Re: [opensc-devel] Re: opensc / openct

Nils Larsch Sun, 25 Mar 2007 05:05:04 -0800

eugene wrote:

Nils Larsch wrote:
may I ask what the current status of your patches is
(we are planning a new release _very_ soon).
Hello.
I'm sorry for delay. Patches were made and tested by me long ago but Ihavn't got any answers from hardware producers yet.
GZipped opensc patch is attached, openct patch stays without changes.


some first comments:

please don't use c++ / c99 style comments and use " /* ... */ " instead
(some old compilers don't like them).

diff -urNp ./opensc-0.11.1/src/libopensc/cardctl.h 
./new/opensc-0.11.1/src/libopensc/cardctl.h
--- ./opensc-0.11.1/src/libopensc/cardctl.h     2006-01-23 23:51:28.000000000 
+0200
+++ ./new/opensc-0.11.1/src/libopensc/cardctl.h 2006-12-28 18:03:30.000000000 
+0200
@@ -121,7 +121,22 @@ enum {
        SC_CARDCTL_INCRYPTO34_PUT_DATA_SECI,
        SC_CARDCTL_INCRYPTO34_GENERATE_KEY,
        SC_CARDCTL_INCRYPTO34_CHANGE_KEY_DATA,
-       SC_CARDCTL_INCRYPTO34_ERASE_FILES
+       SC_CARDCTL_INCRYPTO34_ERASE_FILES,
+                               
+       /*
+       *  ruToken spcific calls
+       */
+       SC_CARDCTL_RUTOKEN_BASE = _CTL_PREFIX('R', 'T', 'K'),
+       //  PUT_DATA
+       PD_P2_CREATE_DO,
+       PD_P2_CHANGE_DO,
+       PD_P2_GENERATE_KEY_DO,
...

please add a "SC_CARDCTL_" prefix to ctl types and add a "SC_" prefix
to all other new defines (cardctl.h is an exported header file => don't
pollute the namespace ;-) ).

+typedef unsigned short word;
+typedef unsigned int dword;

is this _really_ necessary ?

diff -urNp ./opensc-0.11.1/src/libopensc/card-rutoken.c 
./new/opensc-0.11.1/src/libopensc/card-rutoken.c
--- ./opensc-0.11.1/src/libopensc/card-rutoken.c        1970-01-01 
03:00:00.000000000 +0300
+++ ./new/opensc-0.11.1/src/libopensc/card-rutoken.c    2007-03-02 
20:20:00.000000000 +0200
...
+#ifdef HAVE_OPENSSL
+#define GETBN(bn)      ((bn)->len? BN_bin2bn((bn)->data, (bn)->len, NULL) : 
NULL)
+static int extract_key(sc_card_t *card, sc_path_t *path, EVP_PKEY **pk)
+{
+       struct sc_pkcs15_prkey  *key = NULL;
+       int             r;
+
+       r = rutoken_read_prkey(card, path, &key);
+
+       if (r < 0)
+               return r;
+
+       *pk = EVP_PKEY_new();

EVP_PKEY_new() can fail !

+       switch (key->algorithm)
+       {
+       case SC_ALGORITHM_RSA:
+               {
+                       RSA     *rsa = RSA_new();
+                       
+                       EVP_PKEY_set1_RSA(*pk, rsa);
+                       rsa->n = GETBN(&key->u.rsa.modulus);
+                       rsa->e = GETBN(&key->u.rsa.exponent);
+                       rsa->d = GETBN(&key->u.rsa.d);
+                       rsa->p = GETBN(&key->u.rsa.p);
+                       rsa->q = GETBN(&key->u.rsa.q);

memory leak. EVP_PKEY_set1_RSA() increases the ref count of the
RSA object => you must call RSA_free() at the end of this block.
Furthermore it would be good to check if all BN_bin2bn where
successful.

+               }
+               break;
+       default:
+               r = SC_ERROR_NOT_SUPPORTED;
+       }
+       
+       if (r < 0)
+               EVP_PKEY_free(*pk);
+       if(key) sc_pkcs15_free_prkey(key);
+       return r;
+}
...
+static struct sc_card_driver * sc_get_driver(void)
+{
+       if (iso_ops == NULL)
+               iso_ops = sc_get_iso7816_driver()->ops;
+       rutoken_ops = *iso_ops;
+
+       rutoken_ops.match_card = rutoken_match_card;
+       rutoken_ops.init = rutoken_init;
+       rutoken_ops.finish = rutoken_finish;
+       rutoken_ops.check_sw = rutoken_check_sw;
+       rutoken_ops.select_file = rutoken_select_file;
+       rutoken_ops.create_file = rutoken_create_file;
+       rutoken_ops.delete_file = rutoken_delete_file;
+       rutoken_ops.list_files = rutoken_list_files;
+       rutoken_ops.card_ctl = rutoken_card_ctl;
+       //rutoken_ops.verify = rutoken_verify;
+       
+       #ifdef HAVE_OPENSSL
+       rutoken_ops.decipher = rutoken_decipher_rsa;
+       rutoken_ops.compute_signature = rutoken_compute_signature;

#else
rutoken_ops.decipher = NULL;
rutoken_ops.compute_signature = NULL;

+       #endif
+       rutoken_ops.set_security_env = rutoken_set_security_env;
+       rutoken_ops.restore_security_env = rutoken_restore_security_env;
+       rutoken_ops.logout  = rutoken_logout;
+       
+       rutoken_ops.read_record = NULL;
+       rutoken_ops.write_record = NULL;
+       rutoken_ops.append_record = NULL;
+       rutoken_ops.update_record = NULL;
+       rutoken_ops.write_binary = NULL;
+       
+       return &rutoken_drv;
+}

diff -urNp ./opensc-0.11.1/src/libopensc/pkcs15-cert.c 
./new/opensc-0.11.1/src/libopensc/pkcs15-cert.c
--- ./opensc-0.11.1/src/libopensc/pkcs15-cert.c 2006-05-01 13:06:30.000000000 
+0300
+++ ./new/opensc-0.11.1/src/libopensc/pkcs15-cert.c     2007-01-30 
21:39:03.000000000 +0200
@@ -118,6 +118,15 @@ int sc_pkcs15_read_certificate(struct sc
                r = sc_pkcs15_read_file(p15card, &info->path, &data, &len, 
NULL);
                if (r)
                        return r;
+               //  ruToken has 'extended' certificates format
+               if (len && data && !strcmp(p15card->card->name, "rutoken card"))
+               {
+                       u8 *buf = malloc(len);
+                       len -=2;
+                       memcpy(buf, data + 2, len);
+                       free(data);
+                       data = buf;
+               }
        } else {
                sc_pkcs15_der_t copy;

what was the "extended certificate format" again ?

Nils
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Re: opensc / openct

Reply via email to