1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-10 21:38:50 +01:00

scd:nks: Support non-ESIGN signing with the Signature Card v2

* scd/app-nks.c (do_sign): Handle ECC for NKS cards
--

Backported-from-master: 959c627892121ce9707bfa36f2510216b4f6f247
GnuPG-bug-id: 6252
This commit is contained in:
Werner Koch 2022-10-24 17:40:20 +02:00
parent 12d3b16729
commit 7ed523ca13
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B

View File

@ -1902,19 +1902,31 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
return gpg_error (GPG_ERR_INV_VALUE); return gpg_error (GPG_ERR_INV_VALUE);
#undef X #undef X
/* Send an MSE for PSO:Computer_Signature. */ /* Send an MSE for PSO:Compute_Signature. */
if (app->appversion > 2 && app->app_local->active_nks_app != NKS_APP_ESIGN) if (app->appversion > 2 && app->app_local->active_nks_app != NKS_APP_ESIGN)
{ {
unsigned char mse[6]; unsigned char mse[6];
unsigned int mselen;
mse[0] = 0x80; /* Algorithm reference. */ if (algo == GCRY_PK_ECC)
mse[1] = 1; {
mse[2] = 2; /* RSA, card does pkcs#1 v1.5 padding, no ASN.1 check. */ mse[0] = 0x84; /* Private key reference. */
mse[3] = 0x84; /* Private key reference. */ mse[1] = 1;
mse[4] = 1; mse[2] = kid;
mse[5] = kid; mselen = 3;
}
else /* RSA */
{
mse[0] = 0x80; /* Algorithm reference. */
mse[1] = 1;
mse[2] = 2; /* Card does pkcs#1 v1.5 padding, no ASN.1 check. */
mse[3] = 0x84; /* Private key reference. */
mse[4] = 1;
mse[5] = kid;
mselen = 6;
}
err = iso7816_manage_security_env (app_get_slot (app), 0x41, 0xB6, err = iso7816_manage_security_env (app_get_slot (app), 0x41, 0xB6,
mse, sizeof mse); mse, mselen);
} }
if (app->app_local->active_nks_app == NKS_APP_ESIGN) if (app->app_local->active_nks_app == NKS_APP_ESIGN)