Menu
▾
▴
Re: [Opensc-devel] CardOS 5.3 driver
|
From: Douglas E E. <dee...@gm...> - 2017-03-19 21:30:41
|
In regards to RSA_X_509, it may be the algorithm flags are wrong. An RSA_X_509 operation to a card can be the same operation used to sign a padded block the size of the key, or to decrypt a key size block and return the results, without removing any padding, which allows for using other other padding mechanisms. It could also be the senv is setting flags that tell the card to remove the padding whenit should not, or the card can not do RSA_X_509. It would be interesting to see an opensc-debug.log for sc_pkcs15_decipher when it calls sc_get_encoding_flags in padding.c On Fri, Mar 17, 2017 at 6:38 AM, Jakub Jelen <jj...@re...> wrote: > Hello all, > we got several CardOS 5.3 cards that I tried to implement support for in > OpenSC. The initial detection is already merged [1]. > > The approach used CardOS 5.0 was not working everywhere so before > submitting the pull request with all the changes, I would like to hear > some feedback on some questionable parts and preferable verify that the > changes are not breaking anything that worked with CardOS 5.0 as > originally implemented years ago (adding szikora, who implemented > initial CardOS 5.0 support in PR#170) or if some of the concepts in new > cards work also in the old ones. > > All changes are in my branch [2] are in four commits > > The first two make the signatures working: > * Separately detect 5.3 version and use p1 = 0x41 for security > environment -- will it work also in the old cards? > * Remove SC_ALGORITHM_NEED_USAGE which prevented using > cardos_compute_signature() with 5.3 cards. Does 5.0 or older cards need > that? > > The last two changes are more hackish and used to make decipher > mechanisms working (it looks like the card strips all the padding). Or > is there any possibility to disable in OpenSC RSA_X_509 raw decipher > mechanisms for this driver? > > Comments, thoughts? > > [1] https://github.com/OpenSC/OpenSC/commit/ac96e73 > [2] https://github.com/Jakuje/OpenSC/commits/jjelen-cardos53 > > Regards, > -- > Jakub Jelen > Software Engineer > Security Technologies > Red Hat > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > |
