Hello Andre, On 15.01.2011 00:40, Andre Zepezauer wrote: > Hello Viktor, > > even not completed yet it's quite obvious what you want achieve with > r5092 [1]. Its purpose is the selection of specific algorithms for the > cryptographic operations sign and decipher. Tag 0x80 in the data field > of MSE command and specific to each private key. ?? 'specific to each private key'
The main purpose of this patch is to transfer the algorithm infos as they are defined in EF.tokenInfo into the card driver. > That intention is novel of cause, because it's an enabler for cards with > mixed key sets. In example RSA, ECC, GOST (3DES and AES) on a single > card without heavy workarounds in the drivers itself. That's possible > because selection of algorithms is done in a common place namely > pkcs15-sec.c controlled by some PKCS#15 data structures. Probably you have a reason, but for a while I prefer to implement PSO operations in the card driver. When it will be more or less functional, it'll be easier to transfer some operations to the common level. I will look more attentively, but for a moment I do not see where and how, using the the common procedures, I can set multiples CRTs in SE. > It should be noted that the right mechanisms are in place since nine > years now [2] and that a completely working patch was presented some > months ago [3]. That patch was fully PKCS#15 conform and capable of > serving all drivers at once. In example the iso7816 driver was instantly > passing tag 0x80 to the card without any modifications to the driver > itself. Ok, sorry if I missed your patch. I will roll back the mine and try your patch with my cards. > So, my solution was presented for public review [3]. Please do the same > and provide a similar patch [4]. And keep in mind that it is of general > interest because lots of drivers can take advantage of it. I don't think that my little patch, applied to the current trunk, needed some deep review. It uses the actually unused member of sc_security_env data and do not effects the other cards. Let's say, it gives the 'temporary solution' and changes nothing in the necessity to consider and apply your patch. > Regards > Andre Kind wishes, Viktor. > [1] http://www.opensc-project.org/opensc/changeset/5092 > [2] > http://www.opensc-project.org/opensc/browser/trunk/src/libopensc/iso7816.c?rev=177#L566 > [3] > http://www.opensc-project.org/pipermail/opensc-devel/2010-August/014618.html > [4] http://www.opensc-project.org/opensc/wiki/DevelopmentPolicy#Mailinglist > > -- Viktor Tarasov <viktor.tara...@opentrust.com> _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
