From e258cec13e417ce10c05be6c40fe3539824301b7 Mon Sep 17 00:00:00 2001 From: Philip Wendland Date: Sun, 22 Mar 2015 14:49:59 +0100 Subject: [PATCH] IsoApplet: Add nistp224, secp192k1 and secp256k1 curves secp*k1 curves are only supported applet version >= 0.6.0 because of an issue with encoding ECC public keys with small parameters. --- src/libopensc/card-isoApplet.c | 52 ++++++++++++++----------------- src/pkcs15init/pkcs15-isoApplet.c | 35 ++++++++++++++++++++- 2 files changed, 57 insertions(+), 30 deletions(-) diff --git a/src/libopensc/card-isoApplet.c b/src/libopensc/card-isoApplet.c index 3062ae94..38b8556e 100644 --- a/src/libopensc/card-isoApplet.c +++ b/src/libopensc/card-isoApplet.c @@ -68,6 +68,23 @@ static struct sc_card_driver isoApplet_drv = NULL, 0, NULL }; +static struct isoapplet_supported_ec_curves { + struct sc_object_id oid; + size_t size; + unsigned int min_applet_version; +} ec_curves[] = { + {{{1, 2, 840, 10045, 3, 1, 1, -1}}, 192, 0x0000}, /* secp192r1, nistp192, prime192v1, ansiX9p192r1 */ + {{{1, 3, 132, 0, 33, -1}}, 224, 0x0000}, /* secp224r1, nistp224 */ + {{{1, 2, 840, 10045, 3, 1, 7, -1}}, 256, 0x0000}, /* secp256r1, nistp256, prime256v1, ansiX9p256r1 */ + {{{1, 3, 132, 0, 34, -1}}, 384, 0x0000}, /* secp384r1, nistp384, prime384v1, ansiX9p384r1 */ + {{{1, 3, 36, 3, 3, 2, 8, 1, 1, 3, -1}}, 192, 0x0000}, /* brainpoolP192r1 */ + {{{1, 3, 36, 3, 3, 2, 8, 1, 1, 5, -1}}, 224, 0x0000}, /* brainpoolP224r1 */ + {{{1, 3, 36, 3, 3, 2, 8, 1, 1, 7, -1}}, 256, 0x0000}, /* brainpoolP256r1 */ + {{{1, 3, 36, 3, 3, 2, 8, 1, 1, 9, -1}}, 320, 0x0000}, /* brainpoolP320r1 */ + {{{1, 3, 132, 0, 31, -1}}, 192, 0x0006}, /* secp192k1 */ + {{{1, 3, 132, 0, 10, -1}}, 256, 0x0006}, /* secp256k1 */ + {{{-1}}, 0, 0} /* This entry must not be touched. */ +}; /* * SELECT an applet on the smartcard. (Not in the emulated filesystem.) @@ -174,12 +191,12 @@ static int isoApplet_init(sc_card_t *card) { int r; + int i; unsigned long flags = 0; unsigned long ext_flags = 0; size_t rlen = SC_MAX_APDU_BUFFER_SIZE; u8 rbuf[SC_MAX_APDU_BUFFER_SIZE]; struct isoApplet_drv_data *drvdata; - struct sc_object_id curve_oid; LOG_FUNC_CALLED(card->ctx); @@ -211,34 +228,11 @@ isoApplet_init(sc_card_t *card) flags |= SC_ALGORITHM_ONBOARD_KEY_GEN; ext_flags = SC_ALGORITHM_EXT_EC_NAMEDCURVE; ext_flags |= SC_ALGORITHM_EXT_EC_F_P; - /* secp192r1, prime192r1, ansiX9p192r1*/ - r = sc_format_oid(&curve_oid, "1.2.840.10045.3.1.1"); - LOG_TEST_RET(card->ctx, r, "Error obtaining EC curve OID"); - _sc_card_add_ec_alg(card, 192, flags, ext_flags, &curve_oid); - /* prime256v1, secp256r1, ansiX9p256r1 */ - r = sc_format_oid(&curve_oid, "1.2.840.10045.3.1.7"); - LOG_TEST_RET(card->ctx, r, "Error obtaining EC curve OID"); - _sc_card_add_ec_alg(card, 256, flags, ext_flags, &curve_oid); - /* secp384r1, prime384v1, ansiX9p384r1 */ - r = sc_format_oid(&curve_oid, "1.3.132.0.34"); - LOG_TEST_RET(card->ctx, r, "Error obtaining EC curve OID"); - _sc_card_add_ec_alg(card, 384, flags, ext_flags, &curve_oid); - /* brainpoolP192r1 */ - r = sc_format_oid(&curve_oid, "1.3.36.3.3.2.8.1.1.3"); - LOG_TEST_RET(card->ctx, r, "Error obtaining EC curve OID"); - _sc_card_add_ec_alg(card, 192, flags, ext_flags, &curve_oid); - /* brainpoolP224r1 */ - r = sc_format_oid(&curve_oid, "1.3.36.3.3.2.8.1.1.5"); - LOG_TEST_RET(card->ctx, r, "Error obtaining EC curve OID"); - _sc_card_add_ec_alg(card, 224, flags, ext_flags, &curve_oid); - /* brainpoolP256r1 */ - r = sc_format_oid(&curve_oid, "1.3.36.3.3.2.8.1.1.7"); - LOG_TEST_RET(card->ctx, r, "Error obtaining EC curve OID"); - _sc_card_add_ec_alg(card, 256, flags, ext_flags, &curve_oid); - /* brainpoolP320r1 */ - r = sc_format_oid(&curve_oid, "1.3.36.3.3.2.8.1.1.9"); - LOG_TEST_RET(card->ctx, r, "Error obtaining EC curve OID"); - _sc_card_add_ec_alg(card, 320, flags, ext_flags, &curve_oid); + for (i=0; ec_curves[i].oid.value[0] >= 0; i++) + { + if(drvdata->isoapplet_version >= ec_curves[i].min_applet_version) + _sc_card_add_ec_alg(card, ec_curves[i].size, flags, ext_flags, &ec_curves[i].oid); + } /* RSA */ flags = 0; diff --git a/src/pkcs15init/pkcs15-isoApplet.c b/src/pkcs15init/pkcs15-isoApplet.c index b4095a85..bbcc7e17 100644 --- a/src/pkcs15init/pkcs15-isoApplet.c +++ b/src/pkcs15init/pkcs15-isoApplet.c @@ -98,7 +98,7 @@ static const struct ec_curve curves[] = }, { - /* prime192r1, secp192r1, ansiX9p192r1 */ + /* prime192v1, secp192r1, ansiX9p192r1 */ { (unsigned char *) "\x06\x08\x2A\x86\x48\xCE\x3D\x03\x01\x01", 10}, { (unsigned char *) "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF", 24}, { (unsigned char *) "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFC", 24}, @@ -108,6 +108,17 @@ static const struct ec_curve curves[] = { (unsigned char *) "\x00\x01", 2} }, + { + /* prime224v1, nistp224 */ + { (unsigned char *) "\x06\x05\x2b\x81\x04\x00\x21", 7}, + { (unsigned char *) "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01", 28}, + { (unsigned char *) "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE", 28}, + { (unsigned char *) "\xB4\x05\x0A\x85\x0C\x04\xB3\xAB\xF5\x41\x32\x56\x50\x44\xB0\xB7\xD7\xBF\xD8\xBA\x27\x0B\x39\x43\x23\x55\xFF\xB4", 28}, + { (unsigned char *) "\x04\xB7\x0E\x0C\xBD\x6B\xB4\xBF\x7F\x32\x13\x90\xB9\x4A\x03\xC1\xD3\x56\xC2\x11\x22\x34\x32\x80\xD6\x11\x5C\x1D\x21\xBD\x37\x63\x88\xB5\xF7\x23\xFB\x4C\x22\xDF\xE6\xCD\x43\x75\xA0\x5A\x07\x47\x64\x44\xD5\x81\x99\x85\x00\x7E\x34", 57}, + { (unsigned char *) "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x16\xA2\xE0\xB8\xF0\x3E\x13\xDD\x29\x45\x5C\x5C\x2A\x3D", 28}, + { (unsigned char *) "\x00\x01", 2} + }, + { /* prime256v1, secp256r1, ansiX9p256r1 */ { (unsigned char *) "\x06\x08\x2A\x86\x48\xCE\x3D\x03\x01\x07", 10}, @@ -130,6 +141,28 @@ static const struct ec_curve curves[] = { (unsigned char *) "\x00\x01", 2} }, + { + /* secp192k1 */ + { (unsigned char *) "\x06\x05\x2B\x81\x04\x00\x1F", 7}, + { (unsigned char *) "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE\xFF\xFF\xEE\x37", 24}, + { (unsigned char *) "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 24}, + { (unsigned char *) "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03", 24}, + { (unsigned char *) "\x04\xDB\x4F\xF1\x0E\xC0\x57\xE9\xAE\x26\xB0\x7D\x02\x80\xB7\xF4\x34\x1D\xA5\xD1\xB1\xEA\xE0\x6C\x7D\x9B\x2F\x2F\x6D\x9C\x56\x28\xA7\x84\x41\x63\xD0\x15\xBE\x86\x34\x40\x82\xAA\x88\xD9\x5E\x2F\x9D", 49}, + { (unsigned char *) "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE\x26\xF2\xFC\x17\x0F\x69\x46\x6A\x74\xDE\xFD\x8D", 24}, + { (unsigned char *) "\x00\x01", 2} + }, + + { + /* secp256k1 */ + { (unsigned char *) "\x06\x05\x2B\x81\x04\x00\x0A", 7}, + { (unsigned char *) "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE\xFF\xFF\xFC\x2F", 32}, + { (unsigned char *) "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 32}, + { (unsigned char *) "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07", 32}, + { (unsigned char *) "\x04\x79\xBE\x66\x7E\xF9\xDC\xBB\xAC\x55\xA0\x62\x95\xCE\x87\x0B\x07\x02\x9B\xFC\xDB\x2D\xCE\x28\xD9\x59\xF2\x81\x5B\x16\xF8\x17\x98\x48\x3A\xDA\x77\x26\xA3\xC4\x65\x5D\xA4\xFB\xFC\x0E\x11\x08\xA8\xFD\x17\xB4\x48\xA6\x85\x54\x19\x9C\x47\xD0\x8F\xFB\x10\xD4\xB8", 65}, + { (unsigned char *) "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE\xBA\xAE\xDC\xE6\xAF\x48\xA0\x3B\xBF\xD2\x5E\x8C\xD0\x36\x41\x41", 32}, + { (unsigned char *) "\x00\x01", 2} + }, + { { NULL, 0}, { NULL, 0},