New port: security/libbeid

Support libraries for Belgian government-issued electronic identity cards.
A PKCS #11 module is included that can be used with Mozilla Firefox.

The distfile has been created from upstream trunk revision 1457.
The patches included in the port fix all clang compiler warnings for
-Wall -Wextra -Wno-unused-parameter.
This commit is contained in:
Tijl Coosemans 2014-04-16 20:07:15 +00:00
parent ed04a3f9a7
commit 1cde9babac
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=351419
10 changed files with 942 additions and 0 deletions

View File

@ -250,6 +250,7 @@
SUBDIR += l5
SUBDIR += lasso
SUBDIR += libassuan
SUBDIR += libbeid
SUBDIR += libbf
SUBDIR += libecc
SUBDIR += libfprint

33
security/libbeid/Makefile Normal file
View File

@ -0,0 +1,33 @@
# $FreeBSD$
PORTNAME= libbeid
PORTVERSION= 4.0.6.1457
CATEGORIES= security
MASTER_SITES= http://tijl.fastmail.fm/mirror/
MAINTAINER= tijl@FreeBSD.org
COMMENT= Belgian eID support libraries
LICENSE= LGPL3
LIB_DEPENDS= libpcsclite.so:${PORTSDIR}/devel/pcsc-lite
USES= dos2unix libtool pkgconfig tar:xz
USE_AUTOTOOLS= autoconf:env automake:env libtoolize:env
USE_GNOME= gtk20
DOS2UNIX_FILES= common/src/datafile.cpp common/src/logbase.cpp \
common/src/util.cpp dialogs/src/dialogs.h pkcs11/src/asn1.c \
pkcs11/src/log.h pkcs11/src/cal.cpp pkcs11/src/cal.h
GNU_CONFIGURE= yes
CONFIGURE_ARGS= --disable-static
post-patch:
@${REINPLACE_CMD} -e '/svn_revision/d' -e '/SUBDIRS/s/xpi//' \
${WRKSRC}/Makefile.am ${WRKSRC}/configure.ac
pre-configure:
@(cd ${WRKSRC} && ${AUTORECONF} -i -f)
.include <bsd.port.mk>

View File

@ -0,0 +1,2 @@
SHA256 (libbeid-4.0.6.1457.tar.xz) = 0e16f1229fb8e87aaa31465eb0aeb01a1d8cb4aeef5ac60c6db8ba6159f06ed6
SIZE (libbeid-4.0.6.1457.tar.xz) = 444352

View File

@ -0,0 +1,111 @@
--- cardlayer/src/cache.cpp.orig
+++ cardlayer/src/cache.cpp
@@ -202,10 +202,8 @@
; // TODO: log
else
{
- size_t tmpHeader = fwrite(&header, sizeof(tCacheHeader), 1, f);
- tmpHeader = tmpHeader; //avoid warning
- size_t tmpData = fwrite(oData.GetBytes(), 1, oData.Size(), f);
- tmpData = tmpData; //avoid warning
+ (void)fwrite(&header, sizeof(tCacheHeader), 1, f);
+ (void)fwrite(oData.GetBytes(), 1, oData.Size(), f);
fclose(f);
}
}
--- cardlayer/src/card.cpp.orig
+++ cardlayer/src/card.cpp
@@ -25,7 +25,7 @@
CCard::CCard(SCARDHANDLE hCard, CContext *poContext, CPinpad *poPinpad) :
m_hCard(hCard), m_poContext(poContext), m_poPinpad(poPinpad),
- m_oCache(poContext), m_ulLockCount(0), m_bSerialNrString(false),m_cardType(CARD_UNKNOWN)
+ m_oCache(poContext), m_cardType(CARD_UNKNOWN), m_ulLockCount(0), m_bSerialNrString(false)
{
}
@@ -301,7 +301,7 @@
{
// By default no caching, card must implement this method
// to allow certain files to be cached (in a certain way).
- tCacheInfo dontCache = {DONT_CACHE};
+ tCacheInfo dontCache = {DONT_CACHE,0};
return dontCache;
}
--- cardlayer/src/pkcs15.cpp.orig
+++ cardlayer/src/pkcs15.cpp
@@ -27,7 +27,7 @@
{
const static tPin PinInvalid = {false, "",0,0,0,0,0,0, 0, 0, 0, 0, 0,PIN_ENC_BCD,"",""};
- const static tCert CertInvalid = {false, "", 0, 0,0,0};
+ const static tCert CertInvalid = {false, "", 0, 0,0,0,false,false,""};
const static tPrivKey PrivKeyInvalid = {false, "", 0,0,0,0,0,0,0,"", 0,false};
// Hardcoded Beid V1 PINs, keys, certs -- to be removed
@@ -63,8 +63,7 @@
{
}
- CPKCS15::CPKCS15(CContext *poContext) :
- m_poContext(poContext)
+ CPKCS15::CPKCS15(CContext *poContext)
{
Clear();
}
--- cardlayer/src/pkcs15.h.orig
+++ cardlayer/src/pkcs15.h
@@ -90,7 +90,6 @@
private:
CCard *m_poCard;
- CContext *m_poContext;
PKCS15Parser *m_poParser;
#ifdef WIN32
--- cardlayer/src/pkicard.cpp.orig
+++ cardlayer/src/pkicard.cpp
@@ -363,7 +363,7 @@
tFileInfo CPkiCard::SelectFile(const std::string & csPath, bool bReturnFileInfo)
{
CByteArray oResp;
- tFileInfo xFileInfo = {0};
+ tFileInfo xFileInfo = {0,0,0};
unsigned long ulPathLen = (unsigned long) csPath.size();
if (ulPathLen % 4 != 0 || ulPathLen == 0)
--- cardlayer/src/reader.cpp.orig
+++ cardlayer/src/reader.cpp
@@ -280,8 +280,7 @@
}
catch(CMWException &e)
{
- unsigned long err = e.GetError();
- err = err;
+ (void)e.GetError();
return m_oPKCS15.GetSerialNr();
}
}
--- cardlayer/src/threadpool.cpp.orig
+++ cardlayer/src/threadpool.cpp
@@ -79,7 +79,7 @@
m_bRunning = false;
}
-void CEventCallbackThread::Stop()
+void CEventCallbackThread::Stop(unsigned long ulSleepFrequency)
{
m_bStop = true;
}
--- cardlayer/src/threadpool.h.orig
+++ cardlayer/src/threadpool.h
@@ -42,7 +42,7 @@
void Run();
- void Stop();
+ void Stop(unsigned long ulSleepFrequency=100);
bool HasStopped();

