Hello,
On Dec 30, 2010, at 4:40 PM, webmas...@opensc-project.org wrote:
> Revision: 5006
> Author: vtarasov
> Date: 2010-12-30 14:40:28 +0000 (Thu, 30 Dec 2010)
>
> Log Message:
> -----------
> 'AuthentIC': basic support of Oberthur's 'COSMO.v7/AuthentIC.v3.2' ...
>
> it's the natively PKCS#15 card
>
> Modified Paths:
> --------------
> trunk/src/libopensc/Makefile.am
> trunk/src/libopensc/Makefile.mak
> trunk/src/libopensc/cardctl.h
> trunk/src/libopensc/cards.h
> trunk/src/libopensc/ctx.c
> trunk/src/pkcs15init/Makefile.am
> trunk/src/pkcs15init/Makefile.mak
> trunk/src/pkcs15init/pkcs15-init.h
> trunk/src/pkcs15init/pkcs15-lib.c
> trunk/win32/opensc-msi/OpenSC.wxs
>
> Added Paths:
> -----------
> trunk/src/libopensc/authentic.h
>
> Added: trunk/src/libopensc/authentic.h
> ===================================================================
> --- trunk/src/libopensc/authentic.h (rev 0)
> +++ trunk/src/libopensc/authentic.h 2010-12-30 14:40:28 UTC (rev 5006)
>
> +#define AUTHENTIC_V3_TITLE "AuthentIC.v3"
> +
> +#define PAN_ISO7812_SN_TAG 0x5A
> +#define PAN_ISO7812_LENGTH 0x0C
These are not used anywhere?
> +
> +#ifndef CKM_RSA_PKCS
> + #define CKM_RSA_PKCS 0x00000001
> + #define CKM_SHA1_RSA_PKCS 0x00000006
> + #define CKM_SHA256_RSA_PKCS 0x00000040
> + #define CKM_SHA_1 0x00000220
> + #define CKM_SHA256 0x00000250
> +#endif
Why not include src/pkcs11/pkcs11.h ?
> +#define AUTHENTIC_SDO_MAGIC_UPDATE _MAKE_AUTHENTIC_MAGIC('A', 'W',
> 'U', 'D')
> +#define AUTHENTIC_SDO_MAGIC_UPDATE_RSA _MAKE_AUTHENTIC_MAGIC('A', 'W',
> 'U', 'R')
These seem to be unused as well?
> +#define AUTHENTIC_MECH_CREDENTIAL_PIN 0x00
> +#define AUTHENTIC_MECH_CREDENTIAL_BIO 0x01
> +#define AUTHENTIC_MECH_CREDENTIAL_DES 0x02
> +#define AUTHENTIC_MECH_CREDENTIAL_2DES 0x03
> +#define AUTHENTIC_MECH_CREDENTIAL_3DES 0x04
> +#define AUTHENTIC_MECH_CREDENTIAL_AES128 0x05
> +#define AUTHENTIC_MECH_CREDENTIAL_AES192 0x06
> +#define AUTHENTIC_MECH_CREDENTIAL_AES256 0x07
> +
> +#define AUTHENTIC_MECH_CRYPTO_DES 0x02
> +#define AUTHENTIC_MECH_CRYPTO_2DES 0x03
> +#define AUTHENTIC_MECH_CRYPTO_3DES 0x04
> +#define AUTHENTIC_MECH_CRYPTO_AES128 0x05
> +#define AUTHENTIC_MECH_CRYPTO_AES192 0x06
> +#define AUTHENTIC_MECH_CRYPTO_AES256 0x07
Seem to be unused?
> +#define AUTHENTIC_ACL_NUM_PIN_VERIFY 0
> +#define AUTHENTIC_ACL_NUM_PIN_RESET 1
> +#define AUTHENTIC_ACL_NUM_PIN_CHANGE 2
> +#define AUTHENTIC_ACL_NUM_PIN_MODIFY 3
> +#define AUTHENTIC_ACL_NUM_PIN_DELETE 4
Only AUTHENTIC_ACL_NUM_PIN_RESET is used?
> +struct sc_authentic_tlv {
> + unsigned tag;
> + size_t size;
> + unsigned char *value;
> +};
TLV handling should be implemented somewhere centrally.
Mental note: locate the different incarnations of tlv objects and code in
OpenSC/src.
Could you add some comments to the structures? Without having documentation
around, it is really hard to understand what exactly should "sdo_docp" refer to?
> +struct sc_authentic_sdo {
> + unsigned char sdo_class;
> + unsigned char sdo_ref;
> +
> + unsigned int usage;
> +
> + struct sc_authentic_sdo_docp docp;
> +
> + union {
> + struct sc_pkcs15_prkey *prvkey;
> + } data;
This will hold plaintext RSA private key parameters. Why? When importing a
private key, the key object should already come from pkcs15-init (or
equivalent)?
> +
> + struct sc_file *file;
> +
> + unsigned magic;
> +};
Do we really need magic numbers for internally created and in-memory only
objects?
This relates to the similar assert-s in src/libopensc which IMHO are 99.9%
redundant. Compilers and the warning they give should be used for checking
programming errors and memory corruption and such should be checked and fought
against on the OS layer.
Also, why are there authentic_pkcs15_fix* functions in pkcs15-authentic.c? Why
the caller or the driver can't do the "right" think from the start?
--
@MartinPaljak.net
+3725156495
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
