giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

openpgp: Correctly handle curve25519 keys

This commit is contained in:
Jakub Jelen 2020-03-27 11:13:30 +01:00
parent 64b61a7556
commit 73e283b4b1
2 changed files with 37 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/libopensc/card.c
View File

@ -1155,8 +1155,10 @@ sc_algorithm_info_t * sc_card_find_alg(sc_card_t *card,
if (info->algorithm != algorithm) if (info->algorithm != algorithm)
continue; continue;
if (param) { if (param) {
if (info->algorithm == SC_ALGORITHM_EC || info->algorithm == SC_ALGORITHM_EDDSA) if (info->algorithm == SC_ALGORITHM_EC ||
if(sc_compare_oid((struct sc_object_id *)param, &info->u._ec.params.id)) info->algorithm == SC_ALGORITHM_EDDSA ||
info->algorithm == SC_ALGORITHM_XEDDSA)
if (sc_compare_oid((struct sc_object_id *)param, &info->u._ec.params.id))
return info; return info;
} }
if (info->key_length != key_length) if (info->key_length != key_length)

41
src/libopensc/pkcs15-openpgp.c
View File

@ -316,8 +316,18 @@ sc_pkcs15emu_openpgp_init(sc_pkcs15_card_t *p15card)
} }
switch (cxdata[0]) { switch (cxdata[0]) {
case SC_OPENPGP_KEYALGO_ECDSA:
case SC_OPENPGP_KEYALGO_ECDH: case SC_OPENPGP_KEYALGO_ECDH:
if (sc_compare_oid(&oid, &curve25519_oid)) {
if ((algorithm_info = sc_card_find_xeddsa_alg(card, 0, &oid)))
prkey_info.field_length = algorithm_info->key_length;
else {
sc_log(ctx, "algorithm not found");
continue;
}
break;
}
/* Fall through */
case SC_OPENPGP_KEYALGO_ECDSA:
if((algorithm_info = sc_card_find_ec_alg(card, 0, &oid))) if((algorithm_info = sc_card_find_ec_alg(card, 0, &oid)))
prkey_info.field_length = algorithm_info->key_length; prkey_info.field_length = algorithm_info->key_length;
else { else {
@ -337,11 +347,11 @@ sc_pkcs15emu_openpgp_init(sc_pkcs15_card_t *p15card)
switch (cxdata[0]) { switch (cxdata[0]) {
case SC_OPENPGP_KEYALGO_EDDSA: case SC_OPENPGP_KEYALGO_EDDSA:
/* assuming Ed25519 as it is the only supported now */ /* Filter out invalid usage: EdDSA does not support anything but sign */
/* Filter out invalid usage: ED does not support anything but sign */
prkey_info.usage &= PGP_SIG_PRKEY_USAGE; prkey_info.usage &= PGP_SIG_PRKEY_USAGE;
r = sc_pkcs15emu_add_eddsa_prkey(p15card, &prkey_obj, &prkey_info); r = sc_pkcs15emu_add_eddsa_prkey(p15card, &prkey_obj, &prkey_info);
break; break;
case SC_OPENPGP_KEYALGO_ECDH: case SC_OPENPGP_KEYALGO_ECDH:
/* This can result in either ECDSA key or EC_MONTGOMERY /* This can result in either ECDSA key or EC_MONTGOMERY
* so we need to check OID */ * so we need to check OID */
@ -355,10 +365,12 @@ sc_pkcs15emu_openpgp_init(sc_pkcs15_card_t *p15card)
prkey_info.usage &= ~PGP_ENC_PRKEY_USAGE; prkey_info.usage &= ~PGP_ENC_PRKEY_USAGE;
r = sc_pkcs15emu_add_ec_prkey(p15card, &prkey_obj, &prkey_info); r = sc_pkcs15emu_add_ec_prkey(p15card, &prkey_obj, &prkey_info);
break; break;
case SC_OPENPGP_KEYALGO_ECDSA: case SC_OPENPGP_KEYALGO_ECDSA:
prkey_info.usage = SC_PKCS15_PRKEY_USAGE_SIGN; prkey_info.usage = SC_PKCS15_PRKEY_USAGE_SIGN;
r = sc_pkcs15emu_add_ec_prkey(p15card, &prkey_obj, &prkey_info); r = sc_pkcs15emu_add_ec_prkey(p15card, &prkey_obj, &prkey_info);
break; break;
case SC_OPENPGP_KEYALGO_RSA: case SC_OPENPGP_KEYALGO_RSA:
if (cxdata_len >= 3) { if (cxdata_len >= 3) {
prkey_info.modulus_length = bebytes2ushort(cxdata + 1); prkey_info.modulus_length = bebytes2ushort(cxdata + 1);
@ -381,7 +393,7 @@ sc_pkcs15emu_openpgp_init(sc_pkcs15_card_t *p15card)
for (i = 0; i < 3; i++) { for (i = 0; i < 3; i++) {
sc_pkcs15_pubkey_info_t pubkey_info; sc_pkcs15_pubkey_info_t pubkey_info;
sc_pkcs15_object_t pubkey_obj; sc_pkcs15_object_t pubkey_obj;
u8 cxdata[10]; u8 cxdata[12];
int cxdata_len = sizeof(cxdata); int cxdata_len = sizeof(cxdata);
char path_template[] = "006E:0073:00Cx"; char path_template[] = "006E:0073:00Cx";
int j; int j;
@ -424,8 +436,18 @@ sc_pkcs15emu_openpgp_init(sc_pkcs15_card_t *p15card)
} }
switch (cxdata[0]) { switch (cxdata[0]) {
case SC_OPENPGP_KEYALGO_ECDSA:
case SC_OPENPGP_KEYALGO_ECDH: case SC_OPENPGP_KEYALGO_ECDH:
if (sc_compare_oid(&oid, &curve25519_oid)) {
if ((algorithm_info = sc_card_find_xeddsa_alg(card, 0, &oid)))
pubkey_info.field_length = algorithm_info->key_length;
else {
sc_log(ctx, "algorithm not found");
continue;
}
break;
}
/* Fall through */
case SC_OPENPGP_KEYALGO_ECDSA:
if((algorithm_info = sc_card_find_ec_alg(card, 0, &oid))) if((algorithm_info = sc_card_find_ec_alg(card, 0, &oid)))
pubkey_info.field_length = algorithm_info->key_length; pubkey_info.field_length = algorithm_info->key_length;
else { else {
@ -467,9 +489,12 @@ sc_pkcs15emu_openpgp_init(sc_pkcs15_card_t *p15card)
r = sc_pkcs15emu_add_ec_pubkey(p15card, &pubkey_obj, &pubkey_info); r = sc_pkcs15emu_add_ec_pubkey(p15card, &pubkey_obj, &pubkey_info);
break; break;
case SC_OPENPGP_KEYALGO_RSA: case SC_OPENPGP_KEYALGO_RSA:
pubkey_info.modulus_length = bebytes2ushort(cxdata + 1); if (cxdata_len >= 3) {
r = sc_pkcs15emu_add_rsa_pubkey(p15card, &pubkey_obj, &pubkey_info); pubkey_info.modulus_length = bebytes2ushort(cxdata + 1);
break; r = sc_pkcs15emu_add_rsa_pubkey(p15card, &pubkey_obj, &pubkey_info);
break;
}
/* Fall through */
default: default:
sc_log(ctx, "Invalid algorithm identifier %x (length = %d)", sc_log(ctx, "Invalid algorithm identifier %x (length = %d)",
cxdata[0], r); cxdata[0], r);