File opensc-0.22.0-support-itacns-2048.patch of Package opensc

From 24d6c30dcfec00c425360414b2b75336a42982e8 Mon Sep 17 00:00:00 2001
From: 0xdebe <gdeber@libero.it>
Date: Thu, 29 Jul 2021 17:13:01 +0200
Subject: [PATCH 1/3] fix Key Lenght for ST2021

---
 src/libopensc/card-itacns.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/libopensc/card-itacns.c b/src/libopensc/card-itacns.c
index bf085cafbc..52e144f194 100644
--- a/src/libopensc/card-itacns.c
+++ b/src/libopensc/card-itacns.c
@@ -105,7 +105,7 @@ static int itacns_match_cns_card(sc_card_t *card, unsigned int i)
 		DRVDATA(card)->cns_version = atr[i];
 	}
 	/* Warn if the version is not 1.0. */
-	if(atr[i] != 0x10) {
+	if(atr[i] != 0x10 && atr[i] != 0x11) {
 		char version[8];
 		snprintf(version, sizeof(version), "%d.%d", (atr[i] >> 4) & 0x0f, atr[i] & 0x0f);
 		sc_log(card->ctx, "CNS card version %s; no official specifications "
@@ -219,8 +219,13 @@ static int itacns_init(sc_card_t *card)
 		| SC_ALGORITHM_RSA_RAW
 		| SC_ALGORITHM_RSA_HASHES
 		;
+
 	_sc_card_add_rsa_alg(card, 1024, flags, 0);
 
+	if (DRVDATA(card)->cns_version == 0x11) {
+		card->caps |= SC_CARD_CAP_APDU_EXT;
+		_sc_card_add_rsa_alg(card, 2048, flags, 0);
+	}
 	return SC_SUCCESS;
 }
 

From 9a38cd36c2823efb2b7615902e7cbef0534da1aa Mon Sep 17 00:00:00 2001
From: 0xdebe <gdeber@libero.it>
Date: Thu, 29 Jul 2021 17:13:16 +0200
Subject: [PATCH 2/3] fix Modulus Lenght for ST2021

---
 src/libopensc/pkcs15-itacns.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/libopensc/pkcs15-itacns.c b/src/libopensc/pkcs15-itacns.c
index 9c9b40a591..875b12276d 100644
--- a/src/libopensc/pkcs15-itacns.c
+++ b/src/libopensc/pkcs15-itacns.c
@@ -283,7 +283,16 @@ static int itacns_add_pubkey(sc_pkcs15_card_t *p15card,
 	 * This is hard-coded, unless unforeseen versions of the CNS
 	 * turn up sometime.
 	 */
-	info.modulus_length = 1024;
+
+	/* This is the unforseen version :D */
+	if (((itacns_drv_data_t *) p15card->card->drv_data)->cns_version == 0x11) {
+		info.modulus_length = 2048;
+	}
+	else {
+		info.modulus_length = 1024;
+	}
+
+	
 
 	*modulus_len_out = info.modulus_length;
 	r = sc_pkcs15emu_add_rsa_pubkey(p15card, &obj, &info);
@@ -590,6 +599,10 @@ static int itacns_add_keyset(sc_pkcs15_card_t *p15card,
 
 	/* This is hard-coded, for the time being. */
 	int modulus_length = 1024;
+	/* it's a ST2021? */
+	if (((itacns_drv_data_t *) p15card->card->drv_data)->cns_version == 0x11) {
+		modulus_length = 2048;
+	}
 
 	/* Public key; not really needed */
 	/* FIXME: set usage according to the certificate. */

From 03707e182235ce9f83d3847e33f4fb4e38eebe42 Mon Sep 17 00:00:00 2001
From: 0xdebe <gdeber@libero.it>
Date: Sat, 31 Jul 2021 16:25:58 +0200
Subject: [PATCH 3/3] fix modulus len

---
 src/libopensc/card-itacns.c   |  2 +-
 src/libopensc/pkcs15-itacns.c | 43 ++++++++++++-----------------------
 2 files changed, 15 insertions(+), 30 deletions(-)

diff --git a/src/libopensc/card-itacns.c b/src/libopensc/card-itacns.c
index 52e144f194..b26f9d3317 100644
--- a/src/libopensc/card-itacns.c
+++ b/src/libopensc/card-itacns.c
@@ -104,7 +104,7 @@ static int itacns_match_cns_card(sc_card_t *card, unsigned int i)
 	if(card->driver) {
 		DRVDATA(card)->cns_version = atr[i];
 	}
-	/* Warn if the version is not 1.0. */
+	/* Warn if version is not 1.X. */
 	if(atr[i] != 0x10 && atr[i] != 0x11) {
 		char version[8];
 		snprintf(version, sizeof(version), "%d.%d", (atr[i] >> 4) & 0x0f, atr[i] & 0x0f);
diff --git a/src/libopensc/pkcs15-itacns.c b/src/libopensc/pkcs15-itacns.c
index 875b12276d..afdf459c4e 100644
--- a/src/libopensc/pkcs15-itacns.c
+++ b/src/libopensc/pkcs15-itacns.c
@@ -189,7 +189,7 @@ static int loadFile(const sc_pkcs15_card_t *p15card, const sc_path_t *path,
 static int itacns_add_cert(sc_pkcs15_card_t *p15card,
 	int type, int authority, const sc_path_t *path,
 	const sc_pkcs15_id_t *id, const char *label, int obj_flags,
-	int *ext_info_ok, int *key_usage, int *x_key_usage)
+	int *ext_info_ok, int *key_usage, int *x_key_usage, int *modulus_len)
 {
 	int r;
 	/* const char *label = "Certificate"; */
@@ -237,6 +237,11 @@ static int itacns_add_cert(sc_pkcs15_card_t *p15card,
 		const u8 *throwaway = cert->data.value;
 		x509 = d2i_X509(NULL, &throwaway, cert->data.len);
 	}
+
+	if (cert->key && cert->key->algorithm == SC_ALGORITHM_RSA) {
+		*modulus_len = cert->key->u.rsa.modulus.len * 8;
+	}
+
 	sc_pkcs15_free_certificate(cert);
 	if (!x509) return SC_SUCCESS;
 	X509_check_purpose(x509, -1, 0);
@@ -260,7 +265,7 @@ static int itacns_add_cert(sc_pkcs15_card_t *p15card,
 
