eugene wrote:
Nils Larsch wrote:
may I ask what the current status of your patches is
(we are planning a new release _very_ soon).
Hello.
I'm sorry for delay. Patches were made and tested by me long ago but I
havn't got any answers from hardware producers yet.
GZipped opensc patch is attached, openct patch stays without changes.
some first comments:
please don't use c++ / c99 style comments and use " /* ... */ " instead
(some old compilers don't like them).
diff -urNp ./opensc-0.11.1/src/libopensc/cardctl.h
./new/opensc-0.11.1/src/libopensc/cardctl.h
--- ./opensc-0.11.1/src/libopensc/cardctl.h 2006-01-23 23:51:28.000000000
+0200
+++ ./new/opensc-0.11.1/src/libopensc/cardctl.h 2006-12-28 18:03:30.000000000
+0200
@@ -121,7 +121,22 @@ enum {
SC_CARDCTL_INCRYPTO34_PUT_DATA_SECI,
SC_CARDCTL_INCRYPTO34_GENERATE_KEY,
SC_CARDCTL_INCRYPTO34_CHANGE_KEY_DATA,
- SC_CARDCTL_INCRYPTO34_ERASE_FILES
+ SC_CARDCTL_INCRYPTO34_ERASE_FILES,
+
+ /*
+ * ruToken spcific calls
+ */
+ SC_CARDCTL_RUTOKEN_BASE = _CTL_PREFIX('R', 'T', 'K'),
+ // PUT_DATA
+ PD_P2_CREATE_DO,
+ PD_P2_CHANGE_DO,
+ PD_P2_GENERATE_KEY_DO,
...
please add a "SC_CARDCTL_" prefix to ctl types and add a "SC_" prefix
to all other new defines (cardctl.h is an exported header file => don't
pollute the namespace ;-) ).
+typedef unsigned short word;
+typedef unsigned int dword;
is this _really_ necessary ?
diff -urNp ./opensc-0.11.1/src/libopensc/card-rutoken.c
./new/opensc-0.11.1/src/libopensc/card-rutoken.c
--- ./opensc-0.11.1/src/libopensc/card-rutoken.c 1970-01-01
03:00:00.000000000 +0300
+++ ./new/opensc-0.11.1/src/libopensc/card-rutoken.c 2007-03-02
20:20:00.000000000 +0200
...
+#ifdef HAVE_OPENSSL
+#define GETBN(bn) ((bn)->len? BN_bin2bn((bn)->data, (bn)->len, NULL) :
NULL)
+static int extract_key(sc_card_t *card, sc_path_t *path, EVP_PKEY **pk)
+{
+ struct sc_pkcs15_prkey *key = NULL;
+ int r;
+
+ r = rutoken_read_prkey(card, path, &key);
+
+ if (r < 0)
+ return r;
+
+ *pk = EVP_PKEY_new();
EVP_PKEY_new() can fail !
+ switch (key->algorithm)
+ {
+ case SC_ALGORITHM_RSA:
+ {
+ RSA *rsa = RSA_new();
+
+ EVP_PKEY_set1_RSA(*pk, rsa);
+ rsa->n = GETBN(&key->u.rsa.modulus);
+ rsa->e = GETBN(&key->u.rsa.exponent);
+ rsa->d = GETBN(&key->u.rsa.d);
+ rsa->p = GETBN(&key->u.rsa.p);
+ rsa->q = GETBN(&key->u.rsa.q);
memory leak. EVP_PKEY_set1_RSA() increases the ref count of the
RSA object => you must call RSA_free() at the end of this block.
Furthermore it would be good to check if all BN_bin2bn where
successful.
+ }
+ break;
+ default:
+ r = SC_ERROR_NOT_SUPPORTED;
+ }
+
+ if (r < 0)
+ EVP_PKEY_free(*pk);
+ if(key) sc_pkcs15_free_prkey(key);
+ return r;
+}
...
+static struct sc_card_driver * sc_get_driver(void)
+{
+ if (iso_ops == NULL)
+ iso_ops = sc_get_iso7816_driver()->ops;
+ rutoken_ops = *iso_ops;
+
+ rutoken_ops.match_card = rutoken_match_card;
+ rutoken_ops.init = rutoken_init;
+ rutoken_ops.finish = rutoken_finish;
+ rutoken_ops.check_sw = rutoken_check_sw;
+ rutoken_ops.select_file = rutoken_select_file;
+ rutoken_ops.create_file = rutoken_create_file;
+ rutoken_ops.delete_file = rutoken_delete_file;
+ rutoken_ops.list_files = rutoken_list_files;
+ rutoken_ops.card_ctl = rutoken_card_ctl;
+ //rutoken_ops.verify = rutoken_verify;
+
+ #ifdef HAVE_OPENSSL
+ rutoken_ops.decipher = rutoken_decipher_rsa;
+ rutoken_ops.compute_signature = rutoken_compute_signature;
#else
rutoken_ops.decipher = NULL;
rutoken_ops.compute_signature = NULL;
+ #endif
+ rutoken_ops.set_security_env = rutoken_set_security_env;
+ rutoken_ops.restore_security_env = rutoken_restore_security_env;
+ rutoken_ops.logout = rutoken_logout;
+
+ rutoken_ops.read_record = NULL;
+ rutoken_ops.write_record = NULL;
+ rutoken_ops.append_record = NULL;
+ rutoken_ops.update_record = NULL;
+ rutoken_ops.write_binary = NULL;
+
+ return &rutoken_drv;
+}
diff -urNp ./opensc-0.11.1/src/libopensc/pkcs15-cert.c
./new/opensc-0.11.1/src/libopensc/pkcs15-cert.c
--- ./opensc-0.11.1/src/libopensc/pkcs15-cert.c 2006-05-01 13:06:30.000000000
+0300
+++ ./new/opensc-0.11.1/src/libopensc/pkcs15-cert.c 2007-01-30
21:39:03.000000000 +0200
@@ -118,6 +118,15 @@ int sc_pkcs15_read_certificate(struct sc
r = sc_pkcs15_read_file(p15card, &info->path, &data, &len,
NULL);
if (r)
return r;
+ // ruToken has 'extended' certificates format
+ if (len && data && !strcmp(p15card->card->name, "rutoken card"))
+ {
+ u8 *buf = malloc(len);
+ len -=2;
+ memcpy(buf, data + 2, len);
+ free(data);
+ data = buf;
+ }
} else {
sc_pkcs15_der_t copy;
what was the "extended certificate format" again ?
Nils
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel