giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

entersafe: Disable RSA:512bits that modified in entersafe_generate_key and entersafe_store_key function 

1.Added a prompt while initializing ePass2003 \n 2.Modify code to disable 512bit key
This commit is contained in:
riham 2012-09-13 15:38:47 +08:00 committed by Viktor Tarasov
parent 4b9e82d392
commit c91f0e84cb
2 changed files with 43 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
src/pkcs15init/pkcs15-entersafe.c
View File

@ -14,6 +14,7 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/* Initially written by Weitao Sun (weitao@ftsafe.com) 2008*/
/* Disable RSA:512bits by Shengchao Niu (shengchao@ftsafe.com) 2012 */
#include "config.h"
@ -347,11 +348,28 @@ static int entersafe_store_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
const sc_acl_entry_t *acl_entry;
int r;
struct sc_pkcs15_prkey_info *key_info = (struct sc_pkcs15_prkey_info *)obj->data;
size_t keybits = key_info->modulus_length;
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
if (key->algorithm != SC_ALGORITHM_RSA)
if ( key->algorithm != SC_ALGORITHM_RSA )
{
/* ignore DSA keys */
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,SC_ERROR_INVALID_ARGUMENTS);
}
/* Disable RSA:512bits */
if ( ( keybits < 1024 ) ||
( keybits > 2048 ) ||
( keybits % 0x20 ) )
{
sc_debug( card->ctx,
SC_LOG_DEBUG_NORMAL,
"Unsupported key size %u\n",
keybits );
return SC_ERROR_INVALID_ARGUMENTS;
}
r = sc_profile_get_file(profile, "PKCS15-AODF", &tfile);
if (r < 0)
@ -381,10 +399,27 @@ static int entersafe_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15ca
sc_file_t *tfile;
const sc_acl_entry_t *acl_entry;
struct sc_pkcs15_prkey_info *key_info = (struct sc_pkcs15_prkey_info *)obj->data;
size_t keybits = key_info->modulus_length;
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA)
if ( obj->type != SC_PKCS15_TYPE_PRKEY_RSA )
{
return SC_ERROR_NOT_SUPPORTED;
}
/* Disable RSA:512bits */
if ( ( keybits < 1024 ) ||
( keybits > 2048 ) ||
( keybits % 0x20 ) )
{
sc_debug( card->ctx,
SC_LOG_DEBUG_NORMAL,
"Unsupported key size %u\n",
keybits );
return SC_ERROR_INVALID_ARGUMENTS;
}
r = sc_profile_get_file(profile, "PKCS15-AODF", &tfile);
if (r < 0)

10
src/pkcs15init/pkcs15-epass2003.c
View File

@ -50,6 +50,8 @@ static int epass2003_pkcs15_init_card(struct sc_profile *profile,
int ret;
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
sc_do_log(card->ctx, SC_LOG_DEBUG_VERBOSE_TOOL,NULL,0,NULL,
"ePass2003 doesn't surpport SO-PIN and SO-PUK. You can unblock key with PUK. \n");
{ /* MF */
struct sc_file *mf_file;
struct sc_file *skey_file;
@ -439,8 +441,8 @@ static int epass2003_pkcs15_store_key(struct sc_profile *profile,
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "index %i; keybits %i\n", idx,
keybits);
if (keybits < 512 || keybits > 2048 || (keybits % 0x20)) {
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,
if (keybits < 1024 || keybits > 2048 || (keybits % 0x20)) {
sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
"Unsupported key size %u\n", keybits);
return SC_ERROR_INVALID_ARGUMENTS;
}
@ -513,8 +515,8 @@ static int epass2003_pkcs15_generate_key(struct sc_profile *profile,
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "index %i; keybits %i\n", idx,
keybits);
if (keybits < 512 || keybits > 2048 || (keybits % 0x20)) {
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,
if (keybits < 1024 || keybits > 2048 || (keybits % 0x20)) {
sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
"Unsupported key size %u\n", keybits);
return SC_ERROR_INVALID_ARGUMENTS;
}