Re: [opensc-devel] Do not hardcode 3F005015

2006-09-14 Thread Chaskiel M Grundman 



-   sc_format_path("3F005015", &p15card->file_app->path);
+   /* use the path found in EF(DIR) */
+   if (card->app_count > 0)
+   p15card->file_app->path = card->app[0]->path;
+   else
+   sc_format_path("3F005015", &p15card->file_app->path);



The code immediately below replaces p15card->file_app->path if 
sc_find_pkcs15_app finds a compatible app. If that's not happening, then 
you need to check/update the apps array in dir.c to make sure it includes 
the oid of your app.


It seems like a bad idea to blindly use the first app listed in EF(DIR)


___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] do not always fail when SC_ERROR_SECURITY_STATUS_NOT_SATISFIED?

2006-09-14 Thread Ludovic Rousseau 

Hello,

My PKCS#15 card has some DF protected by a PIN. So when
__sc_pkcs15_search_objects() try to read them the card sends a
SC_ERROR_SECURITY_STATUS_NOT_SATISFIED.

The problem is that this happens in the C_Initialize() so very early
in the process and the PIN has no chance to be submitted at this step.

What would be the cleanest way to solve this?

I have a patch but it may have severe side effects.
--- libopensc/pkcs15.c  (révision 3011)
+++ libopensc/pkcs15.c  (copie de travail)
@@ -799,7 +803,11 @@ __sc_pkcs15_search_objects(sc_pkcs15_car
   /* Enumerate the DF's, so p15card->obj_list is
* populated. */
   r = sc_pkcs15_parse_df(p15card, df);
-   SC_TEST_RET(p15card->card->ctx, r, "DF parsing failed");
+   /* The DF is here but we can't read it yet */
+   if (r != SC_ERROR_SECURITY_STATUS_NOT_SATISFIED)
+   SC_TEST_RET(p15card->card->ctx, r, "DF parsing failed")
+   else
+   sc_do_log(p15card->card->ctx, SC_LOG_TYPE_ERROR, __FILE__, __LINE__,
 __FUNCTION__, "%s: %s\n", "DF parsing failed", sc_strerror(r)); \
   df->enumerated = 1;
   }


I can now have:
$ ./tools/pkcs11-tool -I --login --pin 123456 -L --module
./pkcs11/.libs/opensc-pkcs11.so
iso7816.c:99:iso7816_check_sw: Security status not satisfied
iso7816.c:129:iso7816_read_binary: returning with: Security status not satisfied
card.c:429:sc_read_binary: returning with: Security status not satisfied
card.c:414:sc_read_binary: sc_read_binary() failed: Security status
not satisfied
pkcs15.c:810:__sc_pkcs15_search_objects: DF parsing failed: Security
status not satisfied
iso7816.c:99:iso7816_check_sw: Security status not satisfied
iso7816.c:129:iso7816_read_binary: returning with: Security status not satisfied
card.c:429:sc_read_binary: returning with: Security status not satisfied
card.c:414:sc_read_binary: sc_read_binary() failed: Security status
not satisfied
pkcs15.c:810:__sc_pkcs15_search_objects: DF parsing failed: Security
status not satisfied
Cryptoki version 2.11
Manufacturer OpenSC (www.opensc-project.org)
Library  smart card PKCS#11 API (ver 1.0)
Available slots:
Slot 0   Gemplus GemPC Twin 00 00
 token label:   xx (User PIN)
 token manuf:   
 token model:   PKCS #15 SCard
 token flags:   login required, PIN initialized, token initialized
 serial num  :  0040031D006A
Slot 1   (empty)
Slot 2   (empty)
Slot 3   (empty)
Slot 4   (empty)
Slot 5   (empty)
Slot 6   (empty)
Slot 7   (empty)


--
 Dr. Ludovic Rousseau
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] Do not hardcode 3F005015

2006-09-14 Thread Ludovic Rousseau 

Hello,

I am trying to use a PKCS#15 using OpenSC and I discovered that OpenSC
hardcodes "3F005015" in src/libopensc/pkcs15.c.
Unfortunately my card uses "3F005000" instead.

This path is available in EF(DIR) and is already parsed by OpenSC so
why not use it?
The patch is really simple (maybe too simple) and I ask for comments.

--- src/libopensc/pkcs15.c  (révision 3011)
+++ src/libopensc/pkcs15.c  (copie de travail)
@@ -510,7 +510,11 @@ static int sc_pkcs15_bind_internal(sc_pk
   err = SC_ERROR_OUT_OF_MEMORY;
   goto end;
   }
-   sc_format_path("3F005015", &p15card->file_app->path);
+   /* use the path found in EF(DIR) */
+   if (card->app_count > 0)
+   p15card->file_app->path = card->app[0]->path;
+   else
+   sc_format_path("3F005015", &p15card->file_app->path);
   if (card->app_count > 0) {
   const sc_app_info_t *info;

OpenSC still does not work but at least the execution fails later in
the code. Expect some other patches soon :-)

Bye,

--
 Dr. Ludovic Rousseau
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel