Removed code for obsolete cards from D-Trust (#1261)
This commit is contained in:
parent
439a95f2d2
commit
c463985fed
|
@ -386,19 +386,6 @@ app default {
|
||||||
flags = "keep_alive";
|
flags = "keep_alive";
|
||||||
}
|
}
|
||||||
|
|
||||||
# Micardo driver sometimes only play together with T=0
|
|
||||||
# In theory only the 'cold' ATR should be specified, as T=0 will
|
|
||||||
# be the preferred protocol once you boot it up with T=0, but be
|
|
||||||
# paranoid.
|
|
||||||
#
|
|
||||||
# D-Trust cards are also based on micardo and need T=0 for some reason
|
|
||||||
card_atr 3b:ff:94:00:ff:80:b1:fe:45:1f:03:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00:23 {
|
|
||||||
force_protocol = t0;
|
|
||||||
}
|
|
||||||
card_atr 3b:ff:11:00:ff:80:b1:fe:45:1f:03:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00:a6 {
|
|
||||||
force_protocol = t0;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Oberthur's AuthentIC v3.2.2
|
# Oberthur's AuthentIC v3.2.2
|
||||||
card_atr 3B:DD:18:00:81:31:FE:45:80:F9:A0:00:00:00:77:01:00:70:0A:90:00:8B {
|
card_atr 3B:DD:18:00:81:31:FE:45:80:F9:A0:00:00:00:77:01:00:70:0A:90:00:8B {
|
||||||
type = 11100;
|
type = 11100;
|
||||||
|
|
|
@ -39,9 +39,9 @@ static struct sc_atr_table mcrd_atrs[] = {
|
||||||
{"3B:FF:94:00:FF:80:B1:FE:45:1F:03:00:68:D2:76:00:00:28:FF:05:1E:31:80:00:90:00:23", NULL,
|
{"3B:FF:94:00:FF:80:B1:FE:45:1F:03:00:68:D2:76:00:00:28:FF:05:1E:31:80:00:90:00:23", NULL,
|
||||||
"Micardo 2.1/German BMI/D-Trust", SC_CARD_TYPE_MCRD_GENERIC, 0, NULL},
|
"Micardo 2.1/German BMI/D-Trust", SC_CARD_TYPE_MCRD_GENERIC, 0, NULL},
|
||||||
{"3b:6f:00:ff:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00", NULL,
|
{"3b:6f:00:ff:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00", NULL,
|
||||||
"D-Trust", SC_CARD_TYPE_MCRD_DTRUST, 0, NULL},
|
"D-Trust", SC_CARD_TYPE_MCRD_GENERIC, 0, NULL},
|
||||||
{"3b:ff:11:00:ff:80:b1:fe:45:1f:03:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00:a6", NULL,
|
{"3b:ff:11:00:ff:80:b1:fe:45:1f:03:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00:a6", NULL,
|
||||||
"D-Trust", SC_CARD_TYPE_MCRD_DTRUST, 0, NULL},
|
"D-Trust", SC_CARD_TYPE_MCRD_GENERIC, 0, NULL},
|
||||||
/* Certain pcsc-lite versions (1.5.3 for example on Ubuntu 10.04) incorrectly truncate the warm ATR to the length of the cold ATR */
|
/* Certain pcsc-lite versions (1.5.3 for example on Ubuntu 10.04) incorrectly truncate the warm ATR to the length of the cold ATR */
|
||||||
/* See opensc.conf for further information */
|
/* See opensc.conf for further information */
|
||||||
{"3B:FE:94:00:FF:80:B1:FA:45:1F:03:45:73:74:45:49:44:20", NULL, "Broken EstEID 1.1 warm", SC_CARD_TYPE_MCRD_ESTEID_V11, 0, NULL},
|
{"3B:FE:94:00:FF:80:B1:FA:45:1F:03:45:73:74:45:49:44:20", NULL, "Broken EstEID 1.1 warm", SC_CARD_TYPE_MCRD_ESTEID_V11, 0, NULL},
|
||||||
|
@ -1253,9 +1253,7 @@ static int mcrd_set_security_env(sc_card_t * card,
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (card->type == SC_CARD_TYPE_MCRD_DTRUST
|
if (card->type == SC_CARD_TYPE_MCRD_GENERIC) {
|
||||||
|| card->type == SC_CARD_TYPE_MCRD_GENERIC) {
|
|
||||||
sc_log(card->ctx, "Using SC_CARD_TYPE_MCRD_DTRUST\n");
|
|
||||||
/* some sanity checks */
|
/* some sanity checks */
|
||||||
if (env->flags & SC_SEC_ENV_ALG_PRESENT) {
|
if (env->flags & SC_SEC_ENV_ALG_PRESENT) {
|
||||||
if (env->algorithm != SC_ALGORITHM_RSA)
|
if (env->algorithm != SC_ALGORITHM_RSA)
|
||||||
|
@ -1303,8 +1301,7 @@ static int mcrd_set_security_env(sc_card_t * card,
|
||||||
*p++ = 0x03;
|
*p++ = 0x03;
|
||||||
*p++ = 0x80;
|
*p++ = 0x80;
|
||||||
|
|
||||||
if (card->type == SC_CARD_TYPE_MCRD_DTRUST
|
if (card->type == SC_CARD_TYPE_MCRD_GENERIC) {
|
||||||
|| card->type == SC_CARD_TYPE_MCRD_GENERIC) {
|
|
||||||
unsigned char fid;
|
unsigned char fid;
|
||||||
|
|
||||||
fid = env->key_ref[0];
|
fid = env->key_ref[0];
|
||||||
|
@ -1515,8 +1512,7 @@ static int mcrd_pin_cmd(sc_card_t * card, struct sc_pin_cmd_data *data,
|
||||||
return SC_SUCCESS;
|
return SC_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (card->type == SC_CARD_TYPE_MCRD_DTRUST
|
if (SC_CARD_TYPE_MCRD_GENERIC) {
|
||||||
|| card->type == SC_CARD_TYPE_MCRD_GENERIC) {
|
|
||||||
sc_log(card->ctx, "modify pin reference for D-Trust\n");
|
sc_log(card->ctx, "modify pin reference for D-Trust\n");
|
||||||
if (data->pin_reference == 0x02)
|
if (data->pin_reference == 0x02)
|
||||||
data->pin_reference = data->pin_reference | 0x80;
|
data->pin_reference = data->pin_reference | 0x80;
|
||||||
|
|
|
@ -439,52 +439,6 @@ fix_authentic_ddo(struct sc_pkcs15_card *p15card)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static void
|
|
||||||
fix_starcos_pkcs15_card(struct sc_pkcs15_card *p15card)
|
|
||||||
{
|
|
||||||
struct sc_context *ctx = p15card->card->ctx;
|
|
||||||
|
|
||||||
/* set special flags based on card meta data */
|
|
||||||
if (strcmp(p15card->card->driver->short_name,"cardos") == 0
|
|
||||||
&& p15card->tokeninfo && p15card->tokeninfo->label) {
|
|
||||||
|
|
||||||
/* D-Trust cards (D-TRUST, D-SIGN) */
|
|
||||||
if (strstr(p15card->tokeninfo->label,"D-TRUST") != NULL
|
|
||||||
|| strstr(p15card->tokeninfo->label,"D-SIGN") != NULL) {
|
|
||||||
|
|
||||||
/* D-TRUST Card 2.0 2cc (standard cards, which always add
|
|
||||||
* SHA1 prefix itself */
|
|
||||||
if (strstr(p15card->tokeninfo->label, "2cc") != NULL) {
|
|
||||||
p15card->card->caps |= SC_CARD_CAP_ONLY_RAW_HASH_STRIPPED;
|
|
||||||
sc_log(ctx, "D-TRUST 2cc card detected, only SHA1 works with this card");
|
|
||||||
/* XXX: add detection when other hash than SHA1 is used with
|
|
||||||
* such a card, as this produces invalid signatures.
|
|
||||||
*/
|
|
||||||
}
|
|
||||||
|
|
||||||
/* D-SIGN multicard 2.0 2ca (cards working with all types of hashes
|
|
||||||
* and no addition of prefix) */
|
|
||||||
else if (strstr(p15card->tokeninfo->label, "2ca") != NULL) {
|
|
||||||
p15card->card->caps |= SC_CARD_CAP_ONLY_RAW_HASH;
|
|
||||||
sc_log(ctx, "D-TRUST 2ca card detected");
|
|
||||||
}
|
|
||||||
|
|
||||||
/* D-TRUST card 2.4 2ce (cards working with all types of hashes
|
|
||||||
* and no addition of prefix) */
|
|
||||||
else if (strstr(p15card->tokeninfo->label, "2ce") != NULL) {
|
|
||||||
p15card->card->caps |= SC_CARD_CAP_ONLY_RAW_HASH;
|
|
||||||
sc_log(ctx, "D-TRUST 2ce card detected");
|
|
||||||
}
|
|
||||||
|
|
||||||
/* XXX: probably there are more D-Trust card in the wild,
|
|
||||||
* which also need these flags to produce valid signatures
|
|
||||||
*/
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
parse_ddo(struct sc_pkcs15_card *p15card, const u8 * buf, size_t buflen)
|
parse_ddo(struct sc_pkcs15_card *p15card, const u8 * buf, size_t buflen)
|
||||||
{
|
{
|
||||||
|
@ -1293,8 +1247,6 @@ sc_pkcs15_bind(struct sc_card *card, struct sc_aid *aid,
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
done:
|
done:
|
||||||
fix_starcos_pkcs15_card(p15card);
|
|
||||||
|
|
||||||
*p15card_out = p15card;
|
*p15card_out = p15card;
|
||||||
sc_unlock(card);
|
sc_unlock(card);
|
||||||
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
|
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
|
||||||
|
|
Loading…
Reference in New Issue