Mats Andersson wrote: > Hi, > > No problem, I only tested PIV “read-only” which works,
So you have a PIV card? Great! With your patch there might be issues when using a 2K RSA key. With 1K keys, a 128 byte signature is sent to the card. With a 2K key, 256 byte + some extra stuff is sent to the card, and would thus be chained. > I didn’t see the > assert()’s in iso7816_write/update_binary(), though I can’t see why they > are there? (can’t find anything in 7816-4 about that?). Also, the > problem with the current code is that the chaining size is hard-coded to > 255 (which is of course working with PIV, but not with some other cards :-). Understood. > > I’ll look into the specs a bit more and propose a new patch. The patch I sent to have the PIV card reset the send_*_size should also work, as the first thing the card-iv.c does is save the original size so it can be reset before adpu operation. > > Cheers, > > /Mats > > On 12/18/09 5:00 PM, "Andreas Jellinghaus" <a...@dungeon.inka.de> wrote: > > ok, so the change fixes one card and breaks another. > > lets get back to this issue next year, once we are > all back from vacation. > > merry xmas and happy new years :) > > Regards, Andreas > > Am Freitag 18 Dezember 2009 16:53:51 schrieb Douglas E. Engert: > > This patch may break the PIV card, because it changed the > > line 1792: card->max_send_size = 0xffff; > > > > > > The PIV card does not directly support read/write binary, > > but get/put_data commands which transfer the whole object > > using adpu chaining using 255 and 256. Its not using extended > > apdu either. > > > > To emulate the read/write binary it sets the card_max_* sizes > > to 0xffff to allow the caller to read/write the whole object > > rather then 255 byte chunks or records. > > > > So the max_*_size values are used in two different ways, > > for read/write and for apdu lengths. > > > > Since there is no "close" command there is no way to know when > > the last write_binary is done. Using the 0xffff a write is done > > all in one operation. > > > > The attached patch might work, would would needs to be tested. > > (I am on vacation starting today till after the first, so this > > is not a good time to make a change.) > > > > The piv_general_io routine that does the sc_transmit_apdu > > is also used for a number of other operations, so a lot of testing > > will be needed. > > Scanned by Check Point Total Security Gateway. > -- Douglas E. Engert <deeng...@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
