scd:p15: Support signing with CardOS 5 cards.

* scd/app-help.c (app_help_get_keygrip_string_pk): Add optional arg r_pkey and change all callers. (app_help_get_keygrip_string): Ditto. * scd/app-p15.c (struct cdf_object_s): Use bit flags (struct aodf_object_s): Ditto. Add field 'fid'. (struct prkdf_object_s): Ditto. Add fields keygrip, keyalgo, and keynbits. (parse_certid): Allow a keygrip instead of a certid aka keyref. (read_ef_aodf): Store the FID. (keygripstr_from_prkdf): Rename to ... (keygrip_from_prkdf): this. Remove arg r_gripstr and implement cache. Change callers to directly use the values from the object. Also store the algo and length of the key ion the object. (keyref_from_keyinfo): New. Factored out code. (do_sign): Support SHA-256 and >2048 bit RSA keys. (do_with_keygrip): New. (app_select_p15): Register new function. -- This has been tested with a D-Trust card featuring 3072 bit keys. Note that non-repudiation key for a qualified signature does not yet work because we do not yet support rsaPSS padding. Thus a gpgsm --learn shows a couple of Bad Signature errors for this key. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-03 22:56:33 +02:00 · 2020-03-31 19:55:15 +02:00 · 2020-03-31 19:55:15 +02:00 · 103c1576b7
commit 103c1576b7
parent 2bdd4fc7b6
8 changed files with 367 additions and 97 deletions
--- a/scd/app.c
+++ b/scd/app.c
@ -2251,7 +2251,7 @@ app_do_with_keygrip (ctrl_t ctrl, int action, const char *keygrip_str,
            log_debug ("slot %d, app %s: calling with_keygrip(%s)\n",
                       c->slot, xstrapptype (a),
                       action == KEYGRIP_ACTION_SEND_DATA? "send_data":
-                       action == KEYGRIP_ACTION_WRITE_STATUS? "write_data":
+                       action == KEYGRIP_ACTION_WRITE_STATUS? "status":
                       action == KEYGRIP_ACTION_LOOKUP? "lookup":"?");
          if (!a->fnc.with_keygrip (a, ctrl, action, keygrip_str, capability))
            goto leave_the_loop; /* ACTION_LOOKUP succeeded.  */