Re: [opensc-devel] Cardmod: classic form for the container's ID

Mon, 14 Mar 2011 06:00:55 -0700 


On 3/13/2011 1:03 PM, Viktor TARASOV wrote:
> On 12.03.2011 20:40, Viktor TARASOV wrote:
>> Hi,
>>
>> For container's GUID I propose to adopt the classic serialized form 
>> (ex.{3F2504E0-4F89-11D3-9A0C-0305E82C3301})
>> used by Windows containers.
>>
>> In this patch there is also little simplification of the key research, and 
>> some minor remarks.
>
> Another item is about interpreting of the hash flags in CardSignData().
>
> Actually the CALG_* flags of aiHashAlg are directly translated into the 
> SC_ALGORITHM_RSA_HASH_* flags of the requested security operation .
> http://www.opensc-project.org/opensc/browser/trunk/src/cardmod/cardmod.c#L1134
>
> Afaiu it should not be like that.
> For the pkcs15 library the SC_ALGORITHM_RSA_HASH_* flags means that the hash 
> operation has to be performed by card (or by library) .
> As for minidriver, the hash is not calculated by minidriver but by the Base 
> CSP/KSP, and then passed to the CardSignData() as the data to be signed.
> The CALG_* flags of the aiHashALg means that the OID of the hash algorithm 
> has to be added to the data to be signed, as the part of padding.
>
> So, I propose the modified patch, where
> - CALG_* flags are not translated into the SC_ALGORITHM_RSA_HASH_* flags of 
> requested security operation;
> - digest info, derived from the CALG_* flag, is explicitly added to the data 
> to be signed.
>
> Tested with carmod + IAS/ECC .
>

I am on vacation, and can test the mod in a week. You may be correct.
The PIV card only supports RAW RSA, so this may not have been an issue.

>
>>
>>
>> Kind wishes,
>> Viktor.
>>
>>
>> _______________________________________________
>> opensc-devel mailing list
>> opensc-devel@lists.opensc-project.org
>> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>
>
>
> _______________________________________________
> opensc-devel mailing list
> opensc-devel@lists.opensc-project.org
> http://www.opensc-project.org/mailman/listinfo/opensc-devel

-- 

  Douglas E. Engert  <deeng...@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to