Dear GnuPG maintainers, attached you will find a series of patches which adds support for D-Trust electronic Signature and Sealing Cards version 6.1/6.4.
To get the cards working some minor changes on the ISO7816 layer were necessary. The PKCS#15 application has to be selected by its AID, but is later selected by its file ID to retrieve data about keys, authentication objects, certificates and so on. The file ID is retrieved from the FCI response of the initial SELECT. This kind of D-Trust Cards (maybe this holds for all cards of the underlying STARCOS 3.7 card operating system) doesn't return the file ID tag in the FCI. The tag is only returned in the FCP response. Thus I had to alter iso7816_select_application_ext() such that it is possible to select which response is requested. With this patch, the PKCS#15 driver will continue to use the FCI and just fall back to the FCP if the tag is not present in the FCI. This introduces a bit of complexity, but reduces the chance of introducing a regression. According to ISO 7816 part 4 the file ID is part of the file parameters so querying just the FCP seems to be sufficient from my point. I can prepare a more simpler patch for this, but don't have a representative set of cards to prove this assumption. The rest of the driver is implemented straight-forward. Just the encoding of the key reference in EF.PrKD made it necessary to introduce a further case in do_sign(). The card issuer chose a key reference number whose ASN.1 representation is 3 byte long. But the current STARCOS-case in do_sign() assumes a 1 byte long reference. It further doesn't implement the EC-ciphers. As I am not sure whether all STARCOS-cards supports ECC, it was the safest option to introduce a new case with hard coded key reference length and implemented ECC support. Merging these two cases nevertheless would be possible. But I do not have access to other STARCOS-cards for testing. Kind regards Mario Haustein Mario Haustein (2): scd: allow to query FCP when selecting an application scd:p15: Add support for D-Trust Card 6.1/6.4 scd/app-p15.c | 150 ++++++++++++++++++++++++++++++++++++++++++++++---- scd/app-piv.c | 4 +- scd/app.c | 2 +- scd/iso7816.c | 15 ++++- scd/iso7816.h | 5 ++ 5 files changed, 159 insertions(+), 17 deletions(-) -- 2.52.0
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-devel mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-devel
