Hi! I have ported the nPA Smart Card Library [1] to OpenSC [0]. This includes support for the German electronic identity card (nPA) with secure messaging. The nPA can be used with the npa-tool, which currently uses gengetopt and help2man. It allows PIN management and Extended Access Control version 2, for example. For the cryptographic operations OpenPACE (a patched version of OpenSSL [2]) is used.
In the bigger picture, the generic ISO 7816 SM driver could be very useful. It handles only the ISO 7816 encoding while the actual cryptographic operations are realized with call back functions. This could be suitable for many other cards [3]. The usage of the ISO SM driver is as follows: 1. The card driver includes iso-sm.h and initializes the card with: card->sm_ctx.ops.get_sm_apdu = iso_get_sm_apdu; card->sm_ctx.ops.free_sm_apdu = iso_free_sm_apdu; 2. When a secure messaging channel is established, then the card driver initializes card->sm_ctx.info.session.generic with a struct iso_sm_ctx*. It contains multiple call back functions and an arbitrary pointer (void *) to some cryptographic session object of the card. The nPA, for example, holds the OpenSSL key objects and send sequence counter here. Note that from the existing SM framework, my approach essentially uses only the callbacks get_sm_apdu/free_sm_apdu. The rest is the card specific session information stored in card->sm_ctx.info.session.generic. I think the session information should also be put into the card drivers context for the existing SM implementations (epass2003, iasecc, authentic). Furthermore, to reduce code duplication I suggest to adopt the ISO SM implementation where possible. My pull request also includes some minor bug fixes for libopensc. [0] https://github.com/OpenSC/OpenSC/pull/83 [1] http://vsmartcard.sourceforge.net/npa/README.html [2] http://openpace.sourceforge.net [3] http://www.opensc-project.org/pipermail/opensc-devel/2012-June/018203.html -- Frank Morgner Virtual Smart Card Architecture http://vsmartcard.sourceforge.net OpenPACE http://openpace.sourceforge.net IFD Handler for libnfc Devices http://sourceforge.net/projects/ifdnfc
pgpHECTQF4geC.pgp
Description: PGP signature
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
