dtrust: Identify D-Trust Card 5.1 & 5.4 (#3131)

src/libopensc/card-dtrust.c

@@ -56,6 +56,19 @@ static const struct sc_atr_table dtrust_atrs[] = {
  * as it is identical to that of CardOS v5.4 and therefore already included.
  * Any new ATR may need an entry in minidriver_registration[]. */
  { "3b:d2:18:00:81:31:fe:58:c9:04:11", NULL, NULL, SC_CARD_TYPE_DTRUST_V4_1_STD, 0, NULL },
+
+
+ /* D-Trust Signature Card v5.1 and v5.4 - CardOS 6.0
+ *
+ * These cards are dual interface cards. Thus they have separate ATRs. */
+
+ /* contact based */
+ { "3b:d2:18:00:81:31:fe:58:cb:01:16", NULL, NULL, SC_CARD_TYPE_DTRUST_V5_1_STD, 0, NULL },
+
+ /* contactless */
+ { "3b:82:80:01:cb:01:c9", NULL, NULL, SC_CARD_TYPE_DTRUST_V5_1_STD, 0, NULL },
+ { "07:78:77:74:03:cb:01:09", NULL, NULL, SC_CARD_TYPE_DTRUST_V5_1_STD, 0, NULL },
+
  { NULL, NULL, NULL, 0, 0, NULL }
 };
 // clang-format on
@@ -81,16 +94,26 @@ _dtrust_match_cardos(sc_card_t *card)
  r = sc_get_data(card, 0x0182, buf, 32);
  LOG_TEST_RET(card->ctx, r, "OS version check failed");
 
- if (r != 2 || buf[0] != 0xc9 || buf[1] != 0x04)
- return SC_ERROR_WRONG_CARD;
+ if (card->type == SC_CARD_TYPE_DTRUST_V4_1_STD) {
+ if (r != 2 || buf[0] != 0xc9 || buf[1] != 0x04)
+ return SC_ERROR_WRONG_CARD;
+ } else if (card->type == SC_CARD_TYPE_DTRUST_V5_1_STD) {
+ if (r != 2 || buf[0] != 0xcb || buf[1] != 0x01)
+ return SC_ERROR_WRONG_CARD;
+ }
 
  /* check product name */
  r = sc_get_data(card, 0x0180, buf, 32);
  LOG_TEST_RET(card->ctx, r, "Product name check failed");
 
  prodlen = (size_t)r;
- if (prodlen != strlen("CardOS V5.4 2019") + 1 || memcmp(buf, "CardOS V5.4 2019", prodlen))
- return SC_ERROR_WRONG_CARD;
+ if (card->type == SC_CARD_TYPE_DTRUST_V4_1_STD) {
+ if (prodlen != strlen("CardOS V5.4 2019") + 1 || memcmp(buf, "CardOS V5.4 2019", prodlen))
+ return SC_ERROR_WRONG_CARD;
+ } else if (card->type == SC_CARD_TYPE_DTRUST_V5_1_STD) {
+ if (prodlen != strlen("CardOS V6.0 2021") + 1 || memcmp(buf, "CardOS V6.0 2021", prodlen))
+ return SC_ERROR_WRONG_CARD;
+ }
 
  return SC_SUCCESS;
 }
@@ -138,18 +161,33 @@ _dtrust_match_profile(sc_card_t *card)
  * on the production process, but aren't relevant for determining the
  * card profile.
  */
- if (plen >= 27 && !memcmp(pp, "D-TRUST Card 4.1 Std. RSA 2", 27))
- card->type = SC_CARD_TYPE_DTRUST_V4_1_STD;
- else if (plen >= 28 && !memcmp(pp, "D-TRUST Card 4.1 Multi ECC 2", 28))
- card->type = SC_CARD_TYPE_DTRUST_V4_1_MULTI;
- else if (plen >= 27 && !memcmp(pp, "D-TRUST Card 4.1 M100 ECC 2", 27))
- card->type = SC_CARD_TYPE_DTRUST_V4_1_M100;
- else if (plen >= 27 && !memcmp(pp, "D-TRUST Card 4.4 Std. RSA 2", 27))
- card->type = SC_CARD_TYPE_DTRUST_V4_4_STD;
- else if (plen >= 28 && !memcmp(pp, "D-TRUST Card 4.4 Multi ECC 2", 28))
- card->type = SC_CARD_TYPE_DTRUST_V4_4_MULTI;
- else
- return SC_ERROR_WRONG_CARD;
+ if (card->type == SC_CARD_TYPE_DTRUST_V4_1_STD) {
+ if (plen >= 27 && !memcmp(pp, "D-TRUST Card 4.1 Std. RSA 2", 27))
+ card->type = SC_CARD_TYPE_DTRUST_V4_1_STD;
+ else if (plen >= 28 && !memcmp(pp, "D-TRUST Card 4.1 Multi ECC 2", 28))
+ card->type = SC_CARD_TYPE_DTRUST_V4_1_MULTI;
+ else if (plen >= 27 && !memcmp(pp, "D-TRUST Card 4.1 M100 ECC 2", 27))
+ card->type = SC_CARD_TYPE_DTRUST_V4_1_M100;
+ else if (plen >= 27 && !memcmp(pp, "D-TRUST Card 4.4 Std. RSA 2", 27))
+ card->type = SC_CARD_TYPE_DTRUST_V4_4_STD;
+ else if (plen >= 28 && !memcmp(pp, "D-TRUST Card 4.4 Multi ECC 2", 28))
+ card->type = SC_CARD_TYPE_DTRUST_V4_4_MULTI;
+ else
+ return SC_ERROR_WRONG_CARD;
+ } else if (card->type == SC_CARD_TYPE_DTRUST_V5_1_STD) {
+ if (plen >= 27 && !memcmp(pp, "D-TRUST Card 5.1 Std. RSA 2", 27))
+ card->type = SC_CARD_TYPE_DTRUST_V5_1_STD;
+ else if (plen >= 28 && !memcmp(pp, "D-TRUST Card 5.1 Multi ECC 2", 28))
+ card->type = SC_CARD_TYPE_DTRUST_V5_1_MULTI;
+ else if (plen >= 27 && !memcmp(pp, "D-TRUST Card 5.1 M100 ECC 2", 27))
+ card->type = SC_CARD_TYPE_DTRUST_V5_1_M100;
+ else if (plen >= 27 && !memcmp(pp, "D-TRUST Card 5.4 Std. RSA 2", 27))
+ card->type = SC_CARD_TYPE_DTRUST_V5_4_STD;
+ else if (plen >= 28 && !memcmp(pp, "D-TRUST Card 5.4 Multi ECC 2", 28))
+ card->type = SC_CARD_TYPE_DTRUST_V5_4_MULTI;
+ else
+ return SC_ERROR_WRONG_CARD;
+ }
 
