On 13.11.2009, at 17:52, Mats Andersson wrote:
> In apdu.c, isn’t it more accurate to use card->max_send_size to chunk packets
> when doing chaining?
> 546c546
> < if (len > card->max_send_size) {
> ---
> > if (len > 255) {
> 553c553
> < plen = card->max_send_size;
> ---
> > plen = 255;
Please send unified diffs (diff -u)
> Related to this, it might be useful to be able to set the max_send_size of a
> card/driver in the config.
It would be a bug in the card driver if it is required but not set by the
driver, wouldn't it?
> I saw one of the comments in card-incrypto34.c; “andreas says: hm, my card
> only works for small payloads”. I don’t have one of those cards, however, I
> have another (unrelated?) java-card which happens to have an applet which
> accepts the exact same APDUs for set_security_env/ restore_security_env. It
> also happens that this card only works with max_send_size == 128 together
> with SC_APDU_FLAGS_CHAINING when for example doing decipher (with the patch
> above applied). It might be something to look into if there are issues with
> this driver?
What applet is it? Is it supported by some OpenSC card driver or emulation code?
> Yet another smallish note, in framework-pkcs15.c:831 and forward. I’m not
> entirely sure of what the hack is supposed to do (the name onepin suggests
> using only one/the first PIN?). Anyway, if there are indeed one
> SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN flagged pin and it comes BEFORE the
> “normal” pin (the order is of course “random” in the sense that it depends on
> how the auth contents was written), the hack_enabled wont work since
> auth_count == 1 and continue will just exit the for-loop in that case.
It is an ugly hack that is somewhat required for at least some EU eID cards and
Firefox/NSS, which just don't play together nicely if the PKCS#11 module
exports all pins and keys on the card. So it also depends on the emulated
format, which sets the authentication key to be the first in the layout.
It could be improved of course, as well as Firefox could be patched :)
Thanks,
--
Martin Paljak
http://martin.paljak.pri.ee
+372.515.6495
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
