1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

scd:nks: Support non-ESIGN signing with the Signature Card v2

* scd/app-nks.c (do_sign): Handle ECC for NKS cards
This commit is contained in:
Werner Koch 2022-10-24 17:40:20 +02:00
parent 6bd0dd762c
commit 8361e13ef2
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B

View File

@ -1898,19 +1898,31 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
return gpg_error (GPG_ERR_INV_VALUE);
#undef X
/* Send an MSE for PSO:Computer_Signature. */
/* Send an MSE for PSO:Compute_Signature. */
if (app->appversion > 2 && app->app_local->active_nks_app != NKS_APP_ESIGN)
{
unsigned char mse[6];
unsigned int mselen;
mse[0] = 0x80; /* Algorithm reference. */
mse[1] = 1;
mse[2] = 2; /* RSA, card does pkcs#1 v1.5 padding, no ASN.1 check. */
mse[3] = 0x84; /* Private key reference. */
mse[4] = 1;
mse[5] = kid;
if (algo == GCRY_PK_ECC)
{
mse[0] = 0x84; /* Private key reference. */
mse[1] = 1;
mse[2] = kid;
mselen = 3;
}
else /* RSA */
{
mse[0] = 0x80; /* Algorithm reference. */
mse[1] = 1;
mse[2] = 2; /* Card does pkcs#1 v1.5 padding, no ASN.1 check. */
mse[3] = 0x84; /* Private key reference. */
mse[4] = 1;
mse[5] = kid;
mselen = 6;
}
err = iso7816_manage_security_env (app_get_slot (app), 0x41, 0xB6,
mse, sizeof mse);
mse, mselen);
}
if (app->app_local->active_nks_app == NKS_APP_ESIGN)