Make CardOS 5.3 working with OpenSC (#1003)
* Set security context for CardOS 5.3 with p1=0x41 (as Coolkey does) * Do not emulate signatures in CardOS 5.3 Remove the bogus SC_ALGORITHM_NEED_USAGE which prevents using the actual implementation in cardos_compute_signature(). It might be bogus also in previous version, but I don't have a way to verify against these cards. * Do not advertise RSA-X-509 mechanism for CardOS 5.3 (card strips padding)
This commit is contained in:
parent
e7915ec198
commit
8f33305421
|
@ -59,7 +59,7 @@ static struct sc_atr_table cardos_atrs[] = {
|
||||||
/* CardOS v5.0 */
|
/* CardOS v5.0 */
|
||||||
{ "3b:d2:18:00:81:31:fe:58:c9:01:14", NULL, NULL, SC_CARD_TYPE_CARDOS_V5_0, 0, NULL},
|
{ "3b:d2:18:00:81:31:fe:58:c9:01:14", NULL, NULL, SC_CARD_TYPE_CARDOS_V5_0, 0, NULL},
|
||||||
/* CardOS v5.3 */
|
/* CardOS v5.3 */
|
||||||
{ "3b:d2:18:00:81:31:fe:58:c9:03:16", NULL, NULL, SC_CARD_TYPE_CARDOS_V5_0, 0, NULL},
|
{ "3b:d2:18:00:81:31:fe:58:c9:03:16", NULL, NULL, SC_CARD_TYPE_CARDOS_V5_3, 0, NULL},
|
||||||
{ NULL, NULL, NULL, 0, 0, NULL }
|
{ NULL, NULL, NULL, 0, 0, NULL }
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -84,6 +84,8 @@ static int cardos_match_card(sc_card_t *card)
|
||||||
return 1;
|
return 1;
|
||||||
if (card->type == SC_CARD_TYPE_CARDOS_V5_0)
|
if (card->type == SC_CARD_TYPE_CARDOS_V5_0)
|
||||||
return 1;
|
return 1;
|
||||||
|
if (card->type == SC_CARD_TYPE_CARDOS_V5_3)
|
||||||
|
return 1;
|
||||||
if (card->type == SC_CARD_TYPE_CARDOS_M4_2) {
|
if (card->type == SC_CARD_TYPE_CARDOS_M4_2) {
|
||||||
int rv;
|
int rv;
|
||||||
sc_apdu_t apdu;
|
sc_apdu_t apdu;
|
||||||
|
@ -175,11 +177,15 @@ static int cardos_init(sc_card_t *card)
|
||||||
card->cla = 0x00;
|
card->cla = 0x00;
|
||||||
|
|
||||||
/* Set up algorithm info. */
|
/* Set up algorithm info. */
|
||||||
flags = SC_ALGORITHM_NEED_USAGE
|
flags = SC_ALGORITHM_RSA_HASH_NONE
|
||||||
| SC_ALGORITHM_RSA_RAW
|
|
||||||
| SC_ALGORITHM_RSA_HASH_NONE
|
|
||||||
| SC_ALGORITHM_ONBOARD_KEY_GEN
|
| SC_ALGORITHM_ONBOARD_KEY_GEN
|
||||||
;
|
;
|
||||||
|
if (card->type != SC_CARD_TYPE_CARDOS_V5_3)
|
||||||
|
flags |= SC_ALGORITHM_RSA_RAW
|
||||||
|
| SC_ALGORITHM_NEED_USAGE;
|
||||||
|
else
|
||||||
|
flags |= SC_ALGORITHM_RSA_PAD_PKCS1;
|
||||||
|
|
||||||
_sc_card_add_rsa_alg(card, 512, flags, 0);
|
_sc_card_add_rsa_alg(card, 512, flags, 0);
|
||||||
_sc_card_add_rsa_alg(card, 768, flags, 0);
|
_sc_card_add_rsa_alg(card, 768, flags, 0);
|
||||||
_sc_card_add_rsa_alg(card, 1024, flags, 0);
|
_sc_card_add_rsa_alg(card, 1024, flags, 0);
|
||||||
|
@ -195,7 +201,8 @@ static int cardos_init(sc_card_t *card)
|
||||||
|| card->type == SC_CARD_TYPE_CARDOS_M4_2B
|
|| card->type == SC_CARD_TYPE_CARDOS_M4_2B
|
||||||
|| card->type == SC_CARD_TYPE_CARDOS_M4_2C
|
|| card->type == SC_CARD_TYPE_CARDOS_M4_2C
|
||||||
|| card->type == SC_CARD_TYPE_CARDOS_M4_4
|
|| card->type == SC_CARD_TYPE_CARDOS_M4_4
|
||||||
|| card->type == SC_CARD_TYPE_CARDOS_V5_0) {
|
|| card->type == SC_CARD_TYPE_CARDOS_V5_0
|
||||||
|
|| card->type == SC_CARD_TYPE_CARDOS_V5_3) {
|
||||||
rsa_2048 = 1;
|
rsa_2048 = 1;
|
||||||
card->caps |= SC_CARD_CAP_APDU_EXT;
