Re: [opensc-devel] Initial ECDSA modifications to OpenSC for use with PIV cards in OpenSC #295

Mon, 29 Nov 2010 14:34:30 -0800 


On 11/29/2010 4:36 AM, Aleksey Samsonov wrote:
> Hello Douglas,
>
> 2010/11/23 Douglas E. Engert<deeng...@anl.gov>:
>> I would especially like the GOSTR maintainers to look at this closely, as 
>> many
>> of the flag tests and if statements where modified to support EC and 
>> hopefully
>> make it easier to add algorithms in the future.
>
> There have compile error at libopensc/pkcs15-piv.c (see "struct
> pubdata_st" and "static const pubdata pubkeys[PIV_NUM_CERTS_AND_KEYS]
> =")
>
> After fix it, I have fail in my tests with GOSTR (PKCS#11 C_Sign).
> Unfortunately, I don't have logs now.

One thing to look at:

In pkcs15-sec.c in sc_pkcs15_compute_signature in the old code there
is no mention of GOSTR3410, so I assumed it was RSA only. The old code
had:


-   alg_info = sc_card_find_rsa_alg(p15card->card, prkey->modulus_length);
-   if (alg_info == NULL) {
-       sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Card does not support RSA with key 
length %d\n", prkey->modulus_length);
-       return SC_ERROR_NOT_SUPPORTED;
-    senv.algorithm = SC_ALGORITHM_RSA;

If you card could support both RSA and GOSTR3410 (and card-rtecp.c
supports both with keylength = 256)  it might have passed the old test,
and ignored the fact that senv.algorithm = SC_ALGORITHM_RSA.

The new code does a switch(obj->type) and I only added RSA and EC.
So adding something like:

+       case SC_PKCS15_TYPE_PRKEY_GOSTR3410:
+           modlen = prkey->modulus_length / 8;
+           alg_info = sc_card_find_gostr3410_alg(p15card->card, 
prkey->modulus_length);
    (A sc_card_find_gostr3410_alg routine is needed for this to work.)
+
+           if (alg_info == NULL) {
+               sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Card does not support 
GOSTR3410 key length %d\n", prkey->modulus_length);
+               return SC_ERROR_NOT_SUPPORTED;
+           }
+           senv.flags |= SC_SEC_ENV_ALG_PRESENT;
+           senv.algorithm = SC_ALGORITHM_RGOST3410;
+           break;

>
> I need a few days for detail review.
> Thanks!
>
>

-- 

  Douglas E. Engert  <deeng...@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to