I would to propose two sets of changes to the
./etc/opensc.conf.in file.

The first cleans up some PIV issues:

  adding  # piv to the list of supported internal driver names,

  removing the # pkcs15emu = "PIV-II"; comment line,

  adding the PIV-II to to the list of the builtin pkcs15
  emulators to test.


The second deals with the use of the max_send_size
and max_recv_size parameters, especially important if
you are trying to to use more then one type of card on the
same system.

  opensc.conf sets these to 252 for the pcsc reader_driver,
  but not any of the other reader_drivers.

  The default is set in ctx.c from SC_APDU_CHOP_SIZE as 248.
  (Is this some old holder over from some earlier readers?)

  The values set for the reader then applies to *all* cards
  that might be used on the system. card.c copies it to
  card->max_send_size = reader->driver->max_send_size;

  Many card card drivers will set their own limits
     and change card->max_*_size if the max_*_size is
     greater then the card can handle:
         card-staros.c  128
         card-atrust-acos.c 128
         pkcs15-gemsafe.c 248
         card-minicos 244
         card-gpk.c    multiple of 8
         card-piv.c    needs 256 before doing i/o but 0xffff during emulation.
         card-muscle   1024*64  but also has a MSC_MAX_SEND = 255
                       and MSC_MAX_APDU = 256.

The consistent thing to do would be to have the default set to
256, and comment out the max_*_sizes in opensc.conf
as all newer readers can handle this, as far as I know.
Then let each card driver reset it if it is larger then the
card can handle as most today today. A user with an older reader
could still set it lower in opensc.conf.

--

 Douglas E. Engert  <[EMAIL PROTECTED]>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439
 (630) 252-5444
Index: opensc.conf.in
===================================================================
--- opensc.conf.in	(revision 3121)
+++ opensc.conf.in	(working copy)
@@ -68,8 +68,8 @@
 		# Some IFD handlers do not properly handle APDUs with
 		# large lc or le bytes.
 		#
-		max_send_size = 252;
-		max_recv_size = 252;
+		max_send_size = 256;
+		max_recv_size = 256;
 		#
 		# Connect to reader in exclusive mode.
 		# Default: false
@@ -92,6 +92,8 @@
 	reader_driver openct {
 		# virtual readers to allocate. default:5
 		readers = 5;
+		max_send_size = 256;
+		max_recv_size = 256;	
 	};
 
 	# What card drivers to load at start-up
@@ -144,6 +146,7 @@
 	#  oberthur         Oberthur AuthentIC.v2/CosmopolIC.v4
 	#  belpic           Belpic cards
 	#  emv              EMV compatible cards
+	#  piv              U.S. NIST 800-73-1 PIV        
 
 	# Generic format: card_atr <hex encoded ATR (case-sensitive!)>
 
@@ -219,7 +222,6 @@
 	# card_atr 3B:7D:96:00:00:80:31:80:65:B0:83:11:00:AC:83:00:90:00 {
 		# name = "PIV-II";
 	 	# driver = "piv";
-		# pkcs15emu = "PIV-II";
 	# }
 
 	# Estonian ID card and Micardo driver currently play together with T=0
@@ -270,7 +272,7 @@
 		# Default: yes
 		# enable_builtin_emulation = yes;
 		# list of the builtin pkcs15 emulators to test
-		builtin_emulators = esteid, openpgp, tcos, starcert, infocamere, postecert, actalis, atrust-acos, gemsafe, tccardos;
+		builtin_emulators = esteid, openpgp, tcos, starcert, infocamere, postecert, actalis, atrust-acos, gemsafe, tccardos, PIV-II;
 
 		# additional settings per driver
 		#
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to