View File

@ -0,0 +1,183 @@
--- common/src/bytearrayreader.cpp.orig
+++ common/src/bytearrayreader.cpp
@@ -24,7 +24,6 @@
#include "bytearrayreader.h"
#include "bytearray.h"
-const static unsigned long EXTRA_INCREMENT_LEN = 10;
/***************** ByteArray **************************/
--- common/src/datafile.cpp.orig
+++ common/src/datafile.cpp
@@ -243,8 +243,7 @@
while ( !bDone )
{
memset(buffer, 0, MAX_BUFFER_LEN);
- wchar_t* tmp = fgetws( buffer, MAX_BUFFER_LEN, m_stream);
- tmp=tmp; // avoid warning
+ (void)fgetws( buffer, MAX_BUFFER_LEN, m_stream);
szLine = buffer;
Trim(szLine);
@@ -1004,8 +1003,7 @@
if ( buf[nLength] != '\n' && buf[nLength] != '\r' )
buf[nLength++] = '\n';
- size_t tmp = fwrite(buf, sizeof( wchar_t ), nLength, stream);
- tmp = tmp; // avoid warning
+ (void)fwrite(buf, sizeof( wchar_t ), nLength, stream);
return nLength;
}
--- common/src/dynamiclib.cpp.orig
+++ common/src/dynamiclib.cpp
@@ -42,7 +42,7 @@
void * CDynamicLib::GetAddress(const std::string & csFunctionName)
{
- if (m_module != m_module)
+ if (m_module == NULL)
return NULL;
return PlatformGetAddress(csFunctionName.c_str());
@@ -50,7 +50,7 @@
void CDynamicLib::Close()
{
- if (m_module != m_module)
+ if (m_module != NULL)
return PlatformClose();
m_module = NULL;
--- common/src/logbase.cpp.orig
+++ common/src/logbase.cpp
@@ -29,11 +29,7 @@
#include "mw_util.h"
#ifndef WIN32
-#ifdef LINUX
#include "wintypes.h"
-#else
-#include "PCSC/wintypes.h"
-#endif
#include "sys/stat.h"
#include "util.h"
@@ -567,6 +563,7 @@
else
err = fopen_s(&m_f,utilStringNarrow(filename).c_str(),"a");
#else
+ (void)bWchar;
m_f = fopen(utilStringNarrow(filename).c_str(),"a, ccs=UTF-8");
if (m_f == NULL) err=errno;
#endif
--- common/src/mw_util.cpp.orig
+++ common/src/mw_util.cpp
@@ -271,7 +271,7 @@
if (r != -1 && csTmp != NULL)
{
- r = fprintf(stream, csTmp);
+ r = fputs(csTmp, stream);
free(csTmp);
}
@@ -289,7 +289,7 @@
if (r != -1 && csTmp != NULL)
{
- r = fprintf(stream, csTmp);
+ r = fputs(csTmp, stream);
free(csTmp);
}
@@ -306,7 +306,7 @@
if (r != -1 && csTmp != NULL)
{
- r = fprintf(stream, csTmp);
+ r = fputs(csTmp, stream);
free(csTmp);
}
--- common/src/mw_util.h.orig
+++ common/src/mw_util.h
@@ -38,7 +38,6 @@
#endif
#if !defined __APPLE__ && !defined USE_WINERROR
-#include "error.h"
#endif
#ifndef HAVE_ERRNO_T
--- common/src/mwexception.cpp.orig
+++ common/src/mwexception.cpp
@@ -34,14 +34,14 @@
// CMWEXCEPTION::CMWEXCEPTION(long lError, const char *cpFile, long lLine)
CMWException::CMWException(long lError, const char *cpFile, long lLine)
-: m_lError(lError),
- m_sFile(cpFile),
+: m_sFile(cpFile),
+ m_lError(lError),
m_lLine(lLine)
{
}
-const char* CMWException::what() throw()
+const char* CMWException::what() const throw()
{
return "CMWException, error code strings to be implemented";
}
--- common/src/mwexception.h.orig
+++ common/src/mwexception.h
@@ -37,7 +37,7 @@
//CMWException(long lError);
CMWException(long lError, const char *cpFile, long lLine);
~CMWException () throw(){};
- virtual const char* what() throw();
+ virtual const char* what() const throw();
long GetError() const {return m_lError;};
std::string GetFile() const {return m_sFile;};
--- common/src/socket/socketclient.cpp.orig
+++ common/src/socket/socketclient.cpp
@@ -23,6 +23,7 @@
#include "../util.h"
#ifndef WIN32
+#include <netinet/in.h>
#include <errno.h>
#endif
--- common/src/util.cpp.orig
+++ common/src/util.cpp
@@ -348,7 +348,7 @@
/* Get our PID and build the name of the link in /proc */
pid = getpid();
- if (snprintf(linkname, sizeof(linkname), "/proc/%i/exe", pid) < 0)
+ if (snprintf(linkname, sizeof(linkname), "/proc/%i/file", pid) < 0)
{
/* This should only happen on large word systems. I'm not sure
what the proper response is here.
@@ -474,7 +474,7 @@
if (r != -1 && csTmp != NULL)
{
- r = fprintf(stream, csTmp);
+ r = fputs(csTmp, stream);
free(csTmp);
}
@@ -490,7 +490,7 @@
if (r != -1 && csTmp != NULL)
{
- r = fprintf(stream, csTmp);
+ r = fputs(csTmp, stream);
free(csTmp);
}

View File

@ -0,0 +1,404 @@
--- dialogs/src/dialogsgtk/beid-askaccess.c.orig
+++ dialogs/src/dialogsgtk/beid-askaccess.c
@@ -32,22 +32,15 @@
enum { MSG_ACCESS_CARD_TITLE=1, MSG_ACCESS_CARD_QUESTION };
-char* beid_messages[4][3]={
- "en", "beID: Card Access", "The application [%s] wants to access the eID card. Do you want to accept it?",
- "nl", "beID: Lezen Kaart", "Het Programma [%s] vraagt toegang tot de eID kaart. Wil U dit toelaten?",
- "fr", "beID: Lecture de Carte", "l'application [%s] essaye d'accéder à la carte eID. Acceptez-vous?",
- "de", "beID: Kartenzugriff", "Die Anwendung [%s] will auf die eID-Karte zugreifen. Möchten Sie akzeptieren?"
- };
+static char const *const beid_messages[4][3]={
+ { "en", "beID: Card Access", "The application [%s] wants to access the eID card. Do you want to accept it?" },
+ { "nl", "beID: Lezen Kaart", "Het Programma [%s] vraagt toegang tot de eID kaart. Wil U dit toelaten?" },
+ { "fr", "beID: Lecture de Carte", "l'Application [%s] essaye d'accéder à la carte eID. Acceptez-vous?" },
+ { "de", "beID: Kartenzugriff", "Die Anwendung [%s] will auf die eID-Karte zugreifen. Möchten Sie akzeptieren?" }
+};
#include "beid-i18n.h"
-// event handler for delete-event. always approves the deletion
-///////////////////////////////////////////////////////////////
-static gboolean on_delete_event( GtkWidget *widget, GdkEvent* event, gpointer pindialog)
-{
- return TRUE;
-}
-
int main(int argc, char* argv[])
{
int return_value;
@@ -63,7 +56,7 @@
{
char message[2048];
snprintf(message, sizeof(message)-2, _MSG_(MSG_ACCESS_CARD_QUESTION), caller_path);
- dialog=gtk_message_dialog_new(NULL,GTK_DIALOG_MODAL,GTK_MESSAGE_QUESTION,GTK_BUTTONS_OK_CANCEL,message);
+ dialog=gtk_message_dialog_new(NULL,GTK_DIALOG_MODAL,GTK_MESSAGE_QUESTION,GTK_BUTTONS_OK_CANCEL,"%s",message);
}
else
{
--- dialogs/src/dialogsgtk/beid-askpin.c.orig
+++ dialogs/src/dialogsgtk/beid-askpin.c
@@ -35,12 +35,12 @@
#define EXIT_ERROR 2
enum { MSG_PIN_CODE_REQUIRED=1, MSG_PLEASE_ENTER_PIN };
-char* beid_messages[4][3]={
- "en", "beID: PIN Code Required", "The application\n[%s]\nrequests your eID PIN code.",
- "nl", "beID: PINcode Vereist", "Het programma\n[%s]\nvraagt uw eID PINcode",
- "fr", "beID: Code PIN Necessaire", "l'application\n[%s]\nvous demande votre code PIN eID",
- "de", "beID: PIN Code Required", "Die Anwendung\n[%s]\nfragt um Ihren eID PIN-code"
- };
+static char const *const beid_messages[4][3]={
+ { "en", "beID: PIN Code Required", "The application\n[%s]\nrequests your eID PIN code." },
+ { "nl", "beID: PINcode Vereist", "Het programma\n[%s]\nvraagt uw eID PINcode" },
+ { "fr", "beID: Code PIN Necessaire", "l'Application\n[%s]\nvous demande votre code PIN eID" },
+ { "de", "beID: PIN Code Required", "Die Anwendung\n[%s]\nfragt um Ihren eID PIN-code" }
+};
#include "beid-i18n.h"
@@ -58,7 +58,7 @@
///////////////////////////////////////////////////////////////////////////////////////////
void update_pin_label(PinDialogInfo *pindialog)
{
- int i;
+ size_t i;
gchar tmp[MAX_PIN_LENGTH*6];
tmp[0]='\0';
for(i=0;i<strlen(pindialog->pin);i++)
@@ -74,14 +74,14 @@
{
gtk_dialog_set_response_sensitive(GTK_DIALOG(pindialog->dialog),GTK_RESPONSE_OK, TRUE);
gtk_dialog_set_default_response(GTK_DIALOG(pindialog->dialog),GTK_RESPONSE_OK);
- gtk_widget_grab_focus(pindialog->okbutton);
+ gtk_widget_grab_focus(GTK_WIDGET(pindialog->okbutton));
}
else
{
gtk_dialog_set_response_sensitive(GTK_DIALOG(pindialog->dialog), GTK_RESPONSE_OK, FALSE);
gtk_dialog_set_default_response(GTK_DIALOG(pindialog->dialog),GTK_RESPONSE_CANCEL);
- gtk_widget_grab_focus(pindialog->cancelbutton);
+ gtk_widget_grab_focus(GTK_WIDGET(pindialog->cancelbutton));
}
}
@@ -210,7 +210,7 @@
char message[2048];
pindialog_init(&pindialog); // setup PinDialogInfo structure
snprintf(message, sizeof(message)-2, _MSG_(MSG_PLEASE_ENTER_PIN), caller_path);
- pindialog.dialog=gtk_message_dialog_new(NULL,GTK_DIALOG_MODAL,GTK_MESSAGE_QUESTION,GTK_BUTTONS_NONE,message);
+ pindialog.dialog=gtk_message_dialog_new(NULL,GTK_DIALOG_MODAL,GTK_MESSAGE_QUESTION,GTK_BUTTONS_NONE,"%s",message);
}
else
{
@@ -218,8 +218,8 @@
exit(EXIT_ERROR);
}
- pindialog.cancelbutton=gtk_dialog_add_button(pindialog.dialog,GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL);
- pindialog.okbutton =gtk_dialog_add_button(pindialog.dialog,GTK_STOCK_OK, GTK_RESPONSE_OK);
+ pindialog.cancelbutton=GTK_BUTTON(gtk_dialog_add_button(GTK_DIALOG(pindialog.dialog),GTK_STOCK_CANCEL,GTK_RESPONSE_CANCEL));
+ pindialog.okbutton=GTK_BUTTON(gtk_dialog_add_button(GTK_DIALOG(pindialog.dialog),GTK_STOCK_OK,GTK_RESPONSE_OK));
gtk_dialog_set_default_response(GTK_DIALOG(pindialog.dialog),GTK_RESPONSE_OK);
gtk_window_set_title(GTK_WINDOW(pindialog.dialog),_MSG_(MSG_PIN_CODE_REQUIRED));
--- dialogs/src/dialogsgtk/beid-badpin.c.orig
+++ dialogs/src/dialogsgtk/beid-badpin.c
@@ -16,6 +16,7 @@
* http://www.gnu.org/licenses/.
**************************************************************************** */
+#include <ctype.h>
#include <gtk/gtk.h>
#include <gtk/gtkenums.h>
#include <gdk/gdkkeysyms.h>
@@ -30,22 +31,23 @@
#define EXIT_ERROR 2
enum { MSG_INCORRECT_PIN_CODE=1, MSG_N_ATTEMPTS_LEFT, MSG_LAST_ATTEMPT };
-char* beid_messages[4][4]={
- "en", "beID: Incorrect PIN Code", "You have entered an incorrect PIN code.\nPlease note that you have only %d attempts left before your PIN is blocked.", "You have entered an incorrect PIN code.\nPlease note that at the next incorrect entry your PIN code will be blocked.",
- "nl", "beID: Foutive PINcode", "U hebt een foutive PIN code ingegeven.\nGelieve te noteren dat u nog slechts %d pogingen hebt alvorens uw PIN code geblokkeerd wordt.", "U hebt een foutive PIN code ingegeven.\nGelieve te noteren dat bij de volgende incorrecte ingave uw PIN code geblokkeerd wordt.",
- "fr", "beID: Code PIN incorrect", "Vous avez entré un code PIN incorrect.\nVeuillez noter qu'il ne vous reste plus que %d tentatives avant que votre PIN soit bloqué", "Vous avez entré un code PIN incorrect.\nVieullez noter qu'a la prochaine entree incorrecte votre code PIN sera bloqué",
- "de", "beID: Incorrect PIN Code", "You have entered an incorrect PIN code.\nPlease note that you have only %d attempts left before your PIN is blocked.", "You have entered an incorrect PIN code.\nPlease note that at the next incorrect entry your PIN code will be blocked."
- };
+static char const *const beid_messages[4][4]={
+ { "en", "beID: Incorrect PIN Code",
+ "You have entered an incorrect PIN code.\nPlease note that you have only %d attempts left before your PIN is blocked.",
+ "You have entered an incorrect PIN code.\nPlease note that at the next incorrect entry your PIN code will be blocked." },
+ { "nl", "beID: Foutive PINcode",
+ "U hebt een foutive PIN code ingegeven.\nGelieve te noteren dat u nog slechts %d pogingen hebt alvorens uw PIN code geblokkeerd wordt.",
+ "U hebt een foutive PIN code ingegeven.\nGelieve te noteren dat bij de volgende incorrecte ingave uw PIN code geblokkeerd wordt." },
+ { "fr", "beID: Code PIN incorrect",
+ "Vous avez entré un code PIN incorrect.\nVeuillez noter qu'il ne vous reste plus que %d tentatives avant que votre PIN soit bloqué",
+ "Vous avez entré un code PIN incorrect.\nVieullez noter qu'a la prochaine entree incorrecte votre code PIN sera bloqué" },
+ { "de", "beID: Incorrect PIN Code",
+ "You have entered an incorrect PIN code.\nPlease note that you have only %d attempts left before your PIN is blocked.",
+ "You have entered an incorrect PIN code.\nPlease note that at the next incorrect entry your PIN code will be blocked." }
+};
#include "beid-i18n.h"
-// event handler for delete-event. always approves the deletion
-///////////////////////////////////////////////////////////////
-static gboolean on_delete_event( GtkWidget *widget, GdkEvent* event, gpointer pindialog)
-{
- return TRUE;
-}
-
int main(int argc, char* argv[])
{
int return_value=EXIT_ERROR;
@@ -63,7 +65,7 @@
if(attempts>1)
snprintf(message,sizeof(message)-2,_MSG_(MSG_N_ATTEMPTS_LEFT),attempts);
else
- snprintf(message,sizeof(message)-2,_MSG_(MSG_LAST_ATTEMPT));
+ snprintf(message,sizeof(message)-2,"%s",_MSG_(MSG_LAST_ATTEMPT));
}
else
{
@@ -71,7 +73,7 @@
exit(EXIT_ERROR);
}
- dialog=gtk_message_dialog_new(NULL,GTK_DIALOG_MODAL,GTK_MESSAGE_WARNING,GTK_BUTTONS_OK,message);
+ dialog=gtk_message_dialog_new(NULL,GTK_DIALOG_MODAL,GTK_MESSAGE_WARNING,GTK_BUTTONS_OK,"%s",message);
gtk_dialog_set_default_response(GTK_DIALOG(dialog),GTK_RESPONSE_OK);
gtk_window_set_title(GTK_WINDOW(dialog),_MSG_(MSG_INCORRECT_PIN_CODE));
gtk_window_set_position(GTK_WINDOW(dialog), GTK_WIN_POS_CENTER);
--- dialogs/src/dialogsgtk/beid-changepin.c.orig
+++ dialogs/src/dialogsgtk/beid-changepin.c
@@ -17,6 +17,7 @@
* http://www.gnu.org/licenses/.
**************************************************************************** */
+#include <ctype.h>
#include <gtk/gtk.h>
#include <gtk/gtkenums.h>
#include <gdk/gdkkeysyms.h>
@@ -36,13 +37,20 @@
#define EXIT_ERROR 2
enum { MSG_CHANGE_PIN_CODE=1, MSG_PLEASE_ENTER_OLD_AND_NEW_PINS, MSG_CURRENT_PIN, MSG_NEW_PIN, MSG_NEW_PIN_AGAIN };
-char* beid_messages[4][6]={
- "en", "beID: Change PIN Code", "Request from Application [%s]:\n\nPlease enter your current eID PIN, followed by your new eID PIN (twice)", "Current PIN:", "New PIN:", "New PIN (again):",
- "nl", "beID: PIN Code Wijzigen", "Verzoek van programma [%s]:\n\nGelieve Uw bestaande eID PIN code, en tweemaal uw nieuwe eID PINcode in te voeren.", "Huidige PIN:", "Nieuwe PIN:", "Nieuwe PIN (opnieuw):",
- "fr", "beID: Changement de code PIN", "Demande de l'application [%s]:\n\nVeuillez entrer votre code PIN eID existant, suivi de votre nouveau code PIN eID (2 fois)", "Code PIN existant:", "Nouveau code PIN:","Nouveau code PIN (verification):",
- "de", "beID: PIN Code ändern", "Anfrage von Anwendug [%s]:\n\nBitte geben Sie ihren bestehenden eID PIN-Code, gefolgt von Ihrem neuen eID PIN-Code (zwei mal), ein", "Aktueller PIN-Code:", "Neuer PIN-Code:", "Neuer PIN-Code (noch einmal):"
-
- };
+static char const *const beid_messages[4][6]={
+ { "en", "beID: Change PIN Code",
+ "Request from application [%s]:\n\nPlease enter your current eID PIN, followed by your new eID PIN (twice)",
+ "Current PIN:", "New PIN:", "New PIN (again):" },
+ { "nl", "beID: PIN Code Wijzigen",
+ "Verzoek van programma [%s]:\n\nGelieve Uw bestaande eID PIN code, en tweemaal uw nieuwe eID PINcode in te voeren.",
+ "Huidige PIN:", "Nieuwe PIN:", "Nieuwe PIN (opnieuw):" },
+ { "fr", "beID: Changement de code PIN",
+ "Demande de l'application [%s]:\n\nVeuillez entrer votre code PIN eID existant, suivi de votre nouveau code PIN eID (2 fois)",
+ "Code PIN existant:", "Nouveau code PIN:", "Nouveau code PIN (verification):" },
+ { "de", "beID: PIN Code ändern",
+ "Anfrage von Anwendug [%s]:\n\nBitte geben Sie ihren bestehenden eID PIN-Code, gefolgt von Ihrem neuen eID PIN-Code (zwei mal), ein",
+ "Aktueller PIN-Code:", "Neuer PIN-Code:", "Neuer PIN-Code (noch einmal):" }
+};
#include "beid-i18n.h"
@@ -161,7 +169,7 @@
{
char message[2048];
snprintf(message, sizeof(message)-2, _MSG_(MSG_PLEASE_ENTER_OLD_AND_NEW_PINS), caller_path);
- pindialog.dialog=gtk_message_dialog_new(NULL,GTK_DIALOG_MODAL,GTK_MESSAGE_QUESTION,GTK_BUTTONS_NONE,message);
+ pindialog.dialog=gtk_message_dialog_new(NULL,GTK_DIALOG_MODAL,GTK_MESSAGE_QUESTION,GTK_BUTTONS_NONE,"%s",message);
}
else
{
@@ -169,8 +177,8 @@
exit(EXIT_ERROR);
}
- pindialog.cancelbutton =gtk_dialog_add_button(pindialog.dialog,GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL);
- pindialog.okbutton =gtk_dialog_add_button(pindialog.dialog,GTK_STOCK_OK, GTK_RESPONSE_OK);
+ pindialog.cancelbutton=GTK_BUTTON(gtk_dialog_add_button(GTK_DIALOG(pindialog.dialog),GTK_STOCK_CANCEL,GTK_RESPONSE_CANCEL));
+ pindialog.okbutton=GTK_BUTTON(gtk_dialog_add_button(GTK_DIALOG(pindialog.dialog),GTK_STOCK_OK,GTK_RESPONSE_OK));
gtk_dialog_set_default_response(GTK_DIALOG(pindialog.dialog),GTK_RESPONSE_OK);
gtk_window_set_title(GTK_WINDOW(pindialog.dialog),_MSG_(MSG_CHANGE_PIN_CODE));
@@ -234,8 +242,8 @@
{
case GTK_RESPONSE_OK: // if the user chose OK
{
- char* oldpin=gtk_entry_get_text(GTK_ENTRY(pindialog.originalPinEntry));
- char* newpin=gtk_entry_get_text(GTK_ENTRY(pindialog.newPin0Entry));
+ char const *oldpin=gtk_entry_get_text(GTK_ENTRY(pindialog.originalPinEntry));
+ char const *newpin=gtk_entry_get_text(GTK_ENTRY(pindialog.newPin0Entry));
printf("%s:%s\n",oldpin,newpin); // output the PINs to stdout
return_value=EXIT_OK; // and return OK
}
--- dialogs/src/dialogsgtk/beid-i18n.h.orig
+++ dialogs/src/dialogsgtk/beid-i18n.h
@@ -1,7 +1,7 @@
-char* _MSG_(int msgnum)
+char const *_MSG_(int msgnum)
{
- char* message=beid_messages[0][msgnum]; // default=English
- char* lang=getenv("LANG");
+ char const *message=beid_messages[0][msgnum]; // default=English
+ char const *lang=getenv("LANG");
if(lang!=NULL && strlen(lang)==5 && lang[2]=='_')
{
int i;
--- dialogs/src/dialogsgtk/beid-spr-askpin.c.orig
+++ dialogs/src/dialogsgtk/beid-spr-askpin.c
@@ -34,12 +34,12 @@
#define EXIT_ERROR 2
enum { MSG_PIN_CODE_REQUIRED=1, MSG_PLEASE_ENTER_PIN };
-char* beid_messages[4][3]={
- "en", "beID: PIN Code Required", "The application [%s] requests your eID PIN code on the secure pinpad reader:\n[%s]..",
- "nl", "beID: PINcode Vereist", "Het programma [%s] vraagt uw eID PIN code in te geven op de beveiligde kaartlezer:\n[%s].",
- "fr", "beID: Code PIN Necessaire", "l'application [%s] vous demande d'entrer votre code PIN eID sur le lecteur securise\n[%s]..",
- "de", "beID: PIN Code Required", "Die Anwendung [%s] fragt um Ihren eID PIN-Code auf dem sicheren Kartenleser:\n[%s].."
- };
+static char const* const beid_messages[4][3]={
+ { "en", "beID: PIN Code Required", "The application [%s] requests your eID PIN code on the secure pinpad reader:\n[%s].." },
+ { "nl", "beID: PINcode Vereist", "Het programma [%s] vraagt uw eID PIN code in te geven op de beveiligde kaartlezer:\n[%s].." },
+ { "fr", "beID: Code PIN Necessaire", "l'Application [%s] vous demande d'entrer votre code PIN eID sur le lecteur securise\n[%s].." },
+ { "de", "beID: PIN Code Required", "Die Anwendung [%s] fragt um Ihren eID PIN-Code auf dem sicheren Kartenleser:\n[%s].." }
+};
#include "beid-i18n.h"
@@ -88,7 +88,7 @@
// create new message dialog with CANCEL button in standard places, in center of user's screen
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////
- pindialog.dialog=gtk_message_dialog_new(NULL,GTK_DIALOG_MODAL,GTK_MESSAGE_QUESTION,GTK_BUTTONS_NONE,message);
+ pindialog.dialog=gtk_message_dialog_new(NULL,GTK_DIALOG_MODAL,GTK_MESSAGE_QUESTION,GTK_BUTTONS_NONE,"%s",message);
gtk_dialog_set_default_response(GTK_DIALOG(pindialog.dialog),GTK_RESPONSE_OK);
gtk_window_set_title(GTK_WINDOW(pindialog.dialog),_MSG_(MSG_PIN_CODE_REQUIRED));
gtk_window_set_position(GTK_WINDOW(pindialog.dialog), GTK_WIN_POS_CENTER);
--- dialogs/src/dialogsgtk/beid-spr-changepin.c.orig
+++ dialogs/src/dialogsgtk/beid-spr-changepin.c
@@ -34,12 +34,12 @@
#define EXIT_ERROR 2
enum { MSG_CHANGE_PIN_CODE=1, MSG_PLEASE_CHANGE_PIN };
-char* beid_messages[4][3]={
- "en", "beID: Change PIN Code", "Request from Application [%s]:\n\nPlease change your eID PIN code on the secure pinpad reader:\n[%s]..",
- "nl", "beID: Wijziging PINcode", "Verzoek van programma [%s]:\n\nGelieve uw eID PIN code op de beveiligde kaartlezer:\n[%s]\nte willen wijzigen.",
- "fr", "beID: Changement de code PIN", "Demande de l'application [%s]:\n\nVeuillez changer votre code PIN eID sur le lecteur securise\n[%s]..",
- "de", "beID: Change PIN Code", "Anfrage von Anwendug [%s]:\n\nPlease change your eID PIN code on the secure pinpad reader:\n[%s].."
- };
+static char const *const beid_messages[4][3]={
+ { "en", "beID: Change PIN Code", "Request from Application [%s]:\n\nPlease change your eID PIN code on the secure pinpad reader:\n[%s].." },
+ { "nl", "beID: Wijziging PINcode", "Verzoek van programma [%s]:\n\nGelieve uw eID PIN code te wijzigen op de beveiligde kaartlezer:\n[%s].." },
+ { "fr", "beID: Changement de code PIN", "Demande de l'application [%s]:\n\nVeuillez changer votre code PIN eID sur le lecteur securise\n[%s].." },
+ { "de", "beID: Change PIN Code", "Anfrage von Anwendug [%s]:\n\nPlease change your eID PIN code on the secure pinpad reader:\n[%s].." }
+};
#include "beid-i18n.h"
@@ -60,7 +60,6 @@
int main(int argc, char* argv[])
{
- char pid_path[PATH_MAX];
int return_value=EXIT_ERROR;
PinDialogInfo pindialog; // this struct contains all dialog objects
char caller_path[1024];
@@ -89,7 +88,7 @@
exit(EXIT_ERROR);
}
- pindialog.dialog=gtk_message_dialog_new(NULL,GTK_DIALOG_MODAL,GTK_MESSAGE_QUESTION,GTK_BUTTONS_NONE,message);
+ pindialog.dialog=gtk_message_dialog_new(NULL,GTK_DIALOG_MODAL,GTK_MESSAGE_QUESTION,GTK_BUTTONS_NONE,"%s",message);
gtk_dialog_set_default_response(GTK_DIALOG(pindialog.dialog),GTK_RESPONSE_OK);
gtk_window_set_title(GTK_WINDOW(pindialog.dialog),_MSG_(MSG_CHANGE_PIN_CODE));
gtk_window_set_position(GTK_WINDOW(pindialog.dialog), GTK_WIN_POS_CENTER);
--- dialogs/src/dialogs.h.orig
+++ dialogs/src/dialogs.h
@@ -27,6 +27,7 @@
#ifndef __DIALOGS_H__
#define __DIALOGS_H__
+#include <sys/types.h>
#include <string>
#ifdef WIN32
--- dialogs/src/dialogsgtk/dlgs_gtk.cpp.orig
+++ dialogs/src/dialogsgtk/dlgs_gtk.cpp
@@ -56,12 +56,13 @@
-bool MW_PERROR(tLevel level, tModule mod, char* comment)
+static bool MW_PERROR(tLevel level, tModule mod, char const *comment)
{
char err_txt[256],log_txt[1024];
wchar_t wide_log_txt[1024];
- snprintf(log_txt,sizeof(log_txt),"%s:%s",comment,strerror_r(errno,err_txt,sizeof(err_txt)));
+ strerror_r(errno,err_txt,sizeof(err_txt));
+ snprintf(log_txt,sizeof(log_txt),"%s:%s",comment,err_txt);
mbstowcs(wide_log_txt,log_txt,sizeof(wide_log_txt));
return MWLOG(level,mod,wide_log_txt);
}
@@ -112,7 +113,7 @@
char count[4];
MWLOG(LEV_DEBUG,MOD_DLG,L"eIDMW::DlgBadPin called");
- snprintf(count,sizeof(count)-2,"%1d",ulRemainingTries);
+ snprintf(count,sizeof(count)-2,"%1lu",ulRemainingTries);
char* response=sdialog_call_modal(QUOTEME(BEID_BADPIN_DIALOG),count);
free(response);
return DLG_OK;
--- dialogs/src/dialogsgtk/parent.c.orig
+++ dialogs/src/dialogsgtk/parent.c
@@ -1,4 +1,6 @@
+#include <stdio.h>
#include <stdlib.h>
+#include <unistd.h>
#include "config.h"
#include "parent.h"
@@ -9,7 +11,7 @@
char proc_path[32];
ssize_t exec_path_len=-1;
- snprintf(proc_path,sizeof(proc_path)-1,"/proc/%d/exe",getppid());
+ snprintf(proc_path,sizeof(proc_path)-1,"/proc/%d/file",getppid());
if((exec_path_len=readlink(proc_path,exec_path,exec_path_size-1))!=-1)
exec_path[exec_path_len]='\0';
return exec_path_len;
--- dialogs/src/dialogsgtk/parent.h.orig
+++ dialogs/src/dialogsgtk/parent.h
@@ -1,2 +1,4 @@
+#include <sys/types.h>
+
ssize_t get_parent_path(char* exec_path, size_t exec_path_size);
--- dialogs/src/dialogsgtk/single_dialog.c.orig
+++ dialogs/src/dialogsgtk/single_dialog.c
@@ -40,14 +40,15 @@
#define DPRINTF(format,args...) fprintf(stderr, format , ## args)
#define DERROR(label) perror(label)
#else
-#define DPRINTF
-#define DERROR
+#define DPRINTF(format,args...)
+#define DERROR(label)
#endif
/* the sdialog_call_modal function borrows from readpass.c in the OpenSSH distribution, whose Copyright is as follows:
*
* START OF extra (C) NOTICE FOR sdialog_call_modal()
+ */
/* $OpenBSD: readpass.c,v 1.47 2006/08/03 03:34:42 deraadt Exp $ */
/*

