULL) { + *len = totmemorylen; + } + + return 0; +} + +int list_dump_file(const list_t *restrict l, const char *restrict filename, size_t *restrict len) { + int fd, mode; + size_t sizetoret; + mode = O_RDWR | O_CREAT | O_TRUNC; +#ifndef _WIN32 + mode |= S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH; +#endif + fd = open(filename, mode); + if (fd < 0) return -1; + + sizetoret = list_dump_filedescriptor(l, fd, len); + close(fd); + + return sizetoret; +} + +int list_restore_file(list_t *restrict l, const char *restrict filename, size_t *restrict len) { + int fd; + size_t totdata; + + fd = open(filename, O_RDONLY, 0); + if (fd < 0) return -1; + + totdata = list_restore_filedescriptor(l, fd, len); + close(fd); + + return totdata; +} +#endif /* ifdef SIMCLIST_DUMPRESTORE */ + + +static int list_drop_elem(list_t *restrict l, struct list_entry_s *tmp, unsigned int pos) { + if (tmp == NULL) return -1; + + /* fix mid pointer. This is wrt the PRE situation */ + if (l->numels % 2) { /* now odd */ + /* sort out the base case by hand */ + if (l->numels == 1) l->mid = NULL; + else if (pos >= l->numels/2) l->mid = l->mid->prev; + } else { /* now even */ + if (pos < l->numels/2) l->mid = l->mid->next; + } + + tmp->prev->next = tmp->next; + tmp->next->prev = tmp->prev; + + /* free what's to be freed */ + if (l->attrs.copy_data && tmp->data != NULL) + free(tmp->data); + + if (l->spareelsnum < SIMCLIST_MAX_SPARE_ELEMS) { + l->spareels[l->spareelsnum++] = tmp; + } else { + free(tmp); + } + + return 0; +} + +/* ready-made comparators and meters */ +#define SIMCLIST_NUMBER_COMPARATOR(type) int list_comparator_##type(const void *a, const void *b) { return( *(type *)a < *(type *)b) - (*(type *)a > *(type *)b); } + +SIMCLIST_NUMBER_COMPARATOR(int8_t) +SIMCLIST_NUMBER_COMPARATOR(int16_t) +SIMCLIST_NUMBER_COMPARATOR(int32_t) +SIMCLIST_NUMBER_COMPARATOR(int64_t) + +SIMCLIST_NUMBER_COMPARATOR(uint8_t) +SIMCLIST_NUMBER_COMPARATOR(uint16_t) +SIMCLIST_NUMBER_COMPARATOR(uint32_t) +SIMCLIST_NUMBER_COMPARATOR(uint64_t) + +SIMCLIST_NUMBER_COMPARATOR(float) +SIMCLIST_NUMBER_COMPARATOR(double) + +int list_comparator_string(const void *a, const void *b) { return strcmp((const char *)b, (const char *)a); } + +/* ready-made metric functions */ +#define SIMCLIST_METER(type) size_t list_meter_##type(const void *el) { if (el) { /* kill compiler whinge */ } return sizeof(type); } + +SIMCLIST_METER(int8_t) +SIMCLIST_METER(int16_t) +SIMCLIST_METER(int32_t) +SIMCLIST_METER(int64_t) + +SIMCLIST_METER(uint8_t) +SIMCLIST_METER(uint16_t) +SIMCLIST_METER(uint32_t) +SIMCLIST_METER(uint64_t) + +SIMCLIST_METER(float) +SIMCLIST_METER(double) + +size_t list_meter_string(const void *el) { return strlen((const char *)el) + 1; } + +/* ready-made hashing functions */ +#define SIMCLIST_HASHCOMPUTER(type) list_hash_t list_hashcomputer_##type(const void *el) { return (list_hash_t)(*(type *)el); } + +SIMCLIST_HASHCOMPUTER(int8_t) +SIMCLIST_HASHCOMPUTER(int16_t) +SIMCLIST_HASHCOMPUTER(int32_t) +SIMCLIST_HASHCOMPUTER(int64_t) + +SIMCLIST_HASHCOMPUTER(uint8_t) +SIMCLIST_HASHCOMPUTER(uint16_t) +SIMCLIST_HASHCOMPUTER(uint32_t) +SIMCLIST_HASHCOMPUTER(uint64_t) + +SIMCLIST_HASHCOMPUTER(float) +SIMCLIST_HASHCOMPUTER(double) + +list_hash_t list_hashcomputer_string(const void *el) { + size_t l; + list_hash_t hash = 123; + const char *str = (const char *)el; + char plus; + + for (l = 0; str[l] != '\0'; l++) { + if (l) plus = hash ^ str[l]; + else plus = hash ^ (str[l] - str[0]); + hash += (plus << (CHAR_BIT * (l % sizeof(list_hash_t)))); + } + + return hash; +} + + +#ifndef NDEBUG +static int list_repOk(const list_t *restrict l) { + int ok, i; + struct list_entry_s *s; + + ok = (l != NULL) && ( + /* head/tail checks */ + (l->head_sentinel != NULL && l->tail_sentinel != NULL) && + (l->head_sentinel != l->tail_sentinel) && (l->head_sentinel->prev == NULL && l->tail_sentinel->next == NULL) && + /* empty list */ + (l->numels > 0 || (l->mid == NULL && l->head_sentinel->next == l->tail_sentinel && l->tail_sentinel->prev == l->head_sentinel)) && + /* spare elements checks */ + l->spareelsnum <= SIMCLIST_MAX_SPARE_ELEMS + ); + + if (!ok) return 0; + + if (l->numels >= 1) { + /* correct referencing */ + for (i = -1, s = l->head_sentinel; i < (int)(l->numels-1)/2 && s->next != NULL; i++, s = s->next) { + if (s->next->prev != s) break; + } + ok = (i == (int)(l->numels-1)/2 && l->mid == s); + if (!ok) return 0; + for (; s->next != NULL; i++, s = s->next) { + if (s->next->prev != s) break; + } + ok = (i == (int)l->numels && s == l->tail_sentinel); + } + + return ok; +} + +static int list_attrOk(const list_t *restrict l) { + int ok; + + ok = (l->attrs.copy_data == 0 || l->attrs.meter != NULL); + return ok; +} + +#endif + diff -Nru opensc-0.11.13/src/common/simclist.h opensc-0.12.1/src/common/simclist.h --- opensc-0.11.13/src/common/simclist.h 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/common/simclist.h 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,984 @@ +/* + * Copyright (c) 2007,2008 Mij + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + + +/* + * SimCList library. See http://mij.oltrelinux.com/devel/simclist + */ + + +#ifndef SIMCLIST_H +#define SIMCLIST_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* work around lack of inttypes.h support in broken Microsoft Visual Studio compilers */ +#if defined(_MSC_VER) +#include +typedef UINT8 uint8_t; +typedef UINT16 uint16_t; +typedef ULONG32 uint32_t; +typedef UINT64 uint64_t; +typedef INT8 int8_t; +typedef INT16 int16_t; +typedef LONG32 int32_t; +typedef INT64 int64_t; +#else +#include /* (u)int*_t */ +#endif +#include +#include + +/* Be friend of both C90 and C99 compilers */ +#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L + /* "inline" and "restrict" are keywords */ +#else +# define inline /* inline */ +# define restrict /* restrict */ +#endif + + +/** + * Type representing list hashes. + * + * This is a signed integer value. + */ +typedef int32_t list_hash_t; + +#ifdef SIMCLIST_DUMPRESTORE +typedef struct { + uint16_t version; /* dump version */ + int64_t timestamp; /* when the list has been dumped, microseconds from UNIX epoch */ + uint32_t list_size; + uint32_t list_numels; + list_hash_t list_hash; /* hash of the list when dumped, or 0 if invalid */ + uint32_t dumpsize; + int consistent; /* 1 if the dump is verified complete/consistent; 0 otherwise */ +} list_dump_info_t; +#endif + +/** + * a comparator of elements. + * + * A comparator of elements is a function that: + * -# receives two references to elements a and b + * -# returns {<0, 0, >0} if (a > b), (a == b), (a < b) respectively + * + * It is responsability of the function to handle possible NULL values. + */ +typedef int (*element_comparator)(const void *a, const void *b); + +/** + * a seeker of elements. + * + * An element seeker is a function that: + * -# receives a reference to an element el + * -# receives a reference to some indicator data + * -# returns non-0 if the element matches the indicator, 0 otherwise + * + * It is responsability of the function to handle possible NULL values in any + * argument. + */ +typedef int (*element_seeker)(const void *el, const void *indicator); + +/** + * an element lenght meter. + * + * An element meter is a function that: + * -# receives the reference to an element el + * -# returns its size in bytes + * + * It is responsability of the function to handle possible NULL values. + */ +typedef size_t (*element_meter)(const void *el); + +/** + * a function computing the hash of elements. + * + * An hash computing function is a function that: + * -# receives the reference to an element el + * -# returns a hash value for el + * + * It is responsability of the function to handle possible NULL values. + */ +typedef list_hash_t (*element_hash_computer)(const void *el); + +/** + * a function for serializing an element. + * + * A serializer function is one that gets a reference to an element, + * and returns a reference to a buffer that contains its serialization + * along with the length of this buffer. + * It is responsability of the function to handle possible NULL values, + * returning a NULL buffer and a 0 buffer length. + * + * These functions have 3 goals: + * -# "freeze" and "flatten" the memory representation of the element + * -# provide a portable (wrt byte order, or type size) representation of the element, if the dump can be used on different sw/hw combinations + * -# possibly extract a compressed representation of the element + * + * @param el reference to the element data + * @param serialize_buffer reference to fill with the length of the buffer + * @return reference to the buffer with the serialized data + */ +typedef void *(*element_serializer)(const void *restrict el, uint32_t *restrict serializ_len); + +/** + * a function for un-serializing an element. + * + * An unserializer function accomplishes the inverse operation of the + * serializer function. An unserializer function is one that gets a + * serialized representation of an element and turns it backe to the original + * element. The serialized representation is passed as a reference to a buffer + * with its data, and the function allocates and returns the buffer containing + * the original element, and it sets the length of this buffer into the + * integer passed by reference. + * + * @param data reference to the buffer with the serialized representation of the element + * @param data_len reference to the location where to store the length of the data in the buffer returned + * @return reference to a buffer with the original, unserialized representation of the element + */ +typedef void *(*element_unserializer)(const void *restrict data, uint32_t *restrict data_len); + +/* [private-use] list entry -- olds actual user datum */ +struct list_entry_s { + void *data; + + /* doubly-linked list service references */ + struct list_entry_s *next; + struct list_entry_s *prev; +}; + +/* [private-use] list attributes */ +struct list_attributes_s { + /* user-set routine for comparing list elements */ + element_comparator comparator; + /* user-set routing for seeking elements */ + element_seeker seeker; + /* user-set routine for determining the length of an element */ + element_meter meter; + int copy_data; + /* user-set routine for computing the hash of an element */ + element_hash_computer hasher; + /* user-set routine for serializing an element */ + element_serializer serializer; + /* user-set routine for unserializing an element */ + element_unserializer unserializer; +}; + +/** list object */ +typedef struct { + struct list_entry_s *head_sentinel; + struct list_entry_s *tail_sentinel; + struct list_entry_s *mid; + + unsigned int numels; + + /* array of spare elements */ + struct list_entry_s **spareels; + unsigned int spareelsnum; + +#ifdef SIMCLIST_WITH_THREADS + /* how many threads are currently running */ + unsigned int threadcount; +#endif + + /* service variables for list iteration */ + int iter_active; + unsigned int iter_pos; + struct list_entry_s *iter_curentry; + + /* list attributes */ + struct list_attributes_s attrs; +} list_t; + +/** + * initialize a list object for use. + * + * @param l must point to a user-provided memory location + * @return 0 for success. -1 for failure + */ +int list_init(list_t *restrict l); + +/** + * completely remove the list from memory. + * + * This function is the inverse of list_init(). It is meant to be called when + * the list is no longer going to be used. Elements and possible memory taken + * for internal use are freed. + * + * @param l list to destroy + */ +void list_destroy(list_t *restrict l); + +/** + * set the comparator function for list elements. + * + * Comparator functions are used for searching and sorting. If NULL is passed + * as reference to the function, the comparator is disabled. + * + * @param l list to operate + * @param comparator_fun pointer to the actual comparator function + * @return 0 if the attribute was successfully set; -1 otherwise + * + * @see element_comparator() + */ +int list_attributes_comparator(list_t *restrict l, element_comparator comparator_fun); + +/** + * set a seeker function for list elements. + * + * Seeker functions are used for finding elements. If NULL is passed as reference + * to the function, the seeker is disabled. + * + * @param l list to operate + * @param seeker_fun pointer to the actual seeker function + * @return 0 if the attribute was successfully set; -1 otherwise + * + * @see element_seeker() + */ +int list_attributes_seeker(list_t *restrict l, element_seeker seeker_fun); + +/** + * require to free element data when list entry is removed (default: don't free). + * + * [ advanced preference ] + * + * By default, when an element is removed from the list, it disappears from + * the list by its actual data is not free()d. With this option, every + * deletion causes element data to be freed. + * + * It is responsability of this function to correctly handle NULL values, if + * NULL elements are inserted into the list. + * + * @param l list to operate + * @param metric_fun pointer to the actual metric function + * @param copy_data 0: do not free element data (default); non-0: do free + * @return 0 if the attribute was successfully set; -1 otherwise + * + * @see element_meter() + * @see list_meter_int8_t() + * @see list_meter_int16_t() + * @see list_meter_int32_t() + * @see list_meter_int64_t() + * @see list_meter_uint8_t() + * @see list_meter_uint16_t() + * @see list_meter_uint32_t() + * @see list_meter_uint64_t() + * @see list_meter_float() + * @see list_meter_double() + * @see list_meter_string() + */ +int list_attributes_copy(list_t *restrict l, element_meter metric_fun, int copy_data); + +/** + * set the element hash computing function for the list elements. + * + * [ advanced preference ] + * + * An hash can be requested depicting the list status at a given time. An hash + * only depends on the elements and their order. By default, the hash of an + * element is only computed on its reference. With this function, the user can + * set a custom function computing the hash of an element. If such function is + * provided, the list_hash() function automatically computes the list hash using + * the custom function instead of simply referring to element references. + * + * @param l list to operate + * @param hash_computer_fun pointer to the actual hash computing function + * @return 0 if the attribute was successfully set; -1 otherwise + * + * @see element_hash_computer() + */ +int list_attributes_hash_computer(list_t *restrict l, element_hash_computer hash_computer_fun); + +/** + * set the element serializer function for the list elements. + * + * [ advanced preference ] + * + * Serialize functions are used for dumping the list to some persistent + * storage. The serializer function is called for each element; it is passed + * a reference to the element and a reference to a size_t object. It will + * provide (and return) the buffer with the serialization of the element and + * fill the size_t object with the length of this serialization data. + * + * @param l list to operate + * @param serializer_fun pointer to the actual serializer function + * @return 0 if the attribute was successfully set; -1 otherwise + * + * @see element_serializer() + * @see list_dump_filedescriptor() + * @see list_restore_filedescriptor() + */ +int list_attributes_serializer(list_t *restrict l, element_serializer serializer_fun); + +/** + * set the element unserializer function for the list elements. + * + * [ advanced preference ] + * + * Unserialize functions are used for restoring the list from some persistent + * storage. The unserializer function is called for each element segment read + * from the storage; it is passed the segment and a reference to an integer. + * It shall allocate and return a buffer compiled with the resumed memory + * representation of the element, and set the integer value to the length of + * this buffer. + * + * @param l list to operate + * @param unserializer_fun pointer to the actual unserializer function + * @return 0 if the attribute was successfully set; -1 otherwise + * + * @see element_unserializer() + * @see list_dump_filedescriptor() + * @see list_restore_filedescriptor() + */ +int list_attributes_unserializer(list_t *restrict l, element_unserializer unserializer_fun); + +/** + * append data at the end of the list. + * + * This function is useful for adding elements with a FIFO/queue policy. + * + * @param l list to operate + * @param data pointer to user data to append + * + * @return 1 for success. < 0 for failure + */ +int list_append(list_t *restrict l, const void *data); + +/** + * insert data in the head of the list. + * + * This function is useful for adding elements with a LIFO/Stack policy. + * + * @param l list to operate + * @param data pointer to user data to append + * + * @return 1 for success. < 0 for failure + */ +int list_prepend(list_t *restrict l, const void *restrict data); + +/** + * extract the element in the top of the list. + * + * This function is for using a list with a FIFO/queue policy. + * + * @param l list to operate + * @return reference to user datum, or NULL on errors + */ +void *list_fetch(list_t *restrict l); + +/** + * retrieve an element at a given position. + * + * @param l list to operate + * @param pos [0,size-1] position index of the element wanted + * @return reference to user datum, or NULL on errors + */ +void *list_get_at(const list_t *restrict l, unsigned int pos); + +/** + * return the maximum element of the list. + * + * @warning Requires a comparator function to be set for the list. + * + * Returns the maximum element with respect to the comparator function output. + * + * @see list_attributes_comparator() + * + * @param l list to operate + * @return the reference to the element, or NULL + */ +void *list_get_max(const list_t *restrict l); + +/** + * return the minimum element of the list. + * + * @warning Requires a comparator function to be set for the list. + * + * Returns the minimum element with respect to the comparator function output. + * + * @see list_attributes_comparator() + * + * @param l list to operate + * @return the reference to the element, or NULL + */ +void *list_get_min(const list_t *restrict l); + +/** + * retrieve and remove from list an element at a given position. + * + * @param l list to operate + * @param pos [0,size-1] position index of the element wanted + * @return reference to user datum, or NULL on errors + */ +void *list_extract_at(list_t *restrict l, unsigned int pos); + +/** + * insert an element at a given position. + * + * @param l list to operate + * @param data reference to data to be inserted + * @param pos [0,size-1] position index to insert the element at + * @return positive value on success. Negative on failure + */ +int list_insert_at(list_t *restrict l, const void *data, unsigned int pos); + +/** + * expunge the first found given element from the list. + * + * Inspects the given list looking for the given element; if the element + * is found, it is removed. Only the first occurence is removed. + * If a comparator function was not set, elements are compared by reference. + * Otherwise, the comparator is used to match the element. + * + * @param l list to operate + * @param data reference of the element to search for + * @return 0 on success. Negative value on failure + * + * @see list_attributes_comparator() + * @see list_delete_at() + */ +int list_delete(list_t *restrict l, const void *data); + +/** + * expunge an element at a given position from the list. + * + * @param l list to operate + * @param pos [0,size-1] position index of the element to be deleted + * @return 0 on success. Negative value on failure + */ +int list_delete_at(list_t *restrict l, unsigned int pos); + +/** + * expunge an array of elements from the list, given their position range. + * + * @param l list to operate + * @param posstart [0,size-1] position index of the first element to be deleted + * @param posend [posstart,size-1] position of the last element to be deleted + * @return the number of elements successfully removed + */ +int list_delete_range(list_t *restrict l, unsigned int posstart, unsigned int posend); + +/** + * clear all the elements off of the list. + * + * The element datums will not be freed. + * + * @see list_delete_range() + * @see list_size() + * + * @param l list to operate + * @return the number of elements in the list before cleaning + */ +int list_clear(list_t *restrict l); + +/** + * inspect the number of elements in the list. + * + * @param l list to operate + * @return number of elements currently held by the list + */ +unsigned int list_size(const list_t *restrict l); + +/** + * inspect whether the list is empty. + * + * @param l list to operate + * @return 0 iff the list is not empty + * + * @see list_size() + */ +int list_empty(const list_t *restrict l); + +/** + * find the position of an element in a list. + * + * @warning Requires a comparator function to be set for the list. + * + * Inspects the given list looking for the given element; if the element + * is found, its position into the list is returned. + * Elements are inspected comparing references if a comparator has not been + * set. Otherwise, the comparator is used to find the element. + * + * @param l list to operate + * @param data reference of the element to search for + * @return position of element in the list, or <0 if not found + * + * @see list_attributes_comparator() + * @see list_get_at() + */ +int list_locate(const list_t *restrict l, const void *data); + +/** + * returns an element given an indicator. + * + * @warning Requires a seeker function to be set for the list. + * + * Inspect the given list looking with the seeker if an element matches + * an indicator. If such element is found, the reference to the element + * is returned. + * + * @param l list to operate + * @param indicator indicator data to pass to the seeker along with elements + * @return reference to the element accepted by the seeker, or NULL if none found + */ +void *list_seek(list_t *restrict l, const void *indicator); + +/** + * inspect whether some data is member of the list. + * + * @warning Requires a comparator function to be set for the list. + * + * By default, a per-reference comparison is accomplished. That is, + * the data is in list if any element of the list points to the same + * location of data. + * A "semantic" comparison is accomplished, otherwise, if a comparator + * function has been set previously, with list_attributes_comparator(); + * in which case, the given data reference is believed to be in list iff + * comparator_fun(elementdata, userdata) == 0 for any element in the list. + * + * @param l list to operate + * @param data reference to the data to search + * @return 0 iff the list does not contain data as an element + * + * @see list_attributes_comparator() + */ +int list_contains(const list_t *restrict l, const void *data); + +/** + * concatenate two lists + * + * Concatenates one list with another, and stores the result into a + * user-provided list object, which must be different from both the + * lists to concatenate. Attributes from the original lists are not + * cloned. + * The destination list referred is threated as virgin room: if it + * is an existing list containing elements, memory leaks will happen. + * It is OK to specify the same list twice as source, for "doubling" + * it in the destination. + * + * @param l1 base list + * @param l2 list to append to the base + * @param dest reference to the destination list + * @return 0 for success, -1 for errors + */ +int list_concat(const list_t *l1, const list_t *l2, list_t *restrict dest); + +/** + * sort list elements. + * + * @warning Requires a comparator function to be set for the list. + * + * Sorts the list in ascending or descending order as specified by the versus + * flag. The algorithm chooses autonomously what algorithm is best suited for + * sorting the list wrt its current status. + * + * @param l list to operate + * @param versus positive: order small to big; negative: order big to small + * @return 0: sorting went OK non-0: errors happened + * + * @see list_attributes_comparator() + */ +int list_sort(list_t *restrict l, int versus); + +/** + * start an iteration session. + * + * This function prepares the list to be iterated. + * + * @param l list to operate + * @return 0 if the list cannot be currently iterated. >0 otherwise + * + * @see list_iterator_stop() + */ +int list_iterator_start(list_t *restrict l); + +/** + * return the next element in the iteration session. + * + * @param l list to operate + * @return element datum, or NULL on errors + */ +void *list_iterator_next(list_t *restrict l); + +/** + * inspect whether more elements are available in the iteration session. + * + * @param l list to operate + * @return 0 iff no more elements are available. + */ +int list_iterator_hasnext(const list_t *restrict l); + +/** + * end an iteration session. + * + * @param l list to operate + * @return 0 iff the iteration session cannot be stopped + */ +int list_iterator_stop(list_t *restrict l); + +/** + * return the hash of the current status of the list. + * + * @param l list to operate + * @param hash where the resulting hash is put + * + * @return 0 for success; <0 for failure + */ +int list_hash(const list_t *restrict l, list_hash_t *restrict hash); + +#ifdef SIMCLIST_DUMPRESTORE +/** + * get meta informations on a list dump on filedescriptor. + * + * [ advanced function ] + * + * Extracts the meta information from a SimCList dump located in a file + * descriptor. The file descriptor must be open and positioned at the + * beginning of the SimCList dump block. + * + * @param fd file descriptor to get metadata from + * @param info reference to a dump metainformation structure to fill + * @return 0 for success; <0 for failure + * + * @see list_dump_filedescriptor() + */ +int list_dump_getinfo_filedescriptor(int fd, list_dump_info_t *restrict info); + +/** + * get meta informations on a list dump on file. + * + * [ advanced function ] + * + * Extracts the meta information from a SimCList dump located in a file. + * + * @param filename filename of the file to fetch from + * @param info reference to a dump metainformation structure to fill + * @return 0 for success; <0 for failure + * + * @see list_dump_filedescriptor() + */ +int list_dump_getinfo_file(const char *restrict filename, list_dump_info_t *restrict info); + +/** + * dump the list into an open, writable file descriptor. + * + * This function "dumps" the list to a persistent storage so it can be + * preserved across process terminations. + * When called, the file descriptor must be open for writing and positioned + * where the serialized data must begin. It writes its serialization of the + * list in a form which is portable across different architectures. Dump can + * be safely performed on stream-only (non seekable) descriptors. The file + * descriptor is not closed at the end of the operations. + * + * To use dump functions, either of these conditions must be satisfied: + * -# a metric function has been specified with list_attributes_copy() + * -# a serializer function has been specified with list_attributes_serializer() + * + * If a metric function has been specified, each element of the list is dumped + * as-is from memory, copying it from its pointer for its length down to the + * file descriptor. This might have impacts on portability of the dump to + * different architectures. + * + * If a serializer function has been specified, its result for each element is + * dumped to the file descriptor. + * + * + * @param l list to operate + * @param fd file descriptor to write to + * @param len location to store the resulting length of the dump (bytes), or NULL + * + * @return 0 if successful; -1 otherwise + * + * @see element_serializer() + * @see list_attributes_copy() + * @see list_attributes_serializer() + */ +int list_dump_filedescriptor(const list_t *restrict l, int fd, size_t *restrict len); + +/** + * dump the list to a file name. + * + * This function creates a filename and dumps the current content of the list + * to it. If the file exists it is overwritten. The number of bytes written to + * the file can be returned in a specified argument. + * + * @param l list to operate + * @param filename filename to write to + * @param len location to store the resulting length of the dump (bytes), or NULL + * + * @return 0 if successful; -1 otherwise + * + * @see list_attributes_copy() + * @see element_serializer() + * @see list_attributes_serializer() + * @see list_dump_filedescriptor() + * @see list_restore_file() + * + * This function stores a representation of the list + */ +int list_dump_file(const list_t *restrict l, const char *restrict filename, size_t *restrict len); + +/** + * restore the list from an open, readable file descriptor to memory. + * + * This function is the "inverse" of list_dump_filedescriptor(). It restores + * the list content from a (open, read-ready) file descriptor to memory. An + * unserializer might be needed to restore elements from the persistent + * representation back into memory-consistent format. List attributes can not + * be restored and must be set manually. + * + * @see list_dump_filedescriptor() + * @see list_attributes_serializer() + * @see list_attributes_unserializer() + * + * @param l list to restore to + * @param fd file descriptor to read from. + * @param len location to store the length of the dump read (bytes), or NULL + * @return 0 if successful; -1 otherwise + */ +int list_restore_filedescriptor(list_t *restrict l, int fd, size_t *restrict len); + +/** + * restore the list from a file name. + * + * This function restores the content of a list from a file into memory. It is + * the inverse of list_dump_file(). + * + * @see element_unserializer() + * @see list_attributes_unserializer() + * @see list_dump_file() + * @see list_restore_filedescriptor() + * + * @param l list to restore to + * @param filename filename to read data from + * @param len location to store the length of the dump read (bytes), or NULL + * @return 0 if successful; -1 otherwise + */ +int list_restore_file(list_t *restrict l, const char *restrict filename, size_t *len); +#endif + +/* ready-made comparators, meters and hash computers */ + /* comparator functions */ +/** + * ready-made comparator for int8_t elements. + * @see list_attributes_comparator() + */ +int list_comparator_int8_t(const void *a, const void *b); + +/** + * ready-made comparator for int16_t elements. + * @see list_attributes_comparator() + */ +int list_comparator_int16_t(const void *a, const void *b); + +/** + * ready-made comparator for int32_t elements. + * @see list_attributes_comparator() + */ +int list_comparator_int32_t(const void *a, const void *b); + +/** + * ready-made comparator for int64_t elements. + * @see list_attributes_comparator() + */ +int list_comparator_int64_t(const void *a, const void *b); + +/** + * ready-made comparator for uint8_t elements. + * @see list_attributes_comparator() + */ +int list_comparator_uint8_t(const void *a, const void *b); + +/** + * ready-made comparator for uint16_t elements. + * @see list_attributes_comparator() + */ +int list_comparator_uint16_t(const void *a, const void *b); + +/** + * ready-made comparator for uint32_t elements. + * @see list_attributes_comparator() + */ +int list_comparator_uint32_t(const void *a, const void *b); + +/** + * ready-made comparator for uint64_t elements. + * @see list_attributes_comparator() + */ +int list_comparator_uint64_t(const void *a, const void *b); + +/** + * ready-made comparator for float elements. + * @see list_attributes_comparator() + */ +int list_comparator_float(const void *a, const void *b); + +/** + * ready-made comparator for double elements. + * @see list_attributes_comparator() + */ +int list_comparator_double(const void *a, const void *b); + +/** + * ready-made comparator for string elements. + * @see list_attributes_comparator() + */ +int list_comparator_string(const void *a, const void *b); + + /* metric functions */ +/** + * ready-made metric function for int8_t elements. + * @see list_attributes_copy() + */ +size_t list_meter_int8_t(const void *el); + +/** + * ready-made metric function for int16_t elements. + * @see list_attributes_copy() + */ +size_t list_meter_int16_t(const void *el); + +/** + * ready-made metric function for int32_t elements. + * @see list_attributes_copy() + */ +size_t list_meter_int32_t(const void *el); + +/** + * ready-made metric function for int64_t elements. + * @see list_attributes_copy() + */ +size_t list_meter_int64_t(const void *el); + +/** + * ready-made metric function for uint8_t elements. + * @see list_attributes_copy() + */ +size_t list_meter_uint8_t(const void *el); + +/** + * ready-made metric function for uint16_t elements. + * @see list_attributes_copy() + */ +size_t list_meter_uint16_t(const void *el); + +/** + * ready-made metric function for uint32_t elements. + * @see list_attributes_copy() + */ +size_t list_meter_uint32_t(const void *el); + +/** + * ready-made metric function for uint64_t elements. + * @see list_attributes_copy() + */ +size_t list_meter_uint64_t(const void *el); + +/** + * ready-made metric function for float elements. + * @see list_attributes_copy() + */ +size_t list_meter_float(const void *el); + +/** + * ready-made metric function for double elements. + * @see list_attributes_copy() + */ +size_t list_meter_double(const void *el); + +/** + * ready-made metric function for string elements. + * @see list_attributes_copy() + */ +size_t list_meter_string(const void *el); + + /* hash functions */ +/** + * ready-made hash function for int8_t elements. + * @see list_attributes_hash_computer() + */ +list_hash_t list_hashcomputer_int8_t(const void *el); + +/** + * ready-made hash function for int16_t elements. + * @see list_attributes_hash_computer() + */ +list_hash_t list_hashcomputer_int16_t(const void *el); + +/** + * ready-made hash function for int32_t elements. + * @see list_attributes_hash_computer() + */ +list_hash_t list_hashcomputer_int32_t(const void *el); + +/** + * ready-made hash function for int64_t elements. + * @see list_attributes_hash_computer() + */ +list_hash_t list_hashcomputer_int64_t(const void *el); + +/** + * ready-made hash function for uint8_t elements. + * @see list_attributes_hash_computer() + */ +list_hash_t list_hashcomputer_uint8_t(const void *el); + +/** + * ready-made hash function for uint16_t elements. + * @see list_attributes_hash_computer() + */ +list_hash_t list_hashcomputer_uint16_t(const void *el); + +/** + * ready-made hash function for uint32_t elements. + * @see list_attributes_hash_computer() + */ +list_hash_t list_hashcomputer_uint32_t(const void *el); + +/** + * ready-made hash function for uint64_t elements. + * @see list_attributes_hash_computer() + */ +list_hash_t list_hashcomputer_uint64_t(const void *el); + +/** + * ready-made hash function for float elements. + * @see list_attributes_hash_computer() + */ +list_hash_t list_hashcomputer_float(const void *el); + +/** + * ready-made hash function for double elements. + * @see list_attributes_hash_computer() + */ +list_hash_t list_hashcomputer_double(const void *el); + +/** + * ready-made hash function for string elements. + * @see list_attributes_hash_computer() + */ +list_hash_t list_hashcomputer_string(const void *el); + +#ifdef __cplusplus +} +#endif + +#endif + diff -Nru opensc-0.11.13/src/include/Makefile.am opensc-0.12.1/src/include/Makefile.am --- opensc-0.11.13/src/include/Makefile.am 2009-12-13 09:14:26.000000000 +0000 +++ opensc-0.12.1/src/include/Makefile.am 1970-01-01 00:00:00.000000000 +0000 @@ -1,7 +0,0 @@ -MAINTAINERCLEANFILES = \ - $(srcdir)/Makefile.in $(srcdir)/winconfig.h -EXTRA_DIST = Makefile.mak - -SUBDIRS = opensc - -dist_noinst_HEADERS = winconfig.h diff -Nru opensc-0.11.13/src/include/Makefile.in opensc-0.12.1/src/include/Makefile.in --- opensc-0.11.13/src/include/Makefile.in 2010-02-16 09:32:18.000000000 +0000 +++ opensc-0.12.1/src/include/Makefile.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,620 +0,0 @@ -# Makefile.in generated by automake 1.11 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, -# Inc. -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -VPATH = @srcdir@ -pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -subdir = src/include -DIST_COMMON = $(dist_noinst_HEADERS) $(srcdir)/Makefile.am \ - $(srcdir)/Makefile.in $(srcdir)/winconfig.h.in -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/acx_pthread.m4 \ - $(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = winconfig.h -CONFIG_CLEAN_VPATH_FILES = -SOURCES = -DIST_SOURCES = -RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ - html-recursive info-recursive install-data-recursive \ - install-dvi-recursive install-exec-recursive \ - install-html-recursive install-info-recursive \ - install-pdf-recursive install-ps-recursive install-recursive \ - installcheck-recursive installdirs-recursive pdf-recursive \ - ps-recursive uninstall-recursive -HEADERS = $(dist_noinst_HEADERS) -RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ - distclean-recursive maintainer-clean-recursive -AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ - $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ - distdir -ETAGS = etags -CTAGS = ctags -DIST_SUBDIRS = $(SUBDIRS) -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -am__relativize = \ - dir0=`pwd`; \ - sed_first='s,^\([^/]*\)/.*$$,\1,'; \ - sed_rest='s,^[^/]*/*,,'; \ - sed_last='s,^.*/\([^/]*\)$$,\1,'; \ - sed_butlast='s,/*[^/]*$$,,'; \ - while test -n "$$dir1"; do \ - first=`echo "$$dir1" | sed -e "$$sed_first"`; \ - if test "$$first" != "."; then \ - if test "$$first" = ".."; then \ - dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ - dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ - else \ - first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ - if test "$$first2" = "$$first"; then \ - dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ - else \ - dir2="../$$dir2"; \ - fi; \ - dir0="$$dir0"/"$$first"; \ - fi; \ - fi; \ - dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ - done; \ - reldir="$$dir2" -ACLOCAL = @ACLOCAL@ -AMTAR = @AMTAR@ -AR = @AR@ -AS = @AS@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CYGPATH_W = @CYGPATH_W@ -DEFAULT_PCSC_PROVIDER = @DEFAULT_PCSC_PROVIDER@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -DLLTOOL = @DLLTOOL@ -DSYMUTIL = @DSYMUTIL@ -DUMPBIN = @DUMPBIN@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -FGREP = @FGREP@ -GREP = @GREP@ -ICONV_CFLAGS = @ICONV_CFLAGS@ -ICONV_LIBS = @ICONV_LIBS@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -LD = @LD@ -LDFLAGS = @LDFLAGS@ -LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@ -LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@ -LIBASSUAN_LIBS = @LIBASSUAN_LIBS@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIPO = @LIPO@ -LN_S = @LN_S@ -LTLIBOBJS = @LTLIBOBJS@ -LTLIB_CFLAGS = @LTLIB_CFLAGS@ -LTLIB_LIBS = @LTLIB_LIBS@ -MAKEINFO = @MAKEINFO@ -MKDIR_P = @MKDIR_P@ -NM = @NM@ -NMEDIT = @NMEDIT@ -OBJDUMP = @OBJDUMP@ -OBJEXT = @OBJEXT@ -OPENCT_CFLAGS = @OPENCT_CFLAGS@ -OPENCT_LIBS = @OPENCT_LIBS@ -OPENSC_LT_AGE = @OPENSC_LT_AGE@ -OPENSC_LT_CURRENT = @OPENSC_LT_CURRENT@ -OPENSC_LT_OLDEST = @OPENSC_LT_OLDEST@ -OPENSC_LT_REVISION = @OPENSC_LT_REVISION@ -OPENSC_VERSION_FIX = @OPENSC_VERSION_FIX@ -OPENSC_VERSION_MAJOR = @OPENSC_VERSION_MAJOR@ -OPENSC_VERSION_MINOR = @OPENSC_VERSION_MINOR@ -OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ -OPENSSL_LIBS = @OPENSSL_LIBS@ -OPTIONAL_ICONV_CFLAGS = @OPTIONAL_ICONV_CFLAGS@ -OPTIONAL_ICONV_LIBS = @OPTIONAL_ICONV_LIBS@ -OPTIONAL_OPENCT_CFLAGS = @OPTIONAL_OPENCT_CFLAGS@ -OPTIONAL_OPENCT_LIBS = @OPTIONAL_OPENCT_LIBS@ -OPTIONAL_OPENSSL_CFLAGS = @OPTIONAL_OPENSSL_CFLAGS@ -OPTIONAL_OPENSSL_LIBS = @OPTIONAL_OPENSSL_LIBS@ -OPTIONAL_PCSC_CFLAGS = @OPTIONAL_PCSC_CFLAGS@ -OPTIONAL_READLINE_CFLAGS = @OPTIONAL_READLINE_CFLAGS@ -OPTIONAL_READLINE_LIBS = @OPTIONAL_READLINE_LIBS@ -OPTIONAL_ZLIB_CFLAGS = @OPTIONAL_ZLIB_CFLAGS@ -OPTIONAL_ZLIB_LIBS = @OPTIONAL_ZLIB_LIBS@ -OTOOL = @OTOOL@ -OTOOL64 = @OTOOL64@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_URL = @PACKAGE_URL@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PCSC_CFLAGS = @PCSC_CFLAGS@ -PCSC_LIBS = @PCSC_LIBS@ -PKG_CONFIG = @PKG_CONFIG@ -PTHREAD_CC = @PTHREAD_CC@ -PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ -PTHREAD_LIBS = @PTHREAD_LIBS@ -RANLIB = @RANLIB@ -RC = @RC@ -READLINE_CFLAGS = @READLINE_CFLAGS@ -READLINE_LIBS = @READLINE_LIBS@ -SED = @SED@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -STRIP = @STRIP@ -SVN = @SVN@ -TR = @TR@ -VERSION = @VERSION@ -WGET = @WGET@ -WGET_OPTS = @WGET_OPTS@ -WIN_LIBPREFIX = @WIN_LIBPREFIX@ -XSLTPROC = @XSLTPROC@ -ZLIB_CFLAGS = @ZLIB_CFLAGS@ -ZLIB_LIBS = @ZLIB_LIBS@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -acx_pthread_config = @acx_pthread_config@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -libdir = @libdir@ -libexecdir = @libexecdir@ -localedir = @localedir@ -localstatedir = @localstatedir@ -lt_ECHO = @lt_ECHO@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -openscincludedir = @openscincludedir@ -pdfdir = @pdfdir@ -pkcs11dir = @pkcs11dir@ -pkgconfigdir = @pkgconfigdir@ -plugindir = @plugindir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ -sysconfdir = @sysconfdir@ -target_alias = @target_alias@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -xslstylesheetsdir = @xslstylesheetsdir@ -MAINTAINERCLEANFILES = \ - $(srcdir)/Makefile.in $(srcdir)/winconfig.h - -EXTRA_DIST = Makefile.mak -SUBDIRS = opensc -dist_noinst_HEADERS = winconfig.h -all: all-recursive - -.SUFFIXES: -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/include/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/include/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): -winconfig.h: $(top_builddir)/config.status $(srcdir)/winconfig.h.in - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs - -# This directory's subdirectories are mostly independent; you can cd -# into them and run `make' without going through this Makefile. -# To change the values of `make' variables: instead of editing Makefiles, -# (1) if the variable is set in `config.status', edit `config.status' -# (which will cause the Makefiles to be regenerated when you run `make'); -# (2) otherwise, pass the desired values on the `make' command line. -$(RECURSIVE_TARGETS): - @failcom='exit 1'; \ - for f in x $$MAKEFLAGS; do \ - case $$f in \ - *=* | --[!k]*);; \ - *k*) failcom='fail=yes';; \ - esac; \ - done; \ - dot_seen=no; \ - target=`echo $@ | sed s/-recursive//`; \ - list='$(SUBDIRS)'; for subdir in $$list; do \ - echo "Making $$target in $$subdir"; \ - if test "$$subdir" = "."; then \ - dot_seen=yes; \ - local_target="$$target-am"; \ - else \ - local_target="$$target"; \ - fi; \ - ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ - || eval $$failcom; \ - done; \ - if test "$$dot_seen" = "no"; then \ - $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ - fi; test -z "$$fail" - -$(RECURSIVE_CLEAN_TARGETS): - @failcom='exit 1'; \ - for f in x $$MAKEFLAGS; do \ - case $$f in \ - *=* | --[!k]*);; \ - *k*) failcom='fail=yes';; \ - esac; \ - done; \ - dot_seen=no; \ - case "$@" in \ - distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ - *) list='$(SUBDIRS)' ;; \ - esac; \ - rev=''; for subdir in $$list; do \ - if test "$$subdir" = "."; then :; else \ - rev="$$subdir $$rev"; \ - fi; \ - done; \ - rev="$$rev ."; \ - target=`echo $@ | sed s/-recursive//`; \ - for subdir in $$rev; do \ - echo "Making $$target in $$subdir"; \ - if test "$$subdir" = "."; then \ - local_target="$$target-am"; \ - else \ - local_target="$$target"; \ - fi; \ - ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ - || eval $$failcom; \ - done && test -z "$$fail" -tags-recursive: - list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ - done -ctags-recursive: - list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ - done - -ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - mkid -fID $$unique -tags: TAGS - -TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - set x; \ - here=`pwd`; \ - if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ - include_option=--etags-include; \ - empty_fix=.; \ - else \ - include_option=--include; \ - empty_fix=; \ - fi; \ - list='$(SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" = .; then :; else \ - test ! -f $$subdir/TAGS || \ - set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ - fi; \ - done; \ - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi -ctags: CTAGS -CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ - || exit 1; \ - fi; \ - done - @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" = .; then :; else \ - test -d "$(distdir)/$$subdir" \ - || $(MKDIR_P) "$(distdir)/$$subdir" \ - || exit 1; \ - fi; \ - done - @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" = .; then :; else \ - dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ - $(am__relativize); \ - new_distdir=$$reldir; \ - dir1=$$subdir; dir2="$(top_distdir)"; \ - $(am__relativize); \ - new_top_distdir=$$reldir; \ - echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ - echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ - ($(am__cd) $$subdir && \ - $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="$$new_top_distdir" \ - distdir="$$new_distdir" \ - am__remove_distdir=: \ - am__skip_length_check=: \ - am__skip_mode_fix=: \ - distdir) \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-recursive -all-am: Makefile $(HEADERS) -installdirs: installdirs-recursive -installdirs-am: -install: install-recursive -install-exec: install-exec-recursive -install-data: install-data-recursive -uninstall: uninstall-recursive - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-recursive -install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." - -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) -clean: clean-recursive - -clean-am: clean-generic clean-libtool mostlyclean-am - -distclean: distclean-recursive - -rm -f Makefile -distclean-am: clean-am distclean-generic distclean-tags - -dvi: dvi-recursive - -dvi-am: - -html: html-recursive - -html-am: - -info: info-recursive - -info-am: - -install-data-am: - -install-dvi: install-dvi-recursive - -install-dvi-am: - -install-exec-am: - -install-html: install-html-recursive - -install-html-am: - -install-info: install-info-recursive - -install-info-am: - -install-man: - -install-pdf: install-pdf-recursive - -install-pdf-am: - -install-ps: install-ps-recursive - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-recursive - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-recursive - -mostlyclean-am: mostlyclean-generic mostlyclean-libtool - -pdf: pdf-recursive - -pdf-am: - -ps: ps-recursive - -ps-am: - -uninstall-am: - -.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \ - install-am install-strip tags-recursive - -.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ - all all-am check check-am clean clean-generic clean-libtool \ - ctags ctags-recursive distclean distclean-generic \ - distclean-libtool distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am install-info \ - install-info-am install-man install-pdf install-pdf-am \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs installdirs-am maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-generic \ - mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \ - uninstall uninstall-am - - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff -Nru opensc-0.11.13/src/include/Makefile.mak opensc-0.12.1/src/include/Makefile.mak --- opensc-0.11.13/src/include/Makefile.mak 2005-12-29 12:36:28.000000000 +0000 +++ opensc-0.12.1/src/include/Makefile.mak 1970-01-01 00:00:00.000000000 +0000 @@ -1,5 +0,0 @@ - -all: config.h - -config.h: winconfig.h - @copy /y winconfig.h config.h diff -Nru opensc-0.11.13/src/include/opensc/Makefile.am opensc-0.12.1/src/include/opensc/Makefile.am --- opensc-0.11.13/src/include/opensc/Makefile.am 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/include/opensc/Makefile.am 1970-01-01 00:00:00.000000000 +0000 @@ -1,23 +0,0 @@ -MAINTAINERCLEANFILES = $(srcdir)/Makefile.in -EXTRA_DIST = svnignore - -all-local: - @-rm -f *.h - @$(LN_S) $(top_srcdir)/src/libopensc/asn1.h asn1.h - @$(LN_S) $(top_srcdir)/src/libopensc/cardctl.h cardctl.h - @$(LN_S) $(top_srcdir)/src/libopensc/cards.h cards.h - @$(LN_S) $(top_srcdir)/src/libopensc/emv.h emv.h - @$(LN_S) $(top_srcdir)/src/libopensc/errors.h errors.h - @$(LN_S) $(top_srcdir)/src/libopensc/log.h log.h - @$(LN_S) $(top_srcdir)/src/libopensc/opensc.h opensc.h - @$(LN_S) $(top_srcdir)/src/libopensc/pkcs15.h pkcs15.h - @$(LN_S) $(top_srcdir)/src/libopensc/types.h types.h - @$(LN_S) $(top_srcdir)/src/libopensc/ui.h ui.h - @$(LN_S) $(top_srcdir)/src/pkcs11/pkcs11.h pkcs11.h - @$(LN_S) $(top_srcdir)/src/pkcs11/pkcs11-opensc.h pkcs11-opensc.h - @$(LN_S) $(top_srcdir)/src/pkcs15init/keycache.h keycache.h - @$(LN_S) $(top_srcdir)/src/pkcs15init/pkcs15-init.h pkcs15-init.h - @$(LN_S) $(top_srcdir)/src/scconf/scconf.h scconf.h - -distclean-local: - -rm -f *.h diff -Nru opensc-0.11.13/src/include/opensc/Makefile.in opensc-0.12.1/src/include/opensc/Makefile.in --- opensc-0.11.13/src/include/opensc/Makefile.in 2010-02-16 09:32:18.000000000 +0000 +++ opensc-0.12.1/src/include/opensc/Makefile.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,431 +0,0 @@ -# Makefile.in generated by automake 1.11 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, -# Inc. -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ -VPATH = @srcdir@ -pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -subdir = src/include/opensc -DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/acx_pthread.m4 \ - $(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -SOURCES = -DIST_SOURCES = -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -AMTAR = @AMTAR@ -AR = @AR@ -AS = @AS@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CYGPATH_W = @CYGPATH_W@ -DEFAULT_PCSC_PROVIDER = @DEFAULT_PCSC_PROVIDER@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -DLLTOOL = @DLLTOOL@ -DSYMUTIL = @DSYMUTIL@ -DUMPBIN = @DUMPBIN@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -FGREP = @FGREP@ -GREP = @GREP@ -ICONV_CFLAGS = @ICONV_CFLAGS@ -ICONV_LIBS = @ICONV_LIBS@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -LD = @LD@ -LDFLAGS = @LDFLAGS@ -LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@ -LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@ -LIBASSUAN_LIBS = @LIBASSUAN_LIBS@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIPO = @LIPO@ -LN_S = @LN_S@ -LTLIBOBJS = @LTLIBOBJS@ -LTLIB_CFLAGS = @LTLIB_CFLAGS@ -LTLIB_LIBS = @LTLIB_LIBS@ -MAKEINFO = @MAKEINFO@ -MKDIR_P = @MKDIR_P@ -NM = @NM@ -NMEDIT = @NMEDIT@ -OBJDUMP = @OBJDUMP@ -OBJEXT = @OBJEXT@ -OPENCT_CFLAGS = @OPENCT_CFLAGS@ -OPENCT_LIBS = @OPENCT_LIBS@ -OPENSC_LT_AGE = @OPENSC_LT_AGE@ -OPENSC_LT_CURRENT = @OPENSC_LT_CURRENT@ -OPENSC_LT_OLDEST = @OPENSC_LT_OLDEST@ -OPENSC_LT_REVISION = @OPENSC_LT_REVISION@ -OPENSC_VERSION_FIX = @OPENSC_VERSION_FIX@ -OPENSC_VERSION_MAJOR = @OPENSC_VERSION_MAJOR@ -OPENSC_VERSION_MINOR = @OPENSC_VERSION_MINOR@ -OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ -OPENSSL_LIBS = @OPENSSL_LIBS@ -OPTIONAL_ICONV_CFLAGS = @OPTIONAL_ICONV_CFLAGS@ -OPTIONAL_ICONV_LIBS = @OPTIONAL_ICONV_LIBS@ -OPTIONAL_OPENCT_CFLAGS = @OPTIONAL_OPENCT_CFLAGS@ -OPTIONAL_OPENCT_LIBS = @OPTIONAL_OPENCT_LIBS@ -OPTIONAL_OPENSSL_CFLAGS = @OPTIONAL_OPENSSL_CFLAGS@ -OPTIONAL_OPENSSL_LIBS = @OPTIONAL_OPENSSL_LIBS@ -OPTIONAL_PCSC_CFLAGS = @OPTIONAL_PCSC_CFLAGS@ -OPTIONAL_READLINE_CFLAGS = @OPTIONAL_READLINE_CFLAGS@ -OPTIONAL_READLINE_LIBS = @OPTIONAL_READLINE_LIBS@ -OPTIONAL_ZLIB_CFLAGS = @OPTIONAL_ZLIB_CFLAGS@ -OPTIONAL_ZLIB_LIBS = @OPTIONAL_ZLIB_LIBS@ -OTOOL = @OTOOL@ -OTOOL64 = @OTOOL64@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_URL = @PACKAGE_URL@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PCSC_CFLAGS = @PCSC_CFLAGS@ -PCSC_LIBS = @PCSC_LIBS@ -PKG_CONFIG = @PKG_CONFIG@ -PTHREAD_CC = @PTHREAD_CC@ -PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ -PTHREAD_LIBS = @PTHREAD_LIBS@ -RANLIB = @RANLIB@ -RC = @RC@ -READLINE_CFLAGS = @READLINE_CFLAGS@ -READLINE_LIBS = @READLINE_LIBS@ -SED = @SED@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -STRIP = @STRIP@ -SVN = @SVN@ -TR = @TR@ -VERSION = @VERSION@ -WGET = @WGET@ -WGET_OPTS = @WGET_OPTS@ -WIN_LIBPREFIX = @WIN_LIBPREFIX@ -XSLTPROC = @XSLTPROC@ -ZLIB_CFLAGS = @ZLIB_CFLAGS@ -ZLIB_LIBS = @ZLIB_LIBS@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -acx_pthread_config = @acx_pthread_config@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -libdir = @libdir@ -libexecdir = @libexecdir@ -localedir = @localedir@ -localstatedir = @localstatedir@ -lt_ECHO = @lt_ECHO@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -openscincludedir = @openscincludedir@ -pdfdir = @pdfdir@ -pkcs11dir = @pkcs11dir@ -pkgconfigdir = @pkgconfigdir@ -plugindir = @plugindir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ -sysconfdir = @sysconfdir@ -target_alias = @target_alias@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -xslstylesheetsdir = @xslstylesheetsdir@ -MAINTAINERCLEANFILES = $(srcdir)/Makefile.in -EXTRA_DIST = svnignore -all: all-am - -.SUFFIXES: -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/include/opensc/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/include/opensc/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs -tags: TAGS -TAGS: - -ctags: CTAGS -CTAGS: - - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-am -all-am: Makefile all-local -installdirs: -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." - -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) -clean: clean-am - -clean-am: clean-generic clean-libtool mostlyclean-am - -distclean: distclean-am - -rm -f Makefile -distclean-am: clean-am distclean-generic distclean-local - -dvi: dvi-am - -dvi-am: - -html: html-am - -html-am: - -info: info-am - -info-am: - -install-data-am: - -install-dvi: install-dvi-am - -install-dvi-am: - -install-exec-am: - -install-html: install-html-am - -install-html-am: - -install-info: install-info-am - -install-info-am: - -install-man: - -install-pdf: install-pdf-am - -install-pdf-am: - -install-ps: install-ps-am - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-generic mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: - -.MAKE: install-am install-strip - -.PHONY: all all-am all-local check check-am clean clean-generic \ - clean-libtool distclean distclean-generic distclean-libtool \ - distclean-local distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-ps install-ps-am \ - install-strip installcheck installcheck-am installdirs \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - uninstall uninstall-am - - -all-local: - @-rm -f *.h - @$(LN_S) $(top_srcdir)/src/libopensc/asn1.h asn1.h - @$(LN_S) $(top_srcdir)/src/libopensc/cardctl.h cardctl.h - @$(LN_S) $(top_srcdir)/src/libopensc/cards.h cards.h - @$(LN_S) $(top_srcdir)/src/libopensc/emv.h emv.h - @$(LN_S) $(top_srcdir)/src/libopensc/errors.h errors.h - @$(LN_S) $(top_srcdir)/src/libopensc/log.h log.h - @$(LN_S) $(top_srcdir)/src/libopensc/opensc.h opensc.h - @$(LN_S) $(top_srcdir)/src/libopensc/pkcs15.h pkcs15.h - @$(LN_S) $(top_srcdir)/src/libopensc/types.h types.h - @$(LN_S) $(top_srcdir)/src/libopensc/ui.h ui.h - @$(LN_S) $(top_srcdir)/src/pkcs11/pkcs11.h pkcs11.h - @$(LN_S) $(top_srcdir)/src/pkcs11/pkcs11-opensc.h pkcs11-opensc.h - @$(LN_S) $(top_srcdir)/src/pkcs15init/keycache.h keycache.h - @$(LN_S) $(top_srcdir)/src/pkcs15init/pkcs15-init.h pkcs15-init.h - @$(LN_S) $(top_srcdir)/src/scconf/scconf.h scconf.h - -distclean-local: - -rm -f *.h - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff -Nru opensc-0.11.13/src/include/opensc/svnignore opensc-0.12.1/src/include/opensc/svnignore --- opensc-0.11.13/src/include/opensc/svnignore 2009-12-13 09:14:26.000000000 +0000 +++ opensc-0.12.1/src/include/opensc/svnignore 1970-01-01 00:00:00.000000000 +0000 @@ -1,3 +0,0 @@ -*.h -*.in -Makefile diff -Nru opensc-0.11.13/src/include/winconfig.h opensc-0.12.1/src/include/winconfig.h --- opensc-0.11.13/src/include/winconfig.h 2010-02-16 09:32:25.000000000 +0000 +++ opensc-0.12.1/src/include/winconfig.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,98 +0,0 @@ -#ifndef _OPENSC_WINCONFIG_H -#define _OPENSC_WINCONFIG_H - -#include -#include -#include -#include -#include - -#ifndef strcasecmp -#define strcasecmp stricmp -#endif - -#ifndef strncasecmp -#define strncasecmp strnicmp -#endif - -#ifndef snprintf -#define snprintf _snprintf -#endif - -#ifndef vsnprintf -#define vsnprintf _vsnprintf -#endif - -#ifndef isatty -#define isatty _isatty -#endif - -#ifndef strnicmp -#define strnicmp _strnicmp -#endif - -#ifndef stricmp -#define stricmp _stricmp -#endif - -#ifndef strdup -#define strdup _strdup -#endif - -#ifndef fileno -#define fileno _fileno -#endif - -#ifndef mkdir -#define mkdir _mkdir -#endif - -#ifndef access -#define access _access -#endif - -#ifndef unlink -#define unlink _unlink -#endif - -#ifndef putenv -#define putenv _putenv -#endif - -#ifndef R_OK -#define R_OK 4 /* test whether readable. */ -#define W_OK 2 /* test whether writable. */ -#define X_OK 1 /* test whether execubale. */ -#define F_OK 0 /* test whether exist. */ -#endif - -#ifndef S_IRUSR -#define S_IRUSR S_IREAD -#endif - -#ifndef S_IWUSR -#define S_IWUSR S_IWRITE -#endif - -#define HAVE_IO_H -#define ENABLE_PCSC -#define HAVE_WINSCARD_H -#define DEFAULT_PCSC_PROVIDER "winscard.dll" - -#define SC_PKCS15_PROFILE_DIRECTORY "C:\\Program Files\\OpenSC\\profiles" - -#define PATH_MAX _MAX_PATH - -#ifndef PACKAGE_VERSION -#define PACKAGE_VERSION "0.11.13" -#endif - -#ifndef PACKAGE_NAME -#define PACKAGE_NAME "opensc" -#endif - -#ifndef OPENSC_FEATURES -#define OPENSC_FEATURES "N/A" -#endif - -#endif diff -Nru opensc-0.11.13/src/include/winconfig.h.in opensc-0.12.1/src/include/winconfig.h.in --- opensc-0.11.13/src/include/winconfig.h.in 2009-12-13 09:14:26.000000000 +0000 +++ opensc-0.12.1/src/include/winconfig.h.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,98 +0,0 @@ -#ifndef _OPENSC_WINCONFIG_H -#define _OPENSC_WINCONFIG_H - -#include -#include -#include -#include -#include - -#ifndef strcasecmp -#define strcasecmp stricmp -#endif - -#ifndef strncasecmp -#define strncasecmp strnicmp -#endif - -#ifndef snprintf -#define snprintf _snprintf -#endif - -#ifndef vsnprintf -#define vsnprintf _vsnprintf -#endif - -#ifndef isatty -#define isatty _isatty -#endif - -#ifndef strnicmp -#define strnicmp _strnicmp -#endif - -#ifndef stricmp -#define stricmp _stricmp -#endif - -#ifndef strdup -#define strdup _strdup -#endif - -#ifndef fileno -#define fileno _fileno -#endif - -#ifndef mkdir -#define mkdir _mkdir -#endif - -#ifndef access -#define access _access -#endif - -#ifndef unlink -#define unlink _unlink -#endif - -#ifndef putenv -#define putenv _putenv -#endif - -#ifndef R_OK -#define R_OK 4 /* test whether readable. */ -#define W_OK 2 /* test whether writable. */ -#define X_OK 1 /* test whether execubale. */ -#define F_OK 0 /* test whether exist. */ -#endif - -#ifndef S_IRUSR -#define S_IRUSR S_IREAD -#endif - -#ifndef S_IWUSR -#define S_IWUSR S_IWRITE -#endif - -#define HAVE_IO_H -#define ENABLE_PCSC -#define HAVE_WINSCARD_H -#define DEFAULT_PCSC_PROVIDER "winscard.dll" - -#define SC_PKCS15_PROFILE_DIRECTORY "C:\\Program Files\\OpenSC\\profiles" - -#define PATH_MAX _MAX_PATH - -#ifndef PACKAGE_VERSION -#define PACKAGE_VERSION "@PACKAGE_VERSION@" -#endif - -#ifndef PACKAGE_NAME -#define PACKAGE_NAME "@PACKAGE_NAME@" -#endif - -#ifndef OPENSC_FEATURES -#define OPENSC_FEATURES "N/A" -#endif - -#endif diff -Nru opensc-0.11.13/src/libopensc/apdu.c opensc-0.12.1/src/libopensc/apdu.c --- opensc-0.11.13/src/libopensc/apdu.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/apdu.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,6 +18,8 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +#include "config.h" + #include #include #include @@ -94,26 +96,25 @@ case SC_APDU_CASE_1: /* T0 needs an additional 0x00 byte */ if (proto == SC_PROTO_T0) - *p++ = (u8)0x00; + *p = (u8)0x00; break; case SC_APDU_CASE_2_SHORT: - *p++ = (u8)apdu->le; + *p = (u8)apdu->le; break; case SC_APDU_CASE_2_EXT: if (proto == SC_PROTO_T0) /* T0 extended APDUs look just like short APDUs */ - *p++ = (u8)apdu->le; + *p = (u8)apdu->le; else { /* in case of T1 always use 3 bytes for length */ *p++ = (u8)0x00; *p++ = (u8)(apdu->le >> 8); - *p++ = (u8)apdu->le; + *p = (u8)apdu->le; } break; case SC_APDU_CASE_3_SHORT: *p++ = (u8)apdu->lc; memcpy(p, apdu->data, apdu->lc); - p += apdu->lc; break; case SC_APDU_CASE_3_EXT: if (proto == SC_PROTO_T0) { @@ -122,7 +123,8 @@ if (apdu->lc > 255) { /* ... so if Lc is greater than 255 bytes * an error has occurred on a higher level */ - sc_error(ctx, "invalid Lc length for CASE 3 " + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + "invalid Lc length for CASE 3 " "extended APDU (need ENVELOPE)"); return SC_ERROR_INVALID_ARGUMENTS; } @@ -133,7 +135,6 @@ *p++ = (u8)apdu->lc; } memcpy(p, apdu->data, apdu->lc); - p += apdu->lc; break; case SC_APDU_CASE_4_SHORT: *p++ = (u8)apdu->lc; @@ -141,7 +142,7 @@ p += apdu->lc; /* in case of T0 no Le byte is added */ if (proto != SC_PROTO_T0) - *p++ = (u8)apdu->le; + *p = (u8)apdu->le; break; case SC_APDU_CASE_4_EXT: if (proto == SC_PROTO_T0) { @@ -150,7 +151,6 @@ * transferred using ENVELOPE and GET RESPONSE */ *p++ = (u8)apdu->lc; memcpy(p, apdu->data, apdu->lc); - p += apdu->lc & 0xff; } else { *p++ = (u8)0x00; *p++ = (u8)(apdu->lc >> 8); @@ -160,7 +160,7 @@ /* only 2 bytes are use to specify the length of the * expected data */ *p++ = (u8)(apdu->le >> 8); - *p++ = (u8)apdu->le; + *p = (u8)apdu->le; } break; } @@ -168,16 +168,16 @@ return SC_SUCCESS; } -void sc_apdu_log(sc_context_t *ctx, const u8 *data, size_t len, int is_out) +void sc_apdu_log(sc_context_t *ctx, int level, const u8 *data, size_t len, int is_out) { size_t blen = len * 5 + 128; char *buf = malloc(blen); if (buf == NULL) return; - sc_hex_dump(ctx, data, len, buf, blen); + sc_hex_dump(ctx, level, data, len, buf, blen); - sc_debug(ctx, "\n%s APDU data [%5u bytes] =====================================\n" + sc_debug(ctx, level, "\n%s APDU data [%5u bytes] =====================================\n" "%s" "======================================================================\n", is_out != 0 ? "Outgoing" : "Incoming", len, @@ -200,7 +200,7 @@ return SC_ERROR_INTERNAL; nbuf = malloc(nlen); if (nbuf == NULL) - return SC_ERROR_MEMORY_FAILURE; + return SC_ERROR_OUT_OF_MEMORY; /* encode the APDU in the buffer */ if (sc_apdu2bytes(ctx, apdu, proto, nbuf, nlen) != SC_SUCCESS) return SC_ERROR_INTERNAL; @@ -215,7 +215,7 @@ { if (len < 2) { /* no SW1 SW2 ... something went terrible wrong */ - sc_error(ctx, "invalid response: SW1 SW2 missing"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "invalid response: SW1 SW2 missing"); return SC_ERROR_INTERNAL; } /* set the SW1 and SW2 status bytes (the last two bytes of @@ -267,13 +267,13 @@ { if ((apdu->cse & ~SC_APDU_SHORT_MASK) == 0) { /* length check for short APDU */ - if (apdu->le > 256 || (apdu->lc > 255 && + if (apdu->le > 256 || (apdu->lc > 255 && (apdu->flags & SC_APDU_FLAGS_CHAINING) == 0)) goto error; } else if ((apdu->cse & SC_APDU_EXT) != 0) { - /* check if the card support extended APDUs */ + /* check if the card supports extended APDUs */ if ((card->caps & SC_CARD_CAP_APDU_EXT) == 0) { - sc_error(card->ctx, "card doesn't support extended APDUs"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "card doesn't support extended APDUs"); goto error; } /* length check for extended APDU */ @@ -284,23 +284,24 @@ switch (apdu->cse & SC_APDU_SHORT_MASK) { case SC_APDU_CASE_1: - /* no data is send or received */ + /* no data is sent or received */ if (apdu->datalen != 0 || apdu->lc != 0 || apdu->le != 0) goto error; break; case SC_APDU_CASE_2_SHORT: - /* no data is send */ + /* no data is sent */ if (apdu->datalen != 0 || apdu->lc != 0) goto error; /* data is expected */ - if (apdu->le == 0 || apdu->resplen == 0 || apdu->resp == NULL) + if (apdu->resplen == 0 || apdu->resp == NULL) goto error; /* return buffer to small */ - if (apdu->resplen < apdu->le) + if ((apdu->le == 0 && apdu->resplen < SC_MAX_APDU_BUFFER_SIZE-2) + || (apdu->resplen < apdu->le)) goto error; break; case SC_APDU_CASE_3_SHORT: - /* data is send */ + /* data is sent */ if (apdu->datalen == 0 || apdu->data == NULL || apdu->lc == 0) goto error; /* no data is expected */ @@ -311,26 +312,27 @@ goto error; break; case SC_APDU_CASE_4_SHORT: - /* data is send */ + /* data is sent */ if (apdu->datalen == 0 || apdu->data == NULL || apdu->lc == 0) goto error; /* data is expected */ - if (apdu->le == 0 || apdu->resplen == 0 || apdu->resp == NULL) + if (apdu->resplen == 0 || apdu->resp == NULL) goto error; /* return buffer to small */ - if (apdu->resplen < apdu->le) + if ((apdu->le == 0 && apdu->resplen < SC_MAX_APDU_BUFFER_SIZE-2) + || (apdu->resplen < apdu->le)) goto error; /* inconsistent datalen */ if (apdu->datalen != apdu->lc) goto error; break; default: - sc_error(card->ctx, "Invalid APDU case %d\n", apdu->cse); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Invalid APDU case %d\n", apdu->cse); return SC_ERROR_INVALID_ARGUMENTS; } return SC_SUCCESS; error: - sc_error(card->ctx, "Invalid Case %d %s APDU:\n" + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Invalid Case %d %s APDU:\n" "cse=%02x cla=%02x ins=%02x p1=%02x p2=%02x lc=%lu le=%lu\n" "resp=%p resplen=%lu data=%p datalen=%lu", apdu->cse & SC_APDU_SHORT_MASK, @@ -366,7 +368,7 @@ /** Sends a single APDU to the card reader and calls * GET RESPONSE to get the return data if necessary. * @param card sc_card_t object for the smartcard - * @param apdu APDU to be send + * @param apdu APDU to be sent * @return SC_SUCCESS on success and an error value otherwise */ static int do_single_transmit(sc_card_t *card, sc_apdu_t *apdu) @@ -389,9 +391,9 @@ /* send APDU to the reader driver */ if (card->reader->ops->transmit == NULL) return SC_ERROR_NOT_SUPPORTED; - r = card->reader->ops->transmit(card->reader, card->slot, apdu); + r = card->reader->ops->transmit(card->reader, apdu); if (r != 0) { - sc_error(ctx, "unable to transmit APDU"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "unable to transmit APDU"); return r; } /* ok, the APDU was successfully transmitted. Now we have two @@ -414,15 +416,15 @@ if (card->wait_resend_apdu != 0) msleep(card->wait_resend_apdu); /* re-transmit the APDU with new Le length */ - r = card->reader->ops->transmit(card->reader, card->slot, apdu); + r = card->reader->ops->transmit(card->reader, apdu); if (r != SC_SUCCESS) { - sc_error(ctx, "unable to transmit APDU"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "unable to transmit APDU"); return r; } } else { /* we cannot re-transmit the APDU with the demanded * Le value as the buffer is too small => error */ - sc_debug(ctx, "wrong length: required length exceeds resplen"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "wrong length: required length exceeds resplen"); return SC_ERROR_WRONG_LENGTH; } } @@ -451,7 +453,7 @@ if (card->ops->get_response == NULL) { /* this should _never_ happen */ - sc_error(ctx, "no GET RESPONSE command\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "no GET RESPONSE command\n"); return SC_ERROR_NOT_SUPPORTED; } @@ -478,15 +480,21 @@ * amount of data left (== SW2) */ r = card->ops->get_response(card, &le, tbuf); if (r < 0) - SC_FUNC_RETURN(ctx, 2, r); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); if (buflen < le) - return SC_ERROR_WRONG_LENGTH; + /* copy as much as will fit in requested buffer */ + le = buflen; memcpy(buf, tbuf, le); buf += le; buflen -= le; + /* we have all the data the caller requested + * even if the card has more data */ + if (buflen == 0) + break; + minlen -= le; if (r != 0) le = minlen = (size_t)r; @@ -513,7 +521,7 @@ if (card == NULL || apdu == NULL) return SC_ERROR_INVALID_ARGUMENTS; - SC_FUNC_CALLED(card->ctx, 4); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); /* determine the APDU type if necessary, i.e. to use * short or extended APDUs */ @@ -525,15 +533,16 @@ r = sc_lock(card); /* acquire card lock*/ if (r != SC_SUCCESS) { - sc_error(card->ctx, "unable to acquire lock"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "unable to acquire lock"); return r; } if ((apdu->flags & SC_APDU_FLAGS_CHAINING) != 0) { - /* divide et impera: transmit APDU in chunks with Lc < 255 + /* divide et impera: transmit APDU in chunks with Lc <= max_send_size * bytes using command chaining */ size_t len = apdu->datalen; const u8 *buf = apdu->data; + size_t max_send_size = card->max_send_size > 0 ? card->max_send_size : 255; while (len != 0) { size_t plen; @@ -543,14 +552,14 @@ tapdu = *apdu; /* clear chaining flag */ tapdu.flags &= ~SC_APDU_FLAGS_CHAINING; - if (len > 255) { + if (len > max_send_size) { /* adjust APDU case: in case of CASE 4 APDU * the intermediate APDU are of CASE 3 */ if ((tapdu.cse & SC_APDU_SHORT_MASK) == SC_APDU_CASE_4_SHORT) tapdu.cse--; /* XXX: the chunk size must be adjusted when * secure messaging is used */ - plen = 255; + plen = max_send_size; tapdu.cla |= 0x10; tapdu.le = 0; /* the intermediate APDU don't expect data */ @@ -566,7 +575,7 @@ r = sc_check_apdu(card, &tapdu); if (r != SC_SUCCESS) { - sc_error(card->ctx, "inconsistent APDU while chaining"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "inconsistent APDU while chaining"); break; } @@ -593,7 +602,118 @@ r = do_single_transmit(card, apdu); /* all done => release lock */ if (sc_unlock(card) != SC_SUCCESS) - sc_error(card->ctx, "sc_unlock failed"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "sc_unlock failed"); return r; } + +int sc_bytes2apdu(sc_context_t *ctx, const u8 *buf, size_t len, sc_apdu_t *apdu) +{ + const u8 *p; + size_t len0; + + if (!buf || !apdu) + return SC_ERROR_INVALID_ARGUMENTS; + + len0 = len; + if (len < 4) { + sc_debug(ctx, SC_LOG_DEBUG_VERBOSE, "APDU too short (must be at least 4 bytes)"); + return SC_ERROR_INVALID_DATA; + } + + memset(apdu, 0, sizeof *apdu); + p = buf; + apdu->cla = *p++; + apdu->ins = *p++; + apdu->p1 = *p++; + apdu->p2 = *p++; + len -= 4; + if (!len) { + apdu->cse = SC_APDU_CASE_1; + } else { + if (*p == 0 && len >= 3) { + /* ...must be an extended APDU */ + p++; + if (len == 3) { + apdu->le = (*p++)<<8; + apdu->le += *p++; + if (apdu->le == 0) + apdu->le = 0xffff+1; + len -= 3; + apdu->cse = SC_APDU_CASE_2_EXT; + } else { + /* len > 3 */ + apdu->lc = (*p++)<<8; + apdu->lc += *p++; + len -= 3; + if (len < apdu->lc) { + sc_debug(ctx, SC_LOG_DEBUG_VERBOSE, "APDU too short (need %lu more bytes)\n", + (unsigned long) apdu->lc - len); + return SC_ERROR_INVALID_DATA; + } + apdu->data = p; + apdu->datalen = apdu->lc; + len -= apdu->lc; + p += apdu->lc; + if (!len) { + apdu->cse = SC_APDU_CASE_3_EXT; + } else { + /* at this point the apdu has a Lc, so Le is on 2 bytes */ + if (len < 2) { + sc_debug(ctx, SC_LOG_DEBUG_VERBOSE, "APDU too short (need 2 more bytes)\n"); + return SC_ERROR_INVALID_DATA; + } + apdu->le = (*p++)<<8; + apdu->le += *p++; + if (apdu->le == 0) + apdu->le = 0xffff+1; + len -= 2; + apdu->cse = SC_APDU_CASE_4_EXT; + } + } + } else { + /* ...must be a short APDU */ + if (len == 1) { + apdu->le = *p++; + if (apdu->le == 0) + apdu->le = 0xff+1; + len--; + apdu->cse = SC_APDU_CASE_2_SHORT; + } else { + apdu->lc = *p++; + len--; + if (len < apdu->lc) { + sc_debug(ctx, SC_LOG_DEBUG_VERBOSE, "APDU too short (need %lu more bytes)\n", + (unsigned long) apdu->lc - len); + return SC_ERROR_INVALID_DATA; + } + apdu->data = p; + apdu->datalen = apdu->lc; + len -= apdu->lc; + p += apdu->lc; + if (!len) { + apdu->cse = SC_APDU_CASE_3_SHORT; + } else { + apdu->le = *p++; + if (apdu->le == 0) + apdu->le = 0xff+1; + len--; + apdu->cse = SC_APDU_CASE_4_SHORT; + + } + } + } + if (len) { + sc_debug(ctx, SC_LOG_DEBUG_VERBOSE, "APDU too long (%lu bytes extra)\n", + (unsigned long) len); + return SC_ERROR_INVALID_DATA; + } + } + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Case %d %s APDU, %lu bytes:\tins=%02x p1=%02x p2=%02x lc=%04x le=%04x", + apdu->cse & SC_APDU_SHORT_MASK, + (apdu->cse & SC_APDU_EXT) != 0 ? "extended" : "short", + (unsigned long) len0, apdu->ins, apdu->p1, apdu->p2, apdu->lc, apdu->le); + + return SC_SUCCESS; +} diff -Nru opensc-0.11.13/src/libopensc/asn1.c opensc-0.12.1/src/libopensc/asn1.c --- opensc-0.11.13/src/libopensc/asn1.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/asn1.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,14 +18,17 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" -#include "asn1.h" +#include "config.h" + #include #include #include #include #include +#include "internal.h" +#include "asn1.h" + static int asn1_decode(sc_context_t *ctx, struct sc_asn1_entry *asn1, const u8 *in, size_t len, const u8 **newp, size_t *len_left, int choice, int depth); @@ -166,6 +169,17 @@ printf("%lld", a); } +static void sc_asn1_print_boolean(const u8 * buf, size_t buflen) +{ + if (!buflen) + return; + + if (buf[0]) + printf("true"); + else + printf("false"); +} + static void sc_asn1_print_bit_string(const u8 * buf, size_t buflen) { #ifndef _WIN32 @@ -278,9 +292,19 @@ case SC_ASN1_TAG_UTF8STRING: sc_asn1_print_utf8string(tagp, len); break; + case SC_ASN1_TAG_BOOLEAN: + sc_asn1_print_boolean(tagp, len); + break; } printf("]"); } + + if ((cla & SC_ASN1_TAG_CLASS) == SC_ASN1_TAG_APPLICATION) + printf(" [%s]", sc_dump_hex(tagp, len)); + + if ((cla & SC_ASN1_TAG_CLASS) == SC_ASN1_TAG_CONTEXT) + printf(" [%s]", sc_dump_hex(tagp, len)); + putchar('\n'); } return; @@ -307,7 +331,7 @@ if (sc_asn1_read_tag(&p, left, &cla, &tag, &taglen) != SC_SUCCESS) return NULL; if (left < (size_t)(p - buf)) { - sc_error(ctx, "invalid TLV object\n"); + sc_debug(ctx, SC_LOG_DEBUG_ASN1, "invalid TLV object\n"); return NULL; } left -= (p - buf); @@ -327,7 +351,7 @@ } /* otherwise continue reading tags */ if (left < taglen) { - sc_error(ctx, "invalid TLV object\n"); + sc_debug(ctx, SC_LOG_DEBUG_ASN1, "invalid TLV object\n"); return NULL; } left -= taglen; @@ -373,7 +397,7 @@ return NULL; len -= (p - *buf); /* header size */ if (taglen > len) { - sc_error(ctx, "too long ASN.1 object (size %d while only %d available)\n", + sc_debug(ctx, SC_LOG_DEBUG_ASN1, "too long ASN.1 object (size %d while only %d available)\n", taglen, len); return NULL; } @@ -451,7 +475,7 @@ int skipped = 0; bytes = (bits_left + 7)/8 + 1; - *outbuf = out = (u8 *) malloc(bytes); + *outbuf = out = malloc(bytes); if (out == NULL) return SC_ERROR_OUT_OF_MEMORY; *outlen = bytes; @@ -558,7 +582,7 @@ skip_sign = 0; skip_zero= 1; } - *obj = p = (u8 *) malloc(sizeof(in)+1); + *obj = p = malloc(sizeof(in)+1); if (*obj == NULL) return SC_ERROR_OUT_OF_MEMORY; do { @@ -635,15 +659,21 @@ return 0; } -static int sc_asn1_encode_object_id(u8 **buf, size_t *buflen, +int sc_asn1_encode_object_id(u8 **buf, size_t *buflen, const struct sc_object_id *id) { u8 temp[SC_MAX_OBJECT_ID_OCTETS*5], *p = temp; size_t count = 0; int i; - const int *value = (const int *) id->value; + int value[SC_MAX_OBJECT_ID_OCTETS]; + + /* set the unused ID part to '-1' */ + memcpy(value, &id->value[0], sizeof(value)); + for (i = SC_MAX_OBJECT_ID_OCTETS - 1; i>=0; i--) + if (!value[i]) + value[i] = -1; - for (i = 0; value[i] > 0 && i < SC_MAX_OBJECT_ID_OCTETS; i++) { + for (i = 0; i < SC_MAX_OBJECT_ID_OCTETS && value[i] >= 0; i++) { unsigned int k, shift; k = value[i]; @@ -674,7 +704,7 @@ /* an OID must have at least two components */ return SC_ERROR_INVALID_ARGUMENTS; *buflen = count = p - temp; - *buf = (u8 *) malloc(count); + *buf = malloc(count); if (!*buf) return SC_ERROR_OUT_OF_MEMORY; memcpy(*buf, temp, count); @@ -717,15 +747,33 @@ static int asn1_write_element(sc_context_t *ctx, unsigned int tag, const u8 * data, size_t datalen, u8 ** out, size_t * outlen) { - u8 t; - u8 *buf, *p; + unsigned char t; + unsigned char *buf, *p; int c = 0; + unsigned short_tag; + unsigned char tag_char[3] = {0, 0, 0}; + size_t tag_len, ii; - t = tag & 0x1F; - if (t != (tag & SC_ASN1_TAG_MASK)) { - sc_error(ctx, "Long tags not supported\n"); - return SC_ERROR_INVALID_ARGUMENTS; + short_tag = tag & SC_ASN1_TAG_MASK; + for (tag_len = 0; short_tag >> (8 * tag_len); tag_len++) + tag_char[tag_len] = (short_tag >> (8 * tag_len)) & 0xFF; + if (!tag_len) + tag_len = 1; + + if (tag_len > 1) { + if ((tag_char[tag_len - 1] & SC_ASN1_TAG_PRIMITIVE) != SC_ASN1_TAG_ESCAPE_MARKER) + SC_TEST_RET(ctx, SC_LOG_DEBUG_ASN1, SC_ERROR_INVALID_DATA, "First byte of the long tag is not 'escape marker'"); + + for (ii = 1; ii < tag_len - 1; ii++) + if (!(tag_char[ii] & 0x80)) + SC_TEST_RET(ctx, SC_LOG_DEBUG_ASN1, SC_ERROR_INVALID_DATA, "MS bit expected to be 'one'"); + + if (tag_char[0] & 0x80) + SC_TEST_RET(ctx, SC_LOG_DEBUG_ASN1, SC_ERROR_INVALID_DATA, "MS bit of the last byte expected to be 'zero'"); } + + t = tag_char[tag_len - 1] & 0x1F; + switch (tag & SC_ASN1_CLASS_MASK) { case SC_ASN1_UNI: break; @@ -746,27 +794,45 @@ while (datalen >> (c << 3)) c++; } - *outlen = 2 + c + datalen; - buf = (u8 *) malloc(*outlen); + + *outlen = tag_len + 1 + c + datalen; + buf = malloc(*outlen); if (buf == NULL) - SC_FUNC_RETURN(ctx, 1, SC_ERROR_OUT_OF_MEMORY); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_ASN1, SC_ERROR_OUT_OF_MEMORY); + *out = p = buf; *p++ = t; + for (ii=1;ii> (c << 3)) & 0xFF; - } else + } + else { *p++ = datalen & 0x7F; + } memcpy(p, data, datalen); - return 0; + return SC_SUCCESS; } -static const struct sc_asn1_entry c_asn1_path[4] = { - { "path", SC_ASN1_OCTET_STRING, SC_ASN1_TAG_OCTET_STRING, 0, NULL, NULL }, +static const struct sc_asn1_entry c_asn1_path_ext[3] = { + { "aid", SC_ASN1_OCTET_STRING, SC_ASN1_APP | 0x0F, 0, NULL, NULL }, + { "path", SC_ASN1_OCTET_STRING, SC_ASN1_TAG_OCTET_STRING, 0, NULL, NULL }, + { NULL, 0, 0, 0, NULL, NULL } +}; +static const struct sc_asn1_entry c_asn1_path[5] = { + { "path", SC_ASN1_OCTET_STRING, SC_ASN1_TAG_OCTET_STRING, SC_ASN1_OPTIONAL, NULL, NULL }, { "index", SC_ASN1_INTEGER, SC_ASN1_TAG_INTEGER, SC_ASN1_OPTIONAL, NULL, NULL }, { "length", SC_ASN1_INTEGER, SC_ASN1_CTX | 0, SC_ASN1_OPTIONAL, NULL, NULL }, +/* For some multi-applications PKCS#15 card the ODF records can hold the references to + * the xDF files and objects placed elsewhere then under the application DF of the ODF itself. + * In such a case the 'path' ASN1 data includes also the ID of the target application (AID). + * This path extension do not make a part of PKCS#15 standard. + */ + { "pathExtended", SC_ASN1_STRUCT, SC_ASN1_CTX | 1 | SC_ASN1_CONS, SC_ASN1_OPTIONAL, NULL, NULL }, { NULL, 0, 0, 0, NULL, NULL } }; @@ -774,40 +840,75 @@ sc_path_t *path, int depth) { int idx, count, r; - struct sc_asn1_entry asn1_path[4]; + struct sc_asn1_entry asn1_path_ext[3], asn1_path[5]; + unsigned char path_value[SC_MAX_PATH_SIZE], aid_value[SC_MAX_AID_SIZE]; + size_t path_len = sizeof(path_value), aid_len = sizeof(aid_value); + memset(path, 0, sizeof(struct sc_path)); + + sc_copy_asn1_entry(c_asn1_path_ext, asn1_path_ext); sc_copy_asn1_entry(c_asn1_path, asn1_path); - sc_format_asn1_entry(asn1_path + 0, &path->value, &path->len, 0); + + sc_format_asn1_entry(asn1_path_ext + 0, aid_value, &aid_len, 0); + sc_format_asn1_entry(asn1_path_ext + 1, path_value, &path_len, 0); + + sc_format_asn1_entry(asn1_path + 0, path_value, &path_len, 0); sc_format_asn1_entry(asn1_path + 1, &idx, NULL, 0); sc_format_asn1_entry(asn1_path + 2, &count, NULL, 0); - path->len = SC_MAX_PATH_SIZE; + sc_format_asn1_entry(asn1_path + 3, asn1_path_ext, NULL, 0); + r = asn1_decode(ctx, asn1_path, in, len, NULL, NULL, 0, depth + 1); if (r) return r; + + if (asn1_path[3].flags & SC_ASN1_PRESENT) { + /* extended path present: set 'path' and 'aid' */ + memcpy(path->aid.value, aid_value, aid_len); + path->aid.len = aid_len; + + memcpy(path->value, path_value, path_len); + path->len = path_len; + } + else if (asn1_path[0].flags & SC_ASN1_PRESENT) { + /* path present: set 'path' */ + memcpy(path->value, path_value, path_len); + path->len = path_len; + } + else { + /* failed if both 'path' and 'pathExtended' are absent */ + return SC_ERROR_ASN1_OBJECT_NOT_FOUND; + } + if (path->len == 2) path->type = SC_PATH_TYPE_FILE_ID; + else if (path->aid.len && path->len > 2) + path->type = SC_PATH_TYPE_FROM_CURRENT; else path->type = SC_PATH_TYPE_PATH; - if ((asn1_path[1].flags & SC_ASN1_PRESENT) - && (asn1_path[2].flags & SC_ASN1_PRESENT)) { + + if ((asn1_path[1].flags & SC_ASN1_PRESENT) && (asn1_path[2].flags & SC_ASN1_PRESENT)) { path->index = idx; path->count = count; - } else { + } + else { path->index = 0; path->count = -1; } - return 0; + + return SC_SUCCESS; } static int asn1_encode_path(sc_context_t *ctx, const sc_path_t *path, - u8 **buf, size_t *bufsize, int depth) + u8 **buf, size_t *bufsize, int depth, unsigned int parent_flags) { int r; - struct sc_asn1_entry asn1_path[4]; + struct sc_asn1_entry asn1_path[5]; sc_path_t tpath = *path; sc_copy_asn1_entry(c_asn1_path, asn1_path); sc_format_asn1_entry(asn1_path + 0, (void *) &tpath.value, (void *) &tpath.len, 1); + + asn1_path[0].flags |= parent_flags; if (path->count > 0) { sc_format_asn1_entry(asn1_path + 1, (void *) &tpath.index, NULL, 1); sc_format_asn1_entry(asn1_path + 2, (void *) &tpath.count, NULL, 1); @@ -849,11 +950,11 @@ goto err; } - si->aid_len = sizeof(si->aid); + si->aid.len = sizeof(si->aid.value); sc_copy_asn1_entry(c_asn1_se_info, asn1_se_info); sc_format_asn1_entry(asn1_se_info + 0, &si->se, NULL, 0); sc_format_asn1_entry(asn1_se_info + 1, &si->owner, NULL, 0); - sc_format_asn1_entry(asn1_se_info + 2, &si->aid, &si->aid_len, 0); + sc_format_asn1_entry(asn1_se_info + 2, &si->aid.value, &si->aid.len, 0); ret = asn1_decode(ctx, asn1_se_info, p, plen, &p, &plen, 0, depth+1); if (ret != SC_SUCCESS) { free(si); @@ -888,6 +989,28 @@ return ret; } + +static const struct sc_asn1_entry c_asn1_access_control_rule[3] = { + { "accessMode", SC_ASN1_BIT_FIELD, SC_ASN1_TAG_BIT_STRING, SC_ASN1_OPTIONAL, NULL, NULL }, + { "securityCondition", SC_ASN1_PKCS15_ID, SC_ASN1_TAG_OCTET_STRING, SC_ASN1_OPTIONAL, NULL, NULL }, + { NULL, 0, 0, 0, NULL, NULL } +}; + +/* + * in src/libopensc/pkcs15.h SC_PKCS15_MAX_ACCESS_RULES defined as 8 + */ +static const struct sc_asn1_entry c_asn1_access_control_rules[SC_PKCS15_MAX_ACCESS_RULES + 1] = { + { "accessControlRule", SC_ASN1_STRUCT, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, SC_ASN1_OPTIONAL, NULL, NULL }, + { "accessControlRule", SC_ASN1_STRUCT, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, SC_ASN1_OPTIONAL, NULL, NULL }, + { "accessControlRule", SC_ASN1_STRUCT, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, SC_ASN1_OPTIONAL, NULL, NULL }, + { "accessControlRule", SC_ASN1_STRUCT, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, SC_ASN1_OPTIONAL, NULL, NULL }, + { "accessControlRule", SC_ASN1_STRUCT, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, SC_ASN1_OPTIONAL, NULL, NULL }, + { "accessControlRule", SC_ASN1_STRUCT, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, SC_ASN1_OPTIONAL, NULL, NULL }, + { "accessControlRule", SC_ASN1_STRUCT, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, SC_ASN1_OPTIONAL, NULL, NULL }, + { "accessControlRule", SC_ASN1_STRUCT, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, SC_ASN1_OPTIONAL, NULL, NULL }, + { NULL, 0, 0, 0, NULL, NULL } +}; + static const struct sc_asn1_entry c_asn1_com_obj_attr[6] = { { "label", SC_ASN1_UTF8STRING, SC_ASN1_TAG_UTF8STRING, SC_ASN1_OPTIONAL, NULL, NULL }, { "flags", SC_ASN1_BIT_FIELD, SC_ASN1_TAG_BIT_STRING, SC_ASN1_OPTIONAL, NULL, NULL }, @@ -909,11 +1032,18 @@ size_t len, struct sc_asn1_pkcs15_object *obj, int depth) { - int r; struct sc_pkcs15_object *p15_obj = obj->p15_obj; struct sc_asn1_entry asn1_c_attr[6], asn1_p15_obj[5]; + struct sc_asn1_entry asn1_ac_rules[SC_PKCS15_MAX_ACCESS_RULES + 1], asn1_ac_rule[SC_PKCS15_MAX_ACCESS_RULES][3]; size_t flags_len = sizeof(p15_obj->flags); size_t label_len = sizeof(p15_obj->label); + size_t access_mode_len = sizeof(p15_obj->access_rules[0].access_mode); + int r, ii; + + for (ii=0; iiflags, &flags_len, 0); sc_format_asn1_entry(asn1_c_attr + 2, &p15_obj->auth_id, NULL, 0); sc_format_asn1_entry(asn1_c_attr + 3, &p15_obj->user_consent, NULL, 0); - /* FIXME: encode accessControlRules */ - sc_format_asn1_entry(asn1_c_attr + 4, NULL, NULL, 0); + + for (ii=0; iiaccess_rules[ii].access_mode, &access_mode_len, 0); + sc_format_asn1_entry(asn1_ac_rule[ii] + 1, &p15_obj->access_rules[ii].auth_id, NULL, 0); + sc_format_asn1_entry(asn1_ac_rules + ii, asn1_ac_rule[ii], NULL, 0); + } + sc_format_asn1_entry(asn1_c_attr + 4, asn1_ac_rules, NULL, 0); + sc_format_asn1_entry(asn1_p15_obj + 0, asn1_c_attr, NULL, 0); sc_format_asn1_entry(asn1_p15_obj + 1, obj->asn1_class_attr, NULL, 0); sc_format_asn1_entry(asn1_p15_obj + 2, obj->asn1_subclass_attr, NULL, 0); @@ -935,11 +1071,25 @@ static int asn1_encode_p15_object(sc_context_t *ctx, const struct sc_asn1_pkcs15_object *obj, u8 **buf, size_t *bufsize, int depth) { - int r; struct sc_pkcs15_object p15_obj = *obj->p15_obj; struct sc_asn1_entry asn1_c_attr[6], asn1_p15_obj[5]; + struct sc_asn1_entry asn1_ac_rules[SC_PKCS15_MAX_ACCESS_RULES + 1], asn1_ac_rule[SC_PKCS15_MAX_ACCESS_RULES][3]; size_t label_len = strlen(p15_obj.label); size_t flags_len; + size_t access_mode_len; + int r, ii; + + sc_debug(ctx, SC_LOG_DEBUG_ASN1, "encode p15 obj(type:0x%X,access_mode:0x%X)", p15_obj.type, p15_obj.access_rules[0].access_mode); + if (p15_obj.access_rules[0].access_mode) { + for (ii=0; iiasn1_class_attr, NULL, 1); if (obj->asn1_subclass_attr != NULL) @@ -973,10 +1133,9 @@ size_t *len = (size_t *) entry->arg; int r = 0; - *(void **)(&callback_func) = parm; + callback_func = parm; - if (ctx->debug >= 3) - sc_debug(ctx, "%*.*sdecoding '%s'\n", depth, depth, "", entry->name); + sc_debug(ctx, SC_LOG_DEBUG_ASN1, "%*.*sdecoding '%s'\n", depth, depth, "", entry->name); switch (entry->type) { case SC_ASN1_STRUCT: @@ -989,7 +1148,7 @@ case SC_ASN1_BOOLEAN: if (parm != NULL) { if (objlen != 1) { - sc_error(ctx, "invalid ASN.1 object length: %d\n", objlen); + sc_debug(ctx, SC_LOG_DEBUG_ASN1, "invalid ASN.1 object length: %d\n", objlen); r = SC_ERROR_INVALID_ASN1_OBJECT; } else *((int *) parm) = obj[0] ? 1 : 0; @@ -997,11 +1156,11 @@ break; case SC_ASN1_INTEGER: case SC_ASN1_ENUMERATED: - if (parm != NULL) + if (parm != NULL) { r = sc_asn1_decode_integer(obj, objlen, (int *) entry->parm); - if (ctx->debug >= 6) - sc_debug(ctx, "%*.*sdecoding '%s' returned %d\n", depth, depth, "", entry->name, *((int *) entry->parm)); - + sc_debug(ctx, SC_LOG_DEBUG_ASN1, "%*.*sdecoding '%s' returned %d\n", depth, depth, "", + entry->name, *((int *) entry->parm)); + } break; case SC_ASN1_BIT_STRING_NI: case SC_ASN1_BIT_STRING: @@ -1014,7 +1173,7 @@ } if (entry->flags & SC_ASN1_ALLOC) { u8 **buf = (u8 **) parm; - *buf = (u8 *) malloc(objlen-1); + *buf = malloc(objlen-1); if (*buf == NULL) { r = SC_ERROR_OUT_OF_MEMORY; break; @@ -1048,7 +1207,7 @@ /* Allocate buffer if needed */ if (entry->flags & SC_ASN1_ALLOC) { u8 **buf = (u8 **) parm; - *buf = (u8 *) malloc(objlen); + *buf = malloc(objlen); if (*buf == NULL) { r = SC_ERROR_OUT_OF_MEMORY; break; @@ -1068,7 +1227,7 @@ assert(len != NULL); if (entry->flags & SC_ASN1_ALLOC) { u8 **buf = (u8 **) parm; - *buf = (u8 *) malloc(objlen); + *buf = malloc(objlen); if (*buf == NULL) { r = SC_ERROR_OUT_OF_MEMORY; break; @@ -1092,7 +1251,7 @@ assert(len != NULL); if (entry->flags & SC_ASN1_ALLOC) { u8 **buf = (u8 **) parm; - *buf = (u8 *) malloc(objlen+1); + *buf = malloc(objlen+1); if (*buf == NULL) { r = SC_ERROR_OUT_OF_MEMORY; break; @@ -1136,11 +1295,11 @@ r = callback_func(ctx, entry->arg, obj, objlen, depth); break; default: - sc_error(ctx, "invalid ASN.1 type: %d\n", entry->type); + sc_debug(ctx, SC_LOG_DEBUG_ASN1, "invalid ASN.1 type: %d\n", entry->type); return SC_ERROR_INVALID_ASN1_OBJECT; } if (r) { - sc_error(ctx, "decoding of ASN.1 object '%s' failed: %s\n", entry->name, + sc_debug(ctx, SC_LOG_DEBUG_ASN1, "decoding of ASN.1 object '%s' failed: %s\n", entry->name, sc_strerror(r)); return r; } @@ -1157,8 +1316,7 @@ struct sc_asn1_entry *entry = asn1; size_t left = len, objlen; - if (ctx->debug >= 3) - sc_debug(ctx, "%*.*scalled, left=%u, depth %d%s\n", + sc_debug(ctx, SC_LOG_DEBUG_ASN1, "%*.*scalled, left=%u, depth %d%s\n", depth, depth, "", left, depth, choice ? ", choice" : ""); @@ -1170,7 +1328,7 @@ * to complain about */ if (asn1->name == NULL) return 0; - sc_error(ctx, "End of ASN.1 stream, " + sc_debug(ctx, SC_LOG_DEBUG_ASN1, "End of ASN.1 stream, " "non-optional field \"%s\" not found\n", asn1->name); return SC_ERROR_ASN1_OBJECT_NOT_FOUND; @@ -1180,14 +1338,11 @@ for (idx = 0; asn1[idx].name != NULL; idx++) { entry = &asn1[idx]; - r = 0; - if (ctx->debug >= 3) { - sc_debug(ctx, "Looking for '%s', tag 0x%x%s%s\n", - entry->name, entry->tag, - choice? ", CHOICE" : "", - (entry->flags & SC_ASN1_OPTIONAL)? ", OPTIONAL": ""); - } + sc_debug(ctx, SC_LOG_DEBUG_ASN1, + "Looking for '%s', tag 0x%x%s%s\n", + entry->name, entry->tag, choice? ", CHOICE" : "", + (entry->flags & SC_ASN1_OPTIONAL)? ", OPTIONAL": ""); /* Special case CHOICE has no tag */ if (entry->type == SC_ASN1_CHOICE) { @@ -1201,14 +1356,13 @@ obj = sc_asn1_skip_tag(ctx, &p, &left, entry->tag, &objlen); if (obj == NULL) { - if (ctx->debug >= 3) - sc_debug(ctx, "not present\n"); + sc_debug(ctx, SC_LOG_DEBUG_ASN1, "not present\n"); if (choice) continue; if (entry->flags & SC_ASN1_OPTIONAL) continue; - sc_error(ctx, "mandatory ASN.1 object '%s' not found\n", entry->name); - if (ctx->debug && left) { + sc_debug(ctx, SC_LOG_DEBUG_ASN1, "mandatory ASN.1 object '%s' not found\n", entry->name); + if (left) { u8 line[128], *linep = line; size_t i; @@ -1217,9 +1371,9 @@ sprintf((char *) linep, "%02X ", p[i]); linep += 3; } - sc_debug(ctx, "next tag: %s\n", line); + sc_debug(ctx, SC_LOG_DEBUG_ASN1, "next tag: %s\n", line); } - SC_FUNC_RETURN(ctx, 3, SC_ERROR_ASN1_OBJECT_NOT_FOUND); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_ASN1, SC_ERROR_ASN1_OBJECT_NOT_FOUND); } r = asn1_decode_entry(ctx, entry, obj, objlen, depth); @@ -1230,14 +1384,14 @@ break; } if (choice && asn1[idx].name == NULL) /* No match */ - SC_FUNC_RETURN(ctx, 3, SC_ERROR_ASN1_OBJECT_NOT_FOUND); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_ASN1, SC_ERROR_ASN1_OBJECT_NOT_FOUND); if (newp != NULL) *newp = p; if (len_left != NULL) *len_left = left; if (choice) - SC_FUNC_RETURN(ctx, 3, idx); - SC_FUNC_RETURN(ctx, 3, 0); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_ASN1, idx); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_ASN1, 0); } int sc_asn1_decode(sc_context_t *ctx, struct sc_asn1_entry *asn1, @@ -1263,19 +1417,16 @@ u8 * buf = NULL; size_t buflen = 0; - *(void **)(&callback_func) = parm; + callback_func = parm; - if (ctx->debug >= 3) - sc_debug(ctx, "%*.*sencoding '%s'%s\n", - depth, depth, "", - entry->name, - (entry->flags & SC_ASN1_PRESENT)? "" : " (not present)"); + sc_debug(ctx, SC_LOG_DEBUG_ASN1, "%*.*sencoding '%s'%s\n", + depth, depth, "", entry->name, + (entry->flags & SC_ASN1_PRESENT)? "" : " (not present)"); if (!(entry->flags & SC_ASN1_PRESENT)) goto no_object; - if (ctx->debug >= 6) - sc_debug(ctx, "%*.*stype=%d, tag=0x%02x, parm=%p, len=%u\n", - depth, depth, "", - entry->type, entry->tag, parm, len? *len : 0); + sc_debug(ctx, SC_LOG_DEBUG_ASN1, "%*.*stype=%d, tag=0x%02x, parm=%p, len=%u\n", + depth, depth, "", + entry->type, entry->tag, parm, len? *len : 0); if (entry->type == SC_ASN1_CHOICE) { const struct sc_asn1_entry *list, *choice = NULL; @@ -1284,7 +1435,7 @@ while (list->name != NULL) { if (list->flags & SC_ASN1_PRESENT) { if (choice) { - sc_error(ctx, + sc_debug(ctx, SC_LOG_DEBUG_ASN1, "ASN.1 problem: more than " "one CHOICE when encoding %s: " "%s and %s both present\n", @@ -1303,7 +1454,7 @@ } if (entry->type != SC_ASN1_NULL && parm == NULL) { - sc_error(ctx, "unexpected parm == NULL\n"); + sc_debug(ctx, SC_LOG_DEBUG_ASN1, "unexpected parm == NULL\n"); return SC_ERROR_INVALID_ASN1_OBJECT; } @@ -1317,7 +1468,7 @@ buflen = 0; break; case SC_ASN1_BOOLEAN: - buf = (u8 *) malloc(1); + buf = malloc(1); if (buf == NULL) { r = SC_ERROR_OUT_OF_MEMORY; break; @@ -1345,7 +1496,7 @@ case SC_ASN1_OCTET_STRING: case SC_ASN1_UTF8STRING: assert(len != NULL); - buf = (u8 *) malloc(*len + 1); + buf = malloc(*len + 1); if (buf == NULL) { r = SC_ERROR_OUT_OF_MEMORY; break; @@ -1362,7 +1513,7 @@ break; case SC_ASN1_GENERALIZEDTIME: assert(len != NULL); - buf = (u8 *) malloc(*len); + buf = malloc(*len); if (buf == NULL) { r = SC_ERROR_OUT_OF_MEMORY; break; @@ -1374,13 +1525,13 @@ r = sc_asn1_encode_object_id(&buf, &buflen, (struct sc_object_id *) parm); break; case SC_ASN1_PATH: - r = asn1_encode_path(ctx, (const sc_path_t *) parm, &buf, &buflen, depth); + r = asn1_encode_path(ctx, (const sc_path_t *) parm, &buf, &buflen, depth, entry->flags); break; case SC_ASN1_PKCS15_ID: { const struct sc_pkcs15_id *id = (const struct sc_pkcs15_id *) parm; - buf = (u8 *) malloc(id->len); + buf = malloc(id->len); if (buf == NULL) { r = SC_ERROR_OUT_OF_MEMORY; break; @@ -1399,11 +1550,11 @@ r = callback_func(ctx, entry->arg, &buf, &buflen, depth); break; default: - sc_error(ctx, "invalid ASN.1 type: %d\n", entry->type); + sc_debug(ctx, SC_LOG_DEBUG_ASN1, "invalid ASN.1 type: %d\n", entry->type); return SC_ERROR_INVALID_ASN1_OBJECT; } if (r) { - sc_error(ctx, "encoding of ASN.1 object '%s' failed: %s\n", entry->name, + sc_debug(ctx, SC_LOG_DEBUG_ASN1, "encoding of ASN.1 object '%s' failed: %s\n", entry->name, sc_strerror(r)); if (buf) free(buf); @@ -1428,24 +1579,30 @@ *obj = NULL; *objlen = 0; r = 0; + } else if (!buflen && (entry->flags & SC_ASN1_EMPTY_ALLOWED)) { + *obj = NULL; + *objlen = 0; + r = asn1_write_element(ctx, entry->tag, buf, buflen, obj, objlen); + if (r) + sc_debug(ctx, SC_LOG_DEBUG_ASN1, "error writing ASN.1 tag and length: %s\n", sc_strerror(r)); } else if (buflen || entry->type == SC_ASN1_NULL || entry->tag & SC_ASN1_CONS) { r = asn1_write_element(ctx, entry->tag, buf, buflen, obj, objlen); if (r) - sc_error(ctx, "error writing ASN.1 tag and length: %s\n", + sc_debug(ctx, SC_LOG_DEBUG_ASN1, "error writing ASN.1 tag and length: %s\n", sc_strerror(r)); } else if (!(entry->flags & SC_ASN1_PRESENT)) { - sc_error(ctx, "cannot encode non-optional ASN.1 object: not given by caller\n"); + sc_debug(ctx, SC_LOG_DEBUG_ASN1, "cannot encode non-optional ASN.1 object: not given by caller\n"); r = SC_ERROR_INVALID_ASN1_OBJECT; } else { - sc_error(ctx, "cannot encode empty non-optional ASN.1 object\n"); + sc_debug(ctx, SC_LOG_DEBUG_ASN1, "cannot encode empty non-optional ASN.1 object\n"); r = SC_ERROR_INVALID_ASN1_OBJECT; } if (buf) free(buf); - if (r >= 0 && ctx->debug >= 3) - sc_debug(ctx, "%*.*slength of encoded item=%u\n", depth, depth, "", *objlen); + if (r >= 0) + sc_debug(ctx, SC_LOG_DEBUG_ASN1, "%*.*slength of encoded item=%u\n", depth, depth, "", *objlen); return r; } @@ -1508,23 +1665,37 @@ return asn1_decode(ctx, asn1, in, len, newp, left, choice, depth); } -void +int sc_der_copy(sc_pkcs15_der_t *dst, const sc_pkcs15_der_t *src) { memset(dst, 0, sizeof(*dst)); if (src->len) { - dst->value = (u8 *) malloc(src->len); + dst->value = malloc(src->len); if (!dst->value) - return; + return SC_ERROR_OUT_OF_MEMORY; dst->len = src->len; memcpy(dst->value, src->value, src->len); } + return SC_SUCCESS; } -void -sc_der_clear(sc_pkcs15_der_t *der) +int +sc_encode_oid (struct sc_context *ctx, struct sc_object_id *id, + unsigned char **out, size_t *size) { - if (der->value) - free(der->value); - memset(der, 0, sizeof(*der)); + static const struct sc_asn1_entry c_asn1_object_id[2] = { + { "oid", SC_ASN1_OBJECT, SC_ASN1_TAG_OBJECT, SC_ASN1_ALLOC, NULL, NULL }, + { NULL, 0, 0, 0, NULL, NULL } + }; + struct sc_asn1_entry asn1_object_id[2]; + int rv; + + sc_copy_asn1_entry(c_asn1_object_id, asn1_object_id); + sc_format_asn1_entry(asn1_object_id + 0, id, NULL, 1); + + rv = _sc_asn1_encode(ctx, asn1_object_id, out, size, 1); + LOG_TEST_RET(ctx, rv, "Cannot encode object ID"); + + return SC_SUCCESS; } + diff -Nru opensc-0.11.13/src/libopensc/asn1.h opensc-0.12.1/src/libopensc/asn1.h --- opensc-0.11.13/src/libopensc/asn1.h 2009-12-13 07:44:43.000000000 +0000 +++ opensc-0.12.1/src/libopensc/asn1.h 2011-05-17 17:07:00.000000000 +0000 @@ -25,8 +25,8 @@ extern "C" { #endif -#include -#include +#include "libopensc/opensc.h" +#include "libopensc/pkcs15.h" struct sc_asn1_entry { const char *name; @@ -99,6 +99,8 @@ int sc_asn1_decode_integer(const u8 * inbuf, size_t inlen, int *out); int sc_asn1_decode_object_id(const u8 * inbuf, size_t inlen, struct sc_object_id *id); +int sc_asn1_encode_object_id(u8 **buf, size_t *buflen, + const struct sc_object_id *id); /* algorithm encoding/decoding */ int sc_asn1_decode_algorithm_id(struct sc_context *, @@ -122,6 +124,7 @@ #define SC_ASN1_OPTIONAL 0x00000002 #define SC_ASN1_ALLOC 0x00000004 #define SC_ASN1_UNSIGNED 0x00000008 +#define SC_ASN1_EMPTY_ALLOWED 0x00000010 #define SC_ASN1_BOOLEAN 1 #define SC_ASN1_INTEGER 2 @@ -190,6 +193,7 @@ #define SC_ASN1_TAG_GENERALSTRING 27 #define SC_ASN1_TAG_UNIVERSALSTRING 28 #define SC_ASN1_TAG_BMPSTRING 30 +#define SC_ASN1_TAG_ESCAPE_MARKER 31 #ifdef __cplusplus } diff -Nru opensc-0.11.13/src/libopensc/authentic.h opensc-0.12.1/src/libopensc/authentic.h --- opensc-0.11.13/src/libopensc/authentic.h 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/libopensc/authentic.h 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,153 @@ +/* + * authentic.h: Specific definitions for the Oberthur's card + * 'COSMO v7' with applet 'AuthentIC v3' + * + * Copyright (C) 2010 Viktor Tarasov + * OpenTrust + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifndef _OPENSC_AUTHENTIC_V3_H +#define _OPENSC_AUTHENTIC_V3_H + +#include "libopensc/errors.h" +#include "libopensc/types.h" +#include "libopensc/iso7816.h" + +#ifndef CKM_RSA_PKCS + #define CKM_RSA_PKCS 0x00000001 + #define CKM_SHA1_RSA_PKCS 0x00000006 + #define CKM_SHA256_RSA_PKCS 0x00000040 + #define CKM_SHA_1 0x00000220 + #define CKM_SHA256 0x00000250 +#endif + +#define AUTHENTIC_V3_CREDENTIAL_ID_MASK 7 + +#define AUTHENTIC_V3_CRYPTO_OBJECT_REF_MIN 0x81 +#define AUTHENTIC_V3_CRYPTO_OBJECT_REF_MAX 0xFF + +#define _MAKE_AUTHENTIC_MAGIC(a, b, c, d) (((a) << 24) | ((b) << 16) | ((c) << 8) | ((d))) + +#define AUTHENTIC_SDO_MAGIC _MAKE_AUTHENTIC_MAGIC('A', 'W', 'S', 'D') +#define AUTHENTIC_SDO_MAGIC_UPDATE _MAKE_AUTHENTIC_MAGIC('A', 'W', 'U', 'D') +#define AUTHENTIC_SDO_MAGIC_UPDATE_RSA _MAKE_AUTHENTIC_MAGIC('A', 'W', 'U', 'R') + +#define AUTHENTIC_OBJECT_REF_FLAG_LOCAL 0x80 + +#define AUTHENTIC_MECH_CREDENTIAL_PIN 0x00 +#define AUTHENTIC_MECH_CREDENTIAL_BIO 0x01 +#define AUTHENTIC_MECH_CREDENTIAL_DES 0x02 +#define AUTHENTIC_MECH_CREDENTIAL_2DES 0x03 +#define AUTHENTIC_MECH_CREDENTIAL_3DES 0x04 +#define AUTHENTIC_MECH_CREDENTIAL_AES128 0x05 +#define AUTHENTIC_MECH_CREDENTIAL_AES192 0x06 +#define AUTHENTIC_MECH_CREDENTIAL_AES256 0x07 + +#define AUTHENTIC_MECH_CRYPTO_DES 0x02 +#define AUTHENTIC_MECH_CRYPTO_2DES 0x03 +#define AUTHENTIC_MECH_CRYPTO_3DES 0x04 +#define AUTHENTIC_MECH_CRYPTO_AES128 0x05 +#define AUTHENTIC_MECH_CRYPTO_AES192 0x06 +#define AUTHENTIC_MECH_CRYPTO_AES256 0x07 +#define AUTHENTIC_MECH_CRYPTO_RSA1024 0x08 +#define AUTHENTIC_MECH_CRYPTO_RSA1280 0x09 +#define AUTHENTIC_MECH_CRYPTO_RSA1536 0x0A +#define AUTHENTIC_MECH_CRYPTO_RSA1792 0x0B +#define AUTHENTIC_MECH_CRYPTO_RSA2048 0x0C + +#define AUTHENTIC_TAG_DOCP 0xA1 +#define AUTHENTIC_TAG_DOCP_MECH 0x80 +#define AUTHENTIC_TAG_DOCP_ID 0x83 +#define AUTHENTIC_TAG_DOCP_ACLS 0x86 +#define AUTHENTIC_TAG_DOCP_SCP 0x87 +#define AUTHENTIC_TAG_DOCP_USAGE_COUNTER 0x90 + +#define AUTHENTIC_TAG_RSA 0xA5 + +#define AUTHENTIC_TAG_RSA_PRIVATE 0x7F48 +#define AUTHENTIC_TAG_RSA_PRIVATE_P 0x92 +#define AUTHENTIC_TAG_RSA_PRIVATE_Q 0x93 +#define AUTHENTIC_TAG_RSA_PRIVATE_PQ 0x94 +#define AUTHENTIC_TAG_RSA_PRIVATE_DP1 0x95 +#define AUTHENTIC_TAG_RSA_PRIVATE_DQ1 0x96 + +#define AUTHENTIC_TAG_RSA_PUBLIC 0x7F49 +#define AUTHENTIC_TAG_RSA_PUBLIC_MODULUS 0x81 +#define AUTHENTIC_TAG_RSA_PUBLIC_EXPONENT 0x82 + +#define AUTHENTIC_TAG_RSA_GENERATE_DATA 0xAC + +#define AUTHENTIC_TAG_CREDENTIAL 0x5F00 +#define AUTHENTIC_TAG_CREDENTIAL_TRYLIMIT 0x91 +#define AUTHENTIC_TAG_CREDENTIAL_PINPOLICY 0xA1 +#define AUTHENTIC_TAG_CREDENTIAL_PINPOLICY_MAXLENGTH 0x83 +#define AUTHENTIC_TAG_CREDENTIAL_PINPOLICY_MINLENGTH 0x84 +#define AUTHENTIC_TAG_CREDENTIAL_PINPOLICY_COMPLEXITY 0x85 + +#define AUTHENTIC_ALGORITHM_RSA_PKCS1 0x11 +#define AUTHENTIC_ALGORITHM_RSA_X509 0x12 +#define AUTHENTIC_ALGORITHM_RSA_OAEP 0x13 +#define AUTHENTIC_ALGORITHM_RSA_ISO9796 0x14 + +#define AUTHENTIC_TAG_CRT_AT 0xA4 +#define AUTHENTIC_TAG_CRT_HT 0xAA +#define AUTHENTIC_TAG_CRT_CCT 0xB4 +#define AUTHENTIC_TAG_CRT_DST 0xB6 +#define AUTHENTIC_TAG_CRT_CT 0xB8 + +#define AUTHENTIC_ACL_NUM_PIN_VERIFY 0 +#define AUTHENTIC_ACL_NUM_PIN_RESET 1 +#define AUTHENTIC_ACL_NUM_PIN_CHANGE 2 +#define AUTHENTIC_ACL_NUM_PIN_MODIFY 3 +#define AUTHENTIC_ACL_NUM_PIN_DELETE 4 + +/* SM related macros */ +#define AUTHENTIC_AC_SM_MASK 0x60 + +#define AUTHENTIC_GP_SM_LEVEL_MASK 0x6000 +#define AUTHENTIC_GP_SM_LEVEL_PLAIN 0x2000 +#define AUTHENTIC_GP_SM_LEVEL_MAC 0x4000 +#define AUTHENTIC_GP_SM_LEVEL_ENC_MAC 0x6000 + +/* + * DOCP (Data Object Control Parameters) + * Common holder for the all DOCP types. + */ +struct sc_authentic_sdo_docp { + unsigned char mech; /* Crypto Mechanism ID */ + unsigned char id; /* Data Object ID */ + unsigned char security_parameter; /* Security Control Parameter */ + unsigned char velocity_limit, try_limit; + + unsigned char acl_data[16]; /* Encoded AuthentIC ACL data */ + size_t acl_data_len; + + unsigned char usage_counter[2]; +}; + +struct sc_authentic_sdo { + struct sc_authentic_sdo_docp docp; + union { + struct sc_pkcs15_prkey *prvkey; + } data; + + struct sc_file *file; + + unsigned magic; +}; + +#endif diff -Nru opensc-0.11.13/src/libopensc/base64.c opensc-0.12.1/src/libopensc/base64.c --- opensc-0.11.13/src/libopensc/base64.c 2009-12-13 07:44:43.000000000 +0000 +++ opensc-0.12.1/src/libopensc/base64.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,12 +18,15 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" +#include "config.h" + #include #include #include #include +#include "internal.h" + static const u8 base64_table[66] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" "0123456789+/="; diff -Nru opensc-0.11.13/src/libopensc/card-acos5.c opensc-0.12.1/src/libopensc/card-acos5.c --- opensc-0.11.13/src/libopensc/card-acos5.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/card-acos5.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,7 +18,10 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +#include "config.h" + #include + #include "internal.h" #include "cardctl.h" @@ -54,19 +57,15 @@ return SC_SUCCESS; } -static int acos5_finish(sc_card_t * card) -{ - return SC_SUCCESS; -} - static int acos5_select_file_by_path(sc_card_t * card, const sc_path_t * in_path, sc_file_t ** file_out) { int in_len = in_path->len; const u8 *in_pos = in_path->value; - sc_path_t path; + + memset(&path, 0, sizeof(sc_path_t)); path.len = 2; /* one component at a time */ path.type = SC_PATH_TYPE_FILE_ID; @@ -133,15 +132,15 @@ apdu.resplen = sizeof(rbuf); apdu.le = 6; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00) return SC_ERROR_INTERNAL; /* * Cache serial number. */ - memcpy(card->serialnr.value, apdu.resp, apdu.resplen); - card->serialnr.len = apdu.resplen; + memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR)); + card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR); /* * Copy and return serial number. @@ -183,7 +182,7 @@ sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x14, 0x01, 0x00); apdu.cla |= 0x80; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 != 0x90) return SC_ERROR_INTERNAL; count = apdu.sw2; @@ -204,7 +203,7 @@ apdu.resplen = sizeof(info); apdu.le = sizeof(info); r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00) return SC_ERROR_INTERNAL; @@ -225,7 +224,6 @@ acos5_ops.match_card = acos5_match_card; acos5_ops.init = acos5_init; - acos5_ops.finish = acos5_finish; acos5_ops.select_file = acos5_select_file; acos5_ops.card_ctl = acos5_card_ctl; acos5_ops.list_files = acos5_list_files; diff -Nru opensc-0.11.13/src/libopensc/card-akis.c opensc-0.12.1/src/libopensc/card-akis.c --- opensc-0.11.13/src/libopensc/card-akis.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/card-akis.c 2011-05-17 17:07:00.000000000 +0000 @@ -19,6 +19,8 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +#include "config.h" + #include #include @@ -63,10 +65,8 @@ card->name = "AKIS"; card->cla = 0x00; card->max_pin_len = 16; - if (card->max_recv_size > 244) - card->max_recv_size = 244; - if (card->max_send_size > 244) - card->max_send_size = 244; + card->max_recv_size = 244; + card->max_send_size = 244; flags = SC_ALGORITHM_RSA_RAW | SC_ALGORITHM_RSA_PAD_PKCS1; _sc_card_add_rsa_alg(card, 2048, flags, 0); @@ -91,16 +91,16 @@ apdu->le = 256; r = sc_transmit_apdu(card, apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu->sw1, apdu->sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); if (file_out == NULL) return 0; file = sc_file_new(); if (file == NULL) - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_OUT_OF_MEMORY); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); r = card->ops->process_fci(card, file, apdu->resp + 2, apdu->resp[1]); if (r) { @@ -124,7 +124,7 @@ */ r = select_file(card, &apdu, path, path->len == 2 ? 0 : 8, file_out); - SC_TEST_RET(card->ctx, r, "Unable to select DF"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Unable to select DF"); return 0; } else if (path->type == SC_PATH_TYPE_FILE_ID) { /* AKIS differentiates between EF and DF files @@ -134,7 +134,7 @@ if (r) r = select_file(card, &apdu, path, 0, file_out); - SC_TEST_RET(card->ctx, r, "Unable to select DF"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Unable to select DF"); return 0; } else { return iso_ops->select_file(card, path, file_out); @@ -159,16 +159,16 @@ apdu.resp = rbuf; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "DIRECTORY command returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "DIRECTORY command returned error"); left = apdu.resplen; p = rbuf; while (left > 19) { if (p[0] != 0x2f && p[0] != 0x3d) { - sc_error(card->ctx, "Malformatted list reply %02x", p[0]); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Malformatted list reply %02x", p[0]); return SC_ERROR_INTERNAL; } if (buflen >= 2) { @@ -183,7 +183,7 @@ } r = fids; - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } static int @@ -202,7 +202,7 @@ */ p = sc_asn1_find_tag(card->ctx, buf, buflen, 0x90, &len); if (p == NULL) { - sc_error(card->ctx, "Security tag missing"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Security tag missing"); return SC_ERROR_INTERNAL; } perms = p[0]; @@ -272,7 +272,7 @@ type = 0x45; break; default: - sc_error(card->ctx, "This EF structure is not supported yet"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "This EF structure is not supported yet"); return SC_ERROR_NOT_SUPPORTED; } apdu.p1 = type; @@ -284,12 +284,12 @@ } else if (file->type == SC_FILE_TYPE_DF) { apdu.ins = 0x10; } else { - sc_error(card->ctx, "Unknown file type"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unknown file type"); return SC_ERROR_NOT_SUPPORTED; } r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); return sc_check_sw(card, apdu.sw1, apdu.sw2); } @@ -317,8 +317,8 @@ type = 0x08; break; default: - sc_error(card->ctx, "File type has to be FID or PATH"); - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "File type has to be FID or PATH"); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS); } sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x16, type, 0x00); apdu.cla = 0x80; @@ -327,7 +327,7 @@ apdu.data = buf; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); return sc_check_sw(card, apdu.sw1, apdu.sw2); } @@ -354,7 +354,6 @@ p1 = 1; } sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x24, p1, p2); - apdu.sensitive = 1; buf[0] = data->pin1.len; memcpy(buf+1, data->pin1.data, data->pin1.len); @@ -367,12 +366,12 @@ apdu.lc = apdu.datalen; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); return r; } - sc_error(card->ctx, "Other pin cmds not supported yet"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Other pin cmds not supported yet"); return SC_ERROR_NOT_SUPPORTED; } @@ -388,7 +387,7 @@ apdu.le = len; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); return r; } @@ -407,7 +406,7 @@ /* read serial number */ r = akis_get_data(card, 6, system_buffer, 0x4D); - SC_TEST_RET(card->ctx, r, "GET_DATA failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "GET_DATA failed"); card->serialnr.len = 12; memcpy(card->serialnr.value, system_buffer+55, 12); @@ -424,7 +423,7 @@ u8 memory[10]; r = akis_get_data(card, 4, memory, 10); - SC_TEST_RET(card->ctx, r, "GET_DATA failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "GET_DATA failed"); switch(memory[6]) { case 0xA0: @@ -461,7 +460,7 @@ apdu.cla = 0x80; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); return r; } @@ -495,7 +494,7 @@ ref = env->key_ref[0]; sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x22, 0xC3, ref); r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); return r; } @@ -511,7 +510,7 @@ sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x1A, 0, 0); apdu.cla = 0x80; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); return r; } diff -Nru opensc-0.11.13/src/libopensc/card-asepcos.c opensc-0.12.1/src/libopensc/card-asepcos.c --- opensc-0.11.13/src/libopensc/card-asepcos.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/card-asepcos.c 2011-05-17 17:07:00.000000000 +0000 @@ -16,10 +16,12 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" +#include "config.h" + #include #include +#include "internal.h" #include "asn1.h" #include "cardctl.h" @@ -39,11 +41,6 @@ { NULL, NULL, NULL, 0, 0, NULL } }; -static int asepcos_finish(sc_card_t *card) -{ - return SC_SUCCESS; -} - static int asepcos_match_card(sc_card_t *card) { int i = _sc_match_atr(card, asepcos_atrs, &card->type); @@ -58,13 +55,15 @@ sc_path_t tpath; int r; + memset(&tpath, 0, sizeof(sc_path_t)); + tpath.type = SC_PATH_TYPE_DF_NAME; tpath.len = sizeof(asepcos_aid); memcpy(tpath.value, asepcos_aid, sizeof(asepcos_aid)); r = sc_select_file(card, &tpath, NULL); if (r != SC_SUCCESS) { - sc_error(card->ctx, "unable to select ASEPCOS applet"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "unable to select ASEPCOS applet"); return r; } @@ -97,9 +96,7 @@ _sc_card_add_rsa_alg(card, 1792, flags, 0); _sc_card_add_rsa_alg(card, 2048, flags, 0); - card->caps |= SC_CARD_CAP_RSA_2048 - | SC_CARD_CAP_APDU_EXT - | SC_CARD_CAP_USE_FCI_AC; + card->caps |= SC_CARD_CAP_APDU_EXT | SC_CARD_CAP_USE_FCI_AC; return SC_SUCCESS; } @@ -140,6 +137,12 @@ unsigned int meth) { const amode_entry_t *table; + + /* CHV with reference '0' is the trasport PIN + * and is presented as 'AUT' key with reference '0'*/ + if (meth == SC_AC_CHV && ac == 0) + meth = SC_AC_AUT; + if (file->type == SC_FILE_TYPE_DF) table = df_amode_table; else if (file->type == SC_FILE_TYPE_WORKING_EF) @@ -165,7 +168,7 @@ while (len != 0) { unsigned int amode, tlen = 3; if (len < 5 && p[0] != 0x80 && p[1] != 0x01) { - sc_error(card->ctx, "invalid access mode encoding"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "invalid access mode encoding"); return SC_ERROR_INTERNAL; } amode = p[2]; @@ -192,7 +195,7 @@ return r; tlen += 2 + p[4]; /* FIXME */ } else { - sc_error(card->ctx, "invalid security condition"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "invalid security condition"); return SC_ERROR_INTERNAL; } p += tlen; @@ -247,7 +250,7 @@ apdu.le = 256; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00) return sc_check_sw(card, apdu.sw1, apdu.sw2); return asepcos_tlvpath_to_scpath(path, apdu.resp, apdu.resplen); @@ -262,7 +265,7 @@ int r; sc_path_t npath = *in_path; - SC_FUNC_CALLED(card->ctx, 2); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); if (in_path->type == SC_PATH_TYPE_PATH) { /* check the current DF to avoid unnecessary re-selection of @@ -303,12 +306,12 @@ if (file != NULL && *file != NULL) if ((*file)->ef_structure == SC_FILE_EF_UNKNOWN) (*file)->ef_structure = SC_FILE_EF_TRANSPARENT; - if (r == SC_SUCCESS && file != NULL) { + if (r == SC_SUCCESS && file != NULL && *file != NULL) { r = asepcos_parse_sec_attr(card, *file, (*file)->sec_attr, (*file)->sec_attr_len); if (r != SC_SUCCESS) - sc_error(card->ctx, "error parsing security attributes"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "error parsing security attributes"); } - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } static int asepcos_set_security_env(sc_card_t *card, @@ -322,7 +325,7 @@ u8 sbuf[SC_MAX_APDU_BUFFER_SIZE], *p = sbuf; int r, locked = 0; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x22, 0, 0); switch (env->operation) { case SC_SEC_OPERATION_DECIPHER: @@ -353,18 +356,20 @@ apdu.data = sbuf; if (se_num > 0) { r = sc_lock(card); - SC_TEST_RET(card->ctx, r, "sc_lock() failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "sc_lock() failed"); locked = 1; } if (apdu.datalen != 0) { r = sc_transmit_apdu(card, &apdu); if (r) { - sc_perror(card->ctx, r, "APDU transmit failed"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "%s: APDU transmit failed", sc_strerror(r)); goto err; } r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (r) { - sc_perror(card->ctx, r, "Card returned error"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "%s: Card returned error", sc_strerror(r)); goto err; } } @@ -373,7 +378,7 @@ sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x22, 0xF2, se_num); r = sc_transmit_apdu(card, &apdu); sc_unlock(card); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); return sc_check_sw(card, apdu.sw1, apdu.sw2); err: if (locked) @@ -402,7 +407,7 @@ apdu.data = sbuf; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.resplen != 4) return SC_ERROR_INTERNAL; @@ -426,7 +431,7 @@ apdu.datalen = len; apdu.data = data; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); return sc_check_sw(card, apdu.sw1, apdu.sw2); } @@ -436,7 +441,7 @@ { size_t i; const amode_entry_t *table; - u8 buf[64], *p = buf; + u8 buf[64], *p; int r = SC_SUCCESS; /* first check wether the security attributes in encoded form @@ -482,7 +487,7 @@ *p++ = (st.fileid >> 8 ) & 0xff; *p++ = st.fileid & 0xff; } else { - sc_error(card->ctx, "unknow auth method: '%d'", ent->method); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "unknow auth method: '%d'", ent->method); return SC_ERROR_INTERNAL; } } @@ -498,7 +503,7 @@ int r; sc_apdu_t apdu; - SC_FUNC_CALLED(card->ctx, 2); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); /* call RSA ENCRYPT DECRYPT for the decipher operation */ sc_format_apdu(card, &apdu, SC_APDU_CASE_4, 0x14, 0x01, 0x00); @@ -509,15 +514,14 @@ * to tell the card the we want everything available (note: we * always have Le <= crgram_len) */ apdu.le = (outlen >= 256 && crgram_len < 256) ? 256 : outlen; - apdu.sensitive = 1; apdu.data = crgram; apdu.lc = crgram_len; apdu.datalen = crgram_len; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00) - SC_FUNC_RETURN(card->ctx, 2, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); return apdu.resplen; } @@ -532,7 +536,7 @@ u8 rbuf[SC_MAX_APDU_BUFFER_SIZE]; sc_apdu_t apdu; - SC_FUNC_CALLED(card->ctx, 2); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); if (datalen >= 256) atype = SC_APDU_CASE_4_EXT; @@ -548,9 +552,9 @@ apdu.le = 256; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00) { - sc_error(card->ctx, "error creating signature"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "error creating signature"); return sc_check_sw(card, apdu.sw1, apdu.sw2); } @@ -576,7 +580,7 @@ apdu.datalen = 2; apdu.data = sbuf; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); return sc_check_sw(card, apdu.sw1, apdu.sw2); } @@ -618,7 +622,7 @@ apdu.data = sbuf; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00) return sc_check_sw(card, apdu.sw1, apdu.sw2); @@ -628,7 +632,7 @@ /* set security attributes */ r = asepcos_set_security_attributes(card, file); if (r != SC_SUCCESS) { - sc_error(card->ctx, "unable to set security attributes"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "unable to set security attributes"); return r; } return SC_SUCCESS; @@ -667,14 +671,14 @@ apdu.datalen = p - sbuf; apdu.data = sbuf; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00) return sc_check_sw(card, apdu.sw1, apdu.sw2); /* set security attributes */ r = asepcos_set_security_attributes(card, file); if (r != SC_SUCCESS) { - sc_error(card->ctx, "unable to set security attributes"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "unable to set security attributes"); return r; } return asepcos_activate_file(card, file->id, 1); @@ -695,13 +699,13 @@ apdu.data = file->prop_attr; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00) return sc_check_sw(card, apdu.sw1, apdu.sw2); /* set security attributes */ r = asepcos_set_security_attributes(card, file); if (r != SC_SUCCESS) { - sc_error(card->ctx, "unable to set security attributes"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "unable to set security attributes"); return r; } return asepcos_activate_file(card, file->id, 1); @@ -735,7 +739,7 @@ return r; if (tfile->prop_attr_len != 6 || tfile->prop_attr == NULL) { sc_file_free(tfile); - sc_error(card->ctx, "unable to parse proprietary FCI attributes"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "unable to parse proprietary FCI attributes"); return SC_ERROR_INTERNAL; } dfFID = (tfile->prop_attr[2] << 8) | tfile->prop_attr[3]; @@ -809,7 +813,7 @@ apdu.resplen = sizeof(buf); apdu.resp = buf; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00) { /* looks like a EF */ atype = SC_APDU_CASE_3_SHORT; @@ -830,7 +834,7 @@ } r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); return sc_check_sw(card, apdu.sw1, apdu.sw2); } @@ -861,11 +865,11 @@ apdu.resplen = sizeof(rbuf); apdu.le = 256; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00) return SC_ERROR_INTERNAL; if (apdu.resplen != 8) { - sc_debug(card->ctx, "unexpected response to GET DATA serial number\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "unexpected response to GET DATA serial number\n"); return SC_ERROR_INTERNAL; } /* cache serial number */ @@ -892,7 +896,7 @@ apdu.data = p->data; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); return sc_check_sw(card, apdu.sw1, apdu.sw2); } @@ -990,9 +994,6 @@ default: return SC_ERROR_NOT_SUPPORTED; } - /* all PIN related APDUs are sensitive */ - apdu->sensitive = 1; - return SC_SUCCESS; } @@ -1008,28 +1009,35 @@ if (tries_left) *tries_left = -1; + /* only PIN verification is supported at the moment */ - if (pdata->pin_type != SC_AC_CHV && pdata->pin_type != SC_AC_AUT) - return SC_ERROR_INVALID_ARGUMENTS; + /* check PIN length */ if (pdata->pin1.len < 4 || pdata->pin1.len > 16) { - sc_error(card->ctx, "invalid PIN1 length"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "invalid PIN1 length"); return SC_ERROR_INVALID_PIN_LENGTH; } switch (pdata->cmd) { case SC_PIN_CMD_VERIFY: + if (pdata->pin_type != SC_AC_CHV && pdata->pin_type != SC_AC_AUT) + return SC_ERROR_INVALID_ARGUMENTS; + /* 'AUT' key is the transport PIN and should have reference '0' */ + if (pdata->pin_type == SC_AC_AUT && pdata->pin_reference) + return SC_ERROR_INVALID_ARGUMENTS; /* build verify APDU and send it to the card */ r = asepcos_build_pin_apdu(card, &apdu, pdata, sbuf, sizeof(sbuf), SC_PIN_CMD_VERIFY, 0); if (r != SC_SUCCESS) break; r = sc_transmit_apdu(card, &apdu); if (r != SC_SUCCESS) - sc_error(card->ctx, "APDU transmit failed"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "APDU transmit failed"); break; case SC_PIN_CMD_CHANGE: + if (pdata->pin_type != SC_AC_CHV) + return SC_ERROR_INVALID_ARGUMENTS; if (pdata->pin2.len < 4 || pdata->pin2.len > 16) { - sc_error(card->ctx, "invalid PIN2 length"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "invalid PIN2 length"); return SC_ERROR_INVALID_PIN_LENGTH; } /* 1. step: verify the old pin */ @@ -1038,7 +1046,7 @@ break; r = sc_transmit_apdu(card, &apdu); if (r != SC_SUCCESS) { - sc_error(card->ctx, "APDU transmit failed"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "APDU transmit failed"); break; } if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00) { @@ -1052,12 +1060,14 @@ break; r = sc_transmit_apdu(card, &apdu); if (r != SC_SUCCESS) - sc_error(card->ctx, "APDU transmit failed"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); break; case SC_PIN_CMD_UNBLOCK: + if (pdata->pin_type != SC_AC_CHV) + return SC_ERROR_INVALID_ARGUMENTS; if (pdata->pin2.len < 4 || pdata->pin2.len > 16) { - sc_error(card->ctx, "invalid PIN2 length"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "invalid PIN2 length"); return SC_ERROR_INVALID_PIN_LENGTH; } /* 1. step: verify the puk */ @@ -1066,7 +1076,7 @@ break; r = sc_transmit_apdu(card, &apdu); if (r != SC_SUCCESS) { - sc_error(card->ctx, "APDU transmit failed"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "APDU transmit failed"); break; } /* 2, step: unblock and change the pin */ @@ -1075,13 +1085,13 @@ break; r = sc_transmit_apdu(card, &apdu); if (r != SC_SUCCESS) { - sc_error(card->ctx, "APDU transmit failed"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "APDU transmit failed"); break; } r = sc_check_sw(card, apdu.sw1, apdu.sw2); break; default: - sc_error(card->ctx, "error: unknow cmd type"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "error: unknow cmd type"); return SC_ERROR_INTERNAL; } /* Clear the buffer - it may contain pins */ @@ -1102,7 +1112,6 @@ asepcos_ops = *iso_ops; asepcos_ops.match_card = asepcos_match_card; asepcos_ops.init = asepcos_init; - asepcos_ops.finish = asepcos_finish; asepcos_ops.select_file = asepcos_select_file; asepcos_ops.set_security_env = asepcos_set_security_env; asepcos_ops.decipher = asepcos_decipher; diff -Nru opensc-0.11.13/src/libopensc/card-atrust-acos.c opensc-0.12.1/src/libopensc/card-atrust-acos.c --- opensc-0.11.13/src/libopensc/card-atrust-acos.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/card-atrust-acos.c 2011-05-17 17:07:00.000000000 +0000 @@ -20,11 +20,14 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +#include "config.h" + +#include +#include + #include "internal.h" #include "asn1.h" #include "cardctl.h" -#include -#include /*****************************************************************************/ @@ -58,7 +61,7 @@ NULL, 0, NULL }; -/* internal structure to save the current security enviroment */ +/* internal structure to save the current security environment */ typedef struct atrust_acos_ex_data_st { int sec_ops; /* the currently selected security operation, * i.e. SC_SEC_OPERATION_AUTHENTICATE etc. */ @@ -82,9 +85,9 @@ continue; /* we may only verify part of ATR since */ /* part of the hist chars is variable */ - if (len > card->atr_len) + if (len > card->atr.len) continue; - if (memcmp(card->atr, defatr, len) != 0) + if (memcmp(card->atr.value, defatr, len) != 0) continue; match = 1; @@ -102,7 +105,7 @@ unsigned int flags; atrust_acos_ex_data *ex_data; - ex_data = (atrust_acos_ex_data *) calloc(1, sizeof(atrust_acos_ex_data)); + ex_data = calloc(1, sizeof(atrust_acos_ex_data)); if (ex_data == NULL) return SC_ERROR_OUT_OF_MEMORY; @@ -124,10 +127,8 @@ _sc_card_add_rsa_alg(card, 1536, flags, 0x10001); /* we need read_binary&friends with max 128 bytes per read */ - if (card->max_send_size > 128) - card->max_send_size = 128; - if (card->max_recv_size > 128) - card->max_recv_size = 128; + card->max_send_size = 128; + card->max_recv_size = 128; return 0; } @@ -150,8 +151,7 @@ size_t taglen, len = buflen; const u8 *tag = NULL, *p; - if (ctx->debug >= 3) - sc_debug(ctx, "processing FCI bytes\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "processing FCI bytes\n"); if (buflen < 2) return SC_ERROR_INTERNAL; @@ -173,8 +173,7 @@ tag = sc_asn1_find_tag(ctx, p, len, 0x80, &taglen); if (tag != NULL && taglen >= 2) { int bytes = (tag[0] << 8) + tag[1]; - if (ctx->debug >= 3) - sc_debug(ctx, " bytes in file: %d\n", bytes); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, " bytes in file: %d\n", bytes); file->size = bytes; } @@ -223,10 +222,8 @@ } } - if (ctx->debug >= 3) { - sc_debug(ctx, " type: %s\n", type); - sc_debug(ctx, " EF structure: %s\n", structure); - } + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, " type: %s\n", type); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, " EF structure: %s\n", structure); } file->magic = SC_FILE_MAGIC; @@ -250,11 +247,11 @@ apdu.resplen = 0; apdu.le = 0; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); /* check return value */ if (!(apdu.sw1 == 0x90 && apdu.sw2 == 0x00) && apdu.sw1 != 0x61 ) - SC_FUNC_RETURN(card->ctx, 2, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); /* update cache */ card->cache.current_path.type = SC_PATH_TYPE_DF_NAME; @@ -264,7 +261,7 @@ if (file_out) { sc_file_t *file = sc_file_new(); if (!file) - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_OUT_OF_MEMORY); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); file->type = SC_FILE_TYPE_DF; file->ef_structure = SC_FILE_EF_UNKNOWN; file->path.len = 0; @@ -277,7 +274,7 @@ file->magic = SC_FILE_MAGIC; *file_out = file; } - SC_FUNC_RETURN(card->ctx, 2, SC_SUCCESS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_SUCCESS); } /*****************************************************************************/ @@ -301,7 +298,7 @@ apdu.datalen = 2; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.p2 == 0x00 && apdu.sw1 == 0x62 && apdu.sw2 == 0x84 ) { /* no FCI => we have a DF (see comment in process_fci()) */ @@ -311,7 +308,7 @@ apdu.resplen = 0; apdu.le = 0; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU re-transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU re-transmit failed"); } else if (apdu.sw1 == 0x61 || (apdu.sw1 == 0x90 && apdu.sw2 == 0x00)) { /* SELECT returned some data (possible FCI) => * try a READ BINARY to see if a EF is selected */ @@ -323,14 +320,14 @@ apdu2.le = 1; apdu2.lc = 0; r = sc_transmit_apdu(card, &apdu2); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu2.sw1 == 0x69 && apdu2.sw2 == 0x86) /* no current EF is selected => we have a DF */ bIsDF = 1; } if (apdu.sw1 != 0x61 && (apdu.sw1 != 0x90 || apdu.sw2 != 0x00)) - SC_FUNC_RETURN(card->ctx, 2, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); /* update cache */ if (bIsDF) { @@ -349,7 +346,7 @@ if (file_out) { sc_file_t *file = sc_file_new(); if (!file) - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_OUT_OF_MEMORY); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); file->id = (id_hi << 8) + id_lo; file->path = card->cache.current_path; @@ -374,7 +371,7 @@ } } - SC_FUNC_RETURN(card->ctx, 2, SC_SUCCESS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_SUCCESS); } /*****************************************************************************/ @@ -386,19 +383,18 @@ u8 pathbuf[SC_MAX_PATH_SIZE], *path = pathbuf; int r; size_t i, pathlen; + char pbuf[SC_MAX_PATH_STRING_SIZE]; - if (card->ctx->debug >= 4) { - char pbuf[SC_MAX_PATH_STRING_SIZE]; - r = sc_path_print(pbuf, sizeof(pbuf), &card->cache.current_path); - if (r != SC_SUCCESS) - pbuf[0] = '\0'; - - sc_debug(card->ctx, "current path (%s, %s): %s (len: %u)\n", - (card->cache.current_path.type==SC_PATH_TYPE_DF_NAME?"aid":"path"), - (card->cache_valid?"valid":"invalid"), pbuf, - card->cache.current_path.len); - } + r = sc_path_print(pbuf, sizeof(pbuf), &card->cache.current_path); + if (r != SC_SUCCESS) + pbuf[0] = '\0'; + + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "current path (%s, %s): %s (len: %u)\n", + (card->cache.current_path.type==SC_PATH_TYPE_DF_NAME?"aid":"path"), + (card->cache.valid?"valid":"invalid"), pbuf, + card->cache.current_path.len); memcpy(path, in_path->value, in_path->len); pathlen = in_path->len; @@ -407,20 +403,19 @@ { /* SELECT EF/DF with ID */ /* Select with 2byte File-ID */ if (pathlen != 2) - SC_FUNC_RETURN(card->ctx,2,SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,SC_ERROR_INVALID_ARGUMENTS); return atrust_acos_select_fid(card, path[0], path[1], file_out); } else if (in_path->type == SC_PATH_TYPE_DF_NAME) { /* SELECT DF with AID */ /* Select with 1-16byte Application-ID */ - if (card->cache_valid + if (card->cache.valid && card->cache.current_path.type == SC_PATH_TYPE_DF_NAME && card->cache.current_path.len == pathlen && memcmp(card->cache.current_path.value, pathbuf, pathlen) == 0 ) { - if (card->ctx->debug >= 4) - sc_debug(card->ctx, "cache hit\n"); - SC_FUNC_RETURN(card->ctx, 2, SC_SUCCESS); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "cache hit\n"); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_SUCCESS); } else return atrust_acos_select_aid(card, pathbuf, pathlen, file_out); @@ -437,10 +432,10 @@ * of a EF) => pathlen must be even and less than 6 */ if (pathlen%2 != 0 || pathlen > 6 || pathlen <= 0) - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); /* if pathlen == 6 then the first FID must be MF (== 3F00) */ if (pathlen == 6 && ( path[0] != 0x3f || path[1] != 0x00 )) - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); /* unify path (the first FID should be MF) */ if (path[0] != 0x3f || path[1] != 0x00) @@ -454,7 +449,7 @@ } /* check current working directory */ - if (card->cache_valid + if (card->cache.valid && card->cache.current_path.type == SC_PATH_TYPE_PATH && card->cache.current_path.len >= 2 && card->cache.current_path.len <= pathlen ) @@ -466,7 +461,7 @@ bMatch += 2; } - if ( card->cache_valid && bMatch >= 0 ) + if ( card->cache.valid && bMatch >= 0 ) { if ( pathlen - bMatch == 2 ) /* we are in the rigth directory */ @@ -478,8 +473,9 @@ /* first step: change directory */ r = atrust_acos_select_fid(card, path[bMatch], path[bMatch+1], NULL); - SC_TEST_RET(card->ctx, r, "SELECT FILE (DF-ID) failed"); - + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "SELECT FILE (DF-ID) failed"); + + memset(&new_path, 0, sizeof(sc_path_t)); new_path.type = SC_PATH_TYPE_PATH; new_path.len = pathlen - bMatch-2; memcpy(new_path.value, &(path[bMatch+2]), new_path.len); @@ -490,13 +486,12 @@ { /* done: we are already in the * requested directory */ - if ( card->ctx->debug >= 4 ) - sc_debug(card->ctx, "cache hit\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "cache hit\n"); /* copy file info (if necessary) */ if (file_out) { sc_file_t *file = sc_file_new(); if (!file) - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_OUT_OF_MEMORY); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); file->id = (path[pathlen-2] << 8) + path[pathlen-1]; file->path = card->cache.current_path; @@ -517,24 +512,24 @@ for ( i=0; ictx, r, "SELECT FILE (DF-ID) failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "SELECT FILE (DF-ID) failed"); } return atrust_acos_select_fid(card, path[pathlen-2], path[pathlen-1], file_out); } } else - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); } /** atrust_acos_set_security_env - * sets the security enviroment + * sets the security environment * \param card pointer to the sc_card object * \param env pointer to a sc_security_env object * \param se_num not used here * \return SC_SUCCESS on success or an error code * - * This function sets the security enviroment (using the - * command MANAGE SECURITY ENVIROMENT). In case a COMPUTE SIGNATURE + * This function sets the security environment (using the + * command MANAGE SECURITY ENVIRONMENT). In case a COMPUTE SIGNATURE * operation is requested , this function tries to detect whether * COMPUTE SIGNATURE or INTERNAL AUTHENTICATE must be used for signature * calculation. @@ -543,14 +538,13 @@ const struct sc_security_env *env, int se_num) { - u8 *p, *pp, keyID; + u8 *p, *pp; int r, operation = env->operation; struct sc_apdu apdu; u8 sbuf[SC_MAX_APDU_BUFFER_SIZE]; atrust_acos_ex_data *ex_data = (atrust_acos_ex_data *)card->drv_data; p = sbuf; - keyID = env->key_ref[0]; /* copy key reference, if present */ if (env->flags & SC_SEC_ENV_KEY_REF_PRESENT) { @@ -577,9 +571,9 @@ apdu.lc = p - sbuf; apdu.le = 0; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00) - SC_FUNC_RETURN(card->ctx, 4, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); return SC_SUCCESS; } /* try COMPUTE SIGNATURE */ @@ -624,12 +618,10 @@ apdu.datalen = p - sbuf; apdu.lc = p - sbuf; apdu.le = 0; - /* suppress errors, as don't know whether to use + /* we don't know whether to use * COMPUTE SIGNATURE or INTERNAL AUTHENTICATE */ - sc_ctx_suppress_errors_on(card->ctx); r = sc_transmit_apdu(card, &apdu); - sc_ctx_suppress_errors_off(card->ctx); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00) { ex_data->fix_digestInfo = 0; ex_data->sec_ops = SC_SEC_OPERATION_SIGN; @@ -654,9 +646,9 @@ apdu.lc = p - sbuf; apdu.le = 0; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00) - SC_FUNC_RETURN(card->ctx, 4, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); ex_data->fix_digestInfo = env->algorithm_flags; ex_data->sec_ops = SC_SEC_OPERATION_AUTHENTICATE; return SC_SUCCESS; @@ -678,7 +670,7 @@ atrust_acos_ex_data *ex_data = (atrust_acos_ex_data *)card->drv_data; if (datalen > SC_MAX_APDU_BUFFER_SIZE) - SC_FUNC_RETURN(card->ctx, 4, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); if (ex_data->sec_ops == SC_SEC_OPERATION_SIGN) { /* compute signature with the COMPUTE SIGNATURE command */ @@ -694,9 +686,9 @@ apdu.lc = datalen; apdu.datalen = datalen; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00) - SC_FUNC_RETURN(card->ctx, 4, + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); /* call COMPUTE SIGNATURE */ @@ -708,13 +700,12 @@ apdu.lc = 0; apdu.datalen = 0; - apdu.sensitive = 1; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00) { size_t len = apdu.resplen > outlen ? outlen : apdu.resplen; memcpy(out, apdu.resp, len); - SC_FUNC_RETURN(card->ctx, 4, len); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, len); } } else if (ex_data->sec_ops == SC_SEC_OPERATION_AUTHENTICATE) { size_t tmp_len; @@ -742,23 +733,23 @@ apdu.resplen = sizeof(rbuf); apdu.le = 256; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00) - SC_FUNC_RETURN(card->ctx, 4, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); { size_t len = apdu.resplen > outlen ? outlen : apdu.resplen; memcpy(out, apdu.resp, len); - SC_FUNC_RETURN(card->ctx, 4, len); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, len); } } else - SC_FUNC_RETURN(card->ctx, 4, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); /* clear old state */ ex_data->sec_ops = 0; ex_data->fix_digestInfo = 0; - SC_FUNC_RETURN(card->ctx, 4, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); } /*****************************************************************************/ @@ -773,9 +764,9 @@ u8 sbuf[SC_MAX_APDU_BUFFER_SIZE]; assert(card != NULL && crgram != NULL && out != NULL); - SC_FUNC_CALLED(card->ctx, 2); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); if (crgram_len > 255) - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); /* INS: 0x2A PERFORM SECURITY OPERATION * P1: 0x80 Resp: Plain value @@ -783,7 +774,6 @@ sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0x2A, 0x80, 0x86); apdu.resp = rbuf; apdu.resplen = sizeof(rbuf); - apdu.sensitive = 1; sbuf[0] = 0; /* padding indicator byte, 0x00 = No further indication */ memcpy(sbuf + 1, crgram, crgram_len); @@ -792,15 +782,15 @@ apdu.datalen = crgram_len + 1; apdu.le = 256; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00) { size_t len = apdu.resplen > outlen ? outlen : apdu.resplen; memcpy(out, apdu.resp, len); - SC_FUNC_RETURN(card->ctx, 2, len); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, len); } - SC_FUNC_RETURN(card->ctx, 2, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); } /*****************************************************************************/ @@ -809,14 +799,13 @@ unsigned int sw2) { - if (card->ctx->debug >= 3) - sc_debug(card->ctx, "sw1 = 0x%02x, sw2 = 0x%02x\n", sw1, sw2); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "sw1 = 0x%02x, sw2 = 0x%02x\n", sw1, sw2); if (sw1 == 0x90) - return SC_NO_ERROR; + return SC_SUCCESS; if (sw1 == 0x63 && (sw2 & ~0x0fU) == 0xc0 ) { - sc_error(card->ctx, "Verification failed (remaining tries: %d)\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Verification failed (remaining tries: %d)\n", (sw2 & 0x0f)); return SC_ERROR_PIN_CODE_INCORRECT; } @@ -849,12 +838,12 @@ apdu.lc = 0; apdu.datalen = 0; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00) return SC_ERROR_INTERNAL; /* cache serial number */ - memcpy(card->serialnr.value, apdu.resp, apdu.resplen); - card->serialnr.len = apdu.resplen; + memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR)); + card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR); /* copy and return serial number */ memcpy(serial, &card->serialnr, sizeof(*serial)); return SC_SUCCESS; @@ -889,10 +878,8 @@ apdu.datalen = 2; apdu.resplen = 0; - sc_ctx_suppress_errors_on(card->ctx); r = sc_transmit_apdu(card, &apdu); - sc_ctx_suppress_errors_off(card->ctx); - SC_TEST_RET(card->ctx, r, "APDU re-transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU re-transmit failed"); if (apdu.sw1 == 0x69 && apdu.sw2 == 0x85) /* the only possible reason for this error here is, afaik, diff -Nru opensc-0.11.13/src/libopensc/card-authentic.c opensc-0.12.1/src/libopensc/card-authentic.c --- opensc-0.11.13/src/libopensc/card-authentic.c 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/libopensc/card-authentic.c 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,2161 @@ +/* + * card-authentic.c: Support for the Oberthur smart cards + * with PKI applet AuthentIC v3.2 + * + * Copyright (C) 2010 Viktor Tarasov + * OpenTrust + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#ifdef ENABLE_OPENSSL /* empty file without openssl */ + +#include +#include + +#include "internal.h" +#include "asn1.h" +#include "cardctl.h" +#include "opensc.h" +#include "pkcs15.h" +#include "iso7816.h" +/* #include "hash-strings.h" */ +#include "authentic.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define AUTHENTIC_CARD_DEFAULT_FLAGS ( 0 \ + | SC_ALGORITHM_ONBOARD_KEY_GEN \ + | SC_ALGORITHM_RSA_PAD_ISO9796 \ + | SC_ALGORITHM_RSA_PAD_PKCS1 \ + | SC_ALGORITHM_RSA_HASH_NONE \ + | SC_ALGORITHM_RSA_HASH_SHA1 \ + | SC_ALGORITHM_RSA_HASH_SHA256) + +#define AUTHENTIC_READ_BINARY_LENGTH_MAX 0xE7 + +/* generic iso 7816 operations table */ +static const struct sc_card_operations *iso_ops = NULL; + +/* our operations table with overrides */ +static struct sc_card_operations authentic_ops; + +static struct sc_card_driver authentic_drv = { + "Oberthur AuthentIC v3.1", "authentic", &authentic_ops, + NULL, 0, NULL +}; + +/* + * FIXME: use dynamic allocation for the PIN data to reduce memory usage + * actually size of 'authentic_private_data' 140kb + */ +struct authentic_private_data { + struct sc_pin_cmd_data pins[8]; + unsigned char pins_sha1[8][SHA_DIGEST_LENGTH]; + + struct sc_cplc cplc; +}; + +static struct sc_atr_table authentic_known_atrs[] = { + { "3B:DD:18:00:81:31:FE:45:80:F9:A0:00:00:00:77:01:00:70:0A:90:00:8B", NULL, + "Oberthur AuthentIC 3.2.2", SC_CARD_TYPE_OBERTHUR_AUTHENTIC_3_2, 0, NULL }, + { NULL, NULL, NULL, 0, 0, NULL } +}; + +unsigned char aid_AuthentIC_3_2[] = { + 0xA0,0x00,0x00,0x00,0x77,0x01,0x00,0x70,0x0A,0x10,0x00,0xF1,0x00,0x00,0x01,0x00 +}; + +static int authentic_select_file(struct sc_card *card, const struct sc_path *path, struct sc_file **file_out); +static int authentic_process_fci(struct sc_card *card, struct sc_file *file, const unsigned char *buf, size_t buflen); +static int authentic_get_serialnr(struct sc_card *card, struct sc_serial_number *serial); +static int authentic_pin_get_policy (struct sc_card *card, struct sc_pin_cmd_data *data); +static int authentic_pin_is_verified(struct sc_card *card, struct sc_pin_cmd_data *pin_cmd, int *tries_left); +static int authentic_select_mf(struct sc_card *card, struct sc_file **file_out); +static int authentic_card_ctl(struct sc_card *card, unsigned long cmd, void *ptr); +static void authentic_debug_select_file(struct sc_card *card, const struct sc_path *path); + +static int +authentic_update_blob(struct sc_context *ctx, unsigned tag, unsigned char *data, size_t data_len, + unsigned char **blob, size_t *blob_size) +{ + unsigned char *pp = NULL; + int offs = 0, sz; + + if (data_len == 0) + return SC_SUCCESS; + + sz = data_len + 2; + + if (tag > 0xFF) + sz++; + + if (data_len > 0x7F && data_len < 0x100) + sz++; + else if (data_len >= 0x100) + sz += 2; + + pp = realloc(*blob, *blob_size + sz); + if (!pp) + LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY); + + if (tag > 0xFF) + *(pp + *blob_size + offs++) = (tag >> 8) & 0xFF; + *(pp + *blob_size + offs++) = tag & 0xFF; + + if (data_len >= 0x100) { + *(pp + *blob_size + offs++) = 0x82; + *(pp + *blob_size + offs++) = (data_len >> 8) & 0xFF; + } + else if (data_len > 0x7F) { + *(pp + *blob_size + offs++) = 0x81; + } + *(pp + *blob_size + offs++) = data_len & 0xFF; + + memcpy(pp + *blob_size + offs, data, data_len); + + *blob_size += sz; + *blob = pp; + + return SC_SUCCESS; +} + + +static int +authentic_parse_size(unsigned char *in, size_t *out) +{ + if (!in || !out) + return SC_ERROR_INVALID_ARGUMENTS; + + if (*in < 0x80) { + *out = *in; + return 1; + } + else if (*in == 0x81) { + *out = *(in + 1); + return 2; + } + else if (*in == 0x82) { + *out = *(in + 1) * 0x100 + *(in + 2); + return 3; + } + + return SC_ERROR_INVALID_DATA; +} + + +static int +authentic_get_tagged_data(struct sc_context *ctx, unsigned char *in, size_t in_len, + unsigned in_tag, unsigned char **out, size_t *out_len) +{ + size_t size_len, tag_len, offs, size; + unsigned tag; + + if (!out || !out_len) + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS); + + for (offs = 0; offs < in_len; ) { + if ((*(in + offs) == 0x7F) || (*(in + offs) == 0x5F)) { + tag = *(in + offs) * 0x100 + *(in + offs + 1); + tag_len = 2; + } + else { + tag = *(in + offs); + tag_len = 1; + } + + size_len = authentic_parse_size(in + offs + tag_len, &size); + LOG_TEST_RET(ctx, size_len, "parse error: invalid size data"); + + if (tag == in_tag) { + *out = in + offs + tag_len + size_len; + *out_len = size; + + return SC_SUCCESS; + } + + offs += tag_len + size_len + size; + } + + return SC_ERROR_ASN1_OBJECT_NOT_FOUND; +} + + +static int +authentic_decode_pubkey_rsa(struct sc_context *ctx, unsigned char *blob, size_t blob_len, + struct sc_pkcs15_prkey **out_key) +{ + struct sc_pkcs15_prkey_rsa *key; + unsigned char *data; + size_t data_len; + int rv; + + LOG_FUNC_CALLED(ctx); + + if (!out_key) + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS); + + if (!(*out_key)) { + *out_key = calloc(1, sizeof(struct sc_pkcs15_prkey)); + + if (!(*out_key)) + LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot callocate pkcs15 private key"); + + (*out_key)->algorithm = SC_ALGORITHM_RSA; + } + else if (*out_key && (*out_key)->algorithm != SC_ALGORITHM_RSA) { + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA); + } + + key = &(*out_key)->u.rsa; + + rv = authentic_get_tagged_data(ctx, blob, blob_len, AUTHENTIC_TAG_RSA_PUBLIC, &data, &data_len); + LOG_TEST_RET(ctx, rv, "cannot get public key SDO data"); + + blob = data; + blob_len = data_len; + + /* Get RSA public modulus */ + rv = authentic_get_tagged_data(ctx, blob, blob_len, AUTHENTIC_TAG_RSA_PUBLIC_MODULUS, &data, &data_len); + LOG_TEST_RET(ctx, rv, "cannot get public key SDO data"); + + if (key->modulus.data) + free(key->modulus.data); + key->modulus.data = calloc(1, data_len); + if (!key->modulus.data) + LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot callocate modulus BN"); + memcpy(key->modulus.data, data, data_len); + key->modulus.len = data_len; + + /* Get RSA public exponent */ + rv = authentic_get_tagged_data(ctx, blob, blob_len, AUTHENTIC_TAG_RSA_PUBLIC_EXPONENT, &data, &data_len); + LOG_TEST_RET(ctx, rv, "cannot get public key SDO data"); + + if (key->exponent.data) + free(key->exponent.data); + key->exponent.data = calloc(1, data_len); + if (!key->exponent.data) + LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot callocate modulus BN"); + memcpy(key->exponent.data, data, data_len); + key->exponent.len = data_len; + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +authentic_parse_credential_data(struct sc_context *ctx, struct sc_pin_cmd_data *pin_cmd, + unsigned char *blob, size_t blob_len) +{ + unsigned char *data; + size_t data_len; + int rv, ii; + unsigned tag = AUTHENTIC_TAG_CREDENTIAL | pin_cmd->pin_reference; + + rv = authentic_get_tagged_data(ctx, blob, blob_len, tag, &blob, &blob_len); + LOG_TEST_RET(ctx, rv, "cannot get credential data"); + + rv = authentic_get_tagged_data(ctx, blob, blob_len, AUTHENTIC_TAG_CREDENTIAL_TRYLIMIT, &data, &data_len); + LOG_TEST_RET(ctx, rv, "cannot get try limit"); + pin_cmd->pin1.max_tries = *data; + + rv = authentic_get_tagged_data(ctx, blob, blob_len, AUTHENTIC_TAG_DOCP_MECH, &data, &data_len); + LOG_TEST_RET(ctx, rv, "cannot get PIN type"); + if (*data == 0) + pin_cmd->pin_type = SC_AC_CHV; + else if (*data >= 2 && *data <= 7) + pin_cmd->pin_type = SC_AC_AUT; + else + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "unsupported Credential type"); + + rv = authentic_get_tagged_data(ctx, blob, blob_len, AUTHENTIC_TAG_DOCP_ACLS, &data, &data_len); + LOG_TEST_RET(ctx, rv, "failed to get ACLs"); + sc_log(ctx, "data_len:%i", data_len); + if (data_len == 10) { + for (ii=0; ii<5; ii++) { + unsigned char acl = *(data + ii*2); + unsigned char cred_id = *(data + ii*2 + 1); + unsigned sc = acl * 0x100 + cred_id; + + sc_log(ctx, "%i: SC:%X", ii, sc); + if (!sc) + continue; + + if (acl & AUTHENTIC_AC_SM_MASK) { + pin_cmd->pin1.acls[ii].method = SC_AC_SCB; + pin_cmd->pin1.acls[ii].key_ref = sc; + } + else if (acl!=0xFF && cred_id) { + sc_log(ctx, "%i: ACL(method:SC_AC_CHV,id:%i)", ii, cred_id); + pin_cmd->pin1.acls[ii].method = SC_AC_CHV; + pin_cmd->pin1.acls[ii].key_ref = cred_id; + } + else { + pin_cmd->pin1.acls[ii].method = SC_AC_NEVER; + pin_cmd->pin1.acls[ii].key_ref = 0; + } + } + } + + rv = authentic_get_tagged_data(ctx, blob, blob_len, AUTHENTIC_TAG_CREDENTIAL_PINPOLICY, &data, &data_len); + if (!rv) { + blob = data; + blob_len = data_len; + + rv = authentic_get_tagged_data(ctx, blob, blob_len, AUTHENTIC_TAG_CREDENTIAL_PINPOLICY_MAXLENGTH, &data, &data_len); + LOG_TEST_RET(ctx, rv, "failed to get PIN max.length value"); + pin_cmd->pin1.max_length = *data; + + rv = authentic_get_tagged_data(ctx, blob, blob_len, AUTHENTIC_TAG_CREDENTIAL_PINPOLICY_MINLENGTH, &data, &data_len); + LOG_TEST_RET(ctx, rv, "failed to get PIN min.length value"); + pin_cmd->pin1.min_length = *data; + } + + return SC_SUCCESS; +} + + +static int +authentic_get_cplc(struct sc_card *card) +{ + struct authentic_private_data *prv_data = (struct authentic_private_data *) card->drv_data; + struct sc_apdu apdu; + int rv, ii; + + sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xCA, 0x9F, 0x7F); + for (ii=0;ii<2;ii++) { + apdu.le = 0x2D; + apdu.resplen = sizeof(prv_data->cplc.value); + apdu.resp = prv_data->cplc.value; + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(card->ctx, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + if (rv != SC_ERROR_CLASS_NOT_SUPPORTED) + break; + + apdu.cla = 0x80; + } + LOG_TEST_RET(card->ctx, rv, "'GET CPLC' error"); + + prv_data->cplc.len = 0x2D; + return SC_SUCCESS; +} + + +static int +authentic_select_aid(struct sc_card *card, unsigned char *aid, size_t aid_len, + unsigned char *out, size_t *out_len) +{ + struct sc_apdu apdu; + unsigned char apdu_resp[SC_MAX_APDU_BUFFER_SIZE]; + int rv; + + /* Select Card Manager (to deselect previously selected application) */ + sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xA4, 0x04, 0x00); + apdu.lc = aid_len; + apdu.data = aid; + apdu.datalen = aid_len; + apdu.resplen = sizeof(apdu_resp); + apdu.resp = apdu_resp; + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(card->ctx, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + LOG_TEST_RET(card->ctx, rv, "Cannot select AID"); + + if (out && out_len) { + if (*out_len < apdu.resplen) + LOG_TEST_RET(card->ctx, SC_ERROR_BUFFER_TOO_SMALL, "Cannot select AID"); + memcpy(out, apdu.resp, apdu.resplen); + } + + return SC_SUCCESS; +} + + +static int +authentic_match_card(struct sc_card *card) +{ + struct sc_context *ctx = card->ctx; + int i; + + sc_log(ctx, "try to match card with ATR %s", sc_dump_hex(card->atr.value, card->atr.len)); + i = _sc_match_atr(card, authentic_known_atrs, &card->type); + if (i < 0) { + sc_log(ctx, "card not matched"); + return 0; + } + + sc_log(ctx, "'%s' card matched", authentic_known_atrs[i].name); + return 1; +} + + +static int +authentic_init_oberthur_authentic_3_2(struct sc_card *card) +{ + struct sc_context *ctx = card->ctx; + unsigned int flags; + int rv = 0; + + LOG_FUNC_CALLED(ctx); + + flags = AUTHENTIC_CARD_DEFAULT_FLAGS; + + _sc_card_add_rsa_alg(card, 1024, flags, 0x10001); + _sc_card_add_rsa_alg(card, 2048, flags, 0x10001); + + card->caps = SC_CARD_CAP_RNG; + card->caps |= SC_CARD_CAP_APDU_EXT; + card->caps |= SC_CARD_CAP_USE_FCI_AC; + + rv = authentic_select_aid(card, aid_AuthentIC_3_2, sizeof(aid_AuthentIC_3_2), NULL, NULL); + LOG_TEST_RET(ctx, rv, "AuthentIC application select error"); + + rv = authentic_select_mf(card, NULL); + LOG_TEST_RET(ctx, rv, "MF selection error"); + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +authentic_init(struct sc_card *card) +{ + struct sc_context *ctx = card->ctx; + int ii, rv = SC_ERROR_NO_CARD_SUPPORT; + + LOG_FUNC_CALLED(ctx); + for(ii=0;authentic_known_atrs[ii].atr;ii++) { + if (card->type == authentic_known_atrs[ii].type) { + card->name = authentic_known_atrs[ii].name; + card->flags = authentic_known_atrs[ii].flags; + break; + } + } + + if (!authentic_known_atrs[ii].atr) + LOG_FUNC_RETURN(ctx, SC_ERROR_NO_CARD_SUPPORT); + + card->cla = 0x00; + card->drv_data = (struct authentic_private_data *) calloc(sizeof(struct authentic_private_data), 1); + if (!card->drv_data) + LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY); + + if (card->type == SC_CARD_TYPE_OBERTHUR_AUTHENTIC_3_2) + rv = authentic_init_oberthur_authentic_3_2(card); + + if (!rv) + rv = authentic_get_serialnr(card, NULL); + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +authentic_erase_binary(struct sc_card *card, unsigned int offs, size_t count, unsigned long flags) +{ + struct sc_context *ctx = card->ctx; + int rv; + unsigned char *buf_zero = NULL; + + LOG_FUNC_CALLED(ctx); + if (!count) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "'ERASE BINARY' with ZERO count not supported"); + + if (card->cache.valid && card->cache.current_ef) + sc_log(ctx, "current_ef(type=%i) %s", card->cache.current_ef->path.type, + sc_print_path(&card->cache.current_ef->path)); + + buf_zero = calloc(1, count); + if (!buf_zero) + LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "cannot allocate buff 'zero'"); + + rv = sc_update_binary(card, offs, buf_zero, count, flags); + free(buf_zero); + LOG_TEST_RET(ctx, rv, "'ERASE BINARY' failed"); + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +#if 0 +static int +authentic_resize_file(struct sc_card *card, unsigned file_id, unsigned new_size) +{ + struct sc_context *ctx = card->ctx; + struct sc_apdu apdu; + unsigned char data[6] = { + 0x62, 0x04, 0x80, 0x02, 0xFF, 0xFF + }; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "try to set file size to %i bytes", new_size); + + data[4] = (new_size >> 8) & 0xFF; + data[5] = new_size & 0xFF; + + sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xDB, (file_id >> 8) & 0xFF, file_id & 0xFF); + apdu.data = data; + apdu.datalen = sizeof(data); + apdu.lc = sizeof(data); + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(ctx, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + LOG_TEST_RET(ctx, rv, "resize file failed"); + + if (card->cache.valid && card->cache.current_ef && card->cache.current_ef->id == file_id) + card->cache.current_ef->size = new_size; + + LOG_FUNC_RETURN(ctx, rv); +} +#endif + + +static int +authentic_set_current_files(struct sc_card *card, struct sc_path *path, + unsigned char *resp, size_t resplen, struct sc_file **file_out) +{ + struct sc_context *ctx = card->ctx; + struct sc_file *file = NULL; + int rv; + + LOG_FUNC_CALLED(ctx); + if (resplen) { + switch (resp[0]) { + case 0x62: + case 0x6F: + file = sc_file_new(); + if (file == NULL) + LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY); + if (path) + file->path = *path; + + rv = authentic_process_fci(card, file, resp, resplen); + LOG_TEST_RET(ctx, rv, "cannot set 'current file': FCI process error"); + + break; + default: + LOG_FUNC_RETURN(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED); + } + + if (file->type == SC_FILE_TYPE_DF) { + struct sc_path cur_df_path; + + memset(&cur_df_path, 0, sizeof(cur_df_path)); + if (card->cache.valid && card->cache.current_df) { + cur_df_path = card->cache.current_df->path; + sc_file_free(card->cache.current_df); + } + card->cache.current_df = NULL; + sc_file_dup(&card->cache.current_df, file); + + if (cur_df_path.len) { + memcpy(card->cache.current_df->path.value + cur_df_path.len, + card->cache.current_df->path.value, + card->cache.current_df->path.len); + memcpy(card->cache.current_df->path.value, cur_df_path.value, cur_df_path.len); + card->cache.current_df->path.len += cur_df_path.len; + } + + if (card->cache.current_ef) { + sc_file_free(card->cache.current_ef); + card->cache.current_ef = NULL; + } + + card->cache.valid = 1; + } + else { + if (card->cache.current_ef) + sc_file_free(card->cache.current_ef); + card->cache.current_ef = NULL; + sc_file_dup(&card->cache.current_ef, file); + } + + if (file_out) + *file_out = file; + else + sc_file_free(file); + } + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static int +authentic_select_mf(struct sc_card *card, struct sc_file **file_out) +{ + struct sc_context *ctx = card->ctx; + struct sc_path mfpath; + int rv; + + struct sc_apdu apdu; + unsigned char rbuf[SC_MAX_APDU_BUFFER_SIZE]; + + LOG_FUNC_CALLED(ctx); + + sc_format_path("3F00", &mfpath); + mfpath.type = SC_PATH_TYPE_PATH; + + if (card->cache.valid == 1 + && card->cache.current_df + && card->cache.current_df->path.len == 2 + && !memcmp(card->cache.current_df->path.value, "\x3F\x00", 2)) { + if (file_out) + sc_file_dup(file_out, card->cache.current_df); + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); + } + + sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xA4, 0x00, 0x00); + + apdu.resp = rbuf; + apdu.resplen = sizeof(rbuf); + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(ctx, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + LOG_TEST_RET(ctx, rv, "authentic_select_file() check SW failed"); + + if (card->cache.valid == 1) { + if (card->cache.current_df) + sc_file_free(card->cache.current_df); + card->cache.current_df = NULL; + + if (card->cache.current_ef) + sc_file_free(card->cache.current_ef); + card->cache.current_ef = NULL; + } + + rv = authentic_set_current_files(card, &mfpath, apdu.resp, apdu.resplen, file_out); + LOG_TEST_RET(ctx, rv, "authentic_select_file() cannot set 'current_file'"); + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +authentic_reduce_path(struct sc_card *card, struct sc_path *path) +{ + struct sc_context *ctx = card->ctx; + struct sc_path in_path, cur_path; + int offs; + + LOG_FUNC_CALLED(ctx); + + if (path->len <= 2 || path->type == SC_PATH_TYPE_DF_NAME || !path) + LOG_FUNC_RETURN(ctx, SC_SUCCESS); + + if (!card->cache.valid || !card->cache.current_df) + LOG_FUNC_RETURN(ctx, 0); + + in_path = *path; + cur_path = card->cache.current_df->path; + + if (!memcmp(cur_path.value, "\x3F\x00", 2) && memcmp(in_path.value, "\x3F\x00", 2)) { + memcpy(in_path.value + 2, in_path.value, in_path.len); + memcpy(in_path.value, "\x3F\x00", 2); + in_path.len += 2; + } + + for (offs=0; offs < in_path.len && offs < cur_path.len; offs += 2) { + if (cur_path.value[offs] != in_path.value[offs]) + break; + if (cur_path.value[offs + 1] != in_path.value[offs + 1]) + break; + } + + memcpy(in_path.value, in_path.value + offs, sizeof(in_path.value) - offs); + in_path.len -= offs; + *path = in_path; + + LOG_FUNC_RETURN(ctx, offs); +} + + +static void +authentic_debug_select_file(struct sc_card *card, const struct sc_path *path) +{ + struct sc_context *ctx = card->ctx; + struct sc_card_cache *cache = &card->cache; + + if (path) + sc_log(ctx, "try to select path(type:%i) %s", + path->type, sc_print_path(path)); + + if (!cache->valid) + return; + + if (cache->current_df) + sc_log(ctx, "current_df(type=%i) %s", + cache->current_df->path.type, sc_print_path(&cache->current_df->path)); + else + sc_log(ctx, "current_df empty"); + + if (cache->current_ef) + sc_log(ctx, "current_ef(type=%i) %s", + cache->current_ef->path.type, sc_print_path(&cache->current_ef->path)); + else + sc_log(ctx, "current_ef empty"); +} + + +static int +authentic_is_selected(struct sc_card *card, const struct sc_path *path, struct sc_file **file_out) +{ + if (!path->len) { + if (file_out && card->cache.valid && card->cache.current_df) + sc_file_dup(file_out, card->cache.current_df); + return SC_SUCCESS; + } + else if (path->len == 2 && card->cache.valid && card->cache.current_ef) { + if (!memcmp(card->cache.current_ef->path.value, path->value, 2)) { + if (file_out) + sc_file_dup(file_out, card->cache.current_ef); + return SC_SUCCESS; + } + } + + return SC_ERROR_FILE_NOT_FOUND; +} + + +static int +authentic_select_file(struct sc_card *card, const struct sc_path *path, + struct sc_file **file_out) +{ + struct sc_context *ctx = card->ctx; + struct sc_apdu apdu; + struct sc_path lpath; + unsigned char rbuf[SC_MAX_APDU_BUFFER_SIZE]; + int pathlen, rv; + + LOG_FUNC_CALLED(ctx); + authentic_debug_select_file(card, path); + + memcpy(&lpath, path, sizeof(struct sc_path)); + + rv = authentic_reduce_path(card, &lpath); + LOG_TEST_RET(ctx, rv, "reduce path error"); + + if (lpath.len >= 2 && lpath.value[0] == 0x3F && lpath.value[1] == 0x00) { + rv = authentic_select_mf(card, file_out); + LOG_TEST_RET(ctx, rv, "cannot select MF"); + + memcpy(&lpath.value[0], &lpath.value[2], lpath.len - 2); + lpath.len -= 2; + + if (!lpath.len) + LOG_FUNC_RETURN(ctx, SC_SUCCESS); + } + + if (lpath.type == SC_PATH_TYPE_PATH && (lpath.len == 2)) + lpath.type = SC_PATH_TYPE_FILE_ID; + + rv = authentic_is_selected(card, &lpath, file_out); + if (!rv) + LOG_FUNC_RETURN(ctx, SC_SUCCESS); + + pathlen = lpath.len; + sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0xA4, 0x00, 0x00); + + if (card->type != SC_CARD_TYPE_OBERTHUR_AUTHENTIC_3_2) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Unsupported card"); + + if (lpath.type == SC_PATH_TYPE_FILE_ID) { + apdu.p1 = 0x00; + } + else if (lpath.type == SC_PATH_TYPE_PATH) { + apdu.p1 = 0x08; + } + else if (lpath.type == SC_PATH_TYPE_FROM_CURRENT) { + apdu.p1 = 0x09; + } + else if (lpath.type == SC_PATH_TYPE_DF_NAME) { + apdu.p1 = 4; + } + else if (lpath.type == SC_PATH_TYPE_PARENT) { + apdu.p1 = 0x03; + pathlen = 0; + apdu.cse = SC_APDU_CASE_2_SHORT; + } + else { + sc_log(ctx, "Invalid PATH type: 0x%X", lpath.type); + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "authentic_select_file() invalid PATH type"); + } + + apdu.lc = pathlen; + apdu.data = lpath.value; + apdu.datalen = pathlen; + + if (apdu.cse == SC_APDU_CASE_4_SHORT || apdu.cse == SC_APDU_CASE_2_SHORT) { + apdu.resp = rbuf; + apdu.resplen = sizeof(rbuf); + apdu.le = 256; + } + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(ctx, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + LOG_TEST_RET(ctx, rv, "authentic_select_file() check SW failed"); + + rv = authentic_set_current_files(card, &lpath, apdu.resp, apdu.resplen, file_out); + LOG_TEST_RET(ctx, rv, "authentic_select_file() cannot set 'current_file'"); + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static int +authentic_apdus_allocate(struct sc_apdu **head, struct sc_apdu **new) +{ + struct sc_apdu *allocated_apdu = NULL, *tmp_apdu = NULL; + + if (!head) + return SC_ERROR_INVALID_ARGUMENTS; + + allocated_apdu = calloc(1, sizeof(struct sc_apdu)); + if (!allocated_apdu) + return SC_ERROR_OUT_OF_MEMORY; + + if (*head == NULL) + *head = allocated_apdu; + + if (new) + *new = allocated_apdu; + + tmp_apdu = *head; + while(tmp_apdu->next) + tmp_apdu = tmp_apdu->next; + + tmp_apdu->next = allocated_apdu; + + return 0; +} + + +static void +authentic_apdus_free(struct sc_apdu *apdu) +{ + while(apdu) { + struct sc_apdu *tmp_apdu = apdu->next; + free(apdu); + apdu = tmp_apdu; + } +} + + +static int +authentic_read_binary(struct sc_card *card, unsigned int idx, + unsigned char *buf, size_t count, unsigned long flags) +{ + struct sc_context *ctx = card->ctx; + struct sc_apdu *apdus = NULL, *cur_apdu = NULL; + size_t sz, rest; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "offs:%i,count:%i,max_recv_size:%i", idx, count, card->max_recv_size); + + /* Data size more then 256 bytes can happen when card reader is + * configurated with max_send/recv_size more then 255/256 bytes + * (for ex. 'remote-access' reader) . + * For that case create chained APDUs 'read-binary' APDUs. + */ + sc_log(ctx, "reader flags 0x%X", card->reader->flags); + if (count > 256 && !(card->reader->flags & SC_READER_HAS_WAITING_AREA)) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Invalid size of the data to read"); + + rest = count; + while(rest) { + if (authentic_apdus_allocate(&apdus, &cur_apdu)) + LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "cannot allocate APDU"); + + sz = rest > 256 ? 256 : rest; + sc_format_apdu(card, cur_apdu, SC_APDU_CASE_2_SHORT, 0xB0, (idx >> 8) & 0x7F, idx & 0xFF); + cur_apdu->le = sz; + cur_apdu->resplen = count; + cur_apdu->resp = buf; + + idx += sz; + rest -= sz; + } + + if (!apdus) + { + LOG_TEST_RET(ctx, SC_ERROR_INTERNAL, "authentic_read_binary() failed"); + LOG_FUNC_RETURN(ctx, count); + } + + rv = sc_transmit_apdu(card, apdus); + if (!rv) + rv = sc_check_sw(card, apdus->sw1, apdus->sw2); + if (!rv) + count = apdus->resplen; + + authentic_apdus_free(apdus); + + LOG_TEST_RET(ctx, rv, "authentic_read_binary() failed"); + LOG_FUNC_RETURN(ctx, count); +} + + +static int +authentic_write_binary(struct sc_card *card, unsigned int idx, + const unsigned char *buf, size_t count, unsigned long flags) +{ + struct sc_context *ctx = card->ctx; + struct sc_apdu *apdus = NULL, *cur_apdu = NULL; + size_t sz, rest; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "offs:%i,count:%i,max_send_size:%i", idx, count, card->max_send_size); + + /* see comments for authentic_read_binary() */ + sc_log(ctx, "reader flags 0x%X", card->reader->flags); + if (count > 255 && !(card->reader->flags & SC_READER_HAS_WAITING_AREA)) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Invalid size of the data to read"); + + rest = count; + while(rest) { + if (authentic_apdus_allocate(&apdus, &cur_apdu)) + LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "cannot allocate APDU"); + + sz = rest > 255 ? 255 : rest; + sc_format_apdu(card, cur_apdu, SC_APDU_CASE_3_SHORT, 0xD0, (idx >> 8) & 0x7F, idx & 0xFF); + cur_apdu->lc = sz; + cur_apdu->datalen = sz; + cur_apdu->data = buf + count - rest; + + idx += sz; + rest -= sz; + } + + if (!apdus) + { + LOG_TEST_RET(ctx, SC_ERROR_INTERNAL, "authentic_write_binary() failed"); + LOG_FUNC_RETURN(ctx, count); + } + + rv = sc_transmit_apdu(card, apdus); + if (!rv) + rv = sc_check_sw(card, apdus->sw1, apdus->sw2); + + authentic_apdus_free(apdus); + + LOG_TEST_RET(ctx, rv, "authentic_write_binary() failed"); + LOG_FUNC_RETURN(ctx, count); +} + + +static int +authentic_update_binary(struct sc_card *card, unsigned int idx, + const unsigned char *buf, size_t count, unsigned long flags) +{ + struct sc_context *ctx = card->ctx; + struct sc_apdu *apdus = NULL, *cur_apdu = NULL; + size_t sz, rest; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "offs:%i,count:%i,max_send_size:%i", idx, count, card->max_send_size); + + /* see comments for authentic_read_binary() */ + sc_log(ctx, "reader flags 0x%X", card->reader->flags); + if (count > 255 && !(card->reader->flags & SC_READER_HAS_WAITING_AREA)) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Invalid size of the data to read"); + + rest = count; + while(rest) { + if (authentic_apdus_allocate(&apdus, &cur_apdu)) + LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "cannot allocate APDU"); + + sz = rest > 255 ? 255 : rest; + sc_format_apdu(card, cur_apdu, SC_APDU_CASE_3_SHORT, 0xD6, (idx >> 8) & 0x7F, idx & 0xFF); + cur_apdu->lc = sz; + cur_apdu->datalen = sz; + cur_apdu->data = buf + count - rest; + + idx += sz; + rest -= sz; + } + + if (!apdus) + { + LOG_TEST_RET(ctx, SC_ERROR_INTERNAL, "authentic_update_binary() failed"); + LOG_FUNC_RETURN(ctx, count); + } + + rv = sc_transmit_apdu(card, apdus); + if (!rv) + rv = sc_check_sw(card, apdus->sw1, apdus->sw2); + + authentic_apdus_free(apdus); + + LOG_TEST_RET(ctx, rv, "authentic_update_binary() failed"); + LOG_FUNC_RETURN(ctx, count); +} + + +static int +authentic_process_fci(struct sc_card *card, struct sc_file *file, + const unsigned char *buf, size_t buflen) +{ + struct sc_context *ctx = card->ctx; + size_t taglen; + int rv, ii; + const unsigned char *tag = NULL; + unsigned char ops_DF[8] = { + SC_AC_OP_CREATE, SC_AC_OP_DELETE, SC_AC_OP_CRYPTO, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF + }; + unsigned char ops_EF[8] = { + SC_AC_OP_READ, SC_AC_OP_DELETE, SC_AC_OP_UPDATE, SC_AC_OP_RESIZE, 0xFF, 0xFF, 0xFF, 0xFF + }; + + LOG_FUNC_CALLED(ctx); + + tag = sc_asn1_find_tag(card->ctx, buf, buflen, 0x6F, &taglen); + if (tag != NULL) { + sc_log(ctx, " FCP length %i", taglen); + buf = tag; + buflen = taglen; + } + + tag = sc_asn1_find_tag(card->ctx, buf, buflen, 0x62, &taglen); + if (tag != NULL) { + sc_log(ctx, " FCP length %i", taglen); + buf = tag; + buflen = taglen; + } + + rv = iso_ops->process_fci(card, file, buf, buflen); + LOG_TEST_RET(ctx, rv, "ISO parse FCI failed"); + + if (!file->sec_attr_len) { + sc_log(ctx, "ACLs not found in data(%i) %s", buflen, sc_dump_hex(buf, buflen)); + sc_log(ctx, "Path:%s; Type:%X; PathType:%X", sc_print_path(&file->path), file->type, file->path.type); + if (file->path.type == SC_PATH_TYPE_DF_NAME || file->type == SC_FILE_TYPE_DF) { + file->type = SC_FILE_TYPE_DF; + } + else { + LOG_TEST_RET(ctx, SC_ERROR_OBJECT_NOT_FOUND, "ACLs tag missing"); + } + } + + sc_log(ctx, "ACL data(%i):%s", file->sec_attr_len, sc_dump_hex(file->sec_attr, file->sec_attr_len)); + for (ii = 0; ii < file->sec_attr_len / 2; ii++) { + unsigned char op = file->type == SC_FILE_TYPE_DF ? ops_DF[ii] : ops_EF[ii]; + unsigned char acl = *(file->sec_attr + ii*2); + unsigned char cred_id = *(file->sec_attr + ii*2 + 1); + unsigned sc = acl * 0x100 + cred_id; + + sc_log(ctx, "ACL(%i) op 0x%X, acl %X:%X", ii, op, acl, cred_id); + if (op == 0xFF) + ; + else if (!acl && !cred_id) + sc_file_add_acl_entry(file, op, SC_AC_NONE, 0); + else if (acl == 0xFF) + sc_file_add_acl_entry(file, op, SC_AC_NEVER, 0); + else if (acl & AUTHENTIC_AC_SM_MASK) + sc_file_add_acl_entry(file, op, SC_AC_SCB, sc); + else if (cred_id) + sc_file_add_acl_entry(file, op, SC_AC_CHV, cred_id); + else + sc_file_add_acl_entry(file, op, SC_AC_NEVER, 0); + } + + LOG_FUNC_RETURN(ctx, 0); +} + + +static int +authentic_fcp_encode(struct sc_card *card, struct sc_file *file, unsigned char *out, size_t out_len) +{ + struct sc_context *ctx = card->ctx; + unsigned char buf[0x80]; + size_t ii, offs; + unsigned char ops_ef[4] = { SC_AC_OP_READ, SC_AC_OP_DELETE, SC_AC_OP_UPDATE, SC_AC_OP_RESIZE }; + unsigned char ops_df[3] = { SC_AC_OP_CREATE, SC_AC_OP_DELETE, SC_AC_OP_CRYPTO }; + unsigned char *ops = file->type == SC_FILE_TYPE_DF ? ops_df : ops_ef; + size_t ops_len = file->type == SC_FILE_TYPE_DF ? 3 : 4; + + LOG_FUNC_CALLED(ctx); + + offs = 0; + buf[offs++] = ISO7816_TAG_FCP_SIZE; + buf[offs++] = 2; + buf[offs++] = (file->size >> 8) & 0xFF; + buf[offs++] = file->size & 0xFF; + + buf[offs++] = ISO7816_TAG_FCP_TYPE; + buf[offs++] = 1; + buf[offs++] = file->type == SC_FILE_TYPE_DF ? ISO7816_FILE_TYPE_DF : ISO7816_FILE_TYPE_TRANSPARENT_EF; + + buf[offs++] = ISO7816_TAG_FCP_ID; + buf[offs++] = 2; + buf[offs++] = (file->id >> 8) & 0xFF; + buf[offs++] = file->id & 0xFF; + + buf[offs++] = ISO7816_TAG_FCP_ACLS; + buf[offs++] = ops_len * 2; + for (ii=0; ii < ops_len; ii++) { + const struct sc_acl_entry *entry; + + entry = sc_file_get_acl_entry(file, ops[ii]); + sc_log(ctx, "acl entry(method:%X,ref:%X)", entry->method, entry->key_ref); + + if (entry->method == SC_AC_NEVER) { + /* TODO: After development change for 0xFF */ + buf[offs++] = 0x00; + buf[offs++] = 0x00; + } + else if (entry->method == SC_AC_NONE) { + buf[offs++] = 0x00; + buf[offs++] = 0x00; + } + else if (entry->method == SC_AC_CHV) { + if (!(entry->key_ref & AUTHENTIC_V3_CREDENTIAL_ID_MASK) + || (entry->key_ref & ~AUTHENTIC_V3_CREDENTIAL_ID_MASK)) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Non supported Credential Reference"); + buf[offs++] = 0x00; + buf[offs++] = 0x01 << (entry->key_ref - 1); + } + else + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Non supported AC method"); + } + + if (out) { + if (out_len < offs) + LOG_TEST_RET(ctx, SC_ERROR_BUFFER_TOO_SMALL, "Buffer too small to encode FCP"); + memcpy(out, buf, offs); + } + + LOG_FUNC_RETURN(ctx, offs); +} + + +static int +authentic_create_file(struct sc_card *card, struct sc_file *file) +{ + struct sc_context *ctx = card->ctx; + struct sc_apdu apdu; + unsigned char sbuf[0x100]; + size_t sbuf_len; + struct sc_path path; + int rv; + + LOG_FUNC_CALLED(ctx); + + if (file->type != SC_FILE_TYPE_WORKING_EF) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Creation of the file with of this type is not supported"); + + authentic_debug_select_file(card, &file->path); + + sbuf_len = authentic_fcp_encode(card, file, sbuf + 2, sizeof(sbuf)-2); + LOG_TEST_RET(ctx, sbuf_len, "FCP encode error"); + + sbuf[0] = ISO7816_TAG_FCP; + sbuf[1] = sbuf_len; + + if (card->cache.valid && card->cache.current_df) { + const struct sc_acl_entry *entry = sc_file_get_acl_entry(card->cache.current_df, SC_AC_OP_CREATE); + + sc_log(ctx, "CREATE method/reference %X/%X", entry->method, entry->key_ref); + if (entry->method == SC_AC_SCB) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Not yet supported"); + } + + sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xE0, 0, 0); + apdu.data = sbuf; + apdu.datalen = sbuf_len + 2; + apdu.lc = sbuf_len + 2; + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(ctx, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + LOG_TEST_RET(ctx, rv, "authentic_create_file() create file error"); + + path = file->path; + memcpy(path.value, path.value + path.len - 2, 2); + path.len = 2; + rv = authentic_set_current_files(card, &path, sbuf, sbuf_len + 2, NULL); + LOG_TEST_RET(ctx, rv, "authentic_select_file() cannot set 'current_file'"); + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +authentic_delete_file(struct sc_card *card, const struct sc_path *path) +{ + struct sc_context *ctx = card->ctx; + struct sc_apdu apdu; + unsigned char p1; + int rv, ii; + + LOG_FUNC_CALLED(ctx); + + if (!path) + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS); + + for (ii=0, p1 = 0x02; ii<2; ii++, p1 = 0x01) { + sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xE4, p1, 0x00); + apdu.data = path->value + path->len - 2; + apdu.datalen = 2; + apdu.lc = 2; + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(ctx, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + if (rv != SC_ERROR_FILE_NOT_FOUND || p1 != 0x02) + break; + } + LOG_TEST_RET(ctx, rv, "Delete file failed"); + + if (card->cache.valid && card->cache.current_ef) { + sc_file_free(card->cache.current_ef); + card->cache.current_ef = NULL; + } + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +authentic_chv_verify_pinpad(struct sc_card *card, struct sc_pin_cmd_data *pin_cmd, int *tries_left) +{ + struct sc_context *ctx = card->ctx; + unsigned char buffer[0x100]; + struct sc_pin_cmd_pin *pin1 = &pin_cmd->pin1; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "Verify PIN(ref:%i) with pin-pad", pin_cmd->pin_reference); + + rv = authentic_pin_is_verified(card, pin_cmd, tries_left); + if (!rv) + LOG_FUNC_RETURN(ctx, rv); + + if (!card->reader || !card->reader->ops || !card->reader->ops->perform_verify) { + sc_log(ctx, "Reader not ready for PIN PAD"); + LOG_FUNC_RETURN(ctx, SC_ERROR_READER); + } + + pin1->len = pin1->min_length; + pin1->max_length = 8; + + memset(buffer, pin1->pad_char, sizeof(buffer)); + pin1->data = buffer; + + pin_cmd->cmd = SC_PIN_CMD_VERIFY; + pin_cmd->flags |= SC_PIN_CMD_USE_PINPAD; + + rv = iso_ops->pin_cmd(card, pin_cmd, tries_left); + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +authentic_chv_verify(struct sc_card *card, struct sc_pin_cmd_data *pin_cmd, + int *tries_left) +{ + struct sc_context *ctx = card->ctx; + struct sc_apdu apdu; + struct sc_pin_cmd_pin *pin1 = &pin_cmd->pin1; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "CHV PIN reference %i, pin1(%p,len:%i)", pin_cmd->pin_reference, pin1->data, pin1->len); + + if (pin1->data && !pin1->len) { + sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x20, 0, pin_cmd->pin_reference); + } + else if (pin1->data && pin1->len) { + unsigned char pin_buff[SC_MAX_APDU_BUFFER_SIZE]; + size_t pin_len; + + memcpy(pin_buff, pin1->data, pin1->len); + pin_len = pin1->len; + + if (pin1->pad_length && pin_cmd->flags & SC_PIN_CMD_NEED_PADDING) { + memset(pin_buff + pin1->len, pin1->pad_char, pin1->pad_length - pin1->len); + pin_len = pin1->pad_length; + } + + sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x20, 0, pin_cmd->pin_reference); + apdu.data = pin_buff; + apdu.datalen = pin_len; + apdu.lc = pin_len; + } + else if ((card->reader->capabilities & SC_READER_CAP_PIN_PAD) && !pin1->data && !pin1->len) { + rv = authentic_chv_verify_pinpad(card, pin_cmd, tries_left); + sc_log(ctx, "authentic_chv_verify() authentic_chv_verify_pinpad returned %i", rv); + LOG_FUNC_RETURN(ctx, rv); + } + else { + LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED); + } + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(ctx, rv, "APDU transmit failed"); + + if (apdu.sw1 == 0x63 && (apdu.sw2 & 0xF0) == 0xC0) { + pin1->tries_left = apdu.sw2 & 0x0F; + if (tries_left) + *tries_left = apdu.sw2 & 0x0F; + } + + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +authentic_pin_is_verified(struct sc_card *card, struct sc_pin_cmd_data *pin_cmd_data, + int *tries_left) +{ + struct sc_context *ctx = card->ctx; + struct sc_pin_cmd_data pin_cmd; + int rv; + + LOG_FUNC_CALLED(ctx); + + if (pin_cmd_data->pin_type != SC_AC_CHV) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "PIN type is not supported for the verification"); + + pin_cmd = *pin_cmd_data; + pin_cmd.pin1.data = (unsigned char *)""; + pin_cmd.pin1.len = 0; + + rv = authentic_chv_verify(card, &pin_cmd, tries_left); + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +authentic_pin_verify(struct sc_card *card, struct sc_pin_cmd_data *pin_cmd) +{ + struct sc_context *ctx = card->ctx; + struct authentic_private_data *prv_data = (struct authentic_private_data *) card->drv_data; + unsigned char pin_sha1[SHA_DIGEST_LENGTH]; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "PIN(type:%X,reference:%X,data:%p,length:%i)", + pin_cmd->pin_type, pin_cmd->pin_reference, pin_cmd->pin1.data, pin_cmd->pin1.len); + + if (pin_cmd->pin1.data && !pin_cmd->pin1.len) { + pin_cmd->pin1.tries_left = -1; + rv = authentic_pin_is_verified(card, pin_cmd, &pin_cmd->pin1.tries_left); + LOG_FUNC_RETURN(ctx, rv); + } + + if (pin_cmd->pin1.data) + SHA1(pin_cmd->pin1.data, pin_cmd->pin1.len, pin_sha1); + else + SHA1((unsigned char *)"", 0, pin_sha1); + + if (!memcmp(pin_sha1, prv_data->pins_sha1[pin_cmd->pin_reference], SHA_DIGEST_LENGTH)) { + sc_log(ctx, "Already verified"); + LOG_FUNC_RETURN(ctx, SC_SUCCESS); + } + + memset(prv_data->pins_sha1[pin_cmd->pin_reference], 0, sizeof(prv_data->pins_sha1[0])); + + rv = authentic_pin_get_policy(card, pin_cmd); + LOG_TEST_RET(ctx, rv, "Get 'PIN policy' error"); + + if (pin_cmd->pin1.len > pin_cmd->pin1.max_length) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_PIN_LENGTH, "PIN policy check failed"); + + pin_cmd->pin1.tries_left = -1; + rv = authentic_chv_verify(card, pin_cmd, &pin_cmd->pin1.tries_left); + LOG_TEST_RET(ctx, rv, "PIN CHV verification error"); + + memcpy(prv_data->pins_sha1[pin_cmd->pin_reference], pin_sha1, SHA_DIGEST_LENGTH); + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +authentic_pin_change_pinpad(struct sc_card *card, unsigned reference, int *tries_left) +{ + struct sc_context *ctx = card->ctx; + struct sc_pin_cmd_data pin_cmd; + unsigned char pin1_data[SC_MAX_APDU_BUFFER_SIZE], pin2_data[SC_MAX_APDU_BUFFER_SIZE]; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "CHV PINPAD PIN reference %i", reference); + + if (!card->reader || !card->reader->ops || !card->reader->ops->perform_verify) { + sc_log(ctx, "Reader not ready for PIN PAD"); + LOG_FUNC_RETURN(ctx, SC_ERROR_READER); + } + + memset(&pin_cmd, 0, sizeof(pin_cmd)); + pin_cmd.pin_type = SC_AC_CHV; + pin_cmd.pin_reference = reference; + pin_cmd.cmd = SC_PIN_CMD_CHANGE; + pin_cmd.flags |= SC_PIN_CMD_USE_PINPAD | SC_PIN_CMD_NEED_PADDING; + + rv = authentic_pin_get_policy(card, &pin_cmd); + LOG_TEST_RET(ctx, rv, "Get 'PIN policy' error"); + + memset(pin1_data, pin_cmd.pin1.pad_char, sizeof(pin1_data)); + pin_cmd.pin1.data = pin1_data; + + pin_cmd.pin1.len = pin_cmd.pin1.min_length; + pin_cmd.pin1.max_length = 8; + + memcpy(&pin_cmd.pin2, &pin_cmd.pin1, sizeof(pin_cmd.pin1)); + memset(pin2_data, pin_cmd.pin2.pad_char, sizeof(pin2_data)); + pin_cmd.pin2.data = pin2_data; + + sc_log(ctx, "PIN1 lengths max/min/pad: %i/%i/%i", pin_cmd.pin1.max_length, pin_cmd.pin1.min_length, + pin_cmd.pin1.pad_length); + sc_log(ctx, "PIN2 lengths max/min/pad: %i/%i/%i", pin_cmd.pin2.max_length, pin_cmd.pin2.min_length, + pin_cmd.pin2.pad_length); + + rv = iso_ops->pin_cmd(card, &pin_cmd, tries_left); + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +authentic_pin_change(struct sc_card *card, struct sc_pin_cmd_data *data, int *tries_left) +{ + struct sc_context *ctx = card->ctx; + struct authentic_private_data *prv_data = (struct authentic_private_data *) card->drv_data; + struct sc_apdu apdu; + unsigned char pin_data[SC_MAX_APDU_BUFFER_SIZE]; + size_t offs; + int rv; + + rv = authentic_pin_get_policy(card, data); + LOG_TEST_RET(ctx, rv, "Get 'PIN policy' error"); + + memset(prv_data->pins_sha1[data->pin_reference], 0, sizeof(prv_data->pins_sha1[0])); + + if (!data->pin1.data && !data->pin1.len && &data->pin2.data && !data->pin2.len) { + if (!(card->reader->capabilities & SC_READER_CAP_PIN_PAD)) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "PIN pad not supported"); + rv = authentic_pin_change_pinpad(card, data->pin_reference, tries_left); + sc_log(ctx, "authentic_pin_cmd(SC_PIN_CMD_CHANGE) chv_change_pinpad returned %i", rv); + LOG_FUNC_RETURN(ctx, rv); + } + + if (card->max_send_size && data->pin1.len + data->pin2.len > card->max_send_size) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_PIN_LENGTH, "APDU transmit failed"); + + memset(pin_data, data->pin1.pad_char, sizeof(pin_data)); + offs = 0; + if (data->pin1.data && data->pin1.len) { + memcpy(pin_data, data->pin1.data, data->pin1.len); + offs += data->pin1.pad_length; + } + if (data->pin2.data && data->pin2.len) + memcpy(pin_data + offs, data->pin2.data, data->pin2.len); + + sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x24, offs ? 0x00 : 0x01, data->pin_reference); + apdu.data = pin_data; + apdu.datalen = offs + data->pin1.pad_length; + apdu.lc = offs + data->pin1.pad_length; + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(ctx, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +authentic_chv_set_pinpad(struct sc_card *card, unsigned char reference) +{ + struct sc_context *ctx = card->ctx; + struct sc_pin_cmd_data pin_cmd; + unsigned char pin_data[0x100]; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "Set CHV PINPAD PIN reference %i", reference); + + if (!card->reader || !card->reader->ops || !card->reader->ops->perform_verify) { + sc_log(ctx, "Reader not ready for PIN PAD"); + LOG_FUNC_RETURN(ctx, SC_ERROR_READER); + } + + memset(&pin_cmd, 0, sizeof(pin_cmd)); + pin_cmd.pin_type = SC_AC_CHV; + pin_cmd.pin_reference = reference; + pin_cmd.cmd = SC_PIN_CMD_UNBLOCK; + pin_cmd.flags |= SC_PIN_CMD_USE_PINPAD | SC_PIN_CMD_NEED_PADDING; + + rv = authentic_pin_get_policy(card, &pin_cmd); + LOG_TEST_RET(ctx, rv, "Get 'PIN policy' error"); + + memset(pin_data, pin_cmd.pin1.pad_char, sizeof(pin_data)); + pin_cmd.pin1.data = pin_data; + + pin_cmd.pin1.len = pin_cmd.pin1.min_length; + pin_cmd.pin1.max_length = 8; + + memcpy(&pin_cmd.pin2, &pin_cmd.pin1, sizeof(pin_cmd.pin1)); + memset(&pin_cmd.pin1, 0, sizeof(pin_cmd.pin1)); + + sc_log(ctx, "PIN2 max/min/pad %i/%i/%i", + pin_cmd.pin2.max_length, pin_cmd.pin2.min_length, pin_cmd.pin2.pad_length); + rv = iso_ops->pin_cmd(card, &pin_cmd, NULL); + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +authentic_pin_get_policy (struct sc_card *card, struct sc_pin_cmd_data *data) +{ + struct sc_context *ctx = card->ctx; + struct sc_apdu apdu; + unsigned char rbuf[0x100]; + int ii, rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "get PIN(type:%X,ref:%X)", data->pin_type, data->pin_reference); + + sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xCA, 0x5F, data->pin_reference); + for (ii=0;ii<2;ii++) { + apdu.le = sizeof(rbuf); + apdu.resp = rbuf; + apdu.resplen = sizeof(rbuf); + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(ctx, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + + if (rv != SC_ERROR_CLASS_NOT_SUPPORTED) + break; + + apdu.cla = 0x80; + } + LOG_TEST_RET(ctx, rv, "'GET DATA' error"); + + rv = authentic_parse_credential_data(ctx, data, apdu.resp, apdu.resplen); + LOG_TEST_RET(ctx, rv, "Cannot parse credential data"); + + data->pin1.encoding = SC_PIN_ENCODING_ASCII; + data->pin1.offset = 5; + data->pin1.pad_char = 0xFF; + data->pin1.pad_length = data->pin1.max_length; + + data->flags |= SC_PIN_CMD_NEED_PADDING; + + sc_log(ctx, "PIN policy: size max/min/pad %i/%i/%i, tries max/left %i/%i", + data->pin1.max_length, data->pin1.min_length, data->pin1.pad_length, + data->pin1.max_tries, data->pin1.tries_left); + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +authentic_pin_reset(struct sc_card *card, struct sc_pin_cmd_data *data, int *tries_left) +{ + struct sc_context *ctx = card->ctx; + struct authentic_private_data *prv_data = (struct authentic_private_data *) card->drv_data; + struct sc_file *save_current = NULL; + struct sc_pin_cmd_data pin_cmd, puk_cmd; + struct sc_apdu apdu; + unsigned reference; + int rv, ii; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "reset PIN (ref:%i,lengths %i/%i)", data->pin_reference, data->pin1.len, data->pin2.len); + + memset(prv_data->pins_sha1[data->pin_reference], 0, sizeof(prv_data->pins_sha1[0])); + + memset(&pin_cmd, 0, sizeof(pin_cmd)); + pin_cmd.pin_reference = data->pin_reference; + pin_cmd.pin_type = data->pin_type; + + rv = authentic_pin_get_policy(card, &pin_cmd); + LOG_TEST_RET(ctx, rv, "Get 'PIN policy' error"); + + if (pin_cmd.pin1.acls[AUTHENTIC_ACL_NUM_PIN_RESET].method == SC_AC_CHV) { + for (ii=0;ii<8;ii++) { + unsigned char mask = 0x01 << ii; + if (pin_cmd.pin1.acls[AUTHENTIC_ACL_NUM_PIN_RESET].key_ref & mask) { + memset(&puk_cmd, 0, sizeof(puk_cmd)); + puk_cmd.pin_reference = ii + 1; + + rv = authentic_pin_get_policy(card, &puk_cmd); + LOG_TEST_RET(ctx, rv, "Get 'PIN policy' error"); + + if (puk_cmd.pin_type == SC_AC_CHV) + break; + } + } + if (ii < 8) { + puk_cmd.pin1.data = data->pin1.data; + puk_cmd.pin1.len = data->pin1.len; + + rv = authentic_pin_verify(card, &puk_cmd); + + if (tries_left && rv == SC_ERROR_PIN_CODE_INCORRECT) + *tries_left = puk_cmd.pin1.tries_left; + + LOG_TEST_RET(ctx, rv, "Cannot verify PUK"); + } + } + + reference = data->pin_reference; + if (data->pin2.len) { + unsigned char pin_data[SC_MAX_APDU_BUFFER_SIZE]; + + memset(pin_data, pin_cmd.pin1.pad_char, sizeof(pin_data)); + memcpy(pin_data, data->pin2.data, data->pin2.len); + + sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x2C, 0x02, reference); + apdu.data = pin_data; + apdu.datalen = pin_cmd.pin1.pad_length; + apdu.lc = pin_cmd.pin1.pad_length; + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(ctx, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + LOG_TEST_RET(ctx, rv, "PIN cmd failed"); + } + else if (data->pin2.data) { + sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x2C, 3, reference); + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(ctx, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + LOG_TEST_RET(ctx, rv, "PIN cmd failed"); + } + else { + rv = authentic_chv_set_pinpad(card, reference); + LOG_TEST_RET(ctx, rv, "Failed to set PIN with pin-pad"); + } + + if (save_current) { + struct sc_file *dummy_file = NULL; + + rv = authentic_select_file(card, &save_current->path, &dummy_file); + LOG_TEST_RET(ctx, rv, "Cannot return to saved PATH"); + } + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +authentic_pin_cmd(struct sc_card *card, struct sc_pin_cmd_data *data, int *tries_left) +{ + struct sc_context *ctx = card->ctx; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "PIN-CMD:%X,PIN(type:%X,ret:%i),PIN1(%p,len:%i),PIN2(%p,len:%i)", data->cmd, data->pin_type, + data->pin_reference, data->pin1.data, data->pin1.len, data->pin2.data, data->pin2.len); + + switch (data->cmd) { + case SC_PIN_CMD_VERIFY: + rv = authentic_pin_verify(card, data); + break; + case SC_PIN_CMD_CHANGE: + rv = authentic_pin_change(card, data, tries_left); + break; + case SC_PIN_CMD_UNBLOCK: + rv = authentic_pin_reset(card, data, tries_left); + break; + case SC_PIN_CMD_GET_INFO: + rv = authentic_pin_get_policy(card, data); + break; + default: + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Unupported PIN command"); + } + + if (rv == SC_ERROR_PIN_CODE_INCORRECT && tries_left) + *tries_left = data->pin1.tries_left; + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +authentic_get_serialnr(struct sc_card *card, struct sc_serial_number *serial) +{ + struct sc_context *ctx = card->ctx; + struct authentic_private_data *prv_data = (struct authentic_private_data *) card->drv_data; + int rv; + + LOG_FUNC_CALLED(ctx); + if (!card->serialnr.len) { + rv = authentic_get_cplc(card); + LOG_TEST_RET(ctx, rv, "get CPLC data error"); + + card->serialnr.len = 4; + memcpy(card->serialnr.value, prv_data->cplc.value + 15, 4); + + sc_log(ctx, "serial %02X%02X%02X%02X", + card->serialnr.value[0], card->serialnr.value[1], + card->serialnr.value[2], card->serialnr.value[3]); + } + + if (serial) + memcpy(serial, &card->serialnr, sizeof(*serial)); + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +/* 'GET CHALLENGE' returns always 24 bytes */ +static int +authentic_get_challenge(struct sc_card *card, unsigned char *rnd, size_t len) +{ + struct sc_context *ctx = card->ctx; + struct sc_apdu apdu; + unsigned char rbuf[0x18]; + int rv, nn; + + LOG_FUNC_CALLED(ctx); + if (!rnd) + return SC_ERROR_INVALID_ARGUMENTS; + + sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0x84, 0x00, 0x00); + apdu.resp = rbuf; + apdu.resplen = sizeof(rbuf); + apdu.le = sizeof(rbuf); + + while (len > 0) { + rv = sc_transmit_apdu(card, &apdu); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + LOG_TEST_RET(ctx, rv, "PIN cmd failed"); + + if (apdu.resplen != sizeof(rbuf)) + return sc_check_sw(card, apdu.sw1, apdu.sw2); + + nn = len > apdu.resplen ? apdu.resplen : len; + memcpy(rnd, apdu.resp, nn); + len -= nn; + rnd += nn; + } + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static int +authentic_manage_sdo_encode_prvkey(struct sc_card *card, struct sc_pkcs15_prkey *prvkey, + unsigned char **out, size_t *out_len) +{ + struct sc_context *ctx = card->ctx; + struct sc_pkcs15_prkey_rsa rsa; + unsigned char *blob = NULL, *blob01 = NULL; + size_t blob_len = 0, blob01_len = 0; + int rv; + + if (!prvkey || !out || !out_len) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Invalid arguments"); + if (prvkey->algorithm != SC_ALGORITHM_RSA) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Invalid SDO operation"); + + rsa = prvkey->u.rsa; + /* Encode private RSA key part */ + rv = authentic_update_blob(ctx, AUTHENTIC_TAG_RSA_PRIVATE_P, rsa.p.data, rsa.p.len, &blob, &blob_len); + LOG_TEST_RET(ctx, rv, "SDO RSA P encode error"); + + rv = authentic_update_blob(ctx, AUTHENTIC_TAG_RSA_PRIVATE_Q, rsa.q.data, rsa.q.len, &blob, &blob_len); + LOG_TEST_RET(ctx, rv, "SDO RSA Q encode error"); + + rv = authentic_update_blob(ctx, AUTHENTIC_TAG_RSA_PRIVATE_PQ, rsa.iqmp.data, rsa.iqmp.len, &blob, &blob_len); + LOG_TEST_RET(ctx, rv, "SDO RSA PQ encode error"); + + rv = authentic_update_blob(ctx, AUTHENTIC_TAG_RSA_PRIVATE_DP1, rsa.dmp1.data, rsa.dmp1.len, &blob, &blob_len); + LOG_TEST_RET(ctx, rv, "SDO RSA DP1 encode error"); + + rv = authentic_update_blob(ctx, AUTHENTIC_TAG_RSA_PRIVATE_DQ1, rsa.dmq1.data, rsa.dmq1.len, &blob, &blob_len); + LOG_TEST_RET(ctx, rv, "SDO RSA DQ1 encode error"); + + rv = authentic_update_blob(ctx, AUTHENTIC_TAG_RSA_PRIVATE, blob, blob_len, &blob01, &blob01_len); + LOG_TEST_RET(ctx, rv, "SDO RSA Private encode error"); + + free (blob); + blob = NULL; + blob_len = 0; + + /* Encode public RSA key part */ + sc_log(ctx, "modulus.len:%i blob_len:%i", rsa.modulus.len, blob_len); + rv = authentic_update_blob(ctx, AUTHENTIC_TAG_RSA_PUBLIC_MODULUS, rsa.modulus.data, rsa.modulus.len, &blob, &blob_len); + LOG_TEST_RET(ctx, rv, "SDO RSA Modulus encode error"); + + sc_log(ctx, "exponent.len:%i blob_len:%i", rsa.exponent.len, blob_len); + rv = authentic_update_blob(ctx, AUTHENTIC_TAG_RSA_PUBLIC_EXPONENT, rsa.exponent.data, rsa.exponent.len, &blob, &blob_len); + LOG_TEST_RET(ctx, rv, "SDO RSA Exponent encode error"); + + rv = authentic_update_blob(ctx, AUTHENTIC_TAG_RSA_PUBLIC, blob, blob_len, &blob01, &blob01_len); + LOG_TEST_RET(ctx, rv, "SDO RSA Private encode error"); + + free (blob); + + rv = authentic_update_blob(ctx, AUTHENTIC_TAG_RSA, blob01, blob01_len, out, out_len); + LOG_TEST_RET(ctx, rv, "SDO RSA encode error"); + + free(blob01); + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +authentic_manage_sdo_encode(struct sc_card *card, struct sc_authentic_sdo *sdo, unsigned long cmd, + unsigned char **out, size_t *out_len) +{ + struct sc_context *ctx = card->ctx; + unsigned char *data = NULL; + size_t data_len = 0; + unsigned char data_tag = AUTHENTIC_TAG_DOCP; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "encode SDO operation (cmd:%lX,mech:%X,id:%X)", cmd, sdo->docp.mech, sdo->docp.id); + + if (!out || !out_len) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Invalid arguments"); + + rv = authentic_update_blob(ctx, AUTHENTIC_TAG_DOCP_MECH, &sdo->docp.mech, sizeof(sdo->docp.mech), + &data, &data_len); + LOG_TEST_RET(ctx, rv, "DOCP MECH encode error"); + + rv = authentic_update_blob(ctx, AUTHENTIC_TAG_DOCP_ID, &sdo->docp.id, sizeof(sdo->docp.id), + &data, &data_len); + LOG_TEST_RET(ctx, rv, "DOCP ID encode error"); + + if (cmd == SC_CARDCTL_AUTHENTIC_SDO_CREATE) { + rv = authentic_update_blob(ctx, AUTHENTIC_TAG_DOCP_ACLS, sdo->docp.acl_data, sdo->docp.acl_data_len, + &data, &data_len); + LOG_TEST_RET(ctx, rv, "DOCP ACLs encode error"); + + if (sdo->docp.security_parameter) { + rv = authentic_update_blob(ctx, AUTHENTIC_TAG_DOCP_SCP, + &sdo->docp.security_parameter, sizeof(sdo->docp.security_parameter), + &data, &data_len); + LOG_TEST_RET(ctx, rv, "DOCP ACLs encode error"); + } + if (sdo->docp.usage_counter[0] || sdo->docp.usage_counter[1]) { + rv = authentic_update_blob(ctx, AUTHENTIC_TAG_DOCP_USAGE_COUNTER, + sdo->docp.usage_counter, sizeof(sdo->docp.usage_counter), + &data, &data_len); + LOG_TEST_RET(ctx, rv, "DOCP ACLs encode error"); + } + } + else if (cmd == SC_CARDCTL_AUTHENTIC_SDO_STORE) { + if (sdo->docp.mech == AUTHENTIC_MECH_CRYPTO_RSA1024 + || sdo->docp.mech == AUTHENTIC_MECH_CRYPTO_RSA1280 + || sdo->docp.mech == AUTHENTIC_MECH_CRYPTO_RSA1536 + || sdo->docp.mech == AUTHENTIC_MECH_CRYPTO_RSA1792 + || sdo->docp.mech == AUTHENTIC_MECH_CRYPTO_RSA2048) { + rv = authentic_manage_sdo_encode_prvkey(card, sdo->data.prvkey, &data, &data_len); + LOG_TEST_RET(ctx, rv, "SDO RSA encode error"); + } + else { + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Cryptographic object unsupported for encoding"); + } + } + else if (cmd == SC_CARDCTL_AUTHENTIC_SDO_GENERATE) { + if (sdo->data.prvkey) { + rv = authentic_update_blob(ctx, AUTHENTIC_TAG_RSA_PUBLIC_EXPONENT, + sdo->data.prvkey->u.rsa.exponent.data, sdo->data.prvkey->u.rsa.exponent.len, + &data, &data_len); + LOG_TEST_RET(ctx, rv, "SDO RSA Exponent encode error"); + } + + data_tag = AUTHENTIC_TAG_RSA_GENERATE_DATA; + } + else if (cmd != SC_CARDCTL_AUTHENTIC_SDO_DELETE) { + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Invalid SDO operation"); + } + + rv = authentic_update_blob(ctx, data_tag, data, data_len, out, out_len); + LOG_TEST_RET(ctx, rv, "SDO DOCP encode error"); + + free(data); + + sc_log(ctx, "encoded SDO operation data %s", sc_dump_hex(*out, *out_len)); + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +authentic_manage_sdo_generate(struct sc_card *card, struct sc_authentic_sdo *sdo) +{ + struct sc_context *ctx = card->ctx; + struct sc_apdu apdu; + unsigned char rbuf[0x400]; + unsigned char *data = NULL; + size_t data_len = 0; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "Generate SDO(mech:%X,id:%X)", sdo->docp.mech, sdo->docp.id); + + rv = authentic_manage_sdo_encode(card, sdo, SC_CARDCTL_AUTHENTIC_SDO_GENERATE, &data, &data_len); + LOG_TEST_RET(ctx, rv, "Cannot encode SDO data"); + sc_log(ctx, "encoded SDO length %i", data_len); + + sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0x47, 0x00, 0x00); + apdu.data = data; + apdu.datalen = data_len; + apdu.lc = data_len; + apdu.resp = rbuf; + apdu.resplen = sizeof(rbuf); + apdu.le = 0x100; + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(ctx, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + LOG_TEST_RET(ctx, rv, "authentic_sdo_create() SDO put data error"); + + rv = authentic_decode_pubkey_rsa(ctx, apdu.resp, apdu.resplen, &sdo->data.prvkey); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "cannot decode public key"); + + free(data); + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +authentic_manage_sdo(struct sc_card *card, struct sc_authentic_sdo *sdo, unsigned long cmd) +{ + struct sc_context *ctx = card->ctx; + struct sc_apdu apdu; + unsigned char *data = NULL; + size_t data_len = 0, save_max_send = card->max_send_size; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "SDO(cmd:%lX,mech:%X,id:%X)", cmd, sdo->docp.mech, sdo->docp.id); + + rv = authentic_manage_sdo_encode(card, sdo, cmd, &data, &data_len); + LOG_TEST_RET(ctx, rv, "Cannot encode SDO data"); + sc_log(ctx, "encoded SDO length %i", data_len); + + sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xDB, 0x3F, 0xFF); + apdu.data = data; + apdu.datalen = data_len; + apdu.lc = data_len; + apdu.flags |= SC_APDU_FLAGS_CHAINING; + + if (card->max_send_size > 255) + card->max_send_size = 255; + rv = sc_transmit_apdu(card, &apdu); + card->max_send_size = save_max_send; + LOG_TEST_RET(ctx, rv, "APDU transmit failed"); + + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + LOG_TEST_RET(ctx, rv, "authentic_sdo_create() SDO put data error"); + + free(data); + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +authentic_card_ctl(struct sc_card *card, unsigned long cmd, void *ptr) +{ + struct sc_context *ctx = card->ctx; + struct sc_authentic_sdo *sdo = (struct sc_authentic_sdo *) ptr; + + switch (cmd) { + case SC_CARDCTL_GET_SERIALNR: + return authentic_get_serialnr(card, (struct sc_serial_number *)ptr); + case SC_CARDCTL_AUTHENTIC_SDO_CREATE: + sc_log(ctx, "CARDCTL SDO_CREATE: sdo(mech:%X,id:%X)", sdo->docp.mech, sdo->docp.id); + return authentic_manage_sdo(card, (struct sc_authentic_sdo *) ptr, cmd); + case SC_CARDCTL_AUTHENTIC_SDO_DELETE: + sc_log(ctx, "CARDCTL SDO_DELETE: sdo(mech:%X,id:%X)", sdo->docp.mech, sdo->docp.id); + return authentic_manage_sdo(card, (struct sc_authentic_sdo *) ptr, cmd); + case SC_CARDCTL_AUTHENTIC_SDO_STORE: + sc_log(ctx, "CARDCTL SDO_STORE: sdo(mech:%X,id:%X)", sdo->docp.mech, sdo->docp.id); + return authentic_manage_sdo(card, (struct sc_authentic_sdo *) ptr, cmd); + case SC_CARDCTL_AUTHENTIC_SDO_GENERATE: + sc_log(ctx, "CARDCTL SDO_GENERATE: sdo(mech:%X,id:%X)", sdo->docp.mech, sdo->docp.id); + return authentic_manage_sdo_generate(card, (struct sc_authentic_sdo *) ptr); + } + return SC_ERROR_NOT_SUPPORTED; +} + + +static int +authentic_set_security_env(struct sc_card *card, + const struct sc_security_env *env, int se_num) +{ + struct sc_context *ctx = card->ctx; + struct sc_apdu apdu; + unsigned char cse_crt_dst[] = { + 0x80, 0x01, AUTHENTIC_ALGORITHM_RSA_PKCS1, + 0x83, 0x01, env->key_ref[0] & ~AUTHENTIC_OBJECT_REF_FLAG_LOCAL, + }; + unsigned char cse_crt_ct[] = { + 0x80, 0x01, AUTHENTIC_ALGORITHM_RSA_PKCS1, + 0x83, 0x01, env->key_ref[0] & ~AUTHENTIC_OBJECT_REF_FLAG_LOCAL, + }; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "set SE#%i(op:0x%X,algo:0x%X,algo_ref:0x%X,flags:0x%X), key_ref:0x%X", + se_num, env->operation, env->algorithm, env->algorithm_ref, env->algorithm_flags, env->key_ref[0]); + switch (env->operation) { + case SC_SEC_OPERATION_SIGN: + sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x22, 0x41, AUTHENTIC_TAG_CRT_DST); + apdu.data = cse_crt_dst; + apdu.datalen = sizeof(cse_crt_dst); + apdu.lc = sizeof(cse_crt_dst); + break; + case SC_SEC_OPERATION_DECIPHER: + sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x22, 0x41, AUTHENTIC_TAG_CRT_CT); + apdu.data = cse_crt_ct; + apdu.datalen = sizeof(cse_crt_ct); + apdu.lc = sizeof(cse_crt_ct); + break; + default: + LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED); + } +#if 0 + apdu.flags |= SC_APDU_FLAGS_CAN_WAIT; +#endif + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(ctx, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + LOG_TEST_RET(ctx, rv, "MSE restore error"); + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +authentic_decipher(struct sc_card *card, const unsigned char *in, size_t in_len, + unsigned char *out, size_t out_len) +{ + struct sc_context *ctx = card->ctx; + struct sc_apdu apdu; + unsigned char resp[SC_MAX_APDU_BUFFER_SIZE]; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "crgram_len %i; outlen %i", in_len, out_len); + if (!out || !out_len || in_len > SC_MAX_APDU_BUFFER_SIZE) + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS); + + sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0x2A, 0x80, 0x86); + apdu.flags |= SC_APDU_FLAGS_CHAINING; + apdu.data = in; + apdu.datalen = in_len; + apdu.lc = in_len; + apdu.resp = resp; + apdu.resplen = sizeof(resp); + apdu.le = in_len - (in_len % 8); + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(ctx, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + LOG_TEST_RET(ctx, rv, "Card returned error"); + + if (out_len > apdu.resplen) + out_len = apdu.resplen; + + memcpy(out, apdu.resp, out_len); + rv = out_len; + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +authentic_finish(struct sc_card *card) +{ + struct sc_context *ctx = card->ctx; + + LOG_FUNC_CALLED(ctx); + if (card->drv_data) + free(card->drv_data); + card->drv_data = NULL; + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static struct sc_card_driver * +sc_get_driver(void) +{ + struct sc_card_driver *iso_drv = sc_get_iso7816_driver(); + + if (!iso_ops) + iso_ops = iso_drv->ops; + + authentic_ops = *iso_ops; + + authentic_ops.match_card = authentic_match_card; + authentic_ops.init = authentic_init; + authentic_ops.finish = authentic_finish; + authentic_ops.read_binary = authentic_read_binary; + authentic_ops.write_binary = authentic_write_binary; + authentic_ops.update_binary = authentic_update_binary; + authentic_ops.erase_binary = authentic_erase_binary; + /* authentic_ops.resize_file = authentic_resize_file; */ + authentic_ops.select_file = authentic_select_file; + /* get_response: Untested */ + authentic_ops.get_challenge = authentic_get_challenge; + authentic_ops.set_security_env = authentic_set_security_env; + /* decipher: Untested */ + authentic_ops.decipher = authentic_decipher; + /* authentic_ops.compute_signature = authentic_compute_signature; */ + authentic_ops.create_file = authentic_create_file; + authentic_ops.delete_file = authentic_delete_file; + authentic_ops.card_ctl = authentic_card_ctl; + authentic_ops.process_fci = authentic_process_fci; + authentic_ops.pin_cmd = authentic_pin_cmd; + + return &authentic_drv; +} + +struct sc_card_driver * +sc_get_authentic_driver(void) +{ + return sc_get_driver(); +} + +#endif /* ENABLE_OPENSSL */ diff -Nru opensc-0.11.13/src/libopensc/card-belpic.c opensc-0.12.1/src/libopensc/card-belpic.c --- opensc-0.11.13/src/libopensc/card-belpic.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/card-belpic.c 2011-05-17 17:07:00.000000000 +0000 @@ -80,11 +80,14 @@ * language-selection functionality. */ -#include "internal.h" -#include "log.h" +#include "config.h" + #include #include +#include "internal.h" +#include "log.h" + #ifdef BELPIC_PIN_PAD #ifndef HAVE_GUI #define HAVE_GUI @@ -98,7 +101,6 @@ /* These defines are disabled for OpenSC */ #if 0 -#define BELPIC_SET_LANG #define GET_LANG_FROM_CARD #define HAVE_ALLOW_SSO #endif @@ -282,26 +284,10 @@ "Die von Ihnen eingegebenen PINs unterscheiden sich.\n\nErneut versuchen oder abbrechen?" }; -struct pcsc_slot_data { - SCARDHANDLE pcsc_card; -}; /* comes from reader-pcsc.c */ -#define GET_SLOT_DATA(r) ((struct pcsc_slot_data *) (r)->drv_data) -#define PCSC_ERROR(ctx, desc, rv) sc_error(ctx, desc ": %lx\n", rv); +#define PCSC_ERROR(ctx, desc, rv) sc_debug(ctx, SC_LOG_DEBUG_NORMAL, desc ": %lx\n", rv); #endif /* BELPIC_PIN_PAD */ -#ifdef BELPIC_SET_LANG - -#define MAX_READER_LEN 100 -typedef struct t_lang_info { - char reader[MAX_READER_LEN]; - int lang; -} t_lang_info; - -static t_lang_info lang_infos[SC_MAX_READERS]; - -#endif /* BELPIC_SET_LANG */ - /* Language support for the GUI messages */ #ifdef HAVE_GUI @@ -596,73 +582,11 @@ { struct belpic_priv_data *priv = DRVDATA(card); int lang = priv->lang; -#ifdef BELPIC_SET_LANG - int i; - - for (i = 0; i < SC_MAX_READERS; i++) { - if (lang_infos[i].reader[0] == '\0') { - if (lang_infos[i].lang != LNG_NONE) - lang = lang_infos[i].lang; - break; - } - if (strncmp(lang_infos[i].reader, card->reader->name, MAX_READER_LEN) == 0) { - if (lang_infos[i].lang != LNG_NONE) - lang = lang_infos[i].lang; - } - } -#endif /* BELPIC_SET_LANG */ - return lang; } #endif /* defined(HAVE_GUI) ||defined(BELPIC_PIN_PAD) */ -#ifdef BELPIC_SET_LANG - -/** - * Force the language for the GUI and pinpad readers for one specific - * or for all readers. - * - IN reader: the PC/SC name of the reader, or NULL for all readers - * - IN lang: 0 for English, 1 for Dutch, 2 for French, 3 for German - * and 0xFFFF to clear a previously selected language. - * Returns: - * 0 if OK, - * -1 if a bad language code was given, - * -2 if you called this function with more then MAX_READER_LEN (16) - * different reader names and a lang code different from 0xFF - */ -int belpic_set_language(const char *reader, int lang) -{ - int i; - - /* Check if language has a correct value */ - if ((lang != LNG_NONE) && (lang < LNG_ENG || lang > LNG_GERMAN)) - return -1; /* Bad language */ - - /* Set or clear the language for the/all reader(s) */ - for (i = 0; i < SC_MAX_READERS; i++) { - if (reader == NULL) { /* For all readers */ - lang_infos[i].lang = lang; - if (lang == LNG_NONE) - lang_infos[i].reader[0] = '\0'; - } else { /* For only 1 reader */ - if (lang_infos[i].reader[0] == '\0') { /* reader not yet present */ - strlcpy(lang_infos[i].reader, reader, sizeof(lang_infos[i].reader)); - lang_infos[i].lang = lang; - break; - } else if (strncmp(reader, lang_infos[i].reader, MAX_READER_LEN - 1) == 0) { - lang_infos[i].lang = lang; - break; - } else if (i == SC_MAX_READERS - 1) - return -2; /* Too many readers (shouldn't happen) */ - } - } - - return 0; -} - -#endif /* BELPIC_SET_LANG */ - static int str2lang(sc_context_t *ctx, char *lang) { if (memcmp(lang, "en", 2) == 0) @@ -673,7 +597,7 @@ return LNG_FRENCH; else if (memcmp(lang, "de", 2) == 0) return LNG_GERMAN; - sc_debug(ctx, "Unknown/unsupported language code: %c%c\n", lang[0], lang[1]); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Unknown/unsupported language code: %c%c\n", lang[0], lang[1]); return -1; } @@ -761,13 +685,13 @@ r = sc_transmit_apdu(card, &apdu); if (r < 0) { - sc_debug(card->ctx, "Select_File[prefs_file] command failed: %d\n", r); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Select_File[prefs_file] command failed: %d\n", r); sc_unlock(card); goto prefs_error; } r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (r < 0) { - sc_debug(card->ctx, "Select_File[prefs_file]: card returned %d\n", r); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Select_File[prefs_file]: card returned %d\n", r); sc_unlock(card); goto prefs_error; } @@ -775,7 +699,7 @@ r = iso_ops->read_binary(card, 0, prefs, sizeof(prefs), 0); sc_unlock(card); if (r <= 0) { - sc_debug(card->ctx, "Read_Binary[prefs_file] returned %d\n", r); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Read_Binary[prefs_file] returned %d\n", r); goto prefs_error; } #if 0 @@ -783,7 +707,7 @@ #endif i = get_pref(prefs, r, "[gen]", "lg", &len); if (i <= 0 || len < 2) { - sc_debug(card->ctx, "Couldn't find language in prefs file: %d\n", i); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Couldn't find language in prefs file: %d\n", i); goto prefs_error; } lg_value = prefs + i; /* language code(s) found, starts here */ @@ -866,7 +790,7 @@ priv_data->scr_change_pin = (FARPROC) SCR_SCardChangePIN; if (priv_data->scr_init == NULL || priv_data->scr_verify_pin == NULL) { - sc_debug(card->ctx, "Function not found in \"%s\" err = 0x%0x\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Function not found in \"%s\" err = 0x%0x\n", pp_reader_lib, GetLastError()); load_pin_pad_err(reader_name, pp_reader_lib, "unsufficient functionality found in library"); @@ -875,12 +799,12 @@ r = priv_data->scr_init(pp_reader_lib, reader_name, 1, &supported); if (r != SCARD_S_SUCCESS) { - sc_debug(card->ctx, "SCR_Init() returned 0x%0x\n", r); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "SCR_Init() returned 0x%0x\n", r); load_pin_pad_err(reader_name, pp_reader_lib, "Initialization of library failed"); return SC_ERROR_READER; } if (supported) { - sc_debug(card->ctx, "SCR_init() returned not supported code 0x%0x\n", supported); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "SCR_init() returned not supported code 0x%0x\n", supported); load_pin_pad_err(reader_name, pp_reader_lib, "Initialization of library returned UNSUPPORTED"); return SC_ERROR_READER; @@ -888,10 +812,10 @@ #if 0 HINSTANCE dll = LoadLibrary(pp_reader_lib); - sc_debug(card->ctx, "Pin pad reader \"%s\" found, now loading corresponding lib \"%s\"\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Pin pad reader \"%s\" found, now loading corresponding lib \"%s\"\n", reader_name, pp_reader_lib); if (dll == NULL) { - sc_debug(card->ctx, "Unable to load library \"%s\", err = 0x%0x\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unable to load library \"%s\", err = 0x%0x\n", pp_reader_lib, GetLastError()); load_pin_pad_err(reader_name, pp_reader_lib, "library not found or unable to load it"); @@ -901,7 +825,7 @@ priv_data->scr_verify_pin = GetProcAddress(dll, "SCR_VerifyPIN"); priv_data->scr_change_pin = GetProcAddress(dll, "SCR_ChangePIN"); if (priv_data->scr_init == NULL || priv_data->scr_verify_pin == NULL) { - sc_debug(card->ctx, "Function not found in \"%s\" err = 0x%0x\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Function not found in \"%s\" err = 0x%0x\n", pp_reader_lib, GetLastError()); load_pin_pad_err(reader_name, pp_reader_lib, "unsufficient functionality found in library"); @@ -909,12 +833,12 @@ } r = priv_data->scr_init(reader_name, 1, &supported); if (r != SCARD_S_SUCCESS) { - sc_debug(card->ctx, "SCR_Init() returned 0x%0x\n", r); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "SCR_Init() returned 0x%0x\n", r); load_pin_pad_err(reader_name, pp_reader_lib, "Initialization of library failed"); return SC_ERROR_READER; } if (supported) { - sc_debug(card->ctx, "SCR_init() returned not supported code 0x%0x\n", supported); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "SCR_init() returned not supported code 0x%0x\n", supported); load_pin_pad_err(reader_name, pp_reader_lib, "Initialization of library returned UNSUPPORTED"); return SC_ERROR_READER; @@ -985,19 +909,19 @@ int r; #endif - sc_debug(card->ctx, "Belpic V%s", BELPIC_VERSION); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Belpic V%s", BELPIC_VERSION); #ifdef HAVE_GUI - sc_debug(card->ctx, " with GUI support"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, " with GUI support"); #endif #ifdef BELPIC_PIN_PAD - sc_debug(card->ctx, " with support for pin pad reader libs"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, " with support for pin pad reader libs"); #endif - sc_debug(card->ctx, "\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "\n"); if (card->type < 0) card->type = SC_CARD_TYPE_BELPIC_EID; /* Unknown card: assume it's the Belpic Card */ - priv = (struct belpic_priv_data *) calloc(1, sizeof(struct belpic_priv_data)); + priv = calloc(1, sizeof(struct belpic_priv_data)); if (priv == NULL) return SC_ERROR_OUT_OF_MEMORY; card->drv_data = priv; @@ -1035,13 +959,13 @@ #ifdef HAVE_GUI r = scgui_init(); if (r != 0) - sc_error(card->ctx, "scgui_init() returned error %d\n", i); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "scgui_init() returned error %d\n", i); #endif #ifdef BELPIC_PIN_PAD r = belpic_detect_pin_pad(card, priv); if (r == 1) - card->slot->capabilities |= SC_SLOT_CAP_PIN_PAD; + card->reader->capabilities |= SC_READER_CAP_PIN_PAD; else if (r < 0) return r; /* error loading/initing pin pad lib */ @@ -1086,11 +1010,11 @@ r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "Select File APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Select File APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (r) - SC_FUNC_RETURN(card->ctx, 2, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); next_idx = (size_t)-1; /* reset */ @@ -1209,7 +1133,7 @@ if (r1 == SCGUI_CANCEL) return r; else if (r1 != SCGUI_OK) { - sc_error(card->ctx, "scgui_ask_message returned %d\n", r1); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "scgui_ask_message returned %d\n", r1); return SC_ERROR_INTERNAL; } } else @@ -1230,7 +1154,7 @@ if (mesg_on_screen) scgui_remove_message(hDlg); - sc_debug(card->ctx, "SCR_Verify_PIN(): res = 0x%0x, status = %2X %2X\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "SCR_Verify_PIN(): res = 0x%0x, status = %2X %2X\n", r, card_status[0], card_status[1]); r = belpic_pp_test_res(card, r, card_status, tries_left); } @@ -1272,7 +1196,7 @@ if (r1 == SCGUI_CANCEL) return r; else if (r1 != SCGUI_OK) { - sc_error(card->ctx, "scgui_ask_message returned %d\n", r1); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "scgui_ask_message returned %d\n", r1); return SC_ERROR_INTERNAL; } } @@ -1284,7 +1208,7 @@ &scr_app_belpic, card_status); scgui_remove_message(hDlg); - sc_debug(card->ctx, "SCR_Change_PIN(): res = 0x%0x, status = %2X %2X\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "SCR_Change_PIN(): res = 0x%0x, status = %2X %2X\n", r, card_status[0], card_status[1]); r = belpic_pp_test_res(card, r, card_status, tries_left); } @@ -1303,10 +1227,10 @@ struct belpic_priv_data *priv = DRVDATA(card); int lang = belpic_calculate_lang(card); - if (card->slot->capabilities & SC_SLOT_CAP_PIN_PAD && priv->scr_init != NULL) { + if (card->reader->capabilities & SC_READER_CAP_PIN_PAD && priv->scr_init != NULL) { LONG r; SCR_Card scr_card = { - GET_SLOT_DATA(card->slot)->pcsc_card, + priv->pcsc_card, lang_codes[lang], {NULL, 0} , @@ -1338,7 +1262,7 @@ data->pin1.encoding = data->pin2.encoding = BELPIC_PIN_ENCODING; data->pin1.pad_char = data->pin2.pad_char = BELPIC_PAD_CHAR; data->pin1.min_length = data->pin2.min_length = BELPIC_MIN_USER_PIN_LEN; - data->pin1.max_length = data->pin1.max_length = BELPIC_MAX_USER_PIN_LEN; + data->pin1.max_length = data->pin2.max_length = BELPIC_MAX_USER_PIN_LEN; data->apdu = NULL; return iso_ops->pin_cmd(card, data, tries_left); @@ -1385,7 +1309,7 @@ #ifdef BELPIC_PIN_PAD /* In case of a pinpad reader */ - if (card->slot->capabilities & SC_SLOT_CAP_PIN_PAD && priv->scr_init != NULL) { + if (card->reader->capabilities & SC_READER_CAP_PIN_PAD && priv->scr_init != NULL) { data.pin1.data = NULL; data.pin1.len = 0; @@ -1417,7 +1341,7 @@ if (r1 == SCGUI_CANCEL) return r; else if (r1 != SCGUI_OK) { - sc_error(card->ctx, "scgui_ask_message returned %d\n", r1); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "scgui_ask_message returned %d\n", r1); return SC_ERROR_INTERNAL; } @@ -1452,7 +1376,7 @@ u8 sbuf[SC_MAX_APDU_BUFFER_SIZE]; int r; - sc_debug(card->ctx, "belpic_set_security_env(), keyRef = 0x%0x, algo = 0x%0x\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "belpic_set_security_env(), keyRef = 0x%0x, algo = 0x%0x\n", *env->key_ref, env->algorithm_flags); assert(card != NULL && env != NULL); @@ -1470,7 +1394,7 @@ else if (env->algorithm_flags & SC_ALGORITHM_RSA_HASH_MD5) sbuf[2] = 0x04; else { - sc_error(card->ctx, "Set Sec Env: unsupported algo 0X%0X\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Set Sec Env: unsupported algo 0X%0X\n", env->algorithm_flags); return SC_ERROR_INVALID_ARGUMENTS; } @@ -1487,10 +1411,10 @@ apdu.resplen = 0; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "Set Security Env APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Set Security Env APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card's Set Security Env command returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card's Set Security Env command returned error"); /* If a NonRep signature will be done, ask to enter a PIN. It would be more * logical to put the code below into the compute signature function because @@ -1506,11 +1430,11 @@ #ifdef HAVE_GUI r = belpic_askpin_verify(card, SCR_USAGE_SIGN); if (r != 0 && r != SC_ERROR_KEYPAD_CANCELLED) - sc_error(card->ctx, "Verify PIN in SET command returned %d\n", r); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Verify PIN in SET command returned %d\n", r); else - sc_debug(card->ctx, "Verify PIN in SET command returned %d\n", r); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Verify PIN in SET command returned %d\n", r); #else - sc_debug(card->ctx, "No GUI for NonRep key present, signature cancelled\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "No GUI for NonRep key present, signature cancelled\n"); return SC_ERROR_NOT_SUPPORTED; #endif } @@ -1536,6 +1460,25 @@ return r; } +static int belpic_update_binary(sc_card_t *card, + unsigned int idx, const u8 *buf, size_t count, + unsigned long flags) +{ + int r; + + r = iso_ops->update_binary(card, idx, buf, count, flags); + +#ifdef HAVE_GUI + if (r == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED && SSO_OK(card->ctx)) { + r = belpic_askpin_verify(card, SCR_USAGE_AUTH); + if (r == 0) + r = iso_ops->update_binary(card, idx, buf, count, flags); + } +#endif + + return r; +} + #if 0 static int belpic_logout(sc_card_t *card) { @@ -1546,12 +1489,12 @@ apdu.cla = 0x80; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "LOGOFF: APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "LOGOFF: APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "LOGOFF returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "LOGOFF returned error"); - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } #endif @@ -1564,6 +1507,7 @@ belpic_ops.init = belpic_init; belpic_ops.finish = belpic_finish; + belpic_ops.update_binary = belpic_update_binary; belpic_ops.select_file = belpic_select_file; belpic_ops.read_binary = belpic_read_binary; belpic_ops.pin_cmd = belpic_pin_cmd; diff -Nru opensc-0.11.13/src/libopensc/card.c opensc-0.12.1/src/libopensc/card.c --- opensc-0.11.13/src/libopensc/card.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/card.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,8 +18,8 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" -#include "asn1.h" +#include "config.h" + #include #include #ifdef HAVE_UNISTD_H @@ -27,6 +27,13 @@ #endif #include +#include "internal.h" +#include "asn1.h" + +/* +#define INVALIDATE_CARD_CACHE_IN_UNLOCK +*/ + int sc_check_sw(sc_card_t *card, unsigned int sw1, unsigned int sw2) { if (card == NULL) @@ -55,10 +62,10 @@ if (ctx == NULL) return NULL; - card = (sc_card_t *) calloc(1, sizeof(struct sc_card)); + card = calloc(1, sizeof(struct sc_card)); if (card == NULL) return NULL; - card->ops = (struct sc_card_operations *) malloc(sizeof(struct sc_card_operations)); + card->ops = malloc(sizeof(struct sc_card_operations)); if (card->ops == NULL) { free(card); return NULL; @@ -73,15 +80,14 @@ card->type = -1; card->app_count = -1; - card->magic = SC_CARD_MAGIC; return card; } static void sc_card_free(sc_card_t *card) { - assert(sc_card_valid(card)); sc_free_apps(card); + sc_free_ef_atr(card); if (card->ef_dir != NULL) sc_file_free(card->ef_dir); free(card->ops); @@ -90,54 +96,44 @@ if (card->mutex != NULL) { int r = sc_mutex_destroy(card->ctx, card->mutex); if (r != SC_SUCCESS) - sc_error(card->ctx, "unable to destroy mutex\n"); + sc_log(card->ctx, "unable to destroy mutex"); } sc_mem_clear(card, sizeof(*card)); free(card); } -int sc_connect_card(sc_reader_t *reader, int slot_id, sc_card_t **card_out) +int sc_connect_card(sc_reader_t *reader, sc_card_t **card_out) { sc_card_t *card; sc_context_t *ctx; - sc_slot_info_t *slot = _sc_get_slot_info(reader, slot_id); struct sc_card_driver *driver; int i, r = 0, idx, connected = 0; if (card_out == NULL || reader == NULL) return SC_ERROR_INVALID_ARGUMENTS; ctx = reader->ctx; - SC_FUNC_CALLED(ctx, 1); + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); if (reader->ops->connect == NULL) - SC_FUNC_RETURN(ctx, 0, SC_ERROR_NOT_SUPPORTED); - if (slot == NULL) - SC_FUNC_RETURN(ctx, 0, SC_ERROR_SLOT_NOT_FOUND); + LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED); card = sc_card_new(ctx); if (card == NULL) - SC_FUNC_RETURN(ctx, 1, SC_ERROR_OUT_OF_MEMORY); - r = reader->ops->connect(reader, slot); + LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY); + r = reader->ops->connect(reader); if (r) goto err; connected = 1; card->reader = reader; - card->slot = slot; card->ctx = ctx; - /* These can be overridden by the card driver */ - card->max_send_size = reader->driver->max_send_size; - card->max_recv_size = reader->driver->max_recv_size; - - memcpy(card->atr, slot->atr, slot->atr_len); - card->atr_len = slot->atr_len; + memcpy(&card->atr, &reader->atr, sizeof(card->atr)); - _sc_parse_atr(reader->ctx, slot); + _sc_parse_atr(reader); /* See if the ATR matches any ATR specified in the config file */ if ((driver = ctx->forced_driver) == NULL) { - if (ctx->debug >= 3) - sc_debug(ctx, "matching configured ATRs\n"); + sc_debug(ctx, SC_LOG_DEBUG_MATCH, "matching configured ATRs"); for (i = 0; ctx->card_drivers[i] != NULL; i++) { driver = ctx->card_drivers[i]; @@ -146,14 +142,12 @@ driver = NULL; continue; } - if (ctx->debug >= 3) - sc_debug(ctx, "trying driver: %s\n", driver->short_name); + sc_debug(ctx, SC_LOG_DEBUG_MATCH, "trying driver: %s", driver->short_name); idx = _sc_match_atr(card, driver->atr_map, NULL); if (idx >= 0) { struct sc_atr_table *src = &driver->atr_map[idx]; - if (ctx->debug >= 3) - sc_debug(ctx, "matched: %s\n", driver->name); + sc_debug(ctx, SC_LOG_DEBUG_MATCH, "matched: %s", driver->name); /* It's up to card driver to notice these correctly */ card->name = src->name; card->type = src->type; @@ -172,33 +166,30 @@ if (card->ops->init != NULL) { r = card->ops->init(card); if (r) { - sc_error(ctx, "driver '%s' init() failed: %s\n", card->driver->name, - sc_strerror(r)); + sc_debug(ctx, SC_LOG_DEBUG_MATCH, "driver '%s' init() failed: %s", + card->driver->name, sc_strerror(r)); goto err; } } } else { - if (ctx->debug >= 3) - sc_debug(ctx, "matching built-in ATRs\n"); + sc_debug(ctx, SC_LOG_DEBUG_MATCH, "matching built-in ATRs"); for (i = 0; ctx->card_drivers[i] != NULL; i++) { struct sc_card_driver *drv = ctx->card_drivers[i]; const struct sc_card_operations *ops = drv->ops; - if (ctx->debug >= 3) - sc_debug(ctx, "trying driver: %s\n", drv->short_name); + sc_debug(ctx, SC_LOG_DEBUG_MATCH, "trying driver: %s", drv->short_name); if (ops == NULL || ops->match_card == NULL) continue; /* Needed if match_card() needs to talk with the card (e.g. card-muscle) */ *card->ops = *ops; if (ops->match_card(card) != 1) continue; - if (ctx->debug >= 3) - sc_debug(ctx, "matched: %s\n", drv->name); + sc_debug(ctx, SC_LOG_DEBUG_MATCH, "matched: %s", drv->name); memcpy(card->ops, ops, sizeof(struct sc_card_operations)); card->driver = drv; r = ops->init(card); if (r) { - sc_error(ctx, "driver '%s' init() failed: %s\n", drv->name, + sc_debug(ctx, SC_LOG_DEBUG_MATCH, "driver '%s' init() failed: %s", drv->name, sc_strerror(r)); if (r == SC_ERROR_INVALID_CARD) { card->driver = NULL; @@ -210,7 +201,7 @@ } } if (card->driver == NULL) { - sc_error(ctx, "unable to find driver for inserted card\n"); + sc_debug(ctx, SC_LOG_DEBUG_MATCH, "unable to find driver for inserted card"); r = SC_ERROR_INVALID_CARD; goto err; } @@ -218,40 +209,56 @@ card->name = card->driver->name; *card_out = card; - sc_debug(ctx, "card info: %s, %i, 0x%X\n", card->name, card->type, card->flags); - SC_FUNC_RETURN(ctx, 1, 0); + /* Override card limitations with reader limitations. + * Note that zero means no limitations at all. + */ + if ((card->max_recv_size == 0) || + ((reader->driver->max_recv_size != 0) && (reader->driver->max_recv_size < card->max_recv_size))) + card->max_recv_size = reader->driver->max_recv_size; + + if ((card->max_send_size == 0) || + ((reader->driver->max_send_size != 0) && (reader->driver->max_send_size < card->max_send_size))) + card->max_send_size = reader->driver->max_send_size; + + sc_log(ctx, "card info name:'%s', type:%i, flags:0x%X, max_send/recv_size:%i/%i", + card->name, card->type, card->flags, card->max_send_size, card->max_recv_size); + LOG_FUNC_RETURN(ctx, SC_SUCCESS); err: if (connected) - reader->ops->disconnect(reader, slot); + reader->ops->disconnect(reader); if (card != NULL) sc_card_free(card); - SC_FUNC_RETURN(ctx, 1, r); + LOG_FUNC_RETURN(ctx, r); } -int sc_disconnect_card(sc_card_t *card, int action) +int sc_disconnect_card(sc_card_t *card) { sc_context_t *ctx; - assert(sc_card_valid(card)); + + if (!card) + return SC_ERROR_INVALID_ARGUMENTS; + ctx = card->ctx; - SC_FUNC_CALLED(ctx, 1); + LOG_FUNC_CALLED(ctx); + assert(card->lock_count == 0); if (card->ops->finish) { int r = card->ops->finish(card); if (r) - sc_error(card->ctx, "card driver finish() failed: %s\n", - sc_strerror(r)); + sc_log(ctx, "card driver finish() failed: %s", sc_strerror(r)); } + if (card->reader->ops->disconnect) { - int r = card->reader->ops->disconnect(card->reader, card->slot); + int r = card->reader->ops->disconnect(card->reader); if (r) - sc_error(card->ctx, "disconnect() failed: %s\n", - sc_strerror(r)); + sc_log(ctx, "disconnect() failed: %s", sc_strerror(r)); } + sc_card_free(card); - SC_FUNC_RETURN(ctx, 1, 0); + LOG_FUNC_RETURN(ctx, SC_SUCCESS); } -int sc_reset(sc_card_t *card) +int sc_reset(sc_card_t *card, int do_cold_reset) { int r, r2; @@ -264,14 +271,14 @@ if (r != SC_SUCCESS) return r; - r = card->reader->ops->reset(card->reader, card->slot); + r = card->reader->ops->reset(card->reader, do_cold_reset); /* invalidate cache */ memset(&card->cache, 0, sizeof(card->cache)); - card->cache_valid = 0; + card->cache.valid = 0; r2 = sc_mutex_unlock(card->ctx, card->mutex); if (r2 != SC_SUCCESS) { - sc_error(card->ctx, "unable to release lock\n"); + sc_log(card->ctx, "unable to release lock"); r = r != SC_SUCCESS ? r : r2; } @@ -282,7 +289,7 @@ { int r = 0, r2 = 0; - SC_FUNC_CALLED(card->ctx, 3); + LOG_FUNC_CALLED(card->ctx); if (card == NULL) return SC_ERROR_INVALID_ARGUMENTS; @@ -290,18 +297,26 @@ if (r != SC_SUCCESS) return r; if (card->lock_count == 0) { - if (card->reader->ops->lock != NULL) - r = card->reader->ops->lock(card->reader, card->slot); + if (card->reader->ops->lock != NULL) { + r = card->reader->ops->lock(card->reader); + if (r == SC_ERROR_CARD_RESET || r == SC_ERROR_READER_REATTACHED) { + /* invalidate cache */ + memset(&card->cache, 0, sizeof(card->cache)); + card->cache.valid = 0; + r = card->reader->ops->lock(card->reader); + } + } if (r == 0) - card->cache_valid = 1; + card->cache.valid = 1; } if (r == 0) card->lock_count++; r2 = sc_mutex_unlock(card->ctx, card->mutex); if (r2 != SC_SUCCESS) { - sc_error(card->ctx, "unable to release lock\n"); + sc_log(card->ctx, "unable to release lock"); r = r != SC_SUCCESS ? r : r2; } + return r; } @@ -309,27 +324,33 @@ { int r, r2; - SC_FUNC_CALLED(card->ctx, 3); - - if (card == NULL) + if (!card) return SC_ERROR_INVALID_ARGUMENTS; + + LOG_FUNC_CALLED(card->ctx); + r = sc_mutex_lock(card->ctx, card->mutex); if (r != SC_SUCCESS) return r; + assert(card->lock_count >= 1); if (--card->lock_count == 0) { +#ifdef INVALIDATE_CARD_CACHE_IN_UNLOCK /* invalidate cache */ memset(&card->cache, 0, sizeof(card->cache)); - card->cache_valid = 0; + card->cache.valid = 0; + sc_log(card->ctx, "cache invalidated"); +#endif /* release reader lock */ if (card->reader->ops->unlock != NULL) - r = card->reader->ops->unlock(card->reader, card->slot); + r = card->reader->ops->unlock(card->reader); } r2 = sc_mutex_unlock(card->ctx, card->mutex); if (r2 != SC_SUCCESS) { - sc_error(card->ctx, "unable to release lock\n"); + sc_log(card->ctx, "unable to release lock"); r = (r == SC_SUCCESS) ? r2 : r; } + return r; } @@ -338,81 +359,85 @@ int r; assert(card != NULL); - SC_FUNC_CALLED(card->ctx, 1); + LOG_FUNC_CALLED(card->ctx); + if (card->ops->list_files == NULL) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_NOT_SUPPORTED); + LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED); r = card->ops->list_files(card, buf, buflen); - SC_FUNC_RETURN(card->ctx, 1, r); + + LOG_FUNC_RETURN(card->ctx, r); } int sc_create_file(sc_card_t *card, sc_file_t *file) { int r; + char pbuf[SC_MAX_PATH_STRING_SIZE]; + const sc_path_t *in_path = &file->path; assert(card != NULL); - if (card->ctx->debug >= 1) { - char pbuf[SC_MAX_PATH_STRING_SIZE]; - const sc_path_t *in_path = &file->path; - r = sc_path_print(pbuf, sizeof(pbuf), in_path); - if (r != SC_SUCCESS) - pbuf[0] = '\0'; + r = sc_path_print(pbuf, sizeof(pbuf), in_path); + if (r != SC_SUCCESS) + pbuf[0] = '\0'; + + sc_log(card->ctx, "called; type=%d, path=%s, size=%u", in_path->type, pbuf, file->size); + /* ISO 7816-4: "Number of data bytes in the file, including structural information if any" + * can not be bigger than two bytes */ + if (file->size > 0xFFFF) + LOG_FUNC_RETURN(card->ctx, SC_ERROR_INVALID_ARGUMENTS); - sc_debug(card->ctx, "called; type=%d, path=%s, size=%u\n", - in_path->type, pbuf, file->size); - } if (card->ops->create_file == NULL) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_NOT_SUPPORTED); + LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED); + r = card->ops->create_file(card, file); - SC_FUNC_RETURN(card->ctx, 1, r); + LOG_FUNC_RETURN(card->ctx, r); } int sc_delete_file(sc_card_t *card, const sc_path_t *path) { int r; + char pbuf[SC_MAX_PATH_STRING_SIZE]; assert(card != NULL); - if (card->ctx->debug >= 1) { - char pbuf[SC_MAX_PATH_STRING_SIZE]; - r = sc_path_print(pbuf, sizeof(pbuf), path); - if (r != SC_SUCCESS) - pbuf[0] = '\0'; + r = sc_path_print(pbuf, sizeof(pbuf), path); + if (r != SC_SUCCESS) + pbuf[0] = '\0'; - sc_debug(card->ctx, "called; type=%d, path=%s\n", - path->type, pbuf); - } + sc_log(card->ctx, "called; type=%d, path=%s", path->type, pbuf); if (card->ops->delete_file == NULL) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_NOT_SUPPORTED); + LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED); r = card->ops->delete_file(card, path); - SC_FUNC_RETURN(card->ctx, 1, r); + + LOG_FUNC_RETURN(card->ctx, r); } int sc_read_binary(sc_card_t *card, unsigned int idx, unsigned char *buf, size_t count, unsigned long flags) { - size_t max_le = card->max_recv_size; + size_t max_le = card->max_recv_size > 0 ? card->max_recv_size : 256; int r; assert(card != NULL && card->ops != NULL && buf != NULL); - if (card->ctx->debug >= 2) - sc_debug(card->ctx, "called; %d bytes at index %d\n", count, idx); + sc_log(card->ctx, "called; %d bytes at index %d", count, idx); if (count == 0) return 0; + if (card->ops->read_binary == NULL) - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_NOT_SUPPORTED); + LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED); + if (count > max_le) { int bytes_read = 0; unsigned char *p = buf; r = sc_lock(card); - SC_TEST_RET(card->ctx, r, "sc_lock() failed"); + LOG_TEST_RET(card->ctx, r, "sc_lock() failed"); while (count > 0) { size_t n = count > max_le ? max_le : count; r = sc_read_binary(card, idx, p, n, flags); if (r < 0) { sc_unlock(card); - SC_TEST_RET(card->ctx, r, "sc_read_binary() failed"); + LOG_TEST_RET(card->ctx, r, "sc_read_binary() failed"); } p += r; idx += r; @@ -420,41 +445,41 @@ count -= r; if (r == 0) { sc_unlock(card); - SC_FUNC_RETURN(card->ctx, 2, bytes_read); + LOG_FUNC_RETURN(card->ctx, bytes_read); } } sc_unlock(card); - SC_FUNC_RETURN(card->ctx, 2, bytes_read); + LOG_FUNC_RETURN(card->ctx, bytes_read); } r = card->ops->read_binary(card, idx, buf, count, flags); - SC_FUNC_RETURN(card->ctx, 2, r); + LOG_FUNC_RETURN(card->ctx, r); } int sc_write_binary(sc_card_t *card, unsigned int idx, const u8 *buf, size_t count, unsigned long flags) { - size_t max_lc = card->max_send_size; + size_t max_lc = card->max_send_size > 0 ? card->max_send_size : 255; int r; assert(card != NULL && card->ops != NULL && buf != NULL); - if (card->ctx->debug >= 2) - sc_debug(card->ctx, "called; %d bytes at index %d\n", count, idx); + sc_log(card->ctx, "called; %d bytes at index %d", count, idx); if (count == 0) - return 0; + LOG_FUNC_RETURN(card->ctx, 0); if (card->ops->write_binary == NULL) - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_NOT_SUPPORTED); + LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED); + if (count > max_lc) { int bytes_written = 0; const u8 *p = buf; r = sc_lock(card); - SC_TEST_RET(card->ctx, r, "sc_lock() failed"); + LOG_TEST_RET(card->ctx, r, "sc_lock() failed"); while (count > 0) { size_t n = count > max_lc? max_lc : count; r = sc_write_binary(card, idx, p, n, flags); if (r < 0) { sc_unlock(card); - SC_TEST_RET(card->ctx, r, "sc_write_binary() failed"); + LOG_TEST_RET(card->ctx, r, "sc_write_binary() failed"); } p += r; idx += r; @@ -462,41 +487,42 @@ count -= r; if (r == 0) { sc_unlock(card); - SC_FUNC_RETURN(card->ctx, 2, bytes_written); + LOG_FUNC_RETURN(card->ctx, bytes_written); } } sc_unlock(card); - SC_FUNC_RETURN(card->ctx, 2, bytes_written); + LOG_FUNC_RETURN(card->ctx, bytes_written); } + r = card->ops->write_binary(card, idx, buf, count, flags); - SC_FUNC_RETURN(card->ctx, 2, r); + LOG_FUNC_RETURN(card->ctx, r); } int sc_update_binary(sc_card_t *card, unsigned int idx, const u8 *buf, size_t count, unsigned long flags) { - size_t max_lc = card->max_send_size; + size_t max_lc = card->max_send_size > 0 ? card->max_send_size : 255; int r; assert(card != NULL && card->ops != NULL && buf != NULL); - if (card->ctx->debug >= 2) - sc_debug(card->ctx, "called; %d bytes at index %d\n", count, idx); + sc_log(card->ctx, "called; %d bytes at index %d", count, idx); if (count == 0) return 0; if (card->ops->update_binary == NULL) - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_NOT_SUPPORTED); + LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED); + if (count > max_lc) { int bytes_written = 0; const u8 *p = buf; r = sc_lock(card); - SC_TEST_RET(card->ctx, r, "sc_lock() failed"); + LOG_TEST_RET(card->ctx, r, "sc_lock() failed"); while (count > 0) { size_t n = count > max_lc? max_lc : count; r = sc_update_binary(card, idx, p, n, flags); if (r < 0) { sc_unlock(card); - SC_TEST_RET(card->ctx, r, "sc_update_binary() failed"); + LOG_TEST_RET(card->ctx, r, "sc_update_binary() failed"); } p += r; idx += r; @@ -504,76 +530,97 @@ count -= r; if (r == 0) { sc_unlock(card); - SC_FUNC_RETURN(card->ctx, 2, bytes_written); + LOG_FUNC_RETURN(card->ctx, bytes_written); } } sc_unlock(card); - SC_FUNC_RETURN(card->ctx, 2, bytes_written); + LOG_FUNC_RETURN(card->ctx, bytes_written); } + r = card->ops->update_binary(card, idx, buf, count, flags); - SC_FUNC_RETURN(card->ctx, 2, r); + LOG_FUNC_RETURN(card->ctx, r); +} + + +int sc_erase_binary(struct sc_card *card, unsigned int offs, size_t count, unsigned long flags) +{ + int r; + + assert(card != NULL && card->ops != NULL); + sc_log(card->ctx, "called; erase %d bytes from offset %d", count, offs); + + if (card->ops->erase_binary == NULL) + LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED); + + r = card->ops->erase_binary(card, offs, count, flags); + LOG_FUNC_RETURN(card->ctx, r); } -int sc_select_file(sc_card_t *card, - const sc_path_t *in_path, - sc_file_t **file) + +int sc_select_file(sc_card_t *card, const sc_path_t *in_path, sc_file_t **file) { int r; + char pbuf[SC_MAX_PATH_STRING_SIZE]; assert(card != NULL && in_path != NULL); - if (card->ctx->debug >= 1) { - char pbuf[SC_MAX_PATH_STRING_SIZE]; - r = sc_path_print(pbuf, sizeof(pbuf), in_path); - if (r != SC_SUCCESS) - pbuf[0] = '\0'; + r = sc_path_print(pbuf, sizeof(pbuf), in_path); + if (r != SC_SUCCESS) + pbuf[0] = '\0'; - sc_debug(card->ctx, "called; type=%d, path=%s\n", - in_path->type, pbuf); - } + sc_log(card->ctx, "called; type=%d, path=%s", in_path->type, pbuf); if (in_path->len > SC_MAX_PATH_SIZE) - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_INVALID_ARGUMENTS); + LOG_FUNC_RETURN(card->ctx, SC_ERROR_INVALID_ARGUMENTS); + if (in_path->type == SC_PATH_TYPE_PATH) { /* Perform a sanity check */ size_t i; + if ((in_path->len & 1) != 0) - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_INVALID_ARGUMENTS); + LOG_FUNC_RETURN(card->ctx, SC_ERROR_INVALID_ARGUMENTS); + for (i = 0; i < in_path->len/2; i++) { u8 p1 = in_path->value[2*i], p2 = in_path->value[2*i+1]; + if ((p1 == 0x3F && p2 == 0x00) && i != 0) - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_INVALID_ARGUMENTS); + LOG_FUNC_RETURN(card->ctx, SC_ERROR_INVALID_ARGUMENTS); } } if (card->ops->select_file == NULL) - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_NOT_SUPPORTED); + LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED); r = card->ops->select_file(card, in_path, file); /* Remember file path */ if (r == 0 && file && *file) (*file)->path = *in_path; - SC_FUNC_RETURN(card->ctx, 1, r); + + LOG_FUNC_RETURN(card->ctx, r); } + int sc_get_data(sc_card_t *card, unsigned int tag, u8 *buf, size_t len) { int r; - sc_debug(card->ctx, "called, tag=%04x\n", tag); + sc_log(card->ctx, "called, tag=%04x", tag); if (card->ops->get_data == NULL) - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_NOT_SUPPORTED); + LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED); r = card->ops->get_data(card, tag, buf, len); - SC_FUNC_RETURN(card->ctx, 1, r); + + LOG_FUNC_RETURN(card->ctx, r); } int sc_put_data(sc_card_t *card, unsigned int tag, const u8 *buf, size_t len) { int r; - sc_debug(card->ctx, "called, tag=%04x\n", tag); + sc_log(card->ctx,"called, tag=%04x", tag); + if (card->ops->put_data == NULL) - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_NOT_SUPPORTED); + LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED); r = card->ops->put_data(card, tag, buf, len); - SC_FUNC_RETURN(card->ctx, 1, r); + + LOG_FUNC_RETURN(card->ctx, r); } int sc_get_challenge(sc_card_t *card, u8 *rnd, size_t len) @@ -581,11 +628,13 @@ int r; assert(card != NULL); - SC_FUNC_CALLED(card->ctx, 2); + LOG_FUNC_CALLED(card->ctx); + if (card->ops->get_challenge == NULL) - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_NOT_SUPPORTED); + LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED); r = card->ops->get_challenge(card, rnd, len); - SC_FUNC_RETURN(card->ctx, 2, r); + + LOG_FUNC_RETURN(card->ctx, r); } int sc_read_record(sc_card_t *card, unsigned int rec_nr, u8 *buf, @@ -594,11 +643,13 @@ int r; assert(card != NULL); - SC_FUNC_CALLED(card->ctx, 2); + LOG_FUNC_CALLED(card->ctx); + if (card->ops->read_record == NULL) - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_NOT_SUPPORTED); + LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED); r = card->ops->read_record(card, rec_nr, buf, count, flags); - SC_FUNC_RETURN(card->ctx, 2, r); + + LOG_FUNC_RETURN(card->ctx, r); } int sc_write_record(sc_card_t *card, unsigned int rec_nr, const u8 * buf, @@ -607,11 +658,13 @@ int r; assert(card != NULL); - SC_FUNC_CALLED(card->ctx, 2); + LOG_FUNC_CALLED(card->ctx); + if (card->ops->write_record == NULL) - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_NOT_SUPPORTED); + LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED); r = card->ops->write_record(card, rec_nr, buf, count, flags); - SC_FUNC_RETURN(card->ctx, 2, r); + + LOG_FUNC_RETURN(card->ctx, r); } int sc_append_record(sc_card_t *card, const u8 * buf, size_t count, @@ -620,11 +673,13 @@ int r; assert(card != NULL); - SC_FUNC_CALLED(card->ctx, 2); + LOG_FUNC_CALLED(card->ctx); + if (card->ops->append_record == NULL) - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_NOT_SUPPORTED); + LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED); r = card->ops->append_record(card, buf, count, flags); - SC_FUNC_RETURN(card->ctx, 2, r); + + LOG_FUNC_RETURN(card->ctx, r); } int sc_update_record(sc_card_t *card, unsigned int rec_nr, const u8 * buf, @@ -633,11 +688,13 @@ int r; assert(card != NULL); - SC_FUNC_CALLED(card->ctx, 2); + LOG_FUNC_CALLED(card->ctx); + if (card->ops->update_record == NULL) - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_NOT_SUPPORTED); + LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED); r = card->ops->update_record(card, rec_nr, buf, count, flags); - SC_FUNC_RETURN(card->ctx, 2, r); + + LOG_FUNC_RETURN(card->ctx, r); } int sc_delete_record(sc_card_t *card, unsigned int rec_nr) @@ -645,18 +702,13 @@ int r; assert(card != NULL); - SC_FUNC_CALLED(card->ctx, 2); + LOG_FUNC_CALLED(card->ctx); + if (card->ops->delete_record == NULL) - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_NOT_SUPPORTED); + LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED); r = card->ops->delete_record(card, rec_nr); - SC_FUNC_RETURN(card->ctx, 2, r); -} -int sc_card_valid(const sc_card_t *card) { -#ifndef NDEBUG - assert(card != NULL); -#endif - return card->magic == SC_CARD_MAGIC; + LOG_FUNC_RETURN(card->ctx, r); } int @@ -665,24 +717,24 @@ int r = SC_ERROR_NOT_SUPPORTED; assert(card != NULL); - SC_FUNC_CALLED(card->ctx, 2); + LOG_FUNC_CALLED(card->ctx); + if (card->ops->card_ctl != NULL) r = card->ops->card_ctl(card, cmd, args); /* suppress "not supported" error messages */ if (r == SC_ERROR_NOT_SUPPORTED) { - sc_debug(card->ctx, "card_ctl(%lu) not supported\n", - (unsigned long) cmd); + sc_log(card->ctx, "card_ctl(%lu) not supported", cmd); return r; } - SC_FUNC_RETURN(card->ctx, 2, r); + LOG_FUNC_RETURN(card->ctx, r); } int _sc_card_add_algorithm(sc_card_t *card, const sc_algorithm_info_t *info) { sc_algorithm_info_t *p; - assert(sc_card_valid(card) && info != NULL); + assert(info != NULL); p = (sc_algorithm_info_t *) realloc(card->algorithms, (card->algorithm_count + 1) * sizeof(*info)); if (!p) { if (card->algorithms) @@ -695,32 +747,32 @@ p += card->algorithm_count; card->algorithm_count++; *p = *info; - return 0; + return SC_SUCCESS; } -int _sc_card_add_rsa_alg(sc_card_t *card, unsigned int key_length, - unsigned long flags, unsigned long exponent) +int _sc_card_add_ec_alg(sc_card_t *card, unsigned int key_length, + unsigned long flags, unsigned long ext_flags) { sc_algorithm_info_t info; memset(&info, 0, sizeof(info)); - info.algorithm = SC_ALGORITHM_RSA; + info.algorithm = SC_ALGORITHM_EC; info.key_length = key_length; info.flags = flags; - info.u._rsa.exponent = exponent; + info.u._ec.ext_flags = ext_flags; return _sc_card_add_algorithm(card, &info); } -sc_algorithm_info_t * _sc_card_find_rsa_alg(sc_card_t *card, - unsigned int key_length) +static sc_algorithm_info_t * sc_card_find_alg(sc_card_t *card, + unsigned int algorithm, unsigned int key_length) { int i; for (i = 0; i < card->algorithm_count; i++) { sc_algorithm_info_t *info = &card->algorithms[i]; - if (info->algorithm != SC_ALGORITHM_RSA) + if (info->algorithm != algorithm) continue; if (info->key_length != key_length) continue; @@ -729,10 +781,42 @@ return NULL; } -static int match_atr_table(sc_context_t *ctx, struct sc_atr_table *table, u8 *atr, size_t atr_len) +sc_algorithm_info_t * sc_card_find_ec_alg(sc_card_t *card, + unsigned int key_length) +{ + return sc_card_find_alg(card, SC_ALGORITHM_EC, key_length); +} + +int _sc_card_add_rsa_alg(sc_card_t *card, unsigned int key_length, + unsigned long flags, unsigned long exponent) +{ + sc_algorithm_info_t info; + + memset(&info, 0, sizeof(info)); + info.algorithm = SC_ALGORITHM_RSA; + info.key_length = key_length; + info.flags = flags; + info.u._rsa.exponent = exponent; + + return _sc_card_add_algorithm(card, &info); +} + +sc_algorithm_info_t * sc_card_find_rsa_alg(sc_card_t *card, + unsigned int key_length) +{ + return sc_card_find_alg(card, SC_ALGORITHM_RSA, key_length); +} + +sc_algorithm_info_t * sc_card_find_gostr3410_alg(sc_card_t *card, + unsigned int key_length) +{ + return sc_card_find_alg(card, SC_ALGORITHM_GOSTR3410, key_length); +} + +static int match_atr_table(sc_context_t *ctx, struct sc_atr_table *table, struct sc_atr *atr) { - u8 *card_atr_bin = atr; - size_t card_atr_bin_len = atr_len; + u8 *card_atr_bin = atr->value; + size_t card_atr_bin_len = atr->len; char card_atr_hex[3 * SC_MAX_ATR_SIZE]; size_t card_atr_hex_len; unsigned int i = 0; @@ -742,8 +826,7 @@ sc_bin_to_hex(card_atr_bin, card_atr_bin_len, card_atr_hex, sizeof(card_atr_hex), ':'); card_atr_hex_len = strlen(card_atr_hex); - if (ctx->debug >= 4) - sc_debug(ctx, "ATR : %s\n", card_atr_hex); + sc_log(ctx, "ATR : %s", card_atr_hex); for (i = 0; table[i].atr != NULL; i++) { const char *tatr = table[i].atr; @@ -754,17 +837,14 @@ size_t fix_hex_len = card_atr_hex_len; size_t fix_bin_len = card_atr_bin_len; - if (ctx->debug >= 4) - sc_debug(ctx, "ATR try : %s\n", tatr); + sc_log(ctx, "ATR try : %s", tatr); if (tatr_len != fix_hex_len) { - if (ctx->debug >= 5) - sc_debug(ctx, "ignored - wrong length\n", tatr); + sc_log(ctx, "ignored - wrong length"); continue; } if (matr != NULL) { - if (ctx->debug >= 4) - sc_debug(ctx, "ATR mask: %s\n", matr); + sc_log(ctx, "ATR mask: %s", matr); matr_len = strlen(matr); if (tatr_len != matr_len) @@ -774,7 +854,7 @@ mbin_len = sizeof(mbin); sc_hex_to_bin(matr, mbin, &mbin_len); if (mbin_len != fix_bin_len) { - sc_error(ctx,"length of atr and atr mask do not match - ignored: %s - %s", tatr, matr); + sc_log(ctx, "length of atr and atr mask do not match - ignored: %s - %s", tatr, matr); continue; } for (s = 0; s < tbin_len; s++) { @@ -800,7 +880,7 @@ if (card == NULL) return -1; - res = match_atr_table(card->ctx, table, card->atr, card->atr_len); + res = match_atr_table(card->ctx, table, &card->atr); if (res < 0) return res; if (type_out != NULL) @@ -808,7 +888,7 @@ return res; } -scconf_block *_sc_match_atr_block(sc_context_t *ctx, struct sc_card_driver *driver, u8 *atr, size_t atr_len) +scconf_block *_sc_match_atr_block(sc_context_t *ctx, struct sc_card_driver *driver, struct sc_atr *atr) { struct sc_card_driver *drv; struct sc_atr_table *table; @@ -819,7 +899,7 @@ if (driver) { drv = driver; table = drv->atr_map; - res = match_atr_table(ctx, table, atr, atr_len); + res = match_atr_table(ctx, table, atr); if (res < 0) return NULL; return table[res].card_atr; @@ -829,7 +909,7 @@ for (i = 0; ctx->card_drivers[i] != NULL; i++) { drv = ctx->card_drivers[i]; table = drv->atr_map; - res = match_atr_table(ctx, table, atr, atr_len); + res = match_atr_table(ctx, table, atr); if (res < 0) continue; return table[res].card_atr; @@ -881,11 +961,11 @@ struct sc_atr_table *src = &driver->atr_map[i]; if (src->atr) - free(src->atr); + free((void *)src->atr); if (src->atrmask) - free(src->atrmask); + free((void *)src->atrmask); if (src->name) - free(src->name); + free((void *)src->name); src->card_atr = NULL; src = NULL; } @@ -897,33 +977,6 @@ return SC_SUCCESS; } -int _sc_check_forced_protocol(sc_context_t *ctx, u8 *atr, size_t atr_len, unsigned int *protocol) -{ - scconf_block *atrblock = NULL; - int ok = 0; - - if (!protocol) - return 0; - atrblock = _sc_match_atr_block(ctx, NULL, atr, atr_len); - if (atrblock != NULL) { - const char *forcestr; - - forcestr = scconf_get_str(atrblock, "force_protocol", "unknown"); - if (!strcmp(forcestr, "t0")) { - *protocol = SC_PROTO_T0; - ok = 1; - } else if (!strcmp(forcestr, "t1")) { - *protocol = SC_PROTO_T1; - ok = 1; - } else if (!strcmp(forcestr, "raw")) { - *protocol = SC_PROTO_RAW; - ok = 1; - } - if (ok) - sc_debug(ctx, "force_protocol: %s\n", forcestr); - } - return ok; -} scconf_block *sc_get_conf_block(sc_context_t *ctx, const char *name1, const char *name2, int priority) { @@ -944,3 +997,24 @@ return conf_block; } +void sc_print_cache(struct sc_card *card) { + struct sc_context *ctx = NULL; + + assert(card != NULL); + ctx = card->ctx; + + if (!card->cache.valid || (!card->cache.current_ef && !card->cache.current_df)) { + sc_log(ctx, "card cache invalid"); + return; + } + + if (card->cache.current_ef) + sc_log(ctx, "current_ef(type=%i) %s", card->cache.current_ef->path.type, + sc_print_path(&card->cache.current_ef->path)); + + if (card->cache.current_df) + sc_log(ctx, "current_df(type=%i, aid_len=%i) %s", card->cache.current_df->path.type, + card->cache.current_df->path.aid.len, + sc_print_path(&card->cache.current_df->path)); +} + diff -Nru opensc-0.11.13/src/libopensc/card-cardos.c opensc-0.12.1/src/libopensc/card-cardos.c --- opensc-0.11.13/src/libopensc/card-cardos.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/card-cardos.c 2011-05-17 17:07:00.000000000 +0000 @@ -21,12 +21,14 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" -#include "cardctl.h" +#include "config.h" + #include #include -#include +#include "internal.h" +#include "asn1.h" +#include "cardctl.h" static const struct sc_card_operations *iso_ops = NULL; @@ -42,7 +44,7 @@ /* 4.0 */ { "3b:e2:00:ff:c1:10:31:fe:55:c8:02:9c", NULL, NULL, SC_CARD_TYPE_CARDOS_GENERIC, 0, NULL }, /* Italian eID card, postecert */ - { "3b:e9:00:ff:c1:10:31:fe:55:00:64:05:00:c8:02:31:80:00:47", NULL, NULL, SC_CARD_TYPE_CARDOS_GENERIC, 0, NULL }, + { "3b:e9:00:ff:c1:10:31:fe:55:00:64:05:00:c8:02:31:80:00:47", NULL, NULL, SC_CARD_TYPE_CARDOS_CIE_V1, 0, NULL }, /* Italian eID card, infocamere */ { "3b:fb:98:00:ff:c1:10:31:fe:55:00:64:05:20:47:03:31:80:00:90:00:f3", NULL, NULL, SC_CARD_TYPE_CARDOS_GENERIC, 0, NULL }, /* Another Italian InfocamereCard */ @@ -50,60 +52,66 @@ { "3b:f4:98:00:ff:c1:10:31:fe:55:4d:34:63:76:b4", NULL, NULL, SC_CARD_TYPE_CARDOS_GENERIC, 0, NULL}, /* cardos m4.2 and above */ { "3b:f2:18:00:ff:c1:0a:31:fe:55:c8:06:8a", "ff:ff:0f:ff:00:ff:00:ff:ff:00:00:00:00", NULL, SC_CARD_TYPE_CARDOS_M4_2, 0, NULL }, + /* CardOS 4.4 */ + { "3b:d2:18:02:c1:0a:31:fe:58:c8:0d:51", NULL, NULL, SC_CARD_TYPE_CARDOS_M4_4, 0, NULL}, { NULL, NULL, NULL, 0, 0, NULL } }; -static int cardos_finish(sc_card_t *card) -{ - return 0; -} - static int cardos_match_card(sc_card_t *card) { + unsigned char atr[SC_MAX_ATR_SIZE]; int i; i = _sc_match_atr(card, cardos_atrs, &card->type); if (i < 0) return 0; + + memcpy(atr, card->atr.value, sizeof(atr)); + + /* Do not change card type for CIE! */ + if (card->type == SC_CARD_TYPE_CARDOS_CIE_V1) + return 1; + if (card->type == SC_CARD_TYPE_CARDOS_M4_4) + return 1; if (card->type == SC_CARD_TYPE_CARDOS_M4_2) { int rv; sc_apdu_t apdu; u8 rbuf[SC_MAX_APDU_BUFFER_SIZE]; /* first check some additional ATR bytes */ - if ((card->atr[4] != 0xff && card->atr[4] != 0x02) || - (card->atr[6] != 0x10 && card->atr[6] != 0x0a) || - (card->atr[9] != 0x55 && card->atr[9] != 0x58)) + if ((atr[4] != 0xff && atr[4] != 0x02) || + (atr[6] != 0x10 && atr[6] != 0x0a) || + (atr[9] != 0x55 && atr[9] != 0x58)) return 0; /* get the os version using GET DATA and compare it with * version in the ATR */ - sc_debug(card->ctx, "checking cardos version ..."); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "checking cardos version ..."); sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xca, 0x01, 0x82); apdu.resp = rbuf; apdu.resplen = sizeof(rbuf); apdu.le = 256; apdu.lc = 0; rv = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, rv, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "APDU transmit failed"); if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00) return 0; - if (apdu.resp[0] != card->atr[10] || - apdu.resp[1] != card->atr[11]) + if (apdu.resp[0] != atr[10] || + apdu.resp[1] != atr[11]) /* version mismatch */ return 0; - if (card->atr[11] <= 0x04) { - sc_debug(card->ctx, "found cardos m4.01"); + if (atr[11] <= 0x04) { + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "found cardos m4.01"); card->type = SC_CARD_TYPE_CARDOS_M4_01; - } else if (card->atr[11] == 0x08) { - sc_debug(card->ctx, "found cardos v4.3b"); + } else if (atr[11] == 0x08) { + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "found cardos v4.3b"); card->type = SC_CARD_TYPE_CARDOS_M4_3; - } else if (card->atr[11] == 0x09) { - sc_debug(card->ctx, "found cardos v4.2b"); + } else if (atr[11] == 0x09) { + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "found cardos v4.2b"); card->type = SC_CARD_TYPE_CARDOS_M4_2B; - } else if (card->atr[11] >= 0x0B) { - sc_debug(card->ctx, "found cardos v4.2c or higher"); + } else if (atr[11] >= 0x0B) { + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "found cardos v4.2c or higher"); card->type = SC_CARD_TYPE_CARDOS_M4_2C; } else { - sc_debug(card->ctx, "found cardos m4.2"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "found cardos m4.2"); } } return 1; @@ -123,7 +131,7 @@ apdu.lc = 0; apdu.le = 256; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if ((len = apdu.resplen) == 0) /* looks like no package has been installed */ @@ -147,7 +155,7 @@ static int cardos_init(sc_card_t *card) { - unsigned long flags; + unsigned long flags, rsa_2048 = 0; card->name = "CardOS M4"; card->cla = 0x00; @@ -167,16 +175,17 @@ if (r < 0) return r; if (r == 1) - card->caps |= SC_CARD_CAP_RSA_2048; + rsa_2048 = 1; card->caps |= SC_CARD_CAP_APDU_EXT; } else if (card->type == SC_CARD_TYPE_CARDOS_M4_3 || card->type == SC_CARD_TYPE_CARDOS_M4_2B - || card->type == SC_CARD_TYPE_CARDOS_M4_2C) { - card->caps |= SC_CARD_CAP_RSA_2048; + || card->type == SC_CARD_TYPE_CARDOS_M4_2C + || card->type == SC_CARD_TYPE_CARDOS_M4_4) { + rsa_2048 = 1; card->caps |= SC_CARD_CAP_APDU_EXT; } - if (card->caps & SC_CARD_CAP_RSA_2048) { + if (rsa_2048 == 1) { _sc_card_add_rsa_alg(card, 1280, flags, 0); _sc_card_add_rsa_alg(card, 1536, flags, 0); _sc_card_add_rsa_alg(card, 1792, flags, 0); @@ -242,9 +251,9 @@ { 0x6f00, SC_ERROR_CARD_CMD_FAILED, "technical error (see eToken developers guide)"}, /* no error, maybe a note */ -{ 0x9000, SC_NO_ERROR, NULL}, -{ 0x9001, SC_NO_ERROR, "success, but eeprom weakness detected"}, -{ 0x9850, SC_NO_ERROR, "over/underflow useing in/decrease"} +{ 0x9000, SC_SUCCESS, NULL}, +{ 0x9001, SC_SUCCESS, "success, but eeprom weakness detected"}, +{ 0x9850, SC_SUCCESS, "over/underflow useing in/decrease"} }; static int cardos_check_sw(sc_card_t *card, unsigned int sw1, unsigned int sw2) @@ -255,13 +264,13 @@ for (i = 0; i < err_count; i++) { if (cardos_errors[i].SWs == ((sw1 << 8) | sw2)) { if ( cardos_errors[i].errorstr ) - sc_error(card->ctx, "%s\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "%s\n", cardos_errors[i].errorstr); return cardos_errors[i].errorno; } } - sc_error(card->ctx, "Unknown SWs; SW1=%02X, SW2=%02X\n", sw1, sw2); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unknown SWs; SW1=%02X, SW2=%02X\n", sw1, sw2); return SC_ERROR_CARD_CMD_FAILED; } @@ -273,7 +282,7 @@ int r; size_t fids = 0, len; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); /* 0x16: DIRECTORY */ /* 0x02: list both DF and EF */ @@ -286,13 +295,12 @@ apdu.resp = rbuf; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "DIRECTORY command returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "DIRECTORY command returned error"); if (apdu.resplen > 256) { - sc_error(card->ctx, "directory listing > 256 bytes, cutting"); - r = 256; + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "directory listing > 256 bytes, cutting"); } len = apdu.resplen; @@ -301,7 +309,7 @@ /* is there a file informatin block (0x6f) ? */ p = sc_asn1_find_tag(card->ctx, p, len, 0x6f, &tlen); if (p == NULL) { - sc_error(card->ctx, "directory tag missing"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "directory tag missing"); return SC_ERROR_INTERNAL; } if (tlen == 0) @@ -309,7 +317,7 @@ break; q = sc_asn1_find_tag(card->ctx, p, tlen, 0x86, &ilen); if (q == NULL || ilen != 2) { - sc_error(card->ctx, "error parsing file id TLV object"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "error parsing file id TLV object"); return SC_ERROR_INTERNAL; } /* put file id in buf */ @@ -333,7 +341,7 @@ r = fids; - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } static void add_acl_entry(sc_file_t *file, int op, u8 byte) @@ -428,11 +436,11 @@ { int r; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); r = iso_ops->select_file(card, in_path, file); if (r >= 0 && file) parse_sec_attr((*file), (*file)->sec_attr, (*file)->sec_attr_len); - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } static int cardos_acl_to_bytes(sc_card_t *card, const sc_file_t *file, @@ -451,7 +459,7 @@ else byte = acl_to_byte(sc_file_get_acl_entry(file, idx[i])); if (byte < 0) { - sc_error(card->ctx, "Invalid ACL\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Invalid ACL\n"); return SC_ERROR_INVALID_ARGUMENTS; } buf[i] = byte; @@ -535,7 +543,7 @@ size_t inlen = *outlen, len; int r; - SC_FUNC_CALLED(card->ctx, 2); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); if (out == NULL || inlen < 64) return SC_ERROR_INVALID_ARGUMENTS; @@ -581,7 +589,7 @@ buf[4] |= (u8) file->record_count; break; default: - sc_error(card->ctx, "unknown EF type: %u", file->type); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "unknown EF type: %u", file->type); return SC_ERROR_INVALID_ARGUMENTS; } if (file->ef_structure == SC_FILE_EF_CYCLIC || @@ -639,7 +647,7 @@ { int r; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); if (card->type == SC_CARD_TYPE_CARDOS_GENERIC || card->type == SC_CARD_TYPE_CARDOS_M4_01) { @@ -650,14 +658,15 @@ } else if (card->type == SC_CARD_TYPE_CARDOS_M4_2 || card->type == SC_CARD_TYPE_CARDOS_M4_3 || card->type == SC_CARD_TYPE_CARDOS_M4_2B || - card->type == SC_CARD_TYPE_CARDOS_M4_2C) { + card->type == SC_CARD_TYPE_CARDOS_M4_2C || + card->type == SC_CARD_TYPE_CARDOS_M4_4) { u8 sbuf[SC_MAX_APDU_BUFFER_SIZE]; size_t len = sizeof(sbuf); sc_apdu_t apdu; r = cardos_construct_fcp(card, file, sbuf, &len); if (r < 0) { - sc_error(card->ctx, "unable to create FCP"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "unable to create FCP"); return r; } @@ -667,7 +676,7 @@ apdu.data = sbuf; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); return sc_check_sw(card, apdu.sw1, apdu.sw2); } else @@ -683,17 +692,18 @@ sc_apdu_t apdu; int r; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); - sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x22, 3, se_num); + sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x22, 0, se_num); + apdu.p1 = (card->type == SC_CARD_TYPE_CARDOS_CIE_V1 ? 0xF3 : 0x03); r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } /* @@ -719,12 +729,18 @@ if (!(env->flags & SC_SEC_ENV_KEY_REF_PRESENT) || env->key_ref_len != 1) { - sc_error(card->ctx, "No or invalid key reference\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "No or invalid key reference\n"); return SC_ERROR_INVALID_ARGUMENTS; } key_id = env->key_ref[0]; - sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x22, 1, 0); + sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x22, 0, 0); + if (card->type == SC_CARD_TYPE_CARDOS_CIE_V1) { + cardos_restore_security_env(card, 0x30); + apdu.p1 = 0xF1; + } else { + apdu.p1 = 0x01; + } switch (env->operation) { case SC_SEC_OPERATION_DECIPHER: apdu.p2 = 0xB8; @@ -743,12 +759,12 @@ apdu.data = data; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } /* @@ -774,14 +790,13 @@ apdu.data = data; apdu.lc = datalen; apdu.datalen = datalen; - apdu.sensitive = 1; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00) - SC_FUNC_RETURN(card->ctx, 4, apdu.resplen); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, apdu.resplen); else - SC_FUNC_RETURN(card->ctx, 4, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); } static int @@ -795,12 +810,12 @@ assert(card != NULL && data != NULL && out != NULL); ctx = card->ctx; - SC_FUNC_CALLED(ctx, 1); + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); if (datalen > SC_MAX_APDU_BUFFER_SIZE) - SC_FUNC_RETURN(card->ctx, 4, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); if (outlen < datalen) - SC_FUNC_RETURN(card->ctx, 4, SC_ERROR_BUFFER_TOO_SMALL); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_BUFFER_TOO_SMALL); outlen = datalen; /* XXX As we don't know what operations are allowed with a @@ -812,25 +827,19 @@ * invalid signatures with duplicated hash prefixes with some cards */ - if (ctx->debug >= 3) { if (card->caps & SC_CARD_CAP_ONLY_RAW_HASH_STRIPPED) - sc_debug(ctx, "Forcing RAW_HASH_STRIPPED\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Forcing RAW_HASH_STRIPPED\n"); if (card->caps & SC_CARD_CAP_ONLY_RAW_HASH) - sc_debug(ctx, "Forcing RAW_HASH\n"); - } + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Forcing RAW_HASH\n"); if (!(card->caps & (SC_CARD_CAP_ONLY_RAW_HASH_STRIPPED | SC_CARD_CAP_ONLY_RAW_HASH))) { - if (ctx->debug >= 3) - sc_debug(ctx, "trying RSA_PURE_SIG (padded DigestInfo)\n"); - sc_ctx_suppress_errors_on(ctx); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "trying RSA_PURE_SIG (padded DigestInfo)\n"); r = do_compute_signature(card, data, datalen, out, outlen); - sc_ctx_suppress_errors_off(ctx); if (r >= SC_SUCCESS) - SC_FUNC_RETURN(ctx, 4, r); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); } - if (ctx->debug >= 3) - sc_debug(ctx, "trying RSA_SIG (just the DigestInfo)\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "trying RSA_SIG (just the DigestInfo)\n"); /* remove padding: first try pkcs1 bt01 padding */ r = sc_pkcs1_strip_01_padding(data, datalen, buf, &tmp_len); if (r != SC_SUCCESS) { @@ -847,25 +856,21 @@ } if (!(card->caps & (SC_CARD_CAP_ONLY_RAW_HASH_STRIPPED | SC_CARD_CAP_ONLY_RAW_HASH)) || card->caps & SC_CARD_CAP_ONLY_RAW_HASH ) { - if (ctx->debug >= 3) - sc_debug(ctx, "trying to sign raw hash value with prefix\n"); - sc_ctx_suppress_errors_on(ctx); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "trying to sign raw hash value with prefix\n"); r = do_compute_signature(card, buf, tmp_len, out, outlen); - sc_ctx_suppress_errors_off(ctx); if (r >= SC_SUCCESS) - SC_FUNC_RETURN(ctx, 4, r); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); } if (card->caps & SC_CARD_CAP_ONLY_RAW_HASH) { - sc_debug(ctx, "Failed to sign raw hash value with prefix when forcing\n"); - SC_FUNC_RETURN(ctx, 4, SC_ERROR_INVALID_ARGUMENTS); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Failed to sign raw hash value with prefix when forcing\n"); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); } - if (ctx->debug >= 3) - sc_debug(ctx, "trying to sign stripped raw hash value (card is responsible for prefix)\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "trying to sign stripped raw hash value (card is responsible for prefix)\n"); r = sc_pkcs1_strip_digest_info_prefix(NULL,buf,tmp_len,buf,&buf_len); if (r != SC_SUCCESS) - SC_FUNC_RETURN(ctx, 4, r); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); return do_compute_signature(card, buf, buf_len, out, outlen); } @@ -876,7 +881,7 @@ u8 rbuf[SC_MAX_APDU_BUFFER_SIZE]; int r; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xca, 0x01, 0x83); apdu.cla = 0x00; @@ -885,13 +890,13 @@ apdu.resp = rbuf; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); if (apdu.resplen < 1) { - SC_TEST_RET(card->ctx, r, "Lifecycle byte not in response"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Lifecycle byte not in response"); } r = SC_SUCCESS; @@ -906,11 +911,11 @@ *mode = SC_CARDCTRL_LIFECYCLE_OTHER; break; default: - sc_error(card->ctx, "Unknown lifecycle byte %d", rbuf[0]); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unknown lifecycle byte %d", rbuf[0]); r = SC_ERROR_INTERNAL; } - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } static int @@ -922,7 +927,7 @@ int current; int target; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); target = *mode; @@ -941,12 +946,12 @@ apdu.resp = NULL; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } static int @@ -956,7 +961,7 @@ sc_apdu_t apdu; int r; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); memset(&apdu, 0, sizeof(apdu)); apdu.cse = SC_APDU_CASE_3_SHORT; @@ -969,12 +974,12 @@ apdu.datalen = args->len; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } static int @@ -995,10 +1000,10 @@ apdu.datalen = args->len; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); return r; } @@ -1030,9 +1035,9 @@ apdu.datalen = apdu.lc = sizeof(data); r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "GENERATE_KEY failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "GENERATE_KEY failed"); return r; } @@ -1048,11 +1053,11 @@ apdu.resplen = sizeof(rbuf); apdu.le = 256; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00) return SC_ERROR_INTERNAL; if (apdu.resplen != 32) { - sc_debug(card->ctx, "unexpected response to GET DATA serial" + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "unexpected response to GET DATA serial" " number\n"); return SC_ERROR_INTERNAL; } @@ -1128,7 +1133,7 @@ apdu.cla = 0x80; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); return sc_check_sw(card, apdu.sw1, apdu.sw2); } else @@ -1140,7 +1145,7 @@ int r; struct sc_apdu apdu; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xCA, (tag >> 8) & 0xff, tag & 0xff); @@ -1150,17 +1155,17 @@ apdu.resp = buf; apdu.resplen = len; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "GET_DATA returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "GET_DATA returned error"); if (apdu.resplen > len) r = SC_ERROR_WRONG_LENGTH; else r = apdu.resplen; - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } @@ -1173,7 +1178,6 @@ cardos_ops = *iso_ops; cardos_ops.match_card = cardos_match_card; cardos_ops.init = cardos_init; - cardos_ops.finish = cardos_finish; cardos_ops.select_file = cardos_select_file; cardos_ops.create_file = cardos_create_file; cardos_ops.set_security_env = cardos_set_security_env; diff -Nru opensc-0.11.13/src/libopensc/cardctl.h opensc-0.12.1/src/libopensc/cardctl.h --- opensc-0.11.13/src/libopensc/cardctl.h 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/cardctl.h 2011-05-17 17:07:00.000000000 +0000 @@ -21,7 +21,7 @@ #ifndef _OPENSC_CARDCTL_H #define _OPENSC_CARDCTL_H -#include +#include "libopensc/types.h" #ifdef __cplusplus extern "C" { @@ -39,6 +39,8 @@ SC_CARDCTL_LIFECYCLE_GET, SC_CARDCTL_LIFECYCLE_SET, SC_CARDCTL_GET_SERIALNR, + SC_CARDCTL_GET_SE_INFO, + SC_CARDCTL_GET_CHV_REFERENCE_IN_SE, /* * GPK specific calls @@ -92,7 +94,6 @@ * JCOP specific calls */ SC_CARDCTL_JCOP_BASE = _CTL_PREFIX('J', 'C', 'P'), - SC_CARDCTL_JCOP_LOCK, SC_CARDCTL_JCOP_GENERATE_KEY, /* @@ -194,8 +195,40 @@ SC_CARDCTL_MYEID_BASE = _CTL_PREFIX('M', 'Y', 'E'), SC_CARDCTL_MYEID_PUTDATA, SC_CARDCTL_MYEID_GETDATA, - SC_CARDCTL_MYEID_GENERATE_KEY, + SC_CARDCTL_MYEID_GENERATE_STORE_KEY, SC_CARDCTL_MYEID_ACTIVATE_CARD, + + /* + * PIV specific calls + */ + SC_CARDCTL_PIV_BASE = _CTL_PREFIX('P', 'I', 'V'), + SC_CARDCTL_PIV_AUTHENTICATE, + SC_CARDCTL_PIV_GENERATE_KEY, + SC_CARDCTL_PIV_PIN_PREFERENCE, + SC_CARDCTL_PIV_OBJECT_PRESENT, + + /* + * AuthentIC v3 + */ + SC_CARDCTL_AUTHENTIC_BASE = _CTL_PREFIX('A','V','3'), + SC_CARDCTL_AUTHENTIC_SDO_CREATE, + SC_CARDCTL_AUTHENTIC_SDO_DELETE, + SC_CARDCTL_AUTHENTIC_SDO_STORE, + SC_CARDCTL_AUTHENTIC_SDO_GENERATE, + + /* + * IAS/ECC + */ + SC_CARDCTL_IASECC_BASE = _CTL_PREFIX('E','C','C'), + SC_CARDCTL_IASECC_GET_FREE_KEY_REFERENCE, + SC_CARDCTL_IASECC_SDO_MAGIC = _CTL_PREFIX('S','D','O') | 'M', + SC_CARDCTL_IASECC_SDO_MAGIC_PUT_DATA = _CTL_PREFIX('S','D','O') | 'P', + SC_CARDCTL_IASECC_SDO_PUT_DATA, + SC_CARDCTL_IASECC_SDO_KEY_RSA_PUT_DATA, + SC_CARDCTL_IASECC_SDO_GET_DATA, + SC_CARDCTL_IASECC_SDO_GENERATE, + SC_CARDCTL_IASECC_SDO_CREATE, + SC_CARDCTL_IASECC_SDO_DELETE, }; enum { @@ -488,7 +521,7 @@ typedef struct { int key_reference; - size_t key_len; //8, 16 or 24 + size_t key_len; /* 8, 16 or 24 */ u8 key_value[24]; }sc_autkey_t; @@ -557,7 +590,11 @@ #define SC_RUTOKEN_DO_CHV_MAX_ID_V2 SC_RUTOKEN_DEF_ID_GCHV_USER /* MAX ID value of CHV-objects */ #define SC_RUTOKEN_DO_NOCHV_MAX_ID_V2 SC_RUTOKEN_DO_NOCHV_MAX_ID /* MAX ID value of All Other DOs */ +#if defined(__APPLE__) || defined(sun) +#pragma pack(1) +#else #pragma pack(push, 1) +#endif typedef u8 sc_SecAttrV2_t[40]; typedef struct sc_ObjectTypeID{ @@ -640,17 +677,6 @@ u8 lock_ac; u8 aid[16]; u8 init_key[16]; - } mf; - struct { - u8 file_id[2]; - u8 file_count; - u8 flag; - u8 ikf_size[2]; - u8 create_ac; - u8 append_ac; - u8 lock_ac; - u8 aid[16]; - u8 init_key[16]; } df; struct { u8 file_id[2]; @@ -683,7 +709,11 @@ u8 *modulus; } sc_entersafe_gen_key_data; +#if defined(__APPLE__) || defined(sun) +#pragma pack() +#else #pragma pack(pop) +#endif /* * Rutoken ECP stuff @@ -740,6 +770,23 @@ unsigned char *invq; }; +/* + * PIV info + */ +typedef struct sc_cardctl_piv_genkey_info_st { + unsigned int key_num; + unsigned int key_algid; /* RSA 5, 6, 7; EC 11, 14 */ + unsigned int key_bits; /* RSA */ + unsigned long exponent; /* RSA */ + unsigned char * pubkey; /* RSA */ + unsigned int pubkey_len; /* RSA */ + unsigned char * ecparam; /* EC */ + unsigned int ecparam_len; /* EC */ + unsigned char * ecpoint; /* EC */ + unsigned int ecpoint_len; /* EC */ + +} sc_cardctl_piv_genkey_info_t; + #ifdef __cplusplus } #endif diff -Nru opensc-0.11.13/src/libopensc/card-default.c opensc-0.12.1/src/libopensc/card-default.c --- opensc-0.11.13/src/libopensc/card-default.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/card-default.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,9 +18,12 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" +#include "config.h" + #include +#include "internal.h" + static struct sc_card_operations default_ops; static struct sc_card_driver default_drv = { "Default driver for unknown cards", @@ -29,11 +32,6 @@ NULL, 0, NULL }; -static int default_finish(sc_card_t *card) -{ - return 0; -} - static int default_match_card(sc_card_t *card) { return 1; /* always match */ @@ -47,11 +45,9 @@ sc_apdu_t apdu; int i, r; - if (card->ctx->debug >= 2) - sc_debug(card->ctx, "autodetecting CLA byte\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "autodetecting CLA byte\n"); for (i = 0; i < class_count; i++) { - if (card->ctx->debug >= 2) - sc_debug(card->ctx, "trying with 0x%02X\n", classes[i]); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "trying with 0x%02X\n", classes[i]); memset(&apdu, 0, sizeof(apdu)); apdu.cla = classes[i]; apdu.cse = SC_APDU_CASE_2_SHORT; @@ -63,58 +59,56 @@ apdu.resp = rbuf; apdu.resplen = sizeof(rbuf); r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 == 0x6E) continue; if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00) break; if (apdu.sw1 == 0x61) break; - if (card->ctx->debug >= 2) - sc_debug(card->ctx, "got strange SWs: 0x%02X 0x%02X\n", - apdu.sw1, apdu.sw2); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "got strange SWs: 0x%02X 0x%02X\n", apdu.sw1, apdu.sw2); break; } if (i == class_count) return -1; card->cla = classes[i]; - if (card->ctx->debug >= 2) - sc_debug(card->ctx, "detected CLA byte as 0x%02X\n", card->cla); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "detected CLA byte as 0x%02X\n", card->cla); if (apdu.resplen < 2) { - if (card->ctx->debug >= 2) - sc_debug(card->ctx, "SELECT FILE returned %d bytes\n", - apdu.resplen); - return 0; + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "SELECT FILE returned %d bytes\n", apdu.resplen); + return SC_SUCCESS; } if (rbuf[0] == 0x6F) { - if (card->ctx->debug >= 2) - sc_debug(card->ctx, "SELECT FILE seems to behave according to ISO 7816-4\n"); - return 0; + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "SELECT FILE seems to behave according to ISO 7816-4\n"); + return SC_SUCCESS; } if (rbuf[0] == 0x00 && rbuf[1] == 0x00) { struct sc_card_driver *drv; - if (card->ctx->debug >= 2) - sc_debug(card->ctx, "SELECT FILE seems to return Schlumberger 'flex stuff\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "SELECT FILE seems to return Schlumberger 'flex stuff\n"); drv = sc_get_cryptoflex_driver(); card->ops->select_file = drv->ops->select_file; - return 0; + return SC_SUCCESS; } - return 0; + return SC_SUCCESS; } static int default_init(sc_card_t *card) { int r; - card->name = "Unidentified card"; + card->name = "Unsupported card"; card->drv_data = NULL; r = autodetect_class(card); if (r) { - sc_error(card->ctx, "unable to determine the right class byte\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "unable to determine the right class byte\n"); return SC_ERROR_INVALID_CARD; } - return 0; + return SC_SUCCESS; } static struct sc_card_driver * sc_get_driver(void) @@ -124,14 +118,11 @@ default_ops = *iso_drv->ops; default_ops.match_card = default_match_card; default_ops.init = default_init; - default_ops.finish = default_finish; return &default_drv; } -#if 1 struct sc_card_driver * sc_get_default_driver(void) { return sc_get_driver(); } -#endif diff -Nru opensc-0.11.13/src/libopensc/card-emv.c opensc-0.12.1/src/libopensc/card-emv.c --- opensc-0.11.13/src/libopensc/card-emv.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/card-emv.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,161 +0,0 @@ -/* - * card-emv.c: Functions specified by the EMV standard - * - * Copyright (C) 2001, 2002 Juha Yrjölä - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -#include "internal.h" -#include - -static struct sc_card_operations emv_ops; -static struct sc_card_driver emv_drv = { - "EMV compatible cards", - "emv", - &emv_ops, - NULL, 0, NULL -}; - -static int emv_finish(sc_card_t *card) -{ - return 0; -} - -static int parse_atr(const u8 *atr, size_t atr_len, int *t0_out, int *tx1, int *tx2, - u8 *hist_bytes, int *hbcount) -{ - const u8 *p = atr; - int len = atr_len; - int nr_hist_bytes, tx, i; - - if (len < 2) - return -1; - p++; - len--; - *t0_out = *p; - nr_hist_bytes = *p & 0x0F; - tx = *p >> 4; - p++; - for (i = 0; i < 4; i++) - tx1[i] = tx2[i] = -1; - for (i = 0; i < 4; i++) - if (tx & (1 << i)) { - if (len <= 0) - return -1; - tx1[i] = *p++; - len--; - } - if (tx1[3] != -1) { - tx = tx1[3] >> 4; - for (i = 0; i < 4; i++) - if (tx & (1 << i)) { - if (len <= 0) - return -1; - tx2[i] = *p++; - len--; - } - } - /* FIXME: possibly check TD2 */ - if (hist_bytes == NULL || nr_hist_bytes == 0) - return 0; - if (len < nr_hist_bytes) - return -1; - memcpy(hist_bytes, p, nr_hist_bytes); - *hbcount = nr_hist_bytes; - - return 0; -} - -static int emv_match_card(sc_card_t *card) -{ - int i, r, hbcount = 0, match = 1; - int tx1[4], tx2[4], t0; - char line[200], *linep = line; - u8 hist_bytes[32]; - - r = parse_atr(card->atr, card->atr_len, &t0, tx1, tx2, hist_bytes, &hbcount); - if (r) - return 0; - for (i = 0; i < 4; i++) - if (tx1[i] != -1) - linep += sprintf(linep, "T%c1 = 0x%02X ", 'A' + i, tx1[i]); - for (i = 0; i < 4; i++) - if (tx2[i] != -1) - linep += sprintf(linep, "T%c2 = 0x%02X ", 'A' + i, tx2[i]); - if (card->ctx->debug >= 4) { - sc_debug(card->ctx, "ATR parse: %s\n", line); - if (hbcount) { - sc_hex_dump(card->ctx, hist_bytes, hbcount, line, sizeof(line)); - sc_debug(card->ctx, "historic bytes:\n%s", line); - } - } - if ((t0 & 0xF0) != 0x60) - match = 0; - if (match && tx1[1] != 0x00) - match = 0; - if (match && tx1[2] == -1) - match = 0; - if (match) - for (i = 0; i < 4; i++) - if (tx2[i] != -1) - match = 0; - return match; -} - -static int emv_init(sc_card_t *card) -{ - card->drv_data = NULL; - card->cla = 0x00; - - return 0; -} - -static int emv_select_file(sc_card_t *card, const sc_path_t *path, - sc_file_t **file) -{ - int r; - struct sc_card_driver *iso_drv = sc_get_iso7816_driver(); - const struct sc_card_operations *ops = iso_drv->ops; - - r = ops->select_file(card, path, file); - if (r) - return r; - if (file != NULL && path->len == 2 && memcmp(path->value, "\x3F\x00", 2) == 0) - (*file)->type = SC_FILE_TYPE_DF; - if (file != NULL && (*file)->namelen) - (*file)->type = SC_FILE_TYPE_DF; - return 0; -} - -static struct sc_card_driver * sc_get_driver(void) -{ - struct sc_card_driver *iso_drv = sc_get_iso7816_driver(); - - emv_ops = *iso_drv->ops; - emv_ops.match_card = emv_match_card; - emv_ops.init = emv_init; - emv_ops.finish = emv_finish; - emv_ops.select_file = emv_select_file; - - return &emv_drv; -} - -#if 1 -struct sc_card_driver * sc_get_emv_driver(void) -{ - return sc_get_driver(); -} -#endif diff -Nru opensc-0.11.13/src/libopensc/card-entersafe.c opensc-0.12.1/src/libopensc/card-entersafe.c --- opensc-0.11.13/src/libopensc/card-entersafe.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/card-entersafe.c 2011-05-17 17:07:00.000000000 +0000 @@ -16,15 +16,18 @@ /* Initially written by Weitao Sun (weitao@ftsafe.com) 2008 */ -#include "internal.h" -#include "asn1.h" -#include "cardctl.h" +#include "config.h" +#ifdef ENABLE_OPENSSL /* empty file without openssl */ + #include #include -#ifdef ENABLE_OPENSSL #include +#include "internal.h" +#include "asn1.h" +#include "cardctl.h" + static struct sc_atr_table entersafe_atrs[] = { { "3b:0f:00:65:46:53:05:19:05:71:df:00:00:00:00:00:00", @@ -98,7 +101,7 @@ static int entersafe_match_card(sc_card_t *card) { int i; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); i = _sc_match_atr(card, entersafe_atrs, &card->type); if (i < 0) @@ -111,34 +114,27 @@ { unsigned int flags; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); card->name = "entersafe"; card->cla = 0x00; - /*card->drv_data = NULL;*/ + card->drv_data = NULL; flags =SC_ALGORITHM_ONBOARD_KEY_GEN | SC_ALGORITHM_RSA_RAW | SC_ALGORITHM_RSA_HASH_NONE; - - - _sc_card_add_rsa_alg(card, 512, flags, 0x10001); - _sc_card_add_rsa_alg(card, 768, flags, 0x10001); - _sc_card_add_rsa_alg(card,1024, flags, 0x10001); - _sc_card_add_rsa_alg(card,2048, flags, 0x10001); + _sc_card_add_rsa_alg(card, 512, flags, 0); + _sc_card_add_rsa_alg(card, 768, flags, 0); + _sc_card_add_rsa_alg(card,1024, flags, 0); + _sc_card_add_rsa_alg(card,2048, flags, 0); - /*card->caps = SC_CARD_CAP_RNG|SC_CARD_CAP_APDU_EXT; */ card->caps = SC_CARD_CAP_RNG; - card->drv_data = 0; - /* we need read_binary&friends with max 224 bytes per read */ - if (card->max_send_size > 0xE0) - card->max_send_size = 0xE0; - if (card->max_recv_size > 0xE0) - card->max_recv_size = 0xE0; - SC_FUNC_RETURN(card->ctx,4,SC_SUCCESS); + card->max_send_size = 224; + card->max_recv_size = 224; + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,SC_SUCCESS); } static int entersafe_gen_random(sc_card_t *card,u8 *buff,size_t size) @@ -147,7 +143,7 @@ u8 rbuf[SC_MAX_APDU_BUFFER_SIZE]={0}; sc_apdu_t apdu; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); sc_format_apdu(card,&apdu,SC_APDU_CASE_2_SHORT,0x84,0x00,0x00); apdu.resp=rbuf; @@ -155,13 +151,13 @@ apdu.resplen=sizeof(rbuf); r=sc_transmit_apdu(card,&apdu); - SC_TEST_RET(card->ctx, r, "entersafe gen random failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "entersafe gen random failed"); if(apdu.resplen!=size) - SC_FUNC_RETURN(card->ctx,1,SC_ERROR_INTERNAL); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL,SC_ERROR_INTERNAL); memcpy(buff,rbuf,size); - SC_FUNC_RETURN(card->ctx,1,r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL,r); } static int entersafe_cipher_apdu(sc_card_t *card, sc_apdu_t *apdu, @@ -170,8 +166,9 @@ { EVP_CIPHER_CTX ctx; u8 iv[8]={0}; + int len; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); assert(card); assert(apdu); @@ -192,28 +189,30 @@ else if (keylen == 16) EVP_EncryptInit_ex(&ctx, EVP_des_ede(), NULL, key, iv); else - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INTERNAL); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INTERNAL); - if(!EVP_EncryptUpdate(&ctx,buff,&apdu->lc,buff,buffsize)){ - sc_error(card->ctx, "entersafe encryption error."); - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INTERNAL); + len = apdu->lc; + if(!EVP_EncryptUpdate(&ctx, buff, &len, buff, buffsize)){ + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "entersafe encryption error."); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INTERNAL); } + apdu->lc = len; if (!EVP_CIPHER_CTX_cleanup(&ctx)){ - sc_error(card->ctx, "entersafe encryption error."); - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INTERNAL); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "entersafe encryption error."); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INTERNAL); } if(apdu->lc!=buffsize) { - sc_error(card->ctx, "entersafe build cipher apdu failed."); - SC_FUNC_RETURN(card->ctx, 3, SC_ERROR_INTERNAL); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "entersafe build cipher apdu failed."); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INTERNAL); } apdu->data=buff; apdu->datalen=apdu->lc; - SC_FUNC_RETURN(card->ctx, 3, SC_SUCCESS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_SUCCESS); } static int entersafe_mac_apdu(sc_card_t *card, sc_apdu_t *apdu, @@ -223,10 +222,11 @@ int r; u8 iv[8]; u8 *tmp=0,*tmp_rounded=NULL; - size_t tmpsize=0,tmpsize_rounded=0,outl=0; + size_t tmpsize=0,tmpsize_rounded=0; + int outl=0; EVP_CIPHER_CTX ctx; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); assert(card); assert(apdu); @@ -239,7 +239,7 @@ return SC_ERROR_INTERNAL; r=entersafe_gen_random(card,iv,sizeof(iv)); - SC_TEST_RET(card->ctx,r,"entersafe gen random failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL,r,"entersafe gen random failed"); /* encode the APDU in the buffer */ if ((r=sc_apdu_get_octets(card->ctx, apdu, &tmp, &tmpsize,SC_PROTO_RAW)) != SC_SUCCESS) @@ -251,7 +251,7 @@ tmp_rounded = malloc(tmpsize_rounded); if (tmp_rounded == NULL) { - r = SC_ERROR_MEMORY_FAILURE; + r = SC_ERROR_OUT_OF_MEMORY; goto out; } @@ -307,7 +307,7 @@ if(tmp_rounded) free(tmp_rounded); - SC_FUNC_RETURN(card->ctx, 3, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); } static int entersafe_transmit_apdu(sc_card_t *card, sc_apdu_t *apdu, @@ -318,24 +318,21 @@ size_t cipher_data_size,mac_data_size; int blocks; int r=SC_SUCCESS; + u8 *sbuf=NULL; + size_t ssize=0; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); assert(card); assert(apdu); if((cipher||mac) && (!key||(keylen!=8 && keylen!=16))) - SC_FUNC_RETURN(card->ctx, 3, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); - if (card->ctx->debug >= 6) - { - u8 *sbuf=NULL; - size_t ssize=0; - r = sc_apdu_get_octets(card->ctx, apdu, &sbuf, &ssize, SC_PROTO_RAW); - if (r == SC_SUCCESS) - sc_apdu_log(card->ctx, sbuf, ssize, 1); - free(sbuf); - } + r = sc_apdu_get_octets(card->ctx, apdu, &sbuf, &ssize, SC_PROTO_RAW); + if (r == SC_SUCCESS) + sc_apdu_log(card->ctx, SC_LOG_DEBUG_VERBOSE, sbuf, ssize, 1); + free(sbuf); if(cipher) { @@ -368,7 +365,7 @@ if(mac_data) free(mac_data); - SC_FUNC_RETURN(card->ctx, 3, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); } static int entersafe_read_binary(sc_card_t *card, @@ -379,7 +376,7 @@ u8 recvbuf[SC_MAX_APDU_BUFFER_SIZE]; int r; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); assert(count <= card->max_recv_size); sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xB0, @@ -391,12 +388,12 @@ apdu.resp = recvbuf; r = entersafe_transmit_apdu(card, &apdu,0,0,0,0); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.resplen == 0) - SC_FUNC_RETURN(card->ctx, 2, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); memcpy(buf, recvbuf, apdu.resplen); - SC_FUNC_RETURN(card->ctx, 3, apdu.resplen); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, apdu.resplen); } static int entersafe_update_binary(sc_card_t *card, @@ -406,7 +403,7 @@ sc_apdu_t apdu; int r; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); assert(count <= card->max_send_size); @@ -418,10 +415,10 @@ apdu.data = buf; r = entersafe_transmit_apdu(card, &apdu,0,0,0,0); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); - SC_TEST_RET(card->ctx, sc_check_sw(card, apdu.sw1, apdu.sw2), + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, sc_check_sw(card, apdu.sw1, apdu.sw2), "Card returned error"); - SC_FUNC_RETURN(card->ctx, 3, count); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, count); } @@ -431,10 +428,10 @@ int r; assert(file); - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); r = iso_ops->process_fci(card,file,buf,buflen); - SC_TEST_RET(card->ctx, r, "Process fci failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Process fci failed"); if(file->namelen) { @@ -447,7 +444,7 @@ file->ef_structure = SC_FILE_EF_TRANSPARENT; } - SC_FUNC_RETURN(card->ctx, 4, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); } static int entersafe_select_fid(sc_card_t *card, @@ -458,13 +455,15 @@ sc_file_t *file=0; sc_path_t path; + memset(&path, 0, sizeof(sc_path_t)); + path.type=SC_PATH_TYPE_FILE_ID; path.value[0]=id_hi; path.value[1]=id_lo; path.len=2; r = iso_ops->select_file(card,&path,&file); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); /* update cache */ if (file->type == SC_FILE_TYPE_DF) { @@ -483,7 +482,7 @@ if (file_out) *file_out = file; - SC_FUNC_RETURN(card->ctx, 2, SC_SUCCESS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_SUCCESS); } static int entersafe_select_aid(sc_card_t *card, @@ -492,7 +491,7 @@ { int r = 0; - if (card->cache_valid + if (card->cache.valid && card->cache.current_path.type == SC_PATH_TYPE_DF_NAME && card->cache.current_path.len == in_path->len && memcmp(card->cache.current_path.value, in_path->value, in_path->len)==0 ) @@ -501,13 +500,13 @@ { *file_out = sc_file_new(); if(!file_out) - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_OUT_OF_MEMORY); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); } } else { r = iso_ops->select_file(card,in_path,file_out); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); /* update cache */ card->cache.current_path.type = SC_PATH_TYPE_DF_NAME; @@ -527,7 +526,7 @@ file->namelen = in_path->len; file->id = 0x0000; } - SC_FUNC_RETURN(card->ctx, 2, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); } static int entersafe_select_path(sc_card_t *card, @@ -542,11 +541,11 @@ int r; if (pathlen%2 != 0 || pathlen > 6 || pathlen <= 0) - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); /* if pathlen == 6 then the first FID must be MF (== 3F00) */ if (pathlen == 6 && ( path[0] != 0x3f || path[1] != 0x00 )) - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); /* unify path (the first FID should be MF) */ if (path[0] != 0x3f || path[1] != 0x00) @@ -560,7 +559,7 @@ } /* check current working directory */ - if (card->cache_valid + if (card->cache.valid && card->cache.current_path.type == SC_PATH_TYPE_PATH && card->cache.current_path.len >= 2 && card->cache.current_path.len <= pathlen ) @@ -572,7 +571,7 @@ bMatch += 2; } - if ( card->cache_valid && bMatch > 2 ) + if ( card->cache.valid && bMatch > 2 ) { if ( pathlen - bMatch == 2 ) { @@ -586,8 +585,10 @@ /* first step: change directory */ r = entersafe_select_fid(card, path[bMatch], path[bMatch+1], NULL); - SC_TEST_RET(card->ctx, r, "SELECT FILE (DF-ID) failed"); - + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "SELECT FILE (DF-ID) failed"); + + memset(&new_path, 0, sizeof(sc_path_t)); + new_path.type = SC_PATH_TYPE_PATH; new_path.len = pathlen - bMatch-2; memcpy(new_path.value, &(path[bMatch+2]), new_path.len); @@ -598,13 +599,13 @@ { /* done: we are already in the * requested directory */ - if ( card->ctx->debug >= 4 ) - sc_debug(card->ctx, "cache hit\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "cache hit\n"); /* copy file info (if necessary) */ if (file_out) { sc_file_t *file = sc_file_new(); if (!file) - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_OUT_OF_MEMORY); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); file->id = (path[pathlen-2] << 8) + path[pathlen-1]; file->path = card->cache.current_path; @@ -625,7 +626,7 @@ for ( i=0; ictx, r, "SELECT FILE (DF-ID) failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "SELECT FILE (DF-ID) failed"); } return entersafe_select_fid(card, path[pathlen-2], path[pathlen-1], file_out); } @@ -636,36 +637,34 @@ sc_file_t **file_out) { int r; + char pbuf[SC_MAX_PATH_STRING_SIZE]; assert(card); assert(in_path); - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); - if (card->ctx->debug >= 4) { - char pbuf[SC_MAX_PATH_STRING_SIZE]; - r = sc_path_print(pbuf, sizeof(pbuf), &card->cache.current_path); - if (r != SC_SUCCESS) - pbuf[0] = '\0'; + r = sc_path_print(pbuf, sizeof(pbuf), &card->cache.current_path); + if (r != SC_SUCCESS) + pbuf[0] = '\0'; - sc_debug(card->ctx, "current path (%s, %s): %s (len: %u)\n", - (card->cache.current_path.type==SC_PATH_TYPE_DF_NAME?"aid":"path"), - (card->cache_valid?"valid":"invalid"), pbuf, - card->cache.current_path.len); - } - + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "current path (%s, %s): %s (len: %u)\n", + (card->cache.current_path.type==SC_PATH_TYPE_DF_NAME?"aid":"path"), + (card->cache.valid?"valid":"invalid"), pbuf, + card->cache.current_path.len); switch(in_path->type) { case SC_PATH_TYPE_FILE_ID: if (in_path->len != 2) - SC_FUNC_RETURN(card->ctx,2,SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,SC_ERROR_INVALID_ARGUMENTS); return entersafe_select_fid(card,in_path->value[0],in_path->value[1], file_out); case SC_PATH_TYPE_DF_NAME: return entersafe_select_aid(card,in_path,file_out); case SC_PATH_TYPE_PATH: return entersafe_select_path(card,in_path->value,in_path->len,file_out); default: - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); } } @@ -674,14 +673,14 @@ int r; sc_apdu_t apdu; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); - memcpy(data->data.mf.init_key, init_key, sizeof(init_key)); + memcpy(data->data.df.init_key, init_key, sizeof(init_key)); sc_format_apdu(card,&apdu,SC_APDU_CASE_3_SHORT,0xE0,0x00,0x00); apdu.cla=0x84; - apdu.data=(u8*)&data->data.mf; - apdu.datalen=apdu.lc=sizeof(data->data.mf); + apdu.data=(u8*)&data->data.df; + apdu.datalen=apdu.lc=sizeof(data->data.df); switch(card->type) { @@ -699,7 +698,7 @@ }break; } - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); return sc_check_sw(card, apdu.sw1, apdu.sw2); } static int entersafe_create_df(sc_card_t *card, sc_entersafe_create_data * data) @@ -707,7 +706,7 @@ int r; sc_apdu_t apdu; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); memcpy(data->data.df.init_key, init_key, sizeof(init_key)); @@ -717,7 +716,7 @@ apdu.lc=apdu.datalen=sizeof(data->data.df); r = entersafe_transmit_apdu(card, &apdu,init_key,sizeof(init_key),0,1); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); return sc_check_sw(card, apdu.sw1, apdu.sw2); } @@ -726,7 +725,7 @@ int r; sc_apdu_t apdu; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xE0, 0x02, 0x00); apdu.cla = 0x84; @@ -734,7 +733,7 @@ apdu.lc = apdu.datalen = sizeof(data->data.ef); r = entersafe_transmit_apdu(card, &apdu,init_key,sizeof(init_key),0,1); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); return sc_check_sw(card, apdu.sw1, apdu.sw2); } @@ -766,7 +765,7 @@ static int entersafe_create_file(sc_card_t *card, sc_file_t *file) { - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); if (file->type == SC_FILE_TYPE_WORKING_EF) { sc_entersafe_create_data data; @@ -794,7 +793,7 @@ u8 *p=sbuf; int r; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); assert(card != NULL && env != NULL); @@ -824,12 +823,12 @@ } else { - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); } } break; default: - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); } apdu.le = 0; @@ -838,7 +837,7 @@ apdu.resplen = 0; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); return sc_check_sw(card, apdu.sw1, apdu.sw2); } @@ -854,7 +853,7 @@ assert(card); assert(env); - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); if(card->drv_data){ free(card->drv_data); @@ -863,16 +862,16 @@ card->drv_data = calloc(1,sizeof(*env)); if(!card->drv_data) - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_OUT_OF_MEMORY); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_OUT_OF_MEMORY); memcpy(card->drv_data,env,sizeof(*env)); - SC_FUNC_RETURN(card->ctx, 2, SC_NO_ERROR); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_SUCCESS); } static int entersafe_restore_security_env(sc_card_t *card, int se_num) { - SC_FUNC_CALLED(card->ctx, 1); - return SC_NO_ERROR; + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + return SC_SUCCESS; } @@ -887,18 +886,18 @@ u8* p=sbuf; size_t size = datalen; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); if(!data) - SC_FUNC_RETURN(card->ctx, 4,SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,SC_ERROR_INVALID_ARGUMENTS); memcpy(p,data,size); if(!card->drv_data) - SC_FUNC_RETURN(card->ctx, 4,SC_ERROR_INTERNAL); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,SC_ERROR_INTERNAL); r = entersafe_internal_set_security_env(card,card->drv_data,&p,&size); - SC_TEST_RET(card->ctx, r, "internal set security env failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "internal set security env failed"); sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0x2A, 0x86,0x80); apdu.data=p; @@ -907,24 +906,23 @@ apdu.resp = rbuf; apdu.resplen = sizeof(rbuf); apdu.le = 256; - apdu.sensitive = 1; r = entersafe_transmit_apdu(card, &apdu,0,0,0,0); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00) { size_t len = apdu.resplen > outlen ? outlen : apdu.resplen; memcpy(out, apdu.resp, len); - SC_FUNC_RETURN(card->ctx, 4, len); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, len); } - SC_FUNC_RETURN(card->ctx, 4, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); } static int entersafe_compute_signature(sc_card_t *card, const u8 * data, size_t datalen, u8 * out, size_t outlen) { - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); return entersafe_compute_with_prkey(card,data,datalen,out,outlen); } @@ -932,7 +930,7 @@ const u8 * crgram, size_t crgram_len, u8 * out, size_t outlen) { - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); return entersafe_compute_with_prkey(card,crgram,crgram_len,out,outlen); } @@ -950,7 +948,7 @@ int *tries_left) { int r; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); entersafe_init_pin_info(&data->pin1,0); entersafe_init_pin_info(&data->pin2,1); data->flags |= SC_PIN_CMD_NEED_PADDING; @@ -958,6 +956,7 @@ if(data->cmd!=SC_PIN_CMD_UNBLOCK) { r = iso_ops->pin_cmd(card,data,tries_left); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Verify rv:%i", r); } else { @@ -971,7 +970,7 @@ apdu.data = sbuf; r = entersafe_transmit_apdu(card, &apdu,0,0,0,0); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); } {/*change*/ @@ -987,10 +986,10 @@ apdu.data = sbuf; r = entersafe_transmit_apdu(card, &apdu,key_maintain,sizeof(key_maintain),1,1); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); } } - SC_FUNC_RETURN(card->ctx, 4, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); } static int entersafe_erase_card(sc_card_t *card) @@ -999,7 +998,7 @@ u8 sbuf[2]; sc_apdu_t apdu; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); sbuf[0] = 0x3f; sbuf[1] = 0x00; @@ -1009,9 +1008,9 @@ apdu.data = sbuf; r = entersafe_transmit_apdu(card, &apdu,0,0,0,0); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); /* invalidate cache */ - card->cache_valid = 0; + card->cache.valid = 0; sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xEE, 0x00, 0x00); apdu.cla=0x84; @@ -1035,8 +1034,8 @@ }break; } - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); - SC_FUNC_RETURN(card->ctx, 4, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); } static void entersafe_encode_bignum(u8 tag,sc_pkcs15_bignum_t bignum,u8** ptr) @@ -1044,14 +1043,13 @@ u8 *p=*ptr; *p++=tag; - assert(0); - if(bignum.len<256) + if(bignum.len<128) { *p++=(u8)bignum.len; } else { - u8 bytes=0; + u8 bytes=1; size_t len=bignum.len; while(len) { @@ -1069,6 +1067,7 @@ memcpy(p,bignum.data,bignum.len); entersafe_reverse_buffer(p,bignum.len); p+=bignum.len; + *ptr = p; } static int entersafe_write_small_rsa_key(sc_card_t *card,u8 key_id,struct sc_pkcs15_prkey_rsa *rsa) @@ -1078,7 +1077,7 @@ int r; u8 *p=sbuff; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); {/* write prkey */ *p++=0x00; /* EC */ @@ -1092,8 +1091,8 @@ apdu.lc=apdu.datalen=p-sbuff; r=entersafe_transmit_apdu(card,&apdu,key_maintain,sizeof(key_maintain),1,1); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); - SC_TEST_RET(card->ctx, sc_check_sw(card, apdu.sw1, apdu.sw2),"Write prkey failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, sc_check_sw(card, apdu.sw1, apdu.sw2),"Write prkey failed"); } p=sbuff; @@ -1109,11 +1108,11 @@ apdu.lc=apdu.datalen=p-sbuff; r=entersafe_transmit_apdu(card,&apdu,key_maintain,sizeof(key_maintain),1,1); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); - SC_TEST_RET(card->ctx, sc_check_sw(card, apdu.sw1, apdu.sw2),"Write pukey failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, sc_check_sw(card, apdu.sw1, apdu.sw2),"Write pukey failed"); } - SC_FUNC_RETURN(card->ctx,4,SC_SUCCESS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,SC_SUCCESS); } static int entersafe_write_rsa_key_factor(sc_card_t *card, @@ -1124,7 +1123,7 @@ int r; sc_apdu_t apdu; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); {/* MSE */ u8 sbuff[4]; @@ -1138,8 +1137,8 @@ apdu.lc=apdu.datalen=4; r=entersafe_transmit_apdu(card,&apdu,0,0,0,0); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); - SC_TEST_RET(card->ctx, sc_check_sw(card, apdu.sw1, apdu.sw2),"Write prkey factor failed(MSE)"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, sc_check_sw(card, apdu.sw1, apdu.sw2),"Write prkey factor failed(MSE)"); } {/* Write 'x'; */ @@ -1153,29 +1152,29 @@ apdu.lc=apdu.datalen=data.len; r = entersafe_transmit_apdu(card,&apdu,0,0,0,0); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); - SC_TEST_RET(card->ctx, sc_check_sw(card, apdu.sw1, apdu.sw2),"Write prkey factor failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, sc_check_sw(card, apdu.sw1, apdu.sw2),"Write prkey factor failed"); } - SC_FUNC_RETURN(card->ctx,4,SC_SUCCESS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,SC_SUCCESS); } static int entersafe_write_large_rsa_key(sc_card_t *card,u8 key_id,struct sc_pkcs15_prkey_rsa *rsa) { int r; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); {/* write prkey */ r = entersafe_write_rsa_key_factor(card,key_id,0x22,0x01,rsa->p); - SC_TEST_RET(card->ctx, r, "write p failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "write p failed"); r = entersafe_write_rsa_key_factor(card,key_id,0x22,0x02,rsa->q); - SC_TEST_RET(card->ctx, r, "write q failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "write q failed"); r = entersafe_write_rsa_key_factor(card,key_id,0x22,0x03,rsa->dmp1); - SC_TEST_RET(card->ctx, r, "write dmp1 failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "write dmp1 failed"); r = entersafe_write_rsa_key_factor(card,key_id,0x22,0x04,rsa->dmq1); - SC_TEST_RET(card->ctx, r, "write dmq1 failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "write dmq1 failed"); r = entersafe_write_rsa_key_factor(card,key_id,0x22,0x05,rsa->iqmp); - SC_TEST_RET(card->ctx, r, "write iqmp failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "write iqmp failed"); } {/* write pukey */ @@ -1196,8 +1195,8 @@ apdu.lc=apdu.datalen=0x46; r=entersafe_transmit_apdu(card,&apdu,0,0,0,0); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); - SC_TEST_RET(card->ctx, sc_check_sw(card, apdu.sw1, apdu.sw2),"Write pukey N(1) failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, sc_check_sw(card, apdu.sw1, apdu.sw2),"Write pukey N(1) failed"); /* left 192(0xC0) bytes of N */ sc_format_apdu(card,&apdu,SC_APDU_CASE_3_SHORT,0x46,0x0B,0x00); @@ -1205,14 +1204,14 @@ apdu.lc=apdu.datalen=0xC0; r=entersafe_transmit_apdu(card,&apdu,0,0,0,0); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); - SC_TEST_RET(card->ctx, sc_check_sw(card, apdu.sw1, apdu.sw2),"Write pukey N(2) failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, sc_check_sw(card, apdu.sw1, apdu.sw2),"Write pukey N(2) failed"); /* E */ r = entersafe_write_rsa_key_factor(card,key_id,0x2A,0x0D,rsa->exponent); - SC_TEST_RET(card->ctx, r, "write exponent failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "write exponent failed"); } - SC_FUNC_RETURN(card->ctx,4,SC_SUCCESS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,SC_SUCCESS); } static int entersafe_write_symmetric_key(sc_card_t *card, @@ -1224,10 +1223,10 @@ u8 sbuff[SC_MAX_APDU_BUFFER_SIZE]={0}; int r; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); if(len>240) - SC_FUNC_RETURN(card->ctx,4,SC_ERROR_INCORRECT_PARAMETERS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,SC_ERROR_INCORRECT_PARAMETERS); sbuff[0]=EC; sbuff[1]=ver; @@ -1239,27 +1238,27 @@ apdu.lc=apdu.datalen=len+2; r=entersafe_transmit_apdu(card,&apdu,key_maintain,sizeof(key_maintain),1,1); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); - SC_TEST_RET(card->ctx, sc_check_sw(card, apdu.sw1, apdu.sw2),"Write prkey failed"); - SC_FUNC_RETURN(card->ctx,4,r); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, sc_check_sw(card, apdu.sw1, apdu.sw2),"Write prkey failed"); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,r); } static int entersafe_write_key(sc_card_t *card, sc_entersafe_wkey_data *data) { struct sc_pkcs15_prkey_rsa* rsa=data->key_data.rsa; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); switch(data->usage) { case 0x22: - if(rsa->modulus.len<=1024) + if(rsa->modulus.len < 256) return entersafe_write_small_rsa_key(card,data->key_id,rsa); else return entersafe_write_large_rsa_key(card,data->key_id,rsa); break; case 0x2A: - SC_FUNC_RETURN(card->ctx,4,SC_ERROR_NOT_SUPPORTED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,SC_ERROR_NOT_SUPPORTED); break; default: return entersafe_write_symmetric_key(card,data->key_id,data->usage, @@ -1269,7 +1268,7 @@ data->key_data.symmetric.key_len); break; } - SC_FUNC_RETURN(card->ctx,4,SC_SUCCESS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,SC_SUCCESS); } static int entersafe_gen_key(sc_card_t *card, sc_entersafe_gen_key_data *data) @@ -1280,7 +1279,7 @@ u8 rbuf[300]; u8 sbuf[4],*p; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); /* MSE */ sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x22, 0x01, 0xB8); @@ -1295,8 +1294,8 @@ apdu.le=0; r=entersafe_transmit_apdu(card, &apdu, 0,0,0,0); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); - SC_TEST_RET(card->ctx, sc_check_sw(card,apdu.sw1,apdu.sw2),"EnterSafe set MSE failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, sc_check_sw(card,apdu.sw1,apdu.sw2),"EnterSafe set MSE failed"); /* generate key */ sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x46, 0x00, 0x00); @@ -1308,8 +1307,8 @@ apdu.datalen = 2; r = entersafe_transmit_apdu(card, &apdu,0,0,0,0); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); - SC_TEST_RET(card->ctx, sc_check_sw(card,apdu.sw1,apdu.sw2),"EnterSafe generate keypair failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, sc_check_sw(card,apdu.sw1,apdu.sw2),"EnterSafe generate keypair failed"); /* read public key via READ PUBLIC KEY */ sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xE6, 0x2A, data->key_id); @@ -1318,12 +1317,12 @@ apdu.resplen = sizeof(rbuf); apdu.le = 256; r = entersafe_transmit_apdu(card, &apdu,0,0,0,0); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); - SC_TEST_RET(card->ctx, sc_check_sw(card,apdu.sw1,apdu.sw2),"EnterSafe get pukey failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, sc_check_sw(card,apdu.sw1,apdu.sw2),"EnterSafe get pukey failed"); - data->modulus = (u8 *) malloc(len); + data->modulus = malloc(len); if (!data->modulus) - SC_FUNC_RETURN(card->ctx,4,SC_ERROR_OUT_OF_MEMORY); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,SC_ERROR_OUT_OF_MEMORY); p=rbuf; assert(*p=='E'); @@ -1346,7 +1345,7 @@ entersafe_reverse_buffer(p,len); memcpy(data->modulus,p,len); - SC_FUNC_RETURN(card->ctx,4,SC_SUCCESS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,SC_SUCCESS); } static int entersafe_get_serialnr(sc_card_t *card, sc_serial_number_t *serial) @@ -1355,7 +1354,7 @@ sc_apdu_t apdu; u8 rbuf[SC_MAX_APDU_BUFFER_SIZE]; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); assert(serial); sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT,0xEA,0x00,0x00); @@ -1365,81 +1364,16 @@ apdu.le=0x08; r=entersafe_transmit_apdu(card, &apdu,0,0,0,0); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); - SC_TEST_RET(card->ctx, sc_check_sw(card,apdu.sw1,apdu.sw2),"EnterSafe get SN failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, sc_check_sw(card,apdu.sw1,apdu.sw2),"EnterSafe get SN failed"); card->serialnr.len=serial->len=8; memcpy(card->serialnr.value,rbuf,8); memcpy(serial->value,rbuf,8); - SC_FUNC_RETURN(card->ctx,4,SC_SUCCESS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,SC_SUCCESS); } -#if 0 -static int entersafe_preinstall_rsa_1024(sc_card_t *card,u8 key_id) -{ - u8 sbuf[SC_MAX_APDU_BUFFER_SIZE]; - sc_apdu_t apdu; - int ret=0; - static u8 const rsa_key_e[] = - { - 'E', 0x04, 0x01, 0x00, 0x01, 0x00 - }; - - SC_FUNC_CALLED(card->ctx, 1); - - /* create rsa item in IKF */ - sbuf[0] = 0x00;/* key len extern */ - sbuf[1] = 0x8a;/* key len */ - sbuf[2] = 0x22; /* USAGE */ - sbuf[3] = 0x34; /* user ac */ - sbuf[4] = 0x04; /* change ac */ - sbuf[5] = 0x34; /* UPDATE AC */ - sbuf[6] = 0x40; /* ALGO */ - sbuf[7] = 0x00; /* EC */ - sbuf[8] = 0x00; /* VER */ - memcpy(&sbuf[9], rsa_key_e, sizeof(rsa_key_e)); - sbuf[9 + sizeof(rsa_key_e) + 0] = 'D'; - sbuf[9 + sizeof(rsa_key_e) + 1] = 0x82; - sbuf[9 + sizeof(rsa_key_e) + 2] = 0x00; - sbuf[9 + sizeof(rsa_key_e) + 3] = 0x80; - - sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT,0xF0,0x00,key_id); - apdu.cla=0x84; - apdu.data=sbuf; - apdu.lc=apdu.datalen=9 + sizeof(rsa_key_e) + 4; - - ret = entersafe_transmit_apdu(card,&apdu,init_key,sizeof(init_key),0,1); - SC_TEST_RET(card->ctx, ret, "Preinstall rsa failed"); - - /* create rsa item in PKF */ - sbuf[0] = 0x01; /* key len extern */ - sbuf[1] = 0x0A; /* key len */ - sbuf[2] = 0x2A; /* USAGE */ - sbuf[3] = ENTERSAFE_AC_ALWAYS; /* user ac */ - sbuf[4] = 0x04; /* change ac */ - sbuf[5] = ENTERSAFE_AC_ALWAYS; /* UPDATE AC */ - sbuf[6] = 0x40; /* ALGO */ - sbuf[7] = 0x00; /* EC */ - sbuf[8] = 0x00; /* VER */ - memcpy(&sbuf[9], rsa_key_e, sizeof(rsa_key_e)); - sbuf[9 + sizeof(rsa_key_e) + 0] = 'N'; - sbuf[9 + sizeof(rsa_key_e) + 1] = 0x82; - sbuf[9 + sizeof(rsa_key_e) + 2] = 0x01; - sbuf[9 + sizeof(rsa_key_e) + 3] = 0x00; - - sc_format_apdu(card,&apdu,SC_APDU_CASE_3_SHORT,0xF0,0x00,key_id); - apdu.cla=0x84; - apdu.data=sbuf; - apdu.lc=apdu.datalen=9 + sizeof(rsa_key_e) + 4; - - ret=entersafe_transmit_apdu(card,&apdu,init_key,sizeof(init_key),0,1); - SC_TEST_RET(card->ctx, ret, "Preinstall rsa failed"); - - SC_FUNC_RETURN(card->ctx,4,SC_SUCCESS); -} -#endif - static int entersafe_preinstall_rsa_2048(sc_card_t *card,u8 key_id) { u8 sbuf[SC_MAX_APDU_BUFFER_SIZE]; @@ -1450,7 +1384,7 @@ 'E', 0x04, 0x01, 0x00, 0x01, 0x00 }; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); /* create rsa item in IKF */ sbuf[0] = 0x04; /* key len extern */ @@ -1474,7 +1408,7 @@ apdu.lc=apdu.datalen=9 + sizeof(rsa_key_e) + 4; ret = entersafe_transmit_apdu(card,&apdu,init_key,sizeof(init_key),0,1); - SC_TEST_RET(card->ctx, ret, "Preinstall rsa failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, ret, "Preinstall rsa failed"); /* create rsa item in PKF */ sbuf[0] = 0x01; /* key len extern */ @@ -1498,9 +1432,9 @@ apdu.lc=apdu.datalen=9 + sizeof(rsa_key_e) + 4; ret=entersafe_transmit_apdu(card,&apdu,init_key,sizeof(init_key),0,1); - SC_TEST_RET(card->ctx, ret, "Preinstall rsa failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, ret, "Preinstall rsa failed"); - SC_FUNC_RETURN(card->ctx,4,SC_SUCCESS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,SC_SUCCESS); } static int entersafe_preinstall_keys(sc_card_t *card,int (*install_rsa)(sc_card_t *,u8)) @@ -1509,7 +1443,7 @@ u8 sbuf[SC_MAX_APDU_BUFFER_SIZE]; sc_apdu_t apdu; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); {/* RSA */ u8 rsa_index; @@ -1518,7 +1452,7 @@ ++rsa_index) { r=install_rsa(card,rsa_index); - SC_TEST_RET(card->ctx, r, "Preinstall rsa key failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Preinstall rsa key failed"); } } @@ -1541,7 +1475,7 @@ apdu.lc=apdu.datalen=0x19; r = entersafe_transmit_apdu(card,&apdu,init_key,sizeof(init_key),0,1); - SC_TEST_RET(card->ctx, r, "Preinstall key maintain failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Preinstall key maintain failed"); } {/* user PIN */ @@ -1562,7 +1496,7 @@ apdu.lc=apdu.datalen=0x19; r = entersafe_transmit_apdu(card,&apdu,init_key,sizeof(init_key),0,1); - SC_TEST_RET(card->ctx, r, "Preinstall user PIN failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Preinstall user PIN failed"); } {/* user PUK */ @@ -1583,51 +1517,18 @@ apdu.lc=apdu.datalen=0x19; r = entersafe_transmit_apdu(card,&apdu,init_key,sizeof(init_key),0,1); - SC_TEST_RET(card->ctx, r, "Preinstall user PUK failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Preinstall user PUK failed"); } - SC_FUNC_RETURN(card->ctx,4,SC_SUCCESS); -} - -#if 0 -static int entersafe_card_ctl_1024(sc_card_t *card, unsigned long cmd, void *ptr) -{ - sc_entersafe_create_data * tmp = (sc_entersafe_create_data *)ptr; - SC_FUNC_CALLED(card->ctx, 1); - - switch (cmd) - { - case SC_CARDCTL_ENTERSAFE_CREATE_FILE: - if (tmp->type == SC_ENTERSAFE_MF_DATA) - return entersafe_create_mf(card, tmp); - else if (tmp->type == SC_ENTERSAFE_DF_DATA) - return entersafe_create_df(card, tmp); - else if (tmp->type == SC_ENTERSAFE_EF_DATA) - return entersafe_create_ef(card, tmp); - else - return SC_ERROR_INTERNAL; - case SC_CARDCTL_ENTERSAFE_WRITE_KEY: - return entersafe_write_key(card, (sc_entersafe_wkey_data *)ptr); - case SC_CARDCTL_ENTERSAFE_GENERATE_KEY: - return entersafe_gen_key(card, (sc_entersafe_gen_key_data *)ptr); - case SC_CARDCTL_ERASE_CARD: - return entersafe_erase_card(card); - case SC_CARDCTL_GET_SERIALNR: - return entersafe_get_serialnr(card, (sc_serial_number_t *)ptr); - case SC_CARDCTL_ENTERSAFE_PREINSTALL_KEYS: - return entersafe_preinstall_keys(card,entersafe_preinstall_rsa_1024); - default: - return SC_ERROR_NOT_SUPPORTED; - } + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,SC_SUCCESS); } -#endif static int entersafe_card_ctl_2048(sc_card_t *card, unsigned long cmd, void *ptr) { sc_entersafe_create_data *tmp = (sc_entersafe_create_data *)ptr; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); switch (cmd) { diff -Nru opensc-0.11.13/src/libopensc/card-flex.c opensc-0.12.1/src/libopensc/card-flex.c --- opensc-0.11.13/src/libopensc/card-flex.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/card-flex.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,11 +18,15 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" -#include "cardctl.h" +#include "config.h" + #include #include +#include "internal.h" +#include "cardctl.h" + +#define FLAG_KEYGEN 0x80000000 #define IS_CYBERFLEX(card) (card->type == SC_CARD_TYPE_FLEX_CYBER) static struct sc_atr_table flex_atrs[] = { @@ -36,41 +40,38 @@ /* 8k */ { "3B:85:40:20:68:01:01:05:01", NULL, "Cryptoflex 8K", SC_CARD_TYPE_FLEX_CRYPTO, 0, NULL }, /* 16k */ - { "3B:95:94:40:FF:63:01:01:02:01", NULL, "Cryptoflex 16K", SC_CARD_TYPE_FLEX_CRYPTO, SC_CARD_FLAG_ONBOARD_KEY_GEN, NULL }, + { "3B:95:94:40:FF:63:01:01:02:01", NULL, "Cryptoflex 16K", SC_CARD_TYPE_FLEX_CRYPTO, FLAG_KEYGEN, NULL }, /* "16K+SS1" alias Cryptoflex 16 card with Standard Softmask V1 */ /* (taken from Cryptoflex Card Programmers Guide 4.5 Page xviii) */ /* last two bytes can be ignored - version of the softmask */ { "3B:95:15:40:FF:63:01:01:02:01", "FF:FF:FF:FF:FF:FF:FF:FF:00:00", - "Cryptoflex 16K", SC_CARD_TYPE_FLEX_CRYPTO, - SC_CARD_FLAG_ONBOARD_KEY_GEN, NULL }, + "Cryptoflex 16K", SC_CARD_TYPE_FLEX_CRYPTO, FLAG_KEYGEN, NULL }, /* 32K v4 */ /* "32K+SS1" alias Cryptoflex 32 card with Standard Softmask V1 */ /* (taken from Cryptoflex Card Programmers Guide 4.5 Page xviii) */ /* last two bytes can be ignored - version of the softmask */ { "3B:95:18:40:FF:64:02:01:01:02","FF:FF:FF:FF:FF:FF:FF:FF:00:00", - "Cryptoflex 32K v4", SC_CARD_TYPE_FLEX_CRYPTO, - SC_CARD_FLAG_ONBOARD_KEY_GEN, NULL }, + "Cryptoflex 32K v4", SC_CARD_TYPE_FLEX_CRYPTO, FLAG_KEYGEN, NULL }, /* "32K+e-gate" alias Cryptoflex e-gate 32K card */ /* (taken from Cryptoflex Card Programmers Guide 4.5 Page xviii) */ /* last two bytes can be ignored - version of the softmask */ { "3B:95:18:40:FF:62:01:01:00:00", "FF:FF:FF:FF:FF:FF:FF:FF:00:00", - "Cryptoflex e-gate 32K", SC_CARD_TYPE_FLEX_CRYPTO, - SC_CARD_FLAG_ONBOARD_KEY_GEN, NULL }, + "Cryptoflex e-gate 32K", SC_CARD_TYPE_FLEX_CRYPTO, FLAG_KEYGEN, NULL }, /* 32K e-gate */ - { "3B:95:18:40:FF:62:01:02:01:04", NULL, "Cryptoflex 32K e-gate", SC_CARD_TYPE_FLEX_CRYPTO, SC_CARD_FLAG_ONBOARD_KEY_GEN, NULL }, + { "3B:95:18:40:FF:62:01:02:01:04", NULL, "Cryptoflex 32K e-gate", SC_CARD_TYPE_FLEX_CRYPTO, FLAG_KEYGEN, NULL }, /* 32K e-gate v4 */ - { "3B:95:18:40:FF:62:04:01:01:05", NULL, "Cryptoflex 32K e-gate v4", SC_CARD_TYPE_FLEX_CRYPTO, SC_CARD_FLAG_ONBOARD_KEY_GEN, NULL }, + { "3B:95:18:40:FF:62:04:01:01:05", NULL, "Cryptoflex 32K e-gate v4", SC_CARD_TYPE_FLEX_CRYPTO, FLAG_KEYGEN, NULL }, /* new cryptoflex 32k card - atr looks very similiar to old 8k card */ - { "3b:95:15:40:ff:68:01:02:45:47", NULL, "Cryptoflex 32K", SC_CARD_TYPE_FLEX_CRYPTO, SC_CARD_FLAG_ONBOARD_KEY_GEN, NULL }, + { "3b:95:15:40:ff:68:01:02:45:47", NULL, "Cryptoflex 32K", SC_CARD_TYPE_FLEX_CRYPTO, FLAG_KEYGEN, NULL }, { "3B:E2:00:00:40:20:49:06", NULL, "Cryptoflex", SC_CARD_TYPE_FLEX_CRYPTO, 0, NULL }, /* + full DES option */ { "3B:E2:00:00:40:20:49:05", NULL, "Cryptoflex", SC_CARD_TYPE_FLEX_CRYPTO, 0, NULL }, /* + Key Generation */ - { "3B:E2:00:00:40:20:49:07", NULL, "Cryptoflex", SC_CARD_TYPE_FLEX_CRYPTO, SC_CARD_FLAG_ONBOARD_KEY_GEN, NULL }, + { "3B:E2:00:00:40:20:49:07", NULL, "Cryptoflex", SC_CARD_TYPE_FLEX_CRYPTO, FLAG_KEYGEN, NULL }, /* + Key Generation */ - { "3B:85:40:20:68:01:01:03:05", NULL, "Cryptoflex", SC_CARD_TYPE_FLEX_CRYPTO, SC_CARD_FLAG_ONBOARD_KEY_GEN, NULL }, + { "3B:85:40:20:68:01:01:03:05", NULL, "Cryptoflex", SC_CARD_TYPE_FLEX_CRYPTO, FLAG_KEYGEN, NULL }, /* Multiflex */ /* 3K */ @@ -166,7 +167,7 @@ { struct flex_private_data *data; - if (!(data = (struct flex_private_data *) malloc(sizeof(*data)))) + if (!(data = malloc(sizeof(*data)))) return SC_ERROR_OUT_OF_MEMORY; card->drv_data = data; @@ -187,7 +188,7 @@ flags = SC_ALGORITHM_RSA_RAW; flags |= SC_ALGORITHM_RSA_HASH_NONE; - if (card->flags & SC_CARD_FLAG_ONBOARD_KEY_GEN) + if (card->flags & FLAG_KEYGEN) flags |= SC_ALGORITHM_ONBOARD_KEY_GEN; _sc_card_add_rsa_alg(card, 512, flags, 0); @@ -269,10 +270,10 @@ apdu.resplen = 3; apdu.resp = rbuf; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 != 0x90 && apdu.sw2 != 0x00) return 0; - sc_debug(card->ctx, "AC Keys: %02X %02X %02X\n", rbuf[0], rbuf[1], rbuf[2]); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "AC Keys: %02X %02X %02X\n", rbuf[0], rbuf[1], rbuf[2]); #endif return 0; } @@ -284,7 +285,7 @@ sc_context_t *ctx = card->ctx; const u8 *p = buf + 2; u8 b1, b2; - int left, is_mf = 0; + int is_mf = 0; if (buflen < 14) return -1; @@ -317,7 +318,7 @@ file->type = SC_FILE_TYPE_DF; break; default: - sc_error(ctx, "invalid file type: 0x%02X\n", *p); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "invalid file type: 0x%02X\n", *p); return SC_ERROR_UNKNOWN_DATA_RECEIVED; } p += 2; @@ -348,11 +349,10 @@ add_acl_entry(card, file, SC_AC_OP_INVALIDATE, (u8)(p[2] & 0x0F)); } p += 3; - if (*p++) + if (*p) file->status = SC_FILE_STATUS_ACTIVATED; else file->status = SC_FILE_STATUS_INVALIDATED; - left = *p++; return cryptoflex_get_ac_keys(card, file); } @@ -386,7 +386,7 @@ file->type = SC_FILE_TYPE_WORKING_EF; break; default: - sc_error(ctx, "invalid file type: 0x%02X\n", *p); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "invalid file type: 0x%02X\n", *p); return SC_ERROR_UNKNOWN_DATA_RECEIVED; } @@ -436,7 +436,7 @@ #endif break; default: - sc_error(ctx, "invalid file type: 0x%02X\n", *p); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "invalid file type: 0x%02X\n", *p); return SC_ERROR_UNKNOWN_DATA_RECEIVED; } switch (file->ef_structure) { @@ -539,13 +539,10 @@ sc_apdu_t apdu; u8 rbuf[SC_MAX_APDU_BUFFER_SIZE]; sc_file_t *file; + char debug_buf[32]; - if (card->ctx->debug >= 4) { - char string[32]; - - sc_bin_to_hex(buf, buflen, string, sizeof(string), 0); - sc_debug(card->ctx, "called, p1=%u, path=%s\n", p1, string); - } + sc_bin_to_hex(buf, buflen, debug_buf, sizeof(debug_buf), 0); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "called, p1=%u, path=%s\n", p1, debug_buf); sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0xA4, p1, 0); apdu.resp = rbuf; @@ -561,9 +558,9 @@ apdu.le = 0; } r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); if (file_out == NULL) return 0; @@ -571,12 +568,12 @@ if (apdu.resplen < 14) return SC_ERROR_UNKNOWN_DATA_RECEIVED; if (apdu.resp[0] == 0x6F) { - sc_error(card->ctx, "unsupported: card returned FCI\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "unsupported: card returned FCI\n"); return SC_ERROR_UNKNOWN_DATA_RECEIVED; /* FIXME */ } file = sc_file_new(); if (file == NULL) - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_OUT_OF_MEMORY); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); /* We abuse process_fci here even though it's not the real FCI. */ r = card->ops->process_fci(card, file, apdu.resp, apdu.resplen); @@ -597,16 +594,14 @@ size_t pathlen = path->len; int locked = 0, magic_done; u8 p1 = 0; + char pbuf[SC_MAX_PATH_STRING_SIZE]; - if (card->ctx->debug >= 2) { - char pbuf[SC_MAX_PATH_STRING_SIZE]; - r = sc_path_print(pbuf, sizeof(pbuf), &card->cache.current_path); - if (r != SC_SUCCESS) - pbuf[0] = '\0'; + r = sc_path_print(pbuf, sizeof(pbuf), &card->cache.current_path); + if (r != SC_SUCCESS) + pbuf[0] = '\0'; - sc_debug(card->ctx, "called, cached path=%s\n", pbuf); - } + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "called, cached path=%s\n", pbuf); switch (path->type) { case SC_PATH_TYPE_PATH: @@ -618,18 +613,18 @@ if (pathlen != 2 || memcmp(pathptr, "\x3F\x00", 2) != 0) { locked = 1; r = sc_lock(card); - SC_TEST_RET(card->ctx, r, "sc_lock() failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "sc_lock() failed"); if (!magic_done && memcmp(pathptr, "\x3F\x00", 2) != 0) { r = select_file_id(card, (const u8 *) "\x3F\x00", 2, 0, NULL); if (r) sc_unlock(card); - SC_TEST_RET(card->ctx, r, "Unable to select Master File (MF)"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Unable to select Master File (MF)"); } while (pathlen > 2) { r = select_file_id(card, pathptr, 2, 0, NULL); if (r) sc_unlock(card); - SC_TEST_RET(card->ctx, r, "Unable to select DF"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Unable to select DF"); pathptr += 2; pathlen -= 2; } @@ -647,7 +642,7 @@ if (locked) sc_unlock(card); cache_path(card, path, r); - SC_FUNC_RETURN(card->ctx, 2, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); } static int cryptoflex_list_files(sc_card_t *card, u8 *buf, size_t buflen) @@ -672,7 +667,7 @@ if (r) return r; if (apdu.resplen != 4) { - sc_error(card->ctx, "expected 4 bytes, got %d.\n", apdu.resplen); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "expected 4 bytes, got %d.\n", apdu.resplen); return SC_ERROR_UNKNOWN_DATA_RECEIVED; } memcpy(buf, rbuf + 2, 2); @@ -707,7 +702,7 @@ if (r) return r; if (apdu.resplen != 6) { - sc_error(card->ctx, "expected 6 bytes, got %d.\n", apdu.resplen); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "expected 6 bytes, got %d.\n", apdu.resplen); return SC_ERROR_UNKNOWN_DATA_RECEIVED; } memcpy(buf, rbuf + 4, 2); @@ -723,10 +718,10 @@ sc_apdu_t apdu; int r; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); if (path->type != SC_PATH_TYPE_FILE_ID && path->len != 2) { - sc_error(card->ctx, "File type has to be SC_PATH_TYPE_FILE_ID\n"); - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "File type has to be SC_PATH_TYPE_FILE_ID\n"); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS); } sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xE4, 0x00, 0x00); if (!IS_CYBERFLEX(card)) @@ -736,7 +731,7 @@ apdu.datalen = 2; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); return sc_check_sw(card, apdu.sw1, apdu.sw2); } @@ -810,7 +805,7 @@ p[6] = 0x06; break; default: - sc_error(card->ctx, "Invalid EF structure\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Invalid EF structure\n"); return -1; } p[7] = 0xFF; /* allow Decrease and Increase */ @@ -836,7 +831,7 @@ continue; entry = sc_file_get_acl_entry(file, ops[i]); r = acl_to_ac_nibble(entry); - SC_TEST_RET(card->ctx, r, "Invalid ACL value"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Invalid ACL value"); /* Do some magic to get the nibbles right */ p[8 + i/2] |= (r & 0x0F) << (((i+1) % 2) * 4); r = acl_to_keynum_nibble(entry); @@ -878,7 +873,7 @@ break; } - sc_debug(card->ctx, "Creating %02x:%02x, size %d %02x:%02x\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Creating %02x:%02x, size %d %02x:%02x\n", file->id >> 8, file->id & 0xFF, size, @@ -906,7 +901,7 @@ p[4] = 0x1D; break; default: - sc_error(card->ctx, "Invalid EF structure\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Invalid EF structure\n"); return -1; } p[5] = 0x01; /* status?? */ @@ -945,7 +940,7 @@ * abstracting the Cryptoflex/Cyberflex differences */ r = card->ops->construct_fci(card, file, sbuf, &sendlen); if (r) { - sc_error(card->ctx, "File structure encoding failed.\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "File structure encoding failed.\n"); return SC_ERROR_INVALID_ARGUMENTS; } if (file->type != SC_FILE_TYPE_DF && file->ef_structure != SC_FILE_EF_TRANSPARENT) @@ -960,10 +955,10 @@ apdu.lc = sendlen; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); - if (card->cache_valid) { + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); + if (card->cache.valid) { u8 file_id[2]; file_id[0] = file->id >> 8; @@ -982,33 +977,33 @@ if (env->operation != SC_SEC_OPERATION_SIGN && env->operation != SC_SEC_OPERATION_DECIPHER) { - sc_error(card->ctx, "Invalid crypto operation supplied.\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Invalid crypto operation supplied.\n"); return SC_ERROR_NOT_SUPPORTED; } if (env->algorithm != SC_ALGORITHM_RSA) { - sc_error(card->ctx, "Invalid crypto algorithm supplied.\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Invalid crypto algorithm supplied.\n"); return SC_ERROR_NOT_SUPPORTED; } if ((env->algorithm_flags & SC_ALGORITHM_RSA_PADS) || (env->algorithm_flags & SC_ALGORITHM_RSA_HASHES)) { - sc_error(card->ctx, "Card supports only raw RSA.\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Card supports only raw RSA.\n"); return SC_ERROR_NOT_SUPPORTED; } if (env->flags & SC_SEC_ENV_KEY_REF_PRESENT) { if (env->key_ref_len != 1 || (env->key_ref[0] != 0 && env->key_ref[0] != 1)) { - sc_error(card->ctx, "Invalid key reference supplied.\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Invalid key reference supplied.\n"); return SC_ERROR_NOT_SUPPORTED; } prv->rsa_key_ref = env->key_ref[0]; } if (env->flags & SC_SEC_ENV_ALG_REF_PRESENT) { - sc_error(card->ctx, "Algorithm reference not supported.\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Algorithm reference not supported.\n"); return SC_ERROR_NOT_SUPPORTED; } if (env->flags & SC_SEC_ENV_FILE_REF_PRESENT) if (memcmp(env->file_ref.value, "\x00\x12", 2) != 0) { - sc_error(card->ctx, "File reference is not 0012.\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "File reference is not 0012.\n"); return SC_ERROR_NOT_SUPPORTED; } return 0; @@ -1030,11 +1025,11 @@ size_t i, i2; if (data_len != 64 && data_len != 96 && data_len != 128 && data_len != 256) { - sc_error(card->ctx, "Illegal input length: %d\n", data_len); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Illegal input length: %d\n", data_len); return SC_ERROR_INVALID_ARGUMENTS; } if (outlen < data_len) { - sc_error(card->ctx, "Output buffer too small.\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Output buffer too small.\n"); return SC_ERROR_BUFFER_TOO_SMALL; } sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0x88, 0x00, prv->rsa_key_ref); @@ -1050,9 +1045,9 @@ for (i2 = 0; i2 < 10; i2++) sbuf[i2]=data[data_len-1-i2]; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); data_len -= 10; sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0x88, 0x00, prv->rsa_key_ref); apdu.cla=0x0; @@ -1066,11 +1061,10 @@ apdu.resplen = outlen > sizeof(sbuf) ? sizeof(sbuf) : outlen; apdu.le = apdu.resplen > 256 ? 256 : apdu.resplen; apdu.resp = sbuf; - apdu.sensitive = 1; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); for (i = 0; i < apdu.resplen; i++) out[i] = sbuf[apdu.resplen-1-i]; return apdu.resplen; @@ -1090,13 +1084,13 @@ case 96: alg_id = 0xC6; break; case 128: alg_id = 0xC8; break; default: - sc_error(card->ctx, "Illegal input length: %d\n", data_len); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Illegal input length: %d\n", data_len); return SC_ERROR_INVALID_ARGUMENTS; } key_id = prv->rsa_key_ref + 1; /* Why? */ if (outlen < data_len) { - sc_error(card->ctx, "Output buffer too small.\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Output buffer too small.\n"); return SC_ERROR_BUFFER_TOO_SMALL; } sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x88, alg_id, key_id); @@ -1106,11 +1100,10 @@ apdu.data = data; apdu.resplen = outlen; apdu.resp = out; - apdu.sensitive = 1; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); return apdu.resplen; } @@ -1163,7 +1156,7 @@ case 1024: p2 = 0x80; break; case 2048: p2 = 0x00; break; default: - sc_error(card->ctx, "Illegal key length: %d\n", data->key_bits); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Illegal key length: %d\n", data->key_bits); return SC_ERROR_INVALID_ARGUMENTS; } @@ -1183,9 +1176,9 @@ sbuf[3] = data->exponent >> 24; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); data->pubkey_len = apdu.resplen; return 0; @@ -1215,7 +1208,7 @@ len = tfile->size; sc_file_free(tfile); if (len != 8) { - sc_debug(card->ctx, "unexpected file length of EF_ICCSN (%lu)\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "unexpected file length of EF_ICCSN (%lu)\n", (unsigned long) len); return SC_ERROR_INTERNAL; } @@ -1279,7 +1272,6 @@ apdu->data = sbuf; apdu->datalen = len; apdu->lc = len; - apdu->sensitive = 1; return 0; } @@ -1287,6 +1279,7 @@ static void flex_init_pin_info(struct sc_pin_cmd_pin *pin, unsigned int num) { pin->encoding = SC_PIN_ENCODING_ASCII; + pin->min_length = 4; pin->max_length = 8; pin->pad_length = 8; pin->offset = 5 + num * 8; @@ -1336,12 +1329,12 @@ apdu.cla = 0xF0; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } diff -Nru opensc-0.11.13/src/libopensc/card-gemsafeV1.c opensc-0.12.1/src/libopensc/card-gemsafeV1.c --- opensc-0.11.13/src/libopensc/card-gemsafeV1.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/card-gemsafeV1.c 2011-05-17 17:07:00.000000000 +0000 @@ -15,13 +15,17 @@ */ /* Initially written by David Mattes (david.mattes@boeing.com) */ +/* Portuguese eID card support by Joao Poupino (joao.poupino@ist.utl.pt) */ + +#include "config.h" -#include "internal.h" -#include "cardctl.h" -#include "asn1.h" #include #include +#include "internal.h" +#include "asn1.h" +#include "cardctl.h" + static struct sc_card_operations gemsafe_ops; static struct sc_card_operations *iso_ops = NULL; @@ -32,20 +36,31 @@ NULL, 0, NULL }; -static const char *gemexpresso_atrs[] = { - /* standard version */ - "3B:7B:94:00:00:80:65:B0:83:01:01:74:83:00:90:00", - "3B:6B:00:00:80:65:B0:83:01:01:74:83:00:90:00", - /* fips 140 version */ - "3B:6B:00:00:80:65:B0:83:01:03:74:83:00:90:00", - /* TODO: add more ATRs */ - "3B:7A:94:00:00:80:65:A2:01:01:01:3D:72:D6:43", - "3B:7D:94:00:00:80:31:80:65:B0:83:01:01:90:83:00:90:00", - NULL +/* Known ATRs */ +static struct sc_atr_table gemsafe_atrs[] = { + /* standard version */ + {"3B:7B:94:00:00:80:65:B0:83:01:01:74:83:00:90:00", NULL, NULL, SC_CARD_TYPE_GEMSAFEV1_GENERIC, 0, NULL}, + {"3B:6B:00:00:80:65:B0:83:01:01:74:83:00:90:00", NULL, NULL, SC_CARD_TYPE_GEMSAFEV1_GENERIC, 0, NULL}, + /* GemSafeXpresso 32K */ + {"3b:6d:00:00:80:31:80:65:b0:83:01:02:90:83:00:90:00", NULL, NULL, SC_CARD_TYPE_GEMSAFEV1_GENERIC, 0, NULL}, + /* fips 140 version */ + {"3B:6B:00:00:80:65:B0:83:01:03:74:83:00:90:00", NULL, NULL, SC_CARD_TYPE_GEMSAFEV1_GENERIC, 0, NULL}, + /* Undefined */ + {"3B:7A:94:00:00:80:65:A2:01:01:01:3D:72:D6:43", NULL, NULL, SC_CARD_TYPE_GEMSAFEV1_GENERIC, 0, NULL}, + {"3B:7D:94:00:00:80:31:80:65:B0:83:01:01:90:83:00:90:00", NULL, NULL, SC_CARD_TYPE_GEMSAFEV1_GENERIC, 0, NULL}, + /* Portuguese eID cards */ + {"3B:7D:95:00:00:80:31:80:65:B0:83:11:C0:A9:83:00", NULL, NULL, SC_CARD_TYPE_GEMSAFEV1_PTEID, 0, NULL}, + {"3B:7D:95:00:00:80:31:80:65:B0:83:11:C0:A9:83:00:90:00", NULL, NULL, SC_CARD_TYPE_GEMSAFEV1_PTEID, 0, NULL}, + {"3B:7D:95:00:00:80:31:80:65:B0:83:11:00:C8:83:00", NULL, NULL, SC_CARD_TYPE_GEMSAFEV1_PTEID, 0, NULL}, + {"3B:7D:95:00:00:80:31:80:65:B0:83:11:00:C8:83:00:90:00", NULL, NULL, SC_CARD_TYPE_GEMSAFEV1_PTEID, 0, NULL}, + {NULL, NULL, NULL, 0, 0, NULL} }; static const u8 gemsafe_def_aid[] = {0xA0, 0x00, 0x00, 0x00, 0x18, 0x0A, 0x00, 0x00, 0x01, 0x63, 0x42, 0x00}; + +static const u8 gemsafe_pteid_aid[] = {0x60, 0x46, 0x32, 0xFF, 0x00, 0x00, 0x02}; + /* static const u8 gemsafe_def_aid[] = {0xA0, 0x00, 0x00, 0x00, 0x63, 0x50, 0x4B, 0x43, 0x53, 0x2D, 0x31, 0x35}; @@ -63,7 +78,7 @@ int i; const char *str_aid; - SC_FUNC_CALLED(ctx, 1); + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); conf_block = NULL; for (i = 0; ctx->conf_blocks[i] != NULL; i++) { @@ -75,13 +90,13 @@ } if (!conf_block) { - sc_debug(ctx, "no card specific options configured, trying default AID\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "no card specific options configured, trying default AID\n"); return SC_ERROR_INTERNAL; } str_aid = scconf_get_str(conf_block, "aid", NULL); if (!str_aid) { - sc_debug(ctx, "no aid configured, trying default AID\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "no aid configured, trying default AID\n"); return SC_ERROR_INTERNAL; } return sc_hex_to_bin(str_aid, aid, len); @@ -94,7 +109,7 @@ struct sc_context *ctx = card->ctx; struct sc_apdu apdu; - SC_FUNC_CALLED(ctx, 1); + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0xa4, 0x04, 0x00); apdu.lc = aid_len; @@ -105,35 +120,20 @@ apdu.resplen = sizeof(buf); r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(ctx, r, "APDU transmit failed"); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (r) - SC_FUNC_RETURN(ctx, 2, r); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); return SC_SUCCESS; } -static int gemsafe_match_card(struct sc_card *card) +static int gemsafe_match_card(sc_card_t *card) { - int i, match = -1; + int i; - SC_FUNC_CALLED(card->ctx, 1); - - for (i = 0; gemexpresso_atrs[i] != NULL; i++) { - u8 defatr[SC_MAX_ATR_SIZE]; - size_t len = sizeof(defatr); - const char *atrp = gemexpresso_atrs[i]; - - if (sc_hex_to_bin(atrp, defatr, &len)) - continue; - if (len != card->atr_len) - continue; - if (memcmp(card->atr, defatr, len) != 0) - continue; - match = i + 1; - break; - } - if (match == -1) + i = _sc_match_atr(card, gemsafe_atrs, &card->type); + if (i < 0) return 0; return 1; @@ -144,7 +144,7 @@ int r; gemsafe_exdata *exdata = NULL; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); card->name = "GemSAFE V1"; card->cla = 0x00; @@ -153,12 +153,17 @@ if (!exdata) return SC_ERROR_OUT_OF_MEMORY; exdata->aid_len = sizeof(exdata->aid); - /* try to get a AID from the config file */ - r = get_conf_aid(card, exdata->aid, &exdata->aid_len); - if (r < 0) { - /* failed, use default value */ - memcpy(exdata->aid, gemsafe_def_aid, sizeof(gemsafe_def_aid)); - exdata->aid_len = sizeof(gemsafe_def_aid); + if(card->type == SC_CARD_TYPE_GEMSAFEV1_GENERIC) { + /* try to get a AID from the config file */ + r = get_conf_aid(card, exdata->aid, &exdata->aid_len); + if (r < 0) { + /* failed, use default value */ + memcpy(exdata->aid, gemsafe_def_aid, sizeof(gemsafe_def_aid)); + exdata->aid_len = sizeof(gemsafe_def_aid); + } + } else if (card->type == SC_CARD_TYPE_GEMSAFEV1_PTEID) { + memcpy(exdata->aid, gemsafe_pteid_aid, sizeof(gemsafe_pteid_aid)); + exdata->aid_len = sizeof(gemsafe_pteid_aid); } /* increase lock_count here to prevent sc_unlock to select @@ -168,7 +173,7 @@ r = gp_select_applet(card, exdata->aid, exdata->aid_len); if (r < 0) { free(exdata); - sc_debug(card->ctx, "applet selection failed\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "applet selection failed\n"); return SC_ERROR_INTERNAL; } card->lock_count--; @@ -207,7 +212,7 @@ struct sc_file **file_out) { /* so far just call the iso select file (but this will change) */ - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); return iso_ops->select_file(card, path, file_out); } @@ -251,8 +256,8 @@ cond = *p++; else cond = 0xff; - if(ctx->debug >= 3) - sc_debug(ctx, "DF security byte CREATE DF: %02x\n", cond); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + "DF security byte CREATE DF: %02x\n", cond); r = gemsafe_sc2acl(file, SC_AC_OP_CREATE, cond); if (r < 0) return r; @@ -260,8 +265,8 @@ cond = *p; else cond = 0xff; - if(ctx->debug >= 3) - sc_debug(ctx, "DF security byte CREATE EF: %02x\n", cond); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + "DF security byte CREATE EF: %02x\n", cond); /* XXX: opensc doesn't currently separate access conditions for * CREATE EF and CREATE DF, this should be changed */ r = gemsafe_sc2acl(file, SC_AC_OP_CREATE, cond); @@ -274,8 +279,8 @@ cond = *p++; else cond = 0xff; - if(ctx->debug >= 3) - sc_debug(ctx, "EF security byte UPDATE/ERASE BINARY: %02x\n", cond); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + "EF security byte UPDATE/ERASE BINARY: %02x\n", cond); r = gemsafe_sc2acl(file, SC_AC_OP_UPDATE, cond); if (r < 0) return r; @@ -289,8 +294,8 @@ cond = *p; else cond = 0xff; - if(ctx->debug >= 3) - sc_debug(ctx, "EF security byte READ BINARY: %02x\n", cond); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + "EF security byte READ BINARY: %02x\n", cond); r = gemsafe_sc2acl(file, SC_AC_OP_READ, cond); if (r < 0) return r; @@ -308,13 +313,13 @@ const char *type; struct sc_context *ctx = card->ctx; - SC_FUNC_CALLED(ctx, 1); + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); r = iso_ops->process_fci(card, file, buf, len); if (r < 0) return r; - if (ctx->debug >= 3) - sc_debug(ctx, "processing GemSAFE V1 specific FCI information\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + "processing GemSAFE V1 specific FCI information\n"); tag = sc_asn1_find_tag(ctx, p, len, 0x82, &tlen); @@ -327,34 +332,33 @@ file->type = SC_FILE_TYPE_WORKING_EF; } - if (ctx->debug >= 3) - sc_debug(ctx, "file type: %s\n", type); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "file type: %s\n", type); tag = sc_asn1_find_tag(ctx, p, len, 0x8C, &tlen); if (tag) { r = gemsafe_setacl(card, file, tag, strcmp(type, "DF") ? 0 : 1); if (r < 0) { - sc_debug(ctx, "unable to set ACL\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "unable to set ACL\n"); return SC_ERROR_INTERNAL; } } else - sc_debug(ctx, "error: AM and SC bytes missing\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "error: AM and SC bytes missing\n"); return SC_SUCCESS; } -static u8 gemsafe_flags2algref(const struct sc_security_env *env) +static u8 gemsafe_flags2algref(struct sc_card *card, const struct sc_security_env *env) { u8 ret = 0; if (env->operation == SC_SEC_OPERATION_SIGN) { if (env->algorithm_flags & SC_ALGORITHM_RSA_PAD_PKCS1) - ret = 0x12; + ret = card->type == SC_CARD_TYPE_GEMSAFEV1_PTEID ? 0x02 : 0x12; else if (env->algorithm_flags & SC_ALGORITHM_RSA_PAD_ISO9796) ret = 0x11; } else if (env->operation == SC_SEC_OPERATION_DECIPHER) { if (env->algorithm_flags & SC_ALGORITHM_RSA_PAD_PKCS1) - ret = 0x12; + ret = card->type == SC_CARD_TYPE_GEMSAFEV1_PTEID ? 0x02 : 0x12; } return ret; @@ -365,12 +369,12 @@ int r; struct sc_apdu apdu; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x22, 0x73, (u8) se_num); r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); return sc_check_sw(card, apdu.sw1, apdu.sw2); } @@ -384,18 +388,18 @@ struct sc_security_env se_env = *env; struct sc_context *ctx = card->ctx; - SC_FUNC_CALLED(ctx, 1); + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); if (!(se_env.flags & SC_SEC_ENV_ALG_REF_PRESENT)) { /* set the algorithm reference */ - alg_ref = gemsafe_flags2algref(&se_env); + alg_ref = gemsafe_flags2algref(card, &se_env); if (alg_ref) { se_env.algorithm_ref = alg_ref; se_env.flags |= SC_SEC_ENV_ALG_REF_PRESENT; } } if (!(se_env.flags & SC_SEC_ENV_ALG_REF_PRESENT)) - sc_debug(ctx, "unknown algorithm flags '%x'\n", se_env.algorithm_flags); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "unknown algorithm flags '%x'\n", se_env.algorithm_flags); se_env.flags &= ~SC_SEC_ENV_FILE_REF_PRESENT; return iso_ops->set_security_env(card, &se_env, se_num); @@ -404,24 +408,29 @@ static int gemsafe_compute_signature(struct sc_card *card, const u8 * data, size_t data_len, u8 * out, size_t outlen) { - int r; + int r, len; struct sc_apdu apdu; u8 rbuf[SC_MAX_APDU_BUFFER_SIZE]; u8 sbuf[SC_MAX_APDU_BUFFER_SIZE]; sc_context_t *ctx = card->ctx; - SC_FUNC_CALLED(ctx, 1); + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); if (data_len > 36) { - sc_debug(ctx, "error: input data too long: %lu bytes\n", data_len); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "error: input data too long: %lu bytes\n", data_len); return SC_ERROR_INVALID_ARGUMENTS; } - sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0x2A, 0x9E, 0xAC); - apdu.cla |= 0x80; - apdu.resp = rbuf; - apdu.resplen = sizeof(rbuf); - apdu.le = 256; + /* the Portuguese eID card requires a two-phase exchange */ + if(card->type == SC_CARD_TYPE_GEMSAFEV1_PTEID) { + sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x2A, 0x90, 0xA0); + } else { + sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0x2A, 0x9E, 0xAC); + apdu.cla |= 0x80; + apdu.resp = rbuf; + apdu.resplen = sizeof(rbuf); + apdu.le = 256; + } /* we sign a digestInfo object => tag 0x90 */ sbuf[0] = 0x90; sbuf[1] = (u8)data_len; @@ -429,17 +438,27 @@ apdu.data = sbuf; apdu.lc = data_len + 2; apdu.datalen = data_len + 2; - apdu.sensitive = 1; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00) { - int len = apdu.resplen > outlen ? outlen : apdu.resplen; + if(card->type == SC_CARD_TYPE_GEMSAFEV1_PTEID) { + /* finalize the exchange */ + sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0x2A, 0x9E, 0x9A); + apdu.le = 128; /* 1024 bit keys */ + apdu.resp = rbuf; + apdu.resplen = sizeof(rbuf); + r = sc_transmit_apdu(card, &apdu); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); + if(apdu.sw1 != 0x90 || apdu.sw2 != 0x00) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); + } + len = apdu.resplen > outlen ? outlen : apdu.resplen; memcpy(out, apdu.resp, len); - SC_FUNC_RETURN(card->ctx, 4, len); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, len); } - SC_FUNC_RETURN(card->ctx, 2, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); } static int gemsafe_decipher(struct sc_card *card, const u8 * crgram, @@ -450,29 +469,47 @@ u8 rbuf[SC_MAX_APDU_BUFFER_SIZE]; sc_context_t *ctx = card->ctx; - SC_FUNC_CALLED(ctx, 1); + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); if (crgram_len > 255) - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0x2A, 0x80, 0x84); apdu.cla |= 0x80; apdu.resp = rbuf; apdu.resplen = sizeof(rbuf); apdu.le = crgram_len; - apdu.sensitive = 1; apdu.data = crgram; apdu.lc = crgram_len; apdu.datalen = crgram_len; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00) { int len = apdu.resplen > outlen ? outlen : apdu.resplen; memcpy(out, apdu.resp, len); - SC_FUNC_RETURN(card->ctx, 2, len); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, len); } - SC_FUNC_RETURN(card->ctx, 2, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); +} + +static int gemsafe_get_challenge(sc_card_t *card, u8 *rnd, size_t len) +{ + int prev_cla, r; + + prev_cla = card->cla; + if(card->type == SC_CARD_TYPE_GEMSAFEV1_PTEID) { + /* Warning: this depends on iso7816_get_challenge not + * changing the value of the card's CLA + */ + card->cla = 0x80; + } + r = iso_ops->get_challenge(card, rnd, len); + /* Restore the CLA value if needed */ + if(card->cla != prev_cla) + card->cla = prev_cla; + + return r; } static int gemsafe_build_pin_apdu(struct sc_card *card, @@ -549,7 +586,6 @@ apdu->datalen = len; apdu->data = sbuf; apdu->resplen = 0; - apdu->sensitive = 1; return 0; } @@ -586,19 +622,17 @@ /* Call the reader driver to collect * the PIN and pass on the APDU to the card */ if (data->pin1.offset == 0) { - sc_error(card->ctx, + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Card driver didn't set PIN offset"); return SC_ERROR_INVALID_ARGUMENTS; } if (card->reader && card->reader->ops && card->reader->ops->perform_verify) { - r = card->reader->ops->perform_verify(card->reader, - card->slot, - data); + r = card->reader->ops->perform_verify(card->reader, data); /* sw1/sw2 filled in by reader driver */ } else { - sc_error(card->ctx, + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Card reader driver does not support " "PIN entry through reader key pad"); r = SC_ERROR_NOT_SUPPORTED; @@ -609,7 +643,7 @@ if (data->apdu == &local_apdu) data->apdu = NULL; - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu->sw1 == 0x63) { if ((apdu->sw2 & 0xF0) == 0xC0 && tries_left != NULL) *tries_left = apdu->sw2 & 0x0F; @@ -625,7 +659,7 @@ iso_ops = iso_drv->ops; /* use the standard iso operations as default */ gemsafe_ops = *iso_drv->ops; - /* gemsafe specfic functions */ + /* gemsafe specific functions */ gemsafe_ops.match_card = gemsafe_match_card; gemsafe_ops.init = gemsafe_init; gemsafe_ops.finish = gemsafe_finish; @@ -634,6 +668,7 @@ gemsafe_ops.set_security_env = gemsafe_set_security_env; gemsafe_ops.decipher = gemsafe_decipher; gemsafe_ops.compute_signature = gemsafe_compute_signature; + gemsafe_ops.get_challenge = gemsafe_get_challenge; gemsafe_ops.process_fci = gemsafe_process_fci; gemsafe_ops.pin_cmd = gemsafe_pin_cmd; diff -Nru opensc-0.11.13/src/libopensc/card-gpk.c opensc-0.12.1/src/libopensc/card-gpk.c --- opensc-0.11.13/src/libopensc/card-gpk.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/card-gpk.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,15 +18,18 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" -#include "cardctl.h" -#include "pkcs15.h" -#ifdef ENABLE_OPENSSL +#include "config.h" +#ifdef ENABLE_OPENSSL /* empty file without openssl */ + #include #include #include #include +#include "internal.h" +#include "cardctl.h" +#include "pkcs15.h" + #define GPK_SEL_MF 0x00 #define GPK_SEL_DF 0x01 #define GPK_SEL_EF 0x02 @@ -114,7 +117,7 @@ i = _sc_match_atr(card, gpk_atrs, &card->type); if (i < 0) { - const u8 *hist_bytes = card->slot->atr_info.hist_bytes; + const u8 *hist_bytes = card->reader->atr_info.hist_bytes; /* Gemplus GPK docs say we can use just the * FMN and PRN fields of the historical bytes @@ -123,7 +126,7 @@ * We'll use the first 2 bytes as well */ - if ((card->slot->atr_info.hist_bytes_len >= 7) + if ((card->reader->atr_info.hist_bytes_len >= 7) && (hist_bytes[0] == 0x80) && (hist_bytes[1] == 0x65) && (hist_bytes[2] == 0xa2)) { /* FMN */ @@ -151,7 +154,7 @@ unsigned long exponent, flags, kg; unsigned char info[13]; - card->drv_data = priv = (struct gpk_private_data *) calloc(1, sizeof(*priv)); + card->drv_data = priv = calloc(1, sizeof(*priv)); if (card->drv_data == NULL) return SC_ERROR_OUT_OF_MEMORY; @@ -198,12 +201,8 @@ /* State that we have an RNG */ card->caps |= SC_CARD_CAP_RNG; - /* Make sure max send/receive size is 4 byte aligned. */ - card->max_send_size &= ~3; - if (card->max_recv_size >= 256) - card->max_recv_size = 252; - else - card->max_recv_size &= ~3; + /* Make sure max send/receive size is 4 byte aligned and <256. */ + card->max_recv_size = 252; return 0; } @@ -232,23 +231,23 @@ unsigned short int sw = (sw1 << 8) | sw2; if ((sw & 0xFFF0) == 0x63C0) { - sc_error(card->ctx, "wrong PIN, %u tries left\n", sw&0xf); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "wrong PIN, %u tries left\n", sw&0xf); return SC_ERROR_PIN_CODE_INCORRECT; } switch (sw) { case 0x6400: - sc_error(card->ctx, "wrong crypto context\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "wrong crypto context\n"); return SC_ERROR_OBJECT_NOT_VALID; /* XXX ??? */ /* The following are handled by iso7816_check_sw * but all return SC_ERROR_UNKNOWN_DATA_RECEIVED * XXX: fix in the iso driver? */ case 0x6983: - sc_error(card->ctx, "PIN is blocked\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "PIN is blocked\n"); return SC_ERROR_PIN_CODE_INCORRECT; case 0x6581: - sc_error(card->ctx, "out of space on card or file\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "out of space on card or file\n"); return SC_ERROR_OUT_OF_MEMORY; case 0x6981: return SC_ERROR_FILE_NOT_FOUND; @@ -541,9 +540,9 @@ } r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); /* Nothing we can say about it... invalidate * path cache */ @@ -571,15 +570,13 @@ u8 fbuf[2]; int r; - if (card->ctx->debug) - sc_debug(card->ctx, "gpk_select_id(0x%04X, kind=%u)\n", fid, kind); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "gpk_select_id(0x%04X, kind=%u)\n", fid, kind); fbuf[0] = fid >> 8; fbuf[1] = fid & 0xff; - sc_ctx_suppress_errors_on(card->ctx); r = gpk_select(card, kind, fbuf, 2, file); - sc_ctx_suppress_errors_off(card->ctx); /* Fix up the path cache. * NB we never cache the ID of an EF, just the DF path */ @@ -611,7 +608,7 @@ int locked = 0, r = 0, use_relative = 0, retry = 1; u8 leaf_type; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); /* Handle the AID case first */ if (path->type == SC_PATH_TYPE_DF_NAME) { @@ -662,7 +659,7 @@ } else { if (!locked++) { r = sc_lock(card); - SC_TEST_RET(card->ctx, r, "sc_lock() failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "sc_lock() failed"); } /* Do we need to select the MF first? */ @@ -670,7 +667,7 @@ r = gpk_select_id(card, GPK_SEL_MF, GPK_FID_MF, NULL); if (r) sc_unlock(card); - SC_TEST_RET(card->ctx, r, "Unable to select MF"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Unable to select MF"); /* Consume the MF FID if it's there */ if (pathptr[0] == GPK_FID_MF) { @@ -688,7 +685,7 @@ r = gpk_select_id(card, GPK_SEL_DF, pathptr[0], NULL); if (r) sc_unlock(card); - SC_TEST_RET(card->ctx, r, "Unable to select DF"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Unable to select DF"); pathptr++; pathlen--; } @@ -724,7 +721,7 @@ struct gpk_private_data *priv = DRVDATA(card); if (offset & priv->offset_mask) { - sc_error(card->ctx, "Invalid file offset (not a multiple of %d)", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Invalid file offset (not a multiple of %d)", priv->offset_mask + 1); return SC_ERROR_INVALID_ARGUMENTS; } @@ -739,7 +736,7 @@ struct gpk_private_data *priv = DRVDATA(card); if (offset & priv->offset_mask) { - sc_error(card->ctx, "Invalid file offset (not a multiple of %d)", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Invalid file offset (not a multiple of %d)", priv->offset_mask + 1); return SC_ERROR_INVALID_ARGUMENTS; } @@ -754,7 +751,7 @@ struct gpk_private_data *priv = DRVDATA(card); if (offset & priv->offset_mask) { - sc_error(card->ctx, "Invalid file offset (not a multiple of %d)", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Invalid file offset (not a multiple of %d)", priv->offset_mask + 1); return SC_ERROR_INVALID_ARGUMENTS; } @@ -821,8 +818,8 @@ { if (apdu->resplen < 3 || memcmp(apdu->resp + apdu->resplen - 3, crycks, 3)) { - if (card->ctx->debug) - sc_debug(card->ctx, "Invalid secure messaging reply\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "Invalid secure messaging reply\n"); return SC_ERROR_UNKNOWN_DATA_RECEIVED; } apdu->resplen -= 3; @@ -844,8 +841,8 @@ size_t datalen, namelen; int r; - if (card->ctx->debug) - sc_debug(card->ctx, "gpk_create_file(0x%04X)\n", file->id); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "gpk_create_file(0x%04X)\n", file->id); /* Prepare APDU */ memset(&apdu, 0, sizeof(apdu)); @@ -906,9 +903,9 @@ } r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); /* verify secure messaging response */ if (priv->key_set) @@ -977,7 +974,7 @@ u8 rnd[8], resp[258]; int r; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); if (buflen != 16) return SC_ERROR_INVALID_ARGUMENTS; @@ -996,12 +993,11 @@ apdu.resp = resp; apdu.resplen = sizeof(resp); apdu.le = 12; - apdu.sensitive = 1; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); if (apdu.resplen != 12) { r = SC_ERROR_UNKNOWN_DATA_RECEIVED; @@ -1046,7 +1042,7 @@ if (env->flags & SC_SEC_ENV_ALG_PRESENT) algorithm = env->algorithm; if (algorithm != SC_ALGORITHM_RSA) { - sc_error(card->ctx, "Algorithm not supported.\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Algorithm not supported.\n"); return SC_ERROR_NOT_SUPPORTED; } priv->sec_algorithm = algorithm; @@ -1054,7 +1050,7 @@ /* If there's a key reference, it must be 0 */ if ((env->flags & SC_SEC_ENV_KEY_REF_PRESENT) && (env->key_ref_len != 1 || env->key_ref[0] != 0)) { - sc_error(card->ctx, "Unknown key referenced.\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unknown key referenced.\n"); return SC_ERROR_NOT_SUPPORTED; } @@ -1067,7 +1063,7 @@ else if (env->flags & SC_ALGORITHM_RSA_PAD_ISO9796) priv->sec_padding = 2; else { - sc_error(card->ctx, "Padding algorithm not supported.\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Padding algorithm not supported.\n"); return SC_ERROR_NOT_SUPPORTED; } @@ -1090,7 +1086,7 @@ context = GPK_SIGN_RSA_MD5; priv->sec_hash_len = 16; } else { - sc_error(card->ctx, "Unsupported signature algorithm"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unsupported signature algorithm"); return SC_ERROR_NOT_SUPPORTED; } break; @@ -1098,38 +1094,38 @@ context = GPK_UNWRAP_RSA; break; default: - sc_error(card->ctx, "Crypto operation not supported.\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Crypto operation not supported.\n"); return SC_ERROR_NOT_SUPPORTED; } /* Get the file ID */ if (env->flags & SC_SEC_ENV_FILE_REF_PRESENT) { if (env->file_ref.len != 2) { - sc_error(card->ctx, "File reference: invalid length.\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "File reference: invalid length.\n"); return SC_ERROR_INVALID_ARGUMENTS; } file_id = (env->file_ref.value[0] << 8) | env->file_ref.value[1]; } else { - sc_error(card->ctx, "File reference missing.\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "File reference missing.\n"); return SC_ERROR_INVALID_ARGUMENTS; } /* Select the PK file. The caller has already selected * the DF. */ r = gpk_select_id(card, GPK_SEL_EF, file_id, NULL); - SC_TEST_RET(card->ctx, r, "Failed to select PK file"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Failed to select PK file"); /* Read the sys record of the PK file to find out the key length */ r = sc_read_record(card, 1, sysrec, sizeof(sysrec), SC_RECORD_BY_REC_NR); - SC_TEST_RET(card->ctx, r, "Failed to read PK sysrec"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Failed to read PK sysrec"); if (r != 7 || sysrec[0] != 0) { - sc_error(card->ctx, "First record of file is not the sysrec"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "First record of file is not the sysrec"); return SC_ERROR_OBJECT_NOT_VALID; } if (sysrec[5] != 0x00) { - sc_error(card->ctx, "Public key is not an RSA key"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Public key is not an RSA key"); return SC_ERROR_OBJECT_NOT_VALID; } switch (sysrec[1]) { @@ -1137,7 +1133,7 @@ case 0x10: priv->sec_mod_len = 768 / 8; break; case 0x11: priv->sec_mod_len = 1024 / 8; break; default: - sc_error(card->ctx, "Unsupported modulus length"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unsupported modulus length"); return SC_ERROR_OBJECT_NOT_VALID; } @@ -1150,9 +1146,9 @@ apdu.p2 = context; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); return r; } @@ -1216,9 +1212,9 @@ apdu.datalen = len + 2; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); chain = 0; } @@ -1237,7 +1233,7 @@ int r; r = reverse(tsegid, sizeof(tsegid), digest, len); - SC_TEST_RET(card->ctx, r, "Failed to reverse buffer"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Failed to reverse buffer"); memset(&apdu, 0, sizeof(apdu)); apdu.cse = SC_APDU_CASE_3_SHORT; @@ -1248,9 +1244,9 @@ apdu.datalen = len; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); return r; } @@ -1269,7 +1265,7 @@ int r; if (data_len > priv->sec_mod_len) { - sc_error(card->ctx, + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Data length (%u) does not match key modulus %u.\n", data_len, priv->sec_mod_len); return SC_ERROR_INTERNAL; @@ -1278,7 +1274,7 @@ return SC_ERROR_BUFFER_TOO_SMALL; r = gpk_init_hashed(card, data, data_len); - SC_TEST_RET(card->ctx, r, "Failed to send hash to card"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Failed to send hash to card"); /* Now sign the hash. * The GPK has Internal Authenticate and PK_Sign. I am not @@ -1300,14 +1296,14 @@ apdu.le = priv->sec_mod_len; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); /* The GPK returns the signature as little endian numbers. * Need to revert these */ r = reverse(out, outlen, cardsig, apdu.resplen); - SC_TEST_RET(card->ctx, r, "Failed to reverse signature"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Failed to reverse signature"); return r; } @@ -1330,7 +1326,7 @@ int r; if (inlen != priv->sec_mod_len) { - sc_error(card->ctx, + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Data length (%u) does not match key modulus %u.\n", inlen, priv->sec_mod_len); return SC_ERROR_INVALID_ARGUMENTS; @@ -1338,7 +1334,7 @@ /* First revert the cryptogram */ r = reverse(buffer, sizeof(buffer), in, inlen); - SC_TEST_RET(card->ctx, r, "Cryptogram too large"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Cryptogram too large"); in = buffer; sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0x1C, 0x00, 0x00); @@ -1349,16 +1345,15 @@ apdu.le = 256; /* give me all you got :) */ apdu.resp = buffer; apdu.resplen = sizeof(buffer); - apdu.sensitive = 1; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); /* Reverse the data we got back */ r = reverse(out, outlen, buffer, apdu.resplen); - SC_TEST_RET(card->ctx, r, "Failed to reverse buffer"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Failed to reverse buffer"); return r; } @@ -1374,7 +1369,7 @@ u8 offset; int r; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); switch (card->type) { case SC_CARD_TYPE_GPK_GPK4000_su256: case SC_CARD_TYPE_GPK_GPK4000_sdo: @@ -1403,12 +1398,12 @@ apdu.p2 = offset; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); priv->key_set = 0; - SC_FUNC_RETURN(card->ctx, 2, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); } /* @@ -1428,9 +1423,8 @@ u8 data[8], crycks[3], resp[3]; int r; - if (card->ctx->debug) - sc_debug(card->ctx, "gpk_lock(0x%04X, %u)\n", - file->id, args->operation); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "gpk_lock(0x%04X, %u)\n", file->id, args->operation); memset(data, 0, sizeof(data)); data[0] = file->id >> 8; @@ -1467,9 +1461,9 @@ } r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); if (priv->key_set) r = gpk_verify_crycks(card, &apdu, crycks); @@ -1486,8 +1480,8 @@ sc_apdu_t apdu; int r; - if (card->ctx->debug) - sc_debug(card->ctx, "gpk_pkfile_init(%u)\n", args->privlen); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "gpk_pkfile_init(%u)\n", args->privlen); memset(&apdu, 0, sizeof(apdu)); apdu.cse = SC_APDU_CASE_1; @@ -1497,9 +1491,9 @@ apdu.p2 = args->privlen / 4; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); return r; } @@ -1514,10 +1508,10 @@ int r; u8 buffer[256]; - if (card->ctx->debug) - sc_debug(card->ctx, "gpk_generate_key(%u)\n", args->privlen); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "gpk_generate_key(%u)\n", args->privlen); if (args->privlen != 512 && args->privlen != 1024) { - sc_error(card->ctx, + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Key generation not supported for key length %d", args->privlen); return SC_ERROR_NOT_SUPPORTED; @@ -1534,16 +1528,16 @@ apdu.resplen = 256; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); /* Return the public key, inverted. * The first two bytes must be stripped off. */ if (args->pubkey_len && apdu.resplen > 2) { r = reverse(args->pubkey, args->pubkey_len, buffer + 2, apdu.resplen - 2); - SC_TEST_RET(card->ctx, r, "Failed to reverse buffer"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Failed to reverse buffer"); args->pubkey_len = r; } @@ -1563,19 +1557,18 @@ int r = SC_SUCCESS, outl; EVP_CIPHER_CTX ctx; - sc_debug(card->ctx, "gpk_pkfile_load(fid=%04x, len=%d, datalen=%d)\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "gpk_pkfile_load(fid=%04x, len=%d, datalen=%d)\n", args->file->id, args->len, args->datalen); -#if 0 - if (card->ctx->debug > 5) { + if (0) { char buf[2048]; - sc_hex_dump(card->ctx, args->data, args->datalen, + sc_hex_dump(card->ctx, SC_LOG_DEBUG_NORMAL, + args->data, args->datalen, buf, sizeof(buf)); - sc_debug(card->ctx, "Sending %d bytes (cleartext):\n%s", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Sending %d bytes (cleartext):\n%s", args->datalen, buf); } -#endif memset(&apdu, 0, sizeof(apdu)); apdu.cse = SC_APDU_CASE_3_SHORT; @@ -1584,12 +1577,11 @@ apdu.p1 = args->file->id & 0x1F; apdu.p2 = args->len; apdu.lc = args->datalen; - apdu.sensitive = 1; /* encrypt the private key material */ assert(args->datalen <= sizeof(temp)); if (!priv->key_set) { - sc_error(card->ctx, "No secure messaging key set!\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "No secure messaging key set!\n"); return SC_ERROR_SECURITY_STATUS_NOT_SATISFIED; } @@ -1611,11 +1603,11 @@ priv->key_set = 0; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } /* @@ -1680,7 +1672,7 @@ * without collecting the response :) */ r = sc_lock(card); - SC_TEST_RET(card->ctx, r, "sc_lock() failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "sc_lock() failed"); do { memset(&apdu, 0, sizeof(apdu)); @@ -1694,7 +1686,7 @@ apdu.resplen = buflen; if ((r = sc_transmit_apdu(card, &apdu)) < 0) { - sc_error(card->ctx, "APDU transmit failed: %s", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "APDU transmit failed: %s", sc_strerror(r)); sc_unlock(card); return r; @@ -1703,7 +1695,7 @@ sc_unlock(card); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); return r; } @@ -1733,7 +1725,7 @@ apdu.lc = 0; apdu.datalen = 0; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00) return SC_ERROR_INTERNAL; /* cache serial number */ @@ -1838,7 +1830,6 @@ apdu->lc = 8; apdu->datalen = 8; apdu->data = sbuf; - apdu->sensitive = 1; return 0; } diff -Nru opensc-0.11.13/src/libopensc/card-ias.c opensc-0.12.1/src/libopensc/card-ias.c --- opensc-0.11.13/src/libopensc/card-ias.c 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/libopensc/card-ias.c 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,539 @@ +/* + * Driver for IAS based cards, e.g. Portugal's eID card. + * + * Copyright (C) 2009, Joao Poupino + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * Partially based on the ISO7816 driver. + * + * Thanks to Andre Cruz, Jorge Ferreira and Paulo F. Andrade + */ + +#include "config.h" + +#include +#include + +#include "internal.h" +#include "asn1.h" +#include "cardctl.h" + +/* Portugal eID uses 1024 bit keys */ +#define PTEID_RSA_KEYSIZE 128 + +#define DRVDATA(card) ((struct ias_priv_data *) ((card)->drv_data)) + +static struct sc_card_operations ias_ops; +static struct sc_card_operations *iso_ops = NULL; + +static struct sc_card_driver ias_drv = { + "IAS", + "ias", + &ias_ops, + NULL, 0, NULL +}; + +/* Known ATRs */ +static struct sc_atr_table ias_atrs[] = { + /* Portugal eID cards */ + {"3B:65:00:00:D0:00:54:01:31", NULL, NULL, SC_CARD_TYPE_IAS_PTEID, 0, NULL}, + {"3B:65:00:00:D0:00:54:01:32", NULL, NULL, SC_CARD_TYPE_IAS_PTEID, 0, NULL}, + {"3B:95:95:40:FF:D0:00:54:01:31", NULL, NULL, SC_CARD_TYPE_IAS_PTEID, 0, NULL}, + {"3B:95:95:40:FF:D0:00:54:01:32", NULL, NULL, SC_CARD_TYPE_IAS_PTEID, 0, NULL}, + {NULL, NULL, NULL, 0, 0, NULL} +}; + +/* Known AIDs */ +static const u8 ias_aid_pteid[] = {0x60, 0x46, 0x32, 0xFF, 0x00, 0x01, 0x02}; + +static int ias_select_applet(sc_card_t *card, const u8 *aid, size_t aid_len) +{ + int r; + sc_path_t tpath; + + memset(&tpath, 0, sizeof(sc_path_t)); + + tpath.type = SC_PATH_TYPE_DF_NAME; + tpath.len = aid_len; + memcpy(tpath.value, aid, aid_len); + r = iso_ops->select_file(card, &tpath, NULL); + if (r != SC_SUCCESS) { + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "unable to select applet"); + return r; + } + + return SC_SUCCESS; +} + +static int ias_init(sc_card_t *card) +{ + unsigned long flags; + + assert(card != NULL); + + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + card->name = "IAS"; + card->cla = 0x00; + + /* Card version detection */ + if (card->type == SC_CARD_TYPE_IAS_PTEID) { + int r = ias_select_applet(card, ias_aid_pteid, sizeof(ias_aid_pteid)); + if (r != SC_SUCCESS) + return r; + /* Add other cards if necessary */ + } else { + return SC_ERROR_INTERNAL; + } + + /* Set card capabilities */ + card->caps |= SC_CARD_CAP_RNG; + + /* Set the supported algorithms */ + flags = SC_ALGORITHM_RSA_PAD_PKCS1 | + SC_ALGORITHM_RSA_HASH_NONE; + + /* Only 1024 bit key sizes were tested */ + _sc_card_add_rsa_alg(card, 1024, flags, 0); + + return SC_SUCCESS; +} + +static int ias_match_card(sc_card_t *card) +{ + int i; + + i = _sc_match_atr(card, ias_atrs, &card->type); + if (i < 0) + return 0; + + return 1; +} + +static int ias_build_pin_apdu(sc_card_t *card, + sc_apdu_t *apdu, + struct sc_pin_cmd_data *data) +{ + static u8 sbuf[SC_MAX_APDU_BUFFER_SIZE]; + int r, len, pad, use_pin_pad, ins, p1; + + len = pad = use_pin_pad = p1 = 0; + assert(card != NULL); + + switch (data->pin_type) { + case SC_AC_CHV: + break; + default: + return SC_ERROR_INVALID_ARGUMENTS; + } + + if (data->flags & SC_PIN_CMD_USE_PINPAD) + use_pin_pad = 1; + /* "needs-padding" necessary for the PTEID card, + * but not defined in the pin structure + */ + if ((data->flags & SC_PIN_CMD_NEED_PADDING) || + card->type == SC_CARD_TYPE_IAS_PTEID) + pad = 1; + + data->pin1.offset = 5; + + switch (data->cmd) { + case SC_PIN_CMD_VERIFY: + ins = 0x20; + if ( (r = sc_build_pin(sbuf, sizeof(sbuf), &data->pin1, pad)) < 0) + return r; + len = r; + break; + case SC_PIN_CMD_CHANGE: + ins = 0x24; + if ((data->flags & SC_PIN_CMD_IMPLICIT_CHANGE) == 0 && + (data->pin1.len != 0 || use_pin_pad)) { + if ( (r = sc_build_pin(sbuf, sizeof(sbuf), &data->pin1, pad)) < 0) + return r; + len += r; + } else { + /* implicit test */ + p1 = 1; + } + data->pin2.offset = data->pin1.offset + len; + if ( (r = sc_build_pin(sbuf+len, sizeof(sbuf)-len, &data->pin2, pad)) < 0) + return r; + len += r; + break; + case SC_PIN_CMD_UNBLOCK: + ins = 0x2C; + if (data->pin1.len != 0 || use_pin_pad) { + if ( (r = sc_build_pin(sbuf, sizeof(sbuf), &data->pin1, pad)) < 0) + return r; + len += r; + } else { + p1 |= 0x02; + } + if (data->pin2.len != 0 || use_pin_pad) { + data->pin2.offset = data->pin1.offset + len; + if ( (r = sc_build_pin(sbuf+len, sizeof(sbuf)-len, &data->pin2, pad)) < 0) + return r; + len += r; + } else { + p1 |= 0x01; + } + break; + default: + return SC_ERROR_NOT_SUPPORTED; + } + + sc_format_apdu(card, apdu, SC_APDU_CASE_3_SHORT, ins, p1, data->pin_reference); + apdu->lc = len; + apdu->datalen = len; + apdu->data = sbuf; + apdu->resplen = 0; + + return SC_SUCCESS; +} + +static int ias_pin_cmd(sc_card_t *card, struct sc_pin_cmd_data *data, + int *tries_left) +{ + int r; + sc_apdu_t local_apdu; + + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + + /* Check if a PIN change operation is being requested, + * as it requires sending two separate APDUs + */ + if (data->cmd == SC_PIN_CMD_CHANGE) { + /* Build a SC_PIN_CMD_VERIFY APDU */ + data->cmd = SC_PIN_CMD_VERIFY; + r = ias_build_pin_apdu(card, &local_apdu, data); + if (r < 0) + return r; + data->apdu = &local_apdu; + r = iso_ops->pin_cmd(card, data, tries_left); + if (r < 0) + return r; + /* Continue processing */ + data->cmd = SC_PIN_CMD_CHANGE; + /* The IAS spec mandates an implicit change PIN operation */ + data->flags |= SC_PIN_CMD_IMPLICIT_CHANGE; + } + + r = ias_build_pin_apdu(card, &local_apdu, data); + if (r < 0) + return r; + data->apdu = &local_apdu; + + return iso_ops->pin_cmd(card, data, tries_left); +} + +static int ias_set_security_env(sc_card_t *card, + const sc_security_env_t *env, int se_num) +{ + int r; + sc_apdu_t apdu; + u8 sbuf[SC_MAX_APDU_BUFFER_SIZE]; + + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "ias_set_security_env, keyRef = 0x%0x, algo = 0x%0x\n", + *env->key_ref, env->algorithm_flags); + + assert(card != NULL && env != NULL); + + sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x22, 0x41, 0); + switch (env->operation) { + case SC_SEC_OPERATION_DECIPHER: + apdu.p2 = 0xB8; /* confidentiality template */ + sbuf[0] = 0x95; /* tag for usage qualifier byte */ + sbuf[1] = 0x01; /* tag length */ + sbuf[2] = 0x40; /* data decryption */ + sbuf[3] = 0x84; /* tag for private key reference */ + sbuf[4] = 0x01; /* tag length */ + sbuf[5] = *env->key_ref; /* key reference */ + sbuf[6] = 0x80; /* tag for algorithm reference */ + sbuf[7] = 0x01; /* tag length */ + if (env->algorithm_flags & SC_ALGORITHM_RSA_PAD_PKCS1) + sbuf[8] = 0x1A; /* RSA PKCS#1 with no data formatting */ + else { + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Set Sec Env: unsupported algo 0X%0X\n", + env->algorithm_flags); + return SC_ERROR_INVALID_ARGUMENTS; + } + apdu.lc = 9; + apdu.datalen = 9; + break; + case SC_SEC_OPERATION_SIGN: + apdu.p2 = 0xA4; /* authentication template */ + sbuf[0] = 0x95; /* tag for usage qualifier byte */ + sbuf[1] = 0x01; /* tag length */ + sbuf[2] = 0x40; /* internal authentication */ + sbuf[3] = 0x84; /* tag for private key reference */ + sbuf[4] = 0x01; /* tag length */ + sbuf[5] = *env->key_ref; /* key reference */ + sbuf[6] = 0x80; /* tag for algorithm reference */ + sbuf[7] = 0x01; /* tag length */ + if (env->algorithm_flags & SC_ALGORITHM_RSA_PAD_PKCS1) + sbuf[8] = 0x02; /* RSA PKCS#1 with no data formatting */ + else { + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Set Sec Env: unsupported algo 0X%0X\n", + env->algorithm_flags); + return SC_ERROR_INVALID_ARGUMENTS; + } + apdu.lc = 9; + apdu.datalen = 9; + break; + default: + return SC_ERROR_INVALID_ARGUMENTS; + } + apdu.le = 0; + apdu.data = sbuf; + apdu.resplen = 0; + + r = sc_transmit_apdu(card, &apdu); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Set Security Env APDU transmit failed"); + + r = sc_check_sw(card, apdu.sw1, apdu.sw2); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card's Set Security Env command returned error"); + + return r; +} + +static int ias_compute_signature(sc_card_t *card, const u8 * data, + size_t data_len, u8 * out, size_t outlen) +{ + int r; + size_t len = 0; + sc_apdu_t apdu; + u8 sbuf[SC_MAX_APDU_BUFFER_SIZE]; + sc_context_t *ctx = card->ctx; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + + if (data_len > 64) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "error: input data too long: %lu bytes\n", data_len); + return SC_ERROR_INVALID_ARGUMENTS; + } + + /* Send the data */ + sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x88, 0x02, 0x00); + memcpy(sbuf, data, data_len); + apdu.data = sbuf; + apdu.lc = data_len; + apdu.datalen = data_len; + + r = sc_transmit_apdu(card, &apdu); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); + + /* Get the result */ + if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00) { + len = card->type == SC_CARD_TYPE_IAS_PTEID ? PTEID_RSA_KEYSIZE : outlen; + r = iso_ops->get_response(card, &len, out); + if (r == 0) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, len); + else + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); + } + + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); +} + +static int ias_select_file(sc_card_t *card, const sc_path_t *in_path, + sc_file_t **file_out) +{ + int r, pathlen, stripped_len; + u8 buf[SC_MAX_APDU_BUFFER_SIZE]; + u8 pathbuf[SC_MAX_PATH_SIZE], *path; + sc_apdu_t apdu; + sc_file_t *file; + + stripped_len = 0; + path = pathbuf; + file = NULL; + + assert(card != NULL && in_path != NULL); + + if (in_path->len > SC_MAX_PATH_SIZE) + return SC_ERROR_INVALID_ARGUMENTS; + memcpy(path, in_path->value, in_path->len); + pathlen = in_path->len; + + sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0xA4, 0, 0); + apdu.p2 = 0; /* First record, return FCI */ + + switch (in_path->type) { + case SC_PATH_TYPE_FILE_ID: + apdu.p1 = 2; + if (pathlen != 2) + return SC_ERROR_INVALID_ARGUMENTS; + break; + case SC_PATH_TYPE_DF_NAME: + apdu.p1 = 4; + break; + case SC_PATH_TYPE_PATH: + apdu.p1 = 9; + /* Strip the MF */ + if (pathlen >= 2 && memcmp(path, "\x3f\x00", 2) == 0) { + if (pathlen == 2) { /* Only 3f00 provided */ + apdu.p1 = 0; + break; + } + path += 2; + pathlen -= 2; + } + /* Optimization based on the normal Portuguese eID usage pattern: + * paths with len >= 4 shall be stripped - this avoids unnecessary + * "file not found" errors. Other cards may benefit from this also. + * + * This works perfectly for the Portuguese eID card, but if you + * are adapting this driver to another card, "false positives" may + * occur depending, of course, on the file structure of the card. + * + * Please have this in mind if adapting this driver to another card. + */ + if (pathlen >= 4) { + stripped_len = pathlen - 2; + path += stripped_len; + pathlen = 2; + } else if (pathlen == 2) { + apdu.p1 = 0; + } + break; + case SC_PATH_TYPE_FROM_CURRENT: + apdu.p1 = 9; + break; + case SC_PATH_TYPE_PARENT: + apdu.p1 = 3; + apdu.p2 = 0x0C; + pathlen = 0; + apdu.cse = SC_APDU_CASE_2_SHORT; + break; + default: + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); + } + + apdu.lc = pathlen; + apdu.data = path; + apdu.datalen = pathlen; + + if (file_out != NULL) { + apdu.resp = buf; + apdu.resplen = sizeof(buf); + apdu.le = 256; + } else { + apdu.p2 = 0x0C; + apdu.cse = (apdu.lc == 0) ? SC_APDU_CASE_1 : SC_APDU_CASE_3_SHORT; + } + + r = sc_transmit_apdu(card, &apdu); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); + if (file_out == NULL) { + if (apdu.sw1 == 0x61) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, 0); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); + } + + /* A "file not found" error was received, this can mean two things: + * 1) the file does not exist + * 2) the current DF may be incorrect due to the optimization applied + * earlier. If the path was previously stripped, select the first DF + * and try to re-select the path with the full value. + */ + if (stripped_len > 0 && apdu.sw1 == 0x6A && apdu.sw2 == 0x82) { + sc_path_t tpath; + + /* Restore original path value */ + path -= stripped_len; + pathlen += stripped_len; + + memset(&tpath, 0, sizeof(sc_path_t)); + tpath.type = SC_PATH_TYPE_PATH; + tpath.len = 2; + tpath.value[0] = path[0]; + tpath.value[1] = path[1]; + + /* Go up in the hierarchy to the correct DF */ + r = ias_select_file(card, &tpath, NULL); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Error selecting parent."); + + /* We're now in the right place, reconstruct the APDU and retry */ + path += 2; + pathlen -= 2; + apdu.lc = pathlen; + apdu.data = path; + apdu.datalen = pathlen; + + if (file_out != NULL) + apdu.resplen = sizeof(buf); + + r = sc_transmit_apdu(card, &apdu); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); + if (file_out == NULL) { + if (apdu.sw1 == 0x61) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, 0); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); + } + } + + r = sc_check_sw(card, apdu.sw1, apdu.sw2); + if (r) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); + + if (apdu.resplen < 2) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_UNKNOWN_DATA_RECEIVED); + switch (apdu.resp[0]) { + case 0x6F: + file = sc_file_new(); + if (file == NULL) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); + file->path = *in_path; + if (card->ops->process_fci == NULL) { + sc_file_free(file); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_NOT_SUPPORTED); + } + if ((size_t)apdu.resp[1] + 2 <= apdu.resplen) + card->ops->process_fci(card, file, apdu.resp+2, apdu.resp[1]); + *file_out = file; + break; + case 0x00: /* proprietary coding */ + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_UNKNOWN_DATA_RECEIVED); + default: + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_UNKNOWN_DATA_RECEIVED); + } + + return SC_SUCCESS; +} + +static struct sc_card_driver *sc_get_driver(void) +{ + struct sc_card_driver *iso_drv = sc_get_iso7816_driver(); + + if (iso_ops == NULL) + iso_ops = iso_drv->ops; + /* Use the standard iso operations as default */ + ias_ops = *iso_drv->ops; + /* IAS specific functions */ + ias_ops.select_file = ias_select_file; + ias_ops.match_card = ias_match_card; + ias_ops.init = ias_init; + ias_ops.set_security_env = ias_set_security_env; + ias_ops.compute_signature = ias_compute_signature; + ias_ops.pin_cmd = ias_pin_cmd; + + return &ias_drv; +} + +struct sc_card_driver *sc_get_ias_driver(void) +{ + return sc_get_driver(); +} diff -Nru opensc-0.11.13/src/libopensc/card-iasecc.c opensc-0.12.1/src/libopensc/card-iasecc.c --- opensc-0.11.13/src/libopensc/card-iasecc.c 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/libopensc/card-iasecc.c 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,3227 @@ +/* + * card-iasecc.c: Support for IAS/ECC smart cards + * + * Copyright (C) 2010 Viktor Tarasov + * OpenTrust + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#ifdef ENABLE_OPENSSL /* empty file without openssl */ + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "internal.h" +#include "asn1.h" +#include "cardctl.h" +#include "opensc.h" +/* #include "sm.h" */ +#include "pkcs15.h" +/* #include "hash-strings.h" */ + +#include "iasecc.h" + +#define ALLOW_IGNORE_EXTERNAL_AUTHENTICATION + +#define IASECC_CARD_DEFAULT_FLAGS ( 0 \ + | SC_ALGORITHM_ONBOARD_KEY_GEN \ + | SC_ALGORITHM_RSA_PAD_ISO9796 \ + | SC_ALGORITHM_RSA_PAD_PKCS1 \ + | SC_ALGORITHM_RSA_HASH_NONE \ + | SC_ALGORITHM_RSA_HASH_SHA1 \ + | SC_ALGORITHM_RSA_HASH_SHA256) + +/* generic iso 7816 operations table */ +static const struct sc_card_operations *iso_ops = NULL; + +/* our operations table with overrides */ +static struct sc_card_operations iasecc_ops; + +static struct sc_card_driver iasecc_drv = { + "IAS-ECC", + "iasecc", + &iasecc_ops, + NULL, 0, NULL +}; + +static struct sc_atr_table iasecc_known_atrs[] = { + { "3B:7F:96:00:00:00:31:B8:64:40:70:14:10:73:94:01:80:82:90:00", + "FF:FF:FF:FF:FF:FF:FF:FE:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF", + "IAS/ECC Gemalto", SC_CARD_TYPE_IASECC_GEMALTO, 0, NULL }, + { "3B:DD:18:00:81:31:FE:45:80:F9:A0:00:00:00:77:01:08:00:07:90:00:FE", NULL, + "IAS/ECC v1.0.1 Oberthur", SC_CARD_TYPE_IASECC_OBERTHUR, 0, NULL }, + { "3B:7D:13:00:00:4D:44:57:2D:49:41:53:2D:43:41:52:44:32", NULL, + "IAS/ECC v1.0.1 Sagem MDW-IAS-CARD2", SC_CARD_TYPE_IASECC_SAGEM, 0, NULL }, + { "3B:7F:18:00:00:00:31:B8:64:50:23:EC:C1:73:94:01:80:82:90:00", NULL, + "IAS/ECC v1.0.1 Sagem ypsID S3", SC_CARD_TYPE_IASECC_SAGEM, 0, NULL }, + { NULL, NULL, NULL, 0, 0, NULL } +}; + +static struct sc_aid GlobalPlatform_CardManager_AID = { + { 0xA0,0x00,0x00,0x00,0x03,0x00,0x00}, 7 +}; +static struct sc_aid GlobalPlatform_ISD_Default_RID = { + { 0xA0,0x00,0x00,0x01,0x51,0x00,0x00}, 7 +}; +static struct sc_aid OberthurIASECC_AID = { + {0xA0,0x00,0x00,0x00,0x77,0x01,0x08,0x00,0x07,0x00,0x00,0xFE,0x00,0x00,0x01,0x00}, 16 +}; + +struct iasecc_pin_status { + unsigned char sha1[SHA_DIGEST_LENGTH]; + unsigned char reference; + + struct iasecc_pin_status *next; + struct iasecc_pin_status *prev; +}; + +struct iasecc_pin_status *checked_pins = NULL; + +static int iasecc_select_file(struct sc_card *card, const struct sc_path *path, struct sc_file **file_out); +static int iasecc_process_fci(struct sc_card *card, struct sc_file *file, const unsigned char *buf, size_t buflen); +static int iasecc_get_serialnr(struct sc_card *card, struct sc_serial_number *serial); +static int iasecc_sdo_get_data(struct sc_card *card, struct iasecc_sdo *sdo); +static int iasecc_pin_get_policy (struct sc_card *card, struct sc_pin_cmd_data *data); +static int iasecc_pin_is_verified(struct sc_card *card, struct sc_pin_cmd_data *pin_cmd, int *tries_left); +static int iasecc_get_free_reference(struct sc_card *card, struct iasecc_ctl_get_free_reference *ctl_data); +static int iasecc_sdo_put_data(struct sc_card *card, struct iasecc_sdo_update *update); + + +static int +iasecc_chv_cache_verified(struct sc_card *card, struct sc_pin_cmd_data *pin_cmd) +{ + struct sc_context *ctx = card->ctx; + struct iasecc_pin_status *pin_status = NULL, *current = NULL; + + LOG_FUNC_CALLED(ctx); + + for(current = checked_pins; current; current = current->next) + if (current->reference == pin_cmd->pin_reference) + break; + + if (current) { + sc_log(ctx, "iasecc_chv_cache_verified() current PIN-%i", current->reference); + pin_status = current; + } + else { + pin_status = calloc(1, sizeof(struct iasecc_pin_status)); + if (!pin_status) + LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot callocate PIN status info"); + sc_log(ctx, "iasecc_chv_cache_verified() allocated %p", pin_status); + } + + pin_status->reference = pin_cmd->pin_reference; + if (pin_cmd->pin1.data) + SHA1(pin_cmd->pin1.data, pin_cmd->pin1.len, pin_status->sha1); + else + memset(pin_status->sha1, 0, SHA_DIGEST_LENGTH); + + sc_log(ctx, "iasecc_chv_cache_verified() sha1(PIN): %s", sc_dump_hex(pin_status->sha1, SHA_DIGEST_LENGTH)); + + if (!current) { + if (!checked_pins) { + checked_pins = pin_status; + } + else { + checked_pins->prev = pin_status; + pin_status->next = checked_pins; + checked_pins = pin_status; + } + } + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static int +iasecc_chv_cache_clean(struct sc_card *card, struct sc_pin_cmd_data *pin_cmd) +{ + struct sc_context *ctx = card->ctx; + struct iasecc_pin_status *current = NULL; + + LOG_FUNC_CALLED(ctx); + + for(current = checked_pins; current; current = current->next) + if (current->reference == pin_cmd->pin_reference) + break; + + if (!current) + LOG_FUNC_RETURN(ctx, SC_SUCCESS); + + + if (current->next && current->prev) { + current->prev->next = current->next; + current->next->prev = current->prev; + } + else if (!current->prev) { + checked_pins = current->next; + } + else if (!current->next && current->prev) { + current->prev->next = NULL; + } + + free(current); + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static struct iasecc_pin_status * +iasecc_chv_cache_is_verified(struct sc_card *card, struct sc_pin_cmd_data *pin_cmd) +{ + struct sc_context *ctx = card->ctx; + struct iasecc_pin_status *current = NULL; + unsigned char data_sha1[SHA_DIGEST_LENGTH]; + + LOG_FUNC_CALLED(ctx); + + if (pin_cmd->pin1.data) + SHA1(pin_cmd->pin1.data, pin_cmd->pin1.len, data_sha1); + else + memset(data_sha1, 0, SHA_DIGEST_LENGTH); + sc_log(ctx, "data_sha1: %s", sc_dump_hex(data_sha1, SHA_DIGEST_LENGTH)); + + for(current = checked_pins; current; current = current->next) + if (current->reference == pin_cmd->pin_reference) + break; + + if (current && !memcmp(data_sha1, current->sha1, SHA_DIGEST_LENGTH)) { + sc_log(ctx, "PIN-%i status 'verified'", pin_cmd->pin_reference); + return current; + } + + sc_log(ctx, "PIN-%i status 'not verified'", pin_cmd->pin_reference); + return NULL; +} + + +static int +iasecc_select_mf(struct sc_card *card, struct sc_file **file_out) +{ + struct sc_context *ctx = card->ctx; + struct sc_path path; + int rv; + + LOG_FUNC_CALLED(ctx); + + if (file_out) + *file_out = NULL; + + memset(&path, 0, sizeof(struct sc_path)); + if (!card->ef_atr || !card->ef_atr->aid.len) { + sc_format_path("3F00", &path); + path.type = SC_PATH_TYPE_FILE_ID; + rv = iso_ops->select_file(card, &path, file_out); + } + else { + path.type = SC_PATH_TYPE_DF_NAME; + memcpy(path.value, card->ef_atr->aid.value, card->ef_atr->aid.len); + path.len = card->ef_atr->aid.len; + rv = iasecc_select_file(card, &path, file_out); + LOG_TEST_RET(ctx, rv, "Unable to ROOT selection"); + + /* When selecting Root DF Oberthur's IAS/ECC card do not returns FCI data */ + if (file_out && *file_out == NULL) { + struct sc_file *mf_file = sc_file_new(); + if (mf_file == NULL) + LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot allocate MF file"); + mf_file->type = SC_FILE_TYPE_DF; + mf_file->path = path; + + *file_out = mf_file; + } + } + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +iasecc_select_aid(struct sc_card *card, struct sc_aid *aid, unsigned char *out, size_t *out_len) +{ + struct sc_apdu apdu; + unsigned char apdu_resp[SC_MAX_APDU_BUFFER_SIZE]; + int rv; + + /* Select application (deselect previously selected application) */ + sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xA4, 0x04, 0x00); + apdu.lc = aid->len; + apdu.data = aid->value; + apdu.datalen = aid->len; + apdu.resplen = sizeof(apdu_resp); + apdu.resp = apdu_resp; + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(card->ctx, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + LOG_TEST_RET(card->ctx, rv, "Cannot select AID"); + + if (*out_len < apdu.resplen) + LOG_TEST_RET(card->ctx, SC_ERROR_BUFFER_TOO_SMALL, "Cannot select AID"); + memcpy(out, apdu.resp, apdu.resplen); + + return SC_SUCCESS; +} + + +static int +iasecc_match_card(struct sc_card *card) +{ + struct sc_context *ctx = card->ctx; + int i; + + sc_log(ctx, "iasecc_match_card(%s) called", sc_dump_hex(card->atr.value, card->atr.len)); + i = _sc_match_atr(card, iasecc_known_atrs, &card->type); + if (i < 0) { + sc_log(ctx, "card not matched"); + return 0; + } + + sc_log(ctx, "'%s' card matched", iasecc_known_atrs[i].name); + return 1; +} + + +static int iasecc_parse_ef_atr(struct sc_card *card) +{ + struct sc_context *ctx = card->ctx; + struct iasecc_private_data *pdata = (struct iasecc_private_data *) card->drv_data; + struct iasecc_version *version = &pdata->version; + struct iasecc_io_buffer_sizes *sizes = &pdata->max_sizes; + int rv; + + LOG_FUNC_CALLED(ctx); + rv = sc_parse_ef_atr(card); + LOG_TEST_RET(ctx, rv, "MF selection error"); + + if (card->ef_atr->pre_issuing_len < 4) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Invalid pre-issuing data"); + + version->ic_manufacturer = card->ef_atr->pre_issuing[0]; + version->ic_type = card->ef_atr->pre_issuing[1]; + version->os_version = card->ef_atr->pre_issuing[2]; + version->iasecc_version = card->ef_atr->pre_issuing[3]; + sc_log(ctx, "EF.ATR: IC manufacturer/type %X/%X, OS/IasEcc versions %X/%X", + version->ic_manufacturer, version->ic_type, version->os_version, version->iasecc_version); + + if (card->ef_atr->issuer_data_len < 16) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Invalid issuer data"); + + sizes->send = card->ef_atr->issuer_data[2] * 0x100 + card->ef_atr->issuer_data[3]; + sizes->send_sc = card->ef_atr->issuer_data[6] * 0x100 + card->ef_atr->issuer_data[7]; + sizes->recv = card->ef_atr->issuer_data[10] * 0x100 + card->ef_atr->issuer_data[11]; + sizes->recv_sc = card->ef_atr->issuer_data[14] * 0x100 + card->ef_atr->issuer_data[15]; + + card->max_send_size = sizes->send; + card->max_recv_size = sizes->recv; + + /* Most of the card producers interpret 'send' values as "maximum APDU data size". + * Oberthur strictly follows specification and interpret these values as "maximum APDU command size". + * Here we need 'data size'. + */ + if (card->max_send_size > 0xFF) + card->max_send_size -= 5; + + sc_log(ctx, "EF.ATR: max send/recv sizes %X/%X", card->max_send_size, card->max_recv_size); + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static int +iasecc_init_gemalto(struct sc_card *card) +{ + struct sc_context *ctx = card->ctx; + struct sc_path path; + unsigned int flags; + int rv = 0; + + LOG_FUNC_CALLED(ctx); + + flags = IASECC_CARD_DEFAULT_FLAGS; + + _sc_card_add_rsa_alg(card, 1024, flags, 0x10001); + _sc_card_add_rsa_alg(card, 2048, flags, 0x10001); + + card->caps = SC_CARD_CAP_RNG; + card->caps |= SC_CARD_CAP_APDU_EXT; + card->caps |= SC_CARD_CAP_USE_FCI_AC; + + sc_format_path("3F00", &path); + sc_select_file(card, &path, NULL); + + rv = iasecc_parse_ef_atr(card); + sc_log(ctx, "rv %i", rv); + if (rv == SC_ERROR_FILE_NOT_FOUND) { + sc_log(ctx, "Select MF"); + rv = iasecc_select_mf(card, NULL); + sc_log(ctx, "rv %i", rv); + LOG_TEST_RET(ctx, rv, "MF selection error"); + + rv = iasecc_parse_ef_atr(card); + sc_log(ctx, "rv %i", rv); + } + sc_log(ctx, "rv %i", rv); + LOG_TEST_RET(ctx, rv, "Cannot read/parse EF.ATR"); + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static int +iasecc_oberthur_match(struct sc_card *card) +{ + struct sc_context *ctx = card->ctx; + unsigned char *hist = card->reader->atr_info.hist_bytes; + + LOG_FUNC_CALLED(ctx); + + if (*hist != 0x80 || ((*(hist+1)&0xF0) != 0xF0)) + LOG_FUNC_RETURN(ctx, SC_ERROR_OBJECT_NOT_FOUND); + + sc_log(ctx, "AID in historical_bytes '%s'", sc_dump_hex(hist + 2, *(hist+1) & 0x0F)); + + if (memcmp(hist + 2, OberthurIASECC_AID.value, *(hist+1) & 0x0F)) + LOG_FUNC_RETURN(ctx, SC_ERROR_RECORD_NOT_FOUND); + + if (!card->ef_atr) + card->ef_atr = calloc(1, sizeof(struct sc_ef_atr)); + if (!card->ef_atr) + LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY); + + memcpy(card->ef_atr->aid.value, OberthurIASECC_AID.value, OberthurIASECC_AID.len); + card->ef_atr->aid.len = OberthurIASECC_AID.len; + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static int +iasecc_init_oberthur(struct sc_card *card) +{ + struct sc_context *ctx = card->ctx; + unsigned char resp[0x100]; + size_t resp_len; + unsigned int flags; + int rv = 0; + + LOG_FUNC_CALLED(ctx); + + flags = IASECC_CARD_DEFAULT_FLAGS; + + _sc_card_add_rsa_alg(card, 1024, flags, 0x10001); + _sc_card_add_rsa_alg(card, 2048, flags, 0x10001); + + card->caps = SC_CARD_CAP_RNG; + card->caps |= SC_CARD_CAP_APDU_EXT; + card->caps |= SC_CARD_CAP_USE_FCI_AC; + + iasecc_parse_ef_atr(card); + + resp_len = sizeof(resp); + if (iasecc_select_aid(card, &GlobalPlatform_CardManager_AID, resp, &resp_len)) { + resp_len = sizeof(resp); + iasecc_select_aid(card, &GlobalPlatform_ISD_Default_RID, resp, &resp_len); + } + + rv = iasecc_oberthur_match(card); + LOG_TEST_RET(ctx, rv, "unknown Oberthur's IAS/ECC card"); + + rv = iasecc_select_mf(card, NULL); + LOG_TEST_RET(ctx, rv, "MF selection error"); + + rv = iasecc_parse_ef_atr(card); + LOG_TEST_RET(ctx, rv, "EF.ATR read or parse error"); + + sc_log(ctx, "EF.ATR(aid:'%s')", sc_dump_hex(card->ef_atr->aid.value, card->ef_atr->aid.len)); + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +iasecc_init_sagem(struct sc_card *card) +{ + struct sc_context *ctx = card->ctx; + unsigned int flags; + int rv = 0; + + LOG_FUNC_CALLED(ctx); + + flags = IASECC_CARD_DEFAULT_FLAGS; + + _sc_card_add_rsa_alg(card, 1024, flags, 0x10001); + _sc_card_add_rsa_alg(card, 2048, flags, 0x10001); + + card->caps = SC_CARD_CAP_RNG; + card->caps |= SC_CARD_CAP_APDU_EXT; + card->caps |= SC_CARD_CAP_USE_FCI_AC; + + rv = iasecc_parse_ef_atr(card); + if (rv == SC_ERROR_FILE_NOT_FOUND) { + rv = iasecc_select_mf(card, NULL); + LOG_TEST_RET(ctx, rv, "MF selection error"); + + rv = iasecc_parse_ef_atr(card); + } + LOG_TEST_RET(ctx, rv, "ECC: ATR parse failed"); + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static int +iasecc_init(struct sc_card *card) +{ + struct sc_context *ctx = card->ctx; + struct iasecc_private_data *private_data = NULL; + int ii, rv = SC_ERROR_NO_CARD_SUPPORT; + + LOG_FUNC_CALLED(ctx); + private_data = (struct iasecc_private_data *) calloc(1, sizeof(struct iasecc_private_data)); + if (private_data == NULL) + LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY); + + for(ii=0;iasecc_known_atrs[ii].atr;ii++) { + if (card->type == iasecc_known_atrs[ii].type) { + card->name = iasecc_known_atrs[ii].name; + card->flags = iasecc_known_atrs[ii].flags; + break; + } + } + + if (!iasecc_known_atrs[ii].atr) + LOG_FUNC_RETURN(ctx, SC_ERROR_NO_CARD_SUPPORT); + + card->cla = 0x00; + card->drv_data = private_data; + + if (card->type == SC_CARD_TYPE_IASECC_GEMALTO) + rv = iasecc_init_gemalto(card); + else if (card->type == SC_CARD_TYPE_IASECC_OBERTHUR) + rv = iasecc_init_oberthur(card); + else if (card->type == SC_CARD_TYPE_IASECC_SAGEM) + rv = iasecc_init_sagem(card); + + if (!rv) { + if (card->ef_atr && card->ef_atr->aid.len) { + struct sc_path path; + + memset(&path, 0, sizeof(struct sc_path)); + path.type = SC_PATH_TYPE_DF_NAME; + memcpy(path.value, card->ef_atr->aid.value, card->ef_atr->aid.len); + path.len = card->ef_atr->aid.len; + + rv = iasecc_select_file(card, &path, NULL); + sc_log(ctx, "Select ECC ROOT with the AID from EF.ATR: rv %i", rv); + LOG_TEST_RET(ctx, rv, "Select EF.ATR AID failed"); + } + + rv = iasecc_get_serialnr(card, NULL); + } + + sc_log(ctx, "EF.ATR(aid:'%s')", sc_dump_hex(card->ef_atr->aid.value, card->ef_atr->aid.len)); + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +iasecc_read_binary(struct sc_card *card, unsigned int offs, + unsigned char *buf, size_t count, unsigned long flags) +{ + struct sc_context *ctx = card->ctx; + struct sc_apdu apdu; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "iasecc_read_binary(card:%p) offs %i; count %i", card, offs, count); + if (offs > 0x7fff) { + sc_log(ctx, "invalid EF offset: 0x%X > 0x7FFF", offs); + return SC_ERROR_OFFSET_TOO_LARGE; + } + + sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xB0, (offs >> 8) & 0x7F, offs & 0xFF); + apdu.le = count < 0x100 ? count : 0x100; + apdu.resplen = count; + apdu.resp = buf; + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(ctx, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + LOG_TEST_RET(ctx, rv, "iasecc_read_binary() failed"); +/* + if (apdu.resplen == 0) + SC_FUNC_RETURN(ctx, 2, sc_check_sw(card, apdu.sw1, apdu.sw2)); +*/ + sc_log(ctx, "iasecc_read_binary() apdu.resplen %i", apdu.resplen); + + if (apdu.resplen == IASECC_READ_BINARY_LENGTH_MAX && apdu.resplen < count) { + rv = iasecc_read_binary(card, offs + apdu.resplen, buf + apdu.resplen, count - apdu.resplen, flags); + if (rv != SC_ERROR_WRONG_LENGTH) { + LOG_TEST_RET(ctx, rv, "iasecc_read_binary() read tail failed"); + apdu.resplen += rv; + } + } + + LOG_FUNC_RETURN(ctx, apdu.resplen); +} + + +static int +iasecc_erase_binary(struct sc_card *card, unsigned int offs, size_t count, unsigned long flags) +{ + struct sc_context *ctx = card->ctx; + const struct sc_acl_entry *entry = NULL; + unsigned char buf_zero[0x400]; + size_t sz; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "iasecc_erase_binary(card:%p) count %i", card, count); + if (!count) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "'ERASE BINARY' with ZERO count not supported"); + + sc_print_cache(card); + + if (card->cache.valid && card->cache.current_ef) { + entry = sc_file_get_acl_entry(card->cache.current_ef, SC_AC_OP_UPDATE); + sc_log(ctx, "UPDATE method/reference %X/%X", entry->method, entry->key_ref); + + if (entry->method == SC_AC_SCB && (entry->key_ref & IASECC_SCB_METHOD_SM)) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Not yet"); + } + + + memset(buf_zero, 0, sizeof(buf_zero)); + while (count) { + sc_log(ctx, "count %i, max_send_size %i", count, card->max_send_size); + sz = count > card->max_send_size ? card->max_send_size : count; + + rv = iso_ops->update_binary(card, offs, buf_zero, sz, flags); + LOG_TEST_RET(ctx, rv, "write empty buffer failed"); + + offs += sz; + count -= sz; + } + + rv = SC_SUCCESS; + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +iasecc_emulate_fcp(struct sc_context *ctx, struct sc_apdu *apdu) +{ + unsigned char dummy_df_fcp[] = { + 0x62,0xFF, + 0x82,0x01,0x38, + 0x8A,0x01,0x05, + 0xA1,0x04,0x8C,0x02,0x02,0x00, + 0x84,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF + }; + + LOG_FUNC_CALLED(ctx); + + if (apdu->p1 != 0x04) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "FCP emulation supported only for the DF-NAME selection type"); + if (apdu->datalen > 16) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Invalid DF-NAME length"); + if (apdu->resplen < apdu->datalen + 16) + LOG_TEST_RET(ctx, SC_ERROR_BUFFER_TOO_SMALL, "not enough space for FCP data"); + + memcpy(dummy_df_fcp + 16, apdu->data, apdu->datalen); + dummy_df_fcp[15] = apdu->datalen; + dummy_df_fcp[1] = apdu->datalen + 14; + memcpy(apdu->resp, dummy_df_fcp, apdu->datalen + 16); + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + +static int +iasecc_select_file(struct sc_card *card, const struct sc_path *path, + struct sc_file **file_out) +{ + struct sc_context *ctx = card->ctx; + struct sc_path lpath; + int rv, ii; + + LOG_FUNC_CALLED(ctx); + memcpy(&lpath, path, sizeof(struct sc_path)); + + sc_log(ctx, "iasecc_select_file(card:%p) path.len %i; path.type %i; aid_len %i", + card, path->len, path->type, path->aid.len); + sc_log(ctx, "iasecc_select_file() path:%s", sc_print_path(path)); + + sc_print_cache(card); + if (lpath.len >= 2 && lpath.value[0] == 0x3F && lpath.value[1] == 0x00) { + struct sc_path mfpath; + + memset(&mfpath, 0, sizeof(struct sc_path)); + sc_log(ctx, "EF.ATR(aid:'%s')", card->ef_atr ? sc_dump_hex(card->ef_atr->aid.value, card->ef_atr->aid.len) : ""); + + rv = iasecc_select_mf(card, file_out); + LOG_TEST_RET(ctx, rv, "MF selection error"); + + if (lpath.len >= 2 && lpath.value[0] == 0x3F && lpath.value[1] == 0x00) { + memcpy(&lpath.value[0], &lpath.value[2], lpath.len - 2); + lpath.len -= 2; + } + } + + if (lpath.aid.len) { + struct sc_file *file = NULL; + struct sc_path ppath; + + sc_log(ctx, "iasecc_select_file() select parent AID:%p/%i", lpath.aid.value, lpath.aid.len); + sc_log(ctx, "iasecc_select_file() select parent AID:%s", sc_dump_hex(lpath.aid.value, lpath.aid.len)); + memset(&ppath, 0, sizeof(ppath)); + memcpy(ppath.value, lpath.aid.value, lpath.aid.len); + ppath.len = lpath.aid.len; + ppath.type = SC_PATH_TYPE_DF_NAME; + + rv = iasecc_select_file(card, &ppath, &file); + LOG_TEST_RET(ctx, rv, "select AID path failed"); + + if (file_out) + *file_out = file; + else if (file) + sc_file_free(file); + + if (lpath.type == SC_PATH_TYPE_DF_NAME) + lpath.type = SC_PATH_TYPE_FROM_CURRENT; + } + + if (lpath.type == SC_PATH_TYPE_PATH) + lpath.type = SC_PATH_TYPE_FROM_CURRENT; + + if (!lpath.len) + LOG_FUNC_RETURN(ctx, SC_SUCCESS); + + sc_print_cache(card); + + if (card->cache.valid && card->cache.current_df && lpath.type == SC_PATH_TYPE_DF_NAME + && card->cache.current_df->path.len == lpath.len + && !memcmp(card->cache.current_df->path.value, lpath.value, lpath.len)) { + sc_log(ctx, "returns current DF path %s", sc_print_path(&card->cache.current_df->path)); + if (file_out) + sc_file_dup(file_out, card->cache.current_df); + } + else { + struct sc_apdu apdu; + struct sc_file *file = NULL; + unsigned char rbuf[SC_MAX_APDU_BUFFER_SIZE]; + int pathlen = lpath.len; + + sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0xA4, 0x00, 0x00); + + if (card->type != SC_CARD_TYPE_IASECC_GEMALTO + && card->type != SC_CARD_TYPE_IASECC_OBERTHUR + && card->type != SC_CARD_TYPE_IASECC_SAGEM) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Unsupported card"); + + if (lpath.type == SC_PATH_TYPE_FILE_ID) { + apdu.p1 = 0x02; + if (card->type == SC_CARD_TYPE_IASECC_OBERTHUR) { + apdu.p1 = 0x01; + apdu.p2 = 0x04; + } + } + else if (lpath.type == SC_PATH_TYPE_FROM_CURRENT) { + apdu.p1 = 0x09; + if (card->type == SC_CARD_TYPE_IASECC_OBERTHUR) + apdu.p2 = 0x04; + } + else if (lpath.type == SC_PATH_TYPE_PARENT) { + apdu.p1 = 0x03; + pathlen = 0; + apdu.cse = SC_APDU_CASE_2_SHORT; + } + else if (lpath.type == SC_PATH_TYPE_DF_NAME) { + apdu.p1 = 0x04; + } + else { + sc_log(ctx, "Invalid PATH type: 0x%X", lpath.type); + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "iasecc_select_file() invalid PATH type"); + } + + for (ii=0; ii<2; ii++) { + apdu.lc = pathlen; + apdu.data = lpath.value; + apdu.datalen = pathlen; + + apdu.resp = rbuf; + apdu.resplen = sizeof(rbuf); + apdu.le = 256; + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(ctx, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + if (rv == SC_ERROR_INCORRECT_PARAMETERS && + lpath.type == SC_PATH_TYPE_DF_NAME && apdu.p2 == 0x00) { + apdu.p2 = 0x0C; + continue; + } + + if (ii) { + /* 'SELECT AID' do not returned FCP. Try to emulate. */ + apdu.resplen = sizeof(rbuf); + rv = iasecc_emulate_fcp(ctx, &apdu); + LOG_TEST_RET(ctx, rv, "Failed to emulate DF FCP"); + } + + break; + } + LOG_TEST_RET(ctx, rv, "iasecc_select_file() check SW failed"); + + sc_log(ctx, "iasecc_select_file() apdu.resp %i", apdu.resplen); + if (apdu.resplen) { + sc_log(ctx, "apdu.resp %02X:%02X:%02X...", apdu.resp[0], apdu.resp[1], apdu.resp[2]); + + switch (apdu.resp[0]) { + case 0x62: + case 0x6F: + file = sc_file_new(); + if (file == NULL) + LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY); + file->path = lpath; + + rv = iasecc_process_fci(card, file, apdu.resp, apdu.resplen); + if (rv) + LOG_FUNC_RETURN(ctx, rv); + break; + default: + LOG_FUNC_RETURN(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED); + } + + sc_log(ctx, "FileType %i", file->type); + if (file->type == SC_FILE_TYPE_DF) { + if (card->cache.valid && card->cache.current_df) + sc_file_free(card->cache.current_df); + card->cache.current_df = NULL; + + + if (card->cache.valid && card->cache.current_ef) + sc_file_free(card->cache.current_ef); + card->cache.current_ef = NULL; + + sc_file_dup(&card->cache.current_df, file); + card->cache.valid = 1; + } + else { + if (card->cache.valid && card->cache.current_ef) + sc_file_free(card->cache.current_ef); + + card->cache.current_ef = NULL; + + sc_file_dup(&card->cache.current_ef, file); + } + + if (file_out) + *file_out = file; + else + sc_file_free(file); + } + else if (lpath.type == SC_PATH_TYPE_DF_NAME) { + if (card->cache.current_df) + sc_file_free(card->cache.current_df); + card->cache.current_df = NULL; + + if (card->cache.current_ef) + sc_file_free(card->cache.current_ef); + card->cache.current_ef = NULL; + + card->cache.valid = 1; + } + } + + sc_print_cache(card); + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static int +iasecc_process_fci(struct sc_card *card, struct sc_file *file, + const unsigned char *buf, size_t buflen) +{ + struct sc_context *ctx = card->ctx; + size_t taglen; + int rv, ii, offs; + const unsigned char *acls = NULL, *tag = NULL; + unsigned char mask; + unsigned char ops_DF[7] = { + SC_AC_OP_DELETE, 0xFF, SC_AC_OP_ACTIVATE, SC_AC_OP_DEACTIVATE, 0xFF, SC_AC_OP_CREATE, 0xFF + }; + unsigned char ops_EF[7] = { + SC_AC_OP_DELETE, 0xFF, SC_AC_OP_ACTIVATE, SC_AC_OP_DEACTIVATE, 0xFF, SC_AC_OP_UPDATE, SC_AC_OP_READ + }; + + LOG_FUNC_CALLED(ctx); + + tag = sc_asn1_find_tag(ctx, buf, buflen, 0x6F, &taglen); + sc_log(ctx, "processing FCI: 0x6F tag %p", tag); + if (tag != NULL) { + sc_log(ctx, " FCP length %i", taglen); + buf = tag; + buflen = taglen; + } + + tag = sc_asn1_find_tag(ctx, buf, buflen, 0x62, &taglen); + sc_log(ctx, "processing FCI: 0x62 tag %p", tag); + if (tag != NULL) { + sc_log(ctx, " FCP length %i", taglen); + buf = tag; + buflen = taglen; + } + + rv = iso_ops->process_fci(card, file, buf, buflen); + LOG_TEST_RET(ctx, rv, "ISO parse FCI failed"); +/* + Gemalto: 6F 19 80 02 02 ED 82 01 01 83 02 B0 01 88 00 8C 07 7B 17 17 17 17 17 00 8A 01 05 90 00 + Sagem: 6F 17 62 15 80 02 00 7D 82 01 01 8C 02 01 00 83 02 2F 00 88 01 F0 8A 01 05 90 00 + Oberthur: 62 1B 80 02 05 DC 82 01 01 83 02 B0 01 88 00 A1 09 8C 07 7B 17 FF 17 17 17 00 8A 01 05 90 00 +*/ + + sc_log(ctx, "iasecc_process_fci() type %i; let's parse file ACLs", file->type); + tag = sc_asn1_find_tag(ctx, buf, buflen, IASECC_DOCP_TAG_ACLS, &taglen); + if (tag) + acls = sc_asn1_find_tag(ctx, tag, taglen, IASECC_DOCP_TAG_ACLS_CONTACT, &taglen); + else + acls = sc_asn1_find_tag(ctx, buf, buflen, IASECC_DOCP_TAG_ACLS_CONTACT, &taglen); + + if (!acls) { + sc_log(ctx, "ACLs not found in data(%i) %s", buflen, sc_dump_hex(buf, buflen)); + LOG_TEST_RET(ctx, SC_ERROR_OBJECT_NOT_FOUND, "ACLs tag missing"); + } + + sc_log(ctx, "ACLs(%i) '%s'", taglen, sc_dump_hex(acls, taglen)); + mask = 0x40, offs = 1; + for (ii = 0; ii < 7; ii++, mask /= 2) { + unsigned char op = file->type == SC_FILE_TYPE_DF ? ops_DF[ii] : ops_EF[ii]; + + if (!(mask & acls[0])) + continue; + + sc_log(ctx, "ACLs mask 0x%X, offs %i, op 0x%X, acls[offs] 0x%X", mask, offs, op, acls[offs]); + if (op == 0xFF) { + ; + } + else if (acls[offs] == 0) { + sc_file_add_acl_entry(file, op, SC_AC_NONE, 0); + } + else if (acls[offs] == 0xFF) { + sc_file_add_acl_entry(file, op, SC_AC_NEVER, 0); + } + else if ((acls[offs] & IASECC_SCB_METHOD_MASK) == IASECC_SCB_METHOD_USER_AUTH) { + sc_file_add_acl_entry(file, op, SC_AC_SEN, acls[offs] & IASECC_SCB_METHOD_MASK_REF); + } + else if (acls[offs] & IASECC_SCB_METHOD_MASK) { + sc_file_add_acl_entry(file, op, SC_AC_SCB, acls[offs]); + } + else { + sc_log(ctx, "Warning: non supported SCB method: %X", acls[offs]); + sc_file_add_acl_entry(file, op, SC_AC_NEVER, 0); + } + + offs++; + } + + LOG_FUNC_RETURN(ctx, 0); +} + + +static int +iasecc_fcp_encode(struct sc_card *card, struct sc_file *file, unsigned char *out, size_t out_len) +{ + struct sc_context *ctx = card->ctx; + unsigned char buf[0x80], type; + unsigned char ops[7] = { + SC_AC_OP_DELETE, 0xFF, SC_AC_OP_ACTIVATE, SC_AC_OP_DEACTIVATE, 0xFF, SC_AC_OP_UPDATE, SC_AC_OP_READ + }; + unsigned char smbs[8]; + size_t ii, offs = 0, amb, mask, nn_smb; + + LOG_FUNC_CALLED(ctx); + + if (file->type == SC_FILE_TYPE_DF) + type = IASECC_FCP_TYPE_DF; + else + type = IASECC_FCP_TYPE_EF; + + buf[offs++] = IASECC_FCP_TAG_SIZE; + buf[offs++] = 2; + buf[offs++] = (file->size >> 8) & 0xFF; + buf[offs++] = file->size & 0xFF; + + buf[offs++] = IASECC_FCP_TAG_TYPE; + buf[offs++] = 1; + buf[offs++] = type; + + buf[offs++] = IASECC_FCP_TAG_FID; + buf[offs++] = 2; + buf[offs++] = (file->id >> 8) & 0xFF; + buf[offs++] = file->id & 0xFF; + + buf[offs++] = IASECC_FCP_TAG_SFID; + buf[offs++] = 0; + + amb = 0, mask = 0x40, nn_smb = 0; + for (ii = 0; ii < sizeof(ops); ii++, mask >>= 1) { + const struct sc_acl_entry *entry; + + if (ops[ii]==0xFF) + continue; + + entry = sc_file_get_acl_entry(file, ops[ii]); + sc_log(ctx, "method %X; reference %X", entry->method, entry->key_ref); + + if (entry->method == SC_AC_NEVER) + continue; + else if (entry->method == SC_AC_NONE) + smbs[nn_smb++] = 0x00; + else if (entry->method == SC_AC_CHV) + smbs[nn_smb++] = entry->key_ref | IASECC_SCB_METHOD_USER_AUTH; + else if (entry->method == SC_AC_SEN) + smbs[nn_smb++] = entry->key_ref | IASECC_SCB_METHOD_USER_AUTH; + else if (entry->method == SC_AC_SCB) + smbs[nn_smb++] = entry->key_ref; + else if (entry->method == SC_AC_PRO) + smbs[nn_smb++] = entry->key_ref | IASECC_SCB_METHOD_SM; + else + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Non supported AC method"); + + amb |= mask; + sc_log(ctx, "%i: AMB %X; nn_smb %i", ii, amb, nn_smb); + } + + printf("TODO: Encode contactless ACLs and life cycle status for all IAS/ECC cards\n"); + if (card->type == SC_CARD_TYPE_IASECC_SAGEM) { + unsigned char status = 0; + + buf[offs++] = IASECC_FCP_TAG_ACLS; + buf[offs++] = 2*(2 + 1 + nn_smb); + + buf[offs++] = IASECC_FCP_TAG_ACLS_CONTACT; + buf[offs++] = nn_smb + 1; + buf[offs++] = amb; + memcpy(buf + offs, smbs, nn_smb); + offs += nn_smb; + + /* Same ACLs for contactless */ + buf[offs++] = IASECC_DOCP_TAG_ACLS_CONTACTLESS; + buf[offs++] = nn_smb + 1; + buf[offs++] = amb; + memcpy(buf + offs, smbs, nn_smb); + offs += nn_smb; + + if (file->status == SC_FILE_STATUS_ACTIVATED) + status = 0x05; + else if (file->status == SC_FILE_STATUS_CREATION) + status = 0x01; + + if (status) { + buf[offs++] = 0x8A; + buf[offs++] = 0x01; + buf[offs++] = status; + } + } + else { + buf[offs++] = IASECC_FCP_TAG_ACLS; + buf[offs++] = 2 + 1 + nn_smb; + + buf[offs++] = IASECC_FCP_TAG_ACLS_CONTACT; + buf[offs++] = nn_smb + 1; + buf[offs++] = amb; + memcpy(buf + offs, smbs, nn_smb); + offs += nn_smb; + } + + if (out) { + if (out_len < offs) + LOG_TEST_RET(ctx, SC_ERROR_BUFFER_TOO_SMALL, "Buffer too small to encode FCP"); + memcpy(out, buf, offs); + } + + LOG_FUNC_RETURN(ctx, offs); +} + + +static int +iasecc_create_file(struct sc_card *card, struct sc_file *file) +{ + struct sc_context *ctx = card->ctx; + struct sc_apdu apdu; + const struct sc_acl_entry *entry = NULL; + unsigned char sbuf[0x100]; + size_t sbuf_len; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_print_cache(card); + + if (file->type != SC_FILE_TYPE_WORKING_EF) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Creation of the file with of this type is not supported"); + + sbuf_len = iasecc_fcp_encode(card, file, sbuf + 2, sizeof(sbuf)-2); + LOG_TEST_RET(ctx, sbuf_len, "FCP encode error"); + + sbuf[0] = IASECC_FCP_TAG; + sbuf[1] = sbuf_len; + + if (card->cache.valid && card->cache.current_df) { + entry = sc_file_get_acl_entry(card->cache.current_df, SC_AC_OP_CREATE); + sc_log(ctx, "iasecc_create_file() 'CREATE' method/reference %X/%X", entry->method, entry->key_ref); + sc_log(ctx, "iasecc_create_file() create data: '%s'", sc_dump_hex(sbuf, sbuf_len + 2)); + if (entry->method == SC_AC_SCB && (entry->key_ref & IASECC_SCB_METHOD_SM)) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Not yet"); + } + + sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xE0, 0, 0); + apdu.data = sbuf; + apdu.datalen = sbuf_len + 2; + apdu.lc = sbuf_len + 2; + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(ctx, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + LOG_TEST_RET(ctx, rv, "iasecc_create_file() create file error"); + + rv = iasecc_select_file(card, &file->path, NULL); + LOG_TEST_RET(ctx, rv, "Cannot select newly created file"); + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +iasecc_logout(struct sc_card *card) +{ + struct sc_context *ctx = card->ctx; + struct sc_path path; + int rv; + + LOG_FUNC_CALLED(ctx); + if (!card->ef_atr || !card->ef_atr->aid.len) + return SC_SUCCESS; + + memset(&path, 0, sizeof(struct sc_path)); + path.type = SC_PATH_TYPE_DF_NAME; + memcpy(path.value, card->ef_atr->aid.value, card->ef_atr->aid.len); + path.len = card->ef_atr->aid.len; + + rv = iasecc_select_file(card, &path, NULL); + sc_log(ctx, "Select ECC ROOT with the AID from EF.ATR: rv %i", rv); + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +iasecc_finish(struct sc_card *card) +{ + struct sc_context *ctx = card->ctx; + struct iasecc_private_data *private_data = (struct iasecc_private_data *)card->drv_data; + + LOG_FUNC_CALLED(ctx); + + if (private_data->se_info) { + if (private_data->se_info->df) + sc_file_free(private_data->se_info->df); + free(private_data->se_info); + } + + free(card->drv_data); + card->drv_data = NULL; + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static int +iasecc_delete_file(struct sc_card *card, const struct sc_path *path) +{ + struct sc_context *ctx = card->ctx; + const struct sc_acl_entry *entry = NULL; + struct sc_apdu apdu; + struct sc_file *file = NULL; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_print_cache(card); + + rv = iasecc_select_file(card, path, &file); + if (rv == SC_ERROR_FILE_NOT_FOUND) + LOG_FUNC_RETURN(ctx, SC_SUCCESS); + LOG_TEST_RET(ctx, rv, "Cannot select file to delete"); + + entry = sc_file_get_acl_entry(file, SC_AC_OP_DELETE); + sc_log(ctx, "DELETE method/reference %X/%X", entry->method, entry->key_ref); + + if (entry->method == SC_AC_SCB && (entry->key_ref & IASECC_SCB_METHOD_SM)) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Not yet"); + + sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0xE4, 0x00, 0x00); + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(ctx, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + LOG_TEST_RET(ctx, rv, "Delete file failed"); + + if (card->cache.valid && card->cache.current_ef) + sc_file_free(card->cache.current_ef); + card->cache.current_ef = NULL; + + LOG_FUNC_RETURN(ctx, rv); + + + LOG_FUNC_CALLED(ctx); + LOG_FUNC_RETURN(ctx, SC_SUCCESS); + +} + + +static int +iasecc_check_sw(struct sc_card *card, unsigned int sw1, unsigned int sw2) +{ + if (sw1 == 0x62 && sw2 == 0x82) + return SC_SUCCESS; + + return iso_ops->check_sw(card, sw1, sw2); +} + + +static unsigned +iasecc_get_algorithm(struct sc_context *ctx, const struct sc_security_env *env, + unsigned operation, unsigned mechanism) +{ + const struct sc_supported_algo_info *info = NULL; + int ii; + + if (!env) + return 0; + + for (ii=0;iisupported_algos[ii].reference; ii++) + if ((env->supported_algos[ii].operations & operation) + && (env->supported_algos[ii].mechanism == mechanism)) + break; + + if (ii < SC_MAX_SUPPORTED_ALGORITHMS && env->supported_algos[ii].reference) { + info = &env->supported_algos[ii]; + sc_log(ctx, "found IAS/ECC algorithm %X:%X:%X:%X", + info->reference, info->mechanism, info->operations, info->algo_ref); + } + else { + sc_log(ctx, "cannot find IAS/ECC algorithm (operation:%X,mechanism:%X)", operation, mechanism); + } + + return info ? info->algo_ref : 0; +} + + +static int +iasecc_se_cache_info(struct sc_card *card, struct iasecc_se_info *se) +{ + struct iasecc_private_data *prv = (struct iasecc_private_data *) card->drv_data; + struct sc_context *ctx = card->ctx; + struct iasecc_se_info *se_info = NULL, *si = NULL; + int rv; + + LOG_FUNC_CALLED(ctx); + + se_info = calloc(1, sizeof(struct iasecc_se_info)); + if (!se_info) + LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "SE info allocation error"); + memcpy(se_info, se, sizeof(struct iasecc_se_info)); + + if (card->cache.valid && card->cache.current_df) { + sc_file_dup(&se_info->df, card->cache.current_df); + if (se_info->df == NULL) + LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot duplicate current DF file"); + } + + rv = iasecc_docp_copy(ctx, &se->docp, &se_info->docp); + LOG_TEST_RET(ctx, rv, "Cannot make copy of DOCP"); + + if (!prv->se_info) { + prv->se_info = se_info; + } + else { + for (si = prv->se_info; si->next; si = si->next) + ; + si->next = se_info; + } + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +iasecc_se_get_info_from_cache(struct sc_card *card, struct iasecc_se_info *se) +{ + struct iasecc_private_data *prv = (struct iasecc_private_data *) card->drv_data; + struct sc_context *ctx = card->ctx; + struct iasecc_se_info *si = NULL; + int rv; + + LOG_FUNC_CALLED(ctx); + + for(si = prv->se_info; si; si = si->next) { + if (si->reference != se->reference) + continue; + if (!(card->cache.valid && card->cache.current_df) && si->df) + continue; + if (card->cache.valid && card->cache.current_df && !si->df) + continue; + if (card->cache.valid && card->cache.current_df && si->df) + if (memcmp(&card->cache.current_df->path, &si->df->path, sizeof(struct sc_path))) + continue; + break; + } + + if (!si) + return SC_ERROR_OBJECT_NOT_FOUND; + + memcpy(se, si, sizeof(struct iasecc_se_info)); + + if (si->df) { + sc_file_dup(&se->df, si->df); + if (se->df == NULL) + LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot duplicate current DF file"); + } + + rv = iasecc_docp_copy(ctx, &si->docp, &se->docp); + LOG_TEST_RET(ctx, rv, "Cannot make copy of DOCP"); + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +iasecc_se_get_info(struct sc_card *card, struct iasecc_se_info *se) +{ + struct sc_context *ctx = card->ctx; + struct sc_apdu apdu; + unsigned char rbuf[0x100]; + unsigned char sbuf_iasecc[10] = { + 0x4D, 0x08, IASECC_SDO_TEMPLATE_TAG, 0x06, + IASECC_SDO_TAG_HEADER, IASECC_SDO_CLASS_SE | IASECC_OBJECT_REF_LOCAL, + se->reference & 0x3F, + 0x02, IASECC_SDO_CLASS_SE, 0x80 + }; + int rv; + + LOG_FUNC_CALLED(ctx); + + if (se->reference > IASECC_SE_REF_MAX) + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS); + + rv = iasecc_se_get_info_from_cache(card, se); + if (rv == SC_ERROR_OBJECT_NOT_FOUND) { + sc_log(ctx, "No SE#%X info in cache, try to use 'GET DATA'", se->reference); + + sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0xCB, 0x3F, 0xFF); + apdu.data = sbuf_iasecc; + apdu.datalen = sizeof(sbuf_iasecc); + apdu.lc = apdu.datalen; + apdu.resp = rbuf; + apdu.resplen = sizeof(rbuf); + apdu.le = sizeof(rbuf); + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(ctx, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + LOG_TEST_RET(ctx, rv, "get SE data error"); + + rv = iasecc_se_parse(card, apdu.resp, apdu.resplen, se); + LOG_TEST_RET(ctx, rv, "cannot parse SE data"); + + rv = iasecc_se_cache_info(card, se); + LOG_TEST_RET(ctx, rv, "failed to put SE data into cache"); + } + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +iasecc_set_security_env(struct sc_card *card, + const struct sc_security_env *env, int se_num) +{ + struct sc_context *ctx = card->ctx; + struct iasecc_sdo sdo; + struct iasecc_private_data *prv = (struct iasecc_private_data *) card->drv_data; + unsigned algo_ref; + struct sc_apdu apdu; + unsigned sign_meth, sign_ref, auth_meth, auth_ref, aflags; + unsigned char cse_crt_at[] = { + 0x84, 0x01, 0xFF, + 0x80, 0x01, IASECC_ALGORITHM_RSA_PKCS + }; + unsigned char cse_crt_dst[] = { + 0x84, 0x01, 0xFF, + 0x80, 0x01, (IASECC_ALGORITHM_RSA_PKCS | IASECC_ALGORITHM_SHA1) + }; + unsigned char cse_crt_ht[] = { + 0x80, 0x01, IASECC_ALGORITHM_SHA1 + }; + unsigned char cse_crt_ct[] = { + 0x84, 0x01, 0xFF, + 0x80, 0x01, (IASECC_ALGORITHM_RSA_PKCS_DECRYPT | IASECC_ALGORITHM_SHA1) + }; + int rv, operation = env->operation; + + printf("TODO: take algorithm references from 5032, not from header file.\n"); + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "iasecc_set_security_env(card:%p) operation 0x%X; senv.algorithm 0x%X, senv.algorithm_ref 0x%X", + card, env->operation, env->algorithm, env->algorithm_ref); + + memset(&sdo, 0, sizeof(sdo)); + sdo.sdo_class = IASECC_SDO_CLASS_RSA_PRIVATE; + sdo.sdo_ref = env->key_ref[0] & ~IASECC_OBJECT_REF_LOCAL; + rv = iasecc_sdo_get_data(card, &sdo); + LOG_TEST_RET(ctx, rv, "Cannot get RSA PRIVATE SDO data"); + + /* To made by iasecc_sdo_convert_to_file() */ + prv->key_size = *(sdo.docp.size.value + 0) * 0x100 + *(sdo.docp.size.value + 1); + sc_log(ctx, "prv->key_size 0x%X", prv->key_size); + + rv = iasecc_sdo_convert_acl(card, &sdo, SC_AC_OP_PSO_COMPUTE_SIGNATURE, &sign_meth, &sign_ref); + LOG_TEST_RET(ctx, rv, "Cannot convert SC_AC_OP_SIGN acl"); + + rv = iasecc_sdo_convert_acl(card, &sdo, SC_AC_OP_INTERNAL_AUTHENTICATE, &auth_meth, &auth_ref); + LOG_TEST_RET(ctx, rv, "Cannot convert SC_AC_OP_INT_AUTH acl"); + + aflags = env->algorithm_flags; + + if (!(aflags & SC_ALGORITHM_RSA_PAD_PKCS1)) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Only supported signature with PKCS1 padding"); + + if (operation == SC_SEC_OPERATION_SIGN) { + if (!(aflags & (SC_ALGORITHM_RSA_HASH_SHA1 | SC_ALGORITHM_RSA_HASH_SHA256))) { + sc_log(ctx, "CKM_RSA_PKCS asked -- use 'AUTHENTICATE' sign operation instead of 'SIGN'"); + operation = SC_SEC_OPERATION_AUTHENTICATE; + } + else if (sign_meth == SC_AC_NEVER) { + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "PSO_DST not allowed for this key"); + } + } + + if (operation == SC_SEC_OPERATION_SIGN) { + prv->op_method = sign_meth; + prv->op_ref = sign_ref; + } + else if (operation == SC_SEC_OPERATION_AUTHENTICATE) { + if (auth_meth == SC_AC_NEVER) + LOG_TEST_RET(ctx, SC_ERROR_NOT_ALLOWED, "INTERNAL_AUTHENTICATE is not allowed for this key"); + + prv->op_method = auth_meth; + prv->op_ref = auth_ref; + } + + sc_log(ctx, "senv.algorithm 0x%X, senv.algorithm_ref 0x%X", env->algorithm, env->algorithm_ref); + sc_log(ctx, "se_num %i, operation 0x%X, algorithm 0x%X, algorithm_ref 0x%X, flags 0x%X; key size %i", + se_num, operation, env->algorithm, env->algorithm_ref, env->algorithm_flags, prv->key_size); + switch (operation) { + case SC_SEC_OPERATION_SIGN: + if (!(env->algorithm_flags & SC_ALGORITHM_RSA_PAD_PKCS1)) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Need RSA_PKCS1 specified"); + + if (env->algorithm_flags & SC_ALGORITHM_RSA_HASH_SHA256) { + algo_ref = iasecc_get_algorithm(ctx, env, SC_PKCS15_ALGO_OP_HASH, CKM_SHA256); + if (!algo_ref) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Card application do not supports HASH:SHA256"); + + cse_crt_ht[2] = algo_ref; /* IASECC_ALGORITHM_SHA2 */ + + algo_ref = iasecc_get_algorithm(ctx, env, SC_PKCS15_ALGO_OP_COMPUTE_SIGNATURE, CKM_SHA256_RSA_PKCS); + if (!algo_ref) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Card application do not supports SIGNATURE:SHA1_RSA_PKCS"); + + cse_crt_dst[2] = env->key_ref[0] | IASECC_OBJECT_REF_LOCAL; + cse_crt_dst[5] = algo_ref; /* IASECC_ALGORITHM_RSA_PKCS | IASECC_ALGORITHM_SHA2 */ + } + else if (env->algorithm_flags & SC_ALGORITHM_RSA_HASH_SHA1) { + algo_ref = iasecc_get_algorithm(ctx, env, SC_PKCS15_ALGO_OP_HASH, CKM_SHA_1); + if (!algo_ref) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Card application do not supports HASH:SHA1"); + + cse_crt_ht[2] = algo_ref; /* IASECC_ALGORITHM_SHA1 */ + + algo_ref = iasecc_get_algorithm(ctx, env, SC_PKCS15_ALGO_OP_COMPUTE_SIGNATURE, CKM_SHA1_RSA_PKCS); + if (!algo_ref) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Card application do not supports SIGNATURE:SHA1_RSA_PKCS"); + + cse_crt_dst[2] = env->key_ref[0] | IASECC_OBJECT_REF_LOCAL; + cse_crt_dst[5] = algo_ref; /* IASECC_ALGORITHM_RSA_PKCS | IASECC_ALGORITHM_SHA1 */ + } + else { + LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Need RSA_HASH_SHA[1,256] specified"); + } + + sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x22, 0x41, IASECC_CRT_TAG_HT); + apdu.data = cse_crt_ht; + apdu.datalen = sizeof(cse_crt_ht); + apdu.lc = sizeof(cse_crt_ht); + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(ctx, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + LOG_TEST_RET(ctx, rv, "MSE restore error"); + + sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x22, 0x41, IASECC_CRT_TAG_DST); + apdu.data = cse_crt_dst; + apdu.datalen = sizeof(cse_crt_dst); + apdu.lc = sizeof(cse_crt_dst); + break; + case SC_SEC_OPERATION_AUTHENTICATE: + algo_ref = iasecc_get_algorithm(ctx, env, SC_PKCS15_ALGO_OP_COMPUTE_SIGNATURE, CKM_RSA_PKCS); + if (!algo_ref) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Application do not supports SIGNATURE:RSA_PKCS"); + + cse_crt_at[2] = env->key_ref[0] | IASECC_OBJECT_REF_LOCAL; + cse_crt_at[5] = algo_ref; /* IASECC_ALGORITHM_RSA_PKCS */ + + sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x22, 0x41, IASECC_CRT_TAG_AT); + apdu.data = cse_crt_at; + apdu.datalen = sizeof(cse_crt_at); + apdu.lc = sizeof(cse_crt_at); + break; + case SC_SEC_OPERATION_DECIPHER: + rv = iasecc_sdo_convert_acl(card, &sdo, SC_AC_OP_PSO_DECRYPT, &prv->op_method, &prv->op_ref); + LOG_TEST_RET(ctx, rv, "Cannot convert SC_AC_OP_PSO_DECRYPT acl"); + algo_ref = iasecc_get_algorithm(ctx, env, SC_PKCS15_ALGO_OP_DECIPHER, CKM_RSA_PKCS); + if (!algo_ref) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Application do not supports DECHIPHER:RSA_PKCS"); + + cse_crt_ct[2] = env->key_ref[0] | IASECC_OBJECT_REF_LOCAL; + cse_crt_ct[5] = algo_ref; /* IASECC_ALGORITHM_RSA_PKCS_DECRYPT | IASECC_ALGORITHM_SHA1 */ + + sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x22, 0x41, IASECC_CRT_TAG_CT); + apdu.data = cse_crt_ct; + apdu.datalen = sizeof(cse_crt_ct); + apdu.lc = sizeof(cse_crt_ct); + break; + default: + LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED); + } + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(ctx, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + LOG_TEST_RET(ctx, rv, "MSE restore error"); + + prv->security_env = *env; + prv->security_env.operation = operation; + + LOG_FUNC_RETURN(ctx, 0); +} + + +static int +iasecc_chv_verify_pinpad(struct sc_card *card, struct sc_pin_cmd_data *pin_cmd, int *tries_left) +{ + struct sc_context *ctx = card->ctx; + unsigned char buffer[0x100]; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "CHV PINPAD PIN reference %i", pin_cmd->pin_reference); + + rv = iasecc_pin_is_verified(card, pin_cmd, tries_left); + if (!rv) + LOG_FUNC_RETURN(ctx, rv); + + if (!card->reader || !card->reader->ops || !card->reader->ops->perform_verify) { + sc_log(ctx, "Reader not ready for PIN PAD"); + LOG_FUNC_RETURN(ctx, SC_ERROR_READER); + } + + if (pin_cmd->pin1.min_length != pin_cmd->pin1.max_length) { + sc_log(ctx, "Different values for PIN min and max lengths is not actually compatible with PinPAD."); + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, + "Different values for PIN min and max lengths is not actually compatible with PinPAD."); + } + + pin_cmd->pin1.len = pin_cmd->pin1.min_length; + + memset(buffer, 0xFF, sizeof(buffer)); + pin_cmd->pin1.data = buffer; + + pin_cmd->cmd = SC_PIN_CMD_VERIFY; + pin_cmd->flags |= SC_PIN_CMD_USE_PINPAD; + + /* + if (card->reader && card->reader->ops && card->reader->ops->load_message) { + rv = card->reader->ops->load_message(card->reader, card->slot, 0, "Here we are!"); + sc_log(ctx, "Load message returned %i", rv); + } + */ + + rv = iso_ops->pin_cmd(card, pin_cmd, tries_left); + sc_log(ctx, "rv %i", rv); + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +iasecc_chv_verify(struct sc_card *card, struct sc_pin_cmd_data *pin_cmd, + int *tries_left) +{ + struct sc_context *ctx = card->ctx; + struct sc_apdu apdu; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "CHV PIN reference %i, data_len %i", pin_cmd->pin_reference, pin_cmd->pin1.len); + + if (pin_cmd->pin1.data && !pin_cmd->pin1.len) { + sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x20, 0, pin_cmd->pin_reference); + } + else if (pin_cmd->pin1.data && pin_cmd->pin1.len) { + sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x20, 0, pin_cmd->pin_reference); + apdu.data = pin_cmd->pin1.data; + apdu.datalen = pin_cmd->pin1.len; + apdu.lc = pin_cmd->pin1.len; + } + else if ((card->reader->capabilities & SC_READER_CAP_PIN_PAD) && !pin_cmd->pin1.data && !pin_cmd->pin1.len) { + rv = iasecc_chv_verify_pinpad(card, pin_cmd, tries_left); + sc_log(ctx, "Result of verifying CHV with PIN pad %i", rv); + LOG_FUNC_RETURN(ctx, rv); + } + else { + LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED); + } + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(ctx, rv, "APDU transmit failed"); + + if (tries_left && apdu.sw1 == 0x63 && (apdu.sw2 & 0xF0) == 0xC0) + *tries_left = apdu.sw2 & 0x0F; + + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +iasecc_se_at_to_chv_reference(struct sc_card *card, unsigned reference, + unsigned *chv_reference) +{ + struct sc_context *ctx = card->ctx; + struct iasecc_se_info se; + struct sc_crt crt; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "SE reference %i", reference); + + if (reference > IASECC_SE_REF_MAX) + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS); + + memset(&se, 0, sizeof(se)); + se.reference = reference; + + rv = iasecc_se_get_info(card, &se); + LOG_TEST_RET(ctx, rv, "SDO get data error"); + + memset(&crt, 0, sizeof(crt)); + crt.tag = IASECC_CRT_TAG_AT; + crt.usage = IASECC_UQB_AT_USER_PASSWORD; + + rv = iasecc_se_get_crt(card, &se, &crt); + LOG_TEST_RET(ctx, rv, "no authentication template for USER PASSWORD"); + + if (chv_reference) + *chv_reference = crt.refs[0]; + + if (se.df) + sc_file_free(se.df); + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +iasecc_pin_is_verified(struct sc_card *card, struct sc_pin_cmd_data *pin_cmd_data, + int *tries_left) +{ + struct sc_context *ctx = card->ctx; + struct sc_pin_cmd_data pin_cmd; + struct sc_acl_entry acl = pin_cmd_data->pin1.acls[IASECC_ACLS_CHV_VERIFY]; + int rv = SC_ERROR_SECURITY_STATUS_NOT_SATISFIED; + + LOG_FUNC_CALLED(ctx); + + if (pin_cmd_data->pin_type != SC_AC_CHV) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "PIN type is not supported for the verification"); + + sc_log(ctx, "Verify ACL(method:%X;ref:%X)", acl.method, acl.key_ref); + if (acl.method != IASECC_SCB_ALWAYS) + LOG_FUNC_RETURN(ctx, SC_ERROR_SECURITY_STATUS_NOT_SATISFIED); + + pin_cmd = *pin_cmd_data; + pin_cmd.pin1.data = (unsigned char *)""; + pin_cmd.pin1.len = 0; + + rv = iasecc_chv_verify(card, &pin_cmd, tries_left); + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +iasecc_pin_verify(struct sc_card *card, unsigned type, unsigned reference, + const unsigned char *data, size_t data_len, int *tries_left) +{ + struct sc_context *ctx = card->ctx; + struct sc_pin_cmd_data pin_cmd; + unsigned chv_ref = reference; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "Verify PIN(type:%X,ref:%i,data(len:%i,%p)", type, reference, data_len, data); + + if (type == SC_AC_SCB) { + if (reference & IASECC_SCB_METHOD_USER_AUTH) { + type = SC_AC_SEN; + reference = reference & IASECC_SCB_METHOD_MASK_REF; + } + else { + sc_log(ctx, "Do not try to verify non CHV PINs"); + LOG_FUNC_RETURN(ctx, SC_SUCCESS); + } + } + + if (type == SC_AC_SEN) { + rv = iasecc_se_at_to_chv_reference(card, reference, &chv_ref); + LOG_TEST_RET(ctx, rv, "SE AT to CHV reference error"); + } + + memset(&pin_cmd, 0, sizeof(pin_cmd)); + pin_cmd.pin_type = SC_AC_CHV; + pin_cmd.pin_reference = chv_ref; + pin_cmd.cmd = SC_PIN_CMD_VERIFY; + + rv = iasecc_pin_get_policy(card, &pin_cmd); + LOG_TEST_RET(ctx, rv, "Get 'PIN policy' error"); + + pin_cmd.pin1.data = data; + pin_cmd.pin1.len = data_len; + + rv = iasecc_pin_is_verified(card, &pin_cmd, tries_left); + if (data && !data_len) + LOG_FUNC_RETURN(ctx, rv); + + if (!rv) { + if (iasecc_chv_cache_is_verified(card, &pin_cmd)) + LOG_FUNC_RETURN(ctx, SC_SUCCESS); + } + else if (rv != SC_ERROR_PIN_CODE_INCORRECT && rv != SC_ERROR_SECURITY_STATUS_NOT_SATISFIED) { + LOG_FUNC_RETURN(ctx, rv); + } + + iasecc_chv_cache_clean(card, &pin_cmd); + + rv = iasecc_chv_verify(card, &pin_cmd, tries_left); + LOG_TEST_RET(ctx, rv, "PIN CHV verification error"); + + rv = iasecc_chv_cache_verified(card, &pin_cmd); + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +iasecc_chv_change_pinpad(struct sc_card *card, unsigned reference, int *tries_left) +{ + struct sc_context *ctx = card->ctx; + struct sc_pin_cmd_data pin_cmd; + unsigned char pin1_data[0x100], pin2_data[0x100]; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "CHV PINPAD PIN reference %i", reference); + + memset(pin1_data, 0xFF, sizeof(pin1_data)); + memset(pin2_data, 0xFF, sizeof(pin2_data)); + + if (!card->reader || !card->reader->ops || !card->reader->ops->perform_verify) { + sc_log(ctx, "Reader not ready for PIN PAD"); + LOG_FUNC_RETURN(ctx, SC_ERROR_READER); + } + + memset(&pin_cmd, 0, sizeof(pin_cmd)); + pin_cmd.pin_type = SC_AC_CHV; + pin_cmd.pin_reference = reference; + pin_cmd.cmd = SC_PIN_CMD_CHANGE; + pin_cmd.flags |= SC_PIN_CMD_USE_PINPAD; + + rv = iasecc_pin_get_policy(card, &pin_cmd); + LOG_TEST_RET(ctx, rv, "Get 'PIN policy' error"); + + if (pin_cmd.pin1.min_length != pin_cmd.pin1.max_length) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Different values for PIN min and max lengths is not allowed with PinPAD."); + + if (pin_cmd.pin1.min_length < 4) + pin_cmd.pin1.min_length = 4; + pin_cmd.pin1.len = pin_cmd.pin1.min_length; + pin_cmd.pin1.data = pin1_data; + + memcpy(&pin_cmd.pin2, &pin_cmd.pin1, sizeof(pin_cmd.pin1)); + pin_cmd.pin2.data = pin2_data; + + sc_log(ctx, "PIN1 max/min: %i/%i", pin_cmd.pin1.max_length, pin_cmd.pin1.min_length); + sc_log(ctx, "PIN2 max/min: %i/%i", pin_cmd.pin2.max_length, pin_cmd.pin2.min_length); + rv = iso_ops->pin_cmd(card, &pin_cmd, tries_left); + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +iasecc_chv_set_pinpad(struct sc_card *card, unsigned char reference) +{ + struct sc_context *ctx = card->ctx; + struct sc_pin_cmd_data pin_cmd; + unsigned char pin_data[0x100]; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "Set CHV PINPAD PIN reference %i", reference); + + memset(pin_data, 0xFF, sizeof(pin_data)); + + if (!card->reader || !card->reader->ops || !card->reader->ops->perform_verify) { + sc_log(ctx, "Reader not ready for PIN PAD"); + LOG_FUNC_RETURN(ctx, SC_ERROR_READER); + } + + memset(&pin_cmd, 0, sizeof(pin_cmd)); + pin_cmd.pin_type = SC_AC_CHV; + pin_cmd.pin_reference = reference; + pin_cmd.cmd = SC_PIN_CMD_UNBLOCK; + pin_cmd.flags |= SC_PIN_CMD_USE_PINPAD; + + rv = iasecc_pin_get_policy(card, &pin_cmd); + LOG_TEST_RET(ctx, rv, "Get 'PIN policy' error"); + + if (pin_cmd.pin1.min_length != pin_cmd.pin1.max_length) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Different values for PIN min and max lengths is not allowed with PinPAD."); + + if (pin_cmd.pin1.min_length < 4) + pin_cmd.pin1.min_length = 4; + pin_cmd.pin1.len = pin_cmd.pin1.min_length; + pin_cmd.pin1.data = pin_data; + + memcpy(&pin_cmd.pin2, &pin_cmd.pin1, sizeof(pin_cmd.pin1)); + memset(&pin_cmd.pin1, 0, sizeof(pin_cmd.pin1)); + + sc_log(ctx, "PIN1(max:%i,min:%i)", pin_cmd.pin1.max_length, pin_cmd.pin1.min_length); + sc_log(ctx, "PIN2(max:%i,min:%i)", pin_cmd.pin2.max_length, pin_cmd.pin2.min_length); + + rv = iso_ops->pin_cmd(card, &pin_cmd, NULL); + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +iasecc_pin_get_policy (struct sc_card *card, struct sc_pin_cmd_data *data) +{ + struct sc_context *ctx = card->ctx; + struct sc_file *save_current_df = NULL, *save_current_ef = NULL; + struct iasecc_sdo sdo; + struct sc_path path; + int ii, rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "iasecc_pin_get_policy(card:%p)", card); + + if (data->pin_type != SC_AC_CHV) { + sc_log(ctx, "To unblock PIN it's CHV reference should be presented"); + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS); + } + + if (card->cache.valid && card->cache.current_df) { + sc_file_dup(&save_current_df, card->cache.current_df); + if (save_current_df == NULL) + LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot duplicate current DF file"); + } + + if (card->cache.valid && card->cache.current_ef) { + sc_file_dup(&save_current_ef, card->cache.current_ef); + if (save_current_ef == NULL) + LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot duplicate current EF file"); + } + + if (!(data->pin_reference & IASECC_OBJECT_REF_LOCAL) && card->cache.valid && card->cache.current_df) { + sc_format_path("3F00", &path); + path.type = SC_PATH_TYPE_FILE_ID; + rv = iasecc_select_file(card, &path, NULL); + LOG_TEST_RET(ctx, rv, "Unable to select MF"); + } + + memset(&sdo, 0, sizeof(sdo)); + sdo.sdo_class = IASECC_SDO_CLASS_CHV; + + sdo.sdo_ref = data->pin_reference & ~IASECC_OBJECT_REF_LOCAL; + + sc_log(ctx, "iasecc_pin_get_policy() reference %i", sdo.sdo_ref); + + rv = iasecc_sdo_get_data(card, &sdo); + LOG_TEST_RET(ctx, rv, "Cannot get SDO PIN data"); + + if (sdo.docp.acls_contact.size == 0) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Extremely strange ... there is no ACLs"); + + for (ii=0; iipin1.acls[ii]; + int crt_num = 0; + + memset(&se, 0, sizeof(se)); + memset(&acl->crts, 0, sizeof(acl->crts)); + + sc_log(ctx, "iasecc_pin_get_policy() set info acls: SCB 0x%X", scb); + /* acl->raw_value = scb; */ + acl->method = scb & IASECC_SCB_METHOD_MASK; + acl->key_ref = scb & IASECC_SCB_METHOD_MASK_REF; + + if (scb==0 || scb==0xFF) + continue; + + if (se.reference != acl->key_ref) { + memset(&se, 0, sizeof(se)); + + se.reference = acl->key_ref; + + rv = iasecc_se_get_info(card, &se); + LOG_TEST_RET(ctx, rv, "SDO get data error"); + } + + if (scb & IASECC_SCB_METHOD_USER_AUTH) { + rv = iasecc_se_get_crt_by_usage(card, &se, + IASECC_CRT_TAG_AT, IASECC_UQB_AT_USER_PASSWORD, &acl->crts[crt_num]); + LOG_TEST_RET(ctx, rv, "no authentication template for 'USER PASSWORD'"); + sc_log(ctx, "iasecc_pin_get_policy() scb:0x%X; sdo_ref:[%i,%i,...]", + scb, acl->crts[crt_num].refs[0], acl->crts[crt_num].refs[1]); + crt_num++; + } + + if (scb & (IASECC_SCB_METHOD_SM || IASECC_SCB_METHOD_EXT_AUTH)) { + sc_log(ctx, "'SM' and 'EXTERNAL AUTHENTICATION' protection methods are not supported: SCB:0x%X", scb); + /* Set to 'NEVER' if all conditions are needed or + * there is no user authentication method allowed */ + if (!crt_num || (scb & IASECC_SCB_METHOD_NEED_ALL)) + acl->method = SC_AC_NEVER; + continue; + } + + if (se.df) + sc_file_free(se.df); + } + + if (sdo.data.chv.size_max.value) + data->pin1.max_length = *sdo.data.chv.size_max.value; + if (sdo.data.chv.size_min.value) + data->pin1.min_length = *sdo.data.chv.size_min.value; + if (sdo.docp.tries_maximum.value) + data->pin1.max_tries = *sdo.docp.tries_maximum.value; + if (sdo.docp.tries_remaining.value) + data->pin1.tries_left = *sdo.docp.tries_remaining.value; + + data->pin1.encoding = SC_PIN_ENCODING_ASCII; + data->pin1.offset = 5; + + sc_log(ctx, "PIN policy: size max/min %i/%i, tries max/left %i/%i", + data->pin1.max_length, data->pin1.min_length, + data->pin1.max_tries, data->pin1.tries_left); + iasecc_sdo_free_fields(card, &sdo); + + if (save_current_df) { + struct sc_file *dummy_file = NULL; + + sc_log(ctx, "iasecc_pin_get_policy() restore current DF"); + rv = iasecc_select_file(card, &save_current_df->path, &dummy_file); + LOG_TEST_RET(ctx, rv, "Cannot return to saved DF"); + + sc_file_free(dummy_file); + sc_file_free(save_current_df); + } + + if (save_current_ef) { + struct sc_file *dummy_file = NULL; + + sc_log(ctx, "iasecc_pin_get_policy() restore current EF"); + rv = iasecc_select_file(card, &save_current_ef->path, &dummy_file); + LOG_TEST_RET(ctx, rv, "Cannot return to saved EF"); + + sc_file_free(dummy_file); + sc_file_free(save_current_ef); + } + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +iasecc_pin_reset(struct sc_card *card, struct sc_pin_cmd_data *data, int *tries_left) +{ + struct sc_context *ctx = card->ctx; + struct sc_file *save_current = NULL; + struct iasecc_sdo sdo; + struct sc_apdu apdu; + unsigned reference, scb; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "Reset PIN(ref:%i,lengths:%i/%i)", data->pin_reference, data->pin1.len, data->pin2.len); + + reference = data->pin_reference; + + if (!(data->pin_reference & IASECC_OBJECT_REF_LOCAL) + && card->cache.valid && card->cache.current_df) { + struct sc_path path; + + sc_file_dup(&save_current, card->cache.current_df); + if (save_current == NULL) + LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot duplicate current DF file"); + + sc_format_path("3F00", &path); + path.type = SC_PATH_TYPE_FILE_ID; + rv = iasecc_select_file(card, &path, NULL); + LOG_TEST_RET(ctx, rv, "Unable to select MF"); + } + + memset(&sdo, 0, sizeof(sdo)); + sdo.sdo_class = IASECC_SDO_CLASS_CHV; + sdo.sdo_ref = reference & ~IASECC_OBJECT_REF_LOCAL; + + rv = iasecc_sdo_get_data(card, &sdo); + LOG_TEST_RET(ctx, rv, "Cannot get PIN data"); + + if (sdo.docp.acls_contact.size == 0) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Extremely strange ... there is no ACLs"); + + scb = sdo.docp.scbs[IASECC_ACLS_CHV_RESET]; + do { + unsigned need_all = scb & IASECC_SCB_METHOD_NEED_ALL ? 1 : 0; + int ignore_ext_auth = 0; + +#ifdef ALLOW_IGNORE_EXTERNAL_AUTHENTICATION + ignore_ext_auth = ((scb & IASECC_SCB_METHOD_EXT_AUTH) && !need_all && (scb & IASECC_SCB_METHOD_SM)); +#endif + if (scb & IASECC_SCB_METHOD_USER_AUTH) { + sc_log(ctx, "Try to verify PUK code: pin1.data:%p, pin1.len:%i", data->pin1.data, data->pin1.len); + rv = iasecc_pin_verify(card, SC_AC_SEN, scb & IASECC_SCB_METHOD_MASK_REF, + data->pin1.data, data->pin1.len, tries_left); + sc_log(ctx, "Verify PUK code returned %i", rv); + LOG_TEST_RET(ctx, rv, "iasecc_pin_reset() PIN verification error"); + + if (!need_all) + break; + } + + if ((scb & IASECC_SCB_METHOD_EXT_AUTH) && !ignore_ext_auth) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Not yet"); + + if (scb & IASECC_SCB_METHOD_SM) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Not yet"); + } while(0); + + iasecc_sdo_free_fields(card, &sdo); + + if (data->pin2.len) { + sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x2C, 0x02, reference); + apdu.data = data->pin2.data; + apdu.datalen = data->pin2.len; + apdu.lc = apdu.datalen; + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(ctx, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + LOG_TEST_RET(ctx, rv, "PIN cmd failed"); + } + else if (data->pin2.data) { + sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x2C, 3, reference); + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(ctx, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + LOG_TEST_RET(ctx, rv, "PIN cmd failed"); + } + else { + rv = iasecc_chv_set_pinpad(card, reference); + sc_log(ctx, "Set CHV with PIN pad returned %i", rv); + } + + if (save_current) { + struct sc_file *dummy_file = NULL; + + rv = iasecc_select_file(card, &save_current->path, &dummy_file); + LOG_TEST_RET(ctx, rv, "Cannot return to saved PATH"); + } + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +iasecc_pin_cmd(struct sc_card *card, struct sc_pin_cmd_data *data, int *tries_left) +{ + struct sc_context *ctx = card->ctx; + struct sc_apdu apdu; + unsigned reference; + unsigned char pin_data[0x100]; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "iasecc_pin_cmd(card:%p) cmd 0x%X, PIN type 0x%X, PIN reference %i, PIN-1 %p:%i, PIN-2 %p:%i", + card, data->cmd, data->pin_type, data->pin_reference, + data->pin1.data, data->pin1.len, data->pin2.data, data->pin2.len); + + reference = data->pin_reference; + + switch (data->cmd) { + case SC_PIN_CMD_VERIFY: + rv = iasecc_pin_verify(card, data->pin_type, reference, data->pin1.data, data->pin1.len, tries_left); + LOG_TEST_RET(ctx, rv, "PIN verification error"); + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); + case SC_PIN_CMD_CHANGE: + if ((card->reader->capabilities & SC_READER_CAP_PIN_PAD)) { + if (!data->pin1.data && !data->pin1.len && &data->pin2.data && !data->pin2.len) { + rv = iasecc_chv_change_pinpad(card, reference, tries_left); + sc_log(ctx, "iasecc_pin_cmd(SC_PIN_CMD_CHANGE) chv_change_pinpad returned %i", rv); + LOG_FUNC_RETURN(ctx, rv); + } + } + + if (!data->pin1.data && data->pin1.len) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Invalid PIN1 arguments"); + + if (!data->pin2.data && data->pin2.len) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Invalid PIN2 arguments"); + + rv = iasecc_pin_verify(card, data->pin_type, reference, data->pin1.data, data->pin1.len, tries_left); + sc_log(ctx, "iasecc_pin_cmd(SC_PIN_CMD_CHANGE) pin_verify returned %i", rv); + LOG_TEST_RET(ctx, rv, "PIN verification error"); + + if (data->pin1.len + data->pin2.len > sizeof(pin_data)) + LOG_TEST_RET(ctx, SC_ERROR_BUFFER_TOO_SMALL, "Buffer too small for the 'Change PIN' data"); + + if (data->pin1.data) + memcpy(pin_data, data->pin1.data, data->pin1.len); + if (data->pin2.data) + memcpy(pin_data + data->pin1.len, data->pin2.data, data->pin2.len); + + sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x24, 0, reference); + apdu.data = pin_data; + apdu.datalen = data->pin1.len + data->pin2.len; + apdu.lc = apdu.datalen; + + break; + case SC_PIN_CMD_UNBLOCK: + if (data->pin_type != SC_AC_CHV) { + sc_log(ctx, "To unblock PIN it's CHV reference should be presented"); + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS); + } + + rv = iasecc_pin_reset(card, data, tries_left); + LOG_TEST_RET(ctx, rv, "PIN unblock error"); + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); + case SC_PIN_CMD_GET_INFO: + rv = iasecc_pin_get_policy(card, data); + LOG_FUNC_RETURN(ctx, rv); + default: + sc_log(ctx, "Other pin commands not supported yet: 0x%X", data->cmd); + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Non-supported PIN command"); + } + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(ctx, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + LOG_TEST_RET(ctx, rv, "PIN cmd failed"); + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +iasecc_get_serialnr(struct sc_card *card, struct sc_serial_number *serial) +{ + struct sc_context *ctx = card->ctx; + struct sc_iin *iin = &card->serialnr.iin; + struct sc_apdu apdu; + unsigned char rbuf[0xC0]; + size_t ii, offs; + int rv; + + LOG_FUNC_CALLED(ctx); + if (card->serialnr.len) + goto end; + + memset(&card->serialnr, 0, sizeof(card->serialnr)); + + sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xB0, 0x80 | IASECC_SFI_EF_SN, 0); + apdu.le = sizeof(rbuf); + apdu.resp = rbuf; + apdu.resplen = sizeof(rbuf); + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(ctx, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + LOG_TEST_RET(ctx, rv, "Get 'serial number' data failed"); + + if (rbuf[0] != ISO7812_PAN_SN_TAG) + LOG_TEST_RET(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "serial number parse error"); + + iin->mii = (rbuf[2] >> 4) & 0x0F; + + iin->country = 0; + for (ii=5; ii<8; ii++) { + iin->country *= 10; + iin->country += (rbuf[ii/2] >> ((ii & 0x01) ? 0 : 4)) & 0x0F; + } + + iin->issuer_id = 0; + for (ii=8; ii<10; ii++) { + iin->issuer_id *= 10; + iin->issuer_id += (rbuf[ii/2] >> (ii & 0x01 ? 0 : 4)) & 0x0F; + } + + offs = rbuf[1] > 8 ? rbuf[1] - 8 : 0; + if (card->type == SC_CARD_TYPE_IASECC_SAGEM) { + /* 5A 0A 92 50 00 20 10 10 25 00 01 3F */ + /* 00 02 01 01 02 50 00 13 */ + for (ii=0; ii < rbuf[1] - offs; ii++) + *(card->serialnr.value + ii) = ((rbuf[ii + offs + 1] & 0x0F) << 4) + + ((rbuf[ii + offs + 2] & 0xF0) >> 4) ; + card->serialnr.len = ii; + } + else { + for (ii=0; ii < rbuf[1] - offs; ii++) + *(card->serialnr.value + ii) = rbuf[ii + offs + 2]; + card->serialnr.len = ii; + } + + do { + char txt[0x200]; + + for (ii=0;iiserialnr.len;ii++) + sprintf(txt + ii*2, "%02X", *(card->serialnr.value + ii)); + + sc_log(ctx, "serial number '%s'; mii %i; country %i; issuer_id %li", txt, iin->mii, iin->country, iin->issuer_id); + } while(0); + +end: + if (serial) + memcpy(serial, &card->serialnr, sizeof(*serial)); + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static int +iasecc_sdo_create(struct sc_card *card, struct iasecc_sdo *sdo) +{ + struct sc_context *ctx = card->ctx; + struct sc_apdu apdu; + unsigned char *data = NULL, sdo_class = sdo->sdo_class; + struct iasecc_sdo_update update; + struct iasecc_extended_tlv *field = NULL; + int rv = SC_ERROR_NOT_SUPPORTED, data_len; + + LOG_FUNC_CALLED(ctx); + if (sdo->magic != SC_CARDCTL_IASECC_SDO_MAGIC) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Invalid SDO data"); + + sc_log(ctx, "iasecc_sdo_create(card:%p) %02X%02X%02X", card, + IASECC_SDO_TAG_HEADER, sdo->sdo_class | 0x80, sdo->sdo_ref); + + data_len = iasecc_sdo_encode_create(ctx, sdo, &data); + LOG_TEST_RET(ctx, data_len, "iasecc_sdo_create() cannot encode SDO create data"); + sc_log(ctx, "iasecc_sdo_create() create data(%i):%s", data_len, sc_dump_hex(data, data_len)); + + sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xDB, 0x3F, 0xFF); + apdu.data = data; + apdu.datalen = data_len; + apdu.lc = data_len; + apdu.flags |= SC_APDU_FLAGS_CHAINING; + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(ctx, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + LOG_TEST_RET(ctx, rv, "iasecc_sdo_create() SDO put data error"); + + memset(&update, 0, sizeof(update)); + update.magic = SC_CARDCTL_IASECC_SDO_MAGIC_PUT_DATA; + update.sdo_class = sdo->sdo_class; + update.sdo_ref = sdo->sdo_ref; + + if (sdo_class == IASECC_SDO_CLASS_RSA_PRIVATE) { + update.fields[0] = sdo->data.prv_key.compulsory; + update.fields[0].parent_tag = IASECC_SDO_PRVKEY_TAG; + field = &sdo->data.prv_key.compulsory; + } + else if (sdo_class == IASECC_SDO_CLASS_RSA_PUBLIC) { + update.fields[0] = sdo->data.pub_key.compulsory; + update.fields[0].parent_tag = IASECC_SDO_PUBKEY_TAG; + field = &sdo->data.pub_key.compulsory; + } + else if (sdo_class == IASECC_SDO_CLASS_KEYSET) { + update.fields[0] = sdo->data.keyset.compulsory; + update.fields[0].parent_tag = IASECC_SDO_KEYSET_TAG; + field = &sdo->data.keyset.compulsory; + } + + if (update.fields[0].value && !update.fields[0].on_card) { + rv = iasecc_sdo_put_data(card, &update); + LOG_TEST_RET(ctx, rv, "failed to update 'Compulsory usage' data"); + + field->on_card = 1; + } + + free(data); + LOG_FUNC_RETURN(ctx, rv); +} + +/* Oberthur's specific */ +static int +iasecc_sdo_delete(struct sc_card *card, struct iasecc_sdo *sdo) +{ + struct sc_context *ctx = card->ctx; + struct sc_apdu apdu; + unsigned char data[6] = { + 0x70, 0x04, 0xBF, 0xFF, 0xFF, 0x00 + }; + int rv; + + LOG_FUNC_CALLED(ctx); + if (sdo->magic != SC_CARDCTL_IASECC_SDO_MAGIC) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Invalid SDO data"); + + data[2] = IASECC_SDO_TAG_HEADER; + data[3] = sdo->sdo_class | 0x80; + data[4] = sdo->sdo_ref; + sc_log(ctx, "delete SDO %02X%02X%02X", data[2], data[3], data[4]); + + sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xDB, 0x3F, 0xFF); + apdu.data = data; + apdu.datalen = sizeof(data); + apdu.lc = sizeof(data); + apdu.flags |= SC_APDU_FLAGS_CHAINING; + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(ctx, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + LOG_TEST_RET(ctx, rv, "delete SDO error"); + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +iasecc_sdo_put_data(struct sc_card *card, struct iasecc_sdo_update *update) +{ + struct sc_context *ctx = card->ctx; + struct sc_apdu apdu; + int ii, rv; + + LOG_FUNC_CALLED(ctx); + if (update->magic != SC_CARDCTL_IASECC_SDO_MAGIC_PUT_DATA) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Invalid SDO update data"); + + for(ii=0; update->fields[ii].tag && ii < IASECC_SDO_TAGS_UPDATE_MAX; ii++) { + unsigned char *encoded = NULL; + int encoded_len; + + encoded_len = iasecc_sdo_encode_update_field(ctx, update->sdo_class, update->sdo_ref, + &update->fields[ii], &encoded); + sc_log(ctx, "iasecc_sdo_put_data() encode[%i]; tag %X; encoded_len %i", ii, update->fields[ii].tag, encoded_len); + LOG_TEST_RET(ctx, encoded_len, "Cannot encode update data"); + + sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xDB, 0x3F, 0xFF); + apdu.data = encoded; + apdu.datalen = encoded_len; + apdu.lc = encoded_len; + apdu.flags |= SC_APDU_FLAGS_CHAINING; + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(ctx, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + LOG_TEST_RET(ctx, rv, "SDO put data error"); + + free(encoded); + } + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static int +iasecc_sdo_key_rsa_put_data(struct sc_card *card, struct iasecc_sdo_rsa_update *update) +{ + struct sc_context *ctx = card->ctx; + unsigned char scb; + int rv; + + LOG_FUNC_CALLED(ctx); + + if (update->sdo_prv_key) { + sc_log(ctx, "encode private rsa in %p", &update->update_prv); + rv = iasecc_sdo_encode_rsa_update(card->ctx, update->sdo_prv_key, update->p15_rsa, &update->update_prv); + LOG_TEST_RET(ctx, rv, "failed to encode update of RSA private key"); + } + + if (update->sdo_pub_key) { + sc_log(ctx, "encode public rsa in %p", &update->update_pub); + if (card->type == SC_CARD_TYPE_IASECC_SAGEM) { + if (update->sdo_pub_key->data.pub_key.cha.value) { + free(update->sdo_pub_key->data.pub_key.cha.value); + memset(&update->sdo_pub_key->data.pub_key.cha, 0, sizeof(update->sdo_pub_key->data.pub_key.cha)); + } + } + rv = iasecc_sdo_encode_rsa_update(card->ctx, update->sdo_pub_key, update->p15_rsa, &update->update_pub); + LOG_TEST_RET(ctx, rv, "failed to encode update of RSA public key"); + } + + if (update->sdo_prv_key) { + sc_log(ctx, "reference of the private key to store: %X", update->sdo_prv_key->sdo_ref); + + if (update->sdo_prv_key->docp.acls_contact.size == 0) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "extremely strange ... there is no ACLs"); + + scb = update->sdo_prv_key->docp.scbs[IASECC_ACLS_RSAKEY_PUT_DATA]; + sc_log(ctx, "'UPDATE PRIVATE RSA' scb 0x%X", scb); + + do { + unsigned all_conditions = scb & IASECC_SCB_METHOD_NEED_ALL ? 1 : 0; + + if ((scb & IASECC_SCB_METHOD_USER_AUTH) && !all_conditions) + break; + + if (scb & IASECC_SCB_METHOD_EXT_AUTH) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Not yet"); + + if (scb & IASECC_SCB_METHOD_SM) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Not yet"); + } while(0); + + rv = iasecc_sdo_put_data(card, &update->update_prv); + LOG_TEST_RET(ctx, rv, "failed to update of RSA private key"); + } + + if (update->sdo_pub_key) { + sc_log(ctx, "reference of the public key to store: %X", update->sdo_pub_key->sdo_ref); + + rv = iasecc_sdo_put_data(card, &update->update_pub); + LOG_TEST_RET(ctx, rv, "failed to update of RSA public key"); + } + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static int +iasecc_sdo_tag_from_class(unsigned sdo_class) +{ + switch (sdo_class & ~IASECC_OBJECT_REF_LOCAL) { + case IASECC_SDO_CLASS_CHV: + return IASECC_SDO_CHV_TAG; + case IASECC_SDO_CLASS_RSA_PRIVATE: + return IASECC_SDO_PRVKEY_TAG; + case IASECC_SDO_CLASS_RSA_PUBLIC: + return IASECC_SDO_PUBKEY_TAG; + case IASECC_SDO_CLASS_SE: + return IASECC_SDO_CLASS_SE; + case IASECC_SDO_CLASS_KEYSET: + return IASECC_SDO_KEYSET_TAG; + } + + return -1; +} + + +static int +iasecc_sdo_get_tagged_data(struct sc_card *card, int sdo_tag, struct iasecc_sdo *sdo) +{ + struct sc_context *ctx = card->ctx; + struct sc_apdu apdu; + unsigned char sbuf[0x100]; + size_t offs = sizeof(sbuf) - 1; + unsigned char rbuf[0x400]; + int rv; + + LOG_FUNC_CALLED(ctx); + + sbuf[offs--] = 0x80; + sbuf[offs--] = sdo_tag & 0xFF; + if ((sdo_tag >> 8) & 0xFF) + sbuf[offs--] = (sdo_tag >> 8) & 0xFF; + sbuf[offs] = sizeof(sbuf) - offs - 1; + offs--; + + sbuf[offs--] = sdo->sdo_ref & 0x9F; + sbuf[offs--] = sdo->sdo_class | IASECC_OBJECT_REF_LOCAL; + sbuf[offs--] = IASECC_SDO_TAG_HEADER; + + sbuf[offs] = sizeof(sbuf) - offs - 1; + offs--; + sbuf[offs--] = IASECC_SDO_TEMPLATE_TAG; + + sbuf[offs] = sizeof(sbuf) - offs - 1; + offs--; + sbuf[offs] = 0x4D; + + sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0xCB, 0x3F, 0xFF); + apdu.data = sbuf + offs; + apdu.datalen = sizeof(sbuf) - offs; + apdu.lc = sizeof(sbuf) - offs; + apdu.resp = rbuf; + apdu.resplen = sizeof(rbuf); + apdu.le = 0x100; + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(ctx, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + LOG_TEST_RET(ctx, rv, "SDO get data error"); + + rv = iasecc_sdo_parse(card, apdu.resp, apdu.resplen, sdo); + LOG_TEST_RET(ctx, rv, "cannot parse SDO data"); + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +iasecc_sdo_get_data(struct sc_card *card, struct iasecc_sdo *sdo) +{ + struct sc_context *ctx = card->ctx; + int rv, sdo_tag; + + LOG_FUNC_CALLED(ctx); + + sdo_tag = iasecc_sdo_tag_from_class(sdo->sdo_class); + + rv = iasecc_sdo_get_tagged_data(card, sdo_tag, sdo); + /* When there is no public data 'GET DATA' returns error */ + if (rv != SC_ERROR_INCORRECT_PARAMETERS) + LOG_TEST_RET(ctx, rv, "cannot parse ECC SDO data"); + + rv = iasecc_sdo_get_tagged_data(card, IASECC_DOCP_TAG, sdo); + LOG_TEST_RET(ctx, rv, "cannot parse ECC DOCP data"); + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +iasecc_sdo_generate(struct sc_card *card, struct iasecc_sdo *sdo) +{ + struct sc_context *ctx = card->ctx; + struct iasecc_sdo_update update_pubkey; + struct sc_apdu apdu; + unsigned char scb, sbuf[5], rbuf[0x400], exponent[3] = {0x01, 0x00, 0x01}; + int offs = 0, rv = SC_ERROR_NOT_SUPPORTED; + + LOG_FUNC_CALLED(ctx); + + if (sdo->sdo_class != IASECC_SDO_CLASS_RSA_PRIVATE) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "For a moment, only RSA_PRIVATE class can be accepted for the SDO generation"); + + if (sdo->docp.acls_contact.size == 0) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "iasecc_sdo_generate() Extremely strange ... there is no ACLs"); + + scb = sdo->docp.scbs[IASECC_ACLS_RSAKEY_GENERATE]; + sc_log(ctx, "'generate RSA key' SCB 0x%X", scb); + do { + unsigned all_conditions = scb & IASECC_SCB_METHOD_NEED_ALL ? 1 : 0; + + if (scb & IASECC_SCB_METHOD_USER_AUTH) { + if (!all_conditions) + break; + } + + if (scb & IASECC_SCB_METHOD_EXT_AUTH) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Not yet"); + + if (scb & IASECC_SCB_METHOD_SM) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Not yet"); + } while(0); + + memset(&update_pubkey, 0, sizeof(update_pubkey)); + update_pubkey.magic = SC_CARDCTL_IASECC_SDO_MAGIC_PUT_DATA; + update_pubkey.sdo_class = IASECC_SDO_CLASS_RSA_PUBLIC; + update_pubkey.sdo_ref = sdo->sdo_ref; + + update_pubkey.fields[0].parent_tag = IASECC_SDO_PUBKEY_TAG; + update_pubkey.fields[0].tag = IASECC_SDO_PUBKEY_TAG_E; + update_pubkey.fields[0].value = exponent; + update_pubkey.fields[0].size = sizeof(exponent); + + rv = iasecc_sdo_put_data(card, &update_pubkey); + LOG_TEST_RET(ctx, rv, "iasecc_sdo_generate() update SDO public key failed"); + + offs = 0; + sbuf[offs++] = IASECC_SDO_TEMPLATE_TAG; + sbuf[offs++] = 0x03; + sbuf[offs++] = IASECC_SDO_TAG_HEADER; + sbuf[offs++] = IASECC_SDO_CLASS_RSA_PRIVATE | IASECC_OBJECT_REF_LOCAL; + sbuf[offs++] = sdo->sdo_ref & ~IASECC_OBJECT_REF_LOCAL; + + sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0x47, 0x00, 0x00); + apdu.data = sbuf; + apdu.datalen = offs; + apdu.lc = offs; + apdu.resp = rbuf; + apdu.resplen = sizeof(rbuf); + apdu.le = 0x100; + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(ctx, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + LOG_TEST_RET(ctx, rv, "SDO get data error"); + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +iasecc_get_chv_reference_from_se(struct sc_card *card, int *se_reference) +{ + struct sc_context *ctx = card->ctx; + struct iasecc_se_info se; + struct sc_crt crt; + int rv; + + LOG_FUNC_CALLED(ctx); + + if (!se_reference) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Invalid arguments"); + + memset(&se, 0, sizeof(se)); + se.reference = *se_reference; + + rv = iasecc_se_get_info(card, &se); + LOG_TEST_RET(ctx, rv, "get SE info error"); + + memset(&crt, 0, sizeof(crt)); + crt.tag = IASECC_CRT_TAG_AT; + crt.usage = IASECC_UQB_AT_USER_PASSWORD; + + rv = iasecc_se_get_crt(card, &se, &crt); + LOG_TEST_RET(ctx, rv, "Cannot get 'USER PASSWORD' authentication template"); + + LOG_FUNC_RETURN(ctx, crt.refs[0]); +} + + +static int +iasecc_card_ctl(struct sc_card *card, unsigned long cmd, void *ptr) +{ + struct sc_context *ctx = card->ctx; + struct iasecc_sdo *sdo = (struct iasecc_sdo *) ptr; + + switch (cmd) { + case SC_CARDCTL_GET_SERIALNR: + return iasecc_get_serialnr(card, (struct sc_serial_number *)ptr); + case SC_CARDCTL_IASECC_SDO_CREATE: + sc_log(ctx, "CMD SC_CARDCTL_IASECC_SDO_CREATE: sdo_class %X", sdo->sdo_class); + return iasecc_sdo_create(card, (struct iasecc_sdo *) ptr); + case SC_CARDCTL_IASECC_SDO_DELETE: + sc_log(ctx, "CMD SC_CARDCTL_IASECC_SDO_DELETE: sdo_class %X", sdo->sdo_class); + return iasecc_sdo_delete(card, (struct iasecc_sdo *) ptr); + case SC_CARDCTL_IASECC_SDO_PUT_DATA: + sc_log(ctx, "CMD SC_CARDCTL_IASECC_SDO_PUT_DATA: sdo_class %X", sdo->sdo_class); + return iasecc_sdo_put_data(card, (struct iasecc_sdo_update *) ptr); + case SC_CARDCTL_IASECC_SDO_KEY_RSA_PUT_DATA: + sc_log(ctx, "CMD SC_CARDCTL_IASECC_SDO_KEY_RSA_PUT_DATA"); + return iasecc_sdo_key_rsa_put_data(card, (struct iasecc_sdo_rsa_update *) ptr); + case SC_CARDCTL_IASECC_SDO_GET_DATA: + sc_log(ctx, "CMD SC_CARDCTL_IASECC_SDO_GET_DATA: sdo_class %X", sdo->sdo_class); + return iasecc_sdo_get_data(card, (struct iasecc_sdo *) ptr); + case SC_CARDCTL_IASECC_SDO_GENERATE: + sc_log(ctx, "CMD SC_CARDCTL_IASECC_SDO_GET_DATA: sdo_class %X", sdo->sdo_class); + return iasecc_sdo_generate(card, (struct iasecc_sdo *) ptr); + case SC_CARDCTL_GET_SE_INFO: + sc_log(ctx, "CMD SC_CARDCTL_GET_SE_INFO: sdo_class %X", sdo->sdo_class); + return iasecc_se_get_info(card, (struct iasecc_se_info *) ptr); + case SC_CARDCTL_GET_CHV_REFERENCE_IN_SE: + sc_log(ctx, "CMD SC_CARDCTL_GET_CHV_REFERENCE_IN_SE"); + return iasecc_get_chv_reference_from_se(card, (int *)ptr); + case SC_CARDCTL_IASECC_GET_FREE_KEY_REFERENCE: + sc_log(ctx, "CMD SC_CARDCTL_IASECC_GET_FREE_KEY_REFERENCE"); + return iasecc_get_free_reference(card, (struct iasecc_ctl_get_free_reference *)ptr); + } + return SC_ERROR_NOT_SUPPORTED; +} + + +static int +iasecc_decipher(struct sc_card *card, + const unsigned char *in, size_t in_len, + unsigned char *out, size_t out_len) +{ + struct sc_context *ctx = card->ctx; + struct sc_apdu apdu; + unsigned char sbuf[0x200]; + unsigned char resp[SC_MAX_APDU_BUFFER_SIZE]; + size_t offs; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(card->ctx, "crgram_len %i; outlen %i", in_len, out_len); + if (!out || !out_len || in_len > SC_MAX_APDU_BUFFER_SIZE) + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS); + + offs = 0; + sbuf[offs++] = 0x81; + memcpy(sbuf + offs, in, in_len); + offs += in_len; + + sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0x2A, 0x80, 0x86); + apdu.flags |= SC_APDU_FLAGS_CHAINING; + apdu.data = sbuf; + apdu.datalen = offs; + apdu.lc = offs; + apdu.resp = resp; + apdu.resplen = sizeof(resp); + apdu.le = in_len - (in_len % 8); + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(ctx, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + LOG_TEST_RET(ctx, rv, "Card returned error"); + + if (out_len > apdu.resplen) + out_len = apdu.resplen; + + memcpy(out, apdu.resp, out_len); + rv = out_len; + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +iasecc_qsign_data_sha1(struct sc_context *ctx, const unsigned char *in, size_t in_len, + struct iasecc_qsign_data *out) +{ + SHA_CTX sha; + SHA_LONG pre_hash_Nl, *hh[5] = { + &sha.h0, &sha.h1, &sha.h2, &sha.h3, &sha.h4 + }; + int jj, ii; + int hh_size = sizeof(SHA_LONG), hh_num = SHA_DIGEST_LENGTH / sizeof(SHA_LONG); + + LOG_FUNC_CALLED(ctx); + + if (!in || !in_len || !out) + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS); + + sc_log(ctx, "sc_pkcs15_get_qsign_data() input data length %i", in_len); + memset(out, 0, sizeof(struct iasecc_qsign_data)); + + SHA1_Init(&sha); + SHA1_Update(&sha, in, in_len); + + for (jj=0; jjpre_hash[jj*hh_size + ii] = ((*hh[jj] >> 8*(hh_size-1-ii)) & 0xFF); + out->pre_hash_size = SHA_DIGEST_LENGTH; + sc_log(ctx, "Pre SHA1:%s", sc_dump_hex(out->pre_hash, out->pre_hash_size)); + + pre_hash_Nl = sha.Nl - (sha.Nl % (sizeof(sha.data) * 8)); + for (ii=0; iicounter[ii] = (sha.Nh >> 8*(hh_size-1-ii)) &0xFF; + out->counter[hh_size+ii] = (pre_hash_Nl >> 8*(hh_size-1-ii)) &0xFF; + } + for (ii=0, out->counter_long=0; iicounter); ii++) + out->counter_long = out->counter_long*0x100 + out->counter[ii]; + sc_log(ctx, "Pre counter(%li):%s", out->counter_long, sc_dump_hex(out->counter, sizeof(out->counter))); + + if (sha.num) { + memcpy(out->last_block, in + in_len - sha.num, sha.num); + out->last_block_size = sha.num; + sc_log(ctx, "Last block(%i):%s", out->last_block_size, sc_dump_hex(out->last_block, out->last_block_size)); + } + + SHA1_Final(out->hash, &sha); + out->hash_size = SHA_DIGEST_LENGTH; + sc_log(ctx, "Expected digest %s\n", sc_dump_hex(out->hash, out->hash_size)); + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +#if OPENSSL_VERSION_NUMBER >= 0x00908000L +static int +iasecc_qsign_data_sha256(struct sc_context *ctx, const unsigned char *in, size_t in_len, + struct iasecc_qsign_data *out) +{ + SHA256_CTX sha256; + SHA_LONG pre_hash_Nl; + int jj, ii; + int hh_size = sizeof(SHA_LONG), hh_num = SHA256_DIGEST_LENGTH / sizeof(SHA_LONG); + + LOG_FUNC_CALLED(ctx); + if (!in || !in_len || !out) + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS); + + sc_log(ctx, "sc_pkcs15_get_qsign_data() input data length %i", in_len); + memset(out, 0, sizeof(struct iasecc_qsign_data)); + + SHA256_Init(&sha256); + SHA256_Update(&sha256, in, in_len); + + for (jj=0; jjpre_hash[jj*hh_size + ii] = ((sha256.h[jj] >> 8*(hh_size-1-ii)) & 0xFF); + out->pre_hash_size = SHA256_DIGEST_LENGTH; + sc_log(ctx, "Pre hash:%s", sc_dump_hex(out->pre_hash, out->pre_hash_size)); + + pre_hash_Nl = sha256.Nl - (sha256.Nl % (sizeof(sha256.data) * 8)); + for (ii=0; iicounter[ii] = (sha256.Nh >> 8*(hh_size-1-ii)) &0xFF; + out->counter[hh_size+ii] = (pre_hash_Nl >> 8*(hh_size-1-ii)) &0xFF; + } + for (ii=0, out->counter_long=0; iicounter); ii++) + out->counter_long = out->counter_long*0x100 + out->counter[ii]; + sc_log(ctx, "Pre counter(%li):%s", out->counter_long, sc_dump_hex(out->counter, sizeof(out->counter))); + + if (sha256.num) { + memcpy(out->last_block, in + in_len - sha256.num, sha256.num); + out->last_block_size = sha256.num; + sc_log(ctx, "Last block(%i):%s", out->last_block_size, sc_dump_hex(out->last_block, out->last_block_size)); + } + + SHA256_Final(out->hash, &sha256); + out->hash_size = SHA256_DIGEST_LENGTH; + sc_log(ctx, "Expected digest %s\n", sc_dump_hex(out->hash, out->hash_size)); + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} +#endif + + +static int +iasecc_compute_signature_dst(struct sc_card *card, + const unsigned char *in, size_t in_len, unsigned char *out, size_t out_len) +{ + struct sc_context *ctx = card->ctx; + struct iasecc_private_data *prv = (struct iasecc_private_data *) card->drv_data; + struct sc_security_env *env = &prv->security_env; + struct iasecc_qsign_data qsign_data; + struct sc_apdu apdu; + size_t offs = 0, hash_len = 0; + unsigned char sbuf[SC_MAX_APDU_BUFFER_SIZE]; + unsigned char rbuf[SC_MAX_APDU_BUFFER_SIZE]; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "iasecc_compute_signature_dst() input length %i", in_len); + if (env->operation != SC_SEC_OPERATION_SIGN) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "It's not SC_SEC_OPERATION_SIGN"); + else if (!(prv->key_size & 0x1E0) || (prv->key_size & ~0x1E0)) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Invalid key size for SC_SEC_OPERATION_SIGN"); + + memset(&qsign_data, 0, sizeof(qsign_data)); + if (env->algorithm_flags & SC_ALGORITHM_RSA_HASH_SHA1) { + rv = iasecc_qsign_data_sha1(card->ctx, in, in_len, &qsign_data); + } + else if (env->algorithm_flags & SC_ALGORITHM_RSA_HASH_SHA256) { +#if OPENSSL_VERSION_NUMBER >= 0x00908000L + rv = iasecc_qsign_data_sha256(card->ctx, in, in_len, &qsign_data); +#else + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "SHA256 is not supported by OpenSSL previous to v0.9.8"); +#endif + } + else + LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Need RSA_HASH_SHA1 or RSA_HASH_SHA256 algorithm"); + LOG_TEST_RET(ctx, rv, "Cannot get QSign data"); + + sc_log(ctx, "iasecc_compute_signature_dst() hash_len %i; key_size %i", hash_len, prv->key_size); + + memset(sbuf, 0, sizeof(sbuf)); + sbuf[offs++] = 0x90; + if (qsign_data.counter_long) { + sbuf[offs++] = qsign_data.hash_size + 8; + memcpy(sbuf + offs, qsign_data.pre_hash, qsign_data.pre_hash_size); + offs += qsign_data.pre_hash_size; + memcpy(sbuf + offs, qsign_data.counter, sizeof(qsign_data.counter)); + offs += sizeof(qsign_data.counter); + } + else { + sbuf[offs++] = 0; + } + + sbuf[offs++] = 0x80; + sbuf[offs++] = qsign_data.last_block_size; + memcpy(sbuf + offs, qsign_data.last_block, qsign_data.last_block_size); + offs += qsign_data.last_block_size; + + sc_log(ctx, "iasecc_compute_signature_dst() offs %i; OP(meth:%X,ref:%X)", offs, prv->op_method, prv->op_ref); + if (prv->op_method == SC_AC_SCB && (prv->op_ref & IASECC_SCB_METHOD_SM)) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Not yet"); + + sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x2A, 0x90, 0xA0); + apdu.data = sbuf; + apdu.datalen = offs; + apdu.lc = offs; + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(ctx, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + LOG_TEST_RET(ctx, rv, "Compute signature failed"); + + sc_log(ctx, "iasecc_compute_signature_dst() partial hash OK"); + + sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0x2A, 0x9E, 0x9A); + apdu.resp = rbuf; + apdu.resplen = prv->key_size; + apdu.le = prv->key_size; + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(ctx, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + LOG_TEST_RET(ctx, rv, "Compute signature failed"); + + sc_log(ctx, "iasecc_compute_signature_dst() DST resplen %i", apdu.resplen); + if (apdu.resplen > out_len) + LOG_TEST_RET(ctx, SC_ERROR_BUFFER_TOO_SMALL, "Result buffer too small for the DST signature"); + + memcpy(out, apdu.resp, apdu.resplen); + + LOG_FUNC_RETURN(ctx, apdu.resplen); +} + + +static int +iasecc_compute_signature_at(struct sc_card *card, + const unsigned char *in, size_t in_len, unsigned char *out, size_t out_len) +{ + struct sc_context *ctx = card->ctx; + struct iasecc_private_data *prv = (struct iasecc_private_data *) card->drv_data; + struct sc_security_env *env = &prv->security_env; + struct sc_apdu apdu; + size_t offs = 0, sz = 0; + unsigned char rbuf[SC_MAX_APDU_BUFFER_SIZE]; + int rv; + + LOG_FUNC_CALLED(ctx); + if (env->operation != SC_SEC_OPERATION_AUTHENTICATE) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "It's not SC_SEC_OPERATION_AUTHENTICATE"); + + sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0x88, 0x00, 0x00); + apdu.datalen = in_len; + apdu.data = in; + apdu.lc = in_len; + apdu.resp = rbuf; + apdu.resplen = sizeof(rbuf); + apdu.le = 0x100; + + rv = sc_transmit_apdu(card, &apdu); + LOG_TEST_RET(ctx, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + LOG_TEST_RET(ctx, rv, "Compute signature failed"); + + do { + if (offs + apdu.resplen > out_len) + LOG_TEST_RET(ctx, SC_ERROR_BUFFER_TOO_SMALL, "Buffer too small to return signature"); + + memcpy(out + offs, rbuf, apdu.resplen); + offs += apdu.resplen; + + if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00) + break; + + if (apdu.sw1 == 0x61) { + sz = apdu.sw2 == 0x00 ? 0x100 : apdu.sw2; + rv = iso_ops->get_response(card, &sz, rbuf); + LOG_TEST_RET(ctx, rv, "Get response error"); + + apdu.resplen = rv; + } + else { + LOG_TEST_RET(ctx, SC_ERROR_INTERNAL, "Impossible error: SW1 is not 0x90 neither 0x61"); + } + + } while(rv > 0); + + LOG_FUNC_RETURN(ctx, offs); +} + + +static int +iasecc_compute_signature(struct sc_card *card, + const unsigned char *in, size_t in_len, unsigned char *out, size_t out_len) +{ + struct sc_context *ctx = card->ctx; + struct iasecc_private_data *prv = (struct iasecc_private_data *) card->drv_data; + struct sc_security_env *env = &prv->security_env; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "inlen %i, outlen %i", in_len, out_len); + if (!card || !in || !out) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Invalid compute signature arguments"); + + if (env->operation == SC_SEC_OPERATION_SIGN) + return iasecc_compute_signature_dst(card, in, in_len, out, out_len); + else if (env->operation == SC_SEC_OPERATION_AUTHENTICATE) + return iasecc_compute_signature_at(card, in, in_len, out, out_len); + + LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED); +} + +/* + * FIXME: Should we implement 'read-public-key' facility, or assume that public key will be always present as + * 'direct' PKCS#15 ObjectValue ? + +static int +iasecc_read_public_key(struct sc_card *card, unsigned type, void *data, + unsigned char **out, size_t *out_len) +{ + struct sc_context *ctx = card->ctx; + struct iasecc_sdo sdo; + struct sc_pkcs15_bignum bn[2]; + struct sc_pkcs15_pubkey_rsa key; + unsigned ref, size; + int rv; + + LOG_FUNC_CALLED(ctx); + if (type != SC_ALGORITHM_RSA) + LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED); + + ref = ((struct sc_pkcs15_pubkey_info *)data)->key_reference; + size = ((struct sc_pkcs15_pubkey_info *)data)-> modulus_length; + + sc_log(ctx, "read public kay(ref:%i;size:%i)", ref, size); + + memset(&sdo, 0, sizeof(sdo)); + sdo.sdo_class = IASECC_SDO_CLASS_RSA_PUBLIC; + sdo.sdo_ref = ref & ~IASECC_OBJECT_REF_LOCAL; + + rv = iasecc_sdo_get_data(card, &sdo); + LOG_TEST_RET(ctx, rv, "failed to read public key: cannot get RSA SDO data"); + + if (out) + *out = NULL; + if (out_len) + *out_len = 0; + + bn[0].data = (unsigned char *) malloc(sdo.data.pub_key.n.size); + if (!bn[0].data) + LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "failed to read public key: cannot allocate modulus"); + bn[0].len = sdo.data.pub_key.n.size; + memcpy(bn[0].data, sdo.data.pub_key.n.value, sdo.data.pub_key.n.size); + + bn[1].data = (unsigned char *) malloc(sdo.data.pub_key.e.size); + if (!bn[1].data) + LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "failed to read public key: cannot allocate exponent"); + bn[1].len = sdo.data.pub_key.e.size; + memcpy(bn[1].data, sdo.data.pub_key.e.value, sdo.data.pub_key.e.size); + + key.modulus = bn[0]; + key.exponent = bn[1]; + + rv = sc_pkcs15_encode_pubkey_rsa(card->ctx, &key, out, out_len); + LOG_TEST_RET(ctx, rv, "failed to read public key: cannot encode RSA public key"); + + sc_log(ctx, "encoded public key: %s", sc_dump_hex(*out, *out_len)); + + if (bn[0].data) + free(bn[0].data); + if (bn[1].data) + free(bn[1].data); + + iasecc_sdo_free_fields(card, &sdo); + + SC_FUNC_RETURN(ctx, 1, rv); +} +*/ + +static int +iasecc_get_free_reference(struct sc_card *card, struct iasecc_ctl_get_free_reference *ctl_data) +{ + struct sc_context *ctx = card->ctx; + struct iasecc_sdo *sdo = NULL; + int idx, rv; + + LOG_FUNC_CALLED(ctx); + + if ((ctl_data->key_size % 0x40) || ctl_data->index < 1 || (ctl_data->index > IASECC_OBJECT_REF_MAX)) + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS); + + sc_log(ctx, "get reference for key(index:%i,usage:%X,access:%X)", ctl_data->index, ctl_data->usage, ctl_data->access); + /* TODO: when looking for the slot for the signature keys, check also PSO_SIGNATURE ACL */ + for (idx = ctl_data->index; idx <= IASECC_OBJECT_REF_MAX; idx++) { + unsigned char sdo_tag[3] = { + IASECC_SDO_TAG_HEADER, IASECC_OBJECT_REF_LOCAL | IASECC_SDO_CLASS_RSA_PRIVATE, idx + }; + size_t sz; + + if (sdo) + iasecc_sdo_free(card, sdo); + + rv = iasecc_sdo_allocate_and_parse(card, sdo_tag, 3, &sdo); + LOG_TEST_RET(ctx, rv, "cannot parse SDO data"); + + rv = iasecc_sdo_get_data(card, sdo); + if (rv == SC_ERROR_DATA_OBJECT_NOT_FOUND) { + iasecc_sdo_free(card, sdo); + + sc_log(ctx, "found empty key slot %i", idx); + break; + } + else + LOG_TEST_RET(ctx, rv, "get new key reference failed"); + + sz = *(sdo->docp.size.value + 0) * 0x100 + *(sdo->docp.size.value + 1); + sc_log(ctx, "SDO(idx:%i) size %i; key_size %i", idx, sz, ctl_data->key_size); + + if (sz != ctl_data->key_size / 8) + continue; + + if (sdo->docp.non_repudiation.value) { + sc_log(ctx, "non repudiation flag %X", sdo->docp.non_repudiation.value[0]); + if ((ctl_data->usage & SC_PKCS15_PRKEY_USAGE_NONREPUDIATION) && !(*sdo->docp.non_repudiation.value)) { + sc_log(ctx, "key index %i ignored: need non repudiation", idx); + continue; + } + + if (!(ctl_data->usage & SC_PKCS15_PRKEY_USAGE_NONREPUDIATION) && *sdo->docp.non_repudiation.value) { + sc_log(ctx, "key index %i ignored: don't need non-repudiation", idx); + continue; + } + } + + if (ctl_data->access & SC_PKCS15_PRKEY_ACCESS_LOCAL) { + if (sdo->docp.scbs[IASECC_ACLS_RSAKEY_GENERATE] == IASECC_SCB_NEVER) { + sc_log(ctx, "key index %i ignored: GENERATE KEY not allowed", idx); + continue; + } + } + else { + if (sdo->docp.scbs[IASECC_ACLS_RSAKEY_PUT_DATA] == IASECC_SCB_NEVER) { + sc_log(ctx, "key index %i ignored: PUT DATA not allowed", idx); + continue; + } + } + + if ((ctl_data->usage & SC_PKCS15_PRKEY_USAGE_NONREPUDIATION) && (ctl_data->usage & SC_PKCS15_PRKEY_USAGE_SIGN)) { + if (sdo->docp.scbs[IASECC_ACLS_RSAKEY_PSO_SIGN] == IASECC_SCB_NEVER) { + sc_log(ctx, "key index %i ignored: PSO SIGN not allowed", idx); + continue; + } + } + else { + if (ctl_data->usage & (SC_PKCS15_PRKEY_USAGE_DECRYPT | SC_PKCS15_PRKEY_USAGE_UNWRAP)) { + if (sdo->docp.scbs[IASECC_ACLS_RSAKEY_PSO_DECIPHER] == IASECC_SCB_NEVER) { + sc_log(ctx, "key index %i ignored: PSO DECIPHER not allowed", idx); + continue; + } + } + if (ctl_data->usage & SC_PKCS15_PRKEY_USAGE_SIGN) { + if (sdo->docp.scbs[IASECC_ACLS_RSAKEY_INTERNAL_AUTH] == IASECC_SCB_NEVER) { + sc_log(ctx, "key index %i ignored: INTERNAL AUTHENTICATE not allowed", idx); + continue; + } + } + } + + break; + } + + ctl_data->index = idx; + + if (idx > IASECC_OBJECT_REF_MAX) + LOG_FUNC_RETURN(ctx, SC_ERROR_DATA_OBJECT_NOT_FOUND); + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static struct sc_card_driver * +sc_get_driver(void) +{ + struct sc_card_driver *iso_drv = sc_get_iso7816_driver(); + + if (!iso_ops) + iso_ops = iso_drv->ops; + + iasecc_ops = *iso_ops; + + iasecc_ops.match_card = iasecc_match_card; + iasecc_ops.init = iasecc_init; + iasecc_ops.finish = iasecc_finish; + iasecc_ops.read_binary = iasecc_read_binary; + /* write_binary: ISO7816 implementation works */ + /* update_binary: ISO7816 implementation works */ + iasecc_ops.erase_binary = iasecc_erase_binary; + /* resize_binary */ + /* read_record: Untested */ + /* write_record: Untested */ + /* append_record: Untested */ + /* update_record: Untested */ + iasecc_ops.select_file = iasecc_select_file; + /* get_response: Untested */ + /* get_challenge: ISO7816 implementation works */ + iasecc_ops.logout = iasecc_logout; + /* restore_security_env */ + iasecc_ops.set_security_env = iasecc_set_security_env; + iasecc_ops.decipher = iasecc_decipher; + iasecc_ops.compute_signature = iasecc_compute_signature; + iasecc_ops.create_file = iasecc_create_file; + iasecc_ops.delete_file = iasecc_delete_file; + /* list_files */ + iasecc_ops.check_sw = iasecc_check_sw; + iasecc_ops.card_ctl = iasecc_card_ctl; + iasecc_ops.process_fci = iasecc_process_fci; + /* construct_fci: Not needed */ + iasecc_ops.pin_cmd = iasecc_pin_cmd; + /* get_data: Not implemented */ + /* put_data: Not implemented */ + /* delete_record: Not implemented */ + + /* iasecc_ops.read_public_key = iasecc_read_public_key */ + + return &iasecc_drv; +} + +struct sc_card_driver * +sc_get_iasecc_driver(void) +{ + return sc_get_driver(); +} + +#endif /* ENABLE_OPENSSL */ diff -Nru opensc-0.11.13/src/libopensc/card-incrypto34.c opensc-0.12.1/src/libopensc/card-incrypto34.c --- opensc-0.11.13/src/libopensc/card-incrypto34.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/card-incrypto34.c 2011-05-17 17:07:00.000000000 +0000 @@ -21,11 +21,14 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" -#include "cardctl.h" +#include "config.h" + #include #include +#include "internal.h" +#include "cardctl.h" + /* andreas says: hm, my card only works for small payloads */ /* comment by okir: one of the examples in the developer guide * also talks about copying data in chunks of 128. @@ -43,17 +46,10 @@ }; static struct sc_atr_table incrypto34_atrs[] = { - /* Italian CNS (similar to a eID) card*/ - { "3b:ff:18:00:ff:81:31:fe:55:00:6b:02:09:02:00:01:01:01:43:4e:53:10:31:80:9f", NULL, NULL, SC_CARD_TYPE_INCRYPTO34_GENERIC, 0, NULL }, { "3b:ff:18:00:ff:81:31:fe:55:00:6b:02:09:02:00:01:01:01:44:53:44:10:31:80:92", NULL, NULL, SC_CARD_TYPE_INCRYPTO34_GENERIC, 0, NULL }, { NULL, NULL, NULL, 0, 0, NULL } }; -static int incrypto34_finish(struct sc_card *card) -{ - return 0; -} - static int incrypto34_match_card(struct sc_card *card) { int i; @@ -141,9 +137,9 @@ { 0x6f00, SC_ERROR_CARD_CMD_FAILED, "technical error (see incrypto34 developers guide)"}, /* no error, maybe a note */ -{ 0x9000, SC_NO_ERROR, NULL}, -{ 0x9001, SC_NO_ERROR, "success, but eeprom weakness detected"}, -{ 0x9850, SC_NO_ERROR, "over/underflow useing in/decrease"} +{ 0x9000, SC_SUCCESS, NULL}, +{ 0x9001, SC_SUCCESS, "success, but eeprom weakness detected"}, +{ 0x9850, SC_SUCCESS, "over/underflow useing in/decrease"} }; static int incrypto34_check_sw(sc_card_t *card, unsigned int sw1, unsigned int sw2) @@ -154,13 +150,13 @@ for (i = 0; i < err_count; i++) { if (incrypto34_errors[i].SWs == ((sw1 << 8) | sw2)) { if ( incrypto34_errors[i].errorstr ) - sc_error(card->ctx, "%s\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "%s\n", incrypto34_errors[i].errorstr); return incrypto34_errors[i].errorno; } } - sc_error(card->ctx, "Unknown SWs; SW1=%02X, SW2=%02X\n", sw1, sw2); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unknown SWs; SW1=%02X, SW2=%02X\n", sw1, sw2); return SC_ERROR_CARD_CMD_FAILED; } @@ -172,7 +168,7 @@ size_t fids; u8 offset; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); fids=0; offset=0; @@ -193,12 +189,12 @@ apdu.resp = rbuf; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 == 0x6a && apdu.sw2 == 0x82) goto end; /* no more files */ r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "DIRECTORY command returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "DIRECTORY command returned error"); if (apdu.resplen >= 3 && ((rbuf[0] >= 0x01 && rbuf[0] <= 0x07) || 0x38 == rbuf[0]) @@ -214,7 +210,7 @@ end: r = fids; - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } static void add_acl_entry(sc_file_t *file, int op, u8 byte) @@ -309,11 +305,11 @@ { int r; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); r = iso_ops->select_file(card, in_path, file); if (r >= 0 && file) parse_sec_attr((*file), (*file)->sec_attr, (*file)->sec_attr_len); - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } static int incrypto34_create_file(sc_card_t *card, sc_file_t *file) @@ -321,19 +317,16 @@ int r, i, byte; const int *idx; u8 acl[9], type[3], status[3]; + char pbuf[128+1]; + size_t n; - if (card->ctx->debug >= 1) { - char pbuf[128+1]; - size_t n; - - for (n = 0; n < file->path.len; n++) { - snprintf(pbuf + 2 * n, sizeof(pbuf) - 2 * n, - "%02X", file->path.value[n]); - } - - sc_debug(card->ctx, "incrypto34_create_file(%s)\n", pbuf); + for (n = 0; n < file->path.len; n++) { + snprintf(pbuf + 2 * n, sizeof(pbuf) - 2 * n, + "%02X", file->path.value[n]); } + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "incrypto34_create_file(%s)\n", pbuf); + if (file->type_attr_len == 0) { memset(type, 0, sizeof(type)); type[0] = 0x00; @@ -392,7 +385,7 @@ byte = acl_to_byte( sc_file_get_acl_entry(file, idx[i])); if (byte < 0) { - sc_error(card->ctx, "Invalid ACL\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Invalid ACL\n"); r = SC_ERROR_INVALID_ARGUMENTS; goto out; } @@ -407,7 +400,7 @@ /* FIXME: if this is a DF and there's an AID, set it here * using PUT_DATA_FCI */ -out: SC_FUNC_RETURN(card->ctx, 1, r); +out: SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } /* @@ -418,17 +411,17 @@ sc_apdu_t apdu; int r; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x22, 0xF3, se_num); r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } /* @@ -452,13 +445,13 @@ if (!(env->flags & SC_SEC_ENV_KEY_REF_PRESENT) || env->key_ref_len != 1) { - sc_error(card->ctx, "No or invalid key reference\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "No or invalid key reference\n"); return SC_ERROR_INVALID_ARGUMENTS; } key_id = env->key_ref[0]; r = incrypto34_restore_security_env(card, 1); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x22, 0xF1, 0); switch (env->operation) { @@ -479,12 +472,12 @@ apdu.data = data; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } /* @@ -516,15 +509,14 @@ apdu.data = sbuf; apdu.lc = datalen; apdu.datalen = datalen; - apdu.sensitive = 1; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00) { memcpy(out, rbuf, outlen); - SC_FUNC_RETURN(card->ctx, 4, apdu.resplen); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, apdu.resplen); } - SC_FUNC_RETURN(card->ctx, 4, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); } static int @@ -538,12 +530,12 @@ assert(card != NULL && data != NULL && out != NULL); ctx = card->ctx; - SC_FUNC_CALLED(ctx, 1); + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); if (datalen > 255) - SC_FUNC_RETURN(card->ctx, 4, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); if (outlen < datalen) - SC_FUNC_RETURN(card->ctx, 4, SC_ERROR_BUFFER_TOO_SMALL); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_BUFFER_TOO_SMALL); outlen = datalen; /* XXX As we don't know what operations are allowed with a @@ -551,15 +543,13 @@ * succeeds (this is not really beautiful, but currently the * only way I see) -- Nils */ - if (ctx->debug >= 3) - sc_debug(ctx, "trying RSA_PURE_SIG (padded DigestInfo)\n"); - sc_ctx_suppress_errors_on(ctx); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + "trying RSA_PURE_SIG (padded DigestInfo)\n"); r = do_compute_signature(card, data, datalen, out, outlen); - sc_ctx_suppress_errors_off(ctx); if (r >= SC_SUCCESS) - SC_FUNC_RETURN(ctx, 4, r); - if (ctx->debug >= 3) - sc_debug(ctx, "trying RSA_SIG (just the DigestInfo)\n"); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + "trying RSA_SIG (just the DigestInfo)\n"); /* remove padding: first try pkcs1 bt01 padding */ r = sc_pkcs1_strip_01_padding(data, datalen, buf, &tmp_len); if (r != SC_SUCCESS) { @@ -574,16 +564,14 @@ } memcpy(buf, p, tmp_len); } - sc_ctx_suppress_errors_on(ctx); r = do_compute_signature(card, buf, tmp_len, out, outlen); - sc_ctx_suppress_errors_off(ctx); if (r >= SC_SUCCESS) - SC_FUNC_RETURN(ctx, 4, r); - if (ctx->debug >= 3) - sc_debug(ctx, "trying to sign raw hash value\n"); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + "trying to sign raw hash value\n"); r = sc_pkcs1_strip_digest_info_prefix(NULL,buf,tmp_len,buf,&buf_len); if (r != SC_SUCCESS) - SC_FUNC_RETURN(ctx, 4, r); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); return do_compute_signature(card, buf, buf_len, out, outlen); } @@ -594,7 +582,7 @@ u8 rbuf[SC_MAX_APDU_BUFFER_SIZE]; int r; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xca, 01, 0x83); apdu.cla = 0x00; @@ -603,13 +591,13 @@ apdu.resp = rbuf; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); if (apdu.resplen < 1) { - SC_TEST_RET(card->ctx, r, "Lifecycle byte not in response"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Lifecycle byte not in response"); } r = SC_SUCCESS; @@ -624,51 +612,13 @@ *mode = SC_CARDCTRL_LIFECYCLE_OTHER; break; default: - sc_error(card->ctx, "Unknown lifecycle byte %d", rbuf[0]); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unknown lifecycle byte %d", rbuf[0]); r = SC_ERROR_INTERNAL; } - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } -#if 0 -static int -incrypto34_lifecycle_set(sc_card_t *card, int *mode) -{ - sc_apdu_t apdu; - int r; - - int current; - int target; - - SC_FUNC_CALLED(card->ctx, 1); - - target = *mode; - - r = incrypto34_lifecycle_get(card, ¤t); - - if (r != SC_SUCCESS) - return r; - - if (current == target || current == SC_CARDCTRL_LIFECYCLE_OTHER) - return SC_SUCCESS; - - sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x10, 0, 0); - apdu.cla = 0x80; - apdu.le = 0; - apdu.resplen = 0; - apdu.resp = NULL; - - r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); - - r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); - - SC_FUNC_RETURN(card->ctx, 1, r); -} -#endif - static int incrypto34_put_data_oci(sc_card_t *card, struct sc_cardctl_incrypto34_obj_info *args) @@ -676,7 +626,7 @@ sc_apdu_t apdu; int r; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); memset(&apdu, 0, sizeof(apdu)); apdu.cse = SC_APDU_CASE_3_SHORT; @@ -689,12 +639,12 @@ apdu.datalen = args->len; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } static int @@ -715,10 +665,10 @@ apdu.datalen = args->len; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); return r; } @@ -741,10 +691,10 @@ apdu.datalen = args->len; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); return r; } @@ -777,9 +727,9 @@ apdu.datalen = apdu.lc = sizeof(data); r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "GENERATE_KEY failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "GENERATE_KEY failed"); return r; } @@ -813,10 +763,10 @@ apdu.cla = 0xb0; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error Erasing Filesystem"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error Erasing Filesystem"); /* Creating ATR file*/ sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xe0, 0, 0); @@ -824,10 +774,10 @@ apdu.datalen = apdu.lc = sizeof(pCreateAtrFile); r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error Creating ATR file"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error Creating ATR file"); /* Filling ATR file*/ sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xd6, 0, 0); @@ -835,10 +785,10 @@ apdu.datalen = apdu.lc = sizeof(pWriteAtr); r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error Filling ATR file"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error Filling ATR file"); /* Creating DIR-ADO file*/ sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xe0, 0, 0); @@ -846,10 +796,10 @@ apdu.datalen = apdu.lc = sizeof(pCreateEF_DIR_ADOFile); r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error Creating DIR-ADO file"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error Creating DIR-ADO file"); return r; @@ -914,7 +864,6 @@ incrypto34_ops = *iso_ops; incrypto34_ops.match_card = incrypto34_match_card; incrypto34_ops.init = incrypto34_init; - incrypto34_ops.finish = incrypto34_finish; incrypto34_ops.select_file = incrypto34_select_file; incrypto34_ops.create_file = incrypto34_create_file; incrypto34_ops.set_security_env = incrypto34_set_security_env; diff -Nru opensc-0.11.13/src/libopensc/card-itacns.c opensc-0.12.1/src/libopensc/card-itacns.c --- opensc-0.11.13/src/libopensc/card-itacns.c 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/libopensc/card-itacns.c 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,503 @@ +/* + * card-itacns.c: Support for Italian CNS + * + * Copyright (C) 2008-2010 Emanuele Pucciarelli + * Copyright (C) 2005 ST Incard srl, Giuseppe Amato , + * Copyright (C) 2002 Andreas Jellinghaus + * Copyright (C) 2001 Juha Yrjölä + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +/* + * Specifications for the development of this driver come from: + * http://www.cnipa.gov.it/html/docs/CNS%20Functional%20Specification%201.1.5_11012010.pdf + */ + +#include "internal.h" +#include "cardctl.h" +#include "itacns.h" +#include +#include +#include + +#define ITACNS_MAX_PAYLOAD 0xff + +static const struct sc_card_operations *default_ops = NULL; + +static struct sc_card_operations itacns_ops; +static struct sc_card_driver itacns_drv = { + "Italian CNS", + "itacns", + &itacns_ops, + NULL, 0, NULL +}; + +/* + * Card matching + */ + + +/* List of ATR's for "hard" matching. */ +static struct sc_atr_table itacns_atrs[] = { + { "3b:f4:18:00:ff:81:31:80:55:00:31:80:00:c7", NULL, NULL, + SC_CARD_TYPE_ITACNS_CIE_V1, 0, NULL}, + { NULL, NULL, NULL, 0, 0, NULL} +}; + +/* Output debug info */ +#define matchdebug(idx, c) do { \ + sc_debug(ctx, SC_LOG_DEBUG_VERBOSE, \ + "Matching %x against atr[%d] == %x", c, idx, atr[idx]); \ + } while(0); + +/* Check that we are not looking at values beyond the ATR's length. + * If we are, then the card does not match. */ +#define itacns_atr_l(idx) do {if (idx >= card->atr.len) return 0;} while(0); + +/* Match byte exactly and increment index. */ +#define itacns_atr_match(idx, c) do { \ + itacns_atr_l(idx); \ + matchdebug(idx, c); \ + if (((u8)atr[idx]) != c) return 0; \ + idx++; \ + } while(0); + +/* Match masked bits and increment index. */ +#define itacns_atr_mmatch(idx, c, mask) do { \ + itacns_atr_l(idx); \ + if ((((u8)atr[idx]) & mask) != c) return 0; \ + idx ++; \ + } while(0); + +/* Macro to access private driver data. */ +#define DRVDATA(card) ((itacns_drv_data_t *) card->drv_data) + + +static int itacns_match_cns_card(sc_card_t *card, unsigned int i) +{ + unsigned char *atr = card->atr.value; + sc_context_t *ctx; + ctx = card->ctx; + + + itacns_atr_match(i, 0x01); /* H7 */ + i += 2; /* H8, H9 */ + itacns_atr_match(i, 'C'); /* H10 */ + itacns_atr_match(i, 'N'); /* H11 */ + itacns_atr_match(i, 'S'); /* H12 */ + + /* H13 */ + /* Version byte: h.l, h in the high nibble, l in the low nibble. */ + if(card->driver) { + DRVDATA(card)->cns_version = atr[i]; + } + /* Warn if the version is not 1.0. */ + if(atr[i] != 0x10) { + char version[8]; + snprintf(version, sizeof(version), "%d.%d", (atr[i] >> 4) & 0x0f, atr[i] & 0x0f); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "CNS card version %s; no official specifications " + "are published. Proceeding anyway.\n", version); + } + i++; + + itacns_atr_match(i, 0x31); /* H14 */ + itacns_atr_match(i, 0x80); /* H15 */ + + card->type = SC_CARD_TYPE_ITACNS_CNS; + + return 1; +} + +static int itacns_match_cie_card(sc_card_t *card, unsigned int i) +{ + unsigned char *atr = card->atr.value; + sc_context_t *ctx; + ctx = card->ctx; + + itacns_atr_match(i, 0x02); /* H7 */ + itacns_atr_match(i, 'I'); /* H8 */ + itacns_atr_match(i, 'T'); /* H9 */ + itacns_atr_match(i, 'I'); /* H10 */ + itacns_atr_match(i, 'D'); /* H11 */ + itacns_atr_match(i, 0x20); /* H12 */ + itacns_atr_match(i, 0x20); /* H13 */ + itacns_atr_match(i, 0x31); /* H14 */ + itacns_atr_match(i, 0x80); /* H15 */ + + card->type = SC_CARD_TYPE_ITACNS_CIE_V2; + + return 1; +} + +static int itacns_match_card(sc_card_t *card) +{ + unsigned int i = 0; + int r; + unsigned char *atr = card->atr.value; + int td1_idx; + sc_context_t *ctx; + ctx = card->ctx; + + /* Try table first */ + r = _sc_match_atr(card, itacns_atrs, &card->type); + if(r >= 0) return 1; + + /* The ATR was not recognized; try to match it + according to the official specs. */ + + /* Check ATR up to byte H6 */ + itacns_atr_match(i, 0x3b); /* TS */ + itacns_atr_mmatch(i, 0x8f, 0x8f); /* T0 */ + /* TA1, TB1, TC1 */ + if(atr[1] & 0x40) i++; + if(atr[1] & 0x20) i++; + if(atr[1] & 0x10) i++; + /* TD1 */ + td1_idx = i; + itacns_atr_mmatch(i, 0x81, 0x8f); + /* TA2, TB2, TC2 */ + if(atr[td1_idx] & 0x40) i++; + if(atr[td1_idx] & 0x20) i++; + if(atr[td1_idx] & 0x10) i++; + /* TD2 */ + itacns_atr_match(i, 0x31); + i += 2; /* TA3, TB3 */ + itacns_atr_match(i, 0x00); /* H1 */ + itacns_atr_match(i, 0x6b); /* H2 */ + /* Store interesting data */ + if(card->driver) { + DRVDATA(card)->ic_manufacturer_code = card->atr.value[i]; + DRVDATA(card)->mask_manufacturer_code = card->atr.value[i+1]; + DRVDATA(card)->os_version_h = card->atr.value[i+2]; + DRVDATA(card)->os_version_l = card->atr.value[i+3]; + } + i += 4; /* H3, H4, H5, H6 */ + + /* Check final part. */ + if (itacns_match_cns_card(card, i)) return 1; + if (itacns_match_cie_card(card, i)) return 1; + + /* No card type was matched. */ + return 0; +} + +/* + * Initialization and termination + */ + +static int itacns_init(sc_card_t *card) +{ + unsigned long flags; + + SC_FUNC_CALLED(card->ctx, 1); + + card->name = "CNS card"; + card->cla = 0x00; + + card->drv_data = calloc(1, sizeof(itacns_drv_data_t)); + + /* Match ATR again to find the card data. */ + itacns_match_card(card); + + /* Set up algorithm info. */ + flags = SC_ALGORITHM_NEED_USAGE + | SC_ALGORITHM_RSA_RAW + | SC_ALGORITHM_RSA_HASHES + ; + _sc_card_add_rsa_alg(card, 1024, flags, 0); + + return 0; +} + +static int itacns_finish(struct sc_card *card) +{ + if(card->drv_data) { + free(card->drv_data); + } + return 0; +} + + + +/* + * Restore the indicated SE + */ +static int itacns_restore_security_env(sc_card_t *card, int se_num) +{ + sc_apdu_t apdu; + int r; + u8 rbuf[SC_MAX_APDU_BUFFER_SIZE]; + + SC_FUNC_CALLED(card->ctx, 1); + + /* + * The Italian CNS requires a 0-valued Lc byte at the end of the APDU + * (see paragraph 13.14 of the Functional Specification), but since + * it is invalid, we "cheat" and pretend it's a Le byte. + * + * For this workaround, we must allocate and supply a response buffer, + * even though we know it will not be used (we don't even check it). + */ + + sc_format_apdu(card, &apdu, SC_APDU_CASE_2, 0x22, 0xF3, se_num); + apdu.resp = rbuf; + apdu.resplen = sizeof(rbuf); + apdu.le = 0; + + r = sc_transmit_apdu(card, &apdu); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); + + r = sc_check_sw(card, apdu.sw1, apdu.sw2); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); + + SC_FUNC_RETURN(card->ctx, 1, r); +} + +/* + * Set the security context + * Things get a little messy here. It seems you cannot do any + * crypto without a security environment - but there isn't really + * a way to specify the security environment in PKCS15. + * What I'm doing here (for now) is to assume that for a key + * object with ID 0xNN there is always a corresponding SE object + * with the same ID. + * XXX Need to find out how the Aladdin drivers do it. + */ +static int itacns_set_security_env(sc_card_t *card, + const sc_security_env_t *env, int se_num) +{ + sc_apdu_t apdu; + u8 data[3]; + int key_id, r; + + /* Do not complain about se_num; the argument is part of the API. */ + (void) se_num; + + assert(card != NULL && env != NULL); + + if (!(env->flags & SC_SEC_ENV_KEY_REF_PRESENT) + || env->key_ref_len != 1) { + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "No or invalid key reference\n"); + return SC_ERROR_INVALID_ARGUMENTS; + } + key_id = env->key_ref[0]; + + /* CIE v1 cards need to restore security environment 0x30; all the others + so far want 0x03. */ + r = itacns_restore_security_env(card, + (card->type == SC_CARD_TYPE_ITACNS_CIE_V1 ? 0x30 : 0x03)); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); + + sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x22, 0xF1, 0); + switch (env->operation) { + case SC_SEC_OPERATION_DECIPHER: + apdu.p2 = 0xB8; + break; + case SC_SEC_OPERATION_SIGN: + apdu.p2 = 0xB6; + break; + case SC_SEC_OPERATION_AUTHENTICATE: + apdu.p2 = 0xA4; + break; + default: + return SC_ERROR_INVALID_ARGUMENTS; + } + + sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, + "Setting sec env for key_id=%d\n", key_id); + + data[0] = 0x83; + data[1] = 0x01; + data[2] = key_id; + apdu.lc = apdu.datalen = 3; + apdu.data = data; + + r = sc_transmit_apdu(card, &apdu); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); + + r = sc_check_sw(card, apdu.sw1, apdu.sw2); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); + + SC_FUNC_RETURN(card->ctx, 1, r); +} + +/* + * The 0x80 thing tells the card it's okay to search parent + * directories as well for the referenced object. + * This is necessary for some Italian CNS cards, and to be avoided + * for others. Right now it seems that it is only needed with + * cards by STIncard. + */ +static int +itacns_pin_cmd(sc_card_t *card, struct sc_pin_cmd_data *data, + int *tries_left) +{ + data->flags |= SC_PIN_CMD_NEED_PADDING; + /* Enable backtracking for STIncard cards. */ + if(DRVDATA(card)->mask_manufacturer_code == ITACNS_MASKMAN_STINCARD) { + data->pin_reference |= 0x80; + } + + /* FIXME: the following values depend on what pin length was + * used when creating the BS objects */ + if (data->pin1.max_length == 0) + data->pin1.max_length = 8; + if (data->pin2.max_length == 0) + data->pin2.max_length = 8; + return default_ops->pin_cmd(card, data, tries_left); +} + +static int itacns_read_binary(sc_card_t *card, + unsigned int idx, u8 *buf, size_t count, + unsigned long flags) +{ + size_t already_read = 0; + int requested; + int r; + while(1) { + requested = count - already_read; + if(requested > ITACNS_MAX_PAYLOAD) + requested = ITACNS_MAX_PAYLOAD; + r = default_ops->read_binary(card, idx+already_read, + &buf[already_read], requested, flags); + if(r < 0) return r; + already_read += r; + if (r == 0 || r < requested || already_read == count) { + /* We have finished */ + return already_read; + } + } +} + +static int itacns_list_files(sc_card_t *card, u8 *buf, size_t buflen) { + struct sc_card_operations *list_ops; + + if (DRVDATA(card) && (DRVDATA(card)->mask_manufacturer_code + == ITACNS_MASKMAN_SIEMENS)) { + list_ops = sc_get_cardos_driver()->ops; + } else { + list_ops = sc_get_incrypto34_driver()->ops; + } + return list_ops->list_files(card, buf, buflen); +} + +static void add_acl_entry(sc_file_t *file, int op, u8 byte) +{ + unsigned int method, key_ref = SC_AC_KEY_REF_NONE; + + switch (byte) { + case 0x00: + method = SC_AC_NONE; + break; + case 0xFF: + case 0x66: + method = SC_AC_NEVER; + break; + default: + if (byte > 0x1F) { + method = SC_AC_UNKNOWN; + } else { + method = SC_AC_CHV; + key_ref = byte; + } + break; + } + sc_file_add_acl_entry(file, op, method, key_ref); +} + +static const int df_acl[9] = { + -1, /* LCYCLE (life cycle change) */ + SC_AC_OP_UPDATE, /* UPDATE Objects */ + SC_AC_OP_WRITE, /* APPEND Objects */ + + SC_AC_OP_INVALIDATE, /* DF */ + SC_AC_OP_REHABILITATE, /* DF */ + SC_AC_OP_DELETE, /* DF */ + + SC_AC_OP_WRITE, /* ADMIN DF */ + SC_AC_OP_CREATE, /* Files */ + -1 /* Reserved */ +}; +static const int ef_acl[9] = { + SC_AC_OP_READ, /* Data */ + SC_AC_OP_UPDATE, /* Data (write file content) */ + SC_AC_OP_WRITE, /* */ + + SC_AC_OP_INVALIDATE, /* EF */ + SC_AC_OP_REHABILITATE, /* EF */ + SC_AC_OP_ERASE, /* (delete) EF */ + + /* XXX: ADMIN should be an ACL type of its own, or mapped + * to erase */ + SC_AC_OP_ERASE, /* ADMIN EF (modify meta information?) */ + -1, /* INC (-> cylic fixed files) */ + -1 /* DEC */ +}; + +static void parse_sec_attr(sc_file_t *file, const u8 *buf, size_t len) +{ + size_t i; + const int *idx; + + idx = (file->type == SC_FILE_TYPE_DF) ? df_acl : ef_acl; + + /* acl defaults to 0xFF if unspecified */ + for (i = 0; i < 9; i++) { + if (idx[i] != -1) { + add_acl_entry(file, idx[i], + (u8)((i < len) ? buf[i] : 0xFF)); + } + } +} + +static int itacns_select_file(sc_card_t *card, + const sc_path_t *in_path, + sc_file_t **file) +{ + int r; + + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + r = default_ops->select_file(card, in_path, file); + if (r >= 0 && file) { + parse_sec_attr((*file), (*file)->sec_attr, + (*file)->sec_attr_len); + } + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); +} + + +static struct sc_card_driver * sc_get_driver(void) +{ + if (!default_ops) + default_ops = sc_get_iso7816_driver()->ops; + itacns_ops = *default_ops; + itacns_ops.match_card = itacns_match_card; + itacns_ops.init = itacns_init; + itacns_ops.finish = itacns_finish; + itacns_ops.set_security_env = itacns_set_security_env; + itacns_ops.restore_security_env = itacns_restore_security_env; + itacns_ops.pin_cmd = itacns_pin_cmd; + itacns_ops.read_binary = itacns_read_binary; + itacns_ops.list_files = itacns_list_files; + itacns_ops.select_file = itacns_select_file; + return &itacns_drv; +} + +struct sc_card_driver * sc_get_itacns_driver(void) +{ + return sc_get_driver(); +} diff -Nru opensc-0.11.13/src/libopensc/card-javacard.c opensc-0.12.1/src/libopensc/card-javacard.c --- opensc-0.11.13/src/libopensc/card-javacard.c 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/libopensc/card-javacard.c 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,74 @@ +/* + * card-javacard.c: Recognize known blank JavaCards + * + * Copyright (C) 2010 Martin Paljak + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#include "internal.h" + +static struct sc_atr_table javacard_atrs[] = { + {"3b:db:18:00:80:b1:fe:45:1f:83:00:31:c0:64:c7:fc:10:00:01:90:00:fa", NULL, "Cosmo v7 64K dual/128K", SC_CARD_TYPE_JAVACARD, 0, NULL}, + {"3b:75:94:00:00:62:02:02:02:01", NULL, "Cyberflex 32K", SC_CARD_TYPE_JAVACARD, 0, NULL}, + {"3b:95:95:40:ff:ae:01:03:00:00", NULL, "Cyberflex v2 64K", SC_CARD_TYPE_JAVACARD, 0, NULL}, + {NULL, NULL, NULL, 0, 0, NULL} +}; + +static struct sc_card_operations javacard_ops; +static struct sc_card_driver javacard_drv = { + "JavaCard (without supported applet)", + "javacard", + &javacard_ops, + NULL, 0, NULL +}; + +static int javacard_finish(sc_card_t * card) +{ + return SC_SUCCESS; +} + +static int javacard_match_card(sc_card_t * card) +{ + if (_sc_match_atr(card, javacard_atrs, &card->type) < 0) + return 0; + return 1; +} + +static int javacard_init(sc_card_t * card) +{ + card->drv_data = NULL; + + return SC_SUCCESS; +} + + +static struct sc_card_driver *sc_get_driver(void) +{ + struct sc_card_driver *iso_drv = sc_get_iso7816_driver(); + + javacard_ops = *iso_drv->ops; + javacard_ops.match_card = javacard_match_card; + javacard_ops.select_file = NULL; + javacard_ops.init = javacard_init; + javacard_ops.finish = javacard_finish; + + return &javacard_drv; +} + +struct sc_card_driver *sc_get_javacard_driver(void) +{ + return sc_get_driver(); +} diff -Nru opensc-0.11.13/src/libopensc/card-jcop.c opensc-0.12.1/src/libopensc/card-jcop.c --- opensc-0.11.13/src/libopensc/card-jcop.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/card-jcop.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,17 +18,16 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" -#include "cardctl.h" +#include "config.h" + #include #include +#include "internal.h" +#include "cardctl.h" + static struct sc_atr_table jcop_atrs[] = { { "3B:E6:00:FF:81:31:FE:45:4A:43:4F:50:33:31:06", NULL, NULL, SC_CARD_TYPE_JCOP_GENERIC, 0, NULL }, -#if 0 - /* Requires secure messaging */ - { "3B:E6:00:FF:81:31:FE:45:4A:43:4F:50:32:31:06", NULL, NULL, SC_CARD_TYPE_JCOP_GENERIC, 0, NULL }, -#endif { NULL, NULL, NULL, 0, 0, NULL } }; @@ -98,7 +97,7 @@ sc_file_t *f; int flags; - drvdata=(struct jcop_private_data *) malloc(sizeof(struct jcop_private_data)); + drvdata=malloc(sizeof(struct jcop_private_data)); if (!drvdata) return SC_ERROR_OUT_OF_MEMORY; memset(drvdata, 0, sizeof(struct jcop_private_data)); @@ -328,9 +327,7 @@ if (idx + count > 128) { count=128-idx; } - sc_ctx_suppress_errors_on(card->ctx); r = iso_ops->select_file(card, &drvdata->aid, &tfile); - sc_ctx_suppress_errors_off(card->ctx); if (r < 0) { /* no pkcs15 app, so return empty DIR. */ memset(buf, 0, count); } else { @@ -356,9 +353,7 @@ if (buflen < 4) return 2; /* AppDF only exists if applet is selectable */ - sc_ctx_suppress_errors_on(card->ctx); r = iso_ops->select_file(card, &drvdata->aid, &tfile); - sc_ctx_suppress_errors_off(card->ctx); if (r < 0) { return 2; } else { @@ -473,7 +468,7 @@ u8 *filelist; nfiles=file->prop_attr[4]; if (nfiles) { - filelist=(u8 *) malloc(2*nfiles); + filelist=malloc(2*nfiles); if (!filelist) return SC_ERROR_OUT_OF_MEMORY; memcpy(filelist, &file->prop_attr[5], 2*nfiles); @@ -557,25 +552,6 @@ return r; } -/* no record oriented file services */ -static int jcop_read_record_unsupp(sc_card_t *card, - unsigned int rec_nr, u8 *buf, - size_t count, unsigned long flags) { - return SC_ERROR_NOT_SUPPORTED; -} - -static int jcop_wrupd_record_unsupp(sc_card_t *card, - unsigned int rec_nr, const u8 *buf, - size_t count, unsigned long flags) { - return SC_ERROR_NOT_SUPPORTED; -} - -static int jcop_append_record_unsupp(sc_card_t *card, - const u8 *buf, size_t count, - unsigned long flags) { - return SC_ERROR_NOT_SUPPORTED; -} - /* We need to trap these functions so that proper errors can be returned when one of the virtual files is selected */ @@ -636,7 +612,7 @@ assert(card != NULL && env != NULL); if (se_num) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS); if (drvdata->selected == SELECT_MF || drvdata->selected == SELECT_EFDIR) { drvdata->invalid_senv=1; @@ -650,11 +626,11 @@ tmp.flags &= ~SC_SEC_ENV_ALG_PRESENT; tmp.flags |= SC_SEC_ENV_ALG_REF_PRESENT; if (tmp.algorithm != SC_ALGORITHM_RSA) { - sc_error(card->ctx, "Only RSA algorithm supported.\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Only RSA algorithm supported.\n"); return SC_ERROR_NOT_SUPPORTED; } if (!(env->algorithm_flags & SC_ALGORITHM_RSA_PAD_PKCS1)){ - sc_error(card->ctx, "Card requires RSA padding\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Card requires RSA padding\n"); return SC_ERROR_NOT_SUPPORTED; } tmp.algorithm_ref = 0x02; @@ -706,12 +682,14 @@ apdu.resplen = 0; r = sc_transmit_apdu(card, &apdu); if (r) { - sc_perror(card->ctx, r, "APDU transmit failed"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "%s: APDU transmit failed", sc_strerror(r)); return r; } r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (r) { - sc_perror(card->ctx, r, "Card returned error"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "%s: Card returned error", sc_strerror(r)); return r; } drvdata->invalid_senv=0; @@ -730,7 +708,7 @@ assert(card != NULL && data != NULL && out != NULL); if (datalen > 256) - SC_FUNC_RETURN(card->ctx, 4, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); if (drvdata->invalid_senv) return sc_check_sw(card, 0x69, 0x88); @@ -755,16 +733,15 @@ } apdu.data = sbuf; - apdu.sensitive = 1; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00) { int len = apdu.resplen > outlen ? outlen : apdu.resplen; memcpy(out, apdu.resp, len); - SC_FUNC_RETURN(card->ctx, 4, len); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, len); } - SC_FUNC_RETURN(card->ctx, 4, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); } @@ -780,9 +757,9 @@ struct jcop_private_data *drvdata=DRVDATA(card); assert(card != NULL && crgram != NULL && out != NULL); - SC_FUNC_CALLED(card->ctx, 2); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); if (crgram_len > 256) - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); if (drvdata->invalid_senv) return sc_check_sw(card, 0x69, 0x88); @@ -793,7 +770,6 @@ apdu.resp = rbuf; apdu.resplen = sizeof(rbuf); /* FIXME */ apdu.le = crgram_len; - apdu.sensitive = 1; if (crgram_len == 256) { apdu.p2 = crgram[0]; @@ -809,14 +785,14 @@ apdu.data = sbuf; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00) { int len = apdu.resplen > outlen ? outlen : apdu.resplen; memcpy(out, apdu.resp, len); - SC_FUNC_RETURN(card->ctx, 2, len); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, len); } - SC_FUNC_RETURN(card->ctx, 2, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); } static int jcop_generate_key(sc_card_t *card, struct sc_cardctl_jcop_genkey *a) { @@ -837,7 +813,8 @@ if (a->exponent == 0x10001) { is_f4=1; } else if (a->exponent != 3) { - sc_perror(card->ctx, SC_ERROR_NOT_SUPPORTED, "Invalid exponent"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "%s: Invalid exponent", sc_strerror(SC_ERROR_NOT_SUPPORTED)); return SC_ERROR_NOT_SUPPORTED; } @@ -866,12 +843,14 @@ apdu.resplen = 0; r = sc_transmit_apdu(card, &apdu); if (r) { - sc_perror(card->ctx, r, "APDU transmit failed"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "%s: APDU transmit failed", sc_strerror(r)); return r; } r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (r) { - sc_perror(card->ctx, r, "Card returned error"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "%s: Card returned error", sc_strerror(r)); return r; } @@ -883,12 +862,14 @@ r = sc_transmit_apdu(card, &apdu); if (r) { - sc_perror(card->ctx, r, "APDU transmit failed"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "%s: APDU transmit failed", sc_strerror(r)); return r; } r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (r) { - sc_perror(card->ctx, r, "Card returned error"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "%s: Card returned error", sc_strerror(r)); return r; } @@ -910,9 +891,6 @@ case SC_CARDCTL_GET_DEFAULT_KEY: return jcop_get_default_key(card, (struct sc_cardctl_default_key *) ptr); - case SC_CARDCTL_JCOP_LOCK: - /* XXX implement me */ - return SC_ERROR_NOT_SUPPORTED; case SC_CARDCTL_JCOP_GENERATE_KEY: return jcop_generate_key(card, (struct sc_cardctl_jcop_genkey *) ptr); @@ -921,12 +899,6 @@ return SC_ERROR_NOT_SUPPORTED; } -/* "The PINs are "global" in a PKCS#15 sense, meaning that they remain valid - * until card reset! Selecting another applet doesn't invalidate the PINs, - * you need to reset the card." - javacard@zurich.ibm.com, when asked about - * how to invalidate logged in pins. - */ - static struct sc_card_driver * sc_get_driver(void) { struct sc_card_driver *iso_drv = sc_get_iso7816_driver(); @@ -935,11 +907,12 @@ jcop_ops.match_card = jcop_match_card; jcop_ops.init = jcop_init; jcop_ops.finish = jcop_finish; + /* no record oriented file services */ + jcop_ops.read_record = NULL; + jcop_ops.write_record = NULL; + jcop_ops.append_record = NULL; + jcop_ops.update_record = NULL; jcop_ops.read_binary = jcop_read_binary; - jcop_ops.read_record = jcop_read_record_unsupp; - jcop_ops.write_record = jcop_wrupd_record_unsupp; - jcop_ops.append_record = jcop_append_record_unsupp; - jcop_ops.update_record = jcop_wrupd_record_unsupp; jcop_ops.write_binary = jcop_write_binary; jcop_ops.update_binary = jcop_update_binary; jcop_ops.select_file = jcop_select_file; @@ -955,10 +928,8 @@ return &jcop_drv; } -#if 1 struct sc_card_driver * sc_get_jcop_driver(void) { return sc_get_driver(); } -#endif diff -Nru opensc-0.11.13/src/libopensc/card-mcrd.c opensc-0.12.1/src/libopensc/card-mcrd.c --- opensc-0.11.13/src/libopensc/card-mcrd.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/card-mcrd.c 2011-05-17 17:07:00.000000000 +0000 @@ -22,12 +22,15 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" -#include "asn1.h" -#include "cardctl.h" +#include "config.h" + #include #include #include + +#include "internal.h" +#include "asn1.h" +#include "cardctl.h" #include "esteid.h" static struct sc_atr_table mcrd_atrs[] = { @@ -37,12 +40,26 @@ "D-Trust", SC_CARD_TYPE_MCRD_DTRUST, 0, NULL}, {"3b:ff:11:00:ff:80:b1:fe:45:1f:03:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00:a6", NULL, "D-Trust", SC_CARD_TYPE_MCRD_DTRUST, 0, NULL}, + /* Certain pcsc-lite versions (1.5.3 for example on Ubuntu 10.04) incorrectly trunkate the wram ATR to the length of the cold ATR */ + /* See opensc.conf for further information */ + {"3B:FE:94:00:FF:80:B1:FA:45:1F:03:45:73:74:45:49:44:20", NULL, "Broken EstEID 1.1 warm", SC_CARD_TYPE_MCRD_ESTEID_V11, 0, NULL}, + {"3b:fe:94:00:ff:80:b1:fa:45:1f:03:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:43", NULL, "EstEID 1.0 cold", SC_CARD_TYPE_MCRD_ESTEID_V10, 0, NULL}, + {"3b:6e:00:ff:45:73:74:45:49:44:20:76:65:72:20:31:2e:30", NULL, "EstEID 1.0 cold", SC_CARD_TYPE_MCRD_ESTEID_V10, 0, NULL}, + {"3b:de:18:ff:c0:80:b1:fe:45:1f:03:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:2b", NULL, "EstEID 1.0 cold 2006", SC_CARD_TYPE_MCRD_ESTEID_V10, 0, NULL}, + {"3b:5e:11:ff:45:73:74:45:49:44:20:76:65:72:20:31:2e:30", NULL, "EstEID 1.0 warm 2006", SC_CARD_TYPE_MCRD_ESTEID_V10, 0, NULL}, + {"3b:6e:00:00:45:73:74:45:49:44:20:76:65:72:20:31:2e:30", NULL, "EstEID 1.1 cold", SC_CARD_TYPE_MCRD_ESTEID_V11, 0, NULL}, + {"3B:FE:18:00:00:80:31:FE:45:45:73:74:45:49:44:20:76:65:72:20:31:2E:30:A8", NULL, "EstEID 3.0 (dev1) cold", SC_CARD_TYPE_MCRD_ESTEID_V30, 0, NULL}, + {"3B:FE:18:00:00:80:31:FE:45:80:31:80:66:40:90:A4:56:1B:16:83:01:90:00:86", NULL, "EstEID 3.0 (dev1) warm", SC_CARD_TYPE_MCRD_ESTEID_V30, 0, NULL}, + {"3b:fe:18:00:00:80:31:fe:45:80:31:80:66:40:90:a4:16:2a:00:83:01:90:00:e1", NULL, "EstEID 3.0 (dev2) warm", SC_CARD_TYPE_MCRD_ESTEID_V30, 0, NULL}, + {"3b:fe:18:00:00:80:31:fe:45:80:31:80:66:40:90:a4:16:2a:00:83:0f:90:00:ef", NULL, "EstEID 3.0 (18.01.2011) warm", SC_CARD_TYPE_MCRD_ESTEID_V30, 0, NULL}, {NULL, NULL, NULL, 0, 0, NULL} }; +static unsigned char EstEID_v3_AID[] = {0xF0, 0x45, 0x73, 0x74, 0x45, 0x49, 0x44, 0x20, 0x76, 0x65, 0x72, 0x20, 0x31, 0x2E, 0x30}; + static struct sc_card_operations mcrd_ops; static struct sc_card_driver mcrd_drv = { - "MICARDO 2.1", + "MICARDO 2.1 / EstEID 1.0 - 3.0", "mcrd", &mcrd_ops, NULL, 0, NULL @@ -111,7 +128,7 @@ assert(!priv->is_ef); if (!priv->curpathlen) { - sc_debug(ctx, "no current path to find the df_info\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "no current path to find the df_info\n"); return NULL; } @@ -122,9 +139,9 @@ return dfi; } /* Not found, create it. */ - dfi = (struct df_info_s *)calloc(1, sizeof *dfi); + dfi = calloc(1, sizeof *dfi); if (!dfi) { - sc_debug(ctx, "out of memory while allocating df_info\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "out of memory while allocating df_info\n"); return NULL; } dfi->pathlen = priv->curpathlen; @@ -170,8 +187,8 @@ apdu.lc = 2; apdu.datalen = 2; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); - SC_FUNC_RETURN(card->ctx, 2, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); } static int mcrd_delete_ref_to_signkey(sc_card_t * card) @@ -189,8 +206,8 @@ apdu.lc = 2; apdu.datalen = 2; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); - SC_FUNC_RETURN(card->ctx, 2, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); } @@ -207,16 +224,16 @@ /* track the active keypair */ sc_format_path("0033", &path); r = sc_select_file(card, &path, NULL); - SC_TEST_RET(card->ctx, r, "Can't select keyref info file 0x0033"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Can't select keyref info file 0x0033"); r = sc_read_record(card, 1, keyref_data, SC_ESTEID_KEYREF_FILE_RECLEN, SC_RECORD_BY_REC_NR); - SC_TEST_RET(card->ctx, r, "Can't read keyref info file!"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Can't read keyref info file!"); - sc_debug(card->ctx, + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "authkey reference 0x%02x%02x\n", keyref_data[9], keyref_data[10]); - sc_debug(card->ctx, + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "signkey reference 0x%02x%02x\n", keyref_data[19], keyref_data[20]); @@ -237,73 +254,93 @@ apdu.lc = 5; apdu.datalen = 5; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); - SC_FUNC_RETURN(card->ctx, 2, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); } -static int is_esteid_atr(u8 *atr, size_t atr_len) { - const char *str = "EstEID ver 1.0"; - unsigned int i; - - if (atr_len<14) - return 0; - - for (i = 0; itype) { + case SC_CARD_TYPE_MCRD_ESTEID_V10: + case SC_CARD_TYPE_MCRD_ESTEID_V11: + case SC_CARD_TYPE_MCRD_ESTEID_V30: return 1; } + return 0; } - static int mcrd_match_card(sc_card_t * card) { - int i; - - if (is_esteid_atr(card->atr, card->atr_len)) { - sc_debug(card->ctx, "Found EstEID ver 1.0 card!"); - card->type = SC_CARD_TYPE_MCRD_ESTEID; + int i = 0; + i = _sc_match_atr(card, mcrd_atrs, &card->type); + if (i >= 0) { + card->name = mcrd_atrs[i].name; return 1; } - - i = _sc_match_atr(card, mcrd_atrs, &card->type); - if (i < 0) - return 0; - return 1; + return 0; } static int mcrd_init(sc_card_t * card) { unsigned long flags; struct mcrd_priv_data *priv; + int r; sc_path_t tmppath; + sc_apdu_t apdu; - priv = (struct mcrd_priv_data *)calloc(1, sizeof *priv); + priv = calloc(1, sizeof *priv); if (!priv) return SC_ERROR_OUT_OF_MEMORY; - card->name = "MICARDO 2.1"; card->drv_data = priv; card->cla = 0x00; - card->caps |= SC_CARD_CAP_RNG; + card->caps = SC_CARD_CAP_RNG; - flags = SC_ALGORITHM_RSA_RAW; - flags |= SC_ALGORITHM_RSA_PAD_PKCS1; - flags |= SC_ALGORITHM_RSA_HASH_NONE; - - _sc_card_add_rsa_alg(card, 512, flags, 0); - _sc_card_add_rsa_alg(card, 768, flags, 0); - _sc_card_add_rsa_alg(card, 1024, flags, 0); + + if (is_esteid_card(card)) { + /* Reset the MULTOS card to get to a known state */ + if (card->type == SC_CARD_TYPE_MCRD_ESTEID_V11) + sc_reset(card, 0); + + /* Select the EstEID AID to get to a known state. + * For some reason a reset is required as well... */ + if (card->type == SC_CARD_TYPE_MCRD_ESTEID_V30) { + flags = SC_ALGORITHM_RSA_RAW | SC_ALGORITHM_RSA_HASH_SHA1 | SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_HASH_SHA256; + /* EstEID v3.0 has 2048 bit keys */ + _sc_card_add_rsa_alg(card, 2048, flags, 0); + sc_reset(card, 0); + + sc_format_apdu(card, &apdu, SC_APDU_CASE_3, 0xA4, 0x04, 0x00); + apdu.lc = sizeof(EstEID_v3_AID); + apdu.data = EstEID_v3_AID; + apdu.datalen = sizeof(EstEID_v3_AID); + apdu.resplen = 0; + apdu.le = 0; + r = sc_transmit_apdu(card, &apdu); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); + sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "SELECT AID: %02X%02X", apdu.sw1, apdu.sw2); + if(apdu.sw1 != 0x90 && apdu.sw2 != 0x00) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_CARD_CMD_FAILED); + } else { + /* EstEID v1.0 and 1.1 have 1024 bit keys */ + flags = SC_ALGORITHM_RSA_RAW | SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_HASH_SHA1; + _sc_card_add_rsa_alg(card, 1024, flags, 0); + } + } else { + flags = SC_ALGORITHM_RSA_RAW |SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_HASH_NONE; + _sc_card_add_rsa_alg(card, 512, flags, 0); + _sc_card_add_rsa_alg(card, 768, flags, 0); + _sc_card_add_rsa_alg(card, 1024, flags, 0); + } priv->curpath[0] = MFID; priv->curpathlen = 1; sc_format_path ("3f00", &tmppath); - tmppath.type = SC_PATH_TYPE_PATH; sc_select_file (card, &tmppath, NULL); - - - /* The special file loading thing doesn't work for EstEID */ - if (card->type != SC_CARD_TYPE_MCRD_ESTEID) + + /* Not needed for the fixed EstEID profile */ + if (!is_esteid_card(card)) load_special_files(card); + return SC_SUCCESS; } @@ -328,14 +365,11 @@ static int load_special_files(sc_card_t * card) { sc_context_t *ctx = card->ctx; - struct mcrd_priv_data *priv = DRVDATA(card); int r, recno; struct df_info_s *dfi; struct rule_record_s *rule; struct keyd_record_s *keyd; - assert(!priv->is_ef); - /* First check whether we already cached it. */ dfi = get_df_info(card); if (dfi && dfi->rule_file) @@ -344,7 +378,7 @@ /* Read rule file. Note that we bypass our cache here. */ r = select_part(card, MCRD_SEL_EF, EF_Rule, NULL); - SC_TEST_RET(ctx, r, "selecting EF_Rule failed"); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "selecting EF_Rule failed"); for (recno = 1;; recno++) { u8 recbuf[256]; @@ -354,11 +388,11 @@ if (r == SC_ERROR_RECORD_NOT_FOUND) break; else if (r < 0) { - SC_FUNC_RETURN(ctx, 2, r); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); } else { - rule = (struct rule_record_s *)malloc(sizeof *rule + r); + rule = malloc(sizeof *rule + r); if (!rule) - SC_FUNC_RETURN(ctx, 0, SC_ERROR_OUT_OF_MEMORY); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); rule->recno = recno; rule->datalen = r; memcpy(rule->data, recbuf, r); @@ -367,15 +401,15 @@ } } - sc_debug(ctx, "new EF_Rule file loaded (%d records)\n", recno - 1); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "new EF_Rule file loaded (%d records)\n", recno - 1); /* Read the KeyD file. Note that we bypass our cache here. */ r = select_part(card, MCRD_SEL_EF, EF_KeyD, NULL); if (r == SC_ERROR_FILE_NOT_FOUND) { - sc_debug(ctx, "no EF_KeyD file available\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "no EF_KeyD file available\n"); return 0; /* That is okay. */ } - SC_TEST_RET(ctx, r, "selecting EF_KeyD failed"); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "selecting EF_KeyD failed"); for (recno = 1;; recno++) { u8 recbuf[256]; @@ -385,11 +419,11 @@ if (r == SC_ERROR_RECORD_NOT_FOUND) break; else if (r < 0) { - SC_FUNC_RETURN(ctx, 2, r); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); } else { - keyd = (struct keyd_record_s *)malloc(sizeof *keyd + r); + keyd = malloc(sizeof *keyd + r); if (!keyd) - SC_FUNC_RETURN(ctx, 0, SC_ERROR_OUT_OF_MEMORY); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); keyd->recno = recno; keyd->datalen = r; memcpy(keyd->data, recbuf, r); @@ -398,7 +432,7 @@ } } - sc_debug(ctx, "new EF_KeyD file loaded (%d records)\n", recno - 1); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "new EF_KeyD file loaded (%d records)\n", recno - 1); /* FIXME: Do we need to restore the current DF? I guess it is not required, but we could try to do so by selecting 3fff? */ return 0; @@ -423,7 +457,7 @@ dfi = get_df_info(card); if (!dfi || !dfi->keyd_file) { - sc_debug(ctx, "EF_keyD not loaded\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "EF_keyD not loaded\n"); return -1; } @@ -431,8 +465,9 @@ p = keyd->data; len = keyd->datalen; - sc_hex_dump(ctx, p, len, dbgbuf, sizeof dbgbuf); - sc_debug(ctx, "keyd no %d:\n%s", keyd->recno, dbgbuf); + sc_hex_dump(ctx, SC_LOG_DEBUG_NORMAL, + p, len, dbgbuf, sizeof dbgbuf); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "keyd no %d:\n%s", keyd->recno, dbgbuf); tag = sc_asn1_find_tag(ctx, p, len, 0x83, &taglen); if (!tag || taglen != 4 || @@ -455,7 +490,7 @@ continue; return *tag; /* found. */ } - sc_debug(ctx, "EF_keyD for %04hx not found\n", fid); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "EF_keyD for %04hx not found\n", fid); return -1; } @@ -474,7 +509,7 @@ /* Currently we support only the short for. */ if (buflen != 1) { - sc_debug(ctx, "can't handle long ARRs\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "can't handle long ARRs\n"); return; } @@ -482,15 +517,14 @@ for (rule = dfi ? dfi->rule_file : NULL; rule && rule->recno != *buf; rule = rule->next) ; if (!rule) { - sc_debug(ctx, "referenced EF_rule record %d not found\n", *buf); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "referenced EF_rule record %d not found\n", *buf); return; } - if (ctx->debug) { - sc_hex_dump(ctx, rule->data, rule->datalen, dbgbuf, - sizeof dbgbuf); - sc_debug(ctx, "rule for record %d:\n%s", *buf, dbgbuf); - } + sc_hex_dump(ctx, SC_LOG_DEBUG_NORMAL, + rule->data, rule->datalen, dbgbuf, sizeof dbgbuf); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + "rule for record %d:\n%s", *buf, dbgbuf); p = rule->data; left = rule->datalen; @@ -506,11 +540,11 @@ if (tag == 0x80 && taglen != 1) { skip = 1; } else if (tag == 0x80) { /* AM byte. */ - sc_debug(ctx, " AM_DO: %02x\n", *p); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, " AM_DO: %02x\n", *p); skip = 0; } else if (tag >= 0x81 && tag <= 0x8f) { /* Cmd description */ - sc_hex_dump(ctx, p, taglen, dbgbuf, sizeof dbgbuf); - sc_debug(ctx, " AM_DO: cmd[%s%s%s%s] %s", + sc_hex_dump(ctx, SC_LOG_DEBUG_NORMAL, p, taglen, dbgbuf, sizeof dbgbuf); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, " AM_DO: cmd[%s%s%s%s] %s", (tag & 8) ? "C" : "", (tag & 4) ? "I" : "", (tag & 2) ? "1" : "", @@ -519,33 +553,33 @@ } else if (tag == 0x9C) { /* Proprietary state machine descrip. */ skip = 1; } else if (!skip) { - sc_hex_dump(ctx, p, taglen, dbgbuf, sizeof dbgbuf); + sc_hex_dump(ctx, SC_LOG_DEBUG_NORMAL, p, taglen, dbgbuf, sizeof dbgbuf); switch (tag) { case 0x90: /* Always */ - sc_debug(ctx, " SC: always\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, " SC: always\n"); break; case 0x97: /* Never */ - sc_debug(ctx, " SC: never\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, " SC: never\n"); break; case 0xA4: /* Authentication, value is a CRT. */ - sc_debug(ctx, " SC: auth %s", dbgbuf); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, " SC: auth %s", dbgbuf); break; case 0xB4: case 0xB6: case 0xB8: /* Cmd or resp with SM, value is a CRT. */ - sc_debug(ctx, " SC: cmd/resp %s", dbgbuf); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, " SC: cmd/resp %s", dbgbuf); break; case 0x9E: /* Security Condition byte. */ - sc_debug(ctx, " SC: condition %s", dbgbuf); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, " SC: condition %s", dbgbuf); break; case 0xA0: /* OR template. */ - sc_debug(ctx, " SC: OR\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, " SC: OR\n"); break; case 0xAF: /* AND template. */ - sc_debug(ctx, " SC: AND\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, " SC: AND\n"); break; } } @@ -563,15 +597,14 @@ const u8 *tag = NULL, *p = buf; int bad_fde = 0; - if (ctx->debug >= 3) - sc_debug(ctx, "processing FCI bytes\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "processing FCI bytes\n"); + /* File identifier. */ tag = sc_asn1_find_tag(ctx, p, len, 0x83, &taglen); if (tag != NULL && taglen == 2) { file->id = (tag[0] << 8) | tag[1]; - if (ctx->debug >= 3) - sc_debug(ctx, " file identifier: 0x%02X%02X\n", tag[0], - tag[1]); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + " file identifier: 0x%02X%02X\n", tag[0], tag[1]); } /* Number of data bytes in the file including structural information. */ tag = sc_asn1_find_tag(ctx, p, len, 0x81, &taglen); @@ -585,16 +618,16 @@ } if (tag != NULL && taglen >= 2) { int bytes = (tag[0] << 8) + tag[1]; - if (ctx->debug >= 3) - sc_debug(ctx, " bytes in file: %d\n", bytes); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + " bytes in file: %d\n", bytes); file->size = bytes; } if (tag == NULL) { tag = sc_asn1_find_tag(ctx, p, len, 0x80, &taglen); if (tag != NULL && taglen >= 2) { int bytes = (tag[0] << 8) + tag[1]; - if (ctx->debug >= 3) - sc_debug(ctx, " bytes in file: %d\n", bytes); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + " bytes in file: %d\n", bytes); file->size = bytes; } } @@ -608,9 +641,9 @@ const char *type; file->shareable = byte & 0x40 ? 1 : 0; - if (ctx->debug >= 3) - sc_debug(ctx, " shareable: %s\n", - (byte & 0x40) ? "yes" : "no"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + " shareable: %s\n", + (byte & 0x40) ? "yes" : "no"); file->ef_structure = byte & 0x07; switch ((byte >> 3) & 7) { case 0: @@ -629,11 +662,10 @@ type = "unknown"; break; } - if (ctx->debug >= 3) { - sc_debug(ctx, " type: %s\n", type); - sc_debug(ctx, " EF structure: %d\n", - byte & 0x07); - } + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + " type: %s\n", type); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + " EF structure: %d\n", byte & 0x07); } } @@ -654,8 +686,7 @@ name[i] = '?'; } name[taglen] = 0; - if (ctx->debug >= 3) - sc_debug(ctx, " file name: %s\n", name); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, " file name: %s\n", name); } /* Proprietary information. */ @@ -679,7 +710,7 @@ /* Security attributes, reference to expanded format. */ tag = sc_asn1_find_tag(ctx, p, len, 0x8B, &taglen); - if (tag && taglen) { + if (tag && taglen && !is_esteid_card(card)) { process_arr(card, file, tag, taglen); } else if ((tag = sc_asn1_find_tag(ctx, p, len, 0xA1, &taglen)) && taglen) { @@ -699,45 +730,64 @@ const u8 * buf, size_t buflen, sc_file_t ** file) { sc_apdu_t apdu; - u8 resbuf[255]; + u8 resbuf[SC_MAX_APDU_BUFFER_SIZE]; int r; - sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0xA4, kind, 0x00); + u8 p2 = 0x00; + if (kind == MCRD_SEL_EF) p2 = 0x04; + if (kind == MCRD_SEL_DF) p2 = 0x0C; + + sc_format_apdu(card, &apdu, buflen?SC_APDU_CASE_4_SHORT:SC_APDU_CASE_2_SHORT, 0xA4, kind, p2); apdu.data = buf; apdu.datalen = buflen; apdu.lc = apdu.datalen; apdu.resp = resbuf; apdu.resplen = sizeof(resbuf); - apdu.le = sizeof(resbuf); + apdu.le = 256; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (!file) { if (apdu.sw1 == 0x61) - SC_FUNC_RETURN(card->ctx, 2, 0); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, 0); r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (!r && kind == MCRD_SEL_AID) card->cache.current_path.len = 0; - SC_FUNC_RETURN(card->ctx, 2, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); } r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (r) - SC_FUNC_RETURN(card->ctx, 2, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); + + if (p2 == 0x0C) { + if (file) { + *file = sc_file_new(); + (*file)->type = SC_FILE_TYPE_DF; + return SC_SUCCESS; + } + } - switch (apdu.resp[0]) { - case 0x6F: + if (p2 == 0x04 && apdu.resp[0] == 0x62) { *file = sc_file_new(); if (!*file) - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_OUT_OF_MEMORY); - if (apdu.resp[1] <= apdu.resplen) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); + /* EstEID v3.0 cards are buggy and sometimes return a double 0x62 tag */ + if (card->type == SC_CARD_TYPE_MCRD_ESTEID_V30 && apdu.resp[2] == 0x62) + process_fcp(card, *file, apdu.resp + 4, apdu.resp[3]); + else process_fcp(card, *file, apdu.resp + 2, apdu.resp[1]); - break; - case 0x00: /* proprietary coding */ - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_UNKNOWN_DATA_RECEIVED); - default: - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_UNKNOWN_DATA_RECEIVED); + return SC_SUCCESS; } - return 0; + + if (p2 != 0x0C && apdu.resp[0] == 0x6F) { + *file = sc_file_new(); + if (!*file) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); + if (apdu.resp[1] <= apdu.resplen) + process_fcp(card, *file, apdu.resp + 2, apdu.resp[1]); + return SC_SUCCESS; + } + return SC_SUCCESS; } /* Wrapper around do_select to be used when multiple selects are @@ -747,20 +797,21 @@ sc_file_t ** file) { u8 fbuf[2]; + unsigned int len; int r; - if (card->ctx->debug >= 3) - sc_debug(card->ctx, "select_part (0x%04X, kind=%u)\n", fid, - kind); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "select_part (0x%04X, kind=%u)\n", fid, kind); - if (fid == MFID) + if (fid == MFID) { kind = MCRD_SEL_MF; /* force this kind. */ - - fbuf[0] = fid >> 8; - fbuf[1] = fid & 0xff; - sc_ctx_suppress_errors_on(card->ctx); - r = do_select(card, kind, fbuf, 2, file); - sc_ctx_suppress_errors_off(card->ctx); + len = 0; + } else { + fbuf[0] = fid >> 8; + fbuf[1] = fid & 0xff; + len = 2; + } + r = do_select(card, kind, fbuf, len, file); return r; } @@ -783,7 +834,7 @@ for (; pathlen; pathlen--, pathptr++) { if (priv->curpathlen == MAX_CURPATH) - SC_TEST_RET(card->ctx, SC_ERROR_INTERNAL, + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INTERNAL, "path too long for cache"); r = -1; /* force DF select. */ if (pathlen == 1 && !df_only) { @@ -796,12 +847,12 @@ if (r) r = select_part(card, MCRD_SEL_DF, *pathptr, pathlen == 1 ? file : NULL); - SC_TEST_RET(card->ctx, r, "unable to select DF"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "unable to select DF"); priv->curpath[priv->curpathlen] = *pathptr; priv->curpathlen++; } priv->is_ef = found_ef; - if (!found_ef) + if (!found_ef && !is_esteid_card(card)) load_special_files(card); return 0; @@ -822,6 +873,8 @@ int r; size_t i; + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + assert(!priv->curpathlen || priv->curpath[0] == MFID); if (pathlen && *pathptr == 0x3FFF) { @@ -835,7 +888,7 @@ /* MF requested: clear the cache and select it. */ priv->curpathlen = 0; r = select_part(card, MCRD_SEL_MF, pathptr[0], file); - SC_TEST_RET(card->ctx, r, "unable to select MF"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "unable to select MF"); priv->curpath[0] = pathptr[0]; priv->curpathlen = 1; priv->is_ef = 0; @@ -882,7 +935,7 @@ /* Relative addressing without a current path. So we select the MF first. */ r = select_part(card, MCRD_SEL_MF, pathptr[0], file); - SC_TEST_RET(card->ctx, r, "unable to select MF"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "unable to select MF"); priv->curpath[0] = pathptr[0]; priv->curpathlen = 1; priv->is_ef = 0; @@ -904,6 +957,8 @@ struct mcrd_priv_data *priv = DRVDATA(card); int r; + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + assert(!priv->curpathlen || priv->curpath[0] == MFID); if (pathlen > 1) @@ -929,7 +984,7 @@ /* MF requested: clear the cache and select it. */ priv->curpathlen = 0; r = select_part(card, MCRD_SEL_MF, MFID, file); - SC_TEST_RET(card->ctx, r, "unable to select MF"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "unable to select MF"); priv->curpath[0] = MFID; priv->curpathlen = 1; priv->is_ef = 0; @@ -939,7 +994,7 @@ /* Relative addressing without a current path. So we select the MF first. */ r = select_part(card, MCRD_SEL_MF, pathptr[0], file); - SC_TEST_RET(card->ctx, r, "unable to select MF"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "unable to select MF"); priv->curpath[0] = pathptr[0]; priv->curpathlen = 1; priv->is_ef = 0; @@ -962,10 +1017,10 @@ struct mcrd_priv_data *priv = DRVDATA(card); int r = 0; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); - if (card->ctx->debug >= 3) { - char line[256], *linep = line; + { + char line[256], *linep; size_t i; linep = line; @@ -976,7 +1031,7 @@ linep += 4; } strcpy(linep, "\n"); - sc_debug(card->ctx, line); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, line); } if (path->type == SC_PATH_TYPE_DF_NAME) { @@ -1028,7 +1083,7 @@ } } - if (card->ctx->debug >= 3) { + { char line[256], *linep = line; size_t i; linep += @@ -1039,7 +1094,7 @@ linep += 4; } strcpy(linep, "\n"); - sc_debug(card->ctx, line); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, line); } return r; } @@ -1052,7 +1107,7 @@ sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x22, 0xF3, se_num); r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); return sc_check_sw(card, apdu.sw1, apdu.sw2); } @@ -1068,16 +1123,16 @@ { struct mcrd_priv_data *priv = DRVDATA(card); sc_apdu_t apdu; - sc_path_t tmppath; + sc_path_t tmppath; u8 sbuf[SC_MAX_APDU_BUFFER_SIZE]; u8 *p; int r, locked = 0; assert(card != NULL && env != NULL); - SC_FUNC_CALLED(card->ctx, 2); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); /* special environment handling for esteid, stolen from openpgp */ - if (card->type == SC_CARD_TYPE_MCRD_ESTEID) { + if (is_esteid_card(card)) { /* some sanity checks */ if (env->flags & SC_SEC_ENV_ALG_PRESENT) { if (env->algorithm != SC_ALGORITHM_RSA) @@ -1089,13 +1144,12 @@ /* Make sure we always start from MF */ sc_format_path ("3f00", &tmppath); - tmppath.type = SC_PATH_TYPE_PATH; sc_select_file (card, &tmppath, NULL); /* We now know that cache is not valid */ - select_esteid_df(card); + select_esteid_df(card); switch (env->operation) { case SC_SEC_OPERATION_DECIPHER: - sc_debug(card->ctx, + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Using keyref %d to dechiper\n", env->key_ref[0]); mcrd_restore_se(card, 6); @@ -1104,7 +1158,7 @@ mcrd_set_decipher_key_ref(card, env->key_ref[0]); break; case SC_SEC_OPERATION_SIGN: - sc_debug(card->ctx, "Using keyref %d to sign\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Using keyref %d to sign\n", env->key_ref[0]); mcrd_restore_se(card, 1); break; @@ -1117,7 +1171,7 @@ if (card->type == SC_CARD_TYPE_MCRD_DTRUST || card->type == SC_CARD_TYPE_MCRD_GENERIC) { - sc_debug(card->ctx, "Using SC_CARD_TYPE_MCRD_DTRUST\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Using SC_CARD_TYPE_MCRD_DTRUST\n"); /* some sanity checks */ if (env->flags & SC_SEC_ENV_ALG_PRESENT) { if (env->algorithm != SC_ALGORITHM_RSA) @@ -1129,7 +1183,7 @@ switch (env->operation) { case SC_SEC_OPERATION_DECIPHER: - sc_debug(card->ctx, + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Using keyref %d to dechiper\n", env->key_ref[0]); mcrd_delete_ref_to_authkey(card); @@ -1137,7 +1191,7 @@ mcrd_set_decipher_key_ref(card, env->key_ref[0]); break; case SC_SEC_OPERATION_SIGN: - sc_debug(card->ctx, "Using keyref %d to sign\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Using keyref %d to sign\n", env->key_ref[0]); break; default: @@ -1174,7 +1228,7 @@ p++; *p = 0; p++; - } else if (card->type == SC_CARD_TYPE_MCRD_ESTEID) { + } else if (is_esteid_card(card)) { if ((env->flags & SC_SEC_ENV_FILE_REF_PRESENT) && env->file_ref.len > 1) { unsigned short fid; @@ -1187,7 +1241,7 @@ /* Need to restore the security environmnet. */ if (num) { r = mcrd_restore_se(card, num); - SC_TEST_RET(card->ctx, r, + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "mcrd_enable_se failed"); } p += 2; @@ -1204,25 +1258,27 @@ apdu.resplen = 0; if (se_num > 0) { r = sc_lock(card); - SC_TEST_RET(card->ctx, r, "sc_lock() failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "sc_lock() failed"); locked = 1; } if (apdu.datalen != 0) { r = sc_transmit_apdu(card, &apdu); if (r) { - sc_perror(card->ctx, r, "APDU transmit failed"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "%s: APDU transmit failed", sc_strerror(r)); goto err; } r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (r) { - sc_perror(card->ctx, r, "Card returned error"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "%s: Card returned error", sc_strerror(r)); goto err; } } if (se_num <= 0) return 0; sc_unlock(card); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); return sc_check_sw(card, apdu.sw1, apdu.sw2); err: if (locked) @@ -1241,13 +1297,13 @@ sc_apdu_t apdu; assert(card != NULL && data != NULL && out != NULL); - SC_FUNC_CALLED(card->ctx, 2); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); if (env->operation != SC_SEC_OPERATION_SIGN) return SC_ERROR_INVALID_ARGUMENTS; if (datalen > 255) - SC_FUNC_RETURN(card->ctx, 4, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); - sc_debug(card->ctx, + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Will compute signature (%d) for %d (0x%02x) bytes using key %d algorithm %d flags %d\n", env->operation, datalen, datalen, env->key_ref[0], env->algorithm, env->algorithm_flags); @@ -1269,76 +1325,59 @@ apdu.resplen = outlen; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); - r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); - - SC_FUNC_RETURN(card->ctx, 4, apdu.resplen); -} - -/* added by -mp */ -static int mcrd_decipher(sc_card_t * card, - const u8 * crgram, size_t crgram_len, u8 * out, - size_t out_len) -{ - - int r; - sc_apdu_t apdu; - struct mcrd_priv_data *priv = DRVDATA(card); - sc_security_env_t *env = &priv->sec_env; - u8 *temp; - - sc_debug(card->ctx, - "Will dechiper %d (0x%02x) bytes using key %d\n", - crgram_len, crgram_len, env->key_ref[0]); - - /* saniti check */ - if (env->operation != SC_SEC_OPERATION_DECIPHER) - return SC_ERROR_INVALID_ARGUMENTS; - - if (!(temp = (u8 *) malloc(crgram_len + 1))) - return SC_ERROR_OUT_OF_MEMORY; - temp[0] = '\0'; - memcpy(temp + 1, crgram, crgram_len); - crgram = temp; - crgram_len += 1; - - sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0x2A, 0x80, 0x86); - - apdu.resp = out; - apdu.resplen = out_len; - apdu.le = apdu.resplen; - - apdu.data = crgram; - apdu.datalen = crgram_len; - apdu.lc = apdu.datalen; - - apdu.sensitive = 1; - - r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); - SC_FUNC_RETURN(card->ctx, 4, apdu.resplen); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, apdu.resplen); } /* added by -mp, to give pin information in the card driver (pkcs15emu->driver needed) */ static int mcrd_pin_cmd(sc_card_t * card, struct sc_pin_cmd_data *data, int *tries_left) { - SC_FUNC_CALLED(card->ctx, 3); + int r; + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); data->pin1.offset = 5; data->pin1.length_offset = 4; data->pin2.offset = 5; data->pin2.length_offset = 4; + + if (is_esteid_card(card) && data->cmd == SC_PIN_CMD_GET_INFO) { + sc_path_t tmppath; + u8 buf[16]; + int ref_to_record[] = {3,1,2}; + + /* the file with key pin info (tries left) 4.5 EF_PwdC */ + /* XXX: cheat the file path cache by always starting fresh from MF */ + sc_format_path ("3f00", &tmppath); + r = sc_select_file (card, &tmppath, NULL); + if (r < 0) + return SC_ERROR_INTERNAL; + + sc_format_path ("3f000016", &tmppath); + r = sc_select_file (card, &tmppath, NULL); + if (r < 0) + return SC_ERROR_INTERNAL; + + /* read the number of tries left for the PIN */ + r = sc_read_record (card, ref_to_record[data->pin_reference], buf, sizeof(buf), SC_RECORD_BY_REC_NR); + if (r < 0) + return SC_ERROR_INTERNAL; + if (buf[0] != 0x80 || buf[3] != 0x90) + return SC_ERROR_INTERNAL; + data->pin1.tries_left = buf[5]; + data->pin1.max_tries = buf[2]; + return SC_SUCCESS; + } + if (card->type == SC_CARD_TYPE_MCRD_DTRUST || card->type == SC_CARD_TYPE_MCRD_GENERIC) { - sc_debug(card->ctx, "modify pin reference for D-Trust\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "modify pin reference for D-Trust\n"); if (data->pin_reference == 0x02) data->pin_reference = data->pin_reference | 0x80; } - SC_FUNC_RETURN(card->ctx, 4, iso_ops->pin_cmd(card, data, tries_left)); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, iso_ops->pin_cmd(card, data, tries_left)); } /* Driver binding */ @@ -1355,7 +1394,6 @@ mcrd_ops.select_file = mcrd_select_file; mcrd_ops.set_security_env = mcrd_set_security_env; mcrd_ops.compute_signature = mcrd_compute_signature; - mcrd_ops.decipher = mcrd_decipher; mcrd_ops.pin_cmd = mcrd_pin_cmd; return &mcrd_drv; diff -Nru opensc-0.11.13/src/libopensc/card-miocos.c opensc-0.12.1/src/libopensc/card-miocos.c --- opensc-0.11.13/src/libopensc/card-miocos.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/card-miocos.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,11 +18,14 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +#include "config.h" + +#include +#include + #include "internal.h" #include "asn1.h" #include "cardctl.h" -#include -#include static struct sc_atr_table miocos_atrs[] = { /* Test card with 32 kB memory */ @@ -40,11 +43,6 @@ NULL, 0, NULL }; -static int miocos_finish(sc_card_t *card) -{ - return 0; -} - static int miocos_match_card(sc_card_t *card) { int i; @@ -71,10 +69,8 @@ /* read_binary and friends shouldn't do more than 244 bytes * per operation */ - if (card->max_send_size > 244) - card->max_send_size = 244; - if (card->max_recv_size > 244) - card->max_recv_size = 244; + card->max_send_size = 244; + card->max_recv_size = 244; return 0; } @@ -141,7 +137,7 @@ *p++ = 0x43; break; default: - sc_error(card->ctx, "Invalid EF structure\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Invalid EF structure\n"); return SC_ERROR_INVALID_ARGUMENTS; } ops = ef_ops; @@ -151,7 +147,7 @@ ops = key_ops; break; default: - sc_error(card->ctx, "Unknown file type\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unknown file type\n"); return SC_ERROR_INVALID_ARGUMENTS; } if (file->type == SC_FILE_TYPE_DF) { @@ -172,7 +168,7 @@ else { int byte = acl_to_byte(sc_file_get_acl_entry(file, ops[i])); if (byte < 0) { - sc_error(card->ctx, "Invalid ACL\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Invalid ACL\n"); return SC_ERROR_INVALID_ARGUMENTS; } nibble = byte; @@ -219,11 +215,11 @@ apdu.lc = buflen; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 == 0x6A && apdu.sw2 == 0x89) return SC_ERROR_FILE_ALREADY_EXISTS; r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); return 0; } @@ -239,7 +235,7 @@ tmp.flags &= ~SC_SEC_ENV_ALG_PRESENT; tmp.flags |= SC_SEC_ENV_ALG_REF_PRESENT; if (tmp.algorithm != SC_ALGORITHM_RSA) { - sc_error(card->ctx, "Only RSA algorithm supported.\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Only RSA algorithm supported.\n"); return SC_ERROR_NOT_SUPPORTED; } tmp.algorithm_ref = 0x00; @@ -332,7 +328,7 @@ apdu.resplen = sizeof(rbuf); apdu.le = sizeof(rbuf); r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.resplen == 0) return sc_check_sw(card, apdu.sw1, apdu.sw2); for (i = 0; i < 16; i++) @@ -341,8 +337,8 @@ seq = sc_asn1_skip_tag(card->ctx, &seq, &left, SC_ASN1_SEQUENCE | SC_ASN1_CONS, &left); if (seq == NULL) - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_UNKNOWN_DATA_RECEIVED); - SC_TEST_RET(card->ctx, r, "Unable to process reply"); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Unable to process reply"); for (i = 1; i < 15; i++) { int j; const u8 *tag; @@ -405,7 +401,7 @@ apdu.resplen = buflen; apdu.le = buflen > 256 ? 256 : buflen; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.resplen == 0) return sc_check_sw(card, apdu.sw1, apdu.sw2); return apdu.resplen; @@ -416,19 +412,19 @@ int r; sc_apdu_t apdu; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); if (path->type != SC_PATH_TYPE_FILE_ID && path->len != 2) { - sc_error(card->ctx, "File type has to be SC_PATH_TYPE_FILE_ID\n"); - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "File type has to be SC_PATH_TYPE_FILE_ID\n"); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS); } r = sc_select_file(card, path, NULL); - SC_TEST_RET(card->ctx, r, "Unable to select file to be deleted"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Unable to select file to be deleted"); sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0xE4, 0x00, 0x00); apdu.cla = 0xA0; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); return sc_check_sw(card, apdu.sw1, apdu.sw2); } @@ -441,11 +437,11 @@ size_t sendsize; if (ac->max_tries > 15) - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS); switch (ac->type) { case SC_CARDCTL_MIOCOS_AC_PIN: if (ac->max_unblock_tries > 15) - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS); miocos_type = 0x01; sbuf[0] = (ac->max_tries << 4) | ac->max_tries; sbuf[1] = 0xFF; /* FIXME... */ @@ -456,7 +452,7 @@ sendsize = 20; break; default: - sc_error(card->ctx, "AC type %d not supported\n", ac->type); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "AC type %d not supported\n", ac->type); return SC_ERROR_NOT_SUPPORTED; } sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x1E, miocos_type, @@ -465,7 +461,7 @@ apdu.datalen = sendsize; apdu.data = sbuf; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); return sc_check_sw(card, apdu.sw1, apdu.sw2); } @@ -476,7 +472,7 @@ case SC_CARDCTL_MIOCOS_CREATE_AC: return miocos_create_ac(card, (struct sc_cardctl_miocos_ac_info *) arg); } - sc_error(card->ctx, "card_ctl command 0x%X not supported\n", cmd); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "card_ctl command 0x%X not supported\n", cmd); return SC_ERROR_NOT_SUPPORTED; } @@ -488,7 +484,6 @@ miocos_ops = *iso_drv->ops; miocos_ops.match_card = miocos_match_card; miocos_ops.init = miocos_init; - miocos_ops.finish = miocos_finish; if (iso_ops == NULL) iso_ops = iso_drv->ops; miocos_ops.create_file = miocos_create_file; diff -Nru opensc-0.11.13/src/libopensc/card-muscle.c opensc-0.12.1/src/libopensc/card-muscle.c --- opensc-0.11.13/src/libopensc/card-muscle.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/card-muscle.c 2011-05-17 17:07:00.000000000 +0000 @@ -1,5 +1,5 @@ /* - * card-muscle.c: Support for MuscleCard Applet from musclecard.com + * card-muscle.c: Support for MuscleCard Applet from musclecard.com * * Copyright (C) 2006, Identity Alliance, Thomas Harning * @@ -18,32 +18,36 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +#include "config.h" + +#include +#include + #include "internal.h" #include "cardctl.h" #include "muscle.h" #include "muscle-filesystem.h" -#include -#include - -#include -#include +#include "types.h" +#include "opensc.h" static struct sc_card_operations muscle_ops; +static const struct sc_card_operations *iso_ops = NULL; + static struct sc_card_driver muscle_drv = { - "Muscle Card Driver", + "MuscleApplet", "muscle", &muscle_ops, NULL, 0, NULL }; static struct sc_atr_table muscle_atrs[] = { - /* Aladdin eToken PRO USB 72K Java */ - { "3b:d5:18:00:81:31:3a:7d:80:73:c8:21:10:30", NULL, NULL, SC_CARD_TYPE_MUSCLE_ETOKEN_72K, 0, NULL }, + /* Aladdin eToken PRO USB 72K Java */ + { "3b:d5:18:00:81:31:3a:7d:80:73:c8:21:10:30", NULL, NULL, SC_CARD_TYPE_MUSCLE_ETOKEN_72K, 0, NULL }, /* JCOP31 v2.4.1 contact interface */ { "3b:f8:13:00:00:81:31:fe:45:4a:43:4f:50:76:32:34:31:b7", NULL, NULL, SC_CARD_TYPE_MUSCLE_JCOP241, 0, NULL }, /* JCOP31 v2.4.1 RF interface */ { "3b:88:80:01:4a:43:4f:50:76:32:34:31:5e", NULL, NULL, SC_CARD_TYPE_MUSCLE_JCOP241, 0, NULL }, - { NULL, NULL, NULL, 0, 0, NULL } + { NULL, NULL, NULL, 0, 0, NULL } }; #define MUSCLE_DATA(card) ( (muscle_private_t*)card->drv_data ) @@ -69,18 +73,28 @@ static int muscle_match_card(sc_card_t *card) { - /* Use SELECT APPLET, since its a more deterministic way of detection */ - int i; + sc_apdu_t apdu; + u8 response[64]; + int r; + /* Since we send an APDU, the card's logout function may be called... * however it's not always properly nulled out... */ card->ops->logout = NULL; - sc_ctx_suppress_errors_on(card->ctx); - i = msc_select_applet(card, muscleAppletId, 5); - sc_ctx_suppress_errors_off(card->ctx); - /* Mark the card for muscle_init */ - card->drv_data = (void*)0xFFFFFFFF; - return i; + if (msc_select_applet(card, muscleAppletId, 5) == 1) { + /* Muscle applet is present, check the protocol version to be sure */ + sc_format_apdu(card, &apdu, SC_APDU_CASE_2, 0x3C, 0x00, 0x00); + apdu.cla = 0xB0; + apdu.le = 64; + apdu.resplen = 64; + apdu.resp = response; + r = sc_transmit_apdu(card, &apdu); + if (r == SC_SUCCESS && response[0] == 0x01) { + card->type = SC_CARD_TYPE_MUSCLE_V1; + return 1; + } + } + return 0; } /* Since Musclecard has a different ACL system then PKCS15 @@ -116,7 +130,7 @@ return acl_entry; } -static void muscle_parse_acls(const sc_file_t* file, unsigned short* read_perm, unsigned short* write_perm, unsigned short* delete_perm) +static void muscle_parse_acls(const sc_file_t* file, unsigned short* read_perm, unsigned short* write_perm, unsigned short* delete_perm) { assert(read_perm && write_perm && delete_perm); *read_perm = muscle_parse_singleAcl(sc_file_get_acl_entry(file, SC_AC_OP_READ)); @@ -185,7 +199,7 @@ mscfs_file_t *file; r = mscfs_check_selection(fs, -1); - if(r < 0) SC_FUNC_RETURN(card->ctx, 0, r); + if(r < 0) SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); file = &fs->cache.array[fs->currentFileIndex]; objectId = file->objectId; /* memcpy(objectId.id, file->objectId.id, 4); */ @@ -195,7 +209,7 @@ oid[2] = oid[3] = 0; } r = msc_read_object(card, objectId, idx, buf, count); - SC_FUNC_RETURN(card->ctx, 0, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } static int muscle_update_binary(sc_card_t *card, unsigned int idx, const u8* buf, size_t count, unsigned long flags) @@ -207,7 +221,7 @@ u8* oid = objectId.id; r = mscfs_check_selection(fs, -1); - if(r < 0) SC_FUNC_RETURN(card->ctx, 0, r); + if(r < 0) SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); file = &fs->cache.array[fs->currentFileIndex]; objectId = file->objectId; @@ -220,7 +234,7 @@ if(file->size < idx + count) { int newFileSize = idx + count; u8* buffer = malloc(newFileSize); - if(buffer == NULL) SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_OUT_OF_MEMORY); + if(buffer == NULL) SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); r = msc_read_object(card, objectId, 0, buffer, file->size); /* TODO: RETREIVE ACLS */ @@ -229,13 +243,13 @@ if(r < 0) goto update_bin_free_buffer; r = msc_create_object(card, objectId, newFileSize, 0,0,0); if(r < 0) goto update_bin_free_buffer; - memcpy(buffer + idx, buf, count); + memcpy(buffer + idx, buf, count); r = msc_update_object(card, objectId, 0, buffer, newFileSize); if(r < 0) goto update_bin_free_buffer; file->size = newFileSize; update_bin_free_buffer: free(buffer); - SC_FUNC_RETURN(card->ctx, 0, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } else { r = msc_update_object(card, objectId, idx, buf, count); } @@ -257,22 +271,21 @@ /* Delete children */ mscfs_check_cache(fs); - if (card->ctx->debug >= 2) { - sc_debug(card->ctx, "DELETING Children of: %02X%02X%02X%02X\n", - oid[0],oid[1],oid[2],oid[3]); - } + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "DELETING Children of: %02X%02X%02X%02X\n", + oid[0],oid[1],oid[2],oid[3]); for(x = 0; x < fs->cache.size; x++) { msc_id objectId; childFile = &fs->cache.array[x]; objectId = childFile->objectId; if(0 == memcmp(oid + 2, objectId.id, 2)) { - if (card->ctx->debug >= 2) { - sc_debug(card->ctx, "DELETING: %02X%02X%02X%02X\n", - objectId.id[0],objectId.id[1],objectId.id[2],objectId.id[3]); - } + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "DELETING: %02X%02X%02X%02X\n", + objectId.id[0],objectId.id[1], + objectId.id[2],objectId.id[3]); r = muscle_delete_mscfs_file(card, childFile); - if(r < 0) SC_FUNC_RETURN(card->ctx, 2,r); + if(r < 0) SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,r); } } oid[0] = oid[2]; @@ -282,20 +295,18 @@ } if((0 == memcmp(oid, "\x3F\x00\x00\x00", 4)) || (0 == memcmp(oid, "\x3F\x00\x3F\x00", 4))) { - sc_ctx_suppress_errors_on(card->ctx); } r = msc_delete_object(card, id, 1); /* Check if its the root... this file generally is virtual * So don't return an error if it fails */ if((0 == memcmp(oid, "\x3F\x00\x00\x00", 4)) || (0 == memcmp(oid, "\x3F\x00\x3F\x00", 4))) - sc_ctx_suppress_errors_off(card->ctx); return 0; if(r < 0) { printf("ID: %02X%02X%02X%02X\n", - oid[0],oid[1],oid[2],oid[3]); - SC_FUNC_RETURN(card->ctx, 2,r); + oid[0],oid[1],oid[2],oid[3]); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,r); } return 0; } @@ -307,10 +318,10 @@ int r = 0; r = mscfs_loadFileInfo(fs, path_in->value, path_in->len, &file_data, NULL); - if(r < 0) SC_FUNC_RETURN(card->ctx, 2,r); + if(r < 0) SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,r); r = muscle_delete_mscfs_file(card, file_data); mscfs_clear_cache(fs); - if(r < 0) SC_FUNC_RETURN(card->ctx, 2,r); + if(r < 0) SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,r); return 0; } @@ -350,7 +361,6 @@ { mscfs_t *fs = MUSCLE_FS(card); mscfs_file_t *file_data = NULL; - const u8 *path = path_in->value; int pathlen = path_in->len; int r = 0; int objectIndex; @@ -358,11 +368,11 @@ mscfs_check_cache(fs); r = mscfs_loadFileInfo(fs, path_in->value, path_in->len, &file_data, &objectIndex); - if(r < 0) SC_FUNC_RETURN(card->ctx, 2,r); + if(r < 0) SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,r); /* Check if its the right type */ if(requiredType >= 0 && requiredType != file_data->ef) { - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS); } oid = file_data->objectId.id; /* Is it a file or directory */ @@ -385,8 +395,6 @@ file->path = *path_in; file->size = file_data->size; file->id = (oid[2] << 8) | oid[3]; - memcpy(file->name, path, pathlen); - file->namelen = pathlen; if(!file_data->ef) { file->type = SC_FILE_TYPE_DF; } else { @@ -426,10 +434,10 @@ r = select_item(card, path_in, file_out, -1); break; default: - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); } if(r > 0) r = 0; - SC_FUNC_RETURN(card->ctx, 2,r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,r); } static int _listFile(mscfs_file_t *file, int reset, void *udata) @@ -440,24 +448,12 @@ static int muscle_init(sc_card_t *card) { - int r = 0; muscle_private_t *priv; - /* drv_data is set to (void*)0xFFFFFFFF in muscle_detect, - * If drv_data doesn't equal that, then we need to detect... */ - if(card->drv_data != (void*)0xFFFFFFFF) { - card->drv_data = NULL; - if(!muscle_match_card(card)) - return SC_ERROR_INVALID_CARD; - } - - r = sc_get_default_driver()->ops->init(card); - if(r) return r; - - card->name = "Muscle Card"; + card->name = "MuscleApplet"; card->drv_data = malloc(sizeof(muscle_private_t)); if(!card->drv_data) { - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_OUT_OF_MEMORY); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); } memset(card->drv_data, 0, sizeof(muscle_private_t)); priv = MUSCLE_DATA(card); @@ -465,30 +461,27 @@ priv->fs = mscfs_new(); if(!priv->fs) { free(card->drv_data); - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_OUT_OF_MEMORY); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); } priv->fs->udata = card; priv->fs->listFile = _listFile; card->cla = 0xB0; - card->flags |= SC_CARD_FLAG_ONBOARD_KEY_GEN; card->flags |= SC_CARD_FLAG_RNG; card->caps |= SC_CARD_CAP_RNG; /* Card type detection */ _sc_match_atr(card, muscle_atrs, &card->type); if(card->type == SC_CARD_TYPE_MUSCLE_ETOKEN_72K) { - card->caps |= SC_CARD_CAP_RSA_2048; card->caps |= SC_CARD_CAP_APDU_EXT; } if(card->type == SC_CARD_TYPE_MUSCLE_JCOP241) { - card->caps |= SC_CARD_CAP_RSA_2048; card->caps |= SC_CARD_CAP_APDU_EXT; } - /* FIXME: Card type detection */ + /* FIXME: Card type detection */ if (1) { unsigned long flags; @@ -496,14 +489,10 @@ flags |= SC_ALGORITHM_RSA_HASH_NONE; flags |= SC_ALGORITHM_ONBOARD_KEY_GEN; - _sc_card_add_rsa_alg(card, 512, flags, 0); - _sc_card_add_rsa_alg(card, 768, flags, 0); _sc_card_add_rsa_alg(card, 1024, flags, 0); _sc_card_add_rsa_alg(card, 2048, flags, 0); } - card->max_recv_size = 1024 * 64; - card->max_send_size = 1024 * 64; - return 0; + return SC_SUCCESS; } static int muscle_list_files(sc_card_t *card, u8 *buf, size_t bufLen) @@ -517,10 +506,9 @@ for(x = 0; x < fs->cache.size; x++) { u8* oid= fs->cache.array[x].objectId.id; - if (card->ctx->debug >= 2) { - sc_debug(card->ctx, "FILE: %02X%02X%02X%02X\n", - oid[0],oid[1],oid[2],oid[3]); - } + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "FILE: %02X%02X%02X%02X\n", + oid[0],oid[1],oid[2],oid[3]); if(0 == memcmp(fs->currentPath, oid, 2)) { buf[0] = oid[2]; buf[1] = oid[3]; @@ -532,9 +520,6 @@ return count; } -static int (*iso_pin_cmd)(struct sc_card *, struct sc_pin_cmd_data *, - int *tries_left); - static int muscle_pin_cmd(sc_card_t *card, struct sc_pin_cmd_data *cmd, int *tries_left) { @@ -550,7 +535,7 @@ msc_verify_pin_apdu(card, &apdu, buffer, bufferLength, cmd->pin_reference, cmd->pin1.data, cmd->pin1.len); cmd->apdu = &apdu; cmd->pin1.offset = 5; - r = iso_pin_cmd(card, cmd, tries_left); + r = iso_ops->pin_cmd(card, cmd, tries_left); if(r >= 0) priv->verifiedPins |= (1 << cmd->pin_reference); return r; @@ -560,7 +545,7 @@ case SC_AC_AUT: case SC_AC_NONE: default: - sc_error(card->ctx, "Unsupported authentication method\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unsupported authentication method\n"); return SC_ERROR_NOT_SUPPORTED; } case SC_PIN_CMD_CHANGE: @@ -569,14 +554,14 @@ sc_apdu_t apdu; msc_change_pin_apdu(card, &apdu, buffer, bufferLength, cmd->pin_reference, cmd->pin1.data, cmd->pin1.len, cmd->pin2.data, cmd->pin2.len); cmd->apdu = &apdu; - return iso_pin_cmd(card, cmd, tries_left); + return iso_ops->pin_cmd(card, cmd, tries_left); } case SC_AC_TERM: case SC_AC_PRO: case SC_AC_AUT: case SC_AC_NONE: default: - sc_error(card->ctx, "Unsupported authentication method\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unsupported authentication method\n"); return SC_ERROR_NOT_SUPPORTED; } case SC_PIN_CMD_UNBLOCK: @@ -585,18 +570,18 @@ sc_apdu_t apdu; msc_unblock_pin_apdu(card, &apdu, buffer, bufferLength, cmd->pin_reference, cmd->pin1.data, cmd->pin1.len); cmd->apdu = &apdu; - return iso_pin_cmd(card, cmd, tries_left); + return iso_ops->pin_cmd(card, cmd, tries_left); } case SC_AC_TERM: case SC_AC_PRO: case SC_AC_AUT: case SC_AC_NONE: default: - sc_error(card->ctx, "Unsupported authentication method\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unsupported authentication method\n"); return SC_ERROR_NOT_SUPPORTED; } default: - sc_error(card->ctx, "Unsupported command\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unsupported command\n"); return SC_ERROR_NOT_SUPPORTED; } @@ -608,9 +593,9 @@ /* CURRENTLY DONT SUPPOT EXTRACTING PRIVATE KEYS... */ switch(info->keyType) { case 1: /* RSA */ - return msc_extract_rsa_public_key(card, - info->keyLocation, - &info->modLength, + return msc_extract_rsa_public_key(card, + info->keyLocation, + &info->modLength, &info->modValue, &info->expLength, &info->expValue); @@ -625,8 +610,8 @@ switch(info->keyType) { case 0x02: /* RSA_PRIVATE */ case 0x03: /* RSA_PRIVATE_CRT */ - return msc_import_key(card, - info->keyLocation, + return msc_import_key(card, + info->keyLocation, info); default: return SC_ERROR_NOT_SUPPORTED; @@ -635,8 +620,8 @@ static int muscle_card_generate_key(sc_card_t *card, sc_cardctl_muscle_gen_key_info_t *info) { - return msc_generate_keypair(card, - info->privateKeyLocation, + return msc_generate_keypair(card, + info->privateKeyLocation, info->publicKeyLocation, info->keyType, info->keySize, @@ -667,40 +652,40 @@ static int muscle_set_security_env(sc_card_t *card, const sc_security_env_t *env, - int se_num) + int se_num) { muscle_private_t* priv = MUSCLE_DATA(card); if (env->operation != SC_SEC_OPERATION_SIGN && env->operation != SC_SEC_OPERATION_DECIPHER) { - sc_error(card->ctx, "Invalid crypto operation supplied.\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Invalid crypto operation supplied.\n"); return SC_ERROR_NOT_SUPPORTED; } if (env->algorithm != SC_ALGORITHM_RSA) { - sc_error(card->ctx, "Invalid crypto algorithm supplied.\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Invalid crypto algorithm supplied.\n"); return SC_ERROR_NOT_SUPPORTED; } /* ADJUST FOR PKCS1 padding support for decryption only */ if ((env->algorithm_flags & SC_ALGORITHM_RSA_PADS) || (env->algorithm_flags & SC_ALGORITHM_RSA_HASHES)) { - sc_error(card->ctx, "Card supports only raw RSA.\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Card supports only raw RSA.\n"); return SC_ERROR_NOT_SUPPORTED; } if (env->flags & SC_SEC_ENV_KEY_REF_PRESENT) { if (env->key_ref_len != 1 || (env->key_ref[0] > 0x0F)) { - sc_error(card->ctx, "Invalid key reference supplied.\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Invalid key reference supplied.\n"); return SC_ERROR_NOT_SUPPORTED; } priv->rsa_key_ref = env->key_ref[0]; } if (env->flags & SC_SEC_ENV_ALG_REF_PRESENT) { - sc_error(card->ctx, "Algorithm reference not supported.\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Algorithm reference not supported.\n"); return SC_ERROR_NOT_SUPPORTED; } /* if (env->flags & SC_SEC_ENV_FILE_REF_PRESENT) if (memcmp(env->file_ref.value, "\x00\x12", 2) != 0) { - sc_error(card->ctx, "File reference is not 0012.\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "File reference is not 0012.\n"); return SC_ERROR_NOT_SUPPORTED; } */ priv->env = *env; @@ -731,7 +716,7 @@ key_id = priv->rsa_key_ref * 2; /* Private key */ if (out_len < crgram_len) { - sc_error(card->ctx, "Output buffer too small"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Output buffer too small"); return SC_ERROR_BUFFER_TOO_SMALL; } @@ -743,7 +728,7 @@ out, crgram_len, out_len); - SC_TEST_RET(card->ctx, r, "Card signature failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card signature failed"); return r; } @@ -757,7 +742,7 @@ key_id = priv->rsa_key_ref * 2; /* Private key */ if (outlen < data_len) { - sc_error(card->ctx, "Output buffer too small"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Output buffer too small"); return SC_ERROR_BUFFER_TOO_SMALL; } @@ -769,7 +754,7 @@ out, data_len, outlen); - SC_TEST_RET(card->ctx, r, "Card signature failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card signature failed"); return r; } @@ -778,16 +763,48 @@ return msc_get_challenge(card, len, 0, NULL, rnd); } +static int muscle_check_sw(sc_card_t * card, unsigned int sw1, unsigned int sw2) { + if(sw1 == 0x9C) { + switch(sw2) { + case 0x01: /* SW_NO_MEMORY_LEFT */ + return SC_ERROR_NOT_ENOUGH_MEMORY; + case 0x02: /* SW_AUTH_FAILED */ + return SC_ERROR_PIN_CODE_INCORRECT; + case 0x03: /* SW_OPERATION_NOT_ALLOWED */ + return SC_ERROR_NOT_ALLOWED; + case 0x05: /* SW_UNSUPPORTED_FEATURE */ + return SC_ERROR_NO_CARD_SUPPORT; + case 0x06: /* SW_UNAUTHORIZED */ + return SC_ERROR_SECURITY_STATUS_NOT_SATISFIED; + case 0x07: /* SW_OBJECT_NOT_FOUND */ + return SC_ERROR_FILE_NOT_FOUND; + case 0x08: /* SW_OBJECT_EXISTS */ + return SC_ERROR_FILE_ALREADY_EXISTS; + case 0x09: /* SW_INCORRECT_ALG */ + return SC_ERROR_INCORRECT_PARAMETERS; + case 0x0B: /* SW_SIGNATURE_INVALID */ + return SC_ERROR_CARD_CMD_FAILED; + case 0x0C: /* SW_IDENTITY_BLOCKED */ + return SC_ERROR_AUTH_METHOD_BLOCKED; + case 0x0F: /* SW_INVALID_PARAMETER */ + case 0x10: /* SW_INCORRECT_P1 */ + case 0x11: /* SW_INCORRECT_P2 */ + return SC_ERROR_INCORRECT_PARAMETERS; + } + } + return iso_ops->check_sw(card, sw1, sw2); +} + static struct sc_card_driver * sc_get_driver(void) { struct sc_card_driver *iso_drv = sc_get_iso7816_driver(); + if (iso_ops == NULL) + iso_ops = iso_drv->ops; muscle_ops = *iso_drv->ops; - iso_pin_cmd = iso_drv->ops->pin_cmd; - muscle_ops.check_sw = iso_drv->ops->check_sw; + muscle_ops.check_sw = muscle_check_sw; muscle_ops.pin_cmd = muscle_pin_cmd; - muscle_ops.get_response = iso_drv->ops->get_response; muscle_ops.match_card = muscle_match_card; muscle_ops.init = muscle_init; muscle_ops.finish = muscle_finish; @@ -809,9 +826,7 @@ return &muscle_drv; } -#if 1 struct sc_card_driver * sc_get_muscle_driver(void) { return sc_get_driver(); } -#endif diff -Nru opensc-0.11.13/src/libopensc/card-myeid.c opensc-0.12.1/src/libopensc/card-myeid.c --- opensc-0.11.13/src/libopensc/card-myeid.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/card-myeid.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,26 +18,35 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +#include "config.h" + +#include +#include + #include "internal.h" #include "asn1.h" -#include "types.h" #include "cardctl.h" -#include -#include +#include "types.h" + +#define LOAD_KEY_MODULUS 0x80 +#define LOAD_KEY_PUBLIC_EXPONENT 0x81 +#define LOAD_KEY_PRIME_P 0x83 +#define LOAD_KEY_PRIME_Q 0x84 +#define LOAD_KEY_DP1 0x85 +#define LOAD_KEY_DQ1 0x86 +#define LOAD_KEY_INVQ 0x87 -#define LOAD_KEY_MODULUS 0x80 -#define LOAD_KEY_PUBLIC_EXPONENT 0x81 -#define LOAD_KEY_PRIME_P 0x83 -#define LOAD_KEY_PRIME_Q 0x84 -#define LOAD_KEY_DP1 0x85 -#define LOAD_KEY_DQ1 0x86 -#define LOAD_KEY_INVQ 0x87 +#define MYEID_STATE_CREATION 0x01 +#define MYEID_STATE_ACTIVATED 0x07 static struct sc_card_operations myeid_ops; static struct sc_card_driver myeid_drv = { - "MyEID cards with PKCS#15 applet", - "myeid", - &myeid_ops + "MyEID cards with PKCS#15 applet", + "myeid", + &myeid_ops, + NULL, + 0, + NULL }; static const char *myeid_atrs[] = { @@ -46,11 +55,9 @@ NULL }; - -static int myeid_finish(struct sc_card *card) -{ - return 0; -} +typedef struct myeid_private_data { + int card_state; +} myeid_private_data_t; static int myeid_match_card(struct sc_card *card) { @@ -62,10 +69,11 @@ size_t len = sizeof(defatr); const char *atrp = myeid_atrs[i]; - if (sc_hex_to_bin(atrp, defatr, &len)) continue; - if (len != card->atr_len) + if (sc_hex_to_bin(atrp, defatr, &len)) continue; - if (memcmp(card->atr, defatr, len) != 0) + if (len != card->atr.len) + continue; + if (memcmp(card->atr.value, defatr, len) != 0) continue; match = i; break; @@ -79,9 +87,18 @@ static int myeid_init(struct sc_card *card) { unsigned long flags =0; + myeid_private_data_t *priv; + + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); - flags = SC_ALGORITHM_RSA_RAW | SC_ALGORITHM_RSA_PAD_PKCS1; - flags |= SC_ALGORITHM_RSA_HASH_NONE | SC_ALGORITHM_RSA_HASH_SHA1; + priv = calloc(1, sizeof(myeid_private_data_t)); + if (!priv) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); + priv->card_state = SC_FILE_STATUS_CREATION; + card->drv_data = priv; + + flags = SC_ALGORITHM_RSA_RAW | SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_ONBOARD_KEY_GEN; + flags |= SC_ALGORITHM_RSA_HASH_NONE | SC_ALGORITHM_RSA_HASH_SHA1 | SC_ALGORITHM_ONBOARD_KEY_GEN; _sc_card_add_rsa_alg(card, 1024, flags, 0); _sc_card_add_rsa_alg(card, 2048, flags, 0); @@ -89,7 +106,9 @@ /* State that we have an RNG */ card->caps |= SC_CARD_CAP_RNG; - SC_FUNC_CALLED(card->ctx, 1); + card->max_recv_size = 255; + card->max_send_size = 255; + return 0; } @@ -104,9 +123,9 @@ case SC_AC_TERM: case SC_AC_AUT: if (e->key_ref == SC_AC_KEY_REF_NONE) - return 0x00; + return 0x00; if (e->key_ref < 1 || e->key_ref > 14) - return 0x00; + return 0x00; return e->key_ref; case SC_AC_NEVER: return 0x0F; @@ -142,7 +161,7 @@ const int ef_ops[4] = { SC_AC_OP_READ, SC_AC_OP_UPDATE, SC_AC_OP_DELETE, -1 }; const int key_ops[4] = - { SC_AC_OP_CRYPTO, SC_AC_OP_UPDATE, SC_AC_OP_DELETE, SC_AC_OP_CRYPTO }; + { SC_AC_OP_CRYPTO, SC_AC_OP_UPDATE, SC_AC_OP_DELETE, SC_AC_OP_GENERATE }; const int *ops; @@ -179,28 +198,23 @@ struct sc_file **file) { int r; - SC_FUNC_CALLED(card->ctx, 1); + + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); r = iso_ops->select_file(card, in_path, file); - if (r == 0 && file != NULL) { + if (r == 0 && file != NULL && *file != NULL) parse_sec_attr(*file, (*file)->sec_attr, (*file)->sec_attr_len); - } - SC_FUNC_RETURN(card->ctx, 1, r); -} -static int myeid_read_binary(struct sc_card *card, unsigned int idx, - u8 * buf, size_t count, unsigned long flags) -{ - SC_FUNC_CALLED(card->ctx, 1); - SC_FUNC_RETURN(card->ctx, 1, iso_ops->read_binary(card, idx, buf, count, flags)); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } + static int myeid_list_files(struct sc_card *card, u8 *buf, size_t buflen) { struct sc_apdu apdu; - int r,i; + int r; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xCA, 0x01, 0xA1); apdu.resp = buf; @@ -209,7 +223,7 @@ r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.resplen == 0) return sc_check_sw(card, apdu.sw1, apdu.sw2); return apdu.resplen; @@ -218,14 +232,15 @@ static int myeid_process_fci(struct sc_card *card, struct sc_file *file, const u8 *buf, size_t buflen) { + myeid_private_data_t *priv = (myeid_private_data_t *) card->drv_data; size_t taglen = 0; const u8 *tag = NULL; - int r ; + int r; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); r = iso_ops->process_fci(card, file, buf, buflen); if (r < 0) - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); if(file->type == SC_FILE_EF_UNKNOWN) { @@ -237,21 +252,36 @@ } if(file->sec_attr_len >= 3) { - sc_debug(card->ctx, "id (%X) sec_attr (%X %X %X) \n", file->id, + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "id (%X) sec_attr (%X %X %X)", file->id, file->sec_attr[0],file->sec_attr[1],file->sec_attr[2]); } + tag = sc_asn1_find_tag(NULL, buf, buflen, 0x8A, &taglen); + if (tag != NULL && taglen > 0) + { + if(tag[0] == MYEID_STATE_CREATION) { + file->status = SC_FILE_STATUS_CREATION; + sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "File id (%X) status SC_FILE_STATUS_CREATION (0x%X)", + file->id, tag[0]); + } + else if(tag[0] == MYEID_STATE_ACTIVATED) { + file->status = SC_FILE_STATUS_ACTIVATED; + sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "File id (%X) status SC_FILE_STATUS_ACTIVATED (0x%X)", + file->id, tag[0]); + } + priv->card_state = file->status; + } - SC_FUNC_RETURN(card->ctx, 1, 0); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, 0); } static int encode_file_structure(sc_card_t *card, const sc_file_t *file, u8 *out, size_t *outlen) { - const sc_acl_entry_t *read, *update, *delete; + const sc_acl_entry_t *read, *update, *delete, *generate; u8 buf[40]; int i; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); /* PrivateKey * 0E0000019 6217 81020400 820111 83024B01 8603000000 85028000 8A0100 RESULT 6984 * 6217 81020400 820111 83024B01 8603000000 85021000 8A0100 */ @@ -279,9 +309,9 @@ /* Security Attributes Tag */ buf[13] = 0x86; buf[14] = 0x03; - buf[15] = 0x0; - buf[16] = 0x0; - buf[17] = 0x0; + buf[15] = 0xFF; + buf[16] = 0xFF; + buf[17] = 0xFF; if (file->sec_attr_len == 3 && file->sec_attr) { @@ -289,39 +319,40 @@ buf[16] = file->sec_attr[1]; buf[17] = file->sec_attr[2]; - sc_debug(card->ctx, "id (%X), sec_attr %X %X %X\n", file->id, - file->sec_attr[0],file->sec_attr[1],file->sec_attr[2]); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "id (%X), sec_attr %X %X %X", file->id, + file->sec_attr[0],file->sec_attr[1],file->sec_attr[2]); } else { delete = sc_file_get_acl_entry(file, SC_AC_OP_DELETE); - switch (file->type) { - case SC_FILE_TYPE_WORKING_EF: + switch (file->type) { + case SC_FILE_TYPE_WORKING_EF: read = sc_file_get_acl_entry(file, SC_AC_OP_READ); update = sc_file_get_acl_entry(file, SC_AC_OP_UPDATE); buf[15] = (acl_to_byte(read) << 4) | acl_to_byte(update); - buf[16] = (acl_to_byte(delete)<< 4) | 0x0F; - break; - case SC_FILE_TYPE_INTERNAL_EF: + buf[16] = (acl_to_byte(delete)<< 4) | 0x0F; + break; + case SC_FILE_TYPE_INTERNAL_EF: read = sc_file_get_acl_entry(file, SC_AC_OP_CRYPTO); update = sc_file_get_acl_entry(file, SC_AC_OP_UPDATE); + generate = sc_file_get_acl_entry(file, SC_AC_OP_GENERATE); buf[15] = (acl_to_byte(read) << 4) | acl_to_byte(update); - buf[16] = (acl_to_byte(delete)<< 4) | 0x0F; - break; - case SC_FILE_TYPE_DF: + buf[16] = (acl_to_byte(delete)<< 4) | acl_to_byte(generate); + break; + case SC_FILE_TYPE_DF: update = sc_file_get_acl_entry(file, SC_AC_OP_CREATE); buf[15] = (acl_to_byte(update) << 4) | acl_to_byte(update); - buf[16] = (acl_to_byte(delete) << 4) | 0x0F; - break; - default: - break; + buf[16] = (acl_to_byte(delete) << 4) | 0x0F; + break; + default: + break; } } @@ -352,22 +383,22 @@ { buf[25] = 0x84; buf[26] = (u8)file->namelen; - + for(i=0;i < (int)file->namelen;i++) buf[i + 26] = file->name[i]; - + buf[1] = 0x19 + file->namelen + 2; } break; default: - sc_error(card->ctx, "Unknown file type\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unknown file type\n"); return SC_ERROR_INVALID_ARGUMENTS; } *outlen = buf[1]+2; memcpy(out, buf, *outlen); - SC_FUNC_RETURN(card->ctx, 1, 0); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, 0); } static int myeid_create_file(struct sc_card *card, struct sc_file *file) @@ -377,11 +408,11 @@ size_t buflen; int r; - SC_FUNC_CALLED(card->ctx, 1); - + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + r = encode_file_structure(card, file, sbuf, &buflen); if (r) - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xE0, 0x00, 0x00); apdu.data = sbuf; @@ -389,50 +420,12 @@ apdu.lc = buflen; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 == 0x6A && apdu.sw2 == 0x89) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_FILE_ALREADY_EXISTS); - - r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); -} + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_FILE_ALREADY_EXISTS); -/* no record oriented file services */ -static int myeid_read_record_unsupp(struct sc_card *card, unsigned int rec_nr, - u8 *buf, size_t count, unsigned long flags) -{ - SC_FUNC_CALLED(card->ctx, 1); - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_NOT_SUPPORTED); -} - -static int myeid_wrupd_record_unsupp(struct sc_card *card, unsigned int rec_nr, - const u8 *buf, size_t count, unsigned long flags) -{ - SC_FUNC_CALLED(card->ctx, 1); - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_NOT_SUPPORTED); -} - -static int myeid_append_record_unsupp(struct sc_card *card, const u8 *buf, - size_t count, unsigned long flags) -{ - SC_FUNC_CALLED(card->ctx, 1); - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_NOT_SUPPORTED); -} - - -static int myeid_write_binary(struct sc_card *card, unsigned int idx, - const u8 *buf, size_t count, unsigned long flags) -{ - SC_FUNC_CALLED(card->ctx, 1); - SC_FUNC_RETURN(card->ctx, 1, iso_ops->write_binary(card, idx, buf, count, flags)); -} - - -static int myeid_update_binary(struct sc_card *card, unsigned int idx, - const u8 *buf, size_t count, unsigned long flags) -{ - SC_FUNC_CALLED(card->ctx, 1); - SC_FUNC_RETURN(card->ctx, 1, iso_ops->update_binary(card, idx, buf, count, flags)); + r = sc_check_sw(card, apdu.sw1, apdu.sw2); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } static int myeid_delete_file(struct sc_card *card, const struct sc_path *path) @@ -440,48 +433,46 @@ int r; struct sc_apdu apdu; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); if (path->type != SC_PATH_TYPE_FILE_ID && path->len != 2) { - sc_error(card->ctx, "File type has to be SC_PATH_TYPE_FILE_ID\n"); - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "File type has to be SC_PATH_TYPE_FILE_ID\n"); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS); } r = sc_select_file(card, path, NULL); - SC_TEST_RET(card->ctx, r, "Unable to select file to be deleted"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Unable to select file to be deleted"); sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0xE4, 0x00, 0x00); apdu.cla = 0xA0; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); - SC_FUNC_RETURN(card->ctx, 1, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, sc_check_sw(card, apdu.sw1, apdu.sw2)); } static int myeid_pin_cmd(sc_card_t *card, struct sc_pin_cmd_data *data, int *tries_left) { + myeid_private_data_t *priv = (myeid_private_data_t *) card->drv_data; - SC_FUNC_CALLED(card->ctx, 1); - sc_debug(card->ctx, "ref (%d), pin1 len(%d), pin2 len (%d)\n", + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "ref (%d), pin1 len(%d), pin2 len (%d)\n", data->pin_reference, data->pin1.len, data->pin2.len); if(data->pin1.len > 8 || data->pin2.len > 8) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_PIN_LENGTH); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_PIN_LENGTH); - data->flags |= SC_PIN_CMD_NEED_PADDING; - if(data->cmd == SC_PIN_CMD_VERIFY) - { - u8 buf[8]; - memset(buf, 0xFF, sizeof(buf)); - memcpy(&buf[0], (u8 *)data->pin1.data, data->pin1.len); /* copy pin*/ - data->pin1.data = buf; - data->pin1.len = 8; + data->pin1.pad_length = data->pin2.pad_length = 8; + data->pin1.pad_char = data->pin2.pad_char = 0xFF; + if (data->cmd == SC_PIN_CMD_VERIFY && priv->card_state == SC_FILE_STATUS_CREATION) { + sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Card in creation state, no need to verify"); + return SC_SUCCESS; } - - SC_FUNC_RETURN(card->ctx, 1, iso_ops->pin_cmd(card, data, tries_left)); -} + + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, iso_ops->pin_cmd(card, data, tries_left)); +} static int myeid_set_security_env2(sc_card_t *card, const sc_security_env_t *env, int se_num) @@ -492,16 +483,16 @@ int r, locked = 0; assert(card != NULL && env != NULL); - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); if (env->flags & SC_SEC_ENV_KEY_REF_ASYMMETRIC) { - sc_error(card->ctx, "asymmetric keyref not supported.\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "asymmetric keyref not supported.\n"); return SC_ERROR_NOT_SUPPORTED; } if (se_num > 0) { - sc_error(card->ctx, "restore security environment not supported.\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "restore security environment not supported.\n"); return SC_ERROR_NOT_SUPPORTED; } @@ -547,7 +538,7 @@ apdu.resplen = 0; if (se_num > 0) { r = sc_lock(card); - SC_TEST_RET(card->ctx, r, "sc_lock() failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "sc_lock() failed"); locked = 1; } if (apdu.datalen != 0) @@ -555,13 +546,15 @@ r = sc_transmit_apdu(card, &apdu); if (r) { - sc_perror(card->ctx, r, "APDU transmit failed"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "%s: APDU transmit failed", sc_strerror(r)); goto err; } r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (r) { - sc_perror(card->ctx, r, "Card returned error"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "%s: Card returned error", sc_strerror(r)); goto err; } } @@ -570,19 +563,19 @@ sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x22, 0xF2, se_num); r = sc_transmit_apdu(card, &apdu); sc_unlock(card); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); return sc_check_sw(card, apdu.sw1, apdu.sw2); err: if (locked) sc_unlock(card); - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } static int myeid_set_security_env(struct sc_card *card, const struct sc_security_env *env, int se_num) { - SC_FUNC_CALLED(card->ctx, 1); - + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + if (env->flags & SC_SEC_ENV_ALG_PRESENT) { sc_security_env_t tmp; @@ -592,7 +585,7 @@ tmp.flags |= SC_SEC_ENV_ALG_REF_PRESENT; if (tmp.algorithm != SC_ALGORITHM_RSA) { - sc_error(card->ctx, "Only RSA algorithm supported.\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Only RSA algorithm supported.\n"); return SC_ERROR_NOT_SUPPORTED; } @@ -616,11 +609,11 @@ u8 rbuf[SC_MAX_APDU_BUFFER_SIZE]; u8 sbuf[SC_MAX_APDU_BUFFER_SIZE]; - SC_FUNC_CALLED(card->ctx, 1); - + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + assert(card != NULL && data != NULL && out != NULL); if (datalen > 256) - SC_FUNC_RETURN(card->ctx, 4, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); /* INS: 0x2A PERFORM SECURITY OPERATION * P1: 0x9E Resp: Digital Signature @@ -644,19 +637,18 @@ } apdu.data = sbuf; - apdu.sensitive = 1; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00) { int len = apdu.resplen > outlen ? outlen : apdu.resplen; memcpy(out, apdu.resp, len); - SC_FUNC_RETURN(card->ctx, 4, len); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, len); } - SC_FUNC_RETURN(card->ctx, 4, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); } static int myeid_decipher(struct sc_card *card, const u8 * crgram, @@ -667,12 +659,12 @@ u8 rbuf[SC_MAX_APDU_BUFFER_SIZE]; u8 sbuf[SC_MAX_APDU_BUFFER_SIZE]; - SC_FUNC_CALLED(card->ctx, 1); - + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + assert(card != NULL && crgram != NULL && out != NULL); - SC_FUNC_CALLED(card->ctx, 2); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); if (crgram_len > 256) - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); /* INS: 0x2A PERFORM SECURITY OPERATION * P1: 0x80 Resp: Plain value @@ -684,7 +676,6 @@ apdu.resp = rbuf; apdu.resplen = sizeof(rbuf); apdu.le = crgram_len; - apdu.sensitive = 1; if (crgram_len == 256) { apdu.le = 0; @@ -703,7 +694,7 @@ apdu.datalen = apdu.lc; apdu.data = sbuf; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00) { if (crgram_len == 256) @@ -713,7 +704,6 @@ apdu.resp = rbuf; apdu.resplen = sizeof(rbuf); apdu.le = crgram_len; - apdu.sensitive = 1; /* padding indicator byte, * 0x82 = Second half of 2048 bit cryptogram */ sbuf[0] = 0x82; @@ -724,13 +714,13 @@ r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00) { int len = apdu.resplen > outlen ? outlen : apdu.resplen; memcpy(out, apdu.resp, len); - SC_FUNC_RETURN(card->ctx, 2, len); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, len); } } else @@ -738,10 +728,10 @@ int len = apdu.resplen > outlen ? outlen : apdu.resplen; memcpy(out, apdu.resp, len); - SC_FUNC_RETURN(card->ctx, 2, len); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, len); } } - SC_FUNC_RETURN(card->ctx, 2, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); } /* Write internal data, e.g. add default pin-records to pin */ @@ -750,7 +740,7 @@ int r; struct sc_apdu apdu; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); memset(&apdu, 0, sizeof(apdu)); apdu.cse = SC_APDU_CASE_3_SHORT; @@ -763,12 +753,12 @@ apdu.data = data_obj->Data; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "PUT_DATA returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "PUT_DATA returned error"); - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } /* Read internal data, e.g. get RSA public key */ @@ -777,7 +767,7 @@ int r; struct sc_apdu apdu; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); memset(&apdu, 0, sizeof(apdu)); apdu.cse = SC_APDU_CASE_2_SHORT; @@ -789,22 +779,22 @@ apdu.datalen = 0; apdu.data = data_obj->Data; - apdu.le = 256; + apdu.le = card->max_recv_size; apdu.resp = data_obj->Data; apdu.resplen = data_obj->DataLen; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "GET_DATA returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "GET_DATA returned error"); if (apdu.resplen > data_obj->DataLen) r = SC_ERROR_WRONG_LENGTH; else data_obj->DataLen = apdu.resplen; - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } static int myeid_loadkey(sc_card_t *card, int mode, u8* value, int value_len) @@ -813,7 +803,7 @@ u8 sbuf[SC_MAX_APDU_BUFFER_SIZE]; int r, len; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); len = 0; if(value_len == 0 || value == NULL) return 0; @@ -823,7 +813,7 @@ mode != LOAD_KEY_PUBLIC_EXPONENT) sbuf[len++] = 0x0; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); if(mode == LOAD_KEY_MODULUS && value_len >= 256) { @@ -872,10 +862,10 @@ apdu.lc = len; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } /* Generate or store a key */ @@ -884,10 +874,10 @@ { struct sc_apdu apdu; u8 sbuf[SC_MAX_APDU_BUFFER_SIZE]; - int r=0,len; + int r=0,len; - SC_FUNC_CALLED(card->ctx, 1); - /* Setup key-generation paramters */ + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + /* Setup key-generation parameters */ if (data->op_type == OP_TYPE_GENERATE) { len = 0; @@ -908,10 +898,10 @@ apdu.lc = len; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "GENERATE_KEY returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "GENERATE_KEY returned error"); } else { @@ -929,10 +919,10 @@ data->mod, data->mod_len)) >= 0 && (r=myeid_loadkey(card, LOAD_KEY_PUBLIC_EXPONENT, data->pubexp, data->pubexp_len)) >= 0) - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } static int myeid_activate_card(struct sc_card *card) @@ -941,20 +931,20 @@ u8 sbuf[] ="\xA0\x00\x00\x00\x63\x50\x4B\x43\x53\x2D\x31\x35"; sc_apdu_t apdu; - SC_FUNC_CALLED(card->ctx, 1); - sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x44, 0x04, 0x00); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x44, 0x04, 0x00); apdu.cla = 0x00; apdu.data = sbuf; apdu.datalen = 0x0C; apdu.lc = 0x0C; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "ACTIVATE_APPLET returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "ACTIVATE_APPLET returned error"); - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } static int myeid_get_serialnr(sc_card_t *card, sc_serial_number_t *serial) @@ -963,21 +953,21 @@ sc_apdu_t apdu; u8 rbuf[SC_MAX_APDU_BUFFER_SIZE]; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xca, 0x01, 0xA0); apdu.resp = rbuf; apdu.resplen = sizeof(rbuf); apdu.le = 256; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00) return SC_ERROR_INTERNAL; if (apdu.resplen != 20) { - sc_debug(card->ctx, "unexpected response to GET DATA serial number\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "unexpected response to GET DATA serial number\n"); return SC_ERROR_INTERNAL; } @@ -988,68 +978,65 @@ /* copy and return serial number */ memcpy(serial, &card->serialnr, sizeof(*serial)); - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } static int myeid_card_ctl(struct sc_card *card, unsigned long cmd, void *ptr) { int r = SC_ERROR_NOT_SUPPORTED; - SC_FUNC_CALLED(card->ctx, 1); - + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + switch(cmd) { case SC_CARDCTL_MYEID_PUTDATA: r = myeid_putdata(card, (struct sc_cardctl_myeid_data_obj*) ptr); - break; + break; case SC_CARDCTL_MYEID_GETDATA: r = myeid_getdata(card, (struct sc_cardctl_myeid_data_obj*) ptr); - break; - case SC_CARDCTL_MYEID_GENERATE_KEY: + break; + case SC_CARDCTL_MYEID_GENERATE_STORE_KEY: r = myeid_generate_store_key(card, (struct sc_cardctl_myeid_gen_store_key_info *) ptr); - break; + break; case SC_CARDCTL_MYEID_ACTIVATE_CARD: r = myeid_activate_card(card); break; case SC_CARDCTL_GET_SERIALNR: r = myeid_get_serialnr(card, (sc_serial_number_t *)ptr); break; + case SC_CARDCTL_GET_DEFAULT_KEY: case SC_CARDCTL_LIFECYCLE_SET: case SC_CARDCTL_LIFECYCLE_GET: - break; + break; } - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } -/* "The PINs are "global" in a PKCS#15 sense, meaning that they remain valid - * until card reset! Selecting another applet doesn't invalidate the PINs, - * you need to reset the card." - javacard@zurich.ibm.com, when asked about - * how to invalidate logged in pins. -*/ -static int myeid_logout(struct sc_card *card) +static int myeid_finish(sc_card_t * card) { - SC_FUNC_CALLED(card->ctx, 1); - SC_FUNC_RETURN(card->ctx, 1, 0); + struct myeid_private_data *priv = (struct myeid_private_data *) card->drv_data; + free(priv); + return SC_SUCCESS; } + static struct sc_card_driver * sc_get_driver(void) { struct sc_card_driver *iso_drv = sc_get_iso7816_driver(); + if (iso_ops == NULL) + iso_ops = iso_drv->ops; + myeid_ops = *iso_drv->ops; myeid_ops.match_card = myeid_match_card; myeid_ops.init = myeid_init; - myeid_ops.finish = myeid_finish; - if (iso_ops == NULL) - iso_ops = iso_drv->ops; - myeid_ops.read_binary = myeid_read_binary; - myeid_ops.read_record = myeid_read_record_unsupp; - myeid_ops.write_record = myeid_wrupd_record_unsupp; - myeid_ops.append_record = myeid_append_record_unsupp; - myeid_ops.update_record = myeid_wrupd_record_unsupp; - myeid_ops.write_binary = myeid_write_binary; - myeid_ops.update_binary = myeid_update_binary; + myeid_ops.finish = myeid_finish; + /* no record oriented file services */ + myeid_ops.read_record = NULL; + myeid_ops.write_record = NULL; + myeid_ops.append_record = NULL; + myeid_ops.update_record = NULL; myeid_ops.select_file = myeid_select_file; myeid_ops.create_file = myeid_create_file; myeid_ops.delete_file = myeid_delete_file; @@ -1057,10 +1044,9 @@ myeid_ops.set_security_env = myeid_set_security_env; myeid_ops.compute_signature = myeid_compute_signature; myeid_ops.decipher = myeid_decipher; - myeid_ops.logout = myeid_logout; myeid_ops.process_fci = myeid_process_fci; myeid_ops.card_ctl = myeid_card_ctl; - myeid_ops.pin_cmd = myeid_pin_cmd; + myeid_ops.pin_cmd = myeid_pin_cmd; return &myeid_drv; } diff -Nru opensc-0.11.13/src/libopensc/card-oberthur.c opensc-0.12.1/src/libopensc/card-oberthur.c --- opensc-0.11.13/src/libopensc/card-oberthur.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/card-oberthur.c 2011-05-17 17:07:00.000000000 +0000 @@ -3,7 +3,8 @@ * CosmopolIC v5; * * Copyright (C) 2001, 2002 Juha Yrjölä - * Copyright (C) 2003 Viktor Tarasov , idealx + * Copyright (C) 2009 Viktor Tarasov , + * OpenTrust * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -22,11 +23,9 @@ * best view with tabstop=4 */ -#include "internal.h" -#include "cardctl.h" -#include "pkcs15.h" +#include "config.h" -#ifdef ENABLE_OPENSSL +#ifdef ENABLE_OPENSSL /* empty file without openssl */ #include #include #include @@ -35,6 +34,16 @@ #include #include +#include "internal.h" +#include "cardctl.h" +#include "pkcs15.h" + +#define OBERTHUR_PIN_LOCAL 0x80 +#define OBERTHUR_PIN_REFERENCE_USER 0x81 +#define OBERTHUR_PIN_REFERENCE_ONETIME 0x82 +#define OBERTHUR_PIN_REFERENCE_SO 0x04 +#define OBERTHUR_PIN_REFERENCE_PUK 0x84 + /* keep OpenSSL 0.9.6 users happy ;-) */ #if OPENSSL_VERSION_NUMBER < 0x00907000L #define DES_cblock des_cblock @@ -43,8 +52,6 @@ #define DES_ecb_encrypt(a,b,c,d) des_ecb_encrypt(a,b,*c,d) #endif -#define NOT_YET 1 - static struct sc_atr_table oberthur_atrs[] = { { "3B:7D:18:00:00:00:31:80:71:8E:64:77:E3:01:00:82:90:00", NULL, "Oberthur 64k v4/2.1.1", SC_CARD_TYPE_OBERTHUR_64K, 0, NULL }, @@ -56,6 +63,8 @@ "Oberthur 64k v5/2.2.0", SC_CARD_TYPE_OBERTHUR_64K, 0, NULL }, { "3B:7B:18:00:00:00:31:C0:64:77:E3:03:00:82:90:00", NULL, "Oberthur 64k CosmopolIC v5.2/2.2", SC_CARD_TYPE_OBERTHUR_64K, 0, NULL }, + { "3B:FB:11:00:00:81:31:FE:45:00:31:C0:64:77:E9:10:00:00:90:00:6A", NULL, + "OCS ID-One Cosmo Card", SC_CARD_TYPE_OBERTHUR_64K, 0, NULL }, { NULL, NULL, NULL, 0, 0, NULL } }; @@ -64,18 +73,16 @@ int key_file_id; size_t key_size; }; -typedef struct auth_senv auth_senv_t; struct auth_private_data { unsigned char aid[SC_MAX_AID_SIZE]; int aid_len; struct sc_pin_cmd_pin pin_info; - auth_senv_t senv; + struct auth_senv senv; long int sn; }; -typedef struct auth_private_data auth_private_data_t; struct auth_update_component_info { enum SC_CARDCTL_OBERTHUR_KEY_TYPE type; @@ -83,16 +90,18 @@ unsigned char *data; unsigned int len; }; -typedef struct auth_update_component_info auth_update_component_info_t; static const unsigned char *aidAuthentIC_V5 = - (const u8 *)"\xA0\x00\x00\x00\x77\x01\x03\x03\x00\x00\x00\xF1\x00\x00\x00\x02"; + (const unsigned char *)"\xA0\x00\x00\x00\x77\x01\x03\x03\x00\x00\x00\xF1\x00\x00\x00\x02"; static const int lenAidAuthentIC_V5 = 16; static const char *nameAidAuthentIC_V5 = "AuthentIC v5"; -#define AUTH_PIN 1 -#define AUTH_PUK 2 +#define OBERTHUR_AUTH_TYPE_PIN 1 +#define OBERTHUR_AUTH_TYPE_PUK 2 + +#define OBERTHUR_AUTH_MAX_LENGTH_PIN 64 +#define OBERTHUR_AUTH_MAX_LENGTH_PUK 16 #define SC_OBERTHUR_MAX_ATTR_SIZE 8 @@ -103,7 +112,7 @@ static unsigned char rsa_der[PUBKEY_2048_ASN1_SIZE]; static int rsa_der_len = 0; -static sc_file_t *auth_current_ef = NULL, *auth_current_df = NULL; +static struct sc_file *auth_current_ef = NULL, *auth_current_df = NULL; static struct sc_card_operations auth_ops; static struct sc_card_operations *iso_ops; static struct sc_card_driver auth_drv = { @@ -113,55 +122,26 @@ NULL, 0, NULL }; -static int auth_get_pin_reference (sc_card_t *card, +static int auth_get_pin_reference (struct sc_card *card, int type, int reference, int cmd, int *out_ref); -static int auth_read_component(sc_card_t *card, +static int auth_read_component(struct sc_card *card, enum SC_CARDCTL_OBERTHUR_KEY_TYPE type, int num, unsigned char *out, size_t outlen); -static int auth_verify(sc_card_t *card, unsigned int type, - int ref, const u8 *data, size_t data_len, int *tries_left); -static int auth_create_reference_data (sc_card_t *card, +static int auth_pin_is_verified(struct sc_card *card, int pin_reference, + int *tries_left); +static int auth_pin_verify(struct sc_card *card, unsigned int type, + struct sc_pin_cmd_data *data, int *tries_left); +static int auth_pin_reset(struct sc_card *card, unsigned int type, + struct sc_pin_cmd_data *data, int *tries_left); +static int auth_create_reference_data (struct sc_card *card, struct sc_cardctl_oberthur_createpin_info *args); -static int auth_get_serialnr(sc_card_t *card, sc_serial_number_t *serial); -static int auth_select_file(sc_card_t *card, const sc_path_t *in_path, - sc_file_t **file_out); - -#ifndef NOT_YET -static int auth_sm_init (struct sc_card *card, struct sc_sm_info *sm_info, - int cmd, unsigned char *id, size_t id_len, - unsigned char *resp, size_t *resp_len); -static int auth_sm_execute (struct sc_card *card, struct sc_sm_info *sm_info, - unsigned char *data, int data_len, unsigned char *out, size_t len); -static int auth_sm_update_rsa (struct sc_card *card, - struct sc_cardctl_oberthur_updatekey_info *data); -static int auth_sm_reset_pin (struct sc_card *card, int type, int ref, - const unsigned char *data, size_t len); -static int auth_sm_read_binary (struct sc_card *card, - unsigned char *id, size_t id_len, - size_t offs, unsigned char *out, size_t len); -static int auth_sm_release (struct sc_card *card, struct sc_sm_info *sm_info, - unsigned char *data, int data_len); -#endif - -#if 0 -/* this function isn't used anywhere */ -static void _auth_print_acls(struct sc_card *card, struct sc_file *file) -{ - int ii, jj; - - for (jj=0; jj < SC_MAX_AC_OPS; jj++) { - const sc_acl_entry_t *acl = sc_file_get_acl_entry(file, jj); - - for (ii=0; acl; acl = acl->next, ii++) { - sc_debug(card->ctx, "%i-%i: acl : meth 0x%X, ref 0x%X", - jj, ii, acl->method, acl->key_ref); - } - } -} -#endif +static int auth_get_serialnr(struct sc_card *card, struct sc_serial_number *serial); +static int auth_select_file(struct sc_card *card, const struct sc_path *in_path, + struct sc_file **file_out); +static int acl_to_ac_byte(struct sc_card *card, const struct sc_acl_entry *e); static int -auth_finish(sc_card_t *card) +auth_finish(struct sc_card *card) { free(card->drv_data); return SC_SUCCESS; @@ -169,27 +149,26 @@ static int -auth_select_aid(sc_card_t *card) +auth_select_aid(struct sc_card *card) { - sc_apdu_t apdu; + struct sc_apdu apdu; unsigned char apdu_resp[SC_MAX_APDU_BUFFER_SIZE]; struct auth_private_data *data = (struct auth_private_data *) card->drv_data; int rv, ii; unsigned char cm[7] = {0xA0,0x00,0x00,0x00,0x03,0x00,0x00}; - sc_path_t tmp_path; + struct sc_path tmp_path; /* Select Card Manager (to deselect previously selected application) */ sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xA4, 0x04, 0x0C); apdu.lc = sizeof(cm); /* apdu.le = sizeof(cm)+4; */ - apdu.le = 0; apdu.data = cm; apdu.datalen = sizeof(cm); apdu.resplen = sizeof(apdu_resp); apdu.resp = apdu_resp; rv = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, rv, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "APDU transmit failed"); /* Get smart card serial number */ sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xCA, 0x9F, 0x7F); @@ -199,27 +178,28 @@ apdu.resp = apdu_resp; rv = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, rv, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "APDU transmit failed"); card->serialnr.len = 4; memcpy(card->serialnr.value, apdu.resp+15, 4); for (ii=0, data->sn = 0; ii < 4; ii++) data->sn += (int)(*(apdu.resp + 15 + ii)) << (3-ii)*8; - sc_debug(card->ctx, "serial number %li/0x%lX\n", data->sn, data->sn); - + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "serial number %li/0x%lX\n", data->sn, data->sn); + + memset(&tmp_path, 0, sizeof(struct sc_path)); tmp_path.type = SC_PATH_TYPE_DF_NAME; memcpy(tmp_path.value, aidAuthentIC_V5, lenAidAuthentIC_V5); tmp_path.len = lenAidAuthentIC_V5; rv = iso_ops->select_file(card, &tmp_path, NULL); - sc_debug(card->ctx, "rv %i\n", rv); - SC_TEST_RET(card->ctx, rv, "select parent failed"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "rv %i\n", rv); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "select parent failed"); sc_format_path("3F00", &tmp_path); rv = iso_ops->select_file(card, &tmp_path, &auth_current_df); - sc_debug(card->ctx, "rv %i\n", rv); - SC_TEST_RET(card->ctx, rv, "select parent failed"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "rv %i\n", rv); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "select parent failed"); sc_format_path("3F00", &card->cache.current_path); sc_file_dup(&auth_current_ef, auth_current_df); @@ -228,12 +208,13 @@ data->aid_len = lenAidAuthentIC_V5; card->name = nameAidAuthentIC_V5; - sc_debug(card->ctx, "return %i\n", rv); - SC_FUNC_RETURN(card->ctx, 1, rv); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "return %i\n", rv); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, rv); } + static int -auth_match_card(sc_card_t *card) +auth_match_card(struct sc_card *card) { if (_sc_match_atr(card, oberthur_atrs, &card->type) < 0) return 0; @@ -241,19 +222,18 @@ return 1; } + static int -auth_init(sc_card_t *card) +auth_init(struct sc_card *card) { - int rv = 0; - unsigned long flags; struct auth_private_data *data; - sc_path_t path; + struct sc_path path; + unsigned long flags; + int rv = 0; - data = (struct auth_private_data *) malloc(sizeof(struct auth_private_data)); + data = calloc(1, sizeof(struct auth_private_data)); if (!data) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_OUT_OF_MEMORY); - else - memset(data, 0, sizeof(struct auth_private_data)); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); card->cla = 0x00; card->drv_data = data; @@ -262,8 +242,8 @@ card->caps |= SC_CARD_CAP_USE_FCI_AC; if (auth_select_aid(card)) { - sc_error(card->ctx, "Failed to initialize %s\n", card->name); - SC_TEST_RET(card->ctx, SC_ERROR_INVALID_CARD, "Failed to initialize"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Failed to initialize %s\n", card->name); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_CARD, "Failed to initialize"); } flags = SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_PAD_ISO9796; @@ -291,16 +271,16 @@ sc_format_path("3F00", &path); rv = auth_select_file(card, &path, NULL); - SC_FUNC_RETURN(card->ctx, 1, rv); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, rv); } static void -add_acl_entry(sc_card_t *card, sc_file_t *file, unsigned int op, - u8 acl_byte) +add_acl_entry(struct sc_card *card, struct sc_file *file, unsigned int op, + unsigned char acl_byte) { if ((acl_byte & 0xE0) == 0x60) { - sc_debug(card->ctx, "called; op 0x%X; SC_AC_PRO; ref 0x%X\n", op, acl_byte); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "called; op 0x%X; SC_AC_PRO; ref 0x%X\n", op, acl_byte); sc_file_add_acl_entry(file, op, SC_AC_PRO, acl_byte); return; } @@ -309,12 +289,18 @@ case 0x00: sc_file_add_acl_entry(file, op, SC_AC_NONE, SC_AC_KEY_REF_NONE); break; + /* User and OneTime PINs are locals */ case 0x21: case 0x22: - case 0x23: + sc_file_add_acl_entry(file, op, SC_AC_CHV, (acl_byte & 0x0F) | OBERTHUR_PIN_LOCAL); + break; + /* Local SOPIN is only for the unblocking. */ case 0x24: case 0x25: - sc_file_add_acl_entry(file, op, SC_AC_CHV, acl_byte & 0x0F); + if (op == SC_AC_OP_PIN_RESET) + sc_file_add_acl_entry(file, op, SC_AC_CHV, 0x84); + else + sc_file_add_acl_entry(file, op, SC_AC_CHV, 0x04); break; case 0xFF: sc_file_add_acl_entry(file, op, SC_AC_NEVER, SC_AC_KEY_REF_NONE); @@ -327,8 +313,7 @@ static int -tlv_get(const unsigned char *msg, int len, - unsigned char tag, +tlv_get(const unsigned char *msg, int len, unsigned char tag, unsigned char *ret, int *ret_len) { int cur = 0; @@ -361,22 +346,22 @@ unsigned char type, attr[SC_OBERTHUR_MAX_ATTR_SIZE]; int attr_len = sizeof(attr); - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); attr_len = sizeof(attr); if (tlv_get(buf, buflen, 0x82, attr, &attr_len)) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_UNKNOWN_DATA_RECEIVED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED); type = attr[0]; attr_len = sizeof(attr); if (tlv_get(buf, buflen, 0x83, attr, &attr_len)) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_UNKNOWN_DATA_RECEIVED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED); file->id = attr[0]*0x100 + attr[1]; attr_len = sizeof(attr); if (tlv_get(buf, buflen, type==0x01 ? 0x80 : 0x85, attr, &attr_len)) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_UNKNOWN_DATA_RECEIVED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED); if (attr_len<2 && type != 0x04) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_UNKNOWN_DATA_RECEIVED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED); switch (type) { case 0x01: @@ -390,9 +375,9 @@ file->size = attr[0]; attr_len = sizeof(attr); if (tlv_get(buf, buflen, 0x82, attr, &attr_len)) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_UNKNOWN_DATA_RECEIVED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED); if (attr_len!=5) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_UNKNOWN_DATA_RECEIVED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED); file->record_length = attr[2]*0x100+attr[3]; file->record_count = attr[4]; break; @@ -414,8 +399,8 @@ else if (file->size==2048) file->size = PUBKEY_2048_ASN1_SIZE; else { - sc_error(card->ctx, "Not supported public key size: %i\n", file->size); - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_UNKNOWN_DATA_RECEIVED); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Not supported public key size: %i\n", file->size); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED); } break; case 0x14: @@ -429,56 +414,47 @@ sc_file_set_type_attr(file,attr,attr_len); break; default: - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_UNKNOWN_DATA_RECEIVED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED); } attr_len = sizeof(attr); if (tlv_get(buf, buflen, 0x86, attr, &attr_len)) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_UNKNOWN_DATA_RECEIVED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED); if (attr_len<8) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_UNKNOWN_DATA_RECEIVED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED); if (file->type == SC_FILE_TYPE_DF) { add_acl_entry(card, file, SC_AC_OP_CREATE, attr[0]); add_acl_entry(card, file, SC_AC_OP_CRYPTO, attr[1]); add_acl_entry(card, file, SC_AC_OP_LIST_FILES, attr[2]); add_acl_entry(card, file, SC_AC_OP_DELETE, attr[3]); -#ifndef NOT_YET - add_acl_entry(card, file, SC_AC_OP_PIN_SET, attr[4]); + add_acl_entry(card, file, SC_AC_OP_PIN_DEFINE, attr[4]); add_acl_entry(card, file, SC_AC_OP_PIN_CHANGE, attr[5]); add_acl_entry(card, file, SC_AC_OP_PIN_RESET, attr[6]); -#endif + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "SC_FILE_TYPE_DF:CRYPTO %X\n", attr[1]); } else if (file->type == SC_FILE_TYPE_INTERNAL_EF) { /* EF */ switch (file->ef_structure) { case SC_CARDCTL_OBERTHUR_KEY_DES: add_acl_entry(card, file, SC_AC_OP_UPDATE, attr[0]); -#if 0 - add_acl_entry(card, file, SC_AC_OP_DECRYPT, attr[1]); - add_acl_entry(card, file, SC_AC_OP_ENCRYPT, attr[2]); - add_acl_entry(card, file, SC_AC_OP_CHECKSUM, attr[3]); - add_acl_entry(card, file, SC_AC_OP_VERIFY, attr[4]); -#else - add_acl_entry(card, file, SC_AC_OP_READ, attr[1]); -#endif + add_acl_entry(card, file, SC_AC_OP_PSO_DECRYPT, attr[1]); + add_acl_entry(card, file, SC_AC_OP_PSO_ENCRYPT, attr[2]); + add_acl_entry(card, file, SC_AC_OP_PSO_COMPUTE_CHECKSUM, attr[3]); + add_acl_entry(card, file, SC_AC_OP_PSO_VERIFY_CHECKSUM, attr[4]); + add_acl_entry(card, file, SC_AC_OP_INTERNAL_AUTHENTICATE, attr[5]); + add_acl_entry(card, file, SC_AC_OP_EXTERNAL_AUTHENTICATE, attr[6]); break; case SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC: add_acl_entry(card, file, SC_AC_OP_UPDATE, attr[0]); -#if 0 - add_acl_entry(card, file, SC_AC_OP_ENCRYPT, attr[2]); - add_acl_entry(card, file, SC_AC_OP_VERIFY, attr[4]); -#else - add_acl_entry(card, file, SC_AC_OP_READ, attr[2]); -#endif + add_acl_entry(card, file, SC_AC_OP_PSO_ENCRYPT, attr[2]); + add_acl_entry(card, file, SC_AC_OP_PSO_VERIFY_SIGNATURE, attr[4]); + add_acl_entry(card, file, SC_AC_OP_EXTERNAL_AUTHENTICATE, attr[6]); break; case SC_CARDCTL_OBERTHUR_KEY_RSA_CRT: add_acl_entry(card, file, SC_AC_OP_UPDATE, attr[0]); -#if 0 - add_acl_entry(card, file, SC_AC_OP_DECRYPT, attr[1]); - add_acl_entry(card, file, SC_AC_OP_SIGN, attr[3]); -#else - add_acl_entry(card, file, SC_AC_OP_READ, attr[1]); -#endif + add_acl_entry(card, file, SC_AC_OP_PSO_DECRYPT, attr[1]); + add_acl_entry(card, file, SC_AC_OP_PSO_COMPUTE_SIGNATURE, attr[3]); + add_acl_entry(card, file, SC_AC_OP_INTERNAL_AUTHENTICATE, attr[5]); break; } } @@ -502,30 +478,30 @@ file->status = SC_FILE_STATUS_ACTIVATED; file->magic = SC_FILE_MAGIC; - SC_FUNC_RETURN(card->ctx, 1, SC_SUCCESS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); } static int -auth_select_file(sc_card_t *card, const sc_path_t *in_path, - sc_file_t **file_out) +auth_select_file(struct sc_card *card, const struct sc_path *in_path, + struct sc_file **file_out) { - int rv; + struct sc_path path; + struct sc_file *tmp_file = NULL; size_t offs, ii; - sc_path_t path; - sc_file_t *tmp_file = NULL; + int rv; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); assert(card != NULL && in_path != NULL); - memcpy(&path, in_path, sizeof(sc_path_t)); + memcpy(&path, in_path, sizeof(struct sc_path)); - sc_debug(card->ctx, "in_path; type=%d, path=%s, out %p\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "in_path; type=%d, path=%s, out %p\n", in_path->type, sc_print_path(in_path), file_out); - sc_debug(card->ctx, "current path; type=%d, path=%s\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "current path; type=%d, path=%s\n", auth_current_df->path.type, sc_print_path(&auth_current_df->path)); if (auth_current_ef) - sc_debug(card->ctx, "current file; type=%d, path=%s\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "current file; type=%d, path=%s\n", auth_current_ef->path.type, sc_print_path(&auth_current_ef->path)); if (path.type == SC_PATH_TYPE_PARENT || path.type == SC_PATH_TYPE_FILE_ID) { @@ -534,10 +510,10 @@ auth_current_ef = NULL; rv = iso_ops->select_file(card, &path, &tmp_file); - SC_TEST_RET(card->ctx, rv, "select file failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "select file failed"); if (path.type == SC_PATH_TYPE_PARENT) { - memcpy(&tmp_file->path, &auth_current_df->path, sizeof(sc_path_t)); + memcpy(&tmp_file->path, &auth_current_df->path, sizeof(struct sc_path)); if (tmp_file->path.len > 2) tmp_file->path.len -= 2; @@ -571,7 +547,7 @@ sc_file_free(auth_current_ef); auth_current_ef = NULL; } - SC_TEST_RET(card->ctx, rv, "select file failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "select file failed"); } else { for (offs = 0; offs < path.len && offs < auth_current_df->path.len; offs += 2) @@ -579,25 +555,26 @@ path.value[offs + 1] != auth_current_df->path.value[offs + 1]) break; - sc_debug(card->ctx, "offs %i\n", offs); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "offs %i\n", offs); if (offs && offs < auth_current_df->path.len) { size_t deep = auth_current_df->path.len - offs; - sc_debug(card->ctx, "deep %i\n", deep); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "deep %i\n", deep); for (ii=0; iipath, sizeof(sc_path_t)); + memcpy(&tmp_path, &auth_current_df->path, sizeof(struct sc_path)); tmp_path.type = SC_PATH_TYPE_PARENT; rv = auth_select_file (card, &tmp_path, file_out); - SC_TEST_RET(card->ctx, rv, "select file failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "select file failed"); } } if (path.len - offs > 0) { - sc_path_t tmp_path; - + struct sc_path tmp_path; + + memset(&tmp_path, 0, sizeof(struct sc_path)); tmp_path.type = SC_PATH_TYPE_FILE_ID; tmp_path.len = 2; @@ -605,7 +582,7 @@ memcpy(tmp_path.value, path.value + offs + ii, 2); rv = auth_select_file(card, &tmp_path, file_out); - SC_TEST_RET(card->ctx, rv, "select file failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "select file failed"); } } else if (path.len - offs == 0 && file_out) { @@ -614,22 +591,22 @@ else if (auth_current_ef) sc_file_dup(file_out, auth_current_ef); else - SC_TEST_RET(card->ctx, SC_ERROR_INTERNAL, "No current EF"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INTERNAL, "No current EF"); } } - SC_FUNC_RETURN(card->ctx, 1, 0); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, 0); } static int -auth_list_files(sc_card_t *card, u8 *buf, size_t buflen) +auth_list_files(struct sc_card *card, unsigned char *buf, size_t buflen) { - sc_apdu_t apdu; - u8 rbuf[SC_MAX_APDU_BUFFER_SIZE]; + struct sc_apdu apdu; + unsigned char rbuf[SC_MAX_APDU_BUFFER_SIZE]; int rv; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0x34, 0, 0); apdu.cla = 0x80; apdu.le = 0x40; @@ -637,51 +614,50 @@ apdu.resp = rbuf; rv = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, rv, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "APDU transmit failed"); rv = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, rv, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "Card returned error"); if (apdu.resplen == 0x100 && rbuf[0]==0 && rbuf[1]==0) - SC_FUNC_RETURN(card->ctx, 1, 0); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, 0); buflen = buflen < apdu.resplen ? buflen : apdu.resplen; memcpy(buf, rbuf, buflen); - SC_FUNC_RETURN(card->ctx, 1, buflen); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, buflen); } static int -auth_delete_file(sc_card_t *card, const sc_path_t *path) +auth_delete_file(struct sc_card *card, const struct sc_path *path) { + struct sc_apdu apdu; + unsigned char sbuf[2]; int rv; - u8 sbuf[2]; - sc_apdu_t apdu; + char pbuf[SC_MAX_PATH_STRING_SIZE]; - SC_FUNC_CALLED(card->ctx, 1); - if (card->ctx->debug >= 1) { - char pbuf[SC_MAX_PATH_STRING_SIZE]; - - rv = sc_path_print(pbuf, sizeof(pbuf), path); - if (rv != SC_SUCCESS) - pbuf[0] = '\0'; + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); - sc_debug(card->ctx, "path; type=%d, path=%s\n", path->type, pbuf); - } + rv = sc_path_print(pbuf, sizeof(pbuf), path); + if (rv != SC_SUCCESS) + pbuf[0] = '\0'; + + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "path; type=%d, path=%s\n", path->type, pbuf); if (path->len < 2) { - sc_error(card->ctx, "Invalid path length\n"); - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Invalid path length\n"); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS); } if (path->len > 2) { - sc_path_t parent = *path; + struct sc_path parent = *path; parent.len -= 2; parent.type = SC_PATH_TYPE_PATH; rv = auth_select_file(card, &parent, NULL); - SC_TEST_RET(card->ctx, rv, "select parent failed "); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "select parent failed "); } sbuf[0] = path->value[path->len - 2]; @@ -689,7 +665,7 @@ if (memcmp(sbuf,"\x00\x00",2)==0 || (memcmp(sbuf,"\xFF\xFF",2)==0) || memcmp(sbuf,"\x3F\xFF",2)==0) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INCORRECT_PARAMETERS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCORRECT_PARAMETERS); sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xE4, 0x02, 0x00); apdu.lc = 2; @@ -697,94 +673,100 @@ apdu.data = sbuf; rv = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, rv, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "APDU transmit failed"); if (apdu.sw1==0x6A && apdu.sw2==0x82) { - /* Clean the DF contents.*/ - sc_path_t tmp_path; - u8 lbuf[SC_MAX_APDU_BUFFER_SIZE]; + /* Clean up tDF contents.*/ + struct sc_path tmp_path; int ii, len; + unsigned char lbuf[SC_MAX_APDU_BUFFER_SIZE]; + memset(&tmp_path, 0, sizeof(struct sc_path)); tmp_path.type = SC_PATH_TYPE_FILE_ID; memcpy(tmp_path.value, sbuf, 2); tmp_path.len = 2; rv = auth_select_file(card, &tmp_path, NULL); - SC_TEST_RET(card->ctx, rv, "select DF failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "select DF failed"); len = auth_list_files(card, lbuf, sizeof(lbuf)); - SC_TEST_RET(card->ctx, len, "list DF failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, len, "list DF failed"); for (ii=0; iictx, rv, "delete failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "delete failed"); } tmp_path.type = SC_PATH_TYPE_PARENT; rv = auth_select_file(card, &tmp_path, NULL); - SC_TEST_RET(card->ctx, rv, "select parent failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "select parent failed"); apdu.p1 = 1; rv = sc_transmit_apdu(card, &apdu); } - SC_TEST_RET(card->ctx, rv, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "APDU transmit failed"); rv = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_FUNC_RETURN(card->ctx, 1, rv); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, rv); } static int -acl_to_ac_byte(sc_card_t *card, const sc_acl_entry_t *e) +acl_to_ac_byte(struct sc_card *card, const struct sc_acl_entry *e) { + unsigned key_ref; + if (e == NULL) - return -1; + return SC_ERROR_OBJECT_NOT_FOUND; + key_ref = e->key_ref & ~OBERTHUR_PIN_LOCAL; + switch (e->method) { case SC_AC_NONE: - SC_FUNC_RETURN(card->ctx, 1, 0); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, 0); case SC_AC_CHV: - if (e->key_ref > 0 && e->key_ref < 6) - SC_FUNC_RETURN(card->ctx, 1, (0x20 | e->key_ref)); + if (key_ref > 0 && key_ref < 6) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, (0x20 | key_ref)); else - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INCORRECT_PARAMETERS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCORRECT_PARAMETERS); case SC_AC_PRO: - if (((e->key_ref & 0xE0) != 0x60) || ((e->key_ref & 0x18) == 0)) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INCORRECT_PARAMETERS); + if (((key_ref & 0xE0) != 0x60) || ((key_ref & 0x18) == 0)) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCORRECT_PARAMETERS); else - SC_FUNC_RETURN(card->ctx, 1, e->key_ref); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, key_ref); case SC_AC_NEVER: return 0xff; } - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INCORRECT_PARAMETERS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCORRECT_PARAMETERS); } static int -encode_file_structure_V5(sc_card_t *card, const sc_file_t *file, - u8 *buf, size_t *buflen) +encode_file_structure_V5(struct sc_card *card, const struct sc_file *file, + unsigned char *buf, size_t *buflen) { - u8 *p = buf; - int rv=0, size; size_t ii; + int rv=0, size; + unsigned char *p = buf; unsigned char ops[8] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}; - SC_FUNC_CALLED(card->ctx, 1); - sc_debug(card->ctx, "id %04X; size %i; type %i/%i\n", + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "id %04X; size %i; type 0x%X/0x%X\n", file->id, file->size, file->type, file->ef_structure); if (*buflen < 0x18) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INCORRECT_PARAMETERS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCORRECT_PARAMETERS); p[0] = 0x62, p[1] = 0x16; p[2] = 0x82, p[3] = 0x02; @@ -832,9 +814,8 @@ rv = SC_ERROR_INVALID_ARGUMENTS; if (rv) { - sc_error(card->ctx, "Invalid EF structure %i/%i\n", - file->type, file->ef_structure); - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INCORRECT_PARAMETERS); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Invalid EF structure 0x%X/0x%X\n", file->type, file->ef_structure); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCORRECT_PARAMETERS); } p[6] = 0x83; @@ -852,7 +833,7 @@ } else if (file->type == SC_FILE_TYPE_INTERNAL_EF && file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC) { - sc_debug(card->ctx, "ef %s\n","SC_FILE_EF_RSA_PUBLIC"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "ef %s\n","SC_FILE_EF_RSA_PUBLIC"); if (file->size == PUBKEY_512_ASN1_SIZE || file->size == 512) size = 512; else if (file->size == PUBKEY_1024_ASN1_SIZE || file->size == 1024) @@ -860,8 +841,8 @@ else if (file->size == PUBKEY_2048_ASN1_SIZE || file->size == 2048) size = 2048; else { - sc_error(card->ctx, "incorrect RSA size %X\n", file->size); - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INCORRECT_PARAMETERS); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "incorrect RSA size %X\n", file->size); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCORRECT_PARAMETERS); } } else if (file->type == SC_FILE_TYPE_INTERNAL_EF && @@ -873,8 +854,8 @@ else if (file->size == 24 || file->size == 192) size = 192; else { - sc_error(card->ctx, "incorrect DES size %X\n", file->size); - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INCORRECT_PARAMETERS); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "incorrect DES size %i\n", file->size); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCORRECT_PARAMETERS); } } @@ -889,26 +870,20 @@ ops[1] = SC_AC_OP_CRYPTO; ops[2] = SC_AC_OP_LIST_FILES; ops[3] = SC_AC_OP_DELETE; -#ifndef NOT_YET - ops[4] = SC_AC_OP_PIN_SET; /* SC_AC_OP_SET_REFERENCE */ - ops[5] = SC_AC_OP_PIN_CHANGE; /* SC_AC_OP_CHANGE_REFERENCE */ - ops[6] = SC_AC_OP_PIN_RESET; /* SC_AC_OP_RESET_COUNTER */ -#else - ops[4] = SC_AC_OP_LIST_FILES; /* SC_AC_OP_SET_REFERENCE */ - ops[5] = SC_AC_OP_LIST_FILES; /* SC_AC_OP_CHANGE_REFERENCE */ - ops[6] = SC_AC_OP_LIST_FILES; /* SC_AC_OP_RESET_COUNTER */ -#endif + ops[4] = SC_AC_OP_PIN_DEFINE; + ops[5] = SC_AC_OP_PIN_CHANGE; + ops[6] = SC_AC_OP_PIN_RESET; } else if (file->type == SC_FILE_TYPE_WORKING_EF) { if (file->ef_structure == SC_FILE_EF_TRANSPARENT) { - sc_debug(card->ctx, "SC_FILE_EF_TRANSPARENT\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "SC_FILE_EF_TRANSPARENT\n"); ops[0] = SC_AC_OP_WRITE; ops[1] = SC_AC_OP_UPDATE; ops[2] = SC_AC_OP_READ; ops[3] = SC_AC_OP_ERASE; } else if (file->ef_structure == SC_FILE_EF_LINEAR_VARIABLE) { - sc_debug(card->ctx, "SC_FILE_EF_LINEAR_VARIABLE\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "SC_FILE_EF_LINEAR_VARIABLE\n"); ops[0] = SC_AC_OP_WRITE; ops[1] = SC_AC_OP_UPDATE; ops[2] = SC_AC_OP_READ; @@ -917,74 +892,76 @@ } else if (file->type == SC_FILE_TYPE_INTERNAL_EF) { if (file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_DES) { - sc_debug(card->ctx, "EF_DES\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "EF_DES\n"); ops[0] = SC_AC_OP_UPDATE; - ops[1] = SC_AC_OP_CRYPTO; /* SC_AC_OP_DECRYPT */ - ops[2] = SC_AC_OP_CRYPTO; /* SC_AC_OP_ENCRYPT */ - ops[3] = SC_AC_OP_CRYPTO; /* SC_AC_OP_CHECKSUM */ - ops[4] = SC_AC_OP_CRYPTO; /* SC_AC_OP_CHECKSUM */ + ops[1] = SC_AC_OP_PSO_DECRYPT; + ops[2] = SC_AC_OP_PSO_ENCRYPT; + ops[3] = SC_AC_OP_PSO_COMPUTE_CHECKSUM; + ops[4] = SC_AC_OP_PSO_VERIFY_CHECKSUM; + ops[5] = SC_AC_OP_INTERNAL_AUTHENTICATE; + ops[6] = SC_AC_OP_EXTERNAL_AUTHENTICATE; } else if (file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC) { - sc_debug(card->ctx, "EF_RSA_PUBLIC\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "EF_RSA_PUBLIC\n"); ops[0] = SC_AC_OP_UPDATE; - ops[2] = SC_AC_OP_CRYPTO; /* SC_AC_OP_ENCRYPT */ - ops[4] = SC_AC_OP_CRYPTO; /* SC_AC_OP_SIGN */ + ops[2] = SC_AC_OP_PSO_ENCRYPT; + ops[4] = SC_AC_OP_PSO_VERIFY_SIGNATURE; + ops[6] = SC_AC_OP_EXTERNAL_AUTHENTICATE; } else if (file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_RSA_CRT) { - sc_debug(card->ctx, "EF_RSA_PRIVATE\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "EF_RSA_PRIVATE\n"); ops[0] = SC_AC_OP_UPDATE; - ops[1] = SC_AC_OP_CRYPTO; /* SC_AC_OP_ENCRYPT */ - ops[3] = SC_AC_OP_CRYPTO; /* SC_AC_OP_SIGN */ + ops[1] = SC_AC_OP_PSO_DECRYPT; + ops[3] = SC_AC_OP_PSO_COMPUTE_SIGNATURE; + ops[5] = SC_AC_OP_INTERNAL_AUTHENTICATE; } } - + for (ii = 0; ii < sizeof(ops); ii++) { - const sc_acl_entry_t *entry; + const struct sc_acl_entry *entry; p[16+ii] = 0xFF; if (ops[ii]==0xFF) continue; entry = sc_file_get_acl_entry(file, ops[ii]); rv = acl_to_ac_byte(card,entry); - SC_TEST_RET(card->ctx, rv, "Invalid ACL"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "Invalid ACL"); p[16+ii] = rv; } *buflen = 0x18; - SC_FUNC_RETURN(card->ctx, 1, SC_SUCCESS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); } static int -auth_create_file(sc_card_t *card, sc_file_t *file) +auth_create_file(struct sc_card *card, struct sc_file *file) { - u8 sbuf[0x18]; - size_t sendlen = sizeof(sbuf); + struct sc_apdu apdu; + struct sc_path path; int rv, rec_nr; - sc_apdu_t apdu; - sc_path_t path; + unsigned char sbuf[0x18]; + size_t sendlen = sizeof(sbuf); char pbuf[SC_MAX_PATH_STRING_SIZE]; - SC_FUNC_CALLED(card->ctx, 1); - if (card->ctx->debug >= 1) { - rv = sc_path_print(pbuf, sizeof(pbuf), &file->path); - if (rv != SC_SUCCESS) - pbuf[0] = '\0'; + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); - sc_debug(card->ctx, " create path=%s\n", pbuf); - sc_debug(card->ctx,"id %04X; size %i; type %i; ef %i\n", - file->id, file->size, file->type, file->ef_structure); - } + rv = sc_path_print(pbuf, sizeof(pbuf), &file->path); + if (rv != SC_SUCCESS) + pbuf[0] = '\0'; + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, " create path=%s\n", pbuf); + + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "id %04X; size %i; type 0x%X; ef 0x%X\n", + file->id, file->size, file->type, file->ef_structure); if (file->id==0x0000 || file->id==0xFFFF || file->id==0x3FFF) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS); - if (card->ctx->debug >= 1) { - rv = sc_path_print(pbuf, sizeof(pbuf), &card->cache.current_path); - if (rv != SC_SUCCESS) - pbuf[0] = '\0'; - } + rv = sc_path_print(pbuf, sizeof(pbuf), &card->cache.current_path); + if (rv != SC_SUCCESS) + pbuf[0] = '\0'; if (file->path.len) { memcpy(&path, &file->path, sizeof(path)); @@ -992,13 +969,13 @@ path.len -= 2; if (auth_select_file(card, &path, NULL)) { - sc_error(card->ctx, "Cannot select parent DF.\n"); - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Cannot select parent DF.\n"); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS); } } rv = encode_file_structure_V5(card, file, sbuf, &sendlen); - SC_TEST_RET(card->ctx, rv, "File structure encoding failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "File structure encoding failed"); if (file->type != SC_FILE_TYPE_DF && file->ef_structure != SC_FILE_EF_TRANSPARENT) rec_nr = file->record_count; @@ -1011,14 +988,14 @@ apdu.lc = sendlen; rv = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, rv, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "APDU transmit failed"); rv = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, rv, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "Card returned error"); /* select created DF. */ if (file->type == SC_FILE_TYPE_DF) { - sc_path_t tmp_path; - sc_file_t *df_file = NULL; + struct sc_path tmp_path; + struct sc_file *df_file = NULL; tmp_path.type = SC_PATH_TYPE_FILE_ID; tmp_path.value[0] = file->id >> 8; @@ -1026,48 +1003,48 @@ tmp_path.len = 2; rv = auth_select_file(card, &tmp_path, &df_file); - sc_debug(card->ctx, "rv %i", rv); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "rv %i", rv); } if (auth_current_ef) sc_file_free(auth_current_ef); sc_file_dup(&auth_current_ef, file); - SC_FUNC_RETURN(card->ctx, 1, rv); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, rv); } + static int -auth_set_security_env(sc_card_t *card, - const sc_security_env_t *env, int se_num) +auth_set_security_env(struct sc_card *card, + const struct sc_security_env *env, int se_num) { - auth_senv_t *auth_senv = &((struct auth_private_data *) card->drv_data)->senv; + struct auth_senv *auth_senv = &((struct auth_private_data *) card->drv_data)->senv; + struct sc_apdu apdu; long unsigned pads = env->algorithm_flags & SC_ALGORITHM_RSA_PADS; - long unsigned supported_pads = - SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_PAD_ISO9796; - sc_apdu_t apdu; - u8 rsa_sbuf[3] = { + long unsigned supported_pads = SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_PAD_ISO9796; + int rv; + unsigned char rsa_sbuf[3] = { 0x80, 0x01, 0xFF }; - u8 des_sbuf[13] = { + unsigned char des_sbuf[13] = { 0x80, 0x01, 0x01, 0x87, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; - int rv; - SC_FUNC_CALLED(card->ctx, 1); - sc_debug(card->ctx, "op %i; path %s; key_ref 0x%X; algos 0x%X; flags 0x%X\n", + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "op %i; path %s; key_ref 0x%X; algos 0x%X; flags 0x%X\n", env->operation, sc_print_path(&env->file_ref), env->key_ref[0], env->algorithm_flags, env->flags); - memset(auth_senv, 0, sizeof(auth_senv_t)); + memset(auth_senv, 0, sizeof(struct auth_senv)); if (!(env->flags & SC_SEC_ENV_FILE_REF_PRESENT)) - SC_TEST_RET(card->ctx, SC_ERROR_INTERNAL, "Key file is not selected."); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INTERNAL, "Key file is not selected."); switch (env->algorithm) { case SC_ALGORITHM_DES: case SC_ALGORITHM_3DES: - sc_debug(card->ctx, "algo SC_ALGORITHM_xDES: ref %X, flags %X\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "algo SC_ALGORITHM_xDES: ref %X, flags %X\n", env->algorithm_ref, env->flags); if (env->operation == SC_SEC_OPERATION_DECIPHER) { @@ -1077,20 +1054,20 @@ apdu.datalen = 3; } else { - sc_error(card->ctx, "Invalid crypto operation: %X\n", env->operation); - SC_TEST_RET(card->ctx, SC_ERROR_NOT_SUPPORTED, "Invalid crypto operation"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Invalid crypto operation: %X\n", env->operation); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "Invalid crypto operation"); } break; case SC_ALGORITHM_RSA: - sc_debug(card->ctx, "algo SC_ALGORITHM_RSA\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "algo SC_ALGORITHM_RSA\n"); if (env->algorithm_flags & SC_ALGORITHM_RSA_HASHES) { - SC_TEST_RET(card->ctx, SC_ERROR_NOT_SUPPORTED, "No support for hashes."); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "No support for hashes."); } if (pads & (~supported_pads)) { - sc_error(card->ctx, "No support for PAD %X\n",pads); - SC_TEST_RET(card->ctx, SC_ERROR_NOT_SUPPORTED, "No padding support."); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "No support for PAD %X\n",pads); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "No padding support."); } if (env->operation == SC_SEC_OPERATION_SIGN) { @@ -1110,49 +1087,49 @@ apdu.data = rsa_sbuf; } else { - sc_error(card->ctx, "Invalid crypto operation: %X\n", env->operation); - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_NOT_SUPPORTED); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Invalid crypto operation: %X\n", env->operation); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED); } break; default: - SC_TEST_RET(card->ctx, SC_ERROR_NOT_SUPPORTED, "Invalid crypto algorithm supplied"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "Invalid crypto algorithm supplied"); } rv = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, rv, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "APDU transmit failed"); rv = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, rv, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "Card returned error"); auth_senv->algorithm = env->algorithm; - SC_FUNC_RETURN(card->ctx, 1, rv); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, rv); } static int -auth_restore_security_env(sc_card_t *card, int se_num) +auth_restore_security_env(struct sc_card *card, int se_num) { return SC_SUCCESS; } static int -auth_compute_signature(sc_card_t *card, - const u8 *in, size_t ilen, u8 * out, size_t olen) +auth_compute_signature(struct sc_card *card, const unsigned char *in, size_t ilen, + unsigned char * out, size_t olen) { - sc_apdu_t apdu; + struct sc_apdu apdu; unsigned char resp[SC_MAX_APDU_BUFFER_SIZE]; int rv; - SC_FUNC_CALLED(card->ctx, 1); - sc_debug(card->ctx, "inlen %i, outlen %i\n", ilen, olen); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "inlen %i, outlen %i\n", ilen, olen); if (!card || !in || !out) { - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS); } else if (ilen > 96) { - sc_error(card->ctx, "Illegal input length %d\n", ilen); - SC_TEST_RET(card->ctx, SC_ERROR_INVALID_ARGUMENTS, "Illegal input length"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Illegal input length %d\n", ilen); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS, "Illegal input length"); } sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0x2A, 0x9E, 0x9A); @@ -1164,38 +1141,38 @@ apdu.resplen = olen; rv = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, rv, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "APDU transmit failed"); rv = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, rv, "Compute signature failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "Compute signature failed"); if (apdu.resplen > olen) { - sc_error(card->ctx, "Compute signature failed: invalide response length %i\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Compute signature failed: invalide response length %i\n", apdu.resplen); - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_CARD_CMD_FAILED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_CARD_CMD_FAILED); } memcpy(out, apdu.resp, apdu.resplen); - SC_FUNC_RETURN(card->ctx, 1, apdu.resplen); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, apdu.resplen); } static int -auth_decipher(sc_card_t *card, const u8 *in, size_t inlen, - u8 *out, size_t outlen) +auth_decipher(struct sc_card *card, const unsigned char *in, size_t inlen, + unsigned char *out, size_t outlen) { - sc_apdu_t apdu; - u8 resp[SC_MAX_APDU_BUFFER_SIZE]; + struct sc_apdu apdu; + unsigned char resp[SC_MAX_APDU_BUFFER_SIZE]; int rv, _inlen = inlen; - SC_FUNC_CALLED(card->ctx, 1); - sc_debug(card->ctx,"crgram_len %i; outlen %i\n", inlen, outlen); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"crgram_len %i; outlen %i\n", inlen, outlen); if (!out || !outlen || inlen > SC_MAX_APDU_BUFFER_SIZE) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS); sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0x2A, 0x80, 0x86); - sc_debug(card->ctx, "algorithm SC_ALGORITHM_RSA\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "algorithm SC_ALGORITHM_RSA\n"); if (inlen % 64) { rv = SC_ERROR_INVALID_ARGUMENTS; goto done; @@ -1212,10 +1189,10 @@ apdu.le = 256; rv = sc_transmit_apdu(card, &apdu); - sc_debug(card->ctx, "rv %i", rv); - SC_TEST_RET(card->ctx, rv, "APDU transmit failed"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "rv %i", rv); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "APDU transmit failed"); rv = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, rv, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "Card returned error"); _inlen -= 8; in += 8; @@ -1226,7 +1203,7 @@ #if 0 case SC_ALGORITHM_DES: case SC_ALGORITHM_3DES: - sc_debug(card->ctx,"algorithm SC_ALGORITHM_DES\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"algorithm SC_ALGORITHM_DES\n"); if (crgram_len == 0 || (crgram_len%8) != 0) { rv = SC_ERROR_INVALID_ARGUMENTS; goto done; @@ -1242,11 +1219,11 @@ apdu.le = _inlen; rv = sc_transmit_apdu(card, &apdu); - sc_debug(card->ctx, "rv %i", rv); - SC_TEST_RET(card->ctx, rv, "APDU transmit failed"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "rv %i", rv); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "APDU transmit failed"); rv = sc_check_sw(card, apdu.sw1, apdu.sw2); - sc_debug(card->ctx, "rv %i", rv); - SC_TEST_RET(card->ctx, rv, "Card returned error"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "rv %i", rv); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "Card returned error"); if (outlen > apdu.resplen) outlen = apdu.resplen; @@ -1255,29 +1232,20 @@ rv = outlen; done: - SC_FUNC_RETURN(card->ctx, 1, rv); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, rv); } /* Return the default AAK for this type of card */ static int -auth_get_default_key(sc_card_t *card, struct sc_cardctl_default_key *data) +auth_get_default_key(struct sc_card *card, struct sc_cardctl_default_key *data) { - int rv = SC_ERROR_NO_DEFAULT_KEY; - -#ifndef NOT_YET - if (data->method == SC_AC_PRO) { - card->sm_level = data->key_ref | 0x60; - rv = SC_SUCCESS; - } -#endif - - SC_FUNC_RETURN(card->ctx, 1, rv); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NO_DEFAULT_KEY); } static int -auth_encode_exponent(unsigned long exponent, u8 *buff, size_t buff_len) +auth_encode_exponent(unsigned long exponent, unsigned char *buff, size_t buff_len) { int shift; size_t ii; @@ -1297,21 +1265,18 @@ /* Generate key on-card */ static int -auth_generate_key(sc_card_t *card, int use_sm, +auth_generate_key(struct sc_card *card, int use_sm, struct sc_cardctl_oberthur_genkey_info *data) { - sc_apdu_t apdu; - u8 sbuf[SC_MAX_APDU_BUFFER_SIZE]; - sc_path_t tmp_path; + struct sc_apdu apdu; + unsigned char sbuf[SC_MAX_APDU_BUFFER_SIZE]; + struct sc_path tmp_path; int rv = 0; -#ifndef NOT_YET - const sc_acl_entry_t *entry; -#endif - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); if (data->key_bits < 512 || data->key_bits > 2048 || (data->key_bits%0x20)!=0) { - SC_TEST_RET(card->ctx, SC_ERROR_INVALID_ARGUMENTS, "Illegal key length"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS, "Illegal key length"); } sbuf[0] = (data->id_pub >> 8) & 0xFF; @@ -1320,79 +1285,45 @@ sbuf[3] = data->id_prv & 0xFF; if (data->exponent != 0x10001) { rv = auth_encode_exponent(data->exponent, &sbuf[5],SC_MAX_APDU_BUFFER_SIZE-6); - SC_TEST_RET(card->ctx, rv, "Cannot encode exponent"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot encode exponent"); sbuf[4] = rv; rv++; } sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0x46, 0x00, 0x00); - if (!(apdu.resp = (u8 *) malloc(data->key_bits/8+8))) { - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_OUT_OF_MEMORY); - } + apdu.resp = calloc(1, data->key_bits/8+8); + if (!apdu.resp) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); + apdu.resplen = data->key_bits/8+8; apdu.lc = rv + 4; apdu.le = data->key_bits/8; apdu.data = sbuf; apdu.datalen = rv + 4; -#ifndef NOT_YET - entry = sc_file_get_acl_entry(auth_current_df, SC_AC_OP_CRYPTO); - if (entry && entry->method == SC_AC_PRO) - if (card->sm_level < (entry->key_ref | 0x60)) - card->sm_level = entry->key_ref | 0x60; - - if (card->sm_level) { - struct sc_sm_info sm_info; - unsigned char init_data[SC_MAX_APDU_BUFFER_SIZE]; - int init_data_len = sizeof(init_data); - unsigned char out[SC_MAX_APDU_BUFFER_SIZE]; - int out_len = sizeof(init_data); - - rv = auth_sm_init (card, &sm_info, SC_SM_CMD_TYPE_GENERATE_RSA, - card->serialnr.value, card->serialnr.len, - init_data, &init_data_len); - SC_TEST_RET(card->ctx, rv, "SM: init failed"); - - sm_info.p1 = data->key_bits; - sm_info.data = apdu.data; - sm_info.data_len = apdu.datalen; - - rv = auth_sm_execute (card, &sm_info, init_data, init_data_len, - out, out_len); - SC_TEST_RET(card->ctx, rv, "SM: execute failed"); - - rv = auth_sm_release (card, &sm_info, out, out_len); - SC_TEST_RET(card->ctx, rv, "SM: release failed"); - - /* TODO clean resp */ - } - else { -#endif - rv = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, rv, "APDU transmit failed"); - rv = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, rv, "Card returned error"); -#ifndef NOT_YET - } -#endif + rv = sc_transmit_apdu(card, &apdu); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "APDU transmit failed"); + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "Card returned error"); + memset(&tmp_path, 0, sizeof(struct sc_path)); tmp_path.type = SC_PATH_TYPE_FILE_ID; tmp_path.len = 2; memcpy(tmp_path.value, sbuf, 2); rv = auth_select_file(card, &tmp_path, NULL); - SC_TEST_RET(card->ctx, rv, "cannot select public key"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "cannot select public key"); rv = auth_read_component(card, SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC, 1, apdu.resp, data->key_bits/8); - SC_TEST_RET(card->ctx, rv, "auth_read_component() returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "auth_read_component() returned error"); apdu.resplen = rv; if (data->pubkey) { if (data->pubkey_len < apdu.resplen) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS); memcpy(data->pubkey,apdu.resp,apdu.resplen); } @@ -1400,24 +1331,24 @@ data->pubkey_len = apdu.resplen; free(apdu.resp); - sc_debug(card->ctx, "resulted public key len %i\n", apdu.resplen); - SC_FUNC_RETURN(card->ctx, 1, SC_SUCCESS); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "resulted public key len %i\n", apdu.resplen); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); } static int -auth_update_component(sc_card_t *card, struct auth_update_component_info *args) +auth_update_component(struct sc_card *card, struct auth_update_component_info *args) { - sc_apdu_t apdu; - u8 sbuf[SC_MAX_APDU_BUFFER_SIZE + 0x10]; - u8 ins, p1, p2; + struct sc_apdu apdu; + unsigned char sbuf[SC_MAX_APDU_BUFFER_SIZE + 0x10]; + unsigned char ins, p1, p2; int rv, len; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); if (args->len > sizeof(sbuf) || args->len > 0x100) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS); - sc_debug(card->ctx, "nn %i; len %i\n", args->component, args->len); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "nn %i; len %i\n", args->component, args->len); ins = 0xD8; p1 = args->component; p2 = 0x04; @@ -1435,7 +1366,7 @@ EVP_CIPHER_CTX ctx; if (args->len!=8 && args->len!=24) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS); p2 = 0; EVP_CIPHER_CTX_init(&ctx); @@ -1445,8 +1376,8 @@ EVP_EncryptInit_ex(&ctx, EVP_des_ecb(), NULL, args->data, NULL); rv = EVP_EncryptUpdate(&ctx, out, &outl, in, 8); if (!EVP_CIPHER_CTX_cleanup(&ctx) || rv == 0) { - sc_error(card->ctx, "OpenSSL encryption error."); - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INTERNAL); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "OpenSSL encryption error."); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INTERNAL); } sbuf[len++] = 0x03; @@ -1462,7 +1393,6 @@ apdu.data = sbuf; apdu.datalen = len; apdu.lc = len; - apdu.sensitive = 1; if (args->len == 0x100) { sbuf[0] = args->type; sbuf[1] = 0x20; @@ -1474,7 +1404,7 @@ apdu.lc = 0x23; rv = sc_transmit_apdu(card, &apdu); apdu.cla &= ~0x10; - SC_TEST_RET(card->ctx, rv, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "APDU transmit failed"); sbuf[0] = args->type; sbuf[1] = 0xE0; @@ -1487,41 +1417,28 @@ rv = sc_transmit_apdu(card, &apdu); sc_mem_clear(sbuf, sizeof(sbuf)); - SC_TEST_RET(card->ctx, rv, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "APDU transmit failed"); rv = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_FUNC_RETURN(card->ctx, 1, rv); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, rv); } static int -auth_update_key(sc_card_t *card, struct sc_cardctl_oberthur_updatekey_info *info) +auth_update_key(struct sc_card *card, struct sc_cardctl_oberthur_updatekey_info *info) { int rv, ii; - SC_FUNC_CALLED(card->ctx, 1); - -#ifndef NOT_YET - if (auth_current_ef) { - const sc_acl_entry_t *entry = sc_file_get_acl_entry(auth_current_ef, - SC_AC_OP_UPDATE); - - if (entry && entry->method == SC_AC_PRO) - if (card->sm_level < (entry->key_ref | 0x60)) - card->sm_level = entry->key_ref | 0x60; - } + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); - if (card->sm_level) - return auth_sm_update_rsa(card, info); -#endif if (info->data_len != sizeof(void *) || !info->data) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS); if (info->type == SC_CARDCTL_OBERTHUR_KEY_RSA_CRT) { struct sc_pkcs15_prkey_rsa *rsa = (struct sc_pkcs15_prkey_rsa *)info->data; - struct sc_pkcs15_bignum bn[5]; + struct sc_pkcs15_bignum bn[5]; - sc_debug(card->ctx, "Import RSA CRT"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Import RSA CRT"); bn[0] = rsa->p; bn[1] = rsa->q; bn[2] = rsa->iqmp; @@ -1537,7 +1454,7 @@ args.len = bn[ii].len; rv = auth_update_component(card, &args); - SC_TEST_RET(card->ctx, rv, "Update RSA component failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "Update RSA component failed"); } } else if (info->type == SC_CARDCTL_OBERTHUR_KEY_DES) { @@ -1547,12 +1464,12 @@ rv = SC_ERROR_INVALID_DATA; } - SC_FUNC_RETURN(card->ctx, 1, rv); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, rv); } static int -auth_card_ctl(sc_card_t *card, unsigned long cmd, void *ptr) +auth_card_ctl(struct sc_card *card, unsigned long cmd, void *ptr) { switch (cmd) { case SC_CARDCTL_GET_DEFAULT_KEY: @@ -1568,29 +1485,29 @@ return auth_create_reference_data(card, (struct sc_cardctl_oberthur_createpin_info *) ptr); case SC_CARDCTL_GET_SERIALNR: - return auth_get_serialnr(card, (sc_serial_number_t *)ptr); + return auth_get_serialnr(card, (struct sc_serial_number *)ptr); case SC_CARDCTL_LIFECYCLE_GET: case SC_CARDCTL_LIFECYCLE_SET: return SC_ERROR_NOT_SUPPORTED; default: - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_NOT_SUPPORTED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED); } } static int -auth_read_component(sc_card_t *card, enum SC_CARDCTL_OBERTHUR_KEY_TYPE type, +auth_read_component(struct sc_card *card, enum SC_CARDCTL_OBERTHUR_KEY_TYPE type, int num, unsigned char *out, size_t outlen) { + struct sc_apdu apdu; int rv; - sc_apdu_t apdu; unsigned char resp[SC_MAX_APDU_BUFFER_SIZE]; - SC_FUNC_CALLED(card->ctx, 1); - sc_debug(card->ctx, "num %i, outlen %i, type %i\n", num, outlen, type); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "num %i, outlen %i, type %i\n", num, outlen, type); if (!outlen || type!=SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INCORRECT_PARAMETERS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCORRECT_PARAMETERS); sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xB4, num, 0x00); apdu.cla |= 0x80; @@ -1598,371 +1515,530 @@ apdu.resp = resp; apdu.resplen = sizeof(resp); rv = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, rv, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "APDU transmit failed"); rv = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, rv, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "Card returned error"); if (outlen < apdu.resplen) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_WRONG_LENGTH); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_WRONG_LENGTH); memcpy(out, apdu.resp, apdu.resplen); - SC_FUNC_RETURN(card->ctx, 1, apdu.resplen); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, apdu.resplen); } -static int auth_get_pin_reference (sc_card_t *card, - int type, int reference, int cmd, int *out_ref) +static int +auth_get_pin_reference (struct sc_card *card, int type, int reference, int cmd, int *out_ref) { - struct auth_private_data *prv; - - if (!card || !out_ref) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); + if (!out_ref) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS); - prv = (struct auth_private_data *) card->drv_data; - switch (type) { case SC_AC_CHV: if (reference != 1 && reference != 2 && reference != 4) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_PIN_REFERENCE); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_PIN_REFERENCE); *out_ref = reference; - if (reference == 1 || reference == 2) + if (reference == 1 || reference == 4) if (cmd == SC_PIN_CMD_VERIFY) *out_ref |= 0x80; break; default: - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS); } - SC_FUNC_RETURN(card->ctx, 1, SC_SUCCESS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); } static void -auth_init_pin_info(sc_card_t *card, struct sc_pin_cmd_pin *pin, +auth_init_pin_info(struct sc_card *card, struct sc_pin_cmd_pin *pin, unsigned int type) { - pin->offset = 0; + pin->offset = 0; pin->pad_char = 0xFF; pin->encoding = SC_PIN_ENCODING_ASCII; - if (type==AUTH_PIN) { - pin->max_length = 64; - pin->pad_length = 64; + if (type == OBERTHUR_AUTH_TYPE_PIN) { + pin->max_length = OBERTHUR_AUTH_MAX_LENGTH_PIN; + pin->pad_length = OBERTHUR_AUTH_MAX_LENGTH_PIN; } else { - pin->max_length = 16; - pin->pad_length = 16; + pin->max_length = OBERTHUR_AUTH_MAX_LENGTH_PUK; + pin->pad_length = OBERTHUR_AUTH_MAX_LENGTH_PUK; } } static int -auth_verify(sc_card_t *card, unsigned int type, - int ref, const u8 *data, size_t data_len, int *tries_left) +auth_pin_verify_pinpad(struct sc_card *card, int pin_reference, int *tries_left) { - sc_apdu_t apdu; - int rv, pin_ref; - u8 sbuf[SC_MAX_APDU_BUFFER_SIZE]; - struct sc_pin_cmd_pin pinfo; - - SC_FUNC_CALLED(card->ctx, 1); - sc_debug(card->ctx,"type %i; ref %i, data_len %i\n", type, ref, data_len); - - if (ref == 3) { - ref = 1; - rv = auth_get_pin_reference (card, type, ref, SC_PIN_CMD_VERIFY, &pin_ref); - SC_TEST_RET(card->ctx, rv, "Get PIN reference failed"); - - sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x20, 0x00, pin_ref); - apdu.lc = 0x0; - apdu.le = 0x0; - apdu.resplen = 0; - apdu.resp = NULL; - apdu.p2 = pin_ref; - rv = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, rv, "APDU transmit failed"); - - if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00) { - ref = 2; - rv = auth_get_pin_reference (card, type, ref, SC_PIN_CMD_VERIFY, &pin_ref); - if (rv) - SC_FUNC_RETURN(card->ctx, 1, rv); - - apdu.p2 = pin_ref; - rv = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, rv, "APDU transmit failed"); - } - - rv = sc_check_sw(card, apdu.sw1, apdu.sw2); - if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00 ) { - if (data && data_len > 1 && *data!=ref && !isalnum(*data)) { - rv = auth_verify(card, type, *data, - data+1, data_len - 1, tries_left); - } - } - - SC_FUNC_RETURN(card->ctx, 1, rv); - } + struct sc_card_driver *iso_drv = sc_get_iso7816_driver(); + struct sc_pin_cmd_data pin_cmd; + struct sc_apdu apdu; + unsigned char ffs1[0x100]; + int rv; - rv = auth_get_pin_reference (card, type, ref, SC_PIN_CMD_VERIFY, &pin_ref); - SC_TEST_RET(card->ctx, rv, "Get PIN reference failed"); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + + memset(ffs1, 0xFF, sizeof(ffs1)); + memset(&pin_cmd, 0, sizeof(pin_cmd)); - sc_debug(card->ctx, " pin_ref %X\n", pin_ref); + rv = auth_pin_is_verified(card, pin_reference, tries_left); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "auth_pin_is_verified returned rv %i\n", rv); - auth_init_pin_info(card, &pinfo, AUTH_PIN); - if (data_len > pinfo.pad_length) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); + /* Return SUCCESS without verifying if + * PIN has been already verified and PIN pad has to be used. */ + if (!rv) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, rv); - if (data_len) { - memset(sbuf, pinfo.pad_char, pinfo.pad_length); - memcpy(sbuf, data, data_len); + pin_cmd.flags |= SC_PIN_CMD_NEED_PADDING; - sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x20, 0, pin_ref); - apdu.data = sbuf; - apdu.datalen = pinfo.pad_length; - apdu.lc = pinfo.pad_length; - apdu.sensitive = 1; - } - else { - sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x20, 0, pin_ref); - apdu.lc = 0x0; - apdu.le = 0x0; - apdu.resplen = 0; - apdu.resp = NULL; - } - - rv = sc_transmit_apdu(card, &apdu); - sc_mem_clear(sbuf, sizeof(sbuf)); - SC_TEST_RET(card->ctx, rv, "APDU transmit failed"); + /* For Oberthur card, PIN command data length has to be 0x40. + * In PCSC10 v2.06 the uppler limit of pin.max_length is 8. + * + * The standard sc_build_pin() throws an error when 'pin.len > pin.max_length' . + * So, let's build our own APDU. + */ + sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x20, 0x00, pin_reference); + apdu.lc = OBERTHUR_AUTH_MAX_LENGTH_PIN; + apdu.datalen = OBERTHUR_AUTH_MAX_LENGTH_PIN; + apdu.data = ffs1; + + pin_cmd.apdu = &apdu; + pin_cmd.pin_type = SC_AC_CHV; + pin_cmd.cmd = SC_PIN_CMD_VERIFY; + pin_cmd.flags |= SC_PIN_CMD_USE_PINPAD; + pin_cmd.pin_reference = pin_reference; + if (pin_cmd.pin1.min_length < 4) + pin_cmd.pin1.min_length = 4; + pin_cmd.pin1.max_length = 8; + pin_cmd.pin1.encoding = SC_PIN_ENCODING_ASCII; + pin_cmd.pin1.offset = 5; + pin_cmd.pin1.data = ffs1; + pin_cmd.pin1.len = OBERTHUR_AUTH_MAX_LENGTH_PIN; + pin_cmd.pin1.pad_length = OBERTHUR_AUTH_MAX_LENGTH_PIN; + + rv = iso_drv->ops->pin_cmd(card, &pin_cmd, tries_left); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "PIN CMD 'VERIFY' with pinpad failed"); + + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, rv); +} - if (tries_left && apdu.sw1 == 0x63 && (apdu.sw2 & 0xF0) == 0xC0) - *tries_left = apdu.sw2 & 0x0F; - rv = sc_check_sw(card, apdu.sw1, apdu.sw2); +static int +auth_pin_verify(struct sc_card *card, unsigned int type, + struct sc_pin_cmd_data *data, int *tries_left) +{ + struct sc_card_driver *iso_drv = sc_get_iso7816_driver(); + int rv; + + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + + if (type != SC_AC_CHV) + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "PIN type other then SC_AC_CHV is not supported"); + + data->flags |= SC_PIN_CMD_NEED_PADDING; + + auth_init_pin_info(card, &data->pin1, OBERTHUR_AUTH_TYPE_PIN); + + /* User PIN is always local. */ + if (data->pin_reference == OBERTHUR_PIN_REFERENCE_USER + || data->pin_reference == OBERTHUR_PIN_REFERENCE_ONETIME) + data->pin_reference |= OBERTHUR_PIN_LOCAL; - SC_FUNC_RETURN(card->ctx, 1, rv); + rv = auth_pin_is_verified(card, data->pin_reference, tries_left); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "auth_pin_is_verified returned rv %i\n", rv); + + /* Return if only PIN status has been asked. */ + if (data->pin1.data && !data->pin1.len) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, rv); + + /* Return SUCCESS without verifying if + * PIN has been already verified and PIN pad has to be used. */ + if (!rv && !data->pin1.data && !data->pin1.len) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, rv); + + if (!data->pin1.data && !data->pin1.len) + rv = auth_pin_verify_pinpad(card, data->pin_reference, tries_left); + else + rv = iso_drv->ops->pin_cmd(card, data, tries_left); + + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, rv); } -static int -auth_change_reference_data (sc_card_t *card, unsigned int type, - int ref, const u8 *old, size_t oldlen, - const u8 *_new, size_t newlen, int *tries_left) +static int +auth_pin_is_verified(struct sc_card *card, int pin_reference, int *tries_left) { - sc_apdu_t apdu; - int rv, pin_ref; - u8 sbuf[SC_MAX_APDU_BUFFER_SIZE]; - struct sc_pin_cmd_pin pinfo; - - SC_FUNC_CALLED(card->ctx, 1); - rv = auth_get_pin_reference (card, type, ref, SC_PIN_CMD_CHANGE, &pin_ref); - SC_TEST_RET(card->ctx, rv, "Failed to get PIN reference"); - - sc_debug(card->ctx, " pin ref %X\n", pin_ref); - - auth_init_pin_info(card, &pinfo, AUTH_PIN); - - if (oldlen > pinfo.pad_length || newlen > pinfo.pad_length) - SC_TEST_RET(card->ctx, SC_ERROR_INVALID_ARGUMENTS, "Invalid PIN length"); - - memset(sbuf, pinfo.pad_char, pinfo.pad_length * 2); - memcpy(sbuf, old, oldlen); - memcpy(sbuf + pinfo.pad_length, _new, newlen); - - sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x24, 0, pin_ref); - apdu.data = sbuf; - apdu.datalen = pinfo.pad_length * 2; - apdu.lc = pinfo.pad_length * 2; - apdu.sensitive = 1; + struct sc_apdu apdu; + int rv; + + sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x20, 0, pin_reference); rv = sc_transmit_apdu(card, &apdu); - sc_mem_clear(sbuf, sizeof(sbuf)); - SC_TEST_RET(card->ctx, rv, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "APDU transmit failed"); - if (tries_left && apdu.sw1 == 0x63 && (apdu.sw2 & 0xF0) == 0xC0) + if (tries_left && apdu.sw1 == 0x63 && (apdu.sw2 & 0xF0) == 0xC0) *tries_left = apdu.sw2 & 0x0F; + /* Replace 'no tries left' with 'auth method blocked' */ + if (apdu.sw1 == 0x63 && apdu.sw2 == 0xC0) { + apdu.sw1 = 0x69; + apdu.sw2 = 0x83; + } + rv = sc_check_sw(card, apdu.sw1, apdu.sw2); - - SC_FUNC_RETURN(card->ctx, 1, rv); + + return rv; } -static int -auth_reset_retry_counter(sc_card_t *card, unsigned int type, - int ref, const u8 *puk, size_t puklen, - const u8 *pin, size_t pinlen) +static int +auth_pin_change_pinpad(struct sc_card *card, struct sc_pin_cmd_data *data, + int *tries_left) { - sc_apdu_t apdu; - int rv, pin_ref; - size_t len; - u8 sbuf[SC_MAX_APDU_BUFFER_SIZE]; - struct sc_pin_cmd_pin pin_info, puk_info; -#ifndef NOT_YET - const sc_acl_entry_t *entry; -#endif - - SC_FUNC_CALLED(card->ctx, 1); - rv = auth_get_pin_reference (card, type, ref, SC_PIN_CMD_CHANGE, &pin_ref); - SC_TEST_RET(card->ctx, rv, "Failed to get PIN reference"); - - sc_debug(card->ctx, "pin_ref 0x%X\n", pin_ref); - sc_debug(card->ctx, "current path ; type=%d, path=%s\n", - auth_current_df->path.type, sc_print_path(&auth_current_df->path)); - - auth_init_pin_info(card, &puk_info, AUTH_PUK); - auth_init_pin_info(card, &pin_info, AUTH_PIN); - - if (puklen > puk_info.pad_length || pinlen > pin_info.pad_length) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); + struct sc_card_driver *iso_drv = sc_get_iso7816_driver(); + struct sc_pin_cmd_data pin_cmd; + struct sc_apdu apdu; + unsigned char ffs1[0x100]; + unsigned char ffs2[0x100]; + int rv, pin_reference; + + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + + pin_reference = data->pin_reference & ~OBERTHUR_PIN_LOCAL; + + memset(ffs1, 0xFF, sizeof(ffs1)); + memset(ffs2, 0xFF, sizeof(ffs2)); + memset(&pin_cmd, 0, sizeof(pin_cmd)); + + if (data->pin1.len > OBERTHUR_AUTH_MAX_LENGTH_PIN) + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS, "'PIN CHANGE' failed"); + + if (data->pin1.data && data->pin1.len) + memcpy(ffs1, data->pin1.data, data->pin1.len); + + pin_cmd.flags |= SC_PIN_CMD_NEED_PADDING; + + sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x24, 0x00, pin_reference); + apdu.lc = OBERTHUR_AUTH_MAX_LENGTH_PIN * 2; + apdu.datalen = OBERTHUR_AUTH_MAX_LENGTH_PIN * 2; + apdu.data = ffs1; + + pin_cmd.apdu = &apdu; + pin_cmd.pin_type = SC_AC_CHV; + pin_cmd.cmd = SC_PIN_CMD_CHANGE; + pin_cmd.flags |= SC_PIN_CMD_USE_PINPAD; + pin_cmd.pin_reference = pin_reference; + if (pin_cmd.pin1.min_length < 4) + pin_cmd.pin1.min_length = 4; + pin_cmd.pin1.max_length = 8; + pin_cmd.pin1.encoding = SC_PIN_ENCODING_ASCII; + pin_cmd.pin1.offset = 5 + OBERTHUR_AUTH_MAX_LENGTH_PIN; + pin_cmd.pin1.data = ffs1; + pin_cmd.pin1.len = OBERTHUR_AUTH_MAX_LENGTH_PIN; + pin_cmd.pin1.pad_length = 0; + + memcpy(&pin_cmd.pin2, &pin_cmd.pin1, sizeof(pin_cmd.pin2)); + pin_cmd.pin1.offset = 5; + pin_cmd.pin2.data = ffs2; + + rv = iso_drv->ops->pin_cmd(card, &pin_cmd, tries_left); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "PIN CMD 'VERIFY' with pinpad failed"); + + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, rv); +} + + +static int +auth_pin_change(struct sc_card *card, unsigned int type, + struct sc_pin_cmd_data *data, int *tries_left) +{ + struct sc_card_driver *iso_drv = sc_get_iso7816_driver(); + int rv; + + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); -#ifndef NOT_YET - entry = sc_file_get_acl_entry(auth_current_df, SC_AC_OP_PIN_RESET); - if (entry && entry->method == SC_AC_PRO) { - card->sm_level = entry->key_ref | 0x60; - rv = auth_sm_reset_pin(card, type, ref, pin, pinlen); - - SC_FUNC_RETURN(card->ctx, 1, rv); - } -#endif - memset(sbuf, puk_info.pad_char, puk_info.pad_length); - memcpy(sbuf, puk, puklen); - len = puk_info.pad_length; - if (pin && pinlen) { - memset(sbuf + len, pin_info.pad_char, pin_info.pad_length); - memcpy(sbuf + len, pin, pinlen); - len += pin_info.pad_length; + if (data->pin1.len && data->pin2.len) { + /* Direct unblock style */ + data->flags |= SC_PIN_CMD_NEED_PADDING; + data->flags &= ~SC_PIN_CMD_USE_PINPAD; + data->apdu = NULL; + + data->pin_reference &= ~OBERTHUR_PIN_LOCAL; + + auth_init_pin_info(card, &data->pin1, OBERTHUR_AUTH_TYPE_PIN); + auth_init_pin_info(card, &data->pin2, OBERTHUR_AUTH_TYPE_PIN); + + rv = iso_drv->ops->pin_cmd(card, data, tries_left); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "CMD 'PIN CHANGE' failed"); + } + else if (!data->pin1.len && !data->pin2.len) { + /* Oberthur unblock style with PIN pad. */ + rv = auth_pin_change_pinpad(card, data, tries_left); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "'PIN CHANGE' failedi: SOPIN verify with pinpad failed"); + } + else { + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS, "'PIN CHANGE' failed"); } - - sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x2C, - len == puk_info.pad_length ? 1 : 0, pin_ref); - apdu.data = sbuf; - apdu.datalen = len; - apdu.lc = len; - apdu.sensitive = 1; - rv = sc_transmit_apdu(card, &apdu); - sc_mem_clear(sbuf, sizeof(sbuf)); - SC_TEST_RET(card->ctx, rv, "APDU transmit failed"); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, rv); +} - rv = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_FUNC_RETURN(card->ctx, 1, rv); + +static int +auth_pin_reset_oberthur_style(struct sc_card *card, unsigned int type, + struct sc_pin_cmd_data *data, int *tries_left) +{ + struct sc_card_driver *iso_drv = sc_get_iso7816_driver(); + struct sc_pin_cmd_data pin_cmd; + struct sc_path tmp_path; + struct sc_file *tmp_file = NULL; + struct sc_apdu apdu; + unsigned char puk[OBERTHUR_AUTH_MAX_LENGTH_PUK]; + unsigned char ffs1[0x100]; + int rv, rvv, local_pin_reference; + + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + + local_pin_reference = data->pin_reference & ~OBERTHUR_PIN_LOCAL; + + if (data->pin_reference != OBERTHUR_PIN_REFERENCE_USER) + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS, "Oberthur style 'PIN RESET' failed: invalid PIN reference"); + + memset(&pin_cmd, 0, sizeof(pin_cmd)); + memset(&tmp_path, 0, sizeof(struct sc_path)); + + pin_cmd.pin_type = SC_AC_CHV; + pin_cmd.cmd = SC_PIN_CMD_VERIFY; + pin_cmd.pin_reference = OBERTHUR_PIN_REFERENCE_PUK; + memcpy(&pin_cmd.pin1, &data->pin1, sizeof(pin_cmd.pin1)); + + rv = auth_pin_verify(card, SC_AC_CHV, &pin_cmd, tries_left); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "Oberthur style 'PIN RESET' failed: SOPIN verify error"); + + sc_format_path("2000", &tmp_path); + tmp_path.type = SC_PATH_TYPE_FILE_ID; + rv = iso_ops->select_file(card, &tmp_path, &tmp_file); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "select PUK file"); + + if (tmp_file->size < OBERTHUR_AUTH_MAX_LENGTH_PUK) + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_FILE_TOO_SMALL, "Oberthur style 'PIN RESET' failed"); + + rv = iso_ops->read_binary(card, 0, puk, OBERTHUR_AUTH_MAX_LENGTH_PUK, 0); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "read PUK file error"); + if (rv != OBERTHUR_AUTH_MAX_LENGTH_PUK) + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_DATA, "Oberthur style 'PIN RESET' failed"); + + memset(ffs1, 0xFF, sizeof(ffs1)); + memcpy(ffs1, puk, rv); + + memset(&pin_cmd, 0, sizeof(pin_cmd)); + pin_cmd.pin_type = SC_AC_CHV; + pin_cmd.cmd = SC_PIN_CMD_UNBLOCK; + pin_cmd.pin_reference = local_pin_reference; + auth_init_pin_info(card, &pin_cmd.pin1, OBERTHUR_AUTH_TYPE_PUK); + pin_cmd.pin1.data = ffs1; + pin_cmd.pin1.len = OBERTHUR_AUTH_MAX_LENGTH_PUK; + + if (data->pin2.data) { + memcpy(&pin_cmd.pin2, &data->pin2, sizeof(pin_cmd.pin2)); + rv = auth_pin_reset(card, SC_AC_CHV, &pin_cmd, tries_left); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, rv); + } + + sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x2C, 0x00, local_pin_reference); + apdu.lc = OBERTHUR_AUTH_MAX_LENGTH_PIN + OBERTHUR_AUTH_MAX_LENGTH_PUK; + apdu.datalen = OBERTHUR_AUTH_MAX_LENGTH_PIN + OBERTHUR_AUTH_MAX_LENGTH_PUK; + apdu.data = ffs1; + + pin_cmd.apdu = &apdu; + pin_cmd.flags |= SC_PIN_CMD_USE_PINPAD | SC_PIN_CMD_IMPLICIT_CHANGE; + + pin_cmd.pin1.min_length = 4; + pin_cmd.pin1.max_length = 8; + pin_cmd.pin1.encoding = SC_PIN_ENCODING_ASCII; + pin_cmd.pin1.offset = 5; + + pin_cmd.pin2.data = &ffs1[OBERTHUR_AUTH_MAX_LENGTH_PUK]; + pin_cmd.pin2.len = OBERTHUR_AUTH_MAX_LENGTH_PIN; + pin_cmd.pin2.offset = 5 + OBERTHUR_AUTH_MAX_LENGTH_PUK; + pin_cmd.pin2.min_length = 4; + pin_cmd.pin2.max_length = 8; + pin_cmd.pin2.encoding = SC_PIN_ENCODING_ASCII; + + rvv = iso_drv->ops->pin_cmd(card, &pin_cmd, tries_left); + if (rvv) + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "%s: PIN CMD 'VERIFY' with pinpad failed", + sc_strerror(rvv)); + + if (auth_current_ef) + rv = iso_ops->select_file(card, &auth_current_ef->path, &auth_current_ef); + + if (rv > 0) + rv = 0; + + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, rv ? rv: rvv); +} + + +static int +auth_pin_reset(struct sc_card *card, unsigned int type, + struct sc_pin_cmd_data *data, int *tries_left) +{ + int rv; + + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + + /* Oberthur unblock style: PUK value is a SOPIN */ + rv = auth_pin_reset_oberthur_style(card, SC_AC_CHV, data, tries_left); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "Oberthur style 'PIN RESET' failed"); + + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, rv); +} + + +static int +auth_pin_cmd(struct sc_card *card, struct sc_pin_cmd_data *data, int *tries_left) +{ + int rv; + + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + if (data->pin_type != SC_AC_CHV) + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "auth_pin_cmd() unsupported PIN type"); + + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "PIN CMD:%i; reference:%i; pin1:%p/%i, pin2:%p/%i\n", data->cmd, + data->pin_reference, data->pin1.data, data->pin1.len, + data->pin2.data, data->pin2.len); + switch (data->cmd) { + case SC_PIN_CMD_VERIFY: + rv = auth_pin_verify(card, SC_AC_CHV, data, tries_left); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "CMD 'PIN VERIFY' failed"); + break; + case SC_PIN_CMD_CHANGE: + rv = auth_pin_change(card, SC_AC_CHV, data, tries_left); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "CMD 'PIN VERIFY' failed"); + break; + case SC_PIN_CMD_UNBLOCK: + rv = auth_pin_reset(card, SC_AC_CHV, data, tries_left); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "CMD 'PIN VERIFY' failed"); + break; + default: + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "Unsupported PIN operation"); + } + + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, rv); } static int -auth_create_reference_data (sc_card_t *card, +auth_create_reference_data (struct sc_card *card, struct sc_cardctl_oberthur_createpin_info *args) { - sc_apdu_t apdu; - int rv, pin_ref, len; - u8 sbuf[SC_MAX_APDU_BUFFER_SIZE]; + struct sc_apdu apdu; struct sc_pin_cmd_pin pin_info, puk_info; + int rv, len; + unsigned char sbuf[SC_MAX_APDU_BUFFER_SIZE]; + + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "PIN reference %i\n", args->ref); - SC_FUNC_CALLED(card->ctx, 1); + if (args->type != SC_AC_CHV) + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "Unsupported PIN type"); if (args->pin_tries < 1 || !args->pin || !args->pin_len) - SC_TEST_RET(card->ctx, SC_ERROR_INVALID_ARGUMENTS, "Invalid PIN options"); - - if (args->type == SC_AC_CHV) { - if (args->ref == 1) - pin_ref = 0x01; - else if (args->ref == 2) - pin_ref = 0x02; - else - SC_TEST_RET(card->ctx, SC_ERROR_INVALID_PIN_REFERENCE, "Invalid PIN reference"); - } - else { - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); - } - - sc_debug(card->ctx, "pin ref %X\n", pin_ref); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS, "Invalid PIN options"); + + if (args->ref != OBERTHUR_PIN_REFERENCE_USER && args->ref != OBERTHUR_PIN_REFERENCE_PUK) + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_PIN_REFERENCE, "Invalid PIN reference"); - auth_init_pin_info(card, &puk_info, AUTH_PUK); - auth_init_pin_info(card, &pin_info, AUTH_PIN); + auth_init_pin_info(card, &puk_info, OBERTHUR_AUTH_TYPE_PUK); + auth_init_pin_info(card, &pin_info, OBERTHUR_AUTH_TYPE_PIN); if (args->puk && args->puk_len && (args->puk_len%puk_info.pad_length)) - SC_TEST_RET(card->ctx, SC_ERROR_INVALID_ARGUMENTS, "Invalid PUK options"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS, "Invalid PUK options"); len = 0; + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "len %i", len); sbuf[len++] = args->pin_tries; sbuf[len++] = pin_info.pad_length; + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "len %i", len); memset(sbuf + len, pin_info.pad_char, pin_info.pad_length); memcpy(sbuf + len, args->pin, args->pin_len); len += pin_info.pad_length; + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "len %i", len); if (args->puk && args->puk_len) { sbuf[len++] = args->puk_tries; sbuf[len++] = args->puk_len / puk_info.pad_length; + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "len %i", len); memcpy(sbuf + len, args->puk, args->puk_len); len += args->puk_len; } - sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x24, 1, pin_ref); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "len %i", len); + sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x24, 1, args->ref & ~OBERTHUR_PIN_LOCAL); apdu.data = sbuf; apdu.datalen = len; apdu.lc = len; - apdu.sensitive = 1; rv = sc_transmit_apdu(card, &apdu); sc_mem_clear(sbuf, sizeof(sbuf)); - SC_TEST_RET(card->ctx, rv, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "APDU transmit failed"); rv = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_FUNC_RETURN(card->ctx, 1, rv); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, rv); } static int -auth_logout(sc_card_t *card) +auth_logout(struct sc_card *card) { - sc_apdu_t apdu; + struct sc_apdu apdu; int ii, rv = 0, pin_ref; int reset_flag = 0x20; for (ii=0; ii < 4; ii++) { rv = auth_get_pin_reference (card, SC_AC_CHV, ii+1, SC_PIN_CMD_UNBLOCK, &pin_ref); - SC_TEST_RET(card->ctx, rv, "Cannot get PIN reference"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot get PIN reference"); - sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x2E, 0x00, 0x00); - apdu.cla = 0x80; - apdu.lc = 0x0; - apdu.le = 0x0; - apdu.resplen = 0; - apdu.resp = NULL; + sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x2E, 0x00, 0x00); + apdu.cla = 0x80; apdu.p2 = pin_ref | reset_flag; rv = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, rv, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "APDU transmit failed"); } - SC_FUNC_RETURN(card->ctx, 1, rv); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, rv); } + static int -write_publickey (sc_card_t *card, unsigned int offset, - const u8 *buf, size_t count) +write_publickey (struct sc_card *card, unsigned int offset, + const unsigned char *buf, size_t count) { - int ii, rv; + struct auth_update_component_info args; struct sc_pkcs15_pubkey_rsa key; + int ii, rv; size_t len = 0, der_size = 0; - struct auth_update_component_info args; + char debug_buf[2048]; - SC_FUNC_CALLED(card->ctx, 1); - if (card->ctx->debug >= 5) { - char debug_buf[2048]; - - debug_buf[0] = 0; - sc_hex_dump(card->ctx, buf, count, debug_buf, sizeof(debug_buf)); - sc_debug(card->ctx, "write_publickey in %d bytes :\n%s", count, debug_buf); - } + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + + debug_buf[0] = 0; + sc_hex_dump(card->ctx, SC_LOG_DEBUG_NORMAL, + buf, count, debug_buf, sizeof(debug_buf)); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "write_publickey in %d bytes :\n%s", count, debug_buf); if (offset > sizeof(rsa_der)) - SC_TEST_RET(card->ctx, SC_ERROR_INVALID_ARGUMENTS, "Invalid offset value"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS, "Invalid offset value"); len = offset+count > sizeof(rsa_der) ? sizeof(rsa_der) - offset : count; @@ -1977,14 +2053,14 @@ der_size = rsa_der[1]; } - sc_debug(card->ctx, "der_size %i\n",der_size); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "der_size %i\n",der_size); if (offset + len < der_size + 2) - SC_FUNC_RETURN(card->ctx, 1, len); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, len); rv = sc_pkcs15_decode_pubkey_rsa(card->ctx, &key, rsa_der, rsa_der_len); rsa_der_len = 0; memset(rsa_der, 0, sizeof(rsa_der)); - SC_TEST_RET(card->ctx, rv, "cannot decode public key"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "cannot decode public key"); memset(&args, 0, sizeof(args)); args.type = SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC; @@ -1992,7 +2068,7 @@ args.data = key.modulus.data; args.len = key.modulus.len; rv = auth_update_component(card, &args); - SC_TEST_RET(card->ctx, rv, "Update component failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "Update component failed"); memset(&args, 0, sizeof(args)); args.type = SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC; @@ -2000,25 +2076,25 @@ args.data = key.exponent.data; args.len = key.exponent.len; rv = auth_update_component(card, &args); - SC_TEST_RET(card->ctx, rv, "Update component failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "Update component failed"); - SC_FUNC_RETURN(card->ctx, 1, len); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, len); } static int -auth_update_binary(sc_card_t *card, unsigned int offset, - const u8 *buf, size_t count, unsigned long flags) +auth_update_binary(struct sc_card *card, unsigned int offset, + const unsigned char *buf, size_t count, unsigned long flags) { int rv = 0; - SC_FUNC_CALLED(card->ctx, 1); - sc_debug(card->ctx, "offset %i; count %i\n", offset, count); - sc_debug(card->ctx, "last selected : magic %X; ef %X\n", + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "offset %i; count %i\n", offset, count); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "last selected : magic %X; ef %X\n", auth_current_ef->magic, auth_current_ef->ef_structure); if (offset & ~0x7FFF) - SC_TEST_RET(card->ctx, SC_ERROR_INVALID_ARGUMENTS, "Invalid file offset"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS, "Invalid file offset"); if (auth_current_ef->magic==SC_FILE_MAGIC && auth_current_ef->ef_structure == SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC) { @@ -2030,8 +2106,7 @@ memset(&args, 0, sizeof(args)); args.type = SC_CARDCTL_OBERTHUR_KEY_DES; - args.component = 0; - args.data = (u8 *)buf; + args.data = (unsigned char *)buf; args.len = count; rv = auth_update_component(card, &args); } @@ -2039,43 +2114,24 @@ rv = iso_ops->update_binary(card, offset, buf, count, 0); } - SC_FUNC_RETURN(card->ctx, 1, rv); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, rv); } static int -auth_read_binary(sc_card_t *card, unsigned int offset, - u8 *buf, size_t count, unsigned long flags) +auth_read_binary(struct sc_card *card, unsigned int offset, + unsigned char *buf, size_t count, unsigned long flags) { int rv; -#ifndef NOT_YET - const sc_acl_entry_t *entry; -#endif + char debug_buf[2048]; - SC_FUNC_CALLED(card->ctx, 1); - sc_debug(card->ctx,"offset %i; size %i; flags 0x%lX\n", offset, count, flags); - sc_debug(card->ctx,"last selected : magic %X; ef %X\n", + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"offset %i; size %i; flags 0x%lX\n", offset, count, flags); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"last selected : magic %X; ef %X\n", auth_current_ef->magic, auth_current_ef->ef_structure); -/* _auth_print_acls(card, auth_current_ef); */ - -#ifndef NOT_YET - entry = sc_file_get_acl_entry(auth_current_ef, SC_AC_OP_READ); - sc_debug(card->ctx,"entry %p; %i\n", entry, SC_AC_OP_READ); - if (entry && entry->method == SC_AC_PRO) { - sc_debug(card->ctx, "needs SM level 0x%X\n", entry->key_ref >> 3); - - card->sm_level = entry->key_ref | 0x60; - rv = auth_sm_read_binary(card, - auth_current_ef->path.value, auth_current_ef->path.len, - offset, buf, count); - - sc_debug(card->ctx, "rv %i\n", rv); - SC_FUNC_RETURN(card->ctx, 1, rv); - } -#endif if (offset & ~0x7FFF) - SC_TEST_RET(card->ctx, SC_ERROR_INVALID_ARGUMENTS, "Invalid file offset"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS, "Invalid file offset"); if (auth_current_ef->magic==SC_FILE_MAGIC && auth_current_ef->ef_structure == SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC) { @@ -2088,20 +2144,20 @@ resp_len = sizeof(resp); rv = auth_read_component(card, SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC, 2, resp, resp_len); - SC_TEST_RET(card->ctx, rv, "read component failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "read component failed"); for (jj=0; jjctx, rv, "Cannot read RSA public key component"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot read RSA public key component"); - bn[1].data = (u8 *) malloc(rv); + bn[1].data = calloc(1, rv); bn[1].len = rv; memcpy(bn[1].data, resp, rv); @@ -2109,20 +2165,19 @@ key.modulus = bn[1]; if (sc_pkcs15_encode_pubkey_rsa(card->ctx, &key, &out, &out_len)) { - SC_TEST_RET(card->ctx, SC_ERROR_INVALID_ASN1_OBJECT, + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ASN1_OBJECT, "cannot encode RSA public key"); } else { rv = out_len - offset > count ? count : out_len - offset; memcpy(buf, out + offset, rv); - if (card->ctx->debug >= 5) { - char debug_buf[2048]; - debug_buf[0] = 0; - sc_hex_dump(card->ctx, buf, rv, debug_buf, sizeof(debug_buf)); - sc_debug(card->ctx, "write_publickey in %d bytes :\n%s", - count, debug_buf); - } + debug_buf[0] = 0; + sc_hex_dump(card->ctx, SC_LOG_DEBUG_NORMAL, + buf, rv, debug_buf, sizeof(debug_buf)); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "write_publickey in %d bytes :\n%s", + count, debug_buf); } if (bn[0].data) @@ -2136,24 +2191,23 @@ rv = iso_ops->read_binary(card, offset, buf, count, 0); } - SC_FUNC_RETURN(card->ctx, 1, rv); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, rv); } static int auth_read_record(struct sc_card *card, unsigned int nr_rec, - u8 *buf, size_t count, - unsigned long flags) + unsigned char *buf, size_t count, unsigned long flags) { - int rv = 0; struct sc_apdu apdu; - u8 recvbuf[SC_MAX_APDU_BUFFER_SIZE]; + int rv = 0; + unsigned char recvbuf[SC_MAX_APDU_BUFFER_SIZE]; - sc_debug(card->ctx, "auth_read_record(): nr_rec %i; count %i\n", nr_rec, count); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "auth_read_record(): nr_rec %i; count %i\n", nr_rec, count); - sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xB2, nr_rec, 0); - apdu.p2 = (flags & SC_RECORD_EF_ID_MASK) << 3; - if (flags & SC_RECORD_BY_REC_NR) + sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xB2, nr_rec, 0); + apdu.p2 = (flags & SC_RECORD_EF_ID_MASK) << 3; + if (flags & SC_RECORD_BY_REC_NR) apdu.p2 |= 0x04; apdu.le = count; @@ -2161,308 +2215,77 @@ apdu.resp = recvbuf; rv = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, rv, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "APDU transmit failed"); if (apdu.resplen == 0) - SC_FUNC_RETURN(card->ctx, 2, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); memcpy(buf, recvbuf, apdu.resplen); rv = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, rv, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "Card returned error"); - SC_FUNC_RETURN(card->ctx, 1, apdu.resplen); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, apdu.resplen); } static int -auth_delete_record(sc_card_t *card, unsigned int nr_rec) +auth_delete_record(struct sc_card *card, unsigned int nr_rec) { + struct sc_apdu apdu; int rv = 0; - sc_apdu_t apdu; - SC_FUNC_CALLED(card->ctx, 1); - sc_debug(card->ctx, "auth_delete_record(): nr_rec %i\n", nr_rec); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "auth_delete_record(): nr_rec %i\n", nr_rec); sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x32, nr_rec, 0x04); apdu.cla = 0x80; - apdu.lc = 0x0; - apdu.le = 0x0; - apdu.resplen = 0; - apdu.resp = NULL; rv = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, rv, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "APDU transmit failed"); rv = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_FUNC_RETURN(card->ctx, 1, rv); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, rv); } + static int -auth_get_serialnr(sc_card_t *card, sc_serial_number_t *serial) +auth_get_serialnr(struct sc_card *card, struct sc_serial_number *serial) { - if (!card || !serial) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); + if (!serial) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS); if (card->serialnr.len==0) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INTERNAL); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INTERNAL); memcpy(serial, &card->serialnr, sizeof(*serial)); - SC_FUNC_RETURN(card->ctx, 1, SC_SUCCESS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); } -#ifndef NOT_YET -static int -auth_sm_init (struct sc_card *card, struct sc_sm_info *sm_info, int cmd, - unsigned char *id, size_t id_len, - unsigned char *resp, size_t *resp_len) -{ - int rv; - struct sc_apdu apdu; - unsigned char host_challenge[8]; - int host_challenge_len = sizeof(host_challenge); - - sc_debug(card->ctx, "called; command 0x%X\n", cmd); - if (!card || !sm_info || !id || !id_len || !resp || !resp_len) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); - - if (!card->sm.funcs.initialize || !card->sm.funcs.get_apdus) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_NOT_SUPPORTED); - - if ((card->sm_level & 0xE0) != 0x60) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); - - if (id_len > sizeof(sm_info->id)) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); - - if (*resp_len < 28) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); - memset(sm_info, 0, sizeof(*sm_info)); - - sm_info->index = 0; - sm_info->version = 1; - sm_info->cmd = cmd; - sm_info->level = (card->sm_level & 0x18) >> 3; - - sm_info->id_len = id_len; - memcpy(sm_info->id, id, id_len); - - sm_info->status = 0; - - sm_info->serialnr = card->serialnr; - - rv = card->sm.funcs.initialize(card->ctx, sm_info, - host_challenge, &host_challenge_len); - SC_TEST_RET(card->ctx, rv, "SM: INITIALIZE failed"); - - sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0x50, - sm_info->version, sm_info->index); - apdu.cla = 0x80; - apdu.resp = resp; - apdu.resplen = *resp_len; - apdu.lc = 8; - apdu.le = 12; - apdu.data = host_challenge; - apdu.datalen = 8; - - rv=sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, rv, "transmit APDU failed"); - - rv = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, rv, "Card returned error"); - - if (apdu.resplen != 28) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INTERNAL); - - *resp_len = 28; - - SC_FUNC_RETURN(card->ctx, 1, rv); -} - - -static int -auth_sm_execute (struct sc_card *card, struct sc_sm_info *sm_info, - unsigned char *data, int data_len, - unsigned char *out, size_t len) -{ -#define AUTH_SM_APDUS_MAX 6 - int rv, ii; - struct sc_apdu apdus[AUTH_SM_APDUS_MAX]; - unsigned char sbufs[AUTH_SM_APDUS_MAX][SC_MAX_APDU_BUFFER_SIZE]; - unsigned char rbufs[AUTH_SM_APDUS_MAX][SC_MAX_APDU_BUFFER_SIZE]; - int nn_apdus = AUTH_SM_APDUS_MAX; - - if (!card->sm.funcs.initialize || !card->sm.funcs.get_apdus) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_NOT_SUPPORTED); - - memset(&apdus, 0, sizeof(apdus)); - memset(&sbufs, 0, sizeof(sbufs)); - memset(&rbufs, 0, sizeof(rbufs)); - for (ii=0; iism.funcs.get_apdus(card->ctx, sm_info, - data, data_len, apdus, &nn_apdus); - SC_TEST_RET(card->ctx, rv, "SM: GET_APDUS failed"); - - sc_debug(card->ctx, "GET_APDUS: rv %i; nn cmds %i\n", - rv, nn_apdus); - - for (ii=0; ii < nn_apdus; ii++) { - rv = sc_transmit_apdu(card, &apdus[ii]); - if (rv < 0) - break; - - rv = sc_check_sw(card, apdus[ii].sw1, apdus[ii].sw2); - if (rv < 0) - break; - } - - if (rv) { - sm_info->status = rv; - auth_sm_release (card, sm_info, NULL, 0); - } - - if (out && len > 0 && !rv) { - if (len > apdus[nn_apdus-1].resplen) - len = apdus[nn_apdus-1].resplen; - - memcpy(out, apdus[nn_apdus-1].resp, len); - SC_FUNC_RETURN(card->ctx, 1, len); - } - - SC_FUNC_RETURN(card->ctx, 1, rv); -} - - -static int -auth_sm_release (struct sc_card *card, struct sc_sm_info *sm_info, - unsigned char *data, int data_len) -{ - int rv; - struct sc_apdu apdu; - - card->sm_level = 0; - - sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x2E, 0x00, 0x60); - apdu.cla = 0x80; - apdu.lc = 0x0; - apdu.le = 0x0; - apdu.resplen = 0; - apdu.resp = NULL; - - rv = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, rv, "APDU transmit failed"); - - if (sm_info && card->sm.funcs.finalize) { - rv = card->sm.funcs.finalize(card->ctx, sm_info, data, data_len); - SC_TEST_RET(card->ctx, rv, "SM: finalize failed"); - } - - SC_FUNC_RETURN(card->ctx, 1, rv); -} +static const struct sc_card_error +auth_warnings[] = { + { 0x6282, SC_SUCCESS, + "ignore warning 'End of file or record reached before reading Ne bytes'" }, + {0, 0, NULL}, +}; static int -auth_sm_update_rsa (struct sc_card *card, - struct sc_cardctl_oberthur_updatekey_info *update_info) +auth_check_sw(struct sc_card *card, unsigned int sw1, unsigned int sw2) { - int rv, rvv; - struct sc_sm_info sm_info; - unsigned char init_data[SC_MAX_APDU_BUFFER_SIZE]; - int init_data_len = sizeof(init_data); + int ii; - sc_debug(card->ctx, "called; SM Level 0x%X\n", card->sm_level); - if (!update_info || !card->sm_level) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); - - /* If rsa defined, we impose Mosilla style ID. */ - if (update_info->data && (update_info->data_len == sizeof(void *))) { - struct sc_pkcs15_prkey_rsa *rsa = (struct sc_pkcs15_prkey_rsa *)update_info->data; - - SHA1(rsa->modulus.data, rsa->modulus.len, update_info->id); - update_info->id_len = SHA_DIGEST_LENGTH; + for (ii=0; auth_warnings[ii].SWs; ii++) { + if (auth_warnings[ii].SWs == ((sw1 << 8) | sw2)) { + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "%s\n", auth_warnings[ii].errorstr); + return auth_warnings[ii].errorno; + } } - - rv = auth_sm_init (card, &sm_info, SC_SM_CMD_TYPE_UPDATE_RSA, - update_info->id, update_info->id_len, init_data, &init_data_len); - if (!rv) - rv = auth_sm_execute (card, &sm_info, - init_data, init_data_len, NULL, 0); - - rvv = auth_sm_release (card, &sm_info, NULL, 0); - SC_FUNC_RETURN(card->ctx, 1, (rv ? rv : rvv)); + return iso_ops->check_sw(card, sw1, sw2); } -static int -auth_sm_reset_pin (struct sc_card *card, int type, int ref, - const u8 *data, size_t len) -{ - int rv; - struct sc_sm_info sm_info; - unsigned char init_data[SC_MAX_APDU_BUFFER_SIZE]; - int init_data_len = sizeof(init_data); - - sc_debug(card->ctx, "called; PIN ref 0x%X; data length %i\n", ref, len); - - rv = auth_sm_init (card, &sm_info, SC_SM_CMD_TYPE_RESET_PIN, - card->serialnr.value, card->serialnr.len, init_data, &init_data_len); - SC_TEST_RET(card->ctx, rv, "SM: init failed"); - - sm_info.p1 = ref; - sm_info.data = data; - sm_info.data_len = len; - - rv = auth_sm_execute (card, &sm_info, init_data, init_data_len, NULL, 0); - SC_TEST_RET(card->ctx, rv, "SM: execute failed"); - - rv = auth_sm_release (card, &sm_info, NULL, 0); - SC_TEST_RET(card->ctx, rv, "SM: release failed"); - - SC_FUNC_RETURN(card->ctx, 1, rv); -} - - -static int -auth_sm_read_binary (struct sc_card *card, unsigned char *id, size_t id_len, - size_t offs, unsigned char *out, size_t len) -{ - int rv; - struct sc_sm_info sm_info; - unsigned char init_data[SC_MAX_APDU_BUFFER_SIZE]; - int init_data_len = sizeof(init_data); - - sc_debug(card->ctx, "called; offs %i; len %i\n", offs, len); - - if (len > 0xF0) { - sc_error(card->ctx, "Not yet: reading length cannot be more then 240 bytes."); - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_NOT_SUPPORTED); - } - - rv = auth_sm_init (card, &sm_info, SC_SM_CMD_TYPE_READ_BINARY, - id, id_len, init_data, &init_data_len); - SC_TEST_RET(card->ctx, rv, "SM: init failed"); - - sm_info.p1 = offs; - sm_info.p2 = len; - - rv = auth_sm_execute (card, &sm_info, init_data, init_data_len, out, len); - SC_TEST_RET(card->ctx, rv, "SM: execute failed"); - - len = rv; - - rv = auth_sm_release (card, &sm_info, out, len); - SC_TEST_RET(card->ctx, rv, "SM: release failed"); - - SC_FUNC_RETURN(card->ctx, 1, len); -} -#endif - static struct sc_card_driver * sc_get_driver(void) { @@ -2487,13 +2310,9 @@ auth_ops.compute_signature = auth_compute_signature; auth_ops.decipher = auth_decipher; auth_ops.process_fci = auth_process_fci; - - auth_ops.pin_cmd = NULL; - auth_ops.verify = auth_verify; - auth_ops.reset_retry_counter = auth_reset_retry_counter; - auth_ops.change_reference_data = auth_change_reference_data; - + auth_ops.pin_cmd = auth_pin_cmd; auth_ops.logout = auth_logout; + auth_ops.check_sw = auth_check_sw; return &auth_drv; } diff -Nru opensc-0.11.13/src/libopensc/card-openpgp.c opensc-0.12.1/src/libopensc/card-openpgp.c --- opensc-0.11.13/src/libopensc/card-openpgp.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/card-openpgp.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,15 +18,25 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" -#include "asn1.h" -#include "cardctl.h" +/* + * Specifications: + * http://www.g10code.de/docs/openpgp-card-1.1.pdf + * http://www.g10code.de/docs/openpgp-card-2.0.pdf + */ + +#include "config.h" + #include #include #include +#include "internal.h" +#include "asn1.h" +#include "cardctl.h" + static struct sc_atr_table pgp_atrs[] = { - { "3b:fa:13:00:ff:81:31:80:45:00:31:c1:73:c0:01:00:00:90:00:b1", NULL, NULL, SC_CARD_TYPE_OPENPGP_GENERIC, 0, NULL }, + { "3b:fa:13:00:ff:81:31:80:45:00:31:c1:73:c0:01:00:00:90:00:b1", NULL, "OpenPGP card v1.0/1.1", SC_CARD_TYPE_OPENPGP_V1, 0, NULL }, + { "3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c", NULL, "CryptoStick v1.2 (OpenPGP v2.0)", SC_CARD_TYPE_OPENPGP_V2, 0, NULL }, { NULL, NULL, NULL, 0, 0, NULL } }; @@ -112,9 +122,11 @@ int i; i = _sc_match_atr(card, pgp_atrs, &card->type); - if (i < 0) - return 0; - return 1; + if (i >= 0) { + card->name = pgp_atrs[i].name; + return 1; + } + return 0; } static int @@ -127,10 +139,9 @@ struct do_info *info; int r; - priv = (struct pgp_priv_data *) calloc (1, sizeof *priv); + priv = calloc (1, sizeof *priv); if (!priv) return SC_ERROR_OUT_OF_MEMORY; - card->name = "OpenPGP"; card->drv_data = priv; card->cla = 0x00; @@ -192,7 +203,7 @@ free(blob->data); blob->len = len; blob->status = 0; - blob->data = (unsigned char *) malloc(len); + blob->data = malloc(len); memcpy(blob->data, data, len); blob->file->size = len; @@ -206,7 +217,7 @@ sc_file_t *file = sc_file_new(); struct blob *blob, **p; - blob = (struct blob *) calloc(1, sizeof(*blob)); + blob = calloc(1, sizeof(*blob)); blob->parent = parent; blob->id = file_id; blob->file = file; @@ -235,9 +246,7 @@ if (blob->info == NULL) return blob->status; - sc_ctx_suppress_errors_on(card->ctx); r = blob->info->get_fn(card, blob->id, buffer, sizeof(buffer)); - sc_ctx_suppress_errors_off(card->ctx); if (r < 0) { blob->status = r; @@ -308,7 +317,7 @@ return 0; -eoc: sc_error(card->ctx, "Unexpected end of contents\n"); +eoc: sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unexpected end of contents\n"); return SC_ERROR_OBJECT_NOT_VALID; } @@ -345,6 +354,8 @@ unsigned int n; int r; + memset(&path_copy, 0, sizeof(path_copy)); + if (path->type == SC_PATH_TYPE_DF_NAME) return iso_ops->select_file(card, path, ret); if (path->type != SC_PATH_TYPE_PATH) @@ -441,7 +452,7 @@ u8 idbuf[2]; int r; - sc_debug(card->ctx, "called, tag=%04x\n", tag); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "called, tag=%04x\n", tag); idbuf[0] = tag >> 8; idbuf[1] = tag; @@ -455,9 +466,9 @@ apdu.resplen = buf_len; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); return apdu.resplen; } @@ -472,7 +483,7 @@ size_t len; int r; - sc_debug(card->ctx, "called, tag=%04x\n", tag); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "called, tag=%04x\n", tag); if ((r = pgp_get_blob(card, &priv->mf, tag & 0xFFFE, &blob)) < 0 || (r = pgp_get_blob(card, blob, 0x7F49, &blob)) < 0 @@ -512,9 +523,9 @@ apdu.resplen = buf_len; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); return apdu.resplen; } @@ -556,7 +567,7 @@ case SC_SEC_OPERATION_SIGN: if (env->key_ref[0] != 0x00 && env->key_ref[0] != 0x02) { - sc_error(card->ctx, + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Key reference not compatible with " "requested usage\n"); return SC_ERROR_NOT_SUPPORTED; @@ -564,7 +575,7 @@ break; case SC_SEC_OPERATION_DECIPHER: if (env->key_ref[0] != 0x01) { - sc_error(card->ctx, + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Key reference not compatible with " "requested usage\n"); return SC_ERROR_NOT_SUPPORTED; @@ -602,11 +613,11 @@ 0x88, 0, 0); break; case 0x01: - sc_error(card->ctx, + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Invalid key reference (decipher only key)\n"); return SC_ERROR_INVALID_ARGUMENTS; default: - sc_error(card->ctx, "Invalid key reference 0x%02x\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Invalid key reference 0x%02x\n", env->key_ref[0]); return SC_ERROR_INVALID_ARGUMENTS; } @@ -619,9 +630,9 @@ apdu.resplen = outlen; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); return apdu.resplen; } @@ -638,7 +649,7 @@ /* There's some funny padding indicator that must be * prepended... hmm. */ - if (!(temp = (u8 *) malloc(inlen + 1))) + if (!(temp = malloc(inlen + 1))) return SC_ERROR_OUT_OF_MEMORY; temp[0] = '\0'; memcpy(temp + 1, in, inlen); @@ -658,12 +669,12 @@ break; case 0x00: /* signature key */ case 0x02: /* authentication key */ - sc_error(card->ctx, + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Invalid key reference (signature only key)\n"); free(temp); return SC_ERROR_INVALID_ARGUMENTS; default: - sc_error(card->ctx, "Invalid key reference 0x%02x\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Invalid key reference 0x%02x\n", env->key_ref[0]); free(temp); return SC_ERROR_INVALID_ARGUMENTS; @@ -679,9 +690,9 @@ r = sc_transmit_apdu(card, &apdu); free(temp); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "Card returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Card returned error"); return apdu.resplen; } diff -Nru opensc-0.11.13/src/libopensc/card-piv.c opensc-0.12.1/src/libopensc/card-piv.c --- opensc-0.11.13/src/libopensc/card-piv.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/card-piv.c 2011-05-17 17:07:00.000000000 +0000 @@ -3,7 +3,7 @@ * card-default.c: Support for cards with no driver * * Copyright (C) 2001, 2002 Juha Yrjölä - * Copyright (C) 2005,2006,2007 Douglas E. Engert + * Copyright (C) 2005,2006,2007,2008,2009,2010 Douglas E. Engert * Copyright (C) 2006, Identity Alliance, Thomas Harning * Copyright (C) 2007, EMC, Russell Larner * @@ -22,17 +22,22 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" - -#ifdef ENABLE_OPENSSL +#include "config.h" #include +#include #include #include +#include +#ifdef ENABLE_OPENSSL + /* openssl only needed for card administration */ #include #include #include #include +#endif /* ENABLE_OPENSSL */ + +#include "internal.h" #include "asn1.h" #include "cardctl.h" #ifdef ENABLE_ZLIB @@ -42,7 +47,7 @@ enum { PIV_OBJ_CCC = 0, PIV_OBJ_CHUI, - PIV_OBJ_UCHUI, /* new with 800-73-2 */ + /* PIV_OBJ_UCHUI is not in new with 800-73-2 */ PIV_OBJ_X509_PIV_AUTH, PIV_OBJ_CHF, PIV_OBJ_PI, @@ -51,17 +56,71 @@ PIV_OBJ_X509_KM, PIV_OBJ_X509_CARD_AUTH, PIV_OBJ_SEC_OBJ, + PIV_OBJ_DISCOVERY, + PIV_OBJ_HISTORY, + PIV_OBJ_RETIRED_X509_1, + PIV_OBJ_RETIRED_X509_2, + PIV_OBJ_RETIRED_X509_3, + PIV_OBJ_RETIRED_X509_4, + PIV_OBJ_RETIRED_X509_5, + PIV_OBJ_RETIRED_X509_6, + PIV_OBJ_RETIRED_X509_7, + PIV_OBJ_RETIRED_X509_8, + PIV_OBJ_RETIRED_X509_9, + PIV_OBJ_RETIRED_X509_10, + PIV_OBJ_RETIRED_X509_11, + PIV_OBJ_RETIRED_X509_12, + PIV_OBJ_RETIRED_X509_13, + PIV_OBJ_RETIRED_X509_14, + PIV_OBJ_RETIRED_X509_15, + PIV_OBJ_RETIRED_X509_16, + PIV_OBJ_RETIRED_X509_17, + PIV_OBJ_RETIRED_X509_18, + PIV_OBJ_RETIRED_X509_19, + PIV_OBJ_RETIRED_X509_20, + PIV_OBJ_IRIS_IMAGE, PIV_OBJ_9B03, PIV_OBJ_9A06, PIV_OBJ_9C06, PIV_OBJ_9D06, PIV_OBJ_9E06, + PIV_OBJ_8206, + PIV_OBJ_8306, + PIV_OBJ_8406, + PIV_OBJ_8506, + PIV_OBJ_8606, + PIV_OBJ_8706, + PIV_OBJ_8806, + PIV_OBJ_8906, + PIV_OBJ_8A06, + PIV_OBJ_8B06, + PIV_OBJ_8C06, + PIV_OBJ_8D06, + PIV_OBJ_8E06, + PIV_OBJ_8F06, + PIV_OBJ_9006, + PIV_OBJ_9106, + PIV_OBJ_9206, + PIV_OBJ_9306, + PIV_OBJ_9406, + PIV_OBJ_9506, PIV_OBJ_LAST_ENUM }; -/* flags in the piv_obj_cache */ +/* + * Flags in the piv_obj_cache: + * PIV_OBJ_CACHE_VALID means the data in the cache can be used. + * It might have zero length indicating that the object was not found. + * PIV_OBJ_CACHE_NOT_PRESENT means do not even try to read the object. + * These objects will only be present if the history object says + * they are on the card, or the discovery or history object in not present. + * If the file lilsted in the history object offCardCertURL was found, + * its certs will be read into the cache and PIV_OBJ_CACHE_VALID set + * and PIV_OBJ_CACHE_NOT_PRESENT unset. + */ -#define PIV_OBJ_CACHE_VALID 1 +#define PIV_OBJ_CACHE_VALID 1 +#define PIV_OBJ_CACHE_NOT_PRESENT 8 typedef struct piv_obj_cache { u8* obj_data; @@ -72,17 +131,21 @@ } piv_obj_cache_t; typedef struct piv_private_data { - struct sc_pin_cmd_pin pin_info; sc_file_t *aid_file; int enumtag; int selected_obj; /* The index into the piv_objects last selected */ int return_only_cert; /* return the cert from the object */ - int rb_state; /* first time -1, 0, in middle, 1 at eof */ - size_t max_recv_size; /* saved size, need to lie to pkcs15_read_file */ - size_t max_send_size; + int rwb_state; /* first time -1, 0, in middle, 1 at eof */ int key_ref; /* saved from set_security_env and */ int alg_id; /* used in decrypt, signature */ + int key_size; /* RSA: modulus_bits EC: field_length in bits */ + u8* w_buf; /* write_binary buffer */ + size_t w_buf_len; /* length of w_buff */ piv_obj_cache_t obj_cache[PIV_OBJ_LAST_ENUM]; + int keysWithOnCardCerts; + int keysWithOffCardCerts; + char * offCardCertURL; + int pin_preference; /* set from Discovery object */ } piv_private_data_t; #define PIV_DATA(card) ((piv_private_data_t*)card->drv_data) @@ -94,23 +157,39 @@ u8 *value; }; -/* The Generic entry should be the "A0 00 00 03 08 00 00 01 00 " +/* + * The Generic entry should be the "A0 00 00 03 08 00 00 01 00 " * NIST published this on 10/6/2005 - * 800-73-2 is due for release 11/2007. * 800-73-2 Part 1 now refers to version "02 00" * i.e. "A0 00 00 03 08 00 00 01 00 02 00". - * but we dont need the version number. but could get it from the PIX. + * but we don't need the version number. but could get it from the PIX. + * + * 800-73-3 Part 1 now referes to "01 00" i.e. going back to 800-73-1. + * The main differences between 73-1, and 73-3 are the addition of the + * key History object and keys, as well as Discovery and Iris objects. */ + static struct piv_aid piv_aids[] = { {SC_CARD_TYPE_PIV_II_GENERIC, 9, 9, (u8 *) "\xA0\x00\x00\x03\x08\x00\x00\x10\x00" }, {0, 9, 0, NULL } }; -/* flags in the piv_object */ +/* The EC curves supported by PIV */ +#if 0 +static u8 oid_prime256v1[] = {"\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07"}; +static u8 oid_secp384r1[] = {"\x06\x05\x2b\x81\x04\x00\x22"}; +#endif + +/* + * Flags in the piv_object: + * PIV_OBJECT_NOT_PRESENT: the presents of the object is + * indicated by the History object. + */ #define PIV_OBJECT_TYPE_CERT 1 #define PIV_OBJECT_TYPE_PUBKEY 2 +#define PIV_OBJECT_NOT_PRESENT 4 struct piv_object { int enumtag; @@ -123,21 +202,18 @@ }; /* Must be in order, and one per enumerated PIV_OBJ */ -static struct piv_object piv_objects[] = { +static const struct piv_object piv_objects[] = { { PIV_OBJ_CCC, "Card Capability Container", "2.16.840.1.101.3.7.1.219.0", 3, "\x5F\xC1\x07", "\xDB\x00", 0}, { PIV_OBJ_CHUI, "Card Holder Unique Identifier", "2.16.840.1.101.3.7.2.48.0", 3, "\x5F\xC1\x02", "\x30\x00", 0}, - { PIV_OBJ_UCHUI, "Unsigned Card Holder Unique Identifier", - "2.16.840.1.101.3.7.2.48.1", 3, "\x5F\xC1\x04", "\x30\x10", 0}, { PIV_OBJ_X509_PIV_AUTH, "X.509 Certificate for PIV Authentication", "2.16.840.1.101.3.7.2.1.1", 3, "\x5F\xC1\x05", "\x01\x01", PIV_OBJECT_TYPE_CERT} , - /* extra 400 is hack for MultOS card which returns 2200 bytes */ { PIV_OBJ_CHF, "Card Holder Fingerprints", "2.16.840.1.101.3.7.2.96.16", 3, "\x5F\xC1\x03", "\x60\x10", 0}, { PIV_OBJ_PI, "Printed Information", "2.16.840.1.101.3.7.2.48.1", 3, "\x5F\xC1\x09", "\x30\x01", 0}, - { PIV_OBJ_CHFI, "Card Holder Facial Image", + { PIV_OBJ_CHFI, "Cardholder Facial Images", "2.16.840.1.101.3.7.2.96.48", 3, "\x5F\xC1\x08", "\x60\x30", 0}, { PIV_OBJ_X509_DS, "X.509 Certificate for Digital Signature", "2.16.840.1.101.3.7.2.1.0", 3, "\x5F\xC1\x0A", "\x01\x00", PIV_OBJECT_TYPE_CERT}, @@ -147,6 +223,76 @@ "2.16.840.1.101.3.7.2.5.0", 3, "\x5F\xC1\x01", "\x05\x00", PIV_OBJECT_TYPE_CERT}, { PIV_OBJ_SEC_OBJ, "Security Object", "2.16.840.1.101.3.7.2.144.0", 3, "\x5F\xC1\x06", "\x90\x00", 0}, + { PIV_OBJ_DISCOVERY, "Discovery Object", + "2.16.840.1.101.3.7.2.96.80", 1, "\x7E", "\x60\x50", 0}, + { PIV_OBJ_HISTORY, "Key History Object", + "2.16.840.1.101.3.7.2.96.96", 3, "\x5F\xC1\x0C", "\x60\x60", 0}, + +/* 800-73-3, 21 new objects, 20 history certificates */ + { PIV_OBJ_RETIRED_X509_1, "Retired X.509 Certificate for Key Management 1", + "2.16.840.1.101.3.7.2.16.1", 3, "\x5F\xC1\x0D", "\x10\x01", + PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT}, + { PIV_OBJ_RETIRED_X509_2, "Retired X.509 Certificate for Key Management 2", + "2.16.840.1.101.3.7.2.16.2", 3, "\x5F\xC1\x0E", "\x10\x02", + PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT}, + { PIV_OBJ_RETIRED_X509_3, "Retired X.509 Certificate for Key Management 3", + "2.16.840.1.101.3.7.2.16.3", 3, "\x5F\xC1\x0F", "\x10\x03", + PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT}, + { PIV_OBJ_RETIRED_X509_4, "Retired X.509 Certificate for Key Management 4", + "2.16.840.1.101.3.7.2.16.4", 3, "\x5F\xC1\x10", "\x10\x04", + PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT}, + { PIV_OBJ_RETIRED_X509_5, "Retired X.509 Certificate for Key Management 5", + "2.16.840.1.101.3.7.2.16.5", 3, "\x5F\xC1\x11", "\x10\x05", + PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT}, + { PIV_OBJ_RETIRED_X509_6, "Retired X.509 Certificate for Key Management 6", + "2.16.840.1.101.3.7.2.16.6", 3, "\x5F\xC1\x12", "\x10\x06", + PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT}, + { PIV_OBJ_RETIRED_X509_7, "Retired X.509 Certificate for Key Management 7", + "2.16.840.1.101.3.7.2.16.7", 3, "\x5F\xC1\x13", "\x10\x07", + PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT}, + { PIV_OBJ_RETIRED_X509_8, "Retired X.509 Certificate for Key Management 8", + "2.16.840.1.101.3.7.2.16.8", 3, "\x5F\xC1\x14", "\x10\x08", + PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT}, + { PIV_OBJ_RETIRED_X509_9, "Retired X.509 Certificate for Key Management 9", + "2.16.840.1.101.3.7.2.16.9", 3, "\x5F\xC1\x15", "\x10\x09", + PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT}, + { PIV_OBJ_RETIRED_X509_10, "Retired X.509 Certificate for Key Management 10", + "2.16.840.1.101.3.7.2.16.10", 3, "\x5F\xC1\x16", "\x10\x0A", + PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT}, + { PIV_OBJ_RETIRED_X509_11, "Retired X.509 Certificate for Key Management 11", + "2.16.840.1.101.3.7.2.16.11", 3, "\x5F\xC1\x17", "\x10\x0B", + PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT}, + { PIV_OBJ_RETIRED_X509_12, "Retired X.509 Certificate for Key Management 12", + "2.16.840.1.101.3.7.2.16.12", 3, "\x5F\xC1\x18", "\x10\x0C", + PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT}, + { PIV_OBJ_RETIRED_X509_13, "Retired X.509 Certificate for Key Management 13", + "2.16.840.1.101.3.7.2.16.13", 3, "\x5F\xC1\x19", "\x10\x0D", + PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT}, + { PIV_OBJ_RETIRED_X509_14, "Retired X.509 Certificate for Key Management 14", + "2.16.840.1.101.3.7.2.16.14", 3, "\x5F\xC1\x1A", "\x10\x0E", + PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT}, + { PIV_OBJ_RETIRED_X509_15, "Retired X.509 Certificate for Key Management 15", + "2.16.840.1.101.3.7.2.16.15", 3, "\x5F\xC1\x1B", "\x10\x0F", + PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT}, + { PIV_OBJ_RETIRED_X509_16, "Retired X.509 Certificate for Key Management 16", + "2.16.840.1.101.3.7.2.16.16", 3, "\x5F\xC1\x1C", "\x10\x10", + PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT}, + { PIV_OBJ_RETIRED_X509_17, "Retired X.509 Certificate for Key Management 17", + "2.16.840.1.101.3.7.2.16.17", 3, "\x5F\xC1\x1D", "\x10\x11", + PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT}, + { PIV_OBJ_RETIRED_X509_18, "Retired X.509 Certificate for Key Management 18", + "2.16.840.1.101.3.7.2.16.18", 3, "\x5F\xC1\x1E", "\x10\x12", + PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT}, + { PIV_OBJ_RETIRED_X509_19, "Retired X.509 Certificate for Key Management 19", + "2.16.840.1.101.3.7.2.16.19", 3, "\x5F\xC1\x1F", "\x10\x13", + PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT}, + { PIV_OBJ_RETIRED_X509_20, "Retired X.509 Certificate for Key Management 20", + "2.16.840.1.101.3.7.2.16.20", 3, "\x5F\xC1\x20", "\x10\x14", + PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT}, + + { PIV_OBJ_IRIS_IMAGE, "Cardholder Iris Images", + "2.16.840.1.101.3.7.2.16.21", 3, "\x5F\xC1\x21", "\x10\x15", 0}, + /* following not standard , to be used by piv-tool only for testing */ { PIV_OBJ_9B03, "3DES-ECB ADM", "2.16.840.1.101.3.7.2.9999.3", 2, "\x9B\x03", "\x9B\x03", 0}, @@ -163,6 +309,47 @@ "2.16.840.1.101.3.7.2.9999.22", 2, "\x9D\x06", "\x9D\x06", PIV_OBJECT_TYPE_PUBKEY}, { PIV_OBJ_9E06, "Pub 9E key from last genkey", "2.16.840.1.101.3.7.2.9999.23", 2, "\x9E\x06", "\x9E\x06", PIV_OBJECT_TYPE_PUBKEY}, + + { PIV_OBJ_8206, "Pub 82 key ", + "2.16.840.1.101.3.7.2.9999.101", 2, "\x82\x06", "\x82\x06", PIV_OBJECT_TYPE_PUBKEY}, + { PIV_OBJ_8306, "Pub 83 key ", + "2.16.840.1.101.3.7.2.9999.102", 2, "\x83\x06", "\x83\x06", PIV_OBJECT_TYPE_PUBKEY}, + { PIV_OBJ_8406, "Pub 84 key ", + "2.16.840.1.101.3.7.2.9999.103", 2, "\x84\x06", "\x84\x06", PIV_OBJECT_TYPE_PUBKEY}, + { PIV_OBJ_8506, "Pub 85 key ", + "2.16.840.1.101.3.7.2.9999.104", 2, "\x85\x06", "\x85\x06", PIV_OBJECT_TYPE_PUBKEY}, + { PIV_OBJ_8606, "Pub 86 key ", + "2.16.840.1.101.3.7.2.9999.105", 2, "\x86\x06", "\x86\x06", PIV_OBJECT_TYPE_PUBKEY}, + { PIV_OBJ_8706, "Pub 87 key ", + "2.16.840.1.101.3.7.2.9999.106", 2, "\x87\x06", "\x87\x06", PIV_OBJECT_TYPE_PUBKEY}, + { PIV_OBJ_8806, "Pub 88 key ", + "2.16.840.1.101.3.7.2.9999.107", 2, "\x88\x06", "\x88\x06", PIV_OBJECT_TYPE_PUBKEY}, + { PIV_OBJ_8906, "Pub 89 key ", + "2.16.840.1.101.3.7.2.9999.108", 2, "\x89\x06", "\x89\x06", PIV_OBJECT_TYPE_PUBKEY}, + { PIV_OBJ_8A06, "Pub 8A key ", + "2.16.840.1.101.3.7.2.9999.109", 2, "\x8A\x06", "\x8A\x06", PIV_OBJECT_TYPE_PUBKEY}, + { PIV_OBJ_8B06, "Pub 8B key ", + "2.16.840.1.101.3.7.2.9999.110", 2, "\x8B\x06", "\x8B\x06", PIV_OBJECT_TYPE_PUBKEY}, + { PIV_OBJ_8C06, "Pub 8C key ", + "2.16.840.1.101.3.7.2.9999.111", 2, "\x8C\x06", "\x8C\x06", PIV_OBJECT_TYPE_PUBKEY}, + { PIV_OBJ_8D06, "Pub 8D key ", + "2.16.840.1.101.3.7.2.9999.112", 2, "\x8D\x06", "\x8D\x06", PIV_OBJECT_TYPE_PUBKEY}, + { PIV_OBJ_8E06, "Pub 8E key ", + "2.16.840.1.101.3.7.2.9999.113", 2, "\x8E\x06", "\x8E\x06", PIV_OBJECT_TYPE_PUBKEY}, + { PIV_OBJ_8F06, "Pub 8F key ", + "2.16.840.1.101.3.7.2.9999.114", 2, "\x8F\x06", "\x8F\x06", PIV_OBJECT_TYPE_PUBKEY}, + { PIV_OBJ_9006, "Pub 90 key ", + "2.16.840.1.101.3.7.2.9999.115", 2, "\x90\x06", "\x90\x06", PIV_OBJECT_TYPE_PUBKEY}, + { PIV_OBJ_9106, "Pub 91 key ", + "2.16.840.1.101.3.7.2.9999.116", 2, "\x91\x06", "\x91\x06", PIV_OBJECT_TYPE_PUBKEY}, + { PIV_OBJ_9206, "Pub 92 key ", + "2.16.840.1.101.3.7.2.9999.117", 2, "\x92\x06", "\x92\x06", PIV_OBJECT_TYPE_PUBKEY}, + { PIV_OBJ_9306, "Pub 93 key ", + "2.16.840.1.101.3.7.2.9999.118", 2, "\x93\x06", "\x93\x06", PIV_OBJECT_TYPE_PUBKEY}, + { PIV_OBJ_9406, "Pub 94 key ", + "2.16.840.1.101.3.7.2.9999.119", 2, "\x94\x06", "\x94\x06", PIV_OBJECT_TYPE_PUBKEY}, + { PIV_OBJ_9506, "Pub 95 key ", + "2.16.840.1.101.3.7.2.9999.120", 2, "\x95\x06", "\x95\x06", PIV_OBJECT_TYPE_PUBKEY}, { PIV_OBJ_LAST_ENUM, "", "", 0, "", "", 0} }; @@ -175,6 +362,21 @@ NULL, 0, NULL }; +static int piv_find_obj_by_containerid(sc_card_t *card, const u8 * str) +{ + int i; + + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "str=0x%02X%02X\n", str[0], str[1]); + + for (i = 0; piv_objects[i].enumtag < PIV_OBJ_LAST_ENUM; i++) { + if ( str[0] == piv_objects[i].containerid[0] + && str[1] == piv_objects[i].containerid[1]) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, i); + } + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, -1); +} + /* * If ptr == NULL, just return the size of the tag and lenght and data * otherwise, store tag and length at **ptr, and increment @@ -221,7 +423,7 @@ * Send a command and receive data. There is always something to send. * Used by GET DATA, PUT DATA, GENERAL AUTHENTICATE * and GENERATE ASYMMETRIC KEY PAIR. - * GET DATA may call to get the first 128 bytes to get the lenght gfrom the tag. + * GET DATA may call to get the first 128 bytes to get the lenght from the tag. * * A caller may provide a buffer, and length to read. If not provided, * an internal 4096 byte buffer is used, and a copy is returned to the @@ -232,7 +434,6 @@ const u8 * sendbuf, size_t sendbuflen, u8 ** recvbuf, size_t * recvbuflen) { - piv_private_data_t * priv = PIV_DATA(card); int r; sc_apdu_t apdu; u8 rbufinitbuf[4096]; @@ -243,15 +444,15 @@ size_t bodylen; - SC_FUNC_CALLED(card->ctx,1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); - sc_debug(card->ctx, "%02x %02x %02x %d : %d %d\n", - ins, p1, p2, sendbuflen , priv->max_send_size, priv->max_recv_size); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "%02x %02x %02x %d : %d %d\n", + ins, p1, p2, sendbuflen , card->max_send_size, card->max_recv_size); rbuf = rbufinitbuf; rbuflen = sizeof(rbufinitbuf); - /* if caller provided a buffer end length */ + /* if caller provided a buffer and length */ if (recvbuf && *recvbuf && recvbuflen && *recvbuflen) { rbuf = *recvbuf; rbuflen = *recvbuflen; @@ -259,7 +460,7 @@ r = sc_lock(card); if (r != SC_SUCCESS) - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); sc_format_apdu(card, &apdu, recvbuf ? SC_APDU_CASE_4_SHORT: SC_APDU_CASE_3_SHORT, @@ -272,7 +473,7 @@ if (recvbuf) { apdu.resp = rbuf; - apdu.le = (priv->max_recv_size <= rbuflen)? priv->max_recv_size : rbuflen; + apdu.le = (rbuflen > 256) ? 256 : rbuflen; apdu.resplen = rbuflen; } else { apdu.resp = rbuf; @@ -280,30 +481,24 @@ apdu.resplen = 0; } - /* TODO if read_binary is fixed, this is not needed */ - card->max_recv_size = priv->max_recv_size; - - sc_debug(card->ctx,"calling sc_transmit_apdu flags=%x le=%d, resplen=%d, resp=%p", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"calling sc_transmit_apdu flags=%x le=%d, resplen=%d, resp=%p", apdu.flags, apdu.le, apdu.resplen, apdu.resp); /* with new adpu.c and chaining, this actually reads the whole object */ r = sc_transmit_apdu(card, &apdu); - /* TODO if read_binary is fixed, this is not needed */ - card->max_recv_size = 0xffff; - sc_debug(card->ctx,"DEE r=%d apdu.resplen=%d sw1=%02x sw2=%02x", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"DEE r=%d apdu.resplen=%d sw1=%02x sw2=%02x", r, apdu.resplen, apdu.sw1, apdu.sw2); if (r < 0) { - sc_debug(card->ctx,"Transmit failed"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"Transmit failed"); goto err; } r = sc_check_sw(card, apdu.sw1, apdu.sw2); - -/*TODO may be 6c nn if reading only the length */ -/* TODO look later at tag vs size read too */ + +/* TODO: - DEE look later at tag vs size read too */ if (r < 0) { - sc_debug(card->ctx, "Card returned error "); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Card returned error "); goto err; } @@ -322,7 +517,7 @@ body = rbuf; if (sc_asn1_read_tag(&body, 0xffff, &cla_out, &tag_out, &bodylen) != SC_SUCCESS) { /* only early beta cards had this problem */ - sc_debug(card->ctx, "***** received buffer tag MISSING "); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "***** received buffer tag MISSING "); body = rbuf; /* some readers/cards might return 6c 00 */ if (apdu.sw1 == 0x61 || apdu.sw2 == 0x6c ) @@ -335,8 +530,8 @@ /* if using internal buffer, alloc new one */ if (rbuf == rbufinitbuf) { - *recvbuf = (u8 *)malloc(rbuflen); - sc_debug(card->ctx, "DEE got buffer %p len %d",*recvbuf, rbuflen); + *recvbuf = malloc(rbuflen); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "DEE got buffer %p len %d",*recvbuf, rbuflen); if (*recvbuf == NULL) { r = SC_ERROR_OUT_OF_MEMORY; goto err; @@ -353,22 +548,21 @@ err: sc_unlock(card); - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } /* Add the PIV-II operations */ /* Should use our own keydata, actually should be common to all cards */ -/* only do RSA for now */ +/* RSA and EC are added. */ static int piv_generate_key(sc_card_t *card, - struct sc_cardctl_cryptoflex_genkey_info *keydata) + sc_cardctl_piv_genkey_info_t *keydata) { int r; u8 *rbuf = NULL; size_t rbuflen = 0; - size_t buf_len = 0; - u8 *buf_end; - u8 *p, *rp, *tag; + u8 *p; + const u8 *tag; u8 tagbuf[16]; u8 outdata[3]; /* we could also add tag 81 for exponent */ size_t taglen, i; @@ -376,22 +570,35 @@ size_t in_len; unsigned int cla_out, tag_out; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); keydata->exponent = 0; keydata->pubkey = NULL; keydata->pubkey_len = 0; - + keydata->ecparam = NULL; /* will show size as we only support 2 curves */ + keydata->ecparam_len = 0; + keydata->ecpoint = NULL; + keydata->ecpoint_len = 0; out_len = 3; outdata[0] = 0x80; outdata[1] = 0x01; - switch (keydata->key_bits) { - case 1024: outdata[2] = 0x06; break; - case 2048: outdata[2] = 0x07; break; - case 3072: outdata[2] = 0x05; break; + outdata[2] = keydata->key_algid; + switch (keydata->key_algid) { + case 0x05: keydata->key_bits = 3072; break; + case 0x06: keydata->key_bits = 1024; break; + case 0x07: keydata->key_bits = 2048; break; + /* TODO: - DEE For EC, also set the curve parameter as the OID */ + case 0x11: keydata->key_bits = 0; + keydata->ecparam =0; /* we only support prime256v1 for 11 */ + keydata->ecparam_len =0; + break; + case 0x14: keydata->key_bits = 0; + keydata->ecparam = 0; /* we only support secp384r1 */ + keydata->ecparam_len = 0; + break; default: - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS); } p = tagbuf; @@ -401,9 +608,6 @@ memcpy(p, outdata, out_len); p+=out_len; - rp = rbuf; - buf_end = rp + buf_len; - r = piv_general_io(card, 0x47, 0x00, keydata->key_num, tagbuf, p - tagbuf, &rbuf, &rbuflen); @@ -419,34 +623,48 @@ r = sc_asn1_read_tag(&cp, rbuflen, &cla_out, &tag_out, &in_len); if (r != SC_SUCCESS) { - sc_debug(card->ctx,"Tag buffer not found"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"Tag buffer not found"); goto err; } - tag = (u8 *) sc_asn1_find_tag(card->ctx, cp, in_len, 0x82, &taglen); - if (tag != NULL && taglen <= 4) { - keydata->exponent = 0; - for (i = 0; i < taglen;i++) { - keydata->exponent = (keydata->exponent<<8) + tag[i]; - } - } - tag = (u8 *) sc_asn1_find_tag(card->ctx, cp, in_len, 0x81, &taglen); - - if (tag != NULL && taglen > 0) { - keydata->pubkey = malloc(taglen); - if (keydata->pubkey == NULL) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_OUT_OF_MEMORY); - keydata->pubkey_len = taglen; - memcpy (keydata->pubkey, tag, taglen); + /* if RSA vs EC */ + if (keydata->key_bits > 0 ) { + tag = sc_asn1_find_tag(card->ctx, cp, in_len, 0x82, &taglen); + if (tag != NULL && taglen <= 4) { + keydata->exponent = 0; + for (i = 0; i < taglen;i++) { + keydata->exponent = (keydata->exponent<<8) + tag[i]; + } + } + tag = sc_asn1_find_tag(card->ctx, cp, in_len, 0x81, &taglen); + + if (tag != NULL && taglen > 0) { + keydata->pubkey = malloc(taglen); + if (keydata->pubkey == NULL) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); + keydata->pubkey_len = taglen; + memcpy (keydata->pubkey, tag, taglen); + } + } else { /* must be EC */ + tag = sc_asn1_find_tag(card->ctx, cp, in_len, 0x86, &taglen); + if (tag != NULL && taglen > 0) { + keydata->ecpoint = malloc(taglen); + if (keydata->ecpoint == NULL) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); + keydata->ecpoint_len = taglen; + memcpy (keydata->ecpoint, tag, taglen); + } } - /* TODO could add key to cache so could use engine to generate key, and */ + + /* TODO: -DEE Could add key to cache so could use engine to generate key, + * and sign req in single operation */ r = 0; } err: if (rbuf) free(rbuf); - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } @@ -455,9 +673,10 @@ sc_apdu_t apdu; int r; - SC_FUNC_CALLED(card->ctx,4); - if (card->ctx->debug >= 5) - sc_debug(card->ctx, "Got args: aid=%x, aidlen=%d, response=%x, responselen=%d\n", aid, aidlen, response, *responselen); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "Got args: aid=%x, aidlen=%d, response=%x, responselen=%d\n", + aid, aidlen, response, responselen ? *responselen : 0); sc_format_apdu(card, &apdu, response == NULL ? SC_APDU_CASE_3_SHORT : SC_APDU_CASE_4_SHORT, 0xA4, 0x04, 0x00); @@ -465,13 +684,14 @@ apdu.data = aid; apdu.datalen = aidlen; apdu.resp = response; - apdu.resplen = *responselen; + apdu.resplen = responselen ? *responselen : 0; apdu.le = response == NULL ? 0 : 256; /* could be 21 for fci */ r = sc_transmit_apdu(card, &apdu); - *responselen = apdu.resplen; - SC_TEST_RET(card->ctx, 4, r); - SC_FUNC_RETURN(card->ctx, 4, sc_check_sw(card, apdu.sw1, apdu.sw2)); + if (responselen) + *responselen = apdu.resplen; + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "PIV select failed"); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); } /* find the PIV AID on the card. If card->type already filled in, @@ -484,28 +704,28 @@ sc_apdu_t apdu; u8 rbuf[SC_MAX_APDU_BUFFER_SIZE]; int r,i; - u8 *tag; + const u8 *tag; size_t taglen; - u8 *pix; + const u8 *pix; size_t pixlen; size_t resplen = sizeof(rbuf); - SC_FUNC_CALLED(card->ctx,1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); /* first see if the default applcation will return a template * that we know about. */ if (card->type == SC_CARD_TYPE_PIV_II_GENERIC) - SC_FUNC_RETURN(card->ctx, 1, 0); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, 0); r = piv_select_aid(card, piv_aids[0].value, piv_aids[0].len_short, rbuf, &resplen); if (r >= 0 && resplen > 2 ) { - tag = (u8 *) sc_asn1_find_tag(card->ctx, rbuf, resplen, 0x61, &taglen); + tag = sc_asn1_find_tag(card->ctx, rbuf, resplen, 0x61, &taglen); if (tag != NULL) { - pix = (u8 *) sc_asn1_find_tag(card->ctx, tag, taglen, 0x4F, &pixlen); + pix = sc_asn1_find_tag(card->ctx, tag, taglen, 0x4F, &pixlen); if (pix != NULL ) { - sc_debug(card->ctx,"found PIX"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"found PIX"); /* early cards returned full AID, rather then just the pix */ for (i = 0; piv_aids[i].len_long != 0; i++) { @@ -517,9 +737,9 @@ if (card->type > SC_CARD_TYPE_PIV_II_BASE && card->type < SC_CARD_TYPE_PIV_II_BASE+1000 && card->type == piv_aids[i].enumtag) { - SC_FUNC_RETURN(card->ctx, 1, i); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, i); } else { - SC_FUNC_RETURN(card->ctx, 1, i); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, i); } } } @@ -546,14 +766,14 @@ apdu.le = 256; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (r) { if (card->type != 0 && card->type == piv_aids[i].enumtag) { - SC_FUNC_RETURN(card->ctx, 1, i); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, i); } continue; } @@ -564,34 +784,97 @@ } if (apdu.resp[0] != 0x6f || apdu.resp[1] > apdu.resplen - 2 ) - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_NO_CARD_SUPPORT); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_NO_CARD_SUPPORT); card->ops->process_fci(card, aid_file, apdu.resp+2, apdu.resp[1]); if (aid_file->name == NULL) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_NO_CARD_SUPPORT); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NO_CARD_SUPPORT); - SC_FUNC_RETURN(card->ctx, 1, i); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, i); } - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_NO_CARD_SUPPORT); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NO_CARD_SUPPORT); } +/* + * Read a DER encoded object from a file. Allocate and return the buf. + * Used to read the file defined in offCardCertURL from a cache. + * Also used for testing of History and Discovery objects from a file + * when testing with a card that does not support these new objects. + */ +static int piv_read_obj_from_file(sc_card_t * card, char * filename, + u8 **buf, size_t *buf_len) +{ + int r; + int f = -1; + size_t len; + u8 tagbuf[16]; + size_t rbuflen; + const u8 * body; + unsigned int cla_out, tag_out; + size_t bodylen; + + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + + *buf = NULL; + *buf_len = 0; + f = open(filename, O_RDONLY); + if (f < 0) { + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "Unable to load PIV off card file: \"%s\"\n",filename); + r = SC_ERROR_FILE_NOT_FOUND; + goto err; + } + len = read(f, tagbuf, sizeof(tagbuf)); /* get tag and length */ + if (len < 2 || len > sizeof(tagbuf)) { + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"Problem with \"%s\"\n",filename); + r = SC_ERROR_DATA_OBJECT_NOT_FOUND; + goto err; + } + body = tagbuf; + if (sc_asn1_read_tag(&body, 0xfffff, &cla_out, + &tag_out, &bodylen) != SC_SUCCESS) { + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "DER problem\n"); + r = SC_ERROR_INVALID_ASN1_OBJECT; + goto err; + } + rbuflen = body - tagbuf + bodylen; + *buf = malloc(rbuflen); + if (!*buf) { + r = SC_ERROR_OUT_OF_MEMORY; + goto err; + } + memcpy(*buf, tagbuf, len); /* copy first or only part */ + if (rbuflen > len) { + len = read(f, *buf + sizeof(tagbuf), rbuflen - sizeof(tagbuf)); /* read rest */ + if (len != rbuflen - sizeof(tagbuf)) { + r = SC_ERROR_INVALID_ASN1_OBJECT; + free (*buf); + *buf = NULL; + goto err; + } + } + r = rbuflen; + *buf_len = rbuflen; +err: + if (f >= 0) + close(f); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); +} /* the tag is the PIV_OBJ_* */ static int piv_get_data(sc_card_t * card, int enumtag, u8 **buf, size_t *buf_len) { - piv_private_data_t * priv = PIV_DATA(card); u8 *p; int r = 0; u8 tagbuf[8]; size_t tag_len; - char * keyenvname = NULL; - SC_FUNC_CALLED(card->ctx,1); - sc_debug(card->ctx, "#%d \n", enumtag); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "#%d \n", enumtag); - //assert(enumtag >= 0 && enumtag < PIV_OBJ_LAST_ENUM); + /* assert(enumtag >= 0 && enumtag < PIV_OBJ_LAST_ENUM); */ tag_len = piv_objects[enumtag].tag_len; @@ -600,138 +883,49 @@ memcpy(p, piv_objects[enumtag].tag_value, tag_len); p += tag_len; - - /* - * the PIV card will only recover the public key during a generate - * key operation. If the piv-tool was used it would save this - * as an OpenSSL EVP_KEY PEM using the -o parameter - * we will look to see if there is a file then load it - * this is ugly, and maybe the pkcs15 cache would work - * but we only need it to get the OpenSSL req with engine to work. - * Each of the 4 keys with certs has its own file. - */ - - switch (piv_objects[enumtag].enumtag) { - case PIV_OBJ_9A06: - keyenvname = "PIV_9A06_KEY"; - break; - case PIV_OBJ_9C06: - keyenvname = "PIV_9C06_KEY"; - break; - case PIV_OBJ_9D06: - keyenvname = "PIV_9D06_KEY"; - break; - case PIV_OBJ_9E06: - keyenvname = "PIV_9E06_KEY"; - break; - } - - if (keyenvname) { - BIO * bp = NULL; - RSA * rsa = NULL; - u8 *q; - size_t derlen; - size_t taglen; - char * keyfilename = NULL; - - keyfilename = getenv(keyenvname); - - if (keyfilename == NULL) { - r = SC_ERROR_FILE_NOT_FOUND; - goto err; - } - sc_debug(card->ctx, "USING PUB KEY FROM FILE %s",keyfilename); - - bp = BIO_new(BIO_s_file()); - if (bp == NULL) { - r = SC_ERROR_INTERNAL; - goto err; - } - if (BIO_read_filename(bp, keyfilename) <= 0) { - BIO_free(bp); + if (*buf_len == 1 && *buf == NULL) { /* we need to get the length */ + u8 rbufinitbuf[8]; /* tag of 53 with 82 xx xx will fit in 4 */ + u8 *rbuf; + size_t rbuflen; + size_t bodylen; + unsigned int cla_out, tag_out; + const u8 *body; + + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"get len of #%d", enumtag); + rbuf = rbufinitbuf; + rbuflen = sizeof(rbufinitbuf); + r = piv_general_io(card, 0xCB, 0x3F, 0xFF, tagbuf, p - tagbuf, + &rbuf, &rbuflen); + if (r > 0) { + body = rbuf; + if (sc_asn1_read_tag(&body, 0xffff, &cla_out, &tag_out, &bodylen) != SC_SUCCESS) { + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "***** received buffer tag MISSING "); + r = SC_ERROR_FILE_NOT_FOUND; + goto err; + } + *buf_len = r; + } else if ( r == 0) { r = SC_ERROR_FILE_NOT_FOUND; goto err; - } - rsa = PEM_read_bio_RSAPublicKey(bp, &rsa, NULL, NULL); - BIO_free(bp); - if (!rsa) { - sc_debug(card->ctx,"Unable to load the public key"); - r = SC_ERROR_DATA_OBJECT_NOT_FOUND; - goto err; - } - - - derlen = i2d_RSAPublicKey(rsa, NULL); - if (derlen <= 0) { - r = SC_ERROR_DATA_OBJECT_NOT_FOUND; + } else { goto err; } - taglen = put_tag_and_len(0x99, derlen, NULL); - *buf_len = put_tag_and_len(0x53, taglen, NULL); - - *buf = (u8*) malloc(*buf_len); - if (*buf == NULL) { + } +sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"get buffer for #%d len %d", enumtag, *buf_len); + if (*buf == NULL && *buf_len > 0) { + *buf = malloc(*buf_len); + if (*buf == NULL ) { r = SC_ERROR_OUT_OF_MEMORY; goto err; } - q = *buf; - - put_tag_and_len(0x53, taglen, &q); - put_tag_and_len(0x99, derlen, &q); - - i2d_RSAPublicKey(rsa, &q); - - RSA_free(rsa); - - r = *buf_len; - - /* end of read PIV_OBJ_9A06 from file */ - } else { - - if (*buf_len == 1 && *buf == NULL) { /* we need to get the length */ - u8 rbufinitbuf[8]; /* tag of 53 with 82 xx xx will fit in 4 */ - u8 *rbuf; - size_t rbuflen; - size_t bodylen; - unsigned int cla_out, tag_out; - const u8 *body; - - sc_debug(card->ctx,"get len of #%d", enumtag); - rbuf = rbufinitbuf; - rbuflen = sizeof(rbufinitbuf); - r = piv_general_io(card, 0xCB, 0x3F, 0xFF, tagbuf, p - tagbuf, - &rbuf, &rbuflen); - if (r > 0) { - body = rbuf; - if (sc_asn1_read_tag(&body, 0xffff, &cla_out, &tag_out, &bodylen) != SC_SUCCESS) { - sc_debug(card->ctx, "***** received buffer tag MISSING "); - r = SC_ERROR_FILE_NOT_FOUND; - goto err; - } - *buf_len = r; - } else if ( r == 0) { - r = SC_ERROR_FILE_NOT_FOUND; - goto err; - } else { - goto err; - } - } -sc_debug(card->ctx,"get buffer for #%d len %d", enumtag, *buf_len); - if (*buf == NULL && *buf_len > 0) { - *buf = (u8*)malloc(*buf_len); - if (*buf == NULL ) { - r = SC_ERROR_OUT_OF_MEMORY; - goto err; - } - } - - r = piv_general_io(card, 0xCB, 0x3F, 0xFF, tagbuf, p - tagbuf, - buf, buf_len); } + r = piv_general_io(card, 0xCB, 0x3F, 0xFF, tagbuf, p - tagbuf, + buf, buf_len); + err: - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } static int piv_get_cached_data(sc_card_t * card, int enumtag, @@ -743,15 +937,15 @@ u8 *rbuf = NULL; size_t rbuflen; - SC_FUNC_CALLED(card->ctx,1); - sc_debug(card->ctx, "#%d", enumtag); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "#%d", enumtag); assert(enumtag >= 0 && enumtag < PIV_OBJ_LAST_ENUM); /* see if we have it cached */ if (priv->obj_cache[enumtag].flags & PIV_OBJ_CACHE_VALID) { - sc_debug(card->ctx,"found #%d %p:%d %p:%d", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"found #%d %p:%d %p:%d", enumtag, priv->obj_cache[enumtag].obj_data, priv->obj_cache[enumtag].obj_len, @@ -761,7 +955,7 @@ if (priv->obj_cache[enumtag].obj_len == 0) { r = SC_ERROR_FILE_NOT_FOUND; - sc_debug(card->ctx,"#%d found but len=0", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"#%d found but len=0", enumtag); goto err; } @@ -771,18 +965,30 @@ goto ok; } - /* not cached get it, piv_get_data will allocate a buf */ -sc_debug(card->ctx,"get #%d", enumtag); + /* + * If we know it can not be on the card i.e. History object + * has been read, and we know what other certs may or + * may not be on the card. We can avoid extra overhead + */ + + if (priv->obj_cache[enumtag].flags & PIV_OBJ_CACHE_NOT_PRESENT) { + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"no_obj #%d", enumtag); + r = SC_ERROR_FILE_NOT_FOUND; + goto err; + } + + /* Not cached, try to get it, piv_get_data will allocate a buf */ + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"get #%d", enumtag); rbuflen = 1; r = piv_get_data(card, enumtag, &rbuf, &rbuflen); if (r > 0) { - priv->obj_cache[enumtag].flags = PIV_OBJ_CACHE_VALID; + priv->obj_cache[enumtag].flags |= PIV_OBJ_CACHE_VALID; priv->obj_cache[enumtag].obj_len = r; priv->obj_cache[enumtag].obj_data = rbuf; *buf = rbuf; *buf_len = r; - sc_debug(card->ctx,"added #%d %p:%d %p:%d", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"added #%d %p:%d %p:%d", enumtag, priv->obj_cache[enumtag].obj_data, priv->obj_cache[enumtag].obj_len, @@ -791,7 +997,7 @@ } else if (r == 0 || r == SC_ERROR_FILE_NOT_FOUND) { r = SC_ERROR_FILE_NOT_FOUND; - priv->obj_cache[enumtag].flags = PIV_OBJ_CACHE_VALID; + priv->obj_cache[enumtag].flags |= PIV_OBJ_CACHE_VALID; priv->obj_cache[enumtag].obj_len = 0; } else if ( r < 0) { goto err; @@ -800,94 +1006,95 @@ err: - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } static int piv_cache_internal_data(sc_card_t *card, int enumtag) { piv_private_data_t * priv = PIV_DATA(card); - u8* tag; - u8* body; + const u8* tag; + const u8* body; size_t taglen; size_t bodylen; int compressed = 0; /* if already cached */ if (priv->obj_cache[enumtag].internal_obj_data && priv->obj_cache[enumtag].internal_obj_len) { - sc_debug(card->ctx,"#%d found internal %p:%d", enumtag, + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"#%d found internal %p:%d", enumtag, priv->obj_cache[enumtag].internal_obj_data, priv->obj_cache[enumtag].internal_obj_len); - SC_FUNC_RETURN(card->ctx, 1, 0); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, 0); } - body = (u8 *) sc_asn1_find_tag(card->ctx, + body = sc_asn1_find_tag(card->ctx, priv->obj_cache[enumtag].obj_data, priv->obj_cache[enumtag].obj_len, 0x53, &bodylen); if (body == NULL) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_OBJECT_NOT_VALID); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OBJECT_NOT_VALID); /* get the certificate out */ if (piv_objects[enumtag].flags & PIV_OBJECT_TYPE_CERT) { - tag = (u8 *) sc_asn1_find_tag(card->ctx, body, bodylen, 0x71, &taglen); + tag = sc_asn1_find_tag(card->ctx, body, bodylen, 0x71, &taglen); /* 800-72-1 not clear if this is 80 or 01 Sent comment to NIST for 800-72-2 */ if (tag && (((*tag) & 0x80) || ((*tag) & 0x01))) { compressed = 1; } - tag = (u8 *) sc_asn1_find_tag(card->ctx, body, bodylen, 0x70, &taglen); + tag = sc_asn1_find_tag(card->ctx, body, bodylen, 0x70, &taglen); if (tag == NULL) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_OBJECT_NOT_VALID); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OBJECT_NOT_VALID); if (taglen == 0) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_FILE_NOT_FOUND); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_FILE_NOT_FOUND); if(compressed) { #ifdef ENABLE_ZLIB size_t len; u8* newBuf = NULL; if(SC_SUCCESS != sc_decompress_alloc(&newBuf, &len, tag, taglen, COMPRESSION_AUTO)) { - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_OBJECT_NOT_VALID); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OBJECT_NOT_VALID); } priv->obj_cache[enumtag].internal_obj_data = newBuf; priv->obj_cache[enumtag].internal_obj_len = len; #else - sc_error(card->ctx,"PIV compression not supported, no zlib"); - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_NOT_SUPPORTED); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"PIV compression not supported, no zlib"); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED); #endif } else { - if (!(priv->obj_cache[enumtag].internal_obj_data = (u8*)malloc(taglen))) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_OUT_OF_MEMORY); + if (!(priv->obj_cache[enumtag].internal_obj_data = malloc(taglen))) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); memcpy(priv->obj_cache[enumtag].internal_obj_data, tag, taglen); priv->obj_cache[enumtag].internal_obj_len = taglen; } /* convert pub key to internal */ +/* TODO: -DEE need to fix ... would only be used if we cache the pub key, but we don't today */ } else if (piv_objects[enumtag].flags & PIV_OBJECT_TYPE_PUBKEY) { - tag = (u8 *) sc_asn1_find_tag(card->ctx, body, bodylen, *body, &taglen); + tag = sc_asn1_find_tag(card->ctx, body, bodylen, *body, &taglen); if (tag == NULL) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_OBJECT_NOT_VALID); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OBJECT_NOT_VALID); if (taglen == 0) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_FILE_NOT_FOUND); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_FILE_NOT_FOUND); - if (!(priv->obj_cache[enumtag].internal_obj_data = (u8*)malloc(taglen))) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_OUT_OF_MEMORY); + if (!(priv->obj_cache[enumtag].internal_obj_data = malloc(taglen))) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); memcpy(priv->obj_cache[enumtag].internal_obj_data, tag, taglen); priv->obj_cache[enumtag].internal_obj_len = taglen; } else { - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INTERNAL); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INTERNAL); } - sc_debug(card->ctx,"added #%d internal %p:%d", enumtag, + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"added #%d internal %p:%d", enumtag, priv->obj_cache[enumtag].internal_obj_data, priv->obj_cache[enumtag].internal_obj_len); - SC_FUNC_RETURN(card->ctx, 1, 0); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, 0); } @@ -904,43 +1111,40 @@ int r; u8 *rbuf = NULL; size_t rbuflen = 0; - u8 *body; + const u8 *body; size_t bodylen; - SC_FUNC_CALLED(card->ctx,1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); if (priv->selected_obj < 0) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INTERNAL); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INTERNAL); enumtag = piv_objects[priv->selected_obj].enumtag; - if (priv->rb_state == 1) { - r = 0; - } - - if (priv->rb_state == -1) { + if (priv->rwb_state == -1) { r = piv_get_cached_data(card, enumtag, &rbuf, &rbuflen); if (r >=0) { - /* an object wih no data will be considered not found */ - if (!rbuf || rbuf[0] == 0x00 || (rbuf[0] == 0x53 && rbuf[1] == 0x00)) { + /* an object with no data will be considered not found */ + /* Discovery tag = 0x73, all others are 0x53 */ + if (!rbuf || rbuf[0] == 0x00 || ((rbuf[0]&0xDF) == 0x53 && rbuf[1] == 0x00)) { r = SC_ERROR_FILE_NOT_FOUND; goto err; } - sc_debug(card->ctx, "DEE rbuf=%p,rbuflen=%d,",rbuf, rbuflen); - body = (u8 *) sc_asn1_find_tag(card->ctx, rbuf, rbuflen, 0x53, &bodylen); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "DEE rbuf=%p,rbuflen=%d,",rbuf, rbuflen); + body = sc_asn1_find_tag(card->ctx, rbuf, rbuflen, rbuf[0], &bodylen); if (body == NULL) { /* if missing, assume its the body */ /* DEE bug in the beta card */ - sc_debug(card->ctx," ***** tag 0x53 MISSING \n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL," ***** tag 0x53 MISSING \n"); r = SC_ERROR_INVALID_DATA; goto err; } if (bodylen > body - rbuf + rbuflen) { - sc_debug(card->ctx," ***** tag length > then data: %d>%d+%d", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL," ***** tag length > then data: %d>%d+%d", bodylen , body - rbuf, rbuflen); r = SC_ERROR_INVALID_DATA; goto err; } - /* if chached obj has internal interesting data (cert or pub key) */ + /* if cached obj has internal interesting data (cert or pub key) */ if (priv->return_only_cert || piv_objects[enumtag].flags & PIV_OBJECT_TYPE_PUBKEY) { r = piv_cache_internal_data(card, enumtag); if (r < 0) @@ -948,7 +1152,7 @@ } } - priv->rb_state = 0; + priv->rwb_state = 0; } if (priv->return_only_cert || piv_objects[enumtag].flags & PIV_OBJECT_TYPE_PUBKEY) { @@ -964,13 +1168,13 @@ count = rbuflen - idx; if (count <= 0) { r = 0; - priv->rb_state = 1; + priv->rwb_state = 1; } else { memcpy(buf, rbuf + idx, count); r = count; } err: - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } @@ -988,12 +1192,12 @@ u8 * p; size_t tag_len; - SC_FUNC_CALLED(card->ctx,1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); tag_len = piv_objects[tag].tag_len; sbuflen = put_tag_and_len(0x5c, tag_len, NULL) + buf_len; - if (!(sbuf = (u8 *) malloc(sbuflen))) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_OUT_OF_MEMORY); + if (!(sbuf = malloc(sbuflen))) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); p = sbuf; put_tag_and_len(0x5c, tag_len, &p); @@ -1006,14 +1210,14 @@ r = piv_general_io(card, 0xDB, 0x3F, 0xFF, sbuf, p - sbuf, NULL, NULL); - /* TODO add to cache */ if (sbuf) free(sbuf); - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } + static int piv_write_certificate(sc_card_t *card, - unsigned idx, const u8* buf, size_t count, + const u8* buf, size_t count, unsigned long flags) { piv_private_data_t * priv = PIV_DATA(card); int enumtag; @@ -1023,16 +1227,16 @@ size_t sbuflen; size_t taglen; - sc_debug(card->ctx,"DEE cert len=%d",count); - taglen = put_tag_and_len(0x70, count, NULL) + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"DEE cert len=%d",count); + taglen = put_tag_and_len(0x70, count, NULL) + put_tag_and_len(0x71, 1, NULL) + put_tag_and_len(0xFE, 0, NULL); sbuflen = put_tag_and_len(0x53, taglen, NULL); - sbuf = (u8*) malloc(sbuflen); + sbuf = malloc(sbuflen); if (sbuf == NULL) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_OUT_OF_MEMORY); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); p = sbuf; put_tag_and_len(0x53, taglen, &p); @@ -1040,44 +1244,124 @@ memcpy(p, buf, count); p += count; put_tag_and_len(0x71, 1, &p); - *p++ = (flags && 1)? 0x80:0x00; /* certinfo, i.e. gziped? */ + *p++ = (flags)? 0x80:0x00; /* certinfo, i.e. gziped? */ put_tag_and_len(0xFE,0,&p); /* LRC tag */ - sc_debug(card->ctx,"DEE buf %p len %d %d", sbuf, p -sbuf, sbuflen); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"DEE buf %p len %d %d", sbuf, p -sbuf, sbuflen); enumtag = piv_objects[priv->selected_obj].enumtag; r = piv_put_data(card, enumtag, sbuf, sbuflen); if (sbuf) free(sbuf); - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } + /* - * We need to add the 0x53 tag and other specific tags, + * For certs we need to add the 0x53 tag and other specific tags, * and call the piv_put_data * Note: the select file will have saved the object type for us - * Write is only used by piv-tool, so we will use flags==1 - * to indicate we are writing a compressed cert. + * Write is used by piv-tool, so we will use flags: + * length << 8 | 8bits: + * object xxxx0000 + * uncompresed cert xxx00001 + * compressed cert xxx10001 + * pubkey xxxx0010 + * + * to indicate we are writing a cert and if is compressed + * or if we are writing a pubkey in to the cache. + * if its not a cert or pubkey its an object. + * + * Therefore when idx=0, we will get the length of the object + * and allocate a buffer, so we can support partial writes. + * When the last chuck of the data is sent, we will write it. */ static int piv_write_binary(sc_card_t *card, unsigned int idx, const u8 *buf, size_t count, unsigned long flags) { piv_private_data_t * priv = PIV_DATA(card); - SC_FUNC_CALLED(card->ctx,1); + int r; + int enumtag; + + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); if (priv->selected_obj < 0) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INTERNAL); - if (idx != 0) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_NO_CARD_SUPPORT); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INTERNAL); + + enumtag = piv_objects[priv->selected_obj].enumtag; + + if (priv->rwb_state == 1) /* trying to write at end */ + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, 0); + + if (priv->rwb_state == -1) { + + /* if cached, remove old entry */ + if (priv->obj_cache[enumtag].flags & PIV_OBJ_CACHE_VALID) { + priv->obj_cache[enumtag].flags = 0; + if (priv->obj_cache[enumtag].obj_data) { + free(priv->obj_cache[enumtag].obj_data); + priv->obj_cache[enumtag].obj_data = NULL; + priv->obj_cache[enumtag].obj_len = 0; + } + if (priv->obj_cache[enumtag].internal_obj_data) { + free(priv->obj_cache[enumtag].internal_obj_data); + priv->obj_cache[enumtag].internal_obj_data = NULL; + priv->obj_cache[enumtag].internal_obj_len = 0; + } + } + + if (idx != 0) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NO_CARD_SUPPORT); + + priv->w_buf_len = flags>>8; + if (priv->w_buf_len == 0) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INTERNAL); + + priv->w_buf = malloc(priv->w_buf_len); + priv-> rwb_state = 0; + } + + /* on each pass make sure we have w_buf */ + if (priv->w_buf == NULL) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); + + if (idx + count > priv->w_buf_len) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OBJECT_NOT_VALID); + + memcpy(priv->w_buf + idx, buf, count); /* copy one chunk */ + + /* if this was not the last chunk, return to get rest */ + if (idx + count < priv->w_buf_len) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, count); + + priv-> rwb_state = 1; /* at end of object */ - if (piv_objects[priv->selected_obj].flags & PIV_OBJECT_TYPE_CERT) { - SC_FUNC_RETURN(card->ctx, 1, piv_write_certificate(card, idx, buf, count, flags)); + switch (flags & 0x0f) { + case 1: + r = piv_write_certificate(card, priv->w_buf, priv->w_buf_len, + flags & 0x10); + break; + case 2: /* pubkey to be added to cache, it should have 0x53 and 0x99 tags. */ + /* TODO: -DEE this is not fully implemented and not used */ + r = priv->w_buf_len; + break; + default: + r = piv_put_data(card, enumtag, priv->w_buf, priv->w_buf_len); + break; + } + /* if it worked, will cache it */ + if (r >= 0 && priv->w_buf) { + priv->obj_cache[enumtag].flags |= PIV_OBJ_CACHE_VALID; + priv->obj_cache[enumtag].obj_data = priv->w_buf; + priv->obj_cache[enumtag].obj_len = priv->w_buf_len; } else { - sc_debug(card->ctx, "Don't know how to write object %s\n", - piv_objects[priv->selected_obj].name); - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_NOT_SUPPORTED); + if (priv->w_buf) + free(priv->w_buf); } + priv->w_buf = NULL; + priv->w_buf_len = 0; + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, (r < 0)? r : count); } /* @@ -1097,23 +1381,23 @@ char * keyfilename = NULL; size_t outlen; - SC_FUNC_CALLED(card->ctx,1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); keyfilename = (char *)getenv("PIV_EXT_AUTH_KEY"); if (keyfilename == NULL) { - sc_debug(card->ctx, + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unable to get PIV_EXT_AUTH_KEY=filename for general_external_authenticate\n"); r = SC_ERROR_FILE_NOT_FOUND; goto err; } if ((f = open(keyfilename, O_RDONLY)) < 0) { - sc_debug(card->ctx," Unable to load 3des key for general_external_authenticate\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL," Unable to load 3des key for general_external_authenticate\n"); r = SC_ERROR_FILE_NOT_FOUND; goto err; } if (read(f, keybuf, 71) != 71) { - sc_debug(card->ctx," Unable to read 3des key for general_external_authenticate\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL," Unable to read 3des key for general_external_authenticate\n"); r = SC_ERROR_WRONG_LENGTH; goto err; } @@ -1134,7 +1418,7 @@ if (f >=0) close(f); - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } /* @@ -1148,6 +1432,7 @@ unsigned int key_ref, unsigned int alg_id) { int r; +#ifdef ENABLE_OPENSSL int N; int locked = 0, outl, outl2; u8 *rbuf = NULL; @@ -1158,7 +1443,7 @@ EVP_CIPHER_CTX ctx; const EVP_CIPHER *cipher; - SC_FUNC_CALLED(card->ctx,1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); EVP_CIPHER_CTX_init(&ctx); @@ -1180,7 +1465,6 @@ locked = 1; p = sbuf; - q = rbuf; *p++ = 0x7C; *p++ = 0x02; *p++ = 0x80; @@ -1271,7 +1555,7 @@ } if (outl+outl2 != sizeof(nonce) || memcmp(nonce, p, sizeof(nonce)) != 0) { - sc_debug(card->ctx, "mutual authentication failed, card returned wrong value"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "mutual authentication failed, card returned wrong value"); r = SC_ERROR_DECRYPT_FAILED; goto err; } @@ -1284,14 +1568,21 @@ if (rbuf) free(rbuf); - SC_FUNC_RETURN(card->ctx, 1, r); +#else + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"OpenSSL Required"); + r = SC_ERROR_NOT_SUPPORTED; +#endif /* ENABLE_OPENSSL */ + + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } +/* Currently only used for card administration */ static int piv_general_external_authenticate(sc_card_t *card, unsigned int key_ref, unsigned int alg_id) { - /* unused: piv_private_data_t * priv = PIV_DATA(card); */ - int r, outl, outl2; + int r; +#ifdef ENABLE_OPENSSL + int outl, outl2; int N; int locked = 0; u8 *rbuf = NULL; @@ -1301,7 +1592,7 @@ EVP_CIPHER_CTX ctx; const EVP_CIPHER *cipher; - SC_FUNC_CALLED(card->ctx,1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); EVP_CIPHER_CTX_init(&ctx); @@ -1323,15 +1614,13 @@ locked = 1; p = sbuf; - q = rbuf; *p++ = 0x7C; *p++ = 0x02; *p++ = 0x81; *p++ = 0x00; /* get a challenge */ - - r = piv_general_io(card, 0x87, 0x00, 0x00, sbuf, p - sbuf, &rbuf, &rbuflen); + r = piv_general_io(card, 0x87, alg_id, key_ref, sbuf, p - sbuf, &rbuf, &rbuflen); if (r < 0) goto err; q = rbuf; @@ -1379,55 +1668,134 @@ sc_mem_clear(key, sizeof(key)); if (rbuf) free(rbuf); +#else + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"OpenSSL Required"); + r = SC_ERROR_NOT_SUPPORTED; +#endif /* ENABLE_OPENSSL */ - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } static int piv_get_serial_nr_from_CHUI(sc_card_t* card, sc_serial_number_t* serial) { int r; + int i; + u8 gbits; u8 *rbuf = NULL; - u8 *body, *fascn; - size_t rbuflen = 0, bodylen, fascnlen; + const u8 *body; + const u8 *fascn; + const u8 *guid; + size_t rbuflen = 0, bodylen, fascnlen, guidlen; u8 temp[2000]; size_t templen = sizeof(temp); - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + if (card->serialnr.len) { + *serial = card->serialnr; + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); + } /* ensure we've got the PIV selected, and nothing else is in process */ /* This fixes several problems due to previous incomplete APDUs during card detection */ /* Note: We need the temp because (some?) Oberthur cards don't like selecting an applet without response data */ + /* 800-73-3 part1 draft, and CIO Council docs imply for PIV Compatible card + * The FASC-N Agency code should be 9999 and there should be a GUID + * based on RFC 4122. RIf so and the GUID is not all 0's + * we will use the GUID as the serial number. + */ piv_select_aid(card, piv_aids[0].value, piv_aids[0].len_short, temp, &templen); r = piv_get_cached_data(card, PIV_OBJ_CHUI, &rbuf, &rbuflen); - SC_TEST_RET(card->ctx, r, "Failure retrieving CHUI"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Failure retrieving CHUI"); r = SC_ERROR_INTERNAL; if (rbuflen != 0) { - body = (u8 *)sc_asn1_find_tag(card->ctx, rbuf, rbuflen, 0x53, &bodylen); /* Pass the outer wrapper asn1 */ + body = sc_asn1_find_tag(card->ctx, rbuf, rbuflen, 0x53, &bodylen); /* Pass the outer wrapper asn1 */ if (body != NULL && bodylen != 0) { - fascn = (u8 *)sc_asn1_find_tag(card->ctx, body, bodylen, 0x30, &fascnlen); /* Find the FASC-N data */ - if (fascn != NULL && fascnlen != 0) { - serial->len = fascnlen < SC_MAX_SERIALNR ? fascnlen : SC_MAX_SERIALNR; - memcpy (serial->value, fascn, serial->len); + fascn = sc_asn1_find_tag(card->ctx, body, bodylen, 0x30, &fascnlen); /* Find the FASC-N data */ + guid = sc_asn1_find_tag(card->ctx, body, bodylen, 0x34, &guidlen); + + gbits = 0; /* if guid is valid, gbits will not be zero */ + if (guid && guidlen == 16) { + for (i = 0; i < 16; i++) { + gbits = gbits | guid[i]; /* if all are zero, gbits will be zero */ + } + } + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"fascn=%p,fascnlen=%d,guid=%p,guidlen=%d,gbits=%2.2x\n", + fascn, fascnlen, guid, guidlen, gbits); + + if (fascn && fascnlen == 25) { + /* test if guid and the fascn starts with ;9999 (in ISO 4bit + partiy code) */ + if (!(gbits && fascn[0] == 0xD4 && fascn[1] == 0xE7 + && fascn[2] == 0x39 && (fascn[3] | 0x7F) == 0xFF)) { + serial->len = fascnlen < SC_MAX_SERIALNR ? fascnlen : SC_MAX_SERIALNR; + memcpy (serial->value, fascn, serial->len); + r = SC_SUCCESS; + gbits = 0; /* set to skip using guid below */ + } + } + if (guid && gbits) { + serial->len = guidlen < SC_MAX_SERIALNR ? guidlen : SC_MAX_SERIALNR; + memcpy (serial->value, guid, serial->len); r = SC_SUCCESS; } } } - -// if (rbuf != NULL) -// free (rbuf); - SC_FUNC_RETURN(card->ctx, 1, r); + + card->serialnr = *serial; + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); +} + +/* + * If the object can not be present on the card, because the History + * object is not present or the History object says its not present, + * return 1. If object may be present return 0. + * Cuts down on overhead, by not showing non existent objects to pkcs11 + * The path for the object is passed in and the first 2 bytes are used. + * Note: If the History or Discovery object is not found the + * PIV_OBJ_CACHE_NOT_PRESENT is set, as older cards do not have these. + * pkcs15-piv.c calls this via cardctl. + */ + +static int piv_is_object_present(sc_card_t *card, u8 *ptr) +{ + piv_private_data_t * priv = PIV_DATA(card); + int r = 0; + int enumtag; + + enumtag = piv_find_obj_by_containerid(card, ptr); + if (enumtag >= 0 && priv->obj_cache[enumtag].flags & PIV_OBJ_CACHE_NOT_PRESENT) + r = 1; + + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); +} + +/* + * NIST 800-73-3 allows the default pin to be the PIV application 0x80 + * or the global pin for the card 0x00. Look at Discovery object to get this. + * called by pkcs15-piv.c via cardctl when setting up the pins. + */ +static int piv_get_pin_preference(sc_card_t *card, int *ptr) +{ + piv_private_data_t * priv = PIV_DATA(card); + + *ptr = priv->pin_preference; + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); } static int piv_card_ctl(sc_card_t *card, unsigned long cmd, void *ptr) { + piv_private_data_t * priv = PIV_DATA(card); u8 * opts; /* A or M, key_ref, alg_id */ - - opts = (u8 *)ptr; + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"cmd=%ld ptr=%p"); + if (priv == NULL) { + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INTERNAL); + } switch(cmd) { - case SC_CARDCTL_LIFECYCLE_SET: + case SC_CARDCTL_PIV_AUTHENTICATE: + opts = (u8 *)ptr; switch (*opts) { case 'A': return piv_general_external_authenticate(card, @@ -1439,16 +1807,22 @@ break; } break; - case SC_CARDCTL_CRYPTOFLEX_GENERATE_KEY: + case SC_CARDCTL_PIV_GENERATE_KEY: return piv_generate_key(card, - (struct sc_cardctl_cryptoflex_genkey_info *) ptr); + (sc_cardctl_piv_genkey_info_t *) ptr); break; case SC_CARDCTL_GET_SERIALNR: return piv_get_serial_nr_from_CHUI(card, (sc_serial_number_t *) ptr); break; + case SC_CARDCTL_PIV_PIN_PREFERENCE: + return piv_get_pin_preference(card, ptr); + break; + case SC_CARDCTL_PIV_OBJECT_PRESENT: + return piv_is_object_present(card, ptr); + break; } - return SC_ERROR_NOT_SUPPORTED; + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED); } static int piv_get_challenge(sc_card_t *card, u8 *rnd, size_t len) @@ -1459,9 +1833,9 @@ u8 *p, *q; int r; - SC_FUNC_CALLED(card->ctx,1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); - sc_debug(card->ctx,"challenge len=%d",len); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"challenge len=%d",len); sc_lock(card); @@ -1476,11 +1850,12 @@ while (len > 0) { size_t n = len > 8 ? 8 : len; - r = piv_general_io(card, 0x87, 0x00, 0x00, sbuf, p - sbuf, + /* NIST 800-73-3 says use 9B, previous verisons used 00 */ + r = piv_general_io(card, 0x87, 0x00, 0x9B, sbuf, p - sbuf, &rbuf, &rbuflen); if (r < 0) { sc_unlock(card); - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } q = rbuf; if ( (*q++ != 0x7C) @@ -1489,7 +1864,7 @@ || (*q++ != rbuflen - 4)) { r = SC_ERROR_INVALID_DATA; sc_unlock(card); - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } memcpy(rnd, q, n); len -= n; @@ -1500,7 +1875,7 @@ sc_unlock(card); - SC_FUNC_RETURN(card->ctx, 1, 0); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, 0); } @@ -1509,28 +1884,45 @@ int se_num) { piv_private_data_t * priv = PIV_DATA(card); + int r = 0; - SC_FUNC_CALLED(card->ctx,1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); - sc_debug(card->ctx,"flags=%08x op=%d alg=%d algf=%08x algr=%08x kr0=%02x, krfl=%d\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"flags=%08x op=%d alg=%d algf=%08x algr=%08x kr0=%02x, krfl=%d\n", env->flags, env->operation, env->algorithm, env->algorithm_flags, env->algorithm_ref, env->key_ref[0], env->key_ref_len); - if (env->algorithm == SC_ALGORITHM_RSA) + if (env->algorithm == SC_ALGORITHM_RSA) { priv->alg_id = 0x06; /* Say it is RSA, set 5, 6, 7 later */ - else - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_NO_CARD_SUPPORT); + } else if (env->algorithm == SC_ALGORITHM_EC) { + if (env->flags & SC_SEC_ENV_ALG_REF_PRESENT) { + switch (env->algorithm_ref) { + case 256: + priv->alg_id = 0x11; /* Say it is EC 256 */ + priv->key_size = 256; + break; + case 384: + priv->alg_id = 0x14; + priv->key_size = 384; + break; + default: + r = SC_ERROR_NO_CARD_SUPPORT; + } + } else + r = SC_ERROR_NO_CARD_SUPPORT; + } else + r = SC_ERROR_NO_CARD_SUPPORT; priv->key_ref = env->key_ref[0]; - SC_FUNC_RETURN(card->ctx, 2, 0); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); } static int piv_restore_security_env(sc_card_t *card, int se_num) { - SC_FUNC_CALLED(card->ctx,1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); - SC_FUNC_RETURN(card->ctx, 1, 0); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, 0); } @@ -1541,9 +1933,9 @@ piv_private_data_t * priv = PIV_DATA(card); int r; u8 *p; - u8 *tag; + const u8 *tag; size_t taglen; - u8 *body; + const u8 *body; size_t bodylen; unsigned int real_alg_id; @@ -1551,7 +1943,7 @@ u8 *rbuf = NULL; size_t rbuflen; - SC_FUNC_CALLED(card->ctx,1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); /* should assume large send data */ p = sbuf; @@ -1576,18 +1968,19 @@ case 256: real_alg_id = 0x07; break; case 384: real_alg_id = 0x05; break; default: - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_NO_CARD_SUPPORT); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_NO_CARD_SUPPORT); } - } + } + /* EC alg_id was already set */ r = piv_general_io(card, 0x87, real_alg_id, priv->key_ref, sbuf, p - sbuf, &rbuf, &rbuflen); if ( r >= 0) { - body = (u8 *) sc_asn1_find_tag(card->ctx, rbuf, rbuflen, 0x7c, &bodylen); + body = sc_asn1_find_tag(card->ctx, rbuf, rbuflen, 0x7c, &bodylen); if (body) { - tag = (u8 *) sc_asn1_find_tag(card->ctx, body, bodylen, 0x82, &taglen); + tag = sc_asn1_find_tag(card->ctx, body, bodylen, 0x82, &taglen); if (tag) { memcpy(out, tag, taglen); r = taglen; @@ -1599,43 +1992,94 @@ if (rbuf) free(rbuf); - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } static int piv_compute_signature(sc_card_t *card, const u8 * data, size_t datalen, u8 * out, size_t outlen) { - SC_FUNC_CALLED(card->ctx,4); - SC_FUNC_RETURN(card->ctx, 4, piv_validate_general_authentication(card, data, datalen, out, outlen)); + piv_private_data_t * priv = PIV_DATA(card); + int r; + int i; + int nLen; + u8 rbuf[128]; /* For EC conversions 384 will fit */ + size_t rbuflen = sizeof(rbuf); + const u8 * body; + size_t bodylen; + const u8 * tag; + size_t taglen; + + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + + /* The PIV returns a DER SEQUENCE{INTEGER, INTEGER} + * Which may have leading 00 to force positive + * TODO: -DEE should check if PKCS15 want the same + * But PKCS11 just wants 2* filed_length in bytes + * So we have to strip out the integers + * if present and pad on left if too short. + */ + + if (priv->alg_id == 0x11 || priv->alg_id == 0x14 ) { + nLen = (priv->key_size + 7) / 8; + if (outlen < 2*nLen) { + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL," output too small for EC signature %d < %d", outlen, 2*nLen); + r = SC_ERROR_INVALID_DATA; + goto err; + } + memset(out, 0, outlen); + + r = piv_validate_general_authentication(card, data, datalen, rbuf, rbuflen); + if (r < 0) + goto err; + + if ( r >= 0) { + body = sc_asn1_find_tag(card->ctx, rbuf, rbuflen, 0x30, &bodylen); + + for (i = 0; i<2; i++) { + if (body) { + tag = sc_asn1_find_tag(card->ctx, body, bodylen, 0x02, &taglen); + if (tag) { + bodylen -= taglen - (tag - body); + body = tag + taglen; + + if (taglen > nLen) { /* drop leading 00 if present */ + if (*tag != 0x00) { + r = SC_ERROR_INVALID_DATA; + goto err; + } + tag++; + taglen--; + } + memcpy(out + nLen*i + nLen - taglen , tag, taglen); + } else { + r = SC_ERROR_INVALID_DATA; + goto err; + } + } else { + r = SC_ERROR_INVALID_DATA; + goto err; + } + } + r = 2 * nLen; + } + } else { /* RSA is all set */ + r = piv_validate_general_authentication(card, data, datalen, out, outlen); + } + +err: + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); } static int piv_decipher(sc_card_t *card, const u8 * data, size_t datalen, u8 * out, size_t outlen) { - SC_FUNC_CALLED(card->ctx,4); - - SC_FUNC_RETURN(card->ctx, 4, piv_validate_general_authentication(card, data, datalen, out, outlen)); -} - - -static int piv_find_obj_by_containerid(sc_card_t *card, const u8 * str) -{ - int i; + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); - SC_FUNC_CALLED(card->ctx,4); - sc_debug(card->ctx, "str=0x%02X%02X\n", str[0], str[1]); - - for (i = 0; piv_objects[i].enumtag < PIV_OBJ_LAST_ENUM; i++) { - if ( str[0] == piv_objects[i].containerid[0] - && str[1] == piv_objects[i].containerid[1]) - SC_FUNC_RETURN(card->ctx, 4, i); - } - SC_FUNC_RETURN(card->ctx, 4, -1); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, piv_validate_general_authentication(card, data, datalen, out, outlen)); } - /* * the PIV-II does not always support files, but we will simulate * files and reading/writing using get/put_data @@ -1658,22 +2102,30 @@ u8 * rbuf = NULL; size_t rbuflen = 0; - SC_FUNC_CALLED(card->ctx,1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); path = in_path->value; pathlen = in_path->len; /* only support single EF in current application */ - if (pathlen > 2 && memcmp(path, "\x3F\x00", 2) == 0) { - path += 2; - pathlen -= 2; + if (memcmp(path, "\x3F\x00", 2) == 0) { + if (pathlen == 2) { + r = piv_select_aid(card, piv_aids[0].value, piv_aids[0].len_short, NULL, NULL); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot select PIV AID"); + + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); + } + else if (pathlen > 2) { + path += 2; + pathlen -= 2; + } } i = piv_find_obj_by_containerid(card, path); if (i < 0) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_FILE_NOT_FOUND); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_FILE_NOT_FOUND); /* * pkcs15 will use a 2 byte path or a 4 byte path @@ -1683,30 +2135,28 @@ priv->return_only_cert = (pathlen == 4 && path[2] == 0xce && path[3] == 0xce); priv->selected_obj = i; - priv->rb_state = -1; + priv->rwb_state = -1; /* make it look like the file was found. */ /* We don't want to read it now unless we need the length */ if (file_out) { /* we need to read it now, to get length into cache */ - sc_ctx_suppress_errors_on(card->ctx); r = piv_get_cached_data(card, i, &rbuf, &rbuflen); - sc_ctx_suppress_errors_off(card->ctx); if (r < 0) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_FILE_NOT_FOUND); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_FILE_NOT_FOUND); /* get the cert or the pub key out and into the cache too */ if (priv->return_only_cert || piv_objects[i].flags & PIV_OBJECT_TYPE_PUBKEY) { r = piv_cache_internal_data(card, i); if (r < 0) - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } file = sc_file_new(); if (file == NULL) - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_OUT_OF_MEMORY); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); file->path = *in_path; /* this could be like the FCI */ @@ -1723,22 +2173,320 @@ *file_out = file; } - SC_FUNC_RETURN(card->ctx, 1, 0); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, 0); } +static int piv_process_discovery(sc_card_t *card) +{ + piv_private_data_t * priv = PIV_DATA(card); + int r; + u8 * rbuf = NULL; + size_t rbuflen = 0; + const u8 * body; + size_t bodylen; + const u8 * aid; + size_t aidlen; + const u8 * pinp; + size_t pinplen; + unsigned int cla_out, tag_out; + + + r = piv_get_cached_data(card, PIV_OBJ_DISCOVERY, &rbuf, &rbuflen); + if (r <= 0) { + priv->obj_cache[PIV_OBJ_DISCOVERY].flags |= PIV_OBJ_CACHE_NOT_PRESENT; + /* Discovery object is only object that has 3 byte Lc= 50017E + * and pree 800-73-3 cards may treat this as a strange error. + * So treat any error as not present + */ + r = 0; + goto err; + } + +sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"Discovery = %p:%d",rbuf, rbuflen); + /* the object is now cached, see what we have */ + if (rbuflen != 0) { + body = rbuf; + if ((r = sc_asn1_read_tag(&body, rbuflen, &cla_out, &tag_out, &bodylen)) != SC_SUCCESS) { + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"DER problem %d\n",r); + r = SC_ERROR_INVALID_ASN1_OBJECT; + goto err; + } + +sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"Discovery 0x%2.2x 0x%2.2x %p:%d", + cla_out, tag_out, body, bodylen); + if ( cla_out+tag_out == 0x7E && body != NULL && bodylen != 0) { + aidlen = 0; + aid = sc_asn1_find_tag(card->ctx, body, bodylen, 0x4F, &aidlen); +sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"Discovery aid=%p:%d",aid,aidlen); + if (aid == NULL || aidlen < piv_aids[0].len_short || + memcmp(aid,piv_aids[0].value,piv_aids[0].len_short) != 0) { /*TODO look at long */ + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Discovery object not PIV"); + r = SC_SUCCESS; /* not an error could be some other appl */ + goto err; + } + pinp = sc_asn1_find_tag(card->ctx, body, bodylen, 0x5F2F, &pinplen); +sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"Discovery pinp=%p:%d",pinp,pinplen); + if (pinp && pinplen == 2) { +sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"Discovery pinp flags=0x%2.2x 0x%2.2x",*pinp, *(pinp+1)); + r = SC_SUCCESS; + if (*pinp == 0x60 && *(pinp+1) == 0x20) { /* use Global pin */ + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Pin Preference - Global"); + priv->pin_preference = 0x00; + } + } + } + } + err: + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); +} + +/* + * The history object lists what retired keys and certs are on the card + * or listed in the offCardCertURL. The user may have read the offCardURL file, + * ahead of time, and if so will use it for the certs listed. + * TODO: -DEE + * If the offCardCertURL is not cached by the user, should we wget it here? + * Its may be out of scope to have OpenSC read the URL. + */ + +static int piv_process_history(sc_card_t *card) +{ + piv_private_data_t * priv = PIV_DATA(card); + int r; + int i; + int enumtag; + u8 * rbuf = NULL; + size_t rbuflen = 0; + const u8 * body; + size_t bodylen; + const u8 * num; + size_t numlen; + const u8 * url = NULL; + size_t urllen; + u8 * ocfhfbuf = NULL; + unsigned int cla_out, tag_out; + size_t ocfhflen; + const u8 * seq; + const u8 * seqtag; + size_t seqlen; + const u8 * keyref; + size_t keyreflen; + const u8 * cert; + size_t certlen; + size_t certobjlen, i2; + u8 * certobj; + u8 * cp; + + + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + + r = piv_get_cached_data(card, PIV_OBJ_HISTORY, &rbuf, &rbuflen); + if (r == SC_ERROR_FILE_NOT_FOUND) + r = 0; /* OK if not found */ + if (r <= 0) { + priv->obj_cache[PIV_OBJ_HISTORY].flags |= PIV_OBJ_CACHE_NOT_PRESENT; + goto err; /* no file, must be pre 800-73-3 card and not on card */ + } + + /* the object is now cached, see what we have */ + if (rbuflen != 0) { + body = rbuf; + if ((r = sc_asn1_read_tag(&body, rbuflen, &cla_out, &tag_out, &bodylen)) != SC_SUCCESS) { + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"DER problem %d\n",r); + r = SC_ERROR_INVALID_ASN1_OBJECT; + goto err; + } + + if ( cla_out+tag_out == 0x53 && body != NULL && bodylen != 0) { + numlen = 0; + num = sc_asn1_find_tag(card->ctx, body, bodylen, 0xC1, &numlen); + if (num) { + if (numlen != 1 || + *num > PIV_OBJ_RETIRED_X509_20-PIV_OBJ_RETIRED_X509_1+1) { + r = SC_ERROR_INTERNAL; /* TODO some other error */ + goto err; + } + priv->keysWithOnCardCerts = *num; + } + + numlen = 0; + num = sc_asn1_find_tag(card->ctx, body, bodylen, 0xC2, &numlen); + if (num) { + if (numlen != 1 || + *num > PIV_OBJ_RETIRED_X509_20-PIV_OBJ_RETIRED_X509_1+1) { + r = SC_ERROR_INTERNAL; /* TODO some other error */ + goto err; + } + priv->keysWithOffCardCerts = *num; + } + + url = sc_asn1_find_tag(card->ctx, body, bodylen, 0xF3, &urllen); + if (url) { + priv->offCardCertURL = calloc(1,urllen+1); + if (priv->offCardCertURL == NULL) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); + memcpy(priv->offCardCertURL, url, urllen); + } + } else { + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"Problem with Histroy object\n"); + goto err; + } + } + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "History on=%d off=%d URL=%s\n", + priv->keysWithOnCardCerts, priv->keysWithOffCardCerts, + priv->offCardCertURL ? priv->offCardCertURL:"NONE"); + + /* now mark what objects are on the card */ + for (i=0; ikeysWithOnCardCerts; i++) { + priv->obj_cache[PIV_OBJ_RETIRED_X509_1+i].flags &= ~PIV_OBJ_CACHE_NOT_PRESENT; + } + + /* + * If user has gotten copy of the file from the offCardCertsURL, + * we will read in and add the certs to the cache as listed on + * the card. some of the certs may be on the card as well. + * + * Get file name from url. verify that the filename is valid + * The URL ends in a SHA1 string. We will use this as the filename + * in the directory used for the PKCS15 cache + */ + + r = 0; + if (priv->offCardCertURL) { + char * fp; + char filename[PATH_MAX]; + + if (strncmp("http://", priv->offCardCertURL, 7)) { + r = SC_ERROR_INVALID_DATA; + goto err; + } + /* find the last / so we have the filename part */ + fp = strrchr(priv->offCardCertURL + 7,'/'); + if (fp == NULL) { + r = SC_ERROR_INVALID_DATA; + goto err; + } + fp++; + + /* Use the same directory as used for other OpenSC cached items */ + r = sc_get_cache_dir(card->ctx, filename, + sizeof(filename) - strlen(fp) - 2); + if (r != SC_SUCCESS) + goto err; +#ifdef _WIN32 + strcat(filename,"\\"); +#else + strcat(filename,"/"); +#endif + strcat(filename,fp); + + r = piv_read_obj_from_file(card, filename, + &ocfhfbuf, &ocfhflen); + if (r == SC_ERROR_FILE_NOT_FOUND) { + r = 0; + goto err; + } + + /* + * Its a seq of seq of a key ref and cert + */ + + body = ocfhfbuf; + if (sc_asn1_read_tag(&body, ocfhflen, &cla_out, + &tag_out, &bodylen) != SC_SUCCESS || + cla_out+tag_out != 0x30) { + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "DER problem\n"); + r = SC_ERROR_INVALID_ASN1_OBJECT; + goto err; + } + seq = body; + while (bodylen > 0) { + seqtag = seq; + if (sc_asn1_read_tag(&seq, bodylen, &cla_out, + &tag_out, &seqlen) != SC_SUCCESS || + cla_out+tag_out != 0x30) { + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"DER problem\n"); + r = SC_ERROR_INVALID_ASN1_OBJECT; + goto err; + } + keyref = sc_asn1_find_tag(card->ctx, + seq, seqlen, 0x04, &keyreflen); + if (!keyref || keyreflen != 1 || + (*keyref < 0x82 && *keyref > 0x95)) { + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"DER problem\n"); + r = SC_ERROR_INVALID_ASN1_OBJECT; + goto err; + } + cert = keyref + keyreflen; + certlen = seqlen - (cert - seq); + + enumtag = PIV_OBJ_RETIRED_X509_1 + *keyref - 0x82; + /* now add the cert like another object */ + + i2 = put_tag_and_len(0x70,certlen, NULL) + + put_tag_and_len(0x71, 1, NULL) + + put_tag_and_len(0xFE, 0, NULL); + + certobjlen = put_tag_and_len(0x53, i2, NULL); + + certobj = malloc(certobjlen); + if (certobj == NULL) { + r = SC_ERROR_OUT_OF_MEMORY; + goto err; + } + cp = certobj; + put_tag_and_len(0x53, i2, &cp); + put_tag_and_len(0x70,certlen, &cp); + memcpy(cp, cert, certlen); + cp += certlen; + put_tag_and_len(0x71, 1,&cp); + *cp++ = 0x00; + put_tag_and_len(0xFE, 0, &cp); + + priv->obj_cache[enumtag].obj_data = certobj; + priv->obj_cache[enumtag].obj_len = certobjlen; + priv->obj_cache[enumtag].flags |= PIV_OBJ_CACHE_VALID; + priv->obj_cache[enumtag].flags &= ~PIV_OBJ_CACHE_NOT_PRESENT; + + r = piv_cache_internal_data(card, enumtag); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "got internal r=%d\n",r); + + certobj = NULL; + + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "Added from off card file #%d %p:%d 0x%02X \n", + enumtag, + priv->obj_cache[enumtag].obj_data, + priv->obj_cache[enumtag].obj_len, *keyref); + + bodylen -= (seqlen + seq - seqtag); + seq += seqlen; + } + } +err: + if (ocfhfbuf) + free(ocfhfbuf); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); +} + static int piv_finish(sc_card_t *card) { piv_private_data_t * priv = PIV_DATA(card); int i; - SC_FUNC_CALLED(card->ctx,1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); if (priv) { if (priv->aid_file) sc_file_free(priv->aid_file); + if (priv->w_buf) + free(priv->w_buf); + if (priv->offCardCertURL) + free(priv->offCardCertURL); for (i = 0; i < PIV_OBJ_LAST_ENUM - 1; i++) { -sc_debug(card->ctx,"DEE freeing #%d, %p:%d %p:%d", i, + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"DEE freeing #%d, 0x%02x %p:%d %p:%d", i, + priv->obj_cache[i].flags, priv->obj_cache[i].obj_data, priv->obj_cache[i].obj_len, priv->obj_cache[i].internal_obj_data, priv->obj_cache[i].internal_obj_len); if (priv->obj_cache[i].obj_data) @@ -1748,8 +2496,6 @@ } free(priv); } -/* TODO temp see piv_init */ - sc_ctx_suppress_errors_off(card->ctx); return 0; } @@ -1758,40 +2504,40 @@ { int i; sc_file_t aidfile; - SC_FUNC_CALLED(card->ctx,1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); /* Since we send an APDU, the card's logout function may be called... * however it may be in dirty memory */ card->ops->logout = NULL; /* Detect by selecting applet */ - sc_ctx_suppress_errors_on(card->ctx); i = !(piv_find_aid(card, &aidfile)); - sc_ctx_suppress_errors_off(card->ctx); return i; /* never match */ } static int piv_init(sc_card_t *card) { - int r; + int r, i; unsigned long flags; + unsigned long ext_flags; piv_private_data_t *priv; - SC_FUNC_CALLED(card->ctx,1); - priv = (piv_private_data_t *) calloc(1, sizeof(piv_private_data_t)); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + priv = calloc(1, sizeof(piv_private_data_t)); if (!priv) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_OUT_OF_MEMORY); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); priv->aid_file = sc_file_new(); priv->selected_obj = -1; - priv->max_recv_size = 256; - /* priv->max_recv_size = card->max_recv_size; */ - priv->max_send_size = card->max_send_size; - /* TODO fix read_binary and write_binary (read_binary is fixed) */ - card->max_recv_size = 0xffff; /* must force pkcs15 read_binary in one call */ - card->max_send_size = 0xffff; + priv->pin_preference = 0x80; /* 800-73-3 part 1, table 3 */ + + /* Some objects will only be present if Histroy object says so */ + for (i=0; i < PIV_OBJ_LAST_ENUM -1; i++) { + if(piv_objects[i].flags & PIV_OBJECT_NOT_PRESENT) + priv->obj_cache[i].flags |= PIV_OBJ_CACHE_NOT_PRESENT; + } - sc_debug(card->ctx, "Max send = %d recv = %d\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Max send = %d recv = %d\n", card->max_send_size, card->max_recv_size); card->drv_data = priv; card->cla = 0x00; @@ -1799,8 +2545,8 @@ r = piv_find_aid(card, priv->aid_file); if (r < 0) { - sc_error(card->ctx, "Failed to initialize %s\n", card->name); - SC_FUNC_RETURN(card->ctx, 1, r); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Failed to initialize %s\n", card->name); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } priv->enumtag = piv_aids[r].enumtag; card->type = piv_aids[r].enumtag; @@ -1811,12 +2557,26 @@ _sc_card_add_rsa_alg(card, 2048, flags, 0); /* optional */ _sc_card_add_rsa_alg(card, 3072, flags, 0); /* optional */ + flags = SC_ALGORITHM_ECDSA_RAW | SC_ALGORITHM_ONBOARD_KEY_GEN; + ext_flags = SC_ALGORITHM_EXT_EC_NAMEDCURVE | SC_ALGORITHM_EXT_EC_UNCOMPRESES; + + _sc_card_add_ec_alg(card, 256, flags, ext_flags); + _sc_card_add_ec_alg(card, 384, flags, ext_flags); + card->caps |= SC_CARD_CAP_RNG; + /* + * 800-73-3 cards may have a history object and/or a discovery object + * We want to process them now as this has information on what + * keys and certs the card has and how the pin might be used. + */ + r = piv_process_history(card); + + r = piv_process_discovery(card); + if (r > 0) r = 0; -sc_ctx_suppress_errors_on(card->ctx); /*TODO temp to suppresss all error */ - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } @@ -1874,4 +2634,3 @@ } #endif -#endif diff -Nru opensc-0.11.13/src/libopensc/card-rtecp.c opensc-0.12.1/src/libopensc/card-rtecp.c --- opensc-0.11.13/src/libopensc/card-rtecp.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/card-rtecp.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,13 +18,16 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" +#include "config.h" + #include #include #include #include -#include "cardctl.h" + +#include "internal.h" #include "asn1.h" +#include "cardctl.h" static const struct sc_card_operations *iso_ops = NULL; static struct sc_card_operations rtecp_ops; @@ -39,16 +42,22 @@ static struct sc_atr_table rtecp_atrs[] = { /* Rutoken ECP */ { "3B:8B:01:52:75:74:6F:6B:65:6E:20:45:43:50:A0", - NULL, NULL, SC_CARD_TYPE_GENERIC_BASE, 0, NULL }, + NULL, "Rutoken ECP", SC_CARD_TYPE_GENERIC_BASE, 0, NULL }, + /* Rutoken ECP (DS) */ + { "3B:8B:01:52:75:74:6F:6B:65:6E:20:44:53:20:C1", + NULL, "Rutoken ECP (DS)", SC_CARD_TYPE_GENERIC_BASE, 0, NULL }, { NULL, NULL, NULL, 0, 0, NULL } }; static int rtecp_match_card(sc_card_t *card) { - assert(card && card->ctx); - if (_sc_match_atr(card, rtecp_atrs, &card->type) >= 0) - SC_FUNC_RETURN(card->ctx, 1, 1); - SC_FUNC_RETURN(card->ctx, 1, 0); + int i = -1; + i = _sc_match_atr(card, rtecp_atrs, &card->type); + if (i >= 0) { + card->name = rtecp_atrs[i].name; + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, 1); + } + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, 0); } static int rtecp_init(sc_card_t *card) @@ -57,8 +66,7 @@ unsigned long flags; assert(card && card->ctx); - card->name = "Rutoken ECP card"; - card->caps |= SC_CARD_CAP_RSA_2048 | SC_CARD_CAP_NO_FCI | SC_CARD_CAP_RNG; + card->caps |= SC_CARD_CAP_NO_FCI | SC_CARD_CAP_RNG; card->cla = 0; flags = SC_ALGORITHM_RSA_RAW | SC_ALGORITHM_ONBOARD_KEY_GEN @@ -80,7 +88,7 @@ | SC_ALGORITHM_GOSTR3410_HASH_NONE; _sc_card_add_algorithm(card, &info); - SC_FUNC_RETURN(card->ctx, 2, 0); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, 0); } static void reverse(unsigned char *buf, size_t len) @@ -139,20 +147,20 @@ { method = sec_attr_to_method(file->sec_attr[1 + 6]); key_ref = sec_attr_to_key_ref(file->sec_attr[1 + 6]); - if (card->ctx->debug >= 3) - sc_debug(card->ctx, "SC_AC_OP_DELETE %i %lu\n", - (int)method, key_ref); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "SC_AC_OP_DELETE %i %lu\n", + (int)method, key_ref); sc_file_add_acl_entry(file, SC_AC_OP_DELETE, method, key_ref); } if (file->sec_attr[0] & 0x01) /* if AccessMode.0 */ { method = sec_attr_to_method(file->sec_attr[1 + 0]); key_ref = sec_attr_to_key_ref(file->sec_attr[1 + 0]); - if (card->ctx->debug >= 3) - sc_debug(card->ctx, (file->type == SC_FILE_TYPE_DF) ? - "SC_AC_OP_CREATE %i %lu\n" - : "SC_AC_OP_READ %i %lu\n", - (int)method, key_ref); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + (file->type == SC_FILE_TYPE_DF) ? + "SC_AC_OP_CREATE %i %lu\n" + : "SC_AC_OP_READ %i %lu\n", + (int)method, key_ref); sc_file_add_acl_entry(file, (file->type == SC_FILE_TYPE_DF) ? SC_AC_OP_CREATE : SC_AC_OP_READ, method, key_ref); } @@ -166,13 +174,13 @@ { method = sec_attr_to_method(file->sec_attr[1 + 1]); key_ref = sec_attr_to_key_ref(file->sec_attr[1 + 1]); - if (card->ctx->debug >= 3) - sc_debug(card->ctx, "SC_AC_OP_UPDATE %i %lu\n", - (int)method, key_ref); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "SC_AC_OP_UPDATE %i %lu\n", + (int)method, key_ref); sc_file_add_acl_entry(file, SC_AC_OP_UPDATE, method, key_ref); - if (card->ctx->debug >= 3) - sc_debug(card->ctx, "SC_AC_OP_WRITE %i %lu\n", - (int)method, key_ref); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "SC_AC_OP_WRITE %i %lu\n", + (int)method, key_ref); sc_file_add_acl_entry(file, SC_AC_OP_WRITE, method, key_ref); } } @@ -236,86 +244,31 @@ sec_attr[1 + 2] = 1; /* so-pin reference */ } r = sc_file_set_sec_attr(file, sec_attr, sizeof(sec_attr)); - SC_FUNC_RETURN(card->ctx, 3, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); } static int rtecp_select_file(sc_card_t *card, const sc_path_t *in_path, sc_file_t **file_out) { - sc_apdu_t apdu; - u8 buf[SC_MAX_APDU_BUFFER_SIZE], pathbuf[SC_MAX_PATH_SIZE], *path = pathbuf; - sc_file_t *file = NULL; - size_t pathlen; + sc_file_t **file_out_copy, *file; int r; assert(card && card->ctx && in_path); - assert(sizeof(pathbuf) >= in_path->len); - memcpy(path, in_path->value, in_path->len); - pathlen = in_path->len; - - /* p2 = 0; first record, return FCI */ - sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0xA4, 0, 0); switch (in_path->type) { - case SC_PATH_TYPE_FILE_ID: - if (pathlen != 2) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); - break; - case SC_PATH_TYPE_PATH: - if (pathlen >= 2 && memcmp(path, "\x3F\x00", 2) == 0) - { - if (pathlen == 2) - break; /* only 3F00 supplied */ - path += 2; - pathlen -= 2; - } - apdu.p1 = 0x08; - break; case SC_PATH_TYPE_DF_NAME: case SC_PATH_TYPE_FROM_CURRENT: case SC_PATH_TYPE_PARENT: - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_NOT_SUPPORTED); - default: - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); - } - apdu.lc = pathlen; - apdu.data = path; - apdu.datalen = pathlen; - - if (file_out != NULL) - { - apdu.resp = buf; - apdu.resplen = sizeof(buf); - apdu.le = sizeof(buf) - 2; - } - else - apdu.cse = SC_APDU_CASE_3_SHORT; - - r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); - if (file_out == NULL) - { - if (apdu.sw1 == 0x61) - SC_FUNC_RETURN(card->ctx, 2, 0); - SC_FUNC_RETURN(card->ctx, 2, sc_check_sw(card, apdu.sw1, apdu.sw2)); - } - r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, ""); - - if (apdu.resplen > 0 && apdu.resp[0] != 0x6F) /* Tag 0x6F - FCI */ - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_UNKNOWN_DATA_RECEIVED); - - file = sc_file_new(); - if (file == NULL) - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_OUT_OF_MEMORY); - file->path = *in_path; - if (card->ops->process_fci == NULL) - { - sc_file_free(file); - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_NOT_SUPPORTED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED); } - if (apdu.resplen > 1 && apdu.resplen >= (size_t)apdu.resp[1] + 2) - r = card->ops->process_fci(card, file, apdu.resp+2, apdu.resp[1]); + assert(iso_ops && iso_ops->select_file); + file_out_copy = file_out; + r = iso_ops->select_file(card, in_path, file_out_copy); + if (r || file_out_copy == NULL) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); + assert(file_out_copy); + file = *file_out_copy; + assert(file); if (file->sec_attr && file->sec_attr_len == SC_RTECP_SEC_ATTR_SIZE) set_acl_from_sec_attr(card, file); else @@ -327,7 +280,7 @@ assert(file_out); *file_out = file; } - SC_FUNC_RETURN(card->ctx, 2, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); } static int rtecp_verify(sc_card_t *card, unsigned int type, int ref_qualifier, @@ -345,13 +298,12 @@ apdu.lc = data_len; apdu.data = data; apdu.datalen = data_len; - apdu.sensitive = 1; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (send_logout++ == 0 && apdu.sw1 == 0x6F && apdu.sw2 == 0x86) { r = sc_logout(card); - SC_TEST_RET(card->ctx, r, "Logout failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Logout failed"); } else break; @@ -361,12 +313,12 @@ /* Verification failed */ sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x20, 0, ref_qualifier); r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); } r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (r == SC_ERROR_PIN_CODE_INCORRECT && tries_left) *tries_left = (int)(apdu.sw2 & 0x0F); - SC_FUNC_RETURN(card->ctx, 2, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); } static int rtecp_logout(sc_card_t *card) @@ -378,9 +330,9 @@ sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x40, 0, 0); apdu.cla = 0x80; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_FUNC_RETURN(card->ctx, 2, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); } static int rtecp_cipher(sc_card_t *card, const u8 *data, size_t data_len, @@ -398,7 +350,7 @@ { free(buf); free(buf_out); - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_OUT_OF_MEMORY); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); } for (i = 0; i < data_len; ++i) @@ -411,7 +363,6 @@ apdu.lc = data_len; apdu.data = buf; apdu.datalen = data_len; - apdu.sensitive = 1; apdu.resp = buf_out; apdu.resplen = out_len + 2; apdu.le = out_len; @@ -426,7 +377,7 @@ assert(buf); free(buf); if (r) - sc_error(card->ctx, "APDU transmit failed: %s\n", sc_strerror(r)); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "APDU transmit failed: %s\n", sc_strerror(r)); else { if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00) @@ -446,7 +397,7 @@ } assert(buf_out); free(buf_out); - SC_FUNC_RETURN(card->ctx, 2, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); } @@ -458,7 +409,7 @@ assert(card && card->ctx && data && out); /* decipher */ r = rtecp_cipher(card, data, data_len, out, out_len, 0); - SC_FUNC_RETURN(card->ctx, 3, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); } static int rtecp_compute_signature(sc_card_t *card, @@ -469,7 +420,7 @@ assert(card && card->ctx && data && out); /* compute digital signature */ r = rtecp_cipher(card, data, data_len, out, out_len, 1); - SC_FUNC_RETURN(card->ctx, 2, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); } static int rtecp_change_reference_data(sc_card_t *card, unsigned int type, @@ -482,15 +433,14 @@ int r; assert(card && card->ctx && newref); - if (card->ctx->debug >= 3) - sc_debug(card->ctx, "newlen = %u\n", newlen); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "newlen = %u\n", newlen); if (newlen > sizeof(buf) - 2 - sizeof(tmp) - 2 * (sizeof(buf) / 0xFF + 1)) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS); if (type == SC_AC_CHV && old && oldlen != 0) { r = sc_verify(card, type, ref_qualifier, old, oldlen, tries_left); - SC_TEST_RET(card->ctx, r, "Verify old pin failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Verify old pin failed"); } sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x24, 0x01, ref_qualifier); tmp[0] = (newlen >> 8) & 0xFF; @@ -521,13 +471,12 @@ apdu.lc = p - buf; apdu.data = buf; apdu.datalen = p - buf; - apdu.sensitive = 1; r = sc_transmit_apdu(card, &apdu); sc_mem_clear(buf, sizeof(buf)); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_FUNC_RETURN(card->ctx, 2, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); } static int rtecp_reset_retry_counter(sc_card_t *card, unsigned int type, @@ -541,9 +490,9 @@ assert(card && card->ctx); sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x2C, 0x03, ref_qualifier); r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_FUNC_RETURN(card->ctx, 2, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); } static int rtecp_create_file(sc_card_t *card, sc_file_t *file) @@ -554,11 +503,11 @@ if (file->sec_attr_len == 0) { r = set_sec_attr_from_acl(card, file); - SC_TEST_RET(card->ctx, r, "Set sec_attr from ACL failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Set sec_attr from ACL failed"); } assert(iso_ops && iso_ops->create_file); r = iso_ops->create_file(card, file); - SC_FUNC_RETURN(card->ctx, 2, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); } static int rtecp_list_files(sc_card_t *card, u8 *buf, size_t buflen) @@ -575,23 +524,23 @@ { apdu.resp = rbuf; apdu.resplen = sizeof(rbuf); - apdu.le = sizeof(rbuf) - 2; + apdu.le = 256; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 == 0x6A && apdu.sw2 == 0x82) break; /* Next file not found */ r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, ""); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, ""); if (apdu.resplen <= 2) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_WRONG_LENGTH); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_WRONG_LENGTH); /* save first file(dir) ID */ tag = sc_asn1_find_tag(card->ctx, apdu.resp + 2, apdu.resplen - 2, 0x83, &taglen); if (!tag || taglen != sizeof(previd)) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_UNKNOWN_DATA_RECEIVED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED); memcpy(previd, tag, sizeof(previd)); if (len + sizeof(previd) <= buflen) @@ -603,22 +552,22 @@ tag = sc_asn1_find_tag(card->ctx, apdu.resp + 2, apdu.resplen - 2, 0x82, &taglen); if (!tag || taglen != 2) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_UNKNOWN_DATA_RECEIVED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED); if (tag[0] == 0x38) { /* Select parent DF of the current DF */ sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0xA4, 0x03, 0); r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, ""); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, ""); } sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0xA4, 0, 0x02); apdu.lc = sizeof(previd); apdu.data = previd; apdu.datalen = sizeof(previd); } - SC_FUNC_RETURN(card->ctx, 2, len); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, len); } static int rtecp_card_ctl(sc_card_t *card, unsigned long request, void *data) @@ -642,35 +591,34 @@ break; case SC_CARDCTL_GET_SERIALNR: if (!serial) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS); sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xCA, 0x01, 0x81); apdu.resp = buf; apdu.resplen = sizeof(buf); - apdu.le = sizeof(buf) - 2; + apdu.le = 256; serial->len = sizeof(serial->value); break; case SC_CARDCTL_RTECP_GENERATE_KEY: if (!genkey_data) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS); sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0x46, 0x80, genkey_data->key_id); apdu.resp = buf; apdu.resplen = sizeof(buf); - apdu.le = sizeof(buf) - 2; + apdu.le = 256; break; case SC_CARDCTL_LIFECYCLE_SET: - if (card->ctx->debug >= 4) - sc_debug(card->ctx, "%s\n", - "SC_CARDCTL_LIFECYCLE_SET not supported"); - /* no call sc_error (SC_FUNC_RETURN) */ + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "%s\n", + "SC_CARDCTL_LIFECYCLE_SET not supported"); + /* no call sc_debug (SC_FUNC_RETURN) */ return SC_ERROR_NOT_SUPPORTED; default: - if (card->ctx->debug >= 3) - sc_debug(card->ctx, "request = 0x%lx\n", request); - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_NOT_SUPPORTED); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "request = 0x%lx\n", request); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED); } r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (!r && request == SC_CARDCTL_RTECP_GENERATE_KEY) { @@ -704,7 +652,7 @@ else r = SC_ERROR_BUFFER_TOO_SMALL; } - SC_FUNC_RETURN(card->ctx, 2, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); } static int rtecp_construct_fci(sc_card_t *card, const sc_file_t *file, @@ -742,7 +690,7 @@ break; case SC_FILE_TYPE_INTERNAL_EF: default: - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_NOT_SUPPORTED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED); } buf[1] = 0; sc_asn1_put_tag(0x82, buf, 2, p, *outlen - (p - out), &p); @@ -768,7 +716,7 @@ } out[1] = p - out - 2; /* length */ *outlen = p - out; - SC_FUNC_RETURN(card->ctx, 2, 0); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, 0); } struct sc_card_driver * sc_get_rtecp_driver(void) @@ -779,11 +727,9 @@ rtecp_ops.match_card = rtecp_match_card; rtecp_ops.init = rtecp_init; - rtecp_ops.finish = NULL; /* read_binary */ rtecp_ops.write_binary = NULL; /* update_binary */ - rtecp_ops.erase_binary = NULL; rtecp_ops.read_record = NULL; rtecp_ops.write_record = NULL; rtecp_ops.append_record = NULL; @@ -807,9 +753,6 @@ /* process_fci */ rtecp_ops.construct_fci = rtecp_construct_fci; rtecp_ops.pin_cmd = NULL; - rtecp_ops.get_data = NULL; - rtecp_ops.put_data = NULL; - rtecp_ops.delete_record = NULL; return &rtecp_drv; } diff -Nru opensc-0.11.13/src/libopensc/card-rutoken.c opensc-0.12.1/src/libopensc/card-rutoken.c --- opensc-0.11.13/src/libopensc/card-rutoken.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/card-rutoken.c 2011-05-17 17:07:00.000000000 +0000 @@ -1,5 +1,5 @@ /* - * card-rutoken.c: Support for Rutoken cards + * card-rutoken.c: Support for Rutoken S cards * * Copyright (C) 2007 Pavel Mironchik * Copyright (C) 2007 Eugene Hermann @@ -19,39 +19,20 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif -#if defined(HAVE_INTTYPES_H) -#include -#elif defined(HAVE_STDINT_H) -#include -#elif defined(_MSC_VER) -typedef unsigned __int32 uint32_t; -typedef __int8 int8_t; -#else -#warning no uint32_t type available, please contact opensc-devel@opensc-project.org -#endif +#include "config.h" + #include #include #include #include #include #include + +#include "internal.h" #include "opensc.h" #include "pkcs15.h" -#include "internal.h" -#include "cardctl.h" #include "asn1.h" - -#ifdef ENABLE_OPENSSL -#include -#include -#include -#include -#include -#include -#endif +#include "cardctl.h" struct auth_senv { unsigned int algorithm; @@ -109,56 +90,47 @@ static int rutoken_finish(sc_card_t *card) { - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); assert(card->drv_data); free(card->drv_data); - SC_FUNC_RETURN(card->ctx, 1, SC_SUCCESS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); } static int rutoken_match_card(sc_card_t *card) { - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); if (_sc_match_atr(card, rutoken_atrs, &card->type) >= 0) { - sc_debug(card->ctx, "ATR recognized as Rutoken\n"); - SC_FUNC_RETURN(card->ctx, 1, 1); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "ATR recognized as Rutoken\n"); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, 1); } - SC_FUNC_RETURN(card->ctx, 1, 0); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, 0); } static int token_init(sc_card_t *card, const char *card_name) { - unsigned int flags; - - SC_FUNC_CALLED(card->ctx, 3); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); card->name = card_name; - card->caps |= SC_CARD_CAP_RSA_2048 | SC_CARD_CAP_NO_FCI | SC_CARD_CAP_RNG; + card->caps |= SC_CARD_CAP_NO_FCI | SC_CARD_CAP_RNG; card->drv_data = calloc(1, sizeof(auth_senv_t)); if (card->drv_data == NULL) - SC_FUNC_RETURN(card->ctx, 3, SC_ERROR_OUT_OF_MEMORY); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_OUT_OF_MEMORY); - flags = SC_ALGORITHM_RSA_RAW | SC_ALGORITHM_RSA_PAD_PKCS1; - _sc_card_add_rsa_alg(card, 256, flags, 0); - _sc_card_add_rsa_alg(card, 512, flags, 0); - _sc_card_add_rsa_alg(card, 768, flags, 0); - _sc_card_add_rsa_alg(card, 1024, flags, 0); - _sc_card_add_rsa_alg(card, 2048, flags, 0); - - SC_FUNC_RETURN(card->ctx, 3, SC_SUCCESS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_SUCCESS); } static int rutoken_init(sc_card_t *card) { int ret; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); /* &rutoken_atrs[1] : { uaToken S ATR, NULL ATR } */ if (_sc_match_atr(card, &rutoken_atrs[1], &card->type) >= 0) ret = token_init(card, "uaToken S card"); else ret = token_init(card, "Rutoken S card"); - SC_FUNC_RETURN(card->ctx, 1, ret); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, ret); } static const struct sc_card_error rutoken_errors[] = { @@ -214,7 +186,7 @@ { 0x6F85, SC_ERROR_CARD_CMD_FAILED, "In the current folder the maximum quantity of file system objects is already created"}, { 0x6F86, SC_ERROR_CARD_CMD_FAILED, "Invalid access right. Already login"}, - { 0x9000, SC_NO_ERROR, NULL} + { 0x9000, SC_SUCCESS, NULL} }; static int rutoken_check_sw(sc_card_t *card, unsigned int sw1, unsigned int sw2) @@ -224,12 +196,12 @@ for (i = 0; i < sizeof(rutoken_errors)/sizeof(rutoken_errors[0]); ++i) { if (rutoken_errors[i].SWs == ((sw1 << 8) | sw2)) { if ( rutoken_errors[i].errorstr ) - sc_error(card->ctx, "%s\n", rutoken_errors[i].errorstr); - sc_debug(card->ctx, "sw1 = %x, sw2 = %x", sw1, sw2); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "%s\n", rutoken_errors[i].errorstr); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "sw1 = %x, sw2 = %x", sw1, sw2); return rutoken_errors[i].errorno; } } - sc_error(card->ctx, "Unknown SWs; SW1=%02X, SW2=%02X\n", sw1, sw2); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unknown SWs; SW1=%02X, SW2=%02X\n", sw1, sw2); return SC_ERROR_CARD_CMD_FAILED; } @@ -269,7 +241,7 @@ int ret; assert(card && card->ctx); - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); assert(buf); sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xA4, 0, 0); @@ -277,23 +249,23 @@ { apdu.resp = rbuf; apdu.resplen = sizeof(rbuf); - apdu.le = sizeof(rbuf) - 2; + apdu.le = 256; ret = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, ret, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, ret, "APDU transmit failed"); if (apdu.sw1 == 0x6A && apdu.sw2 == 0x82) break; /* Next file not found */ ret = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, ret, ""); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, ret, ""); if (apdu.resplen <= 2) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_WRONG_LENGTH); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_WRONG_LENGTH); /* save first file(dir) ID */ tag = sc_asn1_find_tag(card->ctx, apdu.resp + 2, apdu.resplen - 2, 0x83, &taglen); if (!tag || taglen != sizeof(previd)) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_UNKNOWN_DATA_RECEIVED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED); memcpy(previd, tag, sizeof(previd)); if (len + sizeof(previd) <= buflen) @@ -305,25 +277,25 @@ tag = sc_asn1_find_tag(card->ctx, apdu.resp + 2, apdu.resplen - 2, 0x82, &taglen); if (!tag || taglen != 2) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_UNKNOWN_DATA_RECEIVED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED); if (tag[0] == 0x38) { /* Select parent DF of the current DF */ sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xA4, 0x03, 0); apdu.resp = rbuf; apdu.resplen = sizeof(rbuf); - apdu.le = sizeof(rbuf) - 2; + apdu.le = 256; ret = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, ret, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, ret, "APDU transmit failed"); ret = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, ret, ""); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, ret, ""); } sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0xA4, 0, 0x02); apdu.lc = sizeof(previd); apdu.data = previd; apdu.datalen = sizeof(previd); } - SC_FUNC_RETURN(card->ctx, 1, len); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, len); } static void set_acl_from_sec_attr(sc_card_t *card, sc_file_t *file) @@ -334,7 +306,7 @@ SC_AC_NONE, SC_AC_KEY_REF_NONE); if (file->sec_attr[0] & 0x40) /* if AccessMode.6 */ { - sc_debug(card->ctx, "SC_AC_OP_DELETE %i %i", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "SC_AC_OP_DELETE %i %i", (int)(*(int8_t*)&file->sec_attr[1 +6]), file->sec_attr[1+7 +6*4]); sc_file_add_acl_entry(file, SC_AC_OP_DELETE, @@ -343,7 +315,7 @@ } if (file->sec_attr[0] & 0x01) /* if AccessMode.0 */ { - sc_debug(card->ctx, (file->type == SC_FILE_TYPE_DF) ? + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, (file->type == SC_FILE_TYPE_DF) ? "SC_AC_OP_CREATE %i %i" : "SC_AC_OP_READ %i %i", (int)(*(int8_t*)&file->sec_attr[1 +0]), file->sec_attr[1+7 +0*4]); @@ -361,13 +333,13 @@ else if (file->sec_attr[0] & 0x02) /* if AccessMode.1 */ { - sc_debug(card->ctx, "SC_AC_OP_UPDATE %i %i", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "SC_AC_OP_UPDATE %i %i", (int)(*(int8_t*)&file->sec_attr[1 +1]), file->sec_attr[1+7 +1*4]); sc_file_add_acl_entry(file, SC_AC_OP_UPDATE, (int)(*(int8_t*)&file->sec_attr[1 +1]), file->sec_attr[1+7 +1*4]); - sc_debug(card->ctx, "SC_AC_OP_WRITE %i %i", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "SC_AC_OP_WRITE %i %i", (int)(*(int8_t*)&file->sec_attr[1 +1]), file->sec_attr[1+7 +1*4]); sc_file_add_acl_entry(file, SC_AC_OP_WRITE, @@ -388,7 +360,7 @@ int ret; assert(card && card->ctx); - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); assert(in_path && sizeof(pathbuf) >= in_path->len); memcpy(path, in_path->value, in_path->len); @@ -400,7 +372,7 @@ { case SC_PATH_TYPE_FILE_ID: if (pathlen != 2) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS); break; case SC_PATH_TYPE_PATH: if (pathlen >= 2 && memcmp(path, "\x3F\x00", 2) == 0) @@ -415,9 +387,9 @@ case SC_PATH_TYPE_DF_NAME: case SC_PATH_TYPE_FROM_CURRENT: case SC_PATH_TYPE_PARENT: - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_NOT_SUPPORTED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED); default: - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS); } swap_pair(path, pathlen); apdu.lc = pathlen; @@ -426,30 +398,30 @@ apdu.resp = buf; apdu.resplen = sizeof(buf); - apdu.le = sizeof(buf) - 2; + apdu.le = 256; ret = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, ret, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, ret, "APDU transmit failed"); if (file_out == NULL) { if (apdu.sw1 == 0x61) - SC_FUNC_RETURN(card->ctx, 2, 0); - SC_FUNC_RETURN(card->ctx, 2, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, 0); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); } ret = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, ret, ""); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, ret, ""); if (apdu.resplen > 0 && apdu.resp[0] != 0x62) /* Tag 0x62 - FCP */ - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_UNKNOWN_DATA_RECEIVED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED); file = sc_file_new(); if (file == NULL) - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_OUT_OF_MEMORY); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); file->path = *in_path; if (card->ops->process_fci == NULL) { sc_file_free(file); - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_NOT_SUPPORTED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED); } if (apdu.resplen > 1 && apdu.resplen >= (size_t)apdu.resp[1] + 2) { @@ -475,7 +447,7 @@ assert(file_out); *file_out = file; } - SC_FUNC_RETURN(card->ctx, 1, ret); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, ret); } static int rutoken_construct_fci(sc_card_t *card, const sc_file_t *file, @@ -484,7 +456,7 @@ u8 buf[64], *p = out; assert(card && card->ctx); - SC_FUNC_CALLED(card->ctx, 3); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); assert(file && out && outlen); assert(*outlen >= (size_t)(p - out) + 2); @@ -516,7 +488,7 @@ break; case SC_FILE_TYPE_INTERNAL_EF: default: - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_NOT_SUPPORTED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED); } buf[1] = 0; sc_asn1_put_tag(0x82, buf, 2, p, *outlen - (p - out), &p); @@ -542,7 +514,7 @@ } out[1] = p - out - 2; /* length */ *outlen = p - out; - SC_FUNC_RETURN(card->ctx, 3, 0); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, 0); } static int set_sec_attr_from_acl(sc_card_t *card, sc_file_t *file) @@ -551,9 +523,9 @@ size_t i, n_conv_attr; const sc_acl_entry_t *entry; sc_SecAttrV2_t attr = { 0 }; - int ret = SC_NO_ERROR; + int ret = SC_SUCCESS; - SC_FUNC_CALLED(card->ctx, 3); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); if (file->type == SC_FILE_TYPE_DF) { @@ -565,7 +537,7 @@ conv_attr = arr_convert_attr_ef; n_conv_attr = sizeof(arr_convert_attr_ef)/sizeof(arr_convert_attr_ef[0]); } - sc_debug(card->ctx, "file->type = %i", file->type); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "file->type = %i", file->type); for (i = 0; i < n_conv_attr; ++i) { @@ -576,26 +548,26 @@ { /* AccessMode.[conv_attr[i].sec_attr_pos] */ attr[0] |= 1 << conv_attr[i].sec_attr_pos; - sc_debug(card->ctx, "AccessMode.%u, attr[0]=0x%x", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "AccessMode.%u, attr[0]=0x%x", conv_attr[i].sec_attr_pos, attr[0]); attr[1 + conv_attr[i].sec_attr_pos] = (u8)entry->method; - sc_debug(card->ctx, "method %u", (u8)entry->method); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "method %u", (u8)entry->method); if (entry->method == SC_AC_CHV) { attr[1+7 + conv_attr[i].sec_attr_pos*4] = (u8)entry->key_ref; - sc_debug(card->ctx, "key_ref %u", (u8)entry->key_ref); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "key_ref %u", (u8)entry->key_ref); } } else { - sc_debug(card->ctx, "ACL (%u) not set, set default sec_attr", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "ACL (%u) not set, set default sec_attr", conv_attr[i].ac_op); memcpy(attr, default_sec_attr, sizeof(attr)); break; } } ret = sc_file_set_sec_attr(file, attr, sizeof(attr)); - SC_FUNC_RETURN(card->ctx, 3, ret); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, ret); } static int rutoken_create_file(sc_card_t *card, sc_file_t *file) @@ -603,17 +575,17 @@ int ret; assert(card && card->ctx); - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); assert(file); if (file->sec_attr_len == 0) { ret = set_sec_attr_from_acl(card, file); - SC_TEST_RET(card->ctx, ret, "Set sec_attr from ACL failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, ret, "Set sec_attr from ACL failed"); } assert(iso_ops && iso_ops->create_file); ret = iso_ops->create_file(card, file); - SC_FUNC_RETURN(card->ctx, 1, ret); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, ret); } static int rutoken_delete_file(sc_card_t *card, const sc_path_t *path) @@ -621,11 +593,11 @@ u8 sbuf[2]; sc_apdu_t apdu; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); if (!path || path->type != SC_PATH_TYPE_FILE_ID || (path->len != 0 && path->len != 2)) { - sc_error(card->ctx, "File type has to be SC_PATH_TYPE_FILE_ID\n"); - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "File type has to be SC_PATH_TYPE_FILE_ID\n"); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS); } if (path->len == sizeof(sbuf)) { @@ -638,8 +610,8 @@ } else /* No file ID given: means currently selected file */ sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0xE4, 0x00, 0x00); - SC_TEST_RET(card->ctx, sc_transmit_apdu(card, &apdu), "APDU transmit failed"); - SC_FUNC_RETURN(card->ctx, 1, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, sc_transmit_apdu(card, &apdu), "APDU transmit failed"); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, sc_check_sw(card, apdu.sw1, apdu.sw2)); } static int rutoken_verify(sc_card_t *card, unsigned int type, int ref_qualifier, @@ -648,7 +620,7 @@ sc_apdu_t apdu; int ret; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x20, 0x00, ref_qualifier); ret = sc_transmit_apdu(card, &apdu); if (ret == SC_SUCCESS && ((apdu.sw1 == 0x90 && apdu.sw2 == 0x00) @@ -662,9 +634,9 @@ sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x40, 0x00, 0x00); apdu.cla = 0x80; ret = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, ret, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, ret, "APDU transmit failed"); ret = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, ret, "Reset access rights failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, ret, "Reset access rights failed"); } sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x20, 0x00, ref_qualifier); @@ -672,18 +644,18 @@ apdu.datalen = data_len; apdu.data = data; ret = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, ret, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, ret, "APDU transmit failed"); ret = sc_check_sw(card, apdu.sw1, apdu.sw2); if (ret == SC_ERROR_PIN_CODE_INCORRECT && tries_left) { sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x20, 0x00, ref_qualifier); ret = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, ret, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, ret, "APDU transmit failed"); ret = sc_check_sw(card, apdu.sw1, apdu.sw2); if (ret == SC_ERROR_PIN_CODE_INCORRECT) *tries_left = (int)(apdu.sw2 & 0x0f); } - SC_FUNC_RETURN(card->ctx, 1, ret); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, ret); } static int rutoken_logout(sc_card_t *card) @@ -692,17 +664,17 @@ sc_path_t path; int ret; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); sc_format_path("3F00", &path); ret = rutoken_select_file(card, &path, NULL); - SC_TEST_RET(card->ctx, ret, "Select MF failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, ret, "Select MF failed"); sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x40, 0x00, 0x00); apdu.cla = 0x80; ret = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, ret, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, ret, "APDU transmit failed"); ret = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_FUNC_RETURN(card->ctx, 1, ret); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, ret); } static int rutoken_change_reference_data(sc_card_t *card, unsigned int type, @@ -712,20 +684,20 @@ sc_apdu_t apdu; int ret; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); if (old && oldlen) { ret = rutoken_verify(card, type, ref_qualifier, old, oldlen, tries_left); - SC_TEST_RET(card->ctx, ret, "Invalid 'old' pass"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, ret, "Invalid 'old' pass"); } sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x24, 0x01, ref_qualifier); apdu.lc = newlen; apdu.datalen = newlen; apdu.data = newref; ret = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, ret, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, ret, "APDU transmit failed"); ret = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_FUNC_RETURN(card->ctx, 1, ret); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, ret); } static int rutoken_reset_retry_counter(sc_card_t *card, unsigned int type, @@ -738,20 +710,20 @@ sc_apdu_t apdu; int ret; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); #ifdef FORCE_VERIFY_RUTOKEN if (puk && puklen) { ret = rutoken_verify(card, type, ref_qualifier, puk, puklen, &left); - sc_error(card->ctx, "Tries left: %i\n", left); - SC_TEST_RET(card->ctx, ret, "Invalid 'puk' pass"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Tries left: %i\n", left); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, ret, "Invalid 'puk' pass"); } #endif sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x2c, 0x03, ref_qualifier); ret = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, ret, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, ret, "APDU transmit failed"); ret = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_FUNC_RETURN(card->ctx, 1, ret); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, ret); } static int rutoken_restore_security_env(sc_card_t *card, int se_num) @@ -759,12 +731,12 @@ sc_apdu_t apdu; int ret; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x22, 3, se_num); ret = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, ret, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, ret, "APDU transmit failed"); ret = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_FUNC_RETURN(card->ctx, 1, ret); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, ret); } static int rutoken_set_security_env(sc_card_t *card, @@ -776,23 +748,20 @@ u8 data[3] = { 0x83, 0x01 }; int ret; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); if (!env) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS); senv = (auth_senv_t*)card->drv_data; if (!senv) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INTERNAL); - if (env->algorithm == SC_ALGORITHM_RSA) - { - senv->algorithm = SC_ALGORITHM_RSA_RAW; - SC_FUNC_RETURN(card->ctx, 1, SC_SUCCESS); - } + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INTERNAL); + if (env->algorithm != SC_ALGORITHM_GOST) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED); senv->algorithm = SC_ALGORITHM_GOST; if (env->key_ref_len != 1) { - sc_error(card->ctx, "No or invalid key reference\n"); - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "No or invalid key reference\n"); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS); } data[2] = env->key_ref[0]; /* select component */ @@ -811,13 +780,13 @@ apdu.p2 = 0xAA; break; default: - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS); } /* set SE */ ret = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, ret, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, ret, "APDU transmit failed"); ret = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_FUNC_RETURN(card->ctx, 1, ret); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, ret); } static void rutoken_set_do_hdr(u8 *data, size_t *data_len, sc_DOHdrV2_t *hdr) @@ -857,7 +826,7 @@ sc_apdu_t apdu; int ret; - SC_FUNC_CALLED(card->ctx, 3); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); if ( (pHdr->wDOBodyLen != SC_RUTOKEN_DEF_LEN_DO_GOST) || (pHdr->OTID.byObjectType != SC_RUTOKEN_TYPE_KEY) || @@ -877,10 +846,10 @@ apdu.data = data; apdu.datalen = apdu.lc = data_len; ret = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, ret, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, ret, "APDU transmit failed"); ret = sc_check_sw(card, apdu.sw1, apdu.sw2); } - SC_FUNC_RETURN(card->ctx, 3, ret); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, ret); } static int rutoken_create_do(sc_card_t *card, sc_DO_V2_t * pDO) @@ -890,7 +859,7 @@ sc_apdu_t apdu; int ret; - SC_FUNC_CALLED(card->ctx, 3); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); if ( ((pDO->HDR.OTID.byObjectType & SC_RUTOKEN_TYPE_CHV) && (pDO->HDR.OTID.byObjectID != SC_RUTOKEN_DEF_ID_GCHV_USER) && @@ -920,10 +889,10 @@ apdu.data = data; apdu.datalen = apdu.lc = data_len; ret = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, ret, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, ret, "APDU transmit failed"); ret = sc_check_sw(card, apdu.sw1, apdu.sw2); } - SC_FUNC_RETURN(card->ctx, 3, ret); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, ret); } static int rutoken_get_do_info(sc_card_t *card, sc_DO_INFO_t * pInfo) @@ -932,7 +901,7 @@ sc_apdu_t apdu; int ret; - SC_FUNC_CALLED(card->ctx, 3); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); if ((pInfo->SelType != select_first) && ((pInfo->DoId < SC_RUTOKEN_DO_ALL_MIN_ID) || (pInfo->DoId > SC_RUTOKEN_DO_NOCHV_MAX_ID_V2))) @@ -961,14 +930,14 @@ apdu.lc = sizeof(data); break; default: - SC_FUNC_RETURN(card->ctx, 3, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); break; } ret = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, ret, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, ret, "APDU transmit failed"); ret = sc_check_sw(card, apdu.sw1, apdu.sw2); } - SC_FUNC_RETURN(card->ctx, 3, ret); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, ret); } static int rutoken_delete_do(sc_card_t *card, u8 *pId) @@ -977,7 +946,7 @@ sc_apdu_t apdu; int ret; - SC_FUNC_CALLED(card->ctx, 3); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); if ((*pId < SC_RUTOKEN_DO_ALL_MIN_ID) || (*pId > SC_RUTOKEN_DO_NOCHV_MAX_ID_V2)) { @@ -991,10 +960,10 @@ apdu.datalen = sizeof(data); apdu.lc = sizeof(data); ret = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, ret, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, ret, "APDU transmit failed"); ret = sc_check_sw(card, apdu.sw1, apdu.sw2); } - SC_FUNC_RETURN(card->ctx, 3, ret); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, ret); } /* Both direction GOST cipher */ @@ -1007,13 +976,13 @@ int ret; sc_apdu_t apdu; - SC_FUNC_CALLED(card->ctx, 3); - sc_debug(card->ctx, ": crgram_len %i; outlen %i", crgram_len, outlen); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, ": crgram_len %i; outlen %i", crgram_len, outlen); if (!out) - SC_FUNC_RETURN(card->ctx, 3, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); if (crgram_len < 16 || ((crgram_len) % 8)) - SC_FUNC_RETURN(card->ctx, 3, SC_ERROR_WRONG_LENGTH); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_WRONG_LENGTH); sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0x2A, p1, p2); do @@ -1031,9 +1000,9 @@ apdu.resp = buf; ret = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, ret, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, ret, "APDU transmit failed"); ret = sc_check_sw(card, apdu.sw1, apdu.sw2); - if (ret == SC_NO_ERROR) + if (ret == SC_SUCCESS) { if (isIV) { @@ -1050,11 +1019,11 @@ outlen_tail -= apdu.resplen; } } - } while (ret == SC_NO_ERROR && crgram_len != 0); - sc_debug(card->ctx, "len out cipher %d\n", outlen - outlen_tail); - if (ret == SC_NO_ERROR) + } while (ret == SC_SUCCESS && crgram_len != 0); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "len out cipher %d\n", outlen - outlen_tail); + if (ret == SC_SUCCESS) ret = (outlen_tail == 0) ? (int)outlen : SC_ERROR_WRONG_LENGTH; - SC_FUNC_RETURN(card->ctx, 3, ret); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, ret); } /* Launcher for cipher */ @@ -1090,9 +1059,9 @@ int ret; sc_apdu_t apdu; - SC_FUNC_CALLED(card->ctx, 3); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); if (!in || !out || olen != 4 || ilen == 0) - SC_FUNC_RETURN(card->ctx, 3, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); do { sc_format_apdu(card, &apdu, @@ -1115,273 +1084,10 @@ else apdu.cla = 0x10; ret = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, ret, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, ret, "APDU transmit failed"); ret = sc_check_sw(card, apdu.sw1, apdu.sw2); - } while (ret == SC_NO_ERROR && ilen != 0); - SC_FUNC_RETURN(card->ctx, 3, ret); -} - -/* RSA emulation */ - -#ifdef ENABLE_OPENSSL - -static int rutoken_get_prkey_from_bin(const u8 *data, size_t datalen, - struct sc_pkcs15_prkey **key) -{ - uint32_t bitlen; - size_t i, len; - struct sc_pkcs15_prkey_rsa *key_rsa; - - if (!data || !key || *key != NULL) - return -1; - - if (datalen < 14 + sizeof(uint32_t)) - return -1; - - /* Check header */ - if ( data[0] != 2 || data[1] != 1 - || data[2] != 0x07 /* Type */ - || data[3] != 0x02 /* Version */ - /* aiKeyAlg */ - || data[6] != 0 || data[7] != 0xA4 || data[8] != 0 || data[9] != 0 - /* magic "RSA2" */ - || data[10] != 0x52 || data[11] != 0x53 - || data[12] != 0x41 || data[13] != 0x32 - ) - return -1; - - len = 14; - /* bitlen */ - bitlen = 0; - for (i = 0; i < sizeof(uint32_t); ++i) - bitlen += (uint32_t)data[len++] << i*8; - - if (bitlen % 16) - return -1; - if (datalen - len < sizeof(uint32_t) + bitlen/8 * 2 + bitlen/16 * 5) - return -1; - - *key = calloc(1, sizeof(struct sc_pkcs15_prkey)); - if (!*key) - return -1; - key_rsa = &(*key)->u.rsa; - - key_rsa->exponent.data = malloc(sizeof(uint32_t)); - key_rsa->modulus.data = malloc(bitlen/8); - key_rsa->p.data = malloc(bitlen/16); - key_rsa->q.data = malloc(bitlen/16); - key_rsa->dmp1.data = malloc(bitlen/16); - key_rsa->dmq1.data = malloc(bitlen/16); - key_rsa->iqmp.data = malloc(bitlen/16); - key_rsa->d.data = malloc(bitlen/8); - if (!key_rsa->exponent.data || !key_rsa->modulus.data - || !key_rsa->p.data || !key_rsa->q.data - || !key_rsa->dmp1.data || !key_rsa->dmq1.data - || !key_rsa->iqmp.data || !key_rsa->d.data - ) - { - free(key_rsa->exponent.data); - free(key_rsa->modulus.data); - free(key_rsa->p.data); - free(key_rsa->q.data); - free(key_rsa->dmp1.data); - free(key_rsa->dmq1.data); - free(key_rsa->iqmp.data); - free(key_rsa->d.data); - memset(key_rsa, 0, sizeof(*key_rsa)); - - free(*key); - *key = NULL; - return -1; - } - -#define MEMCPY_KEYRSA_REVERSE_DATA(NAME, size) /* set key_rsa->NAME.len */ \ - do { \ - for (i = 0; i < (size); ++i) \ - if (data[len + (size) - 1 - i] != 0) \ - break; \ - for (; i < (size); ++i) \ - key_rsa->NAME.data[key_rsa->NAME.len++] = data[len + (size) - 1 - i]; \ - len += (size); \ - } while (0) - - MEMCPY_KEYRSA_REVERSE_DATA(exponent, sizeof(uint32_t)); /* pubexp */ - MEMCPY_KEYRSA_REVERSE_DATA(modulus, bitlen/8); /* modulus */ - MEMCPY_KEYRSA_REVERSE_DATA(p, bitlen/16); /* prime1 */ - MEMCPY_KEYRSA_REVERSE_DATA(q, bitlen/16); /* prime2 */ - MEMCPY_KEYRSA_REVERSE_DATA(dmp1, bitlen/16); /* exponent1 */ - MEMCPY_KEYRSA_REVERSE_DATA(dmq1, bitlen/16); /* exponent2 */ - MEMCPY_KEYRSA_REVERSE_DATA(iqmp, bitlen/16); /* coefficient */ - MEMCPY_KEYRSA_REVERSE_DATA(d, bitlen/8); /* privateExponent */ - - (*key)->algorithm = SC_ALGORITHM_RSA; - return 0; -} - -static int rutoken_get_current_fileid(sc_card_t *card, u8 id[2]) -{ - sc_apdu_t apdu; - int ret; - - SC_FUNC_CALLED(card->ctx, 3); - sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xca, 0x01, 0x11); - apdu.resp = id; - apdu.resplen = 2; - apdu.le = 2; - ret = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, ret, "APDU transmit failed"); - ret = sc_check_sw(card, apdu.sw1, apdu.sw2); - swap_pair(id, 2); - SC_FUNC_RETURN(card->ctx, 3, ret); -} - -static int rutoken_read_prkey(sc_card_t *card, struct sc_pkcs15_prkey **out) -{ - int r; - u8 id[2]; - u8 *data; - sc_path_t path; - sc_file_t *file = NULL; - - r = sc_lock(card); - if (r != SC_SUCCESS) - return r; - - r = rutoken_get_current_fileid(card, id); - if (r == SC_SUCCESS) - { - sc_path_set(&path, SC_PATH_TYPE_FILE_ID, id, sizeof(id), 0, -1); - r = rutoken_select_file(card, &path, &file); - } - if (r == SC_SUCCESS && file) - { - data = malloc(file->size); - if (data == NULL) - r = SC_ERROR_OUT_OF_MEMORY; - else - { - r = sc_read_binary(card, 0, data, file->size, 0); - if (r > 0 && (size_t)r == file->size) - r = rutoken_get_prkey_from_bin(data, file->size, out); - memset(data, 0, file->size); - free(data); - } - } - if (file) - sc_file_free(file); - sc_unlock(card); - return r; -} - -#define GETBN(bn) ((bn)->len? BN_bin2bn((bn)->data, (bn)->len, NULL) : NULL) - -static int extract_key(sc_card_t *card, EVP_PKEY **pk) -{ - struct sc_pkcs15_prkey *key = NULL; - int r; - - SC_FUNC_CALLED(card->ctx, 3); - - r = rutoken_read_prkey(card, &key); - if (r < 0) - SC_FUNC_RETURN(card->ctx, 3, r); - - if ((*pk = EVP_PKEY_new()) == NULL) - r = SC_ERROR_OUT_OF_MEMORY; - else - { - switch (key->algorithm) - { - case SC_ALGORITHM_RSA: - { - RSA *rsa = RSA_new(); - EVP_PKEY_set1_RSA(*pk, rsa); - rsa->n = GETBN(&key->u.rsa.modulus); - rsa->e = GETBN(&key->u.rsa.exponent); - rsa->d = GETBN(&key->u.rsa.d); - rsa->p = GETBN(&key->u.rsa.p); - rsa->q = GETBN(&key->u.rsa.q); - if((rsa->n == NULL) || (rsa->e == NULL) || (rsa->d == NULL) || - (rsa->p == NULL) || (rsa->q == NULL)) - r = SC_ERROR_INTERNAL; - RSA_free(rsa); - break; - } - default: - r = SC_ERROR_NOT_SUPPORTED; - } - } - if ((r < 0) && (*pk != NULL)) - { - EVP_PKEY_free(*pk); - *pk = NULL; - } - if (key) sc_pkcs15_free_prkey(key); - SC_FUNC_RETURN(card->ctx, 3, r); -} - -static int cipher_ext(sc_card_t *card, const u8 *data, size_t len, - u8 *out, size_t out_len, - int sign /* sign==1 -> Sidn; sign==0 -> decipher */) -{ - char error[1024]; - EVP_PKEY *pkey = NULL; - int ret, r; - - SC_FUNC_CALLED(card->ctx, 3); - if (out_len < len) - SC_FUNC_RETURN(card->ctx, 3, SC_ERROR_INVALID_ARGUMENTS); - - ret = extract_key(card, &pkey); - if (ret == SC_SUCCESS) - { - if (sign) - r = RSA_PKCS1_SSLeay()->rsa_priv_enc(len, data, out, - pkey->pkey.rsa, RSA_PKCS1_PADDING); - else - { - r = RSA_PKCS1_SSLeay()->rsa_priv_dec(len, data, out, - pkey->pkey.rsa, RSA_PKCS1_PADDING); - ret = r; - } - if ( r < 0) - { - ret = SC_ERROR_INTERNAL; - ERR_load_crypto_strings(); - ERR_error_string(ERR_get_error(), error); - sc_error(card->ctx, error); - ERR_free_strings(); - } - } - if (pkey) - EVP_PKEY_free(pkey); - SC_FUNC_RETURN(card->ctx, 3, ret); -} - -static int rutoken_decipher(sc_card_t *card, - const u8 * data, size_t datalen, - u8 * out, size_t outlen) -{ - int ret; - auth_senv_t *senv = (auth_senv_t *)card->drv_data; - - SC_FUNC_CALLED(card->ctx, 1); - - if (!senv) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INTERNAL); - - if (senv->algorithm == SC_ALGORITHM_GOST) - { - ret = rutoken_cipher_p(card, data, datalen, out, outlen, 0x80, 0x86, 1); - } - else if (senv->algorithm == SC_ALGORITHM_RSA_RAW) - { - /* decipher */ - ret = cipher_ext(card, data, datalen, out, outlen, 0); - } - else - ret = SC_ERROR_NOT_SUPPORTED; - SC_FUNC_RETURN(card->ctx, 1, ret); + } while (ret == SC_SUCCESS && ilen != 0); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, ret); } static int rutoken_compute_signature(struct sc_card *card, @@ -1391,26 +1097,17 @@ int ret; auth_senv_t *senv = (auth_senv_t *)card->drv_data; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); if (!senv) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INTERNAL); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INTERNAL); if (senv->algorithm == SC_ALGORITHM_GOST) - { ret = rutoken_compute_mac_gost(card, data, datalen, out, outlen); - } - else if (senv->algorithm == SC_ALGORITHM_RSA_RAW) - { - /* sign */ - ret = cipher_ext(card, data, datalen, out, outlen, 1); - } else ret = SC_ERROR_NOT_SUPPORTED; - SC_FUNC_RETURN(card->ctx, 1, ret); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, ret); } -#endif /* ENABLE_OPENSSL */ - static int rutoken_get_challenge(sc_card_t *card, u8 *rnd, size_t count) { sc_apdu_t apdu; @@ -1418,7 +1115,7 @@ size_t n; int ret = SC_ERROR_INVALID_ARGUMENTS; /* if count == 0 */ - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0x84, 0x00, 0x00); apdu.le = sizeof(rbuf); apdu.resp = rbuf; @@ -1427,17 +1124,17 @@ while (count > 0) { ret = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, ret, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, ret, "APDU transmit failed"); ret = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, ret, "Get challenge failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, ret, "Get challenge failed"); if (apdu.resplen != sizeof(rbuf)) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_UNKNOWN); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN); n = count < sizeof(rbuf) ? count : sizeof(rbuf); memcpy(rnd, rbuf, n); count -= n; rnd += n; } - SC_FUNC_RETURN(card->ctx, 1, ret); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, ret); } static int rutoken_get_serial(sc_card_t *card, sc_serial_number_t *serial) @@ -1445,17 +1142,17 @@ sc_apdu_t apdu; int ret; - SC_FUNC_CALLED(card->ctx, 3); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xCA, 0x01, 0x81); apdu.resp = serial->value; apdu.resplen = sizeof(serial->value); apdu.le = 4; ret = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, ret, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, ret, "APDU transmit failed"); ret = sc_check_sw(card, apdu.sw1, apdu.sw2); serial->len = apdu.resplen; swap_four(serial->value, serial->len); - SC_FUNC_RETURN(card->ctx, 3, ret); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, ret); } static int rutoken_get_info(sc_card_t *card, void *buff) @@ -1464,17 +1161,17 @@ u8 rbuf[8]; int ret; - SC_FUNC_CALLED(card->ctx, 3); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xCA, 0x01, 0x89); apdu.resp = rbuf; apdu.resplen = sizeof(rbuf); apdu.le = sizeof(rbuf); ret = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, ret, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, ret, "APDU transmit failed"); ret = sc_check_sw(card, apdu.sw1, apdu.sw2); if (ret == SC_SUCCESS) memcpy(buff, apdu.resp, apdu.resplen); - SC_FUNC_RETURN(card->ctx, 3, ret); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, ret); } static int rutoken_format(sc_card_t *card, int apdu_ins) @@ -1482,13 +1179,13 @@ int ret; sc_apdu_t apdu; - SC_FUNC_CALLED(card->ctx, 3); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); sc_format_apdu(card, &apdu, SC_APDU_CASE_1, apdu_ins, 0x00, 0x00); apdu.cla = 0x80; ret = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, ret, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, ret, "APDU transmit failed"); ret = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_FUNC_RETURN(card->ctx, 3, ret); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, ret); } static int rutoken_card_ctl(sc_card_t *card, unsigned long cmd, void *ptr) @@ -1497,11 +1194,11 @@ /*|| cmd == SC_CARDCTL_ERASE_CARD */ || cmd == SC_CARDCTL_RUTOKEN_FORMAT_INIT || cmd == SC_CARDCTL_RUTOKEN_FORMAT_END - ) ? SC_NO_ERROR : SC_ERROR_INVALID_ARGUMENTS; + ) ? SC_SUCCESS : SC_ERROR_INVALID_ARGUMENTS; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); - if (ret == SC_NO_ERROR) + if (ret == SC_SUCCESS) { switch (cmd) { @@ -1541,17 +1238,12 @@ ret = rutoken_format(card, 0x7b); /* APDU: FORMAT END */ break; default: - sc_debug(card->ctx, "cmd = %d", cmd); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "cmd = %d", cmd); ret = SC_ERROR_NOT_SUPPORTED; break; - case SC_CARDCTL_LIFECYCLE_SET: - sc_debug(card->ctx, "SC_CARDCTL_LIFECYCLE_SET not supported"); - sc_debug(card->ctx, "returning SC_ERROR_NOT_SUPPORTED"); - /* no call sc_error (SC_FUNC_RETURN) */ - return SC_ERROR_NOT_SUPPORTED; } } - SC_FUNC_RETURN(card->ctx, 1, ret); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, ret); } static struct sc_card_driver* get_rutoken_driver(void) @@ -1577,13 +1269,8 @@ rutoken_ops.logout = rutoken_logout; rutoken_ops.restore_security_env = rutoken_restore_security_env; rutoken_ops.set_security_env = rutoken_set_security_env; -#ifdef ENABLE_OPENSSL - rutoken_ops.decipher = rutoken_decipher; - rutoken_ops.compute_signature = rutoken_compute_signature; -#else rutoken_ops.decipher = NULL; - rutoken_ops.compute_signature = NULL; -#endif + rutoken_ops.compute_signature = rutoken_compute_signature; rutoken_ops.change_reference_data = rutoken_change_reference_data; rutoken_ops.reset_retry_counter = rutoken_reset_retry_counter; rutoken_ops.create_file = rutoken_create_file; diff -Nru opensc-0.11.13/src/libopensc/card-setcos.c opensc-0.12.1/src/libopensc/card-setcos.c --- opensc-0.11.13/src/libopensc/card-setcos.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/card-setcos.c 2011-05-17 17:07:00.000000000 +0000 @@ -20,12 +20,14 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" -#include "cardctl.h" +#include "config.h" + #include #include -#include +#include "internal.h" +#include "asn1.h" +#include "cardctl.h" static struct sc_atr_table setcos_atrs[] = { /* some Nokia branded SC */ @@ -70,15 +72,10 @@ NULL, 0, NULL }; -static int setcos_finish(sc_card_t *card) -{ - return 0; -} - static int match_hist_bytes(sc_card_t *card, const char *str, size_t len) { - const char *src = (const char *) card->slot->atr_info.hist_bytes; - size_t srclen = card->slot->atr_info.hist_bytes_len; + const char *src = (const char *) card->reader->atr_info.hist_bytes; + size_t srclen = card->reader->atr_info.hist_bytes_len; size_t offset = 0; if (len == 0) @@ -125,7 +122,7 @@ card->type = SC_CARD_TYPE_SETCOS_EID_V2_1; else { buf[sizeof(buf) - 1] = '\0'; - sc_debug(card->ctx, "SetCOS EID applet %s is not supported", (char *) buf); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "SetCOS EID applet %s is not supported", (char *) buf); return 0; } return 1; @@ -145,9 +142,7 @@ /* Regular PKCS#15 AID */ sc_format_path("A000000063504B43532D3135", &app); app.type = SC_PATH_TYPE_DF_NAME; - sc_ctx_suppress_errors_on(card->ctx); r = sc_select_file(card, &app, NULL); - sc_ctx_suppress_errors_off(card->ctx); return r; } @@ -180,7 +175,7 @@ card->cla = 0x00; card->caps |= SC_CARD_CAP_USE_FCI_AC; card->caps |= SC_CARD_CAP_RNG; - card->caps |= SC_CARD_FLAG_ONBOARD_KEY_GEN; + card->caps |= SC_CARD_CAP_APDU_EXT; break; default: /* XXX: Get SetCOS version */ @@ -474,7 +469,7 @@ break; case SC_AC_CHV: /* pin */ if ((bNumber & 0x7F) == 0 || (bNumber & 0x7F) > 7) { - sc_error(card->ctx, "SetCOS 4.4 PIN refs can only be 1..7\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "SetCOS 4.4 PIN refs can only be 1..7\n"); return SC_ERROR_INVALID_ARGUMENTS; } bCommands_pin[setcos_pin_index_44(pins, sizeof(pins), (int) bNumber)] |= 1 << i; @@ -508,7 +503,6 @@ } /* RSA signing/decryption requires AC adaptive coding, can't be put in AC simple coding. Only implemented for pins, not for a key. */ - bKeyNumber = 0; if ( (file->type == SC_FILE_TYPE_INTERNAL_EF) && (acl_to_byte_44(file->acl[SC_AC_OP_CRYPTO], &bNumber) == SC_AC_CHV) ) { bBuf[len++] = 0x83; @@ -577,11 +571,11 @@ card->type == SC_CARD_TYPE_SETCOS_NIDEL || SETCOS_IS_EID_APPLET(card)) { if (env->flags & SC_SEC_ENV_KEY_REF_ASYMMETRIC) { - sc_error(card->ctx, "asymmetric keyref not supported.\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "asymmetric keyref not supported.\n"); return SC_ERROR_NOT_SUPPORTED; } if (se_num > 0) { - sc_error(card->ctx, "restore security environment not supported.\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "restore security environment not supported.\n"); return SC_ERROR_NOT_SUPPORTED; } } @@ -633,18 +627,20 @@ apdu.resplen = 0; if (se_num > 0) { r = sc_lock(card); - SC_TEST_RET(card->ctx, r, "sc_lock() failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "sc_lock() failed"); locked = 1; } if (apdu.datalen != 0) { r = sc_transmit_apdu(card, &apdu); if (r) { - sc_perror(card->ctx, r, "APDU transmit failed"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "%s: APDU transmit failed", sc_strerror(r)); goto err; } r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (r) { - sc_perror(card->ctx, r, "Card returned error"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "%s: Card returned error", sc_strerror(r)); goto err; } } @@ -653,7 +649,7 @@ sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x22, 0xF2, se_num); r = sc_transmit_apdu(card, &apdu); sc_unlock(card); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); return sc_check_sw(card, apdu.sw1, apdu.sw2); err: if (locked) @@ -671,7 +667,7 @@ tmp.flags &= ~SC_SEC_ENV_ALG_PRESENT; tmp.flags |= SC_SEC_ENV_ALG_REF_PRESENT; if (tmp.algorithm != SC_ALGORITHM_RSA) { - sc_error(card->ctx, "Only RSA algorithm supported.\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Only RSA algorithm supported.\n"); return SC_ERROR_NOT_SUPPORTED; } switch (card->type) { @@ -684,7 +680,7 @@ case SC_CARD_TYPE_SETCOS_EID_V2_1: break; default: - sc_error(card->ctx, "Card does not support RSA.\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Card does not support RSA.\n"); return SC_ERROR_NOT_SUPPORTED; break; } @@ -932,7 +928,7 @@ apdu.resplen = buflen; apdu.le = buflen > 256 ? 256 : buflen; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (card->type == SC_CARD_TYPE_SETCOS_44 && apdu.sw1 == 0x6A && apdu.sw2 == 0x82) return 0; /* no files found */ if (apdu.resplen == 0) @@ -965,7 +961,7 @@ int r; struct sc_apdu apdu; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); memset(&apdu, 0, sizeof(apdu)); apdu.cse = SC_APDU_CASE_3_SHORT; @@ -978,12 +974,12 @@ apdu.data = data_obj->Data; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "PUT_DATA returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "PUT_DATA returned error"); - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } /* Read internal data, e.g. get RSA public key */ @@ -992,7 +988,7 @@ int r; struct sc_apdu apdu; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); memset(&apdu, 0, sizeof(apdu)); apdu.cse = SC_APDU_CASE_2_SHORT; @@ -1009,17 +1005,17 @@ apdu.resplen = data_obj->DataLen; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "GET_DATA returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "GET_DATA returned error"); if (apdu.resplen > data_obj->DataLen) r = SC_ERROR_WRONG_LENGTH; else data_obj->DataLen = apdu.resplen; - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } /* Generate or store a key */ @@ -1030,7 +1026,7 @@ u8 sbuf[SC_MAX_APDU_BUFFER_SIZE]; int r, len; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); /* Setup key-generation paramters */ len = 0; @@ -1065,12 +1061,12 @@ apdu.lc = len; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "STORE/GENERATE_KEY returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "STORE/GENERATE_KEY returned error"); - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } static int setcos_activate_file(sc_card_t *card) @@ -1083,12 +1079,12 @@ apdu.data = sbuf; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(card->ctx, r, "ACTIVATE_FILE returned error"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "ACTIVATE_FILE returned error"); - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } static int setcos_card_ctl(sc_card_t *card, unsigned long cmd, void *ptr) @@ -1122,7 +1118,6 @@ setcos_ops = *iso_drv->ops; setcos_ops.match_card = setcos_match_card; setcos_ops.init = setcos_init; - setcos_ops.finish = setcos_finish; if (iso_ops == NULL) iso_ops = iso_drv->ops; setcos_ops.create_file = setcos_create_file; diff -Nru opensc-0.11.13/src/libopensc/cards.h opensc-0.12.1/src/libopensc/cards.h --- opensc-0.11.13/src/libopensc/cards.h 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/cards.h 2011-05-17 17:07:00.000000000 +0000 @@ -21,7 +21,7 @@ #ifndef _OPENSC_CARDS_H #define _OPENSC_CARDS_H -#include +#include "libopensc/types.h" #ifdef __cplusplus extern "C" { @@ -44,6 +44,8 @@ SC_CARD_TYPE_CARDOS_M4_3, SC_CARD_TYPE_CARDOS_M4_2B, /* 4.2b is after 4.3b */ SC_CARD_TYPE_CARDOS_M4_2C, + SC_CARD_TYPE_CARDOS_CIE_V1, /* Italian CIE (eID) v1 */ + SC_CARD_TYPE_CARDOS_M4_4, /* flex/cyberflex drivers */ SC_CARD_TYPE_FLEX_BASE = 2000, @@ -71,7 +73,9 @@ /* mcrd driver */ SC_CARD_TYPE_MCRD_BASE = 5000, SC_CARD_TYPE_MCRD_GENERIC, - SC_CARD_TYPE_MCRD_ESTEID, + SC_CARD_TYPE_MCRD_ESTEID_V10, + SC_CARD_TYPE_MCRD_ESTEID_V11, + SC_CARD_TYPE_MCRD_ESTEID_V30, SC_CARD_TYPE_MCRD_DTRUST, /* setcos driver */ @@ -97,7 +101,8 @@ /* openpgp driver */ SC_CARD_TYPE_OPENPGP_BASE = 9000, - SC_CARD_TYPE_OPENPGP_GENERIC, + SC_CARD_TYPE_OPENPGP_V1, + SC_CARD_TYPE_OPENPGP_V2, /* jcop driver */ SC_CARD_TYPE_JCOP_BASE = 10000, @@ -109,6 +114,8 @@ SC_CARD_TYPE_OBERTHUR_32K, SC_CARD_TYPE_OBERTHUR_32K_BIO, SC_CARD_TYPE_OBERTHUR_64K, + /* Oberthur 'COSMO v7' with applet 'AuthentIC v3.2' */ + SC_CARD_TYPE_OBERTHUR_AUTHENTIC_3_2 = 11100, /* belpic driver */ SC_CARD_TYPE_BELPIC_BASE = 12000, @@ -123,9 +130,11 @@ SC_CARD_TYPE_PIV_II_BASE = 14000, SC_CARD_TYPE_PIV_II_GENERIC, - /* Muscle cards */ + /* MuscleApplet */ SC_CARD_TYPE_MUSCLE_BASE = 15000, SC_CARD_TYPE_MUSCLE_GENERIC, + SC_CARD_TYPE_MUSCLE_V1, + SC_CARD_TYPE_MUSCLE_V2, SC_CARD_TYPE_MUSCLE_ETOKEN_72K, SC_CARD_TYPE_MUSCLE_JCOP241, @@ -150,10 +159,35 @@ /* MyEID cards */ SC_CARD_TYPE_MYEID_BASE = 20000, SC_CARD_TYPE_MYEID_GENERIC, + + /* GemsafeV1 cards */ + SC_CARD_TYPE_GEMSAFEV1_BASE = 21000, + SC_CARD_TYPE_GEMSAFEV1_GENERIC, + SC_CARD_TYPE_GEMSAFEV1_PTEID, + + /* IAS cards */ + SC_CARD_TYPE_IAS_BASE = 22000, + SC_CARD_TYPE_IAS_PTEID, + + /* Italian CNS cards */ + SC_CARD_TYPE_ITACNS_BASE = 23000, + SC_CARD_TYPE_ITACNS_GENERIC, + SC_CARD_TYPE_ITACNS_CNS, + SC_CARD_TYPE_ITACNS_CIE_V2, + SC_CARD_TYPE_ITACNS_CIE_V1, + + /* Generic JavaCards without supported applet */ + SC_CARD_TYPE_JAVACARD_BASE = 24000, + SC_CARD_TYPE_JAVACARD, + + /* IAS/ECC cards */ + SC_CARD_TYPE_IASECC_BASE = 25000, + SC_CARD_TYPE_IASECC_GEMALTO, + SC_CARD_TYPE_IASECC_OBERTHUR, + SC_CARD_TYPE_IASECC_SAGEM, }; extern sc_card_driver_t *sc_get_default_driver(void); -extern sc_card_driver_t *sc_get_emv_driver(void); extern sc_card_driver_t *sc_get_cardos_driver(void); extern sc_card_driver_t *sc_get_cryptoflex_driver(void); extern sc_card_driver_t *sc_get_cyberflex_driver(void); @@ -180,6 +214,11 @@ extern sc_card_driver_t *sc_get_rtecp_driver(void); extern sc_card_driver_t *sc_get_westcos_driver(void); extern sc_card_driver_t *sc_get_myeid_driver(void); +extern sc_card_driver_t *sc_get_ias_driver(void); +extern sc_card_driver_t *sc_get_javacard_driver(void); +extern sc_card_driver_t *sc_get_itacns_driver(void); +extern sc_card_driver_t *sc_get_authentic_driver(void); +extern sc_card_driver_t *sc_get_iasecc_driver(void); #ifdef __cplusplus } diff -Nru opensc-0.11.13/src/libopensc/card-starcos.c opensc-0.12.1/src/libopensc/card-starcos.c --- opensc-0.11.13/src/libopensc/card-starcos.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/card-starcos.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,11 +18,15 @@ * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ + +#include "config.h" + +#include +#include + #include "internal.h" #include "asn1.h" #include "cardctl.h" -#include -#include static struct sc_atr_table starcos_atrs[] = { { "3B:B7:94:00:c0:24:31:fe:65:53:50:4b:32:33:90:00:b4", NULL, NULL, SC_CARD_TYPE_STARCOS_GENERIC, 0, NULL }, @@ -51,7 +55,7 @@ { 0x6F01, SC_ERROR_CARD_CMD_FAILED, "public key not complete"}, { 0x6F02, SC_ERROR_CARD_CMD_FAILED, "data overflow"}, { 0x6F03, SC_ERROR_CARD_CMD_FAILED, "invalid command sequence"}, - { 0x6F05, SC_ERROR_CARD_CMD_FAILED, "security enviroment invalid"}, + { 0x6F05, SC_ERROR_CARD_CMD_FAILED, "security environment invalid"}, { 0x6F07, SC_ERROR_FILE_NOT_FOUND, "key part not found"}, { 0x6F08, SC_ERROR_CARD_CMD_FAILED, "signature failed"}, { 0x6F0A, SC_ERROR_INCORRECT_PARAMETERS, "key format does not match key length"}, @@ -59,7 +63,7 @@ { 0x6F81, SC_ERROR_CARD_CMD_FAILED, "system error"} }; -/* internal structure to save the current security enviroment */ +/* internal structure to save the current security environment */ typedef struct starcos_ex_data_st { int sec_ops; /* the currently selected security operation, * i.e. SC_SEC_OPERATION_AUTHENTICATE etc. */ @@ -82,7 +86,7 @@ unsigned int flags; starcos_ex_data *ex_data; - ex_data = (starcos_ex_data *) calloc(1, sizeof(starcos_ex_data)); + ex_data = calloc(1, sizeof(starcos_ex_data)); if (ex_data == NULL) return SC_ERROR_OUT_OF_MEMORY; @@ -92,7 +96,6 @@ flags = SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_ONBOARD_KEY_GEN - | SC_CARD_FLAG_RNG | SC_ALGORITHM_RSA_PAD_ISO9796 | SC_ALGORITHM_RSA_HASH_NONE | SC_ALGORITHM_RSA_HASH_SHA1 @@ -107,10 +110,8 @@ card->caps = SC_CARD_CAP_RNG; /* we need read_binary&friends with max 128 bytes per read */ - if (card->max_send_size > 128) - card->max_send_size = 128; - if (card->max_recv_size > 128) - card->max_recv_size = 128; + card->max_send_size = 128; + card->max_recv_size = 128; return 0; } @@ -134,8 +135,7 @@ size_t taglen, len = buflen; const u8 *tag = NULL, *p; - if (ctx->debug >= 3) - sc_debug(ctx, "processing FCI bytes\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "processing FCI bytes\n"); if (buflen < 2) return SC_ERROR_INTERNAL; @@ -156,8 +156,8 @@ tag = sc_asn1_find_tag(ctx, p, len, 0x80, &taglen); if (tag != NULL && taglen >= 2) { int bytes = (tag[0] << 8) + tag[1]; - if (ctx->debug >= 3) - sc_debug(ctx, " bytes in file: %d\n", bytes); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + " bytes in file: %d\n", bytes); file->size = bytes; } @@ -205,10 +205,10 @@ } } - if (ctx->debug >= 3) { - sc_debug(ctx, " type: %s\n", type); - sc_debug(ctx, " EF structure: %s\n", structure); - } + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + " type: %s\n", type); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + " EF structure: %s\n", structure); } file->magic = SC_FILE_MAGIC; @@ -230,11 +230,11 @@ apdu.resplen = 0; apdu.le = 0; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); /* check return value */ if (!(apdu.sw1 == 0x90 && apdu.sw2 == 0x00) && apdu.sw1 != 0x61 ) - SC_FUNC_RETURN(card->ctx, 2, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); /* update cache */ card->cache.current_path.type = SC_PATH_TYPE_DF_NAME; @@ -244,7 +244,7 @@ if (file_out) { sc_file_t *file = sc_file_new(); if (!file) - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_OUT_OF_MEMORY); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); file->type = SC_FILE_TYPE_DF; file->ef_structure = SC_FILE_EF_UNKNOWN; file->path.len = 0; @@ -257,7 +257,7 @@ file->magic = SC_FILE_MAGIC; *file_out = file; } - SC_FUNC_RETURN(card->ctx, 2, SC_SUCCESS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_SUCCESS); } static int starcos_select_fid(sc_card_t *card, @@ -280,7 +280,7 @@ apdu.datalen = 2; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.p2 == 0x00 && apdu.sw1 == 0x62 && apdu.sw2 == 0x84 ) { /* no FCI => we have a DF (see comment in process_fci()) */ @@ -290,7 +290,7 @@ apdu.resplen = 0; apdu.le = 0; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU re-transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU re-transmit failed"); } else if (apdu.sw1 == 0x61 || (apdu.sw1 == 0x90 && apdu.sw2 == 0x00)) { /* SELECT returned some data (possible FCI) => * try a READ BINARY to see if a EF is selected */ @@ -302,14 +302,14 @@ apdu2.le = 1; apdu2.lc = 0; r = sc_transmit_apdu(card, &apdu2); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu2.sw1 == 0x69 && apdu2.sw2 == 0x86) /* no current EF is selected => we have a DF */ bIsDF = 1; } if (apdu.sw1 != 0x61 && (apdu.sw1 != 0x90 || apdu.sw2 != 0x00)) - SC_FUNC_RETURN(card->ctx, 2, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); /* update cache */ if (bIsDF) { @@ -328,7 +328,7 @@ if (file_out) { sc_file_t *file = sc_file_new(); if (!file) - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_OUT_OF_MEMORY); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); file->id = (id_hi << 8) + id_lo; file->path = card->cache.current_path; @@ -353,7 +353,7 @@ } } - SC_FUNC_RETURN(card->ctx, 2, SC_SUCCESS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_SUCCESS); } static int starcos_select_file(sc_card_t *card, @@ -363,21 +363,19 @@ u8 pathbuf[SC_MAX_PATH_SIZE], *path = pathbuf; int r; size_t i, pathlen; + char pbuf[SC_MAX_PATH_STRING_SIZE]; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); - if (card->ctx->debug >= 4) { - char pbuf[SC_MAX_PATH_STRING_SIZE]; - - r = sc_path_print(pbuf, sizeof(pbuf), &card->cache.current_path); - if (r != SC_SUCCESS) - pbuf[0] = '\0'; - - sc_debug(card->ctx, "current path (%s, %s): %s (len: %u)\n", - (card->cache.current_path.type==SC_PATH_TYPE_DF_NAME?"aid":"path"), - (card->cache_valid?"valid":"invalid"), pbuf, - card->cache.current_path.len); - } + r = sc_path_print(pbuf, sizeof(pbuf), &card->cache.current_path); + if (r != SC_SUCCESS) + pbuf[0] = '\0'; + + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "current path (%s, %s): %s (len: %u)\n", + (card->cache.current_path.type==SC_PATH_TYPE_DF_NAME?"aid":"path"), + (card->cache.valid?"valid":"invalid"), pbuf, + card->cache.current_path.len); memcpy(path, in_path->value, in_path->len); pathlen = in_path->len; @@ -386,20 +384,19 @@ { /* SELECT EF/DF with ID */ /* Select with 2byte File-ID */ if (pathlen != 2) - SC_FUNC_RETURN(card->ctx,2,SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,SC_ERROR_INVALID_ARGUMENTS); return starcos_select_fid(card, path[0], path[1], file_out); } else if (in_path->type == SC_PATH_TYPE_DF_NAME) { /* SELECT DF with AID */ /* Select with 1-16byte Application-ID */ - if (card->cache_valid + if (card->cache.valid && card->cache.current_path.type == SC_PATH_TYPE_DF_NAME && card->cache.current_path.len == pathlen && memcmp(card->cache.current_path.value, pathbuf, pathlen) == 0 ) { - if (card->ctx->debug >= 4) - sc_debug(card->ctx, "cache hit\n"); - SC_FUNC_RETURN(card->ctx, 2, SC_SUCCESS); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "cache hit\n"); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_SUCCESS); } else return starcos_select_aid(card, pathbuf, pathlen, file_out); @@ -416,10 +413,10 @@ * of a EF) => pathlen must be even and less than 6 */ if (pathlen%2 != 0 || pathlen > 6 || pathlen <= 0) - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); /* if pathlen == 6 then the first FID must be MF (== 3F00) */ if (pathlen == 6 && ( path[0] != 0x3f || path[1] != 0x00 )) - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); /* unify path (the first FID should be MF) */ if (path[0] != 0x3f || path[1] != 0x00) @@ -433,7 +430,7 @@ } /* check current working directory */ - if (card->cache_valid + if (card->cache.valid && card->cache.current_path.type == SC_PATH_TYPE_PATH && card->cache.current_path.len >= 2 && card->cache.current_path.len <= pathlen ) @@ -445,7 +442,7 @@ bMatch += 2; } - if ( card->cache_valid && bMatch >= 0 ) + if ( card->cache.valid && bMatch >= 0 ) { if ( pathlen - bMatch == 2 ) /* we are in the rigth directory */ @@ -457,8 +454,9 @@ /* first step: change directory */ r = starcos_select_fid(card, path[bMatch], path[bMatch+1], NULL); - SC_TEST_RET(card->ctx, r, "SELECT FILE (DF-ID) failed"); - + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "SELECT FILE (DF-ID) failed"); + + memset(&new_path, 0, sizeof(sc_path_t)); new_path.type = SC_PATH_TYPE_PATH; new_path.len = pathlen - bMatch-2; memcpy(new_path.value, &(path[bMatch+2]), new_path.len); @@ -469,13 +467,13 @@ { /* done: we are already in the * requested directory */ - if ( card->ctx->debug >= 4 ) - sc_debug(card->ctx, "cache hit\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "cache hit\n"); /* copy file info (if necessary) */ if (file_out) { sc_file_t *file = sc_file_new(); if (!file) - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_OUT_OF_MEMORY); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); file->id = (path[pathlen-2] << 8) + path[pathlen-1]; file->path = card->cache.current_path; @@ -496,13 +494,13 @@ for ( i=0; ictx, r, "SELECT FILE (DF-ID) failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "SELECT FILE (DF-ID) failed"); } return starcos_select_fid(card, path[pathlen-2], path[pathlen-1], file_out); } } else - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); } #define STARCOS_AC_ALWAYS 0x9f @@ -570,7 +568,7 @@ tmp = 0x00; /* no sm */ *p++ = tmp; /* use the same sm mode for all ops */ *p++ = tmp; - *p++ = tmp; + *p = tmp; data->type = SC_STARCOS_MF_DATA; return SC_SUCCESS; @@ -607,7 +605,7 @@ else tmp = 0x00; *p++ = tmp; /* SM CR */ - *p++ = tmp; /* SM ISF */ + *p = tmp; /* SM ISF */ data->data.df.size[0] = (file->size >> 8) & 0xff; data->data.df.size[1] = file->size & 0xff; @@ -645,17 +643,17 @@ case SC_FILE_EF_TRANSPARENT: *p++ = 0x81; *p++ = (file->size >> 8) & 0xff; - *p++ = file->size & 0xff; + *p = file->size & 0xff; break; case SC_FILE_EF_LINEAR_FIXED: *p++ = 0x82; *p++ = file->record_count & 0xff; - *p++ = file->record_length & 0xff; + *p = file->record_length & 0xff; break; case SC_FILE_EF_CYCLIC: *p++ = 0x84; *p++ = file->record_count & 0xff; - *p++ = file->record_length & 0xff; + *p = file->record_length & 0xff; break; default: return SC_ERROR_INVALID_ARGUMENTS; @@ -683,8 +681,7 @@ sc_apdu_t apdu; sc_context_t *ctx = card->ctx; - if (ctx->debug >= 3) - sc_debug(ctx, "creating MF \n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "creating MF \n"); sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xE0, 0x00, 0x00); apdu.cla |= 0x80; apdu.lc = 19; @@ -692,7 +689,7 @@ apdu.data = (u8 *) data->data.mf.header; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(ctx, r, "APDU transmit failed"); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); return sc_check_sw(card, apdu.sw1, apdu.sw2); } @@ -713,11 +710,9 @@ sc_apdu_t apdu; sc_context_t *ctx = card->ctx; - if (ctx->debug >= 3) - sc_debug(ctx, "creating DF\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "creating DF\n"); /* first step: REGISTER DF */ - if (ctx->debug >= 3) - sc_debug(ctx, "calling REGISTER DF\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "calling REGISTER DF\n"); sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x52, data->data.df.size[0], data->data.df.size[1]); @@ -728,10 +723,9 @@ apdu.data = data->data.df.header; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(ctx, r, "APDU transmit failed"); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); /* second step: CREATE DF */ - if (ctx->debug >= 3) - sc_debug(ctx, "calling CREATE DF\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "calling CREATE DF\n"); sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xE0, 0x01, 0x00); apdu.cla |= 0x80; @@ -740,7 +734,7 @@ apdu.data = data->data.df.header; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(ctx, r, "APDU transmit failed"); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); return sc_check_sw(card, apdu.sw1, apdu.sw2); } @@ -759,8 +753,7 @@ sc_apdu_t apdu; sc_context_t *ctx = card->ctx; - if (ctx->debug >= 3) - sc_debug(ctx, "creating EF\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "creating EF\n"); sc_format_apdu(card,&apdu,SC_APDU_CASE_3_SHORT,0xE0,0x03,0x00); apdu.cla |= 0x80; @@ -769,7 +762,7 @@ apdu.data = (u8 *) data->data.ef.header; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); return sc_check_sw(card, apdu.sw1, apdu.sw2); } @@ -799,7 +792,7 @@ apdu.datalen = 2; apdu.data = fid; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); return sc_check_sw(card, apdu.sw1, apdu.sw2); } @@ -816,7 +809,7 @@ int r; sc_starcos_create_data data; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); if (file->type == SC_FILE_TYPE_DF) { if (file->id == 0x3f00) { @@ -864,9 +857,9 @@ apdu.data = sbuf; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); /* invalidate cache */ - card->cache_valid = 0; + card->cache.valid = 0; if (apdu.sw1 == 0x69 && apdu.sw2 == 0x85) /* no MF to delete, ignore error */ return SC_SUCCESS; @@ -906,7 +899,7 @@ apdu.data = sbuf; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00) return sc_check_sw(card, apdu.sw1, apdu.sw2); if (data->key == NULL) @@ -936,7 +929,7 @@ apdu.data = sbuf; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00) return sc_check_sw(card, apdu.sw1, apdu.sw2); offset += clen; @@ -972,7 +965,7 @@ apdu.lc = 2; apdu.datalen = 2; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00) return sc_check_sw(card, apdu.sw1, apdu.sw2); /* read public key via READ PUBLIC KEY */ @@ -986,11 +979,11 @@ apdu.resplen = sizeof(rbuf); apdu.le = 256; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00) return sc_check_sw(card, apdu.sw1, apdu.sw2); - data->modulus = (u8 *) malloc(len); + data->modulus = malloc(len); if (!data->modulus) return SC_ERROR_OUT_OF_MEMORY; p = data->modulus; @@ -1004,14 +997,14 @@ } /** starcos_set_security_env - * sets the security enviroment + * sets the security environment * \param card pointer to the sc_card object * \param env pointer to a sc_security_env object * \param se_num not used here * \return SC_SUCCESS on success or an error code * - * This function sets the security enviroment (using the starcos spk 2.3 - * command MANAGE SECURITY ENVIROMENT). In case a COMPUTE SIGNATURE + * This function sets the security environment (using the starcos spk 2.3 + * command MANAGE SECURITY ENVIRONMENT). In case a COMPUTE SIGNATURE * operation is requested , this function tries to detect whether * COMPUTE SIGNATURE or INTERNAL AUTHENTICATE must be used for signature * calculation. @@ -1020,14 +1013,13 @@ const sc_security_env_t *env, int se_num) { - u8 *p, *pp, keyID; + u8 *p, *pp; int r, operation = env->operation; sc_apdu_t apdu; u8 sbuf[SC_MAX_APDU_BUFFER_SIZE]; starcos_ex_data *ex_data = (starcos_ex_data *)card->drv_data; p = sbuf; - keyID = env->key_ref[0]; /* copy key reference, if present */ if (env->flags & SC_SEC_ENV_KEY_REF_PRESENT) { @@ -1054,9 +1046,9 @@ apdu.lc = p - sbuf; apdu.le = 0; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00) - SC_FUNC_RETURN(card->ctx, 4, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); return SC_SUCCESS; } /* try COMPUTE SIGNATURE */ @@ -1101,12 +1093,10 @@ apdu.datalen = p - sbuf; apdu.lc = p - sbuf; apdu.le = 0; - /* suppress errors, as don't know whether to use + /* we don't know whether to use * COMPUTE SIGNATURE or INTERNAL AUTHENTICATE */ - sc_ctx_suppress_errors_on(card->ctx); r = sc_transmit_apdu(card, &apdu); - sc_ctx_suppress_errors_off(card->ctx); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00) { ex_data->fix_digestInfo = 0; ex_data->sec_ops = SC_SEC_OPERATION_SIGN; @@ -1131,9 +1121,9 @@ apdu.lc = p - sbuf; apdu.le = 0; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00) - SC_FUNC_RETURN(card->ctx, 4, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); ex_data->fix_digestInfo = env->algorithm_flags; ex_data->sec_ops = SC_SEC_OPERATION_AUTHENTICATE; return SC_SUCCESS; @@ -1153,7 +1143,7 @@ starcos_ex_data *ex_data = (starcos_ex_data *)card->drv_data; if (datalen > SC_MAX_APDU_BUFFER_SIZE) - SC_FUNC_RETURN(card->ctx, 4, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); if (ex_data->sec_ops == SC_SEC_OPERATION_SIGN) { /* compute signature with the COMPUTE SIGNATURE command */ @@ -1169,9 +1159,9 @@ apdu.lc = datalen; apdu.datalen = datalen; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00) - SC_FUNC_RETURN(card->ctx, 4, + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); /* call COMPUTE SIGNATURE */ @@ -1183,13 +1173,12 @@ apdu.lc = 0; apdu.datalen = 0; - apdu.sensitive = 1; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00) { size_t len = apdu.resplen > outlen ? outlen : apdu.resplen; memcpy(out, apdu.resp, len); - SC_FUNC_RETURN(card->ctx, 4, len); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, len); } } else if (ex_data->sec_ops == SC_SEC_OPERATION_AUTHENTICATE) { size_t tmp_len; @@ -1217,21 +1206,21 @@ apdu.resplen = sizeof(rbuf); apdu.le = 256; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00) { size_t len = apdu.resplen > outlen ? outlen : apdu.resplen; memcpy(out, apdu.resp, len); - SC_FUNC_RETURN(card->ctx, 4, len); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, len); } } else - SC_FUNC_RETURN(card->ctx, 4, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); /* clear old state */ ex_data->sec_ops = 0; ex_data->fix_digestInfo = 0; - SC_FUNC_RETURN(card->ctx, 4, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); } static int starcos_check_sw(sc_card_t *card, unsigned int sw1, unsigned int sw2) @@ -1239,14 +1228,14 @@ const int err_count = sizeof(starcos_errors)/sizeof(starcos_errors[0]); int i; - if (card->ctx->debug >= 3) - sc_debug(card->ctx, "sw1 = 0x%02x, sw2 = 0x%02x\n", sw1, sw2); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "sw1 = 0x%02x, sw2 = 0x%02x\n", sw1, sw2); if (sw1 == 0x90) - return SC_NO_ERROR; + return SC_SUCCESS; if (sw1 == 0x63 && (sw2 & ~0x0fU) == 0xc0 ) { - sc_error(card->ctx, "Verification failed (remaining tries: %d)\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Verification failed (remaining tries: %d)\n", (sw2 & 0x0f)); return SC_ERROR_PIN_CODE_INCORRECT; } @@ -1255,7 +1244,7 @@ for (i = 0; i < err_count; i++) if (starcos_errors[i].SWs == ((sw1 << 8) | sw2)) { - sc_error(card->ctx, "%s\n", starcos_errors[i].errorstr); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "%s\n", starcos_errors[i].errorstr); return starcos_errors[i].errorno; } @@ -1285,12 +1274,12 @@ apdu.lc = 0; apdu.datalen = 0; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00) return SC_ERROR_INTERNAL; /* cache serial number */ - memcpy(card->serialnr.value, apdu.resp, apdu.resplen); - card->serialnr.len = apdu.resplen; + memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR)); + card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR); /* copy and return serial number */ memcpy(serial, &card->serialnr, sizeof(*serial)); return SC_SUCCESS; @@ -1340,10 +1329,8 @@ apdu.datalen = 2; apdu.resplen = 0; - sc_ctx_suppress_errors_on(card->ctx); r = sc_transmit_apdu(card, &apdu); - sc_ctx_suppress_errors_off(card->ctx); - SC_TEST_RET(card->ctx, r, "APDU re-transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU re-transmit failed"); if (apdu.sw1 == 0x69 && apdu.sw2 == 0x85) /* the only possible reason for this error here is, afaik, diff -Nru opensc-0.11.13/src/libopensc/card-tcos.c opensc-0.12.1/src/libopensc/card-tcos.c --- opensc-0.11.13/src/libopensc/card-tcos.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/card-tcos.c 2011-05-17 17:07:00.000000000 +0000 @@ -20,14 +20,17 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" -#include "asn1.h" -#include "cardctl.h" +#include "config.h" + #include #include #include #include +#include "internal.h" +#include "asn1.h" +#include "cardctl.h" + static struct sc_atr_table tcos_atrs[] = { /* Infineon SLE44 */ { "3B:BA:13:00:81:31:86:5D:00:64:05:0A:02:01:31:80:90:00:8B", NULL, NULL, SC_CARD_TYPE_TCOS_V2, 0, NULL }, @@ -80,7 +83,7 @@ { unsigned long flags; - tcos_data *data = (tcos_data *) malloc(sizeof(tcos_data)); + tcos_data *data = malloc(sizeof(tcos_data)); if (!data) return SC_ERROR_OUT_OF_MEMORY; card->name = "TCOS"; @@ -96,7 +99,7 @@ _sc_card_add_rsa_alg(card, 1024, flags, 0); if (card->type == SC_CARD_TYPE_TCOS_V3) { - card->caps |= SC_CARD_CAP_RSA_2048|SC_CARD_CAP_APDU_EXT; + card->caps |= SC_CARD_CAP_APDU_EXT; _sc_card_add_rsa_alg(card, 1280, flags, 0); _sc_card_add_rsa_alg(card, 1536, flags, 0); _sc_card_add_rsa_alg(card, 1792, flags, 0); @@ -215,7 +218,7 @@ len = SC_MAX_APDU_BUFFER_SIZE; r = tcos_construct_fci(file, sbuf, &len); - SC_TEST_RET(card->ctx, r, "tcos_construct_fci() failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "tcos_construct_fci() failed"); sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xE0, 0x00, 0x00); apdu.cla |= 0x80; /* this is an proprietary extension */ @@ -224,7 +227,7 @@ apdu.data = sbuf; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); return sc_check_sw(card, apdu.sw1, apdu.sw2); } @@ -303,7 +306,7 @@ op = map_operations (buf[0]); if (op == (unsigned int)-1) { - sc_debug (card->ctx, + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unknown security command byte %02x\n", buf[0]); continue; @@ -366,7 +369,7 @@ pathlen = 0; break; default: - SC_FUNC_RETURN(ctx, 2, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); } if( pathlen == 0 ) apdu.cse = SC_APDU_CASE_2_SHORT; @@ -386,17 +389,17 @@ } r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(ctx, r, "APDU transmit failed"); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - if (r || file_out == NULL) SC_FUNC_RETURN(ctx, 2, r); + if (r || file_out == NULL) SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); if (apdu.resplen < 1 || apdu.resp[0] != 0x62){ - sc_debug(ctx, "received invalid template %02X\n", apdu.resp[0]); - SC_FUNC_RETURN(ctx, 2, SC_ERROR_UNKNOWN_DATA_RECEIVED); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "received invalid template %02X\n", apdu.resp[0]); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_UNKNOWN_DATA_RECEIVED); } file = sc_file_new(); - if (file == NULL) SC_FUNC_RETURN(ctx, 0, SC_ERROR_OUT_OF_MEMORY); + if (file == NULL) SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); file->path = *in_path; for(i=2; i+1type = SC_FILE_TYPE_WORKING_EF; break; case 7: file->type = SC_FILE_TYPE_DF; break; default: - sc_debug(ctx, "invalid file type %02X in file descriptor\n", d[0]); - SC_FUNC_RETURN(ctx, 2, SC_ERROR_UNKNOWN_DATA_RECEIVED); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "invalid file type %02X in file descriptor\n", d[0]); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_UNKNOWN_DATA_RECEIVED); } break; case 0x83: @@ -460,12 +463,14 @@ apdu.resplen = sizeof(rbuf); apdu.le = 256; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(ctx, r, "APDU transmit failed"); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1==0x6A && (apdu.sw2==0x82 || apdu.sw2==0x88)) continue; r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_TEST_RET(ctx, r, "List Dir failed"); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "List Dir failed"); if (apdu.resplen > buflen) return SC_ERROR_BUFFER_TOO_SMALL; - if(ctx->debug >= 3) sc_debug(ctx, "got %d %s-FileIDs\n", apdu.resplen/2, p1==1 ? "DF" : "EF"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + "got %d %s-FileIDs\n", apdu.resplen/2, + p1==1 ? "DF" : "EF"); memcpy(buf, apdu.resp, apdu.resplen); buf += apdu.resplen; @@ -482,10 +487,10 @@ u8 sbuf[2]; sc_apdu_t apdu; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); if (path->type != SC_PATH_TYPE_FILE_ID && path->len != 2) { - sc_error(card->ctx, "File type has to be SC_PATH_TYPE_FILE_ID\n"); - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "File type has to be SC_PATH_TYPE_FILE_ID\n"); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS); } sbuf[0] = path->value[0]; sbuf[1] = path->value[1]; @@ -496,7 +501,7 @@ apdu.data = sbuf; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); return sc_check_sw(card, apdu.sw1, apdu.sw2); } @@ -515,17 +520,20 @@ data=(tcos_data *)card->drv_data; if (se_num || (env->operation!=SC_SEC_OPERATION_DECIPHER && env->operation!=SC_SEC_OPERATION_SIGN)){ - SC_FUNC_RETURN(ctx, 1, SC_ERROR_INVALID_ARGUMENTS); - } - if(ctx->debug >= 3){ - if(!(env->flags & SC_SEC_ENV_KEY_REF_PRESENT)) sc_debug(ctx, "No Key-Reference in SecEnvironment\n"); - else sc_debug(ctx, "Key-Reference %02X (len=%d)\n", env->key_ref[0], env->key_ref_len); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS); } + if(!(env->flags & SC_SEC_ENV_KEY_REF_PRESENT)) + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + "No Key-Reference in SecEnvironment\n"); + else + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + "Key-Reference %02X (len=%d)\n", + env->key_ref[0], env->key_ref_len); /* Key-Reference 0x80 ?? */ default_key= !(env->flags & SC_SEC_ENV_KEY_REF_PRESENT) || (env->key_ref_len==1 && env->key_ref[0]==0x80); - if(ctx->debug>=3){ - sc_debug(ctx, "TCOS3:%d PKCS1:%d\n", tcos3, !!(env->algorithm_flags & SC_ALGORITHM_RSA_PAD_PKCS1)); - } + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + "TCOS3:%d PKCS1:%d\n", tcos3, + !!(env->algorithm_flags & SC_ALGORITHM_RSA_PAD_PKCS1)); data->pad_flags = env->algorithm_flags; data->next_sign = default_key; @@ -542,15 +550,18 @@ apdu.data = sbuf; apdu.lc = apdu.datalen = (p - sbuf); - if ((r=sc_transmit_apdu(card, &apdu))) { - sc_perror(ctx, r, "APDU transmit failed"); + r=sc_transmit_apdu(card, &apdu); + if (r) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + "%s: APDU transmit failed", sc_strerror(r)); return r; } if (apdu.sw1==0x6A && (apdu.sw2==0x81 || apdu.sw2==0x88)) { - if (ctx->debug >= 3) sc_debug(ctx, "Detected Signature-Only key\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + "Detected Signature-Only key\n"); if (env->operation==SC_SEC_OPERATION_SIGN && default_key) return SC_SUCCESS; } - SC_FUNC_RETURN(ctx, 2, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); } @@ -571,12 +582,12 @@ assert(card != NULL && data != NULL && out != NULL); tcos3=(card->type==SC_CARD_TYPE_TCOS_V3); - if (datalen > 255) SC_FUNC_RETURN(card->ctx, 4, SC_ERROR_INVALID_ARGUMENTS); + if (datalen > 255) SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); if(((tcos_data *)card->drv_data)->next_sign){ if(datalen>48){ - sc_error(card->ctx, "Data to be signed is too long (TCOS supports max. 48 bytes)\n"); - SC_FUNC_RETURN(card->ctx, 4, SC_ERROR_INVALID_ARGUMENTS); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Data to be signed is too long (TCOS supports max. 48 bytes)\n"); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); } sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0x2A, 0x9E, 0x9A); memcpy(sbuf, data, datalen); @@ -596,7 +607,7 @@ apdu.lc = apdu.datalen = dlen; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (tcos3 && apdu.p1==0x80 && apdu.sw1==0x6A && apdu.sw2==0x87) { int keylen=128; sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0x2A,0x80,0x86); @@ -611,14 +622,14 @@ apdu.data = sbuf; apdu.lc = apdu.datalen = dlen; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); } if (apdu.sw1==0x90 && apdu.sw2==0x00) { size_t len = apdu.resplen>outlen ? outlen : apdu.resplen; memcpy(out, apdu.resp, len); - SC_FUNC_RETURN(card->ctx, 4, len); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, len); } - SC_FUNC_RETURN(card->ctx, 4, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); } @@ -636,8 +647,10 @@ tcos3=(card->type==SC_CARD_TYPE_TCOS_V3); data=(tcos_data *)card->drv_data; - SC_FUNC_CALLED(ctx, 2); - if(ctx->debug>=3) sc_debug(ctx, "TCOS3:%d PKCS1:%d\n",tcos3,!!(data->pad_flags & SC_ALGORITHM_RSA_PAD_PKCS1)); + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + "TCOS3:%d PKCS1:%d\n",tcos3, + !!(data->pad_flags & SC_ALGORITHM_RSA_PAD_PKCS1)); sc_format_apdu(card, &apdu, crgram_len>255 ? SC_APDU_CASE_4_EXT : SC_APDU_CASE_4_SHORT, 0x2A, 0x80, 0x86); apdu.resp = rbuf; @@ -650,7 +663,7 @@ memcpy(sbuf+1, crgram, crgram_len); r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1==0x90 && apdu.sw2==0x00) { size_t len= (apdu.resplen>outlen) ? outlen : apdu.resplen; @@ -660,9 +673,9 @@ offset=(offsetctx, 2, len-offset); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, len-offset); } - SC_FUNC_RETURN(card->ctx, 2, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); } @@ -674,7 +687,7 @@ int r; sc_apdu_t apdu; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0xEE, 0x00, 0x00); apdu.cla |= 0x80; apdu.lc = 0; @@ -682,7 +695,7 @@ apdu.data = NULL; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); return sc_check_sw(card, apdu.sw1, apdu.sw2); } diff -Nru opensc-0.11.13/src/libopensc/card-westcos.c opensc-0.12.1/src/libopensc/card-westcos.c --- opensc-0.11.13/src/libopensc/card-westcos.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/card-westcos.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,13 +18,16 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" +#include "config.h" + #include #include #include #include -#include "cardctl.h" + +#include "internal.h" #include "asn1.h" +#include "cardctl.h" #ifdef ENABLE_OPENSSL #include @@ -41,7 +44,11 @@ #define DEFAULT_TRANSPORT_KEY "6f:59:b0:ed:6e:62:46:4a:5d:25:37:68:23:a8:a2:2d" -#define JAVACARD (0x01) +#define JAVACARD (0x01) /* westcos applet on javacard */ +#define RSA_CRYPTO_COMPONENT (0x02) /* card component can do crypto */ + +#define WESTCOS_RSA_NO_HASH_NO_PAD (0x20) +#define WESTCOS_RSA_NO_HASH_PAD_PKCS1 (0x21) #ifdef ENABLE_OPENSSL #define DEBUG_SSL @@ -79,10 +86,9 @@ struct sc_cardctl_default_key *data) { const char *default_key; - if (card->ctx->debug >= 1) - sc_debug(card->ctx, - "westcos_get_default_key:data->method=%d, data->key_ref=%d\n", - data->method, data->key_ref); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "westcos_get_default_key:data->method=%d, data->key_ref=%d\n", + data->method, data->key_ref); if (data->method != SC_AC_AUT || data->key_ref != 0) return SC_ERROR_NO_DEFAULT_KEY; default_key = @@ -115,10 +121,10 @@ unsigned short wCrc; switch (CRCType) { case CRC_A: - wCrc = 0x6363; // ITU-V.41 + wCrc = 0x6363; /* ITU-V.41 */ break; case CRC_B: - wCrc = 0xFFFF; // ISO 3309 + wCrc = 0xFFFF; /* ISO 3309 */ break; default: return; @@ -129,7 +135,7 @@ westcos_update_crc(chBlock, &wCrc); } while (--Length); if (CRCType == CRC_B) - wCrc = ~wCrc; // ISO 3309 + wCrc = ~wCrc; /* ISO 3309 */ *TransmitFirst = (unsigned char) (wCrc & 0xFF); *TransmitSecond = (unsigned char) ((wCrc >> 8) & 0xFF); return; @@ -185,14 +191,10 @@ apdu.lc = sizeof(aid); apdu.datalen = sizeof(aid); apdu.data = aid; - sc_ctx_suppress_errors_on(card->ctx); r = sc_transmit_apdu(card, &apdu); - sc_ctx_suppress_errors_off(card->ctx); if (r) return 0; - sc_ctx_suppress_errors_on(card->ctx); r = sc_check_sw(card, apdu.sw1, apdu.sw2); - sc_ctx_suppress_errors_off(card->ctx); if (r) return 0; } @@ -205,19 +207,28 @@ int r; const char *default_key; unsigned long exponent, flags; - if (card == NULL)// || card->drv_data == NULL) + priv_data_t *priv_data; + + if (card == NULL) return SC_ERROR_INVALID_ARGUMENTS; card->drv_data = malloc(sizeof(priv_data_t)); if (card->drv_data == NULL) return SC_ERROR_OUT_OF_MEMORY; memset(card->drv_data, 0, sizeof(card->drv_data)); + + priv_data = (priv_data_t *) card->drv_data; + if (card->type & JAVACARD) { - priv_data_t *priv_data = - (priv_data_t *) card->drv_data; priv_data->flags |= JAVACARD; } + /* check for crypto component */ + if(card->atr.value[9] == 0xD0) + { + priv_data->flags |= RSA_CRYPTO_COMPONENT; + } + card->cla = 0x00; card->max_send_size = 240; card->max_recv_size = 240; @@ -241,7 +252,7 @@ scconf_get_str(card->ctx->conf_blocks[0], "westcos_default_key", DEFAULT_TRANSPORT_KEY); if (default_key) { - priv_data_t *priv_data = (priv_data_t *) (card->drv_data); + priv_data = (priv_data_t *) (card->drv_data); priv_data->default_key.key_reference = 0; priv_data->default_key.key_len = sizeof(priv_data->default_key.key_value); @@ -282,29 +293,26 @@ sc_context_t *ctx = card->ctx; size_t taglen, len = buflen; const u8 *tag = NULL, *p = buf; - if (card->ctx->debug >= 5) - sc_debug(card->ctx, "processing FCI bytes\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "processing FCI bytes\n"); tag = sc_asn1_find_tag(ctx, p, len, 0x83, &taglen); if (tag != NULL && taglen == 2) { file->id = (tag[0] << 8) | tag[1]; - if (card->ctx->debug >= 5) - sc_debug(card->ctx, " file identifier: 0x%02X%02X\n", - tag[0], tag[1]); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + " file identifier: 0x%02X%02X\n", tag[0], tag[1]); } tag = sc_asn1_find_tag(ctx, p, len, 0x80, &taglen); if (tag != NULL && taglen >= 2) { int bytes = (tag[0] << 8) + tag[1]; - if (card->ctx->debug >= 5) - sc_debug(card->ctx, " bytes in file: %d\n", bytes); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + " bytes in file: %d\n", bytes); file->size = bytes; } if (tag == NULL) { tag = sc_asn1_find_tag(ctx, p, len, 0x81, &taglen); if (tag != NULL && taglen >= 2) { int bytes = (tag[0] << 8) + tag[1]; - if (card->ctx->debug >= 5) - sc_debug(card->ctx, " bytes in file: %d\n", - bytes); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + " bytes in file: %d\n", bytes); file->size = bytes; } } @@ -314,9 +322,9 @@ unsigned char byte = tag[0]; const char *type; file->shareable = 0; - if (card->ctx->debug >= 5) - sc_debug(card->ctx, " shareable: %s\n", - (file->shareable) ? "yes" : "no"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + " shareable: %s\n", + (file->shareable) ? "yes" : "no"); file->ef_structure = SC_FILE_EF_UNKNOWN; switch (byte) { case 0x38: @@ -341,22 +349,22 @@ default: type = "unknow"; } - if (card->ctx->debug >= 5) - sc_debug(card->ctx, " type: %s\n", type); - if (card->ctx->debug >= 5) - sc_debug(card->ctx, " EF structure: %d\n", - file->ef_structure); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + " type: %s\n", type); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + " EF structure: %d\n", file->ef_structure); } } tag = sc_asn1_find_tag(ctx, p, len, 0x84, &taglen); if (tag != NULL && taglen > 0 && taglen <= 16) { memcpy(file->name, tag, taglen); file->namelen = taglen; - if (card->ctx->debug >= 5) { + { char tbuf[128]; - sc_hex_dump(ctx, file->name, file->namelen, tbuf, - sizeof(tbuf)); - sc_debug(card->ctx, " File name: %s\n", tbuf); + sc_hex_dump(ctx, SC_LOG_DEBUG_NORMAL, + file->name, file->namelen, tbuf, sizeof(tbuf)); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + " File name: %s\n", tbuf); } } if (file->type == SC_FILE_TYPE_DF) { @@ -503,8 +511,7 @@ int buflen; if (card == NULL) return SC_ERROR_INVALID_ARGUMENTS; - if (card->ctx->debug >= 1) - sc_debug(card->ctx, "westcos_create_file\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "westcos_create_file\n"); memset(buf, 0, sizeof(buf)); /* transport key */ @@ -589,9 +596,9 @@ p1 = (file->id) / 256; p2 = (file->id) % 256; } - if (card->ctx->debug >= 3) - sc_debug(card->ctx, "create file %s, id %X size %d\n", - file->path.value, file->id, file->size); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "create file %s, id %X size %d\n", + file->path.value, file->id, file->size); sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xE0, p1, p2); apdu.cla = 0x80; apdu.lc = buflen; @@ -610,8 +617,7 @@ sc_apdu_t apdu; if (card == NULL || path_in == NULL || path_in->len < 2) return SC_ERROR_INVALID_ARGUMENTS; - if (card->ctx->debug >= 1) - sc_debug(card->ctx, "westcos_delete_file\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "westcos_delete_file\n"); if (path_in->len > 2) { r = sc_select_file(card, path_in, NULL); if (r) @@ -636,8 +642,7 @@ sc_apdu_t apdu; if (card == NULL) return SC_ERROR_INVALID_ARGUMENTS; - if (card->ctx->debug >= 1) - sc_debug(card->ctx, "westcos_list_files\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "westcos_list_files\n"); sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0x34, 0x00, 0x00); apdu.cla = 0x80; apdu.le = buflen; @@ -686,10 +691,9 @@ int pad = 0, use_pin_pad = 0, ins, p1 = 0; if (card == NULL) return SC_ERROR_INVALID_ARGUMENTS; - if (card->ctx->debug >= 1) - sc_debug(card->ctx, - "westcos_pin_cmd:data->pin_type=%X, data->cmd=%X\n", - data->pin_type, data->cmd); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "westcos_pin_cmd:data->pin_type=%X, data->cmd=%X\n", + data->pin_type, data->cmd); if (tries_left) *tries_left = -1; switch (data->pin_type) { @@ -782,7 +786,6 @@ apdu.datalen = len; apdu.data = buf; apdu.resplen = 0; - apdu.sensitive = 1; if (!use_pin_pad) { /* Transmit the APDU to the card */ @@ -797,8 +800,6 @@ && card->reader->ops->perform_verify) { r = card->reader->ops->perform_verify(card-> reader, - card-> - slot, data); } else { r = SC_ERROR_NOT_SUPPORTED; @@ -816,7 +817,7 @@ { int r; sc_apdu_t apdu; - u8 buf[sizeof(card->atr)]; + u8 buf[sizeof(card->atr.value)]; if (card == NULL) return SC_ERROR_INVALID_ARGUMENTS; sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xEC, 0x00, 0x00); @@ -830,8 +831,8 @@ r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (r) return (r); - memcpy(card->atr, buf, sizeof(card->atr)); - card->atr_len = apdu.resplen; + memcpy(card->atr.value, buf, sizeof(card->atr.value)); + card->atr.len = apdu.resplen; return r; } @@ -861,8 +862,8 @@ priv_data_t *priv_data = NULL; if (card == NULL) return SC_ERROR_INVALID_ARGUMENTS; - if (card->ctx->debug >= 1) - sc_debug(card->ctx, "westcos_card_ctl cmd = %X\n", cmd); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "westcos_card_ctl cmd = %X\n", cmd); priv_data = (priv_data_t *) card->drv_data; switch (cmd) { case SC_CARDCTL_GET_DEFAULT_KEY: @@ -878,12 +879,12 @@ if (priv_data->flags & JAVACARD) { return 0; } - if (card->atr[10] == 0x80 - || card->atr[10] == 0x81) + if (card->atr.value[10] == 0x80 + || card->atr.value[10] == 0x81) return 0; return SC_ERROR_CARD_CMD_FAILED; case SC_CARDCTRL_LIFECYCLE_USER: - if (card->atr[10] == 0x80) { + if (card->atr.value[10] == 0x80) { r = sc_lock_phase(card, 0x02); if (r) return (r); @@ -896,7 +897,7 @@ if (r) return (r); } - if (card->atr[10] == 0x81) { + if (card->atr.value[10] == 0x81) { r = sc_lock_phase(card, 0x01); if (r) return (r); @@ -1037,26 +1038,55 @@ } return SC_ERROR_NOT_SUPPORTED; } + static int westcos_set_security_env(sc_card_t *card, const struct sc_security_env *env, int se_num) { + int r = 0; priv_data_t *priv_data = NULL; if (card == NULL) return SC_ERROR_INVALID_ARGUMENTS; - if (card->ctx->debug >= 1) - sc_debug(card->ctx, "westcos_set_security_env\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "westcos_set_security_env\n"); priv_data = (priv_data_t *) card->drv_data; priv_data->env = *env; - return 0; + + if(priv_data->flags & RSA_CRYPTO_COMPONENT) + { + sc_apdu_t apdu; + unsigned char mode = 0; + u8 buf[128]; + + if ((priv_data->env.flags) & SC_ALGORITHM_RSA_PAD_PKCS1) + mode = WESTCOS_RSA_NO_HASH_PAD_PKCS1; + else if ((priv_data->env.flags) & SC_ALGORITHM_RSA_RAW) + mode = WESTCOS_RSA_NO_HASH_NO_PAD; + + r = sc_path_print((char *)buf, sizeof(buf), &(env->file_ref)); + if(r) + return r; + + sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x22, 0xf0, mode); + apdu.cla = 0x00; + apdu.lc = strlen((char *)buf); + apdu.datalen = apdu.lc; + apdu.data = buf; + r = sc_transmit_apdu(card, &apdu); + if (r) + return (r); + r = sc_check_sw(card, apdu.sw1, apdu.sw2); + } + + return r; } static int westcos_restore_security_env(sc_card_t *card, int se_num) { if (card == NULL) return SC_ERROR_INVALID_ARGUMENTS; - if (card->ctx->debug >= 1) - sc_debug(card->ctx, "westcos_restore_security_env\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "westcos_restore_security_env\n"); return 0; } @@ -1070,18 +1100,44 @@ sc_file_t *keyfile = sc_file_new(); priv_data_t *priv_data = NULL; int pad; - -#ifndef ENABLE_OPENSSL - r = SC_ERROR_NOT_SUPPORTED; -#else +#ifdef ENABLE_OPENSSL RSA *rsa = NULL; BIO *mem = BIO_new(BIO_s_mem()); +#endif if (card == NULL) return SC_ERROR_INVALID_ARGUMENTS; - if (card->ctx->debug >= 1) - sc_debug(card->ctx, "westcos_sign_decipher\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "westcos_sign_decipher outlen=%d\n", outlen); priv_data = (priv_data_t *) card->drv_data; + + if(priv_data->flags & RSA_CRYPTO_COMPONENT) + { + sc_apdu_t apdu; + + sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0x2A, 0x00, mode); + apdu.datalen = data_len; + apdu.data = data; + apdu.lc = data_len; + apdu.le = outlen > 240 ? 240 : outlen; + apdu.resp = out; + apdu.resplen = outlen; + + r = sc_transmit_apdu(card, &apdu); + if (r) + goto out2; + r = sc_check_sw(card, apdu.sw1, apdu.sw2); + if(r) + goto out2; + + /* correct */ + r = apdu.resplen; + goto out2; + } + +#ifndef ENABLE_OPENSSL + r = SC_ERROR_NOT_SUPPORTED; +#else if (keyfile == NULL || mem == NULL || priv_data == NULL) { r = SC_ERROR_OUT_OF_MEMORY; goto out; @@ -1105,8 +1161,8 @@ alire = min(((keyfile->size) - idx), sizeof(buf)); if (alire <= 0) break; - if (card->ctx->debug >= 5) - sc_debug(card->ctx, "idx = %d, alire=%d\n", idx, alire); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "idx = %d, alire=%d\n", idx, alire); r = sc_read_binary(card, idx, buf, alire, 0); if (r < 0) goto out; @@ -1115,9 +1171,8 @@ } while (1); BIO_set_mem_eof_return(mem, -1); if (!d2i_RSAPrivateKey_bio(mem, &rsa)) { - if (card->ctx->debug >= 5) - sc_debug(card->ctx, "RSA key invalid, %d\n", - ERR_get_error()); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "RSA key invalid, %d\n", ERR_get_error()); r = SC_ERROR_UNKNOWN; goto out; } @@ -1125,8 +1180,7 @@ /* pkcs11 reset openssl functions */ rsa->meth = RSA_PKCS1_SSLeay(); if (RSA_size(rsa) > outlen) { - if (card->ctx->debug >= 5) - sc_debug(card->ctx, "Buffer too small\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Buffer too small\n"); r = SC_ERROR_OUT_OF_MEMORY; goto out; } @@ -1139,9 +1193,8 @@ print_openssl_error(); #endif - if (card->ctx->debug >= 5) - sc_debug(card->ctx, "Decipher error %d\n", - ERR_get_error()); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "Decipher error %d\n", ERR_get_error()); r = SC_ERROR_UNKNOWN; goto out; } @@ -1156,9 +1209,8 @@ print_openssl_error(); #endif - if (card->ctx->debug >= 5) - sc_debug(card->ctx, "Signature error %d\n", - ERR_get_error()); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "Signature error %d\n", ERR_get_error()); r = SC_ERROR_UNKNOWN; goto out; } @@ -1166,9 +1218,8 @@ #else if (RSA_sign(nid, data, data_len, out, &outlen, rsa) != 1) { - if (card->ctx->debug >= 5) - sc_debug(card->ctx, "RSA_sign error %d \n", - ERR_get_error()); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "RSA_sign error %d \n", ERR_get_error()); r = SC_ERROR_UNKNOWN; goto out; } @@ -1181,6 +1232,7 @@ if (rsa) RSA_free(rsa); #endif /* ENABLE_OPENSSL */ +out2: if (keyfile) sc_file_free(keyfile); return r; @@ -1210,7 +1262,6 @@ /* read_binary */ /* write_binary */ /* update_binary */ - westcos_ops.erase_binary = NULL; /* read_record */ /* write_record */ /* append_record */ @@ -1218,14 +1269,10 @@ westcos_ops.select_file = westcos_select_file; /* get_response */ /* get_challenge */ - westcos_ops.verify = NULL; - westcos_ops.logout = NULL; westcos_ops.restore_security_env = westcos_restore_security_env; westcos_ops.set_security_env = westcos_set_security_env; westcos_ops.decipher = westcos_decipher; westcos_ops.compute_signature = westcos_compute_signature; - westcos_ops.change_reference_data = NULL; - westcos_ops.reset_retry_counter = NULL; westcos_ops.create_file = westcos_create_file; westcos_ops.delete_file = westcos_delete_file; westcos_ops.list_files = westcos_list_files; @@ -1234,9 +1281,6 @@ westcos_ops.process_fci = westcos_process_fci; westcos_ops.construct_fci = NULL; westcos_ops.pin_cmd = westcos_pin_cmd; - westcos_ops.get_data = NULL; - westcos_ops.put_data = NULL; - westcos_ops.delete_record = NULL; return &westcos_drv; } diff -Nru opensc-0.11.13/src/libopensc/compression.c opensc-0.12.1/src/libopensc/compression.c --- opensc-0.11.13/src/libopensc/compression.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/compression.c 2011-05-17 17:07:00.000000000 +0000 @@ -17,14 +17,17 @@ * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" -#ifdef ENABLE_ZLIB -#include "compression.h" +#include "config.h" + +#ifdef ENABLE_ZLIB /* empty file without zlib */ #include #include #include + +#include "internal.h" #include "errors.h" +#include "compression.h" static int zerr_to_opensc(int err) { switch(err) { @@ -33,9 +36,9 @@ return SC_SUCCESS; case Z_UNKNOWN: return SC_ERROR_UNKNOWN; - case Z_BUF_ERROR: + case Z_BUF_ERROR: /* XXX: something else than OOM ? */ case Z_MEM_ERROR: - return SC_ERROR_MEMORY_FAILURE; + return SC_ERROR_OUT_OF_MEMORY; case Z_VERSION_ERROR: case Z_DATA_ERROR: case Z_STREAM_ERROR: diff -Nru opensc-0.11.13/src/libopensc/compression.h opensc-0.12.1/src/libopensc/compression.h --- opensc-0.11.13/src/libopensc/compression.h 2009-12-13 07:44:43.000000000 +0000 +++ opensc-0.12.1/src/libopensc/compression.h 2011-05-17 17:07:00.000000000 +0000 @@ -20,8 +20,8 @@ #ifndef COMPRESSION_H #define COMPRESSION_H -#include "opensc.h" -#include "types.h" +#include "libopensc/opensc.h" +#include "libopensc/types.h" #define COMPRESSION_AUTO 0 #define COMPRESSION_ZLIB 1 diff -Nru opensc-0.11.13/src/libopensc/ctbcs.c opensc-0.12.1/src/libopensc/ctbcs.c --- opensc-0.11.13/src/libopensc/ctbcs.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/ctbcs.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,12 +18,15 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" -#include "ctbcs.h" +#include "config.h" + #include #include #include +#include "internal.h" +#include "ctbcs.h" + static void ctbcs_init_apdu(sc_apdu_t *apdu, int cse, int ins, int p1, int p2) { @@ -77,7 +80,7 @@ #endif static int -ctbcs_build_perform_verification_apdu(sc_apdu_t *apdu, struct sc_pin_cmd_data *data, sc_slot_info_t *slot) +ctbcs_build_perform_verification_apdu(sc_apdu_t *apdu, struct sc_pin_cmd_data *data) { const char *prompt; size_t buflen, count = 0, j = 0, len; @@ -87,7 +90,7 @@ ctbcs_init_apdu(apdu, SC_APDU_CASE_3_SHORT, CTBCS_INS_PERFORM_VERIFICATION, - CTBCS_P1_INTERFACE1 + (slot ? slot->id : 0), + CTBCS_P1_INTERFACE1, 0); buflen = sizeof(buf); @@ -145,15 +148,76 @@ } static int -ctbcs_build_modify_verification_apdu(sc_apdu_t *apdu, struct sc_pin_cmd_data *data, sc_slot_info_t *slot) +ctbcs_build_modify_verification_apdu(sc_apdu_t *apdu, struct sc_pin_cmd_data *data) { - /* to be implemented */ - return SC_ERROR_NOT_SUPPORTED; + const char *prompt; + size_t buflen, count = 0, j = 0, len; + static u8 buf[254]; + u8 control; + + ctbcs_init_apdu(apdu, + SC_APDU_CASE_3_SHORT, + CTBCS_INS_MODIFY_VERIFICATION, + CTBCS_P1_INTERFACE1, + 0); + + buflen = sizeof(buf); + prompt = data->pin1.prompt; + if (prompt && *prompt) { + len = strlen(prompt); + if (count + len + 2 > buflen || len > 255) + return SC_ERROR_BUFFER_TOO_SMALL; + buf[count++] = CTBCS_TAG_PROMPT; + buf[count++] = len; + memcpy(buf + count, prompt, len); + count += len; + } + + /* card apdu must be last in packet */ + if (!data->apdu) + return SC_ERROR_INTERNAL; + if (count + 8 > buflen) + return SC_ERROR_BUFFER_TOO_SMALL; + + j = count; + buf[j++] = CTBCS_TAG_VERIFY_CMD; + buf[j++] = 0x00; + + /* Control byte - length of PIN, and encoding */ + control = 0x00; + if (data->pin1.encoding == SC_PIN_ENCODING_ASCII) + control |= CTBCS_PIN_CONTROL_ENCODE_ASCII; + else if (data->pin1.encoding != SC_PIN_ENCODING_BCD) + return SC_ERROR_INVALID_ARGUMENTS; + if (data->pin1.min_length == data->pin1.max_length) + control |= data->pin1.min_length << CTBCS_PIN_CONTROL_LEN_SHIFT; + buf[j++] = control; + buf[j++] = data->pin1.offset+1; /* Looks like offset is 1-based in CTBCS */ + buf[j++] = data->pin2.offset+1; + buf[j++] = data->apdu->cla; + buf[j++] = data->apdu->ins; + buf[j++] = data->apdu->p1; + buf[j++] = data->apdu->p2; + + if (data->flags & SC_PIN_CMD_NEED_PADDING) { + len = data->pin1.pad_length + data->pin2.pad_length; + if (j + len > buflen || len > 256) + return SC_ERROR_BUFFER_TOO_SMALL; + buf[j++] = len; + memset(buf+j, data->pin1.pad_char, len); + j += len; + } + buf[count+1] = j - count - 2; + count = j; + + apdu->lc = apdu->datalen = count; + apdu->data = buf; + + return 0; } int -ctbcs_pin_cmd(sc_reader_t *reader, sc_slot_info_t *slot, - struct sc_pin_cmd_data *data) +ctbcs_pin_cmd(sc_reader_t *reader, struct sc_pin_cmd_data *data) { sc_card_t dummy_card, *card; sc_apdu_t apdu; @@ -162,21 +226,24 @@ switch (data->cmd) { case SC_PIN_CMD_VERIFY: - r = ctbcs_build_perform_verification_apdu(&apdu, data, slot); + r = ctbcs_build_perform_verification_apdu(&apdu, data); + if (r != SC_SUCCESS) + return r; break; case SC_PIN_CMD_CHANGE: case SC_PIN_CMD_UNBLOCK: - r = ctbcs_build_modify_verification_apdu(&apdu, data, slot); + r = ctbcs_build_modify_verification_apdu(&apdu, data); + if (r != SC_SUCCESS) + return r; break; default: - sc_error(reader->ctx, "Unknown PIN command %d", data->cmd); + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "Unknown PIN command %d", data->cmd); return SC_ERROR_NOT_SUPPORTED; } memset(&ops, 0, sizeof(ops)); memset(&dummy_card, 0, sizeof(dummy_card)); dummy_card.reader = reader; - dummy_card.slot = slot; dummy_card.ctx = reader->ctx; r = sc_mutex_create(reader->ctx, &dummy_card.mutex); if (r != SC_SUCCESS) @@ -187,10 +254,10 @@ r = sc_transmit_apdu(card, &apdu); s = sc_mutex_destroy(reader->ctx, card->mutex); if (s != SC_SUCCESS) { - sc_error(reader->ctx, "unable to destroy mutex\n"); + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "unable to destroy mutex\n"); return s; } - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); /* Check CTBCS status word */ switch (((unsigned int) apdu.sw1 << 8) | apdu.sw2) { @@ -213,7 +280,7 @@ r = SC_ERROR_CARD_CMD_FAILED; break; } - SC_TEST_RET(card->ctx, r, "PIN command failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "PIN command failed"); /* Calling Function may expect SW1/SW2 in data-apdu set... */ if (data->apdu) { diff -Nru opensc-0.11.13/src/libopensc/ctbcs.h opensc-0.12.1/src/libopensc/ctbcs.h --- opensc-0.11.13/src/libopensc/ctbcs.h 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/ctbcs.h 2011-05-17 17:07:00.000000000 +0000 @@ -186,6 +186,6 @@ /* * Functions for building CTBCS commands */ -int ctbcs_pin_cmd(struct sc_reader *, sc_slot_info_t *, struct sc_pin_cmd_data *); +int ctbcs_pin_cmd(struct sc_reader *, struct sc_pin_cmd_data *); #endif /* _CTBCS_ */ diff -Nru opensc-0.11.13/src/libopensc/ctx.c opensc-0.12.1/src/libopensc/ctx.c --- opensc-0.11.13/src/libopensc/ctx.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/ctx.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,7 +18,8 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" +#include "config.h" + #include #include #include @@ -26,33 +27,45 @@ #include #include #include + +#ifdef HAVE_LTDL_H #include +#endif #ifdef _WIN32 +#include #include #endif +#include "internal.h" + int _sc_add_reader(sc_context_t *ctx, sc_reader_t *reader) { assert(reader != NULL); reader->ctx = ctx; - if (ctx->reader_count == SC_MAX_READERS) - return SC_ERROR_TOO_MANY_OBJECTS; - ctx->reader[ctx->reader_count] = reader; - ctx->reader_count++; + list_append(&ctx->readers, reader); + return SC_SUCCESS; +} +int _sc_delete_reader(sc_context_t *ctx, sc_reader_t *reader) +{ + assert(reader != NULL); + if (reader->ops->release) + reader->ops->release(reader); + if (reader->name) + free(reader->name); + list_delete(&ctx->readers, reader); + free(reader); return SC_SUCCESS; } struct _sc_driver_entry { - char *name; + const char *name; void *(*func)(void); }; static const struct _sc_driver_entry internal_card_drivers[] = { - /* legacy, the old name was "etoken", so we keep that for a while */ { "cardos", (void *(*)(void)) sc_get_cardos_driver }, - { "etoken", (void *(*)(void)) sc_get_cardos_driver }, { "flex", (void *(*)(void)) sc_get_cryptoflex_driver }, { "cyberflex", (void *(*)(void)) sc_get_cyberflex_driver }, #ifdef ENABLE_OPENSSL @@ -62,92 +75,82 @@ { "miocos", (void *(*)(void)) sc_get_miocos_driver }, { "mcrd", (void *(*)(void)) sc_get_mcrd_driver }, { "asepcos", (void *(*)(void)) sc_get_asepcos_driver }, - { "setcos", (void *(*)(void)) sc_get_setcos_driver }, { "starcos", (void *(*)(void)) sc_get_starcos_driver }, { "tcos", (void *(*)(void)) sc_get_tcos_driver }, - { "opengpg", (void *(*)(void)) sc_get_openpgp_driver }, + { "openpgp", (void *(*)(void)) sc_get_openpgp_driver }, { "jcop", (void *(*)(void)) sc_get_jcop_driver }, #ifdef ENABLE_OPENSSL { "oberthur", (void *(*)(void)) sc_get_oberthur_driver }, + { "authentic", (void *(*)(void)) sc_get_authentic_driver }, + { "iasecc", (void *(*)(void)) sc_get_iasecc_driver }, #endif { "belpic", (void *(*)(void)) sc_get_belpic_driver }, - { "atrust-acos",(void *(*)(void)) sc_get_atrust_acos_driver }, - { "muscle", (void *(*)(void)) sc_get_muscle_driver }, + { "ias", (void *(*)(void)) sc_get_ias_driver }, { "incrypto34", (void *(*)(void)) sc_get_incrypto34_driver }, -#ifdef ENABLE_OPENSSL - { "PIV-II", (void *(*)(void)) sc_get_piv_driver }, -#endif { "acos5", (void *(*)(void)) sc_get_acos5_driver }, { "akis", (void *(*)(void)) sc_get_akis_driver }, #ifdef ENABLE_OPENSSL { "entersafe",(void *(*)(void)) sc_get_entersafe_driver }, #endif - { "rutoken", (void *(*)(void)) sc_get_rutoken_driver }, + { "rutoken", (void *(*)(void)) sc_get_rutoken_driver }, { "rutoken_ecp",(void *(*)(void)) sc_get_rtecp_driver }, { "westcos", (void *(*)(void)) sc_get_westcos_driver }, - { "myeid", (void *(*)(void)) sc_get_myeid_driver }, - /* emv is not really used, not sure if it works, but it conflicts with - muscle and rutoken driver, thus has to be after them */ - { "emv", (void *(*)(void)) sc_get_emv_driver }, + { "myeid", (void *(*)(void)) sc_get_myeid_driver }, + +/* Here should be placed drivers that need some APDU transactions to + * recognise its cards. */ + { "setcos", (void *(*)(void)) sc_get_setcos_driver }, + { "muscle", (void *(*)(void)) sc_get_muscle_driver }, + { "atrust-acos",(void *(*)(void)) sc_get_atrust_acos_driver }, + { "PIV-II", (void *(*)(void)) sc_get_piv_driver }, + { "itacns", (void *(*)(void)) sc_get_itacns_driver }, + /* javacard without supported applet - last before default */ + { "javacard", (void *(*)(void)) sc_get_javacard_driver }, /* The default driver should be last, as it handles all the * unrecognized cards. */ { "default", (void *(*)(void)) sc_get_default_driver }, { NULL, NULL } }; -static const struct _sc_driver_entry internal_reader_drivers[] = { -#if defined(ENABLE_PCSC) - { "pcsc", (void *(*)(void)) sc_get_pcsc_driver }, -#endif - { "ctapi", (void *(*)(void)) sc_get_ctapi_driver }, -#ifndef _WIN32 -#ifdef ENABLE_OPENCT - { "openct", (void *(*)(void)) sc_get_openct_driver }, -#endif -#endif - { NULL, NULL } -}; - struct _sc_ctx_options { - struct _sc_driver_entry rdrv[SC_MAX_READER_DRIVERS]; - int rcount; struct _sc_driver_entry cdrv[SC_MAX_CARD_DRIVERS]; int ccount; char *forced_card_driver; }; -static void del_drvs(struct _sc_ctx_options *opts, int type) + +/* Simclist helper to locate readers by name */ +static int reader_list_seeker(const void *el, const void *key) { + const struct sc_reader *reader = (struct sc_reader *)el; + if ((el == NULL) || (key == NULL)) + return 0; + if (strcmp(reader->name, (char*)key) == 0) + return 1; + return 0; +} + +static void del_drvs(struct _sc_ctx_options *opts) { struct _sc_driver_entry *lst; int *cp, i; - if (type == 0) { - lst = opts->rdrv; - cp = &opts->rcount; - } else { - lst = opts->cdrv; - cp = &opts->ccount; - } + lst = opts->cdrv; + cp = &opts->ccount; + for (i = 0; i < *cp; i++) { - free(lst[i].name); + free((void *)lst[i].name); } *cp = 0; } -static void add_drv(struct _sc_ctx_options *opts, int type, const char *name) +static void add_drv(struct _sc_ctx_options *opts, const char *name) { struct _sc_driver_entry *lst; int *cp, max, i; - - if (type == 0) { - lst = opts->rdrv; - cp = &opts->rcount; - max = SC_MAX_READER_DRIVERS; - } else { - lst = opts->cdrv; - cp = &opts->ccount; - max = SC_MAX_CARD_DRIVERS; - } + + lst = opts->cdrv; + cp = &opts->ccount; + max = SC_MAX_CARD_DRIVERS; if (*cp == max) /* No space for more drivers... */ return; for (i = 0; i < *cp; i++) @@ -158,18 +161,15 @@ *cp = *cp + 1; } -static void add_internal_drvs(struct _sc_ctx_options *opts, int type) +static void add_internal_drvs(struct _sc_ctx_options *opts) { const struct _sc_driver_entry *lst; int i; - if (type == 0) - lst = internal_reader_drivers; - else - lst = internal_card_drivers; + lst = internal_card_drivers; i = 0; while (lst[i].name != NULL) { - add_drv(opts, type, lst[i].name); + add_drv(opts, lst[i].name); i++; } } @@ -177,16 +177,40 @@ static void set_defaults(sc_context_t *ctx, struct _sc_ctx_options *opts) { ctx->debug = 0; - if (ctx->debug_file && ctx->debug_file != stdout) + if (ctx->debug_file && (ctx->debug_file != stderr && ctx->debug_file != stdout)) fclose(ctx->debug_file); - ctx->debug_file = stdout; - ctx->suppress_errors = 0; - if (ctx->error_file && ctx->error_file != stderr) - fclose(ctx->error_file); - ctx->error_file = stderr; + ctx->debug_file = stderr; +#ifdef __APPLE__ + /* Override the default debug log for OpenSC.tokend to be different from PKCS#11. + * TODO: Could be moved to OpenSC.tokend */ + if (!strcmp(ctx->app_name, "tokend")) + ctx->debug_file = fopen("/tmp/opensc-tokend.log", "a"); +#endif ctx->forced_driver = NULL; - add_internal_drvs(opts, 0); - add_internal_drvs(opts, 1); + add_internal_drvs(opts); +} + +/* In Windows, file handles can not be shared between DLL-s, + * each DLL has a separate file handle table. Thus tools and utilities + * can not set the file handle themselves when -v is specified on command line. + */ +int sc_ctx_log_to_file(sc_context_t *ctx, const char* filename) +{ + /* Close any existing handles */ + if (ctx->debug_file && (ctx->debug_file != stderr && ctx->debug_file != stdout)) + fclose(ctx->debug_file); + + /* Handle special names */ + if (!strcmp(filename, "stdout")) + ctx->debug_file = stdout; + else if (!strcmp(filename, "stderr")) + ctx->debug_file = stderr; + else { + ctx->debug_file = fopen(filename, "a"); + if (ctx->debug_file == NULL) + return SC_ERROR_INTERNAL; + } + return SC_SUCCESS; } static int load_parameters(sc_context_t *ctx, scconf_block *block, @@ -203,85 +227,43 @@ ctx->debug = atoi(debug); val = scconf_get_str(block, "debug_file", NULL); - if (val) { - if (ctx->debug_file && ctx->debug_file != stdout) - fclose(ctx->debug_file); - if (strcmp(val, "stdout") != 0) - ctx->debug_file = fopen(val, "a"); - else - ctx->debug_file = stdout; - } - val = scconf_get_str(block, "error_file", NULL); - if (val) { - if (ctx->error_file && ctx->error_file != stderr) - fclose(ctx->error_file); - if (strcmp(val, "stderr") != 0) - ctx->error_file = fopen(val, "a"); - else - ctx->error_file = stderr; - } + if (val) + sc_ctx_log_to_file(ctx, val); + val = scconf_get_str(block, "force_card_driver", NULL); if (val) { if (opts->forced_card_driver) free(opts->forced_card_driver); opts->forced_card_driver = strdup(val); } - list = scconf_find_list(block, "reader_drivers"); - if (list != NULL) - del_drvs(opts, 0); - while (list != NULL) { - if (strcmp(list->data, s_internal) == 0) - add_internal_drvs(opts, 0); - else - add_drv(opts, 0, list->data); - list = list->next; - } list = scconf_find_list(block, "card_drivers"); if (list != NULL) - del_drvs(opts, 1); + del_drvs(opts); while (list != NULL) { if (strcmp(list->data, s_internal) == 0) - add_internal_drvs(opts, 1); + add_internal_drvs(opts); else - add_drv(opts, 1, list->data); + add_drv(opts, list->data); list = list->next; } - val = scconf_get_str(block, "preferred_language", "en"); - if (val) - sc_ui_set_language(ctx, val); - return err; } -static void load_reader_driver_options(sc_context_t *ctx, - struct sc_reader_driver *driver) +static void load_reader_driver_options(sc_context_t *ctx) { - const char *name = driver->short_name; - scconf_block *conf_block = NULL; - int i; - - for (i = 0; ctx->conf_blocks[i] != NULL; i++) { - scconf_block **blocks; - - blocks = scconf_find_blocks(ctx->conf, ctx->conf_blocks[i], - "reader_driver", name); - if (blocks) { - conf_block = blocks[0]; - free(blocks); - } - if (conf_block != NULL) - break; - } + struct sc_reader_driver *driver = ctx->reader_driver; + scconf_block *conf_block = NULL; + + driver->max_send_size = 0; + driver->max_recv_size = 0; - driver->max_send_size = SC_DEFAULT_MAX_SEND_SIZE; - driver->max_recv_size = SC_DEFAULT_MAX_RECV_SIZE; + conf_block = sc_get_conf_block(ctx, "reader_driver", driver->short_name, 1); + if (conf_block != NULL) { - driver->max_send_size = scconf_get_int(conf_block, - "max_send_size", SC_DEFAULT_MAX_SEND_SIZE); - driver->max_recv_size = scconf_get_int(conf_block, - "max_recv_size", SC_DEFAULT_MAX_RECV_SIZE); + driver->max_send_size = scconf_get_int(conf_block, "max_send_size", driver->max_send_size); + driver->max_recv_size = scconf_get_int(conf_block, "max_recv_size", driver->max_recv_size); } } @@ -289,15 +271,14 @@ * find library module for provided driver in configuration file * if not found assume library name equals to module name */ -static const char *find_library(sc_context_t *ctx, const char *name, int type) +static const char *find_library(sc_context_t *ctx, const char *name) { int i; const char *libname = NULL; scconf_block **blocks, *blk; for (i = 0; ctx->conf_blocks[i]; i++) { - blocks = scconf_find_blocks(ctx->conf, ctx->conf_blocks[i], - (type==0) ? "reader_driver" : "card_driver", name); + blocks = scconf_find_blocks(ctx->conf, ctx->conf_blocks[i], "card_driver", name); if (!blocks) continue; blk = blocks[0]; @@ -310,7 +291,7 @@ #else if (libname && libname[0] != '/' ) { #endif - sc_debug(ctx, "warning: relative path to driver '%s' used\n", + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "warning: relative path to driver '%s' used", libname); } break; @@ -325,96 +306,50 @@ * that returns a pointer to the function _sc_get_xxxx_driver() * used to initialize static modules * Also, an exported "char *sc_module_version" variable should exist in module - * - * type == 0 -> reader driver - * type == 1 -> card driver */ -static void *load_dynamic_driver(sc_context_t *ctx, void **dll, - const char *name, int type) +static void *load_dynamic_driver(sc_context_t *ctx, void **dll, const char *name) { const char *version, *libname; - lt_dlhandle handle; + void *handle; void *(*modinit)(const char *) = NULL; void *(**tmodi)(const char *) = &modinit; const char *(*modversion)(void) = NULL; const char *(**tmodv)(void) = &modversion; if (name == NULL) { /* should not occurr, but... */ - sc_error(ctx,"No module specified\n",name); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL,"No module specified",name); return NULL; } - libname = find_library(ctx, name, type); + libname = find_library(ctx, name); if (libname == NULL) return NULL; - handle = lt_dlopen(libname); + handle = sc_dlopen(libname); if (handle == NULL) { - sc_error(ctx, "Module %s: cannot load %s library: %s\n", name, libname, lt_dlerror()); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Module %s: cannot load %s library: %s", name, libname, sc_dlerror()); return NULL; } /* verify correctness of module */ - *(void **)tmodi = lt_dlsym(handle, "sc_module_init"); - *(void **)tmodv = lt_dlsym(handle, "sc_driver_version"); + *(void **)tmodi = sc_dlsym(handle, "sc_module_init"); + *(void **)tmodv = sc_dlsym(handle, "sc_driver_version"); if (modinit == NULL || modversion == NULL) { - sc_error(ctx, "dynamic library '%s' is not a OpenSC module\n",libname); - lt_dlclose(handle); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "dynamic library '%s' is not a OpenSC module",libname); + sc_dlclose(handle); return NULL; } /* verify module version */ version = modversion(); /* XXX: We really need to have ABI version for each interface */ if (version == NULL || strncmp(version, PACKAGE_VERSION, strlen(PACKAGE_VERSION)) != 0) { - sc_error(ctx,"dynamic library '%s': invalid module version\n",libname); - lt_dlclose(handle); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL,"dynamic library '%s': invalid module version",libname); + sc_dlclose(handle); return NULL; } *dll = handle; - sc_debug(ctx, "successfully loaded %s driver '%s'\n", - type ? "card" : "reader", name); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "successfully loaded card driver '%s'", name); return modinit(name); } -static int load_reader_drivers(sc_context_t *ctx, - struct _sc_ctx_options *opts) -{ - const struct _sc_driver_entry *ent; - int drv_count; - int i; - - for (drv_count = 0; ctx->reader_drivers[drv_count] != NULL; drv_count++); - - for (i = 0; i < opts->rcount; i++) { - struct sc_reader_driver *driver; - struct sc_reader_driver *(*func)(void) = NULL; - struct sc_reader_driver *(**tfunc)(void) = &func; - int j; - void *dll = NULL; - - ent = &opts->rdrv[i]; - for (j = 0; internal_reader_drivers[j].name != NULL; j++) - if (strcmp(ent->name, internal_reader_drivers[j].name) == 0) { - func = (struct sc_reader_driver *(*)(void)) internal_reader_drivers[j].func; - break; - } - /* if not initialized assume external module */ - if (func == NULL) - *(void**)(tfunc) = load_dynamic_driver(ctx, &dll, ent->name, 0); - /* if still null, assume driver not found */ - if (func == NULL) { - sc_error(ctx, "Unable to load '%s'.\n", ent->name); - continue; - } - driver = func(); - driver->dll = dll; - load_reader_driver_options(ctx, driver); - driver->ops->init(ctx, &ctx->reader_drv_data[i]); - - ctx->reader_drivers[drv_count] = driver; - drv_count++; - } - return SC_SUCCESS; -} - static int load_card_driver_options(sc_context_t *ctx, struct sc_card_driver *driver) { @@ -461,10 +396,10 @@ } /* if not initialized assume external module */ if (func == NULL) - *(void **)(tfunc) = load_dynamic_driver(ctx, &dll, ent->name, 1); + *(void **)(tfunc) = load_dynamic_driver(ctx, &dll, ent->name); /* if still null, assume driver not found */ if (func == NULL) { - sc_error(ctx, "Unable to load '%s'.\n", ent->name); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Unable to load '%s'.", ent->name); continue; } @@ -480,8 +415,7 @@ return SC_SUCCESS; } -static int load_card_atrs(sc_context_t *ctx, - struct _sc_ctx_options *opts) +static int load_card_atrs(sc_context_t *ctx) { struct sc_card_driver *driver; scconf_block **blocks; @@ -529,7 +463,7 @@ t.atr = atr; t.atrmask = (char *) scconf_get_str(b, "atrmask", NULL); t.name = (char *) scconf_get_str(b, "name", NULL); - t.type = scconf_get_int(b, "type", -1); + t.type = scconf_get_int(b, "type", SC_CARD_TYPE_UNKNOWN); list = scconf_find_list(b, "flags"); while (list != NULL) { unsigned int flags; @@ -539,9 +473,7 @@ continue; } flags = 0; - if (!strcmp(list->data, "keygen")) { - flags = SC_CARD_FLAG_ONBOARD_KEY_GEN; - } else if (!strcmp(list->data, "rng")) { + if (!strcmp(list->data, "rng")) { flags = SC_CARD_FLAG_RNG; } else { if (sscanf(list->data, "%x", &flags) != 1) @@ -572,42 +504,38 @@ memset(ctx->conf_blocks, 0, sizeof(ctx->conf_blocks)); #ifdef _WIN32 - conf_path = getenv("OPENSC_CONF"); + conf_path = getenv("OPENSC_CONF"); + if (!conf_path) { + rc = RegOpenKeyEx(HKEY_CURRENT_USER, "Software\\OpenSC Project\\OpenSC", 0, KEY_QUERY_VALUE, &hKey); + if (rc == ERROR_SUCCESS) { + temp_len = PATH_MAX; + rc = RegQueryValueEx( hKey, "ConfigFile", NULL, NULL, (LPBYTE) temp_path, &temp_len); + if ((rc == ERROR_SUCCESS) && (temp_len < PATH_MAX)) + conf_path = temp_path; + RegCloseKey(hKey); + } + } + if (!conf_path) { - rc = RegOpenKeyEx( HKEY_CURRENT_USER, "Software\\OpenSC", - 0, KEY_QUERY_VALUE, &hKey ); - if( rc == ERROR_SUCCESS ) { - temp_len = PATH_MAX; - rc = RegQueryValueEx( hKey, "ConfigFile", NULL, NULL, - (LPBYTE) temp_path, &temp_len); - if( (rc == ERROR_SUCCESS) && (temp_len < PATH_MAX) ) - conf_path = temp_path; - RegCloseKey( hKey ); - } - } - - if (! conf_path) { - rc = RegOpenKeyEx( HKEY_LOCAL_MACHINE, "Software\\OpenSC", - 0, KEY_QUERY_VALUE, &hKey ); - if( rc == ERROR_SUCCESS ) { - temp_len = PATH_MAX; - rc = RegQueryValueEx( hKey, "ConfigFile", NULL, NULL, - (LPBYTE) temp_path, &temp_len); - if( (rc == ERROR_SUCCESS) && (temp_len < PATH_MAX) ) - conf_path = temp_path; - RegCloseKey( hKey ); - } - } + rc = RegOpenKeyEx( HKEY_LOCAL_MACHINE, "Software\\OpenSC Project\\OpenSC", 0, KEY_QUERY_VALUE, &hKey ); + if (rc == ERROR_SUCCESS) { + temp_len = PATH_MAX; + rc = RegQueryValueEx( hKey, "ConfigFile", NULL, NULL, (LPBYTE) temp_path, &temp_len); + if ((rc == ERROR_SUCCESS) && (temp_len < PATH_MAX)) + conf_path = temp_path; + RegCloseKey(hKey); + } + } - if (! conf_path) { - sc_debug(ctx, "process_config_file doesn't find opensc config file. Please set the registry key."); + if (!conf_path) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "process_config_file doesn't find opensc config file. Please set the registry key."); return; } #else - conf_path = getenv("OPENSC_CONF"); - if (!conf_path) - conf_path = OPENSC_CONF_PATH; + conf_path = getenv("OPENSC_CONF"); + if (!conf_path) + conf_path = OPENSC_CONF_PATH; #endif ctx->conf = scconf_new(conf_path); if (ctx->conf == NULL) @@ -623,9 +551,9 @@ * there, which is not an error. Nevertheless log this * fact. */ if (r < 0) - sc_debug(ctx, "scconf_parse failed: %s", ctx->conf->errmsg); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "scconf_parse failed: %s", ctx->conf->errmsg); else - sc_error(ctx, "scconf_parse failed: %s", ctx->conf->errmsg); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "scconf_parse failed: %s", ctx->conf->errmsg); scconf_free(ctx->conf); ctx->conf = NULL; return; @@ -637,7 +565,7 @@ if (strcmp(ctx->app_name, "default") != 0) { blocks = scconf_find_blocks(ctx->conf, NULL, "app", "default"); if (blocks[0]) - ctx->conf_blocks[count++] = blocks[0]; + ctx->conf_blocks[count] = blocks[0]; free(blocks); } /* Above we add 2 blocks at most, but conf_blocks has 3 elements, @@ -648,43 +576,37 @@ int sc_ctx_detect_readers(sc_context_t *ctx) { - int i; + int r = 0; + const struct sc_reader_driver *drv = ctx->reader_driver; sc_mutex_lock(ctx, ctx->mutex); - for (i = 0; ctx->reader_drivers[i] != NULL; i++) { - const struct sc_reader_driver *drv = ctx->reader_drivers[i]; - - if (drv->ops->detect_readers != NULL) - drv->ops->detect_readers(ctx, ctx->reader_drv_data[i]); - } - + if (drv->ops->detect_readers != NULL) + r = drv->ops->detect_readers(ctx); + sc_mutex_unlock(ctx, ctx->mutex); - /* XXX: Do not ignore erros? */ - return SC_SUCCESS; + return r; } sc_reader_t *sc_ctx_get_reader(sc_context_t *ctx, unsigned int i) { - if (i >= (unsigned int)ctx->reader_count || i >= SC_MAX_READERS) - return NULL; - return ctx->reader[i]; + return list_get_at(&ctx->readers, i); } -unsigned int sc_ctx_get_reader_count(sc_context_t *ctx) +sc_reader_t *sc_ctx_get_reader_by_id(sc_context_t *ctx, unsigned int id) { - return (unsigned int)ctx->reader_count; + return list_get_at(&ctx->readers, id); } -void sc_ctx_suppress_errors_on(sc_context_t *ctx) +sc_reader_t *sc_ctx_get_reader_by_name(sc_context_t *ctx, const char * name) { - ctx->suppress_errors++; + return list_seek(&ctx->readers, name); } -void sc_ctx_suppress_errors_off(sc_context_t *ctx) +unsigned int sc_ctx_get_reader_count(sc_context_t *ctx) { - ctx->suppress_errors--; + return list_size(&ctx->readers); } int sc_establish_context(sc_context_t **ctx_out, const char *app_name) @@ -703,17 +625,16 @@ struct _sc_ctx_options opts; int r; - if (ctx_out == NULL) + if (ctx_out == NULL || parm == NULL) return SC_ERROR_INVALID_ARGUMENTS; ctx = calloc(1, sizeof(sc_context_t)); if (ctx == NULL) return SC_ERROR_OUT_OF_MEMORY; memset(&opts, 0, sizeof(opts)); - set_defaults(ctx, &opts); /* set the application name if set in the parameter options */ - if (parm != NULL && parm->app_name != NULL) + if (parm->app_name != NULL) ctx->app_name = strdup(parm->app_name); else ctx->app_name = strdup("default"); @@ -721,9 +642,12 @@ sc_release_context(ctx); return SC_ERROR_OUT_OF_MEMORY; } - + + set_defaults(ctx, &opts); + list_init(&ctx->readers); + list_attributes_seeker(&ctx->readers, reader_list_seeker); /* set thread context and create mutex object (if specified) */ - if (parm != NULL && parm->thread_ctx != NULL) + if (parm->thread_ctx != NULL) ctx->thread_ctx = parm->thread_ctx; r = sc_mutex_create(ctx, &ctx->mutex); if (r != SC_SUCCESS) { @@ -732,78 +656,117 @@ } process_config_file(ctx, &opts); - sc_debug(ctx, "===================================\n"); /* first thing in the log */ - sc_debug(ctx, "opensc version: %s\n", sc_get_version()); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "==================================="); /* first thing in the log */ + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "opensc version: %s", sc_get_version()); - /* initialize ltdl */ +#ifdef HAVE_LTDL_H + /* initialize ltdl, if available. See scdl.c for more information */ if (lt_dlinit() != 0) { - sc_debug(ctx, "lt_dlinit failed\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "lt_dlinit() failed"); sc_release_context(ctx); - return SC_ERROR_OUT_OF_MEMORY; + return SC_ERROR_INTERNAL; } +#endif - load_reader_drivers(ctx, &opts); +#ifdef ENABLE_PCSC + ctx->reader_driver = sc_get_pcsc_driver(); +/* XXX: remove cardmod pseudoreader driver */ +#ifdef ENABLE_MINIDRIVER + if(strcmp(ctx->app_name, "cardmod") == 0) { + ctx->reader_driver = sc_get_cardmod_driver(); + } +#endif +#elif ENABLE_CTAPI + ctx->reader_driver = sc_get_ctapi_driver(); +#elif ENABLE_OPENCT + ctx->reader_driver = sc_get_openct_driver(); +#endif + + load_reader_driver_options(ctx); + ctx->reader_driver->ops->init(ctx); + load_card_drivers(ctx, &opts); - load_card_atrs(ctx, &opts); + load_card_atrs(ctx); if (opts.forced_card_driver) { /* FIXME: check return value? */ sc_set_card_driver(ctx, opts.forced_card_driver); free(opts.forced_card_driver); } - del_drvs(&opts, 0); - del_drvs(&opts, 1); + del_drvs(&opts); sc_ctx_detect_readers(ctx); *ctx_out = ctx; return SC_SUCCESS; } +/* Used by minidriver to pass in provided handles to reader-pcsc */ +int sc_ctx_use_reader(sc_context_t *ctx, void *pcsc_context_handle, void *pcsc_card_handle) +{ + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + if (ctx->reader_driver->ops->use_reader != NULL) + return ctx->reader_driver->ops->use_reader(ctx, pcsc_context_handle, pcsc_card_handle); + + return SC_ERROR_NOT_SUPPORTED; +} + +/* Following two are only implemented with internal PC/SC and don't consume a reader object */ +int sc_cancel(sc_context_t *ctx) +{ + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + if (ctx->reader_driver->ops->cancel != NULL) + return ctx->reader_driver->ops->cancel(ctx); + + return SC_ERROR_NOT_SUPPORTED; +} + + +int sc_wait_for_event(sc_context_t *ctx, unsigned int event_mask, sc_reader_t **event_reader, unsigned int *event, int timeout, void **reader_states) +{ + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + if (ctx->reader_driver->ops->wait_for_event != NULL) + return ctx->reader_driver->ops->wait_for_event(ctx, event_mask, event_reader, event, timeout, reader_states); + + return SC_ERROR_NOT_SUPPORTED; +} + + int sc_release_context(sc_context_t *ctx) { - int i; + unsigned int i; assert(ctx != NULL); - SC_FUNC_CALLED(ctx, 1); - for (i = 0; i < ctx->reader_count; i++) { - sc_reader_t *rdr = ctx->reader[i]; - - if (rdr->ops->release != NULL) - rdr->ops->release(rdr); - free(rdr->name); - free(rdr); + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + while (list_size(&ctx->readers)) { + sc_reader_t *rdr = (sc_reader_t *) list_get_at(&ctx->readers, 0); + _sc_delete_reader(ctx, rdr); } - for (i = 0; ctx->reader_drivers[i] != NULL; i++) { - const struct sc_reader_driver *drv = ctx->reader_drivers[i]; - if (drv->ops->finish != NULL) - drv->ops->finish(ctx, ctx->reader_drv_data[i]); - if (drv->dll) - lt_dlclose(drv->dll); - } + if (ctx->reader_driver->ops->finish != NULL) + ctx->reader_driver->ops->finish(ctx); + for (i = 0; ctx->card_drivers[i]; i++) { struct sc_card_driver *drv = ctx->card_drivers[i]; if (drv->atr_map) _sc_free_atr(ctx, drv); if (drv->dll) - lt_dlclose(drv->dll); + sc_dlclose(drv->dll); } if (ctx->preferred_language != NULL) free(ctx->preferred_language); if (ctx->mutex != NULL) { int r = sc_mutex_destroy(ctx, ctx->mutex); if (r != SC_SUCCESS) { - sc_error(ctx, "unable to destroy mutex\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "unable to destroy mutex"); return r; } } if (ctx->conf != NULL) scconf_free(ctx->conf); - if (ctx->debug_file && ctx->debug_file != stdout) + if (ctx->debug_file && (ctx->debug_file != stdout && ctx->debug_file != stderr)) fclose(ctx->debug_file); - if (ctx->error_file && ctx->error_file != stderr) - fclose(ctx->error_file); if (ctx->app_name != NULL) free(ctx->app_name); + list_destroy(&ctx->readers); sc_mem_clear(ctx, sizeof(*ctx)); free(ctx); return SC_SUCCESS; @@ -902,6 +865,6 @@ return SC_SUCCESS; /* for lack of a better return code */ -failed: sc_error(ctx, "failed to create cache directory\n"); +failed: sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "failed to create cache directory"); return SC_ERROR_INTERNAL; } diff -Nru opensc-0.11.13/src/libopensc/dir.c opensc-0.12.1/src/libopensc/dir.c --- opensc-0.11.13/src/libopensc/dir.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/dir.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,12 +18,15 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" -#include "asn1.h" +#include "config.h" + #include #include #include +#include "internal.h" +#include "asn1.h" + struct app_entry { const u8 *aid; size_t aid_len; @@ -33,32 +36,9 @@ static const struct app_entry apps[] = { { (const u8 *) "\xA0\x00\x00\x00\x63PKCS-15", 12, "PKCS #15" }, { (const u8 *) "\xA0\x00\x00\x01\x77PKCS-15", 12, "Belgian eID" }, + { (const u8 *) "\x44\x46\x20\x69\x73\x73\x75\x65\x72", 9, "Portugal eID" } }; -static const struct app_entry * find_app_entry(const u8 * aid, size_t aid_len) -{ - size_t i; - - for (i = 0; i < sizeof(apps)/sizeof(apps[0]); i++) { - if (apps[i].aid_len == aid_len && - memcmp(apps[i].aid, aid, aid_len) == 0) - return &apps[i]; - } - return NULL; -} - -const sc_app_info_t * sc_find_pkcs15_app(sc_card_t *card) -{ - const sc_app_info_t *app = NULL; - unsigned int i; - - i = sizeof(apps)/sizeof(apps[0]); - while (!app && i--) - app = sc_find_app_by_aid(card, apps[i].aid, apps[i].aid_len); - - return app; -} - static const struct sc_asn1_entry c_asn1_dirrecord[] = { { "aid", SC_ASN1_OCTET_STRING, SC_ASN1_APP | 15, 0, NULL, NULL }, { "label", SC_ASN1_UTF8STRING, SC_ASN1_APP | 16, SC_ASN1_OPTIONAL, NULL, NULL }, @@ -77,17 +57,17 @@ { struct sc_asn1_entry asn1_dirrecord[5], asn1_dir[2]; sc_app_info_t *app = NULL; - const struct app_entry *ae; + struct sc_aid aid; + u8 label[128], path[128], ddo[128]; + size_t label_len = sizeof(label), path_len = sizeof(path), ddo_len = sizeof(ddo); int r; - u8 aid[128], label[128], path[128]; - u8 ddo[128]; - size_t aid_len = sizeof(aid), label_len = sizeof(label), - path_len = sizeof(path), ddo_len = sizeof(ddo); + + aid.len = sizeof(aid.value); sc_copy_asn1_entry(c_asn1_dirrecord, asn1_dirrecord); sc_copy_asn1_entry(c_asn1_dir, asn1_dir); sc_format_asn1_entry(asn1_dir + 0, asn1_dirrecord, NULL, 0); - sc_format_asn1_entry(asn1_dirrecord + 0, aid, &aid_len, 0); + sc_format_asn1_entry(asn1_dirrecord + 0, aid.value, &aid.len, 0); sc_format_asn1_entry(asn1_dirrecord + 1, label, &label_len, 0); sc_format_asn1_entry(asn1_dirrecord + 2, path, &path_len, 0); sc_format_asn1_entry(asn1_dirrecord + 3, ddo, &ddo_len, 0); @@ -96,56 +76,53 @@ if (r == SC_ERROR_ASN1_END_OF_CONTENTS) return r; if (r) { - sc_error(card->ctx, "EF(DIR) parsing failed: %s\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "EF(DIR) parsing failed: %s\n", sc_strerror(r)); return r; } - if (aid_len > SC_MAX_AID_SIZE) { - sc_error(card->ctx, "AID is too long.\n"); - return SC_ERROR_INVALID_ASN1_OBJECT; - } - app = (sc_app_info_t *) malloc(sizeof(sc_app_info_t)); + + app = calloc(1, sizeof(struct sc_app_info)); if (app == NULL) return SC_ERROR_OUT_OF_MEMORY; - memcpy(app->aid, aid, aid_len); - app->aid_len = aid_len; + memcpy(&app->aid, &aid, sizeof(struct sc_aid)); + if (asn1_dirrecord[1].flags & SC_ASN1_PRESENT) app->label = strdup((char *) label); else app->label = NULL; + if (asn1_dirrecord[2].flags & SC_ASN1_PRESENT) { + /* application path present: ignore AID */ if (path_len > SC_MAX_PATH_SIZE) { - sc_error(card->ctx, "Application path is too long.\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Application path is too long.\n"); free(app); return SC_ERROR_INVALID_ASN1_OBJECT; } memcpy(app->path.value, path, path_len); app->path.len = path_len; app->path.type = SC_PATH_TYPE_PATH; - } else if (aid_len < sizeof(app->path.value)) { - memcpy(app->path.value, aid, aid_len); - app->path.len = aid_len; + } + else { + /* application path not present: use AID as application path */ + memcpy(app->path.value, aid.value, aid.len); + app->path.len = aid.len; app->path.type = SC_PATH_TYPE_DF_NAME; - } else - app->path.len = 0; + } + if (asn1_dirrecord[3].flags & SC_ASN1_PRESENT) { - app->ddo = (u8 *) malloc(ddo_len); - if (app->ddo == NULL) { + app->ddo.value = malloc(ddo_len); + if (app->ddo.value == NULL) { free(app); return SC_ERROR_OUT_OF_MEMORY; } - memcpy(app->ddo, ddo, ddo_len); - app->ddo_len = ddo_len; + memcpy(app->ddo.value, ddo, ddo_len); + app->ddo.len = ddo_len; } else { - app->ddo = NULL; - app->ddo_len = 0; + app->ddo.value = NULL; + app->ddo.len = 0; } - ae = find_app_entry(aid, aid_len); - if (ae != NULL) - app->desc = ae->desc; - else - app->desc = NULL; + app->rec_nr = rec_nr; card->app[card->app_count] = app; card->app_count++; @@ -155,50 +132,51 @@ int sc_enum_apps(sc_card_t *card) { + struct sc_context *ctx = card->ctx; sc_path_t path; int ef_structure; - size_t file_size; - int r; + size_t file_size, jj; + int r, ii, idx; + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); if (card->app_count < 0) card->app_count = 0; + sc_format_path("3F002F00", &path); if (card->ef_dir != NULL) { sc_file_free(card->ef_dir); card->ef_dir = NULL; } - sc_ctx_suppress_errors_on(card->ctx); r = sc_select_file(card, &path, &card->ef_dir); - sc_ctx_suppress_errors_off(card->ctx); - if (r) - return r; + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot select EF.DIR file"); + if (card->ef_dir->type != SC_FILE_TYPE_WORKING_EF) { - sc_debug(card->ctx, "EF(DIR) is not a working EF.\n"); sc_file_free(card->ef_dir); card->ef_dir = NULL; - return SC_ERROR_INVALID_CARD; + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_CARD, "EF(DIR) is not a working EF."); } ef_structure = card->ef_dir->ef_structure; file_size = card->ef_dir->size; if (file_size == 0) - return 0; + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, 0); + if (ef_structure == SC_FILE_EF_TRANSPARENT) { u8 *buf = NULL, *p; size_t bufsize; - buf = (u8 *) malloc(file_size); + buf = malloc(file_size); if (buf == NULL) - return SC_ERROR_OUT_OF_MEMORY; + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); p = buf; r = sc_read_binary(card, 0, buf, file_size, 0); if (r < 0) { free(buf); - SC_TEST_RET(card->ctx, r, "sc_read_binary() failed"); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "sc_read_binary() failed"); } bufsize = r; while (bufsize > 0) { if (card->app_count == SC_MAX_CARD_APPS) { - sc_error(card->ctx, "Too many applications on card"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Too many applications on card"); break; } r = parse_dir_record(card, &p, &bufsize, -1); @@ -208,21 +186,19 @@ if (buf) free(buf); - } else { /* record structure */ + } + else { /* record structure */ u8 buf[256], *p; unsigned int rec_nr; size_t rec_size; for (rec_nr = 1; ; rec_nr++) { - sc_ctx_suppress_errors_on(card->ctx); - r = sc_read_record(card, rec_nr, buf, sizeof(buf), - SC_RECORD_BY_REC_NR); - sc_ctx_suppress_errors_off(card->ctx); + r = sc_read_record(card, rec_nr, buf, sizeof(buf), SC_RECORD_BY_REC_NR); if (r == SC_ERROR_RECORD_NOT_FOUND) break; - SC_TEST_RET(card->ctx, r, "read_record() failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "read_record() failed"); if (card->app_count == SC_MAX_CARD_APPS) { - sc_error(card->ctx, "Too many applications on card"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Too many applications on card"); break; } rec_size = r; @@ -230,7 +206,27 @@ parse_dir_record(card, &p, &rec_size, (int)rec_nr); } } - return card->app_count; + + /* Move known PKCS#15 applications to the head of the list */ + for (ii=0, idx=0; iiapp_count; ii++) { + for (jj=0; jj < sizeof(apps)/sizeof(apps[0]); jj++) { + if (apps[jj].aid_len != card->app[ii]->aid.len) + continue; + if (memcmp(apps[jj].aid, card->app[ii]->aid.value, apps[jj].aid_len)) + continue; + break; + } + + if (ii != idx && jj < sizeof(apps)/sizeof(apps[0])) { + struct sc_app_info *tmp = card->app[idx]; + + card->app[idx] = card->app[ii]; + card->app[ii] = tmp; + idx++; + } + } + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); } void sc_free_apps(sc_card_t *card) @@ -240,27 +236,13 @@ for (i = 0; i < card->app_count; i++) { if (card->app[i]->label) free(card->app[i]->label); - if (card->app[i]->ddo) - free(card->app[i]->ddo); + if (card->app[i]->ddo.value) + free(card->app[i]->ddo.value); free(card->app[i]); } card->app_count = -1; } -const sc_app_info_t * sc_find_app_by_aid(sc_card_t *card, - const u8 *aid, size_t aid_len) -{ - int i; - - assert(card->app_count > 0); - for (i = 0; i < card->app_count; i++) { - if (card->app[i]->aid_len == aid_len && - memcmp(card->app[i]->aid, aid, aid_len) == 0) - return card->app[i]; - } - return NULL; -} - static int encode_dir_record(sc_context_t *ctx, const sc_app_info_t *app, u8 **buf, size_t *buflen) { @@ -272,7 +254,7 @@ sc_copy_asn1_entry(c_asn1_dirrecord, asn1_dirrecord); sc_copy_asn1_entry(c_asn1_dir, asn1_dir); sc_format_asn1_entry(asn1_dir + 0, asn1_dirrecord, NULL, 1); - sc_format_asn1_entry(asn1_dirrecord + 0, (void *) tapp.aid, (void *) &tapp.aid_len, 1); + sc_format_asn1_entry(asn1_dirrecord + 0, (void *) tapp.aid.value, (void *) &tapp.aid.len, 1); if (tapp.label != NULL) { label_len = strlen(tapp.label); sc_format_asn1_entry(asn1_dirrecord + 1, tapp.label, &label_len, 1); @@ -280,16 +262,13 @@ if (tapp.path.len) sc_format_asn1_entry(asn1_dirrecord + 2, (void *) tapp.path.value, (void *) &tapp.path.len, 1); - if (tapp.ddo != NULL) - sc_format_asn1_entry(asn1_dirrecord + 3, (void *) tapp.ddo, - (void *) &tapp.ddo_len, 1); + if (tapp.ddo.value != NULL && tapp.ddo.len) + sc_format_asn1_entry(asn1_dirrecord + 3, (void *) tapp.ddo.value, + (void *) &tapp.ddo.len, 1); r = sc_asn1_encode(ctx, asn1_dir, buf, buflen); - if (r) { - sc_error(ctx, "sc_asn1_encode() failed: %s\n", - sc_strerror(r)); - return r; - } - return 0; + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Encode DIR record error"); + + return SC_SUCCESS; } static int update_transparent(sc_card_t *card, sc_file_t *file) @@ -301,8 +280,6 @@ for (i = 0; i < card->app_count; i++) { r = encode_dir_record(card->ctx, card->app[i], &rec, &rec_size); if (r) { - if (rec) - free(rec); if (buf) free(buf); return r; @@ -333,9 +310,9 @@ } r = sc_update_binary(card, 0, buf, buf_size, 0); free(buf); - SC_TEST_RET(card->ctx, r, "Unable to update EF(DIR)"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Unable to update EF(DIR)"); - return 0; + return SC_SUCCESS; } static int update_single_record(sc_card_t *card, sc_file_t *file, @@ -352,9 +329,7 @@ r = sc_update_record(card, (unsigned int)app->rec_nr, rec, rec_size, SC_RECORD_BY_REC_NR); else if (app->rec_nr == 0) { /* create new record entry */ - sc_ctx_suppress_errors_on(card->ctx); r = sc_append_record(card, rec, rec_size, 0); - sc_ctx_suppress_errors_off(card->ctx); if (r == SC_ERROR_NOT_SUPPORTED) { /* if the card doesn't support APPEND RECORD we try a * UPDATE RECORD on the next unused record (and hope @@ -368,11 +343,11 @@ r = sc_update_record(card, (unsigned int)rec_nr, rec, rec_size, SC_RECORD_BY_REC_NR); } } else { - sc_error(card->ctx, "invalid record number\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "invalid record number\n"); r = SC_ERROR_INTERNAL; } free(rec); - SC_TEST_RET(card->ctx, r, "Unable to update EF(DIR) record"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Unable to update EF(DIR) record"); return 0; } @@ -397,7 +372,7 @@ sc_format_path("3F002F00", &path); r = sc_select_file(card, &path, &file); - SC_TEST_RET(card->ctx, r, "unable to select EF(DIR)"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "unable to select EF(DIR)"); if (file->ef_structure == SC_FILE_EF_TRANSPARENT) r = update_transparent(card, file); else if (app == NULL) diff -Nru opensc-0.11.13/src/libopensc/ef-atr.c opensc-0.12.1/src/libopensc/ef-atr.c --- opensc-0.11.13/src/libopensc/ef-atr.c 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/libopensc/ef-atr.c 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,157 @@ +/* + * ef-atr.c: Stuff for handling EF(ATR) + * + * Copyright (C) 2001, 2002 Juha Yrjölä + * Copyright (C) 2010 Viktor Tarasov + * OpenTrust + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include + +#include "internal.h" +#include "asn1.h" +#include "iso7816.h" + +static int +sc_parse_ef_atr_content(struct sc_card *card, unsigned char *buf, size_t buflen) +{ + struct sc_context *ctx = card->ctx; + const unsigned char *tag = NULL; + size_t taglen; + struct sc_ef_atr ef_atr; + unsigned char category; + + LOG_FUNC_CALLED(ctx); + + category = *buf; + + memset(&ef_atr, 0, sizeof(struct sc_ef_atr)); + /* IAS/ECC specific: skip second 'zero' byte */ + if (*(++buf) == 0x00) + ++buf; + + tag = sc_asn1_find_tag(ctx, buf, buflen, ISO7816_TAG_II_CARD_SERVICE, &taglen); + if (tag && taglen >= 1) { + ef_atr.card_service = *tag; + sc_log(ctx, "EF.ATR: card service 0x%X", ef_atr.card_service); + } + + tag = sc_asn1_find_tag(ctx, buf, buflen, ISO7816_TAG_II_PRE_ISSUING, &taglen); + if (tag) { + size_t len = taglen > sizeof(ef_atr.pre_issuing) ? sizeof(ef_atr.pre_issuing) : taglen; + + memcpy(ef_atr.pre_issuing, tag, len); + ef_atr.pre_issuing_len = len; + + sc_log(ctx, "EF.ATR: Pre-Issuing data '%s'", sc_dump_hex(ef_atr.pre_issuing, ef_atr.pre_issuing_len)); + } + + tag = sc_asn1_find_tag(ctx, buf, buflen, ISO7816_TAG_II_CARD_CAPABILITIES, &taglen); + if (tag && taglen >= 3) { + ef_atr.df_selection = *(tag + 0); + ef_atr.unit_size = *(tag + 1); + ef_atr.card_capabilities = *(tag + 2); + sc_log(ctx, "EF.ATR: DF selection %X, unit_size %X, card caps %X", + ef_atr.df_selection, ef_atr.unit_size, ef_atr.card_capabilities); + } + + tag = sc_asn1_find_tag(ctx, buf, buflen, ISO7816_TAG_II_AID, &taglen); + if (tag) { + if (taglen > sizeof(ef_atr.aid.value)) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Invalid MF AID size"); + memcpy(ef_atr.aid.value, tag, taglen); + ef_atr.aid.len = taglen; + sc_log(ctx, "EF.ATR: AID '%s'", sc_dump_hex(ef_atr.aid.value, ef_atr.aid.len)); + } + + /* IAS/ECC specific issuer data: contains the max send/recv buffer sizes in plain and SM modes */ + tag = sc_asn1_find_tag(ctx, buf, buflen, IASECC_TAG_II_IO_BUFFER_SIZES, &taglen); + if (tag) { + size_t len = taglen > sizeof(ef_atr.issuer_data) ? sizeof(ef_atr.issuer_data) : taglen; + + memcpy(ef_atr.issuer_data, tag, len); + ef_atr.issuer_data_len = len; + + sc_log(ctx, "EF.ATR: Issuer data '%s'", sc_dump_hex(ef_atr.issuer_data, ef_atr.issuer_data_len)); + } + + tag = sc_asn1_find_tag(ctx, buf, buflen, ISO7816_TAG_II_ALLOCATION_SCHEME, &taglen); + if (tag && taglen < sizeof(ef_atr.allocation_oid)) { + sc_log(ctx, "EF.ATR: OID %s", sc_dump_hex(tag, sizeof(taglen))); + memcpy(ef_atr.allocation_oid.value, tag, taglen); + } + + if (category == ISO7816_II_CATEGORY_TLV) { + tag = sc_asn1_find_tag(ctx, buf, buflen, ISO7816_TAG_II_STATUS_SW, &taglen); + if (tag && taglen == 2) { + ef_atr.status = *(tag + 0) * 0x100 + *(tag + 1); + sc_log(ctx, "EF.ATR: status word 0x%X", ef_atr.status); + } + } + + if (!card->ef_atr) + card->ef_atr = calloc(1, sizeof(struct sc_ef_atr)); + + if (!card->ef_atr) + LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY); + + memcpy(card->ef_atr, &ef_atr, sizeof(struct sc_ef_atr)); + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +int sc_parse_ef_atr(struct sc_card *card) +{ + struct sc_context *ctx = card->ctx; + struct sc_path path; + struct sc_file *file; + int rv; + unsigned char *buf = NULL; + + LOG_FUNC_CALLED(ctx); + + sc_format_path("3F002F01", &path); + rv = sc_select_file(card, &path, &file); + LOG_TEST_RET(ctx, rv, "Cannot select EF(ATR) file"); + + buf = malloc(file->size); + if (!buf) + LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Memory allocation error"); + rv = sc_read_binary(card, 0, buf, file->size, 0); + LOG_TEST_RET(ctx, rv, "Cannot read EF(ATR) file"); + + rv = sc_parse_ef_atr_content(card, buf, file->size); + LOG_TEST_RET(ctx, rv, "EF(ATR) parse error"); + + free(buf); + sc_file_free(file); + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + +void sc_free_ef_atr(sc_card_t *card) +{ + if (card->ef_atr) + free(card->ef_atr); + card->ef_atr = NULL; +} diff -Nru opensc-0.11.13/src/libopensc/emv.c opensc-0.12.1/src/libopensc/emv.c --- opensc-0.11.13/src/libopensc/emv.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/emv.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,24 +0,0 @@ -/* - * emv.c: EMV functions - * - * Copyright (C) 2001, 2002 Juha Yrjölä - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -#include "internal.h" -#include "emv.h" - -/* FIXME: Implement */ diff -Nru opensc-0.11.13/src/libopensc/emv.h opensc-0.12.1/src/libopensc/emv.h --- opensc-0.11.13/src/libopensc/emv.h 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/emv.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,41 +0,0 @@ -/* - * emv.h: OpenSC EMV header file - * - * Copyright (C) 2001, 2002 Juha Yrjölä - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -#ifndef _OPENSC_EMV_H -#define _OPENSC_EMV_H - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -struct sc_emv_card { - struct sc_card *card; -}; - -int sc_emv_bind(struct sc_card *card, struct sc_emv_card **emv_card); -int sc_emv_unbind(struct sc_emv_card *emv_card); - -#ifdef __cplusplus -} -#endif - -#endif diff -Nru opensc-0.11.13/src/libopensc/errors.c opensc-0.12.1/src/libopensc/errors.c --- opensc-0.11.13/src/libopensc/errors.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/errors.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,7 +18,10 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +#include "config.h" + #include + #include "errors.h" #define DIM(v) (sizeof(v)/(sizeof((v)[0]))) @@ -28,8 +31,8 @@ const char *rdr_errors[] = { "Generic reader error", "No readers found", - "Slot not found", - "Slot already connected", + "UNUSED", + "UNUSED", "Card not present", "Card removed", "Card reset", @@ -42,8 +45,10 @@ "Unresponsive card (correctly inserted?)", "Reader detached (hotplug device?)", "Reader reattached (hotplug device?)", + "Reader in use by another application" }; const int rdr_base = -SC_ERROR_READER; + const char *card_errors[] = { "Card command failed", "File not found", @@ -62,17 +67,22 @@ "PIN code or key incorrect", "File already exists", "Data object not found", + "Not enough memory on card", + "Part of returned data may be corrupted", + "End of file/record reached before reading Le bytes" }; const int card_base = -SC_ERROR_CARD_CMD_FAILED; + const char *arg_errors[] = { "Invalid arguments", - "Command too short", - "Command too long", + "UNUSED", + "UNUSED", "Buffer too small", "Invalid PIN length", "Invalid data", }; const int arg_base = -SC_ERROR_INVALID_ARGUMENTS; + const char *int_errors[] = { "Internal error", "Invalid ASN.1 object", @@ -84,42 +94,69 @@ "Requested object not found", "Not supported", "Passphrase required", - "The key is extractable", + "UNUSED", "Decryption failed", "Wrong padding", "Unsupported card", "Unable to load external module", - "EF offset too large" + "EF offset too large", + "Not implemented" }; const int int_base = -SC_ERROR_INTERNAL; + const char *p15i_errors[] = { - "Generic PKCS #15 initialization error", + "Generic PKCS#15 initialization error", "Syntax error", - "Inconsistent or incomplete pkcs15 profile", + "Inconsistent or incomplete PKCS#15 profile", "Key length/algorithm not supported by card", "No default (transport) key available", - "The PKCS#15 Key/certificate ID specified is not unique", + "Non unique object ID", "Unable to load key and certificate(s) from file", - "Object is not compatible with intended use", + "UNUSED", "File template not found", "Invalid PIN reference", "File too small", }; const int p15i_base = -SC_ERROR_PKCS15INIT; + + const int sm_base = -SC_ERROR_SM; + const char *sm_errors[] = { + "Generic Secure Messaging error", + "Data enciphering error", + "Invalid secure messaging level", + "No session keys", + "Invalid session keys", + "Secure Messaging not initialized", + "Cannot authenticate card", + "Random generation error", + "Secure messaging keyset not found", + "IFD data missing" + }; + + const char *misc_errors[] = { "Unknown error", "PKCS#15 compatible smart card not found", }; const int misc_base = -SC_ERROR_UNKNOWN; + + const char *no_errors = "Success"; const char **errors = NULL; int count = 0, err_base = 0; - + + if (!error) + return no_errors; if (error < 0) error = -error; + if (error >= misc_base) { errors = misc_errors; count = DIM(misc_errors); err_base = misc_base; + } else if (error >= sm_base) { + errors = sm_errors; + count = DIM(sm_errors); + err_base = sm_base; } else if (error >= p15i_base) { errors = p15i_errors; count = DIM(p15i_errors); diff -Nru opensc-0.11.13/src/libopensc/errors.h opensc-0.12.1/src/libopensc/errors.h --- opensc-0.11.13/src/libopensc/errors.h 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/errors.h 2011-05-17 17:07:00.000000000 +0000 @@ -26,13 +26,12 @@ #endif #define SC_SUCCESS 0 -#define SC_NO_ERROR 0 /* Errors related to reader operation */ #define SC_ERROR_READER -1100 #define SC_ERROR_NO_READERS_FOUND -1101 -#define SC_ERROR_SLOT_NOT_FOUND -1102 -#define SC_ERROR_SLOT_ALREADY_CONNECTED -1103 +/* Unused: -1102 */ +/* Unused: -1103 */ #define SC_ERROR_CARD_NOT_PRESENT -1104 #define SC_ERROR_CARD_REMOVED -1105 #define SC_ERROR_CARD_RESET -1106 @@ -45,6 +44,7 @@ #define SC_ERROR_CARD_UNRESPONSIVE -1113 #define SC_ERROR_READER_DETACHED -1114 #define SC_ERROR_READER_REATTACHED -1115 +#define SC_ERROR_READER_LOCKED -1116 /* Resulting from a card command or related to the card*/ #define SC_ERROR_CARD_CMD_FAILED -1200 @@ -64,11 +64,14 @@ #define SC_ERROR_PIN_CODE_INCORRECT -1214 #define SC_ERROR_FILE_ALREADY_EXISTS -1215 #define SC_ERROR_DATA_OBJECT_NOT_FOUND -1216 +#define SC_ERROR_NOT_ENOUGH_MEMORY -1217 +#define SC_ERROR_CORRUPTED_DATA -1218 +#define SC_ERROR_FILE_END_REACHED -1219 /* Returned by OpenSC library when called with invalid arguments */ #define SC_ERROR_INVALID_ARGUMENTS -1300 -#define SC_ERROR_CMD_TOO_SHORT -1301 -#define SC_ERROR_CMD_TOO_LONG -1302 +/* Unused: -1301 */ +/* Unused: -1302 */ #define SC_ERROR_BUFFER_TOO_SMALL -1303 #define SC_ERROR_INVALID_PIN_LENGTH -1304 #define SC_ERROR_INVALID_DATA -1305 @@ -84,7 +87,7 @@ #define SC_ERROR_OBJECT_NOT_FOUND -1407 #define SC_ERROR_NOT_SUPPORTED -1408 #define SC_ERROR_PASSPHRASE_REQUIRED -1409 -#define SC_ERROR_EXTRACTABLE_KEY -1410 +/* Unused: -1410 */ #define SC_ERROR_DECRYPT_FAILED -1411 #define SC_ERROR_WRONG_PADDING -1412 #define SC_ERROR_WRONG_CARD -1413 @@ -98,12 +101,25 @@ #define SC_ERROR_INCONSISTENT_PROFILE -1502 #define SC_ERROR_INCOMPATIBLE_KEY -1503 #define SC_ERROR_NO_DEFAULT_KEY -1504 -#define SC_ERROR_ID_NOT_UNIQUE -1505 -#define SC_ERROR_CANNOT_LOAD_KEY -1006 -#define SC_ERROR_INCOMPATIBLE_OBJECT -1007 -#define SC_ERROR_TEMPLATE_NOT_FOUND -1008 -#define SC_ERROR_INVALID_PIN_REFERENCE -1009 -#define SC_ERROR_FILE_TOO_SMALL -1010 +#define SC_ERROR_NON_UNIQUE_ID -1505 +#define SC_ERROR_CANNOT_LOAD_KEY -1506 +/* Unused: -1007 */ +#define SC_ERROR_TEMPLATE_NOT_FOUND -1508 +#define SC_ERROR_INVALID_PIN_REFERENCE -1509 +#define SC_ERROR_FILE_TOO_SMALL -1510 + +/* Related to secure messaging */ +#define SC_ERROR_SM -1600 +#define SC_ERROR_SM_ENCRYPT_FAILED -1601 +#define SC_ERROR_SM_INVALID_LEVEL -1602 +#define SC_ERROR_SM_NO_SESSION_KEYS -1603 +#define SC_ERROR_SM_INVALID_SESSION_KEY -1604 +#define SC_ERROR_SM_NOT_INITIALIZED -1605 +#define SC_ERROR_SM_AUTHENTICATION_FAILED -1606 +#define SC_ERROR_SM_RAND_FAILED -1607 +#define SC_ERROR_SM_KEYSET_NOT_FOUND -1608 +#define SC_ERROR_SM_IFD_DATA_MISSING -1609 + /* Errors that do not fit the categories above */ #define SC_ERROR_UNKNOWN -1900 diff -Nru opensc-0.11.13/src/libopensc/esteid.h opensc-0.12.1/src/libopensc/esteid.h --- opensc-0.11.13/src/libopensc/esteid.h 2006-05-15 20:57:30.000000000 +0000 +++ opensc-0.12.1/src/libopensc/esteid.h 2011-05-17 17:07:00.000000000 +0000 @@ -29,5 +29,5 @@ #define SC_ESTEID_KEYREF_FILE_RECLEN 21 int select_esteid_df(sc_card_t * card); - +int is_esteid_card(sc_card_t *card); #endif diff -Nru opensc-0.11.13/src/libopensc/iasecc.h opensc-0.12.1/src/libopensc/iasecc.h --- opensc-0.11.13/src/libopensc/iasecc.h 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/libopensc/iasecc.h 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,141 @@ +/* + * iasecc.h Support for IAS/ECC smart cards + * + * Copyright (C) 2010 Viktor Tarasov + * OpenTrust + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifndef _OPENSC_IASECC_H +#define _OPENSC_IASECC_H + +#include "libopensc/errors.h" +#include "libopensc/types.h" +#include "libopensc/iasecc-sdo.h" + +#define ISO7812_PAN_SN_TAG 0x5A +#define ISO7812_PAN_LENGTH 0x0C + +#ifndef SHA256_DIGEST_LENGTH + #define SHA_DIGEST_LENGTH 20 + #define SHA256_DIGEST_LENGTH 32 +#endif + +#ifndef CKM_RSA_PKCS + #define CKM_RSA_PKCS 0x00000001 + #define CKM_SHA1_RSA_PKCS 0x00000006 + #define CKM_SHA256_RSA_PKCS 0x00000040 + #define CKM_SHA_1 0x00000220 + #define CKM_SHA256 0x00000250 +#endif + +#define IASECC_TITLE "IASECC" + +#define IASECC_FCP_TAG 0x62 +#define IASECC_FCP_TAG_SIZE 0x80 +#define IASECC_FCP_TAG_TYPE 0x82 +#define IASECC_FCP_TAG_FID 0x83 +#define IASECC_FCP_TAG_NAME 0x84 +#define IASECC_FCP_TAG_SFID 0x88 +#define IASECC_FCP_TAG_ACLS 0xA1 +#define IASECC_FCP_TAG_ACLS_CONTACT 0x8C + +#define IASECC_FCP_TYPE_EF 0x01 +#define IASECC_FCP_TYPE_DF 0x38 + +#define IASECC_OBJECT_REF_LOCAL 0x80 +#define IASECC_OBJECT_REF_GLOBAL 0x00 + +#define IASECC_OBJECT_REF_MIN 0x01 +#define IASECC_OBJECT_REF_MAX 0x1F + +#define IASECC_SE_REF_MIN 0x01 +#define IASECC_SE_REF_MAX 0x0F + +/* IAS/ECC interindustry data tags */ +#define IASECC_ATR_TAG_IO_BUFFER_SIZES 0xE0 + +#define IASECC_SFI_EF_DIR 0x1E +#define IASECC_SFI_EF_ATR 0x1D +#define IASECC_SFI_EF_SN 0x1C +#define IASECC_SFI_EF_DH 0x1B + +#define IASECC_READ_BINARY_LENGTH_MAX 0xE7 + +#define IASECC_PSO_HASH_TAG_PARTIAL 0x90 +#define IASECC_PSO_HASH_TAG_REMAINING 0x80 + +#define IASECC_CARD_ANSWER_TAG_DATA 0x87 +#define IASECC_CARD_ANSWER_TAG_SW 0x99 +#define IASECC_CARD_ANSWER_TAG_MAC 0x8E + +#define IASECC_SM_DO_TAG_TLE 0x97 +#define IASECC_SM_DO_TAG_TSW 0x99 +#define IASECC_SM_DO_TAG_TCC 0x8E +#define IASECC_SM_DO_TAG_TCG_ODD_INS 0x85 +#define IASECC_SM_DO_TAG_TCG_EVEN_INS 0x87 +#define IASECC_SM_DO_TAG_TCG 0x87 +#define IASECC_SM_DO_TAG_TBR 0x85 + +struct sc_security_env; + +typedef struct iasecc_qsign_data { + int hash_algo; + + unsigned char hash[SHA256_DIGEST_LENGTH]; + size_t hash_size; + + unsigned char pre_hash[SHA256_DIGEST_LENGTH]; + size_t pre_hash_size; + + unsigned char counter[8]; + unsigned long counter_long; + + unsigned char last_block[64]; + size_t last_block_size; +} iasecc_qsign_data_t; + + +struct iasecc_version { + unsigned char ic_manufacturer; + unsigned char ic_type; + unsigned char os_version; + unsigned char iasecc_version; +}; + +struct iasecc_io_buffer_sizes { + size_t send; + size_t send_sc; + size_t recv; + size_t recv_sc; +}; + +struct iasecc_private_data { + struct iasecc_version version; + struct iasecc_io_buffer_sizes max_sizes; + + struct sc_security_env security_env; + size_t key_size; + unsigned op_method, op_ref; + + struct iasecc_se_info *se_info; +}; + + +int sm_iasecc_rsa_generate(struct sc_card *card, unsigned security_condition, + struct iasecc_sdo *sdo); + +#endif diff -Nru opensc-0.11.13/src/libopensc/iasecc-sdo.c opensc-0.12.1/src/libopensc/iasecc-sdo.c --- opensc-0.11.13/src/libopensc/iasecc-sdo.c 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/libopensc/iasecc-sdo.c 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,1289 @@ +/* + * iasecc-sdo.c: library to manipulate the Security Data Objects (SDO) + * used by IAS/ECC card support. + * + * Copyright (C) 2010 Viktor Tarasov + * OpenTrust + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#ifdef ENABLE_OPENSSL /* empty file without openssl */ + +#include +#include + +#include "internal.h" +#include "asn1.h" +#include "cardctl.h" + +#include "iasecc.h" +#include "iasecc-sdo.h" + +static int iasecc_parse_size(unsigned char *data, size_t *out); + + +static int +iasecc_parse_acls(struct sc_card *card, struct iasecc_sdo_docp *docp, int flags) +{ + struct sc_context *ctx = card->ctx; + struct iasecc_extended_tlv *acls = &docp->acls_contact; + int ii, offs; + unsigned char mask = 0x40; + + if (flags) + acls = &docp->acls_contactless; + + if (!acls->size) + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA); + + docp->amb = *(acls->value + 0); + memset(docp->scbs, 0xFF, sizeof(docp->scbs)); + for (ii=0, offs = 1; ii<7; ii++, mask >>= 1) + if (mask & docp->amb) + docp->scbs[ii] = *(acls->value + offs++); + + sc_log(ctx, "iasecc_parse_docp() SCBs %02X:%02X:%02X:%02X:%02X:%02X:%02X", + docp->scbs[0],docp->scbs[1],docp->scbs[2],docp->scbs[3], + docp->scbs[4],docp->scbs[5],docp->scbs[6]); + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +int +iasecc_sdo_convert_acl(struct sc_card *card, struct iasecc_sdo *sdo, + unsigned char op, unsigned *out_method, unsigned *out_ref) +{ + struct sc_context *ctx = card->ctx; + struct acl_op { + unsigned char op; + unsigned char mask; + } ops[] = { + {SC_AC_OP_PSO_COMPUTE_SIGNATURE,IASECC_ACL_PSO_SIGNATURE}, + {SC_AC_OP_INTERNAL_AUTHENTICATE,IASECC_ACL_INTERNAL_AUTHENTICATE}, + {SC_AC_OP_PSO_DECRYPT, IASECC_ACL_PSO_DECIPHER}, + {SC_AC_OP_GENERATE, IASECC_ACL_GENERATE_KEY}, + {SC_AC_OP_UPDATE, IASECC_ACL_PUT_DATA}, + {SC_AC_OP_READ, IASECC_ACL_GET_DATA}, + {0x00, 0x00} + }; + unsigned char mask = 0x80, op_mask; + int ii; + + LOG_FUNC_CALLED(ctx); + + for (ii=0; ops[ii].mask; ii++) { + if (op == ops[ii].op) { + op_mask = ops[ii].mask; + break; + } + } + if (ops[ii].mask == 0) + LOG_FUNC_RETURN(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED); + + sc_log(ctx, "OP:%i, mask:0x%X", op, ops[ii].mask); + sc_log(ctx, "AMB:%X, scbs:%s", sdo->docp.amb, sc_dump_hex(sdo->docp.scbs, IASECC_MAX_SCBS)); + sc_log(ctx, "docp.acls_contact:%s", sc_dump_hex(sdo->docp.acls_contact.value, sdo->docp.acls_contact.size)); + + if (!sdo->docp.amb && sdo->docp.acls_contact.size) { + int rv = iasecc_parse_acls(card, &sdo->docp, 0); + LOG_TEST_RET(ctx, rv, "Cannot parse ACLs in DOCP"); + } + + *out_method = SC_AC_NEVER; + *out_ref = SC_AC_NEVER; + + for (ii=0; ii<7; ii++) { + mask >>= 1; + if (sdo->docp.amb & mask) { + if (op_mask == mask) { + unsigned char scb = sdo->docp.scbs[ii]; + sc_log(ctx, "ii:%i, scb:0x%X", ii, scb); + + *out_ref = scb & 0x0F; + if (scb == 0) + *out_method = SC_AC_NONE; + else if (scb == 0xFF) + *out_method = SC_AC_NEVER; + else if ((scb & IASECC_SCB_METHOD_MASK) == IASECC_SCB_METHOD_USER_AUTH) + *out_method = SC_AC_SEN; + else if ((scb & IASECC_SCB_METHOD_MASK) == IASECC_SCB_METHOD_EXT_AUTH) + *out_method = SC_AC_AUT; + else if ((scb & IASECC_SCB_METHOD_MASK) == IASECC_SCB_METHOD_SM) + *out_method = SC_AC_PRO; + else + *out_method = SC_AC_SCB, *out_ref = scb; + + break; + } + } + } + + sc_log(ctx, "returns method %X; ref %X", *out_method, *out_ref); + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +void +iasecc_sdo_free_fields(struct sc_card *card, struct iasecc_sdo *sdo) +{ + if (sdo->docp.tries_remaining.value) + free(sdo->docp.tries_remaining.value); + if (sdo->docp.usage_remaining.value) + free(sdo->docp.usage_remaining.value); + if (sdo->docp.non_repudiation.value) + free(sdo->docp.non_repudiation.value); + if (sdo->docp.acls_contact.value) + free(sdo->docp.acls_contact.value); + if (sdo->docp.size.value) + free(sdo->docp.size.value); + if (sdo->docp.name.value) + free(sdo->docp.name.value); + if (sdo->docp.issuer_data.value) + free(sdo->docp.issuer_data.value); + + if (sdo->sdo_class == IASECC_SDO_CLASS_RSA_PUBLIC) { + if (sdo->data.pub_key.n.value) + free(sdo->data.pub_key.n.value); + if (sdo->data.pub_key.e.value) + free(sdo->data.pub_key.e.value); + if (sdo->data.pub_key.compulsory.value) + free(sdo->data.pub_key.compulsory.value); + if (sdo->data.pub_key.chr.value) + free(sdo->data.pub_key.chr.value); + if (sdo->data.pub_key.cha.value) + free(sdo->data.pub_key.cha.value); + } + else if (sdo->sdo_class == IASECC_SDO_CLASS_RSA_PRIVATE) { + if (sdo->data.prv_key.p.value) + free(sdo->data.prv_key.p.value); + if (sdo->data.prv_key.q.value) + free(sdo->data.prv_key.q.value); + if (sdo->data.prv_key.iqmp.value) + free(sdo->data.prv_key.iqmp.value); + if (sdo->data.prv_key.dmp1.value) + free(sdo->data.prv_key.dmp1.value); + if (sdo->data.prv_key.dmq1.value) + free(sdo->data.prv_key.dmq1.value); + if (sdo->data.prv_key.compulsory.value) + free(sdo->data.prv_key.compulsory.value); + } + else if (sdo->sdo_class == IASECC_SDO_CLASS_CHV) { + if (sdo->data.chv.size_max.value) + free(sdo->data.chv.size_max.value); + if (sdo->data.chv.size_min.value) + free(sdo->data.chv.size_min.value); + if (sdo->data.chv.value.value) + free(sdo->data.chv.value.value); + } +} + +void +iasecc_sdo_free(struct sc_card *card, struct iasecc_sdo *sdo) +{ + iasecc_sdo_free_fields(card, sdo); + free(sdo); +} + + +static int +iasecc_crt_parse(struct sc_card *card, unsigned char *data, struct iasecc_se_info *se) +{ + struct sc_context *ctx = card->ctx; + struct sc_crt crt; + int ii, offs, len, parsed_len = -1; + + sc_log(ctx, "iasecc_crt_parse(0x%X) called", *data); + + memset(&crt, 0, sizeof(crt)); + crt.tag = *(data + 0); + len = *(data + 1); + + for(offs = 2; offs < len + 2; offs += 3) { + sc_log(ctx, "iasecc_crt_parse(0x%X) CRT %X -> %X", *data, *(data + offs), *(data + offs + 2)); + if (*(data + offs) == IASECC_CRT_TAG_USAGE) { + crt.usage = *(data + offs + 2); + } + else if (*(data + offs) == IASECC_CRT_TAG_REFERENCE) { + int nn_refs = sizeof(crt.refs) / sizeof(crt.refs[0]); + + for (ii=0; iicrts[ii].tag) + break; + + if (ii==IASECC_SE_CRTS_MAX) + LOG_TEST_RET(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "iasecc_crt_parse() error: too much CRTs in SE"); + + memcpy(&se->crts[ii], &crt, sizeof(crt)); + parsed_len = len + 2; + LOG_FUNC_RETURN(ctx, parsed_len); +} + + +int +iasecc_se_get_crt(struct sc_card *card, struct iasecc_se_info *se, struct sc_crt *crt) +{ + struct sc_context *ctx = card->ctx; + int ii; + + LOG_FUNC_CALLED(ctx); + if (!se || !crt) + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS); + sc_log(ctx, "CRT search template: %X:%X:%X, refs %X:%X:...", + crt->tag, crt->algo, crt->usage, crt->refs[0], crt->refs[1]); + + for (ii=0; iicrts[ii].tag; ii++) { + if (crt->tag != se->crts[ii].tag) + continue; + if (crt->algo && crt->algo != se->crts[ii].algo) + continue; + if (crt->usage && crt->usage != se->crts[ii].usage) + continue; + if (crt->refs[0] && crt->refs[0] != se->crts[ii].refs[0]) + continue; + + memcpy(crt, &se->crts[ii], sizeof(*crt)); + + sc_log(ctx, "iasecc_se_get_crt() found CRT with refs %X:%X:...", + se->crts[ii].refs[0], se->crts[ii].refs[1]); + LOG_FUNC_RETURN(ctx, SC_SUCCESS); + } + + sc_log(ctx, "iasecc_se_get_crt() CRT is not found"); + return SC_ERROR_DATA_OBJECT_NOT_FOUND; +} + + +int +iasecc_se_get_crt_by_usage(struct sc_card *card, struct iasecc_se_info *se, unsigned char tag, + unsigned char usage, struct sc_crt *crt) +{ + struct sc_context *ctx = card->ctx; + int ii; + + LOG_FUNC_CALLED(ctx); + if (!se || !crt || !tag || !usage) + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS); + sc_log(ctx, "CRT search template with TAG:0x%X and UQB:0x%X", tag, usage); + + for (ii=0; iicrts[ii].tag; ii++) { + if (tag != se->crts[ii].tag) + continue; + if (usage != se->crts[ii].usage) + continue; + + memcpy(crt, &se->crts[ii], sizeof(*crt)); + + sc_log(ctx, "iasecc_se_get_crt() found CRT with refs %X:%X:...", crt->refs[0], crt->refs[1]); + LOG_FUNC_RETURN(ctx, SC_SUCCESS); + } + + sc_log(ctx, "iasecc_se_get_crt() CRT is not found"); + LOG_FUNC_RETURN(ctx, SC_ERROR_DATA_OBJECT_NOT_FOUND); +} + + +int +iasecc_se_parse(struct sc_card *card, unsigned char *data, size_t data_len, struct iasecc_se_info *se) +{ + struct sc_context *ctx = card->ctx; + size_t size, offs, size_size; + int rv; + + LOG_FUNC_CALLED(ctx); + + if (*data == IASECC_SDO_TEMPLATE_TAG) { + size_size = iasecc_parse_size(data + 1, &size); + LOG_TEST_RET(ctx, size_size, "parse error: invalid size data of IASECC_SDO_TEMPLATE"); + + data += size_size + 1; + data_len = size; + sc_log(ctx, "IASECC_SDO_TEMPLATE: size %i, size_size %i", size, size_size); + + if (*data != IASECC_SDO_TAG_HEADER) + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA); + + if ((*(data + 1) & 0x7F) != IASECC_SDO_CLASS_SE) + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA); + + size_size = iasecc_parse_size(data + 3, &size); + LOG_TEST_RET(ctx, size_size, "parse error: invalid SDO SE data size"); + + if (data_len != size + size_size + 3) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "parse error: invalide SDO SE data size"); + + data += 3 + size_size; + data_len = size; + sc_log(ctx, "IASECC_SDO_TEMPLATE SE: size %i, size_size %i", size, size_size); + } + + if (*data != IASECC_SDO_CLASS_SE) { + sc_log(ctx, "Invalid SE tag 0x%X; data length %i", *data, data_len); + LOG_FUNC_RETURN(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED); + } + + size_size = iasecc_parse_size(data + 1, &size); + LOG_TEST_RET(ctx, size_size, "parse error: invalid size data"); + + if (data_len != size + size_size + 1) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "parse error: invalide SE data size"); + + offs = 1 + size_size; + for (; offs < data_len;) { + rv = iasecc_crt_parse(card, data + offs, se); + LOG_TEST_RET(ctx, rv, "parse error: invalid SE data"); + + offs += rv; + } + + if (offs != data_len) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "parse error: not totaly parsed"); + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static int +iasecc_parse_size(unsigned char *data, size_t *out) +{ + if (*data < 0x80) { + *out = *data; + return 1; + } + else if (*data == 0x81) { + *out = *(data + 1); + return 2; + } + else if (*data == 0x82) { + *out = *(data + 1) * 0x100 + *(data + 2); + return 3; + } + + return SC_ERROR_INVALID_DATA; +} + + +static int +iasecc_parse_get_tlv(struct sc_card *card, unsigned char *data, struct iasecc_extended_tlv *tlv) +{ + struct sc_context *ctx = card->ctx; + size_t size_len, tag_len; + + memset(tlv, 0, sizeof(*tlv)); + sc_log(ctx, "iasecc_parse_get_tlv() called for tag 0x%X", *data); + if ((*data == 0x7F) || (*data == 0x5F)) { + tlv->tag = *data * 0x100 + *(data + 1); + tag_len = 2; + } + else { + tlv->tag = *data; + tag_len = 1; + } + + sc_log(ctx, "iasecc_parse_get_tlv() tlv->tag 0x%X", tlv->tag); + size_len = iasecc_parse_size(data + tag_len, &tlv->size); + LOG_TEST_RET(ctx, size_len, "parse error: invalid size data"); + + tlv->value = calloc(1, tlv->size); + if (!tlv->value) + LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY); + memcpy(tlv->value, data + size_len + tag_len, tlv->size); + + tlv->on_card = 1; + + sc_log(ctx, "iasecc_parse_get_tlv() parsed %i bytes", tag_len + size_len + tlv->size); + return tag_len + size_len + tlv->size; +} + + +static int +iasecc_parse_chv(struct sc_card *card, unsigned char *data, size_t data_len, struct iasecc_sdo_chv *chv) +{ + struct sc_context *ctx = card->ctx; + size_t offs = 0; + int rv; + + LOG_FUNC_CALLED(ctx); + while(offs < data_len) { + struct iasecc_extended_tlv tlv; + + rv = iasecc_parse_get_tlv(card, data + offs, &tlv); + LOG_TEST_RET(ctx, rv, "iasecc_parse_chv() get and parse TLV error"); + + sc_log(ctx, "iasecc_parse_chv() get and parse TLV returned %i; tag %X; size %i", rv, tlv.tag, tlv.size); + + if (tlv.tag == IASECC_SDO_CHV_TAG_SIZE_MAX) + chv->size_max = tlv; + else if (tlv.tag == IASECC_SDO_CHV_TAG_SIZE_MIN) + chv->size_min = tlv; + else if (tlv.tag == IASECC_SDO_CHV_TAG_VALUE) + chv->value = tlv; + else + LOG_TEST_RET(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "parse error: non CHV SDO tag"); + + offs += rv; + } + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static int +iasecc_parse_prvkey(struct sc_card *card, unsigned char *data, size_t data_len, struct iasecc_sdo_prvkey *prvkey) +{ + struct sc_context *ctx = card->ctx; + size_t offs = 0; + int rv; + + LOG_FUNC_CALLED(ctx); + while(offs < data_len) { + struct iasecc_extended_tlv tlv; + + rv = iasecc_parse_get_tlv(card, data + offs, &tlv); + LOG_TEST_RET(ctx, rv, "iasecc_parse_prvkey() get and parse TLV error"); + + sc_log(ctx, "iasecc_parse_prvkey() get and parse TLV returned %i; tag %X; size %i", rv, tlv.tag, tlv.size); + + if (tlv.tag == IASECC_SDO_PRVKEY_TAG_COMPULSORY) + prvkey->compulsory = tlv; + else + LOG_TEST_RET(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "parse error: non PrvKey SDO tag"); + + offs += rv; + } + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static int +iasecc_parse_pubkey(struct sc_card *card, unsigned char *data, size_t data_len, struct iasecc_sdo_pubkey *pubkey) +{ + struct sc_context *ctx = card->ctx; + size_t offs = 0; + int rv; + + LOG_FUNC_CALLED(ctx); + while(offs < data_len) { + struct iasecc_extended_tlv tlv; + + rv = iasecc_parse_get_tlv(card, data + offs, &tlv); + LOG_TEST_RET(ctx, rv, "iasecc_parse_pubkey() get and parse TLV error"); + + sc_log(ctx, "iasecc_parse_pubkey() get and parse TLV returned %i; tag %X; size %i", rv, tlv.tag, tlv.size); + + if (tlv.tag == IASECC_SDO_PUBKEY_TAG_N) + pubkey->n = tlv; + else if (tlv.tag == IASECC_SDO_PUBKEY_TAG_E) + pubkey->e = tlv; + else if (tlv.tag == IASECC_SDO_PUBKEY_TAG_CHR) + pubkey->chr = tlv; + else if (tlv.tag == IASECC_SDO_PUBKEY_TAG_CHA) + pubkey->cha = tlv; + else if (tlv.tag == IASECC_SDO_PUBKEY_TAG_COMPULSORY) + pubkey->compulsory = tlv; + else + LOG_TEST_RET(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "parse error: non PubKey SDO tag"); + + offs += rv; + } + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static int +iasecc_parse_keyset(struct sc_card *card, unsigned char *data, size_t data_len, struct iasecc_sdo_keyset *keyset) +{ + struct sc_context *ctx = card->ctx; + size_t offs = 0; + int rv; + + LOG_FUNC_CALLED(ctx); + while(offs < data_len) { + struct iasecc_extended_tlv tlv; + + rv = iasecc_parse_get_tlv(card, data + offs, &tlv); + LOG_TEST_RET(ctx, rv, "iasecc_parse_keyset() get and parse TLV error"); + + sc_log(ctx, "iasecc_parse_prvkey() get and parse TLV returned %i; tag %X; size %i", rv, tlv.tag, tlv.size); + + if (tlv.tag == IASECC_SDO_KEYSET_TAG_COMPULSORY) + keyset->compulsory = tlv; + else + LOG_TEST_RET(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "parse error: non KeySet SDO tag"); + + offs += rv; + } + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static int +iasecc_parse_docp(struct sc_card *card, unsigned char *data, size_t data_len, struct iasecc_sdo *sdo) +{ + struct sc_context *ctx = card->ctx; + size_t offs = 0; + int rv; + + LOG_FUNC_CALLED(ctx); + while(offs < data_len) { + struct iasecc_extended_tlv tlv; + + rv = iasecc_parse_get_tlv(card, data + offs, &tlv); + LOG_TEST_RET(ctx, rv, "iasecc_parse_get_tlv() get and parse TLV error"); + + sc_log(ctx, "iasecc_parse_docp() parse_get_tlv retuned %i; tag %X; size %i", rv, tlv.tag, tlv.size); + + if (tlv.tag == IASECC_DOCP_TAG_ACLS) { + int _rv = iasecc_parse_docp(card, tlv.value, tlv.size, sdo); + free(tlv.value); + LOG_TEST_RET(ctx, _rv, "parse error: cannot parse DOCP"); + } + else if (tlv.tag == IASECC_DOCP_TAG_ACLS_CONTACT) { + sdo->docp.acls_contact = tlv; + } + else if (tlv.tag == IASECC_DOCP_TAG_ACLS_CONTACTLESS) { + sdo->docp.acls_contactless = tlv; + } + else if (tlv.tag == IASECC_DOCP_TAG_SIZE) { + sdo->docp.size = tlv; + } + else if (tlv.tag == IASECC_DOCP_TAG_NAME) { + sdo->docp.name = tlv; + } + else if (tlv.tag == IASECC_DOCP_TAG_ISSUER_DATA) { + sdo->docp.issuer_data = tlv; + } + else if (tlv.tag == IASECC_DOCP_TAG_NON_REPUDATION) { + sdo->docp.non_repudiation = tlv; + } + else if (tlv.tag == IASECC_DOCP_TAG_USAGE_REMAINING) { + sdo->docp.usage_remaining = tlv; + } + else if (tlv.tag == IASECC_DOCP_TAG_TRIES_MAXIMUM) { + sdo->docp.tries_maximum = tlv; + } + else if (tlv.tag == IASECC_DOCP_TAG_TRIES_REMAINING) { + sdo->docp.tries_remaining = tlv; + } + else { + LOG_TEST_RET(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "iasecc_parse_get_tlv() parse error: non DOCP tag"); + } + + offs += rv; + } + + rv = iasecc_parse_acls(card, &sdo->docp, 0); + LOG_TEST_RET(ctx, rv, "Cannot parse ACLs in DOCP"); + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static int +iasecc_sdo_parse_data(struct sc_card *card, unsigned char *data, struct iasecc_sdo *sdo) +{ + struct sc_context *ctx = card->ctx; + struct iasecc_extended_tlv tlv; + int tlv_size, rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "iasecc_sdo_parse_data() class %X; ref %X", sdo->sdo_class, sdo->sdo_ref); + + tlv_size = iasecc_parse_get_tlv(card, data, &tlv); + LOG_TEST_RET(ctx, tlv_size, "parse error: get TLV"); + + sc_log(ctx, "iasecc_sdo_parse_data() tlv.tag 0x%X", tlv.tag); + if (tlv.tag == IASECC_DOCP_TAG) { + sc_log(ctx, "iasecc_sdo_parse_data() parse IASECC_DOCP_TAG: 0x%X; size %i", tlv.tag, tlv.size); + rv = iasecc_parse_docp(card, tlv.value, tlv.size, sdo); + sc_log(ctx, "iasecc_sdo_parse_data() parsed IASECC_DOCP_TAG rv %i", rv); + free(tlv.value); + LOG_TEST_RET(ctx, rv, "parse error: cannot parse DOCP"); + } + else if (tlv.tag == IASECC_DOCP_TAG_NON_REPUDATION) { + sdo->docp.non_repudiation = tlv; + } + else if (tlv.tag == IASECC_DOCP_TAG_USAGE_REMAINING) { + sdo->docp.usage_remaining = tlv; + } + else if (tlv.tag == IASECC_DOCP_TAG_TRIES_MAXIMUM) { + sdo->docp.tries_maximum = tlv; + } + else if (tlv.tag == IASECC_DOCP_TAG_TRIES_REMAINING) { + sdo->docp.tries_remaining = tlv; + } + else if (tlv.tag == IASECC_SDO_CHV_TAG) { + if (sdo->sdo_class != IASECC_SDO_CLASS_CHV) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "parse error: IASECC_SDO_CHV_TAG tag in non User CHV SDO"); + + rv = iasecc_parse_chv(card, tlv.value, tlv.size, &sdo->data.chv); + LOG_TEST_RET(ctx, rv, "parse error: cannot parse SDO CHV data"); + + free(tlv.value); + } + else if (tlv.tag == IASECC_SDO_PUBKEY_TAG) { + if (sdo->sdo_class != IASECC_SDO_CLASS_RSA_PUBLIC) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "parse error: SDO_PUBLIC_KEY tag in non PUBLIC_KEY SDO"); + + rv = iasecc_parse_pubkey(card, tlv.value, tlv.size, &sdo->data.pub_key); + LOG_TEST_RET(ctx, rv, "parse error: cannot parse SDO PUBLIC KEY data"); + + free(tlv.value); + } + else if (tlv.tag == IASECC_SDO_PRVKEY_TAG) { + if (sdo->sdo_class != IASECC_SDO_CLASS_RSA_PRIVATE) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "parse error: SDO_PRIVATE_KEY tag in non PRIVATE_KEY SDO"); + + rv = iasecc_parse_prvkey(card, tlv.value, tlv.size, &sdo->data.prv_key); + LOG_TEST_RET(ctx, rv, "parse error: cannot parse SDO PRIVATE KEY data"); + + free(tlv.value); + } + else if (tlv.tag == IASECC_SDO_KEYSET_TAG) { + if (sdo->sdo_class != IASECC_SDO_CLASS_KEYSET) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "parse error: SDO_KEYSET tag in non KEYSET SDO"); + + rv = iasecc_parse_keyset(card, tlv.value, tlv.size, &sdo->data.keyset); + LOG_TEST_RET(ctx, rv, "parse error: cannot parse SDO KEYSET data"); + + free(tlv.value); + } + else { + sc_log(ctx, "iasecc_sdo_parse_data() non supported tag 0x%X", tlv.tag); + LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED); + } + + return tlv_size; +} + + +int +iasecc_sdo_parse(struct sc_card *card, unsigned char *data, size_t data_len, struct iasecc_sdo *sdo) +{ + struct sc_context *ctx = card->ctx; + size_t size, offs, size_size; + int rv; + + LOG_FUNC_CALLED(ctx); + + if (*data == IASECC_SDO_TEMPLATE_TAG) { + size_size = iasecc_parse_size(data + 1, &size); + LOG_TEST_RET(ctx, size_size, "parse error: invalid size data of IASECC_SDO_TEMPLATE"); + + data += size_size + 1; + data_len = size; + sc_log(ctx, "IASECC_SDO_TEMPLATE: size %i, size_size %i", size, size_size); + } + + if (*data != IASECC_SDO_TAG_HEADER) + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA); + + if (sdo->sdo_class != (*(data + 1) & 0x7F)) + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA); + + if (sdo->sdo_ref != (*(data + 2) & 0x3F)) + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA); + + size_size = iasecc_parse_size(data + 3, &size); + LOG_TEST_RET(ctx, size_size, "parse error: invalid size data"); + + if (data_len != size + size_size + 3) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "parse error: invalide SDO data size"); + + sc_log(ctx, "sz %i, sz_size %i", size, size_size); + + offs = 3 + size_size; + for (; offs < data_len;) { + rv = iasecc_sdo_parse_data(card, data + offs, sdo); + LOG_TEST_RET(ctx, rv, "parse error: invalid SDO data"); + + offs += rv; + } + + if (offs != data_len) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "parse error: not totaly parsed"); + + sc_log(ctx, "docp.acls_contact.size %i, docp.size.size %i", sdo->docp.acls_contact.size, sdo->docp.size.size); + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +int +iasecc_sdo_allocate_and_parse(struct sc_card *card, unsigned char *data, size_t data_len, + struct iasecc_sdo **out) +{ + struct sc_context *ctx = card->ctx; + struct iasecc_sdo *sdo = NULL; + size_t size, offs, size_size; + int rv; + + LOG_FUNC_CALLED(ctx); + + if (*data != IASECC_SDO_TAG_HEADER) + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA); + + if (data_len < 3) + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA); + + sdo = calloc(1, sizeof(struct iasecc_sdo)); + if (!sdo) + return SC_ERROR_MEMORY_FAILURE; + + sdo->sdo_class = *(data + 1) & 0x7F; + sdo->sdo_ref = *(data + 2) & 0x3F; + + sc_log(ctx, "sdo_class 0x%X, sdo_ref 0x%X", sdo->sdo_class, sdo->sdo_ref); + if (data_len == 3) { + *out = sdo; + LOG_FUNC_RETURN(ctx, SC_SUCCESS); + } + + size_size = iasecc_parse_size(data + 3, &size); + LOG_TEST_RET(ctx, size_size, "parse error: invalid size data"); + + if (data_len != size + size_size + 3) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "parse error: invalide SDO data size"); + + sc_log(ctx, "sz %i, sz_size %i", size, size_size); + + offs = 3 + size_size; + for (; offs < data_len;) { + rv = iasecc_sdo_parse_data(card, data + offs, sdo); + LOG_TEST_RET(ctx, rv, "parse error: invalid SDO data"); + + offs += rv; + } + + if (offs != data_len) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "parse error: not totaly parsed"); + + sc_log(ctx, "docp.acls_contact.size %i; docp.size.size %i", sdo->docp.acls_contact.size, sdo->docp.size.size); + + *out = sdo; + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static int +iasecc_update_blob(struct sc_context *ctx, struct iasecc_extended_tlv *tlv, + unsigned char **blob, size_t *blob_size) +{ + unsigned char *pp = NULL; + int offs = 0, sz = tlv->size + 2; + + if (tlv->size == 0) + LOG_FUNC_RETURN(ctx, SC_SUCCESS); + + sz = tlv->size + 2; + + if (tlv->tag > 0xFF) + sz += 1; + + if (tlv->size > 0x7F && tlv->size < 0x100) + sz += 1; + else if (tlv->size >= 0x100) + sz += 2; + + pp = realloc(*blob, *blob_size + sz); + if (!pp) + LOG_FUNC_RETURN(ctx, SC_ERROR_MEMORY_FAILURE); + + if (tlv->tag > 0xFF) + *(pp + *blob_size + offs++) = (tlv->tag >> 8) & 0xFF; + *(pp + *blob_size + offs++) = tlv->tag & 0xFF; + + if (tlv->size >= 0x100) { + *(pp + *blob_size + offs++) = 0x82; + *(pp + *blob_size + offs++) = (tlv->size >> 8) & 0xFF; + } + else if (tlv->size > 0x7F) { + *(pp + *blob_size + offs++) = 0x81; + } + *(pp + *blob_size + offs++) = tlv->size & 0xFF; + + memcpy(pp + *blob_size + offs, tlv->value, tlv->size); + + *blob_size += sz; + *blob = pp; + + return 0; +} + + +static int +iasecc_encode_docp(struct sc_context *ctx, struct iasecc_sdo_docp *docp, unsigned char **out, size_t *out_len) +{ + struct iasecc_extended_tlv tlv, tlv_st; + unsigned char *st_blob, *tmp_blob, *docp_blob; + size_t blob_size; + int rv; + + LOG_FUNC_CALLED(ctx); + if (!docp->acls_contact.size || (docp->size.size != 2)) + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA); + + memset(&tlv, 0, sizeof(tlv)); + memset(&tlv_st, 0, sizeof(tlv_st)); + + st_blob = NULL; + blob_size = 0; + rv = iasecc_update_blob(ctx, &docp->acls_contact, &st_blob, &blob_size); + LOG_TEST_RET(ctx, rv, "ECC: cannot add contact ACLs to blob"); + + rv = iasecc_update_blob(ctx, &docp->acls_contactless, &st_blob, &blob_size); + LOG_TEST_RET(ctx, rv, "ECC: cannot add contactless ACLs to blob"); + + tlv.tag = IASECC_DOCP_TAG_ACLS; + tlv.size = blob_size; + tlv.value = st_blob; + + tmp_blob = NULL; + blob_size = 0; + rv = iasecc_update_blob(ctx, &tlv, &tmp_blob, &blob_size); + LOG_TEST_RET(ctx, rv, "ECC: cannot add ACLs template to blob"); + + rv = iasecc_update_blob(ctx, &docp->name, &tmp_blob, &blob_size); + LOG_TEST_RET(ctx, rv, "ECC: cannot add NAME to blob"); + + rv = iasecc_update_blob(ctx, &docp->tries_maximum, &tmp_blob, &blob_size); + LOG_TEST_RET(ctx, rv, "ECC: cannot add TRIES MAXIMUM to blob"); + + rv = iasecc_update_blob(ctx, &docp->tries_remaining, &tmp_blob, &blob_size); + LOG_TEST_RET(ctx, rv, "ECC: cannot add TRIES REMAINING to blob"); + + rv = iasecc_update_blob(ctx, &docp->usage_maximum, &tmp_blob, &blob_size); + LOG_TEST_RET(ctx, rv, "ECC: cannot add USAGE MAXIMUM to blob"); + + rv = iasecc_update_blob(ctx, &docp->usage_remaining, &tmp_blob, &blob_size); + LOG_TEST_RET(ctx, rv, "ECC: cannot add USAGE REMAINING to blob"); + + rv = iasecc_update_blob(ctx, &docp->non_repudiation, &tmp_blob, &blob_size); + LOG_TEST_RET(ctx, rv, "ECC: cannot add NON REPUDATION to blob"); + + rv = iasecc_update_blob(ctx, &docp->size, &tmp_blob, &blob_size); + LOG_TEST_RET(ctx, rv, "ECC: cannot add SIZE to blob"); + + rv = iasecc_update_blob(ctx, &docp->issuer_data, &tmp_blob, &blob_size); + LOG_TEST_RET(ctx, rv, "ECC: cannot add IDATA to blob"); + + tlv.tag = IASECC_DOCP_TAG; + tlv.size = blob_size; + tlv.value = tmp_blob; + + docp_blob = NULL; + blob_size = 0; + rv = iasecc_update_blob(ctx, &tlv, &docp_blob, &blob_size); + LOG_TEST_RET(ctx, rv, "ECC: cannot add ACLs to blob"); + + free(tmp_blob); + + if (out && out_len) { + *out = docp_blob; + *out_len = blob_size; + } + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static unsigned +iasecc_sdo_encode_asn1_tag(unsigned in_tag) +{ + unsigned short_tag; + unsigned out_tag; + + for (short_tag = in_tag; short_tag > 0xFF; short_tag >>= 8) + ; + out_tag = in_tag; + switch (short_tag & SC_ASN1_TAG_CLASS) { + case SC_ASN1_TAG_APPLICATION: + out_tag |= SC_ASN1_APP; + break; + case SC_ASN1_TAG_CONTEXT: + out_tag |= SC_ASN1_CTX; + break; + case SC_ASN1_TAG_PRIVATE: + out_tag |= SC_ASN1_PRV; + break; + } + return out_tag; +} + + +int +iasecc_sdo_encode_create(struct sc_context *ctx, struct iasecc_sdo *sdo, unsigned char **out) +{ + struct sc_asn1_entry c_asn1_docp_data[2] = { + { "docpData", SC_ASN1_OCTET_STRING, 0, SC_ASN1_ALLOC, NULL, NULL }, + { NULL, 0, 0, 0, NULL, NULL } + }; + struct sc_asn1_entry c_asn1_create_data[2] = { + { "createData", SC_ASN1_STRUCT, SC_ASN1_TAG_SEQUENCE | SC_ASN1_APP | SC_ASN1_CONS, 0, NULL, NULL }, + { NULL, 0, 0, 0, NULL, NULL } + }; + struct sc_asn1_entry asn1_docp_data[2], asn1_create_data[2]; + unsigned char *blob = NULL; + size_t len, out_len; + unsigned sdo_full_ref; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "ecc_sdo_encode_create() sdo->sdo_class %X", sdo->sdo_class); + sc_log(ctx, "id %02X%02X%02X", IASECC_SDO_TAG_HEADER, sdo->sdo_class | 0x80, sdo->sdo_ref); + + if (out) + *out = NULL; + + rv = iasecc_encode_docp(ctx, &sdo->docp, &blob, &len); + LOG_TEST_RET(ctx, rv, "ECC encode DOCP error"); + + sdo_full_ref = (sdo->sdo_ref&0x3F) + 0x100*(sdo->sdo_class | IASECC_OBJECT_REF_LOCAL) + 0x10000*IASECC_SDO_TAG_HEADER; + c_asn1_docp_data[0].tag = iasecc_sdo_encode_asn1_tag(sdo_full_ref) | SC_ASN1_CONS; + + sc_copy_asn1_entry(c_asn1_docp_data, asn1_docp_data); + sc_copy_asn1_entry(c_asn1_create_data, asn1_create_data); + + sc_format_asn1_entry(asn1_docp_data + 0, blob, &len, 1); + sc_format_asn1_entry(asn1_create_data + 0, asn1_docp_data, NULL, 1); + + rv = sc_asn1_encode(ctx, asn1_create_data, out, &out_len); + LOG_TEST_RET(ctx, rv, "Encode create data error"); + sc_debug(ctx, SC_LOG_DEBUG_ASN1,"Create data: %s", sc_dump_hex(*out, out_len)); + + LOG_FUNC_RETURN(ctx, out_len); +} + + +int +iasecc_sdo_encode_update_field(struct sc_context *ctx, unsigned char sdo_class, unsigned char sdo_ref, + struct iasecc_extended_tlv *tlv, unsigned char **out) +{ + unsigned sdo_full_ref; + size_t out_len; + int rv; + + struct sc_asn1_entry c_asn1_field_value[2] = { + { "fieldValue", SC_ASN1_OCTET_STRING, 0, SC_ASN1_ALLOC, NULL, NULL }, + { NULL, 0, 0, 0, NULL, NULL } + }; + struct sc_asn1_entry c_asn1_sdo_field[2] = { + { "sdoField", SC_ASN1_STRUCT, 0, 0, NULL, NULL }, + { NULL, 0, 0, 0, NULL, NULL } + }; + struct sc_asn1_entry c_asn1_class_data[2] = { + { "classData", SC_ASN1_STRUCT, 0, 0, NULL, NULL }, + { NULL, 0, 0, 0, NULL, NULL } + }; + struct sc_asn1_entry c_asn1_update_data[2] = { + { "updateData", SC_ASN1_STRUCT, SC_ASN1_TAG_SEQUENCE | SC_ASN1_APP | SC_ASN1_CONS, 0, NULL, NULL }, + { NULL, 0, 0, 0, NULL, NULL } + }; + struct sc_asn1_entry asn1_field_value[4], asn1_sdo_field[2], asn1_class_data[2], asn1_update_data[2]; + + LOG_FUNC_CALLED(ctx); + + c_asn1_field_value[0].tag = iasecc_sdo_encode_asn1_tag(tlv->tag); + c_asn1_sdo_field[0].tag = iasecc_sdo_encode_asn1_tag(tlv->parent_tag) | SC_ASN1_CONS; + + sdo_full_ref = (sdo_ref&0x3F) + 0x100*(sdo_class | IASECC_OBJECT_REF_LOCAL) + 0x10000*IASECC_SDO_TAG_HEADER; + c_asn1_class_data[0].tag = iasecc_sdo_encode_asn1_tag(sdo_full_ref) | SC_ASN1_CONS; + + sc_copy_asn1_entry(c_asn1_field_value, asn1_field_value); + sc_copy_asn1_entry(c_asn1_sdo_field, asn1_sdo_field); + sc_copy_asn1_entry(c_asn1_class_data, asn1_class_data); + sc_copy_asn1_entry(c_asn1_update_data, asn1_update_data); + + sc_format_asn1_entry(asn1_field_value + 0, tlv->value, &tlv->size, 1); + sc_format_asn1_entry(asn1_sdo_field + 0, asn1_field_value, NULL, 1); + sc_format_asn1_entry(asn1_class_data + 0, asn1_sdo_field, NULL, 1); + sc_format_asn1_entry(asn1_update_data + 0, asn1_class_data, NULL, 1); + + rv = sc_asn1_encode(ctx, asn1_update_data, out, &out_len); + LOG_TEST_RET(ctx, rv, "Encode update data error"); + + sc_debug(ctx, SC_LOG_DEBUG_ASN1,"Data: %s", sc_dump_hex(tlv->value, tlv->size)); + sc_debug(ctx, SC_LOG_DEBUG_ASN1,"Encoded: %s", sc_dump_hex(*out, out_len)); + LOG_FUNC_RETURN(ctx, out_len); +} + + +int +iasecc_sdo_encode_rsa_update(struct sc_context *ctx, struct iasecc_sdo *sdo, struct sc_pkcs15_prkey_rsa *rsa, + struct iasecc_sdo_update *sdo_update) +{ + LOG_FUNC_CALLED(ctx); + + sc_log(ctx, "iasecc_sdo_encode_rsa_update() SDO class %X", sdo->sdo_class); + memset(sdo_update, 0, sizeof(*sdo_update)); + if (sdo->sdo_class == IASECC_SDO_CLASS_RSA_PRIVATE) { + int indx = 0; + + sc_log(ctx, "iasecc_sdo_encode_rsa_update(IASECC_SDO_CLASS_RSA_PRIVATE)"); + if (!rsa->p.len || !rsa->q.len || !rsa->iqmp.len || !rsa->dmp1.len || !rsa->dmq1.len) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "need all private RSA key components"); + + sdo_update->magic = SC_CARDCTL_IASECC_SDO_MAGIC_PUT_DATA; + sdo_update->sdo_ref = sdo->sdo_ref; + + sdo_update->sdo_class = IASECC_SDO_CLASS_RSA_PRIVATE; + + sdo_update->fields[indx].parent_tag = IASECC_SDO_PRVKEY_TAG; + sdo_update->fields[indx].tag = IASECC_SDO_PRVKEY_TAG_P; + sdo_update->fields[indx].value = rsa->p.data; + sdo_update->fields[indx].size = rsa->p.len; + indx++; + + sdo_update->fields[indx].parent_tag = IASECC_SDO_PRVKEY_TAG; + sdo_update->fields[indx].tag = IASECC_SDO_PRVKEY_TAG_Q; + sdo_update->fields[indx].value = rsa->q.data; + sdo_update->fields[indx].size = rsa->q.len; + indx++; + + sdo_update->fields[indx].parent_tag = IASECC_SDO_PRVKEY_TAG; + sdo_update->fields[indx].tag = IASECC_SDO_PRVKEY_TAG_IQMP; + sdo_update->fields[indx].value = rsa->iqmp.data; + sdo_update->fields[indx].size = rsa->iqmp.len; + indx++; + + sdo_update->fields[indx].parent_tag = IASECC_SDO_PRVKEY_TAG; + sdo_update->fields[indx].tag = IASECC_SDO_PRVKEY_TAG_DMP1; + sdo_update->fields[indx].value = rsa->dmp1.data; + sdo_update->fields[indx].size = rsa->dmp1.len; + indx++; + + sdo_update->fields[indx].parent_tag = IASECC_SDO_PRVKEY_TAG; + sdo_update->fields[indx].tag = IASECC_SDO_PRVKEY_TAG_DMQ1; + sdo_update->fields[indx].value = rsa->dmq1.data; + sdo_update->fields[indx].size = rsa->dmq1.len; + indx++; + + sc_log(ctx, "prv_key.compulsory.on_card %i", sdo->data.prv_key.compulsory.on_card); + if (!sdo->data.prv_key.compulsory.on_card) { + if (sdo->data.prv_key.compulsory.value) { + sc_log(ctx, "sdo_prvkey->data.prv_key.compulsory.size %i", sdo->data.prv_key.compulsory.size); + sdo_update->fields[indx].parent_tag = IASECC_SDO_PRVKEY_TAG; + sdo_update->fields[indx].tag = IASECC_SDO_PRVKEY_TAG_COMPULSORY; + sdo_update->fields[indx].value = sdo->data.prv_key.compulsory.value; + sdo_update->fields[indx].size = sdo->data.prv_key.compulsory.size; + indx++; + } + } + } + else if (sdo->sdo_class == IASECC_SDO_CLASS_RSA_PUBLIC) { + int indx = 0; + sc_log(ctx, "iasecc_sdo_encode_rsa_update(IASECC_SDO_CLASS_RSA_PUBLIC)"); + + sdo_update->magic = SC_CARDCTL_IASECC_SDO_MAGIC_PUT_DATA; + sdo_update->sdo_ref = sdo->sdo_ref; + sdo_update->sdo_class = sdo->sdo_class; + + if (rsa->exponent.len) { + sdo_update->fields[indx].parent_tag = IASECC_SDO_PUBKEY_TAG; + sdo_update->fields[indx].tag = IASECC_SDO_PUBKEY_TAG_E; + sdo_update->fields[indx].value = rsa->exponent.data; + sdo_update->fields[indx].size = rsa->exponent.len; + indx++; + } + + if (rsa->modulus.len) { + sdo_update->fields[indx].parent_tag = IASECC_SDO_PUBKEY_TAG; + sdo_update->fields[indx].tag = IASECC_SDO_PUBKEY_TAG_N; + sdo_update->fields[indx].value = rsa->modulus.data; + sdo_update->fields[indx].size = rsa->modulus.len; + indx++; + } + + if (sdo->data.pub_key.cha.value) { + sdo_update->fields[indx].parent_tag = IASECC_SDO_PUBKEY_TAG; + sdo_update->fields[indx].tag = IASECC_SDO_PUBKEY_TAG_CHA; + sdo_update->fields[indx].value = sdo->data.pub_key.cha.value; + sdo_update->fields[indx].size = sdo->data.pub_key.cha.size; + indx++; + } + + if (sdo->data.pub_key.chr.value) { + sdo_update->fields[indx].parent_tag = IASECC_SDO_PUBKEY_TAG; + sdo_update->fields[indx].tag = IASECC_SDO_PUBKEY_TAG_CHR; + sdo_update->fields[indx].value = sdo->data.pub_key.chr.value; + sdo_update->fields[indx].size = sdo->data.pub_key.chr.size; + indx++; + } + + /* For ECC card 'compulsory' flag should be already here */ + if (!sdo->data.pub_key.compulsory.on_card) { + if (sdo->data.pub_key.compulsory.value) { + sdo_update->fields[indx].parent_tag = IASECC_SDO_PUBKEY_TAG; + sdo_update->fields[indx].tag = IASECC_SDO_PUBKEY_TAG_COMPULSORY; + sdo_update->fields[indx].value = sdo->data.pub_key.compulsory.value; + sdo_update->fields[indx].size = sdo->data.pub_key.compulsory.size; + indx++; + } + } + } + else { + LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED); + } + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +int +iasecc_sdo_parse_card_answer(struct sc_context *ctx, unsigned char *data, size_t data_len, + struct iasecc_sm_card_answer *out) +{ + int offs, have_mac = 0, have_status = 0; + size_t size = 0, size_size; + + LOG_FUNC_CALLED(ctx); + if (!data || !data_len || !out) + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS); + + memset(out, 0, sizeof(*out)); + for (offs=0; offs sizeof(out->data)) + LOG_TEST_RET(ctx, SC_ERROR_BUFFER_TOO_SMALL, "iasecc_sm_decode_answer() unbelivable !!!"); + + memcpy(out->data, data + offs + size_size + 1, size); + out->data_len = size; + offs += 1 + size_size + size; + } + else if (*(data + offs) == IASECC_CARD_ANSWER_TAG_SW ) { + if (*(data + offs + 1) != 2) + LOG_TEST_RET(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "iasecc_sm_decode_answer() SW length not 2"); + out->sw = *(data + offs + 2) * 0x100 + *(data + offs + 3); + + memcpy(out->ticket, data + offs, 4); + + offs += 4; + have_status = 1; + } + else if (*(data + offs) == IASECC_CARD_ANSWER_TAG_MAC ) { + if (*(data + offs + 1) != 8) + LOG_TEST_RET(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "iasecc_sm_decode_answer() MAC length not 8"); + memcpy(out->mac, data + offs + 2, 8); + + memcpy(out->ticket + 4, data + offs, 10); + + offs += 10; + have_mac = 1; + } + else { + LOG_TEST_RET(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "iasecc_sm_decode_answer() invalid card answer tag"); + } + } + + if (!have_mac || !have_status) + LOG_TEST_RET(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "iasecc_sm_decode_answer() absent MAC or SW "); + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static int +iasecc_tlv_copy(struct sc_context *ctx, struct iasecc_extended_tlv *in, struct iasecc_extended_tlv *out) +{ + if (!in || !out) + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS); + + memset(out, 0, sizeof(struct iasecc_extended_tlv)); + out->tag = in->tag; + out->parent_tag = in->parent_tag; + out->on_card = in->on_card; + if (in->value && in->size) { + out->value = calloc(1, in->size); + if (!out->value) + LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY); + + memcpy(out->value, in->value, in->size); + out->size = in->size; + } + + return SC_SUCCESS; +} + + +int +iasecc_docp_copy(struct sc_context *ctx, struct iasecc_sdo_docp *in, struct iasecc_sdo_docp *out) +{ + int rv; + + LOG_FUNC_CALLED(ctx); + if (!in || !out) + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS); + + memset(out, 0, sizeof(struct iasecc_sdo_docp)); + + rv = iasecc_tlv_copy(ctx, &in->name, &out->name); + LOG_TEST_RET(ctx, rv, "TLV copy error"); + + rv = iasecc_tlv_copy(ctx, &in->tries_maximum, &out->tries_maximum); + LOG_TEST_RET(ctx, rv, "TLV copy error"); + + rv = iasecc_tlv_copy(ctx, &in->tries_remaining, &out->tries_remaining); + LOG_TEST_RET(ctx, rv, "TLV copy error"); + + rv = iasecc_tlv_copy(ctx, &in->usage_maximum, &out->usage_maximum); + LOG_TEST_RET(ctx, rv, "TLV copy error"); + + rv = iasecc_tlv_copy(ctx, &in->usage_remaining, &out->usage_remaining); + LOG_TEST_RET(ctx, rv, "TLV copy error"); + + rv = iasecc_tlv_copy(ctx, &in->non_repudiation, &out->non_repudiation); + LOG_TEST_RET(ctx, rv, "TLV copy error"); + + rv = iasecc_tlv_copy(ctx, &in->size, &out->size); + LOG_TEST_RET(ctx, rv, "TLV copy error"); + + rv = iasecc_tlv_copy(ctx, &in->acls_contact, &out->acls_contact); + LOG_TEST_RET(ctx, rv, "TLV copy error"); + + rv = iasecc_tlv_copy(ctx, &in->acls_contactless, &out->acls_contactless); + LOG_TEST_RET(ctx, rv, "TLV copy error"); + + out->amb = in->amb; + memcpy(out->scbs, in->scbs, sizeof(out->scbs)); + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + +#endif /* ENABLE_OPENSSL */ diff -Nru opensc-0.11.13/src/libopensc/iasecc-sdo.h opensc-0.12.1/src/libopensc/iasecc-sdo.h --- opensc-0.11.13/src/libopensc/iasecc-sdo.h 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/libopensc/iasecc-sdo.h 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,309 @@ +/* + * iasecc-sdo.h: Support for IAS/ECC smart cards + * + * Copyright (C) 2010 Viktor Tarasov + * OpenTrust + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifndef SC_IASECC_SDO_H +#define SC_IASECC_SDO_H + +#include "libopensc/types.h" + +#define IASECC_SDO_TAG_HEADER 0xBF + +#define IASECC_SDO_TEMPLATE_TAG 0x70 + +#define IASECC_DOCP_TAG 0xA0 +#define IASECC_DOCP_TAG_NAME 0x84 +#define IASECC_DOCP_TAG_TRIES_MAXIMUM 0x9A +#define IASECC_DOCP_TAG_TRIES_REMAINING 0x9B +#define IASECC_DOCP_TAG_USAGE_MAXIMUM 0x9C +#define IASECC_DOCP_TAG_USAGE_REMAINING 0x9D +#define IASECC_DOCP_TAG_NON_REPUDATION 0x9E +#define IASECC_DOCP_TAG_SIZE 0x80 +#define IASECC_DOCP_TAG_ACLS 0xA1 +#define IASECC_DOCP_TAG_ACLS_CONTACT 0x8C +#define IASECC_DOCP_TAG_ACLS_CONTACTLESS 0x9C +#define IASECC_DOCP_TAG_ISSUER_DATA_BER 0xA5 +#define IASECC_DOCP_TAG_ISSUER_DATA 0x85 + +#define IASECC_ACLS_CHV_CHANGE 0 +#define IASECC_ACLS_CHV_VERIFY 1 +#define IASECC_ACLS_CHV_RESET 2 +#define IASECC_ACLS_CHV_PUT_DATA 5 +#define IASECC_ACLS_CHV_GET_DATA 6 + +#define IASECC_ACLS_RSAKEY_PSO_SIGN 0 +#define IASECC_ACLS_RSAKEY_INTERNAL_AUTH 1 +#define IASECC_ACLS_RSAKEY_PSO_DECIPHER 2 +#define IASECC_ACLS_RSAKEY_GENERATE 3 +#define IASECC_ACLS_RSAKEY_PUT_DATA 5 +#define IASECC_ACLS_RSAKEY_GET_DATA 6 + +#define IASECC_SDO_CHV_TAG 0x7F41 +#define IASECC_SDO_CHV_TAG_SIZE_MAX 0x80 +#define IASECC_SDO_CHV_TAG_SIZE_MIN 0x81 +#define IASECC_SDO_CHV_TAG_VALUE 0x82 + +#define IASECC_SDO_PRVKEY_TAG 0x7F48 +#define IASECC_SDO_PRVKEY_TAG_P 0x92 +#define IASECC_SDO_PRVKEY_TAG_Q 0x93 +#define IASECC_SDO_PRVKEY_TAG_IQMP 0x94 +#define IASECC_SDO_PRVKEY_TAG_DMP1 0x95 +#define IASECC_SDO_PRVKEY_TAG_DMQ1 0x96 +#define IASECC_SDO_PRVKEY_TAG_COMPULSORY 0x80 + +#define IASECC_SDO_PUBKEY_TAG 0x7F49 +#define IASECC_SDO_PUBKEY_TAG_N 0x81 +#define IASECC_SDO_PUBKEY_TAG_E 0x82 +#define IASECC_SDO_PUBKEY_TAG_COMPULSORY 0x80 +#define IASECC_SDO_PUBKEY_TAG_CHR 0x5F20 +#define IASECC_SDO_PUBKEY_TAG_CHA 0x5F4C + +#define IASECC_SDO_KEYSET_TAG 0xA2 +#define IASECC_SDO_KEYSET_TAG_MAC 0x90 +#define IASECC_SDO_KEYSET_TAG_ENC 0x91 +#define IASECC_SDO_KEYSET_TAG_COMPULSORY 0x80 + +#define IASECC_SCB_METHOD_NEED_ALL 0x80 +#define IASECC_SCB_METHOD_MASK 0x70 +#define IASECC_SCB_METHOD_MASK_REF 0x0F +#define IASECC_SCB_METHOD_SM 0x40 +#define IASECC_SCB_METHOD_EXT_AUTH 0x20 +#define IASECC_SCB_METHOD_USER_AUTH 0x10 + +#define IASECC_SCB_NEVER 0xFF +#define IASECC_SCB_ALWAYS 0x00 + +#define IASECC_SDO_CLASS_CHV 0x01 +#define IASECC_SDO_CLASS_KEYSET 0x0A +#define IASECC_SDO_CLASS_RSA_PRIVATE 0x10 +#define IASECC_SDO_CLASS_RSA_PUBLIC 0x20 +#define IASECC_SDO_CLASS_SE 0x7B + +#define IASECC_CRT_TAG_AT 0xA4 +#define IASECC_CRT_TAG_CT 0xB8 +#define IASECC_CRT_TAG_CCT 0xB4 +#define IASECC_CRT_TAG_DST 0xB6 +#define IASECC_CRT_TAG_HT 0xAA +#define IASECC_CRT_TAG_KAT 0xA6 + +#define IASECC_CRT_TAG_USAGE 0x95 +#define IASECC_CRT_TAG_REFERENCE 0x83 +#define IASECC_CRT_TAG_ALGO 0x80 + +#define IASECC_ALGORITHM_SYMMETRIC 0x0C +#define IASECC_ALGORITHM_DH 0x0B +#define IASECC_ALGORITHM_RSA_PKCS 0x02 +#define IASECC_ALGORITHM_RSA_9796_2 0x01 +#define IASECC_ALGORITHM_RSA_PKCS_DECRYPT 0x0A +#define IASECC_ALGORITHM_SHA1 0x10 +#define IASECC_ALGORITHM_SHA2 0x40 + +#define IASECC_ALGORITHM_ROLE_AUTH 0x1C +#define IASECC_ALGORITHM_SYMMETRIC_SHA1 0x0C +#define IASECC_ALGORITHM_SYMMETRIC_SHA256 0x8C + +#define IASECC_UQB_AT_MUTUAL_AUTHENTICATION 0xC0 +#define IASECC_UQB_AT_EXTERNAL_AUTHENTICATION 0x80 +#define IASECC_UQB_AT_AUTHENTICATION 0x40 +#define IASECC_UQB_AT_USER_PASSWORD 0x08 +#define IASECC_UQB_AT_USER_BIOMETRIC 0x04 + +#define IASECC_UQB_DST_VERIFICATION 0x80 +#define IASECC_UQB_DST_COMPUTATION 0x40 + +#define IASECC_UQB_CT_ENCIPHERMENT 0x80 +#define IASECC_UQB_CT_DECIPHERMENT 0x40 +#define IASECC_UQB_CT_SM_RESPONSE 0x20 +#define IASECC_UQB_CT_SM_COMMAND 0x10 + +#define IASECC_UQB_CCT_VERIFICATION 0x80 +#define IASECC_UQB_CCT_COMPUTATION 0x40 +#define IASECC_UQB_CCT_SM_RESPONSE 0x20 +#define IASECC_UQB_CCT_SM_COMMAND 0x10 + +#define IASECC_UQB_KAT 0x80 + +#define IASECC_ACL_GET_DATA 0x01 +#define IASECC_ACL_PUT_DATA 0x02 +#define IASECC_ACL_GENERATE_KEY 0x08 +#define IASECC_ACL_PSO_DECIPHER 0x10 +#define IASECC_ACL_INTERNAL_AUTHENTICATE 0x20 +#define IASECC_ACL_PSO_SIGNATURE 0x40 + +#define IASECC_SDO_TAGS_UPDATE_MAX 16 + +#define IASECC_SE_CRTS_MAX 24 + +#define _MAKE_IASECC_SDO_MAGIC(a, b, c, d) (((a) << 24) | ((b) << 16) | ((c) << 8) | ((d))) + +#define IASECC_SDO_MAGIC _MAKE_IASECC_SDO_MAGIC('E', 'C', 'S', 'D') +#define IASECC_SDO_MAGIC_UPDATE _MAKE_IASECC_SDO_MAGIC('E', 'C', 'U', 'D') +#define IASECC_SDO_MAGIC_UPDATE_RSA _MAKE_IASECC_SDO_MAGIC('E', 'C', 'U', 'R') + +#define IASECC_MAX_SCBS 7 +#define IASECC_MAX_CRTS_IN_SE 24 + +struct iasecc_extended_tlv { + unsigned tag; + unsigned parent_tag; + + unsigned char *value; + size_t size; + + unsigned on_card; +}; + +struct iasecc_sdo_docp { + struct iasecc_extended_tlv name; + struct iasecc_extended_tlv tries_maximum; + struct iasecc_extended_tlv tries_remaining; + struct iasecc_extended_tlv usage_maximum; + struct iasecc_extended_tlv usage_remaining; + struct iasecc_extended_tlv non_repudiation; + struct iasecc_extended_tlv size; + struct iasecc_extended_tlv acls_contact; + struct iasecc_extended_tlv acls_contactless; + struct iasecc_extended_tlv issuer_data; + + unsigned char amb, scbs[IASECC_MAX_SCBS]; +}; + +struct iasecc_sdo_chv { + struct iasecc_extended_tlv size_max; + struct iasecc_extended_tlv size_min; + struct iasecc_extended_tlv value; +}; + +struct iasecc_sdo_prvkey { + struct iasecc_extended_tlv p; + struct iasecc_extended_tlv q; + struct iasecc_extended_tlv iqmp; + struct iasecc_extended_tlv dmp1; + struct iasecc_extended_tlv dmq1; + struct iasecc_extended_tlv compulsory; +}; + +struct iasecc_sdo_pubkey { + struct iasecc_extended_tlv n; + struct iasecc_extended_tlv e; + struct iasecc_extended_tlv compulsory; + struct iasecc_extended_tlv chr; + struct iasecc_extended_tlv cha; +}; + +struct iasecc_sdo_keyset { + struct iasecc_extended_tlv mac; + struct iasecc_extended_tlv enc; + struct iasecc_extended_tlv compulsory; +}; + +struct iasecc_sdo { + unsigned char sdo_class; + unsigned char sdo_ref; + + unsigned int usage; + + struct iasecc_sdo_docp docp; + + union { + struct iasecc_sdo_chv chv; + struct iasecc_sdo_prvkey prv_key; + struct iasecc_sdo_pubkey pub_key; + struct iasecc_sdo_keyset keyset; + } data; + + unsigned not_on_card; + unsigned magic; +}; + +struct iasecc_sdo_update { + unsigned char sdo_class; + unsigned char sdo_ref; + + struct iasecc_extended_tlv fields[IASECC_SDO_TAGS_UPDATE_MAX]; + + unsigned char acl_method, acl_ref; + + unsigned magic; +}; + +struct iasecc_sdo_rsa_update { + struct iasecc_sdo *sdo_prv_key; + struct iasecc_sdo *sdo_pub_key; + struct sc_pkcs15_prkey_rsa *p15_rsa; + + struct iasecc_sdo_update update_prv; + struct iasecc_sdo_update update_pub; + + unsigned magic; +}; + +struct iasecc_se_info { + struct iasecc_sdo_docp docp; + int reference; + + struct sc_crt crts[SC_MAX_CRTS_IN_SE]; + + struct sc_file *df; + struct iasecc_se_info *next; + + unsigned magic; +}; + +struct iasecc_sm_card_answer { + unsigned char data[SC_MAX_APDU_BUFFER_SIZE]; + size_t data_len; + + unsigned sw; + + unsigned char mac[8]; + unsigned char ticket[14]; +}; + +struct iasecc_ctl_get_free_reference { + size_t key_size; + unsigned usage; + unsigned access; + int index; +}; + +enum IASECC_KEY_TYPE { + IASECC_SDO_CLASS_RSA_PRV = 0x10, + IASECC_SDO_CLASS_RSA_PUB = 0x20 +}; + +struct sc_card; +int iasecc_sdo_convert_acl(struct sc_card *, struct iasecc_sdo *, unsigned char, unsigned *, unsigned *); +void iasecc_sdo_free_fields(struct sc_card *, struct iasecc_sdo *); +void iasecc_sdo_free(struct sc_card *, struct iasecc_sdo *); +int iasecc_se_parse(struct sc_card *, unsigned char *, size_t, struct iasecc_se_info *); +int iasecc_sdo_parse(struct sc_card *, unsigned char *, size_t, struct iasecc_sdo *); +int iasecc_sdo_allocate_and_parse(struct sc_card *, unsigned char *, size_t, struct iasecc_sdo **); +int iasecc_encode_size(size_t, unsigned char *); +int iasecc_sdo_encode_create(struct sc_context*, struct iasecc_sdo *, unsigned char **); +int iasecc_sdo_encode_update_field(struct sc_context *, unsigned char, unsigned char, + struct iasecc_extended_tlv *, unsigned char **); +int iasecc_se_get_crt(struct sc_card *, struct iasecc_se_info *, struct sc_crt *); +int iasecc_se_get_crt_by_usage(struct sc_card *, struct iasecc_se_info *, + unsigned char, unsigned char, struct sc_crt *); +int iasecc_sdo_encode_rsa_update(struct sc_context *, struct iasecc_sdo *, struct sc_pkcs15_prkey_rsa *, struct iasecc_sdo_update *); +int iasecc_sdo_parse_card_answer(struct sc_context *, unsigned char *, size_t, struct iasecc_sm_card_answer *); +int iasecc_docp_copy(struct sc_context *, struct iasecc_sdo_docp *, struct iasecc_sdo_docp *); +#endif diff -Nru opensc-0.11.13/src/libopensc/internal.h opensc-0.12.1/src/libopensc/internal.h --- opensc-0.11.13/src/libopensc/internal.h 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/internal.h 2011-05-17 17:07:00.000000000 +0000 @@ -23,25 +23,25 @@ #define _SC_INTERNAL_H #ifdef HAVE_CONFIG_H -#include +#include "config.h" #endif #ifdef __cplusplus extern "C" { #endif -#include "opensc.h" -#include "log.h" -#include "ui.h" -#include "cards.h" #include #ifdef _WIN32 #include #endif +#include "common/simclist.h" +#include "common/libscdl.h" +#include "libopensc/opensc.h" +#include "libopensc/log.h" +#include "libopensc/cards.h" + #define SC_FILE_MAGIC 0x14426950 -#define SC_CARD_MAGIC 0x27182818 -#define SC_CTX_MAGIC 0x0A550335 #ifndef _WIN32 #define msleep(t) usleep((t) * 1000) @@ -50,15 +50,22 @@ #define sleep(t) Sleep((t) * 1000) #endif +#ifndef MAX +#define MAX(x, y) (((x) > (y)) ? (x) : (y)) +#endif +#ifndef MIN +#define MIN(x, y) (((x) < (y)) ? (x) : (y)) +#endif + struct sc_atr_table { /* The atr fields are required to * be in aa:bb:cc hex format. */ - char *atr; + const char *atr; /* The atrmask is logically AND'd with an * card atr prior to comparison with the * atr reference value above. */ - char *atrmask; - char *name; + const char *atrmask; + const char *name; int type; unsigned long flags; /* Reference to card_atr configuration block, @@ -68,8 +75,8 @@ /* Internal use only */ int _sc_add_reader(struct sc_context *ctx, struct sc_reader *reader); -int _sc_parse_atr(struct sc_context *ctx, struct sc_slot_info *slot); -struct sc_slot_info *_sc_get_slot_info(struct sc_reader *reader, int slot_id); +int _sc_delete_reader(struct sc_context *ctx, struct sc_reader *reader); +int _sc_parse_atr(struct sc_reader *reader); /* Add an ATR to the card driver's struct sc_atr_table */ int _sc_add_atr(struct sc_context *ctx, struct sc_card_driver *driver, struct sc_atr_table *src); @@ -103,19 +110,17 @@ /* Returns an scconf_block entry with matching ATR/ATRmask to the ATR specified, * NULL otherwise. Additionally, if card driver is not specified, search through * all card drivers user configured ATRs. */ -scconf_block *_sc_match_atr_block(sc_context_t *ctx, struct sc_card_driver *driver, u8 *atr, size_t atr_len); +scconf_block *_sc_match_atr_block(sc_context_t *ctx, struct sc_card_driver *driver, struct sc_atr *atr); /* Returns an index number if a match was found, -1 otherwise. table has to * be null terminated. */ int _sc_match_atr(struct sc_card *card, struct sc_atr_table *table, int *type_out); -int _sc_check_forced_protocol(struct sc_context *ctx, u8 *atr, size_t atr_len, unsigned int *protocol); - int _sc_card_add_algorithm(struct sc_card *card, const struct sc_algorithm_info *info); int _sc_card_add_rsa_alg(struct sc_card *card, unsigned int key_length, unsigned long flags, unsigned long exponent); -struct sc_algorithm_info * _sc_card_find_rsa_alg(struct sc_card *card, - unsigned int key_length); +int _sc_card_add_ec_alg(struct sc_card *card, unsigned int key_length, + unsigned long flags, unsigned long ext_flags); int sc_asn1_read_tag(const u8 ** buf, size_t buflen, unsigned int *cla_out, unsigned int *tag_out, size_t *taglen); @@ -231,16 +236,18 @@ /** * Logs APDU * @param ctx sc_context_t object + * @param level log if ctx->debug >= level * @param buf buffer with the APDU data * @param len length of the APDU * @param is_outgoing != 0 if the data is send to the card */ -void sc_apdu_log(sc_context_t *ctx, const u8 *data, size_t len, +void sc_apdu_log(sc_context_t *ctx, int level, const u8 *data, size_t len, int is_outgoing); extern struct sc_reader_driver *sc_get_pcsc_driver(void); extern struct sc_reader_driver *sc_get_ctapi_driver(void); extern struct sc_reader_driver *sc_get_openct_driver(void); +extern struct sc_reader_driver *sc_get_cardmod_driver(void); #ifdef __cplusplus } diff -Nru opensc-0.11.13/src/libopensc/internal-winscard.h opensc-0.12.1/src/libopensc/internal-winscard.h --- opensc-0.11.13/src/libopensc/internal-winscard.h 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/internal-winscard.h 2011-05-17 17:07:00.000000000 +0000 @@ -23,7 +23,7 @@ #else /* mingw32 does not have winscard.h */ -#define MAX_ATR_SIZE 33 /**< Maximum ATR size */ +#define MAX_ATR_SIZE 33 /**< Maximum ATR size */ #define SCARD_PROTOCOL_T0 0x0001 /**< T=0 active protocol. */ #define SCARD_PROTOCOL_T1 0x0002 /**< T=1 active protocol. */ @@ -32,11 +32,19 @@ #define SCARD_STATE_UNAWARE 0x0000 /**< App wants status */ #define SCARD_STATE_IGNORE 0x0001 /**< Ignore this reader */ #define SCARD_STATE_CHANGED 0x0002 /**< State has changed */ +#define SCARD_STATE_UNKNOWN 0x0004 /**< Reader unknown */ +#define SCARD_STATE_UNAVAILABLE 0x0008 /**< Status unavailable */ #define SCARD_STATE_EMPTY 0x0010 /**< Card removed */ #define SCARD_STATE_PRESENT 0x0020 /**< Card inserted */ +#define SCARD_STATE_EXCLUSIVE 0x0080 /**< Exclusive Mode */ +#define SCARD_STATE_INUSE 0x0100 /**< Shared Mode */ +#define SCARD_STATE_MUTE 0x0200 /**< Unresponsive card */ +#define SCARD_STATE_UNPOWERED 0x0400 /**< Unpowered card */ + #define SCARD_SHARE_EXCLUSIVE 0x0001 /**< Exclusive mode only */ #define SCARD_SHARE_SHARED 0x0002 /**< Shared mode only */ +#define SCARD_SHARE_DIRECT 0x0003 /**< Raw mode only */ #define SCARD_LEAVE_CARD 0x0000 /**< Do nothing on close */ #define SCARD_RESET_CARD 0x0001 /**< Reset on close */ @@ -46,9 +54,12 @@ #ifndef SCARD_S_SUCCESS /* conflict in mingw-w64 */ #define SCARD_S_SUCCESS 0x00000000 /**< No error was encountered. */ +#define SCARD_E_CANCELLED 0x80100002 /**< The action was cancelled by an SCardCancel request. */ #define SCARD_E_INVALID_HANDLE 0x80100003 /**< The supplied handle was invalid. */ #define SCARD_E_TIMEOUT 0x8010000A /**< The user-specified timeout value has expired. */ #define SCARD_E_SHARING_VIOLATION 0x8010000B /**< The smart card cannot be accessed because of other connections outstanding. */ +#define SCARD_E_NO_SMARTCARD 0x8010000C /**< The operation requires a smart card, but no smart card is currently in the device. */ +#define SCARD_E_PROTO_MISMATCH 0x8010000F /**< The requested protocols are incompatible with the protocol currently in use with the smart card. */ #define SCARD_E_NOT_TRANSACTED 0x80100016 /**< An attempt was made to end a non-existent transaction. */ #define SCARD_E_READER_UNAVAILABLE 0x80100017 /**< The specified reader is not currently available for use. */ #define SCARD_E_NO_SERVICE 0x8010001D /**< The Smart card resource manager is not running. */ @@ -77,7 +88,7 @@ unsigned long cbAtr; unsigned char rgbAtr[MAX_ATR_SIZE]; } -SCARD_READERSTATE_A; +SCARD_READERSTATE, *LPSCARD_READERSTATE; typedef struct _SCARD_IO_REQUEST { @@ -87,8 +98,6 @@ SCARD_IO_REQUEST, *PSCARD_IO_REQUEST, *LPSCARD_IO_REQUEST; typedef const SCARD_IO_REQUEST *LPCSCARD_IO_REQUEST; -typedef SCARD_READERSTATE_A SCARD_READERSTATE, *PSCARD_READERSTATE_A, - *LPSCARD_READERSTATE_A; #endif /* HAVE_SCARD_H */ @@ -113,7 +122,8 @@ typedef LONG (PCSC_API *SCardStatus_t)(SCARDHANDLE hCard, LPSTR mszReaderNames, LPDWORD pcchReaderLen, LPDWORD pdwState, LPDWORD pdwProtocol, LPBYTE pbAtr, LPDWORD pcbAtrLen); typedef LONG (PCSC_API *SCardGetStatusChange_t)(SCARDCONTEXT hContext, DWORD dwTimeout, - LPSCARD_READERSTATE_A rgReaderStates, DWORD cReaders); + SCARD_READERSTATE *rgReaderStates, DWORD cReaders); +typedef LONG (PCSC_API *SCardCancel_t)(SCARDCONTEXT hContext); typedef LONG (PCSC_API *SCardControlOLD_t)(SCARDHANDLE hCard, LPCVOID pbSendBuffer, DWORD cbSendLength, LPVOID pbRecvBuffer, LPDWORD lpBytesReturned); typedef LONG (PCSC_API *SCardControl_t)(SCARDHANDLE hCard, DWORD dwControlCode, LPCVOID pbSendBuffer, @@ -124,6 +134,8 @@ LPBYTE pbRecvBuffer, LPDWORD pcbRecvLength); typedef LONG (PCSC_API *SCardListReaders_t)(SCARDCONTEXT hContext, LPCSTR mszGroups, LPSTR mszReaders, LPDWORD pcchReaders); +typedef LONG (PCSC_API *SCardGetAttrib_t)(SCARDHANDLE hCard, DWORD dwAttrId,\ + LPBYTE pbAttr, LPDWORD pcbAttrLen); /* Copied from pcsc-lite reader.h */ @@ -158,13 +170,15 @@ #define FEATURE_WRITE_DISPLAY 0x0F #define FEATURE_GET_KEY 0x10 #define FEATURE_IFD_DISPLAY_PROPERTIES 0x11 +#define FEATURE_GET_TLV_PROPERTIES 0x12 +#define FEATURE_CCID_ESC_COMMAND 0x13 -/* structures used (but not defined) in PCSC Part 10 revision 2.01.02: +/* structures used (but not defined) in PCSC Part 10: * "IFDs with Secure Pin Entry Capabilities" */ /* Set structure elements aligment on bytes * http://gcc.gnu.org/onlinedocs/gcc/Structure_002dPacking-Pragmas.html */ -#ifdef __APPLE__ +#if defined(__APPLE__) || defined(sun) #pragma pack(1) #else #pragma pack(push, 1) @@ -241,16 +255,26 @@ uint8_t abData[1]; /**< Data to send to the ICC */ } PIN_MODIFY_STRUCTURE; +/* PIN_PROPERTIES as defined (in/up to?) PC/SC 2.02.05 */ +/* This only makes sense with old Windows drivers. To be removed some time in the future. */ +#define PIN_PROPERTIES_v5 typedef struct { uint16_t wLcdLayout; /**< display characteristics */ uint16_t wLcdMaxCharacters; uint16_t wLcdMaxLines; uint8_t bEntryValidationCondition; uint8_t bTimeOut2; +} PIN_PROPERTIES_STRUCTURE_v5; + +/* PIN_PROPERTIES as defined in PC/SC 2.02.06 and later */ +typedef struct { + uint16_t wLcdLayout; /**< display characteristics */ + uint8_t bEntryValidationCondition; + uint8_t bTimeOut2; } PIN_PROPERTIES_STRUCTURE; /* restore default structure elements alignment */ -#ifdef __APPLE__ +#if defined(__APPLE__) || defined(sun) #pragma pack() #else #pragma pack(pop) diff -Nru opensc-0.11.13/src/libopensc/iso7816.c opensc-0.12.1/src/libopensc/iso7816.c --- opensc-0.11.13/src/libopensc/iso7816.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/iso7816.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,17 +18,21 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" -#include "asn1.h" +#include "config.h" + #include #include #include #include +#include "internal.h" +#include "asn1.h" +#include "iso7816.h" + static const struct sc_card_error iso7816_errors[] = { { 0x6200, SC_ERROR_MEMORY_FAILURE, "State of non-volatile memory unchanged" }, - { 0x6281, SC_ERROR_MEMORY_FAILURE, "Part of returned data may be corrupted" }, - { 0x6282, SC_ERROR_CARD_CMD_FAILED, "End of file/record reached before reading Le bytes" }, + { 0x6281, SC_ERROR_CORRUPTED_DATA, "Part of returned data may be corrupted" }, + { 0x6282, SC_ERROR_FILE_END_REACHED, "End of file/record reached before reading Le bytes" }, { 0x6283, SC_ERROR_CARD_CMD_FAILED, "Selected file invalidated" }, { 0x6284, SC_ERROR_CARD_CMD_FAILED, "FCI not formatted according to ISO 7816-4" }, @@ -58,7 +62,7 @@ { 0x6A81, SC_ERROR_NO_CARD_SUPPORT, "Function not supported" }, { 0x6A82, SC_ERROR_FILE_NOT_FOUND, "File not found" }, { 0x6A83, SC_ERROR_RECORD_NOT_FOUND, "Record not found" }, - { 0x6A84, SC_ERROR_CARD_CMD_FAILED, "Not enough memory space in the file" }, + { 0x6A84, SC_ERROR_NOT_ENOUGH_MEMORY, "Not enough memory space in the file" }, { 0x6A85, SC_ERROR_INCORRECT_PARAMETERS,"Lc inconsistent with TLV structure" }, { 0x6A86, SC_ERROR_INCORRECT_PARAMETERS,"Incorrect parameters P1-P2" }, { 0x6A87, SC_ERROR_INCORRECT_PARAMETERS,"Lc inconsistent with P1-P2" }, @@ -84,22 +88,22 @@ /* Handle special cases here */ if (sw1 == 0x6C) { - sc_error(card->ctx, "Wrong length; correct length is %d\n", sw2); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Wrong length; correct length is %d", sw2); return SC_ERROR_WRONG_LENGTH; } if (sw1 == 0x90) - return SC_NO_ERROR; + return SC_SUCCESS; if (sw1 == 0x63U && (sw2 & ~0x0fU) == 0xc0U ) { - sc_error(card->ctx, "Verification failed (remaining tries: %d)\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Verification failed (remaining tries: %d)", (sw2 & 0x0f)); return SC_ERROR_PIN_CODE_INCORRECT; } for (i = 0; i < err_count; i++) if (iso7816_errors[i].SWs == ((sw1 << 8) | sw2)) { - sc_error(card->ctx, "%s\n", iso7816_errors[i].errorstr); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "%s", iso7816_errors[i].errorstr); return iso7816_errors[i].errorno; } - sc_error(card->ctx, "Unknown SWs; SW1=%02X, SW2=%02X\n", sw1, sw2); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unknown SWs; SW1=%02X, SW2=%02X", sw1, sw2); return SC_ERROR_CARD_CMD_FAILED; } @@ -107,16 +111,17 @@ unsigned int idx, u8 *buf, size_t count, unsigned long flags) { + sc_context_t *ctx = card->ctx; sc_apdu_t apdu; u8 recvbuf[SC_MAX_APDU_BUFFER_SIZE]; int r; if (idx > 0x7fff) { - sc_error(card->ctx, "invalid EF offset: 0x%X > 0x7FFF", idx); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "invalid EF offset: 0x%X > 0x7FFF", idx); return SC_ERROR_OFFSET_TOO_LARGE; } - assert(count <= card->max_recv_size); + assert(count <= (card->max_recv_size > 0 ? card->max_recv_size : 256)); sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xB0, (idx >> 8) & 0x7F, idx & 0xFF); apdu.le = count; @@ -124,12 +129,24 @@ apdu.resp = recvbuf; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.resplen == 0) - SC_FUNC_RETURN(card->ctx, 2, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); memcpy(buf, recvbuf, apdu.resplen); - SC_FUNC_RETURN(card->ctx, 3, apdu.resplen); + r = sc_check_sw(card, apdu.sw1, apdu.sw2); + if (r == SC_ERROR_FILE_END_REACHED) + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, apdu.resplen); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Check SW error"); + + if (apdu.resplen < count) { + r = iso7816_read_binary(card, idx + apdu.resplen, buf + apdu.resplen, count - apdu.resplen, flags); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); + + apdu.resplen += r; + } + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, apdu.resplen); } static int iso7816_read_record(sc_card_t *card, @@ -150,12 +167,12 @@ apdu.resp = recvbuf; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.resplen == 0) - SC_FUNC_RETURN(card->ctx, 2, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); memcpy(buf, recvbuf, apdu.resplen); - SC_FUNC_RETURN(card->ctx, 3, apdu.resplen); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, apdu.resplen); } static int iso7816_write_record(sc_card_t *card, unsigned int rec_nr, @@ -166,7 +183,7 @@ int r; if (count > 256) { - sc_error(card->ctx, "Trying to send too many bytes\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Trying to send too many bytes"); return SC_ERROR_INVALID_ARGUMENTS; } sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xD2, rec_nr, 0); @@ -179,10 +196,10 @@ apdu.data = buf; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); - SC_TEST_RET(card->ctx, sc_check_sw(card, apdu.sw1, apdu.sw2), + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, sc_check_sw(card, apdu.sw1, apdu.sw2), "Card returned error"); - SC_FUNC_RETURN(card->ctx, 3, count); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, count); } static int iso7816_append_record(sc_card_t *card, @@ -193,7 +210,7 @@ int r; if (count > 256) { - sc_error(card->ctx, "Trying to send too many bytes\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Trying to send too many bytes"); return SC_ERROR_INVALID_ARGUMENTS; } sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xE2, 0, 0); @@ -204,10 +221,10 @@ apdu.data = buf; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); - SC_TEST_RET(card->ctx, sc_check_sw(card, apdu.sw1, apdu.sw2), + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, sc_check_sw(card, apdu.sw1, apdu.sw2), "Card returned error"); - SC_FUNC_RETURN(card->ctx, 3, count); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, count); } static int iso7816_update_record(sc_card_t *card, unsigned int rec_nr, @@ -218,7 +235,7 @@ int r; if (count > 256) { - sc_error(card->ctx, "Trying to send too many bytes\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Trying to send too many bytes"); return SC_ERROR_INVALID_ARGUMENTS; } sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xDC, rec_nr, 0); @@ -231,10 +248,10 @@ apdu.data = buf; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); - SC_TEST_RET(card->ctx, sc_check_sw(card, apdu.sw1, apdu.sw2), + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, sc_check_sw(card, apdu.sw1, apdu.sw2), "Card returned error"); - SC_FUNC_RETURN(card->ctx, 3, count); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, count); } static int iso7816_write_binary(sc_card_t *card, @@ -244,10 +261,10 @@ sc_apdu_t apdu; int r; - assert(count <= card->max_send_size); + assert(count <= (card->max_send_size > 0 ? card->max_send_size : 255)); if (idx > 0x7fff) { - sc_error(card->ctx, "invalid EF offset: 0x%X > 0x7FFF", idx); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "invalid EF offset: 0x%X > 0x7FFF", idx); return SC_ERROR_OFFSET_TOO_LARGE; } @@ -258,10 +275,10 @@ apdu.data = buf; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); - SC_TEST_RET(card->ctx, sc_check_sw(card, apdu.sw1, apdu.sw2), + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, sc_check_sw(card, apdu.sw1, apdu.sw2), "Card returned error"); - SC_FUNC_RETURN(card->ctx, 3, count); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, count); } static int iso7816_update_binary(sc_card_t *card, @@ -271,10 +288,10 @@ sc_apdu_t apdu; int r; - assert(count <= card->max_send_size); + assert(count <= (card->max_send_size > 0 ? card->max_send_size : 255)); if (idx > 0x7fff) { - sc_error(card->ctx, "invalid EF offset: 0x%X > 0x7FFF", idx); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "invalid EF offset: 0x%X > 0x7FFF", idx); return SC_ERROR_OFFSET_TOO_LARGE; } @@ -285,10 +302,10 @@ apdu.data = buf; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); - SC_TEST_RET(card->ctx, sc_check_sw(card, apdu.sw1, apdu.sw2), + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, sc_check_sw(card, apdu.sw1, apdu.sw2), "Card returned error"); - SC_FUNC_RETURN(card->ctx, 3, count); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, count); } static int iso7816_process_fci(sc_card_t *card, sc_file_t *file, @@ -298,28 +315,26 @@ size_t taglen, len = buflen; const u8 *tag = NULL, *p = buf; - if (ctx->debug >= 3) - sc_debug(ctx, "processing FCI bytes\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "processing FCI bytes"); tag = sc_asn1_find_tag(ctx, p, len, 0x83, &taglen); if (tag != NULL && taglen == 2) { file->id = (tag[0] << 8) | tag[1]; - if (ctx->debug >= 3) - sc_debug(ctx, " file identifier: 0x%02X%02X\n", tag[0], - tag[1]); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + " file identifier: 0x%02X%02X", tag[0], tag[1]); } tag = sc_asn1_find_tag(ctx, p, len, 0x80, &taglen); - if (tag != NULL && taglen >= 2) { - int bytes = (tag[0] << 8) + tag[1]; - if (ctx->debug >= 3) - sc_debug(ctx, " bytes in file: %d\n", bytes); - file->size = bytes; + if (tag != NULL && taglen > 0 && taglen < 3) { + file->size = tag[0]; + if (taglen == 2) + file->size = (file->size << 8) + tag[1]; + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, " bytes in file: %d", file->size); } if (tag == NULL) { tag = sc_asn1_find_tag(ctx, p, len, 0x81, &taglen); if (tag != NULL && taglen >= 2) { int bytes = (tag[0] << 8) + tag[1]; - if (ctx->debug >= 3) - sc_debug(ctx, " bytes in file: %d\n", bytes); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + " bytes in file: %d", bytes); file->size = bytes; } } @@ -330,8 +345,7 @@ const char *type; file->shareable = byte & 0x40 ? 1 : 0; - if (ctx->debug >= 3) - sc_debug(ctx, " shareable: %s\n", + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, " shareable: %s", (byte & 0x40) ? "yes" : "no"); file->ef_structure = byte & 0x07; switch ((byte >> 3) & 7) { @@ -351,24 +365,23 @@ type = "unknown"; break; } - if (ctx->debug >= 3) { - sc_debug(ctx, " type: %s\n", type); - sc_debug(ctx, " EF structure: %d\n", - byte & 0x07); - } + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + " type: %s", type); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + " EF structure: %d", byte & 0x07); } } tag = sc_asn1_find_tag(ctx, p, len, 0x84, &taglen); if (tag != NULL && taglen > 0 && taglen <= 16) { + char tbuf[128]; memcpy(file->name, tag, taglen); file->namelen = taglen; - if (ctx->debug >= 3) - { - char tbuf[128]; - sc_hex_dump(ctx, file->name, file->namelen, tbuf, sizeof(tbuf)); - sc_debug(ctx, " File name: %s\n", tbuf); - } + sc_hex_dump(ctx, SC_LOG_DEBUG_NORMAL, + file->name, file->namelen, tbuf, sizeof(tbuf)); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, " File name: %s", tbuf); + if (!file->type) + file->type = SC_FILE_TYPE_DF; } tag = sc_asn1_find_tag(ctx, p, len, 0x85, &taglen); if (tag != NULL && taglen) { @@ -383,6 +396,15 @@ if (tag != NULL && taglen) { sc_file_set_sec_attr(file, tag, taglen); } + tag = sc_asn1_find_tag(ctx, p, len, 0x8A, &taglen); + if (tag != NULL && taglen==1) { + if (tag[0] == 0x01) + file->status = SC_FILE_STATUS_CREATION; + else if (tag[0] == 0x07 || tag[0] == 0x05) + file->status = SC_FILE_STATUS_ACTIVATED; + else if (tag[0] == 0x06 || tag[0] == 0x04) + file->status = SC_FILE_STATUS_INVALIDATED; + } file->magic = SC_FILE_MAGIC; return 0; @@ -435,7 +457,7 @@ apdu.cse = SC_APDU_CASE_2_SHORT; break; default: - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); } apdu.p2 = 0; /* first record, return FCI */ apdu.lc = pathlen; @@ -445,44 +467,45 @@ if (file_out != NULL) { apdu.resp = buf; apdu.resplen = sizeof(buf); - apdu.le = 256; + apdu.le = card->max_recv_size > 0 ? card->max_recv_size : 256; } else apdu.cse = (apdu.lc == 0) ? SC_APDU_CASE_1 : SC_APDU_CASE_3_SHORT; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (file_out == NULL) { if (apdu.sw1 == 0x61) - SC_FUNC_RETURN(card->ctx, 2, 0); - SC_FUNC_RETURN(card->ctx, 2, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, 0); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); } r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (r) - SC_FUNC_RETURN(card->ctx, 2, r); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); if (apdu.resplen < 2) - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_UNKNOWN_DATA_RECEIVED); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_UNKNOWN_DATA_RECEIVED); switch (apdu.resp[0]) { - case 0x6F: + case ISO7816_TAG_FCI: + case ISO7816_TAG_FCP: file = sc_file_new(); if (file == NULL) - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_OUT_OF_MEMORY); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); file->path = *in_path; if (card->ops->process_fci == NULL) { sc_file_free(file); - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_NOT_SUPPORTED); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_NOT_SUPPORTED); } if ((size_t)apdu.resp[1] + 2 <= apdu.resplen) card->ops->process_fci(card, file, apdu.resp+2, apdu.resp[1]); *file_out = file; break; - case 0x00: /* proprietary coding */ - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_UNKNOWN_DATA_RECEIVED); + case 0x00: /* proprietary coding */ + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_UNKNOWN_DATA_RECEIVED); default: - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_UNKNOWN_DATA_RECEIVED); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_UNKNOWN_DATA_RECEIVED); } - return 0; + return SC_SUCCESS; } static int iso7816_get_challenge(sc_card_t *card, u8 *rnd, size_t len) @@ -504,7 +527,7 @@ size_t n = len > 8 ? 8 : len; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.resplen != 8) return sc_check_sw(card, apdu.sw1, apdu.sw2); memcpy(rnd, apdu.resp, n); @@ -582,9 +605,9 @@ len = SC_MAX_APDU_BUFFER_SIZE; if (card->ops->construct_fci == NULL) - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_NOT_SUPPORTED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_NOT_SUPPORTED); r = card->ops->construct_fci(card, file, sbuf, &len); - SC_TEST_RET(card->ctx, r, "construct_fci() failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "construct_fci() failed"); sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xE0, 0x00, 0x00); apdu.lc = len; @@ -592,7 +615,7 @@ apdu.data = sbuf; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); return sc_check_sw(card, apdu.sw1, apdu.sw2); } @@ -603,7 +626,7 @@ size_t rlen; /* request at most max_recv_size bytes */ - if (*count > card->max_recv_size) + if (card->max_recv_size > 0 && *count > card->max_recv_size) rlen = card->max_recv_size; else rlen = *count; @@ -616,9 +639,9 @@ apdu.flags |= SC_APDU_FLAGS_NO_GET_RESP; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.resplen == 0) - SC_FUNC_RETURN(card->ctx, 2, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); *count = apdu.resplen; @@ -640,10 +663,10 @@ u8 sbuf[2]; sc_apdu_t apdu; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); if (path->type != SC_PATH_TYPE_FILE_ID || (path->len != 0 && path->len != 2)) { - sc_error(card->ctx, "File type has to be SC_PATH_TYPE_FILE_ID\n"); - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "File type has to be SC_PATH_TYPE_FILE_ID"); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS); } if (path->len == 2) { @@ -658,7 +681,7 @@ apdu.data = sbuf; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); return sc_check_sw(card, apdu.sw1, apdu.sw2); } @@ -712,18 +735,20 @@ apdu.data = sbuf; if (se_num > 0) { r = sc_lock(card); - SC_TEST_RET(card->ctx, r, "sc_lock() failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "sc_lock() failed"); locked = 1; } if (apdu.datalen != 0) { r = sc_transmit_apdu(card, &apdu); if (r) { - sc_perror(card->ctx, r, "APDU transmit failed"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "%s: APDU transmit failed", sc_strerror(r)); goto err; } r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (r) { - sc_perror(card->ctx, r, "Card returned error"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "%s: Card returned error", sc_strerror(r)); goto err; } } @@ -732,7 +757,7 @@ sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x22, 0xF2, se_num); r = sc_transmit_apdu(card, &apdu); sc_unlock(card); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); return sc_check_sw(card, apdu.sw1, apdu.sw2); err: if (locked) @@ -752,7 +777,7 @@ apdu.resplen = sizeof(rbuf) > 250 ? 250 : sizeof(rbuf); apdu.resp = rbuf; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); return sc_check_sw(card, apdu.sw1, apdu.sw2); } @@ -767,7 +792,7 @@ assert(card != NULL && data != NULL && out != NULL); if (datalen > 255) - SC_FUNC_RETURN(card->ctx, 4, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); /* INS: 0x2A PERFORM SECURITY OPERATION * P1: 0x9E Resp: Digital Signature @@ -782,16 +807,15 @@ apdu.data = sbuf; apdu.lc = datalen; apdu.datalen = datalen; - apdu.sensitive = 1; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00) { size_t len = apdu.resplen > outlen ? outlen : apdu.resplen; memcpy(out, apdu.resp, len); - SC_FUNC_RETURN(card->ctx, 4, len); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, len); } - SC_FUNC_RETURN(card->ctx, 4, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); } static int iso7816_decipher(sc_card_t *card, @@ -803,11 +827,11 @@ u8 *sbuf = NULL; assert(card != NULL && crgram != NULL && out != NULL); - SC_FUNC_CALLED(card->ctx, 2); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); - sbuf = (u8 *)malloc(crgram_len + 1); + sbuf = malloc(crgram_len + 1); if (sbuf == NULL) - return SC_ERROR_MEMORY_FAILURE; + return SC_ERROR_OUT_OF_MEMORY; /* INS: 0x2A PERFORM SECURITY OPERATION * P1: 0x80 Resp: Plain value @@ -819,21 +843,23 @@ * to tell the card the we want everything available (note: we * always have Le <= crgram_len) */ apdu.le = (outlen >= 256 && crgram_len < 256) ? 256 : outlen; - apdu.sensitive = 1; + /* Use APDU chaining with 2048bit RSA keys if the card does not do extended APDU-s */ + if ((crgram_len+1 > 255) && !(card->caps & SC_CARD_CAP_APDU_EXT)) + apdu.flags |= SC_APDU_FLAGS_CHAINING; sbuf[0] = 0; /* padding indicator byte, 0x00 = No further indication */ memcpy(sbuf + 1, crgram, crgram_len); apdu.data = sbuf; - apdu.lc = crgram_len + 1; + apdu.lc = crgram_len + 1; apdu.datalen = crgram_len + 1; r = sc_transmit_apdu(card, &apdu); sc_mem_clear(sbuf, crgram_len + 1); free(sbuf); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00) - SC_FUNC_RETURN(card->ctx, 2, apdu.resplen); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, apdu.resplen); else - SC_FUNC_RETURN(card->ctx, 2, sc_check_sw(card, apdu.sw1, apdu.sw2)); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, sc_check_sw(card, apdu.sw1, apdu.sw2)); } static int iso7816_build_pin_apdu(sc_card_t *card, sc_apdu_t *apdu, @@ -908,7 +934,6 @@ apdu->datalen = len; apdu->data = buf; apdu->resplen = 0; - apdu->sensitive = 1; return 0; } @@ -946,19 +971,17 @@ /* Call the reader driver to collect * the PIN and pass on the APDU to the card */ if (data->pin1.offset == 0) { - sc_error(card->ctx, + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Card driver didn't set PIN offset"); return SC_ERROR_INVALID_ARGUMENTS; } if (card->reader && card->reader->ops && card->reader->ops->perform_verify) { - r = card->reader->ops->perform_verify(card->reader, - card->slot, - data); + r = card->reader->ops->perform_verify(card->reader, data); /* sw1/sw2 filled in by reader driver */ } else { - sc_error(card->ctx, + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Card reader driver does not support " "PIN entry through reader key pad"); r = SC_ERROR_NOT_SUPPORTED; @@ -969,7 +992,7 @@ if (data->apdu == &local_apdu) data->apdu = NULL; - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu->sw1 == 0x63) { if ((apdu->sw2 & 0xF0) == 0xC0 && tries_left != NULL) *tries_left = apdu->sw2 & 0x0F; diff -Nru opensc-0.11.13/src/libopensc/iso7816.h opensc-0.12.1/src/libopensc/iso7816.h --- opensc-0.11.13/src/libopensc/iso7816.h 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/libopensc/iso7816.h 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,45 @@ +/* + * iso7816.h: ISO-7816 defines + */ + +#ifndef _ISO7816_TYPES_H +#define _ISO7816_TYPES_H + +#ifdef __cplusplus +extern "C" { +#endif + +#define ISO7816_FILE_TYPE_TRANSPARENT_EF 0x01 +#define ISO7816_FILE_TYPE_DF 0x38 + +#define ISO7816_TAG_FCI 0x6F + +#define ISO7816_TAG_FCP 0x62 +#define ISO7816_TAG_FCP_SIZE 0x80 +#define ISO7816_TAG_FCP_TYPE 0x82 +#define ISO7816_TAG_FCP_ID 0x83 +#define ISO7816_TAG_FCP_ACLS 0x86 + +/* ISO7816 interindustry data tags */ +#define ISO7816_II_CATEGORY_TLV 0x80 +#define ISO7816_II_CATEGORY_NOT_TLV 0x00 + +#define ISO7816_TAG_II_CARD_SERVICE 0x43 +#define ISO7816_TAG_II_INITIAL_ACCESS_DATA 0x44 +#define ISO7816_TAG_II_CARD_ISSUER_DATA 0x45 +#define ISO7816_TAG_II_PRE_ISSUING 0x46 +#define ISO7816_TAG_II_CARD_CAPABILITIES 0x47 +#define ISO7816_TAG_II_AID 0x4F +#define ISO7816_TAG_II_ALLOCATION_SCHEME 0x78 +#define ISO7816_TAG_II_STATUS_LCS 0x81 +#define ISO7816_TAG_II_STATUS_SW 0x82 +#define ISO7816_TAG_II_STATUS_LCS_SW 0x83 + +/* Other interindustry data tags */ +#define IASECC_TAG_II_IO_BUFFER_SIZES 0xE0 + +#ifdef __cplusplus +} +#endif + +#endif diff -Nru opensc-0.11.13/src/libopensc/itacns.h opensc-0.12.1/src/libopensc/itacns.h --- opensc-0.11.13/src/libopensc/itacns.h 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/libopensc/itacns.h 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,15 @@ +#ifndef _OPENSC_ITACNS_H +#define _OPENSC_ITACNS_H + +typedef struct { + u8 ic_manufacturer_code; + u8 mask_manufacturer_code; + u8 os_version_h; + u8 os_version_l; + u8 cns_version; +} itacns_drv_data_t; + +#define ITACNS_MASKMAN_SIEMENS 0x08 +#define ITACNS_MASKMAN_STINCARD 0x09 + +#endif /* _OPENSC_ITACNS_H */ diff -Nru opensc-0.11.13/src/libopensc/libopensc.exports opensc-0.12.1/src/libopensc/libopensc.exports --- opensc-0.11.13/src/libopensc/libopensc.exports 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/libopensc.exports 2011-05-17 17:07:00.000000000 +0000 @@ -1,7 +1,34 @@ +scconf_block_add +scconf_block_copy +scconf_block_destroy +scconf_find_block +scconf_find_blocks +scconf_find_list +scconf_free +scconf_get_bool +scconf_get_int +scconf_get_str +scconf_item_add +scconf_item_copy +scconf_item_destroy +scconf_list_add +scconf_list_array_length +scconf_list_copy +scconf_list_destroy +scconf_list_strdup +scconf_list_strings_length +scconf_list_toarray +scconf_new +scconf_parse +scconf_parse_entries +scconf_parse_string +scconf_put_bool +scconf_put_int +scconf_put_str +scconf_write +scconf_write_entries _sc_asn1_decode _sc_asn1_encode -_sc_debug -_sc_error sc_append_file_id sc_append_path sc_append_path_id @@ -15,6 +42,7 @@ sc_asn1_decode_integer sc_asn1_decode_object_id sc_asn1_encode +sc_asn1_encode_object_id sc_asn1_encode_algorithm_id sc_asn1_find_tag sc_asn1_print_tags @@ -25,8 +53,8 @@ sc_base64_encode sc_bin_to_hex sc_build_pin +sc_cancel sc_card_ctl -sc_card_valid sc_change_reference_data sc_check_sw sc_compare_oid @@ -40,19 +68,23 @@ sc_create_file sc_ctx_detect_readers sc_ctx_get_reader +sc_ctx_get_reader_by_id +sc_ctx_get_reader_by_name sc_ctx_get_reader_count -sc_ctx_suppress_errors_off -sc_ctx_suppress_errors_on +sc_ctx_log_to_file +sc_ctx_use_reader sc_decipher sc_delete_file sc_delete_record -sc_der_clear sc_der_copy sc_detect_card_presence sc_disconnect_card sc_do_log -sc_do_log_va +sc_do_log_noframe +_sc_debug sc_enum_apps +sc_encode_oid +sc_parse_ef_atr sc_establish_context sc_file_add_acl_entry sc_file_clear_acl_entries @@ -64,13 +96,13 @@ sc_file_set_sec_attr sc_file_set_type_attr sc_file_valid -sc_find_app_by_aid -sc_find_pkcs15_app sc_format_apdu +sc_bytes2apdu sc_format_asn1_entry sc_format_oid sc_format_path sc_free_apps +sc_free_ef_atr sc_get_cache_dir sc_get_challenge sc_get_conf_block @@ -78,6 +110,7 @@ sc_get_mf_path sc_get_version sc_hex_dump +sc_dump_hex sc_hex_to_bin sc_list_files sc_lock @@ -87,6 +120,7 @@ sc_path_print sc_path_set sc_pin_cmd +sc_pkcs1_encode sc_pkcs15_add_df sc_pkcs15_add_object sc_pkcs15_add_unusedspace @@ -109,6 +143,7 @@ sc_pkcs15_decode_pubkey sc_pkcs15_decode_pubkey_dsa sc_pkcs15_decode_pubkey_rsa +sc_pkcs15_decode_pubkey_ec sc_pkcs15_decode_pubkey_gostr3410 sc_pkcs15_decode_pukdf_entry sc_pkcs15_encode_aodf_entry @@ -122,6 +157,7 @@ sc_pkcs15_encode_pubkey sc_pkcs15_encode_pubkey_dsa sc_pkcs15_encode_pubkey_rsa +sc_pkcs15_encode_pubkey_ec sc_pkcs15_encode_pubkey_gostr3410 sc_pkcs15_encode_pukdf_entry sc_pkcs15_encode_tokeninfo @@ -140,17 +176,21 @@ sc_pkcs15_find_prkey_by_reference sc_pkcs15_find_pubkey_by_id sc_pkcs15_find_so_pin +sc_pkcs15_fix_ec_parameters sc_pkcs15_format_id sc_pkcs15_free_cert_info sc_pkcs15_free_certificate sc_pkcs15_free_data_info sc_pkcs15_free_data_object +sc_pkcs15_free_key_params sc_pkcs15_free_object sc_pkcs15_free_pin_info sc_pkcs15_free_prkey sc_pkcs15_free_prkey_info sc_pkcs15_free_pubkey sc_pkcs15_free_pubkey_info +sc_pkcs15_get_guid +sc_pkcs15_get_object_id sc_pkcs15_get_objects sc_pkcs15_get_objects_cond sc_pkcs15_hex_string_to_id @@ -159,6 +199,7 @@ sc_pkcs15_parse_df sc_pkcs15_parse_tokeninfo sc_pkcs15_parse_unusedspace +sc_pkcs15_pincache_clear sc_pkcs15_print_id sc_pkcs15_read_cached_file sc_pkcs15_read_certificate @@ -166,6 +207,8 @@ sc_pkcs15_read_file sc_pkcs15_read_prkey sc_pkcs15_read_pubkey +sc_pkcs15_pubkey_from_prvkey +sc_pkcs15_pubkey_from_cert sc_pkcs15_remove_df sc_pkcs15_remove_object sc_pkcs15_remove_unusedspace @@ -179,6 +222,8 @@ sc_pkcs15emu_add_pin_obj sc_pkcs15emu_add_rsa_prkey sc_pkcs15emu_add_rsa_pubkey +sc_pkcs15emu_add_ec_prkey +sc_pkcs15emu_add_ec_pubkey sc_pkcs15emu_add_x509_cert sc_pkcs15emu_object_add sc_print_path @@ -194,11 +239,6 @@ sc_set_security_env sc_strerror sc_transmit_apdu -sc_ui_display_debug -sc_ui_display_error -sc_ui_get_pin -sc_ui_get_pin_pair -sc_ui_set_language sc_unlock sc_update_binary sc_update_dir @@ -207,4 +247,56 @@ sc_wait_for_event sc_write_binary sc_write_record +sc_erase_binary sc_get_iso7816_driver +sc_pkcs15init_add_app +sc_pkcs15init_authenticate +sc_pkcs15init_bind +sc_pkcs15init_change_attrib +sc_pkcs15init_create_file +sc_pkcs15init_delete_by_path +sc_pkcs15init_delete_object +sc_pkcs15init_erase_card +sc_pkcs15init_erase_card_recursively +sc_pkcs15init_finalize_card +sc_pkcs15init_fixup_file +sc_pkcs15init_generate_key +sc_pkcs15init_get_asepcos_ops +sc_pkcs15init_get_cardos_ops +sc_pkcs15init_get_cryptoflex_ops +sc_pkcs15init_get_cyberflex_ops +sc_pkcs15init_get_gpk_ops +sc_pkcs15init_get_incrypto34_ops +sc_pkcs15init_get_jcop_ops +sc_pkcs15init_get_label +sc_pkcs15init_get_manufacturer +sc_pkcs15init_get_miocos_ops +sc_pkcs15init_get_muscle_ops +sc_pkcs15init_get_oberthur_ops +sc_pkcs15init_get_pin_info +sc_pkcs15init_get_rutoken_ops +sc_pkcs15init_get_rtecp_ops +sc_pkcs15init_get_serial +sc_pkcs15init_get_setcos_ops +sc_pkcs15init_get_starcos_ops +sc_pkcs15init_rmdir +sc_pkcs15init_set_callbacks +sc_pkcs15init_set_lifecycle +sc_pkcs15init_set_p15card +sc_pkcs15init_set_serial +sc_pkcs15init_store_certificate +sc_pkcs15init_store_data_object +sc_pkcs15init_store_pin +sc_pkcs15init_store_private_key +sc_pkcs15init_store_public_key +sc_pkcs15init_unbind +sc_pkcs15init_update_any_df +sc_pkcs15init_update_certificate +sc_pkcs15init_update_file +sc_pkcs15init_verify_secret +sc_pkcs15init_sanity_check +sc_pkcs15init_finalize_profile +sc_card_find_rsa_alg +sc_print_cache +sc_find_app +sc_remote_data_init diff -Nru opensc-0.11.13/src/libopensc/libpkcs15init.pc.in opensc-0.12.1/src/libopensc/libpkcs15init.pc.in --- opensc-0.11.13/src/libopensc/libpkcs15init.pc.in 2006-05-15 20:57:30.000000000 +0000 +++ opensc-0.12.1/src/libopensc/libpkcs15init.pc.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,11 +0,0 @@ -prefix=@prefix@ -exec_prefix=@exec_prefix@ -libdir=@libdir@ -includedir=@includedir@ - -Name: libpkcs15init -Description: libpkcs15init -Version: @VERSION@ -Libs: -L${libdir} -lpkcs15init -lopensc -lscconf -Cflags: -I${includedir} - diff -Nru opensc-0.11.13/src/libopensc/libscconf.pc.in opensc-0.12.1/src/libopensc/libscconf.pc.in --- opensc-0.11.13/src/libopensc/libscconf.pc.in 2006-05-15 20:57:30.000000000 +0000 +++ opensc-0.12.1/src/libopensc/libscconf.pc.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,11 +0,0 @@ -prefix=@prefix@ -exec_prefix=@exec_prefix@ -libdir=@libdir@ -includedir=@includedir@ - -Name: libscconf -Description: libscconf -Version: @VERSION@ -Libs: -L${libdir} -lscconf -Cflags: -I${includedir} - diff -Nru opensc-0.11.13/src/libopensc/log.c opensc-0.12.1/src/libopensc/log.c --- opensc-0.11.13/src/libopensc/log.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/log.c 2011-05-17 17:07:00.000000000 +0000 @@ -19,12 +19,14 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" +#include "config.h" + #include #include #include #include #include +#include #ifdef HAVE_UNISTD_H #include #endif @@ -34,93 +36,123 @@ #ifdef HAVE_IO_H #include #endif +#ifdef HAVE_PTHREAD +#include +#endif -/* Although not used, we need this for consistent exports */ -void _sc_error(sc_context_t *ctx, const char *format, ...) -{ - va_list ap; +#include "internal.h" - va_start(ap, format); - sc_do_log_va(ctx, SC_LOG_TYPE_ERROR, NULL, 0, NULL, format, ap); - va_end(ap); -} +static void sc_do_log_va(sc_context_t *ctx, int level, const char *file, int line, const char *func, const char *format, va_list args); -/* Although not used, we need this for consistent exports */ -void _sc_debug(sc_context_t *ctx, const char *format, ...) +void sc_do_log(sc_context_t *ctx, int level, const char *file, int line, const char *func, const char *format, ...) { va_list ap; va_start(ap, format); - sc_do_log_va(ctx, SC_LOG_TYPE_DEBUG, NULL, 0, NULL, format, ap); + sc_do_log_va(ctx, level, file, line, func, format, ap); va_end(ap); } -void sc_do_log(sc_context_t *ctx, int type, const char *file, int line, const char *func, const char *format, ...) +void sc_do_log_noframe(sc_context_t *ctx, int level, const char *format, va_list args) { - va_list ap; - - va_start(ap, format); - sc_do_log_va(ctx, type, file, line, func, format, ap); - va_end(ap); + sc_do_log_va(ctx, level, NULL, 0, NULL, format, args); } -void sc_do_log_va(sc_context_t *ctx, int type, const char *file, int line, const char *func, const char *format, va_list args) +static void sc_do_log_va(sc_context_t *ctx, int level, const char *file, int line, const char *func, const char *format, va_list args) { - int (*display_fn)(sc_context_t *, const char *); char buf[1836], *p; - const char *tag = ""; int r; size_t left; +#ifdef _WIN32 + SYSTEMTIME st; +#else + struct tm *tm; + struct timeval tv; + char time_string[40]; +#endif + FILE *outf = NULL; + int n; assert(ctx != NULL); - switch (type) { - case SC_LOG_TYPE_ERROR: - if (!ctx->suppress_errors) { - display_fn = &sc_ui_display_error; - tag = "error:"; - break; - } - /* Fall thru - suppressed errors are logged as - * debug messages */ - tag = "error (suppressed):"; - type = SC_LOG_TYPE_DEBUG; + if (ctx->debug < level) + return; - case SC_LOG_TYPE_DEBUG: - if (ctx->debug == 0) - return; - display_fn = &sc_ui_display_debug; - break; + p = buf; + left = sizeof(buf); - default: - return; - } +#ifdef _WIN32 + GetLocalTime(&st); + r = snprintf(p, left, + "%i-%02i-%02i %02i:%02i:%02i.%03i ", + st.wYear, st.wMonth, st.wDay, + st.wHour, st.wMinute, st.wSecond, st.wMilliseconds); +#else + gettimeofday (&tv, NULL); + tm = localtime (&tv.tv_sec); + strftime (time_string, sizeof(time_string), "%H:%M:%S", tm); + r = snprintf(p, left, "0x%lx %s.%03ld ", (unsigned long)pthread_self(), time_string, tv.tv_usec / 1000); +#endif + p += r; + left -= r; if (file != NULL) { - r = snprintf(buf, sizeof(buf), "[%s] %s:%d:%s: ", + r = snprintf(p, left, "[%s] %s:%d:%s: ", ctx->app_name, file, line, func ? func : ""); if (r < 0 || (unsigned int)r > sizeof(buf)) return; } else { r = 0; - } - p = buf + r; - left = sizeof(buf) - r; + } + p += r; + left -= r; r = vsnprintf(p, left, format, args); if (r < 0) return; - p += r; - left -= r; - display_fn(ctx, buf); + outf = ctx->debug_file; + if (outf == NULL) + return; + + fprintf(outf, "%s", buf); + n = strlen(buf); + if (n == 0 || buf[n-1] != '\n') + fprintf(outf, "\n"); + fflush(outf); + + return; +} + +void _sc_debug(struct sc_context *ctx, int level, const char *format, ...) +{ + va_list ap; + + va_start(ap, format); + sc_do_log_va(ctx, level, NULL, 0, NULL, format, ap); + va_end(ap); +} + +void _sc_log(struct sc_context *ctx, const char *format, ...) +{ + va_list ap; + + va_start(ap, format); + sc_do_log_va(ctx, SC_LOG_DEBUG_NORMAL, NULL, 0, NULL, format, ap); + va_end(ap); } -void sc_hex_dump(sc_context_t *ctx, const u8 * in, size_t count, char *buf, size_t len) +/* Although not used, we need this for consistent exports */ +void sc_hex_dump(struct sc_context *ctx, int level, const u8 * in, size_t count, char *buf, size_t len) { char *p = buf; int lines = 0; + assert(ctx != NULL); + + if (ctx->debug < level) + return; + assert(buf != NULL && in != NULL); buf[0] = 0; if ((count * 5) > len) @@ -151,3 +183,35 @@ lines++; } } + +char * +sc_dump_hex(const u8 * in, size_t count) +{ + static char dump_buf[0x1000]; + size_t ii, size = sizeof(dump_buf) - 0x10; + size_t offs = 0; + + memset(dump_buf, 0, sizeof(dump_buf)); + if (in == NULL) + return dump_buf; + + for (ii=0; ii size) + break; + } + + if (ii -#include +#include "libopensc/opensc.h" -#define SC_LOG_TYPE_ERROR 0 -#define SC_LOG_TYPE_VERBOSE 1 -#define SC_LOG_TYPE_DEBUG 2 +enum { + SC_LOG_DEBUG_VERBOSE_TOOL = 1, /* tools only: verbose */ + SC_LOG_DEBUG_VERBOSE, /* helps users */ + SC_LOG_DEBUG_NORMAL, /* helps developers */ + SC_LOG_DEBUG_RFU1, /* RFU */ + SC_LOG_DEBUG_RFU2, /* RFU */ + SC_LOG_DEBUG_ASN1, /* asn1.c only */ + SC_LOG_DEBUG_MATCH, /* card matching only */ +}; /* You can't do #ifndef __FUNCTION__ */ #if !defined(__GNUC__) && !defined(__IBMC__) && !(defined(_MSC_VER) && (_MSC_VER >= 1300)) @@ -39,48 +45,49 @@ #endif #if defined(__GNUC__) - -#define sc_error(ctx, format, args...) sc_do_log(ctx, SC_LOG_TYPE_ERROR, __FILE__, __LINE__, __FUNCTION__, format , ## args) -#define sc_debug(ctx, format, args...) sc_do_log(ctx, SC_LOG_TYPE_DEBUG, __FILE__, __LINE__, __FUNCTION__, format , ## args) - +#define sc_debug(ctx, level, format, args...) sc_do_log(ctx, level, __FILE__, __LINE__, __FUNCTION__, format , ## args) +#define sc_log(ctx, format, args...) sc_do_log(ctx, SC_LOG_DEBUG_NORMAL, __FILE__, __LINE__, __FUNCTION__, format , ## args) #else -#define sc_error _sc_error #define sc_debug _sc_debug +#define sc_log _sc_log #endif -void _sc_error(struct sc_context *ctx, const char *format, ...); -void _sc_debug(struct sc_context *ctx, const char *format, ...); -void sc_do_log(struct sc_context *ctx, int type, const char *file, int line, const char *func, const char *format, ...); -void sc_do_log_va(struct sc_context *ctx, int type, const char *file, int line, const char *func, const char *format, va_list args); +void sc_do_log(struct sc_context *ctx, int level, const char *file, int line, const char *func, + const char *format, ...); +void sc_do_log_noframe(sc_context_t *ctx, int level, const char *format, va_list args); +void _sc_debug(struct sc_context *ctx, int level, const char *format, ...); +void _sc_log(struct sc_context *ctx, const char *format, ...); -void sc_hex_dump(struct sc_context *ctx, const u8 * buf, size_t len, char *out, size_t outlen); +void sc_hex_dump(struct sc_context *ctx, int level, const u8 * buf, size_t len, char *out, size_t outlen); +char * sc_dump_hex(const u8 * in, size_t count); #define SC_FUNC_CALLED(ctx, level) do { \ - if (ctx->debug >= level) \ - sc_do_log(ctx, SC_LOG_TYPE_DEBUG, __FILE__, __LINE__, __FUNCTION__, "called\n"); \ + sc_do_log(ctx, level, __FILE__, __LINE__, __FUNCTION__, "called\n"); \ } while (0) +#define LOG_FUNC_CALLED(ctx) SC_FUNC_CALLED((ctx), SC_LOG_DEBUG_NORMAL) #define SC_FUNC_RETURN(ctx, level, r) do { \ int _ret = r; \ - if (_ret < 0 && !ctx->suppress_errors) { \ - sc_do_log(ctx, SC_LOG_TYPE_ERROR, __FILE__, __LINE__, __FUNCTION__, "returning with: %s\n", sc_strerror(_ret)); \ - } else if (ctx->debug >= level) { \ - sc_do_log(ctx, SC_LOG_TYPE_DEBUG, __FILE__, __LINE__, __FUNCTION__, "returning with: %d\n", _ret); \ + if (_ret <= 0) { \ + sc_do_log(ctx, level, __FILE__, __LINE__, __FUNCTION__, \ + "returning with: %d (%s)\n", _ret, sc_strerror(_ret)); \ + } else { \ + sc_do_log(ctx, level, __FILE__, __LINE__, __FUNCTION__, \ + "returning with: %d\n", _ret); \ } \ return _ret; \ } while(0) +#define LOG_FUNC_RETURN(ctx, r) SC_FUNC_RETURN((ctx), SC_LOG_DEBUG_NORMAL, (r)) -#define SC_TEST_RET(ctx, r, text) do { \ +#define SC_TEST_RET(ctx, level, r, text) do { \ int _ret = (r); \ if (_ret < 0) { \ - sc_do_log(ctx, SC_LOG_TYPE_ERROR, __FILE__, __LINE__, __FUNCTION__, "%s: %s\n", (text), sc_strerror(_ret)); \ + sc_do_log(ctx, level, __FILE__, __LINE__, __FUNCTION__, \ + "%s: %d (%s)\n", (text), _ret, sc_strerror(_ret)); \ return _ret; \ } \ } while(0) - -#define sc_perror(ctx, errno, str) { \ - sc_do_log(ctx, SC_LOG_TYPE_ERROR, __FILE__, __LINE__, __FUNCTION__, "%s: %s\n", str, sc_strerror(errno)); \ -} +#define LOG_TEST_RET(ctx, r, text) SC_TEST_RET((ctx), SC_LOG_DEBUG_NORMAL, (r), (text)) #ifdef __cplusplus } diff -Nru opensc-0.11.13/src/libopensc/Makefile.am opensc-0.12.1/src/libopensc/Makefile.am --- opensc-0.11.13/src/libopensc/Makefile.am 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/Makefile.am 2011-05-17 17:07:00.000000000 +0000 @@ -1,61 +1,59 @@ include $(top_srcdir)/win32/ltrc.inc -MAINTAINERCLEANFILES = \ - $(srcdir)/Makefile.in $(srcdir)/versioninfo.rc -CLEANFILES = versioninfo.rc +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in + EXTRA_DIST = Makefile.mak -bin_SCRIPTS = opensc-config lib_LTLIBRARIES = libopensc.la -openscinclude_HEADERS = \ - opensc.h pkcs15.h emv.h \ - cardctl.h asn1.h log.h ui.h \ - errors.h types.h compression.h noinst_HEADERS = cards.h ctbcs.h internal.h esteid.h muscle.h muscle-filesystem.h \ - internal-winscard.h p15card-helper.h -pkgconfig_DATA = libopensc.pc libpkcs15init.pc libscconf.pc + internal-winscard.h p15card-helper.h \ + opensc.h pkcs15.h \ + cardctl.h asn1.h log.h \ + errors.h types.h compression.h itacns.h iso7816.h \ + authentic.h iasecc.h iasecc-sdo.h AM_CPPFLAGS = -DOPENSC_CONF_PATH=\"$(sysconfdir)/opensc.conf\" AM_CFLAGS = $(OPTIONAL_OPENSSL_CFLAGS) $(OPTIONAL_OPENCT_CFLAGS) \ $(OPTIONAL_PCSC_CFLAGS) $(OPTIONAL_ZLIB_CFLAGS) \ - $(OPTIONAL_ICONV_CFLAGS) $(LTLIB_CFLAGS) -INCLUDES = -I$(top_builddir)/src/include -I$(top_srcdir)/src/common + $(LTLIB_CFLAGS) +INCLUDES = -I$(top_srcdir)/src libopensc_la_SOURCES = \ - sc.c ctx.c ui.c log.c errors.c \ - asn1.c base64.c sec.c card.c iso7816.c dir.c padding.c apdu.c \ + sc.c ctx.c log.c errors.c \ + asn1.c base64.c sec.c card.c iso7816.c dir.c ef-atr.c padding.c apdu.c \ \ pkcs15.c pkcs15-cert.c pkcs15-data.c pkcs15-pin.c \ pkcs15-prkey.c pkcs15-pubkey.c pkcs15-sec.c \ pkcs15-wrap.c pkcs15-algo.c pkcs15-cache.c pkcs15-syn.c \ pkcs15-gemsafeV1.c \ \ - emv.c muscle.c muscle-filesystem.c \ + muscle.c muscle-filesystem.c \ \ ctbcs.c reader-ctapi.c reader-pcsc.c reader-openct.c \ \ card-setcos.c card-miocos.c card-flex.c card-gpk.c \ - card-cardos.c card-tcos.c card-emv.c card-default.c \ + card-cardos.c card-tcos.c card-default.c \ card-mcrd.c card-starcos.c card-openpgp.c card-jcop.c \ card-oberthur.c card-belpic.c card-atrust-acos.c card-entersafe.c \ card-incrypto34.c card-piv.c card-muscle.c card-acos5.c \ card-asepcos.c card-akis.c card-gemsafeV1.c card-rutoken.c \ - card-rtecp.c card-westcos.c card-myeid.c \ + card-rtecp.c card-westcos.c card-myeid.c card-ias.c \ + card-javacard.c card-itacns.c card-authentic.c \ + card-iasecc.c iasecc-sdo.c \ \ pkcs15-openpgp.c pkcs15-infocamere.c pkcs15-starcert.c \ pkcs15-tcos.c pkcs15-esteid.c pkcs15-postecert.c pkcs15-gemsafeGPK.c \ pkcs15-actalis.c pkcs15-atrust-acos.c pkcs15-tccardos.c pkcs15-piv.c \ - pkcs15-esinit.c p15emu-westcos.c \ + pkcs15-esinit.c pkcs15-westcos.c pkcs15-pteid.c pkcs15-oberthur.c \ + pkcs15-itacns.c \ compression.c p15card-helper.c \ - \ libopensc.exports if WIN32 -libopensc_la_SOURCES += versioninfo.rc -else -dist_noinst_DATA = versioninfo.rc +libopensc_la_SOURCES += $(top_builddir)/win32/versioninfo.rc endif libopensc_la_LIBADD = $(OPTIONAL_OPENSSL_LIBS) $(OPTIONAL_OPENCT_LIBS) \ - $(OPTIONAL_ZLIB_LIBS) $(OPTIONAL_ICONV_LIBS) $(LTLIB_LIBS) \ + $(OPTIONAL_ZLIB_LIBS) $(LTLIB_LIBS) \ + $(top_builddir)/src/pkcs15init/libpkcs15init.la \ $(top_builddir)/src/scconf/libscconf.la \ $(top_builddir)/src/common/libcompat.la if WIN32 @@ -66,10 +64,6 @@ -export-symbols "$(srcdir)/libopensc.exports" \ -no-undefined -versioninfo.rc: - sed 's/@@FILE_DESCRIPTION@@/OpenSC Core Library/g' \ - "$(top_builddir)/win32/versioninfo.rc.in" > versioninfo.rc - if WIN32 # def file required for MS users to build library mylibdir=$(libdir) diff -Nru opensc-0.11.13/src/libopensc/Makefile.in opensc-0.12.1/src/libopensc/Makefile.in --- opensc-0.11.13/src/libopensc/Makefile.in 2010-02-16 09:32:18.000000000 +0000 +++ opensc-0.12.1/src/libopensc/Makefile.in 2011-05-18 05:51:48.000000000 +0000 @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -19,7 +19,6 @@ - VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ @@ -39,26 +38,22 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -DIST_COMMON = $(am__dist_noinst_DATA_DIST) $(noinst_HEADERS) \ - $(openscinclude_HEADERS) $(srcdir)/Makefile.am \ +DIST_COMMON = $(noinst_HEADERS) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in $(srcdir)/libopensc.pc.in \ - $(srcdir)/libpkcs15init.pc.in $(srcdir)/libscconf.pc.in \ - $(srcdir)/opensc-config.in $(top_srcdir)/win32/ltrc.inc -@WIN32_TRUE@am__append_1 = versioninfo.rc + $(top_srcdir)/win32/ltrc.inc +@WIN32_TRUE@am__append_1 = $(top_builddir)/win32/versioninfo.rc @WIN32_TRUE@am__append_2 = -lws2_32 subdir = src/libopensc ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/acx_pthread.m4 \ - $(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.ac + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = opensc-config libopensc.pc libpkcs15init.pc \ - libscconf.pc +CONFIG_CLEAN_FILES = libopensc.pc CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ @@ -81,61 +76,65 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" \ - "$(DESTDIR)$(mylibdir)" "$(DESTDIR)$(pkgconfigdir)" \ - "$(DESTDIR)$(openscincludedir)" +am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(mylibdir)" LTLIBRARIES = $(lib_LTLIBRARIES) am__DEPENDENCIES_1 = libopensc_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) \ + $(top_builddir)/src/pkcs15init/libpkcs15init.la \ $(top_builddir)/src/scconf/libscconf.la \ $(top_builddir)/src/common/libcompat.la $(am__DEPENDENCIES_1) -am__libopensc_la_SOURCES_DIST = sc.c ctx.c ui.c log.c errors.c asn1.c \ - base64.c sec.c card.c iso7816.c dir.c padding.c apdu.c \ - pkcs15.c pkcs15-cert.c pkcs15-data.c pkcs15-pin.c \ +am__libopensc_la_SOURCES_DIST = sc.c ctx.c log.c errors.c asn1.c \ + base64.c sec.c card.c iso7816.c dir.c ef-atr.c padding.c \ + apdu.c pkcs15.c pkcs15-cert.c pkcs15-data.c pkcs15-pin.c \ pkcs15-prkey.c pkcs15-pubkey.c pkcs15-sec.c pkcs15-wrap.c \ pkcs15-algo.c pkcs15-cache.c pkcs15-syn.c pkcs15-gemsafeV1.c \ - emv.c muscle.c muscle-filesystem.c ctbcs.c reader-ctapi.c \ + muscle.c muscle-filesystem.c ctbcs.c reader-ctapi.c \ reader-pcsc.c reader-openct.c card-setcos.c card-miocos.c \ - card-flex.c card-gpk.c card-cardos.c card-tcos.c card-emv.c \ + card-flex.c card-gpk.c card-cardos.c card-tcos.c \ card-default.c card-mcrd.c card-starcos.c card-openpgp.c \ card-jcop.c card-oberthur.c card-belpic.c card-atrust-acos.c \ card-entersafe.c card-incrypto34.c card-piv.c card-muscle.c \ card-acos5.c card-asepcos.c card-akis.c card-gemsafeV1.c \ card-rutoken.c card-rtecp.c card-westcos.c card-myeid.c \ - pkcs15-openpgp.c pkcs15-infocamere.c pkcs15-starcert.c \ - pkcs15-tcos.c pkcs15-esteid.c pkcs15-postecert.c \ - pkcs15-gemsafeGPK.c pkcs15-actalis.c pkcs15-atrust-acos.c \ - pkcs15-tccardos.c pkcs15-piv.c pkcs15-esinit.c \ - p15emu-westcos.c compression.c p15card-helper.c \ - libopensc.exports versioninfo.rc -@WIN32_TRUE@am__objects_1 = versioninfo.lo -am_libopensc_la_OBJECTS = sc.lo ctx.lo ui.lo log.lo errors.lo asn1.lo \ - base64.lo sec.lo card.lo iso7816.lo dir.lo padding.lo apdu.lo \ - pkcs15.lo pkcs15-cert.lo pkcs15-data.lo pkcs15-pin.lo \ - pkcs15-prkey.lo pkcs15-pubkey.lo pkcs15-sec.lo pkcs15-wrap.lo \ - pkcs15-algo.lo pkcs15-cache.lo pkcs15-syn.lo \ - pkcs15-gemsafeV1.lo emv.lo muscle.lo muscle-filesystem.lo \ - ctbcs.lo reader-ctapi.lo reader-pcsc.lo reader-openct.lo \ - card-setcos.lo card-miocos.lo card-flex.lo card-gpk.lo \ - card-cardos.lo card-tcos.lo card-emv.lo card-default.lo \ - card-mcrd.lo card-starcos.lo card-openpgp.lo card-jcop.lo \ - card-oberthur.lo card-belpic.lo card-atrust-acos.lo \ - card-entersafe.lo card-incrypto34.lo card-piv.lo \ - card-muscle.lo card-acos5.lo card-asepcos.lo card-akis.lo \ - card-gemsafeV1.lo card-rutoken.lo card-rtecp.lo \ - card-westcos.lo card-myeid.lo pkcs15-openpgp.lo \ - pkcs15-infocamere.lo pkcs15-starcert.lo pkcs15-tcos.lo \ - pkcs15-esteid.lo pkcs15-postecert.lo pkcs15-gemsafeGPK.lo \ - pkcs15-actalis.lo pkcs15-atrust-acos.lo pkcs15-tccardos.lo \ - pkcs15-piv.lo pkcs15-esinit.lo p15emu-westcos.lo \ - compression.lo p15card-helper.lo $(am__objects_1) + card-ias.c card-javacard.c card-itacns.c card-authentic.c \ + card-iasecc.c iasecc-sdo.c pkcs15-openpgp.c \ + pkcs15-infocamere.c pkcs15-starcert.c pkcs15-tcos.c \ + pkcs15-esteid.c pkcs15-postecert.c pkcs15-gemsafeGPK.c \ + pkcs15-actalis.c pkcs15-atrust-acos.c pkcs15-tccardos.c \ + pkcs15-piv.c pkcs15-esinit.c pkcs15-westcos.c pkcs15-pteid.c \ + pkcs15-oberthur.c pkcs15-itacns.c compression.c \ + p15card-helper.c libopensc.exports \ + $(top_builddir)/win32/versioninfo.rc +am__dirstamp = $(am__leading_dot)dirstamp +@WIN32_TRUE@am__objects_1 = $(top_builddir)/win32/versioninfo.lo +am_libopensc_la_OBJECTS = sc.lo ctx.lo log.lo errors.lo asn1.lo \ + base64.lo sec.lo card.lo iso7816.lo dir.lo ef-atr.lo \ + padding.lo apdu.lo pkcs15.lo pkcs15-cert.lo pkcs15-data.lo \ + pkcs15-pin.lo pkcs15-prkey.lo pkcs15-pubkey.lo pkcs15-sec.lo \ + pkcs15-wrap.lo pkcs15-algo.lo pkcs15-cache.lo pkcs15-syn.lo \ + pkcs15-gemsafeV1.lo muscle.lo muscle-filesystem.lo ctbcs.lo \ + reader-ctapi.lo reader-pcsc.lo reader-openct.lo card-setcos.lo \ + card-miocos.lo card-flex.lo card-gpk.lo card-cardos.lo \ + card-tcos.lo card-default.lo card-mcrd.lo card-starcos.lo \ + card-openpgp.lo card-jcop.lo card-oberthur.lo card-belpic.lo \ + card-atrust-acos.lo card-entersafe.lo card-incrypto34.lo \ + card-piv.lo card-muscle.lo card-acos5.lo card-asepcos.lo \ + card-akis.lo card-gemsafeV1.lo card-rutoken.lo card-rtecp.lo \ + card-westcos.lo card-myeid.lo card-ias.lo card-javacard.lo \ + card-itacns.lo card-authentic.lo card-iasecc.lo iasecc-sdo.lo \ + pkcs15-openpgp.lo pkcs15-infocamere.lo pkcs15-starcert.lo \ + pkcs15-tcos.lo pkcs15-esteid.lo pkcs15-postecert.lo \ + pkcs15-gemsafeGPK.lo pkcs15-actalis.lo pkcs15-atrust-acos.lo \ + pkcs15-tccardos.lo pkcs15-piv.lo pkcs15-esinit.lo \ + pkcs15-westcos.lo pkcs15-pteid.lo pkcs15-oberthur.lo \ + pkcs15-itacns.lo compression.lo p15card-helper.lo \ + $(am__objects_1) libopensc_la_OBJECTS = $(am_libopensc_la_OBJECTS) libopensc_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libopensc_la_LDFLAGS) $(LDFLAGS) -o $@ -SCRIPTS = $(bin_SCRIPTS) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -151,9 +150,8 @@ $(LDFLAGS) -o $@ SOURCES = $(libopensc_la_SOURCES) DIST_SOURCES = $(am__libopensc_la_SOURCES_DIST) -am__dist_noinst_DATA_DIST = versioninfo.rc -DATA = $(dist_noinst_DATA) $(mylib_DATA) $(pkgconfig_DATA) -HEADERS = $(noinst_HEADERS) $(openscinclude_HEADERS) +DATA = $(mylib_DATA) +HEADERS = $(noinst_HEADERS) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -184,8 +182,6 @@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ -ICONV_CFLAGS = @ICONV_CFLAGS@ -ICONV_LIBS = @ICONV_LIBS@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ @@ -193,10 +189,8 @@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LD = @LD@ LDFLAGS = @LDFLAGS@ -LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@ -LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@ -LIBASSUAN_LIBS = @LIBASSUAN_LIBS@ LIBOBJS = @LIBOBJS@ +LIBRARY_BITNESS = @LIBRARY_BITNESS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ @@ -221,8 +215,6 @@ OPENSC_VERSION_MINOR = @OPENSC_VERSION_MINOR@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ -OPTIONAL_ICONV_CFLAGS = @OPTIONAL_ICONV_CFLAGS@ -OPTIONAL_ICONV_LIBS = @OPTIONAL_ICONV_LIBS@ OPTIONAL_OPENCT_CFLAGS = @OPTIONAL_OPENCT_CFLAGS@ OPTIONAL_OPENCT_LIBS = @OPTIONAL_OPENCT_LIBS@ OPTIONAL_OPENSSL_CFLAGS = @OPTIONAL_OPENSSL_CFLAGS@ @@ -245,6 +237,8 @@ PCSC_CFLAGS = @PCSC_CFLAGS@ PCSC_LIBS = @PCSC_LIBS@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ @@ -257,10 +251,7 @@ SHELL = @SHELL@ STRIP = @STRIP@ SVN = @SVN@ -TR = @TR@ VERSION = @VERSION@ -WGET = @WGET@ -WGET_OPTS = @WGET_OPTS@ WIN_LIBPREFIX = @WIN_LIBPREFIX@ XSLTPROC = @XSLTPROC@ ZLIB_CFLAGS = @ZLIB_CFLAGS@ @@ -306,11 +297,8 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ -openscincludedir = @openscincludedir@ pdfdir = @pdfdir@ pkcs11dir = @pkcs11dir@ -pkgconfigdir = @pkgconfigdir@ -plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -327,50 +315,46 @@ $(AM_CPPFLAGS) $(CPPFLAGS) LTRCCOMPILE = $(LIBTOOL) --mode=compile --tag=RC $(RCCOMPILE) -MAINTAINERCLEANFILES = \ - $(srcdir)/Makefile.in $(srcdir)/versioninfo.rc - -CLEANFILES = versioninfo.rc +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in EXTRA_DIST = Makefile.mak -bin_SCRIPTS = opensc-config lib_LTLIBRARIES = libopensc.la -openscinclude_HEADERS = \ - opensc.h pkcs15.h emv.h \ - cardctl.h asn1.h log.h ui.h \ - errors.h types.h compression.h - noinst_HEADERS = cards.h ctbcs.h internal.h esteid.h muscle.h muscle-filesystem.h \ - internal-winscard.h p15card-helper.h + internal-winscard.h p15card-helper.h \ + opensc.h pkcs15.h \ + cardctl.h asn1.h log.h \ + errors.h types.h compression.h itacns.h iso7816.h \ + authentic.h iasecc.h iasecc-sdo.h -pkgconfig_DATA = libopensc.pc libpkcs15init.pc libscconf.pc AM_CPPFLAGS = -DOPENSC_CONF_PATH=\"$(sysconfdir)/opensc.conf\" AM_CFLAGS = $(OPTIONAL_OPENSSL_CFLAGS) $(OPTIONAL_OPENCT_CFLAGS) \ $(OPTIONAL_PCSC_CFLAGS) $(OPTIONAL_ZLIB_CFLAGS) \ - $(OPTIONAL_ICONV_CFLAGS) $(LTLIB_CFLAGS) + $(LTLIB_CFLAGS) -INCLUDES = -I$(top_builddir)/src/include -I$(top_srcdir)/src/common -libopensc_la_SOURCES = sc.c ctx.c ui.c log.c errors.c asn1.c base64.c \ - sec.c card.c iso7816.c dir.c padding.c apdu.c pkcs15.c \ +INCLUDES = -I$(top_srcdir)/src +libopensc_la_SOURCES = sc.c ctx.c log.c errors.c asn1.c base64.c sec.c \ + card.c iso7816.c dir.c ef-atr.c padding.c apdu.c pkcs15.c \ pkcs15-cert.c pkcs15-data.c pkcs15-pin.c pkcs15-prkey.c \ pkcs15-pubkey.c pkcs15-sec.c pkcs15-wrap.c pkcs15-algo.c \ - pkcs15-cache.c pkcs15-syn.c pkcs15-gemsafeV1.c emv.c muscle.c \ + pkcs15-cache.c pkcs15-syn.c pkcs15-gemsafeV1.c muscle.c \ muscle-filesystem.c ctbcs.c reader-ctapi.c reader-pcsc.c \ reader-openct.c card-setcos.c card-miocos.c card-flex.c \ - card-gpk.c card-cardos.c card-tcos.c card-emv.c card-default.c \ + card-gpk.c card-cardos.c card-tcos.c card-default.c \ card-mcrd.c card-starcos.c card-openpgp.c card-jcop.c \ card-oberthur.c card-belpic.c card-atrust-acos.c \ card-entersafe.c card-incrypto34.c card-piv.c card-muscle.c \ card-acos5.c card-asepcos.c card-akis.c card-gemsafeV1.c \ card-rutoken.c card-rtecp.c card-westcos.c card-myeid.c \ - pkcs15-openpgp.c pkcs15-infocamere.c pkcs15-starcert.c \ - pkcs15-tcos.c pkcs15-esteid.c pkcs15-postecert.c \ - pkcs15-gemsafeGPK.c pkcs15-actalis.c pkcs15-atrust-acos.c \ - pkcs15-tccardos.c pkcs15-piv.c pkcs15-esinit.c \ - p15emu-westcos.c compression.c p15card-helper.c \ - libopensc.exports $(am__append_1) -@WIN32_FALSE@dist_noinst_DATA = versioninfo.rc + card-ias.c card-javacard.c card-itacns.c card-authentic.c \ + card-iasecc.c iasecc-sdo.c pkcs15-openpgp.c \ + pkcs15-infocamere.c pkcs15-starcert.c pkcs15-tcos.c \ + pkcs15-esteid.c pkcs15-postecert.c pkcs15-gemsafeGPK.c \ + pkcs15-actalis.c pkcs15-atrust-acos.c pkcs15-tccardos.c \ + pkcs15-piv.c pkcs15-esinit.c pkcs15-westcos.c pkcs15-pteid.c \ + pkcs15-oberthur.c pkcs15-itacns.c compression.c \ + p15card-helper.c libopensc.exports $(am__append_1) libopensc_la_LIBADD = $(OPTIONAL_OPENSSL_LIBS) $(OPTIONAL_OPENCT_LIBS) \ - $(OPTIONAL_ZLIB_LIBS) $(OPTIONAL_ICONV_LIBS) $(LTLIB_LIBS) \ + $(OPTIONAL_ZLIB_LIBS) $(LTLIB_LIBS) \ + $(top_builddir)/src/pkcs15init/libpkcs15init.la \ $(top_builddir)/src/scconf/libscconf.la \ $(top_builddir)/src/common/libcompat.la $(am__append_2) libopensc_la_LDFLAGS = $(AM_LDFLAGS) \ @@ -395,9 +379,9 @@ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libopensc/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/libopensc/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libopensc/Makefile + $(AUTOMAKE) --foreign src/libopensc/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -416,14 +400,8 @@ $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): -opensc-config: $(top_builddir)/config.status $(srcdir)/opensc-config.in - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ libopensc.pc: $(top_builddir)/config.status $(srcdir)/libopensc.pc.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ -libpkcs15init.pc: $(top_builddir)/config.status $(srcdir)/libpkcs15init.pc.in - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ -libscconf.pc: $(top_builddir)/config.status $(srcdir)/libscconf.pc.in - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" @@ -455,45 +433,22 @@ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done +$(top_builddir)/win32/$(am__dirstamp): + @$(MKDIR_P) $(top_builddir)/win32 + @: > $(top_builddir)/win32/$(am__dirstamp) +$(top_builddir)/win32/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) $(top_builddir)/win32/$(DEPDIR) + @: > $(top_builddir)/win32/$(DEPDIR)/$(am__dirstamp) +$(top_builddir)/win32/versioninfo.lo: \ + $(top_builddir)/win32/$(am__dirstamp) \ + $(top_builddir)/win32/$(DEPDIR)/$(am__dirstamp) libopensc.la: $(libopensc_la_OBJECTS) $(libopensc_la_DEPENDENCIES) $(libopensc_la_LINK) -rpath $(libdir) $(libopensc_la_OBJECTS) $(libopensc_la_LIBADD) $(LIBS) -install-binSCRIPTS: $(bin_SCRIPTS) - @$(NORMAL_INSTALL) - test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)" - @list='$(bin_SCRIPTS)'; test -n "$(bindir)" || list=; \ - for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \ - done | \ - sed -e 'p;s,.*/,,;n' \ - -e 'h;s|.*|.|' \ - -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \ - $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \ - { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ - if ($$2 == $$4) { files[d] = files[d] " " $$1; \ - if (++n[d] == $(am__install_max)) { \ - print "f", d, files[d]; n[d] = 0; files[d] = "" } } \ - else { print "f", d "/" $$4, $$1 } } \ - END { for (d in files) print "f", d, files[d] }' | \ - while read type dir files; do \ - if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ - test -z "$$files" || { \ - echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(bindir)$$dir'"; \ - $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ - } \ - ; done - -uninstall-binSCRIPTS: - @$(NORMAL_UNINSTALL) - @list='$(bin_SCRIPTS)'; test -n "$(bindir)" || exit 0; \ - files=`for p in $$list; do echo "$$p"; done | \ - sed -e 's,.*/,,;$(transform)'`; \ - test -n "$$list" || exit 0; \ - echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(bindir)" && rm -f $$files mostlyclean-compile: -rm -f *.$(OBJEXT) + -rm -f $(top_builddir)/win32/versioninfo.$(OBJEXT) + -rm -f $(top_builddir)/win32/versioninfo.lo distclean-compile: -rm -f *.tab.c @@ -505,15 +460,19 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/card-akis.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/card-asepcos.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/card-atrust-acos.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/card-authentic.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/card-belpic.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/card-cardos.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/card-default.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/card-emv.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/card-entersafe.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/card-flex.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/card-gemsafeV1.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/card-gpk.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/card-ias.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/card-iasecc.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/card-incrypto34.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/card-itacns.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/card-javacard.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/card-jcop.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/card-mcrd.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/card-miocos.Plo@am__quote@ @@ -533,14 +492,14 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ctbcs.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ctx.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dir.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/emv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ef-atr.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/errors.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iasecc-sdo.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iso7816.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/log.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/muscle-filesystem.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/muscle.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/p15card-helper.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/p15emu-westcos.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/padding.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-actalis.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-algo.Plo@am__quote@ @@ -553,17 +512,21 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-gemsafeGPK.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-gemsafeV1.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-infocamere.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-itacns.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-oberthur.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-openpgp.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-pin.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-piv.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-postecert.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-prkey.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-pteid.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-pubkey.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-sec.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-starcert.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-syn.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-tccardos.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-tcos.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-westcos.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-wrap.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/reader-ctapi.Plo@am__quote@ @@ -571,7 +534,6 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/reader-pcsc.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sc.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sec.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ui.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @@ -598,6 +560,7 @@ -rm -f *.lo clean-libtool: + -rm -rf $(top_builddir)/win32/.libs $(top_builddir)/win32/_libs -rm -rf .libs _libs install-mylibDATA: $(mylib_DATA) @$(NORMAL_INSTALL) @@ -619,46 +582,6 @@ test -n "$$files" || exit 0; \ echo " ( cd '$(DESTDIR)$(mylibdir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(mylibdir)" && rm -f $$files -install-pkgconfigDATA: $(pkgconfig_DATA) - @$(NORMAL_INSTALL) - test -z "$(pkgconfigdir)" || $(MKDIR_P) "$(DESTDIR)$(pkgconfigdir)" - @list='$(pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \ - for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; \ - done | $(am__base_list) | \ - while read files; do \ - echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pkgconfigdir)'"; \ - $(INSTALL_DATA) $$files "$(DESTDIR)$(pkgconfigdir)" || exit $$?; \ - done - -uninstall-pkgconfigDATA: - @$(NORMAL_UNINSTALL) - @list='$(pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \ - files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ - test -n "$$files" || exit 0; \ - echo " ( cd '$(DESTDIR)$(pkgconfigdir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(pkgconfigdir)" && rm -f $$files -install-openscincludeHEADERS: $(openscinclude_HEADERS) - @$(NORMAL_INSTALL) - test -z "$(openscincludedir)" || $(MKDIR_P) "$(DESTDIR)$(openscincludedir)" - @list='$(openscinclude_HEADERS)'; test -n "$(openscincludedir)" || list=; \ - for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; \ - done | $(am__base_list) | \ - while read files; do \ - echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(openscincludedir)'"; \ - $(INSTALL_HEADER) $$files "$(DESTDIR)$(openscincludedir)" || exit $$?; \ - done - -uninstall-openscincludeHEADERS: - @$(NORMAL_UNINSTALL) - @list='$(openscinclude_HEADERS)'; test -n "$(openscincludedir)" || list=; \ - files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ - test -n "$$files" || exit 0; \ - echo " ( cd '$(DESTDIR)$(openscincludedir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(openscincludedir)" && rm -f $$files ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ @@ -744,9 +667,9 @@ done check-am: all-am check: check-am -all-am: Makefile $(LTLIBRARIES) $(SCRIPTS) $(DATA) $(HEADERS) +all-am: Makefile $(LTLIBRARIES) $(DATA) $(HEADERS) installdirs: - for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(mylibdir)" "$(DESTDIR)$(pkgconfigdir)" "$(DESTDIR)$(openscincludedir)"; do \ + for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(mylibdir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am @@ -766,11 +689,12 @@ mostlyclean-generic: clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -test -z "$(top_builddir)/win32/$(DEPDIR)/$(am__dirstamp)" || rm -f $(top_builddir)/win32/$(DEPDIR)/$(am__dirstamp) + -test -z "$(top_builddir)/win32/$(am__dirstamp)" || rm -f $(top_builddir)/win32/$(am__dirstamp) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -799,14 +723,13 @@ info-am: -install-data-am: install-mylibDATA install-openscincludeHEADERS \ - install-pkgconfigDATA +install-data-am: install-mylibDATA install-dvi: install-dvi-am install-dvi-am: -install-exec-am: install-binSCRIPTS install-libLTLIBRARIES +install-exec-am: install-libLTLIBRARIES install-html: install-html-am @@ -846,9 +769,7 @@ ps-am: -uninstall-am: uninstall-binSCRIPTS uninstall-libLTLIBRARIES \ - uninstall-mylibDATA uninstall-openscincludeHEADERS \ - uninstall-pkgconfigDATA +uninstall-am: uninstall-libLTLIBRARIES uninstall-mylibDATA .MAKE: install-am install-strip @@ -856,19 +777,16 @@ clean-libLTLIBRARIES clean-libtool ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-binSCRIPTS install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am install-info \ - install-info-am install-libLTLIBRARIES install-man \ - install-mylibDATA install-openscincludeHEADERS install-pdf \ - install-pdf-am install-pkgconfigDATA install-ps install-ps-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am \ + install-libLTLIBRARIES install-man install-mylibDATA \ + install-pdf install-pdf-am install-ps install-ps-am \ install-strip installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ pdf pdf-am ps ps-am tags uninstall uninstall-am \ - uninstall-binSCRIPTS uninstall-libLTLIBRARIES \ - uninstall-mylibDATA uninstall-openscincludeHEADERS \ - uninstall-pkgconfigDATA + uninstall-libLTLIBRARIES uninstall-mylibDATA .rc.lo: @@ -876,10 +794,6 @@ .rc.o: $(RCCOMPILE) -i "$<" -o "$@" - -versioninfo.rc: - sed 's/@@FILE_DESCRIPTION@@/OpenSC Core Library/g' \ - "$(top_builddir)/win32/versioninfo.rc.in" > versioninfo.rc @WIN32_TRUE@.libs/@WIN_LIBPREFIX@opensc-@OPENSC_LT_OLDEST@.dll.def: libopensc.la # Tell versions [3.59,3.63) of GNU make to not export all variables. diff -Nru opensc-0.11.13/src/libopensc/Makefile.mak opensc-0.12.1/src/libopensc/Makefile.mak --- opensc-0.11.13/src/libopensc/Makefile.mak 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/Makefile.mak 2011-05-17 17:07:00.000000000 +0000 @@ -1,53 +1,47 @@ TOPDIR = ..\.. - TARGET = opensc.dll opensc_a.lib - -HEADERS = \ - asn1.h cardctl.h cards.h emv.h errors.h \ - log.h opensc.h pkcs15.h types.h ui.h - -HEADERSDIR = $(TOPDIR)\src\include\opensc - OBJECTS = \ - sc.obj ctx.obj ui.obj log.obj errors.obj \ - asn1.obj base64.obj sec.obj card.obj iso7816.obj dir.obj padding.obj apdu.obj \ + sc.obj ctx.obj log.obj errors.obj \ + asn1.obj base64.obj sec.obj card.obj iso7816.obj dir.obj ef-atr.obj padding.obj apdu.obj \ \ pkcs15.obj pkcs15-cert.obj pkcs15-data.obj pkcs15-pin.obj \ pkcs15-prkey.obj pkcs15-pubkey.obj pkcs15-sec.obj \ pkcs15-wrap.obj pkcs15-algo.obj pkcs15-cache.obj pkcs15-syn.obj \ pkcs15-gemsafeV1.obj \ \ - emv.obj muscle.obj muscle-filesystem.obj \ + muscle.obj muscle-filesystem.obj \ \ ctbcs.obj reader-ctapi.obj reader-pcsc.obj reader-openct.obj \ \ card-setcos.obj card-miocos.obj card-flex.obj card-gpk.obj \ - card-cardos.obj card-tcos.obj card-emv.obj card-default.obj \ + card-cardos.obj card-tcos.obj card-default.obj \ card-mcrd.obj card-starcos.obj card-openpgp.obj card-jcop.obj \ card-oberthur.obj card-belpic.obj card-atrust-acos.obj card-entersafe.obj \ card-incrypto34.obj card-piv.obj card-muscle.obj card-acos5.obj \ card-asepcos.obj card-akis.obj card-gemsafeV1.obj card-rutoken.obj \ - card-rtecp.obj card-westcos.obj card-myeid.obj \ + card-rtecp.obj card-westcos.obj card-myeid.obj card-ias.obj \ + card-javacard.obj card-itacns.obj card-authentic.obj \ + card-iasecc.obj iasecc-sdo.obj \ \ - p15emu-westcos.obj \ pkcs15-openpgp.obj pkcs15-infocamere.obj pkcs15-starcert.obj \ pkcs15-tcos.obj pkcs15-esteid.obj pkcs15-postecert.obj pkcs15-gemsafeGPK.obj \ pkcs15-actalis.obj pkcs15-atrust-acos.obj pkcs15-tccardos.obj pkcs15-piv.obj \ - pkcs15-esinit.obj \ + pkcs15-esinit.obj pkcs15-westcos.obj pkcs15-pteid.obj pkcs15-oberthur.obj \ + pkcs15-itacns.obj \ compression.obj p15card-helper.obj \ - versioninfo.res + $(TOPDIR)\win32\versioninfo.res -all: versioninfo.res install-headers $(TARGET) +all: $(TOPDIR)\win32\versioninfo.res $(TARGET) !INCLUDE $(TOPDIR)\win32\Make.rules.mak -opensc.dll: $(OBJECTS) ..\scconf\scconf.lib ..\common\common.lib +opensc.dll: $(OBJECTS) ..\scconf\scconf.lib ..\common\common.lib ..\common\libscdl.lib ..\pkcs15init\pkcs15init.lib echo LIBRARY $* > $*.def echo EXPORTS >> $*.def type lib$*.exports >> $*.def - link $(LINKFLAGS) /dll /def:$*.def /implib:$*.lib /out:opensc.dll $(OBJECTS) ..\scconf\scconf.lib ..\common\common.lib winscard.lib $(OPENSSL_LIB) $(ZLIB_LIB) $(ICONV_LIB) gdi32.lib $(LIBLTDL_LIB) advapi32.lib ws2_32.lib + link $(LINKFLAGS) /dll /def:$*.def /implib:$*.lib /out:opensc.dll $(OBJECTS) ..\scconf\scconf.lib ..\common\common.lib ..\common\libscdl.lib ..\pkcs15init\pkcs15init.lib $(OPENSSL_LIB) $(ZLIB_LIB) gdi32.lib advapi32.lib ws2_32.lib if EXIST opensc.dll.manifest mt -manifest opensc.dll.manifest -outputresource:opensc.dll;2 -opensc_a.lib: $(OBJECTS) ..\scconf\scconf.lib ..\common\common.lib - lib $(LIBFLAGS) /out:opensc_a.lib $(OBJECTS) ..\scconf\scconf.lib ..\common\common.lib winscard.lib user32.lib +opensc_a.lib: $(OBJECTS) ..\scconf\scconf.lib ..\common\common.lib ..\pkcs15init\pkcs15init.lib + lib $(LIBFLAGS) /out:opensc_a.lib $(OBJECTS) ..\scconf\scconf.lib ..\common\common.lib ..\pkcs15init\pkcs15init.lib user32.lib diff -Nru opensc-0.11.13/src/libopensc/muscle.c opensc-0.12.1/src/libopensc/muscle.c --- opensc-0.11.13/src/libopensc/muscle.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/muscle.c 2011-05-17 17:07:00.000000000 +0000 @@ -17,24 +17,20 @@ * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "muscle.h" -#include "internal.h" + +#include "config.h" #include +#include "internal.h" +#include "muscle.h" + #define MSC_RSA_PUBLIC 0x01 #define MSC_RSA_PRIVATE 0x02 #define MSC_RSA_PRIVATE_CRT 0x03 #define MSC_DSA_PUBLIC 0x04 #define MSC_DSA_PRIVATE 0x05 -#ifndef MAX -#define MAX(x, y) (((x) > (y)) ? (x) : (y)) -#endif -#ifndef MIN -#define MIN(x, y) (((x) < (y)) ? (x) : (y)) -#endif - static msc_id inputId = { { 0xFF, 0xFF, 0xFF, 0xFF } }; static msc_id outputId = { { 0xFF, 0xFF, 0xFF, 0xFE } }; @@ -60,7 +56,7 @@ if(apdu.resplen == 0) /* No more left */ return 0; if (apdu.resplen != 14) { - sc_error(card->ctx, "expected 14 bytes, got %d.\n", apdu.resplen); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "expected 14 bytes, got %d.\n", apdu.resplen); return SC_ERROR_UNKNOWN_DATA_RECEIVED; } memcpy(file->objectId.id, fileData, 4); @@ -80,8 +76,8 @@ sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0x56, 0x00, 0x00); - if (card->ctx->debug >= 2) - sc_debug(card->ctx, "READ: Offset: %x\tLength: %i\n", offset, dataLength); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "READ: Offset: %x\tLength: %i\n", offset, dataLength); memcpy(buffer, objectId.id, 4); ulong2bebytes(buffer + 4, offset); buffer[8] = (u8)dataLength; @@ -92,23 +88,21 @@ apdu.resplen = dataLength; apdu.resp = data; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if(apdu.sw1 == 0x90 && apdu.sw2 == 0x00) return dataLength; if(apdu.sw1 == 0x9C) { if(apdu.sw2 == 0x07) { - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_FILE_NOT_FOUND); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_FILE_NOT_FOUND); } else if(apdu.sw2 == 0x06) { - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_NOT_ALLOWED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_NOT_ALLOWED); } else if(apdu.sw2 == 0x0F) { /* GUESSED */ - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); } } - if (card->ctx->debug >= 2) { - sc_debug(card->ctx, "got strange SWs: 0x%02X 0x%02X\n", - apdu.sw1, apdu.sw2); - } + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "got strange SWs: 0x%02X 0x%02X\n", apdu.sw1, apdu.sw2); return dataLength; } @@ -121,7 +115,7 @@ for(i = 0; i < dataLength; i += max_read_unit) { r = msc_partial_read_object(card, objectId, offset + i, data + i, MIN(dataLength - i, max_read_unit)); - SC_TEST_RET(card->ctx, r, "Error in partial object read"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Error in partial object read"); } return dataLength; } @@ -135,16 +129,15 @@ memset(zeroBuffer, 0, max_write_unit); for(i = 0; i < dataLength; i += max_write_unit) { int r = msc_partial_update_object(card, objectId, i, zeroBuffer, MIN(dataLength - i, max_write_unit)); - SC_TEST_RET(card->ctx, r, "Error in zeroing file update"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Error in zeroing file update"); } return 0; } -int msc_create_object(sc_card_t *card, msc_id objectId, size_t objectSize, unsigned short read, unsigned short write, unsigned short deletion) +int msc_create_object(sc_card_t *card, msc_id objectId, size_t objectSize, unsigned short readAcl, unsigned short writeAcl, unsigned short deleteAcl) { u8 buffer[14]; sc_apdu_t apdu; - unsigned short readAcl = read, writeAcl = write, deleteAcl = deletion; int r; sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x5A, 0x00, 0x00); @@ -158,20 +151,20 @@ ushort2bebytes(buffer + 10, writeAcl); ushort2bebytes(buffer + 12, deleteAcl); r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if(apdu.sw1 == 0x90 && apdu.sw2 == 0x00) return objectSize; if(apdu.sw1 == 0x9C) { if(apdu.sw2 == 0x01) { - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_MEMORY_FAILURE); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_MEMORY_FAILURE); } else if(apdu.sw2 == 0x08) { - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_FILE_ALREADY_EXISTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_FILE_ALREADY_EXISTS); } else if(apdu.sw2 == 0x06) { - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_NOT_ALLOWED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_NOT_ALLOWED); } } if (card->ctx->debug >= 2) { - sc_debug(card->ctx, "got strange SWs: 0x%02X 0x%02X\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "got strange SWs: 0x%02X 0x%02X\n", apdu.sw1, apdu.sw2); } msc_zero_object(card, objectId, objectSize); @@ -188,7 +181,7 @@ sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x54, 0x00, 0x00); apdu.lc = dataLength + 9; if (card->ctx->debug >= 2) - sc_debug(card->ctx, "WRITE: Offset: %x\tLength: %i\n", offset, dataLength); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "WRITE: Offset: %x\tLength: %i\n", offset, dataLength); memcpy(buffer, objectId.id, 4); ulong2bebytes(buffer + 4, offset); @@ -197,21 +190,21 @@ apdu.data = buffer; apdu.datalen = apdu.lc; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if(apdu.sw1 == 0x90 && apdu.sw2 == 0x00) return dataLength; if(apdu.sw1 == 0x9C) { if(apdu.sw2 == 0x07) { - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_FILE_NOT_FOUND); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_FILE_NOT_FOUND); } else if(apdu.sw2 == 0x06) { - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_NOT_ALLOWED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_NOT_ALLOWED); } else if(apdu.sw2 == 0x0F) { /* GUESSED */ - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); } } if (card->ctx->debug >= 2) { - sc_debug(card->ctx, "got strange SWs: 0x%02X 0x%02X\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "got strange SWs: 0x%02X 0x%02X\n", apdu.sw1, apdu.sw2); } return dataLength; @@ -224,7 +217,7 @@ size_t max_write_unit = MSC_MAX_SEND - 9; for(i = 0; i < dataLength; i += max_write_unit) { r = msc_partial_update_object(card, objectId, offset + i, data + i, MIN(dataLength - i, max_write_unit)); - SC_TEST_RET(card->ctx, r, "Error in partial object update"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Error in partial object update"); } return dataLength; } @@ -239,18 +232,18 @@ apdu.data = objectId.id; apdu.datalen = 4; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if(apdu.sw1 == 0x90 && apdu.sw2 == 0x00) return 0; if(apdu.sw1 == 0x9C) { if(apdu.sw2 == 0x07) { - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_FILE_NOT_FOUND); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_FILE_NOT_FOUND); } else if(apdu.sw2 == 0x06) { - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_NOT_ALLOWED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_NOT_ALLOWED); } } if (card->ctx->debug >= 2) { - sc_debug(card->ctx, "got strange SWs: 0x%02X 0x%02X\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "got strange SWs: 0x%02X 0x%02X\n", apdu.sw1, apdu.sw2); } return 0; @@ -269,11 +262,11 @@ apdu.le = 0; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if(apdu.sw1 == 0x90 && apdu.sw2 == 0x00) return 1; - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_CARD_CMD_FAILED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_CARD_CMD_FAILED); } /* Truncate the nulls at the end of a PIN, useful in padding is unnecessarily added */ @@ -296,20 +289,20 @@ if(tries) *tries = -1; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if(apdu.sw1 == 0x90 && apdu.sw2 == 0x00) { return 0; } else if(apdu.sw1 == 0x63) { /* Invalid auth */ if(tries) *tries = apdu.sw2 & 0x0F; - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_PIN_CODE_INCORRECT); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_PIN_CODE_INCORRECT); } else if(apdu.sw1 == 0x9C && apdu.sw2 == 0x02) { - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_PIN_CODE_INCORRECT); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_PIN_CODE_INCORRECT); } else if(apdu.sw1 == 0x69 && apdu.sw2 == 0x83) { - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_AUTH_METHOD_BLOCKED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_AUTH_METHOD_BLOCKED); } - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_PIN_CODE_INCORRECT); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_PIN_CODE_INCORRECT); } /* USE ISO_VERIFY due to tries return */ @@ -341,20 +334,20 @@ if(tries) *tries = -1; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if(apdu.sw1 == 0x90 && apdu.sw2 == 0x00) { return 0; } else if(apdu.sw1 == 0x63) { /* Invalid auth */ if(tries) *tries = apdu.sw2 & 0x0F; - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_PIN_CODE_INCORRECT); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_PIN_CODE_INCORRECT); } else if(apdu.sw1 == 0x9C && apdu.sw2 == 0x02) { - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_PIN_CODE_INCORRECT); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_PIN_CODE_INCORRECT); } else if(apdu.sw1 == 0x69 && apdu.sw2 == 0x83) { - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_AUTH_METHOD_BLOCKED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_AUTH_METHOD_BLOCKED); } - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_PIN_CODE_INCORRECT); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_PIN_CODE_INCORRECT); } void msc_unblock_pin_apdu(sc_card_t *card, sc_apdu_t *apdu, u8* buffer, size_t bufferLength, int pinNumber, const u8 *pukValue, int pukLength) @@ -383,20 +376,20 @@ if(tries) *tries = -1; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if(apdu.sw1 == 0x90 && apdu.sw2 == 0x00) { return 0; } else if(apdu.sw1 == 0x63) { /* Invalid auth */ if(tries) *tries = apdu.sw2 & 0x0F; - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_PIN_CODE_INCORRECT); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_PIN_CODE_INCORRECT); } else if(apdu.sw1 == 0x9C && apdu.sw2 == 0x02) { - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_PIN_CODE_INCORRECT); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_PIN_CODE_INCORRECT); } else if(apdu.sw1 == 0x69 && apdu.sw2 == 0x83) { - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_AUTH_METHOD_BLOCKED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_AUTH_METHOD_BLOCKED); } - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_PIN_CODE_INCORRECT); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_PIN_CODE_INCORRECT); } /* USE ISO_VERIFY due to tries return */ @@ -421,7 +414,6 @@ *ptr = newPinLength; ptr++; memcpy(ptr, newPin, newPinLength); - ptr += newPinLength; apdu->lc = pinLength + newPinLength + 2; apdu->datalen = apdu->lc; apdu->data = buffer; @@ -442,7 +434,7 @@ assert(dataLength < MSC_MAX_READ - 9); /* Output buffer doesn't seem to operate as desired.... nobody can read/delete */ buffer = malloc(len); - if(!buffer) SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_OUT_OF_MEMORY); + if(!buffer) SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); ptr = buffer; ushort2bebytes(ptr, dataLength); ptr+=2; @@ -458,7 +450,7 @@ if(location == 1) { u8* outputBuffer = malloc(dataLength + 2); - if(outputBuffer == NULL) SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_OUT_OF_MEMORY); + if(outputBuffer == NULL) SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); apdu.le = dataLength + 2; apdu.resp = outputBuffer; apdu.resplen = dataLength + 2; @@ -469,7 +461,7 @@ free(apdu.resp); } free(buffer); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if(location == 1) { if(apdu.sw1 == 0x90 && apdu.sw2 == 0x00) { return SC_SUCCESS; @@ -477,32 +469,30 @@ r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (r) { if (card->ctx->debug >= 2) { - sc_debug(card->ctx, "got strange SWs: 0x%02X 0x%02X\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "got strange SWs: 0x%02X 0x%02X\n", apdu.sw1, apdu.sw2); } - SC_FUNC_RETURN(card->ctx, 0, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_CARD_CMD_FAILED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_CARD_CMD_FAILED); } } else { if(apdu.sw1 != 0x90 || apdu.sw2 != 0x00) { r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (r) { if (card->ctx->debug >= 2) { - sc_debug(card->ctx, "got strange SWs: 0x%02X 0x%02X\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "got strange SWs: 0x%02X 0x%02X\n", apdu.sw1, apdu.sw2); } - SC_FUNC_RETURN(card->ctx, 0, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_CARD_CMD_FAILED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_CARD_CMD_FAILED); } r = msc_read_object(card, inputId, 2, outputData, dataLength); if(r < 0) - SC_FUNC_RETURN(card->ctx, 0, r); - sc_ctx_suppress_errors_on(card->ctx); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); msc_delete_object(card, inputId,0); - sc_ctx_suppress_errors_off(card->ctx); - SC_FUNC_RETURN(card->ctx, 0, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } } @@ -545,19 +535,19 @@ apdu.lc = 16; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if(apdu.sw1 == 0x90 && apdu.sw2 == 0x00) { return 0; } r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (r) { if (card->ctx->debug >= 2) { - sc_debug(card->ctx, "got strange SWs: 0x%02X 0x%02X\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "got strange SWs: 0x%02X 0x%02X\n", apdu.sw1, apdu.sw2); } - SC_FUNC_RETURN(card->ctx, 0, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_CARD_CMD_FAILED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_CARD_CMD_FAILED); } int msc_extract_key(sc_card_t *card, @@ -572,19 +562,19 @@ apdu.datalen = 1; apdu.lc = 1; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if(apdu.sw1 == 0x90 && apdu.sw2 == 0x00) { return 0; } r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (r) { if (card->ctx->debug >= 2) { - sc_debug(card->ctx, "got strange SWs: 0x%02X 0x%02X\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "got strange SWs: 0x%02X 0x%02X\n", apdu.sw1, apdu.sw2); } - SC_FUNC_RETURN(card->ctx, 0, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_CARD_CMD_FAILED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_CARD_CMD_FAILED); } int msc_extract_rsa_public_key(sc_card_t *card, @@ -601,36 +591,36 @@ assert(modLength && expLength && modulus && exponent); r = msc_extract_key(card, keyLocation); - if(r < 0) SC_FUNC_RETURN(card->ctx, 0, r); + if(r < 0) SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); /* Read keyType, keySize, and what should be the modulus size */ r = msc_read_object(card, inputId, fileLocation, buffer, 5); fileLocation += 5; - if(r < 0) SC_FUNC_RETURN(card->ctx, 0, r); + if(r < 0) SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); - if(buffer[0] != MSC_RSA_PUBLIC) SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_UNKNOWN_DATA_RECEIVED); + if(buffer[0] != MSC_RSA_PUBLIC) SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED); *modLength = (buffer[3] << 8) | buffer[4]; /* Read the modulus and the exponent length */ assert(*modLength + 2 < buffer_size); r = msc_read_object(card, inputId, fileLocation, buffer, *modLength + 2); fileLocation += *modLength + 2; - if(r < 0) SC_FUNC_RETURN(card->ctx, 0, r); + if(r < 0) SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); *modulus = malloc(*modLength); - if(!*modulus) SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_OUT_OF_MEMORY); + if(!*modulus) SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); memcpy(*modulus, buffer, *modLength); *expLength = (buffer[*modLength] << 8) | buffer[*modLength + 1]; assert(*expLength < buffer_size); r = msc_read_object(card, inputId, fileLocation, buffer, *expLength); if(r < 0) { free(*modulus); *modulus = NULL; - SC_FUNC_RETURN(card->ctx, 0, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } *exponent = malloc(*expLength); if(!*exponent) { free(*modulus); - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_OUT_OF_MEMORY); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); } memcpy(*exponent, buffer, *expLength); return 0; @@ -673,7 +663,7 @@ memcpy(ptr, initData, dataLength); r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if(apdu.sw1 == 0x90 && apdu.sw2 == 0x00) { short receivedData = outputBuffer[0] << 8 | outputBuffer[1]; *outputDataLength = receivedData; @@ -685,12 +675,12 @@ r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (r) { if (card->ctx->debug >= 2) { - sc_debug(card->ctx, "init: got strange SWs: 0x%02X 0x%02X\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "init: got strange SWs: 0x%02X 0x%02X\n", apdu.sw1, apdu.sw2); } - SC_FUNC_RETURN(card->ctx, 0, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_CARD_CMD_FAILED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_CARD_CMD_FAILED); } #if 0 @@ -729,7 +719,7 @@ memcpy(ptr, inputData, dataLength); r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if(apdu.sw1 == 0x90 && apdu.sw2 == 0x00) { short receivedData = outputBuffer[0] << 8 | outputBuffer[1]; *outputDataLength = receivedData; @@ -741,12 +731,12 @@ r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (r) { if (card->ctx->debug >= 2) { - sc_debug(card->ctx, "process: got strange SWs: 0x%02X 0x%02X\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "process: got strange SWs: 0x%02X 0x%02X\n", apdu.sw1, apdu.sw2); } - SC_FUNC_RETURN(card->ctx, 0, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_CARD_CMD_FAILED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_CARD_CMD_FAILED); } #endif @@ -781,7 +771,7 @@ memcpy(ptr, inputData, dataLength); r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if(apdu.sw1 == 0x90 && apdu.sw2 == 0x00) { short receivedData = outputBuffer[0] << 8 | outputBuffer[1]; *outputDataLength = receivedData; @@ -792,12 +782,12 @@ r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (r) { if (card->ctx->debug >= 2) { - sc_debug(card->ctx, "final: got strange SWs: 0x%02X 0x%02X\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "final: got strange SWs: 0x%02X 0x%02X\n", apdu.sw1, apdu.sw2); } - SC_FUNC_RETURN(card->ctx, 0, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_CARD_CMD_FAILED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_CARD_CMD_FAILED); } /* Stream data to the card through file IO */ @@ -829,29 +819,25 @@ ptr++; memcpy(ptr, inputData, dataLength); - sc_ctx_suppress_errors_on(card->ctx); r = msc_create_object(card, outputId, dataLength + 2, 0x02, 0x02, 0x02); if(r < 0) { if(r == SC_ERROR_FILE_ALREADY_EXISTS) { r = msc_delete_object(card, outputId, 0); if(r < 0) { - sc_ctx_suppress_errors_off(card->ctx); - SC_FUNC_RETURN(card->ctx, 2, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); } r = msc_create_object(card, outputId, dataLength + 2, 0x02, 0x02, 0x02); if(r < 0) { - sc_ctx_suppress_errors_off(card->ctx); - SC_FUNC_RETURN(card->ctx, 2, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); } } } - sc_ctx_suppress_errors_off(card->ctx); r = msc_update_object(card, outputId, 0, buffer + 1, dataLength + 2); if(r < 0) return r; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if(apdu.sw1 == 0x90 && apdu.sw2 == 0x00) { r = msc_read_object(card, inputId, 2, outputData, dataLength); *outputDataLength = dataLength; @@ -862,18 +848,16 @@ r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (r) { if (card->ctx->debug >= 2) { - sc_debug(card->ctx, "final: got strange SWs: 0x%02X 0x%02X\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "final: got strange SWs: 0x%02X 0x%02X\n", apdu.sw1, apdu.sw2); } } else { r = SC_ERROR_CARD_CMD_FAILED; } - /* no error checks.. this is last ditch cleanup */ - sc_ctx_suppress_errors_on(card->ctx); + /* this is last ditch cleanup */ msc_delete_object(card, outputId, 0); - sc_ctx_suppress_errors_off(card->ctx); - SC_FUNC_RETURN(card->ctx, 0, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } int msc_compute_crypt(sc_card_t *card, @@ -904,7 +888,7 @@ outPtr, toSend, &received); - if(r < 0) SC_FUNC_RETURN(card->ctx, 0, r); + if(r < 0) SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); left -= toSend; inPtr += toSend; outPtr += received; @@ -919,7 +903,7 @@ outPtr, toSend, &received); - if(r < 0) SC_FUNC_RETURN(card->ctx, 0, r); + if(r < 0) SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } else { /* Data is too big: use objects */ r = msc_compute_crypt_final_object(card, keyLocation, @@ -927,10 +911,8 @@ outPtr, toSend, &received); - if(r < 0) SC_FUNC_RETURN(card->ctx, 0, r); + if(r < 0) SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } - left -= toSend; - inPtr += toSend; outPtr += received; return outPtr - outputData; /* Amt received */ @@ -945,8 +927,8 @@ int keyLocation, sc_cardctl_muscle_key_info_t *data) { - unsigned short read = 0xFFFF, - write = 0x0002, + unsigned short readAcl = 0xFFFF, + writeAcl = 0x0002, use = 0x0002, keySize = data->keySize; int bufferSize = 0; @@ -959,16 +941,16 @@ if(data->keyType == 0x02) { if( (data->pLength == 0 || !data->pValue) || (data->modLength == 0 || !data->modValue)) - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); } else if(data->keyType == 0x03) { if( (data->pLength == 0 || !data->pValue) || (data->qLength == 0 || !data->qValue) || (data->pqLength == 0 || !data->pqValue) || (data->dp1Length == 0 || !data->dp1Value) || (data->dq1Length == 0 || !data->dq1Value)) - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); } else { - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); } if(data->keyType == 0x02) { @@ -979,7 +961,7 @@ + data->dp1Length + data->dq1Length; } buffer = malloc(bufferSize); - if(!buffer) SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_OUT_OF_MEMORY); + if(!buffer) SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); p = buffer; *p = 0x00; p++; /* Encoding plain */ *p = data->keyType; p++; /* RSA_PRIVATE */ @@ -996,25 +978,21 @@ CPYVAL(dq1); } - sc_ctx_suppress_errors_on(card->ctx); r = msc_create_object(card, outputId, bufferSize, 0x02, 0x02, 0x02); if(r < 0) { if(r == SC_ERROR_FILE_ALREADY_EXISTS) { r = msc_delete_object(card, outputId, 0); if(r < 0) { - sc_ctx_suppress_errors_off(card->ctx); free(buffer); - SC_FUNC_RETURN(card->ctx, 2, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); } r = msc_create_object(card, outputId, bufferSize, 0x02, 0x02, 0x02); if(r < 0) { - sc_ctx_suppress_errors_off(card->ctx); free(buffer); - SC_FUNC_RETURN(card->ctx, 2, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); } } } - sc_ctx_suppress_errors_off(card->ctx); r = msc_update_object(card, outputId, 0, buffer, bufferSize); free(buffer); @@ -1026,11 +1004,11 @@ apdu.data = apduBuffer; apdu.datalen = 6; p = apduBuffer; - ushort2bebytes(p, read); p+=2; - ushort2bebytes(p, write); p+=2; - ushort2bebytes(p, use); p+=2; + ushort2bebytes(p, readAcl); p+=2; + ushort2bebytes(p, writeAcl); p+=2; + ushort2bebytes(p, use); r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if(apdu.sw1 == 0x90 && apdu.sw2 == 0x00) { msc_delete_object(card, outputId, 0); return 0; @@ -1038,36 +1016,16 @@ r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (r) { if (card->ctx->debug >= 2) { - sc_debug(card->ctx, "keyimport: got strange SWs: 0x%02X 0x%02X\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "keyimport: got strange SWs: 0x%02X 0x%02X\n", apdu.sw1, apdu.sw2); } - /* no error checks.. this is last ditch cleanup */ - sc_ctx_suppress_errors_on(card->ctx); + /* this is last ditch cleanup */ msc_delete_object(card, outputId, 0); - sc_ctx_suppress_errors_off(card->ctx); - SC_FUNC_RETURN(card->ctx, 0, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } - /* no error checks.. this is last ditch cleanup */ - sc_ctx_suppress_errors_on(card->ctx); + /* this is last ditch cleanup */ msc_delete_object(card, outputId, 0); - sc_ctx_suppress_errors_off(card->ctx); - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_CARD_CMD_FAILED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_CARD_CMD_FAILED); } #undef CPYVAL - -/* For future implementation of check_sw */ -/* -switch(apdu.sw1) { - case 0x9C: - switch(apdu.sw2) { - case 0x03: // Operation not allowed - case 0x05: // Unsupported - case 0x06: // Unauthorized - case 0x11: // Bad private key num - case 0x12: // Bad public key num - case 0x0E: - case 0x0F: // Invalid parameters... - } -} -*/ diff -Nru opensc-0.11.13/src/libopensc/muscle-filesystem.c opensc-0.12.1/src/libopensc/muscle-filesystem.c --- opensc-0.11.13/src/libopensc/muscle-filesystem.c 2009-12-13 07:44:43.000000000 +0000 +++ opensc-0.12.1/src/libopensc/muscle-filesystem.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,12 +18,15 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "muscle-filesystem.h" -#include +#include "config.h" + #include #include #include +#include "libopensc/muscle-filesystem.h" +#include "libopensc/errors.h" + #define MSCFS_NO_MEMORY SC_ERROR_OUT_OF_MEMORY #define MSCFS_INVALID_ARGS SC_ERROR_INVALID_ARGUMENTS #define MSCFS_FILE_NOT_FOUND SC_ERROR_FILE_NOT_FOUND @@ -38,7 +41,7 @@ }; mscfs_t *mscfs_new(void) { - mscfs_t *fs = (mscfs_t*)malloc(sizeof(mscfs_t)); + mscfs_t *fs = malloc(sizeof(mscfs_t)); memset(fs, 0, sizeof(mscfs_t)); memcpy(fs->currentPath, "\x3F\x00", 2); return fs; diff -Nru opensc-0.11.13/src/libopensc/muscle-filesystem.h opensc-0.12.1/src/libopensc/muscle-filesystem.h --- opensc-0.11.13/src/libopensc/muscle-filesystem.h 2009-12-13 09:14:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/muscle-filesystem.h 2011-05-17 17:07:00.000000000 +0000 @@ -23,7 +23,7 @@ #include -#include +#include "libopensc/types.h" typedef struct msc_id { u8 id[4]; diff -Nru opensc-0.11.13/src/libopensc/muscle.h opensc-0.12.1/src/libopensc/muscle.h --- opensc-0.11.13/src/libopensc/muscle.h 2009-12-13 09:14:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/muscle.h 2011-05-17 17:07:00.000000000 +0000 @@ -22,19 +22,18 @@ #include -#include -#include -#include - -#include "muscle-filesystem.h" +#include "libopensc/types.h" +#include "libopensc/opensc.h" +#include "libopensc/cardctl.h" +#include "libopensc/muscle-filesystem.h" #define MSC_MAX_APDU 512 /* Max APDU send/recv, used for stack allocation */ #define MSC_MAX_PIN_LENGTH 8 #define MSC_MAX_PIN_COMMAND_LENGTH ((1 + MSC_MAX_PIN_LENGTH) * 2) /* Currently max size handled by muscle driver is 255 ... */ -#define MSC_MAX_READ (MIN(card->reader->driver->max_recv_size,255)) -#define MSC_MAX_SEND (MIN(card->reader->driver->max_send_size,255)) +#define MSC_MAX_READ (card->max_recv_size > 0 ? card->max_recv_size : 255) +#define MSC_MAX_SEND (card->max_send_size > 0 ? card->max_send_size : 255) int msc_list_objects(sc_card_t* card, u8 next, mscfs_file_t* file); int msc_partial_read_object(sc_card_t *card, msc_id objectId, int offset, u8 *data, size_t dataLength); diff -Nru opensc-0.11.13/src/libopensc/opensc-config.in opensc-0.12.1/src/libopensc/opensc-config.in --- opensc-0.11.13/src/libopensc/opensc-config.in 2009-12-13 09:14:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/opensc-config.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,103 +0,0 @@ -#!/bin/sh -# Copyright (C) 1999 Free Software Foundation, Inc. -# -# This file is free software; as a special exception the author gives -# unlimited permission to copy and/or distribute it, with or without -# modifications, as long as this notice is preserved. -# -# This file is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the -# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - -version="@VERSION@" - -prefix="@prefix@" -exec_prefix="@exec_prefix@" -exec_prefix_set=no - -libdir="@libdir@" -includedir="@includedir@" -opensc_cflags="" -opensc_libs="-L${libdir} -lopensc -lscconf" - -usage() -{ - cat <&2 -fi - -while test $# -gt 0; do - case "$1" in - -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; - *) optarg= ;; - esac - - case $1 in - --prefix=*) - prefix=$optarg - if test $exec_prefix_set = no ; then - exec_prefix=$optarg - fi - ;; - --prefix) - echo_prefix=yes - ;; - --exec-prefix=*) - exec_prefix=$optarg - exec_prefix_set=yes - ;; - --exec-prefix) - echo_exec_prefix=yes - ;; - --version) - echo "${version}" - exit 0 - ;; - --cflags) - echo_cflags=yes - ;; - --libs) - echo_libs=yes - ;; - *) - usage 1 1>&2 - ;; - esac - shift -done - -if test "$echo_prefix" = "yes"; then - echo $prefix -fi - -if test "$echo_exec_prefix" = "yes"; then - echo $exec_prefix -fi - -if test "$echo_cflags" = "yes"; then - if test "${includedir}" != "/usr/include" ; then - includes="-I${includedir}" - for i in ${opensc_cflags} ; do - if test "$i" = "-I${includedir}" ; then - includes="" - fi - done - fi - echo $includes $opensc_cflags -fi - -if test "$echo_libs" = "yes"; then - echo ${opensc_libs} -fi diff -Nru opensc-0.11.13/src/libopensc/opensc.h opensc-0.12.1/src/libopensc/opensc.h --- opensc-0.11.13/src/libopensc/opensc.h 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/opensc.h 2011-05-17 17:07:00.000000000 +0000 @@ -36,100 +36,10 @@ extern "C" { #endif -#include -#include -#include - -/* Different APDU cases */ -#define SC_APDU_CASE_NONE 0x00 -#define SC_APDU_CASE_1 0x01 -#define SC_APDU_CASE_2_SHORT 0x02 -#define SC_APDU_CASE_3_SHORT 0x03 -#define SC_APDU_CASE_4_SHORT 0x04 -#define SC_APDU_SHORT_MASK 0x0f -#define SC_APDU_EXT 0x10 -#define SC_APDU_CASE_2_EXT SC_APDU_CASE_2_SHORT | SC_APDU_EXT -#define SC_APDU_CASE_3_EXT SC_APDU_CASE_3_SHORT | SC_APDU_EXT -#define SC_APDU_CASE_4_EXT SC_APDU_CASE_4_SHORT | SC_APDU_EXT -/* the following types let OpenSC decides whether to use - * short or extended APDUs */ -#define SC_APDU_CASE_2 0x22 -#define SC_APDU_CASE_3 0x23 -#define SC_APDU_CASE_4 0x24 - -/* File types */ -#define SC_FILE_TYPE_DF 0x04 -#define SC_FILE_TYPE_INTERNAL_EF 0x03 -#define SC_FILE_TYPE_WORKING_EF 0x01 - -/* EF structures */ -#define SC_FILE_EF_UNKNOWN 0x00 -#define SC_FILE_EF_TRANSPARENT 0x01 -#define SC_FILE_EF_LINEAR_FIXED 0x02 -#define SC_FILE_EF_LINEAR_FIXED_TLV 0x03 -#define SC_FILE_EF_LINEAR_VARIABLE 0x04 -#define SC_FILE_EF_LINEAR_VARIABLE_TLV 0x05 -#define SC_FILE_EF_CYCLIC 0x06 -#define SC_FILE_EF_CYCLIC_TLV 0x07 - -/* File status flags */ -#define SC_FILE_STATUS_ACTIVATED 0x00 -#define SC_FILE_STATUS_INVALIDATED 0x01 -#define SC_FILE_STATUS_CREATION 0x02 /* Full access in this state, - (at least for SetCOS 4.4 */ - -/* Access Control flags */ -#define SC_AC_NONE 0x00000000 -#define SC_AC_CHV 0x00000001 /* Card Holder Verif. */ -#define SC_AC_TERM 0x00000002 /* Terminal auth. */ -#define SC_AC_PRO 0x00000004 /* Secure Messaging */ -#define SC_AC_AUT 0x00000008 /* Key auth. */ - -#define SC_AC_SYMBOLIC 0x00000010 /* internal use only */ -#define SC_AC_UNKNOWN 0xFFFFFFFE -#define SC_AC_NEVER 0xFFFFFFFF - -/* Operations relating to access control (in case of DF) */ -#define SC_AC_OP_SELECT 0 -#define SC_AC_OP_LOCK 1 -#define SC_AC_OP_DELETE 2 -#define SC_AC_OP_CREATE 3 -#define SC_AC_OP_REHABILITATE 4 -#define SC_AC_OP_INVALIDATE 5 -#define SC_AC_OP_LIST_FILES 6 -#define SC_AC_OP_CRYPTO 7 -#define SC_AC_OP_DELETE_SELF 8 -/* If you add more OPs here, make sure you increase - * SC_MAX_AC_OPS in types.h */ - -/* Operations relating to access control (in case of EF) */ -#define SC_AC_OP_READ 0 -#define SC_AC_OP_UPDATE 1 -/* the use of SC_AC_OP_ERASE is deprecated, SC_AC_OP_DELETE should be used - * instead */ -#define SC_AC_OP_ERASE SC_AC_OP_DELETE -#define SC_AC_OP_WRITE 3 -/* rehab and invalidate are the same as in DF case */ - -/* various maximum values */ -#define SC_MAX_READER_DRIVERS 6 -#define SC_MAX_READERS 16 -#define SC_MAX_CARD_DRIVERS 32 -#define SC_MAX_CARD_DRIVER_SNAME_SIZE 16 -#define SC_MAX_SLOTS 4 -#define SC_MAX_CARD_APPS 8 -#define SC_MAX_APDU_BUFFER_SIZE 258 -#define SC_MAX_EXT_APDU_BUFFER_SIZE 65538 -#define SC_MAX_PIN_SIZE 256 /* OpenPGP card has 254 max */ -#define SC_MAX_ATR_SIZE 33 -#define SC_MAX_AID_SIZE 16 - -/* default max_send_size/max_recv_size */ -/* GPK rounds down to a multiple of 4, other driver have their own limits */ -#define SC_DEFAULT_MAX_SEND_SIZE 255 -#define SC_DEFAULT_MAX_RECV_SIZE 256 - -#define SC_AC_KEY_REF_NONE 0xFFFFFFFF +#include "common/simclist.h" +#include "scconf/scconf.h" +#include "libopensc/errors.h" +#include "libopensc/types.h" #define SC_SEC_OPERATION_DECIPHER 0x0001 #define SC_SEC_OPERATION_SIGN 0x0002 @@ -166,8 +76,9 @@ #define SC_ALGORITHM_PBES2 256 #define SC_ALGORITHM_ONBOARD_KEY_GEN 0x80000000 +/* need usage = either sign or decrypt. keys with both? decrypt, emulate sign */ #define SC_ALGORITHM_NEED_USAGE 0x40000000 -#define SC_ALGORITHM_SPECIFIC_FLAGS 0x0000FFFF +#define SC_ALGORITHM_SPECIFIC_FLAGS 0x0001FFFF #define SC_ALGORITHM_RSA_RAW 0x00000001 /* If the card is willing to produce a cryptogram padded with the following @@ -195,10 +106,52 @@ #define SC_ALGORITHM_GOSTR3410_HASH_NONE 0x00004000 #define SC_ALGORITHM_GOSTR3410_HASH_GOSTR3411 0x00008000 #define SC_ALGORITHM_GOSTR3410_HASHES 0x00008000 +/*TODO: -DEE Should the above be 0x0000E000 */ +/* Or should the HASH_NONE be 0x00000010 and HASHES be 0x00008010 */ + +/* May need more bits if card can do more hashes */ +/* TODO: -DEE Will overload RSA_HASHES with EC_HASHES */ +/* Not clear if these need their own bits or not */ +/* The PIV card does not support and hashes */ +#define SC_ALGORITHM_ECDSA_RAW 0x00010000 +#define SC_ALGORITHM_ECDSA_HASH_NONE SC_ALGORITHM_RSA_HASH_NONE +#define SC_ALGORITHM_ECDSA_HASH_SHA1 SC_ALGORITHM_RSA_HASH_SHA1 +#define SC_ALGORITHM_ECDSA_HASH_SHA224 SC_ALGORITHM_RSA_HASH_SHA224 +#define SC_ALGORITHM_ECDSA_HASH_SHA256 SC_ALGORITHM_RSA_HASH_SHA256 +#define SC_ALGORITHM_ECDSA_HASH_SHA384 SC_ALGORITHM_RSA_HASH_SHA384 +#define SC_ALGORITHM_ECDSA_HASH_SHA512 SC_ALGORITHM_RSA_HASH_SHA512 +#define SC_ALGORITHM_ECDSA_HASHES (SC_ALGORITHM_ECDSA_HASH_SHA1 | \ + SC_ALGORITHM_ECDSA_HASH_SHA224 | \ + SC_ALGORITHM_ECDSA_HASH_SHA256 | \ + SC_ALGORITHM_ECDSA_HASH_SHA384 | \ + SC_ALGORITHM_ECDSA_HASH_SHA512) + +/* define mask of all algorithms that can do raw */ +#define SC_ALGORITHM_RAW_MASK (SC_ALGORITHM_RSA_RAW | SC_ALGORITHM_GOSTR3410_RAW | SC_ALGORITHM_ECDSA_RAW) + +/* extened algorithm bits for selected mechs */ +#define SC_ALGORITHM_EXT_EC_F_P 0x00000001 +#define SC_ALGORITHM_EXT_EC_F_2M 0x00000002 +#define SC_ALGORITHM_EXT_EC_ECPARAMETERS 0x00000004 +#define SC_ALGORITHM_EXT_EC_NAMEDCURVE 0x00000008 +#define SC_ALGORITHM_EXT_EC_UNCOMPRESES 0x00000010 +#define SC_ALGORITHM_EXT_EC_COMPRESS 0x00000020 /* Event masks for sc_wait_for_event() */ #define SC_EVENT_CARD_INSERTED 0x0001 #define SC_EVENT_CARD_REMOVED 0x0002 +#define SC_EVENT_CARD_EVENTS SC_EVENT_CARD_INSERTED|SC_EVENT_CARD_REMOVED +#define SC_EVENT_READER_ATTACHED 0x0004 +#define SC_EVENT_READER_DETACHED 0x0008 +#define SC_EVENT_READER_EVENTS SC_EVENT_READER_ATTACHED|SC_EVENT_READER_DETACHED + +struct sc_supported_algo_info { + unsigned int reference; + unsigned int mechanism; + unsigned int operations; + struct sc_object_id algo_id; + unsigned int algo_ref; +}; typedef struct sc_security_env { unsigned long flags; @@ -209,6 +162,8 @@ struct sc_path file_ref; u8 key_ref[8]; size_t key_ref_len; + + struct sc_supported_algo_info supported_algos[SC_MAX_SUPPORTED_ALGORITHMS]; } sc_security_env_t; struct sc_algorithm_id { @@ -230,6 +185,12 @@ struct sc_algorithm_id key_encr_alg; }; +struct sc_ec_params { + int type; + u8 * der; + size_t der_len; +}; + typedef struct sc_algorithm_info { unsigned int algorithm; unsigned int key_length; @@ -239,23 +200,49 @@ struct sc_rsa_info { unsigned long exponent; } _rsa; + struct sc_ec_info { + unsigned ext_flags; + } _ec; } u; } sc_algorithm_info_t; typedef struct sc_app_info { - u8 aid[SC_MAX_AID_SIZE]; - size_t aid_len; char *label; + + struct sc_aid aid; + struct sc_ddo ddo; + struct sc_path path; - u8 *ddo; - size_t ddo_len; - const char *desc; /* App description, if known */ int rec_nr; /* -1, if EF(DIR) is transparent */ } sc_app_info_t; +struct sc_ef_atr { + unsigned char card_service; + unsigned char df_selection; + size_t unit_size; + unsigned char card_capabilities; + + struct sc_aid aid; + + unsigned char pre_issuing[6]; + size_t pre_issuing_len; + + unsigned char issuer_data[16]; + size_t issuer_data_len; + + struct sc_object_id allocation_oid; + + unsigned status; +}; + struct sc_card_cache { struct sc_path current_path; + + struct sc_file *current_ef; + struct sc_file *current_df; + + int valid; }; #define SC_PROTO_T0 0x00000001 @@ -268,48 +255,39 @@ const char *short_name; struct sc_reader_operations *ops; - size_t max_send_size, max_recv_size; + size_t max_send_size; /* Max Lc supported by the reader layer */ + size_t max_recv_size; /* Mac Le supported by the reader layer */ void *dll; }; -/* slot flags */ -#define SC_SLOT_CARD_PRESENT 0x00000001 -#define SC_SLOT_CARD_CHANGED 0x00000002 -/* slot capabilities */ -#define SC_SLOT_CAP_DISPLAY 0x00000001 -#define SC_SLOT_CAP_PIN_PAD 0x00000002 +/* reader flags */ +#define SC_READER_CARD_PRESENT 0x00000001 +#define SC_READER_CARD_CHANGED 0x00000002 +#define SC_READER_CARD_INUSE 0x00000004 +#define SC_READER_CARD_EXCLUSIVE 0x00000008 +#define SC_READER_HAS_WAITING_AREA 0x00000010 + +/* reader capabilities */ +#define SC_READER_CAP_DISPLAY 0x00000001 +#define SC_READER_CAP_PIN_PAD 0x00000002 -typedef struct sc_slot_info { - int id; +typedef struct sc_reader { + struct sc_context *ctx; + const struct sc_reader_driver *driver; + const struct sc_reader_operations *ops; + void *drv_data; + char *name; + unsigned long flags, capabilities; unsigned int supported_protocols, active_protocol; - u8 atr[SC_MAX_ATR_SIZE]; - size_t atr_len; + struct sc_atr atr; struct _atr_info { u8 *hist_bytes; size_t hist_bytes_len; int Fi, f, Di, N; u8 FI, DI; } atr_info; - - void *drv_data; -} sc_slot_info_t; - -struct sc_event_listener { - unsigned int event_mask; - void (*func)(void *, const struct sc_slot_info *, unsigned int event); -}; - -typedef struct sc_reader { - struct sc_context *ctx; - const struct sc_reader_driver *driver; - const struct sc_reader_operations *ops; - void *drv_data; - char *name; - - struct sc_slot_info slot[SC_MAX_SLOTS]; - int slot_count; } sc_reader_t; /* This will be the new interface for handling PIN commands. @@ -319,9 +297,11 @@ #define SC_PIN_CMD_VERIFY 0 #define SC_PIN_CMD_CHANGE 1 #define SC_PIN_CMD_UNBLOCK 2 +#define SC_PIN_CMD_GET_INFO 3 -#define SC_PIN_CMD_USE_PINPAD 0x0001 -#define SC_PIN_CMD_NEED_PADDING 0x0002 +#define SC_PIN_CMD_USE_PINPAD 0x0001 +#define SC_PIN_CMD_NEED_PADDING 0x0002 +#define SC_PIN_CMD_IMPLICIT_CHANGE 0x0004 #define SC_PIN_ENCODING_ASCII 0 #define SC_PIN_ENCODING_BCD 1 @@ -338,8 +318,13 @@ unsigned int encoding; /* ASCII-numeric, BCD, etc */ size_t pad_length; /* filled in by the card driver */ u8 pad_char; - size_t offset; /* PIN offset in the APDU */ + size_t offset; /* PIN offset in the APDU */ size_t length_offset; /* Effective PIN length offset in the APDU */ + + int max_tries; /* Used for signaling back from SC_PIN_CMD_GET_INFO */ + int tries_left; /* Used for signaling back from SC_PIN_CMD_GET_INFO */ + + struct sc_acl_entry acls[SC_MAX_SDO_ACLS]; }; struct sc_pin_cmd_data { @@ -354,60 +339,40 @@ struct sc_apdu *apdu; /* APDU of the PIN command */ }; -/* structure for the card serial number (normally the ICCSN) */ -#define SC_MAX_SERIALNR 32 - -typedef struct sc_serial_number { - u8 value[SC_MAX_SERIALNR]; - size_t len; -} sc_serial_number_t; - -/* these flags are deprecated and shouldn't be used anymore */ -#define SC_DISCONNECT 0 -#define SC_DISCONNECT_AND_RESET 1 -#define SC_DISCONNECT_AND_UNPOWER 2 -#define SC_DISCONNECT_AND_EJECT 3 - struct sc_reader_operations { /* Called during sc_establish_context(), when the driver * is loaded */ - int (*init)(struct sc_context *ctx, void **priv_data); + int (*init)(struct sc_context *ctx); /* Called when the driver is being unloaded. finish() has to - * deallocate the private data and any resources. */ - int (*finish)(struct sc_context *ctx, void *priv_data); + * release any resources. */ + int (*finish)(struct sc_context *ctx); /* Called when library wish to detect new readers * should add only new readers. */ - int (*detect_readers)(struct sc_context *ctx, void *priv_data); + int (*detect_readers)(struct sc_context *ctx); + int (*cancel)(struct sc_context *ctx); /* Called when releasing a reader. release() has to * deallocate the private data. Other fields will be * freed by OpenSC. */ int (*release)(struct sc_reader *reader); - int (*detect_card_presence)(struct sc_reader *reader, - struct sc_slot_info *slot); - int (*connect)(struct sc_reader *reader, struct sc_slot_info *slot); - int (*disconnect)(struct sc_reader *reader, struct sc_slot_info *slot); - int (*transmit)(struct sc_reader *reader, struct sc_slot_info *slot, - sc_apdu_t *apdu); - int (*lock)(struct sc_reader *reader, struct sc_slot_info *slot); - int (*unlock)(struct sc_reader *reader, struct sc_slot_info *slot); - int (*set_protocol)(struct sc_reader *reader, struct sc_slot_info *slot, - unsigned int proto); + int (*detect_card_presence)(struct sc_reader *reader); + int (*connect)(struct sc_reader *reader); + int (*disconnect)(struct sc_reader *reader); + int (*transmit)(struct sc_reader *reader, sc_apdu_t *apdu); + int (*lock)(struct sc_reader *reader); + int (*unlock)(struct sc_reader *reader); + int (*set_protocol)(struct sc_reader *reader, unsigned int proto); /* Pin pad functions */ - int (*display_message)(struct sc_reader *, struct sc_slot_info *, - const char *); - int (*perform_verify)(struct sc_reader *, struct sc_slot_info *, - struct sc_pin_cmd_data *); + int (*display_message)(struct sc_reader *, const char *); + int (*perform_verify)(struct sc_reader *, struct sc_pin_cmd_data *); /* Wait for an event */ - int (*wait_for_event)(struct sc_reader **readers, - struct sc_slot_info **slots, - size_t nslots, - unsigned int event_mask, - int *reader_index, - unsigned int *event, - int timeout); - int (*reset)(struct sc_reader *, struct sc_slot_info *); + int (*wait_for_event)(struct sc_context *ctx, unsigned int event_mask, sc_reader_t **event_reader, unsigned int *event, + int timeout, void **reader_states); + /* Reset a reader */ + int (*reset)(struct sc_reader *, int); + /* Used to pass in PC/SC handles to minidriver */ + int (*use_reader)(struct sc_context *ctx, void *pcsc_context_handle, void *pcsc_card_handle); }; /* @@ -425,8 +390,6 @@ /* Mask for card vendor specific values */ #define SC_CARD_FLAG_VENDOR_MASK 0xFFFF0000 -/* Hint SC_ALGORITHM_ONBOARD_KEY_GEN */ -#define SC_CARD_FLAG_ONBOARD_KEY_GEN 0x00000001 /* Hint SC_CARD_CAP_RNG */ #define SC_CARD_FLAG_RNG 0x00000002 @@ -440,10 +403,6 @@ * is made. */ #define SC_CARD_CAP_APDU_EXT 0x00000001 -/* Card can handle operations specified in the - * EMV 4.0 standard. */ -#define SC_CARD_CAP_EMV 0x00000002 - /* Card has on-board random number source. */ #define SC_CARD_CAP_RNG 0x00000004 @@ -454,31 +413,29 @@ * instead of relying on the ACL info in the profile files. */ #define SC_CARD_CAP_USE_FCI_AC 0x00000010 -/* The card supports 2048 bit RSA keys */ -#define SC_CARD_CAP_RSA_2048 0x00000020 - /* D-TRUST CardOS cards special flags */ -#define SC_CARD_CAP_ONLY_RAW_HASH 0x00000040 -#define SC_CARD_CAP_ONLY_RAW_HASH_STRIPPED 0x00000080 +#define SC_CARD_CAP_ONLY_RAW_HASH 0x00000040 +#define SC_CARD_CAP_ONLY_RAW_HASH_STRIPPED 0x00000080 typedef struct sc_card { struct sc_context *ctx; struct sc_reader *reader; - struct sc_slot_info *slot; + + struct sc_atr atr; int type; /* Card type, for card driver internal use */ unsigned long caps, flags; - unsigned int wait_resend_apdu; /* Delay (msec) before responding to an SW12 = 6CXX */ + unsigned int wait_resend_apdu; /* Delay (msec) before responding to an SW = 6CXX */ int cla; - u8 atr[SC_MAX_ATR_SIZE]; - size_t atr_len; - size_t max_send_size; - size_t max_recv_size; + size_t max_send_size; /* Max Lc supported by the card */ + size_t max_recv_size; /* Max Le supported by the card */ struct sc_app_info *app[SC_MAX_CARD_APPS]; int app_count; struct sc_file *ef_dir; + struct sc_ef_atr *ef_atr; + struct sc_algorithm_info *algorithms; int algorithm_count; @@ -491,7 +448,6 @@ int max_pin_len; struct sc_card_cache cache; - int cache_valid; sc_serial_number_t serialnr; @@ -518,9 +474,9 @@ /* ISO 7816-4 functions */ int (*read_binary)(struct sc_card *card, unsigned int idx, - u8 * buf, size_t count, unsigned long flags); + u8 * buf, size_t count, unsigned long flags); int (*write_binary)(struct sc_card *card, unsigned int idx, - const u8 * buf, size_t count, unsigned long flags); + const u8 * buf, size_t count, unsigned long flags); int (*update_binary)(struct sc_card *card, unsigned int idx, const u8 * buf, size_t count, unsigned long flags); int (*erase_binary)(struct sc_card *card, unsigned int idx, @@ -652,15 +608,13 @@ char *app_name; int debug; - int suppress_errors; - FILE *debug_file, *error_file; + FILE *debug_file; char *preferred_language; - const struct sc_reader_driver *reader_drivers[SC_MAX_READER_DRIVERS]; - void *reader_drv_data[SC_MAX_READER_DRIVERS]; - - struct sc_reader *reader[SC_MAX_READERS]; - int reader_count; + list_t readers; + + struct sc_reader_driver *reader_driver; + void *reader_drv_data; struct sc_card_driver *card_drivers[SC_MAX_CARD_DRIVERS]; struct sc_card_driver *forced_driver; @@ -683,6 +637,20 @@ void sc_format_apdu(sc_card_t *card, sc_apdu_t *apdu, int cse, int ins, int p1, int p2); +/** Transforms an APDU from binary to its @c sc_apdu_t representation + * @param ctx sc_context_t object (used for logging) + * @param buf APDU to be encoded as an @c sc_apdu_t object + * @param len length of @a buf + * @param apdu @c sc_apdu_t object to initialize + * @return SC_SUCCESS on success and an error code otherwise + * @note On successful initialization apdu->data will point to @a buf with an + * appropriate offset. Only free() @a buf, when apdu->data is not needed any + * longer. + * @note On successful initialization @a apdu->resp and apdu->resplen will be + * 0. You should modify both if you are expecting data in the response APDU. + */ +int sc_bytes2apdu(sc_context_t *ctx, const u8 *buf, size_t len, sc_apdu_t *apdu); + int sc_check_sw(struct sc_card *card, unsigned int sw1, unsigned int sw2); /********************************************************************/ @@ -749,77 +717,93 @@ sc_reader_t *sc_ctx_get_reader(sc_context_t *ctx, unsigned int i); /** - * Returns the number a available sc_reader objects + * Pass in pointers to handles to be used for the pcsc reader. + * This is used by cardmod to pass in handles provided by BaseCSP + * + * @param ctx pointer to a sc_context_t + * @param pcsc_context_handle pointer to the new context_handle to use + * @param pcsc_card_handle pointer to the new card_handle to use + * @return SC_SUCCESS on success and an error code otherwise. + */ +int sc_ctx_use_reader(sc_context_t *ctx, void * pcsc_context_handle, void * pcsc_card_handle); + +/** + * Returns a pointer to the specified sc_reader_t object * @param ctx OpenSC context - * @return the number of available reader objects + * @param name name of the reader to look for + * @return the requested sc_reader object or NULL if the reader is + * not available */ -unsigned int sc_ctx_get_reader_count(sc_context_t *ctx); +sc_reader_t *sc_ctx_get_reader_by_name(sc_context_t *ctx, const char *name); -/** - * Turns on error suppression +/** + * Returns a pointer to the specified sc_reader_t object * @param ctx OpenSC context + * @param id id of the reader (starting from 0) + * @return the requested sc_reader object or NULL if the reader is + * not available */ -void sc_ctx_suppress_errors_on(sc_context_t *ctx); +sc_reader_t *sc_ctx_get_reader_by_id(sc_context_t *ctx, unsigned int id); /** - * Turns off error suppression + * Returns the number a available sc_reader objects * @param ctx OpenSC context + * @return the number of available reader objects */ -void sc_ctx_suppress_errors_off(sc_context_t *ctx); +unsigned int sc_ctx_get_reader_count(sc_context_t *ctx); + +/** + * Redirects OpenSC debug log to the specified file + * @param ctx existing OpenSC context + * @param filename path to the file or "stderr" or "stdout" + * @return SC_SUCCESS on success and an error code otherwise + */ +int sc_ctx_log_to_file(sc_context_t *ctx, const char* filename); /** * Forces the use of a specified card driver * @param ctx OpenSC context - * @param short_name The short name of the driver to use (e.g. 'emv') + * @param short_name The short name of the driver to use (e.g. 'cardos') */ int sc_set_card_driver(sc_context_t *ctx, const char *short_name); /** * Connects to a card in a reader and auto-detects the card driver. * The ATR (Answer to Reset) string of the card is also retrieved. * @param reader Reader structure - * @param slot_id Slot ID to connect to * @param card The allocated card object will go here */ -int sc_connect_card(sc_reader_t *reader, int slot_id, sc_card_t **card); +int sc_connect_card(sc_reader_t *reader, sc_card_t **card); /** * Disconnects from a card, and frees the card structure. Any locks * made by the application must be released before calling this function. * NOTE: The card is not reset nor powered down after the operation. * @param card The card to disconnect - * @param flag currently not used (should be set to 0) * @return SC_SUCCESS on success and an error code otherwise */ -int sc_disconnect_card(sc_card_t *card, int flag); -/** - * Returns 1 if the magic value of the card object is correct. Mostly - * used internally by the library. - * @param card The card object to check - */ -int sc_card_valid(const sc_card_t *card); +int sc_disconnect_card(sc_card_t *card); /** * Checks if a card is present in a reader * @param reader Reader structure - * @param slot_id Slot ID * @retval If an error occured, the return value is a (negative) * OpenSC error code. If no card is present, 0 is returned. * Otherwise, a positive value is returned, which is a - * combination of flags. The flag SC_SLOT_CARD_PRESENT is + * combination of flags. The flag SC_READER_CARD_PRESENT is * always set. In addition, if the card was exchanged, - * the SC_SLOT_CARD_CHANGED flag is set. + * the SC_READER_CARD_CHANGED flag is set. */ -int sc_detect_card_presence(sc_reader_t *reader, int slot_id); +int sc_detect_card_presence(sc_reader_t *reader); /** * Waits for an event on readers. Note: only the event is detected, * there is no update of any card or other info. - * @param readers array of pointer to a Reader structure - * @param reader_count amount of readers in the array - * @param slot_id Slot ID + * NOTE: Only PC/SC backend implements this. + * @param ctx pointer to a Context structure * @param event_mask The types of events to wait for; this should * be ORed from one of the following * SC_EVENT_CARD_REMOVED * SC_EVENT_CARD_INSERTED - * @param reader (OUT) the reader on which the event was detected + * SC_EVENT_READER_ATTACHED + * @param event_reader (OUT) the reader on which the event was detected, or NULL if new reader * @param event (OUT) the events that occurred. This is also ORed * from the SC_EVENT_CARD_* constants listed above. * @param timeout Amount of millisecs to wait; -1 means forever @@ -827,17 +811,26 @@ * @retval = 0 if a an event happened * @retval = 1 if the timeout occured */ -int sc_wait_for_event(sc_reader_t **readers, int *slots, size_t nslots, - unsigned int event_mask, - int *reader, unsigned int *event, int timeout); +int sc_wait_for_event(sc_context_t *ctx, unsigned int event_mask, + sc_reader_t **event_reader, unsigned int *event, + int timeout, void **reader_states); /** * Resets the card. * NOTE: only PC/SC backend implements this function at this moment. * @param card The card to reset. + * @param do_cold_reset 0 for a warm reset, 1 for a cold reset (unpower) * @retval SC_SUCCESS on success */ -int sc_reset(sc_card_t *card); +int sc_reset(sc_card_t *card, int do_cold_reset); + +/** + * Cancel all pending PC/SC calls + * NOTE: only PC/SC backend implements this function. + * @param ctx pointer to application context + * @retval SC_SUCCESS on success + */ +int sc_cancel(sc_context_t *ctx); /** * Tries acquire the reader lock. @@ -909,6 +902,17 @@ int sc_update_binary(sc_card_t *card, unsigned int idx, const u8 * buf, size_t count, unsigned long flags); +/** + * Sets (part of) the content fo an EF to its logical erased state + * @param card sc_card_t object on which to issue the command + * @param idx index within the file for the data to be erased + * @param count number of bytes to erase + * @param flags flags for the ERASE BINARY command (currently not used) + * @return number of bytes writen or an error code + */ +int sc_erase_binary(struct sc_card *card, unsigned int idx, + size_t count, unsigned long flags); + #define SC_RECORD_EF_ID_MASK 0x0001FUL /** flags for record operations */ /** use first record */ @@ -1147,17 +1151,34 @@ * @param len length of the memory buffer */ void sc_mem_clear(void *ptr, size_t len); +void *sc_mem_alloc_secure(size_t len); int sc_get_cache_dir(sc_context_t *ctx, char *buf, size_t bufsize); int sc_make_cache_dir(sc_context_t *ctx); int sc_enum_apps(sc_card_t *card); +struct sc_app_info *sc_find_app(struct sc_card *card, struct sc_aid *aid); void sc_free_apps(sc_card_t *card); -const sc_app_info_t * sc_find_pkcs15_app(sc_card_t *card); -const sc_app_info_t * sc_find_app_by_aid(sc_card_t *card, - const u8 *aid, size_t aid_len); +int sc_parse_ef_atr(sc_card_t *card); +void sc_free_ef_atr(sc_card_t *card); int sc_update_dir(sc_card_t *card, sc_app_info_t *app); +void sc_print_cache(struct sc_card *card); + +struct sc_algorithm_info * sc_card_find_rsa_alg(sc_card_t *card, + unsigned int key_length); +struct sc_algorithm_info * sc_card_find_ec_alg(sc_card_t *card, + unsigned int field_length); +struct sc_algorithm_info * sc_card_find_gostr3410_alg(sc_card_t *card, + unsigned int key_length); + +/** + * Used to initialize the @c sc_remote_data structure -- + * reset the header of the 'remote APDUs' list, set the handlers + * to manipulate the list. + */ +void sc_remote_data_init(struct sc_remote_data *rdata); + struct sc_card_error { unsigned int SWs; int errorno; diff -Nru opensc-0.11.13/src/libopensc/p15card-helper.c opensc-0.12.1/src/libopensc/p15card-helper.c --- opensc-0.11.13/src/libopensc/p15card-helper.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/p15card-helper.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,20 +18,22 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" +#include "config.h" -#if ENABLE_OPENSSL -#include "p15card-helper.h" -#include -#include -#include -#include +#if ENABLE_OPENSSL /* empty file without openssl */ #include #include #include #include #include +#include "internal.h" +#include "p15card-helper.h" +#include "opensc.h" +#include "types.h" +#include "log.h" +#include "pkcs15.h" + int sc_pkcs15emu_initialize_objects(sc_pkcs15_card_t *p15card, p15data_items *items) { sc_card_t* card = p15card->card; const objdata* objects = items->objects; @@ -56,7 +58,7 @@ r = sc_pkcs15emu_object_add(p15card, SC_PKCS15_TYPE_DATA_OBJECT, &obj_obj, &obj_info); if (r < 0) - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } return SC_SUCCESS; } @@ -142,29 +144,29 @@ int modulus_len = 0; const prdata* key = get_prkey_by_cert(items, cert); if(!key) { - sc_error(p15card->card->ctx, "Error: No key for this certificate"); + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "Error: No key for this certificate"); return SC_ERROR_INTERNAL; } if(!d2i_X509(&cert_data, (const u8**)&data, length)) { - sc_error(p15card->card->ctx, "Error converting certificate"); + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "Error converting certificate"); return SC_ERROR_INTERNAL; } pkey = X509_get_pubkey(cert_data); if(pkey == NULL) { - sc_error(p15card->card->ctx, "Error: no public key associated with the certificate"); + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "Error: no public key associated with the certificate"); r = SC_ERROR_INTERNAL; goto err; } if(! EVP_PK_RSA & (certtype = X509_certificate_type(cert_data, pkey))) { - sc_error(p15card->card->ctx, "Error: certificate is not for an RSA key"); + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "Error: certificate is not for an RSA key"); r = SC_ERROR_INTERNAL; goto err; } if(pkey->pkey.rsa->n == NULL) { - sc_error(p15card->card->ctx, "Error: no modulus associated with the certificate"); + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "Error: no modulus associated with the certificate"); r = SC_ERROR_INTERNAL; goto err; } @@ -202,7 +204,7 @@ X509_free(cert_data); cert_data = NULL; } - SC_FUNC_RETURN(p15card->card->ctx, 1, r); + SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r); } int sc_pkcs15emu_initialize_certificates(sc_pkcs15_card_t *p15card, p15data_items* items) { @@ -219,8 +221,6 @@ memset(&cert_info, 0, sizeof(cert_info)); memset(&cert_obj, 0, sizeof(cert_obj)); - r = SC_SUCCESS; - sc_pkcs15_format_id(certs[i].id, &cert_info.id); cert_info.authority = certs[i].authority; sc_format_path(certs[i].path, &cert_info.path); @@ -232,7 +232,7 @@ u8* cert_buffer = NULL; size_t cert_length = 0; int should_free = 0; - if(SC_SUCCESS != (r = sc_select_file(card, &cert_info.path, NULL))) { + if(SC_SUCCESS != sc_select_file(card, &cert_info.path, NULL)) { if(onFailResume) continue; else @@ -258,7 +258,7 @@ break; } } else { /* Automatically add */ - if(SC_SUCCESS != (r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info))) { + if(SC_SUCCESS != sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info)) { if(onFailResume) continue; else @@ -296,7 +296,7 @@ pin_obj.flags = pins[i].obj_flags; if(0 > (r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info))) - SC_FUNC_RETURN(p15card->card->ctx, 1, r); + SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r); } return SC_SUCCESS; } @@ -309,7 +309,7 @@ for (i = 0; prkeys[i].label; i++) { r = add_private_key(p15card, &prkeys[i], 0, 0); if (r < 0) - SC_FUNC_RETURN(p15card->card->ctx, 1, r); + SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r); } return SC_SUCCESS; } @@ -322,7 +322,7 @@ for (i = 0; keys[i].label; i++) { r = add_public_key(p15card, &keys[i], 0, 0); if (r < 0) - SC_FUNC_RETURN(p15card->card->ctx, 1, r); + SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r); } return SC_SUCCESS; @@ -344,4 +344,4 @@ return SC_SUCCESS; } -#endif +#endif /* ENABLE_OPENSSL */ diff -Nru opensc-0.11.13/src/libopensc/p15card-helper.h opensc-0.12.1/src/libopensc/p15card-helper.h --- opensc-0.11.13/src/libopensc/p15card-helper.h 2009-12-13 07:44:43.000000000 +0000 +++ opensc-0.12.1/src/libopensc/p15card-helper.h 2011-05-17 17:07:00.000000000 +0000 @@ -21,7 +21,7 @@ #ifndef P15CARD_HELPER_H #define P15CARD_HELPER_H -#include +#include "libopensc/pkcs15.h" #define USAGE_NONREP SC_PKCS15_PRKEY_USAGE_NONREPUDIATION | \ diff -Nru opensc-0.11.13/src/libopensc/p15emu-westcos.c opensc-0.12.1/src/libopensc/p15emu-westcos.c --- opensc-0.11.13/src/libopensc/p15emu-westcos.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/p15emu-westcos.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,251 +0,0 @@ -/* - * p15emu-westcos.c: pkcs15 emulation for westcos card - * - * Copyright (C) 2009 francois.leblanc@cev-sa.com -* - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -#include "internal.h" - -#include -#include -#include - -#include "pkcs15.h" -#include "cardctl.h" -#include "compat_strlcpy.h" - -static int sc_pkcs15emu_westcos_init(sc_pkcs15_card_t * p15card) -{ - int i, r; - int modulus_length = 0, usage = 0; - char buf[256]; - sc_card_t *card = p15card->card; - sc_context_t *ctx = card->ctx; - sc_serial_number_t serial; - sc_path_t path; - sc_file_t *file = NULL; - sc_format_path("3F00", &path); - r = sc_select_file(card, &path, &file); - if (r) - goto out; - if (file) - sc_file_free(file); - file = NULL; - if (p15card->label != NULL) - free(p15card->label); - p15card->label = strdup("westcos"); - if (p15card->manufacturer_id != NULL) - free(p15card->manufacturer_id); - p15card->manufacturer_id = strdup("CEV"); - - /* get serial number */ - r = sc_card_ctl(card, SC_CARDCTL_GET_SERIALNR, &serial); - r = sc_bin_to_hex(serial.value, serial.len, buf, sizeof(buf), 0); - if (r) - goto out; - if (p15card->serial_number != NULL) - free(p15card->serial_number); - p15card->serial_number = strdup(buf); - p15card->version = buf[6]; - p15card->flags = SC_PKCS15_CARD_FLAG_LOGIN_REQUIRED; - sc_format_path("AAAA", &path); - sc_ctx_suppress_errors_on(ctx); - r = sc_select_file(card, &path, &file); - sc_ctx_suppress_errors_off(ctx); - if (!r) { - for (i = 0; i < 1; i++) { - unsigned int flags; - struct sc_pkcs15_pin_info pin_info; - struct sc_pkcs15_object pin_obj; - memset(&pin_info, 0, sizeof(pin_info)); - memset(&pin_obj, 0, sizeof(pin_obj)); - flags = SC_PKCS15_PIN_FLAG_INITIALIZED; - if (i == 1) { - flags |= - SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED | - SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN; - } - pin_info.auth_id.len = 1; - pin_info.auth_id.value[0] = i + 1; - pin_info.reference = i; - pin_info.flags = flags; - pin_info.type = SC_PKCS15_PIN_TYPE_BCD; - pin_info.min_length = 4; - pin_info.stored_length = 8; - pin_info.max_length = 8; - pin_info.pad_char = 0xff; - pin_info.path = path; - pin_info.tries_left = -1; - if (i == 1) - strlcpy(pin_obj.label, "Unblock", - sizeof(pin_obj.label)); - - else - strlcpy(pin_obj.label, "User", - sizeof(pin_obj.label)); - pin_obj.flags = - SC_PKCS15_CO_FLAG_MODIFIABLE | - SC_PKCS15_CO_FLAG_PRIVATE; - r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, - &pin_info); - if (r) - goto out; - } - } - if (file) - sc_file_free(file); - file = NULL; - sc_format_path("0002", &path); - sc_ctx_suppress_errors_on(ctx); - r = sc_select_file(card, &path, &file); - sc_ctx_suppress_errors_off(ctx); - if (!r) { - struct sc_pkcs15_cert_info cert_info; - struct sc_pkcs15_object cert_obj; - struct sc_pkcs15_pubkey_info pubkey_info; - struct sc_pkcs15_object pubkey_obj; - struct sc_pkcs15_pubkey *pkey = NULL; - memset(&cert_info, 0, sizeof(cert_info)); - memset(&cert_obj, 0, sizeof(cert_obj)); - cert_info.id.len = 1; - cert_info.id.value[0] = 0x45; - cert_info.authority = 0; - cert_info.path = path; - sc_ctx_suppress_errors_on(ctx); - r = sc_pkcs15_read_certificate(p15card, &cert_info, - (sc_pkcs15_cert_t - **) (&cert_obj.data)); - sc_ctx_suppress_errors_off(ctx); - if (!r) { - sc_pkcs15_cert_t *cert = - (sc_pkcs15_cert_t *) (cert_obj.data); - strlcpy(cert_obj.label, "User certificat", - sizeof(cert_obj.label)); - cert_obj.flags = SC_PKCS15_CO_FLAG_MODIFIABLE; - r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, - &cert_info); - if (r) - goto out; - pkey = &cert->key; - } - memset(&pubkey_info, 0, sizeof(pubkey_info)); - memset(&pubkey_obj, 0, sizeof(pubkey_obj)); - pubkey_info.id.len = 1; - pubkey_info.id.value[0] = 0x45; - pubkey_info.modulus_length = modulus_length; - pubkey_info.key_reference = 1; - pubkey_info.native = 1; - pubkey_info.usage = - SC_PKCS15_PRKEY_USAGE_VERIFY | - SC_PKCS15_PRKEY_USAGE_VERIFYRECOVER | - SC_PKCS15_PRKEY_USAGE_ENCRYPT | - SC_PKCS15_PRKEY_USAGE_WRAP; - pubkey_info.path = path; - strlcpy(pubkey_obj.label, "Public Key", - sizeof(pubkey_obj.label)); - pubkey_obj.auth_id.len = 1; - pubkey_obj.auth_id.value[0] = 1; - pubkey_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE; - pubkey_obj.type = SC_PKCS15_TYPE_PUBKEY_RSA; - if (pkey == NULL) { - pubkey_obj.data = &pubkey_info; - r = sc_pkcs15_read_pubkey(p15card, &pubkey_obj, &pkey); - if (r) - goto out; - - //force rechargement clef et maj infos lors de sc_pkcs15emu_add_rsa_pubkey (sinon modulus = 0) - pubkey_obj.flags = 0; - } - if (pkey->algorithm == SC_ALGORITHM_RSA) { - modulus_length = (int)(pkey->u.rsa.modulus.len * 8); - } - pubkey_info.modulus_length = modulus_length; - pubkey_obj.data = pkey; - r = sc_pkcs15emu_add_rsa_pubkey(p15card, &pubkey_obj, - &pubkey_info); - if (r < 0) - goto out; - } - if (!usage) { - usage = - SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_DECRYPT | - SC_PKCS15_PRKEY_USAGE_NONREPUDIATION; - } - if (file) - sc_file_free(file); - file = NULL; - sc_format_path("0001", &path); - sc_ctx_suppress_errors_on(ctx); - r = sc_select_file(card, &path, &file); - sc_ctx_suppress_errors_off(ctx); - if (!r) { - struct sc_pkcs15_prkey_info prkey_info; - struct sc_pkcs15_object prkey_obj; - memset(&prkey_info, 0, sizeof(prkey_info)); - memset(&prkey_obj, 0, sizeof(prkey_obj)); - prkey_info.id.len = 1; - prkey_info.id.value[0] = 0x45; - prkey_info.usage = - SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_DECRYPT - | SC_PKCS15_PRKEY_USAGE_NONREPUDIATION; - prkey_info.native = 1; - prkey_info.key_reference = 1; - prkey_info.modulus_length = modulus_length; - prkey_info.path = path; - strlcpy(prkey_obj.label, "Private Key", - sizeof(prkey_obj.label)); - prkey_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE; - prkey_obj.auth_id.len = 1; - prkey_obj.auth_id.value[0] = 1; - r = sc_pkcs15emu_add_rsa_prkey(p15card, &prkey_obj, - &prkey_info); - if (r < 0) - goto out; - } - r = 0; - out:if (file) - sc_file_free(file); - return r; -} - -static int westcos_detect_card(sc_pkcs15_card_t * p15card) -{ - sc_card_t *card = p15card->card; - sc_context_t *ctx = card->ctx; - char *name = "WESTCOS"; - if (ctx->debug >= 1) - sc_debug(ctx, "westcos_detect_card (%s)", card->name); - if (strncmp(card->name, name, strlen(name))) - return SC_ERROR_WRONG_CARD; - return SC_SUCCESS; -} - -int sc_pkcs15emu_westcos_init_ex(sc_pkcs15_card_t * p15card, - sc_pkcs15emu_opt_t * opts) -{ - int r; - sc_card_t *card = p15card->card; - sc_context_t *ctx = card->ctx; - if (ctx->debug >= 1) - sc_debug(ctx, "sc_pkcs15_init_func_ex westcos\n"); - if (opts && opts->flags & SC_PKCS15EMU_FLAGS_NO_CHECK) - return sc_pkcs15emu_westcos_init(p15card); - r = westcos_detect_card(p15card); - if (r) - return SC_ERROR_WRONG_CARD; - return sc_pkcs15emu_westcos_init(p15card); -} diff -Nru opensc-0.11.13/src/libopensc/padding.c opensc-0.12.1/src/libopensc/padding.c --- opensc-0.11.13/src/libopensc/padding.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/padding.c 2011-05-17 17:07:00.000000000 +0000 @@ -19,10 +19,13 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" +#include "config.h" + #include #include +#include "internal.h" + /* TODO doxygen comments */ /* @@ -175,12 +178,14 @@ const u8 *hdr = digest_info_prefix[i].hdr; size_t hdr_len = digest_info_prefix[i].hdr_len, hash_len = digest_info_prefix[i].hash_len; - if (in_len != hash_len || - *out_len < (hdr_len + hash_len)) + + if (in_len != hash_len || *out_len < (hdr_len + hash_len)) return SC_ERROR_INTERNAL; + memmove(out + hdr_len, in, hash_len); memmove(out, hdr, hdr_len); *out_len = hdr_len + hash_len; + return SC_SUCCESS; } } @@ -219,25 +224,27 @@ int sc_pkcs1_encode(sc_context_t *ctx, unsigned long flags, const u8 *in, size_t in_len, u8 *out, size_t *out_len, size_t mod_len) { - int i; + int rv, i; size_t tmp_len = *out_len; const u8 *tmp = in; unsigned int hash_algo, pad_algo; + LOG_FUNC_CALLED(ctx); + hash_algo = flags & (SC_ALGORITHM_RSA_HASHES | SC_ALGORITHM_RSA_HASH_NONE); pad_algo = flags & SC_ALGORITHM_RSA_PADS; + sc_log(ctx, "hash algorithm 0x%X, pad algorithm 0x%X", hash_algo, pad_algo); if (hash_algo != SC_ALGORITHM_RSA_HASH_NONE) { - i = sc_pkcs1_add_digest_info_prefix(hash_algo, in, in_len, - out, &tmp_len); + i = sc_pkcs1_add_digest_info_prefix(hash_algo, in, in_len, out, &tmp_len); if (i != SC_SUCCESS) { - sc_error(ctx, "Unable to add digest info 0x%x\n", - hash_algo); - return i; + sc_log(ctx, "Unable to add digest info 0x%x", hash_algo); + LOG_FUNC_RETURN(ctx, i); } tmp = out; - } else + } else { tmp_len = in_len; + } switch(pad_algo) { case SC_ALGORITHM_RSA_PAD_NONE: @@ -245,15 +252,15 @@ if (out != tmp) memcpy(out, tmp, tmp_len); *out_len = tmp_len; - return SC_SUCCESS; + LOG_FUNC_RETURN(ctx, SC_SUCCESS); case SC_ALGORITHM_RSA_PAD_PKCS1: /* add pkcs1 bt01 padding */ - return sc_pkcs1_add_01_padding(tmp, tmp_len, out, out_len, - mod_len); + rv = sc_pkcs1_add_01_padding(tmp, tmp_len, out, out_len, mod_len); + LOG_FUNC_RETURN(ctx, rv); default: /* currently only pkcs1 padding is supported */ - sc_error(ctx, "Unsupported padding algorithm 0x%x\n", pad_algo); - return SC_ERROR_NOT_SUPPORTED; + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Unsupported padding algorithm 0x%x", pad_algo); + LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED); } } @@ -263,9 +270,11 @@ { size_t i; + LOG_FUNC_CALLED(ctx); if (pflags == NULL || sflags == NULL) - return SC_ERROR_INVALID_ARGUMENTS; + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS); + sc_log(ctx, "iFlags 0x%X, card capabilities 0x%X", iflags, caps); for (i = 0; digest_info_prefix[i].algorithm != 0; i++) { if (iflags & digest_info_prefix[i].algorithm) { if (digest_info_prefix[i].algorithm != SC_ALGORITHM_RSA_HASH_NONE && @@ -283,17 +292,17 @@ else *pflags |= SC_ALGORITHM_RSA_PAD_PKCS1; } else if ((iflags & SC_ALGORITHM_RSA_PADS) == SC_ALGORITHM_RSA_PAD_NONE) { - if (!(caps & SC_ALGORITHM_RSA_RAW)) { - sc_error(ctx, "raw RSA is not supported"); - return SC_ERROR_NOT_SUPPORTED; - } - *sflags |= SC_ALGORITHM_RSA_RAW; - /* in case of raw RSA there is nothing to pad */ + + /* Work with RSA, EC and maybe GOSTR? */ + if (!(caps & SC_ALGORITHM_RAW_MASK)) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "raw encryption is not supported"); + + *sflags |= (caps & SC_ALGORITHM_RAW_MASK); /* adds in the one raw type */ *pflags = 0; } else { - sc_error(ctx, "unsupported algorithm"); - return SC_ERROR_NOT_SUPPORTED; + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "unsupported algorithm"); } - return SC_SUCCESS; + sc_log(ctx, "pad flags 0x%X, secure algorithm flags 0x%X", *pflags, *sflags); + LOG_FUNC_RETURN(ctx, SC_SUCCESS); } diff -Nru opensc-0.11.13/src/libopensc/pkcs15-actalis.c opensc-0.12.1/src/libopensc/pkcs15-actalis.c --- opensc-0.11.13/src/libopensc/pkcs15-actalis.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/pkcs15-actalis.c 2011-05-17 17:07:00.000000000 +0000 @@ -22,21 +22,19 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif - -#include -#include +#include "config.h" + #include #include #include -#include - #ifdef ENABLE_ZLIB #include #endif +#include "common/compat_strlcpy.h" +#include "libopensc/pkcs15.h" +#include "libopensc/log.h" + int sc_pkcs15emu_actalis_init_ex(sc_pkcs15_card_t *, sc_pkcs15emu_opt_t *); static int (*set_security_env) (sc_card_t *, const sc_security_env_t *, int); @@ -147,15 +145,15 @@ sc_card_t *card = p15card->card; sc_path_t path; sc_pkcs15_id_t id, auth_id; - unsigned char serial[9]; + unsigned char serial_buf[13], *serial; int flags; int r; #ifdef ENABLE_ZLIB - int i; + int i = 0, j = 0; const char *certLabel[] = { "User Non-repudiation Certificate", /* "User Non-repudiation Certificate" */ - "TSCA Certificate", + "TSA Certificate", "CA Certificate" }; const char *certPath[] = @@ -177,76 +175,79 @@ const char *authPRKEY = "Authentication Key"; /* const char *nonrepPRKEY = "Non repudiation Key"; */ - p15card->opts.use_cache = 1; - + p15card->opts.use_file_cache = 1; + /* Get Serial number */ sc_format_path("3F0030000001", &path); r = sc_select_file(card, &path, NULL); if (r != SC_SUCCESS) return SC_ERROR_WRONG_CARD; - sc_read_binary(card, 0xC3, serial, 8, 0); + sc_read_binary(card, 0xC3, serial_buf, 12, 0); + serial = serial_buf; + + /* + * The serial number is 8 characters long. Later versions of the + * card have the serial number at a different offset, after 4 more + * bytes. + */ + if (serial[0] != 'H') { + if (serial[4] == 'H') + serial = &serial_buf[4]; + else + return SC_ERROR_WRONG_CARD; + } serial[8] = '\0'; /* Controllo che il serial number inizi per "H" */ if( serial[0] != 'H' ) return SC_ERROR_WRONG_CARD; - - set_string(&p15card->label, "Actalis"); - set_string(&p15card->manufacturer_id, "Actalis"); - set_string(&p15card->serial_number, (char *)serial); + set_string(&p15card->tokeninfo->label, "Actalis"); + set_string(&p15card->tokeninfo->manufacturer_id, "Actalis"); + set_string(&p15card->tokeninfo->serial_number, (char *)serial); #ifdef ENABLE_ZLIB for (i = 0; i < 3; i++) { - unsigned char *compCert = NULL, *cert = NULL, size[2]; - unsigned int compLen, len; - sc_pkcs15_cert_info_t cert_info; - sc_pkcs15_object_t cert_obj; sc_path_t cpath; - - memset(&cert_info, 0, sizeof(cert_info)); - memset(&cert_obj, 0, sizeof(cert_obj)); - sc_format_path(certPath[i], &cpath); - if (sc_select_file(card, &cpath, NULL) != SC_SUCCESS) - return SC_ERROR_WRONG_CARD; - - sc_read_binary(card, 2, size, 2, 0); - - compLen = (size[0] << 8) + size[1]; - - compCert = - (unsigned char *) malloc(compLen * - sizeof(unsigned char)); - len = 3 * compLen; /*Approximation of the uncompressed size */ - cert = - (unsigned char *) malloc(len * sizeof(unsigned char)); - - sc_read_binary(card, 4, compCert, compLen, 0); - - if (uncompress - (cert, (unsigned long int *) &len, compCert, - compLen) != Z_OK) - return SC_ERROR_INTERNAL; - - cpath.index = 0; - cpath.count = len; - - sc_pkcs15_cache_file(p15card, &cpath, cert, len); - - id.value[0] = i + 1; - id.len = 1; - - cert_info.id = id; - cert_info.path = cpath; - cert_info.authority = (i>0); - - strlcpy(cert_obj.label, certLabel[i], sizeof(cert_obj.label)); - cert_obj.flags = SC_PKCS15_CO_FLAG_MODIFIABLE; - - sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info); + if (sc_select_file(card, &cpath, NULL) == SC_SUCCESS) { + unsigned char *compCert = NULL, *cert = NULL, size[2]; + unsigned int compLen, len; + + sc_pkcs15_cert_info_t cert_info; + sc_pkcs15_object_t cert_obj; + memset(&cert_info, 0, sizeof(cert_info)); + memset(&cert_obj, 0, sizeof(cert_obj)); + + sc_read_binary(card, 2, size, 2, 0); + compLen = (size[0] << 8) + size[1]; + compCert = malloc(compLen * sizeof(unsigned char)); + len = 3 * compLen; /*Approximation of the uncompressed size */ + cert = malloc(len * sizeof(unsigned char)); + + sc_read_binary(card, 4, compCert, compLen, 0); + + if (uncompress(cert, (unsigned long int *) &len, + compCert, compLen) != Z_OK) + return SC_ERROR_INTERNAL; + cpath.index = 0; + cpath.count = len; + + sc_pkcs15_cache_file(p15card, &cpath, cert, len); + id.value[0] = j + 1; + id.len = 1; + cert_info.id = id; + cert_info.path = cpath; + cert_info.authority = (j>0); + + strlcpy(cert_obj.label, certLabel[j], sizeof(cert_obj.label)); + + j++; + cert_obj.flags = SC_PKCS15_CO_FLAG_MODIFIABLE; + sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info); + } } #endif diff -Nru opensc-0.11.13/src/libopensc/pkcs15-algo.c opensc-0.12.1/src/libopensc/pkcs15-algo.c --- opensc-0.11.13/src/libopensc/pkcs15-algo.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/pkcs15-algo.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,14 +18,17 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" -#include "asn1.h" +#include "config.h" + #include #include #include #include #include +#include "internal.h" +#include "asn1.h" + /* * AlgorithmIdentifier handling */ @@ -232,6 +235,89 @@ free(params); } +static const struct sc_asn1_entry c_asn1_ec_params[] = { + { "ecParameters", SC_ASN1_STRUCT, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, 0, NULL, NULL }, + { "namedCurve", SC_ASN1_OBJECT, SC_ASN1_TAG_OBJECT, 0, NULL, NULL}, + { "implicityCA", SC_ASN1_NULL, SC_ASN1_TAG_NULL, 0, NULL, NULL }, + { NULL, 0, 0, 0, NULL, NULL } +}; + +static int +asn1_decode_ec_params(sc_context_t *ctx, void **paramp, + const u8 *buf, size_t buflen, int depth) +{ + int r; + struct sc_object_id curve; + struct sc_asn1_entry asn1_ec_params[4]; + struct sc_ec_params * ecp; + +sc_debug(ctx, SC_LOG_DEBUG_ASN1, "DEE - asn1_decode_ec_params %p:%d %d", buf, buflen, depth); + + memset(&curve, 0, sizeof(curve)); + ecp = malloc(sizeof(struct sc_ec_params)); + if (ecp == NULL) + return SC_ERROR_OUT_OF_MEMORY; + memset(ecp,9,sizeof(struct sc_ec_params)); + + + /* We only want to copy the parms if they are a namedCurve + * or ecParameters nullParam aka implicityCA is not to be + * used with PKCS#11 2.20 */ + sc_copy_asn1_entry(c_asn1_ec_params, asn1_ec_params); + sc_format_asn1_entry(asn1_ec_params + 1, &curve, 0, 0); + + /* Some signature algorithms will not have any data */ + if (buflen == 0 || buf == NULL ) + return 0; + + r = sc_asn1_decode_choice(ctx, asn1_ec_params, buf, buflen, NULL, NULL); + /* r = index into asn1_ec_params */ +sc_debug(ctx, SC_LOG_DEBUG_ASN1, "DEE - asn1_decode_ec_params r=%d", r); + if (r < 0) + return r; + if (r <= 1) { + ecp->der = malloc(buflen); + + if (ecp->der == NULL) + return SC_ERROR_OUT_OF_MEMORY; + + ecp->der_len = buflen; + +sc_debug(ctx, SC_LOG_DEBUG_ASN1, "DEE - asn1_decode_ec_params paramp=%p %p:%d %d", + ecp, ecp->der, ecp->der_len, ecp->type); + memcpy(ecp->der, buf, buflen); /* copy der parameters */ + } else + r = 0; + ecp->type = r; /* but 0 = ecparams if any, 1=named curve */ + *paramp = ecp; + return 0; +}; + +static int +asn1_encode_ec_params(sc_context_t *ctx, void *params, +u8 **buf, size_t *buflen, int depth) +{ + int r; +/* TODO: -DEE EC paramameters are DER so is there anything to do? */ +/* I have not needed this yet */ +sc_debug(ctx, SC_LOG_DEBUG_ASN1, "DEE - asn1_encode_ec_params"); + r = SC_ERROR_NOT_IMPLEMENTED; + + return r; +} + +static void +asn1_free_ec_params(void *params) +{ + struct sc_ec_params * ecp = (struct sc_ec_params *) params; + if (ecp) { + if (ecp->der) + free(ecp->der); + free(ecp); + } +} + + static struct sc_asn1_pkcs15_algorithm_info algorithm_table[] = { #ifdef SC_ALGORITHM_SHA1 /* hmacWithSHA1 */ @@ -299,8 +385,35 @@ asn1_decode_pbes2_params, asn1_encode_pbes2_params, asn1_free_pbes2_params }, - { -1, {{ -1 }}, NULL, NULL, NULL } #endif + +#ifdef SC_ALGORITHM_EC + { SC_ALGORITHM_EC, {{ 1, 2, 840, 10045, 2, 1 }}, + asn1_decode_ec_params, asn1_encode_ec_params, asn1_free_ec_params }, +#endif +/* TODO: -DEE Not clear of we need the next five or not */ +#ifdef SC_ALGORITHM_ECDSA_SHA1 + /* Note RFC 3279 says no ecParameters */ + { SC_ALGORITHM_ECDSA_SHA1, {{ 1, 2, 840, 10045, 4, 1 }}, NULL, NULL, NULL}, +#endif +#ifdef SC_ALGORITHM_ECDSA_SHA224 +/* These next 4 are defined in RFC 5758 */ + { SC_ALGORITHM_ECDSA_SHA224, {{ 1, 2, 840, 10045, 4, 3, 1 }}, + asn1_decode_ec_params, asn1_encode_ec_params, asn1_free_ec_params }, +#endif +#ifdef SC_ALGORITHM_ECDSA_SHA256 + { SC_ALGORITHM_ECDSA_SHA256, {{ 1, 2, 840, 10045, 4, 3, 2 }}, + asn1_decode_ec_params, asn1_encode_ec_params, asn1_free_ec_params }, +#endif +#ifdef SC_ALGORITHM_ECDSA_SHA384 + { SC_ALGORITHM_ECDSA_SHA384, {{ 1, 2, 840, 10045, 4, 3, 3 }}, + asn1_decode_ec_params, asn1_encode_ec_params, asn1_free_ec_params }, +#endif +#ifdef SC_ALGORITHM_ECDSA_SHA512 + { SC_ALGORITHM_ECDSA_SHA512, {{ 1, 2, 840, 10045, 4, 3, 4 }}, + asn1_decode_ec_params, asn1_encode_ec_params, asn1_free_ec_params }, +#endif + { -1, {{ -1 }}, NULL, NULL, NULL } }; static struct sc_asn1_pkcs15_algorithm_info * @@ -365,8 +478,13 @@ if ((alg_info = sc_asn1_get_algorithm_info(id)) != NULL) { id->algorithm = alg_info->id; if (alg_info->decode) { - if (asn1_alg_id[1].flags & SC_ASN1_PRESENT) +/* TODO: -DEE why the test for SC_ASN1_PRESENT? + * If it looking for SC_ASN1_NULL, thats valid for EC, in some cases + */ + if (asn1_alg_id[1].flags & SC_ASN1_PRESENT) { + sc_debug( ctx,SC_LOG_DEBUG_NORMAL,"SC_ASN1_PRESENT was set, so invalid"); return SC_ERROR_INVALID_ASN1_OBJECT; + } r = alg_info->decode(ctx, &id->params, in, len, depth); } } @@ -390,7 +508,7 @@ alg_info = sc_asn1_get_algorithm_info(id); if (alg_info == NULL) { - sc_error(ctx, "Cannot encode unknown algorithm %u.\n", + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Cannot encode unknown algorithm %u.\n", id->algorithm); return SC_ERROR_INVALID_ARGUMENTS; } @@ -445,6 +563,8 @@ { struct sc_asn1_pkcs15_algorithm_info *aip; - if ((aip = sc_asn1_get_algorithm_info(id)) && aip->free) - aip->free(id); + if (id->params && (aip = sc_asn1_get_algorithm_info(id)) && aip->free) { + aip->free(id->params); + id->params = NULL; + } } diff -Nru opensc-0.11.13/src/libopensc/pkcs15-atrust-acos.c opensc-0.12.1/src/libopensc/pkcs15-atrust-acos.c --- opensc-0.11.13/src/libopensc/pkcs15-atrust-acos.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/pkcs15-atrust-acos.c 2011-05-17 17:07:00.000000000 +0000 @@ -19,12 +19,15 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include -#include +#include "config.h" + #include #include #include -#include + +#include "common/compat_strlcpy.h" +#include "libopensc/pkcs15.h" +#include "libopensc/cardctl.h" #define MANU_ID "A-Trust" #define CARD_LABEL "a.sign Premium a" @@ -95,9 +98,7 @@ return SC_ERROR_WRONG_CARD; /* read EF_CIN_CSN file */ sc_format_path("DF71D001", &path); - sc_ctx_suppress_errors_on(card->ctx); r = sc_select_file(card, &path, NULL); - sc_ctx_suppress_errors_off(card->ctx); if (r != SC_SUCCESS) return SC_ERROR_WRONG_CARD; r = sc_read_binary(card, 0, buf, 8, 0); @@ -163,9 +164,7 @@ /* read EF_CIN_CSN file */ sc_format_path("DF71D001", &path); - sc_ctx_suppress_errors_on(card->ctx); r = sc_select_file(card, &path, NULL); - sc_ctx_suppress_errors_off(card->ctx); if (r != SC_SUCCESS) return SC_ERROR_INTERNAL; r = sc_read_binary(card, 0, buf, 8, 0); @@ -174,31 +173,28 @@ r = sc_bin_to_hex(buf, 8, buf2, sizeof(buf2), 0); if (r != SC_SUCCESS) return SC_ERROR_INTERNAL; - if (p15card->serial_number) - free(p15card->serial_number); - p15card->serial_number = (char *) malloc(strlen(buf2) + 1); - if (!p15card->serial_number) + if (p15card->tokeninfo->serial_number) + free(p15card->tokeninfo->serial_number); + p15card->tokeninfo->serial_number = malloc(strlen(buf2) + 1); + if (!p15card->tokeninfo->serial_number) return SC_ERROR_INTERNAL; - strcpy(p15card->serial_number, buf2); - - /* the TokenInfo version number */ - p15card->version = 0; + strcpy(p15card->tokeninfo->serial_number, buf2); /* manufacturer ID */ - if (p15card->manufacturer_id) - free(p15card->manufacturer_id); - p15card->manufacturer_id = (char *) malloc(strlen(MANU_ID) + 1); - if (!p15card->manufacturer_id) + if (p15card->tokeninfo->manufacturer_id) + free(p15card->tokeninfo->manufacturer_id); + p15card->tokeninfo->manufacturer_id = malloc(strlen(MANU_ID) + 1); + if (!p15card->tokeninfo->manufacturer_id) return SC_ERROR_INTERNAL; - strcpy(p15card->manufacturer_id, MANU_ID); + strcpy(p15card->tokeninfo->manufacturer_id, MANU_ID); /* card label */ - if (p15card->label) - free(p15card->label); - p15card->label = (char *) malloc(strlen(CARD_LABEL) + 1); - if (!p15card->label) + if (p15card->tokeninfo->label) + free(p15card->tokeninfo->label); + p15card->tokeninfo->label = malloc(strlen(CARD_LABEL) + 1); + if (!p15card->tokeninfo->label) return SC_ERROR_INTERNAL; - strcpy(p15card->label, CARD_LABEL); + strcpy(p15card->tokeninfo->label, CARD_LABEL); /* set certs */ for (i = 0; certs[i].label; i++) { diff -Nru opensc-0.11.13/src/libopensc/pkcs15.c opensc-0.12.1/src/libopensc/pkcs15.c --- opensc-0.11.13/src/libopensc/pkcs15.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/pkcs15.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,20 +18,50 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" -#include "pkcs15.h" -#include "asn1.h" +#ifdef HAVE_CONFIG_H +#include +#endif + #include #include #include #include -#include + +#include "cardctl.h" +#include "internal.h" +#include "pkcs15.h" +#include "asn1.h" static const struct sc_asn1_entry c_asn1_twlabel[] = { { "twlabel", SC_ASN1_UTF8STRING, SC_ASN1_TAG_UTF8STRING, 0, NULL, NULL }, { NULL, 0, 0, 0, NULL, NULL } }; +static const struct sc_asn1_entry c_asn1_algorithm_info[7] = { + { "reference", SC_ASN1_INTEGER, SC_ASN1_TAG_INTEGER, 0, NULL, NULL }, + { "algorithmPKCS#11", SC_ASN1_INTEGER, SC_ASN1_TAG_INTEGER, 0, NULL, NULL }, + { "parameters", SC_ASN1_NULL, SC_ASN1_TAG_NULL, 0, NULL, NULL }, + { "supportedOperations",SC_ASN1_BIT_FIELD, SC_ASN1_TAG_BIT_STRING, 0, NULL, NULL }, + { "objId", SC_ASN1_OBJECT, SC_ASN1_TAG_OBJECT, SC_ASN1_OPTIONAL, NULL, NULL }, + { "algRef", SC_ASN1_INTEGER, SC_ASN1_TAG_INTEGER, SC_ASN1_OPTIONAL, NULL, NULL }, + { NULL, 0, 0, 0, NULL, NULL } +}; + +/* + * in src/libopensc/types.h SC_MAX_SUPPORTED_ALGORITHMS defined as 8 + */ +static const struct sc_asn1_entry c_asn1_supported_algorithms[SC_MAX_SUPPORTED_ALGORITHMS + 1] = { + { "algorithmInfo", SC_ASN1_STRUCT, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, SC_ASN1_OPTIONAL, NULL, NULL }, + { "algorithmInfo", SC_ASN1_STRUCT, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, SC_ASN1_OPTIONAL, NULL, NULL }, + { "algorithmInfo", SC_ASN1_STRUCT, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, SC_ASN1_OPTIONAL, NULL, NULL }, + { "algorithmInfo", SC_ASN1_STRUCT, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, SC_ASN1_OPTIONAL, NULL, NULL }, + { "algorithmInfo", SC_ASN1_STRUCT, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, SC_ASN1_OPTIONAL, NULL, NULL }, + { "algorithmInfo", SC_ASN1_STRUCT, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, SC_ASN1_OPTIONAL, NULL, NULL }, + { "algorithmInfo", SC_ASN1_STRUCT, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, SC_ASN1_OPTIONAL, NULL, NULL }, + { "algorithmInfo", SC_ASN1_STRUCT, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, SC_ASN1_OPTIONAL, NULL, NULL }, + { NULL, 0, 0, 0, NULL, NULL } +}; + static const struct sc_asn1_entry c_asn1_toki[] = { { "version", SC_ASN1_INTEGER, SC_ASN1_TAG_INTEGER, 0, NULL, NULL }, { "serialNumber", SC_ASN1_OCTET_STRING, SC_ASN1_TAG_OCTET_STRING, SC_ASN1_OPTIONAL, NULL, NULL }, @@ -46,7 +76,7 @@ { "issuerId", SC_ASN1_UTF8STRING, SC_ASN1_CTX | 3, SC_ASN1_OPTIONAL, NULL, NULL }, { "holderId", SC_ASN1_UTF8STRING, SC_ASN1_CTX | 4, SC_ASN1_OPTIONAL, NULL, NULL }, { "lastUpdate", SC_ASN1_GENERALIZEDTIME, SC_ASN1_CTX | 5, SC_ASN1_OPTIONAL, NULL, NULL }, - { "preferredLanguage", SC_ASN1_PRINTABLESTRING, SC_ASN1_TAG_PRINTABLESTRING, SC_ASN1_OPTIONAL, NULL, NULL }, + { "preferredLanguage", SC_ASN1_PRINTABLESTRING, SC_ASN1_TAG_PRINTABLESTRING, SC_ASN1_OPTIONAL, NULL, NULL }, { NULL, 0, 0, 0, NULL, NULL } }; @@ -59,8 +89,8 @@ sc_pkcs15_tokeninfo_t *ti, const u8 *buf, size_t blen) { int r; + size_t ii; u8 serial[128]; - size_t i; size_t serial_len = sizeof(serial); u8 mnfid[SC_PKCS15_MAX_LABEL_SIZE]; size_t mnfid_len = sizeof(mnfid); @@ -72,12 +102,33 @@ struct sc_asn1_entry asn1_toki[14], asn1_tokeninfo[3], asn1_twlabel[3]; u8 preferred_language[3]; size_t lang_length = sizeof(preferred_language); + struct sc_asn1_entry asn1_supported_algorithms[SC_MAX_SUPPORTED_ALGORITHMS + 1], + asn1_algo_infos[SC_MAX_SUPPORTED_ALGORITHMS][7]; + size_t reference_len = sizeof(ti->supported_algos[0].reference); + size_t mechanism_len = sizeof(ti->supported_algos[0].mechanism); + size_t operations_len = sizeof(ti->supported_algos[0].operations); + size_t algo_ref_len = sizeof(ti->supported_algos[0].algo_ref); memset(last_update, 0, sizeof(last_update)); sc_copy_asn1_entry(c_asn1_twlabel, asn1_twlabel); sc_copy_asn1_entry(c_asn1_toki, asn1_toki); sc_copy_asn1_entry(c_asn1_tokeninfo, asn1_tokeninfo); sc_format_asn1_entry(asn1_twlabel, label, &label_len, 0); + + for (ii=0; iisupported_algos[ii].reference, &reference_len, 0); + sc_format_asn1_entry(asn1_algo_infos[ii] + 1, &ti->supported_algos[ii].mechanism, &mechanism_len, 0); + sc_format_asn1_entry(asn1_algo_infos[ii] + 2, NULL, NULL, 0); + sc_format_asn1_entry(asn1_algo_infos[ii] + 3, &ti->supported_algos[ii].operations, &operations_len, 0); + sc_format_asn1_entry(asn1_algo_infos[ii] + 4, &ti->supported_algos[ii].algo_id, NULL, 1); + sc_format_asn1_entry(asn1_algo_infos[ii] + 5, &ti->supported_algos[ii].algo_ref, &algo_ref_len, 0); + sc_format_asn1_entry(asn1_supported_algorithms + ii, asn1_algo_infos[ii], NULL, 0); + } + sc_format_asn1_entry(asn1_toki + 0, &ti->version, NULL, 0); sc_format_asn1_entry(asn1_toki + 1, serial, &serial_len, 0); sc_format_asn1_entry(asn1_toki + 2, mnfid, &mnfid_len, 0); @@ -86,7 +137,7 @@ sc_format_asn1_entry(asn1_toki + 5, &ti->flags, &flags_len, 0); sc_format_asn1_entry(asn1_toki + 6, &ti->seInfo, &ti->num_seInfo, 0); sc_format_asn1_entry(asn1_toki + 7, NULL, NULL, 0); - sc_format_asn1_entry(asn1_toki + 8, NULL, NULL, 0); + sc_format_asn1_entry(asn1_toki + 8, asn1_supported_algorithms, NULL, 0); sc_format_asn1_entry(asn1_toki + 9, NULL, NULL, 0); sc_format_asn1_entry(asn1_toki + 10, NULL, NULL, 0); sc_format_asn1_entry(asn1_toki + 11, last_update, &lupdate_len, 0); @@ -94,20 +145,17 @@ sc_format_asn1_entry(asn1_tokeninfo, asn1_toki, NULL, 0); r = sc_asn1_decode(ctx, asn1_tokeninfo, buf, blen, NULL, NULL); - if (r) { - sc_error(ctx, "ASN.1 parsing of EF(TokenInfo) failed: %s\n", - sc_strerror(r)); - return r; - } - ti->version += 1; - ti->serial_number = (char *) malloc(serial_len * 2 + 1); + LOG_TEST_RET(ctx, r, "ASN.1 parsing of EF(TokenInfo) failed"); + + ti->serial_number = malloc(serial_len * 2 + 1); if (ti->serial_number == NULL) return SC_ERROR_OUT_OF_MEMORY; + ti->serial_number[0] = 0; - for (i = 0; i < serial_len; i++) { + for (ii = 0; ii < serial_len; ii++) { char byte[3]; - sprintf(byte, "%02X", serial[i]); + sprintf(byte, "%02X", serial[ii]); strcat(ti->serial_number, byte); } if (ti->manufacturer_id == NULL) { @@ -146,15 +194,13 @@ u8 **buf, size_t *buflen) { int r; - int version = ti->version; size_t serial_len, mnfid_len, label_len, flags_len, last_upd_len; struct sc_asn1_entry asn1_toki[14], asn1_tokeninfo[2]; sc_copy_asn1_entry(c_asn1_toki, asn1_toki); sc_copy_asn1_entry(c_asn1_tokeninfo, asn1_tokeninfo); - version--; - sc_format_asn1_entry(asn1_toki + 0, &version, NULL, 1); + sc_format_asn1_entry(asn1_toki + 0, &ti->version, NULL, 1); if (ti->serial_number != NULL) { u8 serial[128]; serial_len = 0; @@ -195,11 +241,9 @@ sc_format_asn1_entry(asn1_tokeninfo, asn1_toki, NULL, 1); r = sc_asn1_encode(ctx, asn1_tokeninfo, buf, buflen); - if (r) { - sc_error(ctx, "sc_asn1_encode() failed: %s\n", sc_strerror(r)); - return r; - } - return 0; + LOG_TEST_RET(ctx, r, "sc_asn1_encode() failed"); + + return SC_SUCCESS; } static const struct sc_asn1_entry c_asn1_ddo[] = { @@ -207,26 +251,91 @@ { "odfPath", SC_ASN1_PATH, SC_ASN1_CONS | SC_ASN1_TAG_SEQUENCE, SC_ASN1_OPTIONAL, NULL, NULL }, { "tokenInfoPath", SC_ASN1_PATH, SC_ASN1_CONS | SC_ASN1_CTX | 0, SC_ASN1_OPTIONAL, NULL, NULL }, { "unusedPath", SC_ASN1_PATH, SC_ASN1_CONS | SC_ASN1_CTX | 1, SC_ASN1_OPTIONAL, NULL, NULL }, +/* According to PKCS#15 v1.1 here is the place for the future extensions. + * The following data are used when ODF record points to the xDF files in a different application. + */ + { "ddoIIN", SC_ASN1_OCTET_STRING, SC_ASN1_APP | 0x02, SC_ASN1_OPTIONAL, NULL, NULL }, + { "ddoAID", SC_ASN1_OCTET_STRING, SC_ASN1_APP | 0x0F, SC_ASN1_OPTIONAL, NULL, NULL }, { NULL, 0, 0, 0, NULL, NULL } }; +static void fix_authentic_ddo(struct sc_pkcs15_card *p15card) +{ + /* AuthentIC v3.2 card has invalid ODF and tokenInfo paths encoded into DDO. + * Cleanup this attributes -- default values must be OK. + */ + if (p15card->card->type == SC_CARD_TYPE_OBERTHUR_AUTHENTIC_3_2) { + if (p15card->file_odf != NULL) { + sc_file_free(p15card->file_odf); + p15card->file_odf = NULL; + } + if (p15card->file_tokeninfo != NULL) { + sc_file_free(p15card->file_tokeninfo); + p15card->file_tokeninfo = NULL; + } + } +} + + +static void fix_starcos_pkcs15_card(struct sc_pkcs15_card *p15card) +{ + struct sc_context *ctx = p15card->card->ctx; + + /* set special flags based on card meta data */ + if (strcmp(p15card->card->driver->short_name,"cardos") == 0) { + + /* D-Trust cards (D-TRUST, D-SIGN) */ + if (strstr(p15card->tokeninfo->label,"D-TRUST") != NULL + || strstr(p15card->tokeninfo->label,"D-SIGN") != NULL) { + + /* D-TRUST Card 2.0 2cc (standard cards, which always add + * SHA1 prefix itself */ + if (strstr(p15card->tokeninfo->label, "2cc") != NULL) { + p15card->card->caps |= SC_CARD_CAP_ONLY_RAW_HASH_STRIPPED; + sc_log(ctx, "D-TRUST 2cc card detected, only SHA1 works with this card"); + /* XXX: add detection when other hash than SHA1 is used with + * such a card, as this produces invalid signatures. + */ + } + + /* D-SIGN multicard 2.0 2ca (cards working with all types of hashes + * and no addition of prefix) */ + else if (strstr(p15card->tokeninfo->label, "2ca") != NULL) { + p15card->card->caps |= SC_CARD_CAP_ONLY_RAW_HASH; + sc_log(ctx, "D-TRUST 2ca card detected"); + } + + /* XXX: probably there are more D-Trust card in the wild, + * which also need these flags to produce valid signatures + */ + } + } +} + static int parse_ddo(struct sc_pkcs15_card *p15card, const u8 * buf, size_t buflen) { - struct sc_asn1_entry asn1_ddo[5]; + struct sc_context *ctx = p15card->card->ctx; + struct sc_asn1_entry asn1_ddo[7]; sc_path_t odf_path, ti_path, us_path; + struct sc_iid iid; + struct sc_aid aid; int r; + LOG_FUNC_CALLED(ctx); + + iid.len = sizeof(iid.value); + aid.len = sizeof(aid.value); + sc_copy_asn1_entry(c_asn1_ddo, asn1_ddo); sc_format_asn1_entry(asn1_ddo + 1, &odf_path, NULL, 0); sc_format_asn1_entry(asn1_ddo + 2, &ti_path, NULL, 0); sc_format_asn1_entry(asn1_ddo + 3, &us_path, NULL, 0); + sc_format_asn1_entry(asn1_ddo + 4, iid.value, &iid.len, 0); + sc_format_asn1_entry(asn1_ddo + 5, aid.value, &aid.len, 0); + + r = sc_asn1_decode(ctx, asn1_ddo, buf, buflen, NULL, NULL); + LOG_TEST_RET(ctx, r, "DDO parsing failed"); - r = sc_asn1_decode(p15card->card->ctx, asn1_ddo, buf, buflen, NULL, NULL); - if (r) { - sc_error(p15card->card->ctx, "DDO parsing failed: %s\n", - sc_strerror(r)); - return r; - } if (asn1_ddo[1].flags & SC_ASN1_PRESENT) { p15card->file_odf = sc_file_new(); if (p15card->file_odf == NULL) @@ -245,7 +354,17 @@ goto mem_err; p15card->file_unusedspace->path = us_path; } - return 0; + if (asn1_ddo[4].flags & SC_ASN1_PRESENT) { + sc_debug(ctx, SC_LOG_DEBUG_ASN1, "DDO.IID '%s'", sc_dump_hex(iid.value, iid.len)); + memcpy(&p15card->app->ddo.iid, &iid, sizeof(struct sc_iid)); + } + if (asn1_ddo[5].flags & SC_ASN1_PRESENT) { + sc_debug(ctx, SC_LOG_DEBUG_ASN1, "DDO.AID '%s'", sc_dump_hex(aid.value, aid.len)); + memcpy(&p15card->app->ddo.aid, &aid, sizeof(struct sc_aid)); + } + + fix_authentic_ddo(p15card); + LOG_FUNC_RETURN(ctx, SC_SUCCESS); mem_err: if (p15card->file_odf != NULL) { sc_file_free(p15card->file_odf); @@ -259,7 +378,7 @@ sc_file_free(p15card->file_unusedspace); p15card->file_unusedspace = NULL; } - return SC_ERROR_OUT_OF_MEMORY; + LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY); } #if 0 @@ -276,7 +395,7 @@ r = sc_asn1_encode(ctx, asn1_dir, buf, buflen); if (r) { - sc_error(ctx, "sc_asn1_encode() failed: %s\n", + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "sc_asn1_encode() failed: %s", sc_strerror(r)); return r; } @@ -309,7 +428,7 @@ SC_PKCS15_AODF, }; -static int parse_odf(const u8 * buf, size_t buflen, struct sc_pkcs15_card *card) +static int parse_odf(const u8 * buf, size_t buflen, struct sc_pkcs15_card *p15card) { const u8 *p = buf; size_t left = buflen; @@ -325,16 +444,16 @@ for (i = 0; asn1_odf[i].name != NULL; i++) sc_format_asn1_entry(asn1_odf + i, asn1_obj_or_path, NULL, 0); while (left > 0) { - r = sc_asn1_decode_choice(card->card->ctx, asn1_odf, p, left, &p, &left); + r = sc_asn1_decode_choice(p15card->card->ctx, asn1_odf, p, left, &p, &left); if (r == SC_ERROR_ASN1_END_OF_CONTENTS) break; if (r < 0) return r; type = r; - r = sc_pkcs15_make_absolute_path(&card->file_app->path, &path); + r = sc_pkcs15_make_absolute_path(&p15card->file_app->path, &path); if (r < 0) return r; - r = sc_pkcs15_add_df(card, odf_indexes[type], &path, NULL); + r = sc_pkcs15_add_df(p15card, odf_indexes[type], &path); if (r) return r; } @@ -361,16 +480,15 @@ df_count++; df = df->next; }; - if (df_count == 0) { - sc_error(ctx, "No DF's found.\n"); - return SC_ERROR_OBJECT_NOT_FOUND; - } - asn1_odf = (struct sc_asn1_entry *) malloc(sizeof(struct sc_asn1_entry) * (df_count + 1)); + if (df_count == 0) + LOG_TEST_RET(ctx, SC_ERROR_OBJECT_NOT_FOUND, "No DF's found."); + + asn1_odf = malloc(sizeof(struct sc_asn1_entry) * (df_count + 1)); if (asn1_odf == NULL) { r = SC_ERROR_OUT_OF_MEMORY; goto err; } - asn1_paths = (struct sc_asn1_entry *) malloc(sizeof(struct sc_asn1_entry) * (df_count * 2)); + asn1_paths = malloc(sizeof(struct sc_asn1_entry) * (df_count * 2)); if (asn1_paths == NULL) { r = SC_ERROR_OUT_OF_MEMORY; goto err; @@ -384,7 +502,7 @@ break; } if (type == -1) { - sc_error(ctx, "Unsupported DF type.\n"); + sc_log(ctx, "Unsupported DF type."); continue; } asn1_odf[c] = c_asn1_odf[type]; @@ -407,20 +525,37 @@ { struct sc_pkcs15_card *p15card; - p15card = (struct sc_pkcs15_card *) calloc(1, sizeof(struct sc_pkcs15_card)); + p15card = calloc(1, sizeof(struct sc_pkcs15_card)); if (p15card == NULL) return NULL; + + p15card->tokeninfo = calloc(1, sizeof(struct sc_pkcs15_tokeninfo)); + if (p15card->tokeninfo == NULL) { + free(p15card); + return NULL; + } + p15card->magic = SC_PKCS15_CARD_MAGIC; return p15card; } void sc_pkcs15_card_free(struct sc_pkcs15_card *p15card) { + size_t i; + if (p15card == NULL) return; assert(p15card->magic == SC_PKCS15_CARD_MAGIC); - while (p15card->obj_list) - sc_pkcs15_remove_object(p15card, p15card->obj_list); + + if (p15card->ops.clear) + p15card->ops.clear(p15card); + + while (p15card->obj_list) { + struct sc_pkcs15_object *obj = p15card->obj_list; + + sc_pkcs15_remove_object(p15card, obj); + sc_pkcs15_free_object(obj); + } while (p15card->df_list) sc_pkcs15_remove_df(p15card, p15card->df_list); while (p15card->unusedspace_list) @@ -435,21 +570,28 @@ if (p15card->file_unusedspace != NULL) sc_file_free(p15card->file_unusedspace); p15card->magic = 0; - if (p15card->label != NULL) - free(p15card->label); - if (p15card->serial_number != NULL) - free(p15card->serial_number); - if (p15card->manufacturer_id != NULL) - free(p15card->manufacturer_id); - if (p15card->last_update != NULL) - free(p15card->last_update); - if (p15card->preferred_language != NULL) - free(p15card->preferred_language); - if (p15card->seInfo != NULL) { - size_t i; - for (i = 0; i < p15card->num_seInfo; i++) - free(p15card->seInfo[i]); - free(p15card->seInfo); + if (p15card->tokeninfo->label != NULL) + free(p15card->tokeninfo->label); + if (p15card->tokeninfo->serial_number != NULL) + free(p15card->tokeninfo->serial_number); + if (p15card->tokeninfo->manufacturer_id != NULL) + free(p15card->tokeninfo->manufacturer_id); + if (p15card->tokeninfo->last_update != NULL) + free(p15card->tokeninfo->last_update); + if (p15card->tokeninfo->preferred_language != NULL) + free(p15card->tokeninfo->preferred_language); + if (p15card->tokeninfo->seInfo != NULL) { + for (i = 0; i < p15card->tokeninfo->num_seInfo; i++) + free(p15card->tokeninfo->seInfo[i]); + free(p15card->tokeninfo->seInfo); + } + free(p15card->tokeninfo); + if (p15card->app) { + if (p15card->app->label) + free(p15card->app->label); + if (p15card->app->ddo.value) + free(p15card->app->ddo.value); + free(p15card->app); } free(p15card); } @@ -458,10 +600,19 @@ { if (p15card == NULL) return; - p15card->version = 0; - p15card->flags = 0; - while (p15card->obj_list != NULL) - sc_pkcs15_remove_object(p15card, p15card->obj_list); + + if (p15card->ops.clear) + p15card->ops.clear(p15card); + + p15card->flags = 0; + p15card->tokeninfo->version = 0; + p15card->tokeninfo->flags = 0; + while (p15card->obj_list) { + struct sc_pkcs15_object *obj = p15card->obj_list; + + sc_pkcs15_remove_object(p15card, obj); + sc_pkcs15_free_object(obj); + } p15card->obj_list = NULL; while (p15card->df_list != NULL) sc_pkcs15_remove_df(p15card, p15card->df_list); @@ -482,125 +633,176 @@ sc_file_free(p15card->file_unusedspace); p15card->file_unusedspace = NULL; } - if (p15card->label != NULL) { - free(p15card->label); - p15card->label = NULL; - } - if (p15card->serial_number != NULL) { - free(p15card->serial_number); - p15card->serial_number = NULL; - } - if (p15card->manufacturer_id != NULL) { - free(p15card->manufacturer_id); - p15card->manufacturer_id = NULL; - } - if (p15card->last_update != NULL) { - free(p15card->last_update); - p15card->last_update = NULL; - } - if (p15card->preferred_language != NULL) { - free(p15card->preferred_language); - p15card->preferred_language = NULL; + if (p15card->tokeninfo->label != NULL) { + free(p15card->tokeninfo->label); + p15card->tokeninfo->label = NULL; + } + if (p15card->tokeninfo->serial_number != NULL) { + free(p15card->tokeninfo->serial_number); + p15card->tokeninfo->serial_number = NULL; + } + if (p15card->tokeninfo->manufacturer_id != NULL) { + free(p15card->tokeninfo->manufacturer_id); + p15card->tokeninfo->manufacturer_id = NULL; + } + if (p15card->tokeninfo->last_update != NULL) { + free(p15card->tokeninfo->last_update); + p15card->tokeninfo->last_update = NULL; + } + if (p15card->tokeninfo->preferred_language != NULL) { + free(p15card->tokeninfo->preferred_language); + p15card->tokeninfo->preferred_language = NULL; } - if (p15card->seInfo != NULL) { + if (p15card->tokeninfo->seInfo != NULL) { size_t i; - for (i = 0; i < p15card->num_seInfo; i++) - free(p15card->seInfo[i]); - free(p15card->seInfo); - p15card->seInfo = NULL; - p15card->num_seInfo = 0; + for (i = 0; i < p15card->tokeninfo->num_seInfo; i++) + free(p15card->tokeninfo->seInfo[i]); + free(p15card->tokeninfo->seInfo); + p15card->tokeninfo->seInfo = NULL; + p15card->tokeninfo->num_seInfo = 0; } } -static int sc_pkcs15_bind_internal(sc_pkcs15_card_t *p15card) +struct sc_app_info * sc_find_app(struct sc_card *card, struct sc_aid *aid) +{ + int ii; + + if (card->app_count <= 0) + return NULL; + + if (!aid || !aid->len) + return card->app[0]; + + for (ii=0; ii < card->app_count; ii++) { + if (card->app[ii]->aid.len != aid->len) + continue; + if (memcmp(card->app[ii]->aid.value, aid->value, aid->len)) + continue; + return card->app[ii]; + } + return NULL; +} + +static struct sc_app_info *sc_dup_app_info(const struct sc_app_info *info) +{ + struct sc_app_info *out = calloc(1, sizeof(struct sc_app_info)); + + if (!out) + return NULL; + + memcpy(out, info, sizeof(struct sc_app_info)); + + if (info->label) { + out->label = strdup(info->label); + if (!out->label) + return NULL; + } else + out->label = NULL; + + out->ddo.value = malloc(info->ddo.len); + if (!out->ddo.value) + return NULL; + memcpy(out->ddo.value, info->ddo.value, info->ddo.len); + + return out; +} + +static int sc_pkcs15_bind_internal(sc_pkcs15_card_t *p15card, struct sc_aid *aid) { - unsigned char *buf = NULL; - int err, ok = 0; - size_t len; sc_path_t tmppath; sc_card_t *card = p15card->card; sc_context_t *ctx = card->ctx; sc_pkcs15_tokeninfo_t tokeninfo; + sc_pkcs15_df_t *df; + const sc_app_info_t *info = NULL; + unsigned char *buf = NULL; + size_t len; + int err, ok = 0; - if (ctx->debug > 4) - sc_debug(ctx, "trying normal pkcs15 processing\n"); - + LOG_FUNC_CALLED(ctx); /* Enumerate apps now */ if (card->app_count < 0) { err = sc_enum_apps(card); - if (err < 0 && err != SC_ERROR_FILE_NOT_FOUND) { - sc_error(ctx, "unable to enumerate apps: %s\n", sc_strerror(err)); - goto end; - } + if (err != SC_ERROR_FILE_NOT_FOUND) + LOG_TEST_RET(ctx, err, "unable to enumerate apps"); } p15card->file_app = sc_file_new(); if (p15card->file_app == NULL) { err = SC_ERROR_OUT_OF_MEMORY; goto end; } + sc_format_path("3F005015", &p15card->file_app->path); - if (card->app_count > 0) { - const sc_app_info_t *info; - - info = sc_find_pkcs15_app(card); - if (info != NULL) { - if (info->path.len) - p15card->file_app->path = info->path; - if (info->ddo != NULL) - parse_ddo(p15card, info->ddo, info->ddo_len); + + info = sc_find_app(card, aid); + if (info) { + sc_log(ctx, "bind to application('%s',aid:'%s')", info->label, + sc_dump_hex(info->aid.value, info->aid.len)); + p15card->app = sc_dup_app_info(info); + if (!p15card->app) { + err = SC_ERROR_OUT_OF_MEMORY; + goto end; } + + if (info->path.len) + p15card->file_app->path = info->path; + + if (info->ddo.value && info->ddo.len) + parse_ddo(p15card, info->ddo.value, info->ddo.len); + } + else if (aid) { + sc_log(ctx, "Application(aid:'%s') not found", sc_dump_hex(aid->value, aid->len)); + err = SC_ERROR_INVALID_ARGUMENTS; + goto end; + } + sc_log(ctx, "application path '%s'", sc_print_path(&p15card->file_app->path)); /* Check if pkcs15 directory exists */ - sc_ctx_suppress_errors_on(card->ctx); err = sc_select_file(card, &p15card->file_app->path, NULL); -#if 1 + /* If the above test failed on cards without EF(DIR), * try to continue read ODF from 3F005031. -aet */ - if ((err == SC_ERROR_FILE_NOT_FOUND) && - (card->app_count < 1)) { + if ((err == SC_ERROR_FILE_NOT_FOUND) && (card->app_count < 1)) { sc_format_path("3F00", &p15card->file_app->path); - err = SC_NO_ERROR; + err = SC_SUCCESS; } -#endif - sc_ctx_suppress_errors_off(card->ctx); if (err < 0) goto end; if (p15card->file_odf == NULL) { - /* check if an ODF is present; suppress errors as we - * don't know yet whether we have a pkcs15 card */ - tmppath = p15card->file_app->path; - sc_append_path_id(&tmppath, (const u8 *) "\x50\x31", 2); - sc_ctx_suppress_errors_on(card->ctx); + /* check if an ODF is present; we don't know yet whether we have a pkcs15 card */ + sc_format_path("5031", &tmppath); + err = sc_pkcs15_make_absolute_path(&p15card->file_app->path, &tmppath); + if (err != SC_SUCCESS) { + sc_log(ctx, "Cannot make absolute path to EF(ODF); error:%i", err); + goto end; + } + sc_log(ctx, "absolute path to EF(ODF) %s", sc_print_path(&tmppath)); err = sc_select_file(card, &tmppath, &p15card->file_odf); - sc_ctx_suppress_errors_off(card->ctx); - - } else { + } + else { tmppath = p15card->file_odf->path; sc_file_free(p15card->file_odf); p15card->file_odf = NULL; err = sc_select_file(card, &tmppath, &p15card->file_odf); } - if (err != SC_SUCCESS) { - char pbuf[SC_MAX_PATH_STRING_SIZE]; - - int r = sc_path_print(pbuf, sizeof(pbuf), &tmppath); - if (r != SC_SUCCESS) - pbuf[0] = '\0'; - sc_debug(ctx, "EF(ODF) not found in '%s'\n", pbuf); + if (err != SC_SUCCESS) { + sc_log(ctx, "EF(ODF) not found in '%s'", sc_print_path(&tmppath)); goto end; } - if ((len = p15card->file_odf->size) == 0) { - sc_error(card->ctx, "EF(ODF) is empty\n"); + len = p15card->file_odf->size; + if (!len) { + sc_log(ctx, "EF(ODF) is empty"); goto end; } buf = malloc(len); if(buf == NULL) return SC_ERROR_OUT_OF_MEMORY; + err = sc_read_binary(card, 0, buf, len, 0); if (err < 0) goto end; @@ -611,33 +813,27 @@ len = err; if (parse_odf(buf, len, p15card)) { err = SC_ERROR_PKCS15_APP_NOT_FOUND; - sc_error(card->ctx, "Unable to parse ODF\n"); + sc_log(ctx, "Unable to parse ODF"); goto end; } free(buf); buf = NULL; - if (card->ctx->debug) { - sc_pkcs15_df_t *df; - - sc_debug(card->ctx, "The following DFs were found:\n"); - for (df = p15card->df_list; df; df = df->next) { - char pbuf[SC_MAX_PATH_STRING_SIZE]; - - int r = sc_path_print(pbuf, sizeof(pbuf), &df->path); - if (r != SC_SUCCESS) - pbuf[0] = '\0'; - - sc_debug(card->ctx, - " DF type %u, path %s, index %u, count %d\n", - df->type, pbuf, df->path.index, df->path.count); - } - } + sc_log(ctx, "The following DFs were found:"); + for (df = p15card->df_list; df; df = df->next) + sc_log(ctx, " DF type %u, path %s, index %u, count %d", df->type, + sc_print_path(&df->path), df->path.index, df->path.count); if (p15card->file_tokeninfo == NULL) { - tmppath = p15card->file_app->path; - sc_append_path_id(&tmppath, (const u8 *) "\x50\x32", 2); - } else { + sc_format_path("5032", &tmppath); + err = sc_pkcs15_make_absolute_path(&p15card->file_app->path, &tmppath); + if (err != SC_SUCCESS) { + sc_log(ctx, "Cannot make absolute path to EF(TokenInfo); error:%i", err); + goto end; + } + sc_log(ctx, "absolute path to EF(TokenInfo) %s", sc_print_path(&tmppath)); + } + else { tmppath = p15card->file_tokeninfo->path; sc_file_free(p15card->file_tokeninfo); p15card->file_tokeninfo = NULL; @@ -647,12 +843,13 @@ goto end; if ((len = p15card->file_tokeninfo->size) == 0) { - sc_error(card->ctx, "EF(TokenInfo) is empty\n"); + sc_log(ctx, "EF(TokenInfo) is empty"); goto end; } buf = malloc(len); if(buf == NULL) return SC_ERROR_OUT_OF_MEMORY; + err = sc_read_binary(card, 0, buf, len, 0); if (err < 0) goto end; @@ -665,15 +862,19 @@ err = sc_pkcs15_parse_tokeninfo(ctx, &tokeninfo, buf, (size_t)err); if (err != SC_SUCCESS) goto end; - p15card->version = tokeninfo.version; - p15card->label = tokeninfo.label; - p15card->serial_number = tokeninfo.serial_number; - p15card->manufacturer_id = tokeninfo.manufacturer_id; - p15card->last_update = tokeninfo.last_update; - p15card->flags = tokeninfo.flags; - p15card->preferred_language = tokeninfo.preferred_language; - p15card->seInfo = tokeninfo.seInfo; - p15card->num_seInfo = tokeninfo.num_seInfo; + + *(p15card->tokeninfo) = tokeninfo; + + if (!p15card->tokeninfo->serial_number && card->serialnr.len) { + char *serial = calloc(1, card->serialnr.len*2 + 1); + size_t ii; + + for(ii=0;iiserialnr.len;ii++) + sprintf(serial + ii*2, "%02X", *(card->serialnr.value + ii)); + + p15card->tokeninfo->serial_number = serial; + sc_log(ctx, "p15card->tokeninfo->serial_number %s", p15card->tokeninfo->serial_number); + } ok = 1; end: @@ -687,39 +888,41 @@ return SC_SUCCESS; } -int sc_pkcs15_bind(sc_card_t *card, - struct sc_pkcs15_card **p15card_out) +int sc_pkcs15_bind(sc_card_t *card, struct sc_aid *aid, struct sc_pkcs15_card **p15card_out) { struct sc_pkcs15_card *p15card = NULL; - sc_context_t *ctx; - scconf_block *conf_block = NULL, **blocks; - int i, r, emu_first, enable_emu; - - assert(sc_card_valid(card) && p15card_out != NULL); - ctx = card->ctx; - SC_FUNC_CALLED(ctx, 1); + sc_context_t *ctx = card->ctx; + scconf_block *conf_block = NULL; + int r, emu_first, enable_emu; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "application(aid:'%s')", aid ? sc_dump_hex(aid->value, aid->len) : "empty"); + + assert(p15card_out != NULL); p15card = sc_pkcs15_card_new(); if (p15card == NULL) - return SC_ERROR_OUT_OF_MEMORY; + LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY); + p15card->card = card; + p15card->opts.use_file_cache = 0; + p15card->opts.use_pin_cache = 1; + p15card->opts.pin_cache_counter = 10; - for (i = 0; ctx->conf_blocks[i] != NULL; i++) { - blocks = scconf_find_blocks(ctx->conf, ctx->conf_blocks[i], - "framework", "pkcs15"); - if (blocks && blocks[0] != NULL) - conf_block = blocks[0]; - free(blocks); - } + conf_block = sc_get_conf_block(ctx, "framework", "pkcs15", 1); if (conf_block) { - p15card->opts.use_cache = scconf_get_bool(conf_block, "use_caching", 0); + p15card->opts.use_file_cache = scconf_get_bool(conf_block, "use_file_caching", p15card->opts.use_file_cache); + p15card->opts.use_pin_cache = scconf_get_bool(conf_block, "use_pin_caching", p15card->opts.use_pin_cache); + p15card->opts.pin_cache_counter = scconf_get_int(conf_block, "pin_cache_counter", p15card->opts.pin_cache_counter); } + sc_log(ctx, "PKCS#15 options: use_file_cache=%d use_pin_cache=%d pin_cache_counter=%d", + p15card->opts.use_file_cache, p15card->opts.use_pin_cache, p15card->opts.pin_cache_counter); r = sc_lock(card); if (r) { - sc_error(ctx, "sc_lock() failed: %s\n", sc_strerror(r)); + sc_log(ctx, "sc_lock() failed: %s", sc_strerror(r)); sc_pkcs15_card_free(p15card); - SC_FUNC_RETURN(ctx, 1, r); + LOG_FUNC_RETURN(ctx, r); } enable_emu = scconf_get_bool(conf_block, "enable_pkcs15_emulation", 1); @@ -729,11 +932,11 @@ r = sc_pkcs15_bind_synthetic(p15card); if (r == SC_SUCCESS) goto done; - r = sc_pkcs15_bind_internal(p15card); + r = sc_pkcs15_bind_internal(p15card, aid); if (r < 0) goto error; } else { - r = sc_pkcs15_bind_internal(p15card); + r = sc_pkcs15_bind_internal(p15card, aid); if (r == SC_SUCCESS) goto done; r = sc_pkcs15_bind_synthetic(p15card); @@ -741,84 +944,29 @@ goto error; } } else { - r = sc_pkcs15_bind_internal(p15card); + r = sc_pkcs15_bind_internal(p15card, aid); if (r < 0) goto error; } done: - /* for cardos cards initialized by Siemens: sign with decrypt */ - if (strcmp(p15card->card->driver->short_name,"cardos") == 0 - && scconf_get_bool(conf_block, "enable_sign_with_decrypt_workaround", 1) - && ( strcmp(p15card->manufacturer_id,"Siemens AG (C)") == 0 - || strcmp(p15card->manufacturer_id,"Prime") == 0 )) - p15card->flags |= SC_PKCS15_CARD_FLAG_SIGN_WITH_DECRYPT; - - /* for starcos cards only: fix asn1 integers */ - if (strcmp(p15card->card->driver->short_name,"starcos") == 0 - && scconf_get_bool(conf_block, "enable_fix_asn1_integers", 1)) - p15card->flags |= SC_PKCS15_CARD_FLAG_FIX_INTEGERS; - - /* set special flags based on card meta data */ - if (strcmp(p15card->card->driver->short_name,"cardos") == 0) { - - /* D-Trust cards (D-TRUST, D-SIGN) */ - if (strstr(p15card->label,"D-TRUST") == 0 - || strstr(p15card->label,"D-SIGN") == 0) { - - /* D-TRUST Card 2.0 2cc (standard cards, which always add - * SHA1 prefix itself */ - if (strstr(p15card->label, "2cc") != NULL) { - p15card->card->caps |= SC_CARD_CAP_ONLY_RAW_HASH_STRIPPED; - p15card->flags &= ~SC_PKCS15_CARD_FLAG_SIGN_WITH_DECRYPT; - sc_debug(p15card->card->ctx, "D-TRUST 2cc card detected, only SHA1 works with this card\n"); - /* XXX: add detection when other hash than SHA1 is used with - * such a card, as this produces invalid signatures. - */ - } - - /* D-SIGN multicard 2.0 2ca (cards working with all types of hashes - * and no addition of prefix) */ - else if (strstr(p15card->label, "2ca") != NULL) { - p15card->card->caps |= SC_CARD_CAP_ONLY_RAW_HASH; - p15card->flags &= ~SC_PKCS15_CARD_FLAG_SIGN_WITH_DECRYPT; - sc_debug(p15card->card->ctx, "D-TRUST 2ca card detected\n"); - } - - /* XXX: probably there are more D-Trust card in the wild, - * which also need these flags to produce valid signatures - */ - } - } + fix_starcos_pkcs15_card(p15card); *p15card_out = p15card; sc_unlock(card); - return 0; + LOG_FUNC_RETURN(ctx, SC_SUCCESS); error: sc_unlock(card); sc_pkcs15_card_free(p15card); - SC_FUNC_RETURN(ctx, 1, r); + LOG_FUNC_RETURN(ctx, r); } -#if 0 -int sc_pkcs15_detect(sc_card_t *card) -{ - int r; - sc_path_t path; - - sc_format_path("NA0000063504B43532D3135", &path); - r = sc_select_file(card, &path, NULL); - if (r != 0) - return 0; - return 1; -} -#endif - int sc_pkcs15_unbind(struct sc_pkcs15_card *p15card) { assert(p15card != NULL && p15card->magic == SC_PKCS15_CARD_MAGIC); - SC_FUNC_CALLED(p15card->card->ctx, 1); + LOG_FUNC_CALLED(p15card->card->ctx); if (p15card->dll_handle) - lt_dlclose(p15card->dll_handle); + sc_dlclose(p15card->dll_handle); + sc_pkcs15_pincache_clear(p15card); sc_pkcs15_card_free(p15card); return 0; } @@ -827,15 +975,18 @@ __sc_pkcs15_search_objects(sc_pkcs15_card_t *p15card, unsigned int class_mask, unsigned int type, int (*func)(sc_pkcs15_object_t *, void *), - void *func_arg, + void *func_arg, sc_pkcs15_object_t **ret, size_t ret_size) { + struct sc_context *ctx = p15card->card->ctx; sc_pkcs15_object_t *obj; sc_pkcs15_df_t *df; unsigned int df_mask = 0; size_t match_count = 0; int r = 0; + sc_log(ctx, "called; class=0x%02X, type=0x%03X", class_mask, type); + if (type) class_mask |= SC_PKCS15_TYPE_TO_CLASS(type); @@ -846,18 +997,15 @@ SC_PKCS15_SEARCH_CLASS_CERT | SC_PKCS15_SEARCH_CLASS_DATA | SC_PKCS15_SEARCH_CLASS_AUTH))) { - return SC_ERROR_INVALID_ARGUMENTS; + LOG_FUNC_RETURN(p15card->card->ctx, SC_ERROR_INVALID_ARGUMENTS); } if (class_mask & SC_PKCS15_SEARCH_CLASS_PRKEY) df_mask |= (1 << SC_PKCS15_PRKDF); if (class_mask & SC_PKCS15_SEARCH_CLASS_PUBKEY) - df_mask |= (1 << SC_PKCS15_PUKDF) - | (1 << SC_PKCS15_PUKDF_TRUSTED); + df_mask |= (1 << SC_PKCS15_PUKDF) | (1 << SC_PKCS15_PUKDF_TRUSTED); if (class_mask & SC_PKCS15_SEARCH_CLASS_CERT) - df_mask |= (1 << SC_PKCS15_CDF) - | (1 << SC_PKCS15_CDF_TRUSTED) - | (1 << SC_PKCS15_CDF_USEFUL); + df_mask |= (1 << SC_PKCS15_CDF) | (1 << SC_PKCS15_CDF_TRUSTED) | (1 << SC_PKCS15_CDF_USEFUL); if (class_mask & SC_PKCS15_SEARCH_CLASS_DATA) df_mask |= (1 << SC_PKCS15_DODF); if (class_mask & SC_PKCS15_SEARCH_CLASS_AUTH) @@ -873,8 +1021,6 @@ /* Enumerate the DF's, so p15card->obj_list is * populated. */ r = sc_pkcs15_parse_df(p15card, df); - SC_TEST_RET(p15card->card->ctx, r, "DF parsing failed"); - df->enumerated = 1; } /* And now loop over all objects */ @@ -892,13 +1038,13 @@ continue; /* Okay, we have a match. */ match_count++; - if (ret_size <= 0) + if (!ret || ret_size <= 0) continue; ret[match_count-1] = obj; if (ret_size <= match_count) break; } - return match_count; + LOG_FUNC_RETURN(ctx, match_count); } int sc_pkcs15_get_objects(struct sc_pkcs15_card *p15card, unsigned int type, @@ -917,10 +1063,12 @@ case SC_PKCS15_TYPE_PRKEY_RSA: case SC_PKCS15_TYPE_PRKEY_DSA: case SC_PKCS15_TYPE_PRKEY_GOSTR3410: + case SC_PKCS15_TYPE_PRKEY_EC: return sc_pkcs15_compare_id(&((struct sc_pkcs15_prkey_info *) data)->id, id); case SC_PKCS15_TYPE_PUBKEY_RSA: case SC_PKCS15_TYPE_PUBKEY_DSA: case SC_PKCS15_TYPE_PUBKEY_GOSTR3410: + case SC_PKCS15_TYPE_PUBKEY_EC: return sc_pkcs15_compare_id(&((struct sc_pkcs15_pubkey_info *) data)->id, id); case SC_PKCS15_TYPE_AUTH_PIN: return sc_pkcs15_compare_id(&((struct sc_pkcs15_pin_info *) data)->auth_id, id); @@ -946,11 +1094,13 @@ case SC_PKCS15_TYPE_PRKEY_RSA: case SC_PKCS15_TYPE_PRKEY_DSA: case SC_PKCS15_TYPE_PRKEY_GOSTR3410: + case SC_PKCS15_TYPE_PRKEY_EC: usage = ((struct sc_pkcs15_prkey_info *) data)->usage; break; case SC_PKCS15_TYPE_PUBKEY_RSA: case SC_PKCS15_TYPE_PUBKEY_DSA: case SC_PKCS15_TYPE_PUBKEY_GOSTR3410: + case SC_PKCS15_TYPE_PUBKEY_EC: usage = ((struct sc_pkcs15_pubkey_info *) data)->usage; break; default: @@ -986,6 +1136,7 @@ case SC_PKCS15_TYPE_PRKEY_RSA: case SC_PKCS15_TYPE_PRKEY_DSA: case SC_PKCS15_TYPE_PRKEY_GOSTR3410: + case SC_PKCS15_TYPE_PRKEY_EC: reference = ((struct sc_pkcs15_prkey_info *) data)->key_reference; break; default: @@ -1004,10 +1155,12 @@ case SC_PKCS15_TYPE_PRKEY_RSA: case SC_PKCS15_TYPE_PRKEY_DSA: case SC_PKCS15_TYPE_PRKEY_GOSTR3410: + case SC_PKCS15_TYPE_PRKEY_EC: return sc_compare_path(&((struct sc_pkcs15_prkey_info *) data)->path, path); case SC_PKCS15_TYPE_PUBKEY_RSA: case SC_PKCS15_TYPE_PUBKEY_DSA: case SC_PKCS15_TYPE_PUBKEY_GOSTR3410: + case SC_PKCS15_TYPE_PUBKEY_EC: return sc_compare_path(&((struct sc_pkcs15_pubkey_info *) data)->path, path); case SC_PKCS15_TYPE_AUTH_PIN: return sc_compare_path(&((struct sc_pkcs15_pin_info *) data)->path, path); @@ -1080,7 +1233,7 @@ int sc_pkcs15_get_objects_cond(struct sc_pkcs15_card *p15card, unsigned int type, int (* func)(struct sc_pkcs15_object *, void *), - void *func_arg, + void *func_arg, struct sc_pkcs15_object **ret, size_t ret_size) { return __sc_pkcs15_search_objects(p15card, 0, type, @@ -1097,9 +1250,7 @@ memset(&sk, 0, sizeof(sk)); sk.id = id; - r = __sc_pkcs15_search_objects(p15card, 0, type, - compare_obj_key, &sk, - out, 1); + r = __sc_pkcs15_search_objects(p15card, 0, type, compare_obj_key, &sk, out, 1); if (r < 0) return r; if (r == 0) @@ -1149,6 +1300,41 @@ return find_by_key(p15card, SC_PKCS15_TYPE_AUTH_PIN, &sk, out); } +int sc_pkcs15_find_pin_by_type_and_reference(struct sc_pkcs15_card *p15card, + const sc_path_t *path, + unsigned auth_method, int reference, + struct sc_pkcs15_object **out) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_object *auth_objs[0x10]; + size_t nn_objs, ii; + int r; + + /* Get all existing pkcs15 AUTH objects */ + r = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_AUTH_PIN, auth_objs, 0x10); + LOG_TEST_RET(ctx, r, "Get PKCS#15 AUTH objects error"); + nn_objs = r; + + for (ii=0; iidata; + + if (pin_info->auth_method != auth_method) + continue; + if (pin_info->reference != reference) + continue; + + if (path && !sc_compare_path(&pin_info->path, path)) + continue; + + if (out) + *out = auth_objs[ii]; + + return SC_SUCCESS; + } + + return SC_ERROR_OBJECT_NOT_FOUND; +} + int sc_pkcs15_find_data_object_by_id(struct sc_pkcs15_card *p15card, const struct sc_pkcs15_id *id, struct sc_pkcs15_object **out) @@ -1259,13 +1445,15 @@ void sc_pkcs15_remove_object(struct sc_pkcs15_card *p15card, struct sc_pkcs15_object *obj) { + if (!obj) + return; + if (obj->prev == NULL) p15card->obj_list = obj->next; else obj->prev->next = obj->next; if (obj->next != NULL) obj->next->prev = obj->prev; - sc_pkcs15_free_object(obj); } void sc_pkcs15_free_object(struct sc_pkcs15_object *obj) @@ -1290,34 +1478,27 @@ free(obj->data); } - if (obj->der.value) - free(obj->der.value); + sc_pkcs15_free_object_content(obj); + free(obj); } -int sc_pkcs15_add_df(struct sc_pkcs15_card *p15card, - unsigned int type, const sc_path_t *path, - const sc_file_t *file) +int sc_pkcs15_add_df(struct sc_pkcs15_card *p15card, unsigned int type, const sc_path_t *path) { - struct sc_pkcs15_df *p = p15card->df_list, *newdf; - - newdf = (struct sc_pkcs15_df *) calloc(1, sizeof(struct sc_pkcs15_df)); + struct sc_pkcs15_df *p, *newdf; + + newdf = calloc(1, sizeof(struct sc_pkcs15_df)); if (newdf == NULL) return SC_ERROR_OUT_OF_MEMORY; newdf->path = *path; newdf->type = type; - if (file != NULL) { - sc_file_dup(&newdf->file, file); - if (newdf->file == NULL) { - free(newdf); - return SC_ERROR_OUT_OF_MEMORY; - } - - } + if (p15card->df_list == NULL) { p15card->df_list = newdf; return 0; } + + p = p15card->df_list; while (p->next != NULL) p = p->next; p->next = newdf; @@ -1335,8 +1516,6 @@ obj->prev->next = obj->next; if (obj->next != NULL) obj->next->prev = obj->prev; - if (obj->file) - sc_file_free(obj->file); free(obj); } @@ -1374,7 +1553,7 @@ break; } if (func == NULL) { - sc_error(ctx, "unknown DF type: %d\n", df->type); + sc_log(ctx, "unknown DF type: %d", df->type); *buf_out = NULL; *bufsize_out = 0; return 0; @@ -1411,6 +1590,17 @@ int (* func)(struct sc_pkcs15_card *, struct sc_pkcs15_object *, const u8 **nbuf, size_t *nbufsize) = NULL; + sc_log(ctx, "called; path=%s, type=%d, enum=%d", + sc_print_path(&df->path), df->type, df->enumerated); + + if (p15card->ops.parse_df) { + r = p15card->ops.parse_df(p15card, df); + LOG_FUNC_RETURN(ctx, r); + } + + if (df->enumerated) + LOG_FUNC_RETURN(ctx, SC_SUCCESS); + switch (df->type) { case SC_PKCS15_PRKDF: func = sc_pkcs15_decode_prkdf_entry; @@ -1431,48 +1621,32 @@ break; } if (func == NULL) { - sc_error(ctx, "unknown DF type: %d\n", df->type); - return SC_ERROR_INVALID_ARGUMENTS; + sc_log(ctx, "unknown DF type: %d", df->type); + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS); } - if (df->file != NULL) - r = sc_pkcs15_read_file(p15card, &df->path, - &buf, &bufsize, NULL); - else - r = sc_pkcs15_read_file(p15card, &df->path, - &buf, &bufsize, &df->file); - if (r < 0) - return r; + r = sc_pkcs15_read_file(p15card, &df->path, &buf, &bufsize, NULL); + LOG_TEST_RET(ctx, r, "pkcs15 read file failed"); p = buf; + sc_log(ctx, "bufsize %i; first tag 0x%X", bufsize, *p); while (bufsize && *p != 0x00) { - const u8 *oldp; - size_t obj_len; - obj = (struct sc_pkcs15_object *) calloc(1, sizeof(struct sc_pkcs15_object)); + obj = calloc(1, sizeof(struct sc_pkcs15_object)); if (obj == NULL) { r = SC_ERROR_OUT_OF_MEMORY; goto ret; } - oldp = p; r = func(p15card, obj, &p, &bufsize); + sc_log(ctx, "rv %i", r); if (r) { free(obj); if (r == SC_ERROR_ASN1_END_OF_CONTENTS) { r = 0; break; } - sc_perror(ctx, r, "Error decoding DF entry"); + sc_log(ctx, "%s: Error decoding DF entry", sc_strerror(r)); goto ret; } - obj_len = p - oldp; - - obj->der.value = (u8 *) malloc(obj_len); - if (obj->der.value == NULL) { - r = SC_ERROR_OUT_OF_MEMORY; - goto ret; - } - memcpy(obj->der.value, oldp, obj_len); - obj->der.len = obj_len; obj->df = df; r = sc_pkcs15_add_object(p15card, obj); @@ -1480,18 +1654,23 @@ if (obj->data) free(obj->data); free(obj); - sc_perror(ctx, r, "Error adding object"); + sc_log(ctx, "%s: Error adding object", sc_strerror(r)); goto ret; } }; + + if (r > 0) + r = 0; ret: + df->enumerated = 1; free(buf); - return r; + LOG_FUNC_RETURN(ctx, r); } int sc_pkcs15_add_unusedspace(struct sc_pkcs15_card *p15card, const sc_path_t *path, const sc_pkcs15_id_t *auth_id) { + struct sc_context *ctx = p15card->card->ctx; sc_pkcs15_unusedspace_t *p = p15card->unusedspace_list, *new_unusedspace; if (path->count == -1) { @@ -1501,11 +1680,11 @@ if (r != SC_SUCCESS) pbuf[0] = '\0'; - sc_error(p15card->card->ctx, "No offset and length present in path %s\n", pbuf); + sc_log(ctx, "No offset and length present in path %s", pbuf); return SC_ERROR_INVALID_ARGUMENTS; } - new_unusedspace = (sc_pkcs15_unusedspace_t *) calloc(1, sizeof(sc_pkcs15_unusedspace_t)); + new_unusedspace = calloc(1, sizeof(sc_pkcs15_unusedspace_t)); if (new_unusedspace == NULL) return SC_ERROR_OUT_OF_MEMORY; new_unusedspace->path = *path; @@ -1608,7 +1787,7 @@ return r; } -int sc_pkcs15_parse_unusedspace(const u8 * buf, size_t buflen, struct sc_pkcs15_card *card) +int sc_pkcs15_parse_unusedspace(const u8 * buf, size_t buflen, struct sc_pkcs15_card *p15card) { const u8 *p = buf; size_t left = buflen; @@ -1626,8 +1805,8 @@ }; /* Clean the list if already present */ - while (card->unusedspace_list) - sc_pkcs15_remove_unusedspace(card, card->unusedspace_list); + while (p15card->unusedspace_list) + sc_pkcs15_remove_unusedspace(p15card, p15card->unusedspace_list); sc_format_path("3F00", &dummy_path); dummy_path.index = dummy_path.count = 0; @@ -1638,7 +1817,7 @@ while (left > 0) { memset(&auth_id, 0, sizeof(auth_id)); - r = sc_asn1_decode(card->card->ctx, asn1_unusedspace, p, left, &p, &left); + r = sc_asn1_decode(p15card->card->ctx, asn1_unusedspace, p, left, &p, &left); if (r == SC_ERROR_ASN1_END_OF_CONTENTS) break; if (r < 0) @@ -1647,16 +1826,16 @@ * If the path length isn't included (-1) then it's against the standard * but we'll just ignore it instead of returning an error. */ if (path.count > 0) { - r = sc_pkcs15_make_absolute_path(&card->file_app->path, &path); + r = sc_pkcs15_make_absolute_path(&p15card->file_app->path, &path); if (r < 0) return r; - r = sc_pkcs15_add_unusedspace(card, &path, &auth_id); + r = sc_pkcs15_add_unusedspace(p15card, &path, &auth_id); if (r) return r; } } - card->unusedspace_read = 1; + p15card->unusedspace_read = 1; return 0; } @@ -1666,6 +1845,7 @@ u8 **buf, size_t *buflen, sc_file_t **file_out) { + struct sc_context *ctx = p15card->card->ctx; sc_file_t *file = NULL; u8 *data = NULL; size_t len = 0, offset = 0; @@ -1673,24 +1853,16 @@ assert(p15card != NULL && in_path != NULL && buf != NULL); - if (p15card->card->ctx->debug >= 1) { - char pbuf[SC_MAX_PATH_STRING_SIZE]; - - r = sc_path_print(pbuf, sizeof(pbuf), in_path); - if (r != SC_SUCCESS) - pbuf[0] = '\0'; - - sc_debug(p15card->card->ctx, "called, path=%s, index=%u, count=%d\n", - pbuf, in_path->index, in_path->count); - } + sc_log(ctx, "called; path=%s, index=%u, count=%d", sc_print_path(in_path), + in_path->index, in_path->count); r = -1; /* file state: not in cache */ - if (p15card->opts.use_cache) { + if (p15card->opts.use_file_cache) { r = sc_pkcs15_read_cached_file(p15card, in_path, &data, &len); } if (r) { r = sc_lock(p15card->card); - SC_TEST_RET(p15card->card->ctx, r, "sc_lock() failed"); + LOG_TEST_RET(ctx, r, "sc_lock() failed"); r = sc_select_file(p15card->card, in_path, &file); if (r) goto fail_unlock; @@ -1700,21 +1872,22 @@ if (in_path->count < 0) { len = file->size; offset = 0; - } else { + } + else { offset = in_path->index; len = in_path->count; /* Make sure we're within proper bounds */ - if (offset >= file->size - || offset + len > file->size) { + if (offset >= file->size || offset + len > file->size) { r = SC_ERROR_INVALID_ASN1_OBJECT; goto fail_unlock; } } - data = (u8 *) malloc(len); + data = malloc(len); if (data == NULL) { r = SC_ERROR_OUT_OF_MEMORY; goto fail_unlock; } + if (file->ef_structure == SC_FILE_EF_LINEAR_VARIABLE_TLV) { int i; size_t l, record_len; @@ -1724,10 +1897,7 @@ for (i=1; ; i++) { l = len - (head - data); if (l > 256) { l = 256; } - p15card->card->ctx->suppress_errors++; - r = sc_read_record(p15card->card, i, head, l, - SC_RECORD_BY_REC_NR); - p15card->card->ctx->suppress_errors--; + r = sc_read_record(p15card->card, i, head, l, SC_RECORD_BY_REC_NR); if (r == SC_ERROR_RECORD_NOT_FOUND) break; if (r < 0) { @@ -1743,13 +1913,11 @@ } else { if (r < 4) break; - record_len = head[2] * 256 + head[3]; memmove(head,head+4,r-4); head += (r-4); } } len = head-data; - r = len; } else { r = sc_read_binary(p15card->card, offset, data, len, 0); if (r < 0) { @@ -1758,7 +1926,7 @@ } /* sc_read_binary may return less than requested */ len = r; - } + } sc_unlock(p15card->card); /* Return of release file */ @@ -1769,13 +1937,13 @@ } *buf = data; *buflen = len; - return 0; + LOG_FUNC_RETURN(ctx, SC_SUCCESS); fail_unlock: if (file) sc_file_free(file); sc_unlock(p15card->card); - return r; + LOG_FUNC_RETURN(ctx, r); } int sc_pkcs15_compare_id(const struct sc_pkcs15_id *id1, @@ -1811,11 +1979,249 @@ int sc_pkcs15_make_absolute_path(const sc_path_t *parent, sc_path_t *child) { + /* nothing to do if child has valid 'aid' */ + if (child->aid.len) + return SC_SUCCESS; + + if (parent->aid.len) { + sc_path_t ppath; + + /* child inherits parent's 'aid' */ + child->aid = parent->aid; + if (!parent->len) + return SC_SUCCESS; + + /* parent has valid 'path' -- concatenate it with the child's one */ + memcpy(&ppath, parent, sizeof(sc_path_t)); + ppath.aid.len = 0; + ppath.type = SC_PATH_TYPE_FROM_CURRENT; + return sc_concatenate_path(child, &ppath, child); + + } + else if (parent->type == SC_PATH_TYPE_DF_NAME) { + /* child inherits parent's 'DF NAME' as 'aid' */ + if (parent->len > sizeof(child->aid.value)) + return SC_ERROR_WRONG_LENGTH; + + memcpy(child->aid.value, parent->value, parent->len); + child->aid.len = parent->len; + + return SC_SUCCESS; + } + /* a 0 length path stays a 0 length path */ if (child->len == 0) return SC_SUCCESS; - + if (sc_compare_path_prefix(sc_get_mf_path(), child)) return SC_SUCCESS; + return sc_concatenate_path(child, parent, child); } + +void sc_pkcs15_free_object_content(struct sc_pkcs15_object *obj) +{ + if (obj->content.value && obj->content.len) { + sc_mem_clear(obj->content.value, obj->content.len); + free(obj->content.value); + } + obj->content.value = NULL; + obj->content.len = 0; +} + +int sc_pkcs15_allocate_object_content(struct sc_pkcs15_object *obj, + const unsigned char *value, size_t len) +{ + unsigned char *tmp_buf; + + if (!obj) + return SC_ERROR_INVALID_ARGUMENTS; + + if (!value || !len) { + sc_pkcs15_free_object_content(obj); + return SC_SUCCESS; + } + + /* Need to pass by temporary variable, + * because 'value' and 'content.value' pointers can be the sames. + */ + tmp_buf = (unsigned char *)sc_mem_alloc_secure(len); + if (!tmp_buf) + return SC_ERROR_OUT_OF_MEMORY; + + memcpy(tmp_buf, value, len); + + sc_pkcs15_free_object_content(obj); + + obj->content.value = tmp_buf; + obj->content.len = len; + + return SC_SUCCESS; +} + +struct sc_supported_algo_info * +sc_pkcs15_get_supported_algo(struct sc_pkcs15_card *p15card, + unsigned operation, unsigned mechanism) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_supported_algo_info *info = NULL; + int ii; + + for (ii=0;iitokeninfo->supported_algos[ii].reference; ii++) + if ((p15card->tokeninfo->supported_algos[ii].operations & operation) + && (p15card->tokeninfo->supported_algos[ii].mechanism == mechanism)) + break; + + if (ii < SC_MAX_SUPPORTED_ALGORITHMS && p15card->tokeninfo->supported_algos[ii].reference) { + info = &p15card->tokeninfo->supported_algos[ii]; + sc_log(ctx, "found supported algorithm (ref:%X,mech:%X,ops:%X,algo_ref:%X)", + info->reference, info->mechanism, info->operations, info->algo_ref); + } + + return info; +} + + +int +sc_pkcs15_add_supported_algo_ref(struct sc_pkcs15_object *obj, + struct sc_supported_algo_info *algo) +{ + unsigned int ii, *algo_refs = NULL; + + if (!algo) + return SC_SUCCESS; + + switch (obj->type) { + case SC_PKCS15_TYPE_PRKEY_RSA: + algo_refs = ((struct sc_pkcs15_prkey_info *)obj->data)->algo_refs; + break; + case SC_PKCS15_TYPE_PUBKEY_RSA: + algo_refs = ((struct sc_pkcs15_pubkey_info *)obj->data)->algo_refs; + break; + } + if (!algo_refs) + return SC_ERROR_NOT_SUPPORTED; + + for (ii=0;iireference) + return SC_SUCCESS; + + for (ii=0;iireference; + return SC_SUCCESS; + } + } + + return SC_ERROR_TOO_MANY_OBJECTS; +} + + +int +sc_pkcs15_get_object_id(const struct sc_pkcs15_object *obj, struct sc_pkcs15_id *out) +{ + if (!obj || !out) + return SC_ERROR_INVALID_ARGUMENTS; + + switch (obj->type) { + case SC_PKCS15_TYPE_CERT_X509: + *out = ((struct sc_pkcs15_cert_info *) obj->data)->id; + break; + case SC_PKCS15_TYPE_PRKEY_RSA: + case SC_PKCS15_TYPE_PRKEY_DSA: + case SC_PKCS15_TYPE_PRKEY_GOSTR3410: + case SC_PKCS15_TYPE_PRKEY_EC: + *out = ((struct sc_pkcs15_prkey_info *) obj->data)->id; + break; + case SC_PKCS15_TYPE_PUBKEY_RSA: + case SC_PKCS15_TYPE_PUBKEY_DSA: + case SC_PKCS15_TYPE_PUBKEY_GOSTR3410: + case SC_PKCS15_TYPE_PUBKEY_EC: + *out = ((struct sc_pkcs15_pubkey_info *) obj->data)->id; + break; + case SC_PKCS15_TYPE_AUTH_PIN: + *out = ((struct sc_pkcs15_pin_info *) obj->data)->auth_id; + break; + case SC_PKCS15_TYPE_DATA_OBJECT: + *out = ((struct sc_pkcs15_data_info *) obj->data)->id; + break; + default: + return SC_ERROR_NOT_SUPPORTED; + } + + return SC_SUCCESS; +} + +/* + * Simplified GUID serializing. + * Ex. {3F2504E0-4F89-11D3-9A0C-0305E82C3301} + * + * There is no variant, version number and other special meaning fields + * that are described in RFC-4122 . + */ +static int +sc_pkcs15_serialize_guid(unsigned char *in, size_t in_size, + char *out, size_t out_size) +{ + int ii, jj, offs = 0; + + if (in_size < 16) + return SC_ERROR_BUFFER_TOO_SMALL; + if (out_size < 39) + return SC_ERROR_BUFFER_TOO_SMALL; + + strcpy(out, "{"); + for (ii=0; ii<4; ii++) + sprintf(out + strlen(out), "%02x", *(in + offs++)); + for (jj=0; jj<3; jj++) { + strcat(out, "-"); + for (ii=0; ii<2; ii++) + sprintf(out + strlen(out), "%02x", *(in + offs++)); + } + strcat(out, "-"); + for (ii=0; ii<6; ii++) + sprintf(out + strlen(out), "%02x", *(in + offs++)); + strcat(out, "}"); + + return SC_SUCCESS; +} + +int +sc_pkcs15_get_guid(struct sc_pkcs15_card *p15card, const struct sc_pkcs15_object *obj, + char *out, size_t out_size) +{ + struct sc_serial_number serialnr; + struct sc_pkcs15_id id; + unsigned char guid_bin[SC_PKCS15_MAX_ID_SIZE + SC_MAX_SERIALNR]; + int rv; + + if (p15card->ops.get_guid) + return p15card->ops.get_guid(p15card, obj, out, out_size); + + rv = sc_pkcs15_get_object_id(obj, &id); + if (rv) + return rv; + + rv = sc_card_ctl(p15card->card, SC_CARDCTL_GET_SERIALNR, &serialnr); + if (rv) + return rv; + + memset(guid_bin, 0, sizeof(guid_bin)); + memcpy(guid_bin, id.value, id.len); + memcpy(guid_bin + id.len, serialnr.value, serialnr.len); + + return sc_pkcs15_serialize_guid(guid_bin, id.len + serialnr.len, out, out_size); +} + +void sc_pkcs15_free_key_params(struct sc_pkcs15_key_params *params) +{ + if (!params) + return; + if (params->data && params->free_params) + params->free_params(params->data); + else if (params->data) + free(params->data); + + params->data = NULL; +} + diff -Nru opensc-0.11.13/src/libopensc/pkcs15-cache.c opensc-0.12.1/src/libopensc/pkcs15-cache.c --- opensc-0.11.13/src/libopensc/pkcs15-cache.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/pkcs15-cache.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,8 +18,8 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" -#include "pkcs15.h" +#include "config.h" + #include #include #include @@ -31,6 +31,9 @@ #include #include +#include "internal.h" +#include "pkcs15.h" + static int generate_cache_filename(struct sc_pkcs15_card *p15card, const sc_path_t *path, char *buf, size_t bufsize) @@ -55,14 +58,14 @@ } for (i = 0; i < pathlen; i++) sprintf(pathname + 2*i, "%02X", pathptr[i]); - if (p15card->serial_number != NULL) { - if (p15card->last_update != NULL) + if (p15card->tokeninfo->serial_number != NULL) { + if (p15card->tokeninfo->last_update != NULL) r = snprintf(buf, bufsize, "%s/%s_%s_%s", dir, - p15card->serial_number, p15card->last_update, + p15card->tokeninfo->serial_number, p15card->tokeninfo->last_update, pathname); else r = snprintf(buf, bufsize, "%s/%s_DATE_%s", dir, - p15card->serial_number, pathname); + p15card->tokeninfo->serial_number, pathname); if (r < 0) return SC_ERROR_BUFFER_TOO_SMALL; } else @@ -97,7 +100,7 @@ return SC_ERROR_FILE_NOT_FOUND; /* cache file bad? */ } if (*buf == NULL) { - data = (u8 *) malloc((size_t)stbuf.st_size); + data = malloc((size_t)stbuf.st_size); if (data == NULL) return SC_ERROR_OUT_OF_MEMORY; } else @@ -154,7 +157,7 @@ c = fwrite(buf, 1, bufsize, f); fclose(f); if (c != bufsize) { - sc_error(p15card->card->ctx, "fwrite() wrote only %d bytes", c); + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "fwrite() wrote only %d bytes", c); unlink(fname); return SC_ERROR_INTERNAL; } diff -Nru opensc-0.11.13/src/libopensc/pkcs15-cert.c opensc-0.12.1/src/libopensc/pkcs15-cert.c --- opensc-0.11.13/src/libopensc/pkcs15-cert.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/pkcs15-cert.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,9 +18,8 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" -#include "pkcs15.h" -#include "asn1.h" +#include "config.h" + #include #include #include @@ -30,20 +29,21 @@ #endif #include +#include "internal.h" +#include "asn1.h" +#include "pkcs15.h" + static int parse_x509_cert(sc_context_t *ctx, const u8 *buf, size_t buflen, struct sc_pkcs15_cert *cert) { int r; - struct sc_algorithm_id pk_alg, sig_alg; - sc_pkcs15_der_t pk = { NULL, 0 }; + struct sc_algorithm_id sig_alg; + struct sc_pkcs15_pubkey * pubkey = NULL; + u8 *serial = NULL; + size_t serial_len = 0; struct sc_asn1_entry asn1_version[] = { { "version", SC_ASN1_INTEGER, SC_ASN1_TAG_INTEGER, 0, &cert->version, NULL }, { NULL, 0, 0, 0, NULL, NULL } }; - struct sc_asn1_entry asn1_pkinfo[] = { - { "algorithm", SC_ASN1_ALGORITHM_ID, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, 0, &pk_alg, NULL }, - { "subjectPublicKey", SC_ASN1_BIT_STRING_NI, SC_ASN1_TAG_BIT_STRING, SC_ASN1_ALLOC, &pk.value, &pk.len }, - { NULL, 0, 0, 0, NULL, NULL } - }; struct sc_asn1_entry asn1_x509v3[] = { { "certificatePolicies", SC_ASN1_OCTET_STRING, SC_ASN1_SEQUENCE | SC_ASN1_CONS, SC_ASN1_OPTIONAL, NULL, NULL }, { "subjectKeyIdentifier", SC_ASN1_OCTET_STRING, SC_ASN1_SEQUENCE | SC_ASN1_CONS, SC_ASN1_OPTIONAL, NULL, NULL }, @@ -58,12 +58,13 @@ }; struct sc_asn1_entry asn1_tbscert[] = { { "version", SC_ASN1_STRUCT, SC_ASN1_CTX | 0 | SC_ASN1_CONS, SC_ASN1_OPTIONAL, asn1_version, NULL }, - { "serialNumber", SC_ASN1_OCTET_STRING, SC_ASN1_TAG_INTEGER, SC_ASN1_ALLOC, &cert->serial, &cert->serial_len }, + { "serialNumber", SC_ASN1_OCTET_STRING, SC_ASN1_TAG_INTEGER, SC_ASN1_ALLOC, &serial, &serial_len }, { "signature", SC_ASN1_STRUCT, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, 0, NULL, NULL }, { "issuer", SC_ASN1_OCTET_STRING, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, SC_ASN1_ALLOC, &cert->issuer, &cert->issuer_len }, { "validity", SC_ASN1_STRUCT, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, 0, NULL, NULL }, { "subject", SC_ASN1_OCTET_STRING, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, SC_ASN1_ALLOC, &cert->subject, &cert->subject_len }, - { "subjectPublicKeyInfo",SC_ASN1_STRUCT, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, 0, asn1_pkinfo, NULL }, + /* Use a callback to get the algorithm, parameters and pubkey into sc_pkcs15_pubkey */ + { "subjectPublicKeyInfo",SC_ASN1_CALLBACK, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, 0, sc_pkcs15_pubkey_from_spki, &pubkey }, { "extensions", SC_ASN1_STRUCT, SC_ASN1_CTX | 3 | SC_ASN1_CONS, SC_ASN1_OPTIONAL, asn1_extensions, NULL }, { NULL, 0, 0, 0, NULL, NULL } }; @@ -73,6 +74,10 @@ { "signatureValue", SC_ASN1_BIT_STRING, SC_ASN1_TAG_BIT_STRING, 0, NULL, NULL }, { NULL, 0, 0, 0, NULL, NULL } }; + struct sc_asn1_entry asn1_serial_number[] = { + { "serialNumber", SC_ASN1_OCTET_STRING, SC_ASN1_TAG_INTEGER, SC_ASN1_ALLOC, NULL, NULL }, + { NULL, 0, 0, 0, NULL, NULL } + }; const u8 *obj; size_t objlen; @@ -80,28 +85,55 @@ obj = sc_asn1_verify_tag(ctx, buf, buflen, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, &objlen); if (obj == NULL) { - sc_error(ctx, "X.509 certificate not found\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "X.509 certificate not found"); return SC_ERROR_INVALID_ASN1_OBJECT; } cert->data_len = objlen + (obj - buf); r = sc_asn1_decode(ctx, asn1_cert, obj, objlen, NULL, NULL); - SC_TEST_RET(ctx, r, "ASN.1 parsing of certificate failed"); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "ASN.1 parsing of certificate failed"); cert->version++; - cert->key.algorithm = pk_alg.algorithm; - pk.len >>= 3; /* convert number of bits to bytes */ - cert->key.data = pk; - - r = sc_pkcs15_decode_pubkey(ctx, &cert->key, pk.value, pk.len); - if (r < 0) - free(pk.value); - sc_asn1_clear_algorithm_id(&pk_alg); + if (pubkey) { + cert->key = pubkey; + pubkey = NULL; + } else { + sc_debug(ctx,SC_LOG_DEBUG_VERBOSE, "Unable to decode subjectPublicKeyInfo from cert"); + r = SC_ERROR_INVALID_ASN1_OBJECT; + } sc_asn1_clear_algorithm_id(&sig_alg); + if (r < 0) + return r; + + if (serial && serial_len) { + sc_format_asn1_entry(asn1_serial_number + 0, serial, &serial_len, 1); + r = sc_asn1_encode(ctx, asn1_serial_number, &cert->serial, &cert->serial_len); + free(serial); + } return r; } +int +sc_pkcs15_pubkey_from_cert(struct sc_context *ctx, + struct sc_pkcs15_der *cert_blob, struct sc_pkcs15_pubkey **out) +{ + int rv; + struct sc_pkcs15_cert * cert; + + cert = calloc(1, sizeof(struct sc_pkcs15_cert)); + if (cert == NULL) + return SC_ERROR_OUT_OF_MEMORY; + + rv = parse_x509_cert(ctx, cert_blob->value, cert_blob->len, cert); + + *out = cert->key; + cert->key = NULL; + sc_pkcs15_free_certificate(cert); + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv); +} + int sc_pkcs15_read_certificate(struct sc_pkcs15_card *p15card, const struct sc_pkcs15_cert_info *info, struct sc_pkcs15_cert **cert_out) @@ -112,7 +144,7 @@ size_t len; assert(p15card != NULL && info != NULL && cert_out != NULL); - SC_FUNC_CALLED(p15card->card->ctx, 1); + SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE); if (info->path.len) { r = sc_pkcs15_read_file(p15card, &info->path, &data, &len, NULL); @@ -126,7 +158,7 @@ len = copy.len; } - cert = (struct sc_pkcs15_cert *) malloc(sizeof(struct sc_pkcs15_cert)); + cert = malloc(sizeof(struct sc_pkcs15_cert)); if (cert == NULL) { free(data); return SC_ERROR_OUT_OF_MEMORY; @@ -134,7 +166,7 @@ memset(cert, 0, sizeof(struct sc_pkcs15_cert)); if (parse_x509_cert(p15card->card->ctx, data, len, cert)) { free(data); - free(cert); + sc_pkcs15_free_certificate(cert); return SC_ERROR_INVALID_ASN1_OBJECT; } cert->data = data; @@ -217,14 +249,21 @@ free(der->value); if (r == SC_ERROR_ASN1_END_OF_CONTENTS) return r; - SC_TEST_RET(ctx, r, "ASN.1 decoding failed"); - r = sc_pkcs15_make_absolute_path(&p15card->file_app->path, &info.path); - if (r < 0) - return r; + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "ASN.1 decoding failed"); + + if (!p15card->app || !p15card->app->ddo.aid.len) { + r = sc_pkcs15_make_absolute_path(&p15card->file_app->path, &info.path); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot make absolute path"); + } + else { + info.path.aid = p15card->app->ddo.aid; + } + sc_debug(ctx, SC_LOG_DEBUG_ASN1, "Certificate path '%s'", sc_print_path(&info.path)); + obj->type = SC_PKCS15_TYPE_CERT_X509; obj->data = malloc(sizeof(info)); if (obj->data == NULL) - SC_FUNC_RETURN(ctx, 0, SC_ERROR_OUT_OF_MEMORY); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); memcpy(obj->data, &info, sizeof(info)); return 0; @@ -271,7 +310,8 @@ { assert(cert != NULL); - sc_pkcs15_erase_pubkey(&cert->key); + if (cert->key) + sc_pkcs15_free_pubkey(cert->key); free(cert->subject); free(cert->issuer); free(cert->serial); diff -Nru opensc-0.11.13/src/libopensc/pkcs15-data.c opensc-0.12.1/src/libopensc/pkcs15-data.c --- opensc-0.11.13/src/libopensc/pkcs15-data.c 2009-12-13 07:44:43.000000000 +0000 +++ opensc-0.12.1/src/libopensc/pkcs15-data.c 2011-05-17 17:07:00.000000000 +0000 @@ -20,9 +20,8 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" -#include "pkcs15.h" -#include "asn1.h" +#include "config.h" + #include #include #include @@ -31,6 +30,10 @@ #include #endif +#include "internal.h" +#include "asn1.h" +#include "pkcs15.h" + static const struct sc_asn1_entry c_asn1_data_object[] = { { "dataObject", SC_ASN1_OCTET_STRING, SC_ASN1_TAG_OCTET_STRING, 0, NULL, NULL }, { NULL, 0, 0, 0, NULL, NULL } @@ -47,12 +50,12 @@ if (p15card == NULL || info == NULL || data_object_out == NULL) return SC_ERROR_INVALID_ARGUMENTS; - SC_FUNC_CALLED(p15card->card->ctx, 1); + SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE); r = sc_pkcs15_read_file(p15card, &info->path, &data, &len, NULL); if (r) return r; - data_object = (struct sc_pkcs15_data *) malloc(sizeof(struct sc_pkcs15_data)); + data_object = malloc(sizeof(struct sc_pkcs15_data)); if (data_object == NULL) { free(data); return SC_ERROR_OUT_OF_MEMORY; @@ -109,14 +112,21 @@ r = sc_asn1_decode(ctx, asn1_data, *buf, *buflen, buf, buflen); if (r == SC_ERROR_ASN1_END_OF_CONTENTS) return r; - SC_TEST_RET(ctx, r, "ASN.1 decoding failed"); - r = sc_pkcs15_make_absolute_path(&p15card->file_app->path, &info.path); - if (r < 0) - return r; + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "ASN.1 decoding failed"); + + if (!p15card->app || !p15card->app->ddo.aid.len) { + r = sc_pkcs15_make_absolute_path(&p15card->file_app->path, &info.path); + if (r < 0) + return r; + } + else { + info.path.aid = p15card->app->ddo.aid; + } + obj->type = SC_PKCS15_TYPE_DATA_OBJECT; obj->data = malloc(sizeof(info)); if (obj->data == NULL) - SC_FUNC_RETURN(ctx, 0, SC_ERROR_OUT_OF_MEMORY); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); memcpy(obj->data, &info, sizeof(info)); return 0; diff -Nru opensc-0.11.13/src/libopensc/pkcs15-esinit.c opensc-0.12.1/src/libopensc/pkcs15-esinit.c --- opensc-0.11.13/src/libopensc/pkcs15-esinit.c 2009-12-13 09:14:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/pkcs15-esinit.c 2011-05-17 17:07:00.000000000 +0000 @@ -15,22 +15,25 @@ */ /* Initially written by Weitao Sun (weitao@ftsafe.com) 2008*/ -#include "internal.h" -#include "pkcs15.h" -#include "cardctl.h" +#include "config.h" #include #include #include +#include "internal.h" +#include "pkcs15.h" +#include "cardctl.h" #define MANU_ID "entersafe" +int sc_pkcs15emu_entersafe_init_ex(sc_pkcs15_card_t *, sc_pkcs15emu_opt_t *); + static int entersafe_detect_card( sc_pkcs15_card_t *p15card) { sc_card_t *card = p15card->card; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); /* check if we have the correct card OS */ if (strcmp(card->name, "entersafe")) @@ -46,27 +49,27 @@ sc_card_t *card = p15card->card; sc_serial_number_t serial; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); /* get serial number */ r = sc_card_ctl(card, SC_CARDCTL_GET_SERIALNR, &serial); r = sc_bin_to_hex(serial.value, serial.len, buf, sizeof(buf), 0); if (r != SC_SUCCESS) return SC_ERROR_INTERNAL; - if (p15card->serial_number) - free(p15card->serial_number); - p15card->serial_number = (char *) malloc(strlen(buf) + 1); - if (!p15card->serial_number) + if (p15card->tokeninfo->serial_number) + free(p15card->tokeninfo->serial_number); + p15card->tokeninfo->serial_number = malloc(strlen(buf) + 1); + if (!p15card->tokeninfo->serial_number) return SC_ERROR_INTERNAL; - strcpy(p15card->serial_number, buf); + strcpy(p15card->tokeninfo->serial_number, buf); /* the manufacturer ID, in this case Giesecke & Devrient GmbH */ - if (p15card->manufacturer_id) - free(p15card->manufacturer_id); - p15card->manufacturer_id = (char *) malloc(strlen(MANU_ID) + 1); - if (!p15card->manufacturer_id) + if (p15card->tokeninfo->manufacturer_id) + free(p15card->tokeninfo->manufacturer_id); + p15card->tokeninfo->manufacturer_id = malloc(strlen(MANU_ID) + 1); + if (!p15card->tokeninfo->manufacturer_id) return SC_ERROR_INTERNAL; - strcpy(p15card->manufacturer_id, MANU_ID); + strcpy(p15card->tokeninfo->manufacturer_id, MANU_ID); return SC_SUCCESS; } @@ -74,7 +77,7 @@ int sc_pkcs15emu_entersafe_init_ex(sc_pkcs15_card_t *p15card, sc_pkcs15emu_opt_t *opts) { - SC_FUNC_CALLED(p15card->card->ctx, 1); + SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE); if (opts && opts->flags & SC_PKCS15EMU_FLAGS_NO_CHECK) return sc_pkcs15emu_entersafe_init(p15card); diff -Nru opensc-0.11.13/src/libopensc/pkcs15-esteid.c opensc-0.12.1/src/libopensc/pkcs15-esteid.c --- opensc-0.11.13/src/libopensc/pkcs15-esteid.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/pkcs15-esteid.c 2011-05-17 17:07:00.000000000 +0000 @@ -21,18 +21,21 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" -#include "pkcs15.h" +#include "config.h" + #include #include #include +#ifdef ENABLE_OPENSSL +#include +#endif -#include "esteid.h" -#include +#include "common/compat_strlcpy.h" +#include "common/compat_strlcat.h" -#ifdef ENABLE_ICONV -#include -#endif +#include "internal.h" +#include "pkcs15.h" +#include "esteid.h" int sc_pkcs15emu_esteid_init_ex(sc_pkcs15_card_t *, sc_pkcs15emu_opt_t *); @@ -51,9 +54,8 @@ int r; sc_path_t tmppath; sc_format_path ("3F00EEEE", &tmppath); - tmppath.type = SC_PATH_TYPE_PATH; r = sc_select_file (card, &tmppath, NULL); - SC_TEST_RET (card->ctx, r, "esteid select DF failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "esteid select DF failed"); return r; } @@ -61,70 +63,27 @@ sc_pkcs15emu_esteid_init (sc_pkcs15_card_t * p15card) { sc_card_t *card = p15card->card; -#ifdef ENABLE_ICONV - iconv_t iso_utf; - char *inptr, *outptr; - size_t inbytes, outbytes, result; - unsigned char label[64], name1[32], name2[32]; -#endif unsigned char buff[128]; - int r, i, flags; + int r, i; sc_path_t tmppath; - set_string (&p15card->label, "ID-kaart"); - set_string (&p15card->manufacturer_id, "AS Sertifitseerimiskeskus"); + set_string (&p15card->tokeninfo->label, "ID-kaart"); + set_string (&p15card->tokeninfo->manufacturer_id, "AS Sertifitseerimiskeskus"); /* Select application directory */ sc_format_path ("3f00eeee5044", &tmppath); - tmppath.type = SC_PATH_TYPE_PATH; r = sc_select_file (card, &tmppath, NULL); - SC_TEST_RET (card->ctx, r, "select esteid PD failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "select esteid PD failed"); /* read the serial (document number) */ r = sc_read_record (card, SC_ESTEID_PD_DOCUMENT_NR, buff, sizeof(buff), SC_RECORD_BY_REC_NR); - SC_TEST_RET (card->ctx, r, "read document number failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "read document number failed"); buff[r] = '\0'; - set_string (&p15card->serial_number, (const char *) buff); + set_string (&p15card->tokeninfo->serial_number, (const char *) buff); -#ifdef ENABLE_ICONV - /* Read the name of the cardholder and convert it into UTF-8 */ - iso_utf = iconv_open ("UTF-8", "ISO-8859-1"); - if (iso_utf == (iconv_t) -1) - return SC_ERROR_INTERNAL; - - r = sc_read_record (card, SC_ESTEID_PD_GIVEN_NAMES1, buff, sizeof(buff), SC_RECORD_BY_REC_NR); - SC_TEST_RET (card->ctx, r, "read name1 failed"); - inptr = buff; - outptr = name1; - inbytes = r; - outbytes = 32; - result = iconv(iso_utf, &inptr, &inbytes, &outptr, &outbytes); - if (result == (size_t) -1) - return SC_ERROR_INTERNAL; - *outptr = '\0'; - - r = sc_read_record (card, SC_ESTEID_PD_SURNAME, buff, sizeof(buff), SC_RECORD_BY_REC_NR); - SC_TEST_RET (card->ctx, r, "read name2 failed"); - inptr = buff; - outptr = name2; - inbytes = r; - outbytes = 32; - result = iconv(iso_utf, &inptr, &inbytes, &outptr, &outbytes); - if (result == (size_t) -1) - return SC_ERROR_INTERNAL; - *outptr = '\0'; - - snprintf(label, sizeof(label), "%s %s", name1, name2); - set_string (&p15card->label, label); -#endif - p15card->flags = SC_PKCS15_CARD_FLAG_PRN_GENERATION - | SC_PKCS15_CARD_FLAG_EID_COMPLIANT - | SC_PKCS15_CARD_FLAG_READONLY; - - /* EstEID uses 1024b RSA */ - card->algorithm_count = 0; - flags = SC_ALGORITHM_RSA_PAD_PKCS1; - _sc_card_add_rsa_alg (card, 1024, flags, 0); + p15card->tokeninfo->flags = SC_PKCS15_TOKEN_PRN_GENERATION + | SC_PKCS15_TOKEN_EID_COMPLIANT + | SC_PKCS15_TOKEN_READONLY; /* add certificates */ for (i = 0; i < 2; i++) { @@ -149,6 +108,50 @@ r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info); if (r < 0) return SC_ERROR_INTERNAL; +#ifdef ENABLE_OPENSSL + if (i == 0) { + BIO *mem = NULL; + X509 *x509 = NULL; + sc_pkcs15_cert_t *cert; + char cardholder_name[64]; + unsigned char *tmp = NULL; + r = sc_pkcs15_read_certificate(p15card, &cert_info, &cert); + if (r == SC_SUCCESS) { + mem = BIO_new_mem_buf(cert->data, cert->data_len); + if (!mem) + return SC_ERROR_INTERNAL; + x509 = d2i_X509_bio(mem, NULL); + BIO_free(mem); + if (!x509) + return SC_ERROR_INTERNAL; + r = X509_NAME_get_index_by_NID(X509_get_subject_name(x509), NID_commonName, -1); + if (r >= 0) { + X509_NAME_ENTRY *ne; + ASN1_STRING *a_str; + ne = X509_NAME_get_entry(X509_get_subject_name(x509), r); + if (!ne) { + X509_free(x509); + return SC_ERROR_INTERNAL; + } + a_str = X509_NAME_ENTRY_get_data(ne); + if (!a_str) { + X509_free(x509); + return SC_ERROR_INTERNAL; + } + r = ASN1_STRING_to_UTF8(&tmp, a_str); + if (r > 0) { + if ((unsigned)r > sizeof(cardholder_name) - 1) + r = sizeof(cardholder_name) -1; + memcpy(cardholder_name, tmp, r); + cardholder_name[r] = '\0'; + set_string(&p15card->tokeninfo->label, cardholder_name); + OPENSSL_free(tmp); + } + } + X509_free(x509); + } + } +#endif } /* the file with key pin info (tries left) */ @@ -177,7 +180,7 @@ memset(&pin_obj, 0, sizeof(pin_obj)); /* read the number of tries left for the PIN */ - r = sc_read_record (card, i + 1, buff, 128, SC_RECORD_BY_REC_NR); + r = sc_read_record (card, i + 1, buff, sizeof(buff), SC_RECORD_BY_REC_NR); if (r < 0) return SC_ERROR_INTERNAL; tries_left = buff[5]; @@ -192,6 +195,7 @@ pin_info.max_length = 12; pin_info.pad_char = '\0'; pin_info.tries_left = (int)tries_left; + pin_info.max_tries = 3; strlcpy(pin_obj.label, esteid_pin_names[i], sizeof(pin_obj.label)); pin_obj.flags = esteid_pin_flags[i]; @@ -213,10 +217,7 @@ static int prkey_usage[2] = { SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_DECRYPT - | SC_PKCS15_PRKEY_USAGE_SIGN - | SC_PKCS15_PRKEY_USAGE_SIGNRECOVER - | SC_PKCS15_PRKEY_USAGE_WRAP - | SC_PKCS15_PRKEY_USAGE_UNWRAP, + | SC_PKCS15_PRKEY_USAGE_SIGN, SC_PKCS15_PRKEY_USAGE_NONREPUDIATION}; static const char *prkey_name[2] = { @@ -234,7 +235,10 @@ prkey_info.usage = prkey_usage[i]; prkey_info.native = 1; prkey_info.key_reference = i + 1; - prkey_info.modulus_length= 1024; + if (card->type == SC_CARD_TYPE_MCRD_ESTEID_V30) + prkey_info.modulus_length = 2048; + else + prkey_info.modulus_length = 1024; strlcpy(prkey_obj.label, prkey_name[i], sizeof(prkey_obj.label)); prkey_obj.auth_id.len = 1; @@ -246,14 +250,16 @@ if (r < 0) return SC_ERROR_INTERNAL; } + return SC_SUCCESS; } static int esteid_detect_card(sc_pkcs15_card_t *p15card) { - if (p15card->card->type == SC_CARD_TYPE_MCRD_ESTEID) + if (is_esteid_card(p15card->card)) return SC_SUCCESS; - return SC_ERROR_WRONG_CARD; + else + return SC_ERROR_WRONG_CARD; } int sc_pkcs15emu_esteid_init_ex(sc_pkcs15_card_t *p15card, diff -Nru opensc-0.11.13/src/libopensc/pkcs15-gemsafeGPK.c opensc-0.12.1/src/libopensc/pkcs15-gemsafeGPK.c --- opensc-0.11.13/src/libopensc/pkcs15-gemsafeGPK.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/pkcs15-gemsafeGPK.c 2011-05-17 17:07:00.000000000 +0000 @@ -19,14 +19,17 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" -#include -#include -#include +#include "config.h" + #include #include #include -#include + +#include "common/compat_strlcpy.h" +#include "internal.h" +#include "pkcs15.h" +#include "log.h" +#include "cardctl.h" #define MANU_ID "GemSAFE on GPK16000" @@ -101,7 +104,7 @@ int saved_len = 0; u8 newpin[8]; - SC_FUNC_CALLED(card->ctx, 2); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); memset(newpin, 0xff, sizeof(newpin)); @@ -109,7 +112,7 @@ memcpy(newpin,data->pin1.data, (size_t)data->pin1.len); newpin[data->pin1.len] = 0x00; - sc_debug(card->ctx, "pin len=%d", data->pin1.len); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "pin len=%d", data->pin1.len); saved_data = data->pin1.data; saved_len = data->pin1.len; @@ -124,7 +127,7 @@ data->pin1.len = saved_len; } - SC_FUNC_RETURN(card->ctx, 2, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); } @@ -160,7 +163,7 @@ { sc_card_t *card = p15card->card; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); if (strcmp(card->name, "Gemplus GPK")) @@ -207,25 +210,23 @@ u8 *cp; char buf[256]; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); /* need to limit to 248 */ - if (card->max_send_size > 248) - card->max_send_size = 248; - if (card->max_recv_size > 248) - card->max_recv_size = 248; + card->max_send_size = 248; + card->max_recv_size = 248; /* could read this off card if needed */ - p15card->label = strdup("GemSAFE"); - p15card->manufacturer_id = strdup(MANU_ID); + p15card->tokeninfo->label = strdup("GemSAFE"); + p15card->tokeninfo->manufacturer_id = strdup(MANU_ID); /* get serial number */ r = sc_card_ctl(card, SC_CARDCTL_GET_SERIALNR, &serial); r = sc_bin_to_hex(serial.value, serial.len, buf, sizeof(buf), 0); if (r != SC_SUCCESS) return SC_ERROR_INTERNAL; - p15card->serial_number = strdup(buf); + p15card->tokeninfo->serial_number = strdup(buf); /* test if we have a gemsafe app df */ memset(&path, 0, sizeof(path)); @@ -248,7 +249,7 @@ free(file); file = NULL; - sc_debug(card->ctx, "GemSafe file found, id=%d",dfpath); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "GemSafe file found, id=%d",dfpath); /* There may be more then one key in the directory. */ /* we need to find them so we can associate them with the */ @@ -259,14 +260,10 @@ path.value[1] = i; path.len = 2; path.type = SC_PATH_TYPE_FILE_ID; - sc_ctx_suppress_errors_on(card->ctx); /* file may not exist, and not an error */ r = sc_select_file(card, &path, NULL); - sc_ctx_suppress_errors_off(card->ctx); if (r < 0) continue; - sc_ctx_suppress_errors_on(card->ctx); r = sc_read_record(card, 1, sysrec, sizeof(sysrec), SC_RECORD_BY_REC_NR); - sc_ctx_suppress_errors_off(card->ctx); if (r != 7 || sysrec[0] != 0) { continue; } @@ -279,14 +276,14 @@ case 0x10: kinfo[num_keyinfo].modulus_len = 768 / 8; break; case 0x11: kinfo[num_keyinfo].modulus_len = 1024 / 8; break; default: - sc_error(card->ctx, "Unsupported modulus length"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unsupported modulus length"); continue; } kinfo[num_keyinfo].fileid = i; sc_pkcs15_format_id("NONE", &kinfo[num_keyinfo].id); - sc_debug(card->ctx,"reading modulus"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"reading modulus"); r = sc_read_record(card, 2, modulus_buf, kinfo[num_keyinfo].modulus_len+1, SC_RECORD_BY_REC_NR); if (r < 0) @@ -322,7 +319,7 @@ /* For performance reasons we will only */ /* read part of the file , as it is about 6100 bytes */ - gsdata = (unsigned char *) malloc(file->size); + gsdata = malloc(file->size); if (!gsdata) return SC_ERROR_OUT_OF_MEMORY; @@ -380,7 +377,7 @@ idx2 = idx2 + idxlen; } cert_info.value.len = seq_len1 + 4; - sc_debug(card->ctx, "Found cert at offset %d", idx1); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Found cert at offset %d", idx1); cert_info.value.value = (unsigned char *) malloc(cert_info.value.len); if (!cert_info.value.value) @@ -411,11 +408,11 @@ } for (j = 0; j < num_keyinfo; j++) { - if (cert_out->key.u.rsa.modulus.len == kinfo[j].modulus_len && - memcmp(cert_out->key.u.rsa.modulus.data, - &kinfo[j].modulus, cert_out->key.u.rsa.modulus.len) == 0) { + if (cert_out->key->u.rsa.modulus.len == kinfo[j].modulus_len && + memcmp(cert_out->key->u.rsa.modulus.data, + &kinfo[j].modulus, cert_out->key->u.rsa.modulus.len) == 0) { memcpy(&kinfo[j].id, &cert_info.id, sizeof(sc_pkcs15_id_t)); - sc_debug(card->ctx, "found match"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "found match"); } } sc_pkcs15_free_certificate(cert_out); @@ -486,7 +483,7 @@ for (j = 0; j < num_keyinfo; j++) { if (sc_pkcs15_compare_id(&kinfo[j].id, &prkey_info.id)) { - sc_debug(card->ctx, "found key in file %d for id %d", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "found key in file %d for id %d", kinfo[j].fileid, prkey_info.id); prkey_info.path.value[0] = kinfo[j].fileid >> 8; prkey_info.path.value[1] = kinfo[j].fileid & 0xff; @@ -512,7 +509,7 @@ sc_card_t *card = p15card->card; sc_context_t *ctx = card->ctx; - sc_debug(ctx, "Entering %s", __FUNCTION__); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Entering %s", __FUNCTION__); if (opts && opts->flags & SC_PKCS15EMU_FLAGS_NO_CHECK) return sc_pkcs15emu_gemsafeGPK_init(p15card); diff -Nru opensc-0.11.13/src/libopensc/pkcs15-gemsafeV1.c opensc-0.12.1/src/libopensc/pkcs15-gemsafeV1.c --- opensc-0.11.13/src/libopensc/pkcs15-gemsafeV1.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/pkcs15-gemsafeV1.c 2011-05-17 17:07:00.000000000 +0000 @@ -16,12 +16,15 @@ /* Initially written by David Mattes (david.mattes@boeing.com) */ -#include "internal.h" -#include "pkcs15.h" +#include "config.h" + #include #include #include +#include "internal.h" +#include "pkcs15.h" + #define MANU_ID "Gemplus" #define APPLET_NAME "GemSAFE V1" #define DRIVER_SERIAL_NUMBER "v0.9" @@ -141,10 +144,10 @@ * (allocated EF space is much greater!) */ objlen = (((size_t) ibuf[0]) << 8) | ibuf[1]; - sc_debug(card->ctx, "%s: Certificate object is of size: %d\n", fn_name, objlen); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "%s: Certificate object is of size: %d\n", fn_name, objlen); if (objlen < 1 || objlen > 10240) { - sc_error(card->ctx, "%s: Invalid object size: %d\n", fn_name, objlen); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "%s: Invalid object size: %d\n", fn_name, objlen); return 0; } @@ -161,7 +164,7 @@ while (ibuf[ind] == 0x01) { if (ibuf[ind+1] == 0xFE) { *key_ref = ibuf[ind+4]; - sc_debug(card->ctx, "Using key_ref %d found at offset %d\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Using key_ref %d found at offset %d\n", *key_ref, ind); break; } @@ -184,7 +187,7 @@ offset = block*248; r = sc_read_binary(card, offset, ibuf, 248, 0); if (r < 0) { - sc_error(card->ctx, "%s: Could not read cert object\n", fn_name); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "%s: Could not read cert object\n", fn_name); return 0; } } @@ -195,7 +198,7 @@ /* DER Cert len is encoded this way */ certlen = ((((size_t) ibuf[i+2]) << 8) | ibuf[i+3]) + 4; - sc_debug(card->ctx, "%s: certlen: %04X\n", fn_name, certlen); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "%s: certlen: %04X\n", fn_name, certlen); path->index = index_local; path->count = certlen; @@ -223,24 +226,22 @@ struct sc_card *card = p15card->card; struct sc_apdu apdu; u8 rbuf[SC_MAX_APDU_BUFFER_SIZE]; - char * endptr; - float version=0.0; - sc_debug(p15card->card->ctx, "%s: Setting pkcs15 parameters\n", fn_name); + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "%s: Setting pkcs15 parameters\n", fn_name); - if (p15card->label) - free(p15card->label); - p15card->label = malloc(strlen(APPLET_NAME) + 1); - if (!p15card->label) + if (p15card->tokeninfo->label) + free(p15card->tokeninfo->label); + p15card->tokeninfo->label = malloc(strlen(APPLET_NAME) + 1); + if (!p15card->tokeninfo->label) return SC_ERROR_INTERNAL; - strcpy(p15card->label, APPLET_NAME); + strcpy(p15card->tokeninfo->label, APPLET_NAME); - if (p15card->serial_number) - free(p15card->serial_number); - p15card->serial_number = malloc(strlen(DRIVER_SERIAL_NUMBER) + 1); - if (!p15card->serial_number) + if (p15card->tokeninfo->serial_number) + free(p15card->tokeninfo->serial_number); + p15card->tokeninfo->serial_number = malloc(strlen(DRIVER_SERIAL_NUMBER) + 1); + if (!p15card->tokeninfo->serial_number) return SC_ERROR_INTERNAL; - strcpy(p15card->serial_number, DRIVER_SERIAL_NUMBER); + strcpy(p15card->tokeninfo->serial_number, DRIVER_SERIAL_NUMBER); /* the GemSAFE applet version number */ sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xca, 0xdf, 0x03); @@ -252,27 +253,22 @@ apdu.lc = 0; apdu.datalen = 0; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00) return SC_ERROR_INTERNAL; if (r != SC_SUCCESS) return SC_ERROR_INTERNAL; - endptr = (char *)(apdu.resp + apdu.resplen); - version = strtod( (const char *)(apdu.resp + 4), &endptr); - sc_debug(p15card->card->ctx, "%s: version (float): %f, version (int): %d\n", - fn_name, version, (int)version); - p15card->version = (int)version; /* the manufacturer ID, in this case GemPlus */ - if (p15card->manufacturer_id) - free(p15card->manufacturer_id); - p15card->manufacturer_id = malloc(strlen(MANU_ID) + 1); - if (!p15card->manufacturer_id) + if (p15card->tokeninfo->manufacturer_id) + free(p15card->tokeninfo->manufacturer_id); + p15card->tokeninfo->manufacturer_id = malloc(strlen(MANU_ID) + 1); + if (!p15card->tokeninfo->manufacturer_id) return SC_ERROR_INTERNAL; - strcpy(p15card->manufacturer_id, MANU_ID); + strcpy(p15card->tokeninfo->manufacturer_id, MANU_ID); /* set certs */ - sc_debug(p15card->card->ctx, "%s: Setting certificate\n", fn_name); + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "%s: Setting certificate\n", fn_name); for (i = 0; gemsafe_cert[i].label; i++) { struct sc_pkcs15_id p15Id; @@ -286,7 +282,7 @@ gemsafe_cert[i].label, gemsafe_cert[i].obj_flags); } /* set gemsafe_pin */ - sc_debug(p15card->card->ctx, "%s: Setting PIN\n", fn_name); + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "%s: Setting PIN\n", fn_name); for (i = 0; gemsafe_pin[i].label; i++) { struct sc_pkcs15_id p15Id; @@ -299,7 +295,7 @@ gemsafe_pin[i].obj_flags); } /* set private keys */ - sc_debug(p15card->card->ctx, "%s: Setting private key\n", fn_name); + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "%s: Setting private key\n", fn_name); for (i = 0; gemsafe_prkeys[i].label; i++) { struct sc_pkcs15_id p15Id, authId, *pauthId; @@ -316,7 +312,7 @@ */ if ( p15card->card->flags & 0x0F) { key_ref = p15card->card->flags & 0x0F; - sc_debug(p15card->card->ctx, + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "Overriding key_ref with %d\n", key_ref); } sc_pkcs15emu_add_prkey(p15card, &p15Id, gemsafe_prkeys[i].label, @@ -327,7 +323,7 @@ } /* select the application DF */ - sc_debug(p15card->card->ctx,"%s: Selecting application DF\n", fn_name); + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL,"%s: Selecting application DF\n", fn_name); sc_format_path("3F001600", &path); r = sc_select_file(card, &path, &file); if (r != SC_SUCCESS || !file) @@ -376,7 +372,7 @@ if (!file) return NULL; sc_format_path("11001101", &file->path); - sc_pkcs15_add_df(p15card, type, &file->path, file); + sc_pkcs15_add_df(p15card, type, &file->path); sc_file_free(file); created++; } @@ -416,7 +412,7 @@ df_type = SC_PKCS15_CDF; break; default: - sc_error(p15card->card->ctx, + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "Unknown PKCS15 object type %d\n", type); free(obj); return SC_ERROR_INVALID_ARGUMENTS; diff -Nru opensc-0.11.13/src/libopensc/pkcs15.h opensc-0.12.1/src/libopensc/pkcs15.h --- opensc-0.11.13/src/libopensc/pkcs15.h 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/pkcs15.h 2011-05-17 17:07:00.000000000 +0000 @@ -25,7 +25,7 @@ extern "C" { #endif -#include +#include "libopensc/opensc.h" #define SC_PKCS15_CACHE_DIR ".eid" @@ -34,6 +34,12 @@ #define SC_PKCS15_MAX_LABEL_SIZE 255 #define SC_PKCS15_MAX_ID_SIZE 255 +/* When changing this value, change also initialisation of the + * static ASN1 variables, that use this macro, + * like for example, 'c_asn1_access_control_rules' + * in src/libopensc/asn1.c */ +#define SC_PKCS15_MAX_ACCESS_RULES 8 + struct sc_pkcs15_id { u8 value[SC_PKCS15_MAX_ID_SIZE]; size_t len; @@ -63,14 +69,20 @@ #define SC_PKCS15_PIN_TYPE_HALFNIBBLE_BCD 3 #define SC_PKCS15_PIN_TYPE_ISO9564_1 4 +#define SC_PKCS15_PIN_AUTH_TYPE_PIN 0 +#define SC_PKCS15_PIN_AUTH_TYPE_AUTH_KEY 1 +#define SC_PKCS15_PIN_AUTH_TYPE_SM_KEY 2 + struct sc_pkcs15_pin_info { struct sc_pkcs15_id auth_id; int reference; unsigned int flags, type; + unsigned int auth_method; size_t min_length, stored_length, max_length; u8 pad_char; struct sc_path path; int tries_left; + int max_tries; unsigned int magic; }; @@ -85,11 +97,6 @@ #define SC_PKCS15_ALGO_OP_HASH 0x40 #define SC_PKCS15_ALGO_OP_GENERATE_KEY 0x80 -struct sc_pkcs15_algorithm_info { - int reference; - int algorithm, supported_operations; -}; - /* A large integer, big endian notation */ struct sc_pkcs15_bignum { u8 * data; @@ -142,6 +149,29 @@ sc_pkcs15_bignum_t priv; }; +/* + * The ecParameters can be presented as + * - named curve; + * - OID of named curve; + * - implicit parameters. + */ +struct sc_pkcs15_ec_parameters { + char *named_curve; + struct sc_object_id id; + sc_pkcs15_der_t der; + size_t field_length; /* in bits */ +}; + +struct sc_pkcs15_pubkey_ec { + struct sc_pkcs15_ec_parameters params; + sc_pkcs15_der_t ecpointQ; /* note this is der */ +}; + +struct sc_pkcs15_prkey_ec { + struct sc_pkcs15_ec_parameters params; + sc_pkcs15_bignum_t privateD; /* note this is bignum */ +}; + struct sc_pkcs15_pubkey_gostr3410 { sc_pkcs15_bignum_t xy; }; @@ -153,11 +183,13 @@ struct sc_pkcs15_pubkey { int algorithm; + struct sc_algorithm_id * alg_id; /* Decoded key */ union { struct sc_pkcs15_pubkey_rsa rsa; struct sc_pkcs15_pubkey_dsa dsa; + struct sc_pkcs15_pubkey_ec ec; struct sc_pkcs15_pubkey_gostr3410 gostr3410; } u; @@ -168,9 +200,12 @@ struct sc_pkcs15_prkey { unsigned int algorithm; +/* TODO do we need: struct sc_algorithm_id * alg_id; */ + union { struct sc_pkcs15_prkey_rsa rsa; struct sc_pkcs15_prkey_dsa dsa; + struct sc_pkcs15_prkey_ec ec; struct sc_pkcs15_prkey_gostr3410 gostr3410; } u; }; @@ -200,7 +235,7 @@ u8 *crl; size_t crl_len; - struct sc_pkcs15_pubkey key; + struct sc_pkcs15_pubkey * key; u8 *data; /* DER encoded raw cert */ size_t data_len; }; @@ -263,15 +298,46 @@ unsigned int gostr3410, gostr3411, gost28147; }; +/* AccessMode bit definitions specified in PKCS#15 v1.1 + * and extended by IAS/ECC v1.0.1 specification. */ +#define SC_PKCS15_ACCESS_RULE_MODE_READ 0x01 +#define SC_PKCS15_ACCESS_RULE_MODE_UPDATE 0x02 +#define SC_PKCS15_ACCESS_RULE_MODE_EXECUTE 0x04 +#define SC_PKCS15_ACCESS_RULE_MODE_DELETE 0x08 +#define SC_PKCS15_ACCESS_RULE_MODE_ATTRIBUTE 0x10 +#define SC_PKCS15_ACCESS_RULE_MODE_PSO_CDS 0x20 +#define SC_PKCS15_ACCESS_RULE_MODE_PSO_VERIFY 0x40 +#define SC_PKCS15_ACCESS_RULE_MODE_PSO_DECRYPT 0x80 +#define SC_PKCS15_ACCESS_RULE_MODE_PSO_ENCRYPT 0x100 +#define SC_PKCS15_ACCESS_RULE_MODE_INT_AUTH 0x200 +#define SC_PKCS15_ACCESS_RULE_MODE_EXT_AUTH 0x400 + +struct sc_pkcs15_accessrule { + unsigned access_mode; + struct sc_pkcs15_id auth_id; +}; +typedef struct sc_pkcs15_accessrule sc_pkcs15_accessrule_t; + + +struct sc_pkcs15_key_params { + void *data; + size_t len; + void (*free_params)(void *); +}; + struct sc_pkcs15_prkey_info { struct sc_pkcs15_id id; /* correlates to public certificate id */ unsigned int usage, access_flags; int native, key_reference; - size_t modulus_length; - u8 *subject; - size_t subject_len; - void *params; - size_t params_len; + /* convert to union if other types are supported */ + size_t modulus_length; /* RSA */ + size_t field_length; /* EC in bits */ + + unsigned int algo_refs[SC_MAX_SUPPORTED_ALGORITHMS]; + + struct sc_pkcs15_der subject; + + struct sc_pkcs15_key_params params; struct sc_path path; }; @@ -281,11 +347,15 @@ struct sc_pkcs15_id id; /* correlates to private key id */ unsigned int usage, access_flags; int native, key_reference; - size_t modulus_length; - u8 *subject; - size_t subject_len; - void *params; - size_t params_len; + /* convert to union if other types are supported */ + size_t modulus_length; /* RSA */ + size_t field_length; /* EC in bits */ + + unsigned int algo_refs[SC_MAX_SUPPORTED_ALGORITHMS]; + + struct sc_pkcs15_der subject; + + struct sc_pkcs15_key_params params; struct sc_path path; }; @@ -297,11 +367,13 @@ #define SC_PKCS15_TYPE_PRKEY_RSA 0x101 #define SC_PKCS15_TYPE_PRKEY_DSA 0x102 #define SC_PKCS15_TYPE_PRKEY_GOSTR3410 0x103 +#define SC_PKCS15_TYPE_PRKEY_EC 0x104 #define SC_PKCS15_TYPE_PUBKEY 0x200 #define SC_PKCS15_TYPE_PUBKEY_RSA 0x201 #define SC_PKCS15_TYPE_PUBKEY_DSA 0x202 #define SC_PKCS15_TYPE_PUBKEY_GOSTR3410 0x203 +#define SC_PKCS15_TYPE_PUBKEY_EC 0x204 #define SC_PKCS15_TYPE_CERT 0x400 #define SC_PKCS15_TYPE_CERT_X509 0x401 @@ -325,15 +397,21 @@ unsigned int flags; struct sc_pkcs15_id auth_id; + int usage_counter; int user_consent; + struct sc_pkcs15_accessrule access_rules[SC_PKCS15_MAX_ACCESS_RULES]; + /* Object type specific data */ void *data; + /* emulated object pointer */ + void *emulated; + struct sc_pkcs15_df *df; /* can be NULL, if object is 'floating' */ struct sc_pkcs15_object *next, *prev; /* used only internally */ - struct sc_pkcs15_der der; + struct sc_pkcs15_der content; }; typedef struct sc_pkcs15_object sc_pkcs15_object_t; @@ -349,9 +427,9 @@ #define SC_PKCS15_AODF 8 #define SC_PKCS15_DF_TYPE_COUNT 9 -struct sc_pkcs15_df { - struct sc_file *file; +struct sc_pkcs15_card; +struct sc_pkcs15_df { struct sc_path path; int record_length; unsigned int type; @@ -371,14 +449,13 @@ #define SC_PKCS15_CARD_MAGIC 0x10203040 -typedef struct { +typedef struct sc_pkcs15_sec_env_info { int se; struct sc_object_id owner; - u8 aid[SC_MAX_AID_SIZE]; - size_t aid_len; + struct sc_aid aid; } sc_pkcs15_sec_env_info_t; -typedef struct { +typedef struct sc_pkcs15_tokeninfo { unsigned int version; unsigned int flags; char *label; @@ -388,53 +465,61 @@ char *preferred_language; sc_pkcs15_sec_env_info_t **seInfo; size_t num_seInfo; + + struct sc_supported_algo_info supported_algos[SC_MAX_SUPPORTED_ALGORITHMS]; } sc_pkcs15_tokeninfo_t; +struct sc_pkcs15_operations { + int (*parse_df)(struct sc_pkcs15_card *, struct sc_pkcs15_df *); + void (*clear)(struct sc_pkcs15_card *); + int (*get_guid)(struct sc_pkcs15_card *, const struct sc_pkcs15_object *, + char *, size_t); +}; + typedef struct sc_pkcs15_card { sc_card_t *card; - char *label; - /* fields from TokenInfo: */ - int version; - char *serial_number, *manufacturer_id; - char *last_update; unsigned int flags; - struct sc_pkcs15_algorithm_info alg_info[1]; + + struct sc_app_info *app; sc_file_t *file_app; sc_file_t *file_tokeninfo, *file_odf, *file_unusedspace; struct sc_pkcs15_df *df_list; struct sc_pkcs15_object *obj_list; - int record_lengths[SC_PKCS15_DF_TYPE_COUNT]; + sc_pkcs15_tokeninfo_t *tokeninfo; sc_pkcs15_unusedspace_t *unusedspace_list; int unusedspace_read; struct sc_pkcs15_card_opts { - int use_cache; + int use_file_cache; + int use_pin_cache; + int pin_cache_counter; } opts; - sc_pkcs15_sec_env_info_t **seInfo; - size_t num_seInfo; unsigned int magic; void *dll_handle; /* shared lib for emulated cards */ - char *preferred_language; + + struct sc_pkcs15_operations ops; + } sc_pkcs15_card_t; -#define SC_PKCS15_CARD_FLAG_READONLY 0x01 -#define SC_PKCS15_CARD_FLAG_LOGIN_REQUIRED 0x02 -#define SC_PKCS15_CARD_FLAG_PRN_GENERATION 0x04 -#define SC_PKCS15_CARD_FLAG_EID_COMPLIANT 0x08 -#define SC_PKCS15_CARD_FLAG_SIGN_WITH_DECRYPT 0x10000000 -#define SC_PKCS15_CARD_FLAG_EMULATED 0x20000000 -#define SC_PKCS15_CARD_FLAG_FIX_INTEGERS 0x40000000 +/* flags suitable for sc_pkcs15_tokeninfo_t */ +#define SC_PKCS15_TOKEN_READONLY 0x01 +#define SC_PKCS15_TOKEN_LOGIN_REQUIRED 0x02 /* Don't use */ +#define SC_PKCS15_TOKEN_PRN_GENERATION 0x04 +#define SC_PKCS15_TOKEN_EID_COMPLIANT 0x08 + +/* flags suitable for sc_pkcs15_card_t */ +#define SC_PKCS15_CARD_FLAG_EMULATED 0x02000000 /* sc_pkcs15_bind: Binds a card object to a PKCS #15 card object * and initializes a new PKCS #15 card object. Will return * SC_ERROR_PKCS15_APP_NOT_FOUND, if the card hasn't got a * valid PKCS #15 file structure. */ -int sc_pkcs15_bind(struct sc_card *card, +int sc_pkcs15_bind(struct sc_card *card, struct sc_aid *aid, struct sc_pkcs15_card **pkcs15_card); /* sc_pkcs15_unbind: Releases a PKCS #15 card object, and frees any * memory allocations done on the card object. */ @@ -464,30 +549,45 @@ unsigned long alg_flags, const u8 *in, size_t inlen, u8 *out, size_t outlen); -int sc_pkcs15_read_pubkey(struct sc_pkcs15_card *card, - const struct sc_pkcs15_object *obj, - struct sc_pkcs15_pubkey **out); -int sc_pkcs15_decode_pubkey_rsa(struct sc_context *ctx, - struct sc_pkcs15_pubkey_rsa *pubkey, +int sc_pkcs15_read_pubkey(struct sc_pkcs15_card *, + const struct sc_pkcs15_object *, + struct sc_pkcs15_pubkey **); +int sc_pkcs15_decode_pubkey_rsa(struct sc_context *, + struct sc_pkcs15_pubkey_rsa *, const u8 *, size_t); int sc_pkcs15_encode_pubkey_rsa(struct sc_context *, struct sc_pkcs15_pubkey_rsa *, u8 **, size_t *); -int sc_pkcs15_decode_pubkey_dsa(struct sc_context *ctx, - struct sc_pkcs15_pubkey_dsa *pubkey, +int sc_pkcs15_decode_pubkey_dsa(struct sc_context *, + struct sc_pkcs15_pubkey_dsa *, const u8 *, size_t); int sc_pkcs15_encode_pubkey_dsa(struct sc_context *, struct sc_pkcs15_pubkey_dsa *, u8 **, size_t *); +int sc_pkcs15_decode_pubkey_gostr3410(sc_context_t *, + struct sc_pkcs15_pubkey_gostr3410 *, const u8 *, size_t); +int sc_pkcs15_encode_pubkey_gostr3410(sc_context_t *, + struct sc_pkcs15_pubkey_gostr3410 *, u8 **, size_t *); +int sc_pkcs15_decode_pubkey_ec(struct sc_context *, + struct sc_pkcs15_pubkey_ec *, const u8 *, size_t); +int sc_pkcs15_encode_pubkey_ec(struct sc_context *, + struct sc_pkcs15_pubkey_ec *, u8 **, size_t *); int sc_pkcs15_decode_pubkey(struct sc_context *, struct sc_pkcs15_pubkey *, const u8 *, size_t); int sc_pkcs15_encode_pubkey(struct sc_context *, struct sc_pkcs15_pubkey *, u8 **, size_t *); -void sc_pkcs15_erase_pubkey(struct sc_pkcs15_pubkey *pubkey); -void sc_pkcs15_free_pubkey(struct sc_pkcs15_pubkey *pubkey); - -int sc_pkcs15_read_prkey(struct sc_pkcs15_card *card, - const struct sc_pkcs15_object *obj, +void sc_pkcs15_erase_pubkey(struct sc_pkcs15_pubkey *); +void sc_pkcs15_free_pubkey(struct sc_pkcs15_pubkey *); +int sc_pkcs15_pubkey_from_prvkey(struct sc_context *, struct sc_pkcs15_prkey *, + struct sc_pkcs15_pubkey **); +int sc_pkcs15_pubkey_from_cert(struct sc_context *, struct sc_pkcs15_der *, + struct sc_pkcs15_pubkey **); +int sc_pkcs15_pubkey_from_spki_filename(struct sc_context *, + char *, sc_pkcs15_pubkey_t ** ); +int sc_pkcs15_pubkey_from_spki(struct sc_context *, + sc_pkcs15_pubkey_t **, u8 *, size_t, int); +int sc_pkcs15_read_prkey(struct sc_pkcs15_card *, + const struct sc_pkcs15_object *, const char *passphrase, - struct sc_pkcs15_prkey **out); + struct sc_pkcs15_prkey **); int sc_pkcs15_decode_prkey(struct sc_context *, struct sc_pkcs15_prkey *, const u8 *, size_t); @@ -496,6 +596,7 @@ u8 **, size_t *); void sc_pkcs15_erase_prkey(struct sc_pkcs15_prkey *prkey); void sc_pkcs15_free_prkey(struct sc_pkcs15_prkey *prkey); +void sc_pkcs15_free_key_params(struct sc_pkcs15_key_params *params); int sc_pkcs15_read_data_object(struct sc_pkcs15_card *p15card, const struct sc_pkcs15_data_info *info, @@ -542,14 +643,14 @@ struct sc_pkcs15_object **out); int sc_pkcs15_verify_pin(struct sc_pkcs15_card *card, - struct sc_pkcs15_pin_info *pin, + struct sc_pkcs15_object *pin_obj, const u8 *pincode, size_t pinlen); int sc_pkcs15_change_pin(struct sc_pkcs15_card *card, - struct sc_pkcs15_pin_info *pin, + struct sc_pkcs15_object *pin_obj, const u8 *oldpincode, size_t oldpinlen, const u8 *newpincode, size_t newpinlen); int sc_pkcs15_unblock_pin(struct sc_pkcs15_card *card, - struct sc_pkcs15_pin_info *pin, + struct sc_pkcs15_object *pin_obj, const u8 *puk, size_t puklen, const u8 *newpin, size_t newpinlen); int sc_pkcs15_find_pin_by_auth_id(struct sc_pkcs15_card *card, @@ -558,9 +659,19 @@ int sc_pkcs15_find_pin_by_reference(struct sc_pkcs15_card *card, const sc_path_t *path, int reference, struct sc_pkcs15_object **out); +int sc_pkcs15_find_pin_by_type_and_reference(struct sc_pkcs15_card *card, + const sc_path_t *path, unsigned auth_method, + int reference, + struct sc_pkcs15_object **out); int sc_pkcs15_find_so_pin(struct sc_pkcs15_card *card, struct sc_pkcs15_object **out); +void sc_pkcs15_pincache_add(struct sc_pkcs15_card *, struct sc_pkcs15_object *, + const u8 *, size_t); +int sc_pkcs15_pincache_revalidate(struct sc_pkcs15_card *p15card, + const sc_pkcs15_object_t *obj); +void sc_pkcs15_pincache_clear(struct sc_pkcs15_card *p15card); + int sc_pkcs15_encode_dir(struct sc_context *ctx, struct sc_pkcs15_card *card, u8 **buf, size_t *buflen); @@ -624,9 +735,7 @@ struct sc_pkcs15_object *obj); void sc_pkcs15_remove_object(struct sc_pkcs15_card *p15card, struct sc_pkcs15_object *obj); -int sc_pkcs15_add_df(struct sc_pkcs15_card *p15card, - unsigned int type, const sc_path_t *path, - const struct sc_file *file); +int sc_pkcs15_add_df(struct sc_pkcs15_card *, unsigned int, const sc_path_t *); void sc_pkcs15_remove_df(struct sc_pkcs15_card *p15card, struct sc_pkcs15_df *df); @@ -677,11 +786,30 @@ const char *sc_pkcs15_print_id(const struct sc_pkcs15_id *id); void sc_pkcs15_format_id(const char *id_in, struct sc_pkcs15_id *id_out); int sc_pkcs15_hex_string_to_id(const char *in, struct sc_pkcs15_id *out); -void sc_der_copy(sc_pkcs15_der_t *, const sc_pkcs15_der_t *); -void sc_der_clear(sc_pkcs15_der_t *); +int sc_der_copy(sc_pkcs15_der_t *, const sc_pkcs15_der_t *); +int sc_pkcs15_get_object_id(const struct sc_pkcs15_object *, struct sc_pkcs15_id *); +int sc_pkcs15_get_guid(struct sc_pkcs15_card *, const struct sc_pkcs15_object *, + char *, size_t); +int sc_encode_oid (struct sc_context *, struct sc_object_id *, + unsigned char **, size_t *); + /* Prepend 'parent' to 'child' in case 'child' is a relative path */ int sc_pkcs15_make_absolute_path(const sc_path_t *parent, sc_path_t *child); +/* Clean and free object content */ +void sc_pkcs15_free_object_content(struct sc_pkcs15_object *); + +/* Allocate and set object content */ +int sc_pkcs15_allocate_object_content(struct sc_pkcs15_object *, + const unsigned char *, size_t); + +struct sc_supported_algo_info *sc_pkcs15_get_supported_algo(struct sc_pkcs15_card *, + unsigned, unsigned); +int sc_pkcs15_add_supported_algo_ref(struct sc_pkcs15_object *, + struct sc_supported_algo_info *); + +int sc_pkcs15_fix_ec_parameters(struct sc_context *, struct sc_pkcs15_ec_parameters *); + /* New object search API. * More complex, but also more powerful. */ @@ -714,8 +842,8 @@ extern int sc_pkcs15_bind_synthetic(sc_pkcs15_card_t *); extern int sc_pkcs15_is_emulation_only(sc_card_t *); -int sc_pkcs15emu_object_add(sc_pkcs15_card_t *p15card, unsigned int type, - const sc_pkcs15_object_t *obj, const void *data); +int sc_pkcs15emu_object_add(sc_pkcs15_card_t *, unsigned int, + const sc_pkcs15_object_t *, const void *); /* some wrapper functions for sc_pkcs15emu_object_add */ int sc_pkcs15emu_add_pin_obj(sc_pkcs15_card_t *, const sc_pkcs15_object_t *, const sc_pkcs15_pin_info_t *); @@ -723,9 +851,13 @@ const sc_pkcs15_object_t *, const sc_pkcs15_prkey_info_t *); int sc_pkcs15emu_add_rsa_pubkey(sc_pkcs15_card_t *, const sc_pkcs15_object_t *, const sc_pkcs15_pubkey_info_t *); -int sc_pkcs15emu_add_x509_cert(sc_pkcs15_card_t *p15card, +int sc_pkcs15emu_add_ec_prkey(sc_pkcs15_card_t *, + const sc_pkcs15_object_t *, const sc_pkcs15_prkey_info_t *); +int sc_pkcs15emu_add_ec_pubkey(sc_pkcs15_card_t *, + const sc_pkcs15_object_t *, const sc_pkcs15_pubkey_info_t *); +int sc_pkcs15emu_add_x509_cert(sc_pkcs15_card_t *, const sc_pkcs15_object_t *, const sc_pkcs15_cert_info_t *); -int sc_pkcs15emu_add_data_object(sc_pkcs15_card_t *p15card, +int sc_pkcs15emu_add_data_object(sc_pkcs15_card_t *, const sc_pkcs15_object_t *, const sc_pkcs15_data_info_t *); #ifdef __cplusplus diff -Nru opensc-0.11.13/src/libopensc/pkcs15-infocamere.c opensc-0.12.1/src/libopensc/pkcs15-infocamere.c --- opensc-0.11.13/src/libopensc/pkcs15-infocamere.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/pkcs15-infocamere.c 2011-05-17 17:07:00.000000000 +0000 @@ -21,21 +21,19 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" -#include -#include #include #include #include -#include - #ifdef ENABLE_ZLIB #include #endif +#include "common/compat_strlcpy.h" +#include "pkcs15.h" +#include "log.h" + int sc_pkcs15emu_infocamere_init_ex(sc_pkcs15_card_t *, sc_pkcs15emu_opt_t *); @@ -242,9 +240,7 @@ sc_format_path("3F002F02", &path); - sc_ctx_suppress_errors_on(card->ctx); r = sc_select_file(card, &path, &file); - sc_ctx_suppress_errors_off(card->ctx); if (r != SC_SUCCESS || file->size > 255) { /* Not EF.GDO */ @@ -291,16 +287,16 @@ return SC_ERROR_WRONG_CARD; } - set_string(&p15card->serial_number, serial); + set_string(&p15card->tokeninfo->serial_number, serial); if (ef_gdo[len_iccsn + 6] == 0x02) - set_string(&p15card->label, "Infocamere 1202 Card"); + set_string(&p15card->tokeninfo->label, "Infocamere 1202 Card"); else { - set_string(&p15card->label, "Infocamere 1203 Card"); + set_string(&p15card->tokeninfo->label, "Infocamere 1203 Card"); change_sign = 1; } - set_string(&p15card->manufacturer_id, "Infocamere"); + set_string(&p15card->tokeninfo->manufacturer_id, "Infocamere"); authority = 0; @@ -308,9 +304,7 @@ sc_format_path(infocamere_auth_certpath[ef_gdo[len_iccsn+6]-2], &path); - sc_ctx_suppress_errors_on(card->ctx); r = sc_select_file(card, &path, NULL); - sc_ctx_suppress_errors_off(card->ctx); if (r >= 0) { @@ -398,9 +392,7 @@ sc_format_path(infocamere_cacert_path[ef_gdo[len_iccsn+6]-2], &path); - sc_ctx_suppress_errors_on(card->ctx); r = sc_select_file(card, &path, NULL); - sc_ctx_suppress_errors_off(card->ctx); if (r >= 0) { size_t len; @@ -522,15 +514,14 @@ sc_read_binary(card, 2, size, 2, 0); compLen = (size[0] << 8) + size[1]; - compCert = - (unsigned char *) malloc(compLen * sizeof(unsigned char)); + compCert = malloc(compLen * sizeof(unsigned char)); len = 4 * compLen; /*Approximation of the uncompressed size */ - cert = (unsigned char *) malloc(len * sizeof(unsigned char)); + cert = malloc(len * sizeof(unsigned char)); sc_read_binary(card, 4, compCert, compLen, 0); if ((r = uncompress(cert, &len, compCert, compLen)) != Z_OK) { - sc_error(p15card->card->ctx, "Zlib error: %d", r); + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "Zlib error: %d", r); return SC_ERROR_INTERNAL; } @@ -596,7 +587,7 @@ set_security_env = card->ops->set_security_env; card->ops->set_security_env = infocamere_1400_set_sec_env; card->ops->compute_signature = do_sign; - p15card->opts.use_cache = 1; + p15card->opts.use_file_cache = 1; sc_format_path("30000001", &path); @@ -608,13 +599,13 @@ sc_read_binary(card, 15, serial, 15, 0); serial[15] = '\0'; - set_string(&p15card->serial_number, (char *)serial); - set_string(&p15card->label, "Infocamere 1400 Card"); - set_string(&p15card->manufacturer_id, "Infocamere"); + set_string(&p15card->tokeninfo->serial_number, (char *)serial); + set_string(&p15card->tokeninfo->label, "Infocamere 1400 Card"); + set_string(&p15card->tokeninfo->manufacturer_id, "Infocamere"); if ((r = loadCertificate(p15card, 0, certPath[0], certLabel[0])) != SC_SUCCESS) { - sc_error(p15card->card->ctx, "%s", sc_strerror(r)); + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "%s", sc_strerror(r)); return SC_ERROR_WRONG_CARD; } @@ -733,9 +724,9 @@ sc_read_binary(card, 30, serial, 16, 0); serial[16] = '\0'; - set_string(&p15card->serial_number, (char *) serial); - set_string(&p15card->label, "Infocamere 1600 Card"); - set_string(&p15card->manufacturer_id, "Infocamere"); + set_string(&p15card->tokeninfo->serial_number, (char *) serial); + set_string(&p15card->tokeninfo->label, "Infocamere 1600 Card"); + set_string(&p15card->tokeninfo->manufacturer_id, "Infocamere"); /* Adding certificates. * Certificates are stored in a ZLib compressed form with @@ -837,10 +828,10 @@ return SC_ERROR_WRONG_CARD; } - if (memcmp(p15card->card->atr, ATR_1600, sizeof(ATR_1600)) == 0) + if (memcmp(p15card->card->atr.value, ATR_1600, sizeof(ATR_1600)) == 0) return infocamere_1600_init(p15card); #ifdef ENABLE_ZLIB - else if (memcmp(p15card->card->atr, ATR_1400, sizeof(ATR_1400)) == + else if (memcmp(p15card->card->atr.value, ATR_1400, sizeof(ATR_1400)) == 0) return infocamere_1400_init(p15card); #endif diff -Nru opensc-0.11.13/src/libopensc/pkcs15-itacns.c opensc-0.12.1/src/libopensc/pkcs15-itacns.c --- opensc-0.11.13/src/libopensc/pkcs15-itacns.c 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/libopensc/pkcs15-itacns.c 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,870 @@ +/* + * PKCS15 emulation layer for Italian CNS. + * + * Copyright (C) 2008, Emanuele Pucciarelli + * Many snippets have been taken out from other PKCS15 emulation layer + * modules in this directory; their copyright is their authors'. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +/* + * Specifications for the development of this driver come from: + * http://www.servizidemografici.interno.it/sitoCNSD/documentazioneRicerca.do?metodo=contenutoDocumento&servizio=documentazione&ID_DOCUMENTO=1043 + */ + + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include "pkcs15.h" +#include "log.h" +#include "cards.h" +#include "itacns.h" +#include +#include +#include +#include "common/compat_strlcpy.h" +#include "common/compat_strlcat.h" + +#ifdef ENABLE_OPENSSL +#include +#endif + +int sc_pkcs15emu_itacns_init_ex(sc_pkcs15_card_t *, + sc_pkcs15emu_opt_t *); + +static const char path_serial[] = "10001003"; + +/* Manufacturers */ + +const char * itacns_mask_manufacturers[] = { + "Unknown", + "Kaitech", + "Gemplus", + "Ghirlanda", + "Giesecke & Devrient", + "Oberthur Card Systems", + "Orga", + "Axalto", + "Siemens", + "STIncard", + "GEP", + "EPS Corp", + "Athena" +}; + +const char * iso7816_ic_manufacturers[] = { + "Unknown", + "Motorola", + "STMicroelectronics", + "Hitachi", + "NXP Semiconductors", + "Infineon", + "Cylinc", + "Texas Instruments", + "Fujitsu", + "Matsushita", + "NEC", + "Oki", + "Toshiba", + "Mitsubishi", + "Samsung", + "Hynix", + "LG", + "Emosyn-EM", + "INSIDE", + "ORGA", + "SHARP", + "ATMEL", + "EM Microelectronic-Marin", + "KSW Microtec", + "ZMD", + "XICOR", + "Sony", + "Malaysia Microelectronic Solutions", + "Emosyn", + "Shanghai Fudan", + "Magellan", + "Melexis", + "Renesas", + "TAGSYS", + "Transcore", + "Shanghai belling", + "Masktech", + "Innovision", + "Hitachi", + "Cypak", + "Ricoh", + "ASK", + "Unicore", + "Dallas", + "Impinj", + "RightPlug Alliance", + "Broadcom", + "MStar", + "BeeDar", + "RFIDsec", + "Schweizer Electronic", + "AMIC Technology", + "Mikron", + "Fraunhofer", + "IDS Microchip", + "Kovio", + "HMT Microelectronic", + "Silicon Craft", + "Advanced Film Device", + "Nitecrest", + "Verayo", + "HID Gloval", + "Productivity Engineering", + "Austriamicrosystems", + "Gemalto" +}; + +/* Data files */ + +static const struct { + const char *label; + const char *path; + int cie_only; +} itacns_data_files[] = { + { "EF_DatiProcessore", "3F0010001002", 0 }, + { "EF_IDCarta", "3F0010001003", 0 }, + { "EF_DatiSistema", "3F0010001004", 1 }, + { "EF_DatiPersonali", "3F0011001102", 0 }, + { "EF_DatiPersonali_Annotazioni", "3F0011001103", 1 }, + { "EF_Impronte", "3F0011001104", 1 }, + { "EF_Foto", "3F0011001104", 1 }, + { "EF_DatiPersonaliAggiuntivi", "3F0012001201", 0 }, + { "EF_MemoriaResidua", "3F0012001202", 0 }, + { "EF_ServiziInstallati", "3F0012001203", 0 }, + { "EF_INST_FILE", "3F0012004142", 0 }, + { "EF_CardStatus", "3F003F02", 0 }, + { "EF_GDO", "3F002F02", 0 }, + { "EF_RootInstFile", "3F000405", 0 } +}; + + +/* + * Utility functions + */ + +static void set_string(char **strp, const char *value) +{ + if (*strp) + free(*strp); + *strp = value ? strdup(value) : NULL; +} + +static int loadFile(const sc_pkcs15_card_t *p15card, const sc_path_t *path, + u8 *buf, const size_t buflen) +{ + int sc_res; + SC_FUNC_CALLED(p15card->card->ctx, 1); + + sc_res = sc_select_file(p15card->card, path, NULL); + if(sc_res != SC_SUCCESS) + return sc_res; + + sc_res = sc_read_binary(p15card->card, 0, buf, buflen, 0); + return sc_res; +} + +/* + * The following functions add objects to the card emulator. + */ + +static int itacns_add_cert(sc_pkcs15_card_t *p15card, + int type, int authority, const sc_path_t *path, + const sc_pkcs15_id_t *id, const char *label, int obj_flags, + int *ext_info_ok, int *key_usage, int *x_key_usage) +{ + int r; + /* const char *label = "Certificate"; */ + sc_pkcs15_cert_info_t info; + sc_pkcs15_object_t obj; +#ifdef ENABLE_OPENSSL + X509 *x509; +#endif + sc_pkcs15_cert_t *cert; + + SC_FUNC_CALLED(p15card->card->ctx, 1); + + if(type != SC_PKCS15_TYPE_CERT_X509) { + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, + "Cannot add a certificate of a type other than X.509"); + return 1; + } + + *ext_info_ok = 0; + + + memset(&info, 0, sizeof(info)); + memset(&obj, 0, sizeof(obj)); + + info.id = *id; + info.authority = authority; + if (path) + info.path = *path; + + strlcpy(obj.label, label, sizeof(obj.label)); + obj.flags = obj_flags; + + r = sc_pkcs15emu_add_x509_cert(p15card, &obj, &info); + SC_TEST_RET(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r, + "Could not add X.509 certificate"); + + /* If we have OpenSSL, read keyUsage */ +#ifdef ENABLE_OPENSSL + + r = sc_pkcs15_read_certificate(p15card, &info, &cert); + SC_TEST_RET(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r, + "Could not read X.509 certificate"); + + { + const u8 *throwaway = cert->data; + x509 = d2i_X509(NULL, &throwaway, cert->data_len); + } + sc_pkcs15_free_certificate(cert); + if (!x509) return SC_SUCCESS; + X509_check_purpose(x509, -1, 0); + if(x509->ex_flags & EXFLAG_KUSAGE) { + *ext_info_ok = 1; + *key_usage = x509->ex_kusage; + *x_key_usage = x509->ex_xkusage; + } + OPENSSL_free(x509); + + return SC_SUCCESS; + +#else /* ENABLE_OPENSSL */ + + return SC_SUCCESS; + +#endif /* ENABLE_OPENSSL */ + +} + +static int itacns_add_pubkey(sc_pkcs15_card_t *p15card, + const sc_path_t *path, const sc_pkcs15_id_t *id, const char *label, + int usage, int ref, int obj_flags, int *modulus_len_out) +{ + int r; + sc_pkcs15_pubkey_info_t info; + sc_pkcs15_object_t obj; + + SC_FUNC_CALLED(p15card->card->ctx, 1); + + memset(&info, 0, sizeof(info)); + memset(&obj, 0, sizeof(obj)); + + info.id = *id; + if (path) + info.path = *path; + info.usage = usage; + info.key_reference = ref; + strlcpy(obj.label, label, sizeof(obj.label)); + obj.flags = obj_flags; + + /* + * This is hard-coded, unless unforeseen versions of the CNS + * turn up sometime. + */ + info.modulus_length = 1024; + + *modulus_len_out = info.modulus_length; + r = sc_pkcs15emu_add_rsa_pubkey(p15card, &obj, &info); + SC_TEST_RET(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r, + "Could not add pub key"); + return r; +} + +static int itacns_add_prkey(sc_pkcs15_card_t *p15card, + const sc_pkcs15_id_t *id, + const char *label, + int type, unsigned int modulus_length, int usage, + const sc_path_t *path, int ref, + const sc_pkcs15_id_t *auth_id, int obj_flags) +{ + sc_pkcs15_prkey_info_t info; + sc_pkcs15_object_t obj; + + SC_FUNC_CALLED(p15card->card->ctx, 1); + + if(type != SC_PKCS15_TYPE_PRKEY_RSA) { + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, + "Cannot add a private key of a type other than RSA"); + return 1; + } + + memset(&info, 0, sizeof(info)); + memset(&obj, 0, sizeof(obj)); + + info.id = *id; + info.modulus_length = modulus_length; + info.usage = usage; + info.native = 1; + info.key_reference = ref; + info.access_flags = + SC_PKCS15_PRKEY_ACCESS_SENSITIVE + | SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE + | SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE + | SC_PKCS15_PRKEY_ACCESS_LOCAL; + + if (path) + info.path = *path; + + obj.flags = obj_flags; + strlcpy(obj.label, label, sizeof(obj.label)); + if (auth_id != NULL) + obj.auth_id = *auth_id; + + return sc_pkcs15emu_add_rsa_prkey(p15card, &obj, &info); +} + +static int itacns_add_pin(sc_pkcs15_card_t *p15card, + char *label, + int id, + int auth_id, + int reference, + sc_path_t *path, + int flags) +{ + struct sc_pkcs15_pin_info pin_info; + struct sc_pkcs15_object pin_obj; + + SC_FUNC_CALLED(p15card->card->ctx, 1); + + memset(&pin_info, 0, sizeof(pin_info)); + pin_info.auth_id.len = 1; + pin_info.auth_id.value[0] = id; + pin_info.reference = reference; + pin_info.flags = flags; + pin_info.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC; + pin_info.min_length = 5; + pin_info.stored_length = 8; + pin_info.max_length = 8; + pin_info.pad_char = 0xff; + if(path) + pin_info.path = *path; + + memset(&pin_obj, 0, sizeof(pin_obj)); + strlcpy(pin_obj.label, label, sizeof(pin_obj.label)); + pin_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE | + (auth_id ? SC_PKCS15_CO_FLAG_MODIFIABLE : 0); + if (auth_id) { + pin_obj.auth_id.len = 1; + pin_obj.auth_id.value[0] = auth_id; + } else + pin_obj.auth_id.len = 0; + + return sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info); +} + +static int hextoint(char *src, unsigned int len) +{ + char hex[16]; + char *end; + int res; + + if(len >= sizeof(hex)) + return -1; + strncpy(hex, src, len+1); + hex[len] = '\0'; + res = strtol(hex, &end, 0x10); + if(end != (char*)&hex[len]) + return -1; + return res; +} + +static int get_name_from_EF_DatiPersonali(unsigned char *EFdata, + char name[], int name_len) +{ + /* + * Bytes 0-5 contain the ASCII encoding of the following TLV + * strcture's total size, in base 16. + */ + + const unsigned int EF_personaldata_maxlen = 400; + const unsigned int tlv_length_size = 6; + char *file = (char*)&EFdata[tlv_length_size]; + int file_size = hextoint((char*)EFdata, tlv_length_size); + + enum { + f_issuer_code = 0, + f_issuing_date, + f_expiry_date, + f_last_name, + f_first_name, + f_birth_date, + f_sex, + f_height, + f_codice_fiscale, + f_citizenship_code, + f_birth_township_code, + f_birth_country, + f_birth_certificate, + f_residence_township_code, + f_residence_address, + f_expat_notes + }; + + /* Read the fields up to f_first_name */ + struct { + int len; + char value[256]; + } fields[f_first_name+1]; + int i=0; /* offset inside the file */ + int f; /* field number */ + + if(file_size < 0) + return -1; + + /* + * This shouldn't happen, but let us be protected against wrong + * or malicious cards + */ + if(file_size > (int)EF_personaldata_maxlen - (int)tlv_length_size) + file_size = EF_personaldata_maxlen - tlv_length_size; + + + memset(fields, 0, sizeof(fields)); + + for(f=0; f file_size) + return -1; + + field_size = hextoint((char*) &file[i], 2); + if((field_size < 0) || (field_size+i > file_size)) + return -1; + + i += 2; + + if(field_size >= (int)sizeof(fields[f].value)) + return -1; + + fields[f].len = field_size; + strncpy(fields[f].value, &file[i], field_size); + fields[f].value[field_size] = '\0'; + i += field_size; + } + + if (fields[f_first_name].len + fields[f_last_name].len + 1 >= name_len) + return -1; + + snprintf(name, name_len, "%s %s", + fields[f_first_name].value, fields[f_last_name].value); + return 0; +} + +static int itacns_add_data_files(sc_pkcs15_card_t *p15card) +{ + const size_t array_size = + sizeof(itacns_data_files)/sizeof(itacns_data_files[0]); + unsigned int i; + int rv; + sc_pkcs15_data_t *p15_personaldata = NULL; + sc_pkcs15_data_info_t dinfo; + struct sc_pkcs15_object *objs[32]; + struct sc_pkcs15_data_info *cinfo; + + for(i=0; i < array_size; i++) { + sc_path_t path; + sc_pkcs15_data_info_t data; + sc_pkcs15_object_t obj; + + if (itacns_data_files[i].cie_only && + p15card->card->type != SC_CARD_TYPE_ITACNS_CIE_V2) + continue; + + sc_format_path(itacns_data_files[i].path, &path); + + memset(&data, 0, sizeof(data)); + memset(&obj, 0, sizeof(obj)); + strlcpy(data.app_label, itacns_data_files[i].label, + sizeof(data.app_label)); + strlcpy(obj.label, itacns_data_files[i].label, + sizeof(obj.label)); + data.path = path; + rv = sc_pkcs15emu_add_data_object(p15card, &obj, &data); + } + + /* + * If we got this far, we can read the Personal Data file and glean + * the user's full name. Thus we can use it to put together a + * user-friendlier card name. + */ + memset(&dinfo, 0, sizeof(dinfo)); + strcpy(dinfo.app_label, "EF_DatiPersonali"); + + /* Find EF_DatiPersonali */ + + rv = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_DATA_OBJECT, + objs, 32); + if(rv < 0) { + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, + "Data enumeration failed"); + return SC_SUCCESS; + } + + for(i=0; i<32; i++) { + cinfo = (struct sc_pkcs15_data_info *) objs[i]->data; + if(!strcmp("EF_DatiPersonali", objs[i]->label)) + break; + } + + if(i>=32) { + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, + "Could not find EF_DatiPersonali: " + "keeping generic card name"); + return SC_SUCCESS; + } + + rv = sc_pkcs15_read_data_object(p15card, cinfo, &p15_personaldata); + if (rv) { + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, + "Could not read EF_DatiPersonali: " + "keeping generic card name"); + } + + { + char fullname[160]; + if(get_name_from_EF_DatiPersonali(p15_personaldata->data, + fullname, sizeof(fullname))) { + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, + "Could not parse EF_DatiPersonali: " + "keeping generic card name"); + sc_pkcs15_free_data_object(p15_personaldata); + return SC_SUCCESS; + } + set_string(&p15card->tokeninfo->label, fullname); + } + sc_pkcs15_free_data_object(p15_personaldata); + return SC_SUCCESS; +} + +static int itacns_add_keyset(sc_pkcs15_card_t *p15card, + const char *label, int sec_env, sc_pkcs15_id_t *cert_id, + const char *pubkey_path, const char *prkey_path, + unsigned int pubkey_usage_flags, unsigned int prkey_usage_flags, + u8 pin_ref) +{ + int r; + sc_path_t path; + sc_path_t *private_path = NULL; + char pinlabel[16]; + int fake_puk_authid, pin_flags; + + /* This is hard-coded, for the time being. */ + int modulus_length = 1024; + + /* Public key; not really needed */ + /* FIXME: set usage according to the certificate. */ + if (pubkey_path) { + sc_format_path(pubkey_path, &path); + r = itacns_add_pubkey(p15card, &path, cert_id, label, + pubkey_usage_flags, sec_env, 0, &modulus_length); + SC_TEST_RET(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r, + "Could not add public key"); + } + + /* + * FIXME: usage should be inferred from the X.509 certificate, and not + * from whether the key needs Secure Messaging. + */ + if (prkey_path) { + sc_format_path(prkey_path, &path); + private_path = &path; + } + r = itacns_add_prkey(p15card, cert_id, label, SC_PKCS15_TYPE_PRKEY_RSA, + modulus_length, + prkey_usage_flags, + private_path, sec_env, cert_id, SC_PKCS15_CO_FLAG_PRIVATE); + SC_TEST_RET(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r, + "Could not add private key"); + + /* PIN and PUK */ + strlcpy(pinlabel, "PIN ", sizeof(pinlabel)); + strlcat(pinlabel, label, sizeof(pinlabel)); + + /* We are making up ID 0x90+ to link the PIN and the PUK. */ + fake_puk_authid = 0x90 + pin_ref; + pin_flags = SC_PKCS15_PIN_FLAG_CASE_SENSITIVE + | SC_PKCS15_PIN_FLAG_INITIALIZED; + r = itacns_add_pin(p15card, pinlabel, sec_env, fake_puk_authid, pin_ref, + private_path, pin_flags); + SC_TEST_RET(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r, + "Could not add PIN"); + + strlcpy(pinlabel, "PUK ", sizeof(pinlabel)); + strlcat(pinlabel, label, sizeof(pinlabel)); + /* + * Looking at pkcs15-tcos.c and pkcs15-framework.c, it seems that the + * right thing to do here is to define a PUK as a SO PIN. Can anybody + * comment on this? + */ + pin_flags |= SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN + | SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED; + r = itacns_add_pin(p15card, pinlabel, fake_puk_authid, 0, pin_ref+1, + private_path, pin_flags); + SC_TEST_RET(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r, + "Could not add PUK"); + + return 0; +} + +/* + * itacns_check_and_add_keyset() checks for the existence and correctness + * of an X.509 certificate. If it is all right, it adds the related keys; + * otherwise it aborts. + */ + +static int itacns_check_and_add_keyset(sc_pkcs15_card_t *p15card, + const char *label, int sec_env, size_t cert_offset, + const char *cert_path, const char *pubkey_path, const char *prkey_path, + u8 pin_ref, int *found_certificates) +{ + int r; + sc_path_t path; + sc_pkcs15_id_t cert_id; + int ext_info_ok; + int ku, xku; + int pubkey_usage_flags = 0, prkey_usage_flags = 0; + + cert_id.len = 1; + cert_id.value[0] = sec_env; + *found_certificates = 0; + + /* Certificate */ + if (!cert_path) { + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, + "We cannot use keys without a matching certificate"); + return SC_ERROR_NOT_SUPPORTED; + } + + sc_format_path(cert_path, &path); + r = sc_select_file(p15card->card, &path, NULL); + if (r == SC_ERROR_FILE_NOT_FOUND) + return 0; + if (r != SC_SUCCESS) { + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, + "Could not find certificate for %s", label); + return r; + } + + /* + * Infocamere 1204 (and others?) store a more complex structure. We + * are going to read the first bytes to guess its length, and invoke + * itacns_add_cert so that it only reads the certificate. + */ + if (cert_offset) { + u8 certlen[3]; + r = loadFile(p15card, &path, certlen, sizeof(certlen)); + SC_TEST_RET(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r, + "Could not read certificate file"); + path.index = cert_offset; + path.count = (certlen[1] << 8) + certlen[2]; + /* If those bytes are 00, then we are probably dealign with an + * empty file. */ + if (path.count == 0) + return 0; + } + + r = itacns_add_cert(p15card, SC_PKCS15_TYPE_CERT_X509, 0, + &path, &cert_id, label, 0, &ext_info_ok, &ku, &xku); + if (r == SC_ERROR_INVALID_ASN1_OBJECT) + return 0; + SC_TEST_RET(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r, + "Could not add certificate"); + (*found_certificates)++; + + /* Set usage flags */ + if(ext_info_ok) { +#ifdef ENABLE_OPENSSL + if (ku & KU_DIGITAL_SIGNATURE) { + pubkey_usage_flags |= SC_PKCS15_PRKEY_USAGE_VERIFY; + prkey_usage_flags |= SC_PKCS15_PRKEY_USAGE_SIGN; + } + if (ku & KU_NON_REPUDIATION) { + pubkey_usage_flags |= SC_PKCS15_PRKEY_USAGE_VERIFY; + prkey_usage_flags |= SC_PKCS15_PRKEY_USAGE_NONREPUDIATION; + } + if (ku & KU_KEY_ENCIPHERMENT || ku & KU_KEY_AGREEMENT + || xku & XKU_SSL_CLIENT) { + pubkey_usage_flags |= SC_PKCS15_PRKEY_USAGE_WRAP; + prkey_usage_flags |= SC_PKCS15_PRKEY_USAGE_UNWRAP; + } + if (ku & KU_DATA_ENCIPHERMENT || xku & XKU_SMIME) { + pubkey_usage_flags |= SC_PKCS15_PRKEY_USAGE_ENCRYPT; + prkey_usage_flags |= SC_PKCS15_PRKEY_USAGE_DECRYPT; + } +#else /* ENABLE_OPENSSL */ + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, + "Extended certificate info retrieved without OpenSSL. " + "How is this possible?"); + return SC_ERROR_INTERNAL; +#endif /* ENABLE_OPENSSL */ + } else { + /* Certificate info not retrieved; fall back onto defaults */ + pubkey_usage_flags = + SC_PKCS15_PRKEY_USAGE_VERIFY + | SC_PKCS15_PRKEY_USAGE_WRAP; + prkey_usage_flags = + SC_PKCS15_PRKEY_USAGE_SIGN + | SC_PKCS15_PRKEY_USAGE_UNWRAP; + } + + r = itacns_add_keyset(p15card, label, sec_env, &cert_id, + pubkey_path, prkey_path, pubkey_usage_flags, prkey_usage_flags, + pin_ref); + SC_TEST_RET(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r, + "Could not add keys for this certificate"); + + return r; +} + +/* Initialization. */ + +static int itacns_init(sc_pkcs15_card_t *p15card) +{ + int r; + sc_path_t path; + int certificate_count = 0; + int found_certs; + int card_is_cie_v1, cns0_secenv; + + SC_FUNC_CALLED(p15card->card->ctx, 1); + + set_string(&p15card->tokeninfo->label, p15card->card->name); + if(p15card->card->drv_data) { + unsigned int mask_code, ic_code; + char buffer[256]; + itacns_drv_data_t *data = + (itacns_drv_data_t*) p15card->card->drv_data; + mask_code = data->mask_manufacturer_code; + if (mask_code >= sizeof(itacns_mask_manufacturers) + /sizeof(itacns_mask_manufacturers[0])) + mask_code = 0; + ic_code = data->ic_manufacturer_code; + if (ic_code >= sizeof(iso7816_ic_manufacturers) + /sizeof(iso7816_ic_manufacturers[0])) + ic_code = 0; + snprintf(buffer, sizeof(buffer), "IC: %s; mask: %s", + iso7816_ic_manufacturers[ic_code], + itacns_mask_manufacturers[mask_code]); + set_string(&p15card->tokeninfo->manufacturer_id, buffer); + } + + /* Read and set serial */ + { + u8 serial[17]; + int bytes; + sc_format_path(path_serial, &path); + bytes = loadFile(p15card, &path, serial, 16); + if (bytes < 0) return bytes; + if (bytes > 16) return -1; + serial[bytes] = '\0'; + set_string(&p15card->tokeninfo->serial_number, (char*)serial); + } + + /* Is the card a CIE v1? */ + card_is_cie_v1 = + (p15card->card->type == SC_CARD_TYPE_ITACNS_CIE_V1) + || (p15card->card->type == SC_CARD_TYPE_CARDOS_CIE_V1); + cns0_secenv = (card_is_cie_v1 ? 0x31 : 0x01); + + /* If it's a Siemens CIE v1 card, set algo flags accordingly. */ + if (card_is_cie_v1) { + int i; + for (i = 0; i < p15card->card->algorithm_count; i++) { + sc_algorithm_info_t *info = + &p15card->card->algorithms[i]; + + if (info->algorithm != SC_ALGORITHM_RSA) + continue; + info->flags &= ~(SC_ALGORITHM_RSA_RAW + | SC_ALGORITHM_RSA_HASH_NONE); + info->flags |= (SC_ALGORITHM_RSA_PAD_PKCS1 + | SC_ALGORITHM_RSA_HASHES); + } + } + + /* Data files */ + r = itacns_add_data_files(p15card); + SC_TEST_RET(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r, + "Could not add data files"); + + /*** Certificate and keys. ***/ + /* Standard CNS */ + r = itacns_check_and_add_keyset(p15card, "CNS0", cns0_secenv, + 0, "3F0011001101", "3F003F01", NULL, + 0x10, &found_certs); + SC_TEST_RET(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r, + "Could not add CNS0"); + certificate_count += found_certs; + + /* Infocamere 1204 */ + r = itacns_check_and_add_keyset(p15card, "CNS01", 0x21, + 5, "3F002FFF8228", NULL, "3F002FFF0000", + 0x10, &found_certs); + SC_TEST_RET(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r, + "Could not add CNS01"); + certificate_count += found_certs; + + /* Digital signature */ + r = itacns_check_and_add_keyset(p15card, "CNS1", 0x10, + 0, "3F0014009010", "3F00140081108010", "3F0014008110", + 0x1a, &found_certs); + SC_TEST_RET(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r, + "Could not add CNS1"); + certificate_count += found_certs; + + /* Did we find anything? */ + if (certificate_count == 0) + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE, + "Warning: no certificates found!"); + + /* Back to Master File */ + sc_format_path("3F00", &path); + r = sc_select_file(p15card->card, &path, NULL); + SC_TEST_RET(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r, + "Could not select master file again"); + + return r; +} + +int sc_pkcs15emu_itacns_init_ex(sc_pkcs15_card_t *p15card, + sc_pkcs15emu_opt_t *opts) +{ + sc_card_t *card = p15card->card; + SC_FUNC_CALLED(card->ctx, 1); + + /* Check card */ + if (!(opts && opts->flags & SC_PKCS15EMU_FLAGS_NO_CHECK)) { + if (! ( + (card->type > SC_CARD_TYPE_ITACNS_BASE && + card->type < SC_CARD_TYPE_ITACNS_BASE + 1000) + || card->type == SC_CARD_TYPE_CARDOS_CIE_V1) + ) + return SC_ERROR_WRONG_CARD; + } + + /* Init card */ + return itacns_init(p15card); +} diff -Nru opensc-0.11.13/src/libopensc/pkcs15-oberthur.c opensc-0.12.1/src/libopensc/pkcs15-oberthur.c --- opensc-0.11.13/src/libopensc/pkcs15-oberthur.c 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/libopensc/pkcs15-oberthur.c 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,1099 @@ +/* + * PKCS15 emulation layer for Oberthur card. + * + * Copyright (C) 2010, Viktor Tarasov + * Copyright (C) 2005, Andrea Frigido + * Copyright (C) 2005, Sirio Capizzi + * Copyright (C) 2004, Antonino Iacono + * Copyright (C) 2003, Olaf Kirch + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include + +#include "pkcs15.h" +#include "log.h" +#include "asn1.h" +#include "internal.h" + +#ifdef ENABLE_OPENSSL +#include +#include +#include +#include +#endif + +#define OBERTHUR_ATTR_MODIFIABLE 0x0001 +#define OBERTHUR_ATTR_TRUSTED 0x0002 +#define OBERTHUR_ATTR_LOCAL 0x0004 +#define OBERTHUR_ATTR_ENCRYPT 0x0008 +#define OBERTHUR_ATTR_DECRYPT 0x0010 +#define OBERTHUR_ATTR_SIGN 0x0020 +#define OBERTHUR_ATTR_VERIFY 0x0040 +#define OBERTHUR_ATTR_RSIGN 0x0080 +#define OBERTHUR_ATTR_RVERIFY 0x0100 +#define OBERTHUR_ATTR_WRAP 0x0200 +#define OBERTHUR_ATTR_UNWRAP 0x0400 +#define OBERTHUR_ATTR_DERIVE 0x0800 + +#define USAGE_PRV_ENC (SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_DECRYPT |\ + SC_PKCS15_PRKEY_USAGE_WRAP | SC_PKCS15_PRKEY_USAGE_UNWRAP) +#define USAGE_PRV_AUT SC_PKCS15_PRKEY_USAGE_SIGN +#define USAGE_PRV_SIGN (SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_NONREPUDIATION) +#define USAGE_PUB_ENC (SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP) +#define USAGE_PUB_AUT SC_PKCS15_PRKEY_USAGE_VERIFY +#define USAGE_PUB_SIGN (SC_PKCS15_PRKEY_USAGE_VERIFY | SC_PKCS15_PRKEY_USAGE_VERIFYRECOVER) + +#define PIN_DOMAIN_LABEL "SCM" +const unsigned char PinDomainID[3] = {0x53, 0x43, 0x4D}; + +#define AWP_PIN_DF "3F005011" +#define AWP_TOKEN_INFO "3F0050111000" +#define AWP_PUK_FILE "3F0050112000" +#define AWP_CONTAINERS_MS "3F0050113000" +#define AWP_OBJECTS_LIST_PUB "3F0050114000" +#define AWP_OBJECTS_LIST_PRV "3F0050115000" +#define AWP_OBJECTS_DF_PUB "3F0050119001" +#define AWP_OBJECTS_DF_PRV "3F0050119002" +#define AWP_BASE_RSA_PRV "3F00501190023000" +#define AWP_BASE_RSA_PUB "3F00501190011000" +#define AWP_BASE_CERTIFICATE "3F00501190012000" + +#define BASE_ID_PUB_RSA 0x10 +#define BASE_ID_CERT 0x20 +#define BASE_ID_PRV_RSA 0x30 +#define BASE_ID_PRV_DES 0x40 +#define BASE_ID_PUB_DATA 0x50 +#define BASE_ID_PRV_DATA 0x60 +#define BASE_ID_PUB_DES 0x70 + +static int sc_pkcs15emu_oberthur_add_prvkey(struct sc_pkcs15_card *, unsigned, unsigned); +static int sc_pkcs15emu_oberthur_add_pubkey(struct sc_pkcs15_card *, unsigned, unsigned); +static int sc_pkcs15emu_oberthur_add_cert(struct sc_pkcs15_card *, unsigned); +static int sc_pkcs15emu_oberthur_add_data(struct sc_pkcs15_card *, unsigned, unsigned, int); + +int sc_pkcs15emu_oberthur_init_ex(struct sc_pkcs15_card *, struct sc_pkcs15emu_opt *); + +static int sc_oberthur_parse_tokeninfo (struct sc_pkcs15_card *, unsigned char *, size_t, int); +static int sc_oberthur_parse_containers (struct sc_pkcs15_card *, unsigned char *, size_t, int); +static int sc_oberthur_parse_publicinfo (struct sc_pkcs15_card *, unsigned char *, size_t, int); +static int sc_oberthur_parse_privateinfo (struct sc_pkcs15_card *, unsigned char *, size_t, int); + +static int sc_awp_parse_df(struct sc_pkcs15_card *, struct sc_pkcs15_df *); +static void sc_awp_clear(struct sc_pkcs15_card *); + +struct crypto_container { + unsigned id_pub; + unsigned id_prv; + unsigned id_cert; +}; + +struct container { + char uuid[37]; + struct crypto_container exchange; + struct crypto_container sign; + + struct container *next; + struct container *prev; +}; + +struct container *Containers = NULL; + +static struct { + const char *name; + const char *path; + unsigned char *content; + size_t len; + int (*parser)(struct sc_pkcs15_card *, unsigned char *, size_t, int); + int postpone_allowed; +} oberthur_infos[] = { + /* Never change the following order */ + { "Token info", AWP_TOKEN_INFO, NULL, 0, sc_oberthur_parse_tokeninfo, 0}, + { "Containers MS", AWP_CONTAINERS_MS, NULL, 0, sc_oberthur_parse_containers, 0}, + { "Public objects list", AWP_OBJECTS_LIST_PUB, NULL, 0, sc_oberthur_parse_publicinfo, 0}, + { "Private objects list", AWP_OBJECTS_LIST_PRV, NULL, 0, sc_oberthur_parse_privateinfo, 1}, + { NULL, NULL, NULL, 0, NULL, 0} +}; + + +static unsigned +sc_oberthur_decode_usage(unsigned flags) +{ + unsigned ret = 0; + + if (flags & OBERTHUR_ATTR_ENCRYPT) + ret |= SC_PKCS15_PRKEY_USAGE_ENCRYPT; + if (flags & OBERTHUR_ATTR_DECRYPT) + ret |= SC_PKCS15_PRKEY_USAGE_DECRYPT; + if (flags & OBERTHUR_ATTR_SIGN) + ret |= SC_PKCS15_PRKEY_USAGE_SIGN; + if (flags & OBERTHUR_ATTR_RSIGN) + ret |= SC_PKCS15_PRKEY_USAGE_SIGNRECOVER; + if (flags & OBERTHUR_ATTR_WRAP) + ret |= SC_PKCS15_PRKEY_USAGE_WRAP; + if (flags & OBERTHUR_ATTR_UNWRAP) + ret |= SC_PKCS15_PRKEY_USAGE_UNWRAP; + if (flags & OBERTHUR_ATTR_VERIFY) + ret |= SC_PKCS15_PRKEY_USAGE_VERIFY; + if (flags & OBERTHUR_ATTR_RVERIFY) + ret |= SC_PKCS15_PRKEY_USAGE_VERIFYRECOVER; + if (flags & OBERTHUR_ATTR_DERIVE) + ret |= SC_PKCS15_PRKEY_USAGE_DERIVE; + return ret; +} + + +static int +sc_oberthur_get_friends (unsigned int id, struct crypto_container *ccont) +{ + struct container *cont; + + for (cont = Containers; cont; cont = cont->next) { + if (cont->exchange.id_pub == id || cont->exchange.id_prv == id || cont->exchange.id_cert == id) { + if (ccont) + memcpy(ccont, &cont->exchange, sizeof(struct crypto_container)); + break; + } + + if (cont->sign.id_pub == id || cont->sign.id_prv == id || cont->sign.id_cert == id) { + if (ccont) + memcpy(ccont, &cont->sign, sizeof(struct crypto_container)); + break; + } + } + + return cont ? 0 : SC_ERROR_TEMPLATE_NOT_FOUND; +} + + +static int +sc_oberthur_get_certificate_authority(struct sc_pkcs15_der *der, int *out_authority) +{ +#ifdef ENABLE_OPENSSL + X509 *x; + BUF_MEM buf_mem; + BIO *bio = NULL; + BASIC_CONSTRAINTS *bs = NULL; + + if (!der) + return SC_ERROR_INVALID_ARGUMENTS; + + buf_mem.data = malloc(der->len); + if (!buf_mem.data) + return SC_ERROR_MEMORY_FAILURE; + + memcpy(buf_mem.data, der->value, der->len); + buf_mem.max = buf_mem.length = der->len; + + bio = BIO_new(BIO_s_mem()); + if(!bio) + return SC_ERROR_MEMORY_FAILURE; + + BIO_set_mem_buf(bio, &buf_mem, BIO_NOCLOSE); + x = d2i_X509_bio(bio, 0); + BIO_free(bio); + if (!x) + return SC_ERROR_INVALID_DATA; + + bs = (BASIC_CONSTRAINTS *)X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL); + if (out_authority) + *out_authority = (bs && bs->ca); + + X509_free(x); + + return SC_SUCCESS; +#else + return SC_ERROR_NOT_SUPPORTED; +#endif +} + + +static int +sc_oberthur_read_file(struct sc_pkcs15_card *p15card, const char *in_path, + unsigned char **out, size_t *out_len, + int verify_pin) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_card *card = p15card->card; + struct sc_file *file = NULL; + struct sc_path path; + size_t sz; + int rv; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + if (!in_path || !out || !out_len) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS, "Cannot read oberthur file"); + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "read file '%s'; verify_pin:%i", in_path, verify_pin); + + *out = NULL; + *out_len = 0; + + sc_format_path(in_path, &path); + rv = sc_select_file(card, &path, &file); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot select oberthur file to read"); + + if (file->ef_structure == SC_FILE_EF_TRANSPARENT) + sz = file->size; + else + sz = (file->record_length + 2) * file->record_count; + + *out = calloc(sz, 1); + if (*out == NULL) + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_MEMORY_FAILURE, "Cannot read oberthur file"); + + if (file->ef_structure == SC_FILE_EF_TRANSPARENT) { + rv = sc_read_binary(card, 0, *out, sz, 0); + } + else { + int rec; + int offs = 0; + int rec_len = file->record_length; + + for (rec = 1; ; rec++) { + rv = sc_read_record(card, rec, *out + offs + 2, rec_len, SC_RECORD_BY_REC_NR); + if (rv == SC_ERROR_RECORD_NOT_FOUND) { + rv = 0; + break; + } + else if (rv < 0) { + break; + } + + rec_len = rv; + + *(*out + offs) = 'R'; + *(*out + offs + 1) = rv; + + offs += rv + 2; + } + + sz = offs; + } + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "read oberthur file result %i", rv); + if (verify_pin && rv == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED) { + struct sc_pkcs15_object *objs[0x10], *pin_obj = NULL; + const struct sc_acl_entry *acl = sc_file_get_acl_entry(file, SC_AC_OP_READ); + struct sc_pkcs15_pin_info *pinfo = NULL; + int ii; + + rv = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_AUTH_PIN, objs, 0x10); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot read oberthur file: get AUTH objects error"); + + for (ii=0; iidata; + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "compare PIN/ACL refs:%i/%i, method:%i/%i", + pinfo->reference, acl->key_ref, pinfo->auth_method, acl->method); + if (pinfo->reference == acl->key_ref + && pinfo->auth_method == acl->method) { + pin_obj = objs[ii]; + break; + } + } + + if (!pin_obj || !pin_obj->content.value) { + rv = SC_ERROR_SECURITY_STATUS_NOT_SATISFIED; + } + else { + rv = sc_pkcs15_verify_pin(p15card, pin_obj, pin_obj->content.value, pin_obj->content.len); + if (!rv) + rv = sc_oberthur_read_file(p15card, in_path, out, out_len, 0); + } + }; + + sc_file_free(file); + + if (rv < 0) { + free(*out); + *out = NULL; + *out_len = 0; + } + + *out_len = sz; + + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, rv); +} + + +static int +sc_oberthur_parse_tokeninfo (struct sc_pkcs15_card *p15card, + unsigned char *buff, size_t len, int postpone_allowed) +{ + struct sc_context *ctx = p15card->card->ctx; + char label[0x21]; + unsigned flags; + int ii; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + if (!buff || len < 0x24) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS, "Cannot parse token info"); + + memset(label, 0, sizeof(label)); + + memcpy(label, buff, 0x20); + ii = 0x20; + while (*(label + --ii)==' ' && ii) + ; + *(label + ii + 1) = '\0'; + + flags = *(buff + 0x22) * 0x100 + *(buff + 0x23); + + p15card->tokeninfo->label = strdup(label); + p15card->tokeninfo->manufacturer_id = strdup("Oberthur/OpenSC"); + + if (flags & 0x01) + p15card->tokeninfo->flags |= SC_PKCS15_TOKEN_PRN_GENERATION; + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "label %s", p15card->tokeninfo->label); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "manufacturer_id %s", p15card->tokeninfo->manufacturer_id); + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); +} + + +static int +sc_oberthur_parse_containers (struct sc_pkcs15_card *p15card, + unsigned char *buff, size_t len, int postpone_allowed) +{ + struct sc_context *ctx = p15card->card->ctx; + size_t offs; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + + while (Containers) { + struct container *next = Containers->next; + + free (Containers); + Containers = next; + } + + for (offs=0; offs < len;) { + struct container *cont; + unsigned char *ptr = buff + offs + 2; + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "parse contaniers offs:%i, len:%i", offs, len); + if (*(buff + offs) != 'R') + return SC_ERROR_INVALID_DATA; + + cont = (struct container *)calloc(sizeof(struct container), 1); + if (!cont) + return SC_ERROR_MEMORY_FAILURE; + + cont->exchange.id_pub = *ptr * 0x100 + *(ptr + 1); ptr += 2; + cont->exchange.id_prv = *ptr * 0x100 + *(ptr + 1); ptr += 2; + cont->exchange.id_cert = *ptr * 0x100 + *(ptr + 1); ptr += 2; + + cont->sign.id_pub = *ptr * 0x100 + *(ptr + 1); ptr += 2; + cont->sign.id_prv = *ptr * 0x100 + *(ptr + 1); ptr += 2; + cont->sign.id_cert = *ptr * 0x100 + *(ptr + 1); ptr += 2; + + memcpy(cont->uuid, ptr + 2, 36); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "UUID: %s; 0x%X, 0x%X, 0x%X", cont->uuid, + cont->exchange.id_pub, cont->exchange.id_prv, cont->exchange.id_cert); + + if (!Containers) { + Containers = cont; + } + else { + cont->next = Containers; + Containers->prev = (void *)cont; + Containers = cont; + } + + offs += *(buff + offs + 1) + 2; + } + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); +} + + +static int +sc_oberthur_parse_publicinfo (struct sc_pkcs15_card *p15card, + unsigned char *buff, size_t len, int postpone_allowed) +{ + struct sc_context *ctx = p15card->card->ctx; + size_t ii; + int rv; + + SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE); + for (ii=0; iicard->ctx, SC_LOG_DEBUG_NORMAL, "add public object(file-id:%04X,size:%X)", file_id, size); + + switch (*(buff+ii + 1)) { + case BASE_ID_PUB_RSA : + rv = sc_pkcs15emu_oberthur_add_pubkey(p15card, file_id, size); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot parse public key info"); + break; + case BASE_ID_CERT : + rv = sc_pkcs15emu_oberthur_add_cert(p15card, file_id); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot parse certificate info"); + break; + case BASE_ID_PUB_DES : + break; + case BASE_ID_PUB_DATA : + rv = sc_pkcs15emu_oberthur_add_data(p15card, file_id, size, 0); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot parse data info"); + break; + default: + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Public object parse error"); + } + } + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); +} + + +static int +sc_oberthur_parse_privateinfo (struct sc_pkcs15_card *p15card, + unsigned char *buff, size_t len, int postpone_allowed) +{ + struct sc_context *ctx = p15card->card->ctx; + size_t ii; + int rv; + int no_more_private_keys = 0, no_more_private_data = 0; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + + for (ii=0; ii), + * ID(len:2,value:(SHA1 value)), + * StartDate(Ascii:8) + * EndDate(Ascii:8) + * ??(0x00:2) + */ +static int +sc_pkcs15emu_oberthur_add_pubkey(struct sc_pkcs15_card *p15card, + unsigned int file_id, unsigned int size) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_pubkey_info key_info; + struct sc_pkcs15_object key_obj; + char ch_tmp[0x100]; + unsigned char *info_blob; + size_t len, info_len, offs; + unsigned flags; + int rv; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "public key(file-id:%04X,size:%X)", file_id, size); + + memset(&key_info, 0, sizeof(key_info)); + memset(&key_obj, 0, sizeof(key_obj)); + + snprintf(ch_tmp, sizeof(ch_tmp), "%s%04X", AWP_OBJECTS_DF_PUB, file_id | 0x100); + rv = sc_oberthur_read_file(p15card, ch_tmp, &info_blob, &info_len, 1); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to add public key: read oberthur file error"); + + /* Flags */ + offs = 2; + if (offs > info_len) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Failed to add public key: no 'tag'"); + flags = *(info_blob + 0) * 0x100 + *(info_blob + 1); + key_info.usage = sc_oberthur_decode_usage(flags); + if (flags & OBERTHUR_ATTR_MODIFIABLE) + key_obj.flags = SC_PKCS15_CO_FLAG_MODIFIABLE; + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Public key key-usage:%04X", key_info.usage); + + /* Label */ + if (offs + 2 > info_len) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Failed to add public key: no 'Label'"); + len = *(info_blob + offs + 1) + *(info_blob + offs) * 0x100; + if (len) { + if (len > sizeof(key_obj.label) - 1) + len = sizeof(key_obj.label) - 1; + memcpy(key_obj.label, info_blob + offs + 2, len); + } + offs += 2 + len; + + /* ID */ + if (offs > info_len) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Failed to add public key: no 'ID'"); + len = *(info_blob + offs + 1) + *(info_blob + offs) * 0x100; + if (!len || len > sizeof(key_info.id.value)) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_DATA, "Failed to add public key: invalie 'ID' length"); + memcpy(key_info.id.value, info_blob + offs + 2, len); + key_info.id.len = len; + + /* Ignore Start/End dates */ + + snprintf(ch_tmp, sizeof(ch_tmp), "%s%04X", AWP_OBJECTS_DF_PUB, file_id); + sc_format_path(ch_tmp, &key_info.path); + + key_info.native = 1; + key_info.key_reference = file_id & 0xFF; + key_info.modulus_length = size; + + rv = sc_pkcs15emu_add_rsa_pubkey(p15card, &key_obj, &key_info); + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv); +} + + +/* Certificate info: + * flags:2, + * Label(len:2,value:), + * ID(len:2,value:(SHA1 value)), + * Subject in ASN.1(len:2,value:) + * Issuer in ASN.1(len:2,value:) + * Serial encoded in LV or ASN.1 FIXME + */ +static int +sc_pkcs15emu_oberthur_add_cert(struct sc_pkcs15_card *p15card, unsigned int file_id) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_cert_info cinfo; + struct sc_pkcs15_object cobj; + unsigned char *info_blob, *cert_blob; + size_t info_len, cert_len, len, offs; + unsigned flags; + int rv; + char ch_tmp[0x20]; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "add certificate(file-id:%04X)", file_id); + + memset(&cinfo, 0, sizeof(cinfo)); + memset(&cobj, 0, sizeof(cobj)); + + snprintf(ch_tmp, sizeof(ch_tmp), "%s%04X", AWP_OBJECTS_DF_PUB, file_id | 0x100); + rv = sc_oberthur_read_file(p15card, ch_tmp, &info_blob, &info_len, 1); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to add certificate: read oberthur file error"); + + if (info_len < 2) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Failed to add certificate: no 'tag'"); + flags = *(info_blob + 0) * 0x100 + *(info_blob + 1); + offs = 2; + + /* Label */ + if (offs + 2 > info_len) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Failed to add certificate: no 'CN'"); + len = *(info_blob + offs + 1) + *(info_blob + offs) * 0x100; + if (len) { + if (len > sizeof(cobj.label) - 1) + len = sizeof(cobj.label) - 1; + memcpy(cobj.label, info_blob + offs + 2, len); + } + offs += 2 + len; + + /* ID */ + if (offs > info_len) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Failed to add certificate: no 'ID'"); + len = *(info_blob + offs + 1) + *(info_blob + offs) * 0x100; + if (len > sizeof(cinfo.id.value)) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_DATA, "Failed to add certificate: invalie 'ID' length"); + memcpy(cinfo.id.value, info_blob + offs + 2, len); + cinfo.id.len = len; + + /* Ignore subject, issuer and serial */ + + snprintf(ch_tmp, sizeof(ch_tmp), "%s%04X", AWP_OBJECTS_DF_PUB, file_id); + sc_format_path(ch_tmp, &cinfo.path); + rv = sc_oberthur_read_file(p15card, ch_tmp, &cert_blob, &cert_len, 1); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to add certificate: read certificate error"); + + cinfo.value.value = cert_blob; + cinfo.value.len = cert_len; + + rv = sc_oberthur_get_certificate_authority(&cinfo.value, &cinfo.authority); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to add certificate: get certificate attributes error"); + + if (flags & OBERTHUR_ATTR_MODIFIABLE) + cobj.flags |= SC_PKCS15_CO_FLAG_MODIFIABLE; + + rv = sc_pkcs15emu_add_x509_cert(p15card, &cobj, &cinfo); + + SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, rv); +} + + +/* Private key info: + * flags:2, + * CN(len:2,value:), + * ID(len:2,value:(SHA1 value)), + * StartDate(Ascii:8) + * EndDate(Ascii:8) + * Subject in ASN.1(len:2,value:) + * modulus(value:) + * exponent(length:1, value:3) + */ +static int +sc_pkcs15emu_oberthur_add_prvkey(struct sc_pkcs15_card *p15card, + unsigned int file_id, unsigned int size) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_prkey_info kinfo; + struct sc_pkcs15_object kobj; + struct crypto_container ccont; + unsigned char *info_blob = NULL; + size_t info_len = 0; + unsigned flags; + size_t offs, len; + char ch_tmp[0x100]; + int rv; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "add private key(file-id:%04X,size:%04X)", file_id, size); + + memset(&kinfo, 0, sizeof(kinfo)); + memset(&kobj, 0, sizeof(kobj)); + memset(&ccont, 0, sizeof(ccont)); + + rv = sc_oberthur_get_friends (file_id, &ccont); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to add private key: get friends error"); + + if (ccont.id_cert) { + struct sc_pkcs15_object *objs[32]; + int ii; + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "friend certificate %04X", ccont.id_cert); + rv = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_CERT_X509, objs, 32); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to add private key: get certificates error"); + + for (ii=0; iidata; + struct sc_path path = cert->path; + unsigned int id = path.value[path.len - 2] * 0x100 + path.value[path.len - 1]; + + if (id == ccont.id_cert) { + strncpy(kobj.label, objs[ii]->label, sizeof(kobj.label) - 1); + break; + } + } + + if (ii == rv) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCONSISTENT_PROFILE, "Failed to add private key: friend not found"); + } + + snprintf(ch_tmp, sizeof(ch_tmp), "%s%04X", AWP_OBJECTS_DF_PRV, file_id | 0x100); + rv = sc_oberthur_read_file(p15card, ch_tmp, &info_blob, &info_len, 1); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to add private key: read oberthur file error"); + + if (info_len < 2) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Failed to add private key: no 'tag'"); + flags = *(info_blob + 0) * 0x100 + *(info_blob + 1); + offs = 2; + + /* CN */ + if (offs > info_len) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Failed to add private key: no 'CN'"); + len = *(info_blob + offs + 1) + *(info_blob + offs) * 0x100; + if (len && !strlen(kobj.label)) { + if (len > sizeof(kobj.label) - 1) + len = sizeof(kobj.label) - 1; + strncpy(kobj.label, (char *)(info_blob + offs + 2), len); + } + offs += 2 + len; + + /* ID */ + if (offs > info_len) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Failed to add private key: no 'ID'"); + len = *(info_blob + offs + 1) + *(info_blob + offs) * 0x100; + if (!len) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Failed to add private key: zero length ID"); + else if (len > sizeof(kinfo.id.value)) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_DATA, "Failed to add private key: invalid ID length"); + memcpy(kinfo.id.value, info_blob + offs + 2, len); + kinfo.id.len = len; + offs += 2 + len; + + /* Ignore Start/End dates */ + offs += 16; + + /* Subject encoded in ASN1 */ + if (offs > info_len) + return SC_ERROR_UNKNOWN_DATA_RECEIVED; + len = *(info_blob + offs + 1) + *(info_blob + offs) * 0x100; + if (len) { + kinfo.subject.value = malloc(len); + if (!kinfo.subject.value) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_MEMORY_FAILURE, "Failed to add private key: memory allocation error"); + kinfo.subject.len = len; + memcpy(kinfo.subject.value, info_blob + offs + 2, len); + } + + /* Modulus and exponent are ignored */ + + snprintf(ch_tmp, sizeof(ch_tmp), "%s%04X", AWP_OBJECTS_DF_PRV, file_id); + sc_format_path(ch_tmp, &kinfo.path); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Private key info path %s", ch_tmp); + + kinfo.modulus_length = size; + kinfo.native = 1; + kinfo.access_flags = SC_PKCS15_PRKEY_ACCESS_SENSITIVE + | SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE + | SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE + | SC_PKCS15_PRKEY_ACCESS_LOCAL; + kinfo.key_reference = file_id & 0xFF; + + kinfo.usage = sc_oberthur_decode_usage(flags); + kobj.flags = SC_PKCS15_CO_FLAG_PRIVATE; + if (flags & OBERTHUR_ATTR_MODIFIABLE) + kobj.flags |= SC_PKCS15_CO_FLAG_MODIFIABLE; + + kobj.auth_id.len = sizeof(PinDomainID) > sizeof(kobj.auth_id.value) + ? sizeof(kobj.auth_id.value) : sizeof(PinDomainID); + memcpy(kobj.auth_id.value, PinDomainID, kobj.auth_id.len); + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Parsed private key(reference:%i,usage:%X,flags:%X)", kinfo.key_reference, kinfo.usage, kobj.flags); + + rv = sc_pkcs15emu_add_rsa_prkey(p15card, &kobj, &kinfo); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv); +} + + +static int +sc_pkcs15emu_oberthur_add_data(struct sc_pkcs15_card *p15card, + unsigned int file_id, unsigned int size, int private) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_data_info dinfo; + struct sc_pkcs15_object dobj; + unsigned flags; + unsigned char *info_blob = NULL, *label = NULL, *app = NULL, *oid = NULL; + size_t info_len, label_len, app_len, oid_len, offs; + char ch_tmp[0x100]; + int rv; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Add data(file-id:%04X,size:%i,is-private:%i)", file_id, size, private); + memset(&dinfo, 0, sizeof(dinfo)); + memset(&dobj, 0, sizeof(dobj)); + + snprintf(ch_tmp, sizeof(ch_tmp), "%s%04X", private ? AWP_OBJECTS_DF_PRV : AWP_OBJECTS_DF_PUB, file_id | 0x100); + + rv = sc_oberthur_read_file(p15card, ch_tmp, &info_blob, &info_len, 1); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to add data: read oberthur file error"); + + if (info_len < 2) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Failed to add certificate: no 'tag'"); + flags = *(info_blob + 0) * 0x100 + *(info_blob + 1); + offs = 2; + + /* Label */ + if (offs > info_len) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Failed to add data: no 'label'"); + label = info_blob + offs + 2; + label_len = *(info_blob + offs + 1) + *(info_blob + offs) * 0x100; + if (label_len > sizeof(dobj.label) - 1) + label_len = sizeof(dobj.label) - 1; + offs += 2 + *(info_blob + offs + 1); + + /* Application */ + if (offs > info_len) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Failed to add data: no 'application'"); + app = info_blob + offs + 2; + app_len = *(info_blob + offs + 1) + *(info_blob + offs) * 0x100; + if (app_len > sizeof(dinfo.app_label) - 1) + app_len = sizeof(dinfo.app_label) - 1; + offs += 2 + app_len; + + /* OID encode like DER(ASN.1(oid)) */ + if (offs > info_len) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Failed to add data: no 'OID'"); + oid_len = *(info_blob + offs + 1) + *(info_blob + offs) * 0x100; + if (oid_len) { + oid = info_blob + offs + 2; + if (*oid != 0x06 || (*(oid + 1) != oid_len - 2)) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Failed to add data: invalid 'OID' format"); + oid += 2; + oid_len -= 2; + } + + snprintf(ch_tmp, sizeof(ch_tmp), "%s%04X", private ? AWP_OBJECTS_DF_PRV : AWP_OBJECTS_DF_PUB, file_id); + + sc_format_path(ch_tmp, &dinfo.path); + + memcpy(dobj.label, label, label_len); + memcpy(dinfo.app_label, app, app_len); + if (oid_len) + sc_asn1_decode_object_id(oid, oid_len, &dinfo.app_oid); + + if (flags & OBERTHUR_ATTR_MODIFIABLE) + dobj.flags |= SC_PKCS15_CO_FLAG_MODIFIABLE; + + if (private) { + dobj.auth_id.len = sizeof(PinDomainID) > sizeof(dobj.auth_id.value) + ? sizeof(dobj.auth_id.value) : sizeof(PinDomainID); + memcpy(dobj.auth_id.value, PinDomainID, dobj.auth_id.len); + + dobj.flags |= SC_PKCS15_CO_FLAG_PRIVATE; + } + + rv = sc_pkcs15emu_add_data_object(p15card, &dobj, &dinfo); + + SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, rv); +} + + +static int +sc_pkcs15emu_oberthur_init(struct sc_pkcs15_card * p15card) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_pin_info info; + struct sc_pkcs15_object obj; + struct sc_card *card = p15card->card; + struct sc_path path; + int rv, ii, tries_left; + char serial[0x10]; + unsigned char sopin_reference = 0x04; + + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + sc_bin_to_hex(card->serialnr.value, card->serialnr.len, serial, sizeof(serial), 0); + p15card->tokeninfo->serial_number = strdup(serial); + + p15card->ops.parse_df = sc_awp_parse_df; + p15card->ops.clear = sc_awp_clear; + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Oberthur init: serial %s", p15card->tokeninfo->serial_number); + + sc_format_path(AWP_PIN_DF, &path); + rv = sc_select_file(card, &path, NULL); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Oberthur init failed: cannot select PIN dir"); + + tries_left = -1; + rv = sc_verify(card, SC_AC_CHV, sopin_reference, (unsigned char *)"", 0, &tries_left); + if (rv && rv != SC_ERROR_PIN_CODE_INCORRECT) { + sopin_reference = 0x84; + rv = sc_verify(card, SC_AC_CHV, sopin_reference, (unsigned char *)"", 0, &tries_left); + } + if (rv && rv != SC_ERROR_PIN_CODE_INCORRECT) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Invalid state of SO-PIN"); + + /* add PIN */ + memset(&info, 0, sizeof(info)); + memset(&obj, 0, sizeof(obj)); + + info.auth_id.len = 1; + info.auth_id.value[0] = 0xFF; + info.min_length = 4; + info.max_length = 64; + info.stored_length = 64; + info.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC; + info.reference = sopin_reference; + info.tries_left = tries_left; + info.auth_method = SC_AC_CHV; + info.magic = SC_PKCS15_PIN_MAGIC; + info.pad_char = 0xFF; + info.flags = SC_PKCS15_PIN_FLAG_CASE_SENSITIVE + | SC_PKCS15_PIN_FLAG_INITIALIZED + | SC_PKCS15_PIN_FLAG_NEEDS_PADDING + | SC_PKCS15_PIN_FLAG_SO_PIN; + + strncpy(obj.label, "SO PIN", SC_PKCS15_MAX_LABEL_SIZE-1); + obj.flags = SC_PKCS15_CO_FLAG_MODIFIABLE | SC_PKCS15_CO_FLAG_PRIVATE; + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Add PIN(%s,auth_id:%s,reference:%i)", obj.label, + sc_pkcs15_print_id(&info.auth_id), info.reference); + rv = sc_pkcs15emu_add_pin_obj(p15card, &obj, &info); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Oberthur init failed: cannot add PIN object"); + + tries_left = -1; + rv = sc_verify(card, SC_AC_CHV, 0x81, (unsigned char *)"", 0, &tries_left); + if (rv == SC_ERROR_PIN_CODE_INCORRECT) { + /* add PIN */ + memset(&info, 0, sizeof(info)); + memset(&obj, 0, sizeof(obj)); + + info.auth_id.len = sizeof(PinDomainID) > sizeof(info.auth_id.value) + ? sizeof(info.auth_id.value) : sizeof(PinDomainID); + memcpy(info.auth_id.value, PinDomainID, info.auth_id.len); + + info.min_length = 4; + info.max_length = 64; + info.stored_length = 64; + info.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC; + info.reference = 0x81; + info.auth_method = SC_AC_CHV; + info.tries_left = tries_left; + info.magic = SC_PKCS15_PIN_MAGIC; + info.pad_char = 0xFF; + info.flags = SC_PKCS15_PIN_FLAG_CASE_SENSITIVE + | SC_PKCS15_PIN_FLAG_INITIALIZED + | SC_PKCS15_PIN_FLAG_NEEDS_PADDING + | SC_PKCS15_PIN_FLAG_LOCAL; + + strncpy(obj.label, PIN_DOMAIN_LABEL, SC_PKCS15_MAX_LABEL_SIZE-1); + obj.flags = SC_PKCS15_CO_FLAG_MODIFIABLE | SC_PKCS15_CO_FLAG_PRIVATE; + + sc_format_path(AWP_PIN_DF, &info.path); + info.path.type = SC_PATH_TYPE_PATH; + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Add PIN(%s,auth_id:%s,reference:%i)", obj.label, + sc_pkcs15_print_id(&info.auth_id), info.reference); + rv = sc_pkcs15emu_add_pin_obj(p15card, &obj, &info); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Oberthur init failed: cannot add PIN object"); + } + else if (rv != SC_ERROR_DATA_OBJECT_NOT_FOUND) { + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Oberthur init failed: cannot verify PIN"); + } + + for (ii=0; oberthur_infos[ii].name; ii++) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Oberthur init: read %s file", oberthur_infos[ii].name); + rv = sc_oberthur_read_file(p15card, oberthur_infos[ii].path, + &oberthur_infos[ii].content, &oberthur_infos[ii].len, 1); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Oberthur init failed: read oberthur file error"); + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Oberthur init: parse %s file, content length %i", + oberthur_infos[ii].name, oberthur_infos[ii].len); + rv = oberthur_infos[ii].parser(p15card, oberthur_infos[ii].content, oberthur_infos[ii].len, + oberthur_infos[ii].postpone_allowed); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Oberthur init failed: parse error"); + } + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); +} + + +static int +oberthur_detect_card(struct sc_pkcs15_card * p15card) +{ + struct sc_card *card = p15card->card; + + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + if (p15card->card->type != SC_CARD_TYPE_OBERTHUR_64K) + SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_WRONG_CARD); + SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); +} + + +int +sc_pkcs15emu_oberthur_init_ex(struct sc_pkcs15_card * p15card, + struct sc_pkcs15emu_opt * opts) +{ + int rv; + + SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE); + if (opts && opts->flags & SC_PKCS15EMU_FLAGS_NO_CHECK) { + rv = sc_pkcs15emu_oberthur_init(p15card); + } + else { + rv = oberthur_detect_card(p15card); + if (!rv) + rv = sc_pkcs15emu_oberthur_init(p15card); + } + + SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, rv); +} + + +static int +sc_awp_parse_df(struct sc_pkcs15_card *p15card, struct sc_pkcs15_df *df) +{ + struct sc_context *ctx = p15card->card->ctx; + unsigned char *buf = NULL; + size_t buf_len; + int rv; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + if (df->type != SC_PKCS15_PRKDF && df->type != SC_PKCS15_DODF) + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED); + + if (df->enumerated) + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); + + rv = sc_oberthur_read_file(p15card, AWP_OBJECTS_LIST_PRV, &buf, &buf_len, 1); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Parse DF: read pribate objects info failed"); + + rv = sc_oberthur_parse_privateinfo(p15card, buf, buf_len, 0); + + if (buf) + free(buf); + + if (rv == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED) + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); + + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Parse DF: private info parse error"); + df->enumerated = 1; + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv); +} + + +static void +sc_awp_clear(struct sc_pkcs15_card *p15card) +{ + SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE); +} diff -Nru opensc-0.11.13/src/libopensc/pkcs15-openpgp.c opensc-0.12.1/src/libopensc/pkcs15-openpgp.c --- opensc-0.11.13/src/libopensc/pkcs15-openpgp.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/pkcs15-openpgp.c 2011-05-17 17:07:00.000000000 +0000 @@ -19,14 +19,17 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" -#include -#include +#include "config.h" + #include #include #include #include -#include + +#include "common/compat_strlcpy.h" +#include "internal.h" +#include "pkcs15.h" +#include "log.h" int sc_pkcs15emu_openpgp_init_ex(sc_pkcs15_card_t *, sc_pkcs15emu_opt_t *); @@ -81,33 +84,28 @@ sc_context_t *ctx = card->ctx; char string[256]; u8 buffer[256]; - size_t length; int r, i; - set_string(&p15card->label, "OpenPGP Card"); - set_string(&p15card->manufacturer_id, "OpenPGP project"); + set_string(&p15card->tokeninfo->label, "OpenPGP Card"); + set_string(&p15card->tokeninfo->manufacturer_id, "OpenPGP project"); if ((r = read_file(card, "004f", buffer, sizeof(buffer))) < 0) goto failed; sc_bin_to_hex(buffer, (size_t)r, string, sizeof(string), 0); - set_string(&p15card->serial_number, string); - p15card->version = (buffer[6] << 8) | buffer[7]; + set_string(&p15card->tokeninfo->serial_number, string); - p15card->flags = SC_PKCS15_CARD_FLAG_LOGIN_REQUIRED | - SC_PKCS15_CARD_FLAG_PRN_GENERATION | - SC_PKCS15_CARD_FLAG_EID_COMPLIANT; + p15card->tokeninfo->flags = SC_PKCS15_TOKEN_PRN_GENERATION | SC_PKCS15_TOKEN_EID_COMPLIANT; /* Extract preferred language */ r = read_file(card, "00655f2d", string, sizeof(string)-1); if (r < 0) goto failed; string[r] = '\0'; - set_string(&p15card->preferred_language, string); + set_string(&p15card->tokeninfo->preferred_language, string); /* Get Application Related Data (006E) */ if ((r = sc_get_data(card, 0x006E, buffer, sizeof(buffer))) < 0) goto failed; - length = r; /* TBD: extract algorithm info */ @@ -119,7 +117,7 @@ if ((r = read_file(card, "006E007300C4", buffer, sizeof(buffer))) < 0) goto failed; if (r != 7) { - sc_error(ctx, + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "CHV status bytes have unexpected length " "(expected 7, got %d)\n", r); return SC_ERROR_OBJECT_NOT_VALID; @@ -229,14 +227,17 @@ return 0; -failed: sc_error(card->ctx, "Failed to initialize OpenPGP emulation: %s\n", +failed: sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Failed to initialize OpenPGP emulation: %s\n", sc_strerror(r)); return r; } static int openpgp_detect_card(sc_pkcs15_card_t *p15card) { - return strcmp(p15card->card->name, "OpenPGP"); + if (p15card->card->type == SC_CARD_TYPE_OPENPGP_V1 || p15card->card->type == SC_CARD_TYPE_OPENPGP_V2) + return SC_SUCCESS; + else + return SC_ERROR_WRONG_CARD; } int sc_pkcs15emu_openpgp_init_ex(sc_pkcs15_card_t *p15card, diff -Nru opensc-0.11.13/src/libopensc/pkcs15-pin.c opensc-0.12.1/src/libopensc/pkcs15-pin.c --- opensc-0.11.13/src/libopensc/pkcs15-pin.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/pkcs15-pin.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,14 +18,17 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" -#include "pkcs15.h" -#include "asn1.h" +#include "config.h" + #include #include #include #include +#include "internal.h" +#include "asn1.h" +#include "pkcs15.h" + static const struct sc_asn1_entry c_asn1_com_ao_attr[] = { { "authId", SC_ASN1_PKCS15_ID, SC_ASN1_TAG_OCTET_STRING, 0, NULL, NULL }, { NULL, 0, 0, 0, NULL, NULL } @@ -64,6 +67,7 @@ struct sc_asn1_entry asn1_pin[2]; struct sc_asn1_pkcs15_object pin_obj = { obj, asn1_com_ao_attr, NULL, asn1_type_pin_attr }; + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_ASN1); sc_copy_asn1_entry(c_asn1_pin, asn1_pin); sc_copy_asn1_entry(c_asn1_type_pin_attr, asn1_type_pin_attr); sc_copy_asn1_entry(c_asn1_pin_attr, asn1_pin_attr); @@ -93,12 +97,12 @@ r = sc_asn1_decode(ctx, asn1_pin, *buf, *buflen, buf, buflen); if (r == SC_ERROR_ASN1_END_OF_CONTENTS) return r; - SC_TEST_RET(ctx, r, "ASN.1 decoding failed"); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "ASN.1 decoding failed"); info.magic = SC_PKCS15_PIN_MAGIC; obj->type = SC_PKCS15_TYPE_AUTH_PIN; obj->data = malloc(sizeof(info)); if (obj->data == NULL) - SC_FUNC_RETURN(ctx, 0, SC_ERROR_OUT_OF_MEMORY); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); if (info.max_length == 0) { if (p15card->card->max_pin_len != 0) info.max_length = p15card->card->max_pin_len; @@ -111,16 +115,30 @@ /* OpenSC 0.11.4 and older encoded "pinReference" as a negative value. Fixed in 0.11.5 we need to add a hack, so old cards - continue to work. */ - if (p15card->flags & SC_PKCS15_CARD_FLAG_FIX_INTEGERS) { - if (info.reference < 0) { - info.reference += 256; + continue to work. + The same invalid encoding has some models of the proprietary PKCS#15 cards. + */ + if (info.reference < 0) + info.reference += 256; + + info.auth_method = SC_AC_CHV; + + if (info.flags & SC_PKCS15_PIN_FLAG_LOCAL) { + /* In OpenSC pkcs#15 framework 'path' is mandatory for the 'Local' PINs. + * If 'path' do not present in PinAttributes, + * derive it from the PKCS#15 context. */ + if (!info.path.len) { + /* Give priority to AID defined in the application DDO */ + if (p15card->app && p15card->app->ddo.aid.len) + info.path.aid = p15card->app->ddo.aid; + else if (p15card->file_app->path.len) + info.path = p15card->file_app->path; } } + sc_debug(ctx, SC_LOG_DEBUG_ASN1, "decoded PIN(ref:%X,path:%s)", info.reference, sc_print_path(&info.path)); memcpy(obj->data, &info, sizeof(info)); - - return 0; + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_ASN1, SC_SUCCESS); } int sc_pkcs15_encode_aodf_entry(sc_context_t *ctx, @@ -157,7 +175,7 @@ sc_format_asn1_entry(asn1_pin_attr + 5, &pin->reference, NULL, 1); /* FIXME: check if pad_char present */ sc_format_asn1_entry(asn1_pin_attr + 6, &pin->pad_char, &padchar_len, 1); - sc_format_asn1_entry(asn1_pin_attr + 8, &pin->path, NULL, 1); + sc_format_asn1_entry(asn1_pin_attr + 8, &pin->path, NULL, pin->path.len ? 1 : 0); sc_format_asn1_entry(asn1_com_ao_attr + 0, &pin->auth_id, NULL, 1); @@ -173,7 +191,7 @@ { size_t max_length; assert(p15card != NULL); - + if (pin->magic != SC_PKCS15_PIN_MAGIC) return SC_ERROR_OBJECT_NOT_VALID; @@ -182,7 +200,7 @@ return SC_ERROR_BUFFER_TOO_SMALL; /* if we use pinpad, no more checks are needed */ - if (p15card->card->slot->capabilities & SC_SLOT_CAP_PIN_PAD) + if (p15card->card->reader->capabilities & SC_READER_CAP_PIN_PAD) return SC_SUCCESS; /* If pin is given, make sure it is within limits */ @@ -201,26 +219,28 @@ * reader's PIN pad */ int sc_pkcs15_verify_pin(struct sc_pkcs15_card *p15card, - struct sc_pkcs15_pin_info *pin, - const u8 *pincode, size_t pinlen) + struct sc_pkcs15_object *pin_obj, + const unsigned char *pincode, size_t pinlen) { + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_pin_info *pin_info = (struct sc_pkcs15_pin_info *)pin_obj->data; int r; sc_card_t *card; struct sc_pin_cmd_data data; - if ((r = _validate_pin(p15card, pin, pinlen)) != SC_SUCCESS) - return r; + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "PIN(%p;len:%i)", pincode, pinlen); + + r = _validate_pin(p15card, pin_info, pinlen); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "PIN value do not conforms the PIN policy"); card = p15card->card; r = sc_lock(card); - if (r == SC_ERROR_CARD_RESET || r == SC_ERROR_READER_REATTACHED) { - r = sc_lock(card); - } - SC_TEST_RET(card->ctx, r, "sc_lock() failed"); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "sc_lock() failed"); /* the path in the pin object is optional */ - if (pin->path.len > 0) { - r = sc_select_file(card, &pin->path, NULL); + if (pin_info->path.len > 0) { + r = sc_select_file(card, &pin_info->path, NULL); if (r) goto out; } @@ -228,19 +248,19 @@ /* Initialize arguments */ memset(&data, 0, sizeof(data)); data.cmd = SC_PIN_CMD_VERIFY; - data.pin_type = SC_AC_CHV; - data.pin_reference = pin->reference; - data.pin1.min_length = pin->min_length; - data.pin1.max_length = pin->max_length; - data.pin1.pad_length = pin->stored_length; - data.pin1.pad_char = pin->pad_char; + data.pin_type = pin_info->auth_method; + data.pin_reference = pin_info->reference; + data.pin1.min_length = pin_info->min_length; + data.pin1.max_length = pin_info->max_length; + data.pin1.pad_length = pin_info->stored_length; + data.pin1.pad_char = pin_info->pad_char; data.pin1.data = pincode; data.pin1.len = pinlen; - if (pin->flags & SC_PKCS15_PIN_FLAG_NEEDS_PADDING) + if (pin_info->flags & SC_PKCS15_PIN_FLAG_NEEDS_PADDING) data.flags |= SC_PIN_CMD_NEED_PADDING; - switch (pin->type) { + switch (pin_info->type) { case SC_PKCS15_PIN_TYPE_BCD: data.pin1.encoding = SC_PIN_ENCODING_BCD; break; @@ -252,44 +272,48 @@ data.pin1.encoding = 0; } - if(p15card->card->slot->capabilities & SC_SLOT_CAP_PIN_PAD) { - data.flags |= SC_PIN_CMD_USE_PINPAD; - if (pin->flags & SC_PKCS15_PIN_FLAG_SO_PIN) + if(p15card->card->reader->capabilities & SC_READER_CAP_PIN_PAD) { + if (!pincode && !pinlen) + data.flags |= SC_PIN_CMD_USE_PINPAD; + if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) data.pin1.prompt = "Please enter SO PIN"; else data.pin1.prompt = "Please enter PIN"; } - r = sc_pin_cmd(card, &data, &pin->tries_left); + r = sc_pin_cmd(card, &data, &pin_info->tries_left); + if (r == SC_SUCCESS) + sc_pkcs15_pincache_add(p15card, pin_obj, pincode, pinlen); out: sc_unlock(card); - return r; + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r); } /* * Change a PIN. */ int sc_pkcs15_change_pin(struct sc_pkcs15_card *p15card, - struct sc_pkcs15_pin_info *pin, + struct sc_pkcs15_object *pin_obj, const u8 *oldpin, size_t oldpinlen, const u8 *newpin, size_t newpinlen) { int r; sc_card_t *card; struct sc_pin_cmd_data data; + struct sc_pkcs15_pin_info *pin_info = (struct sc_pkcs15_pin_info *)pin_obj->data; /* make sure the pins are in valid range */ - if ((r = _validate_pin(p15card, pin, oldpinlen)) != SC_SUCCESS) + if ((r = _validate_pin(p15card, pin_info, oldpinlen)) != SC_SUCCESS) return r; - if ((r = _validate_pin(p15card, pin, newpinlen)) != SC_SUCCESS) + if ((r = _validate_pin(p15card, pin_info, newpinlen)) != SC_SUCCESS) return r; card = p15card->card; r = sc_lock(card); - SC_TEST_RET(card->ctx, r, "sc_lock() failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "sc_lock() failed"); /* the path in the pin object is optional */ - if (pin->path.len > 0) { - r = sc_select_file(card, &pin->path, NULL); + if (pin_info->path.len > 0) { + r = sc_select_file(card, &pin_info->path, NULL); if (r) goto out; } @@ -298,24 +322,24 @@ memset(&data, 0, sizeof(data)); data.cmd = SC_PIN_CMD_CHANGE; data.pin_type = SC_AC_CHV; - data.pin_reference = pin->reference; + data.pin_reference = pin_info->reference; data.pin1.data = oldpin; data.pin1.len = oldpinlen; - data.pin1.pad_char = pin->pad_char; - data.pin1.min_length = pin->min_length; - data.pin1.max_length = pin->max_length; - data.pin1.pad_length = pin->stored_length; + data.pin1.pad_char = pin_info->pad_char; + data.pin1.min_length = pin_info->min_length; + data.pin1.max_length = pin_info->max_length; + data.pin1.pad_length = pin_info->stored_length; data.pin2.data = newpin; data.pin2.len = newpinlen; - data.pin2.pad_char = pin->pad_char; - data.pin2.min_length = pin->min_length; - data.pin2.max_length = pin->max_length; - data.pin2.pad_length = pin->stored_length; + data.pin2.pad_char = pin_info->pad_char; + data.pin2.min_length = pin_info->min_length; + data.pin2.max_length = pin_info->max_length; + data.pin2.pad_length = pin_info->stored_length; - if (pin->flags & SC_PKCS15_PIN_FLAG_NEEDS_PADDING) + if (pin_info->flags & SC_PKCS15_PIN_FLAG_NEEDS_PADDING) data.flags |= SC_PIN_CMD_NEED_PADDING; - switch (pin->type) { + switch (pin_info->type) { case SC_PKCS15_PIN_TYPE_BCD: data.pin1.encoding = SC_PIN_ENCODING_BCD; data.pin2.encoding = SC_PIN_ENCODING_BCD; @@ -326,9 +350,10 @@ break; } - if(p15card->card->slot->capabilities & SC_SLOT_CAP_PIN_PAD) { + if((!oldpin || !newpin) + && p15card->card->reader->capabilities & SC_READER_CAP_PIN_PAD) { data.flags |= SC_PIN_CMD_USE_PINPAD; - if (pin->flags & SC_PKCS15_PIN_FLAG_SO_PIN) { + if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) { data.pin1.prompt = "Please enter SO PIN"; data.pin2.prompt = "Please enter new SO PIN"; } else { @@ -337,7 +362,9 @@ } } - r = sc_pin_cmd(card, &data, &pin->tries_left); + r = sc_pin_cmd(card, &data, &pin_info->tries_left); + if (r == SC_SUCCESS) + sc_pkcs15_pincache_add(p15card, pin_obj, newpin, newpinlen); out: sc_unlock(card); @@ -348,18 +375,19 @@ * Unblock a PIN. */ int sc_pkcs15_unblock_pin(struct sc_pkcs15_card *p15card, - struct sc_pkcs15_pin_info *pin, + struct sc_pkcs15_object *pin_obj, const u8 *puk, size_t puklen, const u8 *newpin, size_t newpinlen) { int r; sc_card_t *card; struct sc_pin_cmd_data data; - struct sc_pkcs15_object *pin_obj, *puk_obj; + struct sc_pkcs15_object *puk_obj; struct sc_pkcs15_pin_info *puk_info = NULL; + struct sc_pkcs15_pin_info *pin_info = (struct sc_pkcs15_pin_info *)pin_obj->data; /* make sure the pins are in valid range */ - if ((r = _validate_pin(p15card, pin, newpinlen)) != SC_SUCCESS) + if ((r = _validate_pin(p15card, pin_info, newpinlen)) != SC_SUCCESS) return r; card = p15card->card; @@ -367,19 +395,15 @@ * as we don't have the id of the puk (at least now)) * note: for compatibility reasons we give no error if no puk object * is found */ - /* first step: get the pkcs15 object of the pin */ - r = sc_pkcs15_find_pin_by_auth_id(p15card, &pin->auth_id, &pin_obj); - if (r >= 0 && pin_obj) { - /* second step: try to get the pkcs15 object of the puk */ - r = sc_pkcs15_find_pin_by_auth_id(p15card, &pin_obj->auth_id, &puk_obj); - if (r >= 0 && puk_obj) { - /* third step: get the pkcs15 info object of the puk */ - puk_info = (struct sc_pkcs15_pin_info *)puk_obj->data; - } + /* first step: try to get the pkcs15 object of the puk */ + r = sc_pkcs15_find_pin_by_auth_id(p15card, &pin_obj->auth_id, &puk_obj); + if (r >= 0 && puk_obj) { + /* second step: get the pkcs15 info object of the puk */ + puk_info = (struct sc_pkcs15_pin_info *)puk_obj->data; } if (!puk_info) { - sc_debug(card->ctx, "Unable to get puk object, using pin object instead!\n"); - puk_info = pin; + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unable to get puk object, using pin object instead!"); + puk_info = pin_info; } /* make sure the puk is in valid range */ @@ -387,10 +411,10 @@ return r; r = sc_lock(card); - SC_TEST_RET(card->ctx, r, "sc_lock() failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "sc_lock() failed"); /* the path in the pin object is optional */ - if (pin->path.len > 0) { - r = sc_select_file(card, &pin->path, NULL); + if (pin_info->path.len > 0) { + r = sc_select_file(card, &pin_info->path, NULL); if (r) goto out; } @@ -399,13 +423,13 @@ memset(&data, 0, sizeof(data)); data.cmd = SC_PIN_CMD_UNBLOCK; data.pin_type = SC_AC_CHV; - data.pin_reference = pin->reference; + data.pin_reference = pin_info->reference; data.pin1.data = puk; data.pin1.len = puklen; - data.pin1.pad_char = pin->pad_char; - data.pin1.min_length = pin->min_length; - data.pin1.max_length = pin->max_length; - data.pin1.pad_length = pin->stored_length; + data.pin1.pad_char = pin_info->pad_char; + data.pin1.min_length = pin_info->min_length; + data.pin1.max_length = pin_info->max_length; + data.pin1.pad_length = pin_info->stored_length; data.pin2.data = newpin; data.pin2.len = newpinlen; data.pin2.pad_char = puk_info->pad_char; @@ -413,10 +437,10 @@ data.pin2.max_length = puk_info->max_length; data.pin2.pad_length = puk_info->stored_length; - if (pin->flags & SC_PKCS15_PIN_FLAG_NEEDS_PADDING) + if (pin_info->flags & SC_PKCS15_PIN_FLAG_NEEDS_PADDING) data.flags |= SC_PIN_CMD_NEED_PADDING; - switch (pin->type) { + switch (pin_info->type) { case SC_PKCS15_PIN_TYPE_BCD: data.pin1.encoding = SC_PIN_ENCODING_BCD; break; @@ -434,9 +458,9 @@ break; } - if(p15card->card->slot->capabilities & SC_SLOT_CAP_PIN_PAD) { + if(p15card->card->reader->capabilities & SC_READER_CAP_PIN_PAD) { data.flags |= SC_PIN_CMD_USE_PINPAD; - if (pin->flags & SC_PKCS15_PIN_FLAG_SO_PIN) { + if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) { data.pin1.prompt = "Please enter PUK"; data.pin2.prompt = "Please enter new SO PIN"; } else { @@ -445,7 +469,9 @@ } } - r = sc_pin_cmd(card, &data, &pin->tries_left); + r = sc_pin_cmd(card, &data, &pin_info->tries_left); + if (r == SC_SUCCESS) + sc_pkcs15_pincache_add(p15card, pin_obj, newpin, newpinlen); out: sc_unlock(card); @@ -456,3 +482,107 @@ { free(pin); } + + +/* Add a PIN to the PIN cache related to the card. Some operations can trigger re-authentication later. */ +void sc_pkcs15_pincache_add(struct sc_pkcs15_card *p15card, struct sc_pkcs15_object *pin_obj, + const u8 *pin, size_t pinlen) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_pin_info *pin_info = (struct sc_pkcs15_pin_info *)pin_obj->data; + struct sc_pkcs15_object *obj = NULL; + int r; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + + if (!p15card->opts.use_pin_cache) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "PIN caching not enabled"); + return; + } + + /* If the PIN protects an object with user consent, don't cache it */ + + obj = p15card->obj_list; + while (obj != NULL) { + /* Compare 'sc_pkcs15_object.auth_id' with 'sc_pkcs15_pin_info.auth_id'. + * In accordance with PKCS#15 "6.1.8 CommonObjectAttributes" and + * "6.1.16 CommonAuthenticationObjectAttributes" with the exception that + * "CommonObjectAttributes.accessControlRules" are not taken into account. */ + + if (sc_pkcs15_compare_id(&obj->auth_id, &pin_info->auth_id)) { + /* Caching is refused, if the protected object requires user consent */ + if (obj->user_consent > 0) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "caching refused (user consent)"); + return; + } + } + + obj = obj->next; + } + + r = sc_pkcs15_allocate_object_content(pin_obj, pin, pinlen); + if (r != SC_SUCCESS) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Failed to allocate object content"); + return; + } + + pin_obj->usage_counter = 0; + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "PIN(%s) cached", pin_obj->label); +} + +/* Validate the PIN code associated with an object */ +int sc_pkcs15_pincache_revalidate(struct sc_pkcs15_card *p15card, const sc_pkcs15_object_t *obj) +{ + struct sc_context *ctx = p15card->card->ctx; + sc_pkcs15_object_t *pin_obj; + int r; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + + if (!p15card->opts.use_pin_cache) + return SC_ERROR_SECURITY_STATUS_NOT_SATISFIED; + + if (obj->user_consent) + return SC_ERROR_SECURITY_STATUS_NOT_SATISFIED; + + if (p15card->card->reader->capabilities & SC_READER_CAP_PIN_PAD) + return SC_ERROR_SECURITY_STATUS_NOT_SATISFIED; + + r = sc_pkcs15_find_pin_by_auth_id(p15card, &obj->auth_id, &pin_obj); + if (r != SC_SUCCESS) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Could not find pin object for auth_id %s", sc_pkcs15_print_id(&obj->auth_id)); + return SC_ERROR_SECURITY_STATUS_NOT_SATISFIED; + } + + if (pin_obj->usage_counter >= p15card->opts.pin_cache_counter) { + sc_pkcs15_free_object_content(pin_obj); + return SC_ERROR_SECURITY_STATUS_NOT_SATISFIED; + } + + if (!pin_obj->content.value || !pin_obj->content.len) + return SC_ERROR_SECURITY_STATUS_NOT_SATISFIED; + + pin_obj->usage_counter++; + r = sc_pkcs15_verify_pin(p15card, pin_obj, pin_obj->content.value, pin_obj->content.len); + if (r != SC_SUCCESS) { + /* Ensure that wrong PIN isn't used again */ + sc_pkcs15_free_object_content(pin_obj); + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Verify PIN error %i", r); + return SC_ERROR_SECURITY_STATUS_NOT_SATISFIED; + } + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_SUCCESS); +} + +void sc_pkcs15_pincache_clear(struct sc_pkcs15_card *p15card) +{ + struct sc_pkcs15_object *objs[32]; + int i, r; + + SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_NORMAL); + r = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_AUTH_PIN, objs, 32); + for (i = 0; i < r; i++) + sc_pkcs15_free_object_content(objs[i]); +} + diff -Nru opensc-0.11.13/src/libopensc/pkcs15-piv.c opensc-0.12.1/src/libopensc/pkcs15-piv.c --- opensc-0.11.13/src/libopensc/pkcs15-piv.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/pkcs15-piv.c 2011-05-17 17:07:00.000000000 +0000 @@ -2,7 +2,8 @@ * partial PKCS15 emulation for PIV-II cards * only minimal use of the authentication cert and key * - * Copyright (C) 2005,2006,2007,2008,2009 Douglas E. Engert + * Copyright (C) 2005,2006,2007,2008,2009,2010 + * Douglas E. Engert * 2004, Nils Larsch * Copyright (C) 2006, Identity Alliance, * Thomas Harning @@ -23,19 +24,22 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" +#include "config.h" + #include #include #include #include -#include "pkcs15.h" + +#include "internal.h" #include "cardctl.h" +#include "asn1.h" +#include "pkcs15.h" #define MANU_ID "piv_II " int sc_pkcs15emu_piv_init_ex(sc_pkcs15_card_t *, sc_pkcs15emu_opt_t *); - typedef struct objdata_st { const char *id; const char *label; @@ -51,7 +55,6 @@ int authority; const char *path; int obj_flags; - int found; } cdata; typedef struct pdata_st { @@ -65,50 +68,180 @@ unsigned int storedlen; int flags; int tries_left; - const char pad_char; + const unsigned char pad_char; int obj_flags; } pindata; typedef struct pubdata_st { const char *id; const char *label; - unsigned int modulus_len; - int usage; + int usage_rsa; + int usage_ec; const char *path; int ref; const char *auth_id; int obj_flags; - int found; + const char *getenvname; } pubdata; typedef struct prdata_st { const char *id; const char *label; - unsigned int modulus_len; - int usage; + int usage_rsa; + int usage_ec; const char *path; int ref; const char *auth_id; int obj_flags; + int user_consent; } prdata; +typedef struct common_key_info_st { + int cert_found; + int pubkey_found; + int pubkey_from_file; + int key_alg; + unsigned int pubkey_len; + int not_present; +} common_key_info; + + +/* + * The PIV applet has no serial number, and so the either the FASC-N + * is used, or the GUID is used as a serial number. + * We need to return a GUID like value for each object + * But this needs to be some what unique. + * So we will use two different methods, depending + * on the size of the sereal number. + * If it is 25 bytes, then it was from a FASCN. If 16 bytes + * its from a GUID. + * If neither, we will uase the default method. + */ + +static int piv_get_guid(struct sc_pkcs15_card *p15card, const struct sc_pkcs15_object *obj, + char *out, size_t out_size) +{ + struct sc_serial_number serialnr; + struct sc_pkcs15_id id; + unsigned char guid_bin[SC_PKCS15_MAX_ID_SIZE + SC_MAX_SERIALNR]; + size_t bin_size, offs, tlen; + int r, i; + unsigned char fbit, fbits, fbyte, fbyte2, fnibble; + unsigned char *f5p, *f8p; + + if (!p15card || !obj || !out || out_size < 3) + return SC_ERROR_INCORRECT_PARAMETERS; + + r = sc_pkcs15_get_object_id(obj, &id); + if (r) + return r; + + r = sc_card_ctl(p15card->card, SC_CARDCTL_GET_SERIALNR, &serialnr); + if (r) + return r; + + memset(guid_bin, 0, sizeof(guid_bin)); + memset(out, 0, out_size); + + if (id.len == 1 && serialnr.len == 25) { + + /* It is from a FASCN, and we need to shorten it but keep + * as much uniquness as possible. + * FASC-N is stored like a ISO 7811 Magnetic Strip Card + * Using the ANSI/ISO BCD Data Format + * 4 data bit + 1 parity bit (odd) least significant bit first. + * It starts with the Start Sentinel 0x0b ";" + * Fields are seperated by 0x0d "=" + * Ends with End Sentinel 0x0f "?" + * Its 39 characters + the LRC + * http://www.dataip.co.uk/Reference/MagneticCardBCD.php + * 0x0a, 0x0c, 0x0e are some type of control + * the FASCN has a lot of extra bits, with only 32 digits. + */ + f5p = serialnr.value; + f8p = guid_bin; + fbyte2 = 0; + fnibble = 0; + fbits = 0; + for (i = 0; i < 25*8; i++) { + if (i%8 == 0) { + fbyte=*f5p++; + } + fbit = (fbyte & 0x80) ? 1:0; + fbyte <<= 1; + fbits = (fbits >> 1) + (fbit << 4); + /* reversed with parity */ + if ((i - 4)%5 == 0) { + fbits = fbits & 0x0f; /* drop parity */ + if (fbits <= 9) { /* only save digits, drop control codes */ + fbyte2 = (fbyte2 << 4) | fbits; + if (fnibble) { + *f8p = fbyte2; + f8p++; + fbyte2 = 0; + fnibble = 0; + } else + fnibble = 1; + } + fbits = 0; + } + } + + /* overwrite two insignificant digits in middle with id */ + memcpy(guid_bin + 7, id.value, id.len); + tlen = 16; + } + else if (id.len == 1 && serialnr.len == 16) { + /* its from a GUID, we will overwrite the + * first byte with id.value, as this preserves most + * of the uniqueness. + */ + memcpy(guid_bin, id.value, id.len); + memcpy(guid_bin + id.len, serialnr.value + 1, serialnr.len - 1); + + tlen = id.len + serialnr.len - 1; /* i.e. 16 */ + } else { + /* not what was expected... use default */ + + memcpy(guid_bin, serialnr.value, serialnr.len); + memcpy(guid_bin + serialnr.len, id.value, id.len); + + tlen = id.len + serialnr.len; + } + + /* reserve one byte for the 'C' line ending */ + bin_size = (out_size - 1)/2; + if (bin_size > tlen) + bin_size = tlen; + + offs = tlen - bin_size; + + for (i=0; icard; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); if (card->type < SC_CARD_TYPE_PIV_II_GENERIC || card->type >= SC_CARD_TYPE_PIV_II_GENERIC+1000) return SC_ERROR_INVALID_CARD; return SC_SUCCESS; } + static int sc_pkcs15emu_piv_init(sc_pkcs15_card_t *p15card) { /* The cert objects will return all the data */ -const objdata objects[] = { + /* Note: pkcs11 objects do not have CK_ID values */ + + static const objdata objects[] = { {"1", "Card Capability Container", "2.16.840.1.101.3.7.1.219.0", NULL, "DB00", 0}, {"2", "Card Holder Unique Identifier", @@ -117,11 +250,11 @@ "2.16.840.1.101.3.7.2.48.2", NULL, "3010", 0}, {"4", "X.509 Certificate for PIV Authentication", "2.16.840.1.101.3.7.2.1.1", NULL, "0101", 0}, - {"5", "Card Holder Fingerprints", + {"5", "Cardholder Fingerprints", "2.16.840.1.101.3.7.2.96.16", "1", "6010", SC_PKCS15_CO_FLAG_PRIVATE}, {"6", "Printed Information", "2.16.840.1.101.3.7.2.48.1", "1", "3001", SC_PKCS15_CO_FLAG_PRIVATE}, - {"7", "Card Holder Facial Image", + {"7", "Cardholder Facial Image", "2.16.840.1.101.3.7.2.96.48", "1", "6030", SC_PKCS15_CO_FLAG_PRIVATE}, {"8", "X.509 Certificate for Digital Signature", "2.16.840.1.101.3.7.2.1.0", NULL, "0100", 0}, @@ -131,27 +264,95 @@ "2.16.840.1.101.3.7.2.5.0", NULL, "0500", 0}, {"11", "Security Object", "2.16.840.1.101.3.7.2.144.0", NULL, "9000", 0}, + {"12", "Discovery Object", + "2.16.840.1.101.3.7.2.96.80", NULL, "6050", 0}, + {"13", "Key History Object", + "2.16.840.1.101.3.7.2.96.96", NULL, "6060", 0}, + {"14", "Cardholder Iris Image", + "2.16.840.1.101.3.7.2.16.21", NULL, "1015", SC_PKCS15_CO_FLAG_PRIVATE}, + + {"15", "Retired X.509 Certificate for Key Management 1", + "2.16.840.1.101.3.7.2.16.1", NULL, "1001", 0}, + {"16", "Retired X.509 Certificate for Key Management 2", + "2.16.840.1.101.3.7.2.16.2", NULL, "1002", 0}, + {"17", "Retired X.509 Certificate for Key Management 3", + "2.16.840.1.101.3.7.2.16.3", NULL, "1003", 0}, + {"18", "Retired X.509 Certificate for Key Management 4", + "2.16.840.1.101.3.7.2.16.4", NULL, "1004", 0}, + {"19", "Retired X.509 Certificate for Key Management 5", + "2.16.840.1.101.3.7.2.16.5", NULL, "1005", 0}, + {"20", "Retired X.509 Certificate for Key Management 6", + "2.16.840.1.101.3.7.2.16.6", NULL, "1006", 0}, + {"21", "Retired X.509 Certificate for Key Management 7", + "2.16.840.1.101.3.7.2.16.7", NULL, "1007", 0}, + {"22", "Retired X.509 Certificate for Key Management 8", + "2.16.840.1.101.3.7.2.16.8", NULL, "1008", 0}, + {"23", "Retired X.509 Certificate for Key Management 9", + "2.16.840.1.101.3.7.2.16.9", NULL, "1009", 0}, + {"24", "Retired X.509 Certificate for Key Management 10", + "2.16.840.1.101.3.7.2.16.10", NULL, "100A", 0}, + {"25", "Retired X.509 Certificate for Key Management 11", + "2.16.840.1.101.3.7.2.16.11", NULL, "100B", 0}, + {"26", "Retired X.509 Certificate for Key Management 12", + "2.16.840.1.101.3.7.2.16.12", NULL, "100C", 0}, + {"27", "Retired X.509 Certificate for Key Management 13", + "2.16.840.1.101.3.7.2.16.13", NULL, "100D", 0}, + {"28", "Retired X.509 Certificate for Key Management 14", + "2.16.840.1.101.3.7.2.16.14", NULL, "100E", 0}, + {"29", "Retired X.509 Certificate for Key Management 15", + "2.16.840.1.101.3.7.2.16.15", NULL, "100F", 0}, + {"30", "Retired X.509 Certificate for Key Management 16", + "2.16.840.1.101.3.7.2.16.16", NULL, "1010", 0}, + {"31", "Retired X.509 Certificate for Key Management 17", + "2.16.840.1.101.3.7.2.16.17", NULL, "1011", 0}, + {"32", "Retired X.509 Certificate for Key Management 18", + "2.16.840.1.101.3.7.2.16.18", NULL, "1012", 0}, + {"33", "Retired X.509 Certificate for Key Management 19", + "2.16.840.1.101.3.7.2.16.19", NULL, "1013", 0}, + {"34", "Retired X.509 Certificate for Key Management 20", + "2.16.840.1.101.3.7.2.16.20", NULL, "1014", 0}, {NULL, NULL, NULL, NULL, NULL, 0} }; /* - * NIST 800-73-1 is proposing to lift the restriction on - * requering pin protected certs. Thus the default will be to - * not require this. But there are a number of test cards - * that do enforce it. Code later on will allow SC_PKCS15_CO_FLAG_PRIVATE - * to be set. + * NIST 800-73-1 lifted the restriction on + * requering pin protected certs. Thus the default is to + * not require this. */ /* certs will be pulled out from the cert objects */ - cdata certs[] = { - {"1", "Certificate for PIV Authentication", 0, "0101cece", 0, 0}, + /* the number of cert, pubkey and prkey triplets */ - {"2", "Certificate for Digital Signature", 0, "0100cece", 0, 0}, - {"3", "Certificate for Key Management", 0, "0102cece", 0, 0}, - {"4", "Certificate for Card Authentication", 0, "0500cece", 0, 0}, - {NULL, NULL, 0, NULL, 0, 0} +#define PIV_NUM_CERTS_AND_KEYS 24 + + static const cdata certs[PIV_NUM_CERTS_AND_KEYS] = { + {"1", "Certificate for PIV Authentication", 0, "0101cece", 0}, + {"2", "Certificate for Digital Signature", 0, "0100cece", 0}, + {"3", "Certificate for Key Management", 0, "0102cece", 0}, + {"4", "Certificate for Card Authentication", 0, "0500cece", 0}, + {"5", "Retired Certificate for Key Management 1", 0, "1001cece", 0}, + {"6", "Retired Certificate for Key Management 2", 0, "1002cece", 0}, + {"7", "Retired Certificate for Key Management 3", 0, "1003cece", 0}, + {"8", "Retired Certificate for Key Management 4", 0, "1004cece", 0}, + {"9", "Retired Certificate for Key Management 5", 0, "1005cece", 0}, + {"10", "Retired Certificate for Key Management 6", 0, "1006cece", 0}, + {"11", "Retired Certificate for Key Management 7", 0, "1007cece", 0}, + {"12", "Retired Certificate for Key Management 8", 0, "1008cece", 0}, + {"13", "Retired Certificate for Key Management 9", 0, "1009cece", 0}, + {"14", "Retired Certificate for Key Management 10", 0, "100Acece", 0}, + {"15", "Retired Certificate for Key Management 11", 0, "100Bcece", 0}, + {"16", "Retired Certificate for Key Management 12", 0, "100Ccece", 0}, + {"17", "Retired Certificate for Key Management 13", 0, "100Dcece", 0}, + {"18", "Retired Certificate for Key Management 14", 0, "100Ecece", 0}, + {"19", "Retired Certificate for Key Management 15", 0, "100Fcece", 0}, + {"20", "Retired Certificate for Key Management 16", 0, "1010cece", 0}, + {"21", "Retired Certificate for Key Management 17", 0, "1011cece", 0}, + {"22", "Retired Certificate for Key Management 18", 0, "1012cece", 0}, + {"23", "Retired Certificate for Key Management 19", 0, "1013cece", 0}, + {"24", "Retired Certificate for Key Management 20", 0, "1014cece", 0} }; - const pindata pins[] = { + static const pindata pins[] = { { "1", "PIV Card Holder pin", "", 0x80, + /* label and ref will change if using global pin */ SC_PKCS15_PIN_TYPE_ASCII_NUMERIC, 8, 4, 8, SC_PKCS15_PIN_FLAG_NEEDS_PADDING | @@ -166,8 +367,6 @@ SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN, -1, 0xFF, SC_PKCS15_CO_FLAG_PRIVATE }, - /* there are some more key, but dont need for now */ - /* The admin 9b might fall in here */ { NULL, NULL, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0} }; @@ -177,69 +376,242 @@ * but can be derived from the certificates. * the cert, pubkey and privkey are a set. * Key usages bits taken from pkcs15v1_1 Table 2 + * RSA and EC hav differents set of usage */ - pubdata pubkeys[] = { - - { "1", "PIV AUTH pubkey", 0000, - SC_PKCS15_PRKEY_USAGE_ENCRYPT | - SC_PKCS15_PRKEY_USAGE_WRAP | - SC_PKCS15_PRKEY_USAGE_VERIFY | - SC_PKCS15_PRKEY_USAGE_VERIFYRECOVER, - "9A06", 0x9A, "1", 0, 0}, - { "2", "SIGN pubkey", 0000, - SC_PKCS15_PRKEY_USAGE_ENCRYPT | - SC_PKCS15_PRKEY_USAGE_VERIFY | - SC_PKCS15_PRKEY_USAGE_VERIFYRECOVER | - SC_PKCS15_PRKEY_USAGE_NONREPUDIATION, - "9C06", 0x9C, "1", 0, 0}, - { "3", "KEY MAN pubkey", 0000, - SC_PKCS15_PRKEY_USAGE_WRAP, - "9D06", 0x9D, "1", 0, 0}, - { "4", "CARD AUTH pubkey", 0000, - SC_PKCS15_PRKEY_USAGE_VERIFY | - SC_PKCS15_PRKEY_USAGE_VERIFYRECOVER, - "9E06", 0x9E, "0", 0, 0}, /* no pin, and avail in contactless */ - { NULL, NULL, 0, 0, NULL, 0, NULL, 0, 0} - - }; + static const pubdata pubkeys[PIV_NUM_CERTS_AND_KEYS] = { - prdata prkeys[] = { - { "1", "PIV AUTH key", 0000, - SC_PKCS15_PRKEY_USAGE_DECRYPT | - SC_PKCS15_PRKEY_USAGE_UNWRAP | - SC_PKCS15_PRKEY_USAGE_SIGN | - SC_PKCS15_PRKEY_USAGE_SIGNRECOVER, - "", 0x9A, "1", 0}, - { "2", "SIGN key", 0000, - SC_PKCS15_PRKEY_USAGE_DECRYPT | - SC_PKCS15_PRKEY_USAGE_SIGN | - SC_PKCS15_PRKEY_USAGE_SIGNRECOVER | - SC_PKCS15_PRKEY_USAGE_NONREPUDIATION, - "", 0x9C, "1", 0}, - { "3", "KEY MAN key", 0000, - SC_PKCS15_PRKEY_USAGE_UNWRAP, - "", 0x9D, "1", 0}, - { "4", "CARD AUTH key", 0000, - SC_PKCS15_PRKEY_USAGE_SIGN | + { "1", "PIV AUTH pubkey", + /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | + SC_PKCS15_PRKEY_USAGE_WRAP | + SC_PKCS15_PRKEY_USAGE_VERIFY | + SC_PKCS15_PRKEY_USAGE_VERIFYRECOVER, + /*EC*/SC_PKCS15_PRKEY_USAGE_VERIFY, + "9A06", 0x9A, "1", 0, "PIV_9A_KEY"}, + { "2", "SIGN pubkey", + /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | + SC_PKCS15_PRKEY_USAGE_VERIFY | + SC_PKCS15_PRKEY_USAGE_VERIFYRECOVER | + SC_PKCS15_PRKEY_USAGE_NONREPUDIATION, + /*EC*/SC_PKCS15_PRKEY_USAGE_VERIFY | + SC_PKCS15_PRKEY_USAGE_NONREPUDIATION, + "9C06", 0x9C, "1", 0, "PIV_9C_KEY"}, + { "3", "KEY MAN pubkey", + /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT| SC_PKCS15_PRKEY_USAGE_WRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "9D06", 0x9D, "1", 0, "PIV_9D_KEY"}, + { "4", "CARD AUTH pubkey", + /*RSA*/SC_PKCS15_PRKEY_USAGE_VERIFY | + SC_PKCS15_PRKEY_USAGE_VERIFYRECOVER, + /*EC*/SC_PKCS15_PRKEY_USAGE_VERIFY, + "9E06", 0x9E, "0", 0, "PIV_9E_KEY"}, /* no pin, and avail in contactless */ + + { "5", "Retired KEY MAN 1", + /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "8206", 0x82, "1", 0, NULL}, + { "6", "Retired KEY MAN 2", + /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "8306", 0x83, "1", 0, NULL}, + { "7", "Retired KEY MAN 3", + /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "8406", 0x84, "1", 0, NULL}, + { "8", "Retired KEY MAN 4", + /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "8506", 0x85, "1", 0, NULL}, + { "9", "Retired KEY MAN 5", + /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "8606", 0x86, "1", 0, NULL}, + { "10", "Retired KEY MAN 6", + /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "8706", 0x87, "1", 0, NULL}, + { "11", "Retired KEY MAN 7", + /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "8806", 0x88, "1", 0, NULL}, + { "12", "Retired KEY MAN 8", + /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "8906", 0x89, "1", 0, NULL}, + { "13", "Retired KEY MAN 9", + /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "8A06", 0x8A, "1", 0, NULL}, + { "14", "Retired KEY MAN 10", + /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "8B06", 0x8B, "1", 0, NULL}, + { "15", "Retired KEY MAN 11", + /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "8C06", 0x8C, "1", 0, NULL}, + { "16", "Retired KEY MAN 12", + /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "8D06", 0x8D, "1", 0, NULL}, + { "17", "Retired KEY MAN 13", + /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "8E06", 0x8E, "1", 0, NULL}, + { "18", "Retired KEY MAN 14", + /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "8F06", 0x8F, "1", 0, NULL}, + { "19", "Retired KEY MAN 15", + /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "9006", 0x90, "1", 0, NULL}, + { "20", "Retired KEY MAN 16", + /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "9106", 0x91, "1", 0, NULL}, + { "21", "Retired KEY MAN 17", + /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "9206", 0x92, "1", 0, NULL}, + { "22", "Retired KEY MAN 18", + /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "9306", 0x93, "1", 0, NULL}, + { "23", "Retired KEY MAN 19", + /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "9406", 0x94, "1", 0, NULL}, + { "24", "Retired KEY MAN 20", + /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "9506", 0x95, "1", 0, NULL} }; + +/* + * note some of the SC_PKCS15_PRKEY values are dependent + * on the key algorithm, and will be reset. + */ + static const prdata prkeys[PIV_NUM_CERTS_AND_KEYS] = { + { "1", "PIV AUTH key", + /*RSA*/SC_PKCS15_PRKEY_USAGE_DECRYPT | + SC_PKCS15_PRKEY_USAGE_UNWRAP | + SC_PKCS15_PRKEY_USAGE_SIGN | + SC_PKCS15_PRKEY_USAGE_SIGNRECOVER, + /*EC*/SC_PKCS15_PRKEY_USAGE_SIGN, + "", 0x9A, "1", SC_PKCS15_CO_FLAG_PRIVATE, 0}, + { "2", "SIGN key", + /*RSA*/SC_PKCS15_PRKEY_USAGE_DECRYPT | + SC_PKCS15_PRKEY_USAGE_SIGN | + SC_PKCS15_PRKEY_USAGE_SIGNRECOVER | + SC_PKCS15_PRKEY_USAGE_NONREPUDIATION, + /*EC*/SC_PKCS15_PRKEY_USAGE_SIGN | + SC_PKCS15_PRKEY_USAGE_NONREPUDIATION, + "", 0x9C, "1", SC_PKCS15_CO_FLAG_PRIVATE, 1}, + { "3", "KEY MAN key", + /*RSA*/SC_PKCS15_PRKEY_USAGE_DECRYPT | SC_PKCS15_PRKEY_USAGE_UNWRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "", 0x9D, "1", SC_PKCS15_CO_FLAG_PRIVATE, 1}, + { "4", "CARD AUTH key", + /*RSA*/SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_SIGNRECOVER, - "", 0x9E, NULL, 0}, /* no PIN needed, works with wireless */ - { NULL, NULL, 0, 0, NULL, 0, NULL, 0} + /*EC*/SC_PKCS15_PRKEY_USAGE_SIGN, + "", 0x9E, NULL, 0, 0}, /* no PIN needed, works with wireless */ + { "5", "Retired KEY MAN 1", + /*RSA*/SC_PKCS15_PRKEY_USAGE_DECRYPT | SC_PKCS15_PRKEY_USAGE_UNWRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "", 0x82, "1", SC_PKCS15_CO_FLAG_PRIVATE, 1}, + { "6", "Retired KEY MAN 2", + /*RSA*/SC_PKCS15_PRKEY_USAGE_DECRYPT | SC_PKCS15_PRKEY_USAGE_UNWRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "", 0x83, "1", SC_PKCS15_CO_FLAG_PRIVATE, 1}, + { "7", "Retired KEY MAN 3", + /*RSA*/SC_PKCS15_PRKEY_USAGE_DECRYPT | SC_PKCS15_PRKEY_USAGE_UNWRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "", 0x84, "1", SC_PKCS15_CO_FLAG_PRIVATE, 1}, + { "8", "Retired KEY MAN 4", + /*RSA*/SC_PKCS15_PRKEY_USAGE_DECRYPT | SC_PKCS15_PRKEY_USAGE_UNWRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "", 0x85, "1", SC_PKCS15_CO_FLAG_PRIVATE, 1}, + { "9", "Retired KEY MAN 5", + /*RSA*/SC_PKCS15_PRKEY_USAGE_DECRYPT | SC_PKCS15_PRKEY_USAGE_UNWRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "", 0x86, "1", SC_PKCS15_CO_FLAG_PRIVATE, 1}, + { "10", "Retired KEY MAN 6", + /*RSA*/SC_PKCS15_PRKEY_USAGE_DECRYPT | SC_PKCS15_PRKEY_USAGE_UNWRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "", 0x87, "1", SC_PKCS15_CO_FLAG_PRIVATE, 1}, + { "11", "Retired KEY MAN 7", + /*RSA*/SC_PKCS15_PRKEY_USAGE_DECRYPT | SC_PKCS15_PRKEY_USAGE_UNWRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "", 0x88, "1", SC_PKCS15_CO_FLAG_PRIVATE, 1}, + { "12", "Retired KEY MAN 8", + /*RSA*/SC_PKCS15_PRKEY_USAGE_DECRYPT | SC_PKCS15_PRKEY_USAGE_UNWRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "", 0x89, "1", SC_PKCS15_CO_FLAG_PRIVATE, 1}, + { "13", "Retired KEY MAN 9", + /*RSA*/SC_PKCS15_PRKEY_USAGE_DECRYPT | SC_PKCS15_PRKEY_USAGE_UNWRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "", 0x8A, "1", SC_PKCS15_CO_FLAG_PRIVATE, 1}, + { "14", "Retired KEY MAN 10", + /*RSA*/SC_PKCS15_PRKEY_USAGE_DECRYPT | SC_PKCS15_PRKEY_USAGE_UNWRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "", 0x8B, "1", SC_PKCS15_CO_FLAG_PRIVATE, 1}, + { "15", "Retired KEY MAN 11", + /*RSA*/SC_PKCS15_PRKEY_USAGE_DECRYPT | SC_PKCS15_PRKEY_USAGE_UNWRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "", 0x8C, "1", SC_PKCS15_CO_FLAG_PRIVATE, 1}, + { "16", "Retired KEY MAN 12", + /*RSA*/SC_PKCS15_PRKEY_USAGE_DECRYPT | SC_PKCS15_PRKEY_USAGE_UNWRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "", 0x8D, "1", SC_PKCS15_CO_FLAG_PRIVATE, 1}, + { "17", "Retired KEY MAN 13", + /*RSA*/SC_PKCS15_PRKEY_USAGE_DECRYPT | SC_PKCS15_PRKEY_USAGE_UNWRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "", 0x8E, "1", SC_PKCS15_CO_FLAG_PRIVATE, 1}, + { "18", "Retired KEY MAN 14", + /*RSA*/SC_PKCS15_PRKEY_USAGE_DECRYPT | SC_PKCS15_PRKEY_USAGE_UNWRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "", 0x8F, "1", SC_PKCS15_CO_FLAG_PRIVATE, 1}, + { "19", "Retired KEY MAN 15", + /*RSA*/SC_PKCS15_PRKEY_USAGE_DECRYPT | SC_PKCS15_PRKEY_USAGE_UNWRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "", 0x90, "1", SC_PKCS15_CO_FLAG_PRIVATE, 1}, + { "20", "Retired KEY MAN 16", + /*RSA*/SC_PKCS15_PRKEY_USAGE_DECRYPT | SC_PKCS15_PRKEY_USAGE_UNWRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "", 0x91, "1", SC_PKCS15_CO_FLAG_PRIVATE, 1}, + { "21", "Retired KEY MAN 17", + /*RSA*/SC_PKCS15_PRKEY_USAGE_DECRYPT | SC_PKCS15_PRKEY_USAGE_UNWRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "", 0x92, "1", SC_PKCS15_CO_FLAG_PRIVATE, 1}, + { "22", "Retired KEY MAN 18", + /*RSA*/SC_PKCS15_PRKEY_USAGE_DECRYPT | SC_PKCS15_PRKEY_USAGE_UNWRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "", 0x93, "1", SC_PKCS15_CO_FLAG_PRIVATE, 1}, + { "23", "Retired KEY MAN 19", + /*RSA*/SC_PKCS15_PRKEY_USAGE_DECRYPT | SC_PKCS15_PRKEY_USAGE_UNWRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "", 0x94, "1", SC_PKCS15_CO_FLAG_PRIVATE, 1}, + { "24", "Retired KEY MAN 20", + /*RSA*/SC_PKCS15_PRKEY_USAGE_DECRYPT | SC_PKCS15_PRKEY_USAGE_UNWRAP, + /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, + "", 0x95, "1", SC_PKCS15_CO_FLAG_PRIVATE, 1} }; int r, i; sc_card_t *card = p15card->card; sc_file_t *file_out = NULL; - int exposed_cert[4] = {1, 0, 0, 0}; sc_serial_number_t serial; char buf[SC_MAX_SERIALNR * 2 + 1]; + common_key_info ckis[PIV_NUM_CERTS_AND_KEYS]; - SC_FUNC_CALLED(card->ctx, 1); + + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); /* could read this off card if needed */ /* CSP does not like a - in the name */ - p15card->label = strdup("PIV_II"); - p15card->manufacturer_id = strdup(MANU_ID); + p15card->tokeninfo->label = strdup("PIV_II"); + p15card->tokeninfo->manufacturer_id = strdup(MANU_ID); /* * get serial number @@ -248,18 +620,16 @@ * but need serial number for Mac tokend */ - sc_ctx_suppress_errors_on(card->ctx); r = sc_card_ctl(card, SC_CARDCTL_GET_SERIALNR, &serial); - sc_ctx_suppress_errors_off(card->ctx); if (r < 0) { - sc_debug(card->ctx,"sc_card_ctl rc=%d",r); - p15card->serial_number = strdup("00000000"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"sc_card_ctl rc=%d",r); + p15card->tokeninfo->serial_number = strdup("00000000"); } else { sc_bin_to_hex(serial.value, serial.len, buf, sizeof(buf), 0); - p15card->serial_number = strdup(buf); + p15card->tokeninfo->serial_number = strdup(buf); } - sc_debug(card->ctx, "PIV-II adding objects..."); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "PIV-II adding objects..."); /* set other objects */ for (i = 0; objects[i].label; i++) { @@ -271,13 +641,10 @@ sc_pkcs15_format_id(objects[i].id, &obj_info.id); sc_format_path(objects[i].path, &obj_info.path); - /* We could make sure the object is on the card */ - /* But really don't need to do this now */ -// sc_ctx_suppress_errors_on(card->ctx); -// r = sc_select_file(card, &obj_info.path, NULL); -// sc_ctx_suppress_errors_off(card->ctx); -// if (r == SC_ERROR_FILE_NOT_FOUND) -// continue; + /* See if the object can not be present on the card */ + r = (card->ops->card_ctl)(card, SC_CARDCTL_PIV_OBJECT_PRESENT, &obj_info.path); + if (r == 1) + continue; /* Not on card, do not define the object */ strncpy(obj_info.app_label, objects[i].label, SC_PKCS15_MAX_LABEL_SIZE - 1); r = sc_format_oid(&obj_info.app_oid, objects[i].aoid); @@ -293,7 +660,20 @@ r = sc_pkcs15emu_object_add(p15card, SC_PKCS15_TYPE_DATA_OBJECT, &obj_obj, &obj_info); if (r < 0) - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); +/* TODO + * PIV keys 9C and 9D require the pin verify be done just befor any + * crypto operation using these keys. + * + * Nss 3.12.7 does not check the CKA_ALWAYS_AUTHENTICATE attribute of a key + * and will do a C_FindObjects with only CKA_VALUE looking for a certificate + * it had found earlier after c_Login. The template does not add CKA_TYPE=cert. + * This will cause the card-piv to read all the objects and will reset + * the security status for the 9C and 9D keys. + * Mozilla Bug 457025 + * + * We can not read all the objects, as some need the PIN! + */ } /* @@ -307,15 +687,18 @@ */ /* set certs */ - sc_debug(card->ctx, "PIV-II adding certs..."); - for (i = 0; certs[i].label; i++) { + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "PIV-II adding certs..."); + for (i = 0; i < PIV_NUM_CERTS_AND_KEYS; i++) { struct sc_pkcs15_cert_info cert_info; struct sc_pkcs15_object cert_obj; sc_pkcs15_der_t cert_der; sc_pkcs15_cert_t *cert_out; - if ((card->flags & 0x20) && (exposed_cert[i] == 0)) - continue; + ckis[i].cert_found = 0; + ckis[i].key_alg = -1; + ckis[i].pubkey_found = 0; + ckis[i].pubkey_from_file = 0; + ckis[i].pubkey_len = 0; memset(&cert_info, 0, sizeof(cert_info)); memset(&cert_obj, 0, sizeof(cert_obj)); @@ -327,24 +710,27 @@ strncpy(cert_obj.label, certs[i].label, SC_PKCS15_MAX_LABEL_SIZE - 1); cert_obj.flags = certs[i].obj_flags; - /* see if we have a cert */ + /* See if the cert might be present or not. */ + r = (card->ops->card_ctl)(card, SC_CARDCTL_PIV_OBJECT_PRESENT, &cert_info.path); + if (r == 1) { + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Cert can not be present,i=%d", i); + continue; + } - /* use a &file_out so card-piv will read cert if present */ - sc_ctx_suppress_errors_on(card->ctx); + /* use a &file_out so card-piv.c will read cert if present */ r = sc_pkcs15_read_file(p15card, &cert_info.path, &cert_der.value, &cert_der.len, &file_out); - sc_ctx_suppress_errors_off(card->ctx); if (file_out) { sc_file_free(file_out); file_out = NULL; } if (r) { - sc_debug(card->ctx, "No cert found,i=%d", i); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "No cert found,i=%d", i); continue; } - certs[i].found = 1; + ckis[i].cert_found = 1; /* cache it using the PKCS15 emulation objects */ /* as it does not change */ if (cert_der.value) { @@ -354,30 +740,39 @@ } /* following will find the cached cert in cert_info */ r = sc_pkcs15_read_certificate(p15card, &cert_info, &cert_out); - if (r < 0) { - sc_debug(card->ctx, "Failed to read/parse the certificate r=%d",r); + if (r < 0 || cert_out->key == NULL) { + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Failed to read/parse the certificate r=%d",r); continue; } - /* TODO support DSA keys */ - if (cert_out->key.algorithm == SC_ALGORITHM_RSA) { - /* save modulus_len in pub and priv */ - pubkeys[i].modulus_len = cert_out->key.u.rsa.modulus.len * 8; - prkeys[i].modulus_len = cert_out->key.u.rsa.modulus.len * 8; + ckis[i].key_alg = cert_out->key->algorithm; + switch (cert_out->key->algorithm) { + case SC_ALGORITHM_RSA: + /* save pubkey_len for pub and priv */ + ckis[i].pubkey_len = cert_out->key->u.rsa.modulus.len * 8; + break; + case SC_ALGORITHM_EC: + ckis[i].pubkey_len = cert_out->key->u.ec.params.field_length; + break; + default: + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unsuported key.algorithm %d", cert_out->key->algorithm); + ckis[i].pubkey_len = 0; /* set some value for now */ } sc_pkcs15_free_certificate(cert_out); r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info); if (r < 0) { - sc_error(card->ctx, " Failed to add cert obj r=%d",r); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, " Failed to add cert obj r=%d",r); continue; } } /* set pins */ - sc_debug(card->ctx, "PIV-II adding pins..."); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "PIV-II adding pins..."); for (i = 0; pins[i].label; i++) { struct sc_pkcs15_pin_info pin_info; struct sc_pkcs15_object pin_obj; + const char * label; + int pin_ref; memset(&pin_info, 0, sizeof(pin_info)); memset(&pin_obj, 0, sizeof(pin_obj)); @@ -393,12 +788,21 @@ sc_format_path(pins[i].path, &pin_info.path); pin_info.tries_left = -1; - strncpy(pin_obj.label, pins[i].label, SC_PKCS15_MAX_LABEL_SIZE - 1); + label = pins[i].label; + if (i == 0 && + (card->ops->card_ctl)(card, SC_CARDCTL_PIV_PIN_PREFERENCE, + &pin_ref) == 0 && + pin_ref == 0x00) { /* must be 80 for PIV pin, or 00 for Global PIN */ + pin_info.reference = pin_ref; + label = "Global PIN"; + } +sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "DEE Adding pin %d label=%s",i, label); + strncpy(pin_obj.label, label, SC_PKCS15_MAX_LABEL_SIZE - 1); pin_obj.flags = pins[i].obj_flags; r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info); if (r < 0) - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } @@ -406,27 +810,23 @@ /* set public keys */ /* We may only need this during initialzation when genkey * gets the pubkey, but it can not be read from the card - * at a later time. The piv-tool can stach in file + * at a later time. The piv-tool can stach pubkey in file */ - sc_debug(card->ctx, "PIV-II adding pub keys..."); - for (i = 0; pubkeys[i].label; i++) { + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "PIV-II adding pub keys..."); + for (i = 0; i < PIV_NUM_CERTS_AND_KEYS; i++) { struct sc_pkcs15_pubkey_info pubkey_info; struct sc_pkcs15_object pubkey_obj; struct sc_pkcs15_pubkey *p15_key; - if ((card->flags & 0x20) && (exposed_cert[i] == 0)) - continue; - memset(&pubkey_info, 0, sizeof(pubkey_info)); memset(&pubkey_obj, 0, sizeof(pubkey_obj)); sc_pkcs15_format_id(pubkeys[i].id, &pubkey_info.id); - pubkey_info.usage = pubkeys[i].usage; pubkey_info.native = 1; pubkey_info.key_reference = pubkeys[i].ref; - sc_format_path(pubkeys[i].path, &pubkey_info.path); +// sc_format_path(pubkeys[i].path, &pubkey_info.path); strncpy(pubkey_obj.label, pubkeys[i].label, SC_PKCS15_MAX_LABEL_SIZE - 1); @@ -436,80 +836,169 @@ if (pubkeys[i].auth_id) sc_pkcs15_format_id(pubkeys[i].auth_id, &pubkey_obj.auth_id); - if (certs[i].found == 0) { /* no cert found */ - sc_debug(card->ctx,"No cert for this pub key i=%d",i); - /* TODO DSA */ - pubkey_obj.type = SC_PKCS15_TYPE_PUBKEY_RSA; - pubkey_obj.data = &pubkey_info; - sc_ctx_suppress_errors_on(card->ctx); - r = sc_pkcs15_read_pubkey(p15card, &pubkey_obj, &p15_key); - sc_ctx_suppress_errors_off(card->ctx); - pubkey_obj.data = NULL; - sc_debug(card->ctx," READING PUB KEY r=%d",r); - if (r < 0 ) { + /* If no cert found, piv-tool may have stached the pubkey + * so we can use it when generating a certificate request + * The file is a OpenSSL DER EVP_KEY, which looks like + * a certificate subjectPublicKeyInfo. + * + */ + if (ckis[i].cert_found == 0 ) { /* no cert found */ + char * filename = NULL; + + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"No cert for this pub key i=%d",i); + + /* + * If we used the piv-tool to generate a key, + * we would have saved the public key as a file. + * This code is only used while signing a request + * After the certificate is loaded on the card, + * the public key is extracted from the certificate. + */ + + + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"DEE look for env %s", + pubkeys[i].getenvname?pubkeys[i].getenvname:"NULL"); + + if (pubkeys[i].getenvname == NULL) continue; - } - /* Only get here if no cert, and the card-piv.c found - * there is a pub key file. This only happens when trying - * initializing a card and have set env to point at file + + filename = getenv(pubkeys[i].getenvname); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"DEE look for file %s", filename?filename:"NULL"); + if (filename == NULL) + continue; + + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"Adding pubkey from file %s",filename); + + r = sc_pkcs15_pubkey_from_spki_filename(card->ctx, + filename, + &p15_key); + if (r < 0) + continue; + + /* Only get here if no cert, and the the above found the + * pub key file (actually the SPKI version). This only + * happens when trying initializing a card and have set + * env PIV_9A_KEY or 9C, 9D, 9E to point at the file. + * + * We will cache it using the PKCS15 emulation objects */ - if (p15_key->algorithm == SC_ALGORITHM_RSA) { - /* save modulus_len in pub and priv */ - pubkeys[i].modulus_len = p15_key->u.rsa.modulus.len * 8; - prkeys[i].modulus_len = p15_key->u.rsa.modulus.len * 8; - pubkeys[i].found = 1; - } + pubkey_info.path.len = 0; + + ckis[i].key_alg = p15_key->algorithm; + switch (p15_key->algorithm) { + case SC_ALGORITHM_RSA: + /* save pubkey_len in pub and priv */ + ckis[i].pubkey_len = p15_key->u.rsa.modulus.len * 8; + ckis[i].pubkey_found = 1; + ckis[i].pubkey_from_file = 1; + break; + case SC_ALGORITHM_EC: + ckis[i].key_alg = SC_ALGORITHM_EC; + ckis[i].pubkey_len = p15_key->u.ec.params.field_length; + ckis[i].pubkey_found = 1; + ckis[i].pubkey_from_file = 1; + break; + default: + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"Unsupported key_alg %d",p15_key->algorithm); + continue; + } + pubkey_obj.emulated = p15_key; + p15_key = NULL; } - pubkey_info.modulus_length = pubkeys[i].modulus_len; - strncpy(pubkey_obj.label, pubkeys[i].label, SC_PKCS15_MAX_LABEL_SIZE - 1); - - /* TODO DSA keys */ - r = sc_pkcs15emu_add_rsa_pubkey(p15card, &pubkey_obj, &pubkey_info); - if (r < 0) - SC_FUNC_RETURN(card->ctx, 1, r); /* should not fail */ - pubkeys[i].found = 1; + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"adding pubkey for %d keyalg=%d",i, ckis[i].key_alg); + switch (ckis[i].key_alg) { + case SC_ALGORITHM_RSA: + pubkey_info.usage = pubkeys[i].usage_rsa; + pubkey_info.modulus_length = ckis[i].pubkey_len; + strncpy(pubkey_obj.label, pubkeys[i].label, SC_PKCS15_MAX_LABEL_SIZE - 1); + + r = sc_pkcs15emu_add_rsa_pubkey(p15card, &pubkey_obj, &pubkey_info); + if (r < 0) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); /* should not fail */ + + ckis[i].pubkey_found = 1; + break; + case SC_ALGORITHM_EC: + pubkey_info.usage = pubkeys[i].usage_ec; + pubkey_info.field_length = ckis[i].pubkey_len; + strncpy(pubkey_obj.label, pubkeys[i].label, SC_PKCS15_MAX_LABEL_SIZE - 1); + + r = sc_pkcs15emu_add_ec_pubkey(p15card, &pubkey_obj, &pubkey_info); + if (r < 0) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); /* should not fail */ + ckis[i].pubkey_found = 1; + break; + default: + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,"key_alg %d not supported", ckis[i].key_alg); + continue; + } } /* set private keys */ - sc_debug(card->ctx, "PIV-II adding private keys..."); - for (i = 0; prkeys[i].label; i++) { + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "PIV-II adding private keys..."); + for (i = 0; i < PIV_NUM_CERTS_AND_KEYS; i++) { struct sc_pkcs15_prkey_info prkey_info; struct sc_pkcs15_object prkey_obj; - if ((card->flags & 0x20) && (exposed_cert[i] == 0)) - continue; - memset(&prkey_info, 0, sizeof(prkey_info)); memset(&prkey_obj, 0, sizeof(prkey_obj)); - if (certs[i].found == 0 && pubkeys[i].found == 0) + if (ckis[i].cert_found == 0 && ckis[i].pubkey_found == 0) continue; /* i.e. no cert or pubkey */ sc_pkcs15_format_id(prkeys[i].id, &prkey_info.id); - prkey_info.usage = prkeys[i].usage; prkey_info.native = 1; prkey_info.key_reference = prkeys[i].ref; - prkey_info.modulus_length= prkeys[i].modulus_len; - /* The cert or pubkey should have filled modulus_len */ - /* TODO DSA keys */ sc_format_path(prkeys[i].path, &prkey_info.path); strncpy(prkey_obj.label, prkeys[i].label, SC_PKCS15_MAX_LABEL_SIZE - 1); - prkey_obj.flags = prkeys[i].obj_flags; + prkey_obj.user_consent = prkeys[i].user_consent; if (prkeys[i].auth_id) sc_pkcs15_format_id(prkeys[i].auth_id, &prkey_obj.auth_id); - r = sc_pkcs15emu_add_rsa_prkey(p15card, &prkey_obj, &prkey_info); + /* + * When no cert is present and a pubkey in a file was found, + * means the caller is initilaizeing a card. A sign operation + * will be required to sign a certificate request even if + * normal usage would not allow it. Set SC_PKCS15_PRKEY_USAGE_SIGN + * TODO if code is added to allow key generation and reqest + * sign in the same session, similiar code will be needed. + */ + + if (ckis[i].pubkey_from_file == 1) { + prkey_info.usage = SC_PKCS15_PRKEY_USAGE_SIGN; + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Adding SC_PKCS15_PRKEY_USAGE_SIGN"); + } + + switch (ckis[i].key_alg) { + case SC_ALGORITHM_RSA: + prkey_info.usage |= prkeys[i].usage_rsa; + prkey_info.modulus_length= ckis[i].pubkey_len; + r = sc_pkcs15emu_add_rsa_prkey(p15card, &prkey_obj, &prkey_info); + break; + case SC_ALGORITHM_EC: + prkey_info.usage |= prkeys[i].usage_ec; + prkey_info.field_length = ckis[i].pubkey_len; + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "DEE added key_alg %2.2x prkey_obj.flags %8.8x", + ckis[i].key_alg, prkey_obj.flags); + r = sc_pkcs15emu_add_ec_prkey(p15card, &prkey_obj, &prkey_info); + break; + default: + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unsupported key_alg %d", ckis[i].key_alg); + r = 0; /* we just skip this one */ + } if (r < 0) - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } - SC_FUNC_RETURN(card->ctx, 1, SC_SUCCESS); + p15card->ops.get_guid = piv_get_guid; + + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); } int sc_pkcs15emu_piv_init_ex(sc_pkcs15_card_t *p15card, @@ -518,7 +1007,7 @@ sc_card_t *card = p15card->card; sc_context_t *ctx = card->ctx; - SC_FUNC_CALLED(ctx, 1); + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); if (opts && opts->flags & SC_PKCS15EMU_FLAGS_NO_CHECK) return sc_pkcs15emu_piv_init(p15card); diff -Nru opensc-0.11.13/src/libopensc/pkcs15-postecert.c opensc-0.12.1/src/libopensc/pkcs15-postecert.c --- opensc-0.11.13/src/libopensc/pkcs15-postecert.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/pkcs15-postecert.c 2011-05-17 17:07:00.000000000 +0000 @@ -20,13 +20,16 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" -#include -#include +#include "config.h" + #include #include #include -#include + +#include "common/compat_strlcpy.h" +#include "internal.h" +#include "pkcs15.h" +#include "log.h" int sc_pkcs15emu_postecert_init_ex(sc_pkcs15_card_t *, sc_pkcs15emu_opt_t *); @@ -190,9 +193,9 @@ goto failed; } - set_string(&p15card->label, "Postecert & Cnipa Card"); - set_string(&p15card->manufacturer_id, "Postecert"); - set_string(&p15card->serial_number, "0000"); + set_string(&p15card->tokeninfo->label, "Postecert & Cnipa Card"); + set_string(&p15card->tokeninfo->manufacturer_id, "Postecert"); + set_string(&p15card->tokeninfo->serial_number, "0000"); sc_read_binary(card, 0, certlen, 2, 0); @@ -201,7 +204,7 @@ if (count < 256) return SC_ERROR_INTERNAL; - certi = (unsigned char *) malloc(count); + certi = malloc(count); if (!certi) return SC_ERROR_OUT_OF_MEMORY; @@ -332,7 +335,7 @@ return 0; failed: - sc_error(card->ctx, + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Failed to initialize Postecert and Cnipa emulation: %s\n", sc_strerror(r)); return r; diff -Nru opensc-0.11.13/src/libopensc/pkcs15-prkey.c opensc-0.12.1/src/libopensc/pkcs15-prkey.c --- opensc-0.11.13/src/libopensc/pkcs15-prkey.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/pkcs15-prkey.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,30 +18,39 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" -#include "pkcs15.h" -#include "asn1.h" +#include "config.h" + #include #include #include #include +#include "internal.h" +#include "asn1.h" +#include "pkcs15.h" + static const struct sc_asn1_entry c_asn1_com_key_attr[] = { { "iD", SC_ASN1_PKCS15_ID, SC_ASN1_TAG_OCTET_STRING, 0, NULL, NULL }, { "usage", SC_ASN1_BIT_FIELD, SC_ASN1_TAG_BIT_STRING, 0, NULL, NULL }, { "native", SC_ASN1_BOOLEAN, SC_ASN1_TAG_BOOLEAN, SC_ASN1_OPTIONAL, NULL, NULL }, { "accessFlags", SC_ASN1_BIT_FIELD, SC_ASN1_TAG_BIT_STRING, SC_ASN1_OPTIONAL, NULL, NULL }, { "keyReference",SC_ASN1_INTEGER, SC_ASN1_TAG_INTEGER, SC_ASN1_OPTIONAL, NULL, NULL }, +/* IAS/ECC and ECC(CEN/TS 15480-2:2007) defines 'algReference' member of 'CommonKeyAttributes'. + * It's absent in PKCS#15 v1.1 . + * Will see if any card will really need it. + * { "algReference", SC_ASN1_STRUCT, SC_ASN1_CONS | SC_ASN1_CTX | 1, SC_ASN1_OPTIONAL, NULL, NULL }, + */ { NULL, 0, 0, 0, NULL, NULL } }; static const struct sc_asn1_entry c_asn1_com_prkey_attr[] = { - /* FIXME */ + { "subjectName", SC_ASN1_OCTET_STRING, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, + SC_ASN1_EMPTY_ALLOWED | SC_ASN1_ALLOC | SC_ASN1_OPTIONAL, NULL, NULL }, { NULL, 0, 0, 0, NULL, NULL } }; static const struct sc_asn1_entry c_asn1_rsakey_attr[] = { - { "value", SC_ASN1_PATH, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, 0, NULL, NULL }, + { "value", SC_ASN1_PATH, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, SC_ASN1_EMPTY_ALLOWED, NULL, NULL }, { "modulusLength", SC_ASN1_INTEGER, SC_ASN1_TAG_INTEGER, 0, NULL, NULL }, { "keyInfo", SC_ASN1_INTEGER, SC_ASN1_TAG_INTEGER, SC_ASN1_OPTIONAL, NULL, NULL }, { NULL, 0, 0, 0, NULL, NULL } @@ -103,7 +112,7 @@ struct sc_pkcs15_keyinfo_gostparams *keyinfo_gostparams; size_t usage_len = sizeof(info.usage); size_t af_len = sizeof(info.access_flags); - struct sc_asn1_entry asn1_com_key_attr[6], asn1_com_prkey_attr[1]; + struct sc_asn1_entry asn1_com_key_attr[6], asn1_com_prkey_attr[2]; struct sc_asn1_entry asn1_rsakey_attr[4], asn1_prk_rsa_attr[2]; struct sc_asn1_entry asn1_dsakey_attr[2], asn1_prk_dsa_attr[2], asn1_dsakey_i_p_attr[2], @@ -159,6 +168,8 @@ sc_format_asn1_entry(asn1_com_key_attr + 3, &info.access_flags, &af_len, 0); sc_format_asn1_entry(asn1_com_key_attr + 4, &info.key_reference, NULL, 0); + sc_format_asn1_entry(asn1_com_prkey_attr + 0, &info.subject.value, &info.subject.len, 0); + /* Fill in defaults */ memset(&info, 0, sizeof(info)); info.key_reference = -1; @@ -168,7 +179,7 @@ r = sc_asn1_decode_choice(ctx, asn1_prkey, *buf, *buflen, buf, buflen); if (r == SC_ERROR_ASN1_END_OF_CONTENTS) return r; - SC_TEST_RET(ctx, r, "ASN.1 decoding failed"); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "ASN.1 decoding failed"); if (asn1_prkey[0].flags & SC_ASN1_PRESENT) { obj->type = SC_PKCS15_TYPE_PRKEY_RSA; } else if (asn1_prkey[1].flags & SC_ASN1_PRESENT) { @@ -180,41 +191,43 @@ obj->type = SC_PKCS15_TYPE_PRKEY_GOSTR3410; assert(info.modulus_length == 0); info.modulus_length = SC_PKCS15_GOSTR3410_KEYSIZE; - assert(info.params_len == 0); - info.params_len = sizeof(struct sc_pkcs15_keyinfo_gostparams); - info.params = malloc(info.params_len); - if (info.params == NULL) - SC_FUNC_RETURN(ctx, 0, SC_ERROR_OUT_OF_MEMORY); - assert(sizeof(*keyinfo_gostparams) == info.params_len); - keyinfo_gostparams = info.params; + assert(info.params.len == 0); + info.params.len = sizeof(struct sc_pkcs15_keyinfo_gostparams); + info.params.data = malloc(info.params.len); + if (info.params.data == NULL) + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); + assert(sizeof(*keyinfo_gostparams) == info.params.len); + keyinfo_gostparams = info.params.data; keyinfo_gostparams->gostr3410 = gostr3410_params[0]; keyinfo_gostparams->gostr3411 = gostr3410_params[1]; keyinfo_gostparams->gost28147 = gostr3410_params[2]; } else { - sc_error(ctx, "Neither RSA or DSA or GOSTR3410 key in PrKDF entry.\n"); - SC_FUNC_RETURN(ctx, 0, SC_ERROR_INVALID_ASN1_OBJECT); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Neither RSA or DSA or GOSTR3410 key in PrKDF entry."); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ASN1_OBJECT); } - r = sc_pkcs15_make_absolute_path(&p15card->file_app->path, &info.path); - if (r < 0) { - if (info.params) - free(info.params); - return r; + + if (!p15card->app || !p15card->app->ddo.aid.len) { + r = sc_pkcs15_make_absolute_path(&p15card->file_app->path, &info.path); + if (r < 0) { + sc_pkcs15_free_key_params(&info.params); + return r; + } + } + else { + info.path.aid = p15card->app->ddo.aid; } + sc_debug(ctx, SC_LOG_DEBUG_ASN1, "PrivKey path '%s'", sc_print_path(&info.path)); /* OpenSC 0.11.4 and older encoded "keyReference" as a negative value. Fixed in 0.11.5 we need to add a hack, so old cards continue to work. */ - if (p15card->flags & SC_PKCS15_CARD_FLAG_FIX_INTEGERS) { - if (info.key_reference < -1) { - info.key_reference += 256; - } - } + if (info.key_reference < -1) + info.key_reference += 256; obj->data = malloc(sizeof(info)); if (obj->data == NULL) { - if (info.params) - free(info.params); - SC_FUNC_RETURN(ctx, 0, SC_ERROR_OUT_OF_MEMORY); + sc_pkcs15_free_key_params(&info.params); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); } memcpy(obj->data, &info, sizeof(info)); @@ -225,7 +238,7 @@ const struct sc_pkcs15_object *obj, u8 **buf, size_t *buflen) { - struct sc_asn1_entry asn1_com_key_attr[6], asn1_com_prkey_attr[1]; + struct sc_asn1_entry asn1_com_key_attr[6], asn1_com_prkey_attr[2]; struct sc_asn1_entry asn1_rsakey_attr[4], asn1_prk_rsa_attr[2]; struct sc_asn1_entry asn1_dsakey_attr[2], asn1_prk_dsa_attr[2], asn1_dsakey_value_attr[3], @@ -285,9 +298,9 @@ sc_format_asn1_entry(asn1_prkey + 2, &gostr3410_prkey_obj, NULL, 1); sc_format_asn1_entry(asn1_prk_gostr3410_attr + 0, asn1_gostr3410key_attr, NULL, 1); sc_format_asn1_entry(asn1_gostr3410key_attr + 0, &prkey->path, NULL, 1); - if (prkey->params_len == sizeof(*keyinfo_gostparams)) + if (prkey->params.len == sizeof(*keyinfo_gostparams)) { - keyinfo_gostparams = prkey->params; + keyinfo_gostparams = prkey->params.data; sc_format_asn1_entry(asn1_gostr3410key_attr + 1, &keyinfo_gostparams->gostr3410, NULL, 1); sc_format_asn1_entry(asn1_gostr3410key_attr + 2, @@ -297,8 +310,8 @@ } break; default: - sc_error(ctx, "Invalid private key type: %X\n", obj->type); - SC_FUNC_RETURN(ctx, 0, SC_ERROR_INTERNAL); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Invalid private key type: %X", obj->type); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INTERNAL); break; } sc_format_asn1_entry(asn1_com_key_attr + 0, &prkey->id, NULL, 1); @@ -312,6 +325,9 @@ } if (prkey->key_reference >= 0) sc_format_asn1_entry(asn1_com_key_attr + 4, &prkey->key_reference, NULL, 1); + + sc_format_asn1_entry(asn1_com_prkey_attr + 0, prkey->subject.value, &prkey->subject.len, prkey->subject.len != 0); + r = sc_asn1_encode(ctx, asn1_prkey, buf, buflen); return r; @@ -360,7 +376,7 @@ { if (key->algorithm == SC_ALGORITHM_DSA) return sc_pkcs15_encode_prkey_dsa(ctx, &key->u.dsa, buf, len); - sc_error(ctx, "Cannot encode private key type %u.\n", + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Cannot encode private key type %u.", key->algorithm); return SC_ERROR_NOT_SUPPORTED; } @@ -372,7 +388,7 @@ { if (key->algorithm == SC_ALGORITHM_DSA) return sc_pkcs15_decode_prkey_dsa(ctx, &key->u.dsa, buf, len); - sc_error(ctx, "Cannot decode private key type %u.\n", + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Cannot decode private key type %u.", key->algorithm); return SC_ERROR_NOT_SUPPORTED; } @@ -400,12 +416,12 @@ key.algorithm = SC_ALGORITHM_DSA; break; default: - sc_error(ctx, "Unsupported object type.\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Unsupported object type."); return SC_ERROR_NOT_SUPPORTED; } info = (struct sc_pkcs15_prkey_info *) obj->data; if (info->native) { - sc_error(ctx, "Private key is native, will not read."); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Private key is native, will not read."); return SC_ERROR_NOT_ALLOWED; } @@ -415,7 +431,7 @@ r = sc_pkcs15_read_file(p15card, &path, &data, &len, NULL); if (r < 0) { - sc_error(ctx, "Unable to read private key file.\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Unable to read private key file."); return r; } @@ -433,7 +449,7 @@ data, len, &clear, &clear_len); if (r < 0) { - sc_error(ctx, "Failed to unwrap privat key."); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Failed to unwrap privat key."); goto fail; } free(data); @@ -443,11 +459,11 @@ r = sc_pkcs15_decode_prkey(ctx, &key, data, len); if (r < 0) { - sc_error(ctx, "Unable to decode private key"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Unable to decode private key"); goto fail; } - *out = (struct sc_pkcs15_prkey *) malloc(sizeof(key)); + *out = malloc(sizeof(key)); if (*out == NULL) { r = SC_ERROR_OUT_OF_MEMORY; goto fail; @@ -488,6 +504,9 @@ assert(key->u.gostr3410.d.data); free(key->u.gostr3410.d.data); break; + case SC_ALGORITHM_EC: + /* TODO: -DEE may not need much */ + break; } sc_mem_clear(key, sizeof(key)); } @@ -501,9 +520,10 @@ void sc_pkcs15_free_prkey_info(sc_pkcs15_prkey_info_t *key) { - if (key->subject) - free(key->subject); - if (key->params) - free(key->params); + if (key->subject.value) + free(key->subject.value); + + sc_pkcs15_free_key_params(&key->params); + free(key); } diff -Nru opensc-0.11.13/src/libopensc/pkcs15-pteid.c opensc-0.12.1/src/libopensc/pkcs15-pteid.c --- opensc-0.11.13/src/libopensc/pkcs15-pteid.c 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/libopensc/pkcs15-pteid.c 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,289 @@ +/* + * PKCS15 emulation layer for Portugal eID card. + * + * Copyright (C) 2009, Joao Poupino + * Copyright (C) 2004, Martin Paljak + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * Based on the PKCS#15 emulation layer for EstEID card by Martin Paljak + * + */ + +/* + * The card has a valid PKCS#15 file system. However, the private keys + * are missing the SC_PKCS15_CO_FLAG_PRIVATE flag and this causes problems + * with some applications (i.e. they don't work). + * + * The three main objectives of the emulation layer are: + * + * 1. Add the necessary SC_PKCS15_CO_FLAG_PRIVATE flag to private keys. + * 2. Hide "superfluous" PKCS#15 objects, e.g. PUKs (the user can't use them). + * 3. Improve usability by providing more descriptive names for the PINs, Keys, etc. + * + */ + +#include "config.h" + +#include +#include +#include + +#include "common/compat_strlcpy.h" +#include "internal.h" +#include "pkcs15.h" + +#define IAS_CARD 0 +#define GEMSAFE_CARD 1 + +int sc_pkcs15emu_pteid_init_ex(sc_pkcs15_card_t *, sc_pkcs15emu_opt_t *); + +static int sc_pkcs15emu_pteid_init(sc_pkcs15_card_t * p15card) +{ + int r, i, type; + unsigned char *buf = NULL; + size_t len; + sc_pkcs15_tokeninfo_t tokeninfo; + sc_path_t tmppath; + sc_card_t *card = p15card->card; + sc_context_t *ctx = card->ctx; + + /* Parse the TokenInfo EF */ + sc_format_path("3f004f005032", &tmppath); + r = sc_select_file(card, &tmppath, &p15card->file_tokeninfo); + if (r) + goto end; + if ( (len = p15card->file_tokeninfo->size) == 0) { + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "EF(TokenInfo) is empty\n"); + goto end; + } + buf = malloc(len); + if (buf == NULL) + return SC_ERROR_OUT_OF_MEMORY; + r = sc_read_binary(card, 0, buf, len, 0); + if (r < 0) + goto end; + if (r <= 2) { + r = SC_ERROR_PKCS15_APP_NOT_FOUND; + goto end; + } + memset(&tokeninfo, 0, sizeof(tokeninfo)); + r = sc_pkcs15_parse_tokeninfo(ctx, &tokeninfo, buf, (size_t) r); + if (r != SC_SUCCESS) + goto end; + + *(p15card->tokeninfo) = tokeninfo; + + /* Card type detection */ + if (card->type == SC_CARD_TYPE_IAS_PTEID) + type = IAS_CARD; + else if (card->type == SC_CARD_TYPE_GEMSAFEV1_PTEID) + type = GEMSAFE_CARD; + else { + r = SC_ERROR_INTERNAL; + goto end; + } + + p15card->tokeninfo->flags = SC_PKCS15_TOKEN_PRN_GENERATION + | SC_PKCS15_TOKEN_EID_COMPLIANT + | SC_PKCS15_TOKEN_READONLY; + + /* TODO: Use the cardholder's name? */ + /* TODO: Use Portuguese descriptions? */ + + /* Add X.509 Certificates */ + for (i = 0; i < 4; i++) { + static const char *pteid_cert_names[4] = { + "AUTHENTICATION CERTIFICATE", + "SIGNATURE CERTIFICATE", + "SIGNATURE SUB CA", + "AUTHENTICATION SUB CA" + }; + /* X.509 Certificate Paths */ + static const char *pteid_cert_paths[4] = { + "3f005f00ef09", /* Authentication Certificate path */ + "3f005f00ef08", /* Digital Signature Certificate path */ + "3f005f00ef0f", /* Signature sub CA path */ + "3f005f00ef10" /* Authentication sub CA path */ + }; + /* X.509 Certificate IDs */ + static const int pteid_cert_ids[4] = {0x45, 0x46, 0x51, 0x52}; + struct sc_pkcs15_cert_info cert_info; + struct sc_pkcs15_object cert_obj; + + memset(&cert_info, 0, sizeof(cert_info)); + memset(&cert_obj, 0, sizeof(cert_obj)); + + cert_info.id.value[0] = pteid_cert_ids[i]; + cert_info.id.len = 1; + sc_format_path(pteid_cert_paths[i], &cert_info.path); + strlcpy(cert_obj.label, pteid_cert_names[i], sizeof(cert_obj.label)); + r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info); + if (r < 0) { + r = SC_ERROR_INTERNAL; + goto end; + } + } + + /* Add PINs */ + for (i = 0; i < 3; i++) { + static const char *pteid_pin_names[3] = { + "Auth PIN", + "Sign PIN", + "Address PIN" + }; + /* PIN References */ + static const int pteid_pin_ref[2][3] = { {1, 130, 131}, {129, 130, 131} }; + /* PIN Authentication IDs */ + static const int pteid_pin_authid[3] = {1, 2, 3}; + /* PIN Paths */ + static const char *pteid_pin_paths[2][3] = { {NULL, "3f005f00", NULL}, + {NULL, NULL, NULL} }; + struct sc_pkcs15_pin_info pin_info; + struct sc_pkcs15_object pin_obj; + + memset(&pin_info, 0, sizeof(pin_info)); + memset(&pin_obj, 0, sizeof(pin_obj)); + + pin_info.auth_id.len = 1; + pin_info.auth_id.value[0] = pteid_pin_authid[i]; + pin_info.reference = pteid_pin_ref[type][i]; + pin_info.flags = SC_PKCS15_PIN_FLAG_NEEDS_PADDING + | SC_PKCS15_PIN_FLAG_INITIALIZED + | SC_PKCS15_PIN_FLAG_CASE_SENSITIVE; + pin_info.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC; + pin_info.min_length = 4; + pin_info.stored_length = 8; + pin_info.max_length = 8; + pin_info.pad_char = type == IAS_CARD ? 0x2F : 0xFF; + pin_info.tries_left = -1; + if (pteid_pin_paths[type][i] != NULL) + sc_format_path(pteid_pin_paths[type][i], &pin_info.path); + strlcpy(pin_obj.label, pteid_pin_names[i], sizeof(pin_obj.label)); + pin_obj.flags = 0; + r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info); + if (r < 0) { + r = SC_ERROR_INTERNAL; + goto end; + } + } + + /* Add Private Keys */ + for (i = 0; i < 2; i++) { + /* Key reference */ + static const int pteid_prkey_keyref[2][2] = { {1, 130}, {2, 1} }; + /* RSA Private Key usage */ + static int pteid_prkey_usage[2] = { + SC_PKCS15_PRKEY_USAGE_SIGN, + SC_PKCS15_PRKEY_USAGE_NONREPUDIATION}; + /* RSA Private Key IDs */ + static const int pteid_prkey_ids[2] = {0x45, 0x46}; + static const char *pteid_prkey_names[2] = { + "CITIZEN AUTHENTICATION KEY", + "CITIZEN SIGNATURE KEY"}; + /* RSA Private Key Paths */ + static const char *pteid_prkey_paths[2][2] = { {NULL, "3f005f00"}, {NULL, NULL} }; + struct sc_pkcs15_prkey_info prkey_info; + struct sc_pkcs15_object prkey_obj; + + memset(&prkey_info, 0, sizeof(prkey_info)); + memset(&prkey_obj, 0, sizeof(prkey_obj)); + + prkey_info.id.len = 1; + prkey_info.id.value[0] = pteid_prkey_ids[i]; + prkey_info.usage = pteid_prkey_usage[i]; + prkey_info.native = 1; + prkey_info.key_reference = pteid_prkey_keyref[type][i]; + prkey_info.modulus_length = 1024; + if (pteid_prkey_paths[type][i] != NULL) + sc_format_path(pteid_prkey_paths[type][i], &prkey_info.path); + strlcpy(prkey_obj.label, pteid_prkey_names[i], sizeof(prkey_obj.label)); + prkey_obj.auth_id.len = 1; + prkey_obj.auth_id.value[0] = i + 1; + prkey_obj.user_consent = (i == 1) ? 1 : 0; + prkey_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE; + + r = sc_pkcs15emu_add_rsa_prkey(p15card, &prkey_obj, &prkey_info); + if (r < 0) { + r = SC_ERROR_INTERNAL; + goto end; + } + } + + /* Add objects */ + for (i = 0; i < 3; i++) { + static const char *object_ids[3] = {"1", "2", "3"}; + static const char *object_oids[3] = {"-1", "-1", "-1"}; + static const char *object_labels[3] = {"Citizen Data", + "Citizen Address Data", + "Citizen Notepad"}; + static const char *object_authids[3] = {"3", "3", "1"}; + static const char *object_paths[3] = {"3f005f00ef02", + "3f005f00ef05", + "3f005f00ef07"}; + static const int object_flags[3] = {0, + SC_PKCS15_CO_FLAG_PRIVATE, + SC_PKCS15_CO_FLAG_MODIFIABLE}; + struct sc_pkcs15_data_info obj_info; + struct sc_pkcs15_object obj_obj; + + memset(&obj_info, 0, sizeof(obj_info)); + memset(&obj_obj, 0, sizeof(obj_obj)); + + sc_pkcs15_format_id(object_ids[i], &obj_info.id); + sc_format_path(object_paths[i], &obj_info.path); + r = sc_format_oid(&obj_info.app_oid, object_oids[i]); + if (r != SC_SUCCESS) + goto end; + strlcpy(obj_info.app_label, object_labels[i], SC_PKCS15_MAX_LABEL_SIZE); + if (object_authids[i] != NULL) + sc_pkcs15_format_id(object_authids[i], &obj_obj.auth_id); + strlcpy(obj_obj.label, object_labels[i], SC_PKCS15_MAX_LABEL_SIZE); + obj_obj.flags = object_flags[i]; + + r = sc_pkcs15emu_object_add(p15card, SC_PKCS15_TYPE_DATA_OBJECT, &obj_obj, &obj_info); + if (r < 0) + goto end; + } +end: + if (buf != NULL) { + free(buf); + buf = NULL; + } + if (r) + return r; + + return SC_SUCCESS; +} + +static int pteid_detect_card(sc_pkcs15_card_t *p15card) +{ + if (p15card->card->type == SC_CARD_TYPE_IAS_PTEID || + p15card->card->type == SC_CARD_TYPE_GEMSAFEV1_PTEID) + return SC_SUCCESS; + return SC_ERROR_WRONG_CARD; +} + +int sc_pkcs15emu_pteid_init_ex(sc_pkcs15_card_t *p15card, sc_pkcs15emu_opt_t *opts) +{ + if (opts != NULL && opts->flags & SC_PKCS15EMU_FLAGS_NO_CHECK) + return sc_pkcs15emu_pteid_init(p15card); + else { + int r = pteid_detect_card(p15card); + if (r) + return SC_ERROR_WRONG_CARD; + return sc_pkcs15emu_pteid_init(p15card); + } +} diff -Nru opensc-0.11.13/src/libopensc/pkcs15-pubkey.c opensc-0.12.1/src/libopensc/pkcs15-pubkey.c --- opensc-0.11.13/src/libopensc/pkcs15-pubkey.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/pkcs15-pubkey.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,14 +18,24 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" -#include "pkcs15.h" -#include "asn1.h" +#include "config.h" + #include #include #include +#include #include +#include "internal.h" +#include "asn1.h" +#include "pkcs15.h" + +static const struct sc_asn1_entry c_asn1_pkinfo[] = { + { "algorithm", SC_ASN1_ALGORITHM_ID, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, 0, NULL, NULL }, + { "subjectPublicKey", SC_ASN1_BIT_STRING_NI, SC_ASN1_TAG_BIT_STRING, SC_ASN1_ALLOC, NULL, NULL}, + { NULL, 0, 0, 0, NULL, NULL } +}; + static const struct sc_asn1_entry c_asn1_com_key_attr[] = { { "iD", SC_ASN1_PKCS15_ID, SC_ASN1_TAG_OCTET_STRING, 0, NULL, NULL }, { "usage", SC_ASN1_BIT_FIELD, SC_ASN1_TAG_BIT_STRING, 0, NULL, NULL }, @@ -36,12 +46,18 @@ }; static const struct sc_asn1_entry c_asn1_com_pubkey_attr[] = { - /* FIXME */ + /* FIXME */ + { NULL, 0, 0, 0, NULL, NULL } +}; + +static const struct sc_asn1_entry c_asn1_rsakey_value_choice[] = { + { "path", SC_ASN1_PATH, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, SC_ASN1_EMPTY_ALLOWED, NULL, NULL }, + { "direct", SC_ASN1_OCTET_STRING, SC_ASN1_CTX | 0 | SC_ASN1_CONS, SC_ASN1_OPTIONAL | SC_ASN1_ALLOC, NULL, NULL }, { NULL, 0, 0, 0, NULL, NULL } }; static const struct sc_asn1_entry c_asn1_rsakey_attr[] = { - { "value", SC_ASN1_PATH, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, 0, NULL, NULL }, + { "value", SC_ASN1_CHOICE, 0, 0, NULL, NULL }, { "modulusLength", SC_ASN1_INTEGER, SC_ASN1_TAG_INTEGER, 0, NULL, NULL }, { "keyInfo", SC_ASN1_INTEGER, SC_ASN1_TAG_INTEGER, SC_ASN1_OPTIONAL, NULL, NULL }, { NULL, 0, 0, 0, NULL, NULL } @@ -63,7 +79,7 @@ }; static const struct sc_asn1_entry c_asn1_gostr3410key_attr[] = { - { "value", SC_ASN1_PATH, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, 0, NULL, NULL }, + { "value", SC_ASN1_PATH, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, 0, NULL, NULL }, { "params_r3410", SC_ASN1_INTEGER, SC_ASN1_TAG_INTEGER, 0, NULL, NULL }, { "params_r3411", SC_ASN1_INTEGER, SC_ASN1_TAG_INTEGER, SC_ASN1_OPTIONAL, NULL, NULL }, { "params_28147", SC_ASN1_INTEGER, SC_ASN1_TAG_INTEGER, SC_ASN1_OPTIONAL, NULL, NULL }, @@ -79,6 +95,7 @@ { "publicRSAKey", SC_ASN1_PKCS15_OBJECT, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, 0, NULL, NULL }, { "publicDSAKey", SC_ASN1_PKCS15_OBJECT, 2 | SC_ASN1_CTX | SC_ASN1_CONS, 0, NULL, NULL }, { "publicGOSTR3410Key", SC_ASN1_PKCS15_OBJECT, 3 | SC_ASN1_CTX | SC_ASN1_CONS, 0, NULL, NULL }, +/*TODO: -DEE not clear EC is needed here as look like it is for pukdf */ { NULL, 0, 0, 0, NULL, NULL } }; @@ -97,7 +114,9 @@ struct sc_pkcs15_keyinfo_gostparams *keyinfo_gostparams; size_t usage_len = sizeof(info.usage); size_t af_len = sizeof(info.access_flags); + struct sc_pkcs15_der *der = &obj->content; struct sc_asn1_entry asn1_com_key_attr[6], asn1_com_pubkey_attr[1]; + struct sc_asn1_entry asn1_rsakey_value_choice[3]; struct sc_asn1_entry asn1_rsakey_attr[4], asn1_rsa_type_attr[2]; struct sc_asn1_entry asn1_dsakey_attr[2], asn1_dsa_type_attr[2]; struct sc_asn1_entry asn1_gostr3410key_attr[5], asn1_gostr3410_type_attr[2]; @@ -113,6 +132,7 @@ sc_copy_asn1_entry(c_asn1_pubkey, asn1_pubkey); sc_copy_asn1_entry(c_asn1_pubkey_choice, asn1_pubkey_choice); sc_copy_asn1_entry(c_asn1_rsa_type_attr, asn1_rsa_type_attr); + sc_copy_asn1_entry(c_asn1_rsakey_value_choice, asn1_rsakey_value_choice); sc_copy_asn1_entry(c_asn1_rsakey_attr, asn1_rsakey_attr); sc_copy_asn1_entry(c_asn1_dsa_type_attr, asn1_dsa_type_attr); sc_copy_asn1_entry(c_asn1_dsakey_attr, asn1_dsakey_attr); @@ -127,7 +147,10 @@ sc_format_asn1_entry(asn1_rsa_type_attr + 0, asn1_rsakey_attr, NULL, 0); - sc_format_asn1_entry(asn1_rsakey_attr + 0, &info.path, NULL, 0); + sc_format_asn1_entry(asn1_rsakey_value_choice + 0, &info.path, NULL, 0); + sc_format_asn1_entry(asn1_rsakey_value_choice + 1, &der->value, &der->len, 0); + + sc_format_asn1_entry(asn1_rsakey_attr + 0, asn1_rsakey_value_choice, NULL, 0); sc_format_asn1_entry(asn1_rsakey_attr + 1, &info.modulus_length, NULL, 0); sc_format_asn1_entry(asn1_dsa_type_attr + 0, asn1_dsakey_attr, NULL, 0); @@ -158,47 +181,48 @@ r = sc_asn1_decode(ctx, asn1_pubkey, *buf, *buflen, buf, buflen); if (r == SC_ERROR_ASN1_END_OF_CONTENTS) return r; - SC_TEST_RET(ctx, r, "ASN.1 decoding failed"); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "ASN.1 decoding failed"); if (asn1_pubkey_choice[0].flags & SC_ASN1_PRESENT) { obj->type = SC_PKCS15_TYPE_PUBKEY_RSA; } else if (asn1_pubkey_choice[2].flags & SC_ASN1_PRESENT) { obj->type = SC_PKCS15_TYPE_PUBKEY_GOSTR3410; assert(info.modulus_length == 0); info.modulus_length = SC_PKCS15_GOSTR3410_KEYSIZE; - assert(info.params_len == 0); - info.params_len = sizeof(struct sc_pkcs15_keyinfo_gostparams); - info.params = malloc(info.params_len); - if (info.params == NULL) - SC_FUNC_RETURN(ctx, 0, SC_ERROR_OUT_OF_MEMORY); - assert(sizeof(*keyinfo_gostparams) == info.params_len); - keyinfo_gostparams = info.params; + assert(info.params.len == 0); + info.params.len = sizeof(struct sc_pkcs15_keyinfo_gostparams); + info.params.data = malloc(info.params.len); + if (info.params.data == NULL) + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); + assert(sizeof(*keyinfo_gostparams) == info.params.len); + keyinfo_gostparams = info.params.data; keyinfo_gostparams->gostr3410 = (unsigned int)gostr3410_params[0]; keyinfo_gostparams->gostr3411 = (unsigned int)gostr3410_params[1]; keyinfo_gostparams->gost28147 = (unsigned int)gostr3410_params[2]; } else { obj->type = SC_PKCS15_TYPE_PUBKEY_DSA; } - r = sc_pkcs15_make_absolute_path(&p15card->file_app->path, &info.path); - if (r < 0) { - if (info.params) - free(info.params); - return r; + if (!p15card->app || !p15card->app->ddo.aid.len) { + r = sc_pkcs15_make_absolute_path(&p15card->file_app->path, &info.path); + if (r < 0) { + sc_pkcs15_free_key_params(&info.params); + return r; + } + } + else { + info.path.aid = p15card->app->ddo.aid; } + sc_debug(ctx, SC_LOG_DEBUG_ASN1, "PubKey path '%s'", sc_print_path(&info.path)); /* OpenSC 0.11.4 and older encoded "keyReference" as a negative value. Fixed in 0.11.5 we need to add a hack, so old cards continue to work. */ - if (p15card->flags & SC_PKCS15_CARD_FLAG_FIX_INTEGERS) { - if (info.key_reference < -1) { - info.key_reference += 256; - } - } + if (info.key_reference < -1) + info.key_reference += 256; obj->data = malloc(sizeof(info)); if (obj->data == NULL) { - if (info.params) - free(info.params); - SC_FUNC_RETURN(ctx, 0, SC_ERROR_OUT_OF_MEMORY); + sc_pkcs15_free_key_params(&info.params); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); } memcpy(obj->data, &info, sizeof(info)); @@ -210,6 +234,7 @@ u8 **buf, size_t *buflen) { struct sc_asn1_entry asn1_com_key_attr[6], asn1_com_pubkey_attr[1]; + struct sc_asn1_entry asn1_rsakey_value_choice[3]; struct sc_asn1_entry asn1_rsakey_attr[4], asn1_rsa_type_attr[2]; struct sc_asn1_entry asn1_dsakey_attr[2], asn1_dsa_type_attr[2]; struct sc_asn1_entry asn1_gostr3410key_attr[5], asn1_gostr3410_type_attr[2]; @@ -233,6 +258,7 @@ sc_copy_asn1_entry(c_asn1_pubkey, asn1_pubkey); sc_copy_asn1_entry(c_asn1_pubkey_choice, asn1_pubkey_choice); sc_copy_asn1_entry(c_asn1_rsa_type_attr, asn1_rsa_type_attr); + sc_copy_asn1_entry(c_asn1_rsakey_value_choice, asn1_rsakey_value_choice); sc_copy_asn1_entry(c_asn1_rsakey_attr, asn1_rsakey_attr); sc_copy_asn1_entry(c_asn1_dsa_type_attr, asn1_dsa_type_attr); sc_copy_asn1_entry(c_asn1_dsakey_attr, asn1_dsakey_attr); @@ -246,8 +272,11 @@ sc_format_asn1_entry(asn1_pubkey_choice + 0, &rsakey_obj, NULL, 1); sc_format_asn1_entry(asn1_rsa_type_attr + 0, asn1_rsakey_attr, NULL, 1); - - sc_format_asn1_entry(asn1_rsakey_attr + 0, &pubkey->path, NULL, 1); + if (pubkey->path.len || !obj->content.value) + sc_format_asn1_entry(asn1_rsakey_value_choice + 0, &pubkey->path, NULL, 1); + else + sc_format_asn1_entry(asn1_rsakey_value_choice + 1, obj->content.value, (void *)&obj->content.len, 1); + sc_format_asn1_entry(asn1_rsakey_attr + 0, asn1_rsakey_value_choice, NULL, 1); sc_format_asn1_entry(asn1_rsakey_attr + 1, &pubkey->modulus_length, NULL, 1); break; @@ -265,9 +294,9 @@ sc_format_asn1_entry(asn1_gostr3410_type_attr + 0, asn1_gostr3410key_attr, NULL, 1); sc_format_asn1_entry(asn1_gostr3410key_attr + 0, &pubkey->path, NULL, 1); - if (pubkey->params_len == sizeof(*keyinfo_gostparams)) + if (pubkey->params.len == sizeof(*keyinfo_gostparams)) { - keyinfo_gostparams = pubkey->params; + keyinfo_gostparams = pubkey->params.data; sc_format_asn1_entry(asn1_gostr3410key_attr + 1, &keyinfo_gostparams->gostr3410, NULL, 1); sc_format_asn1_entry(asn1_gostr3410key_attr + 2, @@ -277,8 +306,9 @@ } break; default: - sc_error(ctx, "Unsupported public key type: %X\n", obj->type); - SC_FUNC_RETURN(ctx, 0, SC_ERROR_INTERNAL); + /* TODO: -DEE Should add ECC but don't have PKCS15 card with ECC */ + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Unsupported public key type: %X\n", obj->type); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INTERNAL); break; } @@ -326,6 +356,11 @@ { NULL, 0, 0, 0, NULL, NULL } }; +static struct sc_asn1_entry c_asn1_ec_pointQ[2] = { + { "ecpointQ", SC_ASN1_OCTET_STRING, SC_ASN1_TAG_OCTET_STRING, SC_ASN1_ALLOC, NULL, NULL }, + { NULL, 0, 0, 0, NULL, NULL } +}; + int sc_pkcs15_decode_pubkey_rsa(sc_context_t *ctx, struct sc_pkcs15_pubkey_rsa *key, @@ -345,7 +380,7 @@ &key->exponent.data, &key->exponent.len, 0); r = sc_asn1_decode(ctx, asn1_public_key, buf, buflen, NULL, NULL); - SC_TEST_RET(ctx, r, "ASN.1 parsing of public key failed"); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "ASN.1 parsing of public key failed"); return 0; } @@ -369,7 +404,7 @@ key->exponent.data, &key->exponent.len, 1); r = sc_asn1_encode(ctx, asn1_public_key, buf, buflen); - SC_TEST_RET(ctx, r, "ASN.1 encoding failed"); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "ASN.1 encoding failed"); return 0; } @@ -398,7 +433,7 @@ r = sc_asn1_decode(ctx, asn1_public_key, buf, buflen, NULL, NULL); - SC_TEST_RET(ctx, r, "ASN.1 decoding failed"); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "ASN.1 decoding failed"); return 0; } @@ -426,7 +461,7 @@ key->q.data, &key->q.len, 1); r = sc_asn1_encode(ctx, asn1_public_key, buf, buflen); - SC_TEST_RET(ctx, r, "ASN.1 encoding failed"); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "ASN.1 encoding failed"); return 0; } @@ -443,7 +478,7 @@ sc_format_asn1_entry(asn1_gostr3410_pub_coeff + 0, &key->xy.data, &key->xy.len, 0); r = sc_asn1_decode(ctx, asn1_gostr3410_pub_coeff, buf, buflen, NULL, NULL); - SC_TEST_RET(ctx, r, "ASN.1 parsing of public key failed"); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "ASN.1 parsing of public key failed"); return 0; } @@ -460,11 +495,69 @@ sc_format_asn1_entry(asn1_gostr3410_pub_coeff + 0, key->xy.data, &key->xy.len, 1); r = sc_asn1_encode(ctx, asn1_gostr3410_pub_coeff, buf, buflen); - SC_TEST_RET(ctx, r, "ASN.1 encoding failed"); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "ASN.1 encoding failed"); return 0; } + /* + * We are storing the ec_pointQ as a octet string. + * Thus we will just copy the string. + * But to get the field length we decode it. + */ +int +sc_pkcs15_decode_pubkey_ec(sc_context_t *ctx, + struct sc_pkcs15_pubkey_ec *key, + const u8 *buf, size_t buflen) +{ + int r; + u8 * ecpoint_data; + size_t ecpoint_len; + struct sc_asn1_entry asn1_ec_pointQ[2]; + + sc_copy_asn1_entry(c_asn1_ec_pointQ, asn1_ec_pointQ); + sc_format_asn1_entry(asn1_ec_pointQ + 0, &ecpoint_data, &ecpoint_len, 1); + r = sc_asn1_decode(ctx, asn1_ec_pointQ, buf, buflen, NULL, NULL); + if (r < 0) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "ASN.1 encoding failed"); + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL,"DEE-EC key=%p, buf=%p, buflen=%d", key, buf, buflen); + key->ecpointQ.value = malloc(buflen); + if (key->ecpointQ.value == NULL) + return SC_ERROR_OUT_OF_MEMORY; + + key->ecpointQ.len = buflen; + memcpy(key->ecpointQ.value, buf, buflen); + + /* An uncompressed ecpoint is of the form 04||x||y + * The 04 indicates uncompressed + * x and y are same size, and field_length = sizeof(x) in bits. */ + /* TODO: -DEE support more then uncompressed */ + key->params.field_length = (ecpoint_len - 1)/2 * 8; + if (ecpoint_data) + free (ecpoint_data); + + return r; +} + +int sc_pkcs15_encode_pubkey_ec(sc_context_t *ctx, + struct sc_pkcs15_pubkey_ec *key, + u8 **buf, size_t *buflen) +{ + *buf = malloc(key->ecpointQ.len); + if (*buf == NULL) + return SC_ERROR_OUT_OF_MEMORY; + + memcpy(*buf, key->ecpointQ.value, key->ecpointQ.len); + *buflen = key->ecpointQ.len; + +sc_debug(ctx, SC_LOG_DEBUG_NORMAL,"DEE-EC key->ecpointQ=%p:%d *buf=%p:%d", + key->ecpointQ.value, key->ecpointQ.len, *buf, *buflen); + + return 0; +} + + int sc_pkcs15_encode_pubkey(sc_context_t *ctx, struct sc_pkcs15_pubkey *key, @@ -477,7 +570,9 @@ if (key->algorithm == SC_ALGORITHM_GOSTR3410) return sc_pkcs15_encode_pubkey_gostr3410(ctx, &key->u.gostr3410, buf, len); - sc_error(ctx, "Encoding of public key type %u not supported\n", + if (key->algorithm == SC_ALGORITHM_EC) + return sc_pkcs15_encode_pubkey_ec(ctx, &key->u.ec, buf, len); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Encoding of public key type %u not supported\n", key->algorithm); return SC_ERROR_NOT_SUPPORTED; } @@ -494,7 +589,9 @@ if (key->algorithm == SC_ALGORITHM_GOSTR3410) return sc_pkcs15_decode_pubkey_gostr3410(ctx, &key->u.gostr3410, buf, len); - sc_error(ctx, "Decoding of public key type %u not supported\n", + if (key->algorithm == SC_ALGORITHM_EC) + return sc_pkcs15_decode_pubkey_ec(ctx, &key->u.ec, buf, len); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Decoding of public key type %u not supported\n", key->algorithm); return SC_ERROR_NOT_SUPPORTED; } @@ -507,6 +604,7 @@ const struct sc_pkcs15_object *obj, struct sc_pkcs15_pubkey **out) { + struct sc_context *ctx = p15card->card->ctx; const struct sc_pkcs15_pubkey_info *info; struct sc_pkcs15_pubkey *pubkey; u8 *data; @@ -514,7 +612,7 @@ int algorithm, r; assert(p15card != NULL && obj != NULL && out != NULL); - SC_FUNC_CALLED(p15card->card->ctx, 1); + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); switch (obj->type) { case SC_PKCS15_TYPE_PUBKEY_RSA: @@ -526,54 +624,145 @@ case SC_PKCS15_TYPE_PUBKEY_GOSTR3410: algorithm = SC_ALGORITHM_GOSTR3410; break; + case SC_PKCS15_TYPE_PUBKEY_EC: + algorithm = SC_ALGORITHM_EC; + break; default: - sc_error(p15card->card->ctx, "Unsupported public key type."); - return SC_ERROR_NOT_SUPPORTED; + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "Unsupported public key type."); } info = (const struct sc_pkcs15_pubkey_info *) obj->data; - r = sc_pkcs15_read_file(p15card, &info->path, &data, &len, NULL); - if (r < 0) { - sc_error(p15card->card->ctx, "Failed to read public key file."); - return r; + if (obj->content.value && obj->content.len) { + /* public key data is present as 'direct' value of pkcs#15 object */ + data = calloc(1, obj->content.len); + if (!data) + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); + memcpy(data, obj->content.value, obj->content.len); + len = obj->content.len; + } + else { + r = sc_pkcs15_read_file(p15card, &info->path, &data, &len, NULL); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Failed to read public key file."); } - pubkey = (struct sc_pkcs15_pubkey *) calloc(1, sizeof(struct sc_pkcs15_pubkey)); + pubkey = calloc(1, sizeof(struct sc_pkcs15_pubkey)); if (pubkey == NULL) { free(data); - return SC_ERROR_OUT_OF_MEMORY; + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); } pubkey->algorithm = algorithm; pubkey->data.value = data; pubkey->data.len = len; - if (sc_pkcs15_decode_pubkey(p15card->card->ctx, pubkey, data, len)) { + if (sc_pkcs15_decode_pubkey(ctx, pubkey, data, len)) { free(data); free(pubkey); - return SC_ERROR_INVALID_ASN1_OBJECT; + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ASN1_OBJECT); } + *out = pubkey; + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); +} + +static int +sc_pkcs15_dup_bignum (struct sc_pkcs15_bignum *dst, struct sc_pkcs15_bignum *src) +{ + assert(dst && src); + + if (src->data && src->len) { + dst->data = calloc(1, src->len); + if (!dst->data) + return SC_ERROR_OUT_OF_MEMORY; + memcpy(dst->data, src->data, src->len); + dst->len = src->len; + } + return 0; } +int +sc_pkcs15_pubkey_from_prvkey(struct sc_context *ctx, + struct sc_pkcs15_prkey *prvkey, struct sc_pkcs15_pubkey **out) +{ + struct sc_pkcs15_pubkey *pubkey; + int rv = SC_SUCCESS; + + assert(prvkey && out); + + *out = NULL; + pubkey = calloc(1, sizeof(struct sc_pkcs15_pubkey)); + if (!pubkey) + return SC_ERROR_OUT_OF_MEMORY; + + pubkey->algorithm = prvkey->algorithm; + switch (prvkey->algorithm) { + case SC_ALGORITHM_RSA: + rv = sc_pkcs15_dup_bignum(&pubkey->u.rsa.modulus, &prvkey->u.rsa.modulus); + if (!rv) + rv = sc_pkcs15_dup_bignum(&pubkey->u.rsa.exponent, &prvkey->u.rsa.exponent); + break; + case SC_ALGORITHM_DSA: + rv = sc_pkcs15_dup_bignum(&pubkey->u.dsa.pub, &prvkey->u.dsa.pub); + if (!rv) + rv = sc_pkcs15_dup_bignum(&pubkey->u.dsa.p, &prvkey->u.dsa.p); + if (!rv) + rv = sc_pkcs15_dup_bignum(&pubkey->u.dsa.q, &prvkey->u.dsa.q); + if (!rv) + rv = sc_pkcs15_dup_bignum(&pubkey->u.dsa.g, &prvkey->u.dsa.g); + break; + case SC_ALGORITHM_GOSTR3410: + break; + default: + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Unsupported private key algorithm"); + return SC_ERROR_NOT_SUPPORTED; + } + + if (rv) + sc_pkcs15_free_pubkey(pubkey); + else + *out = pubkey; + + return SC_SUCCESS; +} + void sc_pkcs15_erase_pubkey(struct sc_pkcs15_pubkey *key) { assert(key != NULL); + if (key->alg_id) { + sc_asn1_clear_algorithm_id(key->alg_id); + free(key->alg_id); + } switch (key->algorithm) { case SC_ALGORITHM_RSA: - free(key->u.rsa.modulus.data); - free(key->u.rsa.exponent.data); + if (key->u.rsa.modulus.data) + free(key->u.rsa.modulus.data); + if (key->u.rsa.exponent.data) + free(key->u.rsa.exponent.data); break; case SC_ALGORITHM_DSA: - free(key->u.dsa.pub.data); - free(key->u.dsa.g.data); - free(key->u.dsa.p.data); - free(key->u.dsa.q.data); + if (key->u.dsa.pub.data) + free(key->u.dsa.pub.data); + if (key->u.dsa.g.data) + free(key->u.dsa.g.data); + if (key->u.dsa.p.data) + free(key->u.dsa.p.data); + if (key->u.dsa.q.data) + free(key->u.dsa.q.data); break; case SC_ALGORITHM_GOSTR3410: - free(key->u.gostr3410.xy.data); + if (key->u.gostr3410.xy.data) + free(key->u.gostr3410.xy.data); + break; + case SC_ALGORITHM_EC: + if (key->u.ec.params.der.value) + free(key->u.ec.params.der.value); + if (key->u.ec.params.named_curve) + free(key->u.ec.params.named_curve); + if (key->u.ec.ecpointQ.value) + free(key->u.ec.ecpointQ.value); break; } - free(key->data.value); + if (key->data.value) + free(key->data.value); sc_mem_clear(key, sizeof(*key)); } @@ -585,9 +774,274 @@ void sc_pkcs15_free_pubkey_info(sc_pkcs15_pubkey_info_t *key) { - if (key->subject) - free(key->subject); - if (key->params) - free(key->params); + if (key->subject.value) + free(key->subject.value); + sc_pkcs15_free_key_params(&key->params); free(key); } + +static int sc_pkcs15_read_der_file(sc_context_t *ctx, char * filename, + u8 ** buf, size_t * buflen) +{ + int r; + int f = -1; + size_t len; + u8 tagbuf[16]; /* enough to read in the tag and length */ + u8 * rbuf = NULL; + size_t rbuflen; + const u8 * body; + size_t bodylen; + unsigned int cla_out, tag_out; + *buf = NULL; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + f = open(filename, O_RDONLY); + if (f < 0) { + r = SC_ERROR_FILE_NOT_FOUND; + goto out; + } + + r = read(f, tagbuf, sizeof(tagbuf)); /* get tag and length */ + if (r < 2) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL,"Problem with \"%s\"\n",filename); + r = SC_ERROR_DATA_OBJECT_NOT_FOUND; + goto out; + } + len = r; + body = tagbuf; + if (sc_asn1_read_tag(&body, 0xfffff, &cla_out, + &tag_out, &bodylen) != SC_SUCCESS) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "DER problem\n"); + r = SC_ERROR_INVALID_ASN1_OBJECT; + goto out; + } + + rbuflen = body - tagbuf + bodylen; + rbuf = malloc(rbuflen); + if (rbuf == NULL) { + r = SC_ERROR_OUT_OF_MEMORY; + goto out; + } + memcpy(rbuf, tagbuf, len); /* copy first or only part */ + if (rbuflen > len) { + /* read rest of file */ + r = read(f, rbuf + len, rbuflen - len); + if (r < (int)(rbuflen - len)) { + r = SC_ERROR_INVALID_ASN1_OBJECT; + free (rbuf); + rbuf = NULL; + goto out; + } + } + *buflen = rbuflen; + *buf = rbuf; + rbuf = NULL; + r = rbuflen; +out: + if (rbuf) + free(rbuf); + if (f > 0) + close(f); + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r); +} + +/* + * can be used as an SC_ASN1_CALLBACK while parsing a certificate, + * or can be called from the sc_pkcs15_pubkey_from_spki_filename + */ +int sc_pkcs15_pubkey_from_spki(sc_context_t *ctx, sc_pkcs15_pubkey_t ** outpubkey, u8 *buf, size_t buflen, int depth) +{ + + int r; + sc_pkcs15_pubkey_t * pubkey = NULL; + sc_pkcs15_der_t pk = { NULL, 0 }; + struct sc_algorithm_id pk_alg; + struct sc_asn1_entry asn1_pkinfo[3]; + struct sc_asn1_entry asn1_ec_pointQ[2]; + + sc_debug(ctx,SC_LOG_DEBUG_NORMAL,"sc_pkcs15_pubkey_from_spki %p:%d", buf, buflen); + + memset(&pk_alg, 0, sizeof(pk_alg)); + pubkey = calloc(1, sizeof(sc_pkcs15_pubkey_t)); + if (pubkey == NULL) { + r = SC_ERROR_OUT_OF_MEMORY; + goto err; + } + + sc_copy_asn1_entry(c_asn1_pkinfo, asn1_pkinfo); + sc_format_asn1_entry(asn1_pkinfo + 0, &pk_alg, NULL, 0); + sc_format_asn1_entry(asn1_pkinfo + 1, &pk.value, &pk.len, 0); + + r = sc_asn1_decode(ctx, asn1_pkinfo, buf, buflen, NULL, NULL); + if (r < 0) + goto err; + + pubkey->alg_id = calloc(1, sizeof(struct sc_algorithm_id)); + if (pubkey->alg_id == NULL) { + r = SC_ERROR_OUT_OF_MEMORY; + goto err; + } + memcpy(pubkey->alg_id, &pk_alg, sizeof(struct sc_algorithm_id)); + pubkey->algorithm = pk_alg.algorithm; + + sc_debug(ctx,SC_LOG_DEBUG_NORMAL,"DEE pk_alg.algorithm=%d",pk_alg.algorithm); + + /* pk.len is in bits at this point */ + switch (pk_alg.algorithm) { + case SC_ALGORITHM_EC: + /* + * For most keys, the above ASN.1 parsing of a key works, but for EC keys, + * the ec_pointQ in a certificate is stored in a bitstring, but + * in PKCS#11 it is an octet string and we just decoded its + * contents from the bitstring in the certificate. So we need to encode it + * back to an octet string so we can store it as an octet string. + */ + pk.len >>= 3; /* Assume it is multiple of 8 */ +// pubkey->u.ec.field_length = (pk.len - 1)/2 * 8; + + sc_copy_asn1_entry(c_asn1_ec_pointQ, asn1_ec_pointQ); + sc_format_asn1_entry(&asn1_ec_pointQ[0], pk.value, &pk.len, 1); + r = sc_asn1_encode(ctx, asn1_ec_pointQ, + &pubkey->data.value, &pubkey->data.len); + sc_debug(ctx,SC_LOG_DEBUG_NORMAL,"DEE r=%d data=%p:%d", + r,pubkey->data.value, pubkey->data.len); + break; + default: + pk.len >>= 3; /* convert number of bits to bytes */ + pubkey->data = pk; /* save in publey */ + pk.value = NULL; + break; + } + + /* Now decode what every is in pk as it depends on the key algorthim */ + + r = sc_pkcs15_decode_pubkey(ctx, pubkey, pubkey->data.value, pubkey->data.len); + if (r < 0) + goto err; + + *outpubkey = pubkey; + pubkey = NULL; + return 0; + +err: + if (pubkey) + free(pubkey); + if (pk.value) + free(pk.value); + + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "ASN.1 parsing of subjectPubkeyInfo failed"); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r); +} + +int sc_pkcs15_pubkey_from_spki_filename(sc_context_t *ctx, + char * filename, + sc_pkcs15_pubkey_t ** outpubkey) +{ + int r; + u8 * buf = NULL; + size_t buflen = 0; + sc_pkcs15_pubkey_t * pubkey = NULL; + struct sc_asn1_entry asn1_spki[] = { + { "PublicKeyInfo",SC_ASN1_CALLBACK, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, 0, sc_pkcs15_pubkey_from_spki, &pubkey}, + { NULL, 0, 0, 0, NULL, NULL } }; + + *outpubkey = NULL; + r = sc_pkcs15_read_der_file(ctx, filename, &buf, &buflen); + if (r < 0) + return r; + + r = sc_asn1_decode(ctx, asn1_spki, buf, buflen, NULL, NULL); + + if (buf) + free(buf); + *outpubkey = pubkey; + return r; +} + + +static struct ec_curve_info { + const char *name; + const char *oid_str; + const char *oid_encoded; + size_t size; +} ec_curve_infos[] = { + {"prime256v1", "1.2.840.10045.3.1.7", "06082A8648CE3D030107", 256}, + {"secp256r1", "1.2.840.10045.3.1.7", "06082A8648CE3D030107", 256}, + {"ansiX9p256r1", "1.2.840.10045.3.1.7", "06082A8648CE3D030107", 256}, + {"secp384r1", "1.3.132.0.34", "06052B81040022", 384}, + {"prime384v1", "1.3.132.0.34", "06052B81040022", 384}, + {"ansiX9p384r1", "1.3.132.0.34", "06052B81040022", 384}, + {NULL, NULL, NULL, 0}, +}; + +int +sc_pkcs15_fix_ec_parameters(struct sc_context *ctx, struct sc_pkcs15_ec_parameters *ecparams) +{ + int rv, ii; + + LOG_FUNC_CALLED(ctx); + + /* In PKCS#11 EC parameters arrives in DER encoded form */ + if (ecparams->der.value && ecparams->der.len) { + for (ii=0; ec_curve_infos[ii].name; ii++) { + struct sc_object_id id; + unsigned char *buf = NULL; + size_t len = 0; + + sc_format_oid(&id, ec_curve_infos[ii].oid_str); + sc_encode_oid (ctx, &id, &buf, &len); + + if (ecparams->der.len == len && !memcmp(ecparams->der.value, buf, len)) { + free(buf); + break; + } + + free(buf); + } + + /* TODO: support of explicit EC parameters form */ + if (!ec_curve_infos[ii].name) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Unsupported named curve"); + + sc_debug(ctx,SC_LOG_DEBUG_NORMAL, "Found known curve '%s'", ec_curve_infos[ii].name); + if (!ecparams->named_curve) { + ecparams->named_curve = strdup(ec_curve_infos[ii].name); + if (!ecparams->named_curve) + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); + + sc_debug(ctx,SC_LOG_DEBUG_NORMAL, "Curve name: '%s'", ecparams->named_curve); + } + + if (ecparams->id.value[0] <=0 || ecparams->id.value[1] <=0) + sc_format_oid(&ecparams->id, ec_curve_infos[ii].oid_str); + + ecparams->field_length = ec_curve_infos[ii].size; + sc_debug(ctx,SC_LOG_DEBUG_NORMAL, "Curve length %i", ecparams->field_length); + } + else if (ecparams->named_curve) { /* it can be name of curve or OID in ASCII form */ + for (ii=0; ec_curve_infos[ii].name; ii++) { + if (!strcmp(ec_curve_infos[ii].name, ecparams->named_curve)) + break; + if (!strcmp(ec_curve_infos[ii].oid_str, ecparams->named_curve)) + break; + } + if (!ec_curve_infos[ii].name) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Unsupported named curve"); + + rv = sc_format_oid(&ecparams->id, ec_curve_infos[ii].oid_str); + LOG_TEST_RET(ctx, rv, "Invalid OID format"); + + ecparams->field_length = ec_curve_infos[ii].size; + + if (!ecparams->der.value || !ecparams->der.len) { + rv = sc_encode_oid (ctx, &ecparams->id, &ecparams->der.value, &ecparams->der.len); + LOG_TEST_RET(ctx, rv, "Cannot encode object ID"); + } + } + else if (ecparams->id.value[0] > 0 && ecparams->id.value[1] > 0) { + LOG_TEST_RET(ctx, SC_ERROR_NOT_IMPLEMENTED, "EC parameters has to be presented as a named curve or explicit data"); + } + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} diff -Nru opensc-0.11.13/src/libopensc/pkcs15-sec.c opensc-0.12.1/src/libopensc/pkcs15-sec.c --- opensc-0.11.13/src/libopensc/pkcs15-sec.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/pkcs15-sec.c 2011-05-17 17:07:00.000000000 +0000 @@ -19,8 +19,8 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" -#include "pkcs15.h" +#include "config.h" + #include #include #include @@ -28,15 +28,25 @@ #include #endif +#include "internal.h" +#include "pkcs15.h" + static int select_key_file(struct sc_pkcs15_card *p15card, const struct sc_pkcs15_prkey_info *prkey, sc_security_env_t *senv) { + sc_context_t *ctx = p15card->card->ctx; sc_path_t path, file_id; int r; + LOG_FUNC_CALLED(ctx); + if (prkey->path.len < 2) - return SC_ERROR_INVALID_ARGUMENTS; + LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "invalid private key path"); + + memset(&path, 0, sizeof(sc_path_t)); + memset(&file_id, 0, sizeof(sc_path_t)); + /* For pkcs15-emulated cards, the file_app may be NULL, in that case we allways assume an absolute path */ if (prkey->path.len == 2 && p15card->file_app != NULL) { @@ -53,9 +63,9 @@ senv->file_ref = file_id; senv->flags |= SC_SEC_ENV_FILE_REF_PRESENT; r = sc_select_file(p15card->card, &path, NULL); - SC_TEST_RET(p15card->card->ctx, r, "sc_select_file() failed"); + LOG_TEST_RET(ctx, r, "sc_select_file() failed"); - return 0; + LOG_FUNC_RETURN(ctx, SC_SUCCESS); } int sc_pkcs15_decipher(struct sc_pkcs15_card *p15card, @@ -63,34 +73,53 @@ unsigned long flags, const u8 * in, size_t inlen, u8 *out, size_t outlen) { + sc_context_t *ctx = p15card->card->ctx; int r; sc_algorithm_info_t *alg_info; sc_security_env_t senv; - sc_context_t *ctx = p15card->card->ctx; const struct sc_pkcs15_prkey_info *prkey = (const struct sc_pkcs15_prkey_info *) obj->data; unsigned long pad_flags = 0, sec_flags = 0; - SC_FUNC_CALLED(ctx, 1); - /* If the key is extractable, the caller should extract the - * key and do the crypto himself */ + LOG_FUNC_CALLED(ctx); + + memset(&senv, 0, sizeof(senv)); + + /* Card driver should have the access to supported algorithms from 'tokenInfo'. So that + * it can get value of card specific 'AlgorithmInfo::algRef'. */ + memcpy(&senv.supported_algos, &p15card->tokeninfo->supported_algos, sizeof(senv.supported_algos)); + + /* If the key is not native, we can't operate with it. */ if (!prkey->native) - return SC_ERROR_EXTRACTABLE_KEY; + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "This key is not native, cannot operate with it"); - if (!(prkey->usage & (SC_PKCS15_PRKEY_USAGE_DECRYPT|SC_PKCS15_PRKEY_USAGE_UNWRAP))) { - sc_error(ctx, "This key cannot be used for decryption\n"); - return SC_ERROR_NOT_ALLOWED; - } + if (!(prkey->usage & (SC_PKCS15_PRKEY_USAGE_DECRYPT|SC_PKCS15_PRKEY_USAGE_UNWRAP))) + LOG_TEST_RET(ctx, SC_ERROR_NOT_ALLOWED, "This key cannot be used for decryption"); - alg_info = _sc_card_find_rsa_alg(p15card->card, prkey->modulus_length); - if (alg_info == NULL) { - sc_error(ctx, "Card does not support RSA with key length %d\n", prkey->modulus_length); - return SC_ERROR_NOT_SUPPORTED; + switch (obj->type) { + case SC_PKCS15_TYPE_PRKEY_RSA: + alg_info = sc_card_find_rsa_alg(p15card->card, prkey->modulus_length); + if (alg_info == NULL) { + sc_log(ctx, "Card does not support RSA with key length %d", prkey->modulus_length); + LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED); + } + senv.algorithm = SC_ALGORITHM_RSA; + break; + + case SC_PKCS15_TYPE_PRKEY_GOSTR3410: + alg_info = sc_card_find_gostr3410_alg(p15card->card, prkey->modulus_length); + if (alg_info == NULL) { + sc_log(ctx, "Card does not support GOSTR3410 with key length %d", prkey->modulus_length); + LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED); + } + senv.algorithm = SC_ALGORITHM_GOSTR3410; + break; + + default: + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED,"Key type not supported"); } - senv.algorithm = SC_ALGORITHM_RSA; r = sc_get_encoding_flags(ctx, flags, alg_info->flags, &pad_flags, &sec_flags); - if (r != SC_SUCCESS) - return r; + LOG_TEST_RET(ctx, r, "cannot encode security operation flags"); senv.algorithm_flags = sec_flags; senv.operation = SC_SEC_OPERATION_DECIPHER; @@ -104,96 +133,125 @@ senv.flags |= SC_SEC_ENV_ALG_PRESENT; r = sc_lock(p15card->card); - SC_TEST_RET(ctx, r, "sc_lock() failed"); + LOG_TEST_RET(ctx, r, "sc_lock() failed"); if (prkey->path.len != 0) { r = select_key_file(p15card, prkey, &senv); if (r < 0) { sc_unlock(p15card->card); - SC_TEST_RET(ctx,r,"Unable to select private key file"); + LOG_TEST_RET(ctx, r,"Unable to select private key file"); } } r = sc_set_security_env(p15card->card, &senv, 0); if (r < 0) { sc_unlock(p15card->card); - SC_TEST_RET(ctx, r, "sc_set_security_env() failed"); + LOG_TEST_RET(ctx, r, "sc_set_security_env() failed"); } r = sc_decipher(p15card->card, in, inlen, out, outlen); + if (r == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED) { + if (sc_pkcs15_pincache_revalidate(p15card, obj) == SC_SUCCESS) + r = sc_decipher(p15card->card, in, inlen, out, outlen); + } sc_unlock(p15card->card); - SC_TEST_RET(ctx, r, "sc_decipher() failed"); + LOG_TEST_RET(ctx, r, "sc_decipher() failed"); /* Strip any padding */ if (pad_flags & SC_ALGORITHM_RSA_PAD_PKCS1) { - r = sc_pkcs1_strip_02_padding(out, (size_t)r, out, (size_t *) &r); - SC_TEST_RET(ctx, r, "Invalid PKCS#1 padding"); + size_t s = r; + r = sc_pkcs1_strip_02_padding(out, s, out, &s); + LOG_TEST_RET(ctx, r, "Invalid PKCS#1 padding"); } - return r; + LOG_FUNC_RETURN(ctx, r); } +/* copied from pkcs15-cardos.c */ +#define USAGE_ANY_SIGN (SC_PKCS15_PRKEY_USAGE_SIGN|\ + SC_PKCS15_PRKEY_USAGE_NONREPUDIATION) +#define USAGE_ANY_DECIPHER (SC_PKCS15_PRKEY_USAGE_DECRYPT|\ + SC_PKCS15_PRKEY_USAGE_UNWRAP) + int sc_pkcs15_compute_signature(struct sc_pkcs15_card *p15card, const struct sc_pkcs15_object *obj, unsigned long flags, const u8 *in, size_t inlen, u8 *out, size_t outlen) { + sc_context_t *ctx = p15card->card->ctx; int r; sc_security_env_t senv; - sc_context_t *ctx = p15card->card->ctx; sc_algorithm_info_t *alg_info; const struct sc_pkcs15_prkey_info *prkey = (const struct sc_pkcs15_prkey_info *) obj->data; u8 buf[512], *tmp; - size_t modlen = prkey->modulus_length / 8; + size_t modlen; unsigned long pad_flags = 0, sec_flags = 0; - SC_FUNC_CALLED(ctx, 1); - - /* some strange cards/setups need decrypt to sign ... */ - if (p15card->flags & SC_PKCS15_CARD_FLAG_SIGN_WITH_DECRYPT) { - size_t tmplen = sizeof(buf); - if (flags & SC_ALGORITHM_RSA_RAW) { - return sc_pkcs15_decipher(p15card, obj,flags, - in, inlen, out, outlen); - } - if (modlen > tmplen) { - sc_error(ctx, "Buffer too small, needs recompile!\n"); - return SC_ERROR_NOT_ALLOWED; - } - r = sc_pkcs1_encode(ctx, flags, in, inlen, buf, &tmplen, modlen); - - /* no padding needed - already done */ - flags &= ~SC_ALGORITHM_RSA_PADS; - /* instead use raw rsa */ - flags |= SC_ALGORITHM_RSA_RAW; + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "security operation flags 0x%X", flags); - SC_TEST_RET(ctx, r, "Unable to add padding"); - r = sc_pkcs15_decipher(p15card, obj,flags, buf, modlen, - out, outlen); - return r; - } + memset(&senv, 0, sizeof(senv)); - /* If the key is extractable, the caller should extract the - * key and do the crypto himself */ + /* Card driver should have the access to supported algorithms from 'tokenInfo'. So that + * it can get value of card specific 'AlgorithmInfo::algRef'. */ + memcpy(&senv.supported_algos, &p15card->tokeninfo->supported_algos, sizeof(senv.supported_algos)); + + if ((obj->type & SC_PKCS15_TYPE_CLASS_MASK) != SC_PKCS15_TYPE_PRKEY) + LOG_TEST_RET(ctx, SC_ERROR_NOT_ALLOWED, "This is not a private key"); + + /* If the key is not native, we can't operate with it. */ if (!prkey->native) - return SC_ERROR_EXTRACTABLE_KEY; + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "This key is not native, cannot operate with it"); if (!(prkey->usage & (SC_PKCS15_PRKEY_USAGE_SIGN|SC_PKCS15_PRKEY_USAGE_SIGNRECOVER| - SC_PKCS15_PRKEY_USAGE_NONREPUDIATION))) { - sc_error(ctx, "This key cannot be used for signing\n"); - return SC_ERROR_NOT_ALLOWED; - } + SC_PKCS15_PRKEY_USAGE_NONREPUDIATION))) + LOG_TEST_RET(ctx, SC_ERROR_NOT_ALLOWED, "This key cannot be used for signing"); - alg_info = _sc_card_find_rsa_alg(p15card->card, prkey->modulus_length); - if (alg_info == NULL) { - sc_error(ctx, "Card does not support RSA with key length %d\n", prkey->modulus_length); - return SC_ERROR_NOT_SUPPORTED; + switch (obj->type) { + case SC_PKCS15_TYPE_PRKEY_RSA: + modlen = prkey->modulus_length / 8; + alg_info = sc_card_find_rsa_alg(p15card->card, prkey->modulus_length); + if (alg_info == NULL) { + sc_log(ctx, "Card does not support RSA with key length %d", prkey->modulus_length); + LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED); + } + senv.flags |= SC_SEC_ENV_ALG_PRESENT; + senv.algorithm = SC_ALGORITHM_RSA; + break; + + case SC_PKCS15_TYPE_PRKEY_GOSTR3410: + modlen = (prkey->modulus_length + 7) / 8 * 2; + alg_info = sc_card_find_gostr3410_alg(p15card->card, prkey->modulus_length); + if (alg_info == NULL) { + sc_log(ctx, "Card does not support GOSTR3410 with key length %d", prkey->modulus_length); + LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED); + } + senv.flags |= SC_SEC_ENV_ALG_PRESENT; + senv.algorithm = SC_ALGORITHM_GOSTR3410; + break; + + case SC_PKCS15_TYPE_PRKEY_EC: + modlen = ((prkey->field_length +7) / 8) * 2; /* 2*nLen */ + alg_info = sc_card_find_ec_alg(p15card->card, prkey->field_length); + if (alg_info == NULL) { + sc_log(ctx, "Card does not support EC with field_size %d", prkey->field_length); + LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED); + } + senv.algorithm = SC_ALGORITHM_EC; + senv.flags |= SC_SEC_ENV_ALG_PRESENT; + + senv.flags |= SC_SEC_ENV_ALG_REF_PRESENT; + senv.algorithm_ref = prkey->field_length; + break; + /* add other crypto types here */ + default: + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Key type not supported"); } - senv.algorithm = SC_ALGORITHM_RSA; /* Probably never happens, but better make sure */ if (inlen > sizeof(buf) || outlen < modlen) - return SC_ERROR_BUFFER_TOO_SMALL; + LOG_FUNC_RETURN(ctx, SC_ERROR_BUFFER_TOO_SMALL); + memcpy(buf, in, inlen); tmp = buf; @@ -201,16 +259,47 @@ * algo_info->flags: what is supported by the card * senv.algorithm_flags: what the card will have to do */ + /* if the card has SC_ALGORITHM_NEED_USAGE set, and the + key is for signing and decryption, we need to emulate signing */ + /* TODO: -DEE assume only RSA keys will ever use _NEED_USAGE */ + + sc_log(ctx, "supported algorithm flags 0x%X, private key usage 0x%X", alg_info->flags, prkey->usage); + if ((alg_info->flags & SC_ALGORITHM_NEED_USAGE) && + ((prkey->usage & USAGE_ANY_SIGN) && + (prkey->usage & USAGE_ANY_DECIPHER)) ) { + size_t tmplen = sizeof(buf); + if (flags & SC_ALGORITHM_RSA_RAW) { + r = sc_pkcs15_decipher(p15card, obj,flags, in, inlen, out, outlen); + LOG_FUNC_RETURN(ctx, r); + } + if (modlen > tmplen) + LOG_TEST_RET(ctx, SC_ERROR_NOT_ALLOWED, "Buffer too small, needs recompile!"); + + r = sc_pkcs1_encode(ctx, flags, in, inlen, buf, &tmplen, modlen); + + /* no padding needed - already done */ + flags &= ~SC_ALGORITHM_RSA_PADS; + /* instead use raw rsa */ + flags |= SC_ALGORITHM_RSA_RAW; + + LOG_TEST_RET(ctx, r, "Unable to add padding"); + + r = sc_pkcs15_decipher(p15card, obj,flags, buf, modlen, out, outlen); + LOG_FUNC_RETURN(ctx, r); + } + + /* If the card doesn't support the requested algorithm, see if we * can strip the input so a more restrictive algo can be used */ if ((flags == (SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_HASH_NONE)) && !(alg_info->flags & (SC_ALGORITHM_RSA_RAW | SC_ALGORITHM_RSA_HASH_NONE))) { unsigned int algo; size_t tmplen = sizeof(buf); + r = sc_pkcs1_strip_digest_info_prefix(&algo, tmp, inlen, tmp, &tmplen); if (r != SC_SUCCESS || algo == SC_ALGORITHM_RSA_HASH_NONE) { sc_mem_clear(buf, sizeof(buf)); - return SC_ERROR_INVALID_DATA; + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA); } flags &= ~SC_ALGORITHM_RSA_HASH_NONE; flags |= algo; @@ -220,17 +309,24 @@ r = sc_get_encoding_flags(ctx, flags, alg_info->flags, &pad_flags, &sec_flags); if (r != SC_SUCCESS) { sc_mem_clear(buf, sizeof(buf)); - return r; + LOG_FUNC_RETURN(ctx, r); } senv.algorithm_flags = sec_flags; + sc_log(ctx, "DEE flags:0x%8.8x alg_info->flags:0x%8.8x pad:0x%8.8x sec:0x%8.8x", + flags, alg_info->flags, pad_flags, sec_flags); + + /* add the padding bytes (if necessary) */ if (pad_flags != 0) { size_t tmplen = sizeof(buf); + r = sc_pkcs1_encode(ctx, pad_flags, tmp, inlen, tmp, &tmplen, modlen); - SC_TEST_RET(ctx, r, "Unable to add padding"); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Unable to add padding"); + inlen = tmplen; - } else if ((flags & SC_ALGORITHM_RSA_PADS) == SC_ALGORITHM_RSA_PAD_NONE) { + } else if ( senv.algorithm == SC_ALGORITHM_RSA && + (flags & SC_ALGORITHM_RSA_PADS) == SC_ALGORITHM_RSA_PAD_NONE) { /* Add zero-padding if input is shorter than the modulus */ if (inlen < modlen) { if (modlen > sizeof(buf)) @@ -241,36 +337,39 @@ } senv.operation = SC_SEC_OPERATION_SIGN; - senv.flags = 0; + /* optional keyReference attribute (the default value is -1) */ if (prkey->key_reference >= 0) { senv.key_ref_len = 1; senv.key_ref[0] = prkey->key_reference & 0xFF; senv.flags |= SC_SEC_ENV_KEY_REF_PRESENT; } - senv.flags |= SC_SEC_ENV_ALG_PRESENT; r = sc_lock(p15card->card); - SC_TEST_RET(ctx, r, "sc_lock() failed"); + LOG_TEST_RET(ctx, r, "sc_lock() failed"); if (prkey->path.len != 0) { r = select_key_file(p15card, prkey, &senv); if (r < 0) { sc_unlock(p15card->card); - SC_TEST_RET(ctx,r,"Unable to select private key file"); + LOG_TEST_RET(ctx, r,"Unable to select private key file"); } } r = sc_set_security_env(p15card->card, &senv, 0); if (r < 0) { sc_unlock(p15card->card); - SC_TEST_RET(ctx, r, "sc_set_security_env() failed"); + LOG_TEST_RET(ctx, r, "sc_set_security_env() failed"); } r = sc_compute_signature(p15card->card, tmp, inlen, out, outlen); + if (r == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED) { + if (sc_pkcs15_pincache_revalidate(p15card, obj) == SC_SUCCESS) + r = sc_compute_signature(p15card->card, tmp, inlen, out, outlen); + } sc_mem_clear(buf, sizeof(buf)); sc_unlock(p15card->card); - SC_TEST_RET(ctx, r, "sc_compute_signature() failed"); + LOG_TEST_RET(ctx, r, "sc_compute_signature() failed"); - return r; + LOG_FUNC_RETURN(ctx, r); } diff -Nru opensc-0.11.13/src/libopensc/pkcs15-starcert.c opensc-0.12.1/src/libopensc/pkcs15-starcert.c --- opensc-0.11.13/src/libopensc/pkcs15-starcert.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/pkcs15-starcert.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,12 +18,15 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include -#include +#include "config.h" + #include #include #include -#include + +#include "common/compat_strlcpy.h" +#include "pkcs15.h" +#include "cardctl.h" #define MANU_ID "Giesecke & Devrient GmbH" #define STARCERT "StarCertV2201" @@ -105,9 +108,7 @@ return SC_ERROR_WRONG_CARD; /* read EF_Info file */ sc_format_path("3F00FE13", &path); - sc_ctx_suppress_errors_on(card->ctx); r = sc_select_file(card, &path, NULL); - sc_ctx_suppress_errors_off(card->ctx); if (r != SC_SUCCESS) return SC_ERROR_WRONG_CARD; r = sc_read_binary(card, 0, buf, 64, 0); @@ -164,21 +165,19 @@ r = sc_bin_to_hex(serial.value, serial.len, buf, sizeof(buf), 0); if (r != SC_SUCCESS) return SC_ERROR_INTERNAL; - if (p15card->serial_number) - free(p15card->serial_number); - p15card->serial_number = (char *) malloc(strlen(buf) + 1); - if (!p15card->serial_number) + if (p15card->tokeninfo->serial_number) + free(p15card->tokeninfo->serial_number); + p15card->tokeninfo->serial_number = malloc(strlen(buf) + 1); + if (!p15card->tokeninfo->serial_number) return SC_ERROR_INTERNAL; - strcpy(p15card->serial_number, buf); - /* the TokenInfo version number */ - p15card->version = 0; + strcpy(p15card->tokeninfo->serial_number, buf); /* the manufacturer ID, in this case Giesecke & Devrient GmbH */ - if (p15card->manufacturer_id) - free(p15card->manufacturer_id); - p15card->manufacturer_id = (char *) malloc(strlen(MANU_ID) + 1); - if (!p15card->manufacturer_id) + if (p15card->tokeninfo->manufacturer_id) + free(p15card->tokeninfo->manufacturer_id); + p15card->tokeninfo->manufacturer_id = malloc(strlen(MANU_ID) + 1); + if (!p15card->tokeninfo->manufacturer_id) return SC_ERROR_INTERNAL; - strcpy(p15card->manufacturer_id, MANU_ID); + strcpy(p15card->tokeninfo->manufacturer_id, MANU_ID); /* set certs */ for (i = 0; certs[i].label; i++) { diff -Nru opensc-0.11.13/src/libopensc/pkcs15-syn.c opensc-0.12.1/src/libopensc/pkcs15-syn.c --- opensc-0.11.13/src/libopensc/pkcs15-syn.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/pkcs15-syn.c 2011-05-17 17:07:00.000000000 +0000 @@ -19,14 +19,16 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" -#include "pkcs15.h" -#include "asn1.h" +#include "config.h" + #include #include #include #include -#include + +#include "internal.h" +#include "asn1.h" +#include "pkcs15.h" extern int sc_pkcs15emu_westcos_init_ex(sc_pkcs15_card_t *p15card, sc_pkcs15emu_opt_t *opts); @@ -52,9 +54,16 @@ sc_pkcs15emu_opt_t *opts); extern int sc_pkcs15emu_atrust_acos_init_ex(sc_pkcs15_card_t *p15card, sc_pkcs15emu_opt_t *opts); -extern int sc_pkcs15emu_tccardos_init_ex(sc_pkcs15_card_t *, sc_pkcs15emu_opt_t *); - -extern int sc_pkcs15emu_entersafe_init_ex(sc_pkcs15_card_t *, sc_pkcs15emu_opt_t *); +extern int sc_pkcs15emu_tccardos_init_ex(sc_pkcs15_card_t *, + sc_pkcs15emu_opt_t *); +extern int sc_pkcs15emu_entersafe_init_ex(sc_pkcs15_card_t *, + sc_pkcs15emu_opt_t *); +extern int sc_pkcs15emu_pteid_init_ex(sc_pkcs15_card_t *, + sc_pkcs15emu_opt_t *); +extern int sc_pkcs15emu_oberthur_init_ex(sc_pkcs15_card_t *, + sc_pkcs15emu_opt_t *); +extern int sc_pkcs15emu_itacns_init_ex(sc_pkcs15_card_t *, + sc_pkcs15emu_opt_t *); static struct { const char * name; @@ -66,6 +75,7 @@ { "starcert", sc_pkcs15emu_starcert_init_ex }, { "tcos", sc_pkcs15emu_tcos_init_ex }, { "esteid", sc_pkcs15emu_esteid_init_ex }, + { "itacns", sc_pkcs15emu_itacns_init_ex }, { "postecert", sc_pkcs15emu_postecert_init_ex }, { "PIV-II", sc_pkcs15emu_piv_init_ex }, { "gemsafeGPK", sc_pkcs15emu_gemsafeGPK_init_ex }, @@ -74,6 +84,8 @@ { "atrust-acos",sc_pkcs15emu_atrust_acos_init_ex}, { "tccardos", sc_pkcs15emu_tccardos_init_ex }, { "entersafe", sc_pkcs15emu_entersafe_init_ex }, + { "pteid", sc_pkcs15emu_pteid_init_ex }, + { "oberthur", sc_pkcs15emu_oberthur_init_ex }, { NULL, NULL } }; @@ -89,7 +101,13 @@ int sc_pkcs15_is_emulation_only(sc_card_t *card) { switch (card->type) { - case SC_CARD_TYPE_MCRD_ESTEID: + case SC_CARD_TYPE_MCRD_ESTEID_V10: + case SC_CARD_TYPE_MCRD_ESTEID_V11: + case SC_CARD_TYPE_MCRD_ESTEID_V30: + case SC_CARD_TYPE_IAS_PTEID: + case SC_CARD_TYPE_GEMSAFEV1_PTEID: + case SC_CARD_TYPE_OPENPGP_V1: + case SC_CARD_TYPE_OPENPGP_V2: return 1; default: return 0; @@ -104,7 +122,7 @@ sc_pkcs15emu_opt_t opts; int i, r = SC_ERROR_WRONG_CARD; - SC_FUNC_CALLED(ctx, 1); + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); memset(&opts, 0, sizeof(opts)); conf_block = NULL; @@ -112,9 +130,9 @@ if (!conf_block) { /* no conf file found => try bultin drivers */ - sc_debug(ctx, "no conf file (or section), trying all builtin emulators\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "no conf file (or section), trying all builtin emulators\n"); for (i = 0; builtin_emulators[i].name; i++) { - sc_debug(ctx, "trying %s\n", builtin_emulators[i].name); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "trying %s\n", builtin_emulators[i].name); r = builtin_emulators[i].handler(p15card, &opts); if (r == SC_SUCCESS) /* we got a hit */ @@ -134,7 +152,7 @@ /* go through the list of builtin drivers */ const char *name = item->data; - sc_debug(ctx, "trying %s\n", name); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "trying %s\n", name); for (i = 0; builtin_emulators[i].name; i++) if (!strcmp(builtin_emulators[i].name, name)) { r = builtin_emulators[i].handler(p15card, &opts); @@ -144,10 +162,10 @@ } } } - if (builtin_enabled) { - sc_debug(ctx, "no emulator list in config file, trying all builtin emulators\n"); + else if (builtin_enabled) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "no emulator list in config file, trying all builtin emulators\n"); for (i = 0; builtin_emulators[i].name; i++) { - sc_debug(ctx, "trying %s\n", builtin_emulators[i].name); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "trying %s\n", builtin_emulators[i].name); r = builtin_emulators[i].handler(p15card, &opts); if (r == SC_SUCCESS) /* we got a hit */ @@ -156,11 +174,11 @@ } /* search for 'emulate foo { ... }' entries in the conf file */ - sc_debug(ctx, "searching for 'emulate foo { ... }' blocks\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "searching for 'emulate foo { ... }' blocks\n"); blocks = scconf_find_blocks(ctx->conf, conf_block, "emulate", NULL); for (i = 0; blocks && (blk = blocks[i]) != NULL; i++) { const char *name = blk->name->data; - sc_debug(ctx, "trying %s\n", name); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "trying %s\n", name); r = parse_emu_block(p15card, blk); if (r == SC_SUCCESS) { free(blocks); @@ -178,28 +196,19 @@ p15card->magic = SC_PKCS15_CARD_MAGIC; p15card->flags |= SC_PKCS15_CARD_FLAG_EMULATED; } else if (r != SC_ERROR_WRONG_CARD) { - sc_error(ctx, "Failed to load card emulator: %s\n", + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Failed to load card emulator: %s\n", sc_strerror(r)); } return r; } -static int emu_detect_card(sc_card_t *card, const scconf_block *blk, int *force) -{ - int ret = 0; - - /* TBD */ - - return ret; -} - static int parse_emu_block(sc_pkcs15_card_t *p15card, scconf_block *conf) { sc_card_t *card = p15card->card; sc_context_t *ctx = card->ctx; sc_pkcs15emu_opt_t opts; - lt_dlhandle handle = NULL; + void *handle = NULL; int (*init_func)(sc_pkcs15_card_t *); int (*init_func_ex)(sc_pkcs15_card_t *, sc_pkcs15emu_opt_t *); int r, force = 0; @@ -207,10 +216,6 @@ driver = conf->name->data; - r = emu_detect_card(card, conf, &force); - if (r < 0) - return SC_ERROR_INTERNAL; - init_func = NULL; init_func_ex = NULL; @@ -237,17 +242,17 @@ const char *name = NULL; void *address; - sc_debug(ctx, "Loading %s\n", module_name); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Loading %s\n", module_name); /* try to open dynamic library */ - handle = lt_dlopen(module_name); + handle = sc_dlopen(module_name); if (!handle) { - sc_debug(ctx, "unable to open dynamic library '%s': %s\n", - module_name, lt_dlerror()); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "unable to open dynamic library '%s': %s\n", + module_name, sc_dlerror()); return SC_ERROR_INTERNAL; } /* try to get version of the driver/api */ - get_version = (const char *(*)(void)) lt_dlsym(handle, "sc_driver_version"); + get_version = (const char *(*)(void)) sc_dlsym(handle, "sc_driver_version"); if (!get_version || strcmp(get_version(), "0.9.3") < 0) { /* no sc_driver_version function => assume old style * init function (note: this should later give an error @@ -255,13 +260,13 @@ /* get the init function name */ name = scconf_get_str(conf, "function", func_name); - address = lt_dlsym(handle, name); + address = sc_dlsym(handle, name); if (address) init_func = (int (*)(sc_pkcs15_card_t *)) address; } else { name = scconf_get_str(conf, "function", exfunc_name); - address = lt_dlsym(handle, name); + address = sc_dlsym(handle, name); if (address) init_func_ex = (int (*)(sc_pkcs15_card_t *, sc_pkcs15emu_opt_t *)) address; } @@ -275,16 +280,16 @@ r = SC_ERROR_WRONG_CARD; if (r >= 0) { - sc_debug(card->ctx, "%s succeeded, card bound\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "%s succeeded, card bound\n", module_name); p15card->dll_handle = handle; - } else if (ctx->debug >= 4) { - sc_debug(card->ctx, "%s failed: %s\n", + } else { + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "%s failed: %s\n", module_name, sc_strerror(r)); /* clear pkcs15 card */ sc_pkcs15_card_clear(p15card); if (handle) - lt_dlclose(handle); + sc_dlclose(handle); } return r; @@ -312,7 +317,7 @@ if (!file) return NULL; sc_format_path("11001101", &file->path); - sc_pkcs15_add_df(p15card, type, &file->path, file); + sc_pkcs15_add_df(p15card, type, &file->path); sc_file_free(file); created++; } @@ -324,6 +329,8 @@ sc_pkcs15_pin_info_t pin = *in_pin; pin.magic = SC_PKCS15_PIN_MAGIC; + if(!pin.auth_method) /* or SC_AC_NONE */ + pin.auth_method = SC_AC_CHV; return sc_pkcs15emu_object_add(p15card, SC_PKCS15_TYPE_AUTH_PIN, obj, &pin); } @@ -353,6 +360,30 @@ return sc_pkcs15emu_object_add(p15card, SC_PKCS15_TYPE_PUBKEY_RSA, obj, &key); } +int sc_pkcs15emu_add_ec_prkey(sc_pkcs15_card_t *p15card, + const sc_pkcs15_object_t *obj, const sc_pkcs15_prkey_info_t *in_key) +{ + sc_pkcs15_prkey_info_t key = *in_key; + + if (key.access_flags == 0) + key.access_flags = SC_PKCS15_PRKEY_ACCESS_SENSITIVE + | SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE + | SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE + | SC_PKCS15_PRKEY_ACCESS_LOCAL; + + return sc_pkcs15emu_object_add(p15card, SC_PKCS15_TYPE_PRKEY_EC, obj, &key); +} +int sc_pkcs15emu_add_ec_pubkey(sc_pkcs15_card_t *p15card, + const sc_pkcs15_object_t *obj, const sc_pkcs15_pubkey_info_t *in_key) +{ + sc_pkcs15_pubkey_info_t key = *in_key; + + if (key.access_flags == 0) + key.access_flags = SC_PKCS15_PRKEY_ACCESS_EXTRACTABLE; + + return sc_pkcs15emu_object_add(p15card, SC_PKCS15_TYPE_PUBKEY_EC, obj, &key); +} + int sc_pkcs15emu_add_x509_cert(sc_pkcs15_card_t *p15card, const sc_pkcs15_object_t *obj, const sc_pkcs15_cert_info_t *cert) { @@ -372,7 +403,7 @@ unsigned int df_type; size_t data_len; - obj = (sc_pkcs15_object_t *) calloc(1, sizeof(*obj)); + obj = calloc(1, sizeof(*obj)); if (!obj) return SC_ERROR_OUT_OF_MEMORY; memcpy(obj, in_obj, sizeof(*obj)); @@ -400,7 +431,7 @@ data_len = sizeof(struct sc_pkcs15_data_info); break; default: - sc_error(p15card->card->ctx, + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "Unknown PKCS15 object type %d\n", type); free(obj); return SC_ERROR_INVALID_ARGUMENTS; diff -Nru opensc-0.11.13/src/libopensc/pkcs15-tccardos.c opensc-0.12.1/src/libopensc/pkcs15-tccardos.c --- opensc-0.11.13/src/libopensc/pkcs15-tccardos.c 2006-05-15 20:57:30.000000000 +0000 +++ opensc-0.12.1/src/libopensc/pkcs15-tccardos.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,12 +18,14 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" +#include "config.h" + #include #include -#include -#include +#include "internal.h" +#include "log.h" +#include "pkcs15.h" #define MANU_ID "SIEMENS AG" #define TC_CARDOS_APP_DF "3F001002" @@ -219,16 +221,15 @@ /* get the number of private keys */ key_num = info1[info1_len-1] | (info1[info1_len-2] << 8) | (info1[info1_len-3] << 16) | (info1[info1_len-4] << 24); - if (ctx->debug >= 4) { - sc_debug(ctx, "found %d private keys\n", (int)key_num); - } + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + "found %d private keys\n", (int)key_num); /* set p1 to the address of the first key descriptor */ p1 = info1 + (info1_len - 4 - key_num * 2); p2 = info2; for (i=0; ilabel != NULL) - free(p15card->label); - p15card->label = strdup(TC_CARDOS_LABEL); - if (p15card->label == NULL) + if (p15card->tokeninfo->label != NULL) + free(p15card->tokeninfo->label); + p15card->tokeninfo->label = strdup(TC_CARDOS_LABEL); + if (p15card->tokeninfo->label == NULL) return SC_ERROR_OUT_OF_MEMORY; /* set the manufacturer ID */ - if (p15card->manufacturer_id != NULL) - free(p15card->manufacturer_id); - p15card->manufacturer_id = strdup(MANU_ID); - if (p15card->manufacturer_id == NULL) + if (p15card->tokeninfo->manufacturer_id != NULL) + free(p15card->tokeninfo->manufacturer_id); + p15card->tokeninfo->manufacturer_id = strdup(MANU_ID); + if (p15card->tokeninfo->manufacturer_id == NULL) return SC_ERROR_OUT_OF_MEMORY; /* set the serial number */ r = read_file(p15card->card, "3F002F02", gdo, &gdo_len); if (r != SC_SUCCESS) return SC_ERROR_INTERNAL; sc_bin_to_hex(gdo + 7, 8, hex_buf, sizeof(hex_buf), 0); - p15card->serial_number = strdup(hex_buf); - if (p15card->serial_number == NULL) + p15card->tokeninfo->serial_number = strdup(hex_buf); + if (p15card->tokeninfo->serial_number == NULL) return SC_ERROR_OUT_OF_MEMORY; - /* the TokenInfo version number */ - p15card->version = 0; /* select the application DF */ sc_format_path(TC_CARDOS_APP_DF, &path); r = sc_select_file(card, &path, &file); diff -Nru opensc-0.11.13/src/libopensc/pkcs15-tcos.c opensc-0.12.1/src/libopensc/pkcs15-tcos.c --- opensc-0.11.13/src/libopensc/pkcs15-tcos.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/pkcs15-tcos.c 2011-05-17 17:07:00.000000000 +0000 @@ -1,7 +1,7 @@ /* * PKCS15 emulation layer for TCOS based preformatted cards * - * Copyright (C) 2007, Peter Koch + * Copyright (C) 2010, Peter Koch * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -18,14 +18,17 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" -#include -#include -#include +#include "config.h" + #include #include #include -#include + +#include "common/compat_strlcpy.h" +#include "internal.h" +#include "pkcs15.h" +#include "cardctl.h" +#include "log.h" int sc_pkcs15emu_tcos_init_ex( sc_pkcs15_card_t *p15card, @@ -33,10 +36,10 @@ static int insert_cert( sc_pkcs15_card_t *p15card, - char *path, + const char *path, unsigned char id, int writable, - char *label + const char *label ){ sc_card_t *card=p15card->card; sc_context_t *ctx=p15card->card->ctx; @@ -56,15 +59,18 @@ cert_obj.flags = writable ? SC_PKCS15_CO_FLAG_MODIFIABLE : 0; if(sc_select_file(card, &cert_info.path, NULL)!=SC_SUCCESS){ - if(ctx->debug>=1) sc_debug(ctx,"Select(%s) failed\n", path); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + "Select(%s) failed\n", path); return 1; } if(sc_read_binary(card, 0, cert, sizeof(cert), 0)<0){ - if(ctx->debug>=1) sc_debug(ctx,"ReadBinary(%s) failed\n", path); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + "ReadBinary(%s) failed\n", path); return 2; } if(cert[0]!=0x30 || cert[1]!=0x82){ - if(ctx->debug>=1) sc_debug(ctx,"Invalid Cert: %02X:%02X:...\n", cert[0], cert[1]); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + "Invalid Cert: %02X:%02X:...\n", cert[0], cert[1]); return 3; } @@ -79,21 +85,21 @@ r=sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info); if(r!=SC_SUCCESS){ - sc_debug(ctx, "sc_pkcs15emu_add_x509_cert(%s) failed\n", path); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "sc_pkcs15emu_add_x509_cert(%s) failed\n", path); return 4; } - sc_debug(ctx, "%s: OK, Index=%d, Count=%d\n", path, cert_info.path.index, cert_info.path.count); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "%s: OK, Index=%d, Count=%d\n", path, cert_info.path.index, cert_info.path.count); return 0; } static int insert_key( sc_pkcs15_card_t *p15card, - char *path, + const char *path, unsigned char id, unsigned char key_reference, int key_length, unsigned char auth_id, - char *label + const char *label ){ sc_card_t *card=p15card->card; sc_context_t *ctx=p15card->card->ctx; @@ -123,10 +129,13 @@ if(prkey_info.path.len>=2) prkey_info.path.len-=2; sc_append_file_id(&prkey_info.path, 0x5349); if(sc_select_file(card, &prkey_info.path, NULL)!=SC_SUCCESS){ - if(ctx->debug>=1) sc_debug(ctx,"Select(%s) failed\n", sc_print_path(&prkey_info.path)); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + "Select(%s) failed\n", + sc_print_path(&prkey_info.path)); return 1; } - if(ctx->debug>=4) sc_debug(ctx,"Searching for Key-Ref %02X\n", key_reference); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + "Searching for Key-Ref %02X\n", key_reference); while((r=sc_read_record(card, ++rec_no, buf, sizeof(buf), SC_RECORD_BY_REC_NR))>0){ int found=0; if(buf[0]!=0xA0) continue; @@ -136,7 +145,7 @@ if(found) break; } if(r<=0){ - sc_debug(ctx,"No EF_KEYD-Record found\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL,"No EF_KEYD-Record found\n"); return 1; } for(i=0;idebug>=1) sc_debug(ctx,"Select(%s) failed\n", sc_print_path(&prkey_info.path)); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + "Select(%s) failed\n", + sc_print_path(&prkey_info.path)); return 1; } if (f->prop_attr[1] & 0x04) can_crypt=1; @@ -158,21 +169,21 @@ r=sc_pkcs15emu_add_rsa_prkey(p15card, &prkey_obj, &prkey_info); if(r!=SC_SUCCESS){ - sc_debug(ctx, "sc_pkcs15emu_add_rsa_prkey(%s) failed\n", path); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "sc_pkcs15emu_add_rsa_prkey(%s) failed\n", path); return 4; } - sc_debug(ctx, "%s: OK%s%s\n", path, can_sign ? ", Sign" : "", can_crypt ? ", Crypt" : ""); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "%s: OK%s%s\n", path, can_sign ? ", Sign" : "", can_crypt ? ", Crypt" : ""); return 0; } static int insert_pin( sc_pkcs15_card_t *p15card, - char *path, + const char *path, unsigned char id, unsigned char auth_id, unsigned char pin_reference, int min_length, - char *label, + const char *label, int pin_flags ){ sc_card_t *card=p15card->card; @@ -202,14 +213,17 @@ if(card->type==SC_CARD_TYPE_TCOS_V3){ unsigned char buf[256]; - int i, r, rec_no=0; + int i, rec_no=0; if(pin_info.path.len>=2) pin_info.path.len-=2; sc_append_file_id(&pin_info.path, 0x5049); if(sc_select_file(card, &pin_info.path, NULL)!=SC_SUCCESS){ - if(ctx->debug>=1) sc_debug(ctx,"Select(%s) failed\n", sc_print_path(&pin_info.path)); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + "Select(%s) failed\n", + sc_print_path(&pin_info.path)); return 1; } - if(ctx->debug>=4) sc_debug(ctx,"Searching for PIN-Ref %02X\n", pin_reference); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + "Searching for PIN-Ref %02X\n", pin_reference); while((r=sc_read_record(card, ++rec_no, buf, sizeof(buf), SC_RECORD_BY_REC_NR))>0){ int found=0, fbz=-1; if(buf[0]!=0xA0) continue; @@ -221,12 +235,12 @@ if(found) break; } if(r<=0){ - sc_debug(ctx,"No EF_PWDD-Record found\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL,"No EF_PWDD-Record found\n"); return 1; } } else { if(sc_select_file(card, &pin_info.path, &f)!=SC_SUCCESS){ - if(ctx->debug>=1) sc_debug(ctx,"Select(%s) failed\n", path); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL,"Select(%s) failed\n", path); return 1; } pin_info.tries_left=f->prop_attr[3]; @@ -235,14 +249,14 @@ r=sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info); if(r!=SC_SUCCESS){ - sc_debug(ctx, "sc_pkcs15emu_add_pin_obj(%s) failed\n", path); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "sc_pkcs15emu_add_pin_obj(%s) failed\n", path); return 4; } - sc_debug(ctx, "%s: OK, FBZ=%d\n", path, pin_info.tries_left); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "%s: OK, FBZ=%d\n", path, pin_info.tries_left); return 0; } -static char *dirpath(char *dir, char *path){ +static char *dirpath(char *dir, const char *path){ static char buf[SC_MAX_PATH_STRING_SIZE]; strcpy(buf,dir); @@ -256,17 +270,19 @@ sc_path_t p; sc_file_t *f; int keylen; - char dir[10], *c_auth; + char dir[10]; + const char *c_auth; /* NKS-Applikation ? */ + memset(&p, 0, sizeof(sc_path_t)); p.len=7; p.type=SC_PATH_TYPE_DF_NAME; memcpy(p.value, "\xD2\x76\x00\x00\x03\x01\x02", p.len=7); if (sc_select_file(card,&p,&f)!=SC_SUCCESS) return 1; sprintf(dir,"%04X", f->id); sc_file_free(f); - p15card->manufacturer_id = strdup("TeleSec GmbH"); - p15card->label = strdup(card->type==SC_CARD_TYPE_TCOS_V3 ? "NetKey V3 Card" : "NetKey Card"); + p15card->tokeninfo->manufacturer_id = strdup("TeleSec GmbH"); + p15card->tokeninfo->label = strdup(card->type==SC_CARD_TYPE_TCOS_V3 ? "NetKey V3 Card" : "NetKey Card"); keylen= card->type==SC_CARD_TYPE_TCOS_V3 ? 2048 : 1024; c_auth= card->type==SC_CARD_TYPE_TCOS_V3 ? "C500" : "C100"; @@ -310,7 +326,7 @@ SC_PKCS15_PIN_FLAG_INITIALIZED ); - /* SigG-Applikation ? */ + /* SigG-Applikation */ p.len=7; p.type=SC_PATH_TYPE_DF_NAME; memcpy(p.value, "\xD2\x76\x00\x00\x66\x01", p.len=6); if (sc_select_file(card,&p,&f)==SC_SUCCESS){ @@ -327,12 +343,12 @@ insert_key(p15card, dirpath(dir,"5331"), 0x49, 0x80, 1024, 5, "SigG Schluessel"); } - insert_pin(p15card, dirpath(dir,"5081"), 6, 0, 0x81, 6, "SigG PIN", + insert_pin(p15card, dirpath(dir,"5081"), 5, 0, 0x81, 6, "SigG PIN", SC_PKCS15_PIN_FLAG_CASE_SENSITIVE | SC_PKCS15_PIN_FLAG_LOCAL | SC_PKCS15_PIN_FLAG_INITIALIZED ); if(card->type==SC_CARD_TYPE_TCOS_V3){ - insert_pin(p15card, dirpath(dir,"0000"), 7, 0, 0x83, 8, "SigG PIN2", + insert_pin(p15card, dirpath(dir,"0000"), 6, 0, 0x83, 8, "SigG PIN2", SC_PKCS15_PIN_FLAG_CASE_SENSITIVE | SC_PKCS15_PIN_FLAG_LOCAL | SC_PKCS15_PIN_FLAG_INITIALIZED ); @@ -346,8 +362,8 @@ sc_pkcs15_card_t *p15card ){ if(insert_cert(p15card,"8000DF01C000", 0x45, 1, "Signatur Zertifikat")) return 1; - p15card->manufacturer_id = strdup("Deutsche Post"); - p15card->label = strdup("SignTrust Card"); + p15card->tokeninfo->manufacturer_id = strdup("Deutsche Post"); + p15card->tokeninfo->label = strdup("SignTrust Card"); insert_cert(p15card,"800082008220", 0x46, 1, "Verschluesselungs Zertifikat"); insert_cert(p15card,"800083008320", 0x47, 1, "Authentifizierungs Zertifikat"); @@ -376,8 +392,8 @@ sc_pkcs15_card_t *p15card ){ if(insert_cert(p15card,"3000C500", 0x45, 0, "Signatur Zertifikat")) return 1; - p15card->manufacturer_id = strdup("DATEV"); - p15card->label = strdup("DATEV Classic"); + p15card->tokeninfo->manufacturer_id = strdup("DATEV"); + p15card->tokeninfo->label = strdup("DATEV Classic"); insert_cert(p15card,"DF02C200", 0x46, 0, "Verschluesselungs Zertifikat"); insert_cert(p15card,"DF02C500", 0x47, 0, "Authentifizierungs Zertifikat"); @@ -398,8 +414,8 @@ sc_pkcs15_card_t *p15card ){ if(!insert_cert(p15card,"41004352", 0x45, 1, "Zertifikat 1")){ - p15card->manufacturer_id = strdup("JLU Giessen"); - p15card->label = strdup("JLU Giessen Card"); + p15card->tokeninfo->manufacturer_id = strdup("JLU Giessen"); + p15card->tokeninfo->label = strdup("JLU Giessen Card"); insert_cert(p15card,"41004353", 0x46, 1, "Zertifikat 2"); insert_cert(p15card,"41004354", 0x47, 1, "Zertifikat 3"); @@ -408,8 +424,8 @@ insert_key(p15card,"41005105", 0x47, 0x85, 1024, 1, "Schluessel 3"); } else if(!insert_cert(p15card,"41014352", 0x45, 1, "Zertifikat 1")){ - p15card->manufacturer_id = strdup("TU Darmstadt"); - p15card->label = strdup("TUD Card"); + p15card->tokeninfo->manufacturer_id = strdup("TU Darmstadt"); + p15card->tokeninfo->label = strdup("TUD Card"); insert_cert(p15card,"41014353", 0x46, 1, "Zertifikat 2"); insert_cert(p15card,"41014354", 0x47, 1, "Zertifikat 3"); @@ -448,21 +464,17 @@ /* get the card serial number */ r = sc_card_ctl(card, SC_CARDCTL_GET_SERIALNR, &serialnr); if (r < 0) { - sc_debug(ctx, "unable to get ICCSN\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "unable to get ICCSN\n"); return SC_ERROR_WRONG_CARD; } sc_bin_to_hex(serialnr.value, serialnr.len , serial, sizeof(serial), 0); serial[19] = '\0'; - p15card->serial_number = strdup(serial); - - sc_ctx_suppress_errors_on(ctx); + p15card->tokeninfo->serial_number = strdup(serial); if(!detect_netkey(p15card)) return SC_SUCCESS; if(!detect_signtrust(p15card)) return SC_SUCCESS; if(!detect_datev(p15card)) return SC_SUCCESS; if(!detect_unicard(p15card)) return SC_SUCCESS; - sc_ctx_suppress_errors_off(ctx); - return SC_ERROR_INTERNAL; } diff -Nru opensc-0.11.13/src/libopensc/pkcs15-westcos.c opensc-0.12.1/src/libopensc/pkcs15-westcos.c --- opensc-0.11.13/src/libopensc/pkcs15-westcos.c 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/libopensc/pkcs15-westcos.c 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,264 @@ +/* + * pkcs15-westcos.c: pkcs15 emulation for westcos card + * + * Copyright (C) 2009 francois.leblanc@cev-sa.com + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#include "config.h" + +#include +#include +#include + +#include "internal.h" +#include "pkcs15.h" +#include "cardctl.h" +#include "common/compat_strlcpy.h" + +int sc_pkcs15emu_westcos_init_ex(sc_pkcs15_card_t *, sc_pkcs15emu_opt_t *); + +static int sc_pkcs15emu_westcos_init(sc_pkcs15_card_t * p15card) +{ + int i, r; + int modulus_length = 0; + char buf[256]; + sc_card_t *card = p15card->card; + sc_serial_number_t serial; + sc_path_t path; + sc_file_t *file = NULL; + sc_format_path("3F00", &path); + r = sc_select_file(card, &path, &file); + if (r) + goto out; + if (file) + sc_file_free(file); + file = NULL; + if (p15card->tokeninfo->label != NULL) + free(p15card->tokeninfo->label); + p15card->tokeninfo->label = strdup("westcos"); + if (p15card->tokeninfo->manufacturer_id != NULL) + free(p15card->tokeninfo->manufacturer_id); + p15card->tokeninfo->manufacturer_id = strdup("CEV"); + + /* get serial number */ + r = sc_card_ctl(card, SC_CARDCTL_GET_SERIALNR, &serial); + r = sc_bin_to_hex(serial.value, serial.len, buf, sizeof(buf), 0); + if (r) + goto out; + if (p15card->tokeninfo->serial_number != NULL) + free(p15card->tokeninfo->serial_number); + p15card->tokeninfo->serial_number = strdup(buf); + sc_format_path("AAAA", &path); + r = sc_select_file(card, &path, &file); + if (r) + { + goto out; + } + else + { + for (i = 0; i < 1; i++) { + unsigned int flags; + struct sc_pkcs15_pin_info pin_info; + struct sc_pkcs15_object pin_obj; + memset(&pin_info, 0, sizeof(pin_info)); + memset(&pin_obj, 0, sizeof(pin_obj)); + flags = SC_PKCS15_PIN_FLAG_INITIALIZED; + if (i == 1) { + flags |= + SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED | + SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN; + } + pin_info.auth_id.len = 1; + pin_info.auth_id.value[0] = i + 1; + pin_info.reference = i; + pin_info.flags = flags; + pin_info.type = SC_PKCS15_PIN_TYPE_BCD; + pin_info.min_length = 4; + pin_info.stored_length = 8; + pin_info.max_length = 8; + pin_info.pad_char = 0xff; + pin_info.path = path; + pin_info.tries_left = -1; + if (i == 1) + strlcpy(pin_obj.label, "Unblock", + sizeof(pin_obj.label)); + + else + strlcpy(pin_obj.label, "User", + sizeof(pin_obj.label)); + pin_obj.flags = + SC_PKCS15_CO_FLAG_MODIFIABLE | + SC_PKCS15_CO_FLAG_PRIVATE; + r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, + &pin_info); + if (r) + goto out; + } + } + + if (file) + sc_file_free(file); + file = NULL; + sc_format_path("0002", &path); + r = sc_select_file(card, &path, &file); + if (r) + { + goto out; + } + else + { + /* certificat file */ + struct sc_pkcs15_cert_info cert_info; + struct sc_pkcs15_object cert_obj; + struct sc_pkcs15_pubkey_info pubkey_info; + struct sc_pkcs15_object pubkey_obj; + struct sc_pkcs15_pubkey *pkey = NULL; + memset(&cert_info, 0, sizeof(cert_info)); + memset(&cert_obj, 0, sizeof(cert_obj)); + cert_info.id.len = 1; + cert_info.id.value[0] = 0x45; + cert_info.authority = 0; + cert_info.path = path; + r = sc_pkcs15_read_certificate(p15card, &cert_info, + (sc_pkcs15_cert_t + **) (&cert_obj.data)); + if (!r) { + sc_pkcs15_cert_t *cert = + (sc_pkcs15_cert_t *) (cert_obj.data); + strlcpy(cert_obj.label, "User certificat", + sizeof(cert_obj.label)); + cert_obj.flags = SC_PKCS15_CO_FLAG_MODIFIABLE; + r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, + &cert_info); + if (r) + goto out; + pkey = cert->key; + + if (pkey->algorithm == SC_ALGORITHM_RSA) { + modulus_length = (int)(pkey->u.rsa.modulus.len * 8); + } + + } + else + { + /* or public key */ + memset(&pubkey_info, 0, sizeof(pubkey_info)); + memset(&pubkey_obj, 0, sizeof(pubkey_obj)); + pubkey_info.id.len = 1; + pubkey_info.id.value[0] = 0x45; + pubkey_info.modulus_length = modulus_length; + pubkey_info.key_reference = 1; + pubkey_info.native = 1; + pubkey_info.usage = + SC_PKCS15_PRKEY_USAGE_VERIFY | + SC_PKCS15_PRKEY_USAGE_VERIFYRECOVER | + SC_PKCS15_PRKEY_USAGE_ENCRYPT | + SC_PKCS15_PRKEY_USAGE_WRAP; + pubkey_info.path = path; + strlcpy(pubkey_obj.label, "Public Key", + sizeof(pubkey_obj.label)); + pubkey_obj.auth_id.len = 1; + pubkey_obj.auth_id.value[0] = 1; + pubkey_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE; + pubkey_obj.type = SC_PKCS15_TYPE_PUBKEY_RSA; + if (pkey == NULL) { + pubkey_obj.data = &pubkey_info; + r = sc_pkcs15_read_pubkey(p15card, &pubkey_obj, &pkey); + if (r) + goto out; + /* not sure if necessary */ + pubkey_obj.flags = 0; + } + if (pkey->algorithm == SC_ALGORITHM_RSA) { + modulus_length = (int)(pkey->u.rsa.modulus.len * 8); + } + pubkey_info.modulus_length = modulus_length; + pubkey_obj.data = pkey; + r = sc_pkcs15emu_add_rsa_pubkey(p15card, &pubkey_obj, + &pubkey_info); + if (r < 0) + goto out; + } + } + if (file) + sc_file_free(file); + file = NULL; + sc_format_path("0001", &path); + r = sc_select_file(card, &path, &file); + if (r) + { + goto out; + } + else + { + struct sc_pkcs15_prkey_info prkey_info; + struct sc_pkcs15_object prkey_obj; + memset(&prkey_info, 0, sizeof(prkey_info)); + memset(&prkey_obj, 0, sizeof(prkey_obj)); + prkey_info.id.len = 1; + prkey_info.id.value[0] = 0x45; + prkey_info.usage = + SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_DECRYPT + | SC_PKCS15_PRKEY_USAGE_NONREPUDIATION; + prkey_info.native = 1; + prkey_info.key_reference = 1; + prkey_info.modulus_length = modulus_length; + prkey_info.path = path; + strlcpy(prkey_obj.label, "Private Key", + sizeof(prkey_obj.label)); + prkey_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE; + prkey_obj.auth_id.len = 1; + prkey_obj.auth_id.value[0] = 1; + r = sc_pkcs15emu_add_rsa_prkey(p15card, &prkey_obj, + &prkey_info); + if (r < 0) + goto out; + } + r = 0; +out: + if (file) + sc_file_free(file); + return r; +} + +static int westcos_detect_card(sc_pkcs15_card_t * p15card) +{ + sc_card_t *card = p15card->card; + sc_context_t *ctx = card->ctx; + const char *name = "WESTCOS"; + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + "westcos_detect_card (%s)", card->name); + if (strncmp(card->name, name, strlen(name))) + return SC_ERROR_WRONG_CARD; + return SC_SUCCESS; +} + +int sc_pkcs15emu_westcos_init_ex(sc_pkcs15_card_t * p15card, + sc_pkcs15emu_opt_t * opts) +{ + int r; + sc_card_t *card = p15card->card; + sc_context_t *ctx = card->ctx; + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + "sc_pkcs15_init_func_ex westcos\n"); + if (opts && opts->flags & SC_PKCS15EMU_FLAGS_NO_CHECK) + return sc_pkcs15emu_westcos_init(p15card); + r = westcos_detect_card(p15card); + if (r) + return SC_ERROR_WRONG_CARD; + return sc_pkcs15emu_westcos_init(p15card); +} diff -Nru opensc-0.11.13/src/libopensc/pkcs15-wrap.c opensc-0.12.1/src/libopensc/pkcs15-wrap.c --- opensc-0.11.13/src/libopensc/pkcs15-wrap.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/pkcs15-wrap.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,8 +18,8 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" -#include "pkcs15.h" +#include "config.h" + #ifdef ENABLE_OPENSSL #include #include @@ -36,7 +36,9 @@ * Everything seems to work fine however if the openssl one is included * first. */ +#include "internal.h" #include "asn1.h" +#include "pkcs15.h" #ifndef ENABLE_OPENSSL @@ -78,7 +80,7 @@ /* XXX: We might also encounter PBES2 here */ if (der_alg->algorithm != SC_ALGORITHM_PBKDF2) { - sc_error(ctx, "Unsupported key derivation algorithm.\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Unsupported key derivation algorithm.\n"); return SC_ERROR_NOT_SUPPORTED; } @@ -92,27 +94,27 @@ iv = (u8 *) enc_alg->params; break; default: - sc_error(ctx, "Unsupported key encryption algorithm.\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Unsupported key encryption algorithm.\n"); return SC_ERROR_NOT_SUPPORTED; } if (!iv) { - sc_error(ctx, "Unsupported key encryption parameters.\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Unsupported key encryption parameters.\n"); return SC_ERROR_NOT_SUPPORTED; } key_len = EVP_CIPHER_key_length(cipher); info = (struct sc_pbkdf2_params *) der_alg->params; if (!info) { - sc_error(ctx, "Key parameters missing.\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Key parameters missing.\n"); return SC_ERROR_INVALID_ARGUMENTS; } if (info->key_length && info->key_length != key_len) { - sc_error(ctx, "Incompatible key length.\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Incompatible key length.\n"); return SC_ERROR_INVALID_ARGUMENTS; } if (key_len > sizeof(key)) { - sc_error(ctx, "Huge key length (%u).\n", key_len); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Huge key length (%u).\n", key_len); return SC_ERROR_INVALID_ARGUMENTS; } @@ -120,7 +122,7 @@ info->salt, info->salt_len, info->iterations, key_len, key); if (r == 0) { - sc_error(ctx, "Key derivation failed.\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Key derivation failed.\n"); return SC_ERROR_INTERNAL; /* for lack of something better */ } @@ -136,9 +138,10 @@ { const u8 *end; u8 *p; - size_t bl, done, left, total; + size_t bl, left, total; + int done; - *out = p = (u8 *) malloc(in_len + EVP_CIPHER_CTX_key_length(cipher_ctx)); + *out = p = malloc(in_len + EVP_CIPHER_CTX_key_length(cipher_ctx)); *out_len = total = 0; bl = EVP_CIPHER_CTX_block_size(cipher_ctx); @@ -147,14 +150,14 @@ if ((left = end - in) > bl) left = bl; if (!EVP_CipherUpdate(cipher_ctx, - p + total, (int *) &done, + p + total, &done, (u8 *) in, (int)left)) goto fail; total += done; in += left; } if (1 || total < in_len) { - if (!EVP_CipherFinal(cipher_ctx, p + total, (int *) &done)) + if (!EVP_CipherFinal(cipher_ctx, p + total, &done)) goto fail; total += done; } @@ -223,7 +226,7 @@ memset(&envdata, 0, sizeof(envdata)); r = sc_pkcs15_decode_enveloped_data(ctx, &envdata, in, in_len); if (r < 0) { - sc_error(ctx, "Failed to decode EnvelopedData.\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Failed to decode EnvelopedData.\n"); return r; } diff -Nru opensc-0.11.13/src/libopensc/reader-ctapi.c opensc-0.12.1/src/libopensc/reader-ctapi.c --- opensc-0.11.13/src/libopensc/reader-ctapi.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/reader-ctapi.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,15 +18,17 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" -#include "ctbcs.h" +#include "config.h" + +#ifdef ENABLE_CTAPI #include #include #include -#include + +#include "internal.h" +#include "ctbcs.h" #define GET_PRIV_DATA(r) ((struct ctapi_private_data *) (r)->drv_data) -#define GET_SLOT_DATA(r) ((struct ctapi_slot_data *) (r)->drv_data) #ifdef _WIN32 typedef char pascal CT_INIT_TYPE(unsigned short ctn, unsigned short Pn); @@ -71,14 +73,11 @@ struct ctapi_functions funcs; unsigned short ctn; int ctapi_functional_units; + int slot; }; -struct ctapi_slot_data { - void *filler; -}; - -/* Reset slot or reader */ -static int ctapi_reset(sc_reader_t *reader, sc_slot_info_t *slot) +/* Reset reader */ +static int ctapi_reset(sc_reader_t *reader) { struct ctapi_private_data *priv = GET_PRIV_DATA(reader); char rv; @@ -87,7 +86,7 @@ cmd[0] = CTBCS_CLA; cmd[1] = CTBCS_INS_RESET; - cmd[2] = slot ? CTBCS_P1_INTERFACE1 + slot->id : CTBCS_P1_CT_KERNEL; + cmd[2] = priv->slot ? CTBCS_P1_INTERFACE1 + priv->slot : CTBCS_P1_CT_KERNEL; cmd[3] = 0x00; /* No response. We might also use 0x01 (return ATR) or 0x02 (return historical bytes) here */ cmd[4] = 0x00; dad = 1; @@ -96,148 +95,18 @@ rv = priv->funcs.CT_data(priv->ctn, &dad, &sad, 5, cmd, &lr, rbuf); if (rv || (lr < 2)) { - sc_error(reader->ctx, "Error getting status of terminal: %d, using defaults\n", rv); + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "Error getting status of terminal: %d, using defaults\n", rv); return SC_ERROR_TRANSMIT_FAILED; } if (rbuf[lr-2] != 0x90) { - sc_error(reader->ctx, "SW1/SW2: 0x%x/0x%x\n", rbuf[lr-2], rbuf[lr-1]); + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "SW1/SW2: 0x%x/0x%x\n", rbuf[lr-2], rbuf[lr-1]); return SC_ERROR_TRANSMIT_FAILED; } return 0; } -static void set_default_fu(sc_reader_t *reader) -{ - if (!reader) return; - - reader->slot_count = 1; - reader->slot[0].id = 0; - reader->slot[0].capabilities = 0; - reader->slot[0].atr_len = 0; - reader->slot[0].drv_data = NULL; -} -/* Detect functional units of the reader according to CT-BCS spec version 1.0 - (14.04.2004, http://www.teletrust.de/down/mct1-0_t4.zip) */ -static void detect_functional_units(sc_reader_t *reader) -{ - struct ctapi_private_data *priv = GET_PRIV_DATA(reader); - char rv; - u8 cmd[5], rbuf[256], sad, dad; - unsigned short lr; - int NumUnits; - int i; - - priv->ctapi_functional_units = 0; - - cmd[0] = CTBCS_CLA; - cmd[1] = CTBCS_INS_STATUS; - cmd[2] = CTBCS_P1_CT_KERNEL; - cmd[3] = CTBCS_P2_STATUS_TFU; - cmd[4] = 0x00; - dad = 1; - sad = 2; - lr = 256; - - rv = priv->funcs.CT_data(priv->ctn, &dad, &sad, 5, cmd, &lr, rbuf); - if (rv || (lr < 4) || (rbuf[lr-2] != 0x90)) { - sc_error(reader->ctx, "Error getting status of terminal: %d, using defaults\n", rv); - set_default_fu(reader); - return; - } - if (rbuf[0] != CTBCS_P2_STATUS_TFU) { - /* Number of slots might also detected by using CTBCS_P2_STATUS_ICC. - If you think that's important please do it... ;) */ - set_default_fu(reader); - sc_error(reader->ctx, "Invalid data object returnd on CTBCS_P2_STATUS_TFU: 0x%x\n", rbuf[0]); - return; - } - NumUnits = rbuf[1]; - if (NumUnits + 4 > lr) { - set_default_fu(reader); - sc_error(reader->ctx, "Invalid data returnd: %d functional units, size %d\n", NumUnits, rv); - set_default_fu(reader); - return; - } - reader->slot_count = 0; - for(i = 0; i < NumUnits; i++) { - switch(rbuf[i+2]) - { - case CTBCS_P1_INTERFACE1: - case CTBCS_P1_INTERFACE2: - case CTBCS_P1_INTERFACE3: - case CTBCS_P1_INTERFACE4: - case CTBCS_P1_INTERFACE5: - case CTBCS_P1_INTERFACE6: - case CTBCS_P1_INTERFACE7: - case CTBCS_P1_INTERFACE8: - case CTBCS_P1_INTERFACE9: - case CTBCS_P1_INTERFACE10: - case CTBCS_P1_INTERFACE11: - case CTBCS_P1_INTERFACE12: - case CTBCS_P1_INTERFACE13: - case CTBCS_P1_INTERFACE14: - /* Maybe a weak point here if multiple interfaces are present and not returned - in the "canonical" order. This is not forbidden by the specs, but why should - anyone want to do that? */ - if (reader->slot_count >= SC_MAX_SLOTS) { - sc_debug(reader->ctx, "Ignoring slot id 0x%x, can only handle %d slots\n", rbuf[i+2], SC_MAX_SLOTS); - } else { - reader->slot[reader->slot_count].id = reader->slot_count; - reader->slot[reader->slot_count].capabilities = 0; /* Just to start with */ - reader->slot[reader->slot_count].atr_len = 0; - reader->slot[reader->slot_count].drv_data = NULL; - reader->slot_count++; - } - break; - - case CTBCS_P1_DISPLAY: - priv->ctapi_functional_units |= CTAPI_FU_DISPLAY; - sc_debug(reader->ctx, "Display detected\n"); - break; - - case CTBCS_P1_KEYPAD: - priv->ctapi_functional_units |= CTAPI_FU_KEYBOARD; - sc_debug(reader->ctx, "Keypad detected\n"); - break; - - case CTBCS_P1_PRINTER: - priv->ctapi_functional_units |= CTAPI_FU_PRINTER; - sc_debug(reader->ctx, "Printer detected\n"); - break; - - case CTBCS_P1_FINGERPRINT: - case CTBCS_P1_VOICEPRINT: - case CTBCS_P1_DSV: - case CTBCS_P1_FACE_RECOGNITION: - case CTBCS_P1_IRISSCAN: - priv->ctapi_functional_units |= CTAPI_FU_BIOMETRIC; - sc_debug(reader->ctx, "Biometric sensor detected\n"); - break; - - default: - sc_debug(reader->ctx, "Unknown functional unit 0x%x\n", rbuf[i+2]); - } - - } - if (reader->slot_count == 0) { - sc_debug(reader->ctx, "No slots returned, assuming one default slot\n"); - set_default_fu(reader); - } - /* CT-BCS does not define Keyboard/Display for each slot, so I assume - those additional units can be used for each slot */ - if (priv->ctapi_functional_units) { - for(i = 0; i < reader->slot_count; i++) { - if (priv->ctapi_functional_units & CTAPI_FU_KEYBOARD) - reader->slot[i].capabilities |= SC_SLOT_CAP_PIN_PAD; - if (priv->ctapi_functional_units & CTAPI_FU_DISPLAY) - reader->slot[i].capabilities |= SC_SLOT_CAP_DISPLAY; - } - } -} - -static int refresh_slot_attributes(sc_reader_t *reader, - sc_slot_info_t *slot) +static int refresh_attributes(sc_reader_t *reader) { struct ctapi_private_data *priv = GET_PRIV_DATA(reader); char rv; @@ -253,39 +122,31 @@ sad = 2; lr = 256; - slot->flags = 0; + reader->flags = 0; rv = priv->funcs.CT_data(priv->ctn, &dad, &sad, 5, cmd, &lr, rbuf); if (rv || (lr < 3) || (rbuf[lr-2] != 0x90)) { - sc_error(reader->ctx, "Error getting status of terminal: %d/%d/0x%x\n", rv, lr, rbuf[lr-2]); + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "Error getting status of terminal: %d/%d/0x%x\n", rv, lr, rbuf[lr-2]); return SC_ERROR_TRANSMIT_FAILED; } if (lr < 4) { - /* Looks like older readers do not return data tag and length field, so assume one slot only */ - if (slot->id > 0) { - sc_error(reader->ctx, "Status for slot id %d not returned, have only 1\n", slot->id); - return SC_ERROR_SLOT_NOT_FOUND; - } if (rbuf[0] & CTBCS_DATA_STATUS_CARD) - slot->flags = SC_SLOT_CARD_PRESENT; + reader->flags = SC_READER_CARD_PRESENT; } else { if (rbuf[0] != CTBCS_P2_STATUS_ICC) { /* Should we be more tolerant here? I do not think so... */ - sc_error(reader->ctx, "Invalid data object returnd on CTBCS_P2_STATUS_ICC: 0x%x\n", rbuf[0]); + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "Invalid data object returnd on CTBCS_P2_STATUS_ICC: 0x%x\n", rbuf[0]); return SC_ERROR_TRANSMIT_FAILED; - } - if (rbuf[1] <= slot->id) { - sc_error(reader->ctx, "Status for slot id %d not returned, only %d\n", slot->id, rbuf[1]); - return SC_ERROR_SLOT_NOT_FOUND; } - if (rbuf[2+slot->id] & CTBCS_DATA_STATUS_CARD) - slot->flags = SC_SLOT_CARD_PRESENT; + /* Fixme - should not be reached */ + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "Returned status for %d slots\n", rbuf[1]); + reader->flags = SC_READER_CARD_PRESENT; } return 0; } -static int ctapi_internal_transmit(sc_reader_t *reader, sc_slot_info_t *slot, +static int ctapi_internal_transmit(sc_reader_t *reader, const u8 *sendbuf, size_t sendsize, u8 *recvbuf, size_t *recvsize, unsigned long control) @@ -297,16 +158,15 @@ if (control) dad = 1; - else if (!slot || slot->id == 0) - dad = 0; else - dad = slot->id + 1; /* Adressing of multiple slots, according to CT API 1.0 */ + dad = 0; + sad = 2; lr = *recvsize; rv = priv->funcs.CT_data(priv->ctn, &dad, &sad, (unsigned short)sendsize, (u8 *) sendbuf, &lr, recvbuf); if (rv != 0) { - sc_error(reader->ctx, "Error transmitting APDU: %d\n", rv); + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "Error transmitting APDU: %d\n", rv); return SC_ERROR_TRANSMIT_FAILED; } *recvsize = lr; @@ -314,8 +174,7 @@ return 0; } -static int ctapi_transmit(sc_reader_t *reader, sc_slot_info_t *slot, - sc_apdu_t *apdu) +static int ctapi_transmit(sc_reader_t *reader, sc_apdu_t *apdu) { size_t ssize, rsize, rbuflen = 0; u8 *sbuf = NULL, *rbuf = NULL; @@ -324,24 +183,22 @@ rsize = rbuflen = apdu->resplen + 2; rbuf = malloc(rbuflen); if (rbuf == NULL) { - r = SC_ERROR_MEMORY_FAILURE; + r = SC_ERROR_OUT_OF_MEMORY; goto out; } /* encode and log the APDU */ r = sc_apdu_get_octets(reader->ctx, apdu, &sbuf, &ssize, SC_PROTO_RAW); if (r != SC_SUCCESS) goto out; - if (reader->ctx->debug >= 6) - sc_apdu_log(reader->ctx, sbuf, ssize, 1); - r = ctapi_internal_transmit(reader, slot, sbuf, ssize, + sc_apdu_log(reader->ctx, SC_LOG_DEBUG_NORMAL, sbuf, ssize, 1); + r = ctapi_internal_transmit(reader, sbuf, ssize, rbuf, &rsize, apdu->control); if (r < 0) { /* unable to transmit ... most likely a reader problem */ - sc_error(reader->ctx, "unable to transmit"); + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "unable to transmit"); goto out; } - if (reader->ctx->debug >= 6) - sc_apdu_log(reader->ctx, rbuf, rsize, 0); + sc_apdu_log(reader->ctx, SC_LOG_DEBUG_NORMAL, rbuf, rsize, 0); /* set response */ r = sc_apdu_set_resp(reader->ctx, apdu, rbuf, rsize); out: @@ -357,17 +214,17 @@ return r; } -static int ctapi_detect_card_presence(sc_reader_t *reader, sc_slot_info_t *slot) +static int ctapi_detect_card_presence(sc_reader_t *reader) { int r; - r = refresh_slot_attributes(reader, slot); + r = refresh_attributes(reader); if (r) return r; - return slot->flags; + return reader->flags; } -static int ctapi_connect(sc_reader_t *reader, sc_slot_info_t *slot) +static int ctapi_connect(sc_reader_t *reader) { struct ctapi_private_data *priv = GET_PRIV_DATA(reader); char rv; @@ -377,7 +234,7 @@ cmd[0] = CTBCS_CLA; cmd[1] = CTBCS_INS_REQUEST; - cmd[2] = CTBCS_P1_INTERFACE1+slot->id; + cmd[2] = CTBCS_P1_INTERFACE1; cmd[3] = CTBCS_P2_REQUEST_GET_ATR; cmd[4] = 0x00; dad = 1; @@ -386,26 +243,26 @@ rv = priv->funcs.CT_data(priv->ctn, &dad, &sad, 5, cmd, &lr, rbuf); if (rv || rbuf[lr-2] != 0x90) { - sc_error(reader->ctx, "Error activating card: %d\n", rv); + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "Error activating card: %d\n", rv); return SC_ERROR_TRANSMIT_FAILED; } if (lr < 2) - SC_FUNC_RETURN(reader->ctx, 0, SC_ERROR_INTERNAL); + SC_FUNC_RETURN(reader->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INTERNAL); lr -= 2; if (lr > SC_MAX_ATR_SIZE) - lr = SC_MAX_ATR_SIZE; - memcpy(slot->atr, rbuf, lr); - slot->atr_len = lr; - r = _sc_parse_atr(reader->ctx, slot); + return SC_ERROR_INTERNAL; + reader->atr.len = lr; + memcpy(reader->atr.value, rbuf, lr); + r = _sc_parse_atr(reader); #if 0 - if (slot->atr_info.Fi > 0) { + if (reader->atr_info.Fi > 0) { /* Perform PPS negotiation */ cmd[1] = CTBCS_INS_RESET; cmd[4] = 0x03; cmd[5] = 0xFF; cmd[6] = 0x10; - cmd[7] = (slot->atr_info.FI << 4) | slot->atr_info.DI; + cmd[7] = (reader->atr_info.FI << 4) | reader->atr_info.DI; cmd[8] = 0x00; dad = 1; sad = 2; @@ -413,7 +270,7 @@ rv = priv->funcs.CT_data(priv->ctn, &dad, &sad, 9, cmd, &lr, rbuf); if (rv) { - sc_error(reader->ctx, "Error negotiating PPS: %d\n", rv); + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "Error negotiating PPS: %d\n", rv); return SC_ERROR_TRANSMIT_FAILED; } } @@ -421,17 +278,17 @@ return 0; } -static int ctapi_disconnect(sc_reader_t *reader, sc_slot_info_t *slot) +static int ctapi_disconnect(sc_reader_t *reader) { return 0; } -static int ctapi_lock(sc_reader_t *reader, sc_slot_info_t *slot) +static int ctapi_lock(sc_reader_t *reader) { return 0; } -static int ctapi_unlock(sc_reader_t *reader, sc_slot_info_t *slot) +static int ctapi_unlock(sc_reader_t *reader) { return 0; } @@ -479,28 +336,32 @@ struct ctapi_module *mod; const scconf_list *list; void *dlh; - int r, i; + int r, i, NumUnits; + u8 cmd[5], rbuf[256], sad, dad; + unsigned short lr; + + list = scconf_find_list(conf, "ports"); if (list == NULL) { - sc_error(ctx, "No ports configured.\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "No ports configured.\n"); return -1; } val = conf->name->data; - dlh = lt_dlopen(val); + dlh = sc_dlopen(val); if (!dlh) { - sc_error(ctx, "Unable to open shared library '%s': %s\n", val, lt_dlerror()); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Unable to open shared library '%s': %s\n", val, sc_dlerror()); return -1; } - funcs.CT_init = (CT_INIT_TYPE *) lt_dlsym(dlh, "CT_init"); + funcs.CT_init = (CT_INIT_TYPE *) sc_dlsym(dlh, "CT_init"); if (!funcs.CT_init) goto symerr; - funcs.CT_close = (CT_CLOSE_TYPE *) lt_dlsym(dlh, "CT_close"); + funcs.CT_close = (CT_CLOSE_TYPE *) sc_dlsym(dlh, "CT_close"); if (!funcs.CT_close) goto symerr; - funcs.CT_data = (CT_DATA_TYPE *) lt_dlsym(dlh, "CT_data"); + funcs.CT_data = (CT_DATA_TYPE *) sc_dlsym(dlh, "CT_data"); if (!funcs.CT_data) goto symerr; @@ -513,16 +374,19 @@ struct ctapi_private_data *priv; if (sscanf(list->data, "%d", &port) != 1) { - sc_error(ctx, "Port '%s' is not a number.\n", list->data); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Port '%s' is not a number.\n", list->data); continue; } rv = funcs.CT_init((unsigned short)mod->ctn_count, (unsigned short)port); if (rv) { - sc_error(ctx, "CT_init() failed with %d\n", rv); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "CT_init() failed with %d\n", rv); continue; } - reader = (sc_reader_t *) calloc(1, sizeof(sc_reader_t)); - priv = (struct ctapi_private_data *) malloc(sizeof(struct ctapi_private_data)); + + reader = calloc(1, sizeof(sc_reader_t)); + priv = calloc(1, sizeof(struct ctapi_private_data)); + if (!priv) + return SC_ERROR_OUT_OF_MEMORY; reader->drv_data = priv; reader->ops = &ctapi_ops; reader->driver = &ctapi_drv; @@ -538,33 +402,112 @@ free(reader); break; } - /* slot count and properties are set in detect_functional_units */ - detect_functional_units(reader); - ctapi_reset(reader, NULL); - for(i = 0; i < reader->slot_count; i++) { - refresh_slot_attributes(reader, &(reader->slot[i])); + /* Detect functional units of the reader according to CT-BCS spec version 1.0 + (14.04.2004, http://www.teletrust.de/down/mct1-0_t4.zip) */ + cmd[0] = CTBCS_CLA; + cmd[1] = CTBCS_INS_STATUS; + cmd[2] = CTBCS_P1_CT_KERNEL; + cmd[3] = CTBCS_P2_STATUS_TFU; + cmd[4] = 0x00; + dad = 1; + sad = 2; + lr = 256; + + rv = priv->funcs.CT_data(priv->ctn, &dad, &sad, 5, cmd, &lr, rbuf); + if (rv || (lr < 4) || (rbuf[lr-2] != 0x90)) { + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "Error getting status of terminal: %d, using defaults\n", rv); + } + if (rbuf[0] != CTBCS_P2_STATUS_TFU) { + /* Number of slots might also detected by using CTBCS_P2_STATUS_ICC. + If you think that's important please do it... ;) */ + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "Invalid data object returnd on CTBCS_P2_STATUS_TFU: 0x%x\n", rbuf[0]); + } + NumUnits = rbuf[1]; + if (NumUnits + 4 > lr) { + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "Invalid data returnd: %d functional units, size %d\n", NumUnits, rv); + } + priv->ctapi_functional_units = 0; + for(i = 0; i < NumUnits; i++) { + switch(rbuf[i+2]) { + case CTBCS_P1_INTERFACE1: + case CTBCS_P1_INTERFACE2: + case CTBCS_P1_INTERFACE3: + case CTBCS_P1_INTERFACE4: + case CTBCS_P1_INTERFACE5: + case CTBCS_P1_INTERFACE6: + case CTBCS_P1_INTERFACE7: + case CTBCS_P1_INTERFACE8: + case CTBCS_P1_INTERFACE9: + case CTBCS_P1_INTERFACE10: + case CTBCS_P1_INTERFACE11: + case CTBCS_P1_INTERFACE12: + case CTBCS_P1_INTERFACE13: + case CTBCS_P1_INTERFACE14: + /* Maybe a weak point here if multiple interfaces are present and not returned + in the "canonical" order. This is not forbidden by the specs, but why should + anyone want to do that? */ + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "Found slot id 0x%x\n", rbuf[i+2]); + break; + + case CTBCS_P1_DISPLAY: + priv->ctapi_functional_units |= CTAPI_FU_DISPLAY; + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "Display detected\n"); + break; + + case CTBCS_P1_KEYPAD: + priv->ctapi_functional_units |= CTAPI_FU_KEYBOARD; + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "Keypad detected\n"); + break; + + case CTBCS_P1_PRINTER: + priv->ctapi_functional_units |= CTAPI_FU_PRINTER; + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "Printer detected\n"); + break; + + case CTBCS_P1_FINGERPRINT: + case CTBCS_P1_VOICEPRINT: + case CTBCS_P1_DSV: + case CTBCS_P1_FACE_RECOGNITION: + case CTBCS_P1_IRISSCAN: + priv->ctapi_functional_units |= CTAPI_FU_BIOMETRIC; + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "Biometric sensor detected\n"); + break; + + default: + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "Unknown functional unit 0x%x\n", rbuf[i+2]); + } + } + /* CT-BCS does not define Keyboard/Display for each slot, so I assume + those additional units can be used for each slot */ + if (priv->ctapi_functional_units) { + if (priv->ctapi_functional_units & CTAPI_FU_KEYBOARD) + reader->capabilities |= SC_READER_CAP_PIN_PAD; + if (priv->ctapi_functional_units & CTAPI_FU_DISPLAY) + reader->capabilities |= SC_READER_CAP_DISPLAY; } + ctapi_reset(reader); + refresh_attributes(reader); mod->ctn_count++; } return 0; symerr: - sc_error(ctx, "Unable to resolve CT-API symbols.\n"); - lt_dlclose(dlh); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Unable to resolve CT-API symbols.\n"); + sc_dlclose(dlh); return -1; } -static int ctapi_init(sc_context_t *ctx, void **reader_data) +static int ctapi_init(sc_context_t *ctx) { int i; struct ctapi_global_private_data *gpriv; scconf_block **blocks = NULL, *conf_block = NULL; - gpriv = (struct ctapi_global_private_data *) calloc(1, sizeof(struct ctapi_global_private_data)); + gpriv = calloc(1, sizeof(struct ctapi_global_private_data)); if (gpriv == NULL) return SC_ERROR_OUT_OF_MEMORY; - *reader_data = gpriv; + ctx->reader_drv_data = gpriv; for (i = 0; ctx->conf_blocks[i] != NULL; i++) { blocks = scconf_find_blocks(ctx->conf, ctx->conf_blocks[i], @@ -585,9 +528,9 @@ return 0; } -static int ctapi_finish(sc_context_t *ctx, void *prv_data) +static int ctapi_finish(sc_context_t *ctx) { - struct ctapi_global_private_data *priv = (struct ctapi_global_private_data *) prv_data; + struct ctapi_global_private_data *priv = (struct ctapi_global_private_data *) ctx->reader_drv_data; if (priv) { int i; @@ -596,7 +539,7 @@ struct ctapi_module *mod = &priv->modules[i]; free(mod->name); - lt_dlclose(mod->dlhandle); + sc_dlclose(mod->dlhandle); } if (priv->module_count) free(priv->modules); @@ -619,6 +562,8 @@ ctapi_ops.connect = ctapi_connect; ctapi_ops.disconnect = ctapi_disconnect; ctapi_ops.perform_verify = ctbcs_pin_cmd; + ctapi_ops.use_reader = NULL; return &ctapi_drv; } +#endif diff -Nru opensc-0.11.13/src/libopensc/reader-openct.c opensc-0.12.1/src/libopensc/reader-openct.c --- opensc-0.11.13/src/libopensc/reader-openct.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/reader-openct.c 2011-05-17 17:07:00.000000000 +0000 @@ -4,8 +4,9 @@ * Copyright (C) 2003 Olaf Kirch */ -#include "internal.h" -#ifdef ENABLE_OPENCT +#include "config.h" + +#ifdef ENABLE_OPENCT /* empty file without openct */ #include #include #include @@ -21,27 +22,21 @@ #include #include +#include "internal.h" + /* function declarations */ -static int openct_reader_init(sc_context_t *ctx, void **priv_data); +static int openct_reader_init(sc_context_t *ctx); static int openct_add_reader(sc_context_t *ctx, unsigned int num, ct_info_t *info); -static int openct_reader_finish(sc_context_t *ctx, void *priv_data); +static int openct_reader_finish(sc_context_t *ctx); static int openct_reader_release(sc_reader_t *reader); -static int openct_reader_detect_card_presence(sc_reader_t *reader, - sc_slot_info_t *slot); -static int openct_reader_connect(sc_reader_t *reader, - sc_slot_info_t *slot); -static int openct_reader_disconnect(sc_reader_t *reader, - sc_slot_info_t *slot); -static int openct_reader_transmit(sc_reader_t *reader, - sc_slot_info_t *slot, sc_apdu_t *apdu); -static int openct_reader_perform_verify(sc_reader_t *reader, - sc_slot_info_t *slot, - struct sc_pin_cmd_data *info); -static int openct_reader_lock(sc_reader_t *reader, - sc_slot_info_t *slot); -static int openct_reader_unlock(sc_reader_t *reader, - sc_slot_info_t *slot); -static int openct_error(sc_reader_t *, int); +static int openct_reader_detect_card_presence(sc_reader_t *reader); +static int openct_reader_connect(sc_reader_t *reader); +static int openct_reader_disconnect(sc_reader_t *reader); +static int openct_reader_transmit(sc_reader_t *reader, sc_apdu_t *apdu); +static int openct_reader_perform_verify(sc_reader_t *reader, struct sc_pin_cmd_data *info); +static int openct_reader_lock(sc_reader_t *reader); +static int openct_reader_unlock(sc_reader_t *reader); +static int openct_error(sc_reader_t *, int); static struct sc_reader_operations openct_ops; @@ -57,11 +52,9 @@ ct_handle * h; unsigned int num; ct_info_t info; -}; - -struct slot_data { ct_lock_handle excl_lock; ct_lock_handle shared_lock; + unsigned int slot; }; /* @@ -71,13 +64,12 @@ * is loaded */ static int -openct_reader_init(sc_context_t *ctx, void **priv_data) +openct_reader_init(sc_context_t *ctx) { unsigned int i,max_virtual; scconf_block *conf_block; - SC_FUNC_CALLED(ctx, 1); - + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); max_virtual = 2; conf_block = sc_get_conf_block(ctx, "reader_driver", "openct", 1); @@ -87,7 +79,7 @@ for (i = 0; i < OPENCT_MAX_READERS; i++) { ct_info_t info; - + /* XXX: As long as OpenCT has slots, multislot readers should create several instances here. */ if (ct_reader_info(i, &info) >= 0) { openct_add_reader(ctx, i, &info); } else if (i < max_virtual) { @@ -95,7 +87,7 @@ } } - return SC_NO_ERROR; + return SC_SUCCESS; } static int @@ -103,7 +95,7 @@ { sc_reader_t *reader; struct driver_data *data; - int rc, i; + int rc; if (!(reader = calloc(1, sizeof(*reader))) || !(data = (calloc(1, sizeof(*data))))) { @@ -124,7 +116,6 @@ reader->ops = &openct_ops; reader->drv_data = data; reader->name = strdup(data->info.ct_name); - reader->slot_count = data->info.ct_slots; if ((rc = _sc_add_reader(ctx, reader)) < 0) { free(data); @@ -133,15 +124,10 @@ return rc; } - for (i = 0; i < SC_MAX_SLOTS; i++) { - reader->slot[i].drv_data = calloc(1, sizeof(struct slot_data)); - reader->slot[i].id = i; - if (data->info.ct_display) - reader->slot[i].capabilities |= SC_SLOT_CAP_DISPLAY; - if (data->info.ct_keypad) - reader->slot[i].capabilities |= SC_SLOT_CAP_PIN_PAD; - } - + if (data->info.ct_display) + reader->capabilities |= SC_READER_CAP_DISPLAY; + if (data->info.ct_keypad) + reader->capabilities |= SC_READER_CAP_PIN_PAD; return 0; } @@ -149,10 +135,10 @@ * Called when the driver is being unloaded. finish() has to * deallocate the private data and any resources. */ -static int openct_reader_finish(sc_context_t *ctx, void *priv_data) +static int openct_reader_finish(sc_context_t *ctx) { - SC_FUNC_CALLED(ctx, 1); - return SC_NO_ERROR; + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + return SC_SUCCESS; } /* @@ -163,9 +149,8 @@ static int openct_reader_release(sc_reader_t *reader) { struct driver_data *data = (struct driver_data *) reader->drv_data; - int i; - SC_FUNC_CALLED(reader->ctx, 1); + SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_VERBOSE); if (data) { if (data->h) ct_reader_disconnect(data->h); @@ -173,79 +158,71 @@ reader->drv_data = NULL; free(data); } - - for (i = 0; i < SC_MAX_SLOTS; i++) { - if(reader->slot[i].drv_data) - free(reader->slot[i].drv_data); - } - return SC_NO_ERROR; + return SC_SUCCESS; } /* * Check whether a card was added/removed */ -static int openct_reader_detect_card_presence(sc_reader_t *reader, - sc_slot_info_t *slot) +static int openct_reader_detect_card_presence(sc_reader_t *reader) { struct driver_data *data = (struct driver_data *) reader->drv_data; int rc, status; - SC_FUNC_CALLED(reader->ctx, 1); + SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_VERBOSE); - slot->flags = 0; + reader->flags = 0; if (!data->h && !(data->h = ct_reader_connect(data->num))) return 0; - if ((rc = ct_card_status(data->h, slot->id, &status)) < 0) + if ((rc = ct_card_status(data->h, data->slot, &status)) < 0) return SC_ERROR_TRANSMIT_FAILED; if (status & IFD_CARD_PRESENT) { - slot->flags = SC_SLOT_CARD_PRESENT; + reader->flags = SC_READER_CARD_PRESENT; if (status & IFD_CARD_STATUS_CHANGED) - slot->flags = SC_SLOT_CARD_PRESENT; + reader->flags = SC_READER_CARD_PRESENT; } - return slot->flags; + return reader->flags; } static int -openct_reader_connect(sc_reader_t *reader, - sc_slot_info_t *slot) +openct_reader_connect(sc_reader_t *reader) { struct driver_data *data = (struct driver_data *) reader->drv_data; int rc; - SC_FUNC_CALLED(reader->ctx, 1); + SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_VERBOSE); if (data->h) ct_reader_disconnect(data->h); if (!(data->h = ct_reader_connect(data->num))) { - sc_error(reader->ctx, "ct_reader_connect socket failed\n"); + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "ct_reader_connect socket failed\n"); return SC_ERROR_CARD_NOT_PRESENT; } - rc = ct_card_request(data->h, slot->id, 0, NULL, - slot->atr, sizeof(slot->atr)); + rc = ct_card_request(data->h, data->slot, 0, NULL, + reader->atr.value, sizeof(reader->atr.value)); if (rc < 0) { - sc_error(reader->ctx, + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "openct_reader_connect read failed: %s\n", ct_strerror(rc)); return SC_ERROR_CARD_NOT_PRESENT; } if (rc == 0) { - sc_error(reader->ctx, "openct_reader_connect recved no data\n"); + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "openct_reader_connect recved no data\n"); return SC_ERROR_READER; } - slot->atr_len = rc; - return SC_NO_ERROR; + reader->atr.len = rc; + return SC_SUCCESS; } static int -openct_reader_reconnect(sc_reader_t *reader, - sc_slot_info_t *slot) +openct_reader_reconnect(sc_reader_t *reader) { struct driver_data *data = (struct driver_data *) reader->drv_data; int rc; @@ -253,25 +230,24 @@ if (data->h != NULL) return 0; - if ((rc = openct_reader_connect(reader, slot)) < 0) + if ((rc = openct_reader_connect(reader)) < 0) return SC_ERROR_READER_DETACHED; return SC_ERROR_READER_REATTACHED; } -static int openct_reader_disconnect(sc_reader_t *reader, sc_slot_info_t *slot) +static int openct_reader_disconnect(sc_reader_t *reader) { struct driver_data *data = (struct driver_data *) reader->drv_data; - SC_FUNC_CALLED(reader->ctx, 1); + SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_VERBOSE); if (data->h) ct_reader_disconnect(data->h); data->h = NULL; - return SC_NO_ERROR; + return SC_SUCCESS; } static int openct_reader_internal_transmit(sc_reader_t *reader, - sc_slot_info_t *slot, const u8 *sendbuf, size_t sendsize, u8 *recvbuf, size_t *recvsize, unsigned long control) { @@ -279,10 +255,10 @@ int rc; /* Hotplug check */ - if ((rc = openct_reader_reconnect(reader, slot)) < 0) + if ((rc = openct_reader_reconnect(reader)) < 0) return rc; - rc = ct_card_transact(data->h, slot->id, + rc = ct_card_transact(data->h, data->slot, sendbuf, sendsize, recvbuf, *recvsize); @@ -298,8 +274,7 @@ return openct_error(reader, rc); } -static int openct_reader_transmit(sc_reader_t *reader, sc_slot_info_t *slot, - sc_apdu_t *apdu) +static int openct_reader_transmit(sc_reader_t *reader, sc_apdu_t *apdu) { size_t ssize, rsize, rbuflen = 0; u8 *sbuf = NULL, *rbuf = NULL; @@ -308,24 +283,22 @@ rsize = rbuflen = apdu->resplen + 2; rbuf = malloc(rbuflen); if (rbuf == NULL) { - r = SC_ERROR_MEMORY_FAILURE; + r = SC_ERROR_OUT_OF_MEMORY; goto out; } /* encode and log the APDU */ r = sc_apdu_get_octets(reader->ctx, apdu, &sbuf, &ssize, SC_PROTO_RAW); if (r != SC_SUCCESS) goto out; - if (reader->ctx->debug >= 6) - sc_apdu_log(reader->ctx, sbuf, ssize, 1); - r = openct_reader_internal_transmit(reader, slot, sbuf, ssize, + sc_apdu_log(reader->ctx, SC_LOG_DEBUG_NORMAL, sbuf, ssize, 1); + r = openct_reader_internal_transmit(reader, sbuf, ssize, rbuf, &rsize, apdu->control); if (r < 0) { /* unable to transmit ... most likely a reader problem */ - sc_error(reader->ctx, "unable to transmit"); + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "unable to transmit"); goto out; } - if (reader->ctx->debug >= 6) - sc_apdu_log(reader->ctx, rbuf, rsize, 0); + sc_apdu_log(reader->ctx, SC_LOG_DEBUG_NORMAL, rbuf, rsize, 0); /* set response */ r = sc_apdu_set_resp(reader->ctx, apdu, rbuf, rsize); out: @@ -341,8 +314,7 @@ return r; } -static int openct_reader_perform_verify(sc_reader_t *reader, - sc_slot_info_t *slot, struct sc_pin_cmd_data *info) +static int openct_reader_perform_verify(sc_reader_t *reader, struct sc_pin_cmd_data *info) { struct driver_data *data = (struct driver_data *) reader->drv_data; unsigned int pin_length = 0, pin_encoding; @@ -351,7 +323,7 @@ int rc; /* Hotplug check */ - if ((rc = openct_reader_reconnect(reader, slot)) < 0) + if ((rc = openct_reader_reconnect(reader)) < 0) return rc; if (info->apdu == NULL) { @@ -384,7 +356,7 @@ else return SC_ERROR_INVALID_ARGUMENTS; - rc = ct_card_verify(data->h, slot->id, + rc = ct_card_verify(data->h, data->slot, 0, /* no timeout?! */ info->pin1.prompt, pin_encoding, @@ -401,46 +373,44 @@ return 0; } -static int openct_reader_lock(sc_reader_t *reader, sc_slot_info_t *slot) +static int openct_reader_lock(sc_reader_t *reader) { struct driver_data *data = (struct driver_data *) reader->drv_data; - struct slot_data *slot_data = (struct slot_data *) slot->drv_data; int rc; - SC_FUNC_CALLED(reader->ctx, 1); + SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_VERBOSE); /* Hotplug check */ - if ((rc = openct_reader_reconnect(reader, slot)) < 0) + if ((rc = openct_reader_reconnect(reader)) < 0) return rc; - rc = ct_card_lock(data->h, slot->id, + rc = ct_card_lock(data->h, data->slot, IFD_LOCK_EXCLUSIVE, - &slot_data->excl_lock); + &data->excl_lock); if (rc == IFD_ERROR_NOT_CONNECTED) { ct_reader_disconnect(data->h); data->h = NULL; /* Try to reconnect as reader may be plugged-in again */ - return openct_reader_reconnect(reader, slot); + return openct_reader_reconnect(reader); } return openct_error(reader, rc); } -static int openct_reader_unlock(sc_reader_t *reader, sc_slot_info_t *slot) +static int openct_reader_unlock(sc_reader_t *reader) { struct driver_data *data = (struct driver_data *) reader->drv_data; - struct slot_data *slot_data = (struct slot_data *) slot->drv_data; int rc; - SC_FUNC_CALLED(reader->ctx, 1); + SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_VERBOSE); /* Not connected */ if (data->h == NULL) return 0; - rc = ct_card_unlock(data->h, slot->id, slot_data->excl_lock); + rc = ct_card_unlock(data->h, data->slot, data->excl_lock); /* We couldn't care less */ if (rc == IFD_ERROR_NOT_CONNECTED) @@ -480,6 +450,7 @@ openct_ops.perform_verify = openct_reader_perform_verify; openct_ops.lock = openct_reader_lock; openct_ops.unlock = openct_reader_unlock; + openct_ops.use_reader = NULL; return &openct_reader_driver; } diff -Nru opensc-0.11.13/src/libopensc/reader-pcsc.c opensc-0.12.1/src/libopensc/reader-pcsc.c --- opensc-0.11.13/src/libopensc/reader-pcsc.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/reader-pcsc.c 2011-05-17 17:07:00.000000000 +0000 @@ -2,6 +2,7 @@ * reader-pcsc.c: Reader driver for PC/SC interface * * Copyright (C) 2002 Juha Yrjölä + * Copyright (C) 2009,2010 Martin Paljak * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -18,14 +19,13 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" -#ifdef ENABLE_PCSC -#include "ctbcs.h" +#include "config.h" + +#ifdef ENABLE_PCSC /* empty file without pcsc */ #include #include #include #include -#include #ifdef _WIN32 #include @@ -33,31 +33,28 @@ #include #endif +#include "internal.h" #include "internal-winscard.h" -/* Some windows specific kludge */ -#undef SCARD_PROTOCOL_ANY -#define SCARD_PROTOCOL_ANY (SCARD_PROTOCOL_T0 | SCARD_PROTOCOL_T1) -/* Error printing */ -#define PCSC_ERROR(ctx, desc, rv) sc_error(ctx, desc ": 0x%08lx\n", rv); +/* Logging */ +#define PCSC_TRACE(reader, desc, rv) do { sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "%s:" desc ": 0x%08lx\n", reader->name, rv); } while (0) +#define PCSC_LOG(ctx, desc, rv) do { sc_debug(ctx, SC_LOG_DEBUG_NORMAL, desc ": 0x%08lx\n", rv); } while (0) /* Utility for handling big endian IOCTL codes. */ #define dw2i_be(a, x) ((((((a[x] << 8) + a[x+1]) << 8) + a[x+2]) << 8) + a[x+3]) #define GET_PRIV_DATA(r) ((struct pcsc_private_data *) (r)->drv_data) -#define GET_SLOT_DATA(r) ((struct pcsc_slot_data *) (r)->drv_data) - -static int part10_pin_cmd(sc_reader_t *reader, sc_slot_info_t *slot, - struct sc_pin_cmd_data *data); struct pcsc_global_private_data { SCARDCONTEXT pcsc_ctx; + SCARDCONTEXT pcsc_wait_ctx; int enable_pinpad; int connect_exclusive; - int connect_reset; - int transaction_reset; + DWORD disconnect_action; + DWORD transaction_end_action; + DWORD reconnect_action; const char *provider_library; - lt_dlhandle dlhandle; + void *dlhandle; SCardEstablishContext_t SCardEstablishContext; SCardReleaseContext_t SCardReleaseContext; SCardConnect_t SCardConnect; @@ -67,35 +64,48 @@ SCardEndTransaction_t SCardEndTransaction; SCardStatus_t SCardStatus; SCardGetStatusChange_t SCardGetStatusChange; + SCardCancel_t SCardCancel; SCardControlOLD_t SCardControlOLD; SCardControl_t SCardControl; SCardTransmit_t SCardTransmit; SCardListReaders_t SCardListReaders; + SCardGetAttrib_t SCardGetAttrib; }; struct pcsc_private_data { - char *reader_name; struct pcsc_global_private_data *gpriv; -}; - -struct pcsc_slot_data { SCARDHANDLE pcsc_card; - SCARD_READERSTATE_A reader_state; + SCARD_READERSTATE reader_state; DWORD verify_ioctl; DWORD verify_ioctl_start; DWORD verify_ioctl_finish; - + DWORD modify_ioctl; DWORD modify_ioctl_start; DWORD modify_ioctl_finish; + + DWORD pin_properties_ioctl; + int locked; }; -static int pcsc_detect_card_presence(sc_reader_t *reader, sc_slot_info_t *slot); +static int pcsc_detect_card_presence(sc_reader_t *reader); + +static DWORD pcsc_reset_action(const char *str) +{ + if (!strcmp(str, "reset")) + return SCARD_RESET_CARD; + else if (!strcmp(str, "unpower")) + return SCARD_UNPOWER_CARD; + else + return SCARD_LEAVE_CARD; +} -static int pcsc_ret_to_error(long rv) +static int pcsc_to_opensc_error(LONG rv) { switch (rv) { + case SCARD_S_SUCCESS: + return SC_SUCCESS; case SCARD_W_REMOVED_CARD: return SC_ERROR_CARD_REMOVED; case SCARD_E_NOT_TRANSACTED: @@ -105,7 +115,7 @@ case SCARD_W_UNPOWERED_CARD: return SC_ERROR_CARD_UNRESPONSIVE; case SCARD_E_SHARING_VIOLATION: - return SC_ERROR_READER; + return SC_ERROR_READER_LOCKED; #ifdef SCARD_E_NO_READERS_AVAILABLE /* Older pcsc-lite does not have it */ case SCARD_E_NO_READERS_AVAILABLE: return SC_ERROR_NO_READERS_FOUND; @@ -113,6 +123,10 @@ case SCARD_E_NO_SERVICE: /* If the service is (auto)started, there could be readers later */ return SC_ERROR_NO_READERS_FOUND; + case SCARD_E_NO_SMARTCARD: + return SC_ERROR_CARD_NOT_PRESENT; + case SCARD_E_PROTO_MISMATCH: /* Should not happen */ + return SC_ERROR_READER; default: return SC_ERROR_UNKNOWN; } @@ -146,7 +160,7 @@ } } -static int pcsc_internal_transmit(sc_reader_t *reader, sc_slot_info_t *slot, +static int pcsc_internal_transmit(sc_reader_t *reader, const u8 *sendbuf, size_t sendsize, u8 *recvbuf, size_t *recvsize, unsigned long control) @@ -156,15 +170,13 @@ DWORD dwSendLength, dwRecvLength; LONG rv; SCARDHANDLE card; - struct pcsc_slot_data *pslot = GET_SLOT_DATA(slot); - SC_FUNC_CALLED(reader->ctx, 3); - assert(pslot != NULL); - card = pslot->pcsc_card; + SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_NORMAL); + card = priv->pcsc_card; - sSendPci.dwProtocol = opensc_proto_to_pcsc(slot->active_protocol); + sSendPci.dwProtocol = opensc_proto_to_pcsc(reader->active_protocol); sSendPci.cbPciLength = sizeof(sSendPci); - sRecvPci.dwProtocol = opensc_proto_to_pcsc(slot->active_protocol); + sRecvPci.dwProtocol = opensc_proto_to_pcsc(reader->active_protocol); sRecvPci.cbPciLength = sizeof(sRecvPci); dwSendLength = sendsize; @@ -185,18 +197,15 @@ } if (rv != SCARD_S_SUCCESS) { + PCSC_TRACE(reader, "SCardTransmit/Control failed", rv); switch (rv) { case SCARD_W_REMOVED_CARD: return SC_ERROR_CARD_REMOVED; - case SCARD_E_NOT_TRANSACTED: - if (!(pcsc_detect_card_presence(reader, slot) & SC_SLOT_CARD_PRESENT)) - return SC_ERROR_CARD_REMOVED; - return SC_ERROR_TRANSMIT_FAILED; default: - /* Windows' PC/SC returns 0x8010002f (??) if a card is removed */ - if (pcsc_detect_card_presence(reader, slot) != 1) + /* Translate strange errors from card removal to a proper return code */ + pcsc_detect_card_presence(reader); + if (!(pcsc_detect_card_presence(reader) & SC_READER_CARD_PRESENT)) return SC_ERROR_CARD_REMOVED; - PCSC_ERROR(reader->ctx, "SCardTransmit failed", rv); return SC_ERROR_TRANSMIT_FAILED; } } @@ -207,8 +216,7 @@ return SC_SUCCESS; } -static int pcsc_transmit(sc_reader_t *reader, sc_slot_info_t *slot, - sc_apdu_t *apdu) +static int pcsc_transmit(sc_reader_t *reader, sc_apdu_t *apdu) { size_t ssize, rsize, rbuflen = 0; u8 *sbuf = NULL, *rbuf = NULL; @@ -222,25 +230,25 @@ rsize = rbuflen = apdu->resplen <= 256 ? 258 : apdu->resplen + 2; rbuf = malloc(rbuflen); if (rbuf == NULL) { - r = SC_ERROR_MEMORY_FAILURE; + r = SC_ERROR_OUT_OF_MEMORY; goto out; } /* encode and log the APDU */ - r = sc_apdu_get_octets(reader->ctx, apdu, &sbuf, &ssize, slot->active_protocol); + r = sc_apdu_get_octets(reader->ctx, apdu, &sbuf, &ssize, reader->active_protocol); if (r != SC_SUCCESS) goto out; - if (reader->ctx->debug >= 6) - sc_apdu_log(reader->ctx, sbuf, ssize, 1); + if (reader->name) + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "reader '%s'", reader->name); + sc_apdu_log(reader->ctx, SC_LOG_DEBUG_NORMAL, sbuf, ssize, 1); - r = pcsc_internal_transmit(reader, slot, sbuf, ssize, + r = pcsc_internal_transmit(reader, sbuf, ssize, rbuf, &rsize, apdu->control); if (r < 0) { /* unable to transmit ... most likely a reader problem */ - sc_error(reader->ctx, "unable to transmit"); + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "unable to transmit"); goto out; } - if (reader->ctx->debug >= 6) - sc_apdu_log(reader->ctx, rbuf, rsize, 0); + sc_apdu_log(reader->ctx, SC_LOG_DEBUG_NORMAL, rbuf, rsize, 0); /* set response */ r = sc_apdu_set_resp(reader->ctx, apdu, rbuf, rsize); out: @@ -252,449 +260,295 @@ sc_mem_clear(rbuf, rbuflen); free(rbuf); } - + return r; } - -static int refresh_slot_attributes(sc_reader_t *reader, sc_slot_info_t *slot) +/* Calls SCardGetStatusChange on the reader to set ATR and associated flags (card present/changed) */ +static int refresh_attributes(sc_reader_t *reader) { struct pcsc_private_data *priv = GET_PRIV_DATA(reader); - struct pcsc_slot_data *pslot = GET_SLOT_DATA(slot); - LONG ret; - - SC_FUNC_CALLED(reader->ctx, 3); - if (pslot->reader_state.szReader == NULL) { - pslot->reader_state.szReader = priv->reader_name; - pslot->reader_state.dwCurrentState = SCARD_STATE_UNAWARE; - pslot->reader_state.dwEventState = SCARD_STATE_UNAWARE; + int old_flags = reader->flags; + DWORD state, prev_state; + LONG rv; + + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "%s check", reader->name); + + if (priv->reader_state.szReader == NULL) { + priv->reader_state.szReader = reader->name; + priv->reader_state.dwCurrentState = SCARD_STATE_UNAWARE; + priv->reader_state.dwEventState = SCARD_STATE_UNAWARE; } else { - pslot->reader_state.dwCurrentState = pslot->reader_state.dwEventState; + priv->reader_state.dwCurrentState = priv->reader_state.dwEventState; } - ret = priv->gpriv->SCardGetStatusChange(priv->gpriv->pcsc_ctx, 0, &pslot->reader_state, 1); - if (ret == (LONG)SCARD_E_TIMEOUT) { /* timeout: nothing changed */ - slot->flags &= ~SCARD_STATE_CHANGED; - return 0; - } - if (ret != SCARD_S_SUCCESS) { - PCSC_ERROR(reader->ctx, "SCardGetStatusChange failed", ret); - return pcsc_ret_to_error(ret); - } - if (pslot->reader_state.dwEventState & SCARD_STATE_PRESENT) { - int old_flags = slot->flags; - int maybe_changed = 0; - - slot->flags |= SC_SLOT_CARD_PRESENT; - slot->atr_len = pslot->reader_state.cbAtr; - if (slot->atr_len > SC_MAX_ATR_SIZE) - slot->atr_len = SC_MAX_ATR_SIZE; - memcpy(slot->atr, pslot->reader_state.rgbAtr, slot->atr_len); + rv = priv->gpriv->SCardGetStatusChange(priv->gpriv->pcsc_ctx, 0, &priv->reader_state, 1); -#ifndef _WIN32 - /* On Linux, SCARD_STATE_CHANGED always means there was an - * insert or removal. But we may miss events that way. */ - if (pslot->reader_state.dwEventState & SCARD_STATE_CHANGED) { - slot->flags |= SC_SLOT_CARD_CHANGED; - } else { - maybe_changed = 1; + if (rv != SCARD_S_SUCCESS && rv != (LONG)SCARD_E_TIMEOUT) { + if (rv == (LONG)SCARD_E_TIMEOUT) { + reader->flags &= ~SC_READER_CARD_CHANGED; + SC_FUNC_RETURN(reader->ctx, SC_LOG_DEBUG_VERBOSE, SC_SUCCESS); } -#else - /* On windows, SCARD_STATE_CHANGED is turned on by lots of - * other events, so it gives us a lot of false positives. - * But if it's off, there really was no change */ - if (pslot->reader_state.dwEventState & SCARD_STATE_CHANGED) { - maybe_changed = 1; + PCSC_TRACE(reader, "SCardGetStatusChange failed", rv); + return pcsc_to_opensc_error(rv); + } + state = priv->reader_state.dwEventState; + prev_state = priv->reader_state.dwCurrentState; + + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "current state: 0x%08X", state); + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "previous state: 0x%08X", prev_state); + + if (state & SCARD_STATE_UNKNOWN) { + /* State means "reader unknown", but we have listed it at least once. + * There can be no cards in this reader. + * XXX: We'll hit it again, as no readers are removed currently. + */ + reader->flags &= ~(SC_READER_CARD_PRESENT); + return SC_ERROR_READER_DETACHED; + } + + reader->flags &= ~(SC_READER_CARD_CHANGED|SC_READER_CARD_INUSE|SC_READER_CARD_EXCLUSIVE); + + if (state & SCARD_STATE_PRESENT) { + reader->flags |= SC_READER_CARD_PRESENT; + + if (priv->reader_state.cbAtr > SC_MAX_ATR_SIZE) + return SC_ERROR_INTERNAL; + + /* Some cards have a different cold (after a powerup) and warm (after a reset) ATR */ + if (memcmp(priv->reader_state.rgbAtr, reader->atr.value, priv->reader_state.cbAtr) != 0) { + reader->atr.len = priv->reader_state.cbAtr; + memcpy(reader->atr.value, priv->reader_state.rgbAtr, reader->atr.len); } -#endif - /* If we aren't sure if the card state changed, check if - * the card handle is still valid. If the card changed, - * the handle will be invalid. */ - slot->flags &= ~SC_SLOT_CARD_CHANGED; - if (maybe_changed) { - if (old_flags & SC_SLOT_CARD_PRESENT) { - DWORD readers_len = 0, state, prot, atr_len = SC_MAX_ATR_SIZE; + + /* Is the reader in use by some other application ? */ + if (state & SCARD_STATE_INUSE) + reader->flags |= SC_READER_CARD_INUSE; + if (state & SCARD_STATE_EXCLUSIVE) + reader->flags |= SC_READER_CARD_EXCLUSIVE; + + if (old_flags & SC_READER_CARD_PRESENT) { + /* Requires pcsc-lite 1.6.5+ to function properly */ + if ((state & 0xFFFF0000) != (prev_state & 0xFFFF0000)) { + reader->flags |= SC_READER_CARD_CHANGED; + } else { + /* Check if the card handle is still valid. If the card changed, + * the handle will be invalid. */ + DWORD readers_len = 0, cstate, prot, atr_len = SC_MAX_ATR_SIZE; unsigned char atr[SC_MAX_ATR_SIZE]; - LONG rv = priv->gpriv->SCardStatus(pslot->pcsc_card, NULL, &readers_len, - &state, &prot, atr, &atr_len); + rv = priv->gpriv->SCardStatus(priv->pcsc_card, NULL, &readers_len, &cstate, &prot, atr, &atr_len); if (rv == (LONG)SCARD_W_REMOVED_CARD) - slot->flags |= SC_SLOT_CARD_CHANGED; + reader->flags |= SC_READER_CARD_CHANGED; } - else - slot->flags |= SC_SLOT_CARD_CHANGED; + } else { + reader->flags |= SC_READER_CARD_CHANGED; } } else { - slot->flags &= ~(SC_SLOT_CARD_PRESENT|SC_SLOT_CARD_CHANGED); - } - return 0; + reader->flags &= ~SC_READER_CARD_PRESENT; + if (old_flags & SC_READER_CARD_PRESENT) + reader->flags |= SC_READER_CARD_CHANGED; + } + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "card %s%s", + reader->flags & SC_READER_CARD_PRESENT ? "present" : "absent", + reader->flags & SC_READER_CARD_CHANGED ? ", changed": ""); + + return SC_SUCCESS; } -static int pcsc_detect_card_presence(sc_reader_t *reader, sc_slot_info_t *slot) +static int pcsc_detect_card_presence(sc_reader_t *reader) { int rv; + SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_NORMAL); - if ((rv = refresh_slot_attributes(reader, slot)) < 0) - return rv; - return slot->flags; + rv = refresh_attributes(reader); + if (rv != SC_SUCCESS) + SC_FUNC_RETURN(reader->ctx, SC_LOG_DEBUG_VERBOSE, rv); + SC_FUNC_RETURN(reader->ctx, SC_LOG_DEBUG_VERBOSE, reader->flags); } -/* Wait for an event to occur. - * This function ignores the list of slots, because with - * pcsc we have a 1:1 mapping of readers and slots anyway - */ -static int pcsc_wait_for_event(sc_reader_t **readers, - sc_slot_info_t **slots, - size_t nslots, - unsigned int event_mask, - int *reader, - unsigned int *event, int timeout) +static int check_forced_protocol(sc_context_t *ctx, struct sc_atr *atr, DWORD *protocol) { - struct pcsc_private_data *priv = GET_PRIV_DATA(readers[0]); - sc_context_t *ctx; - SCARDCONTEXT pcsc_ctx; - LONG ret; - SCARD_READERSTATE_A rgReaderStates[SC_MAX_READERS]; - unsigned long on_bits, off_bits; - time_t end_time, now, delta; - size_t i; - - /* Prevent buffer overflow */ - if (nslots >= SC_MAX_READERS) - return SC_ERROR_INVALID_ARGUMENTS; - - on_bits = off_bits = 0; - if (event_mask & SC_EVENT_CARD_INSERTED) { - event_mask &= ~SC_EVENT_CARD_INSERTED; - on_bits |= SCARD_STATE_PRESENT; - } - if (event_mask & SC_EVENT_CARD_REMOVED) { - event_mask &= ~SC_EVENT_CARD_REMOVED; - off_bits |= SCARD_STATE_PRESENT; - } - if (event_mask != 0) - return SC_ERROR_INVALID_ARGUMENTS; - - /* Find out the current status */ - ctx = readers[0]->ctx; - pcsc_ctx = priv->gpriv->pcsc_ctx; - for (i = 0; i < nslots; i++) { - struct pcsc_private_data *priv2 = GET_PRIV_DATA(readers[i]); - - rgReaderStates[i].szReader = priv2->reader_name; - rgReaderStates[i].dwCurrentState = SCARD_STATE_UNAWARE; - rgReaderStates[i].dwEventState = SCARD_STATE_UNAWARE; - - /* Can we handle readers from different PCSC contexts? */ - if (priv2->gpriv->pcsc_ctx != pcsc_ctx) - return SC_ERROR_INVALID_ARGUMENTS; - } - - ret = priv->gpriv->SCardGetStatusChange(pcsc_ctx, 0, rgReaderStates, nslots); - if (ret != SCARD_S_SUCCESS) { - PCSC_ERROR(ctx, "SCardGetStatusChange(1) failed", ret); - return pcsc_ret_to_error(ret); - } - - time(&now); - end_time = now + (timeout + 999) / 1000; - - /* Wait for a status change and return if it's a card insert/removal - */ - for( ; ; ) { - SCARD_READERSTATE_A *rsp; + scconf_block *atrblock = NULL; + int ok = 0; - /* Scan the current state of all readers to see if they - * match any of the events we're polling for */ - *event = 0; - for (i = 0, rsp = rgReaderStates; i < nslots; i++, rsp++) { - unsigned long state, prev_state; - - prev_state = rsp->dwCurrentState; - state = rsp->dwEventState; - if ((state & on_bits & SCARD_STATE_PRESENT) && - (prev_state & SCARD_STATE_EMPTY)) - *event |= SC_EVENT_CARD_INSERTED; - if ((~state & off_bits & SCARD_STATE_PRESENT) && - (prev_state & SCARD_STATE_PRESENT)) - *event |= SC_EVENT_CARD_REMOVED; - if (*event) { - *reader = i; - return SC_SUCCESS; - } - - /* No match - copy the state so pcscd knows - * what to watch out for */ - rsp->dwCurrentState = rsp->dwEventState; - } - - /* Set the timeout if caller wants to time out */ - if (timeout == 0) - return SC_ERROR_EVENT_TIMEOUT; - if (timeout > 0) { - time(&now); - if (now >= end_time) - return SC_ERROR_EVENT_TIMEOUT; - delta = end_time - now; - } else { - delta = 3600; - } + atrblock = _sc_match_atr_block(ctx, NULL, atr); + if (atrblock != NULL) { + const char *forcestr; - ret = priv->gpriv->SCardGetStatusChange(pcsc_ctx, 1000 * delta, - rgReaderStates, nslots); - if (ret == (LONG) SCARD_E_TIMEOUT) { - if (timeout < 0) - continue; - return SC_ERROR_EVENT_TIMEOUT; - } - if (ret != SCARD_S_SUCCESS) { - PCSC_ERROR(ctx, "SCardGetStatusChange(2) failed", ret); - return pcsc_ret_to_error(ret); + forcestr = scconf_get_str(atrblock, "force_protocol", "unknown"); + if (!strcmp(forcestr, "t0")) { + *protocol = SCARD_PROTOCOL_T0; + ok = 1; + } else if (!strcmp(forcestr, "t1")) { + *protocol = SCARD_PROTOCOL_T1; + ok = 1; + } else if (!strcmp(forcestr, "raw")) { + *protocol = SCARD_PROTOCOL_RAW; + ok = 1; } + if (ok) + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "force_protocol: %s", forcestr); } + return ok; } -static int pcsc_reconnect(sc_reader_t * reader, sc_slot_info_t * slot, int reset) + +static int pcsc_reconnect(sc_reader_t * reader, DWORD action) { - DWORD active_proto, protocol; + DWORD active_proto, tmp, protocol = SCARD_PROTOCOL_T0 | SCARD_PROTOCOL_T1; LONG rv; - struct pcsc_slot_data *pslot = GET_SLOT_DATA(slot); struct pcsc_private_data *priv = GET_PRIV_DATA(reader); int r; - sc_debug(reader->ctx, "Reconnecting to the card..."); + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "Reconnecting to the card..."); - r = refresh_slot_attributes(reader, slot); - if (r) + r = refresh_attributes(reader); + if (r!= SC_SUCCESS) return r; - if (!(slot->flags & SC_SLOT_CARD_PRESENT)) + + if (!(reader->flags & SC_READER_CARD_PRESENT)) return SC_ERROR_CARD_NOT_PRESENT; + /* Check if we need a specific protocol. refresh_attributes above already sets the ATR */ + if (check_forced_protocol(reader->ctx, &reader->atr, &tmp)) + protocol = tmp; + /* reconnect always unlocks transaction */ - pslot->locked = 0; - - rv = priv->gpriv->SCardReconnect(pslot->pcsc_card, - priv->gpriv->connect_exclusive ? SCARD_SHARE_EXCLUSIVE : SCARD_SHARE_SHARED, - SCARD_PROTOCOL_ANY, reset ? SCARD_UNPOWER_CARD : SCARD_LEAVE_CARD, &active_proto); + priv->locked = 0; - /* Check for protocol difference */ - if (rv == SCARD_S_SUCCESS && _sc_check_forced_protocol - (reader->ctx, slot->atr, slot->atr_len, - (unsigned int *)&protocol)) { - protocol = opensc_proto_to_pcsc(protocol); - if (pcsc_proto_to_opensc(active_proto) != protocol) { - rv = priv->gpriv->SCardReconnect(pslot->pcsc_card, - priv->gpriv->connect_exclusive ? SCARD_SHARE_EXCLUSIVE : SCARD_SHARE_SHARED, - protocol, SCARD_UNPOWER_CARD, &active_proto); - } - } + rv = priv->gpriv->SCardReconnect(priv->pcsc_card, + priv->gpriv->connect_exclusive ? SCARD_SHARE_EXCLUSIVE : SCARD_SHARE_SHARED, + protocol, action, &active_proto); if (rv != SCARD_S_SUCCESS) { - PCSC_ERROR(reader->ctx, "SCardReconnect failed", rv); - return rv; + PCSC_TRACE(reader, "SCardReconnect failed", rv); + return pcsc_to_opensc_error(rv); } - - slot->active_protocol = pcsc_proto_to_opensc(active_proto); - return rv; + + reader->active_protocol = pcsc_proto_to_opensc(active_proto); + return pcsc_to_opensc_error(rv); } -static int pcsc_connect(sc_reader_t *reader, sc_slot_info_t *slot) +static int pcsc_connect(sc_reader_t *reader) { - DWORD active_proto, protocol; + DWORD active_proto, tmp, protocol = SCARD_PROTOCOL_T0 | SCARD_PROTOCOL_T1; SCARDHANDLE card_handle; LONG rv; struct pcsc_private_data *priv = GET_PRIV_DATA(reader); - struct pcsc_slot_data *pslot = GET_SLOT_DATA(slot); int r; - u8 feature_buf[256], rbuf[SC_MAX_APDU_BUFFER_SIZE]; - size_t rcount; - DWORD i, feature_len, display_ioctl = 0; - PCSC_TLV_STRUCTURE *pcsc_tlv; - r = refresh_slot_attributes(reader, slot); - if (r) - return r; - if (!(slot->flags & SC_SLOT_CARD_PRESENT)) - return SC_ERROR_CARD_NOT_PRESENT; + SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_NORMAL); - /* Always connect with whatever protocol possible */ - rv = priv->gpriv->SCardConnect(priv->gpriv->pcsc_ctx, priv->reader_name, + r = refresh_attributes(reader); + if (r != SC_SUCCESS) + SC_FUNC_RETURN(reader->ctx, SC_LOG_DEBUG_VERBOSE, r); + + if (!(reader->flags & SC_READER_CARD_PRESENT)) + SC_FUNC_RETURN(reader->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_CARD_NOT_PRESENT); + + + rv = priv->gpriv->SCardConnect(priv->gpriv->pcsc_ctx, reader->name, priv->gpriv->connect_exclusive ? SCARD_SHARE_EXCLUSIVE : SCARD_SHARE_SHARED, - SCARD_PROTOCOL_ANY, &card_handle, &active_proto); + protocol, &card_handle, &active_proto); +#ifdef __APPLE__ + if (rv == (LONG)SCARD_E_SHARING_VIOLATION) { + sleep(1); /* Try again to compete with Tokend probes */ + rv = priv->gpriv->SCardConnect(priv->gpriv->pcsc_ctx, reader->name, + priv->gpriv->connect_exclusive ? SCARD_SHARE_EXCLUSIVE : SCARD_SHARE_SHARED, + protocol, &card_handle, &active_proto); + } +#endif if (rv != SCARD_S_SUCCESS) { - PCSC_ERROR(reader->ctx, "SCardConnect failed", rv); - return pcsc_ret_to_error(rv); + PCSC_TRACE(reader, "SCardConnect failed", rv); + return pcsc_to_opensc_error(rv); } - slot->active_protocol = pcsc_proto_to_opensc(active_proto); - pslot->pcsc_card = card_handle; - /* after connect reader is not locked yet */ - pslot->locked = 0; - sc_debug(reader->ctx, "After connect protocol = %d", slot->active_protocol); + reader->active_protocol = pcsc_proto_to_opensc(active_proto); + priv->pcsc_card = card_handle; - /* If we need a specific protocol, reconnect if needed */ - if (_sc_check_forced_protocol(reader->ctx, slot->atr, slot->atr_len, (unsigned int *) &protocol)) { - /* If current protocol differs from the protocol we want to force */ - if (slot->active_protocol != protocol) { - sc_debug(reader->ctx, "Protocol difference, forcing protocol (%d)", protocol); - /* Reconnect with a reset. pcsc_reconnect figures out the right forced protocol */ - rv = pcsc_reconnect(reader, slot, 1); - if (rv != SCARD_S_SUCCESS) { - PCSC_ERROR(reader->ctx, "SCardReconnect (to force protocol) failed", rv); - return pcsc_ret_to_error(rv); + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "Initial protocol: %s", reader->active_protocol == SC_PROTO_T1 ? "T=1" : "T=0"); + + /* Check if we need a specific protocol. refresh_attributes above already sets the ATR */ + if (check_forced_protocol(reader->ctx, &reader->atr, &tmp)) { + if (active_proto != tmp) { + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "Reconnecting to force protocol"); + r = pcsc_reconnect(reader, SCARD_UNPOWER_CARD); + if (r != SC_SUCCESS) { + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "pcsc_reconnect (to force protocol) failed", r); + return r; } - sc_debug(reader->ctx, "Proto after reconnect = %d", slot->active_protocol); } + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "Final protocol: %s", reader->active_protocol == SC_PROTO_T1 ? "T=1" : "T=0"); } - /* check for pinpad support */ - if (priv->gpriv->SCardControl != NULL) { - sc_debug(reader->ctx, "Requesting reader features ... "); - - rv = priv->gpriv->SCardControl(pslot->pcsc_card, CM_IOCTL_GET_FEATURE_REQUEST, NULL, - 0, feature_buf, sizeof(feature_buf), &feature_len); - if (rv != SCARD_S_SUCCESS) { - sc_debug(reader->ctx, "SCardControl failed %08x", rv); - } - else { - if ((feature_len % sizeof(PCSC_TLV_STRUCTURE)) != 0) { - sc_debug(reader->ctx, "Inconsistent TLV from reader!"); - } - else { - char *log_disabled = "but it's disabled in configuration file"; - /* get the number of elements instead of the complete size */ - feature_len /= sizeof(PCSC_TLV_STRUCTURE); - - pcsc_tlv = (PCSC_TLV_STRUCTURE *)feature_buf; - for (i = 0; i < feature_len; i++) { - if (pcsc_tlv[i].tag == FEATURE_VERIFY_PIN_DIRECT) { - pslot->verify_ioctl = ntohl(pcsc_tlv[i].value); - } else if (pcsc_tlv[i].tag == FEATURE_VERIFY_PIN_START) { - pslot->verify_ioctl_start = ntohl(pcsc_tlv[i].value); - } else if (pcsc_tlv[i].tag == FEATURE_VERIFY_PIN_FINISH) { - pslot->verify_ioctl_finish = ntohl(pcsc_tlv[i].value); - } else if (pcsc_tlv[i].tag == FEATURE_MODIFY_PIN_DIRECT) { - pslot->modify_ioctl = ntohl(pcsc_tlv[i].value); - } else if (pcsc_tlv[i].tag == FEATURE_MODIFY_PIN_START) { - pslot->modify_ioctl_start = ntohl(pcsc_tlv[i].value); - } else if (pcsc_tlv[i].tag == FEATURE_MODIFY_PIN_FINISH) { - pslot->modify_ioctl_finish = ntohl(pcsc_tlv[i].value); - } else if (pcsc_tlv[i].tag == FEATURE_IFD_PIN_PROPERTIES) { - display_ioctl = ntohl(pcsc_tlv[i].value); - } else { - sc_debug(reader->ctx, "Reader feature %02x is not supported", pcsc_tlv[i].tag); - } - } - - /* Set slot capabilities based on detected IOCTLs */ - if (pslot->verify_ioctl || (pslot->verify_ioctl_start && pslot->verify_ioctl_finish)) { - char *log_text = "Reader supports pinpad PIN verification"; - if (priv->gpriv->enable_pinpad) { - sc_debug(reader->ctx, log_text); - slot->capabilities |= SC_SLOT_CAP_PIN_PAD; - } else { - sc_debug(reader->ctx, "%s %s", log_text, log_disabled); - } - } - - if (pslot->modify_ioctl || (pslot->modify_ioctl_start && pslot->modify_ioctl_finish)) { - char *log_text = "Reader supports pinpad PIN modification"; - if (priv->gpriv->enable_pinpad) { - sc_debug(reader->ctx, log_text); - slot->capabilities |= SC_SLOT_CAP_PIN_PAD; - } else { - sc_debug(reader->ctx, "%s %s", log_text, log_disabled); - } - } + /* After connect reader is not locked yet */ + priv->locked = 0; - if (display_ioctl) { - rcount = sizeof(rbuf); - r = pcsc_internal_transmit(reader, slot, NULL, 0, rbuf, &rcount, display_ioctl); - if (r == SC_SUCCESS) { - if (rcount != sizeof(PIN_PROPERTIES_STRUCTURE)) { - PIN_PROPERTIES_STRUCTURE *caps = (PIN_PROPERTIES_STRUCTURE *)rbuf; - if (caps->wLcdLayout > 0) { - sc_debug(reader->ctx, "Reader has a display: %04X", caps->wLcdLayout); - slot->capabilities |= SC_SLOT_CAP_DISPLAY; - } else - sc_debug(reader->ctx, "Reader does not have a display."); - } else { - sc_debug(reader->ctx, "Returned PIN properties structure has bad length (%d)", rcount); - } - } - } - } - } - } return SC_SUCCESS; } -static int pcsc_disconnect(sc_reader_t * reader, sc_slot_info_t * slot) +static int pcsc_disconnect(sc_reader_t * reader) { - struct pcsc_slot_data *pslot = GET_SLOT_DATA(slot); struct pcsc_private_data *priv = GET_PRIV_DATA(reader); - priv->gpriv->SCardDisconnect(pslot->pcsc_card, priv->gpriv->connect_reset ? - SCARD_RESET_CARD : SCARD_LEAVE_CARD); - memset(pslot, 0, sizeof(*pslot)); - slot->flags = 0; + SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_NORMAL); + + priv->gpriv->SCardDisconnect(priv->pcsc_card, priv->gpriv->disconnect_action); + reader->flags = 0; return SC_SUCCESS; } -static int pcsc_lock(sc_reader_t *reader, sc_slot_info_t *slot) +static int pcsc_lock(sc_reader_t *reader) { - long rv; - struct pcsc_slot_data *pslot = GET_SLOT_DATA(slot); + LONG rv; + int r; struct pcsc_private_data *priv = GET_PRIV_DATA(reader); - SC_FUNC_CALLED(reader->ctx, 3); - assert(pslot != NULL); + SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_NORMAL); - rv = priv->gpriv->SCardBeginTransaction(pslot->pcsc_card); + rv = priv->gpriv->SCardBeginTransaction(priv->pcsc_card); switch (rv) { case SCARD_E_INVALID_HANDLE: case SCARD_E_READER_UNAVAILABLE: - rv = pcsc_connect(reader, slot); - if (rv != SCARD_S_SUCCESS) { - PCSC_ERROR(reader->ctx, "SCardConnect failed", rv); - return pcsc_ret_to_error(rv); + r = pcsc_connect(reader); + if (r != SC_SUCCESS) { + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "pcsc_connect failed", r); + return r; } /* return failure so that upper layers will be notified and try to lock again */ return SC_ERROR_READER_REATTACHED; case SCARD_W_RESET_CARD: /* try to reconnect if the card was reset by some other application */ - rv = pcsc_reconnect(reader, slot, 0); - if (rv != SCARD_S_SUCCESS) { - PCSC_ERROR(reader->ctx, "SCardReconnect failed", rv); - return pcsc_ret_to_error(rv); + r = pcsc_reconnect(reader, SCARD_LEAVE_CARD); + if (r != SC_SUCCESS) { + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "pcsc_reconnect failed", r); + return r; } /* return failure so that upper layers will be notified and try to lock again */ return SC_ERROR_CARD_RESET; case SCARD_S_SUCCESS: - pslot->locked = 1; + priv->locked = 1; return SC_SUCCESS; default: - PCSC_ERROR(reader->ctx, "SCardBeginTransaction failed", rv); - return pcsc_ret_to_error(rv); + PCSC_TRACE(reader, "SCardBeginTransaction failed", rv); + return pcsc_to_opensc_error(rv); } } -static int pcsc_unlock(sc_reader_t *reader, sc_slot_info_t *slot) +static int pcsc_unlock(sc_reader_t *reader) { - long rv; - struct pcsc_slot_data *pslot = GET_SLOT_DATA(slot); + LONG rv; struct pcsc_private_data *priv = GET_PRIV_DATA(reader); - SC_FUNC_CALLED(reader->ctx, 3); - assert(pslot != NULL); + SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_NORMAL); - rv = priv->gpriv->SCardEndTransaction(pslot->pcsc_card, priv->gpriv->transaction_reset ? - SCARD_RESET_CARD : SCARD_LEAVE_CARD); + rv = priv->gpriv->SCardEndTransaction(priv->pcsc_card, priv->gpriv->transaction_end_action); - pslot->locked = 0; + priv->locked = 0; if (rv != SCARD_S_SUCCESS) { - PCSC_ERROR(reader->ctx, "SCardEndTransaction failed", rv); - return pcsc_ret_to_error(rv); + PCSC_TRACE(reader, "SCardEndTransaction failed", rv); + return pcsc_to_opensc_error(rv); } return SC_SUCCESS; } @@ -703,32 +557,51 @@ { struct pcsc_private_data *priv = GET_PRIV_DATA(reader); - free(priv->reader_name); free(priv); - if (reader->slot[0].drv_data != NULL) { - free(reader->slot[0].drv_data); - reader->slot[0].drv_data = NULL; - } return SC_SUCCESS; } -static int pcsc_reset(sc_reader_t *reader, sc_slot_info_t *slot) +static int pcsc_reset(sc_reader_t *reader, int do_cold_reset) { + struct pcsc_private_data *priv = GET_PRIV_DATA(reader); int r; - struct pcsc_slot_data *pslot = GET_SLOT_DATA(slot); - int old_locked = pslot->locked; + int old_locked = priv->locked; - r = pcsc_reconnect(reader, slot, 1); - if(r != SCARD_S_SUCCESS) - return pcsc_ret_to_error(r); + r = pcsc_reconnect(reader, do_cold_reset ? SCARD_UNPOWER_CARD : SCARD_RESET_CARD); + if(r != SC_SUCCESS) + return r; /* pcsc_reconnect unlocks card... try to lock it again if it was locked */ if(old_locked) - r = pcsc_lock(reader, slot); - + r = pcsc_lock(reader); + return r; } - + + +static int pcsc_cancel(sc_context_t *ctx) +{ + LONG rv = SCARD_S_SUCCESS; + struct pcsc_global_private_data *gpriv = (struct pcsc_global_private_data *)ctx->reader_drv_data; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); +#ifndef _WIN32 + if (gpriv->pcsc_wait_ctx != -1) { + rv = gpriv->SCardCancel(gpriv->pcsc_wait_ctx); + if (rv == SCARD_S_SUCCESS) + /* Also close and clear the waiting context */ + rv = gpriv->SCardReleaseContext(gpriv->pcsc_wait_ctx); + } +#else + rv = gpriv->SCardCancel(gpriv->pcsc_ctx); +#endif + if (rv != SCARD_S_SUCCESS) { + PCSC_LOG(ctx, "SCardCancel/SCardReleaseContext failed", rv); + return pcsc_to_opensc_error(rv); + } + return SC_SUCCESS; +} + static struct sc_reader_operations pcsc_ops; static struct sc_reader_driver pcsc_drv = { @@ -738,80 +611,86 @@ 0, 0, NULL }; -static int pcsc_init(sc_context_t *ctx, void **reader_data) +static int pcsc_init(sc_context_t *ctx) { struct pcsc_global_private_data *gpriv; scconf_block *conf_block = NULL; int ret = SC_ERROR_INTERNAL; - *reader_data = NULL; - gpriv = (struct pcsc_global_private_data *) calloc(1, sizeof(struct pcsc_global_private_data)); + gpriv = calloc(1, sizeof(struct pcsc_global_private_data)); if (gpriv == NULL) { ret = SC_ERROR_OUT_OF_MEMORY; goto out; } /* Defaults */ - gpriv->connect_reset = 1; gpriv->connect_exclusive = 0; - gpriv->transaction_reset = 0; - gpriv->enable_pinpad = 0; + gpriv->disconnect_action = SCARD_RESET_CARD; + gpriv->transaction_end_action = SCARD_LEAVE_CARD; + gpriv->reconnect_action = SCARD_LEAVE_CARD; + gpriv->enable_pinpad = 1; gpriv->provider_library = DEFAULT_PCSC_PROVIDER; gpriv->pcsc_ctx = -1; - + gpriv->pcsc_wait_ctx = -1; + conf_block = sc_get_conf_block(ctx, "reader_driver", "pcsc", 1); if (conf_block) { - gpriv->connect_reset = - scconf_get_bool(conf_block, "connect_reset", gpriv->connect_reset); gpriv->connect_exclusive = scconf_get_bool(conf_block, "connect_exclusive", gpriv->connect_exclusive); - gpriv->transaction_reset = - scconf_get_bool(conf_block, "transaction_reset", gpriv->transaction_reset); + gpriv->disconnect_action = + pcsc_reset_action(scconf_get_str(conf_block, "disconnect_action", "reset")); + gpriv->transaction_end_action = + pcsc_reset_action(scconf_get_str(conf_block, "transaction_end_action", "leave")); + gpriv->reconnect_action = + pcsc_reset_action(scconf_get_str(conf_block, "reconnect_action", "leave")); gpriv->enable_pinpad = scconf_get_bool(conf_block, "enable_pinpad", gpriv->enable_pinpad); gpriv->provider_library = scconf_get_str(conf_block, "provider_library", gpriv->provider_library); } + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "PC/SC options: connect_exclusive=%d disconnect_action=%d transaction_end_action=%d reconnect_action=%d enable_pinpad=%d", + gpriv->connect_exclusive, gpriv->disconnect_action, gpriv->transaction_end_action, gpriv->reconnect_action, gpriv->enable_pinpad); - gpriv->dlhandle = lt_dlopen(gpriv->provider_library); + gpriv->dlhandle = sc_dlopen(gpriv->provider_library); if (gpriv->dlhandle == NULL) { ret = SC_ERROR_CANNOT_LOAD_MODULE; goto out; } - gpriv->SCardEstablishContext = (SCardEstablishContext_t)lt_dlsym(gpriv->dlhandle, "SCardEstablishContext"); - gpriv->SCardReleaseContext = (SCardReleaseContext_t)lt_dlsym(gpriv->dlhandle, "SCardReleaseContext"); - gpriv->SCardConnect = (SCardConnect_t)lt_dlsym(gpriv->dlhandle, "SCardConnect"); - gpriv->SCardReconnect = (SCardReconnect_t)lt_dlsym(gpriv->dlhandle, "SCardReconnect"); - gpriv->SCardDisconnect = (SCardDisconnect_t)lt_dlsym(gpriv->dlhandle, "SCardDisconnect"); - gpriv->SCardBeginTransaction = (SCardBeginTransaction_t)lt_dlsym(gpriv->dlhandle, "SCardBeginTransaction"); - gpriv->SCardEndTransaction = (SCardEndTransaction_t)lt_dlsym(gpriv->dlhandle, "SCardEndTransaction"); - gpriv->SCardStatus = (SCardStatus_t)lt_dlsym(gpriv->dlhandle, "SCardStatus"); - gpriv->SCardGetStatusChange = (SCardGetStatusChange_t)lt_dlsym(gpriv->dlhandle, "SCardGetStatusChange"); - gpriv->SCardTransmit = (SCardTransmit_t)lt_dlsym(gpriv->dlhandle, "SCardTransmit"); - gpriv->SCardListReaders = (SCardListReaders_t)lt_dlsym(gpriv->dlhandle, "SCardListReaders"); + gpriv->SCardEstablishContext = (SCardEstablishContext_t)sc_dlsym(gpriv->dlhandle, "SCardEstablishContext"); + gpriv->SCardReleaseContext = (SCardReleaseContext_t)sc_dlsym(gpriv->dlhandle, "SCardReleaseContext"); + gpriv->SCardConnect = (SCardConnect_t)sc_dlsym(gpriv->dlhandle, "SCardConnect"); + gpriv->SCardReconnect = (SCardReconnect_t)sc_dlsym(gpriv->dlhandle, "SCardReconnect"); + gpriv->SCardDisconnect = (SCardDisconnect_t)sc_dlsym(gpriv->dlhandle, "SCardDisconnect"); + gpriv->SCardBeginTransaction = (SCardBeginTransaction_t)sc_dlsym(gpriv->dlhandle, "SCardBeginTransaction"); + gpriv->SCardEndTransaction = (SCardEndTransaction_t)sc_dlsym(gpriv->dlhandle, "SCardEndTransaction"); + gpriv->SCardStatus = (SCardStatus_t)sc_dlsym(gpriv->dlhandle, "SCardStatus"); + gpriv->SCardGetStatusChange = (SCardGetStatusChange_t)sc_dlsym(gpriv->dlhandle, "SCardGetStatusChange"); + gpriv->SCardCancel = (SCardCancel_t)sc_dlsym(gpriv->dlhandle, "SCardCancel"); + gpriv->SCardTransmit = (SCardTransmit_t)sc_dlsym(gpriv->dlhandle, "SCardTransmit"); + gpriv->SCardListReaders = (SCardListReaders_t)sc_dlsym(gpriv->dlhandle, "SCardListReaders"); if (gpriv->SCardConnect == NULL) - gpriv->SCardConnect = (SCardConnect_t)lt_dlsym(gpriv->dlhandle, "SCardConnectA"); + gpriv->SCardConnect = (SCardConnect_t)sc_dlsym(gpriv->dlhandle, "SCardConnectA"); if (gpriv->SCardStatus == NULL) - gpriv->SCardStatus = (SCardStatus_t)lt_dlsym(gpriv->dlhandle, "SCardStatusA"); + gpriv->SCardStatus = (SCardStatus_t)sc_dlsym(gpriv->dlhandle, "SCardStatusA"); if (gpriv->SCardGetStatusChange == NULL) - gpriv->SCardGetStatusChange = (SCardGetStatusChange_t)lt_dlsym(gpriv->dlhandle, "SCardGetStatusChangeA"); + gpriv->SCardGetStatusChange = (SCardGetStatusChange_t)sc_dlsym(gpriv->dlhandle, "SCardGetStatusChangeA"); if (gpriv->SCardListReaders == NULL) - gpriv->SCardListReaders = (SCardListReaders_t)lt_dlsym(gpriv->dlhandle, "SCardListReadersA"); - + gpriv->SCardListReaders = (SCardListReaders_t)sc_dlsym(gpriv->dlhandle, "SCardListReadersA"); + /* If we have SCardGetAttrib it is correct API */ - if (lt_dlsym(gpriv->dlhandle, "SCardGetAttrib") != NULL) { + if (sc_dlsym(gpriv->dlhandle, "SCardGetAttrib") != NULL) { #ifdef __APPLE__ - gpriv->SCardControl = (SCardControl_t)lt_dlsym(gpriv->dlhandle, "SCardControl132"); + gpriv->SCardControl = (SCardControl_t)sc_dlsym(gpriv->dlhandle, "SCardControl132"); #endif if (gpriv->SCardControl == NULL) { - gpriv->SCardControl = (SCardControl_t)lt_dlsym(gpriv->dlhandle, "SCardControl"); + gpriv->SCardControl = (SCardControl_t)sc_dlsym(gpriv->dlhandle, "SCardControl"); } } else { - gpriv->SCardControlOLD = (SCardControlOLD_t)lt_dlsym(gpriv->dlhandle, "SCardControl"); + gpriv->SCardControlOLD = (SCardControlOLD_t)sc_dlsym(gpriv->dlhandle, "SCardControl"); } if ( @@ -823,6 +702,7 @@ gpriv->SCardEndTransaction == NULL || gpriv->SCardStatus == NULL || gpriv->SCardGetStatusChange == NULL || + gpriv->SCardCancel == NULL || (gpriv->SCardControl == NULL && gpriv->SCardControlOLD == NULL) || gpriv->SCardTransmit == NULL || gpriv->SCardListReaders == NULL @@ -831,52 +711,165 @@ goto out; } - *reader_data = gpriv; + ctx->reader_drv_data = gpriv; gpriv = NULL; ret = SC_SUCCESS; out: if (gpriv != NULL) { if (gpriv->dlhandle != NULL) - lt_dlclose(gpriv->dlhandle); + sc_dlclose(gpriv->dlhandle); free(gpriv); } return ret; } -static int pcsc_finish(sc_context_t *ctx, void *prv_data) +static int pcsc_finish(sc_context_t *ctx) { - struct pcsc_global_private_data *gpriv = (struct pcsc_global_private_data *) prv_data; + struct pcsc_global_private_data *gpriv = (struct pcsc_global_private_data *) ctx->reader_drv_data; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); if (gpriv) { if (gpriv->pcsc_ctx != -1) gpriv->SCardReleaseContext(gpriv->pcsc_ctx); if (gpriv->dlhandle != NULL) - lt_dlclose(gpriv->dlhandle); + sc_dlclose(gpriv->dlhandle); free(gpriv); } return SC_SUCCESS; } -static int pcsc_detect_readers(sc_context_t *ctx, void *prv_data) +static void detect_reader_features(sc_reader_t *reader, SCARDHANDLE card_handle) { + sc_context_t *ctx = reader->ctx; + struct pcsc_global_private_data *gpriv = (struct pcsc_global_private_data *) ctx->reader_drv_data; + struct pcsc_private_data *priv = GET_PRIV_DATA(reader); + u8 feature_buf[256], rbuf[SC_MAX_APDU_BUFFER_SIZE]; + DWORD rcount, feature_len, i; + PCSC_TLV_STRUCTURE *pcsc_tlv; + LONG rv; + const char *log_disabled = "but it's disabled in configuration file"; + const char *broken_readers[] = {"HP USB Smart Card Keyboard"}; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + + if (gpriv->SCardControl == NULL) + return; + + rv = gpriv->SCardControl(card_handle, CM_IOCTL_GET_FEATURE_REQUEST, NULL, 0, feature_buf, sizeof(feature_buf), &feature_len); + if (rv != (LONG)SCARD_S_SUCCESS) { + PCSC_TRACE(reader, "SCardControl failed", rv); + return; + } + + if ((feature_len % sizeof(PCSC_TLV_STRUCTURE)) != 0) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Inconsistent TLV from reader!"); + return; + } + + /* get the number of elements instead of the complete size */ + feature_len /= sizeof(PCSC_TLV_STRUCTURE); + + pcsc_tlv = (PCSC_TLV_STRUCTURE *)feature_buf; + for (i = 0; i < feature_len; i++) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Reader feature %02x found", pcsc_tlv[i].tag); + if (pcsc_tlv[i].tag == FEATURE_VERIFY_PIN_DIRECT) { + priv->verify_ioctl = ntohl(pcsc_tlv[i].value); + } else if (pcsc_tlv[i].tag == FEATURE_VERIFY_PIN_START) { + priv->verify_ioctl_start = ntohl(pcsc_tlv[i].value); + } else if (pcsc_tlv[i].tag == FEATURE_VERIFY_PIN_FINISH) { + priv->verify_ioctl_finish = ntohl(pcsc_tlv[i].value); + } else if (pcsc_tlv[i].tag == FEATURE_MODIFY_PIN_DIRECT) { + priv->modify_ioctl = ntohl(pcsc_tlv[i].value); + } else if (pcsc_tlv[i].tag == FEATURE_MODIFY_PIN_START) { + priv->modify_ioctl_start = ntohl(pcsc_tlv[i].value); + } else if (pcsc_tlv[i].tag == FEATURE_MODIFY_PIN_FINISH) { + priv->modify_ioctl_finish = ntohl(pcsc_tlv[i].value); + } else if (pcsc_tlv[i].tag == FEATURE_IFD_PIN_PROPERTIES) { + priv->pin_properties_ioctl = ntohl(pcsc_tlv[i].value); + } else { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Reader feature %02x is not supported", pcsc_tlv[i].tag); + } + } + + /* Set reader capabilities based on detected IOCTLs */ + if (priv->verify_ioctl || (priv->verify_ioctl_start && priv->verify_ioctl_finish)) { + const char *log_text = "Reader supports pinpad PIN verification"; + if (priv->gpriv->enable_pinpad) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, log_text); + reader->capabilities |= SC_READER_CAP_PIN_PAD; + } else { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "%s %s", log_text, log_disabled); + } + } + + if (priv->modify_ioctl || (priv->modify_ioctl_start && priv->modify_ioctl_finish)) { + const char *log_text = "Reader supports pinpad PIN modification"; + if (priv->gpriv->enable_pinpad) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, log_text); + reader->capabilities |= SC_READER_CAP_PIN_PAD; + } else { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "%s %s", log_text, log_disabled); + } + } + + /* Ignore advertised pinpad capability on readers known to be broken. Trac #340 */ + for (i = 0; i < sizeof(broken_readers)/sizeof(broken_readers[0]); i++) { + if (strstr(reader->name, broken_readers[i]) && (reader->capabilities & SC_READER_CAP_PIN_PAD)) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "%s has a broken pinpad, ignoring", reader->name); + reader->capabilities &= ~SC_READER_CAP_PIN_PAD; + } + } + + /* Detect display */ + if (priv->pin_properties_ioctl) { + rcount = sizeof(rbuf); + rv = gpriv->SCardControl(card_handle, priv->pin_properties_ioctl, NULL, 0, rbuf, sizeof(rbuf), &rcount); + if (rv == SCARD_S_SUCCESS) { +#ifdef PIN_PROPERTIES_v5 + if (rcount == sizeof(PIN_PROPERTIES_STRUCTURE_v5)) { + PIN_PROPERTIES_STRUCTURE_v5 *caps = (PIN_PROPERTIES_STRUCTURE_v5 *)rbuf; + if (caps->wLcdLayout > 0) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Reader has a display: %04X", caps->wLcdLayout); + reader->capabilities |= SC_READER_CAP_DISPLAY; + } else + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Reader does not have a display."); + } +#endif + if (rcount == sizeof(PIN_PROPERTIES_STRUCTURE)) { + PIN_PROPERTIES_STRUCTURE *caps = (PIN_PROPERTIES_STRUCTURE *)rbuf; + if (caps->wLcdLayout > 0) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Reader has a display: %04X", caps->wLcdLayout); + reader->capabilities |= SC_READER_CAP_DISPLAY; + } else + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Reader does not have a display."); + } else + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Returned PIN properties structure has bad length (%d/%d)", rcount, sizeof(PIN_PROPERTIES_STRUCTURE)); + } + } +} + +static int pcsc_detect_readers(sc_context_t *ctx) { - struct pcsc_global_private_data *gpriv = (struct pcsc_global_private_data *) prv_data; + struct pcsc_global_private_data *gpriv = (struct pcsc_global_private_data *) ctx->reader_drv_data; + DWORD active_proto, reader_buf_size; + SCARDHANDLE card_handle; LONG rv; - DWORD reader_buf_size; char *reader_buf = NULL, *reader_name; const char *mszGroups = NULL; int ret = SC_ERROR_INTERNAL; - SC_FUNC_CALLED(ctx, 3); + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); if (!gpriv) { + /* FIXME: this is not the correct error */ ret = SC_ERROR_NO_READERS_FOUND; goto out; } - sc_debug(ctx, "Probing pcsc readers"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Probing pcsc readers"); do { if (gpriv->pcsc_ctx == -1) { @@ -892,19 +885,19 @@ (LPDWORD) &reader_buf_size); } if (rv != SCARD_S_SUCCESS) { - if (rv != SCARD_E_INVALID_HANDLE) { - PCSC_ERROR(ctx, "SCardListReaders failed", rv); - ret = pcsc_ret_to_error(rv); + if (rv != (LONG)SCARD_E_INVALID_HANDLE) { + PCSC_LOG(ctx, "SCardListReaders failed", rv); + ret = pcsc_to_opensc_error(rv); goto out; } - sc_debug(ctx, "Establish pcsc context"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Establish pcsc context"); rv = gpriv->SCardEstablishContext(SCARD_SCOPE_USER, NULL, NULL, &gpriv->pcsc_ctx); if (rv != SCARD_S_SUCCESS) { - PCSC_ERROR(ctx, "SCardEstablishContext failed", rv); - ret = pcsc_ret_to_error(rv); + PCSC_LOG(ctx, "SCardEstablishContext failed", rv); + ret = pcsc_to_opensc_error(rv); goto out; } @@ -912,7 +905,7 @@ } } while (rv != SCARD_S_SUCCESS); - reader_buf = (char *) malloc(sizeof(char) * reader_buf_size); + reader_buf = malloc(sizeof(char) * reader_buf_size); if (!reader_buf) { ret = SC_ERROR_OUT_OF_MEMORY; goto out; @@ -920,25 +913,23 @@ rv = gpriv->SCardListReaders(gpriv->pcsc_ctx, mszGroups, reader_buf, (LPDWORD) &reader_buf_size); if (rv != SCARD_S_SUCCESS) { - PCSC_ERROR(ctx, "SCardListReaders failed", rv); - ret = pcsc_ret_to_error(rv); + PCSC_LOG(ctx, "SCardListReaders failed", rv); + ret = pcsc_to_opensc_error(rv); goto out; } - for (reader_name = reader_buf; *reader_name != '\x0'; reader_name += strlen (reader_name) + 1) { + for (reader_name = reader_buf; *reader_name != '\x0'; reader_name += strlen(reader_name) + 1) { sc_reader_t *reader = NULL; struct pcsc_private_data *priv = NULL; - struct pcsc_slot_data *pslot = NULL; - sc_slot_info_t *slot = NULL; unsigned int i; int found = 0; - for (i=0;i < sc_ctx_get_reader_count (ctx) && !found;i++) { - sc_reader_t *reader2 = sc_ctx_get_reader (ctx, i); + for (i=0;i < sc_ctx_get_reader_count(ctx) && !found;i++) { + sc_reader_t *reader2 = sc_ctx_get_reader(ctx, i); if (reader2 == NULL) { ret = SC_ERROR_INTERNAL; goto err1; } - if (reader2->ops == &pcsc_ops && !strcmp (reader2->name, reader_name)) { + if (!strcmp(reader2->name, reader_name)) { found = 1; } } @@ -948,17 +939,13 @@ continue; } - sc_debug(ctx, "Found new pcsc reader '%s'", reader_name); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Found new pcsc reader '%s'", reader_name); - if ((reader = (sc_reader_t *) calloc(1, sizeof(sc_reader_t))) == NULL) { - ret = SC_ERROR_OUT_OF_MEMORY; - goto err1; - } - if ((priv = (struct pcsc_private_data *) malloc(sizeof(struct pcsc_private_data))) == NULL) { + if ((reader = calloc(1, sizeof(sc_reader_t))) == NULL) { ret = SC_ERROR_OUT_OF_MEMORY; goto err1; } - if ((pslot = (struct pcsc_slot_data *) malloc(sizeof(struct pcsc_slot_data))) == NULL) { + if ((priv = calloc(1, sizeof(struct pcsc_private_data))) == NULL) { ret = SC_ERROR_OUT_OF_MEMORY; goto err1; } @@ -966,32 +953,50 @@ reader->drv_data = priv; reader->ops = &pcsc_ops; reader->driver = &pcsc_drv; - reader->slot_count = 1; if ((reader->name = strdup(reader_name)) == NULL) { ret = SC_ERROR_OUT_OF_MEMORY; goto err1; } priv->gpriv = gpriv; - if ((priv->reader_name = strdup(reader_name)) == NULL) { - ret = SC_ERROR_OUT_OF_MEMORY; - goto err1; - } - slot = &reader->slot[0]; - memset(slot, 0, sizeof(*slot)); - slot->drv_data = pslot; - memset(pslot, 0, sizeof(*pslot)); if (_sc_add_reader(ctx, reader)) { ret = SC_SUCCESS; /* silent ignore */ goto err1; } - refresh_slot_attributes(reader, slot); + + refresh_attributes(reader); + + /* check for pinpad support early, to allow opensc-tool -l display accurate information */ + if (gpriv->SCardControl != NULL) { + if (priv->reader_state.dwEventState & SCARD_STATE_EXCLUSIVE) + continue; + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Requesting reader features ... "); + rv = SCARD_E_SHARING_VIOLATION; + /* Use DIRECT mode only if there is no card in the reader */ + if (!(reader->flags & SC_READER_CARD_PRESENT)) { +#ifndef _WIN32 /* Apple 10.5.7 and pcsc-lite previous to v1.5.5 do not support 0 as protocol identifier */ + rv = gpriv->SCardConnect(gpriv->pcsc_ctx, reader->name, SCARD_SHARE_DIRECT, SCARD_PROTOCOL_T0|SCARD_PROTOCOL_T1, &card_handle, &active_proto); +#else + rv = gpriv->SCardConnect(gpriv->pcsc_ctx, reader->name, SCARD_SHARE_DIRECT, 0, &card_handle, &active_proto); +#endif + PCSC_TRACE(reader, "SCardConnect(DIRECT)", rv); + } + if (rv == (LONG)SCARD_E_SHARING_VIOLATION) { /* Assume that there is a card in the reader in shared mode if direct communcation failed */ + rv = gpriv->SCardConnect(gpriv->pcsc_ctx, reader->name, SCARD_SHARE_SHARED, SCARD_PROTOCOL_T0|SCARD_PROTOCOL_T1, &card_handle, &active_proto); + PCSC_TRACE(reader, "SCardConnect(SHARED)", rv); + } + + if (rv == SCARD_S_SUCCESS) { + detect_reader_features(reader, card_handle); + gpriv->SCardDisconnect(card_handle, SCARD_LEAVE_CARD); + } + } + continue; - + err1: if (priv != NULL) { - if (priv->reader_name) - free(priv->reader_name); free(priv); } if (reader != NULL) { @@ -999,9 +1004,6 @@ free(reader->name); free(reader); } - if (slot != NULL) - free(pslot); - goto out; } @@ -1012,67 +1014,223 @@ if (reader_buf != NULL) free (reader_buf); - SC_FUNC_RETURN(ctx, 3, ret); -} - -static int -pcsc_pin_cmd(sc_reader_t *reader, sc_slot_info_t * slot, struct sc_pin_cmd_data *data) -{ - if (slot->capabilities & SC_SLOT_CAP_PIN_PAD) { - return part10_pin_cmd(reader, slot, data); - } else { - /* XXX: probably dead code */ - return ctbcs_pin_cmd(reader, slot, data); - } + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, ret); } -struct sc_reader_driver * sc_get_pcsc_driver(void) -{ - pcsc_ops.init = pcsc_init; - pcsc_ops.finish = pcsc_finish; - pcsc_ops.detect_readers = pcsc_detect_readers; - pcsc_ops.transmit = pcsc_transmit; - pcsc_ops.detect_card_presence = pcsc_detect_card_presence; - pcsc_ops.lock = pcsc_lock; - pcsc_ops.unlock = pcsc_unlock; - pcsc_ops.release = pcsc_release; - pcsc_ops.connect = pcsc_connect; - pcsc_ops.disconnect = pcsc_disconnect; - pcsc_ops.perform_verify = pcsc_pin_cmd; - pcsc_ops.wait_for_event = pcsc_wait_for_event; - pcsc_ops.reset = pcsc_reset; - - return &pcsc_drv; -} -/* - * Pinpad support, based on PC/SC v2 Part 10 interface - * Similar to CCID in spirit. +/* Wait for an event to occur. */ +static int pcsc_wait_for_event(sc_context_t *ctx, unsigned int event_mask, sc_reader_t **event_reader, unsigned int *event, + int timeout, void **reader_states) +{ + struct pcsc_global_private_data *gpriv = (struct pcsc_global_private_data *)ctx->reader_drv_data; + LONG rv; + SCARD_READERSTATE *rgReaderStates; + size_t i; + unsigned int num_watch; + int r = SC_ERROR_INTERNAL; -/* Local definitions */ -#define SC_CCID_PIN_TIMEOUT 30 - -/* CCID definitions */ -#define SC_CCID_PIN_ENCODING_BIN 0x00 -#define SC_CCID_PIN_ENCODING_BCD 0x01 -#define SC_CCID_PIN_ENCODING_ASCII 0x02 - -#define SC_CCID_PIN_UNITS_BYTES 0x80 + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); -/* Build a PIN verification block + APDU */ -static int part10_build_verify_pin_block(u8 * buf, size_t * size, sc_slot_info_t *slot, struct sc_pin_cmd_data *data) + if (!event_reader && !event && reader_states) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "free allocated reader states"); + free(*reader_states); + *reader_states = NULL; + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_SUCCESS); + } + + if (reader_states == NULL || *reader_states == NULL) { + rgReaderStates = calloc(sc_ctx_get_reader_count(ctx) + 2, sizeof(SCARD_READERSTATE)); + if (!rgReaderStates) + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); + + /* Find out the current status */ + num_watch = sc_ctx_get_reader_count(ctx); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Trying to watch %d readers", num_watch); + for (i = 0; i < num_watch; i++) { + rgReaderStates[i].szReader = sc_ctx_get_reader(ctx, i)->name; + rgReaderStates[i].dwCurrentState = SCARD_STATE_UNAWARE; + rgReaderStates[i].dwEventState = SCARD_STATE_UNAWARE; + } +#ifndef __APPLE__ /* OS X 10.6.2 does not support PnP notification */ + if (event_mask & SC_EVENT_READER_ATTACHED) { + rgReaderStates[i].szReader = "\\\\?PnP?\\Notification"; + rgReaderStates[i].dwCurrentState = SCARD_STATE_UNAWARE; + rgReaderStates[i].dwEventState = SCARD_STATE_UNAWARE; + num_watch++; + } +#endif + } + else { + rgReaderStates = (SCARD_READERSTATE *)(*reader_states); + for (num_watch = 0; rgReaderStates[num_watch].szReader; num_watch++) + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "re-use reader '%s'", rgReaderStates[num_watch].szReader); + } +#ifndef _WIN32 + /* Establish a new context, assuming that it is called from a different thread with pcsc-lite */ + if (gpriv->pcsc_wait_ctx == -1) { + rv = gpriv->SCardEstablishContext(SCARD_SCOPE_USER, NULL, NULL, &gpriv->pcsc_wait_ctx); + if (rv != SCARD_S_SUCCESS) { + PCSC_LOG(ctx, "SCardEstablishContext(wait) failed", rv); + r = pcsc_to_opensc_error(rv); + goto out; + } + } +#else + gpriv->pcsc_wait_ctx = gpriv->pcsc_ctx; +#endif + if (!event_reader || !event) + { + r = SC_ERROR_INTERNAL; + goto out; + } + + if (num_watch == 0) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "No readers available, PnP notification not supported"); + *event_reader = NULL; + r = SC_ERROR_NO_READERS_FOUND; + goto out; + } + + rv = gpriv->SCardGetStatusChange(gpriv->pcsc_wait_ctx, 0, rgReaderStates, num_watch); + if (rv != SCARD_S_SUCCESS) { + if (rv != (LONG)SCARD_E_TIMEOUT) { + PCSC_LOG(ctx, "SCardGetStatusChange(1) failed", rv); + r = pcsc_to_opensc_error(rv); + goto out; + } + } + + /* Wait for a status change + */ + for( ; ; ) { + SCARD_READERSTATE *rsp; + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Looping..."); + + /* Scan the current state of all readers to see if they + * match any of the events we're polling for */ + *event = 0; + for (i = 0, rsp = rgReaderStates; i < num_watch; i++, rsp++) { + DWORD state, prev_state; + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "'%s' before=0x%08X now=0x%08X", rsp->szReader, + rsp->dwCurrentState, rsp->dwEventState); + prev_state = rsp->dwCurrentState; + state = rsp->dwEventState; + rsp->dwCurrentState = rsp->dwEventState; + if (state & SCARD_STATE_CHANGED) { + + /* check for hotplug events */ + if (!strcmp(rgReaderStates[i].szReader, "\\\\?PnP?\\Notification")) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "detected hotplug event"); + *event |= SC_EVENT_READER_ATTACHED; + *event_reader = NULL; + } + + if ((state & SCARD_STATE_PRESENT) && !(prev_state & SCARD_STATE_PRESENT)) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "card inserted event"); + *event |= SC_EVENT_CARD_INSERTED; + } + + if ((prev_state & SCARD_STATE_PRESENT) && !(state & SCARD_STATE_PRESENT)) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "card removed event"); + *event |= SC_EVENT_CARD_REMOVED; + } + + if ((state & SCARD_STATE_UNKNOWN) && !(prev_state & SCARD_STATE_UNKNOWN)) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "reader detached event"); + *event |= SC_EVENT_READER_DETACHED; + } + + if ((prev_state & SCARD_STATE_UNKNOWN) && !(state & SCARD_STATE_UNKNOWN)) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "reader re-attached event"); + *event |= SC_EVENT_READER_ATTACHED; + } + + if (*event & event_mask) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Matching event 0x%02X in reader %s", *event, rsp->szReader); + *event_reader = sc_ctx_get_reader_by_name(ctx, rsp->szReader); + r = SC_SUCCESS; + goto out; + } + + } + + /* No match - copy the state so pcscd knows + * what to watch out for */ + /* rsp->dwCurrentState = rsp->dwEventState; */ + } + + if (timeout == 0) { + r = SC_ERROR_EVENT_TIMEOUT; + goto out; + } + + /* Set the timeout if caller wants to time out */ + if (timeout == -1) { + timeout = INFINITE; + } + + rv = gpriv->SCardGetStatusChange(gpriv->pcsc_wait_ctx, timeout, rgReaderStates, num_watch); + + if (rv == (LONG) SCARD_E_CANCELLED) { + /* C_Finalize was called, events don't matter */ + r = SC_ERROR_EVENT_TIMEOUT; + goto out; + } + + if (rv == (LONG) SCARD_E_TIMEOUT) { + r = SC_ERROR_EVENT_TIMEOUT; + goto out; + } + + if (rv != SCARD_S_SUCCESS) { + PCSC_LOG(ctx, "SCardGetStatusChange(2) failed", rv); + r = pcsc_to_opensc_error(rv); + goto out; + } + } +out: + if (!reader_states) { + free(rgReaderStates); + } + else if (*reader_states == NULL) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "return allocated 'reader states'"); + *reader_states = rgReaderStates; + } + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); +} + + + +/* + * Pinpad support, based on PC/SC v2 Part 10 interface + * Similar to CCID in spirit. + */ + +/* Local definitions */ +#define SC_CCID_PIN_TIMEOUT 30 + +/* CCID definitions */ +#define SC_CCID_PIN_ENCODING_BIN 0x00 +#define SC_CCID_PIN_ENCODING_BCD 0x01 +#define SC_CCID_PIN_ENCODING_ASCII 0x02 + +#define SC_CCID_PIN_UNITS_BYTES 0x80 + +/* Build a PIN verification block + APDU */ +static int part10_build_verify_pin_block(struct sc_reader *reader, u8 * buf, size_t * size, struct sc_pin_cmd_data *data) { int offset = 0, count = 0; sc_apdu_t *apdu = data->apdu; u8 tmp; unsigned int tmp16; PIN_VERIFY_STRUCTURE *pin_verify = (PIN_VERIFY_STRUCTURE *)buf; - + /* PIN verification control message */ pin_verify->bTimerOut = SC_CCID_PIN_TIMEOUT; pin_verify->bTimerOut2 = SC_CCID_PIN_TIMEOUT; - + /* bmFormatString */ tmp = 0x00; if (data->pin1.encoding == SC_PIN_ENCODING_ASCII) { @@ -1100,7 +1258,7 @@ if (data->pin1.encoding == SC_PIN_ENCODING_GLP) { /* GLP PIN length is encoded in 4 bits and block size is always 8 bytes */ tmp |= 0x40 | 0x08; - } else if (data->pin1.encoding == SC_PIN_ENCODING_ASCII && data->pin1.pad_length) { + } else if (data->pin1.encoding == SC_PIN_ENCODING_ASCII && data->flags & SC_PIN_CMD_NEED_PADDING) { tmp |= data->pin1.pad_length; } pin_verify->bmPINBlockString = tmp; @@ -1118,10 +1276,10 @@ tmp16 = (data->pin1.min_length << 8 ) + data->pin1.max_length; pin_verify->wPINMaxExtraDigit = HOST_TO_CCID_16(tmp16); /* Min Max */ - + pin_verify->bEntryValidationCondition = 0x02; /* Keypress only */ - if (slot->capabilities & SC_SLOT_CAP_DISPLAY) + if (reader->capabilities & SC_READER_CAP_DISPLAY) pin_verify->bNumberMessage = 0xFF; /* Default message */ else pin_verify->bNumberMessage = 0x00; /* No messages */ @@ -1147,7 +1305,7 @@ } pin_verify->ulDataLength = HOST_TO_CCID_32(offset); /* APDU size */ - + count = sizeof(PIN_VERIFY_STRUCTURE) + offset -1; *size = count; return SC_SUCCESS; @@ -1156,7 +1314,7 @@ /* Build a PIN modification block + APDU */ -static int part10_build_modify_pin_block(u8 * buf, size_t * size, sc_slot_info_t *slot, struct sc_pin_cmd_data *data) +static int part10_build_modify_pin_block(struct sc_reader *reader, u8 * buf, size_t * size, struct sc_pin_cmd_data *data) { int offset = 0, count = 0; sc_apdu_t *apdu = data->apdu; @@ -1219,15 +1377,24 @@ if (!data->pin1.min_length || !data->pin1.max_length) return SC_ERROR_INVALID_ARGUMENTS; - + tmp16 = (data->pin1.min_length << 8 ) + data->pin1.max_length; pin_modify->wPINMaxExtraDigit = HOST_TO_CCID_16(tmp16); /* Min Max */ - pin_modify->bConfirmPIN = 0x03; /* bConfirmPIN, all */ + /* bConfirmPIN flags + * 0x01: New Pin, Confirm Pin + * 0x03: Enter Old Pin, New Pin, Confirm Pin + */ + pin_modify->bConfirmPIN = data->flags & SC_PIN_CMD_IMPLICIT_CHANGE ? 0x01 : 0x03; pin_modify->bEntryValidationCondition = 0x02; /* bEntryValidationCondition, keypress only */ - - if (slot->capabilities & SC_SLOT_CAP_DISPLAY) - pin_modify->bNumberMessage = 0x03; /* 3 messages (because bConfirmPIN = 3), all default. Could be 0xFF too */ + + /* bNumberMessage flags + * 0x02: Messages seen on Pinpad display: New Pin, Confirm Pin + * 0x03: Messages seen on Pinpad display: Enter Old Pin, New Pin, Confirm Pin + * Could be 0xFF too. + */ + if (reader->capabilities & SC_READER_CAP_DISPLAY) + pin_modify->bNumberMessage = data->flags & SC_PIN_CMD_IMPLICIT_CHANGE ? 0x02 : 0x03; else pin_modify->bNumberMessage = 0x00; /* No messages */ @@ -1254,7 +1421,7 @@ } pin_modify->ulDataLength = HOST_TO_CCID_32(offset); /* APDU size */ - + count = sizeof(PIN_MODIFY_STRUCTURE) + offset -1; *size = count; return SC_SUCCESS; @@ -1262,8 +1429,7 @@ /* Do the PIN command */ static int -part10_pin_cmd(sc_reader_t *reader, sc_slot_info_t *slot, - struct sc_pin_cmd_data *data) +pcsc_pin_cmd(sc_reader_t *reader, struct sc_pin_cmd_data *data) { struct pcsc_private_data *priv = GET_PRIV_DATA(reader); u8 rbuf[SC_MAX_APDU_BUFFER_SIZE], sbuf[SC_MAX_APDU_BUFFER_SIZE]; @@ -1272,69 +1438,67 @@ int r; DWORD ioctl = 0; sc_apdu_t *apdu; - struct pcsc_slot_data *pslot = (struct pcsc_slot_data *) slot->drv_data; - SC_FUNC_CALLED(reader->ctx, 3); - assert(pslot != NULL); + SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_NORMAL); if (priv->gpriv->SCardControl == NULL) return SC_ERROR_NOT_SUPPORTED; /* The APDU must be provided by the card driver */ if (!data->apdu) { - sc_error(reader->ctx, "No APDU provided for PC/SC v2 pinpad verification!"); + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "No APDU provided for PC/SC v2 pinpad verification!"); return SC_ERROR_NOT_SUPPORTED; } apdu = data->apdu; switch (data->cmd) { case SC_PIN_CMD_VERIFY: - if (!(pslot->verify_ioctl || (pslot->verify_ioctl_start && pslot->verify_ioctl_finish))) { - sc_error(reader->ctx, "Pinpad reader does not support verification!"); + if (!(priv->verify_ioctl || (priv->verify_ioctl_start && priv->verify_ioctl_finish))) { + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "Pinpad reader does not support verification!"); return SC_ERROR_NOT_SUPPORTED; } - r = part10_build_verify_pin_block(sbuf, &scount, slot, data); - ioctl = pslot->verify_ioctl ? pslot->verify_ioctl : pslot->verify_ioctl_start; + r = part10_build_verify_pin_block(reader, sbuf, &scount, data); + ioctl = priv->verify_ioctl ? priv->verify_ioctl : priv->verify_ioctl_start; break; case SC_PIN_CMD_CHANGE: case SC_PIN_CMD_UNBLOCK: - if (!(pslot->modify_ioctl || (pslot->modify_ioctl_start && pslot->modify_ioctl_finish))) { - sc_error(reader->ctx, "Pinpad reader does not support modification!"); + if (!(priv->modify_ioctl || (priv->modify_ioctl_start && priv->modify_ioctl_finish))) { + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "Pinpad reader does not support modification!"); return SC_ERROR_NOT_SUPPORTED; } - r = part10_build_modify_pin_block(sbuf, &scount, slot, data); - ioctl = pslot->modify_ioctl ? pslot->modify_ioctl : pslot->modify_ioctl_start; + r = part10_build_modify_pin_block(reader, sbuf, &scount, data); + ioctl = priv->modify_ioctl ? priv->modify_ioctl : priv->modify_ioctl_start; break; default: - sc_error(reader->ctx, "Unknown PIN command %d", data->cmd); + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "Unknown PIN command %d", data->cmd); return SC_ERROR_NOT_SUPPORTED; } /* If PIN block building failed, we fail too */ - SC_TEST_RET(reader->ctx, r, "PC/SC v2 pinpad block building failed!"); + SC_TEST_RET(reader->ctx, SC_LOG_DEBUG_NORMAL, r, "PC/SC v2 pinpad block building failed!"); /* If not, debug it, just for fun */ sc_bin_to_hex(sbuf, scount, dbuf, sizeof(dbuf), ':'); - sc_debug(reader->ctx, "PC/SC v2 pinpad block: %s", dbuf); + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "PC/SC v2 pinpad block: %s", dbuf); - r = pcsc_internal_transmit(reader, slot, sbuf, scount, rbuf, &rcount, ioctl); + r = pcsc_internal_transmit(reader, sbuf, scount, rbuf, &rcount, ioctl); - SC_TEST_RET(reader->ctx, r, "PC/SC v2 pinpad: block transmit failed!"); + SC_TEST_RET(reader->ctx, SC_LOG_DEBUG_NORMAL, r, "PC/SC v2 pinpad: block transmit failed!"); /* finish the call if it was a two-phase operation */ - if ((ioctl == pslot->verify_ioctl_start) - || (ioctl == pslot->modify_ioctl_start)) { + if ((ioctl == priv->verify_ioctl_start) + || (ioctl == priv->modify_ioctl_start)) { if (rcount != 0) { - SC_FUNC_RETURN(reader->ctx, 2, SC_ERROR_UNKNOWN_DATA_RECEIVED); + SC_FUNC_RETURN(reader->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_UNKNOWN_DATA_RECEIVED); } - ioctl = (ioctl == pslot->verify_ioctl_start) ? pslot->verify_ioctl_finish : pslot->modify_ioctl_finish; + ioctl = (ioctl == priv->verify_ioctl_start) ? priv->verify_ioctl_finish : priv->modify_ioctl_finish; rcount = sizeof(rbuf); - r = pcsc_internal_transmit(reader, slot, sbuf, 0, rbuf, &rcount, ioctl); - SC_TEST_RET(reader->ctx, r, "PC/SC v2 pinpad: finish operation failed!"); + r = pcsc_internal_transmit(reader, sbuf, 0, rbuf, &rcount, ioctl); + SC_TEST_RET(reader->ctx, SC_LOG_DEBUG_NORMAL, r, "PC/SC v2 pinpad: finish operation failed!"); } /* We expect only two bytes of result data (SW1 and SW2) */ if (rcount != 2) { - SC_FUNC_RETURN(reader->ctx, 2, SC_ERROR_UNKNOWN_DATA_RECEIVED); + SC_FUNC_RETURN(reader->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_UNKNOWN_DATA_RECEIVED); } /* Extract the SWs for the result APDU */ @@ -1352,15 +1516,419 @@ case 0x6402: /* PINs don't match */ r = SC_ERROR_KEYPAD_PIN_MISMATCH; break; + case 0x6403: /* Entered PIN is not in length limits */ + r = SC_ERROR_INVALID_PIN_LENGTH; /* XXX: designed to be returned when PIN is in API call */ + break; case 0x6B80: /* Wrong data in the buffer, rejected by firmware */ r = SC_ERROR_READER; break; } - SC_TEST_RET(reader->ctx, r, "PIN command failed"); + SC_TEST_RET(reader->ctx, SC_LOG_DEBUG_NORMAL, r, "PIN command failed"); /* PIN command completed, all is good */ return SC_SUCCESS; } -#endif /* HAVE_PCSC */ + +struct sc_reader_driver * sc_get_pcsc_driver(void) +{ + pcsc_ops.init = pcsc_init; + pcsc_ops.finish = pcsc_finish; + pcsc_ops.detect_readers = pcsc_detect_readers; + pcsc_ops.transmit = pcsc_transmit; + pcsc_ops.detect_card_presence = pcsc_detect_card_presence; + pcsc_ops.lock = pcsc_lock; + pcsc_ops.unlock = pcsc_unlock; + pcsc_ops.release = pcsc_release; + pcsc_ops.connect = pcsc_connect; + pcsc_ops.disconnect = pcsc_disconnect; + pcsc_ops.perform_verify = pcsc_pin_cmd; + pcsc_ops.wait_for_event = pcsc_wait_for_event; + pcsc_ops.cancel = pcsc_cancel; + pcsc_ops.reset = pcsc_reset; + pcsc_ops.use_reader = NULL; + + return &pcsc_drv; +} + +#ifdef ENABLE_MINIDRIVER + +#define SCARD_CLASS_SYSTEM 0x7fff +#define SCARD_ATTR_VALUE(Class, Tag) ((((ULONG)(Class)) << 16) | ((ULONG)(Tag))) +#define SCARD_ATTR_DEVICE_FRIENDLY_NAME_A SCARD_ATTR_VALUE(SCARD_CLASS_SYSTEM, 0x0003) +#define SCARD_ATTR_DEVICE_SYSTEM_NAME_A SCARD_ATTR_VALUE(SCARD_CLASS_SYSTEM, 0x0004) + +static int cardmod_connect(sc_reader_t *reader) +{ + DWORD active_proto, protocol; + SCARDHANDLE card_handle; + LONG rv; + struct pcsc_private_data *priv = GET_PRIV_DATA(reader); + int r; + + r = refresh_attributes(reader); + if (r) + return r; + if (!(reader->flags & SC_READER_CARD_PRESENT)) + return SC_ERROR_CARD_NOT_PRESENT; + + return SC_SUCCESS; +} + +static int cardmod_disconnect(sc_reader_t * reader) +{ + struct pcsc_private_data *priv = GET_PRIV_DATA(reader); + + reader->flags = 0; + return SC_SUCCESS; +} + +static struct sc_reader_operations cardmod_ops; + +static struct sc_reader_driver cardmod_drv = { + "PC/SC cardmod reader", + "cardmod", + &cardmod_ops, + 0, 0, NULL +}; + +static int cardmod_init(sc_context_t *ctx) +{ + struct pcsc_global_private_data *gpriv; + scconf_block *conf_block = NULL; + int ret = SC_ERROR_INTERNAL; + + gpriv = calloc(1, sizeof(struct pcsc_global_private_data)); + if (gpriv == NULL) { + ret = SC_ERROR_OUT_OF_MEMORY; + goto out; + } + + /* Defaults */ + gpriv->enable_pinpad = 1; + + conf_block = sc_get_conf_block(ctx, "reader_driver", "cardmod", 1); + if (conf_block) { + scconf_get_bool(conf_block, "enable_pinpad", gpriv->enable_pinpad); + } + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "PC/SC options: enable_pinpad=%d", gpriv->enable_pinpad); + + gpriv->dlhandle = sc_dlopen("winscard.dll"); + if (gpriv->dlhandle == NULL) { + ret = SC_ERROR_CANNOT_LOAD_MODULE; + goto out; + } + + gpriv->SCardStatus = (SCardStatus_t)sc_dlsym(gpriv->dlhandle, "SCardStatus"); + gpriv->SCardGetStatusChange = (SCardGetStatusChange_t)sc_dlsym(gpriv->dlhandle, "SCardGetStatusChange"); + gpriv->SCardTransmit = (SCardTransmit_t)sc_dlsym(gpriv->dlhandle, "SCardTransmit"); + + if (gpriv->SCardStatus == NULL) + gpriv->SCardStatus = (SCardStatus_t)sc_dlsym(gpriv->dlhandle, "SCardStatusA"); + if (gpriv->SCardGetStatusChange == NULL) + gpriv->SCardGetStatusChange = (SCardGetStatusChange_t)sc_dlsym(gpriv->dlhandle, "SCardGetStatusChangeA"); + + gpriv->SCardGetAttrib = sc_dlsym(gpriv->dlhandle, "SCardGetAttrib"); + + /* If we have SCardGetAttrib it is correct API */ + if (gpriv->SCardGetAttrib != NULL) { + if (gpriv->SCardControl == NULL) { + gpriv->SCardControl = (SCardControl_t)sc_dlsym(gpriv->dlhandle, "SCardControl"); + } + } + else { + /* gpriv->SCardControlOLD = (SCardControlOLD_t)sc_dlsym(gpriv->dlhandle, "SCardControl"); */ + } + + if ( + gpriv->SCardStatus == NULL || + gpriv->SCardGetStatusChange == NULL || + gpriv->SCardControl == NULL || + gpriv->SCardTransmit == NULL || + gpriv->SCardGetAttrib == NULL) { + ret = SC_ERROR_CANNOT_LOAD_MODULE; + goto out; + } + + ctx->reader_drv_data = gpriv; + gpriv = NULL; + ret = SC_SUCCESS; + +out: + if (gpriv != NULL) { + if (gpriv->dlhandle != NULL) + sc_dlclose(gpriv->dlhandle); + free(gpriv); + } + + return ret; +} + +static int cardmod_finish(sc_context_t *ctx) +{ + struct pcsc_global_private_data *gpriv = (struct pcsc_global_private_data *) ctx->reader_drv_data; + + if (gpriv) { + if (gpriv->dlhandle != NULL) + sc_dlclose(gpriv->dlhandle); + free(gpriv); + } + + return SC_SUCCESS; +} + +int cardmod_use_reader(sc_context_t *ctx, void * pcsc_context_handle, void * pcsc_card_handle) +{ + SCARDHANDLE card_handle; + u8 feature_buf[256], rbuf[SC_MAX_APDU_BUFFER_SIZE]; + PCSC_TLV_STRUCTURE *pcsc_tlv; + struct pcsc_global_private_data *gpriv = (struct pcsc_global_private_data *) ctx->reader_drv_data; + LONG rv; + char reader_name[128]; + DWORD rcount, feature_len, display_ioctl, reader_name_size = sizeof(reader_name); + int ret = SC_ERROR_INTERNAL; + HKEY key; + unsigned int i; + wchar_t b; + char *p; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + + if (!gpriv) { + ret = SC_ERROR_NO_READERS_FOUND; + goto out; + } + + /* if we already had a reader, delete it */ + if (sc_ctx_get_reader_count(ctx) > 0) { + sc_reader_t *oldrdr = list_extract_at(&ctx->readers, 0); + if (oldrdr) + _sc_delete_reader(ctx, oldrdr); + } + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Probing pcsc readers"); + + gpriv->pcsc_ctx = *(SCARDCONTEXT *)pcsc_context_handle; + card_handle = *(SCARDHANDLE *)pcsc_card_handle; + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "gpriv->pcsc_ctx = %X, card_handle = %X", gpriv->pcsc_ctx, card_handle); + + if(gpriv->SCardGetAttrib(card_handle, SCARD_ATTR_DEVICE_SYSTEM_NAME_A, \ + reader_name, &reader_name_size) == SCARD_S_SUCCESS) + { + sc_reader_t *reader = NULL; + struct pcsc_private_data *priv = NULL; + DWORD readers_len = 0, state, prot, atr_len = SC_MAX_ATR_SIZE; + unsigned char atr[SC_MAX_ATR_SIZE]; + + if(1) + { + char texte[2048]; + sc_bin_to_hex(reader_name, reader_name_size, texte, sizeof(texte)-5, ':'); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "lecteur name = %s\n%s\n", reader_name,texte); + } + + if ((reader = calloc(1, sizeof(sc_reader_t))) == NULL) { + ret = SC_ERROR_OUT_OF_MEMORY; + goto err1; + } + if ((priv = calloc(1, sizeof(struct pcsc_private_data))) == NULL) { + ret = SC_ERROR_OUT_OF_MEMORY; + goto err1; + } + + reader->drv_data = priv; + reader->ops = &cardmod_ops; + reader->driver = &cardmod_drv; + if ((reader->name = strdup(reader_name)) == NULL) { + ret = SC_ERROR_OUT_OF_MEMORY; + goto err1; + } + priv->gpriv = gpriv; + + /* attempt to detect protocol in use T0/T1/RAW */ + rv = priv->gpriv->SCardStatus(card_handle, NULL, &readers_len, + &state, &prot, atr, &atr_len); + if (rv != SCARD_S_SUCCESS) + { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "SCardStatus failed %08x", rv); + prot = SCARD_PROTOCOL_T0; + } + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Set protocole to %s", \ + (prot==SCARD_PROTOCOL_T0)?"T0":((prot==SCARD_PROTOCOL_T1)?"T1":"RAW")); + reader->active_protocol = pcsc_proto_to_opensc(prot); + + if (_sc_add_reader(ctx, reader)) { + ret = SC_SUCCESS; /* silent ignore */ + goto err1; + } + priv->pcsc_card = card_handle; + + /* check for pinpad support */ + if (gpriv->SCardControl != NULL) + { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Requesting reader features ... "); + rv = gpriv->SCardControl(card_handle, CM_IOCTL_GET_FEATURE_REQUEST, NULL, 0, feature_buf, sizeof(feature_buf), &feature_len); + if (rv != SCARD_S_SUCCESS) + { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "SCardControl failed %08x", rv); + } + else + { + if ((feature_len % sizeof(PCSC_TLV_STRUCTURE)) != 0) + { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Inconsistent TLV from reader!"); + } + else + { + char *log_disabled = "but it's disabled in configuration file"; + /* get the number of elements instead of the complete size */ + feature_len /= sizeof(PCSC_TLV_STRUCTURE); + + pcsc_tlv = (PCSC_TLV_STRUCTURE *)feature_buf; + for (i = 0; i < feature_len; i++) + { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Reader feature %02x detected", pcsc_tlv[i].tag); + if (pcsc_tlv[i].tag == FEATURE_VERIFY_PIN_DIRECT) + { + priv->verify_ioctl = ntohl(pcsc_tlv[i].value); + } + else if (pcsc_tlv[i].tag == FEATURE_VERIFY_PIN_START) + { + priv->verify_ioctl_start = ntohl(pcsc_tlv[i].value); + } + else if (pcsc_tlv[i].tag == FEATURE_VERIFY_PIN_FINISH) + { + priv->verify_ioctl_finish = ntohl(pcsc_tlv[i].value); + } + else if (pcsc_tlv[i].tag == FEATURE_MODIFY_PIN_DIRECT) + { + priv->modify_ioctl = ntohl(pcsc_tlv[i].value); + } + else if (pcsc_tlv[i].tag == FEATURE_MODIFY_PIN_START) + { + priv->modify_ioctl_start = ntohl(pcsc_tlv[i].value); + } + else if (pcsc_tlv[i].tag == FEATURE_MODIFY_PIN_FINISH) + { + priv->modify_ioctl_finish = ntohl(pcsc_tlv[i].value); + } + else if (pcsc_tlv[i].tag == FEATURE_IFD_PIN_PROPERTIES) + { + display_ioctl = ntohl(pcsc_tlv[i].value); + } + else + { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Reader feature %02x is not supported", pcsc_tlv[i].tag); + } + } + + /* Set slot capabilities based on detected IOCTLs */ + if (priv->verify_ioctl || (priv->verify_ioctl_start && priv->verify_ioctl_finish)) { + char *log_text = "Reader supports pinpad PIN verification"; + if (priv->gpriv->enable_pinpad) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, log_text); + reader->capabilities |= SC_READER_CAP_PIN_PAD; + } else { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "%s %s", log_text, log_disabled); + } + } + + if (priv->modify_ioctl || (priv->modify_ioctl_start && priv->modify_ioctl_finish)) { + char *log_text = "Reader supports pinpad PIN modification"; + if (priv->gpriv->enable_pinpad) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, log_text); + reader->capabilities |= SC_READER_CAP_PIN_PAD; + } else { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "%s %s", log_text, log_disabled); + } + } + + if (display_ioctl) + { + rcount = sizeof(rbuf); + rv = gpriv->SCardControl(card_handle, display_ioctl, NULL, 0, rbuf, sizeof(rbuf), &rcount); + if (rv == SCARD_S_SUCCESS) + { + if (rcount == sizeof(PIN_PROPERTIES_STRUCTURE)) + { + PIN_PROPERTIES_STRUCTURE *caps = (PIN_PROPERTIES_STRUCTURE *)rbuf; + if (caps->wLcdLayout > 0) + { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Reader has a display: %04X", caps->wLcdLayout); + reader->capabilities |= SC_READER_CAP_DISPLAY; + } + else + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Reader does not have a display."); + } + else + { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Returned PIN properties structure has bad length (%d/%d)", rcount, sizeof(PIN_PROPERTIES_STRUCTURE)); + } + } + } + } + } + } + + + refresh_attributes(reader); + + ret = SC_SUCCESS; + + goto out; + + err1: + if (priv != NULL) + { + free(priv); + } + if (reader != NULL) + { + if (reader->name) + free(reader->name); + free(reader); + } + } + +out: + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, ret); +} + +static int cardmod_release(sc_reader_t *reader) +{ + struct pcsc_private_data *priv = GET_PRIV_DATA(reader); + + free(priv); + return SC_SUCCESS; +} + +struct sc_reader_driver * sc_get_cardmod_driver(void) +{ + + struct sc_reader_driver *pcsc_drv = sc_get_pcsc_driver(); + + cardmod_ops = *(pcsc_drv->ops); + + cardmod_ops.init = cardmod_init; + cardmod_ops.finish = cardmod_finish; + cardmod_ops.detect_readers = NULL; + /* cardmod_ops.transmit = ; */ + cardmod_ops.lock = NULL; + cardmod_ops.unlock = NULL; + cardmod_ops.release = cardmod_release; + cardmod_ops.connect = cardmod_connect; + cardmod_ops.disconnect = cardmod_disconnect; + /* cardmod_ops.perform_verify = ; */ + cardmod_ops.wait_for_event = NULL; + cardmod_ops.reset = NULL; + cardmod_ops.use_reader = cardmod_use_reader; + + return &cardmod_drv; +} + +#endif + +#endif /* ENABLE_PCSC */ diff -Nru opensc-0.11.13/src/libopensc/sc.c opensc-0.12.1/src/libopensc/sc.c --- opensc-0.11.13/src/libopensc/sc.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/sc.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,20 +18,21 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif - -#ifdef ENABLE_OPENSSL -#include /* for OPENSSL_cleanse */ -#endif +#include "config.h" -#include "internal.h" #include #include #include #include #include +#ifdef HAVE_SYS_MMAN_H +#include +#endif +#ifdef ENABLE_OPENSSL +#include /* for OPENSSL_cleanse */ +#endif + +#include "internal.h" #ifdef PACKAGE_VERSION static const char *sc_version = PACKAGE_VERSION; @@ -55,7 +56,7 @@ while (*in != '\0') { int byte = 0, nybbles = 2; - while (nybbles-- && *in && *in != ':') { + while (nybbles-- && *in && *in != ':' && *in != ' ') { char c; byte <<= 4; c = *in++; @@ -73,7 +74,7 @@ } byte |= c; } - if (*in == ':') + if (*in == ':' || *in == ' ') in++; if (left <= 0) { err = SC_ERROR_BUFFER_TOO_SMALL; @@ -178,58 +179,15 @@ return 1; } -sc_slot_info_t * _sc_get_slot_info(sc_reader_t *reader, int slot_id) -{ - assert(reader != NULL); - if (slot_id < 0 || slot_id > reader->slot_count) - return NULL; - return &reader->slot[slot_id]; -} - -int sc_detect_card_presence(sc_reader_t *reader, int slot_id) +int sc_detect_card_presence(sc_reader_t *reader) { int r; - sc_slot_info_t *slot = _sc_get_slot_info(reader, slot_id); - - if (slot == NULL) - SC_FUNC_RETURN(reader->ctx, 0, SC_ERROR_SLOT_NOT_FOUND); - SC_FUNC_CALLED(reader->ctx, 1); + SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_VERBOSE); if (reader->ops->detect_card_presence == NULL) - SC_FUNC_RETURN(reader->ctx, 0, SC_ERROR_NOT_SUPPORTED); - - r = reader->ops->detect_card_presence(reader, slot); - SC_FUNC_RETURN(reader->ctx, 1, r); -} - -int sc_wait_for_event(sc_reader_t *readers[], int slot_id[], size_t nslots, - unsigned int event_mask, - int *reader, unsigned int *event, int timeout) -{ - sc_slot_info_t *slotp[SC_MAX_SLOTS * SC_MAX_READERS]; - sc_context_t *ctx; - unsigned int j; - int r; + SC_FUNC_RETURN(reader->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED); - if (nslots == 0 || nslots > SC_MAX_SLOTS * SC_MAX_READERS) - return SC_ERROR_INVALID_ARGUMENTS; - ctx = readers[0]->ctx; - - SC_FUNC_CALLED(ctx, 1); - for (j = 0; j < nslots; j++) { - slotp[j] = _sc_get_slot_info(readers[j], slot_id[j]); - - if (slotp[j] == NULL) - SC_FUNC_RETURN(ctx, 0, SC_ERROR_SLOT_NOT_FOUND); - /* XXX check to make sure all readers share the same operations - * struct */ - } - - if (readers[0]->ops->wait_for_event == NULL) - SC_FUNC_RETURN(ctx, 0, SC_ERROR_NOT_SUPPORTED); - - r = readers[0]->ops->wait_for_event(readers, slotp, nslots, - event_mask, reader, event, timeout); - SC_FUNC_RETURN(ctx, 1, r); + r = reader->ops->detect_card_presence(reader); + SC_FUNC_RETURN(reader->ctx, SC_LOG_DEBUG_NORMAL, r); } int sc_path_set(sc_path_t *path, int type, const u8 *id, size_t id_len, @@ -237,6 +195,8 @@ { if (path == NULL || id == NULL || id_len == 0 || id_len > SC_MAX_PATH_SIZE) return SC_ERROR_INVALID_ARGUMENTS; + + memset(path, 0, sizeof(*path)); memcpy(path->value, id, id_len); path->len = id_len; path->type = type; @@ -316,7 +276,7 @@ const char *sc_print_path(const sc_path_t *path) { - static char buffer[SC_MAX_PATH_STRING_SIZE]; + static char buffer[SC_MAX_PATH_STRING_SIZE + SC_MAX_AID_STRING_SIZE]; if (sc_path_print(buffer, sizeof(buffer), path) != SC_SUCCESS) buffer[0] = '\0'; @@ -331,12 +291,20 @@ if (buf == NULL || path == NULL) return SC_ERROR_INVALID_ARGUMENTS; - if (buflen < path->len * 2 + 1) + if (buflen < path->len * 2 + path->aid.len * 2 + 1) return SC_ERROR_BUFFER_TOO_SMALL; buf[0] = '\0'; + if (path->aid.len) { + for (i = 0; i < path->aid.len; i++) + snprintf(buf + strlen(buf), buflen - strlen(buf), "%02x", path->aid.value[i]); + snprintf(buf + strlen(buf), buflen - strlen(buf), "::"); + } + for (i = 0; i < path->len; i++) - snprintf(buf + 2 * i, buflen - 2 * i, "%02x", path->value[i]); + snprintf(buf + strlen(buf), buflen - strlen(buf), "%02x", path->value[i]); + if (!path->aid.len && path->type == SC_PATH_TYPE_DF_NAME) + snprintf(buf + strlen(buf), buflen - strlen(buf), "::"); return SC_SUCCESS; } @@ -362,8 +330,13 @@ const sc_path_t *sc_get_mf_path(void) { - static const sc_path_t mf_path = { {0x3f, 0x00, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0}, 2, 0, 0, SC_PATH_TYPE_PATH}; + static const sc_path_t mf_path = { + {0x3f, 0x00, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, 2, + 0, + 0, + SC_PATH_TYPE_PATH, + {{0},0} + }; return &mf_path; } @@ -406,7 +379,7 @@ return 0; } - _new = (sc_acl_entry_t *) malloc(sizeof(sc_acl_entry_t)); + _new = malloc(sizeof(sc_acl_entry_t)); if (_new == NULL) return SC_ERROR_OUT_OF_MEMORY; _new->method = method; @@ -430,13 +403,13 @@ { sc_acl_entry_t *p; static const sc_acl_entry_t e_never = { - SC_AC_NEVER, SC_AC_KEY_REF_NONE, NULL + SC_AC_NEVER, SC_AC_KEY_REF_NONE, {{0, 0, 0, {0}}}, NULL }; static const sc_acl_entry_t e_none = { - SC_AC_NONE, SC_AC_KEY_REF_NONE, NULL + SC_AC_NONE, SC_AC_KEY_REF_NONE, {{0, 0, 0, {0}}}, NULL }; static const sc_acl_entry_t e_unknown = { - SC_AC_UNKNOWN, SC_AC_KEY_REF_NONE, NULL + SC_AC_UNKNOWN, SC_AC_KEY_REF_NONE, {{0, 0, 0, {0}}}, NULL }; assert(file != NULL); @@ -639,12 +612,12 @@ return file->magic == SC_FILE_MAGIC; } -int _sc_parse_atr(sc_context_t *ctx, sc_slot_info_t *slot) +int _sc_parse_atr(sc_reader_t *reader) { - u8 *p = slot->atr; - int atr_len = (int) slot->atr_len; + u8 *p = reader->atr.value; + int atr_len = (int) reader->atr.len; int n_hist, x; - int tx[4]; + int tx[4] = {-1, -1, -1, -1}; int i, FI, DI; const int Fi_table[] = { 372, 372, 558, 744, 1116, 1488, 1860, -1, @@ -656,16 +629,16 @@ -1, 1, 2, 4, 8, 16, 32, -1, 12, 20, -1, -1, -1, -1, -1, -1 }; - slot->atr_info.hist_bytes_len = 0; - slot->atr_info.hist_bytes = NULL; + reader->atr_info.hist_bytes_len = 0; + reader->atr_info.hist_bytes = NULL; if (atr_len == 0) { - sc_error(ctx, "empty ATR - card not present?\n"); + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "empty ATR - card not present?\n"); return SC_ERROR_INTERNAL; } if (p[0] != 0x3B && p[0] != 0x3F) { - sc_error(ctx, "invalid sync byte in ATR: 0x%02X\n", p[0]); + sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "invalid sync byte in ATR: 0x%02X\n", p[0]); return SC_ERROR_INTERNAL; } n_hist = p[1] & 0x0F; @@ -681,20 +654,20 @@ tx[i] = -1; } if (tx[0] >= 0) { - slot->atr_info.FI = FI = tx[0] >> 4; - slot->atr_info.DI = DI = tx[0] & 0x0F; - slot->atr_info.Fi = Fi_table[FI]; - slot->atr_info.f = f_table[FI]; - slot->atr_info.Di = Di_table[DI]; + reader->atr_info.FI = FI = tx[0] >> 4; + reader->atr_info.DI = DI = tx[0] & 0x0F; + reader->atr_info.Fi = Fi_table[FI]; + reader->atr_info.f = f_table[FI]; + reader->atr_info.Di = Di_table[DI]; } else { - slot->atr_info.Fi = -1; - slot->atr_info.f = -1; - slot->atr_info.Di = -1; + reader->atr_info.Fi = -1; + reader->atr_info.f = -1; + reader->atr_info.Di = -1; } if (tx[2] >= 0) - slot->atr_info.N = tx[3]; + reader->atr_info.N = tx[3]; else - slot->atr_info.N = -1; + reader->atr_info.N = -1; while (tx[3] > 0 && tx[3] & 0xF0 && atr_len > 0) { x = tx[3] >> 4; for (i = 0; i < 4 && atr_len > 0; i++) { @@ -710,11 +683,29 @@ return 0; if (n_hist > atr_len) n_hist = atr_len; - slot->atr_info.hist_bytes_len = n_hist; - slot->atr_info.hist_bytes = p; + reader->atr_info.hist_bytes_len = n_hist; + reader->atr_info.hist_bytes = p; return 0; } +void *sc_mem_alloc_secure(size_t len) +{ + void *pointer; + + pointer = calloc(len, sizeof(unsigned char)); + if (!pointer) + return NULL; +#ifdef HAVE_SYS_MMAN_H + /* TODO Windows support and mprotect too */ + /* Do not swap the memory */ + if (mlock(pointer, len) == -1) { + free(pointer); + return NULL; + } +#endif + return pointer; +} + void sc_mem_clear(void *ptr, size_t len) { #ifdef ENABLE_OPENSSL @@ -726,6 +717,68 @@ #endif } +static int +sc_remote_apdu_allocate(struct sc_remote_data *rdata, + struct sc_remote_apdu **new_rapdu) +{ + struct sc_remote_apdu *rapdu = NULL, *rr; + int counter; + + if (!rdata) + return SC_ERROR_INVALID_ARGUMENTS; + + rapdu = calloc(1, sizeof(struct sc_remote_apdu)); + if (rapdu == NULL) + return SC_ERROR_OUT_OF_MEMORY; + + rapdu->apdu.data = &rapdu->sbuf[0]; + rapdu->apdu.resp = &rapdu->rbuf[0]; + rapdu->apdu.resplen = sizeof(rapdu->rbuf); + + if (new_rapdu) + *new_rapdu = rapdu; + + if (rdata->data == NULL) { + rdata->data = rapdu; + rdata->length = 1; + return SC_SUCCESS; + } + + for (rr = rdata->data; rr->next; rr = rr->next) + ; + rr->next = rapdu; + rdata->length++; + + return SC_SUCCESS; +} + +static void +sc_remote_apdu_free (struct sc_remote_data *rdata) +{ + struct sc_remote_apdu *rapdu = NULL; + + if (!rdata) + return; + + rapdu = rdata->data; + while(rapdu) { + struct sc_remote_apdu *rr = rapdu->next; + + free(rapdu); + rapdu = rr; + } +} + +void sc_remote_data_init(struct sc_remote_data *rdata) +{ + if (!rdata) + return; + memset(rdata, 0, sizeof(struct sc_remote_data)); + + rdata->alloc = sc_remote_apdu_allocate; + rdata->free = sc_remote_apdu_free; +} + /**************************** mutex functions ************************/ int sc_mutex_create(const sc_context_t *ctx, void **mutex) diff -Nru opensc-0.11.13/src/libopensc/sec.c opensc-0.12.1/src/libopensc/sec.c --- opensc-0.11.13/src/libopensc/sec.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/sec.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,13 +18,16 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "internal.h" -#ifdef HAVE_UNISTD_H -#include -#endif +#include "config.h" + #include #include #include +#ifdef HAVE_UNISTD_H +#include +#endif + +#include "internal.h" int sc_decipher(sc_card_t *card, const u8 * crgram, size_t crgram_len, u8 * out, size_t outlen) @@ -32,11 +35,11 @@ int r; assert(card != NULL && crgram != NULL && out != NULL); - SC_FUNC_CALLED(card->ctx, 2); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); if (card->ops->decipher == NULL) - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_NOT_SUPPORTED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_NOT_SUPPORTED); r = card->ops->decipher(card, crgram, crgram_len, out, outlen); - SC_FUNC_RETURN(card->ctx, 2, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); } int sc_compute_signature(sc_card_t *card, @@ -46,11 +49,11 @@ int r; assert(card != NULL); - SC_FUNC_CALLED(card->ctx, 2); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); if (card->ops->compute_signature == NULL) - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_NOT_SUPPORTED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_NOT_SUPPORTED); r = card->ops->compute_signature(card, data, datalen, out, outlen); - SC_FUNC_RETURN(card->ctx, 2, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); } int sc_set_security_env(sc_card_t *card, @@ -60,11 +63,11 @@ int r; assert(card != NULL); - SC_FUNC_CALLED(card->ctx, 2); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); if (card->ops->set_security_env == NULL) - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_NOT_SUPPORTED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_NOT_SUPPORTED); r = card->ops->set_security_env(card, env, se_num); - SC_FUNC_RETURN(card->ctx, 2, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); } int sc_restore_security_env(sc_card_t *card, int se_num) @@ -72,11 +75,11 @@ int r; assert(card != NULL); - SC_FUNC_CALLED(card->ctx, 2); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); if (card->ops->restore_security_env == NULL) - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_NOT_SUPPORTED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_NOT_SUPPORTED); r = card->ops->restore_security_env(card, se_num); - SC_FUNC_RETURN(card->ctx, 2, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); } int sc_verify(sc_card_t *card, unsigned int type, int ref, @@ -151,7 +154,7 @@ int r; assert(card != NULL); - SC_FUNC_CALLED(card->ctx, 2); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); if (card->ops->pin_cmd) { r = card->ops->pin_cmd(card, data, tries_left); } else if (!(data->flags & SC_PIN_CMD_USE_PINPAD)) { @@ -192,13 +195,13 @@ break; } if (r == SC_ERROR_NOT_SUPPORTED) - sc_error(card->ctx, "unsupported PIN operation (%d)", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "unsupported PIN operation (%d)", data->cmd); } else { - sc_error(card->ctx, "Use of pin pad not supported by card driver"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Use of pin pad not supported by card driver"); r = SC_ERROR_NOT_SUPPORTED; } - SC_FUNC_RETURN(card->ctx, 2, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); } /* diff -Nru opensc-0.11.13/src/libopensc/types.h opensc-0.12.1/src/libopensc/types.h --- opensc-0.11.13/src/libopensc/types.h 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/types.h 2011-05-17 17:07:00.000000000 +0000 @@ -27,22 +27,77 @@ typedef unsigned char u8; +/* various maximum values */ +#define SC_MAX_CARD_DRIVERS 32 +#define SC_MAX_CARD_DRIVER_SNAME_SIZE 16 +#define SC_MAX_CARD_APPS 8 +#define SC_MAX_APDU_BUFFER_SIZE 261 /* takes account of: CLA INS P1 P2 Lc [255 byte of data] Le */ +#define SC_MAX_EXT_APDU_BUFFER_SIZE 65538 +#define SC_MAX_PIN_SIZE 256 /* OpenPGP card has 254 max */ +#define SC_MAX_ATR_SIZE 33 +#define SC_MAX_AID_SIZE 16 +#define SC_MAX_AID_STRING_SIZE (SC_MAX_AID_SIZE * 2 + 3) +#define SC_MAX_IIN_SIZE 10 #define SC_MAX_OBJECT_ID_OCTETS 16 +#define SC_MAX_PATH_SIZE 16 +#define SC_MAX_PATH_STRING_SIZE (SC_MAX_PATH_SIZE * 2 + 3) +#define SC_MAX_SDO_ACLS 8 +#define SC_MAX_CRTS_IN_SE 12 + +/* When changing this value, pay attention to the initialization of the ASN1 + * static variables that use this macro, like, for example, + * 'c_asn1_supported_algorithms' in src/libopensc/pkcs15.c + */ +#define SC_MAX_SUPPORTED_ALGORITHMS 8 + +struct sc_lv_data { + unsigned char *value; + size_t len; +}; + +struct sc_tlv_data { + unsigned tag; + unsigned char *value; + size_t len; +}; struct sc_object_id { int value[SC_MAX_OBJECT_ID_OCTETS]; }; -#define SC_PATH_TYPE_FILE_ID 0 -#define SC_PATH_TYPE_DF_NAME 1 -#define SC_PATH_TYPE_PATH 2 -#define SC_PATH_TYPE_PATH_PROT 3 /* path of a file containing - EnvelopedData objects */ -#define SC_PATH_TYPE_FROM_CURRENT 4 -#define SC_PATH_TYPE_PARENT 5 +struct sc_aid { + unsigned char value[SC_MAX_AID_SIZE]; + size_t len; +}; -#define SC_MAX_PATH_SIZE 16 -#define SC_MAX_PATH_STRING_SIZE (SC_MAX_PATH_SIZE * 2 + 1) +struct sc_atr { + unsigned char value[SC_MAX_ATR_SIZE]; + size_t len; +}; + +/* Issuer ID */ +struct sc_iid { + unsigned char value[SC_MAX_IIN_SIZE]; + size_t len; +}; + +/* Discretionary ASN.1 data object */ +struct sc_ddo { + struct sc_aid aid; + struct sc_iid iid; + struct sc_object_id oid; + + size_t len; + unsigned char *value; +}; + +#define SC_PATH_TYPE_FILE_ID 0 +#define SC_PATH_TYPE_DF_NAME 1 +#define SC_PATH_TYPE_PATH 2 +/* path of a file containing EnvelopedData objects */ +#define SC_PATH_TYPE_PATH_PROT 3 +#define SC_PATH_TYPE_FROM_CURRENT 4 +#define SC_PATH_TYPE_PARENT 5 typedef struct sc_path { u8 value[SC_MAX_PATH_SIZE]; @@ -56,26 +111,108 @@ int count; int type; + + struct sc_aid aid; } sc_path_t; +/* Control reference template */ +struct sc_crt { + unsigned tag; + unsigned usage; /* Usage Qualifier Byte */ + unsigned algo; /* Algorithm ID */ + unsigned refs[8]; /* Security Object References */ +}; + +/* Access Control flags */ +#define SC_AC_NONE 0x00000000 +#define SC_AC_CHV 0x00000001 /* Card Holder Verif. */ +#define SC_AC_TERM 0x00000002 /* Terminal auth. */ +#define SC_AC_PRO 0x00000004 /* Secure Messaging */ +#define SC_AC_AUT 0x00000008 /* Key auth. */ +#define SC_AC_SYMBOLIC 0x00000010 /* internal use only */ +#define SC_AC_SEN 0x00000020 /* Security Environment. */ +#define SC_AC_SCB 0x00000040 /* IAS/ECC SCB byte. */ +#define SC_AC_IDA 0x00000080 /* PKCS#15 authentication ID */ + +#define SC_AC_UNKNOWN 0xFFFFFFFE +#define SC_AC_NEVER 0xFFFFFFFF + +/* Operations relating to access control */ +#define SC_AC_OP_SELECT 0 +#define SC_AC_OP_LOCK 1 +#define SC_AC_OP_DELETE 2 +#define SC_AC_OP_CREATE 3 +#define SC_AC_OP_REHABILITATE 4 +#define SC_AC_OP_INVALIDATE 5 +#define SC_AC_OP_LIST_FILES 6 +#define SC_AC_OP_CRYPTO 7 +#define SC_AC_OP_DELETE_SELF 8 +#define SC_AC_OP_PSO_DECRYPT 9 +#define SC_AC_OP_PSO_ENCRYPT 10 +#define SC_AC_OP_PSO_COMPUTE_SIGNATURE 11 +#define SC_AC_OP_PSO_VERIFY_SIGNATURE 12 +#define SC_AC_OP_PSO_COMPUTE_CHECKSUM 13 +#define SC_AC_OP_PSO_VERIFY_CHECKSUM 14 +#define SC_AC_OP_INTERNAL_AUTHENTICATE 15 +#define SC_AC_OP_EXTERNAL_AUTHENTICATE 16 +#define SC_AC_OP_PIN_DEFINE 17 +#define SC_AC_OP_PIN_CHANGE 18 +#define SC_AC_OP_PIN_RESET 19 +#define SC_AC_OP_ACTIVATE 20 +#define SC_AC_OP_DEACTIVATE 21 +#define SC_AC_OP_READ 22 +#define SC_AC_OP_UPDATE 23 +#define SC_AC_OP_WRITE 24 +#define SC_AC_OP_RESIZE 25 +#define SC_AC_OP_GENERATE 26 +/* If you add more OPs here, make sure you increase SC_MAX_AC_OPS*/ +#define SC_MAX_AC_OPS 27 + +/* the use of SC_AC_OP_ERASE is deprecated, SC_AC_OP_DELETE should be used + * instead */ +#define SC_AC_OP_ERASE SC_AC_OP_DELETE + +#define SC_AC_KEY_REF_NONE 0xFFFFFFFF + typedef struct sc_acl_entry { unsigned int method; /* See SC_AC_* */ unsigned int key_ref; /* SC_AC_KEY_REF_NONE or an integer */ + struct sc_crt crts[SC_MAX_CRTS_IN_SE]; + struct sc_acl_entry *next; } sc_acl_entry_t; -#define SC_MAX_AC_OPS 9 - +/* File types */ +#define SC_FILE_TYPE_DF 0x04 +#define SC_FILE_TYPE_INTERNAL_EF 0x03 +#define SC_FILE_TYPE_WORKING_EF 0x01 +#define SC_FILE_TYPE_BSO 0x10 + +/* EF structures */ +#define SC_FILE_EF_UNKNOWN 0x00 +#define SC_FILE_EF_TRANSPARENT 0x01 +#define SC_FILE_EF_LINEAR_FIXED 0x02 +#define SC_FILE_EF_LINEAR_FIXED_TLV 0x03 +#define SC_FILE_EF_LINEAR_VARIABLE 0x04 +#define SC_FILE_EF_LINEAR_VARIABLE_TLV 0x05 +#define SC_FILE_EF_CYCLIC 0x06 +#define SC_FILE_EF_CYCLIC_TLV 0x07 + +/* File status flags */ +#define SC_FILE_STATUS_ACTIVATED 0x00 +#define SC_FILE_STATUS_INVALIDATED 0x01 +#define SC_FILE_STATUS_CREATION 0x02 /* Full access in this state, + (at least for SetCOS 4.4 */ typedef struct sc_file { struct sc_path path; u8 name[16]; /* DF name */ size_t namelen; /* length of DF name */ - int type, shareable, ef_structure; + unsigned int type, ef_structure, status; /* See constant values defined above */ + unsigned int shareable; /* true(1), false(0) according to ISO 7816-4:2005 Table 14 */ size_t size; /* Size of file (in bytes) */ int id; /* Short file id (2 bytes) */ - int status; /* Status flags */ struct sc_acl_entry *acl[SC_MAX_AC_OPS]; /* Access Control List */ int record_length; /* In case of fixed-length or cyclic EF */ @@ -91,16 +228,29 @@ unsigned int magic; } sc_file_t; -/* use command chaining if the Lc value is greater than normally - * allowed - */ + +/* Different APDU cases */ +#define SC_APDU_CASE_NONE 0x00 +#define SC_APDU_CASE_1 0x01 +#define SC_APDU_CASE_2_SHORT 0x02 +#define SC_APDU_CASE_3_SHORT 0x03 +#define SC_APDU_CASE_4_SHORT 0x04 +#define SC_APDU_SHORT_MASK 0x0f +#define SC_APDU_EXT 0x10 +#define SC_APDU_CASE_2_EXT SC_APDU_CASE_2_SHORT | SC_APDU_EXT +#define SC_APDU_CASE_3_EXT SC_APDU_CASE_3_SHORT | SC_APDU_EXT +#define SC_APDU_CASE_4_EXT SC_APDU_CASE_4_SHORT | SC_APDU_EXT +/* following types let OpenSC decides whether to use short or extended APDUs */ +#define SC_APDU_CASE_2 0x22 +#define SC_APDU_CASE_3 0x23 +#define SC_APDU_CASE_4 0x24 + +/* use command chaining if the Lc value is greater than normally allowed */ #define SC_APDU_FLAGS_CHAINING 0x00000001UL -/* do not automatically call GET RESPONSE to read all available - * data - */ +/* do not automatically call GET RESPONSE to read all available data */ #define SC_APDU_FLAGS_NO_GET_RESP 0x00000002UL -/* do not automatically try a re-transmit with a new length - * if the card returns 0x6Cxx (wrong length) +/* do not automatically try a re-transmit with a new length if the card + * returns 0x6Cxx (wrong length) */ #define SC_APDU_FLAGS_NO_RETRY_WL 0x00000004UL @@ -113,16 +263,94 @@ u8 *resp; /* R-APDU data buffer */ size_t resplen; /* in: size of R-APDU buffer, * out: length of data returned in R-APDU */ - u8 sensitive; /* Set if either the command or - * the response contains secrets, - * e.g. a PIN. */ u8 control; /* Set if APDU should go to the reader */ unsigned int sw1, sw2; /* Status words returned in R-APDU */ unsigned long flags; + + struct sc_apdu *next; } sc_apdu_t; +/* Card manager Production Life Cycle data (CPLC) + * (from the Open Platform specification) */ +#define SC_CPLC_TAG 0x9F7F +#define SC_CPLC_DER_SIZE 45 +struct sc_cplc { + unsigned char ic_fabricator[2]; + unsigned char ic_type[2]; + unsigned char os_data[6]; + unsigned char ic_date[2]; + unsigned char ic_serial[4]; + unsigned char ic_batch_id[2]; + unsigned char ic_module_data[4]; + unsigned char icc_manufacturer[2]; + unsigned char ic_embed_date[2]; + unsigned char pre_perso_data[6]; + unsigned char personalizer_data[6]; + + unsigned char value[SC_CPLC_DER_SIZE]; + size_t len; +}; + +/* 'Issuer Identification Number' is a part of ISO/IEC 7812 PAN definition */ +struct sc_iin { + unsigned char mii; /* industry identifier */ + unsigned country; /* country identifier */ + unsigned long issuer_id; /* issuer identifier */ +}; + +/* structure for the card serial number (normally the ICCSN) */ +#define SC_MAX_SERIALNR 32 +typedef struct sc_serial_number { + unsigned char value[SC_MAX_SERIALNR]; + size_t len; + + struct sc_iin iin; +} sc_serial_number_t; + +/** + * @struct sc_remote_apdu data + * Structure to supply the linked APDU data used in + * communication with the external (SM) modules. + */ +#define SC_REMOTE_APDU_FLAG_FATAL +#define SC_REMOTE_APDU_FLAG_LAST +#define SC_REMOTE_APDU_FLAG_RETURN_ANSWER +#define SC_REMOTE_APDU_FLAG_GET_RESPONSE +struct sc_remote_apdu { + unsigned char sbuf[2*SC_MAX_APDU_BUFFER_SIZE]; + unsigned char rbuf[2*SC_MAX_APDU_BUFFER_SIZE]; + struct sc_apdu apdu; + + unsigned flags; + + struct sc_remote_apdu *next; +}; + +/** + * @struct sc_remote_data + * Frame for the list of the @c sc_remote_apdu data with + * the handlers to allocate and free. + */ +struct sc_remote_data { + struct sc_remote_apdu *data; + int length; + + /** + * Handler to allocate a new @c sc_remote_apdu data and add it to the list. + * @param rdata Self pointer to the @c sc_remote_data + * @param out Pointer to newle allocated member + */ + int (*alloc)(struct sc_remote_data *rdata, struct sc_remote_apdu **out); + /** + * Handler to free the list of @c sc_remote_apdu data + * @param rdata Self pointer to the @c sc_remote_data + */ + void (*free)(struct sc_remote_data *rdata); +}; + + #ifdef __cplusplus } #endif diff -Nru opensc-0.11.13/src/libopensc/ui.c opensc-0.12.1/src/libopensc/ui.c --- opensc-0.11.13/src/libopensc/ui.c 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/ui.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,433 +0,0 @@ -/* - * User interface layer. This library adds an abstraction layer to - * user interaction, allowing to configure at run time with ui - * to use (tty, qt, gnome, win32, ...) - * - * Dynamically loads user interface libraries for different platforms, - * if configured. Otherwise, uses default functions that communicate - * with the user through stdin/stdout. - * - * Copyright (C) 2003 Olaf Kirch - */ - -#include "internal.h" -#include -#include -#include -#ifdef HAVE_UNISTD_H -#include -#endif -#ifdef HAVE_LOCALE_H -#include -#endif -#include -#include - -/* - * We keep a global shared library handle here. - * This is ugly; we should somehow tie this to the sc_context. - */ -static void * sc_ui_lib_handle = NULL; -static int sc_ui_lib_loaded = 0; - -typedef int sc_ui_get_pin_fn_t(sc_ui_hints_t *, char **); -typedef int sc_ui_get_pin_pair_fn_t(sc_ui_hints_t *, - char **, char **); -typedef int sc_ui_display_fn_t(sc_context_t *, const char *); - -static int sc_ui_get_func(sc_context_t *, const char *, void **); -static int sc_ui_get_pin_default(sc_ui_hints_t *, char **); -static int sc_ui_get_pin_pair_default(sc_ui_hints_t *, - char **, char **); -static int sc_ui_display_error_default(sc_context_t *, const char *); -static int sc_ui_display_debug_default(sc_context_t *, const char *); - -static int __sc_ui_read_pin(sc_context_t *, const char *, - const char *label, int flags, - sc_pkcs15_pin_info_t *pin_info, - char **out); - -/* - * Set the language - */ -int -sc_ui_set_language(sc_context_t *ctx, const char *lang) -{ - if (ctx->preferred_language) - free(ctx->preferred_language); - ctx->preferred_language = NULL; - if (lang) - ctx->preferred_language = strdup(lang); - return 0; -} - -/* - * Retrieve a PIN from the user. - */ -int -sc_ui_get_pin(sc_ui_hints_t *hints, char **out) -{ - static sc_ui_get_pin_fn_t *get_pin_fn, **t_fn = &get_pin_fn; - int r; - - if (!get_pin_fn) { - void *addr; - - r = sc_ui_get_func(hints->card->ctx, - "sc_ui_get_pin_handler", - &addr); - if (r < 0) - return r; - *(void **)(t_fn) = addr; - if (get_pin_fn == NULL) - get_pin_fn = sc_ui_get_pin_default; - } - - return get_pin_fn(hints, out); -} - -int -sc_ui_get_pin_pair(sc_ui_hints_t *hints, char **old_out, char **new_out) -{ - static sc_ui_get_pin_pair_fn_t *get_pin_pair_fn, **t_fn = &get_pin_pair_fn; - int r; - - if (!get_pin_pair_fn) { - void *addr; - - r = sc_ui_get_func(hints->card->ctx, - "sc_ui_get_pin_pair_handler", - &addr); - if (r < 0) - return r; - *(void **)(t_fn) = addr; - if (get_pin_pair_fn == NULL) - get_pin_pair_fn = sc_ui_get_pin_pair_default; - } - - return get_pin_pair_fn(hints, old_out, new_out); -} - -int -sc_ui_display_error(sc_context_t *ctx, const char *msg) -{ - static sc_ui_display_fn_t *display_fn, **t_fn = &display_fn; - int r; - - if (!display_fn) { - void *addr; - - r = sc_ui_get_func(ctx, - "sc_ui_display_error_handler", - &addr); - if (r < 0) - return r; - *(void **)(t_fn) = addr; - if (display_fn == NULL) - display_fn = sc_ui_display_error_default; - } - - return display_fn(ctx, msg); -} - -int -sc_ui_display_debug(sc_context_t *ctx, const char *msg) -{ - static sc_ui_display_fn_t *display_fn, **t_fn = &display_fn; - int r; - - if (!display_fn) { - void *addr; - - r = sc_ui_get_func(ctx, - "sc_ui_display_debug_handler", - &addr); - if (r < 0) - return r; - *(void **)t_fn = addr; - if (display_fn == NULL) - display_fn = sc_ui_display_debug_default; - } - - return display_fn(ctx, msg); -} - -/* - * Get the named functions from the user interface - * library. If no library is configured, or if the - * libray doesn't define the named symbol, fall back - * to the default function - */ -static int sc_ui_get_func(sc_context_t *ctx, const char *name, void **ret) -{ - *ret = NULL; - if (!sc_ui_lib_handle && !sc_ui_lib_loaded) { - const char *lib_name = NULL; - scconf_block *blk; - int i; - - /* Prevent recursion */ - sc_ui_lib_loaded = 1; - - for (i = 0; (blk = ctx->conf_blocks[i]); i++) { - lib_name = scconf_get_str(blk, - "user_interface", - NULL); - if (lib_name) - break; - } - - if (!lib_name) - return 0; - - sc_ui_lib_handle = lt_dlopen(lib_name); - if (!sc_ui_lib_handle) { - sc_error(ctx, - "Unable to open user interface library '%s': %s\n", - lib_name, lt_dlerror()); - return SC_ERROR_INTERNAL; - } - } - - if (sc_ui_lib_handle == NULL) - return 0; - - *ret = lt_dlsym(sc_ui_lib_handle, name); - - return *ret ? SC_SUCCESS : SC_ERROR_UNKNOWN; -} - -/* - * Default ui functions - */ -static int sc_ui_get_pin_default(sc_ui_hints_t *hints, char **out) -{ - sc_context_t *ctx = hints->card->ctx; - sc_pkcs15_pin_info_t *pin_info; - const char *label, *language = "en"; - int flags = hints->flags; - - pin_info = hints->info.pin; - if (!(label = hints->obj_label)) { - if (pin_info == NULL) { - label = "PIN"; - } else if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) { - label = "Security Officer PIN"; - } else { - label = "User PIN"; - } - } - - if (hints->p15card) { - /* TBD: get preferredCard from TokenInfo */ - } - -#if defined(HAVE_SETLOCALE) && !defined(_WIN32) - setlocale(LC_MESSAGES, language); -#else - (void) language; -#endif - - return __sc_ui_read_pin(ctx, hints->prompt, label, - flags, pin_info, out); -} - -static int sc_ui_get_pin_pair_default(sc_ui_hints_t *hints, char **old_out, - char **new_out) -{ - sc_context_t *ctx = hints->card->ctx; - sc_pkcs15_pin_info_t *pin_info; - const char *label, *language = "en"; - int r, flags = hints->flags, old_flags; - - if (hints->prompt) - printf("%s\n", hints->prompt); - - pin_info = hints->info.pin; - if (!(label = hints->obj_label)) { - if (pin_info == NULL) { - label = "PIN"; - } else if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) { - label = "Security Officer PIN"; - } else { - label = "User PIN"; - } - } - - if (hints->p15card) { - /* TBD: get preferredCard from TokenInfo */ - } - -#if defined(HAVE_SETLOCALE) && !defined(_WIN32) - setlocale(LC_MESSAGES, language); -#else - (void) language; -#endif - - old_flags = flags; - if (hints->usage == SC_UI_USAGE_UNBLOCK_PIN - || hints->usage == SC_UI_USAGE_CHANGE_PIN) { - old_flags &= ~(SC_UI_PIN_RETYPE|SC_UI_PIN_CHECK_LENGTH); - } - - r = __sc_ui_read_pin(ctx, NULL, label, old_flags, NULL, old_out); - if (r >= 0) - r = __sc_ui_read_pin(ctx, NULL, label, flags, NULL, new_out); - - return r; -} - -static int __sc_ui_read_pin(sc_context_t *ctx, const char *prompt, - const char *label, int flags, - sc_pkcs15_pin_info_t *pin_info, - char **out) -{ - if (prompt) { - printf("%s", prompt); - if (flags & SC_UI_PIN_OPTIONAL) - printf(" (Optional - press return for no PIN)"); - printf(".\n"); - } - - *out = NULL; - while (1) { - char buffer[64], *pin; - size_t len; - - snprintf(buffer, sizeof(buffer), - "Please enter %s: ", label); - - if ((pin = getpass(buffer)) == NULL) - return SC_ERROR_INTERNAL; - - len = strlen(pin); - if (len == 0 && (flags & SC_UI_PIN_OPTIONAL)) - return 0; - - if (pin_info && (flags & SC_UI_PIN_CHECK_LENGTH)) { - if (len < pin_info->min_length) { - fprintf(stderr, - "PIN too short (min %lu characters)\n", - (unsigned long) pin_info->min_length); - continue; - } - if (pin_info->max_length - && len > pin_info->max_length) { - fprintf(stderr, - "PIN too long (max %lu characters)\n", - (unsigned long) pin_info->max_length); - continue; - } - } - - *out = strdup(pin); - sc_mem_clear(pin, len); - - if (!(flags & SC_UI_PIN_RETYPE)) - break; - - pin = getpass("Please type again to verify: "); - if (!strcmp(*out, pin)) { - sc_mem_clear(pin, len); - break; - } - - free(*out); - *out = NULL; - - if (!(flags & SC_UI_PIN_MISMATCH_RETRY)) { - fprintf(stderr, "PINs do not match.\n"); - return SC_ERROR_KEYPAD_PIN_MISMATCH; - } - - fprintf(stderr, - "Sorry, the two pins did not match. " - "Please try again.\n"); - sc_mem_clear(pin, strlen(pin)); - - /* Currently, there's no way out of this dialog. - * We should allow the user to bail out after n - * attempts. */ - } - - return 0; -} - -/* - * Default debug/error message output - */ -static int -use_color(sc_context_t *ctx, FILE * outf) -{ - static const char *terms[] = { "linux", "xterm", "Eterm", "rxvt", "rxvt-unicode" }; - static char *term = NULL; - int term_count = sizeof(terms) / sizeof(terms[0]); - int do_color, i; - - if (!isatty(fileno(outf))) - return 0; - if (term == NULL) { - term = getenv("TERM"); - if (term == NULL) - return 0; - } - - do_color = 0; - for (i = 0; i < term_count; i++) { - if (strcmp(terms[i], term) == 0) { - do_color = 1; - break; - } - } - - return do_color; -} - -static int -sc_ui_display_msg(sc_context_t *ctx, int type, const char *msg) -{ - const char *color_pfx = "", *color_sfx = ""; - FILE *outf = NULL; - int n; - - switch (type) { - case SC_LOG_TYPE_ERROR: - outf = ctx->error_file; - break; - - case SC_LOG_TYPE_DEBUG: - outf = ctx->debug_file; - break; - } - if (outf == NULL) - return 0; - - if (use_color(ctx, outf)) { - color_sfx = "\33[0m"; - switch (type) { - case SC_LOG_TYPE_ERROR: - color_pfx = "\33[01;31m"; - break; - case SC_LOG_TYPE_DEBUG: - color_pfx = "\33[00;32m"; - break; - } - } - - fprintf(outf, "%s%s%s", color_pfx, msg, color_sfx); - n = strlen(msg); - if (n == 0 || msg[n-1] != '\n') - fprintf(outf, "\n"); - fflush(outf); - return 0; -} - -static int sc_ui_display_error_default(sc_context_t *ctx, const char *msg) -{ - return sc_ui_display_msg(ctx, SC_LOG_TYPE_ERROR, msg); -} - -static int sc_ui_display_debug_default(sc_context_t *ctx, const char *msg) -{ - return sc_ui_display_msg(ctx, SC_LOG_TYPE_DEBUG, msg); -} diff -Nru opensc-0.11.13/src/libopensc/ui.h opensc-0.12.1/src/libopensc/ui.h --- opensc-0.11.13/src/libopensc/ui.h 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/libopensc/ui.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,114 +0,0 @@ -/* - * ui.h: User interface layer - * - * Copyright (C) 2003 Olaf Kirch - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -#ifndef _SC_UI_H -#define _SC_UI_H - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Dialog types - */ -#define SC_UI_USAGE_OTHER 0x0000 -#define SC_UI_USAGE_NEW_PIN 0x0001 -#define SC_UI_USAGE_UNBLOCK_PIN 0x0002 -#define SC_UI_USAGE_CHANGE_PIN 0x0003 - -/* - * Dialog flags - */ -#define SC_UI_PIN_RETYPE 0x0001 /* new pin, retype */ -#define SC_UI_PIN_OPTIONAL 0x0002 /* new pin optional */ -#define SC_UI_PIN_CHECK_LENGTH 0x0004 /* check pin length */ -#define SC_UI_PIN_MISMATCH_RETRY 0x0008 /* retry if new pin mismatch? */ - - -/* Hints passed to user interface functions - * M marks mandatory fields, - * O marks optional fields - */ -typedef struct sc_ui_hints { - const char * prompt; /* M: cmdline prompt */ - const char * dialog_name; /* M: dialog name */ - unsigned int usage; /* M: usage hint */ - unsigned int flags; /* M: flags */ - sc_card_t * card; /* M: card handle */ - struct sc_pkcs15_card * p15card; /* O: pkcs15 handle */ - - /* We may not have a pkcs15 object yet when we get - * here, but we may have an idea of what it's going to - * look like. */ - const char * obj_label; /* O: object (PIN) label */ - union { - struct sc_pkcs15_pin_info *pin; - } info; -} sc_ui_hints_t; - -/* - * Specify the dialog language, if the backend is localized. - */ -extern int sc_ui_set_language(sc_context_t *, const char *); - -/* - * Retrieve a PIN from the user. - * - * @hints dialog hints - * @out PIN entered by the user; must be freed. - * NULL if dialog was canceled. - */ -extern int sc_ui_get_pin(sc_ui_hints_t *hints, char **out); - -/* - * PIN pair dialog. Can be used for PIN change/unblock, but - * also to enter a PIN/PUK pair. - * - * @hints dialog hints - * @old_out PIN entered by the user; must be freed. - * NULL if dialog was canceled. - * @new_out PIN entered by the user; must be freed. - * NULL if dialog was canceled. - */ -extern int sc_ui_get_pin_pair(sc_ui_hints_t *hints, - char **old_out, char **new_out); - -/* - * Other ui functions, not fully spec'ed yet - */ -extern int sc_ui_display_question(sc_context_t *ctx, - const char *name, - const char *prompt); -extern int sc_ui_display_message(sc_context_t *ctx, - const char *name, - const char *message); -extern int sc_ui_display_error(sc_context_t *ctx, - const char *msg); -extern int sc_ui_display_debug(sc_context_t *ctx, - const char *msg); - -#ifdef __cplusplus -} -#endif - -#endif /* _SC_UI_H */ diff -Nru opensc-0.11.13/src/libopensc/versioninfo.rc opensc-0.12.1/src/libopensc/versioninfo.rc --- opensc-0.11.13/src/libopensc/versioninfo.rc 2010-02-16 09:33:11.000000000 +0000 +++ opensc-0.12.1/src/libopensc/versioninfo.rc 1970-01-01 00:00:00.000000000 +0000 @@ -1,37 +0,0 @@ -/* This file is processed by configure to create versioninfo.rc */ -/* Every component changes OpenSC Core Library to local string */ - -#include - -VS_VERSION_INFO VERSIONINFO - FILEVERSION 2,0,0,0 - PRODUCTVERSION 0,11,13,0 - FILEFLAGSMASK 0x3fL -#ifdef _DEBUG - FILEFLAGS 0x21L -#else - FILEFLAGS 0x20L -#endif - FILEOS 0x40004L - FILETYPE 0x1L - FILESUBTYPE 0x0L -BEGIN - BLOCK "StringFileInfo" - BEGIN - BLOCK "040904b0" - BEGIN - VALUE "Comments", "Provided under the terms of the GNU General Public License (LGPLv2.1+).\0" - VALUE "CompanyName", "OpenSC Project\0" - VALUE "FileDescription", "OpenSC Core Library\0" - VALUE "FileVersion", "2.0.0.0\0" - VALUE "InternalName", "opensc\0" - VALUE "LegalCopyright", "OpenSC Project\0" - VALUE "LegalTrademarks", "\0" - VALUE "PrivateBuild", "\0" - VALUE "ProductName", "opensc\0" - VALUE "ProductVersion", "0,11,13,0\0" - VALUE "SpecialBuild", "\0" - END - END -END - diff -Nru opensc-0.11.13/src/Makefile.am opensc-0.12.1/src/Makefile.am --- opensc-0.11.13/src/Makefile.am 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/Makefile.am 2011-05-17 17:07:00.000000000 +0000 @@ -2,5 +2,5 @@ EXTRA_DIST = Makefile.mak # Order IS important -SUBDIRS = common include scconf libopensc pkcs15init pkcs11 \ - tests tools openssh signer +SUBDIRS = common scconf pkcs15init libopensc pkcs11 \ + tools tests minidriver diff -Nru opensc-0.11.13/src/Makefile.in opensc-0.12.1/src/Makefile.in --- opensc-0.11.13/src/Makefile.in 2010-02-16 09:32:17.000000000 +0000 +++ opensc-0.12.1/src/Makefile.in 2011-05-18 05:51:48.000000000 +0000 @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -37,10 +37,9 @@ DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/acx_pthread.m4 \ - $(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.ac + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d @@ -117,8 +116,6 @@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ -ICONV_CFLAGS = @ICONV_CFLAGS@ -ICONV_LIBS = @ICONV_LIBS@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ @@ -126,10 +123,8 @@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LD = @LD@ LDFLAGS = @LDFLAGS@ -LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@ -LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@ -LIBASSUAN_LIBS = @LIBASSUAN_LIBS@ LIBOBJS = @LIBOBJS@ +LIBRARY_BITNESS = @LIBRARY_BITNESS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ @@ -154,8 +149,6 @@ OPENSC_VERSION_MINOR = @OPENSC_VERSION_MINOR@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ -OPTIONAL_ICONV_CFLAGS = @OPTIONAL_ICONV_CFLAGS@ -OPTIONAL_ICONV_LIBS = @OPTIONAL_ICONV_LIBS@ OPTIONAL_OPENCT_CFLAGS = @OPTIONAL_OPENCT_CFLAGS@ OPTIONAL_OPENCT_LIBS = @OPTIONAL_OPENCT_LIBS@ OPTIONAL_OPENSSL_CFLAGS = @OPTIONAL_OPENSSL_CFLAGS@ @@ -178,6 +171,8 @@ PCSC_CFLAGS = @PCSC_CFLAGS@ PCSC_LIBS = @PCSC_LIBS@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ @@ -190,10 +185,7 @@ SHELL = @SHELL@ STRIP = @STRIP@ SVN = @SVN@ -TR = @TR@ VERSION = @VERSION@ -WGET = @WGET@ -WGET_OPTS = @WGET_OPTS@ WIN_LIBPREFIX = @WIN_LIBPREFIX@ XSLTPROC = @XSLTPROC@ ZLIB_CFLAGS = @ZLIB_CFLAGS@ @@ -239,11 +231,8 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ -openscincludedir = @openscincludedir@ pdfdir = @pdfdir@ pkcs11dir = @pkcs11dir@ -pkgconfigdir = @pkgconfigdir@ -plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -260,8 +249,8 @@ EXTRA_DIST = Makefile.mak # Order IS important -SUBDIRS = common include scconf libopensc pkcs15init pkcs11 \ - tests tools openssh signer +SUBDIRS = common scconf pkcs15init libopensc pkcs11 \ + tools tests minidriver all: all-recursive @@ -275,9 +264,9 @@ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/Makefile + $(AUTOMAKE) --foreign src/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -310,7 +299,7 @@ # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. $(RECURSIVE_TARGETS): - @failcom='exit 1'; \ + @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ @@ -335,7 +324,7 @@ fi; test -z "$$fail" $(RECURSIVE_CLEAN_TARGETS): - @failcom='exit 1'; \ + @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ diff -Nru opensc-0.11.13/src/Makefile.mak opensc-0.12.1/src/Makefile.mak --- opensc-0.11.13/src/Makefile.mak 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.12.1/src/Makefile.mak 2011-05-17 17:07:00.000000000 +0000 @@ -2,10 +2,15 @@ !INCLUDE $(TOPDIR)\win32\Make.rules.mak -SUBDIRS = include common scconf libopensc tests pkcs15init pkcs11 tools +SUBDIRS = common scconf pkcs15init libopensc pkcs11 tools tests + +!IF "$(MINIDRIVER_DEF)" == "/DENABLE_MINIDRIVER" +SUBDIRS = $(SUBDIRS) minidriver +!ENDIF all:: all depend install clean:: @for %i in ( $(SUBDIRS) ) do \ - @cmd /c "cd %i && $(MAKE) /nologo /f Makefile.mak $@" + @cmd /c "cd %i && $(MAKE) /nologo /f Makefile.mak $@" + diff -Nru opensc-0.11.13/src/minidriver/Makefile.am opensc-0.12.1/src/minidriver/Makefile.am --- opensc-0.11.13/src/minidriver/Makefile.am 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/minidriver/Makefile.am 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,29 @@ +include $(top_srcdir)/win32/ltrc.inc + +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in +EXTRA_DIST = Makefile.mak + +if ENABLE_MINIDRIVER +lib_LTLIBRARIES = opensc-minidriver@LIBRARY_BITNESS@.la +# Do we need this on bin? Why can't we +# put it in dedicated directory +dist_sbin_SCRIPTS = opensc-minidriver.inf minidriver-westcos.reg +else +dist_noinst_DATA = opensc-minidriver.inf minidriver-westcos.reg +endif + +INCLUDES = -I$(top_srcdir)/src + +opensc_minidriver@LIBRARY_BITNESS@_la_SOURCES = minidriver.c minidriver.exports \ + $(top_builddir)/win32/versioninfo.rc +opensc_minidriver@LIBRARY_BITNESS@_la_LIBADD = $(LTLIB_LIBS) \ + $(top_builddir)/src/libopensc/libopensc.la \ + -lcrypt32 +opensc_minidriver@LIBRARY_BITNESS@_la_LDFLAGS = $(AM_LDFLAGS) \ + -export-symbols "$(srcdir)/minidriver.exports" \ + -module -avoid-version -no-undefined + +if ENABLE_MINIDRIVER +install-exec-hook: + mv "$(DESTDIR)$(libdir)/opensc-minidriver@LIBRARY_BITNESS@.dll" "$(DESTDIR)$(bindir)/" +endif diff -Nru opensc-0.11.13/src/minidriver/Makefile.in opensc-0.12.1/src/minidriver/Makefile.in --- opensc-0.11.13/src/minidriver/Makefile.in 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/minidriver/Makefile.in 2011-05-18 05:51:48.000000000 +0000 @@ -0,0 +1,670 @@ +# Makefile.in generated by automake 1.11.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# Required to build Windows resource file + + + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +DIST_COMMON = $(am__dist_noinst_DATA_DIST) \ + $(am__dist_sbin_SCRIPTS_DIST) $(srcdir)/Makefile.am \ + $(srcdir)/Makefile.in $(srcdir)/opensc-minidriver.inf.in \ + $(top_srcdir)/win32/ltrc.inc +subdir = src/minidriver +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/acx_pthread.m4 \ + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = opensc-minidriver.inf +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(sbindir)" +LTLIBRARIES = $(lib_LTLIBRARIES) +am__DEPENDENCIES_1 = +opensc_minidriver@LIBRARY_BITNESS@_la_DEPENDENCIES = \ + $(am__DEPENDENCIES_1) \ + $(top_builddir)/src/libopensc/libopensc.la +am__dirstamp = $(am__leading_dot)dirstamp +am_opensc_minidriver@LIBRARY_BITNESS@_la_OBJECTS = minidriver.lo \ + $(top_builddir)/win32/versioninfo.lo +opensc_minidriver@LIBRARY_BITNESS@_la_OBJECTS = \ + $(am_opensc_minidriver@LIBRARY_BITNESS@_la_OBJECTS) +opensc_minidriver@LIBRARY_BITNESS@_la_LINK = $(LIBTOOL) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) \ + $(opensc_minidriver@LIBRARY_BITNESS@_la_LDFLAGS) $(LDFLAGS) -o \ + $@ +@ENABLE_MINIDRIVER_TRUE@am_opensc_minidriver@LIBRARY_BITNESS@_la_rpath = \ +@ENABLE_MINIDRIVER_TRUE@ -rpath $(libdir) +am__dist_sbin_SCRIPTS_DIST = opensc-minidriver.inf \ + minidriver-westcos.reg +SCRIPTS = $(dist_sbin_SCRIPTS) +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(opensc_minidriver@LIBRARY_BITNESS@_la_SOURCES) +DIST_SOURCES = $(opensc_minidriver@LIBRARY_BITNESS@_la_SOURCES) +am__dist_noinst_DATA_DIST = opensc-minidriver.inf \ + minidriver-westcos.reg +DATA = $(dist_noinst_DATA) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AR = @AR@ +AS = @AS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFAULT_PCSC_PROVIDER = @DEFAULT_PCSC_PROVIDER@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBRARY_BITNESS = @LIBRARY_BITNESS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LTLIB_CFLAGS = @LTLIB_CFLAGS@ +LTLIB_LIBS = @LTLIB_LIBS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENCT_CFLAGS = @OPENCT_CFLAGS@ +OPENCT_LIBS = @OPENCT_LIBS@ +OPENSC_LT_AGE = @OPENSC_LT_AGE@ +OPENSC_LT_CURRENT = @OPENSC_LT_CURRENT@ +OPENSC_LT_OLDEST = @OPENSC_LT_OLDEST@ +OPENSC_LT_REVISION = @OPENSC_LT_REVISION@ +OPENSC_VERSION_FIX = @OPENSC_VERSION_FIX@ +OPENSC_VERSION_MAJOR = @OPENSC_VERSION_MAJOR@ +OPENSC_VERSION_MINOR = @OPENSC_VERSION_MINOR@ +OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ +OPENSSL_LIBS = @OPENSSL_LIBS@ +OPTIONAL_OPENCT_CFLAGS = @OPTIONAL_OPENCT_CFLAGS@ +OPTIONAL_OPENCT_LIBS = @OPTIONAL_OPENCT_LIBS@ +OPTIONAL_OPENSSL_CFLAGS = @OPTIONAL_OPENSSL_CFLAGS@ +OPTIONAL_OPENSSL_LIBS = @OPTIONAL_OPENSSL_LIBS@ +OPTIONAL_PCSC_CFLAGS = @OPTIONAL_PCSC_CFLAGS@ +OPTIONAL_READLINE_CFLAGS = @OPTIONAL_READLINE_CFLAGS@ +OPTIONAL_READLINE_LIBS = @OPTIONAL_READLINE_LIBS@ +OPTIONAL_ZLIB_CFLAGS = @OPTIONAL_ZLIB_CFLAGS@ +OPTIONAL_ZLIB_LIBS = @OPTIONAL_ZLIB_LIBS@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PCSC_CFLAGS = @PCSC_CFLAGS@ +PCSC_LIBS = @PCSC_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PTHREAD_CC = @PTHREAD_CC@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LIBS = @PTHREAD_LIBS@ +RANLIB = @RANLIB@ +RC = @RC@ +READLINE_CFLAGS = @READLINE_CFLAGS@ +READLINE_LIBS = @READLINE_LIBS@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +SVN = @SVN@ +VERSION = @VERSION@ +WIN_LIBPREFIX = @WIN_LIBPREFIX@ +XSLTPROC = @XSLTPROC@ +ZLIB_CFLAGS = @ZLIB_CFLAGS@ +ZLIB_LIBS = @ZLIB_LIBS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +acx_pthread_config = @acx_pthread_config@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +pkcs11dir = @pkcs11dir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +xslstylesheetsdir = @xslstylesheetsdir@ +RCCOMPILE = $(RC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) + +LTRCCOMPILE = $(LIBTOOL) --mode=compile --tag=RC $(RCCOMPILE) +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in +EXTRA_DIST = Makefile.mak +@ENABLE_MINIDRIVER_TRUE@lib_LTLIBRARIES = opensc-minidriver@LIBRARY_BITNESS@.la +# Do we need this on bin? Why can't we +# put it in dedicated directory +@ENABLE_MINIDRIVER_TRUE@dist_sbin_SCRIPTS = opensc-minidriver.inf minidriver-westcos.reg +@ENABLE_MINIDRIVER_FALSE@dist_noinst_DATA = opensc-minidriver.inf minidriver-westcos.reg +INCLUDES = -I$(top_srcdir)/src +opensc_minidriver@LIBRARY_BITNESS@_la_SOURCES = minidriver.c minidriver.exports \ + $(top_builddir)/win32/versioninfo.rc + +opensc_minidriver@LIBRARY_BITNESS@_la_LIBADD = $(LTLIB_LIBS) \ + $(top_builddir)/src/libopensc/libopensc.la \ + -lcrypt32 + +opensc_minidriver@LIBRARY_BITNESS@_la_LDFLAGS = $(AM_LDFLAGS) \ + -export-symbols "$(srcdir)/minidriver.exports" \ + -module -avoid-version -no-undefined + +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj .rc +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(top_srcdir)/win32/ltrc.inc $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/minidriver/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign src/minidriver/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +opensc-minidriver.inf: $(top_builddir)/config.status $(srcdir)/opensc-minidriver.inf.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +install-libLTLIBRARIES: $(lib_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ + } + +uninstall-libLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ + done + +clean-libLTLIBRARIES: + -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) + @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +$(top_builddir)/win32/$(am__dirstamp): + @$(MKDIR_P) $(top_builddir)/win32 + @: > $(top_builddir)/win32/$(am__dirstamp) +$(top_builddir)/win32/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) $(top_builddir)/win32/$(DEPDIR) + @: > $(top_builddir)/win32/$(DEPDIR)/$(am__dirstamp) +$(top_builddir)/win32/versioninfo.lo: \ + $(top_builddir)/win32/$(am__dirstamp) \ + $(top_builddir)/win32/$(DEPDIR)/$(am__dirstamp) +opensc-minidriver@LIBRARY_BITNESS@.la: $(opensc_minidriver@LIBRARY_BITNESS@_la_OBJECTS) $(opensc_minidriver@LIBRARY_BITNESS@_la_DEPENDENCIES) + $(opensc_minidriver@LIBRARY_BITNESS@_la_LINK) $(am_opensc_minidriver@LIBRARY_BITNESS@_la_rpath) $(opensc_minidriver@LIBRARY_BITNESS@_la_OBJECTS) $(opensc_minidriver@LIBRARY_BITNESS@_la_LIBADD) $(LIBS) +install-dist_sbinSCRIPTS: $(dist_sbin_SCRIPTS) + @$(NORMAL_INSTALL) + test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)" + @list='$(dist_sbin_SCRIPTS)'; test -n "$(sbindir)" || list=; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n' \ + -e 'h;s|.*|.|' \ + -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) { files[d] = files[d] " " $$1; \ + if (++n[d] == $(am__install_max)) { \ + print "f", d, files[d]; n[d] = 0; files[d] = "" } } \ + else { print "f", d "/" $$4, $$1 } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(sbindir)$$dir'"; \ + $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-dist_sbinSCRIPTS: + @$(NORMAL_UNINSTALL) + @list='$(dist_sbin_SCRIPTS)'; test -n "$(sbindir)" || exit 0; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 's,.*/,,;$(transform)'`; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(sbindir)" && rm -f $$files + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + -rm -f $(top_builddir)/win32/versioninfo.$(OBJEXT) + -rm -f $(top_builddir)/win32/versioninfo.lo + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/minidriver.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf $(top_builddir)/win32/.libs $(top_builddir)/win32/_libs + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) $(SCRIPTS) $(DATA) +installdirs: + for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(sbindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -test -z "$(top_builddir)/win32/$(DEPDIR)/$(am__dirstamp)" || rm -f $(top_builddir)/win32/$(DEPDIR)/$(am__dirstamp) + -test -z "$(top_builddir)/win32/$(am__dirstamp)" || rm -f $(top_builddir)/win32/$(am__dirstamp) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." + -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) +@ENABLE_MINIDRIVER_FALSE@install-exec-hook: +clean: clean-am + +clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: install-dist_sbinSCRIPTS install-libLTLIBRARIES + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-exec-hook +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-dist_sbinSCRIPTS uninstall-libLTLIBRARIES + +.MAKE: install-am install-exec-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libLTLIBRARIES clean-libtool ctags distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am \ + install-dist_sbinSCRIPTS install-dvi install-dvi-am \ + install-exec install-exec-am install-exec-hook install-html \ + install-html-am install-info install-info-am \ + install-libLTLIBRARIES install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-dist_sbinSCRIPTS \ + uninstall-libLTLIBRARIES + + +.rc.lo: + $(LTRCCOMPILE) -i "$<" -o "$@" + +.rc.o: + $(RCCOMPILE) -i "$<" -o "$@" + +@ENABLE_MINIDRIVER_TRUE@install-exec-hook: +@ENABLE_MINIDRIVER_TRUE@ mv "$(DESTDIR)$(libdir)/opensc-minidriver@LIBRARY_BITNESS@.dll" "$(DESTDIR)$(bindir)/" + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff -Nru opensc-0.11.13/src/minidriver/Makefile.mak opensc-0.12.1/src/minidriver/Makefile.mak --- opensc-0.11.13/src/minidriver/Makefile.mak 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/minidriver/Makefile.mak 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,15 @@ +TOPDIR = ..\.. + +TARGET = opensc-minidriver.dll +OBJECTS = minidriver.obj + +!INCLUDE $(TOPDIR)\win32\Make.rules.mak + +all: $(TARGET) + +$(TARGET): $(OBJECTS) + echo LIBRARY $* > $*.def + echo EXPORTS >> $*.def + type minidriver.exports >> $*.def + link /dll $(LINKFLAGS) /def:$*.def /out:$(TARGET) $(OBJECTS) ..\libopensc\opensc.lib $(ZLIB_LIB) $(OPENSSL_LIB) ..\common\libscdl.lib ws2_32.lib gdi32.lib advapi32.lib Crypt32.lib User32.lib + if EXIST $(TARGET).manifest mt -manifest $(TARGET).manifest -outputresource:$(TARGET);2 diff -Nru opensc-0.11.13/src/minidriver/minidriver.c opensc-0.12.1/src/minidriver/minidriver.c --- opensc-0.11.13/src/minidriver/minidriver.c 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/minidriver/minidriver.c 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,2137 @@ +/* + * minidriver.c: OpenSC minidriver + * + * Copyright (C) 2009,2010 francois.leblanc@cev-sa.com + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +/* + * This module requires "cardmod.h" from CNG SDK or platform SDK to build. + */ + +#include "config.h" +#ifdef ENABLE_MINIDRIVER + +#ifdef _MANAGED +#pragma managed(push, off) +#endif + +#include +#include + +#include +#include "cardmod.h" + +#include "libopensc/cardctl.h" +#include "libopensc/opensc.h" +#include "libopensc/pkcs15.h" +#include "libopensc/log.h" +#include "libopensc/internal.h" + +#if defined(__MINGW32__) +/* Part of the build svn project in the include directory */ +#include "cardmod-mingw-compat.h" +#endif + +#define NULLSTR(a) (a == NULL ? "" : a) +#define NULLWSTR(a) (a == NULL ? L"" : a) + +/* if use of internal-winscard.h */ +#ifndef SCARD_E_INVALID_PARAMETER +#define SCARD_E_INVALID_PARAMETER 0x80100004L +#define SCARD_E_UNSUPPORTED_FEATURE 0x80100022L +#define SCARD_E_NO_MEMORY 0x80100006L +#define SCARD_W_WRONG_CHV 0x8010006BL +#define SCARD_E_FILE_NOT_FOUND 0x80100024L +#define SCARD_E_UNKNOWN_CARD 0x8010000DL +#define SCARD_F_UNKNOWN_ERROR 0x80100014L +#endif + +typedef struct _VENDOR_SPECIFIC +{ + char *pin; + + sc_pkcs15_object_t *cert_objs[32]; + int cert_count; + sc_pkcs15_object_t *prkey_objs[32]; + int prkey_count; + sc_pkcs15_object_t *pin_objs[8]; + int pin_count; + + sc_context_t *ctx; + sc_reader_t *reader; + sc_card_t *card; + sc_pkcs15_card_t *p15card; + + sc_pkcs15_object_t *pkey; + + struct { + BYTE file_appdir[9]; + CARD_CACHE_FILE_FORMAT file_cardcf; + BYTE file_cardid[16]; + }cardFiles; + SCARDCONTEXT hSCardCtx; + SCARDHANDLE hScard; + +}VENDOR_SPECIFIC; + +static int associate_card(PCARD_DATA pCardData); +static int disassociate_card(PCARD_DATA pCardData); + +static void logprintf(PCARD_DATA pCardData, int level, const char* format, ...) +{ + va_list arg; + VENDOR_SPECIFIC *vs; +/* #define CARDMOD_LOW_LEVEL_DEBUG 1 */ +#ifdef CARDMOD_LOW_LEVEL_DEBUG +/* Use a simplied log to get all messages including messages + * before opensc is loaded. The file must be modifiable by all + * users as we maybe called under lsa or user. Note data from + * multiple process and threads may get intermingled. + * flush to get last message before ann crash + * close so as the file is not left open during any wait. + */ + { + FILE* lldebugfp = NULL; + + lldebugfp = fopen("C:\\tmp\\cardmod.log.txt","ab"); + if (lldebugfp != NULL) { + va_start(arg, format); + vfprintf(lldebugfp, format, arg); + va_end(arg); + fflush(lldebugfp); + fclose(lldebugfp); + lldebugfp = NULL; + } + return; + } +#endif + + va_start(arg, format); + if(pCardData != NULL) + { + vs = (VENDOR_SPECIFIC*)(pCardData->pvVendorSpecific); + if(vs != NULL && vs->ctx != NULL) + { +#ifdef _MSC_VER + sc_do_log_noframe(vs->ctx, level, format, arg); +#else + /* FIXME: trouble in vsprintf with %S arg under + mingw32 + */ + if(vs->ctx->debug>=level) { + vfprintf(vs->ctx->debug_file, format, arg); + } +#endif + } + } + va_end(arg); +} + +static void loghex(PCARD_DATA pCardData, int level, PBYTE data, int len) +{ + char line[74]; + char *c; + int i, a; + unsigned char * p; + + logprintf(pCardData, level, "--- %p:%d\n", data, len); + + if (data == NULL || len <= 0) return; + + p = data; + c = line; + i = 0; + a = 0; + memset(line, 0, sizeof(line)); + + while(i < len) { + sprintf(c,"%02X", *p); + p++; + c += 2; + i++; + if (i%32 == 0) { + logprintf(pCardData, level, " %04X %s\n", a, line); + a +=32; + memset(line, 0, sizeof(line)); + c = line; + } else { + if (i%4 == 0) *(c++) = ' '; + if (i%16 == 0) *(c++) = ' '; + } + } + if (i%32 != 0) + logprintf(pCardData, level, " %04X %s\n", a, line); +} + +static void print_werror(PCARD_DATA pCardData, char *str) +{ + void *buf; + FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | + FORMAT_MESSAGE_FROM_SYSTEM | + FORMAT_MESSAGE_IGNORE_INSERTS, + NULL,GetLastError(),0, + (LPTSTR) &buf,0,NULL); + + logprintf(pCardData, 0, "%s%s\n", str, buf); + LocalFree(buf); +} + +/* + * check if the card has been removed, or the + * caller has changed the handles. + * if so, then free up all previous card info + * and reestablish + */ +static int check_reader_status(PCARD_DATA pCardData) { + + int r; + VENDOR_SPECIFIC *vs = NULL; + + logprintf(pCardData, 4, "check_reader_status\n"); + + if(!pCardData) + return SCARD_E_INVALID_PARAMETER; + + vs = (VENDOR_SPECIFIC*)(pCardData->pvVendorSpecific); + if(!vs) + return SCARD_E_INVALID_PARAMETER; + + logprintf(pCardData, 7, "pCardData->hSCardCtx:0x%08X hScard:0x%08X\n", + pCardData->hSCardCtx, pCardData->hScard); + + if (pCardData->hSCardCtx != vs->hSCardCtx + || pCardData->hScard != vs->hScard) { + logprintf (pCardData, 1, "HANDLES CHANGED from 0x%08X 0x%08X\n", vs->hSCardCtx, vs->hScard); + + r = disassociate_card(pCardData); + logprintf(pCardData, 1, "disassociate_card r = 0x%08X\n"); + r = associate_card(pCardData); /* need to check return codes */ + logprintf(pCardData, 1, "associate_card r = 0x%08X\n"); + } else + + /* This should always work, as BaseCSP should be checking for removal too */ + if (vs->reader) { + r = sc_detect_card_presence(vs->reader); + logprintf(pCardData, 2, "check_reader_status r=%d flags 0x%08X\n", + r, vs->reader->flags); + } + return SCARD_S_SUCCESS; +} + + +/* + * Compute modulus length + */ +static size_t compute_keybits(sc_pkcs15_bignum_t *bn) +{ + unsigned int mask, bits; + + if (!bn || !bn->len) + return 0; + bits = bn->len << 3; + for (mask = 0x80; !(bn->data[0] & mask); mask >>= 1) + bits--; + return bits; +} + + +static int get_pin_by_role(PCARD_DATA pCardData, PIN_ID role, struct sc_pkcs15_object **ret_obj) +{ + VENDOR_SPECIFIC *vs; + int i; + + if (!pCardData) + return SCARD_E_INVALID_PARAMETER; + + logprintf(pCardData, 2, "get PIN with role %i\n", role); + + vs = (VENDOR_SPECIFIC*)(pCardData->pvVendorSpecific); + if (vs->pin_count == 0) { + logprintf(pCardData, 2, "cannot get PIN object: no PIN defined\n"); + return SCARD_E_UNSUPPORTED_FEATURE; + } + + if (!ret_obj) + return SCARD_E_INVALID_PARAMETER; + + *ret_obj = NULL; + + for(i = 0; i < vs->pin_count; i++) + { + struct sc_pkcs15_object *obj = vs->pin_objs[i]; + struct sc_pkcs15_pin_info *pin_info = (struct sc_pkcs15_pin_info *) (obj->data); + unsigned int pin_flags = pin_info->flags; + unsigned int admin_pin_flags = SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN | SC_PKCS15_PIN_FLAG_SO_PIN; + + logprintf(pCardData, 2, "PIN[%s] flags 0x%X\n", obj->label, pin_flags); + if (role == ROLE_USER) { + if (!(pin_flags & admin_pin_flags)) { + *ret_obj = obj; + break; + } + } + else if (role == ROLE_ADMIN) { + if (pin_flags & admin_pin_flags) { + *ret_obj = obj; + break; + } + } + else { + logprintf(pCardData, 2, "cannot get PIN object: unsupported role\n"); + return SCARD_E_UNSUPPORTED_FEATURE; + } + } + + if (i == vs->pin_count) { + logprintf(pCardData, 2, "cannot get PIN object: not found\n"); + return SCARD_E_UNSUPPORTED_FEATURE; + } + + return SCARD_S_SUCCESS; +} + +static void dump_objects (PCARD_DATA pCardData) +{ + VENDOR_SPECIFIC *vs; + sc_pkcs15_prkey_info_t *prkey_info; + sc_pkcs15_cert_t *cert; + int i; + + if (!pCardData) + return; + + vs = (VENDOR_SPECIFIC*)(pCardData->pvVendorSpecific); + if (!vs) + return; + + for(i = 0; i < vs->prkey_count; i++) + { + prkey_info = (sc_pkcs15_prkey_info_t*)(vs->prkey_objs[i]->data); + logprintf(pCardData, 5, "prkey_info->subject %d (subject_len=%d)" \ + "modulus_length=%d subject ", i, prkey_info->subject.len, \ + prkey_info->modulus_length); + loghex(pCardData, 5, prkey_info->subject.value, prkey_info->subject.len); + } + + for(i = 0; i < vs->cert_count; i++) + { + sc_pkcs15_read_certificate(vs->p15card, \ + (struct sc_pkcs15_cert_info *)(vs->cert_objs[i]->data), &cert); + logprintf(pCardData, 5, "cert->subject %d ", i); + loghex(pCardData, 5, cert->subject, cert->subject_len); + sc_pkcs15_free_certificate(cert); + } + + for(i = 0; i < vs->pin_count; i++) + { + const char *pin_flags[] = + { + "case-sensitive", "local", "change-disabled", + "unblock-disabled", "initialized", "needs-padding", + "unblockingPin", "soPin", "disable_allowed", + "integrity-protected", "confidentiality-protected", + "exchangeRefData" + }; + const char *pin_types[] = {"bcd", "ascii-numeric", "UTF-8", + "halfnibble bcd", "iso 9664-1"}; + const struct sc_pkcs15_object *obj = vs->pin_objs[i]; + const struct sc_pkcs15_pin_info *pin = (const struct sc_pkcs15_pin_info *) (obj->data); + const size_t pf_count = sizeof(pin_flags)/sizeof(pin_flags[0]); + size_t j; + + logprintf(pCardData, 2, "PIN [%s]\n", obj->label); + logprintf(pCardData, 2, "\tCom. Flags: 0x%X\n", obj->flags); + logprintf(pCardData, 2, "\tID : %s\n", sc_pkcs15_print_id(&pin->auth_id)); + logprintf(pCardData, 2, "\tFlags : [0x%02X]", pin->flags); + for (j = 0; j < pf_count; j++) + if (pin->flags & (1 << j)) { + logprintf(pCardData, 2, ", %s", pin_flags[j]); + } + logprintf(pCardData, 2, "\n"); + logprintf(pCardData, 2, "\tLength : min_len:%lu, max_len:%lu, stored_len:%lu\n", + (unsigned long)pin->min_length, (unsigned long)pin->max_length, + (unsigned long)pin->stored_length); + logprintf(pCardData, 2, "\tPad char : 0x%02X\n", pin->pad_char); + logprintf(pCardData, 2, "\tReference : %d\n", pin->reference); + if (pin->type < sizeof(pin_types)/sizeof(pin_types[0])) + logprintf(pCardData, 2, "\tType : %s\n", pin_types[pin->type]); + else + logprintf(pCardData, 2, "\tType : [encoding %d]\n", pin->type); + logprintf(pCardData, 2, "\tPath : %s\n", sc_print_path(&pin->path)); + if (pin->tries_left >= 0) + logprintf(pCardData, 2, "\tTries left: %d\n", pin->tries_left); + } +} + + +DWORD WINAPI CardDeleteContext(__inout PCARD_DATA pCardData) +{ + VENDOR_SPECIFIC *vs = NULL; + + logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData); + logprintf(pCardData, 1, "CardDeleteContext\n"); + + if(!pCardData) + return SCARD_E_INVALID_PARAMETER; + + vs = (VENDOR_SPECIFIC*)(pCardData->pvVendorSpecific); + + if(!vs) + return SCARD_E_INVALID_PARAMETER; + + disassociate_card(pCardData); + + if(vs->ctx) + { + logprintf(pCardData, 6, "release context\n"); + sc_release_context(vs->ctx); + vs->ctx = NULL; + } + + logprintf(pCardData, 1, "***********************************" \ + "***********************************\n"); + + pCardData->pfnCspFree(pCardData->pvVendorSpecific); + pCardData->pvVendorSpecific = NULL; + + return SCARD_S_SUCCESS; +} + +DWORD WINAPI CardQueryCapabilities(__in PCARD_DATA pCardData, + __in PCARD_CAPABILITIES pCardCapabilities) +{ + + logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData); + logprintf(pCardData, 1, "pCardCapabilities=%X\n", pCardCapabilities); + + if (!pCardData) return SCARD_E_INVALID_PARAMETER; + if (!pCardCapabilities) return SCARD_E_INVALID_PARAMETER; + + if (pCardCapabilities->dwVersion != CARD_CAPABILITIES_CURRENT_VERSION + && pCardCapabilities->dwVersion != 0) + return ERROR_REVISION_MISMATCH; + + pCardCapabilities->dwVersion = CARD_CAPABILITIES_CURRENT_VERSION; + pCardCapabilities->fCertificateCompression = TRUE; + pCardCapabilities->fKeyGen = FALSE; + + check_reader_status(pCardData); + + return SCARD_S_SUCCESS; +} + +DWORD WINAPI CardDeleteContainer(__in PCARD_DATA pCardData, + __in BYTE bContainerIndex, + __in DWORD dwReserved) +{ + logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData); + logprintf(pCardData, 1, "CardDeleteContainer - unsupported\n"); + return SCARD_E_UNSUPPORTED_FEATURE; +} + +DWORD WINAPI CardCreateContainer(__in PCARD_DATA pCardData, + __in BYTE bContainerIndex, + __in DWORD dwFlags, + __in DWORD dwKeySpec, + __in DWORD dwKeySize, + __in PBYTE pbKeyData) +{ + logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData); + logprintf(pCardData, 1, "CardCreateContainer - unsupported\n"); + return SCARD_E_UNSUPPORTED_FEATURE; +} + +typedef struct { + PUBLICKEYSTRUC publickeystruc; + RSAPUBKEY rsapubkey; +} PUBKEYSTRUCT_BASE; + +DWORD WINAPI CardGetContainerInfo(__in PCARD_DATA pCardData, + __in BYTE bContainerIndex, + __in DWORD dwFlags, + __in PCONTAINER_INFO pContainerInfo) +{ + int r; + sc_pkcs15_cert_t *cert = NULL; + VENDOR_SPECIFIC *vs = NULL; + + PUBKEYSTRUCT_BASE *oh = NULL; + PUBKEYSTRUCT_BASE *oh2 = NULL; + + DWORD sz = 0; + DWORD sz2 = 0; + + DWORD ret; + sc_pkcs15_pubkey_t *pubkey = NULL; + + logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData); + logprintf(pCardData, 1, "CardGetContainerInfo bContainerIndex=%u, dwFlags=0x%08X, " \ + "dwVersion=%u, cbSigPublicKey=%u, cbKeyExPublicKey=%u\n", \ + bContainerIndex, dwFlags, pContainerInfo->dwVersion, \ + pContainerInfo->cbSigPublicKey, pContainerInfo->cbKeyExPublicKey); + + if(!pCardData) return SCARD_E_INVALID_PARAMETER; + if (!pContainerInfo) SCARD_E_INVALID_PARAMETER; + if (dwFlags) return SCARD_E_INVALID_PARAMETER; + if (pContainerInfo->dwVersion < 0 + || pContainerInfo->dwVersion > CONTAINER_INFO_CURRENT_VERSION) + return ERROR_REVISION_MISMATCH; + + vs = (VENDOR_SPECIFIC*)(pCardData->pvVendorSpecific); + + check_reader_status(pCardData); + + if(bContainerIndex>=vs->cert_count) + return SCARD_E_INVALID_PARAMETER; + + r = sc_pkcs15_read_certificate(vs->p15card, \ + (struct sc_pkcs15_cert_info *)(vs->cert_objs[bContainerIndex]->data), \ + &cert); + logprintf(pCardData, 1, "read_certificate %d return %d, cert = %p\n", \ + bContainerIndex, r, cert); + if(r) + { + return SCARD_E_FILE_NOT_FOUND; + } + pubkey = cert->key; + + if(pubkey->algorithm == SC_ALGORITHM_RSA) + { + int modulus = compute_keybits(&(pubkey->u.rsa.modulus)); + + PCCERT_CONTEXT cer = CertCreateCertificateContext(X509_ASN_ENCODING \ + | PKCS_7_ASN_ENCODING, cert->data, cert->data_len); + PCERT_PUBLIC_KEY_INFO pinf = \ + &(cer->pCertInfo->SubjectPublicKeyInfo); + + sz = 0; /* get size */ + CryptDecodeObject(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, \ + RSA_CSP_PUBLICKEYBLOB, pinf->PublicKey.pbData, \ + pinf->PublicKey.cbData , 0, oh, &sz); + sz2 = sz; + + oh = (PUBKEYSTRUCT_BASE*)pCardData->pfnCspAlloc(sz); + oh2 = (PUBKEYSTRUCT_BASE*)pCardData->pfnCspAlloc(sz2); + if(oh && oh2) + { + CryptDecodeObject(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, \ + RSA_CSP_PUBLICKEYBLOB, pinf->PublicKey.pbData, \ + pinf->PublicKey.cbData , 0, oh, &sz); + + oh->publickeystruc.aiKeyAlg = CALG_RSA_SIGN; + pContainerInfo->cbSigPublicKey = sz; + pContainerInfo->pbSigPublicKey = (PBYTE)oh; + + CryptDecodeObject(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, \ + RSA_CSP_PUBLICKEYBLOB, pinf->PublicKey.pbData, \ + pinf->PublicKey.cbData , 0, oh2, &sz2); + + oh2->publickeystruc.aiKeyAlg = CALG_RSA_KEYX; + pContainerInfo->cbKeyExPublicKey = sz2; + pContainerInfo->pbKeyExPublicKey = (PBYTE)oh2; + + pContainerInfo->dwVersion = CONTAINER_INFO_CURRENT_VERSION; + + logprintf(pCardData, 3, "return info on SIGN_CONTAINER_INDEX\n"); + ret = SCARD_S_SUCCESS; + } + else + { + ret = SCARD_E_NO_MEMORY; + } + } + + if(cert) + { + sc_pkcs15_free_certificate(cert); + } + + return ret; +} + +DWORD WINAPI CardAuthenticatePin(__in PCARD_DATA pCardData, + __in LPWSTR pwszUserId, + __in PBYTE pbPin, + __in DWORD cbPin, + __out_opt PDWORD pcAttemptsRemaining) +{ + int r; + sc_pkcs15_object_t *pin_obj; + char type[256]; + VENDOR_SPECIFIC *vs; + + if(!pCardData) return SCARD_E_INVALID_PARAMETER; + + vs = (VENDOR_SPECIFIC*)(pCardData->pvVendorSpecific); + + logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData); + logprintf(pCardData, 1, "CardAuthenticatePin %S %d %d\n", NULLWSTR(pwszUserId), \ + cbPin, vs->cardFiles.file_cardcf.bPinsFreshness); + + check_reader_status(pCardData); + + if (NULL == pwszUserId) return SCARD_E_INVALID_PARAMETER; + if (wcscmp(wszCARD_USER_USER,pwszUserId) != 0 && \ + wcscmp(wszCARD_USER_ADMIN,pwszUserId) != 0) \ + return SCARD_E_INVALID_PARAMETER; + if (NULL == pbPin) return SCARD_E_INVALID_PARAMETER; + + if (cbPin < 4 || cbPin > 12) return SCARD_W_WRONG_CHV; + + if (wcscmp(wszCARD_USER_ADMIN,pwszUserId) == 0) + { + return SCARD_W_WRONG_CHV; + } + + wcstombs(type, pwszUserId, 100); + type[10] = 0; + + logprintf(pCardData, 1, "CardAuthenticatePin %.20s, %d, %d\n", NULLSTR(type), \ + cbPin, (pcAttemptsRemaining==NULL?-2:*pcAttemptsRemaining)); + + r = get_pin_by_role(pCardData, ROLE_USER, &pin_obj); + if (r != SCARD_S_SUCCESS) + { + logprintf(pCardData, 2, "Cannot get User PIN object"); + return r; + } + + r = sc_pkcs15_verify_pin(vs->p15card, pin_obj, (const u8 *) pbPin, cbPin); + if (r) + { + logprintf(pCardData, 1, "PIN code verification failed: %s\n", sc_strerror(r)); + + if(pcAttemptsRemaining) + { + (*pcAttemptsRemaining) = -1; + } + return SCARD_W_WRONG_CHV; + } + + logprintf(pCardData, 3, "Pin code correct.\n"); + + SET_PIN(vs->cardFiles.file_cardcf.bPinsFreshness, ROLE_USER); + logprintf(pCardData, 3, "PinsFreshness = %d\n", + vs->cardFiles.file_cardcf.bPinsFreshness); + + return SCARD_S_SUCCESS; +} + +DWORD WINAPI CardGetChallenge(__in PCARD_DATA pCardData, + __deref_out_bcount(*pcbChallengeData) PBYTE *ppbChallengeData, + __out PDWORD pcbChallengeData) +{ + logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData); + logprintf(pCardData, 1, "CardGetChallenge - unsupported\n"); + return SCARD_E_UNSUPPORTED_FEATURE; +} + +DWORD WINAPI CardAuthenticateChallenge(__in PCARD_DATA pCardData, + __in_bcount(cbResponseData) PBYTE pbResponseData, + __in DWORD cbResponseData, + __out_opt PDWORD pcAttemptsRemaining) +{ + logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData); + logprintf(pCardData, 1, "CardAuthenticateChallenge - unsupported\n"); + return SCARD_E_UNSUPPORTED_FEATURE; +} + +DWORD WINAPI CardUnblockPin(__in PCARD_DATA pCardData, + __in LPWSTR pwszUserId, + __in_bcount(cbAuthenticationData) PBYTE pbAuthenticationData, + __in DWORD cbAuthenticationData, + __in_bcount(cbNewPinData) PBYTE pbNewPinData, + __in DWORD cbNewPinData, + __in DWORD cRetryCount, + __in DWORD dwFlags) +{ + logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData); + logprintf(pCardData, 1, "CardUnblockPin - unsupported\n"); + return SCARD_E_UNSUPPORTED_FEATURE; +} + +DWORD WINAPI CardChangeAuthenticator(__in PCARD_DATA pCardData, + __in LPWSTR pwszUserId, + __in_bcount(cbCurrentAuthenticator) PBYTE pbCurrentAuthenticator, + __in DWORD cbCurrentAuthenticator, + __in_bcount(cbNewAuthenticator) PBYTE pbNewAuthenticator, + __in DWORD cbNewAuthenticator, + __in DWORD cRetryCount, + __in DWORD dwFlags, + __out_opt PDWORD pcAttemptsRemaining) +{ + logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData); + logprintf(pCardData, 1, "CardChangeAuthenticator - unsupported\n"); + return SCARD_E_UNSUPPORTED_FEATURE; +} + + +DWORD WINAPI CardDeauthenticate(__in PCARD_DATA pCardData, + __in LPWSTR pwszUserId, + __in DWORD dwFlags) +{ + VENDOR_SPECIFIC *vs; + + logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData); + logprintf(pCardData, 1, "CardDeauthenticate%S %d\n", NULLWSTR(pwszUserId), + dwFlags); + + if(!pCardData) return SCARD_E_INVALID_PARAMETER; + + vs = (VENDOR_SPECIFIC*)(pCardData->pvVendorSpecific); + + check_reader_status(pCardData); + + /* TODO This does not look correct, as it does not look at the pwszUserId */ + /* TODO We need to tell the card the pin is no longer valid */ + CLEAR_PIN(vs->cardFiles.file_cardcf.bPinsFreshness, ROLE_USER); + logprintf(pCardData, 5, "PinsFreshness = %d\n", + vs->cardFiles.file_cardcf.bPinsFreshness); + + /*TODO Should we reset the card ? */ + + return SCARD_S_SUCCESS; +} + +DWORD WINAPI CardCreateDirectory(__in PCARD_DATA pCardData, + __in LPSTR pszDirectoryName, + __in CARD_DIRECTORY_ACCESS_CONDITION AccessCondition) +{ + logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData); + logprintf(pCardData, 1, "CardCreateDirectory - unsupported\n"); + return SCARD_E_UNSUPPORTED_FEATURE; +} + +DWORD WINAPI CardDeleteDirectory(__in PCARD_DATA pCardData, + __in LPSTR pszDirectoryName) + +{ + logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData); + logprintf(pCardData, 1, "CardDeleteDirectory - unsupported\n"); + return SCARD_E_UNSUPPORTED_FEATURE; +} + +DWORD WINAPI CardCreateFile(__in PCARD_DATA pCardData, + __in LPSTR pszDirectoryName, + __in LPSTR pszFileName, + __in DWORD cbInitialCreationSize, + __in CARD_FILE_ACCESS_CONDITION AccessCondition) +{ + logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData); + logprintf(pCardData, 1, "CardCreateFile - unsupported\n"); + return SCARD_E_UNSUPPORTED_FEATURE; +} + +DWORD WINAPI CardReadFile(__in PCARD_DATA pCardData, + __in LPSTR pszDirectoryName, + __in LPSTR pszFileName, + __in DWORD dwFlags, + __deref_out_bcount(*pcbData) PBYTE *ppbData, + __out PDWORD pcbData) +{ + VENDOR_SPECIFIC *vs; + + logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData); + logprintf(pCardData, 1, "CardReadFile\n"); + + if(!pCardData) return SCARD_E_INVALID_PARAMETER; + + vs = (VENDOR_SPECIFIC*)(pCardData->pvVendorSpecific); + + logprintf(pCardData, 2, "pszDirectoryName = %s, pszFileName = %s, " \ + "dwFlags = %X, pcbData=%d, *ppbData=%X\n", \ + NULLSTR(pszDirectoryName), NULLSTR(pszFileName), \ + dwFlags, *pcbData, *ppbData); + + if (!pszFileName) return SCARD_E_INVALID_PARAMETER; + if (!strlen(pszFileName)) return SCARD_E_INVALID_PARAMETER; + if (!ppbData) return SCARD_E_INVALID_PARAMETER; + if (!pcbData) return SCARD_E_INVALID_PARAMETER; + if (dwFlags) return SCARD_E_INVALID_PARAMETER; + + check_reader_status(pCardData); + + if(pszDirectoryName == NULL) + { + if(strcmp(pszFileName, "cardid") == 0) + { + *pcbData = strlen(vs->p15card->tokeninfo->serial_number) + 10; + *ppbData = pCardData->pfnCspAlloc(*pcbData); + if(!*ppbData) + { + return SCARD_E_NO_MEMORY; + } + + strcpy(*ppbData, vs->p15card->tokeninfo->serial_number); + + logprintf(pCardData, 7, "return cardid "); + loghex(pCardData, 7, *ppbData, *pcbData); + + return SCARD_S_SUCCESS; + } + + if(strcmp(pszFileName, "cardcf") == 0) + { + *pcbData = sizeof(vs->cardFiles.file_cardcf); + *ppbData = pCardData->pfnCspAlloc(*pcbData); + if(!*ppbData) + { + return SCARD_E_NO_MEMORY; + } + + memcpy(*ppbData, &(vs->cardFiles.file_cardcf), *pcbData); + + logprintf(pCardData, 7, "return cardcf "); + loghex(pCardData, 7, *ppbData, *pcbData); + + return SCARD_S_SUCCESS; + } + + } + + if(pszDirectoryName != NULL && strcmp(pszDirectoryName, "mscp") == 0) + { + int r,i,n; + sc_pkcs15_cert_t *cert = NULL; + + if(strcmp(pszFileName, "cmapfile") == 0) + { + PCONTAINER_MAP_RECORD p; + sc_pkcs15_pubkey_t *pubkey = NULL; + + *pcbData = 32*sizeof(CONTAINER_MAP_RECORD); + *ppbData = pCardData->pfnCspAlloc(*pcbData); + if(!*ppbData) + { + return SCARD_E_NO_MEMORY; + } + + memset(*ppbData, 0, *pcbData); + + for(i = 0, p = (PCONTAINER_MAP_RECORD)*ppbData; \ + i < vs->cert_count; i++,p++) + { + struct sc_pkcs15_cert_info *cert_info = (sc_pkcs15_cert_info_t *)vs->cert_objs[i]->data; + sc_pkcs15_cert_t *cert = NULL; + + r = sc_pkcs15_read_certificate(vs->p15card, cert_info, &cert); + logprintf(pCardData, 2, "sc_pkcs15_read_certificate return %d\n", r); + if(r) + { + return SCARD_E_FILE_NOT_FOUND; + } + pubkey = cert->key; + if(pubkey->algorithm == SC_ALGORITHM_RSA) + { + struct sc_card *card = vs->p15card->card; + char guid[MAX_CONTAINER_NAME_LEN + 1]; + + r = sc_pkcs15_get_guid(vs->p15card, vs->cert_objs[i], guid, sizeof(guid)); + if (r) + return r; + + logprintf(pCardData, 7, "Guid=%s\n", guid); + + mbstowcs(p->wszGuid, guid, MAX_CONTAINER_NAME_LEN + 1); + + p->bFlags += CONTAINER_MAP_VALID_CONTAINER; + if(i == 0) + { + p->bFlags += CONTAINER_MAP_DEFAULT_CONTAINER; + } + /* TODO Looks like these should be based on sc_pkcs15_prkey_info usage */ + /* On PIV on W7, auth cert is AT_KEYEXCHANGE, Signing cert is AT_SIGNATURE */ + + p->wSigKeySizeBits = \ + compute_keybits(&(pubkey->u.rsa.modulus)); + p->wKeyExchangeKeySizeBits = \ + compute_keybits(&(pubkey->u.rsa.modulus)); + } + sc_pkcs15_free_certificate(cert); + + logprintf(pCardData, 7, "cmapfile entry %d ",i); + loghex(pCardData, 7, (PBYTE) p, sizeof(CONTAINER_MAP_RECORD)); + } + + return SCARD_S_SUCCESS; + } + + if(sscanf(pszFileName, "ksc%d", &n) <= 0) + { + if(sscanf(pszFileName, "kxc%d", &n) <= 0) + { + n = -1; + } + } + + logprintf(pCardData, 7, "n = %d\n", n); + + if(n>=0 && ncert_count) + { + sc_pkcs15_cert_t *cert = NULL; + + r = sc_pkcs15_read_certificate(vs->p15card, \ + (struct sc_pkcs15_cert_info *)(vs->cert_objs[n]->data), \ + &cert); + logprintf(pCardData, 2, "Reading certificat return %d\n", r); + if(r) + { + return SCARD_E_FILE_NOT_FOUND; + } + + *pcbData = cert->data_len; + *ppbData = pCardData->pfnCspAlloc(*pcbData); + + if(*ppbData == NULL) + { + logprintf(pCardData, 0, "memory error\n"); + return SCARD_E_NO_MEMORY; + } + + CopyMemory(*ppbData, cert->data, *pcbData); + + if(1) + { + logprintf(pCardData, 6, "cert returned "); + loghex(pCardData, 6, *ppbData, *pcbData); + } + + sc_pkcs15_free_certificate(cert); + + return SCARD_S_SUCCESS; + } + } + + logprintf(pCardData, 5, "File not found\n"); + return SCARD_E_FILE_NOT_FOUND; +} + +DWORD WINAPI CardWriteFile(__in PCARD_DATA pCardData, + __in LPSTR pszDirectoryName, + __in LPSTR pszFileName, + __in DWORD dwFlags, + __in_bcount(cbData) PBYTE pbData, + __in DWORD cbData) +{ + logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData); + logprintf(pCardData, 1, "CardWriteFile %s %d\n", NULLSTR(pszFileName), cbData); + + if(!pCardData) + return SCARD_E_INVALID_PARAMETER; + + if(pszDirectoryName == NULL) + { + if(strcmp(pszFileName, "cardcf") == 0) + { + logprintf(pCardData, 2, "write cardcf ok.\n"); + loghex(pCardData, 2, pbData, cbData); /*TODO did it change */ + return SCARD_S_SUCCESS; + } + } + + return SCARD_E_FILE_NOT_FOUND; +} + +DWORD WINAPI CardDeleteFile(__in PCARD_DATA pCardData, + __in LPSTR pszDirectoryName, + __in LPSTR pszFileName, + __in DWORD dwFlags) +{ + logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData); + logprintf(pCardData, 1, "CardDeleteFile - unsupported\n"); + return SCARD_E_UNSUPPORTED_FEATURE; +} + +DWORD WINAPI CardEnumFiles(__in PCARD_DATA pCardData, + __in LPSTR pszDirectoryName, + __out_ecount(*pdwcbFileName) LPSTR *pmszFileNames, + __out LPDWORD pdwcbFileName, + __in DWORD dwFlags) +{ + const char root_files[] = "cardapps\0cardcf\0cardid\0\0"; + const char mscp_files[] = "kxc00\0kxc01\0cmapfile\0\0"; + + logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData); + logprintf(pCardData, 1, "CardEnumFiles\n"); + + if (!pCardData) return SCARD_E_INVALID_PARAMETER; + if (!pmszFileNames) return SCARD_E_INVALID_PARAMETER; + if (!pdwcbFileName) return SCARD_E_INVALID_PARAMETER; + if (dwFlags) return SCARD_E_INVALID_PARAMETER; + + if (!pszDirectoryName || !strlen(pszDirectoryName)) + { + DWORD sz = sizeof(root_files) - 1; + LPSTR t = (LPSTR)(*pCardData->pfnCspAlloc)(sz); + if (!t) return SCARD_E_NO_MEMORY; + CopyMemory(t,root_files,sz); + *pmszFileNames = t; + *pdwcbFileName = sz; + return SCARD_S_SUCCESS; + } + if (strcmpi(pszDirectoryName,"mscp") == 0) + { + DWORD sz = sizeof(mscp_files) - 1; + LPSTR t = (LPSTR)(*pCardData->pfnCspAlloc)(sz); + if (!t) return SCARD_E_NO_MEMORY; + CopyMemory(t,mscp_files,sz); + *pmszFileNames = t; + *pdwcbFileName = sz; + return SCARD_S_SUCCESS; + } + + return SCARD_E_FILE_NOT_FOUND; +} + +DWORD WINAPI CardGetFileInfo(__in PCARD_DATA pCardData, + __in LPSTR pszDirectoryName, + __in LPSTR pszFileName, + __in PCARD_FILE_INFO pCardFileInfo) +{ + logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData); + logprintf(pCardData, 1, "CardGetFileInfo - unsupported\n"); + return SCARD_E_UNSUPPORTED_FEATURE; +} + +DWORD WINAPI CardQueryFreeSpace(__in PCARD_DATA pCardData, + __in DWORD dwFlags, + __in PCARD_FREE_SPACE_INFO pCardFreeSpaceInfo) +{ + VENDOR_SPECIFIC *vs; + + logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData); + logprintf(pCardData, 1, "CardQueryFreeSpace %X, dwFlags=%X, version=%X\n", \ + pCardFreeSpaceInfo, dwFlags, pCardFreeSpaceInfo->dwVersion); + + if (!pCardData) return SCARD_E_INVALID_PARAMETER; + + vs = (VENDOR_SPECIFIC*)(pCardData->pvVendorSpecific); + + check_reader_status(pCardData); + + pCardFreeSpaceInfo->dwVersion = CARD_FREE_SPACE_INFO_CURRENT_VERSION; + pCardFreeSpaceInfo->dwBytesAvailable = -1; + pCardFreeSpaceInfo->dwMaxKeyContainers = vs->cert_count; + + pCardFreeSpaceInfo->dwKeyContainersAvailable = vs->cert_count; /*TODO should this be 0 */ + + return SCARD_S_SUCCESS; +} + + +DWORD WINAPI CardQueryKeySizes(__in PCARD_DATA pCardData, + __in DWORD dwKeySpec, + __in DWORD dwFlags, + __out PCARD_KEY_SIZES pKeySizes) +{ + logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData); + logprintf(pCardData, 1, "CardQueryKeySizes dwKeySpec=%X, dwFlags=%X, version=%X\n", \ + dwKeySpec, dwFlags, pKeySizes->dwVersion); + + if (!pCardData) return SCARD_E_INVALID_PARAMETER; + if (!pKeySizes) return SCARD_E_INVALID_PARAMETER; + + pKeySizes->dwVersion = CARD_KEY_SIZES_CURRENT_VERSION; + pKeySizes->dwMinimumBitlen = 512; + pKeySizes->dwDefaultBitlen = 1024; + pKeySizes->dwMaximumBitlen = 16384; + pKeySizes->dwIncrementalBitlen = 64; + + return SCARD_S_SUCCESS; +} + +DWORD WINAPI CardRSADecrypt(__in PCARD_DATA pCardData, + __inout PCARD_RSA_DECRYPT_INFO pInfo) + +{ + int r, i, opt_crypt_flags = 0; + unsigned ui; + VENDOR_SPECIFIC *vs; + sc_pkcs15_cert_info_t *cert_info; + sc_pkcs15_prkey_info_t *prkey_info; + BYTE *pbuf = NULL, *pbuf2 = NULL; + DWORD lg= 0, lg2 = 0; + + logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData); + logprintf(pCardData, 1, "CardRSADecrypt\n"); + if (!pCardData) return SCARD_E_INVALID_PARAMETER; + if (!pInfo) return SCARD_E_INVALID_PARAMETER; + + vs = (VENDOR_SPECIFIC*)(pCardData->pvVendorSpecific); + + check_reader_status(pCardData); + + vs->pkey = NULL; + + logprintf(pCardData, 2, "CardRSADecrypt dwVersion=%u, bContainerIndex=%u," \ + "dwKeySpec=%u pbData=%p, cbData=%u\n", \ + pInfo->dwVersion,pInfo->bContainerIndex ,pInfo->dwKeySpec, \ + pInfo->pbData, pInfo->cbData); + + if (pInfo->dwVersion == CARD_RSA_KEY_DECRYPT_INFO_VERSION_TWO) { + logprintf(pCardData, 2, " pPaddingInfo=%p dwPaddingType=0x%08X\n", \ + pInfo->pPaddingInfo, pInfo->dwPaddingType); + } + + if (!(pInfo->bContainerIndex < vs->cert_count)) + { + return SCARD_E_INVALID_PARAMETER; + } + + + cert_info = (struct sc_pkcs15_cert_info *) \ + (vs->cert_objs[pInfo->bContainerIndex]->data); + + for(i = 0; i < vs->prkey_count; i++) + { + sc_pkcs15_object_t *obj = (sc_pkcs15_object_t *)vs->prkey_objs[i]; + if(sc_pkcs15_compare_id(&((struct sc_pkcs15_prkey_info *) obj->data)->id, &(cert_info->id))) + { + vs->pkey = vs->prkey_objs[i]; + break; + } + } + + if(vs->pkey == NULL) + { + logprintf(pCardData, 2, "CardRSADecrypt prkey not found\n"); + return SCARD_E_INVALID_PARAMETER; + } + + prkey_info = (sc_pkcs15_prkey_info_t*)(vs->pkey->data); + + + /* input and output buffers are always the same size */ + pbuf = pCardData->pfnCspAlloc(pInfo->cbData); + if (!pbuf) { + return SCARD_E_NO_MEMORY; + } + lg2 = pInfo->cbData; + pbuf2 = pCardData->pfnCspAlloc(pInfo->cbData); + if (!pbuf2) { + return SCARD_E_NO_MEMORY; + } + + /*inversion donnees*/ + for(ui = 0; ui < pInfo->cbData; ui++) pbuf[ui] = pInfo->pbData[pInfo->cbData-ui-1]; + + r = sc_pkcs15_decipher(vs->p15card, vs->pkey, + opt_crypt_flags, pbuf, pInfo->cbData, pbuf2, pInfo->cbData); + logprintf(pCardData, 2, "sc_pkcs15_decipher return %d\n", r); + if ( r != pInfo->cbData || r < 0) { + logprintf(pCardData, 2, "sc_pkcs15_decipher erreur %s\n", \ + sc_strerror(r)); + } + + /*inversion donnees */ + for(ui = 0; ui < pInfo->cbData; ui++) pInfo->pbData[ui] = pbuf2[pInfo->cbData-ui-1]; + + pCardData->pfnCspFree(pbuf); + pCardData->pfnCspFree(pbuf2); + + return SCARD_S_SUCCESS; +} + +DWORD WINAPI CardSignData(__in PCARD_DATA pCardData, + __in PCARD_SIGNING_INFO pInfo) +{ + VENDOR_SPECIFIC *vs; + ALG_ID hashAlg; + sc_pkcs15_cert_info_t *cert_info; + sc_pkcs15_prkey_info_t *prkey_info; + BYTE dataToSign[0x200]; + int r, opt_crypt_flags = 0, opt_hash_flags = 0; + size_t dataToSignLen = sizeof(dataToSign); + + logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData); + logprintf(pCardData, 1, "CardSignData\n"); + + if (!pCardData) return SCARD_E_INVALID_PARAMETER; + if (!pInfo) return SCARD_E_INVALID_PARAMETER; + + logprintf(pCardData, 2, "CardSignData dwVersion=%u, bContainerIndex=%u," \ + "dwKeySpec=%u, dwSigningFlags=0x%08X, aiHashAlg=0x%08X\n", \ + pInfo->dwVersion,pInfo->bContainerIndex ,pInfo->dwKeySpec, \ + pInfo->dwSigningFlags, pInfo->aiHashAlg); + + logprintf(pCardData, 7, "pInfo->pbData(%i) ", pInfo->cbData); + loghex(pCardData, 7, pInfo->pbData, pInfo->cbData); + + hashAlg = pInfo->aiHashAlg; + + vs = (VENDOR_SPECIFIC*)(pCardData->pvVendorSpecific); + + check_reader_status(pCardData); + + vs->pkey = NULL; + + logprintf(pCardData, 2, "pInfo->dwVersion = %d\n", pInfo->dwVersion); + + if (dataToSignLen < pInfo->cbData) return SCARD_E_INSUFFICIENT_BUFFER; + memcpy(dataToSign, pInfo->pbData, pInfo->cbData); + dataToSignLen = pInfo->cbData; + + if (CARD_PADDING_INFO_PRESENT & pInfo->dwSigningFlags) + { + BCRYPT_PKCS1_PADDING_INFO *pinf = (BCRYPT_PKCS1_PADDING_INFO *)pInfo->pPaddingInfo; + if (CARD_PADDING_PKCS1 != pInfo->dwPaddingType) + { + logprintf(pCardData, 0, "unsupported paddingtype\n"); + return SCARD_E_UNSUPPORTED_FEATURE; + } + if (!pinf->pszAlgId) + { + /* hashAlg = CALG_SSL3_SHAMD5; */ + logprintf(pCardData, 3, "Using CALG_SSL3_SHAMD5 hashAlg\n"); + opt_hash_flags = SC_ALGORITHM_RSA_HASH_MD5_SHA1; + } + else + { + + if (wcscmp(pinf->pszAlgId, L"MD5") == 0) opt_hash_flags = SC_ALGORITHM_RSA_HASH_MD5; + else if (wcscmp(pinf->pszAlgId, L"SHA1") == 0) opt_hash_flags = SC_ALGORITHM_RSA_HASH_SHA1; + else if (wcscmp(pinf->pszAlgId, L"SHAMD5") == 0) opt_hash_flags = SC_ALGORITHM_RSA_HASH_MD5_SHA1; + else + logprintf(pCardData, 0,"unknown AlgId %S\n",NULLWSTR(pinf->pszAlgId)); + } + } + else + { + logprintf(pCardData, 3, "CARD_PADDING_INFO_PRESENT not set\n"); + + if (GET_ALG_CLASS(hashAlg) != ALG_CLASS_HASH) + { + logprintf(pCardData, 0, "bogus aiHashAlg\n"); + return SCARD_E_INVALID_PARAMETER; + } + + if (hashAlg == CALG_MD5) + opt_hash_flags = SC_ALGORITHM_RSA_HASH_MD5; + else if (hashAlg == CALG_SHA1) + opt_hash_flags = SC_ALGORITHM_RSA_HASH_SHA1; + else if (hashAlg == CALG_SSL3_SHAMD5) + opt_hash_flags = SC_ALGORITHM_RSA_HASH_MD5_SHA1; + else if (hashAlg !=0) + return SCARD_E_UNSUPPORTED_FEATURE; + } + + /* From sc-minidriver_specs_v7.docx pp.76: + * 'The Base CSP/KSP performs the hashing operation on the data before passing it + * to CardSignData for signature.' + * So, the SC_ALGORITHM_RSA_HASH_* flags should not be passed to pkcs15 library + * when calculating the signature . + * + * From sc-minidriver_specs_v7.docx pp.76: + * 'If the aiHashAlg member is nonzero, it specifies the hash algorithm’s object identifier (OID) + * that is encoded in the PKCS padding.' + * So, the digest info has be included into the data to be signed. + * */ + if (opt_hash_flags) { + logprintf(pCardData, 2, "include digest info of the algorithm 0x%08X\n", opt_hash_flags); + dataToSignLen = sizeof(dataToSign); + r = sc_pkcs1_encode(vs->p15card->card->ctx, opt_hash_flags, + pInfo->pbData, pInfo->cbData, dataToSign, &dataToSignLen, 0); + if (r) { + logprintf(pCardData, 2, "PKCS#1 encode error %s\n", sc_strerror(r)); + return SCARD_E_INVALID_VALUE; + } + } + opt_crypt_flags = SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_HASH_NONE; + + if(!(pInfo->bContainerIndex < vs->cert_count)) + { + return SCARD_E_INVALID_PARAMETER; + } + + cert_info = (struct sc_pkcs15_cert_info *) \ + (vs->cert_objs[pInfo->bContainerIndex]->data); + + r = sc_pkcs15_find_prkey_by_id(vs->p15card, &cert_info->id, &vs->pkey); + if (r) + return SCARD_E_INVALID_PARAMETER; + + prkey_info = (sc_pkcs15_prkey_info_t*)(vs->pkey->data); + + pInfo->cbSignedData = prkey_info->modulus_length / 8; + logprintf(pCardData, 3, "pInfo->cbSignedData = %d\n", pInfo->cbSignedData); + + if(!(pInfo->dwSigningFlags&CARD_BUFFER_SIZE_ONLY)) + { + int r,i; + BYTE *pbuf = NULL; + DWORD lg; + + lg = pInfo->cbSignedData; + logprintf(pCardData, 3, "lg = %d\n", lg); + pbuf = pCardData->pfnCspAlloc(lg); + if (!pbuf) + { + return SCARD_E_NO_MEMORY; + } + + logprintf(pCardData, 7, "Data to sign: "); + loghex(pCardData, 7, dataToSign, dataToSignLen); + + pInfo->pbSignedData = pCardData->pfnCspAlloc(pInfo->cbSignedData); + if (!pInfo->pbSignedData) + { + pCardData->pfnCspFree(pbuf); + return SCARD_E_NO_MEMORY; + } + + r = sc_pkcs15_compute_signature(vs->p15card, vs->pkey, \ + opt_crypt_flags, dataToSign, dataToSignLen, pbuf, lg); + logprintf(pCardData, 2, "sc_pkcs15_compute_signature return %d\n", r); + if(r < 0) + { + logprintf(pCardData, 2, "sc_pkcs15_compute_signature erreur %s\n", \ + sc_strerror(r)); + } + + pInfo->cbSignedData = r; + + /*inversion donnees*/ + for(i = 0; i < r; i++) pInfo->pbSignedData[i] = pbuf[r-i-1]; + + logprintf(pCardData, 7, "pbuf "); + loghex(pCardData, 7, pbuf, r); + + pCardData->pfnCspFree(pbuf); + + logprintf(pCardData, 7, "pInfo->pbSignedData "); + loghex(pCardData, 7, pInfo->pbSignedData, pInfo->cbSignedData); + + } + + logprintf(pCardData, 3, "CardSignData, dwVersion=%u, name=%S, hScard=0x%08X," \ + "hSCardCtx=0x%08X\n", pCardData->dwVersion, \ + NULLWSTR(pCardData->pwszCardName),pCardData->hScard, \ + pCardData->hSCardCtx); + + return SCARD_S_SUCCESS; +} + +DWORD WINAPI CardConstructDHAgreement(__in PCARD_DATA pCardData, + __in PCARD_DH_AGREEMENT_INFO pAgreementInfo) +{ + logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData); + logprintf(pCardData, 1, "CardConstructDHAgreement - unsupported\n"); + return SCARD_E_UNSUPPORTED_FEATURE; +} + +DWORD WINAPI CardDeriveKey(__in PCARD_DATA pCardData, + __in PCARD_DERIVE_KEY pAgreementInfo) +{ + logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData); + logprintf(pCardData, 1, "CardDeriveKey - unsupported\n"); + return SCARD_E_UNSUPPORTED_FEATURE; +} + +DWORD WINAPI CardDestroyDHAgreement( + __in PCARD_DATA pCardData, + __in BYTE bSecretAgreementIndex, + __in DWORD dwFlags) +{ + logprintf(pCardData, 1, "CardDestroyDHAgreement - unsupported\n"); + return SCARD_E_UNSUPPORTED_FEATURE; +} + +DWORD WINAPI CspGetDHAgreement(__in PCARD_DATA pCardData, + __in PVOID hSecretAgreement, + __out BYTE* pbSecretAgreementIndex, + __in DWORD dwFlags) +{ + logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData); + logprintf(pCardData, 1, "CspGetDHAgreement - unsupported\n"); + return SCARD_E_UNSUPPORTED_FEATURE; +} + +DWORD WINAPI CardGetChallengeEx(__in PCARD_DATA pCardData, + __in PIN_ID PinId, + __deref_out_bcount(*pcbChallengeData) PBYTE *ppbChallengeData, + __out PDWORD pcbChallengeData, + __in DWORD dwFlags) +{ + logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData); + logprintf(pCardData, 1, "CardGetChallengeEx - unsupported\n"); + return SCARD_E_UNSUPPORTED_FEATURE; +} + +DWORD WINAPI CardAuthenticateEx(__in PCARD_DATA pCardData, + __in PIN_ID PinId, + __in DWORD dwFlags, + __in PBYTE pbPinData, + __in DWORD cbPinData, + __deref_out_bcount_opt(*pcbSessionPin) PBYTE *ppbSessionPin, + __out_opt PDWORD pcbSessionPin, + __out_opt PDWORD pcAttemptsRemaining) +{ + int r; + VENDOR_SPECIFIC *vs; + sc_pkcs15_object_t *pin_obj = NULL; + + logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData); + logprintf(pCardData, 1, "CardAuthenticateEx\n"); + + if (!pCardData) return SCARD_E_INVALID_PARAMETER; + + logprintf(pCardData, 2, "CardAuthenticateEx: PinId=%u, dwFlags=0x%08X, cbPinData=%u, Attempts %s\n", + PinId,dwFlags,cbPinData,pcAttemptsRemaining ? "YES" : "NO"); + + vs = (VENDOR_SPECIFIC*)(pCardData->pvVendorSpecific); + + check_reader_status(pCardData); + + if (dwFlags == CARD_AUTHENTICATE_GENERATE_SESSION_PIN || + dwFlags == CARD_AUTHENTICATE_SESSION_PIN) + return SCARD_E_UNSUPPORTED_FEATURE; + if (dwFlags && dwFlags != CARD_PIN_SILENT_CONTEXT) + return SCARD_E_INVALID_PARAMETER; + + if (NULL == pbPinData) return SCARD_E_INVALID_PARAMETER; + + if (PinId != ROLE_USER) return SCARD_E_INVALID_PARAMETER; + + r = get_pin_by_role(pCardData, ROLE_USER, &pin_obj); + if (r != SCARD_S_SUCCESS) + { + logprintf(pCardData, 2, "Cannot get User PIN object"); + return r; + } + + r = sc_pkcs15_verify_pin(vs->p15card, pin_obj, (const u8 *) pbPinData, cbPinData); + if (r) + { + logprintf(pCardData, 2, "PIN code verification failed: %s\n", sc_strerror(r)); + + if(pcAttemptsRemaining) + { + (*pcAttemptsRemaining) = -1; + } + return SCARD_W_WRONG_CHV; + } + + logprintf(pCardData, 2, "Pin code correct.\n"); + + SET_PIN(vs->cardFiles.file_cardcf.bPinsFreshness, ROLE_USER); + logprintf(pCardData, 7, "PinsFreshness = %d\n", + vs->cardFiles.file_cardcf.bPinsFreshness); + + return SCARD_S_SUCCESS; +} + +DWORD WINAPI CardChangeAuthenticatorEx(__in PCARD_DATA pCardData, + __in DWORD dwFlags, + __in PIN_ID dwAuthenticatingPinId, + __in_bcount(cbAuthenticatingPinData) PBYTE pbAuthenticatingPinData, + __in DWORD cbAuthenticatingPinData, + __in PIN_ID dwTargetPinId, + __in_bcount(cbTargetData) PBYTE pbTargetData, + __in DWORD cbTargetData, + __in DWORD cRetryCount, + __out_opt PDWORD pcAttemptsRemaining) +{ + logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData); + logprintf(pCardData, 1, "CardChangeAuthenticatorEx - unsupported\n"); + return SCARD_E_UNSUPPORTED_FEATURE; +} + +DWORD WINAPI CardDeauthenticateEx(__in PCARD_DATA pCardData, + __in PIN_SET PinId, + __in DWORD dwFlags) +{ + VENDOR_SPECIFIC *vs; + + logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData); + logprintf(pCardData, 1, "CardDeauthenticateEx PinId=%d dwFlags=0x%08X\n",PinId, dwFlags); + + if (!pCardData) return SCARD_E_INVALID_PARAMETER; + + vs = (VENDOR_SPECIFIC*)(pCardData->pvVendorSpecific); + + check_reader_status(pCardData); + + /*TODO Should we reset the card? */ + vs->cardFiles.file_cardcf.bPinsFreshness &= ~PinId; + logprintf(pCardData, 7, "PinsFreshness = %d\n", + vs->cardFiles.file_cardcf.bPinsFreshness); + + return SCARD_S_SUCCESS; +} + +DWORD WINAPI CardGetContainerProperty(__in PCARD_DATA pCardData, + __in BYTE bContainerIndex, + __in LPCWSTR wszProperty, + __out_bcount_part_opt(cbData, *pdwDataLen) PBYTE pbData, + __in DWORD cbData, + __out PDWORD pdwDataLen, + __in DWORD dwFlags) +{ + logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData); + logprintf(pCardData, 1, "CardGetContainerProperty\n"); + + check_reader_status(pCardData); + + if (!pCardData) return SCARD_E_INVALID_PARAMETER; + logprintf(pCardData, 2, "CardGetContainerProperty bContainerIndex=%u, wszProperty=%S," \ + "cbData=%u, dwFlags=0x%08X\n",bContainerIndex,NULLWSTR(wszProperty),cbData,dwFlags); + if (!wszProperty) return SCARD_E_INVALID_PARAMETER; + if (dwFlags) return SCARD_E_INVALID_PARAMETER; + if (!pbData) return SCARD_E_INVALID_PARAMETER; + if (!pdwDataLen) return SCARD_E_INVALID_PARAMETER; + + if (wcscmp(CCP_CONTAINER_INFO,wszProperty) == 0) + { + PCONTAINER_INFO p = (PCONTAINER_INFO) pbData; + if (pdwDataLen) *pdwDataLen = sizeof(*p); + if (cbData >= sizeof(DWORD)) + if (p->dwVersion != CONTAINER_INFO_CURRENT_VERSION && + p->dwVersion != 0 ) return ERROR_REVISION_MISMATCH; + if (cbData < sizeof(*p)) return ERROR_INSUFFICIENT_BUFFER; + return CardGetContainerInfo(pCardData,bContainerIndex,0,p); + } + + if (wcscmp(CCP_PIN_IDENTIFIER,wszProperty) == 0) + { + PPIN_ID p = (PPIN_ID) pbData; + if (pdwDataLen) *pdwDataLen = sizeof(*p); + if (cbData < sizeof(*p)) return ERROR_INSUFFICIENT_BUFFER; + *p = ROLE_USER; + logprintf(pCardData, 2,"Return Pin id %u\n",*p); + return SCARD_S_SUCCESS; + } + + return SCARD_E_INVALID_PARAMETER; +} + +DWORD WINAPI CardSetContainerProperty(__in PCARD_DATA pCardData, + __in BYTE bContainerIndex, + __in LPCWSTR wszProperty, + __in_bcount(cbDataLen) PBYTE pbData, + __in DWORD cbDataLen, + __in DWORD dwFlags) +{ + logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData); + logprintf(pCardData, 1, "CardSetContainerProperty - unsupported\n"); + return SCARD_E_UNSUPPORTED_FEATURE; +} + +DWORD WINAPI CardGetProperty(__in PCARD_DATA pCardData, + __in LPCWSTR wszProperty, + __out_bcount_part_opt(cbData, *pdwDataLen) PBYTE pbData, + __in DWORD cbData, + __out PDWORD pdwDataLen, + __in DWORD dwFlags) +{ + VENDOR_SPECIFIC *vs; + + logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData); + logprintf(pCardData, 1, "CardGetProperty\n"); + if (!pCardData) return SCARD_E_INVALID_PARAMETER; + logprintf(pCardData, 2, "CardGetProperty wszProperty=%S, cbData=%u, dwFlags=%u\n", \ + NULLWSTR(wszProperty),cbData,dwFlags); + if (!wszProperty) return SCARD_E_INVALID_PARAMETER; + if (!pbData) return SCARD_E_INVALID_PARAMETER; + if (!pdwDataLen) return SCARD_E_INVALID_PARAMETER; + + vs = (VENDOR_SPECIFIC*)(pCardData->pvVendorSpecific); + + check_reader_status(pCardData); + + if (wcscmp(CP_CARD_FREE_SPACE,wszProperty) == 0) + { + PCARD_FREE_SPACE_INFO pCardFreeSpaceInfo = (PCARD_FREE_SPACE_INFO )pbData; + if (pdwDataLen) *pdwDataLen = sizeof(*pCardFreeSpaceInfo); + if (cbData < sizeof(*pCardFreeSpaceInfo)) return SCARD_E_NO_MEMORY; + if (pCardFreeSpaceInfo->dwVersion > CARD_FREE_SPACE_INFO_CURRENT_VERSION ) + return ERROR_REVISION_MISMATCH; + + pCardFreeSpaceInfo->dwVersion = CARD_FREE_SPACE_INFO_CURRENT_VERSION; + pCardFreeSpaceInfo->dwBytesAvailable = -1; + pCardFreeSpaceInfo->dwMaxKeyContainers = vs->cert_count; + pCardFreeSpaceInfo->dwKeyContainersAvailable = vs->cert_count; + + logprintf(pCardData, 7, "pCardFreeSpaceInfo "); + loghex(pCardData, 7, pbData, *pdwDataLen); + + return SCARD_S_SUCCESS; + } + if (wcscmp(CP_CARD_CAPABILITIES,wszProperty) == 0) + { + PCARD_CAPABILITIES pCardCapabilities = (PCARD_CAPABILITIES )pbData; + if (pdwDataLen) *pdwDataLen = sizeof(*pCardCapabilities); + if (cbData < sizeof(*pCardCapabilities)) return ERROR_INSUFFICIENT_BUFFER; + if (pCardCapabilities->dwVersion != CARD_CAPABILITIES_CURRENT_VERSION && + pCardCapabilities->dwVersion != 0) return ERROR_REVISION_MISMATCH; + + pCardCapabilities->dwVersion = CARD_CAPABILITIES_CURRENT_VERSION; + pCardCapabilities->fCertificateCompression = TRUE; + pCardCapabilities->fKeyGen = FALSE; + + logprintf(pCardData, 7, "pCardCapabilities "); + loghex(pCardData, 7, pbData, *pdwDataLen); + + return SCARD_S_SUCCESS; + } + if (wcscmp(CP_CARD_KEYSIZES,wszProperty) == 0) + { + PCARD_KEY_SIZES pKeySizes = (PCARD_KEY_SIZES )pbData; + if (pdwDataLen) *pdwDataLen = sizeof(*pKeySizes); + if (cbData < sizeof(*pKeySizes)) return ERROR_INSUFFICIENT_BUFFER; + if (pKeySizes->dwVersion != CARD_KEY_SIZES_CURRENT_VERSION && + pKeySizes->dwVersion != 0) return ERROR_REVISION_MISMATCH; + + pKeySizes->dwVersion = CARD_KEY_SIZES_CURRENT_VERSION; + pKeySizes->dwMinimumBitlen = 512; + pKeySizes->dwDefaultBitlen = 1024; + pKeySizes->dwMaximumBitlen = 16384; + pKeySizes->dwIncrementalBitlen = 64; + + logprintf(pCardData, 7, "pKeySizes "); + loghex(pCardData, 7, pbData, *pdwDataLen); + + return SCARD_S_SUCCESS; + } + if (wcscmp(CP_CARD_READ_ONLY,wszProperty) == 0) + { + BOOL *p = (BOOL*)pbData; + if (pdwDataLen) *pdwDataLen = sizeof(*p); + if (cbData < sizeof(*p)) return ERROR_INSUFFICIENT_BUFFER; + *p = TRUE; /* XXX HACK */ + + logprintf(pCardData, 7, "pcardReadOnly"); + loghex(pCardData, 7, pbData, *pdwDataLen); + return SCARD_S_SUCCESS; + } + if (wcscmp(CP_CARD_CACHE_MODE,wszProperty) == 0) + { + DWORD *p = (DWORD *)pbData; + if (pdwDataLen) *pdwDataLen = sizeof(*p); + if (cbData < sizeof(*p)) return ERROR_INSUFFICIENT_BUFFER; + *p = CP_CACHE_MODE_NO_CACHE; + + logprintf(pCardData, 7, "pCardCacheMode "); + loghex(pCardData, 7, pbData, *pdwDataLen); + return SCARD_S_SUCCESS; + } + if (wcscmp(CP_SUPPORTS_WIN_X509_ENROLLMENT,wszProperty) == 0) + { + DWORD *p = (DWORD *)pbData; + if (pdwDataLen) *pdwDataLen = sizeof(*p); + if (cbData < sizeof(*p)) return ERROR_INSUFFICIENT_BUFFER; + *p = 0; + + logprintf(pCardData, 7, "pSupportsX509Enrolment "); + loghex(pCardData, 7, pbData, *pdwDataLen); + return SCARD_S_SUCCESS; + } + if (wcscmp(CP_CARD_GUID,wszProperty) == 0) + { + if (pdwDataLen) *pdwDataLen = sizeof(vs->cardFiles.file_cardid); + if (cbData < sizeof(vs->cardFiles.file_cardid)) return ERROR_INSUFFICIENT_BUFFER; + + CopyMemory(pbData,vs->cardFiles.file_cardid,sizeof(vs->cardFiles.file_cardid)); + + logprintf(pCardData, 7, "CardGUID "); + loghex(pCardData, 7, pbData, *pdwDataLen); + return SCARD_S_SUCCESS; + } + if (wcscmp(CP_CARD_SERIAL_NO,wszProperty) == 0) + { + if (pdwDataLen) *pdwDataLen = sizeof(vs->p15card->tokeninfo->serial_number); + if (cbData < sizeof(vs->p15card->tokeninfo->serial_number)) return ERROR_INSUFFICIENT_BUFFER; + + CopyMemory(pbData,vs->p15card->tokeninfo->serial_number,sizeof(vs->p15card->tokeninfo->serial_number)); + + logprintf(pCardData, 7, "SerialNumber "); + loghex(pCardData, 7, pbData, *pdwDataLen); + return SCARD_S_SUCCESS; + } + if (wcscmp(CP_CARD_PIN_INFO,wszProperty) == 0) + { + PPIN_INFO p = (PPIN_INFO) pbData; + if (pdwDataLen) *pdwDataLen = sizeof(*p); + if (cbData < sizeof(*p)) return ERROR_INSUFFICIENT_BUFFER; + if (p->dwVersion != PIN_INFO_CURRENT_VERSION) return ERROR_REVISION_MISMATCH; + p->PinType = AlphaNumericPinType; + p->dwFlags = 0; + switch (dwFlags) + { + case ROLE_USER: + logprintf(pCardData, 2,"returning info on PIN ROLE_USER ( Auth ) [%u]\n",dwFlags); + p->PinPurpose = DigitalSignaturePin; + p->PinCachePolicy.dwVersion = PIN_CACHE_POLICY_CURRENT_VERSION; + p->PinCachePolicy.dwPinCachePolicyInfo = 0; + p->PinCachePolicy.PinCachePolicyType = PinCacheNormal; + p->dwChangePermission = 0; + p->dwUnblockPermission = 0; + break; + default: + logprintf(pCardData, 0,"Invalid Pin number %u requested\n",dwFlags); + return SCARD_E_INVALID_PARAMETER; + } + + loghex(pCardData, 7, pbData, *pdwDataLen); + + + return SCARD_S_SUCCESS; + } + if (wcscmp(CP_CARD_LIST_PINS,wszProperty) == 0) + { + PPIN_SET p = (PPIN_SET) pbData; + if (pdwDataLen) *pdwDataLen = sizeof(*p); + if (cbData < sizeof(*p)) return ERROR_INSUFFICIENT_BUFFER; + SET_PIN(*p, ROLE_USER); + logprintf(pCardData, 7, "CARD_LIST_PINS "); + loghex(pCardData, 7, pbData, *pdwDataLen); + + return SCARD_S_SUCCESS; + } + if (wcscmp(CP_CARD_AUTHENTICATED_STATE,wszProperty) == 0) + { + PPIN_SET p = (PPIN_SET) pbData; + if (pdwDataLen) *pdwDataLen = sizeof(*p); + if (cbData < sizeof(*p)) return ERROR_INSUFFICIENT_BUFFER; + logprintf(pCardData, 7, "CARD_AUTHENTICATED_STATE invalid\n"); + return SCARD_E_INVALID_PARAMETER; + } + if (wcscmp(CP_CARD_PIN_STRENGTH_VERIFY,wszProperty) == 0) + { + DWORD *p = (DWORD *)pbData; + if (dwFlags != ROLE_USER) return SCARD_E_INVALID_PARAMETER; + if (pdwDataLen) *pdwDataLen = sizeof(*p); + if (cbData < sizeof(*p)) return ERROR_INSUFFICIENT_BUFFER; + *p = CARD_PIN_STRENGTH_PLAINTEXT; + + logprintf(pCardData, 7, "CARD_PIN_STRENGTH_VERIFY"); + loghex(pCardData, 7, pbData, *pdwDataLen); + + return SCARD_S_SUCCESS; + } + if (wcscmp(CP_CARD_PIN_STRENGTH_CHANGE,wszProperty) == 0) + { + return SCARD_E_UNSUPPORTED_FEATURE; + } + if (wcscmp(CP_CARD_PIN_STRENGTH_UNBLOCK,wszProperty) == 0) + { + return SCARD_E_UNSUPPORTED_FEATURE; + } + + logprintf(pCardData, 3, "INVALID PARAMETER\n"); + return SCARD_E_INVALID_PARAMETER; +} + +DWORD WINAPI CardSetProperty(__in PCARD_DATA pCardData, + __in LPCWSTR wszProperty, + __in_bcount(cbDataLen) PBYTE pbData, + __in DWORD cbDataLen, + __in DWORD dwFlags) +{ + logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData); + logprintf(pCardData, 1, "CardSetProperty\n"); + + if (!pCardData) return SCARD_E_INVALID_PARAMETER; + + logprintf(pCardData, 2, "CardSetProperty wszProperty=%S, cbDataLen=%u, dwFlags=%u",\ + NULLWSTR(wszProperty),cbDataLen,dwFlags); + + if (!wszProperty) return SCARD_E_INVALID_PARAMETER; + + if (wcscmp(CP_CARD_PIN_STRENGTH_VERIFY, wszProperty) == 0 || + wcscmp(CP_CARD_PIN_INFO, wszProperty) == 0) return SCARD_E_INVALID_PARAMETER; + + if (dwFlags) return SCARD_E_INVALID_PARAMETER; + + if (wcscmp(CP_PIN_CONTEXT_STRING, wszProperty) == 0) + return SCARD_S_SUCCESS; + + if (wcscmp(CP_CARD_CACHE_MODE, wszProperty) == 0 || + wcscmp(CP_SUPPORTS_WIN_X509_ENROLLMENT, wszProperty) == 0 || + wcscmp(CP_CARD_GUID, wszProperty) == 0 || + wcscmp(CP_CARD_SERIAL_NO, wszProperty) == 0) { + return SCARD_E_INVALID_PARAMETER; + } + + if (!pbData) return SCARD_E_INVALID_PARAMETER; + if (!cbDataLen) return SCARD_E_INVALID_PARAMETER; + + if (wcscmp(CP_PARENT_WINDOW, wszProperty) == 0) { + if (cbDataLen != sizeof(DWORD)) + return SCARD_E_INVALID_PARAMETER; + else + { + HWND cp = *((HWND *) pbData); + if (cp!=0 && !IsWindow(cp)) return SCARD_E_INVALID_PARAMETER; + } + return SCARD_S_SUCCESS; + } + + logprintf(pCardData, 3, "INVALID PARAMETER\n"); + return SCARD_E_INVALID_PARAMETER; +} + +#define MINIMUM_VERSION_SUPPORTED (4) +#define CURRENT_VERSION_SUPPORTED (6) + +DWORD WINAPI CardAcquireContext(IN PCARD_DATA pCardData, __in DWORD dwFlags) +{ + VENDOR_SPECIFIC *vs; + DWORD suppliedVersion = 0; + u8 challenge[8]; + + if (!pCardData) + return SCARD_E_INVALID_PARAMETER; + if (dwFlags) + return SCARD_E_INVALID_PARAMETER; + + suppliedVersion = pCardData->dwVersion; + + /* VENDOR SPECIFIC */ + vs = pCardData->pvVendorSpecific = \ + pCardData->pfnCspAlloc(sizeof(VENDOR_SPECIFIC)); + memset(vs, 0, sizeof(VENDOR_SPECIFIC)); + + logprintf(pCardData, 1, "=================================" \ + "=================================\n"); + + logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData); + logprintf(pCardData, 1, "CardAcquireContext, dwVersion=%u, name=%S," \ + "hScard=0x%08X, hSCardCtx=0x%08X\n", pCardData->dwVersion, \ + NULLWSTR(pCardData->pwszCardName),pCardData->hScard, \ + pCardData->hSCardCtx); + + vs->hScard = pCardData->hScard; + vs->hSCardCtx = pCardData->hSCardCtx; + + /* The lowest supported version is 4. */ + if (pCardData->dwVersion < MINIMUM_VERSION_SUPPORTED) + { + return (DWORD) ERROR_REVISION_MISMATCH; + } + + if( pCardData->hScard == 0) + { + logprintf(pCardData, 0, "Invalide handle.\n"); + return SCARD_E_INVALID_HANDLE; + } + + logprintf(pCardData, 2, "request version pCardData->dwVersion = %d\n", pCardData->dwVersion); + + pCardData->dwVersion = min(pCardData->dwVersion, CURRENT_VERSION_SUPPORTED); + + logprintf(pCardData, 2, "pCardData->dwVersion = %d\n", pCardData->dwVersion); + + if(1) + { + int r; + sc_context_param_t ctx_param; + + vs->ctx = NULL; + + logprintf(pCardData, 3, "create ctx\n"); + + memset(&ctx_param, 0, sizeof(ctx_param)); + ctx_param.ver = 1; + ctx_param.app_name = "cardmod"; + + r = sc_context_create(&(vs->ctx), &ctx_param); + logprintf(pCardData, 3, "sc_context_create passed r = %d\n", r); + if (r) + { + logprintf(pCardData, 0, "Failed to establish context: %s\n", \ + sc_strerror(r)); + return SCARD_F_UNKNOWN_ERROR; + } + } + + pCardData->pfnCardDeleteContext = CardDeleteContext; + pCardData->pfnCardQueryCapabilities = CardQueryCapabilities; + pCardData->pfnCardDeleteContainer = CardDeleteContainer; + pCardData->pfnCardCreateContainer = CardCreateContainer; + pCardData->pfnCardGetContainerInfo = CardGetContainerInfo; + pCardData->pfnCardAuthenticatePin = CardAuthenticatePin; + pCardData->pfnCardGetChallenge = CardGetChallenge; + pCardData->pfnCardAuthenticateChallenge = CardAuthenticateChallenge; + pCardData->pfnCardUnblockPin = CardUnblockPin; + pCardData->pfnCardChangeAuthenticator = CardChangeAuthenticator; + pCardData->pfnCardDeauthenticate = CardDeauthenticate; /* NULL */ + pCardData->pfnCardCreateDirectory = CardCreateDirectory; + pCardData->pfnCardDeleteDirectory = CardDeleteDirectory; + pCardData->pvUnused3 = NULL; + pCardData->pvUnused4 = NULL; + pCardData->pfnCardCreateFile = CardCreateFile; + pCardData->pfnCardReadFile = CardReadFile; + pCardData->pfnCardWriteFile = CardWriteFile; + pCardData->pfnCardDeleteFile = CardDeleteFile; + pCardData->pfnCardEnumFiles = CardEnumFiles; + pCardData->pfnCardGetFileInfo = CardGetFileInfo; + pCardData->pfnCardQueryFreeSpace = CardQueryFreeSpace; + pCardData->pfnCardQueryKeySizes = CardQueryKeySizes; + pCardData->pfnCardSignData = CardSignData; + pCardData->pfnCardRSADecrypt = CardRSADecrypt; + pCardData->pfnCardConstructDHAgreement = CardConstructDHAgreement; + + associate_card(pCardData); + + logprintf(pCardData, 1, "OpenSC init done.\n"); + + if(sc_get_challenge(vs->p15card->card, challenge, sizeof(challenge))) + { + vs->cardFiles.file_cardcf.wContainersFreshness = rand()%30000; + vs->cardFiles.file_cardcf.wFilesFreshness = rand()%30000; + } + else + { + vs->cardFiles.file_cardcf.wContainersFreshness = challenge[0]*256+challenge[1]; + vs->cardFiles.file_cardcf.wFilesFreshness = challenge[3]*256+challenge[4]; + } + + if (suppliedVersion > 4) { + pCardData->pfnCardDeriveKey = CardDeriveKey; + pCardData->pfnCardDestroyDHAgreement = CardDestroyDHAgreement; + pCardData->pfnCspGetDHAgreement = CspGetDHAgreement; + + if (suppliedVersion > 5 ) { + pCardData->pfnCardGetChallengeEx = CardGetChallengeEx; + pCardData->pfnCardAuthenticateEx = CardAuthenticateEx; + pCardData->pfnCardChangeAuthenticatorEx = CardChangeAuthenticatorEx; + pCardData->pfnCardDeauthenticateEx = CardDeauthenticateEx; + pCardData->pfnCardGetContainerProperty = CardGetContainerProperty; + pCardData->pfnCardSetContainerProperty = CardSetContainerProperty; + pCardData->pfnCardGetProperty = CardGetProperty; + pCardData->pfnCardSetProperty = CardSetProperty; + } + } + + return SCARD_S_SUCCESS; +} + +static int associate_card(PCARD_DATA pCardData) +{ + VENDOR_SPECIFIC *vs; + int r; + BYTE empty_appdir[] = {1,'m','s','c','p',0,0,0,0}; + BYTE empty_cardcf[6]={0,0,0,0,0,0}; + BYTE empty_cardid[16]={0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}; + + logprintf(pCardData, 1, "associate_card\n"); + vs = (VENDOR_SPECIFIC*)(pCardData->pvVendorSpecific); + /* + * set the addresses of the reader and card handles + * Our cardmod pcsc code will use these when we call sc_ctx_use_reader + * We use the address of the handles as provided in the pCardData + */ + vs->hSCardCtx = pCardData->hSCardCtx; + vs->hScard = pCardData->hScard; + + memcpy(vs->cardFiles.file_appdir, empty_appdir, sizeof(empty_appdir)); + memset(&(vs->cardFiles.file_cardcf), 0, sizeof(vs->cardFiles.file_cardcf)); + memcpy(vs->cardFiles.file_cardid, empty_cardid, sizeof(empty_cardid)); + + /* set the provided reader and card handles into ctx */ + logprintf(pCardData, 5, "cardmod_use_handles %d\n", \ + sc_ctx_use_reader(vs->ctx, &vs->hSCardCtx, &vs->hScard)); + + /* should be only one reader */ + logprintf(pCardData, 5, "sc_ctx_get_reader_count(ctx): %d\n", \ + sc_ctx_get_reader_count(vs->ctx)); + + vs->reader = sc_ctx_get_reader(vs->ctx, 0); + if(vs->reader) + { + logprintf(pCardData, 3, "%s\n", NULLSTR(vs->reader->name)); + + r = sc_connect_card(vs->reader, &(vs->card)); + logprintf(pCardData, 2, "sc_connect_card result = %d, %s\n", \ + r, sc_strerror(r)); + if(!r) + { + r = sc_pkcs15_bind(vs->card, NULL, &(vs->p15card)); + logprintf(pCardData, 2, "PKCS#15 initialization result: %d, %s\n", \ + r, sc_strerror(r)); + } + } + + if(vs->card == NULL || vs->p15card == NULL) + { + logprintf(pCardData, 0, "Card unknow.\n"); + return SCARD_E_UNKNOWN_CARD; + } + + /* + * We want a 16 byte unique serial number + * PKCS15 gives us a char string, that + * appears to have been formated with %02x or %02X + * so as to make it printable. + * So for now we will try and convert back to bin, + * and use the last 32 bytes of the vs-p15card->tokeninfo->serial_number + * TODO needs to be looked at closer + */ + + if (vs->p15card->tokeninfo && vs->p15card->tokeninfo->serial_number) { + size_t len1, len2; + char * cserial; + + len1 = strlen(vs->p15card->tokeninfo->serial_number); + cserial = vs->p15card->tokeninfo->serial_number; + len2 = sizeof(vs->cardFiles.file_cardid) * 2; + if ( len1 > len2) { + cserial += len1 - len2; + len1 = len2; + } + len1 /= 2; + r = sc_hex_to_bin(cserial, vs->cardFiles.file_cardid, &len1); + logprintf(pCardData, 7, "serial number r=%d len1=%d len2=%d ",r, len1, len2); + loghex(pCardData, 7, vs->cardFiles.file_cardid, sizeof(vs->cardFiles.file_cardid)); + } + + + r = sc_pkcs15_get_objects(vs->p15card, SC_PKCS15_TYPE_CERT_X509, \ + vs->cert_objs, 32); + if (r < 0) + { + logprintf(pCardData, 0, "Certificate enumeration failed: %s\n", \ + sc_strerror(r)); + return SCARD_F_UNKNOWN_ERROR; + } + + vs->cert_count = r; + logprintf(pCardData, 2, "Found %d certificat(s) in the card.\n", \ + vs->cert_count); + + r = sc_pkcs15_get_objects(vs->p15card, SC_PKCS15_TYPE_PRKEY_RSA, \ + vs->prkey_objs, 32); + if (r < 0) + { + logprintf(pCardData, 0, "Private key enumeration failed: %s\n", \ + sc_strerror(r)); + return SCARD_F_UNKNOWN_ERROR; + } + + vs->prkey_count = r; + logprintf(pCardData, 2, "Found %d private key(s) in the card.\n", \ + vs->prkey_count); + + r = sc_pkcs15_get_objects(vs->p15card, SC_PKCS15_TYPE_AUTH_PIN, \ + vs->pin_objs, 8); + if (r < 0) + { + logprintf(pCardData, 2, "Pin object enumeration failed: %s\n", \ + sc_strerror(r)); + return SCARD_F_UNKNOWN_ERROR; + } + + vs->pin_count = r; + logprintf(pCardData, 2, "Found %d pin(s) in the card.\n", \ + vs->pin_count); + +#if 1 + dump_objects(pCardData); +#endif + + return SCARD_S_SUCCESS; + +} + +static int disassociate_card(PCARD_DATA pCardData) +{ + + VENDOR_SPECIFIC *vs; + int i; + + vs = (VENDOR_SPECIFIC*)(pCardData->pvVendorSpecific); + logprintf(pCardData, 1, "disassociate_card\n"); + + if(vs->pin != NULL) + { + free(vs->pin); + vs->pin = NULL; + } + + for (i = 0; i < vs->cert_count; i++) { + vs->cert_objs[i] = NULL; + } + vs->cert_count = 0; + + for (i = 0; i < vs->prkey_count; i++) { + vs->prkey_objs[i] = NULL; + } + vs->prkey_count = 0; + + for (i = 0; i < vs->pin_count; i++) { + vs->pin_objs[i] = NULL; + } + vs->pin_count = 0; + + + if(vs->p15card) + { + logprintf(pCardData, 6, "sc_pkcs15_unbind\n"); + sc_pkcs15_unbind(vs->p15card); + vs->p15card = NULL; + } + + if(vs->card) + { + logprintf(pCardData, 6, "sc_disconnect_card\n"); + sc_disconnect_card(vs->card); + vs->card = NULL; + } + + vs->reader = NULL; + + vs->hSCardCtx = -1; + vs->hScard = -1; + + return SCARD_S_SUCCESS; +} + + +BOOL APIENTRY DllMain( HMODULE hModule, + DWORD ul_reason_for_call, + LPVOID lpReserved +) +{ +#ifdef CARDMOD_LOW_LEVEL_DEBUG + logprintf(NULL,8,"\n********** DllMain hModule=0x%08X reason=%d Reserved=%p P:%d T:%d\n", + hModule, ul_reason_for_call, lpReserved, GetCurrentProcessId(), GetCurrentThreadId()); +#endif + switch (ul_reason_for_call) + { + case DLL_PROCESS_ATTACH: +#ifdef CARDMOD_LOW_LEVEL_DEBUG + { + CHAR name[MAX_PATH + 1] = "\0", *p; + GetModuleFileName(GetModuleHandle(NULL),name,MAX_PATH); + logprintf(NULL,1,"** DllMain Attach ModuleFileName=%s\n",name); + } +#endif + break; + case DLL_THREAD_ATTACH: + case DLL_THREAD_DETACH: + break; + case DLL_PROCESS_DETACH: + break; + } + return TRUE; +} + +#ifdef _MANAGED +#pragma managed(pop) +#endif +#endif + diff -Nru opensc-0.11.13/src/minidriver/minidriver.exports opensc-0.12.1/src/minidriver/minidriver.exports --- opensc-0.11.13/src/minidriver/minidriver.exports 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/minidriver/minidriver.exports 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1 @@ +CardAcquireContext diff -Nru opensc-0.11.13/src/minidriver/minidriver-westcos.reg opensc-0.12.1/src/minidriver/minidriver-westcos.reg --- opensc-0.11.13/src/minidriver/minidriver-westcos.reg 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/minidriver/minidriver-westcos.reg 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,7 @@ +Windows Registry Editor Version 5.00 + +[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\CEV WESTCOS] +"80000001"="opensc-minidriver.dll" +"ATR"=hex:3f,69,00,00,00,64,01,00,00,00,80,90,00 +"ATRMask"=hex:ff,ff,ff,ff,ff,ff,ff,00,00,00,f0,ff,ff +"Crypto Provider"="Microsoft Base Smart Card Crypto Provider" diff -Nru opensc-0.11.13/src/minidriver/opensc-minidriver.inf opensc-0.12.1/src/minidriver/opensc-minidriver.inf --- opensc-0.11.13/src/minidriver/opensc-minidriver.inf 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/minidriver/opensc-minidriver.inf 2011-05-18 05:52:09.000000000 +0000 @@ -0,0 +1,148 @@ + +[Version] +Signature="$Windows NT$" +Class=SmartCard +ClassGuid={990A2BD7-E738-46c7-B26F-1CF8FB9F1391} +Provider=%ProviderName% +CatalogFile=delta.cat +DriverVer=05/02/2010,0,12,1,0 + +[Manufacturer] +%ProviderName%=Minidriver,NTamd64,NTamd64.6.1,NTx86,NTx86.6.1 + +[Minidriver.NTamd64] +%CardDeviceName%=Minidriver64_Install,SCFILTER\CID_00640181010c829000 + +[Minidriver.NTx86] +%CardDeviceName%=Minidriver32_Install,SCFILTER\CID_00640181010c829000 + +[Minidriver.NTamd64.6.1] +%CardDeviceName%=Minidriver64_61_Install,SCFILTER\CID_00640181010c829000 + +[Minidriver.NTx86.6.1] +%CardDeviceName%=Minidriver32_61_Install,SCFILTER\CID_00640181010c829000 + +[DefaultInstall] +CopyFiles=x86_CopyFiles +AddReg=AddRegDefault + +[DefaultInstall.ntamd64] +CopyFiles=amd64_CopyFiles +CopyFiles=wow64_CopyFiles +AddReg=AddRegWOW64 +AddReg=AddRegDefault + +[DefaultInstall.NTx86] +CopyFiles=x86_CopyFiles +AddReg=AddRegDefault + +[DefaultInstall.ntamd64.6.1] +AddReg=AddRegWOW64 +AddReg=AddRegDefault + +[DefaultInstall.NTx86.6.1] +AddReg=AddRegDefault + +[SourceDisksFiles] +%SmartCardCardModule%=1 +%SmartCardCardModule64%=1 + +[SourceDisksNames] +1 = %MediaDescription% + +[Minidriver64_Install.NT] +CopyFiles=amd64_CopyFiles +CopyFiles=wow64_CopyFiles +AddReg=AddRegWOW64 +AddReg=AddRegDefault + +[Minidriver64_61_Install.NT] +AddReg=AddRegWOW64 +AddReg=AddRegDefault +Include=umpass.inf +Needs=UmPass + +[Minidriver32_Install.NT] +CopyFiles=x86_CopyFiles +AddReg=AddRegDefault + +[Minidriver32_61_Install.NT] +AddReg=AddRegDefault +Include=umpass.inf +Needs=UmPass + +[Minidriver64_61_Install.NT.Services] +Include=umpass.inf +Needs=UmPass.Services + +[Minidriver32_61_Install.NT.Services] +Include=umpass.inf +Needs=UmPass.Services + + +[Minidriver64_61_Install.NT.HW] +Include=umpass.inf +Needs=UmPass.HW + +[Minidriver64_61_Install.NT.CoInstallers] +Include=umpass.inf +Needs=UmPass.CoInstallers + + +[Minidriver64_61_Install.NT.Interfaces] +Include=umpass.inf +Needs=UmPass.Interfaces + + +[Minidriver32_61_Install.NT.HW] +Include=umpass.inf +Needs=UmPass.HW + +[Minidriver32_61_Install.NT.CoInstallers] +Include=umpass.inf +Needs=UmPass.CoInstallers + + +[Minidriver32_61_Install.NT.Interfaces] +Include=umpass.inf +Needs=UmPass.Interfaces + + +[amd64_CopyFiles] +;%SmartCardCardModule%,%SmartCardCardModule64% + +[x86_CopyFiles] +;%SmartCardCardModule% + +[wow64_CopyFiles] +;%SmartCardCardModule64% + +[AddRegWOW64] +HKLM, %SmartCardNameWOW64%,"ATR",0x00000001,3f,69,00,00,00,64,01,00,00,00,80,90,00 +HKLM, %SmartCardNameWOW64%,"ATRMask",0x00000001,ff,ff,ff,ff,ff,ff,ff,00,00,00,f0,ff,ff +HKLM, %SmartCardNameWOW64%,"Crypto Provider",0x00000000,"Microsoft Base Smart Card Crypto Provider" +HKLM, %SmartCardNameWOW64%,"Smart Card Key Storage Provider",0x00000000,"Microsoft Smart Card Key Storage Provider" +HKLM, %SmartCardNameWOW64%,"80000001",0x00000000,%SmartCardCardModule64% + +[AddRegDefault] +HKLM, %SmartCardName%,"ATR",0x00000001,3f,69,00,00,00,64,01,00,00,00,80,90,00 +HKLM, %SmartCardName%,"ATRMask",0x00000001,ff,ff,ff,ff,ff,ff,ff,00,00,00,f0,ff,ff +HKLM, %SmartCardName%,"Crypto Provider",0x00000000,"Microsoft Base Smart Card Crypto Provider" +HKLM, %SmartCardName%,"Smart Card Key Storage Provider",0x00000000,"Microsoft Smart Card Key Storage Provider" +HKLM, %SmartCardName%,"80000001",0x00000000,%SmartCardCardModule% + +[DestinationDirs] +amd64_CopyFiles=10,system32 +x86_CopyFiles=10,system32 +wow64_CopyFiles=10,syswow64 + + +; =================== Generic ================================== + +[Strings] +ProviderName ="OpenSC" +MediaDescription="OpenSC Smart Card Minidriver Installation Disk" +CardDeviceName="OpenSC Minidriver" +SmartCardName="SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\Cev Westcos" +SmartCardNameWOW64="SOFTWARE\Wow6432Node\Microsoft\Cryptography\Calais\SmartCards\Cev Westcos" +SmartCardCardModule="opensc-minidriver.dll" diff -Nru opensc-0.11.13/src/minidriver/opensc-minidriver.inf.in opensc-0.12.1/src/minidriver/opensc-minidriver.inf.in --- opensc-0.11.13/src/minidriver/opensc-minidriver.inf.in 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/minidriver/opensc-minidriver.inf.in 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,148 @@ + +[Version] +Signature="$Windows NT$" +Class=SmartCard +ClassGuid={990A2BD7-E738-46c7-B26F-1CF8FB9F1391} +Provider=%ProviderName% +CatalogFile=delta.cat +DriverVer=05/02/2010,@OPENSC_VERSION_MAJOR@,@OPENSC_VERSION_MINOR@,@OPENSC_VERSION_FIX@,0 + +[Manufacturer] +%ProviderName%=Minidriver,NTamd64,NTamd64.6.1,NTx86,NTx86.6.1 + +[Minidriver.NTamd64] +%CardDeviceName%=Minidriver64_Install,SCFILTER\CID_00640181010c829000 + +[Minidriver.NTx86] +%CardDeviceName%=Minidriver32_Install,SCFILTER\CID_00640181010c829000 + +[Minidriver.NTamd64.6.1] +%CardDeviceName%=Minidriver64_61_Install,SCFILTER\CID_00640181010c829000 + +[Minidriver.NTx86.6.1] +%CardDeviceName%=Minidriver32_61_Install,SCFILTER\CID_00640181010c829000 + +[DefaultInstall] +CopyFiles=x86_CopyFiles +AddReg=AddRegDefault + +[DefaultInstall.ntamd64] +CopyFiles=amd64_CopyFiles +CopyFiles=wow64_CopyFiles +AddReg=AddRegWOW64 +AddReg=AddRegDefault + +[DefaultInstall.NTx86] +CopyFiles=x86_CopyFiles +AddReg=AddRegDefault + +[DefaultInstall.ntamd64.6.1] +AddReg=AddRegWOW64 +AddReg=AddRegDefault + +[DefaultInstall.NTx86.6.1] +AddReg=AddRegDefault + +[SourceDisksFiles] +%SmartCardCardModule%=1 +%SmartCardCardModule64%=1 + +[SourceDisksNames] +1 = %MediaDescription% + +[Minidriver64_Install.NT] +CopyFiles=amd64_CopyFiles +CopyFiles=wow64_CopyFiles +AddReg=AddRegWOW64 +AddReg=AddRegDefault + +[Minidriver64_61_Install.NT] +AddReg=AddRegWOW64 +AddReg=AddRegDefault +Include=umpass.inf +Needs=UmPass + +[Minidriver32_Install.NT] +CopyFiles=x86_CopyFiles +AddReg=AddRegDefault + +[Minidriver32_61_Install.NT] +AddReg=AddRegDefault +Include=umpass.inf +Needs=UmPass + +[Minidriver64_61_Install.NT.Services] +Include=umpass.inf +Needs=UmPass.Services + +[Minidriver32_61_Install.NT.Services] +Include=umpass.inf +Needs=UmPass.Services + + +[Minidriver64_61_Install.NT.HW] +Include=umpass.inf +Needs=UmPass.HW + +[Minidriver64_61_Install.NT.CoInstallers] +Include=umpass.inf +Needs=UmPass.CoInstallers + + +[Minidriver64_61_Install.NT.Interfaces] +Include=umpass.inf +Needs=UmPass.Interfaces + + +[Minidriver32_61_Install.NT.HW] +Include=umpass.inf +Needs=UmPass.HW + +[Minidriver32_61_Install.NT.CoInstallers] +Include=umpass.inf +Needs=UmPass.CoInstallers + + +[Minidriver32_61_Install.NT.Interfaces] +Include=umpass.inf +Needs=UmPass.Interfaces + + +[amd64_CopyFiles] +;%SmartCardCardModule%,%SmartCardCardModule64% + +[x86_CopyFiles] +;%SmartCardCardModule% + +[wow64_CopyFiles] +;%SmartCardCardModule64% + +[AddRegWOW64] +HKLM, %SmartCardNameWOW64%,"ATR",0x00000001,3f,69,00,00,00,64,01,00,00,00,80,90,00 +HKLM, %SmartCardNameWOW64%,"ATRMask",0x00000001,ff,ff,ff,ff,ff,ff,ff,00,00,00,f0,ff,ff +HKLM, %SmartCardNameWOW64%,"Crypto Provider",0x00000000,"Microsoft Base Smart Card Crypto Provider" +HKLM, %SmartCardNameWOW64%,"Smart Card Key Storage Provider",0x00000000,"Microsoft Smart Card Key Storage Provider" +HKLM, %SmartCardNameWOW64%,"80000001",0x00000000,%SmartCardCardModule64% + +[AddRegDefault] +HKLM, %SmartCardName%,"ATR",0x00000001,3f,69,00,00,00,64,01,00,00,00,80,90,00 +HKLM, %SmartCardName%,"ATRMask",0x00000001,ff,ff,ff,ff,ff,ff,ff,00,00,00,f0,ff,ff +HKLM, %SmartCardName%,"Crypto Provider",0x00000000,"Microsoft Base Smart Card Crypto Provider" +HKLM, %SmartCardName%,"Smart Card Key Storage Provider",0x00000000,"Microsoft Smart Card Key Storage Provider" +HKLM, %SmartCardName%,"80000001",0x00000000,%SmartCardCardModule% + +[DestinationDirs] +amd64_CopyFiles=10,system32 +x86_CopyFiles=10,system32 +wow64_CopyFiles=10,syswow64 + + +; =================== Generic ================================== + +[Strings] +ProviderName ="OpenSC" +MediaDescription="OpenSC Smart Card Minidriver Installation Disk" +CardDeviceName="OpenSC Minidriver" +SmartCardName="SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\Cev Westcos" +SmartCardNameWOW64="SOFTWARE\Wow6432Node\Microsoft\Cryptography\Calais\SmartCards\Cev Westcos" +SmartCardCardModule="opensc-minidriver.dll" diff -Nru opensc-0.11.13/src/openssh/ask-for-pin.diff opensc-0.12.1/src/openssh/ask-for-pin.diff --- opensc-0.11.13/src/openssh/ask-for-pin.diff 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/src/openssh/ask-for-pin.diff 1970-01-01 00:00:00.000000000 +0000 @@ -1,115 +0,0 @@ -diff -udrNP openssh-4.1p1.orig/scard.c openssh-4.1p1/scard.c ---- openssh-4.1p1.orig/scard.c 2004-05-13 08:15:48.000000000 +0200 -+++ openssh-4.1p1/scard.c 2005-06-28 06:00:11.951466616 +0200 -@@ -35,6 +35,9 @@ - #include "misc.h" - #include "scard.h" - -+/* currently unused */ -+int ask_for_pin = 0; -+ - #if OPENSSL_VERSION_NUMBER < 0x00907000L - #define USE_ENGINE - #define RSA_get_default_method RSA_get_default_openssl_method -diff -udrNP openssh-4.1p1.orig/scard.h openssh-4.1p1/scard.h ---- openssh-4.1p1.orig/scard.h 2003-06-18 12:28:40.000000000 +0200 -+++ openssh-4.1p1/scard.h 2005-06-28 06:00:11.956465856 +0200 -@@ -33,6 +33,8 @@ - #define SCARD_ERROR_NOCARD -2 - #define SCARD_ERROR_APPLET -3 - -+extern int ask_for_pin; -+ - Key **sc_get_keys(const char *, const char *); - void sc_close(void); - int sc_put_key(Key *, const char *); -diff -udrNP openssh-4.1p1.orig/scard-opensc.c openssh-4.1p1/scard-opensc.c ---- openssh-4.1p1.orig/scard-opensc.c 2004-05-13 09:29:35.000000000 +0200 -+++ openssh-4.1p1/scard-opensc.c 2005-06-28 06:00:11.940468288 +0200 -@@ -38,6 +38,8 @@ - #include "misc.h" - #include "scard.h" - -+int ask_for_pin=0; -+ - #if OPENSSL_VERSION_NUMBER < 0x00907000L && defined(CRYPTO_LOCK_ENGINE) - #define USE_ENGINE - #define RSA_get_default_method RSA_get_default_openssl_method -@@ -119,6 +121,7 @@ - struct sc_pkcs15_prkey_info *key; - struct sc_pkcs15_object *pin_obj; - struct sc_pkcs15_pin_info *pin; -+ char *passphrase = NULL; - - priv = (struct sc_priv_data *) RSA_get_app_data(rsa); - if (priv == NULL) -@@ -156,24 +159,47 @@ - goto err; - } - pin = pin_obj->data; -+ -+ if (sc_pin) -+ passphrase = sc_pin; -+ else if (ask_for_pin) { -+ /* we need a pin but don't have one => ask for the pin */ -+ char prompt[64]; -+ -+ snprintf(prompt, sizeof(prompt), "Enter PIN for %s: ", -+ key_obj->label ? key_obj->label : "smartcard key"); -+ passphrase = read_passphrase(prompt, 0); -+ if (!passphrase || !strcmp(passphrase, "")) -+ goto err; -+ } else -+ /* no pin => error */ -+ goto err; -+ - r = sc_lock(card); - if (r) { - error("Unable to lock smartcard: %s", sc_strerror(r)); - goto err; - } -- if (sc_pin != NULL) { -- r = sc_pkcs15_verify_pin(p15card, pin, sc_pin, -- strlen(sc_pin)); -- if (r) { -- sc_unlock(card); -- error("PIN code verification failed: %s", -- sc_strerror(r)); -- goto err; -- } -+ r = sc_pkcs15_verify_pin(p15card, pin, passphrase, -+ strlen(passphrase)); -+ if (r) { -+ sc_unlock(card); -+ error("PIN code verification failed: %s", -+ sc_strerror(r)); -+ goto err; - } -+ - *key_obj_out = key_obj; -+ if (!sc_pin) { -+ memset(passphrase, 0, strlen(passphrase)); -+ xfree(passphrase); -+ } - return 0; - err: -+ if (!sc_pin && passphrase) { -+ memset(passphrase, 0, strlen(passphrase)); -+ xfree(passphrase); -+ } - sc_close(); - return -1; - } -diff -udrNP openssh-4.1p1.orig/ssh.c openssh-4.1p1/ssh.c ---- openssh-4.1p1.orig/ssh.c 2005-05-04 07:33:09.000000000 +0200 -+++ openssh-4.1p1/ssh.c 2005-06-28 06:00:11.967464184 +0200 -@@ -1216,6 +1216,9 @@ - #ifdef SMARTCARD - Key **keys; - -+ if (!options.batch_mode) -+ ask_for_pin = 1; -+ - if (options.smartcard_device != NULL && - options.num_identity_files < SSH_MAX_IDENTITY_FILES && - (keys = sc_get_keys(options.smartcard_device, NULL)) != NULL ) { diff -Nru opensc-0.11.13/src/openssh/Makefile.am opensc-0.12.1/src/openssh/Makefile.am --- opensc-0.11.13/src/openssh/Makefile.am 2009-12-13 09:14:26.000000000 +0000 +++ opensc-0.12.1/src/openssh/Makefile.am 1970-01-01 00:00:00.000000000 +0000 @@ -1,3 +0,0 @@ -MAINTAINERCLEANFILES = $(srcdir)/Makefile.in - -dist_noinst_DATA = README ask-for-pin.diff diff -Nru opensc-0.11.13/src/openssh/Makefile.in opensc-0.12.1/src/openssh/Makefile.in --- opensc-0.11.13/src/openssh/Makefile.in 2010-02-16 09:32:18.000000000 +0000 +++ opensc-0.12.1/src/openssh/Makefile.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,412 +0,0 @@ -# Makefile.in generated by automake 1.11 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, -# Inc. -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -VPATH = @srcdir@ -pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -subdir = src/openssh -DIST_COMMON = README $(dist_noinst_DATA) $(srcdir)/Makefile.am \ - $(srcdir)/Makefile.in -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/acx_pthread.m4 \ - $(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -SOURCES = -DIST_SOURCES = -DATA = $(dist_noinst_DATA) -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -AMTAR = @AMTAR@ -AR = @AR@ -AS = @AS@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CYGPATH_W = @CYGPATH_W@ -DEFAULT_PCSC_PROVIDER = @DEFAULT_PCSC_PROVIDER@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -DLLTOOL = @DLLTOOL@ -DSYMUTIL = @DSYMUTIL@ -DUMPBIN = @DUMPBIN@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -FGREP = @FGREP@ -GREP = @GREP@ -ICONV_CFLAGS = @ICONV_CFLAGS@ -ICONV_LIBS = @ICONV_LIBS@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -LD = @LD@ -LDFLAGS = @LDFLAGS@ -LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@ -LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@ -LIBASSUAN_LIBS = @LIBASSUAN_LIBS@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIPO = @LIPO@ -LN_S = @LN_S@ -LTLIBOBJS = @LTLIBOBJS@ -LTLIB_CFLAGS = @LTLIB_CFLAGS@ -LTLIB_LIBS = @LTLIB_LIBS@ -MAKEINFO = @MAKEINFO@ -MKDIR_P = @MKDIR_P@ -NM = @NM@ -NMEDIT = @NMEDIT@ -OBJDUMP = @OBJDUMP@ -OBJEXT = @OBJEXT@ -OPENCT_CFLAGS = @OPENCT_CFLAGS@ -OPENCT_LIBS = @OPENCT_LIBS@ -OPENSC_LT_AGE = @OPENSC_LT_AGE@ -OPENSC_LT_CURRENT = @OPENSC_LT_CURRENT@ -OPENSC_LT_OLDEST = @OPENSC_LT_OLDEST@ -OPENSC_LT_REVISION = @OPENSC_LT_REVISION@ -OPENSC_VERSION_FIX = @OPENSC_VERSION_FIX@ -OPENSC_VERSION_MAJOR = @OPENSC_VERSION_MAJOR@ -OPENSC_VERSION_MINOR = @OPENSC_VERSION_MINOR@ -OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ -OPENSSL_LIBS = @OPENSSL_LIBS@ -OPTIONAL_ICONV_CFLAGS = @OPTIONAL_ICONV_CFLAGS@ -OPTIONAL_ICONV_LIBS = @OPTIONAL_ICONV_LIBS@ -OPTIONAL_OPENCT_CFLAGS = @OPTIONAL_OPENCT_CFLAGS@ -OPTIONAL_OPENCT_LIBS = @OPTIONAL_OPENCT_LIBS@ -OPTIONAL_OPENSSL_CFLAGS = @OPTIONAL_OPENSSL_CFLAGS@ -OPTIONAL_OPENSSL_LIBS = @OPTIONAL_OPENSSL_LIBS@ -OPTIONAL_PCSC_CFLAGS = @OPTIONAL_PCSC_CFLAGS@ -OPTIONAL_READLINE_CFLAGS = @OPTIONAL_READLINE_CFLAGS@ -OPTIONAL_READLINE_LIBS = @OPTIONAL_READLINE_LIBS@ -OPTIONAL_ZLIB_CFLAGS = @OPTIONAL_ZLIB_CFLAGS@ -OPTIONAL_ZLIB_LIBS = @OPTIONAL_ZLIB_LIBS@ -OTOOL = @OTOOL@ -OTOOL64 = @OTOOL64@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_URL = @PACKAGE_URL@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PCSC_CFLAGS = @PCSC_CFLAGS@ -PCSC_LIBS = @PCSC_LIBS@ -PKG_CONFIG = @PKG_CONFIG@ -PTHREAD_CC = @PTHREAD_CC@ -PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ -PTHREAD_LIBS = @PTHREAD_LIBS@ -RANLIB = @RANLIB@ -RC = @RC@ -READLINE_CFLAGS = @READLINE_CFLAGS@ -READLINE_LIBS = @READLINE_LIBS@ -SED = @SED@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -STRIP = @STRIP@ -SVN = @SVN@ -TR = @TR@ -VERSION = @VERSION@ -WGET = @WGET@ -WGET_OPTS = @WGET_OPTS@ -WIN_LIBPREFIX = @WIN_LIBPREFIX@ -XSLTPROC = @XSLTPROC@ -ZLIB_CFLAGS = @ZLIB_CFLAGS@ -ZLIB_LIBS = @ZLIB_LIBS@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -acx_pthread_config = @acx_pthread_config@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -libdir = @libdir@ -libexecdir = @libexecdir@ -localedir = @localedir@ -localstatedir = @localstatedir@ -lt_ECHO = @lt_ECHO@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -openscincludedir = @openscincludedir@ -pdfdir = @pdfdir@ -pkcs11dir = @pkcs11dir@ -pkgconfigdir = @pkgconfigdir@ -plugindir = @plugindir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ -sysconfdir = @sysconfdir@ -target_alias = @target_alias@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -xslstylesheetsdir = @xslstylesheetsdir@ -MAINTAINERCLEANFILES = $(srcdir)/Makefile.in -dist_noinst_DATA = README ask-for-pin.diff -all: all-am - -.SUFFIXES: -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/openssh/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/openssh/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs -tags: TAGS -TAGS: - -ctags: CTAGS -CTAGS: - - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-am -all-am: Makefile $(DATA) -installdirs: -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." - -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) -clean: clean-am - -clean-am: clean-generic clean-libtool mostlyclean-am - -distclean: distclean-am - -rm -f Makefile -distclean-am: clean-am distclean-generic - -dvi: dvi-am - -dvi-am: - -html: html-am - -html-am: - -info: info-am - -info-am: - -install-data-am: - -install-dvi: install-dvi-am - -install-dvi-am: - -install-exec-am: - -install-html: install-html-am - -install-html-am: - -install-info: install-info-am - -install-info-am: - -install-man: - -install-pdf: install-pdf-am - -install-pdf-am: - -install-ps: install-ps-am - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-generic mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: - -.MAKE: install-am install-strip - -.PHONY: all all-am check check-am clean clean-generic clean-libtool \ - distclean distclean-generic distclean-libtool distdir dvi \ - dvi-am html html-am info info-am install install-am \ - install-data install-data-am install-dvi install-dvi-am \ - install-exec install-exec-am install-html install-html-am \ - install-info install-info-am install-man install-pdf \ - install-pdf-am install-ps install-ps-am install-strip \ - installcheck installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-generic \ - mostlyclean-libtool pdf pdf-am ps ps-am uninstall uninstall-am - - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff -Nru opensc-0.11.13/src/openssh/README opensc-0.12.1/src/openssh/README --- opensc-0.11.13/src/openssh/README 2005-12-29 12:36:27.000000000 +0000 +++ opensc-0.12.1/src/openssh/README 1970-01-01 00:00:00.000000000 +0000 @@ -1,7 +0,0 @@ -ask-for-pin.diff - SSH can't ask for the pin of a smart card in version 3.8.1p1. - Fixing this is a major task and requires some kind of redesign - in openssh as far as we understand, so please have patience. - - Meanwhile this patch can add the desired functionality, but - it is a crude hack, not meant to be added to openssh releases. diff -Nru opensc-0.11.13/src/pkcs11/debug.c opensc-0.12.1/src/pkcs11/debug.c --- opensc-0.11.13/src/pkcs11/debug.c 2009-12-13 09:14:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs11/debug.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,8 +18,11 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +#include "config.h" + #include #include + #include "sc-pkcs11.h" #define DUMP_TEMPLATE_MAX 32 @@ -27,7 +30,7 @@ struct fmap { CK_ULONG value; const char * name; - const char * (*print)(struct fmap *, void *, size_t); + const char * (*print)(int level, struct fmap *, void *, size_t); struct fmap * map; }; @@ -40,14 +43,19 @@ #define b(x) { (x), #x, sc_pkcs11_print_bool, NULL } #define s(x) { (x), #x, sc_pkcs11_print_string, NULL } -static void sc_pkcs11_print_attr(const char *, unsigned int, - const char *, const char *, +static void sc_pkcs11_print_attr(int level, const char *, + unsigned int, const char *, const char *, CK_ATTRIBUTE_PTR); -static const char * sc_pkcs11_print_value(struct fmap *, void *, size_t); -static struct fmap * sc_pkcs11_map_ulong(struct fmap *, CK_ULONG); -static const char * sc_pkcs11_print_ulong(struct fmap *, void *, size_t); -static const char * sc_pkcs11_print_bool(struct fmap *, void *, size_t); -static const char * sc_pkcs11_print_string(struct fmap *, void *, size_t); +static const char * sc_pkcs11_print_value(int level, struct fmap *, + void *, size_t); +static struct fmap * sc_pkcs11_map_ulong(int level, struct fmap *, + CK_ULONG); +static const char * sc_pkcs11_print_ulong(int level, struct fmap *, + void *, size_t); +static const char * sc_pkcs11_print_bool(int level, struct fmap *, + void *, size_t); +static const char * sc_pkcs11_print_string(int level, struct fmap *, + void *, size_t); static struct fmap map_CKA_CLASS[] = { _(CKO_DATA), @@ -149,22 +157,18 @@ _(CKA_RESET_ON_INIT), _(CKA_HAS_RESET), _(CKA_VENDOR_DEFINED), + b(CKA_ALWAYS_AUTHENTICATE), { 0, NULL, NULL, NULL } }; -void sc_pkcs11_print_attrs(const char *file, unsigned int line, +void sc_pkcs11_print_attrs(int level, const char *file, unsigned int line, const char *function, const char *info, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount) { - /* Don't bother with looking at this in detail if debugging - * is off */ - if (!context->debug) - return; - if (ulCount == 0) { - sc_do_log(context, SC_LOG_TYPE_DEBUG, + sc_do_log(context, level, file, line, function, "%s: empty template\n", info); @@ -172,41 +176,41 @@ } while (ulCount--) - sc_pkcs11_print_attr(file, line, function, + sc_pkcs11_print_attr(level, file, line, function, info, pTemplate++); } -static void sc_pkcs11_print_attr(const char *file, unsigned int line, +static void sc_pkcs11_print_attr(int level, const char *file, unsigned int line, const char *function, const char *info, CK_ATTRIBUTE_PTR attr) { struct fmap *fm; const char * value; - fm = sc_pkcs11_map_ulong(p11_attr_names, attr->type); + fm = sc_pkcs11_map_ulong(level, p11_attr_names, attr->type); if (attr->pValue == NULL) { value = ""; } else { - value = sc_pkcs11_print_value(fm, + value = sc_pkcs11_print_value(level, fm, attr->pValue, attr->ulValueLen); } if (fm == NULL) { - sc_do_log(context, SC_LOG_TYPE_DEBUG, + sc_do_log(context, level, file, line, function, "%s: Attribute 0x%x = %s\n", info, attr->type, value); } else { - sc_do_log(context, SC_LOG_TYPE_DEBUG, + sc_do_log(context, level, file, line, function, "%s: %s = %s\n", info, fm->name, value); } } -static const char *sc_pkcs11_print_value(struct fmap *fm, +static const char *sc_pkcs11_print_value(int level, struct fmap *fm, void *ptr, size_t count) { static char buffer[4 * DUMP_TEMPLATE_MAX + 1] = ""; @@ -226,10 +230,10 @@ return buffer; } - return fm->print(fm, ptr, count); + return fm->print(level, fm, ptr, count); } -static const char *sc_pkcs11_print_ulong(struct fmap *fm, +static const char *sc_pkcs11_print_ulong(int level, struct fmap *fm, void *ptr, size_t count) { static char buffer[64]; @@ -237,17 +241,17 @@ if (count == sizeof(CK_ULONG)) { memcpy(&value, ptr, count); - if ((fm = sc_pkcs11_map_ulong(fm->map, value)) != NULL) + if ((fm = sc_pkcs11_map_ulong(level, fm->map, value)) != NULL) return fm->name; sprintf(buffer, "0x%lx", (unsigned long) value); return buffer; } - return sc_pkcs11_print_value(NULL, ptr, count); + return sc_pkcs11_print_value(level, NULL, ptr, count); } -static const char *sc_pkcs11_print_bool(struct fmap *fm, void *ptr, - size_t count) +static const char *sc_pkcs11_print_bool(int level, struct fmap *fm, + void *ptr, size_t count) { CK_BBOOL value; @@ -258,10 +262,10 @@ return "FALSE"; } - return sc_pkcs11_print_value(NULL, ptr, count); + return sc_pkcs11_print_value(level, NULL, ptr, count); } -static const char *sc_pkcs11_print_string(struct fmap *fm, +static const char *sc_pkcs11_print_string(int level, struct fmap *fm, void *ptr, size_t count) { static char buffer[128]; @@ -273,7 +277,7 @@ return buffer; } -static struct fmap *sc_pkcs11_map_ulong(struct fmap *fm, CK_ULONG value) +static struct fmap *sc_pkcs11_map_ulong(int level, struct fmap *fm, CK_ULONG value) { for (; fm && fm->name; fm++) { if (fm->value == value) diff -Nru opensc-0.11.13/src/pkcs11/framework-pkcs15.c opensc-0.12.1/src/pkcs11/framework-pkcs15.c --- opensc-0.11.13/src/pkcs11/framework-pkcs15.c 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/pkcs11/framework-pkcs15.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,28 +18,23 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +#include "config.h" + #include #include + #include "sc-pkcs11.h" #ifdef USE_PKCS15_INIT -#include -#include +#include "pkcs15init/pkcs15-init.h" #endif extern int hack_enabled; -#define MAX_CACHE_PIN 32 struct pkcs15_slot_data { struct sc_pkcs15_object *auth_obj; - int user_consent; - struct { - sc_path_t path; - u8 value[MAX_CACHE_PIN]; - unsigned int len; - } pin[2]; }; #define slot_data(p) ((struct pkcs15_slot_data *) (p)) -#define slot_data_auth(p) (slot_data(p)->auth_obj) +#define slot_data_auth(p) (((p) && slot_data(p)) ? slot_data(p)->auth_obj : NULL) #define slot_data_pin_info(p) (((p) && slot_data_auth(p))? \ (struct sc_pkcs15_pin_info *) slot_data_auth(p)->data : NULL) @@ -60,6 +55,8 @@ struct pkcs15_any_object * objects[MAX_OBJECTS]; unsigned int num_objects; unsigned int locked; + unsigned char user_puk[64]; + unsigned int user_puk_len; }; struct pkcs15_any_object { @@ -105,8 +102,8 @@ #define pub_genfrom base.related_cert #define __p15_type(obj) (((obj) && (obj)->p15_object)? ((obj)->p15_object->type) : (unsigned int)-1) -#define is_privkey(obj) (__p15_type(obj) == SC_PKCS15_TYPE_PRKEY_RSA || __p15_type(obj) == SC_PKCS15_TYPE_PRKEY_GOSTR3410) -#define is_pubkey(obj) (__p15_type(obj) == SC_PKCS15_TYPE_PUBKEY_RSA || __p15_type(obj) == SC_PKCS15_TYPE_PUBKEY_GOSTR3410) +#define is_privkey(obj) ((__p15_type(obj) & SC_PKCS15_TYPE_CLASS_MASK) == SC_PKCS15_TYPE_PRKEY) +#define is_pubkey(obj) ((__p15_type(obj) & SC_PKCS15_TYPE_CLASS_MASK) == SC_PKCS15_TYPE_PUBKEY) #define is_cert(obj) (__p15_type(obj) == SC_PKCS15_TYPE_CERT_X509) struct pkcs15_data_object { @@ -138,7 +135,7 @@ }; static int __pkcs15_release_object(struct pkcs15_any_object *); -static int register_mechanisms(struct sc_pkcs11_card *p11card); +static CK_RV register_mechanisms(struct sc_pkcs11_card *p11card); static CK_RV get_public_exponent(struct sc_pkcs15_pubkey *, CK_ATTRIBUTE_PTR); static CK_RV get_modulus(struct sc_pkcs15_pubkey *, @@ -148,13 +145,10 @@ static CK_RV get_usage_bit(unsigned int usage, CK_ATTRIBUTE_PTR attr); static CK_RV asn1_sequence_wrapper(const u8 *, size_t, CK_ATTRIBUTE_PTR); static CK_RV get_gostr3410_params(const u8 *, size_t, CK_ATTRIBUTE_PTR); -static void cache_pin(void *, int, const sc_path_t *, const void *, size_t); -static int revalidate_pin(struct pkcs15_slot_data *data, - struct sc_pkcs11_session *ses); +static CK_RV get_ec_pubkey_point(struct sc_pkcs15_pubkey *, CK_ATTRIBUTE_PTR); +static CK_RV get_ec_pubkey_params(struct sc_pkcs15_pubkey *, CK_ATTRIBUTE_PTR); static int lock_card(struct pkcs15_fw_data *); static int unlock_card(struct pkcs15_fw_data *); -static void add_pins_to_keycache(struct sc_pkcs11_card *p11card, - struct sc_pkcs11_slot *slot); static int reselect_app_df(sc_pkcs15_card_t *p15card); /* PKCS#15 Framework */ @@ -163,16 +157,25 @@ { struct pkcs15_fw_data *fw_data; int rc; + CK_RV rv; - if (!(fw_data = (struct pkcs15_fw_data *) calloc(1, sizeof(*fw_data)))) + if (!(fw_data = calloc(1, sizeof(*fw_data)))) return CKR_HOST_MEMORY; p11card->fw_data = fw_data; - rc = sc_pkcs15_bind(p11card->card, &fw_data->p15_card); - sc_debug(context, "Binding to PKCS#15, rc=%d\n", rc); - if (rc < 0) - return sc_to_cryptoki_error(rc, p11card->reader); - return register_mechanisms(p11card); + rc = sc_pkcs15_bind(p11card->card, NULL, &fw_data->p15_card); + if (rc != SC_SUCCESS) { + sc_debug(context, SC_LOG_DEBUG_NORMAL, "sc_pkcs15_bind failed: %d", rc); + return sc_to_cryptoki_error(rc, NULL); + } + + rv = register_mechanisms(p11card); + if (rv != CKR_OK) { + sc_debug(context, SC_LOG_DEBUG_NORMAL, "register_mechanisms failed: 0x%x", rv); + return rv; + } + + return CKR_OK; } static CK_RV pkcs15_unbind(struct sc_pkcs11_card *p11card) @@ -195,13 +198,13 @@ rc = sc_pkcs15_unbind(fw_data->p15_card); free(fw_data); - return sc_to_cryptoki_error(rc, p11card->reader); + return sc_to_cryptoki_error(rc, NULL); } -static void pkcs15_init_token_info(struct sc_pkcs15_card *card, CK_TOKEN_INFO_PTR pToken) +static void pkcs15_init_token_info(struct sc_pkcs15_card *p15card, CK_TOKEN_INFO_PTR pToken) { - strcpy_bp(pToken->manufacturerID, card->manufacturer_id, 32); - if (card->flags & SC_PKCS15_CARD_FLAG_EMULATED) + strcpy_bp(pToken->manufacturerID, p15card->tokeninfo->manufacturer_id, 32); + if (p15card->flags & SC_PKCS15_CARD_FLAG_EMULATED) strcpy_bp(pToken->model, "PKCS#15 emulated", 16); else strcpy_bp(pToken->model, "PKCS#15", 16); @@ -211,14 +214,12 @@ * _Assuming_ that the serial number is a Big Endian counter, this * will assure that the serial within each type of card will be * unique in pkcs11 (at least for the first 8^16 cards :-) */ - if (card->serial_number != NULL) { - int sn_start = strlen(card->serial_number) - 16; + if (p15card->tokeninfo->serial_number != NULL) { + int sn_start = strlen(p15card->tokeninfo->serial_number) - 16; if (sn_start < 0) sn_start = 0; - strcpy_bp(pToken->serialNumber, - card->serial_number + sn_start, - 16); + strcpy_bp(pToken->serialNumber, p15card->tokeninfo->serial_number + sn_start, 16); } pToken->ulMaxSessionCount = CK_EFFECTIVELY_INFINITE; @@ -235,6 +236,21 @@ pToken->firmwareVersion.minor = 0; } +#ifdef USE_PKCS15_INIT +static char * +set_cka_label(CK_ATTRIBUTE_PTR attr, char *label) +{ + char *l = (char *)attr->pValue; + int len = attr->ulValueLen; + + if (len >= SC_PKCS15_MAX_LABEL_SIZE) + len = SC_PKCS15_MAX_LABEL_SIZE-1; + memcpy(label, l, len); + label[len] = '\0'; + return label; +} +#endif + static int __pkcs15_create_object(struct pkcs15_fw_data *fw_data, struct pkcs15_any_object **result, @@ -247,7 +263,7 @@ if (fw_data->num_objects >= MAX_OBJECTS) return SC_ERROR_TOO_MANY_OBJECTS; - if (!(obj = (struct pkcs15_any_object *) calloc(1, size))) + if (!(obj = calloc(1, size))) return SC_ERROR_OUT_OF_MEMORY; fw_data->objects[fw_data->num_objects++] = obj; @@ -273,6 +289,7 @@ return 0; } +#ifdef USE_PKCS15_INIT static int __pkcs15_delete_object(struct pkcs15_fw_data *fw_data, struct pkcs15_any_object *obj) { @@ -290,6 +307,64 @@ } return SC_ERROR_OBJECT_NOT_FOUND; } +#endif + +CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo) +{ + struct sc_pkcs11_slot *slot; + struct sc_pkcs15_object *auth; + struct sc_pkcs15_pin_info *pin_info; + struct sc_pin_cmd_data data; + int r; + CK_RV rv; + + if (pInfo == NULL_PTR) + return CKR_ARGUMENTS_BAD; + + rv = sc_pkcs11_lock(); + if (rv != CKR_OK) + return rv; + + sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_GetTokenInfo(%lx)", slotID); + + rv = slot_get_token(slotID, &slot); + if (rv != CKR_OK) + goto out; + + /* User PIN flags are cleared before re-calculation */ + slot->token_info.flags &= ~(CKF_USER_PIN_COUNT_LOW|CKF_USER_PIN_FINAL_TRY|CKF_USER_PIN_LOCKED); + auth = slot_data_auth(slot->fw_data); + if (auth) { + pin_info = (struct sc_pkcs15_pin_info*) auth->data; + + /* Try to update PIN info from card */ + memset(&data, 0, sizeof(data)); + data.cmd = SC_PIN_CMD_GET_INFO; + data.pin_type = SC_AC_CHV; + data.pin_reference = pin_info->reference; + + r = sc_pin_cmd(slot->card->card, &data, NULL); + if (r == SC_SUCCESS) { + if (data.pin1.max_tries > 0) + pin_info->max_tries = data.pin1.max_tries; + /* tries_left must be supported or sc_pin_cmd should not return SC_SUCCESS */ + pin_info->tries_left = data.pin1.tries_left; + } + + if (pin_info->tries_left >= 0) { + if (pin_info->tries_left == 1 || pin_info->max_tries == 1) + slot->token_info.flags |= CKF_USER_PIN_FINAL_TRY; + else if (pin_info->tries_left == 0) + slot->token_info.flags |= CKF_USER_PIN_LOCKED; + else if (pin_info->max_tries > 1 && pin_info->tries_left < pin_info->max_tries) + slot->token_info.flags |= CKF_USER_PIN_COUNT_LOW; + } + } + memcpy(pInfo, &slot->token_info, sizeof(CK_TOKEN_INFO)); +out: + sc_pkcs11_unlock(); + return rv; +} static int public_key_created(struct pkcs15_fw_data *fw_data, const unsigned int num_objects, @@ -308,6 +383,7 @@ if ((fw_data->objects[ii]->p15_object->type != SC_PKCS15_TYPE_PUBKEY) && (fw_data->objects[ii]->p15_object->type != SC_PKCS15_TYPE_PUBKEY_RSA) && (fw_data->objects[ii]->p15_object->type != SC_PKCS15_TYPE_PUBKEY_DSA) && + (fw_data->objects[ii]->p15_object->type != SC_PKCS15_TYPE_PUBKEY_EC) && (fw_data->objects[ii]->p15_object->type != SC_PKCS15_TYPE_PUBKEY_GOSTR3410)) { ii++; continue; @@ -366,16 +442,14 @@ return rv; if (p15_cert) { - obj2->pub_data = &p15_cert->key; - obj2->pub_data = (sc_pkcs15_pubkey_t *)calloc(1, sizeof(sc_pkcs15_pubkey_t)); - if (!obj2->pub_data) - return SC_ERROR_OUT_OF_MEMORY; - memcpy(obj2->pub_data, &p15_cert->key, sizeof(sc_pkcs15_pubkey_t)); + /* we take the pubkey from the cert, as it in not needed */ + obj2->pub_data = p15_cert->key; /* invalidate public data of the cert object so that sc_pkcs15_cert_free * does not free the public key data as well (something like * sc_pkcs15_pubkey_dup would have been nice here) -- Nils */ - memset(&p15_cert->key, 0, sizeof(sc_pkcs15_pubkey_t)); + p15_cert->key = NULL; + } else obj2->pub_data = NULL; /* will copy from cert when cert is read */ @@ -402,10 +476,17 @@ * and saved as a file before the certificate has been created. */ if (pubkey->flags & SC_PKCS15_CO_FLAG_PRIVATE) /* is the key private? */ - p15_key = NULL; /* will read key when needed */ + p15_key = NULL; /* will read key when needed */ else { - if ((rv = sc_pkcs15_read_pubkey(fw_data->p15_card, pubkey, &p15_key)) < 0) - p15_key = NULL; + /* if emulation already created pubkey use it */ + if (pubkey->emulated && (fw_data->p15_card->flags & SC_PKCS15_CARD_FLAG_EMULATED)) { + p15_key = (struct sc_pkcs15_pubkey *) pubkey->emulated; + sc_debug(context, SC_LOG_DEBUG_NORMAL, "Using emulated pubkey %p", p15_key); + } + else { + if ((rv = sc_pkcs15_read_pubkey(fw_data->p15_card, pubkey, &p15_key)) < 0) + p15_key = NULL; + } } /* Public key object */ @@ -482,7 +563,7 @@ rv = count = sc_pkcs15_get_objects(fw_data->p15_card, p15_type, p15_object, MAX_OBJECTS); if (rv >= 0) { - sc_debug(context, "Found %d %s%s\n", count, + sc_debug(context, SC_LOG_DEBUG_NORMAL, "Found %d %s%s\n", count, name, (count == 1)? "" : "s"); } @@ -499,7 +580,7 @@ sc_pkcs15_id_t *id = &pk->prv_info->id; unsigned int i; - sc_debug(context, "Object is a private key and has id %s", + sc_debug(context, SC_LOG_DEBUG_NORMAL, "Object is a private key and has id %s", sc_pkcs15_print_id(id)); for (i = 0; i < fw_data->num_objects; i++) { @@ -525,7 +606,7 @@ pubkey = (struct pkcs15_pubkey_object *) obj; if (sc_pkcs15_compare_id(&pubkey->pub_info->id, id)) { - sc_debug(context, "Associating object %d as public key", i); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "Associating object %d as public key", i); pk->prv_pubkey = pubkey; if (pk->prv_info->modulus_length == 0) pk->prv_info->modulus_length = pubkey->pub_info->modulus_length; @@ -541,7 +622,7 @@ sc_pkcs15_id_t *id = &cert->cert_info->id; unsigned int i; - sc_debug(context, "Object is a certificate and has id %s", + sc_debug(context, SC_LOG_DEBUG_NORMAL, "Object is a certificate and has id %s", sc_pkcs15_print_id(id)); /* Loop over all objects to see if we find the certificate of @@ -560,7 +641,7 @@ continue; if (c1->issuer_len == c2->subject_len && !memcmp(c1->issuer, c2->subject, c1->issuer_len)) { - sc_debug(context, "Associating object %d (id %s) as issuer", + sc_debug(context, SC_LOG_DEBUG_NORMAL, "Associating object %d (id %s) as issuer", i, sc_pkcs15_print_id(&cert2->cert_info->id)); cert->cert_issuer = (struct pkcs15_cert_object *) obj; return; @@ -571,7 +652,7 @@ pk = (struct pkcs15_prkey_object *) obj; if (sc_pkcs15_compare_id(&pk->prv_info->id, id)) { - sc_debug(context, "Associating object %d as private key", i); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "Associating object %d as private key", i); cert->cert_prvkey = pk; } } @@ -592,7 +673,7 @@ if (obj->base.flags & SC_PKCS11_OBJECT_HIDDEN) continue; - sc_debug(context, "Looking for objects related to object %d", i); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "Looking for objects related to object %d", i); if (is_privkey(obj)) { __pkcs15_prkey_bind_related(fw_data, (struct pkcs15_prkey_object *) obj); @@ -625,15 +706,13 @@ /* update the related public key object */ obj2 = cert->cert_pubkey; - obj2->pub_data = (sc_pkcs15_pubkey_t *)calloc(1, sizeof(sc_pkcs15_pubkey_t)); - if (!obj2->pub_data) - return SC_ERROR_OUT_OF_MEMORY; - memcpy(obj2->pub_data, &cert->cert_data->key, sizeof(sc_pkcs15_pubkey_t)); + obj2->pub_data = cert->cert_data->key; + /* We take the pub key from the cert that we will discard below */ /* invalidate public data of the cert object so that sc_pkcs15_cert_free * does not free the public key data as well (something like * sc_pkcs15_pubkey_dup would have been nice here) -- Nils */ - memset(&cert->cert_data->key, 0, sizeof(sc_pkcs15_pubkey_t)); + cert->cert_data->key = NULL; /* now that we have the cert and pub key, lets see if we can bind anything else */ @@ -642,19 +721,6 @@ return 0; } -static int -pool_is_present(struct sc_pkcs11_pool *pool, struct pkcs15_any_object *obj) -{ - struct sc_pkcs11_pool_item *item; - - for (item = pool->head; item != NULL; item = item->next) { - if (obj == (struct pkcs15_any_object *) item->item) - return 1; - } - - return 0; -} - static void pkcs15_add_object(struct sc_pkcs11_slot *slot, struct pkcs15_any_object *obj, @@ -667,18 +733,19 @@ || (obj->base.flags & (SC_PKCS11_OBJECT_HIDDEN | SC_PKCS11_OBJECT_RECURS))) return; - if (pool_is_present(&slot->object_pool, obj)) + + if (list_contains(&slot->objects, obj)) return; - pool_insert(&slot->object_pool, obj, pHandle); + if (pHandle != NULL) + *pHandle = (CK_OBJECT_HANDLE)obj; /* cast pointer to long */ + + list_append(&slot->objects, obj); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "Setting object handle of 0x%lx to 0x%lx", obj->base.handle, (CK_OBJECT_HANDLE)obj); + obj->base.handle = (CK_OBJECT_HANDLE)obj; /* cast pointer to long */ obj->base.flags |= SC_PKCS11_OBJECT_SEEN; obj->refcount++; - if (obj->p15_object && (obj->p15_object->user_consent > 0) ) { - sc_debug(context, "User consent object detected, marking slot as user_consent!\n"); - ((struct pkcs15_slot_data *)slot->fw_data)->user_consent = 1; - } - /* Add related objects * XXX prevent infinite recursion when a card specifies two certificates * referring to each other. @@ -688,6 +755,7 @@ switch (__p15_type(obj)) { case SC_PKCS15_TYPE_PRKEY_RSA: case SC_PKCS15_TYPE_PRKEY_GOSTR3410: + case SC_PKCS15_TYPE_PRKEY_EC: pkcs15_add_object(slot, (struct pkcs15_any_object *) obj->related_pubkey, NULL); card_fw_data = (struct pkcs15_fw_data *) slot->card->fw_data; for (i = 0; i < card_fw_data->num_objects; i++) { @@ -714,7 +782,7 @@ obj->base.flags &= ~SC_PKCS11_OBJECT_RECURS; } -static void pkcs15_init_slot(struct sc_pkcs15_card *card, +static void pkcs15_init_slot(struct sc_pkcs15_card *p15card, struct sc_pkcs11_slot *slot, struct sc_pkcs15_object *auth) { @@ -722,17 +790,18 @@ struct sc_pkcs15_pin_info *pin_info = NULL; char tmp[64]; - pkcs15_init_token_info(card, &slot->token_info); + pkcs15_init_token_info(p15card, &slot->token_info); slot->token_info.flags |= CKF_TOKEN_INITIALIZED; if (auth != NULL) slot->token_info.flags |= CKF_USER_PIN_INITIALIZED; - if (card->card->slot->capabilities & SC_SLOT_CAP_PIN_PAD) { + if (p15card->card->reader->capabilities & SC_READER_CAP_PIN_PAD) { slot->token_info.flags |= CKF_PROTECTED_AUTHENTICATION_PATH; - sc_pkcs11_conf.cache_pins = 0; } - if (card->card->caps & SC_CARD_CAP_RNG) + + if (p15card->card->caps & SC_CARD_CAP_RNG && p15card->card->ops->get_challenge != NULL) slot->token_info.flags |= CKF_RNG; - slot->fw_data = fw_data = (struct pkcs15_slot_data *) calloc(1, sizeof(*fw_data)); + + slot->fw_data = fw_data = calloc(1, sizeof(*fw_data)); fw_data->auth_obj = auth; if (auth != NULL) { @@ -740,13 +809,13 @@ if (auth->label[0]) { snprintf(tmp, sizeof(tmp), "%s (%s)", - card->label, auth->label); + p15card->tokeninfo->label, auth->label); } else { - snprintf(tmp, sizeof(tmp), "%s", card->label); + snprintf(tmp, sizeof(tmp), "%s", p15card->tokeninfo->label); } slot->token_info.flags |= CKF_LOGIN_REQUIRED; } else - snprintf(tmp, sizeof(tmp), "%s", card->label); + snprintf(tmp, sizeof(tmp), "%s", p15card->tokeninfo->label); strcpy_bp(slot->token_info.label, tmp, 32); if (pin_info && pin_info->magic == SC_PKCS15_PIN_MAGIC) { @@ -757,8 +826,10 @@ slot->token_info.ulMaxPinLen = 8; slot->token_info.ulMinPinLen = 4; } + if (p15card->flags & SC_PKCS15_CARD_FLAG_EMULATED) + slot->token_info.flags |= CKF_WRITE_PROTECTED; - sc_debug(context, "Initialized token '%s'\n", tmp); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "Initialized token '%s' in slot 0x%lx", tmp, slot->id); } static CK_RV pkcs15_create_slot(struct sc_pkcs11_card *p11card, @@ -788,7 +859,7 @@ struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *) p11card->fw_data; struct sc_pkcs15_object *auths[MAX_OBJECTS]; struct sc_pkcs11_slot *slot = NULL; - int i, rv, reader = p11card->reader; + int i, rv; int auth_count; int found_auth_count = 0; unsigned int j; @@ -798,51 +869,66 @@ auths, SC_PKCS15_MAX_PINS); if (rv < 0) - return sc_to_cryptoki_error(rv, reader); - sc_debug(context, "Found %d authentication objects\n", rv); + return sc_to_cryptoki_error(rv, NULL); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "Found %d authentication objects\n", rv); auth_count = rv; rv = pkcs15_create_pkcs11_objects(fw_data, SC_PKCS15_TYPE_PRKEY_RSA, - "private key", + "RSA private key", __pkcs15_create_prkey_object); if (rv < 0) - return sc_to_cryptoki_error(rv, reader); + return sc_to_cryptoki_error(rv, NULL); rv = pkcs15_create_pkcs11_objects(fw_data, SC_PKCS15_TYPE_PUBKEY_RSA, - "public key", + "RSA public key", + __pkcs15_create_pubkey_object); + if (rv < 0) + return sc_to_cryptoki_error(rv, NULL); + + rv = pkcs15_create_pkcs11_objects(fw_data, + SC_PKCS15_TYPE_PRKEY_EC, + "EC private key", + __pkcs15_create_prkey_object); + if (rv < 0) + return sc_to_cryptoki_error(rv, NULL); + + rv = pkcs15_create_pkcs11_objects(fw_data, + SC_PKCS15_TYPE_PUBKEY_EC, + "EC public key", __pkcs15_create_pubkey_object); if (rv < 0) - return sc_to_cryptoki_error(rv, reader); + return sc_to_cryptoki_error(rv, NULL); + rv = pkcs15_create_pkcs11_objects(fw_data, SC_PKCS15_TYPE_PRKEY_GOSTR3410, - "private key", + "GOSTR3410 private key", __pkcs15_create_prkey_object); if (rv < 0) - return sc_to_cryptoki_error(rv, reader); + return sc_to_cryptoki_error(rv, NULL); rv = pkcs15_create_pkcs11_objects(fw_data, SC_PKCS15_TYPE_PUBKEY_GOSTR3410, - "public key", + "GOSTR3410 public key", __pkcs15_create_pubkey_object); if (rv < 0) - return sc_to_cryptoki_error(rv, reader); + return sc_to_cryptoki_error(rv, NULL); rv = pkcs15_create_pkcs11_objects(fw_data, SC_PKCS15_TYPE_CERT_X509, "certificate", __pkcs15_create_cert_object); if (rv < 0) - return sc_to_cryptoki_error(rv, reader); + return sc_to_cryptoki_error(rv, NULL); rv = pkcs15_create_pkcs11_objects(fw_data, SC_PKCS15_TYPE_DATA_OBJECT, "data object", __pkcs15_create_data_object); if (rv < 0) - return sc_to_cryptoki_error(rv, reader); + return sc_to_cryptoki_error(rv, NULL); /* Match up related keys and certificates */ pkcs15_bind_related_objects(fw_data); @@ -863,6 +949,11 @@ if (hack_enabled && (pin_info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN) != 0) continue; + /* Ignore unblocking pins */ + if (!sc_pkcs11_conf.create_puk_slot) + if (pin_info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN) + continue; + found_auth_count++; rv = pkcs15_create_slot(p11card, auths[i], &slot); @@ -884,15 +975,15 @@ continue; if (is_privkey(obj)) { - sc_debug(context, "Adding private key %d to PIN %d\n", j, i); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "Adding private key %d to PIN %d\n", j, i); pkcs15_add_object(slot, obj, NULL); } else if (is_data(obj)) { - sc_debug(context, "Adding data object %d to PIN %d\n", j, i); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "Adding data object %d to PIN %d\n", j, i); pkcs15_add_object(slot, obj, NULL); } else if (is_cert(obj)) { - sc_debug(context, "Adding cert object %d to PIN %d\n", j, i); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "Adding cert object %d to PIN %d\n", j, i); pkcs15_add_object(slot, obj, NULL); } } @@ -915,7 +1006,8 @@ break; if (!(obj->base.flags & SC_PKCS11_OBJECT_SEEN)) { - sc_debug(context, "Object %d was not seen previously\n", j); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "%d: Object ('%s',type:%X) was not seen previously\n", j, + obj->p15_object->label, obj->p15_object->type); if (!slot) { rv = pkcs15_create_slot(p11card, NULL, &slot); if (rv != CKR_OK) @@ -925,7 +1017,7 @@ } } - /* Create read/write slots */ + /* FIXME Create read/write slots while (slot_allocate(&slot, p11card) == CKR_OK) { if (!sc_pkcs11_conf.hide_empty_tokens && !(fw_data->p15_card->flags & SC_PKCS15_CARD_FLAG_EMULATED)) { slot->slot_info.flags |= CKF_TOKEN_PRESENT; @@ -934,8 +1026,8 @@ slot->token_info.flags |= CKF_TOKEN_INITIALIZED; } } - - sc_debug(context, "All tokens created\n"); + */ + sc_debug(context, SC_LOG_DEBUG_NORMAL, "All tokens created\n"); return CKR_OK; } @@ -946,43 +1038,92 @@ return CKR_OK; } -static CK_RV pkcs15_login(struct sc_pkcs11_card *p11card, - void *fw_token, +static CK_RV pkcs15_login(struct sc_pkcs11_slot *slot, CK_USER_TYPE userType, CK_CHAR_PTR pPin, CK_ULONG ulPinLen) { int rc; + struct sc_pkcs11_card *p11card = slot->card; struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *) p11card->fw_data; - struct sc_pkcs15_card *card = fw_data->p15_card; + struct sc_pkcs15_card *p15card = fw_data->p15_card; struct sc_pkcs15_object *auth_object; - struct sc_pkcs15_pin_info *pin; + struct sc_pkcs15_pin_info *pin_info; switch (userType) { case CKU_USER: - auth_object = slot_data_auth(fw_token); + auth_object = slot_data_auth(slot->fw_data); if (auth_object == NULL) return CKR_USER_PIN_NOT_INITIALIZED; break; case CKU_SO: /* A card with no SO PIN is treated as if no SO login * is required */ - rc = sc_pkcs15_find_so_pin(card, &auth_object); + rc = sc_pkcs15_find_so_pin(p15card, &auth_object); /* If there's no SO PIN on the card, silently * accept any PIN, and lock the card if required */ - if (rc == SC_ERROR_OBJECT_NOT_FOUND - && sc_pkcs11_conf.lock_login) - rc = lock_card(fw_data); - if (rc < 0) - return sc_to_cryptoki_error(rc, p11card->reader); + if (rc == SC_ERROR_OBJECT_NOT_FOUND) { + rc = 0; + if (sc_pkcs11_conf.lock_login) + rc = lock_card(fw_data); + + if (sc_pkcs11_conf.pin_unblock_style == SC_PKCS11_PIN_UNBLOCK_SO_LOGGED_INITPIN) { + if (ulPinLen && ulPinLen < sizeof(fw_data->user_puk)) { + memcpy(fw_data->user_puk, pPin, ulPinLen); + fw_data->user_puk_len = ulPinLen; + } + } + + sc_debug(context, SC_LOG_DEBUG_NORMAL, "No SOPIN found; returns %d", rc); + return sc_to_cryptoki_error(rc, "C_Login"); + } + else if (rc < 0) { + return sc_to_cryptoki_error(rc, "C_Login"); + } + break; + case CKU_CONTEXT_SPECIFIC: + /* + * A session should already be open for user or SO + * All we need to do is authenticate to the card + * using the correct auth_object. + * TODO: handle the CK_SO case + */ + sc_debug(context, SC_LOG_DEBUG_NORMAL, "context specific login %d", + slot->login_user); + if (slot->login_user == CKU_USER) { + auth_object = slot_data_auth(slot->fw_data); + if (auth_object == NULL) + return CKR_USER_PIN_NOT_INITIALIZED; + break; + } + /* TODO looks like this was never executed, + * And even if it was, why the lock as a session + * should already be open and the card locked. + */ + /* For a while, used only to unblock User PIN. */ + rc = 0; + if (sc_pkcs11_conf.lock_login) + rc = lock_card(fw_data); +#if 0 + /* TODO: Look for pkcs15 auth object with 'unblockingPin' flag activated. + * If exists, do verification of PIN (in fact PUK). */ + if (sc_pkcs11_conf.pin_unblock_style == SC_PKCS11_PIN_UNBLOCK_SCONTEXT_SETPIN) { + if (ulPinLen && ulPinLen < sizeof(fw_data->user_puk)) { + memcpy(fw_data->user_puk, pPin, ulPinLen); + fw_data->user_puk_len = ulPinLen; + } + } +#endif + sc_debug(context, SC_LOG_DEBUG_NORMAL, "context specific login returns %d", rc); + return sc_to_cryptoki_error(rc, "C_Login"); default: return CKR_USER_TYPE_INVALID; } - pin = (struct sc_pkcs15_pin_info *) auth_object->data; + pin_info = (struct sc_pkcs15_pin_info *) auth_object->data; - if (p11card->card->slot->capabilities & SC_SLOT_CAP_PIN_PAD) { + if (p11card->card->reader->capabilities & SC_READER_CAP_PIN_PAD) { /* pPin should be NULL in case of a pin pad reader, but * some apps (e.g. older Netscapes) don't know about it. * So we don't require that pPin == NULL, but set it to @@ -1001,55 +1142,129 @@ * If PIN is out of range, * it cannot be correct. */ - if (ulPinLen < pin->min_length || - ulPinLen > pin->max_length) + if (ulPinLen < pin_info->min_length || + ulPinLen > pin_info->max_length) return CKR_PIN_INCORRECT; } + /* By default, we make the reader resource manager keep other * processes from accessing the card while we're logged in. * Otherwise an attacker could perform some crypto operation * after we've authenticated with the card */ + + /* Context specific login is not real login but only a + * reassertion of the PIN to the card. + * And we don't want to do any extra operations to the card + * that could invalidate the assertion of the pin + * before the crypto operation that requires the assertion + */ + if (userType != CKU_CONTEXT_SPECIFIC) { if (sc_pkcs11_conf.lock_login && (rc = lock_card(fw_data)) < 0) - return sc_to_cryptoki_error(rc, p11card->reader); + return sc_to_cryptoki_error(rc, "C_Login"); + } - rc = sc_pkcs15_verify_pin(card, pin, pPin, ulPinLen); - sc_debug(context, "PIN verification returned %d\n", rc); - - if (rc >= 0) - cache_pin(fw_token, userType, &pin->path, pPin, ulPinLen); + rc = sc_pkcs15_verify_pin(p15card, auth_object, pPin, ulPinLen); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "PKCS15 verify PIN returned %d", rc); + + if (rc != SC_SUCCESS) + return sc_to_cryptoki_error(rc, "C_Login"); + + if (userType == CKU_USER) { + sc_pkcs15_object_t *p15_obj = p15card->obj_list; + sc_pkcs15_search_key_t sk; + + sc_debug(context, SC_LOG_DEBUG_NORMAL, "Check if pkcs15 object list can be completed."); - return sc_to_cryptoki_error(rc, p11card->reader); + /* Ensure non empty list */ + if (p15_obj == NULL) + return CKR_OK; + + /* Select last object in list */ + while(p15_obj->next) + p15_obj = p15_obj->next; + + /* Trigger enumeration of EF.XXX files */ + memset(&sk, 0, sizeof(sk)); + sk.class_mask = SC_PKCS15_SEARCH_CLASS_PRKEY | SC_PKCS15_SEARCH_CLASS_PUBKEY | + SC_PKCS15_SEARCH_CLASS_CERT | SC_PKCS15_SEARCH_CLASS_DATA; + sc_pkcs15_search_objects(p15card, &sk, NULL, 0); + + /* Iterate over newly discovered objects */ + while(p15_obj->next) { + struct pkcs15_any_object *fw_obj; + + p15_obj = p15_obj->next; + + if (!sc_pkcs15_compare_id(&pin_info->auth_id, &p15_obj->auth_id)) + continue; + + switch (p15_obj->type & SC_PKCS15_TYPE_CLASS_MASK) { + case SC_PKCS15_TYPE_PRKEY: + __pkcs15_create_prkey_object(fw_data, p15_obj, &fw_obj); break; + case SC_PKCS15_TYPE_PUBKEY: + __pkcs15_create_pubkey_object(fw_data, p15_obj, &fw_obj); break; + case SC_PKCS15_TYPE_CERT: + __pkcs15_create_cert_object(fw_data, p15_obj, &fw_obj); break; + case SC_PKCS15_TYPE_DATA_OBJECT: + __pkcs15_create_data_object(fw_data, p15_obj, &fw_obj); break; + default: continue; + } + + sc_debug(context, SC_LOG_DEBUG_NORMAL, "new object found: type=0x%03X", p15_obj->type); + pkcs15_add_object(slot, fw_obj, NULL); + } + } + + return CKR_OK; } static CK_RV pkcs15_logout(struct sc_pkcs11_card *p11card, void *fw_token) { struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *) p11card->fw_data; - int rc = 0; + CK_RV ret = CKR_OK; + int rc; + + memset(fw_data->user_puk, 0, sizeof(fw_data->user_puk)); + fw_data->user_puk_len = 0; - cache_pin(fw_token, CKU_SO, NULL, NULL, 0); - cache_pin(fw_token, CKU_USER, NULL, NULL, 0); + sc_pkcs15_pincache_clear(fw_data->p15_card); + + rc = sc_logout(fw_data->p15_card->card); + + /* Ignore missing card specific logout functions. #302 */ + if (rc == SC_ERROR_NOT_SUPPORTED) + rc = SC_SUCCESS; - sc_logout(fw_data->p15_card->card); + if (rc != SC_SUCCESS) + ret = sc_to_cryptoki_error(rc, "C_Logout"); - if (sc_pkcs11_conf.lock_login) + if (sc_pkcs11_conf.lock_login) { rc = unlock_card(fw_data); - return sc_to_cryptoki_error(rc, p11card->reader); + if (rc != SC_SUCCESS) + ret = sc_to_cryptoki_error(rc, "C_Logout"); + } + + return ret; } static CK_RV pkcs15_change_pin(struct sc_pkcs11_card *p11card, - void *fw_token, + void *fw_token, int login_user, CK_CHAR_PTR pOldPin, CK_ULONG ulOldLen, CK_CHAR_PTR pNewPin, CK_ULONG ulNewLen) { int rc; struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *) p11card->fw_data; - struct sc_pkcs15_pin_info *pin; + struct sc_pkcs15_pin_info *pin_info; + struct sc_pkcs15_object *pin_obj; + + if (!(pin_obj = slot_data_auth(fw_token))) + return CKR_USER_PIN_NOT_INITIALIZED; - if (!(pin = slot_data_pin_info(fw_token))) + if (!(pin_info = slot_data_pin_info(fw_token))) return CKR_USER_PIN_NOT_INITIALIZED; - if (p11card->card->slot->capabilities & SC_SLOT_CAP_PIN_PAD) { + if (p11card->card->reader->capabilities & SC_READER_CAP_PIN_PAD) { /* pPin should be NULL in case of a pin pad reader, but * some apps (e.g. older Netscapes) don't know about it. * So we don't require that pPin == NULL, but set it to @@ -1058,18 +1273,35 @@ */ pOldPin = pNewPin = NULL; ulOldLen = ulNewLen = 0; - } else - if (ulNewLen < pin->min_length || - ulNewLen > pin->max_length) + } + else if (ulNewLen < pin_info->min_length || ulNewLen > pin_info->max_length) { return CKR_PIN_LEN_RANGE; + } - rc = sc_pkcs15_change_pin(fw_data->p15_card, pin, pOldPin, ulOldLen, - pNewPin, ulNewLen); - sc_debug(context, "PIN change returned %d\n", rc); - - if (rc >= 0) - cache_pin(fw_token, CKU_USER, &pin->path, pNewPin, ulNewLen); - return sc_to_cryptoki_error(rc, p11card->reader); + if (login_user < 0) { + if (sc_pkcs11_conf.pin_unblock_style != SC_PKCS11_PIN_UNBLOCK_UNLOGGED_SETPIN) { + sc_debug(context, SC_LOG_DEBUG_NORMAL, "PIN unlock is not allowed in unlogged session"); + return CKR_FUNCTION_NOT_SUPPORTED; + } + rc = sc_pkcs15_unblock_pin(fw_data->p15_card, pin_obj, pOldPin, ulOldLen, pNewPin, ulNewLen); + } + else if (login_user == CKU_CONTEXT_SPECIFIC) { + if (sc_pkcs11_conf.pin_unblock_style != SC_PKCS11_PIN_UNBLOCK_SCONTEXT_SETPIN) { + sc_debug(context, SC_LOG_DEBUG_NORMAL, "PIN unlock is not allowed with CKU_CONTEXT_SPECIFIC login"); + return CKR_FUNCTION_NOT_SUPPORTED; + } + rc = sc_pkcs15_unblock_pin(fw_data->p15_card, pin_obj, pOldPin, ulOldLen, pNewPin, ulNewLen); + } + else if (login_user == CKU_USER) { + rc = sc_pkcs15_change_pin(fw_data->p15_card, pin_obj, pOldPin, ulOldLen, pNewPin, ulNewLen); + } + else { + sc_debug(context, SC_LOG_DEBUG_NORMAL, "cannot change PIN: non supported login type: %i", login_user); + return CKR_FUNCTION_NOT_SUPPORTED; + } + + sc_debug(context, SC_LOG_DEBUG_NORMAL, "PIN change returns %d\n", rc); + return sc_to_cryptoki_error(rc, "C_SetPIN"); } #ifdef USE_PKCS15_INIT @@ -1081,17 +1313,40 @@ struct sc_pkcs15init_pinargs args; struct sc_profile *profile; struct sc_pkcs15_object *auth_obj; - sc_pkcs15_pin_info_t *pin_info; + struct sc_pkcs15_pin_info *pin_info; int rc; + sc_debug(context, SC_LOG_DEBUG_NORMAL, "pkcs15 init PIN: pin %p:%d\n", pPin, ulPinLen); + + pin_info = slot_data_pin_info(slot->fw_data); + if (pin_info && sc_pkcs11_conf.pin_unblock_style == SC_PKCS11_PIN_UNBLOCK_SO_LOGGED_INITPIN) { + auth_obj = slot_data_auth(slot->fw_data); + if (fw_data->user_puk_len) { + rc = sc_pkcs15_unblock_pin(fw_data->p15_card, auth_obj, + fw_data->user_puk, fw_data->user_puk_len, pPin, ulPinLen); + } + else { +#if 0 + /* TODO: Actually sc_pkcs15_unblock_pin() do not accepts zero length value as a PUK argument. + * It's usefull for the cards that do not supports modes 00 and 01 + * of ISO 'RESET RETRY COUNTER' command. */ + rc = sc_pkcs15_unblock_pin(fw_data->p15_card, auth_obj, NULL, 0, pPin, ulPinLen); +#else + return sc_to_cryptoki_error(SC_ERROR_NOT_SUPPORTED, "C_InitPIN"); +#endif + } + + return sc_to_cryptoki_error(rc, "C_InitPIN"); + } + rc = sc_lock(p11card->card); if (rc < 0) - return sc_to_cryptoki_error(rc, p11card->reader); + return sc_to_cryptoki_error(rc, "C_InitPIN"); rc = sc_pkcs15init_bind(p11card->card, "pkcs15", NULL, &profile); if (rc < 0) { sc_unlock(p11card->card); - return sc_to_cryptoki_error(rc, p11card->reader); + return sc_to_cryptoki_error(rc, "C_InitPIN"); } memset(&args, 0, sizeof(args)); @@ -1103,20 +1358,17 @@ sc_pkcs15init_unbind(profile); sc_unlock(p11card->card); if (rc < 0) - return sc_to_cryptoki_error(rc, p11card->reader); + return sc_to_cryptoki_error(rc, "C_InitPIN"); rc = sc_pkcs15_find_pin_by_auth_id(fw_data->p15_card, &args.auth_id, &auth_obj); if (rc < 0) - return sc_to_cryptoki_error(rc, p11card->reader); + return sc_to_cryptoki_error(rc, "C_InitPIN"); /* Re-initialize the slot */ free(slot->fw_data); pkcs15_init_slot(fw_data->p15_card, slot, auth_obj); pin_info = (sc_pkcs15_pin_info_t *) auth_obj->data; - - cache_pin(slot->fw_data, CKU_USER, &pin_info->path, pPin, ulPinLen); - return CKR_OK; } @@ -1133,7 +1385,9 @@ struct sc_pkcs15_pin_info *pin; CK_KEY_TYPE key_type; struct sc_pkcs15_prkey_rsa *rsa; + struct sc_pkcs15_prkey_ec *ec; int rc, rv; + char label[SC_PKCS15_MAX_LABEL_SIZE]; memset(&args, 0, sizeof(args)); @@ -1146,10 +1400,20 @@ rv = attr_find(pTemplate, ulCount, CKA_KEY_TYPE, &key_type, NULL); if (rv != CKR_OK) return rv; - if (key_type != CKK_RSA) - return CKR_ATTRIBUTE_VALUE_INVALID; - args.key.algorithm = SC_ALGORITHM_RSA; - rsa = &args.key.u.rsa; + switch (key_type) { + case CKK_RSA: + args.key.algorithm = SC_ALGORITHM_RSA; + rsa = &args.key.u.rsa; + break; + case CKK_EC: + args.key.algorithm = SC_ALGORITHM_EC; + ec = &args.key.u.ec; + /* TODO: -DEE Do not have PKCS15 card with EC to test this */ + /* fall through */ + default: + return CKR_ATTRIBUTE_VALUE_INVALID; + } + rv = CKR_OK; while (ulCount--) { @@ -1164,7 +1428,7 @@ case CKA_PRIVATE: break; case CKA_LABEL: - args.label = (char *) attr->pValue; + args.label = set_cka_label(attr, label); break; case CKA_ID: args.id.len = sizeof(args.id.value); @@ -1203,7 +1467,7 @@ rc = sc_pkcs15init_store_private_key(fw_data->p15_card, profile, &args, &key_obj); if (rc < 0) { - rv = sc_to_cryptoki_error(rc, p11card->reader); + rv = sc_to_cryptoki_error(rc, "C_CreateObject"); goto out; } @@ -1230,6 +1494,7 @@ CK_KEY_TYPE key_type; struct sc_pkcs15_pubkey_rsa *rsa; int rc, rv; + char label[SC_PKCS15_MAX_LABEL_SIZE]; memset(&args, 0, sizeof(args)); @@ -1242,10 +1507,17 @@ rv = attr_find(pTemplate, ulCount, CKA_KEY_TYPE, &key_type, NULL); if (rv != CKR_OK) return rv; - if (key_type != CKK_RSA) - return CKR_ATTRIBUTE_VALUE_INVALID; - args.key.algorithm = SC_ALGORITHM_RSA; - rsa = &args.key.u.rsa; + switch (key_type) { + case CKK_RSA: + args.key.algorithm = SC_ALGORITHM_RSA; + rsa = &args.key.u.rsa; + break; + case CKK_EC: + /* TODO: -DEE Do not have real pkcs15 card with EC */ + /* fall through */ + default: + return CKR_ATTRIBUTE_VALUE_INVALID; + } rv = CKR_OK; while (ulCount--) { @@ -1260,7 +1532,7 @@ case CKA_PRIVATE: break; case CKA_LABEL: - args.label = (char *) attr->pValue; + args.label = set_cka_label(attr, label); break; case CKA_ID: args.id.len = sizeof(args.id.value); @@ -1292,7 +1564,7 @@ rc = sc_pkcs15init_store_public_key(fw_data->p15_card, profile, &args, &key_obj); if (rc < 0) { - rv = sc_to_cryptoki_error(rc, p11card->reader); + rv = sc_to_cryptoki_error(rc, "C_CreateObject"); goto out; } @@ -1318,6 +1590,7 @@ CK_CERTIFICATE_TYPE cert_type; CK_BBOOL bValue; int rc, rv; + char label[SC_PKCS15_MAX_LABEL_SIZE]; memset(&args, 0, sizeof(args)); @@ -1345,7 +1618,7 @@ } break; case CKA_LABEL: - args.label = (char *) attr->pValue; + args.label = set_cka_label(attr, label); break; case CKA_ID: args.id.len = sizeof(args.id.value); @@ -1370,7 +1643,7 @@ rc = sc_pkcs15init_store_certificate(fw_data->p15_card, profile, &args, &cert_obj); if (rc < 0) { - rv = sc_to_cryptoki_error(rc, p11card->reader); + rv = sc_to_cryptoki_error(rc, "C_CreateObject"); goto out; } /* Create a new pkcs11 object for it */ @@ -1395,6 +1668,7 @@ struct sc_pkcs15_pin_info *pin; CK_BBOOL bValue; int rc, rv; + char label[SC_PKCS15_MAX_LABEL_SIZE]; memset(&args, 0, sizeof(args)); args.app_oid.value[0] = -1; @@ -1419,7 +1693,7 @@ } break; case CKA_LABEL: - args.label = (char *) attr->pValue; + args.label = set_cka_label(attr, label); break; case CKA_ID: args.id.len = sizeof(args.id.value); @@ -1452,7 +1726,7 @@ rc = sc_pkcs15init_store_data_object(fw_data->p15_card, profile, &args, &data_obj); if (rc < 0) { - rv = sc_to_cryptoki_error(rc, p11card->reader); + rv = sc_to_cryptoki_error(rc, "C_CreateObject"); goto out; } /* Create a new pkcs11 object for it */ @@ -1479,18 +1753,15 @@ rc = sc_lock(p11card->card); if (rc < 0) - return sc_to_cryptoki_error(rc, p11card->reader); + return sc_to_cryptoki_error(rc, "C_CreateObject"); /* Bind the profile */ rc = sc_pkcs15init_bind(p11card->card, "pkcs15", NULL, &profile); if (rc < 0) { sc_unlock(p11card->card); - return sc_to_cryptoki_error(rc, p11card->reader); + return sc_to_cryptoki_error(rc, "C_CreateObject"); } - /* Add the PINs the user presented so far to the keycache. */ - add_pins_to_keycache(p11card, slot); - switch (_class) { case CKO_PRIVATE_KEY: rv = pkcs15_create_private_key(p11card, slot, profile, @@ -1536,7 +1807,7 @@ if (typ == CKA_DERIVE && *val) *x509_usage |= SC_PKCS15INIT_X509_KEY_AGREEMENT; if (typ == CKA_VERIFY || typ == CKA_WRAP || typ == CKA_ENCRYPT) { - sc_debug(context, "get_X509_usage_privk(): invalid typ = 0x%0x\n", typ); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "get_X509_usage_privk(): invalid typ = 0x%0x\n", typ); return CKR_ATTRIBUTE_TYPE_INVALID; } } @@ -1561,7 +1832,7 @@ if (typ == CKA_DERIVE && *val) *x509_usage |= SC_PKCS15INIT_X509_KEY_AGREEMENT; if (typ == CKA_SIGN || typ == CKA_UNWRAP || typ == CKA_DECRYPT) { - sc_debug(context, "get_X509_usage_pubk(): invalid typ = 0x%0x\n", typ); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "get_X509_usage_pubk(): invalid typ = 0x%0x\n", typ); return CKR_ATTRIBUTE_TYPE_INVALID; } } @@ -1587,10 +1858,8 @@ for (i = 0; i < sizeof(gostr3410_param_oid) /sizeof(gostr3410_param_oid[0]); ++i) { if (!memcmp(gost_params_oid, gostr3410_param_oid[i].oid, len)) { - prkey_args->gost_params.gostr3410 = - gostr3410_param_oid[i].param; - pubkey_args->gost_params.gostr3410 = - gostr3410_param_oid[i].param; + prkey_args->params.gost.gostr3410 = gostr3410_param_oid[i].param; + pubkey_args->params.gost.gostr3410 = gostr3410_param_oid[i].param; break; } } @@ -1612,7 +1881,6 @@ struct sc_profile *profile = NULL; struct sc_pkcs15_pin_info *pin; struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *) p11card->fw_data; - struct sc_pkcs15_card *p15card = fw_data->p15_card; struct sc_pkcs15init_keygen_args keygen_args; struct sc_pkcs15init_pubkeyargs pub_args; struct sc_pkcs15_object *priv_key_obj; @@ -1627,20 +1895,21 @@ char priv_label[SC_PKCS15_MAX_LABEL_SIZE]; int rc, rv = CKR_OK; - sc_debug(context, "Keypair generation, mech = 0x%0x\n", pMechanism->mechanism); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "Keypair generation, mech = 0x%0x\n", pMechanism->mechanism); if (pMechanism->mechanism != CKM_RSA_PKCS_KEY_PAIR_GEN - && pMechanism->mechanism != CKM_GOSTR3410_KEY_PAIR_GEN) + && pMechanism->mechanism != CKM_GOSTR3410_KEY_PAIR_GEN + && pMechanism->mechanism != CKM_EC_KEY_PAIR_GEN) return CKR_MECHANISM_INVALID; rc = sc_lock(p11card->card); if (rc < 0) - return sc_to_cryptoki_error(rc, p11card->reader); + return sc_to_cryptoki_error(rc, "C_GenerateKeyPair"); rc = sc_pkcs15init_bind(p11card->card, "pkcs15", NULL, &profile); if (rc < 0) { sc_unlock(p11card->card); - return sc_to_cryptoki_error(rc, p11card->reader); + return sc_to_cryptoki_error(rc, "C_GenerateKeyPair"); } memset(&keygen_args, 0, sizeof(keygen_args)); @@ -1653,23 +1922,38 @@ rv = attr_find2(pPubTpl, ulPubCnt, pPrivTpl, ulPrivCnt, CKA_KEY_TYPE, &keytype, NULL); - if (rv != CKR_OK) + if (rv != CKR_OK && pMechanism->mechanism == CKM_RSA_PKCS_KEY_PAIR_GEN) keytype = CKK_RSA; - if (keytype == CKK_GOSTR3410) - { + else if (rv != CKR_OK && pMechanism->mechanism == CKM_EC_KEY_PAIR_GEN) + keytype = CKK_EC; + else if (rv != CKR_OK) + goto kpgen_done; + + if (keytype == CKK_GOSTR3410) { keygen_args.prkey_args.key.algorithm = SC_ALGORITHM_GOSTR3410; pub_args.key.algorithm = SC_ALGORITHM_GOSTR3410; set_gost_params(&keygen_args.prkey_args, &pub_args, pPubTpl, ulPubCnt, pPrivTpl, ulPrivCnt); } - else if (keytype == CKK_RSA) - { + else if (keytype == CKK_RSA) { /* default value (CKA_KEY_TYPE isn't set) or CKK_RSA is set */ keygen_args.prkey_args.key.algorithm = SC_ALGORITHM_RSA; pub_args.key.algorithm = SC_ALGORITHM_RSA; } - else - { + else if (keytype == CKK_EC) { + struct sc_pkcs15_der *der = &keygen_args.prkey_args.params.ec.der; + + der->len = sizeof(struct sc_object_id); + rv = attr_find_ptr(pPubTpl, ulPubCnt, CKA_EC_PARAMS, (void **)&der->value, &der->len); + if (rv != CKR_OK) { + sc_unlock(p11card->card); + return sc_to_cryptoki_error(rc, "C_GenerateKeyPair"); + } + + keygen_args.prkey_args.key.algorithm = SC_ALGORITHM_EC; + pub_args.key.algorithm = SC_ALGORITHM_EC; + } + else { /* CKA_KEY_TYPE is set, but keytype isn't correct */ rv = CKR_ATTRIBUTE_VALUE_INVALID; goto kpgen_done; @@ -1714,61 +1998,27 @@ goto kpgen_done; pub_args.x509_usage = keygen_args.prkey_args.x509_usage; - /* 2. Add the PINs the user presented so far to the keycache */ - - add_pins_to_keycache(p11card, slot); - /* 3.a Try on-card key pair generation */ + sc_pkcs15init_set_p15card(profile, fw_data->p15_card); + + sc_debug(context, SC_LOG_DEBUG_NORMAL, "Try on-card key pair generation"); rc = sc_pkcs15init_generate_key(fw_data->p15_card, profile, &keygen_args, keybits, &priv_key_obj); if (rc >= 0) { id = ((struct sc_pkcs15_prkey_info *) priv_key_obj->data)->id; rc = sc_pkcs15_find_pubkey_by_id(fw_data->p15_card, &id, &pub_key_obj); if (rc != 0) { - sc_debug(context, "sc_pkcs15_find_pubkey_by_id returned %d\n", rc); - rv = sc_to_cryptoki_error(rc, p11card->reader); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "sc_pkcs15_find_pubkey_by_id returned %d\n", rc); + rv = sc_to_cryptoki_error(rc, "C_GenerateKeyPair"); goto kpgen_done; } } else if (rc != SC_ERROR_NOT_SUPPORTED) { - sc_debug(context, "sc_pkcs15init_generate_key returned %d\n", rc); - rv = sc_to_cryptoki_error(rc, p11card->reader); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "sc_pkcs15init_generate_key returned %d\n", rc); + rv = sc_to_cryptoki_error(rc, "C_GenerateKeyPair"); goto kpgen_done; } - else { - /* 3.b Try key pair generation in software, if allowed */ - - if (!sc_pkcs11_conf.soft_keygen_allowed) { - sc_debug(context, "On card keypair gen not supported, software keypair gen not allowed"); - rv = CKR_FUNCTION_FAILED; - goto kpgen_done; - } - - sc_debug(context, "Doing key pair generation in software\n"); - rv = sc_pkcs11_gen_keypair_soft(keytype, keybits, - &keygen_args.prkey_args.key, &pub_args.key); - if (rv != CKR_OK) { - sc_debug(context, "sc_pkcs11_gen_keypair_soft failed: 0x%0x\n", rv); - goto kpgen_done; - } - - /* Write the new public and private keys to the pkcs15 files */ - rc = sc_pkcs15init_store_private_key(p15card, profile, - &keygen_args.prkey_args, &priv_key_obj); - if (rc >= 0) - rc = sc_pkcs15init_store_public_key(p15card, profile, - &pub_args, &pub_key_obj); - - sc_pkcs15_erase_prkey(&keygen_args.prkey_args.key); - sc_pkcs15_erase_pubkey(&pub_args.key); - - if (rc < 0) { - sc_debug(context, "private/public keys not stored: %d\n", rc); - rv = sc_to_cryptoki_error(rc, p11card->reader); - goto kpgen_done; - } - } /* 4. Create new pkcs11 public and private key object */ @@ -1776,8 +2026,8 @@ if (rc == 0) rc = __pkcs15_create_pubkey_object(fw_data, pub_key_obj, &pub_any_obj); if (rc != 0) { - sc_debug(context, "__pkcs15_create_pr/pubkey_object returned %d\n", rc); - rv = sc_to_cryptoki_error(rc, p11card->reader); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "__pkcs15_create_pr/pubkey_object returned %d\n", rc); + rv = sc_to_cryptoki_error(rc, "C_GenerateKeyPair"); goto kpgen_done; } pkcs15_add_object(slot, priv_any_obj, phPrivKey); @@ -1793,15 +2043,59 @@ } #endif +static CK_RV pkcs15_any_destroy(struct sc_pkcs11_session *session, void *object) +{ +#ifndef USE_PKCS15_INIT + return CKR_FUNCTION_NOT_SUPPORTED; +#else + struct pkcs15_data_object *obj = (struct pkcs15_data_object*) object; + struct pkcs15_any_object *any_obj = (struct pkcs15_any_object*) object; + struct sc_pkcs11_card *card = session->slot->card; + struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *) card->fw_data; + struct sc_profile *profile = NULL; + int rv; + + rv = sc_lock(card->card); + if (rv < 0) + return sc_to_cryptoki_error(rv, "C_DestroyObject"); + + /* Bind the profile */ + rv = sc_pkcs15init_bind(card->card, "pkcs15", NULL, &profile); + if (rv < 0) { + sc_unlock(card->card); + return sc_to_cryptoki_error(rv, "C_DestroyObject"); + } + + /* Delete object in smartcard */ + rv = sc_pkcs15init_delete_object(fw_data->p15_card, profile, obj->base.p15_object); + if (rv >= 0) { + /* Oppose to pkcs15_add_object */ + --any_obj->refcount; /* correct refcont */ + list_delete(&session->slot->objects, any_obj); + /* Delete object in pkcs15 */ + rv = __pkcs15_delete_object(fw_data, any_obj); + } + + sc_pkcs15init_unbind(profile); + sc_unlock(card->card); + + if (rv < 0) + return sc_to_cryptoki_error(rv, "C_DestroyObject"); + + return CKR_OK; +#endif +} + + static CK_RV pkcs15_get_random(struct sc_pkcs11_card *p11card, CK_BYTE_PTR p, CK_ULONG len) { int rc; - struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *) p11card->fw_data; - struct sc_card *card = fw_data->p15_card->card; + struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *) p11card->fw_data; + struct sc_card *card = fw_data->p15_card->card; rc = sc_get_challenge(card, p, (size_t)len); - return sc_to_cryptoki_error(rc, p11card->reader); + return sc_to_cryptoki_error(rc, "C_GenerateRandom"); } struct sc_pkcs11_framework_ops framework_pkcs15 = { @@ -1822,7 +2116,6 @@ NULL, NULL, #endif - NULL, /* seed_random */ pkcs15_get_random }; @@ -1842,17 +2135,14 @@ rc = sc_lock(p11card->card); if (rc < 0) - return sc_to_cryptoki_error(rc, p11card->reader); + return sc_to_cryptoki_error(rc, "C_SetAttributeValue"); rc = sc_pkcs15init_bind(p11card->card, "pkcs15", NULL, &profile); if (rc < 0) { sc_unlock(p11card->card); - return sc_to_cryptoki_error(rc, p11card->reader); + return sc_to_cryptoki_error(rc, "C_SetAttributeValue"); } - /* Add the PINs the user presented so far to the keycache. */ - add_pins_to_keycache(p11card, session->slot); - switch(attr->type) { case CKA_LABEL: rc = sc_pkcs15init_change_attrib(fw_data->p15_card, profile, p15_object, @@ -1876,7 +2166,7 @@ goto set_attr_done; } - rv = sc_to_cryptoki_error(rc, p11card->reader); + rv = sc_to_cryptoki_error(rc, "C_SetAttributeValue"); set_attr_done: sc_pkcs15init_unbind(profile); @@ -1945,9 +2235,8 @@ *(CK_CERTIFICATE_TYPE*)attr->pValue = CKC_X_509; break; case CKA_ID: - /* Not sure why CA certs should be reported with an - * ID of 00. --okir 20030413 */ - if (cert->cert_info->authority) { + if (cert->cert_info->authority + && sc_pkcs11_conf.zero_ckaid_for_ca_certs) { check_attribute_buffer(attr, 1); *(unsigned char*)attr->pValue = 0; } else { @@ -2044,7 +2333,7 @@ pkcs15_cert_set_attribute, pkcs15_cert_get_attribute, pkcs15_cert_cmp_attribute, - NULL, + pkcs15_any_destroy, NULL, NULL, NULL, @@ -2089,9 +2378,11 @@ * applications assume they can get that from the private * key, something PKCS#11 doesn't guarantee. */ - if ((attr->type == CKA_MODULUS) || (attr->type == CKA_PUBLIC_EXPONENT)) { + if ((attr->type == CKA_MODULUS) || (attr->type == CKA_PUBLIC_EXPONENT) || + ((attr->type == CKA_MODULUS_BITS) && (prkey->prv_p15obj->type == SC_PKCS15_TYPE_PRKEY_EC)) || + (attr->type == CKA_ECDSA_PARAMS)) { /* First see if we have a associated public key */ - if (prkey->prv_pubkey) + if (prkey->prv_pubkey && prkey->prv_pubkey->pub_data) key = prkey->prv_pubkey->pub_data; else { /* Try to find a certificate with the public key */ @@ -2128,6 +2419,10 @@ check_attribute_buffer(attr, sizeof(CK_BBOOL)); *(CK_BBOOL*)attr->pValue = TRUE; break; + case CKA_ALWAYS_AUTHENTICATE: + check_attribute_buffer(attr, sizeof(CK_BBOOL)); + *(CK_BBOOL*)attr->pValue = prkey->prv_p15obj->user_consent; + break; case CKA_PRIVATE: check_attribute_buffer(attr, sizeof(CK_BBOOL)); *(CK_BBOOL*)attr->pValue = (prkey->prv_p15obj->flags & SC_PKCS15_CO_FLAG_PRIVATE) != 0; @@ -2144,10 +2439,19 @@ break; case CKA_KEY_TYPE: check_attribute_buffer(attr, sizeof(CK_KEY_TYPE)); - if (prkey->prv_p15obj->type == SC_PKCS15_TYPE_PRKEY_GOSTR3410) - *(CK_KEY_TYPE*)attr->pValue = CKK_GOSTR3410; - else - *(CK_KEY_TYPE*)attr->pValue = CKK_RSA; + switch (prkey->prv_p15obj->type) { + case SC_PKCS15_TYPE_PRKEY_RSA: + *(CK_KEY_TYPE*)attr->pValue = CKK_RSA; + break; + case SC_PKCS15_TYPE_PRKEY_GOSTR3410: + *(CK_KEY_TYPE*)attr->pValue = CKK_GOSTR3410; + break; + case SC_PKCS15_TYPE_PRKEY_EC: + *(CK_KEY_TYPE*)attr->pValue = CKK_EC; + break; + default: + return CKR_GENERAL_ERROR; /* Internal error*/ + } break; case CKA_ID: check_attribute_buffer(attr, prkey->prv_info->id.len); @@ -2177,8 +2481,17 @@ * on this -- Nils */ case CKA_MODULUS_BITS: check_attribute_buffer(attr, sizeof(CK_ULONG)); - *(CK_ULONG *) attr->pValue = prkey->prv_info->modulus_length; - return CKR_OK; + switch (prkey->prv_p15obj->type) { + case SC_PKCS15_TYPE_PRKEY_EC: + if (key) + *(CK_ULONG *) attr->pValue = key->u.ec.params.field_length; + else + *(CK_ULONG *) attr->pValue = 384; /* TODO -DEE needs work */ + return CKR_OK; + default: + *(CK_ULONG *) attr->pValue = prkey->prv_info->modulus_length; + return CKR_OK; + } case CKA_PUBLIC_EXPONENT: return get_public_exponent(key, attr); case CKA_PRIVATE_EXPONENT: @@ -2194,11 +2507,13 @@ attr->ulValueLen = 0; return CKR_OK; case CKA_GOSTR3410_PARAMS: - if (prkey->prv_info && prkey->prv_info->params_len) - return get_gostr3410_params(prkey->prv_info->params, - prkey->prv_info->params_len, attr); + if (prkey->prv_info && prkey->prv_info->params.len) + return get_gostr3410_params(prkey->prv_info->params.data, + prkey->prv_info->params.len, attr); else return CKR_ATTRIBUTE_TYPE_INVALID; + case CKA_EC_PARAMS: + return get_ec_pubkey_params(key, attr); /* get from pubkey for now */ default: return CKR_ATTRIBUTE_TYPE_INVALID; } @@ -2213,10 +2528,9 @@ { struct pkcs15_prkey_object *prkey = (struct pkcs15_prkey_object *) obj; struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *) ses->slot->card->fw_data; - struct pkcs15_slot_data *data = slot_data(ses->slot->fw_data); int rv, flags = 0; - sc_debug(context, "Initiating signing operation, mechanism 0x%x.\n", + sc_debug(context, SC_LOG_DEBUG_NORMAL, "Initiating signing operation, mechanism 0x%x.\n", pMechanism->mechanism); /* See which of the alternative keys supports signing */ @@ -2260,23 +2574,44 @@ case CKM_GOSTR3410_WITH_GOSTR3411: flags = SC_ALGORITHM_GOSTR3410_HASH_GOSTR3411; break; + case CKM_ECDSA: + flags = SC_ALGORITHM_ECDSA_HASH_NONE; + break; + case CKM_ECDSA_SHA1: + flags = SC_ALGORITHM_ECDSA_HASH_SHA1; + break; +#if 0 + case CKM_ECDSA_SHA224: + flags = SC_ALGORITHM_ECDSA_HASH_SHA224; + break; + case CKM_ECDSA_SHA256: + flags = SC_ALGORITHM_ECDSA_HASH_SHA256; + break; + case CKM_ECDSA_SHA384: + flags = SC_ALGORITHM_ECDSA_HASH_SHA384; + break; + case CKM_ECDSA_SHA512: + flags = SC_ALGORITHM_ECDSA_HASH_SHA512; + break; +#endif default: + sc_debug(context, SC_LOG_DEBUG_NORMAL, "DEE - need EC for %d",pMechanism->mechanism); return CKR_MECHANISM_INVALID; } rv = sc_lock(ses->slot->card->card); if (rv < 0) - return sc_to_cryptoki_error(rv, ses->slot->card->reader); + return sc_to_cryptoki_error(rv, "C_Sign"); if (!sc_pkcs11_conf.lock_login) { rv = reselect_app_df(fw_data->p15_card); if (rv < 0) { sc_unlock(ses->slot->card->card); - return sc_to_cryptoki_error(rv, ses->slot->card->reader); + return sc_to_cryptoki_error(rv, "C_Sign"); } } - sc_debug(context, "Selected flags %X. Now computing signature for %d bytes. %d bytes reserved.\n", flags, ulDataLen, *pulDataLen); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "Selected flags %X. Now computing signature for %d bytes. %d bytes reserved.\n", flags, ulDataLen, *pulDataLen); rv = sc_pkcs15_compute_signature(fw_data->p15_card, prkey->prv_p15obj, flags, @@ -2285,25 +2620,16 @@ pSignature, *pulDataLen); - /* Do we have to try a re-login and then try to sign again? */ - if (rv == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED) { - rv = revalidate_pin(data, ses); - if (rv == 0) - rv = sc_pkcs15_compute_signature(fw_data->p15_card, - prkey->prv_p15obj, flags, pData, ulDataLen, - pSignature, *pulDataLen); - } - sc_unlock(ses->slot->card->card); - sc_debug(context, "Sign complete. Result %d.\n", rv); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "Sign complete. Result %d.\n", rv); if (rv > 0) { *pulDataLen = rv; return CKR_OK; } - return sc_to_cryptoki_error(rv, ses->slot->card->reader); + return sc_to_cryptoki_error(rv, "C_Sign"); } static CK_RV @@ -2314,13 +2640,12 @@ { struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *) ses->slot->card->fw_data; struct pkcs15_prkey_object *prkey; - struct pkcs15_slot_data *data = slot_data(ses->slot->fw_data); - u8 decrypted[256]; + u8 decrypted[256]; /* FIXME: Will not work for keys above 2048 bits */ int buff_too_small, rv, flags = 0; - sc_debug(context, "Initiating unwrap/decryption.\n"); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "Initiating decryption.\n"); - /* See which of the alternative keys supports unwrap/decrypt */ + /* See which of the alternative keys supports decrypt */ prkey = (struct pkcs15_prkey_object *) obj; while (prkey && !(prkey->prv_info->usage @@ -2344,13 +2669,13 @@ rv = sc_lock(ses->slot->card->card); if (rv < 0) - return sc_to_cryptoki_error(rv, ses->slot->card->reader); + return sc_to_cryptoki_error(rv, "C_Decrypt"); if (!sc_pkcs11_conf.lock_login) { rv = reselect_app_df(fw_data->p15_card); if (rv < 0) { sc_unlock(ses->slot->card->card); - return sc_to_cryptoki_error(rv, ses->slot->card->reader); + return sc_to_cryptoki_error(rv, "C_Decrypt"); } } @@ -2358,20 +2683,12 @@ flags, pEncryptedData, ulEncryptedDataLen, decrypted, sizeof(decrypted)); - /* Do we have to try a re-login and then try to decrypt again? */ - if (rv == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED) { - rv = revalidate_pin(data, ses); - if (rv == 0) - rv = sc_pkcs15_decipher(fw_data->p15_card, prkey->prv_p15obj, - flags, pEncryptedData, ulEncryptedDataLen, - decrypted, sizeof(decrypted)); - } sc_unlock(ses->slot->card->card); - sc_debug(context, "Key unwrap/decryption complete. Result %d.\n", rv); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "Decryption complete. Result %d.\n", rv); if (rv < 0) - return sc_to_cryptoki_error(rv, ses->slot->card->reader); + return sc_to_cryptoki_error(rv, "C_Decrypt"); buff_too_small = (*pulDataLen < (CK_ULONG)rv); *pulDataLen = rv; @@ -2384,37 +2701,15 @@ return CKR_OK; } -static CK_RV -pkcs15_prkey_unwrap(struct sc_pkcs11_session *ses, void *obj, - CK_MECHANISM_PTR pMechanism, - CK_BYTE_PTR pData, CK_ULONG ulDataLen, - CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, - void **result) -{ - u8 unwrapped_key[256]; - CK_ULONG key_len = sizeof(unwrapped_key); - int r; - - r = pkcs15_prkey_decrypt(ses, obj, pMechanism, pData, ulDataLen, - unwrapped_key, &key_len); - - if (r < 0) - return sc_to_cryptoki_error(r, ses->slot->card->reader); - return sc_pkcs11_create_secret_key(ses, - unwrapped_key, key_len, - pTemplate, ulAttributeCount, - (struct sc_pkcs11_object **) result); -} - struct sc_pkcs11_object_ops pkcs15_prkey_ops = { pkcs15_prkey_release, pkcs15_prkey_set_attribute, pkcs15_prkey_get_attribute, sc_pkcs11_any_cmp_attribute, - NULL, + pkcs15_any_destroy, NULL, pkcs15_prkey_sign, - pkcs15_prkey_unwrap, + NULL, /* unwrap */ pkcs15_prkey_decrypt }; @@ -2455,6 +2750,8 @@ case CKA_MODULUS_BITS: case CKA_VALUE: case CKA_PUBLIC_EXPONENT: + case CKA_EC_PARAMS: + case CKA_EC_POINT: if (pubkey->pub_data == NULL) /* FIXME: check the return value? */ check_cert_data_read(fw_data, cert); @@ -2506,8 +2803,12 @@ break; case CKA_KEY_TYPE: check_attribute_buffer(attr, sizeof(CK_KEY_TYPE)); + /* TODO: -DEE why would we not have a pubkey->pub_data? */ + /* even if we do not, we should not assume RSA */ if (pubkey->pub_data && pubkey->pub_data->algorithm == SC_ALGORITHM_GOSTR3410) *(CK_KEY_TYPE*)attr->pValue = CKK_GOSTR3410; + else if (pubkey->pub_data && pubkey->pub_data->algorithm == SC_ALGORITHM_EC) + *(CK_KEY_TYPE*)attr->pValue = CKK_EC; else *(CK_KEY_TYPE*)attr->pValue = CKK_RSA; break; @@ -2551,6 +2852,10 @@ return get_public_exponent(pubkey->pub_data, attr); case CKA_VALUE: if (pubkey->pub_data) { + /* TODO: -DEE Not all pubkeys have CKA_VALUE attribute. RSA and EC + * for example don't. So why is this here? + * Why checking for cert in this pkcs15_pubkey_get_attribute? + */ check_attribute_buffer(attr, pubkey->pub_data->data.len); memcpy(attr->pValue, pubkey->pub_data->data.value, pubkey->pub_data->data.len); @@ -2560,11 +2865,16 @@ } break; case CKA_GOSTR3410_PARAMS: - if (pubkey->pub_info && pubkey->pub_info->params_len) - return get_gostr3410_params(pubkey->pub_info->params, - pubkey->pub_info->params_len, attr); + if (pubkey->pub_info && pubkey->pub_info->params.len) + return get_gostr3410_params(pubkey->pub_info->params.data, + pubkey->pub_info->params.len, attr); else return CKR_ATTRIBUTE_TYPE_INVALID; + case CKA_EC_PARAMS: + return get_ec_pubkey_params(pubkey->pub_data, attr); + case CKA_EC_POINT: + return get_ec_pubkey_point(pubkey->pub_data, attr); + default: return CKR_ATTRIBUTE_TYPE_INVALID; } @@ -2577,7 +2887,7 @@ pkcs15_pubkey_set_attribute, pkcs15_pubkey_get_attribute, sc_pkcs11_any_cmp_attribute, - NULL, + pkcs15_any_destroy, NULL, NULL, NULL, @@ -2608,29 +2918,20 @@ int rv; struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *) session->slot->card->fw_data; - struct pkcs15_slot_data *data = slot_data(session->slot->fw_data); sc_card_t *card = session->slot->card->card; - int reader = session->slot->card->reader; if (!out_data) return SC_ERROR_INVALID_ARGUMENTS; rv = sc_lock(card); if (rv < 0) - return sc_to_cryptoki_error(rv, reader); + return sc_to_cryptoki_error(rv, "C_GetAttributeValue"); rv = sc_pkcs15_read_data_object(fw_data->p15_card, dobj->info, out_data); - /* Do we have to try a re-login and then try to sign again? */ - if (rv == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED) { - rv = revalidate_pin(data, session); - if (rv == 0) - rv = sc_pkcs15_read_data_object(fw_data->p15_card, dobj->info, out_data); - } - sc_unlock(card); if (rv < 0) - return sc_to_cryptoki_error(rv, reader); + return sc_to_cryptoki_error(rv, "C_GetAttributeValue"); return rv; } @@ -2640,8 +2941,8 @@ if (!attr || !data) return CKR_ATTRIBUTE_VALUE_INVALID; - sc_debug(context, "data %p\n", data); - sc_debug(context, "data_len %i\n", data->data_len); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "data %p\n", data); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "data_len %i\n", data->data_len); check_attribute_buffer(attr, data->data_len); memcpy(attr->pValue, data->data, data->data_len); @@ -2721,62 +3022,12 @@ return CKR_OK; } -static CK_RV pkcs15_dobj_destroy(struct sc_pkcs11_session *session, void *object) -{ - struct pkcs15_data_object *obj = (struct pkcs15_data_object*) object; - struct sc_pkcs11_card *card = session->slot->card; - struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *) card->fw_data; - struct pkcs15_slot_data *data = slot_data(session->slot->fw_data); - struct sc_profile *profile = NULL; - int reader = session->slot->card->reader; - int rv; - - rv = sc_lock(card->card); - if (rv < 0) - return sc_to_cryptoki_error(rv, card->reader); - - /* Bind the profile */ - rv = sc_pkcs15init_bind(card->card, "pkcs15", NULL, &profile); - if (rv < 0) { - sc_unlock(card->card); - return sc_to_cryptoki_error(rv, card->reader); - } - - /* Add the PINs the user presented so far to the keycache */ - add_pins_to_keycache(card, session->slot); - - /* Delete object in smartcard */ - rv = sc_pkcs15init_delete_object(fw_data->p15_card, profile, obj->base.p15_object); - - /* Do we have to try a re-login and then try to delete again? */ - if (rv == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED) { - rv = revalidate_pin(data, session); - if (rv == 0) - rv = sc_pkcs15init_delete_object(fw_data->p15_card, profile, obj->base.p15_object); - } - if (rv >= 0) { - /* pool_find_and_delete is called, therefore correct refcont - * Oppose to pkcs15_add_object */ - --((struct pkcs15_any_object*)object)->refcount; - /* Delete object in pkcs15 */ - rv = __pkcs15_delete_object(fw_data, (struct pkcs15_any_object*)object); - } - - sc_pkcs15init_unbind(profile); - sc_unlock(card->card); - - if (rv < 0) - return sc_to_cryptoki_error(rv, reader); - - return CKR_OK; -} - struct sc_pkcs11_object_ops pkcs15_dobj_ops = { pkcs15_dobj_release, pkcs15_dobj_set_attribute, pkcs15_dobj_get_attribute, sc_pkcs11_any_cmp_attribute, - pkcs15_dobj_destroy, + pkcs15_any_destroy, NULL, NULL, NULL, @@ -2847,6 +3098,41 @@ } static CK_RV +get_ec_pubkey_params(struct sc_pkcs15_pubkey *key, CK_ATTRIBUTE_PTR attr) +{ + struct sc_ec_params * ecp; + + if (key == NULL) + return CKR_ATTRIBUTE_TYPE_INVALID; + if (key->alg_id == NULL) + return CKR_ATTRIBUTE_TYPE_INVALID; + ecp = (struct sc_ec_params *) key->alg_id->params; + + switch (key->algorithm) { + case SC_ALGORITHM_EC: + check_attribute_buffer(attr, ecp->der_len); + memcpy(attr->pValue, ecp->der, ecp->der_len); + return CKR_OK; + } + return CKR_ATTRIBUTE_TYPE_INVALID; +} + +static CK_RV +get_ec_pubkey_point(struct sc_pkcs15_pubkey *key, CK_ATTRIBUTE_PTR attr) +{ + if (key == NULL) + return CKR_ATTRIBUTE_TYPE_INVALID; + + switch (key->algorithm) { + case SC_ALGORITHM_EC: + check_attribute_buffer(attr, key->u.ec.ecpointQ.len); + memcpy(attr->pValue, key->u.ec.ecpointQ.value, key->u.ec.ecpointQ.len); + return CKR_OK; + } + return CKR_ATTRIBUTE_TYPE_INVALID; +} + +static CK_RV get_gostr3410_params(const u8 *params, size_t params_len, CK_ATTRIBUTE_PTR attr) { size_t i; @@ -2941,72 +3227,15 @@ return CKR_OK; } -static void -cache_pin(void *p, int user, const sc_path_t *path, const void *pin, size_t len) -{ - struct pkcs15_slot_data *data = (struct pkcs15_slot_data *) p; - -#ifdef USE_PKCS15_INIT - if (len == 0) { - sc_keycache_forget_key(path, SC_AC_SYMBOLIC, - user? SC_PKCS15INIT_USER_PIN : SC_PKCS15INIT_SO_PIN); - } -#endif - - if ((user != CKU_SO && user != CKU_USER) || !sc_pkcs11_conf.cache_pins) - return; - /* Don't cache pins related to user_consent objects/slots */ - if (data->user_consent) - return; - - memset(&data->pin[user], 0, sizeof(data->pin[user])); - if (len && len <= MAX_CACHE_PIN) { - memcpy(data->pin[user].value, pin, len); - data->pin[user].len = len; - if (path) - data->pin[user].path = *path; - } -} - -/* TODO: GUI must indicate pinpad revalidation instead of a plain error.*/ -static int -revalidate_pin(struct pkcs15_slot_data *data, struct sc_pkcs11_session *ses) -{ - int rv; - u8 value[MAX_CACHE_PIN]; - - sc_debug(context, "PIN revalidation\n"); - - if (!sc_pkcs11_conf.cache_pins - && !(ses->slot->token_info.flags & CKF_PROTECTED_AUTHENTICATION_PATH)) - return SC_ERROR_SECURITY_STATUS_NOT_SATISFIED; - - if (sc_pkcs11_conf.cache_pins && data->user_consent) - return SC_ERROR_SECURITY_STATUS_NOT_SATISFIED; - - if (ses->slot->token_info.flags & CKF_PROTECTED_AUTHENTICATION_PATH) { - rv = pkcs15_login(ses->slot->card, ses->slot->fw_data, CKU_USER, NULL, 0); - } - else { - memcpy(value, data->pin[CKU_USER].value, data->pin[CKU_USER].len); - rv = pkcs15_login(ses->slot->card, ses->slot->fw_data, CKU_USER, - value, data->pin[CKU_USER].len); - } - - if (rv != CKR_OK) - sc_debug(context, "Re-login failed: 0x%0x (%d)\n", rv, rv); - - return rv; -} - static int register_gost_mechanisms(struct sc_pkcs11_card *p11card, int flags) { CK_MECHANISM_INFO mech_info; sc_pkcs11_mechanism_type_t *mt; int rc; - mech_info.flags = CKF_HW | CKF_SIGN | CKF_UNWRAP | CKF_DECRYPT; + mech_info.flags = CKF_HW | CKF_SIGN | CKF_DECRYPT; #ifdef ENABLE_OPENSSL + /* That practise definitely conflicts with CKF_HW -- andre 2010-11-28 */ mech_info.flags |= CKF_VERIFY; #endif mech_info.ulMinKeySize = SC_PKCS15_GOSTR3410_KEYSIZE; @@ -3033,16 +3262,88 @@ return CKR_OK; } + +static int register_ec_mechanisms(struct sc_pkcs11_card *p11card, int flags, + unsigned long ext_flags, CK_ULONG min_key_size, CK_ULONG max_key_size) +{ + CK_MECHANISM_INFO mech_info; + sc_pkcs11_mechanism_type_t *mt; + CK_FLAGS ec_flags = 0; + int rc; + + if (ext_flags & SC_ALGORITHM_EXT_EC_F_P) + ec_flags |= CKF_EC_F_P; + if (ext_flags & SC_ALGORITHM_EXT_EC_F_2M) + ec_flags |= CKF_EC_F_2M; + if (ext_flags & SC_ALGORITHM_EXT_EC_ECPARAMETERS) + ec_flags |= CKF_EC_ECPARAMETERS; + if (ext_flags & SC_ALGORITHM_EXT_EC_NAMEDCURVE) + ec_flags |= CKF_EC_NAMEDCURVE; + if (ext_flags & SC_ALGORITHM_EXT_EC_UNCOMPRESES) + ec_flags |= CKF_EC_UNCOMPRESES; + if (ext_flags & SC_ALGORITHM_EXT_EC_COMPRESS) + ec_flags |= CKF_EC_COMPRESS; + + mech_info.flags = CKF_HW | CKF_SIGN; /* check for more */ + mech_info.flags |= ec_flags; + mech_info.ulMinKeySize = min_key_size; + mech_info.ulMaxKeySize = max_key_size; + + mt = sc_pkcs11_new_fw_mechanism(CKM_ECDSA, &mech_info, CKK_EC, NULL); + if (!mt) + return CKR_HOST_MEMORY; + rc = sc_pkcs11_register_mechanism(p11card, mt); + if (rc != CKR_OK) + return rc; + +#if ENABLE_OPENSSL + mt = sc_pkcs11_new_fw_mechanism(CKM_ECDSA_SHA1, + &mech_info, CKK_EC, NULL); + if (!mt) + return CKR_HOST_MEMORY; + rc = sc_pkcs11_register_mechanism(p11card, mt); + if (rc != CKR_OK) + return rc; +#endif + if (flags & SC_ALGORITHM_ONBOARD_KEY_GEN) { + mech_info.flags = CKF_HW | CKF_GENERATE_KEY_PAIR; + mech_info.flags |= ec_flags; + mt = sc_pkcs11_new_fw_mechanism(CKM_EC_KEY_PAIR_GEN, &mech_info, CKK_EC, NULL); + if (!mt) + return CKR_HOST_MEMORY; + rc = sc_pkcs11_register_mechanism(p11card, mt); + if (rc != CKR_OK) + return rc; + } + + +#if 0 +/* TODO: -DEE Add CKM_ECDH1_COFACTOR_DERIVE as PIV can do this */ +/* TODO: -DEE But this requires C_DeriveKey to be implemented */ + + mech_info.flags &= ~CKF_SIGN; + mech_info.flags |= CKF_DRIVE; + + sc_pkcs11_new_fw_mechanism(CKM_ECDH1_COFACTOR_DERIVE, + CKM_ECDH1_COFACTOR_DERIVE, NULL); +#endif + + return CKR_OK; +} + + /* * Mechanism handling * FIXME: We should consult the card's algorithm list to * find out what operations it supports */ -static int register_mechanisms(struct sc_pkcs11_card *p11card) +static CK_RV register_mechanisms(struct sc_pkcs11_card *p11card) { sc_card_t *card = p11card->card; sc_algorithm_info_t *alg_info; CK_MECHANISM_INFO mech_info; + CK_ULONG ec_min_key_size, ec_max_key_size; + unsigned long ec_ext_flags; sc_pkcs11_mechanism_type_t *mt; unsigned int num; int rc, flags = 0; @@ -3050,33 +3351,56 @@ /* Register generic mechanisms */ sc_pkcs11_register_generic_mechanisms(p11card); - mech_info.flags = CKF_HW | CKF_SIGN | CKF_UNWRAP | CKF_DECRYPT; + mech_info.flags = CKF_HW | CKF_SIGN | CKF_DECRYPT; #ifdef ENABLE_OPENSSL + /* That practise definitely conflicts with CKF_HW -- andre 2010-11-28 */ mech_info.flags |= CKF_VERIFY; #endif mech_info.ulMinKeySize = ~0; mech_info.ulMaxKeySize = 0; + ec_min_key_size = ~0; + ec_max_key_size = 0; + ec_ext_flags = 0; /* For now, we just OR all the algorithm specific * flags, based on the assumption that cards don't * support different modes for different key sizes + * But we need to do this by type of key as + * each has different min/max and different flags. + * + * TODO: -DEE This code assumed RSA, but the GOST + * and EC code was forced in. There should be a + * routine for each key type. */ num = card->algorithm_count; alg_info = card->algorithms; while (num--) { - if (alg_info->algorithm == SC_ALGORITHM_RSA) { - if (alg_info->key_length < mech_info.ulMinKeySize) - mech_info.ulMinKeySize = alg_info->key_length; - if (alg_info->key_length > mech_info.ulMaxKeySize) - mech_info.ulMaxKeySize = alg_info->key_length; - - flags |= alg_info->flags; + switch (alg_info->algorithm) { + case SC_ALGORITHM_RSA: + if (alg_info->key_length < mech_info.ulMinKeySize) + mech_info.ulMinKeySize = alg_info->key_length; + if (alg_info->key_length > mech_info.ulMaxKeySize) + mech_info.ulMaxKeySize = alg_info->key_length; + flags |= alg_info->flags; + break; + case SC_ALGORITHM_EC: + if (alg_info->key_length < ec_min_key_size) + ec_min_key_size = alg_info->key_length; + if (alg_info->key_length > ec_max_key_size) + ec_max_key_size = alg_info->key_length; + flags |= alg_info->flags; + ec_ext_flags |= alg_info->u._ec.ext_flags; + break; + case SC_ALGORITHM_GOSTR3410: + flags |= alg_info->flags; + break; } - if (alg_info->algorithm == SC_ALGORITHM_GOSTR3410) - flags |= alg_info->flags; alg_info++; } + if (flags & SC_ALGORITHM_ECDSA_RAW) + rc = register_ec_mechanisms(p11card, flags, ec_ext_flags, ec_min_key_size, ec_max_key_size); + if (flags & (SC_ALGORITHM_GOSTR3410_RAW | SC_ALGORITHM_GOSTR3410_HASH_NONE | SC_ALGORITHM_GOSTR3410_HASH_GOSTR3411)) { @@ -3089,8 +3413,7 @@ /* Check if we support raw RSA */ if (flags & SC_ALGORITHM_RSA_RAW) { - mt = sc_pkcs11_new_fw_mechanism(CKM_RSA_X_509, - &mech_info, CKK_RSA, NULL); + mt = sc_pkcs11_new_fw_mechanism(CKM_RSA_X_509, &mech_info, CKK_RSA, NULL); rc = sc_pkcs11_register_mechanism(p11card, mt); if (rc != CKR_OK) return rc; @@ -3098,48 +3421,64 @@ /* If the card supports RAW, it should by all means * have registered everything else, too. If it didn't * we help it a little + * FIXME? This may force us to support these in software */ - flags |= SC_ALGORITHM_RSA_PAD_PKCS1 - |SC_ALGORITHM_RSA_HASHES; + flags |= SC_ALGORITHM_RSA_PAD_PKCS1; +#ifdef ENABLE_OPENSSL + /* all our software hashes are in OpenSSL */ + flags |= SC_ALGORITHM_RSA_HASHES; +#endif } /* Check for PKCS1 */ if (flags & SC_ALGORITHM_RSA_PAD_PKCS1) { - mt = sc_pkcs11_new_fw_mechanism(CKM_RSA_PKCS, - &mech_info, CKK_RSA, NULL); + mt = sc_pkcs11_new_fw_mechanism(CKM_RSA_PKCS, &mech_info, CKK_RSA, NULL); rc = sc_pkcs11_register_mechanism(p11card, mt); if (rc != CKR_OK) return rc; /* if the driver doesn't say what hashes it supports, * claim we will do all of them */ - if (!(flags & SC_ALGORITHM_RSA_HASHES)) + /* FIXME? This may force us to support these in software */ + /* FIXME? and we only do hashes if OpenSSL is enabled */ + if (!(flags & (SC_ALGORITHM_RSA_HASHES|SC_ALGORITHM_RSA_HASH_NONE))) flags |= SC_ALGORITHM_RSA_HASHES; - if (flags & SC_ALGORITHM_RSA_HASH_SHA1) - sc_pkcs11_register_sign_and_hash_mechanism(p11card, - CKM_SHA1_RSA_PKCS, CKM_SHA_1, mt); - if (flags & SC_ALGORITHM_RSA_HASH_MD5) - sc_pkcs11_register_sign_and_hash_mechanism(p11card, - CKM_MD5_RSA_PKCS, CKM_MD5, mt); - if (flags & SC_ALGORITHM_RSA_HASH_RIPEMD160) - sc_pkcs11_register_sign_and_hash_mechanism(p11card, - CKM_RIPEMD160_RSA_PKCS, CKM_RIPEMD160, mt); -#if 0 - /* Does this correspond to any defined CKM_XXX value? */ - if (flags & SC_ALGORITHM_RSA_HASH_MD5_SHA1) - sc_pkcs11_register_sign_and_hash_mechanism(p11card, - CKM_XXX_RSA_PKCS, CKM_XXX, mt); -#endif #ifdef ENABLE_OPENSSL - mech_info.flags = CKF_GENERATE_KEY_PAIR; - mt = sc_pkcs11_new_fw_mechanism(CKM_RSA_PKCS_KEY_PAIR_GEN, - &mech_info, CKK_RSA, NULL); - rc = sc_pkcs11_register_mechanism(p11card, mt); - if (rc != CKR_OK) - return rc; + /* sc_pkcs11_register_sign_and_hash_mechanism expects software hash */ + if (flags & SC_ALGORITHM_RSA_HASH_SHA1) { + rc = sc_pkcs11_register_sign_and_hash_mechanism(p11card, CKM_SHA1_RSA_PKCS, CKM_SHA_1, mt); + if (rc != CKR_OK) + return rc; + } + if (flags & SC_ALGORITHM_RSA_HASH_SHA256) { + rc = sc_pkcs11_register_sign_and_hash_mechanism(p11card, CKM_SHA256_RSA_PKCS, CKM_SHA256, mt); + if (rc != CKR_OK) + return rc; + } + if (flags & SC_ALGORITHM_RSA_HASH_MD5) { + rc = sc_pkcs11_register_sign_and_hash_mechanism(p11card, CKM_MD5_RSA_PKCS, CKM_MD5, mt); + if (rc != CKR_OK) + return rc; + } + if (flags & SC_ALGORITHM_RSA_HASH_RIPEMD160) { + rc = sc_pkcs11_register_sign_and_hash_mechanism(p11card, CKM_RIPEMD160_RSA_PKCS, CKM_RIPEMD160, mt); + if (rc != CKR_OK) + return rc; + } #endif + + if (flags & SC_ALGORITHM_ONBOARD_KEY_GEN) { + mech_info.flags = CKF_GENERATE_KEY_PAIR; + mt = sc_pkcs11_new_fw_mechanism(CKM_RSA_PKCS_KEY_PAIR_GEN, &mech_info, CKK_RSA, NULL); + if (!mt) + return CKR_HOST_MEMORY; + rc = sc_pkcs11_register_mechanism(p11card, mt); + if (rc != CKR_OK) + return rc; + } } + return CKR_OK; } @@ -3148,7 +3487,7 @@ int rc; if ((rc = sc_lock(fw_data->p15_card->card)) < 0) - sc_debug(context, "Failed to lock card (%d)\n", rc); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "Failed to lock card (%d)\n", rc); else fw_data->locked++; @@ -3164,43 +3503,6 @@ return 0; } -/* Add the PINs the user presented so far. Some initialization routines - * need to present these PINs again because some card operations may - * clobber the authentication state (the GPK for instance). */ -static void -add_pins_to_keycache(struct sc_pkcs11_card *p11card, - struct sc_pkcs11_slot *slot) -{ -#ifdef USE_PKCS15_INIT - struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *) p11card->fw_data; - struct sc_pkcs15_card *p15card = fw_data->p15_card; - struct pkcs15_slot_data *p15_data = slot_data(slot->fw_data); - struct sc_pkcs15_pin_info *pin_info; - - if (p15_data->pin[CKU_SO].len) { - struct sc_pkcs15_object *auth_object; - int rc = sc_pkcs15_find_so_pin(p15card, &auth_object); - if (rc >= 0) { - pin_info = (struct sc_pkcs15_pin_info *) auth_object->data; - sc_keycache_put_key(&p15_data->pin[CKU_SO].path, - SC_AC_SYMBOLIC, SC_PKCS15INIT_SO_PIN, - p15_data->pin[CKU_SO].value, p15_data->pin[CKU_SO].len); - sc_keycache_set_pin_name(&pin_info->path, pin_info->reference, - SC_PKCS15INIT_SO_PIN); - } - } - if (p15_data->pin[CKU_USER].len) { - pin_info = slot_data_pin_info(slot->fw_data); - if (pin_info != NULL) { - sc_keycache_put_key(&p15_data->pin[CKU_USER].path, - SC_AC_SYMBOLIC, SC_PKCS15INIT_USER_PIN, - p15_data->pin[CKU_USER].value, p15_data->pin[CKU_USER].len); - sc_keycache_set_pin_name(&pin_info->path, pin_info->reference, - SC_PKCS15INIT_USER_PIN); - } - } -#endif -} static int reselect_app_df(sc_pkcs15_card_t *p15card) { @@ -3210,7 +3512,7 @@ /* if the application df (of the pkcs15 application) is * specified select it */ sc_path_t *tpath = &p15card->file_app->path; - sc_debug(p15card->card->ctx, "reselect application df\n"); + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "reselect application df\n"); r = sc_select_file(p15card->card, tpath, NULL); } return r; diff -Nru opensc-0.11.13/src/pkcs11/framework-pkcs15init.c opensc-0.12.1/src/pkcs11/framework-pkcs15init.c --- opensc-0.11.13/src/pkcs11/framework-pkcs15init.c 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/pkcs11/framework-pkcs15init.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,11 +18,14 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +#include "config.h" + #include #include + #include "sc-pkcs11.h" #ifdef USE_PKCS15_INIT -#include "opensc/pkcs15-init.h" +#include "pkcs15init/pkcs15-init.h" /* * Deal with uninitialized cards @@ -33,12 +36,10 @@ struct sc_profile *profile; int rc; - sc_ctx_suppress_errors_on(card->ctx); rc = sc_pkcs15init_bind(card, "pkcs15", NULL, &profile); - sc_ctx_suppress_errors_off(card->ctx); if (rc == 0) p11card->fw_data = profile; - return sc_to_cryptoki_error(rc, p11card->reader); + return sc_to_cryptoki_error(rc, NULL); } static CK_RV pkcs15init_unbind(struct sc_pkcs11_card *p11card) @@ -54,15 +55,15 @@ { struct sc_profile *profile; struct sc_pkcs11_slot *slot; + int rc; profile = (struct sc_profile *) p11card->fw_data; - while (slot_allocate(&slot, p11card) == CKR_OK) { + + rc = slot_allocate(&slot, p11card); + if (rc == CKR_OK) { CK_TOKEN_INFO_PTR pToken = &slot->token_info; const char *string; - if (sc_pkcs11_conf.hide_empty_tokens) - continue; - slot->slot_info.flags |= CKF_TOKEN_PRESENT; strcpy_bp(pToken->model, "PKCS #15 SCard", 16); @@ -98,7 +99,7 @@ } static CK_RV -pkcs15init_login(struct sc_pkcs11_card *p11card, void *ptr, +pkcs15init_login(struct sc_pkcs11_slot *slot, CK_USER_TYPE user, CK_CHAR_PTR pin, CK_ULONG pinLength) { return CKR_CRYPTOKI_NOT_INITIALIZED; @@ -111,7 +112,7 @@ } static CK_RV -pkcs15init_change_pin(struct sc_pkcs11_card *p11card, void *ptr, +pkcs15init_change_pin(struct sc_pkcs11_card *p11card, void *ptr, int login_user, CK_CHAR_PTR oldPin, CK_ULONG oldPinLength, CK_CHAR_PTR newPin, CK_ULONG newPinLength) { @@ -136,7 +137,7 @@ args.label = (const char *) pLabel; rc = sc_pkcs15init_add_app(p11card->card, profile, &args); if (rc < 0) - return sc_to_cryptoki_error(rc, p11card->reader); + return sc_to_cryptoki_error(rc, NULL); /* Change the binding from the pkcs15init framework * to the pkcs15 framework on the fly. @@ -176,15 +177,24 @@ NULL, /* init_pin */ NULL, /* create_object */ NULL, /* gen_keypair */ - NULL, /* seed_random */ - NULL, /* get_random */ + NULL /* get_random */ }; #else /* ifdef USE_PKCS15_INIT */ struct sc_pkcs11_framework_ops framework_pkcs15init = { - NULL, - NULL, + NULL, /* bind */ + NULL, /* unbind */ + NULL, /* create_tokens */ + NULL, /* release_tokens */ + NULL, /* login */ + NULL, /* logout */ + NULL, /* change_pin */ + NULL, /* inti_token */ + NULL, /* init_pin */ + NULL, /* create_object */ + NULL, /* gen_keypair */ + NULL /* get_random */ }; #endif diff -Nru opensc-0.11.13/src/pkcs11/libpkcs11.c opensc-0.12.1/src/pkcs11/libpkcs11.c --- opensc-0.11.13/src/pkcs11/libpkcs11.c 2009-12-13 07:44:41.000000000 +0000 +++ opensc-0.12.1/src/pkcs11/libpkcs11.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,84 +0,0 @@ -/* - * Convenience pkcs11 library that can be linked into an application, - * and will bind to a specific pkcs11 module. - * - * Copyright (C) 2002 Olaf Kirch - */ - -#ifdef HAVE_CONFIG_H -#include -#endif -#include "sc-pkcs11.h" -#include -#include -#include -#include - -#define MAGIC 0xd00bed00 - -struct sc_pkcs11_module { - unsigned int _magic; - lt_dlhandle handle; -}; -typedef struct sc_pkcs11_module sc_pkcs11_module_t; - -/* - * Load a module - this will load the shared object, call - * C_Initialize, and get the list of function pointers - */ -void * -C_LoadModule(const char *mspec, CK_FUNCTION_LIST_PTR_PTR funcs) -{ - sc_pkcs11_module_t *mod; - CK_RV (*c_get_function_list)(CK_FUNCTION_LIST_PTR_PTR); - int rv; - - lt_dlinit(); - - mod = (sc_pkcs11_module_t *) calloc(1, sizeof(*mod)); - mod->_magic = MAGIC; - - if (mspec == NULL) - mspec = PKCS11_DEFAULT_MODULE_NAME; - mod->handle = lt_dlopen(mspec); - if (mod->handle == NULL) { -#if 0 - fprintf(stderr, "lt_dlopen failed: %s\n", lt_dlerror()); -#endif - goto failed; - } - - /* Get the list of function pointers */ - c_get_function_list = (CK_RV (*)(CK_FUNCTION_LIST_PTR_PTR)) - lt_dlsym(mod->handle, "C_GetFunctionList"); - if (!c_get_function_list) - goto failed; - rv = c_get_function_list(funcs); - if (rv == CKR_OK) - return (void *) mod; - -failed: - C_UnloadModule((void *) mod); - return NULL; -} - -/* - * Unload a pkcs11 module. - * The calling application is responsible for cleaning up - * and calling C_Finalize - */ -CK_RV -C_UnloadModule(void *module) -{ - sc_pkcs11_module_t *mod = (sc_pkcs11_module_t *) module; - - if (!mod || mod->_magic != MAGIC) - return CKR_ARGUMENTS_BAD; - - if (lt_dlclose(mod->handle) < 0) - return CKR_FUNCTION_FAILED; - - memset(mod, 0, sizeof(*mod)); - free(mod); - return CKR_OK; -} diff -Nru opensc-0.11.13/src/pkcs11/Makefile.am opensc-0.12.1/src/pkcs11/Makefile.am --- opensc-0.11.13/src/pkcs11/Makefile.am 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/pkcs11/Makefile.am 2011-05-17 17:07:00.000000000 +0000 @@ -1,28 +1,22 @@ include $(top_srcdir)/win32/ltrc.inc -MAINTAINERCLEANFILES = \ - $(srcdir)/Makefile.in $(srcdir)/versioninfo.rc -CLEANFILES = versioninfo.rc +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in EXTRA_DIST = Makefile.mak dist_noinst_SCRIPTS = opensc_pkcs11_install.js -openscinclude_HEADERS = pkcs11.h pkcs11-opensc.h lib_LTLIBRARIES = opensc-pkcs11.la pkcs11-spy.la onepin-opensc-pkcs11.la -noinst_LTLIBRARIES = libpkcs11.la -AM_CFLAGS = $(OPTIONAL_OPENSSL_CFLAGS) $(LTLIB_CFLAGS) $(PTHREAD_CFLAGS) -INCLUDES = -I$(top_srcdir)/src/pkcs15init -I$(top_builddir)/src/include +AM_CFLAGS = $(OPTIONAL_OPENSSL_CFLAGS) $(PTHREAD_CFLAGS) +INCLUDES = -I$(top_srcdir)/src -OPENSC_PKCS11_INC = sc-pkcs11.h +OPENSC_PKCS11_INC = sc-pkcs11.h pkcs11.h pkcs11-opensc.h OPENSC_PKCS11_SRC = pkcs11-global.c pkcs11-session.c pkcs11-object.c misc.c slot.c \ - mechanism.c openssl.c secretkey.c framework-pkcs15.c \ - framework-pkcs15init.c debug.c opensc-pkcs11.exports -OPENSC_PKCS11_LIBS = $(OPTIONAL_OPENSSL_LIBS) $(PTHREAD_LIBS) \ - $(top_builddir)/src/pkcs15init/libpkcs15init.la \ - $(top_builddir)/src/libopensc/libopensc.la \ - $(top_builddir)/src/scconf/libscconf.la - -libpkcs11_la_SOURCES = libpkcs11.c + mechanism.c openssl.c framework-pkcs15.c \ + framework-pkcs15init.c debug.c opensc-pkcs11.exports \ + pkcs11-display.c pkcs11-display.h +OPENSC_PKCS11_LIBS = $(OPTIONAL_OPENSSL_LIBS) $(PTHREAD_LIBS) $(LTLIB_LIBS) \ + $(top_builddir)/src/common/libcompat.la \ + $(top_builddir)/src/libopensc/libopensc.la opensc_pkcs11_la_SOURCES = $(OPENSC_PKCS11_SRC) $(OPENSC_PKCS11_INC) hack-disabled.c opensc_pkcs11_la_LIBADD = $(OPENSC_PKCS11_LIBS) @@ -37,17 +31,15 @@ -module -shared -avoid-version -no-undefined pkcs11_spy_la_SOURCES = pkcs11-spy.c pkcs11-display.c pkcs11-display.h pkcs11-spy.exports -pkcs11_spy_la_LIBADD = $(OPTIONAL_OPENSSL_LIBS) $(LTLIB_LIBS) libpkcs11.la +pkcs11_spy_la_LIBADD = $(OPTIONAL_OPENSSL_LIBS) $(LTLIB_LIBS) $(top_builddir)/src/common/libpkcs11.la pkcs11_spy_la_LDFLAGS = $(AM_LDFLAGS) \ -export-symbols "$(srcdir)/pkcs11-spy.exports" \ -module -shared -avoid-version -no-undefined if WIN32 -opensc_pkcs11_la_SOURCES += versioninfo.rc -onepin_opensc_pkcs11_la_SOURCES += versioninfo.rc -pkcs11_spy_la_SOURCES += versioninfo.rc -else -dist_noinst_DATA = versioninfo.rc +opensc_pkcs11_la_SOURCES += $(top_builddir)/win32/versioninfo.rc +onepin_opensc_pkcs11_la_SOURCES += $(top_builddir)/win32/versioninfo.rc +pkcs11_spy_la_SOURCES += $(top_builddir)/win32/versioninfo.rc endif jar-dir: @@ -79,7 +71,3 @@ done endif - -versioninfo.rc: - sed 's/@@FILE_DESCRIPTION@@/OpenSC PKCS#11 Provider/g' \ - "$(top_builddir)/win32/versioninfo.rc.in" > versioninfo.rc diff -Nru opensc-0.11.13/src/pkcs11/Makefile.in opensc-0.12.1/src/pkcs11/Makefile.in --- opensc-0.11.13/src/pkcs11/Makefile.in 2010-02-16 09:32:18.000000000 +0000 +++ opensc-0.12.1/src/pkcs11/Makefile.in 2011-05-18 05:51:48.000000000 +0000 @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -19,7 +19,6 @@ - VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ @@ -39,19 +38,17 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -DIST_COMMON = $(am__dist_noinst_DATA_DIST) $(dist_noinst_SCRIPTS) \ - $(openscinclude_HEADERS) $(srcdir)/Makefile.am \ +DIST_COMMON = $(dist_noinst_SCRIPTS) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in $(top_srcdir)/win32/ltrc.inc -@WIN32_TRUE@am__append_1 = versioninfo.rc -@WIN32_TRUE@am__append_2 = versioninfo.rc -@WIN32_TRUE@am__append_3 = versioninfo.rc +@WIN32_TRUE@am__append_1 = $(top_builddir)/win32/versioninfo.rc +@WIN32_TRUE@am__append_2 = $(top_builddir)/win32/versioninfo.rc +@WIN32_TRUE@am__append_3 = $(top_builddir)/win32/versioninfo.rc subdir = src/pkcs11 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/acx_pthread.m4 \ - $(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.ac + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d @@ -79,28 +76,25 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(pkcs11dir)" \ - "$(DESTDIR)$(openscincludedir)" -LTLIBRARIES = $(lib_LTLIBRARIES) $(noinst_LTLIBRARIES) -libpkcs11_la_LIBADD = -am_libpkcs11_la_OBJECTS = libpkcs11.lo -libpkcs11_la_OBJECTS = $(am_libpkcs11_la_OBJECTS) +am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(pkcs11dir)" +LTLIBRARIES = $(lib_LTLIBRARIES) am__DEPENDENCIES_1 = am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(top_builddir)/src/pkcs15init/libpkcs15init.la \ - $(top_builddir)/src/libopensc/libopensc.la \ - $(top_builddir)/src/scconf/libscconf.la + $(am__DEPENDENCIES_1) $(top_builddir)/src/common/libcompat.la \ + $(top_builddir)/src/libopensc/libopensc.la onepin_opensc_pkcs11_la_DEPENDENCIES = $(am__DEPENDENCIES_2) am__onepin_opensc_pkcs11_la_SOURCES_DIST = pkcs11-global.c \ pkcs11-session.c pkcs11-object.c misc.c slot.c mechanism.c \ - openssl.c secretkey.c framework-pkcs15.c \ - framework-pkcs15init.c debug.c opensc-pkcs11.exports \ - sc-pkcs11.h hack-enabled.c versioninfo.rc + openssl.c framework-pkcs15.c framework-pkcs15init.c debug.c \ + opensc-pkcs11.exports pkcs11-display.c pkcs11-display.h \ + sc-pkcs11.h pkcs11.h pkcs11-opensc.h hack-enabled.c \ + $(top_builddir)/win32/versioninfo.rc am__objects_1 = pkcs11-global.lo pkcs11-session.lo pkcs11-object.lo \ - misc.lo slot.lo mechanism.lo openssl.lo secretkey.lo \ - framework-pkcs15.lo framework-pkcs15init.lo debug.lo + misc.lo slot.lo mechanism.lo openssl.lo framework-pkcs15.lo \ + framework-pkcs15init.lo debug.lo pkcs11-display.lo am__objects_2 = -@WIN32_TRUE@am__objects_3 = versioninfo.lo +am__dirstamp = $(am__leading_dot)dirstamp +@WIN32_TRUE@am__objects_3 = $(top_builddir)/win32/versioninfo.lo am_onepin_opensc_pkcs11_la_OBJECTS = $(am__objects_1) $(am__objects_2) \ hack-enabled.lo $(am__objects_3) onepin_opensc_pkcs11_la_OBJECTS = \ @@ -111,9 +105,10 @@ opensc_pkcs11_la_DEPENDENCIES = $(am__DEPENDENCIES_2) am__opensc_pkcs11_la_SOURCES_DIST = pkcs11-global.c pkcs11-session.c \ pkcs11-object.c misc.c slot.c mechanism.c openssl.c \ - secretkey.c framework-pkcs15.c framework-pkcs15init.c debug.c \ - opensc-pkcs11.exports sc-pkcs11.h hack-disabled.c \ - versioninfo.rc + framework-pkcs15.c framework-pkcs15init.c debug.c \ + opensc-pkcs11.exports pkcs11-display.c pkcs11-display.h \ + sc-pkcs11.h pkcs11.h pkcs11-opensc.h hack-disabled.c \ + $(top_builddir)/win32/versioninfo.rc am_opensc_pkcs11_la_OBJECTS = $(am__objects_1) $(am__objects_2) \ hack-disabled.lo $(am__objects_3) opensc_pkcs11_la_OBJECTS = $(am_opensc_pkcs11_la_OBJECTS) @@ -121,9 +116,10 @@ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(opensc_pkcs11_la_LDFLAGS) $(LDFLAGS) -o $@ pkcs11_spy_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) libpkcs11.la + $(am__DEPENDENCIES_1) $(top_builddir)/src/common/libpkcs11.la am__pkcs11_spy_la_SOURCES_DIST = pkcs11-spy.c pkcs11-display.c \ - pkcs11-display.h pkcs11-spy.exports versioninfo.rc + pkcs11-display.h pkcs11-spy.exports \ + $(top_builddir)/win32/versioninfo.rc am_pkcs11_spy_la_OBJECTS = pkcs11-spy.lo pkcs11-display.lo \ $(am__objects_3) pkcs11_spy_la_OBJECTS = $(am_pkcs11_spy_la_OBJECTS) @@ -144,15 +140,12 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ -SOURCES = $(libpkcs11_la_SOURCES) $(onepin_opensc_pkcs11_la_SOURCES) \ +SOURCES = $(onepin_opensc_pkcs11_la_SOURCES) \ $(opensc_pkcs11_la_SOURCES) $(pkcs11_spy_la_SOURCES) -DIST_SOURCES = $(libpkcs11_la_SOURCES) \ - $(am__onepin_opensc_pkcs11_la_SOURCES_DIST) \ +DIST_SOURCES = $(am__onepin_opensc_pkcs11_la_SOURCES_DIST) \ $(am__opensc_pkcs11_la_SOURCES_DIST) \ $(am__pkcs11_spy_la_SOURCES_DIST) -am__dist_noinst_DATA_DIST = versioninfo.rc -DATA = $(dist_noinst_DATA) $(pkcs11_DATA) -HEADERS = $(openscinclude_HEADERS) +DATA = $(pkcs11_DATA) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -183,8 +176,6 @@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ -ICONV_CFLAGS = @ICONV_CFLAGS@ -ICONV_LIBS = @ICONV_LIBS@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ @@ -192,10 +183,8 @@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LD = @LD@ LDFLAGS = @LDFLAGS@ -LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@ -LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@ -LIBASSUAN_LIBS = @LIBASSUAN_LIBS@ LIBOBJS = @LIBOBJS@ +LIBRARY_BITNESS = @LIBRARY_BITNESS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ @@ -220,8 +209,6 @@ OPENSC_VERSION_MINOR = @OPENSC_VERSION_MINOR@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ -OPTIONAL_ICONV_CFLAGS = @OPTIONAL_ICONV_CFLAGS@ -OPTIONAL_ICONV_LIBS = @OPTIONAL_ICONV_LIBS@ OPTIONAL_OPENCT_CFLAGS = @OPTIONAL_OPENCT_CFLAGS@ OPTIONAL_OPENCT_LIBS = @OPTIONAL_OPENCT_LIBS@ OPTIONAL_OPENSSL_CFLAGS = @OPTIONAL_OPENSSL_CFLAGS@ @@ -244,6 +231,8 @@ PCSC_CFLAGS = @PCSC_CFLAGS@ PCSC_LIBS = @PCSC_LIBS@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ @@ -256,10 +245,7 @@ SHELL = @SHELL@ STRIP = @STRIP@ SVN = @SVN@ -TR = @TR@ VERSION = @VERSION@ -WGET = @WGET@ -WGET_OPTS = @WGET_OPTS@ WIN_LIBPREFIX = @WIN_LIBPREFIX@ XSLTPROC = @XSLTPROC@ ZLIB_CFLAGS = @ZLIB_CFLAGS@ @@ -305,11 +291,8 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ -openscincludedir = @openscincludedir@ pdfdir = @pdfdir@ pkcs11dir = @pkcs11dir@ -pkgconfigdir = @pkgconfigdir@ -plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -326,28 +309,22 @@ $(AM_CPPFLAGS) $(CPPFLAGS) LTRCCOMPILE = $(LIBTOOL) --mode=compile --tag=RC $(RCCOMPILE) -MAINTAINERCLEANFILES = \ - $(srcdir)/Makefile.in $(srcdir)/versioninfo.rc - -CLEANFILES = versioninfo.rc +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in EXTRA_DIST = Makefile.mak dist_noinst_SCRIPTS = opensc_pkcs11_install.js -openscinclude_HEADERS = pkcs11.h pkcs11-opensc.h lib_LTLIBRARIES = opensc-pkcs11.la pkcs11-spy.la onepin-opensc-pkcs11.la -noinst_LTLIBRARIES = libpkcs11.la -AM_CFLAGS = $(OPTIONAL_OPENSSL_CFLAGS) $(LTLIB_CFLAGS) $(PTHREAD_CFLAGS) -INCLUDES = -I$(top_srcdir)/src/pkcs15init -I$(top_builddir)/src/include -OPENSC_PKCS11_INC = sc-pkcs11.h +AM_CFLAGS = $(OPTIONAL_OPENSSL_CFLAGS) $(PTHREAD_CFLAGS) +INCLUDES = -I$(top_srcdir)/src +OPENSC_PKCS11_INC = sc-pkcs11.h pkcs11.h pkcs11-opensc.h OPENSC_PKCS11_SRC = pkcs11-global.c pkcs11-session.c pkcs11-object.c misc.c slot.c \ - mechanism.c openssl.c secretkey.c framework-pkcs15.c \ - framework-pkcs15init.c debug.c opensc-pkcs11.exports + mechanism.c openssl.c framework-pkcs15.c \ + framework-pkcs15init.c debug.c opensc-pkcs11.exports \ + pkcs11-display.c pkcs11-display.h -OPENSC_PKCS11_LIBS = $(OPTIONAL_OPENSSL_LIBS) $(PTHREAD_LIBS) \ - $(top_builddir)/src/pkcs15init/libpkcs15init.la \ - $(top_builddir)/src/libopensc/libopensc.la \ - $(top_builddir)/src/scconf/libscconf.la +OPENSC_PKCS11_LIBS = $(OPTIONAL_OPENSSL_LIBS) $(PTHREAD_LIBS) $(LTLIB_LIBS) \ + $(top_builddir)/src/common/libcompat.la \ + $(top_builddir)/src/libopensc/libopensc.la -libpkcs11_la_SOURCES = libpkcs11.c opensc_pkcs11_la_SOURCES = $(OPENSC_PKCS11_SRC) $(OPENSC_PKCS11_INC) \ hack-disabled.c $(am__append_1) opensc_pkcs11_la_LIBADD = $(OPENSC_PKCS11_LIBS) @@ -364,12 +341,11 @@ pkcs11_spy_la_SOURCES = pkcs11-spy.c pkcs11-display.c pkcs11-display.h \ pkcs11-spy.exports $(am__append_3) -pkcs11_spy_la_LIBADD = $(OPTIONAL_OPENSSL_LIBS) $(LTLIB_LIBS) libpkcs11.la +pkcs11_spy_la_LIBADD = $(OPTIONAL_OPENSSL_LIBS) $(LTLIB_LIBS) $(top_builddir)/src/common/libpkcs11.la pkcs11_spy_la_LDFLAGS = $(AM_LDFLAGS) \ -export-symbols "$(srcdir)/pkcs11-spy.exports" \ -module -shared -avoid-version -no-undefined -@WIN32_FALSE@dist_noinst_DATA = versioninfo.rc # see http://wiki.cacert.org/wiki/Pkcs11TaskForce @WIN32_FALSE@pkcs11_DATA = #This will create the directory @CYGWIN_FALSE@@WIN32_FALSE@PKCS11_SUFFIX = .so @@ -387,9 +363,9 @@ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/pkcs11/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/pkcs11/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/pkcs11/Makefile + $(AUTOMAKE) --foreign src/pkcs11/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -439,17 +415,15 @@ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done - -clean-noinstLTLIBRARIES: - -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) - @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ - dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ - test "$$dir" != "$$p" || dir=.; \ - echo "rm -f \"$${dir}/so_locations\""; \ - rm -f "$${dir}/so_locations"; \ - done -libpkcs11.la: $(libpkcs11_la_OBJECTS) $(libpkcs11_la_DEPENDENCIES) - $(LINK) $(libpkcs11_la_OBJECTS) $(libpkcs11_la_LIBADD) $(LIBS) +$(top_builddir)/win32/$(am__dirstamp): + @$(MKDIR_P) $(top_builddir)/win32 + @: > $(top_builddir)/win32/$(am__dirstamp) +$(top_builddir)/win32/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) $(top_builddir)/win32/$(DEPDIR) + @: > $(top_builddir)/win32/$(DEPDIR)/$(am__dirstamp) +$(top_builddir)/win32/versioninfo.lo: \ + $(top_builddir)/win32/$(am__dirstamp) \ + $(top_builddir)/win32/$(DEPDIR)/$(am__dirstamp) onepin-opensc-pkcs11.la: $(onepin_opensc_pkcs11_la_OBJECTS) $(onepin_opensc_pkcs11_la_DEPENDENCIES) $(onepin_opensc_pkcs11_la_LINK) -rpath $(libdir) $(onepin_opensc_pkcs11_la_OBJECTS) $(onepin_opensc_pkcs11_la_LIBADD) $(LIBS) opensc-pkcs11.la: $(opensc_pkcs11_la_OBJECTS) $(opensc_pkcs11_la_DEPENDENCIES) @@ -459,6 +433,8 @@ mostlyclean-compile: -rm -f *.$(OBJEXT) + -rm -f $(top_builddir)/win32/versioninfo.$(OBJEXT) + -rm -f $(top_builddir)/win32/versioninfo.lo distclean-compile: -rm -f *.tab.c @@ -468,7 +444,6 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/framework-pkcs15init.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hack-disabled.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hack-enabled.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpkcs11.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mechanism.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/misc.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openssl.Plo@am__quote@ @@ -477,7 +452,6 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11-object.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11-session.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11-spy.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/secretkey.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/slot.Plo@am__quote@ .c.o: @@ -505,6 +479,7 @@ -rm -f *.lo clean-libtool: + -rm -rf $(top_builddir)/win32/.libs $(top_builddir)/win32/_libs -rm -rf .libs _libs install-pkcs11DATA: $(pkcs11_DATA) @$(NORMAL_INSTALL) @@ -526,26 +501,6 @@ test -n "$$files" || exit 0; \ echo " ( cd '$(DESTDIR)$(pkcs11dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(pkcs11dir)" && rm -f $$files -install-openscincludeHEADERS: $(openscinclude_HEADERS) - @$(NORMAL_INSTALL) - test -z "$(openscincludedir)" || $(MKDIR_P) "$(DESTDIR)$(openscincludedir)" - @list='$(openscinclude_HEADERS)'; test -n "$(openscincludedir)" || list=; \ - for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; \ - done | $(am__base_list) | \ - while read files; do \ - echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(openscincludedir)'"; \ - $(INSTALL_HEADER) $$files "$(DESTDIR)$(openscincludedir)" || exit $$?; \ - done - -uninstall-openscincludeHEADERS: - @$(NORMAL_UNINSTALL) - @list='$(openscinclude_HEADERS)'; test -n "$(openscincludedir)" || list=; \ - files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ - test -n "$$files" || exit 0; \ - echo " ( cd '$(DESTDIR)$(openscincludedir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(openscincludedir)" && rm -f $$files ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ @@ -631,9 +586,9 @@ done check-am: all-am check: check-am -all-am: Makefile $(LTLIBRARIES) $(SCRIPTS) $(DATA) $(HEADERS) +all-am: Makefile $(LTLIBRARIES) $(SCRIPTS) $(DATA) installdirs: - for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(pkcs11dir)" "$(DESTDIR)$(openscincludedir)"; do \ + for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(pkcs11dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am @@ -653,11 +608,12 @@ mostlyclean-generic: clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -test -z "$(top_builddir)/win32/$(DEPDIR)/$(am__dirstamp)" || rm -f $(top_builddir)/win32/$(DEPDIR)/$(am__dirstamp) + -test -z "$(top_builddir)/win32/$(am__dirstamp)" || rm -f $(top_builddir)/win32/$(am__dirstamp) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -666,7 +622,7 @@ clean: clean-am clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ - clean-noinstLTLIBRARIES mostlyclean-am + mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -686,7 +642,7 @@ info-am: -install-data-am: install-openscincludeHEADERS install-pkcs11DATA +install-data-am: install-pkcs11DATA install-dvi: install-dvi-am @@ -733,26 +689,23 @@ ps-am: -uninstall-am: uninstall-libLTLIBRARIES uninstall-openscincludeHEADERS \ - uninstall-pkcs11DATA +uninstall-am: uninstall-libLTLIBRARIES uninstall-pkcs11DATA .MAKE: install-am install-exec-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libLTLIBRARIES clean-libtool clean-noinstLTLIBRARIES \ - ctags distclean distclean-compile distclean-generic \ - distclean-libtool distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-exec-hook install-html install-html-am \ - install-info install-info-am install-libLTLIBRARIES \ - install-man install-openscincludeHEADERS install-pdf \ - install-pdf-am install-pkcs11DATA install-ps install-ps-am \ - install-strip installcheck installcheck-am installdirs \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ - pdf pdf-am ps ps-am tags uninstall uninstall-am \ - uninstall-libLTLIBRARIES uninstall-openscincludeHEADERS \ + clean-libLTLIBRARIES clean-libtool ctags distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-exec-hook \ + install-html install-html-am install-info install-info-am \ + install-libLTLIBRARIES install-man install-pdf install-pdf-am \ + install-pkcs11DATA install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-libLTLIBRARIES \ uninstall-pkcs11DATA @@ -781,10 +734,6 @@ @WIN32_FALSE@ $(LN_S) ../$$l "$(DESTDIR)$(pkcs11dir)/$$l"; \ @WIN32_FALSE@ done -versioninfo.rc: - sed 's/@@FILE_DESCRIPTION@@/OpenSC PKCS#11 Provider/g' \ - "$(top_builddir)/win32/versioninfo.rc.in" > versioninfo.rc - # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff -Nru opensc-0.11.13/src/pkcs11/Makefile.mak opensc-0.12.1/src/pkcs11/Makefile.mak --- opensc-0.11.13/src/pkcs11/Makefile.mak 2009-12-13 09:14:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs11/Makefile.mak 2011-05-17 17:07:00.000000000 +0000 @@ -1,22 +1,17 @@ TOPDIR = ..\.. -HEADERS = pkcs11-opensc.h pkcs11.h sc-pkcs11.h - -HEADERSDIR = $(TOPDIR)\src\include\opensc - TARGET0 = onepin-opensc-pkcs11.dll TARGET = opensc-pkcs11.dll -TARGET2 = libpkcs11.lib TARGET3 = pkcs11-spy.dll OBJECTS = pkcs11-global.obj pkcs11-session.obj pkcs11-object.obj misc.obj slot.obj \ - mechanism.obj openssl.obj secretkey.obj framework-pkcs15.obj \ - framework-pkcs15init.obj debug.obj \ - versioninfo.res -OBJECTS2 = libpkcs11.obj versioninfo.res -OBJECTS3 = pkcs11-spy.obj pkcs11-display.obj libpkcs11.obj versioninfo.res + mechanism.obj openssl.obj framework-pkcs15.obj \ + framework-pkcs15init.obj debug.obj pkcs11-display.obj \ + $(TOPDIR)\win32\versioninfo.res +OBJECTS3 = pkcs11-spy.obj pkcs11-display.obj \ + $(TOPDIR)\win32\versioninfo.res -all: install-headers $(TARGET0) $(TARGET) $(TARGET2) $(TARGET3) +all: $(TOPDIR)\win32\versioninfo.res $(TARGET0) $(TARGET) $(TARGET3) !INCLUDE $(TOPDIR)\win32\Make.rules.mak @@ -24,22 +19,19 @@ echo LIBRARY $* > $*.def echo EXPORTS >> $*.def type opensc-pkcs11.exports >> $*.def - link $(LINKFLAGS) /dll /def:$*.def /implib:$*.lib /out:$(TARGET0) $(OBJECTS) hack-enabled.obj ..\libopensc\opensc.lib ..\scconf\scconf.lib ..\pkcs15init\pkcs15init.lib ..\common\common.lib winscard.lib $(OPENSSL_LIB) $(LIBLTDL) gdi32.lib + link $(LINKFLAGS) /dll /def:$*.def /implib:$*.lib /out:$(TARGET0) $(OBJECTS) hack-enabled.obj ..\libopensc\opensc.lib ..\scconf\scconf.lib ..\pkcs15init\pkcs15init.lib ..\common\common.lib $(OPENSSL_LIB) gdi32.lib if EXIST $(TARGET0).manifest mt -manifest $(TARGET0).manifest -outputresource:$(TARGET0);2 $(TARGET): $(OBJECTS) hack-disabled.obj ..\libopensc\opensc.lib ..\scconf\scconf.lib ..\pkcs15init\pkcs15init.lib ..\common\common.lib echo LIBRARY $* > $*.def echo EXPORTS >> $*.def type $*.exports >> $*.def - link $(LINKFLAGS) /dll /def:$*.def /implib:$*.lib /out:$(TARGET) $(OBJECTS) hack-disabled.obj ..\libopensc\opensc.lib ..\scconf\scconf.lib ..\pkcs15init\pkcs15init.lib ..\common\common.lib winscard.lib $(OPENSSL_LIB) $(LIBLTDL) gdi32.lib + link $(LINKFLAGS) /dll /def:$*.def /implib:$*.lib /out:$(TARGET) $(OBJECTS) hack-disabled.obj ..\libopensc\opensc.lib ..\scconf\scconf.lib ..\pkcs15init\pkcs15init.lib ..\common\common.lib $(OPENSSL_LIB) gdi32.lib if EXIST $(TARGET).manifest mt -manifest $(TARGET).manifest -outputresource:$(TARGET);2 -$(TARGET2): $(OBJECTS2) - lib /nologo /machine:ix86 /out:$(TARGET2) $(OBJECTS2) $(LIBLTDL_LIB) - $(TARGET3): $(OBJECTS3) ..\libopensc\opensc.lib echo LIBRARY $* > $*.def echo EXPORTS >> $*.def type $*.exports >> $*.def - link $(LINKFLAGS) /dll /def:$*.def /implib:$*.lib /out:$(TARGET3) $(OBJECTS3) ..\libopensc\opensc.lib $(OPENSSL_LIB) $(LIBLTDL_LIB) gdi32.lib advapi32.lib + link $(LINKFLAGS) /dll /def:$*.def /implib:$*.lib /out:$(TARGET3) $(OBJECTS3) ..\libopensc\opensc.lib ..\common\libpkcs11.lib $(OPENSSL_LIB) gdi32.lib advapi32.lib if EXIST $(TARGET3).manifest mt -manifest $(TARGET3).manifest -outputresource:$(TARGET3);2 diff -Nru opensc-0.11.13/src/pkcs11/mechanism.c opensc-0.12.1/src/pkcs11/mechanism.c --- opensc-0.11.13/src/pkcs11/mechanism.c 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/pkcs11/mechanism.c 2011-05-17 17:07:00.000000000 +0000 @@ -4,8 +4,11 @@ * Copyright (C) 2002 Olaf Kirch */ +#include "config.h" + #include #include + #include "sc-pkcs11.h" /* Also used for verification data */ @@ -52,7 +55,7 @@ * Look up a mechanism */ sc_pkcs11_mechanism_type_t * -sc_pkcs11_find_mechanism(struct sc_pkcs11_card *p11card, CK_MECHANISM_TYPE mech, int flags) +sc_pkcs11_find_mechanism(struct sc_pkcs11_card *p11card, CK_MECHANISM_TYPE mech, unsigned int flags) { sc_pkcs11_mechanism_type_t *mt; unsigned int n; @@ -83,7 +86,7 @@ for (n = 0; n < p11card->nmechanisms; n++) { if (!(mt = p11card->mechanisms[n])) continue; - if (count < *pulCount && pList) + if (pList && count < *pulCount) pList[count] = mt->mech; count++; } @@ -117,7 +120,7 @@ { sc_pkcs11_operation_t *res; - res = (sc_pkcs11_operation_t *) calloc(1, type->obj_size); + res = calloc(1, type->obj_size); if (res) { res->session = session; res->type = type; @@ -196,7 +199,7 @@ CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen) { sc_pkcs11_operation_t *op; - int rv; + CK_RV rv; rv = session_get_operation(session, SC_PKCS11_OPERATION_DIGEST, &op); if (rv != CKR_OK) @@ -343,7 +346,7 @@ struct signature_data *data; int rv; - if (!(data = (struct signature_data *) calloc(1, sizeof(*data)))) + if (!(data = calloc(1, sizeof(*data)))) return CKR_HOST_MEMORY; data->info = NULL; @@ -432,16 +435,34 @@ CK_RV rv; key = ((struct signature_data *) operation->priv_data)->key; - rv = key->ops->get_attribute(operation->session, key, &attr); - - /* convert bits to bytes */ - if (rv == CKR_OK) - *pLength = (*pLength + 7) / 8; - - if (rv == CKR_OK) { - rv = key->ops->get_attribute(operation->session, key, &attr_key_type); - if (rv == CKR_OK && key_type == CKK_GOSTR3410) - *pLength *= 2; + /* + * EC and GOSTR do not have CKA_MODULUS_BITS attribute. + * But other code in framework treats them as if they do. + * So should do switch(key_type) + * and then get what ever attributes are needed. + */ + rv = key->ops->get_attribute(operation->session, key, &attr_key_type); + if (rv == CKR_OK) { + switch(key_type) { + case CKK_RSA: + rv = key->ops->get_attribute(operation->session, key, &attr); + /* convert bits to bytes */ + if (rv == CKR_OK) + *pLength = (*pLength + 7) / 8; + break; + case CKK_EC: + /* TODO: -DEE we should use something other then CKA_MODULUS_BITS... */ + rv = key->ops->get_attribute(operation->session, key, &attr); + *pLength = ((*pLength + 7)/8) * 2 ; /* 2*nLen in bytes */ + break; + case CKK_GOSTR3410: + rv = key->ops->get_attribute(operation->session, key, &attr); + if (rv == CKR_OK) + *pLength = (*pLength + 7) / 8 * 2; + break; + default: + rv = CKR_MECHANISM_INVALID; + } } return rv; @@ -560,7 +581,7 @@ struct signature_data *data; int rv; - if (!(data = (struct signature_data *) calloc(1, sizeof(*data)))) + if (!(data = calloc(1, sizeof(*data)))) return CKR_HOST_MEMORY; data->info = NULL; @@ -633,7 +654,7 @@ rv = key->ops->get_attribute(operation->session, key, &attr); if (rv != CKR_OK) return rv; - pubkey_value = (unsigned char *) malloc(attr.ulValueLen); + pubkey_value = malloc(attr.ulValueLen); attr.pValue = pubkey_value; rv = key->ops->get_attribute(operation->session, key, &attr); if (rv != CKR_OK) @@ -729,7 +750,7 @@ { struct signature_data *data; - if (!(data = (struct signature_data *) calloc(1, sizeof(*data)))) + if (!(data = calloc(1, sizeof(*data)))) return CKR_HOST_MEMORY; data->key = key; @@ -767,7 +788,7 @@ { sc_pkcs11_mechanism_type_t *mt; - mt = (sc_pkcs11_mechanism_type_t *) calloc(1, sizeof(*mt)); + mt = calloc(1, sizeof(*mt)); if (mt == NULL) return mt; mt->mech = mech; @@ -790,7 +811,10 @@ #endif } if (pInfo->flags & CKF_UNWRAP) { - /* ... */ + /* TODO */ + } + if (pInfo->flags & CKF_DERIVE) { + /* TODO: -DEE CKM_ECDH1_COFACTOR_DERIVE for PIV */ } if (pInfo->flags & CKF_DECRYPT) { mt->decrypt_init = sc_pkcs11_decrypt_init; @@ -809,7 +833,6 @@ #ifdef ENABLE_OPENSSL sc_pkcs11_register_openssl_mechanisms(p11card); #endif - return CKR_OK; } @@ -833,16 +856,16 @@ /* These hash-based mechs can only be used for sign/verify */ mech_info.flags &= (CKF_SIGN | CKF_SIGN_RECOVER | CKF_VERIFY | CKF_VERIFY_RECOVER); - info = (struct hash_signature_info *) calloc(1, sizeof(*info)); + info = calloc(1, sizeof(*info)); info->mech = mech; info->sign_type = sign_type; info->hash_type = hash_type; info->sign_mech = sign_type->mech; info->hash_mech = hash_mech; - new_type = sc_pkcs11_new_fw_mechanism(mech, &mech_info, - sign_type->key_type, info); - if (new_type) - sc_pkcs11_register_mechanism(p11card, new_type); - return CKR_OK; + new_type = sc_pkcs11_new_fw_mechanism(mech, &mech_info, sign_type->key_type, info); + + if (!new_type) + return CKR_HOST_MEMORY; + return sc_pkcs11_register_mechanism(p11card, new_type); } diff -Nru opensc-0.11.13/src/pkcs11/misc.c opensc-0.12.1/src/pkcs11/misc.c --- opensc-0.11.13/src/pkcs11/misc.c 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/pkcs11/misc.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,28 +18,45 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +#include "config.h" + #include #include + #include "sc-pkcs11.h" #define DUMP_TEMPLATE_MAX 32 -void strcpy_bp(u8 *dst, const char *src, size_t dstsize) +struct sc_to_cryptoki_error_conversion { + const char *context; + int sc_error; + CK_RV ck_error; +}; + +static struct sc_to_cryptoki_error_conversion sc_to_cryptoki_error_map[] = { + { "C_GenerateKeyPair", SC_ERROR_INVALID_PIN_LENGTH, CKR_GENERAL_ERROR }, + {NULL, 0, 0} +}; + + +void strcpy_bp(u8 * dst, const char *src, size_t dstsize) { size_t c; if (!dst || !src || !dstsize) return; - memset((char *) dst, ' ', dstsize); - + memset((char *)dst, ' ', dstsize); + c = strlen(src) > dstsize ? dstsize : strlen(src); - - memcpy((char *) dst, src, c); + + memcpy((char *)dst, src, c); } -CK_RV sc_to_cryptoki_error(int rc, int reader) + +static CK_RV sc_to_cryptoki_error_common(int rc) { + sc_debug(context, SC_LOG_DEBUG_NORMAL, "libopensc return value: %d (%s)\n", rc, sc_strerror(rc)); switch (rc) { case SC_SUCCESS: return CKR_OK; @@ -54,7 +71,6 @@ case SC_ERROR_BUFFER_TOO_SMALL: return CKR_BUFFER_TOO_SMALL; case SC_ERROR_CARD_NOT_PRESENT: - card_removed(reader); return CKR_TOKEN_NOT_PRESENT; case SC_ERROR_INVALID_CARD: return CKR_TOKEN_NOT_RECOGNIZED; @@ -76,100 +92,49 @@ case SC_ERROR_INVALID_DATA: case SC_ERROR_INCORRECT_PARAMETERS: return CKR_DATA_INVALID; + case SC_ERROR_CARD_UNRESPONSIVE: + case SC_ERROR_READER_LOCKED: + return CKR_DEVICE_ERROR; + case SC_ERROR_READER_DETACHED: + return CKR_TOKEN_NOT_PRESENT; /* Maybe CKR_DEVICE_REMOVED ? */ + case SC_ERROR_NOT_ENOUGH_MEMORY: + return CKR_DEVICE_MEMORY; + case SC_ERROR_MEMORY_FAILURE: /* EEPROM has failed */ + return CKR_DEVICE_ERROR; } - sc_debug(context, "opensc error: %s (%d)\n", sc_strerror(rc), rc); return CKR_GENERAL_ERROR; } -/* Pool */ -CK_RV pool_initialize(struct sc_pkcs11_pool *pool, int type) -{ - pool->type = type; - pool->next_free_handle = 1; - pool->num_items = 0; - pool->head = pool->tail = NULL; - - return CKR_OK; -} - -CK_RV pool_insert(struct sc_pkcs11_pool *pool, void *item_ptr, CK_ULONG_PTR pHandle) -{ - struct sc_pkcs11_pool_item *item; - int handle = pool->next_free_handle++; - - item = (struct sc_pkcs11_pool_item*) malloc(sizeof(struct sc_pkcs11_pool_item)); - - if (pHandle != NULL) - *pHandle = handle; - - item->handle = handle; - item->item = item_ptr; - item->next = NULL; - item->prev = pool->tail; - - if (pool->head != NULL && pool->tail != NULL) { - pool->tail->next = item; - pool->tail = item; - } else - pool->head = pool->tail = item; - - return CKR_OK; -} -CK_RV pool_find(struct sc_pkcs11_pool *pool, CK_ULONG handle, void **item_ptr) +CK_RV sc_to_cryptoki_error(int rc, const char *ctx) { - struct sc_pkcs11_pool_item *item; - - if (context == NULL) - return CKR_CRYPTOKI_NOT_INITIALIZED; - - for (item = pool->head; item != NULL; item = item->next) { - if (item->handle == handle) { - *item_ptr = item->item; - return CKR_OK; + if (ctx) + { + int ii; + + for (ii = 0; sc_to_cryptoki_error_map[ii].context; ii++) { + if (sc_to_cryptoki_error_map[ii].sc_error != rc) + continue; + if (strcmp(sc_to_cryptoki_error_map[ii].context, ctx)) + continue; + return sc_to_cryptoki_error_map[ii].ck_error; } } - - return (pool->type == POOL_TYPE_OBJECT)? CKR_OBJECT_HANDLE_INVALID - : CKR_SESSION_HANDLE_INVALID; + return sc_to_cryptoki_error_common(rc); } -CK_RV pool_find_and_delete(struct sc_pkcs11_pool *pool, CK_ULONG handle, void **item_ptr) -{ - struct sc_pkcs11_pool_item *item; - - if (context == NULL) - return CKR_CRYPTOKI_NOT_INITIALIZED; - - for (item = pool->head; item != NULL; item = item->next) { - if (handle == 0 || item->handle == handle) { - if (item->prev) item->prev->next = item->next; - if (item->next) item->next->prev = item->prev; - if (pool->head == item) pool->head = item->next; - if (pool->tail == item) pool->tail = item->prev; - - *item_ptr = item->item; - free(item); - - return CKR_OK; - } - } - - return (pool->type == POOL_TYPE_OBJECT)? CKR_OBJECT_HANDLE_INVALID - : CKR_SESSION_HANDLE_INVALID; -} /* Session manipulation */ -CK_RV session_start_operation(struct sc_pkcs11_session *session, - int type, - sc_pkcs11_mechanism_type_t *mech, - struct sc_pkcs11_operation **operation) +CK_RV session_start_operation(struct sc_pkcs11_session * session, + int type, sc_pkcs11_mechanism_type_t * mech, struct sc_pkcs11_operation ** operation) { sc_pkcs11_operation_t *op; if (context == NULL) return CKR_CRYPTOKI_NOT_INITIALIZED; + SC_FUNC_CALLED(context, SC_LOG_DEBUG_NORMAL); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "Session 0x%lx, type %d", session->handle, type); if (type < 0 || type >= SC_PKCS11_OPERATION_MAX) return CKR_ARGUMENTS_BAD; @@ -186,11 +151,12 @@ return CKR_OK; } -CK_RV session_get_operation(struct sc_pkcs11_session *session, int type, - sc_pkcs11_operation_t **operation) +CK_RV session_get_operation(struct sc_pkcs11_session * session, int type, sc_pkcs11_operation_t ** operation) { sc_pkcs11_operation_t *op; + SC_FUNC_CALLED(context, SC_LOG_DEBUG_NORMAL); + if (type < 0 || type >= SC_PKCS11_OPERATION_MAX) return CKR_ARGUMENTS_BAD; @@ -203,7 +169,7 @@ return CKR_OK; } -CK_RV session_stop_operation(struct sc_pkcs11_session *session, int type) +CK_RV session_stop_operation(struct sc_pkcs11_session * session, int type) { if (type < 0 || type >= SC_PKCS11_OPERATION_MAX) return CKR_ARGUMENTS_BAD; @@ -215,9 +181,9 @@ return CKR_OK; } -CK_RV attr_extract(CK_ATTRIBUTE_PTR pAttr, void *ptr, size_t *sizep) +CK_RV attr_extract(CK_ATTRIBUTE_PTR pAttr, void *ptr, size_t * sizep) { - unsigned int size; + unsigned int size; if (sizep) { size = *sizep; @@ -227,17 +193,23 @@ } else { switch (pAttr->type) { case CKA_CLASS: - size = sizeof(CK_OBJECT_CLASS); break; + size = sizeof(CK_OBJECT_CLASS); + break; case CKA_KEY_TYPE: - size = sizeof(CK_KEY_TYPE); break; + size = sizeof(CK_KEY_TYPE); + break; case CKA_PRIVATE: - size = sizeof(CK_BBOOL); break; + size = sizeof(CK_BBOOL); + break; case CKA_CERTIFICATE_TYPE: - size = sizeof(CK_CERTIFICATE_TYPE); break; + size = sizeof(CK_CERTIFICATE_TYPE); + break; case CKA_MODULUS_BITS: - size = sizeof(CK_ULONG); break; + size = sizeof(CK_ULONG); + break; case CKA_OBJECT_ID: - size = sizeof(struct sc_object_id); break; + size = sizeof(struct sc_object_id); + break; default: return CKR_FUNCTION_FAILED; } @@ -248,10 +220,9 @@ return CKR_OK; } -CK_RV attr_find(CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, - CK_ULONG type, void *ptr, size_t *sizep) +CK_RV attr_find(CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_ULONG type, void *ptr, size_t * sizep) { - unsigned int n; + unsigned int n; for (n = 0; n < ulCount; n++, pTemplate++) { if (pTemplate->type == type) @@ -264,11 +235,10 @@ } CK_RV attr_find2(CK_ATTRIBUTE_PTR pTemp1, CK_ULONG ulCount1, - CK_ATTRIBUTE_PTR pTemp2, CK_ULONG ulCount2, - CK_ULONG type, void *ptr, size_t *sizep) + CK_ATTRIBUTE_PTR pTemp2, CK_ULONG ulCount2, CK_ULONG type, void *ptr, size_t * sizep) { CK_RV rv; - + rv = attr_find(pTemp1, ulCount1, type, ptr, sizep); if (rv != CKR_OK) rv = attr_find(pTemp2, ulCount2, type, ptr, sizep); @@ -276,10 +246,9 @@ return rv; } -CK_RV attr_find_ptr(CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, - CK_ULONG type, void **ptr, size_t *sizep) +CK_RV attr_find_ptr(CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_ULONG type, void **ptr, size_t * sizep) { - unsigned int n; + unsigned int n; for (n = 0; n < ulCount; n++, pTemplate++) { if (pTemplate->type == type) @@ -295,10 +264,9 @@ return CKR_OK; } -CK_RV attr_find_var(CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, - CK_ULONG type, void *ptr, size_t *sizep) +CK_RV attr_find_var(CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_ULONG type, void *ptr, size_t * sizep) { - unsigned int n; + unsigned int n; for (n = 0; n < ulCount; n++, pTemplate++) { if (pTemplate->type == type) @@ -311,19 +279,20 @@ return attr_extract(pTemplate, ptr, sizep); } -void load_pkcs11_parameters(struct sc_pkcs11_config *conf, sc_context_t *ctx) +void load_pkcs11_parameters(struct sc_pkcs11_config *conf, sc_context_t * ctx) { scconf_block *conf_block = NULL; + char *unblock_style = NULL; /* Set defaults */ conf->plug_and_play = 1; conf->max_virtual_slots = 16; conf->slots_per_card = 4; conf->hide_empty_tokens = 1; - conf->lock_login = 1; - conf->cache_pins = 1; - conf->soft_keygen_allowed = 0; - + conf->lock_login = 0; + conf->pin_unblock_style = SC_PKCS11_PIN_UNBLOCK_NOT_ALLOWED; + conf->create_puk_slot = 0; + conf->zero_ckaid_for_ca_certs = 0; conf_block = sc_get_conf_block(ctx, "pkcs11", NULL, 1); if (!conf_block) @@ -332,11 +301,24 @@ /* contains the defaults, if there is a "pkcs11" config block */ conf->plug_and_play = scconf_get_bool(conf_block, "plug_and_play", conf->plug_and_play); conf->max_virtual_slots = scconf_get_int(conf_block, "max_virtual_slots", conf->max_virtual_slots); - /*XXX: rename the option in 0.12+ */ - conf->slots_per_card = scconf_get_int(conf_block, "num_slots", conf->slots_per_card); conf->slots_per_card = scconf_get_int(conf_block, "slots_per_card", conf->slots_per_card); conf->hide_empty_tokens = scconf_get_bool(conf_block, "hide_empty_tokens", conf->hide_empty_tokens); conf->lock_login = scconf_get_bool(conf_block, "lock_login", conf->lock_login); - conf->cache_pins = scconf_get_bool(conf_block, "cache_pins", conf->cache_pins); - conf->soft_keygen_allowed = scconf_get_bool(conf_block, "soft_keygen_allowed", conf->soft_keygen_allowed); + + unblock_style = (char *)scconf_get_str(conf_block, "user_pin_unblock_style", NULL); + if (unblock_style && !strcmp(unblock_style, "set_pin_in_unlogged_session")) + conf->pin_unblock_style = SC_PKCS11_PIN_UNBLOCK_UNLOGGED_SETPIN; + else if (unblock_style && !strcmp(unblock_style, "set_pin_in_specific_context")) + conf->pin_unblock_style = SC_PKCS11_PIN_UNBLOCK_SCONTEXT_SETPIN; + else if (unblock_style && !strcmp(unblock_style, "init_pin_in_so_session")) + conf->pin_unblock_style = SC_PKCS11_PIN_UNBLOCK_SO_LOGGED_INITPIN; + + conf->create_puk_slot = scconf_get_bool(conf_block, "create_puk_slot", conf->create_puk_slot); + conf->zero_ckaid_for_ca_certs = scconf_get_bool(conf_block, "zero_ckaid_for_ca_certs", conf->zero_ckaid_for_ca_certs); + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "PKCS#11 options: plug_and_play=%d max_virtual_slots=%d slots_per_card=%d " + "hide_empty_tokens=%d lock_login=%d pin_unblock_style=%d zero_ckaid_for_ca_certs=%d", + conf->plug_and_play, conf->max_virtual_slots, conf->slots_per_card, + conf->hide_empty_tokens, conf->lock_login, conf->pin_unblock_style, + conf->zero_ckaid_for_ca_certs); } diff -Nru opensc-0.11.13/src/pkcs11/openssl.c opensc-0.12.1/src/pkcs11/openssl.c --- opensc-0.11.13/src/pkcs11/openssl.c 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/pkcs11/openssl.c 2011-05-17 17:07:00.000000000 +0000 @@ -5,23 +5,29 @@ * Copyright (C) 2002 Olaf Kirch */ -#include -#include "sc-pkcs11.h" +#include "config.h" -#ifdef ENABLE_OPENSSL +#ifdef ENABLE_OPENSSL /* empty file without openssl */ +#include #include #include #include #include #if OPENSSL_VERSION_NUMBER >= 0x10000000L #include -#include /* for OPENSSL_NO_EC */ +#include /* for OPENSSL_NO_* */ #ifndef OPENSSL_NO_EC #include #endif /* OPENSSL_NO_EC */ +#ifndef OPENSSL_NO_ENGINE +#include +#endif /* OPENSSL_NO_ENGINE */ #include +#include #endif /* OPENSSL_VERSION_NUMBER >= 0x10000000L */ +#include "sc-pkcs11.h" + static CK_RV sc_pkcs11_openssl_md_init(sc_pkcs11_operation_t *); static CK_RV sc_pkcs11_openssl_md_update(sc_pkcs11_operation_t *, CK_BYTE_PTR, CK_ULONG); @@ -31,85 +37,195 @@ static sc_pkcs11_mechanism_type_t openssl_sha1_mech = { CKM_SHA_1, - { 0, 0, CKF_DIGEST }, 0, + { 0, 0, CKF_DIGEST }, + 0, sizeof(struct sc_pkcs11_operation), sc_pkcs11_openssl_md_release, sc_pkcs11_openssl_md_init, sc_pkcs11_openssl_md_update, - sc_pkcs11_openssl_md_final + sc_pkcs11_openssl_md_final, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL }; #if OPENSSL_VERSION_NUMBER >= 0x00908000L static sc_pkcs11_mechanism_type_t openssl_sha256_mech = { CKM_SHA256, - { 0, 0, CKF_DIGEST }, 0, + { 0, 0, CKF_DIGEST }, + 0, sizeof(struct sc_pkcs11_operation), sc_pkcs11_openssl_md_release, sc_pkcs11_openssl_md_init, sc_pkcs11_openssl_md_update, - sc_pkcs11_openssl_md_final + sc_pkcs11_openssl_md_final, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL }; static sc_pkcs11_mechanism_type_t openssl_sha384_mech = { CKM_SHA384, - { 0, 0, CKF_DIGEST }, 0, + { 0, 0, CKF_DIGEST }, + 0, sizeof(struct sc_pkcs11_operation), sc_pkcs11_openssl_md_release, sc_pkcs11_openssl_md_init, sc_pkcs11_openssl_md_update, - sc_pkcs11_openssl_md_final + sc_pkcs11_openssl_md_final, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL }; static sc_pkcs11_mechanism_type_t openssl_sha512_mech = { CKM_SHA512, - { 0, 0, CKF_DIGEST }, 0, + { 0, 0, CKF_DIGEST }, + 0, sizeof(struct sc_pkcs11_operation), sc_pkcs11_openssl_md_release, sc_pkcs11_openssl_md_init, sc_pkcs11_openssl_md_update, - sc_pkcs11_openssl_md_final + sc_pkcs11_openssl_md_final, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL }; #endif #if OPENSSL_VERSION_NUMBER >= 0x10000000L static sc_pkcs11_mechanism_type_t openssl_gostr3411_mech = { CKM_GOSTR3411, - { 0, 0, CKF_DIGEST }, 0, + { 0, 0, CKF_DIGEST }, + 0, sizeof(struct sc_pkcs11_operation), sc_pkcs11_openssl_md_release, sc_pkcs11_openssl_md_init, sc_pkcs11_openssl_md_update, - sc_pkcs11_openssl_md_final + sc_pkcs11_openssl_md_final, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL }; #endif static sc_pkcs11_mechanism_type_t openssl_md5_mech = { CKM_MD5, - { 0, 0, CKF_DIGEST }, 0, + { 0, 0, CKF_DIGEST }, + 0, sizeof(struct sc_pkcs11_operation), sc_pkcs11_openssl_md_release, sc_pkcs11_openssl_md_init, sc_pkcs11_openssl_md_update, - sc_pkcs11_openssl_md_final + sc_pkcs11_openssl_md_final, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL }; static sc_pkcs11_mechanism_type_t openssl_ripemd160_mech = { CKM_RIPEMD160, - { 0, 0, CKF_DIGEST }, 0, + { 0, 0, CKF_DIGEST }, + 0, sizeof(struct sc_pkcs11_operation), sc_pkcs11_openssl_md_release, sc_pkcs11_openssl_md_init, sc_pkcs11_openssl_md_update, - sc_pkcs11_openssl_md_final + sc_pkcs11_openssl_md_final, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL }; void sc_pkcs11_register_openssl_mechanisms(struct sc_pkcs11_card *card) { -#if OPENSSL_VERSION_NUMBER >= 0x10000000L - /* FIXME: see openssl-1.0.0-beta3/engines/ccgost/README.gost */ - OPENSSL_config(NULL); -#endif +#if OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_ENGINE) + void (*locking_cb)(int, int, const char *, int); + ENGINE *e; + + locking_cb = CRYPTO_get_locking_callback(); + if (locking_cb) + CRYPTO_set_locking_callback(NULL); + + e = ENGINE_by_id("gost"); + if (!e) + { +#if !defined(OPENSSL_NO_STATIC_ENGINE) && !defined(OPENSSL_NO_GOST) + ENGINE_load_gost(); + e = ENGINE_by_id("gost"); +#else + /* try to load dynamic gost engine */ + e = ENGINE_by_id("dynamic"); + if (!e) { + ENGINE_load_dynamic(); + e = ENGINE_by_id("dynamic"); + } + if (e && (!ENGINE_ctrl_cmd_string(e, "SO_PATH", "gost", 0) || + !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))) { + ENGINE_free(e); + e = NULL; + } +#endif /* !OPENSSL_NO_STATIC_ENGINE && !OPENSSL_NO_GOST */ + } + if (e) { + ENGINE_set_default(e, ENGINE_METHOD_ALL); + ENGINE_free(e); + } + + if (locking_cb) + CRYPTO_set_locking_callback(locking_cb); +#endif /* OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_ENGINE) */ + openssl_sha1_mech.mech_data = EVP_sha1(); sc_pkcs11_register_mechanism(card, &openssl_sha1_mech); #if OPENSSL_VERSION_NUMBER >= 0x00908000L @@ -146,7 +262,7 @@ if (!op || !(mt = op->type) || !(md = (EVP_MD *) mt->mech_data)) return CKR_ARGUMENTS_BAD; - if (!(md_ctx = (EVP_MD_CTX *) calloc(1, sizeof(*md_ctx)))) + if (!(md_ctx = calloc(1, sizeof(*md_ctx)))) return CKR_HOST_MEMORY; EVP_DigestInit(md_ctx, md); op->priv_data = md_ctx; @@ -163,15 +279,16 @@ static CK_RV sc_pkcs11_openssl_md_final(sc_pkcs11_operation_t *op, CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen) { - EVP_MD_CTX *md_ctx = DIGEST_CTX(op); - CK_ULONG len = *pulDigestLen; + EVP_MD_CTX *md_ctx = DIGEST_CTX(op); - if (len < (CK_ULONG)EVP_MD_CTX_size(md_ctx)) { + if (*pulDigestLen < (unsigned) EVP_MD_CTX_size(md_ctx)) { + sc_debug(context, SC_LOG_DEBUG_NORMAL, "Provided buffer too small: %ul < %d", + *pulDigestLen, EVP_MD_CTX_size(md_ctx)); *pulDigestLen = EVP_MD_CTX_size(md_ctx); return CKR_BUFFER_TOO_SMALL; } - EVP_DigestFinal(md_ctx, pDigest, &len); - *pulDigestLen = len; + + EVP_DigestFinal(md_ctx, pDigest, (unsigned *) pulDigestLen); return CKR_OK; } @@ -185,73 +302,6 @@ op->priv_data = NULL; } -static int -do_convert_bignum(sc_pkcs15_bignum_t *dst, BIGNUM *src) -{ - if (src == 0) - return 0; - dst->len = BN_num_bytes(src); - dst->data = (u8 *) malloc(dst->len); - if (dst->data == NULL) - return 0; - BN_bn2bin(src, dst->data); - return 1; -} - -CK_RV -sc_pkcs11_gen_keypair_soft(CK_KEY_TYPE keytype, CK_ULONG keybits, - struct sc_pkcs15_prkey *privkey, struct sc_pkcs15_pubkey *pubkey) -{ - switch (keytype) { - case CKK_RSA: { - RSA *rsa; - BIO *err; - struct sc_pkcs15_prkey_rsa *sc_priv = &privkey->u.rsa; - struct sc_pkcs15_pubkey_rsa *sc_pub = &pubkey->u.rsa; - - err = BIO_new(BIO_s_mem()); - rsa = RSA_generate_key(keybits, 0x10001, NULL, err); - BIO_free(err); - if (rsa == NULL) { - sc_debug(context, "RSA_generate_key() failed\n"); - return CKR_FUNCTION_FAILED; - } - - privkey->algorithm = pubkey->algorithm = SC_ALGORITHM_RSA; - - if (!do_convert_bignum(&sc_priv->modulus, rsa->n) - || !do_convert_bignum(&sc_priv->exponent, rsa->e) - || !do_convert_bignum(&sc_priv->d, rsa->d) - || !do_convert_bignum(&sc_priv->p, rsa->p) - || !do_convert_bignum(&sc_priv->q, rsa->q)) { - sc_debug(context, "do_convert_bignum() failed\n"); - RSA_free(rsa); - return CKR_FUNCTION_FAILED; - } - if (rsa->iqmp && rsa->dmp1 && rsa->dmq1) { - do_convert_bignum(&sc_priv->iqmp, rsa->iqmp); - do_convert_bignum(&sc_priv->dmp1, rsa->dmp1); - do_convert_bignum(&sc_priv->dmq1, rsa->dmq1); - } - - if (!do_convert_bignum(&sc_pub->modulus, rsa->n) - || !do_convert_bignum(&sc_pub->exponent, rsa->e)) { - sc_debug(context, "do_convert_bignum() failed\n"); - RSA_free(rsa); - return CKR_FUNCTION_FAILED; - } - - RSA_free(rsa); - - break; - } - default: - return CKR_MECHANISM_PARAM_INVALID; - } - - return CKR_OK; -} - #if OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_EC) static void reverse(unsigned char *buf, size_t len) @@ -379,7 +429,7 @@ else if (res == 0) return CKR_SIGNATURE_INVALID; else { - sc_debug(context, "EVP_VerifyFinal() returned %d\n", res); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "EVP_VerifyFinal() returned %d\n", res); return CKR_GENERAL_ERROR; } } @@ -405,7 +455,7 @@ if (rsa == NULL) return CKR_DEVICE_MEMORY; - rsa_out = (unsigned char *) malloc(RSA_size(rsa)); + rsa_out = malloc(RSA_size(rsa)); if (rsa_out == NULL) { RSA_free(rsa); return CKR_DEVICE_MEMORY; @@ -415,7 +465,7 @@ RSA_free(rsa); if(rsa_outlen <= 0) { free(rsa_out); - sc_debug(context, "RSA_public_decrypt() returned %d\n", rsa_outlen); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "RSA_public_decrypt() returned %d\n", rsa_outlen); return CKR_GENERAL_ERROR; } diff -Nru opensc-0.11.13/src/pkcs11/pkcs11-display.c opensc-0.12.1/src/pkcs11/pkcs11-display.c --- opensc-0.11.13/src/pkcs11/pkcs11-display.c 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/pkcs11/pkcs11-display.c 2011-05-17 17:07:00.000000000 +0000 @@ -17,12 +17,12 @@ * USA */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #ifdef ENABLE_OPENSSL #include #endif + #include "pkcs11-display.h" /* Some Netscape/Mozilla-specific stuff: @@ -84,6 +84,17 @@ #define CKA_CERT_MD5_HASH (CKA_TRUST + 101) +static char *buf_spec(CK_VOID_PTR buf_addr, CK_ULONG buf_len) +{ + static char ret[64]; + if (sizeof(CK_VOID_PTR) == 4) { + sprintf(ret, "%08lx / %ld", (unsigned long) buf_addr, (CK_LONG) buf_len); + } else { + sprintf(ret, "%016lx / %ld", (unsigned long) buf_addr, (CK_LONG) buf_len); + } + return ret; +} + void print_enum(FILE *f, CK_LONG type, CK_VOID_PTR value, CK_ULONG size, CK_VOID_PTR arg) { enum_spec *spec = (enum_spec*)arg; @@ -108,8 +119,8 @@ void print_generic(FILE *f, CK_LONG type, CK_VOID_PTR value, CK_ULONG size, CK_VOID_PTR arg) { CK_ULONG i; - if(size != (CK_LONG)(-1) && value != NULL) { - fprintf(f, "[size : 0x%lX (%ld)]\n ", size, size); + if((CK_LONG)size != -1 && value != NULL) { + fprintf(f, "%s\n ", buf_spec(value, size)); for(i = 0; i < size; i++) { if (i != 0) { if ((i % 32) == 0) @@ -134,7 +145,8 @@ print_generic(f, type, value, size, arg); if(size && value) { X509_NAME *name; - name = d2i_X509_NAME(NULL, (const unsigned char **)&value, size); + const unsigned char *tmp = value; + name = d2i_X509_NAME(NULL, &tmp, size); if(name) { BIO *bio = BIO_new(BIO_s_file()); BIO_set_fp(bio, f, 0); @@ -151,8 +163,8 @@ { CK_ULONG i, j; CK_BYTE c; - if(size != (CK_LONG)(-1)) { - fprintf(f, "[size : 0x%lX (%ld)]\n ", size, size); + if((CK_LONG)size != -1) { + fprintf(f, "%s\n ", buf_spec(value, size)); for(i = 0; i < size; i += j) { for(j = 0; ((i + j < size) && (j < 32)); j++) { if (((j % 4) == 0) && (j != 0)) fprintf(f, " "); @@ -519,7 +531,8 @@ static enum_specs ck_usr_s[] = { { CKU_SO, "CKU_SO" }, - { CKU_USER, "CKU_USER" } + { CKU_USER, "CKU_USER" }, + { CKU_CONTEXT_SPECIFIC, "CKU_CONTEXT_SPECIFIC" } }; static enum_specs ck_sta_s[] = { @@ -621,7 +634,7 @@ { CKA_EC_POINT , "CKA_EC_POINT ", print_generic, NULL }, { CKA_SECONDARY_AUTH , "CKA_SECONDARY_AUTH ", print_generic, NULL }, { CKA_AUTH_PIN_FLAGS , "CKA_AUTH_PIN_FLAGS ", print_generic, NULL }, - { CKA_ALWAYS_AUTHENTICATE, "CKA_ALWAYS_AUTHENTICATE ", print_generic, NULL }, + { CKA_ALWAYS_AUTHENTICATE, "CKA_ALWAYS_AUTHENTICATE ", print_boolean, NULL }, { CKA_WRAP_WITH_TRUSTED , "CKA_WRAP_WITH_TRUSTED ", print_generic, NULL }, { CKA_WRAP_TEMPLATE , "CKA_WRAP_TEMPLATE ", print_generic, NULL }, { CKA_UNWRAP_TEMPLATE , "CKA_UNWRAP_TEMPLATE ", print_generic, NULL }, @@ -861,20 +874,20 @@ if(ck_attribute_specs[k].type == pTemplate[j].type) { found = 1; fprintf(f, " %s ", ck_attribute_specs[k].name); - if(pTemplate[j].pValue) { + if(pTemplate[j].pValue && ((CK_LONG) pTemplate[j].ulValueLen) > 0) { ck_attribute_specs[k].display (f, pTemplate[j].type, pTemplate[j].pValue, pTemplate[j].ulValueLen, ck_attribute_specs[k].arg); } else { - fprintf(f, "has size %ld\n", pTemplate[j].ulValueLen); + fprintf(f, "%s\n", buf_spec(pTemplate[j].pValue, pTemplate[j].ulValueLen)); } k = ck_attribute_num; } } if (!found) { fprintf(f, " CKA_? (0x%08lx) ", pTemplate[j].type); - fprintf(f, "has size %ld\n", pTemplate[j].ulValueLen); + fprintf(f, "%s\n", buf_spec(pTemplate[j].pValue, pTemplate[j].ulValueLen)); } } } @@ -890,13 +903,13 @@ if(ck_attribute_specs[k].type == pTemplate[j].type) { found = 1; fprintf(f, " %s ", ck_attribute_specs[k].name); - fprintf(f, "requested with %ld buffer\n", pTemplate[j].ulValueLen); + fprintf(f, "%s\n", buf_spec(pTemplate[j].pValue, pTemplate[j].ulValueLen)); k = ck_attribute_num; } } if (!found) { fprintf(f, " CKA_? (0x%08lx) ", pTemplate[j].type); - fprintf(f, "requested with %ld buffer\n", pTemplate[j].ulValueLen); + fprintf(f, "%s\n", buf_spec(pTemplate[j].pValue, pTemplate[j].ulValueLen)); } } } diff -Nru opensc-0.11.13/src/pkcs11/pkcs11-global.c opensc-0.12.1/src/pkcs11/pkcs11-global.c --- opensc-0.11.13/src/pkcs11/pkcs11-global.c 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/pkcs11/pkcs11-global.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,33 +18,31 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" #include #include #ifdef HAVE_SYS_TIME_H #include #endif + #include "sc-pkcs11.h" sc_context_t *context = NULL; -struct sc_pkcs11_pool session_pool; -struct sc_pkcs11_slot *virtual_slots = NULL; -struct sc_pkcs11_card card_table[SC_MAX_READERS]; struct sc_pkcs11_config sc_pkcs11_conf; +list_t sessions; +list_t virtual_slots; #if !defined(_WIN32) pid_t initialized_pid = (pid_t)-1; #endif - +static int in_finalize = 0; extern CK_FUNCTION_LIST pkcs11_function_list; #if defined(HAVE_PTHREAD) && defined(PKCS11_THREAD_LOCKING) #include CK_RV mutex_create(void **mutex) { - pthread_mutex_t *m = (pthread_mutex_t *) malloc(sizeof(*mutex)); + pthread_mutex_t *m = malloc(sizeof(*mutex)); if (m == NULL) return CKR_GENERAL_ERROR;; pthread_mutex_init(m, NULL); @@ -82,7 +80,7 @@ { CRITICAL_SECTION *m; - m = (CRITICAL_SECTION *) malloc(sizeof(*m)); + m = malloc(sizeof(*m)); if (m == NULL) return CKR_GENERAL_ERROR; InitializeCriticalSection(m); @@ -170,13 +168,34 @@ sc_unlock_mutex, sc_destroy_mutex, NULL }; +/* simclist helpers to locate interesting objects by ID */ +static int session_list_seeker(const void *el, const void *key) { + const struct sc_pkcs11_session *session = (struct sc_pkcs11_session *)el; + if ((el == NULL) || (key == NULL)) + return 0; + if (session->handle == *(CK_SESSION_HANDLE*)key) + return 1; + return 0; +} +static int slot_list_seeker(const void *el, const void *key) { + const struct sc_pkcs11_slot *slot = (struct sc_pkcs11_slot *)el; + if ((el == NULL) || (key == NULL)) + return 0; + if (slot->id == *(CK_SLOT_ID *)key) + return 1; + return 0; +} + + + CK_RV C_Initialize(CK_VOID_PTR pInitArgs) { + CK_RV rv; #if !defined(_WIN32) pid_t current_pid = getpid(); #endif + int rc; unsigned int i; - int rc, rv; sc_context_param_t ctx_opts; /* Handle fork() exception */ @@ -185,10 +204,11 @@ C_Finalize(NULL_PTR); } initialized_pid = current_pid; + in_finalize = 0; #endif if (context != NULL) { - sc_error(context, "C_Initialize(): Cryptoki already initialized\n"); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_Initialize(): Cryptoki already initialized\n"); return CKR_CRYPTOKI_ALREADY_INITIALIZED; } @@ -204,33 +224,39 @@ rc = sc_context_create(&context, &ctx_opts); if (rc != SC_SUCCESS) { - rv = CKR_DEVICE_ERROR; + rv = CKR_GENERAL_ERROR; goto out; } /* Load configuration */ load_pkcs11_parameters(&sc_pkcs11_conf, context); - first_free_slot = 0; - virtual_slots = (struct sc_pkcs11_slot *)malloc( - sizeof (*virtual_slots) * sc_pkcs11_conf.max_virtual_slots - ); - if (virtual_slots == NULL) { - rv = CKR_HOST_MEMORY; - goto out; + /* List of sessions */ + list_init(&sessions); + list_attributes_seeker(&sessions, session_list_seeker); + + /* List of slots */ + list_init(&virtual_slots); + list_attributes_seeker(&virtual_slots, slot_list_seeker); + + /* Create a slot for a future "PnP" stuff. */ + if (sc_pkcs11_conf.plug_and_play) { + create_slot(NULL); + } + /* Create slots for readers found on initialization */ + for (i=0; ievents = 0; /* Initially there are no events */ + } out: if (context != NULL) - sc_debug(context, "C_Initialize: result = %d\n", rv); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_Initialize() = %s", lookup_enum ( RV_T, rv )); if (rv != CKR_OK) { if (context != NULL) { @@ -247,8 +273,13 @@ CK_RV C_Finalize(CK_VOID_PTR pReserved) { int i; + void *p; + sc_pkcs11_slot_t *slot; CK_RV rv; + if (pReserved != NULL_PTR) + return CKR_ARGUMENTS_BAD; + if (context == NULL) return CKR_CRYPTOKI_NOT_INITIALIZED; @@ -256,24 +287,29 @@ if (rv != CKR_OK) return rv; - if (pReserved != NULL_PTR) { - rv = CKR_ARGUMENTS_BAD; - goto out; - } - - sc_debug(context, "Shutting down Cryptoki\n"); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_Finalize()"); + + /* cancel pending calls */ + in_finalize = 1; + sc_cancel(context); + /* remove all cards from readers */ for (i=0; i < (int)sc_ctx_get_reader_count(context); i++) - card_removed(i); + card_removed(sc_ctx_get_reader(context, i)); + + while ((p = list_fetch(&sessions))) + free(p); + list_destroy(&sessions); - if (virtual_slots) { - free(virtual_slots); - virtual_slots = NULL; + while ((slot = list_fetch(&virtual_slots))) { + list_destroy(&slot->objects); + free(slot); } + list_destroy(&virtual_slots); sc_release_context(context); context = NULL; -out: /* Release and destroy the mutex */ + /* Release and destroy the mutex */ sc_pkcs11_free_lock(); return rv; @@ -283,16 +319,14 @@ { CK_RV rv = CKR_OK; + if (pInfo == NULL_PTR) + return CKR_ARGUMENTS_BAD; + rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; - if (pInfo == NULL_PTR) { - rv = CKR_ARGUMENTS_BAD; - goto out; - } - - sc_debug(context, "Cryptoki info query\n"); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_GetInfo()"); memset(pInfo, 0, sizeof(CK_INFO)); pInfo->cryptokiVersion.major = 2; @@ -301,12 +335,12 @@ "OpenSC (www.opensc-project.org)", sizeof(pInfo->manufacturerID)); strcpy_bp(pInfo->libraryDescription, - "smart card PKCS#11 API", + "Smart card PKCS#11 API", sizeof(pInfo->libraryDescription)); pInfo->libraryVersion.major = 0; pInfo->libraryVersion.minor = 0; /* FIXME: use 0.116 for 0.11.6 from autoconf */ -out: sc_pkcs11_unlock(); + sc_pkcs11_unlock(); return rv; } @@ -327,50 +361,59 @@ unsigned int i; CK_ULONG numMatches; sc_pkcs11_slot_t *slot; + sc_reader_t *prev_reader = NULL; CK_RV rv; + if (pulCount == NULL_PTR) + return CKR_ARGUMENTS_BAD; + if ((rv = sc_pkcs11_lock()) != CKR_OK) { return rv; } - if (pulCount == NULL_PTR) { - rv = CKR_ARGUMENTS_BAD; - goto out; - } - - if ( - (found = (CK_SLOT_ID_PTR)malloc ( - sizeof (*found) * sc_pkcs11_conf.max_virtual_slots - )) == NULL - ) { - rv = CKR_HOST_MEMORY; - goto out; - } + sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_GetSlotList(token=%d, %s)", tokenPresent, + (pSlotList==NULL_PTR && sc_pkcs11_conf.plug_and_play)? "plug-n-play":"refresh"); - sc_debug(context, "Getting slot listing\n"); /* Slot list can only change in v2.20 */ if (pSlotList == NULL_PTR && sc_pkcs11_conf.plug_and_play) { - sc_ctx_detect_readers(context); + /* Trick NSS into updating the slot list by changing the hotplug slot ID */ + sc_pkcs11_slot_t *hotplug_slot = list_get_at(&virtual_slots, 0); + hotplug_slot->id--; + sc_ctx_detect_readers(context); } + card_detect_all(); - numMatches = 0; - for (i=0; islot_info.flags & CKF_TOKEN_PRESENT)) - found[numMatches++] = i; + if (found == NULL) { + rv = CKR_HOST_MEMORY; + goto out; + } + + prev_reader = NULL; + numMatches = 0; + for (i=0; ireader || (!tokenPresent && slot->reader != prev_reader) || (slot->slot_info.flags & CKF_TOKEN_PRESENT)) + found[numMatches++] = slot->id; + prev_reader = slot->reader; } if (pSlotList == NULL_PTR) { - sc_debug(context, "was only a size inquiry (%d)\n", numMatches); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "was only a size inquiry (%d)\n", numMatches); *pulCount = numMatches; rv = CKR_OK; goto out; } if (*pulCount < numMatches) { - sc_debug(context, "buffer was too small (needed %d)\n", numMatches); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "buffer was too small (needed %d)\n", numMatches); *pulCount = numMatches; rv = CKR_BUFFER_TOO_SMALL; goto out; @@ -380,7 +423,7 @@ *pulCount = numMatches; rv = CKR_OK; - sc_debug(context, "returned %d slots\n", numMatches); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "returned %d slots\n", numMatches); out: if (found != NULL) { @@ -424,25 +467,27 @@ sc_timestamp_t now; CK_RV rv; + if (pInfo == NULL_PTR) + return CKR_ARGUMENTS_BAD; + rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; - if (pInfo == NULL_PTR) { - rv = CKR_ARGUMENTS_BAD; - goto out; - } - - sc_debug(context, "Getting info about slot %d\n", slotID); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_GetSlotInfo(0x%lx)", slotID); rv = slot_get_slot(slotID, &slot); if (rv == CKR_OK){ - now = get_current_time(); - if (now >= card_table[slot->reader].slot_state_expires || now == 0) { - /* Update slot status */ - rv = card_detect(slot->reader); - /* Don't ask again within the next second */ - card_table[slot->reader].slot_state_expires = now + 1000; + if (slot->reader == NULL) + rv = CKR_TOKEN_NOT_PRESENT; + else { + now = get_current_time(); + if (now >= slot->slot_state_expires || now == 0) { + /* Update slot status */ + rv = card_detect(slot->reader); + /* Don't ask again within the next second */ + slot->slot_state_expires = now + 1000; + } } } if (rv == CKR_TOKEN_NOT_PRESENT || rv == CKR_TOKEN_NOT_RECOGNIZED) @@ -451,31 +496,8 @@ if (rv == CKR_OK) memcpy(pInfo, &slot->slot_info, sizeof(CK_SLOT_INFO)); -out: sc_pkcs11_unlock(); - return rv; -} - -CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo) -{ - struct sc_pkcs11_slot *slot; - CK_RV rv; - - rv = sc_pkcs11_lock(); - if (rv != CKR_OK) - return rv; - - if (pInfo == NULL_PTR) { - rv = CKR_ARGUMENTS_BAD; - goto out; - } - - sc_debug(context, "Getting info about token in slot %d\n", slotID); - - rv = slot_get_token(slotID, &slot); - if (rv == CKR_OK) - memcpy(pInfo, &slot->token_info, sizeof(CK_TOKEN_INFO)); - -out: sc_pkcs11_unlock(); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_GetSlotInfo(0x%lx) = %s", slotID, lookup_enum ( RV_T, rv )); + sc_pkcs11_unlock(); return rv; } @@ -486,6 +508,9 @@ struct sc_pkcs11_slot *slot; CK_RV rv; + if (pulCount == NULL_PTR) + return CKR_ARGUMENTS_BAD; + rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; @@ -505,19 +530,18 @@ struct sc_pkcs11_slot *slot; CK_RV rv; + if (pInfo == NULL_PTR) + return CKR_ARGUMENTS_BAD; + rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; - if (pInfo == NULL_PTR) { - rv = CKR_ARGUMENTS_BAD; - goto out; - } rv = slot_get_token(slotID, &slot); if (rv == CKR_OK) rv = sc_pkcs11_get_mechanism_info(slot->card, type, pInfo); -out: sc_pkcs11_unlock(); + sc_pkcs11_unlock(); return rv; } @@ -526,10 +550,10 @@ CK_ULONG ulPinLen, CK_CHAR_PTR pLabel) { - struct sc_pkcs11_pool_item *item; struct sc_pkcs11_session *session; struct sc_pkcs11_slot *slot; CK_RV rv; + unsigned int i; rv = sc_pkcs11_lock(); if (rv != CKR_OK) @@ -538,10 +562,10 @@ rv = slot_get_token(slotID, &slot); if (rv != CKR_OK) goto out; - + /* Make sure there's no open session for this token */ - for (item = session_pool.head; item; item = item->next) { - session = (struct sc_pkcs11_session*) item->item; + for (i=0; islot == slot) { rv = CKR_SESSION_EXISTS; goto out; @@ -568,77 +592,83 @@ CK_SLOT_ID_PTR pSlot, /* location that receives the slot ID */ CK_VOID_PTR pReserved) /* reserved. Should be NULL_PTR */ { - sc_reader_t *reader, *readers[SC_MAX_SLOTS * SC_MAX_READERS]; - int slots[SC_MAX_SLOTS * SC_MAX_READERS]; - int i, j, k, r, found; + sc_reader_t *found; unsigned int mask, events; + void *reader_states = NULL; + CK_SLOT_ID slot_id; CK_RV rv; + int r; + + if (pReserved != NULL_PTR) + return CKR_ARGUMENTS_BAD; - /* Firefox 1.5 (NSS 3.10) calls this function (blocking) from a seperate thread, - * which gives 2 problems: - * - on Windows/Mac: this waiting thread will log to a NULL context - * after the 'main' thread does a C_Finalize() and sets the ctx to NULL. - * - on Linux, things just hang (at least on Debian 'sid') - * So we just return CKR_FUNCTION_NOT_SUPPORTED on a blocking call, - * in which case FF just seems to default to polling in the main thread - * as earlier NSS versions. - */ + sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_WaitForSlotEvent(block=%d)", !(flags & CKF_DONT_BLOCK)); + /* Not all pcsc-lite versions implement consistently used functions as they are */ + /* FIXME: add proper checking into build to check correct pcsc-lite version for SCardStatusChange/SCardCancel */ if (!(flags & CKF_DONT_BLOCK)) return CKR_FUNCTION_NOT_SUPPORTED; - rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; - if (pReserved != NULL_PTR) { - rv = CKR_ARGUMENTS_BAD; - goto out; - } + mask = SC_EVENT_CARD_EVENTS; - mask = SC_EVENT_CARD_INSERTED|SC_EVENT_CARD_REMOVED; + /* Detect and add new slots for added readers v2.20 */ + if (sc_pkcs11_conf.plug_and_play) { + mask |= SC_EVENT_READER_EVENTS; + } - if ((rv = slot_find_changed(pSlot, mask)) == CKR_OK - || (flags & CKF_DONT_BLOCK)) + rv = slot_find_changed(&slot_id, mask); + if ((rv == CKR_OK) || (flags & CKF_DONT_BLOCK)) goto out; - for (i = k = 0; i < (int)sc_ctx_get_reader_count(context); i++) { - reader = sc_ctx_get_reader(context, i); - if (reader == NULL) { - rv = CKR_GENERAL_ERROR; - goto out; - } - for (j = 0; j < reader->slot_count; j++, k++) { - readers[k] = reader; - slots[k] = j; - } - } - again: - /* Check if C_Finalize() has been called in another thread */ - if (context == NULL) - return CKR_CRYPTOKI_NOT_INITIALIZED; - + sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_WaitForSlotEvent() reader_states:%p", reader_states); sc_pkcs11_unlock(); - r = sc_wait_for_event(readers, slots, k, mask, &found, &events, -1); + r = sc_wait_for_event(context, mask, &found, &events, -1, &reader_states); + if (sc_pkcs11_conf.plug_and_play && events & SC_EVENT_READER_ATTACHED) { + /* NSS/Firefox Triggers a C_GetSlotList(NULL) only if a slot ID is returned that it does not know yet + Change the first hotplug slot id on every call to make this happen. */ + sc_pkcs11_slot_t *hotplug_slot = list_get_at(&virtual_slots, 0); + *pSlot= hotplug_slot->id -1; + + rv = sc_pkcs11_lock(); + if (rv != CKR_OK) + return rv; - /* There may have been a C_Finalize while we slept */ - if (context == NULL) + goto out; + } + /* Was C_Finalize called ? */ + if (in_finalize == 1) return CKR_CRYPTOKI_NOT_INITIALIZED; + if ((rv = sc_pkcs11_lock()) != CKR_OK) return rv; if (r != SC_SUCCESS) { - sc_error(context, "sc_wait_for_event() returned %d\n", r); - rv = sc_to_cryptoki_error(r, -1); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "sc_wait_for_event() returned %d\n", r); + rv = sc_to_cryptoki_error(r, "C_WaitForSlotEvent"); goto out; } /* If no changed slot was found (maybe an unsupported card * was inserted/removed) then go waiting again */ - if ((rv = slot_find_changed(pSlot, mask)) != CKR_OK) + rv = slot_find_changed(&slot_id, mask); + if (rv != CKR_OK) goto again; -out: sc_pkcs11_unlock(); +out: + if (pSlot) + *pSlot = slot_id; + + /* Free allocated readers states holder */ + if (reader_states) { + sc_debug(context, SC_LOG_DEBUG_NORMAL, "free reader states"); + sc_wait_for_event(context, 0, NULL, NULL, -1, &reader_states); + } + + sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_WaitForSlotEvent() = %s, event in 0x%lx", lookup_enum (RV_T, rv), *pSlot); + sc_pkcs11_unlock(); return rv; } @@ -649,7 +679,7 @@ CK_RV sc_pkcs11_init_lock(CK_C_INITIALIZE_ARGS_PTR args) { - int rv = CKR_OK; + CK_RV rv = CKR_OK; int applock = 0; int oslock = 0; diff -Nru opensc-0.11.13/src/pkcs11/pkcs11.h opensc-0.12.1/src/pkcs11/pkcs11.h --- opensc-0.11.13/src/pkcs11/pkcs11.h 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/pkcs11/pkcs11.h 2011-05-17 17:07:00.000000000 +0000 @@ -95,7 +95,6 @@ #endif - #ifdef CRYPTOKI_COMPAT /* If we are in compatibility mode, switch all exposed names to the PKCS #11 variant. There are corresponding #undefs below. */ @@ -181,7 +180,6 @@ #endif /* CRYPTOKI_COMPAT */ - typedef unsigned long ck_flags_t; @@ -713,6 +711,12 @@ #define CKF_DERIVE (1UL << 19) #define CKF_EXTENSION (1UL << 31) +#define CKF_EC_F_P (1UL << 20) +#define CKF_EC_F_2M (1UL << 21) +#define CKF_EC_ECPARAMETERS (1UL << 22) +#define CKF_EC_NAMEDCURVE (1UL << 23) +#define CKF_EC_UNCOMPRESES (1UL << 24) +#define CKF_EC_COMPRESS (1UL << 25) /* Flags for C_WaitForSlotEvent. */ #define CKF_DONT_BLOCK (1UL) @@ -1190,7 +1194,6 @@ #define CKR_VENDOR_DEFINED (1UL << 31) - /* Compatibility layer. */ #ifdef CRYPTOKI_COMPAT @@ -1352,7 +1355,6 @@ #endif /* CRYPTOKI_COMPAT */ - /* System dependencies. */ #if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32) #pragma pack(pop, cryptoki) diff -Nru opensc-0.11.13/src/pkcs11/pkcs11-object.c opensc-0.12.1/src/pkcs11/pkcs11-object.c --- opensc-0.11.13/src/pkcs11/pkcs11-object.c 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/pkcs11/pkcs11-object.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,77 +18,141 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +#include "config.h" + #include #include + #include "sc-pkcs11.h" +static void sc_find_release(sc_pkcs11_operation_t *operation); + /* Pseudo mechanism for the Find operation */ -static sc_pkcs11_mechanism_type_t find_mechanism = { - 0, { 0 }, 0, - sizeof(struct sc_pkcs11_find_operation), +static sc_pkcs11_mechanism_type_t find_mechanism = { + 0, /* mech */ + {0,0,0}, /* mech_info */ + 0, /* key_type */ + sizeof(struct sc_pkcs11_find_operation), /* obj_size */ + sc_find_release, /* release */ + NULL, /* md_init */ + NULL, /* md_update */ + NULL, /* md_final */ + NULL, /* sign_init */ + NULL, /* sign_update */ + NULL, /* sign_final */ + NULL, /* sign_size */ +#ifdef ENABLE_OPENSSL + NULL, /* verif_init */ + NULL, /* verif_update */ + NULL, /* verif_final */ +#endif + NULL, /* decrypt_init */ + NULL, /* decrypt */ + NULL /* mech_data */ }; -CK_RV C_CreateObject(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_ATTRIBUTE_PTR pTemplate, /* the object's template */ - CK_ULONG ulCount, /* attributes in template */ - CK_OBJECT_HANDLE_PTR phObject) /* receives new object's handle. */ +static void sc_find_release(sc_pkcs11_operation_t *operation) { + struct sc_pkcs11_find_operation *fop = + (struct sc_pkcs11_find_operation *)operation; + + sc_debug(context, SC_LOG_DEBUG_NORMAL,"freeing %d handles used %d at %p", + fop->allocated_handles, fop->num_handles, fop->handles); + if (fop->handles) { + free(fop->handles); + fop->handles = NULL; + } +} + +static CK_RV get_object_from_session(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, + struct sc_pkcs11_session **session, + struct sc_pkcs11_object **object) +{ + CK_RV rv; + struct sc_pkcs11_session *sess; + rv = get_session(hSession, &sess); + if (rv != CKR_OK) + return rv; + + *object = list_seek(&sess->slot->objects, &hObject); + if (!*object) + return CKR_OBJECT_HANDLE_INVALID; + *session = sess; + return CKR_OK; +} + +CK_RV C_CreateObject(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_ATTRIBUTE_PTR pTemplate, /* the object's template */ + CK_ULONG ulCount, /* attributes in template */ + CK_OBJECT_HANDLE_PTR phObject) +{ /* receives new object's handle. */ + CK_RV rv; struct sc_pkcs11_session *session; struct sc_pkcs11_card *card; - int rv; + + if (pTemplate == NULL_PTR || ulCount == 0) + return CKR_ARGUMENTS_BAD; rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; - dump_template("C_CreateObject()", pTemplate, ulCount); + SC_FUNC_CALLED(context, SC_LOG_DEBUG_VERBOSE); - rv = pool_find(&session_pool, hSession, (void**) &session); - if (rv != CKR_OK) + + dump_template(SC_LOG_DEBUG_NORMAL, "C_CreateObject()", pTemplate, ulCount); + + session = list_seek(&sessions, &hSession); + if (!session) { + rv = CKR_SESSION_HANDLE_INVALID; goto out; + } + + if (!(session->flags & CKF_RW_SESSION)) { + rv = CKR_SESSION_READ_ONLY; + goto out; + } card = session->slot->card; if (card->framework->create_object == NULL) rv = CKR_FUNCTION_NOT_SUPPORTED; else rv = card->framework->create_object(card, session->slot, - pTemplate, ulCount, phObject); + pTemplate, ulCount, phObject); out: sc_pkcs11_unlock(); - return rv; + SC_FUNC_RETURN(context, SC_LOG_DEBUG_VERBOSE, rv); } -CK_RV C_CopyObject(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_OBJECT_HANDLE hObject, /* the object's handle */ - CK_ATTRIBUTE_PTR pTemplate, /* template for new object */ - CK_ULONG ulCount, /* attributes in template */ - CK_OBJECT_HANDLE_PTR phNewObject) /* receives handle of copy */ +CK_RV C_CopyObject(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_OBJECT_HANDLE hObject, /* the object's handle */ + CK_ATTRIBUTE_PTR pTemplate, /* template for new object */ + CK_ULONG ulCount, /* attributes in template */ + CK_OBJECT_HANDLE_PTR phNewObject)/* receives handle of copy */ { return CKR_FUNCTION_NOT_SUPPORTED; } -CK_RV C_DestroyObject(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_OBJECT_HANDLE hObject) /* the object's handle */ -{ +CK_RV C_DestroyObject(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_OBJECT_HANDLE hObject) +{ /* the object's handle */ + CK_RV rv; struct sc_pkcs11_session *session; struct sc_pkcs11_object *object; - char object_name[64]; - int rv; rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; - snprintf(object_name, sizeof(object_name), "C_DestroyObject : Object %lu", - (unsigned long) hObject); - sc_debug( context, object_name ); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_DestroyObject(hSession=0x%lx, hObject=0x%lx)", hSession, hObject); - rv = pool_find(&session_pool, hSession, (void**) &session); + rv = get_object_from_session(hSession, hObject, &session, &object); if (rv != CKR_OK) goto out; - rv = pool_find_and_delete(&session->slot->object_pool, hObject, (void**) &object); - if (rv != CKR_OK) + if (!(session->flags & CKF_RW_SESSION)) { + rv = CKR_SESSION_READ_ONLY; goto out; + } if (object->ops->destroy_object == NULL) rv = CKR_FUNCTION_NOT_SUPPORTED; @@ -99,18 +163,18 @@ return rv; } -CK_RV C_GetObjectSize(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_OBJECT_HANDLE hObject, /* the object's handle */ - CK_ULONG_PTR pulSize) /* receives size of object */ -{ +CK_RV C_GetObjectSize(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_OBJECT_HANDLE hObject, /* the object's handle */ + CK_ULONG_PTR pulSize) +{ /* receives size of object */ return CKR_FUNCTION_NOT_SUPPORTED; } -CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_OBJECT_HANDLE hObject, /* the object's handle */ - CK_ATTRIBUTE_PTR pTemplate, /* specifies attributes, gets values */ - CK_ULONG ulCount) /* attributes in template */ -{ +CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_OBJECT_HANDLE hObject, /* the object's handle */ + CK_ATTRIBUTE_PTR pTemplate, /* specifies attributes, gets values */ + CK_ULONG ulCount) +{ /* attributes in template */ static int precedence[] = { CKR_OK, CKR_BUFFER_TOO_SMALL, @@ -118,43 +182,41 @@ CKR_ATTRIBUTE_SENSITIVE, -1 }; - char object_name[64]; - int j, rv; + char object_name[64]; + int j; + CK_RV rv; struct sc_pkcs11_session *session; struct sc_pkcs11_object *object; - int res, res_type; + int res, res_type; unsigned int i; + if (pTemplate == NULL_PTR || ulCount == 0) + return CKR_ARGUMENTS_BAD; + rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; - rv = pool_find(&session_pool, hSession, (void**) &session); - if (rv != CKR_OK) - goto out; - - rv = pool_find(&session->slot->object_pool, hObject, (void**) &object); + rv = get_object_from_session(hSession, hObject, &session, &object); if (rv != CKR_OK) goto out; /* Debug printf */ - snprintf(object_name, sizeof(object_name), "Object %lu", - (unsigned long) hObject); + snprintf(object_name, sizeof(object_name), "Object %lu", (unsigned long)hObject); res_type = 0; for (i = 0; i < ulCount; i++) { - res = object->ops->get_attribute(session, - object, &pTemplate[i]); + res = object->ops->get_attribute(session, object, &pTemplate[i]); if (res != CKR_OK) - pTemplate[i].ulValueLen = (CK_ULONG) -1; + pTemplate[i].ulValueLen = (CK_ULONG) - 1; - dump_template(object_name, &pTemplate[i], 1); + dump_template(SC_LOG_DEBUG_NORMAL, object_name, &pTemplate[i], 1); /* the pkcs11 spec has complicated rules on * what errors take precedence: - * CKR_ATTRIBUTE_SENSITIVE - * CKR_ATTRIBUTE_INVALID - * CKR_BUFFER_TOO_SMALL + * CKR_ATTRIBUTE_SENSITIVE + * CKR_ATTRIBUTE_INVALID + * CKR_BUFFER_TOO_SMALL * It does not exactly specify how other errors * should be handled - we give them highest * precedence @@ -169,33 +231,39 @@ } } -out: sc_pkcs11_unlock(); +out: sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_GetAttributeValue(hSession=0x%lx, hObject=0x%lx) = %s", + hSession, hObject, lookup_enum ( RV_T, rv )); + sc_pkcs11_unlock(); return rv; } -CK_RV C_SetAttributeValue(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_OBJECT_HANDLE hObject, /* the object's handle */ - CK_ATTRIBUTE_PTR pTemplate, /* specifies attributes and values */ - CK_ULONG ulCount) /* attributes in template */ -{ - int rv; +CK_RV C_SetAttributeValue(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_OBJECT_HANDLE hObject, /* the object's handle */ + CK_ATTRIBUTE_PTR pTemplate, /* specifies attributes and values */ + CK_ULONG ulCount) +{ /* attributes in template */ + CK_RV rv; unsigned int i; struct sc_pkcs11_session *session; struct sc_pkcs11_object *object; + if (pTemplate == NULL_PTR || ulCount == 0) + return CKR_ARGUMENTS_BAD; + rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; - dump_template("C_SetAttributeValue", pTemplate, ulCount); + dump_template(SC_LOG_DEBUG_NORMAL, "C_SetAttributeValue", pTemplate, ulCount); - rv = pool_find(&session_pool, hSession, (void**) &session); + rv = get_object_from_session(hSession, hObject, &session, &object); if (rv != CKR_OK) goto out; - rv = pool_find(&session->slot->object_pool, hObject, (void**) &object); - if (rv != CKR_OK) + if (!(session->flags & CKF_RW_SESSION)) { + rv = CKR_SESSION_READ_ONLY; goto out; + } if (object->ops->set_attribute == NULL) rv = CKR_FUNCTION_NOT_SUPPORTED; @@ -211,60 +279,63 @@ return rv; } -CK_RV C_FindObjectsInit(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_ATTRIBUTE_PTR pTemplate, /* attribute values to match */ - CK_ULONG ulCount) /* attributes in search template */ -{ +CK_RV C_FindObjectsInit(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_ATTRIBUTE_PTR pTemplate, /* attribute values to match */ + CK_ULONG ulCount) +{ /* attributes in search template */ + CK_RV rv; CK_BBOOL is_private = TRUE; CK_ATTRIBUTE private_attribute = { CKA_PRIVATE, &is_private, sizeof(is_private) }; - - int rv, match, hide_private; - unsigned int j; + int match, hide_private; + unsigned int i, j; struct sc_pkcs11_session *session; struct sc_pkcs11_object *object; struct sc_pkcs11_find_operation *operation; - struct sc_pkcs11_pool_item *item; struct sc_pkcs11_slot *slot; + if (pTemplate == NULL_PTR && ulCount > 0) + return CKR_ARGUMENTS_BAD; + rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; - rv = pool_find(&session_pool, hSession, (void**) &session); + rv = get_session(hSession, &session); if (rv != CKR_OK) goto out; - sc_debug(context, "C_FindObjectsInit(slot = %d)\n", session->slot->id); - dump_template("C_FindObjectsInit()", pTemplate, ulCount); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_FindObjectsInit(slot = %d)\n", session->slot->id); + dump_template(SC_LOG_DEBUG_NORMAL, "C_FindObjectsInit()", pTemplate, ulCount); rv = session_start_operation(session, SC_PKCS11_OPERATION_FIND, - &find_mechanism, - (struct sc_pkcs11_operation**) &operation); + &find_mechanism, (struct sc_pkcs11_operation **)&operation); if (rv != CKR_OK) goto out; operation->current_handle = 0; operation->num_handles = 0; + operation->allocated_handles = 0; + operation->handles = NULL; slot = session->slot; /* Check whether we should hide private objects */ hide_private = 0; - if (slot->login_user != CKU_USER - && (slot->token_info.flags & CKF_LOGIN_REQUIRED)) + if (slot->login_user != CKU_USER && (slot->token_info.flags & CKF_LOGIN_REQUIRED)) hide_private = 1; - + /* For each object in token do */ - for (item = slot->object_pool.head; item != NULL; item = item->next) { - object = (struct sc_pkcs11_object*) item->item; + for (i=0; iobjects); i++) { + object = (struct sc_pkcs11_object *)list_get_at(&slot->objects, i); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "Object with handle 0x%lx", object->handle); - /* User not logged in and private object? */ + /* User not logged in and private object? */ if (hide_private) { if (object->ops->get_attribute(session, object, &private_attribute) != CKR_OK) - continue; + continue; if (is_private) { - sc_debug(context, "Object %d/%d: Private object and not logged in.\n", - slot->id, - item->handle); + sc_debug(context, SC_LOG_DEBUG_NORMAL, + "Object %d/%d: Private object and not logged in.\n", + slot->id, object->handle); continue; } } @@ -272,68 +343,73 @@ /* Try to match every attribute */ match = 1; for (j = 0; j < ulCount; j++) { - rv = object->ops->cmp_attribute(session, object, - &pTemplate[j]); + rv = object->ops->cmp_attribute(session, object, &pTemplate[j]); if (rv == 0) { - if (context->debug >= 4) { - sc_debug(context, "Object %d/%d: Attribute 0x%x does NOT match.\n", - slot->id, - item->handle, pTemplate[j].type); - } + sc_debug(context, SC_LOG_DEBUG_NORMAL, + "Object %d/%d: Attribute 0x%x does NOT match.\n", + slot->id, object->handle, pTemplate[j].type); match = 0; break; } if (context->debug >= 4) { - sc_debug(context, "Object %d/%d: Attribute 0x%x matches.\n", - slot->id, - item->handle, pTemplate[j].type); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "Object %d/%d: Attribute 0x%x matches.\n", + slot->id, object->handle, pTemplate[j].type); } } if (match) { - sc_debug(context, "Object %d/%d matches\n", - slot->id, item->handle); - /* Avoid buffer overflow --okir */ - if (operation->num_handles >= SC_PKCS11_FIND_MAX_HANDLES) { - sc_debug(context, "Too many matching objects\n"); - break; + sc_debug(context, SC_LOG_DEBUG_NORMAL, "Object %d/%d matches\n", slot->id, object->handle); + /* Realloc handles - remove restriction on only 32 matching objects -dee */ + if (operation->num_handles >= operation->allocated_handles) { + operation->allocated_handles += SC_PKCS11_FIND_INC_HANDLES; + sc_debug(context, SC_LOG_DEBUG_NORMAL, "realloc for %d handles", + operation->allocated_handles); + operation->handles = realloc(operation->handles, + sizeof(CK_OBJECT_HANDLE) * operation->allocated_handles); + if (operation->handles == NULL) { + rv = CKR_HOST_MEMORY; + break; + } } - operation->handles[operation->num_handles++] = item->handle; + operation->handles[operation->num_handles++] = object->handle; } } rv = CKR_OK; - sc_debug(context, "%d matching objects\n", operation->num_handles); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "%d matching objects\n", operation->num_handles); out: sc_pkcs11_unlock(); return rv; } -CK_RV C_FindObjects(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_OBJECT_HANDLE_PTR phObject, /* receives object handle array */ - CK_ULONG ulMaxObjectCount, /* max handles to be returned */ - CK_ULONG_PTR pulObjectCount) /* actual number returned */ -{ - int rv; +CK_RV C_FindObjects(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_OBJECT_HANDLE_PTR phObject, /* receives object handle array */ + CK_ULONG ulMaxObjectCount, /* max handles to be returned */ + CK_ULONG_PTR pulObjectCount) +{ /* actual number returned */ + CK_RV rv; CK_ULONG to_return; struct sc_pkcs11_session *session; struct sc_pkcs11_find_operation *operation; + if (phObject == NULL_PTR || ulMaxObjectCount == 0 || pulObjectCount == NULL_PTR) + return CKR_ARGUMENTS_BAD; + rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; - rv = pool_find(&session_pool, hSession, (void**) &session); + rv = get_session(hSession, &session); if (rv != CKR_OK) goto out; rv = session_get_operation(session, SC_PKCS11_OPERATION_FIND, - (sc_pkcs11_operation_t **) &operation); + (sc_pkcs11_operation_t **) & operation); if (rv != CKR_OK) goto out; - to_return = (CK_ULONG)operation->num_handles - operation->current_handle; + to_return = (CK_ULONG) operation->num_handles - operation->current_handle; if (to_return > ulMaxObjectCount) to_return = ulMaxObjectCount; @@ -349,16 +425,16 @@ return rv; } -CK_RV C_FindObjectsFinal(CK_SESSION_HANDLE hSession) /* the session's handle */ -{ - int rv; +CK_RV C_FindObjectsFinal(CK_SESSION_HANDLE hSession) +{ /* the session's handle */ + CK_RV rv; struct sc_pkcs11_session *session; rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; - rv = pool_find(&session_pool, hSession, (void**) &session); + rv = get_session(hSession, &session); if (rv != CKR_OK) goto out; @@ -375,39 +451,44 @@ * handling to appropriate object layer. */ -CK_RV C_DigestInit(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_MECHANISM_PTR pMechanism) /* the digesting mechanism */ -{ - int rv; +CK_RV C_DigestInit(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism) +{ /* the digesting mechanism */ + CK_RV rv; struct sc_pkcs11_session *session; + if (pMechanism == NULL_PTR) + return CKR_ARGUMENTS_BAD; + rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; - rv = pool_find(&session_pool, hSession, (void**) &session); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_DigestInit(hSession=0x%lx)", hSession); + rv = get_session(hSession, &session); if (rv == CKR_OK) rv = sc_pkcs11_md_init(session, pMechanism); - sc_debug(context, "C_DigestInit returns %d\n", rv); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_DigestInit() = %s", lookup_enum ( RV_T, rv )); sc_pkcs11_unlock(); return rv; } -CK_RV C_Digest(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pData, /* data to be digested */ - CK_ULONG ulDataLen, /* bytes of data to be digested */ - CK_BYTE_PTR pDigest, /* receives the message digest */ - CK_ULONG_PTR pulDigestLen) /* receives byte length of digest */ -{ - int rv; +CK_RV C_Digest(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pData, /* data to be digested */ + CK_ULONG ulDataLen, /* bytes of data to be digested */ + CK_BYTE_PTR pDigest, /* receives the message digest */ + CK_ULONG_PTR pulDigestLen) +{ /* receives byte length of digest */ + CK_RV rv; struct sc_pkcs11_session *session; rv = sc_pkcs11_lock(); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_Digest(hSession=0x%lx)", hSession); if (rv != CKR_OK) return rv; - rv = pool_find(&session_pool, hSession, (void**) &session); + rv = get_session(hSession, &session); if (rv != CKR_OK) goto out; @@ -415,81 +496,82 @@ if (rv == CKR_OK) rv = sc_pkcs11_md_final(session, pDigest, pulDigestLen); -out: sc_debug(context, "C_Digest returns %d\n", rv); +out: sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_Digest() = %s", lookup_enum ( RV_T, rv )); sc_pkcs11_unlock(); - return rv; } -CK_RV C_DigestUpdate(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pPart, /* data to be digested */ - CK_ULONG ulPartLen) /* bytes of data to be digested */ -{ - int rv; +CK_RV C_DigestUpdate(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pPart, /* data to be digested */ + CK_ULONG ulPartLen) +{ /* bytes of data to be digested */ + CK_RV rv; struct sc_pkcs11_session *session; rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; - rv = pool_find(&session_pool, hSession, (void**) &session); + rv = get_session(hSession, &session); if (rv == CKR_OK) rv = sc_pkcs11_md_update(session, pPart, ulPartLen); - sc_debug(context, "C_DigestUpdate returns %d\n", rv); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_DigestUpdate() == %s", lookup_enum ( RV_T, rv )); sc_pkcs11_unlock(); return rv; } -CK_RV C_DigestKey(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_OBJECT_HANDLE hKey) /* handle of secret key to digest */ -{ +CK_RV C_DigestKey(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_OBJECT_HANDLE hKey) +{ /* handle of secret key to digest */ return CKR_FUNCTION_NOT_SUPPORTED; } -CK_RV C_DigestFinal(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pDigest, /* receives the message digest */ - CK_ULONG_PTR pulDigestLen) /* receives byte count of digest */ -{ - int rv; +CK_RV C_DigestFinal(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pDigest, /* receives the message digest */ + CK_ULONG_PTR pulDigestLen) +{ /* receives byte count of digest */ + CK_RV rv; struct sc_pkcs11_session *session; rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; - rv = pool_find(&session_pool, hSession, (void**) &session); + rv = get_session(hSession, &session); if (rv == CKR_OK) rv = sc_pkcs11_md_final(session, pDigest, pulDigestLen); - sc_debug(context, "C_DigestFinal returns %d\n", rv); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_DigestFinal() = %s", lookup_enum ( RV_T, rv )); sc_pkcs11_unlock(); return rv; } -CK_RV C_SignInit(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_MECHANISM_PTR pMechanism, /* the signature mechanism */ - CK_OBJECT_HANDLE hKey) /* handle of the signature key */ -{ +CK_RV C_SignInit(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism, /* the signature mechanism */ + CK_OBJECT_HANDLE hKey) +{ /* handle of the signature key */ + CK_RV rv; CK_BBOOL can_sign; CK_KEY_TYPE key_type; CK_ATTRIBUTE sign_attribute = { CKA_SIGN, &can_sign, sizeof(can_sign) }; CK_ATTRIBUTE key_type_attr = { CKA_KEY_TYPE, &key_type, sizeof(key_type) }; struct sc_pkcs11_session *session; struct sc_pkcs11_object *object; - int rv; + + if (pMechanism == NULL_PTR) + return CKR_ARGUMENTS_BAD; rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; - rv = pool_find(&session_pool, hSession, (void**) &session); - if (rv != CKR_OK) - goto out; - - rv = pool_find(&session->slot->object_pool, hKey, (void**) &object); - if (rv != CKR_OK) + rv = get_object_from_session(hSession, hKey, &session, &object); + if (rv != CKR_OK) { + if (rv == CKR_OBJECT_HANDLE_INVALID) + rv = CKR_KEY_HANDLE_INVALID; goto out; + } if (object->ops->sign == NULL_PTR) { rv = CKR_KEY_TYPE_INCONSISTENT; @@ -509,19 +591,18 @@ rv = sc_pkcs11_sign_init(session, pMechanism, object, key_type); -out: sc_debug(context, "Sign initialization returns %d\n", rv); +out: sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_SignInit() = %s", lookup_enum ( RV_T, rv )); sc_pkcs11_unlock(); - return rv; } -CK_RV C_Sign(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pData, /* the data (digest) to be signed */ - CK_ULONG ulDataLen, /* count of bytes to be signed */ - CK_BYTE_PTR pSignature, /* receives the signature */ - CK_ULONG_PTR pulSignatureLen) /* receives byte count of signature */ -{ - int rv; +CK_RV C_Sign(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pData, /* the data (digest) to be signed */ + CK_ULONG ulDataLen, /* count of bytes to be signed */ + CK_BYTE_PTR pSignature, /* receives the signature */ + CK_ULONG_PTR pulSignatureLen) +{ /* receives byte count of signature */ + CK_RV rv; struct sc_pkcs11_session *session; CK_ULONG length; @@ -529,7 +610,7 @@ if (rv != CKR_OK) return rv; - rv = pool_find(&session_pool, hSession, (void**) &session); + rv = get_session(hSession, &session); if (rv != CKR_OK) goto out; @@ -543,7 +624,7 @@ if (pSignature == NULL || length > *pulSignatureLen) { *pulSignatureLen = length; - rv = pSignature? CKR_BUFFER_TOO_SMALL : CKR_OK; + rv = pSignature ? CKR_BUFFER_TOO_SMALL : CKR_OK; goto out; } @@ -551,44 +632,44 @@ if (rv == CKR_OK) rv = sc_pkcs11_sign_final(session, pSignature, pulSignatureLen); -out: sc_debug(context, "Signing result was %d\n", rv); +out: sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_Sign() = %s", lookup_enum ( RV_T, rv )); sc_pkcs11_unlock(); return rv; } -CK_RV C_SignUpdate(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pPart, /* the data (digest) to be signed */ - CK_ULONG ulPartLen) /* count of bytes to be signed */ -{ +CK_RV C_SignUpdate(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pPart, /* the data (digest) to be signed */ + CK_ULONG ulPartLen) +{ /* count of bytes to be signed */ + CK_RV rv; struct sc_pkcs11_session *session; - int rv; rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; - rv = pool_find(&session_pool, hSession, (void**) &session); + rv = get_session(hSession, &session); if (rv == CKR_OK) rv = sc_pkcs11_sign_update(session, pPart, ulPartLen); - sc_debug(context, "C_SignUpdate returns %d\n", rv); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_SignUpdate() = %s", lookup_enum ( RV_T, rv )); sc_pkcs11_unlock(); return rv; } -CK_RV C_SignFinal(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pSignature, /* receives the signature */ - CK_ULONG_PTR pulSignatureLen) /* receives byte count of signature */ -{ +CK_RV C_SignFinal(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pSignature, /* receives the signature */ + CK_ULONG_PTR pulSignatureLen) +{ /* receives byte count of signature */ struct sc_pkcs11_session *session; CK_ULONG length; - int rv; + CK_RV rv; rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; - rv = pool_find(&session_pool, hSession, (void**) &session); + rv = get_session(hSession, &session); if (rv != CKR_OK) goto out; @@ -602,40 +683,44 @@ if (pSignature == NULL || length > *pulSignatureLen) { *pulSignatureLen = length; - rv = pSignature? CKR_BUFFER_TOO_SMALL : CKR_OK; + rv = pSignature ? CKR_BUFFER_TOO_SMALL : CKR_OK; } else { rv = sc_pkcs11_sign_final(session, pSignature, pulSignatureLen); } -out: sc_debug(context, "C_SignFinal returns %d\n", rv); +out: sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_SignFinal() = %s", lookup_enum ( RV_T, rv )); sc_pkcs11_unlock(); - return rv; } -CK_RV C_SignRecoverInit(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_MECHANISM_PTR pMechanism, /* the signature mechanism */ - CK_OBJECT_HANDLE hKey) /* handle of the signature key */ -{ +CK_RV C_SignRecoverInit(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism, /* the signature mechanism */ + CK_OBJECT_HANDLE hKey) +{ /* handle of the signature key */ + CK_RV rv; CK_BBOOL can_sign; CK_KEY_TYPE key_type; CK_ATTRIBUTE sign_attribute = { CKA_SIGN, &can_sign, sizeof(can_sign) }; CK_ATTRIBUTE key_type_attr = { CKA_KEY_TYPE, &key_type, sizeof(key_type) }; struct sc_pkcs11_session *session; struct sc_pkcs11_object *object; - int rv; + + /* FIXME #47: C_SignRecover is not implemented */ + return CKR_FUNCTION_NOT_SUPPORTED; + + if (pMechanism == NULL_PTR) + return CKR_ARGUMENTS_BAD; rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; - rv = pool_find(&session_pool, hSession, (void**) &session); - if (rv != CKR_OK) - goto out; - - rv = pool_find(&session->slot->object_pool, hKey, (void**) &object); - if (rv != CKR_OK) + rv = get_object_from_session(hSession, hKey, &session, &object); + if (rv != CKR_OK) { + if (rv == CKR_OBJECT_HANDLE_INVALID) + rv = CKR_KEY_HANDLE_INVALID; goto out; + } if (object->ops->sign == NULL_PTR) { rv = CKR_KEY_TYPE_INCONSISTENT; @@ -655,79 +740,81 @@ /* XXX: need to tell the signature algorithm that we want * to recover the signature */ - sc_debug(context, "SignRecover operation initialized\n"); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "SignRecover operation initialized\n"); rv = sc_pkcs11_sign_init(session, pMechanism, object, key_type); -out: sc_debug(context, "Sign initialization returns %d\n", rv); +out: sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_SignRecoverInit() = %sn", lookup_enum ( RV_T, rv )); sc_pkcs11_unlock(); return rv; } -CK_RV C_SignRecover(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pData, /* the data (digest) to be signed */ - CK_ULONG ulDataLen, /* count of bytes to be signed */ - CK_BYTE_PTR pSignature, /* receives the signature */ - CK_ULONG_PTR pulSignatureLen) /* receives byte count of signature */ -{ +CK_RV C_SignRecover(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pData, /* the data (digest) to be signed */ + CK_ULONG ulDataLen, /* count of bytes to be signed */ + CK_BYTE_PTR pSignature, /* receives the signature */ + CK_ULONG_PTR pulSignatureLen) +{ /* receives byte count of signature */ return CKR_FUNCTION_NOT_SUPPORTED; } -CK_RV C_EncryptInit(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_MECHANISM_PTR pMechanism, /* the encryption mechanism */ - CK_OBJECT_HANDLE hKey) /* handle of encryption key */ -{ +CK_RV C_EncryptInit(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism, /* the encryption mechanism */ + CK_OBJECT_HANDLE hKey) +{ /* handle of encryption key */ return CKR_FUNCTION_NOT_SUPPORTED; } -CK_RV C_Encrypt(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pData, /* the plaintext data */ - CK_ULONG ulDataLen, /* bytes of plaintext data */ - CK_BYTE_PTR pEncryptedData, /* receives encrypted data */ - CK_ULONG_PTR pulEncryptedDataLen) /* receives encrypted byte count */ -{ +CK_RV C_Encrypt(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pData, /* the plaintext data */ + CK_ULONG ulDataLen, /* bytes of plaintext data */ + CK_BYTE_PTR pEncryptedData, /* receives encrypted data */ + CK_ULONG_PTR pulEncryptedDataLen) +{ /* receives encrypted byte count */ return CKR_FUNCTION_NOT_SUPPORTED; } -CK_RV C_EncryptUpdate(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pPart, /* the plaintext data */ - CK_ULONG ulPartLen, /* bytes of plaintext data */ - CK_BYTE_PTR pEncryptedPart, /* receives encrypted data */ - CK_ULONG_PTR pulEncryptedPartLen)/* receives encrypted byte count */ -{ +CK_RV C_EncryptUpdate(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pPart, /* the plaintext data */ + CK_ULONG ulPartLen, /* bytes of plaintext data */ + CK_BYTE_PTR pEncryptedPart, /* receives encrypted data */ + CK_ULONG_PTR pulEncryptedPartLen) +{ /* receives encrypted byte count */ return CKR_FUNCTION_NOT_SUPPORTED; } -CK_RV C_EncryptFinal(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pLastEncryptedPart, /* receives encrypted last part */ - CK_ULONG_PTR pulLastEncryptedPartLen) /* receives byte count */ -{ +CK_RV C_EncryptFinal(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pLastEncryptedPart, /* receives encrypted last part */ + CK_ULONG_PTR pulLastEncryptedPartLen) +{ /* receives byte count */ return CKR_FUNCTION_NOT_SUPPORTED; } -CK_RV C_DecryptInit(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_MECHANISM_PTR pMechanism, /* the decryption mechanism */ - CK_OBJECT_HANDLE hKey) /* handle of the decryption key */ -{ +CK_RV C_DecryptInit(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism, /* the decryption mechanism */ + CK_OBJECT_HANDLE hKey) +{ /* handle of the decryption key */ + CK_RV rv; CK_BBOOL can_decrypt; CK_KEY_TYPE key_type; CK_ATTRIBUTE decrypt_attribute = { CKA_DECRYPT, &can_decrypt, sizeof(can_decrypt) }; CK_ATTRIBUTE key_type_attr = { CKA_KEY_TYPE, &key_type, sizeof(key_type) }; struct sc_pkcs11_session *session; struct sc_pkcs11_object *object; - int rv; + + if (pMechanism == NULL_PTR) + return CKR_ARGUMENTS_BAD; rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; - rv = pool_find(&session_pool, hSession, (void**) &session); - if (rv != CKR_OK) - goto out; - - rv = pool_find(&session->slot->object_pool, hKey, (void**) &object); - if (rv != CKR_OK) + rv = get_object_from_session(hSession, hKey, &session, &object); + if (rv != CKR_OK) { + if (rv == CKR_OBJECT_HANDLE_INVALID) + rv = CKR_KEY_HANDLE_INVALID; goto out; + } if (object->ops->decrypt == NULL_PTR) { rv = CKR_KEY_TYPE_INCONSISTENT; @@ -747,240 +834,198 @@ rv = sc_pkcs11_decr_init(session, pMechanism, object, key_type); -out: sc_debug(context, "Decrypt initialization returns %d\n", rv); +out: sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_DecryptInit() = %s", lookup_enum ( RV_T, rv )); sc_pkcs11_unlock(); - return rv; } -CK_RV C_Decrypt(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pEncryptedData, /* input encrypted data */ - CK_ULONG ulEncryptedDataLen, /* count of bytes of input */ - CK_BYTE_PTR pData, /* receives decrypted output */ - CK_ULONG_PTR pulDataLen) /* receives decrypted byte count */ -{ - int rv; +CK_RV C_Decrypt(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pEncryptedData, /* input encrypted data */ + CK_ULONG ulEncryptedDataLen, /* count of bytes of input */ + CK_BYTE_PTR pData, /* receives decrypted output */ + CK_ULONG_PTR pulDataLen) +{ /* receives decrypted byte count */ + CK_RV rv; struct sc_pkcs11_session *session; rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; - rv = pool_find(&session_pool, hSession, (void**) &session); - if (rv != CKR_OK) - goto out; - - rv = sc_pkcs11_decr(session, pEncryptedData, ulEncryptedDataLen, - pData, pulDataLen); + rv = get_session(hSession, &session); + if (rv == CKR_OK) + rv = sc_pkcs11_decr(session, pEncryptedData, ulEncryptedDataLen, + pData, pulDataLen); -out: sc_debug(context, "Decryption result was %d\n", rv); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_Decrypt() = %s", lookup_enum ( RV_T, rv )); sc_pkcs11_unlock(); return rv; } -CK_RV C_DecryptUpdate(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pEncryptedPart, /* input encrypted data */ - CK_ULONG ulEncryptedPartLen, /* count of bytes of input */ - CK_BYTE_PTR pPart, /* receives decrypted output */ - CK_ULONG_PTR pulPartLen) /* receives decrypted byte count */ -{ +CK_RV C_DecryptUpdate(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pEncryptedPart, /* input encrypted data */ + CK_ULONG ulEncryptedPartLen, /* count of bytes of input */ + CK_BYTE_PTR pPart, /* receives decrypted output */ + CK_ULONG_PTR pulPartLen) +{ /* receives decrypted byte count */ return CKR_FUNCTION_NOT_SUPPORTED; } -CK_RV C_DecryptFinal(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pLastPart, /* receives decrypted output */ - CK_ULONG_PTR pulLastPartLen) /* receives decrypted byte count */ -{ +CK_RV C_DecryptFinal(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pLastPart, /* receives decrypted output */ + CK_ULONG_PTR pulLastPartLen) +{ /* receives decrypted byte count */ return CKR_FUNCTION_NOT_SUPPORTED; } -CK_RV C_DigestEncryptUpdate(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pPart, /* the plaintext data */ - CK_ULONG ulPartLen, /* bytes of plaintext data */ - CK_BYTE_PTR pEncryptedPart, /* receives encrypted data */ - CK_ULONG_PTR pulEncryptedPartLen) /* receives encrypted byte count */ -{ +CK_RV C_DigestEncryptUpdate(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pPart, /* the plaintext data */ + CK_ULONG ulPartLen, /* bytes of plaintext data */ + CK_BYTE_PTR pEncryptedPart, /* receives encrypted data */ + CK_ULONG_PTR pulEncryptedPartLen) +{ /* receives encrypted byte count */ return CKR_FUNCTION_NOT_SUPPORTED; } -CK_RV C_DecryptDigestUpdate(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pEncryptedPart, /* input encrypted data */ - CK_ULONG ulEncryptedPartLen, /* count of bytes of input */ - CK_BYTE_PTR pPart, /* receives decrypted output */ - CK_ULONG_PTR pulPartLen) /* receives decrypted byte count */ -{ +CK_RV C_DecryptDigestUpdate(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pEncryptedPart, /* input encrypted data */ + CK_ULONG ulEncryptedPartLen, /* count of bytes of input */ + CK_BYTE_PTR pPart, /* receives decrypted output */ + CK_ULONG_PTR pulPartLen) +{ /* receives decrypted byte count */ return CKR_FUNCTION_NOT_SUPPORTED; } -CK_RV C_SignEncryptUpdate(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pPart, /* the plaintext data */ - CK_ULONG ulPartLen, /* bytes of plaintext data */ - CK_BYTE_PTR pEncryptedPart, /* receives encrypted data */ - CK_ULONG_PTR pulEncryptedPartLen) /* receives encrypted byte count */ -{ +CK_RV C_SignEncryptUpdate(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pPart, /* the plaintext data */ + CK_ULONG ulPartLen, /* bytes of plaintext data */ + CK_BYTE_PTR pEncryptedPart, /* receives encrypted data */ + CK_ULONG_PTR pulEncryptedPartLen) +{ /* receives encrypted byte count */ return CKR_FUNCTION_NOT_SUPPORTED; } -CK_RV C_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pEncryptedPart, /* input encrypted data */ - CK_ULONG ulEncryptedPartLen, /* count of byes of input */ - CK_BYTE_PTR pPart, /* receives decrypted output */ - CK_ULONG_PTR pulPartLen) /* receives decrypted byte count */ -{ +CK_RV C_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pEncryptedPart, /* input encrypted data */ + CK_ULONG ulEncryptedPartLen, /* count of byes of input */ + CK_BYTE_PTR pPart, /* receives decrypted output */ + CK_ULONG_PTR pulPartLen) +{ /* receives decrypted byte count */ return CKR_FUNCTION_NOT_SUPPORTED; } -CK_RV C_GenerateKey(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_MECHANISM_PTR pMechanism, /* the key generation mechanism */ - CK_ATTRIBUTE_PTR pTemplate, /* template for the new key */ - CK_ULONG ulCount, /* number of attributes in template */ - CK_OBJECT_HANDLE_PTR phKey) /* receives handle of new key */ -{ +CK_RV C_GenerateKey(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism, /* the key generation mechanism */ + CK_ATTRIBUTE_PTR pTemplate, /* template for the new key */ + CK_ULONG ulCount, /* number of attributes in template */ + CK_OBJECT_HANDLE_PTR phKey) +{ /* receives handle of new key */ return CKR_FUNCTION_NOT_SUPPORTED; } -CK_RV C_GenerateKeyPair(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_MECHANISM_PTR pMechanism, /* the key gen. mech. */ - CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* pub. attr. template */ - CK_ULONG ulPublicKeyAttributeCount, /* # of pub. attrs. */ - CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* priv. attr. template */ - CK_ULONG ulPrivateKeyAttributeCount, /* # of priv. attrs. */ - CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub. key handle */ - CK_OBJECT_HANDLE_PTR phPrivateKey) /* gets priv. key handle */ -{ +CK_RV C_GenerateKeyPair(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism, /* the key gen. mech. */ + CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* pub. attr. template */ + CK_ULONG ulPublicKeyAttributeCount, /* # of pub. attrs. */ + CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* priv. attr. template */ + CK_ULONG ulPrivateKeyAttributeCount, /* # of priv. attrs. */ + CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub. key handle */ + CK_OBJECT_HANDLE_PTR phPrivateKey) +{ /* gets priv. key handle */ + CK_RV rv; struct sc_pkcs11_session *session; struct sc_pkcs11_slot *slot; - int rv; + + if (pMechanism == NULL_PTR + || (pPublicKeyTemplate == NULL_PTR && ulPublicKeyAttributeCount > 0) + || (pPrivateKeyTemplate == NULL_PTR && ulPrivateKeyAttributeCount > 0)) + return CKR_ARGUMENTS_BAD; rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; - dump_template("C_CreateObject(), PrivKey attrs", pPrivateKeyTemplate, ulPrivateKeyAttributeCount); - dump_template("C_CreateObject(), PubKey attrs", pPublicKeyTemplate, ulPublicKeyAttributeCount); - rv = pool_find(&session_pool, hSession, (void**) &session); + dump_template(SC_LOG_DEBUG_NORMAL, "C_GenerateKeyPair(), PrivKey attrs", pPrivateKeyTemplate, ulPrivateKeyAttributeCount); + dump_template(SC_LOG_DEBUG_NORMAL, "C_GenerateKeyPair(), PubKey attrs", pPublicKeyTemplate, ulPublicKeyAttributeCount); + + rv = get_session(hSession, &session); if (rv != CKR_OK) goto out; + if (!(session->flags & CKF_RW_SESSION)) { + rv = CKR_SESSION_READ_ONLY; + goto out; + } + slot = session->slot; if (slot->card->framework->gen_keypair == NULL) { rv = CKR_FUNCTION_NOT_SUPPORTED; } else { rv = slot->card->framework->gen_keypair(slot->card, slot, - pMechanism, pPublicKeyTemplate, ulPublicKeyAttributeCount, - pPrivateKeyTemplate, ulPrivateKeyAttributeCount, - phPublicKey, phPrivateKey); + pMechanism, pPublicKeyTemplate, + ulPublicKeyAttributeCount, + pPrivateKeyTemplate, + ulPrivateKeyAttributeCount, phPublicKey, + phPrivateKey); } out: sc_pkcs11_unlock(); return rv; } -CK_RV C_WrapKey(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_MECHANISM_PTR pMechanism, /* the wrapping mechanism */ - CK_OBJECT_HANDLE hWrappingKey, /* handle of the wrapping key */ - CK_OBJECT_HANDLE hKey, /* handle of the key to be wrapped */ - CK_BYTE_PTR pWrappedKey, /* receives the wrapped key */ - CK_ULONG_PTR pulWrappedKeyLen)/* receives byte size of wrapped key */ -{ +CK_RV C_WrapKey(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism, /* the wrapping mechanism */ + CK_OBJECT_HANDLE hWrappingKey, /* handle of the wrapping key */ + CK_OBJECT_HANDLE hKey, /* handle of the key to be wrapped */ + CK_BYTE_PTR pWrappedKey, /* receives the wrapped key */ + CK_ULONG_PTR pulWrappedKeyLen) +{ /* receives byte size of wrapped key */ return CKR_FUNCTION_NOT_SUPPORTED; } -CK_RV C_UnwrapKey(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_MECHANISM_PTR pMechanism, /* the unwrapping mechanism */ - CK_OBJECT_HANDLE hUnwrappingKey, /* handle of the unwrapping key */ - CK_BYTE_PTR pWrappedKey, /* the wrapped key */ - CK_ULONG ulWrappedKeyLen, /* bytes length of wrapped key */ - CK_ATTRIBUTE_PTR pTemplate, /* template for the new key */ - CK_ULONG ulAttributeCount, /* # of attributes in template */ - CK_OBJECT_HANDLE_PTR phKey) /* gets handle of recovered key */ -{ - struct sc_pkcs11_session *session; - struct sc_pkcs11_object *object, *result; - int rv; - - rv = sc_pkcs11_lock(); - if (rv != CKR_OK) - return rv; - - rv = pool_find(&session_pool, hSession, (void**) &session); - if (rv != CKR_OK) - goto out; - - rv = pool_find(&session->slot->object_pool, hUnwrappingKey, - (void**) &object); - if (rv != CKR_OK) - goto out; - - if (object->ops->sign == NULL_PTR) { - rv = CKR_KEY_TYPE_INCONSISTENT; - goto out; - } - - rv = object->ops->unwrap_key(session, object, pMechanism, - pWrappedKey, ulWrappedKeyLen, - pTemplate, ulAttributeCount, - (void **) &result); - - sc_debug(context, "Unwrapping result was %d\n", rv); - - if (rv == CKR_OK) - rv = pool_insert(&session->slot->object_pool, result, phKey); - -out: sc_pkcs11_unlock(); - return rv; -} - -CK_RV C_DeriveKey(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_MECHANISM_PTR pMechanism, /* the key derivation mechanism */ - CK_OBJECT_HANDLE hBaseKey, /* handle of the base key */ - CK_ATTRIBUTE_PTR pTemplate, /* template for the new key */ - CK_ULONG ulAttributeCount, /* # of attributes in template */ - CK_OBJECT_HANDLE_PTR phKey) /* gets handle of derived key */ -{ +CK_RV C_UnwrapKey(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism, /* the unwrapping mechanism */ + CK_OBJECT_HANDLE hUnwrappingKey, /* handle of the unwrapping key */ + CK_BYTE_PTR pWrappedKey, /* the wrapped key */ + CK_ULONG ulWrappedKeyLen, /* bytes length of wrapped key */ + CK_ATTRIBUTE_PTR pTemplate, /* template for the new key */ + CK_ULONG ulAttributeCount, /* # of attributes in template */ + CK_OBJECT_HANDLE_PTR phKey) +{ /* gets handle of recovered key */ return CKR_FUNCTION_NOT_SUPPORTED; } -CK_RV C_SeedRandom(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pSeed, /* the seed material */ - CK_ULONG ulSeedLen) /* count of bytes of seed material */ -{ - struct sc_pkcs11_session *session; - struct sc_pkcs11_slot *slot; - int rv; - - rv = sc_pkcs11_lock(); - if (rv != CKR_OK) - return rv; - - rv = pool_find(&session_pool, hSession, (void**) &session); - if (rv == CKR_OK) { - slot = session->slot; - if (slot->card->framework->get_random == NULL) - rv = CKR_RANDOM_NO_RNG; - else if (slot->card->framework->seed_random == NULL) - rv = CKR_RANDOM_SEED_NOT_SUPPORTED; - else - rv = slot->card->framework->seed_random(slot->card, pSeed, ulSeedLen); - } - - sc_pkcs11_unlock(); - return rv; +CK_RV C_DeriveKey(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism, /* the key derivation mechanism */ + CK_OBJECT_HANDLE hBaseKey, /* handle of the base key */ + CK_ATTRIBUTE_PTR pTemplate, /* template for the new key */ + CK_ULONG ulAttributeCount, /* # of attributes in template */ + CK_OBJECT_HANDLE_PTR phKey) +{ /* gets handle of derived key */ +/* TODO: -DEE ECDH with Cofactor on PIV is an example */ + return CKR_FUNCTION_NOT_SUPPORTED; } -CK_RV C_GenerateRandom(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR RandomData, /* receives the random data */ - CK_ULONG ulRandomLen) /* number of bytes to be generated */ -{ +CK_RV C_SeedRandom(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pSeed, /* the seed material */ + CK_ULONG ulSeedLen) +{ /* count of bytes of seed material */ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV C_GenerateRandom(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR RandomData, /* receives the random data */ + CK_ULONG ulRandomLen) +{ /* number of bytes to be generated */ + CK_RV rv; struct sc_pkcs11_session *session; - struct sc_pkcs11_slot *slot; - int rv; + struct sc_pkcs11_slot *slot; rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; - rv = pool_find(&session_pool, hSession, (void**) &session); + rv = get_session(hSession, &session); if (rv == CKR_OK) { slot = session->slot; if (slot->card->framework->get_random == NULL) @@ -993,20 +1038,20 @@ return rv; } -CK_RV C_GetFunctionStatus(CK_SESSION_HANDLE hSession) /* the session's handle */ -{ - return CKR_FUNCTION_NOT_SUPPORTED; +CK_RV C_GetFunctionStatus(CK_SESSION_HANDLE hSession) +{ /* the session's handle */ + return CKR_FUNCTION_NOT_PARALLEL; } -CK_RV C_CancelFunction(CK_SESSION_HANDLE hSession) /* the session's handle */ -{ - return CKR_FUNCTION_NOT_SUPPORTED; +CK_RV C_CancelFunction(CK_SESSION_HANDLE hSession) +{ /* the session's handle */ + return CKR_FUNCTION_NOT_PARALLEL; } -CK_RV C_VerifyInit(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_MECHANISM_PTR pMechanism, /* the verification mechanism */ - CK_OBJECT_HANDLE hKey) /* handle of the verification key */ -{ +CK_RV C_VerifyInit(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism, /* the verification mechanism */ + CK_OBJECT_HANDLE hKey) +{ /* handle of the verification key */ #ifndef ENABLE_OPENSSL return CKR_FUNCTION_NOT_SUPPORTED; #else @@ -1016,22 +1061,24 @@ #endif CK_KEY_TYPE key_type; CK_ATTRIBUTE key_type_attr = { CKA_KEY_TYPE, &key_type, sizeof(key_type) }; + CK_RV rv; struct sc_pkcs11_session *session; struct sc_pkcs11_object *object; - int rv; + + if (pMechanism == NULL_PTR) + return CKR_ARGUMENTS_BAD; rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; - rv = pool_find(&session_pool, hSession, (void**) &session); - if (rv != CKR_OK) - goto out; - rv = pool_find(&session->slot->object_pool, hKey, (void**) &object); - if (rv != CKR_OK) + rv = get_object_from_session(hSession, hKey, &session, &object); + if (rv != CKR_OK) { + if (rv == CKR_OBJECT_HANDLE_INVALID) + rv = CKR_KEY_HANDLE_INVALID; goto out; - + } #if 0 rv = object->ops->get_attribute(session, object, &verify_attribute); if (rv != CKR_OK || !can_verify) { @@ -1047,30 +1094,29 @@ rv = sc_pkcs11_verif_init(session, pMechanism, object, key_type); -out: sc_debug(context, "Verify initialization returns %d\n", rv); +out: sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_VerifyInit() = %s", lookup_enum ( RV_T, rv )); sc_pkcs11_unlock(); - return rv; #endif } -CK_RV C_Verify(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pData, /* plaintext data (digest) to compare */ - CK_ULONG ulDataLen, /* length of data (digest) in bytes */ - CK_BYTE_PTR pSignature, /* the signature to be verified */ - CK_ULONG ulSignatureLen) /* count of bytes of signature */ -{ +CK_RV C_Verify(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pData, /* plaintext data (digest) to compare */ + CK_ULONG ulDataLen, /* length of data (digest) in bytes */ + CK_BYTE_PTR pSignature, /* the signature to be verified */ + CK_ULONG ulSignatureLen) +{ /* count of bytes of signature */ #ifndef ENABLE_OPENSSL return CKR_FUNCTION_NOT_SUPPORTED; #else - int rv; + CK_RV rv; struct sc_pkcs11_session *session; rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; - rv = pool_find(&session_pool, hSession, (void**) &session); + rv = get_session(hSession, &session); if (rv != CKR_OK) goto out; @@ -1078,93 +1124,89 @@ if (rv == CKR_OK) rv = sc_pkcs11_verif_final(session, pSignature, ulSignatureLen); -out: sc_debug(context, "Verify result was %d\n", rv); +out: sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_Verify() = %s", lookup_enum ( RV_T, rv )); sc_pkcs11_unlock(); return rv; #endif } -CK_RV C_VerifyUpdate(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pPart, /* plaintext data (digest) to compare */ - CK_ULONG ulPartLen) /* length of data (digest) in bytes */ -{ +CK_RV C_VerifyUpdate(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pPart, /* plaintext data (digest) to compare */ + CK_ULONG ulPartLen) +{ /* length of data (digest) in bytes */ #ifndef ENABLE_OPENSSL return CKR_FUNCTION_NOT_SUPPORTED; #else + CK_RV rv; struct sc_pkcs11_session *session; - int rv; rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; - rv = pool_find(&session_pool, hSession, (void**) &session); + rv = get_session(hSession, &session); if (rv == CKR_OK) rv = sc_pkcs11_verif_update(session, pPart, ulPartLen); - sc_debug(context, "C_VerifyUpdate returns %d\n", rv); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_VerifyUpdate() = %s", lookup_enum ( RV_T, rv )); sc_pkcs11_unlock(); return rv; #endif } -CK_RV C_VerifyFinal(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pSignature, /* the signature to be verified */ - CK_ULONG ulSignatureLen) /* count of bytes of signature */ -{ +CK_RV C_VerifyFinal(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pSignature, /* the signature to be verified */ + CK_ULONG ulSignatureLen) +{ /* count of bytes of signature */ #ifndef ENABLE_OPENSSL return CKR_FUNCTION_NOT_SUPPORTED; #else + CK_RV rv; struct sc_pkcs11_session *session; - int rv; rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; - rv = pool_find(&session_pool, hSession, (void**) &session); - if (rv != CKR_OK) - goto out; - - rv = sc_pkcs11_verif_final(session, pSignature, ulSignatureLen); + rv = get_session(hSession, &session); + if (rv == CKR_OK) + rv = sc_pkcs11_verif_final(session, pSignature, ulSignatureLen); -out: sc_debug(context, "C_VerifyFinal returns %d\n", rv); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_VerifyFinal() = %s", lookup_enum ( RV_T, rv )); sc_pkcs11_unlock(); - return rv; #endif } -CK_RV C_VerifyRecoverInit(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_MECHANISM_PTR pMechanism, /* the verification mechanism */ - CK_OBJECT_HANDLE hKey) /* handle of the verification key */ -{ +CK_RV C_VerifyRecoverInit(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism, /* the verification mechanism */ + CK_OBJECT_HANDLE hKey) +{ /* handle of the verification key */ return CKR_FUNCTION_NOT_SUPPORTED; } -CK_RV C_VerifyRecover(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pSignature, /* the signature to be verified */ - CK_ULONG ulSignatureLen, /* count of bytes of signature */ - CK_BYTE_PTR pData, /* receives decrypted data (digest) */ - CK_ULONG_PTR pulDataLen) /* receives byte count of data */ -{ +CK_RV C_VerifyRecover(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pSignature, /* the signature to be verified */ + CK_ULONG ulSignatureLen, /* count of bytes of signature */ + CK_BYTE_PTR pData, /* receives decrypted data (digest) */ + CK_ULONG_PTR pulDataLen) +{ /* receives byte count of data */ return CKR_FUNCTION_NOT_SUPPORTED; } /* * Helper function to compare attributes on any sort of object */ -int -sc_pkcs11_any_cmp_attribute(struct sc_pkcs11_session *session, - void *ptr, CK_ATTRIBUTE_PTR attr) +int sc_pkcs11_any_cmp_attribute(struct sc_pkcs11_session *session, void *ptr, CK_ATTRIBUTE_PTR attr) { + int rv; struct sc_pkcs11_object *object; - u8 temp1[1024]; - u8 *temp2 = NULL; /* dynamic allocation for large attributes */ - CK_ATTRIBUTE temp_attr; - int rv, res; + u8 temp1[1024]; + u8 *temp2 = NULL; /* dynamic allocation for large attributes */ + CK_ATTRIBUTE temp_attr; + int res; - object = (struct sc_pkcs11_object *) ptr; + object = (struct sc_pkcs11_object *)ptr; temp_attr.type = attr->type; temp_attr.pValue = NULL; temp_attr.ulValueLen = 0; @@ -1177,7 +1219,7 @@ if (temp_attr.ulValueLen <= sizeof(temp1)) temp_attr.pValue = temp1; else { - temp2 = (u8 *) malloc(temp_attr.ulValueLen); + temp2 = malloc(temp_attr.ulValueLen); if (temp2 == NULL) return 0; temp_attr.pValue = temp2; @@ -1189,20 +1231,18 @@ res = 0; goto done; } - #ifdef DEBUG { - char foo[64]; + char foo[64]; - snprintf(foo, sizeof(foo), "Object %p (slot %d)", - object, session->slot->id); - dump_template(foo, &temp_attr, 1); + snprintf(foo, sizeof(foo), "Object %p (slot 0x%lx)", object, session->slot->id); + dump_template(SC_LOG_DEBUG_NORMAL, foo, &temp_attr, 1); } #endif res = temp_attr.ulValueLen == attr->ulValueLen && !memcmp(temp_attr.pValue, attr->pValue, attr->ulValueLen); -done: + done: if (temp2 != NULL) free(temp2); diff -Nru opensc-0.11.13/src/pkcs11/pkcs11-session.c opensc-0.12.1/src/pkcs11/pkcs11-session.c --- opensc-0.11.13/src/pkcs11/pkcs11-session.c 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/pkcs11/pkcs11-session.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,36 +18,43 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +#include "config.h" + #include #include #include + #include "sc-pkcs11.h" -CK_RV C_OpenSession(CK_SLOT_ID slotID, /* the slot's ID */ - CK_FLAGS flags, /* defined in CK_SESSION_INFO */ - CK_VOID_PTR pApplication, /* pointer passed to callback */ - CK_NOTIFY Notify, /* notification callback function */ - CK_SESSION_HANDLE_PTR phSession) /* receives new session handle */ +CK_RV get_session(CK_SESSION_HANDLE hSession, struct sc_pkcs11_session **session) { + *session = list_seek(&sessions, &hSession); + if (!*session) + return CKR_SESSION_HANDLE_INVALID; + return CKR_OK; +} + +CK_RV C_OpenSession(CK_SLOT_ID slotID, /* the slot's ID */ + CK_FLAGS flags, /* defined in CK_SESSION_INFO */ + CK_VOID_PTR pApplication, /* pointer passed to callback */ + CK_NOTIFY Notify, /* notification callback function */ + CK_SESSION_HANDLE_PTR phSession) +{ /* receives new session handle */ + CK_RV rv; struct sc_pkcs11_slot *slot; struct sc_pkcs11_session *session; - int rv; + + if (!(flags & CKF_SERIAL_SESSION)) + return CKR_SESSION_PARALLEL_NOT_SUPPORTED; + + if (flags & ~(CKF_SERIAL_SESSION | CKF_RW_SESSION)) + return CKR_ARGUMENTS_BAD; rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; - sc_debug(context, "Opening new session for slot %d\n", slotID); - - if (!(flags & CKF_SERIAL_SESSION)) { - rv = CKR_SESSION_PARALLEL_NOT_SUPPORTED; - goto out; - } - - if (flags & ~(CKF_SERIAL_SESSION | CKF_RW_SESSION)) { - rv = CKR_ARGUMENTS_BAD; - goto out; - } + sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_OpenSession(0x%lx)", slotID); rv = slot_get_token(slotID, &slot); if (rv != CKR_OK) @@ -59,24 +66,25 @@ goto out; } - session = (struct sc_pkcs11_session*) calloc(1, sizeof(struct sc_pkcs11_session)); + session = (struct sc_pkcs11_session *)calloc(1, sizeof(struct sc_pkcs11_session)); if (session == NULL) { rv = CKR_HOST_MEMORY; goto out; } - + session->slot = slot; session->notify_callback = Notify; session->notify_data = pApplication; session->flags = flags; + slot->nsessions++; + session->handle = (CK_SESSION_HANDLE) session; /* cast a pointer to long */ + list_append(&sessions, session); + *phSession = session->handle; + sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_OpenSession handle: 0x%lx", session->handle); - rv = pool_insert(&session_pool, session, phSession); - if (rv != CKR_OK) - free(session); - else - slot->nsessions++; - -out: sc_pkcs11_unlock(); +out: + sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_OpenSession() = %s", lookup_enum(RV_T, rv)); + sc_pkcs11_unlock(); return rv; } @@ -86,11 +94,12 @@ { struct sc_pkcs11_slot *slot; struct sc_pkcs11_session *session; - int rv; - rv = pool_find_and_delete(&session_pool, hSession, (void**) &session); - if (rv != CKR_OK) - return rv; + sc_debug(context, SC_LOG_DEBUG_NORMAL, "real C_CloseSession(0x%lx)", hSession); + + session = list_seek(&sessions, &hSession); + if (!session) + return CKR_SESSION_HANDLE_INVALID; /* If we're the last session using this slot, make sure * we log out */ @@ -101,6 +110,8 @@ slot->card->framework->logout(slot->card, slot->fw_data); } + if (list_delete(&sessions, session) != 0) + sc_debug(context, SC_LOG_DEBUG_NORMAL, "Could not delete session from list!"); free(session); return CKR_OK; } @@ -109,26 +120,24 @@ * the global lock held */ CK_RV sc_pkcs11_close_all_sessions(CK_SLOT_ID slotID) { - struct sc_pkcs11_pool_item *item, *next; + CK_RV rv = CKR_OK; struct sc_pkcs11_session *session; - - sc_debug(context, "C_CloseAllSessions(slot %d).\n", (int) slotID); - for (item = session_pool.head; item != NULL; item = next) { - session = (struct sc_pkcs11_session*) item->item; - next = item->next; - - if (session->slot->id == (int)slotID) - sc_pkcs11_close_session(item->handle); + unsigned int i; + sc_debug(context, SC_LOG_DEBUG_NORMAL, "real C_CloseAllSessions(0x%lx) %d", slotID, list_size(&sessions)); + for (i = 0; i < list_size(&sessions); i++) { + session = list_get_at(&sessions, i); + if (session->slot->id == slotID) + if ((rv = sc_pkcs11_close_session(session->handle)) != CKR_OK) + return rv; } - return CKR_OK; } -CK_RV C_CloseSession(CK_SESSION_HANDLE hSession) /* the session's handle */ -{ - int rv; +CK_RV C_CloseSession(CK_SESSION_HANDLE hSession) +{ /* the session's handle */ + CK_RV rv; - sc_debug(context, "C_CloseSession(%lx)\n", (long) hSession); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_CloseSession(0x%lx)\n", hSession); rv = sc_pkcs11_lock(); if (rv == CKR_OK) @@ -137,11 +146,12 @@ return rv; } -CK_RV C_CloseAllSessions(CK_SLOT_ID slotID) /* the token's slot */ -{ +CK_RV C_CloseAllSessions(CK_SLOT_ID slotID) +{ /* the token's slot */ + CK_RV rv; struct sc_pkcs11_slot *slot; - int rv; + sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_CloseAllSessions(0x%lx)\n", slotID); rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; @@ -152,31 +162,33 @@ rv = sc_pkcs11_close_all_sessions(slotID); -out: sc_pkcs11_unlock(); + out:sc_pkcs11_unlock(); return rv; } -CK_RV C_GetSessionInfo(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_SESSION_INFO_PTR pInfo) /* receives session information */ -{ +CK_RV C_GetSessionInfo(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_SESSION_INFO_PTR pInfo) +{ /* receives session information */ + CK_RV rv; struct sc_pkcs11_session *session; struct sc_pkcs11_slot *slot; - int rv; + + if (pInfo == NULL_PTR) + return CKR_ARGUMENTS_BAD; rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; - if (pInfo == NULL_PTR) { - rv = CKR_ARGUMENTS_BAD; - goto out; - } + sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_GetSessionInfo(0x%lx)", hSession); - rv = pool_find(&session_pool, hSession, (void**) &session); - if (rv != CKR_OK) + session = list_seek(&sessions, &hSession); + if (!session) { + rv = CKR_SESSION_HANDLE_INVALID; goto out; + } - sc_debug(context, "C_GetSessionInfo(slot %d).\n", session->slot->id); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_GetSessionInfo(slot 0x%lx).", session->slot->id); pInfo->slotID = session->slot->id; pInfo->flags = session->flags; pInfo->ulDeviceError = 0; @@ -184,59 +196,63 @@ slot = session->slot; if (slot->login_user == CKU_SO) { pInfo->state = CKS_RW_SO_FUNCTIONS; - } else - if (slot->login_user == CKU_USER - || (!(slot->token_info.flags & CKF_LOGIN_REQUIRED))) { + } else if (slot->login_user == CKU_USER || (!(slot->token_info.flags & CKF_LOGIN_REQUIRED))) { pInfo->state = (session->flags & CKF_RW_SESSION) - ? CKS_RW_USER_FUNCTIONS : CKS_RO_USER_FUNCTIONS; + ? CKS_RW_USER_FUNCTIONS : CKS_RO_USER_FUNCTIONS; } else { pInfo->state = (session->flags & CKF_RW_SESSION) - ? CKS_RW_PUBLIC_SESSION : CKS_RO_PUBLIC_SESSION; + ? CKS_RW_PUBLIC_SESSION : CKS_RO_PUBLIC_SESSION; } -out: sc_pkcs11_unlock(); + out: + sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_GetSessionInfo(0x%lx) = %s", hSession, lookup_enum(RV_T, rv)); + sc_pkcs11_unlock(); return rv; } -CK_RV C_GetOperationState(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pOperationState, /* location receiving state */ - CK_ULONG_PTR pulOperationStateLen) /* location receiving state length */ -{ +CK_RV C_GetOperationState(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pOperationState, /* location receiving state */ + CK_ULONG_PTR pulOperationStateLen) +{ /* location receiving state length */ return CKR_FUNCTION_NOT_SUPPORTED; } -CK_RV C_SetOperationState(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pOperationState, /* the location holding the state */ - CK_ULONG ulOperationStateLen, /* location holding state length */ - CK_OBJECT_HANDLE hEncryptionKey, /* handle of en/decryption key */ - CK_OBJECT_HANDLE hAuthenticationKey) /* handle of sign/verify key */ -{ +CK_RV C_SetOperationState(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pOperationState, /* the location holding the state */ + CK_ULONG ulOperationStateLen, /* location holding state length */ + CK_OBJECT_HANDLE hEncryptionKey, /* handle of en/decryption key */ + CK_OBJECT_HANDLE hAuthenticationKey) +{ /* handle of sign/verify key */ return CKR_FUNCTION_NOT_SUPPORTED; } -CK_RV C_Login(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_USER_TYPE userType, /* the user type */ - CK_CHAR_PTR pPin, /* the user's PIN */ - CK_ULONG ulPinLen) /* the length of the PIN */ -{ - int rv; +CK_RV C_Login(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_USER_TYPE userType, /* the user type */ + CK_CHAR_PTR pPin, /* the user's PIN */ + CK_ULONG ulPinLen) +{ /* the length of the PIN */ + CK_RV rv; struct sc_pkcs11_session *session; struct sc_pkcs11_slot *slot; + if (pPin == NULL_PTR && ulPinLen > 0) + return CKR_ARGUMENTS_BAD; + rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; - if (userType != CKU_USER && userType != CKU_SO) { + if (userType != CKU_USER && userType != CKU_SO && userType != CKU_CONTEXT_SPECIFIC) { rv = CKR_USER_TYPE_INVALID; goto out; } - - rv = pool_find(&session_pool, hSession, (void**) &session); - if (rv != CKR_OK) + session = list_seek(&sessions, &hSession); + if (!session) { + rv = CKR_SESSION_HANDLE_INVALID; goto out; + } - sc_debug(context, "Login for session %d\n", hSession); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_Login(0x%lx, %d)", hSession, userType); slot = session->slot; @@ -245,23 +261,34 @@ goto out; } - if (slot->login_user >= 0) { - rv = CKR_USER_ALREADY_LOGGED_IN; - goto out; + /* TODO: check if context specific is valid */ + if (userType == CKU_CONTEXT_SPECIFIC) { + if (slot->login_user == -1) { + rv = CKR_OPERATION_NOT_INITIALIZED; + goto out; + } else + rv = slot->card->framework->login(slot, userType, pPin, ulPinLen); + } else { + if (slot->login_user >= 0) { + if ((CK_USER_TYPE) slot->login_user == userType) + rv = CKR_USER_ALREADY_LOGGED_IN; + else + rv = CKR_USER_ANOTHER_ALREADY_LOGGED_IN; + goto out; + } + + rv = slot->card->framework->login(slot, userType, pPin, ulPinLen); + if (rv == CKR_OK) + slot->login_user = userType; } - rv = slot->card->framework->login(slot->card, slot->fw_data, - userType, pPin, ulPinLen); - if (rv == CKR_OK) - slot->login_user = userType; - -out: sc_pkcs11_unlock(); + out:sc_pkcs11_unlock(); return rv; } -CK_RV C_Logout(CK_SESSION_HANDLE hSession) /* the session's handle */ -{ - int rv; +CK_RV C_Logout(CK_SESSION_HANDLE hSession) +{ /* the session's handle */ + CK_RV rv; struct sc_pkcs11_session *session; struct sc_pkcs11_slot *slot; @@ -269,87 +296,97 @@ if (rv != CKR_OK) return rv; - rv = pool_find(&session_pool, hSession, (void**) &session); - if (rv != CKR_OK) + session = list_seek(&sessions, &hSession); + if (!session) { + rv = CKR_SESSION_HANDLE_INVALID; goto out; + } - sc_debug(context, "Logout for session %d\n", hSession); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_Logout(0x%lx)", hSession); slot = session->slot; if (slot->login_user >= 0) { slot->login_user = -1; rv = slot->card->framework->logout(slot->card, slot->fw_data); - } - else + } else rv = CKR_USER_NOT_LOGGED_IN; -out: sc_pkcs11_unlock(); + out:sc_pkcs11_unlock(); return rv; } -CK_RV C_InitPIN(CK_SESSION_HANDLE hSession, - CK_CHAR_PTR pPin, - CK_ULONG ulPinLen) +CK_RV C_InitPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pPin, CK_ULONG ulPinLen) { + CK_RV rv; struct sc_pkcs11_session *session; struct sc_pkcs11_slot *slot; - int rv; + + if (pPin == NULL_PTR && ulPinLen > 0) + return CKR_ARGUMENTS_BAD; rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; - rv = pool_find(&session_pool, hSession, (void**) &session); - if (rv != CKR_OK) + session = list_seek(&sessions, &hSession); + if (!session) { + rv = CKR_SESSION_HANDLE_INVALID; + goto out; + } + + if (!(session->flags & CKF_RW_SESSION)) { + rv = CKR_SESSION_READ_ONLY; goto out; + } slot = session->slot; if (slot->login_user != CKU_SO) { rv = CKR_USER_NOT_LOGGED_IN; - } else - if (slot->card->framework->init_pin == NULL) { + } else if (slot->card->framework->init_pin == NULL) { rv = CKR_FUNCTION_NOT_SUPPORTED; } else { - rv = slot->card->framework->init_pin(slot->card, slot, - pPin, ulPinLen); + rv = slot->card->framework->init_pin(slot->card, slot, pPin, ulPinLen); } -out: sc_pkcs11_unlock(); + out:sc_pkcs11_unlock(); return rv; } CK_RV C_SetPIN(CK_SESSION_HANDLE hSession, - CK_CHAR_PTR pOldPin, - CK_ULONG ulOldLen, - CK_CHAR_PTR pNewPin, - CK_ULONG ulNewLen) + CK_CHAR_PTR pOldPin, CK_ULONG ulOldLen, CK_CHAR_PTR pNewPin, CK_ULONG ulNewLen) { - int rv; + CK_RV rv; struct sc_pkcs11_session *session; struct sc_pkcs11_slot *slot; + if ((pOldPin == NULL_PTR && ulOldLen > 0) + || (pNewPin == NULL_PTR && ulNewLen > 0)) + return CKR_ARGUMENTS_BAD; + rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; - rv = pool_find(&session_pool, hSession, (void**) &session); - if (rv != CKR_OK) + session = list_seek(&sessions, &hSession); + if (!session) { + rv = CKR_SESSION_HANDLE_INVALID; goto out; + } + + slot = session->slot; + sc_debug(context, SC_LOG_DEBUG_NORMAL, "Changing PIN (session 0x%lx; login user %d)\n", hSession, + slot->login_user); - sc_debug(context, "Changing PIN (session %d)\n", hSession); -#if 0 - if (!(ses->flags & CKF_RW_SESSION)) { + if (!(session->flags & CKF_RW_SESSION)) { rv = CKR_SESSION_READ_ONLY; goto out; } -#endif - slot = session->slot; rv = slot->card->framework->change_pin(slot->card, slot->fw_data, - pOldPin, ulOldLen, - pNewPin, ulNewLen); + slot->login_user, pOldPin, ulOldLen, pNewPin, + ulNewLen); -out: sc_pkcs11_unlock(); + out:sc_pkcs11_unlock(); return rv; } diff -Nru opensc-0.11.13/src/pkcs11/pkcs11-spy.c opensc-0.12.1/src/pkcs11/pkcs11-spy.c --- opensc-0.11.13/src/pkcs11/pkcs11-spy.c 2009-12-13 09:14:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs11/pkcs11-spy.c 2011-05-17 17:07:00.000000000 +0000 @@ -16,13 +16,11 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, * USA */ -#ifdef HAVE_CONFIG_H -#include -#endif + +#include "config.h" + #include #include -#define CRYPTOKI_EXPORTS -#include "pkcs11-display.h" #ifdef _WIN32 #include @@ -30,6 +28,9 @@ #include #endif +#define CRYPTOKI_EXPORTS +#include "pkcs11-display.h" + #define __PASTE(x,y) x##y extern void *C_LoadModule(const char *name, CK_FUNCTION_LIST_PTR_PTR); @@ -59,8 +60,7 @@ #endif /* Allocates and initializes the pkcs11_spy structure */ - pkcs11_spy = - (CK_FUNCTION_LIST_PTR) malloc(sizeof(CK_FUNCTION_LIST)); + pkcs11_spy = malloc(sizeof(CK_FUNCTION_LIST)); if (pkcs11_spy) { /* with our own pkcs11.h we need to maintain this ourself */ pkcs11_spy->version.major = 2; @@ -151,10 +151,10 @@ /* try for the machine version first, as we may be runing * without a user during login */ - rc = RegOpenKeyEx( HKEY_LOCAL_MACHINE, "Software\\PKCS11-Spy", + rc = RegOpenKeyEx( HKEY_LOCAL_MACHINE, "Software\\OpenSC Project\\PKCS11-Spy", 0, KEY_QUERY_VALUE, &hKey ); if (rc != ERROR_SUCCESS ) { - rc = RegOpenKeyEx( HKEY_CURRENT_USER, "Software\\PKCS11-Spy", + rc = RegOpenKeyEx( HKEY_CURRENT_USER, "Software\\OpenSC Project\\PKCS11-Spy", 0, KEY_QUERY_VALUE, &hKey ); } if( rc == ERROR_SUCCESS ) { @@ -179,10 +179,10 @@ /* try for the machine version first, as we may be runing * without a user during login */ - rc = RegOpenKeyEx( HKEY_LOCAL_MACHINE, "Software\\PKCS11-Spy", + rc = RegOpenKeyEx( HKEY_LOCAL_MACHINE, "Software\\OpenSC Project\\PKCS11-Spy", 0, KEY_QUERY_VALUE, &hKey ); if (rc != ERROR_SUCCESS ) { - rc = RegOpenKeyEx( HKEY_CURRENT_USER, "Software\\PKCS11-Spy", + rc = RegOpenKeyEx( HKEY_CURRENT_USER, "Software\\OpenSC Project\\PKCS11-Spy", 0, KEY_QUERY_VALUE, &hKey ); } if( rc == ERROR_SUCCESS ) { @@ -701,7 +701,7 @@ CK_ULONG i; spy_dump_ulong_out("ulObjectCount", *pulObjectCount); for (i = 0; i < *pulObjectCount; i++) { - fprintf(spy_output, "Object %ld Matches\n", phObject[i]); + fprintf(spy_output, "Object 0x%lx matches\n", phObject[i]); } } return retne(rv); diff -Nru opensc-0.11.13/src/pkcs11/sc-pkcs11.h opensc-0.12.1/src/pkcs11/sc-pkcs11.h --- opensc-0.11.13/src/pkcs11/sc-pkcs11.h 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/pkcs11/sc-pkcs11.h 2011-05-17 17:07:00.000000000 +0000 @@ -21,19 +21,20 @@ #ifndef __sc_pkcs11_h__ #define __sc_pkcs11_h__ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #ifdef HAVE_MALLOC_H #include #endif -#include -#include -#include + +#include "libopensc/opensc.h" +#include "libopensc/pkcs15.h" +#include "libopensc/log.h" #define CRYPTOKI_EXPORTS -#include -#include +#include "pkcs11.h" +#include "pkcs11-opensc.h" +#include "pkcs11-display.h" #ifdef __cplusplus extern "C" { @@ -45,6 +46,11 @@ #define PKCS11_DEFAULT_MODULE_NAME "opensc-pkcs11.so" #endif +#define SC_PKCS11_PIN_UNBLOCK_NOT_ALLOWED 0 +#define SC_PKCS11_PIN_UNBLOCK_UNLOGGED_SETPIN 1 +#define SC_PKCS11_PIN_UNBLOCK_SCONTEXT_SETPIN 2 +#define SC_PKCS11_PIN_UNBLOCK_SO_LOGGED_INITPIN 3 + extern void *C_LoadModule(const char *name, CK_FUNCTION_LIST_PTR_PTR); extern CK_RV C_UnloadModule(void *module); @@ -65,35 +71,15 @@ struct sc_pkcs11_slot; struct sc_pkcs11_card; -/* Object Pool */ -struct sc_pkcs11_pool_item { - int handle; - void *item; - struct sc_pkcs11_pool_item *next; - struct sc_pkcs11_pool_item *prev; -}; - -enum { - POOL_TYPE_SESSION, - POOL_TYPE_OBJECT -}; - -struct sc_pkcs11_pool { - int type; - int next_free_handle; - int num_items; - struct sc_pkcs11_pool_item *head; - struct sc_pkcs11_pool_item *tail; -}; - struct sc_pkcs11_config { unsigned int plug_and_play; unsigned int max_virtual_slots; unsigned int slots_per_card; unsigned char hide_empty_tokens; unsigned char lock_login; - unsigned char cache_pins; - unsigned char soft_keygen_allowed; + unsigned int pin_unblock_style; + unsigned int create_puk_slot; + unsigned int zero_ckaid_for_ca_certs; }; /* @@ -131,6 +117,7 @@ }; struct sc_pkcs11_object { + CK_OBJECT_HANDLE handle; int flags; struct sc_pkcs11_object_ops *ops; }; @@ -156,10 +143,10 @@ CK_RV (*release_token)(struct sc_pkcs11_card *, void *); /* Login and logout */ - CK_RV (*login)(struct sc_pkcs11_card *, void *, + CK_RV (*login)(struct sc_pkcs11_slot *, CK_USER_TYPE, CK_CHAR_PTR, CK_ULONG); CK_RV (*logout)(struct sc_pkcs11_card *, void *); - CK_RV (*change_pin)(struct sc_pkcs11_card *, void *, + CK_RV (*change_pin)(struct sc_pkcs11_card *, void *, int, CK_CHAR_PTR, CK_ULONG, CK_CHAR_PTR, CK_ULONG); @@ -183,8 +170,6 @@ CK_ATTRIBUTE_PTR pPubKeyTempl, CK_ULONG ulPubKeyAttrCnt, CK_ATTRIBUTE_PTR pPrivKeyTempl, CK_ULONG ulPrivKeyAttrCnt, CK_OBJECT_HANDLE_PTR phPubKey, CK_OBJECT_HANDLE_PTR phPrivKey); - CK_RV (*seed_random)(struct sc_pkcs11_card *p11card, - CK_BYTE_PTR, CK_ULONG); CK_RV (*get_random)(struct sc_pkcs11_card *p11card, CK_BYTE_PTR, CK_ULONG); }; @@ -200,16 +185,10 @@ #endif struct sc_pkcs11_card { - int reader; - struct sc_card *card; + sc_reader_t *reader; + sc_card_t *card; struct sc_pkcs11_framework_ops *framework; void *fw_data; - sc_timestamp_t slot_state_expires; - - /* Number of slots owned by this card object */ - unsigned int num_slots; - unsigned int max_slots; - unsigned int first_slot; /* List of supported mechanisms */ struct sc_pkcs11_mechanism_type **mechanisms; @@ -217,27 +196,17 @@ }; struct sc_pkcs11_slot { - int id; - int login_user; - /* Slot specific information (information about reader) */ - CK_SLOT_INFO slot_info; - /* Token specific information (information about card) */ - CK_TOKEN_INFO token_info; - - /* Reader to which card is allocated (same as card->reader - * if there's a card present) */ - int reader; - - /* The card associated with this slot */ - struct sc_pkcs11_card *card; - /* Card events SC_EVENT_CARD_{INSERTED,REMOVED} */ - int events; - /* Framework specific data */ - void *fw_data; - /* Object pools */ - struct sc_pkcs11_pool object_pool; - /* Number of sessions using this slot */ - unsigned int nsessions; + CK_SLOT_ID id; /* ID of the slot */ + int login_user; /* Currently logged in user */ + CK_SLOT_INFO slot_info; /* Slot specific information (information about reader) */ + CK_TOKEN_INFO token_info; /* Token specific information (information about card) */ + sc_reader_t *reader; /* same as card->reader if there's a card present */ + struct sc_pkcs11_card *card; /* The card associated with this slot */ + unsigned int events; /* Card events SC_EVENT_CARD_{INSERTED,REMOVED} */ + void *fw_data; /* Framework specific data */ + list_t objects; /* Objects in this slot */ + unsigned int nsessions; /* Number of sessions using this slot */ + sc_timestamp_t slot_state_expires; }; typedef struct sc_pkcs11_slot sc_pkcs11_slot_t; @@ -308,11 +277,11 @@ }; /* Find Operation */ -#define SC_PKCS11_FIND_MAX_HANDLES 32 +#define SC_PKCS11_FIND_INC_HANDLES 32 struct sc_pkcs11_find_operation { struct sc_pkcs11_operation operation; - int num_handles, current_handle; - CK_OBJECT_HANDLE handles[SC_PKCS11_FIND_MAX_HANDLES]; + int num_handles, current_handle, allocated_handles; + CK_OBJECT_HANDLE *handles; }; /* @@ -320,6 +289,7 @@ */ struct sc_pkcs11_session { + CK_SESSION_HANDLE handle; /* Session to this slot */ struct sc_pkcs11_slot *slot; CK_FLAGS flags; @@ -333,44 +303,37 @@ /* Module variables */ extern struct sc_context *context; -extern struct sc_pkcs11_pool session_pool; -extern struct sc_pkcs11_slot *virtual_slots; -extern struct sc_pkcs11_card card_table[SC_MAX_READERS]; extern struct sc_pkcs11_config sc_pkcs11_conf; -extern unsigned int first_free_slot; +extern list_t sessions; +extern list_t virtual_slots; +extern list_t cards; /* Framework definitions */ extern struct sc_pkcs11_framework_ops framework_pkcs15; extern struct sc_pkcs11_framework_ops framework_pkcs15init; void strcpy_bp(u8 *dst, const char *src, size_t dstsize); -CK_RV sc_to_cryptoki_error(int rc, int reader); -void sc_pkcs11_print_attrs(const char *file, unsigned int line, const char *function, +CK_RV sc_to_cryptoki_error(int rc, const char *ctx); +void sc_pkcs11_print_attrs(int level, const char *file, unsigned int line, const char *function, const char *info, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount); -#define dump_template(info, pTemplate, ulCount) \ - sc_pkcs11_print_attrs(__FILE__, __LINE__, __FUNCTION__, \ +#define dump_template(level, info, pTemplate, ulCount) \ + sc_pkcs11_print_attrs(level, __FILE__, __LINE__, __FUNCTION__, \ info, pTemplate, ulCount) /* Slot and card handling functions */ -CK_RV card_initialize(int reader); +CK_RV card_removed(sc_reader_t *reader); CK_RV card_detect_all(void); -CK_RV __card_detect_all(int); -CK_RV card_detect(int reader); -CK_RV card_removed(int reader); -CK_RV slot_initialize(int id, struct sc_pkcs11_slot *); -CK_RV slot_get_slot(int id, struct sc_pkcs11_slot **); -CK_RV slot_get_token(int id, struct sc_pkcs11_slot **); -CK_RV slot_token_removed(int id); -CK_RV slot_find_changed(CK_SLOT_ID_PTR idp, int mask); +CK_RV create_slot(sc_reader_t *reader); +CK_RV initialize_reader(sc_reader_t *reader); +CK_RV card_detect(sc_reader_t *reader); +CK_RV slot_get_slot(CK_SLOT_ID id, struct sc_pkcs11_slot **); +CK_RV slot_get_token(CK_SLOT_ID id, struct sc_pkcs11_slot **); +CK_RV slot_token_removed(CK_SLOT_ID id); CK_RV slot_allocate(struct sc_pkcs11_slot **, struct sc_pkcs11_card *); - -/* Pool */ -CK_RV pool_initialize(struct sc_pkcs11_pool *, int); -CK_RV pool_insert(struct sc_pkcs11_pool *, void *, CK_ULONG_PTR); -CK_RV pool_find(struct sc_pkcs11_pool *, CK_ULONG, void **); -CK_RV pool_find_and_delete(struct sc_pkcs11_pool *, CK_ULONG, void **); +CK_RV slot_find_changed(CK_SLOT_ID_PTR idp, int mask); /* Session manipulation */ +CK_RV get_session(CK_SESSION_HANDLE hSession, struct sc_pkcs11_session ** session); CK_RV session_start_operation(struct sc_pkcs11_session *, int, sc_pkcs11_mechanism_type_t *, struct sc_pkcs11_operation **); @@ -420,7 +383,7 @@ CK_RV sc_pkcs11_decr_init(struct sc_pkcs11_session *, CK_MECHANISM_PTR, struct sc_pkcs11_object *, CK_MECHANISM_TYPE); CK_RV sc_pkcs11_decr(struct sc_pkcs11_session *, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR); sc_pkcs11_mechanism_type_t *sc_pkcs11_find_mechanism(struct sc_pkcs11_card *, - CK_MECHANISM_TYPE, int); + CK_MECHANISM_TYPE, unsigned int); sc_pkcs11_mechanism_type_t *sc_pkcs11_new_fw_mechanism(CK_MECHANISM_TYPE, CK_MECHANISM_INFO_PTR, CK_KEY_TYPE, void *); @@ -436,9 +399,6 @@ sc_pkcs11_mechanism_type_t *); #ifdef ENABLE_OPENSSL -/* Random generation functions */ -CK_RV sc_pkcs11_gen_keypair_soft(CK_KEY_TYPE keytype, CK_ULONG keybits, - struct sc_pkcs15_prkey *privkey, struct sc_pkcs15_pubkey *pubkey); CK_RV sc_pkcs11_verify_data(const unsigned char *pubkey, int pubkey_len, const unsigned char *pubkey_params, int pubkey_params_len, CK_MECHANISM_TYPE mech, sc_pkcs11_operation_t *md, diff -Nru opensc-0.11.13/src/pkcs11/secretkey.c opensc-0.12.1/src/pkcs11/secretkey.c --- opensc-0.11.13/src/pkcs11/secretkey.c 2009-12-13 09:14:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs11/secretkey.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,230 +0,0 @@ -/* - * Secret key handling for PKCS#11 - * - * This module deals only with secret keys that have been unwrapped - * by the card. At the moment, we do not support key unwrapping - * where the key remains on the token. - * - * Copyright (C) 2002 Olaf Kirch - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -#include -#include -#include "sc-pkcs11.h" - -struct pkcs11_secret_key { - struct sc_pkcs11_object object; - - char * label; - CK_KEY_TYPE type; - CK_BYTE_PTR value; - CK_ULONG value_len; -}; - -extern struct sc_pkcs11_object_ops pkcs11_secret_key_ops; - -#define set_attr(var, attr) \ - if (attr->ulValueLen != sizeof(var)) \ - return CKR_ATTRIBUTE_VALUE_INVALID; \ - memcpy(&var, attr->pValue, attr->ulValueLen); -#define check_attr(attr, size) \ - if (attr->pValue == NULL_PTR) { \ - attr->ulValueLen = size; \ - return CKR_OK; \ - } \ - if (attr->ulValueLen < size) { \ - attr->ulValueLen = size; \ - return CKR_BUFFER_TOO_SMALL; \ - } \ - attr->ulValueLen = size; -#define get_attr(attr, type, value) \ - check_attr(attr, sizeof(type)); \ - *(type *) (attr->pValue) = value; - -CK_RV -sc_pkcs11_create_secret_key(struct sc_pkcs11_session *session, - const u8 *value, size_t value_len, - CK_ATTRIBUTE_PTR _template, - CK_ULONG attribute_count, - struct sc_pkcs11_object **out) -{ - struct pkcs11_secret_key *key; - CK_ATTRIBUTE_PTR attr; - int n, rv; - - key = (struct pkcs11_secret_key *) calloc(1, sizeof(*key)); - if (!key) - return CKR_HOST_MEMORY; - key->value = (CK_BYTE *) malloc(value_len); - if (!key->value) { - pkcs11_secret_key_ops.release(key); - return CKR_HOST_MEMORY; /* XXX correct? */ - } - memcpy(key->value, value, value_len); - key->value_len = value_len; - key->object.ops = &pkcs11_secret_key_ops; - - /* Make sure the key type is given in the template */ - for (n = attribute_count, attr = _template; n--; attr++) { - if (attr->type == CKA_KEY_TYPE) { - set_attr(key->type, attr); - break; - } - } - if (n < 0) { - pkcs11_secret_key_ops.release(key); - return CKR_TEMPLATE_INCOMPLETE; - } - - /* Set all the other attributes */ - for (n = attribute_count, attr = _template; n--; attr++) { - rv = key->object.ops->set_attribute(session, key, attr); - if (rv != CKR_OK) { - pkcs11_secret_key_ops.release(key); - return rv; - } - } - - *out = (struct sc_pkcs11_object *) key; - return CKR_OK; -} - -static void -sc_pkcs11_secret_key_release(void *object) -{ - struct pkcs11_secret_key *key; - - key = (struct pkcs11_secret_key *) object; - if (key) { - if (key->value) - free(key->value); - if (key->label) - free(key->label); - free(key); - } -} - -static CK_RV -sc_pkcs11_secret_key_set_attribute(struct sc_pkcs11_session *session, - void *object, CK_ATTRIBUTE_PTR attr) -{ - struct pkcs11_secret_key *key; - CK_OBJECT_CLASS ck_class; - CK_KEY_TYPE ck_key_type; - CK_BBOOL ck_bbool; - - key = (struct pkcs11_secret_key *) object; - switch (attr->type) { - case CKA_CLASS: - set_attr(ck_class, attr); - if (ck_class != CKO_SECRET_KEY) - return CKR_ATTRIBUTE_VALUE_INVALID; - break; - case CKA_KEY_TYPE: - set_attr(ck_key_type, attr); - if (ck_key_type != key->type) - return CKR_ATTRIBUTE_VALUE_INVALID; - break; - case CKA_LABEL: - if (key->label) - free(key->label); - key->label = strdup((const char *) attr->pValue); - break; - case CKA_TOKEN: - set_attr(ck_bbool, attr); - if (!ck_bbool) - return CKR_ATTRIBUTE_VALUE_INVALID; - break; - case CKA_VALUE: - if (key->value) - free(key->value); - key->value = (CK_BYTE *) malloc(attr->ulValueLen); - if (key->value == NULL) - return CKR_HOST_MEMORY; - key->value_len = attr->ulValueLen; - memcpy(key->value, attr->pValue, key->value_len); - break; - case CKA_ENCRYPT: - case CKA_DECRYPT: - case CKA_SIGN: - case CKA_VERIFY: - case CKA_WRAP: - case CKA_UNWRAP: - case CKA_EXTRACTABLE: - case CKA_ALWAYS_SENSITIVE: - case CKA_NEVER_EXTRACTABLE: - /* We ignore these for now, just making sure the argument - * has the right size */ - set_attr(ck_bbool, attr); - break; - default: - return CKR_ATTRIBUTE_TYPE_INVALID; - } - - return CKR_OK; -} - -static CK_RV -sc_pkcs11_secret_key_get_attribute(struct sc_pkcs11_session *session, - void *object, CK_ATTRIBUTE_PTR attr) -{ - struct pkcs11_secret_key *key; - - key = (struct pkcs11_secret_key *) object; - switch (attr->type) { - case CKA_CLASS: - get_attr(attr, CK_OBJECT_CLASS, CKO_SECRET_KEY); - break; - case CKA_KEY_TYPE: - get_attr(attr, CK_KEY_TYPE, key->type); - case CKA_VALUE: - check_attr(attr, key->value_len); - memcpy(attr->pValue, key->value, key->value_len); - break; - case CKA_VALUE_LEN: - get_attr(attr, CK_ULONG, key->value_len); - break; - case CKA_SENSITIVE: - case CKA_SIGN: - case CKA_VERIFY: - case CKA_WRAP: - case CKA_UNWRAP: - case CKA_NEVER_EXTRACTABLE: - get_attr(attr, CK_BBOOL, 0); - break; - case CKA_ENCRYPT: - case CKA_DECRYPT: - case CKA_EXTRACTABLE: - case CKA_ALWAYS_SENSITIVE: - get_attr(attr, CK_BBOOL, 1); - break; - default: - return CKR_ATTRIBUTE_TYPE_INVALID; - } - return CKR_OK; -} - -struct sc_pkcs11_object_ops pkcs11_secret_key_ops = { - sc_pkcs11_secret_key_release, - sc_pkcs11_secret_key_set_attribute, - sc_pkcs11_secret_key_get_attribute, - sc_pkcs11_any_cmp_attribute, - NULL, /* destroy_object */ - NULL, /* get_size */ - NULL, /* sign */ - NULL, /* unwrap_key */ - NULL /* decrypt */ -}; diff -Nru opensc-0.11.13/src/pkcs11/slot.c opensc-0.12.1/src/pkcs11/slot.c --- opensc-0.11.13/src/pkcs11/slot.c 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/pkcs11/slot.c 2011-05-17 17:07:00.000000000 +0000 @@ -1,7 +1,8 @@ /* - * slot.c: smart card and slot related management functions + * slot.c: reader, smart card and slot related management functions * * Copyright (C) 2002 Timo Teräs + * Copyright (C) 2009 Martin Paljak * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -18,7 +19,11 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +#include "config.h" + #include +#include + #include "sc-pkcs11.h" static struct sc_pkcs11_framework_ops *frameworks[] = { @@ -31,11 +36,23 @@ NULL }; -unsigned int first_free_slot = 0; +static struct sc_pkcs11_slot * reader_get_slot(sc_reader_t *reader) +{ + unsigned int i; + + /* Locate a slot related to the reader */ + for (i = 0; ireader == reader) { + return slot; + } + } + return NULL; +} static void init_slot_info(CK_SLOT_INFO_PTR pInfo) { - strcpy_bp(pInfo->slotDescription, "Virtual slot", 64); + strcpy_bp(pInfo->slotDescription, "Virtual hotplug slot", 64); strcpy_bp(pInfo->manufacturerID, "OpenSC (www.opensc-project.org)", 32); pInfo->flags = CKF_REMOVABLE_DEVICE | CKF_HW_SLOT; pInfo->hardwareVersion.major = 0; @@ -44,99 +61,188 @@ pInfo->firmwareVersion.minor = 0; } -CK_RV card_initialize(int reader) +/* simclist helpers to locate interesting objects by ID */ +static int object_list_seeker(const void *el, const void *key) { - struct sc_pkcs11_card *card = card_table + reader; - unsigned int avail; - unsigned int i; + const struct sc_pkcs11_object *object = (struct sc_pkcs11_object *)el; + + if ((el == NULL) || (key == NULL)) + return 0; + if (object->handle == *(CK_OBJECT_HANDLE*)key) + return 1; + return 0; +} + +CK_RV create_slot(sc_reader_t *reader) +{ + struct sc_pkcs11_slot *slot; - if (reader < 0 || reader >= SC_MAX_READERS) + if (list_size(&virtual_slots) >= sc_pkcs11_conf.max_virtual_slots) return CKR_FUNCTION_FAILED; - memset(card, 0, sizeof(struct sc_pkcs11_card)); - card->reader = reader; + slot = (struct sc_pkcs11_slot *)calloc(1, sizeof(struct sc_pkcs11_slot)); + if (!slot) + return CKR_HOST_MEMORY; - /* Always allocate a fixed slot range to one reader/card. - * Some applications get confused if readers pop up in - * different slots. */ - avail = sc_pkcs11_conf.slots_per_card; - - if (first_free_slot + avail > sc_pkcs11_conf.max_virtual_slots) - avail = sc_pkcs11_conf.max_virtual_slots - first_free_slot; - card->first_slot = first_free_slot; - card->max_slots = avail; - card->num_slots = 0; + list_append(&virtual_slots, slot); + slot->login_user = -1; + slot->id = (CK_SLOT_ID) list_locate(&virtual_slots, slot); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "Creating slot with id 0x%lx", slot->id); + + list_init(&slot->objects); + list_attributes_seeker(&slot->objects, object_list_seeker); - for (i = 0; i < card->max_slots; i++) { - struct sc_pkcs11_slot *slot = virtual_slots + card->first_slot + i; + init_slot_info(&slot->slot_info); + if (reader != NULL) { slot->reader = reader; + strcpy_bp(slot->slot_info.slotDescription, reader->name, 64); + } + return CKR_OK; +} + + +/* create slots associated with a reader, called whenever a reader is seen. */ +CK_RV initialize_reader(sc_reader_t *reader) +{ + unsigned int i; + CK_RV rv; + + scconf_block *conf_block = NULL; + const scconf_list *list = NULL; + + conf_block = sc_get_conf_block(context, "pkcs11", NULL, 1); + if (conf_block != NULL) { + list = scconf_find_list(conf_block, "ignored_readers"); + while (list != NULL) { + if (strstr(reader->name, list->data) != NULL) { + sc_debug(context, SC_LOG_DEBUG_NORMAL, "Ignoring reader \'%s\' because of \'%s\'\n", reader->name, list->data); + return CKR_OK; + } + list = list->next; + } + } + + for (i = 0; i < sc_pkcs11_conf.slots_per_card; i++) { + rv = create_slot(reader); + if (rv != CKR_OK) + return rv; + } + + if (sc_detect_card_presence(reader)) { + card_detect(reader); } - first_free_slot += card->max_slots; return CKR_OK; } -CK_RV card_detect(int reader) + +CK_RV card_removed(sc_reader_t * reader) { - struct sc_pkcs11_card *card = &card_table[reader]; - int rc, rv, i, retry = 1; + unsigned int i; + struct sc_pkcs11_card *card = NULL; + /* Mark all slots as "token not present" */ + sc_debug(context, SC_LOG_DEBUG_NORMAL, "%s: card removed", reader->name); - rv = CKR_OK; - sc_debug(context, "%d: Detecting smart card\n", reader); - for (i = card->max_slots; i--; ) { - struct sc_pkcs11_slot *slot; - sc_reader_t *rdr = sc_ctx_get_reader(context, (unsigned int)reader); + for (i=0; i < list_size(&virtual_slots); i++) { + sc_pkcs11_slot_t *slot = (sc_pkcs11_slot_t *) list_get_at(&virtual_slots, i); + if (slot->reader == reader) { + /* Save the "card" object */ + if (slot->card) + card = slot->card; + slot_token_removed(slot->id); + } + } - if (rdr == NULL) - return CKR_TOKEN_NOT_PRESENT; - slot = virtual_slots + card->first_slot + i; - strcpy_bp(slot->slot_info.slotDescription, rdr->name, 64); - slot->reader = reader; + if (card) { + card->framework->unbind(card); + sc_disconnect_card(card->card); + /* FIXME: free mechanisms + * spaces allocated by the + * sc_pkcs11_register_sign_and_hash_mechanism + * and sc_pkcs11_new_fw_mechanism. + * but see sc_pkcs11_register_generic_mechanisms + for (i=0; i < card->nmechanisms; ++i) { + // if 'mech_data' is a pointer earlier returned by the ?alloc + free(card->mechanisms[i]->mech_data); + // if 'mechanisms[i]' is a pointer earlier returned by the ?alloc + free(card->mechanisms[i]); + } + */ + free(card->mechanisms); + free(card); } + + return CKR_OK; +} + + +CK_RV card_detect(sc_reader_t *reader) +{ + struct sc_pkcs11_card *p11card = NULL; + int rc, rv; + unsigned int i; + rv = CKR_OK; - /* Check if someone inserted a card */ -again: rc = sc_detect_card_presence(sc_ctx_get_reader(context, reader), 0); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "%s: Detecting smart card\n", reader->name); + /* Check if someone inserted a card */ + again:rc = sc_detect_card_presence(reader); if (rc < 0) { - sc_debug(context, "Card detection failed for reader %d: %s\n", - reader, sc_strerror(rc)); - return sc_to_cryptoki_error(rc, reader); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "%s: failed, %s\n", reader->name, sc_strerror(rc)); + return sc_to_cryptoki_error(rc, NULL); } if (rc == 0) { - sc_debug(context, "%d: Card absent\n", reader); - card_removed(reader); /* Release all resources */ + sc_debug(context, SC_LOG_DEBUG_NORMAL, "%s: card absent\n", reader->name); + card_removed(reader); /* Release all resources */ return CKR_TOKEN_NOT_PRESENT; } /* If the card was changed, disconnect the current one */ - if (rc & SC_SLOT_CARD_CHANGED) { - sc_debug(context, "%d: Card changed\n", reader); + if (rc & SC_READER_CARD_CHANGED) { + sc_debug(context, SC_LOG_DEBUG_NORMAL, "%s: Card changed\n", reader->name); /* The following should never happen - but if it * does we'll be stuck in an endless loop. - * So better be fussy. */ + * So better be fussy. if (!retry--) - return CKR_TOKEN_NOT_PRESENT; + return CKR_TOKEN_NOT_PRESENT; */ card_removed(reader); goto again; } + /* Locate a slot related to the reader */ + for (i=0; ireader == reader) { + p11card = slot->card; + break; + } + } + /* Detect the card if it's not known already */ - if (card->card == NULL) { - sc_debug(context, "%d: Connecting to smart card\n", reader); - rc = sc_connect_card(sc_ctx_get_reader(context, reader), 0, &card->card); + if (p11card == NULL) { + sc_debug(context, SC_LOG_DEBUG_NORMAL, "%s: First seen the card ", reader->name); + p11card = (struct sc_pkcs11_card *)calloc(1, sizeof(struct sc_pkcs11_card)); + if (!p11card) + return CKR_HOST_MEMORY; + p11card->reader = reader; + } + + if (p11card->card == NULL) { + sc_debug(context, SC_LOG_DEBUG_NORMAL, "%s: Connecting ... ", reader->name); + rc = sc_connect_card(reader, &p11card->card); if (rc != SC_SUCCESS) - return sc_to_cryptoki_error(rc, reader); + return sc_to_cryptoki_error(rc, NULL); } /* Detect the framework */ - if (card->framework == NULL) { - sc_debug(context, "%d: Detecting Framework\n", reader); + if (p11card->framework == NULL) { + sc_debug(context, SC_LOG_DEBUG_NORMAL, "%s: Detecting Framework\n", reader->name); for (i = 0; frameworks[i]; i++) { if (frameworks[i]->bind == NULL) continue; - rv = frameworks[i]->bind(card); + rv = frameworks[i]->bind(p11card); if (rv == CKR_OK) break; } @@ -145,117 +251,64 @@ return CKR_TOKEN_NOT_RECOGNIZED; /* Initialize framework */ - sc_debug(context, "%d: Detected framework %d. Creating tokens.\n", reader, i); - rv = frameworks[i]->create_tokens(card); + sc_debug(context, SC_LOG_DEBUG_NORMAL, "%s: Detected framework %d. Creating tokens.\n", reader->name, i); + rv = frameworks[i]->create_tokens(p11card); if (rv != CKR_OK) return rv; - card->framework = frameworks[i]; + p11card->framework = frameworks[i]; } - - sc_debug(context, "%d: Detection ended\n", reader); - return rv; -} - -CK_RV __card_detect_all(int report_events) -{ - int i; - - if (context == NULL_PTR) - return CKR_CRYPTOKI_NOT_INITIALIZED; - for (i = 0; i < (int)sc_ctx_get_reader_count(context); i++) - card_detect(i); - if (!report_events) { - CK_SLOT_ID id; - - for (id = 0; id < sc_pkcs11_conf.max_virtual_slots; id++) - virtual_slots[id].events = 0; - } - + sc_debug(context, SC_LOG_DEBUG_NORMAL, "%s: Detection ended\n", reader->name); return CKR_OK; } -CK_RV card_detect_all(void) -{ - return __card_detect_all(1); -} +CK_RV card_detect_all(void) { + unsigned int i; -CK_RV card_removed(int reader) -{ - unsigned int i; - struct sc_pkcs11_card *card; - - sc_debug(context, "%d: smart card removed\n", reader); - - for (i=0; ireader == reader) - slot_token_removed(i); - } - - /* beware - do not clean the entire sc_pkcs11_card struct; - * fields such as first_slot and max_slots are initialized - * _once_ and need to be left untouched across card removal/ - * insertion */ - card = &card_table[reader]; - if (card->framework) - card->framework->unbind(card); - card->framework = NULL; - card->fw_data = NULL; - - if (card->card) - sc_disconnect_card(card->card, 0); - card->card = NULL; - - return CKR_OK; + /* Detect cards in all initialized readers */ + for (i=0; i< sc_ctx_get_reader_count(context); i++) { + sc_reader_t *reader = sc_ctx_get_reader(context, i); + if (!reader_get_slot(reader)) + initialize_reader(reader); + card_detect(sc_ctx_get_reader(context, i)); + } + return CKR_OK; } -CK_RV slot_initialize(int id, struct sc_pkcs11_slot *slot) +/* Allocates an existing slot to a card */ +CK_RV slot_allocate(struct sc_pkcs11_slot ** slot, struct sc_pkcs11_card * card) { - memset(slot, 0, sizeof(*slot)); - slot->id = id; - slot->login_user = -1; - init_slot_info(&slot->slot_info); - pool_initialize(&slot->object_pool, POOL_TYPE_OBJECT); - - return CKR_OK; -} - -CK_RV slot_allocate(struct sc_pkcs11_slot **slot, struct sc_pkcs11_card *card) -{ - unsigned int i, first, last; - - if (card->num_slots >= card->max_slots) - return CKR_FUNCTION_FAILED; - first = card->first_slot; - last = first + card->max_slots; + unsigned int i; + struct sc_pkcs11_slot *tmp_slot = NULL; - for (i = first; i < last; i++) { - if (!virtual_slots[i].card) { - sc_debug(context, "Allocated slot %d\n", i); - virtual_slots[i].card = card; - virtual_slots[i].events = SC_EVENT_CARD_INSERTED; - *slot = &virtual_slots[i]; - card->num_slots++; - return CKR_OK; - } + /* Locate a free slot for this reader */ + for (i=0; i< list_size(&virtual_slots); i++) { + tmp_slot = (struct sc_pkcs11_slot *)list_get_at(&virtual_slots, i); + if (tmp_slot->reader == card->reader && tmp_slot->card == NULL) + break; } - return CKR_FUNCTION_FAILED; + if (!tmp_slot || (i == list_size(&virtual_slots))) + return CKR_FUNCTION_FAILED; + sc_debug(context, SC_LOG_DEBUG_NORMAL, "Allocated slot 0x%lx for card in reader %s", tmp_slot->id, + card->reader->name); + tmp_slot->card = card; + tmp_slot->events = SC_EVENT_CARD_INSERTED; + *slot = tmp_slot; + return CKR_OK; } -CK_RV slot_get_slot(int id, struct sc_pkcs11_slot **slot) +CK_RV slot_get_slot(CK_SLOT_ID id, struct sc_pkcs11_slot ** slot) { if (context == NULL) return CKR_CRYPTOKI_NOT_INITIALIZED; - if (id < 0 || id >= sc_pkcs11_conf.max_virtual_slots) + *slot = list_seek(&virtual_slots, &id); /* FIXME: check for null? */ + if (!*slot) return CKR_SLOT_ID_INVALID; - - *slot = &virtual_slots[id]; return CKR_OK; } -CK_RV slot_get_token(int id, struct sc_pkcs11_slot **slot) +CK_RV slot_get_token(CK_SLOT_ID id, struct sc_pkcs11_slot ** slot) { int rv; @@ -263,29 +316,28 @@ if (rv != CKR_OK) return rv; - if (!((*slot)->slot_info.flags & CKF_TOKEN_PRESENT)) - { + if (!((*slot)->slot_info.flags & CKF_TOKEN_PRESENT)) { + if ((*slot)->reader == NULL) + return CKR_TOKEN_NOT_PRESENT; rv = card_detect((*slot)->reader); if (rv != CKR_OK) - return CKR_TOKEN_NOT_PRESENT; + return rv; } - if (!((*slot)->slot_info.flags & CKF_TOKEN_PRESENT)) - { - sc_debug(context, "card detected, but slot not presenting token"); + if (!((*slot)->slot_info.flags & CKF_TOKEN_PRESENT)) { + sc_debug(context, SC_LOG_DEBUG_NORMAL, "card detected, but slot not presenting token"); return CKR_TOKEN_NOT_PRESENT; } return CKR_OK; } -CK_RV slot_token_removed(int id) +CK_RV slot_token_removed(CK_SLOT_ID id) { int rv, token_was_present; struct sc_pkcs11_slot *slot; struct sc_pkcs11_object *object; - CK_SLOT_INFO saved_slot_info; - int reader; + sc_debug(context, SC_LOG_DEBUG_NORMAL, "slot_token_removed(0x%lx)", id); rv = slot_get_slot(id, &slot); if (rv != CKR_OK) return rv; @@ -295,8 +347,7 @@ /* Terminate active sessions */ sc_pkcs11_close_all_sessions(id); - /* Object pool */ - while (pool_find_and_delete(&slot->object_pool, 0, (void**) &object) == CKR_OK) { + while ((object = list_fetch(&slot->objects))) { if (object->ops->release) object->ops->release(object); } @@ -304,22 +355,14 @@ /* Release framework stuff */ if (slot->card != NULL) { if (slot->fw_data != NULL && - slot->card->framework != NULL && - slot->card->framework->release_token != NULL) + slot->card->framework != NULL && slot->card->framework->release_token != NULL) slot->card->framework->release_token(slot->card, slot->fw_data); - slot->card->num_slots--; } - /* Zap everything else. Restore the slot_info afterwards (it contains the reader - * name, for instance) but clear its flags */ - saved_slot_info = slot->slot_info; - reader = slot->reader; - memset(slot, 0, sizeof(*slot)); - slot->slot_info = saved_slot_info; - slot->slot_info.flags = 0; + /* Reset relevant slot properties */ + slot->slot_info.flags &= ~CKF_TOKEN_PRESENT; slot->login_user = -1; - slot->reader = reader; - pool_initialize(&slot->object_pool, POOL_TYPE_OBJECT); + slot->card = NULL; if (token_was_present) slot->events = SC_EVENT_CARD_REMOVED; @@ -327,22 +370,28 @@ return CKR_OK; } +/* Called from C_WaitForSlotEvent */ CK_RV slot_find_changed(CK_SLOT_ID_PTR idp, int mask) { - sc_pkcs11_slot_t *slot; - CK_SLOT_ID id; + unsigned int i; + SC_FUNC_CALLED(context, SC_LOG_DEBUG_NORMAL); card_detect_all(); - for (id = 0; id < sc_pkcs11_conf.max_virtual_slots; id++) { - slot = &virtual_slots[id]; + for (i=0; iid, (slot->slot_info.flags & CKF_TOKEN_PRESENT), slot->events); if ((slot->events & SC_EVENT_CARD_INSERTED) - && !(slot->slot_info.flags & CKF_TOKEN_PRESENT)) + && !(slot->slot_info.flags & CKF_TOKEN_PRESENT)) { + /* If a token has not been initialized, clear the inserted event */ slot->events &= ~SC_EVENT_CARD_INSERTED; + } + sc_debug(context, SC_LOG_DEBUG_NORMAL, "mask: 0x%02X events: 0x%02X result: %d", mask, slot->events, (slot->events & mask)); + if (slot->events & mask) { slot->events &= ~mask; - *idp = id; - return CKR_OK; + *idp = slot->id; + SC_FUNC_RETURN(context, SC_LOG_DEBUG_VERBOSE, CKR_OK); } } - return CKR_NO_EVENT; + SC_FUNC_RETURN(context, SC_LOG_DEBUG_VERBOSE, CKR_NO_EVENT); } diff -Nru opensc-0.11.13/src/pkcs11/versioninfo.rc opensc-0.12.1/src/pkcs11/versioninfo.rc --- opensc-0.11.13/src/pkcs11/versioninfo.rc 2010-02-16 09:33:31.000000000 +0000 +++ opensc-0.12.1/src/pkcs11/versioninfo.rc 1970-01-01 00:00:00.000000000 +0000 @@ -1,37 +0,0 @@ -/* This file is processed by configure to create versioninfo.rc */ -/* Every component changes OpenSC PKCS#11 Provider to local string */ - -#include - -VS_VERSION_INFO VERSIONINFO - FILEVERSION 2,0,0,0 - PRODUCTVERSION 0,11,13,0 - FILEFLAGSMASK 0x3fL -#ifdef _DEBUG - FILEFLAGS 0x21L -#else - FILEFLAGS 0x20L -#endif - FILEOS 0x40004L - FILETYPE 0x1L - FILESUBTYPE 0x0L -BEGIN - BLOCK "StringFileInfo" - BEGIN - BLOCK "040904b0" - BEGIN - VALUE "Comments", "Provided under the terms of the GNU General Public License (LGPLv2.1+).\0" - VALUE "CompanyName", "OpenSC Project\0" - VALUE "FileDescription", "OpenSC PKCS#11 Provider\0" - VALUE "FileVersion", "2.0.0.0\0" - VALUE "InternalName", "opensc\0" - VALUE "LegalCopyright", "OpenSC Project\0" - VALUE "LegalTrademarks", "\0" - VALUE "PrivateBuild", "\0" - VALUE "ProductName", "opensc\0" - VALUE "ProductVersion", "0,11,13,0\0" - VALUE "SpecialBuild", "\0" - END - END -END - diff -Nru opensc-0.11.13/src/pkcs15init/authentic.profile opensc-0.12.1/src/pkcs15init/authentic.profile --- opensc-0.11.13/src/pkcs15init/authentic.profile 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/authentic.profile 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,123 @@ +# +# PKCS15 r/w profile for Oberthur AuthentIC v3 cards +# +cardinfo { + label = "AuthentIC.v3"; + manufacturer = "Oberthur COSMO.v7"; + + max-pin-length = 63; + min-pin-length = 4; + pin-encoding = ascii-numeric; + pin-pad-char = 0xFF; +} + +pkcs15 { + # Put certificates into the CDF itself? + direct-certificates = no; + # Put the DF length into the ODF file? + encode-df-length = no; + # Have a lastUpdate field in the EF(TokenInfo)? + do-last-update = yes; +} + +# Define reasonable limits for PINs and PUK +# Note that we do not set a file path or reference +# here; that is done dynamically. +PIN user-pin { + attempts = 5; + max-length = 63; + min-length = 4; + flags = 0x10; # initialized + reference = 1; +} +PIN so-pin { + auth-id = FF; + attempts = 5; + max-length = 4; + min-length = 4; + flags = 0xB2; + reference = 2 +} + +# Additional filesystem info. +# This is added to the file system info specified in the +# main profile. +filesystem { + DF MF { + ACL = *=CHV4; + path = 3F00; + type = DF; + + # This is the DIR file + EF DIR { + type = EF; + file-id = 2F00; + size = 128; + acl = *=NONE; + } + + DF PKCS15-AppDF { + type = DF; + aid = A0:00:00:00:77:01:00:70:0A:10:00:F1:00:00:01:00; + file-id = 5015; + + EF PKCS15-ODF { + file-id = 5031; + ACL = *=NEVER; + ACL = READ=NONE; + } + + EF PKCS15-TokenInfo { + file-id = 5032; + ACL = *=NEVER; + ACL = READ=NONE; + } + + EF PKCS15-AODF { + file-id = 7001; + ACL = *=NEVER; + ACL = READ=NONE; + } + + EF PKCS15-PrKDF { + file-id = 7002; + ACL = *=NONE; + } + + EF PKCS15-PuKDF { + file-id = 7004; + ACL = *=NONE; + } + + EF PKCS15-SKDF { + file-id = 7003; + ACL = *=NONE; + } + + EF PKCS15-CDF { + file-id = 7005; + ACL = *=NONE; + } + + EF PKCS15-DODF { + file-id = 7006; + ACL = *=NONE; + } + + BSO template-private-key { + ACL = UPDATE=CHV1, DELETE=CHV1; + ACL = PSO-DECRYPT=CHV1, INTERNAL-AUTHENTICATE=CHV1, GENERATE=CHV1, PSO-COMPUTE-SIGNATURE=NEVER; + } + + BSO template-public-key { + ACL = *=NONE; + } + + EF template-certificate { + file-id = B000; + ACL = READ=NONE, DELETE=NONE, UPDATE=CHV1, RESIZE=CHV1; + } + } + } +} + diff -Nru opensc-0.11.13/src/pkcs15init/cardos.profile opensc-0.12.1/src/pkcs15init/cardos.profile --- opensc-0.11.13/src/pkcs15init/cardos.profile 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/cardos.profile 2011-05-17 17:07:00.000000000 +0000 @@ -34,16 +34,21 @@ # Prevent unauthorized updates of basic security # objects via PUT DATA OCI. - ACL = UPDATE=NEVER; + # ACL = UPDATE=NEVER; + ACL = UPDATE=$SOPIN; # Bump the size of the EF(PrKDF) - with split # keys, we may need a little more room. EF PKCS15-PrKDF { - size = 384; + size = 1024; } EF PKCS15-PuKDF { - size = 384; + size = 768; + } + + EF PKCS15-CDF { + size = 1536; } # This template defines files for keys, certificates etc. @@ -52,11 +57,9 @@ # combined with the last octet of the object's pkcs15 id # to form a unique file ID. template key-domain { - # This is a dummy entry - pkcs15-init insists that - # this is present - EF private-key { - file-id = FFFF; + BSO private-key { } + EF public-key { file-id = 3003; structure = transparent; diff -Nru opensc-0.11.13/src/pkcs15init/cyberflex.profile opensc-0.12.1/src/pkcs15init/cyberflex.profile --- opensc-0.11.13/src/pkcs15init/cyberflex.profile 2009-12-13 09:14:27.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/cyberflex.profile 2011-05-17 17:07:00.000000000 +0000 @@ -6,12 +6,6 @@ pin-encoding = ascii-numeric; pin-pad-char = 0x00; pin-domains = yes; - - # This profile does not PIN-protect certificates - # stored on the card. If you enable this, you MUST - # adjust the sizes of the pin-domain and key-dir DFs - # accordingly. - protect-certificates = no; } # Define reasonable limits for PINs and PUK diff -Nru opensc-0.11.13/src/pkcs15init/entersafe.profile opensc-0.12.1/src/pkcs15init/entersafe.profile --- opensc-0.11.13/src/pkcs15init/entersafe.profile 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/entersafe.profile 2011-05-17 17:07:00.000000000 +0000 @@ -11,7 +11,7 @@ option default { macros { - pin-flags = initialized, needs-padding; + pin-flags = local, initialized, needs-padding; min-pin-length = 4; df_acl = *=NEVER; protected = *=$PIN,READ=NONE; @@ -30,17 +30,17 @@ option onepin { macros { - pin-flags = initialized, needs-padding; + pin-flags = local, initialized, needs-padding; df_acl = *=$PIN; protected = *=$PIN,READ=NONE; dir-size = 128; tinfo-size = 128; unusedspace-size = 128; - odf-size = 256; + odf-size = 512; aodf-size = 256; - cdf-size = 512; - prkdf-size = 256; - pukdf-size = 256; + cdf-size = 2048; + prkdf-size = 1024; + pukdf-size = 1024; dodf-size = 256; info-size = 128; } @@ -145,10 +145,8 @@ } template key-domain { - # This is a dummy entry - pkcs15-init insists that - # this is present - EF private-key { - file-id = FFFF; + BSO private-key { + # here ACLs should be defined } EF public-key { file-id = 3000; diff -Nru opensc-0.11.13/src/pkcs15init/flex.profile opensc-0.12.1/src/pkcs15init/flex.profile --- opensc-0.11.13/src/pkcs15init/flex.profile 2009-12-13 09:14:27.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/flex.profile 2011-05-17 17:07:00.000000000 +0000 @@ -6,16 +6,6 @@ pin-encoding = ascii-numeric; pin-pad-char = 0x00; pin-domains = yes; - - # This profile does not PIN-protect certificates - # stored on the card. If you enable this, you MUST - # adjust the sizes of the pin-domain and key-dir DFs - # accordingly. - # - # Update: everything seems to work fine without this - # option, so it is commented out - # - # protect-certificates = no; } # Define reasonable limits for PINs and PUK @@ -36,10 +26,12 @@ EF CHV1 { file-id = 0000; ACL = *=NEVER, UPDATE=CHV1; + size = 23; } EF CHV2 { file-id = 0100; ACL = *=NEVER, UPDATE=CHV2; + size = 23; } DF MF { @@ -55,8 +47,8 @@ # same pin, you need to increase the size of the pin-dir. DF PKCS15-AppDF { ACL = *=$SOPIN, FILES=NONE, DELETE=NONE; - size = 7500; - #size = 10000; + #size = 7500; + size = 12000; # This "pin-domain" DF is a template that is # instantiated for each PIN created on the card. @@ -71,7 +63,8 @@ file-id = 4B00; # The minimum size for a 2048 bit key is 1396 - size = 1396; + #size = 1396; + size = 2792; } } @@ -82,6 +75,10 @@ # When instantiating the template, each file id will be # combined with the last octet of the object's pkcs15 id # to form a unique file ID. + # + # VT: The ACLs of the public objects (certificate, public key, non-protected data) + # are set to 'NONE'. You can change it and protect operations of your choice + # by $SOPIN, but not by $PIN. template key-domain { # In order to support more than one key per PIN, # each key must be within its own subdirectory. @@ -104,16 +101,16 @@ ACL = *=NEVER, READ=$PIN, UPDATE=$PIN; } EF public-key { - file-id = 4400; - ACL = *=$PIN, READ=NONE; + file-id = 4800; + ACL = *=NONE; } EF certificate { file-id = 4500; - ACL = *=$PIN, READ=NONE; + ACL = *=NONE; } EF data { file-id = 4600; - ACL = *=$PIN, READ=NONE; + ACL = *=NONE; } EF privdata { file-id = 4700; diff -Nru opensc-0.11.13/src/pkcs15init/ias_adele_admin1.profile opensc-0.12.1/src/pkcs15init/ias_adele_admin1.profile --- opensc-0.11.13/src/pkcs15init/ias_adele_admin1.profile 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/ias_adele_admin1.profile 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,187 @@ +# +# PKCS15 r/w profile for Oberthur cards +# +cardinfo { + label = "IAS"; + manufacturer = "IAS Gemalto"; + + max-pin-length = 4; + min-pin-length = 4; + pin-encoding = ascii-numeric; + pin-pad-char = 0xFF; +} + +pkcs15 { + # Put certificates into the CDF itself? + direct-certificates = no; + # Put the DF length into the ODF file? + encode-df-length = no; + # Have a lastUpdate field in the EF(TokenInfo)? + do-last-update = yes; +} + +option ecc { + macros { + odf-size = 96; + aodf-size = 300; + cdf-size = 3000; + prkdf-size = 6700; + pukdf-size = 2300; + dodf-size = 3000; + skdf-size = 3000; + } +} + + +# Define reasonable limits for PINs and PUK +# Note that we do not set a file path or reference +# here; that is done dynamically. +PIN user-pin { + attempts = 5; + max-length = 4; + min-length = 4; + flags = 0x10; # initialized + reference = 1; +} +PIN so-pin { + auth-id = FF; + attempts = 5; + max-length = 4; + min-length = 4; + flags = 0xB2; + reference = 2 +} + +# Additional filesystem info. +# This is added to the file system info specified in the +# main profile. +filesystem { + DF MF { + ACL = *=CHV4; + path = 3F00; + type = DF; + + # This is the DIR file + EF DIR { + type = EF; + file-id = 2F00; + size = 128; + acl = *=NONE; + } + + # Here comes the application DF + + DF PKCS15-AppDF { + type = DF; + aid = E8:28:BD:08:0F:D2:50:00:00:04:01:01; + acl = *=NONE; + size = 5000; + + EF PKCS15-ODF { + file-id = 5031; + size = 96; + ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE; + } + + EF PKCS15-TokenInfo { + file-id = 5032; + ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE; + } + } + + DF Adele-AppDF { + type = DF; + aid = D2:50:00:00:04:41:64:E8:6C:65:01:01; + acl = *=NONE; + size = 5000; + + EF PKCS15-AODF { + file-id = 7001; + size = 300; + ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE; + } + + EF PKCS15-PrKDF { + file-id = 7002; + size = 6700; + ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE; + } + + EF PKCS15-PuKDF { + file-id = 7004; + size = 2300; + ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE; + } + + EF PKCS15-SKDF { + file-id = 7003; + size = 3000; + ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE; + } + + EF PKCS15-CDF { + file-id = 7005; + size = 3000; + ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE; + } + + EF PKCS15-DODF { + file-id = 7006; + size = 3000; + ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE; + } + + template key-domain { + # Private RSA keys + BSO private-key { + ACL = *=NEVER; + ACL = SIGN=SCBx17, AUTHENTICATE=SCBx17, DECIPHER=SCBx17, GENERATE=SCBx17, UPDATE=SCBx17, READ=NONE; + } + + # Private DES keys + BSO private-des { + size = 24; # 192 bits + # READ acl used insted of DECIPHER/ENCIPHER/CHECKSUM + } + + # Private data + EF private-data { + file-id = F000; + size = 36; + ACL = *=NONE; + ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=SCBx17; + } + + # Certificate + EF certificate { + # for the profiles 'ADELE Admin. 1 & 2' + # file-id: auth: A001; sign: A002; encr: A003; + # + file-id = B000; + ACL = *=NEVER; + ACL = UPDATE=SCBx17, READ=NONE, DELETE=NONE; + } + + #Public Key + BSO public-key { + ACL = *=NEVER; + ACL = AUTHENTICATE=SCBx17, GENERATE=SCBx17, UPDATE=SCBx17, READ=NONE; + } + + # Public DES keys + BSO public-des { + size = 24; # 192 bits + ACL = *=NONE; + } + + # Public data + EF public-data { + file-id = D000; + ACL = *=NONE; + ACL = WRITE=SCBx17, UPDATE=SCBx17, DELETE=NONE; + } + } + } + } +} + diff -Nru opensc-0.11.13/src/pkcs15init/ias_adele_admin2.profile opensc-0.12.1/src/pkcs15init/ias_adele_admin2.profile --- opensc-0.11.13/src/pkcs15init/ias_adele_admin2.profile 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/ias_adele_admin2.profile 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,183 @@ +# +# PKCS15 r/w profile for Oberthur cards +# +cardinfo { + label = "IAS"; + manufacturer = "IAS Gemalto"; + + max-pin-length = 4; + min-pin-length = 4; + pin-encoding = ascii-numeric; + pin-pad-char = 0xFF; + + # Delete or not the public key when inconporating the + # corresponding certificate. + keep-public-key = yes; # yes/no +} + +pkcs15 { + # Put certificates into the CDF itself? + direct-certificates = no; + # Put the DF length into the ODF file? + encode-df-length = no; + # Have a lastUpdate field in the EF(TokenInfo)? + do-last-update = yes; +} + +option ecc { + macros { + odf-size = 96; + aodf-size = 300; + cdf-size = 3000; + prkdf-size = 6700; + pukdf-size = 2300; + dodf-size = 3000; + skdf-size = 3000; + } +} + + +# Define reasonable limits for PINs and PUK +# Note that we do not set a file path or reference +# here; that is done dynamically. +PIN user-pin { + attempts = 5; + max-length = 4; + min-length = 4; + flags = 0x10; # initialized + reference = 1; +} +PIN so-pin { + auth-id = FF; + attempts = 5; + max-length = 4; + min-length = 4; + flags = 0xB2; + reference = 2 +} + +# Additional filesystem info. +# This is added to the file system info specified in the +# main profile. +filesystem { + DF MF { + ACL = *=CHV4; + path = 3F00; + type = DF; + + # This is the DIR file + EF DIR { + type = EF; + file-id = 2F00; + size = 128; + acl = *=NONE; + } + + # Here comes the application DF + + DF PKCS15-AppDF { + type = DF; + aid = E8:28:BD:08:0F:D2:50:00:00:04:02:01; + acl = *=NONE; + size = 5000; + + EF PKCS15-ODF { + file-id = 5031; + size = 96; + ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE; + } + + EF PKCS15-TokenInfo { + file-id = 5032; + ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE; + } + + EF PKCS15-AODF { + file-id = 7001; + size = 300; + ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE; + } + + EF PKCS15-PrKDF { + file-id = 7002; + size = 6700; + ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE; + } + + EF PKCS15-PuKDF { + file-id = 7004; + size = 2300; + ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE; + } + + EF PKCS15-SKDF { + file-id = 7003; + size = 3000; + ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE; + } + + EF PKCS15-CDF { + file-id = 7005; + size = 3000; + ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE; + } + + EF PKCS15-DODF { + file-id = 7006; + size = 3000; + ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE; + } + + template key-domain { + # Private RSA keys + BSO private-key { + ACL = *=NEVER; + ACL = SIGN=SCBx17, AUTHENTICATE=SCBx17, DECIPHER=SCBx17, GENERATE=SCBx17, UPDATE=SCBx17, READ=NONE; + } + + # Private DES keys + BSO private-des { + size = 24; # 192 bits + # READ acl used insted of DECIPHER/ENCIPHER/CHECKSUM + } + + # Private data + EF private-data { + file-id = F000; + size = 36; + ACL = *=NONE; + ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=SCBx17; + } + + # Certificate + EF certificate { + # for the profiles 'ADELE Admin. 1 & 2' + # file-id: auth: A001; sign: A002; encr: A003; + file-id = B000; + ACL = *=NEVER; + ACL = UPDATE=SCBx17, READ=NONE, DELETE=NONE; + } + + #Public Key + BSO public-key { + ACL = *=NEVER; + ACL = AUTHENTICATE=SCBx17, GENERATE=SCBx17, UPDATE=SCBx17, READ=NONE; + } + + # Public DES keys + BSO public-des { + size = 24; # 192 bits + ACL = *=NONE; + } + + # Public data + EF public-data { + file-id = D000; + ACL = *=NONE; + ACL = WRITE=SCBx17, UPDATE=SCBx17, DELETE=NONE; + } + } + } + } +} + diff -Nru opensc-0.11.13/src/pkcs15init/ias_adele_common.profile opensc-0.12.1/src/pkcs15init/ias_adele_common.profile --- opensc-0.11.13/src/pkcs15init/ias_adele_common.profile 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/ias_adele_common.profile 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,179 @@ +# +# PKCS15 r/w profile for Oberthur cards +# +cardinfo { + label = "IAS"; + manufacturer = "IAS Gemalto"; + + max-pin-length = 4; + min-pin-length = 4; + pin-encoding = ascii-numeric; + pin-pad-char = 0xFF; +} + +pkcs15 { + # Put certificates into the CDF itself? + direct-certificates = no; + # Put the DF length into the ODF file? + encode-df-length = no; + # Have a lastUpdate field in the EF(TokenInfo)? + do-last-update = yes; +} + +option ecc { + macros { + odf-size = 96; + aodf-size = 300; + cdf-size = 3000; + prkdf-size = 6700; + pukdf-size = 2300; + dodf-size = 3000; + skdf-size = 3000; + } +} + + +# Define reasonable limits for PINs and PUK +# Note that we do not set a file path or reference +# here; that is done dynamically. +PIN user-pin { + attempts = 5; + max-length = 4; + min-length = 4; + flags = 0x10; # initialized + reference = 1; +} +PIN so-pin { + auth-id = FF; + attempts = 5; + max-length = 4; + min-length = 4; + flags = 0xB2; + reference = 2 +} + +# Additional filesystem info. +# This is added to the file system info specified in the +# main profile. +filesystem { + DF MF { + ACL = *=CHV4; + path = 3F00; + type = DF; + + # This is the DIR file + EF DIR { + type = EF; + file-id = 2F00; + size = 128; + acl = *=NONE; + } + + # Here comes the application DF + DF PKCS15-AppDF { + type = DF; + exclusive-aid = E8:28:BD:08:0F:D2:50:00:00:04:03:01; + acl = *=NONE; + size = 5000; + + EF PKCS15-ODF { + file-id = 5031; + size = 96; + ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE; + } + + EF PKCS15-TokenInfo { + file-id = 5032; + ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE; + } + + EF PKCS15-AODF { + file-id = 7001; + size = 300; + ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE; + } + + EF PKCS15-PrKDF { + file-id = 7002; + size = 6700; + ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE; + } + + EF PKCS15-PuKDF { + file-id = 7004; + size = 2300; + ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE; + } + + EF PKCS15-SKDF { + file-id = 7003; + size = 3000; + ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE; + } + + EF PKCS15-CDF { + file-id = 7005; + size = 3000; + ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE; + } + + EF PKCS15-DODF { + file-id = 7006; + size = 3000; + ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=NONE; + } + + template key-domain { + # Private RSA keys + BSO private-key { + ACL = *=NEVER; + ACL = UPDATE=SCBx17, READ=NONE; + ACL = PSO-COMPUTE-SIGNATURE=SCBx17, INTERNAL-AUTHENTICATE=SCBx17, PSO-DECRYPT=SCBx17, GENERATE=SCBx17; + } + + # Private DES keys + BSO private-des { + size = 24; # 192 bits + # READ acl used insted of DECIPHER/ENCIPHER/CHECKSUM + } + + # Private data + EF private-data { + file-id = F000; + size = 36; + ACL = *=NONE; + ACL = WRITE=SCBx17, UPDATE=SCBx17, READ=SCBx17; + } + + # Certificate + EF certificate { + # for the profiles 'ADELE Admin. 1 & 2' + # file-id: auth: A001; sign: A002; encr: A003; + file-id = B000; + ACL = *=NEVER; + ACL = UPDATE=SCBx17, READ=NONE, DELETE=NONE; + } + + #Public Key + BSO public-key { + ACL = *=NEVER; + ACL = INTERNAL-AUTHENTICATE=SCBx17, GENERATE=SCBx17, UPDATE=SCBx17, READ=NONE; + } + + # Public DES keys + BSO public-des { + size = 24; # 192 bits + ACL = *=NONE; + } + + # Public data + EF public-data { + file-id = D000; + ACL = *=NONE; + ACL = WRITE=SCBx17, UPDATE=SCBx17, DELETE=NONE; + } + } + } + } +} + diff -Nru opensc-0.11.13/src/pkcs15init/iasecc_admin_eid.profile opensc-0.12.1/src/pkcs15init/iasecc_admin_eid.profile --- opensc-0.11.13/src/pkcs15init/iasecc_admin_eid.profile 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/iasecc_admin_eid.profile 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,182 @@ +# +# PKCS15 r/w profile for Oberthur cards +# +cardinfo { + label = "ECC v1.0.1"; + manufacturer = "Gemalto"; + + max-pin-length = 4; + min-pin-length = 4; + pin-encoding = ascii-numeric; + pin-pad-char = 0xFF; +} + +pkcs15 { + # Put certificates into the CDF itself? + direct-certificates = no; + # Put the DF length into the ODF file? + encode-df-length = no; + # Have a lastUpdate field in the EF(TokenInfo)? + do-last-update = yes; +} + +option ecc { + macros { + odf-size = 96; + aodf-size = 300; + cdf-size = 3000; + prkdf-size = 6700; + pukdf-size = 2300; + dodf-size = 3000; + skdf-size = 3000; + } +} + + +# Define reasonable limits for PINs and PUK +# Note that we do not set a file path or reference +# here; that is done dynamically. +PIN user-pin { + attempts = 5; + max-length = 4; + min-length = 4; + flags = 0x10; # initialized + reference = 1; +} +PIN so-pin { + auth-id = FF; + attempts = 5; + max-length = 4; + min-length = 4; + flags = 0xB2; + reference = 2 +} + +# CHV5 used for Oberthur's specifique access condition "PIN or SOPIN" +# Any value for this pin can given, when the OpenSC tools are asking for. + +# Additional filesystem info. +# This is added to the file system info specified in the +# main profile. +filesystem { + DF MF { + ACL = *=CHV4; + path = 3F00; + type = DF; + + # This is the DIR file + EF DIR { + type = EF; + file-id = 2F00; + size = 128; + acl = *=NONE; + } + + # Here comes the application DF + + DF PKCS15-AppDF { + type = DF; + aid = E8:28:BD:08:0F:D2:50:45:43:43:2D:65:49:44; + acl = *=NONE; + size = 5000; + + EF PKCS15-ODF { + file-id = 5031; + size = 60; + ACL = WRITE=SCBx44, UPDATE=SCBx44, READ=NONE; + } + + EF PKCS15-TokenInfo { + file-id = 5032; + size = 400; + ACL = WRITE=SCBx44, UPDATE=SCBx44, READ=NONE; + } + + EF PKCS15-AODF { + file-id = 7001; + size = 225; + ACL = WRITE=SCBx44, UPDATE=SCBx44, READ=NONE; + } + + EF PKCS15-PrKDF { + file-id = 7002; + size = 450; + ACL = WRITE=SCBx44, UPDATE=SCBx44, READ=NONE; + } + + EF PKCS15-PuKDF { + file-id = 7004; + size = 450; + ACL = WRITE=SCBx44, UPDATE=SCBx44, READ=NONE; + } + + EF PKCS15-SKDF { + file-id = 7003; + size = 450; + ACL = WRITE=SCBx44, UPDATE=SCBx44, READ=NONE; + } + + EF PKCS15-CDF { + file-id = 7005; + size = 300; + ACL = WRITE=SCBx44, UPDATE=SCBx44, READ=NONE; + } + + EF PKCS15-DODF { + file-id = 7006; + size = 650; + ACL = WRITE=SCBx44, UPDATE=SCBx44, READ=NONE; + } + + template key-domain { + + # Private RSA keys + BSO private-key { + ACL = *=NEVER; + ACL = SIGN=SCBx13, AUTHENTICATE=SCBx13, DECIPHER=SCBx13, GENERATE=SCBx44, UPDATE=SCBx44, READ=NONE; + } + + # Private DES keys + BSO private-des { + size = 24; # 192 bits + # READ acl used insted of DECIPHER/ENCIPHER/CHECKSUM + } + + # Private data + EF private-data { + file-id = E000; + size = 36; + ACL = *=NONE; + ACL = WRITE=SCBx13, UPDATE=SCBx13, READ=SCBx13; + } + + # Certificate + EF certificate { + file-id = B000; + ACL = *=NEVER; + ACL = UPDATE=SCBx44, READ=NONE, DELETE=NONE; + } + + #Public Key + BSO public-key { + ACL = *=NEVER; + ACL = AUTHENTICATE=SCBx13, GENERATE=SCBx44, UPDATE=SCBx44, READ=NONE; + } + + # Public DES keys + BSO public-des { + size = 24; # 192 bits + ACL = *=NONE; + } + + # Public data + EF public-data { + file-id = D000; + ACL = *=NONE; + ACL = WRITE=IDAxC1, UPDATE=IDAxC1, DELETE=NONE; + } + } + } + } +} + diff -Nru opensc-0.11.13/src/pkcs15init/iasecc_generic_oberthur.profile opensc-0.12.1/src/pkcs15init/iasecc_generic_oberthur.profile --- opensc-0.11.13/src/pkcs15init/iasecc_generic_oberthur.profile 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/iasecc_generic_oberthur.profile 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,176 @@ +# +# PKCS15 r/w profile for Oberthur cards +# +cardinfo { + label = "IAS/ECC v1.0.1"; + manufacturer = "OpenSC/Oberthur"; + + max-pin-length = 4; + min-pin-length = 4; + pin-encoding = ascii-numeric; + pin-pad-char = 0xFF; +} + +pkcs15 { + # Put certificates into the CDF itself? + direct-certificates = no; + # Put the DF length into the ODF file? + encode-df-length = no; + # Have a lastUpdate field in the EF(TokenInfo)? + do-last-update = yes; +} + +option ecc { + macros { + odf-size = 96; + aodf-size = 300; + cdf-size = 3000; + prkdf-size = 6700; + pukdf-size = 2300; + dodf-size = 3000; + skdf-size = 3000; + } +} + + +# Define reasonable limits for PINs and PUK +# Note that we do not set a file path or reference +# here; that is done dynamically. +PIN user-pin { + attempts = 5; + max-length = 4; + min-length = 4; + flags = 0x10; # initialized + reference = 0xC1; +} +PIN so-pin { + auth-id = FF; + attempts = 5; + max-length = 4; + min-length = 4; + flags = 0xB2; + reference = 2 +} + +# Additional filesystem info. +# This is added to the file system info specified in the +# main profile. +filesystem { + DF MF { + ACL = *=CHV4; + path = 3F00; + type = DF; + + # This is the DIR file + EF DIR { + type = EF; + file-id = 2F00; + size = 128; + ACL = *=NONE; + } + + # Here comes the application DF + DF PKCS15-AppDF { + type = DF; + exclusive-aid = E8:28:BD:08:0F:F2:50:4F:54:20:41:57:50; + ACL = *=NONE; + ACL = CREATE=SCB0x12; + size = 5000; + + EF PKCS15-ODF { + file-id = 5031; + ACL = *=NEVER; + ACL = READ=NONE; + } + + EF PKCS15-TokenInfo { + file-id = 5032; + ACL = *=NEVER; + ACL = READ=NONE; + } + + EF PKCS15-AODF { + file-id = 7001; + ACL = *=NEVER; + ACL = READ=NONE; + } + + EF PKCS15-PrKDF { + file-id = 7002; + ACL = *=NEVER; + ACL = WRITE=SCB0x12, UPDATE=SCB0x12, READ=NONE; + } + + EF PKCS15-PuKDF { + file-id = 7004; + ACL = *=NEVER; + ACL = WRITE=SCB0x12, UPDATE=SCB0x12, READ=NONE; + } + + EF PKCS15-SKDF { + file-id = 7003; + ACL = *=NEVER; + ACL = WRITE=SCB0x12, UPDATE=SCB0x12, READ=NONE; + } + + EF PKCS15-CDF { + file-id = 7005; + ACL = WRITE=SCB0x12, UPDATE=SCB0x12, READ=NONE; + } + + EF PKCS15-DODF { + file-id = 7006; + ACL = *=NEVER; + ACL = WRITE=SCB0x12, UPDATE=SCB0x12, READ=NONE; + } + + template key-domain { + # Private RSA keys + BSO private-key { + ACL = *=NEVER; + ACL = UPDATE=SCB0x12, READ=NONE; + ACL = PSO-COMPUTE-SIGNATURE=SCB0x12, INTERNAL-AUTHENTICATE=SCB0x12, PSO-DECRYPT=SCB0x12, GENERATE=SCB0x12; + + } + + # Private DES keys + BSO private-des { + size = 24; # 192 bits + # READ acl used insted of DECIPHER/ENCIPHER/CHECKSUM + } + + # Private data + EF private-data { + file-id = E000; + ACL = *=NEVER; + ACL = WRITE=SCB0x12, UPDATE=SCB0x12, READ=SCB0x12; + } + # Certificate + EF certificate { + file-id = 3401; + ACL = *=NEVER; + ACL = UPDATE=SCB0x12, READ=NONE, DELETE=NONE; + } + + #Public Key + BSO public-key { + ACL = *=NEVER; + ACL = INTERNAL-AUTHENTICATE=SCB0x12, GENERATE=SCB0x12, UPDATE=SCB0x12, READ=NONE; + } + + # Public DES keys + BSO public-des { + size = 24; # 192 bits + ACL = *=NONE; + } + + # Public data + EF public-data { + file-id = F000; + ACL = *=NONE; + } + } + } + } +} + diff -Nru opensc-0.11.13/src/pkcs15init/iasecc_generic_pki.profile opensc-0.12.1/src/pkcs15init/iasecc_generic_pki.profile --- opensc-0.11.13/src/pkcs15init/iasecc_generic_pki.profile 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/iasecc_generic_pki.profile 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,179 @@ +# +# PKCS15 r/w profile +# +cardinfo { + label = "IAS/ECC Generic PKI application"; + manufacturer = "IAS/ECC OpenSC"; + + max-pin-length = 4; + min-pin-length = 4; + pin-encoding = ascii-numeric; + pin-pad-char = 0xFF; +} + +pkcs15 { + # Put certificates into the CDF itself? + direct-certificates = no; + # Put the DF length into the ODF file? + encode-df-length = no; + # Have a lastUpdate field in the EF(TokenInfo)? + do-last-update = yes; +} + +option ecc { + macros { + odf-size = 96; + aodf-size = 300; + cdf-size = 3000; + prkdf-size = 6700; + pukdf-size = 2300; + dodf-size = 3000; + skdf-size = 3000; + } +} + + +# Define reasonable limits for PINs and PUK +# Note that we do not set a file path or reference +# here; that is done dynamically. +PIN user-pin { + attempts = 5; + max-length = 4; + min-length = 4; + flags = 0x10; # initialized + reference = 0xC1; +} +PIN so-pin { + auth-id = FF; + attempts = 5; + max-length = 4; + min-length = 4; + flags = 0xB2; + reference = 2 +} + +# CHV5 used for Oberthur's specifique access condition "PIN or SOPIN" +# Any value for this pin can given, when the OpenSC tools are asking for. + +# Additional filesystem info. +# This is added to the file system info specified in the +# main profile. +filesystem { + DF MF { + ACL = *=CHV4; + path = 3F00; + type = DF; + + # This is the DIR file + EF DIR { + type = EF; + file-id = 2F00; + size = 128; + acl = *=NONE; + } + + # Here comes the application DF + DF PKCS15-AppDF { + type = DF; + exclusive-aid = E8:28:BD:08:0F:D2:50:47:65:6E:65:72:69:63; + acl = *=NONE; + size = 5000; + + EF PKCS15-ODF { + file-id = 5031; + size = 96; + ACL = WRITE=SCBx13, UPDATE=SCBx13, READ=NONE; + } + + EF PKCS15-TokenInfo { + file-id = 5032; + ACL = WRITE=SCBx13, UPDATE=SCBx13, READ=NONE; + } + + EF PKCS15-AODF { + file-id = 7001; + size = 300; + ACL = WRITE=SCBx13, UPDATE=SCBx13, READ=NONE; + } + + EF PKCS15-PrKDF { + file-id = 7002; + size = 6700; + ACL = WRITE=SCBx13, UPDATE=SCBx13, READ=NONE; + } + + EF PKCS15-PuKDF { + file-id = 7004; + size = 2300; + ACL = WRITE=SCBx13, UPDATE=SCBx13, READ=NONE; + } + + EF PKCS15-SKDF { + file-id = 7003; + size = 3000; + ACL = WRITE=SCBx13, UPDATE=SCBx13, READ=NONE; + } + + EF PKCS15-CDF { + file-id = 7005; + size = 3000; + ACL = WRITE=SCBx13, UPDATE=SCBx13, READ=NONE; + } + + EF PKCS15-DODF { + file-id = 7006; + size = 3000; + ACL = WRITE=SCBx13, UPDATE=SCBx13, READ=NONE; + } + + template key-domain { + # Private RSA keys + BSO private-key { + ACL = *=NEVER; + ACL = UPDATE=SCBx13, READ=NONE; + ACL = PSO-DECRYPT=SCBx13, INTERNAL-AUTHENTICATE=SCBx13, GENERATE=SCBx13; + } + + # Private DES keys + BSO private-des { + size = 24; # 192 bits + # READ acl used insted of DECIPHER/ENCIPHER/CHECKSUM + } + + # Private data + EF private-data { + file-id = E000; + size = 36; + ACL = *=NONE; + ACL = WRITE=SCBx13, UPDATE=SCBx13, READ=SCBx13; + } + # Certificate + EF certificate { + file-id = B000; + ACL = *=NEVER; + ACL = UPDATE=SCBx13, READ=NONE, DELETE=NONE; + } + + #Public Key + BSO public-key { + ACL = *=NEVER; + ACL = INTERNAL-AUTHENTICATE=SCBx13, GENERATE=SCBx13, UPDATE=SCBx13, READ=NONE; + } + + # Public DES keys + BSO public-des { + size = 24; # 192 bits + ACL = *=NONE; + } + + # Public data + EF public-data { + file-id = F000; + ACL = *=NONE; + ACL = WRITE=SCBx13, UPDATE=SCBx13, DELETE=NONE; + } + } + } + } +} + diff -Nru opensc-0.11.13/src/pkcs15init/iasecc.profile opensc-0.12.1/src/pkcs15init/iasecc.profile --- opensc-0.11.13/src/pkcs15init/iasecc.profile 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/iasecc.profile 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,115 @@ +# +# PKCS15 r/w profile for Oberthur cards +# +cardinfo { + label = "IAS"; + manufacturer = "IAS Gemalto"; + + max-pin-length = 4; + min-pin-length = 4; + pin-encoding = ascii-numeric; + pin-pad-char = 0xFF; +} + +pkcs15 { + # Put certificates into the CDF itself? + direct-certificates = no; + # Put the DF length into the ODF file? + encode-df-length = no; + # Have a lastUpdate field in the EF(TokenInfo)? + do-last-update = yes; +} + +option ecc { + macros { + odf-size = 96; + aodf-size = 300; + cdf-size = 3000; + prkdf-size = 6700; + pukdf-size = 2300; + dodf-size = 3000; + skdf-size = 3000; + } +} + + +# Define reasonable limits for PINs and PUK +# Note that we do not set a file path or reference +# here; that is done dynamically. +PIN user-pin { + attempts = 5; + max-length = 4; + min-length = 4; + flags = 0x10; # initialized + reference = 1; +} +PIN so-pin { + auth-id = FF; + attempts = 5; + max-length = 4; + min-length = 4; + flags = 0xB2; + reference = 2 +} + +# CHV5 used for Oberthur's specifique access condition "PIN or SOPIN" +# Any value for this pin can given, when the OpenSC tools are asking for. + +# Additional filesystem info. +# This is added to the file system info specified in the +# main profile. +filesystem { + DF MF { + ACL = *=CHV4; + path = 3F00; + type = DF; + + # This is the DIR file + EF DIR { + type = EF; + file-id = 2F00; + size = 128; + acl = *=NONE; + } + + # Here comes the application DF + DF CIA-Adele-AppDF { + type = DF; + exclusive-aid = E8:28:BD:08:0F:D2:50:00:00:04:01:01; + profile-extension = "ias_adele_admin1"; + } + + DF AdeleAdmin2-AppDF { + type = DF; + exclusive-aid = E8:28:BD:08:0F:D2:50:00:00:04:02:01; + profile-extension = "ias_adele_admin2"; + } + + DF AdeleCommon-AppDF { + type = DF; + exclusive-aid = E8:28:BD:08:0F:D2:50:00:00:04:03:01; + profile-extension = "ias_adele_common"; + } + + DF ECCeID-AppDF { + type = DF; + exclusive-aid = E8:28:BD:08:0F:D2:50:45:43:43:2D:65:49:44; + profile-extension = "iasecc_admin_eid"; + } + + DF ECCGeneric-AppDF { + type = DF; + exclusive-aid = E8:28:BD:08:0F:D2:50:47:65:6E:65:72:69:63; + profile-extension = "iasecc_generic_pki"; + } + + DF ECCGenericOberthur-AppDF { + type = DF; + exclusive-aid = E8:28:BD:08:0F:F2:50:4F:54:20:41:57:50; + profile-extension = "iasecc_generic_oberthur"; + ACL = *=NONE; + ACL = CREATE=SCB0x12; + } + } +} + diff -Nru opensc-0.11.13/src/pkcs15init/incrypto34.profile opensc-0.12.1/src/pkcs15init/incrypto34.profile --- opensc-0.11.13/src/pkcs15init/incrypto34.profile 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/incrypto34.profile 2011-05-17 17:07:00.000000000 +0000 @@ -47,10 +47,8 @@ # combined with the last octet of the object's pkcs15 id # to form a unique file ID. template key-domain { - # This is a dummy entry - pkcs15-init insists that - # this is present - EF private-key { - file-id = FFFF; + BSO private-key { + # here ACLs should be defined } EF public-key { file-id = 3003; diff -Nru opensc-0.11.13/src/pkcs15init/keycache.c opensc-0.12.1/src/pkcs15init/keycache.c --- opensc-0.11.13/src/pkcs15init/keycache.c 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/keycache.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,396 +0,0 @@ -/* - * Cache authentication info - * - * Copyright (C) 2003, Olaf Kirch - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -#ifdef HAVE_CONFIG_H -#include -#endif -#include -#include -#include -#include -#ifdef HAVE_STRINGS_H -#include -#endif -#include -#include -#include -#include "profile.h" -#include "pkcs15-init.h" - -#undef KEYCACHE_DEBUG -#define MAX_SECRET 32 /* sufficient for 128bit symmetric keys */ - -struct secret { - struct secret * next; - sc_path_t path; - int type, ref, named_pin; - size_t len; - unsigned char value[MAX_SECRET]; -}; - -static struct secret * secret_cache = NULL; -static struct secret * named_pin[SC_PKCS15INIT_NPINS]; - -#ifdef KEYCACHE_DEBUG -static void sc_keycache_dump(void); -#endif - -/* - * Check if a keycache entry matches the given type, reference - * and path. - */ -static int -__match_entry(struct secret *s, int type, int ref, const sc_path_t *path, - int match_prefix) -{ - if ((type != -1 && s->type != type) - || (ref != -1 && s->ref != ref)) - return 0; - - /* Compare the two paths */ - if (match_prefix) { - /* Prefix match - the path argument given by - * the caller should be a prefix of the keycache - * entry. - */ - /* If the path is a wildcard, it's a match */ - if (path == NULL) - return 1; - if (s->path.len > path->len) - return 0; - } else { - /* Exact match - path names must patch exactly. - * A NULL path argument is an empty path */ - if (path == 0) - return (s->path.len == 0); - if (s->path.len != path->len) - return 0; - } - if (memcmp(s->path.value, path->value, s->path.len)) - return 0; - - return 1; -} - -/* - * Find the secret, given a path name, type and reference. - * If none found, search for it in parent directories. - */ -static struct secret * -find_entry(const sc_path_t *path, int type, int ref, int match_prefix) -{ - struct secret *s; - - if (type == SC_AC_SYMBOLIC) { - if (0 <= ref && ref < SC_PKCS15INIT_NPINS - && (s = named_pin[ref]) != NULL - && __match_entry(s, SC_AC_CHV, -1, path, match_prefix)) - return s; - return NULL; - } - - for (s = secret_cache; s; s = s->next) { - if (__match_entry(s, type, ref, path, match_prefix)) - break; - } - - return s; -} - -/* - * Find a key with matching type/reference. If a path is - * given, find the entry with the longest matching prefix. - */ -static struct secret * -search_key(const sc_path_t *path, int type, int ref) -{ - struct secret *best = NULL, *s; - - if (type == SC_AC_SYMBOLIC) { - if (0 <= ref && ref < SC_PKCS15INIT_NPINS - && (s = named_pin[ref]) != NULL - && __match_entry(s, type, -1, path, 1)) - return s; - return NULL; - } - - for (s = secret_cache; s; s = s->next) { - if (s->len != 0 - && __match_entry(s, type, ref, path, 1)) { - /* Ignore if path shorter than the longest - * matched prefix. - */ - if (path == NULL || best == NULL - || best->path.len < path->len) - best = s; - } - } - - return best; -} - -/* - * Store a secret in the cache - */ -static struct secret * -new_entry(const sc_path_t *path, int type, int ref) -{ - struct secret *s; - - s = (struct secret *) calloc(1, sizeof(*s)); - if (s == NULL) - return NULL; - s->next = secret_cache; - secret_cache = s; - if (path) - s->path = *path; - if (type == SC_AC_SYMBOLIC) { - s->type = SC_AC_CHV; - s->ref = -1; - s->named_pin = ref; - } else { - s->type = type; - s->ref = ref; - s->named_pin = -1; - } - return s; -} - -/* - * Cache the given key - */ -int -sc_keycache_put_key(const sc_path_t *path, int type, int ref, - const unsigned char *secret, size_t len) -{ - struct secret *s; - - if (len > MAX_SECRET) - return SC_ERROR_BUFFER_TOO_SMALL; - - if (!(s = find_entry(path, type, ref, 0))) { - s = new_entry(path, type, ref); - if (s == NULL) - return SC_ERROR_OUT_OF_MEMORY; - if (type == SC_AC_SYMBOLIC) - named_pin[ref] = s; - } - - memset(s->value, 0, sizeof(s->value)); - memcpy(s->value, secret, len); - s->len = len; - -#ifdef KEYCACHE_DEBUG - sc_keycache_dump(); -#endif - return 0; -} - -int -sc_keycache_put_pin(const sc_path_t *path, int ref, const u8 *pin) -{ - return sc_keycache_put_key(path, SC_AC_CHV, ref, pin, - pin? strlen((const char *) pin) : 0); -} - -/* - * Get a key/pin from the cache - */ -int -sc_keycache_get_key(const sc_path_t *path, int type, int ref, - unsigned char *key, size_t size) -{ - struct secret *s; - - if (!(s = search_key(path, type, ref))) - return SC_ERROR_OBJECT_NOT_FOUND; - - if (s->len > size) - return SC_ERROR_BUFFER_TOO_SMALL; - memcpy(key, s->value, s->len); - return s->len; -} - -const u8 * -sc_keycache_get_pin(const sc_path_t *path, int ref) -{ - struct secret *s; - - if (!(s = search_key(path, SC_AC_CHV, ref))) - return NULL; - - return s->len? s->value : NULL; -} - -/* - * Define a symbolic name for a PIN. This is used to define - * what $PIN and $SOPIN mean in a given context. - */ -int -sc_keycache_set_pin_name(const sc_path_t *path, int ref, int name) -{ - struct secret *s, *old; - - if (name < 0 || name >= SC_PKCS15INIT_NPINS) - return SC_ERROR_INVALID_ARGUMENTS; - - /* If we had previously marked a PIN with this name, - * unlink it */ - if ((old = named_pin[name]) != NULL) { - named_pin[name] = NULL; - old->named_pin = -1; - } - - if (ref >= 0) { - /* Create the named PIN if it doesn't exist */ - if (!(s = find_entry(path, SC_AC_CHV, ref, 0))) { - s = new_entry(path, SC_AC_CHV, ref); - if (s == NULL) - return SC_ERROR_OUT_OF_MEMORY; - } - - /* Set the pin name */ - s->named_pin = name; - - /* If the old SOPIN was just the name entry, - * copy over the name to the new entry */ - if (old && old->ref == -1 && s->len == 0) { - memcpy(s->value, old->value, old->len); - s->len = old->len; - } - - named_pin[name] = s; - } - -#ifdef KEYCACHE_DEBUG - sc_keycache_dump(); -#endif - return 0; -} - -/* - * Get the symbolic name of a PIN, if any - */ -int -sc_keycache_get_pin_name(const sc_path_t *path, int ref) -{ - struct secret *s; - -#ifdef KEYCACHE_DEBUG - printf("sc_keycache_get_pin_name(%s, %d)\n", - path? sc_print_path(path) : "any", ref); -#endif - - if (!(s = find_entry(path, SC_AC_CHV, ref, 1))) - return -1; - return s->named_pin; -} - -/* - * Get path and reference of symbolic PIN - */ -int -sc_keycache_find_named_pin(const sc_path_t *path, int name) -{ - struct secret *s; - - if (name < 0 || name >= SC_PKCS15INIT_NPINS - || (s = named_pin[name]) == NULL - || !__match_entry(s, SC_AC_CHV, -1, path, 1)) - return -1; - - return s->ref; -} - -/* - * Zap one or more keys from the cache - */ -void -sc_keycache_forget_key(const sc_path_t *path, int type, int ref) -{ - struct secret *s, **prev; - - prev = &secret_cache; - while ((s = *prev) != NULL) { - if (__match_entry(s, type, ref, path, 1)) { - *prev = s->next; - if (s->named_pin >= 0 && s->named_pin < SC_PKCS15INIT_NPINS) - named_pin[s->named_pin] = NULL; - sc_mem_clear(s, sizeof(*s)); - free(s); - } else { - prev = &s->next; - } - } -#ifdef KEYCACHE_DEBUG - sc_keycache_dump(); -#endif -} - -/* - * Dump the keycache - */ -#ifdef KEYCACHE_DEBUG -void -sc_keycache_dump(void) -{ - struct secret *s; - int j; - - printf("== Keycache ==\n"); - for (s = secret_cache; s; s = s->next) { - char buf[32]; - - switch (s->type) { - case SC_AC_CHV: printf("CHV"); break; - case SC_AC_AUT: printf("AUT"); break; - case SC_AC_PRO: printf("PRO"); break; - default: printf("%d/", s->type); - } - printf("%d %-16s\t", s->ref, sc_print_path(&s->path)); - sc_bin_to_hex(s->value, s->len, buf, sizeof(buf), ':'); - printf("key=%s", buf); - - switch (s->named_pin) { - case SC_PKCS15INIT_SO_PIN: - printf(", SO PIN"); break; - case SC_PKCS15INIT_SO_PUK: - printf(", SO PUK"); break; - case SC_PKCS15INIT_USER_PIN: - printf(", USER PIN"); break; - case SC_PKCS15INIT_USER_PUK: - printf(", USER PUK"); break; - } - - if (s->named_pin >= 0 - && named_pin[s->named_pin] != s) - printf(" [PTR MISMATCH!]"); - printf("\n"); - } - - for (j = 0; j < SC_PKCS15INIT_NPINS; j++) { - if ((s = named_pin[j]) == NULL) - continue; - if (s->named_pin != j) - printf(" named_pin[%d] MISMATCH: name=%d\n", - j, s->named_pin); - } -} -#endif diff -Nru opensc-0.11.13/src/pkcs15init/keycache.h opensc-0.12.1/src/pkcs15init/keycache.h --- opensc-0.11.13/src/pkcs15init/keycache.h 2005-12-29 12:36:29.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/keycache.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,44 +0,0 @@ -/* - * Cache authentication info - * - * Copyright (C) 2003, Olaf Kirch - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -#ifndef _PKCS15INIT_KEYCACHE_H -#define _PKCS15INIT_KEYCACHE_H - -#ifdef __cplusplus -extern "C" { -#endif - -#include - -extern int sc_keycache_put_key(const sc_path_t *, int, int, - const unsigned char *, size_t); -extern int sc_keycache_put_pin(const sc_path_t *, int, const u8 *); -extern int sc_keycache_set_pin_name(const sc_path_t *, int, int); -extern int sc_keycache_get_pin_name(const sc_path_t *, int); -extern int sc_keycache_find_named_pin(const sc_path_t *, int); -extern int sc_keycache_get_key(const sc_path_t *, int, int, unsigned char *, size_t); -extern const u8 *sc_keycache_get_pin(const sc_path_t *, int); -extern void sc_keycache_forget_key(const sc_path_t *, int, int); - -#ifdef __cplusplus -} -#endif - -#endif /* _PKCS15INIT_KEYCACHE_H */ diff -Nru opensc-0.11.13/src/pkcs15init/Makefile.am opensc-0.12.1/src/pkcs15init/Makefile.am --- opensc-0.11.13/src/pkcs15init/Makefile.am 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/Makefile.am 2011-05-17 17:07:00.000000000 +0000 @@ -1,13 +1,10 @@ include $(top_srcdir)/win32/ltrc.inc -MAINTAINERCLEANFILES = \ - $(srcdir)/Makefile.in $(srcdir)/versioninfo.rc -CLEANFILES = versioninfo.rc +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in EXTRA_DIST = Makefile.mak -lib_LTLIBRARIES = libpkcs15init.la -openscinclude_HEADERS = pkcs15-init.h -noinst_HEADERS = profile.h keycache.h +noinst_LTLIBRARIES = libpkcs15init.la +noinst_HEADERS = profile.h pkcs15-init.h pkcs15-oberthur.h dist_pkgdata_DATA = \ cyberflex.profile \ flex.profile \ @@ -26,42 +23,23 @@ entersafe.profile \ rutoken_ecp.profile \ westcos.profile \ - myeid.profile + myeid.profile \ + authentic.profile \ + iasecc.profile \ + ias_adele_admin1.profile ias_adele_admin2.profile ias_adele_common.profile \ + iasecc_generic_pki.profile iasecc_admin_eid.profile iasecc_generic_oberthur.profile AM_CPPFLAGS = -DSC_PKCS15_PROFILE_DIRECTORY=\"$(pkgdatadir)\" -AM_CFLAGS = $(OPTIONAL_OPENSSL_CFLAGS) $(LTLIB_CFLAGS) -INCLUDES = -I$(top_srcdir)/src/common -I$(top_builddir)/src/include +AM_CFLAGS = $(OPTIONAL_OPENSSL_CFLAGS) +INCLUDES = -I$(top_srcdir)/src libpkcs15init_la_SOURCES = \ - pkcs15-lib.c profile.c keycache.c \ - pkcs15-westcos.c \ + pkcs15-lib.c profile.c \ + pkcs15-westcos.c \ pkcs15-gpk.c pkcs15-miocos.c pkcs15-cflex.c \ pkcs15-cardos.c pkcs15-jcop.c pkcs15-starcos.c \ - pkcs15-oberthur.c pkcs15-setcos.c pkcs15-incrypto34.c \ - pkcs15-muscle.c pkcs15-asepcos.c pkcs15-rutoken.c \ - pkcs15-entersafe.c pkcs15-rtecp.c pkcs15-myeid.c \ - pkcs15init.exports -if WIN32 -libpkcs15init_la_SOURCES += versioninfo.rc -else -dist_noinst_DATA = versioninfo.rc -endif -libpkcs15init_la_LIBADD = $(OPTIONAL_OPENSSL_LIBS) $(LTLIB_LIBS) \ - $(top_builddir)/src/libopensc/libopensc.la \ - $(top_builddir)/src/scconf/libscconf.la \ - $(top_builddir)/src/common/libcompat.la -libpkcs15init_la_LDFLAGS = $(AM_LDFLAGS) \ - -version-info @OPENSC_LT_CURRENT@:@OPENSC_LT_REVISION@:@OPENSC_LT_AGE@ \ - -export-symbols "$(srcdir)/pkcs15init.exports" \ - -no-undefined - -versioninfo.rc: - sed 's/@@FILE_DESCRIPTION@@/OpenSC Core Library/g' \ - "$(top_builddir)/win32/versioninfo.rc.in" > versioninfo.rc - -if WIN32 -# def file required for MS users to build library -mylibdir=$(libdir) -mylib_DATA=.libs/@WIN_LIBPREFIX@pkcs15init-@OPENSC_LT_OLDEST@.dll.def -.libs/@WIN_LIBPREFIX@pkcs15init-@OPENSC_LT_OLDEST@.dll.def: libpkcs15init.la -endif + pkcs15-setcos.c pkcs15-incrypto34.c pkcs15-muscle.c \ + pkcs15-asepcos.c pkcs15-rutoken.c pkcs15-entersafe.c \ + pkcs15-rtecp.c pkcs15-myeid.c \ + pkcs15-oberthur.c pkcs15-oberthur-awp.c \ + pkcs15-authentic.c pkcs15-iasecc.c diff -Nru opensc-0.11.13/src/pkcs15init/Makefile.in opensc-0.12.1/src/pkcs15init/Makefile.in --- opensc-0.11.13/src/pkcs15init/Makefile.in 2010-02-16 09:32:18.