IsoApplet: Add nistp224, secp192k1 and secp256k1 curves

secp*k1 curves are only supported applet version >= 0.6.0 because of an issue with encoding ECC public keys with small parameters.
2015-03-22 14:49:59 +01:00 · 2015-03-22 14:49:59 +01:00 · e258cec13e
parent ab5ca331b2
commit e258cec13e
2 changed files with 57 additions and 30 deletions
--- a/src/libopensc/card-isoApplet.c
+++ b/src/libopensc/card-isoApplet.c
@ -68,6 +68,23 @@ static struct sc_card_driver isoApplet_drv =
 	NULL, 0, NULL
 };

+static struct isoapplet_supported_ec_curves {
+		struct sc_object_id oid;
+		size_t size;
+		unsigned int min_applet_version;
+} ec_curves[] = {
+	{{{1, 2, 840, 10045, 3, 1, 1, -1}},     192, 0x0000}, /* secp192r1, nistp192, prime192v1, ansiX9p192r1 */
+	{{{1, 3, 132, 0, 33, -1}},              224, 0x0000}, /* secp224r1, nistp224 */
+	{{{1, 2, 840, 10045, 3, 1, 7, -1}},     256, 0x0000}, /* secp256r1, nistp256, prime256v1, ansiX9p256r1 */
+	{{{1, 3, 132, 0, 34, -1}},              384, 0x0000}, /* secp384r1, nistp384, prime384v1, ansiX9p384r1 */
+	{{{1, 3, 36, 3, 3, 2, 8, 1, 1, 3, -1}}, 192, 0x0000}, /* brainpoolP192r1 */
+	{{{1, 3, 36, 3, 3, 2, 8, 1, 1, 5, -1}}, 224, 0x0000}, /* brainpoolP224r1 */
+	{{{1, 3, 36, 3, 3, 2, 8, 1, 1, 7, -1}}, 256, 0x0000}, /* brainpoolP256r1 */
+	{{{1, 3, 36, 3, 3, 2, 8, 1, 1, 9, -1}}, 320, 0x0000}, /* brainpoolP320r1 */
+	{{{1, 3, 132, 0, 31, -1}},              192, 0x0006}, /* secp192k1 */
+	{{{1, 3, 132, 0, 10, -1}},              256, 0x0006}, /* secp256k1 */
+	{{{-1}}, 0, 0} /* This entry must not be touched. */
+};

 /*
 * SELECT an applet on the smartcard. (Not in the emulated filesystem.)
@ -174,12 +191,12 @@ static int
 isoApplet_init(sc_card_t *card)
 {
 	int r;
+	int i;
 	unsigned long flags = 0;
 	unsigned long ext_flags = 0;
 	size_t rlen = SC_MAX_APDU_BUFFER_SIZE;
 	u8 rbuf[SC_MAX_APDU_BUFFER_SIZE];
 	struct isoApplet_drv_data *drvdata;
-	struct sc_object_id curve_oid;

 	LOG_FUNC_CALLED(card->ctx);

@ -211,34 +228,11 @@ isoApplet_init(sc_card_t *card)
 	flags |= SC_ALGORITHM_ONBOARD_KEY_GEN;
 	ext_flags =  SC_ALGORITHM_EXT_EC_NAMEDCURVE;
 	ext_flags |= SC_ALGORITHM_EXT_EC_F_P;
-	/* secp192r1, prime192r1, ansiX9p192r1*/
-	r =  sc_format_oid(&curve_oid, "1.2.840.10045.3.1.1");
-	LOG_TEST_RET(card->ctx, r, "Error obtaining EC curve OID");
-	_sc_card_add_ec_alg(card, 192, flags, ext_flags, &curve_oid);
-	/* prime256v1, secp256r1, ansiX9p256r1 */
-	r =  sc_format_oid(&curve_oid, "1.2.840.10045.3.1.7");
-	LOG_TEST_RET(card->ctx, r, "Error obtaining EC curve OID");
-	_sc_card_add_ec_alg(card, 256, flags, ext_flags, &curve_oid);
-	/* secp384r1, prime384v1, ansiX9p384r1 */
-	r =  sc_format_oid(&curve_oid, "1.3.132.0.34");
-	LOG_TEST_RET(card->ctx, r, "Error obtaining EC curve OID");
-	_sc_card_add_ec_alg(card, 384, flags, ext_flags, &curve_oid);
-	/* brainpoolP192r1 */
-	r =  sc_format_oid(&curve_oid, "1.3.36.3.3.2.8.1.1.3");
-	LOG_TEST_RET(card->ctx, r, "Error obtaining EC curve OID");
-	_sc_card_add_ec_alg(card, 192, flags, ext_flags, &curve_oid);
-	/* brainpoolP224r1 */
-	r =  sc_format_oid(&curve_oid, "1.3.36.3.3.2.8.1.1.5");
-	LOG_TEST_RET(card->ctx, r, "Error obtaining EC curve OID");
-	_sc_card_add_ec_alg(card, 224, flags, ext_flags, &curve_oid);
-	/* brainpoolP256r1 */
-	r =  sc_format_oid(&curve_oid, "1.3.36.3.3.2.8.1.1.7");
-	LOG_TEST_RET(card->ctx, r, "Error obtaining EC curve OID");
-	_sc_card_add_ec_alg(card, 256, flags, ext_flags, &curve_oid);
-	/* brainpoolP320r1 */
-	r =  sc_format_oid(&curve_oid, "1.3.36.3.3.2.8.1.1.9");
-	LOG_TEST_RET(card->ctx, r, "Error obtaining EC curve OID");
-	_sc_card_add_ec_alg(card, 320, flags, ext_flags, &curve_oid);
+	for (i=0; ec_curves[i].oid.value[0] >= 0; i++)
+	{
+		if(drvdata->isoapplet_version >= ec_curves[i].min_applet_version)
+			_sc_card_add_ec_alg(card, ec_curves[i].size, flags, ext_flags, &ec_curves[i].oid);
+	}

 	/* RSA */
 	flags = 0;
--- a/src/pkcs15init/pkcs15-isoApplet.c
+++ b/src/pkcs15init/pkcs15-isoApplet.c
@ -98,7 +98,7 @@ static const struct ec_curve curves[] =
 	},

 	{
-		/* prime192r1, secp192r1, ansiX9p192r1 */
+		/* prime192v1, secp192r1, ansiX9p192r1 */
 		{ (unsigned char *) "\x06\x08\x2A\x86\x48\xCE\x3D\x03\x01\x01", 10},
 		{ (unsigned char *) "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF", 24},
 		{ (unsigned char *) "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFC", 24},
@ -108,6 +108,17 @@ static const struct ec_curve curves[] =
 		{ (unsigned char *) "\x00\x01", 2}
 	},

+	{
+		/* prime224v1, nistp224 */
+		{ (unsigned char *) "\x06\x05\x2b\x81\x04\x00\x21", 7},
+		{ (unsigned char *) "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01", 28},
+		{ (unsigned char *) "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE", 28},
+		{ (unsigned char *) "\xB4\x05\x0A\x85\x0C\x04\xB3\xAB\xF5\x41\x32\x56\x50\x44\xB0\xB7\xD7\xBF\xD8\xBA\x27\x0B\x39\x43\x23\x55\xFF\xB4", 28},
+		{ (unsigned char *) "\x04\xB7\x0E\x0C\xBD\x6B\xB4\xBF\x7F\x32\x13\x90\xB9\x4A\x03\xC1\xD3\x56\xC2\x11\x22\x34\x32\x80\xD6\x11\x5C\x1D\x21\xBD\x37\x63\x88\xB5\xF7\x23\xFB\x4C\x22\xDF\xE6\xCD\x43\x75\xA0\x5A\x07\x47\x64\x44\xD5\x81\x99\x85\x00\x7E\x34", 57},
+		{ (unsigned char *) "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x16\xA2\xE0\xB8\xF0\x3E\x13\xDD\x29\x45\x5C\x5C\x2A\x3D", 28},
+		{ (unsigned char *) "\x00\x01", 2}
+	},
+
 	{
 		/* prime256v1, secp256r1, ansiX9p256r1 */
 		{ (unsigned char *) "\x06\x08\x2A\x86\x48\xCE\x3D\x03\x01\x07", 10},
@ -130,6 +141,28 @@ static const struct ec_curve curves[] =
 		{ (unsigned char *) "\x00\x01", 2}
 	},

+	{
+		/* secp192k1 */
+		{ (unsigned char *) "\x06\x05\x2B\x81\x04\x00\x1F", 7},
+		{ (unsigned char *) "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE\xFF\xFF\xEE\x37", 24},
+		{ (unsigned char *) "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 24},
+		{ (unsigned char *) "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03", 24},
+		{ (unsigned char *) "\x04\xDB\x4F\xF1\x0E\xC0\x57\xE9\xAE\x26\xB0\x7D\x02\x80\xB7\xF4\x34\x1D\xA5\xD1\xB1\xEA\xE0\x6C\x7D\x9B\x2F\x2F\x6D\x9C\x56\x28\xA7\x84\x41\x63\xD0\x15\xBE\x86\x34\x40\x82\xAA\x88\xD9\x5E\x2F\x9D", 49},
+		{ (unsigned char *) "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE\x26\xF2\xFC\x17\x0F\x69\x46\x6A\x74\xDE\xFD\x8D", 24},
+		{ (unsigned char *) "\x00\x01", 2}
+	},
+
+	{
+		/* secp256k1 */
+		{ (unsigned char *) "\x06\x05\x2B\x81\x04\x00\x0A", 7},
+		{ (unsigned char *) "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE\xFF\xFF\xFC\x2F", 32},
+		{ (unsigned char *) "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 32},
+		{ (unsigned char *) "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07", 32},
+		{ (unsigned char *) "\x04\x79\xBE\x66\x7E\xF9\xDC\xBB\xAC\x55\xA0\x62\x95\xCE\x87\x0B\x07\x02\x9B\xFC\xDB\x2D\xCE\x28\xD9\x59\xF2\x81\x5B\x16\xF8\x17\x98\x48\x3A\xDA\x77\x26\xA3\xC4\x65\x5D\xA4\xFB\xFC\x0E\x11\x08\xA8\xFD\x17\xB4\x48\xA6\x85\x54\x19\x9C\x47\xD0\x8F\xFB\x10\xD4\xB8", 65},
+		{ (unsigned char *) "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE\xBA\xAE\xDC\xE6\xAF\x48\xA0\x3B\xBF\xD2\x5E\x8C\xD0\x36\x41\x41", 32},
+		{ (unsigned char *) "\x00\x01", 2}
+	},
+
 	{
 		{ NULL, 0},
 		{ NULL, 0},