Skip to content

Commit 608feee

Browse files
metsmametsma
authored
Only enable RSA PSS selected devices (#1197)
IB-7746, IB-7768 Signed-off-by: Raul Metsma <[email protected]>
1 parent 3599a1e commit 608feee

File tree

1 file changed

+12
-16
lines changed

1 file changed

+12
-16
lines changed

client/QCNG.cpp

Lines changed: 12 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -162,7 +162,7 @@ QList<TokenData> QCNG::tokens() const
162162
return {};
163163
return data;
164164
};
165-
auto enumKeys = [&result, &prop](const QString &provider, const QString &reader = {}) {
165+
auto enumKeys = [&result, &prop](const QString &provider, QString reader = {}) {
166166
QString scope = QStringLiteral(R"(\\.\%1\)").arg(reader);
167167
SCOPE<NCRYPT_PROV_HANDLE> h;
168168
SECURITY_STATUS err = NCryptOpenStorageProvider(&h, LPCWSTR(provider.utf16()), 0);
@@ -180,6 +180,8 @@ QList<TokenData> QCNG::tokens() const
180180
if(cert.isNull())
181181
continue;
182182

183+
if(reader.isEmpty())
184+
reader = QString::fromUtf16((const char16_t*)prop(key, NCRYPT_READER_PROPERTY).data());
183185
QString guid = prop(h, NCRYPT_SMARTCARD_GUID_PROPERTY).trimmed();
184186
TokenData &t = result.emplaceBack();
185187
t.setReader(reader);
@@ -191,24 +193,18 @@ QList<TokenData> QCNG::tokens() const
191193
t.setData(QStringLiteral("spec"), QVariant::fromValue(keyname->dwLegacyKeySpec));
192194
qWarning() << "key" << t.data(QStringLiteral("provider"))
193195
<< "spec" << t.data(QStringLiteral("spec"))
194-
<< "alg" << QString::fromWCharArray(keyname->pszAlgid)
196+
<< "alg" << QStringView(keyname->pszAlgid)
195197
<< "flags" << keyname->dwFlags;
196-
if(cert.publicKey().algorithm() != QSsl::Rsa)
198+
if(cert.publicKey().algorithm() != QSsl::Rsa || reader.isEmpty())
197199
continue;
198200

199-
static const QHash<QByteArray,bool> supportsPSS {
200-
{"3BDD18008131FE45904C41545649412D65494490008C", false}, // LV-G1
201-
{"3BDB960080B1FE451F830012428F536549440F900020", false}, // LV-G2
201+
static const QSet<QByteArray> usePSS {
202+
{"3BFF9600008131804380318065B0850300EF120FFE82900066"}, // eToken 5110 CC (830)
203+
{"3BFF9600008131FE4380318065B0855956FB120FFE82900000"}, // eToken 5110 CC (940)
204+
{"3BD518008131FE7D8073C82110F4"}, // SafeNet 5110 FIPS
205+
{"3BFF9600008131FE4380318065B0846566FB12017882900085"}, // SafeNet 5110+ FIPS
202206
};
203-
QByteArray atr = QPCSCReader(reader, &QPCSC::instance()).atr();
204-
if(supportsPSS.contains(atr))
205-
{
206-
t.setData(QStringLiteral("PSS"), supportsPSS.value(atr));
207-
continue;
208-
}
209-
SECURITY_STATUS err = NCryptSignHash(key, &rsaPSS, PBYTE(digest.data()), DWORD(digest.size()),
210-
nullptr, 0, &size, BCRYPT_PAD_PSS);
211-
t.setData(QStringLiteral("PSS"), SUCCEEDED(err));
207+
t.setData(QStringLiteral("PSS"), usePSS.contains(QPCSCReader(reader, &QPCSC::instance()).atr()));
212208
}
213209
};
214210

@@ -220,7 +216,7 @@ QList<TokenData> QCNG::tokens() const
220216
{
221217
QString provider = QString::fromWCharArray(providers[i].pszName);
222218
qWarning() << "Found provider" << provider;
223-
if(provider == QString::fromWCharArray(MS_SMART_CARD_KEY_STORAGE_PROVIDER))
219+
if(provider == QStringView(MS_SMART_CARD_KEY_STORAGE_PROVIDER))
224220
{
225221
for( const QString &reader: QPCSC::instance().readers() )
226222
{

0 commit comments

Comments
 (0)