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/Makefile.in 2011-05-18 05:51:48.000000000 +0000 @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -38,24 +38,47 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -DIST_COMMON = README $(am__dist_noinst_DATA_DIST) $(dist_pkgdata_DATA) \ - $(noinst_HEADERS) $(openscinclude_HEADERS) \ +DIST_COMMON = README $(dist_pkgdata_DATA) $(noinst_HEADERS) \ $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ $(top_srcdir)/win32/ltrc.inc -@WIN32_TRUE@am__append_1 = versioninfo.rc subdir = src/pkcs15init ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/acx_pthread.m4 \ - $(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.ac + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = +LTLIBRARIES = $(noinst_LTLIBRARIES) +libpkcs15init_la_LIBADD = +am_libpkcs15init_la_OBJECTS = pkcs15-lib.lo profile.lo \ + pkcs15-westcos.lo pkcs15-gpk.lo pkcs15-miocos.lo \ + pkcs15-cflex.lo pkcs15-cardos.lo pkcs15-jcop.lo \ + pkcs15-starcos.lo pkcs15-setcos.lo pkcs15-incrypto34.lo \ + pkcs15-muscle.lo pkcs15-asepcos.lo pkcs15-rutoken.lo \ + pkcs15-entersafe.lo pkcs15-rtecp.lo pkcs15-myeid.lo \ + pkcs15-oberthur.lo pkcs15-oberthur-awp.lo pkcs15-authentic.lo \ + pkcs15-iasecc.lo +libpkcs15init_la_OBJECTS = $(am_libpkcs15init_la_OBJECTS) +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libpkcs15init_la_SOURCES) +DIST_SOURCES = $(libpkcs15init_la_SOURCES) am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ @@ -77,52 +100,9 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(pkgdatadir)" \ - "$(DESTDIR)$(mylibdir)" "$(DESTDIR)$(openscincludedir)" -LTLIBRARIES = $(lib_LTLIBRARIES) -am__DEPENDENCIES_1 = -libpkcs15init_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) \ - $(top_builddir)/src/libopensc/libopensc.la \ - $(top_builddir)/src/scconf/libscconf.la \ - $(top_builddir)/src/common/libcompat.la -am__libpkcs15init_la_SOURCES_DIST = pkcs15-lib.c profile.c keycache.c \ - pkcs15-westcos.c pkcs15-gpk.c pkcs15-miocos.c pkcs15-cflex.c \ - pkcs15-cardos.c pkcs15-jcop.c pkcs15-starcos.c \ - pkcs15-oberthur.c pkcs15-setcos.c pkcs15-incrypto34.c \ - pkcs15-muscle.c pkcs15-asepcos.c pkcs15-rutoken.c \ - pkcs15-entersafe.c pkcs15-rtecp.c pkcs15-myeid.c \ - pkcs15init.exports versioninfo.rc -@WIN32_TRUE@am__objects_1 = versioninfo.lo -am_libpkcs15init_la_OBJECTS = pkcs15-lib.lo profile.lo keycache.lo \ - pkcs15-westcos.lo pkcs15-gpk.lo pkcs15-miocos.lo \ - pkcs15-cflex.lo pkcs15-cardos.lo pkcs15-jcop.lo \ - pkcs15-starcos.lo pkcs15-oberthur.lo pkcs15-setcos.lo \ - pkcs15-incrypto34.lo pkcs15-muscle.lo pkcs15-asepcos.lo \ - pkcs15-rutoken.lo pkcs15-entersafe.lo pkcs15-rtecp.lo \ - pkcs15-myeid.lo $(am__objects_1) -libpkcs15init_la_OBJECTS = $(am_libpkcs15init_la_OBJECTS) -libpkcs15init_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(libpkcs15init_la_LDFLAGS) $(LDFLAGS) -o $@ -DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) -depcomp = $(SHELL) $(top_srcdir)/depcomp -am__depfiles_maybe = depfiles -am__mv = mv -f -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ - $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -CCLD = $(CC) -LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ - $(LDFLAGS) -o $@ -SOURCES = $(libpkcs15init_la_SOURCES) -DIST_SOURCES = $(am__libpkcs15init_la_SOURCES_DIST) -am__dist_noinst_DATA_DIST = versioninfo.rc -DATA = $(dist_noinst_DATA) $(dist_pkgdata_DATA) $(mylib_DATA) -HEADERS = $(noinst_HEADERS) $(openscinclude_HEADERS) +am__installdirs = "$(DESTDIR)$(pkgdatadir)" +DATA = $(dist_pkgdata_DATA) +HEADERS = $(noinst_HEADERS) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -153,8 +133,6 @@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ -ICONV_CFLAGS = @ICONV_CFLAGS@ -ICONV_LIBS = @ICONV_LIBS@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ @@ -162,10 +140,8 @@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LD = @LD@ LDFLAGS = @LDFLAGS@ -LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@ -LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@ -LIBASSUAN_LIBS = @LIBASSUAN_LIBS@ LIBOBJS = @LIBOBJS@ +LIBRARY_BITNESS = @LIBRARY_BITNESS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ @@ -190,8 +166,6 @@ OPENSC_VERSION_MINOR = @OPENSC_VERSION_MINOR@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ -OPTIONAL_ICONV_CFLAGS = @OPTIONAL_ICONV_CFLAGS@ -OPTIONAL_ICONV_LIBS = @OPTIONAL_ICONV_LIBS@ OPTIONAL_OPENCT_CFLAGS = @OPTIONAL_OPENCT_CFLAGS@ OPTIONAL_OPENCT_LIBS = @OPTIONAL_OPENCT_LIBS@ OPTIONAL_OPENSSL_CFLAGS = @OPTIONAL_OPENSSL_CFLAGS@ @@ -214,6 +188,8 @@ PCSC_CFLAGS = @PCSC_CFLAGS@ PCSC_LIBS = @PCSC_LIBS@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ @@ -226,10 +202,7 @@ SHELL = @SHELL@ STRIP = @STRIP@ SVN = @SVN@ -TR = @TR@ VERSION = @VERSION@ -WGET = @WGET@ -WGET_OPTS = @WGET_OPTS@ WIN_LIBPREFIX = @WIN_LIBPREFIX@ XSLTPROC = @XSLTPROC@ ZLIB_CFLAGS = @ZLIB_CFLAGS@ @@ -275,11 +248,8 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ -openscincludedir = @openscincludedir@ pdfdir = @pdfdir@ pkcs11dir = @pkcs11dir@ -pkgconfigdir = @pkgconfigdir@ -plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -296,14 +266,10 @@ $(AM_CPPFLAGS) $(CPPFLAGS) LTRCCOMPILE = $(LIBTOOL) --mode=compile --tag=RC $(RCCOMPILE) -MAINTAINERCLEANFILES = \ - $(srcdir)/Makefile.in $(srcdir)/versioninfo.rc - -CLEANFILES = versioninfo.rc +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in EXTRA_DIST = Makefile.mak -lib_LTLIBRARIES = libpkcs15init.la -openscinclude_HEADERS = pkcs15-init.h -noinst_HEADERS = profile.h keycache.h +noinst_LTLIBRARIES = libpkcs15init.la +noinst_HEADERS = profile.h pkcs15-init.h pkcs15-oberthur.h dist_pkgdata_DATA = \ cyberflex.profile \ flex.profile \ @@ -322,33 +288,26 @@ entersafe.profile \ rutoken_ecp.profile \ westcos.profile \ - myeid.profile + myeid.profile \ + authentic.profile \ + iasecc.profile \ + ias_adele_admin1.profile ias_adele_admin2.profile ias_adele_common.profile \ + iasecc_generic_pki.profile iasecc_admin_eid.profile iasecc_generic_oberthur.profile AM_CPPFLAGS = -DSC_PKCS15_PROFILE_DIRECTORY=\"$(pkgdatadir)\" -AM_CFLAGS = $(OPTIONAL_OPENSSL_CFLAGS) $(LTLIB_CFLAGS) -INCLUDES = -I$(top_srcdir)/src/common -I$(top_builddir)/src/include -libpkcs15init_la_SOURCES = pkcs15-lib.c profile.c keycache.c \ - pkcs15-westcos.c pkcs15-gpk.c pkcs15-miocos.c pkcs15-cflex.c \ +AM_CFLAGS = $(OPTIONAL_OPENSSL_CFLAGS) +INCLUDES = -I$(top_srcdir)/src +libpkcs15init_la_SOURCES = \ + pkcs15-lib.c profile.c \ + pkcs15-westcos.c \ + pkcs15-gpk.c pkcs15-miocos.c pkcs15-cflex.c \ pkcs15-cardos.c pkcs15-jcop.c pkcs15-starcos.c \ - pkcs15-oberthur.c pkcs15-setcos.c pkcs15-incrypto34.c \ - pkcs15-muscle.c pkcs15-asepcos.c pkcs15-rutoken.c \ - pkcs15-entersafe.c pkcs15-rtecp.c pkcs15-myeid.c \ - pkcs15init.exports $(am__append_1) -@WIN32_FALSE@dist_noinst_DATA = versioninfo.rc -libpkcs15init_la_LIBADD = $(OPTIONAL_OPENSSL_LIBS) $(LTLIB_LIBS) \ - $(top_builddir)/src/libopensc/libopensc.la \ - $(top_builddir)/src/scconf/libscconf.la \ - $(top_builddir)/src/common/libcompat.la - -libpkcs15init_la_LDFLAGS = $(AM_LDFLAGS) \ - -version-info @OPENSC_LT_CURRENT@:@OPENSC_LT_REVISION@:@OPENSC_LT_AGE@ \ - -export-symbols "$(srcdir)/pkcs15init.exports" \ - -no-undefined - - -# def file required for MS users to build library -@WIN32_TRUE@mylibdir = $(libdir) -@WIN32_TRUE@mylib_DATA = .libs/@WIN_LIBPREFIX@pkcs15init-@OPENSC_LT_OLDEST@.dll.def + pkcs15-setcos.c pkcs15-incrypto34.c pkcs15-muscle.c \ + pkcs15-asepcos.c pkcs15-rutoken.c pkcs15-entersafe.c \ + pkcs15-rtecp.c pkcs15-myeid.c \ + pkcs15-oberthur.c pkcs15-oberthur-awp.c \ + pkcs15-authentic.c pkcs15-iasecc.c + all: all-am .SUFFIXES: @@ -362,9 +321,9 @@ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/pkcs15init/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/pkcs15init/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/pkcs15init/Makefile + $(AUTOMAKE) --foreign src/pkcs15init/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -383,39 +342,17 @@ $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): -install-libLTLIBRARIES: $(lib_LTLIBRARIES) - @$(NORMAL_INSTALL) - test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" - @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ - list2="$$list2 $$p"; \ - else :; fi; \ - done; \ - test -z "$$list2" || { \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ - } -uninstall-libLTLIBRARIES: - @$(NORMAL_UNINSTALL) - @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ - for p in $$list; do \ - $(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ - done - -clean-libLTLIBRARIES: - -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done libpkcs15init.la: $(libpkcs15init_la_OBJECTS) $(libpkcs15init_la_DEPENDENCIES) - $(libpkcs15init_la_LINK) -rpath $(libdir) $(libpkcs15init_la_OBJECTS) $(libpkcs15init_la_LIBADD) $(LIBS) + $(LINK) $(libpkcs15init_la_OBJECTS) $(libpkcs15init_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -423,18 +360,20 @@ distclean-compile: -rm -f *.tab.c -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keycache.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-asepcos.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-authentic.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-cardos.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-cflex.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-entersafe.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-gpk.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-iasecc.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-incrypto34.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-jcop.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-lib.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-miocos.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-muscle.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-myeid.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-oberthur-awp.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-oberthur.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-rtecp.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-rutoken.Plo@am__quote@ @@ -489,46 +428,6 @@ test -n "$$files" || exit 0; \ echo " ( cd '$(DESTDIR)$(pkgdatadir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(pkgdatadir)" && rm -f $$files -install-mylibDATA: $(mylib_DATA) - @$(NORMAL_INSTALL) - test -z "$(mylibdir)" || $(MKDIR_P) "$(DESTDIR)$(mylibdir)" - @list='$(mylib_DATA)'; test -n "$(mylibdir)" || list=; \ - for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; \ - done | $(am__base_list) | \ - while read files; do \ - echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(mylibdir)'"; \ - $(INSTALL_DATA) $$files "$(DESTDIR)$(mylibdir)" || exit $$?; \ - done - -uninstall-mylibDATA: - @$(NORMAL_UNINSTALL) - @list='$(mylib_DATA)'; test -n "$(mylibdir)" || list=; \ - files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ - test -n "$$files" || exit 0; \ - echo " ( cd '$(DESTDIR)$(mylibdir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(mylibdir)" && rm -f $$files -install-openscincludeHEADERS: $(openscinclude_HEADERS) - @$(NORMAL_INSTALL) - test -z "$(openscincludedir)" || $(MKDIR_P) "$(DESTDIR)$(openscincludedir)" - @list='$(openscinclude_HEADERS)'; test -n "$(openscincludedir)" || list=; \ - for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; \ - done | $(am__base_list) | \ - while read files; do \ - echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(openscincludedir)'"; \ - $(INSTALL_HEADER) $$files "$(DESTDIR)$(openscincludedir)" || exit $$?; \ - done - -uninstall-openscincludeHEADERS: - @$(NORMAL_UNINSTALL) - @list='$(openscinclude_HEADERS)'; test -n "$(openscincludedir)" || list=; \ - files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ - test -n "$$files" || exit 0; \ - echo " ( cd '$(DESTDIR)$(openscincludedir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(openscincludedir)" && rm -f $$files ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ @@ -616,7 +515,7 @@ check: check-am all-am: Makefile $(LTLIBRARIES) $(DATA) $(HEADERS) installdirs: - for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(pkgdatadir)" "$(DESTDIR)$(mylibdir)" "$(DESTDIR)$(openscincludedir)"; do \ + for dir in "$(DESTDIR)$(pkgdatadir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am @@ -636,7 +535,6 @@ mostlyclean-generic: clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) @@ -648,7 +546,7 @@ -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am -clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ mostlyclean-am distclean: distclean-am @@ -669,14 +567,13 @@ info-am: -install-data-am: install-dist_pkgdataDATA install-mylibDATA \ - install-openscincludeHEADERS +install-data-am: install-dist_pkgdataDATA install-dvi: install-dvi-am install-dvi-am: -install-exec-am: install-libLTLIBRARIES +install-exec-am: install-html: install-html-am @@ -716,27 +613,23 @@ ps-am: -uninstall-am: uninstall-dist_pkgdataDATA uninstall-libLTLIBRARIES \ - uninstall-mylibDATA uninstall-openscincludeHEADERS +uninstall-am: uninstall-dist_pkgdataDATA .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libLTLIBRARIES clean-libtool ctags distclean \ + clean-libtool clean-noinstLTLIBRARIES ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am \ install-dist_pkgdataDATA install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ - install-info install-info-am install-libLTLIBRARIES \ - install-man install-mylibDATA install-openscincludeHEADERS \ - install-pdf install-pdf-am install-ps install-ps-am \ - install-strip installcheck installcheck-am installdirs \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ - pdf pdf-am ps ps-am tags uninstall uninstall-am \ - uninstall-dist_pkgdataDATA uninstall-libLTLIBRARIES \ - uninstall-mylibDATA uninstall-openscincludeHEADERS + install-info install-info-am install-man install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-dist_pkgdataDATA .rc.lo: @@ -745,11 +638,6 @@ .rc.o: $(RCCOMPILE) -i "$<" -o "$@" -versioninfo.rc: - sed 's/@@FILE_DESCRIPTION@@/OpenSC Core Library/g' \ - "$(top_builddir)/win32/versioninfo.rc.in" > versioninfo.rc -@WIN32_TRUE@.libs/@WIN_LIBPREFIX@pkcs15init-@OPENSC_LT_OLDEST@.dll.def: libpkcs15init.la - # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff -Nru opensc-0.11.13/src/pkcs15init/Makefile.mak opensc-0.12.1/src/pkcs15init/Makefile.mak --- opensc-0.11.13/src/pkcs15init/Makefile.mak 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/Makefile.mak 2011-05-17 17:07:00.000000000 +0000 @@ -1,26 +1,19 @@ TOPDIR = ..\.. -TARGET = pkcs15init.dll - -HEADERS = pkcs15-init.h profile.h keycache.h -HEADERSDIR = $(TOPDIR)\src\include\opensc - -OBJECTS = pkcs15-lib.obj profile.obj keycache.obj \ +TARGET = pkcs15init.lib +OBJECTS = pkcs15-lib.obj profile.obj \ pkcs15-gpk.obj pkcs15-miocos.obj pkcs15-cflex.obj \ pkcs15-cardos.obj pkcs15-jcop.obj pkcs15-starcos.obj \ - pkcs15-oberthur.obj pkcs15-setcos.obj pkcs15-incrypto34.obj \ + pkcs15-oberthur.obj pkcs15-oberthur-awp.obj \ + pkcs15-setcos.obj pkcs15-incrypto34.obj \ pkcs15-muscle.obj pkcs15-asepcos.obj pkcs15-rutoken.obj \ pkcs15-entersafe.obj pkcs15-rtecp.obj pkcs15-westcos.obj \ - pkcs15-myeid.obj \ - versioninfo.res + pkcs15-myeid.obj pkcs15-authentic.obj pkcs15-iasecc.obj -all: install-headers $(TARGET) +all: $(TARGET) + +$(TARGET): $(OBJECTS) + lib $(LIBFLAGS) /out:$(TARGET) $(OBJECTS) !INCLUDE $(TOPDIR)\win32\Make.rules.mak -$(TARGET): $(OBJECTS) - echo LIBRARY $* > $*.def - echo EXPORTS >> $*.def - type $*.exports >> $*.def - link $(LINKFLAGS) /dll /def:$*.def /implib:$*.lib /out:$(TARGET) $(OBJECTS) ..\scconf\scconf.lib ..\common\common.lib ..\libopensc\opensc.lib winscard.lib $(OPENSSL_LIB) gdi32.lib $(LIBLTDL_LIB) - if EXIST $(TARGET).manifest mt -manifest $(TARGET).manifest -outputresource:$(TARGET);2 diff -Nru opensc-0.11.13/src/pkcs15init/muscle.profile opensc-0.12.1/src/pkcs15init/muscle.profile --- opensc-0.11.13/src/pkcs15init/muscle.profile 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/muscle.profile 2011-05-17 17:07:00.000000000 +0000 @@ -59,7 +59,7 @@ type = EF; file-id = 2F00; size = 128; - acl = *=$PIN; + acl = *=NONE; } # Here comes the application DF @@ -118,11 +118,8 @@ ACL = $protected; } template key-domain { - # This is a dummy entry - pkcs15-init insists that - # this is present - EF private-key { - file-id = FFFF; - ACL = *=$PIN, READ=NEVER; + BSO private-key { + ACL = *=$PIN, READ=NEVER; } EF public-key { file-id = 3000; diff -Nru opensc-0.11.13/src/pkcs15init/myeid.profile opensc-0.12.1/src/pkcs15init/myeid.profile --- opensc-0.11.13/src/pkcs15init/myeid.profile 2009-12-13 09:14:27.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/myeid.profile 2011-05-17 17:07:00.000000000 +0000 @@ -6,8 +6,8 @@ label = "MyEID"; manufacturer = "Aventra Ltd."; min-pin-length = 4; - max-pin-length = 8; - pin-encoding = ascii-numeric; + max-pin-length = 8; + pin-encoding = ascii-numeric; pin-pad-char = 0xFF; } @@ -29,13 +29,14 @@ #protected = READ=NONE, UPDATE=CHV1, DELETE=CHV2; #unprotected = READ=NONE, UPDATE=CHV1, DELETE=CHV1; - unusedspace-size = 512; - odf-size = 256; - aodf-size = 384; - cdf-size = 512; - prkdf-size = 1485; - pukdf-size = 1200; - dodf-size = 256; + unusedspace-size = 510; + odf-size = 255; + aodf-size = 255; + cdf-size = 1530; + cdf-trusted-size = 510; + prkdf-size = 1530; + pukdf-size = 1530; + dodf-size = 255; } } @@ -44,33 +45,32 @@ # here; that is done dynamically. PIN user-pin { reference = 1; - auth-id = 1; min-length = 4; max-length = 8; - attempts = 3; + attempts = 3; flags = initialized, needs-padding; } PIN user-puk { min-length = 4; max-length = 8; - attempts = 10; - flags = needs-padding; + attempts = 10; + flags = needs-padding; } PIN so-pin { - reference = 2; - auth-id = 2; + reference = 3; + auth-id = FF; min-length = 4; max-length = 8; - attempts = 4; + attempts = 3; flags = initialized, soPin, needs-padding; } PIN so-puk { min-length = 4; max-length = 8; - attempts = 9; + attempts = 10; flags = needs-padding; } @@ -79,114 +79,123 @@ # main profile. filesystem { DF MF { - path = 3F00; - type = DF; - acl = DELETE=CHV2; #Erase PIN - - # This is the DIR file - EF DIR { - file-id = 2F00; - structure = transparent; - size = 128; - acl = READ=NONE, UPDATE=CHV1, DELETE=CHV2; - } + path = 3F00; + type = DF; + acl = CREATE=$PIN, DELETE=$SOPIN; + + # This is the DIR file + EF DIR { + file-id = 2F00; + structure = transparent; + size = 128; + acl = READ=NONE, UPDATE=$SOPIN, DELETE=$SOPIN; + } DF PKCS15-AppDF { - type = DF; - file-id = 5015; - acl = DELETE=NONE, CREATE=CHV1; + type = DF; + file-id = 5015; + acl = DELETE=$PIN, CREATE=$PIN; EF PKCS15-ODF { - file-id = 5031; + file-id = 5031; structure = transparent; - size = $odf-size; - ACL = READ=NONE, UPDATE=CHV1, DELETE=CHV2; - } + size = $odf-size; + acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN; + } + + EF PKCS15-TokenInfo { + file-id = 5032; + structure = transparent; + acl = READ=NONE, UPDATE=$SOPIN, DELETE=$SOPIN; + } - EF PKCS15-TokenInfo { - file-id = 5032; - structure = transparent; - ACL = READ=NONE, UPDATE=CHV1, DELETE=CHV2; - } + EF PKCS15-UnusedSpace { + file-id = 5033; + structure = transparent; + size = $unusedspace-size; + acl = READ=NONE, UPDATE=$SOPIN, DELETE=$SOPIN; + } - EF PKCS15-UnusedSpace { - file-id = 5033; - structure = transparent; - size = $unusedspace-size; - ACL = READ=NONE, UPDATE=CHV1, DELETE=CHV2; - } + EF PKCS15-AODF { + file-id = 4401; + structure = transparent; + size = $aodf-size; + acl = READ=NONE, UPDATE=$SOPIN, DELETE=$SOPIN; + } - EF PKCS15-AODF { - file-id = 4401; - structure = transparent; - size = $aodf-size; - ACL = READ=NONE, UPDATE=CHV1, DELETE=CHV2; - } + EF PKCS15-PrKDF { + file-id = 4402; + structure = transparent; + size = $prkdf-size; + acl = *=NEVER, READ=NONE, UPDATE=$PIN, DELETE=$SOPIN; + } - EF PKCS15-PrKDF { - file-id = 4402; - structure = transparent; - size = $prkdf-size; - acl = READ=NONE, UPDATE=CHV1, DELETE=CHV2; - } + EF PKCS15-PuKDF { + file-id = 4404; + structure = transparent; + size = $pukdf-size; + acl = *=NEVER, READ=NONE, UPDATE=$PIN, DELETE=$SOPIN; + } - EF PKCS15-PuKDF { - file-id = 4403; - structure = transparent; - size = $pukdf-size; - acl = READ=NONE, UPDATE=CHV1, DELETE=CHV2; - } + EF PKCS15-CDF { + file-id = 4403; + structure = transparent; + size = $cdf-size; + acl = *=NEVER, READ=NONE, UPDATE=$PIN, DELETE=$SOPIN; + } - EF PKCS15-CDF { - file-id = 4404; - structure = transparent; - size = $cdf-size; - acl = READ=NONE, UPDATE=CHV1, DELETE=CHV2; - } + EF PKCS15-CDF-TRUSTED { + file-id = 4405; + structure = transparent; + size = $cdf-trusted-size; + acl = *=NEVER, READ=NONE, UPDATE=$PIN, DELETE=$SOPIN; + } - EF PKCS15-DODF { - file-id = 4405; - structure = transparent; - size = $dodf-size; - ACL = READ=NONE, UPDATE=CHV1, DELETE=CHV2; - } + EF PKCS15-DODF { + file-id = 4406; + structure = transparent; + size = $dodf-size; + acl = *=NEVER, READ=NONE, UPDATE=$PIN, DELETE=$SOPIN; + } + EF template-private-key { - type = internal-ef; - file-id = 4B01; - size = 1024; - ACL = CRYPTO=CHV1, UPDATE=CHV1, DELETE=CHV2; - } - EF template-public-key { - structure = transparent; - file-id = 5501; - ACL = READ=NONE, UPDATE=CHV1, DELETE=CHV2; - } - EF template-certificate { - file-id = 4301; - structure = transparent; - ACL = READ=NONE, UPDATE=CHV1, DELETE=CHV2; - } - - template key-domain { - # This is a dummy entry - pkcs15-init insists that - # this is present - EF private-key { - file-id = 4B00; - type = internal-ef; - ACL = READ=NONE, UPDATE=CHV1, DELETE=CHV2; - } - EF public-key { - file-id = 4300; - structure = transparent; - ACL = READ=NONE, UPDATE=CHV1, DELETE=CHV2; - } + type = internal-ef; + file-id = 4B01; + acl = CRYPTO=$PIN, UPDATE=$PIN, DELETE=$PIN, GENERATE=$PIN; + } + + EF template-public-key { + structure = transparent; + file-id = 5501; + acl = READ=NONE, UPDATE=$PIN, DELETE=$PIN, GENERATE=$PIN; + } + + EF template-certificate { + file-id = 4301; + structure = transparent; + acl = READ=NONE, UPDATE=$PIN, DELETE=$PIN; + } + + template key-domain { + # This is a dummy entry - pkcs15-init insists that + # this is present + EF private-key { + file-id = 4B01; + type = internal-ef; + acl = READ=NONE, UPDATE=$PIN, DELETE=$PIN, GENERATE=$PIN; + } + EF public-key { + file-id = 5501; + structure = transparent; + acl = READ=NONE, UPDATE=$PIN, DELETE=$PIN, GENERATE=$PIN; + } - # Certificate template + # Certificate template EF certificate { - file-id = 5300; - structure = transparent; - ACL = READ=NONE, UPDATE=CHV1, DELETE=CHV2; - } + file-id = 4301; + structure = transparent; + acl = READ=NONE, UPDATE=$PIN, DELETE=$PIN; + } } - } + } } } diff -Nru opensc-0.11.13/src/pkcs15init/oberthur.profile opensc-0.12.1/src/pkcs15init/oberthur.profile --- opensc-0.11.13/src/pkcs15init/oberthur.profile 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/oberthur.profile 2011-05-17 17:07:00.000000000 +0000 @@ -2,43 +2,44 @@ # PKCS15 r/w profile for Oberthur cards # cardinfo { - label = "SCM"; - manufacturer = "Oberthur/OpenSC"; + label = "SCM"; + manufacturer = "Oberthur/OpenSC"; - max-pin-length = 64; - min-pin-length = 4; - pin-encoding = ascii-numeric; - pin-pad-char = 0xFF; - - # Delete or not the public key when inconporating the - # corresponding certificate. - keep-public-key = no; # yes/no + max-pin-length = 64; + min-pin-length = 4; + pin-encoding = ascii-numeric; + pin-pad-char = 0xFF; +} + +pkcs15 { + # Have a lastUpdate field in the EF(TokenInfo)? + do-last-update = no; } # Define reasonable limits for PINs and PUK # Note that we do not set a file path or reference # here; that is done dynamically. PIN user-pin { - attempts = 5; - max-length = 64; - min-length = 4; - flags = 0x32; # local, initialized, needs-padding - reference = 1 + attempts = 5; + max-length = 64; + min-length = 4; + flags = case-sensitive, local, initialized, needs-padding; + reference = 0x81 } PIN user-puk { - attempts = 5; - max-length = 16; - min-length = 4; - flags = 0x32; # local, initialized, needs-padding + attempts = 5; + max-length = 64; + min-length = 4; + flags = case-sensitive, local, unblock-disabled, initialized, needs-padding, unblockingPin; + reference = 0x84 } PIN so-pin { - auth-id = FF; - attempts = 3; - max-length = 64; - min-length = 4; - flags = 0xB2; + auth-id = FF; + attempts = 3; + max-length = 64; + min-length = 4; + flags = case-sensitive, unblock-disabled, initialized, needs-padding, soPin; reference = 4 -# default-value = "31:32:33:34:35:36:37:38"; } # CHV5 used for Oberthur's specifique access condition "PIN or SOPIN" @@ -48,17 +49,16 @@ # This is added to the file system info specified in the # main profile. filesystem { - DF MF { + DF MF { ACL = *=CHV4; DF OberthurAWP-AppDF { ACL = *=NONE; - #ACL = CREATE=CHV4, CRYPTO=NEVER, PIN_SET=CHV4, PIN_RESET=PRO0x78; - ACL = CREATE=CHV4, CRYPTO=NEVER; + ACL = CREATE=CHV4, CRYPTO=NEVER, PIN-DEFINE=CHV4, PIN-RESET=CHV4; file-id = 5011; size = 40; - - DF private-DF { + + DF private-DF { ACL = *=NEVER; ACL = CREATE=CHV1, CRYPTO=CHV1, FILES=NONE, DELETE=NONE; file-id = 9002; @@ -66,38 +66,38 @@ # Private RSA keys EF OberthurAWP-private-key-info { - ACL = WRITE=CHV1, UPDATE=CHV1, READ=CHV1; + ACL = WRITE=CHV1, UPDATE=CHV1, READ=CHV1; } EF template-private-key { - file-id = 3000; + file-id = 3000; type = internal-ef; + structure = 0xA3; # READ acl used instead of DECRYPT/SIGN - #ACL = UPDATE=PRO0x78, READ=CHV1; - ACL = UPDATE=CHV1, READ=CHV1; + ACL = UPDATE=CHV1, READ=CHV1; } # Private DES keys EF OberthurAWP-private-des-info { - ACL = WRITE=CHV1, UPDATE=CHV1, READ=CHV1; + ACL = WRITE=CHV1, UPDATE=CHV1, READ=CHV1; } EF template-private-des { - file-id = 4000; + file-id = 4000; type = internal-ef; size = 24; # 192 bits # READ acl used insted of DECRYPT/ENCRYPT/CHECKSUM ACL = UPDATE=CHV1, READ=CHV1; - } + } # Private data - EF OberthurAWP-private-data-info { + EF OberthurAWP-privdata-info { ACL = WRITE=CHV1, UPDATE=CHV1, READ=CHV1; } - EF template-private-data { - file-id = 6000; + EF template-privdata { + file-id = 6000; ACL = WRITE=CHV1, UPDATE=CHV1, READ=CHV1; } } - + DF public-DF { ACL = CREATE=NONE, CRYPTO=NONE, FILES=NONE, DELETE=NONE; file-id = 9001; @@ -110,16 +110,17 @@ EF template-certificate { file-id = 2000; ACL = WRITE=NONE, UPDATE=NONE, READ=NONE, ERASE=NONE; - } + } #Public Key EF OberthurAWP-public-key-info { ACL = WRITE=NONE, UPDATE=NONE, READ=NONE, ERASE=NONE; } - EF template-public-key { - file-id = 1000; + EF template-public-key { + file-id = 1000; type = internal-ef; - ACL = *=NONE; + structure = 0xA1; + ACL = *=NONE; } # Public DES keys @@ -127,70 +128,83 @@ ACL = WRITE=NONE, UPDATE=NONE, READ=NONE, ERASE=NONE; } EF template-public-des { - file-id = 7000; + file-id = 7000; type = internal-ef; size = 24; # 192 bits ACL = *=NONE; - } + } # Public data - EF OberthurAWP-public-data-info { + EF OberthurAWP-data-info { ACL = WRITE=NONE, UPDATE=NONE, READ=NONE, ERASE=NONE; } - EF template-public-data { - file-id = 5000; + EF template-data { + file-id = 5000; ACL = *=NONE; } } EF OberthurAWP-token-info { - file-id = 1000; + file-id = 1000; size = 36; - ACL = WRITE=CHV4, UPDATE=CHV4, READ=NONE, ERASE=NEVER; + ACL = WRITE=CHV4, UPDATE=CHV4, READ=NONE, ERASE=NEVER; } EF OberthurAWP-puk-file { - file-id = 2000; + file-id = 2000; size = 16; - #ACL = WRITE=NEVER, UPDATE=CHV4, READ=PRO0x68, ERASE=NEVER; - ACL = WRITE=NEVER, UPDATE=CHV4, READ=NONE, ERASE=NEVER; + ACL = WRITE=NEVER, UPDATE=CHV4, READ=NONE, ERASE=NEVER; } EF OberthurAWP-container-list { file-id = 3000; structure = linear-variable; size = 20; - record-length = 141; - ACL = WRITE=NONE, UPDATE=NONE, READ=NONE, ERASE=CHV5; + record-length = 141; + ACL = WRITE=NONE, UPDATE=NONE, READ=NONE, ERASE=NONE; } EF OberthurAWP-public-list { - file-id = 4000; + file-id = 4000; size = 250; - ACL = *=NONE, ERASE=NEVER; + ACL = *=NONE, ERASE=NEVER; } EF OberthurAWP-private-list { - file-id = 5000; + file-id = 5000; size = 125; - ACL = WRITE=CHV1, UPDATE=CHV1, READ=NONE, ERASE=NEVER; + ACL = WRITE=CHV1, UPDATE=CHV1, READ=NONE, ERASE=NEVER; } } - DF PKCS15-AppDF { - ACL = *=CHV4, FILES=NONE; + DF PKCS15-AppDF { + ACL = *=CHV4, FILES=NONE; size = 20; - EF template-data-1 { - file-id = 3301; - ACL = *=CHV4, READ=NONE; + EF PKCS15-ODF { + size = 512; + } + + EF PKCS15-AODF { + size = 512; + } + + EF PKCS15-CDF { + size = 3072; + } + + EF PKCS15-PrKDF { + size = 1024; + } + + EF PKCS15-PuKDF { + size = 1024; } - EF template-data-2 { - file-id = 3302; - ACL = *=CHV4, READ=NONE; + EF PKCS15-DODF { + size = 512; } } - } + } } diff -Nru opensc-0.11.13/src/pkcs15init/pkcs15-asepcos.c opensc-0.12.1/src/pkcs15init/pkcs15-asepcos.c --- opensc-0.11.13/src/pkcs15init/pkcs15-asepcos.c 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/pkcs15-asepcos.c 2011-05-17 17:07:00.000000000 +0000 @@ -16,36 +16,34 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #include #include -#include -#include -#include + +#include "libopensc/opensc.h" +#include "libopensc/cardctl.h" +#include "libopensc/log.h" #include "pkcs15-init.h" #include "profile.h" /* delete a EF/DF if present. This function does not return an * error if the requested file is not present. */ -static int asepcos_cond_delete(sc_profile_t *pro, sc_card_t *card, +static int asepcos_cond_delete(sc_profile_t *pro, sc_pkcs15_card_t *p15card, const sc_path_t *path) { int r; sc_file_t *tfile = NULL; - sc_ctx_suppress_errors_on(card->ctx); - r = sc_select_file(card, path, &tfile); - sc_ctx_suppress_errors_off(card->ctx); + r = sc_select_file(p15card->card, path, &tfile); if (r == SC_SUCCESS) { - r = sc_pkcs15init_authenticate(pro, card, tfile, SC_AC_OP_DELETE_SELF); + r = sc_pkcs15init_authenticate(pro, p15card, tfile, SC_AC_OP_DELETE_SELF); sc_file_free(tfile); if (r != SC_SUCCESS) return r; - r = sc_delete_file(card, path); + r = sc_delete_file(p15card->card, path); } else if (r == SC_ERROR_FILE_NOT_FOUND) r = SC_SUCCESS; return r; @@ -58,20 +56,19 @@ * @param card sc_card_t object to use * @return SC_SUCCESS on success and an error code otherwise */ -static int asepcos_check_verify_tpin(sc_profile_t *profile, sc_card_t *card) +static int asepcos_check_verify_tpin(sc_profile_t *profile, sc_pkcs15_card_t *p15card) { + struct sc_context *ctx = p15card->card->ctx; int r; sc_path_t path; + /* check whether the file with the transport PIN exists */ sc_format_path("3f000001", &path); - sc_ctx_suppress_errors_on(card->ctx); - r = sc_select_file(card, &path, NULL); - sc_ctx_suppress_errors_off(card->ctx); + r = sc_select_file(p15card->card, &path, NULL); if (r == SC_SUCCESS) { /* try to verify the transport key */ - u8 pbuf[64]; - size_t psize = sizeof(pbuf); sc_file_t *tfile = NULL; + sc_format_path("3f00", &path); r = sc_profile_get_file_by_path(profile, sc_get_mf_path(), &tfile); if (r != SC_SUCCESS) @@ -79,25 +76,11 @@ /* we need to temporarily disable the SC_CARD_CAP_USE_FCI_AC * flag to trick sc_pkcs15init_authenticate() to use access * information form the profile file */ - card->caps &= ~SC_CARD_CAP_USE_FCI_AC; - r = sc_pkcs15init_authenticate(profile, card, tfile, SC_AC_OP_CRYPTO); - card->caps |= SC_CARD_CAP_USE_FCI_AC; + p15card->card->caps &= ~SC_CARD_CAP_USE_FCI_AC; + r = sc_pkcs15init_authenticate(profile, p15card, tfile, SC_AC_OP_CRYPTO); + p15card->card->caps |= SC_CARD_CAP_USE_FCI_AC; sc_file_free(tfile); - if (r != SC_SUCCESS) { - sc_error(card->ctx, "unable to authenticate"); - return r; - } - /* store the transport key as a PIN */ - r = sc_keycache_get_key(&path, SC_AC_AUT, 0, pbuf, psize); - if (r < 0) { - sc_error(card->ctx, "unable to get transport key"); - return r; - } - r = sc_keycache_put_key(&path, SC_AC_CHV, 0, pbuf, (size_t)r); - if (r != SC_SUCCESS) { - sc_error(card->ctx, "unable to store transport key"); - return r; - } + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "unable to authenticate for 'CRYPTO' operation"); } return SC_SUCCESS; } @@ -109,7 +92,7 @@ * erased. * @return SC_SUCCESS on success and an error code otherwise */ -static int asepcos_erase(struct sc_profile *profile, sc_card_t *card) +static int asepcos_erase(struct sc_profile *profile, sc_pkcs15_card_t *p15card) { int r; sc_path_t path; @@ -119,17 +102,19 @@ * pkcs15 application. */ /* Check wether a transport exists and verify it if present */ - r = asepcos_check_verify_tpin(profile, card); + + p15card->opts.use_pin_cache = 1; + r = asepcos_check_verify_tpin(profile, p15card); if (r != SC_SUCCESS) return r; /* EF(DIR) */ sc_format_path("3f002f00", &path); - r = asepcos_cond_delete(profile, card, &path); + r = asepcos_cond_delete(profile, p15card, &path); if (r != SC_SUCCESS) return r; /* DF(PKCS15) */ sc_format_path("3f005015", &path); - r = asepcos_cond_delete(profile, card, &path); + r = asepcos_cond_delete(profile, p15card, &path); if (r != SC_SUCCESS) return r; @@ -143,15 +128,17 @@ * @param df sc_file_t with the application DF to create * @return SC_SUCCESS on success and an error value otherwise */ -static int asepcos_create_dir(sc_profile_t *profile, sc_card_t *card, +static int asepcos_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df) { int r; static const u8 pa_acl[] = {0x80,0x01,0x5f,0x90,0x00}; sc_file_t *tfile; + sc_context_t *ctx = p15card->card->ctx; + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); /* Check wether a transport exists and verify it if present */ - r = asepcos_check_verify_tpin(profile, card); + r = asepcos_check_verify_tpin(profile, p15card); if (r != SC_SUCCESS) return r; /* As we don't know whether or not a SO-PIN is used to protect the AC @@ -170,9 +157,9 @@ return r; } /* create application DF */ - r = sc_pkcs15init_create_file(profile, card, tfile); + r = sc_pkcs15init_create_file(profile, p15card, tfile); sc_file_free(tfile); - return r; + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); } @@ -180,8 +167,8 @@ * determined when the PIN is created. This is just helper function to * determine the next best file id of the PIN file. */ -static int asepcos_select_pin_reference(sc_profile_t *profile, sc_card_t *card, - sc_pkcs15_pin_info_t *pinfo) +static int asepcos_select_pin_reference(sc_profile_t *profile, + sc_pkcs15_card_t *p15card, sc_pkcs15_pin_info_t *pinfo) { if (pinfo->flags & SC_PKCS15_PIN_FLAG_SO_PIN) return SC_SUCCESS; @@ -219,7 +206,7 @@ if (r != SC_SUCCESS) return r; if (nfile->prop_attr == NULL || nfile->prop_attr_len != 11) { - sc_error(card->ctx, "unable to determine AKN"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "unable to determine AKN"); sc_file_free(nfile); return SC_ERROR_INTERNAL; } @@ -244,7 +231,7 @@ *p++ = pinid & 0xff; /* pin length */ if (pinlen < 4 || pinlen > 16) { - sc_error(card->ctx, "invalid PIN length"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "invalid PIN length"); return SC_ERROR_INVALID_ARGUMENTS; } *p++ = 0x00; @@ -310,7 +297,7 @@ r = sc_create_file(card, nfile); sc_file_free(nfile); if (r != SC_SUCCESS) { - sc_error(card->ctx, "unable to create PIN file"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "unable to create PIN file"); return r; } /* get AKN of the newly created PIN */ @@ -340,13 +327,6 @@ return 0; } -static void asepcos_fix_pin_reference(sc_pkcs15_pin_info_t *pinfo) -{ - if (pinfo->flags & SC_PKCS15_PIN_FLAG_SO_PIN) - sc_keycache_set_pin_name(&pinfo->path, pinfo->reference, SC_PKCS15INIT_SO_PIN); - else - sc_keycache_set_pin_name(&pinfo->path, pinfo->reference, SC_PKCS15INIT_USER_PIN); -} /* create PIN and, if specified, PUK files * @param profile profile information for this card @@ -358,15 +338,18 @@ * @param puk_len PUK length (optional) * @return SC_SUCCESS on success and an error code otherwise */ -static int asepcos_create_pin(sc_profile_t *profile, sc_card_t *card, +static int asepcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df, sc_pkcs15_object_t *pin_obj, const u8 *pin, size_t pin_len, const u8 *puk, size_t puk_len) { sc_pkcs15_pin_info_t *pinfo = (sc_pkcs15_pin_info_t *) pin_obj->data; + struct sc_card *card = p15card->card; int r, pid, puk_id; sc_path_t tpath = df->path; sc_file_t *tfile = NULL; + sc_context_t *ctx = p15card->card->ctx; + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); if (!pin || !pin_len) return SC_ERROR_INVALID_ARGUMENTS; @@ -375,13 +358,13 @@ /* get the ACL of the application DF */ r = sc_select_file(card, &df->path, &tfile); if (r != SC_SUCCESS) - return r; + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); /* verify the PIN protecting the CREATE acl (if necessary) */ - r = sc_pkcs15init_authenticate(profile, card, tfile, SC_AC_OP_CREATE); + r = sc_pkcs15init_authenticate(profile, p15card, tfile, SC_AC_OP_CREATE); sc_file_free(tfile); if (r != SC_SUCCESS) { - sc_error(card->ctx, "unable to create PIN file, insufficent rights"); - return r; + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "unable to create PIN file, insufficent rights"); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); } do { @@ -392,15 +375,13 @@ * is already used */ r = sc_append_file_id(&pin_path, pid & 0xff); if (r != SC_SUCCESS) - return r; - sc_ctx_suppress_errors_on(card->ctx); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); r = sc_select_file(card, &pin_path, NULL); - sc_ctx_suppress_errors_off(card->ctx); if (r == SC_SUCCESS) pid += 2; else if (r != SC_ERROR_FILE_NOT_FOUND) { - sc_error(card->ctx, "error selecting PIN file"); - return r; + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "error selecting PIN file"); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); } } while (r != SC_ERROR_FILE_NOT_FOUND); @@ -414,19 +395,20 @@ sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PUK, &puk_info); else sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PUK, &puk_info); + /* If a PUK we use "file id of the PIN" + 1 as the file id * of the PUK. */ puk_id = pid + 1; r = asepcos_do_store_pin(profile, card, &puk_info, puk, puk_len, 0, puk_id); if (r != SC_SUCCESS) - return r; + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); } else puk_id = 0; r = asepcos_do_store_pin(profile, card, pinfo, pin, pin_len, puk_id, pid); if (r != SC_SUCCESS) - return r; + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); #if 1 if (pinfo->flags & SC_PKCS15_PIN_FLAG_SO_PIN || @@ -436,24 +418,18 @@ * first USER PIN has been set we can tighten the ACLs of * the application DF. */ - sc_debug(card->ctx, "finalizing application DF"); - - /* first we need to fix the reference to pin in the key - * keycache as sc_pkcs15init_fixup_file() will otherwise - * mess up the ACLs */ - asepcos_fix_pin_reference(pinfo); - + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "finalizing application DF"); r = sc_select_file(card, &df->path, NULL); if (r != SC_SUCCESS) - return r; + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); /* remove symbolic references from the ACLs */ - r = sc_pkcs15init_fixup_file(profile, df); + r = sc_pkcs15init_fixup_file(profile, p15card, df); if (r != SC_SUCCESS) - return r; + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); r = sc_card_ctl(card, SC_CARDCTL_ASEPCOS_SET_SATTR, df); if (r != SC_SUCCESS) { - sc_error(card->ctx, "unable to change the security attributes"); - return r; + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "unable to change the security attributes"); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); } /* finally activate the application DF (fix ACLs) */ /* 1. select MF */ @@ -465,8 +441,8 @@ st.is_ef = 0; r = sc_card_ctl(card, SC_CARDCTL_ASEPCOS_ACTIVATE_FILE, &st); if (r != SC_SUCCESS) { - sc_error(card->ctx, "unable to activate DF"); - return r; + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "unable to activate DF"); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); } } #endif @@ -480,7 +456,7 @@ return r; pinfo->path = tpath; #endif - return r; + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); } /* internal wrapper for sc_pkcs15init_authenticate() @@ -490,21 +466,21 @@ * @param op the required access method * @return SC_SUCCESS on success and an error code otherwise */ -static int asepcos_do_authenticate(sc_profile_t *profile, sc_card_t *card, +static int asepcos_do_authenticate(sc_profile_t *profile, sc_pkcs15_card_t *p15card, const sc_path_t *path, int op) { int r; sc_file_t *prkey = NULL; r = sc_profile_get_file_by_path(profile, path, &prkey); if (r != SC_SUCCESS) { - sc_error(card->ctx, "unable to find file in profile"); + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "unable to find file in profile"); return r; } - r = sc_pkcs15init_authenticate(profile, card, prkey, op); + r = sc_pkcs15init_authenticate(profile, p15card, prkey, op); sc_file_free(prkey); if (r != SC_SUCCESS) { - sc_error(card->ctx, "unable to authenticate"); + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "unable to authenticate"); return r; } return SC_SUCCESS; @@ -539,7 +515,7 @@ *p++ = 0x82; p += 2; /* file id */ - *p++ = (fileid >> 8) && 0xff; + *p++ = (fileid >> 8) & 0xff; *p++ = fileid & 0xff; /* key size */ *p++ = (ksize >> 8) & 0xff; @@ -565,7 +541,7 @@ nfile->id = fileid & 0xffff; r = sc_file_set_prop_attr(nfile, buf, p - buf); if (r != SC_SUCCESS) { - sc_error(card->ctx, "unable to set key prop. attributes"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "unable to set key prop. attributes"); sc_file_free(nfile); return r; } @@ -573,7 +549,7 @@ r = sc_create_file(card, nfile); sc_file_free(nfile); if (r != SC_SUCCESS) { - sc_error(card->ctx, "unable to create key file"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "unable to create key file"); return r; } return r; @@ -581,7 +557,7 @@ /* creates a key file */ -static int asepcos_create_key(sc_profile_t *profile, sc_card_t *card, +static int asepcos_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_object_t *obj) { sc_pkcs15_prkey_info_t *kinfo = (sc_pkcs15_prkey_info_t *) obj->data; @@ -596,10 +572,12 @@ /* the key is proctected by a PIN */ /* XXX use the pkcs15 structures for this */ sc_cardctl_asepcos_akn2fileid_t st; - st.akn = sc_keycache_find_named_pin(NULL, SC_PKCS15INIT_USER_PIN); - r = sc_card_ctl(card, SC_CARDCTL_ASEPCOS_AKN2FILEID, &st); + + st.akn = sc_pkcs15init_get_pin_reference(p15card, profile, + SC_AC_SYMBOLIC, SC_PKCS15INIT_USER_PIN); + r = sc_card_ctl(p15card->card, SC_CARDCTL_ASEPCOS_AKN2FILEID, &st); if (r != SC_SUCCESS) { - sc_error(card->ctx, "unable to determine file id of the PIN"); + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "unable to determine file id of the PIN"); return r; } afileid = st.fileid; @@ -612,7 +590,7 @@ #endif /* authenticate if necessary */ - r = asepcos_do_authenticate(profile, card, &profile->df_info->file->path, SC_AC_OP_CREATE); + r = asepcos_do_authenticate(profile, p15card, &profile->df_info->file->path, SC_AC_OP_CREATE); if (r != SC_SUCCESS) return r; @@ -662,17 +640,19 @@ *p++ = 0x00; } - r = asepcos_do_create_key(card, kinfo->modulus_length, fileid, buf, p - buf); + r = asepcos_do_create_key(p15card->card, kinfo->modulus_length, fileid, buf, p - buf); if (r != SC_SUCCESS) { - sc_error(card->ctx, "unable to create private key file"); + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "unable to create private key file"); return r; } + + kinfo->key_reference = fileid & 0xFF; return r; } /* stores a rsa private key in a internal EF */ -static int asepcos_do_store_rsa_key(sc_card_t *card, sc_profile_t *profile, +static int asepcos_do_store_rsa_key(sc_pkcs15_card_t *p15card, sc_profile_t *profile, sc_pkcs15_object_t *obj, sc_pkcs15_prkey_info_t *kinfo, struct sc_pkcs15_prkey_rsa *key) { @@ -683,19 +663,20 @@ /* authenticate if necessary */ if (obj->auth_id.len != 0) { - r = asepcos_do_authenticate(profile, card, &kinfo->path, SC_AC_OP_UPDATE); + r = asepcos_do_authenticate(profile, p15card, &kinfo->path, SC_AC_OP_UPDATE); if (r != SC_SUCCESS) return r; } /* select the rsa private key */ + memset(&tpath, 0, sizeof(sc_path_t)); tpath.type = SC_PATH_TYPE_FILE_ID; tpath.len = 2; tpath.value[0] = kinfo->path.value[kinfo->path.len-2]; tpath.value[1] = kinfo->path.value[kinfo->path.len-1]; - r = sc_select_file(card, &tpath, NULL); + r = sc_select_file(p15card->card, &tpath, NULL); if (r != SC_SUCCESS) { - sc_error(card->ctx, "unable to select rsa key file"); + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "unable to select rsa key file"); return r; } @@ -732,9 +713,9 @@ ckdata.data = buf; ckdata.datalen = p - buf; - r = sc_card_ctl(card, SC_CARDCTL_ASEPCOS_CHANGE_KEY, &ckdata); + r = sc_card_ctl(p15card->card, SC_CARDCTL_ASEPCOS_CHANGE_KEY, &ckdata); if (r != SC_SUCCESS) { - sc_error(card->ctx, "unable to change key data"); + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "unable to change key data"); return r; } @@ -748,17 +729,17 @@ * @param key the private key * @return SC_SUCCESS on success and an error code otherwise */ -static int asepcos_store_key(sc_profile_t *profile, sc_card_t *card, +static int asepcos_store_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_object_t *obj, sc_pkcs15_prkey_t *key) { sc_pkcs15_prkey_info_t *kinfo = (sc_pkcs15_prkey_info_t *) obj->data; if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) { - sc_error(card->ctx, "only RSA is currently supported"); + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "only RSA is currently supported"); return SC_ERROR_NOT_SUPPORTED; } - return asepcos_do_store_rsa_key(card, profile, obj, kinfo, &key->u.rsa); + return asepcos_do_store_rsa_key(p15card, profile, obj, kinfo, &key->u.rsa); } /* Generates a new (RSA) key pair using an existing key file. @@ -768,29 +749,31 @@ * @param pukkey OUT the newly created public key * @return SC_SUCCESS on success and an error code otherwise */ -static int asepcos_generate_key(sc_profile_t *profile, sc_card_t *card, +static int asepcos_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_object_t *obj, sc_pkcs15_pubkey_t *pubkey) { int r; sc_pkcs15_prkey_info_t *kinfo = (sc_pkcs15_prkey_info_t *) obj->data; + sc_card_t *card = p15card->card; sc_apdu_t apdu; sc_path_t tpath; u8 rbuf[SC_MAX_APDU_BUFFER_SIZE], sbuf[SC_MAX_APDU_BUFFER_SIZE]; /* authenticate if necessary */ - r = asepcos_do_authenticate(profile, card, &kinfo->path, SC_AC_OP_UPDATE); + r = asepcos_do_authenticate(profile, p15card, &kinfo->path, SC_AC_OP_UPDATE); if (r != SC_SUCCESS) return r; /* select the rsa private key */ + memset(&tpath, 0, sizeof(sc_path_t)); tpath.type = SC_PATH_TYPE_FILE_ID; tpath.len = 2; tpath.value[0] = kinfo->path.value[kinfo->path.len-2]; tpath.value[1] = kinfo->path.value[kinfo->path.len-1]; r = sc_select_file(card, &tpath, NULL); if (r != SC_SUCCESS) { - sc_error(card->ctx, "unable to select rsa key file"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "unable to select rsa key file"); return r; } @@ -807,9 +790,9 @@ apdu.resp = rbuf; r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed"); if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00) { - sc_error(card->ctx, "error creating key"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "error creating key"); return SC_ERROR_INTERNAL; } @@ -825,6 +808,7 @@ return SC_ERROR_OUT_OF_MEMORY; memcpy(pubkey->u.rsa.exponent.data, sbuf, 3); + kinfo->key_reference = tpath.value[1]; return SC_SUCCESS; } @@ -842,8 +826,9 @@ asepcos_generate_key, NULL, NULL, /* encode private/public key */ NULL, /* finalize_card */ - NULL, NULL, NULL, NULL, NULL, /* old style api */ - NULL /* delete_object */ + NULL, /* delete_object */ + NULL, NULL, NULL, NULL, NULL, /* pkcs15init emulation */ + NULL /* sanity_check */ }; struct sc_pkcs15init_operations * sc_pkcs15init_get_asepcos_ops(void) diff -Nru opensc-0.11.13/src/pkcs15init/pkcs15-authentic.c opensc-0.12.1/src/pkcs15init/pkcs15-authentic.c --- opensc-0.11.13/src/pkcs15init/pkcs15-authentic.c 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/pkcs15-authentic.c 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,886 @@ +/* + * Specific operations for PKCS #15 initialization of the Oberthur's card + * COSMO v7 with applet AuthentIC v3 . + * + * Copyright (C) 2002 Juha Yrjölä + * Copyright (C) 2010 Viktor Tarasov + * OpenTrust + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifdef HAVE_CONFIG_H +#include +#endif + +#ifdef ENABLE_OPENSSL /* empty file without openssl */ +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "libopensc/opensc.h" +#include "libopensc/cardctl.h" +#include "libopensc/log.h" +#include "libopensc/pkcs15.h" +#include "libopensc/cards.h" +#include "libopensc/authentic.h" + +#include "pkcs15-init.h" +#include "profile.h" + +#define AUTHENTIC_CACHE_TIMESTAMP_PATH "3F0050159999" + +unsigned char authentic_v3_rsa_mechs[5] = { + AUTHENTIC_MECH_CRYPTO_RSA1024, + AUTHENTIC_MECH_CRYPTO_RSA1280, + AUTHENTIC_MECH_CRYPTO_RSA1536, + AUTHENTIC_MECH_CRYPTO_RSA1792, + AUTHENTIC_MECH_CRYPTO_RSA2048 +}; + +unsigned char authentic_v3_rsa_ac_ops[6] = { + SC_AC_OP_UPDATE, + SC_AC_OP_DELETE, + SC_AC_OP_PSO_DECRYPT, + SC_AC_OP_PSO_COMPUTE_SIGNATURE, + SC_AC_OP_INTERNAL_AUTHENTICATE, + SC_AC_OP_GENERATE +}; + +struct authentic_ac_access_usage { + unsigned ac_op; + unsigned access_rule; + unsigned usage; +}; +struct authentic_ac_access_usage authentic_v3_rsa_map_attributes[7] = { + {SC_AC_OP_UPDATE, SC_PKCS15_ACCESS_RULE_MODE_UPDATE, 0}, + {SC_AC_OP_DELETE, SC_PKCS15_ACCESS_RULE_MODE_DELETE, 0}, + {SC_AC_OP_PSO_DECRYPT, SC_PKCS15_ACCESS_RULE_MODE_PSO_DECRYPT, + SC_PKCS15_PRKEY_USAGE_DECRYPT | SC_PKCS15_PRKEY_USAGE_UNWRAP}, + {SC_AC_OP_PSO_COMPUTE_SIGNATURE, SC_PKCS15_ACCESS_RULE_MODE_PSO_CDS, + SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_NONREPUDIATION}, + {SC_AC_OP_INTERNAL_AUTHENTICATE, SC_PKCS15_ACCESS_RULE_MODE_INT_AUTH, + SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_SIGNRECOVER}, + {SC_AC_OP_GENERATE, SC_PKCS15_ACCESS_RULE_MODE_EXECUTE, 0}, + {0, 0, 0} +}; + +int authentic_pkcs15_delete_file(struct sc_pkcs15_card *p15card, struct sc_profile *profile, struct sc_file *df); + +static void +authentic_reference_to_pkcs15_id (unsigned int ref, struct sc_pkcs15_id *id) +{ + int ii, sz; + + for (ii=0, sz = 0; ii> 8*ii) + sz++; + + for (ii=0; ii < sz; ii++) + id->value[sz - ii - 1] = (ref >> 8*ii) & 0xFF; + + id->len = sz; +} + + +int +authentic_pkcs15_delete_file(struct sc_pkcs15_card *p15card, struct sc_profile *profile, + struct sc_file *df) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_card *card = p15card->card; + struct sc_path path; + unsigned long caps = card->caps; + int rv = 0; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "delete file(id:%04X)", df->id); + + card->caps |= SC_CARD_CAP_USE_FCI_AC; + rv = sc_pkcs15init_authenticate(profile, p15card, df, SC_AC_OP_DELETE); + card->caps = caps; + + LOG_TEST_RET(ctx, rv, "'DELETE' authentication failed"); + + memset(&path, 0, sizeof(path)); + path.type = SC_PATH_TYPE_FILE_ID; + path.value[0] = df->id >> 8; + path.value[1] = df->id & 0xFF; + path.len = 2; + + rv = sc_delete_file(card, &path); + LOG_FUNC_RETURN(ctx, rv); +} + + +/* + * Erase the card + * + */ +static int +authentic_pkcs15_erase_card(struct sc_profile *profile, struct sc_pkcs15_card *p15card) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_file *file = NULL; + struct sc_pkcs15_df *df; + int rv; + + LOG_FUNC_CALLED(ctx); + + if (p15card->file_odf) { + sc_log(ctx, "Select ODF path: %s", sc_print_path(&p15card->file_odf->path)); + rv = sc_select_file(p15card->card, &p15card->file_odf->path, NULL); + LOG_TEST_RET(ctx, rv, "Erase application error: cannot select ODF path"); + } + + for (df = p15card->df_list; df; df = df->next) { + struct sc_pkcs15_object *objs[32]; + unsigned obj_type = 0; + int ii; + + if (df->type == SC_PKCS15_PRKDF) + obj_type = SC_PKCS15_TYPE_PRKEY; + else if (df->type == SC_PKCS15_PUKDF) + obj_type = SC_PKCS15_TYPE_PUBKEY; + else if (df->type == SC_PKCS15_CDF) + obj_type = SC_PKCS15_TYPE_CERT; + else if (df->type == SC_PKCS15_DODF) + obj_type = SC_PKCS15_TYPE_DATA_OBJECT; + else + continue; + + if (df->enumerated) { + rv = sc_pkcs15_get_objects(p15card, obj_type, objs, 32); + LOG_TEST_RET(ctx, rv, "Failed to get PKCS#15 objects to remove"); + + for (ii=0; iicard, &df->path, &file); + if (rv == SC_ERROR_FILE_NOT_FOUND) + continue; + LOG_TEST_RET(ctx, rv, "Cannot select object data file"); + + rv = sc_erase_binary(p15card->card, 0, file->size, 0); + if (rv == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED) { + rv = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_UPDATE); + LOG_TEST_RET(ctx, rv, "'UPDATE' authentication failed"); + + rv = sc_erase_binary(p15card->card, 0, file->size, 0); + } + LOG_TEST_RET(ctx, rv, "Binary erase error"); + + sc_file_free(file); + + profile->dirty = 1; + } + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +/* + * Allocate a file + */ +static int +authentic_pkcs15_new_file(struct sc_profile *profile, struct sc_card *card, + unsigned int type, unsigned int num, struct sc_file **out) +{ + struct sc_context *ctx = card->ctx; + struct sc_file *file = NULL; + const char *t_name = NULL; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "type %X; num %i", type, num); + switch (type) { + case SC_PKCS15_TYPE_PRKEY_RSA: + t_name = "template-private-key"; + break; + case SC_PKCS15_TYPE_PUBKEY_RSA: + t_name = "template-public-key"; + break; + case SC_PKCS15_TYPE_CERT: + t_name = "template-certificate"; + break; + case SC_PKCS15_TYPE_DATA_OBJECT: + t_name = "template-public-data"; + break; + default: + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Profile template not supported"); + } + + sc_log(ctx, "df_info path '%s'", sc_print_path(&profile->df_info->file->path)); + rv = sc_profile_get_file(profile, t_name, &file); + LOG_TEST_RET(ctx, rv, "Error when getting file from template"); + + sc_log(ctx, "file(type:%X), path(type:%X,path:%s)", file->type, file->path.type, sc_print_path(&file->path)); + + file->id = (file->id & 0xFF00) | (num & 0xFF); + if (file->type != SC_FILE_TYPE_BSO) { + if (file->path.len == 0) { + file->path.type = SC_PATH_TYPE_FILE_ID; + file->path.len = 2; + } + file->path.value[file->path.len - 2] = (file->id >> 8) & 0xFF; + file->path.value[file->path.len - 1] = file->id & 0xFF; + file->path.count = -1; + } + + sc_log(ctx, "file(size:%i,type:%i/%i,id:%04X), path(type:%X,'%s')", file->size, file->type, file->ef_structure, file->id, + file->path.type, sc_print_path(&file->path)); + if (out) + *out = file; + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +/* + * Select a key reference + */ +static int +authentic_pkcs15_select_key_reference(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct sc_pkcs15_prkey_info *key_info) +{ + struct sc_context *ctx = p15card->card->ctx; + + LOG_FUNC_CALLED(ctx); + + /* In authentic PKCS#15 all crypto objects are locals */ + key_info->key_reference |= AUTHENTIC_OBJECT_REF_FLAG_LOCAL; + + if (key_info->key_reference > AUTHENTIC_V3_CRYPTO_OBJECT_REF_MAX) + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS); + + if (key_info->key_reference < AUTHENTIC_V3_CRYPTO_OBJECT_REF_MIN) + key_info->key_reference = AUTHENTIC_V3_CRYPTO_OBJECT_REF_MIN; + + sc_log(ctx, "returns key reference %i", key_info->key_reference); + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static int +authentic_docp_set_acls(struct sc_card *card, struct sc_file *file, + unsigned char *ops, size_t ops_len, + struct sc_authentic_sdo_docp *docp) +{ + struct sc_context *ctx = card->ctx; + int ii, offs; + + LOG_FUNC_CALLED(ctx); + if (ops_len > sizeof(docp->acl_data) / 2) + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS); + + for (ii=0, offs=0; iimethod == SC_AC_NEVER) { + docp->acl_data[offs++] = 0x00; + docp->acl_data[offs++] = 0x00; + } + else if (entry->method == SC_AC_NONE) { + docp->acl_data[offs++] = 0x00; + docp->acl_data[offs++] = 0x00; + } + else if (entry->method == SC_AC_CHV) { + if (!(entry->key_ref & AUTHENTIC_V3_CREDENTIAL_ID_MASK) + || (entry->key_ref & ~AUTHENTIC_V3_CREDENTIAL_ID_MASK)) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Non supported Credential Reference"); + + docp->acl_data[offs++] = 0x00; + docp->acl_data[offs++] = 0x01 << (entry->key_ref - 1); + } + } + + docp->acl_data_len = offs; + LOG_FUNC_RETURN(ctx, offs); +} + + +static int +authentic_sdo_allocate_prvkey(struct sc_profile *profile, struct sc_card *card, + struct sc_pkcs15_prkey_info *key_info, struct sc_authentic_sdo **out) +{ + struct sc_context *ctx = card->ctx; + struct sc_authentic_sdo *sdo = NULL; + struct sc_file *file = NULL; + int rv; + + LOG_FUNC_CALLED(ctx); + + if (!out) + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS); + + if ((key_info->modulus_length % 256) || key_info->modulus_length < 1024 || key_info->modulus_length > 2048) + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS); + + rv = authentic_pkcs15_new_file(profile, card, SC_PKCS15_TYPE_PRKEY_RSA, key_info->key_reference, &file); + LOG_TEST_RET(ctx, rv, "Cannot instantiate new PRKEY-RSA file"); + + sdo = calloc(1, sizeof(struct sc_authentic_sdo)); + if (!sdo) + LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot allocate 'sc_authentic_sdo'"); + + sdo->magic = AUTHENTIC_SDO_MAGIC; + sdo->docp.id = key_info->key_reference & ~AUTHENTIC_OBJECT_REF_FLAG_LOCAL; + sdo->docp.mech = authentic_v3_rsa_mechs[(key_info->modulus_length - 1024) / 256]; + + rv = authentic_docp_set_acls(card, file, authentic_v3_rsa_ac_ops, + sizeof(authentic_v3_rsa_ac_ops)/sizeof(authentic_v3_rsa_ac_ops[0]), &sdo->docp); + LOG_TEST_RET(ctx, rv, "Cannot set key ACLs from file"); + + sc_file_free(file); + + sc_log(ctx, "sdo(mech:%X,id:%X,acls:%s)", sdo->docp.mech, sdo->docp.id, + sc_dump_hex(sdo->docp.acl_data, sdo->docp.acl_data_len)); + if (out) + *out = sdo; + else + free(sdo); + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static int +authentic_pkcs15_add_access_rule(struct sc_pkcs15_object *object, unsigned access_mode, struct sc_pkcs15_id *auth_id) +{ + int ii; + + for (ii=0;iiaccess_rules[ii].access_mode) { + object->access_rules[ii].access_mode = access_mode; + if (auth_id) + object->access_rules[ii].auth_id = *auth_id; + else + object->access_rules[ii].auth_id.len = 0; + break; + } + else if (!auth_id && !object->access_rules[ii].auth_id.len) { + object->access_rules[ii].access_mode |= access_mode; + break; + } + else if (auth_id && sc_pkcs15_compare_id(&object->access_rules[ii].auth_id, auth_id)) { + object->access_rules[ii].access_mode |= access_mode; + break; + } + } + + if (ii==SC_PKCS15_MAX_ACCESS_RULES) + return SC_ERROR_TOO_MANY_OBJECTS; + + return SC_SUCCESS; +} + + +static int +authentic_pkcs15_fix_file_access_rule(struct sc_pkcs15_card *p15card, struct sc_file *file, + unsigned ac_op, unsigned rule_mode, struct sc_pkcs15_object *object) +{ + struct sc_context *ctx = p15card->card->ctx; + const struct sc_acl_entry *acl = NULL; + struct sc_pkcs15_id id; + unsigned ref; + int rv; + + LOG_FUNC_CALLED(ctx); + acl = sc_file_get_acl_entry(file, ac_op); + sc_log(ctx, "Fix access rule(op:%i;mode:%i) with ACL(method:%X,ref:%X)", + ac_op, rule_mode, acl->method, acl->key_ref); + if (acl->method == SC_AC_NEVER) { + sc_log(ctx, "ignore access rule(op:%i,mode:%i)", ac_op, rule_mode); + } + else if (acl->method == SC_AC_NONE) { + rv = authentic_pkcs15_add_access_rule(object, rule_mode, NULL); + LOG_TEST_RET(ctx, rv, "Fix file access rule error"); + } + else { + sc_log(ctx, "ACL(method:%X,ref:%X)", acl->method, acl->key_ref); + if (acl->method == SC_AC_CHV) { + ref = acl->key_ref; + authentic_reference_to_pkcs15_id (ref, &id); + } + else { + LOG_TEST_RET(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Fix file access error"); + } + + sc_log(ctx, "ACL(method:%X,ref:%X)", acl->method, acl->key_ref); + rv = authentic_pkcs15_add_access_rule(object, rule_mode, &id); + sc_log(ctx, "rv %i", rv); + LOG_TEST_RET(ctx, rv, "Fix file access rule error"); + } + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static int +authentic_pkcs15_fix_access(struct sc_pkcs15_card *p15card, struct sc_file *file, + struct sc_pkcs15_object *object) +{ + struct sc_context *ctx = p15card->card->ctx; + int rv, ii; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "authID %s", sc_pkcs15_print_id(&object->auth_id)); + + memset(object->access_rules, 0, sizeof(object->access_rules)); + + for (ii=0; authentic_v3_rsa_map_attributes[ii].access_rule; ii++) { + rv = authentic_pkcs15_fix_file_access_rule(p15card, file, + authentic_v3_rsa_map_attributes[ii].ac_op, + authentic_v3_rsa_map_attributes[ii].access_rule, + object); + LOG_TEST_RET(ctx, rv, "Fix file READ access error"); + } + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static int +authentic_pkcs15_fix_usage(struct sc_pkcs15_card *p15card, struct sc_pkcs15_object *object) +{ + struct sc_context *ctx = p15card->card->ctx; + int ii, jj; + + LOG_FUNC_CALLED(ctx); + if (object->type == SC_PKCS15_TYPE_PRKEY_RSA) { + struct sc_pkcs15_prkey_info *prkey_info = (struct sc_pkcs15_prkey_info *) object->data; + + sc_log(ctx, "fix private key usage 0x%X", prkey_info->usage); + for (ii=0;iiaccess_rules[ii].access_mode) + break; + + for (jj=0; authentic_v3_rsa_map_attributes[jj].access_rule; jj++) + if (authentic_v3_rsa_map_attributes[jj].access_rule & object->access_rules[ii].access_mode) + prkey_info->usage |= authentic_v3_rsa_map_attributes[jj].usage; + } + sc_log(ctx, "fixed private key usage 0x%X", prkey_info->usage); + } + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static void +authentic_free_sdo_data(struct sc_authentic_sdo *sdo) +{ + int rsa_mechs_num = sizeof(authentic_v3_rsa_mechs)/sizeof(authentic_v3_rsa_mechs[0]); + int ii; + + if (!sdo) + return; + + if (sdo->file) + sc_file_free(sdo->file); + + for (ii=0; iidocp.mech == authentic_v3_rsa_mechs[ii]) + break; + if (iidata.prvkey); +} + + +static int +authentic_pkcs15_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct sc_pkcs15_object *object) +{ + struct sc_card *card = p15card->card; + struct sc_context *ctx = card->ctx; + struct sc_authentic_sdo *sdo = NULL; + struct sc_pkcs15_prkey_info *key_info = (struct sc_pkcs15_prkey_info *) object->data; + struct sc_file *file_p_prvkey = NULL, *parent = NULL; + size_t keybits = key_info->modulus_length; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "create private key(keybits:%i,usage:%X,access:%X,ref:%X)", keybits, + key_info->usage, key_info->access_flags, key_info->key_reference); + if (keybits < 1024 || keybits > 2048 || (keybits % 256)) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Invalid RSA key size"); + + rv = authentic_pkcs15_new_file(profile, card, SC_PKCS15_TYPE_PRKEY_RSA, key_info->key_reference, &file_p_prvkey); + LOG_TEST_RET(ctx, rv, "IasEcc pkcs15 new PRKEY_RSA file error"); + + key_info->key_reference |= AUTHENTIC_OBJECT_REF_FLAG_LOCAL; + + rv = sc_select_file(card, &file_p_prvkey->path, &parent); + LOG_TEST_RET(ctx, rv, "DF for the private objects not defined"); + + rv = sc_pkcs15init_authenticate(profile, p15card, parent, SC_AC_OP_CRYPTO); + LOG_TEST_RET(ctx, rv, "SC_AC_OP_CRYPTO authentication failed for parent DF"); + + sc_file_free(parent); + + key_info->access_flags = SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE + | SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE + | SC_PKCS15_PRKEY_ACCESS_SENSITIVE; + + rv = authentic_sdo_allocate_prvkey(profile, card, key_info, &sdo); + LOG_TEST_RET(ctx, rv, "IasEcc: init SDO private key failed"); + + rv = sc_card_ctl(card, SC_CARDCTL_AUTHENTIC_SDO_CREATE, sdo); + if (rv == SC_ERROR_FILE_ALREADY_EXISTS) { + unsigned long caps = p15card->card->caps; + + p15card->card->caps &= ~SC_CARD_CAP_USE_FCI_AC; + rv = sc_pkcs15init_authenticate(profile, p15card, file_p_prvkey, SC_AC_OP_DELETE); + p15card->card->caps = caps; + LOG_TEST_RET(ctx, rv, "SC_AC_OP_CRYPTO authentication failed for parent DF"); + + rv = sc_card_ctl(card, SC_CARDCTL_AUTHENTIC_SDO_DELETE, sdo); + LOG_TEST_RET(ctx, rv, "SC_CARDCTL_AUTHENTIC_SDO_DELETE failed for private key"); + + rv = sc_card_ctl(card, SC_CARDCTL_AUTHENTIC_SDO_CREATE, sdo); + } + LOG_TEST_RET(ctx, rv, "SC_CARDCTL_AUTHENTIC_SDO_CREATE failed"); + + rv = authentic_pkcs15_fix_access(p15card, file_p_prvkey, object); + LOG_TEST_RET(ctx, rv, "cannot fix access rules for private key"); + + rv = authentic_pkcs15_fix_usage(p15card, object); + LOG_TEST_RET(ctx, rv, "cannot fix access rules for private key"); + + /* Here fix the key's supported algorithms, if these ones will be implemented + * (see src/libopensc/pkcs15-prkey.c). + */ + + sdo->file = file_p_prvkey; + sc_log(ctx, "sdo->file:%p", sdo->file); + + rv = sc_pkcs15_allocate_object_content(object, (unsigned char *)sdo, sizeof(struct sc_authentic_sdo)); + LOG_TEST_RET(ctx, rv, "Failed to allocate PrvKey SDO as object content"); + + LOG_FUNC_RETURN(ctx, rv); +} + + +/* + * RSA key generation + */ +static int +authentic_pkcs15_generate_key(struct sc_profile *profile, sc_pkcs15_card_t *p15card, + struct sc_pkcs15_object *object, struct sc_pkcs15_pubkey *pubkey) +{ + struct sc_card *card = p15card->card; + struct sc_context *ctx = card->ctx; + struct sc_pkcs15_prkey_info *key_info = (struct sc_pkcs15_prkey_info *) object->data; + size_t keybits = key_info->modulus_length; + struct sc_authentic_sdo *sdo = NULL; + unsigned long caps; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "generate key(bits:%i,path:%s,AuthID:%s\n", keybits, + sc_print_path(&key_info->path), sc_pkcs15_print_id(&object->auth_id)); + + if (!object->content.value || object->content.len != sizeof(struct sc_authentic_sdo)) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Invalid PrKey SDO data"); + else if (keybits < 1024 || keybits > 2048 || (keybits % 256)) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Invalid RSA key size"); + + sdo = (struct sc_authentic_sdo *)object->content.value; + if (sdo->magic != AUTHENTIC_SDO_MAGIC) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "'Magic' control failed for SDO PrvKey"); + + rv = sc_select_file(card, &key_info->path, NULL); + LOG_TEST_RET(ctx, rv, "failed to select parent DF"); + + caps = card->caps; + card->caps &= ~SC_CARD_CAP_USE_FCI_AC; + rv = sc_pkcs15init_authenticate(profile, p15card, sdo->file, SC_AC_OP_GENERATE); + card->caps = caps; + LOG_TEST_RET(ctx, rv, "SC_AC_OP_GENERATE authentication failed"); + + key_info->access_flags |= SC_PKCS15_PRKEY_ACCESS_LOCAL; + + rv = sc_card_ctl(card, SC_CARDCTL_AUTHENTIC_SDO_GENERATE, sdo); + LOG_TEST_RET(ctx, rv, "generate key failed"); + + pubkey->algorithm = SC_ALGORITHM_RSA; + //FIXME: allocate/copy/free to reduce memory likage + pubkey->u.rsa.modulus = sdo->data.prvkey->u.rsa.modulus; + pubkey->u.rsa.exponent = sdo->data.prvkey->u.rsa.exponent; + sdo->data.prvkey = NULL; + + rv = sc_pkcs15_encode_pubkey(ctx, pubkey, &pubkey->data.value, &pubkey->data.len); + LOG_TEST_RET(ctx, rv, "encode public key failed"); + + /* Here fix the key's supported algorithms, if these ones will be implemented + * (see src/libopensc/pkcs15-prkey.c). + */ + + authentic_free_sdo_data(sdo); + + rv = sc_pkcs15_allocate_object_content(object, pubkey->data.value, pubkey->data.len); + LOG_TEST_RET(ctx, rv, "Failed to allocate public key as object content"); + + LOG_FUNC_RETURN(ctx, rv); +} + + +/* + * Store a private key + */ +static int +authentic_pkcs15_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct sc_pkcs15_object *object, struct sc_pkcs15_prkey *prvkey) +{ + struct sc_card *card = p15card->card; + struct sc_context *ctx = card->ctx; + struct sc_pkcs15_prkey_info *key_info = (struct sc_pkcs15_prkey_info *) object->data; + size_t keybits = key_info->modulus_length; + struct sc_authentic_sdo *sdo; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "Store IAS/ECC key(keybits:%i,AuthID:%s,path:%s)", + keybits, sc_pkcs15_print_id(&object->auth_id), sc_print_path(&key_info->path)); + + if (!object->content.value || object->content.len != sizeof(struct sc_authentic_sdo)) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Invalid PrKey SDO data"); + else if (keybits < 1024 || keybits > 2048 || (keybits % 256)) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Invalid RSA key size"); + + key_info->access_flags &= ~SC_PKCS15_PRKEY_ACCESS_LOCAL; + + sdo = (struct sc_authentic_sdo *)object->content.value; + if (sdo->magic != AUTHENTIC_SDO_MAGIC) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "'Magic' control failed for SDO PrvKey"); + + rv = sc_select_file(card, &key_info->path, NULL); + LOG_TEST_RET(ctx, rv, "failed to select parent DF"); + + sdo->data.prvkey = prvkey; + + sc_log(ctx, "sdo(mech:%X,id:%X,acls:%s)", sdo->docp.mech, sdo->docp.id, + sc_dump_hex(sdo->docp.acl_data, sdo->docp.acl_data_len)); + + card->caps &= ~SC_CARD_CAP_USE_FCI_AC; + rv = sc_pkcs15init_authenticate(profile, p15card, sdo->file, SC_AC_OP_UPDATE); + LOG_TEST_RET(ctx, rv, "SC_AC_OP_GENERATE authentication failed"); + + rv = sc_card_ctl(card, SC_CARDCTL_AUTHENTIC_SDO_STORE, sdo); + LOG_TEST_RET(ctx, rv, "store IAS SDO PRIVATE KEY failed"); + + authentic_free_sdo_data(sdo); + sc_pkcs15_free_object_content(object); + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +authentic_pkcs15_delete_rsa_sdo (struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct sc_pkcs15_prkey_info *key_info) +{ + struct sc_context *ctx = p15card->card->ctx; + unsigned long caps = p15card->card->caps; + struct sc_authentic_sdo sdo; + struct sc_file *file = NULL; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "delete SDO RSA key (ref:%i,size:%i)", key_info->key_reference, key_info->modulus_length); + + rv = authentic_pkcs15_new_file(profile, p15card->card, SC_PKCS15_TYPE_PRKEY_RSA, key_info->key_reference, &file); + LOG_TEST_RET(ctx, rv, "PRKEY_RSA instantiation file error"); + + p15card->card->caps &= ~SC_CARD_CAP_USE_FCI_AC; + rv = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_DELETE); + p15card->card->caps = caps; + LOG_TEST_RET(ctx, rv, "'DELETE' authentication failed for parent RSA key"); + + sdo.magic = AUTHENTIC_SDO_MAGIC; + sdo.docp.id = key_info->key_reference & ~AUTHENTIC_OBJECT_REF_FLAG_LOCAL; + sdo.docp.mech = authentic_v3_rsa_mechs[(key_info->modulus_length - 1024) / 256]; + + rv = sc_card_ctl(p15card->card, SC_CARDCTL_AUTHENTIC_SDO_DELETE, &sdo); + if (rv == SC_ERROR_DATA_OBJECT_NOT_FOUND) + rv = SC_SUCCESS; + LOG_TEST_RET(ctx, rv, "SC_CARDCTL_AUTHENTIC_SDO_DELETE failed for private key"); + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +authentic_pkcs15_delete_object (struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct sc_pkcs15_object *object, const struct sc_path *path) +{ + struct sc_context *ctx = p15card->card->ctx; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "delete PKCS15 object: type %X; path %s\n", object->type, sc_print_path(path)); + + switch(object->type & SC_PKCS15_TYPE_CLASS_MASK) { + case SC_PKCS15_TYPE_PRKEY: + rv = authentic_pkcs15_delete_rsa_sdo (profile, p15card, (struct sc_pkcs15_prkey_info *)object->data); + LOG_FUNC_RETURN(ctx, rv); + case SC_PKCS15_TYPE_PUBKEY: + LOG_FUNC_RETURN(ctx, SC_SUCCESS); + default: + LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED); + } + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static int +authentic_store_pubkey(struct sc_pkcs15_card *p15card, struct sc_profile *profile, struct sc_pkcs15_object *object, + struct sc_pkcs15_der *data, struct sc_path *path) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_pubkey_info *pubkey_info = (struct sc_pkcs15_pubkey_info *)object->data; + struct sc_pkcs15_prkey_info *prkey_info = NULL; + struct sc_pkcs15_object *prkey_object = NULL; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "Public Key id '%s'", sc_pkcs15_print_id(&pubkey_info->id)); + + rv = sc_pkcs15_find_prkey_by_id(p15card, &pubkey_info->id, &prkey_object); + LOG_TEST_RET(ctx, rv, "Find related PrKey error"); + + prkey_info = (struct sc_pkcs15_prkey_info *)prkey_object->data; + + pubkey_info->key_reference = prkey_info->key_reference; + + pubkey_info->access_flags = prkey_info->access_flags & SC_PKCS15_PRKEY_ACCESS_LOCAL; + pubkey_info->access_flags |= SC_PKCS15_PRKEY_ACCESS_EXTRACTABLE; + + pubkey_info->native = 0; + + pubkey_info->usage |= prkey_info->usage & SC_PKCS15_PRKEY_USAGE_SIGN ? SC_PKCS15_PRKEY_USAGE_VERIFY : 0; + pubkey_info->usage |= prkey_info->usage & SC_PKCS15_PRKEY_USAGE_SIGNRECOVER ? SC_PKCS15_PRKEY_USAGE_VERIFYRECOVER : 0; + pubkey_info->usage |= prkey_info->usage & SC_PKCS15_PRKEY_USAGE_NONREPUDIATION ? SC_PKCS15_PRKEY_USAGE_VERIFY : 0; + pubkey_info->usage |= prkey_info->usage & SC_PKCS15_PRKEY_USAGE_DECRYPT ? SC_PKCS15_PRKEY_USAGE_ENCRYPT : 0; + pubkey_info->usage |= prkey_info->usage & SC_PKCS15_PRKEY_USAGE_UNWRAP ? SC_PKCS15_PRKEY_USAGE_WRAP : 0; + + authentic_pkcs15_add_access_rule(object, SC_PKCS15_ACCESS_RULE_MODE_READ, NULL); + + /* Here, if key supported algorithms will be implemented (see src/libopensc/pkcs15-prkey.c), + * copy private key supported algorithms to the public key's ones. + */ + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static int +authentic_emu_store_data(struct sc_pkcs15_card *p15card, struct sc_profile *profile, + struct sc_pkcs15_object *object, + struct sc_pkcs15_der *data, struct sc_path *path) + +{ + struct sc_context *ctx = p15card->card->ctx; + int rv = SC_ERROR_NOT_IMPLEMENTED; + + LOG_FUNC_CALLED(ctx); + + switch (object->type & SC_PKCS15_TYPE_CLASS_MASK) { + case SC_PKCS15_TYPE_PUBKEY: + rv = authentic_store_pubkey(p15card, profile, object, data, path); + break; + } + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +authentic_emu_update_tokeninfo(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct sc_pkcs15_tokeninfo *tinfo) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_file *file = NULL; + struct sc_path path; + unsigned char buffer[8]; + int rv,len; + + sc_format_path(AUTHENTIC_CACHE_TIMESTAMP_PATH, &path); + rv = sc_select_file(p15card->card, &path, &file); + if (!rv) { + rv = sc_get_challenge(p15card->card, buffer, sizeof(buffer)); + LOG_TEST_RET(ctx, rv, "Get challenge error"); + + len = file->size > sizeof(buffer) ? sizeof(buffer) : file->size; + rv = sc_update_binary(p15card->card, 0, buffer, len, 0); + LOG_TEST_RET(ctx, rv, "Get challenge error"); + + sc_file_free(file); + } + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static struct sc_pkcs15init_operations +sc_pkcs15init_authentic_operations = { + authentic_pkcs15_erase_card, + NULL, /* init_card */ + NULL, /* create_dir */ + NULL, /* create_domain */ + NULL, /* select_pin_reference */ + NULL, /* create_pin */ + authentic_pkcs15_select_key_reference, + authentic_pkcs15_create_key, + authentic_pkcs15_store_key, + authentic_pkcs15_generate_key, + NULL, /* encode private key */ + NULL, /* encode public key */ + NULL, /* finalize_card */ + authentic_pkcs15_delete_object, + + /* pkcs15init emulation */ + NULL, + NULL, + authentic_emu_update_tokeninfo, + NULL, + authentic_emu_store_data, + + NULL, /* sanity_check */ +}; + + +struct sc_pkcs15init_operations * +sc_pkcs15init_get_authentic_ops(void) +{ + return &sc_pkcs15init_authentic_operations; +} + +#endif /* ENABLE_OPENSSL */ diff -Nru opensc-0.11.13/src/pkcs15init/pkcs15-cardos.c opensc-0.12.1/src/pkcs15init/pkcs15-cardos.c --- opensc-0.11.13/src/pkcs15init/pkcs15-cardos.c 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/pkcs15-cardos.c 2011-05-17 17:07:00.000000000 +0000 @@ -19,19 +19,19 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #include #include #include #include -#include -#include -#include -#include -#include + +#include "libopensc/opensc.h" +#include "libopensc/cardctl.h" +#include "libopensc/log.h" +#include "libopensc/cards.h" +#include "libopensc/asn1.h" #include "pkcs15-init.h" #include "profile.h" @@ -54,7 +54,7 @@ const u8 *pin, size_t pin_len); static int cardos_create_sec_env(sc_profile_t *, sc_card_t *, unsigned int, unsigned int); -static int cardos_put_key(struct sc_profile *, sc_card_t *, +static int cardos_put_key(struct sc_profile *, sc_pkcs15_card_t *, int, sc_pkcs15_prkey_info_t *, struct sc_pkcs15_prkey_rsa *); static int cardos_key_algorithm(unsigned int, size_t, int *); @@ -117,30 +117,30 @@ * it's close enough to be useful. */ static int -cardos_erase(struct sc_profile *profile, sc_card_t *card) +cardos_erase(struct sc_profile *profile, sc_pkcs15_card_t *p15card) { - return sc_pkcs15init_erase_card_recursively(card, profile, -1); + return sc_pkcs15init_erase_card_recursively(p15card, profile); } /* * Create the Application DF */ static int -cardos_create_dir(sc_profile_t *profile, sc_card_t *card, sc_file_t *df) +cardos_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df) { int r; /* Create the application DF */ - if ((r = sc_pkcs15init_create_file(profile, card, df)) < 0) + if ((r = sc_pkcs15init_create_file(profile, p15card, df)) < 0) return r; - if ((r = sc_select_file(card, &df->path, NULL)) < 0) + if ((r = sc_select_file(p15card->card, &df->path, NULL)) < 0) return r; /* Create a default security environment for this DF. * This SE autometically becomes the current SE when the * DF is selected. */ - if ((r = cardos_create_sec_env(profile, card, 0x01, 0x00)) < 0) + if ((r = cardos_create_sec_env(profile, p15card->card, 0x01, 0x00)) < 0) return r; return 0; @@ -151,7 +151,7 @@ * See if it's good, and if it isn't, propose something better */ static int -cardos_select_pin_reference(sc_profile_t *profile, sc_card_t *card, +cardos_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_pin_info_t *pin_info) { int preferred, current; @@ -180,12 +180,13 @@ * Store a PIN */ static int -cardos_create_pin(sc_profile_t *profile, sc_card_t *card, sc_file_t *df, +cardos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df, sc_pkcs15_object_t *pin_obj, const u8 *pin, size_t pin_len, const u8 *puk, size_t puk_len) { sc_pkcs15_pin_info_t *pin_info = (sc_pkcs15_pin_info_t *) pin_obj->data; + struct sc_card *card = p15card->card; unsigned int puk_id = CARDOS_AC_NEVER; int r; @@ -219,17 +220,13 @@ * Select a key reference */ static int -cardos_select_key_reference(sc_profile_t *profile, sc_card_t *card, +cardos_select_key_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_prkey_info_t *key_info) { - struct sc_file *df = profile->df_info->file; - if (key_info->key_reference < CARDOS_KEY_ID_MIN) key_info->key_reference = CARDOS_KEY_ID_MIN; if (key_info->key_reference > CARDOS_KEY_ID_MAX) return SC_ERROR_TOO_MANY_OBJECTS; - - key_info->path = df->path; return 0; } @@ -238,7 +235,7 @@ * This is a no-op. */ static int -cardos_create_key(sc_profile_t *profile, sc_card_t *card, +cardos_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_object_t *obj) { return 0; @@ -248,25 +245,40 @@ * Store a private key object. */ static int -cardos_store_key(sc_profile_t *profile, sc_card_t *card, +cardos_store_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_object_t *obj, sc_pkcs15_prkey_t *key) { + struct sc_context *ctx = p15card->card->ctx; sc_pkcs15_prkey_info_t *key_info = (sc_pkcs15_prkey_info_t *) obj->data; + struct sc_file *file = NULL; int algorithm = 0, r; if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) { - sc_error(card->ctx, "CardOS supports RSA keys only."); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "CardOS supports RSA keys only."); return SC_ERROR_NOT_SUPPORTED; } if (cardos_key_algorithm(key_info->usage, key_info->modulus_length, &algorithm) < 0) { - sc_error(card->ctx, "CardOS does not support keys " + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "CardOS does not support keys " "that can both sign _and_ decrypt."); return SC_ERROR_NOT_SUPPORTED; } - r = cardos_put_key(profile, card, algorithm, key_info, &key->u.rsa); + r = sc_select_file(p15card->card, &key_info->path, &file); + if (r) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Failed to store key: cannot select parent DF"); + return r; + } + + r = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_UPDATE); + sc_file_free(file); + if (r) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Failed to store key: 'UPDATE' authentication failed"); + return r; + } + + r = cardos_put_key(profile, p15card, algorithm, key_info, &key->u.rsa); return r; } @@ -297,11 +309,12 @@ * Key generation */ static int -cardos_generate_key(sc_profile_t *profile, sc_card_t *card, +cardos_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_object_t *obj, sc_pkcs15_pubkey_t *pubkey) { - sc_pkcs15_prkey_info_t *key_info = (sc_pkcs15_prkey_info_t *) obj->data; + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_prkey_info *key_info = (sc_pkcs15_prkey_info_t *) obj->data; struct sc_pkcs15_prkey_rsa key_obj; struct sc_cardctl_cardos_genkey_info args; struct sc_file *temp; @@ -313,10 +326,10 @@ if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) return SC_ERROR_NOT_SUPPORTED; - rsa_max_size = (card->caps & SC_CARD_CAP_RSA_2048) ? 2048 : 1024; + rsa_max_size = (sc_card_find_rsa_alg(p15card->card, 2048) != NULL) ? 2048 : 1024; keybits = key_info->modulus_length & ~7UL; if (keybits > rsa_max_size) { - sc_error(card->ctx, "Unable to generate key, max size is %lu", + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Unable to generate key, max size is %lu", (unsigned long) rsa_max_size); return SC_ERROR_INVALID_ARGUMENTS; } @@ -325,19 +338,21 @@ use_ext_rsa = 1; if (cardos_key_algorithm(key_info->usage, keybits, &algorithm) < 0) { - sc_error(card->ctx, "CardOS does not support keys " + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "CardOS does not support keys " "that can both sign _and_ decrypt."); return SC_ERROR_NOT_SUPPORTED; } if (sc_profile_get_file(profile, "tempfile", &temp) < 0) { - sc_error(card->ctx, "Profile doesn't define temporary file " + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Profile doesn't define temporary file " "for key generation."); return SC_ERROR_NOT_SUPPORTED; } - pin_id = sc_keycache_find_named_pin(&key_info->path, SC_PKCS15INIT_USER_PIN); - if (pin_id > 0) { - r = sc_pkcs15init_verify_key(profile, card, NULL, SC_AC_CHV, pin_id); + + pin_id = sc_pkcs15init_get_pin_reference(p15card, profile, + SC_AC_SYMBOLIC, SC_PKCS15INIT_USER_PIN); + if (pin_id >= 0) { + r = sc_pkcs15init_verify_secret(profile, p15card, NULL, SC_AC_CHV, pin_id); if (r < 0) return r; } @@ -346,13 +361,13 @@ else temp->ef_structure = SC_FILE_EF_TRANSPARENT; - if ((r = sc_pkcs15init_create_file(profile, card, temp)) < 0) + if ((r = sc_pkcs15init_create_file(profile, p15card, temp)) < 0) goto out; delete_it = 1; init_key_object(&key_obj, abignum, keybits >> 3); - r = cardos_put_key(profile, card, algorithm, key_info, &key_obj); + r = cardos_put_key(profile, p15card, algorithm, key_info, &key_obj); if (r < 0) goto out; @@ -360,14 +375,14 @@ args.key_id = key_info->key_reference; args.key_bits = keybits; args.fid = temp->id; - r = sc_card_ctl(card, SC_CARDCTL_CARDOS_GENERATE_KEY, &args); + r = sc_card_ctl(p15card->card, SC_CARDCTL_CARDOS_GENERATE_KEY, &args); if (r < 0) goto out; - r = cardos_extract_pubkey(card, pubkey, temp, use_ext_rsa); + r = cardos_extract_pubkey(p15card->card, pubkey, temp, use_ext_rsa); out: if (delete_it != 0) - sc_pkcs15init_rmdir(card, profile, temp); + sc_pkcs15init_rmdir(p15card, profile, temp); sc_file_free(temp); if (r < 0) { @@ -399,7 +414,7 @@ * "no padding required". */ maxlen = MIN(profile->pin_maxlen, sizeof(pinpadded)); if (pin_len > maxlen) { - sc_error(card->ctx, "invalid pin length: %u (max %u)\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "invalid pin length: %u (max %u)\n", pin_len, maxlen); return SC_ERROR_INVALID_ARGUMENTS; } @@ -516,23 +531,22 @@ static int cardos_key_algorithm(unsigned int usage, size_t keylen, int *algop) { - int sign = 0, decipher = 0; - - if (usage & USAGE_ANY_SIGN) { - if (keylen <= 1024) - *algop = CARDOS_ALGO_RSA_PURE_SIG; - else - *algop = CARDOS_ALGO_EXT_RSA_SIG_PURE; - sign = 1; - } + /* if it is sign and decipher, we use decipher and emulate sign */ if (usage & USAGE_ANY_DECIPHER) { if (keylen <= 1024) *algop = CARDOS_ALGO_RSA_PURE; else *algop = CARDOS_ALGO_EXT_RSA_PURE; - decipher = 1; + return 0; + } + if (usage & USAGE_ANY_SIGN) { + if (keylen <= 1024) + *algop = CARDOS_ALGO_RSA_PURE_SIG; + else + *algop = CARDOS_ALGO_EXT_RSA_SIG_PURE; + return 0; } - return (sign == decipher)? -1 : 0; + return -1; } /* @@ -617,20 +631,24 @@ return sc_card_ctl(card, SC_CARDCTL_CARDOS_PUT_DATA_OCI, &args); } -static int cardos_put_key(sc_profile_t *profile, sc_card_t *card, + +static int +cardos_put_key(sc_profile_t *profile, struct sc_pkcs15_card *p15card, int algorithm, sc_pkcs15_prkey_info_t *key_info, struct sc_pkcs15_prkey_rsa *key) { + struct sc_card *card = p15card->card; int r, key_id, pin_id; - key_id = key_info->key_reference; - pin_id = sc_keycache_find_named_pin(&key_info->path, SC_PKCS15INIT_USER_PIN); + pin_id = sc_pkcs15init_get_pin_reference(p15card, profile, SC_AC_SYMBOLIC, + SC_PKCS15INIT_USER_PIN); if (pin_id < 0) pin_id = 0; + key_id = key_info->key_reference; if (key_info->modulus_length > 1024 && (card->type == SC_CARD_TYPE_CARDOS_M4_2 || card->type == SC_CARD_TYPE_CARDOS_M4_3 ||card->type == SC_CARD_TYPE_CARDOS_M4_2B || - card->type == SC_CARD_TYPE_CARDOS_M4_2C )) { + card->type == SC_CARD_TYPE_CARDOS_M4_2C ||card->type == SC_CARD_TYPE_CARDOS_M4_4)) { r = cardos_store_key_component(card, algorithm, key_id, pin_id, 0, key->p.data, key->p.len, 0, 0); if (r != SC_SUCCESS) @@ -675,13 +693,13 @@ return SC_ERROR_INVALID_ARGUMENTS; data = sc_asn1_find_tag(card->ctx, data, len, 0x7f49, &ilen); if (data == NULL) { - sc_error(card->ctx, "invalid public key data: missing tag"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "invalid public key data: missing tag"); return SC_ERROR_INTERNAL; } p = sc_asn1_find_tag(card->ctx, data, ilen, 0x81, &tlen); if (p == NULL) { - sc_error(card->ctx, "invalid public key data: missing modulus"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "invalid public key data: missing modulus"); return SC_ERROR_INTERNAL; } pubkey->u.rsa.modulus.len = tlen; @@ -692,7 +710,7 @@ p = sc_asn1_find_tag(card->ctx, data, ilen, 0x82, &tlen); if (p == NULL) { - sc_error(card->ctx, "invalid public key data: missing exponent"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "invalid public key data: missing exponent"); return SC_ERROR_INTERNAL; } pubkey->u.rsa.exponent.len = tlen; @@ -719,7 +737,7 @@ || buf[2] != count + 1 || buf[3] != 0) return SC_ERROR_INTERNAL; bn->len = count; - bn->data = (u8 *) malloc(count); + bn->data = malloc(count); if (bn->data == NULL) return SC_ERROR_OUT_OF_MEMORY; memcpy(bn->data, buf + 4, count); @@ -772,8 +790,9 @@ cardos_generate_key, NULL, NULL, /* encode private/public key */ NULL, /* finalize_card */ - NULL, NULL, NULL, NULL, NULL, /* old style api */ - NULL /* delete_object */ + NULL, /* delete_object */ + NULL, NULL, NULL, NULL, NULL, /* pkcs15init emulation */ + NULL /* sanity_check */ }; struct sc_pkcs15init_operations * diff -Nru opensc-0.11.13/src/pkcs15init/pkcs15-cflex.c opensc-0.12.1/src/pkcs15init/pkcs15-cflex.c --- opensc-0.11.13/src/pkcs15init/pkcs15-cflex.c 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/pkcs15-cflex.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,37 +18,38 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #include #include -#include -#include -#include + +#include "libopensc/opensc.h" +#include "libopensc/cardctl.h" +#include "libopensc/log.h" #include "pkcs15-init.h" -#include "keycache.h" #include "profile.h" static void invert_buf(u8 *dest, const u8 *src, size_t c); -static int cflex_create_dummy_chvs(sc_profile_t *, sc_card_t *, +static int cflex_create_dummy_chvs(sc_profile_t *, sc_pkcs15_card_t *, sc_file_t *, int, sc_file_t **); -static void cflex_delete_dummy_chvs(sc_profile_t *, sc_card_t *, +static void cflex_delete_dummy_chvs(sc_profile_t *, sc_pkcs15_card_t *, int, sc_file_t **); -static int cflex_create_pin_file(sc_profile_t *, sc_card_t *, +static int cflex_create_pin_file(sc_profile_t *, sc_pkcs15_card_t *, sc_path_t *, int, const u8 *, size_t, int, const u8 *, size_t, int, sc_file_t **, int); -static int cflex_create_empty_pin_file(sc_profile_t *, sc_card_t *, +static int cflex_create_empty_pin_file(sc_profile_t *, sc_pkcs15_card_t *, sc_path_t *, int, sc_file_t **); static int cflex_get_keyfiles(sc_profile_t *, sc_card_t *, const sc_path_t *, sc_file_t **, sc_file_t **); +unsigned char dummy_pin_value[6] = {0x30, 0x30, 0x30, 0x30, 0x30, 0x30}; + static int -cflex_delete_file(sc_profile_t *profile, sc_card_t *card, sc_file_t *df) +cflex_delete_file(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df) { sc_path_t path; sc_file_t *parent; @@ -56,11 +57,11 @@ /* Select the parent DF */ path = df->path; path.len -= 2; - r = sc_select_file(card, &path, &parent); + r = sc_select_file(p15card->card, &path, &parent); if (r < 0) return r; - r = sc_pkcs15init_authenticate(profile, card, parent, SC_AC_OP_DELETE); + r = sc_pkcs15init_authenticate(profile, p15card, parent, SC_AC_OP_DELETE); sc_file_free(parent); if (r < 0) return r; @@ -72,20 +73,20 @@ path.value[1] = df->id & 0xFF; path.len = 2; - sc_ctx_suppress_errors_on(card->ctx); - r = sc_delete_file(card, &path); - sc_ctx_suppress_errors_off(card->ctx); + r = sc_delete_file(p15card->card, &path); return r; } /* * Erase the card via rm */ -static int cflex_erase_card(struct sc_profile *profile, sc_card_t *card) +static int cflex_erase_card(struct sc_profile *profile, sc_pkcs15_card_t *p15card) { + struct sc_context *ctx = p15card->card->ctx; sc_file_t *df = profile->df_info->file, *dir, *userpinfile = NULL; int r; + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); /* Delete EF(DIR). This may not be very nice * against other applications that use this file, but * extremely useful for testing :) @@ -93,20 +94,20 @@ * it *after* the DF. * */ if (sc_profile_get_file(profile, "DIR", &dir) >= 0) { - r = cflex_delete_file(profile, card, dir); + r = cflex_delete_file(profile, p15card, dir); sc_file_free(dir); if (r < 0 && r != SC_ERROR_FILE_NOT_FOUND) goto out; } - r=cflex_delete_file(profile, card, df); + r=cflex_delete_file(profile, p15card, df); /* If the user pin file isn't in a sub-DF of the pkcs15 DF, delete it */ if (sc_profile_get_file(profile, "pinfile-1", &userpinfile) >= 0 && userpinfile->path.len <= profile->df_info->file->path.len + 2 && memcmp(userpinfile->path.value, profile->df_info->file->path.value, userpinfile->path.len) != 0) { - r = cflex_delete_file(profile, card, userpinfile); + r = cflex_delete_file(profile, p15card, userpinfile); sc_file_free(userpinfile); userpinfile=NULL; } @@ -115,11 +116,12 @@ out: /* Forget all cached keys, the pin files on card are all gone. */ if (userpinfile) sc_file_free(userpinfile); - sc_keycache_forget_key(NULL, -1, -1); - sc_free_apps(card); + + sc_free_apps(p15card->card); if (r == SC_ERROR_FILE_NOT_FOUND) r=0; - return r; + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); } /* @@ -127,7 +129,7 @@ * For the cryptoflex, read the card's serial number from 3F00 0002 */ static int -cryptoflex_init_card(sc_profile_t *profile, sc_card_t *card) +cryptoflex_init_card(sc_profile_t *profile, sc_pkcs15_card_t *p15card) { sc_path_t path; sc_file_t *file; @@ -137,7 +139,7 @@ int r; sc_format_path("3F000002", &path); - if ((r = sc_select_file(card, &path, &file)) < 0) { + if ((r = sc_select_file(p15card->card, &path, &file)) < 0) { if (r == SC_ERROR_FILE_NOT_FOUND) return 0; return r; @@ -146,7 +148,7 @@ if ((len = file->size) > sizeof(buf)) len = sizeof(buf); sc_file_free(file); - if ((r = sc_read_binary(card, 0, buf, len, 0)) < 0) + if ((r = sc_read_binary(p15card->card, 0, buf, len, 0)) < 0) return r; len = r; if (len == 0) @@ -162,27 +164,27 @@ * Create a DF */ static int -cflex_create_dir(sc_profile_t *profile, sc_card_t *card, sc_file_t *df) +cflex_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df) { /* Create the application DF */ - return sc_pkcs15init_create_file(profile, card, df); + return sc_pkcs15init_create_file(profile, p15card, df); } /* * Create a PIN domain (i.e. a sub-directory holding a user PIN) */ static int -cflex_create_domain(sc_profile_t *profile, sc_card_t *card, +cflex_create_domain(sc_profile_t *profile, sc_pkcs15_card_t *p15card, const sc_pkcs15_id_t *id, sc_file_t **ret) { - return sc_pkcs15_create_pin_domain(profile, card, id, ret); + return sc_pkcs15_create_pin_domain(profile, p15card, id, ret); } /* * Select the PIN reference */ static int -cflex_select_pin_reference(sc_profile_t *profike, sc_card_t *card, +cflex_select_pin_reference(sc_profile_t *profike, sc_pkcs15_card_t *p15card, sc_pkcs15_pin_info_t *pin_info) { int preferred; @@ -209,15 +211,18 @@ * Create a new PIN inside a DF */ static int -cflex_create_pin(sc_profile_t *profile, sc_card_t *card, sc_file_t *df, +cflex_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df, sc_pkcs15_object_t *pin_obj, const u8 *pin, size_t pin_len, const u8 *puk, size_t puk_len) { + struct sc_context *ctx = p15card->card->ctx; sc_pkcs15_pin_info_t *pin_info = (sc_pkcs15_pin_info_t *) pin_obj->data; sc_file_t *dummies[2]; int ndummies, pin_type, puk_type, r; + sc_file_t *file; + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); /* If the profile doesn't specify a reference for this PIN, guess */ if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) { pin_type = SC_PKCS15INIT_SO_PIN; @@ -231,27 +236,28 @@ return SC_ERROR_INVALID_ARGUMENTS; } - ndummies = cflex_create_dummy_chvs(profile, card, - df, SC_AC_OP_CREATE, - dummies); - if (ndummies < 0) - return ndummies; + /* Get file definition from the profile */ + if (sc_profile_get_file(profile, (pin_info->reference == 1)? "CHV1" : "CHV2", &file) < 0 + && sc_profile_get_file(profile, "CHV", &file) < 0) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_FILE_NOT_FOUND, "profile does not define pin file ACLs"); + + ndummies = cflex_create_dummy_chvs(profile, p15card, file, SC_AC_OP_CREATE, dummies); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, ndummies, "Unable to create dummy CHV file"); - r = cflex_create_pin_file(profile, card, &df->path, - pin_info->reference, + r = cflex_create_pin_file(profile, p15card, &df->path, pin_info->reference, pin, pin_len, sc_profile_get_pin_retries(profile, pin_type), puk, puk_len, sc_profile_get_pin_retries(profile, puk_type), NULL, 0); - cflex_delete_dummy_chvs(profile, card, ndummies, dummies); - return r; + cflex_delete_dummy_chvs(profile, p15card, ndummies, dummies); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); } /* * Create a new key file */ static int -cflex_create_key(sc_profile_t *profile, sc_card_t *card, sc_pkcs15_object_t *obj) +cflex_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_object_t *obj) { sc_pkcs15_prkey_info_t *key_info = (sc_pkcs15_prkey_info_t *) obj->data; sc_file_t *prkf = NULL, *pukf = NULL; @@ -259,12 +265,12 @@ int r; if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) { - sc_error(card->ctx, "Cryptoflex supports only RSA keys."); + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "Cryptoflex supports only RSA keys."); return SC_ERROR_NOT_SUPPORTED; } /* Get the public and private key file */ - r = cflex_get_keyfiles(profile, card, &key_info->path, &prkf, &pukf); + r = cflex_get_keyfiles(profile, p15card->card, &key_info->path, &prkf, &pukf); if (r < 0) return r; @@ -275,7 +281,7 @@ case 1024: size = 326; break; case 2048: size = 646; break; default: - sc_error(card->ctx, "Unsupported key size %u\n", + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "Unsupported key size %u\n", key_info->modulus_length); r = SC_ERROR_INVALID_ARGUMENTS; goto out; @@ -287,8 +293,8 @@ pukf->size = size + 4; /* Now create the files */ - if ((r = sc_pkcs15init_create_file(profile, card, prkf)) < 0 - || (r = sc_pkcs15init_create_file(profile, card, pukf)) < 0) + if ((r = sc_pkcs15init_create_file(profile, p15card, prkf)) < 0 + || (r = sc_pkcs15init_create_file(profile, p15card, pukf)) < 0) goto out; key_info->key_reference = 0; @@ -300,15 +306,17 @@ return r; } + /* * Generate key */ static int -cflex_generate_key(sc_profile_t *profile, sc_card_t *card, +cflex_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_object_t *obj, sc_pkcs15_pubkey_t *pubkey) { struct sc_cardctl_cryptoflex_genkey_info args; + sc_card_t *card = p15card->card; sc_pkcs15_prkey_info_t *key_info = (sc_pkcs15_prkey_info_t *) obj->data; unsigned int keybits; unsigned char raw_pubkey[256]; @@ -316,10 +324,9 @@ int r; if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) { - sc_error(card->ctx, "Cryptoflex supports only RSA keys."); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Cryptoflex supports only RSA keys."); return SC_ERROR_NOT_SUPPORTED; } - /* Get the public and private key file */ r = cflex_get_keyfiles(profile, card, &key_info->path, &prkf, &pukf); if (r < 0) @@ -328,7 +335,7 @@ return SC_ERROR_NOT_SUPPORTED; /* Make sure we authenticate first */ - r = sc_pkcs15init_authenticate(profile, card, prkf, SC_AC_OP_CRYPTO); + r = sc_pkcs15init_authenticate(profile, p15card, prkf, SC_AC_OP_CRYPTO); if (r < 0) goto out; @@ -346,9 +353,9 @@ /* extract public key */ pubkey->algorithm = SC_ALGORITHM_RSA; pubkey->u.rsa.modulus.len = keybits / 8; - pubkey->u.rsa.modulus.data = (u8 *) malloc(keybits / 8); + pubkey->u.rsa.modulus.data = malloc(keybits / 8); pubkey->u.rsa.exponent.len = 3; - pubkey->u.rsa.exponent.data = (u8 *) malloc(3); + pubkey->u.rsa.exponent.data = malloc(3); memcpy(pubkey->u.rsa.exponent.data, "\x01\x00\x01", 3); if ((r = sc_select_file(card, &pukf->path, NULL)) < 0 || (r = sc_read_binary(card, 3, raw_pubkey, keybits / 8, 0)) < 0) @@ -367,21 +374,21 @@ * Store a private key */ static int -cflex_store_key(sc_profile_t *profile, sc_card_t *card, +cflex_store_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_object_t *obj, sc_pkcs15_prkey_t *key) { sc_pkcs15_prkey_info_t *key_info = (sc_pkcs15_prkey_info_t *) obj->data; + sc_card_t *card = p15card->card; sc_file_t *prkf, *pukf; unsigned char keybuf[1024]; size_t size; int r; if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) { - sc_error(card->ctx, "Cryptoflex supports only RSA keys."); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Cryptoflex supports only RSA keys."); return SC_ERROR_NOT_SUPPORTED; } - /* Get the public and private key file */ r = cflex_get_keyfiles(profile, card, &key_info->path, &prkf, &pukf); if (r < 0) @@ -395,7 +402,7 @@ if (r < 0) goto out; - r = sc_pkcs15init_update_file(profile, card, prkf, keybuf, size); + r = sc_pkcs15init_update_file(profile, p15card, prkf, keybuf, size); if (r < 0) goto out; @@ -407,7 +414,7 @@ if (r < 0) goto out; - r = sc_pkcs15init_update_file(profile, card, pukf, keybuf, size); + r = sc_pkcs15init_update_file(profile, p15card, pukf, keybuf, size); out: sc_file_free(prkf); sc_file_free(pukf); @@ -419,13 +426,15 @@ * a CHV1 file yet, create an unprotected dummy file in the MF. */ static int -cflex_create_dummy_chvs(sc_profile_t *profile, sc_card_t *card, +cflex_create_dummy_chvs(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *file, int op, sc_file_t **dummies) { + struct sc_context *ctx = p15card->card->ctx; const sc_acl_entry_t *acl; int r = 0, ndummies = 0; + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); /* See if the DF is supposed to be PIN protected, and if * it is, whether that CHV file actually exists. If it doesn't, * create it. @@ -451,9 +460,7 @@ && !memcmp(ef.value, parent.value, ef.len)) continue; - sc_ctx_suppress_errors_on(card->ctx); - r = sc_select_file(card, &ef, NULL); - sc_ctx_suppress_errors_off(card->ctx); + r = sc_select_file(p15card->card, &ef, NULL); } /* If a valid EF(CHVx) was found, we're fine */ @@ -465,7 +472,7 @@ /* Create a CHV file in the MF */ parent = file->path; parent.len = 2; - r = cflex_create_empty_pin_file(profile, card, &parent, + r = cflex_create_empty_pin_file(profile, p15card, &parent, acl->key_ref, &dummies[ndummies]); if (r < 0) break; @@ -473,18 +480,19 @@ } if (r < 0) { - cflex_delete_dummy_chvs(profile, card, ndummies, dummies); + cflex_delete_dummy_chvs(profile, p15card, ndummies, dummies); return r; } - return ndummies; + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, ndummies); } static void -cflex_delete_dummy_chvs(sc_profile_t *profile, sc_card_t *card, +cflex_delete_dummy_chvs(sc_profile_t *profile, sc_pkcs15_card_t *p15card, int ndummies, sc_file_t **dummies) { while (ndummies--) { - cflex_delete_file(profile, card, dummies[ndummies]); + cflex_delete_file(profile, p15card, dummies[ndummies]); sc_file_free(dummies[ndummies]); } } @@ -504,17 +512,20 @@ } static int -cflex_create_pin_file(sc_profile_t *profile, sc_card_t *card, +cflex_create_pin_file(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_path_t *df_path, int ref, const u8 *pin, size_t pin_len, int pin_tries, const u8 *puk, size_t puk_len, int puk_tries, sc_file_t **file_ret, int unprotected) { + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_object *pin_obj = NULL; unsigned char buffer[23]; sc_path_t path; sc_file_t *dummies[2], *file; int r, ndummies; + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); if (file_ret) *file_ret = NULL; @@ -524,30 +535,25 @@ path.value[path.len++] = 0; /* See if the CHV already exists */ - sc_ctx_suppress_errors_on(card->ctx); - r = sc_select_file(card, &path, NULL); - sc_ctx_suppress_errors_off(card->ctx); + r = sc_select_file(p15card->card, &path, NULL); if (r >= 0) return SC_ERROR_FILE_ALREADY_EXISTS; /* Get the file definition from the profile */ if (sc_profile_get_file_by_path(profile, &path, &file) < 0 - && sc_profile_get_file(profile, (ref == 1)? "CHV1" : "CHV2", &file) < 0 - && sc_profile_get_file(profile, "CHV", &file) < 0) { - sc_error(card->ctx, "profile does not define pin file ACLs\n"); - return SC_ERROR_FILE_NOT_FOUND; - } + && sc_profile_get_file(profile, (ref == 1)? "CHV1" : "CHV2", &file) < 0 + && sc_profile_get_file(profile, "CHV", &file) < 0) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_FILE_NOT_FOUND, "profile does not define pin file ACLs"); file->path = path; file->size = 23; file->id = (ref == 1)? 0x0000 : 0x0100; - if (unprotected) { - sc_file_add_acl_entry(file, SC_AC_OP_UPDATE, + if (unprotected) { + sc_file_add_acl_entry(file, SC_AC_OP_UPDATE, SC_AC_NONE, SC_AC_KEY_REF_NONE); } - /* Build the contents of the file */ buffer[0] = buffer[1] = buffer[2] = 0xFF; put_pin(profile, buffer + 3, pin, pin_len, pin_tries); @@ -555,49 +561,73 @@ /* For updating the file, create a dummy CHV files if * necessary */ - ndummies = cflex_create_dummy_chvs(profile, card, - file, SC_AC_OP_UPDATE, - dummies); - if (ndummies < 0) { - sc_error(card->ctx, - "Unable to create dummy CHV file: %s", - sc_strerror(ndummies)); - return ndummies; + ndummies = cflex_create_dummy_chvs(profile, p15card, + file, SC_AC_OP_UPDATE, dummies); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, ndummies, "Unable to create dummy CHV file"); + + if (!unprotected) { + struct sc_pin_cmd_data pin_cmd; + + memset(&pin_cmd, 0, sizeof(pin_cmd)); + pin_cmd.cmd = SC_PIN_CMD_VERIFY; + pin_cmd.pin_type = SC_AC_CHV; + pin_cmd.pin_reference = ref; + pin_cmd.pin1.data = dummy_pin_value; + pin_cmd.pin1.len = sizeof(dummy_pin_value); + + r = sc_pin_cmd(p15card->card, &pin_cmd, NULL); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot verify dummy PIN"); + + }; + + if (ref == 2) { + /* Cache dummy SOPIN value */ + r = sc_pkcs15_find_pin_by_type_and_reference(p15card, NULL, SC_AC_CHV, ref, &pin_obj); + if (!r && pin_obj) + sc_pkcs15_pincache_add(p15card, pin_obj, dummy_pin_value, sizeof(dummy_pin_value)); } - r = sc_pkcs15init_update_file(profile, card, file, buffer, 23); - if (r >= 0) - sc_keycache_put_key(df_path, SC_AC_CHV, ref, pin, pin_len); + r = sc_pkcs15init_create_file(profile, p15card, file); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Failed to create PIN file"); - if (r < 0 || file_ret == NULL) { + r = sc_update_binary(p15card->card, 0, buffer, 23, 0); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Failed to update PIN file"); + + if (r < 0 || file_ret == NULL) sc_file_free(file); - } else { + else *file_ret = file; - } /* Delete the dummy CHV files */ - cflex_delete_dummy_chvs(profile, card, ndummies, dummies); - return r; + cflex_delete_dummy_chvs(profile, p15card, ndummies, dummies); + + if (pin_obj) { + /* Cache new SOPIN value */ + sc_pkcs15_pincache_add(p15card, pin_obj, pin, pin_len); + } + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); } /* * Create a faux pin file */ static int -cflex_create_empty_pin_file(sc_profile_t *profile, sc_card_t *card, +cflex_create_empty_pin_file(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_path_t *path, int ref, sc_file_t **file_ret) { int r; + SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_NORMAL); *file_ret = NULL; - r = cflex_create_pin_file(profile, card, path, ref, - (const u8 *) "0000", 4, 8, + r = cflex_create_pin_file(profile, p15card, path, ref, + dummy_pin_value, sizeof(dummy_pin_value), 8, NULL, 0, 0, file_ret, 1); if (r == SC_ERROR_FILE_ALREADY_EXISTS) - return 0; + SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE, r); - return r; + SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE, r); } /* @@ -619,7 +649,7 @@ if (r != SC_SUCCESS) pbuf[0] = '\0'; - sc_error(card->ctx, "Cannot find private key file info " + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Cannot find private key file info " "in profile (path=%s).", pbuf); return r; } @@ -629,7 +659,7 @@ sc_append_file_id(&path, 0x1012); r = sc_profile_get_file_by_path(profile, &path, pukf); if (r < 0) { - sc_error(card->ctx, "Cannot find public key file info in profile."); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Cannot find public key file info in profile."); sc_file_free(*prkf); return r; } @@ -714,7 +744,7 @@ key += 5 * base; *key++ = 0; *key++ = 0; - *key++ = 0; + *key = 0; return 0; } @@ -870,33 +900,35 @@ cflex_create_domain, cflex_select_pin_reference, cflex_create_pin, - NULL, /* select_key_reference */ + NULL, /* select_key_reference */ cflex_create_key, cflex_store_key, cflex_generate_key, cryptoflex_encode_private_key, cryptoflex_encode_public_key, - NULL, /* finalize_card */ - NULL, NULL, NULL, NULL, NULL, /* old style api */ - NULL /* delete_object */ + NULL, /* finalize_card */ + NULL, /* delete_object */ + NULL, NULL, NULL, NULL, NULL, /* pkcs15init emulation */ + NULL /* sanity_check */ }; static struct sc_pkcs15init_operations sc_pkcs15init_cyberflex_operations = { cflex_erase_card, - NULL, /* init_card */ + NULL, /* init_card */ cflex_create_dir, cflex_create_domain, cflex_select_pin_reference, cflex_create_pin, - NULL, /* select_key_reference */ + NULL, /* select_key_reference */ cflex_create_key, cflex_store_key, cflex_generate_key, cyberflex_encode_private_key, cyberflex_encode_public_key, - NULL, /* finalize_card */ - NULL, NULL, NULL, NULL, NULL, /* old style api */ - NULL /* delete_object */ + NULL, /* finalize_card */ + NULL, /* delete_object */ + NULL, NULL, NULL, NULL, NULL, /* pkcs15init emulation */ + NULL /* sanity_check */ }; struct sc_pkcs15init_operations * diff -Nru opensc-0.11.13/src/pkcs15init/pkcs15-entersafe.c opensc-0.12.1/src/pkcs15init/pkcs15-entersafe.c --- opensc-0.11.13/src/pkcs15init/pkcs15-entersafe.c 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/pkcs15-entersafe.c 2011-05-17 17:07:00.000000000 +0000 @@ -15,17 +15,17 @@ */ /* Initially written by Weitao Sun (weitao@ftsafe.com) 2008*/ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #include #include #include #include -#include -#include -#include + +#include "libopensc/log.h" +#include "libopensc/opensc.h" +#include "libopensc/cardctl.h" #include "pkcs15-init.h" #include "profile.h" @@ -59,24 +59,29 @@ } } -static int entersafe_erase_card(struct sc_profile *profile, sc_card_t *card) +static int entersafe_erase_card(struct sc_profile *profile, sc_pkcs15_card_t *p15card) { - SC_FUNC_CALLED(card->ctx, 1); - return sc_card_ctl(card,SC_CARDCTL_ERASE_CARD,0); + SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE); + + if (sc_select_file(p15card->card, sc_get_mf_path(), NULL) < 0) + return SC_SUCCESS; + + return sc_card_ctl(p15card->card,SC_CARDCTL_ERASE_CARD,0); } -static int entersafe_init_card(sc_profile_t *profile, sc_card_t *card) +static int entersafe_init_card(sc_profile_t *profile, sc_pkcs15_card_t *p15card) { + struct sc_card *card = p15card->card; int ret; {/* MF */ sc_file_t *mf_file; sc_entersafe_create_data mf_data; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); ret = sc_profile_get_file(profile, "MF", &mf_file); - SC_TEST_RET(card->ctx,ret,"Get MF info failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL,ret,"Get MF info failed"); mf_data.type = SC_ENTERSAFE_MF_DATA; mf_data.data.df.file_id[0]=0x3F; @@ -92,7 +97,7 @@ sc_file_free(mf_file); ret = sc_card_ctl(card, SC_CARDCTL_ENTERSAFE_CREATE_FILE, &mf_data); - SC_TEST_RET(card->ctx,ret,"Create MF failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL,ret,"Create MF failed"); } {/* EF(DIR) */ @@ -103,7 +108,7 @@ /* get dir profile */ ret = sc_profile_get_file(profile, "dir", &dir_file); - SC_TEST_RET(card->ctx,ret,"Get EF(DIR) info failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL,ret,"Get EF(DIR) info failed"); fid=dir_file->id; size=dir_file->size; sc_file_free(dir_file); @@ -120,30 +125,31 @@ memset(ef_data.data.ef.sm,0x00,sizeof(ef_data.data.ef.sm)); ret = sc_card_ctl(card, SC_CARDCTL_ENTERSAFE_CREATE_FILE, &ef_data); - SC_TEST_RET(card->ctx,ret,"Create EF(DIR) failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL,ret,"Create EF(DIR) failed"); /* fill file by 0 */ buff = calloc(1,size); if(!buff) - SC_FUNC_RETURN(card->ctx,4,SC_SUCCESS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,SC_SUCCESS); memset(buff,0,size); ret = sc_update_binary(card,0,buff,size,0); free(buff); - SC_TEST_RET(card->ctx,ret,"Initialize EF(DIR) failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL,ret,"Initialize EF(DIR) failed"); } - SC_FUNC_RETURN(card->ctx,4,SC_SUCCESS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,SC_SUCCESS); } -static int entersafe_create_dir(sc_profile_t *profile, sc_card_t *card, +static int entersafe_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df) { + struct sc_card *card = p15card->card; int ret; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); {/* df */ sc_entersafe_create_data df_data; @@ -161,7 +167,7 @@ memcpy(df_data.data.df.aid,df->name,df->namelen); ret = sc_card_ctl(card, SC_CARDCTL_ENTERSAFE_CREATE_FILE, &df_data); - SC_TEST_RET(card->ctx,ret,"Crate DF failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL,ret,"Crate DF failed"); } {/* GPKF */ @@ -170,7 +176,7 @@ /* get p15_gpkf profile */ ret = sc_profile_get_file(profile, "p15_gpkf", &gpkf_file); - SC_TEST_RET(card->ctx,ret,"Get GPKF info failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL,ret,"Get GPKF info failed"); ef_data.type=SC_ENTERSAFE_EF_DATA; ef_data.data.ef.file_id[0]=(gpkf_file->id>>8)&0xFF; @@ -186,11 +192,11 @@ sc_file_free(gpkf_file); ret = sc_card_ctl(card, SC_CARDCTL_ENTERSAFE_CREATE_FILE, &ef_data); - SC_TEST_RET(card->ctx,ret,"Create GPKF failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL,ret,"Create GPKF failed"); } {/* p15 efs */ - char* create_efs[]={ + const char * create_efs[]={ "PKCS15-ODF", "PKCS15-TokenInfo", "PKCS15-UnusedSpace", @@ -207,8 +213,8 @@ for(i = 0; create_efs[i]; ++i) { if (sc_profile_get_file(profile, create_efs[i], &file)) { - sc_error(card->ctx, "Inconsistent profile: cannot find %s", create_efs[i]); - SC_FUNC_RETURN(card->ctx,4,SC_ERROR_INCONSISTENT_PROFILE); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Inconsistent profile: cannot find %s", create_efs[i]); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,SC_ERROR_INCONSISTENT_PROFILE); } tmp.type=SC_ENTERSAFE_EF_DATA; @@ -227,39 +233,40 @@ sc_file_free(file); ret = sc_card_ctl(card, SC_CARDCTL_ENTERSAFE_CREATE_FILE, &tmp); - SC_TEST_RET(card->ctx,ret,"Create pkcs15 file failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL,ret,"Create pkcs15 file failed"); } } {/* Preinstall keys */ ret = sc_card_ctl(card, SC_CARDCTL_ENTERSAFE_PREINSTALL_KEYS, 0); - SC_TEST_RET(card->ctx,ret,"Preinstall keys failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL,ret,"Preinstall keys failed"); } - SC_FUNC_RETURN(card->ctx,4,ret); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,ret); } -static int entersafe_pin_reference(sc_profile_t *profile, sc_card_t *card, +static int entersafe_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_pin_info_t *pin_info) { - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE); if (pin_info->reference < ENTERSAFE_USER_PIN_ID) pin_info->reference = ENTERSAFE_USER_PIN_ID; if(pin_info->reference>ENTERSAFE_USER_PIN_ID) return SC_ERROR_TOO_MANY_OBJECTS; - SC_FUNC_RETURN(card->ctx,4,SC_SUCCESS); + SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE,SC_SUCCESS); } -static int entersafe_create_pin(sc_profile_t *profile, sc_card_t *card, +static int entersafe_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df, sc_pkcs15_object_t *pin_obj, const unsigned char *pin, size_t pin_len, const unsigned char *puk, size_t puk_len) { + struct sc_card *card = p15card->card; int r; sc_pkcs15_pin_info_t *pin_info = (sc_pkcs15_pin_info_t *) pin_obj->data; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); {/*pin*/ sc_entersafe_wkey_data data; @@ -277,6 +284,10 @@ data.key_data.symmetric.key_len=16; r = sc_card_ctl(card, SC_CARDCTL_ENTERSAFE_WRITE_KEY, &data); + if (pin_obj) { + /* Cache new PIN value. */ + sc_pkcs15_pincache_add(p15card, pin_obj, pin, pin_len); + } } {/*puk*/ @@ -298,58 +309,54 @@ } - SC_FUNC_RETURN(card->ctx,4,r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,r); } -static int entersafe_key_reference(sc_profile_t *profile, sc_card_t *card, +static int entersafe_key_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_prkey_info_t *prkey) { - struct sc_file *df = profile->df_info->file; - - SC_FUNC_CALLED(card->ctx, 1); - + SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE); if (prkey->key_reference < ENTERSAFE_MIN_KEY_ID) prkey->key_reference = ENTERSAFE_MIN_KEY_ID; if (prkey->key_reference > ENTERSAFE_MAX_KEY_ID) return SC_ERROR_TOO_MANY_OBJECTS; - - prkey->path = df->path; - SC_FUNC_RETURN(card->ctx,4,SC_SUCCESS); + SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE,SC_SUCCESS); } -static int entersafe_create_key(sc_profile_t *profile, sc_card_t *card, +static int entersafe_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_object_t *obj) { - SC_FUNC_CALLED(card->ctx, 1); - SC_FUNC_RETURN(card->ctx,4,SC_SUCCESS); + SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE); + SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE,SC_SUCCESS); } -static int entersafe_store_key(sc_profile_t *profile, sc_card_t *card, +static int entersafe_store_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_object_t *obj, sc_pkcs15_prkey_t *key) { sc_pkcs15_prkey_info_t *kinfo = (sc_pkcs15_prkey_info_t *) obj->data; + sc_card_t *card = p15card->card; sc_entersafe_wkey_data data; sc_file_t *tfile; const sc_acl_entry_t *acl_entry; int r; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); if (key->algorithm != SC_ALGORITHM_RSA) /* ignore DSA keys */ - SC_FUNC_RETURN(card->ctx,4,SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,SC_ERROR_INVALID_ARGUMENTS); r = sc_profile_get_file(profile, "PKCS15-AODF", &tfile); if (r < 0) return r; acl_entry = sc_file_get_acl_entry(tfile, SC_AC_OP_UPDATE); if (acl_entry->method != SC_AC_NONE) { - r = sc_pkcs15init_authenticate(profile, card, tfile, SC_AC_OP_UPDATE); + r = sc_pkcs15init_authenticate(profile, p15card, tfile, SC_AC_OP_UPDATE); if(r<0) r = SC_ERROR_SECURITY_STATUS_NOT_SATISFIED; } sc_file_free(tfile); - SC_TEST_RET(card->ctx, r, "cant verify pin"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "cant verify pin"); data.key_id = (u8) kinfo->key_reference; data.usage=0x22; @@ -357,16 +364,17 @@ return sc_card_ctl(card, SC_CARDCTL_ENTERSAFE_WRITE_KEY, &data); } -static int entersafe_generate_key(sc_profile_t *profile, sc_card_t *card, +static int entersafe_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_object_t *obj, sc_pkcs15_pubkey_t *pubkey) { int r; sc_entersafe_gen_key_data gendat; sc_pkcs15_prkey_info_t *kinfo = (sc_pkcs15_prkey_info_t *) obj->data; + sc_card_t *card = p15card->card; sc_file_t *tfile; const sc_acl_entry_t *acl_entry; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) return SC_ERROR_NOT_SUPPORTED; @@ -376,19 +384,19 @@ return r; acl_entry = sc_file_get_acl_entry(tfile, SC_AC_OP_UPDATE); if (acl_entry->method != SC_AC_NONE) { - r = sc_pkcs15init_authenticate(profile, card, tfile, SC_AC_OP_UPDATE); + r = sc_pkcs15init_authenticate(profile, p15card, tfile, SC_AC_OP_UPDATE); if(r<0) r = SC_ERROR_SECURITY_STATUS_NOT_SATISFIED; } sc_file_free(tfile); - SC_TEST_RET(card->ctx, r, "cant verify pin"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "cant verify pin"); /* generate key pair */ gendat.key_id = (u8) kinfo->key_reference; gendat.key_length = (size_t) kinfo->modulus_length; gendat.modulus = NULL; r = sc_card_ctl(card, SC_CARDCTL_ENTERSAFE_GENERATE_KEY, &gendat); - SC_TEST_RET(card->ctx, r, "EnterSafe generate RSA key pair failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "EnterSafe generate RSA key pair failed"); /* get the modulus via READ PUBLIC KEY */ if (pubkey) { @@ -398,7 +406,7 @@ rsa->modulus.data = gendat.modulus; rsa->modulus.len = kinfo->modulus_length >> 3; /* set the exponent (always 0x10001) */ - buf = (u8 *) malloc(3); + buf = malloc(3); if (!buf) return SC_ERROR_OUT_OF_MEMORY; buf[0] = 0x01; @@ -412,7 +420,50 @@ /* free public key */ free(gendat.modulus); - SC_FUNC_RETURN(card->ctx,4,SC_SUCCESS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,SC_SUCCESS); +} + + +static int entersafe_sanity_check(sc_profile_t *profile, sc_pkcs15_card_t *p15card) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_pin_info profile_pin; + struct sc_pkcs15_object *objs[32]; + int rv, nn, ii, update_df = 0; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Check and if needed update PinFlags"); + rv = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_AUTH_PIN, objs, 32); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to get PINs"); + nn = rv; + + sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PIN, &profile_pin); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to get PIN info"); + + for (ii=0; iidata; + + if (pinfo->reference == profile_pin.reference && pinfo->flags != profile_pin.flags) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Set flags of '%s'(flags:%X,ref:%i,id:%s) to %X", objs[ii]->label, + pinfo->flags, pinfo->reference, sc_pkcs15_print_id(&pinfo->auth_id), + profile_pin.flags); + pinfo->flags = profile_pin.flags; + update_df = 1; + } + } + if (update_df) { + struct sc_pkcs15_df *df = p15card->df_list; + + while (df != NULL && df->type != SC_PKCS15_AODF) + df = df->next; + if (!df) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OBJECT_NOT_FOUND, "Cannot find AODF"); + rv = sc_pkcs15init_update_any_df(p15card, profile, df, 0); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Update AODF error"); + } + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, rv); } static struct sc_pkcs15init_operations sc_pkcs15init_entersafe_operations = { @@ -428,8 +479,9 @@ entersafe_generate_key, NULL, NULL, /* encode private/public key */ NULL, /* finalize */ - NULL, NULL, NULL, NULL, NULL, /* old style api */ - NULL /* delete_object */ + NULL, /* delete_object */ + NULL, NULL, NULL, NULL, NULL, /* pkcs15init emulation */ + entersafe_sanity_check, }; struct sc_pkcs15init_operations *sc_pkcs15init_get_entersafe_ops(void) diff -Nru opensc-0.11.13/src/pkcs15init/pkcs15-gpk.c opensc-0.12.1/src/pkcs15init/pkcs15-gpk.c --- opensc-0.11.13/src/pkcs15init/pkcs15-gpk.c 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/pkcs15-gpk.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,9 +18,8 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #include #include @@ -29,10 +28,11 @@ #ifdef HAVE_UNISTD_H #include #endif -#include -#include -#include -#include + +#include "libopensc/opensc.h" +#include "libopensc/cardctl.h" +#include "libopensc/cards.h" +#include "libopensc/log.h" #include "pkcs15-init.h" #include "profile.h" @@ -77,17 +77,17 @@ /* * Local functions */ -static int gpk_pkfile_create(sc_profile_t *, sc_card_t *, sc_file_t *); +static int gpk_pkfile_create(sc_profile_t *, sc_pkcs15_card_t *, sc_file_t *); static int gpk_encode_rsa_key(sc_profile_t *, sc_card_t *, struct sc_pkcs15_prkey_rsa *, struct pkdata *, struct sc_pkcs15_prkey_info *); static int gpk_encode_dsa_key(sc_profile_t *, sc_card_t *, struct sc_pkcs15_prkey_dsa *, struct pkdata *, struct sc_pkcs15_prkey_info *); -static int gpk_store_pk(struct sc_profile *, sc_card_t *, +static int gpk_store_pk(struct sc_profile *, sc_pkcs15_card_t *, sc_file_t *, struct pkdata *); -static int gpk_init_pinfile(sc_profile_t *, sc_card_t *, sc_file_t *); -static int gpk_pkfile_init_public(sc_profile_t *, sc_card_t *, +static int gpk_init_pinfile(sc_profile_t *, sc_pkcs15_card_t *, sc_file_t *); +static int gpk_pkfile_init_public(sc_profile_t *, sc_pkcs15_card_t *, sc_file_t *, unsigned int, unsigned int, unsigned int); static int gpk_pkfile_init_private(sc_card_t *, sc_file_t *, unsigned int); static int gpk_read_rsa_key(sc_card_t *, struct sc_pkcs15_pubkey_rsa *); @@ -97,18 +97,18 @@ * Erase the card */ static int -gpk_erase_card(struct sc_profile *pro, sc_card_t *card) +gpk_erase_card(struct sc_profile *pro, sc_pkcs15_card_t *p15card) { int locked; - if (sc_card_ctl(card, SC_CARDCTL_GPK_IS_LOCKED, &locked) == 0 + if (sc_card_ctl(p15card->card, SC_CARDCTL_GPK_IS_LOCKED, &locked) == 0 && locked) { - sc_error(card->ctx, + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "This card is already personalized, unable to " "create PKCS#15 structure."); return SC_ERROR_NOT_SUPPORTED; } - return sc_card_ctl(card, SC_CARDCTL_ERASE_CARD, NULL); + return sc_card_ctl(p15card->card, SC_CARDCTL_ERASE_CARD, NULL); } /* @@ -116,21 +116,22 @@ * This will usually be the application DF */ static int -gpk_create_dir(sc_profile_t *profile, sc_card_t *card, sc_file_t *df) +gpk_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df) { struct sc_file *pinfile; - int r, locked, i; + int r, locked; - if (sc_card_ctl(card, SC_CARDCTL_GPK_IS_LOCKED, &locked) == 0 - && locked) { - sc_error(card->ctx, + SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE); + if (sc_card_ctl(p15card->card, SC_CARDCTL_GPK_IS_LOCKED, &locked) == 0 + && locked) { + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "This card is already personalized, unable to " "create PKCS#15 structure."); return SC_ERROR_NOT_SUPPORTED; } /* Create the DF. */ - r = sc_pkcs15init_create_file(profile, card, df); + r = sc_pkcs15init_create_file(profile, p15card, df); if (r < 0) return r; @@ -142,27 +143,30 @@ pinfile->path = df->path; sc_append_file_id(&pinfile->path, pinfile->id); - r = gpk_init_pinfile(profile, card, pinfile); + r = gpk_init_pinfile(profile, p15card, pinfile); sc_file_free(pinfile); if (r < 0) return r; + /* TODO: What for it was used ? for (i = 0; i < GPK_MAX_PINS; i++) - sc_keycache_put_pin(&df->path, GPK_PIN_SCOPE|i, (const u8 *) " "); + * sc_keycache_put_pin(&df->path, GPK_PIN_SCOPE|i, (const u8 *) " "); + */ } - return r; + SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r); } /* * Select a PIN reference */ static int -gpk_select_pin_reference(sc_profile_t *profile, sc_card_t *card, +gpk_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_pin_info_t *pin_info) { int preferred, current; + SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE); if ((current = pin_info->reference) < 0) current = 0; @@ -182,31 +186,28 @@ if (current > preferred) return SC_ERROR_TOO_MANY_OBJECTS; pin_info->reference = preferred; - return 0; + SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, 0); } /* * Store a PIN */ static int -gpk_create_pin(sc_profile_t *profile, sc_card_t *card, sc_file_t *df, +gpk_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df, sc_pkcs15_object_t *pin_obj, const u8 *pin, size_t pin_len, const u8 *puk, size_t puk_len) { sc_pkcs15_pin_info_t *pin_info = (sc_pkcs15_pin_info_t *) pin_obj->data; u8 nulpin[8]; - int r, type; + int r; + SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE); if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) { - type = SC_PKCS15INIT_SO_PIN; - /* SO PIN reference must be 0 */ if (pin_info->reference != (GPK_PIN_SCOPE | 0)) return SC_ERROR_INVALID_ARGUMENTS; } else { - type = SC_PKCS15INIT_USER_PIN; - /* PIN references must be even numbers * (the odd numbered PIN entries contain the * PUKs). @@ -229,32 +230,31 @@ puk_len = pin_len; } - r = sc_select_file(card, &df->path, NULL); + r = sc_select_file(p15card->card, &df->path, NULL); + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "select df path: %i", r); if (r < 0) return r; /* Current PIN is 00:00:00:00:00:00:00:00 */ memset(nulpin, 0, sizeof(nulpin)); - r = sc_change_reference_data(card, SC_AC_CHV, + r = sc_change_reference_data(p15card->card, SC_AC_CHV, pin_info->reference, nulpin, sizeof(nulpin), pin, pin_len, NULL); + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "change CHV %i", r); if (r < 0) return r; /* Current PUK is 00:00:00:00:00:00:00:00 */ - r = sc_change_reference_data(card, SC_AC_CHV, + r = sc_change_reference_data(p15card->card, SC_AC_CHV, pin_info->reference + 1, nulpin, sizeof(nulpin), puk, puk_len, NULL); + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "change CHV+1 %i", r); if (r < 0) return r; - sc_keycache_set_pin_name(&df->path, - pin_info->reference, - type); - - return r; + SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r); } @@ -275,36 +275,37 @@ * Lock the pin file */ static int -gpk_lock_pinfile(struct sc_profile *profile, sc_card_t *card, +gpk_lock_pinfile(struct sc_profile *profile, sc_pkcs15_card_t *p15card, sc_file_t *pinfile) { struct sc_path path; struct sc_file *parent = NULL; int r; + SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE); /* Select the parent DF */ path = pinfile->path; if (path.len >= 2) path.len -= 2; if (path.len == 0) sc_format_path("3F00", &path); - if ((r = sc_select_file(card, &path, &parent)) < 0) + if ((r = sc_select_file(p15card->card, &path, &parent)) < 0) return r; /* Present PINs etc as necessary */ - r = sc_pkcs15init_authenticate(profile, card, parent, SC_AC_OP_LOCK); + r = sc_pkcs15init_authenticate(profile, p15card, parent, SC_AC_OP_LOCK); if (r >= 0) - r = gpk_lock(card, pinfile, SC_AC_OP_WRITE); + r = gpk_lock(p15card->card, pinfile, SC_AC_OP_WRITE); sc_file_free(parent); - return r; + SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r); } /* * Initialize pin file */ static int -gpk_init_pinfile(struct sc_profile *profile, sc_card_t *card, +gpk_init_pinfile(struct sc_profile *profile, sc_pkcs15_card_t *p15card, sc_file_t *file) { const sc_acl_entry_t *acl; @@ -314,6 +315,7 @@ unsigned int npins, i, j, cks; int r; + SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE); /* Set defaults */ so_attempts[0] = sc_profile_get_pin_retries(profile, SC_PKCS15INIT_SO_PIN); so_attempts[1] = sc_profile_get_pin_retries(profile, SC_PKCS15INIT_SO_PUK); @@ -327,7 +329,7 @@ /* Create the PIN file. */ acl = sc_file_get_acl_entry(pinfile, SC_AC_OP_WRITE); if (acl->method != SC_AC_NEVER) { - sc_error(card->ctx, + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "PIN file most be protected by WRITE=NEVER"); sc_file_free(pinfile); return SC_ERROR_INVALID_ARGUMENTS; @@ -337,10 +339,12 @@ if (pinfile->size == 0) pinfile->size = GPK_MAX_PINS * 8; + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "Now create file"); /* Now create the file */ - if ((r = sc_pkcs15init_create_file(profile, card, pinfile)) < 0 - || (r = sc_select_file(card, &pinfile->path, NULL)) < 0) + if ((r = sc_pkcs15init_create_file(profile, p15card, pinfile)) < 0 + || (r = sc_select_file(p15card->card, &pinfile->path, NULL)) < 0) { goto out; + } /* Set up the PIN file contents. * We assume the file will contain pairs of PINs/PUKs */ @@ -368,19 +372,19 @@ blk[3] = ~cks; } - r = sc_write_binary(card, 0, buffer, npins * 8, 0); + r = sc_write_binary(p15card->card, 0, buffer, npins * 8, 0); if (r >= 0) - r = gpk_lock_pinfile(profile, card, pinfile); + r = gpk_lock_pinfile(profile, p15card, pinfile); out: sc_file_free(pinfile); - return r; + SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r); } /* * Create a key file */ static int -gpk_create_key(sc_profile_t *profile, sc_card_t *card, sc_pkcs15_object_t *obj) +gpk_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_object_t *obj) { sc_pkcs15_prkey_info_t *key_info = (sc_pkcs15_prkey_info_t *) obj->data; struct sc_file *keyfile = NULL; @@ -423,25 +427,25 @@ case SC_PKCS15_TYPE_PRKEY_DSA: algo = SC_ALGORITHM_DSA; break; default: - sc_error(card->ctx, "Unsupported public key algorithm"); + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "Unsupported public key algorithm"); return SC_ERROR_NOT_SUPPORTED; } /* Fix up PIN references in file ACL and create the PK file */ - if ((r = sc_pkcs15init_fixup_file(profile, keyfile)) < 0 - || (r = gpk_pkfile_create(profile, card, keyfile)) < 0) + if ((r = sc_pkcs15init_fixup_file(profile, p15card, keyfile)) < 0 + || (r = gpk_pkfile_create(profile, p15card, keyfile)) < 0) goto done; #ifdef PK_INIT_IMMEDIATELY /* Initialize the public key header */ - r = gpk_pkfile_init_public(profile, card, keyfile, algo, + r = gpk_pkfile_init_public(profile, p15card, keyfile, algo, key_info->modulus_length, key_info->usage); if (r < 0) goto done; /* Create the private key portion */ - r = gpk_pkfile_init_private(card, keyfile, prv_len); + r = gpk_pkfile_init_private(p15card->card, keyfile, prv_len); #endif done: @@ -454,7 +458,7 @@ * Store a private key */ static int -gpk_store_key(sc_profile_t *profile, sc_card_t *card, +gpk_store_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_object_t *obj, struct sc_pkcs15_prkey *key) { sc_pkcs15_prkey_info_t *key_info = (sc_pkcs15_prkey_info_t *) obj->data; @@ -467,18 +471,18 @@ return SC_ERROR_INVALID_ARGUMENTS; /* Get the file we're supposed to create */ - r = sc_select_file(card, &key_info->path, &keyfile); + r = sc_select_file(p15card->card, &key_info->path, &keyfile); if (r < 0) return r; switch (key->algorithm) { case SC_ALGORITHM_RSA: - r = gpk_encode_rsa_key(profile, card, &key->u.rsa, + r = gpk_encode_rsa_key(profile, p15card->card, &key->u.rsa, &data, key_info); break; case SC_ALGORITHM_DSA: - r = gpk_encode_dsa_key(profile, card, &key->u.dsa, + r = gpk_encode_dsa_key(profile, p15card->card, &key->u.dsa, &data, key_info); break; default: @@ -486,7 +490,7 @@ } if (r >= 0) - r = gpk_store_pk(profile, card, keyfile, &data); + r = gpk_store_pk(profile, p15card, keyfile, &data); if (keyfile) sc_file_free(keyfile); @@ -497,7 +501,7 @@ * On-board key generation. */ static int -gpk_generate_key(sc_profile_t *profile, sc_card_t *card, +gpk_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_object_t *obj, sc_pkcs15_pubkey_t *pubkey) { @@ -507,19 +511,11 @@ sc_file_t *keyfile; int r, n; - if (card->ctx->debug >= 1) { - char pbuf[SC_MAX_PATH_STRING_SIZE]; - - r = sc_path_print(pbuf, sizeof(pbuf), &key_info->path); - if (r != SC_SUCCESS) - pbuf[0] = '\0'; - - sc_debug(card->ctx, "path=%s, %d bits\n", pbuf, + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "path=%s, %d bits\n", sc_print_path(&key_info->path), key_info->modulus_length); - } if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) { - sc_error(card->ctx, "GPK supports generating only RSA keys."); + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "GPK supports generating only RSA keys."); return SC_ERROR_NOT_SUPPORTED; } @@ -528,18 +524,18 @@ return SC_ERROR_INVALID_ARGUMENTS; keybits = key_info->modulus_length; - if ((r = sc_select_file(card, &key_info->path, &keyfile)) < 0) + if ((r = sc_select_file(p15card->card, &key_info->path, &keyfile)) < 0) return r; #ifndef PK_INIT_IMMEDIATELY - r = gpk_pkfile_init_public(profile, card, keyfile, SC_ALGORITHM_RSA, + r = gpk_pkfile_init_public(profile, p15card, keyfile, SC_ALGORITHM_RSA, keybits, key_info->usage); if (r < 0) { sc_file_free(keyfile); return r; } - if ((r = gpk_pkfile_init_private(card, keyfile, 5 * ((3 + keybits / 16 + 7) & ~7UL))) < 0) { + if ((r = gpk_pkfile_init_private(p15card->card, keyfile, 5 * ((3 + keybits / 16 + 7) & ~7UL))) < 0) { sc_file_free(keyfile); return r; } @@ -552,7 +548,7 @@ args.fid = (key_info->path.value[n-2] << 8) | key_info->path.value[n-1]; args.privlen = keybits; - r = sc_card_ctl(card, SC_CARDCTL_GPK_GENERATE_KEY, &args); + r = sc_card_ctl(p15card->card, SC_CARDCTL_GPK_GENERATE_KEY, &args); if (r < 0) return r; @@ -562,7 +558,7 @@ sleep(20); pubkey->algorithm = SC_ALGORITHM_RSA; - return gpk_read_rsa_key(card, &pubkey->u.rsa); + return gpk_read_rsa_key(p15card->card, &pubkey->u.rsa); } /* @@ -574,25 +570,23 @@ * XXX: Handle the UPDATE ACL = NEVER case just like for EFsc files */ static int -gpk_pkfile_create(sc_profile_t *profile, sc_card_t *card, sc_file_t *file) +gpk_pkfile_create(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *file) { struct sc_file *found = NULL; int r; - sc_ctx_suppress_errors_on(card->ctx); - r = sc_select_file(card, &file->path, &found); - sc_ctx_suppress_errors_off(card->ctx); + r = sc_select_file(p15card->card, &file->path, &found); if (r == SC_ERROR_FILE_NOT_FOUND) { - r = sc_pkcs15init_create_file(profile, card, file); + r = sc_pkcs15init_create_file(profile, p15card, file); if (r >= 0) - r = sc_select_file(card, &file->path, &found); + r = sc_select_file(p15card->card, &file->path, &found); } else { /* XXX: make sure the file has correct type and size? */ } if (r >= 0) - r = sc_pkcs15init_authenticate(profile, card, - file, SC_AC_OP_UPDATE); + r = sc_pkcs15init_authenticate(profile, p15card, file, + SC_AC_OP_UPDATE); if (found) sc_file_free(found); @@ -624,10 +618,11 @@ * Set up the public key record for a signature only public key */ static int -gpk_pkfile_init_public(sc_profile_t *profile, sc_card_t *card, sc_file_t *file, +gpk_pkfile_init_public(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *file, unsigned int algo, unsigned int bits, unsigned int usage) { + struct sc_context *ctx = p15card->card->ctx; const sc_acl_entry_t *acl; sc_file_t *tmp = NULL; u8 sysrec[7], buffer[256]; @@ -635,7 +630,7 @@ int r, card_type; /* Find out what sort of GPK we're using */ - if ((r = sc_card_ctl(card, SC_CARDCTL_GPK_VARIANT, &card_type)) < 0) + if ((r = sc_card_ctl(p15card->card, SC_CARDCTL_GPK_VARIANT, &card_type)) < 0) return r; /* Set up the system record */ @@ -657,7 +652,7 @@ if (usage & (SC_PKCS15_PRKEY_USAGE_SIGN|SC_PKCS15_PRKEY_USAGE_NONREPUDIATION)) sysrec[2] &= ~0x20; if (sysrec[2] == 0x30) { - sc_error(card->ctx, "Key usage should specify at least one of sign or decipher"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Key usage should specify at least one of sign or decipher"); return SC_ERROR_INVALID_ARGUMENTS; } @@ -673,7 +668,7 @@ if (r < 0) return r; /* Fix up PIN references in file ACL */ - if ((r = sc_pkcs15init_fixup_file(profile, tmp)) < 0) + if ((r = sc_pkcs15init_fixup_file(profile, p15card, tmp)) < 0) goto out; acl = sc_file_get_acl_entry(tmp, SC_AC_OP_CRYPTO); @@ -682,15 +677,13 @@ || acl->method == SC_AC_NEVER) continue; if (acl->method != SC_AC_CHV) { - sc_error(card->ctx, - "Authentication method not " + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Authentication method not " "supported for private key files.\n"); r = SC_ERROR_NOT_SUPPORTED; goto out; } if (++npins >= 2) { - sc_error(card->ctx, - "Too many pins for PrKEY file!\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Too many pins for PrKEY file!\n"); r = SC_ERROR_NOT_SUPPORTED; goto out; } @@ -711,21 +704,18 @@ for (n = 0; n < 6; n++) sysrec[6] ^= sysrec[n]; - sc_ctx_suppress_errors_on(card->ctx); - r = sc_read_record(card, 1, buffer, sizeof(buffer), + r = sc_read_record(p15card->card, 1, buffer, sizeof(buffer), SC_RECORD_BY_REC_NR); - sc_ctx_suppress_errors_off(card->ctx); if (r >= 0) { if (r != 7 || buffer[0] != 0) { - sc_error(card->ctx, - "first record of public key file is not Lsys0"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "first record of public key file is not Lsys0"); return SC_ERROR_OBJECT_NOT_VALID; } - r = sc_update_record(card, 1, sysrec, sizeof(sysrec), + r = sc_update_record(p15card->card, 1, sysrec, sizeof(sysrec), SC_RECORD_BY_REC_NR); } else { - r = sc_append_record(card, sysrec, sizeof(sysrec), 0); + r = sc_append_record(p15card->card, sysrec, sizeof(sysrec), 0); } out: if (tmp) @@ -735,22 +725,20 @@ static int gpk_pkfile_update_public(struct sc_profile *profile, - sc_card_t *card, struct pkpart *part) + sc_pkcs15_card_t *p15card, struct pkpart *part) { + struct sc_context *ctx = p15card->card->ctx; struct pkcomp *pe; unsigned char buffer[256]; unsigned int m, n, tag; int r = 0, found; - if (card->ctx->debug > 1) - sc_debug(card->ctx, "Updating public key elements\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Updating public key elements\n"); /* If we've been given a key with public parts, write them now */ for (n = 2; n < 256; n++) { - sc_ctx_suppress_errors_on(card->ctx); - r = sc_read_record(card, n, buffer, sizeof(buffer), + r = sc_read_record(p15card->card, n, buffer, sizeof(buffer), SC_RECORD_BY_REC_NR); - sc_ctx_suppress_errors_off(card->ctx); if (r < 0) { r = 0; break; @@ -758,8 +746,7 @@ /* Check for bad record */ if (r < 2) { - sc_error(card->ctx, - "key file format error: " + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "key file format error: " "record %u too small (%u bytes)\n", n, r); return SC_ERROR_OBJECT_NOT_VALID; @@ -770,7 +757,7 @@ for (m = 0, found = 0; m < part->count; m++) { pe = part->components + m; if (pe->tag == tag) { - r = sc_update_record(card, n, + r = sc_update_record(p15card->card, n, pe->data, pe->size, SC_RECORD_BY_REC_NR); if (r < 0) @@ -781,15 +768,15 @@ } } - if (!found && card->ctx->debug) - sc_debug(card->ctx, "GPK unknown PK tag %u\n", tag); + if (!found) + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "GPK unknown PK tag %u\n", tag); } /* Write all remaining elements */ for (m = 0; r >= 0 && m < part->count; m++) { pe = part->components + m; if (pe->tag != 0) - r = sc_append_record(card, pe->data, pe->size, 0); + r = sc_append_record(p15card->card, pe->data, pe->size, 0); } return r; @@ -821,7 +808,7 @@ static int gpk_pkfile_update_private(struct sc_profile *profile, - sc_card_t *card, sc_file_t *file, + sc_pkcs15_card_t *p15card, sc_file_t *file, struct pkpart *part) { unsigned int m, size, nb, cks; @@ -829,8 +816,7 @@ u8 data[256]; int r = 0; - if (card->ctx->debug > 1) - sc_debug(card->ctx, "Updating private key elements\n"); + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "Updating private key elements\n"); for (m = 0; m < part->count; m++) { pe = part->components + m; @@ -843,7 +829,7 @@ /* We must set a secure messaging key before each * Load Private Key command. Any key will do... * The GPK _is_ weird. */ - r = sc_pkcs15init_verify_key(profile, card, NULL, SC_AC_PRO, 1); + r = sc_pkcs15init_verify_secret(profile, p15card, NULL, SC_AC_PRO, 1); if (r < 0) break; @@ -857,10 +843,9 @@ while (nb & 7) data[nb++] = 0; - r = gpk_pkfile_load_private(card, file, data, size-1, nb); + r = gpk_pkfile_load_private(p15card->card, file, data, size-1, nb); if (r < 0) break; - pe++; } return r; } @@ -925,7 +910,7 @@ memset(comp, 0, sizeof(*comp)); comp->tag = tag; comp->size = size + 1; - comp->data = (u8 *) malloc(size + 1); + comp->data = malloc(size + 1); /* Add the tag */ comp->data[0] = tag; @@ -941,7 +926,7 @@ sc_pkcs15_prkey_info_t *info) { if (!rsa->modulus.len || !rsa->exponent.len) { - sc_error(card->ctx, + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "incomplete RSA public key"); return SC_ERROR_INVALID_ARGUMENTS; } @@ -950,7 +935,7 @@ * the only exponent supported by GPK4000 and GPK8000 */ if (rsa->exponent.len != 3 || memcmp(rsa->exponent.data, "\001\000\001", 3)) { - sc_error(card->ctx, + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "unsupported RSA exponent"); return SC_ERROR_INVALID_ARGUMENTS; } @@ -969,7 +954,7 @@ if (!rsa->p.len || !rsa->q.len || !rsa->dmp1.len || !rsa->dmq1.len || !rsa->iqmp.len) { /* No or incomplete CRT information */ if (!rsa->d.len) { - sc_error(card->ctx, + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "incomplete RSA private key"); return SC_ERROR_INVALID_ARGUMENTS; } @@ -980,7 +965,7 @@ unsigned int K = p->bytes / 2; u8 *crtbuf; - crtbuf = (u8 *) malloc(5 * K + 1); + crtbuf = malloc(5 * K + 1); crtbuf[0] = 0x05; gpk_bn2bin(crtbuf + 1 + 0 * K, &rsa->p, K); @@ -1019,7 +1004,7 @@ { if (!dsa->p.len || !dsa->q.len || !dsa->g.len || !dsa->pub.len || !dsa->priv.len) { - sc_error(card->ctx, + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "incomplete DSA public key"); return SC_ERROR_INVALID_ARGUMENTS; } @@ -1038,7 +1023,7 @@ p->bits = 1024; p->bytes = 128; } else { - sc_error(card->ctx, + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "incompatible DSA key size (%u bits)", p->bits); return SC_ERROR_INVALID_ARGUMENTS; } @@ -1056,9 +1041,10 @@ } static int -gpk_store_pk(struct sc_profile *profile, sc_card_t *card, +gpk_store_pk(struct sc_profile *profile, sc_pkcs15_card_t *p15card, sc_file_t *file, struct pkdata *p) { + struct sc_context *ctx = p15card->card->ctx; size_t fsize; int r; @@ -1066,9 +1052,7 @@ gpk_compute_publen(&p->_public); gpk_compute_privlen(&p->_private); - if (card->ctx->debug) - sc_debug(card->ctx, - "Storing pk: %u bits, pub %u bytes, priv %u bytes\n", + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Storing pk: %u bits, pub %u bytes, priv %u bytes\n", p->bits, p->_public.size, p->_private.size); fsize = p->_public.size + p->_private.size; @@ -1077,26 +1061,26 @@ /* Put the system record */ #ifndef PK_INIT_IMMEDIATELY - r = gpk_pkfile_init_public(profile, card, file, p->algo, + r = gpk_pkfile_init_public(profile, p15card, file, p->algo, p->bits, p->usage); if (r < 0) return r; #endif /* Put the public key elements */ - r = gpk_pkfile_update_public(profile, card, &p->_public); + r = gpk_pkfile_update_public(profile, p15card, &p->_public); if (r < 0) return r; /* Create the private key part */ #ifndef PK_INIT_IMMEDIATELY - r = gpk_pkfile_init_private(card, file, p->_private.size); + r = gpk_pkfile_init_private(p15card->card, file, p->_private.size); if (r < 0) return r; #endif /* Now store the private key elements */ - r = gpk_pkfile_update_private(profile, card, file, &p->_private); + r = gpk_pkfile_update_private(profile, p15card, file, &p->_private); return r; } @@ -1112,10 +1096,8 @@ u8 buffer[256]; size_t m; - sc_ctx_suppress_errors_on(card->ctx); r = sc_read_record(card, n, buffer, sizeof(buffer), SC_RECORD_BY_REC_NR); - sc_ctx_suppress_errors_off(card->ctx); if (r < 1) break; @@ -1126,7 +1108,7 @@ else continue; bn->len = r - 1; - bn->data = (u8 *) malloc(bn->len); + bn->data = malloc(bn->len); for (m = 0; m < bn->len; m++) bn->data[m] = buffer[bn->len - m]; } @@ -1147,8 +1129,9 @@ gpk_generate_key, NULL, NULL, /* encode private/public key */ NULL, /* finalize_card */ - NULL, NULL, NULL, NULL, NULL, /* old style api */ - NULL /* delete_object */ + NULL, /* delete_object */ + NULL, NULL, NULL, NULL, NULL, /* pkcs15init emulation */ + NULL /* sanity_check */ }; struct sc_pkcs15init_operations *sc_pkcs15init_get_gpk_ops(void) diff -Nru opensc-0.11.13/src/pkcs15init/pkcs15-iasecc.c opensc-0.12.1/src/pkcs15init/pkcs15-iasecc.c --- opensc-0.11.13/src/pkcs15init/pkcs15-iasecc.c 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/pkcs15-iasecc.c 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,1591 @@ +/* + * IAS/ECC specific operations for PKCS #15 initialization + * + * Copyright (C) 2002 Juha Yrjölä + * Copyright (C) 2010 Viktor Tarasov + * OpenTrust + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#ifdef ENABLE_OPENSSL /* empty file without openssl */ + +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "../libopensc/opensc.h" +#include "../libopensc/cardctl.h" +#include "../libopensc/log.h" +#include "../libopensc/pkcs15.h" +#include "../libopensc/cards.h" +#include "../libopensc/iasecc.h" +#include "../libopensc/iasecc-sdo.h" + +#include "pkcs15-init.h" +#include "profile.h" + +#define IASECC_TITLE "IASECC" + +int iasecc_pkcs15_delete_file(struct sc_pkcs15_card *p15card, struct sc_profile *profile, struct sc_file *df); + +static void +iasecc_reference_to_pkcs15_id (unsigned int ref, struct sc_pkcs15_id *id) +{ + int ii, sz; + + for (ii=0, sz = 0; (unsigned)ii < sizeof(unsigned int); ii++) + if (ref >> 8*ii) + sz++; + + for (ii=0; ii < sz; ii++) + id->value[sz - ii - 1] = (ref >> 8*ii) & 0xFF; + + id->len = sz; +} + + +int +iasecc_pkcs15_delete_file(struct sc_pkcs15_card *p15card, struct sc_profile *profile, + struct sc_file *df) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_card *card = p15card->card; + struct sc_path path; + unsigned long caps = card->caps; + int rv = 0; + + LOG_FUNC_CALLED(ctx); + + sc_log(ctx, "iasecc_pkcs15_delete_file() id %04X\n", df->id); + + card->caps |= SC_CARD_CAP_USE_FCI_AC; + rv = sc_pkcs15init_authenticate(profile, p15card, df, SC_AC_OP_DELETE); + card->caps = caps; + + LOG_TEST_RET(ctx, rv, "Cannnot authenticate SC_AC_OP_DELETE"); + + memset(&path, 0, sizeof(path)); + path.type = SC_PATH_TYPE_FILE_ID; + path.value[0] = df->id >> 8; + path.value[1] = df->id & 0xFF; + path.len = 2; + + rv = sc_delete_file(card, &path); + LOG_FUNC_RETURN(ctx, rv); +} + + +/* + * Erase the card + * + */ +static int +iasecc_pkcs15_erase_card(struct sc_profile *profile, struct sc_pkcs15_card *p15card) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_file *file = NULL; + struct sc_path path; + struct sc_pkcs15_df *df; + int rv; + + LOG_FUNC_CALLED(ctx); + + if (p15card->app->ddo.aid.len) { + memset(&path, 0, sizeof(struct sc_path)); + path.type = SC_PATH_TYPE_DF_NAME; + memcpy(path.value, p15card->app->ddo.aid.value, p15card->app->ddo.aid.len); + path.len = p15card->app->ddo.aid.len; + + sc_log(ctx, "Select DDO AID: %s", sc_print_path(&path)); + rv = sc_select_file(p15card->card, &path, NULL); + LOG_TEST_RET(ctx, rv, "Erase application error: cannot select DDO AID"); + } + + for (df = p15card->df_list; df; df = df->next) { + struct sc_pkcs15_object *objs[32]; + unsigned obj_type = 0; + int ii; + + if (df->type == SC_PKCS15_PRKDF) + obj_type = SC_PKCS15_TYPE_PRKEY; + else if (df->type == SC_PKCS15_PUKDF) + obj_type = SC_PKCS15_TYPE_PUBKEY; + else if (df->type == SC_PKCS15_CDF) + obj_type = SC_PKCS15_TYPE_CERT; + else + continue; + + rv = sc_pkcs15_get_objects(p15card, obj_type, objs, 32); + LOG_TEST_RET(ctx, rv, "Failed to get PKCS#15 objects to remove"); + + for (ii=0; iicard, &df->path, &file); + if (rv == SC_ERROR_FILE_NOT_FOUND) + continue; + LOG_TEST_RET(ctx, rv, "Cannot select object file"); + + rv = sc_erase_binary(p15card->card, 0, file->size, 0); + if (rv == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED) { + rv = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_UPDATE); + LOG_TEST_RET(ctx, rv, "SC_AC_OP_UPDATE authentication failed"); + + rv = sc_erase_binary(p15card->card, 0, file->size, 0); + } + LOG_TEST_RET(ctx, rv, "Binary erase error"); + + sc_file_free(file); + } + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +/* + * Allocate a file + */ +static int +iasecc_pkcs15_new_file(struct sc_profile *profile, struct sc_card *card, + unsigned int type, unsigned int num, struct sc_file **out) +{ + struct sc_context *ctx = card->ctx; + struct sc_file *file = NULL; + const char *_template = NULL; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "type %X; num %i\n", type, num); + switch (type) { + case SC_PKCS15_TYPE_PRKEY_RSA: + _template = "private-key"; + break; + case SC_PKCS15_TYPE_PUBKEY_RSA: + _template = "public-key"; + break; + case SC_PKCS15_TYPE_CERT: + _template = "certificate"; + break; + case SC_PKCS15_TYPE_DATA_OBJECT: + _template = "public-data"; + break; + default: + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Profile template not supported"); + } + + sc_log(ctx, "df_info path '%s'\n", sc_print_path(&profile->df_info->file->path)); + rv = sc_profile_get_file(profile, _template, &file); + if (rv == SC_ERROR_FILE_NOT_FOUND) { + struct sc_pkcs15_id id; + + id.len = 1; + id.value[0] = num & 0xFF; + rv = sc_profile_instantiate_template(profile, "key-domain", &profile->df_info->file->path, + _template, &id, &file); + } + LOG_TEST_RET(ctx, rv, "Error when getting file from template"); + + sc_log(ctx, "path(type:%X;path:%s)\n", file->path.type, sc_print_path(&file->path)); + + file->id = (file->id & 0xFF00) | (num & 0xFF); + if (file->path.len == 0) { + file->path.type = SC_PATH_TYPE_FILE_ID; + file->path.len = 2; + } + file->path.value[file->path.len - 2] = (file->id >> 8) & 0xFF; + file->path.value[file->path.len - 1] = file->id & 0xFF; + file->path.count = -1; + + sc_log(ctx, "file size %i; ef type %i/%i; id %04X\n", file->size, file->type, file->ef_structure, file->id); + sc_log(ctx, "path type %X; path '%s'", file->path.type, sc_print_path(&file->path)); + + if (out) + *out = file; + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +/* + * Select a key reference + */ +static int +iasecc_pkcs15_select_key_reference(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct sc_pkcs15_prkey_info *key_info) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_card *card = p15card->card; + struct sc_file *file = NULL; + int rv = 0, idx = key_info->key_reference & ~IASECC_OBJECT_REF_LOCAL; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "'seed' key reference %i; path %s", key_info->key_reference & ~IASECC_OBJECT_REF_LOCAL, + sc_print_path(&key_info->path)); + + rv = sc_select_file(card, &key_info->path, &file); + LOG_TEST_RET(ctx, rv, "Cannot select DF to select key reference in"); + + /* 1 <= ObjReference <= 31 */ + if (idx < IASECC_OBJECT_REF_MIN) + idx = IASECC_OBJECT_REF_MIN; + + /* Look for the suitable slot */ + if (idx <= IASECC_OBJECT_REF_MAX) { + struct iasecc_ctl_get_free_reference ctl_data; + + ctl_data.key_size = key_info->modulus_length; + ctl_data.usage = key_info->usage; + ctl_data.access = key_info->access_flags; + ctl_data.index = idx; + + rv = sc_card_ctl(card, SC_CARDCTL_IASECC_GET_FREE_KEY_REFERENCE, &ctl_data); + if (!rv) + sc_log(ctx, "found allocated slot %i", idx); + else if (rv == SC_ERROR_DATA_OBJECT_NOT_FOUND && idx <= IASECC_OBJECT_REF_MAX) + sc_log(ctx, "found empty slot %i", idx); + else + LOG_TEST_RET(ctx, rv, "Cannot select key reference"); + + idx = ctl_data.index; + } + + /* All card objects but PINs are locals */ + key_info->key_reference = idx | IASECC_OBJECT_REF_LOCAL; + sc_log(ctx, "selected key reference %i", key_info->key_reference); + + if (file) + sc_file_free(file); + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static int +iasecc_sdo_get_data(struct sc_card *card, struct iasecc_sdo *sdo) +{ + struct sc_context *ctx = card->ctx; + int rv; + + LOG_FUNC_CALLED(ctx); + rv = sc_card_ctl(card, SC_CARDCTL_IASECC_SDO_GET_DATA, sdo); + LOG_TEST_RET(ctx, rv, "IasEcc: GET DATA error"); + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +iasecc_file_convert_acls(struct sc_context *ctx, struct sc_profile *profile, struct sc_file *file) +{ + int ii; + + for (ii=0; iimethod) { + case SC_AC_IDA: + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "'IDA' not actually supported"); + case SC_AC_SCB: + if ((acl->key_ref & IASECC_SCB_METHOD_MASK) == IASECC_SCB_METHOD_USER_AUTH) { + acl->method = SC_AC_SEN; + acl->key_ref &= IASECC_SCB_METHOD_MASK_REF; + } + else if ((acl->key_ref & IASECC_SCB_METHOD_MASK) == IASECC_SCB_METHOD_SM) { + acl->method = SC_AC_PRO; + acl->key_ref &= IASECC_SCB_METHOD_MASK_REF; + } + } + } + } + + return 0; +} + +static int +iasecc_sdo_set_key_acls_from_profile(struct sc_profile *profile, struct sc_card *card, + const char *template, struct iasecc_sdo *sdo) +{ + struct sc_context *ctx = card->ctx; + struct sc_file *file = NULL; + unsigned char ops_prvkey[7] = { + SC_AC_OP_PSO_COMPUTE_SIGNATURE, SC_AC_OP_INTERNAL_AUTHENTICATE, SC_AC_OP_PSO_DECRYPT, + SC_AC_OP_GENERATE, 0xFF, SC_AC_OP_UPDATE, SC_AC_OP_READ + }; + unsigned char ops_pubkey[7] = { + 0xFF, SC_AC_OP_EXTERNAL_AUTHENTICATE, 0xFF, + SC_AC_OP_GENERATE, 0xFF, SC_AC_OP_UPDATE, SC_AC_OP_READ + }; + unsigned char amb, scb[16], mask; + int rv, ii, cntr; + + LOG_FUNC_CALLED(ctx); + + /* Get ACLs from profile template */ + rv = sc_profile_get_file(profile, template, &file); + LOG_TEST_RET(ctx, rv, "IasEcc: cannot instanciate private key file"); + + /* Convert PKCS15 ACLs to SE ACLs */ + rv = iasecc_file_convert_acls(ctx, profile, file); + LOG_TEST_RET(ctx, rv, "Cannot convert profile ACLs"); + + memset(scb, 0, sizeof(scb)); + for (ii = 0, mask = 0x80, amb = 0x80, cntr = 0; ii < 7; ii++) { + const sc_acl_entry_t *acl; + unsigned char op = sdo->sdo_class == IASECC_SDO_CLASS_RSA_PRIVATE ? ops_prvkey[ii] : ops_pubkey[ii]; + + mask >>= 1; + + if (op == 0xFF) + continue; + + acl = sc_file_get_acl_entry(file, op); + sc_log(ctx, "ACL: 0x%X:0x%X", acl->method, acl->key_ref); + + if (acl->method == SC_AC_NEVER) { + } + else if (acl->method == SC_AC_NONE) { + amb |= mask; + scb[cntr++] = 0x00; + } + else if (acl->method == SC_AC_SEN || acl->method == SC_AC_PRO || acl->method == SC_AC_AUT) { + if ((acl->key_ref & 0xF) == 0 || (acl->key_ref & 0xF) == 0xF) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Invalid SE reference"); + + amb |= mask; + + if (acl->method == SC_AC_SEN) + scb[cntr++] = acl->key_ref | IASECC_SCB_METHOD_USER_AUTH; + else if (acl->method == SC_AC_PRO) + scb[cntr++] = acl->key_ref | IASECC_SCB_METHOD_SM; + else + scb[cntr++] = acl->key_ref | IASECC_SCB_METHOD_EXT_AUTH; + } + else { + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Unknown SCB method"); + } + } + + /* Copy ACLs into the DOCP*/ + sdo->docp.acls_contact.tag = IASECC_DOCP_TAG_ACLS_CONTACT; + sdo->docp.acls_contact.size = cntr + 1; + sdo->docp.acls_contact.value = calloc(1, sdo->docp.acls_contact.size); + if (!sdo->docp.acls_contact.value) + return SC_ERROR_MEMORY_FAILURE; + *(sdo->docp.acls_contact.value + 0) = amb; + memcpy(sdo->docp.acls_contact.value + 1, scb, cntr); + + sc_log(ctx, "AMB: %X, CNTR %i, %x %x %x %x %x %x", + amb, cntr, scb[0], scb[1], scb[2], scb[3], scb[4], scb[5], scb[6]); + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static int +iasecc_sdo_allocate_prvkey(struct sc_profile *profile, struct sc_card *card, + struct sc_pkcs15_prkey_info *key_info, struct iasecc_sdo **out) +{ + struct sc_context *ctx = card->ctx; + struct iasecc_sdo *sdo = NULL; + size_t sz = key_info->modulus_length / 8; + int rv; + + LOG_FUNC_CALLED(ctx); + + sdo = calloc(1, sizeof(struct iasecc_sdo)); + if (!sdo) + LOG_TEST_RET(ctx, SC_ERROR_MEMORY_FAILURE, "Cannot allocate 'iasecc_sdo'"); + + sdo->magic = SC_CARDCTL_IASECC_SDO_MAGIC; + sdo->sdo_ref = key_info->key_reference & 0x3F; + sdo->sdo_class = IASECC_SDO_CLASS_RSA_PRIVATE; + sdo->usage = key_info->usage; + + sc_log(ctx, "sdo->sdo_class 0x%X; sdo->usage 0x%X", sdo->sdo_class, sdo->usage); + + rv = iasecc_sdo_get_data(card, sdo); + if (rv == SC_ERROR_DATA_OBJECT_NOT_FOUND) { + sdo->not_on_card = 1; + + rv = iasecc_sdo_set_key_acls_from_profile(profile, card, "private-key", sdo); + LOG_TEST_RET(ctx, rv, "IasEcc: cannot set ACLs for SDO from the 'private-key'"); + + /* FIXME: set here sdo->docp.name and sdo->docp.idata */ + + sdo->docp.non_repudiation.value = calloc(1, 1); + if (!sdo->docp.non_repudiation.value) + LOG_FUNC_RETURN(ctx, SC_ERROR_MEMORY_FAILURE); + sdo->docp.non_repudiation.tag = IASECC_DOCP_TAG_NON_REPUDATION; + sdo->docp.non_repudiation.size = 1; + + sdo->data.prv_key.compulsory.value = calloc(1, 1); + if (!sdo->data.prv_key.compulsory.value) + LOG_FUNC_RETURN(ctx, SC_ERROR_MEMORY_FAILURE); + sdo->data.prv_key.compulsory.tag = IASECC_SDO_PRVKEY_TAG_COMPULSORY; + sdo->data.prv_key.compulsory.size = 1; + + sdo->docp.size.value = calloc(1, 2); + if (!sdo->docp.size.value) + LOG_FUNC_RETURN(ctx, SC_ERROR_MEMORY_FAILURE); + sdo->docp.size.tag = IASECC_DOCP_TAG_SIZE; + sdo->docp.size.size = 2; + *(sdo->docp.size.value + 0) = (sz >> 8) & 0xFF; + *(sdo->docp.size.value + 1) = sz & 0xFF; +/* + FIXME: Manage CRT key types: IASECC_GEN_KEY_TYPE_*: X509_usage + Optional PRIVATE KEY SDO attribute 'Algorithm to compulsorily use' can have one of the three values: + 0(any usage), B6(Sign), A4(Authentication), B8(Confidentiality). + If present, this attribute has to be the same in the 'GENERATE KEY' template data. +*/ + if (!(key_info->access_flags & SC_PKCS15_PRKEY_ACCESS_LOCAL) && (key_info->usage & SC_PKCS15_PRKEY_USAGE_NONREPUDIATION)) + sc_log(ctx, "Non fatal error: NON_REPUDATION can be used only for the localy generated keys"); + + if ((key_info->access_flags & SC_PKCS15_PRKEY_ACCESS_LOCAL) + && (key_info->usage & SC_PKCS15_PRKEY_USAGE_SIGN) + && (key_info->usage & SC_PKCS15_PRKEY_USAGE_NONREPUDIATION)) { + *(sdo->docp.non_repudiation.value + 0) = 1; + *(sdo->data.prv_key.compulsory.value + 0) = IASECC_CRT_TAG_DST; + } + + sc_log(ctx, "non_repudiation %i", *(sdo->docp.non_repudiation.value + 0)); + sc_log(ctx, "compulsory 0x%X", *(sdo->data.prv_key.compulsory.value + 0)); + } + else { + LOG_TEST_RET(ctx, rv, "IasEcc: error while getting private key SDO data"); + } + + if (out) + *out = sdo; + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static int +iasecc_sdo_allocate_pubkey(struct sc_profile *profile, struct sc_card *card, struct sc_pkcs15_pubkey_info *key_info, + struct iasecc_sdo **out) +{ + struct sc_context *ctx = card->ctx; + struct iasecc_sdo *sdo = NULL; + size_t sz = key_info->modulus_length / 8; + int rv; + + LOG_FUNC_CALLED(ctx); + sdo = calloc(1, sizeof(struct iasecc_sdo)); + if (!sdo) + return SC_ERROR_MEMORY_FAILURE; + + sdo->magic = SC_CARDCTL_IASECC_SDO_MAGIC; + sdo->sdo_ref = key_info->key_reference & 0x3F; + sdo->sdo_class = IASECC_SDO_CLASS_RSA_PUBLIC; + + rv = iasecc_sdo_get_data(card, sdo); + sc_log(ctx, "get Public Key SDO(class:%X) data returned %i", sdo->sdo_class, rv); + if (rv == SC_ERROR_DATA_OBJECT_NOT_FOUND) { + sdo->not_on_card = 1; + + rv = iasecc_sdo_set_key_acls_from_profile(profile, card, "public-key", sdo); + LOG_TEST_RET(ctx, rv, "iasecc_sdo_allocate_pubkey() cannot set ACLs for SDO from the 'public-key'"); + + sdo->docp.size.value = calloc(1, 2); + if (!sdo->docp.size.value) + LOG_FUNC_RETURN(ctx, SC_ERROR_MEMORY_FAILURE); + sdo->docp.size.size = 2; + sdo->docp.size.tag = IASECC_DOCP_TAG_SIZE; + *(sdo->docp.size.value + 0) = (sz >> 8) & 0xFF; + *(sdo->docp.size.value + 1) = sz & 0xFF; + + if (card->type == SC_CARD_TYPE_IASECC_OBERTHUR) { + printf("TODO: Disabled for the tests of the Oberthur card\n"); + } + else { + sdo->data.pub_key.cha.value = calloc(1, 2); + if (!sdo->data.pub_key.cha.value) + LOG_FUNC_RETURN(ctx, SC_ERROR_MEMORY_FAILURE); + sdo->data.pub_key.cha.size = 2; + sdo->data.pub_key.cha.tag = IASECC_SDO_PUBKEY_TAG_CHA; + } + + sdo->data.pub_key.compulsory.value = calloc(1, 1); + if (!sdo->data.pub_key.compulsory.value) + LOG_FUNC_RETURN(ctx, SC_ERROR_MEMORY_FAILURE); + sdo->data.pub_key.compulsory.tag = IASECC_SDO_PUBKEY_TAG_COMPULSORY; + sdo->data.pub_key.compulsory.size = 1; + } + else { + LOG_TEST_RET(ctx, rv, "iasecc_sdo_allocate_pubkey() error while getting public key SDO data"); + } + + if (out) + *out = sdo; + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static int +iasecc_sdo_convert_to_file(struct sc_card *card, struct iasecc_sdo *sdo, struct sc_file **out) +{ + struct sc_context *ctx = card->ctx; + struct sc_file *file = sc_file_new(); + int rv, ii; + + LOG_FUNC_CALLED(ctx); + if (file == NULL) + LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY); + else if (!card || !sdo) + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS); + + sc_log(ctx, "SDO class 0x%X", sdo->sdo_class); + + if (sdo->sdo_class == IASECC_SDO_CLASS_RSA_PRIVATE) { + unsigned char ops[] = { + SC_AC_OP_PSO_COMPUTE_SIGNATURE, SC_AC_OP_INTERNAL_AUTHENTICATE, SC_AC_OP_PSO_DECRYPT, + SC_AC_OP_GENERATE, SC_AC_OP_UPDATE, SC_AC_OP_READ + }; + + for (ii=0; iiaccess_rules[ii].access_mode) { + object->access_rules[ii].access_mode = access_mode; + if (auth_id) + object->access_rules[ii].auth_id = *auth_id; + else + object->access_rules[ii].auth_id.len = 0; + break; + } + else if (!auth_id && !object->access_rules[ii].auth_id.len) { + object->access_rules[ii].access_mode |= access_mode; + break; + } + else if (auth_id && sc_pkcs15_compare_id(&object->access_rules[ii].auth_id, auth_id)) { + object->access_rules[ii].access_mode |= access_mode; + break; + } + } + + if (ii==SC_PKCS15_MAX_ACCESS_RULES) + return SC_ERROR_TOO_MANY_OBJECTS; + + return SC_SUCCESS; +} + + +static int +iasecc_pkcs15_get_auth_id_from_se(struct sc_pkcs15_card *p15card, unsigned char scb, + struct sc_pkcs15_id *auth_id) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_object *pin_objs[32]; + int rv, ii, nn_pins, se_ref, pin_ref; + + LOG_FUNC_CALLED(ctx); + if (!auth_id) + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS); + + memset(auth_id, 0, sizeof(struct sc_pkcs15_id)); + + if (!(scb & IASECC_SCB_METHOD_USER_AUTH)) + LOG_FUNC_RETURN(ctx, SC_SUCCESS); + + rv = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_AUTH_PIN, pin_objs, 32); + LOG_TEST_RET(ctx, rv, "Error while getting AUTH objects"); + nn_pins = rv; + + se_ref = scb & 0x0F; + rv = sc_card_ctl(p15card->card, SC_CARDCTL_GET_CHV_REFERENCE_IN_SE, (void *)(&se_ref)); + LOG_TEST_RET(ctx, rv, "Card CTL error: cannot get CHV reference from SE"); + pin_ref = rv; + for (ii=0; iidata; + + /* FIXME: make pin reference 'unsigned' */ + sc_log(ctx, "PIN refs %i/%i", pin_ref, pin_info->reference); + if (pin_ref == ((pin_info->reference + 0x100) % 0x100)) { + *auth_id = pin_info->auth_id; + break; + } + } + if (ii == nn_pins) + LOG_TEST_RET(ctx, SC_ERROR_OBJECT_NOT_FOUND, "No AUTH object found"); + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static int +iasecc_pkcs15_fix_file_access_rule(struct sc_pkcs15_card *p15card, struct sc_file *file, + unsigned ac_op, unsigned rule_mode, struct sc_pkcs15_object *object) +{ + struct sc_context *ctx = p15card->card->ctx; + const struct sc_acl_entry *acl = NULL; + struct sc_pkcs15_id id; + unsigned ref; + int rv; + + LOG_FUNC_CALLED(ctx); + acl = sc_file_get_acl_entry(file, ac_op); + sc_log(ctx, "Fix file access rule: AC_OP:%i, ACL(method:0x%X,ref:0x%X)", ac_op, acl->method, acl->key_ref); + if (acl->method == SC_AC_NONE) { + sc_log(ctx, "rule-mode:0x%X, auth-ID:NONE", rule_mode); + rv = iasecc_pkcs15_add_access_rule(object, rule_mode, NULL); + LOG_TEST_RET(ctx, rv, "Fix file access rule error"); + } + else { + if (acl->method == SC_AC_IDA) { + ref = acl->key_ref; + iasecc_reference_to_pkcs15_id (ref, &id); + } + else if (acl->method == SC_AC_SCB) { + rv = iasecc_pkcs15_get_auth_id_from_se(p15card, acl->key_ref, &id); + LOG_TEST_RET(ctx, rv, "Cannot get AUTH.ID from SE"); + } + else if (acl->method == SC_AC_PRO) { + ref = IASECC_SCB_METHOD_SM * 0x100 + acl->key_ref; + iasecc_reference_to_pkcs15_id (ref, &id); + } + else { + LOG_TEST_RET(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Fix file access error"); + } + + sc_log(ctx, "rule-mode:0x%X, auth-ID:%s", rule_mode, sc_pkcs15_print_id(&id)); + rv = iasecc_pkcs15_add_access_rule(object, rule_mode, &id); + LOG_TEST_RET(ctx, rv, "Fix file access rule error"); + } + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static int +iasecc_pkcs15_fix_file_access(struct sc_pkcs15_card *p15card, struct sc_file *file, + struct sc_pkcs15_object *object) +{ + struct sc_context *ctx = p15card->card->ctx; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "authID %s", sc_pkcs15_print_id(&object->auth_id)); + + memset(object->access_rules, 0, sizeof(object->access_rules)); + + rv = iasecc_pkcs15_fix_file_access_rule(p15card, file, SC_AC_OP_READ, SC_PKCS15_ACCESS_RULE_MODE_READ, object); + LOG_TEST_RET(ctx, rv, "Fix file READ access error"); + + rv = iasecc_pkcs15_fix_file_access_rule(p15card, file, SC_AC_OP_UPDATE, SC_PKCS15_ACCESS_RULE_MODE_UPDATE, object); + LOG_TEST_RET(ctx, rv, "Fix file READ access error"); + + rv = iasecc_pkcs15_fix_file_access_rule(p15card, file, SC_AC_OP_DELETE, SC_PKCS15_ACCESS_RULE_MODE_DELETE, object); + LOG_TEST_RET(ctx, rv, "Fix file READ access error"); + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static int +iasecc_pkcs15_encode_supported_algos(struct sc_pkcs15_card *p15card, struct sc_pkcs15_object *object) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_prkey_info *prkey_info = (struct sc_pkcs15_prkey_info *) object->data; + struct sc_supported_algo_info *algo; + int rv = SC_SUCCESS, ii; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "encode supported algos for object(%s,type:%X)", object->label, object->type); + switch (object->type) { + case SC_PKCS15_TYPE_PRKEY_RSA: + sc_log(ctx, "PrKey Usage:%X,Access:%X", prkey_info->usage, prkey_info->access_flags); + if (prkey_info->usage & (SC_PKCS15_PRKEY_USAGE_DECRYPT | SC_PKCS15_PRKEY_USAGE_UNWRAP)) { + algo = sc_pkcs15_get_supported_algo(p15card, SC_PKCS15_ALGO_OP_DECIPHER, CKM_RSA_PKCS); + rv = sc_pkcs15_add_supported_algo_ref(object, algo); + LOG_TEST_RET(ctx, rv, "cannot add supported algorithm DECIPHER:CKM_RSA_PKCS"); + } + + if (prkey_info->usage & SC_PKCS15_PRKEY_USAGE_SIGN) { + if (prkey_info->usage & SC_PKCS15_PRKEY_USAGE_NONREPUDIATION) { + algo = sc_pkcs15_get_supported_algo(p15card, SC_PKCS15_ALGO_OP_COMPUTE_SIGNATURE, CKM_SHA1_RSA_PKCS); + rv = sc_pkcs15_add_supported_algo_ref(object, algo); + LOG_TEST_RET(ctx, rv, "cannot add supported algorithm SIGN:CKM_SHA1_RSA_PKCS"); + + algo = sc_pkcs15_get_supported_algo(p15card, SC_PKCS15_ALGO_OP_COMPUTE_SIGNATURE, CKM_SHA256_RSA_PKCS); + rv = sc_pkcs15_add_supported_algo_ref(object, algo); + LOG_TEST_RET(ctx, rv, "cannot add supported algorithm SIGN:CKM_SHA256_RSA_PKCS"); + } + else { + algo = sc_pkcs15_get_supported_algo(p15card, SC_PKCS15_ALGO_OP_COMPUTE_SIGNATURE, CKM_RSA_PKCS); + rv = sc_pkcs15_add_supported_algo_ref(object, algo); + LOG_TEST_RET(ctx, rv, "cannot add supported algorithm SIGN:CKM_RSA_PKCS"); + } + } + + for (ii=0; iialgo_refs[ii]; ii++) + sc_log(ctx, "algoReference %i", prkey_info->algo_refs[ii]); + break; + default: + rv = SC_ERROR_NOT_SUPPORTED; + break; + } + + LOG_FUNC_RETURN(ctx, rv); +} + + +/* + * Store SDO key RSA + */ +static int +iasecc_sdo_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct iasecc_sdo *sdo_prvkey, struct iasecc_sdo *sdo_pubkey, + struct sc_pkcs15_prkey_rsa *rsa) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_card *card = p15card->card; + unsigned long caps = card->caps; + struct iasecc_sdo_rsa_update update; + struct sc_file *dummy_file = NULL; + int rv; + + LOG_FUNC_CALLED(ctx); + + if (!sdo_prvkey && !sdo_pubkey) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "At least one SDO has to be supplied"); + rv = iasecc_sdo_convert_to_file(card, sdo_prvkey ? sdo_prvkey : sdo_pubkey, &dummy_file); + LOG_TEST_RET(ctx, rv, "Cannot convert SDO PRIVATE KEY to file"); + + card->caps &= ~SC_CARD_CAP_USE_FCI_AC; + rv = sc_pkcs15init_authenticate(profile, p15card, dummy_file, SC_AC_OP_UPDATE); + card->caps = caps; + LOG_TEST_RET(ctx, rv, "SDO PRIVATE KEY UPDATE authentication failed"); + + if (dummy_file) + sc_file_free(dummy_file); + + memset(&update, 0, sizeof(update)); + + update.sdo_prv_key = sdo_prvkey; + update.sdo_pub_key = sdo_pubkey; + update.p15_rsa = rsa; + update.magic = IASECC_SDO_MAGIC_UPDATE_RSA; + + rv = sc_card_ctl(card, SC_CARDCTL_IASECC_SDO_KEY_RSA_PUT_DATA, &update); + LOG_TEST_RET(ctx, rv, "store IAS SDO PRIVATE KEY failed"); + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +iasecc_pkcs15_add_algorithm_reference(struct sc_pkcs15_card *p15card, + struct sc_pkcs15_prkey_info *key_info, unsigned algo_ref) +{ + int ii, jj; + + for (jj=0;jjalgo_refs[jj];jj++) + ; + if (jj == SC_MAX_SUPPORTED_ALGORITHMS) + return SC_ERROR_TOO_MANY_OBJECTS; + + for (ii=0;iitokeninfo->supported_algos[ii].algo_ref == algo_ref) + break; + if (ii == SC_MAX_SUPPORTED_ALGORITHMS) + return SC_ERROR_OBJECT_NOT_FOUND; + + key_info->algo_refs[jj] = p15card->tokeninfo->supported_algos[ii].reference; + return SC_SUCCESS; +} + + +static int +iasecc_pkcs15_fix_private_key_attributes(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct sc_pkcs15_object *object, + struct iasecc_sdo *sdo_prvkey) +{ + struct sc_card *card = p15card->card; + struct sc_context *ctx = card->ctx; + struct sc_pkcs15_prkey_info *key_info = (struct sc_pkcs15_prkey_info *) object->data; + int rv = 0, ii; + unsigned keys_access_modes[IASECC_MAX_SCBS] = { + SC_PKCS15_ACCESS_RULE_MODE_PSO_CDS, SC_PKCS15_ACCESS_RULE_MODE_INT_AUTH, SC_PKCS15_ACCESS_RULE_MODE_PSO_DECRYPT, + SC_PKCS15_ACCESS_RULE_MODE_EXECUTE, 0x00, SC_PKCS15_ACCESS_RULE_MODE_UPDATE, SC_PKCS15_ACCESS_RULE_MODE_READ + }; + + LOG_FUNC_CALLED(ctx); + if (!object->content.value || object->content.len != sizeof(struct iasecc_sdo)) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "store IAS SDO PRIVATE KEY failed"); + + if (object->type != SC_PKCS15_TYPE_PRKEY_RSA) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Unsupported object type"); + + key_info->access_flags |= SC_PKCS15_PRKEY_ACCESS_SENSITIVE; + key_info->access_flags |= SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE; + key_info->access_flags |= SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE; + + sc_log(ctx, "SDO(class:%X,ref:%X,usage:%X)", + sdo_prvkey->sdo_class, sdo_prvkey->sdo_ref, sdo_prvkey->usage); + sc_log(ctx, "SDO ACLs(%i):%s", sdo_prvkey->docp.acls_contact.size, + sc_dump_hex(sdo_prvkey->docp.acls_contact.value, sdo_prvkey->docp.acls_contact.size)); + sc_log(ctx, "SDO AMB:%X, SCBS:%s", sdo_prvkey->docp.amb, + sc_dump_hex(sdo_prvkey->docp.scbs, IASECC_MAX_SCBS)); + + for (ii=0;iidocp.scbs[ii]); + if (sdo_prvkey->docp.scbs[ii] == 0xFF) { + continue; + } + else if (sdo_prvkey->docp.scbs[ii] == 0x00) { + rv = iasecc_pkcs15_add_access_rule(object, keys_access_modes[ii], NULL); + LOG_TEST_RET(ctx, rv, "Cannot add access rule"); + } + else if (sdo_prvkey->docp.scbs[ii] & IASECC_SCB_METHOD_USER_AUTH) { + struct sc_pkcs15_id auth_id; + + rv = iasecc_pkcs15_get_auth_id_from_se(p15card, sdo_prvkey->docp.scbs[ii], &auth_id); + LOG_TEST_RET(ctx, rv, "Cannot get AUTH.ID from SE"); + + rv = iasecc_pkcs15_add_access_rule(object, keys_access_modes[ii], &auth_id); + LOG_TEST_RET(ctx, rv, "Cannot add access rule"); + + if (ii == IASECC_ACLS_RSAKEY_PSO_SIGN + || ii == IASECC_ACLS_RSAKEY_INTERNAL_AUTH + || ii == IASECC_ACLS_RSAKEY_PSO_DECIPHER) { + if (!sc_pkcs15_compare_id(&object->auth_id, &auth_id)) { + /* Sorry, this will silently overwrite the profile option.*/ + sc_log(ctx, "Change object's authId for the one that really protects crypto operation."); + object->auth_id = auth_id; + } + } + } + + if (ii == IASECC_ACLS_RSAKEY_PSO_SIGN) { + rv = iasecc_pkcs15_add_algorithm_reference(p15card, key_info, + IASECC_ALGORITHM_RSA_PKCS | IASECC_ALGORITHM_SHA1); + LOG_TEST_RET(ctx, rv, "Cannot add RSA_PKCS SHA1 supported mechanism"); + + rv = iasecc_pkcs15_add_algorithm_reference(p15card, key_info, + IASECC_ALGORITHM_RSA_PKCS | IASECC_ALGORITHM_SHA2); + LOG_TEST_RET(ctx, rv, "Cannot add RSA_PKCS SHA2 supported mechanism"); + + key_info->usage |= SC_PKCS15_PRKEY_USAGE_SIGN; + if (sdo_prvkey->docp.non_repudiation.value && sdo_prvkey->docp.non_repudiation.value[0]) + key_info->usage |= SC_PKCS15_PRKEY_USAGE_NONREPUDIATION; + } + else if (ii == IASECC_ACLS_RSAKEY_INTERNAL_AUTH) { + rv = iasecc_pkcs15_add_algorithm_reference(p15card, key_info, IASECC_ALGORITHM_RSA_PKCS); + LOG_TEST_RET(ctx, rv, "Cannot add RSA_PKCS supported mechanism"); + + key_info->usage |= SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_SIGNRECOVER; + } + else if (ii == IASECC_ACLS_RSAKEY_PSO_DECIPHER) { + rv = iasecc_pkcs15_add_algorithm_reference(p15card, key_info, + IASECC_ALGORITHM_RSA_PKCS_DECRYPT | IASECC_ALGORITHM_SHA1); + LOG_TEST_RET(ctx, rv, "Cannot add decipher RSA_PKCS supported mechanism"); + + key_info->usage |= SC_PKCS15_PRKEY_USAGE_DECRYPT | SC_PKCS15_PRKEY_USAGE_UNWRAP; + } + } + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +iasecc_pkcs15_create_key_slot(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct iasecc_sdo *sdo_prvkey, struct iasecc_sdo *sdo_pubkey, + struct sc_pkcs15_prkey_info *key_info) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_card *card = p15card->card; + struct sc_file *file_p_pubkey = NULL, *file_p_prvkey = NULL, *parent = NULL; + unsigned long save_card_caps = p15card->card->caps; + int rv; + + LOG_FUNC_CALLED(ctx); + + rv = iasecc_pkcs15_new_file(profile, card, SC_PKCS15_TYPE_PRKEY_RSA, key_info->key_reference, &file_p_prvkey); + LOG_TEST_RET(ctx, rv, "create key slot: cannot instantiate PRKEY_RSA file"); + + rv = iasecc_pkcs15_new_file(profile, card, SC_PKCS15_TYPE_PUBKEY_RSA, key_info->key_reference, &file_p_pubkey); + LOG_TEST_RET(ctx, rv, "create key slot: cannot instantiate PUBKEY_RSA file"); + + rv = iasecc_file_convert_acls(ctx, profile, file_p_prvkey); + LOG_TEST_RET(ctx, rv, "create key slot: cannot convert ACLs of the private key file"); + + rv = iasecc_file_convert_acls(ctx, profile, file_p_pubkey); + LOG_TEST_RET(ctx, rv, "create key slot: cannot convert ACLs of the public key file"); + + rv = sc_profile_get_parent(profile, "private-key", &parent); + LOG_TEST_RET(ctx, rv, "create key slot: cannot get parent of private key file"); + + rv = iasecc_file_convert_acls(ctx, profile, parent); + LOG_TEST_RET(ctx, rv, "create key slot: cannot convert parent's ACLs"); + + /* Oberthur's card do not returns FCP for selected application DF. + * That's why for the following authentication use the 'CREATE' ACL defined in the application profile. */ + if (card->type == SC_CARD_TYPE_IASECC_OBERTHUR) + p15card->card->caps &= ~SC_CARD_CAP_USE_FCI_AC; + rv = sc_pkcs15init_authenticate(profile, p15card, parent, SC_AC_OP_CREATE); + p15card->card->caps = save_card_caps; + LOG_TEST_RET(ctx, rv, "create key slot: SC_AC_OP_CREATE authentication failed"); + + if (!sdo_prvkey->not_on_card) + sc_log(ctx, "create key slot: SDO private key already present"); + else + rv = sc_card_ctl(card, SC_CARDCTL_IASECC_SDO_CREATE, sdo_prvkey); + LOG_TEST_RET(ctx, rv, "create key slot: cannot create private key: ctl failed"); + + if (!sdo_pubkey->not_on_card) + sc_log(ctx, "create key slot: SDO public key already present"); + else + rv = sc_card_ctl(card, SC_CARDCTL_IASECC_SDO_CREATE, sdo_pubkey); + LOG_TEST_RET(ctx, rv, "create key slot: cannot create public key: ctl failed"); + + sc_file_free(file_p_prvkey); + sc_file_free(file_p_pubkey); + sc_file_free(parent); + + LOG_FUNC_RETURN(ctx, rv); +} + +static int +iasecc_pkcs15_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct sc_pkcs15_object *object) +{ + struct sc_card *card = p15card->card; + struct sc_context *ctx = card->ctx; + struct sc_pkcs15_prkey_info *key_info = (struct sc_pkcs15_prkey_info *) object->data; + struct iasecc_sdo *sdo_prvkey = NULL, *sdo_pubkey = NULL; + size_t keybits = key_info->modulus_length; + unsigned char zeros[0x200]; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "create private key(keybits:%i,usage:%X,access:%X,ref:%X)", + keybits, key_info->usage, key_info->access_flags, key_info->key_reference); + if (keybits < 1024 || keybits > 2048 || (keybits % 256)) { + sc_log(ctx, "Unsupported key size %u", keybits); + return SC_ERROR_INVALID_ARGUMENTS; + } + + memset(zeros, 0, sizeof(zeros)); + + rv = iasecc_sdo_allocate_pubkey(profile, card, (struct sc_pkcs15_pubkey_info *)key_info, &sdo_pubkey); + LOG_TEST_RET(ctx, rv, "IasEcc: allocate SDO public key failed"); + sc_log(ctx, "iasecc_pkcs15_create_key() sdo_pubkey->not_on_card %i", sdo_pubkey->not_on_card); + + rv = iasecc_sdo_allocate_prvkey(profile, card, key_info, &sdo_prvkey); + LOG_TEST_RET(ctx, rv, "IasEcc: init SDO private key failed"); + sc_log(ctx, "iasecc_pkcs15_create_key() sdo_prvkey->not_on_card %i", sdo_prvkey->not_on_card); + + if (!sdo_prvkey->not_on_card && !sdo_pubkey->not_on_card) { + sc_log(ctx, "Key ref %i already allocated", key_info->key_reference); + } + else { + rv = iasecc_pkcs15_create_key_slot(profile, p15card, sdo_prvkey, sdo_pubkey, key_info); + LOG_TEST_RET(ctx, rv, "Cannot create key slot"); + } + + rv = sc_pkcs15_allocate_object_content(object, (unsigned char *)sdo_prvkey, sizeof(struct iasecc_sdo)); + LOG_TEST_RET(ctx, rv, "Failed to allocate PrvKey SDO as object content"); + + rv = iasecc_pkcs15_fix_private_key_attributes(profile, p15card, object, (struct iasecc_sdo *)object->content.value); + LOG_TEST_RET(ctx, rv, "Failed to fix private key PKCS#15 attributes"); + + key_info->path.len = 0; + + iasecc_sdo_free(card, sdo_pubkey); + + LOG_FUNC_RETURN(ctx, rv); +} + + +/* + * RSA key generation + */ +static int +iasecc_pkcs15_generate_key(struct sc_profile *profile, sc_pkcs15_card_t *p15card, + struct sc_pkcs15_object *object, struct sc_pkcs15_pubkey *pubkey) +{ + struct sc_card *card = p15card->card; + struct sc_context *ctx = card->ctx; + struct sc_pkcs15_prkey_info *key_info = (struct sc_pkcs15_prkey_info *) object->data; + size_t keybits = key_info->modulus_length; + struct iasecc_sdo *sdo_prvkey = NULL; + struct iasecc_sdo *sdo_pubkey = NULL; + struct sc_file *file = NULL; + unsigned long caps; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "generate key(bits:%i,path:%s,AuthID:%s\n", keybits, + sc_print_path(&key_info->path), sc_pkcs15_print_id(&object->auth_id)); + + if (!object->content.value || object->content.len != sizeof(struct iasecc_sdo)) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Invalid PrKey SDO data"); + + sdo_prvkey = (struct iasecc_sdo *)object->content.value; + if (sdo_prvkey->magic != SC_CARDCTL_IASECC_SDO_MAGIC) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "'Magic' control failed for SDO PrvKey"); + + if (keybits < 1024 || keybits > 2048 || (keybits%0x100)) { + sc_log(ctx, "Unsupported key size %u\n", keybits); + return SC_ERROR_INVALID_ARGUMENTS; + } + + printf("TODO: Check if native IAS middleware accepts the meaningfull path value.\n"); + + rv = sc_profile_get_parent(profile, "private-key", &file); + LOG_TEST_RET(ctx, rv, "IasEcc: cannot get private key parent file"); + + rv = sc_select_file(card, &file->path, NULL); + LOG_TEST_RET(ctx, rv, "DF for private objects not defined"); + + if (file) + sc_file_free(file); + + rv = iasecc_sdo_convert_to_file(card, sdo_prvkey, &file); + LOG_TEST_RET(ctx, rv, "Cannot convert SDO PRIVKEY to file"); + + caps = card->caps; + card->caps &= ~SC_CARD_CAP_USE_FCI_AC; + rv = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_GENERATE); + card->caps = caps; + LOG_TEST_RET(ctx, rv, "SC_AC_OP_GENERATE authentication failed"); + + key_info->access_flags |= SC_PKCS15_PRKEY_ACCESS_LOCAL; + + rv = sc_card_ctl(card, SC_CARDCTL_IASECC_SDO_GENERATE, sdo_prvkey); + LOG_TEST_RET(ctx, rv, "generate key failed"); + + /* Quite dangerous -- cast of 'sc_pkcs15_prvkey_info' into 'sc_pkcs15_pubkey_info'. */ + rv = iasecc_sdo_allocate_pubkey(profile, card, (struct sc_pkcs15_pubkey_info *)key_info, &sdo_pubkey); + LOG_TEST_RET(ctx, rv, "IasEcc: allocate SDO public key failed"); + + pubkey->algorithm = SC_ALGORITHM_RSA; + + pubkey->u.rsa.modulus.len = sdo_pubkey->data.pub_key.n.size; + pubkey->u.rsa.modulus.data = (unsigned char *) malloc(pubkey->u.rsa.modulus.len); + if (!pubkey->u.rsa.modulus.data) + LOG_FUNC_RETURN(ctx, SC_ERROR_MEMORY_FAILURE); + memcpy(pubkey->u.rsa.modulus.data, sdo_pubkey->data.pub_key.n.value, pubkey->u.rsa.modulus.len); + + pubkey->u.rsa.exponent.len = sdo_pubkey->data.pub_key.e.size; + pubkey->u.rsa.exponent.data = (unsigned char *) malloc(pubkey->u.rsa.exponent.len); + if (!pubkey->u.rsa.exponent.data) + LOG_FUNC_RETURN(ctx, SC_ERROR_MEMORY_FAILURE); + memcpy(pubkey->u.rsa.exponent.data, sdo_pubkey->data.pub_key.e.value, pubkey->u.rsa.exponent.len); + + rv = sc_pkcs15_encode_pubkey(ctx, pubkey, &pubkey->data.value, &pubkey->data.len); + LOG_TEST_RET(ctx, rv, "encode public key failed"); + + rv = iasecc_pkcs15_encode_supported_algos(p15card, object); + LOG_TEST_RET(ctx, rv, "encode private key access rules failed"); + + /* SDO PrvKey data replaced by public part of generated key */ + rv = sc_pkcs15_allocate_object_content(object, pubkey->data.value, pubkey->data.len); + LOG_TEST_RET(ctx, rv, "Failed to allocate public key as object content"); + + iasecc_sdo_free(card, sdo_pubkey); + + LOG_FUNC_RETURN(ctx, rv); +} + + +/* + * Store a private key + */ +static int +iasecc_pkcs15_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct sc_pkcs15_object *object, struct sc_pkcs15_prkey *prvkey) +{ + struct sc_card *card = p15card->card; + struct sc_context *ctx = card->ctx; + struct sc_pkcs15_prkey_info *key_info = (struct sc_pkcs15_prkey_info *) object->data; + size_t keybits = key_info->modulus_length; + struct iasecc_sdo *sdo_prvkey; + struct iasecc_sdo *sdo_pubkey = NULL; + struct sc_pkcs15_prkey_rsa *rsa = &prvkey->u.rsa; + struct sc_file *file = NULL; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "Store IAS/ECC key(keybits:%i,AuthID:%s,path:%s)", + keybits, sc_pkcs15_print_id(&object->auth_id), sc_print_path(&key_info->path)); + + if (!object->content.value || object->content.len != sizeof(struct iasecc_sdo)) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Invalid PrKey SDO data"); + else if (keybits < 1024 || keybits > 2048 || (keybits%0x100)) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Unsupported key size"); + + sdo_prvkey = (struct iasecc_sdo *)object->content.value; + if (sdo_prvkey->magic != SC_CARDCTL_IASECC_SDO_MAGIC) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "'Magic' control failed for SDO PrvKey"); + + sc_log(ctx, "key compulsory attr(size:%i,on_card:%i)", + sdo_prvkey->data.prv_key.compulsory.size, sdo_prvkey->data.prv_key.compulsory.on_card); + + rv = sc_profile_get_parent(profile, "private-key", &file); + LOG_TEST_RET(ctx, rv, "cannot instantiate parent DF of the private key"); + + rv = sc_select_file(card, &file->path, NULL); + LOG_TEST_RET(ctx, rv, "failed to select parent DF"); + + if (file) + sc_file_free(file); + + key_info->access_flags &= ~SC_PKCS15_PRKEY_ACCESS_LOCAL; + + rv = iasecc_sdo_allocate_pubkey(profile, card, (struct sc_pkcs15_pubkey_info *)key_info, &sdo_pubkey); + LOG_TEST_RET(ctx, rv, "private key store failed: cannot allocate 'SDO PUBLIC KEY'"); + + rv = iasecc_sdo_store_key(profile, p15card, sdo_prvkey, sdo_pubkey, rsa); + LOG_TEST_RET(ctx, rv, "cannot store SDO PRIVATE/PUBLIC KEYs"); + + /* sdo_prvkey is freed while object is freeing */ + iasecc_sdo_free(card, sdo_pubkey); + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +iasecc_pkcs15_delete_sdo (struct sc_profile *profile, struct sc_pkcs15_card *p15card, + int sdo_class, int ref) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_card *card = p15card->card; + struct iasecc_sdo *sdo = NULL; + struct sc_pkcs15_prkey_rsa rsa; + struct sc_file *dummy_file = NULL; + unsigned long save_card_caps = card->caps; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "iasecc_pkcs15_delete_sdo() class 0x%X; reference %i", sdo_class, ref); + + sdo = calloc(1, sizeof(struct iasecc_sdo)); + if (!sdo) + return SC_ERROR_MEMORY_FAILURE; + + sdo->magic = SC_CARDCTL_IASECC_SDO_MAGIC; + sdo->sdo_class = sdo_class; + sdo->sdo_ref = ref & 0x3F; + + rv = iasecc_sdo_get_data(card, sdo); + if (rv < 0) { + if (rv == SC_ERROR_DATA_OBJECT_NOT_FOUND) + rv = SC_SUCCESS; + + iasecc_sdo_free(card, sdo); + LOG_FUNC_RETURN(ctx, rv); + } + + if (sdo->sdo_class == IASECC_SDO_CLASS_RSA_PUBLIC) { + if (sdo->data.pub_key.cha.value) { + free(sdo->data.pub_key.cha.value); + sdo->data.pub_key.cha.value = NULL; + sdo->data.pub_key.cha.size = 0; + } + } + + sc_log(ctx, "iasecc_pkcs15_delete_sdo() SDO class 0x%X, ref 0x%X", sdo->sdo_class, sdo->sdo_ref); + rv = iasecc_sdo_convert_to_file(card, sdo, &dummy_file); + LOG_TEST_RET(ctx, rv, "iasecc_pkcs15_delete_sdo() Cannot convert SDO to file"); + + card->caps &= ~SC_CARD_CAP_USE_FCI_AC; + rv = sc_pkcs15init_authenticate(profile, p15card, dummy_file, SC_AC_OP_UPDATE); + card->caps = save_card_caps; + LOG_TEST_RET(ctx, rv, "iasecc_pkcs15_delete_sdo() UPDATE authentication failed for SDO"); + + if (dummy_file) + sc_file_free(dummy_file); + + if (card->type == SC_CARD_TYPE_IASECC_OBERTHUR) { + /* Oberthur's card supports creation/deletion of the key slots ... */ + rv = sc_card_ctl(card, SC_CARDCTL_IASECC_SDO_DELETE, sdo); + } + else { + /* ... other cards not. + * Set to zero the key components . */ + unsigned char zeros[0x200]; + int size = *(sdo->docp.size.value + 0) * 0x100 + *(sdo->docp.size.value + 1); + + sc_log(ctx, "iasecc_pkcs15_delete_sdo() SDO size %i bytes", size); + memset(zeros, 0, sizeof(zeros)); + memset(&rsa, 0, sizeof(rsa)); + + rsa.modulus.data = rsa.exponent.data = zeros; + rsa.modulus.len = size; + rsa.exponent.len = 3; + + rsa.p.data = rsa.q.data = rsa.iqmp.data = rsa.dmp1.data = rsa.dmq1.data = zeros; + rsa.p.len = rsa.q.len = rsa.iqmp.len = rsa.dmp1.len = rsa.dmq1.len = size/2; + + /* Don't know why, but, clean public key do not working with Gemalto card */ + rv = iasecc_sdo_store_key(profile, p15card, sdo, NULL, &rsa); + LOG_TEST_RET(ctx, rv, "iasecc_pkcs15_delete_sdo() store empty private key failed"); + } + + iasecc_sdo_free(card, sdo); + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +iasecc_pkcs15_delete_object (struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct sc_pkcs15_object *object, const struct sc_path *path) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_file *file = sc_file_new(); + int rv, key_ref; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "delete PKCS15 object '%s', path %s", object->label, sc_print_path(path)); + + switch(object->type & SC_PKCS15_TYPE_CLASS_MASK) { + case SC_PKCS15_TYPE_PUBKEY: + key_ref = ((sc_pkcs15_pubkey_info_t *)object->data)->key_reference; + sc_log(ctx, "Ignore delete of the SDO-PUBLIC-KEY(ref:%X)", key_ref); + LOG_FUNC_RETURN(ctx, SC_SUCCESS); + case SC_PKCS15_TYPE_PRKEY: + key_ref = ((sc_pkcs15_prkey_info_t *)object->data)->key_reference; + + /* Delete both parts of the RSA key */ + rv = iasecc_pkcs15_delete_sdo (profile, p15card, IASECC_SDO_CLASS_RSA_PRIVATE, key_ref); + LOG_TEST_RET(ctx, rv, "Cannot delete RSA_PRIVATE SDO"); + + rv = iasecc_pkcs15_delete_sdo (profile, p15card, IASECC_SDO_CLASS_RSA_PUBLIC, key_ref); + LOG_TEST_RET(ctx, rv, "Cannot delete RSA_PUBLIC SDO"); + + LOG_FUNC_RETURN(ctx, rv); + case SC_PKCS15_TYPE_CERT: + break; + case SC_PKCS15_TYPE_DATA_OBJECT: + break; + default: + LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED); + } + + file->type = SC_FILE_TYPE_WORKING_EF; + file->ef_structure = SC_FILE_EF_TRANSPARENT; + file->id = path->value[path->len-2] * 0x100 + path->value[path->len-1]; + memcpy(&file->path, path, sizeof(file->path)); + + rv = iasecc_pkcs15_delete_file(p15card, profile, file); + + sc_file_free(file); + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +iasecc_store_pubkey(struct sc_pkcs15_card *p15card, struct sc_profile *profile, struct sc_pkcs15_object *object, + struct sc_pkcs15_der *data, struct sc_path *path) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_pubkey_info *pubkey_info = (struct sc_pkcs15_pubkey_info *)object->data; + struct sc_pkcs15_prkey_info *prkey_info = NULL; + struct sc_pkcs15_object *prkey_object = NULL; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "Public Key id '%s'", sc_pkcs15_print_id(&pubkey_info->id)); + + rv = sc_pkcs15_find_prkey_by_id(p15card, &pubkey_info->id, &prkey_object); + LOG_TEST_RET(ctx, rv, "Find related PrKey error"); + + prkey_info = (struct sc_pkcs15_prkey_info *)prkey_object->data; + + pubkey_info->key_reference = prkey_info->key_reference; + + pubkey_info->access_flags = prkey_info->access_flags & SC_PKCS15_PRKEY_ACCESS_LOCAL; + pubkey_info->access_flags |= SC_PKCS15_PRKEY_ACCESS_EXTRACTABLE; + + pubkey_info->native = 0; + + pubkey_info->usage |= prkey_info->usage & SC_PKCS15_PRKEY_USAGE_SIGN ? SC_PKCS15_PRKEY_USAGE_VERIFY : 0; + pubkey_info->usage |= prkey_info->usage & SC_PKCS15_PRKEY_USAGE_SIGNRECOVER ? SC_PKCS15_PRKEY_USAGE_VERIFYRECOVER : 0; + pubkey_info->usage |= prkey_info->usage & SC_PKCS15_PRKEY_USAGE_NONREPUDIATION ? SC_PKCS15_PRKEY_USAGE_VERIFY : 0; + pubkey_info->usage |= prkey_info->usage & SC_PKCS15_PRKEY_USAGE_DECRYPT ? SC_PKCS15_PRKEY_USAGE_ENCRYPT : 0; + pubkey_info->usage |= prkey_info->usage & SC_PKCS15_PRKEY_USAGE_UNWRAP ? SC_PKCS15_PRKEY_USAGE_WRAP : 0; + + iasecc_pkcs15_add_access_rule(object, SC_PKCS15_ACCESS_RULE_MODE_READ, NULL); + + memcpy(&pubkey_info->algo_refs[0], &prkey_info->algo_refs[0], sizeof(pubkey_info->algo_refs)); + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + + +static int +iasecc_store_cert(struct sc_pkcs15_card *p15card, struct sc_profile *profile, + struct sc_pkcs15_object *object, struct sc_pkcs15_der *data, + struct sc_path *path) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_card *card = p15card->card; + struct sc_file *pfile = NULL; + int rv; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "iasecc_store_cert() authID '%s'", sc_pkcs15_print_id(&object->auth_id)); + + rv = iasecc_pkcs15_new_file(profile, card, SC_PKCS15_TYPE_CERT, 0, &pfile); + LOG_TEST_RET(ctx, rv, "IasEcc new CERT file error"); + + rv = iasecc_pkcs15_fix_file_access(p15card, pfile, object); + LOG_TEST_RET(ctx, rv, "encode file access rules failed"); + + /* NOT_IMPLEMENTED error code indicates to the upper call to execute the default 'store data' procedure */ + LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_IMPLEMENTED); +} + + +/* + * FIXME: Implement 'store data object' +static int +iasecc_store_opaqueDO(struct sc_pkcs15_card *p15card, struct sc_profile *profile, + struct sc_pkcs15_object *object, struct sc_pkcs15_id *id, + struct sc_pkcs15_der *data, struct sc_path *path) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_card *card = p15card->card; + struct sc_pkcs15_object *p15objects[0x40]; + struct sc_file *cfile = NULL, *pfile = NULL, *parent = NULL; + int rv, nn_objs, indx, ii; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "iasecc_store_opaqueDO() id '%s'", sc_pkcs15_print_id(id)); + sc_log(ctx, "iasecc_store_opaqueDO() authID '%s'", sc_pkcs15_print_id(&object->auth_id)); + nn_objs = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_DATA_OBJECT, p15objects, 0x40); + LOG_TEST_RET(ctx, nn_objs, "IasEcc get pkcs15 DATA objects error"); + + for(indx = 1; indx < 0x40; indx++) { + struct sc_path fpath; + + rv = iasecc_pkcs15_new_file(profile, card, SC_PKCS15_TYPE_DATA_OBJECT, indx, &pfile); + LOG_TEST_RET(ctx, rv, "iasecc_store_opaqueDO() pkcs15 new DATA file error"); + + fpath = pfile->path; + + for (ii=0; iidata; + int file_id = info->path.value[info->path.len - 2] * 0x100 + info->path.value[info->path.len - 1]; + + sc_log(ctx, "iasecc_store_opaqueDO() %i: file_id 0x%X, pfile->id 0x%X\n", ii, file_id, pfile->id); + if (pfile->id == file_id) + break; + } + + if (ii == nn_objs) + break; + + if (pfile) + sc_file_free(pfile); + pfile = NULL; + } + + if (indx == 0x40) + LOG_TEST_RET(ctx, SC_ERROR_TOO_MANY_OBJECTS, "iasecc_store_opaqueDO() too many DATA objects."); + + do { + const struct sc_acl_entry *acl; + + memset(object->access_rules, 0, sizeof(object->access_rules)); + + object->access_rules[0].access_mode = SC_PKCS15_ACCESS_RULE_MODE_READ; + acl = sc_file_get_acl_entry(pfile, SC_AC_OP_READ); + sc_log(ctx, "iasecc_store_opaqueDO() READ method %i", acl->method); + if (acl->method == SC_AC_IDA) + iasecc_reference_to_pkcs15_id (acl->key_ref, &object->access_rules[0].auth_id); + + object->access_rules[1].access_mode = SC_PKCS15_ACCESS_RULE_MODE_UPDATE; + acl = sc_file_get_acl_entry(pfile, SC_AC_OP_UPDATE); + sc_log(ctx, "iasecc_store_opaqueDO() UPDATE method %i", acl->method); + if (acl->method == SC_AC_IDA) + iasecc_reference_to_pkcs15_id (acl->key_ref, &object->access_rules[1].auth_id); + + } while(0); + + rv = iasecc_file_convert_acls(ctx, profile, pfile); + LOG_TEST_RET(ctx, rv, "iasecc_store_opaqueDO() cannot convert profile ACLs"); + + sc_log(ctx, "sc_pkcs15init_store_opaqueDO() indx %i; pfile->parent.len %i\n", indx, pfile->parent_path.len); + sc_log(ctx, "sc_pkcs15init_store_opaqueDO() profile parent path '%s'\n", sc_print_path(&pfile->parent_path)); + + rv = sc_select_file(card, &pfile->parent_path, &parent); + LOG_TEST_RET(ctx, rv, "iasecc_store_opaqueDO() cannot select DATA's parent"); + sc_log(ctx, "iasecc_store_opaqueDO() parent path '%s'\n", sc_print_path(&parent->path)); + + sc_ctx_suppress_errors_on(ctx); + rv = sc_select_file(card, &pfile->path, &cfile); + sc_ctx_suppress_errors_off(ctx); + if (!rv) { + rv = sc_pkcs15init_authenticate(profile, p15card, cfile, SC_AC_OP_DELETE); + LOG_TEST_RET(ctx, rv, "iasecc_store_opaqueDO() DELETE authentication failed"); + + rv = iasecc_pkcs15_delete_file(p15card, profile, cfile); + LOG_TEST_RET(ctx, rv, "s_pkcs15init_store_opaqueDO() delete pkcs15 file error"); + } + else if (rv != SC_ERROR_FILE_NOT_FOUND) { + LOG_TEST_RET(ctx, rv, "iasecc_store_opaqueDO() select file error"); + } + + rv = sc_pkcs15init_authenticate(profile, p15card, parent, SC_AC_OP_CREATE); + LOG_TEST_RET(ctx, rv, "iasecc_store_opaqueDO() parent CREATE authentication failed"); + + pfile->size = data->len; + rv = sc_create_file(card, pfile); + LOG_TEST_RET(ctx, rv, "iasecc_store_opaqueDO() cannot create DATA file"); + + rv = sc_pkcs15init_authenticate(profile, p15card, pfile, SC_AC_OP_UPDATE); + LOG_TEST_RET(ctx, rv, "iasecc_store_opaqueDO() data file UPDATE authentication failed"); + + rv = sc_update_binary(card, 0, data->value, data->len, 0); + LOG_TEST_RET(ctx, rv, "iasecc_store_opaqueDO() update DATA file failed"); + + if (path) + *path = pfile->path; + + if (parent) + sc_file_free(parent); + + if (pfile) + sc_file_free(pfile); + + if (cfile) + sc_file_free(cfile); + + LOG_FUNC_RETURN(ctx, rv); +} +*/ + + +static int +iasecc_emu_store_data(struct sc_pkcs15_card *p15card, struct sc_profile *profile, + struct sc_pkcs15_object *object, + struct sc_pkcs15_der *data, struct sc_path *path) + +{ + struct sc_context *ctx = p15card->card->ctx; + int rv = SC_ERROR_NOT_IMPLEMENTED; + + LOG_FUNC_CALLED(ctx); + + switch (object->type & SC_PKCS15_TYPE_CLASS_MASK) { + case SC_PKCS15_TYPE_PUBKEY: + rv = iasecc_store_pubkey(p15card, profile, object, data, path); + break; + case SC_PKCS15_TYPE_CERT: + rv = iasecc_store_cert(p15card, profile, object, data, path); + break; +/* + case SC_PKCS15_TYPE_DATA_OBJECT: + rv = iasecc_store_opaqueDO(p15card, profile, object, id, data, path); + break; +*/ + } + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +iasecc_emu_update_tokeninfo(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct sc_pkcs15_tokeninfo *tinfo) +{ + LOG_FUNC_RETURN(p15card->card->ctx, SC_SUCCESS); +} + + +static struct sc_pkcs15init_operations +sc_pkcs15init_iasecc_operations = { + iasecc_pkcs15_erase_card, + NULL, /* init_card */ + NULL, /* create_dir */ + NULL, /* create_domain */ + NULL, /* select_pin_reference */ + NULL, /* create_pin */ + iasecc_pkcs15_select_key_reference, + iasecc_pkcs15_create_key, + iasecc_pkcs15_store_key, + iasecc_pkcs15_generate_key, + NULL, /* encode private key */ + NULL, /* encode public key */ + NULL, /* finalize_card */ + iasecc_pkcs15_delete_object, + + /* pkcs15init emulation */ + NULL, + NULL, + iasecc_emu_update_tokeninfo, + NULL, + iasecc_emu_store_data, + + NULL, /* sanity_check */ +/* + iasecc_pkcs15init_select_id, + iasecc_pkcs15init_set_pin, + iasecc_pkcs15init_erase_application +*/ +}; + + +struct sc_pkcs15init_operations * +sc_pkcs15init_get_iasecc_ops(void) +{ + return &sc_pkcs15init_iasecc_operations; +} + +#endif /* ENABLE_OPENSSL */ diff -Nru opensc-0.11.13/src/pkcs15init/pkcs15-incrypto34.c opensc-0.12.1/src/pkcs15init/pkcs15-incrypto34.c --- opensc-0.11.13/src/pkcs15init/pkcs15-incrypto34.c 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/pkcs15-incrypto34.c 2011-05-17 17:07:00.000000000 +0000 @@ -19,17 +19,17 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #include #include #include #include -#include -#include -#include + +#include "libopensc/opensc.h" +#include "libopensc/cardctl.h" +#include "libopensc/log.h" #include "pkcs15-init.h" #include "profile.h" @@ -60,7 +60,7 @@ const u8 *pin, size_t pin_len); static int incrypto34_create_sec_env(sc_profile_t *, sc_card_t *, unsigned int, unsigned int); -static int incrypto34_put_key(struct sc_profile *, struct sc_card *, +static int incrypto34_put_key(struct sc_profile *, struct sc_pkcs15_card *, int, sc_pkcs15_prkey_info_t *, struct sc_pkcs15_prkey_rsa *); static int incrypto34_key_algorithm(unsigned int, int *); @@ -121,46 +121,46 @@ * it's close enough to be useful. */ static int -incrypto34_erase(struct sc_profile *profile, sc_card_t *card) +incrypto34_erase(struct sc_profile *profile, sc_pkcs15_card_t *p15card) { int r; struct sc_file *file; struct sc_path path; memset(&file, 0, sizeof(file)); sc_format_path("3F00", &path); - if ((r = sc_select_file(card, &path, &file)) < 0) + if ((r = sc_select_file(p15card->card, &path, &file)) < 0) return r; - if ((r = sc_pkcs15init_authenticate(profile, card, file, SC_AC_OP_DELETE)) < 0) - return sc_pkcs15init_erase_card_recursively(card, profile, -1); + if (sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_DELETE) < 0) + return sc_pkcs15init_erase_card_recursively(p15card, profile); else - return sc_card_ctl(card, SC_CARDCTL_INCRYPTO34_ERASE_FILES, NULL); + return sc_card_ctl(p15card->card, SC_CARDCTL_INCRYPTO34_ERASE_FILES, NULL); } /* * Create the Application DF */ static int -incrypto34_create_dir(sc_profile_t *profile, sc_card_t *card, sc_file_t *df) +incrypto34_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df) { int r; struct sc_file *file; struct sc_path path; memset(&file, 0, sizeof(file)); sc_format_path("3F00", &path); - if ((r = sc_select_file(card, &path, &file)) < 0) + if ((r = sc_select_file(p15card->card, &path, &file)) < 0) return r; - if ((r = sc_pkcs15init_authenticate(profile, card, file, SC_AC_OP_CREATE)) < 0) + if ((r = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_CREATE)) < 0) return r; /* Create the application DF */ - if ((r = sc_pkcs15init_create_file(profile, card, df)) < 0) + if ((r = sc_pkcs15init_create_file(profile, p15card, df)) < 0) return r; - if ((r = sc_select_file(card, &df->path, NULL)) < 0) + if ((r = sc_select_file(p15card->card, &df->path, NULL)) < 0) return r; /* Create a security environment for this DF. */ - if ((r = incrypto34_create_sec_env(profile, card, 0x01, 0x00)) < 0) + if ((r = incrypto34_create_sec_env(profile, p15card->card, 0x01, 0x00)) < 0) return r; return 0; @@ -171,7 +171,7 @@ * See if it's good, and if it isn't, propose something better */ static int -incrypto34_select_pin_reference(sc_profile_t *profile, sc_card_t *card, +incrypto34_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_pin_info_t *pin_info) { int preferred, current; @@ -200,8 +200,8 @@ * Store a PIN */ static int -incrypto34_create_pin(sc_profile_t *profile, sc_card_t *card, sc_file_t *df, - sc_pkcs15_object_t *pin_obj, +incrypto34_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card, + sc_file_t *df, sc_pkcs15_object_t *pin_obj, const u8 *pin, size_t pin_len, const u8 *puk, size_t puk_len) { @@ -212,7 +212,7 @@ if (!pin || !pin_len) return SC_ERROR_INVALID_ARGUMENTS; - r = sc_select_file(card, &df->path, NULL); + r = sc_select_file(p15card->card, &df->path, NULL); if (r < 0) return r; @@ -222,13 +222,13 @@ sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PUK, &puk_info); puk_info.reference = puk_id = pin_info->reference + 1; - r = incrypto34_store_pin(profile, card, + r = incrypto34_store_pin(profile, p15card->card, &puk_info, INCRYPTO34_AC_NEVER, puk, puk_len); } if (r >= 0) { - r = incrypto34_store_pin(profile, card, + r = incrypto34_store_pin(profile, p15card->card, pin_info, puk_id, pin, pin_len); } @@ -240,17 +240,13 @@ * Select a key reference */ static int -incrypto34_select_key_reference(sc_profile_t *profile, sc_card_t *card, +incrypto34_select_key_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_prkey_info_t *key_info) { - struct sc_file *df = profile->df_info->file; - if (key_info->key_reference < INCRYPTO34_KEY_ID_MIN) key_info->key_reference = INCRYPTO34_KEY_ID_MIN; if (key_info->key_reference > INCRYPTO34_KEY_ID_MAX) return SC_ERROR_TOO_MANY_OBJECTS; - - key_info->path = df->path; return 0; } @@ -259,7 +255,7 @@ * This is a no-op. */ static int -incrypto34_create_key(sc_profile_t *profile, sc_card_t *card, +incrypto34_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_object_t *obj) { return 0; @@ -269,25 +265,26 @@ * Store a private key object. */ static int -incrypto34_store_key(sc_profile_t *profile, sc_card_t *card, +incrypto34_store_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_object_t *obj, sc_pkcs15_prkey_t *key) { sc_pkcs15_prkey_info_t *key_info = (sc_pkcs15_prkey_info_t *) obj->data; + sc_card_t *card = p15card->card; int algorithm, r; if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) { - sc_error(card->ctx, "Incrypto34 supports RSA keys only."); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Incrypto34 supports RSA keys only."); return SC_ERROR_NOT_SUPPORTED; } if (incrypto34_key_algorithm(key_info->usage, &algorithm) < 0) { - sc_error(card->ctx, "Incrypto34 does not support keys " + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Incrypto34 does not support keys " "that can both sign _and_ decrypt."); return SC_ERROR_NOT_SUPPORTED; } - r = incrypto34_put_key(profile, card, algorithm, key_info, &key->u.rsa); + r = incrypto34_put_key(profile, p15card, algorithm, key_info, &key->u.rsa); return r; } @@ -296,11 +293,12 @@ * Key generation */ static int -incrypto34_generate_key(sc_profile_t *profile, sc_card_t *card, +incrypto34_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_object_t *obj, sc_pkcs15_pubkey_t *pubkey) { sc_pkcs15_prkey_info_t *key_info = (sc_pkcs15_prkey_info_t *) obj->data; + sc_card_t *card = p15card->card; struct sc_pkcs15_prkey_rsa key_obj; struct sc_cardctl_incrypto34_genkey_info args; struct sc_file *temp; @@ -309,31 +307,31 @@ int algorithm, r, delete_it = 0; if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) { - sc_error(card->ctx, "Incrypto34 supports only RSA keys."); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Incrypto34 supports only RSA keys."); return SC_ERROR_NOT_SUPPORTED; } if (incrypto34_key_algorithm(key_info->usage, &algorithm) < 0) { - sc_error(card->ctx, "Incrypto34 does not support keys " + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Incrypto34 does not support keys " "that can both sign _and_ decrypt."); return SC_ERROR_NOT_SUPPORTED; } keybits = key_info->modulus_length & ~7UL; if (keybits > RSAKEY_MAX_BITS) { - sc_error(card->ctx, "Unable to generate key, max size is %d", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unable to generate key, max size is %d", RSAKEY_MAX_BITS); return SC_ERROR_INVALID_ARGUMENTS; } if (sc_profile_get_file(profile, "tempfile", &temp) < 0) { - sc_error(card->ctx, "Profile doesn't define temporary file " + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Profile doesn't define temporary file " "for key generation."); return SC_ERROR_NOT_SUPPORTED; } memset(pubkey, 0, sizeof(*pubkey)); - if ((r = sc_pkcs15init_create_file(profile, card, temp)) < 0) + if ((r = sc_pkcs15init_create_file(profile, p15card, temp)) < 0) goto out; delete_it = 1; @@ -344,7 +342,7 @@ key_obj.modulus.len = keybits >> 3; key_obj.d.data = abignum; key_obj.d.len = keybits >> 3; - r = incrypto34_put_key(profile, card, algorithm, key_info, &key_obj); + r = incrypto34_put_key(profile, p15card, algorithm, key_info, &key_obj); if (r < 0) goto out; @@ -368,7 +366,7 @@ pubkey->algorithm = SC_ALGORITHM_RSA; out: if (delete_it) { - sc_pkcs15init_rmdir(card, profile, temp); + sc_pkcs15init_rmdir(p15card, profile, temp); } sc_file_free(temp); if (r < 0) { @@ -606,31 +604,32 @@ } static int -incrypto34_put_key(sc_profile_t *profile, sc_card_t *card, +incrypto34_put_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card, int algorithm, sc_pkcs15_prkey_info_t *key_info, struct sc_pkcs15_prkey_rsa *key) { int r, key_id, pin_id; key_id = key_info->key_reference; - pin_id = sc_keycache_find_named_pin(&key_info->path, SC_PKCS15INIT_USER_PIN); + pin_id = sc_pkcs15init_get_pin_reference(p15card, profile, + SC_AC_SYMBOLIC, SC_PKCS15INIT_USER_PIN); if (pin_id < 0) pin_id = 0; - r = incrypto34_store_key_component(card, algorithm, key_id, pin_id, 0, + r = incrypto34_store_key_component(p15card->card, algorithm, key_id, pin_id, 0, key->modulus.data, key->modulus.len, 0); if (r >= 0) { - r = incrypto34_store_key_component(card, algorithm, key_id, pin_id, 1, + r = incrypto34_store_key_component(p15card->card, algorithm, key_id, pin_id, 1, key->d.data, key->d.len, 1); } if (SC_ERROR_FILE_ALREADY_EXISTS == r || r >=0) { - r = incrypto34_change_key_data(card, 0x80|key_id, 0x20, key->modulus.data, key->modulus.len); + r = incrypto34_change_key_data(p15card->card, 0x80|key_id, 0x20, key->modulus.data, key->modulus.len); if (r < 0) return r; - r = incrypto34_change_key_data(card, 0x80|key_id, 0x21, key->d.data, key->d.len); + r = incrypto34_change_key_data(p15card->card, 0x80|key_id, 0x21, key->d.data, key->d.len); } return r; @@ -655,12 +654,12 @@ || buf[2] != count + 1 || buf[3] != 0) return SC_ERROR_INTERNAL; bn->len = count; - bn->data = (u8 *) malloc(count); + bn->data = malloc(count); memcpy(bn->data, buf + 4, count); return 0; } -static int incrypto34_init_card(sc_profile_t *profile, sc_card_t *card) +static int incrypto34_init_card(sc_profile_t *profile, sc_pkcs15_card_t *p15card) { return 0; } @@ -680,8 +679,9 @@ incrypto34_generate_key, NULL, NULL, /* encode private/public key */ NULL, /* finalize_card */ - NULL, NULL, NULL, NULL, NULL, /* old style api */ - NULL /* delete_object */ + NULL, /* delete_object */ + NULL, NULL, NULL, NULL, NULL, /* pkcs15init emulation */ + NULL /* sanity_check */ }; struct sc_pkcs15init_operations * sc_pkcs15init_get_incrypto34_ops(void) diff -Nru opensc-0.11.13/src/pkcs15init/pkcs15init.exports opensc-0.12.1/src/pkcs15init/pkcs15init.exports --- opensc-0.11.13/src/pkcs15init/pkcs15init.exports 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/pkcs15init.exports 1970-01-01 00:00:00.000000000 +0000 @@ -1,58 +0,0 @@ -sc_keycache_find_named_pin -sc_keycache_forget_key -sc_keycache_get_key -sc_keycache_get_pin -sc_keycache_get_pin_name -sc_keycache_put_key -sc_keycache_put_pin -sc_keycache_set_pin_name -sc_pkcs15init_add_app -sc_pkcs15init_authenticate -sc_pkcs15init_bind -sc_pkcs15init_change_attrib -sc_pkcs15init_create_file -sc_pkcs15init_delete_by_path -sc_pkcs15init_delete_object -sc_pkcs15init_erase_card -sc_pkcs15init_erase_card_recursively -sc_pkcs15init_finalize_card -sc_pkcs15init_fixup_acls -sc_pkcs15init_fixup_file -sc_pkcs15init_generate_key -sc_pkcs15init_get_asepcos_ops -sc_pkcs15init_get_cardos_ops -sc_pkcs15init_get_cryptoflex_ops -sc_pkcs15init_get_cyberflex_ops -sc_pkcs15init_get_gpk_ops -sc_pkcs15init_get_incrypto34_ops -sc_pkcs15init_get_jcop_ops -sc_pkcs15init_get_label -sc_pkcs15init_get_manufacturer -sc_pkcs15init_get_miocos_ops -sc_pkcs15init_get_muscle_ops -sc_pkcs15init_get_oberthur_ops -sc_pkcs15init_get_pin_info -sc_pkcs15init_get_rutoken_ops -sc_pkcs15init_get_rtecp_ops -sc_pkcs15init_get_serial -sc_pkcs15init_get_setcos_ops -sc_pkcs15init_get_starcos_ops -sc_pkcs15init_requires_restrictive_usage -sc_pkcs15init_rmdir -sc_pkcs15init_set_callbacks -sc_pkcs15init_set_lifecycle -sc_pkcs15init_set_p15card -sc_pkcs15init_set_pin_data -sc_pkcs15init_set_secret -sc_pkcs15init_set_serial -sc_pkcs15init_store_certificate -sc_pkcs15init_store_data_object -sc_pkcs15init_store_pin -sc_pkcs15init_store_private_key -sc_pkcs15init_store_public_key -sc_pkcs15init_store_split_key -sc_pkcs15init_unbind -sc_pkcs15init_update_any_df -sc_pkcs15init_update_certificate -sc_pkcs15init_update_file -sc_pkcs15init_verify_key diff -Nru opensc-0.11.13/src/pkcs15init/pkcs15-init.h opensc-0.12.1/src/pkcs15init/pkcs15-init.h --- opensc-0.11.13/src/pkcs15init/pkcs15-init.h 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/pkcs15-init.h 2011-05-17 17:07:00.000000000 +0000 @@ -11,7 +11,7 @@ extern "C" { #endif -#include +#include "libopensc/pkcs15.h" #define SC_PKCS15INIT_X509_DIGITAL_SIGNATURE 0x0080UL #define SC_PKCS15INIT_X509_NON_REPUDIATION 0x0040UL @@ -27,7 +27,7 @@ /* * Erase everything that's on the card */ - int (*erase_card)(struct sc_profile *, struct sc_card *); + int (*erase_card)(struct sc_profile *, struct sc_pkcs15_card *); /* * New style API @@ -38,26 +38,26 @@ * Currently used by the cflex driver to read the card's * serial number and use it as the pkcs15 serial number. */ - int (*init_card)(sc_profile_t *, sc_card_t *); + int (*init_card)(struct sc_profile *, struct sc_pkcs15_card *); /* * Create a DF */ - int (*create_dir)(sc_profile_t *, sc_card_t *, sc_file_t *); + int (*create_dir)(struct sc_profile *, struct sc_pkcs15_card *, struct sc_file *); /* * Create a "pin domain". This is for cards such as * the cryptoflex that need to put their pins into * separate directories */ - int (*create_domain)(sc_profile_t *, sc_card_t *, - const sc_pkcs15_id_t *, sc_file_t **); + int (*create_domain)(struct sc_profile *, struct sc_pkcs15_card *, + const struct sc_pkcs15_id *, struct sc_file **); /* * Select a PIN reference */ - int (*select_pin_reference)(sc_profile_t *, sc_card_t *, - sc_pkcs15_pin_info_t *); + int (*select_pin_reference)(struct sc_profile *, struct sc_pkcs15_card *, + struct sc_pkcs15_pin_info *); /* * Create a PIN object within the given DF. @@ -66,16 +66,16 @@ * The card driver can reject the pin reference; in this case * the caller needs to adjust it. */ - int (*create_pin)(sc_profile_t *, sc_card_t *, sc_file_t *, - sc_pkcs15_object_t *, - const u8 *pin, size_t pin_len, - const u8 *puk, size_t puk_len); + int (*create_pin)(struct sc_profile *, struct sc_pkcs15_card *, struct sc_file *, + struct sc_pkcs15_object *, + const unsigned char *, size_t, + const unsigned char *, size_t); /* * Select a reference for a private key object */ - int (*select_key_reference)(sc_profile_t *, sc_card_t *, - sc_pkcs15_prkey_info_t *); + int (*select_key_reference)(struct sc_profile *, struct sc_pkcs15_card *, + struct sc_pkcs15_prkey_info *); /* * Create an empty key object. @@ -85,33 +85,33 @@ * unprotected. * @key_info should be filled in by the function */ - int (*create_key)(sc_profile_t *, sc_card_t *, - sc_pkcs15_object_t *o); + int (*create_key)(struct sc_profile *, struct sc_pkcs15_card *, + struct sc_pkcs15_object *); /* * Store a key on the card */ - int (*store_key)(sc_profile_t *, sc_card_t *, - sc_pkcs15_object_t *, - sc_pkcs15_prkey_t *); + int (*store_key)(struct sc_profile *, struct sc_pkcs15_card *, + struct sc_pkcs15_object *, + struct sc_pkcs15_prkey *); /* * Generate key */ - int (*generate_key)(sc_profile_t *, sc_card_t *, - sc_pkcs15_object_t *, - sc_pkcs15_pubkey_t *); + int (*generate_key)(struct sc_profile *, struct sc_pkcs15_card *, + struct sc_pkcs15_object *, + struct sc_pkcs15_pubkey *); /* * Encode private/public key * These are used mostly by the Cryptoflex/Cyberflex drivers. */ - int (*encode_private_key)(sc_profile_t *, sc_card_t *, + int (*encode_private_key)(struct sc_profile *, struct sc_card *, struct sc_pkcs15_prkey_rsa *, - u8 *buf, size_t *bufsize, int key_ref); - int (*encode_public_key)(sc_profile_t *, sc_card_t *, + unsigned char *, size_t *, int); + int (*encode_public_key)(struct sc_profile *, struct sc_card *, struct sc_pkcs15_prkey_rsa *, - u8 *buf, size_t *bufsize, int key_ref); + unsigned char *, size_t *, int); /* * Finalize card @@ -119,62 +119,36 @@ * (actually this command is currently only for starcos spk 2.3 * cards). */ - int (*finalize_card)(sc_card_t *); + int (*finalize_card)(struct sc_card *); /* - * Old-style API - */ - - /* - * Initialize application, and optionally set a SO pin - */ - int (*init_app)(struct sc_profile *, struct sc_card *, - struct sc_pkcs15_pin_info *, - const u8 *pin, size_t pin_len, - const u8 *puk, size_t puk_len); - - /* - * Store a new PIN - * On some cards (such as the CryptoFlex) this will create - * a new subdirectory of the AppDF. - * Index is the number of the PIN in the AODF (this should - * help the card driver to pick the right file ID/directory ID/ - * pin file index. - */ - int (*new_pin)(struct sc_profile *, struct sc_card *, - struct sc_pkcs15_pin_info *, unsigned int idx, - const u8 *pin, size_t pin_len, - const u8 *puk, size_t puk_len); - - /* - * Store a key on the card - */ - int (*new_key)(struct sc_profile *, struct sc_card *, - struct sc_pkcs15_prkey *key, unsigned int idx, - struct sc_pkcs15_prkey_info *); - - /* - * Create a file based on a PKCS15_TYPE_xxx + * Delete object */ - int (*new_file)(struct sc_profile *, struct sc_card *, - unsigned int, unsigned int, struct sc_file **out); + int (*delete_object)(struct sc_profile *, struct sc_pkcs15_card *, + struct sc_pkcs15_object *, const struct sc_path *); /* - * Generate a new key pair + * Support of pkcs15init emulation */ - int (*old_generate_key)(struct sc_profile *, struct sc_card *, - unsigned int idx, unsigned int keybits, - sc_pkcs15_pubkey_t *pubkey_res, - struct sc_pkcs15_prkey_info *); + int (*emu_update_dir) (struct sc_profile *, struct sc_pkcs15_card *, + struct sc_app_info *); + int (*emu_update_any_df) (struct sc_profile *, struct sc_pkcs15_card *, + unsigned, struct sc_pkcs15_object *); + int (*emu_update_tokeninfo) (struct sc_profile *, struct sc_pkcs15_card *, + struct sc_pkcs15_tokeninfo *); + int (*emu_write_info)(struct sc_profile *, struct sc_pkcs15_card *, + struct sc_pkcs15_object *); + int (*emu_store_data)(struct sc_pkcs15_card *, struct sc_profile *, struct sc_pkcs15_object *, + struct sc_pkcs15_der *, struct sc_path *); - /* - * Delete object - */ - int (*delete_object)(struct sc_profile *, struct sc_card *, - unsigned int type, const void *data, const sc_path_t *path); + int (*sanity_check)(struct sc_profile *, struct sc_pkcs15_card *); }; /* Do not change these or reorder these */ +#define SC_PKCS15INIT_ID_STYLE_NATIVE 0 +#define SC_PKCS15INIT_ID_STYLE_MOZILLA 1 +#define SC_PKCS15INIT_ID_STYLE_RFC2459 2 + #define SC_PKCS15INIT_SO_PIN 0 #define SC_PKCS15INIT_SO_PUK 1 #define SC_PKCS15INIT_USER_PIN 2 @@ -186,24 +160,21 @@ * Get a PIN from the front-end. The first argument is * one of the SC_PKCS15INIT_XXX_PIN/PUK macros. */ - int (*get_pin)(struct sc_profile *, int, - const struct sc_pkcs15_pin_info *, - const char *label, - u8 *, size_t *); + int (*get_pin)(struct sc_profile *, int, const struct sc_pkcs15_pin_info *, + const char *, unsigned char *, size_t *); /* * Get a transport/secure messaging key from the front-end. */ - int (*get_key)(struct sc_profile *, - int method, int reference, - const u8 *def_key, size_t def_size, - u8 *key_buf, size_t *key_size); + int (*get_key)(struct sc_profile *, int, int, + const unsigned char *, size_t, + unsigned char *, size_t *); }; struct sc_pkcs15init_initargs { - const u8 * so_pin; + const unsigned char * so_pin; size_t so_pin_len; - const u8 * so_puk; + const unsigned char * so_puk; size_t so_puk_len; const char * so_pin_label; const char * label; @@ -213,9 +184,12 @@ struct sc_pkcs15init_pinargs { struct sc_pkcs15_id auth_id; const char * label; - const u8 * pin; + const unsigned char * pin; size_t pin_len; - const u8 * puk; + + struct sc_pkcs15_id puk_id; + const char * puk_label; + const unsigned char * puk; size_t puk_len; }; @@ -230,9 +204,14 @@ unsigned long usage; unsigned long x509_usage; unsigned int flags; - struct sc_pkcs15init_keyarg_gost_params gost_params; + unsigned int access_flags; + + union { + struct sc_pkcs15init_keyarg_gost_params gost; + struct sc_pkcs15_ec_parameters ec; + } params; - sc_pkcs15_prkey_t key; + struct sc_pkcs15_prkey key; /* support for non-native keys */ char * passphrase; @@ -243,9 +222,7 @@ const char * pubkey_label; }; -#define SC_PKCS15INIT_EXTRACTABLE 0x0001 #define SC_PKCS15INIT_NO_PASSPHRASE 0x0002 -#define SC_PKCS15INIT_SPLIT_KEY 0x0004 struct sc_pkcs15init_pubkeyargs { struct sc_pkcs15_id id; @@ -253,9 +230,13 @@ const char * label; unsigned long usage; unsigned long x509_usage; - struct sc_pkcs15init_keyarg_gost_params gost_params; - sc_pkcs15_pubkey_t key; + union { + struct sc_pkcs15init_keyarg_gost_params gost; + struct sc_pkcs15_ec_parameters ec; + } params; + + struct sc_pkcs15_pubkey key; }; struct sc_pkcs15init_dataargs { @@ -265,7 +246,7 @@ const char * app_label; struct sc_object_id app_oid; - sc_pkcs15_der_t der_encoded; /* Wrong name: is not DER encoded */ + struct sc_pkcs15_der der_encoded; /* Wrong name: is not DER encoded */ }; struct sc_pkcs15init_certargs { @@ -274,23 +255,26 @@ unsigned long x509_usage; unsigned char authority; - sc_pkcs15_der_t der_encoded; + struct sc_pkcs15_der der_encoded; }; #define P15_ATTR_TYPE_LABEL 0 #define P15_ATTR_TYPE_ID 1 + +extern struct sc_pkcs15_object *sc_pkcs15init_new_object(int, const char *, + struct sc_pkcs15_id *, void *); extern void sc_pkcs15init_set_callbacks(struct sc_pkcs15init_callbacks *); extern int sc_pkcs15init_bind(struct sc_card *, const char *, const char *, struct sc_profile **); extern void sc_pkcs15init_unbind(struct sc_profile *); -extern void sc_pkcs15init_set_p15card(sc_profile_t *, - sc_pkcs15_card_t *); -extern int sc_pkcs15init_set_lifecycle(sc_card_t *card, int lcycle); -extern int sc_pkcs15init_erase_card(struct sc_card *, - struct sc_profile *); +extern void sc_pkcs15init_set_p15card(struct sc_profile *, + struct sc_pkcs15_card *); +extern int sc_pkcs15init_set_lifecycle(struct sc_card *, int); +extern int sc_pkcs15init_erase_card(struct sc_pkcs15_card *, + struct sc_profile *, struct sc_aid *); /* XXX could this function be merged with ..._set_lifecycle ?? */ -extern int sc_pkcs15init_finalize_card(sc_card_t *, +extern int sc_pkcs15init_finalize_card(struct sc_card *, struct sc_profile *); extern int sc_pkcs15init_add_app(struct sc_card *, struct sc_profile *, @@ -330,61 +314,57 @@ * If P15_ATTR_TYPE_LABEL, then *new_value is a struct sc_pkcs15_id; * If P15_ATTR_TYPE_ID, then *new_value is a char array. */ -extern int sc_pkcs15init_change_attrib(struct sc_pkcs15_card *p15card, - struct sc_profile *profile, - struct sc_pkcs15_object *object, - int new_attrib_type, - void *new_value, - int new_len); -extern int sc_pkcs15init_delete_object(sc_pkcs15_card_t *p15card, - sc_profile_t *profile, - sc_pkcs15_object_t *obj); +extern int sc_pkcs15init_change_attrib(struct sc_pkcs15_card *, + struct sc_profile *, + struct sc_pkcs15_object *, + int, + void *, + int); +extern int sc_pkcs15init_add_object(struct sc_pkcs15_card *, + struct sc_profile *profile, + unsigned int, + struct sc_pkcs15_object *); +extern int sc_pkcs15init_delete_object(struct sc_pkcs15_card *, + struct sc_profile *, + struct sc_pkcs15_object *); /* Replace an existing cert with a new one, which is assumed to be * compatible with the correcsponding private key (e.g. the old and * new cert should have the same public key). */ -extern int sc_pkcs15init_update_certificate(sc_pkcs15_card_t *p15card, - sc_profile_t *profile, - sc_pkcs15_object_t *obj, - const unsigned char *rawcert, - size_t certlen); +extern int sc_pkcs15init_update_certificate(struct sc_pkcs15_card *, + struct sc_profile *, + struct sc_pkcs15_object *, + const unsigned char *, + size_t); extern int sc_pkcs15init_create_file(struct sc_profile *, - struct sc_card *, struct sc_file *); + struct sc_pkcs15_card *, struct sc_file *); extern int sc_pkcs15init_update_file(struct sc_profile *, - struct sc_card *, struct sc_file *, void *, unsigned int); -extern int sc_pkcs15init_authenticate(struct sc_profile *, - struct sc_card *, struct sc_file *, int); -extern int sc_pkcs15init_fixup_file(struct sc_profile *, struct sc_file *); -extern int sc_pkcs15init_fixup_acls(struct sc_profile *, - struct sc_file *, - struct sc_acl_entry *, - struct sc_acl_entry *); -extern int sc_pkcs15init_get_pin_info(struct sc_profile *, unsigned int, - struct sc_pkcs15_pin_info *); -extern int sc_profile_get_pin_retries(sc_profile_t *, unsigned int); + struct sc_pkcs15_card *, struct sc_file *, void *, unsigned int); +extern int sc_pkcs15init_authenticate(struct sc_profile *, struct sc_pkcs15_card *, + struct sc_file *, int); +extern int sc_pkcs15init_fixup_file(struct sc_profile *, struct sc_pkcs15_card *, + struct sc_file *); +extern int sc_pkcs15init_get_pin_info(struct sc_profile *, int, struct sc_pkcs15_pin_info *); +extern int sc_profile_get_pin_retries(struct sc_profile *, int); extern int sc_pkcs15init_get_manufacturer(struct sc_profile *, const char **); extern int sc_pkcs15init_get_serial(struct sc_profile *, const char **); extern int sc_pkcs15init_set_serial(struct sc_profile *, const char *); extern int sc_pkcs15init_get_label(struct sc_profile *, const char **); -extern void sc_pkcs15init_set_secret(struct sc_profile *, - int, int, u8 *, size_t); -extern int sc_pkcs15init_set_pin_data(struct sc_profile *, int, - const u8 *, size_t); -extern int sc_pkcs15init_verify_key(struct sc_profile *, struct sc_card *, - sc_file_t *, unsigned int, unsigned int); +extern int sc_pkcs15init_verify_secret(struct sc_profile *, struct sc_pkcs15_card *, + sc_file_t *, unsigned int, int); extern int sc_pkcs15init_delete_by_path(struct sc_profile *, - struct sc_card *, const sc_path_t *path); -extern int sc_pkcs15init_update_any_df(sc_pkcs15_card_t *, sc_profile_t *, - sc_pkcs15_df_t *, int); + struct sc_pkcs15_card *, const struct sc_path *); +extern int sc_pkcs15init_update_any_df(struct sc_pkcs15_card *, struct sc_profile *, + struct sc_pkcs15_df *, int); /* Erasing the card structure via rm -rf */ -extern int sc_pkcs15init_erase_card_recursively(struct sc_card *, - struct sc_profile *, int so_ref); -extern int sc_pkcs15init_rmdir(struct sc_card *, struct sc_profile *, - struct sc_file *df); +extern int sc_pkcs15init_erase_card_recursively(struct sc_pkcs15_card *, + struct sc_profile *); +extern int sc_pkcs15init_rmdir(struct sc_pkcs15_card *, struct sc_profile *, + struct sc_file *); /* Helper function for CardOS */ extern int sc_pkcs15init_requires_restrictive_usage( @@ -392,8 +372,16 @@ struct sc_pkcs15init_prkeyargs *, unsigned int); -extern int sc_pkcs15_create_pin_domain(sc_profile_t *, sc_card_t *, - const sc_pkcs15_id_t *, sc_file_t **); +extern int sc_pkcs15_create_pin_domain(struct sc_profile *, struct sc_pkcs15_card *, + const struct sc_pkcs15_id *, struct sc_file **); + +extern int sc_pkcs15init_get_pin_reference(struct sc_pkcs15_card *, + struct sc_profile *, unsigned, int); + +extern int sc_pkcs15init_sanity_check(struct sc_pkcs15_card *, struct sc_profile *); + +extern int sc_pkcs15init_finalize_profile(struct sc_card *card, struct sc_profile *profile, + struct sc_aid *aid); extern struct sc_pkcs15init_operations *sc_pkcs15init_get_gpk_ops(void); extern struct sc_pkcs15init_operations *sc_pkcs15init_get_miocos_ops(void); @@ -412,6 +400,9 @@ extern struct sc_pkcs15init_operations *sc_pkcs15init_get_rtecp_ops(void); extern struct sc_pkcs15init_operations *sc_pkcs15init_get_westcos_ops(void); extern struct sc_pkcs15init_operations *sc_pkcs15init_get_myeid_ops(void); +extern struct sc_pkcs15init_operations *sc_pkcs15init_get_authentic_ops(void); +extern struct sc_pkcs15init_operations *sc_pkcs15init_get_iasecc_ops(void); +extern struct sc_pkcs15init_operations *sc_pkcs15init_get_piv_ops(void); #ifdef __cplusplus } diff -Nru opensc-0.11.13/src/pkcs15init/pkcs15-jcop.c opensc-0.12.1/src/pkcs15init/pkcs15-jcop.c --- opensc-0.11.13/src/pkcs15init/pkcs15-jcop.c 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/pkcs15-jcop.c 2011-05-17 17:07:00.000000000 +0000 @@ -19,32 +19,32 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #include #include #include #include -#include -#include -#include + +#include "libopensc/opensc.h" +#include "libopensc/cardctl.h" +#include "libopensc/log.h" #include "pkcs15-init.h" #include "profile.h" - #define JCOP_MAX_PINS 3 /* * Erase the card */ static int -jcop_erase_card(struct sc_profile *pro, sc_card_t *card) { +jcop_erase_card(struct sc_profile *pro, sc_pkcs15_card_t *p15card) { /* later */ return SC_ERROR_NOT_SUPPORTED; } +#if 0 /* * Create a new DF * This will usually be the application DF @@ -57,11 +57,22 @@ return SC_ERROR_NOT_SUPPORTED; } +#else + +static int +jcop_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *file) +{ + return SC_ERROR_NOT_SUPPORTED; +}; + +#endif + + /* * Select a PIN reference */ static int -jcop_select_pin_reference(sc_profile_t *profile, sc_card_t *card, +jcop_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_pin_info_t *pin_info) { int preferred, current; @@ -87,7 +98,7 @@ * Store a PIN */ static int -jcop_create_pin(sc_profile_t *profile, sc_card_t *card, sc_file_t *df, +jcop_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df, sc_pkcs15_object_t *pin_obj, const unsigned char *pin, size_t pin_len, const unsigned char *puk, size_t puk_len) @@ -95,23 +106,20 @@ sc_pkcs15_pin_info_t *pin_info = (sc_pkcs15_pin_info_t *) pin_obj->data; unsigned char nulpin[16]; unsigned char padpin[16]; - int r, type; + int r; if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) { - type = SC_PKCS15INIT_SO_PIN; - /* SO PIN reference must be 0 */ if (pin_info->reference != 3) return SC_ERROR_INVALID_ARGUMENTS; } else { - type = SC_PKCS15INIT_USER_PIN; if (pin_info->reference >= 3) return SC_ERROR_TOO_MANY_OBJECTS; } if (puk != NULL && puk_len > 0) { return SC_ERROR_NOT_SUPPORTED; } - r = sc_select_file(card, &df->path, NULL); + r = sc_select_file(p15card->card, &df->path, NULL); if (r < 0) return r; @@ -119,18 +127,13 @@ memset(nulpin, 0, sizeof(nulpin)); memset(padpin, 0, sizeof(padpin)); memcpy(padpin, pin, pin_len); - r = sc_change_reference_data(card, SC_AC_CHV, + r = sc_change_reference_data(p15card->card, SC_AC_CHV, pin_info->reference, nulpin, sizeof(nulpin), padpin, sizeof(padpin), NULL); if (r < 0) return r; - - - sc_keycache_set_pin_name(&df->path, - pin_info->reference, - type); pin_info->flags &= ~SC_PKCS15_PIN_FLAG_LOCAL; return r; } @@ -139,16 +142,15 @@ * Create a new key file */ static int -jcop_create_key(sc_profile_t *profile, sc_card_t *card, sc_pkcs15_object_t *obj -) +jcop_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_object_t *obj) { sc_pkcs15_prkey_info_t *key_info = (sc_pkcs15_prkey_info_t *) obj->data; sc_file_t *keyfile = NULL; - size_t bytes, mod_len, exp_len, prv_len, pub_len; + size_t bytes, mod_len, prv_len; int r; if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) { - sc_error(card->ctx, "JCOP supports only RSA keys."); + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "JCOP supports only RSA keys."); return SC_ERROR_NOT_SUPPORTED; } /* The caller is supposed to have chosen a key file path for us */ @@ -161,17 +163,15 @@ return r; mod_len = key_info->modulus_length / 8; - exp_len = 4; bytes = mod_len / 2; - pub_len = 2 + mod_len + exp_len; prv_len = 2 + 5 * bytes; keyfile->size = prv_len; /* Fix up PIN references in file ACL */ - r = sc_pkcs15init_fixup_file(profile, keyfile); + r = sc_pkcs15init_fixup_file(profile, p15card, keyfile); if (r >= 0) - r = sc_pkcs15init_create_file(profile, card, keyfile); + r = sc_pkcs15init_create_file(profile, p15card, keyfile); if (keyfile) sc_file_free(keyfile); @@ -214,7 +214,7 @@ * Numbers are stored big endian. */ static int -jcop_store_key(sc_profile_t *profile, sc_card_t *card, +jcop_store_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_object_t *obj, sc_pkcs15_prkey_t *key) { @@ -225,7 +225,7 @@ int r; if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) { - sc_error(card->ctx, "JCOP supports only RSA keys."); + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "JCOP supports only RSA keys."); return SC_ERROR_NOT_SUPPORTED; } r = sc_profile_get_file_by_path(profile, &key_info->path, &keyfile); @@ -240,7 +240,7 @@ jcop_bn2bin(&keybuf[2 + 2 * base], &key->u.rsa.dmp1, base); jcop_bn2bin(&keybuf[2 + 3 * base], &key->u.rsa.dmq1, base); jcop_bn2bin(&keybuf[2 + 4 * base], &key->u.rsa.iqmp, base); - r = sc_pkcs15init_update_file(profile, card, keyfile, keybuf, size); + r = sc_pkcs15init_update_file(profile, p15card, keyfile, keybuf, size); sc_file_free(keyfile); return r; @@ -250,18 +250,19 @@ * Generate a keypair */ static int -jcop_generate_key(sc_profile_t *profile, sc_card_t *card, +jcop_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_object_t *obj, - sc_pkcs15_pubkey_t *pubkey) { + sc_pkcs15_pubkey_t *pubkey) +{ sc_pkcs15_prkey_info_t *key_info = (sc_pkcs15_prkey_info_t *) obj->data; struct sc_cardctl_jcop_genkey args; sc_file_t *temppubfile=NULL, *keyfile=NULL; unsigned char *keybuf=NULL; - size_t bytes, mod_len, exp_len, pub_len, keybits; + size_t mod_len, exp_len, pub_len, keybits; int r,delete_ok=0; if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) { - sc_error(card->ctx, "JCOP supports only RSA keys."); + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "JCOP supports only RSA keys."); return SC_ERROR_NOT_SUPPORTED; } @@ -269,29 +270,28 @@ if (r < 0) goto out; - r = sc_select_file(card, &key_info->path, &keyfile); + r = sc_select_file(p15card->card, &key_info->path, &keyfile); if (r < 0) goto out; mod_len = key_info->modulus_length / 8; exp_len = 4; - bytes = mod_len / 2; pub_len = 2 + mod_len + exp_len; temppubfile->size = pub_len; - r = sc_pkcs15init_fixup_file(profile, temppubfile); + r = sc_pkcs15init_fixup_file(profile, p15card, temppubfile); if (r < 0) goto out; - r = sc_pkcs15init_create_file(profile, card, temppubfile); + r = sc_pkcs15init_create_file(profile, p15card, temppubfile); if (r < 0) goto out; delete_ok=1; - r = sc_pkcs15init_authenticate(profile, card, temppubfile, SC_AC_OP_UPDATE); + r = sc_pkcs15init_authenticate(profile, p15card, temppubfile, SC_AC_OP_UPDATE); if (r < 0) goto out; - r = sc_pkcs15init_authenticate(profile, card, keyfile, SC_AC_OP_UPDATE); + r = sc_pkcs15init_authenticate(profile, p15card, keyfile, SC_AC_OP_UPDATE); if (r < 0) goto out; @@ -304,7 +304,7 @@ args.exponent = 0x10001; sc_append_file_id(&args.pub_file_ref, temppubfile->id); sc_append_file_id(&args.pri_file_ref, keyfile->id); - keybuf=(unsigned char *) malloc(keybits / 8); + keybuf = malloc(keybits / 8); if (!keybuf) { r=SC_ERROR_OUT_OF_MEMORY; goto out; @@ -312,7 +312,7 @@ args.pubkey = keybuf; args.pubkey_len = keybits / 8; - r = sc_card_ctl(card, SC_CARDCTL_JCOP_GENERATE_KEY, (void *)&args); + r = sc_card_ctl(p15card->card, SC_CARDCTL_JCOP_GENERATE_KEY, (void *)&args); if (r < 0) goto out; @@ -321,7 +321,7 @@ pubkey->u.rsa.modulus.len = keybits / 8; pubkey->u.rsa.modulus.data = keybuf; pubkey->u.rsa.exponent.len = 3; - pubkey->u.rsa.exponent.data = (u8 *) malloc(3); + pubkey->u.rsa.exponent.data = malloc(3); if (!pubkey->u.rsa.exponent.data) { pubkey->u.rsa.modulus.data = NULL; r=SC_ERROR_OUT_OF_MEMORY; @@ -333,7 +333,7 @@ if (r < 0 && keybuf) free(keybuf); if (delete_ok) - sc_pkcs15init_rmdir(card, profile, temppubfile); + sc_pkcs15init_rmdir(p15card, profile, temppubfile); if (keyfile) sc_file_free(keyfile); if (temppubfile) @@ -346,7 +346,7 @@ static struct sc_pkcs15init_operations sc_pkcs15init_jcop_operations = { jcop_erase_card, NULL, /* init_card */ - NULL, /* create_dir */ + jcop_create_dir, NULL, /* create_domain */ jcop_select_pin_reference, jcop_create_pin, @@ -356,9 +356,9 @@ jcop_generate_key, NULL, NULL, /* encode private/public key */ NULL, /* finalize_card */ - jcop_init_app, /* old */ - NULL, NULL, NULL, NULL, /* rest of old style api */ - NULL /* delete_object */ + NULL, /* delete_object */ + NULL, NULL, NULL, NULL, NULL, /* pkcs15init emulation */ + NULL /* sanity_check */ }; struct sc_pkcs15init_operations *sc_pkcs15init_get_jcop_ops(void) diff -Nru opensc-0.11.13/src/pkcs15init/pkcs15-lib.c opensc-0.12.1/src/pkcs15init/pkcs15-lib.c --- opensc-0.11.13/src/pkcs15init/pkcs15-lib.c 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/pkcs15-lib.c 2011-05-17 17:07:00.000000000 +0000 @@ -29,9 +29,8 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #include #include @@ -55,13 +54,14 @@ #include #include #endif -#include -#include + +#include "common/compat_strlcpy.h" +#include "common/libscdl.h" +#include "libopensc/pkcs15.h" +#include "libopensc/cardctl.h" +#include "libopensc/log.h" #include "profile.h" #include "pkcs15-init.h" -#include -#include -#include #define OPENSC_INFO_FILEPATH "3F0050154946" #define OPENSC_INFO_FILEID 0x4946 @@ -71,79 +71,62 @@ /* Default ID for new key/pin */ #define DEFAULT_ID 0x45 #define DEFAULT_PIN_FLAGS 0x03 -#define DEFAULT_PRKEY_ACCESS_FLAGS 0x1d #define DEFAULT_PRKEY_FLAGS 0x03 #define DEFAULT_PUBKEY_FLAGS 0x02 #define DEFAULT_CERT_FLAGS 0x02 #define DEFAULT_DATA_FLAGS 0x02 +#define TEMPLATE_INSTANTIATE_MIN_INDEX 0x0 +#define TEMPLATE_INSTANTIATE_MAX_INDEX 0xFE + +/* Maximal number of access conditions that can be defined for one card operation. */ +#define SC_MAX_OP_ACS 16 + /* Handle encoding of PKCS15 on the card */ -typedef int (*pkcs15_encoder)(sc_context_t *, +typedef int (*pkcs15_encoder)(struct sc_context *, struct sc_pkcs15_card *, u8 **, size_t *); static int sc_pkcs15init_store_data(struct sc_pkcs15_card *, - struct sc_profile *, sc_pkcs15_object_t *, - sc_pkcs15_id_t *, - sc_pkcs15_der_t *, sc_path_t *); -static size_t sc_pkcs15init_keybits(sc_pkcs15_bignum_t *); + struct sc_profile *, struct sc_pkcs15_object *, + struct sc_pkcs15_der *, struct sc_path *); +static size_t sc_pkcs15init_keybits(struct sc_pkcs15_bignum *); static int sc_pkcs15init_update_dir(struct sc_pkcs15_card *, struct sc_profile *profile, - sc_app_info_t *app); + struct sc_app_info *app); static int sc_pkcs15init_update_tokeninfo(struct sc_pkcs15_card *, struct sc_profile *profile); static int sc_pkcs15init_update_odf(struct sc_pkcs15_card *, struct sc_profile *profile); -static sc_pkcs15_object_t *sc_pkcs15init_new_object(int type, const char *label, - sc_pkcs15_id_t *auth_id, void *data); -static int sc_pkcs15init_add_object(struct sc_pkcs15_card *, - struct sc_profile *profile, - unsigned int df_type, - struct sc_pkcs15_object *); -static int sc_pkcs15init_remove_object(sc_pkcs15_card_t *, - sc_profile_t *, sc_pkcs15_object_t *); static int sc_pkcs15init_map_usage(unsigned long, int); -static int set_so_pin_from_card(struct sc_pkcs15_card *, - struct sc_profile *); -static int set_user_pin_from_authid(struct sc_pkcs15_card *, - struct sc_profile *, struct sc_pkcs15_id *); -static int do_select_parent(struct sc_profile *, sc_card_t *, - sc_file_t *, sc_file_t **); -static int sc_pkcs15init_create_pin(sc_pkcs15_card_t *, sc_profile_t *, - sc_pkcs15_object_t *, struct sc_pkcs15init_pinargs *); -static int check_key_size(sc_card_t *card, unsigned int alg, - unsigned int bits); +static int do_select_parent(struct sc_profile *, struct sc_pkcs15_card *, + struct sc_file *, struct sc_file **); +static int sc_pkcs15init_create_pin(struct sc_pkcs15_card *, struct sc_profile *, + struct sc_pkcs15_object *, struct sc_pkcs15init_pinargs *); +static int check_keygen_params_consistency(struct sc_card *card, struct sc_pkcs15init_keygen_args *args, + unsigned int bits, unsigned int *out_bits); static int check_key_compatibility(struct sc_pkcs15_card *, struct sc_pkcs15_prkey *, unsigned int, unsigned int, unsigned int); -static int prkey_fixup(sc_pkcs15_card_t *, sc_pkcs15_prkey_t *); -static int prkey_bits(sc_pkcs15_card_t *, sc_pkcs15_prkey_t *); -static int prkey_pkcs15_algo(sc_pkcs15_card_t *, sc_pkcs15_prkey_t *); -static int select_id(sc_pkcs15_card_t *, int, sc_pkcs15_id_t *, - int (*)(const sc_pkcs15_object_t *, void *), void *, - sc_pkcs15_object_t **); -static int select_object_path(sc_pkcs15_card_t *, sc_profile_t *, - sc_pkcs15_object_t *, sc_pkcs15_id_t *, sc_path_t *); -static int sc_pkcs15init_get_pin_path(sc_pkcs15_card_t *, - sc_pkcs15_id_t *, sc_path_t *); -static int sc_pkcs15init_qualify_pin(sc_card_t *, const char *, - unsigned int, sc_pkcs15_pin_info_t *); +static int prkey_fixup(struct sc_pkcs15_card *, struct sc_pkcs15_prkey *); +static int prkey_bits(struct sc_pkcs15_card *, struct sc_pkcs15_prkey *); +static int prkey_pkcs15_algo(struct sc_pkcs15_card *, struct sc_pkcs15_prkey *); +static int select_intrinsic_id(struct sc_pkcs15_card *, struct sc_profile *, + int, struct sc_pkcs15_id *, void *); +static int select_id(struct sc_pkcs15_card *, int, struct sc_pkcs15_id *); +static int select_object_path(struct sc_pkcs15_card *, struct sc_profile *, + struct sc_pkcs15_object *, struct sc_path *); +static int sc_pkcs15init_get_pin_path(struct sc_pkcs15_card *, + struct sc_pkcs15_id *, struct sc_path *); +static int sc_pkcs15init_qualify_pin(struct sc_card *, const char *, + unsigned int, struct sc_pkcs15_pin_info *); static struct sc_pkcs15_df * find_df_by_type(struct sc_pkcs15_card *, unsigned int); -static int sc_pkcs15init_read_info(sc_card_t *card, sc_profile_t *); -static int sc_pkcs15init_parse_info(sc_card_t *, const u8 *, size_t, sc_profile_t *); -static int sc_pkcs15init_write_info(sc_card_t *card, sc_profile_t *, - sc_pkcs15_object_t *pin_obj); -#if 0 -static int sc_pkcs15init_read_unusedspace(sc_pkcs15_card_t *); -static int sc_pkcs15init_update_unusedspace(sc_pkcs15_card_t *, sc_profile_t *); -static sc_pkcs15_unusedspace_t *merge_paths(sc_pkcs15_unusedspace_t *, const sc_path_t *); -static int sc_pkcs15init_add_unusedspace(sc_pkcs15_card_t *, - sc_profile_t *, const sc_path_t *, const sc_pkcs15_id_t *); -static int sc_pkcs15init_remove_unusedspace(sc_pkcs15_card_t *, - sc_profile_t *, const sc_path_t *); -#endif - +static int sc_pkcs15init_read_info(struct sc_card *card, struct sc_profile *); +static int sc_pkcs15init_parse_info(struct sc_card *, const unsigned char *, size_t, + struct sc_profile *); +static int sc_pkcs15init_write_info(struct sc_pkcs15_card *, struct sc_profile *, + struct sc_pkcs15_object *); static struct profile_operations { const char *name; @@ -167,14 +150,23 @@ { "rutoken_ecp", (void *) sc_pkcs15init_get_rtecp_ops }, { "westcos", (void *) sc_pkcs15init_get_westcos_ops }, { "myeid", (void *) sc_pkcs15init_get_myeid_ops }, +#ifdef ENABLE_OPENSSL + { "authentic", (void *) sc_pkcs15init_get_authentic_ops }, + { "iasecc", (void *) sc_pkcs15init_get_iasecc_ops }, +#endif { NULL, NULL }, }; + static struct sc_pkcs15init_callbacks callbacks = { NULL, NULL, }; +void sc_pkcs15init_empty_callback(void *ptr) +{ +} + /* * Set the application callbacks */ @@ -185,14 +177,15 @@ callbacks.get_key = cb? cb->get_key : NULL; } + /* * Returns 1 if the a profile was found in the card's card_driver block * in the config file, or 0 otherwise. */ static int -get_profile_from_config(sc_card_t *card, char *buffer, size_t size) +get_profile_from_config(struct sc_card *card, char *buffer, size_t size) { - sc_context_t *ctx = card->ctx; + struct sc_context *ctx = card->ctx; const char *tmp; scconf_block **blocks, *blk; int i; @@ -217,15 +210,15 @@ } -static const char *find_library(sc_context_t *ctx, const char *name) +static const char * +find_library(struct sc_context *ctx, const char *name) { int i; const char *libname = NULL; scconf_block *blk, **blocks; for (i = 0; ctx->conf_blocks[i]; i++) { - blocks = scconf_find_blocks(ctx->conf, ctx->conf_blocks[i], - "framework", "pkcs15"); + blocks = scconf_find_blocks(ctx->conf, ctx->conf_blocks[i], "framework", "pkcs15"); blk = blocks[0]; free(blocks); if (blk == NULL) @@ -239,71 +232,75 @@ break; } if (!libname) { - sc_debug(ctx, "unable to locate pkcs15init driver for '%s'\n", name); + sc_log(ctx, "unable to locate pkcs15init driver for '%s'", name); } return libname; } -static void *load_dynamic_driver(sc_context_t *ctx, void **dll, + +static void * +load_dynamic_driver(struct sc_context *ctx, void **dll, const char *name) { const char *version, *libname; - lt_dlhandle handle; + void *handle; void *(*modinit)(const char *) = NULL; const char *(*modversion)(void) = NULL; libname = find_library(ctx, name); if (!libname) return NULL; - handle = lt_dlopen(libname); + handle = sc_dlopen(libname); if (handle == NULL) { - sc_error(ctx, "Module %s: cannot load '%s' library: %s\n", name, libname, lt_dlerror()); + sc_log(ctx, "Module %s: cannot load '%s' library: %s", name, libname, sc_dlerror()); return NULL; } /* verify correctness of module */ - modinit = (void *(*)(const char *)) lt_dlsym(handle, "sc_module_init"); - modversion = (const char *(*)(void)) lt_dlsym(handle, "sc_driver_version"); + modinit = (void *(*)(const char *)) sc_dlsym(handle, "sc_module_init"); + modversion = (const char *(*)(void)) sc_dlsym(handle, "sc_driver_version"); if (modinit == NULL || modversion == NULL) { - sc_error(ctx, "dynamic library '%s' is not a OpenSC module\n",libname); - lt_dlclose(handle); + sc_log(ctx, "dynamic library '%s' is not a OpenSC module",libname); + sc_dlclose(handle); return NULL; } /* verify module version */ version = modversion(); if (version == NULL || strncmp(version, "0.9.", strlen("0.9.")) > 0) { - sc_error(ctx,"dynamic library '%s': invalid module version\n",libname); - lt_dlclose(handle); + sc_log(ctx,"dynamic library '%s': invalid module version",libname); + sc_dlclose(handle); return NULL; } *dll = handle; - sc_debug(ctx, "successfully loaded pkcs15init driver '%s'\n", name); + sc_log(ctx, "successfully loaded pkcs15init driver '%s'", name); return modinit(name); } + /* * Set up profile */ int -sc_pkcs15init_bind(sc_card_t *card, const char *name, +sc_pkcs15init_bind(struct sc_card *card, const char *name, const char *profile_option, struct sc_profile **result) { + struct sc_context *ctx = card->ctx; struct sc_profile *profile; struct sc_pkcs15init_operations * (* func)(void) = NULL; const char *driver = card->driver->short_name; char card_profile[PATH_MAX]; int r, i; + LOG_FUNC_CALLED(ctx); /* Put the card into administrative mode */ r = sc_pkcs15init_set_lifecycle(card, SC_CARDCTRL_LIFECYCLE_ADMIN); if (r < 0 && r != SC_ERROR_NOT_SUPPORTED) - return r; + LOG_TEST_RET(ctx, r, "Set lifecycle error"); profile = sc_profile_new(); profile->card = card; - profile->cbs = &callbacks; for (i = 0; profile_operations[i].name; i++) { if (!strcasecmp(driver, profile_operations[i].name)) { @@ -319,9 +316,9 @@ if (func) { profile->ops = func(); } else { - sc_error(card->ctx, "Unsupported card driver %s", driver); + sc_log(ctx, "Unsupported card driver %s", driver); sc_profile_free(profile); - return SC_ERROR_NOT_SUPPORTED; + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Unsupported card driver"); } /* Massage the main profile name to see if there are @@ -339,9 +336,10 @@ } } - if ((r = sc_pkcs15init_read_info(card, profile)) < 0) { + r = sc_pkcs15init_read_info(card, profile); + if (r < 0) { sc_profile_free(profile); - return r; + LOG_TEST_RET(ctx, r, "Read info error"); } /* Check the config file for a profile name. @@ -353,18 +351,34 @@ strlcpy(card_profile, profile_option, sizeof(card_profile)); } - if ((r = sc_profile_load(profile, profile->name)) < 0 - || (r = sc_profile_load(profile, card_profile)) < 0 - || (r = sc_profile_finish(profile)) < 0) { - sc_error(card->ctx, "Failed to load profile: %s\n", sc_strerror(r)); + do { + r = sc_profile_load(profile, profile->name); + if (r < 0) { + sc_log(ctx, "Failed to load profile '%s': %s", profile->name, sc_strerror(r)); + break; + } + + r = sc_profile_load(profile, card_profile); + if (r < 0) { + sc_log(ctx, "Failed to load profile '%s': %s", card_profile, sc_strerror(r)); + break; + } + + r = sc_profile_finish(profile, NULL); + if (r < 0) + sc_log(ctx, "Failed to finalize profile: %s", sc_strerror(r)); + } while (0); + + if (r < 0) { sc_profile_free(profile); - return r; + LOG_TEST_RET(ctx, r, "Load profile error"); } *result = profile; - return r; + LOG_FUNC_RETURN(ctx, r); } + void sc_pkcs15init_unbind(struct sc_profile *profile) { @@ -374,74 +388,102 @@ if (profile->dirty != 0 && profile->p15_data != NULL && profile->pkcs15.do_last_update) { r = sc_pkcs15init_update_tokeninfo(profile->p15_data, profile); if (r < 0) - sc_error(ctx, "Failed to update TokenInfo: %s\n", sc_strerror(r)); + sc_log(ctx, "Failed to update TokenInfo: %s", sc_strerror(r)); } if (profile->dll) - lt_dlclose(profile->dll); + sc_dlclose(profile->dll); sc_profile_free(profile); } + void -sc_pkcs15init_set_p15card(sc_profile_t *profile, - sc_pkcs15_card_t *p15card) +sc_pkcs15init_set_p15card(struct sc_profile *profile, + struct sc_pkcs15_card *p15card) { + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_object *p15objects[10]; + int i, r, nn_objs; + + LOG_FUNC_CALLED(ctx); + + /* Prepare pin-domain instantiation: + * for every present local User PIN, add to the profile EF list the named PIN path. */ + nn_objs = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_AUTH_PIN, p15objects, 10); + for (i = 0; i < nn_objs; i++) { + struct sc_pkcs15_pin_info *pininfo = (struct sc_pkcs15_pin_info *) p15objects[i]->data; + struct sc_file *file = NULL; + + if (pininfo->flags & SC_PKCS15_PIN_FLAG_SO_PIN) + continue; + if (pininfo->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN) + continue; + if (!pininfo->path.len) + continue; + + r = sc_profile_get_file_by_path(profile, &pininfo->path, &file); + if (r == SC_ERROR_FILE_NOT_FOUND) { + if (!sc_select_file(p15card->card, &pininfo->path, &file)) { + char pin_name[16]; + + sprintf(pin_name, "pin-dir-%02X%02X", + file->path.value[file->path.len - 2], + file->path.value[file->path.len - 1]); + sc_log(ctx, "add '%s' to profile file list", pin_name); + sc_profile_add_file(profile, pin_name, file); + } + } + + if (file) + sc_file_free(file); + } + profile->p15_data = p15card; + sc_log(ctx, "sc_pkcs15init_set_p15card() returns"); } + /* * Set the card's lifecycle */ int -sc_pkcs15init_set_lifecycle(sc_card_t *card, int lcycle) +sc_pkcs15init_set_lifecycle(struct sc_card *card, int lcycle) { return sc_card_ctl(card, SC_CARDCTL_LIFECYCLE_SET, &lcycle); } + /* * Erase the card */ int -sc_pkcs15init_erase_card(sc_card_t *card, struct sc_profile *profile) +sc_pkcs15init_erase_card(struct sc_pkcs15_card *p15card, struct sc_profile *profile, + struct sc_aid *aid) { - /* Make sure we set the SO PIN reference in the key cache */ - if (sc_keycache_find_named_pin(NULL, SC_PKCS15INIT_SO_PIN) == -1) { - struct sc_pkcs15_card *p15card = NULL; - - sc_ctx_suppress_errors_on(card->ctx); - if (sc_pkcs15_bind(card, &p15card) >= 0) { - /* result of set_so_pin_from_card ignored */ - set_so_pin_from_card(p15card, profile); - profile->p15_data = p15card; - } - sc_ctx_suppress_errors_off(card->ctx); - } + struct sc_context *ctx = p15card->card->ctx; + int rv; + + LOG_FUNC_CALLED(ctx); + /* Needs the 'SOPIN' AUTH pkcs15 object. + * So that, SOPIN can be found by it's reference. */ + if (sc_pkcs15_bind(p15card->card, aid, &p15card) >= 0) + profile->p15_data = p15card; + if (profile->ops->erase_card == NULL) - return SC_ERROR_NOT_SUPPORTED; - return profile->ops->erase_card(profile, card); + LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED); + + rv = profile->ops->erase_card(profile, p15card); + + LOG_FUNC_RETURN(ctx, rv); } + int -sc_pkcs15init_erase_card_recursively(sc_card_t *card, - struct sc_profile *profile, - int so_pin_ref) +sc_pkcs15init_erase_card_recursively(struct sc_pkcs15_card *p15card, + struct sc_profile *profile) { - struct sc_pkcs15_card *p15orig = profile->p15_data; struct sc_file *df = profile->df_info->file, *dir; int r; - /* Make sure we set the SO PIN reference in the key cache */ - if (sc_keycache_find_named_pin(NULL, SC_PKCS15INIT_SO_PIN) == -1) { - struct sc_pkcs15_card *p15card = NULL; - - sc_ctx_suppress_errors_on(card->ctx); - if (sc_pkcs15_bind(card, &p15card) >= 0) { - /* result of set_so_pin_from_card ignored */ - set_so_pin_from_card(p15card, profile); - profile->p15_data = p15card; - } - sc_ctx_suppress_errors_off(card->ctx); - } - /* Delete EF(DIR). This may not be very nice * against other applications that use this file, but * extremely useful for testing :) @@ -450,64 +492,68 @@ * us to delete files in reverse order of creation. * */ if (sc_profile_get_file(profile, "DIR", &dir) >= 0) { - r = sc_pkcs15init_rmdir(card, profile, dir); + r = sc_pkcs15init_rmdir(p15card, profile, dir); sc_file_free(dir); - if (r < 0 && r != SC_ERROR_FILE_NOT_FOUND) - goto out; + if (r < 0 && r != SC_ERROR_FILE_NOT_FOUND) { + sc_free_apps(p15card->card); + return r; + } } - sc_ctx_suppress_errors_on(card->ctx); - r = sc_select_file(card, &df->path, &df); - sc_ctx_suppress_errors_off(card->ctx); + r = sc_select_file(p15card->card, &df->path, &df); if (r >= 0) { - r = sc_pkcs15init_rmdir(card, profile, df); + r = sc_pkcs15init_rmdir(p15card, profile, df); sc_file_free(df); } if (r == SC_ERROR_FILE_NOT_FOUND) r = 0; -out: /* Forget any cached keys, the objects on card are all gone. */ - sc_keycache_forget_key(NULL, -1, -1); - - sc_free_apps(card); - if (profile->p15_data != p15orig) { - sc_pkcs15_unbind(profile->p15_data); - profile->p15_data = p15orig; - } + sc_free_apps(p15card->card); return r; } -int sc_pkcs15init_delete_by_path(struct sc_profile *profile, - struct sc_card *card, const sc_path_t *file_path) + +int +sc_pkcs15init_delete_by_path(struct sc_profile *profile, + struct sc_pkcs15_card *p15card, const struct sc_path *file_path) { - sc_file_t *parent, *file; - sc_path_t path; - int r; + struct sc_context *ctx = p15card->card->ctx; + struct sc_file *parent = NULL, *file = NULL; + struct sc_path path; + int rv; - if (file_path->len >= 2) { - /* Select the parent DF */ - path = *file_path; - path.len -= 2; - r = sc_select_file(card, &path, &parent); - if (r < 0) - return r; + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "trying to delete '%s'", sc_print_path(file_path)); - r = sc_pkcs15init_authenticate(profile, card, parent, SC_AC_OP_DELETE); - sc_file_free(parent); - if (r < 0) - return r; - } + /* For some cards, to delete file should be satisfied the 'DELETE' ACL of the file itself, + * for the others the 'DELETE' ACL of parent. + * Let's start from the file's 'DELETE' ACL. + * + * FIXME: will it be better to introduce the ACLs 'DELETE-CHILD' and 'DELETE-ITSELF', + * or dedicated card flag ? + */ /* Select the file itself */ - path = *file_path; - r = sc_select_file(card, &path, &file); - if (r < 0) - return r; - - r = sc_pkcs15init_authenticate(profile, card, file, SC_AC_OP_ERASE); - sc_file_free(file); - if (r < 0) - return r; + path = *file_path; + rv = sc_select_file(p15card->card, &path, &file); + LOG_TEST_RET(ctx, rv, "cannot select file to delete"); + + rv = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_DELETE); + sc_file_free(file); + + if (rv == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED) { + if (file_path->len >= 2) { + /* Select the parent DF */ + path.len -= 2; + rv = sc_select_file(p15card->card, &path, &parent); + LOG_TEST_RET(ctx, rv, "Cannot select parent"); + + rv = sc_pkcs15init_authenticate(profile, p15card, parent, SC_AC_OP_DELETE); + sc_file_free(parent); + LOG_TEST_RET(ctx, rv, "parent 'DELETE' authentication failed"); + } + } + LOG_TEST_RET(ctx, rv, "'DELETE' authentication failed"); memset(&path, 0, sizeof(path)); path.type = SC_PATH_TYPE_FILE_ID; @@ -515,41 +561,35 @@ path.value[1] = file_path->value[file_path->len - 1]; path.len = 2; - r = sc_delete_file(card, &path); - return r; + rv = sc_delete_file(p15card->card, &path); + LOG_FUNC_RETURN(ctx, rv); } + /* * Try to delete a file (and, in the DF case, its contents). * Note that this will not work if a pkcs#15 file's ERASE AC * references a pin other than the SO pin. */ int -sc_pkcs15init_rmdir(sc_card_t *card, struct sc_profile *profile, - sc_file_t *df) +sc_pkcs15init_rmdir(struct sc_pkcs15_card *p15card, struct sc_profile *profile, + struct sc_file *df) { - u8 buffer[1024]; + struct sc_context *ctx = p15card->card->ctx; + unsigned char buffer[1024]; struct sc_path path; struct sc_file *file, *parent; int r = 0, nfids; - char pbuf[SC_MAX_PATH_STRING_SIZE]; if (df == NULL) return SC_ERROR_INTERNAL; - r = sc_path_print(pbuf, sizeof(pbuf), &df->path); - if (r != SC_SUCCESS) - pbuf[0] = '\0'; - - sc_debug(card->ctx, "sc_pkcs15init_rmdir(%s)\n", pbuf); + sc_log(ctx, "sc_pkcs15init_rmdir(%s)", sc_print_path(&df->path)); if (df->type == SC_FILE_TYPE_DF) { - r = sc_pkcs15init_authenticate(profile, card, df, - SC_AC_OP_LIST_FILES); + r = sc_pkcs15init_authenticate(profile, p15card, df, SC_AC_OP_LIST_FILES); if (r < 0) return r; - sc_ctx_suppress_errors_on(card->ctx); - r = sc_list_files(card, buffer, sizeof(buffer)); - sc_ctx_suppress_errors_off(card->ctx); + r = sc_list_files(p15card->card, buffer, sizeof(buffer)); if (r < 0) return r; @@ -560,13 +600,13 @@ while (r >= 0 && nfids--) { path.value[path.len-2] = buffer[2*nfids]; path.value[path.len-1] = buffer[2*nfids+1]; - r = sc_select_file(card, &path, &file); + r = sc_select_file(p15card->card, &path, &file); if (r < 0) { if (r == SC_ERROR_FILE_NOT_FOUND) continue; break; } - r = sc_pkcs15init_rmdir(card, profile, file); + r = sc_pkcs15init_rmdir(p15card, profile, file); sc_file_free(file); } @@ -577,16 +617,16 @@ /* Select the parent DF */ path = df->path; path.len -= 2; - r = sc_select_file(card, &path, &parent); + r = sc_select_file(p15card->card, &path, &parent); if (r < 0) return r; - r = sc_pkcs15init_authenticate(profile, card, df, SC_AC_OP_DELETE); + r = sc_pkcs15init_authenticate(profile, p15card, df, SC_AC_OP_DELETE); if (r < 0) { sc_file_free(parent); return r; } - r = sc_pkcs15init_authenticate(profile, card, parent, SC_AC_OP_DELETE); + r = sc_pkcs15init_authenticate(profile, p15card, parent, SC_AC_OP_DELETE); sc_file_free(parent); if (r < 0) return r; @@ -598,47 +638,80 @@ path.len = 2; /* ensure that the card is in the correct lifecycle */ - r = sc_pkcs15init_set_lifecycle(card, SC_CARDCTRL_LIFECYCLE_ADMIN); + r = sc_pkcs15init_set_lifecycle(p15card->card, SC_CARDCTRL_LIFECYCLE_ADMIN); if (r < 0 && r != SC_ERROR_NOT_SUPPORTED) return r; - sc_ctx_suppress_errors_on(card->ctx); - r = sc_delete_file(card, &path); - sc_ctx_suppress_errors_off(card->ctx); + r = sc_delete_file(p15card->card, &path); return r; } + int -sc_pkcs15init_finalize_card(sc_card_t *card, struct sc_profile *profile) +sc_pkcs15init_finalize_card(struct sc_card *card, struct sc_profile *profile) { if (profile->ops->finalize_card == NULL) return SC_ERROR_NOT_SUPPORTED; return profile->ops->finalize_card(card); } + +int +sc_pkcs15init_finalize_profile(struct sc_card *card, struct sc_profile *profile, + struct sc_aid *aid) +{ + struct sc_context *ctx = card->ctx; + const struct sc_app_info *app = NULL; + int rv; + + LOG_FUNC_CALLED(ctx); + if (!aid || !aid->len) + LOG_FUNC_RETURN(ctx, SC_SUCCESS); + + if (card->app_count < 0) + sc_enum_apps(card); + + sc_log(ctx, "finalize profile for AID %s", sc_dump_hex(aid->value, aid->len)); + app = sc_find_app(card, aid); + if (!app) { + sc_log(ctx, "Cannot find oncard application"); + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS); + } + + sc_log(ctx, "Finalize profile with application '%s'", app->label); + rv = sc_profile_finish(profile, app); + + sc_log(ctx, "sc_pkcs15init_finalize_profile() returns %i", rv); + LOG_FUNC_RETURN(ctx, rv); +} + + /* * Initialize the PKCS#15 application */ int -sc_pkcs15init_add_app(sc_card_t *card, struct sc_profile *profile, +sc_pkcs15init_add_app(struct sc_card *card, struct sc_profile *profile, struct sc_pkcs15init_initargs *args) { - sc_pkcs15_card_t *p15spec = profile->p15_spec; - sc_pkcs15_pin_info_t pin_info, puk_info; - sc_pkcs15_object_t *pin_obj = NULL; - sc_app_info_t *app; - sc_file_t *df = profile->df_info->file; + struct sc_context *ctx = card->ctx; + struct sc_pkcs15_card *p15card = profile->p15_spec; + struct sc_pkcs15_pin_info pin_info, puk_info; + struct sc_pkcs15_object *pin_obj = NULL; + struct sc_app_info *app; + struct sc_file *df = profile->df_info->file; int r; - p15spec->card = card; + LOG_FUNC_CALLED(ctx); + p15card->card = card; - sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PIN, &puk_info); - sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PUK, &puk_info); + /* FIXME: + * Some cards need pincache + * for ex. to create temporary CHV key with the value of default AUTH key. + */ + p15card->opts.use_pin_cache = 1; - if (card->app_count >= SC_MAX_CARD_APPS) { - sc_error(card->ctx, "Too many applications on this card."); - return SC_ERROR_TOO_MANY_OBJECTS; - } + if (card->app_count >= SC_MAX_CARD_APPS) + LOG_TEST_RET(ctx, SC_ERROR_TOO_MANY_OBJECTS, "Too many applications on this card."); /* If the profile requires an SO PIN, check min/max length */ if (args->so_pin_len) { @@ -646,31 +719,21 @@ sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PIN, &pin_info); r = sc_pkcs15init_qualify_pin(card, "SO PIN", args->so_pin_len, &pin_info); - if (r < 0) - return r; + LOG_TEST_RET(ctx, r, "Failed to qualify SO PIN"); + + /* Path encoded only for local SO PIN */ + if (pin_info.flags & SC_PKCS15_PIN_FLAG_LOCAL) + pin_info.path = df->path; /* Select the PIN reference */ - pin_info.path = df->path; if (profile->ops->select_pin_reference) { - r = profile->ops->select_pin_reference(profile, - card, &pin_info); - if (r < 0) - return r; - - if (pin_info.flags & SC_PKCS15_PIN_FLAG_SO_PIN) - sc_keycache_set_pin_name(&pin_info.path, - pin_info.reference, - SC_PKCS15INIT_SO_PIN); - else - sc_keycache_set_pin_name(&pin_info.path, - pin_info.reference, - SC_PKCS15INIT_USER_PIN); + r = profile->ops->select_pin_reference(profile, p15card, &pin_info); + LOG_TEST_RET(ctx, r, "Failed to select card specific PIN reference"); } sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PUK, &puk_info); r = sc_pkcs15init_qualify_pin(card, "SO PUK", args->so_puk_len, &puk_info); - if (r < 0) - return r; + LOG_TEST_RET(ctx, r, "Failed to qulify SO PUK"); if (!(pin_label = args->so_pin_label)) { if (pin_info.flags & SC_PKCS15_PIN_FLAG_SO_PIN) @@ -683,520 +746,348 @@ pin_info.flags |= SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED; pin_obj = sc_pkcs15init_new_object(SC_PKCS15_TYPE_AUTH_PIN, - pin_label, NULL, - &pin_info); + pin_label, NULL, &pin_info); + + if (pin_obj) { + /* When composing ACLs to create 'DIR' DF, + * the references of the not-yet-existing PINs can be requested. + * For this, create a 'virtual' AUTH object 'SO PIN', accessible by the card specific part, + * but not yet written into the on-card PKCS#15. + */ + sc_log(ctx, "Add virtual SO_PIN('%s',flags:%X,reference:%i,path:'%s')", + pin_obj->label, pin_info.flags, pin_info.reference, + sc_print_path(&pin_info.path)); + r = sc_pkcs15_add_object(p15card, pin_obj); + LOG_TEST_RET(ctx, r, "Failed to add 'SOPIN' AUTH object"); + } } /* Perform card-specific initialization */ - if (profile->ops->init_card - && (r = profile->ops->init_card(profile, card)) < 0) { - if (pin_obj) + if (profile->ops->init_card) { + r = profile->ops->init_card(profile, p15card); + if (r < 0 && pin_obj) { + sc_pkcs15_remove_object(p15card, pin_obj); sc_pkcs15_free_object(pin_obj); - return r; + } + LOG_TEST_RET(ctx, r, "Card specific init failed"); } - /* Create the application DF and store the PINs */ - if (profile->ops->create_dir) { - /* Create the directory */ - r = profile->ops->create_dir(profile, card, df); - - /* Set the SO PIN */ - if (r >= 0 && pin_obj) { - r = profile->ops->create_pin(profile, card, - df, pin_obj, - args->so_pin, args->so_pin_len, - args->so_puk, args->so_puk_len); - } - } else { - /* Old style API */ - r = profile->ops->init_app(profile, card, &pin_info, + /* Create the application directory */ + r = profile->ops->create_dir(profile, p15card, df); + LOG_TEST_RET(ctx, r, "Create 'DIR' error"); + + /* Store SO PIN */ + if (pin_obj) + r = profile->ops->create_pin(profile, p15card, df, pin_obj, args->so_pin, args->so_pin_len, args->so_puk, args->so_puk_len); - } - if (r < 0) { - if (pin_obj) - sc_pkcs15_free_object(pin_obj); - return r; - } +#if 0 + if (r > 0 && profile->ops->finalize_dir) + r = profile->ops->finalize_dir(profile, p15card); +#endif - /* Put the new SO pin in the key cache (note: in case - * of the "onepin" profile store it as a normal pin) */ - if (args->so_pin_len && !(pin_info.flags & SC_PKCS15_PIN_FLAG_SO_PIN)) - sc_keycache_put_key(&df->path, - SC_AC_SYMBOLIC, - SC_PKCS15INIT_USER_PIN, - args->so_pin, - args->so_pin_len); - else - sc_keycache_put_key(&df->path, - SC_AC_SYMBOLIC, - SC_PKCS15INIT_SO_PIN, - args->so_pin, - args->so_pin_len); + if (pin_obj) + /* Remove 'virtual' AUTH object . */ + sc_pkcs15_remove_object(p15card, pin_obj); + + if (r < 0) + sc_pkcs15_free_object(pin_obj); + LOG_TEST_RET(ctx, r, "Card specific create application DF failed"); /* Store the PKCS15 information on the card * We cannot use sc_pkcs15_create() because it makes * all sorts of assumptions about DF and EF names, and * doesn't work if secure messaging is required for the * MF (which is the case with the GPK) */ - app = (sc_app_info_t *)calloc(1, sizeof(*app)); + app = (struct sc_app_info *)calloc(1, sizeof(*app)); if (app == NULL) - return SC_ERROR_OUT_OF_MEMORY; - app->path = p15spec->file_app->path; - if (p15spec->file_app->namelen <= SC_MAX_AID_SIZE) { - app->aid_len = p15spec->file_app->namelen; - memcpy(app->aid, p15spec->file_app->name, app->aid_len); + LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Failed to allocate application info"); + + app->path = p15card->file_app->path; + if (p15card->file_app->namelen <= SC_MAX_AID_SIZE) { + app->aid.len = p15card->file_app->namelen; + memcpy(app->aid.value, p15card->file_app->name, app->aid.len); } + /* set serial number if explicitly specified */ - if (args->serial) + if (args->serial) { sc_pkcs15init_set_serial(profile, args->serial); + } else { /* otherwise try to get the serial number from the card */ - sc_serial_number_t serialnr; + struct sc_serial_number serialnr; + r = sc_card_ctl(card, SC_CARDCTL_GET_SERIALNR, &serialnr); if (r == SC_SUCCESS) { char hex_serial[SC_MAX_SERIALNR * 2 + 1]; - sc_bin_to_hex(serialnr.value, serialnr.len, - hex_serial, sizeof(hex_serial), 0); + + sc_bin_to_hex(serialnr.value, serialnr.len, hex_serial, sizeof(hex_serial), 0); sc_pkcs15init_set_serial(profile, hex_serial); } } if (args->label) { - if (p15spec->label) - free(p15spec->label); - p15spec->label = strdup(args->label); + if (p15card->tokeninfo->label) + free(p15card->tokeninfo->label); + p15card->tokeninfo->label = strdup(args->label); } - app->label = strdup(p15spec->label); - - /* XXX: encode the DDO? */ + app->label = strdup(p15card->tokeninfo->label); /* See if we've set an SO PIN */ - if (pin_obj) { - r = sc_pkcs15init_add_object(p15spec, profile, - SC_PKCS15_AODF, pin_obj); - } else { - r = sc_pkcs15init_add_object(p15spec, profile, - SC_PKCS15_AODF, NULL); - } - + r = sc_pkcs15init_add_object(p15card, profile, SC_PKCS15_AODF, pin_obj); if (r >= 0) { - r = sc_pkcs15init_update_dir(p15spec, profile, app); + r = sc_pkcs15init_update_dir(p15card, profile, app); if (r >= 0) - r = sc_pkcs15init_update_tokeninfo(p15spec, profile); + r = sc_pkcs15init_update_tokeninfo(p15card, profile); /* FIXME: what to do if sc_pkcs15init_update_dir failed? */ } else { + free(app); /* unused */ } - sc_ctx_suppress_errors_on(card->ctx); - sc_pkcs15init_write_info(card, profile, pin_obj); - sc_ctx_suppress_errors_off(card->ctx); - return r; + sc_pkcs15init_write_info(p15card, profile, pin_obj); + LOG_FUNC_RETURN(ctx, r); } -#if 0 -/* Read the EF(UnusedSpace) file */ -static int sc_pkcs15init_read_unusedspace(sc_pkcs15_card_t *p15card) -{ - sc_path_t path; - u8 *buf = NULL; - size_t buf_len; - int r; - /* Check if EF(UnusedSpace) file is already read */ - if (p15card->unusedspace_read) - return 0; +/* + * Store a PIN/PUK pair + */ +static int +sc_pkcs15init_store_puk(struct sc_pkcs15_card *p15card, + struct sc_profile *profile, + struct sc_pkcs15init_pinargs *args) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_object *pin_obj; + struct sc_pkcs15_pin_info *pin_info; + int r; + char puk_label[0x30]; - if (p15card->file_unusedspace != NULL) - path = p15card->file_unusedspace->path; - else { - path = p15card->file_app->path; - sc_append_path_id(&path, (const u8 *) "\x50\x33", 2); - path.count = -1; - } + LOG_FUNC_CALLED(ctx); + if (!args->puk_id.len) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "PUK auth ID not supplied"); + + /* Make sure we don't get duplicate PIN IDs */ + r = sc_pkcs15_find_pin_by_auth_id(p15card, &args->puk_id, NULL); + if (r != SC_ERROR_OBJECT_NOT_FOUND) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "There already is a PIN with this ID."); + + if (!args->puk_label) { + if (args->label) + snprintf(puk_label, sizeof(puk_label), "%s (PUK)", args->label); + else + snprintf(puk_label, sizeof(puk_label), "User PUK"); - r = sc_pkcs15_read_file(p15card, &path, &buf, &buf_len, NULL); - if (r < 0) { - if (r == SC_ERROR_FILE_NOT_FOUND) - r = 0; - goto err; + args->puk_label = puk_label; } - r = sc_pkcs15_parse_unusedspace(buf, buf_len, p15card); - -err: - if (buf != NULL) - free(buf); - return r; -} - -/* Update the EF(UnusedSpace) file */ -static int sc_pkcs15init_update_unusedspace(sc_pkcs15_card_t *p15card, - sc_profile_t *profile) -{ - u8 *buf = NULL; - size_t buf_len; - sc_file_t *file = NULL; - int r; - - /* Make sure we've read the EF(UnusedSpace) file first */ - r = sc_pkcs15init_read_unusedspace(p15card); - if (r < 0) - return r; - if (p15card->unusedspace_list == NULL) - return 0; - - r = sc_profile_get_file(profile, "PKCS15-UnusedSpace", &file); - if (r < 0) - return r; - - r = sc_pkcs15_encode_unusedspace(p15card->card->ctx, p15card, &buf, &buf_len); - if (r < 0) - goto err; - - r = sc_pkcs15init_update_file(profile, p15card->card, - file, buf, buf_len); + args->pin = args->puk; + args->pin_len = args->puk_len; + args->puk = NULL; + args->puk_len = 0; -err: - if (buf != NULL) - free(buf); - if (file != NULL) - sc_file_free(file); - return r; -} + pin_obj = sc_pkcs15init_new_object(SC_PKCS15_TYPE_AUTH_PIN, args->puk_label, NULL, NULL); + if (pin_obj == NULL) + LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot allocate PIN object"); -/* Called by sc_pkcs15init_add_unusedspace(), to try to merge path - * with one of the paths in us, so one large path can be made */ -static sc_pkcs15_unusedspace_t *merge_paths(sc_pkcs15_unusedspace_t *us, - const sc_path_t *path) -{ - for ( ; us != NULL; us = us->next) { - sc_path_t *old = &us->path; - if (!sc_compare_path(path, old)) - continue; - if (old->index + old->count == path->index) { - old->count += path->count; - return us; - } - if (path->index + path->count == old->index) { - old->index = path->index; - old->count += path->count; - return us; - } - } - return NULL; /* Couldn't merge */ -} + pin_info = (struct sc_pkcs15_pin_info *) pin_obj->data; -/* Add a path to the EF(UnusedSpace) file. This is done when (part of) the - * file where the path points to is no longer used (i.e. the pkcs15 object - * inside has been "deleted"). */ -static int sc_pkcs15init_add_unusedspace(sc_pkcs15_card_t *p15card, - sc_profile_t *profile, const sc_path_t *path, const sc_pkcs15_id_t *auth_id) -{ - sc_pkcs15_unusedspace_t *us; - int r = 0; + sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PUK, pin_info); + pin_info->auth_id = args->puk_id; - if (path->count == -1) - return SC_ERROR_INVALID_ARGUMENTS; + /* Now store the PINs */ + if (profile->ops->create_pin) + r = sc_pkcs15init_create_pin(p15card, profile, pin_obj, args); + else + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "In Old API store PUK object is not supported"); - /* Make sure we've read the EF(UnusedSpace) file first */ - r = sc_pkcs15init_read_unusedspace(p15card); - if (r < 0) - return r; + if (r >= 0) + r = sc_pkcs15init_add_object(p15card, profile, SC_PKCS15_AODF, pin_obj); + else + sc_pkcs15_free_object(pin_obj); - /* See if we can merge this new entry with one that already exists */ - us = merge_paths(p15card->unusedspace_list, path); - if (us == NULL) - sc_pkcs15_add_unusedspace(p15card, path, auth_id); - else { - /* So we could merge it. But now the path pointed to by us - * might be mergeable with another path further on in the list */ - if (merge_paths(us->next, &us->path)) - sc_pkcs15_remove_unusedspace(p15card, us); - } + profile->dirty = 1; - return sc_pkcs15init_update_unusedspace(p15card, profile); + LOG_FUNC_RETURN(ctx, r); } -/* Remove some space from the EF(UnusedSpace) file. This is done when you want - * to use the space for a certificate, data, ... */ -static int sc_pkcs15init_remove_unusedspace(sc_pkcs15_card_t *p15card, - sc_profile_t *profile, const sc_path_t *path) -{ - sc_pkcs15_unusedspace_t *us; - int ok = 0; - int r = 0; - - /* Make sure we've read the EF(UnusedSpace) file first */ - r = sc_pkcs15init_read_unusedspace(p15card); - if (r < 0) - return r; - - /* Search in the EF(UnusedSpace) for a path where the required - * space (referred to by 'path') can be subtracted from */ - for (us = p15card->unusedspace_list; us != NULL && !ok; us = us->next) { - sc_path_t *old = &us->path; - if (!sc_compare_path(path, old) || old->count < path->count) - continue; - if (old->index == path->index) { - old->index += path->count; - old->count -= path->count; - ok = 1; - } - else if (old->index + old->count == path->index + path->count) { - old->count -= path->count; - ok = 1; - } - if (old->count == 0) - sc_pkcs15_remove_unusedspace(p15card, us); - } - - if (!ok) - return SC_ERROR_OBJECT_NOT_FOUND; /* the space couldn't be found */ - - return sc_pkcs15init_update_unusedspace(p15card, profile); -} -#endif -/* - * Store a PIN/PUK pair - */ int sc_pkcs15init_store_pin(struct sc_pkcs15_card *p15card, struct sc_profile *profile, struct sc_pkcs15init_pinargs *args) { - sc_card_t *card = p15card->card; - sc_pkcs15_object_t *pin_obj; - sc_pkcs15_pin_info_t *pin_info; - int r, idx; + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_object *pin_obj; + struct sc_pkcs15_pin_info *pin_info; + int r; + LOG_FUNC_CALLED(ctx); /* No auth_id given: select one */ if (args->auth_id.len == 0) { - struct sc_pkcs15_object *dummy; unsigned int n; args->auth_id.len = 1; - sc_ctx_suppress_errors_on(card->ctx); for (n = 1, r = 0; n < 256; n++) { args->auth_id.value[0] = n; - r = sc_pkcs15_find_pin_by_auth_id(p15card, - &args->auth_id, &dummy); + r = sc_pkcs15_find_pin_by_auth_id(p15card, &args->auth_id, NULL); if (r == SC_ERROR_OBJECT_NOT_FOUND) break; } - sc_ctx_suppress_errors_off(card->ctx); - if (r != SC_ERROR_OBJECT_NOT_FOUND) { - sc_error(card->ctx, "No auth_id specified for new PIN"); - return SC_ERROR_INVALID_ARGUMENTS; - } - } else { - struct sc_pkcs15_object *dummy; + if (r != SC_ERROR_OBJECT_NOT_FOUND) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "No auth_id specified for new PIN"); + } else { /* Make sure we don't get duplicate PIN IDs */ - sc_ctx_suppress_errors_on(card->ctx); - r = sc_pkcs15_find_pin_by_auth_id(p15card, &args->auth_id, &dummy); - sc_ctx_suppress_errors_off(card->ctx); - if (r != SC_ERROR_OBJECT_NOT_FOUND) { - sc_error(card->ctx, "There already is a PIN with this ID."); - return SC_ERROR_INVALID_ARGUMENTS; - } + r = sc_pkcs15_find_pin_by_auth_id(p15card, &args->auth_id, NULL); + if (r != SC_ERROR_OBJECT_NOT_FOUND) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "There already is a PIN with this ID."); } - pin_obj = sc_pkcs15init_new_object(SC_PKCS15_TYPE_AUTH_PIN, - args->label, NULL, NULL); + pin_obj = sc_pkcs15init_new_object(SC_PKCS15_TYPE_AUTH_PIN, args->label, NULL, NULL); if (pin_obj == NULL) - return SC_ERROR_OUT_OF_MEMORY; - pin_info = (sc_pkcs15_pin_info_t *) pin_obj->data; + LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot allocate PIN object"); + + pin_info = (struct sc_pkcs15_pin_info *) pin_obj->data; sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PIN, pin_info); pin_info->auth_id = args->auth_id; - /* Set the SO PIN reference from card */ - if ((r = set_so_pin_from_card(p15card, profile)) < 0) { - sc_pkcs15_free_object(pin_obj); - return r; - } - /* Now store the PINs */ - if (profile->ops->create_pin) { - r = sc_pkcs15init_create_pin(p15card, profile, pin_obj, args); - } else { - /* Get the number of PINs we already have */ - idx = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_AUTH, - NULL, 0); - - r = profile->ops->new_pin(profile, card, pin_info, idx, - args->pin, args->pin_len, - args->puk, args->puk_len); - } - - /* Fix up any ACLs referring to the user pin */ - if (r >= 0) { - sc_keycache_set_pin_name(&pin_info->path, - pin_info->reference, - SC_PKCS15INIT_USER_PIN); - } + sc_log(ctx, "Store PIN(%s,authID:%s)", pin_obj->label, sc_pkcs15_print_id(&pin_info->auth_id)); + r = sc_pkcs15init_create_pin(p15card, profile, pin_obj, args); + if (r < 0) + sc_pkcs15_free_object(pin_obj); + LOG_TEST_RET(ctx, r, "Card specific create PIN failed."); - if (r >= 0) { - r = sc_pkcs15init_add_object(p15card, profile, - SC_PKCS15_AODF, pin_obj); - } else + r = sc_pkcs15init_add_object(p15card, profile, SC_PKCS15_AODF, pin_obj); + if (r < 0) sc_pkcs15_free_object(pin_obj); + LOG_TEST_RET(ctx, r, "Failed to add PIN object"); + + if (args->puk_id.len) + r = sc_pkcs15init_store_puk(p15card, profile, args); profile->dirty = 1; - return r; + LOG_FUNC_RETURN(ctx, r); } + static int -sc_pkcs15init_create_pin(sc_pkcs15_card_t *p15card, sc_profile_t *profile, - sc_pkcs15_object_t *pin_obj, +sc_pkcs15init_create_pin(struct sc_pkcs15_card *p15card, + struct sc_profile *profile, + struct sc_pkcs15_object *pin_obj, struct sc_pkcs15init_pinargs *args) { - sc_pkcs15_pin_info_t *pin_info = (sc_pkcs15_pin_info_t *) pin_obj->data; - sc_card_t *card = p15card->card; - sc_file_t *df = profile->df_info->file; + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_pin_info *pin_info = (struct sc_pkcs15_pin_info *) pin_obj->data; + struct sc_file *df = profile->df_info->file; int r, retry = 0; + LOG_FUNC_CALLED(ctx); /* Some cards need to keep all their PINs in separate directories. * Create a subdirectory now, and put the pin into * this subdirectory */ if (profile->pin_domains) { - if (!profile->ops->create_domain) { - sc_error(card->ctx, "PIN domains not supported."); - return SC_ERROR_NOT_SUPPORTED; - } - r = profile->ops->create_domain(profile, card, - &pin_info->auth_id, &df); - if (r < 0) - return r; + if (!profile->ops->create_domain) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "PIN domains not supported."); + + r = profile->ops->create_domain(profile, p15card, &pin_info->auth_id, &df); + LOG_TEST_RET(ctx, r, "Card specific create domain failed"); } - pin_info->path = df->path; - pin_info->reference = 0; + /* Path encoded only for local PINs */ + if (pin_info->flags & SC_PKCS15_PIN_FLAG_LOCAL) + pin_info->path = df->path; + + /* pin_info->reference = 0; */ /* Loop until we come up with an acceptable pin reference */ while (1) { - sc_pkcs15_object_t *dummy; - if (profile->ops->select_pin_reference) { - r = profile->ops->select_pin_reference(profile, card, pin_info); - if (r < 0) - return r; + r = profile->ops->select_pin_reference(profile, p15card, pin_info); + LOG_TEST_RET(ctx, r, "Card specific select PIN reference failed"); + retry = 1; } - r = sc_pkcs15_find_pin_by_reference(p15card, - &pin_info->path, - pin_info->reference, &dummy); + r = sc_pkcs15_find_pin_by_reference(p15card, &pin_info->path, + pin_info->reference, NULL); if (r == SC_ERROR_OBJECT_NOT_FOUND) break; - if (r != 0 || !retry) { + if (r != 0 || !retry) /* Other error trying to retrieve pin obj */ - sc_error(card->ctx, "Failed to allocate PIN reference."); - return SC_ERROR_TOO_MANY_OBJECTS; - } + LOG_TEST_RET(ctx, SC_ERROR_TOO_MANY_OBJECTS, "Failed to allocate PIN reference."); pin_info->reference++; } - sc_keycache_set_pin_name(&pin_info->path, pin_info->reference, - SC_PKCS15INIT_USER_PIN); - if (args->puk_len == 0) pin_info->flags |= SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED; - r = profile->ops->create_pin(profile, card, + sc_log(ctx, "create PIN with reference:%X, flags:%X, path:%s", + pin_info->reference, pin_info->flags, sc_print_path(&pin_info->path)); + r = profile->ops->create_pin(profile, p15card, df, pin_obj, args->pin, args->pin_len, args->puk, args->puk_len); if (df != profile->df_info->file) sc_file_free(df); - return r; + + LOG_FUNC_RETURN(ctx, r); } + /* * Default function for creating a pin subdirectory */ int -sc_pkcs15_create_pin_domain(sc_profile_t *profile, sc_card_t *card, - const sc_pkcs15_id_t *id, sc_file_t **ret) +sc_pkcs15_create_pin_domain(struct sc_profile *profile, + struct sc_pkcs15_card *p15card, const struct sc_pkcs15_id *id, + struct sc_file **ret) { - sc_file_t *df = profile->df_info->file; + struct sc_context *ctx = p15card->card->ctx; + struct sc_file *df = profile->df_info->file; int r; + sc_log(ctx, "create PIN domain (path:%s,ID:%s)", sc_print_path(&df->path), sc_pkcs15_print_id(id)); /* Instantiate PIN directory just below the application DF */ - r = sc_profile_instantiate_template(profile, - "pin-domain", &df->path, - "pin-dir", id, ret); - if (r >= 0) - r = profile->ops->create_dir(profile, card, *ret); + r = sc_profile_instantiate_template(profile, "pin-domain", &df->path, "pin-dir", id, ret); + if (r >= 0) { + sc_log(ctx, "create PIN DF(path:%s)", sc_print_path(&(*ret)->path)); + r = profile->ops->create_dir(profile, p15card, *ret); + } return r; } -/* - * Check if a given pkcs15 prkey object can be reused - */ -static int -can_reuse_prkey_obj(const sc_pkcs15_object_t *obj, void *data) -{ - sc_pkcs15_prkey_info_t *key, *new_key; - sc_pkcs15_object_t *new_obj; - - new_obj = (sc_pkcs15_object_t *) data; - if (obj->type != new_obj->type - || obj->flags != new_obj->flags) - return 0; - - key = (sc_pkcs15_prkey_info_t *) obj->data; - new_key = (sc_pkcs15_prkey_info_t *) new_obj->data; - if (key->modulus_length != new_key->modulus_length) - return 0; - - /* Don't mix up native vs extractable keys */ - if (key->native != new_key->native) - return 0; - - /* Some cards don't enforce key usage, so we might as - * well allow the user to change it on those cards. - * Not yet implemented */ - if (key->usage != new_key->usage) - return 0; - - /* Make sure the PIN is the same */ - if (!sc_pkcs15_compare_id(&obj->auth_id, &new_obj->auth_id)) - return 0; - - return 1; -} /* * Prepare private key download, and initialize a prkdf entry */ static int -sc_pkcs15init_init_prkdf(sc_pkcs15_card_t *p15card, - sc_profile_t *profile, +sc_pkcs15init_init_prkdf(struct sc_pkcs15_card *p15card, + struct sc_profile *profile, struct sc_pkcs15init_prkeyargs *keyargs, - sc_pkcs15_prkey_t *key, int keybits, - struct sc_pkcs15_object **res_obj - ) + struct sc_pkcs15_prkey *key, int keybits, + struct sc_pkcs15_object **res_obj) { + struct sc_context *ctx = p15card->card->ctx; struct sc_pkcs15_prkey_info *key_info; struct sc_pkcs15_keyinfo_gostparams *keyinfo_gostparams; struct sc_pkcs15_object *object; - sc_card_t *card = p15card->card; const char *label; unsigned int usage; - int r = 0; + int r = 0, key_type; + LOG_FUNC_CALLED(ctx); if (!res_obj || !keybits) - return SC_ERROR_INVALID_ARGUMENTS; + LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Initialize PrKDF entry failed"); *res_obj = NULL; @@ -1212,197 +1103,172 @@ /* Create the prkey object now. * If we find out below that we're better off reusing an * existing object, we'll ditch this one */ - object = sc_pkcs15init_new_object(prkey_pkcs15_algo(p15card, key), - label, &keyargs->auth_id, - NULL); + key_type = prkey_pkcs15_algo(p15card, key); + LOG_TEST_RET(ctx, key_type, "Unsupported key type"); + + object = sc_pkcs15init_new_object(key_type, label, &keyargs->auth_id, NULL); if (object == NULL) - return SC_ERROR_OUT_OF_MEMORY; + LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot allocate new PrKey object"); - key_info = (sc_pkcs15_prkey_info_t *) object->data; + key_info = (struct sc_pkcs15_prkey_info *) object->data; key_info->usage = usage; key_info->native = 1; key_info->key_reference = 0; key_info->modulus_length = keybits; - key_info->access_flags = DEFAULT_PRKEY_ACCESS_FLAGS; + key_info->access_flags = keyargs->access_flags; /* Path is selected below */ - if (keyargs->flags & SC_PKCS15INIT_EXTRACTABLE) { - key_info->access_flags |= SC_PKCS15_PRKEY_ACCESS_EXTRACTABLE; + if (keyargs->access_flags & SC_PKCS15_PRKEY_ACCESS_EXTRACTABLE) { key_info->access_flags &= ~SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE; key_info->native = 0; } - if (keyargs->id.len != 0 && (keyargs->flags & SC_PKCS15INIT_SPLIT_KEY)) { - /* Split key; this ID exists already, don't check for - * the pkcs15 object */ - } else { - /* Select a Key ID if the user didn't specify one, otherwise - * make sure it's compatible with our intended use */ - r = select_id(p15card, SC_PKCS15_TYPE_PRKEY, &keyargs->id, - can_reuse_prkey_obj, object, res_obj); - if (r < 0) - return r; - - /* If we're reusing a deleted object, update it */ - if (*res_obj != NULL) { - free(key_info); key_info = NULL; - free(object); object = *res_obj; - - strlcpy(object->label, label, sizeof(object->label)); - return 0; - } - } + /* Select a Key ID if the user didn't specify one, + * otherwise make sure it's compatible with our intended use */ + r = select_id(p15card, SC_PKCS15_TYPE_PRKEY, &keyargs->id); + LOG_TEST_RET(ctx, r, "Cannot select ID for PrKey object"); key_info->id = keyargs->id; if (key->algorithm == SC_ALGORITHM_GOSTR3410) { - key_info->params_len = sizeof(*keyinfo_gostparams); + key_info->params.len = sizeof(*keyinfo_gostparams); /* FIXME: malloc() call in pkcs15init, but free() call * in libopensc (sc_pkcs15_free_prkey_info) */ - key_info->params = malloc(key_info->params_len); - if (!key_info->params) - return SC_ERROR_OUT_OF_MEMORY; - keyinfo_gostparams = key_info->params; - keyinfo_gostparams->gostr3410 = keyargs->gost_params.gostr3410; - keyinfo_gostparams->gostr3411 = keyargs->gost_params.gostr3411; - keyinfo_gostparams->gost28147 = keyargs->gost_params.gost28147; + key_info->params.data = malloc(key_info->params.len); + if (!key_info->params.data) + LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot allocate memory for GOST parameters"); + keyinfo_gostparams = key_info->params.data; + keyinfo_gostparams->gostr3410 = keyargs->params.gost.gostr3410; + keyinfo_gostparams->gostr3411 = keyargs->params.gost.gostr3411; + keyinfo_gostparams->gost28147 = keyargs->params.gost.gost28147; + } + else if (key->algorithm == SC_ALGORITHM_EC) { + struct sc_pkcs15_ec_parameters *ecparams = &keyargs->params.ec; + key_info->params.data = &keyargs->params.ec; + key_info->params.free_params = sc_pkcs15init_empty_callback; + key_info->field_length = ecparams->field_length; } - r = select_object_path(p15card, profile, object, - &key_info->id, &key_info->path); - if (r < 0) - return r; + r = select_object_path(p15card, profile, object, &key_info->path); + LOG_TEST_RET(ctx, r, "Failed to select private key object path"); /* See if we need to select a key reference for this object */ if (profile->ops->select_key_reference) { while (1) { - sc_pkcs15_object_t *dummy; + r = profile->ops->select_key_reference(profile, p15card, key_info); + LOG_TEST_RET(ctx, r, "Failed to select card specific key reference"); - r = profile->ops->select_key_reference(profile, - card, key_info); - if (r < 0) - return r; - - r = sc_pkcs15_find_prkey_by_reference(p15card, - &key_info->path, - key_info->key_reference, - &dummy); + r = sc_pkcs15_find_prkey_by_reference(p15card, &key_info->path, key_info->key_reference, NULL); if (r == SC_ERROR_OBJECT_NOT_FOUND) break; - if (r != 0) { + if (r != 0) /* Other error trying to retrieve pin obj */ - sc_error(card->ctx, - "Failed to select key reference."); - return SC_ERROR_TOO_MANY_OBJECTS; - } + LOG_TEST_RET(ctx, SC_ERROR_TOO_MANY_OBJECTS, "Failed to select key reference"); key_info->key_reference++; } } *res_obj = object; - return 0; + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); } + /* * Generate a new private key */ int -sc_pkcs15init_generate_key(struct sc_pkcs15_card *p15card, - struct sc_profile *profile, - struct sc_pkcs15init_keygen_args *keygen_args, - unsigned int keybits, +sc_pkcs15init_generate_key(struct sc_pkcs15_card *p15card, struct sc_profile *profile, + struct sc_pkcs15init_keygen_args *keygen_args, unsigned int keybits, struct sc_pkcs15_object **res_obj) { + struct sc_context *ctx = p15card->card->ctx; struct sc_pkcs15init_pubkeyargs pubkey_args; struct sc_pkcs15_object *object; struct sc_pkcs15_prkey_info *key_info; - int r; + int r, caller_supplied_id = 0; + LOG_FUNC_CALLED(ctx); /* check supported key size */ - r = check_key_size(p15card->card, keygen_args->prkey_args.key.algorithm, keybits); - if (r != SC_SUCCESS) - return r; - - /* For now, we support just RSA and GOST key pair generation */ - if (!check_key_compatibility(p15card, &keygen_args->prkey_args.key, - keygen_args->prkey_args.x509_usage, - keybits, SC_ALGORITHM_ONBOARD_KEY_GEN)) - return SC_ERROR_NOT_SUPPORTED; - - if (profile->ops->generate_key == NULL && profile->ops->old_generate_key == NULL) - return SC_ERROR_NOT_SUPPORTED; - - /* Set the USER PIN reference from args */ - r = set_user_pin_from_authid(p15card, profile, - &keygen_args->prkey_args.auth_id); - if (r < 0) - return r; + r = check_keygen_params_consistency(p15card->card, keygen_args, keybits, &keybits); + LOG_TEST_RET(ctx, r, "Invalid key size"); - /* Set the SO PIN reference from card */ - if ((r = set_so_pin_from_card(p15card, profile)) < 0) - return r; + if (check_key_compatibility(p15card, &keygen_args->prkey_args.key, keygen_args->prkey_args.x509_usage, + keybits, SC_ALGORITHM_ONBOARD_KEY_GEN)) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Cannot generate key with the given parameters"); + + if (profile->ops->generate_key == NULL) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Key generation not supported"); + + if (keygen_args->prkey_args.id.len) { + caller_supplied_id = 1; + + /* Make sure that private key's ID is the unique inside the PKCS#15 application */ + r = sc_pkcs15_find_prkey_by_id(p15card, &keygen_args->prkey_args.id, NULL); + if (!r) + LOG_TEST_RET(ctx, SC_ERROR_NON_UNIQUE_ID, "Non unique ID of the private key object"); + else if (r != SC_ERROR_OBJECT_NOT_FOUND) + LOG_TEST_RET(ctx, r, "Find private key error"); + } /* Set up the PrKDF object */ r = sc_pkcs15init_init_prkdf(p15card, profile, &keygen_args->prkey_args, &keygen_args->prkey_args.key, keybits, &object); - if (r < 0) - return r; + LOG_TEST_RET(ctx, r, "Set up private key object error"); + key_info = (struct sc_pkcs15_prkey_info *) object->data; /* Set up the PuKDF info. The public key will be filled in - * by the card driver's generate_key function called below */ + * by the card driver's generate_key function called below. + * Auth.ID of the public key object is left empty. */ memset(&pubkey_args, 0, sizeof(pubkey_args)); pubkey_args.id = keygen_args->prkey_args.id; -#if 0 - pubkey_args.auth_id = keygen_args->prkey_args.auth_id; -#endif - pubkey_args.label = keygen_args->pubkey_label; + pubkey_args.label = keygen_args->pubkey_label ? keygen_args->pubkey_label : object->label; pubkey_args.usage = keygen_args->prkey_args.usage; pubkey_args.x509_usage = keygen_args->prkey_args.x509_usage; - pubkey_args.gost_params = keygen_args->prkey_args.gost_params; + pubkey_args.params.gost = keygen_args->prkey_args.params.gost; /* Generate the private key on card */ - if (profile->ops->create_key) { - /* New API */ - r = profile->ops->create_key(profile, p15card->card, object); - if (r < 0) - return r; - - r = profile->ops->generate_key(profile, p15card->card, - object, &pubkey_args.key); - if (r < 0) - return r; - } else { - int idx; + r = profile->ops->create_key(profile, p15card, object); + LOG_TEST_RET(ctx, r, "Cannot generate key: create key failed"); - idx = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_PRKEY, NULL, 0); - r = profile->ops->old_generate_key(profile, p15card->card, idx, keybits, - &pubkey_args.key, key_info); - } + r = profile->ops->generate_key(profile, p15card, object, &pubkey_args.key); + LOG_TEST_RET(ctx, r, "Failed to generate key"); /* update PrKDF entry */ - if (r >= 0) { - r = sc_pkcs15init_add_object(p15card, profile, - SC_PKCS15_PRKDF, object); - } + if (!caller_supplied_id) { + struct sc_pkcs15_id iid; - if (r >= 0) { - sc_pkcs15_object_t *pub_object; + /* Caller not supplied ID, so, + * if intrinsic ID can be calculated -- overwrite the native one */ + memset(&iid, 0, sizeof(iid)); + r = select_intrinsic_id(p15card, profile, SC_PKCS15_TYPE_PUBKEY, &iid, &pubkey_args.key); + LOG_TEST_RET(ctx, r, "Select intrinsic ID error"); - r = sc_pkcs15init_store_public_key(p15card, profile, - &pubkey_args, &pub_object); + if (iid.len) + key_info->id = iid; } - if (r >= 0 && res_obj) + pubkey_args.id = key_info->id; + r = sc_pkcs15_encode_pubkey(ctx, &pubkey_args.key, &object->content.value, &object->content.len); + LOG_TEST_RET(ctx, r, "Failed to encode public key"); + + r = sc_pkcs15init_add_object(p15card, profile, SC_PKCS15_PRKDF, object); + LOG_TEST_RET(ctx, r, "Failed to add generated private key object"); + + r = sc_pkcs15init_store_public_key(p15card, profile, &pubkey_args, NULL); + LOG_TEST_RET(ctx, r, "Failed to store public key"); + + if (res_obj) *res_obj = object; sc_pkcs15_erase_pubkey(&pubkey_args.key); profile->dirty = 1; - return r; + LOG_FUNC_RETURN(ctx, r); } @@ -1415,93 +1281,84 @@ struct sc_pkcs15init_prkeyargs *keyargs, struct sc_pkcs15_object **res_obj) { + struct sc_context *ctx = p15card->card->ctx; struct sc_pkcs15_object *object; struct sc_pkcs15_prkey_info *key_info; - sc_card_t *card = p15card->card; - sc_pkcs15_prkey_t key; - int keybits, idx, r = 0; + struct sc_pkcs15_prkey key; + struct sc_pkcs15_pubkey pubkey; + int keybits, idx, r = 0; + LOG_FUNC_CALLED(ctx); /* Create a copy of the key first */ key = keyargs->key; - if ((r = prkey_fixup(p15card, &key)) < 0) - return r; - if ((keybits = prkey_bits(p15card, &key)) < 0) - return keybits; + r = prkey_fixup(p15card, &key); + LOG_TEST_RET(ctx, r, "Private key data sanity check failed"); + + keybits = prkey_bits(p15card, &key); + LOG_TEST_RET(ctx, keybits, "Invalid private key size"); /* Now check whether the card is able to handle this key */ - if (!check_key_compatibility(p15card, &key, - keyargs->x509_usage, keybits, 0)) { + if (check_key_compatibility(p15card, &key, keyargs->x509_usage, keybits, 0)) { /* Make sure the caller explicitly tells us to store - * the key non-natively. */ - if (!(keyargs->flags & SC_PKCS15INIT_EXTRACTABLE)) { - sc_error(card->ctx, "Card does not support this key."); - return SC_ERROR_INCOMPATIBLE_KEY; - } - if (!keyargs->passphrase - && !(keyargs->flags & SC_PKCS15INIT_NO_PASSPHRASE)) { - sc_error(card->ctx, - "No key encryption passphrase given."); - return SC_ERROR_PASSPHRASE_REQUIRED; - } - } - - /* Set the USER PIN reference from args */ - r = set_user_pin_from_authid(p15card, profile, &keyargs->auth_id); - if (r < 0) - return r; - - /* Set the SO PIN reference from card */ - if ((r = set_so_pin_from_card(p15card, profile)) < 0) - return r; + * the key as extractable. */ + if (!(keyargs->access_flags & SC_PKCS15_PRKEY_ACCESS_EXTRACTABLE)) + LOG_TEST_RET(ctx, SC_ERROR_INCOMPATIBLE_KEY, "Card does not support this key."); + + if (!keyargs->passphrase && !(keyargs->flags & SC_PKCS15INIT_NO_PASSPHRASE)) + LOG_TEST_RET(ctx, SC_ERROR_PASSPHRASE_REQUIRED, "No key encryption passphrase given."); + } + + /* Select a intrinsic Key ID if user didn't specify one */ + r = select_intrinsic_id(p15card, profile, SC_PKCS15_TYPE_PRKEY, &keyargs->id, &keyargs->key); + LOG_TEST_RET(ctx, r, "Get intrinsic ID error"); + + /* Make sure that private key's ID is the unique inside the PKCS#15 application */ + r = sc_pkcs15_find_prkey_by_id(p15card, &keyargs->id, NULL); + if (!r) + LOG_TEST_RET(ctx, SC_ERROR_NON_UNIQUE_ID, "Non unique ID of the private key object"); + else if (r != SC_ERROR_OBJECT_NOT_FOUND) + LOG_TEST_RET(ctx, r, "Find private key error"); /* Set up the PrKDF object */ r = sc_pkcs15init_init_prkdf(p15card, profile, keyargs, &key, keybits, &object); - if (r < 0) - return r; + LOG_TEST_RET(ctx, r, "Failed to initialize private key object"); key_info = (struct sc_pkcs15_prkey_info *) object->data; + pubkey.algorithm = key.algorithm; + pubkey.u.rsa.modulus = key.u.rsa.modulus; + pubkey.u.rsa.exponent = key.u.rsa.exponent; + + r = sc_pkcs15_encode_pubkey(ctx, &pubkey, &object->content.value, &object->content.len); + LOG_TEST_RET(ctx, r, "Failed to encode public key"); + /* Get the number of private keys already on this card */ idx = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_PRKEY, NULL, 0); - if (!(keyargs->flags & SC_PKCS15INIT_EXTRACTABLE)) { - if (profile->ops->create_key) { - /* New API */ - r = profile->ops->create_key(profile, p15card->card, object); - if (r < 0) - return r; - r = profile->ops->store_key(profile, p15card->card, - object, &key); - if (r < 0) - return r; - } else { - r = profile->ops->new_key(profile, p15card->card, - &key, idx, key_info); - if (r < 0) - return r; - } + if (!(keyargs->access_flags & SC_PKCS15_PRKEY_ACCESS_EXTRACTABLE)) { + r = profile->ops->create_key(profile, p15card, object); + LOG_TEST_RET(ctx, r, "Card specific 'create key' failed"); + + r = profile->ops->store_key(profile, p15card, object, &key); + LOG_TEST_RET(ctx, r, "Card specific 'store key' failed"); } else { - sc_pkcs15_der_t encoded, wrapped, *der = &encoded; - sc_context_t *ctx = p15card->card->ctx; + struct sc_pkcs15_der encoded, wrapped, *der = &encoded; /* DER encode the private key */ encoded.value = wrapped.value = NULL; r = sc_pkcs15_encode_prkey(ctx, &key, &encoded.value, &encoded.len); - if (r < 0) - return r; + LOG_TEST_RET(ctx, r, "Failed to encode private key"); if (keyargs->passphrase) { - r = sc_pkcs15_wrap_data(ctx, keyargs->passphrase, - der->value, der->len, + r = sc_pkcs15_wrap_data(ctx, keyargs->passphrase, der->value, der->len, &wrapped.value, &wrapped.len); if (r < 0) { free(der->value); - return r; + LOG_TEST_RET(ctx, r, "Failed to wrap private key data"); } der = &wrapped; } - r = sc_pkcs15init_store_data(p15card, profile, - object, &keyargs->id, der, &key_info->path); + r = sc_pkcs15init_store_data(p15card, profile, object, der, &key_info->path); /* If the key is encrypted, flag the PrKDF entry as * indirect-protected */ @@ -1511,86 +1368,20 @@ free(encoded.value); free(wrapped.value); - if (r < 0) - return r; + LOG_TEST_RET(ctx, r, "Failed to store private key data"); } /* Now update the PrKDF */ - r = sc_pkcs15init_add_object(p15card, profile, - SC_PKCS15_PRKDF, object); + r = sc_pkcs15init_add_object(p15card, profile, SC_PKCS15_PRKDF, object); if (r >= 0 && res_obj) *res_obj = object; profile->dirty = 1; - return r; -} - -int -sc_pkcs15init_store_split_key(struct sc_pkcs15_card *p15card, - struct sc_profile *profile, - struct sc_pkcs15init_prkeyargs *keyargs, - struct sc_pkcs15_object **prk1_obj, - struct sc_pkcs15_object **prk2_obj) -{ - unsigned int usage = keyargs->x509_usage; - int r; - - /* keyEncipherment|dataEncipherment|keyAgreement */ - keyargs->x509_usage = usage & (SC_PKCS15INIT_X509_KEY_ENCIPHERMENT | - SC_PKCS15INIT_X509_DATA_ENCIPHERMENT | - SC_PKCS15INIT_X509_KEY_AGREEMENT); - r = sc_pkcs15init_store_private_key(p15card, profile, - keyargs, prk1_obj); - - if (r >= 0) { - /* digitalSignature|nonRepudiation|certSign|cRLSign */ - keyargs->x509_usage = usage & (SC_PKCS15INIT_X509_DIGITAL_SIGNATURE | - SC_PKCS15INIT_X509_NON_REPUDIATION | - SC_PKCS15INIT_X509_KEY_CERT_SIGN | - SC_PKCS15INIT_X509_CRL_SIGN); - - /* Prevent pkcs15init from choking on duplicate ID */ - keyargs->flags |= SC_PKCS15INIT_SPLIT_KEY; - r = sc_pkcs15init_store_private_key(p15card, profile, - keyargs, prk2_obj); - } - - keyargs->x509_usage = usage; - return r; + LOG_FUNC_RETURN(ctx, r); } -/* - * Check if a given pkcs15 pubkey object can be reused - */ -static int -can_reuse_pubkey_obj(const sc_pkcs15_object_t *obj, void *data) -{ - sc_pkcs15_pubkey_info_t *key, *new_key; - sc_pkcs15_object_t *new_obj; - - new_obj = (sc_pkcs15_object_t *) data; - if (obj->type != new_obj->type) - return 0; - - key = (sc_pkcs15_pubkey_info_t *) obj->data; - new_key = (sc_pkcs15_pubkey_info_t *) new_obj->data; - if (key->modulus_length != new_key->modulus_length) - return 0; - - /* Some cards don't enforce key usage, so we might as - * well allow the user to change it on those cards. - * Not yet implemented */ - if (key->usage != new_key->usage) - return 0; - - /* Make sure the PIN is the same */ - if (!sc_pkcs15_compare_id(&obj->auth_id, &new_obj->auth_id)) - return 0; - - return 1; -} /* * Store a public key @@ -1601,18 +1392,19 @@ struct sc_pkcs15init_pubkeyargs *keyargs, struct sc_pkcs15_object **res_obj) { + struct sc_context *ctx = p15card->card->ctx; struct sc_pkcs15_object *object; struct sc_pkcs15_pubkey_info *key_info; struct sc_pkcs15_keyinfo_gostparams *keyinfo_gostparams; - sc_pkcs15_pubkey_t key; - sc_pkcs15_der_t der_encoded; - sc_path_t *path; + struct sc_pkcs15_pubkey key; + struct sc_path *path; const char *label; unsigned int keybits, type, usage; int r; - if (!res_obj || !keyargs) - return SC_ERROR_NOT_SUPPORTED; + LOG_FUNC_CALLED(ctx); + if (!keyargs) + LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Store public key aborted"); /* Create a copy of the key first */ key = keyargs->key; @@ -1620,18 +1412,24 @@ switch (key.algorithm) { case SC_ALGORITHM_RSA: keybits = sc_pkcs15init_keybits(&key.u.rsa.modulus); - type = SC_PKCS15_TYPE_PUBKEY_RSA; break; + type = SC_PKCS15_TYPE_PUBKEY_RSA; + break; #ifdef SC_PKCS15_TYPE_PUBKEY_DSA case SC_ALGORITHM_DSA: keybits = sc_pkcs15init_keybits(&key.u.dsa.q); - type = SC_PKCS15_TYPE_PUBKEY_DSA; break; + type = SC_PKCS15_TYPE_PUBKEY_DSA; + break; #endif case SC_ALGORITHM_GOSTR3410: keybits = SC_PKCS15_GOSTR3410_KEYSIZE; - type = SC_PKCS15_TYPE_PUBKEY_GOSTR3410; break; + type = SC_PKCS15_TYPE_PUBKEY_GOSTR3410; + break; + case SC_ALGORITHM_EC: + keybits = key.u.ec.params.field_length; + type = SC_PKCS15_TYPE_PUBKEY_EC; + break; default: - sc_error(p15card->card->ctx, "Unsupported key algorithm.\n"); - return SC_ERROR_NOT_SUPPORTED; + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Unsupported key algorithm."); } if ((usage = keyargs->usage) == 0) { @@ -1639,63 +1437,56 @@ if (keyargs->x509_usage) usage = sc_pkcs15init_map_usage(keyargs->x509_usage, 0); } - if ((label = keyargs->label) == NULL) + label = keyargs->label; + if (!label) label = "Public Key"; - /* Set up the pkcs15 object. If we find below that we should - * reuse an existing object, we'll dith this one. */ + /* Set up the pkcs15 object. */ object = sc_pkcs15init_new_object(type, label, &keyargs->auth_id, NULL); if (object == NULL) - return SC_ERROR_OUT_OF_MEMORY; + LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot allocate new public key object"); - key_info = (sc_pkcs15_pubkey_info_t *) object->data; + key_info = (struct sc_pkcs15_pubkey_info *) object->data; key_info->usage = usage; key_info->modulus_length = keybits; if (key.algorithm == SC_ALGORITHM_GOSTR3410) { - key_info->params_len = sizeof(*keyinfo_gostparams); + key_info->params.len = sizeof(*keyinfo_gostparams); /* FIXME: malloc() call in pkcs15init, but free() call * in libopensc (sc_pkcs15_free_prkey_info) */ - key_info->params = malloc(key_info->params_len); - if (!key_info->params) + key_info->params.data = malloc(key_info->params.len); + if (!key_info->params.data) return SC_ERROR_OUT_OF_MEMORY; - keyinfo_gostparams = key_info->params; - keyinfo_gostparams->gostr3410 = keyargs->gost_params.gostr3410; - keyinfo_gostparams->gostr3411 = keyargs->gost_params.gostr3411; - keyinfo_gostparams->gost28147 = keyargs->gost_params.gost28147; - } + keyinfo_gostparams = key_info->params.data; + keyinfo_gostparams->gostr3410 = keyargs->params.gost.gostr3410; + keyinfo_gostparams->gostr3411 = keyargs->params.gost.gostr3411; + keyinfo_gostparams->gost28147 = keyargs->params.gost.gost28147; + } + + /* Select a intrinsic Key ID if the user didn't specify one */ + r = select_intrinsic_id(p15card, profile, SC_PKCS15_TYPE_PUBKEY, &keyargs->id, &key); + LOG_TEST_RET(ctx, r, "Get intrinsic ID error"); + + /* Select a Key ID if the user didn't specify one and there is no intrinsic ID, + * otherwise make sure it's unique */ + r = select_id(p15card, SC_PKCS15_TYPE_PUBKEY, &keyargs->id); + LOG_TEST_RET(ctx, r, "Failed to select public key object ID"); + + /* Make sure that private key's ID is the unique inside the PKCS#15 application */ + r = sc_pkcs15_find_pubkey_by_id(p15card, &keyargs->id, NULL); + if (!r) + LOG_TEST_RET(ctx, SC_ERROR_NON_UNIQUE_ID, "Non unique ID of the public key object"); + else if (r != SC_ERROR_OBJECT_NOT_FOUND) + LOG_TEST_RET(ctx, r, "Find public key error"); - /* Select a Key ID if the user didn't specify one, otherwise - * make sure it's unique */ - *res_obj = NULL; - r = select_id(p15card, SC_PKCS15_TYPE_PUBKEY, &keyargs->id, - can_reuse_pubkey_obj, object, res_obj); - if (r < 0) - return r; - - /* If we reuse an existing object, update it */ - if (*res_obj) { - sc_pkcs15_free_pubkey_info(key_info); - key_info = NULL; - sc_pkcs15_free_object(object); - object = *res_obj; - - strlcpy(object->label, label, sizeof(object->label)); - } else { - key_info->id = keyargs->id; - *res_obj = object; - } + key_info->id = keyargs->id; /* DER encode public key components */ - r = sc_pkcs15_encode_pubkey(p15card->card->ctx, &key, - &der_encoded.value, &der_encoded.len); - if (r < 0) - return r; + r = sc_pkcs15_encode_pubkey(p15card->card->ctx, &key, &object->content.value, &object->content.len); + LOG_TEST_RET(ctx, r, "Encode public key error"); /* Now create key file and store key */ - r = sc_pkcs15init_store_data(p15card, profile, - object, &keyargs->id, - &der_encoded, &key_info->path); + r = sc_pkcs15init_store_data(p15card, profile, object, &object->content, &key_info->path); path = &key_info->path; if (path->count == 0) { @@ -1705,20 +1496,17 @@ /* Update the PuKDF */ if (r >= 0) - r = sc_pkcs15init_add_object(p15card, profile, - SC_PKCS15_PUKDF, object); + r = sc_pkcs15init_add_object(p15card, profile, SC_PKCS15_PUKDF, object); if (r >= 0 && res_obj) *res_obj = object; - if (der_encoded.value) - free(der_encoded.value); - profile->dirty = 1; - return r; + LOG_FUNC_RETURN(ctx, r); } + /* * Store a certificate */ @@ -1728,78 +1516,48 @@ struct sc_pkcs15init_certargs *args, struct sc_pkcs15_object **res_obj) { + struct sc_context *ctx = p15card->card->ctx; struct sc_pkcs15_cert_info *cert_info; struct sc_pkcs15_object *object; - unsigned int usage; const char *label; int r; - usage = SC_PKCS15_PRKEY_USAGE_SIGN; - if (args->x509_usage) - usage = sc_pkcs15init_map_usage(args->x509_usage, 0); - if ((label = args->label) == NULL) + LOG_FUNC_CALLED(ctx); + + label = args->label; + if (!label) label = "Certificate"; - /* Set the SO PIN reference from card */ - if ((r = set_so_pin_from_card(p15card, profile)) < 0) - return r; + r = select_intrinsic_id(p15card, profile, SC_PKCS15_TYPE_CERT_X509, &args->id, &args->der_encoded); + LOG_TEST_RET(ctx, r, "Get certificate 'intrinsic ID' error"); /* Select an ID if the user didn't specify one, otherwise * make sure it's unique */ - if ((r = select_id(p15card, SC_PKCS15_TYPE_CERT, &args->id, NULL, NULL, NULL)) < 0) - return r; - - if (profile->protect_certificates) { - /* If there is a private key corresponding to the ID given - * by the user, make sure $PIN references the pin protecting - * this key - */ - r = -1; - if (args->id.len != 0 - && sc_pkcs15_find_prkey_by_id(p15card, &args->id, &object) == 0) { - r = set_user_pin_from_authid(p15card, profile, &object->auth_id); - if (r < 0) { - sc_error(p15card->card->ctx, - "Failed to assign user pin reference " - "(copied from private key auth_id)\n"); - return r; - } - } - if (r == -1) /* User pin ref not yet set */ - set_user_pin_from_authid(p15card, profile, NULL); - } + r = select_id(p15card, SC_PKCS15_TYPE_CERT, &args->id); + LOG_TEST_RET(ctx, r, "Select certificate ID error"); object = sc_pkcs15init_new_object(SC_PKCS15_TYPE_CERT_X509, label, NULL, NULL); if (object == NULL) - return SC_ERROR_OUT_OF_MEMORY; - cert_info = (sc_pkcs15_cert_info_t *) object->data; + LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Failed to allocate certificate object"); + cert_info = (struct sc_pkcs15_cert_info *) object->data; cert_info->id = args->id; cert_info->authority = args->authority; + sc_der_copy(&object->content, &args->der_encoded); - if (profile->pkcs15.direct_certificates) { + sc_log(ctx, "Store cert(%s,ID:%s,der(%p,%i))", object->label, + sc_pkcs15_print_id(&cert_info->id), args->der_encoded.value, args->der_encoded.len); + if (profile->pkcs15.direct_certificates) sc_der_copy(&cert_info->value, &args->der_encoded); - } else { - r = sc_pkcs15init_store_data(p15card, profile, - object, &args->id, - &args->der_encoded, &cert_info->path); - } - - /* Remove the corresponding public key object, if it exists. */ - if (r >= 0 && !profile->keep_public_key) { - sc_pkcs15_object_t *puk = NULL; - - r = sc_pkcs15_find_pubkey_by_id(p15card, &cert_info->id, &puk); - if (r == 0) - r = sc_pkcs15init_remove_object(p15card, profile, puk); - else if (r == SC_ERROR_OBJECT_NOT_FOUND) - r = 0; - } + else + r = sc_pkcs15init_store_data(p15card, profile, object, &args->der_encoded, &cert_info->path); /* Now update the CDF */ - if (r >= 0) { - r = sc_pkcs15init_add_object(p15card, profile, - SC_PKCS15_CDF, object); - } else + if (r >= 0) { + r = sc_pkcs15init_add_object(p15card, profile, SC_PKCS15_CDF, object); + /* TODO: update private key PKCS#15 object with the certificate's attributes */ + } + + if (r < 0) sc_pkcs15_free_object(object); if (r >= 0 && res_obj) @@ -1807,7 +1565,7 @@ profile->dirty = 1; - return r; + LOG_FUNC_RETURN(ctx, r); } @@ -1820,6 +1578,7 @@ struct sc_pkcs15init_dataargs *args, struct sc_pkcs15_object **res_obj) { + struct sc_context *ctx = p15card->card->ctx; struct sc_pkcs15_data_info *data_object_info; struct sc_pkcs15_object *object; struct sc_pkcs15_object *objs[32]; @@ -1827,6 +1586,7 @@ int r, i; unsigned int tid = 0x01; + LOG_FUNC_CALLED(ctx); label = args->label; if (!args->id.len) { @@ -1835,12 +1595,11 @@ * have a pkcs15 id we need one here to create a unique * file id from the data file template */ r = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_DATA_OBJECT, objs, 32); - if (r < 0) - return r; + LOG_TEST_RET(ctx, r, "Get 'DATA' objects error"); + for (i = 0; i < r; i++) { - u8 cid; - struct sc_pkcs15_data_info *cinfo; - cinfo = (struct sc_pkcs15_data_info *) objs[i]->data; + unsigned char cid; + struct sc_pkcs15_data_info *cinfo = (struct sc_pkcs15_data_info *) objs[i]->data; if (!cinfo->path.len) continue; cid = cinfo->path.value[cinfo->path.len - 1]; @@ -1859,15 +1618,10 @@ return SC_ERROR_INVALID_ARGUMENTS; } - /* Set the USER PIN reference from args */ - r = set_user_pin_from_authid(p15card, profile, &args->auth_id); - if (r < 0) - return r; - object = sc_pkcs15init_new_object(SC_PKCS15_TYPE_DATA_OBJECT, label, &args->auth_id, NULL); if (object == NULL) return SC_ERROR_OUT_OF_MEMORY; - data_object_info = (sc_pkcs15_data_info_t *) object->data; + data_object_info = (struct sc_pkcs15_data_info *) object->data; if (args->app_label != NULL) { strlcpy(data_object_info->app_label, args->app_label, sizeof(data_object_info->app_label)); @@ -1877,76 +1631,139 @@ } data_object_info->app_oid = args->app_oid; - r = sc_pkcs15init_store_data(p15card, profile, - object, &args->id, &args->der_encoded, - &data_object_info->path); + r = sc_pkcs15init_store_data(p15card, profile, object, &args->der_encoded, &data_object_info->path); + LOG_TEST_RET(ctx, r, "Store 'DATA' object error"); /* Now update the DDF */ - if (r >= 0) - r = sc_pkcs15init_add_object(p15card, profile, - SC_PKCS15_DODF, object); + r = sc_pkcs15init_add_object(p15card, profile, SC_PKCS15_DODF, object); + LOG_TEST_RET(ctx, r, "'DODF' update error"); if (r >= 0 && res_obj) *res_obj = object; profile->dirty = 1; - return r; + LOG_FUNC_RETURN(ctx, r); +} + + +int +sc_pkcs15init_get_pin_reference(struct sc_pkcs15_card *p15card, + struct sc_profile *profile, unsigned auth_method, int reference) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_pin_info pinfo; + struct sc_pkcs15_object *auth_objs[0x10]; + int r, ii, nn_objs; + + LOG_FUNC_CALLED(ctx); + + /* 1. Look for the corresponding pkcs15 PIN object. */ + + /* Get all existing pkcs15 AUTH objects */ + r = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_AUTH_PIN, auth_objs, 0x10); + LOG_TEST_RET(ctx, r, "Get PKCS#15 AUTH objects error"); + nn_objs = r; + + sc_log(ctx, "found %i auth objects; looking for AUTH object(auth_method:%i,reference:%i)", + nn_objs, auth_method, reference); + for (ii=0; iidata; + + sc_log(ctx, "check PIN(%s,auth_method:%i,type:%i,reference:%i,flags:%X)", + auth_objs[ii]->label, pin_info->auth_method, pin_info->type, + pin_info->reference, pin_info->flags); + /* Find out if there is AUTH pkcs15 object with given 'type' and 'reference' */ + if (pin_info->auth_method == auth_method && pin_info->reference == reference) + LOG_FUNC_RETURN(ctx, pin_info->reference); + + if (auth_method != SC_AC_SYMBOLIC) + continue; + + /* Translate 'SYMBOLIC' PIN reference into the pkcs#15 pinAttributes.flags + * and check for the existing pkcs15 PIN object with these flags. */ + switch (reference) { + case SC_PKCS15INIT_USER_PIN: + if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) + continue; + if (pin_info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN) + continue; + break; + case SC_PKCS15INIT_SO_PIN: + if (pin_info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN) + continue; + if (!(pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN)) + continue; + break; + case SC_PKCS15INIT_USER_PUK: + if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) + continue; + if (!(pin_info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)) + continue; + break; + case SC_PKCS15INIT_SO_PUK: + if (!(pin_info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)) + continue; + if (!(pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN)) + continue; + break; + default: + LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Invalid Symbolic PIN reference"); + } + + LOG_FUNC_RETURN(ctx, pin_info->reference); + + } + + /* 2. No existing pkcs15 PIN object + * -- check if profile defines some PIN with 'reference' as PIN reference. */ + r = sc_profile_get_pin_id_by_reference(profile, auth_method, reference, &pinfo); + if (r < 0) + LOG_TEST_RET(ctx, SC_ERROR_OBJECT_NOT_FOUND, "PIN template not found"); + + LOG_FUNC_RETURN(ctx, pinfo.reference); } + static int -sc_pkcs15init_store_data(struct sc_pkcs15_card *p15card, - struct sc_profile *profile, - sc_pkcs15_object_t *object, sc_pkcs15_id_t *id, - sc_pkcs15_der_t *data, - sc_path_t *path) +sc_pkcs15init_store_data(struct sc_pkcs15_card *p15card, struct sc_profile *profile, + struct sc_pkcs15_object *object, struct sc_pkcs15_der *data, + struct sc_path *path) { + struct sc_context *ctx = p15card->card->ctx; struct sc_file *file = NULL; int r; - unsigned int idx = -1; - /* Set the SO PIN reference from card */ - if ((r = set_so_pin_from_card(p15card, profile)) < 0) - return r; + LOG_FUNC_CALLED(ctx); - if (profile->ops->new_file == NULL) { - /* New API */ - r = select_object_path(p15card, profile, - object, id, - path); - if (r < 0) - return r; + if (profile->ops->emu_store_data) { + r = profile->ops->emu_store_data(p15card, profile, object, data, path); + if (r == SC_SUCCESS || r != SC_ERROR_NOT_IMPLEMENTED) + LOG_FUNC_RETURN(ctx, r); + } - r = sc_profile_get_file_by_path(profile, path, &file); - if (r < 0) - return r; - } else { + r = select_object_path(p15card, profile, object, path); + LOG_TEST_RET(ctx, r, "Failed to select object path"); + + r = sc_profile_get_file_by_path(profile, path, &file); + LOG_TEST_RET(ctx, r, "Failed to get file by path"); - /* Get the number of objects of this type already on this card */ - idx = sc_pkcs15_get_objects(p15card, - object->type & SC_PKCS15_TYPE_CLASS_MASK, - NULL, 0); - - /* Allocate data file */ - r = profile->ops->new_file(profile, p15card->card, - object->type, idx, &file); - if (r < 0) { - sc_error(p15card->card->ctx, "Unable to allocate file"); - goto done; - } - } if (file->path.count == 0) { file->path.index = 0; file->path.count = -1; } - r = sc_pkcs15init_update_file(profile, p15card->card, - file, data->value, data->len); + + r = sc_pkcs15init_delete_by_path(profile, p15card, &file->path); + if (r && r != SC_ERROR_FILE_NOT_FOUND) + LOG_TEST_RET(ctx, r, "Cannot delete file"); + + r = sc_pkcs15init_update_file(profile, p15card, file, data->value, data->len); *path = file->path; -done: if (file) + if (file) sc_file_free(file); - return r; + LOG_FUNC_RETURN(ctx, r); } /* @@ -1983,6 +1800,7 @@ SC_PKCS15_PRKEY_USAGE_VERIFY | SC_PKCS15_PRKEY_USAGE_VERIFYRECOVER } }; + static int sc_pkcs15init_map_usage(unsigned long x509_usage, int _private) { @@ -1998,150 +1816,117 @@ return p15_usage; } + /* * Compute modulus length */ -static size_t sc_pkcs15init_keybits(sc_pkcs15_bignum_t *bn) +static size_t +sc_pkcs15init_keybits(struct sc_pkcs15_bignum *bn) { unsigned int mask, bits; if (!bn || !bn->len) return 0; bits = bn->len << 3; - for (mask = 0x80; !(bn->data[0] & mask); mask >>= 1) + for (mask = 0x80; mask && !(bn->data[0] & mask); mask >>= 1) bits--; return bits; } + /* - * Check if the key size is supported. + * Check consistency of the key parameters. */ -static int check_key_size(sc_card_t *card, unsigned int alg, - unsigned int bits) -{ - int i; +static int +check_keygen_params_consistency(struct sc_card *card, struct sc_pkcs15init_keygen_args *params, + unsigned int keybits, unsigned int *out_keybits) +{ + struct sc_context *ctx = card->ctx; + unsigned int alg = params->prkey_args.key.algorithm; + int i, rv; + + if (alg == SC_ALGORITHM_EC) { + struct sc_pkcs15_ec_parameters *ecparams = ¶ms->prkey_args.params.ec; + + rv = sc_pkcs15_fix_ec_parameters(ctx, ecparams); + LOG_TEST_RET(ctx, rv, "Cannot fix EC parameters"); + + sc_log(ctx, "EC parameters: %s", sc_dump_hex(ecparams->der.value, ecparams->der.len)); + if (keybits) + keybits = ecparams->field_length; + } + + if (out_keybits) + *out_keybits = keybits; for (i = 0; i < card->algorithm_count; i++) { - sc_algorithm_info_t *info = &card->algorithms[i]; + struct sc_algorithm_info *info = &card->algorithms[i]; if (info->algorithm != alg) continue; - if (info->key_length != bits) + + if (info->key_length != keybits) continue; - return SC_SUCCESS; + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); } - return SC_ERROR_NOT_SUPPORTED; + + LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED); } + /* * Check whether the card has native crypto support for this key. */ static int -__check_key_compatibility(struct sc_pkcs15_card *p15card, - struct sc_pkcs15_prkey *key, - unsigned int x509_usage, - unsigned int key_length, - unsigned int flags) +check_key_compatibility(struct sc_pkcs15_card *p15card, struct sc_pkcs15_prkey *key, + unsigned int x509_usage, unsigned int key_length, unsigned int flags) { - sc_algorithm_info_t *info; + struct sc_algorithm_info *info; unsigned int count; - int bad_usage = 0; count = p15card->card->algorithm_count; for (info = p15card->card->algorithms; count--; info++) { - /* XXX: check for equality, or <= ? */ - if (info->algorithm != key->algorithm - || info->key_length != key_length - || (info->flags & flags) != flags) + if (info->algorithm != key->algorithm || info->key_length != key_length || (info->flags & flags) != flags) continue; - if (key->algorithm == SC_ALGORITHM_RSA - && info->u._rsa.exponent != 0 - && key->u.rsa.exponent.len != 0) { - sc_pkcs15_bignum_t *e = &key->u.rsa.exponent; - unsigned long exponent = 0; - unsigned int n; - if (e->len > 4) - continue; - for (n = 0; n < e->len; n++) { - exponent <<= 8; - exponent |= e->data[n]; - } - if (info->u._rsa.exponent != exponent) - continue; - } + if (key->algorithm == SC_ALGORITHM_RSA) { + if (info->u._rsa.exponent != 0 && key->u.rsa.exponent.len != 0) { + struct sc_pkcs15_bignum *e = &key->u.rsa.exponent; + unsigned long exponent = 0; + unsigned int n; - /* Some cards will not support keys to do - * both sign/decrypt. - * For the convenience of the user, catch these - * here. */ - if (info->flags & SC_ALGORITHM_NEED_USAGE) { - unsigned int usage; - - usage = sc_pkcs15init_map_usage(x509_usage, 1); - if ((usage & (SC_PKCS15_PRKEY_USAGE_UNWRAP - |SC_PKCS15_PRKEY_USAGE_DECRYPT)) - && (usage & SC_PKCS15_PRKEY_USAGE_SIGN)) { - bad_usage = 1; - continue; + if (e->len > 4) + continue; + for (n = 0; n < e->len; n++) { + exponent <<= 8; + exponent |= e->data[n]; + } + if (info->u._rsa.exponent != exponent) + continue; } } - return 1; - } - - return bad_usage? -1 : 0; -} - -static int -check_key_compatibility(struct sc_pkcs15_card *p15card, - struct sc_pkcs15_prkey *key, - unsigned int x509_usage, - unsigned int key_length, - unsigned int flags) -{ - int res; + else if (key->algorithm == SC_ALGORITHM_EC) { + } - res = __check_key_compatibility(p15card, key, - x509_usage, key_length, flags); - if (res < 0) { - sc_error(p15card->card->ctx, - "This device requires that keys have a " - "specific key usage.\n" - "Keys can be used for either signature or decryption, " - "but not both.\n" - "Please specify a key usage.\n"); - res = 0; + return SC_SUCCESS; } - return res; -} - -int -sc_pkcs15init_requires_restrictive_usage(struct sc_pkcs15_card *p15card, - struct sc_pkcs15init_prkeyargs *keyargs, - unsigned int key_length) -{ - int res; - if (key_length == 0) - key_length = prkey_bits(p15card, &keyargs->key); - - res = __check_key_compatibility(p15card, &keyargs->key, - keyargs->x509_usage, - key_length, 0); - return res < 0; + return SC_ERROR_OBJECT_NOT_VALID; } + /* * Check RSA key for consistency, and compute missing * CRT elements */ static int -prkey_fixup_rsa(sc_pkcs15_card_t *p15card, struct sc_pkcs15_prkey_rsa *key) +prkey_fixup_rsa(struct sc_pkcs15_card *p15card, struct sc_pkcs15_prkey_rsa *key) { - if (!key->modulus.len || !key->exponent.len - || !key->d.len || !key->p.len || !key->q.len) { - sc_error(p15card->card->ctx, - "Missing private RSA coefficient"); + struct sc_context *ctx = p15card->card->ctx; + + if (!key->modulus.len || !key->exponent.len || !key->d.len || !key->p.len || !key->q.len) { + sc_log(ctx, "Missing private RSA coefficient"); return SC_ERROR_INVALID_ARGUMENTS; } @@ -2162,8 +1947,8 @@ if (!key->dmp1.len || !key->dmq1.len || !key->iqmp.len) { static u8 dmp1[256], dmq1[256], iqmp[256]; RSA *rsa; - BIGNUM *aux = BN_new(); - BN_CTX *ctx = BN_CTX_new(); + BIGNUM *aux; + BN_CTX *bn_ctx; rsa = RSA_new(); rsa->n = BN_bin2bn(key->modulus.data, key->modulus.len, NULL); @@ -2179,18 +1964,18 @@ rsa->iqmp = BN_new(); aux = BN_new(); - ctx = BN_CTX_new(); + bn_ctx = BN_CTX_new(); BN_sub(aux, rsa->q, BN_value_one()); - BN_mod(rsa->dmq1, rsa->d, aux, ctx); + BN_mod(rsa->dmq1, rsa->d, aux, bn_ctx); BN_sub(aux, rsa->p, BN_value_one()); - BN_mod(rsa->dmp1, rsa->d, aux, ctx); + BN_mod(rsa->dmp1, rsa->d, aux, bn_ctx); - BN_mod_inverse(rsa->iqmp, rsa->q, rsa->p, ctx); + BN_mod_inverse(rsa->iqmp, rsa->q, rsa->p, bn_ctx); BN_clear_free(aux); - BN_CTX_free(ctx); + BN_CTX_free(bn_ctx); /* Not thread safe, but much better than a memory leak */ GETBN(key->dmp1, rsa->dmp1, dmp1); @@ -2203,8 +1988,9 @@ return 0; } + static int -prkey_fixup(sc_pkcs15_card_t *p15card, sc_pkcs15_prkey_t *key) +prkey_fixup(struct sc_pkcs15_card *p15card, struct sc_pkcs15_prkey *key) { switch (key->algorithm) { case SC_ALGORITHM_RSA: @@ -2217,30 +2003,34 @@ return 0; } + static int -prkey_bits(sc_pkcs15_card_t *p15card, sc_pkcs15_prkey_t *key) +prkey_bits(struct sc_pkcs15_card *p15card, struct sc_pkcs15_prkey *key) { + struct sc_context *ctx = p15card->card->ctx; + switch (key->algorithm) { case SC_ALGORITHM_RSA: return sc_pkcs15init_keybits(&key->u.rsa.modulus); case SC_ALGORITHM_DSA: return sc_pkcs15init_keybits(&key->u.dsa.q); case SC_ALGORITHM_GOSTR3410: - if (sc_pkcs15init_keybits(&key->u.gostr3410.d) - > SC_PKCS15_GOSTR3410_KEYSIZE) { - sc_error(p15card->card->ctx, "Unsupported key (keybits %u)\n", - sc_pkcs15init_keybits(&key->u.gostr3410.d)); + if (sc_pkcs15init_keybits(&key->u.gostr3410.d) > SC_PKCS15_GOSTR3410_KEYSIZE) { + sc_log(ctx, "Unsupported key (keybits %u)", sc_pkcs15init_keybits(&key->u.gostr3410.d)); return SC_ERROR_OBJECT_NOT_VALID; } return SC_PKCS15_GOSTR3410_KEYSIZE; } - sc_error(p15card->card->ctx, "Unsupported key algorithm.\n"); + sc_log(ctx, "Unsupported key algorithm."); return SC_ERROR_NOT_SUPPORTED; } + static int -prkey_pkcs15_algo(sc_pkcs15_card_t *p15card, sc_pkcs15_prkey_t *key) +prkey_pkcs15_algo(struct sc_pkcs15_card *p15card, struct sc_pkcs15_prkey *key) { + struct sc_context *ctx = p15card->card->ctx; + switch (key->algorithm) { case SC_ALGORITHM_RSA: return SC_PKCS15_TYPE_PRKEY_RSA; @@ -2248,11 +2038,14 @@ return SC_PKCS15_TYPE_PRKEY_DSA; case SC_ALGORITHM_GOSTR3410: return SC_PKCS15_TYPE_PRKEY_GOSTR3410; + case SC_ALGORITHM_EC: + return SC_PKCS15_TYPE_PRKEY_EC; } - sc_error(p15card->card->ctx, "Unsupported key algorithm.\n"); + sc_log(ctx, "Unsupported key algorithm."); return SC_ERROR_NOT_SUPPORTED; } + static struct sc_pkcs15_df * find_df_by_type(struct sc_pkcs15_card *p15card, unsigned int type) { @@ -2263,30 +2056,123 @@ return df; } -static int select_id(sc_pkcs15_card_t *p15card, int type, sc_pkcs15_id_t *id, - int (*can_reuse)(const sc_pkcs15_object_t *, void *), - void *data, sc_pkcs15_object_t **reuse_obj) + +static int +select_intrinsic_id(struct sc_pkcs15_card *p15card, struct sc_profile *profile, + int type, struct sc_pkcs15_id *id, void *data) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_pubkey *pubkey = NULL; + unsigned id_style = profile->id_style; + int rv, allocated = 0; + + LOG_FUNC_CALLED(ctx); +#ifndef ENABLE_OPENSSL + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +#else + /* ID already exists */ + if (id->len) + LOG_FUNC_RETURN(ctx, SC_SUCCESS); + + /* Native ID style is not an intrisic one */ + if (profile->id_style == SC_PKCS15INIT_ID_STYLE_NATIVE) + LOG_FUNC_RETURN(ctx, SC_SUCCESS); + + /* Get PKCS15 public key */ + switch(type) { + case SC_PKCS15_TYPE_CERT_X509: + rv = sc_pkcs15_pubkey_from_cert(ctx, (struct sc_pkcs15_der *)data, &pubkey); + LOG_TEST_RET(ctx, rv, "X509 parse error"); + + allocated = 1; + break; + case SC_PKCS15_TYPE_PRKEY: + rv = sc_pkcs15_pubkey_from_prvkey(ctx, (struct sc_pkcs15_prkey *)data, &pubkey); + LOG_TEST_RET(ctx, rv, "Cannot get public key"); + + allocated = 1; + break; + case SC_PKCS15_TYPE_PUBKEY: + pubkey = (struct sc_pkcs15_pubkey *)data; + + allocated = 0; + break; + default: + sc_log(ctx, "Intrinsic ID is not implemented for the object type 0x%X", type); + LOG_FUNC_RETURN(ctx, SC_SUCCESS); + } + + /* Skip silently if key is not inintialized. */ + if (pubkey->algorithm == SC_ALGORITHM_RSA && !pubkey->u.rsa.modulus.len) + goto done; + else if (pubkey->algorithm == SC_ALGORITHM_DSA && !pubkey->u.dsa.pub.data) + goto done; + else if (pubkey->algorithm == SC_ALGORITHM_GOSTR3410 && + !pubkey->u.gostr3410.xy.data) + goto done; + + /* In Mozilla 'GOST R 34.10' is not yet supported. + * So, switch to the ID recommended by RFC2459 */ + if (pubkey->algorithm == SC_ALGORITHM_GOSTR3410 && id_style == SC_PKCS15INIT_ID_STYLE_MOZILLA) + id_style = SC_PKCS15INIT_ID_STYLE_RFC2459; + + if (id_style == SC_PKCS15INIT_ID_STYLE_MOZILLA) { + if (pubkey->algorithm == SC_ALGORITHM_RSA) + SHA1(pubkey->u.rsa.modulus.data, pubkey->u.rsa.modulus.len, id->value); + else if (pubkey->algorithm == SC_ALGORITHM_DSA) + SHA1(pubkey->u.dsa.pub.data, pubkey->u.dsa.pub.len, id->value); + else if (pubkey->algorithm == SC_ALGORITHM_EC) + SHA1(pubkey->u.ec.ecpointQ.value, pubkey->u.ec.ecpointQ.len, id->value); + else + goto done; + + id->len = SHA_DIGEST_LENGTH; + } + else if (id_style == SC_PKCS15INIT_ID_STYLE_RFC2459) { + unsigned char *id_data = NULL; + size_t id_data_len = 0; + + rv = sc_pkcs15_encode_pubkey(ctx, pubkey, &id_data, &id_data_len); + LOG_TEST_RET(ctx, rv, "Encoding public key error"); + + if (!id_data || !id_data_len) + LOG_TEST_RET(ctx, SC_ERROR_INTERNAL, "Encoding public key error"); + + SHA1(id_data, id_data_len, id->value); + id->len = SHA_DIGEST_LENGTH; + + free(id_data); + } + else { + sc_log(ctx, "Unsupported ID style: %i", profile->id_style); + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Non supported ID style"); + } + +done: + if (allocated) + sc_pkcs15_free_pubkey(pubkey); + + LOG_FUNC_RETURN(ctx, id->len); +#endif +} + + +static int +select_id(struct sc_pkcs15_card *p15card, int type, struct sc_pkcs15_id *id) { - unsigned int nid = DEFAULT_ID; - sc_pkcs15_id_t unused_id; + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_id unused_id; struct sc_pkcs15_object *obj; + unsigned int nid = DEFAULT_ID; int r; - if (reuse_obj) - *reuse_obj = NULL; - + LOG_FUNC_CALLED(ctx); /* If the user provided an ID, make sure we can use it */ if (id->len != 0) { r = sc_pkcs15_find_object_by_id(p15card, type, id, &obj); if (r == SC_ERROR_OBJECT_NOT_FOUND) - return 0; - if (strcmp(obj->label, "deleted")) - return SC_ERROR_ID_NOT_UNIQUE; - if (can_reuse != NULL && !can_reuse(obj, data)) - return SC_ERROR_INCOMPATIBLE_OBJECT; - if (reuse_obj) - *reuse_obj = obj; - return 0; + r = 0; + LOG_FUNC_RETURN(ctx, r); } memset(&unused_id, 0, sizeof(unused_id)); @@ -2301,17 +2187,13 @@ * sure there's no conflicting pubkey or cert * object either. */ if (type == SC_PKCS15_TYPE_PRKEY) { - sc_pkcs15_search_key_t search_key; + struct sc_pkcs15_search_key search_key; memset(&search_key, 0, sizeof(search_key)); - search_key.class_mask = - SC_PKCS15_SEARCH_CLASS_PUBKEY | - SC_PKCS15_SEARCH_CLASS_CERT; + search_key.class_mask = SC_PKCS15_SEARCH_CLASS_PUBKEY | SC_PKCS15_SEARCH_CLASS_CERT; search_key.id = id; - r = sc_pkcs15_search_objects(p15card, - &search_key, - NULL, 0); + r = sc_pkcs15_search_objects(p15card, &search_key, NULL, 0); /* If there is a pubkey or cert with * this ID, skip it. */ if (r > 0) @@ -2321,24 +2203,17 @@ unused_id = *id; continue; } - - /* Check if we can reuse a deleted object */ - if (!strcmp(obj->label, "deleted") - && (can_reuse == NULL || can_reuse(obj, data))) { - if (reuse_obj) - *reuse_obj = obj; - return 0; - } } if (unused_id.len) { *id = unused_id; - return 0; + LOG_FUNC_RETURN(ctx, 0); } - return SC_ERROR_TOO_MANY_OBJECTS; + LOG_FUNC_RETURN(ctx, SC_ERROR_TOO_MANY_OBJECTS); } + /* * Select a path for a new object * 1. If the object is to be protected by a PIN, use the path @@ -2351,68 +2226,147 @@ * look for a file corresponding to the type of object we * wish to create ("private-key", "public-key" etc). */ -static int select_object_path(sc_pkcs15_card_t *p15card, sc_profile_t *profile, - sc_pkcs15_object_t *obj, sc_pkcs15_id_t *obj_id, - sc_path_t *path) +static const char * +get_template_name_from_object (struct sc_pkcs15_object *obj) +{ + switch (obj->type & SC_PKCS15_TYPE_CLASS_MASK) { + case SC_PKCS15_TYPE_PRKEY: + return "private-key"; + case SC_PKCS15_TYPE_PUBKEY: + return "public-key"; + case SC_PKCS15_TYPE_CERT: + return "certificate"; + case SC_PKCS15_TYPE_DATA_OBJECT: + if (obj->flags & SC_PKCS15_CO_FLAG_PRIVATE) + return "privdata"; + else + return "data"; + } + + return NULL; +} + + +static int +get_object_path_from_object (struct sc_pkcs15_object *obj, + struct sc_path *ret_path) { - sc_file_t *file; + if (!ret_path) + return SC_ERROR_INVALID_ARGUMENTS; + + memset(ret_path, 0, sizeof(struct sc_path)); + + switch(obj->type & SC_PKCS15_TYPE_CLASS_MASK) { + case SC_PKCS15_TYPE_PRKEY: + *ret_path = ((struct sc_pkcs15_prkey_info *)obj->data)->path; + return SC_SUCCESS; + case SC_PKCS15_TYPE_PUBKEY: + *ret_path = ((struct sc_pkcs15_pubkey_info *)obj->data)->path; + return SC_SUCCESS; + case SC_PKCS15_TYPE_CERT: + *ret_path = ((struct sc_pkcs15_cert_info *)obj->data)->path; + return SC_SUCCESS; + case SC_PKCS15_TYPE_DATA_OBJECT: + *ret_path = ((struct sc_pkcs15_data_info *)obj->data)->path; + return SC_SUCCESS; + case SC_PKCS15_TYPE_AUTH: + *ret_path = ((struct sc_pkcs15_pin_info *)obj->data)->path; + return SC_SUCCESS; + } + return SC_ERROR_NOT_SUPPORTED; +} + + +static int +select_object_path(struct sc_pkcs15_card *p15card, struct sc_profile *profile, + struct sc_pkcs15_object *obj, struct sc_path *path) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_file *file; + struct sc_pkcs15_object *objs[32]; + struct sc_pkcs15_id indx_id; + struct sc_path obj_path; + int ii, r, nn_objs, indx; const char *name; - int r; - char pbuf[SC_MAX_PATH_STRING_SIZE]; + + LOG_FUNC_CALLED(ctx); + r = sc_pkcs15_get_objects(p15card, obj->type & SC_PKCS15_TYPE_CLASS_MASK, + objs, sizeof(objs)/sizeof(objs[0])); + LOG_TEST_RET(ctx, r, "Get PKCS#15 objects error"); + nn_objs = r; /* For cards with a pin-domain profile, we need - * to put the key below the DF of the specified PIN */ + * to put the key below the DF of the specified PIN + */ memset(path, 0, sizeof(*path)); if (obj->auth_id.len && profile->pin_domains != 0) { r = sc_pkcs15init_get_pin_path(p15card, &obj->auth_id, path); - if (r < 0) - return r; - } else { + LOG_TEST_RET(ctx, r, "Cannot get PIN path"); + } + else { *path = profile->df_info->file->path; } /* If the profile specifies a key directory template, * instantiate it now and create the DF */ - switch (obj->type & SC_PKCS15_TYPE_CLASS_MASK) { - case SC_PKCS15_TYPE_PRKEY: - name = "private-key"; - break; - case SC_PKCS15_TYPE_PUBKEY: - name = "public-key"; - break; - case SC_PKCS15_TYPE_CERT: - name = "certificate"; - break; - case SC_PKCS15_TYPE_DATA_OBJECT: - if (obj->flags & SC_PKCS15_CO_FLAG_PRIVATE) - name = "privdata"; - else - name = "data"; - break; - default: - return 0; - } - - r = sc_path_print(pbuf, sizeof(pbuf), path); - if (r != SC_SUCCESS) - pbuf[0] = '\0'; - - sc_debug(p15card->card->ctx, - "key-domain.%s @%s (auth_id.len=%d)\n", - name, pbuf, obj->auth_id.len); - r = sc_profile_instantiate_template(profile, - "key-domain", path, - name, obj_id, &file); - if (r < 0) { + name = get_template_name_from_object (obj); + if (!name) + LOG_FUNC_RETURN(ctx, SC_SUCCESS); + + sc_log(ctx, "key-domain.%s @%s (auth_id.len=%d)", name, sc_print_path(path), obj->auth_id.len); + + indx_id.len = 1; + for (indx = TEMPLATE_INSTANTIATE_MIN_INDEX; indx <= TEMPLATE_INSTANTIATE_MAX_INDEX; indx++) { + indx_id.value[0] = indx; + r = sc_profile_instantiate_template(profile, "key-domain", path, name, &indx_id, &file); + if (r == SC_ERROR_TEMPLATE_NOT_FOUND) { + /* No template in 'key-domain' -- try to instantiate the template-'object name' + * outside of the 'key-domain' scope. */ + char t_name[0x40]; + + snprintf(t_name, sizeof(t_name), "template-%s", name); + sc_log(ctx, "get instance %i of '%s'", indx, t_name); + r = sc_profile_get_file_instance(profile, t_name, indx, &file); + } if (r == SC_ERROR_TEMPLATE_NOT_FOUND) - return 0; - return r; + LOG_FUNC_RETURN(ctx, SC_SUCCESS); + LOG_TEST_RET(ctx, r, "Template instantiation error"); + + if (file->type == SC_FILE_TYPE_BSO) + break; + + sc_log(ctx, "instantiated template path %s", sc_print_path(&file->path)); + for (ii=0; iipath.len) + break; + + if (!memcmp(obj_path.value, file->path.value, obj_path.len)) + break; + } + + if (ii==nn_objs) + break; + + if (obj_path.len != file->path.len) + break; + + sc_file_free(file); + + indx_id.value[0] += 1; } + if (indx > TEMPLATE_INSTANTIATE_MAX_INDEX) + LOG_TEST_RET(ctx, SC_ERROR_TOO_MANY_OBJECTS, "Template instantiation error"); + *path = file->path; sc_file_free(file); - return 0; + + sc_log(ctx, "returns object path '%s'", sc_print_path(path)); + LOG_FUNC_RETURN(ctx, SC_SUCCESS); } /* @@ -2421,26 +2375,33 @@ static int sc_pkcs15init_update_dir(struct sc_pkcs15_card *p15card, struct sc_profile *profile, - sc_app_info_t *app) + struct sc_app_info *app) { - sc_card_t *card = p15card->card; - int r, retry = 1; + struct sc_context *ctx = p15card->card->ctx; + struct sc_card *card = p15card->card; + int r, retry = 1; + + LOG_FUNC_CALLED(ctx); + if (profile->ops->emu_update_dir) { + r = profile->ops->emu_update_dir(profile, p15card, app); + LOG_FUNC_RETURN(ctx, r); + } do { struct sc_file *dir_file; struct sc_path path; - sc_ctx_suppress_errors_on(card->ctx); r = sc_enum_apps(card); - sc_ctx_suppress_errors_off(card->ctx); - if (r != SC_ERROR_FILE_NOT_FOUND) break; + /* DIR file is not yet created. */ sc_format_path("3F002F00", &path); - if (sc_profile_get_file_by_path(profile, &path, &dir_file) < 0) - return r; - r = sc_pkcs15init_update_file(profile, card, dir_file, NULL, 0); + r = sc_profile_get_file_by_path(profile, &path, &dir_file); + LOG_TEST_RET(ctx, r, "DIR file not defined in profile"); + + /* Create DIR file */ + r = sc_pkcs15init_update_file(profile, p15card, dir_file, NULL, 0); sc_file_free(dir_file); } while (retry--); @@ -2448,10 +2409,12 @@ card->app[card->app_count++] = app; r = sc_update_dir(card, NULL); } - return r; + LOG_FUNC_RETURN(ctx, r); } -static char *get_generalized_time(sc_context_t *ctx) + +static char * +get_generalized_time(struct sc_context *ctx) { #ifdef HAVE_GETTIMEOFDAY struct timeval tv; @@ -2469,19 +2432,19 @@ #endif tm_time = gmtime(&t); if (tm_time == NULL) { - sc_error(ctx, "error: gmtime failed\n"); + sc_log(ctx, "error: gmtime failed"); return NULL; } ret = calloc(1, 16); if (ret == NULL) { - sc_error(ctx, "error: calloc failed\n"); + sc_log(ctx, "error: calloc failed"); return NULL; } /* print time in generalized time format */ r = strftime(ret, 16, "%Y%m%d%H%M%SZ", tm_time); if (r == 0) { - sc_error(ctx, "error: strftime failed\n"); + sc_log(ctx, "error: strftime failed"); free(ret); return NULL; } @@ -2489,36 +2452,32 @@ return ret; } -static int sc_pkcs15init_update_tokeninfo(struct sc_pkcs15_card *p15card, + +static int +sc_pkcs15init_update_tokeninfo(struct sc_pkcs15_card *p15card, struct sc_profile *profile) { struct sc_card *card = p15card->card; - sc_pkcs15_tokeninfo_t tokeninfo; - u8 *buf = NULL; + struct sc_pkcs15_tokeninfo tokeninfo; + unsigned char *buf = NULL; size_t size; int r; /* set lastUpdate field */ - if (p15card->last_update != NULL) - free(p15card->last_update); - p15card->last_update = get_generalized_time(card->ctx); - if (p15card->last_update == NULL) + if (p15card->tokeninfo->last_update != NULL) + free(p15card->tokeninfo->last_update); + p15card->tokeninfo->last_update = get_generalized_time(card->ctx); + if (p15card->tokeninfo->last_update == NULL) return SC_ERROR_INTERNAL; - /* create a temporary tokeninfo structure */ - tokeninfo.version = p15card->version; - /* ugly opensc hack, we use the some high flags internaly */ - tokeninfo.flags = p15card->flags & 0xffffff; - tokeninfo.label = p15card->label; - tokeninfo.serial_number = p15card->serial_number; - tokeninfo.manufacturer_id = p15card->manufacturer_id; - tokeninfo.last_update = p15card->last_update; - tokeninfo.preferred_language = p15card->preferred_language; + tokeninfo = *(p15card->tokeninfo); + + if (profile->ops->emu_update_tokeninfo) + return profile->ops->emu_update_tokeninfo(profile, p15card, &tokeninfo); r = sc_pkcs15_encode_tokeninfo(card->ctx, &tokeninfo, &buf, &size); if (r >= 0) - r = sc_pkcs15init_update_file(profile, card, - p15card->file_tokeninfo, buf, size); + r = sc_pkcs15init_update_file(profile, p15card, p15card->file_tokeninfo, buf, size); if (buf) free(buf); return r; @@ -2528,58 +2487,45 @@ sc_pkcs15init_update_odf(struct sc_pkcs15_card *p15card, struct sc_profile *profile) { - struct sc_card *card = p15card->card; - u8 *buf = NULL; + struct sc_context *ctx = p15card->card->ctx; + unsigned char *buf = NULL; size_t size; int r; - sc_debug(card->ctx, "called\n"); - r = sc_pkcs15_encode_odf(card->ctx, p15card, &buf, &size); + LOG_FUNC_CALLED(ctx); + r = sc_pkcs15_encode_odf(ctx, p15card, &buf, &size); if (r >= 0) - r = sc_pkcs15init_update_file(profile, card, + r = sc_pkcs15init_update_file(profile, p15card, p15card->file_odf, buf, size); if (buf) free(buf); - return r; + LOG_FUNC_RETURN(ctx, r); } /* * Update any PKCS15 DF file (except ODF and DIR) */ int -sc_pkcs15init_update_any_df(sc_pkcs15_card_t *p15card, - sc_profile_t *profile, - sc_pkcs15_df_t *df, +sc_pkcs15init_update_any_df(struct sc_pkcs15_card *p15card, + struct sc_profile *profile, + struct sc_pkcs15_df *df, int is_new) { + struct sc_context *ctx = p15card->card->ctx; struct sc_card *card = p15card->card; - sc_file_t *file = df->file, *pfile = NULL; - u8 *buf = NULL; + struct sc_file *file = NULL; + unsigned char *buf = NULL; size_t bufsize; int update_odf = is_new, r = 0; - if (!sc_profile_get_file_by_path(profile, &df->path, &pfile)) - file = pfile; + LOG_FUNC_CALLED(ctx); + sc_profile_get_file_by_path(profile, &df->path, &file); + if (file == NULL) + sc_select_file(card, &df->path, &file); r = sc_pkcs15_encode_df(card->ctx, p15card, df, &buf, &bufsize); if (r >= 0) { - r = sc_pkcs15init_update_file(profile, card, - file, buf, bufsize); - -#if 0 - /* If the DF is empty, delete it and remove - * the corresponding entry from the ODF - * - * XXX Before enabling this we should make this a - * profile option, because not all cards allow - * arbitrary removal of files. - */ - if (bufsize == 0) { - sc_pkcs15_remove_df(p15card, df); - sc_file_free(card, df->path); - update_odf = 1; - } else -#endif + r = sc_pkcs15init_update_file(profile, p15card, file, buf, bufsize); /* For better performance and robustness, we want * to note which portion of the file actually @@ -2597,44 +2543,42 @@ } free(buf); } - if (pfile) - sc_file_free(pfile); + if (file) + sc_file_free(file); + + LOG_TEST_RET(ctx, r, "Failed to encode or update xDF"); /* Now update the ODF if we have to */ - if (r >= 0 && update_odf) + if (update_odf) r = sc_pkcs15init_update_odf(p15card, profile); + LOG_TEST_RET(ctx, r, "Failed to encode or update ODF"); - return r; + LOG_FUNC_RETURN(ctx, r); } /* * Add an object to one of the pkcs15 directory files. */ -static int -sc_pkcs15init_add_object(struct sc_pkcs15_card *p15card, - struct sc_profile *profile, - unsigned int df_type, - struct sc_pkcs15_object *object) +int +sc_pkcs15init_add_object(struct sc_pkcs15_card *p15card, struct sc_profile *profile, + unsigned int df_type, struct sc_pkcs15_object *object) { + struct sc_context *ctx = p15card->card->ctx; struct sc_pkcs15_df *df; - struct sc_card *card = p15card->card; - struct sc_file *file = NULL; - int is_new = 0, r = 0; + int is_new = 0, r = 0, object_added = 0; - sc_debug(card->ctx, "called, DF %u obj %p\n", df_type, object); + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "add object %p to DF of type %u", object, df_type); df = find_df_by_type(p15card, df_type); - if (df != NULL) { - file = df->file; - } else { + if (df == NULL) { + struct sc_file *file; file = profile->df[df_type]; if (file == NULL) { - sc_error(card->ctx, - "Profile doesn't define a DF file %u", - df_type); - return SC_ERROR_NOT_SUPPORTED; + sc_log(ctx, "Profile doesn't define a DF file %u", df_type); + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "DF not found in profile"); } - sc_pkcs15_add_df(p15card, df_type, &file->path, file); + sc_pkcs15_add_df(p15card, df_type, &file->path); df = find_df_by_type(p15card, df_type); assert(df != NULL); is_new = 1; @@ -2645,105 +2589,37 @@ } if (object == NULL) { - /* Add nothing; just instantiate this directory file */ + sc_log(ctx, "Add nothing; just instantiate this directory file"); } else if (object->df == NULL) { + sc_log(ctx, "Append object"); object->df = df; - r = sc_pkcs15_add_object(p15card, object); - if (r < 0) - return r; + r = sc_pkcs15_add_object(p15card, object); + LOG_TEST_RET(ctx, r, "Failed to add pkcs15 object"); + object_added = 1; } else { - /* Reused an existing object */ + sc_log(ctx, "Reuse existing object"); assert(object->df == df); } - return sc_pkcs15init_update_any_df(p15card, profile, df, is_new); -#if 0 - if (!sc_profile_get_file_by_path(profile, &df->path, &pfile)) - file = pfile; - - r = sc_pkcs15_encode_df(card->ctx, p15card, df, &buf, &bufsize); - if (r >= 0) { - r = sc_pkcs15init_update_file(profile, card, - file, buf, bufsize); - /* For better performance and robustness, we want - * to note which portion of the file actually - * contains valid data. - * - * This is particularly useful if we store certificates - * directly in the CDF - we may want to make the CDF - * fairly big, without having to read the entire file - * every time we parse the CDF. - */ - if (profile->pkcs15.encode_df_length) { - df->path.count = bufsize; - df->path.index = 0; - update_odf = 1; - } - free(buf); - } - if (pfile) - sc_file_free(pfile); + if (profile->ops->emu_update_any_df) + r = profile->ops->emu_update_any_df(profile, p15card, SC_AC_OP_CREATE, object); + else + r = sc_pkcs15init_update_any_df(p15card, profile, df, is_new); - /* Now update the ODF if we have to */ - if (r >= 0 && update_odf) - r = sc_pkcs15init_update_odf(p15card, profile); + if (r < 0 && object_added) + sc_pkcs15_remove_object(p15card, object); - return r; -#endif + LOG_FUNC_RETURN(ctx, r); } -static int -sc_pkcs15init_remove_object(sc_pkcs15_card_t *p15card, - sc_profile_t *profile, sc_pkcs15_object_t *obj) -{ - sc_card_t *card = p15card->card; - struct sc_pkcs15_df *df; - sc_path_t path; - int r = 0; - - switch(obj->type & SC_PKCS15_TYPE_CLASS_MASK) - { - case SC_PKCS15_TYPE_PUBKEY: - path = ((sc_pkcs15_pubkey_info_t *)obj->data)->path; - break; - case SC_PKCS15_TYPE_PRKEY: - path = ((sc_pkcs15_prkey_info_t *)obj->data)->path; - break; - case SC_PKCS15_TYPE_CERT: - path = ((sc_pkcs15_cert_info_t *)obj->data)->path; - break; - case SC_PKCS15_TYPE_DATA_OBJECT: - path = ((sc_pkcs15_data_info_t *)obj->data)->path; - break; - default: - return SC_ERROR_OBJECT_NOT_FOUND; - } - - /* Get the DF we're part of. If there's no DF, fine, we haven't - * been added yet. */ - if ((df = obj->df) == NULL) - return 0; - - /* Unlink the object and update the DF */ - sc_pkcs15_remove_object(p15card, obj); - if ((r = sc_pkcs15init_update_any_df(p15card, profile, df, 0)) < 0) - return r; - - /* XXX Dangerous - the object indicated by path may be the - * application DF. This isn't true for the Oberthur, but - * it may be for others. */ - r = sc_delete_file(card, &path); - - return r; -} -static sc_pkcs15_object_t * sc_pkcs15init_new_object(int type, - const char *label, sc_pkcs15_id_t *auth_id, void *data) +struct sc_pkcs15_object * +sc_pkcs15init_new_object(int type, const char *label, struct sc_pkcs15_id *auth_id, void *data) { - sc_pkcs15_object_t *object; - unsigned int data_size = 0; + struct sc_pkcs15_object *object; + unsigned int data_size = 0; - object = (sc_pkcs15_object_t *) calloc(1, sizeof(*object)); + object = calloc(1, sizeof(*object)); if (object == NULL) return NULL; object->type = type; @@ -2751,25 +2627,25 @@ switch (type & SC_PKCS15_TYPE_CLASS_MASK) { case SC_PKCS15_TYPE_AUTH: object->flags = DEFAULT_PIN_FLAGS; - data_size = sizeof(sc_pkcs15_pin_info_t); + data_size = sizeof(struct sc_pkcs15_pin_info); break; case SC_PKCS15_TYPE_PRKEY: object->flags = DEFAULT_PRKEY_FLAGS; - data_size = sizeof(sc_pkcs15_prkey_info_t); + data_size = sizeof(struct sc_pkcs15_prkey_info); break; case SC_PKCS15_TYPE_PUBKEY: object->flags = DEFAULT_PUBKEY_FLAGS; - data_size = sizeof(sc_pkcs15_pubkey_info_t); + data_size = sizeof(struct sc_pkcs15_pubkey_info); break; case SC_PKCS15_TYPE_CERT: object->flags = DEFAULT_CERT_FLAGS; - data_size = sizeof(sc_pkcs15_cert_info_t); + data_size = sizeof(struct sc_pkcs15_cert_info); break; case SC_PKCS15_TYPE_DATA_OBJECT: object->flags = DEFAULT_DATA_FLAGS; if (auth_id->len != 0) object->flags |= SC_PKCS15_CO_FLAG_PRIVATE; - data_size = sizeof(sc_pkcs15_data_info_t); + data_size = sizeof(struct sc_pkcs15_data_info); break; } @@ -2787,214 +2663,251 @@ return object; } + int -sc_pkcs15init_change_attrib(struct sc_pkcs15_card *p15card, - struct sc_profile *profile, - struct sc_pkcs15_object *object, - int new_attrib_type, - void *new_value, - int new_len) +sc_pkcs15init_change_attrib(struct sc_pkcs15_card *p15card, struct sc_profile *profile, struct sc_pkcs15_object *object, + int new_attrib_type, void *new_value, int new_len) { + struct sc_context *ctx = p15card->card->ctx; struct sc_card *card = p15card->card; - u8 *buf = NULL; + unsigned char *buf = NULL; size_t bufsize; int df_type, r = 0; struct sc_pkcs15_df *df; + struct sc_pkcs15_id new_id = *((struct sc_pkcs15_id *) new_value); if (object == NULL || object->df == NULL) - return SC_ERROR_OBJECT_NOT_FOUND; + LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Cannot change attribute"); df_type = object->df->type; df = find_df_by_type(p15card, df_type); if (df == NULL) - return SC_ERROR_OBJECT_NOT_FOUND; + LOG_TEST_RET(ctx, SC_ERROR_OBJECT_NOT_FOUND, "Cannot change attribute"); - switch(new_attrib_type) - { + switch(new_attrib_type) { case P15_ATTR_TYPE_LABEL: if (new_len >= SC_PKCS15_MAX_LABEL_SIZE) - return SC_ERROR_INVALID_ARGUMENTS; + LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "New label too long"); memcpy(object->label, new_value, new_len); object->label[new_len] = '\0'; break; case P15_ATTR_TYPE_ID: switch(df_type) { case SC_PKCS15_PRKDF: - ((sc_pkcs15_prkey_info_t *) object->data)->id = - *((sc_pkcs15_id_t *) new_value); + ((struct sc_pkcs15_prkey_info *) object->data)->id = new_id; break; case SC_PKCS15_PUKDF: case SC_PKCS15_PUKDF_TRUSTED: - ((sc_pkcs15_pubkey_info_t *) object->data)->id = - *((sc_pkcs15_id_t *) new_value); + ((struct sc_pkcs15_pubkey_info *) object->data)->id = new_id; break; case SC_PKCS15_CDF: case SC_PKCS15_CDF_TRUSTED: case SC_PKCS15_CDF_USEFUL: - ((sc_pkcs15_cert_info_t *) object->data)->id = - *((sc_pkcs15_id_t *) new_value); + ((struct sc_pkcs15_cert_info *) object->data)->id = new_id; break; default: - return SC_ERROR_NOT_SUPPORTED; + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Cannot change ID attribute"); } break; default: - return SC_ERROR_NOT_SUPPORTED; + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Only 'LABEL' or 'ID' attributes can be changed"); } - r = sc_pkcs15_encode_df(card->ctx, p15card, df, &buf, &bufsize); - if (r >= 0) { - sc_file_t *file; - r = sc_profile_get_file_by_path(profile, &df->path, &file); - if(r<0) return r; - r = sc_pkcs15init_update_file(profile, card, - file, buf, bufsize); - free(buf); - sc_file_free(file); + if (profile->ops->emu_update_any_df) { + r = profile->ops->emu_update_any_df(profile, p15card, SC_AC_OP_CREATE, object); + LOG_TEST_RET(ctx, r, "Card specific DF update failed"); + } + else { + r = sc_pkcs15_encode_df(card->ctx, p15card, df, &buf, &bufsize); + if (r >= 0) { + struct sc_file *file = NULL; + + r = sc_profile_get_file_by_path(profile, &df->path, &file); + LOG_TEST_RET(ctx, r, "Cannot instantiate file by path"); + + r = sc_pkcs15init_update_file(profile, p15card, file, buf, bufsize); + free(buf); + sc_file_free(file); + } } return r < 0 ? r : 0; } -int sc_pkcs15init_delete_object(sc_pkcs15_card_t *p15card, - sc_profile_t *profile, sc_pkcs15_object_t *obj) -{ - sc_path_t path; + +int +sc_pkcs15init_delete_object(struct sc_pkcs15_card *p15card, struct sc_profile *profile, + struct sc_pkcs15_object *obj) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_file *file = NULL; + struct sc_path path; struct sc_pkcs15_df *df; - int r, stored_in_ef = 0; + int r = 0, stored_in_ef = 0; - switch(obj->type & SC_PKCS15_TYPE_CLASS_MASK) - { + LOG_FUNC_CALLED(ctx); + switch(obj->type & SC_PKCS15_TYPE_CLASS_MASK) { case SC_PKCS15_TYPE_PUBKEY: - path = ((sc_pkcs15_pubkey_info_t *)obj->data)->path; - stored_in_ef = 1; + path = ((struct sc_pkcs15_pubkey_info *)obj->data)->path; break; case SC_PKCS15_TYPE_PRKEY: - path = ((sc_pkcs15_prkey_info_t *)obj->data)->path; - stored_in_ef = 1; + path = ((struct sc_pkcs15_prkey_info *)obj->data)->path; break; case SC_PKCS15_TYPE_CERT: - path = ((sc_pkcs15_cert_info_t *)obj->data)->path; - stored_in_ef = 1; + path = ((struct sc_pkcs15_cert_info *)obj->data)->path; break; case SC_PKCS15_TYPE_DATA_OBJECT: - path = ((sc_pkcs15_data_info_t *)obj->data)->path; - stored_in_ef = 1; + path = ((struct sc_pkcs15_data_info *)obj->data)->path; break; default: return SC_ERROR_NOT_SUPPORTED; } - /* Set the SO PIN reference from card */ - if ((r = set_so_pin_from_card(p15card, profile)) < 0) - return r; + sc_log(ctx, "delete object(type:%X) with path(type:%X,%s)", obj->type, path.type, sc_print_path(&path)); + if (path.len || path.aid.len) { + r = sc_select_file(p15card->card, &path, &file); + if (r != SC_ERROR_FILE_NOT_FOUND) + LOG_TEST_RET(ctx, r, "select object path failed"); - /* if the object is stored in a normal EF try to - * delete the EF */ - if (stored_in_ef != 0) { - r = sc_pkcs15init_delete_by_path(profile, p15card->card, &path); - if (r != SC_SUCCESS) { - sc_error(p15card->card->ctx, "sc_pkcs15init_delete_by_path failed: %d", r); - return r; - } - /* Get the DF we're part of. If there's no DF, fine, we haven't - * been added yet. */ - if ((df = obj->df) != NULL) { - /* Unlink the object and update the DF */ - sc_pkcs15_remove_object(p15card, obj); - } - } else if (profile->ops->delete_object != NULL) { - /* If there's a card-specific way to delete objects, use it. - * Otherwise, just set its label to "deleted" to indicate - * that we can re-used it when we have to make a next - * object in the future. */ - r = profile->ops->delete_object(profile, p15card->card, obj->type, obj->data, &path); - if (r < 0) { - sc_error(p15card->card->ctx, "ops->delete_object() failed: %d", r); - return r; - } + stored_in_ef = (file->type != SC_FILE_TYPE_DF); + sc_file_free(file); + } - /* Get the DF we're part of. If there's no DF, fine, we haven't - * been added yet. */ - if ((df = obj->df) != NULL) { - /* Unlink the object and update the DF */ - sc_pkcs15_remove_object(p15card, obj); - } - } else { - /* Get the DF we're part of. If there's no DF, fine, we haven't - * been added yet. */ - if ((df = obj->df) != NULL) { - /*Change the label into "deleted" and update the DF */ - strcpy(obj->label, "deleted"); + if (!r) { + /* If the object is stored in a normal EF, try to delete the EF. */ + if (stored_in_ef) { + r = sc_pkcs15init_delete_by_path(profile, p15card, &path); + LOG_TEST_RET(ctx, r, "Failed to delete object by path"); + } + else if (profile->ops->delete_object != NULL) { + /* If there's a card-specific way to delete objects, use it. */ + r = profile->ops->delete_object(profile, p15card, obj, &path); + LOG_TEST_RET(ctx, r, "Card specific delete object failed"); } + } + + if (profile->ops->emu_update_any_df) { + r = profile->ops->emu_update_any_df(profile, p15card, SC_AC_OP_ERASE, obj); + LOG_TEST_RET(ctx, r, "'ERASE' update DF failed"); } - r = sc_pkcs15init_update_any_df(p15card, profile, df, 0); - /* mark card as dirty */ + /* Get the DF we're part of. If there's no DF, fine, we haven't been added yet. */ + df = obj->df; + if (df) { + /* Unlink the object and update the DF */ + sc_pkcs15_remove_object(p15card, obj); + sc_pkcs15_free_object(obj); + } + + if (!profile->ops->emu_update_any_df) + r = sc_pkcs15init_update_any_df(p15card, profile, df, 0); + + /* mark card as dirty */ profile->dirty = 1; - return r; + LOG_FUNC_RETURN(ctx, r); } + int -sc_pkcs15init_update_certificate(sc_pkcs15_card_t *p15card, - sc_profile_t *profile, - sc_pkcs15_object_t *obj, +sc_pkcs15init_update_certificate(struct sc_pkcs15_card *p15card, + struct sc_profile *profile, struct sc_pkcs15_object *obj, const unsigned char *rawcert, size_t certlen) { - sc_file_t *file = NULL, *parent = NULL; - sc_path_t *path = &((sc_pkcs15_cert_info_t *)obj->data)->path; + struct sc_context *ctx = p15card->card->ctx; + struct sc_file *file = NULL; + struct sc_path *path = &((struct sc_pkcs15_cert_info *)obj->data)->path; int r; - /* Set the SO PIN reference from card */ - if ((r = set_so_pin_from_card(p15card, profile)) < 0) - return r; - + LOG_FUNC_CALLED(ctx); r = sc_select_file(p15card->card, path, &file); - if (r < 0) - return r; + LOG_TEST_RET(ctx, r, "Failed to select cert file"); /* If the new cert doesn't fit in the EF, delete it and make the same, but bigger EF */ - if (file->size < certlen) { - if ((r = sc_pkcs15init_delete_by_path(profile, p15card->card, path)) < 0) + if (file->size != certlen) { + struct sc_file *parent = NULL; + + r = sc_pkcs15init_delete_by_path(profile, p15card, path); + if (r < 0) goto done; file->size = certlen; - if ((r = do_select_parent(profile, p15card->card, file, &parent)) < 0 - || (r = sc_pkcs15init_authenticate(profile, p15card->card, - parent, SC_AC_OP_CREATE)) < 0) - goto done; + r = do_select_parent(profile, p15card, file, &parent); + if (r < 0) + goto done; + + r = sc_pkcs15init_authenticate(profile, p15card, parent, SC_AC_OP_CREATE); + sc_file_free(parent); + if (r < 0) { + sc_log(ctx, "'CREATE' authentication failed"); + goto done; + } + /* ensure we are in the correct lifecycle */ r = sc_pkcs15init_set_lifecycle(p15card->card, SC_CARDCTRL_LIFECYCLE_ADMIN); if (r < 0 && r != SC_ERROR_NOT_SUPPORTED) - return r; - if ((r = sc_create_file(p15card->card, file)) < 0) goto done; + + r = sc_create_file(p15card->card, file); + if (r < 0) { + sc_log(ctx, "Cannot create cert file"); + goto done; + } + } + + if (!sc_file_get_acl_entry(file, SC_AC_OP_UPDATE)) { + struct sc_path tmp_path; + + /* FCI of selected cert file do not contains ACLs. + * For the 'UPDATE' authentication use instead sc_file + * instantiated from card profile with default ACLs. */ + sc_file_free(file); + + r = select_object_path(p15card, profile, obj, &tmp_path); + if (r < 0) { + sc_log(ctx, "Select object path error"); + goto done; + } + + r = sc_profile_get_file_by_path(profile, path, &file); + if (r < 0) { + sc_log(ctx, "Cannot instantiate cert file"); + goto done; + } } /* Write the new cert */ - if ((r = sc_pkcs15init_authenticate(profile, p15card->card, file, SC_AC_OP_UPDATE)) < 0) + r = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_UPDATE); + if (r < 0) { + sc_log(ctx, "'UPDATE' authentication failed"); goto done; - if ((r = sc_select_file(p15card->card, path, NULL)) < 0) + } + + r = sc_select_file(p15card->card, path, NULL); + if (r < 0) goto done; - if ((r = sc_update_binary(p15card->card, 0, rawcert, certlen, 0)) < 0) + + r = sc_update_binary(p15card->card, 0, rawcert, certlen, 0); + if (r < 0) goto done; /* Fill the remaining space in the EF (if any) with zeros */ if (certlen < file->size) { - unsigned char *tmp = (unsigned char *) calloc(file->size - certlen, 1); + unsigned char *tmp = calloc(file->size - certlen, 1); if (tmp == NULL) { r = SC_ERROR_OUT_OF_MEMORY; goto done; } r = sc_update_binary(p15card->card, certlen, tmp, file->size - certlen, 0); free(tmp); + if (r < 0) + sc_log(ctx, "Update cert file error"); } if (r >= 0) { /* Update the CDF entry */ - path = &((sc_pkcs15_cert_info_t *)obj->data)->path; + path = &((struct sc_pkcs15_cert_info *)obj->data)->path; if (file->size != certlen) { path->index = 0; path->count = certlen; @@ -3002,6 +2915,8 @@ else path->count = -1; r = sc_pkcs15init_update_any_df(p15card, profile, obj->df, 0); + if (r < 0) + sc_log(ctx, "Failed to update CDF"); } /* mark card as dirty */ @@ -3010,284 +2925,232 @@ done: if (file) sc_file_free(file); - if (parent) - sc_file_free(parent); - return r; + LOG_FUNC_RETURN(ctx, r); +} + + +static const char * +get_pin_ident_name(int type, int reference) +{ + switch (type) { + case SC_AC_CHV: + return "PIN"; + case SC_AC_PRO: + return "secure messaging key"; + case SC_AC_AUT: + return "authentication key"; + case SC_AC_SEN: + return "security environment"; + case SC_AC_IDA: + return "PKCS#15 reference"; + case SC_AC_SCB: + return "SCB byte in IAS/ECC"; + case SC_AC_SYMBOLIC: + switch (reference) { + case SC_PKCS15INIT_USER_PIN: + return "user PIN"; + case SC_PKCS15INIT_SO_PIN: + return "SO PIN"; + case SC_PKCS15INIT_USER_PUK: + return "user PUK"; + case SC_PKCS15INIT_SO_PUK: + return "SO PUK"; + } + } + return "authentication data"; +} + + +static int +sc_pkcs15init_get_transport_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + int type, int reference, unsigned char *pinbuf, size_t *pinsize) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_object *pin_obj = NULL; + struct sc_pkcs15_pin_info pin_info; + struct sc_cardctl_default_key data; + size_t defsize = 0; + unsigned char defbuf[0x100]; + int rv; + + LOG_FUNC_CALLED(ctx); + + data.method = type; + data.key_ref = reference; + data.len = sizeof(defbuf); + data.key_data = defbuf; + rv = sc_card_ctl(p15card->card, SC_CARDCTL_GET_DEFAULT_KEY, &data); + if (rv >= 0) + defsize = data.len; + + if (callbacks.get_key) { + rv = callbacks.get_key(profile, type, reference, defbuf, defsize, pinbuf, pinsize); + } + else if (rv >= 0) { + if (*pinsize < defsize) + LOG_TEST_RET(ctx, SC_ERROR_BUFFER_TOO_SMALL, "Get transport key error"); + + memcpy(pinbuf, data.key_data, data.len); + *pinsize = data.len; + } + + memset(&pin_info, 0, sizeof(pin_info)); + pin_info.auth_method = type; + pin_info.reference = reference; + pin_info.stored_length = *pinsize; + pin_info.max_length = *pinsize; + pin_info.min_length = *pinsize; + pin_info.magic = SC_PKCS15_PIN_MAGIC; + + pin_obj = sc_pkcs15init_new_object(SC_PKCS15_TYPE_AUTH_PIN, "Default transport key", NULL, &pin_info); + if (!pin_obj) + LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot allocate AUTH object"); + + rv = sc_pkcs15_add_object(p15card, pin_obj); + LOG_TEST_RET(ctx, rv, "Cannot add PKCS#15 AUTH object"); + + sc_pkcs15_pincache_add(p15card, pin_obj, pinbuf, *pinsize); + + LOG_FUNC_RETURN(ctx, rv); } + /* * PIN verification */ -static int -do_get_and_verify_secret(sc_profile_t *pro, sc_card_t *card, - sc_file_t *file, int type, int reference, - u8 *pinbuf, size_t *pinsize, - int verify) +int +sc_pkcs15init_verify_secret(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct sc_file *file, unsigned int type, int reference) { - struct sc_cardctl_default_key data; - sc_pkcs15_card_t *p15card = pro->p15_data; - sc_pkcs15_object_t *pin_obj = NULL; - sc_pkcs15_pin_info_t pin_info; - sc_path_t *path; + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_object *pin_obj = NULL; + struct sc_pkcs15_pin_info pin_info; + struct sc_path *path; + int r, use_pinpad = 0, pin_id = -1; const char *ident, *label = NULL; - int pin_id = -1; - size_t defsize = 0; - u8 defbuf[0x100]; - int r; + unsigned char pinbuf[0x100]; + size_t pinsize = sizeof(pinbuf); + + LOG_FUNC_CALLED(ctx); path = file? &file->path : NULL; - ident = "authentication data"; - if (type == SC_AC_CHV) { - ident = "PIN"; - memset(&pin_info, 0, sizeof(pin_info)); - pin_info.reference = reference; - - /* Maybe this is the $SOPIN or $PIN? */ - pin_id = sc_keycache_get_pin_name(path, reference); - if (pin_id >= 0) - sc_profile_get_pin_info(pro, pin_id, &pin_info); - - /* Try to get information on the PIN, such as the - * label, max length etc */ - if (p15card && path != NULL && !(path->len & 1)) { - sc_path_t tmp_path = *path; - - do { - r = sc_pkcs15_find_pin_by_reference(p15card, - &tmp_path, reference, &pin_obj); - tmp_path.len -= 2; - } while (r < 0 && tmp_path.len > 1); - if (pin_obj) - memcpy(&pin_info, pin_obj->data, sizeof(pin_info)); - } - } else if (type == SC_AC_PRO) { - ident = "secure messaging key"; - } else if (type == SC_AC_AUT) { - ident = "authentication key"; - } else if (type == SC_AC_SYMBOLIC) { - /* This is a symbolic PIN name */ - pin_id = reference; - switch (pin_id) { - case SC_PKCS15INIT_USER_PIN: - ident = "user PIN"; break; - case SC_PKCS15INIT_SO_PIN: - ident = "SO PIN"; break; - } + ident = get_pin_ident_name(type, reference); + sc_log(ctx, "get and verify PIN('%s',type:0x%X,reference:0x%X)", ident, type, reference); - /* See if the card initializer set this PIN. - * If the reference is -1, he didn't, and any - * access conditions involving this pin should be - * ignored. - */ - reference = sc_keycache_find_named_pin(path, pin_id); - if (reference == -1) { - if (card->ctx->debug >= 2) { - sc_debug(card->ctx, - "no %s set for this card\n", - ident); - } - return 0; + if (type == SC_AC_SEN) { + r = sc_card_ctl(p15card->card, SC_CARDCTL_GET_CHV_REFERENCE_IN_SE, (void *)(&reference)); + sc_log(ctx, "Card CTL(GET_CHV_REFERENCE_IN_SE) returned %i", r); + if (r > 0) { + sc_log(ctx, "CHV(ref:%i) found in SE(ref:%i)", r, reference); + type = SC_AC_CHV; + reference = r; + } + else if (r != SC_ERROR_NOT_SUPPORTED) + LOG_TEST_RET(ctx, r, "Card CTL error: cannot get CHV reference"); + } + + memset(&pin_info, 0, sizeof(pin_info)); + pin_info.auth_method = type; + pin_info.reference = reference; + + pin_id = sc_pkcs15init_get_pin_reference(p15card, profile, type, reference); + sc_log(ctx, "found PIN reference %i", pin_id); + if (type == SC_AC_SYMBOLIC) { + if (pin_id == -1) + LOG_FUNC_RETURN(ctx, SC_SUCCESS); + reference = pin_id; + type = SC_AC_CHV; + sc_log(ctx, "Symbolic PIN resolved to PIN(type:CHV,reference:%i)", type, reference); + } + + if (p15card) { + if (path && path->len) { + struct sc_path tmp_path = *path; + int iter; + + r = SC_ERROR_OBJECT_NOT_FOUND; + for (iter = tmp_path.len/2; iter >= 0 && r == SC_ERROR_OBJECT_NOT_FOUND; iter--, tmp_path.len -= 2) + r = sc_pkcs15_find_pin_by_type_and_reference(p15card, + tmp_path.len ? &tmp_path : NULL, + type, reference, &pin_obj); + } + else { + r = sc_pkcs15_find_pin_by_type_and_reference(p15card, NULL, type, reference, &pin_obj); } - sc_profile_get_pin_info(pro, pin_id, &pin_info); - type = SC_AC_CHV; + if (!r && pin_obj) { + memcpy(&pin_info, pin_obj->data, sizeof(pin_info)); + sc_log(ctx, "found PIN object '%s'", pin_obj->label); + } } - /* Try to get the cached secret, e.g. CHV1 */ - r = sc_keycache_get_key(path, type, reference, pinbuf, *pinsize); - if (r >= 0) { - *pinsize = r; - goto found; + if (pin_obj) { + sc_log(ctx, "PIN object '%s'; pin_obj->content.len:%i", pin_obj->label, pin_obj->content.len); + if (pin_obj->content.value && pin_obj->content.len) { + if (pin_obj->content.len > pinsize) + LOG_TEST_RET(ctx, SC_ERROR_BUFFER_TOO_SMALL, "PIN buffer is too small"); + memcpy(pinbuf, pin_obj->content.value, pin_obj->content.len); + pinsize = pin_obj->content.len; + sc_log(ctx, "'ve got '%s' value from cache", ident); + goto found; + } } - if (type != SC_AC_CHV) { - /* Okay, nothing in our cache. - * Ask the card driver whether it knows a default key - * for this one. - */ - data.method = type; - data.key_ref = reference; - data.len = sizeof(defbuf); - data.key_data = defbuf; - if (sc_card_ctl(card, SC_CARDCTL_GET_DEFAULT_KEY, &data) >= 0) - defsize = data.len; - } else if (pin_obj && pin_obj->label[0]) { + if (pin_obj && pin_obj->label[0]) label = pin_obj->label; - } switch (type) { case SC_AC_CHV: - if (callbacks.get_pin) { - r = callbacks.get_pin(pro, pin_id, - &pin_info, label, - pinbuf, pinsize); + if (callbacks.get_pin) { + r = callbacks.get_pin(profile, pin_id, &pin_info, label, pinbuf, &pinsize); + sc_log(ctx, "'get_pin' callback returned %i; pinsize:%i", r, pinsize); } break; default: - if (callbacks.get_key) { - r = callbacks.get_key(pro, type, reference, - defbuf, defsize, - pinbuf, pinsize); - } + r = sc_pkcs15init_get_transport_key(profile, p15card, type, reference, pinbuf, &pinsize); break; } - if (r < 0) - return r; - - /* We got something. Cache it */ - sc_keycache_put_key(path, type, reference, pinbuf, *pinsize); - - /* If it's a PIN, pad it out */ -found: if (type == SC_AC_CHV && pin_info.flags & SC_PKCS15_PIN_FLAG_NEEDS_PADDING) { - int left = pro->pin_maxlen - *pinsize; - - if (left > 0) { - memset(pinbuf + *pinsize, pro->pin_pad_char, left); - *pinsize = pro->pin_maxlen; - } - } - - if (verify) { - /* We may have selected the AODF instead of the file - * itself: */ - if (file) - r = sc_select_file(card, &file->path, NULL); - if (r >= 0 - && (r = sc_verify(card, type, reference, pinbuf, *pinsize, NULL)) < 0) { - sc_error(card->ctx, "Failed to verify %s (ref=0x%x)", - ident, reference); - } + if (r == SC_ERROR_OBJECT_NOT_FOUND) { + if (p15card->card->reader->capabilities & SC_READER_CAP_PIN_PAD) + r = 0, use_pinpad = 1; + else + r = SC_ERROR_SECURITY_STATUS_NOT_SATISFIED; } - return r; -} - -static int -do_verify_pin(struct sc_profile *pro, sc_card_t *card, sc_file_t *file, - unsigned int type, unsigned int reference) -{ - size_t pinsize; - u8 pinbuf[0x100]; - - pinsize = sizeof(pinbuf); - return do_get_and_verify_secret(pro, card, file, type, reference, - pinbuf, &pinsize, 1); -} - -void -sc_pkcs15init_set_secret(struct sc_profile *pro, - int type, int reference, - u8 *key, size_t len) -{ - sc_keycache_put_key(NULL, type, reference, key, len); -} - -int -sc_pkcs15init_verify_key(struct sc_profile *pro, sc_card_t *card, - sc_file_t *file, unsigned int type, unsigned int reference) -{ - size_t keysize; - u8 keybuf[64]; + LOG_TEST_RET(ctx, r, "Failed to get secret"); - keysize = sizeof(keybuf); - return do_get_and_verify_secret(pro, card, file, type, reference, - keybuf, &keysize, 1); -} - -/* - * Find out whether the card was initialized using an SO PIN, - * and if so, set the profile information - */ -static int set_so_pin_from_card(struct sc_pkcs15_card *p15card, - struct sc_profile *profile) -{ - struct sc_pkcs15_pin_info *pin; - struct sc_pkcs15_object *obj; - int r; - - r = sc_pkcs15_find_so_pin(p15card, &obj); - if (r == 0) { - pin = (struct sc_pkcs15_pin_info *) obj->data; - return sc_keycache_set_pin_name(&pin->path, - pin->reference, - SC_PKCS15INIT_SO_PIN); +found: + if (pin_obj) { + r = sc_pkcs15_verify_pin(p15card, pin_obj, pinsize ? pinbuf : NULL, pinsize); + LOG_TEST_RET(ctx, r, "Cannot validate pkcs15 PIN"); } - - /* If the card doesn't have an SO PIN, we simply zap the - * naming info from the cache */ - if (r == SC_ERROR_OBJECT_NOT_FOUND) - return sc_keycache_set_pin_name(NULL, -1, SC_PKCS15INIT_SO_PIN); - return r; -} - -/* - * If the user specified an auth_id, select the corresponding - * PIN entry and set the reference data. - * If auth_id is NULL, then get the first user PIN found, this - * is usefull for the 'onepin' profile option. - */ -static int -set_user_pin_from_authid(struct sc_pkcs15_card *p15card, - struct sc_profile *profile, - struct sc_pkcs15_id *auth_id) -{ - struct sc_pkcs15_pin_info *pin; - struct sc_pkcs15_object *objp; - int r; - - if (auth_id == NULL) { - int i; - struct sc_pkcs15_object *p15objects[5]; - r = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_AUTH_PIN, p15objects, 5); - if (r < 0) - return r; - for (i = 0; i < r; i++) { - sc_pkcs15_pin_info_t *pininfo = (sc_pkcs15_pin_info_t *) p15objects[i]->data; - if (!(pininfo->flags & SC_PKCS15_PIN_FLAG_SO_PIN)) { - auth_id = &pininfo->auth_id; - break; - } - } - if (i >= r) - return SC_ERROR_OBJECT_NOT_FOUND; + if (file) { + r = sc_select_file(p15card->card, &file->path, NULL); + LOG_TEST_RET(ctx, r, "Failed to select PIN path"); } - if (auth_id->len == 0) - return 0; - - r = sc_pkcs15_find_pin_by_auth_id(p15card, auth_id, &objp); - if (r < 0) - return r; - - pin = (struct sc_pkcs15_pin_info *) objp->data; - - /* If the PIN resides in a separate directory, make sure the - * profile defines the DF. Otherwise, generate a file object - * on the fly (XXX hack attack) - * - * Possible fix: store all file info from the profile on the card - */ - if (pin->path.len != 0) { - sc_file_t *df = NULL; - - r = sc_profile_get_file_by_path(profile, &pin->path, &df); - if (r == SC_ERROR_FILE_NOT_FOUND - && (r = sc_select_file(p15card->card, &pin->path, &df)) == 0) { - sc_profile_add_file(profile, "pin-dir (auto)", df); - } + if (!pin_obj) { + struct sc_pin_cmd_data pin_cmd; - if (df) - sc_file_free(df); + memset(&pin_cmd, 0, sizeof(pin_cmd)); + pin_cmd.cmd = SC_PIN_CMD_VERIFY; + pin_cmd.pin_type = type; + pin_cmd.pin_reference = reference; + pin_cmd.pin1.data = use_pinpad ? NULL : pinbuf; + pin_cmd.pin1.len = use_pinpad ? 0: pinsize; + + r = sc_pin_cmd(p15card->card, &pin_cmd, NULL); + LOG_TEST_RET(ctx, r, "'VERIFY' pin cmd failed"); } - return sc_keycache_set_pin_name(&pin->path, - pin->reference, SC_PKCS15INIT_USER_PIN); + LOG_FUNC_RETURN(ctx, r); } + /* * Present any authentication info as required by the file. * @@ -3302,433 +3165,436 @@ * used in most cards while the first case was added much later. */ int -sc_pkcs15init_authenticate(struct sc_profile *pro, sc_card_t *card, - sc_file_t *file, int op) +sc_pkcs15init_authenticate(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct sc_file *file, int op) { - const sc_acl_entry_t *acl; - sc_file_t *file_tmp = NULL; + struct sc_context *ctx = p15card->card->ctx; + const struct sc_acl_entry *acl = NULL; + struct sc_file *file_tmp = NULL; int r = 0; - char pbuf[SC_MAX_PATH_STRING_SIZE]; - r = sc_path_print(pbuf, sizeof(pbuf), &file->path); - if (r != SC_SUCCESS) - pbuf[0] = '\0'; + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "path '%s', op=%u", sc_print_path(&file->path), op); - sc_debug(card->ctx, "path=%s, op=%u\n", pbuf, op); + if (p15card->card->caps & SC_CARD_CAP_USE_FCI_AC) { + r = sc_select_file(p15card->card, &file->path, &file_tmp); + LOG_TEST_RET(ctx, r, "Authentication failed: cannot select file."); - if (card->caps & SC_CARD_CAP_USE_FCI_AC) { - if ((r = sc_select_file(card, &file->path, &file_tmp)) < 0) - return r; acl = sc_file_get_acl_entry(file_tmp, op); } - else + else { acl = sc_file_get_acl_entry(file, op); - - sc_debug(card->ctx, "r:[0x%08x]\n",r); - sc_debug(card->ctx, "acl:[0x%08x]\n",acl); + } + sc_log(ctx, "acl %p",acl); for (; r == 0 && acl; acl = acl->next) { - if (acl->method == SC_AC_NEVER) - { - sc_debug(card->ctx, "never\n"); - return SC_ERROR_SECURITY_STATUS_NOT_SATISFIED; - } - if (acl->method == SC_AC_NONE) - { - sc_debug(card->ctx, "none\n"); + if (acl->method == SC_AC_NEVER) { + LOG_TEST_RET(ctx, SC_ERROR_SECURITY_STATUS_NOT_SATISFIED, "Authentication failed: never allowed"); + } + else if (acl->method == SC_AC_NONE) { + sc_log(ctx, "always allowed"); break; } - if (acl->method == SC_AC_UNKNOWN) { - sc_debug(card->ctx, "unknown acl method\n"); + else if (acl->method == SC_AC_UNKNOWN) { + sc_log(ctx, "unknown acl method"); break; } - sc_debug(card->ctx, "verify\n"); - r = do_verify_pin(pro, card, file_tmp ? file_tmp : file, - acl->method, acl->key_ref); + sc_log(ctx, "verify acl(method:%i,reference:%i)", acl->method, acl->key_ref); + r = sc_pkcs15init_verify_secret(profile, p15card, file_tmp ? file_tmp : file, acl->method, acl->key_ref); } if (file_tmp) sc_file_free(file_tmp); - return r; + LOG_FUNC_RETURN(ctx, r); } -static int do_select_parent(struct sc_profile *pro, sc_card_t *card, - sc_file_t *file, sc_file_t **parent) + +static int +do_select_parent(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct sc_file *file, struct sc_file **parent) { + struct sc_context *ctx = p15card->card->ctx; struct sc_path path; int r; + LOG_FUNC_CALLED(ctx); /* Get the parent's path */ path = file->path; if (path.len >= 2) path.len -= 2; - if (path.len == 0) + if (!path.len && !path.aid.len) sc_format_path("3F00", &path); /* Select the parent DF. */ *parent = NULL; - sc_ctx_suppress_errors_on(card->ctx); - r = sc_select_file(card, &path, parent); - sc_ctx_suppress_errors_off(card->ctx); + r = sc_select_file(p15card->card, &path, parent); /* If DF doesn't exist, create it (unless it's the MF, * but then something's badly broken anyway :-) */ if (r == SC_ERROR_FILE_NOT_FOUND && path.len != 2) { - r = sc_profile_get_file_by_path(pro, &path, parent); + r = sc_profile_get_file_by_path(profile, &path, parent); if (r < 0) { - char pbuf[SC_MAX_PATH_STRING_SIZE]; + sc_log(ctx, "no profile template for DF %s", sc_print_path(&path)); + LOG_FUNC_RETURN(ctx, r); + } - r = sc_path_print(pbuf, sizeof(pbuf), &path); - if (r != SC_SUCCESS) - pbuf[0] = '\0'; + r = sc_pkcs15init_create_file(profile, p15card, *parent); + LOG_TEST_RET(ctx, r, "Cannot create parent DF"); - sc_error(card->ctx, - "profile doesn't define a DF %s", pbuf); - return r; - } - if (!(r = sc_pkcs15init_create_file(pro, card, *parent))) - r = sc_select_file(card, &path, NULL); - } else if (r == SC_SUCCESS && !strcmp(card->name, "STARCOS SPK 2.3")) { + r = sc_select_file(p15card->card, &path, NULL); + LOG_TEST_RET(ctx, r, "Cannot select parent DF"); + } + else if (r == SC_SUCCESS && !strcmp(p15card->card->name, "STARCOS SPK 2.3")) { /* in case of starcos spk 2.3 SELECT FILE does not * give us the ACLs => ask the profile */ sc_file_free(*parent); - r = sc_profile_get_file_by_path(pro, &path, parent); - if (r < 0) { - char pbuf[SC_MAX_PATH_STRING_SIZE]; - r = sc_path_print(pbuf, sizeof(pbuf), &path); - if (r != SC_SUCCESS) - pbuf[0] = '\0'; - - sc_error(card->ctx, - "profile doesn't define a DF %s", pbuf); - return r; + r = sc_profile_get_file_by_path(profile, &path, parent); + if (r < 0) { + sc_log(ctx, "in StarCOS profile there is no template for DF %s", sc_print_path(&path)); + LOG_FUNC_RETURN(ctx, r); } } - return r; + LOG_FUNC_RETURN(ctx, r); } + int -sc_pkcs15init_create_file(struct sc_profile *pro, sc_card_t *card, - sc_file_t *file) +sc_pkcs15init_create_file(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct sc_file *file) { + struct sc_context *ctx = p15card->card->ctx; struct sc_file *parent = NULL; int r; + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "create file '%s'", sc_print_path(&file->path)); /* Select parent DF and verify PINs/key as necessary */ - if ((r = do_select_parent(pro, card, file, &parent)) < 0 - || (r = sc_pkcs15init_authenticate(pro, card, - parent, SC_AC_OP_CREATE)) < 0) - goto out; + r = do_select_parent(profile, p15card, file, &parent); + LOG_TEST_RET(ctx, r, "Cannot create file: select parent error"); + + r = sc_pkcs15init_authenticate(profile, p15card, parent, SC_AC_OP_CREATE); + LOG_TEST_RET(ctx, r, "Cannot create file: 'CREATE' authentication failed"); /* Fix up the file's ACLs */ - if ((r = sc_pkcs15init_fixup_file(pro, file)) < 0) - return r; + r = sc_pkcs15init_fixup_file(profile, p15card, file); + LOG_TEST_RET(ctx, r, "Cannot create file: file fixup failed"); /* ensure we are in the correct lifecycle */ - r = sc_pkcs15init_set_lifecycle(card, SC_CARDCTRL_LIFECYCLE_ADMIN); - if (r < 0 && r != SC_ERROR_NOT_SUPPORTED) - return r; + r = sc_pkcs15init_set_lifecycle(p15card->card, SC_CARDCTRL_LIFECYCLE_ADMIN); + if (r != SC_ERROR_NOT_SUPPORTED) + LOG_TEST_RET(ctx, r, "Cannot create file: failed to set lifecycle 'ADMIN'"); - r = sc_create_file(card, file); + r = sc_create_file(p15card->card, file); + LOG_TEST_RET(ctx, r, "Create file failed"); -out: if (parent) + if (parent) sc_file_free(parent); - return r; + LOG_FUNC_RETURN(ctx, r); } + int -sc_pkcs15init_update_file(struct sc_profile *profile, sc_card_t *card, - sc_file_t *file, void *data, unsigned int datalen) +sc_pkcs15init_update_file(struct sc_profile *profile, + struct sc_pkcs15_card *p15card, struct sc_file *file, + void *data, unsigned int datalen) { - struct sc_file *info = NULL; + struct sc_context *ctx = p15card->card->ctx; + struct sc_file *selected_file = NULL; void *copy = NULL; int r, need_to_zap = 0; - char pbuf[SC_MAX_PATH_STRING_SIZE]; - r = sc_path_print(pbuf, sizeof(pbuf), &file->path); - if (r != SC_SUCCESS) - pbuf[0] = '\0'; - sc_debug(card->ctx, "called, path=%s, %u bytes\n", pbuf, datalen); - - sc_ctx_suppress_errors_on(card->ctx); - if ((r = sc_select_file(card, &file->path, &info)) < 0) { - sc_ctx_suppress_errors_off(card->ctx); + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "path:%s; datalen:%i", sc_print_path(&file->path), datalen); + + r = sc_select_file(p15card->card, &file->path, &selected_file); + if (!r) { + need_to_zap = 1; + } + else if (r == SC_ERROR_FILE_NOT_FOUND) { /* Create file if it doesn't exist */ if (file->size < datalen) file->size = datalen; - if (r != SC_ERROR_FILE_NOT_FOUND - || (r = sc_pkcs15init_create_file(profile, card, file)) < 0 - || (r = sc_select_file(card, &file->path, &info)) < 0) - return r; - } else { - sc_ctx_suppress_errors_off(card->ctx); - need_to_zap = 1; - } - if (info->size < datalen) { - r = sc_path_print(pbuf, sizeof(pbuf), &file->path); - if (r != SC_SUCCESS) - pbuf[0] = '\0'; - - sc_error(card->ctx, - "File %s too small (require %u, have %u) - " - "please increase size in profile", pbuf, - datalen, info->size); - sc_file_free(info); - return SC_ERROR_TOO_MANY_OBJECTS; - } else if (info->size > datalen && need_to_zap) { + r = sc_pkcs15init_create_file(profile, p15card, file); + LOG_TEST_RET(ctx, r, "Failed to create file"); + + r = sc_select_file(p15card->card, &file->path, &selected_file); + LOG_TEST_RET(ctx, r, "Failed to select newly created file"); + } + else { + LOG_TEST_RET(ctx, r, "Failed to select file"); + } + + if (selected_file->size < datalen) { + sc_log(ctx, "File %s too small (require %u, have %u)", + sc_print_path(&file->path), datalen, selected_file->size); + sc_file_free(selected_file); + LOG_TEST_RET(ctx, SC_ERROR_FILE_TOO_SMALL, "Update file failed"); + } + else if (selected_file->size > datalen && need_to_zap) { /* zero out the rest of the file - we may have shrunk * the file contents */ - copy = calloc(1, info->size); + copy = calloc(1, selected_file->size); if (copy == NULL) { - sc_file_free(info); + sc_file_free(selected_file); return SC_ERROR_OUT_OF_MEMORY; } memcpy(copy, data, datalen); - datalen = info->size; + datalen = selected_file->size; data = copy; } /* Present authentication info needed */ - r = sc_pkcs15init_authenticate(profile, card, file, SC_AC_OP_UPDATE); - + r = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_UPDATE); if (r >= 0 && datalen) - r = sc_update_binary(card, 0, (const u8 *) data, datalen, 0); + r = sc_update_binary(p15card->card, 0, (const unsigned char *) data, datalen, 0); if (copy) free(copy); - sc_file_free(info); + sc_file_free(selected_file); return r; } /* - * Fix up all file ACLs - */ -int -sc_pkcs15init_fixup_file(struct sc_profile *profile, sc_file_t *file) -{ - sc_context_t *ctx = profile->card->ctx; - sc_acl_entry_t so_acl, user_acl; - unsigned int op, needfix = 0; - int ref; - - /* First, loop over all ACLs to find out whether there - * are still any symbolic references. - */ - for (op = 0; op < SC_MAX_AC_OPS; op++) { - const sc_acl_entry_t *acl; - - acl = sc_file_get_acl_entry(file, op); - for (; acl; acl = acl->next) { - if (acl->method == SC_AC_SYMBOLIC) - needfix++; - } - } - - if (!needfix) - return 0; - - /* If the profile doesn't specify a SO pin, change all - * ACLs that reference $sopin to NONE */ - ref = sc_keycache_find_named_pin(&file->path, SC_PKCS15INIT_SO_PIN); - if (ref < 0) { - so_acl.method = SC_AC_NONE; - so_acl.key_ref = 0; - } else { - if (ctx->debug >= 2) { - sc_debug(ctx, - "sc_pkcs15init_fixup_file: SO pin is CVH%d\n", - ref); - } - so_acl.method = SC_AC_CHV; - so_acl.key_ref = ref; - } - - ref = sc_keycache_find_named_pin(&file->path, SC_PKCS15INIT_USER_PIN); - if (ref < 0) { - user_acl.method = SC_AC_NONE; - user_acl.key_ref = 0; - } else { - if (ctx->debug >= 2) { - sc_debug(ctx, - "sc_pkcs15init_fixup_file: user pin is CVH%d\n", - ref); - } - user_acl.method = SC_AC_CHV; - user_acl.key_ref = ref; - } - - return sc_pkcs15init_fixup_acls(profile, file, &so_acl, &user_acl); -} - -/* * Fix up a file's ACLs by replacing all occurrences of a symbolic * PIN name with the real reference. */ -int -sc_pkcs15init_fixup_acls(struct sc_profile *profile, sc_file_t *file, - sc_acl_entry_t *so_acl, - sc_acl_entry_t *user_acl) -{ - sc_card_t *card = profile->card; - sc_acl_entry_t acls[16]; - unsigned int op, num; +static int +sc_pkcs15init_fixup_acls(struct sc_pkcs15_card *p15card, struct sc_file *file, + struct sc_acl_entry *so_acl, struct sc_acl_entry *user_acl) +{ + struct sc_context *ctx = p15card->card->ctx; + unsigned int op; int r = 0; + LOG_FUNC_CALLED(ctx); for (op = 0; r == 0 && op < SC_MAX_AC_OPS; op++) { - const sc_acl_entry_t *acl; + struct sc_acl_entry acls[SC_MAX_OP_ACS]; + const struct sc_acl_entry *acl; const char *what; - int added = 0; + int added = 0, num, ii; /* First, get original ACLs */ acl = sc_file_get_acl_entry(file, op); - for (num = 0; num < 16 && acl; num++, acl = acl->next) + for (num = 0; num < SC_MAX_OP_ACS && acl; num++, acl = acl->next) acls[num] = *acl; sc_file_clear_acl_entries(file, op); - for (acl = acls; acl < acls + num; acl++) { + for (ii = 0; ii < num; ii++) { + acl = acls + ii; if (acl->method != SC_AC_SYMBOLIC) goto next; + if (acl->key_ref == SC_PKCS15INIT_SO_PIN) { acl = so_acl; what = "SO PIN"; - } else if (acl->key_ref == SC_PKCS15INIT_USER_PIN) { + } + else if (acl->key_ref == SC_PKCS15INIT_USER_PIN) { acl = user_acl; what = "user PIN"; - } else { - sc_error(card->ctx, - "ACL references unknown symbolic PIN %d", - acl->key_ref); + } + else { + sc_log(ctx, "ACL references unknown symbolic PIN %d", acl->key_ref); return SC_ERROR_INVALID_ARGUMENTS; } /* If we weren't given a replacement ACL, * leave the original ACL untouched */ - if (acl == NULL || acl->key_ref == (unsigned int)-1) { - sc_error(card->ctx, - "ACL references %s, which is not defined", - what); + if (acl->key_ref == (unsigned int)-1) { + sc_log(ctx, "ACL references %s, which is not defined", what); return SC_ERROR_INVALID_ARGUMENTS; } if (acl->method == SC_AC_NONE) continue; - - next: sc_file_add_acl_entry(file, op, - acl->method, acl->key_ref); + next: + sc_file_add_acl_entry(file, op, acl->method, acl->key_ref); added++; } if (!added) sc_file_add_acl_entry(file, op, SC_AC_NONE, 0); } - return r; + LOG_FUNC_RETURN(ctx, r); +} + + +/* + * Fix up all file ACLs + */ +int +sc_pkcs15init_fixup_file(struct sc_profile *profile, + struct sc_pkcs15_card *p15card, struct sc_file *file) +{ + struct sc_context *ctx = profile->card->ctx; + struct sc_acl_entry so_acl, user_acl; + unsigned int op, needfix = 0; + int rv, pin_ref; + + LOG_FUNC_CALLED(ctx); + /* First, loop over all ACLs to find out whether there + * are still any symbolic references. + */ + for (op = 0; op < SC_MAX_AC_OPS; op++) { + const struct sc_acl_entry *acl; + + acl = sc_file_get_acl_entry(file, op); + for (; acl; acl = acl->next) + if (acl->method == SC_AC_SYMBOLIC) + needfix++; + } + + if (!needfix) + LOG_FUNC_RETURN(ctx, SC_SUCCESS); + + pin_ref = sc_pkcs15init_get_pin_reference(p15card, profile, SC_AC_SYMBOLIC, SC_PKCS15INIT_SO_PIN); + if (pin_ref < 0) { + so_acl.method = SC_AC_NONE; + so_acl.key_ref = 0; + } + else { + so_acl.method = SC_AC_CHV; + so_acl.key_ref = pin_ref; + } + + pin_ref = sc_pkcs15init_get_pin_reference(p15card, profile, SC_AC_SYMBOLIC, SC_PKCS15INIT_USER_PIN); + if (pin_ref < 0) { + user_acl.method = SC_AC_NONE; + user_acl.key_ref = 0; + } + else { + user_acl.method = SC_AC_CHV; + user_acl.key_ref = pin_ref; + } + sc_log(ctx, "so_acl(method:%X,ref:%X), user_acl(method:%X,ref:%X)", + so_acl.method, so_acl.key_ref, user_acl.method, user_acl.key_ref); + + rv = sc_pkcs15init_fixup_acls(p15card, file, &so_acl, &user_acl); + + LOG_FUNC_RETURN(ctx, rv); } -static int sc_pkcs15init_get_pin_path(sc_pkcs15_card_t *p15card, - sc_pkcs15_id_t *auth_id, sc_path_t *path) + +static int +sc_pkcs15init_get_pin_path(struct sc_pkcs15_card *p15card, + struct sc_pkcs15_id *auth_id, struct sc_path *path) { - sc_pkcs15_object_t *obj; + struct sc_pkcs15_object *obj; int r; r = sc_pkcs15_find_pin_by_auth_id(p15card, auth_id, &obj); if (r < 0) return r; - *path = ((sc_pkcs15_pin_info_t *) obj->data)->path; + *path = ((struct sc_pkcs15_pin_info *) obj->data)->path; return 0; } + int sc_pkcs15init_get_pin_info(struct sc_profile *profile, - unsigned int id, struct sc_pkcs15_pin_info *pin) + int id, struct sc_pkcs15_pin_info *pin) { sc_profile_get_pin_info(profile, id, pin); return 0; } + int sc_pkcs15init_get_manufacturer(struct sc_profile *profile, const char **res) { - *res = profile->p15_spec->manufacturer_id; + *res = profile->p15_spec->tokeninfo->manufacturer_id; return 0; } int sc_pkcs15init_get_serial(struct sc_profile *profile, const char **res) { - *res = profile->p15_spec->serial_number; + *res = profile->p15_spec->tokeninfo->serial_number; return 0; } -int -sc_pkcs15init_set_pin_data(sc_profile_t *profile, int id, - const u8 *key, size_t len) -{ - return sc_keycache_put_key(NULL, SC_AC_SYMBOLIC, id, key, len); -} int sc_pkcs15init_set_serial(struct sc_profile *profile, const char *serial) { - if (profile->p15_spec->serial_number) - free(profile->p15_spec->serial_number); - profile->p15_spec->serial_number = strdup(serial); + if (profile->p15_spec->tokeninfo->serial_number) + free(profile->p15_spec->tokeninfo->serial_number); + profile->p15_spec->tokeninfo->serial_number = strdup(serial); return 0; } + int sc_pkcs15init_get_label(struct sc_profile *profile, const char **res) { - *res = profile->p15_spec->label; + *res = profile->p15_spec->tokeninfo->label; return 0; } -static int sc_pkcs15init_qualify_pin(sc_card_t *card, const char *pin_name, - unsigned int pin_len, sc_pkcs15_pin_info_t *pin_info) + +/* + * Card specific sanity check procedure. + */ +int +sc_pkcs15init_sanity_check(struct sc_pkcs15_card *p15card, struct sc_profile *profile) +{ + struct sc_context *ctx = p15card->card->ctx; + int rv = SC_ERROR_NOT_SUPPORTED; + + LOG_FUNC_CALLED(ctx); + if (profile->ops->sanity_check) + rv = profile->ops->sanity_check(profile, p15card); + + LOG_FUNC_RETURN(ctx, rv); +} + + +static int +sc_pkcs15init_qualify_pin(struct sc_card *card, const char *pin_name, + unsigned int pin_len, struct sc_pkcs15_pin_info *pin_info) { if (pin_len == 0) return 0; if (pin_len < pin_info->min_length) { - sc_error(card->ctx, "%s too short (min length %u)", - pin_name, pin_info->min_length); + sc_log(card->ctx, "%s too short (min length %u)", pin_name, pin_info->min_length); return SC_ERROR_WRONG_LENGTH; } if (pin_len > pin_info->max_length) { - sc_error(card->ctx, "%s too long (max length %u)", - pin_name, pin_info->max_length); + sc_log(card->ctx, "%s too long (max length %u)", pin_name, pin_info->max_length); return SC_ERROR_WRONG_LENGTH; } return 0; } + /* * Get the list of options from the card, if it specifies them */ static int -sc_pkcs15init_read_info(sc_card_t *card, sc_profile_t *profile) +sc_pkcs15init_read_info(struct sc_card *card, struct sc_profile *profile) { - sc_path_t path; - sc_file_t *file = NULL; - u8 *mem = NULL; + struct sc_path path; + struct sc_file *file = NULL; + unsigned char *mem = NULL; size_t len = 0; int r; - sc_ctx_suppress_errors_on(card->ctx); sc_format_path(OPENSC_INFO_FILEPATH, &path); - if ((r = sc_select_file(card, &path, &file)) >= 0) { + r = sc_select_file(card, &path, &file); + if (r >= 0) { len = file->size; sc_file_free(file); - r = SC_ERROR_OUT_OF_MEMORY; - if ((mem = (u8 *) malloc(len)) != NULL) { + mem = malloc(len); + if (mem != NULL) { r = sc_read_binary(card, 0, mem, len, 0); + } else { + r = SC_ERROR_OUT_OF_MEMORY; } - } else { + } else r = 0; - } - sc_ctx_suppress_errors_off(card->ctx); if (r >= 0) r = sc_pkcs15init_parse_info(card, mem, len, profile); @@ -3737,12 +3603,13 @@ return r; } + static int set_info_string(char **strp, const u8 *p, size_t len) { char *s; - if (!(s = (char *) malloc(len+1))) + if (!(s = malloc(len+1))) return SC_ERROR_OUT_OF_MEMORY; memcpy(s, p, len); s[len] = '\0'; @@ -3762,12 +3629,12 @@ * (with or without len byte) is ok. */ static int -sc_pkcs15init_parse_info(sc_card_t *card, - const u8 *p, size_t len, - sc_profile_t *profile) +sc_pkcs15init_parse_info(struct sc_card *card, + const unsigned char *p, size_t len, + struct sc_profile *profile) { - u8 tag; - const u8 *end; + unsigned char tag; + const unsigned char *end; unsigned int nopts = 0; size_t n; @@ -3796,8 +3663,7 @@ break; case OPENSC_INFO_TAG_OPTION: if (nopts >= SC_PKCS15INIT_MAX_OPTIONS - 1) { - sc_error(card->ctx, - "Too many options in OpenSC Info file\n"); + sc_log(card->ctx, "Too many options in OpenSC Info file"); return SC_ERROR_PKCS15INIT; } r = set_info_string(&profile->options[nopts], p, n); @@ -3813,14 +3679,15 @@ return 0; error: - sc_error(card->ctx, "OpenSC info file corrupted\n"); + sc_log(card->ctx, "OpenSC info file corrupted"); return SC_ERROR_PKCS15INIT; } static int -do_encode_string(u8 **memp, u8 *end, u8 tag, const char *s) +do_encode_string(unsigned char **memp, unsigned char *end, + unsigned char tag, const char *s) { - u8 *p = *memp; + unsigned char *p = *memp; int n; n = s? strlen(s) : 0; @@ -3835,16 +3702,23 @@ return 0; } -static int sc_pkcs15init_write_info(sc_card_t *card, sc_profile_t *profile, - sc_pkcs15_object_t *pin_obj) + +static int +sc_pkcs15init_write_info(struct sc_pkcs15_card *p15card, + struct sc_profile *profile, + struct sc_pkcs15_object *pin_obj) { - sc_file_t *file = NULL; - sc_file_t *df = profile->df_info->file; - u8 buffer[512], *p, *end; + struct sc_file *file = NULL, *df = profile->df_info->file; + unsigned char buffer[128], *p, *end; unsigned int method; unsigned long key_ref; int n, r; + if (profile->ops->emu_write_info) + return profile->ops->emu_write_info(profile, p15card, pin_obj); + + memset(buffer, 0, sizeof(buffer)); + file = sc_file_new(); file->path.type = SC_PATH_TYPE_PATH; memcpy(file->path.value, df->path.value, df->path.len); @@ -3853,10 +3727,11 @@ file->type = SC_FILE_TYPE_WORKING_EF; file->ef_structure = SC_FILE_EF_TRANSPARENT; file->id = OPENSC_INFO_FILEID; + file->size = sizeof(buffer); if (pin_obj != NULL) { method = SC_AC_CHV; - key_ref = ((sc_pkcs15_pin_info_t *) pin_obj->data)->reference; + key_ref = ((struct sc_pkcs15_pin_info *) pin_obj->data)->reference; } else { method = SC_AC_NONE; /* Unprotected */ @@ -3876,12 +3751,8 @@ for (n = 0; r >= 0 && profile->options[n]; n++) r = do_encode_string(&p, end, OPENSC_INFO_TAG_OPTION, profile->options[n]); - if (r >= 0) { - file->size = p - buffer; - if (file->size < 128) - file->size = 128; - r = sc_pkcs15init_update_file(profile, card, file, buffer, p - buffer); - } + if (r >= 0) + r = sc_pkcs15init_update_file(profile, p15card, file, buffer, file->size); sc_file_free(file); return r; diff -Nru opensc-0.11.13/src/pkcs15init/pkcs15-miocos.c opensc-0.12.1/src/pkcs15init/pkcs15-miocos.c --- opensc-0.11.13/src/pkcs15init/pkcs15-miocos.c 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/pkcs15-miocos.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,66 +18,19 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #include -#include -#include -#include + +#include "libopensc/opensc.h" +#include "libopensc/cardctl.h" +#include "libopensc/log.h" #include "pkcs15-init.h" #include "profile.h" -/* - * Initialize the Application DF - */ -static int miocos_init_app(struct sc_profile *profile, sc_card_t *card, - struct sc_pkcs15_pin_info *pin_info, - const u8 *pin, size_t pin_len, const u8 *puk, size_t puk_len) -{ - /* Create the application DF */ - if (sc_pkcs15init_create_file(profile, card, profile->df_info->file)) - return 1; - - return 0; -} - -/* - * Store a PIN - */ -static int -miocos_new_pin(struct sc_profile *profile, sc_card_t *card, - struct sc_pkcs15_pin_info *info, unsigned int idx, - const u8 *pin, size_t pin_len, - const u8 *puk, size_t puk_len) -{ - struct sc_pkcs15_pin_info tmpinfo; - struct sc_cardctl_miocos_ac_info ac_info; - int r; - - info->path = profile->df_info->file->path; - r = sc_select_file(card, &info->path, NULL); - if (r) - return r; - memset(&ac_info, 0, sizeof(ac_info)); - info->reference = idx + 1; - ac_info.ref = idx + 1; - sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PIN, &tmpinfo); - ac_info.max_tries = tmpinfo.tries_left; - sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PUK, &tmpinfo); - ac_info.max_unblock_tries = tmpinfo.tries_left; - if (pin_len > 8) - pin_len = 8; - memcpy(ac_info.key_value, pin, pin_len); - if (puk_len > 8) - puk_len = 8; - strncpy((char *) ac_info.unblock_value, (const char *) puk, puk_len); - r = sc_card_ctl(card, SC_CARDCTL_MIOCOS_CREATE_AC, &ac_info); - if (r) - return r; - return 0; -} +#define MIOCOS_PIN_ID_MIN 1 +#define MIOCOS_PIN_ID_MAX 15 /* * Allocate a file @@ -122,7 +75,7 @@ * the generic class (SC_PKCS15_TYPE_CERT) */ if (!(type & ~SC_PKCS15_TYPE_CLASS_MASK)) { - sc_error(card->ctx, + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "File type not supported by card driver"); return SC_ERROR_INVALID_ARGUMENTS; } @@ -131,7 +84,7 @@ snprintf(name, sizeof(name), "template-%s", tag); if (sc_profile_get_file(profile, name, &file) < 0) { - sc_error(card->ctx, "Profile doesn't define %s template (%s)", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Profile doesn't define %s template (%s)", desc, name); return SC_ERROR_NOT_SUPPORTED; } @@ -165,61 +118,165 @@ } /* + * Initialize the Application DF + */ +static int +miocos_create_dir(struct sc_profile *profile, sc_pkcs15_card_t *p15card, + struct sc_file *df) +{ + /* Create the application DF */ + if (sc_pkcs15init_create_file(profile, p15card, profile->df_info->file)) + return 1; + + return 0; +} + +/* + * Validate PIN reference + */ +static int +miocos_select_pin_reference(struct sc_profile *profile, sc_pkcs15_card_t *p15card, + struct sc_pkcs15_pin_info *pin_info) +{ + + if (pin_info->reference < MIOCOS_PIN_ID_MIN) + pin_info->reference = MIOCOS_PIN_ID_MIN; + + return SC_SUCCESS; +} + +/* + * Create new PIN + */ +static int +miocos_create_pin(struct sc_profile *profile, sc_pkcs15_card_t *p15card, struct sc_file *df, + struct sc_pkcs15_object *pin_obj, + const u8 *pin, size_t pin_len, + const u8 *puk, size_t puk_len) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_pin_info *pin_info = (struct sc_pkcs15_pin_info *)pin_obj->data; + struct sc_pkcs15_pin_info tmpinfo; + struct sc_cardctl_miocos_ac_info ac_info; + int r; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + /* Ignore SOPIN */ + if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) + return SC_SUCCESS; + + pin_info->path = profile->df_info->file->path; + r = sc_select_file(p15card->card, &pin_info->path, NULL); + if (r) + return r; + memset(&ac_info, 0, sizeof(ac_info)); + ac_info.ref = pin_info->reference; + sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PIN, &tmpinfo); + ac_info.max_tries = tmpinfo.tries_left; + sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PUK, &tmpinfo); + ac_info.max_unblock_tries = tmpinfo.tries_left; + if (pin_len > 8) + pin_len = 8; + memcpy(ac_info.key_value, pin, pin_len); + if (puk_len > 8) + puk_len = 8; + strncpy((char *) ac_info.unblock_value, (const char *) puk, puk_len); + r = sc_card_ctl(p15card->card, SC_CARDCTL_MIOCOS_CREATE_AC, &ac_info); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Miocos create AC failed"); + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); +} + + +/* + * Create private key file + */ +static int +miocos_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct sc_pkcs15_object *object) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_prkey_info *key_info = (struct sc_pkcs15_prkey_info *)object->data; + struct sc_file *file; + int r; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + if (object->type != SC_PKCS15_TYPE_PRKEY_RSA) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "MioCOS supports only 1024-bit RSA keys."); + + if (key_info->modulus_length != 1024) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "MioCOS supports only 1024-bit RSA keys."); + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "create private key ID:%s\n", sc_pkcs15_print_id(&key_info->id)); + r = miocos_new_file(profile, p15card->card, SC_PKCS15_TYPE_PRKEY_RSA, key_info->key_reference, &file); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot create key: failed to allocate new key object"); + + memcpy(&file->path, &key_info->path, sizeof(file->path)); + file->id = file->path.value[file->path.len - 2] * 0x100 + + file->path.value[file->path.len - 1]; + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Path of private key file to create %s\n", sc_print_path(&file->path)); + + r = sc_pkcs15init_create_file(profile, p15card, file); + sc_file_free(file); + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r); +} + + +/* * Store a private key */ static int -miocos_new_key(struct sc_profile *profile, sc_card_t *card, - struct sc_pkcs15_prkey *key, unsigned int idx, - struct sc_pkcs15_prkey_info *info) +miocos_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct sc_pkcs15_object *object, + struct sc_pkcs15_prkey *key) { - sc_file_t *keyfile; + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_prkey_info *key_info = (struct sc_pkcs15_prkey_info *)object->data; struct sc_pkcs15_prkey_rsa *rsa; + struct sc_file *file = NULL; int r; - - if (key->algorithm != SC_ALGORITHM_RSA) { - sc_error(card->ctx, "MioCOS supports only 1024-bit RSA keys."); - return SC_ERROR_NOT_SUPPORTED; - } + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + if (object->type != SC_PKCS15_TYPE_PRKEY_RSA + || key->algorithm != SC_ALGORITHM_RSA) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "MioCOS supports only 1024-bit RSA keys."); + rsa = &key->u.rsa; - if (rsa->modulus.len != 128) { - sc_error(card->ctx, "MioCOS supports only 1024-bit RSA keys."); - return SC_ERROR_NOT_SUPPORTED; - } - r = miocos_new_file(profile, card, SC_PKCS15_TYPE_PRKEY_RSA, idx, - &keyfile); - if (r < 0) - return r; + if (rsa->modulus.len != 128) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "MioCOS supports only 1024-bit RSA keys."); - info->modulus_length = 1024; - info->path = keyfile->path; - r = sc_pkcs15init_create_file(profile, card, keyfile); - sc_file_free(keyfile); - if (r < 0) - return r; - r = miocos_update_private_key(profile, card, rsa); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "store key with ID:%s and path:%s\n", sc_pkcs15_print_id(&key_info->id), + sc_print_path(&key_info->path)); - return r; + r = sc_select_file(p15card->card, &key_info->path, &file); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot store key: select key file failed"); + + r = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_UPDATE); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "No authorisation to store private key"); + + r = miocos_update_private_key(profile, p15card->card, rsa); + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r); } static struct sc_pkcs15init_operations sc_pkcs15init_miocos_operations = { NULL, /* erase_card */ NULL, /* init_card */ - NULL, /* create_dir */ + miocos_create_dir, NULL, /* create_domain */ - NULL, /* select_pin_reference */ - NULL, /* create_pin */ + miocos_select_pin_reference, + miocos_create_pin, NULL, /* select_key_reference */ - NULL, /* create_key */ - NULL, /* store_key */ + miocos_create_key, + miocos_store_key, NULL, /* generate_key */ NULL, NULL, /* encode private/public key */ NULL, /* finalize_card */ - miocos_init_app, /* old */ - miocos_new_pin, - miocos_new_key, - miocos_new_file, - NULL, /* old_generate_key */ - NULL /* delete_object */ + NULL, /* delete_object */ + NULL, NULL, NULL, NULL, NULL, /* pkcs15init emulation */ + NULL /* sanity_check */ }; struct sc_pkcs15init_operations *sc_pkcs15init_get_miocos_ops(void) diff -Nru opensc-0.11.13/src/pkcs15init/pkcs15-muscle.c opensc-0.12.1/src/pkcs15init/pkcs15-muscle.c --- opensc-0.11.13/src/pkcs15init/pkcs15-muscle.c 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/pkcs15-muscle.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,9 +18,8 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #include #include @@ -29,57 +28,57 @@ #ifdef HAVE_UNISTD_H #include #endif -#include -#include -#include -#include -#include + +#include "libopensc/pkcs15.h" +#include "libopensc/opensc.h" +#include "libopensc/cardctl.h" +#include "libopensc/cards.h" +#include "libopensc/log.h" #include "pkcs15-init.h" #include "profile.h" - #define MUSCLE_KEY_ID_MIN 0x00 #define MUSCLE_KEY_ID_MAX 0x0F -static int muscle_erase_card(sc_profile_t *profile, sc_card_t *card) +static int muscle_erase_card(sc_profile_t *profile, sc_pkcs15_card_t *p15card) { int r; struct sc_file *file; struct sc_path path; memset(&file, 0, sizeof(file)); sc_format_path("3F00", &path); - if ((r = sc_select_file(card, &path, &file)) < 0) + if ((r = sc_select_file(p15card->card, &path, &file)) < 0) return r; - if ((r = sc_pkcs15init_authenticate(profile, card, file, SC_AC_OP_ERASE)) < 0) + if ((r = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_ERASE)) < 0) return r; - if ((r = sc_delete_file(card, &path)) < 0) + if ((r = sc_delete_file(p15card->card, &path)) < 0) return r; return 0; } -static int muscle_init_card(sc_profile_t *profile, sc_card_t *card) +static int muscle_init_card(sc_profile_t *profile, sc_pkcs15_card_t *p15card) { return 0; } static int -muscle_create_dir(sc_profile_t *profile, sc_card_t *card, sc_file_t *df) +muscle_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df) { int r; struct sc_file *file; struct sc_path path; memset(&file, 0, sizeof(file)); sc_format_path("3F00", &path); - if ((r = sc_select_file(card, &path, &file)) < 0) + if ((r = sc_select_file(p15card->card, &path, &file)) < 0) return r; - if ((r = sc_pkcs15init_authenticate(profile, card, file, SC_AC_OP_CREATE)) < 0) + if ((r = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_CREATE)) < 0) return r; /* Create the application DF */ - if ((r = sc_pkcs15init_create_file(profile, card, df)) < 0) + if ((r = sc_pkcs15init_create_file(profile, p15card, df)) < 0) return r; - if ((r = sc_select_file(card, &df->path, NULL)) < 0) + if ((r = sc_select_file(p15card->card, &df->path, NULL)) < 0) return r; @@ -87,7 +86,7 @@ } static int -muscle_create_pin(sc_profile_t *profile, sc_card_t *card, +muscle_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df, sc_pkcs15_object_t *pin_obj, const unsigned char *pin, size_t pin_len, const unsigned char *puk, size_t puk_len) @@ -95,25 +94,16 @@ sc_file_t *file; sc_pkcs15_pin_info_t *pin_info = (sc_pkcs15_pin_info_t *) pin_obj->data; int r; - int type; - if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) { - type = SC_PKCS15INIT_SO_PIN; - } else { - type = SC_PKCS15INIT_USER_PIN; - } - if ((r = sc_select_file(card, &df->path, &file)) < 0) + if ((r = sc_select_file(p15card->card, &df->path, &file)) < 0) return r; - if ((r = sc_pkcs15init_authenticate(profile, card, file, SC_AC_OP_WRITE)) < 0) + if ((r = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_WRITE)) < 0) return r; - sc_keycache_set_pin_name(&df->path, - pin_info->reference, - type); pin_info->flags &= ~SC_PKCS15_PIN_FLAG_LOCAL; return 0; } static int -muscle_select_pin_reference(sc_profile_t *profike, sc_card_t *card, +muscle_select_pin_reference(sc_profile_t *profike, sc_pkcs15_card_t *p15card, sc_pkcs15_pin_info_t *pin_info) { int preferred; @@ -139,17 +129,13 @@ * Select a key reference */ static int -muscle_select_key_reference(sc_profile_t *profile, sc_card_t *card, +muscle_select_key_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_prkey_info_t *key_info) { - struct sc_file *df = profile->df_info->file; - if (key_info->key_reference < MUSCLE_KEY_ID_MIN) key_info->key_reference = MUSCLE_KEY_ID_MIN; if (key_info->key_reference > MUSCLE_KEY_ID_MAX) return SC_ERROR_TOO_MANY_OBJECTS; - - key_info->path = df->path; return 0; } @@ -158,7 +144,7 @@ * This is a no-op. */ static int -muscle_create_key(sc_profile_t *profile, sc_card_t *card, +muscle_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_object_t *obj) { return 0; @@ -168,10 +154,11 @@ * Store a private key object. */ static int -muscle_store_key(sc_profile_t *profile, sc_card_t *card, +muscle_store_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_object_t *obj, sc_pkcs15_prkey_t *key) { + struct sc_context *ctx = p15card->card->ctx; sc_pkcs15_prkey_info_t *key_info = (sc_pkcs15_prkey_info_t *) obj->data; sc_file_t* prkf; struct sc_pkcs15_prkey_rsa *rsa; @@ -179,22 +166,22 @@ int r; if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) { - sc_error(card->ctx, "Muscle supports RSA keys only."); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Muscle supports RSA keys only."); return SC_ERROR_NOT_SUPPORTED; } /* Verification stuff */ /* Used for verification AND for obtaining private key acls */ r = sc_profile_get_file_by_path(profile, &key_info->path, &prkf); - if(!prkf) SC_FUNC_RETURN(card->ctx, 2,SC_ERROR_NOT_SUPPORTED); - r = sc_pkcs15init_authenticate(profile, card, prkf, SC_AC_OP_CRYPTO); + if(!prkf) SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE,SC_ERROR_NOT_SUPPORTED); + r = sc_pkcs15init_authenticate(profile, p15card, prkf, SC_AC_OP_CRYPTO); if (r < 0) { sc_file_free(prkf); - SC_FUNC_RETURN(card->ctx, 2,SC_ERROR_NOT_SUPPORTED); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE,SC_ERROR_NOT_SUPPORTED); } sc_file_free(prkf); - r = muscle_select_key_reference(profile, card, key_info); + r = muscle_select_key_reference(profile, p15card, key_info); if (r < 0) { - SC_FUNC_RETURN(card->ctx, 2,r); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE,r); } rsa = &key->u.rsa; @@ -215,44 +202,45 @@ info.dq1Length = rsa->dmq1.len; info.dq1Value = rsa->dmq1.data; - r = sc_card_ctl(card, SC_CARDCTL_MUSCLE_IMPORT_KEY, &info); + r = sc_card_ctl(p15card->card, SC_CARDCTL_MUSCLE_IMPORT_KEY, &info); if (r < 0) { - sc_error(card->ctx, "Unable to import key"); - SC_FUNC_RETURN(card->ctx, 2,r); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Unable to import key"); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE,r); } return r; } static int -muscle_generate_key(sc_profile_t *profile, sc_card_t *card, +muscle_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_object_t *obj, sc_pkcs15_pubkey_t *pubkey) { sc_cardctl_muscle_gen_key_info_t args; sc_cardctl_muscle_key_info_t extArgs; sc_pkcs15_prkey_info_t *key_info = (sc_pkcs15_prkey_info_t *) obj->data; + sc_card_t *card = p15card->card; sc_file_t* prkf; unsigned int keybits; int r; if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) { - sc_error(card->ctx, "Muscle supports only RSA keys (for now)."); - SC_FUNC_RETURN(card->ctx, 2,SC_ERROR_NOT_SUPPORTED); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Muscle supports only RSA keys (for now)."); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,SC_ERROR_NOT_SUPPORTED); } keybits = key_info->modulus_length & ~7UL; if (keybits > 2048) { - sc_error(card->ctx, "Unable to generate key, max size is %d", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unable to generate key, max size is %d", 2048); - SC_FUNC_RETURN(card->ctx, 2,SC_ERROR_INVALID_ARGUMENTS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,SC_ERROR_INVALID_ARGUMENTS); } /* Verification stuff */ /* Used for verification AND for obtaining private key acls */ r = sc_profile_get_file_by_path(profile, &key_info->path, &prkf); - if(!prkf) SC_FUNC_RETURN(card->ctx, 2,SC_ERROR_NOT_SUPPORTED); - r = sc_pkcs15init_authenticate(profile, card, prkf, SC_AC_OP_CRYPTO); + if(!prkf) SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,SC_ERROR_NOT_SUPPORTED); + r = sc_pkcs15init_authenticate(profile, p15card, prkf, SC_AC_OP_CRYPTO); if (r < 0) { sc_file_free(prkf); - SC_FUNC_RETURN(card->ctx, 2,SC_ERROR_NOT_SUPPORTED); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,SC_ERROR_NOT_SUPPORTED); } sc_file_free(prkf); @@ -269,8 +257,8 @@ r = sc_card_ctl(card, SC_CARDCTL_MUSCLE_GENERATE_KEY, &args); if (r < 0) { - sc_error(card->ctx, "Unable to generate key"); - SC_FUNC_RETURN(card->ctx, 2,r); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unable to generate key"); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,r); } memset(&extArgs, 0, sizeof(extArgs)); @@ -280,8 +268,8 @@ extArgs.keyLocation = args.publicKeyLocation; r = sc_card_ctl(card, SC_CARDCTL_MUSCLE_EXTRACT_KEY, &extArgs); if (r < 0) { - sc_error(card->ctx, "Unable to extract the public key"); - SC_FUNC_RETURN(card->ctx, 2,r); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unable to extract the public key"); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,r); } pubkey->algorithm = SC_ALGORITHM_RSA; @@ -305,20 +293,17 @@ muscle_init_card, /* init_card */ muscle_create_dir, /* create_dir */ NULL, /* create_domain */ - muscle_select_pin_reference, /* select pin reference */ - muscle_create_pin, /* Create PIN */ - muscle_select_key_reference, /* select_key_reference */ - muscle_create_key, /* create_key */ - muscle_store_key, /* store_key */ - muscle_generate_key, /* generate_key */ + muscle_select_pin_reference, /* select pin reference */ + muscle_create_pin, /* Create PIN */ + muscle_select_key_reference, /* select_key_reference */ + muscle_create_key, /* create_key */ + muscle_store_key, /* store_key */ + muscle_generate_key, /* generate_key */ NULL, NULL, /* encode private/public key */ NULL, /* finalize_card */ - NULL, /* old - initapp*/ - NULL, /* new_pin */ - NULL, /* new key */ - NULL, /* new file */ - NULL, /* generate key */ - NULL /* delete_object */ + NULL, /* delete_object */ + NULL, NULL, NULL, NULL, NULL, /* pkcs15init emulation */ + NULL /* sanity_check */ }; struct sc_pkcs15init_operations * diff -Nru opensc-0.11.13/src/pkcs15init/pkcs15-myeid.c opensc-0.12.1/src/pkcs15init/pkcs15-myeid.c --- opensc-0.11.13/src/pkcs15init/pkcs15-myeid.c 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/pkcs15-myeid.