|
 |
76fb5c |
From bc496dfa59c1cfbc5c47c76511d5c6b7eff5cc6c Mon Sep 17 00:00:00 2001
|
|
|
76fb5c |
From: Jakub Jelen <jjelen@redhat.com>
|
|
|
76fb5c |
Date: Thu, 26 Jan 2017 17:11:24 +0100
|
|
|
76fb5c |
Subject: [PATCH 1/4] Set security context for CardOS 5.3 with p1=0x41 (as
|
|
|
76fb5c |
Coolkey does)
|
|
|
76fb5c |
|
|
|
76fb5c |
---
|
|
|
76fb5c |
src/libopensc/card-cardos.c | 16 +++++++++++-----
|
|
|
76fb5c |
src/libopensc/cards.h | 1 +
|
|
|
76fb5c |
2 files changed, 12 insertions(+), 5 deletions(-)
|
|
|
76fb5c |
|
|
|
76fb5c |
diff --git a/src/libopensc/card-cardos.c b/src/libopensc/card-cardos.c
|
|
|
76fb5c |
index 0c14b32..008ce5c 100644
|
|
|
76fb5c |
--- a/src/libopensc/card-cardos.c
|
|
|
76fb5c |
+++ b/src/libopensc/card-cardos.c
|
|
|
76fb5c |
@@ -59,7 +59,7 @@ static struct sc_atr_table cardos_atrs[] = {
|
|
|
76fb5c |
/* CardOS v5.0 */
|
|
|
76fb5c |
{ "3b:d2:18:00:81:31:fe:58:c9:01:14", NULL, NULL, SC_CARD_TYPE_CARDOS_V5_0, 0, NULL},
|
|
|
76fb5c |
/* CardOS v5.3 */
|
|
|
76fb5c |
- { "3b:d2:18:00:81:31:fe:58:c9:03:16", NULL, NULL, SC_CARD_TYPE_CARDOS_V5_0, 0, NULL},
|
|
|
76fb5c |
+ { "3b:d2:18:00:81:31:fe:58:c9:03:16", NULL, NULL, SC_CARD_TYPE_CARDOS_V5_3, 0, NULL},
|
|
|
76fb5c |
{ NULL, NULL, NULL, 0, 0, NULL }
|
|
|
76fb5c |
};
|
|
|
76fb5c |
|
|
|
76fb5c |
@@ -84,6 +84,8 @@ static int cardos_match_card(sc_card_t *card)
|
|
|
76fb5c |
return 1;
|
|
|
76fb5c |
if (card->type == SC_CARD_TYPE_CARDOS_V5_0)
|
|
|
76fb5c |
return 1;
|
|
|
76fb5c |
+ if (card->type == SC_CARD_TYPE_CARDOS_V5_3)
|
|
|
76fb5c |
+ return 1;
|
|
|
76fb5c |
if (card->type == SC_CARD_TYPE_CARDOS_M4_2) {
|
|
|
76fb5c |
int rv;
|
|
|
76fb5c |
sc_apdu_t apdu;
|
|
|
76fb5c |
@@ -195,7 +197,8 @@ static int cardos_init(sc_card_t *card)
|
|
|
76fb5c |
|| card->type == SC_CARD_TYPE_CARDOS_M4_2B
|
|
|
76fb5c |
|| card->type == SC_CARD_TYPE_CARDOS_M4_2C
|
|
|
76fb5c |
|| card->type == SC_CARD_TYPE_CARDOS_M4_4
|
|
|
76fb5c |
- || card->type == SC_CARD_TYPE_CARDOS_V5_0) {
|
|
|
76fb5c |
+ || card->type == SC_CARD_TYPE_CARDOS_V5_0
|
|
|
76fb5c |
+ || card->type == SC_CARD_TYPE_CARDOS_V5_3) {
|
|
|
76fb5c |
rsa_2048 = 1;
|
|
|
76fb5c |
card->caps |= SC_CARD_CAP_APDU_EXT;
|
|
|
76fb5c |
}
|
|
|
76fb5c |
@@ -230,7 +233,7 @@ static int cardos_init(sc_card_t *card)
|
|
|
76fb5c |
_sc_card_add_rsa_alg(card, 2048, flags, 0);
|
|
|
76fb5c |
}
|
|
|
76fb5c |
|
|
|
76fb5c |
- if (card->type == SC_CARD_TYPE_CARDOS_V5_0) {
|
|
|
76fb5c |
+ if (card->type >= SC_CARD_TYPE_CARDOS_V5_0) {
|
|
|
76fb5c |
/* Starting with CardOS 5, the card supports PIN query commands */
|
|
|
76fb5c |
