Menu
▾
▴
Re: [Opensc-devel] Bad signature generated by pkcs15-crypt ?
|
From: <Joe...@we...> - 2016-02-22 15:51:51
|
<html><head></head><body><div style="font-family: Verdana;font-size: 12.0px;"><div>
<div>Thanks for providing this patch, with this I got it _almost_ working :-)</div>
<div> </div>
<div>I ran into one real and two minor issues:</div>
<div>1) The real issue is that the outlen does not seem to be the expected signature length,</div>
<div>but the size of the buffer with some extra space. In my case it is 1024 and not the expected</div>
<div>512, so this does not work. But I guess it would be possible to compute the expected signature</div>
<div>length in a general way?</div>
<div> </div>
<div>2) Minor techical issues: the apdu was not updated in the end to return the new length,</div>
<div>and src and dest were mixed up in the memmove</div>
<div> </div>
<div>With this hacked up version of your patch I was able to get a valid signature :-) , but obviously it works only</div>
<div>for exactly my usecase with at most one leading zero:</div>
<div> </div>
<div>
<div>--- a/src/libopensc/card-openpgp.c<br/>
+++ b/src/libopensc/card-openpgp.c<br/>
@@ -1656,6 +1656,13 @@ pgp_compute_signature(sc_card_t *card, const u8 *data,<br/>
r = sc_check_sw(card, apdu.sw1, apdu.sw2);<br/>
LOG_TEST_RET(card->ctx, r, "Card returned error");<br/>
<br/>
+ /* some cards may drop leading 0x00 byte on a signature */<br/>
+ if (apdu.resplen < 512) {<br/>
+ memmove(out + 1 , out, apdu.resplen); /* overlaping */<br/>
+ memset(out, 0, 1);<br/>
+ apdu.resplen = 512;<br/>
+ }<br/>
+</div>
<div> </div>
</div>
<div> </div>
<div>
<div name="quote" style="margin:10px 5px 5px 10px; padding: 10px 0 10px 10px; border-left:2px solid #C3D9E5; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
<div style="margin:0 0 10px 0;"><b>Gesendet:</b> Sonntag, 21. Februar 2016 um 20:54 Uhr<br/>
<b>Von:</b> "Douglas E Engert" <dee...@gm...><br/>
<b>An:</b> ope...@li...<br/>
<b>Betreff:</b> Re: [Opensc-devel] Bad signature generated by pkcs15-crypt ?</div>
<div name="quoted-content">The patch I sent you has a bug:<br/>
<br/>
memmove(out, out -(outlen - apdu.resplen), apdu.resplen); /* overlaping */<br/>
should be:<br/>
<br/>
memmove(out, out + (outlen - apdu.resplen), apdu.resplen); /* overlaping */<br/>
<br/>
<br/>
I have not tried the patch.<br/>
<br/>
On 2/21/2016 7:53 AM, Douglas E Engert wrote:<br/>
<br/>
> Try the attache patch. It is against http:/github.com/OpenSC/OpenSC<br/>
><br/>
<br/>
<br/>
--<br/>
<br/>
Douglas E. Engert <DEE...@gm...><br/>
<br/>
<br/>
------------------------------------------------------------------------------<br/>
Site24x7 APM Insight: Get Deep Visibility into Application Performance<br/>
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month<br/>
Monitor end-to-end web transactions and take corrective actions now<br/>
Troubleshoot faster and improve end-user experience. Signup Now!<br/>
<a href="http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140" target="_blank">http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140</a><br/>
_______________________________________________<br/>
Opensc-devel mailing list<br/>
Ope...@li...<br/>
<a href="https://lists.sourceforge.net/lists/listinfo/opensc-devel" target="_blank">https://lists.sourceforge.net/lists/listinfo/opensc-devel</a></div>
</div>
</div>
</div></div></body></html>
|
