On 12/15/2011 4:47 AM, Viktor Tarasov wrote: > Le 15/12/2011 09:21, Viktor Tarasov a écrit : >> Hello Douglas, >> >> >> Le 14/12/2011 23:11, Douglas E. Engert a écrit : >>> >>> On 12/14/2011 2:14 PM, Douglas E. Engert wrote: >>>> >>>> I am able to use the: >>>> https://www.opensc-project.org/codereview/ >>>> and login with the Google account from work. >>>> Then find the changes from 12/8, which include Viktor's SM code that has >>>> my ECDH >>>> code included: >>>> >>>> git clone -b staging >>>> https://myuse...@www.opensc-project.org/codereview/p/OpenSC some_dir >>>> and >>>> git fetch https://myuse...@www.opensc-project.org/codereview/p/OpenSC >>>> refs/changes/10/210/1 >>>> >>>> Am testing it right now. There are some issues with the sc_app_info being >>>> null. >>>> Hope to have a patch later today. >>> >>> Attached is a patch to Viktor's code as found on Gerrit I258bde6a. I added >>> a review >>> to this but being new to Gerrit, I was not sure how to add the patch, of if >>> Viktor >>> should add it, or if this is the right change to start with. >>> >>> I needed this patch to allow the PIV card with RSA to work with this code >>> base. >>> it would not work with PKCS#11 as the framework->bind was not being called. >>> After fixing that, there were a number of places where a NULL appl_info >>> would cause a segfault. There may be other places too. >>> >>> I expect other cards that do not have an application to also fail. >>> >>> I started with this base because it has my ECDH code included, that I still >>> need to test. >> >> >> Ok, thanks. >> I will look, test and apply it into SM branch. > > https://github.com/viktorTarasov/OpenSC/commit/4352d9aed483010762c575b8bf09ae3023cb1b72 > https://github.com/viktorTarasov/OpenSC/commit/4a6e0d779578d009ebac7d3246a9a3a8e37eab14 > > By the way, IMHO, the PIN flags of the PIV PKCS#15 emulated card should be > reconsidered. > I would suggest to: > - add 'INITIALIZED' flag; > - remove 'LOCAL' (look "ISO 7816-15 8.9.2 Password attributes"). As for me, > every PIN without path has to be the 'global' one.
The newer cards may have a "Discovery Object" that can specify if the Global PIN and/or the PIV card application PIN can be used, and which one the card holder prefers. NIST 800-73-3 Part 1 Section 3.2.6. The default if no Discovery object is found is LOCAL. What I should do is turn off the LOCAL bit, if the Discovery object says the Global PIN can be used. I already change the label, in pkcs15-piv.c if the Discovery object says use the Global PIN. I will add the INITIALIZED flag. NIST has looked at PIV vs PKCS15/ISO 7816-15 cards in 2006, but has not done anything about it: http://csrc.nist.gov/publications/nistir/ir7284/nistir-7284.pdf > > Kind regards, > Viktor. > > > -- Douglas E. Engert <deeng...@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
