On Mon, May 21, 2012 at 1:22 PM, Nguyễn Hồng Quân <quanngu...@mbm.vn> wrote:
> Hi Viktor, > > > On 05/21/2012 05:10 PM, Viktor Tarasov wrote: > > > > 2: The current driver emulates SELECT and READ BINARY APDUs >> > by reading from the corresponding Data Objects. I believe this >> > was done in order to emulate a (read only) PKCS#15 file layout. >> > If that was true - is there any hope to extend this emulation? >> Yes, but it seems that this emulated file layout does not match the >> PKCS#15 very well, leading to the problem which I described in this >> topic >> http://www.opensc-project.org/pipermail/opensc-devel/2012-May/018018.html > > > Card specific emulator do not emulates the file system but exposes the > pkcs15 objects with their attributes. > These attributes genarally contain some 'path'. > This 'path' can-be/is treated by the card specific libopensc driver. > > I think this is right for pkcs15 binding in libopensc folder, but not for > pkcs15init binding in pkcs15init folder. > > For example, here is how I expose the certificate object, located at path > "3F007F21", to pkcs15: > > sc_format_path("3F007F21", &cert_info.path); > strlcpy(cert_obj.label, "Cardholder certificate", > sizeof(cert_obj.label)); > > r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info); > > However, when come to pkcs15init, the path is read from the > pkcs15.profile, then openpgp.profile, and it is "3F0050157F21" instead > "3F007F21" (the additional 5015 comes from pkcs15.profile). I have not > found a way to intervene the path reading to change "3F0050157F21" to > "3F007F21" (what the lower driver needs) yet. > 5015 comes from your pkcs15init profile https://github.com/hongquan/OpenSC-OpenPGP/commit/9b2ea7689b461c31b7ffda736d2c9dc332491562#L1R59 where your crypto objects are put inside the 'DF PKCS15-AppDF'. Path for this DF is not defined in openpgp profile, so, it takes it from the upper profile -- pkcs15.profile. https://github.com/hongquan/OpenSC-OpenPGP/blob/openpgp/src/pkcs15init/pkcs15.profile#L135 Never tried it myself, but you can try the openpgp profile without 'PKCS15-AppDF'. Beside the absence of pkcs15init support, afais, > the openpgp libopensc driver have no support for any operation > that could change the card's content: write, update, delete, generate, > import, ... > > At low level, the OpenPG card uses PUT DATA command instead of UPDATE > BINARY to write content. I implemented that put_data function for OpenPGP > driver in my github repository ( > https://github.com/hongquan/OpenSC-OpenPGP/commits/openpgp). > If you are going to use the common pkcs15 and pkcs15init framework , you have to fill at least the 'write' hadle with the meanigfull actions . https://github.com/hongquan/OpenSC-OpenPGP/blob/openpgp/src/libopensc/card-openpgp.c#L827 Inside this handle the 'PUT DATA' or else can be used -- it's doesn't matter. -- > Regards, > Quân > > Kind regards, Viktor.
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel