move checks to pkcs15_bind, where we can look at the config.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3545 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
f4e8c61c50
commit
29d78fde39
|
@ -675,44 +675,6 @@ static int sc_pkcs15_bind_internal(sc_pkcs15_card_t *p15card)
|
|||
p15card->seInfo = tokeninfo.seInfo;
|
||||
p15card->num_seInfo = tokeninfo.num_seInfo;
|
||||
|
||||
/* for cardos cards initialized by Siemens: sign with decrypt */
|
||||
if (strcmp(p15card->card->driver->short_name,"cardos") == 0
|
||||
&& ( strcmp(p15card->manufacturer_id,"Siemens AG (C)") == 0
|
||||
|| strcmp(p15card->manufacturer_id,"Prime") == 0 ))
|
||||
p15card->flags |= SC_PKCS15_CARD_FLAG_SIGN_WITH_DECRYPT;
|
||||
|
||||
/* set special flags based on card meta data */
|
||||
if (strcmp(p15card->card->driver->short_name,"cardos") == 0) {
|
||||
|
||||
/* D-Trust cards (D-TRUST, D-SIGN) */
|
||||
if (strstr(p15card->label,"D-TRUST") == 0
|
||||
|| strstr(p15card->label,"D-SIGN") == 0) {
|
||||
|
||||
/* D-TRUST Card 2.0 2cc (standard cards, which always add
|
||||
* SHA1 prefix itself */
|
||||
if (strstr(p15card->label, "2cc") != NULL) {
|
||||
p15card->card->caps |= SC_CARD_CAP_ONLY_RAW_HASH_STRIPPED;
|
||||
p15card->flags &= ~SC_PKCS15_CARD_FLAG_SIGN_WITH_DECRYPT;
|
||||
sc_debug(p15card->card->ctx, "D-TRUST 2cc card detected, only SHA1 works with this card\n");
|
||||
/* XXX: add detection when other hash than SHA1 is used with
|
||||
* such a card, as this produces invalid signatures.
|
||||
*/
|
||||
}
|
||||
|
||||
/* D-SIGN multicard 2.0 2ca (cards working with all types of hashes
|
||||
* and no addition of prefix) */
|
||||
else if (strstr(p15card->label, "2ca") != NULL) {
|
||||
p15card->card->caps |= SC_CARD_CAP_ONLY_RAW_HASH;
|
||||
p15card->flags &= ~SC_PKCS15_CARD_FLAG_SIGN_WITH_DECRYPT;
|
||||
sc_debug(p15card->card->ctx, "D-TRUST 2ca card detected\n");
|
||||
}
|
||||
|
||||
/* XXX: probably there are more D-Trust card in the wild,
|
||||
* which also need these flags to produce valid signatures
|
||||
*/
|
||||
}
|
||||
}
|
||||
|
||||
ok = 1;
|
||||
end:
|
||||
if(buf != NULL)
|
||||
|
@ -784,6 +746,44 @@ int sc_pkcs15_bind(sc_card_t *card,
|
|||
goto error;
|
||||
}
|
||||
done:
|
||||
/* for cardos cards initialized by Siemens: sign with decrypt */
|
||||
if (strcmp(p15card->card->driver->short_name,"cardos") == 0
|
||||
&& ( strcmp(p15card->manufacturer_id,"Siemens AG (C)") == 0
|
||||
|| strcmp(p15card->manufacturer_id,"Prime") == 0 ))
|
||||
p15card->flags |= SC_PKCS15_CARD_FLAG_SIGN_WITH_DECRYPT;
|
||||
|
||||
/* set special flags based on card meta data */
|
||||
if (strcmp(p15card->card->driver->short_name,"cardos") == 0) {
|
||||
|
||||
/* D-Trust cards (D-TRUST, D-SIGN) */
|
||||
if (strstr(p15card->label,"D-TRUST") == 0
|
||||
|| strstr(p15card->label,"D-SIGN") == 0) {
|
||||
|
||||
/* D-TRUST Card 2.0 2cc (standard cards, which always add
|
||||
* SHA1 prefix itself */
|
||||
if (strstr(p15card->label, "2cc") != NULL) {
|
||||
p15card->card->caps |= SC_CARD_CAP_ONLY_RAW_HASH_STRIPPED;
|
||||
p15card->flags &= ~SC_PKCS15_CARD_FLAG_SIGN_WITH_DECRYPT;
|
||||
sc_debug(p15card->card->ctx, "D-TRUST 2cc card detected, only SHA1 works with this card\n");
|
||||
/* XXX: add detection when other hash than SHA1 is used with
|
||||
* such a card, as this produces invalid signatures.
|
||||
*/
|
||||
}
|
||||
|
||||
/* D-SIGN multicard 2.0 2ca (cards working with all types of hashes
|
||||
* and no addition of prefix) */
|
||||
else if (strstr(p15card->label, "2ca") != NULL) {
|
||||
p15card->card->caps |= SC_CARD_CAP_ONLY_RAW_HASH;
|
||||
p15card->flags &= ~SC_PKCS15_CARD_FLAG_SIGN_WITH_DECRYPT;
|
||||
sc_debug(p15card->card->ctx, "D-TRUST 2ca card detected\n");
|
||||
}
|
||||
|
||||
/* XXX: probably there are more D-Trust card in the wild,
|
||||
* which also need these flags to produce valid signatures
|
||||
*/
|
||||
}
|
||||
}
|
||||
|
||||
*p15card_out = p15card;
|
||||
sc_unlock(card);
|
||||
return 0;
|
||||
|
|
Loading…
Reference in New Issue