From 41edcaa413988daef1810a0e5ab198f86cdedc2f Mon Sep 17 00:00:00 2001
From: Vincent JARDIN <vjardin@free.fr>
Date: Tue, 2 Feb 2021 23:50:56 +0000
Subject: [PATCH] IASECC/CPX: proper set of RSA support

The previous commit was over simplified. According to the known
mechanism, we should have the following scope:

./pkcs11-tool --module ../lib/onepin-opensc-pkcs11.so -M
Using slot 0 with a present token (0x0)
Supported mechanisms:
  SHA-1, digest
  SHA224, digest
  SHA256, digest
  SHA384, digest
  SHA512, digest
  MD5, digest
  RIPEMD160, digest
  GOSTR3411, digest
  RSA-X-509, keySize={512,2048}, hw, decrypt, sign, verify
  RSA-PKCS, keySize={512,2048}, hw, decrypt, sign, verify
  SHA1-RSA-PKCS, keySize={512,2048}, sign, verify
  SHA256-RSA-PKCS, keySize={512,2048}, sign, verify
  RSA-PKCS-PSS, keySize={512,2048}, hw, sign, verify
  SHA1-RSA-PKCS-PSS, keySize={512,2048}, sign, verify
  SHA256-RSA-PKCS-PSS, keySize={512,2048}, sign, verify

do not use the default flags yet:
  _sc_card_add_rsa_alg(card, 1024, IASECC_CARD_DEFAULT_FLAGS, 0x10001);
  _sc_card_add_rsa_alg(card, 2048, IASECC_CARD_DEFAULT_FLAGS, 0x10001);
  _sc_card_add_rsa_alg(card, 512, IASECC_CARD_DEFAULT_FLAGS, 0x10001);

Contactless specific behaviour shall be added later on.
---
 src/libopensc/card-iasecc.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/src/libopensc/card-iasecc.c b/src/libopensc/card-iasecc.c
index c644a6fb..9e5973f5 100644
--- a/src/libopensc/card-iasecc.c
+++ b/src/libopensc/card-iasecc.c
@@ -612,13 +612,23 @@ static int
 iasecc_init_cpx(struct sc_card *card)
 {
 	struct sc_context *ctx = card->ctx;
+	unsigned int flags; /* TBC it is not IASECC_CARD_DEFAULT_FLAGS */
 
 	LOG_FUNC_CALLED(ctx);
 
-	LOG_TEST_RET(ctx, sc_enum_apps(card), "Enumerate apps failed");
+	card->caps = SC_CARD_CAP_RNG; /* TBC it is not IASECC_CARD_DEFAULT_CAPS */
 
-	_sc_card_add_rsa_alg(card, 1024, IASECC_CARD_DEFAULT_FLAGS, 0x10001);
-	_sc_card_add_rsa_alg(card, 2048, IASECC_CARD_DEFAULT_FLAGS, 0x10001);
+	flags = SC_ALGORITHM_RSA_PAD_PKCS1;
+	flags |= SC_ALGORITHM_RSA_RAW;
+
+	flags |= SC_ALGORITHM_RSA_HASH_SHA1    |
+	         SC_ALGORITHM_RSA_HASH_SHA256;
+
+	_sc_card_add_rsa_alg(card, 512, flags, 0);
+	_sc_card_add_rsa_alg(card, 1024, flags, 0);
+	_sc_card_add_rsa_alg(card, 2048, flags, 0);
+
+	LOG_TEST_RET(ctx, sc_enum_apps(card), "Enumerate apps failed");
 
 	LOG_FUNC_RETURN(ctx, SC_SUCCESS);
 }