scd:nks: Support non-ESIGN signing with the Signature Card v2

* scd/app-nks.c (do_sign): Handle ECC for NKS cards
2022-10-24 17:40:20 +02:00 · 2022-10-24 17:40:20 +02:00 · 8361e13ef2
parent 6bd0dd762c
commit 8361e13ef2
1 changed files with 20 additions and 8 deletions
--- a/scd/app-nks.c
+++ b/scd/app-nks.c
@ -1898,19 +1898,31 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
    return gpg_error (GPG_ERR_INV_VALUE);
 #undef X

-  /* Send an MSE for PSO:Computer_Signature.  */
+  /* Send an MSE for PSO:Compute_Signature.  */
  if (app->appversion > 2 && app->app_local->active_nks_app != NKS_APP_ESIGN)
    {
      unsigned char mse[6];
+      unsigned int mselen;

-      mse[0] = 0x80; /* Algorithm reference.  */
-      mse[1] = 1;
-      mse[2] = 2;    /* RSA, card does pkcs#1 v1.5 padding, no ASN.1 check.  */
-      mse[3] = 0x84; /* Private key reference.  */
-      mse[4] = 1;
-      mse[5] = kid;
+      if (algo == GCRY_PK_ECC)
+        {
+          mse[0] = 0x84; /* Private key reference.  */
+          mse[1] = 1;
+          mse[2] = kid;
+          mselen = 3;
+        }
+      else /* RSA */
+        {
+          mse[0] = 0x80; /* Algorithm reference.  */
+          mse[1] = 1;
+          mse[2] = 2;    /* Card does pkcs#1 v1.5 padding, no ASN.1 check.  */
+          mse[3] = 0x84; /* Private key reference.  */
+          mse[4] = 1;
+          mse[5] = kid;
+          mselen = 6;
+        }
      err = iso7816_manage_security_env (app_get_slot (app), 0x41, 0xB6,
-                                         mse, sizeof mse);
+                                         mse, mselen);
    }

  if (app->app_local->active_nks_app == NKS_APP_ESIGN)