Re: [Opensc-commits] [OpenSC/OpenSC] 4604da: sc-hsm: Fixed memory checking and removed warning

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Re: [Opensc-commits] [OpenSC/OpenSC] 4604da: sc-hsm: Fixed memory checking and removed warning

Douglas E. Engert
After long discussions with Andreas of Card Contact and sending him a set of additional changes,
I committed #197. This allows for a public key to be stored on a PKCS15 card as a SPKI.
(The SPKI includes the algorithm and any algorithm parameters. The basic pubkey is stored
in a bitstring.)

According to PKCS#15, any type of public key can be stores as SPKI.

The original #197 added SPKI support only for ECC keys. The additions changes allowed
for any type of key to be stored as an SPKI.

GOST use of this feature still needs to be tested.

The MyEID people have been unresponsive to requests to look at this code for their
ECC card.


For ECC:
   The ecpointQ is stored in the sc_pkcs15_pubkey as the raw ecpoint.

   sc_pkcs15_encode_pubkey returns the ASN1 DER encoding of the ecpointQ.

For all keys:
   sc_pkcs15_encode_pubkey does what it used to do.

   To get the SPKI use sc_pkcs15_encode_pubkey_as_spki

   sc_pkcs15_decode_pubkey will now check if the input ASN1 is a sequence
   and attempt to decode it as a SPKI.
   If its not a SPKI, it will decode it as it did before.

The code in pkcs15-tool --read-public-key  will now print the key in two versions,
the only code that was in pkcs15-tool and the new routine in the library,
sc_pkcs15_encode_pubkey_as_spki. A pull request will be submitted
soon to only use the sc_pkcs15_encode_pubkey_as_spki.



On 12/9/2013 3:15 PM, GitHub wrote:

>    Branch: refs/heads/master
>    Home:   https://github.com/OpenSC/OpenSC
>    Commit: 4604dac3a7aeb7f85b81c6b14cef8daf4e9af714
>        https://github.com/OpenSC/OpenSC/commit/4604dac3a7aeb7f85b81c6b14cef8daf4e9af714
>    Author: Andreas Schwier <[hidden email]>
>    Date:   2013-11-15 (Fri, 15 Nov 2013)
>
>    Changed paths:
>      M src/libopensc/card-sc-hsm.c
>
>    Log Message:
>    -----------
>    sc-hsm: Fixed memory checking and removed warning
>
>
>    Commit: 633c98e9ee39b61494ad04f28f14c8ef5e687095
>        https://github.com/OpenSC/OpenSC/commit/633c98e9ee39b61494ad04f28f14c8ef5e687095
>    Author: Andreas Schwier <[hidden email]>
>    Date:   2013-11-15 (Fri, 15 Nov 2013)
>
>    Changed paths:
>      M src/pkcs15init/pkcs15-sc-hsm.c
>
>    Log Message:
>    -----------
>    sc-hsm: Removed compiler warning
>
>
>    Commit: 3a6e7ba95934116c681dd2c41b6ed90e3b64980e
>        https://github.com/OpenSC/OpenSC/commit/3a6e7ba95934116c681dd2c41b6ed90e3b64980e
>    Author: Andreas Schwier <[hidden email]>
>    Date:   2013-11-15 (Fri, 15 Nov 2013)
>
>    Changed paths:
>      M src/libopensc/pkcs15-algo.c
>      M src/libopensc/pkcs15-pubkey.c
>      M src/libopensc/pkcs15.h
>      M src/pkcs15init/pkcs15-lib.c
>      M src/pkcs15init/pkcs15-sc-hsm.c
>
>    Log Message:
>    -----------
>    pkcs15: Changed encoding for EC public keys in PuKDF to SPKI rather than ECPoint, preserving domain parameter
>
>
>    Commit: 09e5a9fa7f09e3cbab72189b8f2eedaaacc24d01
>        https://github.com/OpenSC/OpenSC/commit/09e5a9fa7f09e3cbab72189b8f2eedaaacc24d01
>    Author: Andreas Schwier <[hidden email]>
>    Date:   2013-12-05 (Thu, 05 Dec 2013)
>
>    Changed paths:
>      M src/libopensc/pkcs15-pubkey.c
>
>    Log Message:
>    -----------
>    pkcs11: Fixed typo
>
>
>    Commit: d4be8ec747ae2f665f1b95e13f1210ed10fcaf12
>        https://github.com/OpenSC/OpenSC/commit/d4be8ec747ae2f665f1b95e13f1210ed10fcaf12
>    Author: Andreas Schwier <[hidden email]>
>    Date:   2013-12-06 (Fri, 06 Dec 2013)
>
>    Changed paths:
>      M src/libopensc/libopensc.exports
>      M src/libopensc/pkcs15-piv.c
>      M src/libopensc/pkcs15-pubkey.c
>      M src/libopensc/pkcs15.h
>      M src/pkcs15init/pkcs15-lib.c
>      M src/pkcs15init/pkcs15-sc-hsm.c
>      M src/tools/pkcs15-tool.c
>
>    Log Message:
>    -----------
>    sc_pkcs15_encode_pubkey_as_spki replaces sc_pkcs15_encode_pubkey_with_param.
> The name implies what the format of the returned value, a SPKI.
>
> The support for spki as a pkcs15 format of a pubkey, is extended to
> work for any algorithm not just EC pubkeys. PKCS#15 appears to allow this.
>
> sc_pkcs15_decode_pubkey_with_param will look for a SPKI
> and attempt to use it for any algorithm, including RSA.
> (RSA is the null case, as there are no algorithm parameters.)
>
> sc_pkcs15_encode_pubkey_as_spki is exported from libopensc.
>
> pkcs15-piv.c will use sc_pkcs15_encode_pubkey_as_spki to load public keys
> as SPKI for RSA and EC.
>
> The pubkey->data is never a SPKI, it is the DER encoding of the
> pubkey without the parameters.  If an spki is needed, use the
> sc_pkcs15_encode_pubkey_as_spki to get the DER encoding of the spki.
>
> As in the previous set of patches, pkcs15-tool.c will output both
> sc_pkcs15_decode_pubkey_with_param and its internal.
> This was left for testing, and the pubkey_pem_encode should be deleted
>
>
>    Commit: dff25190d28931bfa15499b9d0e91fd7ec15a5d1
>        https://github.com/OpenSC/OpenSC/commit/dff25190d28931bfa15499b9d0e91fd7ec15a5d1
>    Author: Doug Engert <[hidden email]>
>    Date:   2013-12-09 (Mon, 09 Dec 2013)
>
>    Changed paths:
>      M src/libopensc/card-sc-hsm.c
>      M src/libopensc/libopensc.exports
>      M src/libopensc/pkcs15-algo.c
>      M src/libopensc/pkcs15-piv.c
>      M src/libopensc/pkcs15-pubkey.c
>      M src/libopensc/pkcs15.h
>      M src/pkcs15init/pkcs15-lib.c
>      M src/pkcs15init/pkcs15-sc-hsm.c
>      M src/tools/pkcs15-tool.c
>
>    Log Message:
>    -----------
>    Merge pull request #197 from CardContact/master
>
> Changing EC Public Key format in PuKDF from raw to spki
>
>
> Compare: https://github.com/OpenSC/OpenSC/compare/1acb4adc3e49...dff25190d289
>
>
>
> ------------------------------------------------------------------------------
> Sponsored by Intel(R) XDK
> Develop, test and display web and hybrid apps with a single code base.
> Download it for free now!
> http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk
>
>
>
> _______________________________________________
> Opensc-commits mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-commits
>

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

------------------------------------------------------------------------------
Sponsored by Intel(R) XDK
Develop, test and display web and hybrid apps with a single code base.
Download it for free now!
http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel