Re: [opensc-devel] Initial ECDSA modifications to OpenSC for use with PIV cards in OpenSC #295

Wed, 08 Dec 2010 04:43:42 -0800 

Hello,

2010/11/30 Douglas E. Engert <[email protected]>:
> On 11/29/2010 4:36 AM, Aleksey Samsonov wrote:
>> After fix it, I have fail in my tests with GOSTR (PKCS#11 C_Sign).
>> Unfortunately, I don't have logs now.
>
> One thing to look at:
>
> In pkcs15-sec.c in sc_pkcs15_compute_signature in the old code there
> is no mention of GOSTR3410, so I assumed it was RSA only. The old code
> had:
>
>
> -   alg_info = sc_card_find_rsa_alg(p15card->card, prkey->modulus_length);
> -   if (alg_info == NULL) {
> -       sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Card does not support RSA with
> key length %d\n", prkey->modulus_length);
> -       return SC_ERROR_NOT_SUPPORTED;
> -    senv.algorithm = SC_ALGORITHM_RSA;
>
> If you card could support both RSA and GOSTR3410 (and card-rtecp.c
> supports both with keylength = 256)  it might have passed the old test,
> and ignored the fact that senv.algorithm = SC_ALGORITHM_RSA.
>
> The new code does a switch(obj->type) and I only added RSA and EC.
> So adding something like:
>
> +       case SC_PKCS15_TYPE_PRKEY_GOSTR3410:
> +           modlen = prkey->modulus_length / 8;
> +           alg_info = sc_card_find_gostr3410_alg(p15card->card,
> prkey->modulus_length);
>   (A sc_card_find_gostr3410_alg routine is needed for this to work.)
> +
> +           if (alg_info == NULL) {
> +               sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Card does not support
> GOSTR3410 key length %d\n", prkey->modulus_length);
> +               return SC_ERROR_NOT_SUPPORTED;
> +           }
> +           senv.flags |= SC_SEC_ENV_ALG_PRESENT;
> +           senv.algorithm = SC_ALGORITHM_RGOST3410;
> +           break;
>
>>
>> I need a few days for detail review.

Sorry for the delay with answer. Thanks for the detail.
My tests are work with simple diff (I'm going to commit late in the evening):

diff --git a/src/pkcs11/mechanism.c b/src/pkcs11/mechanism.c
--- a/src/pkcs11/mechanism.c    2010-12-08 15:24:09.040752899 +0300
+++ b/src/pkcs11/mechanism.c    2010-12-08 15:27:17.294754645 +0300
@@ -460,7 +460,7 @@
                        case CKK_GOSTR3410:
                                rv =
key->ops->get_attribute(operation->session, key, &attr);
                                if (rv == CKR_OK)
-                                       *pLength *= 2;
+                                       *pLength = (*pLength + 7) / 8 * 2;
                                break;
                        default:
                                rv = CKR_MECHANISM_INVALID;
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to