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,203 +18,335 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #include #include #include -#include -#include -#include + +#include "libopensc/opensc.h" +#include "libopensc/cardctl.h" +#include "libopensc/log.h" #include "pkcs15-init.h" -#include "keycache.h" #include "profile.h" +#undef KEEP_AC_NONE_FOR_INIT_APPLET + #define MYEID_MAX_PINS 14 unsigned char MYEID_DEFAULT_PUBKEY[] = {0x01, 0x00, 0x01}; #define MYEID_DEFAULT_PUBKEY_LEN sizeof(MYEID_DEFAULT_PUBKEY) -static int myeid_generate_store_key( sc_profile_t *, sc_card_t *, - unsigned int, unsigned int, sc_pkcs15_pubkey_t *, - sc_pkcs15_prkey_t *, sc_pkcs15_prkey_info_t *); - -static int myeid_create_pin_internal(sc_profile_t *, sc_card_t *, - int, sc_pkcs15_pin_info_t *, const u8 *, size_t, - const u8 *, size_t); - -static int myeid_puk_retries(sc_profile_t *profile, sc_pkcs15_pin_info_t *pin_info); - -static int acl_to_byte(const struct sc_acl_entry *e) -{ - switch (e->method) { - case SC_AC_NONE: - return 0x00; - case SC_AC_CHV: - case SC_AC_TERM: - case SC_AC_AUT: - if (e->key_ref == SC_AC_KEY_REF_NONE) - return 0x00; - if (e->key_ref < 1 || e->key_ref > MYEID_MAX_PINS) - return 0x00; - return e->key_ref; - case SC_AC_NEVER: - return 0x0F; - } - return 0x00; +/* For Myeid, all objects are files that can be deleted in any order */ +static int +myeid_delete_object(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct sc_pkcs15_object *object, const struct sc_path *path) +{ + SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE); + return sc_pkcs15init_delete_by_path(profile, p15card, path); +} + + +/* + * Get 'Initialize Applet' data + * using the ACLs defined in card profile. + */ +static int +myeid_get_init_applet_data(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + unsigned char *data, size_t data_len) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_file *tmp_file = NULL; + const struct sc_acl_entry *entry = NULL; + int r; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + + if (data_len < 8) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_BUFFER_TOO_SMALL, "Cannot get init applet data"); + + *(data + 0) = 0xFF; + *(data + 1) = 0xFF; + + /* MF acls */ + sc_file_dup(&tmp_file, profile->mf_info->file); + if (tmp_file == NULL) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY, "Cannot duplicate MF file"); + r = sc_pkcs15init_fixup_file(profile, p15card, tmp_file); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "MF fixup failed"); + + /* AC 'Create DF' and 'Create EF' */ + *(data + 2) = 0x00; /* 'NONE' */ + entry = sc_file_get_acl_entry(tmp_file, SC_AC_OP_CREATE); + if (entry->method == SC_AC_CHV) + *(data + 2) = entry->key_ref | (entry->key_ref << 4); /* 'CHVx'. */ + else if (entry->method == SC_AC_NEVER) + *(data + 2) = 0xFF; /* 'NEVER'. */ + + /* AC 'INITIALISE APPLET'. */ + *(data + 3) = 0x0F; /* 'NONE' */ +#ifndef KEEP_AC_NONE_FOR_INIT_APPLET + entry = sc_file_get_acl_entry(tmp_file, SC_AC_OP_DELETE); + if (entry->method == SC_AC_CHV) + *(data + 3) = (entry->key_ref << 4) | 0xF; + else if (entry->method == SC_AC_NEVER) + *(data + 3) = 0xFF; +#endif + *(data + 4) = 0xFF; + + sc_file_free(tmp_file); + tmp_file = NULL; + + /* Application DF (5015) acls */ + sc_file_dup(&tmp_file, profile->df_info->file); + if (tmp_file == NULL) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY, "Cannot duplicate Application DF file"); + r = sc_pkcs15init_fixup_file(profile, p15card, tmp_file); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Application DF fixup failed"); + + /* AC 'Create DF' and 'Create EF' */ + *(data + 5) = 0x00; /* 'NONE' */ + entry = sc_file_get_acl_entry(tmp_file, SC_AC_OP_CREATE); + if (entry->method == SC_AC_CHV) + *(data + 5) = entry->key_ref | (entry->key_ref << 4); /* 'CHVx' */ + else if (entry->method == SC_AC_NEVER) + *(data + 5) = 0xFF; /* 'NEVER'. */ + + /* AC 'Self delete' */ + *(data + 6) = 0x0F; /* 'NONE' */ + entry = sc_file_get_acl_entry(tmp_file, SC_AC_OP_DELETE); + if (entry->method == SC_AC_CHV) + *(data + 6) = (entry->key_ref << 4) | 0xF; /* 'CHVx' */ + else if (entry->method == SC_AC_NEVER) + *(data + 6) = 0xFF; /* 'NEVER'. */ + *(data + 7)= 0xFF; + sc_file_free(tmp_file); + + SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); } + /* * Erase the card. */ -static int myeid_erase_card(sc_profile_t *profile, sc_card_t *card) +static int +myeid_erase_card(struct sc_profile *profile, struct sc_pkcs15_card *p15card) { + struct sc_context *ctx = p15card->card->ctx; struct sc_cardctl_myeid_data_obj data_obj; - sc_pkcs15_pin_info_t sopin_info, pin_info; - - u8 data[8]; + struct sc_file *mf = NULL; + unsigned char data[8]; int r; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); - /* The SO pin has pin reference 1 -- not that it matters much - * because pkcs15-init will ask to enter all pins, even if we - * did a --so-pin on the command line. */ - sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PIN, &sopin_info); + r = myeid_get_init_applet_data(profile, p15card, data, sizeof(data)); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Get init applet date error"); /* Select parent DF and verify PINs/key as necessary */ - r = sc_pkcs15init_authenticate(profile, card, profile->mf_info->file, SC_AC_OP_DELETE); - if (r < 0) - return r == SC_ERROR_FILE_NOT_FOUND ? 0 : r; + r = sc_select_file(p15card->card, sc_get_mf_path(), &mf); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot select MF"); - data[0]= 0xFF; - data[1]= 0xFF; - data[2]= 0x11; - data[3]= 0x3F; - data[4]= 0xFF; - data[5]= 0x11; - data[6]= 0xFF; - data[7]= 0xFF; + /* ACLs are not actives if file is not in the operational state */ + if (mf->status == SC_FILE_STATUS_ACTIVATED) + r = sc_pkcs15init_authenticate(profile, p15card, mf, SC_AC_OP_DELETE); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "'DELETE' authentication failed on MF"); - sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PIN, &pin_info); - if(pin_info.reference > 0 && pin_info.reference <= MYEID_MAX_PINS && - sopin_info.reference > 0 && sopin_info.reference <= MYEID_MAX_PINS) - { - data[2] = (pin_info.reference << 4)| pin_info.reference; - data[3] = (sopin_info.reference << 4) | 0x0F; - data[5] = data[2]; - } - data_obj.P1 = 0x01; data_obj.P2 = 0xE0; data_obj.Data = data; - data_obj.DataLen = 0x08; + data_obj.DataLen = sizeof(data); - sc_debug(card->ctx, "so_pin(%d), user pin (%d)\n", - sopin_info.reference, pin_info.reference); - - r = sc_card_ctl(card, SC_CARDCTL_MYEID_PUTDATA, &data_obj); + r = sc_card_ctl(p15card->card, SC_CARDCTL_MYEID_PUTDATA, &data_obj); - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r); } -static int myeid_init_card(sc_profile_t *profile, - sc_card_t *card) +static int +myeid_init_card(sc_profile_t *profile, + sc_pkcs15_card_t *p15card) { - struct sc_path path; - sc_file_t *file; + struct sc_path path; + struct sc_file *file = NULL; int r; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE); sc_format_path("3F00", &path); - r = sc_select_file(card, &path, NULL); + r = sc_select_file(p15card->card, &path, &file); + + p15card->tokeninfo->flags = SC_PKCS15_TOKEN_PRN_GENERATION | SC_PKCS15_TOKEN_EID_COMPLIANT; + + if (file) + sc_file_free(file); - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r); } + /* * Create a DF */ -static int myeid_create_dir(sc_profile_t *profile, sc_card_t *card, sc_file_t *df) +static int +myeid_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df) { - int r=0; - struct sc_file *file; - - SC_FUNC_CALLED(card->ctx, 1); - if (!profile || !card || !df) + struct sc_context *ctx = p15card->card->ctx; + struct sc_file *file = NULL; + int r=0, ii; + static const char *create_dfs[] = { + "PKCS15-PrKDF", + "PKCS15-PuKDF", + "PKCS15-CDF", + "PKCS15-CDF-TRUSTED", + "PKCS15-DODF", + NULL + }; + + static const int create_dfs_val[] = { + SC_PKCS15_PRKDF, + SC_PKCS15_PUKDF, + SC_PKCS15_CDF, + SC_PKCS15_CDF_TRUSTED, + SC_PKCS15_DODF + }; + + if (!profile || !p15card || !df) return SC_ERROR_INVALID_ARGUMENTS; - sc_debug(card->ctx, "id (%x)\n",df->id); + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "id (%x)",df->id); if(df->id == 0x5015) { - sc_debug(card->ctx, "only Select (%x)\n",df->id); - r = sc_select_file(card, &df->path, NULL); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Select (%x)",df->id); + r = sc_select_file(p15card->card, &df->path, NULL); + + for (ii = 0; create_dfs[ii]; ii++) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Create '%s'", create_dfs[ii]); + + if (sc_profile_get_file(profile, create_dfs[ii], &file)) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Inconsistent profile: cannot find %s", create_dfs[ii]); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCONSISTENT_PROFILE); + } + + r = sc_pkcs15init_add_object(p15card, profile, create_dfs_val[ii], NULL); + + if (r != SC_ERROR_FILE_ALREADY_EXISTS) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Failed to create MyEID xDF file"); + } } - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r); } + + /* * Select the PIN reference */ -static int myeid_select_pin_reference(sc_profile_t *profile, sc_card_t *card, +static int +myeid_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_pin_info_t *pin_info) { - sc_pkcs15_pin_info_t pin_info_prof; - int type; - - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE); if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) { - type = SC_PKCS15INIT_SO_PIN; - sc_debug(card->ctx, "PIN_FLAG_SO_PIN, ref (%d), tries_left (%d)\n", - pin_info->reference,pin_info->tries_left); + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, + "PIN_FLAG_SO_PIN, ref (%d), tries_left (%d)", + pin_info->reference,pin_info->tries_left); } else { - type = SC_PKCS15INIT_USER_PIN; - sc_debug(card->ctx, "PIN_FLAG_PIN, ref (%d), tries_left (%d)\n", - pin_info->reference, pin_info->tries_left); + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, + "PIN_FLAG_PIN, ref (%d), tries_left (%d)", + pin_info->reference, pin_info->tries_left); } if (pin_info->reference <= 0 || pin_info->reference > MYEID_MAX_PINS) pin_info->reference = 1; - SC_FUNC_RETURN(card->ctx, 1, 0); + SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, 0); } /* * Create a new PIN */ -static int myeid_create_pin(sc_profile_t *profile, sc_card_t *card, - sc_file_t *df, sc_pkcs15_object_t *pin_obj, - const u8 *pin, size_t pin_len, - const u8 *puk, size_t puk_len) -{ - return myeid_create_pin_internal(profile, card, - 0, (sc_pkcs15_pin_info_t *) pin_obj->data, - pin, pin_len, - puk, puk_len); +static int +myeid_create_pin(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct sc_file *df, struct sc_pkcs15_object *pin_obj, + const unsigned char *pin, size_t pin_len, + const unsigned char *puk, size_t puk_len) +{ + struct sc_context *ctx = p15card->card->ctx; + unsigned char data[20]; + struct sc_cardctl_myeid_data_obj data_obj; + struct sc_pkcs15_pin_info *pin_info = (struct sc_pkcs15_pin_info *)pin_obj->data; + struct sc_pkcs15_pin_info puk_info; + int r; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "PIN('%s',ref:%i,flags:0x%X,pin_len:%d,puk_len:%d)\n", + pin_obj->label, pin_info->reference, pin_info->flags, pin_len, puk_len); + + if (pin_info->reference >= MYEID_MAX_PINS) + return SC_ERROR_INVALID_ARGUMENTS; + if (pin == NULL || puk == NULL || pin_len < 4 || puk_len < 4) + return SC_ERROR_INVALID_PIN_LENGTH; + + sc_profile_get_pin_info(profile, (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) + ? SC_PKCS15INIT_SO_PUK : SC_PKCS15INIT_USER_PUK, + &puk_info); + + memset(data, 0, sizeof(data)); + /* Make command to add a pin-record */ + data_obj.P1 = 0x01; + data_obj.P2 = pin_info->reference; /* myeid pin number */ + + memset(data, pin_info->pad_char, 8); + memcpy(&data[0], (u8 *)pin, pin_len); /* copy pin */ + + memset(&data[8], puk_info.pad_char, 8); + memcpy(&data[8], (u8 *)puk, puk_len); /* copy puk */ + + if(pin_info->tries_left > 0 && pin_info->tries_left < 15) + data[16] = pin_info->tries_left; + else + data[16] = 5; /* default value */ + + if(puk_info.tries_left > 0 && puk_info.tries_left < 15) + data[17] = puk_info.tries_left; + else + data[17] = 5; /* default value */ + + data[18] = 0x00; + + data_obj.Data = data; + data_obj.DataLen = 19; + + r = sc_card_ctl(p15card->card, SC_CARDCTL_MYEID_PUTDATA, &data_obj); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Initialize PIN failed"); + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r); } + /* * Setup file struct & path: get correct template from the profile, construct full path * num = number of objects of this type already on the card */ -static int myeid_new_file(sc_profile_t *profile, sc_card_t *card, +static int +myeid_new_file(sc_profile_t *profile, sc_card_t *card, unsigned int type, unsigned int num, sc_file_t **out) { sc_file_t *file; sc_path_t *p; - char name[64], *tag; + char name[64]; + const char *tag; int r; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); if (type == SC_PKCS15_TYPE_PRKEY_RSA) tag = "private-key"; else if (type == SC_PKCS15_TYPE_PUBKEY_RSA) @@ -225,7 +357,7 @@ tag = "data"; else { - sc_error(card->ctx, "Unsupported file type"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unsupported file type"); return SC_ERROR_INVALID_ARGUMENTS; } @@ -233,7 +365,7 @@ snprintf(name, sizeof(name), "template-%s", tag); if (sc_profile_get_file(profile, name, &file) < 0) { - sc_error(card->ctx, "Profile doesn't define %s", name); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Profile doesn't define %s", name); return SC_ERROR_NOT_SUPPORTED; } @@ -255,25 +387,30 @@ } *out = file; - SC_FUNC_RETURN(card->ctx, 1, 0); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, 0); } -static int myeid_encode_private_key(sc_profile_t *profile, sc_card_t *card, + +static int +myeid_encode_private_key(sc_profile_t *profile, sc_card_t *card, struct sc_pkcs15_prkey_rsa *rsa, u8 *key, size_t *keysize, int key_ref) { - SC_FUNC_CALLED(card->ctx, 1); - SC_FUNC_RETURN(card->ctx, 1, 0); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, 0); } -static int myeid_encode_public_key(sc_profile_t *profile, sc_card_t *card, +static int +myeid_encode_public_key(sc_profile_t *profile, sc_card_t *card, struct sc_pkcs15_prkey_rsa *rsa, u8 *key, size_t *keysize, int key_ref) { - SC_FUNC_CALLED(card->ctx, 1); - SC_FUNC_RETURN(card->ctx, 1, 0); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, 0); } + +#if 0 /* * Generate RSA key */ @@ -311,16 +448,13 @@ sc_pkcs15_prkey_info_t *info) { struct sc_cardctl_myeid_gen_store_key_info args; - struct sc_cardctl_myeid_data_obj data_obj; - unsigned char raw_pubkey[256]; int r; - unsigned int mod_len; sc_file_t *prkf = NULL; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); /* Parameter check */ if ( (keybits < 1024) || (keybits > 2048) || (keybits & 0X7)) { - sc_error(card->ctx, + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unsupported key size [%u]: 1024-2048 bit + 8-multiple\n", keybits); return SC_ERROR_INVALID_ARGUMENTS; } @@ -386,93 +520,207 @@ if (prkf) sc_file_free(prkf); - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } +#endif + /* - * Create a new PIN + * Store a private key */ -static int myeid_create_pin_internal(sc_profile_t *profile, sc_card_t *card, - int ignore_ac, sc_pkcs15_pin_info_t *pin_info, - const u8 *pin, size_t pin_len, - const u8 *puk, size_t puk_len) -{ - u8 data[20]; - int so_pin_ref; - int r,type, puk_tries; - struct sc_cardctl_myeid_data_obj data_obj; - sc_file_t *pinfile = NULL; +static int +myeid_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct sc_pkcs15_object *object) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_card *card = p15card->card; + struct sc_pkcs15_prkey_info *key_info = (struct sc_pkcs15_prkey_info *)object->data; + struct sc_file *file = NULL; + int keybits = key_info->modulus_length, r; + + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + /* Check that the card supports the requested modulus length */ + if (sc_card_find_rsa_alg(p15card->card, keybits) == NULL) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS, "Unsupported key size"); - SC_FUNC_CALLED(card->ctx, 1); - sc_debug(card->ctx, "pin (%d), pin_len (%d), puk_len(%d) \n", - pin_info->reference, pin_len, puk_len); - - if (pin_info->reference >= MYEID_MAX_PINS) - return SC_ERROR_INVALID_ARGUMENTS; - if (pin == NULL || puk == NULL || pin_len < 4 || puk_len < 4) - return SC_ERROR_INVALID_PIN_LENGTH; + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "create MyEID private key ID:%s", sc_pkcs15_print_id(&key_info->id)); - if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) - type = SC_PKCS15INIT_SO_PIN; - else - type = SC_PKCS15INIT_USER_PIN; + /* Get the private key file */ + r = myeid_new_file(profile, card, SC_PKCS15_TYPE_PRKEY_RSA, key_info->key_reference, &file); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot get new MyEID private key file"); - sc_debug(card->ctx, "pin type (%s)\n", - (type == SC_PKCS15INIT_SO_PIN) ? "SO_PIN": "USER_PIN"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Key file size %d", keybits); + file->size = keybits; - memset(data, 0xFF, sizeof(data)); - /* Make command to add a pin-record */ - data_obj.P1 = 01; - data_obj.P2 = pin_info->reference; /* myeid pin number */ - - memcpy(&data[0], (u8 *)pin, pin_len); /* copy pin*/ - memcpy(&data[8], (u8 *)puk, puk_len); /* copy puk */ + memcpy(&key_info->path.value, &file->path.value, file->path.len); + key_info->key_reference = file->path.value[file->path.len - 1] & 0xFF; - data[16] = 0x00; - data[17] = 0x00; - data[18] = 0x00; + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Path of MyEID private key file to create %s", + sc_print_path(&file->path)); - data_obj.Data = data; - data_obj.DataLen = 16; + /* Now create the key file */ + r = sc_pkcs15init_create_file(profile, p15card, file); + sc_file_free(file); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot create MyEID private key file"); - puk_tries = myeid_puk_retries(profile, pin_info); - if(pin_info->tries_left > 0 && pin_info->tries_left < 15 && - puk_tries > 0 && puk_tries < 15) - { - /* Optional PIN locking */ - data[16] = (pin_info->tries_left & 0x0F); - data[17] = (puk_tries & 0x0F); - data_obj.DataLen = 19; - } + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r); +} + + +/* + * Store a private key + */ +static int +myeid_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct sc_pkcs15_object *object, + struct sc_pkcs15_prkey *prkey) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_card *card = p15card->card; + struct sc_pkcs15_prkey_info *key_info = (struct sc_pkcs15_prkey_info *)object->data; + struct sc_cardctl_myeid_gen_store_key_info args; + struct sc_file *file = NULL; + int r, keybits = key_info->modulus_length; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + if (object->type != SC_PKCS15_TYPE_PRKEY_RSA) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "Store key failed: RSA only supported"); + + /* Check that the card supports the requested modulus length */ + if (sc_card_find_rsa_alg(p15card->card, keybits) == NULL) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS, "Unsupported key size"); + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "store MyEID key with ID:%s and path:%s", + sc_pkcs15_print_id(&key_info->id), sc_print_path(&key_info->path)); + + r = sc_select_file(card, &key_info->path, &file); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot store MyEID key: select key file failed"); + + r = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_UPDATE); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "No authorisation to store MyEID private key"); - r = sc_card_ctl(card, SC_CARDCTL_MYEID_PUTDATA, &data_obj); + if (file) + sc_file_free(file); - SC_FUNC_RETURN(card->ctx, 1, r); + /* Fill in data structure */ + memset(&args, 0, sizeof(args)); + args.mod_len = keybits; + args.op_type = OP_TYPE_STORE; + args.pubexp_len = prkey->u.rsa.exponent.len; + args.pubexp = prkey->u.rsa.exponent.data; + args.primep_len = prkey->u.rsa.p.len; + args.primep = prkey->u.rsa.p.data; + args.primeq_len = prkey->u.rsa.q.len; + args.primeq = prkey->u.rsa.q.data; + + args.dp1_len = prkey->u.rsa.dmp1.len; + args.dp1 = prkey->u.rsa.dmp1.data; + args.dq1_len = prkey->u.rsa.dmq1.len; + args.dq1 = prkey->u.rsa.dmq1.data; + args.invq_len = prkey->u.rsa.iqmp.len; + args.invq = prkey->u.rsa.iqmp.data; + + args.mod_len = prkey->u.rsa.modulus.len; + args.mod = prkey->u.rsa.modulus.data; + + /* Store RSA key */ + r = sc_card_ctl(card, SC_CARDCTL_MYEID_GENERATE_STORE_KEY, &args); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Card control 'MYEID_GENERATE_STORE_KEY' failed"); + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r); } -static int myeid_puk_retries(sc_profile_t *profile, sc_pkcs15_pin_info_t *pin_info) -{ - sc_pkcs15_pin_info_t puk_info; - sc_profile_get_pin_info(profile, - (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) ? - SC_PKCS15INIT_SO_PUK : SC_PKCS15INIT_USER_PUK, - &puk_info); +static int +myeid_generate_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct sc_pkcs15_object *object, + struct sc_pkcs15_pubkey *pubkey) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_card *card = p15card->card; + struct sc_pkcs15_prkey_info *key_info = (struct sc_pkcs15_prkey_info *)object->data; + struct sc_cardctl_myeid_gen_store_key_info args; + struct sc_file *file = NULL; + int r; + size_t keybits = key_info->modulus_length; + unsigned char raw_pubkey[256]; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + if (object->type != SC_PKCS15_TYPE_PRKEY_RSA) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "Store key failed: RSA only supported"); + + /* Check that the card supports the requested modulus length */ + if (sc_card_find_rsa_alg(p15card->card, keybits) == NULL) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS, "Unsupported key size"); + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "store MyEID key with ID:%s and path:%s", + sc_pkcs15_print_id(&key_info->id), sc_print_path(&key_info->path)); + + r = sc_select_file(card, &key_info->path, &file); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot store MyEID key: select key file failed"); - if ((puk_info.tries_left < 0) || (puk_info.tries_left >= 15)) - return -1; - return puk_info.tries_left; + r = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_GENERATE); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "No authorisation to generate MyEID private key"); + + /* Fill in data structure */ + memset(&args, 0, sizeof(args)); + args.mod_len = keybits; + args.op_type = OP_TYPE_GENERATE; + args.pubexp_len = MYEID_DEFAULT_PUBKEY_LEN; + args.pubexp = MYEID_DEFAULT_PUBKEY; + + /* Generate RSA key */ + r = sc_card_ctl(card, SC_CARDCTL_MYEID_GENERATE_STORE_KEY, &args); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Card control 'MYEID_GENERATE_STORE_KEY' failed"); + + /* Keypair generation -> collect public key info */ + /* FIXME: was not preset in original Aventra version. Need to be tested. (VT) */ + if (pubkey != NULL) { + struct sc_cardctl_myeid_data_obj data_obj; + + pubkey->algorithm = SC_ALGORITHM_RSA; + pubkey->u.rsa.modulus.len = (keybits + 7) / 8; + pubkey->u.rsa.modulus.data = malloc(pubkey->u.rsa.modulus.len); + pubkey->u.rsa.exponent.len = MYEID_DEFAULT_PUBKEY_LEN; + pubkey->u.rsa.exponent.data = malloc(MYEID_DEFAULT_PUBKEY_LEN); + memcpy(pubkey->u.rsa.exponent.data, MYEID_DEFAULT_PUBKEY, MYEID_DEFAULT_PUBKEY_LEN); + + /* Get public key modulus */ + r = sc_select_file(card, &file->path, NULL); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot get key modulus: select key file failed"); + + data_obj.P1 = 0x01; + data_obj.P2 = 0x01; + data_obj.Data = raw_pubkey; + data_obj.DataLen = sizeof(raw_pubkey); + + r = sc_card_ctl(card, SC_CARDCTL_MYEID_GETDATA, &data_obj); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot get key modulus: 'MYEID_GETDATA' failed"); + + if ((data_obj.DataLen * 8) != key_info->modulus_length) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_PKCS15INIT, "Cannot get key modulus: invalid key-size"); + + memcpy (pubkey->u.rsa.modulus.data, raw_pubkey, pubkey->u.rsa.modulus.len); + } + + if (file) + sc_file_free(file); + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r); } -/* For Myeid, all objects are files that can be deleted in any order */ -static int myeid_delete_object(struct sc_profile *profile, - struct sc_card *card, unsigned int type, - const void *data, const sc_path_t *path) +/* Finish initialization. After this ACL is in affect */ +static int myeid_finalize_card(sc_card_t *card) { - SC_FUNC_CALLED(card->ctx, 1); - return sc_pkcs15init_delete_by_path(profile, card, path); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, + sc_card_ctl(card, SC_CARDCTL_MYEID_ACTIVATE_CARD, NULL)); } + +/* + * Create a new PIN + */ static struct sc_pkcs15init_operations sc_pkcs15init_myeid_operations = { myeid_erase_card, myeid_init_card, /* init_card */ @@ -481,18 +729,15 @@ myeid_select_pin_reference, myeid_create_pin, NULL, /* select_key_reference */ - NULL, /* create_key */ - NULL, /* store_key */ - NULL, /* generate_key */ + myeid_create_key, + myeid_store_key, + myeid_generate_key, myeid_encode_private_key, myeid_encode_public_key, - NULL, /* finalize_card */ - NULL, - NULL, /* style api */ - myeid_new_key, - myeid_new_file, - myeid_generate_key, - myeid_delete_object + myeid_finalize_card, + myeid_delete_object, /* delete_object */ + NULL, NULL, NULL, NULL, NULL, /* pkcs15init emulation */ + NULL /* sanity_check */ }; struct sc_pkcs15init_operations *sc_pkcs15init_get_myeid_ops(void) diff -Nru opensc-0.11.13/src/pkcs15init/pkcs15-oberthur-awp.c opensc-0.12.1/src/pkcs15init/pkcs15-oberthur-awp.c --- opensc-0.11.13/src/pkcs15init/pkcs15-oberthur-awp.c 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/pkcs15-oberthur-awp.c 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,2000 @@ +/* + * Oberthur AWP extension for PKCS #15 initialization + * + * Copyright (C) 2010 Viktor Tarasov + * Copyright (C) 2002 Juha Yrjola + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * best view with tabstop=4 + * + */ + +#include +#include +#include + +#include "config.h" +#include "libopensc/opensc.h" +#include "libopensc/cardctl.h" +#include "libopensc/log.h" +#include "profile.h" +#include "pkcs15-init.h" +#include "pkcs15-oberthur.h" +#include "libopensc/asn1.h" + +#ifdef ENABLE_OPENSSL + +struct awp_lv zero_lv = { 0, NULL }; +struct awp_lv x30_lv = { 0x10, (unsigned char *)"0000000000000000" }; + +static unsigned char * +awp_get_commonName(X509 *x) +{ + unsigned char *ret = NULL; + int r; + + r = X509_NAME_get_index_by_NID(X509_get_subject_name(x), + NID_commonName, -1); + if (r >= 0) { + X509_NAME_ENTRY *ne; + ASN1_STRING *a_str; + + if (!(ne = X509_NAME_get_entry(X509_get_subject_name(x), r))) + ; + else if (!(a_str = X509_NAME_ENTRY_get_data(ne))) + ; + else if (a_str->type == 0x0C) { + ret = malloc(a_str->length + 1); + if (ret) { + memcpy(ret, a_str->data, a_str->length); + *(ret + a_str->length) = '\0'; + } + } + else { + unsigned char *tmp = NULL; + + r = ASN1_STRING_to_UTF8(&tmp, a_str); + if (r > 0) { + ret = malloc(r + 1); + if (ret) { + memcpy(ret, tmp, r); + *(ret + r) = '\0'; + } + + OPENSSL_free(tmp); + } + } + } + + return ret; +} + + +static int +awp_new_file(struct sc_pkcs15_card *p15card, struct sc_profile *profile, + unsigned int type, unsigned int num, + struct sc_file **info_out, struct sc_file **obj_out) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_file *ifile=NULL, *ofile=NULL; + char name[NAME_MAX_LEN]; + const char *itag=NULL, *otag=NULL; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "type 0x%X; num %i; info %p; obj %p", type, num, info_out, obj_out); + switch (type) { + case SC_PKCS15_TYPE_CERT_X509: + itag = "certificate-info"; + otag = "template-certificate"; + break; + case SC_PKCS15_TYPE_PRKEY_RSA: + case COSM_TYPE_PRKEY_RSA: + itag = "private-key-info"; + otag = "template-private-key"; + break; + case SC_PKCS15_TYPE_PUBKEY_RSA: + case COSM_TYPE_PUBKEY_RSA: + itag = "public-key-info"; + otag = "template-public-key"; + break; + case SC_PKCS15_TYPE_DATA_OBJECT: + itag = "data-info"; + otag = "template-data"; + break; + case COSM_TYPE_PRIVDATA_OBJECT: + itag = "privdata-info"; + otag = "template-privdata"; + break; + case SC_PKCS15_TYPE_AUTH_PIN: + case COSM_TOKENINFO : + itag = "token-info"; + num = 0; + break; + case COSM_PUBLIC_LIST: + itag = "public-list"; + num = 0; + break; + case COSM_PRIVATE_LIST: + itag = "private-list"; + num = 0; + break; + case COSM_CONTAINER_LIST: + itag = "container-list"; + num = 0; + break; + default: + return SC_ERROR_INVALID_ARGUMENTS; + } + + if (itag) { + snprintf(name, sizeof(name),"%s-%s", COSM_TITLE, itag); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "info template %s",name); + if (sc_profile_get_file(profile, name, &ifile) < 0) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "profile does not defines template '%s'", name); + return SC_ERROR_INCONSISTENT_PROFILE; + } + } + + if (otag) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "obj template %s",otag); + if (sc_profile_get_file(profile, otag, &ofile) < 0) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "profile does not defines template '%s'", name); + return SC_ERROR_INCONSISTENT_PROFILE; + } + + ofile->id |= (num & 0xFF); + ofile->path.value[ofile->path.len-1] |= (num & 0xFF); + } + + if (ifile) { + if(info_out) { + if (ofile) { + ifile->id = ofile->id | 0x100; + + ifile->path = ofile->path; + ifile->path.value[ifile->path.len-2] |= 0x01; + } + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "info_file(id:%04X,size:%i,rlen:%i)", + ifile->id, ifile->size, ifile->record_length); + *info_out = ifile; + } + else { + sc_file_free(ifile); + } + } + + if (ofile) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "obj file %04X; size %i; ", ofile->id, ofile->size); + if (obj_out) + *obj_out = ofile; + else + sc_file_free(ofile); + } + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); +} + + +static int +awp_update_blob(struct sc_context *ctx, + unsigned char **blob, int *blob_size, + struct awp_lv *lv, int type) +{ + unsigned char *pp; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + switch (type) { + case TLV_TYPE_LLV : + if (!(pp = realloc(*blob, *blob_size + 2 + lv->len))) + return SC_ERROR_OUT_OF_MEMORY; + *(pp + *blob_size) = (lv->len >> 8) & 0xFF; + *(pp + *blob_size + 1) = lv->len & 0xFF; + memcpy(pp + *blob_size + 2, lv->value, (lv->len & 0xFF)); + *blob_size += 2 + lv->len; + break; + case TLV_TYPE_LV : + if (!(pp = realloc(*blob, *blob_size + 1 + lv->len))) + return SC_ERROR_OUT_OF_MEMORY; + *(pp + *blob_size) = lv->len & 0xFF; + memcpy(pp + *blob_size + 1, lv->value, (lv->len & 0xFF)); + *blob_size += 1 + lv->len; + break; + case TLV_TYPE_V : + if (!(pp = realloc(*blob, *blob_size + lv->len))) + return SC_ERROR_OUT_OF_MEMORY; + memcpy(pp + *blob_size, lv->value, lv->len); + *blob_size += lv->len; + break; + default: + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Invalid tlv type %i",type); + return SC_ERROR_INCORRECT_PARAMETERS; + } + + *blob = pp; + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); +} + + +static int +awp_new_container_entry(struct sc_pkcs15_card *p15card, unsigned char *buff, int len) +{ + struct sc_context *ctx = p15card->card->ctx; + int ii, mm, rv = 0; + int marks[5] = {4,6,8,10,0}; + unsigned char rand_buf[0x10]; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + if (len<0x34) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCORRECT_PARAMETERS, "Invalid container update size"); + + rv = sc_get_challenge(p15card->card, rand_buf, sizeof(rand_buf)); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot get challenge"); + + *(buff + 12) = 0x26; + *(buff + 13) = '{'; + for (ii=0, mm = 0; iicard->ctx; + int rv; + unsigned char *buff = NULL; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "container file(file-id:%X,rlen:%i,rcount:%i)", + list_file->id, list_file->record_length, list_file->record_count); + + buff = malloc(list_file->record_length); + if (!buff) + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); + + memset(buff, 0, list_file->record_length); + + rv = awp_new_container_entry(p15card, buff, list_file->record_length); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot create container"); + + *(buff + 0) = (acc->pubkey_id >> 8) & 0xFF; + *(buff + 1) = acc->pubkey_id & 0xFF; + *(buff + 2) = (acc->prkey_id >> 8) & 0xFF; + *(buff + 3) = acc->prkey_id & 0xFF; + *(buff + 4) = (acc->cert_id >> 8) & 0xFF; + *(buff + 5) = acc->cert_id & 0xFF; + + rv = sc_select_file(p15card->card, &list_file->path, NULL); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "rv:%i", rv); + if (rv == SC_ERROR_FILE_NOT_FOUND) + rv = sc_pkcs15init_create_file(profile, p15card, list_file); + + if (!rv) + rv = sc_append_record(p15card->card, buff, list_file->record_length, SC_RECORD_BY_REC_NR); + + free(buff); + + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "return after failure"); + + rv = 0; + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv); +} + + +static int +awp_create_container(struct sc_pkcs15_card *p15card, struct sc_profile *profile, int type, + struct awp_lv *key_id, struct awp_crypto_container *acc) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_file *clist = NULL, *file = NULL; + int rv = 0; + unsigned char *list = NULL; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "create container(%X:%X:%X)", acc->prkey_id, acc->cert_id, acc->pubkey_id); + + rv = awp_new_file(p15card, profile, COSM_CONTAINER_LIST, 0, &clist, NULL); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Create container failed"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "contaner cfile(rcount:%i,rlength:%i)", clist->record_count, clist->record_length); + + rv = sc_select_file(p15card->card, &clist->path, &file); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Create container failed: cannot select container's list"); + file->record_length = clist->record_length; + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "contaner file(rcount:%i,rlength:%i)", file->record_count, file->record_length); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Append new record %i for private key", file->record_count + 1); + + rv = awp_create_container_record(p15card, profile, file, acc); + + if (clist) + sc_file_free(clist); + if (file) + sc_file_free(file); + if (list) + free(list); + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv); +} + + +static int +awp_update_container_entry (struct sc_pkcs15_card *p15card, struct sc_profile *profile, + struct sc_file *list_file, int type, int file_id, + int rec, int offs) +{ + struct sc_context *ctx = p15card->card->ctx; + int rv; + unsigned char *buff = NULL; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "update container entry(type:%X,len:%i,count %i,rec %i,offs %i", type, file_id, rec, offs); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "container file(file-id:%X,rlen:%i,rcount:%i)", + list_file->id, list_file->record_length, list_file->record_count); + + buff = malloc(list_file->record_length); + if (!buff) + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); + + memset(buff, 0, list_file->record_length); + + if (rec > list_file->record_count) { + rv = awp_new_container_entry(p15card, buff, list_file->record_length); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot create container"); + } + else { + rv = sc_select_file(p15card->card, &list_file->path, NULL); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot select list_file"); + + rv = sc_read_record(p15card->card, rec, buff, list_file->record_length, SC_RECORD_BY_REC_NR); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot read record"); + } + + switch (type) { + case SC_PKCS15_TYPE_PUBKEY_RSA: + case COSM_TYPE_PUBKEY_RSA: + if (*(buff + offs + 4)) + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Insert public key to container that contains certificate %02X%02X", + *(buff + offs + 4), *(buff + offs + 5)); + *(buff + offs + 0) = (file_id >> 8) & 0xFF; + *(buff + offs + 1) = file_id & 0xFF; + break; + case SC_PKCS15_TYPE_PRKEY_RSA: + case COSM_TYPE_PRKEY_RSA: + if (*(buff + offs + 2)) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_CARD, "private key exists already"); + + *(buff + offs + 2) = (file_id >> 8) & 0xFF; + *(buff + offs + 3) = file_id & 0xFF; + break; + case SC_PKCS15_TYPE_CERT_X509 : + *(buff + offs + 4) = (file_id >> 8) & 0xFF; + *(buff + offs + 5) = file_id & 0xFF; + break; + default: + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCORRECT_PARAMETERS, "invalid object type"); + } + + if (rec > list_file->record_count) { + rv = sc_select_file(p15card->card, &list_file->path, NULL); + if (rv == SC_ERROR_FILE_NOT_FOUND) + rv = sc_pkcs15init_create_file(profile, p15card, list_file); + + if (!rv) + rv = sc_append_record(p15card->card, buff, list_file->record_length, SC_RECORD_BY_REC_NR); + } + else { + rv = sc_update_record(p15card->card, rec, buff, list_file->record_length, SC_RECORD_BY_REC_NR); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "rv:%i", rv); + } + + free(buff); + + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "return after failure"); + + rv = 0; + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv); +} + + +static int +awp_remove_container_entry (struct sc_pkcs15_card *p15card, struct sc_profile *profile, + int type, int file_id) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_file *clist=NULL, *file=NULL; + int rv = 0, ii; + unsigned rec, rec_len; + unsigned char *buff=NULL, id[2]; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "file_id %X", file_id); + + rv = awp_new_file(p15card, profile, COSM_CONTAINER_LIST, 0, &clist, NULL); + if (rv) + goto done; + + rv = sc_select_file(p15card->card, &clist->path, &file); + if (rv) + goto done; + + if (!(buff = malloc(file->record_length))) { + rv = SC_ERROR_OUT_OF_MEMORY; + goto done; + } + + id[0] = (file_id >> 8) & 0xFF; + id[1] = file_id & 0xFF; + + for (rec = 1; rec <= file->record_count; rec++) { + rv = sc_read_record(p15card->card, rec, buff, file->record_length, SC_RECORD_BY_REC_NR); + if (rv < 0) + break; + rec_len = rv; + + for (ii=0; ii<12; ii+=2) + if (!memcmp(id, buff+ii, 2)) + break; + if (ii==12) + continue; + + *(buff + ii + 0) = 0; + *(buff + ii + 1) = 0; + + if (type == SC_PKCS15_TYPE_PRKEY_RSA || type == COSM_TYPE_PRKEY_RSA) + memset(buff + ii/6*6, 0, 6); + + if (!memcmp(buff,"\0\0\0\0\0\0\0\0\0\0\0\0",12)) { + rv = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_ERASE); + if (rv) + break; + rv = sc_delete_record(p15card->card, rec); + + if (rv) + break; + + rv = awp_remove_container_entry(p15card, profile, type, file_id); + break; + } + else { + rv = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_UPDATE); + if (rv) + break; + rv = sc_update_record(p15card->card, rec, buff, rec_len, SC_RECORD_BY_REC_NR); + } + + if (rv<0) + break; + } + + if (rv>0) + rv = 0; + +done: + if (buff) free(buff); + if (file) sc_file_free(file); + if (clist) sc_file_free(clist); + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv); +} + + +static int +awp_update_container(struct sc_pkcs15_card *p15card, struct sc_profile *profile, int type, + struct awp_lv *key_id, unsigned obj_id, unsigned int *prkey_id) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_file *clist = NULL, *file = NULL; + struct sc_path private_path; + int rv = 0, rec, rec_offs; + unsigned char *list = NULL; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "update container(type:%X,obj_id:%X)", type, obj_id); + + if (prkey_id) + *prkey_id = 0; + + /* + * Get path of the DF that contains private objects. + */ + rv = awp_new_file(p15card, profile, SC_PKCS15_TYPE_PRKEY_RSA, 1, NULL, &file); + if (rv) + goto done; + private_path = file->path; + sc_file_free(file), file=NULL; + + rv = awp_new_file(p15card, profile, COSM_CONTAINER_LIST, 0, &clist, NULL); + if (rv) + goto done; + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "contaner cfile(rcount:%i,rlength:%i)", clist->record_count, clist->record_length); + + rv = sc_select_file(p15card->card, &clist->path, &file); + if (rv) + goto done; + file->record_length = clist->record_length; + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "contaner file(rcount:%i,rlength:%i)", file->record_count, file->record_length); + if (type == SC_PKCS15_TYPE_PRKEY_RSA || type == COSM_TYPE_PRKEY_RSA) { + rec_offs = 0; + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Append new record %i for private key", file->record_count + 1); + rv = awp_update_container_entry(p15card, profile, file, type, obj_id, file->record_count + 1, rec_offs); + goto done; + } + + list = malloc(AWP_CONTAINER_RECORD_LEN * file->record_count); + if (!list) { + rv = SC_ERROR_OUT_OF_MEMORY; + goto done; + } + + rv = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_READ); + if (rv) + goto done; + + for (rec=0; rec < file->record_count; rec++) { + unsigned char tmp[256]; + + rv = sc_read_record(p15card->card, rec + 1, tmp, sizeof(tmp), SC_RECORD_BY_REC_NR); + if (rv >= AWP_CONTAINER_RECORD_LEN) + memcpy(list + rec*AWP_CONTAINER_RECORD_LEN, tmp, AWP_CONTAINER_RECORD_LEN); + else + goto done; + } + + for (rec=0, rv=0; !rv && rec < file->record_count; rec++) { + for (rec_offs=0; !rv && rec_offs<12; rec_offs+=6) { + int offs; + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "rec %i; rec_offs %i", rec, rec_offs); + offs = rec*AWP_CONTAINER_RECORD_LEN + rec_offs; + if (*(list + offs + 2)) { + unsigned char *buff = NULL; + int id_offs; + struct sc_path path = private_path; + struct sc_file *ff = NULL; + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "container contains PrKey %02X%02X", *(list + offs + 2), *(list + offs + 3)); + path.value[path.len - 2] = *(list + offs + 2) | 0x01; + path.value[path.len - 1] = *(list + offs + 3); + rv = sc_select_file(p15card->card, &path, &ff); + if (rv) + continue; + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "file id %X; size %i", ff->id, ff->size); + buff = malloc(ff->size); + if (!buff) { + rv = SC_ERROR_OUT_OF_MEMORY; + break; + } + + rv = sc_pkcs15init_authenticate(profile, p15card, ff, SC_AC_OP_READ); + if (rv) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "sc_pkcs15init_authenticate(READ) failed"); + break; + } + + rv = sc_read_binary(p15card->card, 0, buff, ff->size, 0); + if (rv == ff->size) { + rv = 0; + id_offs = 5 + *(buff+3); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "rec %i; id offset %i",rec, id_offs); + if (key_id->len == *(buff + id_offs) && + !memcmp(key_id->value, buff + id_offs + 1, key_id->len)) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "found key file friend"); + if (!rv) + rv = awp_update_container_entry(p15card, profile, file, type, obj_id, rec + 1, rec_offs); + + if (rv >= 0 && prkey_id) { + *prkey_id = *(list + offs + 2) * 0x100 + *(list + offs + 3); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "*prkey_id 0x%X", *prkey_id); + } + } + } + + free(buff); + sc_file_free(ff); + } + } + } + +done: + if (clist) sc_file_free(clist); + if (file) sc_file_free(file); + if (list) free(list); + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv); +} + + +static int +awp_update_df_create_pin(struct sc_pkcs15_card *p15card, struct sc_profile *profile, + struct sc_pkcs15_object *pinobj) +{ + SC_FUNC_CALLED(p15card->card->ctx, 1); + /* No update DF when creating PIN objects */ + SC_FUNC_RETURN(p15card->card->ctx, 1, SC_SUCCESS); +} + + +static int +awp_set_certificate_info (struct sc_pkcs15_card *p15card, + struct sc_profile *profile, + struct sc_file *file, + struct awp_cert_info *ci) +{ + struct sc_context *ctx = p15card->card->ctx; + int r = 0, blob_size; + unsigned char *blob; + const char *default_cert_label = "Certificate"; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + blob_size = 2; + if (!(blob = malloc(blob_size))) { + r = SC_ERROR_OUT_OF_MEMORY; + goto done; + } + + /* TODO: cert flags */ + *blob = (COSM_TAG_CERT >> 8) & 0xFF; + *(blob + 1) = COSM_TAG_CERT & 0xFF; + + if (ci->label.len + && ci->label.len != strlen(default_cert_label) + && memcmp(ci->label.value, default_cert_label, strlen(default_cert_label))) + r = awp_update_blob(ctx, &blob, &blob_size, &ci->label, TLV_TYPE_LLV); + else + r = awp_update_blob(ctx, &blob, &blob_size, &ci->cn, TLV_TYPE_LLV); + if (r) + goto done; + + r = awp_update_blob(ctx, &blob, &blob_size, &ci->id, TLV_TYPE_LLV); + if (r) + goto done; + + r = awp_update_blob(ctx, &blob, &blob_size, &ci->subject, TLV_TYPE_LLV); + if (r) + goto done; + + if (ci->issuer.len != ci->subject.len || + memcmp(ci->issuer.value, ci->subject.value, ci->subject.len)) { + r = awp_update_blob(ctx, &blob, &blob_size, &ci->issuer, TLV_TYPE_LLV); + if (r) + goto done; + r = awp_update_blob(ctx, &blob, &blob_size, &ci->serial, TLV_TYPE_LLV); + if (r) + goto done; + } + else { + r = awp_update_blob(ctx, &blob, &blob_size, &zero_lv, TLV_TYPE_LLV); + if (r) + goto done; + r = awp_update_blob(ctx, &blob, &blob_size, &zero_lv, TLV_TYPE_LLV); + if (r) + goto done; + } + + file->size = blob_size; + r = sc_pkcs15init_create_file(profile, p15card, file); + if (r) + goto done; + + r = sc_pkcs15init_update_file(profile, p15card, file, blob, blob_size); + if (r < 0) + goto done; + + r = 0; +done: + if (blob) + free(blob); + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r); +} + + +static int +awp_update_object_list(struct sc_pkcs15_card *p15card, struct sc_profile *profile, + unsigned int type, int num) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_file *obj_file = NULL, *lst_file = NULL; + struct sc_file *file = NULL; + char obj_name[NAME_MAX_LEN], lst_name[NAME_MAX_LEN]; + unsigned char *buff = NULL; + int rv, ii; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "type %i, num %i", type, num); + switch (type) { + case SC_PKCS15_TYPE_CERT_X509: + snprintf(obj_name, NAME_MAX_LEN, "template-certificate"); + snprintf(lst_name, NAME_MAX_LEN,"%s-public-list", COSM_TITLE); + break; + case SC_PKCS15_TYPE_PUBKEY_RSA: + case COSM_TYPE_PUBKEY_RSA: + snprintf(obj_name, NAME_MAX_LEN, "template-public-key"); + snprintf(lst_name, NAME_MAX_LEN,"%s-public-list", COSM_TITLE); + break; + case SC_PKCS15_TYPE_DATA_OBJECT: + snprintf(obj_name, NAME_MAX_LEN, "template-data"); + snprintf(lst_name, NAME_MAX_LEN,"%s-public-list", COSM_TITLE); + break; + case COSM_TYPE_PRIVDATA_OBJECT: + snprintf(obj_name, NAME_MAX_LEN, "template-privdata"); + snprintf(lst_name, NAME_MAX_LEN,"%s-private-list", COSM_TITLE); + break; + case SC_PKCS15_TYPE_PRKEY_RSA: + case COSM_TYPE_PRKEY_RSA: + snprintf(obj_name, NAME_MAX_LEN,"template-private-key"); + snprintf(lst_name, NAME_MAX_LEN,"%s-private-list", COSM_TITLE); + break; + default: + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Not supported file type %X", type); + return SC_ERROR_INVALID_ARGUMENTS; + } + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "obj_name %s; num 0x%X",obj_name, num); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "lst_name %s",lst_name); + if (sc_profile_get_file(profile, obj_name, &obj_file) < 0) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "No profile template '%s'", obj_name); + rv = SC_ERROR_NOT_SUPPORTED; + goto done; + } + else if (sc_profile_get_file(profile, lst_name, &lst_file) < 0) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "No profile template '%s'", lst_name); + rv = SC_ERROR_NOT_SUPPORTED; + goto done; + } + + obj_file->id |= (num & 0xFF); + obj_file->path.value[obj_file->path.len-1] |= (num & 0xFF); + + rv = sc_select_file(p15card->card, &obj_file->path, &file); + if (rv) + goto done; + + if (type == SC_PKCS15_TYPE_PUBKEY_RSA || type == COSM_TYPE_PUBKEY_RSA) { + if (file->size==PUBKEY_512_ASN1_SIZE) + file->size = 512; + else if (file->size==PUBKEY_1024_ASN1_SIZE) + file->size = 1024; + else if (file->size==PUBKEY_2048_ASN1_SIZE) + file->size = 2048; + } + + buff = malloc(lst_file->size); + if (!buff) { + rv = SC_ERROR_OUT_OF_MEMORY; + goto done; + } + + rv = sc_pkcs15init_authenticate(profile, p15card, lst_file, SC_AC_OP_READ); + if (rv) + goto done; + rv = sc_pkcs15init_authenticate(profile, p15card, lst_file, SC_AC_OP_UPDATE); + if (rv) + goto done; + + rv = sc_select_file(p15card->card, &lst_file->path, NULL); + if (rv == SC_ERROR_FILE_NOT_FOUND) + rv = sc_pkcs15init_create_file(profile, p15card, lst_file); + if (rv < 0) + goto done; + + rv = sc_read_binary(p15card->card, 0, buff, lst_file->size, lst_file->ef_structure); + if (rv < 0) + goto done; + + for (ii=0; ii < lst_file->size; ii+=5) + if (*(buff + ii) != COSM_LIST_TAG) + break; + if (ii>=lst_file->size) { + rv = SC_ERROR_UNKNOWN_DATA_RECEIVED; + goto done; + } + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "ii %i, rv %i; %X; %i", ii, rv, file->id, file->size); + *(buff + ii) = COSM_LIST_TAG; + *(buff + ii + 1) = (file->id >> 8) & 0xFF; + *(buff + ii + 2) = file->id & 0xFF; + *(buff + ii + 3) = (file->size >> 8) & 0xFF; + *(buff + ii + 4) = file->size & 0xFF; + + rv = sc_update_binary(p15card->card, ii, buff + ii, 5, 0); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "rv %i",rv); + if (rv < 0) + goto done; + + rv = 0; +done: + if (buff) + free(buff); + sc_file_free(lst_file); + sc_file_free(obj_file); + sc_file_free(file); + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv); +} + + +static int +awp_encode_key_info(struct sc_pkcs15_card *p15card, struct sc_pkcs15_object *obj, + struct sc_pkcs15_pubkey_rsa *pubkey, struct awp_key_info *ki) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_prkey_info *key_info; + int r = 0; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + ERR_load_ERR_strings(); + ERR_load_crypto_strings(); + + key_info = (struct sc_pkcs15_prkey_info *)obj->data; + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "object(%s,type:%X)", obj->label, obj->type); + if (obj->type == SC_PKCS15_TYPE_PUBKEY_RSA || obj->type == COSM_TYPE_PUBKEY_RSA ) + ki->flags = COSM_TAG_PUBKEY_RSA; + else if (obj->type == SC_PKCS15_TYPE_PRKEY_RSA || obj->type == COSM_TYPE_PRKEY_RSA) + ki->flags = COSM_TAG_PRVKEY_RSA; + else + return SC_ERROR_INCORRECT_PARAMETERS; + + if (obj->type == COSM_TYPE_PUBKEY_RSA || obj->type == COSM_TYPE_PRKEY_RSA) + ki->flags |= COSM_GENERATED; + + if (obj->label) { + ki->label.value = (unsigned char *)strdup(obj->label); + ki->label.len = strlen(obj->label); + } + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "cosm_encode_key_info() label(%i):%s",ki->label.len, ki->label.value); + + /* + * Oberthur saves modulus value without tag and length. + */ + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "pubkey->modulus.len %i",pubkey->modulus.len); + ki->modulus.value = malloc(pubkey->modulus.len); + if (!ki->modulus.value) { + r = SC_ERROR_OUT_OF_MEMORY; + goto done; + } + memcpy(ki->modulus.value, pubkey->modulus.data, pubkey->modulus.len); + ki->modulus.len = pubkey->modulus.len; + + /* + * Oberthur saves exponents as length and value, without tag. + */ + ki->exponent.value = malloc(pubkey->exponent.len); + if (!ki->exponent.value) { + r = SC_ERROR_OUT_OF_MEMORY; + goto done; + } + memcpy(ki->exponent.value, pubkey->exponent.data, pubkey->exponent.len); + ki->exponent.len = pubkey->exponent.len; + + /* + * ID + */ + ki->id.value = calloc(1, key_info->id.len); + if (!ki->id.value) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY, "AWP encode cert failed: ID allocation error"); + memcpy(ki->id.value, key_info->id.value, key_info->id.len); + ki->id.len = key_info->id.len; + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "cosm_encode_key_info() label:%s",ki->label.value); +done: + ERR_load_ERR_strings(); + ERR_load_crypto_strings(); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r); +} + + +static void +awp_free_key_info(struct awp_key_info *ki) +{ + if (ki->modulus.value) + free(ki->modulus.value); + if (ki->exponent.value) + free(ki->exponent.value); + if (ki->id.value) + free(ki->id.value); +} + + +static int +awp_set_key_info (struct sc_pkcs15_card *p15card, struct sc_profile *profile, struct sc_file *file, + struct awp_key_info *ki, struct awp_cert_info *ci) +{ + struct sc_context *ctx = p15card->card->ctx; + int r = 0, blob_size; + unsigned char *blob; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "file:%p, kinfo:%p, cinfo:%p", file, ki, ci); + blob_size = 2; + blob = malloc(blob_size); + if (!blob) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY, "AWP set key info failed: blob allocation error"); + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "label:%s",ki->label.value); + + *blob = (ki->flags >> 8) & 0xFF; + *(blob + 1) = ki->flags & 0xFF; + if (ci && ci->label.len) + r = awp_update_blob(ctx, &blob, &blob_size, &ci->label, TLV_TYPE_LLV); + else if (ci && !ci->label.len) + r = awp_update_blob(ctx, &blob, &blob_size, &ci->cn, TLV_TYPE_LLV); + else + r = awp_update_blob(ctx, &blob, &blob_size, &ki->label, TLV_TYPE_LLV); + if (r) + goto done; + + r = awp_update_blob(ctx, &blob, &blob_size, &ki->id, TLV_TYPE_LLV); + if (r) + goto done; + + r = awp_update_blob(ctx, &blob, &blob_size, &x30_lv, TLV_TYPE_V); + if (r) + goto done; + + if (ci) + r = awp_update_blob(ctx, &blob, &blob_size, &(ci->subject), TLV_TYPE_LLV); + else + r = awp_update_blob(ctx, &blob, &blob_size, &zero_lv, TLV_TYPE_LLV); + if (r) + goto done; + + if ((ki->flags & ~COSM_GENERATED) != COSM_TAG_PUBKEY_RSA) { + r = awp_update_blob(ctx, &blob, &blob_size, &ki->modulus, TLV_TYPE_V); + if (r) + goto done; + + r = awp_update_blob(ctx, &blob, &blob_size, &ki->exponent, TLV_TYPE_LV); + if (r) + goto done; + } + + file->size = blob_size; + r = sc_pkcs15init_create_file(profile, p15card, file); + if (r == SC_ERROR_FILE_ALREADY_EXISTS) { + r = cosm_delete_file(p15card, profile, file); + if (!r) + r = sc_pkcs15init_create_file(profile, p15card, file); + } + + if (r<0) + goto done; + + r = sc_pkcs15init_update_file(profile, p15card, file, blob, blob_size); + if (r < 0) + goto done; + + r = 0; +done: + if (blob) + free(blob); + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r); +} + + +static int +awp_encode_cert_info(struct sc_pkcs15_card *p15card, struct sc_pkcs15_object *obj, + struct awp_cert_info *ci) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_cert_info *cert_info; + struct sc_pkcs15_pubkey_rsa pubkey; + int r = 0; + unsigned char *buff = NULL, *ptr; + BIO *mem = NULL; + X509 *x = NULL; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + + ERR_load_ERR_strings(); + ERR_load_crypto_strings(); + + if (!obj || !ci) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS, "AWP encode cert failed: invalid parameters"); + + cert_info = (struct sc_pkcs15_cert_info *)obj->data; + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Encode cert(%s,id:%s,der(%p,%i))", obj->label, + sc_pkcs15_print_id(&cert_info->id), obj->content.value, obj->content.len); + memset(&pubkey, 0, sizeof(pubkey)); + + if (obj->label) { + ci->label.value = (unsigned char *)strdup(obj->label); + ci->label.len = strlen(obj->label); + } + + mem = BIO_new_mem_buf(obj->content.value, obj->content.len); + if (!mem) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_DATA, "AWP encode cert failed: invalid data"); + + x = d2i_X509_bio(mem, NULL); + if (!x) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_DATA, "AWP encode cert failed: x509 parse error"); + + buff = OPENSSL_malloc(i2d_X509(x,NULL) + EVP_MAX_MD_SIZE); + if (!buff) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY, "AWP encode cert failed: memory allocation error"); + + /* + * subject commonName. + */ + ptr = awp_get_commonName(x); + if (!ptr) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INTERNAL, "AWP encode cert failed: cannot get CommonName"); + ci->cn.value = ptr; + ci->cn.len = strlen((char *)ptr); + + /* + * subject DN + */ + ptr = buff; + r = i2d_X509_NAME(X509_get_subject_name(x),&ptr); + if (r<=0) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INTERNAL, "AWP encode cert failed: cannot get SubjectName"); + + ci->subject.value = malloc(r); + if (!ci->subject.value) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY, "AWP encode cert failed: subject allocation error"); + memcpy(ci->subject.value, buff, r); + ci->subject.len = r; + + /* + * issuer DN + */ + ptr = buff; + r = i2d_X509_NAME(X509_get_issuer_name(x),&ptr); + if (r <= 0) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INTERNAL, "AWP encode cert failed: cannot get IssuerName"); + + ci->issuer.value = malloc(r); + if (!ci->issuer.value) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY, "AWP encode cert failed: issuer allocation error"); + memcpy(ci->issuer.value, buff, r); + ci->issuer.len = r; + + /* + * ID + */ + ci->id.value = calloc(1, cert_info->id.len); + if (!ci->id.value) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY, "AWP encode cert failed: ID allocation error"); + memcpy(ci->id.value, cert_info->id.value, cert_info->id.len); + ci->id.len = cert_info->id.len; + + /* + * serial number + */ + do { + int encoded_len; + unsigned char encoded[0x40], *encoded_ptr; + + encoded_ptr = encoded; + encoded_len = i2c_ASN1_INTEGER(X509_get_serialNumber(x), &encoded_ptr); + + if (!(ci->serial.value = malloc(encoded_len + 3))) { + r = SC_ERROR_OUT_OF_MEMORY; + goto done; + } + + memcpy(ci->serial.value + 2, encoded, encoded_len); + *(ci->serial.value + 0) = V_ASN1_INTEGER; + *(ci->serial.value + 1) = encoded_len; + ci->serial.len = encoded_len + 2; + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "cert. serial encoded length %i", encoded_len); + } while (0); + + ci->x509 = X509_dup(x); +done: + ERR_print_errors_fp(stderr); + ERR_clear_error(); + ERR_free_strings(); + if (pubkey.exponent.data) free(pubkey.exponent.data); + if (pubkey.modulus.data) free(pubkey.modulus.data); + if (x) X509_free(x); + if (mem) BIO_free(mem); + if (buff) OPENSSL_free(buff); + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r); +} + + +static void +awp_free_cert_info(struct awp_cert_info *ci) +{ + if (ci->cn.len && ci->cn.value) + free(ci->cn.value); + + if (ci->id.len && ci->id.value) + free(ci->id.value); + + if (ci->subject.len && ci->subject.value) + free(ci->subject.value); + + if (ci->issuer.len && ci->issuer.value) + free(ci->issuer.value); + + if (ci->x509) + X509_free(ci->x509); + + memset(ci,0,sizeof(struct awp_cert_info)); +} + + +static int +awp_encode_data_info(struct sc_pkcs15_card *p15card, struct sc_pkcs15_object *obj, + struct awp_data_info *di) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_data_info *data_info; + int r = 0; + unsigned char *buf = NULL; + size_t buflen; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + + if (!obj || !di) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS, "AWP encode data failed: invalid parameters"); + + data_info = (struct sc_pkcs15_data_info *)obj->data; + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Encode data(%s,id:%s,der(%p,%i))", obj->label, + sc_pkcs15_print_id(&data_info->id), obj->content.value, obj->content.len); + + di->flags = 0x0000; + + if (obj->label) { + di->label.value = (unsigned char *)strdup(obj->label); + di->label.len = strlen(obj->label); + } + + di->app.len = strlen(data_info->app_label); + if (di->app.len) { + di->app.value = strdup(data_info->app_label); + if (!di->app.value) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY, + "AWP encode data failed: cannot allocate App.Label"); + } + + r = sc_asn1_encode_object_id(&buf, &buflen, &data_info->app_oid); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "AWP encode data failed: cannot encode OID"); + + di->oid.len = buflen + 2; + di->oid.value = malloc(di->oid.len); + if (!di->oid.value) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY, "AWP encode data failed: cannot allocate OID"); + + *(di->oid.value + 0) = 0x06; + *(di->oid.value + 1) = buflen; + memcpy(di->oid.value + 2, buf, buflen); + + free(buf); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r); +} + + +static void +awp_free_data_info(struct awp_data_info *di) +{ + if (di->label.len && di->label.value) + free(di->label.value); + + if (di->app.len && di->app.value) + free(di->app.value); + + if (di->oid.len && di->oid.value) + free(di->oid.value); + + memset(di, 0, sizeof(struct awp_data_info)); +} + + +static int +awp_set_data_info (struct sc_pkcs15_card *p15card, struct sc_profile *profile, + struct sc_file *file, struct awp_data_info *di) +{ + struct sc_context *ctx = p15card->card->ctx; + int r = 0, blob_size; + unsigned char *blob; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + sc_debug (ctx, SC_LOG_DEBUG_NORMAL, "Set 'DATA' info %p", di); + blob_size = 2; + if (!(blob = malloc(blob_size))) { + r = SC_ERROR_OUT_OF_MEMORY; + goto done; + } + *blob = (di->flags >> 8) & 0xFF; + *(blob + 1) = di->flags & 0xFF; + + r = awp_update_blob(ctx, &blob, &blob_size, &di->label, TLV_TYPE_LLV); + if (r) + goto done; + + r = awp_update_blob(ctx, &blob, &blob_size, &di->app, TLV_TYPE_LLV); + if (r) + goto done; + + r = awp_update_blob(ctx, &blob, &blob_size, &di->oid, TLV_TYPE_LLV); + if (r) + goto done; + + file->size = blob_size; + r = sc_pkcs15init_create_file(profile, p15card, file); + if (r) + goto done; + + r = sc_pkcs15init_update_file(profile, p15card, file, blob, blob_size); + if (r < 0) + goto done; + + r = 0; +done: + if (blob) + free(blob); + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r); +} + + +static int +awp_get_lv(struct sc_context *ctx, unsigned char *buf, size_t buf_len, + size_t offs, int len_len, + struct awp_lv *out) +{ + int len = 0, ii; + + if (buf_len - offs < 2) + return 0; + + if (len_len > 2) { + len = len_len; + len_len = 0; + } + else { + for (len=0, ii=0; iivalue) + free(out->value); + + out->value = malloc(len); + if (!out->value) + return SC_ERROR_OUT_OF_MEMORY; + memcpy(out->value, buf + offs + len_len, len); + out->len = len; + } + + return len_len + len; +} + + +static int +awp_parse_key_info(struct sc_context *ctx, unsigned char *buf, size_t buf_len, + struct awp_key_info *ikey) +{ + size_t offs; + int len; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + offs = 0; + + /* Flags */ + if (buf_len - offs < 2) + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); + ikey->flags = *(buf + offs) * 0x100 + *(buf + offs + 1); + offs += 2; + + /* Label */ + len = awp_get_lv(ctx, buf, buf_len, offs, 2, &ikey->label); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, len, "AWP parse key info failed: label"); + if (!len) + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); + offs += len; + + /* Ignore Key ID */ + len = awp_get_lv(ctx, buf, buf_len, offs, 2, &ikey->id); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, len, "AWP parse key info failed: ID"); + if (!len) + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); + offs += len; + + while (*(buf + offs) == '0') + offs++; + + /* Subject */ + len = awp_get_lv(ctx, buf, buf_len, offs, 2, &ikey->subject); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, len, "AWP parse key info failed: subject"); + if (!len) + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); + offs += len; + + /* Modulus */ + if (buf_len - offs > 64 && buf_len - offs < 128) + len = awp_get_lv(ctx, buf, buf_len, offs, 64, &ikey->modulus); + else if (buf_len - offs > 128 && buf_len - offs < 256) + len = awp_get_lv(ctx, buf, buf_len, offs, 128, &ikey->modulus); + else + len = awp_get_lv(ctx, buf, buf_len, offs, 256, &ikey->modulus); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, len, "AWP parse key info failed: modulus"); + if (!len) + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); + offs += len; + + /* Exponent */ + len = awp_get_lv(ctx, buf, buf_len, offs, 1, &ikey->exponent); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, len, "AWP parse key info failed: exponent"); + if (!len) + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); +} + + +static int +awp_update_key_info(struct sc_pkcs15_card *p15card, struct sc_profile *profile, + unsigned prvkey_id, struct awp_cert_info *ci) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_file *key_file=NULL, *info_file=NULL, *file=NULL; + struct awp_key_info ikey; + int rv = 0; + unsigned char *buf; + size_t buf_len; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + + rv = awp_new_file(p15card, profile, SC_PKCS15_TYPE_PRKEY_RSA, prvkey_id & 0xFF, &info_file, &key_file); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP update key info failed: instantiation error"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "key id %X; info id%X", key_file->id, info_file->id); + + rv = sc_pkcs15init_authenticate(profile, p15card, info_file, SC_AC_OP_READ); + if (rv) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "AWP update key info failed: 'READ' authentication error"); + goto done; + } + + rv = sc_select_file(p15card->card, &info_file->path, &file); + if (rv) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "AWP update key info failed: cannot select info file"); + goto done; + } + + buf = calloc(1,file->size); + if (!buf) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY, "AWP update key info failed: allocation error"); + + rv = sc_read_binary(p15card->card, 0, buf, file->size, 0); + if (rv < 0) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "AWP update key info failed: read info file error"); + goto done; + } + buf_len = rv; + + memset(&ikey, 0, sizeof(ikey)); + rv = awp_parse_key_info(ctx, buf, buf_len, &ikey); + if (rv < 0) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "AWP update key info failed: parse key info error"); + goto done; + } + free(buf); + + rv = awp_set_key_info(p15card, profile, info_file, &ikey, ci); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP update key info failed: set key info error"); +done: + sc_file_free(file); + sc_file_free(key_file); + sc_file_free(info_file); + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv); +} + + +static int +awp_update_df_create_cert(struct sc_pkcs15_card *p15card, struct sc_profile *profile, + struct sc_pkcs15_object *obj) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_file *info_file=NULL, *obj_file=NULL; + struct awp_cert_info icert; + struct sc_pkcs15_der der; + struct sc_path path; + unsigned prvkey_id, obj_id; + int rv; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + + der = obj->content; + path = ((struct sc_pkcs15_cert_info *)obj->data)->path; + obj_id = (path.value[path.len-1] & 0xFF) + (path.value[path.len-2] & 0xFF) * 0x100; + + rv = awp_new_file(p15card, profile, SC_PKCS15_TYPE_CERT_X509, obj_id & 0xFF, &info_file, &obj_file); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "COSM new file error"); + + memset(&icert, 0, sizeof(icert)); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Cert Der(%p,%i)", der.value, der.len); + rv = awp_encode_cert_info(p15card, obj, &icert); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "'Create Cert' update DF failed: cannot encode info"); + + rv = awp_set_certificate_info(p15card, profile, info_file, &icert); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "'Create Cert' update DF failed: cannot set info"); + + rv = awp_update_object_list(p15card, profile, SC_PKCS15_TYPE_CERT_X509, obj_id & 0xFF); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "'Create Cert' update DF failed: cannot update list"); + + rv = awp_update_container(p15card, profile, SC_PKCS15_TYPE_CERT_X509, &icert.id, obj_id, &prvkey_id); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "'Create Cert' update DF failed: cannot update container"); + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "PrvKeyID:%04X", prvkey_id); + + if (prvkey_id) + rv = awp_update_key_info(p15card, profile, prvkey_id, &icert); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "'Create Cert' update DF failed: cannot update key info"); + + awp_free_cert_info(&icert); + + if (info_file) + sc_file_free(info_file); + if (obj_file) + sc_file_free(obj_file); + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv); +} + + +static int +awp_update_df_create_prvkey(struct sc_pkcs15_card *p15card, struct sc_profile *profile, + struct sc_pkcs15_object *key_obj) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_pubkey pubkey; + struct sc_pkcs15_der der; + struct awp_key_info ikey; + struct awp_cert_info icert; + struct sc_file *info_file=NULL, *obj_file=NULL; + struct sc_pkcs15_prkey_info *key_info; + struct sc_pkcs15_object *cert_obj = NULL, *pubkey_obj = NULL; + struct sc_path path; + struct awp_crypto_container cc; + int rv; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + + key_info = (struct sc_pkcs15_prkey_info *)key_obj->data; + der = key_obj->content; + + memset(&cc, 0, sizeof(cc)); + path = key_info->path; + cc.prkey_id = (path.value[path.len-1] & 0xFF) + (path.value[path.len-2] & 0xFF) * 0x100; + + rv = sc_pkcs15_find_cert_by_id(p15card, &key_info->id, &cert_obj); + if (!rv) { + struct sc_pkcs15_cert_info *cert_info = (struct sc_pkcs15_cert_info *) cert_obj->data; + struct sc_pkcs15_cert *p15cert; + + path = cert_info->path; + cc.cert_id = (path.value[path.len-1] & 0xFF) + (path.value[path.len-2] & 0xFF) * 0x100; + + rv = sc_pkcs15_read_certificate(p15card, cert_info, &p15cert); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP 'update private key' DF failed: cannot get certificate"); + + rv = sc_pkcs15_allocate_object_content(cert_obj, p15cert->data, p15cert->data_len); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP 'update private key' DF failed: cannot allocate content"); + + rv = awp_encode_cert_info(p15card, cert_obj, &icert); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP 'update private key' DF failed: cannot encode cert info"); + + sc_pkcs15_free_certificate(p15cert); + } + + rv = sc_pkcs15_find_pubkey_by_id(p15card, &key_info->id, &pubkey_obj); + if (!rv) { + path = ((struct sc_pkcs15_cert_info *)pubkey_obj->data)->path; + cc.pubkey_id = (path.value[path.len-1] & 0xFF) + (path.value[path.len-2] & 0xFF) * 0x100; + } + + rv = awp_new_file(p15card, profile, key_obj->type, cc.prkey_id & 0xFF, &info_file, &obj_file); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "New private key info file error"); + + pubkey.algorithm = SC_ALGORITHM_RSA; + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "PrKey Der(%p,%i)", der.value, der.len); + rv = sc_pkcs15_decode_pubkey(ctx, &pubkey, der.value, der.len); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP 'update private key' DF failed: decode public key error"); + + memset(&ikey, 0, sizeof(ikey)); + rv = awp_encode_key_info(p15card, key_obj, &pubkey.u.rsa, &ikey); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP 'update private key' DF failed: encode info error"); + + rv = awp_set_key_info(p15card, profile, info_file, &ikey, cert_obj ? &icert : NULL); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP 'update private key' DF failed: set info error"); + + rv = awp_update_object_list(p15card, profile, key_obj->type, cc.prkey_id & 0xFF); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP 'update private key' DF failed: update object list error"); + + rv = awp_create_container(p15card, profile, key_obj->type, &ikey.id, &cc); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP 'update private key' DF failed: update container error"); + + if (cert_obj) + awp_free_cert_info(&icert); + + awp_free_key_info(&ikey); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv); +} + + +static int +awp_update_df_create_pubkey(struct sc_pkcs15_card *p15card, struct sc_profile *profile, + struct sc_pkcs15_object *obj) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_pubkey pubkey; + struct sc_pkcs15_der der; + struct awp_key_info ikey; + struct sc_file *info_file=NULL, *obj_file=NULL; + struct sc_path path; + unsigned obj_id; + int index, rv; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + + path = ((struct sc_pkcs15_pubkey_info *)obj->data)->path; + der = obj->content; + index = path.value[path.len-1] & 0xFF; + obj_id = (path.value[path.len-1] & 0xFF) + (path.value[path.len-2] & 0xFF) * 0x100; + + rv = awp_new_file(p15card, profile, obj->type, index, &info_file, &obj_file); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "New public key info file error"); + + pubkey.algorithm = SC_ALGORITHM_RSA; + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "PrKey Der(%p,%i)", der.value, der.len); + rv = sc_pkcs15_decode_pubkey(ctx, &pubkey, der.value, der.len); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP 'update public key' DF failed: decode public key error"); + + memset(&ikey, 0, sizeof(ikey)); + rv = awp_encode_key_info(p15card, obj, &pubkey.u.rsa, &ikey); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP 'update public key' DF failed: encode info error"); + + rv = awp_set_key_info(p15card, profile, info_file, &ikey, NULL); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP 'update public key' DF failed: set info error"); + + rv = awp_update_object_list(p15card, profile, obj->type, index); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP 'update public key' DF failed: update object list error"); + + rv = awp_update_container(p15card, profile, obj->type, &ikey.id, obj_id, NULL); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP 'update public key' DF failed: update container error"); + + awp_free_key_info(&ikey); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv); +} + + +static int +awp_update_df_create_data(struct sc_pkcs15_card *p15card, struct sc_profile *profile, + struct sc_pkcs15_object *obj) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_file *info_file=NULL, *obj_file=NULL; + struct awp_data_info idata; + struct sc_pkcs15_der der; + struct sc_path path; + unsigned obj_id, obj_type = obj->auth_id.len ? COSM_TYPE_PRIVDATA_OBJECT : SC_PKCS15_TYPE_DATA_OBJECT; + int rv; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + + der = obj->content; + path = ((struct sc_pkcs15_data_info *)obj->data)->path; + obj_id = (path.value[path.len-1] & 0xFF) + (path.value[path.len-2] & 0xFF) * 0x100; + + rv = awp_new_file(p15card, profile, obj_type, obj_id & 0xFF, &info_file, &obj_file); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "COSM new file error"); + + memset(&idata, 0, sizeof(idata)); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Data Der(%p,%i)", der.value, der.len); + rv = awp_encode_data_info(p15card, obj, &idata); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "'Create Data' update DF failed: cannot encode info"); + + rv = awp_set_data_info(p15card, profile, info_file, &idata); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "'Create Data' update DF failed: cannot set info"); + + rv = awp_update_object_list(p15card, profile, obj_type, obj_id & 0xFF); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "'Create Data' update DF failed: cannot update list"); + + awp_free_data_info(&idata); + + if (info_file) + sc_file_free(info_file); + if (obj_file) + sc_file_free(obj_file); + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv); +} + + +int +awp_update_df_create(struct sc_pkcs15_card *p15card, struct sc_profile *profile, + struct sc_pkcs15_object *object) +{ + struct sc_context *ctx = p15card->card->ctx; + int rv; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + if (!object) + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); + + switch (object->type) { + case SC_PKCS15_TYPE_AUTH_PIN: + rv = awp_update_df_create_pin(p15card, profile, object); + break; + case SC_PKCS15_TYPE_CERT_X509: + rv = awp_update_df_create_cert(p15card, profile, object); + break; + case SC_PKCS15_TYPE_PRKEY_RSA: + rv = awp_update_df_create_prvkey(p15card, profile, object); + break; + case SC_PKCS15_TYPE_PUBKEY_RSA: + rv = awp_update_df_create_pubkey(p15card, profile, object); + break; + case SC_PKCS15_TYPE_DATA_OBJECT: + rv = awp_update_df_create_data(p15card, profile, object); + break; + default: + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS, "'Create' update DF failed: unsupported object type"); + } + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv); +} + + +static int +awp_delete_from_container(struct sc_pkcs15_card *p15card, + struct sc_profile *profile, int type, int file_id) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_file *clist=NULL, *file=NULL; + unsigned rec, rec_len; + int rv = 0, ii; + unsigned char *buff=NULL; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "update container entry (type:%X,file-id:%X)", type, file_id); + + rv = awp_new_file(p15card, profile, COSM_CONTAINER_LIST, 0, &clist, NULL); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP update contaner entry: cannot get allocate AWP file"); + + rv = sc_select_file(p15card->card, &clist->path, &file); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP update contaner entry: cannot select container list file"); + + buff = malloc(file->record_length); + if (!buff) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY, "AWP update container entry: allocation error"); + + for (rec = 1; rec <= file->record_count; rec++) { + rv = sc_read_record(p15card->card, rec, buff, file->record_length, SC_RECORD_BY_REC_NR); + if (rv < 0) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "AWP update contaner entry: read record error %i", rv); + break; + } + rec_len = rv; + + for (ii=0; ii<12; ii+=2) + if (file_id == (*(buff+ii) * 0x100 + *(buff+ii+1))) + break; + if (ii==12) + continue; + + if (type == SC_PKCS15_TYPE_PRKEY_RSA || type == COSM_TYPE_PRKEY_RSA) + memset(buff + ii/6*6, 0, 6); + else + memset(buff + ii, 0, 2); + + if (!memcmp(buff,"\0\0\0\0\0\0\0\0\0\0\0\0",12)) { + rv = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_ERASE); + if (rv < 0) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "AWP update contaner entry: 'erase' authentication error %i", rv); + break; + } + + rv = sc_delete_record(p15card->card, rec); + if (rv < 0) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "AWP update contaner entry: delete record error %i", rv); + break; + } + } + else { + rv = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_UPDATE); + if (rv < 0) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "AWP update contaner entry: 'update' authentication error %i", rv); + break; + } + + rv = sc_update_record(p15card->card, rec, buff, rec_len, SC_RECORD_BY_REC_NR); + if (rv < 0) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "AWP update contaner entry: update record error %i", rv); + break; + } + } + } + + if (rv > 0) + rv = 0; + + if (buff) free(buff); + if (file) sc_file_free(file); + if (clist) sc_file_free(clist); + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv); +} + + +static int +awp_remove_from_object_list( struct sc_pkcs15_card *p15card, struct sc_profile *profile, + int type, unsigned int obj_id) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_file *lst_file=NULL, *lst=NULL; + int rv = 0, ii; + char lst_name[NAME_MAX_LEN]; + unsigned char *buff=NULL; + unsigned char id[2]; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "type %X; obj_id %X",type, obj_id); + + switch (type) { + case SC_PKCS15_TYPE_PRKEY_RSA: + case COSM_TYPE_PRKEY_RSA: + snprintf(lst_name, NAME_MAX_LEN,"%s-private-list", COSM_TITLE); + break; + case SC_PKCS15_TYPE_PUBKEY_RSA: + case SC_PKCS15_TYPE_CERT_X509: + case SC_PKCS15_TYPE_DATA_OBJECT: + case COSM_TYPE_PUBKEY_RSA: + snprintf(lst_name, NAME_MAX_LEN,"%s-public-list", COSM_TITLE); + break; + default: + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCORRECT_PARAMETERS, "AWP update object list: invalid type"); + } + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "AWP update object list: select '%s' file", lst_name); + rv = sc_profile_get_file(profile, lst_name, &lst_file); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP update object list: cannot instantiate list file"); + + rv = sc_select_file(p15card->card, &lst_file->path, &lst); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP update object list: cannot select list file"); + + rv = sc_pkcs15init_authenticate(profile, p15card, lst, SC_AC_OP_READ); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP update object list: 'read' authentication failed"); + + buff = malloc(lst->size); + if (!buff) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY, "AWP update object list: allocation error"); + + rv = sc_read_binary(p15card->card, 0, buff, lst->size, 0); + if (rv != lst->size) + goto done; + + id[0] = (obj_id >> 8) & 0xFF; + id[1] = obj_id & 0xFF; + for (ii=0; iisize; ii+=5) { + if (*(buff+ii)==0xFF && *(buff+ii+1)==id[0] && *(buff+ii+2)==id[1]) { + rv = sc_pkcs15init_authenticate(profile, p15card, lst, SC_AC_OP_UPDATE); + if (rv) + goto done; + + rv = sc_update_binary(p15card->card, ii, (unsigned char *)"\0", 1, 0); + if (rv && rv!=1) + rv = SC_ERROR_INVALID_CARD; + break; + } + } + + if (rv > 0) + rv = 0; +done: + if (buff) + free(buff); + if (lst) + sc_file_free(lst); + if (lst_file) + sc_file_free(lst_file); + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv); +} + + +static int +awp_update_df_delete_cert(struct sc_pkcs15_card *p15card, struct sc_profile *profile, + struct sc_pkcs15_object *obj) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_file *info_file = NULL; + struct sc_path path; + int rv = SC_ERROR_NOT_SUPPORTED; + unsigned file_id; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + + path = ((struct sc_pkcs15_cert_info *) obj->data)->path; + file_id = path.value[path.len-2] * 0x100 + path.value[path.len-1]; + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "file-id:%X", file_id); + + rv = awp_new_file(p15card, profile, obj->type, file_id & 0xFF, &info_file, NULL); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP 'delete cert' update DF failed: cannt get allocate new AWP file"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "info file-id:%X", info_file->id); + + rv = cosm_delete_file(p15card, profile, info_file); + if (rv != SC_ERROR_FILE_NOT_FOUND) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP 'delete cert' update DF failed: delete info file error"); + + rv = awp_delete_from_container(p15card, profile, obj->type, file_id); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP 'delete cert' update DF failed: cannot update container"); + + rv = awp_remove_from_object_list(p15card, profile, obj->type, file_id); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP 'delete cert' update DF failed: cannot remove object"); + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv); +} + + +static int +awp_update_df_delete_prvkey(struct sc_pkcs15_card *p15card, struct sc_profile *profile, + struct sc_pkcs15_object *obj) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_file *info_file = NULL; + struct sc_path path; + int rv = SC_ERROR_NOT_SUPPORTED; + unsigned file_id; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + + path = ((struct sc_pkcs15_prkey_info *) obj->data)->path; + file_id = path.value[path.len-2] * 0x100 + path.value[path.len-1]; + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "file-id:%X", file_id); + + rv = awp_new_file(p15card, profile, obj->type, file_id & 0xFF, &info_file, NULL); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP 'delete prkey' update DF failed: cannt get allocate new AWP file"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "info file-id:%X", info_file->id); + + rv = cosm_delete_file(p15card, profile, info_file); + if (rv != SC_ERROR_FILE_NOT_FOUND) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP 'delete prkey' update DF failed: delete info file error"); + + rv = awp_delete_from_container(p15card, profile, obj->type, file_id); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP 'delete prkey' update DF failed: cannot update container"); + + rv = awp_remove_from_object_list(p15card, profile, obj->type, file_id); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP 'delete prkey' update DF failed: cannot remove object"); + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv); +} + + +static int +awp_update_df_delete_pubkey(struct sc_pkcs15_card *p15card, struct sc_profile *profile, + struct sc_pkcs15_object *obj) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_file *info_file = NULL; + struct sc_path path; + int rv = SC_ERROR_NOT_SUPPORTED; + unsigned file_id; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + + path = ((struct sc_pkcs15_pubkey_info *) obj->data)->path; + file_id = path.value[path.len-2] * 0x100 + path.value[path.len-1]; + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "file-id:%X", file_id); + + rv = awp_new_file(p15card, profile, obj->type, file_id & 0xFF, &info_file, NULL); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP 'delete pubkey' update DF failed: cannt get allocate new AWP file"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "info file-id:%X", info_file->id); + + rv = cosm_delete_file(p15card, profile, info_file); + if (rv != SC_ERROR_FILE_NOT_FOUND) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP 'delete pubkey' update DF failed: delete info file error"); + + rv = awp_delete_from_container(p15card, profile, obj->type, file_id); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP 'delete pubkey' update DF failed: cannot update container"); + + rv = awp_remove_from_object_list(p15card, profile, obj->type, file_id); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP 'delete pubkey' update DF failed: cannot remove object"); + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv); +} + + +static int +awp_update_df_delete_data(struct sc_pkcs15_card *p15card, struct sc_profile *profile, + struct sc_pkcs15_object *obj) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_file *info_file = NULL; + struct sc_path path; + int rv = SC_ERROR_NOT_SUPPORTED; + unsigned file_id; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + + path = ((struct sc_pkcs15_data_info *) obj->data)->path; + file_id = path.value[path.len-2] * 0x100 + path.value[path.len-1]; + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "file-id:%X", file_id); + + rv = awp_new_file(p15card, profile, obj->type, file_id & 0xFF, &info_file, NULL); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP 'delete DATA' update DF failed: cannt get allocate new AWP file"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "info file-id:%X", info_file->id); + + rv = cosm_delete_file(p15card, profile, info_file); + if (rv != SC_ERROR_FILE_NOT_FOUND) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP 'delete DATA' update DF failed: delete info file error"); + + rv = awp_remove_from_object_list(p15card, profile, obj->type, file_id); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP 'delete DATA' update DF failed: cannot remove object"); + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv); +} + + +int +awp_update_df_delete(struct sc_pkcs15_card *p15card, struct sc_profile *profile, + struct sc_pkcs15_object *object) +{ + struct sc_context *ctx = p15card->card->ctx; + int rv; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); + if (!object) + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); + + switch (object->type) { + case SC_PKCS15_TYPE_CERT_X509: + rv = awp_update_df_delete_cert(p15card, profile, object); + break; + case SC_PKCS15_TYPE_PRKEY_RSA: + rv = awp_update_df_delete_prvkey(p15card, profile, object); + break; + case SC_PKCS15_TYPE_PUBKEY_RSA: + rv = awp_update_df_delete_pubkey(p15card, profile, object); + break; + case SC_PKCS15_TYPE_DATA_OBJECT: + rv = awp_update_df_delete_data(p15card, profile, object); + break; + default: + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS, "'Create' update DF failed: unsupported object type"); + } + + SC_FUNC_RETURN(ctx, 1, rv); +} + +#endif /* #ifdef ENABLE_OPENSSL */ diff -Nru opensc-0.11.13/src/pkcs15init/pkcs15-oberthur.c opensc-0.12.1/src/pkcs15init/pkcs15-oberthur.c --- opensc-0.11.13/src/pkcs15init/pkcs15-oberthur.c 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/pkcs15-oberthur.c 2011-05-17 17:07:00.000000000 +0000 @@ -2,8 +2,8 @@ * Oberthur specific operation for PKCS #15 initialization * * Copyright (C) 2002 Juha Yrjl - * Copyright (C) 2003 Idealx - * Viktor Tarasov + * Copyright (C) 2009 Viktor Tarasov , + * OpenTrust * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -20,91 +20,124 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif - +#include +#include #include #include #include #include -#ifdef ENABLE_OPENSSL -#include -#endif - -#include -#include -#include -#include "pkcs15-init.h" +#include "config.h" +#include "libopensc/opensc.h" +#include "libopensc/cardctl.h" +#include "libopensc/log.h" #include "profile.h" - -#include -#include -#include -#include +#include "pkcs15-init.h" +#include "pkcs15-oberthur.h" #define COSM_TITLE "OberthurAWP" -#define COSM_TLV_TAG 0x00 -#define COSM_LIST_TAG 0xFF -#define COSM_TAG_CONTAINER 0x0000 -#define COSM_TAG_CERT 0x0001 -#define COSM_TAG_PRVKEY_RSA 0x04B1 -#define COSM_TAG_PUBKEY_RSA 0x0349 -#define COSM_TAG_DES 0x0679 -#define COSM_TAG_DATA 0x0001 -#define COSM_IMPORTED 0x0000 -#define COSM_GENERATED 0x0004 - #define TLV_TYPE_V 0 -#define TLV_TYPE_LV 1 +#define TLV_TYPE_LV 1 #define TLV_TYPE_TLV 2 /* Should be greater then SC_PKCS15_TYPE_CLASS_MASK */ #define SC_DEVICE_SPECIFIC_TYPE 0x1000 -#define COSM_PUBLIC_LIST (SC_DEVICE_SPECIFIC_TYPE | 0x02) -#define COSM_PRIVATE_LIST (SC_DEVICE_SPECIFIC_TYPE | 0x03) -#define COSM_CONTAINER_LIST (SC_DEVICE_SPECIFIC_TYPE | 0x04) -#define COSM_TOKENINFO (SC_DEVICE_SPECIFIC_TYPE | 0x05) - #define COSM_TYPE_PRKEY_RSA (SC_DEVICE_SPECIFIC_TYPE | SC_PKCS15_TYPE_PRKEY_RSA) #define COSM_TYPE_PUBKEY_RSA (SC_DEVICE_SPECIFIC_TYPE | SC_PKCS15_TYPE_PUBKEY_RSA) -#define NOT_YET 1 +#define COSM_TOKEN_FLAG_PRN_GENERATION 0x01 +#define COSM_TOKEN_FLAG_LOGIN_REQUIRED 0x04 +#define COSM_TOKEN_FLAG_USER_PIN_INITIALIZED 0x08 +#define COSM_TOKEN_FLAG_TOKEN_INITIALIZED 0x0400 + +static int cosm_create_reference_data(struct sc_profile *, struct sc_pkcs15_card *, + struct sc_pkcs15_pin_info *, const unsigned char *, size_t, + const unsigned char *, size_t); +static int cosm_update_pin(struct sc_profile *, struct sc_pkcs15_card *, + struct sc_pkcs15_pin_info *, const unsigned char *, size_t, + const unsigned char *, size_t); + +static int +cosm_write_tokeninfo (struct sc_pkcs15_card *p15card, struct sc_profile *profile, + char *label, unsigned flags) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_file *file = NULL; + int rv; + size_t sz; + char *buffer = NULL; + + if (!p15card || !profile) + return SC_ERROR_INVALID_ARGUMENTS; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "cosm_write_tokeninfo() label '%s'; flags 0x%X", label, flags); + if (sc_profile_get_file(profile, COSM_TITLE"-token-info", &file)) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCONSISTENT_PROFILE, "Cannot find "COSM_TITLE"-token-info"); + + if (file->size < 16) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCONSISTENT_PROFILE, "Unsufficient size of the "COSM_TITLE"-token-info file"); + + buffer = calloc(1, file->size); + if (!buffer) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY, "Allocation error in cosm_write_tokeninfo()"); + + if (label) + strncpy(buffer, label, file->size - 4); + else if (p15card->tokeninfo->label) + snprintf(buffer, file->size - 4, "%s", p15card->tokeninfo->label); + else if (profile->p15_spec && profile->p15_spec->tokeninfo->label) + snprintf(buffer, file->size - 4, "%s", profile->p15_spec->tokeninfo->label); + else + snprintf(buffer, file->size - 4, "OpenSC-Token"); + + sz = strlen(buffer); + if (sz < file->size - 4) + memset(buffer + sz, ' ', file->size - sz); + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "cosm_write_tokeninfo() token label '%s'; oberthur flags 0x%X", buffer, flags); -static int cosm_update_pin(struct sc_profile *profile, sc_card_t *card, - struct sc_pkcs15_pin_info *info, const u8 *pin, size_t pin_len, - const u8 *puk, size_t puk_len); + memset(buffer + file->size - 4, 0, 4); + *(buffer + file->size - 1) = flags & 0xFF; + *(buffer + file->size - 2) = (flags >> 8) & 0xFF; + + rv = sc_pkcs15init_update_file(profile, p15card, file, buffer, file->size); + if (rv > 0) + rv = 0; + + free(buffer); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv); +} -int cosm_delete_file(sc_card_t *card, struct sc_profile *profile, - sc_file_t *df); -int cosm_delete_file(sc_card_t *card, struct sc_profile *profile, - sc_file_t *df) +int +cosm_delete_file(struct sc_pkcs15_card *p15card, struct sc_profile *profile, + struct sc_file *df) { - sc_path_t path; - sc_file_t *parent; + struct sc_context *ctx = p15card->card->ctx; + struct sc_path path; + struct sc_file *parent; int rv = 0; - SC_FUNC_CALLED(card->ctx, 1); - sc_debug(card->ctx, "id %04X\n", df->id); + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "id %04X", df->id); if (df->type==SC_FILE_TYPE_DF) { - rv = sc_pkcs15init_authenticate(profile, card, df, SC_AC_OP_DELETE); - SC_TEST_RET(card->ctx, rv, "Cannot authenticate SC_AC_OP_DELETE"); + rv = sc_pkcs15init_authenticate(profile, p15card, df, SC_AC_OP_DELETE); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot authenticate SC_AC_OP_DELETE"); } /* Select the parent DF */ path = df->path; path.len -= 2; - rv = sc_select_file(card, &path, &parent); - SC_TEST_RET(card->ctx, rv, "Cannnot select parent"); + rv = sc_select_file(p15card->card, &path, &parent); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannnot select parent"); - rv = sc_pkcs15init_authenticate(profile, card, parent, SC_AC_OP_DELETE); + rv = sc_pkcs15init_authenticate(profile, p15card, parent, SC_AC_OP_DELETE); sc_file_free(parent); - SC_TEST_RET(card->ctx, rv, "Cannnot authenticate SC_AC_OP_DELETE"); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannnot authenticate SC_AC_OP_DELETE"); memset(&path, 0, sizeof(path)); path.type = SC_PATH_TYPE_FILE_ID; @@ -112,50 +145,51 @@ path.value[1] = df->id & 0xFF; path.len = 2; - rv = sc_delete_file(card, &path); + rv = sc_delete_file(p15card->card, &path); - SC_FUNC_RETURN(card->ctx, 1, rv); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv); } /* * Erase the card */ -static int cosm_erase_card(struct sc_profile *profile, sc_card_t *card) +static int +cosm_erase_card(struct sc_profile *profile, struct sc_pkcs15_card *p15card) { - sc_file_t *df = profile->df_info->file, *dir; + struct sc_context *ctx = p15card->card->ctx; + struct sc_file *df = profile->df_info->file, *dir; int rv; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); /* Delete EF(DIR). This may not be very nice * against other applications that use this file, but * extremely useful for testing :) * Note we need to delete if before the DF because we create * it *after* the DF. * */ - sc_ctx_suppress_errors_on(card->ctx); if (sc_profile_get_file(profile, "DIR", &dir) >= 0) { - sc_debug(card->ctx, "erase file dir %04X\n",dir->id); - rv = cosm_delete_file(card, profile, dir); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "erase file dir %04X",dir->id); + rv = cosm_delete_file(p15card, profile, dir); sc_file_free(dir); if (rv < 0 && rv != SC_ERROR_FILE_NOT_FOUND) goto done; } - sc_debug(card->ctx, "erase file ddf %04X\n",df->id); - rv=cosm_delete_file(card, profile, df); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "erase file ddf %04X",df->id); + rv = cosm_delete_file(p15card, profile, df); if (sc_profile_get_file(profile, "private-DF", &dir) >= 0) { - sc_debug(card->ctx, "erase file dir %04X\n",dir->id); - rv = cosm_delete_file(card, profile, dir); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "erase file dir %04X",dir->id); + rv = cosm_delete_file(p15card, profile, dir); sc_file_free(dir); if (rv < 0 && rv != SC_ERROR_FILE_NOT_FOUND) goto done; } if (sc_profile_get_file(profile, "public-DF", &dir) >= 0) { - sc_debug(card->ctx, "erase file dir %04X\n",dir->id); - rv = cosm_delete_file(card, profile, dir); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "erase file dir %04X",dir->id); + rv = cosm_delete_file(p15card, profile, dir); sc_file_free(dir); if (rv < 0 && rv != SC_ERROR_FILE_NOT_FOUND) goto done; @@ -163,34 +197,28 @@ rv = sc_profile_get_file(profile, COSM_TITLE"-AppDF", &dir); if (!rv) { - sc_debug(card->ctx, "delete %s; r %i\n", COSM_TITLE"-AppDF", rv); - rv = cosm_delete_file(card, profile, dir); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "delete %s; r %i", COSM_TITLE"-AppDF", rv); + rv = cosm_delete_file(p15card, profile, dir); sc_file_free(dir); } + sc_free_apps(p15card->card); done: - sc_keycache_forget_key(NULL, -1, -1); - sc_ctx_suppress_errors_off(card->ctx); - - if (rv==SC_ERROR_FILE_NOT_FOUND) - rv=0; + if (rv == SC_ERROR_FILE_NOT_FOUND) + rv = 0; - SC_FUNC_RETURN(card->ctx, 1, rv); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv); } -/* - * Initialize the Application DF - */ -static int -cosm_init_app(struct sc_profile *profile, sc_card_t *card, - struct sc_pkcs15_pin_info *pinfo, - const u8 *pin, size_t pin_len, - const u8 *puk, size_t puk_len) +static int +cosm_create_dir(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct sc_file *df) { - int rv; + struct sc_context *ctx = p15card->card->ctx; + struct sc_file *file = NULL; size_t ii; - sc_file_t *file = NULL; + int rv; static const char *create_dfs[] = { COSM_TITLE"-AppDF", "private-DF", @@ -200,6 +228,7 @@ COSM_TITLE"-container-list", COSM_TITLE"-public-list", COSM_TITLE"-private-list", +#if 0 "PKCS15-AppDF", "PKCS15-ODF", "PKCS15-AODF", @@ -207,214 +236,231 @@ "PKCS15-PuKDF", "PKCS15-CDF", "PKCS15-DODF", +#endif NULL }; - SC_FUNC_CALLED(card->ctx, 1); - sc_debug(card->ctx, "pin_len %i; puk_len %i\n", pin_len, puk_len); - + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + +#if 0 + rv = sc_pkcs15init_create_file(profile, p15card, df); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to create DIR DF"); +#endif /* Oberthur AWP file system is expected.*/ /* Create private objects DF */ for (ii = 0; create_dfs[ii]; ii++) { if (sc_profile_get_file(profile, create_dfs[ii], &file)) { - sc_error(card->ctx, "Inconsistent profile: cannot find %s", create_dfs[ii]); - return SC_ERROR_INCONSISTENT_PROFILE; + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Inconsistent profile: cannot find %s", create_dfs[ii]); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCONSISTENT_PROFILE, "Profile do not contains Oberthur AWP file"); } - rv = sc_pkcs15init_create_file(profile, card, file); - sc_debug(card->ctx, "rv %i\n", rv); + rv = sc_pkcs15init_create_file(profile, p15card, file); sc_file_free(file); - if (rv && rv!=SC_ERROR_FILE_ALREADY_EXISTS) - SC_TEST_RET(card->ctx, rv, "sc_pkcs15init_create_file() failed"); + if (rv != SC_ERROR_FILE_ALREADY_EXISTS) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to create Oberthur AWP file"); } - SC_FUNC_RETURN(card->ctx, 1, SC_SUCCESS); + rv = cosm_write_tokeninfo(p15card, profile, NULL, + COSM_TOKEN_FLAG_TOKEN_INITIALIZED | COSM_TOKEN_FLAG_PRN_GENERATION); + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv); } -static int cosm_create_reference_data(struct sc_profile *profile, sc_card_t *card, + +static int +cosm_create_reference_data(struct sc_profile *profile, struct sc_pkcs15_card *p15card, struct sc_pkcs15_pin_info *pinfo, - const u8 *pin, size_t pin_len, const u8 *puk, size_t puk_len ) + const unsigned char *pin, size_t pin_len, + const unsigned char *puk, size_t puk_len ) { - int rv; - int puk_buff_len = 0; - unsigned char *puk_buff = NULL; - sc_pkcs15_pin_info_t profile_pin; - sc_pkcs15_pin_info_t profile_puk; + struct sc_context *ctx = p15card->card->ctx; + struct sc_card *card = p15card->card; + struct sc_pkcs15_pin_info profile_pin; + struct sc_pkcs15_pin_info profile_puk; struct sc_cardctl_oberthur_createpin_info args; + unsigned char *puk_buff = NULL; + int rv; + unsigned char oberthur_puk[16] = { + 0x6F, 0x47, 0xD9, 0x88, 0x4B, 0x6F, 0x9D, 0xC5, + 0x78, 0x33, 0x79, 0x8F, 0x5B, 0x7D, 0xE1, 0xA5 + }; - SC_FUNC_CALLED(card->ctx, 1); - sc_debug(card->ctx, "pin lens %i/%i\n", pin_len, puk_len); + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "pin lens %i/%i", pin_len, puk_len); if (!pin || pin_len>0x40) return SC_ERROR_INVALID_ARGUMENTS; if (puk && !puk_len) return SC_ERROR_INVALID_ARGUMENTS; rv = sc_select_file(card, &pinfo->path, NULL); - SC_TEST_RET(card->ctx, rv, "Cannot select file"); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot select file"); sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PIN, &profile_pin); - if (profile_pin.max_length > 0x100) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INCONSISTENT_PROFILE); + sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PUK, &profile_puk); - if (puk) { - int ii, jj; - const unsigned char *ptr = puk; - - puk_buff = (unsigned char *) malloc(0x100); - if (!puk_buff) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_MEMORY_FAILURE); - - sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PUK, &profile_puk); - if (profile_puk.max_length > 0x100) { - free(puk_buff); - return SC_ERROR_INCONSISTENT_PROFILE; - } - memset(puk_buff, profile_puk.pad_char, 0x100); - for (ii=0; ii<8 && (size_t)(ptr-puk) < puk_len && (*ptr); ii++) { - jj = 0; - while (isalnum(*ptr) && jj<16) { - *(puk_buff + ii*0x10 + jj++) = *ptr; - ++ptr; - } - while(!isalnum(*ptr) && (*ptr)) - ++ptr; - } - - puk_buff_len = ii*0x10; - } - - sc_debug(card->ctx, "pinfo->reference %i; tries %i\n", - pinfo->reference, profile_pin.tries_left); - - sc_debug(card->ctx, "sc_card_ctl %s\n","SC_CARDCTL_OBERTHUR_CREATE_PIN"); + memset(&args, 0, sizeof(args)); args.type = SC_AC_CHV; args.ref = pinfo->reference; args.pin = pin; args.pin_len = pin_len; - args.pin_tries = profile_pin.tries_left; - args.puk = puk_buff; - args.puk_len = puk_buff_len; - args.puk_tries = profile_puk.tries_left; - - rv = sc_card_ctl(card, SC_CARDCTL_OBERTHUR_CREATE_PIN, &args); + + if (!(pinfo->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)) { + args.pin_tries = profile_pin.tries_left; + if (profile_puk.tries_left > 0) { + args.puk = oberthur_puk; + args.puk_len = sizeof(oberthur_puk); + args.puk_tries = 5; + } + } + else { + args.pin_tries = profile_puk.tries_left; + } + + rv = sc_card_ctl(card, SC_CARDCTL_OBERTHUR_CREATE_PIN, &args); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "'CREATE_PIN' card specific command failed"); + + if (!(pinfo->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN) && (profile_puk.tries_left > 0)) { + struct sc_file *file = NULL; + + if (sc_profile_get_file(profile, COSM_TITLE"-puk-file", &file)) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCONSISTENT_PROFILE, "Cannot find PUKFILE"); + + rv = sc_pkcs15init_update_file(profile, p15card, file, oberthur_puk, sizeof(oberthur_puk)); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to update pukfile"); + + if (file) + sc_file_free(file); + } if (puk_buff) free(puk_buff); - SC_FUNC_RETURN(card->ctx, 1, rv); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv); } + /* * Update PIN */ -static int cosm_update_pin(struct sc_profile *profile, sc_card_t *card, - struct sc_pkcs15_pin_info *pinfo, const u8 *pin, size_t pin_len, - const u8 *puk, size_t puk_len ) +static int +cosm_update_pin(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct sc_pkcs15_pin_info *pinfo, const unsigned char *pin, size_t pin_len, + const unsigned char *puk, size_t puk_len ) { + struct sc_context *ctx = p15card->card->ctx; int rv; - int tries_left = -1; - SC_FUNC_CALLED(card->ctx, 1); - sc_debug(card->ctx, "ref %i; flags %X\n", pinfo->reference, pinfo->flags); + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "ref %i; flags 0x%X", pinfo->reference, pinfo->flags); if (pinfo->flags & SC_PKCS15_PIN_FLAG_SO_PIN) { - sc_error(card->ctx,"Pin references should be only in the profile" - "and in the card-oberthur.\n"); if (pinfo->reference != 4) - return SC_ERROR_INVALID_PIN_REFERENCE; - - rv = sc_change_reference_data(card, SC_AC_CHV, pinfo->reference, puk, puk_len, - pin, pin_len, &tries_left); - sc_debug(card->ctx, "return value %X; tries left %i\n", rv, tries_left); - if (tries_left != -1) - sc_error(card->ctx, "Failed to change reference data for soPin: rv %X", rv); - + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_PIN_REFERENCE, "cosm_update_pin() invalid SOPIN reference"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Update SOPIN ignored"); + rv = SC_SUCCESS; } else { - rv = cosm_create_reference_data(profile, card, pinfo, + rv = cosm_create_reference_data(profile, p15card, pinfo, pin, pin_len, puk, puk_len); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "cosm_update_pin() failed to change PIN"); + + rv = cosm_write_tokeninfo(p15card, profile, NULL, + COSM_TOKEN_FLAG_TOKEN_INITIALIZED + | COSM_TOKEN_FLAG_PRN_GENERATION + | COSM_TOKEN_FLAG_LOGIN_REQUIRED + | COSM_TOKEN_FLAG_USER_PIN_INITIALIZED); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "cosm_update_pin() failed to update tokeninfo"); } - SC_FUNC_RETURN(card->ctx, 1, rv); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv); } + static int -cosm_select_pin_reference(sc_profile_t *profile, sc_card_t *card, - sc_pkcs15_pin_info_t *pin_info) +cosm_select_pin_reference(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct sc_pkcs15_pin_info *pin_info) { - sc_file_t *pinfile; + struct sc_context *ctx = p15card->card->ctx; + struct sc_file *pinfile; - SC_FUNC_CALLED(card->ctx, 1); - sc_debug(card->ctx, "ref %i; flags %X\n", pin_info->reference, pin_info->flags); - if (sc_profile_get_file(profile, COSM_TITLE "-AppDF", &pinfile) < 0) { - sc_error(card->ctx, "Profile doesn't define \"%s\"", COSM_TITLE "-AppDF"); + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "ref %i; flags %X", pin_info->reference, pin_info->flags); + if (sc_profile_get_file(profile, COSM_TITLE "-AppDF", &pinfile) < 0) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Profile doesn't define \"%s\"", COSM_TITLE "-AppDF"); return SC_ERROR_INCONSISTENT_PROFILE; } - pin_info->path = pinfile->path; + if (pin_info->flags & SC_PKCS15_PIN_FLAG_LOCAL) + pin_info->path = pinfile->path; + sc_file_free(pinfile); - if (!pin_info->reference) { + if (pin_info->reference <= 0) { if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) - pin_info->reference = 4; + pin_info->reference = 4; + else if (pin_info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN) + pin_info->reference = 4; else - pin_info->reference = 1; - } + pin_info->reference = 1; - if (pin_info->reference < 0 || pin_info->reference > 4) - return SC_ERROR_INVALID_PIN_REFERENCE; + if (pin_info->flags & SC_PKCS15_PIN_FLAG_LOCAL) + pin_info->reference |= 0x80; + } - SC_FUNC_RETURN(card->ctx, 1, SC_SUCCESS); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); } + /* * Store a PIN */ static int -cosm_create_pin(sc_profile_t *profile, sc_card_t *card, sc_file_t *df, - sc_pkcs15_object_t *pin_obj, +cosm_create_pin(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct sc_file *df, struct sc_pkcs15_object *pin_obj, const unsigned char *pin, size_t pin_len, const unsigned char *puk, size_t puk_len) { - sc_pkcs15_pin_info_t *pinfo = (sc_pkcs15_pin_info_t *) pin_obj->data; - sc_file_t *pinfile; - int rv = 0, type; - - SC_FUNC_CALLED(card->ctx, 1); - sc_debug(card->ctx, "ref %i; flags %X\n", pinfo->reference, pinfo->flags); - if (sc_profile_get_file(profile, COSM_TITLE "-AppDF", &pinfile) < 0) { - sc_error(card->ctx, "Profile doesn't define \"%s\"", COSM_TITLE "-AppDF"); - return SC_ERROR_INCONSISTENT_PROFILE; - } - - pinfo->path = pinfile->path; - sc_file_free(pinfile); - - if (pinfo->flags & SC_PKCS15_PIN_FLAG_SO_PIN) { - type = SC_PKCS15INIT_SO_PIN; + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_pin_info *pin_info = (struct sc_pkcs15_pin_info *) pin_obj->data; + struct sc_file *pin_file; + int rv = 0; - if (pinfo->reference != 4) - return SC_ERROR_INVALID_ARGUMENTS; + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "create '%s'; ref 0x%X; flags %X", pin_obj->label, pin_info->reference, pin_info->flags); + if (sc_profile_get_file(profile, COSM_TITLE "-AppDF", &pin_file) < 0) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCONSISTENT_PROFILE, "\""COSM_TITLE"-AppDF\" not defined"); + + if (pin_info->flags & SC_PKCS15_PIN_FLAG_LOCAL) + pin_info->path = pin_file->path; + + sc_file_free(pin_file); + + if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) { + if (pin_info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN) { + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "SOPIN unblocking is not supported"); + } + else { + if (pin_info->reference != 4) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_PIN_REFERENCE, "Invalid SOPIN reference"); + } } else { - type = SC_PKCS15INIT_USER_PIN; - - if (pinfo->reference !=1 && pinfo->reference != 2) - return SC_ERROR_INVALID_PIN_REFERENCE; + if (pin_info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN) { + if (pin_info->reference != 0x84) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_PIN_REFERENCE, "Invalid User PUK reference"); + } + else { + if (pin_info->reference != 0x81) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_PIN_REFERENCE, "Invalid User PIN reference"); + } } if (pin && pin_len) { - rv = cosm_update_pin(profile, card, pinfo, pin, pin_len, puk, puk_len); + rv = cosm_update_pin(profile, p15card, pin_info, pin, pin_len, puk, puk_len); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Update PIN failed"); } - else { - sc_debug(card->ctx, "User PIN not updated"); - } - sc_debug(card->ctx, "return %i\n", rv); - - sc_keycache_set_pin_name(&pinfo->path, pinfo->reference, type); - pinfo->flags &= ~SC_PKCS15_PIN_FLAG_LOCAL; - SC_FUNC_RETURN(card->ctx, 1, rv); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv); } @@ -422,15 +468,15 @@ * Allocate a file */ static int -cosm_new_file(struct sc_profile *profile, sc_card_t *card, - unsigned int type, unsigned int num, sc_file_t **out) +cosm_new_file(struct sc_profile *profile, struct sc_card *card, + unsigned int type, unsigned int num, struct sc_file **out) { struct sc_file *file; const char *_template = NULL, *desc = NULL; unsigned int structure = 0xFFFFFFFF; - SC_FUNC_CALLED(card->ctx, 1); - sc_debug(card->ctx, "type %X; num %i\n",type, num); + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "cosm_new_file() type %X; num %i",type, num); while (1) { switch (type) { case SC_PKCS15_TYPE_PRKEY_RSA: @@ -449,10 +495,6 @@ desc = "DSA public key"; _template = "template-public-key"; break; - case SC_PKCS15_TYPE_PRKEY: - desc = "extractable private key"; - _template = "template-extractable-key"; - break; case SC_PKCS15_TYPE_CERT: desc = "certificate"; _template = "template-certificate"; @@ -469,844 +511,370 @@ * the generic class (SC_PKCS15_TYPE_CERT) */ if (!(type & ~SC_PKCS15_TYPE_CLASS_MASK)) { - sc_error(card->ctx, "File type %X not supported by card driver", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "File type %X not supported by card driver", type); return SC_ERROR_INVALID_ARGUMENTS; } type &= SC_PKCS15_TYPE_CLASS_MASK; } - sc_debug(card->ctx, "template %s; num %i\n",_template, num); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "cosm_new_file() template %s; num %i",_template, num); if (sc_profile_get_file(profile, _template, &file) < 0) { - sc_error(card->ctx, "Profile doesn't define %s template '%s'\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Profile doesn't define %s template '%s'", desc, _template); - return SC_ERROR_NOT_SUPPORTED; + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED); } - + file->id |= (num & 0xFF); file->path.value[file->path.len-1] |= (num & 0xFF); if (file->type == SC_FILE_TYPE_INTERNAL_EF) { file->ef_structure = structure; } - sc_debug(card->ctx, "file size %i; ef type %i/%i; id %04X\n",file->size, + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "cosm_new_file() file size %i; ef type %i/%i; id %04X",file->size, file->type, file->ef_structure, file->id); *out = file; - SC_FUNC_RETURN(card->ctx, 1, SC_SUCCESS); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); } -/* - * RSA key generation - */ static int -cosm_old_generate_key(struct sc_profile *profile, sc_card_t *card, - unsigned int idx, unsigned int keybits, - sc_pkcs15_pubkey_t *pubkey, - struct sc_pkcs15_prkey_info *info) +cosm_get_temporary_public_key_file(struct sc_card *card, + struct sc_file *prvkey_file, struct sc_file **pubkey_file) { + struct sc_context *ctx = card->ctx; + const struct sc_acl_entry *entry = NULL; + struct sc_file *file = NULL; + int rv; + + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + if (!pubkey_file || !prvkey_file) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS); + + file = sc_file_new(); + if (!file) + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); + + file->status = SC_FILE_STATUS_ACTIVATED; + file->type = SC_FILE_TYPE_INTERNAL_EF; + file->ef_structure = SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC; + file->id = 0x1012; + memcpy(&file->path, &prvkey_file->path, sizeof(file->path)); + file->path.value[file->path.len - 2] = 0x10; + file->path.value[file->path.len - 1] = 0x12; + file->size = prvkey_file->size; + + entry = sc_file_get_acl_entry(prvkey_file, SC_AC_OP_UPDATE); + rv = sc_file_add_acl_entry(file, SC_AC_OP_UPDATE, entry->method, entry->key_ref); + if (!rv) + rv = sc_file_add_acl_entry(file, SC_AC_OP_PSO_ENCRYPT, SC_AC_NONE, 0); + if (!rv) + rv = sc_file_add_acl_entry(file, SC_AC_OP_PSO_VERIFY_SIGNATURE, SC_AC_NONE, 0); + if (!rv) + rv = sc_file_add_acl_entry(file, SC_AC_OP_EXTERNAL_AUTHENTICATE, SC_AC_NONE, 0); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to add ACL entry to the temporary public key file"); + + *pubkey_file = file; + + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, rv); +} + + +static int +cosm_generate_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct sc_pkcs15_object *object, + struct sc_pkcs15_pubkey *pubkey) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_prkey_info *key_info = (struct sc_pkcs15_prkey_info *)object->data; struct sc_cardctl_oberthur_genkey_info args; - struct sc_file *prkf = NULL, *tmpf = NULL; + struct sc_file *prkf = NULL, *tmpf = NULL; struct sc_path path; - int rv; + int rv = 0; - SC_FUNC_CALLED(card->ctx, 1); - sc_debug(card->ctx, "index %i; nn %i\n", idx, keybits); - if (keybits < 512 || keybits > 2048 || (keybits%0x20)) { - sc_error(card->ctx, "Unsupported key size %u\n", keybits); - return SC_ERROR_INVALID_ARGUMENTS; - } - - /* Get private key file from profile. */ - if ((rv = cosm_new_file(profile, card, SC_PKCS15_TYPE_PRKEY_RSA, idx, - &prkf)) < 0) - goto failed; - sc_debug(card->ctx, "prv ef type 0x%X\n",prkf->ef_structure); - prkf->size = keybits; - - /* Access condition of private object DF. */ - path = prkf->path; + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + + if (object->type != SC_PKCS15_TYPE_PRKEY_RSA) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "Generate key failed: RSA only supported"); + + path = key_info->path; path.len -= 2; - rv = sc_select_file(card, &path, &tmpf); - SC_TEST_RET(card->ctx, rv, "Generate RSA: no private object DF"); + rv = sc_select_file(p15card->card, &path, &tmpf); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot generate key: failed to select private object DF"); + + rv = sc_pkcs15init_authenticate(profile, p15card, tmpf, SC_AC_OP_CRYPTO); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot generate key: 'CRYPTO' authentication failed"); - rv = sc_pkcs15init_authenticate(profile, card, tmpf, SC_AC_OP_CRYPTO); - sc_debug(card->ctx, "rv %i\n",rv); - if (rv < 0) - goto failed; - - rv = sc_pkcs15init_authenticate(profile, card, tmpf, SC_AC_OP_CREATE); - sc_debug(card->ctx, "rv %i\n",rv); - if (rv < 0) - goto failed; + rv = sc_pkcs15init_authenticate(profile, p15card, tmpf, SC_AC_OP_CREATE); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot generate key: 'CREATE' authentication failed"); sc_file_free(tmpf); + + rv = sc_select_file(p15card->card, &key_info->path, &prkf); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to generate key: cannot select private key file"); /* In the private key DF create the temporary public RSA file. */ - sc_debug(card->ctx, "ready to create public key\n"); - sc_file_dup(&tmpf, prkf); - if (tmpf == NULL) { - rv = SC_ERROR_OUT_OF_MEMORY; - goto failed; - } - tmpf->type = SC_FILE_TYPE_INTERNAL_EF; - tmpf->ef_structure = SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC; - tmpf->id = 0x1012; - tmpf->path.value[tmpf->path.len - 2] = 0x10; - tmpf->path.value[tmpf->path.len - 1] = 0x12; - - rv = sc_pkcs15init_create_file(profile, card, prkf); - sc_debug(card->ctx, "rv %i\n",rv); - if (rv) { - sc_debug(card->ctx, "prkf create file failed\n"); - goto failed; - } - - rv = sc_pkcs15init_create_file(profile, card, tmpf); - sc_debug(card->ctx, "rv %i\n",rv); - if (rv) { - sc_debug(card->ctx, "pubf create failed\n"); - goto failed; - } + rv = cosm_get_temporary_public_key_file(p15card->card, prkf, &tmpf); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Error while getting temporary public key file"); + + rv = sc_pkcs15init_create_file(profile, p15card, tmpf); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "cosm_generate_key() failed to create temporary public key EF"); memset(&args, 0, sizeof(args)); args.id_prv = prkf->id; args.id_pub = tmpf->id; args.exponent = 0x10001; - args.key_bits = keybits; - args.pubkey_len = keybits/8; - args.pubkey = (unsigned char *) malloc(keybits/8); - if (!args.pubkey) { - rv = SC_ERROR_OUT_OF_MEMORY; - goto failed; - } + args.key_bits = key_info->modulus_length; + args.pubkey_len = key_info->modulus_length / 8; + args.pubkey = malloc(key_info->modulus_length / 8); + if (!args.pubkey) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY, "cosm_generate_key() cannot allocate pubkey"); - rv = sc_card_ctl(card, SC_CARDCTL_OBERTHUR_GENERATE_KEY, &args); - if (rv < 0) - goto failed; + rv = sc_card_ctl(p15card->card, SC_CARDCTL_OBERTHUR_GENERATE_KEY, &args); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "cosm_generate_key() CARDCTL_OBERTHUR_GENERATE_KEY failed"); /* extract public key */ pubkey->algorithm = SC_ALGORITHM_RSA; - pubkey->u.rsa.modulus.len = keybits / 8; - pubkey->u.rsa.modulus.data = (u8 *) malloc(keybits / 8); - if (!pubkey->u.rsa.modulus.data) { - rv = SC_ERROR_MEMORY_FAILURE; - goto failed; - } + pubkey->u.rsa.modulus.len = key_info->modulus_length / 8; + pubkey->u.rsa.modulus.data = malloc(key_info->modulus_length / 8); + if (!pubkey->u.rsa.modulus.data) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY, "cosm_generate_key() cannot allocate modulus buf"); /* FIXME and if the exponent length is not 3? */ pubkey->u.rsa.exponent.len = 3; - pubkey->u.rsa.exponent.data = (u8 *) malloc(3); - if (!pubkey->u.rsa.exponent.data) { - rv = SC_ERROR_MEMORY_FAILURE; - goto failed; - } + pubkey->u.rsa.exponent.data = malloc(3); + if (!pubkey->u.rsa.exponent.data) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY, "cosm_generate_key() cannot allocate exponent buf"); memcpy(pubkey->u.rsa.exponent.data, "\x01\x00\x01", 3); memcpy(pubkey->u.rsa.modulus.data, args.pubkey, args.pubkey_len); -#ifndef NOT_YET - rv = sc_pkcs15_encode_pubkey(card->ctx, pubkey, &info->value.value, &info->value.len); - sc_debug(card->ctx, "rv %i\n",rv); - if (rv) { - sc_debug(card->ctx, "rv %i\n", rv); - goto failed; - } -#endif - info->key_reference = 1; - info->path = prkf->path; + key_info->key_reference = prkf->path.value[prkf->path.len - 1] & 0xFF; + key_info->path = prkf->path; - if (rv) { - sc_debug(card->ctx, "rv %i\n", rv); - goto failed; - } + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "cosm_generate_key() now delete temporary public key"); + rv = cosm_delete_file(p15card, profile, tmpf); - sc_debug(card->ctx, "delete temporary public key\n"); - if ((rv = cosm_delete_file(card, profile, tmpf))) - goto failed; - -failed: - if (tmpf) sc_file_free(tmpf); - if (prkf) sc_file_free(prkf); + sc_file_free(tmpf); + sc_file_free(prkf); - SC_FUNC_RETURN(card->ctx, 1, rv); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv); } /* - * Store a private key + * Create private key file */ static int -cosm_new_key(struct sc_profile *profile, sc_card_t *card, - struct sc_pkcs15_prkey *key, unsigned int idx, - struct sc_pkcs15_prkey_info *info) +cosm_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct sc_pkcs15_object *object) { - sc_file_t *prvfile = NULL; - struct sc_pkcs15_prkey_rsa *rsa = NULL; -#ifndef NOT_YET - sc_pkcs15_pubkey_t pubkey; -#endif - int rv; - char pbuf[SC_MAX_PATH_STRING_SIZE]; - struct sc_cardctl_oberthur_updatekey_info update_info; - - SC_FUNC_CALLED(card->ctx, 1); - sc_debug(card->ctx, "index %i; id %s\n", idx, sc_pkcs15_print_id(&info->id)); - if (key->algorithm != SC_ALGORITHM_RSA) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_NOT_SUPPORTED); - - /* Create and populate the private part. */ - rv = cosm_new_file(profile, card, SC_PKCS15_TYPE_PRKEY_RSA, idx, - &prvfile); - SC_TEST_RET(card->ctx, rv, "Update RSA: cosm_new_file failed"); - - rv = sc_path_print(pbuf, sizeof(pbuf), &prvfile->path); - sc_debug(card->ctx, "rv %i\n", rv); - if (rv != SC_SUCCESS) - pbuf[0] = '\0'; - sc_debug(card->ctx, " prvfile->id %i; path=%s\n", prvfile->id, pbuf); - - rsa = &key->u.rsa; - - prvfile->size = rsa->modulus.len << 3; - - rv = sc_select_file(card, &prvfile->path, NULL); - sc_debug(card->ctx, "rv %i", rv); - if (rv==SC_ERROR_FILE_NOT_FOUND) { - sc_debug(card->ctx, "Before create file"); - rv = sc_pkcs15init_create_file(profile, card, prvfile); - } - SC_TEST_RET(card->ctx, rv, "Update RSA: select/create key file failed"); - - rv = sc_pkcs15init_authenticate(profile, card, prvfile, SC_AC_OP_UPDATE); - SC_TEST_RET(card->ctx, rv, "Update RSA: no authorisation"); - -#ifdef ENABLE_OPENSSL - if (!info->id.len) { - SHA1(rsa->modulus.data, rsa->modulus.len, info->id.value); - info->id.len = SHA_DIGEST_LENGTH; - sc_debug(card->ctx, "ID: %s\n", sc_pkcs15_print_id(&info->id)); - } -#endif - - if (info->id.len > sizeof(update_info.id)) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); - - memset(&update_info, 0, sizeof(update_info)); - update_info.type = SC_CARDCTL_OBERTHUR_KEY_RSA_CRT; - update_info.data = (void *)rsa; - update_info.data_len = sizeof(void *); - update_info.id_len = info->id.len; - memcpy(update_info.id, info->id.value, update_info.id_len); - - rv = sc_card_ctl(card, SC_CARDCTL_OBERTHUR_UPDATE_KEY, &update_info); - SC_TEST_RET(card->ctx, rv, "Update KEY failed"); - - info->path = prvfile->path; - info->modulus_length = rsa->modulus.len << 3; + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_prkey_info *key_info = (struct sc_pkcs15_prkey_info *)object->data; + struct sc_file *file = NULL; + int rv = 0; -#ifndef NOT_YET - /* extract public key */ - pubkey.algorithm = SC_ALGORITHM_RSA; - pubkey.u.rsa.modulus.len = rsa->modulus.len; - pubkey.u.rsa.modulus.data = (u8 *) malloc(rsa->modulus.len); - if (!pubkey.u.rsa.modulus.data) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_MEMORY_FAILURE); - - pubkey.u.rsa.exponent.len = rsa->exponent.len; - pubkey.u.rsa.exponent.data = (u8 *) malloc(rsa->exponent.len); - if (!pubkey.u.rsa.exponent.data) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_MEMORY_FAILURE); - - memcpy(pubkey.u.rsa.exponent.data, rsa->exponent.data, rsa->exponent.len); - memcpy(pubkey.u.rsa.modulus.data, rsa->modulus.data, rsa->modulus.len); + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + if (object->type != SC_PKCS15_TYPE_PRKEY_RSA) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "Create key failed: RSA only supported"); - rv = sc_pkcs15_encode_pubkey(card->ctx, &pubkey, &info->value.value, &info->value.len); - SC_TEST_RET(card->ctx, rv, "Update RSA: encode public key failed"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "create private key ID:%s", sc_pkcs15_print_id(&key_info->id)); + /* Here, the path of private key file should be defined. + * Neverthelles, we need to instanciate private key to get the ACLs. */ + rv = cosm_new_file(profile, p15card->card, SC_PKCS15_TYPE_PRKEY_RSA, key_info->key_reference, &file); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot create key: failed to allocate new key object"); - free(pubkey.u.rsa.modulus.data); - free(pubkey.u.rsa.exponent.data); -#endif + file->size = key_info->modulus_length; + memcpy(&file->path, &key_info->path, sizeof(file->path)); + file->id = file->path.value[file->path.len - 2] * 0x100 + + file->path.value[file->path.len - 1]; - if (prvfile) - sc_file_free(prvfile); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Path of private key file to create %s", sc_print_path(&file->path)); - SC_FUNC_RETURN(card->ctx, 1, rv); -} - -#ifdef COSM_EXTENDED -static int -cosm_delete_object (struct sc_profile *profile, struct sc_card *card, - unsigned int type, const void *data, const sc_path_t *path) -{ - struct sc_file *file = sc_file_new(); - int rv; + rv = sc_select_file(p15card->card, &file->path, NULL); + if (rv == 0) { + rv = cosm_delete_file(p15card, profile, file); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to delete private key file"); + } + else if (rv != SC_ERROR_FILE_NOT_FOUND) { + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Select private key file error"); + } + + rv = sc_pkcs15init_create_file(profile, p15card, file); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to create private key file"); - SC_FUNC_CALLED(card->ctx, 1); - file->type = SC_FILE_TYPE_WORKING_EF; - file->ef_structure = SC_FILE_EF_TRANSPARENT; - file->id = path->value[path->len-2] * 0x100 + path->value[path->len-1]; - memcpy(&file->path, path, sizeof(file->path)); + key_info->key_reference = file->path.value[file->path.len - 1]; - rv = cosm_delete_file(card, profile, file); - sc_file_free(file); - SC_FUNC_RETURN(card->ctx, 1, rv); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv); } + +/* + * Store a private key + */ static int -cosm_path_to_index (struct sc_pkcs15_object *object, int *index, sc_pkcs15_der_t *out_der) +cosm_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct sc_pkcs15_object *object, + struct sc_pkcs15_prkey *prkey) { - struct sc_path path; - sc_pkcs15_der_t der; - - if (!object || !index || !out_der) - return SC_ERROR_INVALID_ARGUMENTS; - - switch (object->type & SC_PKCS15_TYPE_CLASS_MASK) { - case SC_PKCS15_TYPE_PRKEY: - path = ((struct sc_pkcs15_prkey_info *)object->data)->path; - der = ((struct sc_pkcs15_prkey_info *)object->data)->value; - break; - case SC_PKCS15_TYPE_PUBKEY: - path = ((struct sc_pkcs15_pubkey_info *)object->data)->path; - der = ((struct sc_pkcs15_pubkey_info *)object->data)->value; - break; - case SC_PKCS15_TYPE_CERT: - path = ((struct sc_pkcs15_cert_info *)object->data)->path; - der = ((struct sc_pkcs15_cert_info *)object->data)->value; - break; - case SC_PKCS15_TYPE_DATA_OBJECT: - path = ((struct sc_pkcs15_data_info *)object->data)->path; - der = ((struct sc_pkcs15_data_info *)object->data)->value; - break; - default: - return SC_ERROR_INTERNAL; - - } + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_prkey_info *key_info = (struct sc_pkcs15_prkey_info *)object->data; + struct sc_file *file = NULL; + struct sc_cardctl_oberthur_updatekey_info update_info; + int rv = 0; - out_der->value = der.value; - out_der->len = der.len; - *index = path.value[path.len-1] & 0xFF; - - return SC_SUCCESS; -} + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + if (object->type != SC_PKCS15_TYPE_PRKEY_RSA || prkey->algorithm != SC_ALGORITHM_RSA) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "Store key failed: RSA only supported"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "store key with ID:%s and path:%s", sc_pkcs15_print_id(&key_info->id), + sc_print_path(&key_info->path)); -static int -cosm_set_id (struct sc_context *ctx, struct sc_pkcs15_object *object, - unsigned char *in, int in_len) -{ - struct sc_pkcs15_id *id; + rv = sc_select_file(p15card->card, &key_info->path, &file); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot store key: select key file failed"); + + rv = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_UPDATE); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "No authorisation to store private key"); - SC_FUNC_CALLED(ctx, 1); - sc_debug(ctx, "in_len %i, type 0x%X\n", in_len, object->type); - if (!object || !in || !in_len || in_len > SC_PKCS15_MAX_ID_SIZE) - return SC_ERROR_INVALID_ARGUMENTS; + if (key_info->id.len > sizeof(update_info.id)) + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS); - switch (object->type & SC_PKCS15_TYPE_CLASS_MASK) { - case SC_PKCS15_TYPE_PRKEY: - id = &((struct sc_pkcs15_prkey_info *)object->data)->id; - break; - case SC_PKCS15_TYPE_PUBKEY: - id = &((struct sc_pkcs15_pubkey_info *)object->data)->id; - break; - case SC_PKCS15_TYPE_CERT: - id = &((struct sc_pkcs15_cert_info *)object->data)->id; - break; - case SC_PKCS15_TYPE_DATA_OBJECT: - id = &((struct sc_pkcs15_data_info *)object->data)->id; - break; - default: - return SC_ERROR_INTERNAL; + memset(&update_info, 0, sizeof(update_info)); + update_info.type = SC_CARDCTL_OBERTHUR_KEY_RSA_CRT; + update_info.data = (void *)&prkey->u.rsa; + update_info.data_len = sizeof(void *); + update_info.id_len = key_info->id.len; + memcpy(update_info.id, key_info->id.value, update_info.id_len); + + rv = sc_card_ctl(p15card->card, SC_CARDCTL_OBERTHUR_UPDATE_KEY, &update_info); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot update private key"); - } + if (file) + sc_file_free(file); - memcpy(id->value, in, in_len); - id->len = in_len; - - sc_debug(ctx, "id %s\n", sc_pkcs15_print_id(id)); - SC_FUNC_RETURN(ctx, 1, SC_SUCCESS); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv); } -static int -cosm_update_df_delete_object(struct sc_pkcs15_card *p15card, - struct sc_profile *profile, - struct sc_pkcs15_object *object) +static int +cosm_emu_update_dir (struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct sc_app_info *info) { - int rv; - SC_FUNC_CALLED(p15card->card->ctx, 1); - - rv = cosm_ext_remove_data (profile, p15card->card, object); - - SC_FUNC_RETURN(p15card->card->ctx, 1, rv); -} - - -static int -cosm_update_df_new_object(struct sc_pkcs15_card *p15card, - struct sc_profile *profile, - struct sc_pkcs15_object *object) -{ - struct sc_pkcs15_pubkey pubkey; - struct sc_pkcs15_der der; - struct sc_pkcs15_tokeninfo tokeninfo; - struct cosm_key_info ikey; - struct cosm_cert_info icert; - struct cosm_data_info idata; - struct sc_card *card = p15card->card; - struct sc_file *info_file=NULL, *obj_file=NULL; - int index, prvkey_id, rv; - - SC_FUNC_CALLED(card->ctx, 1); - if (!p15card || !profile) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); - else if (!object) - SC_FUNC_RETURN(card->ctx, 1, SC_SUCCESS); - - if (object->type == SC_PKCS15_TYPE_AUTH_PIN) { - sc_debug(card->ctx, "P15 Label %s\n", p15card->label); - p15card->label = realloc(p15card->label, - strlen(p15card->label) + strlen(labelPinDomain) + 5); - if (!p15card->label) - return SC_ERROR_MEMORY_FAILURE; - - strcat(p15card->label, " ("); - strcat(p15card->label, labelPinDomain); - strcat(p15card->label, ")"); - - memset(&tokeninfo, 0, sizeof(tokeninfo)); - - tokeninfo.label = p15card->label; - - sc_debug(card->ctx, "Before cosm_update_tokeninfo()"); - rv = cosm_update_tokeninfo(p15card, profile, &tokeninfo); - return rv; - } - - sc_debug(p15card->card->ctx, "object %s; type 0x%X; der length %i; data %p\n", - object->label, object->type, object->der.len, object->data); - rv = cosm_path_to_index (object, &index, &der); - if (rv) { - sc_debug(p15card->card->ctx, "return %i", rv); - return rv; - } - sc_debug(p15card->card->ctx, "der.value %p; der.len %i\n", der.value, der.len); - - rv = cosm_oberthur_new_file(profile, card, object->type, - index, &info_file, &obj_file); - if (rv) { - sc_debug(p15card->card->ctx, "return %i", rv); - return rv; - } - - switch (object->type) { - case SC_PKCS15_TYPE_PRKEY_RSA: - case SC_PKCS15_TYPE_PUBKEY_RSA: - pubkey.algorithm = SC_ALGORITHM_RSA; - - rv = sc_pkcs15_decode_pubkey(card->ctx, &pubkey, der.value, der.len); - sc_debug(card->ctx, "rv %i\n", rv); - if (rv) - break; - - rv = cosm_encode_key_info(card, &pubkey.u.rsa, object->type, &ikey); - sc_debug(card->ctx, "rv %i\n", rv); - if (rv) - break; - - rv = cosm_set_key_info(profile, card, info_file, &ikey, NULL); - sc_debug(card->ctx, "rv %i\n", rv); - if (rv) - break; - - rv = cosm_update_object_list(profile, card, object->type, index); - sc_debug(card->ctx, "rv %i\n", rv); - if (rv) - break; - - /* - * Look for the container that contains corresponding certificate to - * include the key object. - * Create a new container, if there is no corresponding certificate. - */ - rv = cosm_update_container(profile, card, object->type, &ikey.id, index, NULL); - sc_debug(card->ctx, "rv %i\n", rv); - if (rv) - break; - - rv = cosm_set_id (card->ctx, object, ikey.id.value, ikey.id.len); - sc_debug(card->ctx, "rv %i\n", rv); - if (rv) - break; - - cosm_free_key_info(&ikey); - break; - case SC_PKCS15_TYPE_CERT_X509: - rv = cosm_encode_cert_info(card, &der, &icert); - sc_debug(card->ctx, "rv %i\n", rv); - if (rv) - break; - - rv = cosm_set_certificate_info(profile, card, info_file, &icert); - sc_debug(card->ctx, "rv %i\n", rv); - if (rv) - break; - - rv = cosm_update_object_list(profile, card, object->type, index); - sc_debug(card->ctx, "rv %i\n", rv); - if (rv) - break; - - /* - * Look for the container that contains corresponding key to - * include this certificate object. - * Create a new container, if there is no corresponding key. - */ - rv = cosm_update_container(profile, card, object->type, &icert.key.id, index, - &prvkey_id); - if (rv) - break; - - sc_debug(card->ctx, "rv %i; friend 0x%X\n", rv, prvkey_id); - if (prvkey_id) - rv = cosm_update_key_info(profile, card, prvkey_id, &icert); - - rv = cosm_set_id (card->ctx, object, icert.key.id.value, icert.key.id.len); - sc_debug(card->ctx, "rv %i\n", rv); - if (rv) - break; - - cosm_free_cert_info(&icert); - break; - case SC_PKCS15_TYPE_DATA_OBJECT: - rv = cosm_encode_data_info(card, &der, - (sc_pkcs15_data_info_t *)object->data, &idata); - sc_debug(card->ctx, "rv %i\n", rv); - if (rv) - break; - - rv = cosm_set_data_info(profile, card, info_file, &idata); - sc_debug(card->ctx, "rv %i\n", rv); - if (rv) - break; - - rv = cosm_update_object_list(profile, card, object->type, index); - sc_debug(card->ctx, "rv %i\n", rv); - if (rv) - break; - - cosm_free_data_info(&idata); - break; - default: - sc_error(card->ctx, "Unsupported type %i\n", object->type); - return SC_ERROR_INVALID_ARGUMENTS; - } - - sc_debug(card->ctx, "rv %i\n",rv); - - if (rv > 0) - rv = 0; - - if (info_file) - sc_file_free(info_file); - if (obj_file) - sc_file_free(obj_file); - - SC_FUNC_RETURN(card->ctx, 1, rv); + /* No DIR file in the native Oberthur card */ + SC_FUNC_RETURN(p15card->card->ctx, 1, SC_SUCCESS); } static int -cosm_update_df(struct sc_pkcs15_card *p15card, - struct sc_profile *profile, - int op, - struct sc_pkcs15_object *object) +cosm_emu_update_any_df(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + unsigned op, struct sc_pkcs15_object *object) { + struct sc_context *ctx = p15card->card->ctx; + int rv = SC_ERROR_NOT_SUPPORTED; + + SC_FUNC_CALLED(ctx, 1); +#ifdef ENABLE_OPENSSL switch(op) { case SC_AC_OP_ERASE: - return cosm_update_df_delete_object(p15card, profile, object); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Update DF; erase object('%s',type:%X)", object->label, object->type); + rv = awp_update_df_delete(p15card, profile, object); + break; case SC_AC_OP_CREATE: - return cosm_update_df_new_object(p15card, profile, object); - default: - return SC_ERROR_NOT_SUPPORTED; + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Update DF; create object('%s',type:%X)", object->label, object->type); + rv = awp_update_df_create(p15card, profile, object); + break; } +#endif + SC_FUNC_RETURN(ctx, 1, rv); } static int -cosm_update_dir (struct sc_pkcs15_card *p15card, - struct sc_profile *profile, struct sc_app_info *info) -{ - sc_debug(p15card->card->ctx, "return 0"); - return 0; -} - - -static int -cosm_update_tokeninfo (struct sc_pkcs15_card *p15card, - struct sc_profile *profile, struct sc_pkcs15_tokeninfo *info) +cosm_emu_update_tokeninfo(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct sc_pkcs15_tokeninfo *tinfo) { - int rv, sz; - char *buffer = NULL; + struct sc_context *ctx = p15card->card->ctx; struct sc_file *file = NULL; + int rv, flags = 0, label_len; + unsigned char *buf = NULL; - if (!p15card || !profile || !info) - return SC_ERROR_INVALID_ARGUMENTS; + SC_FUNC_CALLED(ctx, 1); - SC_FUNC_CALLED(p15card->card->ctx, 1); - - if (sc_profile_get_file(profile, COSM_TITLE"-token-info", &file)) { - sc_error(p15card->card->ctx, - "Inconsistent profile: cannot find "COSM_TITLE"-token-info"); - return SC_ERROR_INCONSISTENT_PROFILE; - } - - buffer = malloc(file->size + 1); - if (!buffer) - SC_FUNC_RETURN(p15card->card->ctx, 1, SC_ERROR_MEMORY_FAILURE); - - if (info->label) { - strncpy(buffer, info->label, file->size); - } - else { - snprintf(buffer, file->size, "IDX-SCM"); - } - - sc_debug(p15card->card->ctx, "buffer: '%s'", info->label); - *(buffer + file->size) = '\0'; - - sc_debug(p15card->card->ctx, "buffer '%s'\n", buffer); - sz = strlen(buffer); - if (sz < file->size) - memset(buffer + sz, ' ', file->size - sz); - - memcpy(buffer + file->size - 4, "\0\0\x4\xD", 4); - rv = sc_pkcs15init_update_file(profile, p15card->card, file, buffer, file->size); + if (sc_profile_get_file(profile, COSM_TITLE"-token-info", &file)) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCONSISTENT_PROFILE, "cannot find "COSM_TITLE"-token-info"); - free(buffer); - - SC_FUNC_RETURN(p15card->card->ctx, 1, rv); -} - - -int cosm_write_info (struct sc_card *card, - struct sc_profile *profile, struct sc_pkcs15_object *object) -{ - return SC_SUCCESS; -} + buf = calloc(1, file->size); + if (!buf) + SC_FUNC_RETURN(ctx, 1, SC_ERROR_OUT_OF_MEMORY); + + label_len = strlen(tinfo->label) > (file->size - 4) ? (file->size - 4) : strlen(tinfo->label); + memcpy(buf, tinfo->label, label_len); + memset(buf + label_len, ' ', file->size - 4 - label_len); + + /* current PKCS#11 flags should be read from the token, + * but for simplicity assume that user-pin is already initialised -- Andre 2010-10-05 + */ + flags = COSM_TOKEN_FLAG_TOKEN_INITIALIZED + | COSM_TOKEN_FLAG_USER_PIN_INITIALIZED + | COSM_TOKEN_FLAG_LOGIN_REQUIRED + | COSM_TOKEN_FLAG_PRN_GENERATION; + + memset(buf + file->size - 4, 0, 4); + *(buf + file->size - 1) = flags % 0x100; + *(buf + file->size - 2) = (flags % 0x10000) / 0x100; + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Update token info (label:'%s',flags:%X,p15card->flags:%X)", buf, flags, p15card->flags); + rv = sc_pkcs15init_update_file(profile, p15card, file, buf, file->size); + free(buf); + if (rv > 0) + rv = 0; -int -cosm_change_label(struct sc_pkcs15_card *p15card, struct sc_profile *profile, - struct sc_pkcs15_object *object, - void *value, int len) -{ - struct sc_card *card = p15card->card; - int rv; - - SC_FUNC_CALLED(card->ctx, 1); - sc_debug(card->ctx, "len %i\n", len); - if (len >= SC_PKCS15_MAX_LABEL_SIZE) - return SC_ERROR_INVALID_ARGUMENTS; - - memcpy(object->label, value, len); - object->label[len] = '\0'; -#if 0 - /* TODO */ -#else - rv = 0; -#endif - - SC_FUNC_RETURN(card->ctx, 1, rv); -} - - -int -cosm_change_id(struct sc_pkcs15_card *p15card, struct sc_profile *profile, - struct sc_pkcs15_object *object, struct sc_pkcs15_id *in_id) -{ - struct sc_card *card = p15card->card; - struct sc_pkcs15_id *id; - - SC_FUNC_CALLED(card->ctx, 1); - if (!object || !in_id) - return SC_ERROR_INVALID_ARGUMENTS; - - switch(object->type & SC_PKCS15_TYPE_CLASS_MASK) { - case SC_PKCS15_TYPE_PRKEY: - id = &(((sc_pkcs15_prkey_info_t *) object->data)->id); - break; - case SC_PKCS15_TYPE_PUBKEY: - id = &(((sc_pkcs15_pubkey_info_t *) object->data)->id); - break; - case SC_PKCS15_TYPE_CERT: - id = &(((sc_pkcs15_cert_info_t *) object->data)->id); - break; - default: - return SC_ERROR_NOT_SUPPORTED; - } - - if (id->len != in_id->len || memcmp(id->value, in_id->value, id->len)) { - sc_debug(card->ctx, "obj.id %s; in.id %s\n", - sc_pkcs15_print_id(id), sc_pkcs15_print_id(in_id)); - return SC_ERROR_NOT_SUPPORTED; - } - - SC_FUNC_RETURN(card->ctx, 1, SC_SUCCESS); -} - - -int -cosm_change_attrib(struct sc_pkcs15_card *p15card, - struct sc_profile *profile, struct sc_pkcs15_object *object, - int new_attrib_type, void *new_value, int new_len) -{ - struct sc_card *card = p15card->card; - int rv; - - SC_FUNC_CALLED(card->ctx, 1); - sc_debug(card->ctx, "attribute type 0x%X; len %i\n", new_attrib_type, new_len); - if (!p15card || !object || !new_value || new_len < 1) - return SC_ERROR_OBJECT_NOT_FOUND; - - switch(new_attrib_type) { - case P15_ATTR_TYPE_LABEL: - rv = cosm_change_label(p15card, profile, object, new_value, new_len); - break; - case P15_ATTR_TYPE_ID: - if (new_len != sizeof(struct sc_pkcs15_id)) - return SC_ERROR_INVALID_ARGUMENTS; - - rv = cosm_change_id(p15card, profile, object, (struct sc_pkcs15_id *)new_value); - break; - default: - rv = SC_ERROR_NOT_SUPPORTED; - break; - } - - SC_FUNC_RETURN(card->ctx, 1, rv); + SC_FUNC_RETURN(ctx, 1, rv); } -int -cosm_select_id (struct sc_pkcs15_card *p15card, int type, - sc_pkcs15_id_t *id, void *data) +static int +cosm_emu_write_info(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct sc_pkcs15_object *pin_obj) { SC_FUNC_CALLED(p15card->card->ctx, 1); -#ifdef ENABLE_OPENSSL - if (!data || !id) - SC_FUNC_RETURN(p15card->card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); - - if (type == SC_PKCS15_TYPE_PRKEY) { - struct sc_pkcs15_prkey *key = (struct sc_pkcs15_prkey *)data; - if (key->algorithm == SC_ALGORITHM_RSA) { - struct sc_pkcs15_prkey_rsa *rsa = &key->u.rsa; - - SHA1(rsa->modulus.data, rsa->modulus.len, id->value); - id->len = SHA_DIGEST_LENGTH; - sc_debug(p15card->card->ctx, "private key ID %s\n", sc_pkcs15_print_id(id)); - } - } - else if (type == SC_PKCS15_TYPE_CERT) { - struct sc_pkcs15_der *der = (struct sc_pkcs15_der *)data; - EVP_PKEY *pkey = NULL; - X509 *x = NULL; - BIO *mem = NULL; - BIGNUM *bn = NULL; - unsigned char *buff = NULL; - int rv, bn_size; - - rv = SC_ERROR_INTERNAL; - id->len = 0; - do { - mem = BIO_new_mem_buf(der->value, der->len); - if (!mem) - break; - x = d2i_X509_bio(mem, NULL); - if (!x) - break; - pkey=X509_get_pubkey(x); - if (!pkey || pkey->type != EVP_PKEY_RSA) - break; - bn = pkey->pkey.rsa->n; - bn_size = BN_num_bytes(pkey->pkey.rsa->n); - - buff = OPENSSL_malloc(bn_size); - if (!buff) - break; - if (BN_bn2bin(bn, buff) != bn_size) - break; - if (!SHA1(buff, bn_size, id->value)) - break; - id->len = SHA_DIGEST_LENGTH; - - sc_debug(p15card->card->ctx, "cert ID %s\n", sc_pkcs15_print_id(id)); - rv = SC_SUCCESS; - } while (0); - - if (x) - X509_free(x); - if (mem) - BIO_free(mem); - if (buff) - OPENSSL_free(buff); - - SC_FUNC_RETURN(p15card->card->ctx, 1, rv); - } - else if (type == SC_PKCS15_TYPE_PUBKEY) { - struct sc_pkcs15_pubkey *key = (struct sc_pkcs15_pubkey *)data; - - if (key->algorithm == SC_ALGORITHM_RSA) { - struct sc_pkcs15_pubkey_rsa *rsa = &key->u.rsa; - - SHA1(rsa->modulus.data, rsa->modulus.len, id->value); - id->len = SHA_DIGEST_LENGTH; - sc_debug(p15card->card->ctx, "public key ID %s\n", sc_pkcs15_print_id(id)); - } - } -#endif - SC_FUNC_RETURN(p15card->card->ctx, 1, 0); + /* No OpenSC Info file in the native Oberthur card */ + SC_FUNC_RETURN(p15card->card->ctx, 1, SC_SUCCESS); } -#endif /* COSM_EXTENDED */ + static struct sc_pkcs15init_operations sc_pkcs15init_oberthur_operations = { cosm_erase_card, - NULL, /* init_card */ - NULL, /* create_dir */ - NULL, /* create_domain */ + NULL, /* init_card */ + cosm_create_dir, /* create_dir */ + NULL, /* create_domain */ cosm_select_pin_reference, cosm_create_pin, - NULL, /* select_key_reference */ - NULL, /* create_key */ - NULL, /* store_key */ - NULL, /* generate_key */ + NULL, /* select_key_reference */ + cosm_create_key, /* create_key */ + cosm_store_key, /* store_key */ + cosm_generate_key, /* generate_key */ NULL, - NULL, /* encode private/public key */ - NULL, /* finalize_card */ - cosm_init_app, /* old */ - NULL, /* new_pin */ - cosm_new_key, - cosm_new_file, - cosm_old_generate_key, - -#ifdef COSM_EXTENDED - cosm_delete_object, /* delete_object */ - NULL, /* ext_store_data */ - NULL, /* ext_remove_data */ - cosm_update_df, /* ext_update_df */ - cosm_update_dir, /* ext_update_dir */ - cosm_update_tokeninfo, /* ext_update_tokeninfo */ - cosm_write_info, /* ext_write_info */ - cosm_change_attrib, /* ext_pkcs15init_change_attrib */ - cosm_select_id, /* ext_select_id */ -#endif - NULL + NULL, /* encode private/public key */ + NULL, /* finalize_card */ + NULL, /* delete_object */ +#ifdef ENABLE_OPENSSL + cosm_emu_update_dir, + cosm_emu_update_any_df, + cosm_emu_update_tokeninfo, + cosm_emu_write_info, + NULL, + NULL +#else + NULL, NULL, NULL, NULL, NULL, + NULL +#endif }; struct sc_pkcs15init_operations * diff -Nru opensc-0.11.13/src/pkcs15init/pkcs15-oberthur.h opensc-0.12.1/src/pkcs15init/pkcs15-oberthur.h --- opensc-0.11.13/src/pkcs15init/pkcs15-oberthur.h 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/pkcs15-oberthur.h 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,99 @@ +#ifndef pkcs15_oberthur_h +#define pkcs15_oberthur_h + +#include +#include +#include +#include + +#include "config.h" + +#ifdef ENABLE_OPENSSL +#include +#include +#include +#include +#include +#include +#include +#include + +#define COSM_TLV_TAG 0x00 + +#define TLV_TYPE_V 0 +#define TLV_TYPE_LV 1 +#define TLV_TYPE_LLV 2 + +/* Should be greater then SC_PKCS15_TYPE_CLASS_MASK */ +#define SC_DEVICE_SPECIFIC_TYPE 0x1000 + +#define COSM_PUBLIC_LIST (SC_DEVICE_SPECIFIC_TYPE | 0x02) +#define COSM_PRIVATE_LIST (SC_DEVICE_SPECIFIC_TYPE | 0x03) +#define COSM_CONTAINER_LIST (SC_DEVICE_SPECIFIC_TYPE | 0x04) +#define COSM_TOKENINFO (SC_DEVICE_SPECIFIC_TYPE | 0x05) +#define COSM_TYPE_PRKEY_RSA (SC_DEVICE_SPECIFIC_TYPE | SC_PKCS15_TYPE_PRKEY_RSA) +#define COSM_TYPE_PUBKEY_RSA (SC_DEVICE_SPECIFIC_TYPE | SC_PKCS15_TYPE_PUBKEY_RSA) +#define COSM_TYPE_PRIVDATA_OBJECT (SC_DEVICE_SPECIFIC_TYPE | 0x06) + +#define COSM_TITLE "OberthurAWP" + +#define COSM_LIST_TAG 0xFF + +#define COSM_TAG_CONTAINER 0x0000 +#define COSM_TAG_CERT 0x0001 +#define COSM_TAG_PRVKEY_RSA 0x04B1 +#define COSM_TAG_PUBKEY_RSA 0x0349 +#define COSM_TAG_DES 0x0679 +#define COSM_TAG_DATA 0x0001 +#define COSM_IMPORTED 0x0000 +#define COSM_GENERATED 0x0004 + +#define NAME_MAX_LEN 64 + +#define PUBKEY_512_ASN1_SIZE 0x4A +#define PUBKEY_1024_ASN1_SIZE 0x8C +#define PUBKEY_2048_ASN1_SIZE 0x10E + +#define AWP_CONTAINER_RECORD_LEN 12 + +struct awp_crypto_container { + int type; + unsigned cert_id; + unsigned prkey_id; + unsigned pubkey_id; +}; + +struct awp_lv { + unsigned len; + unsigned char *value; +}; + +struct awp_key_info { + unsigned flags; + unsigned usage; + struct awp_lv label; + struct awp_lv id; + struct awp_lv subject; + struct awp_lv exponent, modulus; +}; + +struct awp_cert_info { + unsigned flags; + struct awp_lv label; + struct awp_lv cn, subject, issuer; + struct awp_lv id; + struct awp_lv serial; + X509 *x509; +}; + +struct awp_data_info { + unsigned flags; + struct awp_lv label, app, oid; +}; + +extern int cosm_delete_file(struct sc_pkcs15_card *, struct sc_profile *, struct sc_file *); +extern int awp_update_df_create(struct sc_pkcs15_card *, struct sc_profile *, struct sc_pkcs15_object *); +extern int awp_update_df_delete(struct sc_pkcs15_card *, struct sc_profile *, struct sc_pkcs15_object *); + +#endif /* #ifdef ENABLE_OPENSSL */ +#endif /* #ifndef pkcs15_oberthur_h*/ diff -Nru opensc-0.11.13/src/pkcs15init/pkcs15.profile opensc-0.12.1/src/pkcs15init/pkcs15.profile --- opensc-0.11.13/src/pkcs15init/pkcs15.profile 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/pkcs15.profile 2011-05-17 17:07:00.000000000 +0000 @@ -21,7 +21,13 @@ # Put the DF length into the ODF file? encode-df-length = no; # Have a lastUpdate field in the EF(TokenInfo)? - do-last-update = yes; + do-last-update = yes; + # Method to calculate ID of the crypto objects + # mozilla: SHA1(modulus) for RSA, SHA1(pub) for DSA + # rfc2459: SHA1(SequenceASN1 of public key components as ASN1 integers) + # native: 'E' + number_of_present_objects_of_the_same_type + # default value: 'native' + pkcs15-id-style = mozilla; } # Default settings. @@ -75,17 +81,6 @@ } } -option oberthur { - macros { - odf-size = 512; - aodf-size = 512; - cdf-size = 3072; - prkdf-size = 1024; - pukdf-size = 1024; - dodf-size = 512; - } -} - # This option tells pkcs15-init to use the direct option # when storing certificates on the card (i.e. put the # certificates into the CDF itself, rather than a diff -Nru opensc-0.11.13/src/pkcs15init/pkcs15-rtecp.c opensc-0.12.1/src/pkcs15init/pkcs15-rtecp.c --- opensc-0.11.13/src/pkcs15init/pkcs15-rtecp.c 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/pkcs15-rtecp.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,16 +18,16 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #include #include -#include -#include -#include -#include + +#include "libopensc/opensc.h" +#include "libopensc/cardctl.h" +#include "libopensc/log.h" +#include "libopensc/pkcs15.h" #include "pkcs15-init.h" #include "profile.h" @@ -37,15 +37,15 @@ /* * Erase everything that's on the card */ -static int rtecp_erase(sc_profile_t *profile, sc_card_t *card) +static int rtecp_erase(sc_profile_t *profile, sc_pkcs15_card_t *p15card) { int r; - if (!profile || !card) + if (!profile || !p15card || !p15card->card) return SC_ERROR_INVALID_ARGUMENTS; - r = sc_card_ctl(card, SC_CARDCTL_RTECP_INIT, NULL); + r = sc_card_ctl(p15card->card, SC_CARDCTL_RTECP_INIT, NULL); if (r == SC_SUCCESS) - sc_free_apps(card); + sc_free_apps(p15card->card); return r; } @@ -76,37 +76,40 @@ assert(file); sc_file_free(file); } - if (r && card->ctx->debug >= 2) - sc_debug(card->ctx, "Create %s failed: %s\n", name, sc_strerror(r)); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "Create %s failed: %s\n", name, sc_strerror(r)); return r; } /* * Card-specific initialization of PKCS15 meta-information */ -static int rtecp_init(sc_profile_t *profile, sc_card_t *card) +static int rtecp_init(sc_profile_t *profile, sc_pkcs15_card_t *p15card) { + sc_card_t *card; sc_file_t *file; int r; - if (!profile || !card || !card->ctx) + if (!profile || !p15card || !p15card->card || !p15card->card->ctx) return SC_ERROR_INVALID_ARGUMENTS; + card = p15card->card; + r = sc_profile_get_file(profile, "MF", &file); - SC_TEST_RET(card->ctx, r, "Get MF info failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Get MF info failed"); assert(file); r = sc_create_file(card, file); assert(file); sc_file_free(file); - SC_TEST_RET(card->ctx, r, "Create MF failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Create MF failed"); r = sc_profile_get_file(profile, "DIR", &file); - SC_TEST_RET(card->ctx, r, "Get DIR file info failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Get DIR file info failed"); assert(file); r = sc_create_file(card, file); assert(file); sc_file_free(file); - SC_TEST_RET(card->ctx, r, "Create DIR file failed"); + SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "Create DIR file failed"); create_sysdf(profile, card, "Sys-DF"); create_sysdf(profile, card, "SysKey-DF"); @@ -116,62 +119,72 @@ create_sysdf(profile, card, "Cer-DF"); create_sysdf(profile, card, "LCHV-DF"); + create_sysdf(profile, card, "Resrv1-DF"); + create_sysdf(profile, card, "Resrv2-DF"); + create_sysdf(profile, card, "Resrv3-DF"); + create_sysdf(profile, card, "Resrv4-DF"); + return sc_select_file(card, sc_get_mf_path(), NULL); } /* * Create a DF */ -static int rtecp_create_dir(sc_profile_t *profile, sc_card_t *card, sc_file_t *df) +static int rtecp_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df) { - if (!profile || !card || !df) + if (!profile || !p15card || !p15card->card || !df) return SC_ERROR_INVALID_ARGUMENTS; - return sc_create_file(card, df); + return sc_create_file(p15card->card, df); } /* * Select a PIN reference */ -static int rtecp_select_pin_reference(sc_profile_t *profile, sc_card_t *card, +static int rtecp_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_pin_info_t *pin_info) { - if (!profile || !card || !card->ctx || !pin_info) + int pin_ref; + + if (!profile || !p15card || !p15card->card || !p15card->card->ctx || !pin_info) return SC_ERROR_INVALID_ARGUMENTS; - if (pin_info->reference > 2) - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_NOT_SUPPORTED); if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) - pin_info->reference = RTECP_SO_PIN_REF; + pin_ref = RTECP_SO_PIN_REF; else - pin_info->reference = RTECP_USER_PIN_REF; + pin_ref = RTECP_USER_PIN_REF; + if (pin_info->reference != pin_ref) + SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED); + return SC_SUCCESS; } /* * Create a PIN object within the given DF */ -static int rtecp_create_pin(sc_profile_t *profile, sc_card_t *card, +static int rtecp_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df, sc_pkcs15_object_t *pin_obj, const unsigned char *pin, size_t pin_len, const unsigned char *puk, size_t puk_len) { + sc_context_t *ctx; sc_pkcs15_pin_info_t *pin_info; sc_file_t *file; /* GCHV min-length Flags Attempts Reserve */ - unsigned char prop[] = { 0x01, '?', 0x01, 0xFF, 0, 0 }; - /* AccessMode Unblock Change Delete */ - unsigned char sec[15] = { 0x43, RTECP_SO_PIN_REF, '?', 0, 0, 0, 0, 0xFF }; + unsigned char prop[] = { 0x01, '?', 0x01, '?', 0, 0 }; + /* AccessMode Unblock Change Delete */ + unsigned char sec[15] = { 0x43, '?', '?', 0, 0, 0, 0, 0xFF }; int r; (void)puk; /* no warning */ - if (!profile || !card || !card->ctx || !df || !pin_obj || !pin_obj->data - || !pin || !pin_len) + if (!profile || !p15card || !p15card->card || !p15card->card->ctx || !df + || !pin_obj || !pin_obj->data || !pin || !pin_len) return SC_ERROR_INVALID_ARGUMENTS; - SC_FUNC_CALLED(card->ctx, 1); + ctx = p15card->card->ctx; + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); if (puk_len != 0) { - sc_error(card->ctx, "Do not enter User unblocking PIN (PUK): %s\n", + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Do not enter User unblocking PIN (PUK): %s\n", sc_strerror(SC_ERROR_NOT_SUPPORTED)); return SC_ERROR_NOT_SUPPORTED; } @@ -179,46 +192,48 @@ if (pin_info->reference != RTECP_SO_PIN_REF && pin_info->reference != RTECP_USER_PIN_REF) { - sc_debug(card->ctx, "PIN reference %i not found in standard" + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "PIN reference %i not found in standard" " (Rutoken ECP) PINs\n", pin_info->reference); return SC_ERROR_NOT_SUPPORTED; } file = sc_file_new(); if (!file) - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_OUT_OF_MEMORY); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); file->id = pin_info->reference; file->size = pin_len; assert(sizeof(sec)/sizeof(sec[0]) > 2); + sec[1] = (pin_info->reference == RTECP_SO_PIN_REF) ? 0xFF : RTECP_SO_PIN_REF; sec[2] = (unsigned char)pin_info->reference; r = sc_file_set_sec_attr(file, sec, sizeof(sec)); if (r == SC_SUCCESS) { - assert(sizeof(prop)/sizeof(prop[0]) > 1); + assert(sizeof(prop)/sizeof(prop[0]) > 3); prop[1] = (unsigned char)pin_info->min_length; + prop[3] = 0x11 * (unsigned char)(pin_info->tries_left & 0x0F); r = sc_file_set_prop_attr(file, prop, sizeof(prop)); } if (r == SC_SUCCESS) r = sc_file_set_type_attr(file, (const u8*)"\x10\x00", 2); if (r == SC_SUCCESS) - r = sc_create_file(card, file); + r = sc_create_file(p15card->card, file); sc_file_free(file); if (r == SC_SUCCESS) - r = sc_change_reference_data(card, pin_info->type, pin_info->reference, - NULL, 0, pin, pin_len, NULL); - SC_FUNC_RETURN(card->ctx, 1, r); + r = sc_change_reference_data(p15card->card, SC_AC_CHV, + pin_info->reference, NULL, 0, pin, pin_len, NULL); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r); } /* * Select a reference for a private key object */ static int rtecp_select_key_reference(sc_profile_t *profile, - sc_card_t *card, sc_pkcs15_prkey_info_t *key_info) + sc_pkcs15_card_t *p15card, sc_pkcs15_prkey_info_t *key_info) { sc_file_t *df; int r; - if (!profile || !card || !card->ctx || !key_info) + if (!profile || !p15card || !p15card->card || !p15card->card->ctx || !key_info) return SC_ERROR_INVALID_ARGUMENTS; if (key_info->key_reference <= 0) @@ -227,7 +242,7 @@ return SC_ERROR_TOO_MANY_OBJECTS; r = sc_profile_get_file(profile, "PrKey-DF", &df); - SC_TEST_RET(card->ctx, r, "Get PrKey-DF info failed"); + SC_TEST_RET(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r, "Get PrKey-DF info failed"); assert(df); key_info->path = df->path; sc_file_free(df); @@ -238,9 +253,10 @@ /* * Create an empty key object */ -static int rtecp_create_key(sc_profile_t *profile, sc_card_t *card, +static int rtecp_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_object_t *obj) { + sc_context_t *ctx; /* RSA_PRkey/ for Miller- * RSA_PUBkey Rabin test Attempts Reserve */ const unsigned char prkey_prop[] = { 0x23, 0x1F, 0, 0xFF, 0, 0 }; @@ -257,10 +273,12 @@ sc_file_t *file; int r; - if (!profile || !card || !card->ctx || !obj || !obj->data) + if (!profile || !p15card || !p15card->card || !p15card->card->ctx + || !obj || !obj->data) return SC_ERROR_INVALID_ARGUMENTS; - SC_FUNC_CALLED(card->ctx, 1); + ctx = p15card->card->ctx; + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA && obj->type != SC_PKCS15_TYPE_PRKEY_GOSTR3410) return SC_ERROR_NOT_SUPPORTED; @@ -276,18 +294,17 @@ && key_info->modulus_length != SC_PKCS15_GOSTR3410_KEYSIZE)) { - sc_error(card->ctx, "Unsupported key size %u\n", - key_info->modulus_length); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Unsupported key size %u\n", key_info->modulus_length); return SC_ERROR_INVALID_ARGUMENTS; } if (obj->type == SC_PKCS15_TYPE_PRKEY_GOSTR3410) { - if (key_info->params_len < sizeof(int)) + if (key_info->params.len < sizeof(int)) return SC_ERROR_INVALID_ARGUMENTS; - if (((int*)key_info->params)[0] < 1 - || ((int*)key_info->params)[0] > 3) + if (((int*)key_info->params.data)[0] < 1 + || ((int*)key_info->params.data)[0] > 3) return SC_ERROR_INVALID_ARGUMENTS; - paramset = ((unsigned int*)key_info->params)[0] & 0x03; + paramset = ((unsigned int*)key_info->params.data)[0] & 0x03; assert(sizeof(prgkey_prop)/sizeof(prgkey_prop[0]) > 1); assert(sizeof(pbgkey_prop)/sizeof(pbgkey_prop[0]) > 1); prgkey_prop[1] = 0x10 + (paramset << 4); @@ -295,17 +312,17 @@ } r = sc_profile_get_file(profile, "PKCS15-AppDF", &file); - SC_TEST_RET(card->ctx, r, "Get PKCS15-AppDF info failed"); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Get PKCS15-AppDF info failed"); r = sc_file_add_acl_entry(file, SC_AC_OP_CREATE, SC_AC_CHV, auth_id); if (r == SC_SUCCESS) - r = sc_pkcs15init_authenticate(profile, card, file, SC_AC_OP_CREATE); + r = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_CREATE); assert(file); sc_file_free(file); - SC_TEST_RET(card->ctx, r, "Authenticate failed"); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Authenticate failed"); file = sc_file_new(); if (!file) - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_OUT_OF_MEMORY); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); file->id = key_info->key_reference; r = sc_file_set_type_attr(file, (const u8*)"\x10\x00", 2); /* private key file */ @@ -329,7 +346,7 @@ r = sc_file_set_prop_attr(file, prgkey_prop,sizeof(prgkey_prop)); } if (r == SC_SUCCESS) - r = sc_create_file(card, file); + r = sc_create_file(p15card->card, file); /* public key file */ if (obj->type == SC_PKCS15_TYPE_PRKEY_RSA) file->size = key_info->modulus_length / 8 / 2 * 3; @@ -350,18 +367,19 @@ r = sc_file_set_prop_attr(file, pbgkey_prop,sizeof(pbgkey_prop)); } if (r == SC_SUCCESS) - r = sc_create_file(card, file); + r = sc_create_file(p15card->card, file); assert(file); sc_file_free(file); - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r); } /* * Store a key on the card */ -static int rtecp_store_key(sc_profile_t *profile, sc_card_t *card, +static int rtecp_store_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_object_t *obj, sc_pkcs15_prkey_t *key) { + sc_card_t *card; sc_pkcs15_prkey_info_t *key_info; sc_file_t *pukey_df; sc_path_t path; @@ -369,10 +387,13 @@ size_t buf_len, key_len, len, i; int r; - if (!profile || !card || !card->ctx || !obj || !obj->data || !key) + if (!profile || !p15card || !p15card->card || !p15card->card->ctx + || !obj || !obj->data || !key) return SC_ERROR_INVALID_ARGUMENTS; - SC_FUNC_CALLED(card->ctx, 1); + card = p15card->card; + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); + if ((obj->type != SC_PKCS15_TYPE_PRKEY_RSA || key->algorithm != SC_ALGORITHM_RSA) && (obj->type != SC_PKCS15_TYPE_PRKEY_GOSTR3410 || key->algorithm != SC_ALGORITHM_GOSTR3410)) @@ -409,7 +430,7 @@ return SC_ERROR_INVALID_ARGUMENTS; buf = calloc(1, buf_len); if (!buf) - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_OUT_OF_MEMORY); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); assert(key_len <= buf_len); if (key->algorithm == SC_ALGORITHM_RSA) { @@ -469,7 +490,7 @@ sc_file_free(pukey_df); } else if (card->ctx->debug >= 2) - sc_debug(card->ctx, "%s\n", "Get PuKey-DF info failed"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "%s\n", "Get PuKey-DF info failed"); } if (r == SC_SUCCESS) { @@ -478,28 +499,31 @@ r = sc_change_reference_data(card, 0, 0, NULL, 0, buf, key_len, NULL); if (r && card->ctx->debug >= 2) - sc_debug(card->ctx, "%s\n", "Store public key failed"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "%s\n", "Store public key failed"); } end: assert(buf); free(buf); - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r); } /* * Generate key */ -static int rtecp_generate_key(sc_profile_t *profile, sc_card_t *card, +static int rtecp_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_object_t *obj, sc_pkcs15_pubkey_t *pubkey) { + sc_context_t *ctx; sc_pkcs15_prkey_info_t *key_info; sc_rtecp_genkey_data_t data; int r; - if (!profile || !card || !card->ctx || !obj || !obj->data || !pubkey) + if (!profile || !p15card || !p15card->card || !p15card->card->ctx + || !obj || !obj->data || !pubkey) return SC_ERROR_INVALID_ARGUMENTS; - SC_FUNC_CALLED(card->ctx, 1); + ctx = p15card->card->ctx; + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); switch (obj->type) { case SC_PKCS15_TYPE_PRKEY_RSA: @@ -527,7 +551,7 @@ { free(data.u.rsa.modulus); free(data.u.rsa.exponent); - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_OUT_OF_MEMORY); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); } break; case SC_ALGORITHM_GOSTR3410: @@ -537,13 +561,13 @@ if (!data.u.gostr3410.xy) { free(data.u.gostr3410.xy); - SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_OUT_OF_MEMORY); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); } break; default: assert(0); } - r = sc_card_ctl(card, SC_CARDCTL_RTECP_GENERATE_KEY, &data); + r = sc_card_ctl(p15card->card, SC_CARDCTL_RTECP_GENERATE_KEY, &data); if (r == SC_SUCCESS) { assert(pubkey); @@ -562,7 +586,7 @@ break; } } - SC_FUNC_RETURN(card->ctx, 1, r); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r); } /* @@ -590,13 +614,9 @@ NULL, /* encode_private_key */ NULL, /* encode_public_key */ rtecp_finalize, /* finalize_card */ - /* Old-style API */ - NULL, /* init_app */ - NULL, /* new_pin */ - NULL, /* new_key */ - NULL, /* new_file */ - NULL, /* old_generate_key */ - NULL /* delete_object */ + NULL, /* delete_object */ + NULL, NULL, NULL, NULL, NULL, /* pkcs15init emulation */ + NULL /* sanity_check */ }; struct sc_pkcs15init_operations * sc_pkcs15init_get_rtecp_ops(void) diff -Nru opensc-0.11.13/src/pkcs15init/pkcs15-rutoken.c opensc-0.12.1/src/pkcs15init/pkcs15-rutoken.c --- opensc-0.11.13/src/pkcs15init/pkcs15-rutoken.c 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/pkcs15-rutoken.c 2011-05-17 17:07:00.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Rutoken specific operation for PKCS15 initialization + * Rutoken S specific operation for PKCS15 initialization * * Copyright (C) 2007 Pavel Mironchik * Copyright (C) 2007 Eugene Hermann @@ -19,25 +19,17 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif -#if defined(HAVE_INTTYPES_H) -#include -#elif defined(HAVE_STDINT_H) -#include -#elif defined(_MSC_VER) -typedef unsigned __int32 uint32_t; -#else -#warning no uint32_t type available, please contact opensc-devel@opensc-project.org -#endif +#include "config.h" + #include +#include #include #include -#include -#include -#include -#include + +#include "libopensc/opensc.h" +#include "libopensc/cardctl.h" +#include "libopensc/log.h" +#include "libopensc/pkcs15.h" #include "pkcs15-init.h" #include "profile.h" @@ -63,8 +55,8 @@ 2 }; static const sc_SecAttrV2_t p1_sec_attr = { - 0x43, 1, 1, 0, 0, 0, 0, -1, - 1, 0, 0, 0, + 0x43, -1, 1, 0, 0, 0, 0, -1, + 0, 0, 0, 0, 1 }; @@ -84,151 +76,73 @@ } }; - -static int rutoken_get_bin_from_prkey(const struct sc_pkcs15_prkey_rsa *rsa, - u8 *bufkey, size_t *bufkey_size) -{ - const uint32_t bitlen = rsa->modulus.len * 8; - size_t i, len; - - if ( rsa->modulus.len != bitlen/8 - || rsa->p.len != bitlen/16 - || rsa->q.len != bitlen/16 - || rsa->dmp1.len != bitlen/16 - || rsa->dmq1.len != bitlen/16 - || rsa->iqmp.len != bitlen/16 - || rsa->d.len != bitlen/8 - || rsa->exponent.len > sizeof(uint32_t) - ) - return -1; - - if (*bufkey_size < 14 + sizeof(uint32_t) * 2 + bitlen/8 * 2 + bitlen/16 * 5) - return -1; - - bufkey[0] = 2; - bufkey[1] = 1; - - /* BLOB header */ - bufkey[2] = 0x07; /* Type */ - bufkey[3] = 0x02; /* Version */ - /* reserve */ - bufkey[4] = 0; - bufkey[5] = 0; - /* aiKeyAlg */ - bufkey[6] = 0; - bufkey[7] = 0xA4; - bufkey[8] = 0; - bufkey[9] = 0; - - /* RSAPUBKEY */ - /* magic "RSA2" */ - bufkey[10] = 0x52; - bufkey[11] = 0x53; - bufkey[12] = 0x41; - bufkey[13] = 0x32; - len = 14; - /* bitlen */ - for (i = 0; i < sizeof(uint32_t); ++i) - bufkey[len++] = (bitlen >> i*8) & 0xff; - /* pubexp */ - for (i = 0; i < sizeof(uint32_t); ++i) - if (i < rsa->exponent.len) - bufkey[len++] = rsa->exponent.data[rsa->exponent.len - 1 - i]; - else - bufkey[len++] = 0; - -#define MEMCPY_BUF_REVERSE_RSA(NAME) \ - do { \ - for (i = 0; i < rsa->NAME.len; ++i) \ - bufkey[len++] = rsa->NAME.data[rsa->NAME.len - 1 - i]; \ - } while (0) - - /* PRIVATEKEYBLOB tail */ - MEMCPY_BUF_REVERSE_RSA(modulus); /* modulus */ - MEMCPY_BUF_REVERSE_RSA(p); /* prime1 */ - MEMCPY_BUF_REVERSE_RSA(q); /* prime2 */ - MEMCPY_BUF_REVERSE_RSA(dmp1); /* exponent1 */ - MEMCPY_BUF_REVERSE_RSA(dmq1); /* exponent2 */ - MEMCPY_BUF_REVERSE_RSA(iqmp); /* coefficient */ - MEMCPY_BUF_REVERSE_RSA(d); /* privateExponent */ - - *bufkey_size = len; - return 0; -} - /* * Create a DF */ static int -rutoken_create_dir(sc_profile_t *profile, sc_card_t *card, sc_file_t *df) +rutoken_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, + sc_file_t *df) { - if (!profile || !card || !card->ctx || !df) + if (!profile || !p15card || !p15card->card || !p15card->card->ctx || !df) return SC_ERROR_INVALID_ARGUMENTS; - SC_FUNC_CALLED(card->ctx, 1); - return sc_pkcs15init_create_file(profile, card, df); + SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE); + return sc_pkcs15init_create_file(profile, p15card, df); } /* * Select a PIN reference */ static int -rutoken_select_pin_reference(sc_profile_t *profile, sc_card_t *card, +rutoken_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_pin_info_t *pin_info) { - if (!profile || !card || !pin_info) + int pin_ref; + unsigned int so_pin_flag; + + if (!profile || !p15card || !p15card->card || !p15card->card->ctx || !pin_info) return SC_ERROR_INVALID_ARGUMENTS; - SC_FUNC_CALLED(card->ctx, 1); + SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE); - sc_debug(card->ctx, "PIN reference %i, PIN flags 0x%x\n", - pin_info->reference, pin_info->flags); - /* XXX: - * Create: - * First iteration find reference for create new PIN object with - * pin_info->reference == 0 - * Next iteration ++pin_info->reference signify PIN object - * (pin_info->reference == SC_RUTOKEN_DEF_ID_GCHV_ADMIN or - * pin_info->reference == SC_RUTOKEN_DEF_ID_GCHV_USER) - * is already created. - * Find: - * Valid PIN reference: { SC_RUTOKEN_DEF_ID_GCHV_ADMIN, - * SC_RUTOKEN_DEF_ID_GCHV_USER } - */ - if (pin_info->reference != 0 - && pin_info->reference != SC_RUTOKEN_DEF_ID_GCHV_ADMIN - && pin_info->reference != SC_RUTOKEN_DEF_ID_GCHV_USER - ) - /* PKCS#15 SOPIN and UserPIN already created */ - return SC_ERROR_NOT_SUPPORTED; + pin_ref = pin_info->reference; + so_pin_flag = pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN; + + sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "PIN reference %i%s\n", + pin_ref, so_pin_flag ? " SO PIN flag" : ""); - if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) - pin_info->reference = SC_RUTOKEN_DEF_ID_GCHV_ADMIN; + if ((pin_ref == SC_RUTOKEN_DEF_ID_GCHV_ADMIN && so_pin_flag) + || (pin_ref == SC_RUTOKEN_DEF_ID_GCHV_USER && !so_pin_flag) + ) + return SC_SUCCESS; else - pin_info->reference = SC_RUTOKEN_DEF_ID_GCHV_USER; - sc_debug(card->ctx, "PIN reference %i\n", pin_info->reference); - return SC_SUCCESS; + return SC_ERROR_NOT_SUPPORTED; } /* * Create a PIN object within the given DF */ static int -rutoken_create_pin(sc_profile_t *profile, sc_card_t *card, +rutoken_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df, sc_pkcs15_object_t *pin_obj, const unsigned char *pin, size_t pin_len, const unsigned char *puk, size_t puk_len) { + sc_context_t *ctx; sc_pkcs15_pin_info_t *pin_info; size_t i; - if (!profile || !card || !df || !pin_obj || !pin_obj->data || !pin || !pin_len) + (void)puk; /* no warning */ + if (!profile || !p15card || !p15card->card || !p15card->card->ctx + || !df || !pin_obj || !pin_obj->data || !pin || !pin_len) return SC_ERROR_INVALID_ARGUMENTS; - SC_FUNC_CALLED(card->ctx, 1); + ctx = p15card->card->ctx; + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); if (puk_len != 0) { - sc_error(card->ctx, "Do not enter User unblocking PIN (PUK): %s\n", + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + "Do not enter User unblocking PIN (PUK): %s\n", sc_strerror(SC_ERROR_NOT_SUPPORTED)); return SC_ERROR_NOT_SUPPORTED; } @@ -242,116 +156,17 @@ return SC_SUCCESS; else { - sc_error(card->ctx, "Incorrect PIN\n"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Incorrect PIN\n"); break; } } - sc_debug(card->ctx, "PIN reference %i not found in standard (Rutoken) PINs\n", + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, + "PIN reference %i not found in standard (Rutoken) PINs\n", pin_info->reference); return SC_ERROR_NOT_SUPPORTED; } /* - * Select a key reference - */ -static int -rutoken_select_key_reference(sc_profile_t *profile, sc_card_t *card, - sc_pkcs15_prkey_info_t *key_info) -{ - int id_low; - - if (!profile || !card || !card->ctx || !key_info || key_info->path.len < 1) - return SC_ERROR_INVALID_ARGUMENTS; - - SC_FUNC_CALLED(card->ctx, 1); - - id_low = key_info->key_reference + key_info->path.value[key_info->path.len - 1]; - sc_debug(card->ctx, "id_low = %i, key_reference = %i\n", - id_low, key_info->key_reference); - if (id_low > 0xFF) - return SC_ERROR_TOO_MANY_OBJECTS; - - key_info->path.value[key_info->path.len - 1] = id_low & 0xFF; - return SC_SUCCESS; -} - -/* - * Create a private key object. - * This is a no-op. - */ -static int -rutoken_create_key(sc_profile_t *profile, sc_card_t *card, - sc_pkcs15_object_t *obj) -{ - if (!profile || !card || !card->ctx || !obj) - return SC_ERROR_INVALID_ARGUMENTS; - SC_FUNC_CALLED(card->ctx, 1); - return SC_SUCCESS; -} - -/* - * Store a private key object. - */ -static int -rutoken_store_key(sc_profile_t *profile, sc_card_t *card, - sc_pkcs15_object_t *obj, - sc_pkcs15_prkey_t *key) -{ - sc_pkcs15_prkey_info_t *key_info; - u8 *prkeybuf = NULL; - size_t prsize = 2048; - sc_file_t *file; - int ret; - - if (!profile || !card || !card->ctx || !obj || !obj->data || !key) - return SC_ERROR_INVALID_ARGUMENTS; - - SC_FUNC_CALLED(card->ctx, 1); - - if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) - return SC_ERROR_NOT_SUPPORTED; - - key_info = (sc_pkcs15_prkey_info_t *) obj->data; - if (key_info->path.len < 2) - return SC_ERROR_INVALID_ARGUMENTS; - - prkeybuf = calloc(prsize, 1); - if (!prkeybuf) - return SC_ERROR_OUT_OF_MEMORY; - - /* - * encode private key - * create key file - * write a key - */ - ret = rutoken_get_bin_from_prkey(&key->u.rsa, prkeybuf, &prsize); - sc_debug(card->ctx, "sc_rutoken_get_bin_from_prkey returned %i\n", ret); - if (ret == 0) - { - file = sc_file_new(); - if (!file) - ret = SC_ERROR_OUT_OF_MEMORY; - else - { - /* create (or update) key file */ - file->path = key_info->path; - file->type = SC_FILE_TYPE_WORKING_EF; - file->id = key_info->path.value[key_info->path.len - 2] << 8 - | key_info->path.value[key_info->path.len - 1]; - file->size = prsize; - sc_file_set_sec_attr(file, pr_sec_attr, sizeof(pr_sec_attr)); - - ret = sc_pkcs15init_update_file(profile, card, - file, prkeybuf, prsize); - sc_file_free(file); - } - memset(prkeybuf, 0, prsize); - } - free(prkeybuf); - return ret; -} - -/* * Initialization routine */ @@ -464,14 +279,16 @@ * Erase everything that's on the card */ static int -rutoken_erase(struct sc_profile *profile, sc_card_t *card) +rutoken_erase(struct sc_profile *profile, sc_pkcs15_card_t *p15card) { + sc_card_t *card; int ret, ret_end; - if (!profile || !card || !card->ctx) + if (!profile || !p15card || !p15card->card || !p15card->card->ctx) return SC_ERROR_INVALID_ARGUMENTS; - SC_FUNC_CALLED(card->ctx, 1); + card = p15card->card; + SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); /* ret = sc_card_ctl(card, SC_CARDCTL_ERASE_CARD, NULL); */ ret = sc_card_ctl(card, SC_CARDCTL_RUTOKEN_FORMAT_INIT, NULL); @@ -479,14 +296,16 @@ { ret = create_typical_fs(card); if (ret != SC_SUCCESS) - sc_error(card->ctx, "Failed to create typical fs: %s\n", + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "Failed to create typical fs: %s\n", sc_strerror(ret)); ret_end = sc_card_ctl(card, SC_CARDCTL_RUTOKEN_FORMAT_END, NULL); if (ret_end != SC_SUCCESS) ret = ret_end; } if (ret != SC_SUCCESS) - sc_error(card->ctx, "Failed to erase: %s\n", sc_strerror(ret)); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, + "Failed to erase: %s\n", sc_strerror(ret)); else sc_free_apps(card); return ret; @@ -499,20 +318,16 @@ NULL, /* create_domain */ rutoken_select_pin_reference, /* select_pin_reference */ rutoken_create_pin, /* create_pin */ - rutoken_select_key_reference, /* select_key_reference */ - rutoken_create_key, /* create_key */ - rutoken_store_key, /* store_key */ + NULL, /* select_key_reference */ + NULL, /* create_key */ + NULL, /* store_key */ NULL, /* generate_key */ NULL, /* encode_private_key */ NULL, /* encode_public_key */ NULL, /* finalize_card */ - /* Old-style API */ - NULL, /* init_app */ - NULL, /* new_pin */ - NULL, /* new_key */ - NULL, /* new_file */ - NULL, /* old_generate_key */ - NULL /* delete_object */ + NULL, /* delete_object */ + NULL, NULL, NULL, NULL, NULL, /* pkcs15init emulation */ + NULL /* sanity_check */ }; struct sc_pkcs15init_operations* sc_pkcs15init_get_rutoken_ops(void) diff -Nru opensc-0.11.13/src/pkcs15init/pkcs15-setcos.c opensc-0.12.1/src/pkcs15init/pkcs15-setcos.c --- opensc-0.11.13/src/pkcs15init/pkcs15-setcos.c 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/pkcs15-setcos.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,17 +18,16 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #include #include -#include -#include -#include + +#include "libopensc/opensc.h" +#include "libopensc/cardctl.h" +#include "libopensc/log.h" #include "pkcs15-init.h" -#include "keycache.h" #include "profile.h" #define SETCOS_MAX_PINS 7 @@ -36,212 +35,133 @@ static unsigned char SETCOS_DEFAULT_PUBKEY[] = {0x01, 0x00, 0x01}; #define SETCOS_DEFAULT_PUBKEY_LEN sizeof(SETCOS_DEFAULT_PUBKEY) -static int setcos_generate_store_key( sc_profile_t *, sc_card_t *, - unsigned int, unsigned int, sc_pkcs15_pubkey_t *, sc_pkcs15_prkey_t *, - sc_pkcs15_prkey_info_t *); - -static int setcos_create_pin_internal(sc_profile_t *, sc_card_t *, +static int setcos_create_pin_internal(sc_profile_t *, sc_pkcs15_card_t *, int, sc_pkcs15_pin_info_t *, const u8 *, size_t, const u8 *, size_t); -static int setcos_puk_retries(sc_profile_t *, int); + +static int +setcos_puk_retries(sc_profile_t *profile, int pin_ref) +{ + sc_pkcs15_pin_info_t pin_info; + + pin_info.reference = 1; /* Default SO PIN ref. */ + sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PIN, &pin_info); + + /* If pin_ref is the SO PIN, get the SO PUK info, otherwise the User PUK info */ + sc_profile_get_pin_info(profile, + pin_ref == pin_info.reference ? SC_PKCS15INIT_SO_PUK : SC_PKCS15INIT_USER_PUK, + &pin_info); + + if ((pin_info.tries_left < 0) || (pin_info.tries_left > 15)) + return 3; /* Little extra safety */ + return pin_info.tries_left; +} + /* * Erase the card. */ -static int setcos_erase_card(sc_profile_t *profile, sc_card_t *card) +static int setcos_erase_card(sc_profile_t *profile, sc_pkcs15_card_t *p15card) { - sc_pkcs15_pin_info_t pin_info; sc_path_t path; int r; /* Just delete the entire MF */ - /* The SO pin has pin reference 1 -- not that it matters much - * because pkcs15-init will ask to enter all pins, even if we - * did a --so-pin on the command line. */ - sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PIN, &pin_info); - sc_keycache_set_pin_name(NULL, pin_info.reference, SC_PKCS15INIT_SO_PIN); - /* Select parent DF and verify PINs/key as necessary */ - r = sc_pkcs15init_authenticate(profile, card, - profile->mf_info->file, SC_AC_OP_DELETE); + r = sc_pkcs15init_authenticate(profile, p15card, profile->mf_info->file, SC_AC_OP_DELETE); if (r < 0) return r == SC_ERROR_FILE_NOT_FOUND ? 0 : r; /* Empty path -> we have to to delete the current DF (= the MF) */ memset(&path, 0, sizeof(sc_path_t)); - r = sc_delete_file(card, &path) ; + r = sc_delete_file(p15card->card, &path) ; + if (r) + return r; - return r; + sc_free_apps(p15card->card); + return 0; } -#if 0 /* New API, turned out to be more work wrt setting the - life cycle state to SC_FILE_STATUS_ACTIVATED. */ + /* * Create the MF and global pin file if they don't exist. */ static int -setcos_init_card(sc_profile_t *profile, sc_card_t *card) +setcos_init_card(sc_profile_t *profile, sc_pkcs15_card_t *p15card) { + struct sc_context *ctx = p15card->card->ctx; sc_file_t *mf = profile->mf_info->file; sc_file_t *pinfile; - int pin_ref; int r; - /* The SO pin in the keycache is only linked to the pkcs15 DF, - * we'll re-ink it to the MF. */ - pin_ref = sc_keycache_find_named_pin(&profile->df_info->file->path, - SC_PKCS15INIT_SO_PIN); - if (pin_ref >= 0) - sc_keycache_set_pin_name(&profile->mf_info->file->path, - pin_ref, SC_PKCS15INIT_SO_PIN); + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); /* Create the MF if it doesn't exist yet */ - card->ctx->suppress_errors++; - r = sc_select_file(card, &mf->path, NULL); - card->ctx->suppress_errors--; + r = sc_select_file(p15card->card, &mf->path, NULL); if (r == SC_ERROR_FILE_NOT_FOUND) { - sc_debug(card->ctx, "MF doesn't exist, creating now"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "MF doesn't exist, creating now"); /* Fix up the file's ACLs */ - r = sc_pkcs15init_fixup_file(profile, mf); - if (r >= 0) - r = sc_create_file(card, mf); + r = sc_pkcs15init_fixup_file(profile, p15card, mf); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "MF fixup failed"); + + mf->status = SC_FILE_STATUS_CREATION; + r = sc_create_file(p15card->card, mf); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "MF creation failed"); } - if (r < 0) - return r; + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot select MF"); /* Create the global pin file if it doesn't exist yet */ r = sc_profile_get_file(profile, "pinfile", &pinfile); - if (r < 0) - return r; - card->ctx->suppress_errors++; - r = sc_select_file(card, &pinfile->path, NULL); - card->ctx->suppress_errors--; + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot get 'pinfile' from profile"); + + r = sc_select_file(p15card->card, &pinfile->path, NULL); if (r == SC_ERROR_FILE_NOT_FOUND) { - sc_debug(card->ctx, "Global pin file doesn't exist, creating now"); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Global pin file doesn't exist, creating now"); /* Fix up the file's ACLs */ - r = sc_pkcs15init_fixup_file(profile, pinfile); + r = sc_pkcs15init_fixup_file(profile, p15card, pinfile); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Pinfile fixup failed"); + /* Set life cycle state to SC_FILE_STATUS_CREATION, * which means that all ACs are ignored. */ - if (r >= 0) - r = sc_create_file(card, pinfile); + pinfile->status = SC_FILE_STATUS_CREATION; + r = sc_create_file(p15card->card, pinfile); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Pinfile creation failed"); } sc_file_free(pinfile); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Select pinfile failed"); - /* Re-link the SO-PIN back to the original DF (= the pkcs15 DF) */ - sc_keycache_set_pin_name(&profile->df_info->file->path, - pin_ref, SC_PKCS15INIT_SO_PIN); - - return r; + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r); } /* * Create a DF */ static int -setcos_create_dir(sc_profile_t *profile, sc_card_t *card, sc_file_t *df) +setcos_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df) { - return sc_pkcs15init_create_file(profile, card, df); -} -#endif - -/* - * Create the MF and global pin file if they don't exist. - */ -static int setcos_init_app(sc_profile_t *profile, sc_card_t *card, - sc_pkcs15_pin_info_t *pin_info, - const u8 *pin, size_t pin_len, - const u8 *puk, size_t puk_len) -{ - sc_file_t *mf = profile->mf_info->file; - sc_file_t *pinfile = NULL; - int pin_ref; + struct sc_context *ctx = p15card->card->ctx; int r; - /* The SO pin in the keycache is only linked to the pkcs15 DF, - * we'll re-link it to the MF. */ - pin_ref = sc_keycache_find_named_pin(&profile->df_info->file->path, - SC_PKCS15INIT_SO_PIN); - if (pin_ref >= 0) - sc_keycache_set_pin_name(&profile->mf_info->file->path, - pin_ref, SC_PKCS15INIT_SO_PIN); + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); - /* Create the MF if it doesn't exist yet */ - sc_ctx_suppress_errors_on(card->ctx); - r = sc_select_file(card, &mf->path, NULL); - sc_ctx_suppress_errors_off(card->ctx); - if (r == SC_ERROR_FILE_NOT_FOUND) { - sc_debug(card->ctx, "MF doesn't exist, creating now"); - /* Fix up the file's ACLs */ - if ((r = sc_pkcs15init_fixup_file(profile, mf)) >= 0) { - /* Set life cycle state to SC_FILE_STATUS_CREATION, - * which means that all ACs are ignored. */ - mf->status = SC_FILE_STATUS_CREATION; - r = sc_create_file(card, mf); - } - } - if (r < 0) - return r; - - /* Create the global pin file if it doesn't exist yet */ - if ((r = sc_profile_get_file(profile, "pinfile", &pinfile)) < 0) - goto done; - sc_ctx_suppress_errors_on(card->ctx); - r = sc_select_file(card, &pinfile->path, NULL); - sc_ctx_suppress_errors_off(card->ctx); - if (r == SC_ERROR_FILE_NOT_FOUND) { - sc_debug(card->ctx, "Global pin file doesn't exist, creating now"); - /* Fix up the file's ACLs */ - if ((r = sc_pkcs15init_fixup_file(profile, pinfile)) >= 0) { - /* Set life cycle state to SC_FILE_STATUS_CREATION */ - pinfile->status = SC_FILE_STATUS_CREATION; - r = sc_create_file(card, pinfile); - } - } - if (r < 0) - goto done; + r = sc_pkcs15init_fixup_file(profile, p15card, df); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "SetCOS file ACL fixup failed"); - /* Set the SO pin/puk values into the pin file */ - r = setcos_create_pin_internal(profile, card, 1, pin_info, - pin, pin_len, puk, puk_len); - if (r < 0) - goto done; + r = sc_create_file(p15card->card, df); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "SetCOS create file failed"); - /* OK, now we can change the life cycle state to SC_FILE_STATUS_ACTIVATED - * so the normal ACs on the pinfile and MF apply. */ - if ((r = sc_select_file(card, &pinfile->path, NULL)) >= 0) /* pinfile */ - r = sc_card_ctl(card, SC_CARDCTL_SETCOS_ACTIVATE_FILE, NULL); - if (r < 0) - goto done; - if ((r = sc_select_file(card, &mf->path, NULL)) >= 0) /* MF */ - r = sc_card_ctl(card, SC_CARDCTL_SETCOS_ACTIVATE_FILE, NULL); - if (r < 0) - goto done; - - /* Before we relink th SO_PIN back to the pkcs15 DF, we have to fill in - * its value for the MF in the keycache. Otherwise, we will be asked to - * enter the value for the "pin with ref. 1" if we want to create a - * DF or EF in the MF. */ - sc_pkcs15init_authenticate(profile, card, profile->mf_info->file, SC_AC_OP_CREATE); - - /* Re-link the SO-PIN back to the original DF (= the pkcs15 DF) */ - sc_keycache_set_pin_name(&profile->df_info->file->path, - pin_ref, SC_PKCS15INIT_SO_PIN); - -done: - if (pinfile) - free(pinfile); - - return r; + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r); } + /* * Select the PIN reference */ static int -setcos_select_pin_reference(sc_profile_t *profile, sc_card_t *card, +setcos_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_pin_info_t *pin_info) { sc_pkcs15_pin_info_t pin_info_prof; @@ -252,10 +172,10 @@ /* For the SO pin, we take the first available pin reference = 1 */ if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) pin_info->reference = pin_info_prof.reference; - /* sc_pkcs15init_create_pin() starts checking if 0 is an acceptable + /* sc_pkcs15init_create_pin() starts checking if -1 is an acceptable * pin reference, which isn't for the SetCOS cards. And since the * value 1 has been assigned to the SO pin, we'll jump to 2. */ - else if (pin_info->reference == 0) + else if (pin_info->reference <= 0) pin_info->reference = pin_info_prof.reference + 1; return 0; @@ -265,15 +185,56 @@ * Create a new PIN */ static int -setcos_create_pin(sc_profile_t *profile, sc_card_t *card, +setcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df, sc_pkcs15_object_t *pin_obj, const u8 *pin, size_t pin_len, const u8 *puk, size_t puk_len) { - return setcos_create_pin_internal(profile, card, 0, - (sc_pkcs15_pin_info_t *) pin_obj->data, - pin, pin_len, puk, puk_len); + struct sc_context *ctx = p15card->card->ctx; + sc_pkcs15_pin_info_t *pin_info = (sc_pkcs15_pin_info_t *) pin_obj->data; + sc_file_t *pinfile = NULL; + int r, ignore_ac = 0; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + + /* Create the global pin file if it doesn't exist yet */ + r = sc_profile_get_file(profile, "pinfile", &pinfile); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "No 'pinfile' template in profile"); + + r = sc_select_file(p15card->card, &pinfile->path, &pinfile); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot select 'pinfile'"); + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "pinfile->status:%X", pinfile->status); + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "create PIN with reference:%X, flags:%X, path:%s", + pin_info->reference, pin_info->flags, sc_print_path(&pin_info->path)); + + if (pinfile->status == SC_FILE_STATUS_CREATION) + ignore_ac = 1; + + r = setcos_create_pin_internal(profile, p15card, ignore_ac, pin_info, + pin, pin_len, puk, puk_len); + + /* If pinfile is in 'Creation' state and SOPIN has been created, + * change status of MF and 'pinfile' to 'Operational:Activated' + */ + if (ignore_ac && (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN)) { + sc_file_t *mf = profile->mf_info->file; + + r = sc_card_ctl(p15card->card, SC_CARDCTL_SETCOS_ACTIVATE_FILE, NULL); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot set 'pinfile' into the activated state"); + + r = sc_select_file(p15card->card, &mf->path, NULL); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot select MF"); + + r = sc_card_ctl(p15card->card, SC_CARDCTL_SETCOS_ACTIVATE_FILE, NULL); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot set MF into the activated state"); + } + + if(pinfile) + sc_file_free(pinfile); + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r); } /* @@ -287,7 +248,8 @@ { sc_file_t *file; sc_path_t *p; - char name[64], *tag; + char name[64]; + const char *tag; int r; if (type == SC_PKCS15_TYPE_PRKEY_RSA) @@ -299,14 +261,14 @@ else if ((type & SC_PKCS15_TYPE_CLASS_MASK) == SC_PKCS15_TYPE_DATA_OBJECT) tag = "data"; else { - sc_error(card->ctx, "Unsupported file type"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unsupported file type"); return SC_ERROR_INVALID_ARGUMENTS; } /* Get template from profile */ snprintf(name, sizeof(name), "template-%s", tag); if (sc_profile_get_file(profile, name, &file) < 0) { - sc_error(card->ctx, "Profile doesn't define %s", name); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Profile doesn't define %s", name); return SC_ERROR_NOT_SUPPORTED; } @@ -346,157 +308,205 @@ return 0; } -/* - * Generate RSA key - */ + static int -setcos_old_generate_key(sc_profile_t *profile, sc_card_t *card, - unsigned int idx, /* keyref: 0 for 1st key, ... */ - unsigned int keybits, - sc_pkcs15_pubkey_t *pubkey, - struct sc_pkcs15_prkey_info *info) -{ - return setcos_generate_store_key(profile, card, idx, - keybits, pubkey, - NULL, info); +setcos_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card, + struct sc_pkcs15_object *object) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_prkey_info *key_info = (struct sc_pkcs15_prkey_info *)object->data; + struct sc_file *file = NULL; + int keybits = key_info->modulus_length, r; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + if (object->type != SC_PKCS15_TYPE_PRKEY_RSA) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "Create key failed: RSA only supported"); + + /* Parameter check */ + if ( (keybits < 512) || (keybits > 1024) || (keybits & 0x7)) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS, "Invalid key length"); + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "create private key ID:%s\n", sc_pkcs15_print_id(&key_info->id)); + + /* Get the private key file */ + r = setcos_new_file(profile, p15card->card, SC_PKCS15_TYPE_PRKEY_RSA, key_info->key_reference, &file); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot get new private key file"); + + /* Take enough room for a 1024 bit key */ + if (file->size < 512) + file->size = 512; + + /* Replace the path of instantiated key template by the path from the object data. */ + memcpy(&file->path, &key_info->path, sizeof(file->path)); + file->id = file->path.value[file->path.len - 2] * 0x100 + + file->path.value[file->path.len - 1]; + + key_info->key_reference = file->path.value[file->path.len - 1] & 0xFF; + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Path of private key file to create %s\n", sc_print_path(&file->path)); + + r = sc_select_file(p15card->card, &file->path, NULL); + if (!r) { + r = sc_pkcs15init_delete_by_path(profile, p15card, &file->path); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Failed to delete private key file"); + } + else if (r != SC_ERROR_FILE_NOT_FOUND) { + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Select private key file error"); + } + + /* Now create the key file */ + r = sc_pkcs15init_create_file(profile, p15card, file); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot create private key file"); + + sc_file_free(file); + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r); } + /* - * Store RSA key + * Store a private key */ static int -setcos_new_key(sc_profile_t *profile, sc_card_t *card, - struct sc_pkcs15_prkey *key, unsigned int idx, - struct sc_pkcs15_prkey_info *info) -{ - return setcos_generate_store_key(profile, card, idx, - key->u.rsa.modulus.len * 8, NULL, - key, info); +setcos_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct sc_pkcs15_object *object, + struct sc_pkcs15_prkey *prkey) +{ + struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_prkey_info *key_info = (struct sc_pkcs15_prkey_info *)object->data; + struct sc_cardctl_setcos_gen_store_key_info args; + struct sc_file *file = NULL; + int r, keybits = key_info->modulus_length; + + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + if (object->type != SC_PKCS15_TYPE_PRKEY_RSA) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "Store key failed: RSA only supported"); + + /* Parameter check */ + if ( (keybits < 512) || (keybits > 1024) || (keybits & 0x7)) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS, "Invalid key length"); + + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "store key with ID:%s and path:%s\n", sc_pkcs15_print_id(&key_info->id), + sc_print_path(&key_info->path)); + + r = sc_select_file(p15card->card, &key_info->path, &file); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot store key: select key file failed"); + + r = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_UPDATE); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "No authorisation to store private key"); + + /* Fill in data structure */ + memset(&args, 0, sizeof(args)); + args.mod_len = keybits; + args.op_type = OP_TYPE_STORE; + args.pubexp_len = prkey->u.rsa.exponent.len * 8; + args.pubexp = prkey->u.rsa.exponent.data; + args.primep_len = prkey->u.rsa.p.len * 8; + args.primep = prkey->u.rsa.p.data; + args.primeq_len = prkey->u.rsa.q.len * 8; + args.primeq = prkey->u.rsa.q.data; + + /* Generate/store rsa key */ + r = sc_card_ctl(p15card->card, SC_CARDCTL_SETCOS_GENERATE_STORE_KEY, &args); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Card control 'GENERATE_STORE_KEY' failed"); + + if (file) + sc_file_free(file); + + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r); } -/* - * Common code for generating or storing a private key. - * If pubkey == NULL and prkey != NULL, we have to store a private key - * In the oposite case, we have to generate a private key - */ + static int -setcos_generate_store_key(sc_profile_t *profile, sc_card_t *card, - unsigned int idx, /* keynumber: 0 for 1st priv key, ... */ - unsigned int keybits, - sc_pkcs15_pubkey_t *pubkey, - sc_pkcs15_prkey_t *prkey, - sc_pkcs15_prkey_info_t *info) +setcos_generate_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card, + struct sc_pkcs15_object *object, + struct sc_pkcs15_pubkey *pubkey) { + struct sc_context *ctx = p15card->card->ctx; struct sc_cardctl_setcos_gen_store_key_info args; struct sc_cardctl_setcos_data_obj data_obj; + struct sc_pkcs15_prkey_info *key_info = (struct sc_pkcs15_prkey_info *)object->data; + int r; + size_t keybits = key_info->modulus_length; unsigned char raw_pubkey[256]; - int r; - unsigned int mod_len; - sc_file_t *prkf = NULL; + struct sc_file *file = NULL; - /* Parameter check */ - if ( (keybits < 512) || (keybits > 1024) || (keybits & 0X7)) { - sc_error(card->ctx, "Unsupported key size [%u]: 512-1024 bit + 8-multiple\n", keybits); - return SC_ERROR_INVALID_ARGUMENTS; - } - - /* Get the private key file */ - r = setcos_new_file(profile, card, SC_PKCS15_TYPE_PRKEY_RSA, idx, &prkf); - if (r < 0) - goto done; + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); + if (object->type != SC_PKCS15_TYPE_PRKEY_RSA) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "Generate key failed: RSA only supported"); - /* Take enough room for a 1024 bit key */ - if (prkf->size < 512) - prkf->size = 512; + /* Parameter check */ + if ( (keybits < 512) || (keybits > 1024) || (keybits & 0x7)) + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS, "Invalid key length"); - /* Now create the key file */ - r = sc_pkcs15init_create_file(profile, card, prkf); - if (r < 0) - goto done; + r = sc_select_file(p15card->card, &key_info->path, &file); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot store key: select key file failed"); + + /* Authenticate */ + r = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_UPDATE); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "No authorisation to store private key"); /* Fill in data structure */ memset(&args, 0, sizeof(args)); args.mod_len = keybits; - if (prkey == NULL) { - args.op_type = OP_TYPE_GENERATE; - args.pubexp_len = SETCOS_DEFAULT_PUBKEY_LEN * 8; - args.pubexp = SETCOS_DEFAULT_PUBKEY; - } - else { - args.op_type = OP_TYPE_STORE; - args.pubexp_len = prkey->u.rsa.exponent.len * 8; - args.pubexp = prkey->u.rsa.exponent.data; - args.primep_len = prkey->u.rsa.p.len * 8; - args.primep = prkey->u.rsa.p.data; - args.primeq_len = prkey->u.rsa.q.len * 8; - args.primeq = prkey->u.rsa.q.data; - } - - /* Authenticate */ - r = sc_pkcs15init_authenticate(profile, card, prkf, SC_AC_OP_UPDATE); - if (r < 0) - goto done; + args.op_type = OP_TYPE_GENERATE; + args.pubexp_len = SETCOS_DEFAULT_PUBKEY_LEN * 8; + args.pubexp = SETCOS_DEFAULT_PUBKEY; /* Generate/store rsa key */ - r = sc_card_ctl(card, SC_CARDCTL_SETCOS_GENERATE_STORE_KEY, &args); - if (r < 0) - goto done; + r = sc_card_ctl(p15card->card, SC_CARDCTL_SETCOS_GENERATE_STORE_KEY, &args); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Card control 'GENERATE_STORE_KEY' failed"); /* Keypair generation -> collect public key info */ if (pubkey != NULL) { pubkey->algorithm = SC_ALGORITHM_RSA; pubkey->u.rsa.modulus.len = (keybits + 7) / 8; - pubkey->u.rsa.modulus.data = (u8 *) malloc(pubkey->u.rsa.modulus.len); + pubkey->u.rsa.modulus.data = malloc(pubkey->u.rsa.modulus.len); pubkey->u.rsa.exponent.len = SETCOS_DEFAULT_PUBKEY_LEN; - pubkey->u.rsa.exponent.data = (u8 *) malloc(SETCOS_DEFAULT_PUBKEY_LEN); + pubkey->u.rsa.exponent.data = malloc(SETCOS_DEFAULT_PUBKEY_LEN); memcpy(pubkey->u.rsa.exponent.data, SETCOS_DEFAULT_PUBKEY, SETCOS_DEFAULT_PUBKEY_LEN); /* Get public key modulus */ - if ( (r = sc_select_file(card, &prkf->path, NULL)) < 0) - goto done; + r = sc_select_file(p15card->card, &file->path, NULL); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot get key modulus: select key file failed"); - data_obj.P1 = 01; - data_obj.P2 = 01; + data_obj.P1 = 0x01; + data_obj.P2 = 0x01; data_obj.Data = raw_pubkey; data_obj.DataLen = sizeof(raw_pubkey); - if ((r = sc_card_ctl(card, SC_CARDCTL_SETCOS_GETDATA, &data_obj)) < 0) - goto done; + r = sc_card_ctl(p15card->card, SC_CARDCTL_SETCOS_GETDATA, &data_obj); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot get key modulus: 'SETCOS_GETDATA' failed"); - mod_len = ((raw_pubkey[0] * 256) + raw_pubkey[1]); /* modulus bit length */ - if (mod_len != keybits){ - sc_error(card->ctx, "key-size from card[%i] does not match[%i]\n", mod_len, keybits); - r = SC_ERROR_PKCS15INIT; - goto done; + keybits = ((raw_pubkey[0] * 256) + raw_pubkey[1]); /* modulus bit length */ + if (keybits != key_info->modulus_length) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "key-size from card[%i] does not match[%i]\n", + keybits, key_info->modulus_length); + SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_PKCS15INIT, "Failed to generate key"); } memcpy (pubkey->u.rsa.modulus.data, &raw_pubkey[2], pubkey->u.rsa.modulus.len); } - info->key_reference = 0; - info->path = prkf->path; - -done: - if (prkf) - sc_file_free(prkf); - + sc_file_free(file); return r; } + /* * Create a new PIN */ static int -setcos_create_pin_internal(sc_profile_t *profile, sc_card_t *card, +setcos_create_pin_internal(sc_profile_t *profile, sc_pkcs15_card_t *p15card, int ignore_ac, sc_pkcs15_pin_info_t *pin_info, const u8 *pin, size_t pin_len, const u8 *puk, size_t puk_len) { + struct sc_context *ctx = p15card->card->ctx; u8 data[32]; - int so_pin_ref; int r; struct sc_cardctl_setcos_data_obj data_obj; sc_file_t *pinfile = NULL; + SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE); if (pin_info->reference >= SETCOS_MAX_PINS) return SC_ERROR_INVALID_ARGUMENTS; if (pin == NULL || puk == NULL || pin_len < 4 || puk_len < 4) @@ -505,16 +515,9 @@ /* Verify required access rights if needed (i.e. if the * pin file isn't in the CREATE life cycle state). */ if (!ignore_ac) { - /* Re-ink the SO pin to the MF because there is the pin file */ - so_pin_ref = sc_keycache_find_named_pin(&profile->df_info->file->path, - SC_PKCS15INIT_SO_PIN); - if (so_pin_ref >= 0) - sc_keycache_set_pin_name(&profile->mf_info->file->path, - so_pin_ref, SC_PKCS15INIT_SO_PIN); - r = sc_profile_get_file(profile, "pinfile", &pinfile); if (r >= 0) - r = sc_pkcs15init_authenticate(profile, card, pinfile, SC_AC_OP_UPDATE); + r = sc_pkcs15init_authenticate(profile, p15card, pinfile, SC_AC_OP_UPDATE); sc_file_free(pinfile); if (r < 0) return r; @@ -554,55 +557,33 @@ data_obj.Data = data; data_obj.DataLen = 24; - r = sc_card_ctl(card, SC_CARDCTL_SETCOS_PUTDATA, &data_obj); - - return r; -} - -static int setcos_puk_retries(sc_profile_t *profile, int pin_ref) -{ - sc_pkcs15_pin_info_t pin_info; - - pin_info.reference = 1; /* Default SO PIN ref. */ - sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PIN, &pin_info); + r = sc_card_ctl(p15card->card, SC_CARDCTL_SETCOS_PUTDATA, &data_obj); - /* If pin_ref is the SO PIN, get the SO PUK info, otherwise the User PUK info */ - sc_profile_get_pin_info(profile, - pin_ref == pin_info.reference ? SC_PKCS15INIT_SO_PUK : SC_PKCS15INIT_USER_PUK, - &pin_info); - - if ((pin_info.tries_left < 0) || (pin_info.tries_left > 15)) - return 3; /* Little extra safety */ - return pin_info.tries_left; + SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); } -static int setcos_delete_object(struct sc_profile *profile, struct sc_card *card, - unsigned int type, const void *data, const sc_path_t *path) -{ - /* For Setcos, all objects are files that can be deleted in any order */ - return sc_pkcs15init_delete_by_path(profile, card, path); -} static struct sc_pkcs15init_operations sc_pkcs15init_setcos_operations = { - setcos_erase_card, - NULL, /* init_card */ - NULL, /* create_dir */ + setcos_erase_card, /* erase_card */ + setcos_init_card, /* init_card */ + setcos_create_dir, /* create_dir */ NULL, /* create_domain */ - setcos_select_pin_reference, - setcos_create_pin, - NULL, /* select_key_reference */ - NULL, /* create_key */ - NULL, /* store_key */ - NULL, /* generate_key */ - setcos_encode_private_key, - setcos_encode_public_key, + setcos_select_pin_reference, /* select_pin_reference */ + setcos_create_pin, /* create_pin */ + NULL, /* select_key_reference */ + setcos_create_key, /* create_key */ + setcos_store_key, /* store_key */ + setcos_generate_key, /* generate_key */ + setcos_encode_private_key, /* encode_private_key */ + setcos_encode_public_key, /* encode_public_key */ NULL, /* finalize_card */ - setcos_init_app, /* old */ - NULL, /* old style api */ - setcos_new_key, - setcos_new_file, - setcos_old_generate_key, - setcos_delete_object + NULL, /* delete_object */ + NULL, /* emu_update_dir */ + NULL, /* emu_update_any_df */ + NULL, /* emu_update_tokeninfo */ + NULL, /* emu_write_info */ + NULL, /* emu_store_data */ + NULL /* sanity_check */ }; struct sc_pkcs15init_operations * diff -Nru opensc-0.11.13/src/pkcs15init/pkcs15-starcos.c opensc-0.12.1/src/pkcs15init/pkcs15-starcos.c --- opensc-0.11.13/src/pkcs15init/pkcs15-starcos.c 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/pkcs15-starcos.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,17 +18,17 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #include #include #include #include -#include -#include -#include + +#include "libopensc/log.h" +#include "libopensc/opensc.h" +#include "libopensc/cardctl.h" #include "pkcs15-init.h" #include "profile.h" @@ -43,9 +43,9 @@ static int starcos_finalize_card(sc_card_t *card); -static int starcos_erase_card(struct sc_profile *pro, sc_card_t *card) +static int starcos_erase_card(struct sc_profile *pro, sc_pkcs15_card_t *p15card) { - return sc_card_ctl(card, SC_CARDCTL_ERASE_CARD, NULL); + return sc_card_ctl(p15card->card, SC_CARDCTL_ERASE_CARD, NULL); } static u8 get_so_ac(const sc_file_t *file, unsigned int op, @@ -74,8 +74,9 @@ } -static int starcos_init_card(sc_profile_t *profile, sc_card_t *card) +static int starcos_init_card(sc_profile_t *profile, sc_pkcs15_card_t *p15card) { + struct sc_card *card = p15card->card; static const u8 key[] = {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08}; int ret; sc_starcos_create_data mf_data, ipf_data; @@ -85,13 +86,12 @@ sc_pkcs15_pin_info_t sopin; /* test if we already have a MF */ + memset(&tpath, 0, sizeof(sc_path_t)); tpath.value[0] = 0x3f; tpath.value[1] = 0x00; tpath.len = 2; tpath.type = SC_PATH_TYPE_PATH; - sc_ctx_suppress_errors_on(card->ctx); ret = sc_select_file(card, &tpath, NULL); - sc_ctx_suppress_errors_off(card->ctx); if (ret == SC_SUCCESS) /* we already have a MF => return OK */ return ret; @@ -125,7 +125,7 @@ *p++ = get_so_ac(mf_file, SC_AC_OP_CREATE, &sopin, STARCOS_AC_ALWAYS, 1); *p++ = 0x00; /* SM CR: no */ *p++ = 0x00; /* SM EF: no */ - *p++ = 0x00; /* SM ISF: no */ + *p = 0x00; /* SM ISF: no */ sc_file_free(mf_file); sc_file_free(isf_file); /* call CREATE MF */ @@ -155,7 +155,7 @@ *p++ = 0x00; /* SID */ *p++ = 0xA1; /* IPF */ *p++ = (ipf_file->size >> 8) & 0xff; - *p++ = ipf_file->size & 0xff; + *p = ipf_file->size & 0xff; ret = sc_card_ctl(card, SC_CARDCTL_STARCOS_CREATE_FILE, &ipf_data); if (ret != SC_SUCCESS) { free(ipf_file); @@ -172,9 +172,10 @@ return SC_SUCCESS; } -static int starcos_create_dir(sc_profile_t *profile, sc_card_t *card, +static int starcos_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df) { + struct sc_card *card = p15card->card; int ret; sc_starcos_create_data df_data, ipf_data; sc_file_t *isf_file, *ipf_file; @@ -202,7 +203,7 @@ /* AC CREATE KEY */ *p++ = get_so_ac(isf_file, SC_AC_OP_WRITE, &sopin, STARCOS_AC_NEVER, 0); *p++ = 0x00; /* SM EF: no */ - *p++ = 0x00; /* SM ISF: no */ + *p = 0x00; /* SM ISF: no */ df_data.data.df.size[0] = (df->size >> 8) & 0xff; df_data.data.df.size[1] = df->size & 0xff; sc_file_free(isf_file); @@ -235,7 +236,7 @@ *p++ = 0x00; /* SID */ *p++ = 0xA1; /* IPF */ *p++ = (ipf_file->size >> 8) & 0xff; - *p++ = ipf_file->size & 0xff; + *p = ipf_file->size & 0xff; ret = sc_card_ctl(card, SC_CARDCTL_STARCOS_CREATE_FILE, &ipf_data); if (ret != SC_SUCCESS) { free(ipf_file); @@ -270,7 +271,7 @@ #define STARCOS_MAX_LPIN_ID 0x8f #define STARCOS_MIN_GPIN_ID 0x03 #define STARCOS_MAX_GPIN_ID 0x0f -static int starcos_pin_reference(sc_profile_t *profile, sc_card_t *card, +static int starcos_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_pin_info_t *pin_info) { int tmp = pin_info->reference; @@ -338,11 +339,12 @@ */ #define STARCOS_PINID2STATE(a) (((a) == STARCOS_SOPIN_GID) ? STARCOS_SOPIN_STATE : (0x0f - ((0x0f & (a)) >> 1))) -static int starcos_create_pin(sc_profile_t *profile, sc_card_t *card, +static int starcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df, sc_pkcs15_object_t *pin_obj, const unsigned char *pin, size_t pin_len, const unsigned char *puk, size_t puk_len) { + struct sc_card *card = p15card->card; int r, is_local, pin_id, tmp, need_finalize = 0; size_t akd; sc_file_t *tfile; @@ -370,7 +372,7 @@ if ((pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) || have_onepin(profile)) need_finalize = 1; else - r = sc_pkcs15init_authenticate(profile, card, tfile, SC_AC_OP_WRITE); + r = sc_pkcs15init_authenticate(profile, p15card, tfile, SC_AC_OP_WRITE); } sc_file_free(tfile); if (r < 0) @@ -478,18 +480,14 @@ #define STARCOS_MAX_LPKEY_ID 0x9f #define STARCOS_MIN_GPKEY_ID 0x11 #define STARCOS_MAX_GPKEY_ID 0x1f -static int starcos_key_reference(sc_profile_t *profile, sc_card_t *card, +static int starcos_key_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_prkey_info_t *prkey) { - struct sc_file *df = profile->df_info->file; - /* use (local) KIDs 0x91-0x9f for private rsa keys */ if (prkey->key_reference < STARCOS_MIN_LPKEY_ID) prkey->key_reference = STARCOS_MIN_LPKEY_ID; if (prkey->key_reference > STARCOS_MAX_LPKEY_ID) return SC_ERROR_TOO_MANY_OBJECTS; - - prkey->path = df->path; return SC_SUCCESS; } @@ -612,7 +610,7 @@ *p++ = (kinfo->modulus_length >> 3) & 0xff; *p++ = 0x13; /* RSA: e */ *p++ = 0x04; - *p++ = (u8) kinfo->key_reference; /* CHA byte */ + *p = (u8) kinfo->key_reference; /* CHA byte */ } else { /* encode normal public key */ size_t mod_len = rsa->modulus.len & 0xff, @@ -635,7 +633,7 @@ /* copy exponent */ for (i = exp_len; i != 0; i--) *p++ = rsa->exponent.data[i - 1]; - *p++ = 0x00; + *p = 0x00; } return SC_SUCCESS; } @@ -663,7 +661,7 @@ return r; len = tfile->size; sc_file_free(tfile); - buf = (u8 *) malloc(len); + buf = malloc(len); if (!buf) return SC_ERROR_OUT_OF_MEMORY; /* read the complete IPF */ @@ -698,7 +696,7 @@ } p += keylen; *p++ = 0x04; /* CPI */ - *p++ = (u8) kinfo->key_reference; /* CHA */ + *p = (u8) kinfo->key_reference; /* CHA */ /* updated IPF (XXX: currently append only) */ num_keys++; r = sc_update_binary(card, 0, &num_keys, 1, 0); @@ -709,9 +707,10 @@ return sc_update_binary(card, endpos, key, keylen + 12, 0); } -static int starcos_create_key(sc_profile_t *profile, sc_card_t *card, +static int starcos_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_object_t *obj) { + struct sc_card *card = p15card->card; int r, pin_id; u8 akd = 0, state; @@ -726,7 +725,7 @@ return r; acl_entry = sc_file_get_acl_entry(tfile, SC_AC_OP_WRITE); if (acl_entry->method != SC_AC_NONE) { - r = sc_pkcs15init_authenticate(profile, card, tfile, SC_AC_OP_WRITE); + r = sc_pkcs15init_authenticate(profile, p15card, tfile, SC_AC_OP_WRITE); } else { r = sc_select_file(card, &tfile->path, NULL); @@ -741,7 +740,9 @@ tkey.key_header[0] = (u8) kinfo->key_reference; tkey.key_header[1] = (STARCOS_MAX_PR_KEYSIZE >> 8) & 0xff; tkey.key_header[2] = STARCOS_MAX_PR_KEYSIZE & 0xff; - pin_id = sc_keycache_find_named_pin(&kinfo->path, SC_PKCS15INIT_USER_PIN); + + pin_id = sc_pkcs15init_get_pin_reference(p15card, profile, SC_AC_SYMBOLIC, + SC_PKCS15INIT_USER_PIN); if (pin_id < 0) state = STARCOS_AC_ALWAYS; else { @@ -775,7 +776,7 @@ return sc_card_ctl(card, SC_CARDCTL_STARCOS_WRITE_KEY, &tkey); } -static int starcos_store_key(sc_profile_t *profile, sc_card_t *card, +static int starcos_store_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_object_t *obj, sc_pkcs15_prkey_t *key) { int r; @@ -801,7 +802,7 @@ return r; acl_entry = sc_file_get_acl_entry(tfile, SC_AC_OP_WRITE); if (acl_entry->method != SC_AC_NONE) { - r = sc_pkcs15init_authenticate(profile, card, tfile, SC_AC_OP_WRITE); + r = sc_pkcs15init_authenticate(profile, p15card, tfile, SC_AC_OP_WRITE); } sc_file_free(tfile); if (r < 0) @@ -812,14 +813,14 @@ tkey.key = key_buf; tkey.key_len = STARCOS_MAX_PR_KEYSIZE; - r = sc_card_ctl(card, SC_CARDCTL_STARCOS_WRITE_KEY, &tkey); + r = sc_card_ctl(p15card->card, SC_CARDCTL_STARCOS_WRITE_KEY, &tkey); if (r != SC_SUCCESS) return r; /* store public key in the IPF */ - return starcos_write_pukey(profile, card, rsa, kinfo); + return starcos_write_pukey(profile, p15card->card, rsa, kinfo); } -static int starcos_generate_key(sc_profile_t *profile, sc_card_t *card, +static int starcos_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_pkcs15_object_t *obj, sc_pkcs15_pubkey_t *pubkey) { int r; @@ -837,7 +838,7 @@ return r; acl_entry = sc_file_get_acl_entry(tfile, SC_AC_OP_WRITE); if (acl_entry->method != SC_AC_NONE) { - r = sc_pkcs15init_authenticate(profile, card, tfile, SC_AC_OP_WRITE); + r = sc_pkcs15init_authenticate(profile, p15card, tfile, SC_AC_OP_WRITE); } sc_file_free(tfile); if (r < 0) @@ -849,14 +850,14 @@ * we would waste space. */ /* create (empty) public key entry */ - r = starcos_write_pukey(profile, card, NULL, kinfo); + r = starcos_write_pukey(profile, p15card->card, NULL, kinfo); if (r < 0) return r; /* generate key pair */ gendat.key_id = (u8) kinfo->key_reference; gendat.key_length = (size_t) kinfo->modulus_length; gendat.modulus = NULL; - r = sc_card_ctl(card, SC_CARDCTL_STARCOS_GENERATE_KEY, &gendat); + r = sc_card_ctl(p15card->card, SC_CARDCTL_STARCOS_GENERATE_KEY, &gendat); if (r != SC_SUCCESS) return r; /* get the modulus via READ PUBLIC KEY */ @@ -867,7 +868,7 @@ rsa->modulus.data = gendat.modulus; rsa->modulus.len = kinfo->modulus_length >> 3; /* set the exponent (always 0x10001) */ - buf = (u8 *) malloc(3); + buf = malloc(3); if (!buf) return SC_ERROR_OUT_OF_MEMORY; buf[0] = 0x01; @@ -899,17 +900,13 @@ /* call CREATE END for the MF (ignore errors) */ tfile.type = SC_FILE_TYPE_DF; tfile.id = 0x3f00; - sc_ctx_suppress_errors_on(card->ctx); r = sc_card_ctl(card, SC_CARDCTL_STARCOS_CREATE_END, &tfile); - sc_ctx_suppress_errors_off(card->ctx); if (r < 0) - sc_debug(card->ctx, "failed to call CREATE END for the MF\n"); + sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "failed to call CREATE END for the MF\n"); /* call CREATE END for the apps (pkcs15) DF */ tfile.type = SC_FILE_TYPE_DF; tfile.id = 0x5015; - sc_ctx_suppress_errors_on(card->ctx); r = sc_card_ctl(card, SC_CARDCTL_STARCOS_CREATE_END, &tfile); - sc_ctx_suppress_errors_off(card->ctx); if (r == SC_ERROR_NOT_ALLOWED) /* card is already finalized */ return SC_SUCCESS; @@ -929,8 +926,9 @@ starcos_generate_key, NULL, NULL, /* encode private/public key */ starcos_finalize_card, - NULL, NULL, NULL, NULL, NULL, /* old style api */ - NULL /* delete_object */ + NULL, /* delete_object */ + NULL, NULL, NULL, NULL, NULL, /* pkcs15init emulation */ + NULL /* sanity_check */ }; struct sc_pkcs15init_operations *sc_pkcs15init_get_starcos_ops(void) diff -Nru opensc-0.11.13/src/pkcs15init/pkcs15-westcos.c opensc-0.12.1/src/pkcs15init/pkcs15-westcos.c --- opensc-0.11.13/src/pkcs15init/pkcs15-westcos.c 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/pkcs15-westcos.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,19 +18,12 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" #include #include #include -#include -#include -#include "pkcs15-init.h" -#include "profile.h" - #ifdef ENABLE_OPENSSL #include #include @@ -40,31 +33,34 @@ #include #endif -extern int sc_check_sw(sc_card_t *card, unsigned int sw1, unsigned int sw2); +#include "libopensc/opensc.h" +#include "libopensc/cardctl.h" +#include "pkcs15-init.h" +#include "profile.h" static int westcos_pkcs15init_init_card(sc_profile_t *profile, - sc_card_t *card) + sc_pkcs15_card_t *p15card) { - int r; - struct sc_path path; + int r; + struct sc_path path; sc_format_path("3F00", &path); - r = sc_select_file(card, &path, NULL); + r = sc_select_file(p15card->card, &path, NULL); if(r) return (r); return r; } static int westcos_pkcs15init_create_dir(sc_profile_t *profile, - sc_card_t *card, + sc_pkcs15_card_t *p15card, sc_file_t *df) { - int r; + int r; /* Create the application DF */ - r = sc_pkcs15init_create_file(profile, card, df); + r = sc_pkcs15init_create_file(profile, p15card, df); - r = sc_select_file(card, &df->path, NULL); + r = sc_select_file(p15card->card, &df->path, NULL); if(r) return r; return 0; @@ -74,7 +70,7 @@ * Select the PIN reference */ static int westcos_pkcs15_select_pin_reference(sc_profile_t *profile, - sc_card_t *card, + sc_pkcs15_card_t *p15card, sc_pkcs15_pin_info_t *pin_info) { @@ -91,50 +87,39 @@ * Create a new PIN inside a DF */ static int westcos_pkcs15_create_pin(sc_profile_t *profile, - sc_card_t *card, sc_file_t *df, + sc_pkcs15_card_t *p15card, + sc_file_t *df, sc_pkcs15_object_t *pin_obj, const u8 *pin, size_t pin_len, const u8 *puk, size_t puk_len) { int r; - sc_file_t *file = sc_file_new(); - sc_path_t path; + sc_file_t *pinfile = NULL; if(pin_len>9 || puk_len>9) return SC_ERROR_INVALID_ARGUMENTS; - file->type = SC_FILE_TYPE_INTERNAL_EF; - file->ef_structure = SC_FILE_EF_TRANSPARENT; - file->shareable = 0; - - file->id = 0xAAAA; - file->size = 37; + r = sc_profile_get_file(profile, "PINFILE", &pinfile); + if(r < 0) return r; - r = sc_file_add_acl_entry(file, SC_AC_OP_READ, SC_AC_NONE, 0); - if(r) return r; - r = sc_file_add_acl_entry(file, SC_AC_OP_UPDATE, SC_AC_NONE, 0); - if(r) return r; - r = sc_file_add_acl_entry(file, SC_AC_OP_ERASE, SC_AC_NONE, 0); - if(r) return r; - - r = sc_create_file(card, file); + r = sc_create_file(p15card->card, pinfile); if(r) { if(r != SC_ERROR_FILE_ALREADY_EXISTS) return (r); - sc_format_path("3F005015AAAA", &path); - r = sc_select_file(card, &path, NULL); + r = sc_select_file(p15card->card, &pinfile->path, NULL); if(r) return (r); } - if(file) - sc_file_free(file); + if(pinfile) + sc_file_free(pinfile); if(pin != NULL) { sc_changekey_t ck; struct sc_pin_cmd_pin pin_cmd; + int ret; memset(&pin_cmd, 0, sizeof(pin_cmd)); memset(&ck, 0, sizeof(ck)); @@ -146,12 +131,13 @@ pin_cmd.data = pin; pin_cmd.max_length = 8; - ck.new_key.key_len = sc_build_pin(ck.new_key.key_value, + ret = sc_build_pin(ck.new_key.key_value, sizeof(ck.new_key.key_value), &pin_cmd, 1); - if(ck.new_key.key_len<0) + if(ret < 0) return SC_ERROR_CARD_CMD_FAILED; - r = sc_card_ctl(card, SC_CARDCTL_WESTCOS_CHANGE_KEY, &ck); + ck.new_key.key_len = ret; + r = sc_card_ctl(p15card->card, SC_CARDCTL_WESTCOS_CHANGE_KEY, &ck); if(r) return r; } @@ -159,6 +145,7 @@ { sc_changekey_t ck; struct sc_pin_cmd_pin puk_cmd; + int ret; memset(&puk_cmd, 0, sizeof(puk_cmd)); memset(&ck, 0, sizeof(ck)); @@ -170,12 +157,13 @@ puk_cmd.data = puk; puk_cmd.max_length = 8; - ck.new_key.key_len = sc_build_pin(ck.new_key.key_value, + ret = sc_build_pin(ck.new_key.key_value, sizeof(ck.new_key.key_value), &puk_cmd, 1); - if(ck.new_key.key_len<0) + if(ret < 0) return SC_ERROR_CARD_CMD_FAILED; - r = sc_card_ctl(card, SC_CARDCTL_WESTCOS_CHANGE_KEY, &ck); + ck.new_key.key_len = ret; + r = sc_card_ctl(p15card->card, SC_CARDCTL_WESTCOS_CHANGE_KEY, &ck); if(r) return r; } @@ -186,71 +174,23 @@ * Create a new key file */ static int westcos_pkcs15init_create_key(sc_profile_t *profile, - sc_card_t *card, + sc_pkcs15_card_t *p15card, sc_pkcs15_object_t *obj) { - int r; - size_t size; - sc_file_t *keyfile = NULL; - sc_pkcs15_prkey_info_t *key_info = (sc_pkcs15_prkey_info_t *) obj->data; if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) { return SC_ERROR_NOT_SUPPORTED; } - switch (key_info->modulus_length) { - case 128: size = 112; break; - case 256: size = 184; break; - case 512: size = 336; break; - case 768: size = 480; break; - case 1024: size = 616; break; - case 1536: size = 912; break; - case 2048: size = 1200; break; - default: - r = SC_ERROR_INVALID_ARGUMENTS; - goto out; - } - - keyfile = sc_file_new(); - if(keyfile == NULL) - return SC_ERROR_OUT_OF_MEMORY; - - keyfile->path = key_info->path; - - keyfile->type = SC_FILE_TYPE_WORKING_EF; - keyfile->ef_structure = SC_FILE_EF_TRANSPARENT; - keyfile->shareable = 0; - keyfile->size = size; - - r = sc_file_add_acl_entry(keyfile, SC_AC_OP_READ, SC_AC_CHV, 0); - if(r) goto out; - r = sc_file_add_acl_entry(keyfile, SC_AC_OP_UPDATE, SC_AC_CHV, 0); - if(r) goto out; - r = sc_file_add_acl_entry(keyfile, SC_AC_OP_ERASE, SC_AC_CHV, 0); - if(r) goto out; - - r = sc_pkcs15init_create_file(profile, card, keyfile); - if(r) - { - if(r != SC_ERROR_FILE_ALREADY_EXISTS) - goto out; - r = 0; - } - -out: - if(keyfile) - sc_file_free(keyfile); - - return r; + return 0; } - /* * Store a private key */ static int westcos_pkcs15init_store_key(sc_profile_t *profile, - sc_card_t *card, + sc_pkcs15_card_t *p15card, sc_pkcs15_object_t *obj, sc_pkcs15_prkey_t *key) { @@ -261,7 +201,7 @@ * Generate key */ static int westcos_pkcs15init_generate_key(sc_profile_t *profile, - sc_card_t *card, + sc_pkcs15_card_t *p15card, sc_pkcs15_object_t *obj, sc_pkcs15_pubkey_t *pubkey) { @@ -272,11 +212,11 @@ long lg; u8 *p; sc_pkcs15_prkey_info_t *key_info = (sc_pkcs15_prkey_info_t *) obj->data; - RSA *rsa = NULL; - BIGNUM *bn = NULL; - BIO *mem = NULL; + RSA *rsa = NULL; + BIGNUM *bn = NULL; + BIO *mem = NULL; - sc_file_t *prkf = NULL; + sc_file_t *prkf = NULL; if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) { return SC_ERROR_NOT_SUPPORTED; @@ -293,7 +233,6 @@ goto out; } - /* pkcs11 re-route routine cryptage vers la carte fixe default to use openssl */ if(!BN_set_word(bn, RSA_F4) || !RSA_generate_key_ex(rsa, key_info->modulus_length, bn, NULL)) #else @@ -327,7 +266,7 @@ pubkey->algorithm = SC_ALGORITHM_RSA; - r = sc_pkcs15_decode_pubkey(card->ctx, pubkey, p, lg); + r = sc_pkcs15_decode_pubkey(p15card->card->ctx, pubkey, p, lg); } (void) BIO_reset(mem); @@ -350,10 +289,15 @@ if (r != SC_SUCCESS) pbuf[0] = '\0'; - return r; + goto out; } - r = sc_pkcs15init_update_file(profile, card, prkf, p, lg); + prkf->size = lg; + + r = sc_pkcs15init_create_file(profile, p15card, prkf); + if(r) goto out; + + r = sc_pkcs15init_update_file(profile, p15card, prkf, p, lg); if(r) goto out; out: @@ -382,23 +326,23 @@ } static struct sc_pkcs15init_operations sc_pkcs15init_westcos_operations = { - NULL, /* erase_card */ - westcos_pkcs15init_init_card, /* init_card */ - westcos_pkcs15init_create_dir, /* create_dir */ - NULL, /* create_domain */ - westcos_pkcs15_select_pin_reference,/* select_pin_reference */ - westcos_pkcs15_create_pin, /* create_pin */ - NULL, /* select_key_reference */ - westcos_pkcs15init_create_key, /* create_key */ - westcos_pkcs15init_store_key, /* store_key */ - westcos_pkcs15init_generate_key, /* generate_key */ - NULL, NULL, /* encode private/public key */ - westcos_pkcs15init_finalize_card, /* finalize_card */ - NULL,NULL,NULL,NULL, /* old style app */ - NULL, /* old_generate_key */ - NULL /* delete_object */ + NULL, /* erase_card */ + westcos_pkcs15init_init_card, /* init_card */ + westcos_pkcs15init_create_dir, /* create_dir */ + NULL, /* create_domain */ + westcos_pkcs15_select_pin_reference, /* select_pin_reference */ + westcos_pkcs15_create_pin, /* create_pin */ + NULL, /* select_key_reference */ + westcos_pkcs15init_create_key, /* create_key */ + westcos_pkcs15init_store_key, /* store_key */ + westcos_pkcs15init_generate_key, /* generate_key */ + NULL, NULL, /* encode private/public key */ + westcos_pkcs15init_finalize_card, /* finalize_card */ + NULL, /* delete_object */ + NULL, NULL, NULL, NULL, NULL, /* pkcs15init emulation */ + NULL /* sanity_check */ }; - + struct sc_pkcs15init_operations* sc_pkcs15init_get_westcos_ops(void) { return &sc_pkcs15init_westcos_operations; diff -Nru opensc-0.11.13/src/pkcs15init/profile.c opensc-0.12.1/src/pkcs15init/profile.c --- opensc-0.11.13/src/pkcs15init/profile.c 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/profile.c 2011-05-17 17:07:00.000000000 +0000 @@ -21,9 +21,8 @@ * - the "key" command should go away, it's obsolete */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #include #include @@ -37,16 +36,29 @@ #endif #include #include -#include -#include + +#ifdef _WIN32 +#include +#include +#endif + +#include "common/compat_strlcpy.h" +#include "scconf/scconf.h" +#include "libopensc/log.h" +#include "libopensc/pkcs15.h" #include "pkcs15-init.h" #include "profile.h" -#include #define DEF_PRKEY_RSA_ACCESS 0x1D #define DEF_PRKEY_DSA_ACCESS 0x12 #define DEF_PUBKEY_ACCESS 0x12 +#define TEMPLATE_FILEID_MIN_DIFF 0x20 + +/* +#define DEBUG_PROFILE +*/ + /* * Parser state */ @@ -89,6 +101,9 @@ { "PRO", SC_AC_PRO }, { "AUT", SC_AC_AUT }, { "KEY", SC_AC_AUT }, + { "SEN", SC_AC_SEN }, + { "IDA", SC_AC_IDA }, + { "SCB", SC_AC_SCB }, { NULL, 0 } }; static struct map fileOpNames[] = { @@ -104,13 +119,22 @@ { "UPDATE", SC_AC_OP_UPDATE }, { "WRITE", SC_AC_OP_WRITE }, { "ERASE", SC_AC_OP_ERASE }, - { "CRYPTO", SC_AC_OP_CRYPTO }, + { "CRYPTO", SC_AC_OP_CRYPTO }, + { "PIN-DEFINE", SC_AC_OP_PIN_DEFINE }, + { "PIN-CHANGE", SC_AC_OP_PIN_CHANGE }, + { "PIN-RESET", SC_AC_OP_PIN_RESET }, + { "GENERATE", SC_AC_OP_GENERATE }, + { "PSO-COMPUTE-SIGNATURE", SC_AC_OP_PSO_COMPUTE_SIGNATURE }, + { "INTERNAL-AUTHENTICATE", SC_AC_OP_INTERNAL_AUTHENTICATE }, + { "PSO-DECRYPT", SC_AC_OP_PSO_DECRYPT }, + { "RESIZE", SC_AC_OP_RESIZE }, { NULL, 0 } }; static struct map fileTypeNames[] = { { "EF", SC_FILE_TYPE_WORKING_EF }, { "INTERNAL-EF",SC_FILE_TYPE_INTERNAL_EF }, { "DF", SC_FILE_TYPE_DF }, + { "BSO", SC_FILE_TYPE_BSO }, { NULL, 0 } }; static struct map fileStructureNames[] = { @@ -136,11 +160,11 @@ { NULL, 0 } }; static struct map pinTypeNames[] = { - { "BCD", 0 }, - { "ascii-numeric", 1 }, - { "utf8", 2 }, - { "half-nibble-bcd", 3 }, - { "iso9564-1", 4 }, + { "BCD", SC_PKCS15_PIN_TYPE_BCD }, + { "ascii-numeric", SC_PKCS15_PIN_TYPE_ASCII_NUMERIC }, + { "utf8", SC_PKCS15_PIN_TYPE_UTF8 }, + { "half-nibble-bcd", SC_PKCS15_PIN_TYPE_HALFNIBBLE_BCD }, + { "iso9564-1", SC_PKCS15_PIN_TYPE_ISO9564_1 }, { NULL, 0 } }; static struct map pinIdNames[] = { @@ -155,18 +179,24 @@ { NULL, 0 } }; static struct map pinFlagNames[] = { - { "case-sensitive", 0x0001 }, - { "local", 0x0002 }, - { "change-disabled", 0x0004 }, - { "unblock-disabled", 0x0008 }, - { "initialized", 0x0010 }, - { "needs-padding", 0x0020 }, - { "unblockingPin", 0x0040 }, - { "soPin", 0x0080 }, - { "disable-allowed", 0x0100 }, - { "integrity-protected", 0x0200 }, - { "confidentiality-protected", 0x0400 }, - { "exchangeRefData", 0x0800 }, + { "case-sensitive", SC_PKCS15_PIN_FLAG_CASE_SENSITIVE }, + { "local", SC_PKCS15_PIN_FLAG_LOCAL }, + { "change-disabled", SC_PKCS15_PIN_FLAG_CHANGE_DISABLED }, + { "unblock-disabled", SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED }, + { "initialized", SC_PKCS15_PIN_FLAG_INITIALIZED }, + { "needs-padding", SC_PKCS15_PIN_FLAG_NEEDS_PADDING }, + { "unblockingPin", SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN }, + { "soPin", SC_PKCS15_PIN_FLAG_SO_PIN }, + { "disable-allowed", SC_PKCS15_PIN_FLAG_DISABLE_ALLOW }, + { "integrity-protected", SC_PKCS15_PIN_FLAG_INTEGRITY_PROTECTED }, + { "confidentiality-protected", SC_PKCS15_PIN_FLAG_CONFIDENTIALITY_PROTECTED }, + { "exchangeRefData", SC_PKCS15_PIN_FLAG_EXCHANGE_REF_DATA }, + { NULL, 0 } +}; +static struct map idStyleNames[] = { + { "native", SC_PKCS15INIT_ID_STYLE_NATIVE }, + { "mozilla", SC_PKCS15INIT_ID_STYLE_MOZILLA }, + { "rfc2459", SC_PKCS15INIT_ID_STYLE_RFC2459 }, { NULL, 0 } }; static struct { @@ -184,10 +214,6 @@ { NULL, NULL } }; -typedef struct pin_info pin_info; -typedef struct file_info file_info; -typedef struct auth_info auth_info; - static int process_conf(struct sc_profile *, scconf_context *); static int process_block(struct state *, struct block *, const char *, scconf_block *); @@ -203,23 +229,23 @@ static int setstr(char **strp, const char *value); static void parse_error(struct state *, const char *, ...); -static file_info * sc_profile_instantiate_file(sc_profile_t *, +static struct file_info * sc_profile_instantiate_file(sc_profile_t *, struct file_info *, struct file_info *, unsigned int); -static file_info * sc_profile_find_file(struct sc_profile *, +static struct file_info * sc_profile_find_file(struct sc_profile *, const sc_path_t *, const char *); -static file_info * sc_profile_find_file_by_path( +static struct file_info * sc_profile_find_file_by_path( struct sc_profile *, const sc_path_t *); -static pin_info * new_pin(struct sc_profile *, unsigned int); -static file_info * new_file(struct state *, const char *, +static struct pin_info * new_pin(struct sc_profile *, int); +static struct file_info * new_file(struct state *, const char *, unsigned int); -static file_info * add_file(sc_profile_t *, const char *, - sc_file_t *, file_info *); +static struct file_info * add_file(sc_profile_t *, const char *, + sc_file_t *, struct file_info *); static void free_file_list(struct file_info **); static void append_file(sc_profile_t *, struct file_info *); -static auth_info * new_key(struct sc_profile *, +static struct auth_info * new_key(struct sc_profile *, unsigned int, unsigned int); static void set_pin_defaults(struct sc_profile *, struct pin_info *); @@ -238,7 +264,7 @@ } file->type = type; file->status = SC_FILE_STATUS_ACTIVATED; - if (file->type != SC_FILE_TYPE_DF) + if (file->type != SC_FILE_TYPE_DF && file->type != SC_FILE_TYPE_BSO) file->ef_structure = SC_FILE_EF_TRANSPARENT; return file; } @@ -252,20 +278,19 @@ struct sc_pkcs15_card *p15card; struct sc_profile *pro; - pro = (struct sc_profile *) calloc(1, sizeof(*pro)); + pro = calloc(1, sizeof(*pro)); if (pro == NULL) return NULL; pro->p15_spec = p15card = sc_pkcs15_card_new(); - pro->protect_certificates = 1; pro->pkcs15.do_last_update = 1; if (p15card) { - p15card->label = strdup("OpenSC Card"); - p15card->manufacturer_id = strdup("OpenSC Project"); - p15card->serial_number = strdup("0000"); - p15card->flags = SC_PKCS15_CARD_FLAG_EID_COMPLIANT; - p15card->version = 1; + p15card->tokeninfo->label = strdup("OpenSC Card"); + p15card->tokeninfo->manufacturer_id = strdup("OpenSC Project"); + p15card->tokeninfo->serial_number = strdup("0000"); + p15card->tokeninfo->flags = SC_PKCS15_TOKEN_EID_COMPLIANT; + p15card->tokeninfo->version = 0; /* Set up EF(TokenInfo) and EF(ODF) */ p15card->file_tokeninfo = init_file(SC_FILE_TYPE_WORKING_EF); @@ -276,10 +301,10 @@ /* Assume card does RSA natively, but no DSA */ pro->rsa_access_flags = DEF_PRKEY_RSA_ACCESS; pro->dsa_access_flags = DEF_PRKEY_DSA_ACCESS; - pro->pin_encoding = 0x01; + pro->pin_encoding = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC; pro->pin_minlen = 4; pro->pin_maxlen = 8; - pro->keep_public_key = 1; + pro->id_style = SC_PKCS15INIT_ID_STYLE_NATIVE; return pro; } @@ -292,69 +317,105 @@ const char *profile_dir = NULL; char path[PATH_MAX]; int res = 0, i; - +#ifdef _WIN32 + char temp_path[PATH_MAX]; + DWORD temp_len; + long rc; + HKEY hKey; +#endif + + LOG_FUNC_CALLED(ctx); for (i = 0; ctx->conf_blocks[i]; i++) { profile_dir = scconf_get_str(ctx->conf_blocks[i], "profile_dir", NULL); if (profile_dir) break; } - if (!profile_dir) { +#ifdef _WIN32 + rc = RegOpenKeyEx(HKEY_CURRENT_USER, "Software\\OpenSC Project\\OpenSC", 0, KEY_QUERY_VALUE, &hKey); + if (rc == ERROR_SUCCESS) { + temp_len = PATH_MAX; + rc = RegQueryValueEx(hKey, "ProfileDir", NULL, NULL, (LPBYTE) temp_path, &temp_len); + if ((rc == ERROR_SUCCESS) && (temp_len < PATH_MAX)) + profile_dir = temp_path; + RegCloseKey(hKey); + } + if (!profile_dir) { + rc = RegOpenKeyEx(HKEY_LOCAL_MACHINE, "Software\\OpenSC Project\\OpenSC", 0, KEY_QUERY_VALUE, &hKey); + if (rc == ERROR_SUCCESS) { + temp_len = PATH_MAX; + rc = RegQueryValueEx(hKey, "ProfileDir", NULL, NULL, (LPBYTE) temp_path, &temp_len); + if ((rc == ERROR_SUCCESS) && (temp_len < PATH_MAX)) + profile_dir = temp_path; + RegCloseKey(hKey); + } + } +#else profile_dir = SC_PKCS15_PROFILE_DIRECTORY; +#endif } - - sc_debug(ctx, "Using profile directory '%s'.", profile_dir); + sc_log(ctx, "Using profile directory '%s'.", profile_dir); #ifdef _WIN32 - snprintf(path, sizeof(path), "%s\\%s.%s", - profile_dir, filename, SC_PKCS15_PROFILE_SUFFIX); + snprintf(path, sizeof(path), "%s\\%s.%s", profile_dir, filename, SC_PKCS15_PROFILE_SUFFIX); #else /* _WIN32 */ - snprintf(path, sizeof(path), "%s/%s.%s", - profile_dir, filename, SC_PKCS15_PROFILE_SUFFIX); + snprintf(path, sizeof(path), "%s/%s.%s", profile_dir, filename, SC_PKCS15_PROFILE_SUFFIX); #endif /* _WIN32 */ - if (profile->card->ctx->debug >= 2) { - sc_debug(profile->card->ctx, - "Trying profile file %s", path); - } + sc_log(ctx, "Trying profile file %s", path); conf = scconf_new(path); res = scconf_parse(conf); - if (res > 0 && profile->card->ctx->debug >= 2) { - sc_debug(profile->card->ctx, - "profile %s loaded ok", path); - } + sc_log(ctx, "profile %s loaded ok", path); if (res < 0) - return SC_ERROR_FILE_NOT_FOUND; - if (res == 0) { - /* FIXME - we may want to display conf->errmsg here. */ - return SC_ERROR_SYNTAX_ERROR; - } + LOG_FUNC_RETURN(ctx, SC_ERROR_FILE_NOT_FOUND); + + if (res == 0) + LOG_FUNC_RETURN(ctx, SC_ERROR_SYNTAX_ERROR); res = process_conf(profile, conf); scconf_free(conf); - return res; + LOG_FUNC_RETURN(ctx, res); } + int -sc_profile_finish(struct sc_profile *profile) +sc_profile_finish(struct sc_profile *profile, const struct sc_app_info *app_info) { + struct sc_context *ctx = profile->card->ctx; struct file_info *fi; struct pin_info *pi; char reason[64]; + LOG_FUNC_CALLED(ctx); profile->mf_info = sc_profile_find_file(profile, NULL, "MF"); - if (!profile->mf_info) { - strcpy(reason, "Profile doesn't define a MF"); - goto whine; + if (!profile->mf_info) + LOG_TEST_RET(ctx, SC_ERROR_INCONSISTENT_PROFILE, "Profile doesn't define a MF"); + + if (app_info && app_info->aid.len) { + struct sc_path path; + + sc_log(ctx, "finish profile with '%s' application profile", app_info->label); + memset(&path, 0, sizeof(struct sc_path)); + path.type = SC_PATH_TYPE_DF_NAME; + path.aid = app_info->aid; + + sc_log(ctx, "Look for file by path '%s'", sc_print_path(&path)); + profile->df_info = sc_profile_find_file_by_path(profile, &path); + sc_log(ctx, "returned DF info %p", profile->df_info); + if (profile->df_info && profile->df_info->profile_extension) { + sc_log(ctx, "application profile extension '%s'", profile->df_info->profile_extension); + if (sc_profile_load(profile, profile->df_info->profile_extension)) + LOG_TEST_RET(ctx, SC_ERROR_INCONSISTENT_PROFILE, "Cannot load application profile extension"); + } } + profile->df_info = sc_profile_find_file(profile, NULL, "PKCS15-AppDF"); - if (!profile->df_info) { - strcpy(reason, "Profile doesn't define a PKCS15-AppDF"); - goto whine; - } + if (!profile->df_info) + LOG_TEST_RET(ctx, SC_ERROR_INCONSISTENT_PROFILE, "Profile doesn't define a PKCS15-AppDF"); + profile->p15_spec->file_app = profile->df_info->file; profile->df_info->dont_free = 1; @@ -365,16 +426,17 @@ if (!(name = pi->file_name)) continue; if (!(fi = sc_profile_find_file(profile, NULL, name))) { - snprintf(reason, sizeof(reason), - "unknown PIN file \"%s\"\n", name); + snprintf(reason, sizeof(reason), "unknown PIN file \"%s\"\n", name); goto whine; } + pi->file = fi; } - return 0; + LOG_FUNC_RETURN(ctx, SC_SUCCESS); -whine: sc_error(profile->card->ctx, "%s", reason); - return SC_ERROR_INCONSISTENT_PROFILE; +whine: + sc_log(ctx, "%s", reason); + LOG_FUNC_RETURN(ctx, SC_ERROR_INCONSISTENT_PROFILE); } void @@ -426,7 +488,7 @@ void sc_profile_get_pin_info(struct sc_profile *profile, - unsigned int id, struct sc_pkcs15_pin_info *info) + int id, struct sc_pkcs15_pin_info *info) { struct pin_info *pi; @@ -437,7 +499,7 @@ } int -sc_profile_get_pin_retries(sc_profile_t *profile, unsigned int id) +sc_profile_get_pin_retries(sc_profile_t *profile, int id) { struct pin_info *pi; @@ -449,7 +511,7 @@ int sc_profile_get_pin_id(struct sc_profile *profile, - unsigned int reference, unsigned int *id) + unsigned int reference, int *id) { struct pin_info *pi; @@ -492,6 +554,45 @@ } int +sc_profile_get_file_instance(struct sc_profile *profile, const char *name, + int index, sc_file_t **ret) +{ + struct sc_context *ctx = profile->card->ctx; + struct file_info *fi; + struct sc_file *file; + int r; + + LOG_FUNC_CALLED(ctx); + sc_log(ctx, "try to get '%s' file instance", name); + + if ((fi = sc_profile_find_file(profile, NULL, name)) == NULL) + LOG_FUNC_RETURN(ctx, SC_ERROR_FILE_NOT_FOUND); + sc_file_dup(&file, fi->file); + sc_log(ctx, "ident '%s'; parent '%s'", fi->ident, fi->parent->ident); + if (file == NULL) + LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY); + sc_log(ctx, "file (type:%X, path:'%s')", file->type, sc_print_path(&file->path)); + + file->id += index; + if(file->type == SC_FILE_TYPE_BSO) { + r = sc_profile_add_file(profile, name, file); + LOG_TEST_RET(ctx, r, "Profile error: cannot add BSO file"); + } + else if (file->path.len) { + file->path.value[file->path.len - 2] = (file->id >> 8) & 0xFF; + file->path.value[file->path.len - 1] = file->id & 0xFF; + + r = sc_profile_add_file(profile, name, file); + LOG_TEST_RET(ctx, r, "Profile error: cannot add file"); + } + + if (ret) + *ret = file; + + LOG_FUNC_RETURN(ctx, SC_SUCCESS); +} + +int sc_profile_get_path(struct sc_profile *profile, const char *name, sc_path_t *ret) { @@ -507,32 +608,41 @@ sc_profile_get_file_by_path(struct sc_profile *profile, const sc_path_t *path, sc_file_t **ret) { + struct sc_context *ctx = profile->card->ctx; struct file_info *fi; + LOG_FUNC_CALLED(ctx); if ((fi = sc_profile_find_file_by_path(profile, path)) == NULL) - return SC_ERROR_FILE_NOT_FOUND; + LOG_FUNC_RETURN(ctx, SC_ERROR_FILE_NOT_FOUND); sc_file_dup(ret, fi->file); - if (*ret == NULL) - return SC_ERROR_OUT_OF_MEMORY; - return 0; + LOG_FUNC_RETURN(ctx, *ret ? SC_SUCCESS : SC_ERROR_OUT_OF_MEMORY); } int sc_profile_add_file(sc_profile_t *profile, const char *name, sc_file_t *file) { + struct sc_context *ctx = profile->card->ctx; sc_path_t path = file->path; - file_info *parent; + struct file_info *parent; + + LOG_FUNC_CALLED(ctx); + if (!path.len) { + parent = profile->df_info; + } + else { + path.len -= 2; + parent = sc_profile_find_file_by_path(profile, &path); + } + if (!parent) + LOG_FUNC_RETURN(ctx, SC_ERROR_FILE_NOT_FOUND); + sc_log(ctx, "Parent path:%s", sc_print_path(&parent->file->path)); - path.len -= 2; - if (!(parent = sc_profile_find_file_by_path(profile, &path))) { - /* XXX perror */ - return SC_ERROR_FILE_NOT_FOUND; - } sc_file_dup(&file, file); if (file == NULL) - return SC_ERROR_OUT_OF_MEMORY; + LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY); + add_file(profile, name, file, parent); - return 0; + LOG_FUNC_RETURN(ctx, SC_SUCCESS); } /* @@ -544,18 +654,23 @@ const char *file_name, const sc_pkcs15_id_t *id, sc_file_t **ret) { - sc_card_t *card = profile->card; - sc_profile_t *tmpl; - sc_template_t *info; + struct sc_context *ctx = profile->card->ctx; + struct sc_profile *tmpl; + struct sc_template *info; unsigned int idx; struct file_info *fi, *base_file, *match = NULL; - for (info = profile->template_list; info; info = info->next) { +#ifdef DEBUG_PROFILE + printf("Instantiate %s in template %s\n", file_name, template_name); + sc_profile_find_file_by_path(profile, base_path); +#endif + for (info = profile->template_list; info; info = info->next) if (!strcmp(info->name, template_name)) break; - } - if (info == NULL) + if (info == NULL) { + sc_log(ctx, "Template %s not found", template_name); return SC_ERROR_TEMPLATE_NOT_FOUND; + } tmpl = info->data; idx = id->value[id->len-1]; @@ -571,26 +686,11 @@ } } - if (profile->card->ctx->debug >= 2) { - char pbuf[SC_MAX_PATH_STRING_SIZE]; - - int r = sc_path_print(pbuf, sizeof(pbuf), base_path); - if (r != SC_SUCCESS) - pbuf[0] = '\0'; - - sc_debug(profile->card->ctx, - "Instantiating template %s at %s", template_name, pbuf); - } + sc_log(ctx, "Instantiating template %s at %s", template_name, sc_print_path(base_path)); base_file = sc_profile_find_file_by_path(profile, base_path); if (base_file == NULL) { - char pbuf[SC_MAX_PATH_STRING_SIZE]; - - int r = sc_path_print(pbuf, sizeof(pbuf), base_path); - if (r != SC_SUCCESS) - pbuf[0] = '\0'; - - sc_error(card->ctx, "Directory %s not defined in profile", pbuf); + sc_log(ctx, "Directory %s not defined in profile", sc_print_path(base_path)); return SC_ERROR_OBJECT_NOT_FOUND; } @@ -599,7 +699,7 @@ */ assert(base_file->instance); for (fi = tmpl->ef_list; fi; fi = fi->next) { - file_info *parent, *instance; + struct file_info *parent, *instance; unsigned int skew = 0; fi->instance = NULL; @@ -621,24 +721,27 @@ } if (match == NULL) { - sc_error(card->ctx, "No file named \"%s\" in template \"%s\"", + sc_log(ctx, "No file named \"%s\" in template \"%s\"", file_name, template_name); return SC_ERROR_OBJECT_NOT_FOUND; } sc_file_dup(ret, match->file); if (*ret == NULL) return SC_ERROR_OUT_OF_MEMORY; +#ifdef DEBUG_PROFILE + printf("Template instantiated\n"); +#endif return 0; } -static file_info * -sc_profile_instantiate_file(sc_profile_t *profile, file_info *ft, - file_info *parent, unsigned int skew) +static struct file_info * +sc_profile_instantiate_file(sc_profile_t *profile, struct file_info *ft, + struct file_info *parent, unsigned int skew) { + struct sc_context *ctx = profile->card->ctx; struct file_info *fi; - sc_card_t *card = profile->card; - fi = (file_info *) calloc(1, sizeof(*fi)); + fi = calloc(1, sizeof(*fi)); if (fi == NULL) return NULL; fi->instance = fi; @@ -656,41 +759,59 @@ } fi->file->path = parent->file->path; fi->file->id += skew; - sc_append_file_id(&fi->file->path, fi->file->id); + + if (fi->file->type == SC_FILE_TYPE_INTERNAL_EF + || fi->file->type == SC_FILE_TYPE_WORKING_EF + || (fi->file->type == SC_FILE_TYPE_DF && fi->file->id)) + sc_append_file_id(&fi->file->path, fi->file->id); append_file(profile, fi); ft->instance = fi; - if (card->ctx->debug >= 2) { - char pbuf[SC_MAX_PATH_STRING_SIZE]; + sc_log(ctx, "Instantiated %s at %s", ft->ident, sc_print_path(&fi->file->path)); + sc_log(ctx, " parent=%s@%s", parent->ident, sc_print_path(&parent->file->path)); - int r = sc_path_print(pbuf, sizeof(pbuf), &fi->file->path); - if (r != SC_SUCCESS) - pbuf[0] = '\0'; - - sc_debug(card->ctx, "Instantiated %s at %s", ft->ident, pbuf); + return fi; +} - r = sc_path_print(pbuf, sizeof(pbuf), &parent->file->path); - if (r != SC_SUCCESS) - pbuf[0] = '\0'; +int +sc_profile_get_pin_id_by_reference(struct sc_profile *profile, + unsigned auth_method, int reference, + struct sc_pkcs15_pin_info *pin_info) +{ + struct pin_info *pinfo; + + for (pinfo = profile->pin_list; pinfo; pinfo = pinfo->next) { + if (auth_method == SC_AC_SYMBOLIC) { + if (pinfo->id != reference) + continue; + } + else { + if (pinfo->pin.auth_method != auth_method) + continue; + if (pinfo->pin.reference != reference) + continue; + } - sc_debug(card->ctx, " parent=%s@%s", parent->ident, pbuf); + if (pin_info) + *pin_info = pinfo->pin; + return pinfo->id; } - return fi; + return -1; } /* * Configuration file parser */ static void -init_state(struct state *cur, struct state *new_state) +init_state(struct state *cur_state, struct state *new_state) { memset(new_state, 0, sizeof(*new_state)); - new_state->filename = cur->filename; - new_state->profile = cur->profile; - new_state->frame = cur; + new_state->filename = cur_state->filename; + new_state->profile = cur_state->profile; + new_state->frame = cur_state; } static int @@ -732,23 +853,11 @@ } static int -do_protect_certificates(struct state *cur, int argc, char **argv) -{ - return get_bool(cur, argv[0], &cur->profile->protect_certificates); -} - -static int -do_keep_public_key(struct state *cur, int argc, char **argv) -{ - return get_bool(cur, argv[0], &cur->profile->keep_public_key); -} - -static int do_card_label(struct state *cur, int argc, char **argv) { struct sc_pkcs15_card *p15card = cur->profile->p15_spec; - return setstr(&p15card->label, argv[0]); + return setstr(&p15card->tokeninfo->label, argv[0]); } static int @@ -756,7 +865,7 @@ { struct sc_pkcs15_card *p15card = cur->profile->p15_spec; - return setstr(&p15card->manufacturer_id, argv[0]); + return setstr(&p15card->tokeninfo->manufacturer_id, argv[0]); } /* @@ -780,6 +889,12 @@ return get_bool(cur, argv[0], &cur->profile->pkcs15.do_last_update); } +static int +do_pkcs15_id_style(struct state *cur, int argc, char **argv) +{ + return map_str2int(cur, argv[0], &cur->profile->id_style, idStyleNames); +} + /* * Process an option block */ @@ -825,7 +940,7 @@ return ai; } - ai = (struct auth_info *) calloc(1, sizeof(*ai)); + ai = calloc(1, sizeof(*ai)); if (ai == NULL) return NULL; ai->type = type; @@ -896,6 +1011,62 @@ return process_block(&state, info, name, blk); } + +static int +process_bso(struct state *cur, struct block *info, + const char *name, scconf_block *blk) +{ + struct state state; + + init_state(cur, &state); + if (name == NULL) { + parse_error(cur, "No name given for BSO object."); + return 1; + } + if (!(state.file = new_file(cur, name, SC_FILE_TYPE_BSO))) + return 1; + return process_block(&state, info, name, blk); +} + +/* + * In the template the difference between any two file-ids + * should be greater then TEMPLATE_FILEID_MIN_DIFF. + */ +static int +template_sanity_check(struct state *cur, struct sc_profile *templ) +{ + struct file_info *fi, *ffi; + + for (fi = templ->ef_list; fi; fi = fi->next) { + struct sc_path fi_path = fi->file->path; + int fi_id = fi_path.value[fi_path.len - 2] * 0x100 + + fi_path.value[fi_path.len - 1]; + + if (fi->file->type == SC_FILE_TYPE_BSO) + continue; + for (ffi = templ->ef_list; ffi; ffi = ffi->next) { + struct sc_path ffi_path = ffi->file->path; + int dlt, ffi_id = ffi_path.value[ffi_path.len - 2] * 0x100 + + ffi_path.value[ffi_path.len - 1]; + + if (ffi->file->type == SC_FILE_TYPE_BSO) + continue; + + dlt = fi_id > ffi_id ? fi_id - ffi_id : ffi_id - fi_id; + if (strcmp(ffi->ident, fi->ident)) { + if (dlt >= TEMPLATE_FILEID_MIN_DIFF) + continue; + + parse_error(cur, "Template insane: file-ids should be substantially different"); + return 1; + } + } + } + + return SC_SUCCESS; +} + + static int process_tmpl(struct state *cur, struct block *info, const char *name, scconf_block *blk) @@ -903,21 +1074,23 @@ struct state state; sc_template_t *tinfo; sc_profile_t *templ; + int r; +#ifdef DEBUG_PROFILE + printf("Process template:%s; block:%s\n", name, info->name); +#endif if (name == NULL) { parse_error(cur, "No name given for template."); return 1; } - templ = (sc_profile_t *) calloc(1, sizeof(*templ)); + templ = calloc(1, sizeof(*templ)); if (templ == NULL) { parse_error(cur, "memory allocation failed"); return 1; } - templ->cbs = cur->profile->cbs; - - tinfo = (sc_template_t *) calloc(1, sizeof(*tinfo)); + tinfo = calloc(1, sizeof(*tinfo)); if (tinfo == NULL) { parse_error(cur, "memory allocation failed"); free(templ); @@ -933,7 +1106,14 @@ state.profile = tinfo->data; state.file = NULL; - return process_block(&state, info, name, blk); + r = process_block(&state, info, name, blk); + if (!r) + r = template_sanity_check(cur, templ); + +#ifdef DEBUG_PROFILE + printf("Template %s processed; returns %i\n", name, r); +#endif + return r; } /* @@ -954,13 +1134,13 @@ * Add a new file to the profile. * This function is called by sc_profile_add_file. */ -static file_info * +static struct file_info * add_file(sc_profile_t *profile, const char *name, - sc_file_t *file, file_info *parent) + sc_file_t *file, struct file_info *parent) { - file_info *info; + struct file_info *info; - info = (struct file_info *) calloc(1, sizeof(*info)); + info = calloc(1, sizeof(*info)); if (info == NULL) return NULL; info->instance = info; @@ -999,7 +1179,7 @@ new_file(struct state *cur, const char *name, unsigned int type) { sc_profile_t *profile = cur->profile; - file_info *info; + struct file_info *info; sc_file_t *file; unsigned int df_type = 0, dont_free = 0; @@ -1029,9 +1209,11 @@ profile->df[df_type] = file; } assert(file); - if (file->type != (int)type) { + if (file->type != type) { parse_error(cur, "inconsistent file type (should be %s)", - (file->type == SC_FILE_TYPE_DF)? "DF" : "EF"); + file->type == SC_FILE_TYPE_DF + ? "DF" : file->type == SC_FILE_TYPE_BSO + ? "BS0" : "EF"); if (strncasecmp(name, "PKCS15-", 7) || !strcasecmp(name+7, "AppDF")) sc_file_free(file); @@ -1071,8 +1253,7 @@ parse_error(cur, "Invalid path length\n"); return 1; } - file->id = (path->value[path->len-2] << 8) - | path->value[path->len-1]; + file->id = (path->value[path->len-2] << 8) | path->value[path->len-1]; return 0; } @@ -1093,7 +1274,7 @@ /* Get the DF, if any */ if ((fi = cur->file->parent) && (df = fi->file)) { - if (df->path.len == 0) { + if (!df->path.len && !df->path.aid.len) { parse_error(cur, "No path/fileid set for parent DF\n"); return 1; } @@ -1159,13 +1340,63 @@ } memcpy(file->name, name, len); file->namelen = len; - } else { + } + else { file->namelen = sizeof(file->name); res = sc_hex_to_bin(name, file->name, &file->namelen); } return res; } +static int +do_exclusive_aid(struct state *cur, int argc, char **argv) +{ + struct sc_file *file = cur->file->file; + const char *name = argv[0]; + unsigned int len; + int res = 0; + +#ifdef DEBUG_PROFILE + printf("do_exclusive_aid(): exclusive-aid '%s'\n", name); + printf("do_exclusive_aid(): current file '%s' (path:%s)\n", cur->file->ident, sc_print_path(&file->path)); +#endif + sc_format_path(name, &file->path); + if (file->path.len > SC_MAX_AID_SIZE) { + parse_error(cur, "Path length is too big\n"); + return 1; + } + + memcpy(file->path.aid.value, file->path.value, file->path.len); + file->path.aid.len = file->path.len; + + file->path.len = 0; + file->path.type = SC_PATH_TYPE_DF_NAME; + +#ifdef DEBUG_PROFILE + printf("do_exclusive_aid(): '%s' exclusive-aid path %s\n", cur->file->ident, sc_print_path(&file->path)); +#endif + if (*name == '=') { + len = strlen(++name); + if (len > sizeof(file->name)) { + parse_error(cur, "AID \"%s\" too long\n", name); + return 1; + } + memcpy(file->name, name, len); + file->namelen = len; + } + else { + file->namelen = sizeof(file->name); + res = sc_hex_to_bin(name, file->name, &file->namelen); + } + return res; +} + +static int +do_profile_extension(struct state *cur, int argc, char **argv) +{ + return setstr(&cur->file->profile_extension, argv[0]); +} + /* * Parse ACL list. * The way we do this is we first split things like CHV1 @@ -1234,13 +1465,13 @@ return 1; init_state(cur, &state); - state.pin = new_pin(cur->profile, id); + state.pin = new_pin(cur->profile, (int)id); return process_block(&state, info, name, blk); } static struct pin_info * -new_pin(struct sc_profile *profile, unsigned int id) +new_pin(struct sc_profile *profile, int id) { struct pin_info *pi, **tail; @@ -1255,10 +1486,11 @@ * are usually created before we've read the card specific * profile */ - pi = (struct pin_info *) calloc(1, sizeof(*pi)); + pi = calloc(1, sizeof(*pi)); if (pi == NULL) return NULL; pi->id = id; + pi->pin.auth_method = SC_AC_CHV; pi->pin.type = (unsigned int)-1; pi->pin.flags = 0x32; pi->pin.max_length = 0; @@ -1407,7 +1639,7 @@ name = item->key; if (item->type != SCCONF_ITEM_TYPE_VALUE) continue; -#if 0 +#ifdef DEBUG_PROFILE printf("Defining %s\n", name); #endif new_macro(cur->profile, name, item->value.list); @@ -1422,7 +1654,7 @@ sc_macro_t *mac; if ((mac = find_macro(profile, name)) == NULL) { - mac = (sc_macro_t *) calloc(1, sizeof(*mac)); + mac = calloc(1, sizeof(*mac)); if (mac == NULL) return; mac->name = strdup(name); @@ -1463,10 +1695,8 @@ { "pin-encoding", 1, 1, do_default_pin_type }, { "pin-pad-char", 1, 1, do_pin_pad_char }, { "pin-domains", 1, 1, do_pin_domains }, - { "protect-certificates", 1, 1, do_protect_certificates }, { "label", 1, 1, do_card_label }, { "manufacturer", 1, 1, do_card_manufacturer}, - { "keep-public-key", 1, 1, do_keep_public_key }, { NULL, 0, 0, NULL } }; @@ -1489,6 +1719,10 @@ { "record-length", 1, 1, do_reclength }, { "AID", 1, 1, do_aid }, { "ACL", 1, -1, do_acl }, +/* AID dependent sub-profile */ + { "profile-extension", 1, 1, do_profile_extension }, +/* AID of the DFs without file-id */ + { "exclusive-aid", 1, 1, do_exclusive_aid }, { NULL, 0, 0, NULL } }; @@ -1496,6 +1730,7 @@ static struct block fs_blocks[] = { { "DF", process_df, fs_commands, fs_blocks }, { "EF", process_ef, fs_commands, fs_blocks }, + { "BSO", process_bso, fs_commands, fs_blocks }, { "template", process_tmpl, fs_commands, fs_blocks }, { NULL, NULL, NULL, NULL } @@ -1525,6 +1760,7 @@ { "direct-certificates", 1, 1, do_direct_certificates }, { "encode-df-length", 1, 1, do_encode_df_length }, { "do-last-update", 1, 1, do_encode_update_field }, + { "pkcs15-id-style", 1, 1, do_pkcs15_id_style }, { NULL, 0, 0, NULL } }; @@ -1571,7 +1807,7 @@ return SC_ERROR_SYNTAX_ERROR; } -#if 0 +#ifdef DEBUG_PROFILE { scconf_list *list; @@ -1656,35 +1892,29 @@ ident = NULL; if ((nlist = item->value.block->name) != NULL) { if (nlist->next) { - parse_error(cur, - "Too many name components " - "in block name."); + parse_error(cur, "Too many name components in block name."); return SC_ERROR_SYNTAX_ERROR; } ident = nlist->data; } -#if 0 - printf("Processing %s %s\n", - cmd, ident? ident : ""); +#ifdef DEBUG_PROFILE + printf("Processing %s %s\n", cmd, ident? ident : ""); #endif if ((bp = find_block_handler(info->blk_info, cmd))) { - res = bp->handler(cur, bp, ident, - item->value.block); + res = bp->handler(cur, bp, ident, item->value.block); continue; } - } else - if (item->type == SCCONF_ITEM_TYPE_VALUE) { -#if 0 + } + else if (item->type == SCCONF_ITEM_TYPE_VALUE) { +#ifdef DEBUG_PROFILE printf("Processing %s\n", cmd); #endif if ((cp = find_cmd_handler(info->cmd_info, cmd))) { - res = process_command(cur, cp, - item->value.list); + res = process_command(cur, cp, item->value.list); continue; } } - parse_error(cur, - "Command \"%s\" not understood in this context.", cmd); + parse_error(cur, "Command \"%s\" not understood in this context.", cmd); return SC_ERROR_SYNTAX_ERROR; } @@ -1723,18 +1953,82 @@ return NULL; } -static struct file_info * sc_profile_find_file_by_path(struct sc_profile *pro, const sc_path_t *path) + +static struct file_info * +sc_profile_find_file_by_path(struct sc_profile *pro, const sc_path_t *path) { - struct file_info *fi; - struct sc_file *fp; + struct file_info *fi, *out = NULL; + struct sc_path *fp_path, *fpp_path; + +#ifdef DEBUG_PROFILE + struct sc_context *ctx = pro->card->ctx; + + sc_log(ctx, "profile's EF list:"); + for (fi = pro->ef_list; fi; fi = fi->next) { + sc_log(ctx, "'%s' (path:%s)", fi->ident, sc_print_path(&fi->file->path)); + sc_log(ctx, "fi parent %p", fi->parent); + if (fi->parent && fi->parent->file) + sc_log(ctx, "fi parent path %s", sc_print_path(&fi->parent->file->path)); + } + sc_log(ctx, "find profile file by path:%s", sc_print_path(path)); +#endif + + if (!path->len && !path->aid.len) + return NULL; for (fi = pro->ef_list; fi; fi = fi->next) { - fp = fi->file; - if (fp->path.len == path->len - && !memcmp(fp->path.value, path->value, path->len)) - return fi; + fp_path = &fi->file->path; + fpp_path = fi->parent ? &fi->parent->file->path : NULL; + + if (fp_path->len != path->len) + continue; + if (fp_path->len && memcmp(fp_path->value, path->value, path->len)) + continue; + + if (path->aid.len && fp_path->aid.len) { + if (memcmp(fp_path->aid.value, path->aid.value, path->aid.len)) + continue; + } + else if (path->aid.len && !fp_path->aid.len && fpp_path) { + if (fpp_path->type == SC_PATH_TYPE_DF_NAME && fpp_path->len) { + if (fpp_path->len != path->aid.len) + continue; + if (memcmp(fpp_path->value, path->aid.value, path->aid.len)) + continue; + } + else if (fpp_path->aid.len) { + if (fpp_path->aid.len != path->aid.len) + continue; + if (memcmp(fpp_path->aid.value, path->aid.value, path->aid.len)) + continue; + } + } + + out = fi; } - return NULL; + +#ifdef DEBUG_PROFILE + sc_log(ctx, "returns (%s)", out ? out->ident: ""); +#endif + return out; +} + +int +sc_profile_get_parent(struct sc_profile *profile, + const char *name, sc_file_t **ret) +{ + struct file_info *fi = NULL; + + if ((fi = sc_profile_find_file(profile, NULL, name)) == NULL) + return SC_ERROR_FILE_NOT_FOUND; + + if (!fi->parent) + return SC_ERROR_FILE_NOT_FOUND; + + sc_file_dup(ret, fi->parent->file); + if (*ret == NULL) + return SC_ERROR_OUT_OF_MEMORY; + return 0; } /* @@ -1752,7 +2046,7 @@ return get_uint(cur, value, type); } - n = strcspn(value, "0123456789"); + n = strcspn(value, "0123456789x"); strlcpy(temp, value, (sizeof(temp) > n) ? n + 1 : sizeof(temp)); if (map_str2int(cur, temp, type, aclNames)) @@ -1768,10 +2062,14 @@ { char *ep; - *vp = strtoul(value, &ep, 0); + if (strstr(value, "0x") == value) + *vp = strtoul(value + 2, &ep, 16); + else if (strstr(value, "x") == value) + *vp = strtoul(value + 1, &ep, 16); + else + *vp = strtoul(value, &ep, 0); if (*ep != '\0') { - parse_error(cur, - "invalid integer argument \"%s\"\n", value); + parse_error(cur, "invalid integer argument \"%s\"\n", value); return 1; } return 0; @@ -1897,13 +2195,16 @@ if (isdigit(*s)) { while (isdigit(*s)) expr_put(ctx, *s++); - } else if (*s == '$') { + } + else if (*s == '$') { expr_put(ctx, *s++); while (isalnum(*s) || *s == '-' || *s == '_') expr_put(ctx, *s++); - } else if (strchr("*/+-()|&", *s)) { + } + else if (strchr("*/+-()|&", *s)) { expr_put(ctx, *s++); - } else { + } + else { expr_fail(ctx); } ctx->str = s; @@ -1945,13 +2246,15 @@ if (*tok == '(') { expr_eval(ctx, vp, 1); expr_expect(ctx, ')'); - } else if (isdigit(*tok)) { + } + else if (isdigit(*tok)) { char *ep; *vp = strtoul(tok, &ep, 0); if (*ep) expr_fail(ctx); - } else if (*tok == '$') { + } + else if (*tok == '$') { sc_macro_t *mac; char *argv[32]; int argc; @@ -1959,13 +2262,11 @@ if (!(mac = find_macro(ctx->state->profile, tok + 1))) expr_fail(ctx); argc = build_argv(ctx->state, "", mac->value, argv, 32); - if (argc < 0 - || get_uint_eval(ctx->state, argc, argv, vp) < 0) + if (argc < 0 || get_uint_eval(ctx->state, argc, argv, vp) < 0) expr_fail(ctx); - } else { - parse_error(ctx->state, - "Unexpected token \"%s\" in expression", - tok); + } + else { + parse_error(ctx->state, "Unexpected token \"%s\" in expression", tok); expr_fail(ctx); } } @@ -2059,5 +2360,8 @@ if ((sp = strchr(buffer, '\n')) != NULL) *sp = '\0'; - sc_error(cur->profile->card->ctx, "%s: %s", cur->filename, buffer); + if (cur->profile->card && cur->profile->card->ctx) + sc_log(cur->profile->card->ctx, "%s: %s", cur->filename, buffer); + else + fprintf(stdout, "%s: %s\n", cur->filename, buffer); } diff -Nru opensc-0.11.13/src/pkcs15init/profile.h opensc-0.12.1/src/pkcs15init/profile.h --- opensc-0.11.13/src/pkcs15init/profile.h 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/profile.h 2011-05-17 17:07:00.000000000 +0000 @@ -11,8 +11,7 @@ extern "C" { #endif -#include -#include "keycache.h" +#include "libopensc/pkcs15.h" #ifndef SC_PKCS15_PROFILE_SUFFIX #define SC_PKCS15_PROFILE_SUFFIX "profile" @@ -39,13 +38,18 @@ struct sc_profile * base_template; unsigned int inst_index; sc_path_t inst_path; + + /* Profile extension dependent on the application ID (sub-profile). + * Sub-profile is loaded when binding to the particular application + * of the multi-application PKCS#15 card. */ + char * profile_extension; }; /* For now, we assume the PUK always resides * in the same file as the PIN */ struct pin_info { - unsigned int id; + int id; struct pin_info * next; char * file_name; /* obsolete */ unsigned int file_offset; /* obsolete */ @@ -82,7 +86,6 @@ sc_card_t * card; char * driver; struct sc_pkcs15init_operations *ops; - struct sc_pkcs15init_callbacks *cbs; void * dll; /* handle for dynamic modules */ struct file_info * mf_info; @@ -104,8 +107,6 @@ unsigned int puk_attempts; unsigned int rsa_access_flags; unsigned int dsa_access_flags; - unsigned int protect_certificates; - unsigned int keep_public_key; struct { unsigned int direct_certificates; @@ -120,31 +121,29 @@ * needs to be updated (in other words: if the card content * has been changed) */ int dirty; + + /* PKCS15 object ID style */ + unsigned int id_style; }; struct sc_profile *sc_profile_new(void); -int sc_profile_load(struct sc_profile *, const char *); -int sc_profile_finish(struct sc_profile *); -void sc_profile_free(struct sc_profile *); -int sc_profile_build_pkcs15(struct sc_profile *); -void sc_profile_get_pin_info(struct sc_profile *, - unsigned int, struct sc_pkcs15_pin_info *); -int sc_profile_get_pin_id(struct sc_profile *, - unsigned int, unsigned int *); -int sc_profile_get_file(struct sc_profile *, const char *, - struct sc_file **); -int sc_profile_get_file_by_path(struct sc_profile *, - const struct sc_path *, struct sc_file **); -int sc_profile_get_path(struct sc_profile *, - const char *, struct sc_path *); -int sc_profile_get_file_in(struct sc_profile *, - const sc_path_t *, const char *, sc_file_t **); -int sc_profile_instantiate_template(struct sc_profile *, - const char *, const sc_path_t *, - const char *, const sc_pkcs15_id_t *, - sc_file_t **); -int sc_profile_add_file(struct sc_profile *, - const char *, sc_file_t *); +int sc_profile_load(struct sc_profile *, const char *); +int sc_profile_finish(struct sc_profile *, const struct sc_app_info *); +void sc_profile_free(struct sc_profile *); +int sc_profile_build_pkcs15(struct sc_profile *); +void sc_profile_get_pin_info(struct sc_profile *, int, struct sc_pkcs15_pin_info *); +int sc_profile_get_pin_id(struct sc_profile *, unsigned int, int *); +int sc_profile_get_file(struct sc_profile *, const char *, struct sc_file **); +int sc_profile_get_file_by_path(struct sc_profile *, const struct sc_path *, struct sc_file **); +int sc_profile_get_path(struct sc_profile *, const char *, struct sc_path *); +int sc_profile_get_file_in(struct sc_profile *, const sc_path_t *, const char *, sc_file_t **); +int sc_profile_instantiate_template(struct sc_profile *, const char *, const sc_path_t *, + const char *, const sc_pkcs15_id_t *, sc_file_t **); +int sc_profile_add_file(struct sc_profile *, const char *, sc_file_t *); +int sc_profile_get_file_instance(struct sc_profile *, const char *, int, sc_file_t **); +int sc_profile_get_pin_id_by_reference(struct sc_profile *, unsigned, int, + struct sc_pkcs15_pin_info *); +int sc_profile_get_parent(struct sc_profile *profile, const char *, sc_file_t **); #ifdef __cplusplus } diff -Nru opensc-0.11.13/src/pkcs15init/rutoken_ecp.profile opensc-0.12.1/src/pkcs15init/rutoken_ecp.profile --- opensc-0.11.13/src/pkcs15init/rutoken_ecp.profile 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/rutoken_ecp.profile 2011-05-17 17:07:00.000000000 +0000 @@ -45,10 +45,10 @@ PIN user-pin { auth-id = 2; reference = 2; - attempts = 2; + attempts = 10; min-length = 8; max-length = 32; - flags = case-sensitive, local, initialized; + flags = case-sensitive, initialized; } PIN user-puk { min-length = 0; @@ -58,10 +58,10 @@ PIN so-pin { auth-id = 1; reference = 1; - attempts = 2; + attempts = 10; min-length = 8; max-length = 32; - flags = case-sensitive, local, initialized, soPin; + flags = case-sensitive, initialized, soPin; } PIN so-puk { min-length = 0; @@ -101,6 +101,19 @@ file-id = 6005; } } + + DF Resrv1-DF { + file-id = 1001; + } + DF Resrv2-DF { + file-id = 1002; + } + DF Resrv3-DF { + file-id = 1003; + } + DF Resrv4-DF { + file-id = 1004; + } } EF DIR { diff -Nru opensc-0.11.13/src/pkcs15init/rutoken.profile opensc-0.12.1/src/pkcs15init/rutoken.profile --- opensc-0.11.13/src/pkcs15init/rutoken.profile 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/rutoken.profile 2011-05-17 17:07:00.000000000 +0000 @@ -63,7 +63,11 @@ reference = 2; min-length = 8; max-length = 16; - flags = case-sensitive, local, initialized; + flags = case-sensitive, initialized; +} +PIN user-puk { + min-length = 0; + max-length = 0; } PIN so-pin { @@ -71,7 +75,11 @@ reference = 1; min-length = 8; max-length = 16; - flags = case-sensitive, local, initialized, soPin; + flags = case-sensitive, initialized, soPin; +} +PIN so-puk { + min-length = 0; + max-length = 0; } filesystem { @@ -91,6 +99,8 @@ DF PKCS15-AppDF { type = DF; file-id = 5015; + aid = A0:00:00:00:63:50:4B:43:53:2D:31:35; + size = 0; acl = *=NEVER, SELECT=NONE, DELETE=CHV2, CREATE=CHV2, READ=NONE; EF PKCS15-ODF { diff -Nru opensc-0.11.13/src/pkcs15init/setcos.profile opensc-0.12.1/src/pkcs15init/setcos.profile --- opensc-0.11.13/src/pkcs15init/setcos.profile 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/setcos.profile 2011-05-17 17:07:00.000000000 +0000 @@ -16,6 +16,7 @@ pin_prot = *=NEVER, WRITE=$SOPIN, UPDATE=$SOPIN; # WATCH OUT IF YOU CHANGE THESE!! prkey_prot = *=NEVER, ERASE=$SOPIN, READ=NONE, CRYPTO=$PIN, UPDATE=$SOPIN; exkey_prot = *=NEVER, ERASE=$SOPIN, READ=$PIN, UPDATE=$SOPIN; + so-pin-flags = initialized, soPin; } } @@ -28,12 +29,14 @@ pin_prot = *=NEVER, WRITE=$PIN, UPDATE=$PIN; # WATCH OUT IF YOU CHANGE THESE!! prkey_prot = *=NEVER, ERASE=$PIN, READ=NONE, CRYPTO=$PIN, UPDATE=$PIN; # READ: only applies on public key exkey_prot = *=NEVER, ERASE=$PIN, READ=$PIN, UPDATE=$PIN; + so-pin-flags = initialized; } } # Define reasonable limits for PINs and PUK PIN user-pin { attempts = 3; + flags = initialized, needs-padding; } PIN user-puk { attempts = 5; @@ -41,6 +44,7 @@ PIN so-pin { reference = 1; + flags = $so-pin-flags; } # Additional filesystem info. diff -Nru opensc-0.11.13/src/pkcs15init/starcos.profile opensc-0.12.1/src/pkcs15init/starcos.profile --- opensc-0.11.13/src/pkcs15init/starcos.profile 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/starcos.profile 2011-05-17 17:07:00.000000000 +0000 @@ -79,10 +79,8 @@ template key-domain { - # This is a dummy entry - pkcs15-init insists that - # this is present - EF private-key { - file-id = FFFF; + BSO private-key { + # here ACLs should be defined } EF public-key { file-id = 3003; diff -Nru opensc-0.11.13/src/pkcs15init/versioninfo.rc opensc-0.12.1/src/pkcs15init/versioninfo.rc --- opensc-0.11.13/src/pkcs15init/versioninfo.rc 2010-02-16 09:33:22.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/versioninfo.rc 1970-01-01 00:00:00.000000000 +0000 @@ -1,37 +0,0 @@ -/* This file is processed by configure to create versioninfo.rc */ -/* Every component changes OpenSC Core Library to local string */ - -#include - -VS_VERSION_INFO VERSIONINFO - FILEVERSION 2,0,0,0 - PRODUCTVERSION 0,11,13,0 - FILEFLAGSMASK 0x3fL -#ifdef _DEBUG - FILEFLAGS 0x21L -#else - FILEFLAGS 0x20L -#endif - FILEOS 0x40004L - FILETYPE 0x1L - FILESUBTYPE 0x0L -BEGIN - BLOCK "StringFileInfo" - BEGIN - BLOCK "040904b0" - BEGIN - VALUE "Comments", "Provided under the terms of the GNU General Public License (LGPLv2.1+).\0" - VALUE "CompanyName", "OpenSC Project\0" - VALUE "FileDescription", "OpenSC Core Library\0" - VALUE "FileVersion", "2.0.0.0\0" - VALUE "InternalName", "opensc\0" - VALUE "LegalCopyright", "OpenSC Project\0" - VALUE "LegalTrademarks", "\0" - VALUE "PrivateBuild", "\0" - VALUE "ProductName", "opensc\0" - VALUE "ProductVersion", "0,11,13,0\0" - VALUE "SpecialBuild", "\0" - END - END -END - diff -Nru opensc-0.11.13/src/pkcs15init/westcos.profile opensc-0.12.1/src/pkcs15init/westcos.profile --- opensc-0.11.13/src/pkcs15init/westcos.profile 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/pkcs15init/westcos.profile 2011-05-17 17:07:00.000000000 +0000 @@ -87,6 +87,14 @@ acl = $unprotected; size = 5000; + EF PINFILE { + file-id = AAAA; + type = INTERNAL-EF; + structure = TRANSPARENT; + size = 100; + acl = *=NEVER; + } + EF PKCS15-ODF { file-id = 5031; size = $odf-size; diff -Nru opensc-0.11.13/src/scconf/internal.h opensc-0.12.1/src/scconf/internal.h --- opensc-0.11.13/src/scconf/internal.h 2005-12-29 12:36:29.000000000 +0000 +++ opensc-0.12.1/src/scconf/internal.h 2011-05-17 17:07:48.000000000 +0000 @@ -1,5 +1,5 @@ /* - * $Id: internal.h 1618 2003-11-20 14:15:32Z aet $ + * $Id: internal.h 5451 2011-05-17 17:02:31Z martin $ * * Copyright (C) 2002 * Antti Tapaninen diff -Nru opensc-0.11.13/src/scconf/lex-parse.l opensc-0.12.1/src/scconf/lex-parse.l --- opensc-0.11.13/src/scconf/lex-parse.l 2005-12-29 12:36:29.000000000 +0000 +++ opensc-0.12.1/src/scconf/lex-parse.l 2011-05-17 17:07:48.000000000 +0000 @@ -1,6 +1,6 @@ %{ /* - * $Id: lex-parse.l 1390 2003-08-25 09:29:42Z aet $ + * $Id: lex-parse.l 5451 2011-05-17 17:02:31Z martin $ * * Copyright (C) 2002 * Antti Tapaninen diff -Nru opensc-0.11.13/src/scconf/Makefile.am opensc-0.12.1/src/scconf/Makefile.am --- opensc-0.11.13/src/scconf/Makefile.am 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/scconf/Makefile.am 2011-05-17 17:07:00.000000000 +0000 @@ -1,35 +1,17 @@ include $(top_srcdir)/win32/ltrc.inc -MAINTAINERCLEANFILES = \ - $(srcdir)/Makefile.in $(srcdir)/versioninfo.rc +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in DISTCLEANFILES = lex-parse.c -CLEANFILES = versioninfo.rc EXTRA_DIST = Makefile.mak dist_noinst_DATA = README.scconf lex-parse.l -openscinclude_HEADERS = scconf.h -noinst_HEADERS = internal.h +noinst_HEADERS = internal.h scconf.h noinst_PROGRAMS = test-conf -lib_LTLIBRARIES = libscconf.la +noinst_LTLIBRARIES = libscconf.la -INCLUDES = -I$(top_srcdir)/src/common +INCLUDES = -I$(top_srcdir)/src -libscconf_la_SOURCES = scconf.c parse.c write.c sclex.c \ - scconf.exports -if WIN32 -libscconf_la_SOURCES += versioninfo.rc -else -dist_noinst_DATA += versioninfo.rc -endif -libscconf_la_LIBADD = $(top_builddir)/src/common/libcompat.la -libscconf_la_LDFLAGS = $(AM_LDFLAGS) \ - -version-info @OPENSC_LT_CURRENT@:@OPENSC_LT_REVISION@:@OPENSC_LT_AGE@ \ - -export-symbols "$(srcdir)/scconf.exports" \ - -no-undefined +libscconf_la_SOURCES = scconf.c parse.c write.c sclex.c test_conf_SOURCES = test-conf.c -test_conf_LDADD = libscconf.la - -versioninfo.rc: - sed 's/@@FILE_DESCRIPTION@@/OpenSC Core Library/g' \ - "$(top_builddir)/win32/versioninfo.rc.in" > versioninfo.rc +test_conf_LDADD = libscconf.la $(top_builddir)/src/common/libcompat.la diff -Nru opensc-0.11.13/src/scconf/Makefile.in opensc-0.12.1/src/scconf/Makefile.in --- opensc-0.11.13/src/scconf/Makefile.in 2010-02-16 09:32:18.000000000 +0000 +++ opensc-0.12.1/src/scconf/Makefile.in 2011-05-18 05:51:48.000000000 +0000 @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -39,63 +39,31 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -DIST_COMMON = $(am__dist_noinst_DATA_DIST) $(noinst_HEADERS) \ - $(openscinclude_HEADERS) $(srcdir)/Makefile.am \ - $(srcdir)/Makefile.in $(top_srcdir)/win32/ltrc.inc +DIST_COMMON = $(dist_noinst_DATA) $(noinst_HEADERS) \ + $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ + $(top_srcdir)/win32/ltrc.inc noinst_PROGRAMS = test-conf$(EXEEXT) -@WIN32_TRUE@am__append_1 = versioninfo.rc -@WIN32_FALSE@am__append_2 = versioninfo.rc subdir = src/scconf ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/acx_pthread.m4 \ - $(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.ac + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = -am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; -am__vpath_adj = case $$p in \ - $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ - *) f=$$p;; \ - esac; -am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; -am__install_max = 40 -am__nobase_strip_setup = \ - srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` -am__nobase_strip = \ - for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" -am__nobase_list = $(am__nobase_strip_setup); \ - for p in $$list; do echo "$$p $$p"; done | \ - sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ - $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ - if (++n[$$2] == $(am__install_max)) \ - { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ - END { for (dir in files) print dir, files[dir] }' -am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -am__installdirs = "$(DESTDIR)$(libdir)" \ - "$(DESTDIR)$(openscincludedir)" -LTLIBRARIES = $(lib_LTLIBRARIES) -libscconf_la_DEPENDENCIES = $(top_builddir)/src/common/libcompat.la -am__libscconf_la_SOURCES_DIST = scconf.c parse.c write.c sclex.c \ - scconf.exports versioninfo.rc -@WIN32_TRUE@am__objects_1 = versioninfo.lo -am_libscconf_la_OBJECTS = scconf.lo parse.lo write.lo sclex.lo \ - $(am__objects_1) +LTLIBRARIES = $(noinst_LTLIBRARIES) +libscconf_la_LIBADD = +am_libscconf_la_OBJECTS = scconf.lo parse.lo write.lo sclex.lo libscconf_la_OBJECTS = $(am_libscconf_la_OBJECTS) -libscconf_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(libscconf_la_LDFLAGS) $(LDFLAGS) -o $@ PROGRAMS = $(noinst_PROGRAMS) am_test_conf_OBJECTS = test-conf.$(OBJEXT) test_conf_OBJECTS = $(am_test_conf_OBJECTS) -test_conf_DEPENDENCIES = libscconf.la +test_conf_DEPENDENCIES = libscconf.la \ + $(top_builddir)/src/common/libcompat.la DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -110,10 +78,9 @@ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libscconf_la_SOURCES) $(test_conf_SOURCES) -DIST_SOURCES = $(am__libscconf_la_SOURCES_DIST) $(test_conf_SOURCES) -am__dist_noinst_DATA_DIST = README.scconf lex-parse.l versioninfo.rc +DIST_SOURCES = $(libscconf_la_SOURCES) $(test_conf_SOURCES) DATA = $(dist_noinst_DATA) -HEADERS = $(noinst_HEADERS) $(openscinclude_HEADERS) +HEADERS = $(noinst_HEADERS) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -144,8 +111,6 @@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ -ICONV_CFLAGS = @ICONV_CFLAGS@ -ICONV_LIBS = @ICONV_LIBS@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ @@ -153,10 +118,8 @@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LD = @LD@ LDFLAGS = @LDFLAGS@ -LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@ -LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@ -LIBASSUAN_LIBS = @LIBASSUAN_LIBS@ LIBOBJS = @LIBOBJS@ +LIBRARY_BITNESS = @LIBRARY_BITNESS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ @@ -181,8 +144,6 @@ OPENSC_VERSION_MINOR = @OPENSC_VERSION_MINOR@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ -OPTIONAL_ICONV_CFLAGS = @OPTIONAL_ICONV_CFLAGS@ -OPTIONAL_ICONV_LIBS = @OPTIONAL_ICONV_LIBS@ OPTIONAL_OPENCT_CFLAGS = @OPTIONAL_OPENCT_CFLAGS@ OPTIONAL_OPENCT_LIBS = @OPTIONAL_OPENCT_LIBS@ OPTIONAL_OPENSSL_CFLAGS = @OPTIONAL_OPENSSL_CFLAGS@ @@ -205,6 +166,8 @@ PCSC_CFLAGS = @PCSC_CFLAGS@ PCSC_LIBS = @PCSC_LIBS@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ @@ -217,10 +180,7 @@ SHELL = @SHELL@ STRIP = @STRIP@ SVN = @SVN@ -TR = @TR@ VERSION = @VERSION@ -WGET = @WGET@ -WGET_OPTS = @WGET_OPTS@ WIN_LIBPREFIX = @WIN_LIBPREFIX@ XSLTPROC = @XSLTPROC@ ZLIB_CFLAGS = @ZLIB_CFLAGS@ @@ -266,11 +226,8 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ -openscincludedir = @openscincludedir@ pdfdir = @pdfdir@ pkcs11dir = @pkcs11dir@ -pkgconfigdir = @pkgconfigdir@ -plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -287,27 +244,16 @@ $(AM_CPPFLAGS) $(CPPFLAGS) LTRCCOMPILE = $(LIBTOOL) --mode=compile --tag=RC $(RCCOMPILE) -MAINTAINERCLEANFILES = \ - $(srcdir)/Makefile.in $(srcdir)/versioninfo.rc - +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in DISTCLEANFILES = lex-parse.c -CLEANFILES = versioninfo.rc EXTRA_DIST = Makefile.mak -dist_noinst_DATA = README.scconf lex-parse.l $(am__append_2) -openscinclude_HEADERS = scconf.h -noinst_HEADERS = internal.h -lib_LTLIBRARIES = libscconf.la -INCLUDES = -I$(top_srcdir)/src/common -libscconf_la_SOURCES = scconf.c parse.c write.c sclex.c scconf.exports \ - $(am__append_1) -libscconf_la_LIBADD = $(top_builddir)/src/common/libcompat.la -libscconf_la_LDFLAGS = $(AM_LDFLAGS) \ - -version-info @OPENSC_LT_CURRENT@:@OPENSC_LT_REVISION@:@OPENSC_LT_AGE@ \ - -export-symbols "$(srcdir)/scconf.exports" \ - -no-undefined - +dist_noinst_DATA = README.scconf lex-parse.l +noinst_HEADERS = internal.h scconf.h +noinst_LTLIBRARIES = libscconf.la +INCLUDES = -I$(top_srcdir)/src +libscconf_la_SOURCES = scconf.c parse.c write.c sclex.c test_conf_SOURCES = test-conf.c -test_conf_LDADD = libscconf.la +test_conf_LDADD = libscconf.la $(top_builddir)/src/common/libcompat.la all: all-am .SUFFIXES: @@ -321,9 +267,9 @@ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/scconf/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/scconf/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/scconf/Makefile + $(AUTOMAKE) --foreign src/scconf/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -342,39 +288,17 @@ $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): -install-libLTLIBRARIES: $(lib_LTLIBRARIES) - @$(NORMAL_INSTALL) - test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" - @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ - list2="$$list2 $$p"; \ - else :; fi; \ - done; \ - test -z "$$list2" || { \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ - } - -uninstall-libLTLIBRARIES: - @$(NORMAL_UNINSTALL) - @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ - for p in $$list; do \ - $(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ - done -clean-libLTLIBRARIES: - -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done libscconf.la: $(libscconf_la_OBJECTS) $(libscconf_la_DEPENDENCIES) - $(libscconf_la_LINK) -rpath $(libdir) $(libscconf_la_OBJECTS) $(libscconf_la_LIBADD) $(LIBS) + $(LINK) $(libscconf_la_OBJECTS) $(libscconf_la_LIBADD) $(LIBS) clean-noinstPROGRAMS: @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ @@ -426,26 +350,6 @@ clean-libtool: -rm -rf .libs _libs -install-openscincludeHEADERS: $(openscinclude_HEADERS) - @$(NORMAL_INSTALL) - test -z "$(openscincludedir)" || $(MKDIR_P) "$(DESTDIR)$(openscincludedir)" - @list='$(openscinclude_HEADERS)'; test -n "$(openscincludedir)" || list=; \ - for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; \ - done | $(am__base_list) | \ - while read files; do \ - echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(openscincludedir)'"; \ - $(INSTALL_HEADER) $$files "$(DESTDIR)$(openscincludedir)" || exit $$?; \ - done - -uninstall-openscincludeHEADERS: - @$(NORMAL_UNINSTALL) - @list='$(openscinclude_HEADERS)'; test -n "$(openscincludedir)" || list=; \ - files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ - test -n "$$files" || exit 0; \ - echo " ( cd '$(DESTDIR)$(openscincludedir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(openscincludedir)" && rm -f $$files ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ @@ -533,9 +437,6 @@ check: check-am all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(DATA) $(HEADERS) installdirs: - for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(openscincludedir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ - done install: install-am install-exec: install-exec-am install-data: install-data-am @@ -553,7 +454,6 @@ mostlyclean-generic: clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) @@ -566,7 +466,7 @@ -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am -clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ clean-noinstPROGRAMS mostlyclean-am distclean: distclean-am @@ -587,13 +487,13 @@ info-am: -install-data-am: install-openscincludeHEADERS +install-data-am: install-dvi: install-dvi-am install-dvi-am: -install-exec-am: install-libLTLIBRARIES +install-exec-am: install-html: install-html-am @@ -633,25 +533,23 @@ ps-am: -uninstall-am: uninstall-libLTLIBRARIES uninstall-openscincludeHEADERS +uninstall-am: .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libLTLIBRARIES clean-libtool clean-noinstPROGRAMS ctags \ - distclean distclean-compile distclean-generic \ + clean-libtool clean-noinstLTLIBRARIES clean-noinstPROGRAMS \ + ctags distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ - install-info-am install-libLTLIBRARIES install-man \ - install-openscincludeHEADERS install-pdf install-pdf-am \ + install-info-am install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-libLTLIBRARIES \ - uninstall-openscincludeHEADERS + tags uninstall uninstall-am .rc.lo: @@ -660,10 +558,6 @@ .rc.o: $(RCCOMPILE) -i "$<" -o "$@" -versioninfo.rc: - sed 's/@@FILE_DESCRIPTION@@/OpenSC Core Library/g' \ - "$(top_builddir)/win32/versioninfo.rc.in" > versioninfo.rc - # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff -Nru opensc-0.11.13/src/scconf/Makefile.mak opensc-0.12.1/src/scconf/Makefile.mak --- opensc-0.11.13/src/scconf/Makefile.mak 2009-12-13 09:14:27.000000000 +0000 +++ opensc-0.12.1/src/scconf/Makefile.mak 2011-05-17 17:07:00.000000000 +0000 @@ -1,15 +1,13 @@ TOPDIR = ..\.. TARGET = scconf.lib -HEADERS = scconf.h -HEADERSDIR = $(TOPDIR)\src\include\opensc OBJECTS = scconf.obj parse.obj write.obj sclex.obj .SUFFIXES : .l -all: install-headers $(TARGET) +all: $(TARGET) $(TARGET): $(OBJECTS) - lib /nologo /machine:ix86 /out:$(TARGET) $(OBJECTS) + lib $(LIBFLAGS) /out:$(TARGET) $(OBJECTS) !INCLUDE $(TOPDIR)\win32\Make.rules.mak diff -Nru opensc-0.11.13/src/scconf/parse.c opensc-0.12.1/src/scconf/parse.c --- opensc-0.11.13/src/scconf/parse.c 2009-12-13 09:14:27.000000000 +0000 +++ opensc-0.12.1/src/scconf/parse.c 2011-05-17 17:07:48.000000000 +0000 @@ -1,5 +1,5 @@ /* - * $Id: parse.c 3510 2008-05-05 13:00:01Z ludovic.rousseau $ + * $Id: parse.c 5451 2011-05-17 17:02:31Z martin $ * * Copyright (C) 2002 * Antti Tapaninen @@ -19,9 +19,8 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #include #include @@ -29,9 +28,10 @@ #include #endif #include + +#include "common/compat_strlcpy.h" #include "scconf.h" #include "internal.h" -#include #define STATE_NAME 0x01 #define STATE_VALUE 0x02 @@ -77,7 +77,7 @@ parser->line, token); } -static scconf_item *scconf_item_find(scconf_parser * parser, const char *key) +static scconf_item *scconf_item_find(scconf_parser * parser) { scconf_item *item; @@ -96,7 +96,7 @@ if (type == SCCONF_ITEM_TYPE_VALUE) { /* if item with same key already exists, use it */ - item = scconf_item_find(parser, parser->key); + item = scconf_item_find(parser); if (item) { if (parser->key) { free(parser->key); @@ -106,7 +106,7 @@ return item; } } - item = (scconf_item *) malloc(sizeof(scconf_item)); + item = malloc(sizeof(scconf_item)); if (!item) { return NULL; } @@ -173,7 +173,7 @@ item = scconf_item_add_internal(parser, SCCONF_ITEM_TYPE_BLOCK); - block = (scconf_block *) malloc(sizeof(scconf_block)); + block = malloc(sizeof(scconf_block)); if (!block) { return; } diff -Nru opensc-0.11.13/src/scconf/scconf.c opensc-0.12.1/src/scconf/scconf.c --- opensc-0.11.13/src/scconf/scconf.c 2005-12-29 12:36:29.000000000 +0000 +++ opensc-0.12.1/src/scconf/scconf.c 2011-05-17 17:07:48.000000000 +0000 @@ -1,5 +1,5 @@ /* - * $Id: scconf.c 2730 2005-12-05 22:09:28Z aj $ + * $Id: scconf.c 5451 2011-05-17 17:02:31Z martin $ * * Copyright (C) 2002 * Antti Tapaninen @@ -19,9 +19,8 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #include #include @@ -29,19 +28,20 @@ #include #endif #include + #include "scconf.h" scconf_context *scconf_new(const char *filename) { scconf_context *config; - config = (scconf_context *) malloc(sizeof(scconf_context)); + config = malloc(sizeof(scconf_context)); if (!config) { return NULL; } memset(config, 0, sizeof(scconf_context)); config->filename = filename ? strdup(filename) : NULL; - config->root = (scconf_block *) malloc(sizeof(scconf_block)); + config->root = malloc(sizeof(scconf_block)); if (!config->root) { if (config->filename) { free(config->filename); @@ -178,7 +178,7 @@ { char *str; - str = (char *) malloc(64); + str = malloc(64); if (!str) { return value; } @@ -190,9 +190,7 @@ int scconf_put_bool(scconf_block * block, const char *option, int value) { - const char *ret; - - ret = scconf_put_str(block, option, !value ? "false" : "true"); + scconf_put_str(block, option, !value ? "false" : "true"); return value; } @@ -200,7 +198,7 @@ { scconf_item *ptr, *_dst = NULL, *next = NULL; - next = (scconf_item *) malloc(sizeof(scconf_item)); + next = malloc(sizeof(scconf_item)); if (!next) { return NULL; } @@ -209,7 +207,7 @@ _dst = next; while (src) { if (!next) { - next = (scconf_item *) malloc(sizeof(scconf_item)); + next = malloc(sizeof(scconf_item)); if (!next) { scconf_item_destroy(ptr); return NULL; @@ -274,7 +272,7 @@ if (src) { scconf_block *_dst = NULL; - _dst = (scconf_block *) malloc(sizeof(scconf_block)); + _dst = malloc(sizeof(scconf_block)); if (!_dst) { return NULL; } @@ -304,7 +302,7 @@ { scconf_list *rec, **tmp; - rec = (scconf_list *) malloc(sizeof(scconf_list)); + rec = malloc(sizeof(scconf_list)); if (!rec) { return NULL; } @@ -378,7 +376,7 @@ len++; lp = lp->next; } - tp = (const char **)malloc(sizeof(char *) * (len + 1)); + tp = malloc(sizeof(char *) * (len + 1)); if (!tp) return tp; lp = list; @@ -404,7 +402,7 @@ if (filler) { len += scconf_list_array_length(list) * (strlen(filler) + 1); } - buf = (char *) malloc(len); + buf = malloc(len); if (!buf) { return NULL; } @@ -542,7 +540,7 @@ if (parm) { if (entry->flags & SCCONF_ALLOC) { char **buf = (char **) parm; - *buf = (char *) malloc(vallen + 1); + *buf = malloc(vallen + 1); if (*buf == NULL) { r = 1; break; @@ -582,7 +580,6 @@ } for (idx = 0; entry[idx].name; idx++) { e = &entry[idx]; - r = 0; blocks = getblocks(config, block, e); if (!blocks) { if (!(e->flags & SCCONF_MANDATORY)) { @@ -708,7 +705,6 @@ } for (idx = 0; entry[idx].name; idx++) { e = &entry[idx]; - r = 0; r = write_type(config, block, e, depth); if (r) { return r; diff -Nru opensc-0.11.13/src/scconf/scconf.exports opensc-0.12.1/src/scconf/scconf.exports --- opensc-0.11.13/src/scconf/scconf.exports 2010-02-16 09:03:26.000000000 +0000 +++ opensc-0.12.1/src/scconf/scconf.exports 1970-01-01 00:00:00.000000000 +0000 @@ -1,29 +0,0 @@ -scconf_block_add -scconf_block_copy -scconf_block_destroy -scconf_find_block -scconf_find_blocks -scconf_find_list -scconf_free -scconf_get_bool -scconf_get_int -scconf_get_str -scconf_item_add -scconf_item_copy -scconf_item_destroy -scconf_list_add -scconf_list_array_length -scconf_list_copy -scconf_list_destroy -scconf_list_strdup -scconf_list_strings_length -scconf_list_toarray -scconf_new -scconf_parse -scconf_parse_entries -scconf_parse_string -scconf_put_bool -scconf_put_int -scconf_put_str -scconf_write -scconf_write_entries diff -Nru opensc-0.11.13/src/scconf/scconf.h opensc-0.12.1/src/scconf/scconf.h --- opensc-0.11.13/src/scconf/scconf.h 2005-12-29 12:36:29.000000000 +0000 +++ opensc-0.12.1/src/scconf/scconf.h 2011-05-17 17:07:48.000000000 +0000 @@ -1,5 +1,5 @@ /* - * $Id: scconf.h 1656 2003-12-03 14:09:15Z aet $ + * $Id: scconf.h 5451 2011-05-17 17:02:31Z martin $ * * Copyright (C) 2002 * Antti Tapaninen diff -Nru opensc-0.11.13/src/scconf/sclex.c opensc-0.12.1/src/scconf/sclex.c --- opensc-0.11.13/src/scconf/sclex.c 2009-12-13 09:14:27.000000000 +0000 +++ opensc-0.12.1/src/scconf/sclex.c 2011-05-17 17:07:48.000000000 +0000 @@ -1,5 +1,5 @@ /* - * $Id: sclex.c 3510 2008-05-05 13:00:01Z ludovic.rousseau $ + * $Id: sclex.c 5451 2011-05-17 17:02:31Z martin $ * * Copyright (C) 2003 * Jamie Honan @@ -19,15 +19,15 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #include #include #ifdef HAVE_STRINGS_H #include #endif + #include "scconf.h" #include "internal.h" @@ -44,7 +44,7 @@ { bp->fp = fp; bp->saved_char = 0; - bp->buf = (char *) malloc(256); + bp->buf = malloc(256); bp->bufmax = 256; bp->bufcur = 0; bp->buf[0] = '\0'; diff -Nru opensc-0.11.13/src/scconf/test-conf.c opensc-0.12.1/src/scconf/test-conf.c --- opensc-0.11.13/src/scconf/test-conf.c 2009-12-13 07:44:42.000000000 +0000 +++ opensc-0.12.1/src/scconf/test-conf.c 2011-05-17 17:07:48.000000000 +0000 @@ -1,5 +1,5 @@ /* - * $Id: test-conf.c 3177 2007-06-21 10:07:01Z aj $ + * $Id: test-conf.c 5451 2011-05-17 17:02:31Z martin $ * * Copyright (C) 2002 * Antti Tapaninen @@ -19,9 +19,8 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA. */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #include #include diff -Nru opensc-0.11.13/src/scconf/versioninfo.rc opensc-0.12.1/src/scconf/versioninfo.rc --- opensc-0.11.13/src/scconf/versioninfo.rc 2010-02-16 09:32:28.000000000 +0000 +++ opensc-0.12.1/src/scconf/versioninfo.rc 1970-01-01 00:00:00.000000000 +0000 @@ -1,37 +0,0 @@ -/* This file is processed by configure to create versioninfo.rc */ -/* Every component changes OpenSC Core Library to local string */ - -#include - -VS_VERSION_INFO VERSIONINFO - FILEVERSION 2,0,0,0 - PRODUCTVERSION 0,11,13,0 - FILEFLAGSMASK 0x3fL -#ifdef _DEBUG - FILEFLAGS 0x21L -#else - FILEFLAGS 0x20L -#endif - FILEOS 0x40004L - FILETYPE 0x1L - FILESUBTYPE 0x0L -BEGIN - BLOCK "StringFileInfo" - BEGIN - BLOCK "040904b0" - BEGIN - VALUE "Comments", "Provided under the terms of the GNU General Public License (LGPLv2.1+).\0" - VALUE "CompanyName", "OpenSC Project\0" - VALUE "FileDescription", "OpenSC Core Library\0" - VALUE "FileVersion", "2.0.0.0\0" - VALUE "InternalName", "opensc\0" - VALUE "LegalCopyright", "OpenSC Project\0" - VALUE "LegalTrademarks", "\0" - VALUE "PrivateBuild", "\0" - VALUE "ProductName", "opensc\0" - VALUE "ProductVersion", "0,11,13,0\0" - VALUE "SpecialBuild", "\0" - END - END -END - diff -Nru opensc-0.11.13/src/scconf/write.c opensc-0.12.1/src/scconf/write.c --- opensc-0.11.13/src/scconf/write.c 2005-12-29 12:36:29.000000000 +0000 +++ opensc-0.12.1/src/scconf/write.c 2011-05-17 17:07:48.000000000 +0000 @@ -1,5 +1,5 @@ /* - * $Id: write.c 1775 2004-04-21 18:10:58Z nils $ + * $Id: write.c 5451 2011-05-17 17:02:31Z martin $ * * Copyright (C) 2002 * Antti Tapaninen @@ -19,14 +19,14 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #include #include #include #include + #include "scconf.h" #define INDENT_CHAR '\t' @@ -141,7 +141,7 @@ /* header */ name = scconf_list_get_string(subblock->name); datalen = strlen(item->key) + strlen(name) + 6; - data = (char *) malloc(datalen); + data = malloc(datalen); if (!data) { free(name); continue; @@ -162,7 +162,7 @@ case SCCONF_ITEM_TYPE_VALUE: name = scconf_list_get_string(item->value.list); datalen = strlen(item->key) + strlen(name) + 6; - data = (char *) malloc(datalen); + data = malloc(datalen); if (!data) { free(name); continue; diff -Nru opensc-0.11.13/src/signer/dialog.c opensc-0.12.1/src/signer/dialog.c --- opensc-0.11.13/src/signer/dialog.c 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/signer/dialog.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,112 +0,0 @@ -#include "signer.h" -#include -#include - -#ifndef PIN_ENTRY -#define PIN_ENTRY "/usr/local/bin/gpinentry" -#endif - -extern int ask_and_verify_pin_code(struct sc_pkcs15_card *p15card, - struct sc_pkcs15_object *pin); - -struct entry_parm_s { - int lines; - size_t size; - char *buffer; -}; - -static AssuanError -getpin_cb (void *opaque, const void *buffer, size_t length) -{ - struct entry_parm_s *parm = (struct entry_parm_s *) opaque; - - /* we expect the pin to fit on one line */ - if (parm->lines || length >= parm->size) - return ASSUAN_Too_Much_Data; - - /* fixme: we should make sure that the assuan buffer is allocated in - secure memory or read the response byte by byte */ - memcpy(parm->buffer, buffer, length); - parm->buffer[length] = 0; - parm->lines++; - return (AssuanError) 0; -} - -int ask_and_verify_pin_code(struct sc_pkcs15_card *p15card, - struct sc_pkcs15_object *pin) -{ - int r; - size_t len; - const char *argv[3]; - const char *pgmname = PIN_ENTRY; - ASSUAN_CONTEXT ctx; - char buf[500]; - char errtext[100]; - struct entry_parm_s parm; - struct sc_pkcs15_pin_info *pinfo = (struct sc_pkcs15_pin_info *) pin->data; - - argv[0] = pgmname; - argv[1] = NULL; - - r = assuan_pipe_connect(&ctx, pgmname, (char **) argv, NULL); - if (r) { - printf("Can't connect to the PIN entry module: %s\n", - assuan_strerror((AssuanError) r)); - goto err; - } - sprintf(buf, "SETDESC Enter PIN [%s] for digital signing ", pin->label); - r = assuan_transact(ctx, buf, NULL, NULL, NULL, NULL, NULL, NULL); - if (r) { - printf("SETDESC: %s\n", assuan_strerror((AssuanError) r)); - goto err; - } - errtext[0] = 0; - while (1) { - if (errtext[0]) { - sprintf(buf, "SETERROR %s", errtext); - r = assuan_transact(ctx, buf, NULL, NULL, NULL, NULL, NULL, NULL); - errtext[0] = 0; - } - parm.lines = 0; - parm.size = sizeof(buf); - parm.buffer = buf; - r = assuan_transact(ctx, "GETPIN", getpin_cb, &parm, NULL, NULL, NULL, NULL); - if (r == ASSUAN_Canceled) { - assuan_disconnect(ctx); - return -2; - } - if (r) { - printf("GETPIN: %s\n", assuan_strerror((AssuanError) r)); - goto err; - } - len = strlen(buf); - if (len < pinfo->min_length) { - sprintf(errtext, "PIN code too short, min. %lu digits", (unsigned long) pinfo->min_length); - continue; - } - if (len > pinfo->max_length) { - sprintf(errtext, "PIN code too long, max. %lu digits", (unsigned long) pinfo->max_length); - continue; - } - r = sc_pkcs15_verify_pin(p15card, pinfo, (const u8 *) buf, strlen(buf)); - switch (r) { - case SC_ERROR_PIN_CODE_INCORRECT: - sprintf(errtext, "PIN code incorrect (%d %s left)", - pinfo->tries_left, pinfo->tries_left == 1 ? - "try" : "tries"); - break; - case 0: - break; - default: - goto err; - } - if (r == 0) - break; - } - - assuan_disconnect(ctx); - return 0; -err: - assuan_disconnect(ctx); - return -1; -} diff -Nru opensc-0.11.13/src/signer/Makefile.am opensc-0.12.1/src/signer/Makefile.am --- opensc-0.11.13/src/signer/Makefile.am 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/signer/Makefile.am 1970-01-01 00:00:00.000000000 +0000 @@ -1,27 +0,0 @@ -MAINTAINERCLEANFILES = $(srcdir)/Makefile.in - -SUBDIRS = npinclude -if ENABLE_NSPLUGIN -noinst_HEADERS = opensc-crypto.h opensc-support.h signer.h -lib_LTLIBRARIES = opensc-signer.la -dist_noinst_DATA = testprog.c -endif - -AM_CFLAGS = $(OPENSSL_CFLAGS) $(LIBASSUAN_CFLAGS) -INCLUDES = -I$(srcdir)/npinclude -I$(top_builddir)/src/include - -opensc_signer_la_CFLAGS = $(AM_CFLAGS) -DXP_UNIX -opensc_signer_la_SOURCES = opensc-crypto.c opensc-support.c signer.c stubs.c dialog.c \ - signer.exports -opensc_signer_la_LIBADD = $(OPENSSL_LIBS) $(LIBASSUAN_LIBS) \ - $(top_builddir)/src/libopensc/libopensc.la -opensc_signer_la_LDFLAGS = $(AM_LDFLAGS) \ - -export-symbols "$(srcdir)/signer.exports" \ - -module -avoid-version -no-undefined - -if ENABLE_NSPLUGIN -plugin_DATA=#Create directory -install-exec-hook: install-pluginDATA - -rm -f "$(DESTDIR)$(plugindir)/opensc-signer.so" - $(LN_S) "$(libdir)/opensc-signer.so" "$(DESTDIR)$(plugindir)" -endif diff -Nru opensc-0.11.13/src/signer/Makefile.in opensc-0.12.1/src/signer/Makefile.in --- opensc-0.11.13/src/signer/Makefile.in 2010-02-16 09:32:18.000000000 +0000 +++ opensc-0.12.1/src/signer/Makefile.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,822 +0,0 @@ -# Makefile.in generated by automake 1.11 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, -# Inc. -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - - - -VPATH = @srcdir@ -pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -subdir = src/signer -DIST_COMMON = $(am__dist_noinst_DATA_DIST) $(am__noinst_HEADERS_DIST) \ - $(srcdir)/Makefile.am $(srcdir)/Makefile.in -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/acx_pthread.m4 \ - $(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; -am__vpath_adj = case $$p in \ - $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ - *) f=$$p;; \ - esac; -am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; -am__install_max = 40 -am__nobase_strip_setup = \ - srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` -am__nobase_strip = \ - for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" -am__nobase_list = $(am__nobase_strip_setup); \ - for p in $$list; do echo "$$p $$p"; done | \ - sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ - $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ - if (++n[$$2] == $(am__install_max)) \ - { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ - END { for (dir in files) print dir, files[dir] }' -am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(lib_LTLIBRARIES) -am__DEPENDENCIES_1 = -opensc_signer_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) \ - $(top_builddir)/src/libopensc/libopensc.la -am_opensc_signer_la_OBJECTS = opensc_signer_la-opensc-crypto.lo \ - opensc_signer_la-opensc-support.lo opensc_signer_la-signer.lo \ - opensc_signer_la-stubs.lo opensc_signer_la-dialog.lo -opensc_signer_la_OBJECTS = $(am_opensc_signer_la_OBJECTS) -opensc_signer_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(opensc_signer_la_CFLAGS) \ - $(CFLAGS) $(opensc_signer_la_LDFLAGS) $(LDFLAGS) -o $@ -@ENABLE_NSPLUGIN_TRUE@am_opensc_signer_la_rpath = -rpath $(libdir) -DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) -depcomp = $(SHELL) $(top_srcdir)/depcomp -am__depfiles_maybe = depfiles -am__mv = mv -f -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ - $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -CCLD = $(CC) -LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ - $(LDFLAGS) -o $@ -SOURCES = $(opensc_signer_la_SOURCES) -DIST_SOURCES = $(opensc_signer_la_SOURCES) -RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ - html-recursive info-recursive install-data-recursive \ - install-dvi-recursive install-exec-recursive \ - install-html-recursive install-info-recursive \ - install-pdf-recursive install-ps-recursive install-recursive \ - installcheck-recursive installdirs-recursive pdf-recursive \ - ps-recursive uninstall-recursive -am__dist_noinst_DATA_DIST = testprog.c -DATA = $(dist_noinst_DATA) $(plugin_DATA) -am__noinst_HEADERS_DIST = opensc-crypto.h opensc-support.h signer.h -HEADERS = $(noinst_HEADERS) -RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ - distclean-recursive maintainer-clean-recursive -AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ - $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ - distdir -ETAGS = etags -CTAGS = ctags -DIST_SUBDIRS = $(SUBDIRS) -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -am__relativize = \ - dir0=`pwd`; \ - sed_first='s,^\([^/]*\)/.*$$,\1,'; \ - sed_rest='s,^[^/]*/*,,'; \ - sed_last='s,^.*/\([^/]*\)$$,\1,'; \ - sed_butlast='s,/*[^/]*$$,,'; \ - while test -n "$$dir1"; do \ - first=`echo "$$dir1" | sed -e "$$sed_first"`; \ - if test "$$first" != "."; then \ - if test "$$first" = ".."; then \ - dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ - dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ - else \ - first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ - if test "$$first2" = "$$first"; then \ - dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ - else \ - dir2="../$$dir2"; \ - fi; \ - dir0="$$dir0"/"$$first"; \ - fi; \ - fi; \ - dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ - done; \ - reldir="$$dir2" -ACLOCAL = @ACLOCAL@ -AMTAR = @AMTAR@ -AR = @AR@ -AS = @AS@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CYGPATH_W = @CYGPATH_W@ -DEFAULT_PCSC_PROVIDER = @DEFAULT_PCSC_PROVIDER@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -DLLTOOL = @DLLTOOL@ -DSYMUTIL = @DSYMUTIL@ -DUMPBIN = @DUMPBIN@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -FGREP = @FGREP@ -GREP = @GREP@ -ICONV_CFLAGS = @ICONV_CFLAGS@ -ICONV_LIBS = @ICONV_LIBS@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -LD = @LD@ -LDFLAGS = @LDFLAGS@ -LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@ -LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@ -LIBASSUAN_LIBS = @LIBASSUAN_LIBS@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIPO = @LIPO@ -LN_S = @LN_S@ -LTLIBOBJS = @LTLIBOBJS@ -LTLIB_CFLAGS = @LTLIB_CFLAGS@ -LTLIB_LIBS = @LTLIB_LIBS@ -MAKEINFO = @MAKEINFO@ -MKDIR_P = @MKDIR_P@ -NM = @NM@ -NMEDIT = @NMEDIT@ -OBJDUMP = @OBJDUMP@ -OBJEXT = @OBJEXT@ -OPENCT_CFLAGS = @OPENCT_CFLAGS@ -OPENCT_LIBS = @OPENCT_LIBS@ -OPENSC_LT_AGE = @OPENSC_LT_AGE@ -OPENSC_LT_CURRENT = @OPENSC_LT_CURRENT@ -OPENSC_LT_OLDEST = @OPENSC_LT_OLDEST@ -OPENSC_LT_REVISION = @OPENSC_LT_REVISION@ -OPENSC_VERSION_FIX = @OPENSC_VERSION_FIX@ -OPENSC_VERSION_MAJOR = @OPENSC_VERSION_MAJOR@ -OPENSC_VERSION_MINOR = @OPENSC_VERSION_MINOR@ -OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ -OPENSSL_LIBS = @OPENSSL_LIBS@ -OPTIONAL_ICONV_CFLAGS = @OPTIONAL_ICONV_CFLAGS@ -OPTIONAL_ICONV_LIBS = @OPTIONAL_ICONV_LIBS@ -OPTIONAL_OPENCT_CFLAGS = @OPTIONAL_OPENCT_CFLAGS@ -OPTIONAL_OPENCT_LIBS = @OPTIONAL_OPENCT_LIBS@ -OPTIONAL_OPENSSL_CFLAGS = @OPTIONAL_OPENSSL_CFLAGS@ -OPTIONAL_OPENSSL_LIBS = @OPTIONAL_OPENSSL_LIBS@ -OPTIONAL_PCSC_CFLAGS = @OPTIONAL_PCSC_CFLAGS@ -OPTIONAL_READLINE_CFLAGS = @OPTIONAL_READLINE_CFLAGS@ -OPTIONAL_READLINE_LIBS = @OPTIONAL_READLINE_LIBS@ -OPTIONAL_ZLIB_CFLAGS = @OPTIONAL_ZLIB_CFLAGS@ -OPTIONAL_ZLIB_LIBS = @OPTIONAL_ZLIB_LIBS@ -OTOOL = @OTOOL@ -OTOOL64 = @OTOOL64@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_URL = @PACKAGE_URL@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PCSC_CFLAGS = @PCSC_CFLAGS@ -PCSC_LIBS = @PCSC_LIBS@ -PKG_CONFIG = @PKG_CONFIG@ -PTHREAD_CC = @PTHREAD_CC@ -PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ -PTHREAD_LIBS = @PTHREAD_LIBS@ -RANLIB = @RANLIB@ -RC = @RC@ -READLINE_CFLAGS = @READLINE_CFLAGS@ -READLINE_LIBS = @READLINE_LIBS@ -SED = @SED@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -STRIP = @STRIP@ -SVN = @SVN@ -TR = @TR@ -VERSION = @VERSION@ -WGET = @WGET@ -WGET_OPTS = @WGET_OPTS@ -WIN_LIBPREFIX = @WIN_LIBPREFIX@ -XSLTPROC = @XSLTPROC@ -ZLIB_CFLAGS = @ZLIB_CFLAGS@ -ZLIB_LIBS = @ZLIB_LIBS@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -acx_pthread_config = @acx_pthread_config@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -libdir = @libdir@ -libexecdir = @libexecdir@ -localedir = @localedir@ -localstatedir = @localstatedir@ -lt_ECHO = @lt_ECHO@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -openscincludedir = @openscincludedir@ -pdfdir = @pdfdir@ -pkcs11dir = @pkcs11dir@ -pkgconfigdir = @pkgconfigdir@ -plugindir = @plugindir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ -sysconfdir = @sysconfdir@ -target_alias = @target_alias@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -xslstylesheetsdir = @xslstylesheetsdir@ -MAINTAINERCLEANFILES = $(srcdir)/Makefile.in -SUBDIRS = npinclude -@ENABLE_NSPLUGIN_TRUE@noinst_HEADERS = opensc-crypto.h opensc-support.h signer.h -@ENABLE_NSPLUGIN_TRUE@lib_LTLIBRARIES = opensc-signer.la -@ENABLE_NSPLUGIN_TRUE@dist_noinst_DATA = testprog.c -AM_CFLAGS = $(OPENSSL_CFLAGS) $(LIBASSUAN_CFLAGS) -INCLUDES = -I$(srcdir)/npinclude -I$(top_builddir)/src/include -opensc_signer_la_CFLAGS = $(AM_CFLAGS) -DXP_UNIX -opensc_signer_la_SOURCES = opensc-crypto.c opensc-support.c signer.c stubs.c dialog.c \ - signer.exports - -opensc_signer_la_LIBADD = $(OPENSSL_LIBS) $(LIBASSUAN_LIBS) \ - $(top_builddir)/src/libopensc/libopensc.la - -opensc_signer_la_LDFLAGS = $(AM_LDFLAGS) \ - -export-symbols "$(srcdir)/signer.exports" \ - -module -avoid-version -no-undefined - -@ENABLE_NSPLUGIN_TRUE@plugin_DATA = #Create directory -all: all-recursive - -.SUFFIXES: -.SUFFIXES: .c .lo .o .obj -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/signer/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/signer/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): -install-libLTLIBRARIES: $(lib_LTLIBRARIES) - @$(NORMAL_INSTALL) - test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" - @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ - list2="$$list2 $$p"; \ - else :; fi; \ - done; \ - test -z "$$list2" || { \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ - } - -uninstall-libLTLIBRARIES: - @$(NORMAL_UNINSTALL) - @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ - for p in $$list; do \ - $(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ - done - -clean-libLTLIBRARIES: - -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ - test "$$dir" != "$$p" || dir=.; \ - echo "rm -f \"$${dir}/so_locations\""; \ - rm -f "$${dir}/so_locations"; \ - done -opensc-signer.la: $(opensc_signer_la_OBJECTS) $(opensc_signer_la_DEPENDENCIES) - $(opensc_signer_la_LINK) $(am_opensc_signer_la_rpath) $(opensc_signer_la_OBJECTS) $(opensc_signer_la_LIBADD) $(LIBS) - -mostlyclean-compile: - -rm -f *.$(OBJEXT) - -distclean-compile: - -rm -f *.tab.c - -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/opensc_signer_la-dialog.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/opensc_signer_la-opensc-crypto.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/opensc_signer_la-opensc-support.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/opensc_signer_la-signer.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/opensc_signer_la-stubs.Plo@am__quote@ - -.c.o: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c $< - -.c.obj: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` - -.c.lo: -@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< - -opensc_signer_la-opensc-crypto.lo: opensc-crypto.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(opensc_signer_la_CFLAGS) $(CFLAGS) -MT opensc_signer_la-opensc-crypto.lo -MD -MP -MF $(DEPDIR)/opensc_signer_la-opensc-crypto.Tpo -c -o opensc_signer_la-opensc-crypto.lo `test -f 'opensc-crypto.c' || echo '$(srcdir)/'`opensc-crypto.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/opensc_signer_la-opensc-crypto.Tpo $(DEPDIR)/opensc_signer_la-opensc-crypto.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='opensc-crypto.c' object='opensc_signer_la-opensc-crypto.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(opensc_signer_la_CFLAGS) $(CFLAGS) -c -o opensc_signer_la-opensc-crypto.lo `test -f 'opensc-crypto.c' || echo '$(srcdir)/'`opensc-crypto.c - -opensc_signer_la-opensc-support.lo: opensc-support.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(opensc_signer_la_CFLAGS) $(CFLAGS) -MT opensc_signer_la-opensc-support.lo -MD -MP -MF $(DEPDIR)/opensc_signer_la-opensc-support.Tpo -c -o opensc_signer_la-opensc-support.lo `test -f 'opensc-support.c' || echo '$(srcdir)/'`opensc-support.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/opensc_signer_la-opensc-support.Tpo $(DEPDIR)/opensc_signer_la-opensc-support.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='opensc-support.c' object='opensc_signer_la-opensc-support.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(opensc_signer_la_CFLAGS) $(CFLAGS) -c -o opensc_signer_la-opensc-support.lo `test -f 'opensc-support.c' || echo '$(srcdir)/'`opensc-support.c - -opensc_signer_la-signer.lo: signer.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(opensc_signer_la_CFLAGS) $(CFLAGS) -MT opensc_signer_la-signer.lo -MD -MP -MF $(DEPDIR)/opensc_signer_la-signer.Tpo -c -o opensc_signer_la-signer.lo `test -f 'signer.c' || echo '$(srcdir)/'`signer.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/opensc_signer_la-signer.Tpo $(DEPDIR)/opensc_signer_la-signer.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='signer.c' object='opensc_signer_la-signer.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(opensc_signer_la_CFLAGS) $(CFLAGS) -c -o opensc_signer_la-signer.lo `test -f 'signer.c' || echo '$(srcdir)/'`signer.c - -opensc_signer_la-stubs.lo: stubs.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(opensc_signer_la_CFLAGS) $(CFLAGS) -MT opensc_signer_la-stubs.lo -MD -MP -MF $(DEPDIR)/opensc_signer_la-stubs.Tpo -c -o opensc_signer_la-stubs.lo `test -f 'stubs.c' || echo '$(srcdir)/'`stubs.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/opensc_signer_la-stubs.Tpo $(DEPDIR)/opensc_signer_la-stubs.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='stubs.c' object='opensc_signer_la-stubs.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(opensc_signer_la_CFLAGS) $(CFLAGS) -c -o opensc_signer_la-stubs.lo `test -f 'stubs.c' || echo '$(srcdir)/'`stubs.c - -opensc_signer_la-dialog.lo: dialog.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(opensc_signer_la_CFLAGS) $(CFLAGS) -MT opensc_signer_la-dialog.lo -MD -MP -MF $(DEPDIR)/opensc_signer_la-dialog.Tpo -c -o opensc_signer_la-dialog.lo `test -f 'dialog.c' || echo '$(srcdir)/'`dialog.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/opensc_signer_la-dialog.Tpo $(DEPDIR)/opensc_signer_la-dialog.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='dialog.c' object='opensc_signer_la-dialog.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(opensc_signer_la_CFLAGS) $(CFLAGS) -c -o opensc_signer_la-dialog.lo `test -f 'dialog.c' || echo '$(srcdir)/'`dialog.c - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs -install-pluginDATA: $(plugin_DATA) - @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_DATA)'; test -n "$(plugindir)" || list=; \ - for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; \ - done | $(am__base_list) | \ - while read files; do \ - echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(plugindir)'"; \ - $(INSTALL_DATA) $$files "$(DESTDIR)$(plugindir)" || exit $$?; \ - done - -uninstall-pluginDATA: - @$(NORMAL_UNINSTALL) - @list='$(plugin_DATA)'; test -n "$(plugindir)" || list=; \ - files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ - test -n "$$files" || exit 0; \ - echo " ( cd '$(DESTDIR)$(plugindir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(plugindir)" && rm -f $$files - -# This directory's subdirectories are mostly independent; you can cd -# into them and run `make' without going through this Makefile. -# To change the values of `make' variables: instead of editing Makefiles, -# (1) if the variable is set in `config.status', edit `config.status' -# (which will cause the Makefiles to be regenerated when you run `make'); -# (2) otherwise, pass the desired values on the `make' command line. -$(RECURSIVE_TARGETS): - @failcom='exit 1'; \ - for f in x $$MAKEFLAGS; do \ - case $$f in \ - *=* | --[!k]*);; \ - *k*) failcom='fail=yes';; \ - esac; \ - done; \ - dot_seen=no; \ - target=`echo $@ | sed s/-recursive//`; \ - list='$(SUBDIRS)'; for subdir in $$list; do \ - echo "Making $$target in $$subdir"; \ - if test "$$subdir" = "."; then \ - dot_seen=yes; \ - local_target="$$target-am"; \ - else \ - local_target="$$target"; \ - fi; \ - ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ - || eval $$failcom; \ - done; \ - if test "$$dot_seen" = "no"; then \ - $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ - fi; test -z "$$fail" - -$(RECURSIVE_CLEAN_TARGETS): - @failcom='exit 1'; \ - for f in x $$MAKEFLAGS; do \ - case $$f in \ - *=* | --[!k]*);; \ - *k*) failcom='fail=yes';; \ - esac; \ - done; \ - dot_seen=no; \ - case "$@" in \ - distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ - *) list='$(SUBDIRS)' ;; \ - esac; \ - rev=''; for subdir in $$list; do \ - if test "$$subdir" = "."; then :; else \ - rev="$$subdir $$rev"; \ - fi; \ - done; \ - rev="$$rev ."; \ - target=`echo $@ | sed s/-recursive//`; \ - for subdir in $$rev; do \ - echo "Making $$target in $$subdir"; \ - if test "$$subdir" = "."; then \ - local_target="$$target-am"; \ - else \ - local_target="$$target"; \ - fi; \ - ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ - || eval $$failcom; \ - done && test -z "$$fail" -tags-recursive: - list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ - done -ctags-recursive: - list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ - done - -ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - mkid -fID $$unique -tags: TAGS - -TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - set x; \ - here=`pwd`; \ - if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ - include_option=--etags-include; \ - empty_fix=.; \ - else \ - include_option=--include; \ - empty_fix=; \ - fi; \ - list='$(SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" = .; then :; else \ - test ! -f $$subdir/TAGS || \ - set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ - fi; \ - done; \ - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi -ctags: CTAGS -CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ - || exit 1; \ - fi; \ - done - @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" = .; then :; else \ - test -d "$(distdir)/$$subdir" \ - || $(MKDIR_P) "$(distdir)/$$subdir" \ - || exit 1; \ - fi; \ - done - @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" = .; then :; else \ - dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ - $(am__relativize); \ - new_distdir=$$reldir; \ - dir1=$$subdir; dir2="$(top_distdir)"; \ - $(am__relativize); \ - new_top_distdir=$$reldir; \ - echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ - echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ - ($(am__cd) $$subdir && \ - $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="$$new_top_distdir" \ - distdir="$$new_distdir" \ - am__remove_distdir=: \ - am__skip_length_check=: \ - am__skip_mode_fix=: \ - distdir) \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-recursive -all-am: Makefile $(LTLIBRARIES) $(DATA) $(HEADERS) -installdirs: installdirs-recursive -installdirs-am: - for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(plugindir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ - done -install: install-recursive -install-exec: install-exec-recursive -install-data: install-data-recursive -uninstall: uninstall-recursive - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-recursive -install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." - -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) -@ENABLE_NSPLUGIN_FALSE@install-exec-hook: -clean: clean-recursive - -clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ - mostlyclean-am - -distclean: distclean-recursive - -rm -rf ./$(DEPDIR) - -rm -f Makefile -distclean-am: clean-am distclean-compile distclean-generic \ - distclean-tags - -dvi: dvi-recursive - -dvi-am: - -html: html-recursive - -html-am: - -info: info-recursive - -info-am: - -install-data-am: install-pluginDATA - -install-dvi: install-dvi-recursive - -install-dvi-am: - -install-exec-am: install-libLTLIBRARIES - @$(NORMAL_INSTALL) - $(MAKE) $(AM_MAKEFLAGS) install-exec-hook -install-html: install-html-recursive - -install-html-am: - -install-info: install-info-recursive - -install-info-am: - -install-man: - -install-pdf: install-pdf-recursive - -install-pdf-am: - -install-ps: install-ps-recursive - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-recursive - -rm -rf ./$(DEPDIR) - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-recursive - -mostlyclean-am: mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool - -pdf: pdf-recursive - -pdf-am: - -ps: ps-recursive - -ps-am: - -uninstall-am: uninstall-libLTLIBRARIES uninstall-pluginDATA - -.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \ - install-am install-exec-am install-strip tags-recursive - -.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ - all all-am check check-am clean clean-generic \ - clean-libLTLIBRARIES clean-libtool ctags ctags-recursive \ - distclean distclean-compile distclean-generic \ - distclean-libtool distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-exec-hook install-html install-html-am \ - install-info install-info-am install-libLTLIBRARIES \ - install-man install-pdf install-pdf-am install-pluginDATA \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs installdirs-am maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags tags-recursive uninstall uninstall-am \ - uninstall-libLTLIBRARIES uninstall-pluginDATA - -@ENABLE_NSPLUGIN_TRUE@install-exec-hook: install-pluginDATA -@ENABLE_NSPLUGIN_TRUE@ -rm -f "$(DESTDIR)$(plugindir)/opensc-signer.so" -@ENABLE_NSPLUGIN_TRUE@ $(LN_S) "$(libdir)/opensc-signer.so" "$(DESTDIR)$(plugindir)" - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff -Nru opensc-0.11.13/src/signer/npinclude/jri.h opensc-0.12.1/src/signer/npinclude/jri.h --- opensc-0.11.13/src/signer/npinclude/jri.h 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/signer/npinclude/jri.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,638 +0,0 @@ -/* -*- Mode: C; tab-width: 4; -*- */ -/******************************************************************************* - * Java Runtime Interface - * Copyright (c) 1996 Netscape Communications Corporation. All rights reserved. - ******************************************************************************/ - -#ifndef JRI_H -#define JRI_H - -#include "jritypes.h" - -#ifdef __cplusplus -extern "C" { -#endif /* __cplusplus */ - -/******************************************************************************* - * JRIEnv - ******************************************************************************/ - -/* The type of the JRIEnv interface. */ -typedef struct JRIEnvInterface JRIEnvInterface; - -/* The type of a JRIEnv instance. */ -typedef const JRIEnvInterface* JRIEnv; - -/******************************************************************************* - * JRIEnv Operations - ******************************************************************************/ - -#define JRI_LoadClass(env, buf, bufLen) \ - (((*(env))->LoadClass)(env, JRI_LoadClass_op, buf, bufLen)) - -#define JRI_FindClass(env, name) \ - (((*(env))->FindClass)(env, JRI_FindClass_op, name)) - -#define JRI_Throw(env, obj) \ - (((*(env))->Throw)(env, JRI_Throw_op, obj)) - -#define JRI_ThrowNew(env, clazz, message) \ - (((*(env))->ThrowNew)(env, JRI_ThrowNew_op, clazz, message)) - -#define JRI_ExceptionOccurred(env) \ - (((*(env))->ExceptionOccurred)(env, JRI_ExceptionOccurred_op)) - -#define JRI_ExceptionDescribe(env) \ - (((*(env))->ExceptionDescribe)(env, JRI_ExceptionDescribe_op)) - -#define JRI_ExceptionClear(env) \ - (((*(env))->ExceptionClear)(env, JRI_ExceptionClear_op)) - -#define JRI_NewGlobalRef(env, ref) \ - (((*(env))->NewGlobalRef)(env, JRI_NewGlobalRef_op, ref)) - -#define JRI_DisposeGlobalRef(env, gref) \ - (((*(env))->DisposeGlobalRef)(env, JRI_DisposeGlobalRef_op, gref)) - -#define JRI_GetGlobalRef(env, gref) \ - (((*(env))->GetGlobalRef)(env, JRI_GetGlobalRef_op, gref)) - -#define JRI_SetGlobalRef(env, gref, ref) \ - (((*(env))->SetGlobalRef)(env, JRI_SetGlobalRef_op, gref, ref)) - -#define JRI_IsSameObject(env, a, b) \ - (((*(env))->IsSameObject)(env, JRI_IsSameObject_op, a, b)) - -#define JRI_NewObject(env) ((*(env))->NewObject) -#define JRI_NewObjectV(env, clazz, methodID, args) \ - (((*(env))->NewObjectV)(env, JRI_NewObject_op_va_list, clazz, methodID, args)) -#define JRI_NewObjectA(env, clazz, method, args) \ - (((*(env))->NewObjectA)(env, JRI_NewObject_op_array, clazz, methodID, args)) - -#define JRI_GetObjectClass(env, obj) \ - (((*(env))->GetObjectClass)(env, JRI_GetObjectClass_op, obj)) - -#define JRI_IsInstanceOf(env, obj, clazz) \ - (((*(env))->IsInstanceOf)(env, JRI_IsInstanceOf_op, obj, clazz)) - -#define JRI_GetMethodID(env, clazz, name, sig) \ - (((*(env))->GetMethodID)(env, JRI_GetMethodID_op, clazz, name, sig)) - -#define JRI_CallMethod(env) ((*(env))->CallMethod) -#define JRI_CallMethodV(env, obj, methodID, args) \ - (((*(env))->CallMethodV)(env, JRI_CallMethod_op_va_list, obj, methodID, args)) -#define JRI_CallMethodA(env, obj, methodID, args) \ - (((*(env))->CallMethodA)(env, JRI_CallMethod_op_array, obj, methodID, args)) - -#define JRI_CallMethodBoolean(env) ((*(env))->CallMethodBoolean) -#define JRI_CallMethodBooleanV(env, obj, methodID, args) \ - (((*(env))->CallMethodBooleanV)(env, JRI_CallMethodBoolean_op_va_list, obj, methodID, args)) -#define JRI_CallMethodBooleanA(env, obj, methodID, args) \ - (((*(env))->CallMethodBooleanA)(env, JRI_CallMethodBoolean_op_array, obj, methodID, args)) - -#define JRI_CallMethodByte(env) ((*(env))->CallMethodByte) -#define JRI_CallMethodByteV(env, obj, methodID, args) \ - (((*(env))->CallMethodByteV)(env, JRI_CallMethodByte_op_va_list, obj, methodID, args)) -#define JRI_CallMethodByteA(env, obj, methodID, args) \ - (((*(env))->CallMethodByteA)(env, JRI_CallMethodByte_op_array, obj, methodID, args)) - -#define JRI_CallMethodChar(env) ((*(env))->CallMethodChar) -#define JRI_CallMethodCharV(env, obj, methodID, args) \ - (((*(env))->CallMethodCharV)(env, JRI_CallMethodChar_op_va_list, obj, methodID, args)) -#define JRI_CallMethodCharA(env, obj, methodID, args) \ - (((*(env))->CallMethodCharA)(env, JRI_CallMethodChar_op_array, obj, methodID, args)) - -#define JRI_CallMethodShort(env) ((*(env))->CallMethodShort) -#define JRI_CallMethodShortV(env, obj, methodID, args) \ - (((*(env))->CallMethodShortV)(env, JRI_CallMethodShort_op_va_list, obj, methodID, args)) -#define JRI_CallMethodShortA(env, obj, methodID, args) \ - (((*(env))->CallMethodShortA)(env, JRI_CallMethodShort_op_array, obj, methodID, args)) - -#define JRI_CallMethodInt(env) ((*(env))->CallMethodInt) -#define JRI_CallMethodIntV(env, obj, methodID, args) \ - (((*(env))->CallMethodIntV)(env, JRI_CallMethodInt_op_va_list, obj, methodID, args)) -#define JRI_CallMethodIntA(env, obj, methodID, args) \ - (((*(env))->CallMethodIntA)(env, JRI_CallMethodInt_op_array, obj, methodID, args)) - -#define JRI_CallMethodLong(env) ((*(env))->CallMethodLong) -#define JRI_CallMethodLongV(env, obj, methodID, args) \ - (((*(env))->CallMethodLongV)(env, JRI_CallMethodLong_op_va_list, obj, methodID, args)) -#define JRI_CallMethodLongA(env, obj, methodID, args) \ - (((*(env))->CallMethodLongA)(env, JRI_CallMethodLong_op_array, obj, methodID, args)) - -#define JRI_CallMethodFloat(env) ((*(env))->CallMethodFloat) -#define JRI_CallMethodFloatV(env, obj, methodID, args) \ - (((*(env))->CallMethodFloatV)(env, JRI_CallMethodFloat_op_va_list, obj, methodID, args)) -#define JRI_CallMethodFloatA(env, obj, methodID, args) \ - (((*(env))->CallMethodFloatA)(env, JRI_CallMethodFloat_op_array, obj, methodID, args)) - -#define JRI_CallMethodDouble(env) ((*(env))->CallMethodDouble) -#define JRI_CallMethodDoubleV(env, obj, methodID, args) \ - (((*(env))->CallMethodDoubleV)(env, JRI_CallMethodDouble_op_va_list, obj, methodID, args)) -#define JRI_CallMethodDoubleA(env, obj, methodID, args) \ - (((*(env))->CallMethodDoubleA)(env, JRI_CallMethodDouble_op_array, obj, methodID, args)) - -#define JRI_GetFieldID(env, clazz, name, sig) \ - (((*(env))->GetFieldID)(env, JRI_GetFieldID_op, clazz, name, sig)) - -#define JRI_GetField(env, obj, fieldID) \ - (((*(env))->GetField)(env, JRI_GetField_op, obj, fieldID)) - -#define JRI_GetFieldBoolean(env, obj, fieldID) \ - (((*(env))->GetFieldBoolean)(env, JRI_GetFieldBoolean_op, obj, fieldID)) - -#define JRI_GetFieldByte(env, obj, fieldID) \ - (((*(env))->GetFieldByte)(env, JRI_GetFieldByte_op, obj, fieldID)) - -#define JRI_GetFieldChar(env, obj, fieldID) \ - (((*(env))->GetFieldChar)(env, JRI_GetFieldChar_op, obj, fieldID)) - -#define JRI_GetFieldShort(env, obj, fieldID) \ - (((*(env))->GetFieldShort)(env, JRI_GetFieldShort_op, obj, fieldID)) - -#define JRI_GetFieldInt(env, obj, fieldID) \ - (((*(env))->GetFieldInt)(env, JRI_GetFieldInt_op, obj, fieldID)) - -#define JRI_GetFieldLong(env, obj, fieldID) \ - (((*(env))->GetFieldLong)(env, JRI_GetFieldLong_op, obj, fieldID)) - -#define JRI_GetFieldFloat(env, obj, fieldID) \ - (((*(env))->GetFieldFloat)(env, JRI_GetFieldFloat_op, obj, fieldID)) - -#define JRI_GetFieldDouble(env, obj, fieldID) \ - (((*(env))->GetFieldDouble)(env, JRI_GetFieldDouble_op, obj, fieldID)) - -#define JRI_SetField(env, obj, fieldID, value) \ - (((*(env))->SetField)(env, JRI_SetField_op, obj, fieldID, value)) - -#define JRI_SetFieldBoolean(env, obj, fieldID, value) \ - (((*(env))->SetFieldBoolean)(env, JRI_SetFieldBoolean_op, obj, fieldID, value)) - -#define JRI_SetFieldByte(env, obj, fieldID, value) \ - (((*(env))->SetFieldByte)(env, JRI_SetFieldByte_op, obj, fieldID, value)) - -#define JRI_SetFieldChar(env, obj, fieldID, value) \ - (((*(env))->SetFieldChar)(env, JRI_SetFieldChar_op, obj, fieldID, value)) - -#define JRI_SetFieldShort(env, obj, fieldID, value) \ - (((*(env))->SetFieldShort)(env, JRI_SetFieldShort_op, obj, fieldID, value)) - -#define JRI_SetFieldInt(env, obj, fieldID, value) \ - (((*(env))->SetFieldInt)(env, JRI_SetFieldInt_op, obj, fieldID, value)) - -#define JRI_SetFieldLong(env, obj, fieldID, value) \ - (((*(env))->SetFieldLong)(env, JRI_SetFieldLong_op, obj, fieldID, value)) - -#define JRI_SetFieldFloat(env, obj, fieldID, value) \ - (((*(env))->SetFieldFloat)(env, JRI_SetFieldFloat_op, obj, fieldID, value)) - -#define JRI_SetFieldDouble(env, obj, fieldID, value) \ - (((*(env))->SetFieldDouble)(env, JRI_SetFieldDouble_op, obj, fieldID, value)) - -#define JRI_IsSubclassOf(env, a, b) \ - (((*(env))->IsSubclassOf)(env, JRI_IsSubclassOf_op, a, b)) - -#define JRI_GetStaticMethodID(env, clazz, name, sig) \ - (((*(env))->GetStaticMethodID)(env, JRI_GetStaticMethodID_op, clazz, name, sig)) - -#define JRI_CallStaticMethod(env) ((*(env))->CallStaticMethod) -#define JRI_CallStaticMethodV(env, clazz, methodID, args) \ - (((*(env))->CallStaticMethodV)(env, JRI_CallStaticMethod_op_va_list, clazz, methodID, args)) -#define JRI_CallStaticMethodA(env, clazz, methodID, args) \ - (((*(env))->CallStaticMethodA)(env, JRI_CallStaticMethod_op_array, clazz, methodID, args)) - -#define JRI_CallStaticMethodBoolean(env) ((*(env))->CallStaticMethodBoolean) -#define JRI_CallStaticMethodBooleanV(env, clazz, methodID, args) \ - (((*(env))->CallStaticMethodBooleanV)(env, JRI_CallStaticMethodBoolean_op_va_list, clazz, methodID, args)) -#define JRI_CallStaticMethodBooleanA(env, clazz, methodID, args) \ - (((*(env))->CallStaticMethodBooleanA)(env, JRI_CallStaticMethodBoolean_op_array, clazz, methodID, args)) - -#define JRI_CallStaticMethodByte(env) ((*(env))->CallStaticMethodByte) -#define JRI_CallStaticMethodByteV(env, clazz, methodID, args) \ - (((*(env))->CallStaticMethodByteV)(env, JRI_CallStaticMethodByte_op_va_list, clazz, methodID, args)) -#define JRI_CallStaticMethodByteA(env, clazz, methodID, args) \ - (((*(env))->CallStaticMethodByteA)(env, JRI_CallStaticMethodByte_op_array, clazz, methodID, args)) - -#define JRI_CallStaticMethodChar(env) ((*(env))->CallStaticMethodChar) -#define JRI_CallStaticMethodCharV(env, clazz, methodID, args) \ - (((*(env))->CallStaticMethodCharV)(env, JRI_CallStaticMethodChar_op_va_list, clazz, methodID, args)) -#define JRI_CallStaticMethodCharA(env, clazz, methodID, args) \ - (((*(env))->CallStaticMethodCharA)(env, JRI_CallStaticMethodChar_op_array, clazz, methodID, args)) - -#define JRI_CallStaticMethodShort(env) ((*(env))->CallStaticMethodShort) -#define JRI_CallStaticMethodShortV(env, clazz, methodID, args) \ - (((*(env))->CallStaticMethodShortV)(env, JRI_CallStaticMethodShort_op_va_list, clazz, methodID, args)) -#define JRI_CallStaticMethodShortA(env, clazz, methodID, args) \ - (((*(env))->CallStaticMethodShortA)(env, JRI_CallStaticMethodShort_op_array, clazz, methodID, args)) - -#define JRI_CallStaticMethodInt(env) ((*(env))->CallStaticMethodInt) -#define JRI_CallStaticMethodIntV(env, clazz, methodID, args) \ - (((*(env))->CallStaticMethodIntV)(env, JRI_CallStaticMethodInt_op_va_list, clazz, methodID, args)) -#define JRI_CallStaticMethodIntA(env, clazz, methodID, args) \ - (((*(env))->CallStaticMethodIntA)(env, JRI_CallStaticMethodInt_op_array, clazz, methodID, args)) - -#define JRI_CallStaticMethodLong(env) ((*(env))->CallStaticMethodLong) -#define JRI_CallStaticMethodLongV(env, clazz, methodID, args) \ - (((*(env))->CallStaticMethodLongV)(env, JRI_CallStaticMethodLong_op_va_list, clazz, methodID, args)) -#define JRI_CallStaticMethodLongA(env, clazz, methodID, args) \ - (((*(env))->CallStaticMethodLongA)(env, JRI_CallStaticMethodLong_op_array, clazz, methodID, args)) - -#define JRI_CallStaticMethodFloat(env) ((*(env))->CallStaticMethodFloat) -#define JRI_CallStaticMethodFloatV(env, clazz, methodID, args) \ - (((*(env))->CallStaticMethodFloatV)(env, JRI_CallStaticMethodFloat_op_va_list, clazz, methodID, args)) -#define JRI_CallStaticMethodFloatA(env, clazz, methodID, args) \ - (((*(env))->CallStaticMethodFloatA)(env, JRI_CallStaticMethodFloat_op_array, clazz, methodID, args)) - -#define JRI_CallStaticMethodDouble(env) ((*(env))->CallStaticMethodDouble) -#define JRI_CallStaticMethodDoubleV(env, clazz, methodID, args) \ - (((*(env))->CallStaticMethodDoubleV)(env, JRI_CallStaticMethodDouble_op_va_list, clazz, methodID, args)) -#define JRI_CallStaticMethodDoubleA(env, clazz, methodID, args) \ - (((*(env))->CallStaticMethodDoubleA)(env, JRI_CallStaticMethodDouble_op_array, clazz, methodID, args)) - -#define JRI_GetStaticFieldID(env, clazz, name, sig) \ - (((*(env))->GetStaticFieldID)(env, JRI_GetStaticFieldID_op, clazz, name, sig)) - -#define JRI_GetStaticField(env, clazz, fieldID) \ - (((*(env))->GetStaticField)(env, JRI_GetStaticField_op, clazz, fieldID)) - -#define JRI_GetStaticFieldBoolean(env, clazz, fieldID) \ - (((*(env))->GetStaticFieldBoolean)(env, JRI_GetStaticFieldBoolean_op, clazz, fieldID)) - -#define JRI_GetStaticFieldByte(env, clazz, fieldID) \ - (((*(env))->GetStaticFieldByte)(env, JRI_GetStaticFieldByte_op, clazz, fieldID)) - -#define JRI_GetStaticFieldChar(env, clazz, fieldID) \ - (((*(env))->GetStaticFieldChar)(env, JRI_GetStaticFieldChar_op, clazz, fieldID)) - -#define JRI_GetStaticFieldShort(env, clazz, fieldID) \ - (((*(env))->GetStaticFieldShort)(env, JRI_GetStaticFieldShort_op, clazz, fieldID)) - -#define JRI_GetStaticFieldInt(env, clazz, fieldID) \ - (((*(env))->GetStaticFieldInt)(env, JRI_GetStaticFieldInt_op, clazz, fieldID)) - -#define JRI_GetStaticFieldLong(env, clazz, fieldID) \ - (((*(env))->GetStaticFieldLong)(env, JRI_GetStaticFieldLong_op, clazz, fieldID)) - -#define JRI_GetStaticFieldFloat(env, clazz, fieldID) \ - (((*(env))->GetStaticFieldFloat)(env, JRI_GetStaticFieldFloat_op, clazz, fieldID)) - -#define JRI_GetStaticFieldDouble(env, clazz, fieldID) \ - (((*(env))->GetStaticFieldDouble)(env, JRI_GetStaticFieldDouble_op, clazz, fieldID)) - -#define JRI_SetStaticField(env, clazz, fieldID, value) \ - (((*(env))->SetStaticField)(env, JRI_SetStaticField_op, clazz, fieldID, value)) - -#define JRI_SetStaticFieldBoolean(env, clazz, fieldID, value) \ - (((*(env))->SetStaticFieldBoolean)(env, JRI_SetStaticFieldBoolean_op, clazz, fieldID, value)) - -#define JRI_SetStaticFieldByte(env, clazz, fieldID, value) \ - (((*(env))->SetStaticFieldByte)(env, JRI_SetStaticFieldByte_op, clazz, fieldID, value)) - -#define JRI_SetStaticFieldChar(env, clazz, fieldID, value) \ - (((*(env))->SetStaticFieldChar)(env, JRI_SetStaticFieldChar_op, clazz, fieldID, value)) - -#define JRI_SetStaticFieldShort(env, clazz, fieldID, value) \ - (((*(env))->SetStaticFieldShort)(env, JRI_SetStaticFieldShort_op, clazz, fieldID, value)) - -#define JRI_SetStaticFieldInt(env, clazz, fieldID, value) \ - (((*(env))->SetStaticFieldInt)(env, JRI_SetStaticFieldInt_op, clazz, fieldID, value)) - -#define JRI_SetStaticFieldLong(env, clazz, fieldID, value) \ - (((*(env))->SetStaticFieldLong)(env, JRI_SetStaticFieldLong_op, clazz, fieldID, value)) - -#define JRI_SetStaticFieldFloat(env, clazz, fieldID, value) \ - (((*(env))->SetStaticFieldFloat)(env, JRI_SetStaticFieldFloat_op, clazz, fieldID, value)) - -#define JRI_SetStaticFieldDouble(env, clazz, fieldID, value) \ - (((*(env))->SetStaticFieldDouble)(env, JRI_SetStaticFieldDouble_op, clazz, fieldID, value)) - -#define JRI_NewString(env, unicode, len) \ - (((*(env))->NewString)(env, JRI_NewString_op, unicode, len)) - -#define JRI_GetStringLength(env, string) \ - (((*(env))->GetStringLength)(env, JRI_GetStringLength_op, string)) - -#define JRI_GetStringChars(env, string) \ - (((*(env))->GetStringChars)(env, JRI_GetStringChars_op, string)) - -#define JRI_NewStringUTF(env, utf, len) \ - (((*(env))->NewStringUTF)(env, JRI_NewStringUTF_op, utf, len)) - -#define JRI_GetStringUTFLength(env, string) \ - (((*(env))->GetStringUTFLength)(env, JRI_GetStringUTFLength_op, string)) - -#define JRI_GetStringUTFChars(env, string) \ - (((*(env))->GetStringUTFChars)(env, JRI_GetStringUTFChars_op, string)) - -#define JRI_NewScalarArray(env, length, elementSig, initialElements) \ - (((*(env))->NewScalarArray)(env, JRI_NewScalarArray_op, length, elementSig, initialElements)) - -#define JRI_GetScalarArrayLength(env, array) \ - (((*(env))->GetScalarArrayLength)(env, JRI_GetScalarArrayLength_op, array)) - -#define JRI_GetScalarArrayElements(env, array) \ - (((*(env))->GetScalarArrayElements)(env, JRI_GetScalarArrayElements_op, array)) - -#define JRI_NewObjectArray(env, length, elementClass, initialElement) \ - (((*(env))->NewObjectArray)(env, JRI_NewObjectArray_op, length, elementClass, initialElement)) - -#define JRI_GetObjectArrayLength(env, array) \ - (((*(env))->GetObjectArrayLength)(env, JRI_GetObjectArrayLength_op, array)) - -#define JRI_GetObjectArrayElement(env, array, index) \ - (((*(env))->GetObjectArrayElement)(env, JRI_GetObjectArrayElement_op, array, index)) - -#define JRI_SetObjectArrayElement(env, array, index, value) \ - (((*(env))->SetObjectArrayElement)(env, JRI_SetObjectArrayElement_op, array, index, value)) - -#define JRI_RegisterNatives(env, clazz, nameAndSigArray, nativeProcArray) \ - (((*(env))->RegisterNatives)(env, JRI_RegisterNatives_op, clazz, nameAndSigArray, nativeProcArray)) - -#define JRI_UnregisterNatives(env, clazz) \ - (((*(env))->UnregisterNatives)(env, JRI_UnregisterNatives_op, clazz)) - -/******************************************************************************* - * JRIEnv Interface - ******************************************************************************/ - -struct java_lang_Class; -struct java_lang_Throwable; -struct java_lang_Object; -struct java_lang_String; - -struct JRIEnvInterface { - void* reserved0; - void* reserved1; - void* reserved2; - struct java_lang_Class* (*LoadClass)(JRIEnv* env, jint op, jbyte* a, jsize aLen); - struct java_lang_Class* (*FindClass)(JRIEnv* env, jint op, const char* a); - void (*Throw)(JRIEnv* env, jint op, struct java_lang_Throwable* a); - void (*ThrowNew)(JRIEnv* env, jint op, struct java_lang_Class* a, const char* b); - struct java_lang_Throwable* (*ExceptionOccurred)(JRIEnv* env, jint op); - void (*ExceptionDescribe)(JRIEnv* env, jint op); - void (*ExceptionClear)(JRIEnv* env, jint op); - jglobal (*NewGlobalRef)(JRIEnv* env, jint op, void* a); - void (*DisposeGlobalRef)(JRIEnv* env, jint op, jglobal a); - void* (*GetGlobalRef)(JRIEnv* env, jint op, jglobal a); - void (*SetGlobalRef)(JRIEnv* env, jint op, jglobal a, void* b); - jbool (*IsSameObject)(JRIEnv* env, jint op, void* a, void* b); - void* (*NewObject)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, ...); - void* (*NewObjectV)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, va_list c); - void* (*NewObjectA)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, JRIValue* c); - struct java_lang_Class* (*GetObjectClass)(JRIEnv* env, jint op, void* a); - jbool (*IsInstanceOf)(JRIEnv* env, jint op, void* a, struct java_lang_Class* b); - jint (*GetMethodID)(JRIEnv* env, jint op, struct java_lang_Class* a, const char* b, const char* c); - void* (*CallMethod)(JRIEnv* env, jint op, void* a, jint b, ...); - void* (*CallMethodV)(JRIEnv* env, jint op, void* a, jint b, va_list c); - void* (*CallMethodA)(JRIEnv* env, jint op, void* a, jint b, JRIValue* c); - jbool (*CallMethodBoolean)(JRIEnv* env, jint op, void* a, jint b, ...); - jbool (*CallMethodBooleanV)(JRIEnv* env, jint op, void* a, jint b, va_list c); - jbool (*CallMethodBooleanA)(JRIEnv* env, jint op, void* a, jint b, JRIValue* c); - jbyte (*CallMethodByte)(JRIEnv* env, jint op, void* a, jint b, ...); - jbyte (*CallMethodByteV)(JRIEnv* env, jint op, void* a, jint b, va_list c); - jbyte (*CallMethodByteA)(JRIEnv* env, jint op, void* a, jint b, JRIValue* c); - jchar (*CallMethodChar)(JRIEnv* env, jint op, void* a, jint b, ...); - jchar (*CallMethodCharV)(JRIEnv* env, jint op, void* a, jint b, va_list c); - jchar (*CallMethodCharA)(JRIEnv* env, jint op, void* a, jint b, JRIValue* c); - jshort (*CallMethodShort)(JRIEnv* env, jint op, void* a, jint b, ...); - jshort (*CallMethodShortV)(JRIEnv* env, jint op, void* a, jint b, va_list c); - jshort (*CallMethodShortA)(JRIEnv* env, jint op, void* a, jint b, JRIValue* c); - jint (*CallMethodInt)(JRIEnv* env, jint op, void* a, jint b, ...); - jint (*CallMethodIntV)(JRIEnv* env, jint op, void* a, jint b, va_list c); - jint (*CallMethodIntA)(JRIEnv* env, jint op, void* a, jint b, JRIValue* c); - jlong (*CallMethodLong)(JRIEnv* env, jint op, void* a, jint b, ...); - jlong (*CallMethodLongV)(JRIEnv* env, jint op, void* a, jint b, va_list c); - jlong (*CallMethodLongA)(JRIEnv* env, jint op, void* a, jint b, JRIValue* c); - jfloat (*CallMethodFloat)(JRIEnv* env, jint op, void* a, jint b, ...); - jfloat (*CallMethodFloatV)(JRIEnv* env, jint op, void* a, jint b, va_list c); - jfloat (*CallMethodFloatA)(JRIEnv* env, jint op, void* a, jint b, JRIValue* c); - jdouble (*CallMethodDouble)(JRIEnv* env, jint op, void* a, jint b, ...); - jdouble (*CallMethodDoubleV)(JRIEnv* env, jint op, void* a, jint b, va_list c); - jdouble (*CallMethodDoubleA)(JRIEnv* env, jint op, void* a, jint b, JRIValue* c); - jint (*GetFieldID)(JRIEnv* env, jint op, struct java_lang_Class* a, const char* b, const char* c); - void* (*GetField)(JRIEnv* env, jint op, void* a, jint b); - jbool (*GetFieldBoolean)(JRIEnv* env, jint op, void* a, jint b); - jbyte (*GetFieldByte)(JRIEnv* env, jint op, void* a, jint b); - jchar (*GetFieldChar)(JRIEnv* env, jint op, void* a, jint b); - jshort (*GetFieldShort)(JRIEnv* env, jint op, void* a, jint b); - jint (*GetFieldInt)(JRIEnv* env, jint op, void* a, jint b); - jlong (*GetFieldLong)(JRIEnv* env, jint op, void* a, jint b); - jfloat (*GetFieldFloat)(JRIEnv* env, jint op, void* a, jint b); - jdouble (*GetFieldDouble)(JRIEnv* env, jint op, void* a, jint b); - void (*SetField)(JRIEnv* env, jint op, void* a, jint b, void* c); - void (*SetFieldBoolean)(JRIEnv* env, jint op, void* a, jint b, jbool c); - void (*SetFieldByte)(JRIEnv* env, jint op, void* a, jint b, jbyte c); - void (*SetFieldChar)(JRIEnv* env, jint op, void* a, jint b, jchar c); - void (*SetFieldShort)(JRIEnv* env, jint op, void* a, jint b, jshort c); - void (*SetFieldInt)(JRIEnv* env, jint op, void* a, jint b, jint c); - void (*SetFieldLong)(JRIEnv* env, jint op, void* a, jint b, jlong c); - void (*SetFieldFloat)(JRIEnv* env, jint op, void* a, jint b, jfloat c); - void (*SetFieldDouble)(JRIEnv* env, jint op, void* a, jint b, jdouble c); - jbool (*IsSubclassOf)(JRIEnv* env, jint op, struct java_lang_Class* a, struct java_lang_Class* b); - jint (*GetStaticMethodID)(JRIEnv* env, jint op, struct java_lang_Class* a, const char* b, const char* c); - void* (*CallStaticMethod)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, ...); - void* (*CallStaticMethodV)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, va_list c); - void* (*CallStaticMethodA)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, JRIValue* c); - jbool (*CallStaticMethodBoolean)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, ...); - jbool (*CallStaticMethodBooleanV)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, va_list c); - jbool (*CallStaticMethodBooleanA)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, JRIValue* c); - jbyte (*CallStaticMethodByte)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, ...); - jbyte (*CallStaticMethodByteV)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, va_list c); - jbyte (*CallStaticMethodByteA)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, JRIValue* c); - jchar (*CallStaticMethodChar)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, ...); - jchar (*CallStaticMethodCharV)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, va_list c); - jchar (*CallStaticMethodCharA)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, JRIValue* c); - jshort (*CallStaticMethodShort)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, ...); - jshort (*CallStaticMethodShortV)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, va_list c); - jshort (*CallStaticMethodShortA)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, JRIValue* c); - jint (*CallStaticMethodInt)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, ...); - jint (*CallStaticMethodIntV)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, va_list c); - jint (*CallStaticMethodIntA)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, JRIValue* c); - jlong (*CallStaticMethodLong)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, ...); - jlong (*CallStaticMethodLongV)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, va_list c); - jlong (*CallStaticMethodLongA)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, JRIValue* c); - jfloat (*CallStaticMethodFloat)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, ...); - jfloat (*CallStaticMethodFloatV)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, va_list c); - jfloat (*CallStaticMethodFloatA)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, JRIValue* c); - jdouble (*CallStaticMethodDouble)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, ...); - jdouble (*CallStaticMethodDoubleV)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, va_list c); - jdouble (*CallStaticMethodDoubleA)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, JRIValue* c); - jint (*GetStaticFieldID)(JRIEnv* env, jint op, struct java_lang_Class* a, const char* b, const char* c); - void* (*GetStaticField)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b); - jbool (*GetStaticFieldBoolean)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b); - jbyte (*GetStaticFieldByte)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b); - jchar (*GetStaticFieldChar)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b); - jshort (*GetStaticFieldShort)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b); - jint (*GetStaticFieldInt)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b); - jlong (*GetStaticFieldLong)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b); - jfloat (*GetStaticFieldFloat)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b); - jdouble (*GetStaticFieldDouble)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b); - void (*SetStaticField)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, void* c); - void (*SetStaticFieldBoolean)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, jbool c); - void (*SetStaticFieldByte)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, jbyte c); - void (*SetStaticFieldChar)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, jchar c); - void (*SetStaticFieldShort)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, jshort c); - void (*SetStaticFieldInt)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, jint c); - void (*SetStaticFieldLong)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, jlong c); - void (*SetStaticFieldFloat)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, jfloat c); - void (*SetStaticFieldDouble)(JRIEnv* env, jint op, struct java_lang_Class* a, jint b, jdouble c); - struct java_lang_String* (*NewString)(JRIEnv* env, jint op, const jchar* a, jint b); - jint (*GetStringLength)(JRIEnv* env, jint op, struct java_lang_String* a); - const jchar* (*GetStringChars)(JRIEnv* env, jint op, struct java_lang_String* a); - struct java_lang_String* (*NewStringUTF)(JRIEnv* env, jint op, const jbyte* a, jint b); - jint (*GetStringUTFLength)(JRIEnv* env, jint op, struct java_lang_String* a); - const jbyte* (*GetStringUTFChars)(JRIEnv* env, jint op, struct java_lang_String* a); - void* (*NewScalarArray)(JRIEnv* env, jint op, jint a, const char* b, const jbyte* c); - jint (*GetScalarArrayLength)(JRIEnv* env, jint op, void* a); - jbyte* (*GetScalarArrayElements)(JRIEnv* env, jint op, void* a); - void* (*NewObjectArray)(JRIEnv* env, jint op, jint a, struct java_lang_Class* b, void* c); - jint (*GetObjectArrayLength)(JRIEnv* env, jint op, void* a); - void* (*GetObjectArrayElement)(JRIEnv* env, jint op, void* a, jint b); - void (*SetObjectArrayElement)(JRIEnv* env, jint op, void* a, jint b, void* c); - void (*RegisterNatives)(JRIEnv* env, jint op, struct java_lang_Class* a, char** b, void** c); - void (*UnregisterNatives)(JRIEnv* env, jint op, struct java_lang_Class* a); -}; - -/******************************************************************************* - * JRIEnv Operation IDs - ******************************************************************************/ - -typedef enum JRIEnvOperations { - JRI_Reserved0_op, - JRI_Reserved1_op, - JRI_Reserved2_op, - JRI_LoadClass_op, - JRI_FindClass_op, - JRI_Throw_op, - JRI_ThrowNew_op, - JRI_ExceptionOccurred_op, - JRI_ExceptionDescribe_op, - JRI_ExceptionClear_op, - JRI_NewGlobalRef_op, - JRI_DisposeGlobalRef_op, - JRI_GetGlobalRef_op, - JRI_SetGlobalRef_op, - JRI_IsSameObject_op, - JRI_NewObject_op, - JRI_NewObject_op_va_list, - JRI_NewObject_op_array, - JRI_GetObjectClass_op, - JRI_IsInstanceOf_op, - JRI_GetMethodID_op, - JRI_CallMethod_op, - JRI_CallMethod_op_va_list, - JRI_CallMethod_op_array, - JRI_CallMethodBoolean_op, - JRI_CallMethodBoolean_op_va_list, - JRI_CallMethodBoolean_op_array, - JRI_CallMethodByte_op, - JRI_CallMethodByte_op_va_list, - JRI_CallMethodByte_op_array, - JRI_CallMethodChar_op, - JRI_CallMethodChar_op_va_list, - JRI_CallMethodChar_op_array, - JRI_CallMethodShort_op, - JRI_CallMethodShort_op_va_list, - JRI_CallMethodShort_op_array, - JRI_CallMethodInt_op, - JRI_CallMethodInt_op_va_list, - JRI_CallMethodInt_op_array, - JRI_CallMethodLong_op, - JRI_CallMethodLong_op_va_list, - JRI_CallMethodLong_op_array, - JRI_CallMethodFloat_op, - JRI_CallMethodFloat_op_va_list, - JRI_CallMethodFloat_op_array, - JRI_CallMethodDouble_op, - JRI_CallMethodDouble_op_va_list, - JRI_CallMethodDouble_op_array, - JRI_GetFieldID_op, - JRI_GetField_op, - JRI_GetFieldBoolean_op, - JRI_GetFieldByte_op, - JRI_GetFieldChar_op, - JRI_GetFieldShort_op, - JRI_GetFieldInt_op, - JRI_GetFieldLong_op, - JRI_GetFieldFloat_op, - JRI_GetFieldDouble_op, - JRI_SetField_op, - JRI_SetFieldBoolean_op, - JRI_SetFieldByte_op, - JRI_SetFieldChar_op, - JRI_SetFieldShort_op, - JRI_SetFieldInt_op, - JRI_SetFieldLong_op, - JRI_SetFieldFloat_op, - JRI_SetFieldDouble_op, - JRI_IsSubclassOf_op, - JRI_GetStaticMethodID_op, - JRI_CallStaticMethod_op, - JRI_CallStaticMethod_op_va_list, - JRI_CallStaticMethod_op_array, - JRI_CallStaticMethodBoolean_op, - JRI_CallStaticMethodBoolean_op_va_list, - JRI_CallStaticMethodBoolean_op_array, - JRI_CallStaticMethodByte_op, - JRI_CallStaticMethodByte_op_va_list, - JRI_CallStaticMethodByte_op_array, - JRI_CallStaticMethodChar_op, - JRI_CallStaticMethodChar_op_va_list, - JRI_CallStaticMethodChar_op_array, - JRI_CallStaticMethodShort_op, - JRI_CallStaticMethodShort_op_va_list, - JRI_CallStaticMethodShort_op_array, - JRI_CallStaticMethodInt_op, - JRI_CallStaticMethodInt_op_va_list, - JRI_CallStaticMethodInt_op_array, - JRI_CallStaticMethodLong_op, - JRI_CallStaticMethodLong_op_va_list, - JRI_CallStaticMethodLong_op_array, - JRI_CallStaticMethodFloat_op, - JRI_CallStaticMethodFloat_op_va_list, - JRI_CallStaticMethodFloat_op_array, - JRI_CallStaticMethodDouble_op, - JRI_CallStaticMethodDouble_op_va_list, - JRI_CallStaticMethodDouble_op_array, - JRI_GetStaticFieldID_op, - JRI_GetStaticField_op, - JRI_GetStaticFieldBoolean_op, - JRI_GetStaticFieldByte_op, - JRI_GetStaticFieldChar_op, - JRI_GetStaticFieldShort_op, - JRI_GetStaticFieldInt_op, - JRI_GetStaticFieldLong_op, - JRI_GetStaticFieldFloat_op, - JRI_GetStaticFieldDouble_op, - JRI_SetStaticField_op, - JRI_SetStaticFieldBoolean_op, - JRI_SetStaticFieldByte_op, - JRI_SetStaticFieldChar_op, - JRI_SetStaticFieldShort_op, - JRI_SetStaticFieldInt_op, - JRI_SetStaticFieldLong_op, - JRI_SetStaticFieldFloat_op, - JRI_SetStaticFieldDouble_op, - JRI_NewString_op, - JRI_GetStringLength_op, - JRI_GetStringChars_op, - JRI_NewStringUTF_op, - JRI_GetStringUTFLength_op, - JRI_GetStringUTFChars_op, - JRI_NewScalarArray_op, - JRI_GetScalarArrayLength_op, - JRI_GetScalarArrayElements_op, - JRI_NewObjectArray_op, - JRI_GetObjectArrayLength_op, - JRI_GetObjectArrayElement_op, - JRI_SetObjectArrayElement_op, - JRI_RegisterNatives_op, - JRI_UnregisterNatives_op -} JRIEnvOperations; - -#ifdef __cplusplus -} /* extern "C" */ -#endif /* __cplusplus */ - -#endif /* JRI_H */ -/******************************************************************************/ diff -Nru opensc-0.11.13/src/signer/npinclude/jri_md.h opensc-0.12.1/src/signer/npinclude/jri_md.h --- opensc-0.11.13/src/signer/npinclude/jri_md.h 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/signer/npinclude/jri_md.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,500 +0,0 @@ -/* -*- Mode: C; tab-width: 4; -*- */ -/******************************************************************************* - * Java Runtime Interface - Machine Dependent Types - * Copyright (c) 1996 Netscape Communications Corporation. All rights reserved. - ******************************************************************************/ - -#ifndef JRI_MD_H -#define JRI_MD_H - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/******************************************************************************* - * WHAT'S UP WITH THIS FILE? - * - * This is where we define the mystical JRI_PUBLIC_API macro that works on all - * platforms. If you're running with Visual C++, Symantec C, or Borland's - * development environment on the PC, you're all set. Or if you're on the Mac - * with Metrowerks, Symantec or MPW with SC you're ok too. For UNIX it shouldn't - * matter. - * - * On UNIX though you probably care about a couple of other symbols though: - * IS_LITTLE_ENDIAN must be defined for little-endian systems - * HAVE_LONG_LONG must be defined on systems that have 'long long' integers - * HAVE_ALIGNED_LONGLONGS must be defined if long-longs must be 8 byte aligned - * HAVE_ALIGNED_DOUBLES must be defined if doubles must be 8 byte aligned - * IS_64 must be defined on 64-bit machines (like Dec Alpha) - ******************************************************************************/ - -/* DLL Entry modifiers... */ - -/* PC */ -#if defined(XP_PC) || defined(_WINDOWS) || defined(WIN32) || defined(_WIN32) -# include -# if defined(_MSC_VER) -# if defined(WIN32) || defined(_WIN32) -# define JRI_PUBLIC_API(ResultType) _declspec(dllexport) ResultType -# define JRI_CALLBACK -# else /* !_WIN32 */ -# if defined(_WINDLL) -# define JRI_PUBLIC_API(ResultType) ResultType __cdecl __export __loadds -# define JRI_CALLBACK __loadds -# else /* !WINDLL */ -# define JRI_PUBLIC_API(ResultType) ResultType __cdecl __export -# define JRI_CALLBACK __export -# endif /* !WINDLL */ -# endif /* !_WIN32 */ -# elif defined(__BORLANDC__) -# if defined(WIN32) || defined(_WIN32) -# define JRI_PUBLIC_API(ResultType) __export ResultType -# define JRI_CALLBACK -# else /* !_WIN32 */ -# define JRI_PUBLIC_API(ResultType) ResultType _cdecl _export _loadds -# define JRI_CALLBACK _loadds -# endif -# else -# error Unsupported PC development environment. -# endif -# ifndef IS_LITTLE_ENDIAN -# define IS_LITTLE_ENDIAN -# endif - -/* Mac */ -#elif macintosh || Macintosh || THINK_C -# if defined(__MWERKS__) /* Metrowerks */ -# if !__option(enumsalwaysint) -# error You need to define 'Enums Always Int' for your project. -# endif -# if defined(GENERATING68K) && !GENERATINGCFM -# if !__option(fourbyteints) -# error You need to define 'Struct Alignment: 68k' for your project. -# endif -# endif /* !GENERATINGCFM */ -# elif defined(__SC__) /* Symantec */ -# error What are the Symantec defines? (warren@netscape.com) -# elif macintosh && applec /* MPW */ -# error Please upgrade to the latest MPW compiler (SC). -# else -# error Unsupported Mac development environment. -# endif -# define JRI_PUBLIC_API(ResultType) ResultType -# define JRI_CALLBACK - -/* Unix or else */ -#else -# define JRI_PUBLIC_API(ResultType) ResultType -# define JRI_CALLBACK -#endif - -#ifndef FAR /* for non-Win16 */ -#define FAR -#endif - -/******************************************************************************/ - -/* Java Scalar Types */ - -typedef unsigned char jbool; -typedef char jbyte; -typedef short jchar; -typedef short jshort; -#ifdef IS_64 /* XXX ok for alpha, but not right on all 64-bit architectures */ -typedef unsigned int juint; -typedef int jint; -#else -typedef unsigned long juint; -typedef long jint; -#endif -typedef float jfloat; -typedef double jdouble; - -typedef juint jsize; - -/******************************************************************************* - * jlong : long long (64-bit signed integer type) support. - ******************************************************************************/ - -/* -** Bit masking macros. (n must be <= 31 to be portable) -*/ -#define JRI_BIT(n) ((juint)1 << (n)) -#define JRI_BITMASK(n) (JRI_BIT(n) - 1) - -#ifdef HAVE_LONG_LONG - -#if !(defined(WIN32) || defined(_WIN32)) -typedef long long jlong; -typedef unsigned long long julong; - -#define jlong_MAXINT 0x7fffffffffffffffLL -#define jlong_MININT 0x8000000000000000LL -#define jlong_ZERO 0x0LL - -#else -typedef LONGLONG jlong; -typedef DWORDLONG julong; - -#define jlong_MAXINT 0x7fffffffffffffffi64 -#define jlong_MININT 0x8000000000000000i64 -#define jlong_ZERO 0x0i64 - -#endif - -#define jlong_IS_ZERO(a) ((a) == 0) -#define jlong_EQ(a, b) ((a) == (b)) -#define jlong_NE(a, b) ((a) != (b)) -#define jlong_GE_ZERO(a) ((a) >= 0) -#define jlong_CMP(a, op, b) ((a) op (b)) - -#define jlong_AND(r, a, b) ((r) = (a) & (b)) -#define jlong_OR(r, a, b) ((r) = (a) | (b)) -#define jlong_XOR(r, a, b) ((r) = (a) ^ (b)) -#define jlong_OR2(r, a) ((r) = (r) | (a)) -#define jlong_NOT(r, a) ((r) = ~(a)) - -#define jlong_NEG(r, a) ((r) = -(a)) -#define jlong_ADD(r, a, b) ((r) = (a) + (b)) -#define jlong_SUB(r, a, b) ((r) = (a) - (b)) - -#define jlong_MUL(r, a, b) ((r) = (a) * (b)) -#define jlong_DIV(r, a, b) ((r) = (a) / (b)) -#define jlong_MOD(r, a, b) ((r) = (a) % (b)) - -#define jlong_SHL(r, a, b) ((r) = (a) << (b)) -#define jlong_SHR(r, a, b) ((r) = (a) >> (b)) -#define jlong_USHR(r, a, b) ((r) = (julong)(a) >> (b)) -#define jlong_ISHL(r, a, b) ((r) = ((jlong)(a)) << (b)) - -#define jlong_L2I(i, l) ((i) = (int)(l)) -#define jlong_L2UI(ui, l) ((ui) =(unsigned int)(l)) -#define jlong_L2F(f, l) ((f) = (l)) -#define jlong_L2D(d, l) ((d) = (l)) - -#define jlong_I2L(l, i) ((l) = (i)) -#define jlong_UI2L(l, ui) ((l) = (ui)) -#define jlong_F2L(l, f) ((l) = (f)) -#define jlong_D2L(l, d) ((l) = (d)) - -#define jlong_UDIVMOD(qp, rp, a, b) \ - (*(qp) = ((julong)(a) / (b)), \ - *(rp) = ((julong)(a) % (b))) - -#else /* !HAVE_LONG_LONG */ - -typedef struct { -#ifdef IS_LITTLE_ENDIAN - juint lo, hi; -#else - juint hi, lo; -#endif -} jlong; -typedef jlong julong; - -extern jlong jlong_MAXINT, jlong_MININT, jlong_ZERO; - -#define jlong_IS_ZERO(a) (((a).hi == 0) && ((a).lo == 0)) -#define jlong_EQ(a, b) (((a).hi == (b).hi) && ((a).lo == (b).lo)) -#define jlong_NE(a, b) (((a).hi != (b).hi) || ((a).lo != (b).lo)) -#define jlong_GE_ZERO(a) (((a).hi >> 31) == 0) - -/* - * NB: jlong_CMP and jlong_UCMP work only for strict relationals (<, >). - */ -#define jlong_CMP(a, op, b) (((int32)(a).hi op (int32)(b).hi) || \ - (((a).hi == (b).hi) && ((a).lo op (b).lo))) -#define jlong_UCMP(a, op, b) (((a).hi op (b).hi) || \ - (((a).hi == (b).hi) && ((a).lo op (b).lo))) - -#define jlong_AND(r, a, b) ((r).lo = (a).lo & (b).lo, \ - (r).hi = (a).hi & (b).hi) -#define jlong_OR(r, a, b) ((r).lo = (a).lo | (b).lo, \ - (r).hi = (a).hi | (b).hi) -#define jlong_XOR(r, a, b) ((r).lo = (a).lo ^ (b).lo, \ - (r).hi = (a).hi ^ (b).hi) -#define jlong_OR2(r, a) ((r).lo = (r).lo | (a).lo, \ - (r).hi = (r).hi | (a).hi) -#define jlong_NOT(r, a) ((r).lo = ~(a).lo, \ - (r).hi = ~(a).hi) - -#define jlong_NEG(r, a) ((r).lo = -(int32)(a).lo, \ - (r).hi = -(int32)(a).hi - ((r).lo != 0)) -#define jlong_ADD(r, a, b) { \ - jlong _a, _b; \ - _a = a; _b = b; \ - (r).lo = _a.lo + _b.lo; \ - (r).hi = _a.hi + _b.hi + ((r).lo < _b.lo); \ -} - -#define jlong_SUB(r, a, b) { \ - jlong _a, _b; \ - _a = a; _b = b; \ - (r).lo = _a.lo - _b.lo; \ - (r).hi = _a.hi - _b.hi - (_a.lo < _b.lo); \ -} \ - -/* - * Multiply 64-bit operands a and b to get 64-bit result r. - * First multiply the low 32 bits of a and b to get a 64-bit result in r. - * Then add the outer and inner products to r.hi. - */ -#define jlong_MUL(r, a, b) { \ - jlong _a, _b; \ - _a = a; _b = b; \ - jlong_MUL32(r, _a.lo, _b.lo); \ - (r).hi += _a.hi * _b.lo + _a.lo * _b.hi; \ -} - -/* XXX _jlong_lo16(a) = ((a) << 16 >> 16) is better on some archs (not on mips) */ -#define _jlong_lo16(a) ((a) & JRI_BITMASK(16)) -#define _jlong_hi16(a) ((a) >> 16) - -/* - * Multiply 32-bit operands a and b to get 64-bit result r. - * Use polynomial expansion based on primitive field element (1 << 16). - */ -#define jlong_MUL32(r, a, b) { \ - juint _a1, _a0, _b1, _b0, _y0, _y1, _y2, _y3; \ - _a1 = _jlong_hi16(a), _a0 = _jlong_lo16(a); \ - _b1 = _jlong_hi16(b), _b0 = _jlong_lo16(b); \ - _y0 = _a0 * _b0; \ - _y1 = _a0 * _b1; \ - _y2 = _a1 * _b0; \ - _y3 = _a1 * _b1; \ - _y1 += _jlong_hi16(_y0); /* can't carry */ \ - _y1 += _y2; /* might carry */ \ - if (_y1 < _y2) _y3 += 1 << 16; /* propagate */ \ - (r).lo = (_jlong_lo16(_y1) << 16) + _jlong_lo16(_y0); \ - (r).hi = _y3 + _jlong_hi16(_y1); \ -} - -/* - * Divide 64-bit unsigned operand a by 64-bit unsigned operand b, setting *qp - * to the 64-bit unsigned quotient, and *rp to the 64-bit unsigned remainder. - * Minimize effort if one of qp and rp is null. - */ -#define jlong_UDIVMOD(qp, rp, a, b) jlong_udivmod(qp, rp, a, b) - -extern JRI_PUBLIC_API(void) -jlong_udivmod(julong *qp, julong *rp, julong a, julong b); - -#define jlong_DIV(r, a, b) { \ - jlong _a, _b; \ - juint _negative = (int32)(a).hi < 0; \ - if (_negative) { \ - jlong_NEG(_a, a); \ - } else { \ - _a = a; \ - } \ - if ((int32)(b).hi < 0) { \ - _negative ^= 1; \ - jlong_NEG(_b, b); \ - } else { \ - _b = b; \ - } \ - jlong_UDIVMOD(&(r), 0, _a, _b); \ - if (_negative) \ - jlong_NEG(r, r); \ -} - -#define jlong_MOD(r, a, b) { \ - jlong _a, _b; \ - juint _negative = (int32)(a).hi < 0; \ - if (_negative) { \ - jlong_NEG(_a, a); \ - } else { \ - _a = a; \ - } \ - if ((int32)(b).hi < 0) { \ - jlong_NEG(_b, b); \ - } else { \ - _b = b; \ - } \ - jlong_UDIVMOD(0, &(r), _a, _b); \ - if (_negative) \ - jlong_NEG(r, r); \ -} - -/* - * NB: b is a juint, not jlong or julong, for the shift ops. - */ -#define jlong_SHL(r, a, b) { \ - if (b) { \ - jlong _a; \ - _a = a; \ - if ((b) < 32) { \ - (r).lo = _a.lo << (b); \ - (r).hi = (_a.hi << (b)) | (_a.lo >> (32 - (b))); \ - } else { \ - (r).lo = 0; \ - (r).hi = _a.lo << ((b) & 31); \ - } \ - } else { \ - (r) = (a); \ - } \ -} - -/* a is an int32, b is int32, r is jlong */ -#define jlong_ISHL(r, a, b) { \ - if (b) { \ - jlong _a; \ - _a.lo = (a); \ - _a.hi = 0; \ - if ((b) < 32) { \ - (r).lo = (a) << (b); \ - (r).hi = ((a) >> (32 - (b))); \ - } else { \ - (r).lo = 0; \ - (r).hi = (a) << ((b) & 31); \ - } \ - } else { \ - (r).lo = (a); \ - (r).hi = 0; \ - } \ -} - -#define jlong_SHR(r, a, b) { \ - if (b) { \ - jlong _a; \ - _a = a; \ - if ((b) < 32) { \ - (r).lo = (_a.hi << (32 - (b))) | (_a.lo >> (b)); \ - (r).hi = (int32)_a.hi >> (b); \ - } else { \ - (r).lo = (int32)_a.hi >> ((b) & 31); \ - (r).hi = (int32)_a.hi >> 31; \ - } \ - } else { \ - (r) = (a); \ - } \ -} - -#define jlong_USHR(r, a, b) { \ - if (b) { \ - jlong _a; \ - _a = a; \ - if ((b) < 32) { \ - (r).lo = (_a.hi << (32 - (b))) | (_a.lo >> (b)); \ - (r).hi = _a.hi >> (b); \ - } else { \ - (r).lo = _a.hi >> ((b) & 31); \ - (r).hi = 0; \ - } \ - } else { \ - (r) = (a); \ - } \ -} - -#define jlong_L2I(i, l) ((i) = (l).lo) -#define jlong_L2UI(ui, l) ((ui) = (l).lo) -#define jlong_L2F(f, l) { double _d; jlong_L2D(_d, l); (f) = (float) _d; } - -#define jlong_L2D(d, l) { \ - int32 _negative; \ - jlong _absval; \ - \ - _negative = (l).hi >> 31; \ - if (_negative) { \ - jlong_NEG(_absval, l); \ - } else { \ - _absval = l; \ - } \ - (d) = (double)_absval.hi * 4.294967296e9 + _absval.lo; \ - if (_negative) \ - (d) = -(d); \ -} - -#define jlong_I2L(l, i) ((l).hi = (i) >> 31, (l).lo = (i)) -#define jlong_UI2L(l, ui) ((l).hi = 0, (l).lo = (ui)) -#define jlong_F2L(l, f) { double _d = (double) f; jlong_D2L(l, _d); } - -#define jlong_D2L(l, d) { \ - int _negative; \ - double _absval, _d_hi; \ - jlong _lo_d; \ - \ - _negative = ((d) < 0); \ - _absval = _negative ? -(d) : (d); \ - \ - (l).hi = (juint)(_absval / 4.294967296e9); \ - (l).lo = 0; \ - jlong_L2D(_d_hi, l); \ - _absval -= _d_hi; \ - _lo_d.hi = 0; \ - if (_absval < 0) { \ - _lo_d.lo = (juint) -_absval; \ - jlong_SUB(l, l, _lo_d); \ - } else { \ - _lo_d.lo = (juint) _absval; \ - jlong_ADD(l, l, _lo_d); \ - } \ - \ - if (_negative) \ - jlong_NEG(l, l); \ -} - -#endif /* !HAVE_LONG_LONG */ - -/******************************************************************************/ -/* -** JDK Stuff -- This stuff is still needed while we're using the JDK -** dynamic linking strategy to call native methods. -*/ - -typedef union JRI_JDK_stack_item { - /* Non pointer items */ - jint i; - jfloat f; - jint o; - /* Pointer items */ - void *h; - void *p; - unsigned char *addr; -#ifdef IS_64 - double d; - long l; /* == 64bits! */ -#endif -} JRI_JDK_stack_item; - -typedef union JRI_JDK_Java8Str { - jint x[2]; - jdouble d; - jlong l; - void *p; - float f; -} JRI_JDK_Java8; - -#ifdef HAVE_ALIGNED_LONGLONGS -#define JRI_GET_INT64(_t,_addr) ( ((_t).x[0] = ((jint*)(_addr))[0]), \ - ((_t).x[1] = ((jint*)(_addr))[1]), \ - (_t).l ) -#define JRI_SET_INT64(_t, _addr, _v) ( (_t).l = (_v), \ - ((jint*)(_addr))[0] = (_t).x[0], \ - ((jint*)(_addr))[1] = (_t).x[1] ) -#else -#define JRI_GET_INT64(_t,_addr) (*(jlong*)(_addr)) -#define JRI_SET_INT64(_t, _addr, _v) (*(jlong*)(_addr) = (_v)) -#endif - -/* If double's must be aligned on doubleword boundaries then define this */ -#ifdef HAVE_ALIGNED_DOUBLES -#define JRI_GET_DOUBLE(_t,_addr) ( ((_t).x[0] = ((jint*)(_addr))[0]), \ - ((_t).x[1] = ((jint*)(_addr))[1]), \ - (_t).d ) -#define JRI_SET_DOUBLE(_t, _addr, _v) ( (_t).d = (_v), \ - ((jint*)(_addr))[0] = (_t).x[0], \ - ((jint*)(_addr))[1] = (_t).x[1] ) -#else -#define JRI_GET_DOUBLE(_t,_addr) (*(jdouble*)(_addr)) -#define JRI_SET_DOUBLE(_t, _addr, _v) (*(jdouble*)(_addr) = (_v)) -#endif - -/******************************************************************************/ -#ifdef __cplusplus -} -#endif -#endif /* JRI_MD_H */ -/******************************************************************************/ diff -Nru opensc-0.11.13/src/signer/npinclude/jritypes.h opensc-0.12.1/src/signer/npinclude/jritypes.h --- opensc-0.11.13/src/signer/npinclude/jritypes.h 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/signer/npinclude/jritypes.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,180 +0,0 @@ -/* -*- Mode: C; tab-width: 4; -*- */ -/******************************************************************************* - * Java Runtime Interface - * Copyright (c) 1996 Netscape Communications Corporation. All rights reserved. - ******************************************************************************/ - -#ifndef JRITYPES_H -#define JRITYPES_H - -#include "jri_md.h" -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/******************************************************************************* - * Types - ******************************************************************************/ - -struct JRIEnvInterface; - -typedef void* JRIRef; -typedef void* JRIGlobalRef; - -typedef jint JRIInterfaceID[4]; -typedef jint JRIFieldID; -typedef jint JRIMethodID; - -/* synonyms: */ -typedef JRIGlobalRef jglobal; -typedef JRIRef jref; - -typedef union JRIValue { - jbool z; - jbyte b; - jchar c; - jshort s; - jint i; - jlong l; - jfloat f; - jdouble d; - jref r; -} JRIValue; - -typedef JRIValue jvalue; - -typedef enum JRIBoolean { - JRIFalse = 0, - JRITrue = 1 -} JRIBoolean; - -typedef enum JRIConstant { - JRIUninitialized = -1 -} JRIConstant; - -/* convenience types: */ -typedef JRIRef jbooleanArray; -typedef JRIRef jbyteArray; -typedef JRIRef jcharArray; -typedef JRIRef jshortArray; -typedef JRIRef jintArray; -typedef JRIRef jlongArray; -typedef JRIRef jfloatArray; -typedef JRIRef jdoubleArray; -typedef JRIRef jobjectArray; -typedef JRIRef jstringArray; -typedef JRIRef jarrayArray; - -#define JRIConstructorMethodName "" - -/******************************************************************************* - * Signature Construction Macros - ******************************************************************************/ - -/* -** These macros can be used to construct signature strings. Hopefully their names -** are a little easier to remember than the single character they correspond to. -** For example, to specify the signature of the method: -** -** public int read(byte b[], int off, int len); -** -** you could write something like this in C: -** -** char* readSig = JRISigMethod(JRISigArray(JRISigByte) -** JRISigInt -** JRISigInt) JRISigInt; -** -** Of course, don't put commas between the types. -*/ -#define JRISigArray(T) "[" T -#define JRISigByte "B" -#define JRISigChar "C" -#define JRISigClass(name) "L" name ";" -#define JRISigFloat "F" -#define JRISigDouble "D" -#define JRISigMethod(args) "(" args ")" -#define JRISigNoArgs "" -#define JRISigInt "I" -#define JRISigLong "J" -#define JRISigShort "S" -#define JRISigVoid "V" -#define JRISigBoolean "Z" - -/******************************************************************************* - * Environments - ******************************************************************************/ - -extern JRI_PUBLIC_API(const struct JRIEnvInterface**) -JRI_GetCurrentEnv(void); - -/******************************************************************************* - * Specific Scalar Array Types - ******************************************************************************/ - -/* -** The JRI Native Method Interface does not support boolean arrays. This -** is to allow Java runtime implementations to optimize boolean array -** storage. Using the ScalarArray operations on boolean arrays is bound -** to fail, so convert any boolean arrays to byte arrays in Java before -** passing them to a native method. -*/ - -#define JRI_NewByteArray(env, length, initialValues) \ - JRI_NewScalarArray(env, length, JRISigByte, (jbyte*)(initialValues)) -#define JRI_GetByteArrayLength(env, array) \ - JRI_GetScalarArrayLength(env, array) -#define JRI_GetByteArrayElements(env, array) \ - JRI_GetScalarArrayElements(env, array) - -#define JRI_NewCharArray(env, length, initialValues) \ - JRI_NewScalarArray(env, ((length) * sizeof(jchar)), JRISigChar, (jbyte*)(initialValues)) -#define JRI_GetCharArrayLength(env, array) \ - JRI_GetScalarArrayLength(env, array) -#define JRI_GetCharArrayElements(env, array) \ - ((jchar*)JRI_GetScalarArrayElements(env, array)) - -#define JRI_NewShortArray(env, length, initialValues) \ - JRI_NewScalarArray(env, ((length) * sizeof(jshort)), JRISigShort, (jbyte*)(initialValues)) -#define JRI_GetShortArrayLength(env, array) \ - JRI_GetScalarArrayLength(env, array) -#define JRI_GetShortArrayElements(env, array) \ - ((jshort*)JRI_GetScalarArrayElements(env, array)) - -#define JRI_NewIntArray(env, length, initialValues) \ - JRI_NewScalarArray(env, ((length) * sizeof(jint)), JRISigInt, (jbyte*)(initialValues)) -#define JRI_GetIntArrayLength(env, array) \ - JRI_GetScalarArrayLength(env, array) -#define JRI_GetIntArrayElements(env, array) \ - ((jint*)JRI_GetScalarArrayElements(env, array)) - -#define JRI_NewLongArray(env, length, initialValues) \ - JRI_NewScalarArray(env, ((length) * sizeof(jlong)), JRISigLong, (jbyte*)(initialValues)) -#define JRI_GetLongArrayLength(env, array) \ - JRI_GetScalarArrayLength(env, array) -#define JRI_GetLongArrayElements(env, array) \ - ((jlong*)JRI_GetScalarArrayElements(env, array)) - -#define JRI_NewFloatArray(env, length, initialValues) \ - JRI_NewScalarArray(env, ((length) * sizeof(jfloat)), JRISigFloat, (jbyte*)(initialValues)) -#define JRI_GetFloatArrayLength(env, array) \ - JRI_GetScalarArrayLength(env, array) -#define JRI_GetFloatArrayElements(env, array) \ - ((jfloat*)JRI_GetScalarArrayElements(env, array)) - -#define JRI_NewDoubleArray(env, length, initialValues) \ - JRI_NewScalarArray(env, ((length) * sizeof(jdouble)), JRISigDouble, (jbyte*)(initialValues)) -#define JRI_GetDoubleArrayLength(env, array) \ - JRI_GetScalarArrayLength(env, array) -#define JRI_GetDoubleArrayElements(env, array) \ - ((jdouble*)JRI_GetScalarArrayElements(env, array)) - -/******************************************************************************/ -#ifdef __cplusplus -} -#endif -#endif /* JRITYPES_H */ -/******************************************************************************/ diff -Nru opensc-0.11.13/src/signer/npinclude/Makefile.am opensc-0.12.1/src/signer/npinclude/Makefile.am --- opensc-0.11.13/src/signer/npinclude/Makefile.am 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/signer/npinclude/Makefile.am 1970-01-01 00:00:00.000000000 +0000 @@ -1,3 +0,0 @@ -MAINTAINERCLEANFILES = $(srcdir)/Makefile.in - -noinst_HEADERS = jri.h jri_md.h jritypes.h npapi.h npunix.c npupp.h diff -Nru opensc-0.11.13/src/signer/npinclude/Makefile.in opensc-0.12.1/src/signer/npinclude/Makefile.in --- opensc-0.11.13/src/signer/npinclude/Makefile.in 2010-02-16 09:32:18.000000000 +0000 +++ opensc-0.12.1/src/signer/npinclude/Makefile.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,462 +0,0 @@ -# Makefile.in generated by automake 1.11 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, -# Inc. -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -VPATH = @srcdir@ -pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -subdir = src/signer/npinclude -DIST_COMMON = $(noinst_HEADERS) $(srcdir)/Makefile.am \ - $(srcdir)/Makefile.in -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/acx_pthread.m4 \ - $(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -SOURCES = -DIST_SOURCES = -HEADERS = $(noinst_HEADERS) -ETAGS = etags -CTAGS = ctags -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -AMTAR = @AMTAR@ -AR = @AR@ -AS = @AS@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CYGPATH_W = @CYGPATH_W@ -DEFAULT_PCSC_PROVIDER = @DEFAULT_PCSC_PROVIDER@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -DLLTOOL = @DLLTOOL@ -DSYMUTIL = @DSYMUTIL@ -DUMPBIN = @DUMPBIN@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -FGREP = @FGREP@ -GREP = @GREP@ -ICONV_CFLAGS = @ICONV_CFLAGS@ -ICONV_LIBS = @ICONV_LIBS@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -LD = @LD@ -LDFLAGS = @LDFLAGS@ -LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@ -LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@ -LIBASSUAN_LIBS = @LIBASSUAN_LIBS@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIPO = @LIPO@ -LN_S = @LN_S@ -LTLIBOBJS = @LTLIBOBJS@ -LTLIB_CFLAGS = @LTLIB_CFLAGS@ -LTLIB_LIBS = @LTLIB_LIBS@ -MAKEINFO = @MAKEINFO@ -MKDIR_P = @MKDIR_P@ -NM = @NM@ -NMEDIT = @NMEDIT@ -OBJDUMP = @OBJDUMP@ -OBJEXT = @OBJEXT@ -OPENCT_CFLAGS = @OPENCT_CFLAGS@ -OPENCT_LIBS = @OPENCT_LIBS@ -OPENSC_LT_AGE = @OPENSC_LT_AGE@ -OPENSC_LT_CURRENT = @OPENSC_LT_CURRENT@ -OPENSC_LT_OLDEST = @OPENSC_LT_OLDEST@ -OPENSC_LT_REVISION = @OPENSC_LT_REVISION@ -OPENSC_VERSION_FIX = @OPENSC_VERSION_FIX@ -OPENSC_VERSION_MAJOR = @OPENSC_VERSION_MAJOR@ -OPENSC_VERSION_MINOR = @OPENSC_VERSION_MINOR@ -OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ -OPENSSL_LIBS = @OPENSSL_LIBS@ -OPTIONAL_ICONV_CFLAGS = @OPTIONAL_ICONV_CFLAGS@ -OPTIONAL_ICONV_LIBS = @OPTIONAL_ICONV_LIBS@ -OPTIONAL_OPENCT_CFLAGS = @OPTIONAL_OPENCT_CFLAGS@ -OPTIONAL_OPENCT_LIBS = @OPTIONAL_OPENCT_LIBS@ -OPTIONAL_OPENSSL_CFLAGS = @OPTIONAL_OPENSSL_CFLAGS@ -OPTIONAL_OPENSSL_LIBS = @OPTIONAL_OPENSSL_LIBS@ -OPTIONAL_PCSC_CFLAGS = @OPTIONAL_PCSC_CFLAGS@ -OPTIONAL_READLINE_CFLAGS = @OPTIONAL_READLINE_CFLAGS@ -OPTIONAL_READLINE_LIBS = @OPTIONAL_READLINE_LIBS@ -OPTIONAL_ZLIB_CFLAGS = @OPTIONAL_ZLIB_CFLAGS@ -OPTIONAL_ZLIB_LIBS = @OPTIONAL_ZLIB_LIBS@ -OTOOL = @OTOOL@ -OTOOL64 = @OTOOL64@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_URL = @PACKAGE_URL@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PCSC_CFLAGS = @PCSC_CFLAGS@ -PCSC_LIBS = @PCSC_LIBS@ -PKG_CONFIG = @PKG_CONFIG@ -PTHREAD_CC = @PTHREAD_CC@ -PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ -PTHREAD_LIBS = @PTHREAD_LIBS@ -RANLIB = @RANLIB@ -RC = @RC@ -READLINE_CFLAGS = @READLINE_CFLAGS@ -READLINE_LIBS = @READLINE_LIBS@ -SED = @SED@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -STRIP = @STRIP@ -SVN = @SVN@ -TR = @TR@ -VERSION = @VERSION@ -WGET = @WGET@ -WGET_OPTS = @WGET_OPTS@ -WIN_LIBPREFIX = @WIN_LIBPREFIX@ -XSLTPROC = @XSLTPROC@ -ZLIB_CFLAGS = @ZLIB_CFLAGS@ -ZLIB_LIBS = @ZLIB_LIBS@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -acx_pthread_config = @acx_pthread_config@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -libdir = @libdir@ -libexecdir = @libexecdir@ -localedir = @localedir@ -localstatedir = @localstatedir@ -lt_ECHO = @lt_ECHO@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -openscincludedir = @openscincludedir@ -pdfdir = @pdfdir@ -pkcs11dir = @pkcs11dir@ -pkgconfigdir = @pkgconfigdir@ -plugindir = @plugindir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ -sysconfdir = @sysconfdir@ -target_alias = @target_alias@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -xslstylesheetsdir = @xslstylesheetsdir@ -MAINTAINERCLEANFILES = $(srcdir)/Makefile.in -noinst_HEADERS = jri.h jri_md.h jritypes.h npapi.h npunix.c npupp.h -all: all-am - -.SUFFIXES: -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/signer/npinclude/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/signer/npinclude/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs - -ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - mkid -fID $$unique -tags: TAGS - -TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - set x; \ - here=`pwd`; \ - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi -ctags: CTAGS -CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-am -all-am: Makefile $(HEADERS) -installdirs: -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." - -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) -clean: clean-am - -clean-am: clean-generic clean-libtool mostlyclean-am - -distclean: distclean-am - -rm -f Makefile -distclean-am: clean-am distclean-generic distclean-tags - -dvi: dvi-am - -dvi-am: - -html: html-am - -html-am: - -info: info-am - -info-am: - -install-data-am: - -install-dvi: install-dvi-am - -install-dvi-am: - -install-exec-am: - -install-html: install-html-am - -install-html-am: - -install-info: install-info-am - -install-info-am: - -install-man: - -install-pdf: install-pdf-am - -install-pdf-am: - -install-ps: install-ps-am - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-generic mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: - -.MAKE: install-am install-strip - -.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool ctags distclean distclean-generic \ - distclean-libtool distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am install-info \ - install-info-am install-man install-pdf install-pdf-am \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-generic \ - mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \ - uninstall-am - - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff -Nru opensc-0.11.13/src/signer/npinclude/npapi.h opensc-0.12.1/src/signer/npinclude/npapi.h --- opensc-0.11.13/src/signer/npinclude/npapi.h 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/signer/npinclude/npapi.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,396 +0,0 @@ -/* -*- Mode: C; tab-width: 4; -*- */ -/* - * npapi.h $Revision: 606 $ - * Netscape client plug-in API spec - */ - -#ifndef _NPAPI_H_ -#define _NPAPI_H_ - -#include "jri.h" /* Java Runtime Interface */ - - -/* XXX this needs to get out of here */ -#if defined(__MWERKS__) -#ifndef XP_MAC -#define XP_MAC -#endif -#endif - - - -/*----------------------------------------------------------------------*/ -/* Plugin Version Constants */ -/*----------------------------------------------------------------------*/ - -#define NP_VERSION_MAJOR 0 -#define NP_VERSION_MINOR 9 - - -#if defined(_AIX) -#define _INT16 -#define _INT32 -#endif - -/*----------------------------------------------------------------------*/ -/* Definition of Basic Types */ -/*----------------------------------------------------------------------*/ - -#ifndef _UINT16 -typedef unsigned short uint16; -#endif -#ifndef _UINT32 -#if defined(__alpha) -typedef unsigned int uint32; -#else /* __alpha */ -typedef unsigned long uint32; -#endif /* __alpha */ -#endif -#ifndef _INT16 -typedef short int16; -#endif -#ifndef _INT32 -#if defined(__alpha) -typedef int int32; -#else /* __alpha */ -typedef long int32; -#endif /* __alpha */ -#endif - -#ifndef FALSE -#define FALSE (0) -#endif -#ifndef TRUE -#define TRUE (1) -#endif -#ifndef NULL -#define NULL (0L) -#endif - -typedef unsigned char NPBool; -typedef void* NPEvent; -typedef int16 NPError; -typedef int16 NPReason; -typedef char* NPMIMEType; - - - -/*----------------------------------------------------------------------*/ -/* Structures and definitions */ -/*----------------------------------------------------------------------*/ - -/* - * NPP is a plug-in's opaque instance handle - */ -typedef struct _NPP -{ - void* pdata; /* plug-in private data */ - void* ndata; /* netscape private data */ -} NPP_t; - -typedef NPP_t* NPP; - - -typedef struct _NPStream -{ - void* pdata; /* plug-in private data */ - void* ndata; /* netscape private data */ - const char* url; - uint32 end; - uint32 lastmodified; - void* notifyData; -} NPStream; - - -typedef struct _NPByteRange -{ - int32 offset; /* negative offset means from the end */ - uint32 length; - struct _NPByteRange* next; -} NPByteRange; - - -typedef struct _NPSavedData -{ - int32 len; - void* buf; -} NPSavedData; - - -typedef struct _NPRect -{ - uint16 top; - uint16 left; - uint16 bottom; - uint16 right; -} NPRect; - - -#ifdef XP_UNIX -/* - * Unix specific structures and definitions - */ -#include - -/* - * Callback Structures. - * - * These are used to pass additional platform specific information. - */ -enum { - NP_SETWINDOW = 1 -}; - -typedef struct -{ - int32 type; -} NPAnyCallbackStruct; - -typedef struct -{ - int32 type; - Display* display; - Visual* visual; - Colormap colormap; - unsigned int depth; -} NPSetWindowCallbackStruct; - -/* - * List of variable names for which NPP_GetValue shall be implemented - */ -typedef enum { - NPPVpluginNameString = 1, - NPPVpluginDescriptionString -} NPPVariable; - -/* - * List of variable names for which NPN_GetValue is implemented by Mozilla - */ -typedef enum { - NPNVxDisplay = 1, - NPNVxtAppContext -} NPNVariable; - -#endif /* XP_UNIX */ - - -typedef struct _NPWindow -{ - void* window; /* Platform specific window handle */ - uint32 x; /* Position of top left corner relative */ - uint32 y; /* to a netscape page. */ - uint32 width; /* Maximum window size */ - uint32 height; - NPRect clipRect; /* Clipping rectangle in port coordinates */ - /* Used by MAC only. */ -#ifdef XP_UNIX - void * ws_info; /* Platform-dependent additonal data */ -#endif /* XP_UNIX */ -} NPWindow; - - -typedef struct _NPFullPrint -{ - NPBool pluginPrinted; /* Set TRUE if plugin handled fullscreen */ - /* printing */ - NPBool printOne; /* TRUE if plugin should print one copy */ - /* to default printer */ - void* platformPrint; /* Platform-specific printing info */ -} NPFullPrint; - -typedef struct _NPEmbedPrint -{ - NPWindow window; - void* platformPrint; /* Platform-specific printing info */ -} NPEmbedPrint; - -typedef struct _NPPrint -{ - uint16 mode; /* NP_FULL or NP_EMBED */ - union - { - NPFullPrint fullPrint; /* if mode is NP_FULL */ - NPEmbedPrint embedPrint; /* if mode is NP_EMBED */ - } print; -} NPPrint; - - -#ifdef XP_MAC -/* - * Mac-specific structures and definitions. - */ - -#include -#include - -typedef struct NP_Port -{ - CGrafPtr port; /* Grafport */ - int32 portx; /* position inside the topmost window */ - int32 porty; -} NP_Port; - -/* - * Non-standard event types that can be passed to HandleEvent - */ -#define getFocusEvent (osEvt + 16) -#define loseFocusEvent (osEvt + 17) -#define adjustCursorEvent (osEvt + 18) - -#endif /* XP_MAC */ - - -/* - * Values for mode passed to NPP_New: - */ -#define NP_EMBED 1 -#define NP_FULL 2 - -/* - * Values for stream type passed to NPP_NewStream: - */ -#define NP_NORMAL 1 -#define NP_SEEK 2 -#define NP_ASFILE 3 -#define NP_ASFILEONLY 4 - -#define NP_MAXREADY (((unsigned)(~0)<<1)>>1) - - - -/*----------------------------------------------------------------------*/ -/* Error and Reason Code definitions */ -/*----------------------------------------------------------------------*/ - -/* - * Values of type NPError: - */ -#define NPERR_BASE 0 -#define NPERR_NO_ERROR (NPERR_BASE + 0) -#define NPERR_GENERIC_ERROR (NPERR_BASE + 1) -#define NPERR_INVALID_INSTANCE_ERROR (NPERR_BASE + 2) -#define NPERR_INVALID_FUNCTABLE_ERROR (NPERR_BASE + 3) -#define NPERR_MODULE_LOAD_FAILED_ERROR (NPERR_BASE + 4) -#define NPERR_OUT_OF_MEMORY_ERROR (NPERR_BASE + 5) -#define NPERR_INVALID_PLUGIN_ERROR (NPERR_BASE + 6) -#define NPERR_INVALID_PLUGIN_DIR_ERROR (NPERR_BASE + 7) -#define NPERR_INCOMPATIBLE_VERSION_ERROR (NPERR_BASE + 8) -#define NPERR_INVALID_PARAM (NPERR_BASE + 9) -#define NPERR_INVALID_URL (NPERR_BASE + 10) -#define NPERR_FILE_NOT_FOUND (NPERR_BASE + 11) -#define NPERR_NO_DATA (NPERR_BASE + 12) -#define NPERR_STREAM_NOT_SEEKABLE (NPERR_BASE + 13) - -/* - * Values of type NPReason: - */ -#define NPRES_BASE 0 -#define NPRES_DONE (NPRES_BASE + 0) -#define NPRES_NETWORK_ERR (NPRES_BASE + 1) -#define NPRES_USER_BREAK (NPRES_BASE + 2) - -/* - * Don't use these obsolete error codes any more. - */ -#define NP_NOERR NP_NOERR_is_obsolete_use_NPERR_NO_ERROR -#define NP_EINVAL NP_EINVAL_is_obsolete_use_NPERR_GENERIC_ERROR -#define NP_EABORT NP_EABORT_is_obsolete_use_NPRES_USER_BREAK - -/* - * Version feature information - */ -#define NPVERS_HAS_STREAMOUTPUT 8 -#define NPVERS_HAS_NOTIFICATION 9 -#define NPVERS_HAS_LIVECONNECT 9 - - -/*----------------------------------------------------------------------*/ -/* Function Prototypes */ -/*----------------------------------------------------------------------*/ - -#if defined(_WINDOWS) && !defined(WIN32) -#define NP_LOADDS _loadds -#else -#define NP_LOADDS -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * NPP_* functions are provided by the plugin and called by the navigator. - */ - -#ifdef XP_UNIX -char* NPP_GetMIMEDescription(void); -NPError NPP_GetValue(void *instance, NPPVariable variable, - void *value); -#endif /* XP_UNIX */ -NPError NPP_Initialize(void); -void NPP_Shutdown(void); -NPError NP_LOADDS NPP_New(NPMIMEType pluginType, NPP instance, - uint16 mode, int16 argc, char* argn[], - char* argv[], NPSavedData* saved); -NPError NP_LOADDS NPP_Destroy(NPP instance, NPSavedData** save); -NPError NP_LOADDS NPP_SetWindow(NPP instance, NPWindow* window); -NPError NP_LOADDS NPP_NewStream(NPP instance, NPMIMEType type, - NPStream* stream, NPBool seekable, - uint16* stype); -NPError NP_LOADDS NPP_DestroyStream(NPP instance, NPStream* stream, - NPReason reason); -int32 NP_LOADDS NPP_WriteReady(NPP instance, NPStream* stream); -int32 NP_LOADDS NPP_Write(NPP instance, NPStream* stream, int32 offset, - int32 len, void* buffer); -void NP_LOADDS NPP_StreamAsFile(NPP instance, NPStream* stream, - const char* fname); -void NP_LOADDS NPP_Print(NPP instance, NPPrint* platformPrint); -int16 NPP_HandleEvent(NPP instance, void* event); -void NPP_URLNotify(NPP instance, const char* url, - NPReason reason, void* notifyData); -jref NPP_GetJavaClass(void); - - -/* - * NPN_* functions are provided by the navigator and called by the plugin. - */ - -#ifdef XP_UNIX -NPError NPN_GetValue(NPP instance, NPNVariable variable, - void *value); -#endif /* XP_UNIX */ -void NPN_Version(int* plugin_major, int* plugin_minor, - int* netscape_major, int* netscape_minor); -NPError NPN_GetURLNotify(NPP instance, const char* url, - const char* target, void* notifyData); -NPError NPN_GetURL(NPP instance, const char* url, - const char* target); -NPError NPN_PostURLNotify(NPP instance, const char* url, - const char* target, uint32 len, - const char* buf, NPBool file, - void* notifyData); -NPError NPN_PostURL(NPP instance, const char* url, - const char* target, uint32 len, - const char* buf, NPBool file); -NPError NPN_RequestRead(NPStream* stream, NPByteRange* rangeList); -NPError NPN_NewStream(NPP instance, NPMIMEType type, - const char* target, NPStream** stream); -int32 NPN_Write(NPP instance, NPStream* stream, int32 len, - void* buffer); -NPError NPN_DestroyStream(NPP instance, NPStream* stream, - NPReason reason); -void NPN_Status(NPP instance, const char* message); -const char* NPN_UserAgent(NPP instance); -void* NPN_MemAlloc(uint32 size); -void NPN_MemFree(void* ptr); -uint32 NPN_MemFlush(uint32 size); -void NPN_ReloadPlugins(NPBool reloadPages); -JRIEnv* NPN_GetJavaEnv(void); -jref NPN_GetJavaPeer(NPP instance); - - -#ifdef __cplusplus -} /* end extern "C" */ -#endif - -#endif /* _NPAPI_H_ */ diff -Nru opensc-0.11.13/src/signer/npinclude/npunix.c opensc-0.12.1/src/signer/npinclude/npunix.c --- opensc-0.11.13/src/signer/npinclude/npunix.c 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/signer/npinclude/npunix.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,406 +0,0 @@ -/* - * npunix.c - * - * Netscape Client Plugin API - * - Wrapper function to interface with the Netscape Navigator - * - * dp Suresh - * - *---------------------------------------------------------------------- - * PLUGIN DEVELOPERS: - * YOU WILL NOT NEED TO EDIT THIS FILE. - *---------------------------------------------------------------------- - */ - -#define XP_UNIX 1 - -#include -#include "npapi.h" -#include "npupp.h" - -/* - * Define PLUGIN_TRACE to have the wrapper functions print - * messages to stderr whenever they are called. - */ - -#ifdef PLUGIN_TRACE -#include -#define PLUGINDEBUGSTR(msg) fprintf(stderr, "%s\n", msg) -#else -#define PLUGINDEBUGSTR(msg) -#endif - - -/*********************************************************************** - * - * Globals - * - ***********************************************************************/ - -static NPNetscapeFuncs gNetscapeFuncs; /* Netscape Function table */ - - -/*********************************************************************** - * - * Wrapper functions : plugin calling Netscape Navigator - * - * These functions let the plugin developer just call the APIs - * as documented and defined in npapi.h, without needing to know - * about the function table and call macros in npupp.h. - * - ***********************************************************************/ - -void -NPN_Version(int* plugin_major, int* plugin_minor, - int* netscape_major, int* netscape_minor) -{ - *plugin_major = NP_VERSION_MAJOR; - *plugin_minor = NP_VERSION_MINOR; - - /* Major version is in high byte */ - *netscape_major = gNetscapeFuncs.version >> 8; - /* Minor version is in low byte */ - *netscape_minor = gNetscapeFuncs.version & 0xFF; -} - -NPError -NPN_GetValue(NPP instance, NPNVariable variable, void *r_value) -{ - return CallNPN_GetValueProc(gNetscapeFuncs.getvalue, - instance, variable, r_value); -} - -NPError -NPN_GetURL(NPP instance, const char* url, const char* window) -{ - return CallNPN_GetURLProc(gNetscapeFuncs.geturl, instance, url, window); -} - -NPError -NPN_PostURL(NPP instance, const char* url, const char* window, - uint32 len, const char* buf, NPBool file) -{ - return CallNPN_PostURLProc(gNetscapeFuncs.posturl, instance, - url, window, len, buf, file); -} - -NPError -NPN_RequestRead(NPStream* stream, NPByteRange* rangeList) -{ - return CallNPN_RequestReadProc(gNetscapeFuncs.requestread, - stream, rangeList); -} - -NPError -NPN_NewStream(NPP instance, NPMIMEType type, const char *window, - NPStream** stream_ptr) -{ - return CallNPN_NewStreamProc(gNetscapeFuncs.newstream, instance, - type, window, stream_ptr); -} - -int32 -NPN_Write(NPP instance, NPStream* stream, int32 len, void* buffer) -{ - return CallNPN_WriteProc(gNetscapeFuncs.write, instance, - stream, len, buffer); -} - -NPError -NPN_DestroyStream(NPP instance, NPStream* stream, NPError reason) -{ - return CallNPN_DestroyStreamProc(gNetscapeFuncs.destroystream, - instance, stream, reason); -} - -void -NPN_Status(NPP instance, const char* message) -{ - CallNPN_StatusProc(gNetscapeFuncs.status, instance, message); -} - -const char* -NPN_UserAgent(NPP instance) -{ - return CallNPN_UserAgentProc(gNetscapeFuncs.uagent, instance); -} - -void* -NPN_MemAlloc(uint32 size) -{ - return CallNPN_MemAllocProc(gNetscapeFuncs.memalloc, size); -} - -void NPN_MemFree(void* ptr) -{ - CallNPN_MemFreeProc(gNetscapeFuncs.memfree, ptr); -} - -uint32 NPN_MemFlush(uint32 size) -{ - return CallNPN_MemFlushProc(gNetscapeFuncs.memflush, size); -} - -void NPN_ReloadPlugins(NPBool reloadPages) -{ - CallNPN_ReloadPluginsProc(gNetscapeFuncs.reloadplugins, reloadPages); -} - -JRIEnv* NPN_GetJavaEnv() -{ - return CallNPN_GetJavaEnvProc(gNetscapeFuncs.getJavaEnv); -} - -jref NPN_GetJavaPeer(NPP instance) -{ - return CallNPN_GetJavaPeerProc(gNetscapeFuncs.getJavaPeer, - instance); -} - - -/*********************************************************************** - * - * Wrapper functions : Netscape Navigator -> plugin - * - * These functions let the plugin developer just create the APIs - * as documented and defined in npapi.h, without needing to - * install those functions in the function table or worry about - * setting up globals for 68K plugins. - * - ***********************************************************************/ - -NPError -Private_New(NPMIMEType pluginType, NPP instance, uint16 mode, - int16 argc, char* argn[], char* argv[], NPSavedData* saved) -{ - NPError ret; - PLUGINDEBUGSTR("New"); - ret = NPP_New(pluginType, instance, mode, argc, argn, argv, saved); - return ret; -} - -NPError -Private_Destroy(NPP instance, NPSavedData** save) -{ - PLUGINDEBUGSTR("Destroy"); - return NPP_Destroy(instance, save); -} - -NPError -Private_SetWindow(NPP instance, NPWindow* window) -{ - NPError err; - PLUGINDEBUGSTR("SetWindow"); - err = NPP_SetWindow(instance, window); - return err; -} - -NPError -Private_NewStream(NPP instance, NPMIMEType type, NPStream* stream, - NPBool seekable, uint16* stype) -{ - NPError err; - PLUGINDEBUGSTR("NewStream"); - err = NPP_NewStream(instance, type, stream, seekable, stype); - return err; -} - -int32 -Private_WriteReady(NPP instance, NPStream* stream) -{ - unsigned int result; - PLUGINDEBUGSTR("WriteReady"); - result = NPP_WriteReady(instance, stream); - return result; -} - -int32 -Private_Write(NPP instance, NPStream* stream, int32 offset, int32 len, - void* buffer) -{ - unsigned int result; - PLUGINDEBUGSTR("Write"); - result = NPP_Write(instance, stream, offset, len, buffer); - return result; -} - -void -Private_StreamAsFile(NPP instance, NPStream* stream, const char* fname) -{ - PLUGINDEBUGSTR("StreamAsFile"); - NPP_StreamAsFile(instance, stream, fname); -} - - -NPError -Private_DestroyStream(NPP instance, NPStream* stream, NPError reason) -{ - NPError err; - PLUGINDEBUGSTR("DestroyStream"); - err = NPP_DestroyStream(instance, stream, reason); - return err; -} - - -void -Private_Print(NPP instance, NPPrint* platformPrint) -{ - PLUGINDEBUGSTR("Print"); - NPP_Print(instance, platformPrint); -} - -JRIGlobalRef -Private_GetJavaClass(void) -{ - jref clazz = NPP_GetJavaClass(); - if (clazz) { - JRIEnv* env = NPN_GetJavaEnv(); - return JRI_NewGlobalRef(env, clazz); - } - return NULL; -} - -/*********************************************************************** - * - * These functions are located automagically by netscape. - * - ***********************************************************************/ - -/* - * NP_GetMIMEDescription - * - Netscape needs to know about this symbol - * - Netscape uses the return value to identify when an object instance - * of this plugin should be created. - */ -char * -NP_GetMIMEDescription(void) -{ - return NPP_GetMIMEDescription(); -} - -/* - * NP_GetValue [optional] - * - Netscape needs to know about this symbol. - * - Interfaces with plugin to get values for predefined variables - * that the navigator needs. - */ -NPError -NP_GetValue(void *future, NPPVariable variable, void *value) -{ - return NPP_GetValue(future, variable, value); -} - -/* - * NP_Initialize - * - Netscape needs to know about this symbol. - * - It calls this function after looking up its symbol before it - * is about to create the first ever object of this kind. - * - * PARAMETERS - * nsTable - The netscape function table. If developers just use these - * wrappers, they dont need to worry about all these function - * tables. - * RETURN - * pluginFuncs - * - This functions needs to fill the plugin function table - * pluginFuncs and return it. Netscape Navigator plugin - * library will use this function table to call the plugin. - * - */ -NPError -NP_Initialize(NPNetscapeFuncs* nsTable, NPPluginFuncs* pluginFuncs) -{ - NPError err = NPERR_NO_ERROR; - - PLUGINDEBUGSTR("NP_Initialize"); - - /* validate input parameters */ - - if ((nsTable == NULL) || (pluginFuncs == NULL)) - err = NPERR_INVALID_FUNCTABLE_ERROR; - - /* - * Check the major version passed in Netscape's function table. - * We won't load if the major version is newer than what we expect. - * Also check that the function tables passed in are big enough for - * all the functions we need (they could be bigger, if Netscape added - * new APIs, but that's OK with us -- we'll just ignore them). - * - */ - - if (err == NPERR_NO_ERROR) { - if ((nsTable->version >> 8) > NP_VERSION_MAJOR) - err = NPERR_INCOMPATIBLE_VERSION_ERROR; - if (nsTable->size < sizeof(NPNetscapeFuncs)) - err = NPERR_INVALID_FUNCTABLE_ERROR; - if (pluginFuncs->size < sizeof(NPPluginFuncs)) - err = NPERR_INVALID_FUNCTABLE_ERROR; - } - - - if (err == NPERR_NO_ERROR) { - /* - * Copy all the fields of Netscape function table into our - * copy so we can call back into Netscape later. Note that - * we need to copy the fields one by one, rather than assigning - * the whole structure, because the Netscape function table - * could actually be bigger than what we expect. - */ - gNetscapeFuncs.version = nsTable->version; - gNetscapeFuncs.size = nsTable->size; - gNetscapeFuncs.posturl = nsTable->posturl; - gNetscapeFuncs.geturl = nsTable->geturl; - gNetscapeFuncs.requestread = nsTable->requestread; - gNetscapeFuncs.newstream = nsTable->newstream; - gNetscapeFuncs.write = nsTable->write; - gNetscapeFuncs.destroystream = nsTable->destroystream; - gNetscapeFuncs.status = nsTable->status; - gNetscapeFuncs.uagent = nsTable->uagent; - gNetscapeFuncs.memalloc = nsTable->memalloc; - gNetscapeFuncs.memfree = nsTable->memfree; - gNetscapeFuncs.memflush = nsTable->memflush; - gNetscapeFuncs.reloadplugins = nsTable->reloadplugins; - gNetscapeFuncs.getJavaEnv = nsTable->getJavaEnv; - gNetscapeFuncs.getJavaPeer = nsTable->getJavaPeer; - gNetscapeFuncs.getvalue = nsTable->getvalue; - - /* - * Set up the plugin function table that Netscape will use to - * call us. Netscape needs to know about our version and size - * and have a UniversalProcPointer for every function we - * implement. - */ - pluginFuncs->version = (NP_VERSION_MAJOR << 8) + NP_VERSION_MINOR; - pluginFuncs->size = sizeof(NPPluginFuncs); - pluginFuncs->newp = NewNPP_NewProc(Private_New); - pluginFuncs->destroy = NewNPP_DestroyProc(Private_Destroy); - pluginFuncs->setwindow = NewNPP_SetWindowProc(Private_SetWindow); - pluginFuncs->newstream = NewNPP_NewStreamProc(Private_NewStream); - pluginFuncs->destroystream = NewNPP_DestroyStreamProc(Private_DestroyStream); - pluginFuncs->asfile = NewNPP_StreamAsFileProc(Private_StreamAsFile); - pluginFuncs->writeready = NewNPP_WriteReadyProc(Private_WriteReady); - pluginFuncs->write = NewNPP_WriteProc(Private_Write); - pluginFuncs->print = NewNPP_PrintProc(Private_Print); - pluginFuncs->event = NULL; - pluginFuncs->javaClass = Private_GetJavaClass(); - - err = NPP_Initialize(); - } - - return err; -} - -/* - * NP_Shutdown [optional] - * - Netscape needs to know about this symbol. - * - It calls this function after looking up its symbol after - * the last object of this kind has been destroyed. - * - */ -NPError -NP_Shutdown(void) -{ - PLUGINDEBUGSTR("NP_Shutdown"); - NPP_Shutdown(); - return NPERR_NO_ERROR; -} diff -Nru opensc-0.11.13/src/signer/npinclude/npupp.h opensc-0.12.1/src/signer/npinclude/npupp.h --- opensc-0.11.13/src/signer/npinclude/npupp.h 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/signer/npinclude/npupp.