From 587a29b7f578d4d3b3c1eb711767f3609e37ef41 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Mon, 25 Apr 2016 10:29:02 +0200
Subject: [PATCH] Truncate data for ECDSA signature to the size of the key

Based on the paragraph from PKCS#11 MECHANISMS V2.30: 6.3.1 EC Signatures:

	If the length of the hash value is larger than the bit length of n, only
	the leftmost bits of the hash up to the length of n will be used. Any
	truncation is done by the token.

This is affecting NIST PIV Test cards with non-hashed mechanisms.
---
 src/libopensc/pkcs15-sec.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/libopensc/pkcs15-sec.c b/src/libopensc/pkcs15-sec.c
index 34629e98..e8609eac 100644
--- a/src/libopensc/pkcs15-sec.c
+++ b/src/libopensc/pkcs15-sec.c
@@ -432,6 +432,16 @@ int sc_pkcs15_compute_signature(struct sc_pkcs15_card *p15card,
 		}
 		inlen = modlen;
 	}
+	/* PKCS#11 MECHANISMS V2.30: 6.3.1 EC Signatures
+	 * If the length of the hash value is larger than the bit length of n, only
+	 * the leftmost bits of the hash up to the length of n will be used. Any
+	 * truncation is done by the token.
+	 */
+	else if (senv.algorithm == SC_ALGORITHM_EC &&
+			(flags & SC_ALGORITHM_ECDSA_HASH_NONE) != 0) {
+		inlen = MIN(inlen, (prkey->field_length+7)/8);
+	}
+
 
 	r = use_key(p15card, obj, &senv, sc_compute_signature, tmp, inlen,
 			out, outlen);