Menu
▾
▴
[Opensc-commits] [OpenSC/OpenSC] bfd0fe: pkcs11-tool.c - fix tag len in OID
|
From: Doug E. <no...@gi...> - 2024-02-16 13:04:24
|
Branch: refs/heads/X25519-improvements-2 Home: https://github.com/OpenSC/OpenSC Commit: bfd0fe171737acf6942297bd09a970625414908a https://github.com/OpenSC/OpenSC/commit/bfd0fe171737acf6942297bd09a970625414908a Author: Doug Engert <dee...@gm...> Date: 2024-02-16 (Fri, 16 Feb 2024) Changed paths: M src/tools/pkcs11-tool.c Log Message: ----------- pkcs11-tool.c - fix tag len in OID On branch X25519-improvements-2 Changes to be committed: modified: tools/pkcs11-tool.c Commit: 9e5014a60edc2ec721f22a9b78582f9bf3cd2e05 https://github.com/OpenSC/OpenSC/commit/9e5014a60edc2ec721f22a9b78582f9bf3cd2e05 Author: Doug Engert <dee...@gm...> Date: 2024-02-16 (Fri, 16 Feb 2024) Changed paths: M src/tools/pkcs11-tool.c Log Message: ----------- pkcs11-tool.c - Incorrect OID for edwards25519 1.3.6.1.4.1159.15.1 should be 1.3.6.1.4.11591.15.1 openpgp writes 2B 06 01 04 01 DA 47 0F 01 to card which comes from OID 06 09 2B 06 01 04 01 DA 47 0F 01 https://lapo.it/asn1js/ (asn.1 parser) reports this as: OBJECT IDENTIFIER 1.3.6.1.4.1.11591.15.1 curve25519 (GNU encryption algorithm) https://www.gnupg.org/oids.html lists this as Ed25519 On branch X25519-improvements-2 Changes to be committed: modified: tools/pkcs11-tool.c Commit: 4298efab1464a820f73e23531769f09257279e1b https://github.com/OpenSC/OpenSC/commit/4298efab1464a820f73e23531769f09257279e1b Author: Doug Engert <dee...@gm...> Date: 2024-02-16 (Fri, 16 Feb 2024) Changed paths: M src/tools/pkcs11-tool.c Log Message: ----------- pkcs11-tool.c - CKK_GENERIC_SECRET do not have CKA_ENCRYPT or CKA_DECRYPT On branch X25519-improvements-2 Changes to be committed: modified: tools/pkcs11-tool.c Commit: 1f27a06637ee29b9736d7063f2106075f4bd61b4 https://github.com/OpenSC/OpenSC/commit/1f27a06637ee29b9736d7063f2106075f4bd61b4 Author: Doug Engert <dee...@gm...> Date: 2024-02-16 (Fri, 16 Feb 2024) Changed paths: M src/tools/pkcs11-tool.c Log Message: ----------- pkcs11-tool.c Add derive key support for CKK_MONTGOMERY OpenSSL treats EVP_PKEY_EC, EVP_PKEY_X25519 and EVP_PKEY_X448 as different key types. Refer to the other key as a peer key. Use mech_mech as it is passed into derive_ec_key. On branch X25519-improvements-2 Changes to be committed: modified: src/tools/pkcs11-tool.c Commit: e53d0b4d679847be8032845c54af03cebd8e3f5a https://github.com/OpenSC/OpenSC/commit/e53d0b4d679847be8032845c54af03cebd8e3f5a Author: Doug Engert <dee...@gm...> Date: 2024-02-16 (Fri, 16 Feb 2024) Changed paths: M src/tools/pkcs11-tool.c Log Message: ----------- pkcs11-tool.c - Update EC type curves On branch X25519-improvements-2 Changes to be committed: modified: tools/pkcs11-tool.c Commit: c86a0f9ee563b5ab9121c5a7bf8e32a1906b86b5 https://github.com/OpenSC/OpenSC/commit/c86a0f9ee563b5ab9121c5a7bf8e32a1906b86b5 Author: Doug Engert <dee...@gm...> Date: 2024-02-16 (Fri, 16 Feb 2024) Changed paths: M src/tools/pkcs11-tool.c Log Message: ----------- pkcs11-tool.c - EVP_KEY_X448 not defined in LibreSSL EVP_KEY_X25519 is defined but not EVP_KEY_X448. Test if defined. Changes to be committed: modified: src/tools/pkcs11-tool.c Commit: a7b1255ed5f62bf63efe42883e63522296894535 https://github.com/OpenSC/OpenSC/commit/a7b1255ed5f62bf63efe42883e63522296894535 Author: Doug Engert <dee...@gm...> Date: 2024-02-16 (Fri, 16 Feb 2024) Changed paths: M src/tools/pkcs11-tool.c Log Message: ----------- pkcs11-tool.c calculate size in bits for eddsa and xeddsa CKA_EC_POINT CKA_EC_POINT for eddsa and xeddsa are bit strings. Changes to be committed: modified: src/tools/pkcs11-tool.c Commit: 29af497a54fd8773e7c8ffb01bbb3609f74b55ce https://github.com/OpenSC/OpenSC/commit/29af497a54fd8773e7c8ffb01bbb3609f74b55ce Author: Doug Engert <dee...@gm...> Date: 2024-02-16 (Fri, 16 Feb 2024) Changed paths: M src/libopensc/pkcs15.h Log Message: ----------- pkcs15.h - PKCS11 ecparams are used by CKK_EC, CKK_EDWARDS and CKK_MONTGOMERY Remove redundent code for struct sc_pkcs15_prkey_eddsa eddsa. Please enter the commit message for your changes. Lines starting Commit: 953222360359e767bdf6787e4294c9cf5b1a0491 https://github.com/OpenSC/OpenSC/commit/953222360359e767bdf6787e4294c9cf5b1a0491 Author: Doug Engert <dee...@gm...> Date: 2024-02-16 (Fri, 16 Feb 2024) Changed paths: M src/libopensc/pkcs15-prkey.c M src/libopensc/pkcs15-pubkey.c Log Message: ----------- pkcs15-prkey.c pkcs15-pubkey.c - Use common EC params On branch X25519-improvements-2 Changes to be committed: modified: libopensc/pkcs15-prkey.c modified: libopensc/pkcs15-pubkey.c Commit: 4654fbaea687fd31cc4ed25a0c05971ac90bf60a https://github.com/OpenSC/OpenSC/commit/4654fbaea687fd31cc4ed25a0c05971ac90bf60a Author: Doug Engert <dee...@gm...> Date: 2024-02-16 (Fri, 16 Feb 2024) Changed paths: M src/pkcs11/framework-pkcs15.c M src/tools/pkcs15-tool.c Log Message: ----------- fixup framework-pkcs15.c tools/pkcs15-tool.c Can not use xeddsa to sign xeddsa certificate requests. But OpenSSL x509 -force_pubkey can be used to create a certificate. Date: Sat Dec 9 07:06:43 2023 -0600 Changes to be committed: modified: src/pkcs11/framework-pkcs15.c modified: src/tools/pkcs15-tool.c Commit: d2b22a2621204c8dc9857b7f3aca6f14191e2e93 https://github.com/OpenSC/OpenSC/commit/d2b22a2621204c8dc9857b7f3aca6f14191e2e93 Author: Doug Engert <dee...@gm...> Date: 2024-02-16 (Fri, 16 Feb 2024) Changed paths: M src/libopensc/card-openpgp.c Log Message: ----------- card-openpgp.c - Use common "ec_pointQ" for EC, EDDSA and XEDDSA In previous OpenSC code EC public key is called a ec_pointQ. EDDSA and XEDDSA called it public. Both are stored asvalue and len. So to simplify the code, we use the same structures. The difference comes when they are returned in pkcs11. EC is encoded in an OCTET STRING, The others are iencoded in a BIT STRING. Changes to be committed: modified: src/libopensc/card-openpgp.c Commit: eaf37da95b9f6c479095bc12647747a3ed2bd277 https://github.com/OpenSC/OpenSC/commit/eaf37da95b9f6c479095bc12647747a3ed2bd277 Author: Doug Engert <dee...@gm...> Date: 2024-02-16 (Fri, 16 Feb 2024) Changed paths: M src/pkcs15init/pkcs15-lib.c M src/pkcs15init/pkcs15-openpgp.c Log Message: ----------- pkcs15init/pkcs15-lib.c pkcs15init/pkcs15-openpgp.c - EDDSA and XEDDSA Improvments to allow for key generation via pkcs11 or pkcs15 Date: Sat Dec 9 18:57:26 2023 -0600 On branch X25519-improvements-2 Changes to be committed: modified: pkcs15init/pkcs15-lib.c modified: pkcs15init/pkcs15-openpgp.c Commit: e9a50d7af97d3caaed8176f1c8472313b15aecfc https://github.com/OpenSC/OpenSC/commit/e9a50d7af97d3caaed8176f1c8472313b15aecfc Author: Doug Engert <dee...@gm...> Date: 2024-02-16 (Fri, 16 Feb 2024) Changed paths: M src/libopensc/card-openpgp.c Log Message: ----------- card-openpgp.c - add SC_ALGORITHM_ONBOARD_KEY_GEN This will add PKCS11 key gen mechanisms. On branch X25519-improvements-2 Changes to be committed: modified: src/libopensc/card-openpgp.c Commit: 32683008a7a95802457a2d5bdebb2e2137674243 https://github.com/OpenSC/OpenSC/commit/32683008a7a95802457a2d5bdebb2e2137674243 Author: Doug Engert <dee...@gm...> Date: 2024-02-16 (Fri, 16 Feb 2024) Changed paths: M src/libopensc/pkcs15-pubkey.c Log Message: ----------- pkcs15-pubkey.c update ec curves and map printable strings GnuPG says with version 5 cards, the RFC8410 OIDs can be written to the card so we will accept these and if needed use the older OpenPGP curves on older cards within the card-openpgp.c ec_params using the printablestring will be mapped to ones with OIDs if possible/ Date: Sun Dec 10 17:08:05 2023 -0600 On branch X25519-improvements-2 Changes to be committed: modified: libopensc/pkcs15-pubkey.c Commit: 2483e67359794b204afe0cdd1e808c04cd9ecb3c https://github.com/OpenSC/OpenSC/commit/2483e67359794b204afe0cdd1e808c04cd9ecb3c Author: Doug Engert <dee...@gm...> Date: 2024-02-16 (Fri, 16 Feb 2024) Changed paths: M src/tools/pkcs15-init.c Log Message: ----------- pkcs15-init.c squash adding additional if statement Changes to be committed: modified: src/tools/pkcs15-init.c Commit: 05618ed121aceac94f50ce1dc6265f62258b9aad https://github.com/OpenSC/OpenSC/commit/05618ed121aceac94f50ce1dc6265f62258b9aad Author: Doug Engert <dee...@gm...> Date: 2024-02-16 (Fri, 16 Feb 2024) Changed paths: M src/libopensc/pkcs15-algo.c Log Message: ----------- pkcs15-algo.c - add Ed448, X448 and openpgp oids Changes to be committed: modified: libopensc/pkcs15-algo.c Commit: 0ed3b603bafba2dc9c419f30e45e5256dc923bed https://github.com/OpenSC/OpenSC/commit/0ed3b603bafba2dc9c419f30e45e5256dc923bed Author: Doug Engert <dee...@gm...> Date: 2024-02-16 (Fri, 16 Feb 2024) Changed paths: M src/libopensc/card-openpgp.c M src/libopensc/card-openpgp.h M src/pkcs15init/pkcs15-openpgp.c Log Message: ----------- OpenPGP - Move mapping of OpenPGP specifix OIDs The mapping of curve OIDs to be written to a card is moved from pkcs15init/pkcs15-openpgp.c to card-openpgp.c pkcs15init/pkcs15-openpgp and pkcs11 can then provide old or new OIDSs. The card driver will remap if needed. Date: Mon Jan 15 13:00:51 2024 -0600 Changes to be committed: modified: src/libopensc/card-openpgp.c modified: src/libopensc/card-openpgp.h modified: src/pkcs15init/pkcs15-openpgp.c Commit: a59efe366721fc3dab96005a90d060a8276b43dc https://github.com/OpenSC/OpenSC/commit/a59efe366721fc3dab96005a90d060a8276b43dc Author: Doug Engert <dee...@gm...> Date: 2024-02-16 (Fri, 16 Feb 2024) Changed paths: M src/pkcs15init/pkcs15-openpgp.c Log Message: ----------- pkcs15init/pkcs15-opensc.c unused variable On branch X25519-improvements-2 Changes to be committed: modified: pkcs15init/pkcs15-openpgp.c Commit: 5b2cd11715d614d60194ab15ac918cb0ec907fbf https://github.com/OpenSC/OpenSC/commit/5b2cd11715d614d60194ab15ac918cb0ec907fbf Author: Doug Engert <dee...@gm...> Date: 2024-02-16 (Fri, 16 Feb 2024) Changed paths: M src/tools/pkcs15-init.c Log Message: ----------- tools/pkcs15-init.c accept and case and convert to correct case Accept any case of curve names but pass corrected case to lower level routines. On branch X25519-improvements-2 Changes to be committed: modified: tools/pkcs15-init.c Commit: 40ce3f40665a569df0aad8cd8854aa0335f60d91 https://github.com/OpenSC/OpenSC/commit/40ce3f40665a569df0aad8cd8854aa0335f60d91 Author: Doug Engert <dee...@gm...> Date: 2024-02-16 (Fri, 16 Feb 2024) Changed paths: M src/libopensc/card-openpgp.c M src/libopensc/card-openpgp.h Log Message: ----------- card-openpgp.c card-openpgp.h fix so will compile on mingw Date: Sat Jan 20 12:43:26 2024 -0600 Changes to be committed: modified: src/libopensc/card-openpgp.c modified: src/libopensc/card-openpgp.h Commit: 76e5f1f2f1d478746089984f5d9587b024763405 https://github.com/OpenSC/OpenSC/commit/76e5f1f2f1d478746089984f5d9587b024763405 Author: Doug Engert <dee...@gm...> Date: 2024-02-16 (Fri, 16 Feb 2024) Changed paths: M doc/tools/pkcs15-init.1.xml Log Message: ----------- doc/tools/pkcs15-init.1.xml document Curve names for eddsa and xeddsa Changes to be committed: modified: doc/tools/pkcs15-init.1.xml Commit: b8eb37bbf3038417fc96474005e82a3a76ae6919 https://github.com/OpenSC/OpenSC/commit/b8eb37bbf3038417fc96474005e82a3a76ae6919 Author: Doug Engert <dee...@gm...> Date: 2024-02-16 (Fri, 16 Feb 2024) Changed paths: M src/pkcs11/framework-pkcs15.c Log Message: ----------- framework-pkcs15.c - Support CKA_PUBKEY_KEY_INFO PKCS11 V2.4 and V3.0 added CKA_PUBKEY_KEY_INFO as SPKI from pubkey On branch X25519-improvements-2 Changes to be committed: modified: framework-pkcs15.c Commit: ef0ed3d592c39d77fa9db1b8dce9fb32a8cab5ff https://github.com/OpenSC/OpenSC/commit/ef0ed3d592c39d77fa9db1b8dce9fb32a8cab5ff Author: Doug Engert <dee...@gm...> Date: 2024-02-16 (Fri, 16 Feb 2024) Changed paths: M src/tools/pkcs11-tool.c Log Message: ----------- pkcs11-tool.c - EC_POINT DER in BIT STRING or OCTET STRING Accept either encoding. On branch X25519-improvements-2 Changes to be committed: modified: src/tools/pkcs11-tool.c Commit: e7d8e71d4cebb7a17f8acc65ed16dd8b9d396a36 https://github.com/OpenSC/OpenSC/commit/e7d8e71d4cebb7a17f8acc65ed16dd8b9d396a36 Author: Doug Engert <dee...@gm...> Date: 2024-02-16 (Fri, 16 Feb 2024) Changed paths: M src/libopensc/card-openpgp.c M src/libopensc/pkcs15-pubkey.c M src/tools/pkcs11-tool.c M src/tools/pkcs15-init.c Log Message: ----------- WIP to accept pkcs11 ec_point encoded in bit string or byte string See opensc issue #3000 On branch X25519-improvements-2 Changes to be committed: modified: libopensc/card-openpgp.c modified: libopensc/pkcs15-pubkey.c modified: tools/pkcs11-tool.c modified: tools/pkcs15-init.c Commit: 1b95de4014f851eeeee5e3a4f2a803a187209c8a https://github.com/OpenSC/OpenSC/commit/1b95de4014f851eeeee5e3a4f2a803a187209c8a Author: Doug Engert <dee...@gm...> Date: 2024-02-16 (Fri, 16 Feb 2024) Changed paths: M src/libopensc/card-openpgp.c M src/libopensc/pkcs15-openpgp.c Log Message: ----------- pkcs15-openpgp.c Authentication key for decrypt requires MSE pkcs11-tool --test calls "test_decrypt" and test any RSA key that supports decryption. OpenPGP can do this for the Authentication key, but requires the optional MANAGE SECURITY ENVIRONMENT (MSE) command. Do not set decrypt or wrap usage bits unless MSE is supported for the card. Found using YubiKey NFC and Nitro start that do not support MSE. On branch X25519-improvements-2 Changes to be committed: modified: libopensc/pkcs15-openpgp.c Compare: https://github.com/OpenSC/OpenSC/compare/bfd0fe171737%5E...1b95de4014f8 |
