Treat CardOS V5_0 and V5_3 cards differently then older versions:
Use card->dvr_data as a pointer to cardos_data_t to store private driver
data to pass internally, especially between set security environment
and the crypto operations. Sc_get_encoding_flags sets sec_flags from
algo_info->flags in pkcs15-sec.c and it passed to decipher.
Some cards when doing a decipher may drop leading 00 byte when
returning data from RSA_RAW decipher. Add leading byte(s) as needed.
Get Cryptographic Mechanism Reference from Key Reference:
Key reference byte appears to be a 4 bit Cryptographic Mechanism Reference
and a 4 bit key reference.
This is only done if key reference & 0xF0 != 0 i.e. default Cryptographic
mechanism reference is 0. which appears to be the case for RSA RAW.
PKCS1 appears to be 0x10 and ECDSA 0x30
See iso 7816-4 table 55 for DST:
84 Reference of a private key
95 Usage qualifier byte - Table 57 - 40 looks OK
80 Cryptographic mechanism reference and referes to section 9.2
The 4 bit key reference limits card to 16 keys. In future this may not work,
but we can derive a Cryptographic Mechanism Reference from what OpenSC
thinks the card needs to do. Only know RSA RAW, PKCS1 and ECDSA.
ECDSA code has not been tested, but expected to work.
Allow setting CardOS type and flags from opensc.conf using card_atr stanza
This is a fallback if newer cards are added or older cards have problems
giving us time to make need changes in next release.
It will help in identifying what flags are needed for each card.
As user can report what combination of flags work for them. They do this by
adding to opensc.conf with something like this. (Change the ATR to your card's ATR):
card_atr 3b:d2:18:00:81:31:fe:58:c9:03:16 {
driver = "cardos";
# type is decimal from cards.h:
# SC_CARD_TYPE_CARDOS_V5_0 is 1009
# SC_CARD_TYPE_CARDOS_V5_3 is 1010
type = 1010;
# flags is hex from opensc.h:
#define SC_ALGORITHM_ONBOARD_KEY_GEN 0x80000000
#define SC_ALGORITHM_NEED_USAGE 0x40000000
#define SC_ALGORITHM_RSA_RAW 0x00000001 /* RSA_RAW is PAD_NONE */
#define SC_ALGORITHM_RSA_PAD_NONE 0x00000001
#define SC_ALGORITHM_RSA_PAD_PKCS1 0x00000002 /* PKCS#1 v1.5 padding */
#define SC_ALGORITHM_RSA_PAD_ANSI 0x00000004
#define SC_ALGORITHM_RSA_PAD_ISO9796 0x00000008
#define SC_ALGORITHM_RSA_PAD_PSS 0x00000010 /* PKCS#1 v2.0 PSS */
#define SC_ALGORITHM_RSA_PAD_OAEP 0x00000020 /* PKCS#1 v2.0 OAEP */
#define SC_ALGORITHM_RSA_HASH_NONE 0x00000100 /* only applies to PKCS1 padding */
# example: SC_ALGORITHM_ONBOARD_KEY_GEN | SC_ALGORITHM_RSA_HASH_NONE | SC_ALGORITHM_RSA_RAW
flags = 80000101;
#example: SC_ALGORITHM_ONBOARD_KEY_GEN | SC_ALGORITHM_RSA_PAD_PKCS1
flags = 80000002;
}
For V5_0 and v5_3 cards, use sc_get_max_send_size and sc_get_max_recv_size
which takes care or reader sizes even on Windows where SCardControl can not get PART_10 sizes.
(commit eddea6f3c2 on Windows forces reader sizes to 255, 256
in reader-pcsc.c if not already set. It should not do this, but leave that up to card drivers.)
pkcs15-cardos.c added:
New file, pkcs15-cardos.c, added as emulation only for CardOS
V5_0 and V5_3 cards.
sc_pkcs15_bind_internal is called to get tokenInfo as CardOS
cards are substantially PKCS15 cards. But some V5_* cards have
errors in the tokenInfo, Which are corrected.
For older CardOS cards, card-cardos.c will create all the
card->algorithms.
