giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Truncate data for ECDSA signature to the size of the key 

Based on the paragraph from PKCS#11 MECHANISMS V2.30: 6.3.1 EC Signatures:

	If the length of the hash value is larger than the bit length of n, only
	the leftmost bits of the hash up to the length of n will be used. Any
	truncation is done by the token.

This is affecting NIST PIV Test cards with non-hashed mechanisms.
This commit is contained in:
Jakub Jelen 2016-04-25 10:29:02 +02:00 committed by Jakub Jelen
parent a1fbf46731
commit 587a29b7f5
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/libopensc/pkcs15-sec.c
View File

@ -432,6 +432,16 @@ int sc_pkcs15_compute_signature(struct sc_pkcs15_card *p15card,
}
inlen = modlen;
}
/* PKCS#11 MECHANISMS V2.30: 6.3.1 EC Signatures
* If the length of the hash value is larger than the bit length of n, only
* the leftmost bits of the hash up to the length of n will be used. Any
* truncation is done by the token.
*/
else if (senv.algorithm == SC_ALGORITHM_EC &&
(flags & SC_ALGORITHM_ECDSA_HASH_NONE) != 0) {
inlen = MIN(inlen, (prkey->field_length+7)/8);
}
r = use_key(p15card, obj, &senv, sc_compute_signature, tmp, inlen,
out, outlen);