Sign by using the decrypt function.

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3223 c6295689-39f2-0310-b995-f0e70906c6a9
2007-07-20 12:19:27 +00:00 · 2007-07-20 12:19:27 +00:00 · 14bc32dda2
parent 60e3e1e683
commit 14bc32dda2
4 changed files with 34 additions and 0 deletions
--- a/3
+++ b/3
@ -6,6 +6,9 @@ http://www.opensc-project.org/opensc/wiki/WhatsNew
 Also see the svn changelog using svn command
 or doc/ChangeLog.

+New in 0.11.4; 2007-??-??; Andreas Jellinghaus
+* Support Siemens CardOS initialized cards (signing with decryption)
+
 New in 0.11.3; 2007-07-11; Andreas Jellinghaus
 * added regression test for raw rsa (crypt0007).
 * regression suite can now use installed binaries with --installed.
--- a/src/libopensc/pkcs15-sec.c
+++ b/src/libopensc/pkcs15-sec.c
@ -148,6 +148,31 @@ int sc_pkcs15_compute_signature(struct sc_pkcs15_card *p15card,
 	unsigned long pad_flags = 0, sec_flags = 0;

 	SC_FUNC_CALLED(ctx, 1);
+
+	/* some strange cards/setups need decrypt to sign ... */
+	if (p15card->flags & SC_PKCS15_CARD_FLAG_SIGN_WITH_DECRYPT) {
+		if (flags & SC_ALGORITHM_RSA_RAW) {
+			return sc_pkcs15_decipher(p15card, obj,flags,
+				in, inlen, out, outlen);
+		}
+		size_t tmplen = sizeof(buf);
+		if (modlen > tmplen) {
+			sc_error(ctx, "Buffer too small, needs recompile!\n");
+			return SC_ERROR_NOT_ALLOWED;
+		}
+		r = sc_pkcs1_encode(ctx, flags, in, inlen, buf, &tmplen, modlen);
+
+		/* no padding needed - already done */
+		flags &= ~SC_ALGORITHM_RSA_PADS;
+		/* instead use raw rsa */
+		flags |= SC_ALGORITHM_RSA_RAW;
+
+		SC_TEST_RET(ctx, r, "Unable to add padding");
+		r = sc_pkcs15_decipher(p15card, obj,flags, buf, modlen,
+			out, outlen);
+		return r;
+	}
+
 	/* If the key is extractable, the caller should extract the
 	 * key and do the crypto himself */
 	if (!prkey->native)
--- a/src/libopensc/pkcs15.c
+++ b/src/libopensc/pkcs15.c
@ -675,6 +675,11 @@ static int sc_pkcs15_bind_internal(sc_pkcs15_card_t *p15card)
 	p15card->seInfo          = tokeninfo.seInfo;
 	p15card->num_seInfo      = tokeninfo.num_seInfo;

+	/* for cardos cards initialized by Siemens: sign with decrypt */
+	if (strcmp(p15card->card->driver->short_name,"cardos") == 0
+		&& strcmp(p15card->manufacturer_id,"Siemens AG (C)") == 0)
+		p15card->flags |= SC_PKCS15_CARD_FLAG_SIGN_WITH_DECRYPT;
+
 	ok = 1;
 end:
 	if(buf != NULL)
--- a/src/libopensc/pkcs15.h
+++ b/src/libopensc/pkcs15.h
@ -398,6 +398,7 @@ typedef struct sc_pkcs15_card {
 #define SC_PKCS15_CARD_FLAG_LOGIN_REQUIRED	0x02
 #define SC_PKCS15_CARD_FLAG_PRN_GENERATION	0x04
 #define SC_PKCS15_CARD_FLAG_EID_COMPLIANT	0x08
+#define SC_PKCS15_CARD_FLAG_SIGN_WITH_DECRYPT	0x10

 /* sc_pkcs15_bind:  Binds a card object to a PKCS #15 card object
 * and initializes a new PKCS #15 card object.  Will return