Menu
▾
▴
[Opensc-commits] [OpenSC/OpenSC] 6049cb: ECDSA-SHA1: Apply SHA1 to input data before PSO co...
|
From: Doug E. <no...@gi...> - 2021-01-24 22:48:33
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: 6049cb926c980754e18b16794e365a9370f4403e https://github.com/OpenSC/OpenSC/commit/6049cb926c980754e18b16794e365a9370f4403e Author: Peter Popovec <pop...@gm...> Date: 2021-01-24 (Sun, 24 Jan 2021) Changed paths: M .travis.yml M src/libopensc/card-myeid.c M src/libopensc/pkcs15-sec.c M src/pkcs11/framework-pkcs15.c Log Message: ----------- ECDSA-SHA1: Apply SHA1 to input data before PSO compute signature. CKM_ECDSA and CKM_ECDSA_SHA1 cannot be registered in the same way. We need to use sc_pkcs11_register_sign_and_hash_mechanism () for CKM_ECDSA_SHA1. This fix also enables more ECDSA-SHAxxx mechanisms in framework-pkcs15.c Tested: MyEID 4.0.1 (secp256r1 with SHA1, SHA224, SHA256, SHA384, SHA512) CI tests (Travis + OsEID) for ECDSA-SHAxxx mechanisms are also enabled. Commit: 285db1ef298bb7d78ccf16cbb644a0e6b79584e6 https://github.com/OpenSC/OpenSC/commit/285db1ef298bb7d78ccf16cbb644a0e6b79584e6 Author: Doug Engert <dee...@gm...> Date: 2021-01-24 (Sun, 24 Jan 2021) Changed paths: M src/libopensc/card-myeid.c M src/libopensc/pkcs15-sec.c M src/pkcs11/framework-pkcs15.c M src/pkcs11/openssl.c Log Message: ----------- ECDSA Signatures with hashes This PR is based on discussion with @popovec in https://github.com/OpenSC/OpenSC/issues/2181 and https://github.com/OpenSC/OpenSC/pull/2187 which was cherry-picked as 5e5300816c8 This has been tested with PIV, MyEID and Smartcard-HSM. with ECDSA keys. The main fixes include : - Setting "flags" in card drivers - added code to sc_pkcs15-compute-signature for handle ECDSA with hashes - code in framework-pkcs15.c Signatures made by pkcs11-tool -sigm verify with openssl but pkcs11-tool --verify does not work with ECDSA but does with RSA I suspect it has to do with: and some then creating the wrong PKCS11 mechanisms It should work with the epass2003 which does hashes in the driver. Commit: 521d420c4274cf4b6b97f80f8d56d38dee339ea4 https://github.com/OpenSC/OpenSC/commit/521d420c4274cf4b6b97f80f8d56d38dee339ea4 Author: Doug Engert <dee...@gm...> Date: 2021-01-24 (Sun, 24 Jan 2021) Changed paths: M src/pkcs11/openssl.c Log Message: ----------- pkcs11 ECDSA verify need rs converted to sequence The --signature-format openssl in pkcs11-tool does the correct operation to convert the OpenSSL formated signature to rs for PKCS11 This commit modifies pkcs11/openssl.c to convert back to sequence for EVP_VerifyFinal Without this mod the signature file was passed unmodified to PKCS11, then to EVP_VerifyFinal but this violates PKCS11 standard. On branch ECDSA-flags Changes to be committed: modified: openssl.c Commit: 0b0deae4be680a180b818c0013237718c45602dc https://github.com/OpenSC/OpenSC/commit/0b0deae4be680a180b818c0013237718c45602dc Author: Doug Engert <dee...@gm...> Date: 2021-01-24 (Sun, 24 Jan 2021) Changed paths: M src/pkcs11/framework-pkcs15.c Log Message: ----------- unused code removed On branch ECDSA-flags Changes to be committed: modified: framework-pkcs15.c Compare: https://github.com/OpenSC/OpenSC/compare/5f16ffae848e...0b0deae4be68 |
