On 04.02.2011 18:20, Toni Sjöblom - Aventra wrote: > > Hi, > > I have created a very small patch for the MyEID card driver that adds the > appropriate flags when the card is initialized. > > Please review and comment or commit. This requires also the fix that Andre > presented a while ago (I also attached that). > > It also sets some values to the “new” supportedAlgorithms structure, but > these are currently not added to the tokenInfo. > > It was a little out of my knowledge how modify the encoding of the tokenInfo, > but maybe somebody else knows how it works. > > Maybe you Viktor can look at that, since you originally created the new > tokenInfo handling last year (maybe 7-8 months ago). >
> diff -Naur trunk/src/pkcs15init/pkcs15-myeid.c > trunk-aventra-init-fix/src/pkcs15init/pkcs15-myeid.c > --- trunk/src/pkcs15init/pkcs15-myeid.c 2011-02-02 21:00:38.000000000 > +0200 > +++ trunk-aventra-init-fix/src/pkcs15init/pkcs15-myeid.c 2011-02-02 > 21:06:14.000000000 +0200 > @@ -180,6 +180,19 @@ > if (file) > sc_file_free(file); > > + p15card->tokeninfo->flags = SC_PKCS15_TOKEN_PRN_GENERATION | > SC_PKCS15_TOKEN_EID_COMPLIANT; OK, I'll commit it. > + struct sc_supported_algo_info supported_algorithms; > + > + supported_algorithms.reference = 0; > + supported_algorithms.mechanism = 0; > + supported_algorithms.operations = SC_PKCS15_ALGO_OP_COMPUTE_SIGNATURE > + | SC_PKCS15_ALGO_OP_ENCIPHER > + | > SC_PKCS15_ALGO_OP_GENERATE_KEY; > + > + p15card->tokeninfo->supported_algos[0] = supported_algorithms; 1. Encoding of supportedAlgorithms is still to be implemented. 2. I do not sure that it's correct data for the algorithms supported by token. Afaik: - 'reference' is used only by PKCS#15 framework. So that you can choice any value you want, but, as for me, 'zero' value is not the best choice; - the value of 'mechanism' has to be one of the PKCS#11 mechanism. In your case it's the CKM_RSA_PKCS_KEY_PAIR_GEN. Is it really what you want? (TokenInfo.supportedAlgorithms in ch. 6.9 [2]); - the value of 'operations' should correspond to the value of 'mechanism'. Multiple (RSA) operations are supported only by two PKCS#11 mechanisms CKM_RSA_PKCS and CKM_RSA_X_509. The rest of the mechanisms can be used only by one operation. There is no PKCS#11 mechanism that can be used with 'SIGN' and 'GENERATE' operations. (Table 34 in [1]) ; - it's not mandatory but it's a 'good pkcs#15 style' to add the OID of the algorithm; - the real values of 'algRef' are not mandatory, but maybe it can be useful in a future. Actually, if you look into the 'myeid_set_security_env()' you will see the hard coded values of 'algRef' (algorithm_ref = 0xYY). Normally these values should be looked for in the token's 'supported_algorithm' data. Kind wishes, Viktor. [1] ftp://ftp.rsa.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf [2] ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-15/pkcs-15v1_1.pdf -- Viktor Tarasov <viktor.tara...@opentrust.com> _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
