El dom, 15-05-2011 a las 14:02 +0200, Viktor TARASOV escribió:
> Hello,
>
> Le 15/05/2011 02:47, Juan Antonio Martinez a écrit :
> > I'm unsure about status of last svn changes (r5443,r5442,r5441,r5439,
> > and r5438) that introduces 'remote data' handling headers and SM related
> > error codes.
> 'Remote data' is for the communication with the external SM modules.
> It's hardly concerns the dnie card.
Well, pin change and cert renewal are operations that require a remote
SM session. At current dnie stage it's not supported but I expect some
day to do.
[...]
> The SM error codes are stable. You can freely use them and add your own ones.
OK. Let me propose several additional defines
> > BTW: there are some SM related APDU responses that aren't included
> > in iso7816.c file. I can provide you proper patch to add them.
> Yes, some code are missing, your proper patch are heartily welcome .
Attached comes my proposed patch.
- Add sw12 response 6688 "Cryptographic checksum invalid"
- Defines some SC_ERROR_SM_xx error codes
- Changes sw12 6987 and 6988 error codes to SM related ones
[...]
> > Provide functions for start/stop/testAndSet SM
> New card member 'SM context' will be added to sc_card structure.
> There will be the placeholder for the SM related card/exrternal-module
> handlers, session data, etc.
> Every one will find the possibility to implement what he looks for
> -- integrated or external SM handlers, 'transmit' or/and 'acl' modes, CWA or
> GP protocols, ...
OK. I missunderstood meaning of SM context :-(
> > do not wrap/unwrap at do_single_transmit(), but at sc_transmit_apdu() level,
> > by providing an extra wrap/unwrap card operation.
> Personally I do not see big difference where to insert the call for the
> card specific SM encoder handler -- in do_sigle_transmit() or in
> sc_transmit_apdu() .
> There already was discussion on this subject and I do not get the answers on
> the last questions.
>
> For me the common procedure contains already the code to manage 61xx, 6Cxx,
> chaining.
> If the apdu is deviated to the 'SM wrapping' in sc_transmit_apdu(), it means
> that
> all this has to be repeated in the card specific part.
Perhaps you're right: as DNIe uses ENVELOPE apdu instead of apdu
chaining, I had to manually split & send enveloped apdu... so no need
to call sc_transmit_apdu(), as their main issue is apdu chaining...
Oh...wait a moment... I can see in sc_transmit_apdu() a lock/unlock pair
to take care on...
[...]
OK. Fine for me. I'll adapt OpenDNIe code to keep in sync with changes
Thanks for the work
Juan Antonio
Index: /home/jantonio/work/dnie/opensc/src/libopensc/errors.c
===================================================================
--- /home/jantonio/work/dnie/opensc/src/libopensc/errors.c (revisión: 5445)
+++ /home/jantonio/work/dnie/opensc/src/libopensc/errors.c (copia de trabajo)
@@ -130,7 +130,9 @@
"Cannot authenticate card",
"Random generation error",
"Secure messaging keyset not found",
- "IFD data missing"
+ "IFD data missing",
+ "Missing SM Data object",
+ "Invalid SM Data object"
};
Index: /home/jantonio/work/dnie/opensc/src/libopensc/iso7816.c
===================================================================
--- /home/jantonio/work/dnie/opensc/src/libopensc/iso7816.c (revisión: 5445)
+++ /home/jantonio/work/dnie/opensc/src/libopensc/iso7816.c (copia de trabajo)
@@ -41,6 +41,8 @@
{ 0x6581, SC_ERROR_MEMORY_FAILURE, "Memory failure" },
+ { 0x6688, SC_ERROR_SM_ENCRYPT_FAILED, "Verification of cryptographic checksum failed" },
+
{ 0x6700, SC_ERROR_WRONG_LENGTH, "Wrong length" },
{ 0x6800, SC_ERROR_NO_CARD_SUPPORT, "Functions in CLA not supported" },
@@ -54,8 +56,8 @@
{ 0x6984, SC_ERROR_CARD_CMD_FAILED, "Referenced data invalidated" },
{ 0x6985, SC_ERROR_NOT_ALLOWED, "Conditions of use not satisfied" },
{ 0x6986, SC_ERROR_NOT_ALLOWED, "Command not allowed (no current EF)" },
- { 0x6987, SC_ERROR_INCORRECT_PARAMETERS,"Expected SM data objects missing" },
- { 0x6988, SC_ERROR_INCORRECT_PARAMETERS,"SM data objects incorrect" },
+ { 0x6987, SC_ERROR_SM_DATA_OBJECT_MISSING, "Expected SM data objects missing" },
+ { 0x6988, SC_ERROR_SM_DATA_OBJECT_INVALID, "SM data objects incorrect" },
{ 0x6A00, SC_ERROR_INCORRECT_PARAMETERS,"Wrong parameter(s) P1-P2" },
{ 0x6A80, SC_ERROR_INCORRECT_PARAMETERS,"Incorrect parameters in the data field" },
Index: /home/jantonio/work/dnie/opensc/src/libopensc/errors.h
===================================================================
--- /home/jantonio/work/dnie/opensc/src/libopensc/errors.h (revisión: 5445)
+++ /home/jantonio/work/dnie/opensc/src/libopensc/errors.h (copia de trabajo)
@@ -119,6 +119,8 @@
#define SC_ERROR_SM_RAND_FAILED -1607
#define SC_ERROR_SM_KEYSET_NOT_FOUND -1608
#define SC_ERROR_SM_IFD_DATA_MISSING -1609
+#define SC_ERROR_SM_DATA_OBJECT_MISSING -1610
+#define SC_ERROR_SM_DATA_OBJECT_INVALID -1611
/* Errors that do not fit the categories above */
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
