Regards,
--
Jakub Jelen
Crypto Team, Security Engineering
Red Hat, Inc.
/
https://gitlab.freedesktop.org/spice/libcacard/-/releases
It is signed with Viktor Toso's GPG key:
206D 3B35 2F56 6F3B 0E65 72E9 97D9 123D E37A 484F
Regards,
Jakub Jelen
___
Spice-devel mailing list
Spice-devel@lists.freedesktop.org
used as part of the
detection process in Windows.
This release can be found at the following locations:
https://www.spice-space.org/download/libcacard/
https://gitlab.freedesktop.org/spice/libcacard/-/releases
It is signed with my GPG key:
F7DC 50A5 7DFD 52B9 4253 295E F649 07AC 15B5 C33D
Jakub
On Wed, 2018-08-22 at 17:53 +0200, Christophe Fergeau wrote:
> Hey,
>
> On Tue, Aug 21, 2018 at 06:52:28PM +0200, Jakub Jelen wrote:
> > [...]
> >
> > I tried to improve this part a bit with comments and local
> > variable,
> > but if the above help
On Wed, 2018-08-22 at 11:47 +0200, Christophe Fergeau wrote:
> On Wed, Aug 22, 2018 at 11:46:59AM +0200, Christophe Fergeau wrote:
> > Hey,
> >
> > On Tue, Aug 21, 2018 at 05:30:50PM +0200, Jakub Jelen wrote:
> > > On Tue, 2018-08-21 at 17:03 +0200, Christophe F
rv = gp_card_init(vreader, vcard, params,
> - cert, cert_len, key, cert_count);
> - return rv;
> +rv = gp_card_init(vreader, vcard);
> +return rv;
> /* add new ones here */
> case VCARD_EMUL_PASSTHRU:
> default:
On Tue, 2018-08-21 at 17:35 +0200, Christophe Fergeau wrote:
> Hey,
>
> On Thu, Aug 02, 2018 at 11:43:58AM +0200, Jakub Jelen wrote:
> > diff --git a/tests/hwtests.c b/tests/hwtests.c
> > index 7beebac..bd8e439 100644
> > --- a/tests/hwtests.c
> > +++ b/test
On Tue, 2018-08-21 at 17:03 +0200, Christophe Fergeau wrote:
> hex_dump() callers can theoretically provide the destination buffer
> for the hexdump'ed string, but nothing in libcacard uses that
> feature.
> This commit removes it.
The initial idea was to create some g_debug_hex function that coul
found = 1;
>
> - free(result.data);
> +PORT_Free(result.data);
> result.data = NULL;
>
> if (found) {
Otherwise, it looks good.
Thanks,
--
Jakub Jelen
Software Engineer
Security Technologies
Red Hat, Inc.
___
Spice-devel mailing list
Spice-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/spice-devel
am out Byte array to write into
> * @param outlenThe length of output array
> * @param ptr The end of TLV record
> + * @return The length of the encoded data, -1 on errors
> */
> int
> simpletlv_e
t; result_len = simpletlv_encode_val(nested, 1, &result, 0,
> > NULL);
> > -g_assert_cmpint(result_len, ==, -1);
> > +g_assert_cmpint((int)result_len, ==, -1);
> > }
> >
> > static void test_encode_skipped(void)
> > --
> > 2.17.1
On Mon, 2018-08-13 at 11:08 +0200, Christophe Fergeau wrote:
> This allows to get rid of manual reallocations.
Thank you. This looks more elegant way. Assuming it still works and
passes the CI, it looks good to me.
Acked-by: Jakub Jelen
> Signed-off-by: Christophe Fergeau
> -
Thank you for reviewing the changes, fixing typos and cleaning things.
All your changes from this patch set look good to me.
Acked-by: Jakub Jelen
On Fri, 2018-08-10 at 10:04 +0200, Christophe Fergeau wrote:
> Signed-off-by: Christophe Fergeau
> ---
> src/cac.c | 4 ++--
> 1 fil
On Wed, 2018-08-08 at 14:08 -0400, Jason Andryuk wrote:
> On Wed, Aug 8, 2018 at 11:33 AM Jakub Jelen
> wrote:
> >
> > On Wed, 2018-08-08 at 16:51 +0200, Marc-André Lureau wrote:
> > > Hi
> > >
> > > On Tue, Jul 24, 2018 at 8:34 PM, Jason An
alue here.
From what I see, all the paths here return either VCARD_DONE. Can you
advice during which operation did you encounter this error?
Regards,
--
Jakub Jelen
Software Engineer
Security Technologies
Red Hat, Inc.
