From 24d6c30dcfec00c425360414b2b75336a42982e8 Mon Sep 17 00:00:00 2001 From: 0xdebe Date: Thu, 29 Jul 2021 17:13:01 +0200 Subject: [PATCH 1/3] fix Key Lenght for ST2021 --- src/libopensc/card-itacns.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/libopensc/card-itacns.c b/src/libopensc/card-itacns.c index bf085cafbc..52e144f194 100644 --- a/src/libopensc/card-itacns.c +++ b/src/libopensc/card-itacns.c @@ -105,7 +105,7 @@ static int itacns_match_cns_card(sc_card_t *card, unsigned int i) DRVDATA(card)->cns_version = atr[i]; } /* Warn if the version is not 1.0. */ - if(atr[i] != 0x10) { + if(atr[i] != 0x10 && atr[i] != 0x11) { char version[8]; snprintf(version, sizeof(version), "%d.%d", (atr[i] >> 4) & 0x0f, atr[i] & 0x0f); sc_log(card->ctx, "CNS card version %s; no official specifications " @@ -219,8 +219,13 @@ static int itacns_init(sc_card_t *card) | SC_ALGORITHM_RSA_RAW | SC_ALGORITHM_RSA_HASHES ; + _sc_card_add_rsa_alg(card, 1024, flags, 0); + if (DRVDATA(card)->cns_version == 0x11) { + card->caps |= SC_CARD_CAP_APDU_EXT; + _sc_card_add_rsa_alg(card, 2048, flags, 0); + } return SC_SUCCESS; } From 9a38cd36c2823efb2b7615902e7cbef0534da1aa Mon Sep 17 00:00:00 2001 From: 0xdebe Date: Thu, 29 Jul 2021 17:13:16 +0200 Subject: [PATCH 2/3] fix Modulus Lenght for ST2021 --- src/libopensc/pkcs15-itacns.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/src/libopensc/pkcs15-itacns.c b/src/libopensc/pkcs15-itacns.c index 9c9b40a591..875b12276d 100644 --- a/src/libopensc/pkcs15-itacns.c +++ b/src/libopensc/pkcs15-itacns.c @@ -283,7 +283,16 @@ static int itacns_add_pubkey(sc_pkcs15_card_t *p15card, * This is hard-coded, unless unforeseen versions of the CNS * turn up sometime. */ - info.modulus_length = 1024; + + /* This is the unforseen version :D */ + if (((itacns_drv_data_t *) p15card->card->drv_data)->cns_version == 0x11) { + info.modulus_length = 2048; + } + else { + info.modulus_length = 1024; + } + + *modulus_len_out = info.modulus_length; r = sc_pkcs15emu_add_rsa_pubkey(p15card, &obj, &info); @@ -590,6 +599,10 @@ static int itacns_add_keyset(sc_pkcs15_card_t *p15card, /* This is hard-coded, for the time being. */ int modulus_length = 1024; + /* it's a ST2021? */ + if (((itacns_drv_data_t *) p15card->card->drv_data)->cns_version == 0x11) { + modulus_length = 2048; + } /* Public key; not really needed */ /* FIXME: set usage according to the certificate. */ From 03707e182235ce9f83d3847e33f4fb4e38eebe42 Mon Sep 17 00:00:00 2001 From: 0xdebe Date: Sat, 31 Jul 2021 16:25:58 +0200 Subject: [PATCH 3/3] fix modulus len --- src/libopensc/card-itacns.c | 2 +- src/libopensc/pkcs15-itacns.c | 43 ++++++++++++----------------------- 2 files changed, 15 insertions(+), 30 deletions(-) diff --git a/src/libopensc/card-itacns.c b/src/libopensc/card-itacns.c index 52e144f194..b26f9d3317 100644 --- a/src/libopensc/card-itacns.c +++ b/src/libopensc/card-itacns.c @@ -104,7 +104,7 @@ static int itacns_match_cns_card(sc_card_t *card, unsigned int i) if(card->driver) { DRVDATA(card)->cns_version = atr[i]; } - /* Warn if the version is not 1.0. */ + /* Warn if version is not 1.X. */ if(atr[i] != 0x10 && atr[i] != 0x11) { char version[8]; snprintf(version, sizeof(version), "%d.%d", (atr[i] >> 4) & 0x0f, atr[i] & 0x0f); diff --git a/src/libopensc/pkcs15-itacns.c b/src/libopensc/pkcs15-itacns.c index 875b12276d..afdf459c4e 100644 --- a/src/libopensc/pkcs15-itacns.c +++ b/src/libopensc/pkcs15-itacns.c @@ -189,7 +189,7 @@ static int loadFile(const sc_pkcs15_card_t *p15card, const sc_path_t *path, static int itacns_add_cert(sc_pkcs15_card_t *p15card, int type, int authority, const sc_path_t *path, const sc_pkcs15_id_t *id, const char *label, int obj_flags, - int *ext_info_ok, int *key_usage, int *x_key_usage) + int *ext_info_ok, int *key_usage, int *x_key_usage, int *modulus_len) { int r; /* const char *label = "Certificate"; */ @@ -237,6 +237,11 @@ static int itacns_add_cert(sc_pkcs15_card_t *p15card, const u8 *throwaway = cert->data.value; x509 = d2i_X509(NULL, &throwaway, cert->data.len); } + + if (cert->key && cert->key->algorithm == SC_ALGORITHM_RSA) { + *modulus_len = cert->key->u.rsa.modulus.len * 8; + } + sc_pkcs15_free_certificate(cert); if (!x509) return SC_SUCCESS; X509_check_purpose(x509, -1, 0); @@ -260,7 +265,7 @@ static int itacns_add_cert(sc_pkcs15_card_t *p15card, static int itacns_add_pubkey(sc_pkcs15_card_t *p15card, const sc_path_t *path, const sc_pkcs15_id_t *id, const char *label, - int usage, int ref, int obj_flags, int *modulus_len_out) + int usage, int ref, int obj_flags, int modulus_len) { int r; sc_pkcs15_pubkey_info_t info; @@ -279,22 +284,8 @@ static int itacns_add_pubkey(sc_pkcs15_card_t *p15card, strlcpy(obj.label, label, sizeof(obj.label)); obj.flags = obj_flags; - /* - * This is hard-coded, unless unforeseen versions of the CNS - * turn up sometime. - */ - - /* This is the unforseen version :D */ - if (((itacns_drv_data_t *) p15card->card->drv_data)->cns_version == 0x11) { - info.modulus_length = 2048; - } - else { - info.modulus_length = 1024; - } + info.modulus_length = modulus_len; - - - *modulus_len_out = info.modulus_length; r = sc_pkcs15emu_add_rsa_pubkey(p15card, &obj, &info); LOG_TEST_RET(p15card->card->ctx, r, "Could not add pub key"); @@ -589,7 +580,7 @@ static int itacns_add_keyset(sc_pkcs15_card_t *p15card, const char *label, int sec_env, sc_pkcs15_id_t *cert_id, const char *pubkey_path, const char *prkey_path, unsigned int pubkey_usage_flags, unsigned int prkey_usage_flags, - u8 pin_ref) + u8 pin_ref, int modulus_len) { int r; sc_path_t path; @@ -597,19 +588,13 @@ static int itacns_add_keyset(sc_pkcs15_card_t *p15card, char pinlabel[16]; int fake_puk_authid, pin_flags; - /* This is hard-coded, for the time being. */ - int modulus_length = 1024; - /* it's a ST2021? */ - if (((itacns_drv_data_t *) p15card->card->drv_data)->cns_version == 0x11) { - modulus_length = 2048; - } /* Public key; not really needed */ /* FIXME: set usage according to the certificate. */ if (pubkey_path) { sc_format_path(pubkey_path, &path); r = itacns_add_pubkey(p15card, &path, cert_id, label, - pubkey_usage_flags, sec_env, 0, &modulus_length); + pubkey_usage_flags, sec_env, 0, modulus_len); LOG_TEST_RET(p15card->card->ctx, r, "Could not add public key"); } @@ -623,7 +608,7 @@ static int itacns_add_keyset(sc_pkcs15_card_t *p15card, private_path = &path; } r = itacns_add_prkey(p15card, cert_id, label, SC_PKCS15_TYPE_PRKEY_RSA, - modulus_length, + modulus_len, prkey_usage_flags, private_path, sec_env, cert_id, SC_PKCS15_CO_FLAG_PRIVATE); LOG_TEST_RET(p15card->card->ctx, r, @@ -674,7 +659,7 @@ static int itacns_check_and_add_keyset(sc_pkcs15_card_t *p15card, sc_path_t path; sc_pkcs15_id_t cert_id; int ext_info_ok; - int ku = 0, xku = 0; + int ku = 0, xku = 0, modulus_len = 0; int pubkey_usage_flags = 0, prkey_usage_flags = 0; cert_id.len = 1; @@ -720,7 +705,7 @@ static int itacns_check_and_add_keyset(sc_pkcs15_card_t *p15card, } r = itacns_add_cert(p15card, SC_PKCS15_TYPE_CERT_X509, 0, - &path, &cert_id, label, 0, &ext_info_ok, &ku, &xku); + &path, &cert_id, label, 0, &ext_info_ok, &ku, &xku, &modulus_len); if (r == SC_ERROR_INVALID_ASN1_OBJECT) return 0; LOG_TEST_RET(p15card->card->ctx, r, @@ -765,7 +750,7 @@ static int itacns_check_and_add_keyset(sc_pkcs15_card_t *p15card, r = itacns_add_keyset(p15card, label, sec_env, &cert_id, pubkey_path, prkey_path, pubkey_usage_flags, prkey_usage_flags, - pin_ref); + pin_ref, modulus_len); LOG_TEST_RET(p15card->card->ctx, r, "Could not add keys for this certificate");