Menu
▾
▴
[Opensc-commits] [OpenSC/OpenSC] fe6519: pkcs11-tool.c - CKK_GENERIC_SECRET do not have CKA...
|
From: Frank M. <no...@gi...> - 2025-01-31 08:46:06
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: fe6519238fca1f26648aabd6dbb75e82a0ee63bc https://github.com/OpenSC/OpenSC/commit/fe6519238fca1f26648aabd6dbb75e82a0ee63bc Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/tools/pkcs11-tool.c Log Message: ----------- pkcs11-tool.c - CKK_GENERIC_SECRET do not have CKA_ENCRYPT or CKA_DECRYPT On branch X25519-improvements-2 Changes to be committed: modified: tools/pkcs11-tool.c Commit: 0943149947344e14d116e681d4977927d01ee802 https://github.com/OpenSC/OpenSC/commit/0943149947344e14d116e681d4977927d01ee802 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/tools/pkcs11-tool.c Log Message: ----------- pkcs11-tool.c Add derive key support for CKK_MONTGOMERY OpenSSL treats EVP_PKEY_EC, EVP_PKEY_X25519 and EVP_PKEY_X448 as different key types. Refer to the other key as a peer key. Use mech_mech as it is passed into derive_ec_key. On branch X25519-improvements-2 Changes to be committed: modified: src/tools/pkcs11-tool.c Commit: 33f87c9f36e0eb1a3b73882bb05bf1222ad8d441 https://github.com/OpenSC/OpenSC/commit/33f87c9f36e0eb1a3b73882bb05bf1222ad8d441 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/tools/pkcs11-tool.c Log Message: ----------- pkcs11-tool.c - EVP_KEY_X448 not defined in LibreSSL EVP_KEY_X25519 is defined but not EVP_KEY_X448. Test if defined. Changes to be committed: modified: src/tools/pkcs11-tool.c Commit: 591b762bb290eddd2f1a14cfb4f373a27dd78dc5 https://github.com/OpenSC/OpenSC/commit/591b762bb290eddd2f1a14cfb4f373a27dd78dc5 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/tools/pkcs11-tool.c Log Message: ----------- pkcs11-tool.c calculate size in bits for eddsa and xeddsa CKA_EC_POINT CKA_EC_POINT for eddsa and xeddsa are bit strings. Changes to be committed: modified: src/tools/pkcs11-tool.c Commit: 0827576c45b90ce62e9d3a9215c5ea5618fa3c32 https://github.com/OpenSC/OpenSC/commit/0827576c45b90ce62e9d3a9215c5ea5618fa3c32 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/tools/pkcs11-tool.c Log Message: ----------- pkcs11-tool.c - EC_POINT DER in BIT STRING or OCTET STRING Accept either encoding. On branch X25519-improvements-2 Changes to be committed: modified: src/tools/pkcs11-tool.c Commit: 62ac0c69197daeadac1931c2f6a210648b155a87 https://github.com/OpenSC/OpenSC/commit/62ac0c69197daeadac1931c2f6a210648b155a87 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/tools/pkcs11-tool.c Log Message: ----------- pkcs11-tool.c - remore wrap/unwrap from template On branch X25519-improvements-2 Changes to be committed: modified: pkcs11-tool.c Commit: 312ce3be0c7687f99885dd29d64503d21c08cd4c https://github.com/OpenSC/OpenSC/commit/312ce3be0c7687f99885dd29d64503d21c08cd4c Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/pkcs15.h Log Message: ----------- pkcs15.h - PKCS11 ecparams are used by CKK_EC, CKK_EDWARDS and CKK_MONTGOMERY Remove redundent code for struct sc_pkcs15_prkey_eddsa eddsa. Please enter the commit message for your changes. Lines starting Commit: afe9fb49d0f813e4ae1ea49fc1b24c69c18125f3 https://github.com/OpenSC/OpenSC/commit/afe9fb49d0f813e4ae1ea49fc1b24c69c18125f3 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/pkcs15-prkey.c M src/libopensc/pkcs15-pubkey.c M src/pkcs11/framework-pkcs15.c M src/tools/pkcs15-tool.c Log Message: ----------- pkcs15-prkey.c pkcs15-pubkey.c - Use common EC params On branch X25519-improvements-2 Changes to be committed: modified: libopensc/pkcs15-prkey.c modified: libopensc/pkcs15-pubkey.c Commit: c7ba42a0287e00c8649f71514595420318245b92 https://github.com/OpenSC/OpenSC/commit/c7ba42a0287e00c8649f71514595420318245b92 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/card-openpgp.c Log Message: ----------- card-openpgp.c - Use common "ec_pointQ" for EC, EDDSA and XEDDSA In previous OpenSC code EC public key is called a ec_pointQ. EDDSA and XEDDSA called it public. Both are stored asvalue and len. So to simplify the code, we use the same structures. The difference comes when they are returned in pkcs11. EC is encoded in an OCTET STRING, The others are iencoded in a BIT STRING. Changes to be committed: modified: src/libopensc/card-openpgp.c Commit: 0bcca6056797194cacc0e59293f9c88ae1002367 https://github.com/OpenSC/OpenSC/commit/0bcca6056797194cacc0e59293f9c88ae1002367 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/pkcs15init/pkcs15-lib.c M src/pkcs15init/pkcs15-openpgp.c Log Message: ----------- pkcs15init/pkcs15-lib.c pkcs15init/pkcs15-openpgp.c - EDDSA and XEDDSA Improvments to allow for key generation via pkcs11 or pkcs15 Date: Sat Dec 9 18:57:26 2023 -0600 On branch X25519-improvements-2 Changes to be committed: modified: pkcs15init/pkcs15-lib.c modified: pkcs15init/pkcs15-openpgp.c Commit: 7996d340125c46c0e1f4ebd8b9310dee463a6fa5 https://github.com/OpenSC/OpenSC/commit/7996d340125c46c0e1f4ebd8b9310dee463a6fa5 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/card-openpgp.c Log Message: ----------- card-openpgp.c - add SC_ALGORITHM_ONBOARD_KEY_GEN This will add PKCS11 key gen mechanisms. On branch X25519-improvements-2 Changes to be committed: modified: src/libopensc/card-openpgp.c Commit: 8f3b1ce959c807ce6be0f85e094472bfc4b06d90 https://github.com/OpenSC/OpenSC/commit/8f3b1ce959c807ce6be0f85e094472bfc4b06d90 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/pkcs15-pubkey.c Log Message: ----------- pkcs15-pubkey.c update ec curves and map printable strings GnuPG says with version 5 cards, the RFC8410 OIDs can be written to the card so we will accept these and if needed use the older OpenPGP curves on older cards within the card-openpgp.c ec_params using the printablestring will be mapped to ones with OIDs if possible/ Date: Sun Dec 10 17:08:05 2023 -0600 On branch X25519-improvements-2 Changes to be committed: modified: libopensc/pkcs15-pubkey.c Commit: 4c2461f8d8b96e154550ef5ae2f35db84b5640c1 https://github.com/OpenSC/OpenSC/commit/4c2461f8d8b96e154550ef5ae2f35db84b5640c1 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/tools/pkcs15-init.c Log Message: ----------- pkcs15-init.c squash adding additional if statement Changes to be committed: modified: src/tools/pkcs15-init.c Commit: da5e8dfac527b43de7c19c075dbda0d7e74d328d https://github.com/OpenSC/OpenSC/commit/da5e8dfac527b43de7c19c075dbda0d7e74d328d Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/pkcs15-algo.c Log Message: ----------- pkcs15-algo.c - add Ed448, X448 and openpgp oids Changes to be committed: modified: libopensc/pkcs15-algo.c Commit: 007414e39971334c60e47f99eb2e2d66546d0bd2 https://github.com/OpenSC/OpenSC/commit/007414e39971334c60e47f99eb2e2d66546d0bd2 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/card-openpgp.c M src/libopensc/card-openpgp.h M src/pkcs15init/pkcs15-openpgp.c Log Message: ----------- OpenPGP - Move mapping of OpenPGP specifix OIDs The mapping of curve OIDs to be written to a card is moved from pkcs15init/pkcs15-openpgp.c to card-openpgp.c pkcs15init/pkcs15-openpgp and pkcs11 can then provide old or new OIDSs. The card driver will remap if needed. Date: Mon Jan 15 13:00:51 2024 -0600 Changes to be committed: modified: src/libopensc/card-openpgp.c modified: src/libopensc/card-openpgp.h modified: src/pkcs15init/pkcs15-openpgp.c Commit: 076ccccbf851c042915c6863eec621311ed41d6e https://github.com/OpenSC/OpenSC/commit/076ccccbf851c042915c6863eec621311ed41d6e Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/pkcs15init/pkcs15-openpgp.c Log Message: ----------- pkcs15init/pkcs15-opensc.c unused variable On branch X25519-improvements-2 Changes to be committed: modified: pkcs15init/pkcs15-openpgp.c Commit: 500aec716ff1faab3087faaf0d87748ae99d9f26 https://github.com/OpenSC/OpenSC/commit/500aec716ff1faab3087faaf0d87748ae99d9f26 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/tools/pkcs15-init.c Log Message: ----------- tools/pkcs15-init.c accept and case and convert to correct case Accept any case of curve names but pass corrected case to lower level routines. On branch X25519-improvements-2 Changes to be committed: modified: tools/pkcs15-init.c Commit: d3b0dbc29ae9c8392b7c150e7729b66bbfcc6f6a https://github.com/OpenSC/OpenSC/commit/d3b0dbc29ae9c8392b7c150e7729b66bbfcc6f6a Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/card-openpgp.c M src/libopensc/card-openpgp.h Log Message: ----------- card-openpgp.c card-openpgp.h fix so will compile on mingw Date: Sat Jan 20 12:43:26 2024 -0600 Changes to be committed: modified: src/libopensc/card-openpgp.c modified: src/libopensc/card-openpgp.h Commit: 2efa25c0802522ec5afd9d9b6523bbf8279d9389 https://github.com/OpenSC/OpenSC/commit/2efa25c0802522ec5afd9d9b6523bbf8279d9389 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M doc/tools/pkcs15-init.1.xml Log Message: ----------- doc/tools/pkcs15-init.1.xml document Curve names for eddsa and xeddsa Changes to be committed: modified: doc/tools/pkcs15-init.1.xml Commit: a331060f5a113f7c4528a74a3bdc19153701ef78 https://github.com/OpenSC/OpenSC/commit/a331060f5a113f7c4528a74a3bdc19153701ef78 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/pkcs11/framework-pkcs15.c Log Message: ----------- framework-pkcs15.c - Support CKA_PUBKEY_KEY_INFO PKCS11 V2.4 and V3.0 added CKA_PUBKEY_KEY_INFO as SPKI from pubkey On branch X25519-improvements-2 Changes to be committed: modified: framework-pkcs15.c Commit: e970d538a3a38491a79c9aa1a980c629fba80265 https://github.com/OpenSC/OpenSC/commit/e970d538a3a38491a79c9aa1a980c629fba80265 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/card-openpgp.c M src/libopensc/pkcs15-pubkey.c M src/tools/pkcs11-tool.c M src/tools/pkcs15-init.c Log Message: ----------- WIP to accept pkcs11 ec_point encoded in bit string or byte string See opensc issue #3000 On branch X25519-improvements-2 Changes to be committed: modified: libopensc/card-openpgp.c modified: libopensc/pkcs15-pubkey.c modified: tools/pkcs11-tool.c modified: tools/pkcs15-init.c Commit: 87878f08141e76996a017acb010a1b0039daabe3 https://github.com/OpenSC/OpenSC/commit/87878f08141e76996a017acb010a1b0039daabe3 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/pkcs15-pubkey.c Log Message: ----------- pkcs15-pubkey.c make default for CKA_EC_POINT to return old OCTET STRING p11test is still using old way. On branch X25519-improvements-2 Changes to be committed: modified: pkcs15-pubkey.c Commit: 6a1b902ddea6044cb6972bbb6cd17a1dde315b9d https://github.com/OpenSC/OpenSC/commit/6a1b902ddea6044cb6972bbb6cd17a1dde315b9d Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M .github/test-oseid.sh Log Message: ----------- test-oseid.sh use restart-pcscd.sh Added github/restart-pcscd.sh On branch X25519-improvements-2 Changes to be committed: modified: test-oseid.sh Commit: 567947c3a6d0161b5d77e7fae0a3ff9b32df9da0 https://github.com/OpenSC/OpenSC/commit/567947c3a6d0161b5d77e7fae0a3ff9b32df9da0 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M .github/test-oseid.sh Log Message: ----------- Revert "test-oseid.sh use restart-pcscd.sh" This is unrelated to to the PR so if needed submit as seperate PR This reverts commit 00c4a73af5522f5c09bec1cd5cded788d0bf39ba. On branch X25519-improvements-2 Changes to be committed: modified: .github/test-oseid.sh Commit: 73f72af45abc8ee3613876d328d71c8756a25a84 https://github.com/OpenSC/OpenSC/commit/73f72af45abc8ee3613876d328d71c8756a25a84 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/pkcs15-pubkey.c Log Message: ----------- pkcs15-pubkey.c fix bug found by fuzzer On branch X25519-improvements-2 Changes to be committed: modified: pkcs15-pubkey.c Commit: a3c609668af8933acc2b2f4dfa802c58b2f900d5 https://github.com/OpenSC/OpenSC/commit/a3c609668af8933acc2b2f4dfa802c58b2f900d5 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/card-openpgp.c Log Message: ----------- card-openpgp.c - whitespace and code style Code style from yshui/git-clang-format-lint On branch X25519-improvements-2 Changes to be committed: modified: src/libopensc/card-openpgp.c Commit: 0118c9de82e19a18b7e19c4fe6dbf555f25082d7 https://github.com/OpenSC/OpenSC/commit/0118c9de82e19a18b7e19c4fe6dbf555f25082d7 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/pkcs11/framework-pkcs15.c Log Message: ----------- framework-pkcs15,c - whitespace and code style Code style from yshui/git-clang-format-lint On branch X25519-improvements-2 Changes to be committed: modified: src/pkcs11/framework-pkcs15.c Commit: 693b89d72a4749eab44eaccdaede8f584a078455 https://github.com/OpenSC/OpenSC/commit/693b89d72a4749eab44eaccdaede8f584a078455 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/pkcs15-algo.c Log Message: ----------- pkcs15-alg.c whitespace and code style Code style from yshui/git-clang-format-lint On branch X25519-improvements-2 Changes to be committed: modified: src/libopensc/pkcs15-algo.c Commit: f69cd013a456037e14afce47be31ecafcb546e2a https://github.com/OpenSC/OpenSC/commit/f69cd013a456037e14afce47be31ecafcb546e2a Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/tools/pkcs15-init.c Log Message: ----------- pkcs15-init.c whitespace and code style Code style from yshui/git-clang-format-lint On branch X25519-improvements-2 Changes to be committed: modified: src/tools/pkcs15-init.c Commit: 4f03e6e8bed33dc77eb2b1d85b775a33bcc2afc8 https://github.com/OpenSC/OpenSC/commit/4f03e6e8bed33dc77eb2b1d85b775a33bcc2afc8 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M doc/tools/tools.html Log Message: ----------- files.html, tools.html - rebuild As suggeseted by .github/workflows/doc.yml On branch X25519-improvements-2 Changes to be committed: modified: files/files.html modified: tools/tools.html Commit: 5db2e2a1a133b4d6967c36c5b916c30e5cbcde70 https://github.com/OpenSC/OpenSC/commit/5db2e2a1a133b4d6967c36c5b916c30e5cbcde70 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/pkcs15-prkey.c M src/libopensc/pkcs15-pubkey.c Log Message: ----------- pkcs15-pubkey.c - readability of mapped_string On branch X25519-improvements-2 Changes to be committed: modified: pkcs15-pubkey.c Commit: ed27016b169751f4215305175d060060c789e3c9 https://github.com/OpenSC/OpenSC/commit/ed27016b169751f4215305175d060060c789e3c9 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/card-openpgp.c Log Message: ----------- card-openpgp.c - renove TODO comments as code was added On branch X25519-improvements-2 Changes to be committed: modified: libopensc/card-openpgp.c Commit: 7d5076689ac68b62eee75f7cb5a0fbb2a3cbfd58 https://github.com/OpenSC/OpenSC/commit/7d5076689ac68b62eee75f7cb5a0fbb2a3cbfd58 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/pkcs15-algo.c Log Message: ----------- pkcs15-algo.c - removed comments and added asn1 calls On branch X25519-improvements-2 Changes to be committed: modified: libopensc/pkcs15-algo.c Commit: 002f8c91d12b4c750980487ec6f914743e7ffbe9 https://github.com/OpenSC/OpenSC/commit/002f8c91d12b4c750980487ec6f914743e7ffbe9 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/tools/pkcs11-tool.c Log Message: ----------- pkcs11-tool.c - formating On branch X25519-improvements-2 Changes to be committed: modified: tools/pkcs11-tool.c Commit: 3efffe553e49dd1f1c3c2955376f4ab830b8f9a5 https://github.com/OpenSC/OpenSC/commit/3efffe553e49dd1f1c3c2955376f4ab830b8f9a5 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/pkcs15-pubkey.c Log Message: ----------- pkcs15-pubkey.c - Use sc_asn1_read_tag for printable string On branch X25519-improvements-2 Changes to be committed: modified: libopensc/pkcs15-pubkey.c Commit: 54c9618d418e15b61cd6b8d59cf3df97594435d4 https://github.com/OpenSC/OpenSC/commit/54c9618d418e15b61cd6b8d59cf3df97594435d4 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/opensc.h M src/libopensc/pkcs15-pubkey.c Log Message: ----------- pkcs15-pubkey.c opensc.h - Add SC_ALGORITHM_* to ec_curve_info Make it easier to tell difference between EC, EDDSA and XEDDSA On branch X25519-improvements-2 Changes to be committed: modified: src/libopensc/opensc.h modified: src/libopensc/pkcs15-pubkey.c Commit: bfdf26a8f139090035d2478622552277f29d42e8 https://github.com/OpenSC/OpenSC/commit/bfdf26a8f139090035d2478622552277f29d42e8 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/card-openpgp.c M src/libopensc/card-openpgp.h Log Message: ----------- card-openpgp.c card-openpgp.h - Add SC_ALGORITHM_* to ec_curves_openpgp* On branch X25519-improvements-2 Changes to be committed: modified: src/libopensc/card-openpgp.c modified: src/libopensc/card-openpgp.h Commit: 1c9cc1ddea5e32bdf542fb0ab70fa2da8c947ed3 https://github.com/OpenSC/OpenSC/commit/1c9cc1ddea5e32bdf542fb0ab70fa2da8c947ed3 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/card.c Log Message: ----------- card.c - when adding an EC type alg call sc_pkcs15_fix_ec_parameters Changes to be committed: modified: libopensc/card.c Commit: 5e990bed538203852a620ad9a5ee436c04a1bf9e https://github.com/OpenSC/OpenSC/commit/5e990bed538203852a620ad9a5ee436c04a1bf9e Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/pkcs15-pubkey.c Log Message: ----------- pkcs15-pubkey.c - FIXUP order of key_type in sc_curve_info On branch X25519-improvements-2 Changes to be committed: modified: libopensc/pkcs15-pubkey.c Commit: dc368e5f6ba4d43b7042f34ea4f4cb3feb3c56b9 https://github.com/OpenSC/OpenSC/commit/dc368e5f6ba4d43b7042f34ea4f4cb3feb3c56b9 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/card.c Log Message: ----------- card.c - fix bug in sc_copy_ec_params Two fields were being copied from the dst the src sc_copy_ec_params is only used in pkcs15init/pkcs15-lib.c On branch X25519-improvements-2 Changes to be committed: modified: libopensc/card.c Commit: f37fecae192fc0668e45ab7616ba5beb0407534b https://github.com/OpenSC/OpenSC/commit/f37fecae192fc0668e45ab7616ba5beb0407534b Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/pkcs15init/pkcs15-lib.c Log Message: ----------- pkcs15init/pkcs15-openpgp.c - test id and ec type keys On branch X25519-improvements-2 Changes to be committed: modified: ../pkcs15init/pkcs15-lib.c Commit: e40bfcc734aa81d10d75887f19cb0133055a64f6 https://github.com/OpenSC/OpenSC/commit/e40bfcc734aa81d10d75887f19cb0133055a64f6 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/card.c Log Message: ----------- card.c when copying sc_ec_parameters get new key_type too On branch X25519-improvements-2 Changes to be committed: modified: card.c Commit: 78db2ff3888b0a172d1360f5f3187fa0611c0de8 https://github.com/OpenSC/OpenSC/commit/78db2ff3888b0a172d1360f5f3187fa0611c0de8 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/pkcs15init/pkcs15-openpgp.c Log Message: ----------- pkcs15init/pkcs15-openpgp.c - set key_info.algorithm so EDDSA and XEDDSA work On branch X25519-improvements-2 Changes to be committed: modified: src/pkcs15init/pkcs15-openpgp.c Commit: c5d6b55b61497845b0526a7132029a5667b388cd https://github.com/OpenSC/OpenSC/commit/c5d6b55b61497845b0526a7132029a5667b388cd Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/card-openpgp.c Log Message: ----------- card-openpgp.c - fix invalid read found by valgrind On branch X25519-improvements-2 Changes to be committed: modified: libopensc/card-openpgp.c Commit: a730f4ee0e89b100f172aed5a14460e2aaaf12dd https://github.com/OpenSC/OpenSC/commit/a730f4ee0e89b100f172aed5a14460e2aaaf12dd Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/pkcs15init/pkcs15-lib.c