___
Spice-devel mailing list
o not install vscclient
> tests: fix size_t printf format error
> NEWS: prepare for v2.6.0 release
>
> Makefile.am | 2 +-
> NEWS | 13 +
> tests/common.c| 6 +++---
> tests/libcacard.c | 2 +-
> 4 files changed, 18 insertions(+), 5 de
On Mon, 2018-08-06 at 13:08 +0200, Marc-André Lureau wrote:
> Hi
>
> On Mon, Aug 6, 2018 at 12:53 PM, Jakub Jelen
> wrote:
> > On Fri, 2018-08-03 at 12:40 +0200, marcandre.lur...@redhat.com
> > wrote:
> > > From: Marc-André Lureau
> > >
> > >
;
> +args = strip(args+9);
Is this strip really needed? After the else, we are skipping any non-
blank characters so this is practically noop.
> } else {
> -opts->use_hw = PR_TRUE;
> +opts->use_hw = USE_HW_YES;
> }
> args = find_blank(args);
> /* hw_type= */
Otherwise it looks fine.
Thanks,
--
Jakub Jelen
Software Engineer
Security Technologies
Red Hat, Inc.
___
Spice-devel mailing list
Spice-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/spice-devel
sts
against a real card so I would like to see a new target check-local or
hwcheck to skip the softhsm part and use some local NSS DB with real
PKCS#11 module, but that can come in separate commit later.
Regards,
--
Jakub Jelen
Software Engineer
Security Technologies
Red Hat, Inc.
___
On Thu, 2018-08-02 at 16:39 +0200, Marc-André Lureau wrote:
> Hi
>
> On Thu, Aug 2, 2018 at 11:43 AM, Jakub Jelen
> wrote:
> > This is second version of unmerged changes from the patch set I
> > sent
> > earlier this week:
> >
> >
https://lists.free
Hello,
On Thu, 2018-08-02 at 15:39 +0200, Marc-André Lureau wrote:
> Hi
>
> On Thu, Aug 2, 2018 at 11:43 AM, Jakub Jelen
> wrote:
> > * This function is used to read generic data objects presented by
> >the underlying card, if available. It can provide some
>
standard GET ACR parameters, but if
P1 | 0x40 is set, the response should come in this new format.
* This affects also GET PROPERTIES APDU, where we get also other bunch of
TLVs in case of this bit is set.
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
src/cac-aca.c | 293
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
.gitlab-ci.yml | 53 ++
1 file changed, 53 insertions(+)
create mode 100644 .gitlab-ci.yml
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 000..7eb7a22
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
README.md | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/README.md b/README.md
index c7053e3..86dda38 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-# libcacard ![alt text][travis]
+# libcacard ![alt text
queries
* invalid GET ACR APDU queries
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
tests/common.c| 105 ++-
tests/common.h| 5 +-
tests/hwtests.c | 20 ++-
tests/libcacard.c | 442 +-
4 files changed, 565 insertions
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
tests/common.c| 20 +---
tests/common.h| 2 ++
tests/libcacard.c | 35 +++
3 files changed, 54 insertions(+), 3 deletions(-)
diff --git a/tests/common.c b/tests/common.c
index
* This is useful for CI or manual running of the tests without a need
of a physical CAC card.
* The script goes through the whole setting of environment, soft token,
generating testing keys, certificates and running the test suite.
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
README.md | 16
1 file changed, 16 insertions(+)
diff --git a/README.md b/README.md
index 6edef77..c7053e3 100644
--- a/README.md
+++ b/README.md
@@ -15,6 +15,22 @@ For more information and API documentation, read the
* The ATR code paths are not covered
* The card resets code paths are not covered
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
tests/libcacard.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tests/libcacard.c b/tests/libcacard.c
index 6bb3be7..18b84e5 100644
--- a/tests
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
tests/common.c| 20
tests/hwtests.c | 44 +---
tests/libcacard.c | 3 +--
3 files changed, 26 insertions(+), 41 deletions(-)
diff --git a/tests/common.c b/tests
* This includes also the key bits discovery in test suite.
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
tests/common.c | 6
tests/common.h | 2 ++
tests/hwtests.c | 80 +
3 files changed, 88 insertions(+)
diff --git a
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
src/cac.c | 315 ++
1 file changed, 315 insertions(+)
diff --git a/src/cac.c b/src/cac.c
index 2f871e2..cc07923 100644
--- a/src/cac.c
+++ b/src/cac.c
@@ -774,6 +774,321 @@ failure
* The function parses SimpleTLV string to internal structures,
that can be handled with more ease in the code.
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
src/simpletlv.c | 52 ++
src/simpletlv.h | 13
tests/simpletlv.c | 80
* This is not documented in specification so this is an attempt to
mimic real cards.
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
src/cac-aca.c | 24 +---
1 file changed, 13 insertions(+), 11 deletions(-)
diff --git a/src/cac-aca.c b/src/cac-aca.c
index
* This function is used to read generic data objects presented by
the underlying card, if available. It can provide some structures
that we are not able to emulate in softeare card.
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
docs/libcacard.txt | 8 +++
src
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
tests/libcacard.c | 4
1 file changed, 4 insertions(+)
diff --git a/tests/libcacard.c b/tests/libcacard.c
index 67bd0be..97ba2ab 100644
--- a/tests/libcacard.c
+++ b/tests/libcacard.c
@@ -165,6 +165,7 @@ static void get_properties
applets
* The NSS DB needs to be created under tests/hwdb/ and local
pkcs#11 module needs to be added to the database
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
Makefile.am| 15 ++
docs/libcacard.txt | 1 +
tests/common.c | 525
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
tests/common.c| 43 +--
tests/common.h| 3 +++
tests/libcacard.c | 41 +
3 files changed, 85 insertions(+), 2 deletions(-)
diff --git a/tests
CF (Access Control File) are one of the
mandatory parts of CAC, but they are not exposed in PKCS#11
and impossible to emulate (signatures of the internal structures),
but ActivClient does not really need them.
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
src/cac.c
* This provides the real list of applets in the emulated card
in the CCC applet CardURLs, which is mandatory for applet and certificated
discovery.
* This also increaseses the amount of possible certificates to 10
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
src/cac.c
* So far, the ACA tables were static from existing card.
* This change allows adjusting the ACA tables based on the real
certificates and PKI applets present in virtual smart card
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
src/cac-aca.c | 244
This is second version of unmerged changes from the patch set I sent
earlier this week:
https://lists.freedesktop.org/archives/spice-devel/2018-July/044955.html
This makes use of some more clean up and reordering to make sure every
commit makes the tests pass. Unfortunatelly, this is not case fro
* Introduce a new API to get the key size from the key to present it in
CAC properties structures later
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
docs/libcacard.txt | 4
src/libcacard.syms | 1 +
src/vcard_emul.h | 1 +
src/vcard_emul_nss.c | 22
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
tests/libcacard.c | 24
1 file changed, 24 insertions(+)
diff --git a/tests/libcacard.c b/tests/libcacard.c
index 838e3c1..5112838 100644
--- a/tests/libcacard.c
+++ b/tests/libcacard.c
@@ -159,6 +159,10
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
tests/common.c| 73 +++
tests/common.h| 2 ++
tests/hwtests.c | 23 +++
tests/libcacard.c | 46 -
4 files changed, 98 insertions(+), 46
vcard_emul_rsa_bits() to expose the
real key size in properties buffer
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
src/cac.c | 474 --
src/cac.h | 30 ++-
tests/libcacard.c | 26 +--
3 files changed, 439 insertions(+), 91 deletions
generic ISO 7816 code, but the responses are improved.
* This affects also the existing testsuite, which needs
adjustments, since the SELECT APDU retunrs different data.
* This loads the GP applet separately from CAC applet
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
Makefile.am
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
build-aux/glib.supp | 35 +++
1 file changed, 35 insertions(+)
create mode 100644 build-aux/glib.supp
diff --git a/build-aux/glib.supp b/build-aux/glib.supp
new file mode 100644
index 000..ff2edbe
(from "5.3.3.5 Get ACR APDU" of GSC-IS 2.1)
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
Makefile.am|2 +
docs/libcacard.txt |1 +
src/cac-aca.c | 1106
src/cac-aca.h | 32 ++
src/cac.c
buffer matches the expected key size
* Separate test for GET RESPONSE APDU
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
Makefile.am | 6 +-
tests/libcacard.c | 426 --
2 files changed, 418 insertions(+), 14 deletions(-)
diff
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
tests/libcacard.c | 83 ++-
1 file changed, 82 insertions(+), 1 deletion(-)
diff --git a/tests/libcacard.c b/tests/libcacard.c
index 97ba2ab..5323a2c 100644
--- a/tests/libcacard.c
+++ b/tests
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
tests/libcacard.c | 99 +++
1 file changed, 99 insertions(+)
diff --git a/tests/libcacard.c b/tests/libcacard.c
index 6768a03..67bd0be 100644
--- a/tests/libcacard.c
+++ b/tests/libcacard.c
* The PKI Credential, PKI Certificate and Person Instance applets
are hard to emulate with bogus data and therefore we will
make them available from the existing cards.