  name = malloc(plen + 1);
  if (name == NULL)
@@ -175,7 +213,7 @@ dtrust_match_card(sc_card_t *card)
  if (_dtrust_match_profile(card) != SC_SUCCESS)
  return 0;
 
- sc_log(card->ctx, "D-Trust Signature Card (CardOS 5.4)");
+ sc_log(card->ctx, "D-Trust Signature Card");
 
  return 1;
 }
@@ -235,6 +273,8 @@ dtrust_init(sc_card_t *card)
  switch (card->type) {
  case SC_CARD_TYPE_DTRUST_V4_1_STD:
  case SC_CARD_TYPE_DTRUST_V4_4_STD:
+ case SC_CARD_TYPE_DTRUST_V5_1_STD:
+ case SC_CARD_TYPE_DTRUST_V5_4_STD:
  flags |= SC_ALGORITHM_RSA_PAD_PKCS1;
  flags |= SC_ALGORITHM_RSA_PAD_PSS;
  flags |= SC_ALGORITHM_RSA_PAD_OAEP;
@@ -254,6 +294,9 @@ dtrust_init(sc_card_t *card)
  case SC_CARD_TYPE_DTRUST_V4_1_MULTI:
  case SC_CARD_TYPE_DTRUST_V4_1_M100:
  case SC_CARD_TYPE_DTRUST_V4_4_MULTI:
+ case SC_CARD_TYPE_DTRUST_V5_1_MULTI:
+ case SC_CARD_TYPE_DTRUST_V5_1_M100:
+ case SC_CARD_TYPE_DTRUST_V5_4_MULTI:
  flags |= SC_ALGORITHM_ECDH_CDH_RAW;
  flags |= SC_ALGORITHM_ECDSA_HASH_SHA256;
  ext_flags = SC_ALGORITHM_EXT_EC_NAMEDCURVE;

src/libopensc/cards.h

@@ -268,6 +268,11 @@ enum {
  SC_CARD_TYPE_DTRUST_V4_1_M100,
  SC_CARD_TYPE_DTRUST_V4_4_STD,
  SC_CARD_TYPE_DTRUST_V4_4_MULTI,
+ SC_CARD_TYPE_DTRUST_V5_1_STD,
+ SC_CARD_TYPE_DTRUST_V5_1_MULTI,
+ SC_CARD_TYPE_DTRUST_V5_1_M100,
+ SC_CARD_TYPE_DTRUST_V5_4_STD,
+ SC_CARD_TYPE_DTRUST_V5_4_MULTI,
 };
 
 extern sc_card_driver_t *sc_get_default_driver(void);

win32/customactions.cpp

@@ -158,6 +158,8 @@ MD_REGISTRATION minidriver_registration[] = {
  11, {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff}},
  {TEXT("CardOS v5.4"), {0x3b,0xd2,0x18,0x00,0x81,0x31,0xfe,0x58,0xc9,0x04,0x11},
  11, {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff}},
+ {TEXT("CardOS v6.0"), {0x3b,0xd2,0x18,0x00,0x81,0x31,0xfe,0x58,0xcb,0x01,0x16},
+ 11, {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff}},
  {TEXT("JPKI"), {0x3b,0xe0,0x00,0xff,0x81,0x31,0xfe,0x45,0x14},
  9, {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff}},