card->caps |= SC_CARD_CAP_ISO7816_PIN_INFO;
|
|
|
76fb5c |
}
|
|
|
76fb5c |
@@ -249,7 +252,7 @@ static const struct sc_card_error cardos_errors[] = {
|
|
|
76fb5c |
{ 0x6f82, SC_ERROR_CARD_CMD_FAILED, "not enough memory in xram"},
|
|
|
76fb5c |
{ 0x6f84, SC_ERROR_CARD_CMD_FAILED, "general protection fault"},
|
|
|
76fb5c |
|
|
|
76fb5c |
-/* the card doesn't now thic combination of ins+cla+p1+p2 */
|
|
|
76fb5c |
+/* the card doesn't now this combination of ins+cla+p1+p2 */
|
|
|
76fb5c |
/* i.e. command will never work */
|
|
|
76fb5c |
{ 0x6881, SC_ERROR_NO_CARD_SUPPORT, "logical channel not supported"},
|
|
|
76fb5c |
{ 0x6a86, SC_ERROR_INCORRECT_PARAMETERS,"p1/p2 invalid"},
|
|
|
76fb5c |
@@ -781,6 +784,8 @@ cardos_set_security_env(sc_card_t *card,
|
|
|
76fb5c |
if (card->type == SC_CARD_TYPE_CARDOS_CIE_V1) {
|
|
|
76fb5c |
cardos_restore_security_env(card, 0x30);
|
|
|
76fb5c |
apdu.p1 = 0xF1;
|
|
|
76fb5c |
+ } else if (card->type == SC_CARD_TYPE_CARDOS_V5_3) {
|
|
|
76fb5c |
+ apdu.p1 = 0x41;
|
|
|
76fb5c |
} else {
|
|
|
76fb5c |
apdu.p1 = 0x01;
|
|
|
76fb5c |
}
|
|
|
76fb5c |
@@ -1235,7 +1240,8 @@ cardos_logout(sc_card_t *card)
|
|
|
76fb5c |
|| card->type == SC_CARD_TYPE_CARDOS_M4_2C
|
|
|
76fb5c |
|| card->type == SC_CARD_TYPE_CARDOS_M4_3
|
|
|
76fb5c |
|| card->type == SC_CARD_TYPE_CARDOS_M4_4
|
|
|
76fb5c |
- || card->type == SC_CARD_TYPE_CARDOS_V5_0) {
|
|
|
76fb5c |
+ || card->type == SC_CARD_TYPE_CARDOS_V5_0
|
|
|
76fb5c |
+ || card->type == SC_CARD_TYPE_CARDOS_V5_3) {
|
|
|
76fb5c |
sc_apdu_t apdu;
|
|
|
76fb5c |
int r;
|
|
|
76fb5c |
sc_path_t path;
|
|
|
76fb5c |
diff --git a/src/libopensc/cards.h b/src/libopensc/cards.h
|
|
|
76fb5c |
index d71c02f..9f8f641 100644
|
|
|
76fb5c |
--- a/src/libopensc/cards.h
|
|
|
76fb5c |
+++ b/src/libopensc/cards.h
|
|
|
76fb5c |
@@ -47,6 +47,7 @@ enum {
|
|
|
76fb5c |
SC_CARD_TYPE_CARDOS_CIE_V1, /* Italian CIE (eID) v1 */
|
|
|
76fb5c |
SC_CARD_TYPE_CARDOS_M4_4,
|
|
|
76fb5c |
SC_CARD_TYPE_CARDOS_V5_0,
|
|
|
76fb5c |
+ SC_CARD_TYPE_CARDOS_V5_3,
|
|
|
76fb5c |
|
|
|
76fb5c |
/* flex/cyberflex drivers */
|
|
|
76fb5c |
SC_CARD_TYPE_FLEX_BASE = 2000,
|
|
|
76fb5c |
--
|
|
|
76fb5c |
2.9.3
|
|
|
76fb5c |
|
|
|
76fb5c |
|
|
|
76fb5c |
From 5dec534cf07e45ffb0209a53d6145022ecd9259a Mon Sep 17 00:00:00 2001
|
|
|
76fb5c |
From: Jakub Jelen <jjelen@redhat.com>
|
|
|
76fb5c |
Date: Mon, 30 Jan 2017 14:33:05 +0100
|
|
|
76fb5c |
Subject: [PATCH 2/4] Do not emulate signatures in CardOS 5.3
|
|
|
76fb5c |
|
|
|
76fb5c |
Remove the bogus SC_ALGORITHM_NEED_USAGE which prevents using the
|
|
|
76fb5c |
actual implementation in cardos_compute_signature().
