[pkg-opensc-commit] [opensc] 227/295: Make CardOS 5.3 working with OpenSC (#1003)
Eric Dorland
eric at moszumanska.debian.org
Sat Jun 24 21:11:34 UTC 2017
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository opensc.
commit 8f3330542174b97570ac9ddd6daf225331d1e016
Author: Jakuje <jakuje at gmail.com>
Date: Wed Apr 5 09:44:34 2017 +0200
Make CardOS 5.3 working with OpenSC (#1003)
* Set security context for CardOS 5.3 with p1=0x41 (as Coolkey does)
* Do not emulate signatures in CardOS 5.3
Remove the bogus SC_ALGORITHM_NEED_USAGE which prevents using the
actual implementation in cardos_compute_signature().
It might be bogus also in previous version, but I don't have a way
to verify against these cards.
* Do not advertise RSA-X-509 mechanism for CardOS 5.3 (card strips padding)
---
src/libopensc/card-cardos.c | 27 +++++++++++++++++++--------
src/libopensc/cards.h | 1 +
2 files changed, 20 insertions(+), 8 deletions(-)
diff --git a/src/libopensc/card-cardos.c b/src/libopensc/card-cardos.c
index e3ac1bf..520afb7 100644
--- a/src/libopensc/card-cardos.c
+++ b/src/libopensc/card-cardos.c
@@ -59,7 +59,7 @@ static struct sc_atr_table cardos_atrs[] = {
/* CardOS v5.0 */
{ "3b:d2:18:00:81:31:fe:58:c9:01:14", NULL, NULL, SC_CARD_TYPE_CARDOS_V5_0, 0, NULL},
/* CardOS v5.3 */
- { "3b:d2:18:00:81:31:fe:58:c9:03:16", NULL, NULL, SC_CARD_TYPE_CARDOS_V5_0, 0, NULL},
+ { "3b:d2:18:00:81:31:fe:58:c9:03:16", NULL, NULL, SC_CARD_TYPE_CARDOS_V5_3, 0, NULL},
{ NULL, NULL, NULL, 0, 0, NULL }
};
@@ -84,6 +84,8 @@ static int cardos_match_card(sc_card_t *card)
return 1;
if (card->type == SC_CARD_TYPE_CARDOS_V5_0)
return 1;
+ if (card->type == SC_CARD_TYPE_CARDOS_V5_3)
+ return 1;
if (card->type == SC_CARD_TYPE_CARDOS_M4_2) {
int rv;
sc_apdu_t apdu;
@@ -175,11 +177,15 @@ static int cardos_init(sc_card_t *card)
card->cla = 0x00;
/* Set up algorithm info. */
- flags = SC_ALGORITHM_NEED_USAGE
- | SC_ALGORITHM_RSA_RAW
- | SC_ALGORITHM_RSA_HASH_NONE
+ flags = SC_ALGORITHM_RSA_HASH_NONE
| SC_ALGORITHM_ONBOARD_KEY_GEN
;
+ if (card->type != SC_CARD_TYPE_CARDOS_V5_3)
+ flags |= SC_ALGORITHM_RSA_RAW
+ | SC_ALGORITHM_NEED_USAGE;
+ else
+ flags |= SC_ALGORITHM_RSA_PAD_PKCS1;
+
_sc_card_add_rsa_alg(card, 512, flags, 0);
_sc_card_add_rsa_alg(card, 768, flags, 0);
_sc_card_add_rsa_alg(card, 1024, flags, 0);
@@ -195,7 +201,8 @@ static int cardos_init(sc_card_t *card)
|| card->type == SC_CARD_TYPE_CARDOS_M4_2B
|| card->type == SC_CARD_TYPE_CARDOS_M4_2C
|| card->type == SC_CARD_TYPE_CARDOS_M4_4
- || card->type == SC_CARD_TYPE_CARDOS_V5_0) {
+ || card->type == SC_CARD_TYPE_CARDOS_V5_0
+ || card->type == SC_CARD_TYPE_CARDOS_V5_3) {
rsa_2048 = 1;
card->caps |= SC_CARD_CAP_APDU_EXT;
}
@@ -230,7 +237,8 @@ static int cardos_init(sc_card_t *card)
_sc_card_add_rsa_alg(card, 2048, flags, 0);
}
- if (card->type == SC_CARD_TYPE_CARDOS_V5_0) {
+ if (card->type == SC_CARD_TYPE_CARDOS_V5_0
+ || card->type == SC_CARD_TYPE_CARDOS_V5_3) {
/* Starting with CardOS 5, the card supports PIN query commands */
card->caps |= SC_CARD_CAP_ISO7816_PIN_INFO;
}
@@ -249,7 +257,7 @@ static const struct sc_card_error cardos_errors[] = {
{ 0x6f82, SC_ERROR_CARD_CMD_FAILED, "not enough memory in xram"},
{ 0x6f84, SC_ERROR_CARD_CMD_FAILED, "general protection fault"},
-/* the card doesn't now thic combination of ins+cla+p1+p2 */
+/* the card doesn't know this combination of ins+cla+p1+p2 */
/* i.e. command will never work */
{ 0x6881, SC_ERROR_NO_CARD_SUPPORT, "logical channel not supported"},
{ 0x6a86, SC_ERROR_INCORRECT_PARAMETERS,"p1/p2 invalid"},
@@ -781,6 +789,8 @@ cardos_set_security_env(sc_card_t *card,
if (card->type == SC_CARD_TYPE_CARDOS_CIE_V1) {
cardos_restore_security_env(card, 0x30);
apdu.p1 = 0xF1;
+ } else if (card->type == SC_CARD_TYPE_CARDOS_V5_3) {
+ apdu.p1 = 0x41;
} else {
apdu.p1 = 0x01;
}
@@ -1239,7 +1249,8 @@ cardos_logout(sc_card_t *card)
|| card->type == SC_CARD_TYPE_CARDOS_M4_2C
|| card->type == SC_CARD_TYPE_CARDOS_M4_3
|| card->type == SC_CARD_TYPE_CARDOS_M4_4
- || card->type == SC_CARD_TYPE_CARDOS_V5_0) {
+ || card->type == SC_CARD_TYPE_CARDOS_V5_0
+ || card->type == SC_CARD_TYPE_CARDOS_V5_3) {
sc_apdu_t apdu;
int r;
sc_path_t path;
diff --git a/src/libopensc/cards.h b/src/libopensc/cards.h
index d9f5cbb..992826c 100644
--- a/src/libopensc/cards.h
+++ b/src/libopensc/cards.h
@@ -47,6 +47,7 @@ enum {
SC_CARD_TYPE_CARDOS_CIE_V1, /* Italian CIE (eID) v1 */
SC_CARD_TYPE_CARDOS_M4_4,
SC_CARD_TYPE_CARDOS_V5_0,
+ SC_CARD_TYPE_CARDOS_V5_3,
/* flex/cyberflex drivers */
SC_CARD_TYPE_FLEX_BASE = 2000,
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/opensc.git
More information about the pkg-opensc-commit
mailing list