Sophie

Sophie

distrib > Mageia > 6 > armv7hl > media > core-updates-src > by-pkgid > f377305e44e06768bce065d0d54c8d8c > files > 3

opensc-0.15.0-2.1.mga6.src.rpm

diff -uNr OpenSC-0.15.0/src/libopensc/card-mcrd.c OpenSC-0.15.0p/src/libopensc/card-mcrd.c
--- OpenSC-0.15.0/src/libopensc/card-mcrd.c	2015-05-16 22:45:40.000000000 +0300
+++ OpenSC-0.15.0p/src/libopensc/card-mcrd.c	2017-10-24 21:53:45.028232208 +0300
@@ -304,7 +304,7 @@
 
 static int mcrd_init(sc_card_t * card)
 {
-	unsigned long flags;
+	unsigned long flags, ext_flags;
 	struct mcrd_priv_data *priv;
 	int r;
 	sc_path_t tmppath;
@@ -329,6 +329,10 @@
 			flags = SC_ALGORITHM_RSA_RAW | SC_ALGORITHM_RSA_HASH_SHA1 | SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_HASH_SHA256;
 			/* EstEID v3.0 has 2048 bit keys */
 			_sc_card_add_rsa_alg(card, 2048, flags, 0);
+
+			flags = SC_ALGORITHM_ECDSA_RAW | SC_ALGORITHM_ECDH_CDH_RAW | SC_ALGORITHM_ECDSA_HASH_NONE;
+			ext_flags = SC_ALGORITHM_EXT_EC_NAMEDCURVE | SC_ALGORITHM_EXT_EC_UNCOMPRESES;
+			_sc_card_add_ec_alg(card, 384, flags, ext_flags, NULL);
 			sc_reset(card, 0);
 
 			sc_format_apdu(card, &apdu, SC_APDU_CASE_3, 0xA4, 0x04, 0x00);
@@ -1183,7 +1187,7 @@
 	if (is_esteid_card(card)) {
 		/* some sanity checks */
 		if (env->flags & SC_SEC_ENV_ALG_PRESENT) {
-			if (env->algorithm != SC_ALGORITHM_RSA)
+			if (env->algorithm != SC_ALGORITHM_RSA && env->algorithm != SC_ALGORITHM_EC)
 				return SC_ERROR_INVALID_ARGUMENTS;
 		}
 		if (!(env->flags & SC_SEC_ENV_KEY_REF_PRESENT)
@@ -1370,7 +1374,7 @@
 	apdu.lc = datalen;
 	apdu.data = data;
 	apdu.datalen = datalen;
-	apdu.le = 0x80;
+	apdu.le = MIN(0x80u, outlen);
 	apdu.resp = out;
 	apdu.resplen = outlen;
 
diff -uNr OpenSC-0.15.0/src/libopensc/pkcs15-esteid.c OpenSC-0.15.0p/src/libopensc/pkcs15-esteid.c
--- OpenSC-0.15.0/src/libopensc/pkcs15-esteid.c	2015-05-16 22:45:40.000000000 +0300
+++ OpenSC-0.15.0p/src/libopensc/pkcs15-esteid.c	2017-10-24 21:53:45.029232207 +0300
@@ -36,6 +36,7 @@
 #include "common/compat_strlcat.h"
 
 #include "internal.h"
+#include "opensc.h"
 #include "pkcs15.h"
 #include "esteid.h"
 
@@ -67,6 +68,7 @@
 	sc_card_t *card = p15card->card;
 	unsigned char buff[128];
 	int r, i;
+	size_t field_length = 0, modulus_length = 0;
 	sc_path_t tmppath;
 
 	set_string (&p15card->tokeninfo->label, "ID-kaart");
@@ -77,7 +79,7 @@
 	r = sc_select_file (card, &tmppath, NULL);
 	SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "select esteid PD failed");
 
-	/* read the serial (document number) */	
+	/* read the serial (document number) */
 	r = sc_read_record (card, SC_ESTEID_PD_DOCUMENT_NR, buff, sizeof(buff), SC_RECORD_BY_REC_NR);
 	SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "read document number failed");
 	buff[r] = '\0';
@@ -96,10 +98,10 @@
 			"3f00eeeeaace",
 			"3f00eeeeddce"};
 		static int esteid_cert_ids[2] = {1, 2};
-			
+
 		struct sc_pkcs15_cert_info cert_info;
 		struct sc_pkcs15_object cert_obj;
-		
+
 		memset(&cert_info, 0, sizeof(cert_info));
 		memset(&cert_obj, 0, sizeof(cert_obj));
 
@@ -118,6 +120,10 @@
 			char cardholder_name[64];
 			unsigned char *tmp = NULL;
 			r = sc_pkcs15_read_certificate(p15card, &cert_info, &cert);
+			if (cert->key->algorithm == SC_ALGORITHM_EC)
+				field_length = cert->key->u.ec.params.field_length;
+			else
+				modulus_length = cert->key->u.rsa.modulus.len * 8;
 			if (r == SC_SUCCESS) {
 				mem = BIO_new_mem_buf(cert->data.value, cert->data.len);
 				if (!mem) {
@@ -183,16 +189,16 @@
 
 		memset(&pin_info, 0, sizeof(pin_info));
 		memset(&pin_obj, 0, sizeof(pin_obj));
-		
+
 		/* read the number of tries left for the PIN */
 		r = sc_read_record (card, i + 1, buff, sizeof(buff), SC_RECORD_BY_REC_NR);
 		if (r < 0)
 			return SC_ERROR_INTERNAL;
 		tries_left = buff[5];
-		
+
 		pin_info.auth_id.len = 1;
 		pin_info.auth_id.value[0] = esteid_pin_authid[i];
-		pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;	
+		pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
 		pin_info.attrs.pin.reference = esteid_pin_ref[i];
 		pin_info.attrs.pin.flags = esteid_pin_flags[i];
 		pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC;
@@ -216,16 +222,11 @@
 		if (r < 0)
 			return SC_ERROR_INTERNAL;
 	}
-	
+
 	/* add private keys */
 	for (i = 0; i < 2; i++) {
 		static int prkey_pin[2] = {1, 2};
-		static int prkey_usage[2] = {
-			SC_PKCS15_PRKEY_USAGE_ENCRYPT
-			| SC_PKCS15_PRKEY_USAGE_DECRYPT
-			| SC_PKCS15_PRKEY_USAGE_SIGN,
-			SC_PKCS15_PRKEY_USAGE_NONREPUDIATION};
-			
+
 		static const char *prkey_name[2] = {
 			"Isikutuvastus",
 			"Allkirjastamine"};
@@ -235,16 +236,19 @@
 
 		memset(&prkey_info, 0, sizeof(prkey_info));
 		memset(&prkey_obj, 0, sizeof(prkey_obj));
-		
+
 		prkey_info.id.len = 1;
 		prkey_info.id.value[0] = prkey_pin[i];
-		prkey_info.usage  = prkey_usage[i];
 		prkey_info.native = 1;
 		prkey_info.key_reference = i + 1;
-		if (card->type == SC_CARD_TYPE_MCRD_ESTEID_V30)
-			prkey_info.modulus_length = 2048;
+		prkey_info.field_length = field_length;
+		prkey_info.modulus_length = modulus_length;
+		if (i == 1)
+			prkey_info.usage = SC_PKCS15_PRKEY_USAGE_NONREPUDIATION;
+		else if(field_length > 0) // ECC has only sign usage
+			prkey_info.usage = SC_PKCS15_PRKEY_USAGE_SIGN;
 		else
-			prkey_info.modulus_length = 1024;	
+			prkey_info.usage = SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_DECRYPT;
 
 		strlcpy(prkey_obj.label, prkey_name[i], sizeof(prkey_obj.label));
 		prkey_obj.auth_id.len = 1;
@@ -252,7 +256,10 @@
 		prkey_obj.user_consent = 0;
 		prkey_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE;
 
-		r = sc_pkcs15emu_add_rsa_prkey(p15card, &prkey_obj, &prkey_info);
+		if(field_length > 0)
+			r = sc_pkcs15emu_add_ec_prkey(p15card, &prkey_obj, &prkey_info);
+		else
+			r = sc_pkcs15emu_add_rsa_prkey(p15card, &prkey_obj, &prkey_info);
 		if (r < 0)
 			return SC_ERROR_INTERNAL;
 	}
@@ -264,7 +271,7 @@
 {
 	if (is_esteid_card(p15card->card))
 		return SC_SUCCESS;
-	else		
+	else
 		return SC_ERROR_WRONG_CARD;
 }

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional