Wrong OID comparation in card.c for EC keys

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Wrong OID comparation in card.c for EC keys

Peter Popovec
Hi

I have problem to upload  EC keys into card:

OPENSC_DEBUG=255 pkcs15-init -vvv --store-private-key keys/prime192v1-key.pem

I have added some debug logs  into card.c, to get more precisely the place of this fail:

static sc_algorithm_info_t * sc_card_find_alg(sc_card_t *card,
                unsigned int algorithm, unsigned int key_length, void *param)
{
        int i;

        for (i = 0; i < card->algorithm_count; i++) {
                sc_algorithm_info_t *info = &card->algorithms[i];

                if (info->algorithm != algorithm)
                        continue;
                if (info->key_length != key_length)
                        continue;
                if (param)   {
                        sc_log(card->ctx, "comparing alg parameters\n");  // <<<<<< TEMP DEBUG LOG
                        if (info->algorithm == SC_ALGORITHM_EC){
                                sc_log(card->ctx, "SC_ALGORITHM_EC\n"); //<<<<<<<TEMP DEBUG LOG

                                if(sc_compare_oid((struct sc_object_id *)param, &info->u._ec.params.id))
                                        continue;
                        }
                }
                return info;
        }
        return NULL;
}


This is log of failed key upload:

0x7f0252186700 09:38:06.029 [pkcs15-init] pkcs15-myeid.c:481:myeid_store_key: called
0x7f0252186700 09:38:06.029 [pkcs15-init] card.c:861:sc_card_find_alg: comparing alg parameters
0x7f0252186700 09:38:06.029 [pkcs15-init] card.c:863:sc_card_find_alg: SC_ALGORITHM_EC
0x7f0252186700 09:38:06.030 [pkcs15-init] pkcs15-myeid.c:493:myeid_store_key: Unsupported algorithm or key size: -1300 (Invalid arguments)
0x7f0252186700 09:38:06.030 [pkcs15-init] pkcs15-lib.c:1444:sc_pkcs15init_store_private_key: Card specific 'store key' failed: -1300 (Invalid arguments)
Failed to store private key: Invalid arguments
0x7f0252186700 09:38:06.030 [pkcs15-init] pkcs15-lib.c:417:sc_pkcs15init_unbind: called
0x7f0252186700 09:38:06.030 [pkcs15-init] pkcs15-lib.c:418:sc_pkcs15init_unbind: Pksc15init Unbind: 0:0x1911a40:0

Apparently, this fail is at  OID comparation.  But the card supports this OID(1, 2, 840, 10045, 3, 1, 1) ..
Finally, the problem is in bad condition:


                                if(sc_compare_oid((struct sc_object_id *)param, &info->u._ec.params.id))
                                        continue;

sc_compare_oid() return true if OIDs matches,  and this condition must be negated.

Already similar construction is in  src/tools/pkcs15-tool.c  function   read_data_object(void),
with correct condition:

        for (i = 0; i < count; i++) {
                struct sc_pkcs15_data_info *cinfo = (struct sc_pkcs15_data_info *) objs[i]->data;
                struct sc_pkcs15_data *data_object = NULL;

                if (!sc_format_oid(&oid, opt_data))   {
                        if (!sc_compare_oid(&oid, &cinfo->app_oid))     // <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
                                continue;
                }

If someone can confirm this bug in card.c sc_card_find_alg(), please, generate a git pull request .. suggested patch in attachment.

Thanks




------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

card_c.patch (676 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Wrong OID comparation in card.c for EC keys

Viktor Tarasov-3
Hi,

applied in 49598b601631ec23df5512d21f77a9bb9be9e7e4,
thanks.

Best regards,
Viktor.

PS: Please, use "text only" mail content.

------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel