entersafe: Disable RSA:512bits that modified in entersafe_generate_ke…

…y and entersafe_store_key function 1.Added a prompt while initializing ePass2003 \n 2.Modify code to disable 512bit key
marschap · Oct 1, 2012 · c91f0e8 · c91f0e8
1 parent 4b9e82d
commit c91f0e8
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 6 deletions.
diff --git a/src/pkcs15init/pkcs15-entersafe.c b/src/pkcs15init/pkcs15-entersafe.c
@@ -14,6 +14,7 @@
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 /* Initially written by Weitao Sun (weitao@ftsafe.com) 2008*/
+/* Disable RSA:512bits by Shengchao Niu (shengchao@ftsafe.com) 2012 */
 
 #include "config.h"
 
@@ -347,11 +348,28 @@ static int entersafe_store_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
 	const sc_acl_entry_t   *acl_entry;
 	int r;
 
+	struct sc_pkcs15_prkey_info *key_info = (struct sc_pkcs15_prkey_info *)obj->data;
+	size_t keybits = key_info->modulus_length;
+
 	SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
 
-	if (key->algorithm != SC_ALGORITHM_RSA)
+	if ( key->algorithm != SC_ALGORITHM_RSA )
+	{
 		 /* ignore DSA keys */
 		 SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE,SC_ERROR_INVALID_ARGUMENTS);
+	}
+
+	/* Disable RSA:512bits */
+	if ( ( keybits < 1024 ) ||
+		 ( keybits > 2048 ) ||
+		 ( keybits % 0x20 ) )
+	{
+		sc_debug( card->ctx,
+				  SC_LOG_DEBUG_NORMAL,
+				  "Unsupported key size %u\n",
+				  keybits );
+		return SC_ERROR_INVALID_ARGUMENTS;
+	}
 
 	r = sc_profile_get_file(profile, "PKCS15-AODF", &tfile);
 	if (r < 0)
@@ -381,10 +399,27 @@ static int entersafe_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15ca
 	sc_file_t              *tfile;
 	const sc_acl_entry_t   *acl_entry;
 
+	struct sc_pkcs15_prkey_info *key_info = (struct sc_pkcs15_prkey_info *)obj->data;
+	size_t keybits = key_info->modulus_length;
+
 	SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
 
-	if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA)
+	if ( obj->type != SC_PKCS15_TYPE_PRKEY_RSA )
+	{
 		return SC_ERROR_NOT_SUPPORTED;
+	}
+
+	/* Disable RSA:512bits */
+	if ( ( keybits < 1024 ) ||
+		 ( keybits > 2048 ) ||
+		 ( keybits % 0x20 ) )
+	{
+		sc_debug( card->ctx,
+				  SC_LOG_DEBUG_NORMAL,
+				  "Unsupported key size %u\n",
+				  keybits );
+		return SC_ERROR_INVALID_ARGUMENTS;
+	}
 
 	r = sc_profile_get_file(profile, "PKCS15-AODF", &tfile);
 	if (r < 0)

diff --git a/src/pkcs15init/pkcs15-epass2003.c b/src/pkcs15init/pkcs15-epass2003.c
@@ -50,6 +50,8 @@ static int epass2003_pkcs15_init_card(struct sc_profile *profile,
 	int ret;
 
 	SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
+	sc_do_log(card->ctx, SC_LOG_DEBUG_VERBOSE_TOOL,NULL,0,NULL,
+			"ePass2003 doesn't surpport SO-PIN and SO-PUK. You can unblock key with PUK. \n");
 	{			/* MF */
 		struct sc_file *mf_file;
 		struct sc_file *skey_file;
@@ -439,8 +441,8 @@ static int epass2003_pkcs15_store_key(struct sc_profile *profile,
 
 	sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "index %i; keybits %i\n", idx,
 		 keybits);
-	if (keybits < 512 || keybits > 2048 || (keybits % 0x20)) {
-		sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,
+	if (keybits < 1024 || keybits > 2048 || (keybits % 0x20)) {
+		sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
 			 "Unsupported key size %u\n", keybits);
 		return SC_ERROR_INVALID_ARGUMENTS;
 	}
@@ -513,8 +515,8 @@ static int epass2003_pkcs15_generate_key(struct sc_profile *profile,
 
 	sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "index %i; keybits %i\n", idx,
 		 keybits);
-	if (keybits < 512 || keybits > 2048 || (keybits % 0x20)) {
-		sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,
+	if (keybits < 1024 || keybits > 2048 || (keybits % 0x20)) {
+		sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
 			 "Unsupported key size %u\n", keybits);
 		return SC_ERROR_INVALID_ARGUMENTS;
 	}