|
card->caps |= SC_CARD_CAP_APDU_EXT;
|
||||||
}
|
}
|
||||||
|
@ -230,7 +237,8 @@ static int cardos_init(sc_card_t *card)
|
||||||
_sc_card_add_rsa_alg(card, 2048, flags, 0);
|
_sc_card_add_rsa_alg(card, 2048, flags, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (card->type == SC_CARD_TYPE_CARDOS_V5_0) {
|
if (card->type == SC_CARD_TYPE_CARDOS_V5_0
|
||||||
|
|| card->type == SC_CARD_TYPE_CARDOS_V5_3) {
|
||||||
/* Starting with CardOS 5, the card supports PIN query commands */
|
/* Starting with CardOS 5, the card supports PIN query commands */
|
||||||
card->caps |= SC_CARD_CAP_ISO7816_PIN_INFO;
|
card->caps |= SC_CARD_CAP_ISO7816_PIN_INFO;
|
||||||
}
|
}
|
||||||
|
@ -249,7 +257,7 @@ static const struct sc_card_error cardos_errors[] = {
|
||||||
{ 0x6f82, SC_ERROR_CARD_CMD_FAILED, "not enough memory in xram"},
|
{ 0x6f82, SC_ERROR_CARD_CMD_FAILED, "not enough memory in xram"},
|
||||||
{ 0x6f84, SC_ERROR_CARD_CMD_FAILED, "general protection fault"},
|
{ 0x6f84, SC_ERROR_CARD_CMD_FAILED, "general protection fault"},
|
||||||
|
|
||||||
/* the card doesn't now thic combination of ins+cla+p1+p2 */
|
/* the card doesn't know this combination of ins+cla+p1+p2 */
|
||||||
/* i.e. command will never work */
|
/* i.e. command will never work */
|
||||||
{ 0x6881, SC_ERROR_NO_CARD_SUPPORT, "logical channel not supported"},
|
{ 0x6881, SC_ERROR_NO_CARD_SUPPORT, "logical channel not supported"},
|
||||||
{ 0x6a86, SC_ERROR_INCORRECT_PARAMETERS,"p1/p2 invalid"},
|
{ 0x6a86, SC_ERROR_INCORRECT_PARAMETERS,"p1/p2 invalid"},
|
||||||
|
@ -781,6 +789,8 @@ cardos_set_security_env(sc_card_t *card,
|
||||||
if (card->type == SC_CARD_TYPE_CARDOS_CIE_V1) {
|
if (card->type == SC_CARD_TYPE_CARDOS_CIE_V1) {
|
||||||
cardos_restore_security_env(card, 0x30);
|
cardos_restore_security_env(card, 0x30);
|
||||||
apdu.p1 = 0xF1;
|
apdu.p1 = 0xF1;
|
||||||
|
} else if (card->type == SC_CARD_TYPE_CARDOS_V5_3) {
|
||||||
|
apdu.p1 = 0x41;
|
||||||
} else {
|
} else {
|
||||||
apdu.p1 = 0x01;
|
apdu.p1 = 0x01;
|
||||||
}
|
}
|
||||||
|
@ -1239,7 +1249,8 @@ cardos_logout(sc_card_t *card)
|
||||||
|| card->type == SC_CARD_TYPE_CARDOS_M4_2C
|
|| card->type == SC_CARD_TYPE_CARDOS_M4_2C
|
||||||
|| card->type == SC_CARD_TYPE_CARDOS_M4_3
|
|| card->type == SC_CARD_TYPE_CARDOS_M4_3
|
||||||
|| card->type == SC_CARD_TYPE_CARDOS_M4_4
|
|| card->type == SC_CARD_TYPE_CARDOS_M4_4
|
||||||
|| card->type == SC_CARD_TYPE_CARDOS_V5_0) {
|
|| card->type == SC_CARD_TYPE_CARDOS_V5_0
|
||||||
|
|| card->type == SC_CARD_TYPE_CARDOS_V5_3) {
|
||||||
sc_apdu_t apdu;
|
sc_apdu_t apdu;
|
||||||
int r;
|
int r;
|
||||||
sc_path_t path;
|
sc_path_t path;
|
||||||
|
|
|
@ -47,6 +47,7 @@ enum {
|
||||||
SC_CARD_TYPE_CARDOS_CIE_V1, /* Italian CIE (eID) v1 */
|
SC_CARD_TYPE_CARDOS_CIE_V1, /* Italian CIE (eID) v1 */
|
||||||
SC_CARD_TYPE_CARDOS_M4_4,
|
SC_CARD_TYPE_CARDOS_M4_4,
|
||||||
SC_CARD_TYPE_CARDOS_V5_0,
|
SC_CARD_TYPE_CARDOS_V5_0,
|
||||||
|
SC_CARD_TYPE_CARDOS_V5_3,
|
||||||
|
|
||||||
/* flex/cyberflex drivers */
|
/* flex/cyberflex drivers */
|
||||||
SC_CARD_TYPE_FLEX_BASE = 2000,
|
SC_CARD_TYPE_FLEX_BASE = 2000,
|
||||||
|
|
Loading…
Reference in New Issue