I would to propose two sets of changes to the
./etc/opensc.conf.in file.
The first cleans up some PIV issues:
adding # piv to the list of supported internal driver names,
removing the # pkcs15emu = "PIV-II"; comment line,
adding the PIV-II to to the list of the builtin pkcs15
emulators to test.
The second deals with the use of the max_send_size
and max_recv_size parameters, especially important if
you are trying to to use more then one type of card on the
same system.
opensc.conf sets these to 252 for the pcsc reader_driver,
but not any of the other reader_drivers.
The default is set in ctx.c from SC_APDU_CHOP_SIZE as 248.
(Is this some old holder over from some earlier readers?)
The values set for the reader then applies to *all* cards
that might be used on the system. card.c copies it to
card->max_send_size = reader->driver->max_send_size;
Many card card drivers will set their own limits
and change card->max_*_size if the max_*_size is
greater then the card can handle:
card-staros.c 128
card-atrust-acos.c 128
pkcs15-gemsafe.c 248
card-minicos 244
card-gpk.c multiple of 8
card-piv.c needs 256 before doing i/o but 0xffff during emulation.
card-muscle 1024*64 but also has a MSC_MAX_SEND = 255
and MSC_MAX_APDU = 256.
The consistent thing to do would be to have the default set to
256, and comment out the max_*_sizes in opensc.conf
as all newer readers can handle this, as far as I know.
Then let each card driver reset it if it is larger then the
card can handle as most today today. A user with an older reader
could still set it lower in opensc.conf.
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
Index: opensc.conf.in
===================================================================
--- opensc.conf.in (revision 3121)
+++ opensc.conf.in (working copy)
@@ -68,8 +68,8 @@
# Some IFD handlers do not properly handle APDUs with
# large lc or le bytes.
#
- max_send_size = 252;
- max_recv_size = 252;
+ max_send_size = 256;
+ max_recv_size = 256;
#
# Connect to reader in exclusive mode.
# Default: false
@@ -92,6 +92,8 @@
reader_driver openct {
# virtual readers to allocate. default:5
readers = 5;
+ max_send_size = 256;
+ max_recv_size = 256;
};
# What card drivers to load at start-up
@@ -144,6 +146,7 @@
# oberthur Oberthur AuthentIC.v2/CosmopolIC.v4
# belpic Belpic cards
# emv EMV compatible cards
+ # piv U.S. NIST 800-73-1 PIV
# Generic format: card_atr <hex encoded ATR (case-sensitive!)>
@@ -219,7 +222,6 @@
# card_atr 3B:7D:96:00:00:80:31:80:65:B0:83:11:00:AC:83:00:90:00 {
# name = "PIV-II";
# driver = "piv";
- # pkcs15emu = "PIV-II";
# }
# Estonian ID card and Micardo driver currently play together with T=0
@@ -270,7 +272,7 @@
# Default: yes
# enable_builtin_emulation = yes;
# list of the builtin pkcs15 emulators to test
- builtin_emulators = esteid, openpgp, tcos, starcert, infocamere, postecert, actalis, atrust-acos, gemsafe, tccardos;
+ builtin_emulators = esteid, openpgp, tcos, starcert, infocamere, postecert, actalis, atrust-acos, gemsafe, tccardos, PIV-II;
# additional settings per driver
#
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