|
|
|
76fb5c |
|
|
|
76fb5c |
It might be bogus also in previous version, but I don't have a way
|
|
|
76fb5c |
to verify against these cards.
|
|
|
76fb5c |
---
|
|
|
76fb5c |
src/libopensc/card-cardos.c | 8 +++++---
|
|
|
76fb5c |
1 file changed, 5 insertions(+), 3 deletions(-)
|
|
|
76fb5c |
|
|
|
76fb5c |
diff --git a/src/libopensc/card-cardos.c b/src/libopensc/card-cardos.c
|
|
|
76fb5c |
index 008ce5c..a21e67a 100644
|
|
|
76fb5c |
--- a/src/libopensc/card-cardos.c
|
|
|
76fb5c |
+++ b/src/libopensc/card-cardos.c
|
|
|
76fb5c |
@@ -177,11 +177,13 @@ static int cardos_init(sc_card_t *card)
|
|
|
76fb5c |
card->cla = 0x00;
|
|
|
76fb5c |
|
|
|
76fb5c |
/* Set up algorithm info. */
|
|
|
76fb5c |
- flags = SC_ALGORITHM_NEED_USAGE
|
|
|
76fb5c |
- | SC_ALGORITHM_RSA_RAW
|
|
|
76fb5c |
+ flags = SC_ALGORITHM_RSA_RAW
|
|
|
76fb5c |
| SC_ALGORITHM_RSA_HASH_NONE
|
|
|
76fb5c |
| SC_ALGORITHM_ONBOARD_KEY_GEN
|
|
|
76fb5c |
;
|
|
|
76fb5c |
+ if (card->type != SC_CARD_TYPE_CARDOS_V5_3)
|
|
|
76fb5c |
+ flags |= SC_ALGORITHM_NEED_USAGE;
|
|
|
76fb5c |
+
|
|
|
76fb5c |
_sc_card_add_rsa_alg(card, 512, flags, 0);
|
|
|
76fb5c |
_sc_card_add_rsa_alg(card, 768, flags, 0);
|
|
|
76fb5c |
_sc_card_add_rsa_alg(card, 1024, flags, 0);
|
|
|
76fb5c |
@@ -252,7 +254,7 @@ static const struct sc_card_error cardos_errors[] = {
|
|
|
76fb5c |
{ 0x6f82, SC_ERROR_CARD_CMD_FAILED, "not enough memory in xram"},
|
|
|
76fb5c |
{ 0x6f84, SC_ERROR_CARD_CMD_FAILED, "general protection fault"},
|
|
|
76fb5c |
|
|
|
76fb5c |
-/* the card doesn't now this combination of ins+cla+p1+p2 */
|
|
|
76fb5c |
+/* the card doesn't know this combination of ins+cla+p1+p2 */
|
|
|
76fb5c |
/* i.e. command will never work */
|
|
|
76fb5c |
{ 0x6881, SC_ERROR_NO_CARD_SUPPORT, "logical channel not supported"},
|
|
|
76fb5c |
{ 0x6a86, SC_ERROR_INCORRECT_PARAMETERS,"p1/p2 invalid"},
|
|
|
76fb5c |
--
|
|
|
76fb5c |
2.9.3
|
|
|
76fb5c |
|
|
|
76fb5c |
|
|
|
76fb5c |
From 057197c7abf29715a2b7793045c35adf2a34dc17 Mon Sep 17 00:00:00 2001
|
|
|
76fb5c |
From: Jakub Jelen <jjelen@redhat.com>
|
|
|
76fb5c |
Date: Fri, 10 Mar 2017 16:37:43 +0100
|
|
|
