On 11/29/2010 4:36 AM, Aleksey Samsonov wrote: > Hello Douglas, > > 2010/11/23 Douglas E. Engert<deeng...@anl.gov>: >> I would especially like the GOSTR maintainers to look at this closely, as >> many >> of the flag tests and if statements where modified to support EC and >> hopefully >> make it easier to add algorithms in the future. > > There have compile error at libopensc/pkcs15-piv.c (see "struct > pubdata_st" and "static const pubdata pubkeys[PIV_NUM_CERTS_AND_KEYS] > =") > > After fix it, I have fail in my tests with GOSTR (PKCS#11 C_Sign). > Unfortunately, I don't have logs now.
One thing to look at: In pkcs15-sec.c in sc_pkcs15_compute_signature in the old code there is no mention of GOSTR3410, so I assumed it was RSA only. The old code had: - alg_info = sc_card_find_rsa_alg(p15card->card, prkey->modulus_length); - if (alg_info == NULL) { - sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Card does not support RSA with key length %d\n", prkey->modulus_length); - return SC_ERROR_NOT_SUPPORTED; - senv.algorithm = SC_ALGORITHM_RSA; If you card could support both RSA and GOSTR3410 (and card-rtecp.c supports both with keylength = 256) it might have passed the old test, and ignored the fact that senv.algorithm = SC_ALGORITHM_RSA. The new code does a switch(obj->type) and I only added RSA and EC. So adding something like: + case SC_PKCS15_TYPE_PRKEY_GOSTR3410: + modlen = prkey->modulus_length / 8; + alg_info = sc_card_find_gostr3410_alg(p15card->card, prkey->modulus_length); (A sc_card_find_gostr3410_alg routine is needed for this to work.) + + if (alg_info == NULL) { + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Card does not support GOSTR3410 key length %d\n", prkey->modulus_length); + return SC_ERROR_NOT_SUPPORTED; + } + senv.flags |= SC_SEC_ENV_ALG_PRESENT; + senv.algorithm = SC_ALGORITHM_RGOST3410; + break; > > I need a few days for detail review. > Thanks! > > -- Douglas E. Engert <deeng...@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel