openpgp: add nistp256 and secp251k1 curves for gnuk devices
This commit is contained in:
parent
f14043aad6
commit
3af3d0ecee
|
@ -62,7 +62,7 @@ static const struct sc_atr_table pgp_atrs[] = {
|
||||||
{
|
{
|
||||||
"3b:da:11:ff:81:b1:fe:55:1f:03:00:31:84:73:80:01:80:00:90:00:e4",
|
"3b:da:11:ff:81:b1:fe:55:1f:03:00:31:84:73:80:01:80:00:90:00:e4",
|
||||||
"ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:00:ff:ff:00",
|
"ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:00:ff:ff:00",
|
||||||
"Gnuk v1.0.x (OpenPGP v2.0)", SC_CARD_TYPE_OPENPGP_GNUK, 0, NULL
|
"Gnuk v1.x.x (OpenPGP v2.0)", SC_CARD_TYPE_OPENPGP_GNUK, 0, NULL
|
||||||
},
|
},
|
||||||
{ "3b:fc:13:00:00:81:31:fe:15:59:75:62:69:6b:65:79:4e:45:4f:72:33:e1", NULL, "Yubikey NEO (OpenPGP v2.0)", SC_CARD_TYPE_OPENPGP_V2, 0, NULL },
|
{ "3b:fc:13:00:00:81:31:fe:15:59:75:62:69:6b:65:79:4e:45:4f:72:33:e1", NULL, "Yubikey NEO (OpenPGP v2.0)", SC_CARD_TYPE_OPENPGP_V2, 0, NULL },
|
||||||
{ "3b:f8:13:00:00:81:31:fe:15:59:75:62:69:6b:65:79:34:d4", NULL, "Yubikey 4 (OpenPGP v2.1)", SC_CARD_TYPE_OPENPGP_V2, 0, NULL },
|
{ "3b:f8:13:00:00:81:31:fe:15:59:75:62:69:6b:65:79:34:d4", NULL, "Yubikey 4 (OpenPGP v2.1)", SC_CARD_TYPE_OPENPGP_V2, 0, NULL },
|
||||||
|
@ -171,6 +171,22 @@ static struct pgp_supported_ec_curves {
|
||||||
{{{-1}}, 0, {{0x0}}} /* This entry must not be touched. */
|
{{{-1}}, 0, {{0x0}}} /* This entry must not be touched. */
|
||||||
};
|
};
|
||||||
|
|
||||||
|
static struct pgp_supported_ec_curves_gnuk {
|
||||||
|
struct sc_object_id oid;
|
||||||
|
size_t size;
|
||||||
|
struct sc_object_id oid_binary;
|
||||||
|
} ec_curves_gnuk[] = {
|
||||||
|
{{{1, 2, 840, 10045, 3, 1, 7, -1}}, 256,
|
||||||
|
{{0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, -1}}}, /* ansiX9p256r1 */
|
||||||
|
{{{1, 3, 132, 0, 10, -1}}, 256,
|
||||||
|
{{0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x0A, -1}}}, /* secp256k1 */
|
||||||
|
/*{{{1, 3, 6, 1, 4, 1, 3029, 1, 5, 1, -1}}, 256,
|
||||||
|
{{0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x97, 0x55, 0x01, 0x05, 0x01, -1}}}, //cv25519
|
||||||
|
{{{1, 3, 6, 1, 4, 1, 11591, 15, 1, -1}}, 256,
|
||||||
|
{{0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA, 0x47, 0x0F, 0x01, -1}}}, // ed25519 */
|
||||||
|
{{{-1}}, 0, {{0x0}}} /* This entry must not be touched. */
|
||||||
|
};
|
||||||
|
|
||||||
typedef struct pgp_blob {
|
typedef struct pgp_blob {
|
||||||
struct pgp_blob * next; /* pointer to next sibling */
|
struct pgp_blob * next; /* pointer to next sibling */
|
||||||
struct pgp_blob * parent; /* pointer to parent */
|
struct pgp_blob * parent; /* pointer to parent */
|
||||||
|
@ -637,10 +653,12 @@ pgp_init(sc_card_t *card)
|
||||||
break;
|
break;
|
||||||
case SC_CARD_TYPE_OPENPGP_GNUK:
|
case SC_CARD_TYPE_OPENPGP_GNUK:
|
||||||
_sc_card_add_rsa_alg(card, 2048, flags_rsa, 0);
|
_sc_card_add_rsa_alg(card, 2048, flags_rsa, 0);
|
||||||
/* TODO add ECC for more recent Gnuk (1.2.x)
|
/* Gnuk supports NIST, SECG and Curve25519 since version 1.2 */
|
||||||
* these are not include in SC_CARD_TYPE_OPENPGP_GNUK, but
|
for (i=0; ec_curves_gnuk[i].oid.value[0] >= 0; i++)
|
||||||
* are treated like SC_CARD_TYPE_OPENPGP_V2
|
{
|
||||||
* Gnuk supports NIST, SECG and Curve25519 from version 1.2.x on */
|
_sc_card_add_ec_alg(card, ec_curves_gnuk[i].size,
|
||||||
|
flags_ecc, ext_flags, &ec_curves_gnuk[i].oid);
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
case SC_CARD_TYPE_OPENPGP_V2:
|
case SC_CARD_TYPE_OPENPGP_V2:
|
||||||
default:
|
default:
|
||||||
|
@ -2744,9 +2762,10 @@ pgp_update_card_algorithms(sc_card_t *card, sc_cardctl_openpgp_keygen_info_t *ke
|
||||||
|
|
||||||
LOG_FUNC_CALLED(card->ctx);
|
LOG_FUNC_CALLED(card->ctx);
|
||||||
|
|
||||||
/* protect older cards against non-RSA */
|
/* protect incompatible cards against non-RSA */
|
||||||
if (key_info->algorithm != SC_OPENPGP_KEYALGO_RSA
|
if (key_info->algorithm != SC_OPENPGP_KEYALGO_RSA
|
||||||
&& card->type < SC_CARD_TYPE_OPENPGP_V3)
|
&& card->type < SC_CARD_TYPE_OPENPGP_V3
|
||||||
|
&& card->type != SC_CARD_TYPE_OPENPGP_GNUK)
|
||||||
LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED);
|
LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED);
|
||||||
|
|
||||||
if (id > card->algorithm_count) {
|
if (id > card->algorithm_count) {
|
||||||
|
@ -2791,9 +2810,10 @@ pgp_gen_key(sc_card_t *card, sc_cardctl_openpgp_keygen_info_t *key_info)
|
||||||
|
|
||||||
LOG_FUNC_CALLED(card->ctx);
|
LOG_FUNC_CALLED(card->ctx);
|
||||||
|
|
||||||
/* protect older cards against non-RSA */
|
/* protect incompatible cards against non-RSA */
|
||||||
if (key_info->algorithm != SC_OPENPGP_KEYALGO_RSA
|
if (key_info->algorithm != SC_OPENPGP_KEYALGO_RSA
|
||||||
&& card->type < SC_CARD_TYPE_OPENPGP_V3)
|
&& card->type < SC_CARD_TYPE_OPENPGP_V3
|
||||||
|
&& card->type != SC_CARD_TYPE_OPENPGP_GNUK)
|
||||||
LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED);
|
LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED);
|
||||||
|
|
||||||
/* set Control Reference Template for key */
|
/* set Control Reference Template for key */
|
||||||
|
@ -2808,10 +2828,6 @@ pgp_gen_key(sc_card_t *card, sc_cardctl_openpgp_keygen_info_t *key_info)
|
||||||
"Invalid key ID; must be 1, 2, or 3");
|
"Invalid key ID; must be 1, 2, or 3");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && key_info->u.rsa.modulus_len != 2048)
|
|
||||||
LOG_TEST_RET(card->ctx, SC_ERROR_INVALID_ARGUMENTS,
|
|
||||||
"Gnuk only supports generating keys up to 2048-bit");
|
|
||||||
|
|
||||||
/* set attributes for new-generated key */
|
/* set attributes for new-generated key */
|
||||||
r = pgp_update_new_algo_attr(card, key_info);
|
r = pgp_update_new_algo_attr(card, key_info);
|
||||||
LOG_TEST_RET(card->ctx, r, "Cannot set attributes for new-generated key");
|
LOG_TEST_RET(card->ctx, r, "Cannot set attributes for new-generated key");
|
||||||
|
@ -3150,9 +3166,10 @@ pgp_store_key(sc_card_t *card, sc_cardctl_openpgp_keystore_info_t *key_info)
|
||||||
|
|
||||||
LOG_FUNC_CALLED(card->ctx);
|
LOG_FUNC_CALLED(card->ctx);
|
||||||
|
|
||||||
/* protect older cards against non-RSA */
|
/* protect incompatible cards against non-RSA */
|
||||||
if (key_info->algorithm != SC_OPENPGP_KEYALGO_RSA
|
if (key_info->algorithm != SC_OPENPGP_KEYALGO_RSA
|
||||||
&& card->type < SC_CARD_TYPE_OPENPGP_V3)
|
&& card->type < SC_CARD_TYPE_OPENPGP_V3
|
||||||
|
&& card->type != SC_CARD_TYPE_OPENPGP_GNUK)
|
||||||
LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED);
|
LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED);
|
||||||
|
|
||||||
/* Validate */
|
/* Validate */
|
||||||
|
|
Loading…
Reference in New Issue