Log Message: ----------- pkcs15init/pkcs15-lib.c - fix double free Changes to be committed: modified: pkcs15init/pkcs15-lib.c Commit: 69466a21d651109b126c9d8116f965b9a778c6bc https://github.com/OpenSC/OpenSC/commit/69466a21d651109b126c9d8116f965b9a778c6bc Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/cardctl.h M src/libopensc/pkcs15-prkey.c M src/pkcs15init/pkcs15-lib.c M src/pkcs15init/pkcs15-openpgp.c Log Message: ----------- cardctl.h - add key_type as SC_ALGORITHM_* to sc_cardctl_openpgp_keygen_info keytype is used to map SC_ALGORITHM_* to/from SC_OPENPGP_KEYALGO_* On branch X25519-improvements-2 Changes to be committed: modified: libopensc/cardctl.h modified: libopensc/pkcs15-prkey.c modified: pkcs15init/pkcs15-lib.c modified: pkcs15init/pkcs15-openpgp.c Commit: 34c1489c8a6d0c4cf47b3b9f9bbd242d1c4b439a https://github.com/OpenSC/OpenSC/commit/34c1489c8a6d0c4cf47b3b9f9bbd242d1c4b439a Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/opensc.h Log Message: ----------- opensc.h - add sc_clear_ec_params sc_clear_ec_params used to free allocated menory and clear other data in struct sc_ec_parameters Commit: c2390afb0537bb77a14da29d76f9e73cb57adf16 https://github.com/OpenSC/OpenSC/commit/c2390afb0537bb77a14da29d76f9e73cb57adf16 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/tools/pkcs11-tool.c Log Message: ----------- pkcs11-tool.c - CKK_EC_EDWARDS and CKK_EC_MONTGOMERY improvements Add support write_object support for ED448 and X448 objects, but no cards current suported by OpenSC implement these. Fix bug with n_attrs in derive-ec-key. Allow read_object of an EC_POINT to be in either OCTET_STRING or BIT_STRING On branch X25519-improvements-2 Changes to be committed: modified: tools/pkcs11-tool.c Commit: 18144b5e517697b6244e055e1e0974d7115f15c7 https://github.com/OpenSC/OpenSC/commit/18144b5e517697b6244e055e1e0974d7115f15c7 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/tools/pkcs11-tool.c Log Message: ----------- pkcs11-tool.c - Accept EC_POINT as OCTET STRING or BIT STRING OpenSC has been using OCTET_STRING but PKCS11 says "DER-encoding of ANSI X9.62 ECPoint value Q" and ANSI X9.62 says the encoding is in a BIT_STRING just as in a SPKI, OpenSSL and isoApplet expects as well as every other document says. Changes to be committed: modified: tools/pkcs11-tool.c Commit: 5f3f393502c4dd411fa573119d8287bacc7288a3 https://github.com/OpenSC/OpenSC/commit/5f3f393502c4dd411fa573119d8287bacc7288a3 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/tools/pkcs11-tool.c Log Message: ----------- pkcs11-tool.c - Improved handling of versions or OpenSSL or no OpenSSL When compiled with different versions of OpenSSL, LibreSSL or no OpenSSL have different support for EVP_PKEY for different key types. evp_pkey2ck_key_type(EVP_PKEY *pkey, CK_KEY_TYPE *type, int *pk_type) takes a pkey and maps it to a PKCS11 CK_KEY_TYPE, in one place. It also returns the EVP_PKEY base id. PKCS11 treats Edwards and Montgomery keys as having 2 different EC curve names, where as OpenSSL gives every EC and Edwards and Montgomery keys their own NID. Thus the use of the CK_KEY_TYPE *type and pk_type (the NID) can be used to tell the difference. Addressed some comments in github. On branch X25519-improvements-2 Changes to be committed: modified: tools/pkcs11-tool.c Commit: c870275de73c4d094888d169cae14699c4a0bfa4 https://github.com/OpenSC/OpenSC/commit/c870275de73c4d094888d169cae14699c4a0bfa4 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/card.c Log Message: ----------- card.c - add sc_clear_ec_params expand sc_card_find_alg sc_clear_ec_params clears an struct sc_ec_parameters by freeing allocated memory. card_find_alg will first check if info->algroithm is one that uses sc_ec_parameters and then checks that the OIDs match. then check if keylength match. On branch X25519-improvements-2 Changes to be committed: modified: libopensc/card.c Commit: cba3204196029a2f1ca31b343ddb611f7bb5b359 https://github.com/OpenSC/OpenSC/commit/cba3204196029a2f1ca31b343ddb611f7bb5b359 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/pkcs15init/pkcs15-lib.c Log Message: ----------- pkcs15init/pkcs15-lib.c - Changes for sc_clear_ec_params Fix several problems with use of sc_ec_parameters On branch X25519-improvements-2 Changes to be committed: modified: pkcs15init/pkcs15-lib.c Commit: 2c76fb5b96a954fc14a6b900bfe09c126654166c https://github.com/OpenSC/OpenSC/commit/2c76fb5b96a954fc14a6b900bfe09c126654166c Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/card-openpgp.c M src/pkcs15init/pkcs15-openpgp.c Log Message: ----------- card-openpgp.c pkcs15init/pkcs15-openpgp.c - fixes Improvments and fixes for mem leaks and GUNK and mapping RFC8410 OIDs. When writing or generating a key add all known algs to card->algrorithms. Fix some BYTES4BITS bugs and formating. Add note about borblems trying to store RFC8410 type key. On branch X25519-improvements-2 Changes to be committed: modified: libopensc/card-openpgp.c modified: pkcs15init/pkcs15-openpgp.c Commit: ec2798551a5b4b8571b9f542bcf4fc34ccd0d28e https://github.com/OpenSC/OpenSC/commit/ec2798551a5b4b8571b9f542bcf4fc34ccd0d28e Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/libopensc.exports Log Message: ----------- libopensc.exports - export sc_clear_ec_params On branch X25519-improvements-2 Changes to be committed: modified: libopensc/libopensc.exports Commit: cffbc1291506acc2dedcef1d91f811d03caa1235 https://github.com/OpenSC/OpenSC/commit/cffbc1291506acc2dedcef1d91f811d03caa1235 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/pkcs11/framework-pkcs15.c Log Message: ----------- framework-pkcs15.c - added support for more 448 size keys Base OIDs for EDWARDS and MONTGOMERY keys on the size of ecpointQ bewween 32 for 25519 and 56 for 448 keys. On branch X25519-improvements-2 Changes to be committed: modified: pkcs11/framework-pkcs15.c Commit: c52e504dbed091c0b6506f8a73bdc10054146900 https://github.com/OpenSC/OpenSC/commit/c52e504dbed091c0b6506f8a73bdc10054146900 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: Log Message: ----------- pkcs15-isoApplet.c - use sc_clear_ec_params On branch X25519-improvements-2 Changes to be committed: modified: pkcs15init/pkcs15-isoApplet.c Revert "pkcs15-isoApplet.c - use sc_clear_ec_params" This reverts commit 29e337a51314d9026e09b42b6f3b1b9e97beef7c. Attempt to see if this is the problem. On branch X25519-improvements-2 Changes to be committed: modified: src/pkcs15init/pkcs15-isoApplet.c Commit: cb39ba0025107fc77284810818403ea3fa57ef85 https://github.com/OpenSC/OpenSC/commit/cb39ba0025107fc77284810818403ea3fa57ef85 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/pkcs15-algo.c M src/libopensc/pkcs15-prkey.c M src/libopensc/pkcs15-pubkey.c Log Message: ----------- pkcs15-algo.c, pkcs15-prkey.c and pkcs15-pubkey.c Various changes for RFC8410 curves On branch X25519-improvements-2 Changes to be committed: modified: libopensc/pkcs15-algo.c modified: libopensc/pkcs15-prkey.c modified: libopensc/pkcs15-pubkey.c Commit: a975c3b051b9ced5d5f370ad601fca9fdf2dd529 https://github.com/OpenSC/OpenSC/commit/a975c3b051b9ced5d5f370ad601fca9fdf2dd529 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/pkcs15-pubkey.c Log Message: ----------- pkcs15-pubkey.c - fix SPKI decoding of EDDSA and XEDDSA EDDSA and XEDDSA public keys have a OID but no params unlike EC that has EC OID and params have the OID of the curve. EDDSA has two sub curves 25519 and 448 as does XEDDSA. The OID in the pubkey is then mapped to a ec-curve by and sc_pkcs15_fix_ec_parameters get the size of the curve. On branch X25519-improvements-2 Changes to be committed: modified: libopensc/pkcs15-pubkey.c Commit: 8da7a56cafd4585ccc0c387b99cea6a5ec009c87 https://github.com/OpenSC/OpenSC/commit/8da7a56cafd4585ccc0c387b99cea6a5ec009c87 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/pkcs15-sec.c Log Message: ----------- pkcs15-sec.c - fix caculations of dignature size for EDDSA and XEDDSA On branch X25519-improvements-2 Changes to be committed: modified: libopensc/pkcs15-sec.c Commit: ec2c3bdbe12280ec4fcc47560acda3daeee7d171 https://github.com/OpenSC/OpenSC/commit/ec2c3bdbe12280ec4fcc47560acda3daeee7d171 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/card-piv.c M src/libopensc/pkcs15-piv.c M src/tools/piv-tool.c Log Message: ----------- card-piv.c,pkcs15-piv.c,piv-tool.c - Support for RSA 4096 and 25519 Yubikey with firmware >= 5.7 supports RSA 4096, and EDDSA and XEDDSA which is non standard PIV. WIP Only tested with 9A key and self signed certificate created by Yubic-piv-tool. Signature created with: ./pkcs11-tool -m EDDSA --login --sign --id 01 --input-file /tmp/data.txt --output-file /tmp/YK11-9A-signature.der and signature verified via openssl 3.3.1 ./openssl pkeyutl -verify -pubin -inkey /tmp/YK11-9A-pub.pem -rawin -in /tmp/data.txt -sigfile /tmp/YK11-9A-signature.der On branch X25519-improvements-2 Changes to be committed: modified: libopensc/card-piv.c modified: libopensc/pkcs15-piv.c modified: tools/piv-tool.c Commit: 91fa8b43b60605bebbaa5538d4d23c1af30bc52c https://github.com/OpenSC/OpenSC/commit/91fa8b43b60605bebbaa5538d4d23c1af30bc52c Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/pkcs15-pubkey.c Log Message: ----------- pkcs15-pubkey.c explain problem with EC pubkeys as OCTET STRING vs BIT STRING On branch X25519-improvements-2 Changes to be committed: modified: libopensc/pkcs15-pubkey.c Commit: f414eabffbdcccd308b035461b22caeea28e9326 https://github.com/OpenSC/OpenSC/commit/f414eabffbdcccd308b035461b22caeea28e9326 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/pkcs15-pubkey.c Log Message: ----------- pkcs15-pubkey.c - return EC_POINT as OCTET STRING by default Removes changes that would have returned EC_POINT as BIT_STRING OpenSC has should be using BIT_STRING, as per standards. See: https://github.com/OpenSC/OpenSC/issues/3000 Solutions include: * Define new PKCS11 vendor attribute to CKA_EC_POINT_OCTET_STRING for backwards compatability. but only good with OpenSC PKCA11 module. * Environment variable. * The use of the PKCS11 V3 defines CKA_PUBLIC_KEY_INFO (which is implemented in this PR) should be encouraged. * Some how in pkcs11-tool.c determine what module cand do. The only use of sc_pkcs15_encode_pubkey_eddsa is when creating a key So it defaults to returning a BIT STRING All the routines that accept as input an EC_POINT will accept it either OCTET_STRING or BIT_STRING. Note SPKI already uses BIT_STRING. Correct decoding of length of ec_pointQ Changes to be committed: modified: src/libopensc/pkcs15-pubkey.c Commit: 118a11eff1790e256c55d4bd94cefa5eca3d809a https://github.com/OpenSC/OpenSC/commit/118a11eff1790e256c55d4bd94cefa5eca3d809a Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/pkcs15init/pkcs15-lib.c Log Message: ----------- pkcs15init/pkcs15-lib.c - Fix memory leak On branch X25519-improvements-2 Changes to be committed: modified: pkcs15init/pkcs15-lib.c Commit: 1c48cd62a3c262178932860b021ccf5d5a0cfcdb https://github.com/OpenSC/OpenSC/commit/1c48cd62a3c262178932860b021ccf5d5a0cfcdb Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/tools/pkcs15-init.c Log Message: ----------- pkcs15-init.c - fix memory leak or RSA exponent On branch X25519-improvements-2 Changes to be committed: modified: src/tools/pkcs15-init.c Commit: 1e9f821b8d4b2526dff4f2b8828d5d23c63782b6 https://github.com/OpenSC/OpenSC/commit/1e9f821b8d4b2526dff4f2b8828d5d23c63782b6 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/card-openpgp.c M src/pkcs15init/pkcs15-openpgp.c Log Message: ----------- pkcs15-openpgp.c - clear pointers just in case Changes to be committed: modified: pkcs15init/pkcs15-openpgp.c Commit: d5edb9624090c83edaf4b3557aabd4215c3505f7 https://github.com/OpenSC/OpenSC/commit/d5edb9624090c83edaf4b3557aabd4215c3505f7 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/pkcs15init/pkcs15-lib.c Log Message: ----------- pkcs15-lib.c - various fixes Log how usage was determined. Use sc_copy_ec_params and sc_clear_ec_params Avoid memory leak, fix comments Changes to be committed: modified: pkcs15-lib.c Commit: a01821a8f1c6a831978e588a1cf2c42f56a20ac4 https://github.com/OpenSC/OpenSC/commit/a01821a8f1c6a831978e588a1cf2c42f56a20ac4 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/pkcs11/pkcs11-spy.c M tests/opensc.supp Log Message: ----------- opensc.supp and pkcs11-spy.c - Suppress memory leak error with github tests SPY does not cleanup the function lists, assuming the module will not be unloaded, but when valgrind is run from github actions, this will cause the tests to fail. The real solution could include some atexit routine to cleanup the finction lists. Changes to pkcs11-spy.c in this commit try to make sure if function lists are freed there is no double free. On branch X25519-improvements-2 Changes to be committed: modified: ../src/pkcs11/pkcs11-spy.c modified: opensc.supp Commit: 52065876e0e0ceb25756b697b764816affeefe1b https://github.com/OpenSC/OpenSC/commit/52065876e0e0ceb25756b697b764816affeefe1b Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/pkcs11/framework-pkcs15.c Log Message: ----------- framework-pkcs15.c - fix memory leak On branch X25519-improvements-2 Changes to be committed: modified: pkcs11/framework-pkcs15.c Commit: c43f01d6680dc790b3dd8557e64a80ca236026cd https://github.com/OpenSC/OpenSC/commit/c43f01d6680dc790b3dd8557e64a80ca236026cd Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/minidriver/minidriver.c M src/pkcs11/framework-pkcs15.c M src/tests/fuzzing/fuzz_pkcs15init.c Log Message: ----------- fuzz_pkcs15init.c, framework-pkcs15.c, minidriver.c - erase keygen_args The caller of sc_pkcs15init_generate_key needs to clear the keygen_args when done. pkcs15-tool.c already does. framework-pkcs15.c - test for 56 bytes for ED448 and X448 framework-pkcs15.c - verify ec parameters before key generation Verify the CKA_EC_PARAMS provided are supported by OpenSC and set the keygen_args.prkey_args.key.u.ec.params On branch X25519-improvements-2 Changes to be committed: modified: minidriver/minidriver.c modified: pkcs11/framework-pkcs15.c modified: tests/fuzzing/fuzz_pkcs15init.c Commit: 38e2f504f986badd69c02dbafa1ba659bc2038bb https://github.com/OpenSC/OpenSC/commit/38e2f504f986badd69c02dbafa1ba659bc2038bb Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/pkcs15init/pkcs15-openpgp.c Log Message: ----------- pkcs15init/pkcs15-openpgp.c - fix up problems reported in github On branch X25519-improvements-2 Changes to be committed: modified: pkcs15init/pkcs15-openpgp.c Commit: bce7f374d65a3314d4e4cdc83381b9cdc429f135 https://github.com/OpenSC/OpenSC/commit/bce7f374d65a3314d4e4cdc83381b9cdc429f135 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/card-openpgp.c Log Message: ----------- card-openpgp.c - copy ecpoint to new pubkey Fix copying of the ecpoint read from card after key gen to pubkey for EC, EDDSA and XEDDSA keys, based on ec parameters which include length need for EC ecpoint shich is diffrent then EDDSA and XEDDSA. And address comments made in github On branch X25519-improvements-2 Changes to be committed: modified: libopensc/card-openpgp.c Commit: 69d9fe80201e72b066c169ee2e8f79b41f9ca88f https://github.com/OpenSC/OpenSC/commit/69d9fe80201e72b066c169ee2e8f79b41f9ca88f Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/card-piv.c Log Message: ----------- card-piv.c - fixup based on comments On branch X25519-improvements-2 Changes to be committed: modified: libopensc/card-piv.c Commit: e02beb68805d4fae29debcd9da82ac9bb76fcc30 https://github.com/OpenSC/OpenSC/commit/e02beb68805d4fae29debcd9da82ac9bb76fcc30 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/pkcs15-pubkey.c Log Message: ----------- pkcs15-pubkey.c - improve sc_pkcs15_fix_ec_parameters The ec_curve_infos now store the curve OID as DER to simplify the code when caller provides the OID as DER or as printable string for experimental curves. On branch X25519-improvements-2 Changes to be committed: modified: libopensc/pkcs15-pubkey.c Commit: 41f8693dc33504fb4b71aa8762cf80baf429cb04 https://github.com/OpenSC/OpenSC/commit/41f8693dc33504fb4b71aa8762cf80baf429cb04 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/tools/pkcs11-tool.c Log Message: ----------- pkcs11-tool.c - combine Edwards and Montgomery parsing Pass RFC 8410 OIDS and work with whatever crypto lib defines. On branch X25519-improvements-2 Changes to be committed: modified: tools/pkcs11-tool.c Commit: 95422a0f9c04d046148fd95a8b22fd2e898581f6 https://github.com/OpenSC/OpenSC/commit/95422a0f9c04d046148fd95a8b22fd2e898581f6 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/tools/pkcs11-tool.c Log Message: ----------- pkcs11-tool.c - curve handling improvements The ec_curve_info entries now have static DER values for the ec_params. This improves the handling of the DER values, and the matching routines now return a pointer to a found entry. On branch X25519-improvements-2 Changes to be committed: modified: pkcs11-tool.c Commit: 175ac15c37817d0641ecd87066158365e49c6418 https://github.com/OpenSC/OpenSC/commit/175ac15c37817d0641ecd87066158365e49c6418 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M doc/tools/pkcs11-tool.1.xml M doc/tools/tools.html M src/tools/pkcs11-tool.c Log Message: ----------- pkcs11-tool.c - If module supports CKA_PUBLIC_KEY_INFO, use it The PKCS11 3.0 defines CKA_PUBLIC_KEY_INFO which is "Subject Public Key Info" as used in certiicates. If not suppoerted the older code, about 260 lines of code, will still be used. On branch X25519-improvements-2 Changes to be committed: modified: tools/pkcs11-tool.c Commit: 3a088dd212303a9cccabba584d15d19da4503bd3 https://github.com/OpenSC/OpenSC/commit/3a088dd212303a9cccabba584d15d19da4503bd3 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/pkcs15-pubkey.c Log Message: ----------- pkcs15-pubkey.c - Fix sc_pkcs15_encode_pubkey_as_spki for EDDSA and XEDDSA Edward and Montgomery curves do not take an algorithm parameter. On branch X25519-improvements-2 Changes to be committed: modified: libopensc/pkcs15-pubkey.c Commit: 0b82b761abd6a655df9f17eeb01c0d7330facc01 https://github.com/OpenSC/OpenSC/commit/0b82b761abd6a655df9f17eeb01c0d7330facc01 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/card-openpgp.c M src/libopensc/cardctl.h M src/pkcs15init/pkcs15-openpgp.c M src/tools/openpgp-tool.c Log Message: ----------- In OpenPGP code combine the keygen and keystore structures In PKCS11 writing key objects to a token two sepeate calls are made, one for the private key and one for the public key. The code in card-openpgp.c, pkcs15init/pkcs15-openpgp.c used two different code paths for generating a key vs storing a key. sc_cardctl_openpgp_keystore_info and sc_cardctl_openpgp_keygen_info were combined into struct sc_cardctl_openpgp_key_gen_store_info. Code was added to allow storing of the private key first followed by a second operation to store the public key. RSA does not have this problem because the modulus and exponent are part of the private key. But this in not the case with EC, Edwards or Montgomery keys. pkcs11-tool can now store EC, ED25519 and X25519 keys. On branch X25519-improvements-2 Changes to be committed: modified: libopensc/card-openpgp.c modified: libopensc/cardctl.h modified: pkcs15init/pkcs15-openpgp.c modified: tools/openpgp-tool.c Commit: dfab75cf749d931ff1a19c5d27a438da88e64d7b