View File

@ -0,0 +1,171 @@
--- pkcs11/src/asn1.c.orig
+++ pkcs11/src/asn1.c
@@ -253,7 +253,7 @@
/* check if we are decoding inside a BIT STRING: iNumTag == parent_tag */
/* first octet of bit string is the number of unused bits at the end of the bitstring */
/* in CER/DER: unused bits are always zero. And if they aren't zero, we still don't need to know the nr. of unused bits */
- if ((iNumTag == 0x03) )
+ if (iNumTag == 0x03)
{
p_cDat++;
iLen--;
--- pkcs11/src/cal.cpp.orig
+++ pkcs11/src/cal.cpp
@@ -865,7 +865,7 @@
std::string szReader;
// char cBuffer[250];
// unsigned char ucBuffer[250];
- char* plabel = NULL;
+ char const *plabel = NULL;
CTLVBuffer oTLVBuffer;
P11_SLOT *pSlot = NULL;
CK_ATTRIBUTE ID_DATA[]= BEID_TEMPLATE_ID_DATA;
@@ -1026,8 +1026,8 @@
std::string szReader;
char cBuffer[250];
// unsigned char ucBuffer[250];
- char* plabel = NULL;
- char* pobjectID = NULL;
+ char const *plabel = NULL;
+ char const *pobjectID = NULL;
unsigned long ulLen=0;
CTLVBuffer oTLVBuffer;
CTLVBuffer oTLVBufferAddress;//need second buffer object, as memory is only freed when this object is destructed
@@ -1061,7 +1061,7 @@
pobjectID = BEID_OBJECTID_ID;
ret = p11_add_slot_ID_object(pSlot, ID_DATA, sizeof(ID_DATA)/sizeof(CK_ATTRIBUTE), CK_TRUE, CKO_DATA, CK_FALSE, &hObject,
(CK_VOID_PTR)plabel, (CK_ULONG)strlen(plabel),(CK_VOID_PTR) oFileData.GetBytes(),(CK_ULONG)oFileData.Size(),
- pobjectID, (CK_ULONG)strlen(pobjectID));
+ (CK_VOID_PTR)pobjectID, (CK_ULONG)strlen(pobjectID));
if (ret) goto cleanup;
oTLVBuffer.ParseTLV(oFileData.GetBytes(), oFileData.Size());
@@ -1075,7 +1075,7 @@
oTLVBuffer.FillUTF8Data(ID_LABELS[i].tag, cBuffer, &ulLen);
plabel = ID_LABELS[i].name;
ret = p11_add_slot_ID_object(pSlot, ID_DATA, sizeof(ID_DATA)/sizeof(CK_ATTRIBUTE), CK_TRUE, CKO_DATA, CK_FALSE, &hObject,
- (CK_VOID_PTR)plabel, (CK_ULONG)strlen(plabel),(CK_VOID_PTR) cBuffer,ulLen,pobjectID, (CK_ULONG)strlen(pobjectID));
+ (CK_VOID_PTR)plabel, (CK_ULONG)strlen(plabel),(CK_VOID_PTR) cBuffer,ulLen,(CK_VOID_PTR)pobjectID, (CK_ULONG)strlen(pobjectID));
if (ret) goto cleanup;
}
if(dataType != CACHED_DATA_TYPE_ALL){
@@ -1087,7 +1087,7 @@
pobjectID = BEID_OBJECTID_ADDRESS;
ret = p11_add_slot_ID_object(pSlot, ID_DATA, sizeof(ID_DATA)/sizeof(CK_ATTRIBUTE), CK_TRUE, CKO_DATA, CK_FALSE, &hObject,
(CK_VOID_PTR)plabel, (CK_ULONG)strlen(plabel),(CK_VOID_PTR) oFileData.GetBytes(),(CK_ULONG)oFileData.Size(),
- pobjectID, (CK_ULONG)strlen(pobjectID));
+ (CK_VOID_PTR)pobjectID, (CK_ULONG)strlen(pobjectID));
if (ret) goto cleanup;
oTLVBufferAddress.ParseTLV(oFileData.GetBytes(), oFileData.Size());
nrOfItems = sizeof(ADDRESS_LABELS)/sizeof(BEID_DATA_LABELS_NAME);
@@ -1099,7 +1099,7 @@
plabel = ADDRESS_LABELS[i].name;
ret = p11_add_slot_ID_object(pSlot, ID_DATA, sizeof(ID_DATA)/sizeof(CK_ATTRIBUTE), CK_TRUE, CKO_DATA, CK_FALSE, &hObject,
(CK_VOID_PTR)plabel, (CK_ULONG)strlen(plabel),(CK_VOID_PTR) cBuffer,ulLen,
- pobjectID, (CK_ULONG)strlen(pobjectID));
+ (CK_VOID_PTR)pobjectID, (CK_ULONG)strlen(pobjectID));
if (ret) goto cleanup;
}
if(dataType != CACHED_DATA_TYPE_ALL){
@@ -1111,7 +1111,7 @@
oFileData = oReader.ReadFile(BEID_FILE_PHOTO);
ret = p11_add_slot_ID_object(pSlot, ID_DATA, sizeof(ID_DATA)/sizeof(CK_ATTRIBUTE), CK_TRUE, CKO_DATA, CK_FALSE, &hObject,
(CK_VOID_PTR)plabel, (CK_ULONG)strlen(plabel),(CK_VOID_PTR) oFileData.GetBytes(),(CK_ULONG)oFileData.Size(),
- pobjectID, (CK_ULONG)strlen(BEID_OBJECTID_PHOTO));
+ (CK_VOID_PTR)pobjectID, (CK_ULONG)strlen(BEID_OBJECTID_PHOTO));
if (ret) goto cleanup;
if(dataType != CACHED_DATA_TYPE_ALL){
break;
--- pkcs11/src/cal.h.orig
+++ pkcs11/src/cal.h
@@ -179,7 +179,7 @@
typedef struct BEID_DATA_LABELS_NAME {
unsigned char tag;
- char* name;
+ char const * name;
}BEID_DATA_LABELS_NAME;
#define BEID_LABEL_DATA_FILE "DATA_FILE"
--- pkcs11/src/log.h.orig
+++ pkcs11/src/log.h
@@ -60,42 +60,42 @@
static P11_MAP_TYPE const P11_CLASS_TYPES[]=
{
- { CKO_DATA, "CKO_DATA" },
- { CKO_CERTIFICATE, "CKO_CERTIFICATE" },
- { CKO_PUBLIC_KEY, "CKO_PUBLIC_KEY" },
- { CKO_PRIVATE_KEY, "CKO_PRIVATE_KEY" },
- { CKO_SECRET_KEY, "CKO_SECRET_KEY" },
- { CKO_HW_FEATURE, "CKO_HW_FEATURE" },
- { CKO_DOMAIN_PARAMETERS, "CKO_DOMAIN_PARAMETERS" },
- { CKO_VENDOR_DEFINED, "CKO_VENDOR_DEFINED" },
- {0,0}
+ { CKO_DATA, "CKO_DATA", 0 },
+ { CKO_CERTIFICATE, "CKO_CERTIFICATE", 0 },
+ { CKO_PUBLIC_KEY, "CKO_PUBLIC_KEY", 0 },
+ { CKO_PRIVATE_KEY, "CKO_PRIVATE_KEY", 0 },
+ { CKO_SECRET_KEY, "CKO_SECRET_KEY", 0 },
+ { CKO_HW_FEATURE, "CKO_HW_FEATURE", 0 },
+ { CKO_DOMAIN_PARAMETERS, "CKO_DOMAIN_PARAMETERS", 0 },
+ { CKO_VENDOR_DEFINED, "CKO_VENDOR_DEFINED", 0 },
+ {0,0,0}
};
static P11_MAP_TYPE const P11_CERTIFICATE_TYPES[]=
{
- { CKC_X_509, "CKC_X_509" },
- { CKC_X_509_ATTR_CERT, "CKC_X_509_ATTR_CERT" },
- {0,0}
+ { CKC_X_509, "CKC_X_509", 0 },
+ { CKC_X_509_ATTR_CERT, "CKC_X_509_ATTR_CERT", 0 },
+ {0,0,0}
};
static P11_MAP_TYPE const P11_KEY_TYPES[]=
{
- { CKK_RSA, "CKK_RSA" },
- { CKK_DSA, "CKK_DSA" },
- { CKK_DH, "CKK_DH" },
- { CKK_ECDSA, "CKK_ECDSA" },
- { CKK_EC, "CKK_EC" },
- { CKK_RC2, "CKK_RC2" },
- { CKK_RC4, "CKK_RC4" },
- { CKK_RC5, "CKK_RC5" },
- { CKK_DES, "CKK_DES" },
- { CKK_DES3, "CKK_DES3" },
- { CKK_CAST, "CKK_CAST" },
- { CKK_CAST3, "CKK_CAST3" },
- { CKK_CAST128, "CKK_CAST128" },
- { CKK_IDEA, "CKK_IDEA" },
- { CKK_AES, "CKK_AES" },
- {0,0}
+ { CKK_RSA, "CKK_RSA", 0 },
+ { CKK_DSA, "CKK_DSA", 0 },
+ { CKK_DH, "CKK_DH", 0 },
+ { CKK_ECDSA, "CKK_ECDSA", 0 },
+ { CKK_EC, "CKK_EC", 0 },
+ { CKK_RC2, "CKK_RC2", 0 },
+ { CKK_RC4, "CKK_RC4", 0 },
+ { CKK_RC5, "CKK_RC5", 0 },
+ { CKK_DES, "CKK_DES", 0 },
+ { CKK_DES3, "CKK_DES3", 0 },
+ { CKK_CAST, "CKK_CAST", 0 },
+ { CKK_CAST3, "CKK_CAST3", 0 },
+ { CKK_CAST128, "CKK_CAST128", 0 },
+ { CKK_IDEA, "CKK_IDEA", 0 },
+ { CKK_AES, "CKK_AES", 0 },
+ {0,0,0}
};
static P11_MAP_TYPE const P11_ATTR_TYPES[]= {
@@ -159,7 +159,7 @@
{ CKA_RESET_ON_INIT, "CKA_RESET_ON_INIT", 0 },
{ CKA_HAS_RESET, "CKA_HAS_RESET", 0 },
{ CKA_VENDOR_DEFINED, "CKA_VENDOR_DEFINED", 0 },
- {0,0}
+ {0,0,0}
};

