Merge several enhancements (ECC, SHA-2, naming the token by CN) #28
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original patch by Uri Blumenthal (Mouse) <[email protected]>
Original patch by Uri Blumenthal (Mouse) <[email protected]>
Making sure ECDSA works. (ECDH still seems to have problems, possibly because of applications.)
# The first commit's message is: Making sure RSA S/MIME fully works. Making sure ECDSA works. (ECDH still seems to have problems, possibly because of applications.) # This is the 2nd commit message: Merging OpenSC#19 from frankmorgner/OpenSC.tokend # This is the 3rd commit message: Use dedicated Xcode variable for deploy target Signed-off-by: Raul Metsma <[email protected]>
: Making sure RSA S/MIME fully works. Making sure ECDSA works. (ECDH still seems to have problems, possibly because of applications.) Merging OpenSC#19 from frankmorgner/OpenSC.tokend Use dedicated Xcode variable for deploy target Signed-off-by: Raul Metsma <[email protected]> Detect the situation where the user has not entered a PIN at all -and- we have a reader with its own PIN pad connected (e.g. a SPR532, ParityMedical, eH880, etc). In that case; defer entry to the reader. We do not, however, prevent the user from entering the PIN on the normal keyboard. As we're 'too late' already. If the user has already done that; we simply pass on the entered value.
Added ECDH support by adding call to sc_pkcs15_derive(). Testing it.
# The first commit's message is: # This is a combination of 3 commits. # The first commit's message is: Making sure RSA S/MIME fully works. Making sure ECDSA works. (ECDH still seems to have problems, possibly because of applications.) # This is the 2nd commit message: Merging OpenSC#19 from frankmorgner/OpenSC.tokend # This is the 3rd commit message: Use dedicated Xcode variable for deploy target Signed-off-by: Raul Metsma <[email protected]> # This is the 2nd commit message: Merging OpenSC#19 from frankmorgner/OpenSC.tokend # This is the 3rd commit message: Use dedicated Xcode variable for deploy target Signed-off-by: Raul Metsma <[email protected]>
mit message: Merging OpenSC#19 from frankmorgner/OpenSC.tokend Use dedicated Xcode variable for deploy target Signed-off-by: Raul Metsma <[email protected]> Merging OpenSC#19 from frankmorgner/OpenSC.tokend Use dedicated Xcode variable for deploy target Signed-off-by: Raul Metsma <[email protected]> Detect the situation where the user has not entered a PIN at all -and- we have a reader with its own PIN pad connected (e.g. a SPR532, ParityMedical, eH880, etc). In that case; defer entry to the reader. We do not, however, prevent the user from entering the PIN on the normal keyboard. As we're 'too late' already. If the user has already done that; we simply pass on the entered value.
clang: warning: optimization flag '-finline-functions' is not supported clang: warning: argument unused during compilation: '-finline-functions'
Install to /Library/Security/tokend instead /System/Library/Security/tokend http://forums.macrumors.com/threads/os-x-10-11-all-the-little-things.1890519/ /System folder is readonly Signed-off-by: Raul Metsma <[email protected]>
fixes hard coded the SDK. Xcode now simply uses the newest sdk available
Fixes OpenSC/OpenSC#570 an at least 7 year old bug...
Original patch by Uri Blumenthal (Mouse) <[email protected]>
Original patch by Uri Blumenthal (Mouse) <[email protected]>
Added ECDH support by adding call to sc_pkcs15_derive(). Testing it.
# The first commit's message is: Got RSA signature and encryption/decryption working correctly. Finally!! # This is the 2nd commit message: # This is a combination of 3 commits. # The first commit's message is: # This is a combination of 3 commits. # The first commit's message is: Making sure RSA S/MIME fully works. Making sure ECDSA works. (ECDH still seems to have problems, possibly because of applications.) # This is the 2nd commit message: Merging OpenSC#19 from frankmorgner/OpenSC.tokend # This is the 3rd commit message: Use dedicated Xcode variable for deploy target Signed-off-by: Raul Metsma <[email protected]> # This is the 2nd commit message: Merging OpenSC#19 from frankmorgner/OpenSC.tokend # This is the 3rd commit message: Use dedicated Xcode variable for deploy target Signed-off-by: Raul Metsma <[email protected]>
Finally!! Making sure RSA S/MIME fully works. Making sure ECDSA works. (ECDH still seems to have problems, possibly because of applications.) Merging OpenSC#19 from frankmorgner/OpenSC.tokend Use dedicated Xcode variable for deploy target Signed-off-by: Raul Metsma <[email protected]> Making sure RSA S/MIME fully works. Making sure ECDSA works. (ECDH still seems to have problems, possibly because of applications.) Merging OpenSC#19 from frankmorgner/OpenSC.tokend Use dedicated Xcode variable for deploy target Signed-off-by: Raul Metsma <[email protected]> Detect the situation where the user has not entered a PIN at all -and- we have a reader with its own PIN pad connected (e.g. a SPR532, ParityMedical, eH880, etc). In that case; defer entry to the reader. We do not, however, prevent the user from entering the PIN on the normal keyboard. As we're 'too late' already. If the user has already done that; we simply pass on the entered value.
Excellent, thank you!
If you will add the token name capability to the PIV part of OpenSC, it is fine with me. Once it is there, I might remove it from my fork. But until that (token name in PIV/OpenSC) is fully functional and tested, I am not going to touch it in tokend. I offered you working code (that does what the main trunk does not). Feel free to do with it what you see fit. |
needs improvement. It cannot work as-is, so it shouldn't be compiled into working code now.
This reverts commit 6fd090f.
|
@martinpaljak did you have any time for compiling the PR? |
…"pin logged out", as "blocked" has a specific meaning in this context (requires SO pin to unblock, which is not the case here).
referenced by env variables
…rankmonger in the upstream
Merged
metsma
reviewed
Sep 15, 2017
| value = pubkey->modulus_length; /* RSA modulus length in bits */ | ||
| // FIXME - need to address DSA keys too | ||
| } | ||
| else if(keyObj->type & SC_PKCS15_TYPE_PUBKEY) { |
There was a problem hiding this comment.
Duplicate else if, see line 81 keyObj->type & SC_PKCS15_TYPE_PUBKEY)
| } | ||
|
|
||
| // from PUBKEY I can learn whether it is ECC or RSA. | ||
| r = sc_pkcs15_get_objects(mScP15Card, SC_PKCS15_TYPE_PUBKEY, objs, 32); |
There was a problem hiding this comment.
Use SC_PKCS15_TYPE_PRKEY, some tokens do not have PKCS11 public key object
and then compare
if (objs[0]->type == SC_PKCS15_TYPE_PRKEY_EC)
metsma
reviewed
Sep 15, 2017
| sc_debug(mToken.mScCtx, SC_LOG_DEBUG_NORMAL, " Using SHA1, length is 20\n"); | ||
| sc_debug(mToken.mScCtx, SC_LOG_DEBUG_NORMAL, " Using SHA1, length is 20 bytes\n"); | ||
| } | ||
| else if (signOnly == CSSM_ALGID_SHA256) { |
There was a problem hiding this comment.
Duplicate CSSM_ALGID_SHA256 line 122
Maybe switch statement is more readable?
(Next update proably will enable Code signing using "Mac Developer" cert)
…logged off when needed
…king Keychain Access
breaks Keychain Access
makes the token unusable until remove/re-insert
…rt from OpenSSL - only libcrypto.a
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds multiple enhancements and bug fixes, such as:
This PR tracks the current OpenSC master with the changes made in June and July 2016 (0.16.0 release, and drivers enhancements)