76fb5c |
Subject: [PATCH 3/4] Hack for returning the padding back in CardOS 5.3
|
|
|
76fb5c |
|
|
|
76fb5c |
---
|
|
|
76fb5c |
src/libopensc/card-cardos.c | 25 +++++++++++++++++++++++++
|
|
|
76fb5c |
1 file changed, 25 insertions(+)
|
|
|
76fb5c |
|
|
|
76fb5c |
diff --git a/src/libopensc/card-cardos.c b/src/libopensc/card-cardos.c
|
|
|
76fb5c |
index a21e67a..39ec4ac 100644
|
|
|
76fb5c |
--- a/src/libopensc/card-cardos.c
|
|
|
76fb5c |
+++ b/src/libopensc/card-cardos.c
|
|
|
76fb5c |
@@ -979,6 +979,30 @@ cardos_compute_signature(sc_card_t *card, const u8 *data, size_t datalen,
|
|
|
76fb5c |
}
|
|
|
76fb5c |
|
|
|
76fb5c |
static int
|
|
|
76fb5c |
+cardos_decipher(struct sc_card *card,
|
|
|
76fb5c |
+ const u8 * crgram, size_t crgram_len,
|
|
|
76fb5c |
+ u8 * out, size_t outlen)
|
|
|
76fb5c |
+{
|
|
|
76fb5c |
+ int r;
|
|
|
76fb5c |
+ u8 *tmp = NULL;
|
|
|
76fb5c |
+ size_t tmp_len = crgram_len;
|
|
|
76fb5c |
+
|
|
|
76fb5c |
+ assert(card != NULL && crgram != NULL && out != NULL);
|
|
|
76fb5c |
+ LOG_FUNC_CALLED(card->ctx);
|
|
|
76fb5c |
+
|
|
|
76fb5c |
+ tmp = malloc(tmp_len);
|
|
|
76fb5c |
+ r = iso_ops->decipher(card, crgram, crgram_len, tmp, tmp_len);
|
|
|
76fb5c |
+
|
|
|
76fb5c |
+ /* add bogus padding, because the card removes it */
|
|
|
76fb5c |
+ if (sc_pkcs1_encode(card->ctx, SC_ALGORITHM_RSA_HASH_NONE|SC_ALGORITHM_RSA_PAD_PKCS1,
|
|
|
76fb5c |
+ tmp, r, out, &outlen, crgram_len) != SC_SUCCESS)
|
|
|
76fb5c |
+ LOG_FUNC_RETURN(card->ctx, SC_ERROR_INTERNAL);
|
|
|
76fb5c |
+ out[1] = 0x02; /* this is encryption-padding */
|
|
|
76fb5c |
+
|
|
|
76fb5c |
+ LOG_FUNC_RETURN(card->ctx, outlen);
|
|
|
76fb5c |
+}
|
|
|
76fb5c |
+
|
|
|
76fb5c |
+static int
|
|
|
76fb5c |
cardos_lifecycle_get(sc_card_t *card, int *mode)
|
|
|
76fb5c |
{
|
|
|
76fb5c |
sc_apdu_t apdu;
|
|
|
76fb5c |
@@ -1278,6 +1302,7 @@ static struct sc_card_driver * sc_get_driver(void)
|
|
|
76fb5c |
cardos_ops.set_security_env = cardos_set_security_env;
|
|
|
76fb5c |
cardos_ops.restore_security_env = cardos_restore_security_env;
|
|
|
76fb5c |
cardos_ops.compute_signature = cardos_compute_signature;
|
|
|
76fb5c |