 static int itacns_add_pubkey(sc_pkcs15_card_t *p15card,
 	 const sc_path_t *path, const sc_pkcs15_id_t *id, const char *label,
-	int usage, int ref, int obj_flags, int *modulus_len_out)
+	int usage, int ref, int obj_flags, int modulus_len)
 {
 	int r;
 	sc_pkcs15_pubkey_info_t info;
@@ -279,22 +284,8 @@ static int itacns_add_pubkey(sc_pkcs15_card_t *p15card,
 	strlcpy(obj.label, label, sizeof(obj.label));
 	obj.flags		= obj_flags;
 
-	/*
-	 * This is hard-coded, unless unforeseen versions of the CNS
-	 * turn up sometime.
-	 */
-
-	/* This is the unforseen version :D */
-	if (((itacns_drv_data_t *) p15card->card->drv_data)->cns_version == 0x11) {
-		info.modulus_length = 2048;
-	}
-	else {
-		info.modulus_length = 1024;
-	}
+	info.modulus_length = modulus_len;
 
-	
-
-	*modulus_len_out = info.modulus_length;
 	r = sc_pkcs15emu_add_rsa_pubkey(p15card, &obj, &info);
 	LOG_TEST_RET(p15card->card->ctx, r,
 		"Could not add pub key");
@@ -589,7 +580,7 @@ static int itacns_add_keyset(sc_pkcs15_card_t *p15card,
 	const char *label, int sec_env, sc_pkcs15_id_t *cert_id,
 	const char *pubkey_path, const char *prkey_path,
 	unsigned int pubkey_usage_flags, unsigned int prkey_usage_flags,
-	u8 pin_ref)
+	u8 pin_ref, int modulus_len)
 {
 	int r;
 	sc_path_t path;
@@ -597,19 +588,13 @@ static int itacns_add_keyset(sc_pkcs15_card_t *p15card,
 	char pinlabel[16];
 	int fake_puk_authid, pin_flags;
 
-	/* This is hard-coded, for the time being. */
-	int modulus_length = 1024;
-	/* it's a ST2021? */
-	if (((itacns_drv_data_t *) p15card->card->drv_data)->cns_version == 0x11) {
-		modulus_length = 2048;
-	}
 
 	/* Public key; not really needed */
 	/* FIXME: set usage according to the certificate. */
 	if (pubkey_path) {
 		sc_format_path(pubkey_path, &path);
 		r = itacns_add_pubkey(p15card, &path, cert_id, label,
-			pubkey_usage_flags, sec_env, 0, &modulus_length);
+			pubkey_usage_flags, sec_env, 0, modulus_len);
 		LOG_TEST_RET(p15card->card->ctx, r,
 			"Could not add public key");
 	}
@@ -623,7 +608,7 @@ static int itacns_add_keyset(sc_pkcs15_card_t *p15card,
 		private_path = &path;
 	}
 	r = itacns_add_prkey(p15card, cert_id, label, SC_PKCS15_TYPE_PRKEY_RSA,
-		modulus_length,
+		modulus_len,
 		prkey_usage_flags,
 		private_path, sec_env, cert_id, SC_PKCS15_CO_FLAG_PRIVATE);
 	LOG_TEST_RET(p15card->card->ctx, r,
@@ -674,7 +659,7 @@ static int itacns_check_and_add_keyset(sc_pkcs15_card_t *p15card,
 	sc_path_t path;
 	sc_pkcs15_id_t cert_id;
 	int ext_info_ok;
-	int ku = 0, xku = 0;
+	int ku = 0, xku = 0, modulus_len = 0;
 	int pubkey_usage_flags = 0, prkey_usage_flags = 0;
 
 	cert_id.len = 1;
@@ -720,7 +705,7 @@ static int itacns_check_and_add_keyset(sc_pkcs15_card_t *p15card,
 	}
 
 	r = itacns_add_cert(p15card, SC_PKCS15_TYPE_CERT_X509, 0,
-		&path, &cert_id, label, 0, &ext_info_ok, &ku, &xku);
+		&path, &cert_id, label, 0, &ext_info_ok, &ku, &xku, &modulus_len);
 	if (r == SC_ERROR_INVALID_ASN1_OBJECT)
 		return 0;
 	LOG_TEST_RET(p15card->card->ctx, r,
@@ -765,7 +750,7 @@ static int itacns_check_and_add_keyset(sc_pkcs15_card_t *p15card,
 
 	r = itacns_add_keyset(p15card, label, sec_env, &cert_id,
 		pubkey_path, prkey_path, pubkey_usage_flags, prkey_usage_flags,
-		pin_ref);
+		pin_ref, modulus_len);
 	LOG_TEST_RET(p15card->card->ctx, r,
 		"Could not add keys for this certificate");