https://github.com/OpenSC/OpenSC/commit/dfab75cf749d931ff1a19c5d27a438da88e64d7b Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/tools/pkcs11-tool.c Log Message: ----------- pkcs11-tool.c - softhsm problem with CKM_RSA_PKCS_OAEP skip for now On branch X25519-improvements-2 Changes to be committed: modified: src/tools/pkcs11-tool.c Commit: 438ead232a2b856d343c5e89555d16a86aaa8953 https://github.com/OpenSC/OpenSC/commit/438ead232a2b856d343c5e89555d16a86aaa8953 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M tests/Makefile.am M tests/common.sh M tests/test-pkcs11-tool-sym-crypt-test.sh M tests/test-pkcs11-tool-test-threads.sh M tests/test-pkcs11-tool-test.sh M tests/test-pkcs11-tool-unwrap-wrap-test.sh Log Message: ----------- tests/Makefile.am and script so all can pass test/Makefile.am - remove the XFAILS_TESTS tests/common.sh - show version of softhsm2, and add sleep to avoid any problems with the softhsm2 programs. tests/test-pkcs11-tool-sym-crypt-test.sh and tests/test-pkcs11-tool-unwrap-wrap-test.sh - need out of source build changes tests/test-pkcs11-tool-test-threads.sh and tests/test-pkcs11-tool-test.sh - Use 'opensc-tool -a' to test for a reader with a card before trying some of thes tests. If not found skip these tests. Usefull when run from system with real toekns On branch X25519-improvements-2 On branch X25519-improvements-2 Changes to be committed: modified: Makefile.am modified: common.sh modified: test-pkcs11-tool-sym-crypt-test.sh modified: test-pkcs11-tool-test-threads.sh modified: test-pkcs11-tool-test.sh modified: test-pkcs11-tool-unwrap-wrap-test.sh Commit: d4e2023398b1254fc954c5bba21ac4893028a544 https://github.com/OpenSC/OpenSC/commit/d4e2023398b1254fc954c5bba21ac4893028a544 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M tests/Makefile.am M tests/test-pkcs11-tool-test.sh Log Message: ----------- test-pkcs11-tool-test.sh and tests/Makefile.am return 77 if opensc-tool can not be found. Only run test-pkcs11-tool-test.sh "if ENABLE_OPENSSL" On branch X25519-improvements-2 Changes to be committed: modified: Makefile.am modified: test-pkcs11-tool-test.sh Commit: afbcf77a4cc9cfb84cfb0c0f04e3c8c691df00de https://github.com/OpenSC/OpenSC/commit/afbcf77a4cc9cfb84cfb0c0f04e3c8c691df00de Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/tools/pkcs15-init.c Log Message: ----------- pkcs15-init.c - Improve parsing of keys that uses ecparms When generating or importing a key that uses ecparams, remove EdDSA, xeddsa and ECDH which are not complete. Instead support the names EC, Ed25519, Ed448, X25519, X448, edwards25519, curve25519 and cv25519. Commit: acb57007becb0e40869e020d9125fdc3bc1ba7a8 https://github.com/OpenSC/OpenSC/commit/acb57007becb0e40869e020d9125fdc3bc1ba7a8 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/pkcs15init/pkcs15-openpgp.c Log Message: ----------- pkcs15-openpgp.c - fixup spelling Commit: d070ecb4a129b2751d3d9b419e3b3e32ae2dedc7 https://github.com/OpenSC/OpenSC/commit/d070ecb4a129b2751d3d9b419e3b3e32ae2dedc7 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/tools/pkcs15-init.c Log Message: ----------- pkcs15-init.c - fixup spelling On branch X25519-improvements-2 Changes to be committed: modified: tools/pkcs15-init.c Commit: 5d1aaa14c72e92d9934bd3727502ff68ac9cfbbf https://github.com/OpenSC/OpenSC/commit/5d1aaa14c72e92d9934bd3727502ff68ac9cfbbf Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/tools/pkcs11-tool.c Log Message: ----------- pkcs11-tool.c - fixing CKM_HKDF_DERIVE and test for eckey As suggested in comments: https://github.com/OpenSC/OpenSC/pull/3090#discussion_r1822119938 reverted the test in derive_key so CKM_ECDH1_DERIVE works https://github.com/OpenSC/OpenSC/pull/3090#discussion_r1816358015 tests if eckey is not NULL and some other fixes. On branch X25519-improvements-2 Changes to be committed: modified: tools/pkcs11-tool.c Commit: eac85b20ba7bc4411787733228a1d948217d01c4 https://github.com/OpenSC/OpenSC/commit/eac85b20ba7bc4411787733228a1d948217d01c4 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/pkcs15-pubkey.c Log Message: ----------- pkcs15-pubkey.c CKA_EC_POINT ::= OCTET STRING Remove code that falsely retuned EC POINT as BIT STRING as based on https://github.com/OpenSC/OpenSC/issues/3000 which has been withdrawn. The code will still accept an EC_POINT as either OCTET STRING or BIT STRING. The EC POINT when returned in SPKI format still uses BIT STRING. On branch X25519-improvements-2 Changes to be committed: modified: pkcs15-pubkey.c Commit: 8364cd5b21b71a7a54639635cd6d50d2e7da17cd https://github.com/OpenSC/OpenSC/commit/8364cd5b21b71a7a54639635cd6d50d2e7da17cd Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/tools/pkcs11-tool.c Log Message: ----------- pkcs11-tool.c - rewrite of show key For EC, Edwards and Montgomery keys,'show_key' now uses 'getEC_POINT' and 'getEC_PARAMS' which return DER from the PKCS11 module. The DER of each is printed in hex. 'match_ec_curve_by_params' is used to look up the curve in 'ec_curve_info' to print the common name, printable OID and key bits. if curve is not known to pkcs11,tool, but supported by the pkcs11 module, the OID parsed using SC routines and printed. in the case EC_PARAMS returns a PRINTABLE string it will attemp to print it as well. (This could be removed.) See: https://github.com/OpenSC/OpenSC/pull/3090#discussion_r1816395476 Please enter the commit message for your changes. Lines starting On branch X25519-improvements-2 Changes to be committed: modified: pkcs11-tool.c Commit: a549939610a14bd6893ff7d94d8dc131af9088bb https://github.com/OpenSC/OpenSC/commit/a549939610a14bd6893ff7d94d8dc131af9088bb Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/tools/pkcs11-tool.c Log Message: ----------- pkcs11-tool.c - bypass failure of CKM_RSA_PKCS_OAEP with pSourceData SoftHSM2 has problem with CKM_RSA_PKCS_OAEP with pSourceData. It ignores the pSourceData, which then leads to a bad decrypt. As a temporary fix so the CI test can run, the "--test" routines will skip CKM_RSA_PKCS_OAEP with pSourceData. SoftHSM2 only supports --hash-algorithm SHA-1 and --mgf MGF1-SHA1 but pkcs11-tool defaults to SHA256. On branch X25519-improvements-2 Changes to be committed: modified: pkcs11-tool.c Changes to be committed: modified: src/tools/pkcs11-tool.c Commit: 45508b561d53a3c265fbbe25603bec230aa5a31b https://github.com/OpenSC/OpenSC/commit/45508b561d53a3c265fbbe25603bec230aa5a31b Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M tests/common.sh Log Message: ----------- tests/common.sh - track down what versions of softhsm are used in CI On branch X25519-improvements-2 Changes to be committed: modified: common.sh Commit: 1dba86ea15fa3652853106c35eb15a7fb6a05e94 https://github.com/OpenSC/OpenSC/commit/1dba86ea15fa3652853106c35eb15a7fb6a05e94 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M tests/test-pkcs11-tool-test.sh Log Message: ----------- test-pkcs11-tool-test.sh - SoftHSM and CKM_RSA_PKCS_OAEP Also see pkcs11-tool SoftHSM only supports CKM_RSA_PKCS_OAEP with --hash-algorithm SHA-1 and --mgf MGF1-SHA1 On branch X25519-improvements-2 Changes to be committed: modified: ../../tests/test-pkcs11-tool-test.sh Commit: dea1fc1c380b1e67c07fab5895bea7378eaed107 https://github.com/OpenSC/OpenSC/commit/dea1fc1c380b1e67c07fab5895bea7378eaed107 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/pkcs11/pkcs11-opensc.h Log Message: ----------- pkcs11-opensc.h - Define CKK_OPENSC_UNDEFINED For internal OpenSc and PKCS11-tool.c On branch X25519-improvements-2 Changes to be committed: modified: pkcs11/pkcs11-opensc.h Commit: c5e4aa7c087250086c3e949fbbfed9671ef461dc https://github.com/OpenSC/OpenSC/commit/c5e4aa7c087250086c3e949fbbfed9671ef461dc Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/tools/pkcs11-tool.c Log Message: ----------- pkcs11-tool.c - Fix problem with writing public key object to token On branch X25519-improvements-2 Changes to be committed: modified: tools/pkcs11-tool.c Commit: a1b24985dc977aee2ba96a4626fc6596d2f43333 https://github.com/OpenSC/OpenSC/commit/a1b24985dc977aee2ba96a4626fc6596d2f43333 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M tests/test-pkcs11-tool-import.sh Log Message: ----------- test-pkcs11-tool-import.sh - Comment on adding Ed25519 test 'openssl genpkey' prior to 3.2 does not have '-outpubkey' and '-algorithm Ed25519' will only write the private key to '-out' The privete key does not contain the EC_POINT public key. With RSA the 'n' and 'e' are part of th private key and with EC both the private key and public key are written to the same file. in all cases the public key is in SPKI format. Commit: 39c54569d22bd772bb7aa05853aec20536b3c31b https://github.com/OpenSC/OpenSC/commit/39c54569d22bd772bb7aa05853aec20536b3c31b Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/tools/pkcs15-init.c Log Message: ----------- pkcs15-init.c - set default RSA key size to 3072 As recommented in comment: https://github.com/OpenSC/OpenSC/pull/3090#discussion_r1816249166 On branch X25519-improvements-2 Changes to be committed: modified: pkcs15-init.c Commit: bbb36f69db169662e1f830d1e41e681c7d181441 https://github.com/OpenSC/OpenSC/commit/bbb36f69db169662e1f830d1e41e681c7d181441 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/card-openpgp.c Log Message: ----------- card-openpgp.c - add test for possible internal error See: https://github.com/OpenSC/OpenSC/pull/3090#discussion_r1749997143 On branch X25519-improvements-2 Changes to be committed: modified: card-openpgp.c Commit: b6c1641126140d0dd99b43ae5f0bbdc0b40fbc04 https://github.com/OpenSC/OpenSC/commit/b6c1641126140d0dd99b43ae5f0bbdc0b40fbc04 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/pkcs15init/pkcs15-openpgp.c Log Message: ----------- pkcs15init/pkcs15-openpgp.c - cleanup copied ecpointQ 'sc_cardctl_openpgp_key_gen_store_info_t' passes some pointers to to data in other structures but only does malloc for ecpointQ. See: https://github.com/OpenSC/OpenSC/pull/3090#discussion_r1816687658 On branch X25519-improvements-2 Changes to be committed: modified: pkcs15-openpgp.c Commit: 752495e0ee7a97eb52457277098a43f8abcea75b https://github.com/OpenSC/OpenSC/commit/752495e0ee7a97eb52457277098a43f8abcea75b Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/card-openpgp.c Log Message: ----------- card-openpgp.c - remove leftover comments As suggested: https://github.com/OpenSC/OpenSC/pull/3090#discussion_r1816750718 On branch X25519-improvements-2 Changes to be committed: modified: src/libopensc/card-openpgp.c Commit: 12e8f24d633a0f0286ac270a12f6cd2c5c2cee1f https://github.com/OpenSC/OpenSC/commit/12e8f24d633a0f0286ac270a12f6cd2c5c2cee1f Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/card-openpgp.c Log Message: ----------- card-openpgp.c - codding style On branch X25519-improvements-2 Changes to be committed: modified: src/libopensc/card-openpgp.c Commit: 00dc57f1fd641bbb9ae1ecf40ca358773afe1f47 https://github.com/OpenSC/OpenSC/commit/00dc57f1fd641bbb9ae1ecf40ca358773afe1f47 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/cardctl.h Log Message: ----------- src/libopensc/cardctl.h - coding style On branch X25519-improvements-2 Changes to be committed: modified: src/libopensc/cardctl.h Commit: 9c71256459f930186e028796f1a2c1cafede0cd1 https://github.com/OpenSC/OpenSC/commit/9c71256459f930186e028796f1a2c1cafede0cd1 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/pkcs15init/pkcs15-openpgp.c Log Message: ----------- pkcs15-openpgp.c - coding style On branch X25519-improvements-2 Changes to be committed: modified: src/pkcs15init/pkcs15-openpgp.c Commit: 00bf6c94b8aeb31743618d83281b2f909952d945 https://github.com/OpenSC/OpenSC/commit/00bf6c94b8aeb31743618d83281b2f909952d945 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/tools/pkcs15-init.c Log Message: ----------- pkcs15-init.c - coding style On branch X25519-improvements-2 Changes to be committed: modified: src/tools/pkcs15-init.c Commit: 38b433fd2ea6fd07c2cfe51c598e97d972e37c00 https://github.com/OpenSC/OpenSC/commit/38b433fd2ea6fd07c2cfe51c598e97d972e37c00 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M tests/common.sh Log Message: ----------- tests/common.h - fixup remove debugging as suggested in PR comments On branch X25519-improvements-2 Changes to be committed: modified: common.sh Commit: efffe991db0ad35498f2332a10243eb0529e8be9 https://github.com/OpenSC/OpenSC/commit/efffe991db0ad35498f2332a10243eb0529e8be9 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/card-openpgp.c Log Message: ----------- card-openpgp.c - moved malloc inside switch As suggested in PR comments, moved malloc ad test for NULL just before the memcpy Commit: 65eb6358569eacf93149d276b3050e224d4fd730 https://github.com/OpenSC/OpenSC/commit/65eb6358569eacf93149d276b3050e224d4fd730 Author: Doug Engert <dee...@gm...> Date: 2025-01-25 (Sat, 25 Jan 2025) Changed paths: M src/libopensc/card-piv.c Log Message: ----------- card-piv.c - BYTES4BITS and format cha... [truncated message content] |
