different algorithms for different keys

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

different algorithms for different keys

Frank Morgner
Hi!

I am writing a card driver for a card that needs raw RSA data for
decryption but digestinfo+hash for creating a signature (pkcs#1 padding
on-card).

During the card driver initialization I use

_sc_card_add_rsa_alg(card, 2048,
    SC_ALGORITHM_RSA_PAD_PKCS1|SC_ALGORITHM_RSA_RAW, 0);

This adds the pkcs1 and raw usage to each key on the card. It is due to,
https://github.com/OpenSC/OpenSC/blob/master/src/pkcs11/framework-pkcs15.c#L4665-4811

Decryption works with

_sc_card_add_rsa_alg(card, 2048,
    SC_ALGORITHM_RSA_RAW, 0);

Signature works with

_sc_card_add_rsa_alg(card, 2048,
    SC_ALGORITHM_RSA_PAD_PKCS1, 0);

The only problem is that on the card driver level I can't specify the
type of key. Is there a workaround for this problem?


--
Frank Morgner

Virtual Smart Card Architecture http://vsmartcard.sourceforge.net
OpenPACE                        http://openpace.sourceforge.net
IFD Handler for libnfc Devices  http://sourceforge.net/projects/ifdnfc

------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls.
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

attachment0 (985 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: different algorithms for different keys

Tristan Timmermans
Dear Frank,

Isn't this dependent on the SE environment you are in? Say you are in SC_SEC_OPERATION_SIGN / DECIPHER and manage if from thereon on the card level?

Yours, 

Tristan

--
Tristan Timmermans





2014-07-29 10:22 GMT+02:00 Frank Morgner <[hidden email]>:
Hi!

I am writing a card driver for a card that needs raw RSA data for
decryption but digestinfo+hash for creating a signature (pkcs#1 padding
on-card).

During the card driver initialization I use

_sc_card_add_rsa_alg(card, 2048,
    SC_ALGORITHM_RSA_PAD_PKCS1|SC_ALGORITHM_RSA_RAW, 0);

This adds the pkcs1 and raw usage to each key on the card. It is due to,
https://github.com/OpenSC/OpenSC/blob/master/src/pkcs11/framework-pkcs15.c#L4665-4811

Decryption works with

_sc_card_add_rsa_alg(card, 2048,
    SC_ALGORITHM_RSA_RAW, 0);

Signature works with

_sc_card_add_rsa_alg(card, 2048,
    SC_ALGORITHM_RSA_PAD_PKCS1, 0);

The only problem is that on the card driver level I can't specify the
type of key. Is there a workaround for this problem?


--
Frank Morgner

Virtual Smart Card Architecture http://vsmartcard.sourceforge.net
OpenPACE                        http://openpace.sourceforge.net
IFD Handler for libnfc Devices  http://sourceforge.net/projects/ifdnfc

------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls.
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel



------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls.
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: different algorithms for different keys

Frank Morgner
On Tuesday, July 29 at 11:32AM, Tristan Timmermans wrote:
> Dear Frank,
>
> Isn't this dependent on the SE environment you are in? Say you are
> in SC_SEC_OPERATION_SIGN / DECIPHER and manage if from thereon on the card
> level?

At first the card driver says what the card is capable of. In my case
RSA (RAW/PKCS#1). Those mechanisms get registered in register_mechanism
(see below for github link). However, at this point I can't distinguish
between a key for decryption or signature. Afterwards, the card's
PKCS#15 structure is parsed and for each key on the card the registered
mechanism is looked up and an SE is created. At the PKCS#15-level you
can distinguish between decryption and signature, as you said. But you
can't say that decryption should only be done in raw format where
signature shall only be done in PKCS#1 format.

One solution would be to introduce dedicated usage flags that indicates
which algorithm should be used for which purpose. This way not every
possible algorithm gets the (CKF_HW | CKF_SIGN | CKF_DECRYPT) flags per
se as done in
https://github.com/OpenSC/OpenSC/blob/master/src/pkcs11/framework-pkcs15.c#L4545
Instead, the card driver announces the mechanisms for decryption and
signature separately from each other. However, modifying the framework
from the card driver up to the PKCS#11 layer seems quite clumsy to me...

Do you see other aproaches?

Cheers,
Frank.


> 2014-07-29 10:22 GMT+02:00 Frank Morgner <[hidden email]>:
>
> > Hi!
> >
> > I am writing a card driver for a card that needs raw RSA data for
> > decryption but digestinfo+hash for creating a signature (pkcs#1 padding
> > on-card).
> >
> > During the card driver initialization I use
> >
> > _sc_card_add_rsa_alg(card, 2048,
> >     SC_ALGORITHM_RSA_PAD_PKCS1|SC_ALGORITHM_RSA_RAW, 0);
> >
> > This adds the pkcs1 and raw usage to each key on the card. It is due to,
> >
> > https://github.com/OpenSC/OpenSC/blob/master/src/pkcs11/framework-pkcs15.c#L4665-4811
> >
> > Decryption works with
> >
> > _sc_card_add_rsa_alg(card, 2048,
> >     SC_ALGORITHM_RSA_RAW, 0);
> >
> > Signature works with
> >
> > _sc_card_add_rsa_alg(card, 2048,
> >     SC_ALGORITHM_RSA_PAD_PKCS1, 0);
> >
> > The only problem is that on the card driver level I can't specify the
> > type of key. Is there a workaround for this problem?
> >
> >
> > --
> > Frank Morgner
> >
> > Virtual Smart Card Architecture http://vsmartcard.sourceforge.net
> > OpenPACE                        http://openpace.sourceforge.net
> > IFD Handler for libnfc Devices  http://sourceforge.net/projects/ifdnfc
> >
> >
> > ------------------------------------------------------------------------------
> > Infragistics Professional
> > Build stunning WinForms apps today!
> > Reboot your WinForms applications with our WinForms controls.
> > Build a bridge from your legacy apps to the future.
> >
> > http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
> > _______________________________________________
> > Opensc-devel mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/opensc-devel
> >
> >

> ------------------------------------------------------------------------------
> Infragistics Professional
> Build stunning WinForms apps today!
> Reboot your WinForms applications with our WinForms controls.
> Build a bridge from your legacy apps to the future.
> http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel

--
Frank Morgner

Virtual Smart Card Architecture http://vsmartcard.sourceforge.net
OpenPACE                        http://openpace.sourceforge.net
IFD Handler for libnfc Devices  http://sourceforge.net/projects/ifdnfc

------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls.
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

attachment0 (985 bytes) Download Attachment