Pkcs15-cardos.c will check for card->algorithms and if there
are none, it will do the following:
SC_CARDCTL_CARDOS_PASS_ALGO_FLAGS is called twice. First to get
the flags as set by user via opensc.conf card_atr or default
flags set by the card driver. Then after determining from the
tokenInfo what algorithms the card can support, the new flags
are passed to card_cardos.c to create card->algorithms.
https://atos.net/wp-content/uploads/2018/11/CT_181026_LPM_CardOS_V5-3_Multifunctionality_FS_en3_web.pdf
says card supports: "“Command chaining” in accordance with ISO/IEC 7816-4"
To take advantage of this with older readers, max_send_size and max_recv_size
is now based on minimum of reader limits and "data_field_length" from card.
This should allow card to work in older readers not capable of extended APDU.
So far current cards we have seen do no appear to support “Command chaining”.
Changes to be committed:
modified: src/libopensc/Makefile.am
modified: src/libopensc/Makefile.mak
modified: src/libopensc/card-cardos.c
modified: src/libopensc/cardctl.h
modified: src/libopensc/cards.h
new file: src/libopensc/pkcs15-cardos.c
modified: src/libopensc/pkcs15-syn.c
modified: src/libopensc/pkcs15-syn.h
The card is largely ISO 7816 compliant, but does not provide any
simple way of listing the content which is supported by current
PKCS#15 implementation therefore the PKCS#15 emulator had to be
used.
The certificates are compressed in a similar way as in DNIE
cards which complicates reading from the card and which I think
could be moved to the shared ISO (or some other file since I saw
that code already many times).
The card supports wide range of algorithms including
RSA-PSS and RSA-OAEP padding schemes in-card. On the other hand,
it does not allow raw RSA and SHA1 hashes on card anymore.
The card is manufactured by Gemalto so it has strict ATR which
can be used for detection.
* pgp: initialize ecc keys for OPC3
* Add supported ECC algorithms by card version
* Add tasks identified so far
* pgp: Recognize ECC set on card
* pgp: get_pubkey_pem read ECC pubkey from card
* pgp: minor code changes for ECC compatibility
* pgp: expand sc_cardctl_openpgp_keygen_info to hold ec info
* Fix segfault problem in pkcs15-pubkey.c
* pgp: enable key generation with pkcs15-init and ECC
* pgp: adapt calculate_and_store_fingerprint to accept ECC
* pgp: adapt rest of pgp_gen_key and subfunctions to accept ECC
* pgp: add kdf parameters for ECDH fingerprint calculation
* pgp: enable key import with pkcs15-init and ECC
* pkcs15-pubkey: fix_ec_parameters onlz accpets explicit data or named_curve
* Fix some mistakes during merge
* More clean up for PR
* Fix some ugly alignments
* Improve code readability
* Prevent unitialized variable by using FUNC_RETURN
* OpenPGP: add length check
* pgp: save exponent length in bits for sc_cardctl_openpgp_keystore_info_t
* pgp: length checks and reallocations
* pgp: oid init added
* OpenPGP: slightly re-factor pgp_update_new_algo_attr()
* replace loop copy with memcpy()
* use ushort2bebytes() to set RSA modulus & exponent
* use symbolic name SC_OPENPGP_KEYFORMAT_RSA_STD for the key import format
* OpenPGP: slighly re-factor pgp_parse_and_set_pubkey_output()
* check for RSA modulus & exponent lengths not being a multiple of 8
* make sure RSA modulus & exponent lengths are always set
* remove a left-over RSA setting from the EC code
* pgp: adding BYTES4BITS
* pgp: initialization of values in pgp_build_extended_header_list based on key type
* pgp: add BYTES4BITS and remove unnecessary tests
* Fix broken pgp_update_new_algo_attr
* pgp: fix the ecpoint_len variable
- rename 'keytype' in some OpenPGP-specific types to 'key_id'
because they key ID was what the field was used for
- introduce field 'algorithm' in the structures above
to indicate the key's algorithm: RSA, ...
- define constant SC_OPENPGP_KEYALGO_RSA and use it
- rename constants SC_OPENPGP_KEYFORMAT_* to SC_OPENPGP_KEYFORMAT_RSA_*
because they are RSA specific
* Includes adding support for parsing extensions from a certificate.
* Move lebytes2ushort() to related functions in internals.h
* Adds Simple TLV related functions
Author: Robert Relyea <rrelyea@redhat.com>
Coolkey driver improvements:
* Remove hardcoded list and use SimCList
* Whitespace cleanup
* Remove bogus if
* drop inline keywords
* proper path to include sys/types.h
* full name of ushort type
* condition to use compression
* proper include path
* Resolve template name conflict in Tokend
Clean up the copyright headers
-- rebased into one commit by VTA
-- closes#896
Rework the EC key generation mechanism to send the curve parameters to
the card. In earlier versions, the applet had a copy of the curve
parameters and there was a different algorithm reference for every
curve. This is unfeasible when trying to support a larger number of
curves because of size limitations of the applet.
This commit additionally includes some refactorings that should not
change the functionality.
In file included from pkcs15.c:30:
cardctl.h:870: error: expected specifier-qualifier-list before 'time_t'
Change-Id: I5faad5462ba6268fd7cf48a04f41e1755597ad0c
OpenPGP: Some indentations need to be tab-size-independent.
OpenPGP: Check for null data when storing fingerprints.
OpenPGP: Allow to provide creation time to store (when gen/import key).
Old: Only store current time.
New: Can provide time to store, not only calculate current time.
OpenPGP: Correct setting content of pubkey blobs after key generation.
cardctl: Add definitions to support key import in OpenPGP.
OpenPGP: Add support for key import at driver level.
Correct the way to parse response data.
Updated wrong blob for pubkey info <~~ Fix.
OpenPGP: Store creation time after generating keys.
OpenPGP: Put_data: Handle the case that DO exists but its blob does not.
When checking DO before writing, relying on blobs only will miss the case that DO exists but its blob does not, when DO is non-readable.
OpenPGP: Set algorithm attributes before generating key.
OpenPGP: Add dependency of OpenSSL.
OpenPGP: Calculate and store fingerprint.
Calculate and store fingerprint after generating key.
OpenPGP: Update blob of pubkey info.
Update blob holding pubkey info after generating key.
OpenPGP: Add step to update card algorithms.
Update card algorithms after generating key. However, this step is not implemented yet, because of suspection about wrong data (see code comment).
../../src/libopensc/cardctl.h:231:30: warning: comma at end of enumerator list
../../src/libopensc/cardctl.h:629:13: warning: comma at end of enumerator list
emulated cards. True PKCS#15 cards with EC
will need additional changes.
Main changes are in framework-pkcs15.c, mechanism.c,
padding.c, pkcs15-algo.c and pkcs15-sec.c
where switch statements for key type, and testing
of flags was modified to make it easier to add
additional key types in the future.
The code was tested using RSA and ECDSA using a PIV card
from pkcs11-tool, OpenSSL and Thunderbird with
modifications to NSS-3.12.7 to get ECDSA to sign e-mail.
Only named curves are supported for ECDSA, ECDH is still
needed. pkcs11-tool has only minimal changes need to work
with the -O option to list EC keys.
One additional line was added to pkcs15-sec.c which
should get GOSTR sign to work.
libp11 and engine do not yet have EC support.
--This line, and those below, will be ignored--
M src/tools/piv-tool.c
M src/tools/pkcs11-tool.c
M src/pkcs11/framework-pkcs15.c
M src/pkcs11/mechanism.c
M src/pkcs11/pkcs11-object.c
M src/libopensc/pkcs15-prkey.c
M src/libopensc/card-piv.c
M src/libopensc/padding.c
M src/libopensc/cardctl.h
M src/libopensc/pkcs15-algo.c
M src/libopensc/libopensc.exports
M src/libopensc/pkcs15-piv.c
M src/libopensc/pkcs15-sec.c
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4904 c6295689-39f2-0310-b995-f0e70906c6a9
PIV driver client can build and run without OpenSSL,
(admin functions and piv-tool still need OpenSSL)
define PIV specific ctrl codes and structures.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4767 c6295689-39f2-0310-b995-f0e70906c6a9
Jakub Jelen
Doug Engert
Alexander Paetzelt
alex-nitrokey
Frank Morgner
Hannu Honkanen
Peter Marschall
Feitian Technologies
Timo Teräs
Jakuje
LE TOUX Vincent
Frank Morgner
Andreas Schwier
Philip Wendland
Viktor Tarasov
German Blanco
sjoblomt
Ludovic Rousseau
Nguyễn Hồng Quân
Martin Paljak
vtarasov
dengert
martin