Menu
▾
▴
[Opensc-commits] [OpenSC/OpenSC] 396cbc: IASECC/CPX: set default flags
|
From: Vincent J. <no...@gi...> - 2021-04-26 13:52:42
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: 396cbc46cf5c19b9e011558505f16640b9fce8a3 https://github.com/OpenSC/OpenSC/commit/396cbc46cf5c19b9e011558505f16640b9fce8a3 Author: Vincent JARDIN <vj...@fr...> Date: 2021-04-26 (Mon, 26 Apr 2021) Changed paths: M src/libopensc/card-iasecc.c Log Message: ----------- IASECC/CPX: set default flags The CPX has the standard capabilities of the IASECC standard. Let's be carefull with memory leakage, see the previous commit 83162c5c8 Fix: issue #2270 Commit: 39b4472f38f784bc4546f541428d5310e2225e80 https://github.com/OpenSC/OpenSC/commit/39b4472f38f784bc4546f541428d5310e2225e80 Author: Vincent JARDIN <vj...@fr...> Date: 2021-04-26 (Mon, 26 Apr 2021) Changed paths: M src/libopensc/iasecc.h M src/libopensc/pkcs15-iasecc.c M src/pkcs15init/pkcs15-iasecc.c A src/pkcs15init/pkcs15-iasecc.h Log Message: ----------- IASECC/CPX: export pkcs15init for missing features Some cards, such as the CPX are missing features that should have been initialized using: iasecc_pkcs15_encode_supported_algos() Let's export this function in order to build a fixup when the DF should be parsed. When OPENSSL is missing, an error should be rised since this workaround for the CPX cards cannot work. It means that any environments that use the CPX cards must be compiled with ENABLE_OPENSSL. Suggested-by: Doug Engert <dee...@gm...> Fix: issue #2270 Commit: 137286858f71bbd47633df9ab0fdb7ef2d251f54 https://github.com/OpenSC/OpenSC/commit/137286858f71bbd47633df9ab0fdb7ef2d251f54 Author: Vincent JARDIN <vj...@fr...> Date: 2021-04-26 (Mon, 26 Apr 2021) Changed paths: M src/libopensc/pkcs15-syn.c Log Message: ----------- IASECC/CPX: enable calls thru pkcs15-iasecc.c Same than Gemalto's IASECC, the CPX cards need a workaround since the PrKey does not have its Algo_regs. We get: pkcs15-tool -k --verify-pin --pin 1234 Using reader with a card: ACS ACR33U-A1 3SAM ICC Reader 00 00 Private RSA Key [CPS_PRIV_SIG] Object Flags : [0x01], private Usage : [0x200], nonRepudiation Access Flags : [0x0D], sensitive, alwaysSensitive, neverExtract Algo_refs : 0 Access Rules : pso_cds:01; ModLength : 2048 Key ref : 129 (0x81) Native : yes Path : e828bd080f8025000001ff0010:: Auth ID : 01 ID : e828bd080f8025000001ff001001 MD:guid : e7aab727-f2af-e673-37bb-7d43867a6349 Private RSA Key [CPS_PRIV_AUT] Object Flags : [0x07], private, modifiable Usage : [0x06], decrypt, sign Access Flags : [0x0D], sensitive, alwaysSensitive, neverExtract Algo_refs : 0 Access Rules : pso_decrypt:01; int_auth:01; ModLength : 2048 Key ref : 130 (0x82) Native : yes Path : e828bd080f8025000001ff0010:: Auth ID : 01 ID : e828bd080f8025000001ff001002 MD:guid : 2b6bf284-225c-80bc-8cbe-1c791db33543 We need to get Algo_regs to be set to something that is not 0. Fix: issue #2267 Commit: 544aa4cc6b349b097fa9d112d0d23fff5da2d0c2 https://github.com/OpenSC/OpenSC/commit/544aa4cc6b349b097fa9d112d0d23fff5da2d0c2 Author: Vincent JARDIN <vj...@fr...> Date: 2021-04-26 (Mon, 26 Apr 2021) Changed paths: M src/libopensc/pkcs15-iasecc.c Log Message: ----------- IASECC/CPX: Fix up prkeyinfo/algo_ref Extend the current support from 9abf8ee04cd6fff9d1f0835d638c779a7648ed44 in order to add a fixup for the CPx cards. Since the data is not properly encoded when the card is initialized let's re-build it for each run time from the DF. Suggested-by: Doug Engert <dee...@gm...> Fix: issue #2270 Commit: 405ecfc402759381fe2f30bf1caef40f7a7fd69a https://github.com/OpenSC/OpenSC/commit/405ecfc402759381fe2f30bf1caef40f7a7fd69a Author: Vincent JARDIN <vj...@fr...> Date: 2021-04-26 (Mon, 26 Apr 2021) Changed paths: M src/pkcs15init/pkcs15-iasecc.c Log Message: ----------- IASECC: proper pkcs15init of Algo_refs For some Private RSA Keys, their Algo_refs remain empty: $ pkcs15-tool -k --verify-pin --pin 1234 Using reader with a card: ACS ACR33U-A1 3SAM ICC Reader 00 00 Private RSA Key [CPS_PRIV_SIG] Object Flags : [0x01], private Usage : [0x200], nonRepudiation Access Flags : [0x0D], sensitive, alwaysSensitive, neverExtract Algo_refs : 0 Access Rules : pso_cds:01; ModLength : 2048 Key ref : 129 (0x81) Native : yes Path : e828bd080f8025000001ff0010:: Auth ID : 01 ID : e828bd080f8025000001ff001001 MD:guid : e7aab727-f2af-e673-37bb-7d43867a6349 Private RSA Key [CPS_PRIV_AUT] Object Flags : [0x07], private, modifiable Usage : [0x06], decrypt, sign Access Flags : [0x0D], sensitive, alwaysSensitive, neverExtract Algo_refs : 6, 3, 4 Access Rules : pso_decrypt:01; int_auth:01; ModLength : 2048 Key ref : 130 (0x82) Native : yes Path : e828bd080f8025000001ff0010:: Auth ID : 01 ID : e828bd080f8025000001ff001002 MD:guid : 2b6bf284-225c-80bc-8cbe-1c791db33543 Based on Usage : [0x200], nonRepudiation the SC_PKCS15_PRKEY_USAGE_NONREPUDIATION may be set but not the SC_PKCS15_PRKEY_USAGE_SIGN so line 801 is never tested. Having just SC_PKCS15_PRKEY_USAGE_NONREPUDIATION set and not doing anything does not make any sense for any card. Suggested-by: Doug Engert <dee...@gm...> Fix: issue #2270 Compare: https://github.com/OpenSC/OpenSC/compare/4912f05701ef...405ecfc40275 |
