Peter Popovec
Peter Popovec
Rebased, CI tests with openssl 3.0 and libressl are OK. This PR is designed so as not to interfere with current asymmetric operations in OpenSC. Code for symmetric decryption may...
Rebased, formating fixed to match definitions in `.clang-format` from https://github.com/OpenSC/OpenSC/pull/2017 except reformatting of large structures in `src/pkcs11/openssl.c`, `src/pkcs11/framework-pkcs15.c`,`src/libopensc/iso7816.c` and `src/pkcs11/pkcs11-object.c`. (Is it appropriate to add another patch that reformats these...
This patch introduced two defects reported by "coverity scan". I'm not sure if these are false negative reports or if they are real bugs. I will look into both reported...
I can reproduce this on MyEID 4.0.1. Just for completeness, MSE APDU: ```` 00 22 41 B6 0A 80 01 02 81 02 4B 01 84 01 00 ```` TAG...
There is way to use RSA-X-509 mechanism, but message must be constructed in software, by concatenating parts: - PKCS#1 v1.5 padding 0x00, 0x01, 0xff, 0xff ... 0xff, 0x00 - SHA512...
> So it looks like the 40% is a feature of the card. Yes, this is checked by card..... for example same driver (myeid) with OsEID card is able to...
Supported RSA padding/hashes (from card-myeid.c): ````` SC_ALGORITHM_RSA_RAW SC_ALGORITHM_RSA_PAD_PKCS1 SC_ALGORITHM_RSA_HASH_NONE SC_ALGORITHM_RSA_HASH_SHA1 ````` This is indicated by `pkcs11-tool -M`: ````` RSA-X-509, keySize={512,2048}, hw, decrypt, sign, verify, wrap, unwrap RSA-PKCS, keySize={512,2048}, hw, decrypt,...
Here draft for SHA256-RSA-PKCS support in MyEID driver: ````` diff --git a/src/libopensc/card-myeid.c b/src/libopensc/card-myeid.c index 677e068f..4b071085 100644 --- a/src/libopensc/card-myeid.c +++ b/src/libopensc/card-myeid.c @@ -62,6 +62,10 @@ #define MYEID_MAX_EXT_APDU_BUFFER_SIZE (MYEID_MAX_RSA_KEY_LEN/8+16) +static const uint8_t...
40% is limit is forced by card, only if card is requested to do PKCS#1 v1.5 padding. If I have 1024 bit RSA key, then RAW RSA operation is running...
The patch above is only partial workaround.. it doesn't solve another important thing. 1. If SC_ALGORITHM_RSA_HASH_SHA256 is not set in card driver, I am unable to call `pkcs11-too1` with `-m...