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
src/cac.c | 259
---
tests/libcacard.c | 26 +-
1 file changed, 21 insertions(+), 5 deletions(-)
diff --git a/tests/libcacard.c b/tests/libcacard.c
index a6ff49b..2b769be 100644
--- a/tests/libcacard.c
+++ b/tests/libcacard.c
@@ -17,7 +17,8 @@ events_thread(gpointer arg)
while (1) {
* The Card Capability Container (CCC) is mandatory applet of CAC 2
and is used to discover other applets, card capabilities and
properties
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
src/cac.c | 361 +-
src/cac.h | 15
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
tests/libcacard.c | 60 +++
1 file changed, 56 insertions(+), 4 deletions(-)
diff --git a/tests/libcacard.c b/tests/libcacard.c
index 67ea089..01335c2 100644
--- a/tests/libcacard.c
+++ b
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
tests/libcacard.c | 48 ---
1 file changed, 41 insertions(+), 7 deletions(-)
diff --git a/tests/libcacard.c b/tests/libcacard.c
index 01335c2..838e3c1 100644
--- a/tests/libcacard.c
+++ b
On Wed, 2018-08-01 at 00:16 +0200, Marc-André Lureau wrote:
> Hi Jakub,
>
> On Tue, Jul 31, 2018 at 4:50 PM, Jakub Jelen
> wrote:
> > * This involves creation of properties structures in the applet,
> >that are used to discover pki buffers in the applet a
On Wed, 2018-08-01 at 00:19 +0200, Marc-André Lureau wrote:
> Hi
>
> On Tue, Jul 31, 2018 at 4:50 PM, Jakub Jelen
> wrote:
> > * This is useful for CI or manual running of the tests without a
> > need
> >of a physical CAC card.
> > * The script goes thro
On Tue, 2018-07-31 at 23:58 +0200, Marc-André Lureau wrote:
> Hi
>
> On Tue, Jul 31, 2018 at 11:53 PM, Marc-André Lureau
> wrote:
> > Hi
> >
> > On Tue, Jul 31, 2018 at 4:50 PM, Jakub Jelen
> > wrote:
> > > Signed-off-by: Jakub Jelen
> > >
On Tue, 2018-07-31 at 20:29 +0200, Marc-André Lureau wrote:
> Hi
>
> On Tue, Jul 31, 2018 at 4:49 PM, Jakub Jelen
> wrote:
> > * The source code is originally based on the OpenSC cac card
> > driver
> >
> > * The SimpleTLV encoding is used in various plac
On Tue, 2018-07-31 at 20:07 +0200, Marc-André Lureau wrote:
> Hi
>
> On Tue, Jul 31, 2018 at 4:49 PM, Jakub Jelen
> wrote:
> > [...]
> > -test_programs = tests/libcacard
> > -tests_libcacard_LDADD = libcacard.la $(GT
On Tue, 2018-07-31 at 19:46 +0200, Marc-André Lureau wrote:
> Hi
>
> supression/suppression
>
> On Tue, Jul 31, 2018 at 4:50 PM, Jakub Jelen
> wrote:
> > Signed-off-by: Jakub Jelen
> > Reviewed-by: Robert Relyea
> > ---
> > build-aux/glib-tap.
On Tue, 2018-07-31 at 18:14 +0200, Marc-André Lureau wrote:
> Hi
>
> On Tue, Jul 31, 2018 at 4:50 PM, Jakub Jelen
> wrote:
> > Signed-off-by: Jakub Jelen
> > Reviewed-by: Robert Relyea
> > ---
> > .gitlab-ci.yml | 53
> >
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
tests/common.c| 20
tests/hwtests.c | 44 +---
tests/libcacard.c | 3 +--
3 files changed, 26 insertions(+), 41 deletions(-)
diff --git a/tests/common.c b/tests
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
tests/common.c| 43 +--
tests/common.h| 3 +++
tests/libcacard.c | 41 +
3 files changed, 85 insertions(+), 2 deletions(-)
diff --git a/tests
* This is useful for CI or manual running of the tests without a need
of a physical CAC card.
* The script goes through the whole setting of environment, soft token,
generating testing keys, certificates and running the test suite.
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
standard GET ACR parameters, but if
P1 | 0x40 is set, the response should come in this new format.
* This affects also GET PROPERTIES APDU, where we get also other bunch of
TLVs in case of this bit is set.
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
src/cac-aca.c | 293
Signed-off-by: Jakub Jelen
Reviewed-by: Robert Relyea
---
README.md | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/README.md b/README.md
index c7053e3..86dda38 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-# libcacard ![alt text][travis]
+# libcacard 