giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Removed code for obsolete cards from D-Trust (#1261)

This commit is contained in:
Frank Morgner 2018-05-18 23:49:59 +02:00 committed by GitHub
parent 439a95f2d2
commit c463985fed
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 5 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
etc/opensc.conf.in
View File

@ -386,19 +386,6 @@ app default {
flags = "keep_alive";
}
# Micardo driver sometimes only play together with T=0
# In theory only the 'cold' ATR should be specified, as T=0 will
# be the preferred protocol once you boot it up with T=0, but be
# paranoid.
#
# D-Trust cards are also based on micardo and need T=0 for some reason
card_atr 3b:ff:94:00:ff:80:b1:fe:45:1f:03:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00:23 {
force_protocol = t0;
}
card_atr 3b:ff:11:00:ff:80:b1:fe:45:1f:03:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00:a6 {
force_protocol = t0;
}
# Oberthur's AuthentIC v3.2.2
card_atr 3B:DD:18:00:81:31:FE:45:80:F9:A0:00:00:00:77:01:00:70:0A:90:00:8B {
type = 11100;

14
src/libopensc/card-mcrd.c
View File

@ -39,9 +39,9 @@ static struct sc_atr_table mcrd_atrs[] = {
{"3B:FF:94:00:FF:80:B1:FE:45:1F:03:00:68:D2:76:00:00:28:FF:05:1E:31:80:00:90:00:23", NULL,
"Micardo 2.1/German BMI/D-Trust", SC_CARD_TYPE_MCRD_GENERIC, 0, NULL},
{"3b:6f:00:ff:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00", NULL,
"D-Trust", SC_CARD_TYPE_MCRD_DTRUST, 0, NULL},
"D-Trust", SC_CARD_TYPE_MCRD_GENERIC, 0, NULL},
{"3b:ff:11:00:ff:80:b1:fe:45:1f:03:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00:a6", NULL,
"D-Trust", SC_CARD_TYPE_MCRD_DTRUST, 0, NULL},
"D-Trust", SC_CARD_TYPE_MCRD_GENERIC, 0, NULL},
/* Certain pcsc-lite versions (1.5.3 for example on Ubuntu 10.04) incorrectly truncate the warm ATR to the length of the cold ATR */
/* See opensc.conf for further information */
{"3B:FE:94:00:FF:80:B1:FA:45:1F:03:45:73:74:45:49:44:20", NULL, "Broken EstEID 1.1 warm", SC_CARD_TYPE_MCRD_ESTEID_V11, 0, NULL},
@ -1253,9 +1253,7 @@ static int mcrd_set_security_env(sc_card_t * card,
return 0;
}
if (card->type == SC_CARD_TYPE_MCRD_DTRUST
|| card->type == SC_CARD_TYPE_MCRD_GENERIC) {
sc_log(card->ctx, "Using SC_CARD_TYPE_MCRD_DTRUST\n");
if (card->type == SC_CARD_TYPE_MCRD_GENERIC) {
/* some sanity checks */
if (env->flags & SC_SEC_ENV_ALG_PRESENT) {
if (env->algorithm != SC_ALGORITHM_RSA)
@ -1303,8 +1301,7 @@ static int mcrd_set_security_env(sc_card_t * card,
*p++ = 0x03;
*p++ = 0x80;
if (card->type == SC_CARD_TYPE_MCRD_DTRUST
|| card->type == SC_CARD_TYPE_MCRD_GENERIC) {
if (card->type == SC_CARD_TYPE_MCRD_GENERIC) {
unsigned char fid;
fid = env->key_ref[0];
@ -1515,8 +1512,7 @@ static int mcrd_pin_cmd(sc_card_t * card, struct sc_pin_cmd_data *data,
return SC_SUCCESS;
}
if (card->type == SC_CARD_TYPE_MCRD_DTRUST
|| card->type == SC_CARD_TYPE_MCRD_GENERIC) {
if (SC_CARD_TYPE_MCRD_GENERIC) {
sc_log(card->ctx, "modify pin reference for D-Trust\n");
if (data->pin_reference == 0x02)
data->pin_reference = data->pin_reference | 0x80;

48
src/libopensc/pkcs15.c
View File

@ -439,52 +439,6 @@ fix_authentic_ddo(struct sc_pkcs15_card *p15card)
}
}
static void
fix_starcos_pkcs15_card(struct sc_pkcs15_card *p15card)
{
struct sc_context *ctx = p15card->card->ctx;
/* set special flags based on card meta data */
if (strcmp(p15card->card->driver->short_name,"cardos") == 0
&& p15card->tokeninfo && p15card->tokeninfo->label) {
/* D-Trust cards (D-TRUST, D-SIGN) */
if (strstr(p15card->tokeninfo->label,"D-TRUST") != NULL
|| strstr(p15card->tokeninfo->label,"D-SIGN") != NULL) {
/* D-TRUST Card 2.0 2cc (standard cards, which always add
* SHA1 prefix itself */
if (strstr(p15card->tokeninfo->label, "2cc") != NULL) {
p15card->card->caps |= SC_CARD_CAP_ONLY_RAW_HASH_STRIPPED;
sc_log(ctx, "D-TRUST 2cc card detected, only SHA1 works with this card");
/* XXX: add detection when other hash than SHA1 is used with
* such a card, as this produces invalid signatures.
*/
}
/* D-SIGN multicard 2.0 2ca (cards working with all types of hashes
* and no addition of prefix) */
else if (strstr(p15card->tokeninfo->label, "2ca") != NULL) {
p15card->card->caps |= SC_CARD_CAP_ONLY_RAW_HASH;
sc_log(ctx, "D-TRUST 2ca card detected");
}
/* D-TRUST card 2.4 2ce (cards working with all types of hashes
* and no addition of prefix) */
else if (strstr(p15card->tokeninfo->label, "2ce") != NULL) {
p15card->card->caps |= SC_CARD_CAP_ONLY_RAW_HASH;
sc_log(ctx, "D-TRUST 2ce card detected");
}
/* XXX: probably there are more D-Trust card in the wild,
* which also need these flags to produce valid signatures
*/
}
}
}
static int
parse_ddo(struct sc_pkcs15_card *p15card, const u8 * buf, size_t buflen)
{
@ -1293,8 +1247,6 @@ sc_pkcs15_bind(struct sc_card *card, struct sc_aid *aid,
goto error;
}
done:
fix_starcos_pkcs15_card(p15card);
*p15card_out = p15card;
sc_unlock(card);
LOG_FUNC_RETURN(ctx, SC_SUCCESS);