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,995 +0,0 @@ -/* -*- Mode: C; tab-width: 4; -*- */ -/* - * npupp.h $Revision: 71 $ - * function call mecahnics needed by platform specific glue code. - */ - - -#ifndef _NPUPP_H_ -#define _NPUPP_H_ - -#ifndef GENERATINGCFM -#define GENERATINGCFM 0 -#endif - -#ifndef _NPAPI_H_ -#include "npapi.h" -#endif - -#include "jri.h" - -/****************************************************************************************** - plug-in function table macros - for each function in and out of the plugin API we define - typedef NPP_FooUPP - #define NewNPP_FooProc - #define CallNPP_FooProc - for mac, define the UPP magic for PPC/68K calling - *******************************************************************************************/ - - -/* NPP_Initialize */ - -#if GENERATINGCFM -typedef UniversalProcPtr NPP_InitializeUPP; - -enum { - uppNPP_InitializeProcInfo = kThinkCStackBased - | STACK_ROUTINE_PARAMETER(1, SIZE_CODE(0)) - | RESULT_SIZE(SIZE_CODE(0)) -}; - -#define NewNPP_InitializeProc(FUNC) \ - (NPP_InitializeUPP) NewRoutineDescriptor((ProcPtr)(FUNC), uppNPP_InitializeProcInfo, GetCurrentArchitecture()) -#define CallNPP_InitializeProc(FUNC) \ - (void)CallUniversalProc((UniversalProcPtr)(FUNC), uppNPP_InitializeProcInfo) - -#else - -typedef void (*NPP_InitializeUPP)(void); -#define NewNPP_InitializeProc(FUNC) \ - ((NPP_InitializeUPP) (FUNC)) -#define CallNPP_InitializeProc(FUNC) \ - (*(FUNC))() - -#endif - - -/* NPP_Shutdown */ - -#if GENERATINGCFM -typedef UniversalProcPtr NPP_ShutdownUPP; - -enum { - uppNPP_ShutdownProcInfo = kThinkCStackBased - | STACK_ROUTINE_PARAMETER(1, SIZE_CODE(0)) - | RESULT_SIZE(SIZE_CODE(0)) -}; - -#define NewNPP_ShutdownProc(FUNC) \ - (NPP_ShutdownUPP) NewRoutineDescriptor((ProcPtr)(FUNC), uppNPP_ShutdownProcInfo, GetCurrentArchitecture()) -#define CallNPP_ShutdownProc(FUNC) \ - (void)CallUniversalProc((UniversalProcPtr)(FUNC), uppNPP_ShutdownProcInfo) - -#else - -typedef void (*NPP_ShutdownUPP)(void); -#define NewNPP_ShutdownProc(FUNC) \ - ((NPP_ShutdownUPP) (FUNC)) -#define CallNPP_ShutdownProc(FUNC) \ - (*(FUNC))() - -#endif - - -/* NPP_New */ - -#if GENERATINGCFM -typedef UniversalProcPtr NPP_NewUPP; - -enum { - uppNPP_NewProcInfo = kThinkCStackBased - | STACK_ROUTINE_PARAMETER(1, SIZE_CODE(sizeof(NPMIMEType))) - | STACK_ROUTINE_PARAMETER(2, SIZE_CODE(sizeof(NPP))) - | STACK_ROUTINE_PARAMETER(3, SIZE_CODE(sizeof(uint16))) - | STACK_ROUTINE_PARAMETER(4, SIZE_CODE(sizeof(int16))) - | STACK_ROUTINE_PARAMETER(5, SIZE_CODE(sizeof(char **))) - | STACK_ROUTINE_PARAMETER(6, SIZE_CODE(sizeof(char **))) - | STACK_ROUTINE_PARAMETER(7, SIZE_CODE(sizeof(NPSavedData *))) - | RESULT_SIZE(SIZE_CODE(sizeof(NPError))) -}; - -#define NewNPP_NewProc(FUNC) \ - (NPP_NewUPP) NewRoutineDescriptor((ProcPtr)(FUNC), uppNPP_NewProcInfo, GetCurrentArchitecture()) -#define CallNPP_NewProc(FUNC, ARG1, ARG2, ARG3, ARG4, ARG5, ARG6, ARG7) \ - (NPError)CallUniversalProc((UniversalProcPtr)(FUNC), uppNPP_NewProcInfo, \ - (ARG1), (ARG2), (ARG3), (ARG4), (ARG5), (ARG6), (ARG7)) -#else - -typedef NPError (*NPP_NewUPP)(NPMIMEType pluginType, NPP instance, uint16 mode, int16 argc, char* argn[], char* argv[], NPSavedData* saved); -#define NewNPP_NewProc(FUNC) \ - ((NPP_NewUPP) (FUNC)) -#define CallNPP_NewProc(FUNC, ARG1, ARG2, ARG3, ARG4, ARG5, ARG6, ARG7) \ - (*(FUNC))((ARG1), (ARG2), (ARG3), (ARG4), (ARG5), (ARG6), (ARG7)) - -#endif - - -/* NPP_Destroy */ - -#if GENERATINGCFM - -typedef UniversalProcPtr NPP_DestroyUPP; -enum { - uppNPP_DestroyProcInfo = kThinkCStackBased - | STACK_ROUTINE_PARAMETER(1, SIZE_CODE(sizeof(NPP))) - | STACK_ROUTINE_PARAMETER(2, SIZE_CODE(sizeof(NPSavedData **))) - | RESULT_SIZE(SIZE_CODE(sizeof(NPError))) -}; -#define NewNPP_DestroyProc(FUNC) \ - (NPP_DestroyUPP) NewRoutineDescriptor((ProcPtr)(FUNC), uppNPP_DestroyProcInfo, GetCurrentArchitecture()) -#define CallNPP_DestroyProc(FUNC, ARG1, ARG2) \ - (NPError)CallUniversalProc((UniversalProcPtr)(FUNC), uppNPP_DestroyProcInfo, (ARG1), (ARG2)) -#else - -typedef NPError (*NPP_DestroyUPP)(NPP instance, NPSavedData** save); -#define NewNPP_DestroyProc(FUNC) \ - ((NPP_DestroyUPP) (FUNC)) -#define CallNPP_DestroyProc(FUNC, ARG1, ARG2) \ - (*(FUNC))((ARG1), (ARG2)) - -#endif - - -/* NPP_SetWindow */ - -#if GENERATINGCFM - -typedef UniversalProcPtr NPP_SetWindowUPP; -enum { - uppNPP_SetWindowProcInfo = kThinkCStackBased - | STACK_ROUTINE_PARAMETER(1, SIZE_CODE(sizeof(NPP))) - | STACK_ROUTINE_PARAMETER(2, SIZE_CODE(sizeof(NPWindow *))) - | RESULT_SIZE(SIZE_CODE(sizeof(NPError))) -}; -#define NewNPP_SetWindowProc(FUNC) \ - (NPP_SetWindowUPP) NewRoutineDescriptor((ProcPtr)(FUNC), uppNPP_SetWindowProcInfo, GetCurrentArchitecture()) -#define CallNPP_SetWindowProc(FUNC, ARG1, ARG2) \ - (NPError)CallUniversalProc((UniversalProcPtr)(FUNC), uppNPP_SetWindowProcInfo, (ARG1), (ARG2)) - -#else - -typedef NPError (*NPP_SetWindowUPP)(NPP instance, NPWindow* window); -#define NewNPP_SetWindowProc(FUNC) \ - ((NPP_SetWindowUPP) (FUNC)) -#define CallNPP_SetWindowProc(FUNC, ARG1, ARG2) \ - (*(FUNC))((ARG1), (ARG2)) - -#endif - - -/* NPP_NewStream */ - -#if GENERATINGCFM - -typedef UniversalProcPtr NPP_NewStreamUPP; -enum { - uppNPP_NewStreamProcInfo = kThinkCStackBased - | STACK_ROUTINE_PARAMETER(1, SIZE_CODE(sizeof(NPP))) - | STACK_ROUTINE_PARAMETER(2, SIZE_CODE(sizeof(NPMIMEType))) - | STACK_ROUTINE_PARAMETER(3, SIZE_CODE(sizeof(NPStream *))) - | STACK_ROUTINE_PARAMETER(4, SIZE_CODE(sizeof(NPBool))) - | STACK_ROUTINE_PARAMETER(5, SIZE_CODE(sizeof(uint16 *))) - | RESULT_SIZE(SIZE_CODE(sizeof(NPError))) -}; -#define NewNPP_NewStreamProc(FUNC) \ - (NPP_NewStreamUPP) NewRoutineDescriptor((ProcPtr)(FUNC), uppNPP_NewStreamProcInfo, GetCurrentArchitecture()) -#define CallNPP_NewStreamProc(FUNC, ARG1, ARG2, ARG3, ARG4, ARG5) \ - (NPError)CallUniversalProc((UniversalProcPtr)(FUNC), uppNPP_NewStreamProcInfo, (ARG1), (ARG2), (ARG3), (ARG4), (ARG5)) -#else - -typedef NPError (*NPP_NewStreamUPP)(NPP instance, NPMIMEType type, NPStream* stream, NPBool seekable, uint16* stype); -#define NewNPP_NewStreamProc(FUNC) \ - ((NPP_NewStreamUPP) (FUNC)) -#define CallNPP_NewStreamProc(FUNC, ARG1, ARG2, ARG3, ARG4, ARG5) \ - (*(FUNC))((ARG1), (ARG2), (ARG3), (ARG4), (ARG5)) -#endif - - -/* NPP_DestroyStream */ - -#if GENERATINGCFM - -typedef UniversalProcPtr NPP_DestroyStreamUPP; -enum { - uppNPP_DestroyStreamProcInfo = kThinkCStackBased - | STACK_ROUTINE_PARAMETER(1, SIZE_CODE(sizeof(NPP))) - | STACK_ROUTINE_PARAMETER(2, SIZE_CODE(sizeof(NPStream *))) - | STACK_ROUTINE_PARAMETER(3, SIZE_CODE(sizeof(NPReason))) - | RESULT_SIZE(SIZE_CODE(sizeof(NPError))) -}; -#define NewNPP_DestroyStreamProc(FUNC) \ - (NPP_DestroyStreamUPP) NewRoutineDescriptor((ProcPtr)(FUNC), uppNPP_DestroyStreamProcInfo, GetCurrentArchitecture()) -#define CallNPP_DestroyStreamProc(FUNC, NPParg, NPStreamPtr, NPReasonArg) \ - (NPError)CallUniversalProc((UniversalProcPtr)(FUNC), uppNPP_DestroyStreamProcInfo, (NPParg), (NPStreamPtr), (NPReasonArg)) - -#else - -typedef NPError (*NPP_DestroyStreamUPP)(NPP instance, NPStream* stream, NPReason reason); -#define NewNPP_DestroyStreamProc(FUNC) \ - ((NPP_DestroyStreamUPP) (FUNC)) -#define CallNPP_DestroyStreamProc(FUNC, NPParg, NPStreamPtr, NPReasonArg) \ - (*(FUNC))((NPParg), (NPStreamPtr), (NPReasonArg)) - -#endif - - -/* NPP_WriteReady */ - -#if GENERATINGCFM - -typedef UniversalProcPtr NPP_WriteReadyUPP; -enum { - uppNPP_WriteReadyProcInfo = kThinkCStackBased - | STACK_ROUTINE_PARAMETER(1, SIZE_CODE(sizeof(NPP))) - | STACK_ROUTINE_PARAMETER(2, SIZE_CODE(sizeof(NPStream *))) - | RESULT_SIZE(SIZE_CODE(sizeof(int32))) -}; -#define NewNPP_WriteReadyProc(FUNC) \ - (NPP_WriteReadyUPP) NewRoutineDescriptor((ProcPtr)(FUNC), uppNPP_WriteReadyProcInfo, GetCurrentArchitecture()) -#define CallNPP_WriteReadyProc(FUNC, NPParg, NPStreamPtr) \ - (int32)CallUniversalProc((UniversalProcPtr)(FUNC), uppNPP_WriteReadyProcInfo, (NPParg), (NPStreamPtr)) - -#else - -typedef int32 (*NPP_WriteReadyUPP)(NPP instance, NPStream* stream); -#define NewNPP_WriteReadyProc(FUNC) \ - ((NPP_WriteReadyUPP) (FUNC)) -#define CallNPP_WriteReadyProc(FUNC, NPParg, NPStreamPtr) \ - (*(FUNC))((NPParg), (NPStreamPtr)) - -#endif - - -/* NPP_Write */ - -#if GENERATINGCFM - -typedef UniversalProcPtr NPP_WriteUPP; -enum { - uppNPP_WriteProcInfo = kThinkCStackBased - | STACK_ROUTINE_PARAMETER(1, SIZE_CODE(sizeof(NPP))) - | STACK_ROUTINE_PARAMETER(2, SIZE_CODE(sizeof(NPStream *))) - | STACK_ROUTINE_PARAMETER(3, SIZE_CODE(sizeof(int32))) - | STACK_ROUTINE_PARAMETER(4, SIZE_CODE(sizeof(int32))) - | STACK_ROUTINE_PARAMETER(5, SIZE_CODE(sizeof(void*))) - | RESULT_SIZE(SIZE_CODE(sizeof(int32))) -}; -#define NewNPP_WriteProc(FUNC) \ - (NPP_WriteUPP) NewRoutineDescriptor((ProcPtr)(FUNC), uppNPP_WriteProcInfo, GetCurrentArchitecture()) -#define CallNPP_WriteProc(FUNC, NPParg, NPStreamPtr, offsetArg, lenArg, bufferPtr) \ - (int32)CallUniversalProc((UniversalProcPtr)(FUNC), uppNPP_WriteProcInfo, (NPParg), (NPStreamPtr), (offsetArg), (lenArg), (bufferPtr)) - -#else - -typedef int32 (*NPP_WriteUPP)(NPP instance, NPStream* stream, int32 offset, int32 len, void* buffer); -#define NewNPP_WriteProc(FUNC) \ - ((NPP_WriteUPP) (FUNC)) -#define CallNPP_WriteProc(FUNC, NPParg, NPStreamPtr, offsetArg, lenArg, bufferPtr) \ - (*(FUNC))((NPParg), (NPStreamPtr), (offsetArg), (lenArg), (bufferPtr)) - -#endif - - -/* NPP_StreamAsFile */ - -#if GENERATINGCFM - -typedef UniversalProcPtr NPP_StreamAsFileUPP; -enum { - uppNPP_StreamAsFileProcInfo = kThinkCStackBased - | STACK_ROUTINE_PARAMETER(1, SIZE_CODE(sizeof(NPP))) - | STACK_ROUTINE_PARAMETER(2, SIZE_CODE(sizeof(NPStream *))) - | STACK_ROUTINE_PARAMETER(3, SIZE_CODE(sizeof(const char *))) - | RESULT_SIZE(SIZE_CODE(0)) -}; -#define NewNPP_StreamAsFileProc(FUNC) \ - (NPP_StreamAsFileUPP) NewRoutineDescriptor((ProcPtr)(FUNC), uppNPP_StreamAsFileProcInfo, GetCurrentArchitecture()) -#define CallNPP_StreamAsFileProc(FUNC, ARG1, ARG2, ARG3) \ - (void)CallUniversalProc((UniversalProcPtr)(FUNC), uppNPP_StreamAsFileProcInfo, (ARG1), (ARG2), (ARG3)) - -#else - -typedef void (*NPP_StreamAsFileUPP)(NPP instance, NPStream* stream, const char* fname); -#define NewNPP_StreamAsFileProc(FUNC) \ - ((NPP_StreamAsFileUPP) (FUNC)) -#define CallNPP_StreamAsFileProc(FUNC, ARG1, ARG2, ARG3) \ - (*(FUNC))((ARG1), (ARG2), (ARG3)) -#endif - - -/* NPP_Print */ - -#if GENERATINGCFM - -typedef UniversalProcPtr NPP_PrintUPP; -enum { - uppNPP_PrintProcInfo = kThinkCStackBased - | STACK_ROUTINE_PARAMETER(1, SIZE_CODE(sizeof(NPP))) - | STACK_ROUTINE_PARAMETER(2, SIZE_CODE(sizeof(NPPrint *))) - | RESULT_SIZE(SIZE_CODE(0)) -}; -#define NewNPP_PrintProc(FUNC) \ - (NPP_PrintUPP) NewRoutineDescriptor((ProcPtr)(FUNC), uppNPP_PrintProcInfo, GetCurrentArchitecture()) -#define CallNPP_PrintProc(FUNC, NPParg, voidPtr) \ - (void)CallUniversalProc((UniversalProcPtr)(FUNC), uppNPP_PrintProcInfo, (NPParg), (voidPtr)) - -#else - -typedef void (*NPP_PrintUPP)(NPP instance, NPPrint* platformPrint); -#define NewNPP_PrintProc(FUNC) \ - ((NPP_PrintUPP) (FUNC)) -#define CallNPP_PrintProc(FUNC, NPParg, NPPrintArg) \ - (*(FUNC))((NPParg), (NPPrintArg)) - -#endif - - -/* NPP_HandleEvent */ - -#if GENERATINGCFM - -typedef UniversalProcPtr NPP_HandleEventUPP; -enum { - uppNPP_HandleEventProcInfo = kThinkCStackBased - | STACK_ROUTINE_PARAMETER(1, SIZE_CODE(sizeof(NPP))) - | STACK_ROUTINE_PARAMETER(2, SIZE_CODE(sizeof(void *))) - | RESULT_SIZE(SIZE_CODE(sizeof(int16))) -}; -#define NewNPP_HandleEventProc(FUNC) \ - (NPP_HandleEventUPP) NewRoutineDescriptor((ProcPtr)(FUNC), uppNPP_HandleEventProcInfo, GetCurrentArchitecture()) -#define CallNPP_HandleEventProc(FUNC, NPParg, voidPtr) \ - (int16)CallUniversalProc((UniversalProcPtr)(FUNC), uppNPP_HandleEventProcInfo, (NPParg), (voidPtr)) - -#else - -typedef int16 (*NPP_HandleEventUPP)(NPP instance, void* event); -#define NewNPP_HandleEventProc(FUNC) \ - ((NPP_HandleEventUPP) (FUNC)) -#define CallNPP_HandleEventProc(FUNC, NPParg, voidPtr) \ - (*(FUNC))((NPParg), (voidPtr)) - -#endif - - -/* NPP_URLNotify */ - -#if GENERATINGCFM - -typedef UniversalProcPtr NPP_URLNotifyUPP; -enum { - uppNPP_URLNotifyProcInfo = kThinkCStackBased - | STACK_ROUTINE_PARAMETER(1, SIZE_CODE(sizeof(NPP))) - | STACK_ROUTINE_PARAMETER(2, SIZE_CODE(sizeof(const char*))) - | STACK_ROUTINE_PARAMETER(3, SIZE_CODE(sizeof(NPReason))) - | STACK_ROUTINE_PARAMETER(4, SIZE_CODE(sizeof(void*))) - | RESULT_SIZE(SIZE_CODE(SIZE_CODE(0))) -}; -#define NewNPP_URLNotifyProc(FUNC) \ - (NPP_URLNotifyUPP) NewRoutineDescriptor((ProcPtr)(FUNC), uppNPP_URLNotifyProcInfo, GetCurrentArchitecture()) -#define CallNPP_URLNotifyProc(FUNC, ARG1, ARG2, ARG3, ARG4) \ - (void)CallUniversalProc((UniversalProcPtr)(FUNC), uppNPP_URLNotifyProcInfo, (ARG1), (ARG2), (ARG3), (ARG4)) - -#else - -typedef void (*NPP_URLNotifyUPP)(NPP instance, const char* url, NPReason reason, void* notifyData); -#define NewNPP_URLNotifyProc(FUNC) \ - ((NPP_URLNotifyUPP) (FUNC)) -#define CallNPP_URLNotifyProc(FUNC, ARG1, ARG2, ARG3, ARG4) \ - (*(FUNC))((ARG1), (ARG2), (ARG3), (ARG4)) - -#endif - - - - -/* - * Netscape entry points - */ - -#ifdef XP_UNIX - -/* NPN_GetValue */ - -#if GENERATINGCFM - -typedef UniversalProcPtr NPN_GetValueUPP; -enum { - uppNPN_GetValueProcInfo = kThinkCStackBased - | STACK_ROUTINE_PARAMETER(1, SIZE_CODE(sizeof(NPP))) - | STACK_ROUTINE_PARAMETER(2, SIZE_CODE(sizeof(NPNVariable))) - | STACK_ROUTINE_PARAMETER(3, SIZE_CODE(sizeof(void *))) - | RESULT_SIZE(SIZE_CODE(sizeof(NPError))) -}; -#define NewNPN_GetValueProc(FUNC) \ - (NPN_GetValueUPP) NewRoutineDescriptor((ProcPtr)(FUNC), uppNPN_GetValueProcInfo, GetCurrentArchitecture()) -#define CallNPN_GetURNotifyLProc(FUNC, ARG1, ARG2, ARG3) \ - (NPError)CallUniversalProc((UniversalProcPtr)(FUNC), uppNPN_GetValueProcInfo, (ARG1), (ARG2), (ARG3)) -#else - -typedef NPError (*NPN_GetValueUPP)(NPP instance, NPNVariable variable, void *ret_alue); -#define NewNPN_GetValueProc(FUNC) \ - ((NPN_GetValueUPP) (FUNC)) -#define CallNPN_GetValueProc(FUNC, ARG1, ARG2, ARG3) \ - (*(FUNC))((ARG1), (ARG2), (ARG3)) -#endif - -#endif /* XP_UNIX */ - - - -/* NPN_GetUrlNotify */ - -#if GENERATINGCFM - -typedef UniversalProcPtr NPN_GetURLNotifyUPP; -enum { - uppNPN_GetURLNotifyProcInfo = kThinkCStackBased - | STACK_ROUTINE_PARAMETER(1, SIZE_CODE(sizeof(NPP))) - | STACK_ROUTINE_PARAMETER(2, SIZE_CODE(sizeof(const char*))) - | STACK_ROUTINE_PARAMETER(3, SIZE_CODE(sizeof(const char*))) - | STACK_ROUTINE_PARAMETER(4, SIZE_CODE(sizeof(void*))) - | RESULT_SIZE(SIZE_CODE(sizeof(NPError))) -}; -#define NewNPN_GetURLNotifyProc(FUNC) \ - (NPN_GetURLNotifyUPP) NewRoutineDescriptor((ProcPtr)(FUNC), uppNPN_GetURLNotifyProcInfo, GetCurrentArchitecture()) -#define CallNPN_GetURLNotifyProc(FUNC, ARG1, ARG2, ARG3, ARG4) \ - (NPError)CallUniversalProc((UniversalProcPtr)(FUNC), uppNPN_GetURLNotifyProcInfo, (ARG1), (ARG2), (ARG3), (ARG4)) -#else - -typedef NPError (*NPN_GetURLNotifyUPP)(NPP instance, const char* url, const char* window, void* notifyData); -#define NewNPN_GetURLNotifyProc(FUNC) \ - ((NPN_GetURLNotifyUPP) (FUNC)) -#define CallNPN_GetURLNotifyProc(FUNC, ARG1, ARG2, ARG3, ARG4) \ - (*(FUNC))((ARG1), (ARG2), (ARG3), (ARG4)) -#endif - - -/* NPN_PostUrlNotify */ - -#if GENERATINGCFM - -typedef UniversalProcPtr NPN_PostURLNotifyUPP; -enum { - uppNPN_PostURLNotifyProcInfo = kThinkCStackBased - | STACK_ROUTINE_PARAMETER(1, SIZE_CODE(sizeof(NPP))) - | STACK_ROUTINE_PARAMETER(2, SIZE_CODE(sizeof(const char*))) - | STACK_ROUTINE_PARAMETER(3, SIZE_CODE(sizeof(const char*))) - | STACK_ROUTINE_PARAMETER(4, SIZE_CODE(sizeof(uint32))) - | STACK_ROUTINE_PARAMETER(5, SIZE_CODE(sizeof(const char*))) - | STACK_ROUTINE_PARAMETER(6, SIZE_CODE(sizeof(NPBool))) - | STACK_ROUTINE_PARAMETER(7, SIZE_CODE(sizeof(void*))) - | RESULT_SIZE(SIZE_CODE(sizeof(NPError))) -}; -#define NewNPN_PostURLNotifyProc(FUNC) \ - (NPN_PostURLNotifyUPP) NewRoutineDescriptor((ProcPtr)(FUNC), uppNPN_PostURLNotifyProcInfo, GetCurrentArchitecture()) -#define CallNPN_PostURLNotifyProc(FUNC, ARG1, ARG2, ARG3, ARG4, ARG5, ARG6, ARG7) \ - (NPError)CallUniversalProc((UniversalProcPtr)(FUNC), uppNPN_PostURLNotifyProcInfo, (ARG1), (ARG2), (ARG3), (ARG4), (ARG5), (ARG6), (ARG7)) -#else - -typedef NPError (*NPN_PostURLNotifyUPP)(NPP instance, const char* url, const char* window, uint32 len, const char* buf, NPBool file, void* notifyData); -#define NewNPN_PostURLNotifyProc(FUNC) \ - ((NPN_PostURLNotifyUPP) (FUNC)) -#define CallNPN_PostURLNotifyProc(FUNC, ARG1, ARG2, ARG3, ARG4, ARG5, ARG6, ARG7) \ - (*(FUNC))((ARG1), (ARG2), (ARG3), (ARG4), (ARG5), (ARG6), (ARG7)) -#endif - - -/* NPN_GetUrl */ - -#if GENERATINGCFM - -typedef UniversalProcPtr NPN_GetURLUPP; -enum { - uppNPN_GetURLProcInfo = kThinkCStackBased - | STACK_ROUTINE_PARAMETER(1, SIZE_CODE(sizeof(NPP))) - | STACK_ROUTINE_PARAMETER(2, SIZE_CODE(sizeof(const char*))) - | STACK_ROUTINE_PARAMETER(3, SIZE_CODE(sizeof(const char*))) - | RESULT_SIZE(SIZE_CODE(sizeof(NPError))) -}; -#define NewNPN_GetURLProc(FUNC) \ - (NPN_GetURLUPP) NewRoutineDescriptor((ProcPtr)(FUNC), uppNPN_GetURLProcInfo, GetCurrentArchitecture()) -#define CallNPN_GetURLProc(FUNC, ARG1, ARG2, ARG3) \ - (NPError)CallUniversalProc((UniversalProcPtr)(FUNC), uppNPN_GetURLProcInfo, (ARG1), (ARG2), (ARG3)) -#else - -typedef NPError (*NPN_GetURLUPP)(NPP instance, const char* url, const char* window); -#define NewNPN_GetURLProc(FUNC) \ - ((NPN_GetURLUPP) (FUNC)) -#define CallNPN_GetURLProc(FUNC, ARG1, ARG2, ARG3) \ - (*(FUNC))((ARG1), (ARG2), (ARG3)) -#endif - - -/* NPN_PostUrl */ - -#if GENERATINGCFM - -typedef UniversalProcPtr NPN_PostURLUPP; -enum { - uppNPN_PostURLProcInfo = kThinkCStackBased - | STACK_ROUTINE_PARAMETER(1, SIZE_CODE(sizeof(NPP))) - | STACK_ROUTINE_PARAMETER(2, SIZE_CODE(sizeof(const char*))) - | STACK_ROUTINE_PARAMETER(3, SIZE_CODE(sizeof(const char*))) - | STACK_ROUTINE_PARAMETER(4, SIZE_CODE(sizeof(uint32))) - | STACK_ROUTINE_PARAMETER(5, SIZE_CODE(sizeof(const char*))) - | STACK_ROUTINE_PARAMETER(6, SIZE_CODE(sizeof(NPBool))) - | RESULT_SIZE(SIZE_CODE(sizeof(NPError))) -}; -#define NewNPN_PostURLProc(FUNC) \ - (NPN_PostURLUPP) NewRoutineDescriptor((ProcPtr)(FUNC), uppNPN_PostURLProcInfo, GetCurrentArchitecture()) -#define CallNPN_PostURLProc(FUNC, ARG1, ARG2, ARG3, ARG4, ARG5, ARG6) \ - (NPError)CallUniversalProc((UniversalProcPtr)(FUNC), uppNPN_PostURLProcInfo, (ARG1), (ARG2), (ARG3), (ARG4), (ARG5), (ARG6)) -#else - -typedef NPError (*NPN_PostURLUPP)(NPP instance, const char* url, const char* window, uint32 len, const char* buf, NPBool file); -#define NewNPN_PostURLProc(FUNC) \ - ((NPN_PostURLUPP) (FUNC)) -#define CallNPN_PostURLProc(FUNC, ARG1, ARG2, ARG3, ARG4, ARG5, ARG6) \ - (*(FUNC))((ARG1), (ARG2), (ARG3), (ARG4), (ARG5), (ARG6)) -#endif - - -/* NPN_RequestRead */ - -#if GENERATINGCFM - -typedef UniversalProcPtr NPN_RequestReadUPP; -enum { - uppNPN_RequestReadProcInfo = kThinkCStackBased - | STACK_ROUTINE_PARAMETER(1, SIZE_CODE(sizeof(NPStream *))) - | STACK_ROUTINE_PARAMETER(2, SIZE_CODE(sizeof(NPByteRange *))) - | RESULT_SIZE(SIZE_CODE(sizeof(NPError))) -}; -#define NewNPN_RequestReadProc(FUNC) \ - (NPN_RequestReadUPP) NewRoutineDescriptor((ProcPtr)(FUNC), uppNPN_RequestReadProcInfo, GetCurrentArchitecture()) -#define CallNPN_RequestReadProc(FUNC, stream, range) \ - (NPError)CallUniversalProc((UniversalProcPtr)(FUNC), uppNPN_RequestReadProcInfo, (stream), (range)) - -#else - -typedef NPError (*NPN_RequestReadUPP)(NPStream* stream, NPByteRange* rangeList); -#define NewNPN_RequestReadProc(FUNC) \ - ((NPN_RequestReadUPP) (FUNC)) -#define CallNPN_RequestReadProc(FUNC, stream, range) \ - (*(FUNC))((stream), (range)) - -#endif - - -/* NPN_NewStream */ - -#if GENERATINGCFM - -typedef UniversalProcPtr NPN_NewStreamUPP; -enum { - uppNPN_NewStreamProcInfo = kThinkCStackBased - | STACK_ROUTINE_PARAMETER(1, SIZE_CODE(sizeof(NPP))) - | STACK_ROUTINE_PARAMETER(2, SIZE_CODE(sizeof(NPMIMEType))) - | STACK_ROUTINE_PARAMETER(3, SIZE_CODE(sizeof(const char *))) - | STACK_ROUTINE_PARAMETER(4, SIZE_CODE(sizeof(NPStream **))) - | RESULT_SIZE(SIZE_CODE(sizeof(NPError))) -}; -#define NewNPN_NewStreamProc(FUNC) \ - (NPN_NewStreamUPP) NewRoutineDescriptor((ProcPtr)(FUNC), uppNPN_NewStreamProcInfo, GetCurrentArchitecture()) -#define CallNPN_NewStreamProc(FUNC, npp, type, window, stream) \ - (NPError)CallUniversalProc((UniversalProcPtr)(FUNC), uppNPN_NewStreamProcInfo, (npp), (type), (window), (stream)) - -#else - -typedef NPError (*NPN_NewStreamUPP)(NPP instance, NPMIMEType type, const char* window, NPStream** stream); -#define NewNPN_NewStreamProc(FUNC) \ - ((NPN_NewStreamUPP) (FUNC)) -#define CallNPN_NewStreamProc(FUNC, npp, type, window, stream) \ - (*(FUNC))((npp), (type), (window), (stream)) - -#endif - - -/* NPN_Write */ - -#if GENERATINGCFM - -typedef UniversalProcPtr NPN_WriteUPP; -enum { - uppNPN_WriteProcInfo = kThinkCStackBased - | STACK_ROUTINE_PARAMETER(1, SIZE_CODE(sizeof(NPP))) - | STACK_ROUTINE_PARAMETER(2, SIZE_CODE(sizeof(NPStream *))) - | STACK_ROUTINE_PARAMETER(3, SIZE_CODE(sizeof(int32))) - | STACK_ROUTINE_PARAMETER(4, SIZE_CODE(sizeof(void*))) - | RESULT_SIZE(SIZE_CODE(sizeof(int32))) -}; -#define NewNPN_WriteProc(FUNC) \ - (NPN_WriteUPP) NewRoutineDescriptor((ProcPtr)(FUNC), uppNPN_WriteProcInfo, GetCurrentArchitecture()) -#define CallNPN_WriteProc(FUNC, npp, stream, len, buffer) \ - (int32)CallUniversalProc((UniversalProcPtr)(FUNC), uppNPN_WriteProcInfo, (npp), (stream), (len), (buffer)) - -#else - -typedef int32 (*NPN_WriteUPP)(NPP instance, NPStream* stream, int32 len, void* buffer); -#define NewNPN_WriteProc(FUNC) \ - ((NPN_WriteUPP) (FUNC)) -#define CallNPN_WriteProc(FUNC, npp, stream, len, buffer) \ - (*(FUNC))((npp), (stream), (len), (buffer)) - -#endif - - -/* NPN_DestroyStream */ - -#if GENERATINGCFM - -typedef UniversalProcPtr NPN_DestroyStreamUPP; -enum { - uppNPN_DestroyStreamProcInfo = kThinkCStackBased - | STACK_ROUTINE_PARAMETER(1, SIZE_CODE(sizeof(NPP ))) - | STACK_ROUTINE_PARAMETER(2, SIZE_CODE(sizeof(NPStream *))) - | STACK_ROUTINE_PARAMETER(3, SIZE_CODE(sizeof(NPReason))) - | RESULT_SIZE(SIZE_CODE(sizeof(NPError))) -}; -#define NewNPN_DestroyStreamProc(FUNC) \ - (NPN_DestroyStreamUPP) NewRoutineDescriptor((ProcPtr)(FUNC), uppNPN_DestroyStreamProcInfo, GetCurrentArchitecture()) -#define CallNPN_DestroyStreamProc(FUNC, npp, stream, reason) \ - (NPError)CallUniversalProc((UniversalProcPtr)(FUNC), uppNPN_DestroyStreamProcInfo, (npp), (stream), (reason)) - -#else - -typedef NPError (*NPN_DestroyStreamUPP)(NPP instance, NPStream* stream, NPReason reason); -#define NewNPN_DestroyStreamProc(FUNC) \ - ((NPN_DestroyStreamUPP) (FUNC)) -#define CallNPN_DestroyStreamProc(FUNC, npp, stream, reason) \ - (*(FUNC))((npp), (stream), (reason)) - -#endif - - -/* NPN_Status */ - -#if GENERATINGCFM - -typedef UniversalProcPtr NPN_StatusUPP; -enum { - uppNPN_StatusProcInfo = kThinkCStackBased - | STACK_ROUTINE_PARAMETER(1, SIZE_CODE(sizeof(NPP))) - | STACK_ROUTINE_PARAMETER(2, SIZE_CODE(sizeof(char *))) -}; - -#define NewNPN_StatusProc(FUNC) \ - (NPN_StatusUPP) NewRoutineDescriptor((ProcPtr)(FUNC), uppNPN_StatusProcInfo, GetCurrentArchitecture()) -#define CallNPN_StatusProc(FUNC, npp, msg) \ - (void)CallUniversalProc((UniversalProcPtr)(FUNC), uppNPN_StatusProcInfo, (npp), (msg)) - -#else - -typedef void (*NPN_StatusUPP)(NPP instance, const char* message); -#define NewNPN_StatusProc(FUNC) \ - ((NPN_StatusUPP) (FUNC)) -#define CallNPN_StatusProc(FUNC, npp, msg) \ - (*(FUNC))((npp), (msg)) - -#endif - - -/* NPN_UserAgent */ -#if GENERATINGCFM - -typedef UniversalProcPtr NPN_UserAgentUPP; -enum { - uppNPN_UserAgentProcInfo = kThinkCStackBased - | STACK_ROUTINE_PARAMETER(1, SIZE_CODE(sizeof(NPP))) - | RESULT_SIZE(SIZE_CODE(sizeof(const char *))) -}; - -#define NewNPN_UserAgentProc(FUNC) \ - (NPN_UserAgentUPP) NewRoutineDescriptor((ProcPtr)(FUNC), uppNPN_UserAgentProcInfo, GetCurrentArchitecture()) -#define CallNPN_UserAgentProc(FUNC, ARG1) \ - (const char*)CallUniversalProc((UniversalProcPtr)(FUNC), uppNPN_UserAgentProcInfo, (ARG1)) - -#else - -typedef const char* (*NPN_UserAgentUPP)(NPP instance); -#define NewNPN_UserAgentProc(FUNC) \ - ((NPN_UserAgentUPP) (FUNC)) -#define CallNPN_UserAgentProc(FUNC, ARG1) \ - (*(FUNC))((ARG1)) - -#endif - - -/* NPN_MemAlloc */ -#if GENERATINGCFM - -typedef UniversalProcPtr NPN_MemAllocUPP; -enum { - uppNPN_MemAllocProcInfo = kThinkCStackBased - | STACK_ROUTINE_PARAMETER(1, SIZE_CODE(sizeof(uint32))) - | RESULT_SIZE(SIZE_CODE(sizeof(void *))) -}; - -#define NewNPN_MemAllocProc(FUNC) \ - (NPN_MemAllocUPP) NewRoutineDescriptor((ProcPtr)(FUNC), uppNPN_MemAllocProcInfo, GetCurrentArchitecture()) -#define CallNPN_MemAllocProc(FUNC, ARG1) \ - (void*)CallUniversalProc((UniversalProcPtr)(FUNC), uppNPN_MemAllocProcInfo, (ARG1)) - -#else - -typedef void* (*NPN_MemAllocUPP)(uint32 size); -#define NewNPN_MemAllocProc(FUNC) \ - ((NPN_MemAllocUPP) (FUNC)) -#define CallNPN_MemAllocProc(FUNC, ARG1) \ - (*(FUNC))((ARG1)) - -#endif - - -/* NPN__MemFree */ - -#if GENERATINGCFM - -typedef UniversalProcPtr NPN_MemFreeUPP; -enum { - uppNPN_MemFreeProcInfo = kThinkCStackBased - | STACK_ROUTINE_PARAMETER(1, SIZE_CODE(sizeof(void *))) -}; - -#define NewNPN_MemFreeProc(FUNC) \ - (NPN_MemFreeUPP) NewRoutineDescriptor((ProcPtr)(FUNC), uppNPN_MemFreeProcInfo, GetCurrentArchitecture()) -#define CallNPN_MemFreeProc(FUNC, ARG1) \ - (void)CallUniversalProc((UniversalProcPtr)(FUNC), uppNPN_MemFreeProcInfo, (ARG1)) - -#else - -typedef void (*NPN_MemFreeUPP)(void* ptr); -#define NewNPN_MemFreeProc(FUNC) \ - ((NPN_MemFreeUPP) (FUNC)) -#define CallNPN_MemFreeProc(FUNC, ARG1) \ - (*(FUNC))((ARG1)) - -#endif - - -/* NPN_MemFlush */ - -#if GENERATINGCFM - -typedef UniversalProcPtr NPN_MemFlushUPP; -enum { - uppNPN_MemFlushProcInfo = kThinkCStackBased - | STACK_ROUTINE_PARAMETER(1, SIZE_CODE(sizeof(uint32))) - | RESULT_SIZE(SIZE_CODE(sizeof(uint32))) -}; - -#define NewNPN_MemFlushProc(FUNC) \ - (NPN_MemFlushUPP) NewRoutineDescriptor((ProcPtr)(FUNC), uppNPN_MemFlushProcInfo, GetCurrentArchitecture()) -#define CallNPN_MemFlushProc(FUNC, ARG1) \ - (uint32)CallUniversalProc((UniversalProcPtr)(FUNC), uppNPN_MemFlushProcInfo, (ARG1)) - -#else - -typedef uint32 (*NPN_MemFlushUPP)(uint32 size); -#define NewNPN_MemFlushProc(FUNC) \ - ((NPN_MemFlushUPP) (FUNC)) -#define CallNPN_MemFlushProc(FUNC, ARG1) \ - (*(FUNC))((ARG1)) - -#endif - - - -/* NPN_ReloadPlugins */ - -#if GENERATINGCFM - -typedef UniversalProcPtr NPN_ReloadPluginsUPP; -enum { - uppNPN_ReloadPluginsProcInfo = kThinkCStackBased - | STACK_ROUTINE_PARAMETER(1, SIZE_CODE(sizeof(NPBool))) - | RESULT_SIZE(SIZE_CODE(0)) -}; - -#define NewNPN_ReloadPluginsProc(FUNC) \ - (NPN_ReloadPluginsUPP) NewRoutineDescriptor((ProcPtr)(FUNC), uppNPN_ReloadPluginsProcInfo, GetCurrentArchitecture()) -#define CallNPN_ReloadPluginsProc(FUNC, ARG1) \ - (void)CallUniversalProc((UniversalProcPtr)(FUNC), uppNPN_ReloadPluginsProcInfo, (ARG1)) - -#else - -typedef void (*NPN_ReloadPluginsUPP)(NPBool reloadPages); -#define NewNPN_ReloadPluginsProc(FUNC) \ - ((NPN_ReloadPluginsUPP) (FUNC)) -#define CallNPN_ReloadPluginsProc(FUNC, ARG1) \ - (*(FUNC))((ARG1)) - -#endif - - -/* NPN_GetJavaEnv */ - -#if GENERATINGCFM - -typedef UniversalProcPtr NPN_GetJavaEnvUPP; -enum { - uppNPN_GetJavaEnvProcInfo = kThinkCStackBased - | RESULT_SIZE(SIZE_CODE(sizeof(JRIEnv*))) -}; - -#define NewNPN_GetJavaEnvProc(FUNC) \ - (NPN_GetJavaEnvUPP) NewRoutineDescriptor((ProcPtr)(FUNC), uppNPN_GetJavaEnvProcInfo, GetCurrentArchitecture()) -#define CallNPN_GetJavaEnvProc(FUNC) \ - (JRIEnv*)CallUniversalProc((UniversalProcPtr)(FUNC), uppNPN_GetJavaEnvProcInfo) - -#else - -typedef JRIEnv* (*NPN_GetJavaEnvUPP)(void); -#define NewNPN_GetJavaEnvProc(FUNC) \ - ((NPN_GetJavaEnvUPP) (FUNC)) -#define CallNPN_GetJavaEnvProc(FUNC) \ - (*(FUNC))() - -#endif - - -/* NPN_GetJavaPeer */ - -#if GENERATINGCFM - -typedef UniversalProcPtr NPN_GetJavaPeerUPP; -enum { - uppNPN_GetJavaPeerProcInfo = kThinkCStackBased - | STACK_ROUTINE_PARAMETER(1, SIZE_CODE(sizeof(NPP))) - | RESULT_SIZE(SIZE_CODE(sizeof(jref))) -}; - -#define NewNPN_GetJavaPeerProc(FUNC) \ - (NPN_GetJavaPeerUPP) NewRoutineDescriptor((ProcPtr)(FUNC), uppNPN_GetJavaPeerProcInfo, GetCurrentArchitecture()) -#define CallNPN_GetJavaPeerProc(FUNC, ARG1) \ - (jref)CallUniversalProc((UniversalProcPtr)(FUNC), uppNPN_GetJavaPeerProcInfo, (ARG1)) - -#else - -typedef jref (*NPN_GetJavaPeerUPP)(NPP instance); -#define NewNPN_GetJavaPeerProc(FUNC) \ - ((NPN_GetJavaPeerUPP) (FUNC)) -#define CallNPN_GetJavaPeerProc(FUNC, ARG1) \ - (*(FUNC))((ARG1)) - -#endif - - - - -/****************************************************************************************** - * The actual plugin function table definitions - *******************************************************************************************/ - -typedef struct _NPPluginFuncs { - uint16 size; - uint16 version; - NPP_NewUPP newp; - NPP_DestroyUPP destroy; - NPP_SetWindowUPP setwindow; - NPP_NewStreamUPP newstream; - NPP_DestroyStreamUPP destroystream; - NPP_StreamAsFileUPP asfile; - NPP_WriteReadyUPP writeready; - NPP_WriteUPP write; - NPP_PrintUPP print; - NPP_HandleEventUPP event; - NPP_URLNotifyUPP urlnotify; - JRIGlobalRef javaClass; -} NPPluginFuncs; - -typedef struct _NPNetscapeFuncs { - uint16 size; - uint16 version; - NPN_GetURLUPP geturl; - NPN_PostURLUPP posturl; - NPN_RequestReadUPP requestread; - NPN_NewStreamUPP newstream; - NPN_WriteUPP write; - NPN_DestroyStreamUPP destroystream; - NPN_StatusUPP status; - NPN_UserAgentUPP uagent; - NPN_MemAllocUPP memalloc; - NPN_MemFreeUPP memfree; - NPN_MemFlushUPP memflush; - NPN_ReloadPluginsUPP reloadplugins; - NPN_GetJavaEnvUPP getJavaEnv; - NPN_GetJavaPeerUPP getJavaPeer; - NPN_GetURLNotifyUPP geturlnotify; - NPN_PostURLNotifyUPP posturlnotify; -#ifdef XP_UNIX - NPN_GetValueUPP getvalue; -#endif /* XP_UNIX */ -} NPNetscapeFuncs; - - - -#ifdef XP_MAC -/****************************************************************************************** - * Mac platform-specific plugin glue stuff - *******************************************************************************************/ - -/* - * Main entry point of the plugin. - * This routine will be called when the plugin is loaded. The function - * tables are passed in and the plugin fills in the NPPluginFuncs table - * and NPPShutdownUPP for Netscape's use. - */ - -#if GENERATINGCFM - -typedef UniversalProcPtr NPP_MainEntryUPP; -enum { - uppNPP_MainEntryProcInfo = kThinkCStackBased - | STACK_ROUTINE_PARAMETER(1, SIZE_CODE(sizeof(NPNetscapeFuncs*))) - | STACK_ROUTINE_PARAMETER(2, SIZE_CODE(sizeof(NPPluginFuncs*))) - | STACK_ROUTINE_PARAMETER(3, SIZE_CODE(sizeof(NPP_ShutdownUPP*))) - | RESULT_SIZE(SIZE_CODE(sizeof(NPError))) -}; -#define NewNPP_MainEntryProc(FUNC) \ - (NPP_MainEntryUPP) NewRoutineDescriptor((ProcPtr)(FUNC), uppNPP_MainEntryProcInfo, GetCurrentArchitecture()) -#define CallNPP_MainEntryProc(FUNC, netscapeFunc, pluginFunc, shutdownUPP) \ - CallUniversalProc((UniversalProcPtr)(FUNC), (ProcInfoType)uppNPP_MainEntryProcInfo, (netscapeFunc), (pluginFunc), (shutdownUPP)) - -#else - -typedef NPError (*NPP_MainEntryUPP)(NPNetscapeFuncs*, NPPluginFuncs*, NPP_ShutdownUPP*); -#define NewNPP_MainEntryProc(FUNC) \ - ((NPP_MainEntryUPP) (FUNC)) -#define CallNPP_MainEntryProc(FUNC, netscapeFunc, pluginFunc, shutdownUPP) \ - (*(FUNC))((netscapeFunc), (pluginFunc), (shutdownUPP)) - -#endif -#endif /* MAC */ - - -#ifdef _WINDOWS - -#ifdef __cplusplus -extern "C" { -#endif - -/* plugin meta member functions */ - -NPError WINAPI NP_GetEntryPoints(NPPluginFuncs* pFuncs); - -NPError WINAPI NP_Initialize(NPNetscapeFuncs* pFuncs); - -NPError WINAPI NP_Shutdown(); - -#ifdef __cplusplus -} -#endif - -#endif /* _WINDOWS */ - -#ifdef XP_UNIX - -#ifdef __cplusplus -extern "C" { -#endif - -/* plugin meta member functions */ - -char* NP_GetMIMEDescription(void); -NPError NP_Initialize(NPNetscapeFuncs*, NPPluginFuncs*); -NPError NP_Shutdown(void); - -#ifdef __cplusplus -} -#endif - -#endif /* XP_UNIX */ - -#endif /* _NPUPP_H_ */ diff -Nru opensc-0.11.13/src/signer/opensc-crypto.c opensc-0.12.1/src/signer/opensc-crypto.c --- opensc-0.11.13/src/signer/opensc-crypto.c 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/signer/opensc-crypto.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,228 +0,0 @@ -#include "signer.h" -#include "opensc-crypto.h" - -#define DBG(x) { x; } - -extern int ask_and_verify_pin_code(struct sc_pkcs15_card *p15card, - struct sc_pkcs15_object *pin); - -static void sc_close(struct sc_priv_data *priv) -{ - if (priv->p15card) { - sc_pkcs15_unbind(priv->p15card); - priv->p15card = NULL; - } - if (priv->card) { - sc_disconnect_card(priv->card, 0); - priv->card = NULL; - } - if (priv->ctx) { - sc_release_context(priv->ctx); - priv->ctx = NULL; - } -} - -static int -sc_init(struct sc_priv_data *priv) -{ - int r; - - r = sc_establish_context(&priv->ctx, "opensc-signer"); - if (r) - goto err; - r = sc_connect_card(priv->ctx->reader[priv->reader_id], 0, &priv->card); - if (r) - goto err; - r = sc_pkcs15_bind(priv->card, &priv->p15card); - if (r) - goto err; - return 0; -err: - sc_close(priv); - return r; -} - -static int sc_private_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, - int padding) -{ - int r; - struct sc_priv_data *priv; - struct sc_pkcs15_object *key, *pin; - - if (padding != RSA_PKCS1_PADDING) - return -1; - priv = (struct sc_priv_data *) RSA_get_app_data(rsa); - if (priv == NULL) - return -1; - if (priv->p15card == NULL) { - sc_close(priv); - r = sc_init(priv); - if (r || priv->p15card == NULL) { - DBG(printf("smart card init failed: %s", sc_strerror(r))); - goto err; - } - } - r = sc_pkcs15_find_prkey_by_id_usage(priv->p15card, - &priv->cert_id, - SC_PKCS15_PRKEY_USAGE_DECRYPT, - &key); - if (r) { - DBG(printf("Unable to find private key from smart card: %s", sc_strerror(r))); - goto err; - } - r = sc_pkcs15_find_pin_by_auth_id(priv->p15card, &key->auth_id, &pin); - if (r) { - DBG(printf("Unable to find PIN object from smart card: %s", sc_strerror(r))); - goto err; - } - - r = sc_lock(priv->p15card->card); - if (r != SC_SUCCESS) - goto err; - - r = ask_and_verify_pin_code(priv->p15card, pin); - if (r) { - sc_unlock(priv->p15card->card); - goto err; - } - r = sc_pkcs15_decipher(priv->p15card, (const struct sc_pkcs15_object *) key->data, 0, from, flen, to, flen); - sc_unlock(priv->p15card->card); - if (r < 0) { - DBG(printf("sc_pkcs15_decipher() failed: %s", sc_strerror(r))); - goto err; - } - return r; -err: - sc_close(priv); - return -1; -} - -static int -sc_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) -{ - DBG(printf("unsupported function sc_private_encrypt() called")); - return -1; -} - -static int -sc_sign(int type, const unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, const RSA *rsa) -{ - int r; - struct sc_priv_data *priv; - struct sc_pkcs15_object *key, *pin; - - priv = (struct sc_priv_data *) RSA_get_app_data(rsa); - if (priv == NULL) - return -1; - DBG(printf("sc_sign() called on cert %02X: type = %d, m_len = %d", - priv->cert_id.value[0], type, m_len)); - if (priv->p15card == NULL) { - sc_close(priv); - r = sc_init(priv); - if (r || priv->p15card == NULL) { - DBG(printf("smart card init failed: %s", sc_strerror(r))); - goto err; - } - } - r = sc_pkcs15_find_prkey_by_id_usage(priv->p15card, - &priv->cert_id, - SC_PKCS15_PRKEY_USAGE_SIGN, - &key); - if (r) { - DBG(printf("Unable to find private key from smart card: %s", sc_strerror(r))); - goto err; - } - r = sc_pkcs15_find_pin_by_auth_id(priv->p15card, &key->auth_id, &pin); - if (r) { - DBG(printf("Unable to find PIN object from smart card: %s", sc_strerror(r))); - goto err; - } - - r = sc_lock(priv->p15card->card); - if (r != SC_SUCCESS) - goto err; - - r = ask_and_verify_pin_code(priv->p15card, pin); - if (r) { - sc_unlock(priv->p15card->card); - goto err; - } - DBG(printf("PIN code received successfully.\n")); - r = sc_pkcs15_compute_signature(priv->p15card, key, - SC_ALGORITHM_RSA_HASH_SHA1 | SC_ALGORITHM_RSA_PAD_PKCS1, - m, m_len, sigret, RSA_size(rsa)); - sc_unlock(priv->p15card->card); - if (r < 0) { - DBG(printf("sc_pkcs15_compute_signature() failed: %s", sc_strerror(r))); - goto err; - } - *siglen = r; - DBG(printf("Received signature from card (%d bytes).\n", r)); - return 1; -err: - printf("Returning with error %s\n", sc_strerror(r)); - sc_close(priv); - return 0; -} - -static int (*orig_finish)(RSA *rsa) = NULL; - -static int -sc_finish(RSA *rsa) -{ - struct sc_priv_data *priv; - - DBG(printf("sc_finish() called\n")); - priv = (struct sc_priv_data *) RSA_get_app_data(rsa); - if (priv != NULL) { - priv->ref_count--; - if (priv->ref_count == 0) { - sc_close(priv); - free(priv); - } - } - if (orig_finish) - orig_finish(rsa); - return 1; -} - -static RSA_METHOD opensc_rsa = -{ - "OpenSC", - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - 0, - NULL, -}; - -RSA_METHOD * sc_get_method(void) -{ - const RSA_METHOD *def; - - def = RSA_get_default_method(); - orig_finish = def->finish; - - /* overload */ - opensc_rsa.rsa_priv_enc = sc_private_encrypt; - opensc_rsa.rsa_priv_dec = sc_private_decrypt; - opensc_rsa.rsa_sign = sc_sign; - opensc_rsa.finish = sc_finish; - - /* just use the OpenSSL version */ - opensc_rsa.rsa_pub_enc = def->rsa_pub_enc; - opensc_rsa.rsa_pub_dec = def->rsa_pub_dec; - opensc_rsa.rsa_mod_exp = def->rsa_mod_exp; - opensc_rsa.bn_mod_exp = def->bn_mod_exp; - opensc_rsa.init = def->init; - opensc_rsa.flags = def->flags | RSA_FLAG_SIGN_VER; - opensc_rsa.app_data = def->app_data; - opensc_rsa.rsa_verify = def->rsa_verify; - return &opensc_rsa; -} diff -Nru opensc-0.11.13/src/signer/opensc-crypto.h opensc-0.12.1/src/signer/opensc-crypto.h --- opensc-0.11.13/src/signer/opensc-crypto.h 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/signer/opensc-crypto.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,18 +0,0 @@ -#ifndef _OPENSC_CRYPTO_H -#define _OPENSC_CRYPTO_H - -#include -#include - -struct sc_priv_data -{ - struct sc_pkcs15_card *p15card; - struct sc_card *card; - struct sc_context *ctx; - struct sc_pkcs15_id cert_id; - int ref_count, reader_id; -}; - -extern RSA_METHOD * sc_get_method(void); - -#endif diff -Nru opensc-0.11.13/src/signer/opensc-support.c opensc-0.12.1/src/signer/opensc-support.c --- opensc-0.11.13/src/signer/opensc-support.c 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/signer/opensc-support.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,242 +0,0 @@ -#include "opensc-support.h" -#include "opensc-crypto.h" -#include -#include -#include - -static int get_certificate(PluginInstance *inst, - X509 **cert_out, struct sc_pkcs15_id *certid_out) -{ - struct sc_pkcs15_cert *cert; - struct sc_pkcs15_cert_info *cinfo; - struct sc_pkcs15_object *objs[32], *cert_obj; - int r, i, count; - X509 *x509; - struct sc_pkcs15_id cert_id; - const u8 *p; - - r = sc_pkcs15_get_objects(inst->p15card, SC_PKCS15_TYPE_PRKEY_RSA, objs, 32); - if (r < 0) - return r; - if (r == 0) - return SC_ERROR_OBJECT_NOT_FOUND; - cert_id.len = 0; - count = r; - for (i = 0; i < count; i++) { - struct sc_pkcs15_prkey_info *key = (struct sc_pkcs15_prkey_info *) objs[i]->data; - -#if 0 - if (key->usage & SC_PKCS15_PRKEY_USAGE_NONREPUDIATION) { -#endif - /* Use the first available non-repudiation key */ - cert_id = key->id; - break; -#if 0 - } -#endif - } - if (cert_id.len == 0) - return SC_ERROR_OBJECT_NOT_FOUND; - r = sc_pkcs15_find_cert_by_id(inst->p15card, &cert_id, &cert_obj); - if (r) - return r; - cinfo = (struct sc_pkcs15_cert_info *) cert_obj->data; - r = sc_pkcs15_read_certificate(inst->p15card, cinfo, &cert); - if (r) - return r; - x509 = X509_new(); - p = cert->data; - if (!d2i_X509(&x509, &p, cert->data_len)) { - return -1; /* FIXME */ - } - *certid_out = cinfo->id; - sc_pkcs15_free_certificate(cert); - *cert_out = x509; - return 0; -} - -static int init_pkcs15(PluginInstance *inst) -{ - int r; - - r = sc_establish_context(&inst->ctx, "opensc-signer"); - if (r) - return r; - inst->reader_id = 0; - r = sc_connect_card(inst->ctx->reader[inst->reader_id], 0, &inst->card); - if (r) - return r; - r = sc_pkcs15_bind(inst->card, &inst->p15card); - if (r) - return r; - return 0; -} - -#if 0 -static void close_pkcs15(PluginInstance *inst) -{ - if (inst->p15card) { - sc_pkcs15_unbind(inst->p15card); - inst->p15card = NULL; - } - if (inst->card) { - sc_disconnect_card(inst->card, 0); - inst->card = NULL; - } - if (inst->ctx) { - sc_release_context(inst->ctx); - inst->ctx = NULL; - } -} -#endif - -static int extract_certificate_and_pkey(PluginInstance *inst, - X509 **x509_out, - EVP_PKEY **pkey_out) -{ - int r; - X509 *x509 = NULL; - struct sc_pkcs15_id cert_id; - struct sc_priv_data *priv = NULL; - EVP_PKEY *pkey = NULL; - RSA *rsa = NULL; - - r = init_pkcs15(inst); - if (r) - goto err; - r = get_certificate(inst, &x509, &cert_id); - if (r) - goto err; - - r = -1; - pkey = X509_get_pubkey(x509); - if (pkey == NULL) - goto err; - if (pkey->type != EVP_PKEY_RSA) - goto err; - rsa = EVP_PKEY_get1_RSA(pkey); /* increases ref count */ - if (rsa == NULL) - goto err; - rsa->flags |= RSA_FLAG_SIGN_VER; - RSA_set_method(rsa, sc_get_method()); - priv = (struct sc_priv_data *) calloc(1, sizeof(*priv)); - if (priv == NULL) - goto err; - priv->cert_id = cert_id; - priv->ref_count = 1; - RSA_set_app_data(rsa, priv); - RSA_free(rsa); /* decreases ref count */ - - *x509_out = x509; - *pkey_out = pkey; - - return 0; -err: - if (pkey) - EVP_PKEY_free(pkey); - if (x509) - X509_free(x509); - return -1; - -} - -int create_envelope(PluginInstance *inst, u8 **data, int *datalen) -{ - int r; - PKCS7 *p7 = NULL; - X509 *x509 = NULL; - PKCS7_SIGNER_INFO *si = NULL; - EVP_PKEY *pkey = NULL; - BIO *in = NULL, *p7bio = NULL; - u8 *buf; - - r = extract_certificate_and_pkey(inst, &x509, &pkey); - if (r) - goto err; - p7 = PKCS7_new(); - if (p7 == NULL) { - r = -1; - goto err; - } - r = PKCS7_set_type(p7, NID_pkcs7_signed); - if (r != 1) { - r = -1; - goto err; - } - EVP_add_digest(EVP_sha1()); - si = PKCS7_add_signature(p7, x509, pkey, EVP_sha1()); - if (si == NULL) { - r = -1; - goto err; - } - PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT, - OBJ_nid2obj(NID_pkcs7_data)); - r = PKCS7_add_certificate(p7, x509); - if (r != 1) { - printf("PKCS7_add_certificate failed.\n"); - goto err; - } - PKCS7_content_new(p7, NID_pkcs7_data); - - p7bio = PKCS7_dataInit(p7, NULL); - if (p7bio == NULL) { - r = -1; - goto err; - } - in = BIO_new_mem_buf(inst->signdata, inst->signdata_len); - if (in == NULL) { - r = -1; - goto err; - } - for (;;) { - char lbuf[1024]; - int i = BIO_read(in, lbuf, sizeof(lbuf)); - if (i <= 0) - break; - BIO_write(p7bio, lbuf, i); - } - if (!PKCS7_dataFinal(p7, p7bio)) { - r = -1; - goto err; - } - /* FIXME: remove this */ - r = i2d_PKCS7(p7, NULL); - if (r <= 0) { - r = -1; - goto err; - } - buf = (u8 *) malloc(r); - if (buf == NULL) - goto err; - *data = buf; - r = i2d_PKCS7(p7, &buf); - *datalen = r; - if (r <= 0) { - free(buf); - r = -1; - goto err; - } - r = 0; -err: - if (p7) - PKCS7_free(p7); - if (in) - BIO_free(in); - if (p7bio) - BIO_free(p7bio); -#if 0 - if (si) - PKCS7_SIGNER_INFO_free(si); -#endif - if (pkey) - EVP_PKEY_free(pkey); - if (x509) - X509_free(x509); - if (r) { -#if 0 - ERR_load_crypto_strings(); - ERR_print_errors_fp(stderr); -#endif - } - return r; -} diff -Nru opensc-0.11.13/src/signer/opensc-support.h opensc-0.12.1/src/signer/opensc-support.h --- opensc-0.11.13/src/signer/opensc-support.h 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/signer/opensc-support.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,8 +0,0 @@ -#ifndef _OPENSC_SUPPORT_H -#define _OPENSC_SUPPORT_H - -#include "signer.h" - -extern int create_envelope(PluginInstance *inst, u8 **data, int *datalen); - -#endif diff -Nru opensc-0.11.13/src/signer/signer.c opensc-0.12.1/src/signer/signer.c --- opensc-0.11.13/src/signer/signer.c 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/signer/signer.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,374 +0,0 @@ -#include -#include -#include "npinclude/npapi.h" -#include "signer.h" -#include "opensc-support.h" - -char* -NPP_GetMIMEDescription(void) -{ - return (char *) "text/x-text-to-sign:sgn:Text to be signed"; -} - -NPError -NPP_GetValue(void *inst, NPPVariable variable, void *value) -{ - NPError err = NPERR_NO_ERROR; - - printf("NPP_GetValue()\n"); - switch (variable) { - case NPPVpluginNameString: - *((char **)value) = (char *) "OpenSC Signer plugin"; - break; - case NPPVpluginDescriptionString: - *((char **)value) = (char *) "This plugins handles" - " web signatures using OpenSC" - " smart card library."; - break; - default: - err = NPERR_GENERIC_ERROR; - } - return err; -} - -NPError -NPP_Initialize(void) -{ - printf("NPP_Initialize()\n"); - return NPERR_NO_ERROR; -} - - -jref -NPP_GetJavaClass(void) -{ - printf("NPP_GetJavaClass()\n"); - return NULL; -} - -void -NPP_Shutdown(void) -{ - printf("NPP_Shutdown()\n"); -} - -static NPError -post_data(NPP instance, const char *url, const char *target, uint32 len, - const char *buf, const char *tag) -{ - NPError rv; - char headers[256], *sendbuf; - char *content; - unsigned int content_len, hdrlen, taglen; - - taglen = strlen(tag); - content_len = taglen + len + 1; - content = (char *) NPN_MemAlloc(content_len); - if (content == NULL) - return NPERR_OUT_OF_MEMORY_ERROR; - memcpy(content, tag, taglen); - content[taglen] = '='; - memcpy(content+taglen+1, buf, len); - - sprintf(headers, "Content-type: application/x-www-form-urlencoded\r\n" - "Content-Length: %u\r\n\r\n", (unsigned int) content_len); - hdrlen = strlen(headers); - sendbuf = (char *) NPN_MemAlloc(hdrlen + content_len); - if (sendbuf == NULL) - return NPERR_OUT_OF_MEMORY_ERROR; - memcpy(sendbuf, headers, hdrlen); - memcpy(sendbuf + hdrlen, content, content_len); - sendbuf[hdrlen + content_len] = 0; - NPN_MemFree(content); - printf("Sending:\n---\n%s---\n", sendbuf); - printf("Url: '%s', target: '%s', len: %ld\n", url, target, hdrlen + len); - rv = NPN_PostURL(instance, url, target, hdrlen + content_len, sendbuf, FALSE); - - return rv; -} - -NPError -NPP_New(NPMIMEType pluginType, - NPP instance, - uint16 mode, - int16 argc, - char* argn[], - char* argv[], - NPSavedData* saved) -{ - PluginInstance* This = NULL; - NPError rv; - int r, i, datalen, b64datalen; - u8 *data = NULL, *b64data = NULL; - char *postUrl = NULL, *dataToSign = NULL, *fieldName = NULL; - - printf("NPP_New()\n"); - if (instance == NULL) - return NPERR_INVALID_INSTANCE_ERROR; - instance->pdata = NPN_MemAlloc(sizeof(PluginInstance)); - - This = (PluginInstance*) instance->pdata; - - if (This == NULL) - return NPERR_OUT_OF_MEMORY_ERROR; - - This->ctx = NULL; - This->card = NULL; - This->p15card = NULL; - - for (i = 0; i < argc; i++) { - if (strcmp(argn[i], "wsxaction") == 0) { - postUrl = strdup(argv[i]); - } else if (strcmp(argn[i], "wsxdatatosign") == 0) { - dataToSign = strdup(argv[i]); - } else if (strcmp(argn[i], "wsxname") == 0) { - fieldName = strdup(argv[i]); - } else - printf("'%s' = '%s'\n", argn[i], argv[i]); - } - if (postUrl == NULL || dataToSign == NULL) { - r = NPERR_GENERIC_ERROR; - goto err; - } - if (fieldName == NULL) - fieldName = strdup("SignedData"); - This->signdata = dataToSign; - This->signdata_len = strlen(dataToSign); - - r = create_envelope(This, &data, &datalen); - if (r) { - r = NPERR_GENERIC_ERROR; - goto err; - } - b64datalen = datalen * 4 / 3 + 4; - b64data = (u8 *) malloc(b64datalen); - r = sc_base64_encode(data, datalen, b64data, b64datalen, 0); - if (r) { - r = NPERR_GENERIC_ERROR; - goto err; - } - printf("Posting to '%s'\n", postUrl); - printf("Data to sign: %s\n", dataToSign); - printf("Signed: %s\n", b64data); - rv = post_data(instance, postUrl, "_self", strlen((char *) b64data), (char *) b64data, - fieldName); - printf("post_data returned %d\n", rv); - r = NPERR_NO_ERROR; -err: - if (fieldName) - free(fieldName); - if (dataToSign) - free(dataToSign); - if (postUrl) - free(postUrl); - if (data) - free(data); - if (b64data) - free(b64data); - return r; -} - -NPError -NPP_Destroy(NPP instance, NPSavedData** save) -{ - PluginInstance* This; - - printf("NPP_Destroy()\n"); - if (instance == NULL) - return NPERR_INVALID_INSTANCE_ERROR; - - This = (PluginInstance*) instance->pdata; - - /* PLUGIN DEVELOPERS: - * If desired, call NP_MemAlloc to create a - * NPSavedDate structure containing any state information - * that you want restored if this plugin instance is later - * recreated. - */ - if (This == NULL) - return NPERR_NO_ERROR; - - NPN_MemFree(instance->pdata); - instance->pdata = NULL; - - return NPERR_NO_ERROR; -} - - - -NPError -NPP_SetWindow(NPP instance, NPWindow* window) -{ - PluginInstance* This; - Display *dpy; - NPSetWindowCallbackStruct *ws; - Window win; - - printf("NPP_SetWindow()\n"); - - if (instance == NULL) - return NPERR_INVALID_INSTANCE_ERROR; - - if (window == NULL) - return NPERR_NO_ERROR; - - This = (PluginInstance*) instance->pdata; - ws = (NPSetWindowCallbackStruct *) window->ws_info; - dpy = ws->display; - win = (Window) window->window; - - /* - * PLUGIN DEVELOPERS: - * Before setting window to point to the - * new window, you may wish to compare the new window - * info to the previous window (if any) to note window - * size changes, etc. - */ - - - return NPERR_NO_ERROR; -} - - -NPError -NPP_NewStream(NPP instance, - NPMIMEType type, - NPStream *stream, - NPBool seekable, - uint16 *stype) -{ - PluginInstance* This; - printf("NPP_NewStream()\n"); - - if (instance == NULL) - return NPERR_INVALID_INSTANCE_ERROR; - - This = (PluginInstance*) instance->pdata; - - return NPERR_NO_ERROR; -} - - -/* PLUGIN DEVELOPERS: - * These next 2 functions are directly relevant in a plug-in which - * handles the data in a streaming manner. If you want zero bytes - * because no buffer space is YET available, return 0. As long as - * the stream has not been written to the plugin, Navigator will - * continue trying to send bytes. If the plugin doesn't want them, - * just return some large number from NPP_WriteReady(), and - * ignore them in NPP_Write(). For a NP_ASFILE stream, they are - * still called but can safely be ignored using this strategy. - */ - -int32 STREAMBUFSIZE = 0X0FFFFFFF; /* If we are reading from a file in NPAsFile - * mode so we can take any size stream in our - * write call (since we ignore it) */ - -int32 -NPP_WriteReady(NPP instance, NPStream *stream) -{ - PluginInstance* This; - if (instance != NULL) - This = (PluginInstance*) instance->pdata; - printf("NPP_WriteReady()\n"); - return STREAMBUFSIZE; -} - - -int32 -NPP_Write(NPP instance, NPStream *stream, int32 offset, int32 len, void *buffer) -{ -#if 0 - if (instance != NULL) - { - PluginInstance* This = (PluginInstance*) instance->pdata; - } -#endif - printf("NPP_Write(offset %d, len %d)\n", (int) offset, (int) len); - - return len; /* The number of bytes accepted */ -} - - -NPError -NPP_DestroyStream(NPP instance, NPStream *stream, NPError reason) -{ - PluginInstance* This; - - if (instance == NULL) - return NPERR_INVALID_INSTANCE_ERROR; - This = (PluginInstance*) instance->pdata; - printf("NPP_DestroyStream()\n"); - - return NPERR_NO_ERROR; -} - - -void -NPP_StreamAsFile(NPP instance, NPStream *stream, const char* fname) -{ - PluginInstance* This; - - if (instance != NULL) - This = (PluginInstance*) instance->pdata; - printf("NPP_StreamAsFile('%s')\n", fname); -} - - -void -NPP_Print(NPP instance, NPPrint* printInfo) -{ -#if 0 - if(printInfo == NULL) - return; - - if (instance != NULL) { - PluginInstance* This = (PluginInstance*) instance->pdata; - - if (printInfo->mode == NP_FULL) { - /* - * PLUGIN DEVELOPERS: - * If your plugin would like to take over - * printing completely when it is in full-screen mode, - * set printInfo->pluginPrinted to TRUE and print your - * plugin as you see fit. If your plugin wants Netscape - * to handle printing in this case, set - * printInfo->pluginPrinted to FALSE (the default) and - * do nothing. If you do want to handle printing - * yourself, printOne is true if the print button - * (as opposed to the print menu) was clicked. - * On the Macintosh, platformPrint is a THPrint; on - * Windows, platformPrint is a structure - * (defined in npapi.h) containing the printer name, port, - * etc. - */ - - void* platformPrint = - printInfo->print.fullPrint.platformPrint; - NPBool printOne = - printInfo->print.fullPrint.printOne; - - /* Do the default*/ - printInfo->print.fullPrint.pluginPrinted = FALSE; - } - else { /* If not fullscreen, we must be embedded */ - /* - * PLUGIN DEVELOPERS: - * If your plugin is embedded, or is full-screen - * but you returned false in pluginPrinted above, NPP_Print - * will be called with mode == NP_EMBED. The NPWindow - * in the printInfo gives the location and dimensions of - * the embedded plugin on the printed page. On the - * Macintosh, platformPrint is the printer port; on - * Windows, platformPrint is the handle to the printing - * device context. - */ - - NPWindow* printWindow = - &(printInfo->print.embedPrint.window); - void* platformPrint = - printInfo->print.embedPrint.platformPrint; - } - } -#endif -} diff -Nru opensc-0.11.13/src/signer/signer.exports opensc-0.12.1/src/signer/signer.exports --- opensc-0.11.13/src/signer/signer.exports 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/signer/signer.exports 1970-01-01 00:00:00.000000000 +0000 @@ -1,34 +0,0 @@ -NPP_Initialize -NPN_RequestRead -NPP_Destroy -NPN_ReloadPlugins -NPN_GetJavaEnv -NP_GetValue -NPN_Version -NPN_NewStream -NPN_MemFree -NPN_GetURL -NPN_Write -NP_GetMIMEDescription -NPN_PostURL -NPN_MemAlloc -NPP_SetWindow -NPN_MemFlush -NPP_Print -NPP_StreamAsFile -NPP_GetMIMEDescription -NP_Initialize -NPP_DestroyStream -NPP_GetValue -NP_Shutdown -NPP_Write -NPN_UserAgent -NPP_NewStream -NPP_New -NPN_GetJavaPeer -NPN_Status -NPP_GetJavaClass -NPN_DestroyStream -NPP_Shutdown -NPP_WriteReady -NPN_GetValue diff -Nru opensc-0.11.13/src/signer/signer.h opensc-0.12.1/src/signer/signer.h --- opensc-0.11.13/src/signer/signer.h 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/signer/signer.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,35 +0,0 @@ -#ifndef _SIGNER_H -#define _SIGNER_H - -#ifdef HAVE_CONFIG_H -#include -#endif -#include -#include -#include - -typedef struct _PluginInstance -{ - char *signdata; - int signdata_len; - int reader_id; - struct sc_context *ctx; - struct sc_card *card; - struct sc_pkcs15_card *p15card; - - const char *pinname; - char *pinbuf; - int pinlen; -} PluginInstance; - -#ifdef __cplusplus -extern "C" { -#endif - -int ask_pin_code(PluginInstance *inst); - -#ifdef __cplusplus -} -#endif - -#endif diff -Nru opensc-0.11.13/src/signer/stubs.c opensc-0.12.1/src/signer/stubs.c --- opensc-0.11.13/src/signer/stubs.c 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/signer/stubs.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,14 +0,0 @@ -/* -*- Mode: C; tab-width: 4; -*- */ -/******************************************************************************* - * Simple LiveConnect Sample Plugin - * Copyright (c) 1996 Netscape Communications. All rights reserved. - ******************************************************************************/ - -/* -** Ok, so we don't usually include .c files (only .h files) but we're -** doing it here to avoid some fancy make rules. First pull in the common -** glue code: -*/ -#ifdef XP_UNIX -#include "npunix.c" -#endif diff -Nru opensc-0.11.13/src/signer/testprog.c opensc-0.12.1/src/signer/testprog.c --- opensc-0.11.13/src/signer/testprog.c 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/signer/testprog.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,48 +0,0 @@ -#include -#include -#include -#include -#include "opensc-support.h" -#include "opensc-crypto.h" -#include "signer.h" - -int test(void) -{ - BIO *in; - PKCS7 *p7; - - in = BIO_new_file("sample.pem", "r"); - p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); - if (p7 == NULL) { - goto err; - } -#if 0 - return prp7(p7); -#endif - return 0; -err: - ERR_load_crypto_strings(); - ERR_print_errors_fp(stderr); - return 1; -} - -int main(void) -{ - PluginInstance pl; - u8 *data; - int datalen, r; - -#if 0 - test(); - return 0; -#endif - - pl.signdata = strdup("12345\ntest foo bar one two three\nTesting 1234567890"); - pl.signdata_len = strlen(pl.signdata); - r = create_envelope(&pl, &data, &datalen); - if (r) { - printf("create_env() failed\n"); - return 1; - } - return 0; -} diff -Nru opensc-0.11.13/src/tests/base64.c opensc-0.12.1/src/tests/base64.c --- opensc-0.11.13/src/tests/base64.c 2005-12-29 12:36:28.000000000 +0000 +++ opensc-0.12.1/src/tests/base64.c 2011-05-17 17:07:00.000000000 +0000 @@ -1,9 +1,9 @@ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include -#include -#include + +#include "libopensc/opensc.h" +#include "libopensc/asn1.h" int main(int argc, char *argv[]) { diff -Nru opensc-0.11.13/src/tests/lottery.c opensc-0.12.1/src/tests/lottery.c --- opensc-0.11.13/src/tests/lottery.c 2009-12-13 07:44:41.000000000 +0000 +++ opensc-0.12.1/src/tests/lottery.c 2011-05-17 17:07:00.000000000 +0000 @@ -2,9 +2,8 @@ * All rights reserved. */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #include #ifdef HAVE_UNISTD_H @@ -13,7 +12,8 @@ #ifdef HAVE_SYS_TIME_H #include #endif -#include + +#include "libopensc/opensc.h" #include "sc-test.h" int main(int argc, char *argv[]) diff -Nru opensc-0.11.13/src/tests/Makefile.am opensc-0.12.1/src/tests/Makefile.am --- opensc-0.11.13/src/tests/Makefile.am 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/tests/Makefile.am 2011-05-17 17:07:00.000000000 +0000 @@ -1,14 +1,12 @@ include $(top_srcdir)/win32/ltrc.inc -MAINTAINERCLEANFILES = \ - $(srcdir)/Makefile.in $(srcdir)/versioninfo.rc -CLEANFILES = versioninfo.rc +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in EXTRA_DIST = Makefile.mak SUBDIRS = regression noinst_PROGRAMS = base64 lottery p15dump pintest prngtest -INCLUDES = -I$(top_srcdir)/src/common -I$(top_builddir)/src/include +INCLUDES = -I$(top_srcdir)/src LIBS = $(top_builddir)/src/libopensc/libopensc.la \ $(top_builddir)/src/common/libcompat.la @@ -22,15 +20,9 @@ prngtest_SOURCES = prngtest.c $(COMMON_SRC) $(COMMON_INC) if WIN32 -base64_SOURCES += versioninfo.rc -lottery_SOURCES += versioninfo.rc -p15dump_SOURCES += versioninfo.rc -pintest_SOURCES += versioninfo.rc -prngtest_SOURCES += versioninfo.rc -else -dist_noinst_DATA = versioninfo.rc +base64_SOURCES += $(top_builddir)/win32/versioninfo.rc +lottery_SOURCES += $(top_builddir)/win32/versioninfo.rc +p15dump_SOURCES += $(top_builddir)/win32/versioninfo.rc +pintest_SOURCES += $(top_builddir)/win32/versioninfo.rc +prngtest_SOURCES += $(top_builddir)/win32/versioninfo.rc endif - -versioninfo.rc: - sed 's/@@FILE_DESCRIPTION@@/OpenSC Test Program/g' \ - "$(top_builddir)/win32/versioninfo.rc.in" > versioninfo.rc diff -Nru opensc-0.11.13/src/tests/Makefile.in opensc-0.12.1/src/tests/Makefile.in --- opensc-0.11.13/src/tests/Makefile.in 2010-02-16 09:32:18.000000000 +0000 +++ opensc-0.12.1/src/tests/Makefile.in 2011-05-18 05:51:48.000000000 +0000 @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -17,7 +17,6 @@ # Required to build Windows resource file - VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ @@ -37,22 +36,21 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -DIST_COMMON = $(am__dist_noinst_DATA_DIST) $(srcdir)/Makefile.am \ - $(srcdir)/Makefile.in $(top_srcdir)/win32/ltrc.inc +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ + $(top_srcdir)/win32/ltrc.inc noinst_PROGRAMS = base64$(EXEEXT) lottery$(EXEEXT) p15dump$(EXEEXT) \ pintest$(EXEEXT) prngtest$(EXEEXT) -@WIN32_TRUE@am__append_1 = versioninfo.rc -@WIN32_TRUE@am__append_2 = versioninfo.rc -@WIN32_TRUE@am__append_3 = versioninfo.rc -@WIN32_TRUE@am__append_4 = versioninfo.rc -@WIN32_TRUE@am__append_5 = versioninfo.rc +@WIN32_TRUE@am__append_1 = $(top_builddir)/win32/versioninfo.rc +@WIN32_TRUE@am__append_2 = $(top_builddir)/win32/versioninfo.rc +@WIN32_TRUE@am__append_3 = $(top_builddir)/win32/versioninfo.rc +@WIN32_TRUE@am__append_4 = $(top_builddir)/win32/versioninfo.rc +@WIN32_TRUE@am__append_5 = $(top_builddir)/win32/versioninfo.rc subdir = src/tests ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/acx_pthread.m4 \ - $(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.ac + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d @@ -60,34 +58,37 @@ CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = PROGRAMS = $(noinst_PROGRAMS) -am__base64_SOURCES_DIST = base64.c sc-test.c sc-test.h versioninfo.rc +am__base64_SOURCES_DIST = base64.c sc-test.c sc-test.h \ + $(top_builddir)/win32/versioninfo.rc am__objects_1 = sc-test.$(OBJEXT) am__objects_2 = -@WIN32_TRUE@am__objects_3 = versioninfo.$(OBJEXT) +am__dirstamp = $(am__leading_dot)dirstamp +@WIN32_TRUE@am__objects_3 = \ +@WIN32_TRUE@ $(top_builddir)/win32/versioninfo.$(OBJEXT) am_base64_OBJECTS = base64.$(OBJEXT) $(am__objects_1) $(am__objects_2) \ $(am__objects_3) base64_OBJECTS = $(am_base64_OBJECTS) base64_LDADD = $(LDADD) am__lottery_SOURCES_DIST = lottery.c sc-test.c sc-test.h \ - versioninfo.rc + $(top_builddir)/win32/versioninfo.rc am_lottery_OBJECTS = lottery.$(OBJEXT) $(am__objects_1) \ $(am__objects_2) $(am__objects_3) lottery_OBJECTS = $(am_lottery_OBJECTS) lottery_LDADD = $(LDADD) am__p15dump_SOURCES_DIST = p15dump.c print.c sc-test.c sc-test.h \ - versioninfo.rc + $(top_builddir)/win32/versioninfo.rc am_p15dump_OBJECTS = p15dump.$(OBJEXT) print.$(OBJEXT) \ $(am__objects_1) $(am__objects_2) $(am__objects_3) p15dump_OBJECTS = $(am_p15dump_OBJECTS) p15dump_LDADD = $(LDADD) am__pintest_SOURCES_DIST = pintest.c print.c sc-test.c sc-test.h \ - versioninfo.rc + $(top_builddir)/win32/versioninfo.rc am_pintest_OBJECTS = pintest.$(OBJEXT) print.$(OBJEXT) \ $(am__objects_1) $(am__objects_2) $(am__objects_3) pintest_OBJECTS = $(am_pintest_OBJECTS) pintest_LDADD = $(LDADD) am__prngtest_SOURCES_DIST = prngtest.c sc-test.c sc-test.h \ - versioninfo.rc + $(top_builddir)/win32/versioninfo.rc am_prngtest_OBJECTS = prngtest.$(OBJEXT) $(am__objects_1) \ $(am__objects_2) $(am__objects_3) prngtest_OBJECTS = $(am_prngtest_OBJECTS) @@ -117,8 +118,6 @@ install-pdf-recursive install-ps-recursive install-recursive \ installcheck-recursive installdirs-recursive pdf-recursive \ ps-recursive uninstall-recursive -am__dist_noinst_DATA_DIST = versioninfo.rc -DATA = $(dist_noinst_DATA) RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ @@ -180,8 +179,6 @@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ -ICONV_CFLAGS = @ICONV_CFLAGS@ -ICONV_LIBS = @ICONV_LIBS@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ @@ -189,10 +186,8 @@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LD = @LD@ LDFLAGS = @LDFLAGS@ -LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@ -LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@ -LIBASSUAN_LIBS = @LIBASSUAN_LIBS@ LIBOBJS = @LIBOBJS@ +LIBRARY_BITNESS = @LIBRARY_BITNESS@ LIBS = $(top_builddir)/src/libopensc/libopensc.la \ $(top_builddir)/src/common/libcompat.la @@ -219,8 +214,6 @@ OPENSC_VERSION_MINOR = @OPENSC_VERSION_MINOR@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ -OPTIONAL_ICONV_CFLAGS = @OPTIONAL_ICONV_CFLAGS@ -OPTIONAL_ICONV_LIBS = @OPTIONAL_ICONV_LIBS@ OPTIONAL_OPENCT_CFLAGS = @OPTIONAL_OPENCT_CFLAGS@ OPTIONAL_OPENCT_LIBS = @OPTIONAL_OPENCT_LIBS@ OPTIONAL_OPENSSL_CFLAGS = @OPTIONAL_OPENSSL_CFLAGS@ @@ -243,6 +236,8 @@ PCSC_CFLAGS = @PCSC_CFLAGS@ PCSC_LIBS = @PCSC_LIBS@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ @@ -255,10 +250,7 @@ SHELL = @SHELL@ STRIP = @STRIP@ SVN = @SVN@ -TR = @TR@ VERSION = @VERSION@ -WGET = @WGET@ -WGET_OPTS = @WGET_OPTS@ WIN_LIBPREFIX = @WIN_LIBPREFIX@ XSLTPROC = @XSLTPROC@ ZLIB_CFLAGS = @ZLIB_CFLAGS@ @@ -304,11 +296,8 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ -openscincludedir = @openscincludedir@ pdfdir = @pdfdir@ pkcs11dir = @pkcs11dir@ -pkgconfigdir = @pkgconfigdir@ -plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -325,13 +314,10 @@ $(AM_CPPFLAGS) $(CPPFLAGS) LTRCCOMPILE = $(LIBTOOL) --mode=compile --tag=RC $(RCCOMPILE) -MAINTAINERCLEANFILES = \ - $(srcdir)/Makefile.in $(srcdir)/versioninfo.rc - -CLEANFILES = versioninfo.rc +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in EXTRA_DIST = Makefile.mak SUBDIRS = regression -INCLUDES = -I$(top_srcdir)/src/common -I$(top_builddir)/src/include +INCLUDES = -I$(top_srcdir)/src COMMON_SRC = sc-test.c COMMON_INC = sc-test.h base64_SOURCES = base64.c $(COMMON_SRC) $(COMMON_INC) $(am__append_1) @@ -343,7 +329,6 @@ $(am__append_4) prngtest_SOURCES = prngtest.c $(COMMON_SRC) $(COMMON_INC) \ $(am__append_5) -@WIN32_FALSE@dist_noinst_DATA = versioninfo.rc all: all-recursive .SUFFIXES: @@ -357,9 +342,9 @@ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/tests/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/tests/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/tests/Makefile + $(AUTOMAKE) --foreign src/tests/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -387,6 +372,15 @@ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ echo " rm -f" $$list; \ rm -f $$list +$(top_builddir)/win32/$(am__dirstamp): + @$(MKDIR_P) $(top_builddir)/win32 + @: > $(top_builddir)/win32/$(am__dirstamp) +$(top_builddir)/win32/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) $(top_builddir)/win32/$(DEPDIR) + @: > $(top_builddir)/win32/$(DEPDIR)/$(am__dirstamp) +$(top_builddir)/win32/versioninfo.$(OBJEXT): \ + $(top_builddir)/win32/$(am__dirstamp) \ + $(top_builddir)/win32/$(DEPDIR)/$(am__dirstamp) base64$(EXEEXT): $(base64_OBJECTS) $(base64_DEPENDENCIES) @rm -f base64$(EXEEXT) $(LINK) $(base64_OBJECTS) $(base64_LDADD) $(LIBS) @@ -405,6 +399,7 @@ mostlyclean-compile: -rm -f *.$(OBJEXT) + -rm -f $(top_builddir)/win32/versioninfo.$(OBJEXT) distclean-compile: -rm -f *.tab.c @@ -451,7 +446,7 @@ # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. $(RECURSIVE_TARGETS): - @failcom='exit 1'; \ + @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ @@ -476,7 +471,7 @@ fi; test -z "$$fail" $(RECURSIVE_CLEAN_TARGETS): - @failcom='exit 1'; \ + @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ @@ -639,7 +634,7 @@ done check-am: all-am check: check-recursive -all-am: Makefile $(PROGRAMS) $(DATA) +all-am: Makefile $(PROGRAMS) installdirs: installdirs-recursive installdirs-am: install: install-recursive @@ -659,11 +654,12 @@ mostlyclean-generic: clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -test -z "$(top_builddir)/win32/$(DEPDIR)/$(am__dirstamp)" || rm -f $(top_builddir)/win32/$(DEPDIR)/$(am__dirstamp) + -test -z "$(top_builddir)/win32/$(am__dirstamp)" || rm -f $(top_builddir)/win32/$(am__dirstamp) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -765,10 +761,6 @@ .rc.o: $(RCCOMPILE) -i "$<" -o "$@" -versioninfo.rc: - sed 's/@@FILE_DESCRIPTION@@/OpenSC Test Program/g' \ - "$(top_builddir)/win32/versioninfo.rc.in" > versioninfo.rc - # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff -Nru opensc-0.11.13/src/tests/Makefile.mak opensc-0.12.1/src/tests/Makefile.mak --- opensc-0.11.13/src/tests/Makefile.mak 2009-12-13 09:14:26.000000000 +0000 +++ opensc-0.12.1/src/tests/Makefile.mak 2011-05-17 17:07:00.000000000 +0000 @@ -5,8 +5,7 @@ p15dump.exe pintest.exe # prngtest.exe lottery.exe all: print.obj sc-test.obj $(TARGETS) - -$(TARGETS): versioninfo.res print.obj sc-test.obj \ +$(TARGETS): $(TOPDIR)\win32\versioninfo.res print.obj sc-test.obj \ ..\common\common.lib ..\libopensc\opensc.lib !INCLUDE $(TOPDIR)\win32\Make.rules.mak @@ -17,6 +16,6 @@ .c.exe: cl $(COPTS) /c $< link $(LINKFLAGS) /pdb:$*.pdb /out:$@ $*.obj sc-test.obj print.obj \ - ..\common\common.lib ..\libopensc\opensc.lib versioninfo.res + ..\common\common.lib ..\libopensc\opensc.lib $(TOPDIR)\win32\versioninfo.res if EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;1 diff -Nru opensc-0.11.13/src/tests/p15dump.c opensc-0.12.1/src/tests/p15dump.c --- opensc-0.11.13/src/tests/p15dump.c 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/tests/p15dump.c 2011-05-17 17:07:00.000000000 +0000 @@ -4,13 +4,13 @@ * PKCS#15 objects test */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #include -#include -#include + +#include "libopensc/opensc.h" +#include "libopensc/pkcs15.h" #include "sc-test.h" static struct sc_pkcs15_card *p15card; @@ -39,7 +39,7 @@ } printf("%u found.\n", count); - objs = (struct sc_pkcs15_object **) calloc(count, sizeof(*objs)); + objs = calloc(count, sizeof(*objs)); if ((count = sc_pkcs15_get_objects(p15card, type, objs, count)) < 0) { fprintf(stderr, "Error enumerating %s: %s\n", what, sc_strerror(count)); @@ -68,9 +68,7 @@ } path.count = -1; - sc_ctx_suppress_errors_on(p15card->card->ctx); r = sc_pkcs15_read_file(p15card, &path, &buf, &buf_len, NULL); - sc_ctx_suppress_errors_off(p15card->card->ctx); if (r < 0) { if (r == SC_ERROR_FILE_NOT_FOUND) { printf("\nNo EF(UnusedSpace) file\n"); @@ -114,7 +112,7 @@ printf("Looking for a PKCS#15 compatible Smart Card... "); fflush(stdout); sc_lock(card); - i = sc_pkcs15_bind(card, &p15card); + i = sc_pkcs15_bind(card, NULL, &p15card); /* Keep card locked to prevent useless calls to sc_logout */ if (i) { fprintf(stderr, "failed: %s\n", sc_strerror(i)); diff -Nru opensc-0.11.13/src/tests/pintest.c opensc-0.12.1/src/tests/pintest.c --- opensc-0.11.13/src/tests/pintest.c 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/tests/pintest.c 2011-05-17 17:07:00.000000000 +0000 @@ -4,18 +4,18 @@ * PKCS#15 PIN code test */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #include #include #ifdef HAVE_UNISTD_H #include #endif -#include -#include -#include + +#include "libopensc/opensc.h" +#include "libopensc/pkcs15.h" +#include "common/compat_getpass.h" #include "sc-test.h" static struct sc_pkcs15_card *p15card; @@ -35,7 +35,7 @@ fprintf(stderr, "No PIN codes found!\n"); return 0; } - objs = (struct sc_pkcs15_object **) calloc(n, sizeof(*objs)); + objs = calloc(n, sizeof(*objs)); sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_AUTH_PIN, objs, n); for (i = 0; i < n; i++) { sc_test_print_object(objs[i]); @@ -44,30 +44,29 @@ return n; } -static int ask_and_verify_pin(struct sc_pkcs15_object *obj) +static int ask_and_verify_pin(struct sc_pkcs15_object *pin_obj) { - struct sc_pkcs15_pin_info *pin; + struct sc_pkcs15_pin_info *pin_info = (struct sc_pkcs15_pin_info *) pin_obj->data; int i = 0; char prompt[80]; u8 *pass; - pin = (struct sc_pkcs15_pin_info *) obj->data; - if (pin->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN) { - printf("Skipping unblocking pin [%s]\n", obj->label); + if (pin_info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN) { + printf("Skipping unblocking pin [%s]\n", pin_obj->label); return 0; } - sprintf(prompt, "Please enter PIN code [%s]: ", obj->label); + sprintf(prompt, "Please enter PIN code [%s]: ", pin_obj->label); pass = (u8 *) getpass(prompt); sc_lock(card); - i = sc_pkcs15_verify_pin(p15card, pin, pass, strlen((char *) pass)); + i = sc_pkcs15_verify_pin(p15card, pin_obj, pass, strlen((char *) pass)); sc_unlock(card); if (i) { if (i == SC_ERROR_PIN_CODE_INCORRECT) fprintf(stderr, "Incorrect PIN code (%d tries left)\n", - pin->tries_left); + pin_info->tries_left); else fprintf(stderr, "PIN verifying failed: %s\n", @@ -87,12 +86,12 @@ i = sc_test_init(&argc, argv); if (i < 0) return 1; - if (card->slot->capabilities & SC_SLOT_CAP_PIN_PAD) + if (card->reader->capabilities & SC_READER_CAP_PIN_PAD) printf("Slot is capable of doing pinpad operations!\n"); printf("Looking for a PKCS#15 compatible Smart Card... "); fflush(stdout); sc_lock(card); - i = sc_pkcs15_bind(card, &p15card); + i = sc_pkcs15_bind(card, NULL, &p15card); sc_unlock(card); if (i) { fprintf(stderr, "failed: %s\n", sc_strerror(i)); diff -Nru opensc-0.11.13/src/tests/print.c opensc-0.12.1/src/tests/print.c --- opensc-0.11.13/src/tests/print.c 2009-12-13 09:14:26.000000000 +0000 +++ opensc-0.12.1/src/tests/print.c 2011-05-17 17:07:00.000000000 +0000 @@ -4,14 +4,14 @@ * PKCS#15 PIN code test */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #include #include -#include -#include + +#include "libopensc/opensc.h" +#include "libopensc/pkcs15.h" #include "sc-test.h" void sc_test_print_card(const sc_pkcs15_card_t *mycard) @@ -25,15 +25,15 @@ int i, count = 0; assert(mycard != NULL); - printf("PKCS#15 Card [%s]:\n", mycard->label); - printf("\tVersion : %d\n", mycard->version); - printf("\tSerial number : %s\n", mycard->serial_number); - printf("\tManufacturer ID: %s\n", mycard->manufacturer_id); - if (mycard->preferred_language) - printf("\tLanguage : %s\n", mycard->preferred_language); + printf("PKCS#15 Card [%s]:\n", mycard->tokeninfo->label); + printf("\tVersion : %d\n", mycard->tokeninfo->version); + printf("\tSerial number : %s\n", mycard->tokeninfo->serial_number); + printf("\tManufacturer ID: %s\n", mycard->tokeninfo->manufacturer_id); + if (mycard->tokeninfo->preferred_language) + printf("\tLanguage : %s\n", mycard->tokeninfo->preferred_language); printf("\tFlags : "); for (i = 0; i < 4; i++) { - if ((mycard->flags >> i) & 1) { + if ((mycard->tokeninfo->flags >> i) & 1) { if (count) printf(", "); printf("%s", flags[i]); diff -Nru opensc-0.11.13/src/tests/prngtest.c opensc-0.12.1/src/tests/prngtest.c --- opensc-0.11.13/src/tests/prngtest.c 2009-12-13 07:44:41.000000000 +0000 +++ opensc-0.12.1/src/tests/prngtest.c 2011-05-17 17:07:00.000000000 +0000 @@ -4,9 +4,8 @@ * Pseudo-random number generator test program */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #include #ifdef HAVE_UNISTD_H @@ -15,7 +14,8 @@ #ifdef HAVE_SYS_TIME_H #include #endif -#include + +#include "libopensc/opensc.h" #include "sc-test.h" int main(int argc, char *argv[]) diff -Nru opensc-0.11.13/src/tests/regression/functions opensc-0.12.1/src/tests/regression/functions --- opensc-0.11.13/src/tests/regression/functions 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/tests/regression/functions 2011-05-17 17:07:00.000000000 +0000 @@ -47,7 +47,6 @@ case $1 in -T|--use-default-transport-keys|\ - --split-key|\ --no-prompt|\ --soft|\ -v*) @@ -355,7 +354,7 @@ msg "Card contents according to p15tool --dump" run_display_output $p15tool --dump < /dev/null msg "Validating card using pkcs11-tool" - run_display_output $p11tool -t --pin 0000 \ + run_display_output $p11tool -t --login --pin 0000 \ --module $p11module \ --slot-label "OpenSC Test Card" $* < /dev/null success diff -Nru opensc-0.11.13/src/tests/regression/init0001 opensc-0.12.1/src/tests/regression/init0001 --- opensc-0.11.13/src/tests/regression/init0001 2005-12-29 12:36:28.000000000 +0000 +++ opensc-0.12.1/src/tests/regression/init0001 2011-05-17 17:07:00.000000000 +0000 @@ -8,7 +8,7 @@ p15_init --no-so-pin p15_set_pin -a 01 -p15_gen_key rsa/1024 -a 01 --split-key --key-usage sign,decrypt +p15_gen_key rsa/1024 -a 01 --key-usage sign,decrypt p15_validate p15_erase --secret @01=0000 diff -Nru opensc-0.11.13/src/tests/regression/init0002 opensc-0.12.1/src/tests/regression/init0002 --- opensc-0.11.13/src/tests/regression/init0002 2005-12-29 12:36:28.000000000 +0000 +++ opensc-0.12.1/src/tests/regression/init0002 2011-05-17 17:07:00.000000000 +0000 @@ -10,7 +10,7 @@ p15_init --so-pin 999999 --so-puk 88888888 p15_set_pin -a 27 --so-pin 999999 -p15_gen_key rsa/1024 -a 27 --so-pin 999999 --split-key --key-usage sign,decrypt +p15_gen_key rsa/1024 -a 27 --so-pin 999999 --key-usage sign,decrypt p15_validate p15_erase --secret @27=0000 diff -Nru opensc-0.11.13/src/tests/regression/init0005 opensc-0.12.1/src/tests/regression/init0005 --- opensc-0.11.13/src/tests/regression/init0005 2006-01-22 22:27:38.000000000 +0000 +++ opensc-0.12.1/src/tests/regression/init0005 2011-05-17 17:07:00.000000000 +0000 @@ -8,7 +8,7 @@ p15_init --no-so-pin p15_set_pin -a 01 -p15_gen_key rsa/1024 -a 01 --split-key --key-usage sign,decrypt +p15_gen_key rsa/1024 -a 01 --key-usage sign,decrypt p15_validate p15_erase --secret @01=0000 diff -Nru opensc-0.11.13/src/tests/regression/init0007 opensc-0.12.1/src/tests/regression/init0007 --- opensc-0.11.13/src/tests/regression/init0007 2005-12-29 12:36:28.000000000 +0000 +++ opensc-0.12.1/src/tests/regression/init0007 2011-05-17 17:07:00.000000000 +0000 @@ -9,8 +9,8 @@ p15_init --no-so-pin p15_set_pin -a 01 p15_set_pin -a 02 --label "User Signature PIN" -p15_gen_key rsa/512 -a 01 --split-key --key-usage sign,decrypt -p15_gen_key rsa/512 -a 02 --split-key --key-usage nonRepudiation \ +p15_gen_key rsa/512 -a 01 --key-usage sign,decrypt +p15_gen_key rsa/512 -a 02 --key-usage nonRepudiation \ --id feeb \ --label "Non-Repudiation Key" p15_validate diff -Nru opensc-0.11.13/src/tests/regression/init0008 opensc-0.12.1/src/tests/regression/init0008 --- opensc-0.11.13/src/tests/regression/init0008 2005-12-29 12:36:28.000000000 +0000 +++ opensc-0.12.1/src/tests/regression/init0008 2011-05-17 17:07:00.000000000 +0000 @@ -8,7 +8,7 @@ p15_init --no-so-pin p15_set_pin -a 01 -p15_store_key test.p12 --format pkcs12 --passphrase "password" -a 01 --split-key +p15_store_key test.p12 --format pkcs12 --passphrase "password" -a 01 p15_validate p15_erase --secret @01=0000 diff -Nru opensc-0.11.13/src/tests/regression/init0012 opensc-0.12.1/src/tests/regression/init0012 --- opensc-0.11.13/src/tests/regression/init0012 2005-12-29 12:36:28.000000000 +0000 +++ opensc-0.12.1/src/tests/regression/init0012 2011-05-17 17:07:00.000000000 +0000 @@ -6,8 +6,8 @@ . functions -p15_init --profile pkcs15+onepin --so-pin 999999 --so-puk 111111 -p15_gen_key rsa/1024 -a 01 --split-key --key-usage sign,decrypt --pin 999999 +p15_init --profile pkcs15+onepin --pin 999999 --puk 111111 +p15_gen_key rsa/1024 -a 01 --key-usage sign,decrypt --pin 999999 p15_validate --pin 999999 p15_erase --secret @01=999999 diff -Nru opensc-0.11.13/src/tests/regression/Makefile.am opensc-0.12.1/src/tests/regression/Makefile.am --- opensc-0.11.13/src/tests/regression/Makefile.am 2009-12-13 09:14:26.000000000 +0000 +++ opensc-0.12.1/src/tests/regression/Makefile.am 2011-05-17 17:07:00.000000000 +0000 @@ -1,12 +1,12 @@ MAINTAINERCLEANFILES = $(srcdir)/Makefile.in -dist_noinst_DATA = \ +dist_check_DATA = \ crypt0001 crypt0002 crypt0003 crypt0004 crypt0005 crypt0006 crypt0007 \ init0001 init0002 init0003 init0004 init0005 init0006 \ init0007 init0008 init0009 init0010 init0011 init0012 \ pin0001 pin0002 \ README test.p12 bintest -dist_noinst_SCRIPTS = erase functions run-all +dist_check_SCRIPTS = erase functions run-all # remove log files from regression tests clean-local: diff -Nru opensc-0.11.13/src/tests/regression/Makefile.in opensc-0.12.1/src/tests/regression/Makefile.in --- opensc-0.11.13/src/tests/regression/Makefile.in 2010-02-16 09:32:18.000000000 +0000 +++ opensc-0.12.1/src/tests/regression/Makefile.in 2011-05-18 05:51:48.000000000 +0000 @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -14,8 +14,6 @@ # PARTICULAR PURPOSE. @SET_MAKE@ - - VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ @@ -36,24 +34,21 @@ build_triplet = @build@ host_triplet = @host@ subdir = src/tests/regression -DIST_COMMON = README $(dist_noinst_DATA) $(dist_noinst_SCRIPTS) \ +DIST_COMMON = README $(dist_check_DATA) $(dist_check_SCRIPTS) \ $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/acx_pthread.m4 \ - $(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.ac + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = -SCRIPTS = $(dist_noinst_SCRIPTS) SOURCES = DIST_SOURCES = -DATA = $(dist_noinst_DATA) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -82,8 +77,6 @@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ -ICONV_CFLAGS = @ICONV_CFLAGS@ -ICONV_LIBS = @ICONV_LIBS@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ @@ -91,10 +84,8 @@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LD = @LD@ LDFLAGS = @LDFLAGS@ -LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@ -LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@ -LIBASSUAN_LIBS = @LIBASSUAN_LIBS@ LIBOBJS = @LIBOBJS@ +LIBRARY_BITNESS = @LIBRARY_BITNESS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ @@ -119,8 +110,6 @@ OPENSC_VERSION_MINOR = @OPENSC_VERSION_MINOR@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ -OPTIONAL_ICONV_CFLAGS = @OPTIONAL_ICONV_CFLAGS@ -OPTIONAL_ICONV_LIBS = @OPTIONAL_ICONV_LIBS@ OPTIONAL_OPENCT_CFLAGS = @OPTIONAL_OPENCT_CFLAGS@ OPTIONAL_OPENCT_LIBS = @OPTIONAL_OPENCT_LIBS@ OPTIONAL_OPENSSL_CFLAGS = @OPTIONAL_OPENSSL_CFLAGS@ @@ -143,6 +132,8 @@ PCSC_CFLAGS = @PCSC_CFLAGS@ PCSC_LIBS = @PCSC_LIBS@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ @@ -155,10 +146,7 @@ SHELL = @SHELL@ STRIP = @STRIP@ SVN = @SVN@ -TR = @TR@ VERSION = @VERSION@ -WGET = @WGET@ -WGET_OPTS = @WGET_OPTS@ WIN_LIBPREFIX = @WIN_LIBPREFIX@ XSLTPROC = @XSLTPROC@ ZLIB_CFLAGS = @ZLIB_CFLAGS@ @@ -204,11 +192,8 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ -openscincludedir = @openscincludedir@ pdfdir = @pdfdir@ pkcs11dir = @pkcs11dir@ -pkgconfigdir = @pkgconfigdir@ -plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -222,14 +207,14 @@ top_srcdir = @top_srcdir@ xslstylesheetsdir = @xslstylesheetsdir@ MAINTAINERCLEANFILES = $(srcdir)/Makefile.in -dist_noinst_DATA = \ +dist_check_DATA = \ crypt0001 crypt0002 crypt0003 crypt0004 crypt0005 crypt0006 crypt0007 \ init0001 init0002 init0003 init0004 init0005 init0006 \ init0007 init0008 init0009 init0010 init0011 init0012 \ pin0001 pin0002 \ README test.p12 bintest -dist_noinst_SCRIPTS = erase functions run-all +dist_check_SCRIPTS = erase functions run-all all: all-am .SUFFIXES: @@ -242,9 +227,9 @@ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/tests/regression/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/tests/regression/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/tests/regression/Makefile + $(AUTOMAKE) --foreign src/tests/regression/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -307,8 +292,10 @@ fi; \ done check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS) \ + $(dist_check_DATA) check: check-am -all-am: Makefile $(SCRIPTS) $(DATA) +all-am: Makefile installdirs: install: install-am install-exec: install-exec-am @@ -402,7 +389,7 @@ uninstall-am: -.MAKE: install-am install-strip +.MAKE: check-am install-am install-strip .PHONY: all all-am check check-am clean clean-generic clean-libtool \ clean-local distclean distclean-generic distclean-libtool \ diff -Nru opensc-0.11.13/src/tests/regression/README opensc-0.12.1/src/tests/regression/README --- opensc-0.11.13/src/tests/regression/README 2005-12-29 12:36:28.000000000 +0000 +++ opensc-0.12.1/src/tests/regression/README 2011-05-17 17:07:00.000000000 +0000 @@ -14,12 +14,6 @@ key as determined by OpenSC works fine. [If it doesn't please get in contact with us!] - --split-key - For CardOS/M4 - when creating or installing a key intended for - both signing and decryption, pkcs15-init must install a the same - key twice, with different usage labels: one for each usage. This - is called a "split key". - --reader N Use the specified reader diff -Nru opensc-0.11.13/src/tests/sc-test.c opensc-0.12.1/src/tests/sc-test.c --- opensc-0.11.13/src/tests/sc-test.c 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/tests/sc-test.c 2011-05-17 17:07:00.000000000 +0000 @@ -4,14 +4,14 @@ * Common functions for test programs */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #include #include -#include -#include + +#include "common/compat_getopt.h" +#include "libopensc/opensc.h" #include "sc-test.h" sc_context_t *ctx; @@ -77,30 +77,28 @@ } ctx->debug = opt_debug; - if (opt_reader >= ctx->reader_count) { + if (opt_reader >= sc_ctx_get_reader_count(ctx)) { fprintf(stderr, "Illegal reader number.\n" "Only %d reader(s) configured.\n", - ctx->reader_count); + sc_ctx_get_reader_count(ctx)); exit(1); } while (1) { if (opt_reader >= 0) { - rc = sc_detect_card_presence( - ctx->reader[opt_reader], 0); + rc = sc_detect_card_presence(sc_ctx_get_reader(ctx, opt_reader)); printf("Card %s.\n", rc == 1 ? "present" : "absent"); if (rc < 0) return rc; } else { - for (i = rc = 0; rc != 1 && i < ctx->reader_count; i++) - rc = sc_detect_card_presence(ctx->reader[i], 0); + for (i = rc = 0; rc != 1 && i < sc_ctx_get_reader_count(ctx); i++) + rc = sc_detect_card_presence(sc_ctx_get_reader(ctx, opt_reader)); if (rc == 1) opt_reader = i - 1; } if (rc > 0) { - printf("Card detected in reader '%s'\n", - ctx->reader[opt_reader]->name); + printf("Card detected in reader '%s'\n",sc_ctx_get_reader(ctx, opt_reader)->name); break; } if (rc < 0) @@ -114,7 +112,7 @@ printf("Connecting... "); fflush(stdout); - i = sc_connect_card(ctx->reader[opt_reader], 0, &card); + i = sc_connect_card(sc_ctx_get_reader(ctx, opt_reader), &card); if (i != SC_SUCCESS) { printf("Connecting to card failed: %s\n", sc_strerror(i)); return i; @@ -122,7 +120,7 @@ printf("connected.\n"); { char tmp[SC_MAX_ATR_SIZE*3]; - sc_bin_to_hex(card->atr, card->atr_len, tmp, sizeof(tmp) - 1, ':'); + sc_bin_to_hex(card->atr.value, card->atr.len, tmp, sizeof(tmp) - 1, ':'); printf("ATR = %s\n",tmp); } @@ -140,6 +138,6 @@ void sc_test_cleanup(void) { - sc_disconnect_card(card, 0); + sc_disconnect_card(card); sc_release_context(ctx); } diff -Nru opensc-0.11.13/src/tests/sc-test.h opensc-0.12.1/src/tests/sc-test.h --- opensc-0.11.13/src/tests/sc-test.h 2009-12-13 09:14:26.000000000 +0000 +++ opensc-0.12.1/src/tests/sc-test.h 2011-05-17 17:07:00.000000000 +0000 @@ -1,7 +1,7 @@ #ifndef _SC_TEST_H #define _SC_TEST_H -#include +#include "libopensc/pkcs15.h" #ifdef __cplusplus extern "C" { diff -Nru opensc-0.11.13/src/tests/versioninfo.rc opensc-0.12.1/src/tests/versioninfo.rc --- opensc-0.11.13/src/tests/versioninfo.rc 2010-02-16 09:33:32.000000000 +0000 +++ opensc-0.12.1/src/tests/versioninfo.rc 1970-01-01 00:00:00.000000000 +0000 @@ -1,37 +0,0 @@ -/* This file is processed by configure to create versioninfo.rc */ -/* Every component changes OpenSC Test Program to local string */ - -#include - -VS_VERSION_INFO VERSIONINFO - FILEVERSION 2,0,0,0 - PRODUCTVERSION 0,11,13,0 - FILEFLAGSMASK 0x3fL -#ifdef _DEBUG - FILEFLAGS 0x21L -#else - FILEFLAGS 0x20L -#endif - FILEOS 0x40004L - FILETYPE 0x1L - FILESUBTYPE 0x0L -BEGIN - BLOCK "StringFileInfo" - BEGIN - BLOCK "040904b0" - BEGIN - VALUE "Comments", "Provided under the terms of the GNU General Public License (LGPLv2.1+).\0" - VALUE "CompanyName", "OpenSC Project\0" - VALUE "FileDescription", "OpenSC Test Program\0" - VALUE "FileVersion", "2.0.0.0\0" - VALUE "InternalName", "opensc\0" - VALUE "LegalCopyright", "OpenSC Project\0" - VALUE "LegalTrademarks", "\0" - VALUE "PrivateBuild", "\0" - VALUE "ProductName", "opensc\0" - VALUE "ProductVersion", "0,11,13,0\0" - VALUE "SpecialBuild", "\0" - END - END -END - diff -Nru opensc-0.11.13/src/tools/cardos-info opensc-0.12.1/src/tools/cardos-info --- opensc-0.11.13/src/tools/cardos-info 2009-12-13 09:14:26.000000000 +0000 +++ opensc-0.12.1/src/tools/cardos-info 1970-01-01 00:00:00.000000000 +0000 @@ -1,4 +0,0 @@ -#!/bin/sh - -echo "Running cardos-tool --info $*" -exec "$(dirname "$0")"/cardos-tool --info $* diff -Nru opensc-0.11.13/src/tools/cardos-info.bat opensc-0.12.1/src/tools/cardos-info.bat --- opensc-0.11.13/src/tools/cardos-info.bat 2009-12-13 09:14:26.000000000 +0000 +++ opensc-0.12.1/src/tools/cardos-info.bat 1970-01-01 00:00:00.000000000 +0000 @@ -1,4 +0,0 @@ -@echo off - -echo Running cardos-tool --info %1 %2 %3 %4 %5 -"%0\..\cardos-tool" --info %1 %2 %3 %4 %5 diff -Nru opensc-0.11.13/src/tools/cardos-tool.c opensc-0.12.1/src/tools/cardos-tool.c --- opensc-0.11.13/src/tools/cardos-tool.c 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/tools/cardos-tool.c 2011-05-17 17:07:00.000000000 +0000 @@ -21,9 +21,8 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #include #ifdef HAVE_UNISTD_H @@ -36,32 +35,37 @@ #ifdef ENABLE_OPENSSL #include +#include #endif -#include +#include "libopensc/opensc.h" #include "util.h" static const char *app_name = "cardos-tool"; -static int opt_reader = -1, opt_debug = 0, opt_wait = 0; +static int opt_wait = 0; static int verbose = 0; +static char *opt_reader = NULL; static const struct option options[] = { + {"help", 0, NULL, 'h'}, {"info", 0, NULL, 'i'}, {"format", 0, NULL, 'f'}, {"startkey", 1, NULL, 's'}, + {"change-startkey", 1, NULL, 'S'}, {"reader", 1, NULL, 'r'}, {"card-driver", 1, NULL, 'c'}, {"wait", 0, NULL, 'w'}, {"verbose", 0, NULL, 'v'}, - {"debug", 0, NULL, 'd'}, {NULL, 0, NULL, 0} }; static const char *option_help[] = { + "Print this help message", "Print information about this card", "Format this card erasing all content", "Specify startkey for format", + "Change Startkey with given APDU command", "Uses reader number [0]", "Forces the use of driver [auto-detect]", "Wait for a card to be inserted", @@ -79,10 +83,10 @@ if (verbose) { printf("Card ATR:\n"); - util_hex_dump_asc(stdout, card->atr, card->atr_len, -1); + util_hex_dump_asc(stdout, card->atr.value, card->atr.len, -1); } else { char tmp[SC_MAX_ATR_SIZE*3]; - sc_bin_to_hex(card->atr, card->atr_len, tmp, sizeof(tmp) - 1, ':'); + sc_bin_to_hex(card->atr.value, card->atr.len, tmp, sizeof(tmp) - 1, ':'); fprintf(stdout,"%s\n",tmp); } @@ -102,7 +106,7 @@ sc_strerror(r)); return 1; } - if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || opt_debug) { + if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || verbose) { fprintf(stderr, "Received (SW1=0x%02X, SW2=0x%02X)%s\n", apdu.sw1, apdu.sw2, apdu.resplen ? ":" : ""); if (apdu.resplen) @@ -119,7 +123,7 @@ sc_strerror(r)); return 1; } - if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || opt_debug) { + if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || verbose) { fprintf(stderr, "Received (SW1=0x%02X, SW2=0x%02X)%s\n", apdu.sw1, apdu.sw2, apdu.resplen ? ":" : ""); if (apdu.resplen) @@ -143,7 +147,7 @@ sc_strerror(r)); return 1; } - if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || opt_debug) { + if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || verbose) { fprintf(stderr, "Received (SW1=0x%02X, SW2=0x%02X)%s\n", apdu.sw1, apdu.sw2, apdu.resplen ? ":" : ""); if (apdu.resplen) @@ -167,6 +171,8 @@ printf(" (that's CardOS M4.2B)\n"); } else if (apdu.resp[0] == 0xc8 && apdu.resp[1] == 0x0B) { printf(" (that's CardOS M4.2C)\n"); + } else if (apdu.resp[0] == 0xc8 && apdu.resp[1] == 0x0D) { + printf(" (that's CardOS M4.4)\n"); } else { printf(" (unknown Version)\n"); } @@ -179,7 +185,7 @@ sc_strerror(r)); return 1; } - if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00 || opt_debug) { + if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00 || verbose) { fprintf(stderr, "Received (SW1=0x%02X, SW2=0x%02X)%s\n", apdu.sw1, apdu.sw2, apdu.resplen ? ":" : ""); if (apdu.resplen) @@ -213,7 +219,7 @@ sc_strerror(r)); return 1; } - if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || opt_debug) { + if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || verbose) { fprintf(stderr, "Received (SW1=0x%02X, SW2=0x%02X)%s\n", apdu.sw1, apdu.sw2, apdu.resplen ? ":" : ""); if (apdu.resplen) @@ -232,7 +238,7 @@ sc_strerror(r)); return 1; } - if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || opt_debug) { + if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || verbose) { fprintf(stderr, "Received (SW1=0x%02X, SW2=0x%02X)%s\n", apdu.sw1, apdu.sw2, apdu.resplen ? ":" : ""); if (apdu.resplen) @@ -250,7 +256,7 @@ sc_strerror(r)); return 1; } - if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || opt_debug) { + if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || verbose) { fprintf(stderr, "Received (SW1=0x%02X, SW2=0x%02X)%s\n", apdu.sw1, apdu.sw2, apdu.resplen ? ":" : ""); if (apdu.resplen) @@ -274,7 +280,7 @@ sc_strerror(r)); return 1; } - if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || opt_debug) { + if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || verbose) { fprintf(stderr, "Received (SW1=0x%02X, SW2=0x%02X)%s\n", apdu.sw1, apdu.sw2, apdu.resplen ? ":" : ""); if (apdu.resplen) @@ -293,7 +299,7 @@ sc_strerror(r)); return 1; } - if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || opt_debug) { + if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || verbose) { fprintf(stderr, "Received (SW1=0x%02X, SW2=0x%02X)%s\n", apdu.sw1, apdu.sw2, apdu.resplen ? ":" : ""); if (apdu.resplen) @@ -312,7 +318,7 @@ sc_strerror(r)); return 1; } - if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || opt_debug) { + if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || verbose) { fprintf(stderr, "Received (SW1=0x%02X, SW2=0x%02X)%s\n", apdu.sw1, apdu.sw2, apdu.resplen ? ":" : ""); if (apdu.resplen) @@ -330,7 +336,7 @@ sc_strerror(r)); return 1; } - if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || opt_debug) { + if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || verbose) { fprintf(stderr, "Received (SW1=0x%02X, SW2=0x%02X)%s\n", apdu.sw1, apdu.sw2, apdu.resplen ? ":" : ""); if (apdu.resplen) @@ -351,7 +357,7 @@ sc_strerror(r)); return 1; } - if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || opt_debug) { + if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || verbose) { fprintf(stderr, "Unable to determine current DF:\n"); fprintf(stderr, "Received (SW1=0x%02X, SW2=0x%02X)%s\n", apdu.sw1, apdu.sw2, apdu.resplen ? ":" : ""); @@ -367,19 +373,19 @@ } #ifdef ENABLE_OPENSSL -static int cardos_sm4h(unsigned char *in, size_t inlen, unsigned char - *out, size_t outlen, unsigned char *key, size_t keylen) { +static int cardos_sm4h(const unsigned char *in, size_t inlen, unsigned char + *out, size_t outlen, const unsigned char *key, size_t keylen) { /* using a buffer with an APDU, build an SM 4h APDU for cardos */ int plain_lc; /* data size in orig APDU */ - int mac_input_len, enc_input_len; + unsigned int mac_input_len, enc_input_len; unsigned char *mac_input, *enc_input; DES_key_schedule ks_a, ks_b; DES_cblock des_in,des_out; - int i,j; + unsigned int i,j; if (keylen != 16) { - printf("key has wrong size, need 16 bytes, got %d. aborting.\n", + printf("key has wrong size, need 16 bytes, got %zd. aborting.\n", keylen); return 0; } @@ -415,20 +421,20 @@ /* first block: XOR with IV and encrypt with key A IV is 8 bytes 00 */ for (i=0; i < 8; i++) des_in[i] = mac_input[i]^00; - DES_ecb_encrypt(des_in, des_out, &ks_a, 1); + DES_ecb_encrypt(&des_in, &des_out, &ks_a, 1); /* all other blocks: XOR with prev. result and encrypt with key A */ for (j=1; j < (mac_input_len / 8); j++) { for (i=0; i < 8; i++) des_in[i] = mac_input[i+j*8]^des_out[i]; - DES_ecb_encrypt(des_in, des_out, &ks_a, 1); + DES_ecb_encrypt(&des_in, &des_out, &ks_a, 1); } /* now decrypt with key B and encrypt with key A again */ /* (a noop if key A and B are the same, e.g. 8 bytes ff */ for (i=0; i < 8; i++) des_in[i] = des_out[i]; - DES_ecb_encrypt(des_in, des_out, &ks_b, 0); + DES_ecb_encrypt(&des_in, &des_out, &ks_b, 0); for (i=0; i < 8; i++) des_in[i] = des_out[i]; - DES_ecb_encrypt(des_in, des_out, &ks_a, 1); + DES_ecb_encrypt(&des_in, &des_out, &ks_a, 1); /* now we want to enc: * orig APDU data plus mac (8 bytes) plus iso padding (1-8 bytes) */ @@ -466,7 +472,7 @@ for (i=0; i < 8; i++) des_in[i] = enc_input[i] ^ 00; /* encrypt with des2 (tripple des, but using keys A-B-A) */ - DES_ecb2_encrypt(des_in, des_out, &ks_a, &ks_b, 1); + DES_ecb2_encrypt(&des_in, &des_out, &ks_a, &ks_b, 1); /* copy encrypted bytes into output */ for (i=0; i < 8; i++) out[5+i] = des_out[i]; @@ -477,7 +483,7 @@ for (i=0; i < 8; i++) des_in[i] = enc_input[i+j*8] ^ des_out[i]; /* encrypt with des2 (tripple des, but using keys A-B-A) */ - DES_ecb2_encrypt(des_in, des_out, &ks_a, &ks_b, 1); + DES_ecb2_encrypt(&des_in, &des_out, &ks_a, &ks_b, 1); /* copy encrypted bytes into output */ for (i=0; i < 8; i++) out[5+8*j+i] = des_out[i]; @@ -495,7 +501,8 @@ } #endif -static int cardos_format() +#ifdef ENABLE_OPENSSL +static int cardos_format(const char *opt_startkey) { unsigned const char startkey[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, @@ -503,6 +510,15 @@ sc_apdu_t apdu; u8 rbuf[256]; int r; + + if (opt_startkey) { + fprintf(stderr, "startkey option not implemented yet, aborting!\n"); + return 1; + /* TODO: instead validate/parse opt_startkey into startkey */ + /* format would be ii:vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv */ + /* with "ii" the startkey index as hex number and */ + /* "vv" the 16 byte value in hex (32 chars) */ + } if (verbose) { printf ("StartKey:\n"); @@ -529,7 +545,7 @@ sc_strerror(r)); return 1; } - if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || opt_debug) { + if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || verbose) { fprintf(stderr, "Received (SW1=0x%02X, SW2=0x%02X)%s\n", apdu.sw1, apdu.sw2, apdu.resplen ? ":" : ""); if (apdu.resplen) @@ -542,8 +558,9 @@ } if ((rbuf[0] != 0xc8 || rbuf[1] != 0x09) && /* M4.2B */ (rbuf[0] != 0xc8 || rbuf[1] != 0x08) && /* M4.3B */ - (rbuf[0] != 0xc8 || rbuf[1] != 0x0B)) { /* M4.2C */ - printf("currently only CardOS M4.2B, M4.2C and M4.3B are supported, aborting\n"); + (rbuf[0] != 0xc8 || rbuf[1] != 0x0B) && /* M4.2C */ + (rbuf[0] != 0xc8 || rbuf[1] != 0x0D)) { /* M4.4 */ + printf("currently only CardOS M4.2B, M4.2C, M4.3B and M4.4 are supported, aborting\n"); return 1; } @@ -567,7 +584,7 @@ sc_strerror(r)); return 1; } - if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || opt_debug) { + if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || verbose) { fprintf(stderr, "Received (SW1=0x%02X, SW2=0x%02X)%s\n", apdu.sw1, apdu.sw2, apdu.resplen ? ":" : ""); if (apdu.resplen) @@ -575,19 +592,19 @@ return 1; } if (apdu.resplen < 0x04) { - printf("expected 4-6 bytes form GET DATA for startkey data, but got only %ld\n", apdu.resplen); + printf("expected 4-6 bytes form GET DATA for startkey data, but got only %u\n", apdu.resplen); printf("aborting\n"); return 1; } - if (apdu.resp[3] =! 0xff) { - printf("startkey version is 0x%02x, currently we support only 0xff\n", (int) apdu.resp[3]); + if (apdu.resp[2] != 0xff) { + printf("startkey version is 0x%02x, currently we support only 0xff\n", (int) apdu.resp[2]); printf("aborting\n"); return 1; } - if (apdu.resp[2] < 5) { - printf("startkey has only %d tries left. to be safe: aborting\n", apdu.resp[4]); + if (apdu.resp[3] < 5) { + printf("startkey has only %d tries left. to be safe: aborting\n", apdu.resp[3]); return 1; } @@ -613,7 +630,7 @@ sc_strerror(r)); return 1; } - if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || opt_debug) { + if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || verbose) { fprintf(stderr, "Received (SW1=0x%02X, SW2=0x%02X)%s\n", apdu.sw1, apdu.sw2, apdu.resplen ? ":" : ""); if (apdu.resplen) @@ -664,7 +681,7 @@ sc_strerror(r)); return 1; } - if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || opt_debug) { + if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || verbose) { fprintf(stderr, "Received (SW1=0x%02X, SW2=0x%02X)%s\n", apdu.sw1, apdu.sw2, apdu.resplen ? ":" : ""); if (apdu.resplen) @@ -690,7 +707,7 @@ sc_strerror(r)); return 1; } - if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || opt_debug) { + if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || verbose) { fprintf(stderr, "Received (SW1=0x%02X, SW2=0x%02X)%s\n", apdu.sw1, apdu.sw2, apdu.resplen ? ":" : ""); if (apdu.resplen) @@ -727,7 +744,7 @@ sc_strerror(r)); return 1; } - if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || opt_debug) { + if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || verbose) { fprintf(stderr, "Received (SW1=0x%02X, SW2=0x%02X)%s\n", apdu.sw1, apdu.sw2, apdu.resplen ? ":" : ""); if (apdu.resplen) @@ -743,7 +760,6 @@ -#ifdef ENABLE_OPENSSL /* now we need to erase the card. Our command is: * ERASE FILES 84 06 00 00 * but it needs to be send using SM 4h mode (signed and enc.) @@ -772,7 +788,7 @@ sc_strerror(r)); return 1; } - if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || opt_debug) { + if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || verbose) { fprintf(stderr, "Received (SW1=0x%02X, SW2=0x%02X)%s\n", apdu.sw1, apdu.sw2, apdu.resplen ? ":" : ""); if (apdu.resplen) @@ -826,7 +842,7 @@ sc_strerror(r)); return 1; } - if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || opt_debug) { + if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || verbose) { fprintf(stderr, "Received (SW1=0x%02X, SW2=0x%02X)%s\n", apdu.sw1, apdu.sw2, apdu.resplen ? ":" : ""); if (apdu.resplen) @@ -835,33 +851,245 @@ } } return 0; -# else -erase_state: - printf("this code needs to be compiled with openssl support enabled.\n"); - printf("aborting\n"); +} +# else /* ENABLE_OPENSSL */ +static int cardos_format(const char *opt_startkey) +{ + printf("Formatting CardOS cards requires OpenSC built with OpenSSL.\n"); + printf("Aborting\n"); return 1; -#endif /* ENABLE_OPENSSL */ } +#endif /* ENABLE_OPENSSL */ +#ifdef ENABLE_OPENSSL +static int cardos_change_startkey(const char *change_startkey_apdu) +{ + #define MAX_APDU 60 + unsigned char cardos_version[2]; + unsigned char apdu_bin[MAX_APDU]; + size_t apdu_len=MAX_APDU; + unsigned char checksum[SHA_DIGEST_LENGTH]; + + static const unsigned char cardos_43b_checksum[SHA_DIGEST_LENGTH] = + { 0x5C, 0xD6, 0x8C, 0x2C, 0x24, 0x77, 0x3C, 0xDC, + 0x93, 0x73, 0xD8, 0x4B, 0x47, 0x29, 0x19, 0x70, + 0x9F, 0xA2, 0x42, 0xB4 }; + sc_apdu_t apdu; + u8 rbuf[256]; + int r; + + if (verbose) { + printf ("Change StartKey APDU:\n"); + util_hex_dump_asc(stdout, (unsigned char *)change_startkey_apdu, + strlen(change_startkey_apdu), -1); + } + + /* use GET DATA for version - 00 ca 01 82 + * returns e.g. c8 09 for 4.2B + */ + + memset(&apdu, 0, sizeof(apdu)); + apdu.cla = 0x00; + apdu.ins = 0xca; + apdu.p1 = 0x01; + apdu.p2 = 0x82; + apdu.resp = rbuf; + apdu.resplen = sizeof(rbuf); + apdu.lc = 0; + apdu.le = 256; + apdu.cse = SC_APDU_CASE_2_SHORT; + r = sc_transmit_apdu(card, &apdu); + if (r) { + fprintf(stderr, "APDU transmit failed: %s\n", + sc_strerror(r)); + return 1; + } + if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || verbose) { + fprintf(stderr, "Received (SW1=0x%02X, SW2=0x%02X)%s\n", + apdu.sw1, apdu.sw2, apdu.resplen ? ":" : ""); + if (apdu.resplen) + util_hex_dump_asc(stdout, apdu.resp, apdu.resplen, -1); + return 1; + } + if (apdu.resplen != 0x02) { + printf("did not receive version info, aborting\n"); + return 1; + } + + /* check all supported versions here. need a checksum check + for each of them below */ + if ( (rbuf[0] != 0xc8 || rbuf[1] != 0x08) ) { /* M4.3B */ + printf("currently only CardOS M4.01, M4.2B, M4.2C and M4.3B are supported, aborting\n"); + return 1; + } + cardos_version[0] = rbuf[0]; + cardos_version[1] = rbuf[1]; + + /* GET DATA for startkey index - 00 ca 01 96 + * returns 6 bytes PackageLoadKey.Version, PackageLoadKey.Retry + * Startkey.Version, Startkey.Retry, 2 internal data byes */ + + memset(&apdu, 0, sizeof(apdu)); + apdu.cla = 0x00; + apdu.ins = 0xca; + apdu.p1 = 0x01; + apdu.p2 = 0x96; + apdu.resp = rbuf; + apdu.resplen = sizeof(rbuf); + apdu.lc = 0; + apdu.le = 256; + apdu.cse = SC_APDU_CASE_2_SHORT; + r = sc_transmit_apdu(card, &apdu); + if (r) { + fprintf(stderr, "APDU transmit failed: %s\n", + sc_strerror(r)); + return 1; + } + if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || verbose) { + fprintf(stderr, "Received (SW1=0x%02X, SW2=0x%02X)%s\n", + apdu.sw1, apdu.sw2, apdu.resplen ? ":" : ""); + if (apdu.resplen) + util_hex_dump_asc(stdout, apdu.resp, apdu.resplen, -1); + return 1; + } + if (apdu.resplen < 0x04) { + printf("expected 4-6 bytes form GET DATA for startkey data, but got only %u\n", apdu.resplen); + printf("aborting\n"); + return 1; + } + + if (apdu.resp[2] != 0x00) { + printf("startkey version is 0x%02x, currently we support only 0x00\n", (int) apdu.resp[3]); + printf("aborting\n"); + return 1; + } + + if (apdu.resp[3] < 5) { + printf("startkey has only %d tries left. to be safe: aborting\n", apdu.resp[3]); + return 1; + } + + /* now check if the correct APDU was passed */ + if (sc_hex_to_bin(change_startkey_apdu, apdu_bin, &apdu_len) != 0) { + printf("can't convert startkey apdu to binary format: aborting\n"); + return 1; + } + SHA1(apdu_bin, apdu_len, checksum); + + if (cardos_version[0] == 0xc8 && cardos_version[1] == 0x08) { + if (memcmp(checksum, cardos_43b_checksum, SHA_DIGEST_LENGTH) != 0) { + printf("change startkey apdu is wrong, checksum doesn't match\n"); + util_hex_dump_asc(stdout, checksum, SHA_DIGEST_LENGTH, -1); + util_hex_dump_asc(stdout, cardos_43b_checksum, SHA_DIGEST_LENGTH, -1); + printf("aborting\n"); + return 1; + } + goto change_startkey; + } + + printf("checksum for your card not yet implemented, aborting\n"); + return 1; + +change_startkey: + /* run change startkey apdu */ + + memset(&apdu, 0, sizeof(apdu)); + apdu.cla = apdu_bin[0]; + apdu.ins = apdu_bin[1]; + apdu.p1 = apdu_bin[2]; + apdu.p2 = apdu_bin[3]; + apdu.lc = apdu_bin[4]; + apdu.data = &apdu_bin[5]; + apdu.datalen = apdu.lc; + apdu.resp = 00; + apdu.le = 00; + apdu.cse = SC_APDU_CASE_3_SHORT; + r = sc_transmit_apdu(card, &apdu); + if (r) { + fprintf(stderr, "APDU transmit failed: %s\n", + sc_strerror(r)); + return 1; + } + if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || verbose) { + fprintf(stderr, "Received (SW1=0x%02X, SW2=0x%02X)%s\n", + apdu.sw1, apdu.sw2, apdu.resplen ? ":" : ""); + if (apdu.resplen) + util_hex_dump_asc(stdout, apdu.resp, apdu.resplen, -1); + return 1; + } + + printf("change startkey command issued with success\n"); + + /* GET DATA for startkey index - 00 ca 01 96 + * returns 6 bytes PackageLoadKey.Version, PackageLoadKey.Retry + * Startkey.Version, Startkey.Retry, 2 internal data byes */ + + memset(&apdu, 0, sizeof(apdu)); + apdu.cla = 0x00; + apdu.ins = 0xca; + apdu.p1 = 0x01; + apdu.p2 = 0x96; + apdu.resp = rbuf; + apdu.resplen = sizeof(rbuf); + apdu.lc = 0; + apdu.le = 256; + apdu.cse = SC_APDU_CASE_2_SHORT; + r = sc_transmit_apdu(card, &apdu); + if (r) { + fprintf(stderr, "APDU transmit failed: %s\n", + sc_strerror(r)); + return 1; + } + if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || verbose) { + fprintf(stderr, "Received (SW1=0x%02X, SW2=0x%02X)%s\n", + apdu.sw1, apdu.sw2, apdu.resplen ? ":" : ""); + if (apdu.resplen) + util_hex_dump_asc(stdout, apdu.resp, apdu.resplen, -1); + return 1; + } + if (apdu.resplen < 0x04) { + printf("expected 4-6 bytes form GET DATA for startkey data, but got only %u\n", apdu.resplen); + printf("aborting\n"); + return 1; + } + + if (apdu.resp[2] != 0xff) { + printf("startkey version is 0x%02x, should have been changed to 0xff.\n", apdu.resp[2]); + printf("aborting\n"); + return 1; + } + + printf("startkey is now 0xff, success!\n"); + return 0; +} +# else /* ENABLE_OPENSSL */ +static int cardos_change_startkey(const char *change_startkey_apdu) { + fprintf(stderr, "Changing the startkey requires OpenSC built with OpenSSL.\n"); + fprintf(stderr, "Aborting\n"); + return 1; +} +#endif int main(int argc, char *const argv[]) { int err = 0, r, c, long_optind = 0; int do_info = 0; int do_format = 0; + int do_change_startkey = 0; int action_count = 0; const char *opt_driver = NULL; const char *opt_startkey = NULL; + const char *opt_change_startkey = NULL; sc_context_param_t ctx_param; while (1) { - c = getopt_long(argc, argv, "ifs:r:vdc:w", options, + c = getopt_long(argc, argv, "hifs:r:vdc:wS:", options, &long_optind); if (c == -1) break; switch (c) { case 'h': - case '?': + printf("NB! This tool is only for Siemens CardOS based cards!\n\n"); util_print_usage_and_die(app_name, options, option_help); case 'i': do_info = 1; @@ -874,15 +1102,17 @@ case 's': opt_startkey = optarg; break; + case 'S': + do_change_startkey = 1; + opt_change_startkey = optarg; + action_count++; + break; case 'r': - opt_reader = atoi(optarg); + opt_reader = optarg; break; case 'v': verbose++; break; - case 'd': - opt_debug++; - break; case 'c': opt_driver = optarg; break; @@ -902,8 +1132,12 @@ sc_strerror(r)); return 1; } - if (opt_debug) - ctx->debug = opt_debug; + + if (verbose > 1) { + ctx->debug = verbose; + sc_ctx_log_to_file(ctx, "stderr"); + } + if (opt_driver != NULL) { err = sc_set_card_driver(ctx, opt_driver); if (err) { @@ -914,7 +1148,7 @@ } } - err = util_connect_card(ctx, &card, opt_reader, 0, opt_wait, verbose); + err = util_connect_card(ctx, &card, opt_reader, opt_wait, verbose); if (err) goto end; @@ -924,6 +1158,12 @@ } action_count--; } + if (do_change_startkey) { + if ((err = cardos_change_startkey(opt_change_startkey))) { + goto end; + } + action_count--; + } if (do_format) { if ((err = cardos_format(opt_startkey))) { goto end; @@ -933,7 +1173,7 @@ end: if (card) { sc_unlock(card); - sc_disconnect_card(card, 0); + sc_disconnect_card(card); } if (ctx) sc_release_context(ctx); diff -Nru opensc-0.11.13/src/tools/cryptoflex-tool.c opensc-0.12.1/src/tools/cryptoflex-tool.c --- opensc-0.11.13/src/tools/cryptoflex-tool.c 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/tools/cryptoflex-tool.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,21 +18,22 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #include #include #include #include -#include -#include + +#include "libopensc/pkcs15.h" +#include "common/compat_strlcpy.h" #include "util.h" static const char *app_name = "cryptoflex-tool"; -static int opt_reader = 0; +static char * opt_reader = NULL; +static int opt_wait = 0; static int opt_key_num = 1, opt_pin_num = -1; static int verbose = 0; static int opt_exponent = 3; @@ -58,6 +59,7 @@ { "exponent", 1, NULL, 'e' }, { "modulus-length", 1, NULL, 'm' }, { "reader", 1, NULL, 'r' }, + { "wait", 0, NULL, 'w' }, { "verbose", 0, NULL, 'v' }, { NULL, 0, NULL, 0 } }; @@ -75,7 +77,8 @@ "Public key file", "The RSA exponent to use in key generation [3]", "Modulus length to use in key generation [1024]", - "Uses reader number [0]", + "Uses reader ", + "Wait for card insertion", "Verbose operation. Use several times to enable debug output.", }; @@ -96,7 +99,7 @@ pass[i] = 0; if (strlen(pass) == 0) return NULL; - buf = (char *) malloc(8); + buf = malloc(8); if (buf == NULL) return NULL; if (strlen(pass) > 8) { @@ -190,41 +193,6 @@ return r; } -#if 0 - -int mont(RSA *rsa, u8 *j0) -{ - BIGNUM Ri, RR, Ni; - BN_CTX *bn_ctx = BN_CTX_new(); - int num_bits = BN_num_bits(rsa->n); - u8 tmp[512]; - - BN_init(&Ri); - BN_init(&RR); - BN_init(&Ni); - BN_zero(&RR); - BN_set_bit(&RR, num_bits); - if ((BN_mod_inverse(&Ri, &RR, rsa->n, bn_ctx)) == NULL) { - fprintf(stderr, "BN_mod_inverse() failed.\n"); - return -1; - } - BN_lshift(&Ri, &Ri, num_bits); - BN_sub_word(&Ri, 1); - BN_div(&Ni, NULL, &Ri, rsa->n, bn_ctx); - - bn2cf(&Ni, tmp); - memcpy(j0, tmp, BN_num_bytes(&Ni)/2); - printf("Ni from SSL:\n"); - util_hex_dump_asc(stdout, tmp, BN_num_bytes(&Ni), -1); - - BN_free(&Ri); - BN_free(&RR); - BN_free(&Ni); - return 0; -} - -#endif - static int parse_public_key(const u8 *key, size_t keysize, RSA *rsa) { const u8 *p = key; @@ -781,11 +749,7 @@ memcpy(p, bnbuf, 2*base); p += 2*base; -#if 0 - mont(rsa, p); /* j0 */ -#else memset(p, 0, base); -#endif p += base; memset(bnbuf, 0, 2*base); @@ -882,65 +846,6 @@ return 0; } -#if 0 -static int create_file(sc_file_t *file) -{ - sc_path_t path; - int r; - - path = file->path; - if (path.len < 2) - return SC_ERROR_INVALID_ARGUMENTS; - ctx->suppress_errors++; - r = sc_select_file(card, &path, NULL); - ctx->suppress_errors--; - if (r == 0) - return 0; /* File already exists */ - path.len -= 2; - r = sc_select_file(card, &path, NULL); - if (r) { - fprintf(stderr, "Unable to select parent DF: %s", sc_strerror(r)); - return r; - } - file->id = (path.value[path.len] << 8) | (path.value[path.len+1] & 0xFF); - r = sc_create_file(card, file); - if (r) - return r; - r = sc_select_file(card, &file->path, NULL); - if (r) { - fprintf(stderr, "Unable to select created file: %s\n", sc_strerror(r)); - return r; - } - return 0; -} -#endif - -#if 0 -static int create_app_df(sc_path_t *path, size_t size) -{ - sc_file_t *file; - int i; - - file = sc_file_new(); - - file->type = SC_FILE_TYPE_DF; - file->size = size; - file->path = *path; - - sc_file_add_acl_entry(file, SC_AC_OP_LIST_FILES, SC_AC_NONE, SC_AC_KEY_REF_NONE); - sc_file_add_acl_entry(file, SC_AC_OP_CREATE, SC_AC_CHV, 2); - sc_file_add_acl_entry(file, SC_AC_OP_DELETE, SC_AC_CHV, 2); - sc_file_add_acl_entry(file, SC_AC_OP_INVALIDATE, SC_AC_CHV, 2); - sc_file_add_acl_entry(file, SC_AC_OP_REHABILITATE, SC_AC_CHV, 2); - - file->status = SC_FILE_STATUS_ACTIVATED; - - i = create_file(file); - sc_file_free(file); - return i; -} -#endif - static int create_pin_file(const sc_path_t *inpath, int chv, const char *key_id) { char prompt[40], *pin, *puk; @@ -962,57 +867,22 @@ r = sc_select_file(card, inpath, NULL); if (r) return -1; - sc_ctx_suppress_errors_on(ctx); r = sc_select_file(card, &file_id, NULL); - sc_ctx_suppress_errors_off(ctx); if (r == 0) return 0; - for (;;) { -#if 0 - char *tmp = NULL; -#endif - sprintf(prompt, "Please enter CHV%d%s: ", chv, key_id); - pin = getpin(prompt); - if (pin == NULL) - return -1; -#if 0 - sprintf(prompt, "Please enter CHV%d%s again: ", chv, key_id); - tmp = getpin(prompt); - if (tmp == NULL) - return -1; - if (memcmp(pin, tmp, 8) != 0) { - free(pin); - free(tmp); - continue; - } - free(tmp); -#endif - break; - } - for (;;) { -#if 0 - char *tmp = NULL; -#endif - sprintf(prompt, "Please enter PUK for CHV%d%s: ", chv, key_id); - puk = getpin(prompt); - if (puk == NULL) { - free(pin); - return -1; - } -#if 0 - sprintf(prompt, "Please enter PUK for CHV%d%s again: ", chv, key_id); - tmp = getpin(prompt); - if (tmp == NULL) - return -1; - if (memcmp(puk, tmp, 8) != 0) { - free(puk); - free(tmp); - continue; - } - free(tmp); -#endif - break; + + sprintf(prompt, "Please enter CHV%d%s: ", chv, key_id); + pin = getpin(prompt); + if (pin == NULL) + return -1; + + sprintf(prompt, "Please enter PUK for CHV%d%s: ", chv, key_id); + puk = getpin(prompt); + if (puk == NULL) { + free(pin); + return -1; } + memset(p, 0xFF, 3); p += 3; memcpy(p, pin, 8); @@ -1091,11 +961,10 @@ int do_list_keys = 0; int do_store_key = 0; int do_create_pin_file = 0; - sc_reader_t *screader= NULL; sc_context_param_t ctx_param; while (1) { - c = getopt_long(argc, argv, "P:Vslgc:Rk:r:p:u:e:m:va:", options, &long_optind); + c = getopt_long(argc, argv, "P:Vslgc:Rk:r:p:u:e:m:vwa:", options, &long_optind); if (c == -1) break; if (c == '?') @@ -1150,11 +1019,14 @@ opt_pubkeyf = optarg; break; case 'r': - opt_reader = atoi(optarg); + opt_reader = optarg; break; case 'v': verbose++; break; + case 'w': + opt_wait = 1; + break; case 'a': opt_appdf = optarg; break; @@ -1172,38 +1044,15 @@ fprintf(stderr, "Failed to establish context: %s\n", sc_strerror(r)); return 1; } - if (verbose > 1) - ctx->debug = verbose-1; - if (opt_reader >= (int)sc_ctx_get_reader_count(ctx) || opt_reader < 0) { - fprintf(stderr, "Illegal reader number. Only %d reader(s) configured.\n", sc_ctx_get_reader_count(ctx)); - err = 1; - goto end; - } - screader = sc_ctx_get_reader(ctx, opt_reader); - if (screader == NULL) { - err = 1; - goto end; - } - if (sc_detect_card_presence(screader, 0) <= 0) { - fprintf(stderr, "Card not present.\n"); - err = 3; - goto end; - } - if (verbose) - fprintf(stderr, "Connecting to card in reader %s...\n", screader->name); - r = sc_connect_card(screader, 0, &card); - if (r) { - fprintf(stderr, "Failed to connect to card: %s\n", sc_strerror(r)); - err = 1; - goto end; + + if (verbose > 1) { + ctx->debug = verbose; + sc_ctx_log_to_file(ctx, "stderr"); } + + err = util_connect_card(ctx, &card, opt_reader, opt_wait, verbose); printf("Using card driver: %s\n", card->driver->name); - r = sc_lock(card); - if (r) { - fprintf(stderr, "Unable to lock card: %s\n", sc_strerror(r)); - err = 1; - goto end; - } + if (do_create_pin_file) { if ((err = create_pin()) != 0) goto end; @@ -1241,7 +1090,7 @@ end: if (card) { sc_unlock(card); - sc_disconnect_card(card, 0); + sc_disconnect_card(card); } if (ctx) sc_release_context(ctx); diff -Nru opensc-0.11.13/src/tools/eidenv.c opensc-0.12.1/src/tools/eidenv.c --- opensc-0.11.13/src/tools/eidenv.c 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/tools/eidenv.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,34 +18,35 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #ifndef _WIN32 #include #endif #include -#include #include -#include -#include -#include "util.h" -#include "../libopensc/cards.h" -#include "../libopensc/esteid.h" +#include "common/compat_getopt.h" +#include "libopensc/opensc.h" +#include "libopensc/asn1.h" +#include "libopensc/cards.h" +#include "libopensc/esteid.h" +#include "util.h" -static int reader_num = 0; +static char *opt_reader = NULL; static int stats = 0; +static int opt_wait = 0; static char *exec_program = NULL; static int exit_status = EXIT_FAILURE; static const struct option options[] = { {"reader", required_argument, NULL, 'r'}, - {"print", no_argument, NULL, 'n'}, + {"print", no_argument, NULL, 'p'}, {"exec", required_argument, NULL, 'x'}, {"stats", no_argument, NULL, 't'}, {"help", no_argument, NULL, 'h'}, + {"wait", no_argument, NULL, 'w'}, {"version", no_argument, NULL, 'V'}, {NULL, 0, NULL, 0} }; @@ -82,8 +83,8 @@ fprintf(stderr, "eidenv - EstEID utility version " PACKAGE_VERSION "\n" "\n" - "Copyright (c) 2004 Martin Paljak \n" - "Licensed under GPL v2\n"); + "Copyright (c) 2004 Martin Paljak \n" + "Licensed under LGPL v2\n"); } static void show_help(void) @@ -93,7 +94,8 @@ "-h --help - show this text and exit\n" "-v --version - show version and exit\n" "-r --reader - the reader to use\n" - "-n --print - print the datafile\n" + "-w --wait - wait for a card to be inserted\n" + "-p --print - print the datafile\n" "-t --stats - show usage counts of keys\n" "-x --exec - execute a program with data in env vars.\n"); } @@ -102,11 +104,11 @@ { int c; - while ((c = getopt_long(argc, argv,"ptr:x:hV", options, (int *) 0)) != EOF) { + while ((c = getopt_long(argc, argv,"pwtr:x:hV", options, (int *) 0)) != EOF) { switch (c) { case 'r': - reader_num = atoi(optarg); + opt_reader = optarg; break; case 't': stats = !stats; @@ -120,7 +122,10 @@ show_help(); exit(EXIT_SUCCESS); break; - case 'n': + case 'p': + break; + case 'w': + opt_wait = 1; break; case 'V': show_version(); @@ -375,7 +380,6 @@ { sc_context_t *ctx = NULL; sc_context_param_t ctx_param; - sc_reader_t *reader = NULL; sc_card_t *card = NULL; int r; @@ -393,26 +397,14 @@ sc_strerror(r)); return 1; } - if (reader_num > (int)sc_ctx_get_reader_count(ctx)) { - fprintf(stderr, "Illegal reader number. Only %d reader(s) configured.\n", sc_ctx_get_reader_count(ctx)); - return 1; - } - reader = sc_ctx_get_reader(ctx, (unsigned int)reader_num); - - r = sc_connect_card(reader, 0, &card); + r = util_connect_card(ctx, &card, opt_reader, opt_wait, 0); if (r) { fprintf(stderr, "Failed to connect to card: %s\n", sc_strerror(r)); return 1; } - r = sc_lock(card); - if (r) { - fprintf(stderr, "Failed to lock card: %s\n", sc_strerror(r)); - return 1; - } - /* Check card type */ - if (card->type == SC_CARD_TYPE_MCRD_ESTEID) + if (card->type == SC_CARD_TYPE_MCRD_ESTEID_V10 || card->type == SC_CARD_TYPE_MCRD_ESTEID_V11 || card->type == SC_CARD_TYPE_MCRD_ESTEID_V30) do_esteid(card); else if (card->type == SC_CARD_TYPE_BELPIC_EID) do_belpic(card); @@ -422,12 +414,10 @@ } if (exec_program) { - const char *largv[2]; + char *const largv[] = {exec_program, NULL}; sc_unlock(card); - sc_disconnect_card(card, 0); + sc_disconnect_card(card); sc_release_context(ctx); - largv[0] = exec_program; - largv[1] = NULL; execv(exec_program, largv); /* we should not get here */ perror("execv()"); @@ -436,7 +426,7 @@ out: sc_unlock(card); - sc_disconnect_card(card, 0); + sc_disconnect_card(card); sc_release_context(ctx); exit(exit_status); } diff -Nru opensc-0.11.13/src/tools/Makefile.am opensc-0.12.1/src/tools/Makefile.am --- opensc-0.11.13/src/tools/Makefile.am 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/tools/Makefile.am 2011-05-17 17:07:00.000000000 +0000 @@ -1,25 +1,20 @@ include $(top_srcdir)/win32/ltrc.inc -MAINTAINERCLEANFILES = \ - $(srcdir)/Makefile.in $(srcdir)/versioninfo.rc -CLEANFILES = versioninfo.rc +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in EXTRA_DIST = Makefile.mak noinst_HEADERS = util.h bin_PROGRAMS = opensc-tool opensc-explorer pkcs15-tool pkcs15-crypt \ - pkcs11-tool cardos-tool eidenv rutoken-tool + pkcs11-tool cardos-tool eidenv if ENABLE_OPENSSL bin_PROGRAMS += cryptoflex-tool pkcs15-init netkey-tool piv-tool westcos-tool endif -dist_bin_SCRIPTS = cardos-info -if WIN32 -dist_bin_SCRIPTS += cardos-info.bat -endif -AM_CFLAGS = $(OPTIONAL_OPENSSL_CFLAGS) $(OPTIONAL_READLINE_CFLAGS) -INCLUDES = -I$(top_srcdir)/src/common -I$(top_builddir)/src/include -LIBS = $(top_builddir)/src/libopensc/libopensc.la \ - $(top_builddir)/src/common/libcompat.la +# compile with $(PTHREAD_CFLAGS) to allow debugging with gdb +AM_CFLAGS = $(OPTIONAL_OPENSSL_CFLAGS) $(OPTIONAL_READLINE_CFLAGS) $(PTHREAD_CFLAGS) +INCLUDES = -I$(top_srcdir)/src +LIBS = $(top_builddir)/src/common/libcompat.la \ + $(top_builddir)/src/libopensc/libopensc.la opensc_tool_SOURCES = opensc-tool.c util.c piv_tool_SOURCES = piv-tool.c util.c @@ -29,42 +24,33 @@ pkcs15_tool_SOURCES = pkcs15-tool.c util.c pkcs15_tool_LDADD = $(OPTIONAL_OPENSSL_LIBS) pkcs11_tool_SOURCES = pkcs11-tool.c util.c -pkcs11_tool_LDADD = $(OPTIONAL_OPENSSL_LIBS) \ - $(top_builddir)/src/pkcs11/libpkcs11.la +pkcs11_tool_LDADD = $(OPTIONAL_OPENSSL_LIBS) $(LTLIB_LIBS) \ + $(top_builddir)/src/common/libpkcs11.la pkcs15_crypt_SOURCES = pkcs15-crypt.c util.c pkcs15_crypt_LDADD = $(OPTIONAL_OPENSSL_LIBS) cryptoflex_tool_SOURCES = cryptoflex-tool.c util.c cryptoflex_tool_LDADD = $(OPTIONAL_OPENSSL_LIBS) pkcs15_init_SOURCES = pkcs15-init.c util.c -pkcs15_init_LDADD = $(OPTIONAL_OPENSSL_LIBS) \ - $(top_builddir)/src/pkcs15init/libpkcs15init.la +pkcs15_init_LDADD = $(OPTIONAL_OPENSSL_LIBS) cardos_tool_SOURCES = cardos-tool.c util.c -eidenv_SOURCES = eidenv.c +cardos_tool_LDADD = $(OPTIONAL_OPENSSL_LIBS) +eidenv_SOURCES = eidenv.c util.c netkey_tool_SOURCES = netkey-tool.c netkey_tool_LDADD = $(OPTIONAL_OPENSSL_LIBS) -rutoken_tool_SOURCES = rutoken-tool.c util.c -rutoken_tool_LDADD = $(OPTIONAL_OPENSSL_LIBS) -westcos_tool_SOURCES = westcos-tool.c +westcos_tool_SOURCES = westcos-tool.c util.c westcos_tool_LDADD = $(OPTIONAL_OPENSSL_LIBS) if WIN32 -opensc_tool_SOURCES += versioninfo.rc -piv_tool_SOURCES += versioninfo.rc -opensc_explorer_SOURCES += versioninfo.rc -pkcs15_tool_SOURCES += versioninfo.rc -pkcs11_tool_SOURCES += versioninfo.rc -pkcs15_crypt_SOURCES += versioninfo.rc -cryptoflex_tool_SOURCES += versioninfo.rc -pkcs15_init_SOURCES += versioninfo.rc -cardos_tool_SOURCES += versioninfo.rc -eidenv_SOURCES += versioninfo.rc -netkey_tool_SOURCES += versioninfo.rc -rutoken_tool_SOURCES += versioninfo.rc -westcos_tool_SOURCES += versioninfo.rc -else -dist_noinst_DATA = versioninfo.rc +opensc_tool_SOURCES += $(top_builddir)/win32/versioninfo.rc +piv_tool_SOURCES += $(top_builddir)/win32/versioninfo.rc +opensc_explorer_SOURCES += $(top_builddir)/win32/versioninfo.rc +pkcs15_tool_SOURCES += $(top_builddir)/win32/versioninfo.rc +pkcs11_tool_SOURCES += $(top_builddir)/win32/versioninfo.rc +pkcs15_crypt_SOURCES += $(top_builddir)/win32/versioninfo.rc +cryptoflex_tool_SOURCES += $(top_builddir)/win32/versioninfo.rc +pkcs15_init_SOURCES += $(top_builddir)/win32/versioninfo.rc +cardos_tool_SOURCES += $(top_builddir)/win32/versioninfo.rc +eidenv_SOURCES += $(top_builddir)/win32/versioninfo.rc +netkey_tool_SOURCES += $(top_builddir)/win32/versioninfo.rc +westcos_tool_SOURCES += $(top_builddir)/win32/versioninfo.rc endif - -versioninfo.rc: - sed 's/@@FILE_DESCRIPTION@@/OpenSC Utility/g' \ - "$(top_builddir)/win32/versioninfo.rc.in" > versioninfo.rc diff -Nru opensc-0.11.13/src/tools/Makefile.in opensc-0.12.1/src/tools/Makefile.in --- opensc-0.11.13/src/tools/Makefile.in 2010-02-16 09:32:19.000000000 +0000 +++ opensc-0.12.1/src/tools/Makefile.in 2011-05-18 05:51:48.000000000 +0000 @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -18,8 +18,6 @@ # Required to build Windows resource file - - VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ @@ -39,36 +37,31 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -DIST_COMMON = $(am__dist_bin_SCRIPTS_DIST) \ - $(am__dist_noinst_DATA_DIST) $(noinst_HEADERS) \ - $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ - $(top_srcdir)/win32/ltrc.inc +DIST_COMMON = $(noinst_HEADERS) $(srcdir)/Makefile.am \ + $(srcdir)/Makefile.in $(top_srcdir)/win32/ltrc.inc bin_PROGRAMS = opensc-tool$(EXEEXT) opensc-explorer$(EXEEXT) \ pkcs15-tool$(EXEEXT) pkcs15-crypt$(EXEEXT) \ pkcs11-tool$(EXEEXT) cardos-tool$(EXEEXT) eidenv$(EXEEXT) \ - rutoken-tool$(EXEEXT) $(am__EXEEXT_1) + $(am__EXEEXT_1) @ENABLE_OPENSSL_TRUE@am__append_1 = cryptoflex-tool pkcs15-init netkey-tool piv-tool westcos-tool -@WIN32_TRUE@am__append_2 = cardos-info.bat -@WIN32_TRUE@am__append_3 = versioninfo.rc -@WIN32_TRUE@am__append_4 = versioninfo.rc -@WIN32_TRUE@am__append_5 = versioninfo.rc -@WIN32_TRUE@am__append_6 = versioninfo.rc -@WIN32_TRUE@am__append_7 = versioninfo.rc -@WIN32_TRUE@am__append_8 = versioninfo.rc -@WIN32_TRUE@am__append_9 = versioninfo.rc -@WIN32_TRUE@am__append_10 = versioninfo.rc -@WIN32_TRUE@am__append_11 = versioninfo.rc -@WIN32_TRUE@am__append_12 = versioninfo.rc -@WIN32_TRUE@am__append_13 = versioninfo.rc -@WIN32_TRUE@am__append_14 = versioninfo.rc -@WIN32_TRUE@am__append_15 = versioninfo.rc +@WIN32_TRUE@am__append_2 = $(top_builddir)/win32/versioninfo.rc +@WIN32_TRUE@am__append_3 = $(top_builddir)/win32/versioninfo.rc +@WIN32_TRUE@am__append_4 = $(top_builddir)/win32/versioninfo.rc +@WIN32_TRUE@am__append_5 = $(top_builddir)/win32/versioninfo.rc +@WIN32_TRUE@am__append_6 = $(top_builddir)/win32/versioninfo.rc +@WIN32_TRUE@am__append_7 = $(top_builddir)/win32/versioninfo.rc +@WIN32_TRUE@am__append_8 = $(top_builddir)/win32/versioninfo.rc +@WIN32_TRUE@am__append_9 = $(top_builddir)/win32/versioninfo.rc +@WIN32_TRUE@am__append_10 = $(top_builddir)/win32/versioninfo.rc +@WIN32_TRUE@am__append_11 = $(top_builddir)/win32/versioninfo.rc +@WIN32_TRUE@am__append_12 = $(top_builddir)/win32/versioninfo.rc +@WIN32_TRUE@am__append_13 = $(top_builddir)/win32/versioninfo.rc subdir = src/tools ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/acx_pthread.m4 \ - $(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.ac + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d @@ -78,99 +71,83 @@ @ENABLE_OPENSSL_TRUE@am__EXEEXT_1 = cryptoflex-tool$(EXEEXT) \ @ENABLE_OPENSSL_TRUE@ pkcs15-init$(EXEEXT) netkey-tool$(EXEEXT) \ @ENABLE_OPENSSL_TRUE@ piv-tool$(EXEEXT) westcos-tool$(EXEEXT) -am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(bindir)" +am__installdirs = "$(DESTDIR)$(bindir)" PROGRAMS = $(bin_PROGRAMS) -am__cardos_tool_SOURCES_DIST = cardos-tool.c util.c versioninfo.rc -@WIN32_TRUE@am__objects_1 = versioninfo.$(OBJEXT) +am__cardos_tool_SOURCES_DIST = cardos-tool.c util.c \ + $(top_builddir)/win32/versioninfo.rc +am__dirstamp = $(am__leading_dot)dirstamp +@WIN32_TRUE@am__objects_1 = \ +@WIN32_TRUE@ $(top_builddir)/win32/versioninfo.$(OBJEXT) am_cardos_tool_OBJECTS = cardos-tool.$(OBJEXT) util.$(OBJEXT) \ $(am__objects_1) cardos_tool_OBJECTS = $(am_cardos_tool_OBJECTS) -cardos_tool_LDADD = $(LDADD) +am__DEPENDENCIES_1 = +cardos_tool_DEPENDENCIES = $(am__DEPENDENCIES_1) am__cryptoflex_tool_SOURCES_DIST = cryptoflex-tool.c util.c \ - versioninfo.rc + $(top_builddir)/win32/versioninfo.rc am_cryptoflex_tool_OBJECTS = cryptoflex-tool.$(OBJEXT) util.$(OBJEXT) \ $(am__objects_1) cryptoflex_tool_OBJECTS = $(am_cryptoflex_tool_OBJECTS) -am__DEPENDENCIES_1 = cryptoflex_tool_DEPENDENCIES = $(am__DEPENDENCIES_1) -am__eidenv_SOURCES_DIST = eidenv.c versioninfo.rc -am_eidenv_OBJECTS = eidenv.$(OBJEXT) $(am__objects_1) +am__eidenv_SOURCES_DIST = eidenv.c util.c \ + $(top_builddir)/win32/versioninfo.rc +am_eidenv_OBJECTS = eidenv.$(OBJEXT) util.$(OBJEXT) $(am__objects_1) eidenv_OBJECTS = $(am_eidenv_OBJECTS) eidenv_LDADD = $(LDADD) -am__netkey_tool_SOURCES_DIST = netkey-tool.c versioninfo.rc +am__netkey_tool_SOURCES_DIST = netkey-tool.c \ + $(top_builddir)/win32/versioninfo.rc am_netkey_tool_OBJECTS = netkey-tool.$(OBJEXT) $(am__objects_1) netkey_tool_OBJECTS = $(am_netkey_tool_OBJECTS) netkey_tool_DEPENDENCIES = $(am__DEPENDENCIES_1) am__opensc_explorer_SOURCES_DIST = opensc-explorer.c util.c \ - versioninfo.rc + $(top_builddir)/win32/versioninfo.rc am_opensc_explorer_OBJECTS = opensc-explorer.$(OBJEXT) util.$(OBJEXT) \ $(am__objects_1) opensc_explorer_OBJECTS = $(am_opensc_explorer_OBJECTS) opensc_explorer_DEPENDENCIES = $(am__DEPENDENCIES_1) -am__opensc_tool_SOURCES_DIST = opensc-tool.c util.c versioninfo.rc +am__opensc_tool_SOURCES_DIST = opensc-tool.c util.c \ + $(top_builddir)/win32/versioninfo.rc am_opensc_tool_OBJECTS = opensc-tool.$(OBJEXT) util.$(OBJEXT) \ $(am__objects_1) opensc_tool_OBJECTS = $(am_opensc_tool_OBJECTS) opensc_tool_LDADD = $(LDADD) -am__piv_tool_SOURCES_DIST = piv-tool.c util.c versioninfo.rc +am__piv_tool_SOURCES_DIST = piv-tool.c util.c \ + $(top_builddir)/win32/versioninfo.rc am_piv_tool_OBJECTS = piv-tool.$(OBJEXT) util.$(OBJEXT) \ $(am__objects_1) piv_tool_OBJECTS = $(am_piv_tool_OBJECTS) piv_tool_DEPENDENCIES = $(am__DEPENDENCIES_1) -am__pkcs11_tool_SOURCES_DIST = pkcs11-tool.c util.c versioninfo.rc +am__pkcs11_tool_SOURCES_DIST = pkcs11-tool.c util.c \ + $(top_builddir)/win32/versioninfo.rc am_pkcs11_tool_OBJECTS = pkcs11-tool.$(OBJEXT) util.$(OBJEXT) \ $(am__objects_1) pkcs11_tool_OBJECTS = $(am_pkcs11_tool_OBJECTS) -pkcs11_tool_DEPENDENCIES = $(am__DEPENDENCIES_1) \ - $(top_builddir)/src/pkcs11/libpkcs11.la -am__pkcs15_crypt_SOURCES_DIST = pkcs15-crypt.c util.c versioninfo.rc +pkcs11_tool_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(top_builddir)/src/common/libpkcs11.la +am__pkcs15_crypt_SOURCES_DIST = pkcs15-crypt.c util.c \ + $(top_builddir)/win32/versioninfo.rc am_pkcs15_crypt_OBJECTS = pkcs15-crypt.$(OBJEXT) util.$(OBJEXT) \ $(am__objects_1) pkcs15_crypt_OBJECTS = $(am_pkcs15_crypt_OBJECTS) pkcs15_crypt_DEPENDENCIES = $(am__DEPENDENCIES_1) -am__pkcs15_init_SOURCES_DIST = pkcs15-init.c util.c versioninfo.rc +am__pkcs15_init_SOURCES_DIST = pkcs15-init.c util.c \ + $(top_builddir)/win32/versioninfo.rc am_pkcs15_init_OBJECTS = pkcs15-init.$(OBJEXT) util.$(OBJEXT) \ $(am__objects_1) pkcs15_init_OBJECTS = $(am_pkcs15_init_OBJECTS) -pkcs15_init_DEPENDENCIES = $(am__DEPENDENCIES_1) \ - $(top_builddir)/src/pkcs15init/libpkcs15init.la -am__pkcs15_tool_SOURCES_DIST = pkcs15-tool.c util.c versioninfo.rc +pkcs15_init_DEPENDENCIES = $(am__DEPENDENCIES_1) +am__pkcs15_tool_SOURCES_DIST = pkcs15-tool.c util.c \ + $(top_builddir)/win32/versioninfo.rc am_pkcs15_tool_OBJECTS = pkcs15-tool.$(OBJEXT) util.$(OBJEXT) \ $(am__objects_1) pkcs15_tool_OBJECTS = $(am_pkcs15_tool_OBJECTS) pkcs15_tool_DEPENDENCIES = $(am__DEPENDENCIES_1) -am__rutoken_tool_SOURCES_DIST = rutoken-tool.c util.c versioninfo.rc -am_rutoken_tool_OBJECTS = rutoken-tool.$(OBJEXT) util.$(OBJEXT) \ +am__westcos_tool_SOURCES_DIST = westcos-tool.c util.c \ + $(top_builddir)/win32/versioninfo.rc +am_westcos_tool_OBJECTS = westcos-tool.$(OBJEXT) util.$(OBJEXT) \ $(am__objects_1) -rutoken_tool_OBJECTS = $(am_rutoken_tool_OBJECTS) -rutoken_tool_DEPENDENCIES = $(am__DEPENDENCIES_1) -am__westcos_tool_SOURCES_DIST = westcos-tool.c versioninfo.rc -am_westcos_tool_OBJECTS = westcos-tool.$(OBJEXT) $(am__objects_1) westcos_tool_OBJECTS = $(am_westcos_tool_OBJECTS) westcos_tool_DEPENDENCIES = $(am__DEPENDENCIES_1) -am__dist_bin_SCRIPTS_DIST = cardos-info cardos-info.bat -am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; -am__vpath_adj = case $$p in \ - $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ - *) f=$$p;; \ - esac; -am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; -am__install_max = 40 -am__nobase_strip_setup = \ - srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` -am__nobase_strip = \ - for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" -am__nobase_list = $(am__nobase_strip_setup); \ - for p in $$list; do echo "$$p $$p"; done | \ - sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ - $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ - if (++n[$$2] == $(am__install_max)) \ - { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ - END { for (dir in files) print dir, files[dir] }' -am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -SCRIPTS = $(dist_bin_SCRIPTS) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -189,8 +166,7 @@ $(opensc_explorer_SOURCES) $(opensc_tool_SOURCES) \ $(piv_tool_SOURCES) $(pkcs11_tool_SOURCES) \ $(pkcs15_crypt_SOURCES) $(pkcs15_init_SOURCES) \ - $(pkcs15_tool_SOURCES) $(rutoken_tool_SOURCES) \ - $(westcos_tool_SOURCES) + $(pkcs15_tool_SOURCES) $(westcos_tool_SOURCES) DIST_SOURCES = $(am__cardos_tool_SOURCES_DIST) \ $(am__cryptoflex_tool_SOURCES_DIST) $(am__eidenv_SOURCES_DIST) \ $(am__netkey_tool_SOURCES_DIST) \ @@ -200,10 +176,7 @@ $(am__pkcs15_crypt_SOURCES_DIST) \ $(am__pkcs15_init_SOURCES_DIST) \ $(am__pkcs15_tool_SOURCES_DIST) \ - $(am__rutoken_tool_SOURCES_DIST) \ $(am__westcos_tool_SOURCES_DIST) -am__dist_noinst_DATA_DIST = versioninfo.rc -DATA = $(dist_noinst_DATA) HEADERS = $(noinst_HEADERS) ETAGS = etags CTAGS = ctags @@ -235,8 +208,6 @@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ -ICONV_CFLAGS = @ICONV_CFLAGS@ -ICONV_LIBS = @ICONV_LIBS@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ @@ -244,12 +215,10 @@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LD = @LD@ LDFLAGS = @LDFLAGS@ -LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@ -LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@ -LIBASSUAN_LIBS = @LIBASSUAN_LIBS@ LIBOBJS = @LIBOBJS@ -LIBS = $(top_builddir)/src/libopensc/libopensc.la \ - $(top_builddir)/src/common/libcompat.la +LIBRARY_BITNESS = @LIBRARY_BITNESS@ +LIBS = $(top_builddir)/src/common/libcompat.la \ + $(top_builddir)/src/libopensc/libopensc.la LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ @@ -274,8 +243,6 @@ OPENSC_VERSION_MINOR = @OPENSC_VERSION_MINOR@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ -OPTIONAL_ICONV_CFLAGS = @OPTIONAL_ICONV_CFLAGS@ -OPTIONAL_ICONV_LIBS = @OPTIONAL_ICONV_LIBS@ OPTIONAL_OPENCT_CFLAGS = @OPTIONAL_OPENCT_CFLAGS@ OPTIONAL_OPENCT_LIBS = @OPTIONAL_OPENCT_LIBS@ OPTIONAL_OPENSSL_CFLAGS = @OPTIONAL_OPENSSL_CFLAGS@ @@ -298,6 +265,8 @@ PCSC_CFLAGS = @PCSC_CFLAGS@ PCSC_LIBS = @PCSC_LIBS@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ @@ -310,10 +279,7 @@ SHELL = @SHELL@ STRIP = @STRIP@ SVN = @SVN@ -TR = @TR@ VERSION = @VERSION@ -WGET = @WGET@ -WGET_OPTS = @WGET_OPTS@ WIN_LIBPREFIX = @WIN_LIBPREFIX@ XSLTPROC = @XSLTPROC@ ZLIB_CFLAGS = @ZLIB_CFLAGS@ @@ -359,11 +325,8 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ -openscincludedir = @openscincludedir@ pdfdir = @pdfdir@ pkcs11dir = @pkcs11dir@ -pkgconfigdir = @pkgconfigdir@ -plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -380,43 +343,37 @@ $(AM_CPPFLAGS) $(CPPFLAGS) LTRCCOMPILE = $(LIBTOOL) --mode=compile --tag=RC $(RCCOMPILE) -MAINTAINERCLEANFILES = \ - $(srcdir)/Makefile.in $(srcdir)/versioninfo.rc - -CLEANFILES = versioninfo.rc +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in EXTRA_DIST = Makefile.mak noinst_HEADERS = util.h -dist_bin_SCRIPTS = cardos-info $(am__append_2) -AM_CFLAGS = $(OPTIONAL_OPENSSL_CFLAGS) $(OPTIONAL_READLINE_CFLAGS) -INCLUDES = -I$(top_srcdir)/src/common -I$(top_builddir)/src/include -opensc_tool_SOURCES = opensc-tool.c util.c $(am__append_3) -piv_tool_SOURCES = piv-tool.c util.c $(am__append_4) + +# compile with $(PTHREAD_CFLAGS) to allow debugging with gdb +AM_CFLAGS = $(OPTIONAL_OPENSSL_CFLAGS) $(OPTIONAL_READLINE_CFLAGS) $(PTHREAD_CFLAGS) +INCLUDES = -I$(top_srcdir)/src +opensc_tool_SOURCES = opensc-tool.c util.c $(am__append_2) +piv_tool_SOURCES = piv-tool.c util.c $(am__append_3) piv_tool_LDADD = $(OPTIONAL_OPENSSL_LIBS) -opensc_explorer_SOURCES = opensc-explorer.c util.c $(am__append_5) +opensc_explorer_SOURCES = opensc-explorer.c util.c $(am__append_4) opensc_explorer_LDADD = $(OPTIONAL_READLINE_LIBS) -pkcs15_tool_SOURCES = pkcs15-tool.c util.c $(am__append_6) +pkcs15_tool_SOURCES = pkcs15-tool.c util.c $(am__append_5) pkcs15_tool_LDADD = $(OPTIONAL_OPENSSL_LIBS) -pkcs11_tool_SOURCES = pkcs11-tool.c util.c $(am__append_7) -pkcs11_tool_LDADD = $(OPTIONAL_OPENSSL_LIBS) \ - $(top_builddir)/src/pkcs11/libpkcs11.la +pkcs11_tool_SOURCES = pkcs11-tool.c util.c $(am__append_6) +pkcs11_tool_LDADD = $(OPTIONAL_OPENSSL_LIBS) $(LTLIB_LIBS) \ + $(top_builddir)/src/common/libpkcs11.la -pkcs15_crypt_SOURCES = pkcs15-crypt.c util.c $(am__append_8) +pkcs15_crypt_SOURCES = pkcs15-crypt.c util.c $(am__append_7) pkcs15_crypt_LDADD = $(OPTIONAL_OPENSSL_LIBS) -cryptoflex_tool_SOURCES = cryptoflex-tool.c util.c $(am__append_9) +cryptoflex_tool_SOURCES = cryptoflex-tool.c util.c $(am__append_8) cryptoflex_tool_LDADD = $(OPTIONAL_OPENSSL_LIBS) -pkcs15_init_SOURCES = pkcs15-init.c util.c $(am__append_10) -pkcs15_init_LDADD = $(OPTIONAL_OPENSSL_LIBS) \ - $(top_builddir)/src/pkcs15init/libpkcs15init.la - -cardos_tool_SOURCES = cardos-tool.c util.c $(am__append_11) -eidenv_SOURCES = eidenv.c $(am__append_12) -netkey_tool_SOURCES = netkey-tool.c $(am__append_13) +pkcs15_init_SOURCES = pkcs15-init.c util.c $(am__append_9) +pkcs15_init_LDADD = $(OPTIONAL_OPENSSL_LIBS) +cardos_tool_SOURCES = cardos-tool.c util.c $(am__append_10) +cardos_tool_LDADD = $(OPTIONAL_OPENSSL_LIBS) +eidenv_SOURCES = eidenv.c util.c $(am__append_11) +netkey_tool_SOURCES = netkey-tool.c $(am__append_12) netkey_tool_LDADD = $(OPTIONAL_OPENSSL_LIBS) -rutoken_tool_SOURCES = rutoken-tool.c util.c $(am__append_14) -rutoken_tool_LDADD = $(OPTIONAL_OPENSSL_LIBS) -westcos_tool_SOURCES = westcos-tool.c $(am__append_15) +westcos_tool_SOURCES = westcos-tool.c util.c $(am__append_13) westcos_tool_LDADD = $(OPTIONAL_OPENSSL_LIBS) -@WIN32_FALSE@dist_noinst_DATA = versioninfo.rc all: all-am .SUFFIXES: @@ -430,9 +387,9 @@ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/tools/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/tools/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/tools/Makefile + $(AUTOMAKE) --foreign src/tools/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -494,6 +451,15 @@ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ echo " rm -f" $$list; \ rm -f $$list +$(top_builddir)/win32/$(am__dirstamp): + @$(MKDIR_P) $(top_builddir)/win32 + @: > $(top_builddir)/win32/$(am__dirstamp) +$(top_builddir)/win32/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) $(top_builddir)/win32/$(DEPDIR) + @: > $(top_builddir)/win32/$(DEPDIR)/$(am__dirstamp) +$(top_builddir)/win32/versioninfo.$(OBJEXT): \ + $(top_builddir)/win32/$(am__dirstamp) \ + $(top_builddir)/win32/$(DEPDIR)/$(am__dirstamp) cardos-tool$(EXEEXT): $(cardos_tool_OBJECTS) $(cardos_tool_DEPENDENCIES) @rm -f cardos-tool$(EXEEXT) $(LINK) $(cardos_tool_OBJECTS) $(cardos_tool_LDADD) $(LIBS) @@ -527,49 +493,13 @@ pkcs15-tool$(EXEEXT): $(pkcs15_tool_OBJECTS) $(pkcs15_tool_DEPENDENCIES) @rm -f pkcs15-tool$(EXEEXT) $(LINK) $(pkcs15_tool_OBJECTS) $(pkcs15_tool_LDADD) $(LIBS) -rutoken-tool$(EXEEXT): $(rutoken_tool_OBJECTS) $(rutoken_tool_DEPENDENCIES) - @rm -f rutoken-tool$(EXEEXT) - $(LINK) $(rutoken_tool_OBJECTS) $(rutoken_tool_LDADD) $(LIBS) westcos-tool$(EXEEXT): $(westcos_tool_OBJECTS) $(westcos_tool_DEPENDENCIES) @rm -f westcos-tool$(EXEEXT) $(LINK) $(westcos_tool_OBJECTS) $(westcos_tool_LDADD) $(LIBS) -install-dist_binSCRIPTS: $(dist_bin_SCRIPTS) - @$(NORMAL_INSTALL) - test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)" - @list='$(dist_bin_SCRIPTS)'; test -n "$(bindir)" || list=; \ - for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \ - done | \ - sed -e 'p;s,.*/,,;n' \ - -e 'h;s|.*|.|' \ - -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \ - $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \ - { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ - if ($$2 == $$4) { files[d] = files[d] " " $$1; \ - if (++n[d] == $(am__install_max)) { \ - print "f", d, files[d]; n[d] = 0; files[d] = "" } } \ - else { print "f", d "/" $$4, $$1 } } \ - END { for (d in files) print "f", d, files[d] }' | \ - while read type dir files; do \ - if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ - test -z "$$files" || { \ - echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(bindir)$$dir'"; \ - $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ - } \ - ; done - -uninstall-dist_binSCRIPTS: - @$(NORMAL_UNINSTALL) - @list='$(dist_bin_SCRIPTS)'; test -n "$(bindir)" || exit 0; \ - files=`for p in $$list; do echo "$$p"; done | \ - sed -e 's,.*/,,;$(transform)'`; \ - test -n "$$list" || exit 0; \ - echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(bindir)" && rm -f $$files mostlyclean-compile: -rm -f *.$(OBJEXT) + -rm -f $(top_builddir)/win32/versioninfo.$(OBJEXT) distclean-compile: -rm -f *.tab.c @@ -585,7 +515,6 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-crypt.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-init.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs15-tool.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rutoken-tool.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/util.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/westcos-tool.Po@am__quote@ @@ -700,9 +629,9 @@ done check-am: all-am check: check-am -all-am: Makefile $(PROGRAMS) $(SCRIPTS) $(DATA) $(HEADERS) +all-am: Makefile $(PROGRAMS) $(HEADERS) installdirs: - for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(bindir)"; do \ + for dir in "$(DESTDIR)$(bindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am @@ -722,11 +651,12 @@ mostlyclean-generic: clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -test -z "$(top_builddir)/win32/$(DEPDIR)/$(am__dirstamp)" || rm -f $(top_builddir)/win32/$(DEPDIR)/$(am__dirstamp) + -test -z "$(top_builddir)/win32/$(am__dirstamp)" || rm -f $(top_builddir)/win32/$(am__dirstamp) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -760,7 +690,7 @@ install-dvi-am: -install-exec-am: install-binPROGRAMS install-dist_binSCRIPTS +install-exec-am: install-binPROGRAMS install-html: install-html-am @@ -800,7 +730,7 @@ ps-am: -uninstall-am: uninstall-binPROGRAMS uninstall-dist_binSCRIPTS +uninstall-am: uninstall-binPROGRAMS .MAKE: install-am install-strip @@ -808,16 +738,15 @@ clean-generic clean-libtool ctags distclean distclean-compile \ distclean-generic distclean-libtool distclean-tags distdir dvi \ dvi-am html html-am info info-am install install-am \ - install-binPROGRAMS install-data install-data-am \ - install-dist_binSCRIPTS install-dvi install-dvi-am \ - install-exec install-exec-am install-html install-html-am \ - install-info install-info-am install-man install-pdf \ - install-pdf-am install-ps install-ps-am install-strip \ - installcheck installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-binPROGRAMS \ - uninstall-dist_binSCRIPTS + install-binPROGRAMS install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-binPROGRAMS .rc.lo: @@ -826,10 +755,6 @@ .rc.o: $(RCCOMPILE) -i "$<" -o "$@" -versioninfo.rc: - sed 's/@@FILE_DESCRIPTION@@/OpenSC Utility/g' \ - "$(top_builddir)/win32/versioninfo.rc.in" > versioninfo.rc - # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff -Nru opensc-0.11.13/src/tools/Makefile.mak opensc-0.12.1/src/tools/Makefile.mak --- opensc-0.11.13/src/tools/Makefile.mak 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/tools/Makefile.mak 2011-05-17 17:07:00.000000000 +0000 @@ -1,24 +1,22 @@ - TOPDIR = ..\.. !INCLUDE $(TOPDIR)\win32\Make.rules.mak TARGETS = opensc-tool.exe opensc-explorer.exe pkcs15-tool.exe pkcs15-crypt.exe \ - pkcs11-tool.exe cardos-info.exe eidenv.exe rutoken-tool.exe \ - netkey-tool.exe westcos-tool.exe \ + pkcs11-tool.exe cardos-tool.exe eidenv.exe \ $(PROGRAMS_OPENSSL) -all: $(TARGETS) +$(TARGETS): $(TOPDIR)\win32\versioninfo.res util.obj -$(TARGETS): versioninfo.res util.obj +all: $(TARGETS) .c.obj: cl $(COPTS) /c $< .c.exe: cl $(COPTS) /c $< - link $(LINKFLAGS) /pdb:$*.pdb /out:$@ $*.obj util.obj \ + link $(LINKFLAGS) /pdb:$*.pdb /out:$@ $*.obj util.obj \ ..\common\common.lib ..\scconf\scconf.lib ..\libopensc\opensc.lib \ - ..\pkcs15init\pkcs15init.lib ..\pkcs11\libpkcs11.lib \ - versioninfo.res $(OPENSSL_LIB) $(LIBLTDL) gdi32.lib + ..\pkcs15init\pkcs15init.lib ..\common\libpkcs11.lib \ + $(TOPDIR)\win32\versioninfo.res $(OPENSSL_LIB) gdi32.lib if EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;1 diff -Nru opensc-0.11.13/src/tools/netkey-tool.c opensc-0.12.1/src/tools/netkey-tool.c --- opensc-0.11.13/src/tools/netkey-tool.c 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/tools/netkey-tool.c 2011-05-17 17:07:00.000000000 +0000 @@ -1,11 +1,6 @@ /* * Netkey-Tool for Telesec Netkey E4 cards. * - * compile with: - * gcc -I/include -I/include \ - * -L/lib -L/lib \ - * -o netkey-tool netkey-tool.c -lopensc -lcrypto - * * Copyright (C) 2005, Peter Koch * * This library is free software; you can redistribute it and/or @@ -23,23 +18,22 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" #include #include -#include #include #include -#include #include #include +#include "common/compat_getopt.h" +#include "libopensc/opensc.h" + static struct { - char *path; + const char *path; int readonly; - char *label; + const char *label; } certlist[]={ {"DF01C000", 1, "Telesec Signatur Zertifikat"}, {"DF014331", 0, "User Signatur Zertifikat1"}, @@ -53,9 +47,9 @@ }; static struct { - char *path; - char *name; - char *label; + const char *path; + const char *name; + const char *label; int p1, p2; int tries; int len; @@ -235,7 +229,7 @@ printf("%X\n\n", buf[11]>>4); for(i=0;i<4;++i) show_pin(card, i); - // printf("%s: %u tries left, %u tries max, %s\n", pinlist[i].label, pinlist[i].tries, max, status); + /* printf("%s: %u tries left, %u tries max, %s\n", pinlist[i].label, pinlist[i].tries, max, status); */ if(pinlist[0].len) show_initial_puk(card); } @@ -548,7 +542,10 @@ fprintf(stderr,"Establish-Context failed: %s\n", sc_strerror(r)); exit(1); } - ctx->debug=debug; + if (debug > 1) { + ctx->debug = debug; + sc_ctx_log_to_file(ctx, "stderr"); + } if(ctx->debug>0) printf("Context for application \"%s\" created, Debug=%d\n", ctx->app_name, ctx->debug); @@ -559,24 +556,18 @@ exit(1); } - printf("%d Reader detected\n", sc_ctx_get_reader_count(ctx)); - for(i=0; i < sc_ctx_get_reader_count(ctx); ++i){ - sc_reader_t *myreader = sc_ctx_get_reader(ctx, i); - printf("%lu: %s, Driver: %s, %d Slot(s)\n", - (unsigned long) i, myreader->name, - myreader->driver->name, myreader->slot_count); - } + printf("%d Readers detected\n", sc_ctx_get_reader_count(ctx)); if(reader < 0 || reader >= (int)sc_ctx_get_reader_count(ctx)){ fprintf(stderr,"Cannot open reader %d\n", reader); exit(1); } - if((r = sc_connect_card(sc_ctx_get_reader(ctx, 0), 0, &card))<0){ + if((r = sc_connect_card(sc_ctx_get_reader(ctx, 0), &card))<0){ fprintf(stderr,"Connect-Card failed: %s\n", sc_strerror(r)); exit(1); } printf("\nCard detected (driver: %s)\nATR:", card->driver->name); - for(i=0;iatr_len;++i) printf("%c%02X", i?':':' ', card->atr[i]); printf("\n"); + for(i=0;iatr.len;++i) printf("%c%02X", i?':':' ', card->atr.value[i]); printf("\n"); if((r = sc_lock(card))<0){ fprintf(stderr,"Lock failed: %s\n", sc_strerror(r)); @@ -621,7 +612,7 @@ if(do_unblock+do_change+do_nullpin+do_readcert==0) show_certs(card); sc_unlock(card); - sc_disconnect_card(card,0); + sc_disconnect_card(card); sc_release_context(ctx); exit(0); diff -Nru opensc-0.11.13/src/tools/opensc-explorer.c opensc-0.12.1/src/tools/opensc-explorer.c --- opensc-0.11.13/src/tools/opensc-explorer.c 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/tools/opensc-explorer.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,28 +18,30 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #include #include #include -#include -#include #ifdef ENABLE_READLINE #include #include #endif -#include + +#include "libopensc/opensc.h" +#include "libopensc/asn1.h" +#include "libopensc/cardctl.h" #include "util.h" #define DIM(v) (sizeof(v)/sizeof((v)[0])) static const char *app_name = "opensc-explorer"; -static int opt_reader = -1, opt_wait = 0, verbose = 0; +static int opt_wait = 0, verbose = 0; static const char *opt_driver = NULL; +static const char *opt_reader = NULL; +static const char *opt_startfile = NULL; static sc_file_t *current_file = NULL; static sc_path_t current_path; @@ -49,30 +51,19 @@ static const struct option options[] = { { "reader", 1, NULL, 'r' }, { "card-driver", 1, NULL, 'c' }, - { "wait", 1, NULL, 'w' }, + { "mf", 1, NULL, 'm' }, + { "wait", 0, NULL, 'w' }, { "verbose", 0, NULL, 'v' }, { NULL, 0, NULL, 0 } }; static const char *option_help[] = { "Uses reader number [0]", "Forces the use of driver [auto-detect]", + "Selects path on start-up, or none if empty [3F00]", "Wait for card insertion", "Verbose operation. Use several times to enable debug output.", }; - -#if 0 /* fixme: uncomment for use with pksign */ -static u8 oid_md5[18] = /* MD5 OID is 1.2.840.113549.2.5 */ -{ 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86,0x48, - 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10 }; -static u8 oid_sha1[15] = /* SHA-1 OID 1.3.14.3.2.26 */ -{ 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, - 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 }; -static u8 oid_rmd160[15] = /* RIPE MD-160 OID is 1.3.36.3.2.1 */ -{ 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x24, 0x03, - 0x02, 0x01, 0x05, 0x00, 0x04, 0x14 }; -#endif - static size_t hex2binary(u8 *out, size_t outlen, const char *in); struct command { @@ -87,13 +78,24 @@ sc_file_free(current_file); if (card) { sc_unlock(card); - sc_disconnect_card(card, 0); + sc_disconnect_card(card); } if (ctx) sc_release_context(ctx); exit(ret); } +static void select_current_path_or_die(void) +{ + if (current_path.type || current_path.len) { + int r = sc_select_file(card, ¤t_path, NULL); + if (r) { + printf("unable to select parent DF: %s\n", sc_strerror(r)); + die(1); + } + } +} + static struct command * ambiguous_match(struct command *table, const char *cmd) { @@ -122,6 +124,8 @@ static int arg_to_path(const char *arg, sc_path_t *path, int is_id) { + memset(path, 0, sizeof(sc_path_t)); + if (strncasecmp(arg, "aid:", strlen("aid:")) == 0) { /* DF aid */ const char *p = arg + strlen("aid:"); @@ -151,6 +155,18 @@ path->type = SC_PATH_TYPE_PATH; } else { *path = current_path; + if (path->type == SC_PATH_TYPE_DF_NAME) { + if (path->len > sizeof(path->aid.value)) { + printf("Invalid length of DF_NAME path\n"); + return -1; + } + + memcpy(path->aid.value, path->value, path->len); + path->aid.len = path->len; + + path->type = SC_PATH_TYPE_FILE_ID; + path->len = 0; + } sc_append_path_id(path, cbuf, 2); } } @@ -160,17 +176,9 @@ static void print_file(const sc_file_t *file) { - const char *st; + const char *format = " %02X%02X "; + const char *st = "???"; - if (file->type == SC_FILE_TYPE_DF) - printf("["); - else - printf(" "); - printf("%02X%02X", file->id >> 8, file->id & 0xFF); - if (file->type == SC_FILE_TYPE_DF) - printf("]"); - else - printf(" "); switch (file->type) { case SC_FILE_TYPE_WORKING_EF: st = "wEF"; @@ -179,12 +187,11 @@ st = "iEF"; break; case SC_FILE_TYPE_DF: + format = "[%02X%02X]"; st = "DF"; break; - default: - st = "???"; - break; } + printf(format, file->id >> 8, file->id & 0xFF); printf("\t%4s", st); printf(" %5lu", (unsigned long)file->size); if (file->namelen) { @@ -223,9 +230,7 @@ } } - ctx->suppress_errors++; r = sc_select_file(card, &path, &file); - ctx->suppress_errors--; if (r) { printf(" %02X%02X unable to select file, %s\n", cur[0], cur[1], sc_strerror(r)); } else { @@ -235,11 +240,7 @@ } cur += 2; count -= 2; - r = sc_select_file(card, ¤t_path, NULL); - if (r) { - printf("unable to select parent DF: %s\n", sc_strerror(r)); - die(1); - } + select_current_path_or_die(); } return 0; usage: @@ -256,18 +257,26 @@ if (argc != 1) goto usage; if (strcmp(argv[0], "..") == 0) { - if (current_path.len < 4) { + path = current_path; + if (path.len < 4) { printf("unable to go up, already in MF.\n"); return -1; } - path = current_path; - path.len -= 2; + + if (path.type == SC_PATH_TYPE_DF_NAME) { + sc_format_path("3F00", &path); + } + else { + path.len -= 2; + } + r = sc_select_file(card, &path, &file); if (r) { printf("unable to go up: %s\n", sc_strerror(r)); return -1; } - sc_file_free(current_file); + if (current_file) + sc_file_free(current_file); current_file = file; current_path = path; return 0; @@ -283,15 +292,12 @@ if ((file->type != SC_FILE_TYPE_DF) && !(card->caps & SC_CARD_CAP_NO_FCI)) { printf("Error: file is not a DF.\n"); sc_file_free(file); - r = sc_select_file(card, ¤t_path, NULL); - if (r) { - printf("unable to select parent file: %s\n", sc_strerror(r)); - die(1); - } + select_current_path_or_die(); return -1; } current_path = path; - sc_file_free(current_file); + if (current_file) + sc_file_free(current_file); current_file = file; return 0; @@ -329,15 +335,14 @@ return 0; } -static int read_and_print_record_file(sc_file_t *file) +static int read_and_print_record_file(sc_file_t *file, unsigned char sfi) { u8 buf[256]; int rec, r; for (rec = 1; ; rec++) { - ctx->suppress_errors++; - r = sc_read_record(card, rec, buf, sizeof(buf), SC_RECORD_BY_REC_NR); - ctx->suppress_errors--; + r = sc_read_record(card, rec, buf, sizeof(buf), + SC_RECORD_BY_REC_NR | sfi); if (r == SC_ERROR_RECORD_NOT_FOUND) return 0; if (r < 0) { @@ -355,6 +360,7 @@ sc_path_t path; sc_file_t *file = NULL; int not_current = 1; + int sfi = 0; if (argc > 1) goto usage; @@ -363,23 +369,43 @@ file = current_file; not_current = 0; } else { - if (arg_to_path(argv[0], &path, 1) != 0) - goto usage; + const char sfi_prefix[] = "sfi:"; - r = sc_select_file(card, &path, &file); - if (r) { - check_ret(r, SC_AC_OP_SELECT, "unable to select file", current_file); - goto err; + if (strncasecmp(argv[0], sfi_prefix, strlen(sfi_prefix)) == 0) { + const char *sfi_n = argv[0] + strlen(sfi_prefix); + + if(!current_file) { + printf("A DF must be selected to read by SFI\n"); + goto err; + } + path = current_path; + file = current_file; + not_current = 0; + sfi = atoi(sfi_n); + if ((sfi < 1) || (sfi > 30)) { + printf("Invalid SFI: %s\n", sfi_n); + goto usage; + } + } else { + if (arg_to_path(argv[0], &path, 0) != 0) + goto usage; + r = sc_select_file(card, &path, &file); + if (r) { + check_ret(r, SC_AC_OP_SELECT, "unable to select file", + current_file); + goto err; + } } } - if (file->type != SC_FILE_TYPE_WORKING_EF) { + if (file->type != SC_FILE_TYPE_WORKING_EF && + !(file->type == SC_FILE_TYPE_DF && sfi)) { printf("only working EFs may be read\n"); goto err; } - if (file->ef_structure == SC_FILE_EF_TRANSPARENT) + if (file->ef_structure == SC_FILE_EF_TRANSPARENT && !sfi) read_and_util_print_binary_file(file); else - read_and_print_record_file(file); + read_and_print_record_file(file, sfi); err = 0; @@ -388,16 +414,13 @@ if (file != NULL) { sc_file_free(file); } - r = sc_select_file(card, ¤t_path, NULL); - if (r) { - printf("unable to select parent file: %s\n", sc_strerror(r)); - die(1); - } + select_current_path_or_die(); } return -err; usage: - puts("Usage: cat [file_id]"); + puts("Usage: cat [file_id] or"); + puts(" cat sfi:"); return -1; } @@ -469,16 +492,25 @@ "Linear fixed, SIMPLE-TLV", "Linear variable", "Linear variable TLV", "Cyclic, SIMPLE-TLV", }; - const char *ops[] = { - "READ", "UPDATE", "DELETE", "WRITE", "REHABILITATE", - "INVALIDATE", "LIST_FILES", "CRYPTO", + const struct { + const char * label; + int op; + } ops[] = { + { "READ", SC_AC_OP_READ }, + { "UPDATE", SC_AC_OP_UPDATE }, + { "DELETE", SC_AC_OP_DELETE }, + { "WRITE", SC_AC_OP_WRITE }, + { "REHABILITATE", SC_AC_OP_REHABILITATE }, + { "INVALIDATE", SC_AC_OP_INVALIDATE }, + { "LIST_FILES", SC_AC_OP_LIST_FILES }, + { "CRYPTO", SC_AC_OP_CRYPTO }, }; printf("%-15s%s\n", "EF structure:", structs[file->ef_structure]); for (i = 0; i < sizeof(ops)/sizeof(ops[0]); i++) { char buf[80]; - sprintf(buf, "ACL for %s:", ops[i]); - printf("%-25s%s\n", buf, util_acl_to_str(sc_file_get_acl_entry(file, i))); + sprintf(buf, "ACL for %s:", ops[i].label); + printf("%-25s%s\n", buf, util_acl_to_str(sc_file_get_acl_entry(file, ops[i].op))); } } if (file->prop_attr_len) { @@ -496,11 +528,7 @@ printf("\n"); if (not_current) { sc_file_free(file); - r = sc_select_file(card, ¤t_path, NULL); - if (r) { - printf("unable to select parent file: %s\n", sc_strerror(r)); - die(1); - } + select_current_path_or_die(); } return 0; @@ -520,11 +548,7 @@ } /* Make sure we're back in the parent directory, because on some cards * CREATE FILE also selects the newly created file. */ - r = sc_select_file(card, ¤t_path, NULL); - if (r) { - printf("unable to select parent file: %s\n", sc_strerror(r)); - die(1); - } + select_current_path_or_die(); return 0; } @@ -652,7 +676,7 @@ } if (argc < 2) { - if (!(card->reader->slot[0].capabilities & SC_SLOT_CAP_PIN_PAD)) { + if (!(card->reader->capabilities & SC_READER_CAP_PIN_PAD)) { printf("Card reader or driver doesn't support PIN PAD\n"); return -1; } @@ -707,7 +731,7 @@ size_t oldpinlen = sizeof(oldpin), i; size_t newpinlen = sizeof(newpin); - if (argc < 2 || argc > 3) + if (argc < 1 || argc > 3) goto usage; if (strncasecmp(argv[0], "CHV", 3)) { printf("Invalid type.\n"); @@ -720,7 +744,11 @@ argc--; argv++; - if (argc == 1) { + if (argc == 0) { + /* set without verification */ + oldpinlen = 0; + newpinlen = 0; + } else if (argc == 1) { /* set without verification */ oldpinlen = 0; } else { @@ -737,19 +765,21 @@ argv++; } - if (argv[0][0] == '"') { - for (s = argv[0] + 1, i = 0; - i < sizeof(newpin) && *s && *s != '"'; i++) - newpin[i] = *s++; - newpinlen = i; - } else if (sc_hex_to_bin(argv[0], newpin, &newpinlen) != 0) { - printf("Invalid key value.\n"); - goto usage; + if (argc) { + if (argv[0][0] == '"') { + for (s = argv[0] + 1, i = 0; + i < sizeof(newpin) && *s && *s != '"'; i++) + newpin[i] = *s++; + newpinlen = i; + } else if (sc_hex_to_bin(argv[0], newpin, &newpinlen) != 0) { + printf("Invalid key value.\n"); + goto usage; + } } r = sc_change_reference_data (card, SC_AC_CHV, ref, - oldpin, oldpinlen, - newpin, newpinlen, + oldpinlen ? oldpin : NULL, oldpinlen, + newpinlen ? newpin : NULL, newpinlen, &tries_left); if (r) { if (r == SC_ERROR_PIN_CODE_INCORRECT) { @@ -764,21 +794,25 @@ printf("PIN changed.\n"); return 0; usage: - printf("Usage: change CHV [] \n"); - printf("Example: change CHV2 00:00:00:00:00:00 \"foobar\"\n"); + printf("Usage: change CHV [[] ]\n"); + printf("Examples: \n"); + printf("\tChange PIN: change CHV2 00:00:00:00:00:00 \"foobar\"\n"); + printf("\tSet PIN: change CHV2 \"foobar\"\n"); + printf("\tChange PIN with pinpad': change CHV2\n"); return -1; } + static int do_unblock(int argc, char **argv) { int ref, r; - u8 puk[30]; - u8 newpin[30]; + u8 puk_buf[30], *puk = NULL; + u8 newpin_buf[30], *newpin = NULL; const char *s; - size_t puklen = sizeof(puk), i; - size_t newpinlen = sizeof(newpin); + size_t puklen = sizeof(puk_buf), i; + size_t newpinlen = sizeof(newpin_buf); - if (argc < 2 || argc > 3) + if (argc < 1 || argc > 3) goto usage; if (strncasecmp(argv[0], "CHV", 3)) { printf("Invalid type.\n"); @@ -791,31 +825,41 @@ argc--; argv++; - if (argc == 1) { - /* set without verification */ + if (argc == 0) { puklen = 0; + puk = NULL; } else { if (argv[0][0] == '"') { for (s = argv[0] + 1, i = 0; - i < sizeof(puk) && *s && *s != '"'; i++) - puk[i] = *s++; + i < sizeof(puk_buf) && *s && *s != '"'; i++) + puk_buf[i] = *s++; puklen = i; - } else if (sc_hex_to_bin(argv[0], puk, &puklen) != 0) { + } else if (sc_hex_to_bin(argv[0], puk_buf, &puklen) != 0) { printf("Invalid key value.\n"); goto usage; } + puk = &puk_buf[0]; + argc--; argv++; } - if (argv[0][0] == '"') { - for (s = argv[0] + 1, i = 0; - i < sizeof(newpin) && *s && *s != '"'; i++) - newpin[i] = *s++; - newpinlen = i; - } else if (sc_hex_to_bin(argv[0], newpin, &newpinlen) != 0) { - printf("Invalid key value.\n"); - goto usage; + if (argc) { + if (argv[0][0] == '"') { + for (s = argv[0] + 1, i = 0; + i < sizeof(newpin_buf) && *s && *s != '"'; i++) + newpin_buf[i] = *s++; + newpinlen = i; + } else if (sc_hex_to_bin(argv[0], newpin_buf, &newpinlen) != 0) { + printf("Invalid key value.\n"); + goto usage; + } + + newpin = &newpin_buf[0]; + } + else { + newpinlen = 0; + newpin = NULL; } r = sc_reset_retry_counter (card, SC_AC_CHV, ref, @@ -830,8 +874,16 @@ printf("PIN unblocked.\n"); return 0; usage: - printf("Usage: unblock CHV [] \n"); - printf("Example: unblock CHV2 00:00:00:00:00:00 \"foobar\"\n"); + printf("Usage: unblock CHV [] []\n"); + printf("PUK and PIN values can be hexadecimal, ASCII, empty (\"\") or absent\n"); + printf("Examples:\n"); + printf("\tUnblock PIN and set a new value: unblock CHV2 00:00:00:00:00:00 \"foobar\"\n"); + printf("\tUnblock PIN keeping the old value: unblock CHV2 00:00:00:00:00:00 \"\"\n"); + printf("\tSet new PIN value: unblock CHV2 \"\" \"foobar\"\n"); + printf("Examples with pinpad:\n"); + printf("\tUnblock PIN: new PIN value is prompted by pinpad: unblock CHV2 00:00:00:00:00:00\n"); + printf("\tSet PIN: new PIN value is prompted by pinpad: unblock CHV2 \"\"\n"); + printf("\tUnblock PIN: unblock code and new PIN value are prompted by pinpad: unblock CHV2\n"); return -1; } @@ -862,7 +914,9 @@ fbuf[5*i-1] = 0; filename = fbuf; } - outf = fopen(filename, "wb"); + outf = (strcmp(filename, "-") == 0) + ? stdout + : fopen(filename, "wb"); if (outf == NULL) { perror(filename); goto err; @@ -895,20 +949,21 @@ idx += r; count -= r; } - printf("Total of %d bytes read from %s and saved to %s.\n", - idx, argv[0], filename); + if (outf == stdout) { + fwrite("\n", 1, 1, outf); + } + else { + printf("Total of %d bytes read from %s and saved to %s.\n", + idx, argv[0], filename); + } err = 0; err: if (file) sc_file_free(file); - if (outf) + if (outf != NULL && outf != stdout) fclose(outf); - r = sc_select_file(card, ¤t_path, NULL); - if (r) { - printf("unable to select parent file: %s\n", sc_strerror(r)); - die(1); - } + select_current_path_or_die(); return -err; usage: printf("Usage: get [output file]\n"); @@ -922,7 +977,7 @@ int s = 0; out--; - while (inlen && len) { + while (inlen && (len || s)) { char c = *p++; inlen--; if (!isxdigit(c)) @@ -1002,12 +1057,7 @@ err: sc_file_free(file); - r = sc_select_file(card, ¤t_path, NULL); - if (r) { - printf("unable to select parent file: %s\n", sc_strerror(r)); - die(1); - } - + select_current_path_or_die(); return -err; usage: printf("Usage: update offs | <'\"' enclosed string>\n"); @@ -1071,12 +1121,7 @@ err: sc_file_free(file); - r = sc_select_file(card, ¤t_path, NULL); - if (r) { - printf("unable to select parent file: %s\n", sc_strerror(r)); - die(1); - } - + select_current_path_or_die(); return -err; usage: printf("Usage: update_record rec_nr rec_offs \n"); @@ -1148,11 +1193,7 @@ sc_file_free(file); if (outf) fclose(outf); - r = sc_select_file(card, ¤t_path, NULL); - if (r) { - printf("unable to select parent file: %s\n", sc_strerror(r)); - die(1); - } + select_current_path_or_die(); return -err; usage: printf("Usage: put [input file]\n"); @@ -1170,175 +1211,14 @@ return -1; printf("Debug level set to %d\n", i); ctx->debug = i; - if (i) { - ctx->error_file = stderr; - ctx->debug_file = stdout; - } else { - ctx->error_file = NULL; - ctx->debug_file = NULL; - } - } - return 0; -} - - -static int do_pksign(int argc, char **argv) -{ - puts ("Not yet supported"); - return -1; -#if 0 - int i, ref, r; - u8 indata[128]; - size_t indatalen = sizeof indata; - u8 outdata[128]; - size_t outdatalen = sizeof outdata; - sc_security_env_t senv; - const u8 *oid; - int oidlen; - const char *s; - - if (argc < 2 || argc > 3) - goto usage; - if (sscanf (argv[0], "%d", &ref) != 1 || ref < 0 || ref > 255) { - printf("Invalid key reference.\n"); - goto usage; - } - - if (argv[1][0] == '"') { - for (s = argv[1]+1, i = 0; - i < sizeof indata && *s && *s != '"'; i++) - indata[i] = *s++; - indatalen = i; - } else if (sc_hex_to_bin(argv[1], indata, &indatalen)) { - printf("Invalid data value.\n"); - goto usage; - } - - - if (argc == 3) { - if (!strcasecmp(argv[2], "SHA1")) { - oid = oid_sha1; oidlen = sizeof oid_sha1; + if (i > 1) { + sc_ctx_log_to_file(ctx, "stderr"); } - else if (!strcasecmp (argv[2], "MD5")) { - oid = oid_md5; oidlen = sizeof oid_md5; - } - else if (!strcasecmp (argv[2], "RMD160")) { - oid = oid_rmd160; oidlen = sizeof oid_rmd160; - } - else { - goto usage; - } - } - else { - oid = ""; oidlen = 0; - } - - if (indatalen + oidlen > sizeof indata) { - printf("Data value to long.\n"); - goto usage; - } - - memmove(indata + oidlen, indata, indatalen); - memcpy(indata, oid, oidlen); - indatalen += oidlen; - - /* setup the security environment */ - /* FIXME The values won't work for other cards. They do work - for TCOS because there is no need for a security - environment there */ - memset(&senv, 0, sizeof senv); - senv.operation = SC_SEC_OPERATION_SIGN; - senv.algorithm = SC_ALGORITHM_RSA; - senv.key_ref_len = 1; - senv.key_ref[0] = ref; - senv.flags = (SC_SEC_ENV_KEY_REF_PRESENT | SC_SEC_ENV_ALG_PRESENT); - r = sc_set_security_env(card, &senv, 0); - if (r) { - printf("Failed to set the security environment: %s\n", - sc_strerror (r)); - return -1; - } - - /* Perform the actual sign. */ - r = sc_compute_signature(card, indata, indatalen, - outdata, outdatalen); - if (r<0) { - printf("Signing failed: %s\n", sc_strerror (r)); - return -1; } - util_hex_dump_asc(stdout, outdata, r, -1); - printf ("Done.\n"); return 0; -usage: - printf ("Usage: pksign [MD5|SHA1|RMD160]\n"); - return -1; -#endif } -static int do_pkdecrypt(int argc, char **argv) -{ - puts ("Not yet supported"); - return -1; -#if 0 - int i, ref, r; - u8 indata[128]; - size_t indatalen = sizeof indata; - u8 outdata[128]; - size_t outdatalen = sizeof outdata; - sc_security_env_t senv; - const char *s; - - if (argc != 2) - goto usage; - if (sscanf(argv[0], "%d", &ref) != 1 || ref < 0 || ref > 255) { - printf("Invalid key reference.\n"); - goto usage; - } - - if (argv[1][0] == '"') { - for (s=argv[1]+1, i = 0; - i < sizeof indata && *s && *s != '"'; i++) - indata[i] = *s++; - indatalen = i; - } else if (sc_hex_to_bin (argv[1], indata, &indatalen)) { - printf("Invalid data value.\n"); - goto usage; - } - - /* setup the security environment */ - memset (&senv, 0, sizeof senv); - senv.operation = SC_SEC_OPERATION_DECIPHER; - senv.algorithm = SC_ALGORITHM_RSA; - senv.key_ref_len = 1; - senv.key_ref[0] = ref; - senv.flags = (SC_SEC_ENV_KEY_REF_PRESENT | SC_SEC_ENV_ALG_PRESENT); - r = sc_set_security_env(card, &senv, 0); - if (r) { - printf("Failed to set the security environment: %s\n", - sc_strerror (r)); - return -1; - } - - /* perform the actual decryption */ - /* FIXME: It is pretty useless to to this test padding :-; */ - memmove(indata+(sizeof indata - indatalen), indata, indatalen); - memset(indata, 0, (sizeof indata - indatalen)); - indatalen = sizeof indata; - r = sc_decipher(card, indata, indatalen, outdata, outdatalen); - if (r<0) { - printf("Decryption failed: %s\n", sc_strerror (r)); - return -1; - } - util_hex_dump_asc (stdout, outdata, r, -1); - printf("Done.\n"); - return 0; -usage: - printf("Usage: pkdecrypt \n"); - return -1; -#endif -} - static int do_erase(int argc, char **argv) { @@ -1437,67 +1317,26 @@ { sc_apdu_t apdu; u8 buf[SC_MAX_APDU_BUFFER_SIZE]; - u8 sbuf[SC_MAX_APDU_BUFFER_SIZE]; u8 rbuf[SC_MAX_APDU_BUFFER_SIZE]; - u8 *p; - size_t len, len0, r; + size_t len, len0, r, ii; - if (argc == 0 || argc > 1) { + if (argc < 1) { puts("Usage: apdu [apdu:hex:codes:...]"); return -1; } - len = strlen(argv[0]); - len0 = len; - sc_hex_to_bin(argv[0], buf, &len); - if (len < 4) { - puts("APDU too short (must be at least 4 bytes)"); - return 1; + for (ii = 0, len = 0; ii < (unsigned) argc; ii++) { + len0 = strlen(argv[ii]); + sc_hex_to_bin(argv[ii], buf + len, &len0); + len += len0; } - memset(&apdu, 0, sizeof(apdu)); - p = buf; - apdu.cla = *p++; - apdu.ins = *p++; - apdu.p1 = *p++; - apdu.p2 = *p++; - len -= 4; - if (len > 1) { - apdu.lc = *p++; - len--; - memcpy(sbuf, p, apdu.lc); - apdu.data = sbuf; - apdu.datalen = apdu.lc; - if (len < apdu.lc) { - printf("APDU too short (need %lu bytes)\n", - (unsigned long) apdu.lc - len); - return 1; - } - len -= apdu.lc; - p += apdu.lc; - if (len) { - apdu.le = *p++; - if (apdu.le == 0) - apdu.le = 256; - len--; - apdu.cse = SC_APDU_CASE_4_SHORT; - } else { - apdu.cse = SC_APDU_CASE_3_SHORT; - } - if (len) { - printf("APDU too long (%lu bytes extra)\n", - (unsigned long) len); - return 1; - } - } else if (len == 1) { - apdu.le = *p++; - if (apdu.le == 0) - apdu.le = 256; - len--; - apdu.cse = SC_APDU_CASE_2_SHORT; - } else { - apdu.cse = SC_APDU_CASE_1; + r = sc_bytes2apdu(card->ctx, buf, len, &apdu); + if (r) { + fprintf(stderr, "Invalid APDU: %s\n", sc_strerror(r)); + return 2; } + apdu.resp = rbuf; apdu.resplen = sizeof(rbuf); @@ -1534,7 +1373,7 @@ /* select file */ if (argc) { - if (arg_to_path(argv[0], &path, 1) != 0) { + if (arg_to_path(argv[0], &path, 0) != 0) { puts("Invalid file path"); return -1; } @@ -1569,7 +1408,7 @@ goto err; } if ((size_t)r != len) { - printf("expecting %ld, got only %d bytes.\n", len, r); + printf("expecting %u, got only %d bytes.\n", len, r); goto err; } @@ -1583,11 +1422,7 @@ if (not_current) { if (file) sc_file_free(file); - r = sc_select_file(card, ¤t_path, NULL); - if (r) { - printf("unable to select parent file: %s\n", sc_strerror(r)); - die(1); - } + select_current_path_or_die(); } return -err; } @@ -1614,8 +1449,6 @@ { "do_get", do_get_data, "get a data object" }, { "do_put", do_put_data, "put a data object" }, { "mkdir", do_mkdir, "create a DF" }, - { "pksign", do_pksign, "create a public key signature" }, - { "pkdecrypt", do_pkdecrypt, "perform a public key decryption" }, { "erase", do_erase, "erase card" }, { "random", do_random, "obtain N random bytes from card" }, { "quit", do_quit, "quit this program" }, @@ -1634,7 +1467,7 @@ printf("Supported commands:\n"); for (cmd = cmds; cmd->name; cmd++) - printf(" %-10s %s\n", cmd->name, cmd->help); + printf(" %-16s %s\n", cmd->name, cmd->help); } static int parse_line(char *in, char **argv, int maxargc) @@ -1704,20 +1537,21 @@ int r, c, long_optind = 0, err = 0; char *line; int cargc; - char *cargv[20]; + char *cargv[260]; sc_context_param_t ctx_param; + int lcycle = SC_CARDCTRL_LIFECYCLE_ADMIN; printf("OpenSC Explorer version %s\n", sc_get_version()); while (1) { - c = getopt_long(argc, argv, "r:c:vw", options, &long_optind); + c = getopt_long(argc, argv, "r:c:vwm:", options, &long_optind); if (c == -1) break; if (c == '?') util_print_usage_and_die(app_name, options, option_help); switch (c) { case 'r': - opt_reader = atoi(optarg); + opt_reader = optarg; break; case 'c': opt_driver = optarg; @@ -1728,6 +1562,9 @@ case 'v': verbose++; break; + case 'm': + opt_startfile = optarg; + break; } } @@ -1740,8 +1577,11 @@ fprintf(stderr, "Failed to establish context: %s\n", sc_strerror(r)); return 1; } - if (verbose > 1) - ctx->debug = verbose-1; + + if (verbose > 1) { + ctx->debug = verbose; + ctx->debug_file = stderr; + } if (opt_driver != NULL) { err = sc_set_card_driver(ctx, opt_driver); @@ -1752,23 +1592,36 @@ } } - err = util_connect_card(ctx, &card, opt_reader, 0, opt_wait, 0); + err = util_connect_card(ctx, &card, opt_reader, opt_wait, 0); if (err) goto end; - sc_format_path("3F00", ¤t_path); - r = sc_select_file(card, ¤t_path, ¤t_file); - if (r) { - printf("unable to select MF: %s\n", sc_strerror(r)); - return 1; - } - { - int lcycle = SC_CARDCTRL_LIFECYCLE_ADMIN; - r = sc_card_ctl(card, SC_CARDCTL_LIFECYCLE_SET, &lcycle); - if (r && r != SC_ERROR_NOT_SUPPORTED) - printf("unable to change lifecycle: %s\n", - sc_strerror(r)); + if (opt_startfile) { + if(*opt_startfile) { + char startpath[1024]; + char *argv[] = { startpath }; + + strncpy(startpath, opt_startfile, sizeof(startpath)-1); + r = do_cd(1, argv); + if (r) { + printf("unable to select file %s: %s\n", + opt_startfile, sc_strerror(r)); + return -1; + } + } + } else { + sc_format_path("3F00", ¤t_path); + r = sc_select_file(card, ¤t_path, ¤t_file); + if (r) { + printf("unable to select MF: %s\n", sc_strerror(r)); + return 1; + } } + + r = sc_card_ctl(card, SC_CARDCTL_LIFECYCLE_SET, &lcycle); + if (r && r != SC_ERROR_NOT_SUPPORTED) + printf("unable to change lifecycle: %s\n", sc_strerror(r)); + while (1) { struct command *cmd; size_t i; diff -Nru opensc-0.11.13/src/tools/opensc-tool.c opensc-0.12.1/src/tools/opensc-tool.c --- opensc-0.11.13/src/tools/opensc-tool.c 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/tools/opensc-tool.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,9 +18,8 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #include #ifdef HAVE_UNISTD_H @@ -30,20 +29,28 @@ #include #include #include -#include -#include + +#include "libopensc/opensc.h" +#include "libopensc/cardctl.h" #include "util.h" +/* type for associations of IDs to names */ +typedef struct _id2str { + unsigned int id; + const char *str; +} id2str_t; + static const char *app_name = "opensc-tool"; -static int opt_reader = -1, - opt_wait = 0; +static int opt_wait = 0; static char ** opt_apdus; +static char *opt_reader; static int opt_apdu_count = 0; static int verbose = 0; enum { OPT_SERIAL = 0x100, + OPT_LIST_ALG }; static const struct option options[] = { @@ -55,11 +62,11 @@ { "set-conf-entry", 1, NULL, 'S' }, { "list-readers", 0, NULL, 'l' }, { "list-drivers", 0, NULL, 'D' }, - { "list-rdrivers", 0, NULL, 'R' }, { "list-files", 0, NULL, 'f' }, { "send-apdu", 1, NULL, 's' }, { "reader", 1, NULL, 'r' }, { "card-driver", 1, NULL, 'c' }, + { "list-algorithms", 0, NULL, OPT_LIST_ALG }, { "wait", 0, NULL, 'w' }, { "verbose", 0, NULL, 'v' }, { NULL, 0, NULL, 0 } @@ -72,13 +79,13 @@ "Identify the card and print its name", "Get configuration key, format: section:name:key", "Set configuration key, format: section:name:key:value", - "Lists all configured readers", + "Lists readers", "Lists all installed card drivers", - "Lists all installed reader drivers", "Recursively lists files stored on card", "Sends an APDU in format AA:BB:CC:DD:EE:FF...", "Uses reader number [0]", "Forces the use of driver [auto-detect]", + "Lists algorithms supported by card", "Wait for a card to be inserted", "Verbose operation. Use several times to enable debug output.", }; @@ -104,6 +111,15 @@ #endif __VERSION__ ); +#elif defined(__SUNPRO_C) + printf ( + "[Sun C %x.%x]\n", +#if __SUNPRO_C > 0x590 + (__SUNPRO_C >> 12), (__SUNPRO_C >> 4) & 0xFF +#else + (__SUNPRO_C >> 8), (__SUNPRO_C >> 4) & 0xF +#endif + ); #elif defined(_MSC_VER) printf ("[Microsoft %d]\n", _MSC_VER); #else @@ -212,7 +228,7 @@ scconf_list *list; if ((item->type != SCCONF_ITEM_TYPE_VALUE) - || (strcmp(item->key, key) != 0)) + || (strcmp(item->key, key) != 0)) continue; list = item->value.list; scconf_list_destroy(list); @@ -249,28 +265,31 @@ printf("No smart card readers found.\n"); return 0; } - printf("Readers known about:\n"); - printf("Nr. Driver Name\n"); + printf("# Detected readers (%s)\n", ctx->reader_driver->short_name); + printf("Nr. Card Features Name\n"); for (i = 0; i < rcount; i++) { - sc_reader_t *screader = sc_ctx_get_reader(ctx, i); - printf("%-7d%-11s%s\n", i, screader->driver->short_name, - screader->name); - } - return 0; -} + sc_reader_t *reader = sc_ctx_get_reader(ctx, i); + int state = sc_detect_card_presence(reader); + printf("%-5d%-6s%-10s%s\n", i, state & SC_READER_CARD_PRESENT ? "Yes":"No", + reader->capabilities & SC_READER_CAP_PIN_PAD ? "PIN pad":"", + reader->name); + if (state & SC_READER_CARD_PRESENT && verbose) { + struct sc_card *card; + int r; + char tmp[SC_MAX_ATR_SIZE*3]; + sc_bin_to_hex(reader->atr.value, reader->atr.len, tmp, sizeof(tmp) - 1, ':'); -static int list_reader_drivers(void) -{ - int i; - - if (ctx->reader_drivers[0] == NULL) { - printf("No reader drivers installed!\n"); - return 0; - } - printf("Configured reader drivers:\n"); - for (i = 0; ctx->reader_drivers[i] != NULL; i++) { - printf(" %-16s %s\n", ctx->reader_drivers[i]->short_name, - ctx->reader_drivers[i]->name); + if (state & SC_READER_CARD_EXCLUSIVE) + printf(" %s [EXCLUSIVE]\n", tmp); + else { + if ((r = sc_connect_card(reader, &card)) != SC_SUCCESS) { + fprintf(stderr, " failed: %s\n", sc_strerror(r)); + } else { + printf(" %s %s %s\n", tmp, card->name, state & SC_READER_CARD_INUSE ? "[IN USE]" : ""); + sc_disconnect_card(card); + } + } + } } return 0; } @@ -286,7 +305,7 @@ printf("Configured card drivers:\n"); for (i = 0; ctx->card_drivers[i] != NULL; i++) { printf(" %-16s %s\n", ctx->card_drivers[i]->short_name, - ctx->card_drivers[i]->name); + ctx->card_drivers[i]->name); } return 0; } @@ -296,14 +315,7 @@ { int r; const char *tmps; - const char *ac_ops_df[] = { - "select", "lock", "delete", "create", "rehab", "inval", - "list" - }; - const char *ac_ops_ef[] = { - "read", "update", "erase", "write", "rehab", "inval" - }; - + for (r = 0; r < depth; r++) printf(" "); printf("%s ", sc_print_path(path)); @@ -328,33 +340,67 @@ } printf("type: %-3s, ", tmps); if (file->type != SC_FILE_TYPE_DF) { - const char *structs[] = { - "unknown", "transpnt", "linrfix", "linrfix(TLV)", - "linvar", "linvar(TLV)", "lincyc", "lincyc(TLV)" + const id2str_t ef_type_name[] = { + { SC_FILE_EF_TRANSPARENT, "transpnt" }, + { SC_FILE_EF_LINEAR_FIXED, "linrfix" }, + { SC_FILE_EF_LINEAR_FIXED_TLV, "linrfix(TLV)" }, + { SC_FILE_EF_LINEAR_VARIABLE, "linvar" }, + { SC_FILE_EF_LINEAR_VARIABLE_TLV, "linvar(TLV)" }, + { SC_FILE_EF_CYCLIC, "lincyc" }, + { SC_FILE_EF_CYCLIC_TLV, "lincyc(TLV)" }, + { 0, NULL } }; - int ef_type = file->ef_structure; - if (ef_type < 0 || ef_type > 7) - ef_type = 0; /* invalid or unknow ef type */ - printf("ef structure: %s, ", structs[ef_type]); + const char *ef_type = "unknown"; + + for (r = 0; ef_type_name[r].str != NULL; r++) + if (file->ef_structure == ef_type_name[r].id) + ef_type = ef_type_name[r].str; + + printf("ef structure: %s, ", ef_type); } printf("size: %lu\n", (unsigned long) file->size); for (r = 0; r < depth; r++) printf(" "); - if (file->type == SC_FILE_TYPE_DF) - for (r = 0; r < (int) (sizeof(ac_ops_df)/sizeof(ac_ops_df[0])); r++) - printf("%s[%s] ", ac_ops_df[r], util_acl_to_str(sc_file_get_acl_entry(file, r))); - else - for (r = 0; r < (int) (sizeof(ac_ops_ef)/sizeof(ac_ops_ef[0])); r++) - printf("%s[%s] ", ac_ops_ef[r], util_acl_to_str(sc_file_get_acl_entry(file, r))); + if (file->type == SC_FILE_TYPE_DF) { + const id2str_t ac_ops_df[] = { + { SC_AC_OP_SELECT, "select" }, + { SC_AC_OP_LOCK, "lock" }, + { SC_AC_OP_DELETE, "delete" }, + { SC_AC_OP_CREATE, "create" }, + { SC_AC_OP_REHABILITATE, "rehab" }, + { SC_AC_OP_INVALIDATE, "inval" }, + { SC_AC_OP_LIST_FILES, "list" }, + { 0, NULL } + }; + + for (r = 0; ac_ops_df[r].str != NULL; r++) + printf("%s[%s] ", ac_ops_df[r].str, + util_acl_to_str(sc_file_get_acl_entry(file, ac_ops_df[r].id))); + } + else { + const id2str_t ac_ops_ef[] = { + { SC_AC_OP_READ, "read" }, + { SC_AC_OP_UPDATE, "update" }, + { SC_AC_OP_ERASE, "erase" }, + { SC_AC_OP_WRITE, "write" }, + { SC_AC_OP_REHABILITATE, "rehab" }, + { SC_AC_OP_INVALIDATE, "inval" }, + { 0, NULL } + }; + + for (r = 0; ac_ops_ef[r].str != NULL; r++) + printf("%s[%s] ", ac_ops_ef[r].str, + util_acl_to_str(sc_file_get_acl_entry(file, ac_ops_ef[r].id))); + } if (file->sec_attr_len) { printf("sec: "); /* Octets are as follows: - * DF: select, lock, delete, create, rehab, inval - * EF: read, update, write, erase, rehab, inval - * 4 MSB's of the octet mean: - * 0 = ALW, 1 = PIN1, 2 = PIN2, 4 = SYS, - * 15 = NEV */ + * DF: select, lock, delete, create, rehab, inval + * EF: read, update, write, erase, rehab, inval + * 4 MSB's of the octet mean: + * 0 = ALW, 1 = PIN1, 2 = PIN2, 4 = SYS, + * 15 = NEV */ util_hex_dump(stdout, file->sec_attr, file->sec_attr_len, ":"); } if (file->prop_attr_len) { @@ -372,7 +418,7 @@ if (file->ef_structure == SC_FILE_EF_TRANSPARENT) { unsigned char *buf; - if (!(buf = (unsigned char *) malloc(file->size))) { + if (!(buf = malloc(file->size))) { fprintf(stderr, "out of memory"); return 1; } @@ -423,6 +469,7 @@ for (i = 0; i < r/2; i++) { sc_path_t tmppath; + memset(&tmppath, 0, sizeof(tmppath)); memcpy(&tmppath, &path, sizeof(path)); memcpy(tmppath.value + tmppath.len, files + 2*i, 2); tmppath.len += 2; @@ -445,62 +492,24 @@ static int send_apdu(void) { sc_apdu_t apdu; - u8 buf[SC_MAX_APDU_BUFFER_SIZE], sbuf[SC_MAX_APDU_BUFFER_SIZE], - rbuf[SC_MAX_APDU_BUFFER_SIZE], *p; - size_t len, len0, r; + u8 buf[SC_MAX_APDU_BUFFER_SIZE], + rbuf[SC_MAX_APDU_BUFFER_SIZE]; + size_t len0, r; int c; for (c = 0; c < opt_apdu_count; c++) { len0 = sizeof(buf); sc_hex_to_bin(opt_apdus[c], buf, &len0); - if (len0 < 4) { - fprintf(stderr, "APDU too short (must be at least 4 bytes).\n"); + + r = sc_bytes2apdu(card->ctx, buf, len0, &apdu); + if (r) { + fprintf(stderr, "Invalid APDU: %s\n", sc_strerror(r)); return 2; } - len = len0; - p = buf; - memset(&apdu, 0, sizeof(apdu)); - apdu.cla = *p++; - apdu.ins = *p++; - apdu.p1 = *p++; - apdu.p2 = *p++; + apdu.resp = rbuf; apdu.resplen = sizeof(rbuf); - len -= 4; - if (len > 1) { - apdu.lc = *p++; - len--; - memcpy(sbuf, p, apdu.lc); - apdu.data = sbuf; - apdu.datalen = apdu.lc; - if (len < apdu.lc) { - fprintf(stderr, "APDU too short (need %lu bytes).\n", - (unsigned long) apdu.lc-len); - return 2; - } - len -= apdu.lc; - p += apdu.lc; - if (len) { - apdu.le = *p++; - if (apdu.le == 0) - apdu.le = 256; - len--; - apdu.cse = SC_APDU_CASE_4_SHORT; - } else - apdu.cse = SC_APDU_CASE_3_SHORT; - if (len) { - fprintf(stderr, "APDU too long (%lu bytes extra).\n", - (unsigned long) len); - return 2; - } - } else if (len == 1) { - apdu.le = *p++; - if (apdu.le == 0) - apdu.le = 256; - len--; - apdu.cse = SC_APDU_CASE_2_SHORT; - } else - apdu.cse = SC_APDU_CASE_1; + printf("Sending: "); for (r = 0; r < len0; r++) printf("%02X ", buf[r]); @@ -511,7 +520,7 @@ return 1; } printf("Received (SW1=0x%02X, SW2=0x%02X)%s\n", apdu.sw1, apdu.sw2, - apdu.resplen ? ":" : ""); + apdu.resplen ? ":" : ""); if (apdu.resplen) util_hex_dump_asc(stdout, apdu.resp, apdu.resplen, -1); } @@ -530,6 +539,106 @@ util_hex_dump_asc(stdout, serial.value, serial.len, -1); } +static int list_algorithms(void) +{ + int i; + const char *aname = "unknown"; + + const id2str_t alg_type_names[] = { + { SC_ALGORITHM_RSA, "rsa" }, + { SC_ALGORITHM_DSA, "dsa" }, + { SC_ALGORITHM_EC, "ec" }, + { SC_ALGORITHM_GOSTR3410, "gostr3410" }, + { SC_ALGORITHM_DES, "des" }, + { SC_ALGORITHM_3DES, "3des" }, + { SC_ALGORITHM_GOST, "gost" }, + { SC_ALGORITHM_MD5, "md5" }, + { SC_ALGORITHM_SHA1, "sha1" }, + { SC_ALGORITHM_GOSTR3411, "gostr3411" }, + { SC_ALGORITHM_PBKDF2, "pbkdf2" }, + { SC_ALGORITHM_PBES2, "pbes2" }, + { 0, NULL } + }; + const id2str_t alg_flag_names[] = { + { SC_ALGORITHM_ONBOARD_KEY_GEN, "onboard key generation" }, + { SC_ALGORITHM_NEED_USAGE, "needs usage" }, + { 0, NULL } + }; + const id2str_t rsa_flag_names[] = { + { SC_ALGORITHM_RSA_PAD_PKCS1, "pkcs1" }, + { SC_ALGORITHM_RSA_PAD_ANSI, "ansi" }, + { SC_ALGORITHM_RSA_PAD_ISO9796, "iso9796" }, + { SC_ALGORITHM_RSA_HASH_SHA1, "sha1" }, + { SC_ALGORITHM_RSA_HASH_MD5, "MD5" }, + { SC_ALGORITHM_RSA_HASH_MD5_SHA1, "md5-sha1" }, + { SC_ALGORITHM_RSA_HASH_RIPEMD160, "ripemd160" }, + { SC_ALGORITHM_RSA_HASH_SHA256, "sha256" }, + { SC_ALGORITHM_RSA_HASH_SHA384, "sha384" }, + { SC_ALGORITHM_RSA_HASH_SHA512, "sha512" }, + { SC_ALGORITHM_RSA_HASH_SHA224, "sha224" }, + { 0, NULL } + }; + + if (verbose) + printf("Card supports %d algorithm(s)\n\n",card->algorithm_count); + + for (i=0; i < card->algorithm_count; i++) { + int j; + + /* find algorithm name */ + for (j = 0; alg_type_names[j].str != NULL; j++) { + if (card->algorithms[i].algorithm == alg_type_names[j].id) { + aname = alg_type_names[j].str; + break; + } + } + + printf("Algorithm: %s\n", aname); + printf("Key length: %d\n", card->algorithms[i].key_length); + printf("Flags:"); + + /* print general flags */ + for (j = 0; alg_flag_names[j].str != NULL; j++) + if (card->algorithms[i].flags & alg_flag_names[j].id) + printf(" %s", alg_flag_names[j].str); + + /* print RSA spcific flags */ + if ( card->algorithms[i].algorithm == SC_ALGORITHM_RSA) { + int padding = card->algorithms[i].flags + & SC_ALGORITHM_RSA_PADS; + int hashes = card->algorithms[i].flags + & SC_ALGORITHM_RSA_HASHES; + + /* print RSA padding flags */ + printf(" padding ("); + for (j = 0; rsa_flag_names[j].str != NULL; j++) + if (padding & rsa_flag_names[j].id) + printf(" %s", rsa_flag_names[j].str); + if (padding == SC_ALGORITHM_RSA_PAD_NONE) + printf(" none"); + printf(" ) "); + /* print RSA hash flags */ + printf("hashes ("); + for (j = 0; rsa_flag_names[j].str != NULL; j++) + if (hashes & rsa_flag_names[j].id) + printf(" %s", rsa_flag_names[j].str); + if (hashes == SC_ALGORITHM_RSA_HASH_NONE) + printf(" none"); + printf(" )"); + } + printf("\n"); + if (card->algorithms[i].algorithm == SC_ALGORITHM_RSA + && card->algorithms[i].u._rsa.exponent) { + printf("RSA public exponent: %lu\n", (unsigned long) + card->algorithms[i].u._rsa.exponent); + } + + if (i < card->algorithm_count) + printf("\n"); + } + return 0; +} + int main(int argc, char * const argv[]) { int err = 0, r, c, long_optind = 0; @@ -538,12 +647,12 @@ int do_set_conf_entry = 0; int do_list_readers = 0; int do_list_drivers = 0; - int do_list_rdrivers = 0; int do_list_files = 0; int do_send_apdu = 0; int do_print_atr = 0; int do_print_serial = 0; int do_print_name = 0; + int do_list_algorithms = 0; int action_count = 0; const char *opt_driver = NULL; const char *opt_conf_entry = NULL; @@ -553,7 +662,7 @@ setbuf(stdout, NULL); while (1) { - c = getopt_long(argc, argv, "inlG:S:fr:vs:DRc:aw", options, &long_optind); + c = getopt_long(argc, argv, "inlG:S:fr:vs:Dc:aw", options, &long_optind); if (c == -1) break; if (c == '?') @@ -581,10 +690,6 @@ do_list_drivers = 1; action_count++; break; - case 'R': - do_list_rdrivers = 1; - action_count++; - break; case 'f': do_list_files = 1; action_count++; @@ -607,7 +712,7 @@ action_count++; break; case 'r': - opt_reader = atoi(optarg); + opt_reader = optarg; break; case 'v': verbose++; @@ -622,6 +727,10 @@ do_print_serial = 1; action_count++; break; + case OPT_LIST_ALG: + do_list_algorithms = 1; + action_count++; + break; } } if (action_count == 0) @@ -641,8 +750,12 @@ fprintf(stderr, "Failed to establish context: %s\n", sc_strerror(r)); return 1; } - if (verbose > 1) - ctx->debug = verbose-1; + + if (verbose > 1) { + ctx->debug = verbose; + sc_ctx_log_to_file(ctx, "stderr"); + } + if (do_get_conf_entry) { if ((err = opensc_get_conf_entry (opt_conf_entry))) goto end; @@ -653,11 +766,6 @@ goto end; action_count--; } - if (do_list_rdrivers) { - if ((err = list_reader_drivers())) - goto end; - action_count--; - } if (do_list_readers) { if ((err = list_readers())) goto end; @@ -680,17 +788,17 @@ } } - err = util_connect_card(ctx, &card, opt_reader, 0, opt_wait, verbose); + err = util_connect_card(ctx, &card, opt_reader, opt_wait, verbose); if (err) goto end; if (do_print_atr) { if (verbose) { printf("Card ATR:\n"); - util_hex_dump_asc(stdout, card->atr, card->atr_len, -1); + util_hex_dump_asc(stdout, card->atr.value, card->atr.len, -1); } else { char tmp[SC_MAX_ATR_SIZE*3]; - sc_bin_to_hex(card->atr, card->atr_len, tmp, sizeof(tmp) - 1, ':'); + sc_bin_to_hex(card->atr.value, card->atr.len, tmp, sizeof(tmp) - 1, ':'); fprintf(stdout,"%s\n",tmp); } action_count--; @@ -718,10 +826,16 @@ goto end; action_count--; } + + if (do_list_algorithms) { + if ((err = list_algorithms())) + goto end; + action_count--; + } end: if (card) { sc_unlock(card); - sc_disconnect_card(card, 0); + sc_disconnect_card(card); } if (ctx) sc_release_context(ctx); diff -Nru opensc-0.11.13/src/tools/piv-tool.c opensc-0.12.1/src/tools/piv-tool.c --- opensc-0.11.13/src/tools/piv-tool.c 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/tools/piv-tool.c 2011-05-17 17:07:00.000000000 +0000 @@ -2,7 +2,7 @@ * piv-tool.c: Tool for accessing smart cards with libopensc * * Copyright (C) 2001 Juha Yrjölä - * Copyright (C) 2005, Douglas E. Engert + * Copyright (C) 2005,2010 Douglas E. Engert * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -19,9 +19,8 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #include #ifdef HAVE_UNISTD_H @@ -31,21 +30,31 @@ #include #include #include -#include -#include -#include "util.h" + +/* Module only built if OPENSSL is enabled */ +#include #include +#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_EC) +#include +#endif +#include #include #include #include #include #include +#include + +#include "libopensc/opensc.h" +#include "libopensc/cardctl.h" +#include "libopensc/asn1.h" +#include "util.h" static const char *app_name = "piv-tool"; -static int opt_reader = -1, - opt_wait = 0; +static int opt_wait = 0; static char ** opt_apdus; +static char * opt_reader; static int opt_apdu_count = 0; static int verbose = 0; @@ -56,14 +65,13 @@ static const struct option options[] = { { "serial", 0, NULL, OPT_SERIAL }, { "name", 0, NULL, 'n' }, - { "admin", 0, NULL, 'A' }, - { "usepin", 0, NULL, 'P' }, /* some beta cards want user pin for put_data */ - { "genkey", 0, NULL, 'G' }, - { "cert", 0, NULL, 'C' }, - { "compresscert", 0, NULL, 'Z' }, - { "req", 0, NULL, 'R' }, - { "out", 0, NULL, 'o' }, - { "in", 0, NULL, 'o' }, + { "admin", 1, NULL, 'A' }, + { "genkey", 1, NULL, 'G' }, + { "object", 1, NULL, 'O' }, + { "cert", 1, NULL, 'C' }, + { "compresscert", 1, NULL, 'Z' }, + { "out", 1, NULL, 'o' }, + { "in", 1, NULL, 'i' }, { "send-apdu", 1, NULL, 's' }, { "reader", 1, NULL, 'r' }, { "card-driver", 1, NULL, 'c' }, @@ -76,12 +84,11 @@ "Prints the card serial number", "Identify the card and print its name", "authenticate using default 3des key", - "authenticate using user pin", "Generate key : 9A:06 on card, and output pubkey", + "Load an object containerID as defined in 800-73 without leading 0x", "Load a cert where is 9A,9B,9C or 9D", "Load a cert that has been gziped ", - "Generate a cert req", - "Output file for cert or key or req", + "Output file for cert or key", "Inout file for cert", "Sends an APDU in format AA:BB:CC:DD:EE:FF...", "Uses reader number [0]", @@ -93,7 +100,56 @@ static sc_context_t *ctx = NULL; static sc_card_t *card = NULL; static BIO * bp = NULL; -static RSA * newkey = NULL; +static EVP_PKEY * evpkey = NULL; + +static int load_object(const char * object_id, const char * object_file) +{ + FILE *fp; + sc_path_t path; + size_t derlen; + u8 *der = NULL; + u8 *body; + size_t bodylen; + int r; + struct stat stat_buf; + + if((fp=fopen(object_file, "r"))==NULL){ + printf("Cannot open object file, %s %s\n", + (object_file)?object_file:"", strerror(errno)); + return -1; + } + + stat(object_file, &stat_buf); + derlen = stat_buf.st_size; + der = malloc(derlen); + if (der == NULL) { + printf("file %s is too big, %lu\n", + object_file, (unsigned long)derlen); + return-1 ; + } + if (1 != fread(der, derlen, 1, fp)) { + printf("unable to read file %s\n",object_file); + return -1; + } + /* check if tag and length are valid */ + body = (u8 *)sc_asn1_find_tag(card->ctx, der, derlen, 0x53, &bodylen); + if (body == NULL || derlen != body - der + bodylen) { + fprintf(stderr, "object tag or length not valid\n"); + return -1; + } + + sc_format_path(object_id, &path); + + r = sc_select_file(card, &path, NULL); + if (r < 0) { + fprintf(stderr, "select file failed\n"); + return -1; + } + /* leave 8 bits for flags, and pass in total length */ + r = sc_write_binary(card, 0, der, derlen, derlen<<8); + + return r; +} static int load_cert(const char * cert_id, const char * cert_file, @@ -111,7 +167,7 @@ if((fp=fopen(cert_file, "r"))==NULL){ printf("Cannot open cert file, %s %s\n", - cert_file, strerror(errno)); + cert_file?cert_file:"", strerror(errno)); return -1; } if (compress) { /* file is gziped already */ @@ -138,7 +194,7 @@ } derlen = i2d_X509(cert, NULL); - der = (u8 *) malloc(derlen); + der = malloc(derlen); p = der; i2d_X509(cert, &p); } @@ -160,8 +216,9 @@ fprintf(stderr, "select file failed\n"); return -1; } - /* we pass compress as the flag to card-piv.c write_binary */ - r = sc_write_binary(card, 0, der, derlen, compress); + /* we pass length and 8 bits of flag to card-piv.c write_binary */ + /* pass in its a cert and if needs compress */ + r = sc_write_binary(card, 0, der, derlen, (derlen<<8) | (compress<<4) | 1); return r; @@ -185,32 +242,25 @@ return -1; } - r = sc_card_ctl(card, SC_CARDCTL_LIFECYCLE_SET, &opts); + r = sc_card_ctl(card, SC_CARDCTL_PIV_AUTHENTICATE, &opts); if (r) fprintf(stderr, " admin_mode failed %d\n", r); return r; } -#if 0 -/* generate a req using xxx as subject */ -static int req() -{ - fprintf(stderr, "Not Implemented yet\n"); - return -1; -} -#endif - /* generate a new key pair, and save public key in newkey */ static int gen_key(const char * key_info) { int r; u8 buf[2]; size_t buflen = 2; - struct sc_cardctl_cryptoflex_genkey_info - keydata = { 0x9a, 1024, 0, NULL, 0}; + sc_cardctl_piv_genkey_info_t + keydata = {0, 0, 0, 0, NULL, 0, NULL, 0, NULL, 0}; unsigned long expl; u8 expc[4]; - +#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_EC) + int nid = -1; +#endif sc_hex_to_bin(key_info, buf, &buflen); if (buflen != 2) { fprintf(stderr, ": invalid, example: 9A:06\n"); @@ -229,109 +279,117 @@ } switch (buf[1]) { - case 5: keydata.key_bits = 3072; break; - case 6: keydata.key_bits = 1024; break; - case 7: keydata.key_bits = 2048; break; + case 0x05: keydata.key_bits = 3072; break; + case 0x06: keydata.key_bits = 1024; break; + case 0x07: keydata.key_bits = 2048; break; +#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_EC) + case 0x11: keydata.key_bits = 0; + nid = NID_X9_62_prime256v1; /* We only support one curve per algid */ + break; + case 0x14: keydata.key_bits = 0; + nid = NID_secp384r1; + break; +#endif default: - fprintf(stderr, ": algid, 05, 06, 07 for 3072, 1024, 2048\n"); + fprintf(stderr, ": algid=RSA - 05, 06, 07 for 3072, 1024, 2048;EC - 11, 14 for 256, 384\n"); return 2; } - r = sc_card_ctl(card, SC_CARDCTL_CRYPTOFLEX_GENERATE_KEY, &keydata); + keydata.key_algid = buf[1]; + + + r = sc_card_ctl(card, SC_CARDCTL_PIV_GENERATE_KEY, &keydata); if (r) { fprintf(stderr, "gen_key failed %d\n", r); return r; } + + evpkey = EVP_PKEY_new(); + + if (keydata.key_bits > 0) { /* RSA key */ + RSA * newkey = NULL; - newkey = RSA_new(); - if (newkey == NULL) { - fprintf(stderr, "gen_key RSA_new failed %d\n",r); - return -1; - } - newkey->n = BN_bin2bn(keydata.pubkey, keydata.pubkey_len, newkey->n); - expl = keydata.exponent; - expc[3] = (u8) expl & 0xff; - expc[2] = (u8) (expl >>8) & 0xff; - expc[1] = (u8) (expl >>16) & 0xff; - expc[0] = (u8) (expl >>24) & 0xff; - newkey->e = BN_bin2bn(expc, 4, newkey->e); + newkey = RSA_new(); + if (newkey == NULL) { + fprintf(stderr, "gen_key RSA_new failed %d\n",r); + return -1; + } + newkey->n = BN_bin2bn(keydata.pubkey, keydata.pubkey_len, newkey->n); + expl = keydata.exponent; + expc[3] = (u8) expl & 0xff; + expc[2] = (u8) (expl >>8) & 0xff; + expc[1] = (u8) (expl >>16) & 0xff; + expc[0] = (u8) (expl >>24) & 0xff; + newkey->e = BN_bin2bn(expc, 4, newkey->e); - if (verbose) - RSA_print_fp(stdout, newkey,0); + if (verbose) + RSA_print_fp(stdout, newkey,0); - if (bp) - PEM_write_bio_RSAPublicKey(bp, newkey); + EVP_PKEY_assign_RSA(evpkey, newkey); - return r; + } else { /* EC key */ +#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_EC) + int i; + BIGNUM *x; + BIGNUM *y; + EC_KEY * eckey = NULL; + EC_GROUP * ecgroup = NULL; + EC_POINT * ecpoint = NULL; + + ecgroup = EC_GROUP_new_by_curve_name(nid); + EC_GROUP_set_asn1_flag(ecgroup, OPENSSL_EC_NAMED_CURVE); + ecpoint = EC_POINT_new(ecgroup); + + /* PIV returns 04||x||y and x and y are the same size */ + i = (keydata.ecpoint_len - 1)/2; + x = BN_bin2bn(keydata.ecpoint + 1, i, NULL); + y = BN_bin2bn(keydata.ecpoint + 1 + i, i, NULL) ; + r = EC_POINT_set_affine_coordinates_GFp(ecgroup, ecpoint, x, y, NULL); + eckey = EC_KEY_new(); + r = EC_KEY_set_group(eckey, ecgroup); + r = EC_KEY_set_public_key(eckey, ecpoint); + + if (verbose) + EC_KEY_print_fp(stdout, eckey, 0); + + EVP_PKEY_assign_EC_KEY(evpkey, eckey); +#else + fprintf(stderr, "This build of OpenSSL does not support EC keys\n"); + r = 1; +#endif /* OPENSSL_NO_EC */ + + } + if (bp) + r = i2d_PUBKEY_bio(bp, evpkey); + + if (evpkey) + EVP_PKEY_free(evpkey); + return r; } + static int send_apdu(void) { sc_apdu_t apdu; - u8 buf[SC_MAX_APDU_BUFFER_SIZE], sbuf[SC_MAX_APDU_BUFFER_SIZE], - rbuf[SC_MAX_APDU_BUFFER_SIZE], *p; - size_t len, len0, r; + u8 buf[SC_MAX_APDU_BUFFER_SIZE+3]; + u8 rbuf[8192]; + size_t len0, r; int c; for (c = 0; c < opt_apdu_count; c++) { len0 = sizeof(buf); sc_hex_to_bin(opt_apdus[c], buf, &len0); - if (len0 < 4) { - fprintf(stderr, "APDU too short (must be at least 4 bytes).\n"); + + r = sc_bytes2apdu(card->ctx, buf, len0, &apdu); + if (r) { + fprintf(stderr, "Invalid APDU: %s\n", sc_strerror(r)); return 2; } - len = len0; - p = buf; - memset(&apdu, 0, sizeof(apdu)); - apdu.cla = *p++; - apdu.ins = *p++; - apdu.p1 = *p++; - apdu.p2 = *p++; + apdu.resp = rbuf; apdu.resplen = sizeof(rbuf); - len -= 4; - if (len > 1) { - apdu.lc = *p++; - len--; - memcpy(sbuf, p, apdu.lc); - apdu.data = sbuf; - apdu.datalen = apdu.lc; - if (len < apdu.lc) { - fprintf(stderr, "APDU too short (need %lu bytes).\n", - (unsigned long) apdu.lc-len); - return 2; - } - len -= apdu.lc; - if (len) { - apdu.le = *p++; - if (apdu.le == 0) - apdu.le = 256; - len--; - apdu.cse = SC_APDU_CASE_4_SHORT; - } else - apdu.cse = SC_APDU_CASE_3_SHORT; - if (len) { - fprintf(stderr, "APDU too long (%lu bytes extra).\n", (unsigned long)len); - return 2; - } - } else if (len == 1) { - apdu.le = *p++; - if (apdu.le == 0) - apdu.le = 256; - len--; - apdu.cse = SC_APDU_CASE_2_SHORT; - } else - apdu.cse = SC_APDU_CASE_1; - printf("Sending: "); - for (r = 0; r < len0; r++) - printf("%02X ", buf[r]); - printf("\n"); - r = sc_transmit_apdu(card, &apdu); - if (r) { - fprintf(stderr, "APDU transmit failed: %s\n", sc_strerror(r)); - return 1; - } + printf("Received (SW1=0x%02X, SW2=0x%02X)%s\n", apdu.sw1, apdu.sw2, apdu.resplen ? ":" : ""); if (apdu.resplen) @@ -359,8 +417,8 @@ int do_admin_mode = 0; int do_gen_key = 0; int do_load_cert = 0; + int do_load_object = 0; int compress_cert = 0; - int do_req = 0; int do_print_serial = 0; int do_print_name = 0; int action_count = 0; @@ -368,14 +426,16 @@ const char *out_file = NULL; const char *in_file = NULL; const char *cert_id = NULL; + const char *object_id = NULL; const char *key_info = NULL; const char *admin_info = NULL; - + sc_context_param_t ctx_param; + setbuf(stderr, NULL); setbuf(stdout, NULL); while (1) { - c = getopt_long(argc, argv, "nA:G:Z:C:Ri:o:fvs:c:w", options, &long_optind); + c = getopt_long(argc, argv, "nA:G:O:Z:C:i:o:fvs:c:w", options, &long_optind); if (c == -1) break; if (c == '?') @@ -408,6 +468,11 @@ key_info = optarg; action_count++; break; + case 'O': + do_load_object = 1; + object_id = optarg; + action_count++; + break; case 'Z': compress_cert = 1; case 'C': @@ -415,10 +480,6 @@ cert_id = optarg; action_count++; break; - case 'R': - do_req = 1; - action_count++; - break; case 'i': in_file = optarg; break; @@ -426,7 +487,7 @@ out_file = optarg; break; case 'r': - opt_reader = atoi(optarg); + opt_reader = optarg; break; case 'v': verbose++; @@ -455,13 +516,20 @@ BIO_set_fp(bp,stdout,BIO_NOCLOSE); } - r = sc_establish_context(&ctx, app_name); - if (r) { + memset(&ctx_param, 0, sizeof(sc_context_param_t)); + ctx_param.app_name = app_name; + + r = sc_context_create(&ctx, &ctx_param); + if (r != SC_SUCCESS) { fprintf(stderr, "Failed to establish context: %s\n", sc_strerror(r)); return 1; } - if (verbose > 1) - ctx->debug = verbose-1; + + /* Only change if not in opensc.conf */ + if (verbose > 1 && ctx->debug == 0) { + ctx->debug = verbose; + sc_ctx_log_to_file(ctx, "stderr"); + } if (action_count <= 0) goto end; @@ -475,7 +543,7 @@ } } - err = util_connect_card(ctx, &card, opt_reader, 0, opt_wait, verbose); + err = util_connect_card(ctx, &card, opt_reader, opt_wait, verbose); if (err) goto end; @@ -494,6 +562,11 @@ goto end; action_count--; } + if (do_load_object) { + if ((err = load_object(object_id, in_file))) + goto end; + action_count--; + } if (do_load_cert) { if ((err = load_cert(cert_id, in_file, compress_cert))) goto end; @@ -511,15 +584,16 @@ printf("%s\n", card->name); action_count--; } - end: if (bp) BIO_free(bp); if (card) { sc_unlock(card); - sc_disconnect_card(card, 0); + sc_disconnect_card(card); } if (ctx) sc_release_context(ctx); + + ERR_print_errors_fp(stderr); return err; } diff -Nru opensc-0.11.13/src/tools/pkcs11-tool.c opensc-0.12.1/src/tools/pkcs11-tool.c --- opensc-0.11.13/src/tools/pkcs11-tool.c 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/tools/pkcs11-tool.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,35 +18,47 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif - -#include -#include -#include -#include "util.h" +#include "config.h" #ifdef ENABLE_OPENSSL -#include "openssl/evp.h" -#include "openssl/x509.h" -#include "openssl/rsa.h" -#include "openssl/bn.h" -#include "openssl/err.h" +#include +#include +#include +#include +#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDSA) +#include +#include +#endif +#include +#include #endif +#include "pkcs11/pkcs11.h" +#include "pkcs11/pkcs11-opensc.h" +#include "util.h" + extern void *C_LoadModule(const char *name, CK_FUNCTION_LIST_PTR_PTR); extern CK_RV C_UnloadModule(void *module); #define NEED_SESSION_RO 0x01 #define NEED_SESSION_RW 0x02 -#define NO_SLOT ((CK_SLOT_ID) -1) -#define NO_MECHANISM ((CK_MECHANISM_TYPE) -1) + +static struct ec_curve_info { + const char *name; + const char *oid; + const char *oid_encoded; + size_t size; +} ec_curve_infos[] = { + {"prime256v1", "1.2.840.10045.3.1.7", "06082A8648CE3D030107", 256}, + {"secp384r1", "1.3.132.0.34", "06052B81040022", 384}, + {NULL, NULL, NULL, 0}, +}; enum { OPT_MODULE = 0x100, OPT_SLOT, OPT_SLOT_LABEL, + OPT_SLOT_INDEX, OPT_APPLICATION_LABEL, OPT_APPLICATION_ID, OPT_SO_PIN, @@ -54,10 +66,17 @@ OPT_INIT_PIN, OPT_ATTR_FROM, OPT_KEY_TYPE, - OPT_PRIVATE + OPT_PRIVATE, + OPT_TEST_HOTPLUG, + OPT_UNLOCK_PIN, + OPT_PUK, + OPT_NEW_PIN, + OPT_LOGIN_TYPE, + OPT_TEST_EC }; static const struct option options[] = { + { "module", 1, NULL, OPT_MODULE }, { "show-info", 0, NULL, 'I' }, { "list-slots", 0, NULL, 'L' }, { "list-token-slots", 0, NULL, 'T' }, @@ -69,11 +88,15 @@ { "mechanism", 1, NULL, 'm' }, { "login", 0, NULL, 'l' }, + { "login-type", 1, NULL, OPT_LOGIN_TYPE }, { "pin", 1, NULL, 'p' }, + { "puk", 1, NULL, OPT_PUK }, + { "new-pin", 1, NULL, OPT_NEW_PIN }, { "so-pin", 1, NULL, OPT_SO_PIN }, { "init-token", 0, NULL, OPT_INIT_TOKEN }, { "init-pin", 0, NULL, OPT_INIT_PIN }, { "change-pin", 0, NULL, 'c' }, + { "unlock-pin", 0, NULL, OPT_UNLOCK_PIN }, { "keypairgen", 0, NULL, 'k' }, { "key-type", 1, NULL, OPT_KEY_TYPE }, { "write-object", 1, NULL, 'w' }, @@ -86,20 +109,23 @@ { "label", 1, NULL, 'a' }, { "slot", 1, NULL, OPT_SLOT }, { "slot-label", 1, NULL, OPT_SLOT_LABEL }, + { "slot-index", 1, NULL, OPT_SLOT_INDEX }, { "set-id", 1, NULL, 'e' }, { "attr-from", 1, NULL, OPT_ATTR_FROM }, { "input-file", 1, NULL, 'i' }, { "output-file", 1, NULL, 'o' }, - { "module", 1, NULL, OPT_MODULE }, { "test", 0, NULL, 't' }, + { "test-hotplug", 0, NULL, OPT_TEST_HOTPLUG }, { "moz-cert", 1, NULL, 'z' }, { "verbose", 0, NULL, 'v' }, { "private", 0, NULL, OPT_PRIVATE }, + { "test-ec", 0, NULL, OPT_TEST_EC }, { NULL, 0, NULL, 0 } }; static const char *option_help[] = { + "Specify the module to load (mandatory)", "Show global token information", "List available slots", "List slots with tokens", @@ -110,34 +136,40 @@ "Hash some data", "Specify mechanism (use -M for a list of supported mechanisms)", - "Log into the token first (not needed when using --pin)", + "Log into the token first", + "Specify login type ('so', 'user', 'context-specific'; default:'user')", "Supply User PIN on the command line (if used in scripts: careful!)", + "Supply User PUK on the command line", + "Supply new User PIN on the command line", "Supply SO PIN on the command line (if used in scripts: careful!)", "Initialize the token, its label and its SO PIN (use with --label and --so-pin)", - "Initialize the User PIN (use with --pin)", - "Change your User PIN", + "Initialize the User PIN (use with --pin and --login)", + "Change User PIN", + "Unlock User PIN (without '--login' unlock in logged in session; otherwise '--login-type' has to be 'context-specific')", "Key pair generation", - "Specify the type and length of the key to create, for example rsa:1024", + "Specify the type and length of the key to create, for example rsa:1024 or EC:prime256v1", "Write an object (key, cert, data) to the card", "Get object's CKA_VALUE attribute (use with --type)", "Delete an object", "Specify the application label of the data object (use with --type data)", - "Specify the application id of the data object (use with --type data)", + "Specify the application ID of the data object (use with --type data)", "Specify the type of object (e.g. cert, privkey, pubkey, data)", - "Specify the id of the object", + "Specify the ID of the object", "Specify the label of the object", - "Specify number of the slot to use", - "Specify label of the slot to use", + "Specify the ID of the slot to use", + "Specify the token label of the slot to use", + "Specify the index of the slot to use", "Set the CKA_ID of an object, = the (new) CKA_ID", "Use to create some attributes when writing an object", "Specify the input file", "Specify the output file", - "Specify the module to load", "Test (best used with the --login or --pin option)", + "Test hotplug capabilities (C_GetSlotList + C_WaitForSlotEvent)", "Test Mozilla-like keypair gen and cert req, =certfile", - "Verbose operation. Use several times to enable debug output.", - "Set the CKA_PRIVATE attribute (object is only viewable after a login)" + "Verbose operation. (Set OPENSC_DEBUG to enable OpenSC specific debugging)", + "Set the CKA_PRIVATE attribute (object is only viewable after a login)", + "Test EC (best used with the --login or --pin option)" }; static const char * app_name = "pkcs11-tool"; /* for utils.c */ @@ -146,9 +178,13 @@ static const char * opt_input = NULL; static const char * opt_output = NULL; static const char * opt_module = NULL; -static CK_SLOT_ID opt_slot = NO_SLOT; +static int opt_slot_set = 0; +static CK_SLOT_ID opt_slot = 0; static const char * opt_slot_label = NULL; -static CK_MECHANISM_TYPE opt_mechanism = NO_MECHANISM; +static CK_ULONG opt_slot_index = 0; +static int opt_slot_index_set = 0; +static CK_MECHANISM_TYPE opt_mechanism = 0; +static int opt_mechanism_used = 0; static const char * opt_file_to_write = NULL; static const char * opt_object_class_str = NULL; static CK_OBJECT_CLASS opt_object_class = -1; @@ -158,10 +194,14 @@ static char * opt_object_label = NULL; static char * opt_pin = NULL; static char * opt_so_pin = NULL; +static char * opt_puk = NULL; +static char * opt_new_pin = NULL; static char * opt_application_label = NULL; static char * opt_application_id = NULL; static char * opt_key_type = NULL; static int opt_is_private = 0; +static int opt_test_hotplug = 0; +static int opt_login_type = -1; static void *module = NULL; static CK_FUNCTION_LIST_PTR p11 = NULL; @@ -205,16 +245,17 @@ }; static void show_cryptoki_info(void); -static void list_slots(void); +static void list_slots(int, int, int); static void show_token(CK_SLOT_ID); static void list_mechs(CK_SLOT_ID); -static void list_objects(CK_SESSION_HANDLE); +static void list_objects(CK_SESSION_HANDLE, CK_OBJECT_CLASS); static int login(CK_SESSION_HANDLE, int); static void init_token(CK_SLOT_ID); static void init_pin(CK_SLOT_ID, CK_SESSION_HANDLE); static int change_pin(CK_SLOT_ID, CK_SESSION_HANDLE); +static int unlock_pin(CK_SLOT_ID slot, CK_SESSION_HANDLE sess, int login_type); static void show_object(CK_SESSION_HANDLE, CK_OBJECT_HANDLE); -static void show_key(CK_SESSION_HANDLE, CK_OBJECT_HANDLE, int); +static void show_key(CK_SESSION_HANDLE, CK_OBJECT_HANDLE); static void show_cert(CK_SESSION_HANDLE, CK_OBJECT_HANDLE); static void show_dobj(CK_SESSION_HANDLE sess, CK_OBJECT_HANDLE obj); static void sign_data(CK_SLOT_ID, @@ -229,9 +270,8 @@ static int find_object(CK_SESSION_HANDLE, CK_OBJECT_CLASS, CK_OBJECT_HANDLE_PTR, const unsigned char *, size_t id_len, int obj_index); -static CK_MECHANISM_TYPE find_mechanism(CK_SLOT_ID, CK_FLAGS, - int stop_if_not_found); -static CK_SLOT_ID find_slot_by_label(const char *); +static int find_mechanism(CK_SLOT_ID, CK_FLAGS, int, CK_MECHANISM_TYPE_PTR); +static int find_slot_by_label(const char *, CK_SLOT_ID_PTR); static void get_token_info(CK_SLOT_ID, CK_TOKEN_INFO_PTR); static CK_ULONG get_mechanisms(CK_SLOT_ID, CK_MECHANISM_TYPE_PTR *, CK_FLAGS); @@ -246,8 +286,10 @@ static void p11_perror(const char *, CK_RV); static const char * CKR2Str(CK_ULONG res); static int p11_test(CK_SLOT_ID slot, CK_SESSION_HANDLE session); +static int test_card_detection(int); static int hex_to_bin(const char *in, CK_BYTE *out, size_t *outlen); static void test_kpgen_certwrite(CK_SLOT_ID slot, CK_SESSION_HANDLE session); +static void test_ec(CK_SLOT_ID slot, CK_SESSION_HANDLE session); static CK_RV find_object_with_attributes( CK_SESSION_HANDLE session, CK_OBJECT_HANDLE *out, CK_ATTRIBUTE *attrs, CK_ULONG attrsLen, @@ -278,12 +320,13 @@ int do_set_id = 0; int do_test = 0; int do_test_kpgen_certwrite = 0; + int do_test_ec = 0; int need_session = 0; - int need_to_be_so = 0; int opt_login = 0; int do_init_token = 0; int do_init_pin = 0; int do_change_pin = 0; + int do_unlock_pin = 0; int action_count = 0; CK_RV rv; @@ -387,19 +430,23 @@ opt_login = 1; break; case 'm': + opt_mechanism_used = 1; opt_mechanism = p11_name_to_mechanism(optarg); break; case 'o': opt_output = optarg; break; case 'p': - need_session |= NEED_SESSION_RW; - opt_login = 1; opt_pin = optarg; break; case 'c': do_change_pin = 1; - need_session |= CKF_SERIAL_SESSION; /* no need for a R/W session */ + need_session |= NEED_SESSION_RW; + action_count++; + break; + case OPT_UNLOCK_PIN: + do_unlock_pin = 1; + need_session |= NEED_SESSION_RW; action_count++; break; case 's': @@ -420,11 +467,26 @@ verbose++; break; case OPT_SLOT: - opt_slot = (CK_SLOT_ID) atoi(optarg); + opt_slot = (CK_SLOT_ID) strtoul(optarg, NULL, 0); + opt_slot_set = 1; + if (verbose) + fprintf(stderr, "Using slot with ID 0x%lx\n", opt_slot); break; case OPT_SLOT_LABEL: + if (opt_slot_set) { + fprintf(stderr, "Error: Only one of --slot, --slot-label or --slot-index can be used\n"); + util_print_usage_and_die(app_name, options, option_help); + } opt_slot_label = optarg; break; + case OPT_SLOT_INDEX: + if (opt_slot_set || opt_slot_label) { + fprintf(stderr, "Error: Only one of --slot, --slot-label or --slot-index can be used\n"); + util_print_usage_and_die(app_name, options, option_help); + } + opt_slot_index = (CK_ULONG) strtoul(optarg, NULL, 0); + opt_slot_index_set = 1; + break; case OPT_MODULE: opt_module = optarg; break; @@ -434,6 +496,24 @@ case OPT_APPLICATION_ID: opt_application_id = optarg; break; + case OPT_NEW_PIN: + opt_new_pin = optarg; + break; + case OPT_PUK: + opt_puk = optarg; + break; + case OPT_LOGIN_TYPE: + if (!strcmp(optarg, "so")) + opt_login_type = CKU_SO; + else if (!strcmp(optarg, "user")) + opt_login_type = CKU_USER; + else if (!strcmp(optarg, "context-specific")) + opt_login_type = CKU_CONTEXT_SPECIFIC; + else { + printf("Unsupported login type \"%s\"\n", optarg); + util_print_usage_and_die(app_name, options, option_help); + } + break; case OPT_SO_PIN: opt_so_pin = optarg; break; @@ -443,7 +523,6 @@ break ; case OPT_INIT_PIN: need_session |= NEED_SESSION_RW; - need_to_be_so |= 1; do_init_pin = 1; action_count++; break ; @@ -453,16 +532,24 @@ case OPT_PRIVATE: opt_is_private = 1; break; + case OPT_TEST_HOTPLUG: + opt_test_hotplug = 1; + action_count++; + break; + case OPT_TEST_EC: + do_test_ec = 1; + action_count++; + break; default: util_print_usage_and_die(app_name, options, option_help); } } - if (action_count == 0) + + if (opt_module == NULL) util_print_usage_and_die(app_name, options, option_help); -#ifdef ENABLE_OPENSSL - /* ERR_load_crypto_strings(); */ -#endif + if (action_count == 0) + util_print_usage_and_die(app_name, options, option_help); module = C_LoadModule(opt_module, &p11); if (module == NULL) @@ -475,22 +562,12 @@ if (do_show_info) show_cryptoki_info(); - /* Get the list of slots */ - rv = p11->C_GetSlotList(list_token_slots, p11_slots, &p11_num_slots); - if (rv != CKR_OK && rv != CKR_BUFFER_TOO_SMALL) - p11_fatal("C_GetSlotList", rv); - p11_slots = (CK_SLOT_ID *) calloc(p11_num_slots, sizeof(CK_SLOT_ID)); - if (p11_slots == NULL) { - perror("calloc failed"); - err = 1; - goto end; - } - rv = p11->C_GetSlotList(list_token_slots, p11_slots, &p11_num_slots); - if (rv != CKR_OK) - p11_fatal("C_GetSlotList", rv); + list_slots(list_token_slots, 1, do_list_slots); - if (do_list_slots) - list_slots(); + if (opt_test_hotplug) { + test_card_detection(0); + test_card_detection(1); + } if (p11_num_slots == 0) { fprintf(stderr, "No slots.\n"); @@ -498,30 +575,49 @@ goto end; } - if (opt_slot_label) { - CK_SLOT_ID slot; - - slot = find_slot_by_label(opt_slot_label); - if (slot == NO_SLOT) { - fprintf(stderr, - "No slot named \"%s\"\n", opt_slot_label); - err = 1; - goto end; - } - if (opt_slot != NO_SLOT && opt_slot != slot) { - fprintf(stderr, - "Conflicting slots specified\n"); - err = 1; - goto end; + if (!opt_slot_set && (action_count > do_list_slots)) { + if (opt_slot_label) { + if (!find_slot_by_label(opt_slot_label, &opt_slot)) { + fprintf(stderr, "No slot with a token named \"%s\" found\n", opt_slot_label); + err = 1; + goto end; + } + if (verbose) + fprintf(stderr, "Using slot with label \"%s\" (0x%lx)\n", opt_slot_label, opt_slot); + } else if (opt_slot_index_set) { + if (opt_slot_index < p11_num_slots) { + opt_slot = p11_slots[opt_slot_index]; + fprintf(stderr, "Using slot with index %lu (0x%lx)\n", opt_slot_index, opt_slot); + } else { + fprintf(stderr, "Slot with index %lu (counting from 0) is not available.\n", opt_slot_index); + fprintf(stderr, "You must specify a valid slot with either --slot, --slot-index or --slot-label.\n"); + err = 1; + goto end; + } + } else { + /* use first slot with token present (or default slot on error) */ + unsigned int i, found = 0; + for (i = 0; i < p11_num_slots; i++) { + CK_SLOT_INFO info; + rv = p11->C_GetSlotInfo(p11_slots[i], &info); + if (rv != CKR_OK) + p11_fatal("C_GetSlotInfo", rv); + if (info.flags & CKF_TOKEN_PRESENT) { + opt_slot = p11_slots[i]; + fprintf(stderr, "Using slot %u with a present token (0x%lx)\n", i, opt_slot); + found = 1; + break; + } + } + if (!found) { + fprintf(stderr, "No slot with a token was found.\n"); + err = 1; + goto end; + } + } - opt_slot = slot; } - if (opt_slot == NO_SLOT) - opt_slot = p11_slots[0]; - - /* XXX: add wait for slot event */ - if (do_list_mechs) list_mechs(opt_slot); @@ -549,15 +645,30 @@ p11_fatal("C_OpenSession", rv); } + if (opt_login) { + int r; + + if (opt_login_type == -1) + opt_login_type = do_init_pin ? CKU_SO : CKU_USER; + + r = login(session, opt_login_type); + if (r != 0) + return r; + } + if (do_change_pin) /* To be sure we won't mix things up with the -l or -p options, * we safely stop here. */ return change_pin(opt_slot, session); - if (opt_login || opt_pin || do_init_pin) { - int r = login(session, need_to_be_so); - if (r != 0) - return r; + if (do_unlock_pin) { + if (opt_login_type != -1 + && opt_login_type != CKU_CONTEXT_SPECIFIC) { + printf("Invalid login type for 'Unlock User PIN' operation\n"); + util_print_usage_and_die(app_name, options, option_help); + } + + return unlock_pin(opt_slot, session, opt_login_type); } if (do_init_pin) { @@ -568,12 +679,14 @@ } if (do_sign) { - if (!find_object(session, CKO_PRIVATE_KEY, &object, NULL, 0, 0)) + if (!find_object(session, CKO_PRIVATE_KEY, &object, + opt_object_id_len ? opt_object_id : NULL, + opt_object_id_len, 0)) util_fatal("Private key not found"); } if (do_list_objects) - list_objects(session); + list_objects(session, opt_object_class); if (do_sign) sign_data(opt_slot, session, object); @@ -595,7 +708,7 @@ if (do_read_object) { if (opt_object_class_str == NULL) util_fatal("You should specify type of the object to read"); - if (opt_object_id_len == 0 && opt_object_label == NULL && + if (opt_object_id_len == 0 && opt_object_label == NULL && opt_application_label == NULL && opt_application_id == NULL) util_fatal("You should specify at least one of the " "object ID, object label, application label or application ID\n"); @@ -605,7 +718,7 @@ if (do_delete_object) { if (opt_object_class_str == NULL) util_fatal("You should specify type of the object to delete"); - if (opt_object_id_len == 0 && opt_object_label == NULL && + if (opt_object_id_len == 0 && opt_object_label == NULL && opt_application_label == NULL && opt_application_id == NULL) util_fatal("You should specify at least one of the " "object ID, object label, application label or application ID\n"); @@ -626,6 +739,9 @@ if (do_test_kpgen_certwrite) test_kpgen_certwrite(opt_slot, session); + if (do_test_ec) + test_ec(opt_slot, session); + end: if (session) p11->C_CloseSession(session); @@ -659,29 +775,46 @@ info.libraryVersion.minor); } -static void list_slots(void) +static void list_slots(int tokens, int refresh, int print) { - CK_SLOT_INFO info; - CK_ULONG n; - CK_RV rv; + CK_SLOT_INFO info; + CK_ULONG n; + CK_RV rv; - if (!p11_num_slots) + /* Get the list of slots */ + if (refresh) { + rv = p11->C_GetSlotList(tokens, NULL, &p11_num_slots); + if (rv != CKR_OK) + p11_fatal("C_GetSlotList(NULL)", rv); + p11_slots = calloc(p11_num_slots, sizeof(CK_SLOT_ID)); + if (p11_slots == NULL) { + perror("calloc failed"); + return; + } + + rv = p11->C_GetSlotList(tokens, p11_slots, &p11_num_slots); + if (rv != CKR_OK) + p11_fatal("C_GetSlotList()", rv); + } + + if (!print) return; printf("Available slots:\n"); for (n = 0; n < p11_num_slots; n++) { - printf("Slot %-2u ", (unsigned int) p11_slots[n]); + printf("Slot %lu (0x%lx): ", n, p11_slots[n]); rv = p11->C_GetSlotInfo(p11_slots[n], &info); if (rv != CKR_OK) { - printf("(GetSlotInfo failed, error %u)\n", (unsigned int) rv); + printf("(GetSlotInfo failed, %s)\n", CKR2Str(rv)); continue; } + printf("%s\n", p11_utf8_to_local(info.slotDescription, + sizeof(info.slotDescription))); if ((!verbose) && !(info.flags & CKF_TOKEN_PRESENT)) { - printf("(empty)\n"); + printf(" (empty)\n"); continue; } - printf("%s\n", p11_utf8_to_local(info.slotDescription, - sizeof(info.slotDescription))); + if (verbose) { printf(" manufacturer: %s\n", p11_utf8_to_local(info.manufacturerID, sizeof(info.manufacturerID))); @@ -701,9 +834,13 @@ static void show_token(CK_SLOT_ID slot) { CK_TOKEN_INFO info; - - get_token_info(slot, &info); - + CK_RV rv; + + rv = p11->C_GetTokenInfo(slot, &info); + if (rv == CKR_TOKEN_NOT_RECOGNIZED) { + printf(" (token not recognized)\n"); + return; + } if (!(info.flags & CKF_TOKEN_INITIALIZED) && (!verbose)) { printf(" token state: uninitialized\n"); return; @@ -739,23 +876,67 @@ printf(" %s", p11_mechanism_to_name(mechs[n])); rv = p11->C_GetMechanismInfo(slot, mechs[n], &info); if (rv == CKR_OK) { - if (info.flags & CKF_DIGEST) + if (info.ulMinKeySize || info.ulMaxKeySize) { + printf(", keySize={"); + if (info.ulMinKeySize) + printf("%li", info.ulMinKeySize); + printf(","); + if (info.ulMaxKeySize) + printf("%li", info.ulMaxKeySize); + printf("}"); + } + if (info.flags & CKF_HW) { + printf(", hw"); + info.flags &= ~CKF_HW; + } + if (info.flags & CKF_ENCRYPT) { + printf(", encrypt"); + info.flags &= ~CKF_ENCRYPT; + } + if (info.flags & CKF_DECRYPT) { + printf(", decrypt"); + info.flags &= ~CKF_DECRYPT; + } + if (info.flags & CKF_DIGEST) { printf(", digest"); - if (info.flags & CKF_SIGN) + info.flags &= ~CKF_DIGEST; + } + if (info.flags & CKF_SIGN) { printf(", sign"); - if (info.flags & CKF_VERIFY) + info.flags &= ~CKF_SIGN; + } + if (info.flags & CKF_SIGN_RECOVER) { + printf(", sign_recover"); + info.flags &= ~CKF_SIGN_RECOVER; + } + if (info.flags & CKF_VERIFY) { printf(", verify"); - if (info.flags & CKF_WRAP) + info.flags &= ~CKF_VERIFY; + } + if (info.flags & CKF_VERIFY_RECOVER) { + printf(", verify_recover"); + info.flags &= ~CKF_VERIFY_RECOVER; + } + if (info.flags & CKF_GENERATE) { + printf(", generate"); + info.flags &= ~CKF_GENERATE; + } + if (info.flags & CKF_GENERATE_KEY_PAIR) { + printf(", generate_key_pair"); + info.flags &= ~CKF_GENERATE_KEY_PAIR; + } + if (info.flags & CKF_WRAP) { printf(", wrap"); - if (info.flags & CKF_UNWRAP) + info.flags &= ~CKF_WRAP; + } + if (info.flags & CKF_UNWRAP) { printf(", unwrap"); - if (info.flags & CKF_ENCRYPT) - printf(", encrypt"); - if (info.flags & CKF_DECRYPT) - printf(", decrypt"); - if (info.flags & CKF_GENERATE_KEY_PAIR) - printf(", keypairgen"); - info.flags &= ~(CKF_DIGEST|CKF_SIGN|CKF_VERIFY|CKF_HW|CKF_UNWRAP|CKF_ENCRYPT|CKF_DECRYPT|CKF_GENERATE_KEY_PAIR); + info.flags &= ~CKF_UNWRAP; + } + if (info.flags & CKF_DERIVE) { + printf(", derive"); + info.flags &= ~CKF_DERIVE; + } if (info.flags) printf(", other flags=0x%x", (unsigned int) info.flags); } @@ -763,30 +944,11 @@ } } -static void list_objects(CK_SESSION_HANDLE sess) -{ - CK_OBJECT_HANDLE object; - CK_ULONG count; - CK_RV rv; - - rv = p11->C_FindObjectsInit(sess, NULL, 0); - if (rv != CKR_OK) - p11_fatal("C_FindObjectsInit", rv); - - while (1) { - rv = p11->C_FindObjects(sess, &object, 1, &count); - if (rv != CKR_OK) - p11_fatal("C_FindObjects", rv); - if (count == 0) - break; - show_object(sess, object); - } - p11->C_FindObjectsFinal(sess); -} - -static int login(CK_SESSION_HANDLE session, int need_to_be_so) +static int login(CK_SESSION_HANDLE session, int login_type) { char *pin = NULL; + size_t len = 0; + int pin_allocated = 0, r; CK_TOKEN_INFO info; CK_RV rv; @@ -794,27 +956,38 @@ /* Identify which pin to enter */ - if (info.flags & CKF_PROTECTED_AUTHENTICATION_PATH) { - if (need_to_be_so ? opt_so_pin : opt_pin) - pin = need_to_be_so ? opt_so_pin : opt_pin; - } else - if (info.flags & CKF_LOGIN_REQUIRED || need_to_be_so) { - if (need_to_be_so ? !opt_so_pin : !opt_pin) - pin = getpass(need_to_be_so ? - "Please enter SO PIN: " : - "Please enter User PIN: "); - else - pin = need_to_be_so ? opt_so_pin : opt_pin; - if (!pin || !*pin) - return 1; - } else { - return 0; + if (login_type == CKU_SO) + pin = opt_so_pin; + else if (login_type == CKU_USER) + pin = opt_pin; + else if (login_type == CKU_CONTEXT_SPECIFIC) + pin = opt_pin ? opt_pin : opt_puk; + + if (!pin && !(info.flags & CKF_PROTECTED_AUTHENTICATION_PATH)) { + printf("Logging in to \"%s\".\n", p11_utf8_to_local(info.label, sizeof(info.label))); + if (login_type == CKU_SO) + printf("Please enter SO PIN: "); + else if (login_type == CKU_USER) + printf("Please enter User PIN: "); + else if (login_type == CKU_CONTEXT_SPECIFIC) + printf("Please enter context specific PIN: "); + r = util_getpass(&pin, &len, stdin); + if (r < 0) + util_fatal("No PIN entered, exiting!\n"); + pin_allocated = 1; } - rv = p11->C_Login(session, need_to_be_so ? CKU_SO : CKU_USER, - (CK_UTF8CHAR *) pin, - pin == NULL ? 0 : strlen(pin)); + + if (!(info.flags & CKF_PROTECTED_AUTHENTICATION_PATH) + && (!pin || !*pin) + && login_type != CKU_CONTEXT_SPECIFIC) + return 1; + + rv = p11->C_Login(session, login_type, + (CK_UTF8CHAR *) pin, pin == NULL ? 0 : strlen(pin)); if (rv != CKR_OK) p11_fatal("C_Login", rv); + if (pin_allocated) + free(pin); return 0; } @@ -823,6 +996,8 @@ { unsigned char token_label[33]; char new_buf[21], *new_pin = NULL; + size_t len = 0; + int pin_allocated = 0, r; CK_TOKEN_INFO info; CK_RV rv; @@ -834,15 +1009,22 @@ get_token_info(slot, &info); if (!(info.flags & CKF_PROTECTED_AUTHENTICATION_PATH)) { if (opt_so_pin == NULL) { - new_pin = getpass("Please enter the new SO PIN: "); + printf("Please enter the new SO PIN: "); + r = util_getpass(&new_pin, &len, stdin); + if (r < 0) + util_fatal("No PIN entered, exiting\n"); if (!new_pin || !*new_pin || strlen(new_pin) > 20) util_fatal("Invalid SO PIN\n"); strcpy(new_buf, new_pin); - new_pin = getpass("Please enter the new SO PIN " - "(again): "); + free(new_pin); new_pin = NULL; + printf("Please enter the new SO PIN (again): "); + r = util_getpass(&new_pin, &len, stdin); + if (r < 0) + util_fatal("No PIN entered, exiting\n"); if (!new_pin || !*new_pin || strcmp(new_buf, new_pin) != 0) util_fatal("Different new SO PINs, exiting\n"); + pin_allocated = 1; } else { new_pin = opt_so_pin; } @@ -855,33 +1037,55 @@ if (rv != CKR_OK) p11_fatal("C_InitToken", rv); printf("Token successfully initialized\n"); + + if (pin_allocated) + free(new_pin); } static void init_pin(CK_SLOT_ID slot, CK_SESSION_HANDLE sess) { - char new_buf[21], *new_pin = NULL; + char *pin; + char *new_pin1 = NULL, *new_pin2 = NULL; + size_t len1 = 0, len2 = 0; + int r; CK_TOKEN_INFO info; CK_RV rv; get_token_info(slot, &info); if (!(info.flags & CKF_PROTECTED_AUTHENTICATION_PATH)) { - if (opt_pin == NULL) { - new_pin = getpass("Please enter the new PIN: "); - if (!new_pin || !*new_pin || strlen(new_pin) > 20) + if (! opt_pin && !opt_new_pin) { + printf("Please enter the new PIN: "); + r = util_getpass(&new_pin1,&len1,stdin); + if (r < 0) + util_fatal("No PIN entered, aborting.\n"); + if (!new_pin1 || !*new_pin1 || strlen(new_pin1) > 20) util_fatal("Invalid User PIN\n"); - strcpy(new_buf, new_pin); - new_pin = getpass("Please enter the new PIN again: "); - if (!new_pin || !*new_pin || - strcmp(new_buf, new_pin) != 0) + printf("Please enter the new PIN again: "); + r = util_getpass(&new_pin2, &len2, stdin); + if (r < 0) + util_fatal("No PIN entered, aborting.\n"); + if (!new_pin2 || !*new_pin2 || + strcmp(new_pin1, new_pin2) != 0) util_fatal("Different new User PINs, exiting\n"); - } else { - new_pin = opt_pin; } } + + pin = opt_pin; + if (!pin) pin = opt_new_pin; + if (!pin) pin = new_pin1; + + rv = p11->C_InitPIN(sess, (CK_UTF8CHAR *) pin, pin == NULL ? 0 : strlen(pin)); + + if (new_pin1) { + memset(new_pin1, 0, len1); + free(new_pin1); + } + if (new_pin2) { + memset(new_pin2,0, len2); + free(new_pin2); + } - rv = p11->C_InitPIN(sess, - (CK_UTF8CHAR *) new_pin, new_pin == NULL ? 0 : strlen(new_pin)); if (rv != CKR_OK) p11_fatal("C_InitPIN", rv); printf("User PIN successfully initialized\n"); @@ -893,28 +1097,105 @@ char new_buf[21], *new_pin = NULL; CK_TOKEN_INFO info; CK_RV rv; + int r; + size_t len = 0; get_token_info(slot, &info); if (!(info.flags & CKF_PROTECTED_AUTHENTICATION_PATH)) { - old_pin = getpass("Please enter the current PIN: "); + printf("Please enter the current PIN: "); + r = util_getpass(&old_pin, &len, stdin); + if (r < 0) + return 1; if (!old_pin || !*old_pin || strlen(old_pin) > 20) return 1; strcpy(old_buf, old_pin); old_pin = old_buf; - new_pin = getpass("Please enter the new PIN: "); + + printf("Please enter the new PIN: "); + r = util_getpass(&new_pin, &len, stdin); + if (r < 0) + return 1; if (!new_pin || !*new_pin || strlen(new_pin) > 20) return 1; strcpy(new_buf, new_pin); - new_pin = getpass("Please enter the new PIN again: "); + + printf("Please enter the new PIN again: "); + r = util_getpass(&new_pin, &len, stdin); + if (r < 0) + return 1; + if (!new_pin || !*new_pin || strcmp(new_buf, new_pin) != 0) + return 1; + } + + rv = p11->C_SetPIN(sess, + (CK_UTF8CHAR *) old_pin, old_pin == NULL ? 0 : strlen(old_pin), + (CK_UTF8CHAR *) new_pin, new_pin == NULL ? 0 : strlen(new_pin)); + if (rv != CKR_OK) + p11_fatal("C_SetPIN", rv); + printf("PIN successfully changed\n"); + + return 0; +} + + +static int unlock_pin(CK_SLOT_ID slot, CK_SESSION_HANDLE sess, int login_type) +{ + char unlock_buf[21], *unlock_code = NULL; + char new_buf[21], *new_pin = NULL; + CK_TOKEN_INFO info; + CK_RV rv; + int r; + size_t len = 0; + + get_token_info(slot, &info); + + if (login_type == CKU_CONTEXT_SPECIFIC) + unlock_code = opt_pin ? opt_pin : opt_puk; + else if (login_type == -1) + unlock_code = opt_puk; + else + return 1; + + if (!(info.flags & CKF_PROTECTED_AUTHENTICATION_PATH) && !unlock_code) { + if (login_type == CKU_CONTEXT_SPECIFIC) + printf("Please enter the 'Change PIN' context secret code: "); + else if (login_type == -1) + printf("Please enter unblock code for User PIN: "); + + r = util_getpass(&unlock_code, &len, stdin); + if (r < 0) + return 1; + if (!unlock_code || !*unlock_code || strlen(unlock_code) > 20) + return 1; + + strcpy(unlock_buf, unlock_code); + unlock_code = unlock_buf; + } + + new_pin = opt_new_pin; + if (!(info.flags & CKF_PROTECTED_AUTHENTICATION_PATH) && !new_pin) { + printf("Please enter the new PIN: "); + r = util_getpass(&new_pin, &len, stdin); + if (r < 0) + return 1; + strcpy(new_buf, new_pin); + + printf("Please enter the new PIN again: "); + r = util_getpass(&new_pin, &len, stdin); + if (r < 0) + return 1; if (!new_pin || !*new_pin || strcmp(new_buf, new_pin) != 0) { printf(" different new PINs, exiting\n"); return -1; } + + if (!new_pin || !*new_pin || strlen(new_pin) > 20) + return 1; } rv = p11->C_SetPIN(sess, - (CK_UTF8CHAR *) old_pin, old_pin == NULL ? 0 : strlen(old_pin), + (CK_UTF8CHAR *) unlock_code, unlock_code == NULL ? 0 : strlen(unlock_code), (CK_UTF8CHAR *) new_pin, new_pin == NULL ? 0 : strlen(new_pin)); if (rv != CKR_OK) p11_fatal("C_SetPIN", rv); @@ -932,8 +1213,8 @@ CK_ULONG sig_len; int fd, r; - if (opt_mechanism == NO_MECHANISM) { - opt_mechanism = find_mechanism(slot, CKF_SIGN|CKF_HW, 1); + if (!opt_mechanism_used) { + opt_mechanism = find_mechanism(slot, CKF_SIGN|CKF_HW, 1, &opt_mechanism); printf("Using signature algorithm %s\n", p11_mechanism_to_name(opt_mechanism)); } @@ -969,6 +1250,32 @@ util_fatal("failed to open %s: %m", opt_output); } +#if defined(ENABLE_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDSA) +/* + * PKCS11 implies the ECDSA sig is 2nLen, + * OpenSSL expects sequence of {integer, integer} + * so we will write it for OpenSSL if built with OpenSSL + */ + if (opt_mechanism == CKM_ECDSA) { + int nLen; + ECDSA_SIG * ecsig = NULL; + unsigned char *p = NULL; + int der_len; + + nLen = sig_len/2; + + ecsig = ECDSA_SIG_new(); + ecsig->r = BN_bin2bn(buffer, nLen, ecsig->r); + ecsig->s = BN_bin2bn(buffer + nLen, nLen, ecsig->s); + + der_len = i2d_ECDSA_SIG(ecsig, &p); + printf("Writing OpenSSL ECDSA_SIG\n"); + r = write(fd, p, der_len); + free(p); + ECDSA_SIG_free(ecsig); + + } else +#endif /* ENABLE_OPENSSL && !OPENSSL_NO_EC && !OPENSSL_NO_ECDSA */ r = write(fd, buffer, sig_len); if (r < 0) util_fatal("Failed to write to %s: %m", opt_output); @@ -984,8 +1291,8 @@ CK_ULONG hash_len; int fd, r; - if (opt_mechanism == NO_MECHANISM) { - opt_mechanism = find_mechanism(slot, CKF_DIGEST, 1); + if (!opt_mechanism_used) { + opt_mechanism = find_mechanism(slot, CKF_DIGEST, 1, &opt_mechanism); printf("Using digest algorithm %s\n", p11_mechanism_to_name(opt_mechanism)); } @@ -1045,10 +1352,8 @@ {CKA_ENCRYPT, &_true, sizeof(_true)}, {CKA_VERIFY, &_true, sizeof(_true)}, {CKA_WRAP, &_true, sizeof(_true)}, - {CKA_MODULUS_BITS, &modulusBits, sizeof(modulusBits)}, - {CKA_PUBLIC_EXPONENT, publicExponent, sizeof(publicExponent)} }; - int n_pubkey_attr = 7; + int n_pubkey_attr = 5; CK_ATTRIBUTE privateKeyTemplate[20] = { {CKA_CLASS, &privkey_class, sizeof(privkey_class)}, {CKA_TOKEN, &_true, sizeof(_true)}, @@ -1059,6 +1364,8 @@ {CKA_UNWRAP, &_true, sizeof(_true)} }; int n_privkey_attr = 7; + unsigned char *ecparams = NULL; + size_t ecparams_size; CK_RV rv; if (type != NULL) { @@ -1072,7 +1379,41 @@ key_length = (unsigned long)atol(size); if (key_length != 0) modulusBits = key_length; - } else { + + FILL_ATTR(publicKeyTemplate[n_pubkey_attr], CKA_MODULUS_BITS, &modulusBits, sizeof(modulusBits)); + n_pubkey_attr++; + FILL_ATTR(publicKeyTemplate[n_pubkey_attr], CKA_PUBLIC_EXPONENT, publicExponent, sizeof(publicExponent)); + n_pubkey_attr++; + + mechanism.mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN; + } + else if (!strncmp(type, "EC:", 3)) { + int ii; + + for (ii=0; ec_curve_infos[ii].name; ii++) { + if (!strcmp(ec_curve_infos[ii].name, type + 3)) + break; + if (!strcmp(ec_curve_infos[ii].oid, type + 3)) + break; + } + if (!ec_curve_infos[ii].name) + util_fatal("Unknown EC key params '%s'", type + 3); + + ecparams_size = strlen(ec_curve_infos[ii].oid_encoded) / 2; + ecparams = malloc(ecparams_size); + if (!ecparams) + util_fatal("Allocation error", 0); + if (!hex_to_bin(ec_curve_infos[ii].oid_encoded, ecparams, &ecparams_size)) { + printf("Cannot convert \"%s\"\n", ec_curve_infos[ii].oid_encoded); + util_print_usage_and_die(app_name, options, option_help); + } + + FILL_ATTR(publicKeyTemplate[n_pubkey_attr], CKA_EC_PARAMS, ecparams, ecparams_size); + n_pubkey_attr++; + + mechanism.mechanism = CKM_EC_KEY_PAIR_GEN; + } + else { util_fatal("Unknown key type %s", type); } } @@ -1102,6 +1443,9 @@ if (rv != CKR_OK) p11_fatal("C_GenerateKeyPair", rv); + if (ecparams) + free(ecparams); + printf("Key pair generated:\n"); show_object(session, *hPrivateKey); show_object(session, *hPublicKey); @@ -1121,7 +1465,6 @@ pp = data; x = d2i_X509(NULL, &pp, len); if (!x) { - /* ERR_print_errors_fp(stderr); */ util_fatal("OpenSSL error during X509 certificate parsing"); } p = cert->subject; @@ -1166,7 +1509,6 @@ p = data; r = d2i_RSAPrivateKey(NULL, &p, len); if (!r) { - /* ERR_print_errors_fp(stderr); */ util_fatal("OpenSSL error during RSA private key parsing"); } RSA_GET_BN(modulus, r->n); @@ -1178,12 +1520,32 @@ RSA_GET_BN(exponent_2, r->dmq1); RSA_GET_BN(coefficient, r->iqmp); } + +static void parse_rsa_public_key(struct rsakey_info *rsa, + unsigned char *data, int len) +{ + RSA *r = NULL; + const unsigned char *p; + + p = data; + r = d2i_RSA_PUBKEY(NULL, &p, len); + + if (!r) { + r = d2i_RSAPublicKey(NULL, &p, len); + } + + if (!r) { + util_fatal("OpenSSL error during RSA public key parsing"); + } + RSA_GET_BN(modulus, r->n); + RSA_GET_BN(public_exponent, r->e); +} #endif #define MAX_OBJECT_SIZE 5000 -/* Currently only for certificates (-type cert), - private keys (-type privkey) and data objetcs (-type data). +/* Currently for certificates (-type cert), private keys (-type privkey), + public keys (-type pubkey) and data objects (-type data). Note: only RSA private keys are supported. */ static int write_object(CK_SLOT_ID slot, CK_SESSION_HANDLE session) { @@ -1193,15 +1555,10 @@ unsigned char certdata[MAX_OBJECT_SIZE]; int certdata_len = 0; FILE *f; - CK_OBJECT_HANDLE cert_obj, privkey_obj, data_obj; - CK_ATTRIBUTE cert_templ[20], privkey_templ[20], data_templ[20]; - int n_cert_attr = 0, n_privkey_attr = 0, n_data_attr = 0; + CK_OBJECT_HANDLE cert_obj, privkey_obj, pubkey_obj, data_obj; + CK_ATTRIBUTE cert_templ[20], privkey_templ[20], pubkey_templ[20], data_templ[20]; + int n_cert_attr = 0, n_privkey_attr = 0, n_pubkey_attr = 0, n_data_attr = 0; struct sc_object_id oid; -#if 0 - CK_ATTRIBUTE pubkey_templ[20]; - CK_OBJECT_HANDLE pubkey_obj; - int n_pubkey_attr = 0; -#endif CK_RV rv; int need_to_parse_certdata = 0; #ifdef ENABLE_OPENSSL @@ -1249,6 +1606,13 @@ util_fatal("No OpenSSL support, cannot parse RSA private key\n"); #endif } + if (opt_object_class == CKO_PUBLIC_KEY) { +#ifdef ENABLE_OPENSSL + parse_rsa_public_key(&rsa, contents, contents_len); +#else + util_fatal("No OpenSSL support, cannot parse RSA public key\n"); +#endif + } if (opt_object_class == CKO_CERTIFICATE) { CK_OBJECT_CLASS clazz = CKO_CERTIFICATE; @@ -1338,6 +1702,52 @@ #endif } else + if (opt_object_class == CKO_PUBLIC_KEY) { + CK_OBJECT_CLASS clazz = CKO_PUBLIC_KEY; + CK_KEY_TYPE type = CKK_RSA; +#ifdef ENABLE_OPENSSL + CK_ULONG modulus_bits = rsa.modulus_len * 8; +#endif + + FILL_ATTR(pubkey_templ[0], CKA_CLASS, &clazz, sizeof(clazz)); + FILL_ATTR(pubkey_templ[1], CKA_KEY_TYPE, &type, sizeof(type)); + FILL_ATTR(pubkey_templ[2], CKA_TOKEN, &_true, sizeof(_true)); + n_pubkey_attr = 3; + + if (opt_is_private != 0) { + FILL_ATTR(data_templ[n_data_attr], CKA_PRIVATE, + &_true, sizeof(_true)); + n_data_attr++; + } + + if (opt_object_label != NULL) { + FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_LABEL, + opt_object_label, strlen(opt_object_label)); + n_pubkey_attr++; + } + if (opt_object_id_len != 0) { + FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_ID, + opt_object_id, opt_object_id_len); + n_pubkey_attr++; + } +#ifdef ENABLE_OPENSSL + if (cert.subject_len != 0) { + FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_SUBJECT, + cert.subject, cert.subject_len); + n_pubkey_attr++; + } + FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_MODULUS, + rsa.modulus, rsa.modulus_len); + n_pubkey_attr++; + FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_MODULUS_BITS, + &modulus_bits, sizeof (modulus_bits)); + n_pubkey_attr++; + FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_PUBLIC_EXPONENT, + rsa.public_exponent, rsa.public_exponent_len); + n_pubkey_attr++; +#endif + } + else if (opt_object_class == CKO_DATA) { CK_OBJECT_CLASS clazz = CKO_DATA; FILL_ATTR(data_templ[0], CKA_CLASS, &clazz, sizeof(clazz)); @@ -1380,7 +1790,7 @@ if (rv != CKR_OK) p11_fatal("C_CreateObject", rv); - printf("Generated Data Object:\n"); + printf("Created Data Object:\n"); show_dobj(session, data_obj); } if (n_cert_attr) { @@ -1388,27 +1798,25 @@ if (rv != CKR_OK) p11_fatal("C_CreateObject", rv); - printf("Generated certificate:\n"); + printf("Created certificate:\n"); show_object(session, cert_obj); } -#if 0 if (n_pubkey_attr) { rv = p11->C_CreateObject(session, pubkey_templ, n_pubkey_attr, &pubkey_obj); if (rv != CKR_OK) p11_fatal("C_CreateObject", rv); - printf("Generated public key:\n"); + printf("Created public key:\n"); show_object(session, pubkey_obj); } -#endif if (n_privkey_attr) { rv = p11->C_CreateObject(session, privkey_templ, n_privkey_attr, &privkey_obj); if (rv != CKR_OK) p11_fatal("C_CreateObject", rv); - printf("Generated private key:\n"); + printf("Created private key:\n"); show_object(session, privkey_obj); } @@ -1434,28 +1842,29 @@ show_object(session, obj); } -static CK_SLOT_ID find_slot_by_label(const char *label) +static int find_slot_by_label(const char *label, CK_SLOT_ID_PTR result) { CK_TOKEN_INFO info; CK_ULONG n, len; CK_RV rv; if (!p11_num_slots) - return NO_SLOT; + return 0; len = strlen(label); for (n = 0; n < p11_num_slots; n++) { const char *token_label; - rv = p11->C_GetTokenInfo(n, &info); + rv = p11->C_GetTokenInfo(p11_slots[n], &info); if (rv != CKR_OK) continue; token_label = p11_utf8_to_local(info.label, sizeof(info.label)); - if (!strncmp(label, token_label, len)) - return n; + if (!strncmp(label, token_label, len)) { + *result = p11_slots[n]; + return 1; + } } - - return NO_SLOT; + return 0; } static int find_object(CK_SESSION_HANDLE sess, CK_OBJECT_CLASS cls, @@ -1502,8 +1911,8 @@ } static CK_RV find_object_with_attributes(CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE *out, - CK_ATTRIBUTE *attrs, CK_ULONG attrsLen, + CK_OBJECT_HANDLE *out, + CK_ATTRIBUTE *attrs, CK_ULONG attrsLen, CK_ULONG obj_index) { CK_ULONG count, ii; @@ -1512,7 +1921,7 @@ if (!out || !attrs || !attrsLen) return CKR_ARGUMENTS_BAD; - else + else *out = CK_INVALID_HANDLE; rv = p11->C_FindObjectsInit(session, attrs, attrsLen); @@ -1539,23 +1948,22 @@ } -static CK_MECHANISM_TYPE find_mechanism(CK_SLOT_ID slot, CK_FLAGS flags, - int stop_if_not_found) +static int find_mechanism(CK_SLOT_ID slot, CK_FLAGS flags, + int stop_if_not_found, CK_MECHANISM_TYPE_PTR result) { - CK_MECHANISM_TYPE *mechs = NULL, result; + CK_MECHANISM_TYPE *mechs = NULL; CK_ULONG count = 0; count = get_mechanisms(slot, &mechs, flags); if (count == 0) { if (stop_if_not_found) util_fatal("No appropriate mechanism found"); - result = NO_MECHANISM; } else { - result = mechs[0]; + /* X: why only first ? */ + *result = mechs[0]; free(mechs); } - - return result; + return count; } @@ -1604,6 +2012,7 @@ ATTR_METHOD(ALWAYS_SENSITIVE, CK_BBOOL); ATTR_METHOD(NEVER_EXTRACTABLE, CK_BBOOL); #endif +ATTR_METHOD(ALWAYS_AUTHENTICATE, CK_BBOOL); ATTR_METHOD(PRIVATE, CK_BBOOL); ATTR_METHOD(MODIFIABLE, CK_BBOOL); ATTR_METHOD(ENCRYPT, CK_BBOOL); @@ -1618,8 +2027,8 @@ #endif ATTR_METHOD(WRAP, CK_BBOOL); ATTR_METHOD(UNWRAP, CK_BBOOL); -#if 0 ATTR_METHOD(DERIVE, CK_BBOOL); +#if 0 ATTR_METHOD(EXTRACTABLE, CK_BBOOL); #endif ATTR_METHOD(KEY_TYPE, CK_KEY_TYPE); @@ -1629,8 +2038,36 @@ VARATTR_METHOD(APPLICATION, char); VARATTR_METHOD(ID, unsigned char); VARATTR_METHOD(OBJECT_ID, unsigned char); -VARATTR_METHOD(MODULUS, unsigned char); +VARATTR_METHOD(MODULUS, CK_BYTE); +#ifdef ENABLE_OPENSSL +VARATTR_METHOD(PUBLIC_EXPONENT, CK_BYTE); +#endif VARATTR_METHOD(VALUE, unsigned char); +VARATTR_METHOD(GOSTR3410_PARAMS, unsigned char); +VARATTR_METHOD(EC_POINT, unsigned char); +VARATTR_METHOD(EC_PARAMS, unsigned char); + +static void list_objects(CK_SESSION_HANDLE sess, CK_OBJECT_CLASS object_class) +{ + CK_OBJECT_HANDLE object; + CK_ULONG count; + CK_RV rv; + + rv = p11->C_FindObjectsInit(sess, NULL, 0); + if (rv != CKR_OK) + p11_fatal("C_FindObjectsInit", rv); + + while (1) { + rv = p11->C_FindObjects(sess, &object, 1, &count); + if (rv != CKR_OK) + p11_fatal("C_FindObjects", rv); + if (count == 0) + break; + if ((int) object_class == -1 || object_class == getCLASS(sess, object)) + show_object(sess, object); + } + p11->C_FindObjectsFinal(sess); +} static void show_object(CK_SESSION_HANDLE sess, CK_OBJECT_HANDLE obj) { @@ -1638,10 +2075,8 @@ switch (cls) { case CKO_PUBLIC_KEY: - show_key(sess, obj, 1); - break; case CKO_PRIVATE_KEY: - show_key(sess, obj, 0); + show_key(sess, obj); break; case CKO_CERTIFICATE: show_cert(sess, obj); @@ -1656,14 +2091,28 @@ } } -static void show_key(CK_SESSION_HANDLE sess, CK_OBJECT_HANDLE obj, int pub) +static void show_key(CK_SESSION_HANDLE sess, CK_OBJECT_HANDLE obj) { CK_KEY_TYPE key_type = getKEY_TYPE(sess, obj); - CK_ULONG size; - unsigned char *id; - char *label, *sepa; + CK_ULONG size = 0; + unsigned char *id, *oid; + const char *sepa; + char *label; + int pub; + + switch(getCLASS(sess, obj)) { + case CKO_PRIVATE_KEY: + printf("Private Key Object"); + pub = 0; + break; + case CKO_PUBLIC_KEY: + printf("Public Key Object"); + pub = 1; + break; + default: + return; + } - printf("%s Key Object", pub? "Public" : "Private"); switch (key_type) { case CKK_RSA: if (pub) @@ -1672,6 +2121,63 @@ else printf("; RSA \n"); break; + case CKK_GOSTR3410: + printf("; GOSTR3410 \n"); + if ((oid = getGOSTR3410_PARAMS(sess, obj, &size)) != NULL) { + unsigned int n; + + printf(" OID: "); + for (n = 0; n < size; n++) + printf("%02x", oid[n]); + printf("\n"); + free(oid); + } + break; + case CKK_EC: + printf("; EC"); + if (pub) { + unsigned char *bytes = NULL; + unsigned int n; + int ksize; + bytes = getEC_POINT(sess, obj, &size); + /* + * (We only support uncompressed for now) + * Uncompresed EC_POINT is DER OCTET STRING of "04||x||y" + * So a "256" bit key has x and y of 32 bytes each + * something like: "04 41 04||x||y" + * Do simple size calculation based on DER encoding + */ + if ((size - 2) <= 127) + ksize = (size - 3) * 4; + else if ((size - 3) <= 255) + ksize = (size - 4) * 4; + else + ksize = (size - 5) * 4; + + printf(" EC_POINT %d bits\n", ksize); + if (bytes) { + if ((CK_LONG)size > 0) { /* Will print the point here */ + printf(" EC_POINT: "); + for (n = 0; n < size; n++) + printf("%02x", bytes[n]); + printf("\n"); + } + free(bytes); + } + bytes = NULL; + bytes = getEC_PARAMS(sess, obj, &size); + if (bytes){ + if ((CK_LONG)size > 0) { + printf(" EC_PARAMS: "); + for (n = 0; n < size; n++) + printf("%02x", bytes[n]); + printf("\n"); + } + free(bytes); + } + } else + printf("\n"); + break; default: printf("; unknown key algorithm %lu\n", (unsigned long) key_type); @@ -1719,9 +2225,17 @@ printf("%sunwrap", sepa); sepa = ", "; } + if (!pub && getDERIVE(sess, obj)) { + printf("%sderive", sepa); + sepa = ", "; + } if (!*sepa) printf("none"); printf("\n"); + + if (!pub && getALWAYS_AUTHENTICATE(sess, obj)) { + printf(" Access: always authenticate\n"); + } } static void show_cert(CK_SESSION_HANDLE sess, CK_OBJECT_HANDLE obj) @@ -1796,7 +2310,7 @@ size /= sizeof(int); printf("%i", app_oid[0]); if (app_oid[0] >= 0) - for (n = 1; (n < size) && (app_oid[n] >= 0); n++) + for (n = 1; (n < size) && (app_oid[n] >= 0); n++) printf(".%i", app_oid[n]); printf("\n"); @@ -1807,9 +2321,9 @@ } printf(" flags: "); - if (getMODIFIABLE(sess, obj)) + if (getMODIFIABLE(sess, obj)) printf(" modifiable"); - if (getPRIVATE(sess, obj)) + if (getPRIVATE(sess, obj)) printf(" private"); printf ("\n"); } @@ -1826,11 +2340,11 @@ static CK_ULONG get_mechanisms(CK_SLOT_ID slot, CK_MECHANISM_TYPE_PTR *pList, CK_FLAGS flags) { - CK_ULONG m, n, ulCount; + CK_ULONG m, n, ulCount = 0; CK_RV rv; rv = p11->C_GetMechanismList(slot, *pList, &ulCount); - *pList = (CK_MECHANISM_TYPE *) calloc(ulCount, sizeof(*pList)); + *pList = calloc(ulCount, sizeof(*pList)); if (*pList == NULL) util_fatal("calloc failed: %m"); @@ -1866,30 +2380,30 @@ CK_OBJECT_HANDLE obj = CK_INVALID_HANDLE; int nn_attrs = 0; unsigned char *value = NULL; - CK_ULONG len; + CK_ULONG len = 0; FILE *out; struct sc_object_id oid; if (opt_object_class_str != NULL) { - FILL_ATTR(attrs[nn_attrs], CKA_CLASS, + FILL_ATTR(attrs[nn_attrs], CKA_CLASS, &clazz, sizeof(clazz)); nn_attrs++; } if (opt_object_id_len != 0) { - FILL_ATTR(attrs[nn_attrs], CKA_ID, + FILL_ATTR(attrs[nn_attrs], CKA_ID, opt_object_id, opt_object_id_len); nn_attrs++; } if (opt_object_label != NULL) { - FILL_ATTR(attrs[nn_attrs], CKA_LABEL, + FILL_ATTR(attrs[nn_attrs], CKA_LABEL, opt_object_label, strlen(opt_object_label)); nn_attrs++; } if (opt_application_label != NULL) { - FILL_ATTR(attrs[nn_attrs], CKA_APPLICATION, + FILL_ATTR(attrs[nn_attrs], CKA_APPLICATION, opt_application_label, strlen(opt_application_label)); nn_attrs++; } @@ -1904,9 +2418,13 @@ rv = find_object_with_attributes(session, &obj, attrs, nn_attrs, 0); if (rv != CKR_OK) p11_fatal("find_object_with_attributes()", rv); - else if (obj==CK_INVALID_HANDLE) + else if (obj==CK_INVALID_HANDLE) util_fatal("object not found\n"); +/* TODO: -DEE should look at object class, and get appropriate values + * based on the object, and other attributes. For example EC keys do + * not have a VALUE But have a EC_POINT. + */ value = getVALUE(session, obj, &len); if (value == NULL) util_fatal("get CKA_VALUE failed\n"); @@ -1939,25 +2457,25 @@ struct sc_object_id oid; if (opt_object_class_str != NULL) { - FILL_ATTR(attrs[nn_attrs], CKA_CLASS, + FILL_ATTR(attrs[nn_attrs], CKA_CLASS, &clazz, sizeof(clazz)); nn_attrs++; } if (opt_object_id_len != 0) { - FILL_ATTR(attrs[nn_attrs], CKA_ID, + FILL_ATTR(attrs[nn_attrs], CKA_ID, opt_object_id, opt_object_id_len); nn_attrs++; } if (opt_object_label != NULL) { - FILL_ATTR(attrs[nn_attrs], CKA_LABEL, + FILL_ATTR(attrs[nn_attrs], CKA_LABEL, opt_object_label, strlen(opt_object_label)); nn_attrs++; } if (opt_application_label != NULL) { - FILL_ATTR(attrs[nn_attrs], CKA_APPLICATION, + FILL_ATTR(attrs[nn_attrs], CKA_APPLICATION, opt_application_label, strlen(opt_application_label)); nn_attrs++; } @@ -1972,7 +2490,7 @@ rv = find_object_with_attributes(session, &obj, attrs, nn_attrs, 0); if (rv != CKR_OK) p11_fatal("find_object_with_attributes()", rv); - else if (obj==CK_INVALID_HANDLE) + else if (obj==CK_INVALID_HANDLE) util_fatal("object not found\n"); rv = p11->C_DestroyObject(session, obj); if (rv != CKR_OK) @@ -2001,7 +2519,7 @@ } free(id); - return getMODULUS_BITS(sess, pubkey); + return getMODULUS_BITS(sess, pubkey); } static int test_digest(CK_SLOT_ID slot) @@ -2033,8 +2551,8 @@ 20 }; - firstMechType = find_mechanism(slot, CKF_DIGEST, 0); - if (firstMechType == NO_MECHANISM) { + + if (!find_mechanism(slot, CKF_DIGEST, 0, &firstMechType)) { printf("Digests: not implemented\n"); return errors; } else @@ -2172,13 +2690,14 @@ #ifdef ENABLE_OPENSSL static EVP_PKEY *get_public_key(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE privKeyObject) { - unsigned char *id; - CK_ULONG idLen; + CK_BYTE *id, *mod, *exp; + CK_ULONG idLen = 0, modLen = 0, expLen = 0; CK_OBJECT_HANDLE pubkeyObject; unsigned char *pubkey; const unsigned char *pubkey_c; CK_ULONG pubkeyLen; EVP_PKEY *pkey; + RSA *rsa; id = NULL; id = getID(session, privKeyObject, &idLen); @@ -2194,6 +2713,39 @@ } free(id); + switch(getKEY_TYPE(session, pubkeyObject)) { + case CKK_RSA: + pkey = EVP_PKEY_new(); + rsa = RSA_new(); + mod = getMODULUS(session, pubkeyObject, &modLen); + exp = getPUBLIC_EXPONENT(session, pubkeyObject, &expLen); + if ( !pkey || !rsa || !mod || !exp) { + printf("public key not extractable\n"); + if (pkey) + free(pkey); + if (rsa) + free(rsa); + if (mod) + free(mod); + if (exp) + free(exp); + return NULL; + } + rsa->n = BN_bin2bn(mod, modLen, NULL); + rsa->e = BN_bin2bn(exp, expLen, NULL); + EVP_PKEY_assign_RSA(pkey, rsa); + free(mod); + free(exp); + return pkey; + case CKK_DSA: + case CKK_ECDSA: + case CKK_GOSTR3410: + break; + default: + printf("public key of unsupported type\n"); + return NULL; + } + pubkey = getVALUE(session, pubkeyObject, &pubkeyLen); if (pubkey == NULL) { printf("couldn't get the pubkey VALUE attribute, no validation done\n"); @@ -2206,7 +2758,6 @@ if (pkey == NULL) { printf(" couldn't parse pubkey, no verification done\n"); - /* ERR_print_errors_fp(stderr); */ return NULL; } @@ -2246,6 +2797,8 @@ if (rv != CKR_OK) p11_fatal("C_SignInit", rv); + if (getALWAYS_AUTHENTICATE(session, privKeyObject)) + login(session,CKU_CONTEXT_SPECIFIC); printf(" %s: ", p11_mechanism_to_name(ck_mech->mechanism)); sigLen1 = sizeof(sig1); @@ -2275,7 +2828,6 @@ errors++; } else if (err != 1) { printf("openssl error during verification: 0x%0x (%d)\n", err, err); - /* ERR_print_errors_fp(stderr); */ } else printf("OK\n"); @@ -2299,7 +2851,7 @@ CK_SESSION_INFO sessionInfo; CK_ULONG i, j; unsigned char data[256]; - CK_ULONG modLenBytes; + CK_ULONG modLenBytes = 0; CK_ULONG dataLen; unsigned char sig1[1024], sig2[1024]; CK_ULONG sigLen1, sigLen2; @@ -2348,8 +2900,7 @@ return errors; } - firstMechType = find_mechanism(slot, CKF_SIGN | CKF_HW, 0); - if (firstMechType == NO_MECHANISM) { + if (!find_mechanism(slot, CKF_SIGN | CKF_HW, 0, &firstMechType)) { printf("Signatures: not implemented\n"); return errors; } @@ -2361,10 +2912,17 @@ printf("(%s) ", label); free(label); } + if (!getSIGN(sess, privKeyObject)) { printf(" -- can't be used for signature, skipping\n"); continue; } + + modLenBytes = (get_private_key_length(sess, privKeyObject) + 7) / 8; + if(!modLenBytes) { + printf(" -- can't be used for signature, skipping: can't obtain modulus\n"); + continue; + } printf("\n"); break; } @@ -2375,10 +2933,10 @@ data[0] = 0; data[1] = 1; - modLenBytes = (get_private_key_length(sess, privKeyObject) + 7) / 8; /* 1st test */ + /* assume --login has already authenticated the key */ switch (firstMechType) { case CKM_RSA_PKCS: dataLen = 35; @@ -2399,12 +2957,10 @@ rv = p11->C_SignUpdate(sess, data, 5); if (rv == CKR_FUNCTION_NOT_SUPPORTED) { - printf(" Note: C_SignUpdate(), SignFinal() not supported\n"); - /* finish the digest operation */ - sigLen2 = sizeof(sig2); - rv = p11->C_Sign(sess, data, dataLen, sig2, &sigLen2); - if (rv != CKR_OK) - p11_fatal("C_Sign", rv); + p11_warn("C_SignUpdate", rv); + } else if (rv != CKR_OK) { + p11_perror("C_SignUpdate", rv); + errors++; } else { if (rv != CKR_OK) p11_fatal("C_SignUpdate", rv); @@ -2425,6 +2981,8 @@ rv = p11->C_SignInit(sess, &ck_mech, privKeyObject); if (rv != CKR_OK) p11_fatal("C_SignInit", rv); + if (getALWAYS_AUTHENTICATE(sess, privKeyObject)) + login(sess,CKU_CONTEXT_SPECIFIC); sigLen2 = sizeof(sig2); rv = p11->C_Sign(sess, data, dataLen, sig2, &sigLen2); @@ -2462,6 +3020,8 @@ printf(" ERR: C_Sign() didn't return CKR_OK for a NULL output buf, but %s (0x%0x)\n", CKR2Str(rv), (int) rv); } + if (getALWAYS_AUTHENTICATE(sess, privKeyObject)) + login(sess,CKU_CONTEXT_SPECIFIC); rv = p11->C_Sign(sess, data, dataLen, sig2, &sigLen2); if (rv == CKR_OPERATION_NOT_INITIALIZED) { @@ -2520,8 +3080,13 @@ printf(" -- can't be used to sign/verify, skipping\n"); continue; } - else + else if (!modLenBytes) { + printf(" -- can't be used to sign/verify, skipping: can't obtain modulus\n"); + continue; + } + else { printf("\n"); + } errors += sign_verify_openssl(slot, sess, &ck_mech, privKeyObject, datas[i], dataLens[i], verifyData, sizeof(verifyData), @@ -2578,6 +3143,8 @@ } printf(" %s: ", p11_mechanism_to_name(*mech_type)); + if (getALWAYS_AUTHENTICATE(session, priv_key)) + login(session,CKU_CONTEXT_SPECIFIC); signat_len = sizeof(signat); rv = p11->C_Sign(session, datas[j], data_lens[j], signat, &signat_len); @@ -2630,8 +3197,7 @@ return errors; } - first_mech_type = find_mechanism(slot, CKF_VERIFY, 0); - if (first_mech_type == NO_MECHANISM) { + if (!find_mechanism(slot, CKF_VERIFY, 0, &first_mech_type)) { printf("Verify: not implemented\n"); return errors; } @@ -2672,6 +3238,10 @@ } key_len = (get_private_key_length(sess, priv_key) + 7) / 8; + if(!key_len) { + printf(" -- can't get the modulus length, skipping\n"); + continue; + } errors += sign_verify(slot, sess, priv_key, key_len, pub_key, i != 0); } @@ -2696,6 +3266,7 @@ int ciphered_len, cleartext_len, len; CK_MECHANISM mech; CK_ULONG key_type = CKM_DES_CBC; + CK_ULONG key_len_ul; CK_ATTRIBUTE key_template = { CKA_KEY_TYPE, &key_type, sizeof(key_type) }; pkey = get_public_key(session, privKeyObject); @@ -2736,7 +3307,8 @@ } /* Try to decrypt */ - key = getVALUE(session, cipherKeyObject, (unsigned long *) &key_len); + key = getVALUE(session, cipherKeyObject, &key_len_ul); + key_len = key_len_ul; if (key == NULL) { printf("Could not get unwrapped key\n"); return 1; @@ -2790,13 +3362,12 @@ rv = p11->C_GetSessionInfo(sess, &sessionInfo); if (rv != CKR_OK) p11_fatal("C_OpenSession", rv); - if ((sessionInfo.state & CKS_RO_USER_FUNCTIONS) == 0) { - printf("Key unwrap: not logged in, skipping key unwrap tests\n"); + if (!(sessionInfo.state & CKS_RW_USER_FUNCTIONS)) { + printf("Key unwrap: not a R/W session, skipping key unwrap tests\n"); return errors; } - firstMechType = find_mechanism(slot, CKF_UNWRAP | CKF_HW, 0); - if (firstMechType == NO_MECHANISM) { + if (!find_mechanism(slot, CKF_UNWRAP | CKF_HW, 0, &firstMechType)) { printf("Unwrap: not implemented\n"); return errors; } @@ -3031,8 +3602,8 @@ CK_SLOT_ID slot_id; CK_RV rv; - printf("Testing card detection%s\n", - wait_for_event? " using C_WaitForSlotEvent" : ""); + printf("Testing card detection using %s\n", + wait_for_event? "C_WaitForSlotEvent()" : "C_GetSlotList()"); while (1) { printf("Please press return to continue, x to exit: "); @@ -3050,9 +3621,9 @@ p11_perror("C_WaitForSlotEvent", rv); return 1; } - printf("event on slot %u\n", (unsigned int) slot_id); + printf("event on slot 0x%lx\n", slot_id); } - list_slots(); + list_slots(0, 1, 1); } return 0; @@ -3074,10 +3645,6 @@ errors += test_decrypt(slot, session); - errors += test_card_detection(0); - - errors += test_card_detection(1); - if (errors == 0) printf("No errors\n"); else @@ -3111,7 +3678,7 @@ {CKA_LABEL, label, label_len}, {CKA_SUBJECT, (void *) "This won't be used in our lib", 29} }; - FILE *f; + FILE *f; printf("\n*** We already opened a session and logged in ***\n"); @@ -3241,7 +3808,7 @@ if (rv != CKR_OK) p11_fatal("C_OpenSession", rv); - login(session, 0); + login(session, CKU_USER); printf("\n*** Put a cert on the card (NOTE: doesn't correspond with the key!) ***\n"); @@ -3255,6 +3822,101 @@ printf("\n==> OK, successfull! Should work with Mozilla\n"); } + +static void test_ec(CK_SLOT_ID slot, CK_SESSION_HANDLE session) +{ + CK_MECHANISM mech = {CKM_ECDSA_SHA1, NULL_PTR, 0}; + CK_MECHANISM_TYPE *mech_type = NULL; + CK_OBJECT_HANDLE pub_key, priv_key; + CK_ULONG i, num_mechs = 0; + CK_RV rv; + CK_BYTE *tmp, *ec_params, *ec_point; + CK_BYTE *data_to_sign = (CK_BYTE *)"My Heart's in the Highland"; + CK_BYTE *data, sig[512]; + CK_ULONG data_len, sig_len; + CK_BYTE *id = (CK_BYTE *) "abcdefghijklmnopqrst"; + CK_ULONG id_len = strlen((char *)id), ec_params_len, ec_point_len; + CK_BYTE *label = (CK_BYTE *) "Just a label"; + CK_ULONG label_len = 12; + CK_ATTRIBUTE attribs[3] = { + {CKA_ID, id, id_len}, + {CKA_LABEL, label, label_len}, + {CKA_SUBJECT, (void *) "This won't be used in our lib", 29} + }; + + printf("\n*** We already opened a session and logged in ***\n"); + + num_mechs = get_mechanisms(slot, &mech_type, -1); + for (i = 0; i < num_mechs; i++) + if (mech_type[i] == CKM_EC_KEY_PAIR_GEN) + break; + if (i == num_mechs) { + printf("ERR: no 'CKM_EC_KEY_PAIR_GEN' found in the mechanism list\n"); + return; + } + + printf("*** Generating EC key pair ***\n"); + if (!gen_keypair(slot, session, &pub_key, &priv_key, opt_key_type)) + return; + + tmp = getID(session, priv_key, (CK_ULONG *) &opt_object_id_len); + if (opt_object_id == NULL || opt_object_id_len == 0) { + printf("ERR: newly generated private key has no (or an empty) CKA_ID\n"); + return; + } + memcpy(opt_object_id, tmp, opt_object_id_len); + + /* This is done in NSS */ + ec_params = getEC_PARAMS(session, priv_key, &ec_params_len); + if (ec_params_len < 5 || ec_params_len > 10000) { + printf("ERR: GetAttribute(privkey, CKA_EC_PARAMS) doesn't seem to work\n"); + return; + } + ec_point = getEC_POINT(session, pub_key, &ec_point_len); + if (ec_point_len < 5 || ec_point_len > 10000) { + printf("ERR: GetAttribute(pubkey, CKA_EC_POINT) doesn't seem to work\n"); + return; + } + + printf("*** Changing the CKA_ID of private and public key into one of 20 bytes ***\n"); + rv = p11->C_SetAttributeValue(session, priv_key, attribs, 1); + if (rv != CKR_OK) + p11_fatal("C_SetAttributeValue(priv_key)", rv); + + rv = p11->C_SetAttributeValue(session, pub_key, attribs, 1); + if (rv != CKR_OK) + p11_fatal("C_SetAttributeValue(pub_key)", rv); + + + printf("*** Do a signature ***\n"); + data = data_to_sign; + data_len = sizeof(data_to_sign); + rv = p11->C_SignInit(session, &mech, priv_key); + if (rv != CKR_OK) + p11_fatal("C_SignInit", rv); + rv = p11->C_Sign(session, data, data_len, NULL, &sig_len); + if (rv != CKR_OK) + p11_fatal("C_Sign", rv); + sig_len = 20; + rv = p11->C_Sign(session, data, data_len, sig, &sig_len); + if (rv != CKR_BUFFER_TOO_SMALL) { + printf("ERR: C_Sign() didn't return CKR_BUFFER_TO_SMALL but %s\n", CKR2Str(rv)); + return; + } + rv = p11->C_Sign(session, data, data_len, sig, &sig_len); + if (rv != CKR_OK) + p11_fatal("C_Sign", rv); + + printf("*** Changing the CKA_LABEL, CKA_ID and CKA_SUBJECT of the public key ***\n"); + rv = p11->C_SetAttributeValue(session, pub_key, attribs, 3); + if (rv != CKR_OK) + p11_fatal("C_SetAttributeValue", rv); + + printf("==> OK\n"); +} + + + static const char *p11_flag_names(struct flag_info *list, CK_FLAGS value) { static char buffer[1024]; @@ -3299,6 +3961,9 @@ { CKF_USER_PIN_INITIALIZED, "PIN initialized" }, { CKF_PROTECTED_AUTHENTICATION_PATH, "PIN pad present" }, { CKF_TOKEN_INITIALIZED, "token initialized" }, + { CKF_USER_PIN_COUNT_LOW, "user PIN count low" }, + { CKF_USER_PIN_FINAL_TRY, "final user PIN try" }, + { CKF_USER_PIN_LOCKED, "user PIN locked" }, { 0, NULL } }; @@ -3325,6 +3990,11 @@ static void p11_fatal(const char *func, CK_RV rv) { + if (p11) + p11->C_Finalize(NULL_PTR); + if (module) + C_UnloadModule(module); + util_fatal("PKCS11 function %s failed: rv = %s (0x%0x)\n", func, CKR2Str(rv), (unsigned int) rv); } @@ -3571,10 +4241,14 @@ { CKM_AES_MAC, "AES-MAC", NULL }, { CKM_AES_MAC_GENERAL, "AES-MAC-GENERAL", NULL }, { CKM_AES_CBC_PAD, "AES-CBC-PAD", NULL }, + { CKM_GOSTR3410_KEY_PAIR_GEN,"GOSTR3410-KEY-PAIR-GEN", NULL }, + { CKM_GOSTR3410, "GOSTR3410", NULL }, + { CKM_GOSTR3410_WITH_GOSTR3411,"GOSTR3410-WITH-GOSTR3411", NULL }, + { CKM_GOSTR3411, "GOSTR3411", NULL }, { CKM_DSA_PARAMETER_GEN, "DSA-PARAMETER-GEN", NULL }, { CKM_DH_PKCS_PARAMETER_GEN,"DH-PKCS-PARAMETER-GEN", NULL }, { CKM_X9_42_DH_PARAMETER_GEN,"X9-42-DH-PARAMETER-GEN", NULL }, - { NO_MECHANISM, NULL, NULL } + { 0, NULL, NULL } }; static const char *p11_mechanism_to_name(CK_MECHANISM_TYPE mech) @@ -3600,7 +4274,7 @@ return mi->mech; } util_fatal("Unknown PKCS11 mechanism \"%s\"\n", name); - return NO_MECHANISM; /* gcc food */ + return 0; /* gcc food */ } static const char * CKR2Str(CK_ULONG res) diff -Nru opensc-0.11.13/src/tools/pkcs15-crypt.c opensc-0.12.1/src/tools/pkcs15-crypt.c --- opensc-0.11.13/src/tools/pkcs15-crypt.c 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/tools/pkcs15-crypt.c 2011-05-17 17:07:00.000000000 +0000 @@ -18,9 +18,8 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #include #ifdef HAVE_UNISTD_H @@ -28,21 +27,24 @@ #endif #include #include -#include -#include #ifdef ENABLE_OPENSSL #include #include #include #endif -#include + +#include "common/compat_getpass.h" +#include "libopensc/opensc.h" +#include "libopensc/pkcs15.h" #include "util.h" static const char *app_name = "pkcs15-crypt"; -static int opt_reader = -1, verbose = 0, opt_wait = 0, opt_raw = 0; +static int verbose = 0, opt_wait = 0, opt_raw = 0; +static char * opt_reader; static char * opt_pincode = NULL, * opt_key_id = NULL; static char * opt_input = NULL, * opt_output = NULL; +static char * opt_bind_to_aid = NULL; static int opt_crypt_flags = 0; enum { @@ -53,6 +55,7 @@ OPT_SHA224, OPT_MD5, OPT_PKCS1, + OPT_BIND_TO_AID, }; static const struct option options[] = { @@ -71,6 +74,7 @@ { "md5", 0, NULL, OPT_MD5 }, { "pkcs1", 0, NULL, OPT_PKCS1 }, { "pin", 1, NULL, 'p' }, + { "aid", 1, NULL, OPT_BIND_TO_AID }, { "wait", 0, NULL, 'w' }, { "verbose", 0, NULL, 'v' }, { NULL, 0, NULL, 0 } @@ -92,6 +96,7 @@ "Input file is a MD5 hash", "Use PKCS #1 v1.5 padding", "Uses password (PIN) (use - for reading PIN from STDIN)", + "Specify AID of the on-card PKCS#15 application to be binded to (in hexadecimal form)", "Wait for card insertion", "Verbose operation. Use several times to enable debug output.", }; @@ -266,6 +271,7 @@ { EVP_PKEY *pkey = NULL; int r, nid = -1; + unsigned int out_int = out_len; r = extract_key(obj, &pkey); if (r < 0) @@ -289,20 +295,18 @@ return SC_ERROR_INVALID_ARGUMENTS; } } - r = RSA_sign(nid, data, len, out, (unsigned int *) &out_len, - pkey->pkey.rsa); + r = RSA_sign(nid, data, len, out, &out_int, pkey->pkey.rsa); if (r <= 0) r = SC_ERROR_INTERNAL; break; case SC_PKCS15_TYPE_PRKEY_DSA: - r = DSA_sign(NID_sha1, data, len, out, (unsigned int *) &out_len, - pkey->pkey.dsa); + r = DSA_sign(NID_sha1, data, len, out, &out_int, pkey->pkey.dsa); if (r <= 0) r = SC_ERROR_INTERNAL; break; } if (r >= 0) - r = out_len; + r = out_int; EVP_PKEY_free(pkey); return r; } @@ -466,11 +470,10 @@ pincode = get_pin(pin); if (((pincode == NULL || *pincode == '\0')) && - !(p15card->card->slot->capabilities & SC_SLOT_CAP_PIN_PAD)) + !(p15card->card->reader->capabilities & SC_READER_CAP_PIN_PAD)) return 5; - r = sc_pkcs15_verify_pin(p15card, (struct sc_pkcs15_pin_info *) pin->data, - (const u8 *) pincode, pincode == NULL ? 0 : strlen(pincode)); + r = sc_pkcs15_verify_pin(p15card, pin, (const u8 *)pincode, pincode ? strlen(pincode) : 0); if (r) { fprintf(stderr, "PIN code verification failed: %s\n", sc_strerror(r)); return 5; @@ -513,7 +516,7 @@ action_count++; break; case 'r': - opt_reader = atoi(optarg); + opt_reader = optarg; break; case 'i': opt_input = optarg; @@ -551,6 +554,9 @@ case 'p': opt_pincode = optarg; break; + case OPT_BIND_TO_AID: + opt_bind_to_aid = optarg; + break; case 'w': opt_wait = 1; break; @@ -568,23 +574,39 @@ fprintf(stderr, "Failed to establish context: %s\n", sc_strerror(r)); return 1; } - if (verbose > 1) - ctx->debug = verbose-1; - err = util_connect_card(ctx, &card, opt_reader, 0, opt_wait, verbose); + if (verbose > 1) { + ctx->debug = verbose; + sc_ctx_log_to_file(ctx, "stderr"); + } + + err = util_connect_card(ctx, &card, opt_reader, opt_wait, verbose); if (err) goto end; if (verbose) fprintf(stderr, "Trying to find a PKCS #15 compatible card...\n"); - r = sc_pkcs15_bind(card, &p15card); + if (opt_bind_to_aid) { + struct sc_aid aid; + + aid.len = sizeof(aid.value); + if (sc_hex_to_bin(opt_bind_to_aid, aid.value, &aid.len)) { + fprintf(stderr, "Invalid AID value: '%s'\n", opt_bind_to_aid); + return 1; + } + + r = sc_pkcs15_bind(card, &aid, &p15card); + } + else { + r = sc_pkcs15_bind(card, NULL, &p15card); + } if (r) { - fprintf(stderr, "PKCS #15 initialization failed: %s\n", sc_strerror(r)); + fprintf(stderr, "PKCS #15 binding failed: %s\n", sc_strerror(r)); err = 1; goto end; } if (verbose) - fprintf(stderr, "Found %s!\n", p15card->label); + fprintf(stderr, "Found %s!\n", p15card->tokeninfo->label); if (do_decipher) { if ((err = get_key(SC_PKCS15_PRKEY_USAGE_DECRYPT, &key)) @@ -604,10 +626,8 @@ if (p15card) sc_pkcs15_unbind(p15card); if (card) { -#if 1 sc_unlock(card); -#endif - sc_disconnect_card(card, 0); + sc_disconnect_card(card); } if (ctx) sc_release_context(ctx); diff -Nru opensc-0.11.13/src/tools/pkcs15-init.c opensc-0.12.1/src/tools/pkcs15-init.c --- opensc-0.11.13/src/tools/pkcs15-init.c 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/tools/pkcs15-init.c 2011-05-17 17:07:00.000000000 +0000 @@ -29,13 +29,19 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #include #include #include +#ifdef HAVE_STRING_H +#include +#endif +#include +#if OPENSSL_VERSION_NUMBER >= 0x00907000L +#include +#endif #include #include #include @@ -45,17 +51,20 @@ #include #include #include -#include -#include -#include -#include -#include -#include -#include -#include +#if OPENSSL_VERSION_NUMBER >= 0x10000000L +#include /* for OPENSSL_NO_EC */ +#ifndef OPENSSL_NO_EC +#include +#endif /* OPENSSL_NO_EC */ +#endif /* OPENSSL_VERSION_NUMBER >= 0x10000000L */ + +#include "common/compat_strlcpy.h" +#include "libopensc/cardctl.h" +#include "libopensc/pkcs15.h" +#include "libopensc/log.h" +#include "libopensc/cards.h" +#include "pkcs15init/pkcs15-init.h" #include "util.h" -#include - #undef GET_KEY_ECHO_OFF @@ -66,7 +75,7 @@ struct sc_pkcs15_card *, u8 **, size_t *); /* Local functions */ -static int open_reader_and_card(int); +static int open_reader_and_card(char *); static int do_assert_pristine(sc_card_t *); static int do_erase(sc_card_t *, struct sc_profile *); static int do_delete_objects(struct sc_profile *, unsigned int myopt_delete_flags); @@ -86,11 +95,10 @@ static int do_read_data_object(const char *name, u8 **out, size_t *outlen); static int do_store_data_object(struct sc_profile *profile); +static int do_sanity_check(struct sc_profile *profile); -static void set_secrets(struct sc_profile *); static int init_keyargs(struct sc_pkcs15init_prkeyargs *); -static int get_new_pin(sc_ui_hints_t *, const char *, const char *, - char **); +static void init_gost_params(struct sc_pkcs15init_keyarg_gost_params *, EVP_PKEY *); static int get_pin_callback(struct sc_profile *profile, int id, const struct sc_pkcs15_pin_info *info, const char *label, @@ -99,7 +107,6 @@ int method, int reference, const u8 *, size_t, u8 *, size_t *); -static int do_generate_key_soft(int, unsigned int, EVP_PKEY **); static int do_read_private_key(const char *, const char *, EVP_PKEY **, X509 **, unsigned int); static int do_read_public_key(const char *, const char *, EVP_PKEY **); @@ -107,8 +114,7 @@ static void parse_commandline(int argc, char **argv); static void read_options_file(const char *); static void ossl_print_errors(void); -static void set_userpin_ref(void); - +static int verify_pin(struct sc_pkcs15_card *, char *); enum { OPT_OPTIONS = 0x100, @@ -117,14 +123,17 @@ OPT_EXTRACTABLE, OPT_UNPROTECTED, OPT_AUTHORITY, - OPT_SOFT_KEYGEN, - OPT_SPLIT_KEY, OPT_ASSERT_PRISTINE, OPT_SECRET, OPT_PUBKEY_LABEL, OPT_CERT_LABEL, OPT_APPLICATION_NAME, OPT_APPLICATION_ID, + OPT_PUK_ID, + OPT_PUK_LABEL, + OPT_VERIFY_PIN, + OPT_SANITY_CHECK, + OPT_BIND_TO_AID, OPT_PIN1 = 0x10000, /* don't touch these values */ OPT_PUK1 = 0x10001, @@ -132,7 +141,7 @@ OPT_PUK2 = 0x10003, OPT_SERIAL = 0x10004, OPT_NO_SOPIN = 0x10005, - OPT_NO_PROMPT= 0x10006, + OPT_NO_PROMPT= 0x10006 }; const struct option options[] = { @@ -147,6 +156,7 @@ { "store-data", required_argument, NULL, 'W' }, { "delete-objects", required_argument, NULL, 'D' }, { "change-attributes", required_argument, NULL, 'A' }, + { "sanity-check", no_argument, NULL, OPT_SANITY_CHECK}, { "reader", required_argument, NULL, 'r' }, { "pin", required_argument, NULL, OPT_PIN1 }, @@ -156,23 +166,25 @@ { "no-so-pin", no_argument, NULL, OPT_NO_SOPIN }, { "serial", required_argument, NULL, OPT_SERIAL }, { "auth-id", required_argument, NULL, 'a' }, + { "puk-id", required_argument, NULL, OPT_PUK_ID }, + { "verify-pin", no_argument, NULL, OPT_VERIFY_PIN }, { "id", required_argument, NULL, 'i' }, { "label", required_argument, NULL, 'l' }, + { "puk-label", required_argument, NULL, OPT_PUK_LABEL }, { "public-key-label", required_argument, NULL, OPT_PUBKEY_LABEL }, { "cert-label", required_argument, NULL, OPT_CERT_LABEL }, { "application-name", required_argument, NULL, OPT_APPLICATION_NAME }, { "application-id", required_argument, NULL, OPT_APPLICATION_ID }, + { "aid", required_argument, NULL, OPT_BIND_TO_AID }, { "output-file", required_argument, NULL, 'o' }, { "format", required_argument, NULL, 'f' }, { "passphrase", required_argument, NULL, OPT_PASSPHRASE }, { "authority", no_argument, NULL, OPT_AUTHORITY }, { "key-usage", required_argument, NULL, 'u' }, - { "split-key", no_argument, NULL, OPT_SPLIT_KEY }, - { "finalize", no_argument, NULL, 'F' }, + { "finalize", no_argument, NULL, 'F' }, { "extractable", no_argument, NULL, OPT_EXTRACTABLE }, { "insecure", no_argument, NULL, OPT_UNPROTECTED }, - { "soft", no_argument, NULL, OPT_SOFT_KEYGEN }, { "use-default-transport-keys", no_argument, NULL, 'T' }, { "no-prompt", no_argument, NULL, OPT_NO_PROMPT }, @@ -190,7 +202,7 @@ { NULL, 0, NULL, 0 } }; static const char * option_help[] = { - "Erase the smart card (can be used with --create-pkcs15)", + "Erase the smart card", "Creates a new PKCS #15 structure", "Store a new PIN/PUK on the card", "Generate a new key and store it on the card", @@ -201,34 +213,37 @@ "Store a data object", "Delete object(s) (use \"help\" for more information)", "Change attribute(s) (use \"help\" for more information)", + "Card specific sanity check and possibly update procedure", "Specify which reader to use", "Specify PIN", "Specify unblock PIN", "Specify security officer (SO) PIN", "Specify unblock PIN for SO PIN", - "Do not install a SO PIN, and dont prompt for it", + "Do not install a SO PIN, and do not prompt for it", "Specify the serial number of the card", "Specify ID of PIN to use/create", + "Specify ID of PUK to use/create", + "Verify PIN after card binding (use with --auth-id)", "Specify ID of key/certificate", "Specify label of PIN/key", + "Specify label of PUK", "Specify public key label (use with --generate-key)", "Specify user cert label (use with --store-private-key)", "Specify application name of data object (use with --store-data-object)", "Specify application id of data object (use with --store-data-object)", + "Specify AID of the on-card PKCS#15 application to be binded to (in hexadecimal form)", "Output public portion of generated key to file", "Specify key/cert file format: PEM (=default), DER or PKCS12", "Specify passphrase for unlocking secret key", "Mark certificate as a CA certificate", "Specify X.509 key usage (use \"--key-usage help\" for more information)", - "Automatically create two keys with same ID and different usage (sign vs decipher)", "Finish initialization phase of the smart card", "Private key stored as an extractable key", "Insecure mode: do not require PIN/passphrase for private key", - "Use software key generation, even if the card supports on-board key generation", - "Always ask for transport keys etc, even if the driver thinks it knows the key", - "Do not prompt the user, except for PINs", + "Do not ask for transport keys if the driver thinks it knows the key", + "Do not prompt the user; if no PINs supplied, pinpad will be used", "Specify the general profile to use", "Specify the card profile to use", @@ -256,6 +271,7 @@ ACTION_FINALIZE_CARD, ACTION_DELETE_OBJECTS, ACTION_CHANGE_ATTRIBUTES, + ACTION_SANITY_CHECK, ACTION_MAX }; @@ -274,6 +290,7 @@ "finalizing card", "delete object(s)", "change attribute(s)", + "check card's sanity", }; #define MAX_CERTS 4 @@ -296,17 +313,16 @@ static sc_context_t * ctx = NULL; static sc_card_t * card = NULL; static struct sc_pkcs15_card * p15card = NULL; +static char * opt_reader = NULL; static unsigned int opt_actions; -static int opt_reader = -1, - opt_extractable = 0, +static int opt_extractable = 0, opt_unprotected = 0, opt_authority = 0, - opt_softkeygen = 0, opt_no_prompt = 0, opt_no_sopin = 0, opt_use_defkeys = 0, - opt_split_key = 0, - opt_wait = 0; + opt_wait = 0, + opt_verify_pin = 0; static const char * opt_profile = "pkcs15"; static char * opt_card_profile = NULL; static char * opt_infile = NULL; @@ -314,6 +330,7 @@ static char * opt_authid = NULL; static char * opt_objectid = NULL; static char * opt_label = NULL; +static char * opt_puk_label = NULL; static char * opt_pubkey_label = NULL; static char * opt_cert_label = NULL; static char * opt_pins[4]; @@ -323,6 +340,8 @@ static char * opt_outkey = NULL; static char * opt_application_id = NULL; static char * opt_application_name = NULL; +static char * opt_bind_to_aid = NULL; +static char * opt_puk_authid = NULL; static unsigned int opt_x509_usage = 0; static unsigned int opt_delete_flags = 0; static unsigned int opt_type = 0; @@ -336,6 +355,50 @@ get_key_callback, /* get_key() */ }; +/* + * Dialog types for get_pin + */ +#define SC_UI_USAGE_OTHER 0x0000 +#define SC_UI_USAGE_NEW_PIN 0x0001 +#define SC_UI_USAGE_UNBLOCK_PIN 0x0002 +#define SC_UI_USAGE_CHANGE_PIN 0x0003 + +/* + * Dialog flags + */ +#define SC_UI_PIN_RETYPE 0x0001 /* new pin, retype */ +#define SC_UI_PIN_OPTIONAL 0x0002 /* new pin optional */ +#define SC_UI_PIN_CHECK_LENGTH 0x0004 /* check pin length */ +#define SC_UI_PIN_MISMATCH_RETRY 0x0008 /* retry if new pin mismatch? */ + +/* Hints passed to get_pin + * M marks mandatory fields, + * O marks optional fields + */ +typedef struct sc_ui_hints { + const char * prompt; /* M: cmdline prompt */ + const char * dialog_name; /* M: dialog name */ + unsigned int usage; /* M: usage hint */ + unsigned int flags; /* M: flags */ + sc_card_t * card; /* M: card handle */ + struct sc_pkcs15_card * p15card; /* O: pkcs15 handle */ + + /* We may not have a pkcs15 object yet when we get + * here, but we may have an idea of what it's going to + * look like. */ + const char * obj_label; /* O: object (PIN) label */ + union { + struct sc_pkcs15_pin_info *pin; + } info; +} sc_ui_hints_t; + +/* + * ask user for a pin + */ +extern int get_pin(sc_ui_hints_t *hints, char **out); +static int get_new_pin(sc_ui_hints_t *, const char *, const char *, + char **); + int main(int argc, char **argv) { @@ -343,6 +406,9 @@ unsigned int n; int r = 0; +#if OPENSSL_VERSION_NUMBER >= 0x00907000L + OPENSSL_config(NULL); +#endif /* OpenSSL magic */ SSLeay_add_all_algorithms(); CRYPTO_malloc_init(); @@ -377,8 +443,6 @@ return 1; } - set_secrets(profile); - for (n = 0; n < ACTION_MAX; n++) { unsigned int action = n; @@ -390,11 +454,28 @@ && action != ACTION_ASSERT_PRISTINE && p15card == NULL) { /* Read the PKCS15 structure from the card */ - r = sc_pkcs15_bind(card, &p15card); + if (opt_bind_to_aid) { + struct sc_aid aid; + + aid.len = sizeof(aid.value); + if (sc_hex_to_bin(opt_bind_to_aid, aid.value, &aid.len)) { + fprintf(stderr, "Invalid AID value: '%s'\n", opt_bind_to_aid); + return 1; + } + + r = sc_pkcs15init_finalize_profile(card, profile, &aid); + if (r < 0) { + fprintf(stderr, "Finalize profile error %s\n", sc_strerror(r)); + break; + } + + r = sc_pkcs15_bind(card, &aid, &p15card); + } + else { + r = sc_pkcs15_bind(card, NULL, &p15card); + } if (r) { - fprintf(stderr, - "PKCS#15 initialization failed: %s\n", - sc_strerror(r)); + fprintf(stderr, "PKCS#15 binding failed: %s\n", sc_strerror(r)); break; } @@ -402,26 +483,23 @@ * sure we're not messing things up */ if (verbose) - printf("Found %s\n", p15card->label); + printf("Found %s\n", p15card->tokeninfo->label); sc_pkcs15init_set_p15card(profile, p15card); + + if (opt_verify_pin) { + r = verify_pin(p15card, opt_authid); + if (r) { + fprintf(stderr, "Failed to verify User PIN : %s\n", + sc_strerror(r)); + break; + } + } } if (verbose && action != ACTION_ASSERT_PRISTINE) printf("About to %s.\n", action_names[action]); -/* -{ - sc_path_t p1, p2, p3, p4; - sc_format_path("3F0050156666", &p1); p1.index = 0; p1.count = 50; - sc_format_path("3F0050157777", &p2); p2.index = 50; p2.count = 50; - sc_format_path("3F0050156666", &p3); p3.index = 200; p3.count = 50; - sc_format_path("3F0050156666", &p4); p4.index = 50; p4.count = 150; - r = sc_pkcs15init_remove_unusedspace(p15card, profile, &p1, NULL); - printf("sc_pkcs15init_add_unusedspace(): %d\n", r); - //r = sc_pkcs15init_add_unusedspace(p15card, profile, &p3, NULL); - //printf("sc_pkcs15init_add_unusedspace(): %d\n", r); -} -*/ + switch (action) { case ACTION_ASSERT_PRISTINE: /* skip printing error message */ @@ -464,6 +542,9 @@ case ACTION_FINALIZE_CARD: r = do_finalize_card(card, profile); break; + case ACTION_SANITY_CHECK: + r = do_sanity_check(profile); + break; default: util_fatal("Action not yet implemented\n"); } @@ -484,14 +565,14 @@ } if (card) { sc_unlock(card); - sc_disconnect_card(card, 0); + sc_disconnect_card(card); } sc_release_context(ctx); return r < 0? 1 : 0; } static int -open_reader_and_card(int reader) +open_reader_and_card(char *reader) { int r; sc_context_param_t ctx_param; @@ -505,12 +586,13 @@ util_error("Failed to establish context: %s\n", sc_strerror(r)); return 0; } + if (verbose > 1) { - ctx->debug = verbose-1; - ctx->debug_file = stderr; + ctx->debug = verbose; + sc_ctx_log_to_file(ctx, "stderr"); } - if (util_connect_card(ctx, &card, reader, 0, opt_wait, verbose)) + if (util_connect_card(ctx, &card, reader, opt_wait, verbose)) return 0; return 1; @@ -525,36 +607,25 @@ sc_path_t path; int r, ok = 1; - /* we need FILE NOT FOUND. - * - on starcos card NOT ALLOWED is also ok, as the MF does not exist. - * - on setcos 4.4 card, we should get 6F00 (translates to - * SC_ERROR_CARD_CMD_FAILED) to indicate that no MF exists. */ - - sc_ctx_suppress_errors_on(in_card->ctx); + sc_format_path("3F00", &path); + r = sc_select_file(in_card, &path, NULL); + if (r) + goto end; sc_format_path("2F00", &path); r = sc_select_file(in_card, &path, NULL); + if (r) + goto end; - if (r != SC_ERROR_FILE_NOT_FOUND) { - ok &= (r == SC_ERROR_NOT_ALLOWED && - strcmp(in_card->name, "STARCOS SPK 2.3") == 0) || - (r == SC_ERROR_CARD_CMD_FAILED && - in_card->type == SC_CARD_TYPE_SETCOS_44); - } - + /* For a while only the presence of OpenSC on-card pkcs#15 is checked. + TODO: Parse DIR(2F00) to get know if there is some PKCS#15 applications.*/ sc_format_path("5015", &path); r = sc_select_file(in_card, &path, NULL); + if (r) + goto end; - if (r != SC_ERROR_FILE_NOT_FOUND) { - ok &= (r == SC_ERROR_NOT_ALLOWED && - strcmp(in_card->name, "STARCOS SPK 2.3") == 0) || - (r == SC_ERROR_CARD_CMD_FAILED && - in_card->type == SC_CARD_TYPE_SETCOS_44); - } - - - sc_ctx_suppress_errors_off(in_card->ctx); - + ok = 0; +end: if (!ok) { fprintf(stderr, "Card not pristine; detected (possibly incomplete) " @@ -573,9 +644,30 @@ do_erase(sc_card_t *in_card, struct sc_profile *profile) { int r; + struct sc_pkcs15_card *p15card; + + p15card = sc_pkcs15_card_new(); + p15card->card = in_card; + ignore_cmdline_pins++; - r = sc_pkcs15init_erase_card(in_card, profile); + if (opt_bind_to_aid) { + struct sc_aid aid; + + aid.len = sizeof(aid.value); + if (sc_hex_to_bin(opt_bind_to_aid, aid.value, &aid.len)) { + fprintf(stderr, "Invalid AID value: '%s'\n", opt_bind_to_aid); + return 1; + + } + + r = sc_pkcs15init_erase_card(p15card, profile, &aid); + } + else { + r = sc_pkcs15init_erase_card(p15card, profile, NULL); + } ignore_cmdline_pins--; + + sc_pkcs15_card_free(p15card); return r; } @@ -594,7 +686,7 @@ sc_pkcs15_pin_info_t info; sc_ui_hints_t hints; const char *role = "so"; - int r; + int r, so_puk_disabled = 0; memset(&hints, 0, sizeof(hints)); hints.usage = SC_UI_USAGE_NEW_PIN; @@ -614,25 +706,28 @@ } memset(&args, 0, sizeof(args)); - if (!opt_pins[2] && !opt_no_prompt && !opt_no_sopin) { - sc_pkcs15init_get_pin_info(profile, - SC_PKCS15INIT_SO_PIN, &info); - if (!(info.flags & SC_PKCS15_PIN_FLAG_SO_PIN)) { - role = "user"; - } else { - /* SO pin is always optional */ - hints.flags |= SC_UI_PIN_OPTIONAL; - } + sc_pkcs15init_get_pin_info(profile, SC_PKCS15INIT_SO_PIN, &info); + + if (!(info.flags & SC_PKCS15_PIN_FLAG_SO_PIN)) + role = "user"; + else + hints.flags |= SC_UI_PIN_OPTIONAL; /* SO PIN is always optional */ + + + if ((info.flags & SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED) + && (info.flags & SC_PKCS15_PIN_FLAG_SO_PIN)) + so_puk_disabled = 1; + + if (!opt_pins[2] && !opt_no_prompt && !opt_no_sopin) { r = get_new_pin(&hints, role, "pin", &opt_pins[2]); if (r < 0) goto failed; } - if (opt_pins[2] && !opt_pins[3] && !opt_no_prompt) { - sc_pkcs15init_get_pin_info(profile, - SC_PKCS15INIT_SO_PUK, &info); + if (!so_puk_disabled && opt_pins[2] && !opt_pins[3] && !opt_no_prompt) { + sc_pkcs15init_get_pin_info(profile, SC_PKCS15INIT_SO_PUK, &info); if (!(info.flags & SC_PKCS15_PIN_FLAG_SO_PIN)) role = "user"; @@ -642,18 +737,23 @@ if (r < 0) goto failed; } + args.so_pin = (const u8 *) opt_pins[2]; if (args.so_pin) args.so_pin_len = strlen((const char *) args.so_pin); - args.so_puk = (const u8 *) opt_pins[3]; - if (args.so_puk) - args.so_puk_len = strlen((const char *) args.so_puk); + + if (!so_puk_disabled) { + args.so_puk = (const u8 *) opt_pins[3]; + if (args.so_puk) + args.so_puk_len = strlen((const char *) args.so_puk); + } + args.serial = (const char *) opt_serial; args.label = opt_label; return sc_pkcs15init_add_app(card, profile, &args); -failed: sc_error(card->ctx, "Failed to read PIN: %s\n", sc_strerror(r)); +failed: fprintf(stderr, "Failed to read PIN: %s\n", sc_strerror(r)); return SC_ERROR_PKCS15INIT; } @@ -685,56 +785,45 @@ return SC_ERROR_INVALID_ARGUMENTS; } - if (opt_pins[0] == NULL) { - sc_pkcs15init_get_pin_info(profile, - SC_PKCS15INIT_USER_PIN, &info); - + sc_pkcs15init_get_pin_info(profile, SC_PKCS15INIT_USER_PIN, &info); + if (opt_pins[0] == NULL) if ((r = get_new_pin(&hints, "user", "pin", &opt_pins[0])) < 0) goto failed; - } + if (*opt_pins[0] == '\0') { util_error("You must specify a PIN\n"); return SC_ERROR_INVALID_ARGUMENTS; } - if (opt_pins[1] == NULL) { - sc_pkcs15init_get_pin_info(profile, - SC_PKCS15INIT_USER_PUK, &info); + + memset(&args, 0, sizeof(args)); + sc_pkcs15_format_id(pin_id, &args.auth_id); + args.pin = (u8 *) opt_pins[0]; + args.pin_len = strlen(opt_pins[0]); + args.label = opt_label; + + if (!(info.flags & SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED) + && opt_pins[1] == NULL) { + sc_pkcs15init_get_pin_info(profile, SC_PKCS15INIT_USER_PUK, &info); hints.flags |= SC_UI_PIN_OPTIONAL; if ((r = get_new_pin(&hints, "user", "puk", &opt_pins[1])) < 0) goto failed; + } - memset(&args, 0, sizeof(args)); - sc_pkcs15_format_id(pin_id, &args.auth_id); - args.pin = (u8 *) opt_pins[0]; - args.pin_len = strlen(opt_pins[0]); + if (opt_puk_authid && opt_pins[1]) + sc_pkcs15_format_id(opt_puk_authid, &args.puk_id); + args.puk_label = opt_puk_label; args.puk = (u8 *) opt_pins[1]; args.puk_len = opt_pins[1]? strlen(opt_pins[1]) : 0; - args.label = opt_label; return sc_pkcs15init_store_pin(p15card, profile, &args); -failed: sc_error(card->ctx, "Failed to read PIN: %s\n", sc_strerror(r)); +failed: fprintf(stderr, "Failed to read PIN: %s\n", sc_strerror(r)); return SC_ERROR_PKCS15INIT; } /* - * Display split key error message - */ -static void -split_key_error(void) -{ - fprintf(stderr, "\n" - "Error - this token requires a more restrictive key usage.\n" - "Keys stored on this token can be used either for signing or decipherment,\n" - "but not both. You can either specify a more restrictive usage through\n" - "the --key-usage command line argument, or allow me to transparently\n" - "create two key objects with separate usage by specifying --split-key\n"); - exit(1); -} - -/* * Store a private key */ static int @@ -766,6 +855,8 @@ if ((r = do_convert_private_key(&args.key, pkey)) < 0) return r; + init_gost_params(&args.params.gost, pkey); + if (ncerts) { unsigned int usage; @@ -794,15 +885,7 @@ args.x509_usage = opt_x509_usage? opt_x509_usage : usage; } - if (sc_pkcs15init_requires_restrictive_usage(p15card, &args, 0)) { - if (!opt_split_key) - split_key_error(); - - r = sc_pkcs15init_store_split_key(p15card, profile, - &args, NULL, NULL); - } else { - r = sc_pkcs15init_store_private_key(p15card, profile, &args, NULL); - } + r = sc_pkcs15init_store_private_key(p15card, profile, &args, NULL); if (r < 0) return r; @@ -810,7 +893,7 @@ /* If there are certificate as well (e.g. when reading the * private key from a PKCS #12 file) store them, too. */ - for (i = 0; i < ncerts; i++) { + for (i = 0; i < ncerts && r >= 0; i++) { struct sc_pkcs15init_certargs cargs; char namebuf[SC_PKCS15_MAX_LABEL_SIZE-1]; @@ -916,11 +999,13 @@ if (pkey == NULL) r = do_read_public_key(opt_infile, opt_format, &pkey); - if (r >= 0) + if (r >= 0) { r = do_convert_public_key(&args.key, pkey); + if (r >= 0) + init_gost_params(&args.params.gost, pkey); + } if (r >= 0) - r = sc_pkcs15init_store_public_key(p15card, profile, - &args, &dummy); + r = sc_pkcs15init_store_public_key(p15card, profile, &args, &dummy); return r; } @@ -1024,17 +1109,17 @@ sc_pkcs15_der_t newcert_raw; int r; - set_userpin_ref(); - if (opt_objectid == NULL) { util_error("no ID given for the cert: use --id"); return SC_ERROR_INVALID_ARGUMENTS; } + sc_pkcs15_format_id(opt_objectid, &id); - if (sc_pkcs15_find_cert_by_id(p15card, &id, &obj) != 0) { - util_error("Couldn't find the cert with ID %s\n", opt_objectid); - return SC_ERROR_OBJECT_NOT_FOUND; - } + + if (sc_pkcs15_find_cert_by_id(p15card, &id, &obj) != 0) { + util_error("Couldn't find the cert with ID %s\n", opt_objectid); + return SC_ERROR_OBJECT_NOT_FOUND; + } certinfo = (sc_pkcs15_cert_info_t *) obj->data; r = sc_pkcs15_read_certificate(p15card, certinfo, &oldcert); @@ -1091,6 +1176,15 @@ return r; } +/* + * Run card specific sanity check procedure + */ +static int +do_sanity_check(struct sc_profile *profile) +{ + return sc_pkcs15init_sanity_check(p15card, profile); +} + static int cert_is_root(sc_pkcs15_cert_t *c) { return (c->subject_len == c->issuer_len) && @@ -1160,31 +1254,40 @@ * reached that certified other remaining certs on the card. */ static int do_delete_crypto_objects(sc_pkcs15_card_t *myp15card, - sc_profile_t *profile, + struct sc_profile *profile, const sc_pkcs15_id_t id, unsigned int which) { sc_pkcs15_object_t *objs[10]; /* 1 priv + 1 pub + chain of at most 8 certs, should be enough */ - sc_context_t *myctx = myp15card->card->ctx; int i, r = 0, count = 0, del_cert = 0; if (which & SC_PKCS15INIT_TYPE_PRKEY) { - if (sc_pkcs15_find_prkey_by_id(myp15card, &id, &objs[count]) != 0) - sc_debug(myctx, "NOTE: couldn't find privkey %s to delete\n", sc_pkcs15_print_id(&id)); - else - count++; + sc_pkcs15_object_t *key_objs[0x10]; + + r = sc_pkcs15_get_objects(myp15card, SC_PKCS15_TYPE_PRKEY, key_objs, 0x10); + if (r < 0) { + fprintf(stderr, "Private key enumeration failed: %s\n", sc_strerror(r)); + return r; + } + + for (i = 0; i< r; i++) + if (sc_pkcs15_compare_id(&id, &((struct sc_pkcs15_prkey_info *)key_objs[i]->data)->id)) + objs[count++] = key_objs[i]; + + if (!count) + fprintf(stderr, "NOTE: couldn't find privkey %s to delete\n", sc_pkcs15_print_id(&id)); } if (which & SC_PKCS15INIT_TYPE_PUBKEY) { if (sc_pkcs15_find_pubkey_by_id(myp15card, &id, &objs[count]) != 0) - sc_debug(myctx, "NOTE: couldn't find pubkey %s to delete\n", sc_pkcs15_print_id(&id)); + fprintf(stderr, "NOTE: couldn't find pubkey %s to delete\n", sc_pkcs15_print_id(&id)); else count++; } if (which & SC_PKCS15INIT_TYPE_CERT) { if (sc_pkcs15_find_cert_by_id(myp15card, &id, &objs[count]) != 0) - sc_debug(myctx, "NOTE: couldn't find cert %s to delete\n", sc_pkcs15_print_id(&id)); + fprintf(stderr, "NOTE: couldn't find cert %s to delete\n", sc_pkcs15_print_id(&id)); else { count++; del_cert = 1; @@ -1199,9 +1302,9 @@ for( ; count < 10 ; count++) { r = get_cert_info(myp15card, objs[count - 1], &has_sibling, &stop, &objs[count]); if (r < 0) - sc_error(myctx, "get_cert_info() failed: %s\n", sc_strerror(r)); + fprintf(stderr, "get_cert_info() failed: %s\n", sc_strerror(r)); else if (has_sibling) - sc_debug(myctx, "Chain deletion stops with cert %s\n", sc_pkcs15_print_id( + fprintf(stderr, "Chain deletion stops with cert %s\n", sc_pkcs15_print_id( &((sc_pkcs15_cert_info_t *) objs[count - 1]->data)->id)); else if (stop && (objs[count] != NULL)) count++; @@ -1215,7 +1318,7 @@ for (i = 0; i < count; i++) { r = sc_pkcs15init_delete_object(myp15card, profile, objs[i]); if (r < 0) { - sc_error(myctx, "Failed to delete object %d: %s\n", i, sc_strerror(r)); + fprintf(stderr, "Failed to delete object %d: %s\n", i, sc_strerror(r)); break; } } @@ -1228,8 +1331,6 @@ { int r = 0, count = 0; - set_userpin_ref(); - if (myopt_delete_flags & SC_PKCS15INIT_TYPE_DATA) { struct sc_object_id app_oid; sc_pkcs15_object_t *obj; @@ -1315,9 +1416,7 @@ if (opt_label != NULL) { strlcpy(obj->label, opt_label, sizeof(obj->label)); } - - set_userpin_ref(); - + r = sc_pkcs15init_update_any_df(p15card, profile, obj->df, 0); return r; @@ -1330,81 +1429,60 @@ do_generate_key(struct sc_profile *profile, const char *spec) { struct sc_pkcs15init_keygen_args keygen_args; - unsigned int evp_algo, keybits = 1024; - EVP_PKEY *pkey; - int r, split_key = 0; + unsigned int keybits = 1024; + int r; memset(&keygen_args, 0, sizeof(keygen_args)); keygen_args.pubkey_label = opt_pubkey_label; if ((r = init_keyargs(&keygen_args.prkey_args)) < 0) return r; + keygen_args.prkey_args.access_flags |= + SC_PKCS15_PRKEY_ACCESS_SENSITIVE + | SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE + | SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE + | SC_PKCS15_PRKEY_ACCESS_LOCAL; /* Parse the key spec given on the command line */ if (!strncasecmp(spec, "rsa", 3)) { keygen_args.prkey_args.key.algorithm = SC_ALGORITHM_RSA; - evp_algo = EVP_PKEY_RSA; spec += 3; } else if (!strncasecmp(spec, "dsa", 3)) { keygen_args.prkey_args.key.algorithm = SC_ALGORITHM_DSA; - evp_algo = EVP_PKEY_DSA; spec += 3; + } else if (!strncasecmp(spec, "gost2001", strlen("gost2001"))) { + keygen_args.prkey_args.key.algorithm = SC_ALGORITHM_GOSTR3410; + keybits = SC_PKCS15_GOSTR3410_KEYSIZE; + /* FIXME: now only SC_PKCS15_PARAMSET_GOSTR3410_A */ + keygen_args.prkey_args.params.gost.gostr3410 = SC_PKCS15_PARAMSET_GOSTR3410_A; + spec += strlen("gost2001"); + } else if (!strncasecmp(spec, "ec", 2)) { + keygen_args.prkey_args.key.algorithm = SC_ALGORITHM_EC; + spec += 2; } else { util_error("Unknown algorithm \"%s\"", spec); return SC_ERROR_INVALID_ARGUMENTS; } - if (*spec == '/' || *spec == '-') + if (*spec == '/' || *spec == '-' || *spec == ':') spec++; - if (*spec) { - char *end; - keybits = strtoul(spec, &end, 10); - if (*end) { - util_error("Invalid number of key bits \"%s\"", spec); - return SC_ERROR_INVALID_ARGUMENTS; + if (*spec) { + if (isalpha(*spec) && keygen_args.prkey_args.key.algorithm == SC_ALGORITHM_EC) { + keygen_args.prkey_args.params.ec.named_curve = strdup(spec); + keybits = 0; } - } - - /* If the card doesn't support keys that can both sign _and_ - * decipher, make sure the user specified --split-key */ - if (sc_pkcs15init_requires_restrictive_usage(p15card, - &keygen_args.prkey_args, keybits)) { - if (!opt_split_key) - split_key_error(); - split_key = 1; - } - - if (!opt_softkeygen && !split_key) { - r = sc_pkcs15init_generate_key(p15card, profile, &keygen_args, - keybits, NULL); - if (r >= 0 || r != SC_ERROR_NOT_SUPPORTED) - return r; - if (verbose) - printf("Warning: card doesn't support on-board " - "key generation.\n" - "Trying software generation\n"); - } + else { + char *end; - /* Generate the key ourselves */ - if ((r = do_generate_key_soft(evp_algo, keybits, &pkey)) < 0 - || (r = do_convert_private_key(&keygen_args.prkey_args.key, pkey) ) < 0) - goto out; - - if (split_key) { - sc_pkcs15init_store_split_key(p15card, - profile, &keygen_args.prkey_args, NULL, NULL); - } else { - r = sc_pkcs15init_store_private_key(p15card, - profile, &keygen_args.prkey_args, NULL); + keybits = strtoul(spec, &end, 10); + if (*end) { + util_error("Invalid number of key bits \"%s\"", spec); + return SC_ERROR_INVALID_ARGUMENTS; + } + } } - - /* Store public key portion on card */ - if (r >= 0) - r = do_store_public_key(profile, pkey); - -out: - EVP_PKEY_free(pkey); + r = sc_pkcs15init_generate_key(p15card, profile, &keygen_args, keybits, NULL); return r; } @@ -1421,7 +1499,7 @@ return SC_ERROR_INVALID_ARGUMENTS; } if (opt_extractable) { - args->flags |= SC_PKCS15INIT_EXTRACTABLE; + args->access_flags |= SC_PKCS15_PRKEY_ACCESS_EXTRACTABLE; if (opt_passphrase) { args->passphrase = opt_passphrase; } else { @@ -1440,6 +1518,36 @@ return 0; } +static void +init_gost_params(struct sc_pkcs15init_keyarg_gost_params *params, EVP_PKEY *pkey) +{ +#if OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_EC) + EC_KEY *key; + + assert(pkey); + if (EVP_PKEY_id(pkey) == NID_id_GostR3410_2001) { + key = EVP_PKEY_get0(pkey); + assert(key); + assert(params); + assert(EC_KEY_get0_group(key)); + assert(EC_GROUP_get_curve_name(EC_KEY_get0_group(key)) > 0); + switch (EC_GROUP_get_curve_name(EC_KEY_get0_group(key))) { + case NID_id_GostR3410_2001_CryptoPro_A_ParamSet: + params->gostr3410 = SC_PKCS15_PARAMSET_GOSTR3410_A; + break; + case NID_id_GostR3410_2001_CryptoPro_B_ParamSet: + params->gostr3410 = SC_PKCS15_PARAMSET_GOSTR3410_B; + break; + case NID_id_GostR3410_2001_CryptoPro_C_ParamSet: + params->gostr3410 = SC_PKCS15_PARAMSET_GOSTR3410_C; + break; + } + } +#else + (void)params, (void)pkey; /* no warning */ +#endif +} + /* * Intern secrets given on the command line (mostly for testing) */ @@ -1489,22 +1597,6 @@ util_fatal("Cannot parse secret \"%s\"\n", arg); } -static void set_secrets(struct sc_profile *profile) -{ - unsigned int n; - - for (n = 0; n < opt_secret_count; n++) { - struct secret *secret = &opt_secrets[n]; - - if (secret->reference < 0) - continue; - sc_pkcs15init_set_secret(profile, - secret->type, - secret->reference, - secret->key, - secret->len); - } -} /* * Prompt for a new PIN @@ -1538,7 +1630,7 @@ hints->prompt = prompt; hints->obj_label = label; - return sc_ui_get_pin(hints, retstr); + return get_pin(hints, retstr); } /* @@ -1552,7 +1644,7 @@ { char namebuf[64]; char *secret = NULL; - const char *name; + const char *name = NULL; size_t len = 0; int allocated = 0; @@ -1563,27 +1655,61 @@ "Unspecified PIN [reference %u]", info->reference); } - name = namebuf; if (!ignore_cmdline_pins) { - switch (id) { - case SC_PKCS15INIT_USER_PIN: - name = "User PIN"; - secret = opt_pins[OPT_PIN1 & 3]; break; - case SC_PKCS15INIT_USER_PUK: - name = "User PIN unlock key"; - secret = opt_pins[OPT_PUK1 & 3]; break; - case SC_PKCS15INIT_SO_PIN: - name = "Security officer PIN"; - secret = opt_pins[OPT_PIN2 & 3]; break; - case SC_PKCS15INIT_SO_PUK: - name = "Security officer PIN unlock key"; - secret = opt_pins[OPT_PUK2 & 3]; break; + if (info->auth_method == SC_AC_SYMBOLIC) { + switch (id) { + case SC_PKCS15INIT_USER_PIN: + name = "User PIN"; + secret = opt_pins[OPT_PIN1 & 3]; + break; + case SC_PKCS15INIT_USER_PUK: + name = "User PIN unlock key"; + secret = opt_pins[OPT_PUK1 & 3]; + break; + case SC_PKCS15INIT_SO_PIN: + name = "Security officer PIN"; + secret = opt_pins[OPT_PIN2 & 3]; + break; + case SC_PKCS15INIT_SO_PUK: + name = "Security officer PIN unlock key"; + secret = opt_pins[OPT_PUK2 & 3]; + break; + } + } + else if (info->auth_method == SC_AC_CHV) { + if (!(info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) + && !(info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)) { + name = "User PIN"; + secret = opt_pins[OPT_PIN1 & 3]; + } + else if (!(info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) + && (info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)) { + name = "User PUK"; + secret = opt_pins[OPT_PUK1 & 3]; + } + else if ((info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) + && !(info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)) { + name = "Security officer PIN"; + secret = opt_pins[OPT_PIN2 & 3]; + } + else if ((info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) + && (info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)) { + name = "Security officer PIN unlock key"; + secret = opt_pins[OPT_PUK2 & 3]; + } } if (secret) len = strlen(secret); } + if (name && label) + snprintf(namebuf, sizeof(namebuf), "%s [%s]", name, label); + else if (name) + snprintf(namebuf, sizeof(namebuf), "%s", name); + + name = namebuf; + /* See if we were given --secret @ID=.... */ if (!secret) { unsigned int n; @@ -1604,6 +1730,9 @@ char prompt[128]; int r; + if (opt_no_prompt) + return SC_ERROR_OBJECT_NOT_FOUND; + snprintf(prompt, sizeof(prompt), "%s required", name); memset(&hints, 0, sizeof(hints)); @@ -1614,8 +1743,8 @@ hints.card = card; hints.p15card = p15card; - if ((r = sc_ui_get_pin(&hints, &secret)) < 0) { - sc_error(card->ctx, + if ((r = get_pin(&hints, &secret)) < 0) { + fprintf(stderr, "Failed to read PIN from user: %s\n", sc_strerror(r)); return r; @@ -1634,15 +1763,16 @@ return 0; } -static int get_key_callback(struct sc_profile *profile, + +static int +get_key_callback(struct sc_profile *profile, int method, int reference, const u8 *def_key, size_t def_key_size, u8 *key_buf, size_t *buf_size) { - const char *kind, *prompt, *key; + const char *kind, *prompt, *key = NULL; if (def_key_size && opt_use_defkeys) { -use_default_key: if (*buf_size < def_key_size) return SC_ERROR_BUFFER_TOO_SMALL; memcpy(key_buf, def_key, def_key_size); @@ -1699,12 +1829,19 @@ prompt = buffer; } -#ifdef GET_KEY_ECHO_OFF - /* Read key with echo off - will users really manage? */ - key = getpass(prompt); -#else printf("%s: ", prompt); fflush(stdout); +#ifdef GET_KEY_ECHO_OFF + do { + size_t len = 0; + int r; + + /* Read key with echo off - will users really manage? */ + r = util_getpass(&key, &len, stdin); + if (r < 0 || !key) + return SC_ERROR_INTERNAL; + } while(0); +#else key = fgets(buffer, sizeof(buffer), stdin); if (key) buffer[strcspn(buffer, "\r\n")] = '\0'; @@ -1712,52 +1849,17 @@ if (key == NULL) return SC_ERROR_INTERNAL; - if (key[0] == '\0' && def_key_size) - goto use_default_key; - - if (sc_hex_to_bin(key, key_buf, buf_size) >= 0) + if (key[0] == '\0' && def_key_size) { + if (*buf_size < def_key_size) + return SC_ERROR_BUFFER_TOO_SMALL; + memcpy(key_buf, def_key, def_key_size); + *buf_size = def_key_size; return 0; - } -} - -/* - * Generate a private key - */ -static int do_generate_key_soft(int algorithm, unsigned int bits, - EVP_PKEY **res) -{ - *res = EVP_PKEY_new(); - switch (algorithm) { - case EVP_PKEY_RSA: { - RSA *rsa; - BIO *err; - - err = BIO_new(BIO_s_mem()); - rsa = RSA_generate_key(bits, 0x10001, NULL, err); - BIO_free(err); - if (rsa == 0) - util_fatal("RSA key generation error"); - EVP_PKEY_assign_RSA(*res, rsa); - break; } - case EVP_PKEY_DSA: { - DSA *dsa; - int r = 0; - dsa = DSA_generate_parameters(bits, - NULL, 0, NULL, - NULL, NULL, NULL); - if (dsa) - r = DSA_generate_key(dsa); - if (r == 0 || dsa == 0) - util_fatal("DSA key generation error"); - EVP_PKEY_assign_DSA(*res, dsa); - break; - } - default: - util_fatal("Unable to generate key: unsupported algorithm"); + if (sc_hex_to_bin(key, key_buf, buf_size) >= 0) + return 0; } - return 0; } /* @@ -1765,15 +1867,17 @@ */ static int pass_cb(char *buf, int len, int flags, void *d) { - int plen; - char *pass; - if (d) - pass = (char *)d; - else - pass = getpass("Please enter passphrase " - "to unlock secret key: "); - if (!pass) - return 0; + size_t pass_len = 0; + int plen, r; + char *pass = (char *)d; + + if (!pass) { + printf("Please enter passphrase to unlock secret key: "); + r = util_getpass(&pass, &pass_len, stdin); + if (r < 0 || !pass) + return 0; + } + plen = strlen(pass); if (plen <= 0) return 0; @@ -1856,6 +1960,7 @@ do_read_private_key(const char *filename, const char *format, EVP_PKEY **pk, X509 **certs, unsigned int max_certs) { + size_t len = 0; char *passphrase = NULL; int r; @@ -1876,8 +1981,10 @@ * the PEM interface * see OpenSSL: crypto/pkcs12/p12_kiss.c */ - passphrase = getpass("Please enter passphrase " - "to unlock secret key: "); + printf("Please enter passphrase to unlock secret key: "); + r = util_getpass(&passphrase, &len, stdin); + if (r < 0 || !passphrase) + return SC_ERROR_INTERNAL; r = do_read_pkcs12_private_key(filename, passphrase, pk, certs, max_certs); } @@ -1945,45 +2052,6 @@ return 0; } -#if 0 -/* - * Write a PEM encoded public key - */ -static int -do_write_pem_public_key(const char *filename, EVP_PKEY *pk) -{ - BIO *bio; - int r; - - bio = BIO_new(BIO_s_file()); - if (BIO_write_filename(bio, (char *) filename) < 0) - util_fatal("Unable to open %s: %m", filename); - r = PEM_write_bio_PUBKEY(bio, pk); - BIO_free(bio); - if (r == 0) { - ossl_print_errors(); - return -1; - } - return 0; -} - -static int -do_write_public_key(const char *filename, const char *format, EVP_PKEY *pk) -{ - int r; - - if (!format || !strcasecmp(format, "pem")) { - r = do_write_pem_public_key(filename, pk); - } else { - error("Error when writing public key. " - "Key file format \"%s\" not supported.\n", - format); - r = SC_ERROR_NOT_SUPPORTED; - } - return r; -} -#endif - /* * Read a certificate */ @@ -2057,7 +2125,7 @@ size_t filesize = determine_filesize(name); int c; - *out = (u8 *) malloc(filesize); + *out = malloc(filesize); if (*out == NULL) { return SC_ERROR_OUT_OF_MEMORY; } @@ -2079,12 +2147,12 @@ } static int -do_convert_bignum(sc_pkcs15_bignum_t *dst, BIGNUM *src) +do_convert_bignum(sc_pkcs15_bignum_t *dst, const BIGNUM *src) { if (src == 0) return 0; dst->len = BN_num_bytes(src); - dst->data = (u8 *) malloc(dst->len); + dst->data = malloc(dst->len); BN_bn2bin(src, dst->data); return 1; } @@ -2124,6 +2192,18 @@ DSA_free(src); break; } +#if OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_EC) + case NID_id_GostR3410_2001: { + struct sc_pkcs15_prkey_gostr3410 *dst = &key->u.gostr3410; + EC_KEY *src = EVP_PKEY_get0(pk); + + assert(src); + key->algorithm = SC_ALGORITHM_GOSTR3410; + assert(EC_KEY_get0_private_key(src)); + do_convert_bignum(&dst->d, EC_KEY_get0_private_key(src)); + break; + } +#endif /* OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_EC) */ default: util_fatal("Unsupported key algorithm\n"); } @@ -2131,6 +2211,22 @@ return 0; } +#if OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_EC) +static void reverse(unsigned char *buf, size_t len) +{ + unsigned char tmp; + size_t i; + + assert(buf || len == 0); + for (i = 0; i < len / 2; ++i) + { + tmp = buf[i]; + buf[i] = buf[len - 1 - i]; + buf[len - 1 - i] = tmp; + } +} +#endif /* OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_EC) */ + static int do_convert_public_key(struct sc_pkcs15_pubkey *key, EVP_PKEY *pk) { switch (pk->type) { @@ -2157,6 +2253,42 @@ DSA_free(src); break; } +#if OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_EC) + case NID_id_GostR3410_2001: { + struct sc_pkcs15_pubkey_gostr3410 *dst = &key->u.gostr3410; + EC_KEY *eckey = EVP_PKEY_get0(pk); + const EC_POINT *point; + BIGNUM *X, *Y; + int r = 0; + + assert(eckey); + point = EC_KEY_get0_public_key(eckey); + if (!point) + return SC_ERROR_INTERNAL; + X = BN_new(); + Y = BN_new(); + if (X && Y && EC_KEY_get0_group(eckey)) + r = EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(eckey), + point, X, Y, NULL); + if (r == 1) { + dst->xy.len = BN_num_bytes(X) + BN_num_bytes(Y); + dst->xy.data = malloc(dst->xy.len); + if (dst->xy.data) { + BN_bn2bin(Y, dst->xy.data); + BN_bn2bin(X, dst->xy.data + BN_num_bytes(Y)); + reverse(dst->xy.data, dst->xy.len); + key->algorithm = SC_ALGORITHM_GOSTR3410; + } + else + r = -1; + } + BN_free(X); + BN_free(Y); + if (r != 1) + return SC_ERROR_INTERNAL; + break; + } +#endif /* OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_EC) */ default: util_fatal("Unsupported key algorithm\n"); } @@ -2169,7 +2301,7 @@ u8 *p; der->len = i2d_X509(cert, NULL); - der->value = p = (u8 *) malloc(der->len); + der->value = p = malloc(der->len); i2d_X509(cert, &p); return 0; } @@ -2232,26 +2364,6 @@ return res; } -/* If the user PIN and it's ID is given, put the pin ref in the keycache */ -static void set_userpin_ref(void) -{ - int r; - - if ((opt_pins[0] != NULL) && (opt_authid != 0)) { - sc_path_t path; - sc_pkcs15_id_t auth_id; - sc_pkcs15_object_t *pinobj; - sc_pkcs15_pin_info_t *pin_info; - sc_format_path("3F00", &path); - sc_pkcs15_format_id(opt_authid, &auth_id); - r = sc_pkcs15_find_pin_by_auth_id(p15card, &auth_id, &pinobj); - if (r < 0) - util_fatal("Searching for user PIN %d failed: %s\n", opt_authid, sc_strerror(r)); - pin_info = (sc_pkcs15_pin_info_t *) pinobj->data; - sc_keycache_set_pin_name(&path, pin_info->reference, SC_PKCS15INIT_USER_PIN); - } -} - /* * Parse X.509 key usage list */ @@ -2275,7 +2387,7 @@ const char * name; const char * list; } x509_usage_aliases[] = { - { "sign", "digitalSignature,nonRepudiation,keyCertSign,cRLSign" }, + { "sign", "digitalSignature,keyCertSign,cRLSign" }, { "decrypt", "keyEncipherment,dataEncipherment" }, { NULL, NULL } }; @@ -2401,7 +2513,7 @@ opt_card_profile = optarg; break; case 'r': - opt_reader = atoi(optarg); + opt_reader = optarg; break; case 'u': parse_x509_usage(optarg, &opt_x509_usage); @@ -2435,21 +2547,24 @@ case OPT_AUTHORITY: opt_authority = 1; break; - case OPT_SOFT_KEYGEN: - opt_softkeygen = 1; - break; case OPT_APPLICATION_NAME: opt_application_name = optarg; break; case OPT_APPLICATION_ID: opt_application_id = optarg; break; + case OPT_BIND_TO_AID: + opt_bind_to_aid = optarg; + break; + case OPT_PUK_ID: + opt_puk_authid = optarg; + break; + case OPT_PUK_LABEL: + opt_puk_label = optarg; + break; case 'T': opt_use_defkeys = 1; break; - case OPT_SPLIT_KEY: - opt_split_key = 1; - break; case OPT_NO_SOPIN: opt_no_sopin = 1; break; @@ -2472,6 +2587,12 @@ case OPT_CERT_LABEL: opt_cert_label = optarg; break; + case OPT_VERIFY_PIN: + opt_verify_pin = 1; + break; + case OPT_SANITY_CHECK: + this_action = ACTION_SANITY_CHECK; + break; default: util_print_usage_and_die(app_name, options, option_help); } @@ -2490,10 +2611,16 @@ if ((opt_pins[OPT_PIN2&3] || opt_pins[OPT_PUK2&3]) && opt_no_sopin) { fprintf(stderr, "Error: " - "The --no-so-pin option and --so-pin/--so-puk are mutually\n" + "The --no-so-pin option and --so-pin/--so-puk are mutually" "exclusive.\n"); util_print_usage_and_die(app_name, options, option_help); } + + if ((opt_actions & (1 << ACTION_ERASE)) && + (opt_actions != (1 << ACTION_ERASE))) { + fprintf(stderr, "Error: erasing a card is incompatible with all other actions\n"); + util_print_usage_and_die(app_name, options, option_help); + } } /* @@ -2606,3 +2733,181 @@ while ((err = ERR_get_error()) != 0) fprintf(stderr, "%s\n", ERR_error_string(err, NULL)); } + +/* + * Retrieve a PIN from the user. + * + * @hints dialog hints + * @out PIN entered by the user; must be freed. + * NULL if dialog was canceled. + */ +int get_pin(sc_ui_hints_t *hints, char **out) +{ + sc_pkcs15_pin_info_t *pin_info; + const char *label; + int flags = hints->flags; + + pin_info = hints->info.pin; + if (!(label = hints->obj_label)) { + if (pin_info == NULL) { + label = "PIN"; + } else if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) { + label = "Security Officer PIN"; + } else { + label = "User PIN"; + } + } + + if (hints->p15card) { + /* TBD: get preferredCard from TokenInfo */ + } + + if (hints->prompt) { + printf("%s", hints->prompt); + if (flags & SC_UI_PIN_OPTIONAL) + printf(" (Optional - press return for no PIN)"); + printf(".\n"); + } + + *out = NULL; + while (1) { + char *pin = NULL; + size_t len = 0; + int r; + + printf("Please enter %s: ", label); + r = util_getpass(&pin, &len, stdin); + if (r < 0 || !pin) + return SC_ERROR_INTERNAL; + + if (!strlen(pin) && (flags & SC_UI_PIN_OPTIONAL)) + return 0; + + if (pin_info && (flags & SC_UI_PIN_CHECK_LENGTH)) { + if (strlen(pin) < pin_info->min_length) { + fprintf(stderr, + "PIN too short (min %lu characters)\n", + (unsigned long) pin_info->min_length); + continue; + } + if (pin_info->max_length + && strlen(pin) > pin_info->max_length) { + fprintf(stderr, + "PIN too long (max %lu characters)\n", + (unsigned long) pin_info->max_length); + continue; + } + } + + *out = strdup(pin); + sc_mem_clear(pin, len); + + if (!(flags & SC_UI_PIN_RETYPE)) + break; + + printf("Please type again to verify: "); + r = util_getpass(&pin, &len, stdin); + if (r < 0 || !pin) + return SC_ERROR_INTERNAL; + if (!strcmp(*out, pin)) { + sc_mem_clear(pin, len); + break; + } + + free(*out); + *out = NULL; + + if (!(flags & SC_UI_PIN_MISMATCH_RETRY)) { + fprintf(stderr, "PINs do not match.\n"); + return SC_ERROR_KEYPAD_PIN_MISMATCH; + } + + fprintf(stderr, + "Sorry, the two pins did not match. " + "Please try again.\n"); + sc_mem_clear(pin, strlen(pin)); + + /* Currently, there's no way out of this dialog. + * We should allow the user to bail out after n + * attempts. */ + } + + return 0; +} + +static int verify_pin(struct sc_pkcs15_card *p15card, char *auth_id_str) +{ + struct sc_pkcs15_object *pin_obj = NULL; + char pin_label[64]; + char *pin; + int r; + + if (!auth_id_str) { + struct sc_pkcs15_object *objs[32]; + int ii; + + r = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_AUTH_PIN, objs, 32); + if (r < 0) { + fprintf(stderr, "PIN code enumeration failed: %s\n", sc_strerror(r)); + return -1; + } + + for (ii=0;iidata; + + if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) + continue; + if (pin_info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN) + continue; + + pin_obj = objs[ii]; + break; + } + } + else { + struct sc_pkcs15_id auth_id; + + sc_pkcs15_hex_string_to_id(auth_id_str, &auth_id); + r = sc_pkcs15_find_pin_by_auth_id(p15card, &auth_id, &pin_obj); + if (r) { + fprintf(stderr, "Unable to find PIN code: %s\n", sc_strerror(r)); + return r; + } + } + + if (!pin_obj) { + fprintf(stderr, "PIN object '%s' not found\n", auth_id_str); + return -1; + } + + if (opt_pins[0] != NULL) { + pin = opt_pins[0]; + } + else { + sc_ui_hints_t hints; + + if (opt_no_prompt) + return SC_ERROR_OBJECT_NOT_FOUND; + + if (pin_obj->label) + snprintf(pin_label, sizeof(pin_label), "User PIN [%s]", pin_obj->label); + else + snprintf(pin_label, sizeof(pin_label), "User PIN"); + memset(&hints, 0, sizeof(hints)); + hints.dialog_name = "pkcs15init.get_pin"; + hints.prompt = "User PIN required"; + hints.obj_label = pin_label; + hints.usage = SC_UI_USAGE_OTHER; + hints.card = card; + hints.p15card = p15card; + + get_pin(&hints, &pin); + } + + r = sc_pkcs15_verify_pin(p15card, pin_obj, (unsigned char *)pin, pin ? strlen((char *) pin) : 0); + if (r < 0) + fprintf(stderr, "Operation failed: %s\n", sc_strerror(r)); + + return r; +} + diff -Nru opensc-0.11.13/src/tools/pkcs15-tool.c opensc-0.12.1/src/tools/pkcs15-tool.c --- opensc-0.11.13/src/tools/pkcs15-tool.c 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/tools/pkcs15-tool.c 2011-05-17 17:07:00.000000000 +0000 @@ -19,9 +19,8 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #ifdef ENABLE_OPENSSL #if defined(HAVE_INTTYPES_H) #include @@ -36,19 +35,22 @@ #include #endif #include -#include -#include + +#include "libopensc/pkcs15.h" +#include "libopensc/asn1.h" #include "util.h" static const char *app_name = "pkcs15-tool"; -static int opt_reader = -1, opt_wait = 0; +static int opt_wait = 0; static int opt_no_cache = 0; static char * opt_auth_id; +static char * opt_reader = NULL; static char * opt_cert = NULL; static char * opt_data = NULL; static char * opt_pubkey = NULL; static char * opt_outfile = NULL; +static char * opt_bind_to_aid = NULL; static u8 * opt_newpin = NULL; static u8 * opt_pin = NULL; static u8 * opt_puk = NULL; @@ -69,6 +71,9 @@ OPT_PIN, OPT_NEWPIN, OPT_PUK, + OPT_VERIFY_PIN, + OPT_BIND_TO_AID, + OPT_LIST_APPLICATIONS, }; #define NELEMENTS(x) (sizeof(x)/sizeof((x)[0])) @@ -77,7 +82,8 @@ static int pem_encode(int, sc_pkcs15_der_t *, sc_pkcs15_der_t *); static const struct option options[] = { - { "learn-card", no_argument, NULL, 'L' }, + { "learn-card", no_argument, NULL, 'L' }, + { "list-applications", no_argument, NULL, OPT_LIST_APPLICATIONS }, { "read-certificate", required_argument, NULL, 'r' }, { "list-certificates", no_argument, NULL, 'c' }, { "read-data-object", required_argument, NULL, 'R' }, @@ -86,7 +92,7 @@ { "dump", no_argument, NULL, 'D' }, { "unblock-pin", no_argument, NULL, 'u' }, { "change-pin", no_argument, NULL, OPT_CHANGE_PIN }, - { "list-keys", no_argument, NULL, 'k' }, + { "list-keys", no_argument, NULL, 'k' }, { "list-public-keys", no_argument, NULL, OPT_LIST_PUB }, { "read-public-key", required_argument, NULL, OPT_READ_PUB }, #if defined(ENABLE_OPENSSL) && (defined(_WIN32) || defined(HAVE_INTTYPES_H)) @@ -95,12 +101,14 @@ { "test-update", no_argument, NULL, 'T' }, { "update", no_argument, NULL, 'U' }, { "reader", required_argument, NULL, OPT_READER }, - { "pin", required_argument, NULL, OPT_PIN }, + { "pin", required_argument, NULL, OPT_PIN }, { "new-pin", required_argument, NULL, OPT_NEWPIN }, { "puk", required_argument, NULL, OPT_PUK }, + { "verify-pin", no_argument, NULL, OPT_VERIFY_PIN }, { "output", required_argument, NULL, 'o' }, { "no-cache", no_argument, NULL, OPT_NO_CACHE }, { "auth-id", required_argument, NULL, 'a' }, + { "aid", required_argument, NULL, OPT_BIND_TO_AID }, { "wait", no_argument, NULL, 'w' }, { "verbose", no_argument, NULL, 'v' }, { NULL, 0, NULL, 0 } @@ -108,6 +116,7 @@ static const char *option_help[] = { "Stores card info to cache", + "List the on-card PKCS#15 applications", "Reads certificate with ID ", "Lists certificates", "Reads data object with OID, applicationName or label ", @@ -115,20 +124,24 @@ "Lists PIN codes", "Dump card objects", "Unblock PIN code", - "Changes the PIN code", + "Change PIN or PUK code", "Lists private keys", "Lists public keys", "Reads public key with ID ", +#if defined(ENABLE_OPENSSL) && (defined(_WIN32) || defined(HAVE_INTTYPES_H)) "Reads public key with ID , outputs ssh format", +#endif "Test if the card needs a security update", "Update the card with a security update", "Uses reader number ", "Specify PIN", "Specify New PIN (when changing or unblocking)", "Specify Unblock PIN", + "Verify PIN after card binding (without 'auth-id' the first non-SO, non-Unblock PIN will be verified)", "Outputs to file ", "Disable card caching", "The auth ID of the PIN to use", + "Specify AID of the on-card PKCS#15 application to be binded to (in hexadecimal form)", "Wait for card insertion", "Verbose operation. Use several times to enable debug output.", }; @@ -137,15 +150,91 @@ static sc_card_t *card = NULL; static struct sc_pkcs15_card *p15card = NULL; +struct _access_rule_text { + unsigned flag; + const char *label; +} _access_rules_text[] = { + {SC_PKCS15_ACCESS_RULE_MODE_READ, "read"}, + {SC_PKCS15_ACCESS_RULE_MODE_UPDATE, "update"}, + {SC_PKCS15_ACCESS_RULE_MODE_EXECUTE, "execute"}, + {SC_PKCS15_ACCESS_RULE_MODE_DELETE, "delete"}, + {SC_PKCS15_ACCESS_RULE_MODE_ATTRIBUTE, "attribute"}, + {SC_PKCS15_ACCESS_RULE_MODE_PSO_CDS, "pso_cds"}, + {SC_PKCS15_ACCESS_RULE_MODE_PSO_VERIFY, "pso_verify"}, + {SC_PKCS15_ACCESS_RULE_MODE_PSO_DECRYPT, "pso_decrypt"}, + {SC_PKCS15_ACCESS_RULE_MODE_PSO_ENCRYPT, "pso_encrypt"}, + {SC_PKCS15_ACCESS_RULE_MODE_INT_AUTH, "int_auth"}, + {SC_PKCS15_ACCESS_RULE_MODE_EXT_AUTH, "ext_auth"}, + {0, NULL}, +}; + +static void +print_access_rules(const struct sc_pkcs15_accessrule *rules, int num) +{ + int i, j; + + if (!rules->access_mode) + return; + + printf("\tAccess Rules:\t"); + for (i = 0; i < num; i++) { + int next_coma = 0; + + if (!(rules + i)->access_mode) + break; + printf(" "); + + for (j = 0; _access_rules_text[j].label;j++) { + if ((rules + i)->access_mode & (_access_rules_text[j].flag)) { + printf("%s%s", next_coma ? "," : "", _access_rules_text[j].label); + next_coma = 1; + } + } + + printf(":%s;", (rules + i)->auth_id.len ? sc_pkcs15_print_id(&(rules + i)->auth_id) : ""); + } + printf("\n"); +} + +static void print_common_flags(const struct sc_pkcs15_object *obj) +{ + const char *common_flags[] = {"private", "modifiable"}; + unsigned int i; + printf("\tObject Flags : [0x%X]", obj->flags); + for (i = 0; i < NELEMENTS(common_flags); i++) { + if (obj->flags & (1 << i)) { + printf(", %s", common_flags[i]); + } + } + printf("\n"); +} + static void print_cert_info(const struct sc_pkcs15_object *obj) { - struct sc_pkcs15_cert_info *cert = (struct sc_pkcs15_cert_info *) obj->data; + struct sc_pkcs15_cert_info *cert_info = (struct sc_pkcs15_cert_info *) obj->data; + struct sc_pkcs15_cert *cert_parsed = NULL; + char guid[39]; + int rv; printf("X.509 Certificate [%s]\n", obj->label); - printf("\tFlags : %d\n", obj->flags); - printf("\tAuthority: %s\n", cert->authority ? "yes" : "no"); - printf("\tPath : %s\n", sc_print_path(&cert->path)); - printf("\tID : %s\n", sc_pkcs15_print_id(&cert->id)); + print_common_flags(obj); + printf("\tAuthority : %s\n", cert_info->authority ? "yes" : "no"); + printf("\tPath : %s\n", sc_print_path(&cert_info->path)); + printf("\tID : %s\n", sc_pkcs15_print_id(&cert_info->id)); + + rv = sc_pkcs15_get_guid(p15card, obj, guid, sizeof(guid)); + if (!rv) + printf("\tGUID : %s\n", guid); + + print_access_rules(obj->access_rules, SC_PKCS15_MAX_ACCESS_RULES); + + rv = sc_pkcs15_read_certificate(p15card, cert_info, &cert_parsed); + if (rv >= 0 && cert_parsed) { + printf("\tEncoded serial : %02X %02X ", *(cert_parsed->serial), *(cert_parsed->serial + 1)); + util_hex_dump(stdout, cert_parsed->serial + 2, cert_parsed->serial_len - 2, ""); + printf("\n"); + sc_pkcs15_free_certificate(cert_parsed); + } } @@ -165,6 +254,7 @@ print_cert_info(objs[i]); printf("\n"); } + return 0; } @@ -183,7 +273,7 @@ buf_len += 2 * (buf_len / 64 + 2); /* certain platforms use CRLF */ buf_len += 64; /* slack for checksum etc */ - if (!(buf = (unsigned char *) malloc(buf_len))) { + if (!(buf = malloc(buf_len))) { perror("print_pem_object"); return 1; } @@ -381,7 +471,6 @@ } else printf("NONE\n"); printf("Path: %s\n", sc_print_path(&cinfo->path)); - printf("Auth ID: %s\n", sc_pkcs15_print_id(&objs[i]->auth_id)); if (objs[i]->auth_id.len == 0) { struct sc_pkcs15_data *data_object; r = sc_pkcs15_read_data_object(p15card, cinfo, &data_object); @@ -393,6 +482,8 @@ } r = list_data_object("Data Object", data_object->data, data_object->data_len); sc_pkcs15_free_data_object(data_object); + } else { + printf("Auth ID: %s\n", sc_pkcs15_print_id(&objs[i]->auth_id)); } } return 0; @@ -402,47 +493,61 @@ { unsigned int i; struct sc_pkcs15_prkey_info *prkey = (struct sc_pkcs15_prkey_info *) obj->data; + const char *types[] = { "", "RSA", "DSA", "GOSTR3410", "EC", "", "", "" }; const char *usages[] = { "encrypt", "decrypt", "sign", "signRecover", "wrap", "unwrap", "verify", "verifyRecover", "derive", "nonRepudiation" }; - const size_t usage_count = sizeof(usages)/sizeof(usages[0]); + const size_t usage_count = NELEMENTS(usages); const char *access_flags[] = { "sensitive", "extract", "alwaysSensitive", "neverExtract", "local" }; const unsigned int af_count = NELEMENTS(access_flags); + char guid[39]; - printf("Private RSA Key [%s]\n", obj->label); - printf("\tCom. Flags : %X\n", obj->flags); - printf("\tUsage : [0x%X]", prkey->usage); + printf("Private %s Key [%s]\n", types[7 & obj->type], obj->label); + print_common_flags(obj); + printf("\tUsage : [0x%X]", prkey->usage); for (i = 0; i < usage_count; i++) - if (prkey->usage & (1 << i)) { - printf(", %s", usages[i]); - } + if (prkey->usage & (1 << i)) { + printf(", %s", usages[i]); + } printf("\n"); - printf("\tAccess Flags: [0x%X]", prkey->access_flags); + + printf("\tAccess Flags : [0x%X]", prkey->access_flags); for (i = 0; i < af_count; i++) - if (prkey->access_flags & (1 << i)) { - printf(", %s", access_flags[i]); - } + if (prkey->access_flags & (1 << i)) + printf(", %s", access_flags[i]); printf("\n"); - printf("\tModLength : %lu\n", (unsigned long)prkey->modulus_length); - printf("\tKey ref : %d\n", prkey->key_reference); - printf("\tNative : %s\n", prkey->native ? "yes" : "no"); - printf("\tPath : %s\n", sc_print_path(&prkey->path)); - printf("\tAuth ID : %s\n", sc_pkcs15_print_id(&obj->auth_id)); - printf("\tID : %s\n", sc_pkcs15_print_id(&prkey->id)); + + print_access_rules(obj->access_rules, SC_PKCS15_MAX_ACCESS_RULES); + + if (prkey->modulus_length) + printf("\tModLength : %lu\n", (unsigned long)prkey->modulus_length); + else + printf("\tFieldLength : %lu\n", (unsigned long)prkey->field_length); + printf("\tKey ref : %d (0x%X)\n", prkey->key_reference, prkey->key_reference); + printf("\tNative : %s\n", prkey->native ? "yes" : "no"); + if (prkey->path.len || prkey->path.aid.len) + printf("\tPath : %s\n", sc_print_path(&prkey->path)); + if (obj->auth_id.len != 0) + printf("\tAuth ID : %s\n", sc_pkcs15_print_id(&obj->auth_id)); + printf("\tID : %s\n", sc_pkcs15_print_id(&prkey->id)); + + if (!sc_pkcs15_get_guid(p15card, obj, guid, sizeof(guid))) + printf("\tGUID : %s\n", guid); + } static int list_private_keys(void) { int r, i; - struct sc_pkcs15_object *objs[32]; - - r = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_PRKEY_RSA, objs, 32); + struct sc_pkcs15_object *objs[32]; + + r = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_PRKEY, objs, 32); if (r < 0) { fprintf(stderr, "Private key enumeration failed: %s\n", sc_strerror(r)); return 1; @@ -460,6 +565,7 @@ { unsigned int i; const struct sc_pkcs15_pubkey_info *pubkey = (const struct sc_pkcs15_pubkey_info *) obj->data; + const char *types[] = { "", "RSA", "DSA", "GOSTR3410", "EC", "", "", "" }; const char *usages[] = { "encrypt", "decrypt", "sign", "signRecover", "wrap", "unwrap", "verify", "verifyRecover", @@ -472,34 +578,42 @@ }; const unsigned int af_count = NELEMENTS(access_flags); - printf("Public RSA Key [%s]\n", obj->label); - printf("\tCom. Flags : %X\n", obj->flags); - printf("\tUsage : [0x%X]", pubkey->usage); + printf("Public %s Key [%s]\n", types[7 & obj->type], obj->label); + print_common_flags(obj); + printf("\tUsage : [0x%X]", pubkey->usage); for (i = 0; i < usage_count; i++) if (pubkey->usage & (1 << i)) { printf(", %s", usages[i]); } printf("\n"); - printf("\tAccess Flags: [0x%X]", pubkey->access_flags); - for (i = 0; i < af_count; i++) - if (pubkey->access_flags & (1 << i)) { - printf(", %s", access_flags[i]); - } + + printf("\tAccess Flags : [0x%X]", pubkey->access_flags); + for (i = 0; i < af_count; i++) + if (pubkey->access_flags & (1 << i)) + printf(", %s", access_flags[i]); printf("\n"); - printf("\tModLength : %lu\n", (unsigned long)pubkey->modulus_length); - printf("\tKey ref : %d\n", pubkey->key_reference); - printf("\tNative : %s\n", pubkey->native ? "yes" : "no"); - printf("\tPath : %s\n", sc_print_path(&pubkey->path)); - printf("\tAuth ID : %s\n", sc_pkcs15_print_id(&obj->auth_id)); - printf("\tID : %s\n", sc_pkcs15_print_id(&pubkey->id)); + + print_access_rules(obj->access_rules, SC_PKCS15_MAX_ACCESS_RULES); + + if (pubkey->modulus_length) + printf("\tModLength : %lu\n", (unsigned long)pubkey->modulus_length); + else + printf("\tFieldLength : %lu\n", (unsigned long)pubkey->field_length); + printf("\tKey ref : %d\n", pubkey->key_reference); + printf("\tNative : %s\n", pubkey->native ? "yes" : "no"); + if (pubkey->path.len) + printf("\tPath : %s\n", sc_print_path(&pubkey->path)); + if (obj->auth_id.len != 0) + printf("\tAuth ID : %s\n", sc_pkcs15_print_id(&obj->auth_id)); + printf("\tID : %s\n", sc_pkcs15_print_id(&pubkey->id)); } static int list_public_keys(void) { int r, i; struct sc_pkcs15_object *objs[32]; - - r = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_PUBKEY_RSA, objs, 32); + + r = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_PUBKEY, objs, 32); if (r < 0) { fprintf(stderr, "Public key enumeration failed: %s\n", sc_strerror(r)); return 1; @@ -543,7 +657,7 @@ &cert); } if (r >= 0) - pubkey = &cert->key; + pubkey = cert->key; } if (r == SC_ERROR_OBJECT_NOT_FOUND) { @@ -585,6 +699,17 @@ struct sc_pkcs15_object *obj; sc_pkcs15_pubkey_t *pubkey = NULL; sc_pkcs15_cert_t *cert = NULL; + FILE *outf; + + if (opt_outfile != NULL) { + outf = fopen(opt_outfile, "w"); + if (outf == NULL) { + fprintf(stderr, "Error opening file '%s': %s\n", + opt_outfile, strerror(errno)); + goto fail2; + } + } else + outf = stdout; id.len = SC_PKCS15_MAX_ID_SIZE; sc_pkcs15_hex_string_to_id(opt_pubkey, &id); @@ -592,7 +717,7 @@ r = sc_pkcs15_find_pubkey_by_id(p15card, &id, &obj); if (r >= 0) { if (verbose) - printf("Reading ssh key with ID '%s'\n", opt_pubkey); + fprintf(stderr,"Reading ssh key with ID '%s'\n", opt_pubkey); r = authenticate(obj); if (r >= 0) r = sc_pkcs15_read_pubkey(p15card, obj, &pubkey); @@ -601,13 +726,13 @@ r = sc_pkcs15_find_cert_by_id(p15card, &id, &obj); if (r >= 0) { if (verbose) - printf("Reading certificate with ID '%s'\n", opt_pubkey); + fprintf(stderr,"Reading certificate with ID '%s'\n", opt_pubkey); r = sc_pkcs15_read_certificate(p15card, (sc_pkcs15_cert_info_t *) obj->data, &cert); } if (r >= 0) - pubkey = &cert->key; + pubkey = cert->key; } if (r == SC_ERROR_OBJECT_NOT_FOUND) { @@ -639,9 +764,9 @@ BN_free(bn); if (bits && exp && mod) { - printf("%u %s %s\n", bits,mod,exp); + fprintf(outf, "%u %s %s\n", bits,mod,exp); } else { - printf("decoding rsa key failed!\n"); + fprintf(stderr, "decoding rsa key failed!\n"); } OPENSSL_free(exp); OPENSSL_free(mod); @@ -664,7 +789,7 @@ len = sprintf((char *) buf+4,"ssh-rsa"); len+=4; - if (sizeof(buf)-len < 4+pubkey->u.rsa.exponent.len) + if (sizeof(buf)-len < 4+pubkey->u.rsa.exponent.len) goto fail; n = pubkey->u.rsa.exponent.len; if (pubkey->u.rsa.exponent.data[0] & 0x80) n++; @@ -679,7 +804,7 @@ pubkey->u.rsa.exponent.len); len += pubkey->u.rsa.exponent.len; - if (sizeof(buf)-len < 5+pubkey->u.rsa.modulus.len) + if (sizeof(buf)-len < 5+pubkey->u.rsa.modulus.len) goto fail; n = pubkey->u.rsa.modulus.len; if (pubkey->u.rsa.modulus.data[0] & 0x80) n++; @@ -697,7 +822,7 @@ uu = malloc(len*2); r = sc_base64_encode(buf, len, uu, 2*len, 2*len); - printf("ssh-rsa %s", uu); + fprintf(outf,"ssh-rsa %s", uu); free(uu); } @@ -716,7 +841,7 @@ len = sprintf((char *) buf+4,"ssh-dss"); len+=4; - if (sizeof(buf)-len < 5+pubkey->u.dsa.p.len) + if (sizeof(buf)-len < 5+pubkey->u.dsa.p.len) goto fail; n = pubkey->u.dsa.p.len; if (pubkey->u.dsa.p.data[0] & 0x80) n++; @@ -731,7 +856,7 @@ pubkey->u.dsa.p.len); len += pubkey->u.dsa.p.len; - if (sizeof(buf)-len < 5+pubkey->u.dsa.q.len) + if (sizeof(buf)-len < 5+pubkey->u.dsa.q.len) goto fail; n = pubkey->u.dsa.q.len; if (pubkey->u.dsa.q.data[0] & 0x80) n++; @@ -746,7 +871,7 @@ pubkey->u.dsa.q.len); len += pubkey->u.dsa.q.len; - if (sizeof(buf)-len < 5+pubkey->u.dsa.g.len) + if (sizeof(buf)-len < 5+pubkey->u.dsa.g.len) goto fail; n = pubkey->u.dsa.g.len; if (pubkey->u.dsa.g.data[0] & 0x80) n++; @@ -761,7 +886,7 @@ pubkey->u.dsa.g.len); len += pubkey->u.dsa.g.len; - if (sizeof(buf)-len < 5+pubkey->u.dsa.pub.len) + if (sizeof(buf)-len < 5+pubkey->u.dsa.pub.len) goto fail; n = pubkey->u.dsa.pub.len; if (pubkey->u.dsa.pub.data[0] & 0x80) n++; @@ -779,11 +904,13 @@ uu = malloc(len*2); r = sc_base64_encode(buf, len, uu, 2*len, 2*len); - printf("ssh-dss %s", uu); + fprintf(outf,"ssh-dss %s", uu); free(uu); } + if (outf != stdout) + fclose(outf); if (cert) sc_pkcs15_free_certificate(cert); else if (pubkey) @@ -791,7 +918,10 @@ return 0; fail: - printf("can't convert key: buffer too small\n"); + printf("can't convert key: buffer too small\n"); +fail2: + if (outf != stdout) + fclose(outf); if (cert) sc_pkcs15_free_certificate(cert); else if (pubkey) @@ -834,13 +964,16 @@ static u8 * get_pin(const char *prompt, sc_pkcs15_object_t *pin_obj) { sc_pkcs15_pin_info_t *pinfo = (sc_pkcs15_pin_info_t *) pin_obj->data; - char buf[80]; - char *pincode; + char *pincode = NULL; + size_t len = 0; + int r; - sprintf(buf, "%s [%s]: ", prompt, pin_obj->label); + printf("%s [%s]: ", prompt, pin_obj->label); while (1) { - pincode = getpass(buf); - if (strlen(pincode) == 0) + r = util_getpass(&pincode, &len, stdin); + if (r < 0) + return NULL; + if (!pincode || strlen(pincode) == 0) return NULL; if (strlen(pincode) < pinfo->min_length) { printf("PIN code too short, try again.\n"); @@ -854,9 +987,59 @@ } } +static int verify_pin(void) +{ + struct sc_pkcs15_object *pin_obj = NULL; + unsigned char *pin; + int r; + + if (!opt_auth_id) { + struct sc_pkcs15_object *objs[32]; + int ii; + + r = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_AUTH_PIN, objs, 32); + if (r < 0) { + fprintf(stderr, "PIN code enumeration failed: %s\n", sc_strerror(r)); + return -1; + } + + for (ii=0;iidata; + + if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) + continue; + if (pin_info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN) + continue; + + pin_obj = objs[ii]; + break; + } + } + else { + pin_obj = get_pin_info(); + } + + if (!pin_obj) { + fprintf(stderr, "PIN object '%s' not found\n", opt_auth_id); + return -1; + } + + if (opt_pin != NULL) + pin = opt_pin; + else + pin = get_pin("Please enter PIN", pin_obj); + + r = sc_pkcs15_verify_pin(p15card, pin_obj, pin, pin ? strlen((char *) pin) : 0); + if (r < 0) { + fprintf(stderr, "Operation failed: %s\n", sc_strerror(r)); + return -1; + } + + return 0; +} + static int authenticate(sc_pkcs15_object_t *obj) { - sc_pkcs15_pin_info_t *pin_info; sc_pkcs15_object_t *pin_obj; u8 *pin; int r; @@ -867,14 +1050,12 @@ if (r) return r; - pin_info = (sc_pkcs15_pin_info_t *) pin_obj->data; if (opt_pin != NULL) pin = opt_pin; else pin = get_pin("Please enter PIN", pin_obj); - return sc_pkcs15_verify_pin(p15card, pin_info, - pin, pin? strlen((char *) pin) : 0); + return sc_pkcs15_verify_pin(p15card, pin_obj, pin, pin? strlen((char *) pin) : 0); } static void print_pin_info(const struct sc_pkcs15_object *obj) @@ -889,30 +1070,33 @@ const char *pin_types[] = {"bcd", "ascii-numeric", "UTF-8", "halfnibble bcd", "iso 9664-1"}; const struct sc_pkcs15_pin_info *pin = (const struct sc_pkcs15_pin_info *) obj->data; - const size_t pf_count = sizeof(pin_flags)/sizeof(pin_flags[0]); + const size_t pf_count = NELEMENTS(pin_flags); size_t i; printf("PIN [%s]\n", obj->label); - printf("\tCom. Flags: 0x%X\n", obj->flags); - printf("\tID : %s\n", sc_pkcs15_print_id(&pin->auth_id)); - printf("\tFlags : [0x%02X]", pin->flags); + print_common_flags(obj); + if (obj->auth_id.len) + printf("\tAuth ID : %s\n", sc_pkcs15_print_id(&obj->auth_id)); + printf("\tID : %s\n", sc_pkcs15_print_id(&pin->auth_id)); + printf("\tFlags : [0x%02X]", pin->flags); for (i = 0; i < pf_count; i++) if (pin->flags & (1 << i)) { printf(", %s", pin_flags[i]); } printf("\n"); - printf("\tLength : min_len:%lu, max_len:%lu, stored_len:%lu\n", + printf("\tLength : min_len:%lu, max_len:%lu, stored_len:%lu\n", (unsigned long)pin->min_length, (unsigned long)pin->max_length, (unsigned long)pin->stored_length); - printf("\tPad char : 0x%02X\n", pin->pad_char); - printf("\tReference : %d\n", pin->reference); - if (pin->type >= 0 && pin->type < sizeof(pin_types)/sizeof(pin_types[0])) - printf("\tType : %s\n", pin_types[pin->type]); + printf("\tPad char : 0x%02X\n", pin->pad_char); + printf("\tReference : %d\n", pin->reference); + if (pin->type < NELEMENTS(pin_types)) + printf("\tType : %s\n", pin_types[pin->type]); else - printf("\tType : [encoding %d]\n", pin->type); - printf("\tPath : %s\n", sc_print_path(&pin->path)); + printf("\tType : [encoding %d]\n", pin->type); + if (pin->path.len || pin->path.aid.len) + printf("\tPath : %s\n", sc_print_path(&pin->path)); if (pin->tries_left >= 0) - printf("\tTries left: %d\n", pin->tries_left); + printf("\tTries left : %d\n", pin->tries_left); } static int list_pins(void) @@ -934,9 +1118,34 @@ return 0; } -static int dump(void) +static int list_apps(FILE *fout) { + unsigned j; + int i; + for (i=0; icard->app_count; i++) { + struct sc_app_info *info = p15card->card->app[i]; + + fprintf(fout, "Application '%s':\n", info->label); + fprintf(fout, "\tAID: "); + for(j=0;jaid.len;j++) + fprintf(fout, "%02X", info->aid.value[j]); + fprintf(fout, "\n"); + + if (info->ddo.value && info->ddo.len) { + fprintf(fout, "\tDDO: "); + for(j=0;jddo.len;j++) + fprintf(fout, "%02X", info->ddo.value[j]); + fprintf(fout, "\n"); + } + + fprintf(fout, "\n"); + } + return 0; +} + +static int dump(void) +{ const char *flags[] = { "Read-only", "Login required", @@ -945,19 +1154,18 @@ }; int i, count = 0; - sc_lock(card); - printf("PKCS#15 Card [%s]:\n", p15card->label); - printf("\tVersion : %d\n", p15card->version); - printf("\tSerial number : %s\n", p15card->serial_number); - printf("\tManufacturer ID: %s\n", p15card->manufacturer_id); - if (p15card->last_update) - printf("\tLast update : %s\n", p15card->last_update); - if (p15card->preferred_language) - printf("\tLanguage : %s\n", p15card->preferred_language); + printf("PKCS#15 Card [%s]:\n", p15card->tokeninfo->label); + printf("\tVersion : %d\n", p15card->tokeninfo->version); + printf("\tSerial number : %s\n", p15card->tokeninfo->serial_number); + printf("\tManufacturer ID: %s\n", p15card->tokeninfo->manufacturer_id); + if (p15card->tokeninfo->last_update) + printf("\tLast update : %s\n", p15card->tokeninfo->last_update); + if (p15card->tokeninfo->preferred_language) + printf("\tLanguage : %s\n", p15card->tokeninfo->preferred_language); printf("\tFlags : "); for (i = 0; i < 4; i++) { - if ((p15card->flags >> i) & 1) { + if ((p15card->tokeninfo->flags >> i) & 1) { if (count) printf(", "); printf("%s", flags[i]); @@ -972,7 +1180,6 @@ list_certificates(); list_data_objects(); - sc_unlock(card); return 0; } @@ -981,26 +1188,38 @@ struct sc_pkcs15_pin_info *pinfo = NULL; sc_pkcs15_object_t *pin_obj; u8 *pin, *puk; - int r; + int r, pinpad_present = 0; + pinpad_present = p15card->card->reader->capabilities & SC_READER_CAP_PIN_PAD; + if (!(pin_obj = get_pin_info())) return 2; pinfo = (sc_pkcs15_pin_info_t *) pin_obj->data; - if ((puk = opt_puk) == NULL) { + puk = opt_puk; + if (puk == NULL) { puk = get_pin("Enter PUK", pin_obj); - if (puk == NULL) + if (!pinpad_present && puk == NULL) return 2; } - if ((pin = opt_pin) == NULL) - pin = opt_newpin; + if (puk == NULL && verbose) + printf("PUK value will be prompted with pinpad.\n"); + + + pin = opt_pin ? opt_pin : opt_newpin; while (pin == NULL) { u8 *pin2; pin = get_pin("Enter new PIN", pin_obj); + if (pinpad_present && pin == NULL) { + if (verbose) + printf("New PIN value will be prompted with pinpad.\n"); + break; + } if (pin == NULL || strlen((char *) pin) == 0) return 2; + pin2 = get_pin("Enter new PIN again", pin_obj); if (pin2 == NULL || strlen((char *) pin2) == 0) return 2; @@ -1012,8 +1231,9 @@ free(pin2); } - r = sc_pkcs15_unblock_pin(p15card, pinfo, puk, strlen((char *) puk), - pin, strlen((char *) pin)); + r = sc_pkcs15_unblock_pin(p15card, pin_obj, + puk, puk ? strlen((char *) puk) : 0, + pin, pin ? strlen((char *) pin) : 0); if (r == SC_ERROR_PIN_CODE_INCORRECT) { fprintf(stderr, "PUK code incorrect; tries left: %d\n", pinfo->tries_left); return 3; @@ -1031,34 +1251,58 @@ sc_pkcs15_object_t *pin_obj; sc_pkcs15_pin_info_t *pinfo = NULL; u8 *pincode, *newpin; - int r; + int r, pinpad_present = 0; + + pinpad_present = p15card->card->reader->capabilities & SC_READER_CAP_PIN_PAD; if (!(pin_obj = get_pin_info())) return 2; pinfo = (sc_pkcs15_pin_info_t *) pin_obj->data; - if ((pincode = opt_pin) == NULL) { + if (pinfo->tries_left != -1) { + if (pinfo->tries_left != pinfo->max_tries) { + if (pinfo->tries_left == 0) { + fprintf(stderr, "PIN code blocked!\n"); + return 2; + } else { + fprintf(stderr, "%d PIN tries left.\n", pinfo->tries_left); + } + } + } + + pincode = opt_pin; + if (pincode == NULL) { pincode = get_pin("Enter old PIN", pin_obj); - if (pincode == NULL) + if (!pinpad_present && pincode == NULL) return 2; } - if (strlen((char *) pincode) == 0) { + if (pincode && strlen((char *) pincode) == 0) { fprintf(stderr, "No PIN code supplied.\n"); return 2; } + if (pincode == NULL && verbose) + printf("Old PIN value will be prompted with pinpad.\n"); + newpin = opt_newpin; while (newpin == NULL) { u8 *newpin2; newpin = get_pin("Enter new PIN", pin_obj); - if (newpin == NULL || strlen((char *) newpin) == 0) + if (pinpad_present && newpin == NULL) { + if (verbose) + printf("New PIN value will be prompted with pinpad.\n"); + break; + } + if (newpin == NULL || strlen((char *) newpin) == 0) { + fprintf(stderr, "No new PIN value supplied.\n"); return 2; + } + newpin2 = get_pin("Enter new PIN again", pin_obj); - if (newpin2 == NULL || strlen((char *) newpin2) == 0) - return 2; - if (strcmp((char *) newpin, (char *) newpin2) == 0) { + if (newpin2 && strlen((char *) newpin2) && + strcmp((char *) newpin, (char *) newpin2) == 0) { free(newpin2); break; } @@ -1067,8 +1311,10 @@ free(newpin2); newpin=NULL; } - r = sc_pkcs15_change_pin(p15card, pinfo, pincode, strlen((char *) pincode), - newpin, strlen((char *) newpin)); + + r = sc_pkcs15_change_pin(p15card, pin_obj, + pincode, pincode ? strlen((char *) pincode) : 0, + newpin, newpin ? strlen((char *) newpin) : 0); if (r == SC_ERROR_PIN_CODE_INCORRECT) { fprintf(stderr, "PIN code incorrect; tries left: %d\n", pinfo->tries_left); return 3; @@ -1146,7 +1392,7 @@ return 1; } cert_count = r; - r = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_PRKEY_RSA, NULL, 0); + r = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_PRKEY, NULL, 0); if (r < 0) { fprintf(stderr, "Private key enumeration failed: %s\n", sc_strerror(r)); return 1; @@ -1168,6 +1414,7 @@ printf("[%s]\n", certs[i]->label); + memset(&tpath, 0, sizeof(tpath)); tpath = cinfo->path; if (tpath.type == SC_PATH_TYPE_FILE_ID) { /* prepend application DF path in case of a file id */ @@ -1241,7 +1488,7 @@ } { - int i=0; + size_t i=0; while(i < rbuf[1]) { if (rbuf[2+i] == 0x86) { /* found our buffer */ break; @@ -1396,6 +1643,7 @@ int do_read_data_object = 0; int do_list_data_objects = 0; int do_list_pins = 0; + int do_list_apps = 0; int do_dump = 0; int do_list_prkeys = 0; int do_list_pubkeys = 0; @@ -1403,6 +1651,7 @@ #if defined(ENABLE_OPENSSL) && (defined(_WIN32) || defined(HAVE_INTTYPES_H)) int do_read_sshkey = 0; #endif + int do_verify_pin = 0; int do_change_pin = 0; int do_unblock_pin = 0; int do_learn_card = 0; @@ -1436,6 +1685,9 @@ do_list_data_objects = 1; action_count++; break; + case OPT_VERIFY_PIN: + do_verify_pin = 1; + break; case OPT_CHANGE_PIN: do_change_pin = 1; action_count++; @@ -1485,7 +1737,7 @@ action_count++; break; case OPT_READER: - opt_reader = atoi(optarg); + opt_reader = optarg; break; case OPT_PIN: opt_pin = (u8 *) optarg; @@ -1505,6 +1757,13 @@ case 'a': opt_auth_id = optarg; break; + case OPT_BIND_TO_AID: + opt_bind_to_aid = optarg; + break; + case OPT_LIST_APPLICATIONS: + do_list_apps = 1; + action_count++; + break; case OPT_NO_CACHE: opt_no_cache++; break; @@ -1525,25 +1784,48 @@ fprintf(stderr, "Failed to establish context: %s\n", sc_strerror(r)); return 1; } - if (verbose > 1 ) - ctx->debug = verbose-1; - err = util_connect_card(ctx, &card, opt_reader, 0, opt_wait, verbose); + if (verbose > 1) { + ctx->debug = verbose; + sc_ctx_log_to_file(ctx, "stderr"); + } + + err = util_connect_card(ctx, &card, opt_reader, opt_wait, verbose); if (err) goto end; if (verbose) fprintf(stderr, "Trying to find a PKCS#15 compatible card...\n"); - r = sc_pkcs15_bind(card, &p15card); + + if (opt_bind_to_aid) { + struct sc_aid aid; + + aid.len = sizeof(aid.value); + if (sc_hex_to_bin(opt_bind_to_aid, aid.value, &aid.len)) { + fprintf(stderr, "Invalid AID value: '%s'\n", opt_bind_to_aid); + return 1; + } + + r = sc_pkcs15_bind(card, &aid, &p15card); + } + else { + r = sc_pkcs15_bind(card, NULL, &p15card); + } + if (r) { - fprintf(stderr, "PKCS#15 initialization failed: %s\n", sc_strerror(r)); + fprintf(stderr, "PKCS#15 binding failed: %s\n", sc_strerror(r)); err = 1; goto end; } if (opt_no_cache) - p15card->opts.use_cache = 0; + p15card->opts.use_file_cache = 0; if (verbose) - fprintf(stderr, "Found %s!\n", p15card->label); + fprintf(stderr, "Found %s!\n", p15card->tokeninfo->label); + + if (do_verify_pin) + if ((err = verify_pin())) + goto end; + if (do_learn_card) { if ((err = learn_card())) goto end; @@ -1596,6 +1878,11 @@ goto end; action_count--; } + if (do_list_apps) { + if ((err = list_apps(stdout))) + goto end; + action_count--; + } if (do_dump) { if ((err = dump())) goto end; @@ -1615,7 +1902,7 @@ err = test_update(card); action_count--; if (err == 2) { /* problem */ - err =1; + err = 1; goto end; } if (do_update && err == 1) { /* card vulnerable */ @@ -1628,7 +1915,7 @@ sc_pkcs15_unbind(p15card); if (card) { sc_unlock(card); - sc_disconnect_card(card, 0); + sc_disconnect_card(card); } if (ctx) sc_release_context(ctx); @@ -1638,7 +1925,6 @@ /* * Helper function for PEM encoding public key */ -#include "opensc/asn1.h" static const struct sc_asn1_entry c_asn1_pem_key_items[] = { { "algorithm", SC_ASN1_ALGORITHM_ID, SC_ASN1_CONS| SC_ASN1_TAG_SEQUENCE, 0, NULL, NULL}, { "key", SC_ASN1_BIT_STRING_NI, SC_ASN1_TAG_BIT_STRING, 0, NULL, NULL }, diff -Nru opensc-0.11.13/src/tools/rutoken-tool.c opensc-0.12.1/src/tools/rutoken-tool.c --- opensc-0.11.13/src/tools/rutoken-tool.c 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/tools/rutoken-tool.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,552 +0,0 @@ -/* - * rutoken-tool.c: RuToken Tool - * - * Copyright (C) 2007 Pavel Mironchik - * Copyright (C) 2007 Eugene Hermann - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -#ifdef HAVE_CONFIG_H -#include -#endif -#include -#include -#ifdef HAVE_UNISTD_H -#include -#endif -#include -#include -#include -#include -#include -#include -#include -#include "util.h" - -/* win32 needs this in open(2) */ -#ifndef O_BINARY -#define O_BINARY 0 -#endif - -#define IV_SIZE 8 -#define HASH_SIZE 4 - -static const char *app_name = "rutoken-tool"; - -enum { - OP_NONE, - OP_GET_INFO, - OP_GEN_KEY, - OP_ENCRYPT, - OP_DECRYPT, - OP_MAC -}; - -static const struct option options[] = { - {"reader", 1, NULL, 'r'}, - {"wait", 0, NULL, 'w'}, - {"pin", 1, NULL, 'p'}, - {"key", 1, NULL, 'k'}, - {"IV", 1, NULL, 'I'}, - {"type", 1, NULL, 't'}, - {"input", 1, NULL, 'i'}, - {"output", 1, NULL, 'o'}, - {"info", 0, NULL, 's'}, - {"genkey", 0, NULL, 'g'}, - {"encrypt", 0, NULL, 'e'}, - {"decrypt", 0, NULL, 'd'}, - {"mac", 0, NULL, 'm'}, - {"verbose", 0, NULL, 'v'}, - {NULL, 0, NULL, 0 } -}; - -static const char *option_help[] = { - "Uses reader number [0]", - "Wait for a card to be inserted", - "Specify PIN", - "Selects the GOST key ID to use", - "Initialization vector of the encryption to use", - "Specify a new GOST key type: ECB (default), SM or CFB", - "Selects the input file to cipher", - "Selects the output file to cipher", - "Show ruToken information", - "Generate new GOST key", - "Performs GOST encryption operation", - "Performs GOST decryption operation", - "Performs MAC computation with GOST key", - "Verbose operation. Use several times to enable debug output." -}; - -/* Get ruToken device information */ - -static int rutoken_info(sc_card_t *card) -{ - u8 rbuf[SC_MAX_APDU_BUFFER_SIZE]; - sc_serial_number_t serial; - int r; - - r = sc_card_ctl(card, SC_CARDCTL_RUTOKEN_GET_INFO, rbuf); - if (r) { - fprintf(stderr, "Error: Get info failed: %s\n", sc_strerror(r)); - return -1; - } - printf("Type: %d\n", rbuf[0]); - printf("Version: %d.%d\n", rbuf[1]>>4, rbuf[1] & 0x0F); - printf("Memory: %d Kb\n", rbuf[2]*8); - printf("Protocol version: %d\n", rbuf[3]); - printf("Software version: %d\n", rbuf[4]); - printf("Order: %d\n", rbuf[5]); - - r = sc_card_ctl(card, SC_CARDCTL_GET_SERIALNR, &serial); - if (r) { - fprintf(stderr, "Error: Get serial failed: %s\n", sc_strerror(r)); - return -1; - } - printf("Serial number: "); - util_hex_dump(stdout, serial.value, serial.len, NULL); - putchar('\n'); - return 0; -} - -/* Cipher/Decipher a buffer on token (used GOST key chosen by ID) */ - -static int rutoken_cipher(sc_card_t *card, u8 keyid, - const u8 *in, size_t inlen, - u8 *out, size_t outlen, int oper) -{ - int r; - struct sc_rutoken_decipherinfo inf = { in, inlen, out, outlen }; - sc_security_env_t env; - int cmd = (oper == OP_ENCRYPT) ? - SC_CARDCTL_RUTOKEN_GOST_ENCIPHER : - SC_CARDCTL_RUTOKEN_GOST_DECIPHER; - - memset(&env, 0, sizeof(env)); - env.key_ref[0] = keyid; - env.key_ref_len = 1; - env.algorithm = SC_ALGORITHM_GOST; - env.operation = SC_SEC_OPERATION_DECIPHER; - - /* set security env */ - r = sc_set_security_env(card, &env, 0); - if (r) { - fprintf(stderr, "Error: Cipher failed (set security environment): %s\n", - sc_strerror(r)); - return -1; - } - /* cipher */ - r = sc_card_ctl(card, cmd, &inf); - if (r) { - fprintf(stderr, "Error: Cipher failed: %s\n", sc_strerror(r)); - return -1; - } - return 0; -} - -/* Compute MAC a buffer on token (used GOST key chosen by ID) */ - -static int rutoken_mac(sc_card_t *card, u8 keyid, - const u8 *in, size_t inlen, - u8 *out, size_t outlen) -{ - int r; - sc_security_env_t env; - - memset(&env, 0, sizeof(env)); - env.key_ref[0] = keyid; - env.key_ref_len = 1; - env.algorithm = SC_ALGORITHM_GOST; - env.operation = SC_SEC_OPERATION_SIGN; - - /* set security env */ - r = sc_set_security_env(card, &env, 0); - if (r) { - fprintf(stderr, "Error: Computation signature (MAC) failed" - " (set security environment): %s\n", sc_strerror(r)); - return -1; - } - /* calculate hash */ - r = sc_compute_signature(card, in, inlen, out, outlen); - if (r) { - fprintf(stderr, "Error: Computation signature (MAC) failed: %s\n", - sc_strerror(r)); - return -1; - } - return 0; -} - -/* Encrypt/Decrupt infile to outfile */ - -static int do_crypt(sc_card_t *card, u8 keyid, - const char *path_infile, const char *path_outfile, - const u8 IV[IV_SIZE], int oper) -{ - int err; - int fd_in, fd_out; - struct stat st; - size_t insize, outsize, readsize; - u8 *inbuf = NULL, *outbuf = NULL, *p; - - fd_in = open(path_infile, O_RDONLY | O_BINARY); - if (fd_in < 0) { - fprintf(stderr, "Error: Cannot open file '%s'\n", path_infile); - return -1; - } - err = fstat(fd_in, &st); - if (err || (oper == OP_DECRYPT && st.st_size < IV_SIZE)) { - fprintf(stderr, "Error: File '%s' is invalid\n", path_infile); - close(fd_in); - return -1; - } - insize = st.st_size; - if (oper == OP_ENCRYPT) - insize += IV_SIZE; - outsize = insize; - if (oper == OP_DECRYPT) /* !(stat.st_size < IV_SIZE) already true */ - outsize -= IV_SIZE; - - inbuf = malloc(insize); - outbuf = malloc(outsize); - if (!inbuf || !outbuf) { - fprintf(stderr, "Error: File '%s' is too big (allocate memory)\n", - path_infile); - err = -1; - } - if (err == 0) { - p = inbuf; - readsize = insize; - if (oper == OP_ENCRYPT) { - memcpy(inbuf, IV, IV_SIZE); /* Set IV in first bytes buf */ - /* insize >= IV_SIZE already true */ - p += IV_SIZE; - readsize -= IV_SIZE; - } - err = read(fd_in, p, readsize); - if (err < 0 || (size_t)err != readsize) { - fprintf(stderr, "Error: Read file '%s' failed\n", path_infile); - err = -1; - } - else - err = 0; - } - close(fd_in); - - if (err == 0) { - fd_out = open(path_outfile, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, - S_IRUSR | S_IWUSR); - if (fd_out < 0) { - fprintf(stderr, "Error: Cannot create file '%s'\n",path_outfile); - err = -1; - } - else { - err = rutoken_cipher(card, keyid, inbuf, insize, - outbuf, outsize, oper); - if (err == 0) { - err = write(fd_out, outbuf, outsize); - if (err < 0 || (size_t)err != outsize) { - fprintf(stderr,"Error: Write file '%s' failed\n", - path_outfile); - err = -1; - } - else - err = 0; - } - close(fd_out); - } - } - if (outbuf) - free(outbuf); - if (inbuf) - free(inbuf); - return err; -} - -/* Cipher/Decipher - (for cipher IV is parameters or random generated on token) */ - -static int gostchiper(sc_card_t *card, u8 keyid, - const char *path_infile, const char *path_outfile, - const char IV[IV_SIZE], int is_iv, int op_oper) -{ - int r; - u8 iv[IV_SIZE]; - - if (op_oper == OP_ENCRYPT) { - if (!is_iv) { - /* generated random on token */ - r = sc_get_challenge(card, iv, IV_SIZE); - if (r) { - fprintf(stderr, "Error: Generate IV" - " (get challenge) failed: %s\n", - sc_strerror(r)); - return -1; - } - } - else - memcpy(iv, IV, IV_SIZE); - } - return do_crypt(card, keyid, path_infile, path_outfile, iv, op_oper); -} - -/* Print MAC infile (used GOST key chosen by ID) */ - -static int gostmac(sc_card_t *card, u8 keyid, const char *path_infile) -{ - int err; - int fd; - struct stat st; - size_t insize; - u8 *inbuf = NULL; - u8 outbuf[HASH_SIZE]; - - fd = open(path_infile, O_RDONLY | O_BINARY); - if (fd < 0) { - fprintf(stderr, "Error: Cannot open file '%s'\n", path_infile); - return -1; - } - err = fstat(fd, &st); - if (err) { - fprintf(stderr, "Error: File '%s' is invalid\n", path_infile); - close(fd); - return -1; - } - insize = st.st_size; - inbuf = malloc(insize); - if (!inbuf) { - fprintf(stderr, "Error: File '%s' is too big (allocate memory)\n", - path_infile); - err = -1; - } - if (err == 0) { - err = read(fd, inbuf, insize); - if (err < 0 || (size_t)err != insize) { - fprintf(stderr, "Error: Read file '%s' failed\n", path_infile); - err = -1; - } - else - err = rutoken_mac(card, keyid, inbuf, insize, - outbuf, sizeof(outbuf)); - } - if (err == 0) { - util_hex_dump(stdout, outbuf, sizeof(outbuf), NULL); - putchar('\n'); - } - if (inbuf) - free(inbuf); - close(fd); - return err; -} - -/* Generate GOST key on ruToken card */ - -static int generate_gostkey(sc_card_t *card, u8 keyid, u8 keyoptions) -{ - const sc_SecAttrV2_t gk_sec_attr = { - 0x44, 0, 0, 1, 0, 0, 0, 1, - 0, 0, 0, 0, - 0, 0, 0, 0, - 2, 0, 0, 0, - 0, 0, 0, 0, - 0, 0, 0, 0, - 0, 0, 0, 0, - 2, 0, 0, 0, - 0, 0, 0, 0 - }; - sc_DOHdrV2_t paramkey; - int r; - - memset(¶mkey, 0, sizeof(paramkey)); - paramkey.wDOBodyLen = SC_RUTOKEN_DEF_LEN_DO_GOST; - paramkey.OTID.byObjectType = SC_RUTOKEN_TYPE_KEY; - paramkey.OTID.byObjectID = keyid; - paramkey.OP.byObjectOptions = keyoptions; - - /* assert(sizeof(*gk_sec_attr)); */ - /* assert(sizeof(*paramkey.SA_V2)); */ - /* assert(sizeof(paramkey.SA_V2) == sizeof(gk_sec_attr)); */ - memcpy(paramkey.SA_V2, gk_sec_attr, sizeof(gk_sec_attr)); - - r = sc_card_ctl(card, SC_CARDCTL_RUTOKEN_GENERATE_KEY_DO, ¶mkey); - if (r) { - fprintf(stderr, "Error: Generate GOST key failed: %s\n", sc_strerror(r)); - return -1; - } - return 0; -} - -int main(int argc, char* argv[]) -{ - int opt_reader = -1; - int opt_wait = 0; - const char *opt_pin = NULL; - int opt_key = 0; - int opt_is_iv = 0; - u8 opt_keytype = SC_RUTOKEN_OPTIONS_GOST_CRYPT_PZ; - const char *opt_input = NULL; - const char *opt_output = NULL; - int opt_operation = OP_NONE; - int opt_debug = 0; - char IV[IV_SIZE]; - - int err = 0; - sc_context_t *ctx = NULL; - sc_context_param_t ctx_param; - sc_card_t *card = NULL; - int c, long_optind, r, tries_left; - - while (1) { - c = getopt_long(argc, argv, "r:wp:k:I:t:i:o:sgedmv", - options, &long_optind); - if (c == -1) - break; - switch (c) { - case '?': - util_print_usage_and_die(app_name, options, option_help); - case 'r': - opt_reader = atoi(optarg); - break; - case 'w': - opt_wait = 1; - break; - case 'p': - opt_pin = optarg; - break; - case 'k': - opt_key = atoi(optarg); - if (opt_key <= 0 || opt_key < SC_RUTOKEN_DO_ALL_MIN_ID - || opt_key > SC_RUTOKEN_DO_NOCHV_MAX_ID) { - fprintf(stderr, "Error: Key ID is invalid" - " (%d <= ID <= %d)\n", - SC_RUTOKEN_DO_ALL_MIN_ID > 0 ? - SC_RUTOKEN_DO_ALL_MIN_ID : 1, - SC_RUTOKEN_DO_NOCHV_MAX_ID); - return -1; - } - break; - case 'I': - opt_is_iv = 1; - strncpy(IV, optarg, sizeof(IV)); - break; - case 't': - if (strcmp(optarg, "CFB") == 0) - opt_keytype = SC_RUTOKEN_OPTIONS_GOST_CRYPT_GAMMOS; - else if (strcmp(optarg, "SM") == 0) - opt_keytype = SC_RUTOKEN_OPTIONS_GOST_CRYPT_GAMM; - else if (strcmp(optarg, "ECB") != 0) { - fprintf(stderr, "Error: Key type must be either" - " ECB, SM or CFB\n"); - return -1; - } - break; - case 'i': - opt_input = optarg; - break; - case 'o': - opt_output = optarg; - break; - case 's': - opt_operation = OP_GET_INFO; - break; - case 'g': - opt_operation = OP_GEN_KEY; - break; - case 'e': - opt_operation = OP_ENCRYPT; - break; - case 'd': - opt_operation = OP_DECRYPT; - break; - case 'm': - opt_operation = OP_MAC; - break; - case 'v': - opt_debug++; - break; - } - } - - memset(&ctx_param, 0, sizeof(ctx_param)); - ctx_param.app_name = app_name; - r = sc_context_create(&ctx, &ctx_param); - if (r) { - fprintf(stderr, "Error: Failed to establish context: %s\n", - sc_strerror(r)); - return -1; - } - ctx->debug = opt_debug; - - if (util_connect_card(ctx, &card, opt_reader, 0, opt_wait, opt_debug) != 0) - err = -1; - - if (err == 0 && opt_pin) { - /* verify */ - r = sc_verify(card, SC_AC_CHV, SC_RUTOKEN_DEF_ID_GCHV_USER, - (u8*)opt_pin, strlen(opt_pin), &tries_left); - if (r) { - fprintf(stderr, "Error: PIN verification failed: %s", - sc_strerror(r)); - if (r == SC_ERROR_PIN_CODE_INCORRECT) - fprintf(stderr, " (tries left %d)\n", tries_left); - else - putc('\n', stderr); - err = 1; - } - } - if (err == 0) { - err = -1; - switch (opt_operation) { - case OP_GET_INFO: - err = rutoken_info(card); - break; - case OP_DECRYPT: - case OP_ENCRYPT: - case OP_MAC: - if (!opt_input) { - fprintf(stderr, "Error: No input file specified\n"); - break; - } - if (opt_operation != OP_MAC && !opt_output) { - fprintf(stderr, "Error: No output file specified\n"); - break; - } - case OP_GEN_KEY: - if (opt_key == 0) { - fprintf(stderr, "Error: You must set key ID\n"); - break; - } - if (opt_operation == OP_GEN_KEY) - err = generate_gostkey(card, (u8)opt_key, opt_keytype); - else if (opt_operation == OP_MAC) - err = gostmac(card, (u8)opt_key, opt_input); - else - err = gostchiper(card, (u8)opt_key, opt_input,opt_output, - IV, opt_is_iv, opt_operation); - break; - default: - fprintf(stderr, "Error: No operation specified\n"); - break; - } - } - if (card) { - /* sc_lock and sc_connect_card in util_connect_card */ - sc_unlock(card); - sc_disconnect_card(card, 0); - } - if (ctx) - sc_release_context(ctx); - return err; -} - diff -Nru opensc-0.11.13/src/tools/util.c opensc-0.12.1/src/tools/util.c --- opensc-0.11.13/src/tools/util.c 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/tools/util.c 2011-05-17 17:07:00.000000000 +0000 @@ -1,80 +1,96 @@ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #include #include +#ifndef _WIN32 +#include +#else +#include +#endif #include #include "util.h" int util_connect_card(sc_context_t *ctx, sc_card_t **cardp, - int reader_id, int slot_id, int wait, int verbose) + const char *reader_id, int do_wait, int verbose) { - sc_reader_t *reader; + sc_reader_t *reader, *found; sc_card_t *card; - int r; + int r, tmp_reader_num; - if (wait) { - sc_reader_t *readers[16]; - int slots[16]; - unsigned int i; - int j, k, found; + if (do_wait) { unsigned int event; - for (i = k = 0; i < sc_ctx_get_reader_count(ctx); i++) { - if (reader_id >= 0 && (unsigned int)reader_id != i) - continue; - reader = sc_ctx_get_reader(ctx, i); - for (j = 0; j < reader->slot_count; j++, k++) { - readers[k] = reader; - slots[k] = j; + if (sc_ctx_get_reader_count(ctx) == 0) { + fprintf(stderr, "Waiting for a reader to be attached...\n"); + r = sc_wait_for_event(ctx, SC_EVENT_READER_ATTACHED, &found, &event, -1, NULL); + if (r < 0) { + fprintf(stderr, "Error while waiting for a reader: %s\n", sc_strerror(r)); + return 3; + } + r = sc_ctx_detect_readers(ctx); + if (r < 0) { + fprintf(stderr, "Error while refreshing readers: %s\n", sc_strerror(r)); + return 3; } } - - printf("Waiting for card to be inserted...\n"); - r = sc_wait_for_event(readers, slots, k, - SC_EVENT_CARD_INSERTED, - &found, &event, -1); + fprintf(stderr, "Waiting for a card to be inserted...\n"); + r = sc_wait_for_event(ctx, SC_EVENT_CARD_INSERTED, &found, &event, -1, NULL); if (r < 0) { - fprintf(stderr, - "Error while waiting for card: %s\n", - sc_strerror(r)); + fprintf(stderr, "Error while waiting for a card: %s\n", sc_strerror(r)); return 3; } - - reader = readers[found]; - slot_id = slots[found]; + reader = found; } else { if (sc_ctx_get_reader_count(ctx) == 0) { fprintf(stderr, "No smart card readers found.\n"); return 1; } - if (reader_id < 0) { + if (!reader_id) { unsigned int i; /* Automatically try to skip to a reader with a card if reader not specified */ for (i = 0; i < sc_ctx_get_reader_count(ctx); i++) { reader = sc_ctx_get_reader(ctx, i); - if (sc_detect_card_presence(reader, 0) & SC_SLOT_CARD_PRESENT) { - reader_id = i; + if (sc_detect_card_presence(reader) & SC_READER_CARD_PRESENT) { fprintf(stderr, "Using reader with a card: %s\n", reader->name); goto autofound; } } - reader_id = 0; + /* If no reader had a card, default to the first reader */ + reader = sc_ctx_get_reader(ctx, 0); + } else { + /* If the reader identifiers looks like an ATR, try to find the reader with that card */ + unsigned char atr_buf[SC_MAX_ATR_SIZE * 3]; + size_t atr_buf_len = sizeof(atr_buf); + unsigned int i; + if (sc_hex_to_bin(reader_id, atr_buf, &atr_buf_len) == SC_SUCCESS) { + /* Loop readers, looking for a card with ATR */ + for (i = 0; i < sc_ctx_get_reader_count(ctx); i++) { + reader = sc_ctx_get_reader(ctx, i); + if (sc_detect_card_presence(reader) & SC_READER_CARD_PRESENT) { + if (!memcmp(reader->atr.value, atr_buf, reader->atr.len)) { + fprintf(stderr, "Matched ATR in reader: %s\n", reader->name); + goto autofound; + } + } + } + } + if (!sscanf(reader_id, "%d", &tmp_reader_num)) { + /* Try to get the reader by name if it does not parse as a number */ + reader = sc_ctx_get_reader_by_name(ctx, reader_id); + } else { + reader = sc_ctx_get_reader(ctx, tmp_reader_num); + } } autofound: - if ((unsigned int)reader_id >= sc_ctx_get_reader_count(ctx)) { + if (!reader) { fprintf(stderr, - "Illegal reader number. " - "Only %d reader(s) configured.\n", - sc_ctx_get_reader_count(ctx)); + "Reader \"%s\" not found (%d reader(s) detected)\n", reader_id, sc_ctx_get_reader_count(ctx)); return 1; } - reader = sc_ctx_get_reader(ctx, reader_id); - slot_id = 0; - if (sc_detect_card_presence(reader, 0) <= 0) { + if (sc_detect_card_presence(reader) <= 0) { fprintf(stderr, "Card not present.\n"); return 3; } @@ -82,7 +98,7 @@ if (verbose) printf("Connecting to card in reader %s...\n", reader->name); - if ((r = sc_connect_card(reader, slot_id, &card)) < 0) { + if ((r = sc_connect_card(reader, &card)) < 0) { fprintf(stderr, "Failed to connect to card: %s\n", sc_strerror(r)); @@ -96,7 +112,7 @@ fprintf(stderr, "Failed to lock card: %s\n", sc_strerror(r)); - sc_disconnect_card(card, 0); + sc_disconnect_card(card); return 1; } @@ -107,7 +123,7 @@ void util_print_binary(FILE *f, const u8 *buf, int count) { int i; - + for (i = 0; i < count; i++) { unsigned char c = buf[i]; const char *format; @@ -123,7 +139,7 @@ void util_hex_dump(FILE *f, const u8 *in, int len, const char *sep) { int i; - + for (i = 0; i < len; i++) { if (sep != NULL && i) fprintf(f, "%s", sep); @@ -138,7 +154,7 @@ while (count) { char ascbuf[17]; size_t i; - + if (addr >= 0) { fprintf(f, "%08X: ", addr); addr += 16; @@ -169,7 +185,7 @@ while (options[i].name) { char buf[40], tmp[5]; const char *arg_str; - + /* Skip "hidden" options */ if (option_help[i] == NULL) { i++; @@ -206,7 +222,7 @@ { static char line[80], buf[10]; unsigned int acl; - + if (e == NULL) return "N/A"; line[0] = 0; @@ -285,3 +301,64 @@ va_end(ap); } +int +util_getpass (char **lineptr, size_t *len, FILE *stream) +{ +#define MAX_PASS_SIZE 128 + char *buf; + unsigned int i; +#ifndef _WIN32 + struct termios old, new; + + fflush(stdout); + if (tcgetattr (fileno (stdout), &old) != 0) + return -1; + new = old; + new.c_lflag &= ~ECHO; + if (tcsetattr (fileno (stdout), TCSAFLUSH, &new) != 0) + return -1; +#endif + + buf = calloc(1, MAX_PASS_SIZE); + if (!buf) + return -1; + + for (i = 0; i < MAX_PASS_SIZE - 1; i++) { +#ifndef _WIN32 + buf[i] = getchar(); +#else + buf[i] = _getch(); +#endif + if (buf[i] == 0 || buf[i] == 3) + break; + if (buf[i] == '\n' || buf[i] == '\r') + break; + } +#ifndef _WIN32 + tcsetattr (fileno (stdout), TCSAFLUSH, &old); + fputs("\n", stdout); +#endif + if (buf[i] == 0 || buf[i] == 3) { + free(buf); + return -1; + } + + buf[i] = 0; + + if (*lineptr && (!len || *len < i+1)) { + free(*lineptr); + *lineptr = NULL; + } + + if (*lineptr) { + memcpy(*lineptr,buf,i+1); + memset(buf, 0, MAX_PASS_SIZE); + free(buf); + } else { + *lineptr = buf; + if (len) + *len = MAX_PASS_SIZE; + } + return i; +} + diff -Nru opensc-0.11.13/src/tools/util.h opensc-0.12.1/src/tools/util.h --- opensc-0.11.13/src/tools/util.h 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/tools/util.h 2011-05-17 17:07:00.000000000 +0000 @@ -1,9 +1,8 @@ #ifndef UTIL_H #define UTIL_H -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" + #include #include #include @@ -16,8 +15,9 @@ #include #endif #include -#include -#include + +#include "common/compat_getopt.h" +#include "libopensc/opensc.h" #ifdef __cplusplus extern "C" { @@ -33,8 +33,9 @@ void util_error(const char *fmt, ...); void util_fatal(const char *fmt, ...); /* All singing all dancing card connect routine */ -int util_connect_card(struct sc_context *, struct sc_card **, - int reader_id, int slot_id, int wait, int verbose); +int util_connect_card(struct sc_context *, struct sc_card **, const char *reader_id, int wait, int verbose); + +int util_getpass (char **lineptr, size_t *n, FILE *stream); #ifdef __cplusplus } diff -Nru opensc-0.11.13/src/tools/versioninfo.rc opensc-0.12.1/src/tools/versioninfo.rc --- opensc-0.11.13/src/tools/versioninfo.rc 2010-02-16 09:33:41.000000000 +0000 +++ opensc-0.12.1/src/tools/versioninfo.rc 1970-01-01 00:00:00.000000000 +0000 @@ -1,37 +0,0 @@ -/* This file is processed by configure to create versioninfo.rc */ -/* Every component changes OpenSC Utility to local string */ - -#include - -VS_VERSION_INFO VERSIONINFO - FILEVERSION 2,0,0,0 - PRODUCTVERSION 0,11,13,0 - FILEFLAGSMASK 0x3fL -#ifdef _DEBUG - FILEFLAGS 0x21L -#else - FILEFLAGS 0x20L -#endif - FILEOS 0x40004L - FILETYPE 0x1L - FILESUBTYPE 0x0L -BEGIN - BLOCK "StringFileInfo" - BEGIN - BLOCK "040904b0" - BEGIN - VALUE "Comments", "Provided under the terms of the GNU General Public License (LGPLv2.1+).\0" - VALUE "CompanyName", "OpenSC Project\0" - VALUE "FileDescription", "OpenSC Utility\0" - VALUE "FileVersion", "2.0.0.0\0" - VALUE "InternalName", "opensc\0" - VALUE "LegalCopyright", "OpenSC Project\0" - VALUE "LegalTrademarks", "\0" - VALUE "PrivateBuild", "\0" - VALUE "ProductName", "opensc\0" - VALUE "ProductVersion", "0,11,13,0\0" - VALUE "SpecialBuild", "\0" - END - END -END - diff -Nru opensc-0.11.13/src/tools/westcos-tool.c opensc-0.12.1/src/tools/westcos-tool.c --- opensc-0.11.13/src/tools/westcos-tool.c 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/src/tools/westcos-tool.c 2011-05-17 17:07:00.000000000 +0000 @@ -1,5 +1,5 @@ /* - * westcos-tool.exe: tool for westcos card + * westcos-tool.c: tool for westcos card * * Copyright (C) 2009 francois.leblanc@cev-sa.com * @@ -19,19 +19,11 @@ */ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" #include #include #include - -#include -#include -#include -#include - #include #include #include @@ -41,14 +33,62 @@ #include #include -static char *version ="0.0.6"; - -static char *nom_card = "WESTCOS"; +#include "libopensc/opensc.h" +#include "libopensc/errors.h" +#include "libopensc/pkcs15.h" +#include "libopensc/cardctl.h" + +#include "util.h" + +static const char *app_name = "westcos-tool"; + +static const struct option options[] = { + { "reader", 1, NULL, 'r' }, + { "wait", 0, NULL, 'w' }, + { "generate-key", 0, NULL, 'g' }, + { "overwrite-key", 0, NULL, 'o' }, + { "key-length", 1, NULL, 'l' }, + { "install-pin", 0, NULL, 'i' }, + { "pin-value", 1, NULL, 'x' }, + { "puk-value", 1, NULL, 'y' }, + { "change-pin", 0, NULL, 'n' }, + { "unblock-pin", 0, NULL, 'u' }, + { "certificate", 1, NULL, 't' }, + { "finalize", 0, NULL, 'f' }, + { "read-file", 1, NULL, 'j' }, + { "write-file", 1, NULL, 'k' }, + { "help", 0, NULL, 'h' }, + { "verbose", 0, NULL, 'v' }, + { NULL, 0, NULL, 0 } +}; + +static const char *option_help[] = { + "Uses reader number [0]", + "Wait for card insertion", + "Generate key 1536 default", + "Overwrite key if already exist", + "Key length [512,1024,1536]", + "Install pin", + "Pin value ", + "Puk value ", + "Change pin (new pin in puk value)", + "Unblock pin", + "Write certificate (in pem format)", + "Finalize card(!!! MANDATORY FOR SECURITY !!!)", + "Read file ", + "Write file (ex 0002 write file 0002 to 0002)", + "This message", + "Verbose operation. Use several times to enable debug output." +}; + + +static int opt_wait = 0, verbose = 0; +static const char *opt_driver = NULL; +static const char *opt_reader = NULL; -static int finalise = 0; -static int verbose = 0; +static int finalize = 0; static int install_pin = 0; -static int remplace = 0; +static int overwrite = 0; static char *pin = NULL; static char *puk = NULL; @@ -56,10 +96,8 @@ static int keylen = 0; -static int no_lecteur = -1; - static int new_pin = 0; -static int debloque = 0; +static int unlock = 0; static char *get_filename = NULL; static char *put_filename = NULL; @@ -68,7 +106,7 @@ { if (src == 0) return 0; dst->len = BN_num_bytes(src); - dst->data = (u8 *) malloc(dst->len); + dst->data = malloc(dst->len); BN_bn2bin(src, dst->data); return 1; } @@ -85,7 +123,7 @@ } while ((r = ERR_get_error()) != 0) - fprintf(stderr, "%s\n", ERR_error_string(r, NULL)); + printf("%s\n", ERR_error_string(r, NULL)); } static int verify_pin(sc_card_t *card, int pin_reference, char *pin_value) @@ -102,7 +140,7 @@ data.flags = SC_PIN_CMD_NEED_PADDING; - if (card->slot->capabilities & SC_SLOT_CAP_PIN_PAD) + if (card->reader->capabilities & SC_READER_CAP_PIN_PAD) { printf("Please enter PIN on the reader's pin pad.\n"); data.pin1.prompt = "Please enter PIN"; @@ -126,12 +164,12 @@ if (r == SC_ERROR_PIN_CODE_INCORRECT) { if (tries_left >= 0) - printf("Error %d attemps left.\n", tries_left); + printf("Error %d attempts left.\n", tries_left); else printf("Wrong pin.\n"); } else - fprintf(stderr, "The pin can be verify: %s\n", sc_strerror(r)); + printf("The pin can be verify: %s\n", sc_strerror(r)); return -1; } printf("Pin correct.\n"); @@ -155,7 +193,7 @@ data.flags = SC_PIN_CMD_NEED_PADDING; - if (card->slot->capabilities & SC_SLOT_CAP_PIN_PAD) + if (card->reader->capabilities & SC_READER_CAP_PIN_PAD) { printf("Please enter PIN on the reader's pin pad.\n"); data.pin1.prompt = "Please enter PIN"; @@ -183,12 +221,12 @@ if (r == SC_ERROR_PIN_CODE_INCORRECT) { if (tries_left >= 0) - printf("Error %d attemps left.\n", tries_left); + printf("Error %d attempts left.\n", tries_left); else printf("Wrong pin.\n"); } else - fprintf(stderr, "Can't change pin: %s\n", + printf("Can't change pin: %s\n", sc_strerror(r)); return -1; } @@ -196,7 +234,7 @@ return 0; } -static int debloque_pin(sc_card_t *card, +static int unlock_pin(sc_card_t *card, int pin_reference, char *puk_value, char *pin_value) @@ -213,7 +251,7 @@ data.flags = SC_PIN_CMD_NEED_PADDING; - if (card->slot->capabilities & SC_SLOT_CAP_PIN_PAD) + if (card->reader->capabilities & SC_READER_CAP_PIN_PAD) { printf("Please enter PIN on the reader's pin pad.\n"); data.pin1.prompt = "Please enter PIN"; @@ -241,16 +279,16 @@ if (r == SC_ERROR_PIN_CODE_INCORRECT) { if (tries_left >= 0) - printf("Error %d attemps left.\n", tries_left); + printf("Error %d attempts left.\n", tries_left); else printf("Wrong pin.\n"); } else - fprintf(stderr, "Can't unblock pin: %s\n", + printf("Can't unblock pin: %s\n", sc_strerror(r)); return -1; } - printf("Code debloque.\n"); + printf("Unlock pin.\n"); return 0; } @@ -259,7 +297,7 @@ int len; u8 *p; len = i2d_X509(cert, NULL); - p = *value = (u8*)malloc(len); + p = *value = malloc(len); i2d_X509(cert, &p); return len; } @@ -270,7 +308,6 @@ int size; sc_path_t path; sc_file_t *file = NULL; - sc_context_t *ctx = card->ctx; sc_format_path("3F00", &path); r = sc_select_file(card, &path, &file); @@ -285,9 +322,7 @@ } sc_format_path("0002", &path); - sc_ctx_suppress_errors_on(ctx); r = sc_select_file(card, &path, NULL); - sc_ctx_suppress_errors_off(ctx); if(r) { if(r != SC_ERROR_FILE_NOT_FOUND) goto out; @@ -295,7 +330,7 @@ file = sc_file_new(); if(file == NULL) { - fprintf(stderr, "memory error.\n"); + printf("Memory error.\n"); goto out; } @@ -324,37 +359,10 @@ return r; } -void usage(void) -{ -printf("Tools for westcos card.\n"); -printf("version %s.\n\n", version); -printf("\t -G Generate key 1536 default.\n"); -printf("\t -L [length] Key length 512,1024,1536.\n"); -printf("\t -i Install pin.\n"); -printf("\t -pin [value] Pin.\n"); -printf("\t -puk [value] Puk.\n"); -printf("\t -n Change pin (new pin in puk option).\n"); -printf("\t -u Unblock pin.\n"); -printf("\t -cert [file] Write certificate (in pem format).\n"); -printf("\t -F Finalize card "\ - "(!!! MANDATORY FOR SECURITY !!!).\n"); -printf("\t -r [n] Use reader number [n]"\ - " (default: autodetect).\n"); -printf("\t -gf [path] Read file [path].\n"); -printf("\t -pf [path] Write file [path].\n"); -printf("\t -v verbose.\n"); -printf("\t -h This message.\n"); -exit(0); -} - int main(int argc, char *argv[]) { - int r; - int i = 1; - char *p; - int card_presente = 0; + int r, c, long_optind = 0; sc_context_param_t ctx_param; - sc_reader_t *lecteur = NULL; sc_card_t *card = NULL; sc_context_t *ctx = NULL; sc_file_t *file = NULL; @@ -363,123 +371,62 @@ BIGNUM *bn = NULL; BIO *mem = NULL; - while(i 1) - ctx->debug = verbose-1; - if(no_lecteur == -1) - { - for(i = 0; i=0) - { - printf("card->name = %s\n", card->name); - if(strncmp(card->name, nom_card, strlen(nom_card)) == 0) - { - card_presente = 1; - break; - } - sc_disconnect_card(card,0); - card = NULL; - } - } - } + if (verbose > 1) { + ctx->debug = verbose; + sc_ctx_log_to_file(ctx, "stderr"); } - else + + if (opt_driver != NULL) { - if(no_lecteur < sc_ctx_get_reader_count(ctx)) + r = sc_set_card_driver(ctx, opt_driver); + if (r) { - lecteur = sc_ctx_get_reader(ctx, no_lecteur); - r = sc_connect_card(lecteur, 0, &card); - if(r>=0) - { - card_presente = 1; - } - else - { - sc_disconnect_card(card,0); - } + printf("Driver '%s' not found!\n", opt_driver); + goto out; } } - if(!card_presente) goto out; - - sc_lock(card); + r = util_connect_card(ctx, &card, opt_reader, opt_wait, 0); + if (r) + goto out; sc_format_path("3F00", &path); r = sc_select_file(card, &path, NULL); @@ -545,9 +466,7 @@ if(install_pin) { sc_format_path("AAAA", &path); - sc_ctx_suppress_errors_on(ctx); r = sc_select_file(card, &path, NULL); - sc_ctx_suppress_errors_off(ctx); if(r) { if(r != SC_ERROR_FILE_NOT_FOUND) goto out; @@ -555,7 +474,7 @@ file = sc_file_new(); if(file == NULL) { - fprintf(stderr, "Not enougth memory.\n"); + printf("Not enougth memory.\n"); goto out; } @@ -573,7 +492,7 @@ r = sc_file_add_acl_entry(file, SC_AC_OP_ERASE, SC_AC_NONE, 0); if(r) goto out; - //sc_format_path("3F00AAAA", &(file->path)); + /* sc_format_path("3F00AAAA", &(file->path)); */ file->path = path; r = sc_create_file(card, file); if(r) goto out; @@ -583,6 +502,7 @@ { sc_changekey_t ck; struct sc_pin_cmd_pin pin_cmd; + int ret; memset(&pin_cmd, 0, sizeof(pin_cmd)); memset(&ck, 0, sizeof(ck)); @@ -594,11 +514,12 @@ pin_cmd.data = (u8*)pin; pin_cmd.max_length = 8; - ck.new_key.key_len = sc_build_pin(ck.new_key.key_value, + ret = sc_build_pin(ck.new_key.key_value, sizeof(ck.new_key.key_value), &pin_cmd, 1); - if(ck.new_key.key_len<0) + if(ret < 0) goto out; + ck.new_key.key_len = ret; r = sc_card_ctl(card, SC_CARDCTL_WESTCOS_CHANGE_KEY, &ck); if(r) goto out; } @@ -607,6 +528,7 @@ { sc_changekey_t ck; struct sc_pin_cmd_pin puk_cmd; + int ret; memset(&puk_cmd, 0, sizeof(puk_cmd)); memset(&ck, 0, sizeof(ck)); @@ -618,11 +540,12 @@ puk_cmd.data = (u8*)puk; puk_cmd.max_length = 8; - ck.new_key.key_len = sc_build_pin(ck.new_key.key_value, + ret = sc_build_pin(ck.new_key.key_value, sizeof(ck.new_key.key_value), &puk_cmd, 1); - if(ck.new_key.key_len<0) + if(ret < 0) goto out; + ck.new_key.key_len = ret; r = sc_card_ctl(card, SC_CARDCTL_WESTCOS_CHANGE_KEY, &ck); if(r) goto out; } @@ -635,9 +558,9 @@ goto out; } - if(debloque) + if(unlock) { - if(debloque_pin(card, 0, puk, pin)) + if(unlock_pin(card, 0, puk, pin)) printf("Error unblocking pin.\n"); goto out; } @@ -670,7 +593,7 @@ if(rsa == NULL || bn == NULL || mem == NULL) { - fprintf(stderr,"Not enougth memory.\n"); + printf("Not enougth memory.\n"); goto out; } @@ -682,15 +605,14 @@ if(mem == NULL) { - fprintf(stderr,"Not enougth memory.\n"); + printf("Not enougth memory.\n"); goto out; } if (!rsa) #endif { - fprintf(stderr, - "RSA_generate_key_ex return %ld\n", ERR_get_error()); + printf("RSA_generate_key_ex return %ld\n", ERR_get_error()); goto out; } @@ -698,17 +620,14 @@ if(!i2d_RSAPrivateKey_bio(mem, rsa)) { - fprintf(stderr, - "i2d_RSAPrivateKey_bio return %ld\n", ERR_get_error()); + printf("i2d_RSAPrivateKey_bio return %ld\n", ERR_get_error()); goto out; } lg = BIO_get_mem_data(mem, &pdata); sc_format_path("0001", &path); - sc_ctx_suppress_errors_on(ctx); r = sc_select_file(card, &path, NULL); - sc_ctx_suppress_errors_off(ctx); if(r) { if(r != SC_ERROR_FILE_NOT_FOUND) goto out; @@ -716,7 +635,7 @@ file = sc_file_new(); if(file == NULL) { - fprintf(stderr, "Not enougth memory.\n"); + printf("Not enougth memory.\n"); goto out; } @@ -735,7 +654,7 @@ file->path = path; - printf("File key creation %s, size %d.\n", file->path.value, + printf("File key creation %s, size %zd.\n", file->path.value, file->size); r = sc_create_file(card, file); @@ -743,16 +662,15 @@ } else { - if(!remplace) + if(!overwrite) { - fprintf(stderr, - "Key file already exist,"\ - " use -R to replace it.\n"); + printf("Key file already exist,"\ + " use -o to replace it.\n"); goto out; } } - printf("Private key length is %d\n", lg); + printf("Private key length is %zd\n", lg); printf("Write private key.\n"); r = sc_update_binary(card,0,pdata,lg,0); @@ -769,7 +687,7 @@ r = sc_pkcs15_encode_pubkey(ctx, &key, &pdata, &lg); if(r) goto out; - printf("Public key length %d\n", lg); + printf("Public key length %zd\n", lg); sc_format_path("3F000002", &path); r = sc_select_file(card, &path, NULL); @@ -792,7 +710,7 @@ if (BIO_read_filename(bio, cert) <= 0) { BIO_free(bio); - fprintf(stderr, "Can't open file %s.\n", cert); + printf("Can't open file %s.\n", cert); goto out; } xp = PEM_read_bio_X509(bio, NULL, NULL, NULL); @@ -814,6 +732,17 @@ printf("Write certificate %s.\n", cert); r = sc_update_binary(card,0,pdata,lg,0); + if(r == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED) + { + if(verify_pin(card, 0, pin)) + { + printf("Wrong pin.\n"); + } + else + { + r = sc_update_binary(card,0,pdata,lg,0); + } + } if(r<0) { if(pdata) free(pdata); @@ -826,11 +755,11 @@ } } - if(finalise) + if(finalize) { int mode = SC_CARDCTRL_LIFECYCLE_USER; - if(card->atr[10] != 0x82) + if(card->atr.value[10] != 0x82) { sc_format_path("0001", &path); r = sc_select_file(card, &path, NULL); @@ -871,14 +800,24 @@ goto out; } - b = (u8*)malloc(file->size); + b = malloc(file->size); if(b == NULL) { - fprintf(stderr, "Not enougth memory.\n"); + printf("Not enougth memory.\n"); goto out; } r = sc_read_binary(card, 0, b, file->size, 0); + if(r == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED) + { + if(verify_pin(card, 0, pin)) + { + printf("Wrong pin.\n"); + goto out; + } + r = sc_read_binary(card, 0, b, file->size, 0); + } + if(r<0) { printf("Error reading file.\n"); @@ -911,10 +850,10 @@ goto out; } - b = (u8*)malloc(file->size); + b = malloc(file->size); if(b == NULL) { - fprintf(stderr, "Not enougth memory.\n"); + printf("Not enougth memory.\n"); goto out; } @@ -925,6 +864,17 @@ fclose(fp); r = sc_update_binary(card, 0, b, file->size, 0); + if(r == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED) + { + if(verify_pin(card, 0, pin)) + { + printf("Wrong pin.\n"); + } + else + { + r = sc_update_binary(card, 0, b, file->size, 0); + } + } if(r<0) { free(b); @@ -950,7 +900,7 @@ if (card) { sc_unlock(card); - sc_disconnect_card(card, 0); + sc_disconnect_card(card); } if (ctx) diff -Nru opensc-0.11.13/svnignore opensc-0.12.1/svnignore --- opensc-0.11.13/svnignore 2009-12-13 09:14:28.000000000 +0000 +++ opensc-0.12.1/svnignore 2011-05-17 17:07:00.000000000 +0000 @@ -52,6 +52,7 @@ *.gif *.css *.out +*.tmp ChangeLog opensc.conf diff -Nru opensc-0.11.13/win32/Makefile.am opensc-0.12.1/win32/Makefile.am --- opensc-0.11.13/win32/Makefile.am 2009-12-13 09:14:26.000000000 +0000 +++ opensc-0.12.1/win32/Makefile.am 2011-05-17 17:07:00.000000000 +0000 @@ -1,8 +1,9 @@ -MAINTAINERCLEANFILES = $(srcdir)/Makefile.in -EXTRA_DIST = Make.rules.mak +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in \ + $(srcdir)/versioninfo.rc $(srcdir)/winconfig.h +EXTRA_DIST = ltrc.inc Makefile.mak Make.rules.mak opensc-install.bat \ + versioninfo.rc.in winconfig.h.in OpenSC.iss.in OpenSC.wxs.in +dist_noinst_HEADERS = versioninfo.rc winconfig.h if WIN32 sbin_SCRIPTS = opensc-install.bat -else -dist_noinst_SCRIPTS = opensc-install.bat endif diff -Nru opensc-0.11.13/win32/Makefile.in opensc-0.12.1/win32/Makefile.in --- opensc-0.11.13/win32/Makefile.in 2010-02-16 09:32:19.000000000 +0000 +++ opensc-0.12.1/win32/Makefile.in 2011-05-18 05:51:48.000000000 +0000 @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -15,6 +15,7 @@ @SET_MAKE@ + VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ @@ -35,21 +36,21 @@ build_triplet = @build@ host_triplet = @host@ subdir = win32 -DIST_COMMON = $(am__dist_noinst_SCRIPTS_DIST) $(srcdir)/Makefile.am \ - $(srcdir)/Makefile.in $(srcdir)/versioninfo.rc.in.in +DIST_COMMON = $(dist_noinst_HEADERS) $(srcdir)/Makefile.am \ + $(srcdir)/Makefile.in $(srcdir)/OpenSC.iss.in \ + $(srcdir)/OpenSC.wxs.in $(srcdir)/versioninfo.rc.in \ + $(srcdir)/winconfig.h.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/acx_pthread.m4 \ - $(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.ac + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = versioninfo.rc.in +CONFIG_CLEAN_FILES = versioninfo.rc winconfig.h OpenSC.iss OpenSC.wxs CONFIG_CLEAN_VPATH_FILES = -am__dist_noinst_SCRIPTS_DIST = opensc-install.bat am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ @@ -72,9 +73,12 @@ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(sbindir)" -SCRIPTS = $(dist_noinst_SCRIPTS) $(sbin_SCRIPTS) +SCRIPTS = $(sbin_SCRIPTS) SOURCES = DIST_SOURCES = +HEADERS = $(dist_noinst_HEADERS) +ETAGS = etags +CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -103,8 +107,6 @@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ -ICONV_CFLAGS = @ICONV_CFLAGS@ -ICONV_LIBS = @ICONV_LIBS@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ @@ -112,10 +114,8 @@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LD = @LD@ LDFLAGS = @LDFLAGS@ -LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@ -LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@ -LIBASSUAN_LIBS = @LIBASSUAN_LIBS@ LIBOBJS = @LIBOBJS@ +LIBRARY_BITNESS = @LIBRARY_BITNESS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ @@ -140,8 +140,6 @@ OPENSC_VERSION_MINOR = @OPENSC_VERSION_MINOR@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ OPENSSL_LIBS = @OPENSSL_LIBS@ -OPTIONAL_ICONV_CFLAGS = @OPTIONAL_ICONV_CFLAGS@ -OPTIONAL_ICONV_LIBS = @OPTIONAL_ICONV_LIBS@ OPTIONAL_OPENCT_CFLAGS = @OPTIONAL_OPENCT_CFLAGS@ OPTIONAL_OPENCT_LIBS = @OPTIONAL_OPENCT_LIBS@ OPTIONAL_OPENSSL_CFLAGS = @OPTIONAL_OPENSSL_CFLAGS@ @@ -164,6 +162,8 @@ PCSC_CFLAGS = @PCSC_CFLAGS@ PCSC_LIBS = @PCSC_LIBS@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ @@ -176,10 +176,7 @@ SHELL = @SHELL@ STRIP = @STRIP@ SVN = @SVN@ -TR = @TR@ VERSION = @VERSION@ -WGET = @WGET@ -WGET_OPTS = @WGET_OPTS@ WIN_LIBPREFIX = @WIN_LIBPREFIX@ XSLTPROC = @XSLTPROC@ ZLIB_CFLAGS = @ZLIB_CFLAGS@ @@ -225,11 +222,8 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ -openscincludedir = @openscincludedir@ pdfdir = @pdfdir@ pkcs11dir = @pkcs11dir@ -pkgconfigdir = @pkgconfigdir@ -plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -242,10 +236,14 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ xslstylesheetsdir = @xslstylesheetsdir@ -MAINTAINERCLEANFILES = $(srcdir)/Makefile.in -EXTRA_DIST = Make.rules.mak +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in \ + $(srcdir)/versioninfo.rc $(srcdir)/winconfig.h + +EXTRA_DIST = ltrc.inc Makefile.mak Make.rules.mak opensc-install.bat \ + versioninfo.rc.in winconfig.h.in OpenSC.iss.in OpenSC.wxs.in + +dist_noinst_HEADERS = versioninfo.rc winconfig.h @WIN32_TRUE@sbin_SCRIPTS = opensc-install.bat -@WIN32_FALSE@dist_noinst_SCRIPTS = opensc-install.bat all: all-am .SUFFIXES: @@ -258,9 +256,9 @@ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu win32/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign win32/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu win32/Makefile + $(AUTOMAKE) --foreign win32/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -279,7 +277,13 @@ $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): -versioninfo.rc.in: $(top_builddir)/config.status $(srcdir)/versioninfo.rc.in.in +versioninfo.rc: $(top_builddir)/config.status $(srcdir)/versioninfo.rc.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +winconfig.h: $(top_builddir)/config.status $(srcdir)/winconfig.h.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +OpenSC.iss: $(top_builddir)/config.status $(srcdir)/OpenSC.iss.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +OpenSC.wxs: $(top_builddir)/config.status $(srcdir)/OpenSC.wxs.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ install-sbinSCRIPTS: $(sbin_SCRIPTS) @$(NORMAL_INSTALL) @@ -321,12 +325,58 @@ clean-libtool: -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique tags: TAGS -TAGS: +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi ctags: CTAGS -CTAGS: +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ @@ -360,7 +410,7 @@ done check-am: all-am check: check-am -all-am: Makefile $(SCRIPTS) +all-am: Makefile $(SCRIPTS) $(HEADERS) installdirs: for dir in "$(DESTDIR)$(sbindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ @@ -397,7 +447,7 @@ distclean: distclean-am -rm -f Makefile -distclean-am: clean-am distclean-generic +distclean-am: clean-am distclean-generic distclean-tags dvi: dvi-am @@ -459,17 +509,18 @@ .MAKE: install-am install-strip -.PHONY: all all-am check check-am clean clean-generic clean-libtool \ - distclean distclean-generic distclean-libtool distdir dvi \ - dvi-am html html-am info info-am install install-am \ - install-data install-data-am install-dvi install-dvi-am \ - install-exec install-exec-am install-html install-html-am \ - install-info install-info-am install-man install-pdf \ - install-pdf-am install-ps install-ps-am install-sbinSCRIPTS \ - install-strip installcheck installcheck-am installdirs \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - uninstall uninstall-am uninstall-sbinSCRIPTS +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool ctags distclean distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-sbinSCRIPTS install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \ + uninstall-am uninstall-sbinSCRIPTS # Tell versions [3.59,3.63) of GNU make to not export all variables. diff -Nru opensc-0.11.13/win32/Makefile.mak opensc-0.12.1/win32/Makefile.mak --- opensc-0.11.13/win32/Makefile.mak 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/win32/Makefile.mak 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,17 @@ +TOPDIR = .. + +!INCLUDE $(TOPDIR)\win32\Make.rules.mak + +all: config.h + +config.h: winconfig.h + copy /y winconfig.h config.h + +OpenSC.msi: OpenSC.wixobj + $(WIX_PATH)\bin\light.exe -sh -ext WixUIExtension -ext WiXUtilExtension $? + +OpenSC.wixobj: OpenSC.wxs + $(WIX_PATH)\bin\candle.exe -ext WiXUtilExtension -dSOURCE_DIR=$(TOPDIR) $(CANDLEFLAGS) $? + +clean:: + del /Q config.h *.msi *.wixobj *.wixpdb diff -Nru opensc-0.11.13/win32/Make.rules.mak opensc-0.12.1/win32/Make.rules.mak --- opensc-0.11.13/win32/Make.rules.mak 2009-12-13 09:14:26.000000000 +0000 +++ opensc-0.12.1/win32/Make.rules.mak 2011-05-17 17:07:00.000000000 +0000 @@ -1,70 +1,73 @@ -# Note: these instructions obsolete the instructions in opensc.html +OPENSC_FEATURES = pcsc -# You first need to download the gnuwin32 libtool (e.g. the "Binaries" and "Developer -# files" from http://gnuwin32.sourceforge.net/packages/libtool.htm) -# Then fill in the directory path to ltdl.h on the LIBLTDL_INCL line below, preceeded -# by an "/I"; and fill in the path to the libltdl.lib on the LIBLTDL_LIB line below. -# Then you can build this OpenSC package; and afterwards you'll need to copy the -# libltdl3.dll somewhere on your execution path. -LIBLTDL_INCL = # E.g. /IC:\libtool-1.5.8-lib\include -LIBLTDL_LIB = # E.g. C:\libtool-1.5.8-lib\lib\libltdl.lib +#Include support for minidriver +MINIDRIVER_DEF = /DENABLE_MINIDRIVER -OPENSC_FEATURES = pcsc +#Build MSI with the Windows Installer XML (WIX) toolkit, requires WIX >= 3.6 +!IF "$(BUILD_ON)" == "WIN64" +WIX_PATH = "C:\Program Files (x86)\Windows Installer XML v3.6" +!ELSE +WIX_PATH = "C:\Program Files\Windows Installer XML v3.6" +!ENDIF -# If you want support for OpenSSL (needed for a.o. pkcs15-init tool and openssl engine): +# If you want support for OpenSSL (needed for pkcs15-init tool, software hashing in PKCS#11 library and verification): # - download and build OpenSSL # - uncomment the line starting with OPENSSL_DEF # - set the OPENSSL_INCL_DIR below to your openssl include directory, preceded by "/I" # - set the OPENSSL_LIB below to your openssl lib file -#OPENSSL_DEF = /DENABLE_OPENSSL +OPENSSL_DEF = /DENABLE_OPENSSL !IF "$(OPENSSL_DEF)" == "/DENABLE_OPENSSL" -OPENSSL_INCL_DIR = /IC:\openssl\include -OPENSSL_LIB = C:\openssl\out32dll\libeay32.lib -PROGRAMS_OPENSSL = pkcs15-init.exe cryptoflex-tool.exe netkey-tool.exe piv-tool.exe +!IF "$(BUILD_FOR)" == "WIN64" +OPENSSL_DIR = C:\OpenSSL-Win64 +!ELSE +OPENSSL_DIR = C:\OpenSSL-Win32 +!ENDIF +OPENSSL_INCL_DIR = /I$(OPENSSL_DIR)\include +OPENSSL_LIB = $(OPENSSL_DIR)\lib\VC\static\libeay32MT.lib $(OPENSSL_DIR)\lib\VC\static\ssleay32MT.lib user32.lib advapi32.lib crypt32.lib + +PROGRAMS_OPENSSL = pkcs15-init.exe cryptoflex-tool.exe netkey-tool.exe piv-tool.exe westcos-tool.exe OPENSC_FEATURES = $(OPENSC_FEATURES) openssl !ENDIF + # If you want support for zlib (Used for PIV, infocamere and actalis): -# - Download zlib and build +# - Download zlib and build with "nmake /f win32\Makefile.msc zlib.lib" # - uncomment the line starting with ZLIB_DEF # - set the ZLIB_INCL_DIR below to the zlib include lib proceeded by "/I" # - set the ZLIB_LIB below to your zlib lib file -#ZLIB_DEF = /DENABLE_ZLIB +ZLIB_DEF = /DENABLE_ZLIB !IF "$(ZLIB_DEF)" == "/DENABLE_ZLIB" -ZLIB_INCL_DIR = /IC:\ZLIB\INCLUDE -ZLIB_LIB = C:\ZLIB\LIB\zlib.lib +ZLIB_INCL_DIR = /IC:\zlib-1.2.5 +ZLIB_LIB = C:\zlib-1.2.5\zlib.lib OPENSC_FEATURES = $(OPENSC_FEATURES) zlib !ENDIF -# If you want support for iconv (Used for EstEID): -# - Download iconv and build -# - uncomment the line starting with ICONV_DEF -# - set the ICONV_INCL_DIR below to the iconv include lib proceeded by "/I" -# - set the ICONV_LIB below to your iconv lib file -#ICONV_DEF = /DENABLE_ICONV -!IF "$(ICONV_DEF)" == "/DENABLE_ICONV" -ICONV_INCL_DIR = /IC:\build\iconv\include -ICONV_LIB = C:\build\iconv\lib\iconv.lib -OPENSC_FEATURES = $(OPENSC_FEATURES) iconv -!ENDIF - -COPTS = /D_CRT_SECURE_NO_DEPRECATE /Zi /MD /nologo /DHAVE_CONFIG_H /I$(TOPDIR)\src\include /I$(TOPDIR)\src\include\opensc /I$(TOPDIR)\src\common $(OPENSSL_INCL_DIR) $(ZLIB_INCL_DIR) $(LIBLTDL_INCL) $(ICONV_INCL_DIR) /D_WIN32_WINNT=0x0400 /DWIN32_LEAN_AND_MEAN $(OPENSSL_DEF) $(ZLIB_DEF) $(ICONV_DEF) /DOPENSC_FEATURES="\"$(OPENSC_FEATURES)\"" -LINKFLAGS = /DEBUG /NOLOGO /INCREMENTAL:NO /MACHINE:IX86 - - -install-headers: - @for %i in ( $(HEADERS) ) do \ - @xcopy /d /q /y %i $(HEADERSDIR) > nul - -install-headers-dir: - @for %i in ( $(HEADERSDIRFROM2) ) do \ - @xcopy /d /q /y %i\*.h $(HEADERSDIR2)\*.h > nul - +# Used for MiniDriver +!IF "$(BUILD_ON)" == "WIN64" +CNGSDK_INCL_DIR = "/IC:\Program Files (x86)\Microsoft CNG Development Kit\Include" +!ELSE +CNGSDK_INCL_DIR = "/IC:\Program Files\Microsoft CNG Development Kit\Include" +!ENDIF +# Mandatory path to 'ISO C9x compliant stdint.h and inttypes.h for Microsoft Visual Studio' +# http://msinttypes.googlecode.com/files/msinttypes-r26.zip +# INTTYPES_INCL_DIR = /IC:\opensc\dependencies\msys\local + +ALL_INCLUDES = /I$(TOPDIR)\win32 /I$(TOPDIR)\src $(OPENSSL_INCL_DIR) $(ZLIB_INCL_DIR) $(LIBLTDL_INCL) $(INTTYPES_INCL_DIR) $(CNGSDK_INCL_DIR) +COPTS = /W3 /D_CRT_SECURE_NO_DEPRECATE /MT /nologo /DHAVE_CONFIG_H $(ALL_INCLUDES) /D_WIN32_WINNT=0x0502 /DWIN32_LEAN_AND_MEAN $(OPENSSL_DEF) $(ZLIB_DEF) $(MINIDRIVER_DEF) /DOPENSC_FEATURES="\"$(OPENSC_FEATURES)\"" +!IF "$(BUILD_FOR)" == "WIN64" +LINKFLAGS = /NOLOGO /INCREMENTAL:NO /MACHINE:X64 /MANIFEST:NO /NODEFAULTLIB:MSVCRTD /NODEFAULTLIB:MSVCRT /NODEFAULTLIB:LIBCMTD +LIBFLAGS = /nologo /machine:x64 +CANDLEFLAGS = -dPlatform=x64 +!ELSE +LINKFLAGS = /NOLOGO /INCREMENTAL:NO /MACHINE:X86 /MANIFEST:NO /NODEFAULTLIB:MSVCRTD /NODEFAULTLIB:MSVCRT /NODEFAULTLIB:LIBCMTD +LIBFLAGS = /nologo /machine:x86 +CANDLEFLAGS = -dPlatform=x86 +!ENDIF .c.obj:: cl $(COPTS) /c $< .rc.res:: - rc /l 0x0409 /r $< + rc /l 0x0409 $< clean:: - del /Q *.obj *.dll *.exe *.pdb *.lib *.def + del /Q *.obj *.dll *.exe *.pdb *.lib *.def *.manifest diff -Nru opensc-0.11.13/win32/opensc-install.bat opensc-0.12.1/win32/opensc-install.bat --- opensc-0.11.13/win32/opensc-install.bat 2009-12-13 09:14:26.000000000 +0000 +++ opensc-0.12.1/win32/opensc-install.bat 2011-05-17 17:07:00.000000000 +0000 @@ -21,7 +21,7 @@ set REG_FILE=%TEMP%\opensc-install.reg echo Windows Registry Editor Version 5.00 > %REG_FILE% -echo [%KEY%\SOFTWARE\OpenSC] >> %REG_FILE% +echo [%KEY%\SOFTWARE\OpenSC Project\OpenSC] >> %REG_FILE% echo "ConfigFile"="%OPENSC_HOME_ESCAPED%\\etc\\opensc.conf" >> %REG_FILE% echo [%KEY%\SOFTWARE\PKCS11-Spy] >> %REG_FILE% echo "Module"="%OPENSC_HOME_ESCAPED%\\bin\\opensc-pkcs11.dll" >> %REG_FILE% diff -Nru opensc-0.11.13/win32/OpenSC.iss.in opensc-0.12.1/win32/OpenSC.iss.in --- opensc-0.11.13/win32/OpenSC.iss.in 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/win32/OpenSC.iss.in 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,59 @@ +[Setup] +AppName=OpenSC +AppVerName=OpenSC @PACKAGE_VERSION@ +AppPublisher=OpenSC Project +AppPublisherURL=http://www.opensc-project.org/ +AppSupportURL=http://www.opensc-project.org/opensc/ +AppUpdatesURL=http://www.opensc-project.org/opensc/ +DefaultDirName={pf}\OpenSC Project\OpenSC +OutputBaseFilename=OpenSC-@PACKAGE_VERSION@ +Compression=lzma/normal +SolidCompression=true +MinVersion=0,5.0.2195 +VersionInfoCompany=OpenSC Project +AppCopyright=LGPL +PrivilegesRequired=poweruser +DisableDirPage=false +DisableProgramGroupPage=false +ShowLanguageDialog=auto +AppID={{BDD73EB0-0485-4B79-93EC-CF2EAEFF3BAB} +UsePreviousAppDir=true +AppendDefaultDirName=false +AppVersion=@PACKAGE_VERSION@ +VersionInfoVersion=@OPENSC_VERSION_MAJOR@.@OPENSC_VERSION_MINOR@.@OPENSC_VERSION_FIX@ +VersionInfoDescription=OpenSC tools and libraries +VersionInfoTextVersion=v@PACKAGE_VERSION@ +DisableReadyPage=true +InternalCompressLevel=max +VersionInfoCopyright=2010 OpenSC Project +DisableStartupPrompt=true +AlwaysShowComponentsList=false +ShowComponentSizes=false +FlatComponentsList=false +WizardImageBackColor=clWhite +DisableFinishedPage=false +InfoBeforeFile=README.rtf +VersionInfoProductName=OpenSC +VersionInfoProductVersion=@OPENSC_VERSION_MAJOR@.@OPENSC_VERSION_MINOR@.@OPENSC_VERSION_FIX@ +AllowRootDirectory=true +UninstallDisplayName=OpenSC +DefaultGroupName=OpenSC + +[Tasks] + +[Files] +Source: opensc\*.profile; DestDir: {app}\profiles +Source: opensc\*.dll; DestDir: {sys}; Flags: overwritereadonly replacesameversion ignoreversion uninsnosharedfileprompt restartreplace +Source: opensc\*.exe; DestDir: {app}; Flags: overwritereadonly replacesameversion ignoreversion +Source: engine_pkcs11\*.dll; DestDir: {sys}; Components: OpenSSL_engine; Flags: overwritereadonly replacesameversion ignoreversion +Source: opensc.conf; DestDir: {app}; +;Source: www.opensc-project.org.url; DestDir: {app} +[Icons] +;Name: {group}\OpenSC Project website; Filename: {app}\www.opensc-project.org.url; Comment: Go to OpenSC Project website; Components: + +[Registry] +Root: HKLM; Subkey: Software\OpenSC Project\OpenSC; ValueType: string; ValueName: ConfigFile; ValueData: {app}\opensc.conf; Flags: uninsdeletekey; Components: +Root: HKLM; Subkey: Software\OpenSC Project\OpenSC; ValueType: string; ValueName: ProfileDir; ValueData: {app}\profiles; Flags: uninsdeletekey; Components: +[Components] +Name: OpenSC; Description: OpenSC core library; Flags: fixed; Types: custom compact full +Name: OpenSSL_engine; Description: OpenSSL engine for using PKCS11 modules; Types: custom full diff -Nru opensc-0.11.13/win32/OpenSC.wxs.in opensc-0.12.1/win32/OpenSC.wxs.in --- opensc-0.11.13/win32/OpenSC.wxs.in 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/win32/OpenSC.wxs.in 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,192 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff -Nru opensc-0.11.13/win32/versioninfo.rc opensc-0.12.1/win32/versioninfo.rc --- opensc-0.11.13/win32/versioninfo.rc 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/win32/versioninfo.rc 2011-05-18 05:52:09.000000000 +0000 @@ -0,0 +1,33 @@ +#include + +VS_VERSION_INFO VERSIONINFO + FILEVERSION 0,12,1,0 + PRODUCTVERSION 0,12,1,0 + FILEFLAGSMASK 0x3fL +#ifdef _DEBUG + FILEFLAGS 0x21L +#else + FILEFLAGS 0x20L +#endif + FILEOS 0x40004L + FILETYPE 0x1L + FILESUBTYPE 0x0L +BEGIN + BLOCK "StringFileInfo" + BEGIN + BLOCK "040904b0" + BEGIN + VALUE "Comments", "Provided under the terms of the GNU Lesser General Public License (LGPLv2.1+).\0" + VALUE "CompanyName", "OpenSC Project\0" + VALUE "FileVersion", "0.12.1.0\0" + VALUE "InternalName", "opensc\0" + VALUE "LegalCopyright", "OpenSC Project\0" + VALUE "LegalTrademarks", "\0" + VALUE "PrivateBuild", "\0" + VALUE "ProductName", "OpenSC\0" + VALUE "ProductVersion", "0,12,1,0\0" + VALUE "SpecialBuild", "\0" + END + END +END + diff -Nru opensc-0.11.13/win32/versioninfo.rc.in opensc-0.12.1/win32/versioninfo.rc.in --- opensc-0.11.13/win32/versioninfo.rc.in 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/win32/versioninfo.rc.in 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,33 @@ +#include + +VS_VERSION_INFO VERSIONINFO + FILEVERSION @OPENSC_VERSION_MAJOR@,@OPENSC_VERSION_MINOR@,@OPENSC_VERSION_FIX@,0 + PRODUCTVERSION @OPENSC_VERSION_MAJOR@,@OPENSC_VERSION_MINOR@,@OPENSC_VERSION_FIX@,0 + FILEFLAGSMASK 0x3fL +#ifdef _DEBUG + FILEFLAGS 0x21L +#else + FILEFLAGS 0x20L +#endif + FILEOS 0x40004L + FILETYPE 0x1L + FILESUBTYPE 0x0L +BEGIN + BLOCK "StringFileInfo" + BEGIN + BLOCK "040904b0" + BEGIN + VALUE "Comments", "Provided under the terms of the GNU Lesser General Public License (LGPLv2.1+).\0" + VALUE "CompanyName", "OpenSC Project\0" + VALUE "FileVersion", "@OPENSC_VERSION_MAJOR@.@OPENSC_VERSION_MINOR@.@OPENSC_VERSION_FIX@.0\0" + VALUE "InternalName", "@PACKAGE_NAME@\0" + VALUE "LegalCopyright", "OpenSC Project\0" + VALUE "LegalTrademarks", "\0" + VALUE "PrivateBuild", "\0" + VALUE "ProductName", "OpenSC\0" + VALUE "ProductVersion", "@OPENSC_VERSION_MAJOR@,@OPENSC_VERSION_MINOR@,@OPENSC_VERSION_FIX@,0\0" + VALUE "SpecialBuild", "\0" + END + END +END + diff -Nru opensc-0.11.13/win32/versioninfo.rc.in.in opensc-0.12.1/win32/versioninfo.rc.in.in --- opensc-0.11.13/win32/versioninfo.rc.in.in 2010-02-16 09:03:25.000000000 +0000 +++ opensc-0.12.1/win32/versioninfo.rc.in.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,37 +0,0 @@ -/* This file is processed by configure to create versioninfo.rc */ -/* Every component changes @@FILE_DESCRIPTION@@ to local string */ - -#include - -VS_VERSION_INFO VERSIONINFO - FILEVERSION @OPENSC_LT_CURRENT@,@OPENSC_LT_AGE@,@OPENSC_LT_REVISION@,0 - PRODUCTVERSION @OPENSC_VERSION_MAJOR@,@OPENSC_VERSION_MINOR@,@OPENSC_VERSION_FIX@,0 - FILEFLAGSMASK 0x3fL -#ifdef _DEBUG - FILEFLAGS 0x21L -#else - FILEFLAGS 0x20L -#endif - FILEOS 0x40004L - FILETYPE 0x1L - FILESUBTYPE 0x0L -BEGIN - BLOCK "StringFileInfo" - BEGIN - BLOCK "040904b0" - BEGIN - VALUE "Comments", "Provided under the terms of the GNU General Public License (LGPLv2.1+).\0" - VALUE "CompanyName", "OpenSC Project\0" - VALUE "FileDescription", "@@FILE_DESCRIPTION@@\0" - VALUE "FileVersion", "@OPENSC_LT_CURRENT@.@OPENSC_LT_AGE@.@OPENSC_LT_REVISION@.0\0" - VALUE "InternalName", "@PACKAGE_NAME@\0" - VALUE "LegalCopyright", "OpenSC Project\0" - VALUE "LegalTrademarks", "\0" - VALUE "PrivateBuild", "\0" - VALUE "ProductName", "@PACKAGE_NAME@\0" - VALUE "ProductVersion", "@OPENSC_VERSION_MAJOR@,@OPENSC_VERSION_MINOR@,@OPENSC_VERSION_FIX@,0\0" - VALUE "SpecialBuild", "\0" - END - END -END - diff -Nru opensc-0.11.13/win32/winconfig.h opensc-0.12.1/win32/winconfig.h --- opensc-0.11.13/win32/winconfig.h 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/win32/winconfig.h 2011-05-18 05:52:09.000000000 +0000 @@ -0,0 +1,98 @@ +#ifndef _OPENSC_WINCONFIG_H +#define _OPENSC_WINCONFIG_H + +#include +#include +#include +#include +#include + +#ifndef strcasecmp +#define strcasecmp stricmp +#endif + +#ifndef strncasecmp +#define strncasecmp strnicmp +#endif + +#ifndef snprintf +#define snprintf _snprintf +#endif + +#ifndef vsnprintf +#define vsnprintf _vsnprintf +#endif + +#ifndef isatty +#define isatty _isatty +#endif + +#ifndef strnicmp +#define strnicmp _strnicmp +#endif + +#ifndef stricmp +#define stricmp _stricmp +#endif + +#ifndef strdup +#define strdup _strdup +#endif + +#ifndef fileno +#define fileno _fileno +#endif + +#ifndef mkdir +#define mkdir _mkdir +#endif + +#ifndef access +#define access _access +#endif + +#ifndef unlink +#define unlink _unlink +#endif + +#ifndef putenv +#define putenv _putenv +#endif + +#ifndef R_OK +#define R_OK 4 /* test whether readable. */ +#define W_OK 2 /* test whether writable. */ +#define X_OK 1 /* test whether execubale. */ +#define F_OK 0 /* test whether exist. */ +#endif + +#ifndef S_IRUSR +#define S_IRUSR S_IREAD +#endif + +#ifndef S_IWUSR +#define S_IWUSR S_IWRITE +#endif + +#define HAVE_IO_H +#define ENABLE_PCSC +#define HAVE_WINSCARD_H +#define DEFAULT_PCSC_PROVIDER "winscard.dll" + +#define SC_PKCS15_PROFILE_DIRECTORY "C:\\Program Files\\OpenSC\\profiles" + +#define PATH_MAX FILENAME_MAX + +#ifndef PACKAGE_VERSION +#define PACKAGE_VERSION "0.12.1" +#endif + +#ifndef PACKAGE_NAME +#define PACKAGE_NAME "opensc" +#endif + +#ifndef OPENSC_FEATURES +#define OPENSC_FEATURES "N/A" +#endif + +#endif diff -Nru opensc-0.11.13/win32/winconfig.h.in opensc-0.12.1/win32/winconfig.h.in --- opensc-0.11.13/win32/winconfig.h.in 1970-01-01 00:00:00.000000000 +0000 +++ opensc-0.12.1/win32/winconfig.h.in 2011-05-17 17:07:00.000000000 +0000 @@ -0,0 +1,98 @@ +#ifndef _OPENSC_WINCONFIG_H +#define _OPENSC_WINCONFIG_H + +#include +#include +#include +#include +#include + +#ifndef strcasecmp +#define strcasecmp stricmp +#endif + +#ifndef strncasecmp +#define strncasecmp strnicmp +#endif + +#ifndef snprintf +#define snprintf _snprintf +#endif + +#ifndef vsnprintf +#define vsnprintf _vsnprintf +#endif + +#ifndef isatty +#define isatty _isatty +#endif + +#ifndef strnicmp +#define strnicmp _strnicmp +#endif + +#ifndef stricmp +#define stricmp _stricmp +#endif + +#ifndef strdup +#define strdup _strdup +#endif + +#ifndef fileno +#define fileno _fileno +#endif + +#ifndef mkdir +#define mkdir _mkdir +#endif + +#ifndef access +#define access _access +#endif + +#ifndef unlink +#define unlink _unlink +#endif + +#ifndef putenv +#define putenv _putenv +#endif + +#ifndef R_OK +#define R_OK 4 /* test whether readable. */ +#define W_OK 2 /* test whether writable. */ +#define X_OK 1 /* test whether execubale. */ +#define F_OK 0 /* test whether exist. */ +#endif + +#ifndef S_IRUSR +#define S_IRUSR S_IREAD +#endif + +#ifndef S_IWUSR +#define S_IWUSR S_IWRITE +#endif + +#define HAVE_IO_H +#define ENABLE_PCSC +#define HAVE_WINSCARD_H +#define DEFAULT_PCSC_PROVIDER "winscard.dll" + +#define SC_PKCS15_PROFILE_DIRECTORY "C:\\Program Files\\OpenSC\\profiles" + +#define PATH_MAX FILENAME_MAX + +#ifndef PACKAGE_VERSION +#define PACKAGE_VERSION "@PACKAGE_VERSION@" +#endif + +#ifndef PACKAGE_NAME +#define PACKAGE_NAME "@PACKAGE_NAME@" +#endif + +#ifndef OPENSC_FEATURES +#define OPENSC_FEATURES "N/A" +#endif + +#endif