Branch: refs/heads/master
Home: https://github.com/OpenSC/OpenSC
Commit: 6049cb926c980754e18b16794e365a9370f4403e
https://github.com/OpenSC/OpenSC/commit/6049cb926c980754e18b16794e365a9370f4403e
Author: Peter Popovec <pop...@gm...>
Date: 2021-01-24 (Sun, 24 Jan 2021)
Changed paths:
M .travis.yml
M src/libopensc/card-myeid.c
M src/libopensc/pkcs15-sec.c
M src/pkcs11/framework-pkcs15.c
Log Message:
-----------
ECDSA-SHA1: Apply SHA1 to input data before PSO compute signature.
CKM_ECDSA and CKM_ECDSA_SHA1 cannot be registered in the same way.
We need to use sc_pkcs11_register_sign_and_hash_mechanism ()
for CKM_ECDSA_SHA1.
This fix also enables more ECDSA-SHAxxx mechanisms in framework-pkcs15.c
Tested: MyEID 4.0.1 (secp256r1 with SHA1, SHA224, SHA256, SHA384, SHA512)
CI tests (Travis + OsEID) for ECDSA-SHAxxx mechanisms are also enabled.
Commit: 285db1ef298bb7d78ccf16cbb644a0e6b79584e6
https://github.com/OpenSC/OpenSC/commit/285db1ef298bb7d78ccf16cbb644a0e6b79584e6
Author: Doug Engert <dee...@gm...>
Date: 2021-01-24 (Sun, 24 Jan 2021)
Changed paths:
M src/libopensc/card-myeid.c
M src/libopensc/pkcs15-sec.c
M src/pkcs11/framework-pkcs15.c
M src/pkcs11/openssl.c
Log Message:
-----------
ECDSA Signatures with hashes
This PR is based on discussion with @popovec in
https://github.com/OpenSC/OpenSC/issues/2181
and https://github.com/OpenSC/OpenSC/pull/2187
which was cherry-picked as 5e5300816c8
This has been tested with PIV, MyEID and Smartcard-HSM.
with ECDSA keys.
The main fixes include :
- Setting "flags" in card drivers
- added code to sc_pkcs15-compute-signature for handle ECDSA with hashes
- code in framework-pkcs15.c
Signatures made by pkcs11-tool -sigm verify with openssl
but pkcs11-tool --verify does not work with ECDSA but does with RSA
I suspect it has to do with:
and some then creating the wrong PKCS11 mechanisms
It should work with the epass2003 which does hashes in the driver.
Commit: 521d420c4274cf4b6b97f80f8d56d38dee339ea4
https://github.com/OpenSC/OpenSC/commit/521d420c4274cf4b6b97f80f8d56d38dee339ea4
Author: Doug Engert <dee...@gm...>
Date: 2021-01-24 (Sun, 24 Jan 2021)
Changed paths:
M src/pkcs11/openssl.c
Log Message:
-----------
pkcs11 ECDSA verify need rs converted to sequence
The --signature-format openssl in pkcs11-tool does the correct
operation to convert the OpenSSL formated signature to rs for PKCS11
This commit modifies pkcs11/openssl.c to convert back to sequence
for EVP_VerifyFinal
Without this mod the signature file was passed unmodified to
PKCS11, then to EVP_VerifyFinal but this violates PKCS11 standard.
On branch ECDSA-flags
Changes to be committed:
modified: openssl.c
Commit: 0b0deae4be680a180b818c0013237718c45602dc
https://github.com/OpenSC/OpenSC/commit/0b0deae4be680a180b818c0013237718c45602dc
Author: Doug Engert <dee...@gm...>
Date: 2021-01-24 (Sun, 24 Jan 2021)
Changed paths:
M src/pkcs11/framework-pkcs15.c
Log Message:
-----------
unused code removed
On branch ECDSA-flags
Changes to be committed:
modified: framework-pkcs15.c
Compare: https://github.com/OpenSC/OpenSC/compare/5f16ffae848e...0b0deae4be68
|
