[Pki-devel] [pki-devel][PATCH] 0090-First-cut-of-scp03-support.-Supports-the-g-d-smartca.patch

[John Magne]

First cut of scp03 support. Supports the g&d smartcafe out of the box.
    
    Developer keyset token operations and key change over supported.
    
    Caveats.
    
    -The diversification step going from master key to card key uses DES3 as required for the token.
    -After that point, everything is scp03 to the spec with minor excpetions so far.
    
    Supports 128 bit AES for now. Will resolve this.
    
    Minor config tweaks:
    
    TPS
    
    Symmetric Key Changeover
    
    Use this applet for scp03:
    
    RSA/KeyRecovery/GP211/SCP02/SCP03 applet : 1.5.558cdcff.ijc
    
    TKS:
    
    Symmetric Key Changeover
    
    tks.mk_mappings.#02#03=internal:new_master
    
    tks.defKeySet.mk_mappings.#02#03=internal:new_master
    
    Use the uncommented one because scp03 returns a different key set data string.
    
    ToDo:
    
    -Support the rest of the AES sizes other than 128.
    -Support optional RMAC apdu.
    -Test and adjust the config capability for other tokens.
    -Support AES master key. Right now the standard key ends up creating AES card and session keys.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0090-First-cut-of-scp03-support.-Supports-the-g-d-smartca.patch
Type: text/x-patch
Size: 196629 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20170313/081b62e3/attachment.bin>