Menu
▾
▴
[Opensc-commits] [OpenSC/OpenSC] 6af6bd: Don't stop on gaps when parsing PKCS#15 DF files
|
From: Frank M. <no...@gi...> - 2023-04-13 13:50:04
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: 6af6bdf1b16e5855f7061899a39bf7f9cd173574 https://github.com/OpenSC/OpenSC/commit/6af6bdf1b16e5855f7061899a39bf7f9cd173574 Author: Luka Logar <luk...@in...> Date: 2023-03-29 (Wed, 29 Mar 2023) Changed paths: M src/libopensc/pkcs15.c Log Message: ----------- Don't stop on gaps when parsing PKCS#15 DF files Slovenian eID card has gaps between consecutive PKCS#15 objects in xDF (PrKDF, CDF) files. Currently parsing stops when it reaches EOC. With this patch parsing continues until whole file is processed and end-of-file reached. This way, all the objects that are stored on a Slovenian eID card are read properly. Commit: 1d5c81e85baaa82973e1080dfb34876830bee067 https://github.com/OpenSC/OpenSC/commit/1d5c81e85baaa82973e1080dfb34876830bee067 Author: Luka Logar <luk...@in...> Date: 2023-03-29 (Wed, 29 Mar 2023) Changed paths: M src/pkcs11/framework-pkcs15.c Log Message: ----------- Add some more logic to decide if login is required Currently CKF_LOGIN_REQUIRED flag is set if any PIN objects exist. But Slovenian eID card (at least the 'low level' app) has PIN objects and still doesn't require PIN. So, set CKF_LOGIN_REQUIRED only if PIN objects exist AND TokenInfo has TOKEN_LOGIN_REQUIRED set. Commit: 4a4fbeb472fbd273f436d42a90b48cfeda81a9ea https://github.com/OpenSC/OpenSC/commit/4a4fbeb472fbd273f436d42a90b48cfeda81a9ea Author: Luka Logar <luk...@in...> Date: 2023-03-29 (Wed, 29 Mar 2023) Changed paths: M doc/files/opensc.conf.5.xml.in M etc/opensc.conf.example.in M src/minidriver/minidriver.c M src/pkcs11/framework-pkcs15.c Log Message: ----------- Make PKCS#11 PIN objects selectable via the opensc.conf Currently the first suitable PIN is used as a PKCS#11 'User PIN'. However Slovenian eID's first PIN object is 'Card CAN' which is not used for accessing on-card files. With this patch per PKCS#15 application 'user_pin' and 'sign_pin' options are implemented, which can be used to precisely specify which PIN objects should be used instead of the ones library automagically picked. The same also applies to the minidriver code. Commit: d58e261a91617bbb393853cf386cf26966c966e5 https://github.com/OpenSC/OpenSC/commit/d58e261a91617bbb393853cf386cf26966c966e5 Author: Luka Logar <luk...@in...> Date: 2023-03-29 (Wed, 29 Mar 2023) Changed paths: M src/libopensc/iso7816.c Log Message: ----------- RESET RETRY COUNTER can also send case 1 APDU Data field is absent when P1 is 0x03 Commit: 4b2ef66cd254c6c3743897ded241cc39be19fdba https://github.com/OpenSC/OpenSC/commit/4b2ef66cd254c6c3743897ded241cc39be19fdba Author: Luka Logar <luk...@in...> Date: 2023-03-29 (Wed, 29 Mar 2023) Changed paths: M src/libopensc/pkcs15-prkey.c Log Message: ----------- Expand PrKDF parsing to include Slovenian eID specific data Slovenian eID card has ECC curve OID included in the PrKDF key object data. By parsing this data one can get the private key length which will be needed later. Commit: 4340b757e0d93e5593f8a6062ed2b93b38f3e303 https://github.com/OpenSC/OpenSC/commit/4340b757e0d93e5593f8a6062ed2b93b38f3e303 Author: Luka Logar <luk...@in...> Date: 2023-03-29 (Wed, 29 Mar 2023) Changed paths: M doc/files/opensc.conf.5.xml.in M etc/opensc.conf.example.in M src/libopensc/Makefile.am M src/libopensc/Makefile.mak A src/libopensc/card-eoi.c A src/libopensc/card-eoi.h M src/libopensc/cards.h M src/libopensc/ctx.c A src/libopensc/pkcs15-eoi.c M src/libopensc/pkcs15-syn.c M src/libopensc/pkcs15-syn.h Log Message: ----------- Add support for Slovenian eID card ('eOI' in Slovenian language, OpenSC driver name 'eoi') It mostly follows the PKCS#15 model with some quirks which are handled by the provided code. Installed on the eID card are 2 applications (that are of interest to OpenSC): 1. app:E8:28:BD:08:0F:01:4E:58:50:31 (Prijava brez PIN-a) which can be used for Low assurance authentication that does not require PIN entry. It includes 1 private key/certificate and several PIN objects, but it looks like they are not needed for normal operation. 2. app:E8:28:BD:08:0F:01:4E:58:50:30 (Podpis in prijava) which can be used to make QES signatures and High assurance authentication and includes 2 private keys/certificates and several PINs, including 'Norm PIN' & 'Sig PIN' PINs, which should probably be exposed as 2 PKCS#11 slots. Both applications also include full certificate chains needed to verify respective user certificates. 'Norm PIN' is shared between both applications, so 'Norm PIN' change in one also applies to the other. SM with PACE authentication is used for establishing a secure communication with the card. In case of contact reader, CAN is read from the card (where it's stored in an encrypted form), decrypted and used for authentication. In case of contactless reader, CAN has to be provided via the opensc.conf file or EOI_CAN environment variable. The following functionalities have been implemented: - secure login - PIN change - PIN unblock using "pkcs15-tool --unblock ..." and/or "pkcs11-tool --unlock-pin ..." (user_pin_unblock_style must be set to set_pin_in_unlogged_session for the later) - digital signatures, SHA1, SHA256 and raw data are supported Not implemented: - card activation The card has been tested on Ubuntu 22.04 and with both contact (pinpad readers will probably have some issues) and contactless readers. Commit: ac226451e777850b48da36ad54b77799ddc0257d https://github.com/OpenSC/OpenSC/commit/ac226451e777850b48da36ad54b77799ddc0257d Author: Frank Morgner <fra...@gm...> Date: 2023-04-13 (Thu, 13 Apr 2023) Changed paths: M doc/files/opensc.conf.5.xml.in M etc/opensc.conf.example.in M src/libopensc/Makefile.am M src/libopensc/Makefile.mak A src/libopensc/card-eoi.c A src/libopensc/card-eoi.h M src/libopensc/cards.h M src/libopensc/ctx.c M src/libopensc/iso7816.c A src/libopensc/pkcs15-eoi.c M src/libopensc/pkcs15-prkey.c M src/libopensc/pkcs15-syn.c M src/libopensc/pkcs15-syn.h M src/libopensc/pkcs15.c M src/minidriver/minidriver.c M src/pkcs11/framework-pkcs15.c Log Message: ----------- Merge pull request #2646 from llogar/eOI Add support for Slovenian eID card (eOI) Compare: https://github.com/OpenSC/OpenSC/compare/47ac0917db94...ac226451e777 |