View File

@ -0,0 +1,4 @@
Support libraries for Belgian government-issued electronic identity cards.
A PKCS #11 module is included that can be used with Mozilla Firefox.
WWW: https://code.google.com/p/eid-mw/

View File

@ -0,0 +1,19 @@
WARNING:
The private keys on the eID cards are created by the Belgian government and
not by the citizens. You should assume that the government can forge digital
signatures and decrypt encrypted content.
The procfs file system must be mounted on /proc for these libraries to work
correctly.
To use your eID in Firefox you can add libbeidpkcs11.so as a security module:
- Make sure you have installed a pcsc-lite driver for your card reader (such
as devel/libccid) and that pcscd is running (add pcscd_enable="YES" to
/etc/rc.conf and start the service by running "service pcscd start").
- Connect your card reader.
- In Firefox go to Edit->Preferences->Advanced->Certificates and press
"Security Devices", then "Load".
- Enter a name such as "Belgian eID" and browse for libbeidpkcs11.so. Then
close the two windows by pressing "OK" twice.
- If all went well you can now plug in your eID card and see your certificates
listed under "View Certificates->Your Certificates".

View File

@ -0,0 +1,14 @@
lib/libbeidcardlayer.so
lib/libbeidcommon.so
lib/libbeidcommon.so.0
lib/libbeidcommon.so.0.0.0
lib/libbeiddialogs.so
lib/libbeidpkcs11.so
lib/libbeidpkcs11.so.0
lib/libbeidpkcs11.so.0.0.0
libexec/beid-askaccess
libexec/beid-askpin
libexec/beid-badpin
libexec/beid-changepin
libexec/beid-spr-askpin
libexec/beid-spr-changepin