From b1c8e2fb5b3bbe7097ade926e6ac696a816f88a2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sosth=C3=A8ne=20Gu=C3=A9don?= <sosthene@nitrokey.com>
Date: Mon, 28 Nov 2022 10:13:33 +0100
Subject: [PATCH] Fix OpenSC compatibility for RSA

---
 src/command/data.rs |  3 +++
 src/types.rs        | 29 +++++++++++++++++++++++------
 2 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/src/command/data.rs b/src/command/data.rs
index 42e64ec..6f57ffa 100644
--- a/src/command/data.rs
+++ b/src/command/data.rs
@@ -572,6 +572,8 @@ fn pw_status_bytes<const R: usize, T: trussed::Client>(
 }
 
 fn algo_info<const R: usize, T: trussed::Client>(mut ctx: Context<'_, R, T>) -> Result<(), Status> {
+    ctx.reply.expand(&[0xFA])?;
+    let offset = ctx.reply.len();
     for alg in SignatureAlgorithm::iter_all() {
         ctx.reply.expand(&[0xC1])?;
         let offset = ctx.reply.len();
@@ -590,6 +592,7 @@ fn algo_info<const R: usize, T: trussed::Client>(mut ctx: Context<'_, R, T>) ->
         ctx.reply.expand(alg.attributes())?;
         ctx.reply.prepend_len(offset)?;
     }
+    ctx.reply.prepend_len(offset)?;
     Ok(())
 }
 
diff --git a/src/types.rs b/src/types.rs
index f0d800f..45a888e 100644
--- a/src/types.rs
+++ b/src/types.rs
@@ -58,6 +58,23 @@ const RSA_4K_ATTRIBUTES: &[u8] = hex!(
 )
 .as_slice();
 
+// Accepted for key generation, but overridden to always set the import format to CRT
+const RSA_2K_ATTRIBUTES_STANDARD_IMPORT: &[u8] = hex!("
+    01
+    0800 // Length modulus (in bit): 2048                                                                                                                                        
+    0020 // Length exponent (in bit): 32
+    00   // import in standard format
+").as_slice();
+const RSA_4K_ATTRIBUTES_STANDARD_IMPORT: &[u8] = hex!(
+    "
+    01
+    1000 // Length modulus (in bit): 4096
+    0020 // Length exponent (in bit): 32
+    00   // import in standard format
+"
+)
+.as_slice();
+
 #[derive(Debug, Copy, Clone)]
 pub struct AlgorithmFromAttributesError;
 
@@ -107,8 +124,8 @@ impl TryFrom<&[u8]> for SignatureAlgorithm {
         match v {
             ED255_ATTRIBUTES => Ok(Self::Ed255),
             ECDSA_P256_ATTRIBUTES => Ok(Self::EcDsaP256),
-            RSA_2K_ATTRIBUTES => Ok(Self::Rsa2048),
-            RSA_4K_ATTRIBUTES => Ok(Self::Rsa4096),
+            RSA_2K_ATTRIBUTES | RSA_2K_ATTRIBUTES_STANDARD_IMPORT => Ok(Self::Rsa2048),
+            RSA_4K_ATTRIBUTES | RSA_4K_ATTRIBUTES_STANDARD_IMPORT => Ok(Self::Rsa4096),
             _ => Err(AlgorithmFromAttributesError),
         }
     }
@@ -160,8 +177,8 @@ impl TryFrom<&[u8]> for DecryptionAlgorithm {
         match v {
             X255_ATTRIBUTES => Ok(Self::X255),
             ECDH_P256_ATTRIBUTES => Ok(Self::EcDhP256),
-            RSA_2K_ATTRIBUTES => Ok(Self::Rsa2048),
-            RSA_4K_ATTRIBUTES => Ok(Self::Rsa4096),
+            RSA_2K_ATTRIBUTES | RSA_2K_ATTRIBUTES_STANDARD_IMPORT => Ok(Self::Rsa2048),
+            RSA_4K_ATTRIBUTES | RSA_4K_ATTRIBUTES_STANDARD_IMPORT => Ok(Self::Rsa4096),
             _ => Err(AlgorithmFromAttributesError),
         }
     }
@@ -213,8 +230,8 @@ impl TryFrom<&[u8]> for AuthenticationAlgorithm {
         match v {
             ED255_ATTRIBUTES => Ok(Self::Ed255),
             ECDSA_P256_ATTRIBUTES => Ok(Self::EcDsaP256),
-            RSA_2K_ATTRIBUTES => Ok(Self::Rsa2048),
-            RSA_4K_ATTRIBUTES => Ok(Self::Rsa4096),
+            RSA_2K_ATTRIBUTES | RSA_2K_ATTRIBUTES_STANDARD_IMPORT => Ok(Self::Rsa2048),
+            RSA_4K_ATTRIBUTES | RSA_4K_ATTRIBUTES_STANDARD_IMPORT => Ok(Self::Rsa4096),
             _ => Err(AlgorithmFromAttributesError),
         }
     }