giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

IASECC: proper pkcs15init of Algo_refs 

For some Private RSA Keys, their Algo_refs remain empty:
$ pkcs15-tool -k --verify-pin  --pin 1234
Using reader with a card: ACS ACR33U-A1 3SAM ICC Reader 00 00
Private RSA Key [CPS_PRIV_SIG]
	Object Flags   : [0x01], private
	Usage          : [0x200], nonRepudiation
	Access Flags   : [0x0D], sensitive, alwaysSensitive, neverExtract
	Algo_refs      : 0
	Access Rules   : pso_cds:01;
	ModLength      : 2048
	Key ref        : 129 (0x81)
	Native         : yes
	Path           : e828bd080f8025000001ff0010::
	Auth ID        : 01
	ID             : e828bd080f8025000001ff001001
	MD:guid        : e7aab727-f2af-e673-37bb-7d43867a6349

Private RSA Key [CPS_PRIV_AUT]
	Object Flags   : [0x07], private, modifiable
	Usage          : [0x06], decrypt, sign
	Access Flags   : [0x0D], sensitive, alwaysSensitive, neverExtract
	Algo_refs      : 6, 3, 4
	Access Rules   : pso_decrypt:01; int_auth:01;
	ModLength      : 2048
	Key ref        : 130 (0x82)
	Native         : yes
	Path           : e828bd080f8025000001ff0010::
	Auth ID        : 01
	ID             : e828bd080f8025000001ff001002
	MD:guid        : 2b6bf284-225c-80bc-8cbe-1c791db33543

Based on Usage : [0x200], nonRepudiation the SC_PKCS15_PRKEY_USAGE_NONREPUDIATION
may be set but not the SC_PKCS15_PRKEY_USAGE_SIGN so line 801 is never tested.

Having just SC_PKCS15_PRKEY_USAGE_NONREPUDIATION set and not doing anything does not
make any sense for any card.

Suggested-by: Doug Engert <deengert@gmail.com>
Fix: issue #2270
This commit is contained in:
Vincent JARDIN 2021-03-27 14:09:49 +00:00 committed by Frank Morgner
parent 544aa4cc6b
commit 405ecfc402
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/pkcs15init/pkcs15-iasecc.c
View File

@ -801,7 +801,8 @@ iasecc_pkcs15_encode_supported_algos(struct sc_pkcs15_card *p15card, struct sc_p
LOG_TEST_RET(ctx, rv, "cannot add supported algorithm DECIPHER:CKM_RSA_PKCS");
}
if (prkey_info->usage & SC_PKCS15_PRKEY_USAGE_SIGN) {
if (prkey_info->usage & (SC_PKCS15_PRKEY_USAGE_SIGN |
SC_PKCS15_PRKEY_USAGE_NONREPUDIATION)) {
if (prkey_info->usage & SC_PKCS15_PRKEY_USAGE_NONREPUDIATION) {
algo = sc_pkcs15_get_supported_algo(p15card, SC_PKCS15_ALGO_OP_COMPUTE_SIGNATURE, CKM_SHA1_RSA_PKCS);
rv = sc_pkcs15_add_supported_algo_ref(object, algo);