+ cardos_ops.decipher = cardos_decipher;
|
|
|
76fb5c |
|
|
|
76fb5c |
cardos_ops.list_files = cardos_list_files;
|
|
|
76fb5c |
cardos_ops.check_sw = cardos_check_sw;
|
|
|
76fb5c |
--
|
|
|
76fb5c |
2.9.3
|
|
|
76fb5c |
|
|
|
76fb5c |
|
|
|
76fb5c |
From 515f761f5564e91302ce672d30a24d6e6738e349 Mon Sep 17 00:00:00 2001
|
|
|
76fb5c |
From: Jakub Jelen <jjelen@redhat.com>
|
|
|
76fb5c |
Date: Mon, 13 Mar 2017 15:15:48 +0100
|
|
|
76fb5c |
Subject: [PATCH 4/4] With older cards, use iso decipher
|
|
|
76fb5c |
|
|
|
76fb5c |
---
|
|
|
76fb5c |
src/libopensc/card-cardos.c | 16 ++++++++++++++--
|
|
|
76fb5c |
1 file changed, 14 insertions(+), 2 deletions(-)
|
|
|
76fb5c |
|
|
|
76fb5c |
diff --git a/src/libopensc/card-cardos.c b/src/libopensc/card-cardos.c
|
|
|
76fb5c |
index 39ec4ac..d479065 100644
|
|
|
76fb5c |
--- a/src/libopensc/card-cardos.c
|
|
|
76fb5c |
+++ b/src/libopensc/card-cardos.c
|
|
|
76fb5c |
@@ -992,10 +992,22 @@ cardos_decipher(struct sc_card *card,
|
|
|
76fb5c |
|
|
|
76fb5c |
tmp = malloc(tmp_len);
|
|
|
76fb5c |
r = iso_ops->decipher(card, crgram, crgram_len, tmp, tmp_len);
|
|
|
76fb5c |
+ if (r < 0)
|
|
|
76fb5c |
+ LOG_FUNC_RETURN(card->ctx, r);
|
|
|
76fb5c |
+
|
|
|
76fb5c |
+ if (card->type != SC_CARD_TYPE_CARDOS_V5_3) {
|
|
|
76fb5c |
+ /* XXX */
|
|
|
76fb5c |
+ memcpy(out, tmp, tmp_len);
|
|
|
76fb5c |
+ outlen = tmp_len;
|
|
|
76fb5c |
+ free(tmp);
|
|
|
76fb5c |
+ LOG_FUNC_RETURN(card->ctx, r);
|
|
|
76fb5c |
+ }
|
|
|
76fb5c |
|
|
|
76fb5c |
/* add bogus padding, because the card removes it */
|
|
|
76fb5c |
- if (sc_pkcs1_encode(card->ctx, SC_ALGORITHM_RSA_HASH_NONE|SC_ALGORITHM_RSA_PAD_PKCS1,
|
|
|
76fb5c |
- tmp, r, out, &outlen, crgram_len) != SC_SUCCESS)
|
|
|
76fb5c |
+ r = sc_pkcs1_encode(card->ctx, SC_ALGORITHM_RSA_HASH_NONE|SC_ALGORITHM_RSA_PAD_PKCS1,
|
|
|
76fb5c |
+ tmp, r, out, &outlen, crgram_len);
|
|
|
76fb5c |
+ free(tmp);
|
|
|
76fb5c |
+ if (r != SC_SUCCESS)
|
|
|
76fb5c |
LOG_FUNC_RETURN(card->ctx, SC_ERROR_INTERNAL);
|
|
|
76fb5c |
out[1] = 0x02; /* this is encryption-padding */
|
|
|
76fb5c |
|
|
|
76fb5c |
--
|
|
|
76fb5c |
2.9.3
|
|
|
76fb5c |
|