Re: [opensc-devel] Ticket #189 - Problems with opensc-pkcs11.so
Am Freitag 26 Juni 2009 19:45:35 schrieb Boarman, Christopher L:
> Andreas,
>
> I'll understand if you don't have time to help me look at this problem. You
> mentioned that you wrote a program to decode the bytes that are downloaded
> by the piv code and I was wondering maybe you could send me your decoder
> code so I can try to further investigate the issues I am seeing.
ah, sorry, I was waiting for Douglas too, as I don't know much about
the details of piv cards.
I extracted the hexdumps from the dowload with cut and paste.
I removed the last two bytes of each section (60 00 = more bytes
to follow, 90 00 = final ok, everything worked well). then I
used some vi regex replace to bring everything into 0xNN, 0xNN, 0xNN ...
format, so I could use it in C code. the whole code is attached.
good luck!
Regards, Andreas
#include
#include
#include
#include
#include
#include
#include
#include
unsigned char data[] = {
0x1F, 0x8B, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0xFF, 0x33, 0x68, 0xE2, 0x8A, 0x33, 0x68, 0xE2, 0x74, 0x5B, 0xC0, 0xCC, 0xC4, 0xC8, 0xC4,
0xC4, 0x55, 0xB2, 0xF0, 0x84, 0x25, 0x03, 0x10, 0x30, 0xCE, 0x37, 0xE0, 0x65, 0xE3, 0xD4, 0x6A,
0xF3, 0x68, 0xFB, 0xCE, 0xCB, 0xC8, 0xC8, 0xCA, 0xCA, 0x60, 0xD0, 0xB8, 0xDF, 0x90, 0xDB, 0x80,
0x93, 0x8D, 0x39, 0x94, 0x85, 0x4D, 0x98, 0x29, 0x34, 0xD8, 0x50, 0xD0, 0x80, 0x1F, 0xC4, 0xE1,
0x10, 0xE6, 0x70, 0xCE, 0xCF, 0xC9, 0x2F, 0x4A, 0x4C, 0xC9, 0x37, 0xE4, 0x07, 0xEA, 0x01, 0x0A,
0xB1, 0x0B, 0xB3, 0xB9, 0xA4, 0xE6, 0x95, 0xA5, 0x16, 0x19, 0xAA, 0x18, 0x28, 0x81, 0x04, 0xB8,
0x84, 0xA5, 0x7D, 0xF2, 0x93, 0xB3, 0x33, 0x52, 0x53, 0x53, 0x14, 0x7C, 0x13, 0x8B, 0x4A, 0x32,
0xF3, 0x14, 0x9C, 0xF3, 0x8B, 0x0A, 0x80, 0x9A, 0x4A, 0x32, 0xF3, 0xF3, 0x0C, 0xD5, 0x0D, 0x54,
0x41, 0xAA, 0xB8, 0x85, 0xE5, 0x42, 0x5C, 0x83, 0x43, 0x14, 0x9C, 0x53, 0x81, 0x2A, 0xD2, 0x32,
0x93, 0xC1, 0x92, 0x0A, 0x8E, 0xA5, 0x25, 0x19, 0xF9, 0x45, 0x99, 0x25, 0x99, 0xA9, 0xC5, 0x86,
0xB6, 0x06, 0xD6, 0x20, 0x85, 0xCC, 0xC2, 0x26, 0xE8, 0xC6, 0x85, 0x06, 0x2B, 0x38, 0x7A, 0x2A,
0x04, 0x87, 0x7B, 0xE2, 0xD2, 0x5E, 0xA9, 0x6B, 0x68, 0x20, 0x27, 0xCE, 0x6B, 0x60, 0x69, 0x60,
0x6A, 0x68, 0x68, 0x68, 0x61, 0x64, 0x6E, 0x6C, 0x1A, 0x25, 0xCE, 0x6B, 0x68, 0x04, 0xE4, 0x1A,
0x40, 0xB9, 0x06, 0x8D, 0xF3, 0x0D, 0x85, 0x0D, 0x04, 0xD9, 0xB8, 0x38, 0x27, 0xA9, 0x75, 0x4E,
0xFE, 0xA4, 0x93, 0xC2, 0x28, 0x29, 0xC6, 0x9C, 0x9C, 0x9F, 0x6B, 0x28, 0x62, 0x20, 0x84, 0x22,
0xC8, 0x92, 0x93, 0x9B, 0x9C, 0x6F, 0x28, 0x66, 0x20, 0x82, 0x22, 0xCA, 0x56, 0x5A, 0x5C, 0x92,
0x5A, 0x5C, 0x62, 0x28, 0x6E, 0x20, 0x8A, 0x22, 0xCE, 0x9E, 0x0C, 0x95, 0xE0, 0x31, 0xE0, 0x82,
0x78, 0x93, 0xD9, 0xD5, 0x33, 0xD8, 0x50, 0xD2, 0x40, 0x1C, 0xC2, 0x13, 0x08, 0x4E, 0x2D, 0x2A,
0xCB, 0x4C, 0x4E, 0x55, 0x70, 0x4C, 0x4E, 0xCE, 0x2F, 0xCD, 0x2B, 0x29, 0x36, 0x94, 0x30, 0x10,
0x83, 0x78, 0x93, 0x3F, 0x27, 0x33, 0xAF, 0xB4, 0xA2, 0x38, 0x59, 0x01, 0xAA, 0xC4, 0xA0, 0x89,
0x51, 0x09, 0x39, 0x5A, 0x18, 0x59, 0x19, 0x98, 0x9B, 0x18, 0xF9, 0x19, 0x80, 0xE2, 0x5C, 0x4C,
0x4D, 0x8C, 0x8C, 0x0C, 0xFB, 0xCF, 0xAE, 0x8D, 0x89, 0x7E, 0x26, 0xC4, 0x90, 0x3D, 0xDF, 0xFA,
0xEF, 0xA2, 0x27, 0x6F, 0x44, 0xAE, 0x4A, 0xD5, 0x5C, 0x3C, 0x1C, 0x6E, 0x15, 0x9C, 0xF9, 0xFE,
0xF9, 0xDD, 0xF9, 0x37, 0x3F, 0xDF, 0x71, 0xCC, 0x39, 0xD8, 0x2C, 0xAF, 0xF6, 0x47, 0xCE, 0x49,
0xE5, 0xCF, 0x9E, 0x56, 0x0E, 0xD9, 0xE5, 0x72, 0xAF, 0xFC, 0x59, 0x25, 0xB5, 0xDE, 0x76, 0xCE,
0x36, 0x3B, 0xE8, 0xA6, 0xC7, 0x67, 0xBD, 0xE7, 0x63, 0x4A, 0x46, 0xD6, 0xB3, 0x1A, 0xB9, 0xC7,
0xB6, 0xB9, 0xD7, 0x02, 0x5D, 0xDF, 0xCD, 0x9E, 0xEB, 0xE9, 0xEA, 0x11, 0xBC, 0xAA, 0xF0, 0xE9,
0x32, 0xE1, 0x69, 0x2B, 0xDC, 0x5F, 0x6F, 0x73, 0x58, 0xB9, 0x49, 0xAD, 0xFC, 0xD8, 0x6D, 0xEF,
0x53, 0xC7, 0x77, 0x5D, 0x5C, 0x34, 0xFF, 0xA5, 0xE4, 0x7B, 0xED, 0xEF, 0x36, 0xC7, 0x7C, 0xFE,
0xAA, 0x6E, 0xD9, 0xF9, 0x5E, 0x67, 0x6E, 0x87, 0x46, 0x76, 0xAE, 0x41, 0x44, 0x84, 0x9C, 0xF7,
0xD6, 0x25, 0xA1, 0xCD, 0xAD, 0x29, 0x7A, 0xED, 0xE7, 0x84, 0x2F, 0x5F, 0x5D, 0x12, 0xE8, 0x92,
0xA3, 0x95, 0x50, 0x96, 0xF8, 0xD4, 0xF3, 0xD7, 0xE5, 0xAE, 0xF6, 0xBA, 0x8F, 0xA2, 0xD3, 0x66,
0x1F, 0x7E, 0x2E, 0xB9, 0x8A, 0x8D, 0xBD, 0x72, 0xC2, 0x93, 0xCD, 0xFB, 0xF9, 0xD6, 0x4A, 0x04,
0x46, 0x9D, 0x11, 0x5F, 0xFC, 0x41, 0xC6, 0x24, 0xF5, 0x67, 0x48, 0xDF, 0xED, 0x52, 0x0E, 0xF9,
0x63, 0x5A, 0x6B, 0xF8, 0xE6, 0xEC, 0x99, 0xBD, 0xE8, 0xA7, 0xE2, 0x97, 0x5F, 0xA7, 0x03, 0x9C,
0xA6, 0x9A, 0x4D, 0x90, 0xF9, 0xB6, 0x69, 0xFA, 0xA9, 0x05, 0xCC, 0x5F, 0xBC, 0x15, 0x8F, 0x1D,
0xBF, 0xE8, 0x76, 0xFD, 0xE4, 0xA4, 0x22, 0x8F, 0x29, 0x6B, 0xCF, 0x6D, 0x2A, 0x17, 0x33, 0xE2,
0xE6, 0xDC, 0x95, 0xB7, 0xBA, 0xD1, 0xDD, 0x24, 0x7F, 0xC3, 0x35, 0xEF, 0xDA, 0xF0, 0x45, 0xB3,
0x7E, 0xBC, 0x0A, 0x64, 0x62, 0x66, 0x64, 0x60, 0x5C, 0xDC, 0xC4, 0x56, 0x61, 0xD0, 0xC4, 0x56,
0x62, 0x20, 0x0B, 0x0C, 0x45, 0x59, 0x3E, 0x16, 0x31, 0x16, 0x91, 0x09, 0x9B, 0xBB, 0xCE, 0xF9,
0x9C, 0xB8, 0x72, 0xCF, 0x39, 0xE5, 0xEA, 0xEF, 0x8A, 0x0B, 0xFE, 0x1B, 0x82, 0x78, 0xFB, 0x9F,
0x1B, 0xC8, 0x83, 0xA4, 0x95, 0x59, 0x80, 0xA1, 0xDD, 0x20, 0xB2, 0x75, 0x81, 0xC
Re: [opensc-devel] Ticket #189 - Problems with opensc-pkcs11.so
Andreas, I'll understand if you don't have time to help me look at this problem. You mentioned that you wrote a program to decode the bytes that are downloaded by the piv code and I was wondering maybe you could send me your decoder code so I can try to further investigate the issues I am seeing. -Original Message- From: Boarman, Christopher L Sent: Wednesday, June 24, 2009 8:20 PM To: Andreas Jellinghaus; Douglas E. Engert Cc: opensc-devel@lists.opensc-project.org Subject: RE: [opensc-devel] Ticket #189 - Problems with opensc-pkcs11.so Andreas, I added a 1000 byte buffer to the MAXLEN on the X.509 certs and that seemed to temporarily resolve that issue but there were other errors that I am seeing as well. There appear to be 2 categories of these errors: 1.) No cert found: [opensc-pkcs11] pkcs15.c:1672:sc_pkcs15_read_file: called, path=0102cece, index=0, count=-1 [opensc-pkcs11] card.c:285:sc_lock: called [opensc-pkcs11] card.c:532:sc_select_file: called; type=2, path=0102cece [opensc-pkcs11] card-piv.c:1620:piv_select_file: called [opensc-pkcs11] card-piv.c:1591:piv_find_obj_by_containerid: called [opensc-pkcs11] card-piv.c:1592:piv_find_obj_by_containerid: str=0x0102 [opensc-pkcs11] card-piv.c:1597:piv_find_obj_by_containerid: returning with: 8 [opensc-pkcs11] card-piv.c:1677:piv_select_file: returning with: 0 [opensc-pkcs11] card.c:554:sc_select_file: returning with: 0 [opensc-pkcs11] card.c:399:sc_read_binary: called; 3308 bytes at index 0 [opensc-pkcs11] card-piv.c:857:piv_read_binary: called [opensc-pkcs11] card-piv.c:631:piv_get_data: called [opensc-pkcs11] card-piv.c:632:piv_get_data: get_data: tag=8 [opensc-pkcs11] card-piv.c:299:piv_general_io: called [opensc-pkcs11] card-piv.c:303:piv_general_io: piv_general_io cb 3f ff 5 : 255 256 [ opensc-pkcs11] card.c:285:sc_lock: called [opensc-pkcs11] card-piv.c:334:piv_general_io: calling sc_transmit_apdu flags=1 le=256, resplen=2, resp=0xbfe30b8c [opensc-pkcs11] apdu.c:516:sc_transmit_apdu: called [opensc-pkcs11] card.c:285:sc_lock: called [opensc-pkcs11] apdu.c:184:sc_apdu_log: Outgoing APDU data [ 11 bytes] = 00 CB 3F FF 05 5C 03 5F C1 0B 00 ..?..\._... == [opensc-pkcs11] reader-pcsc.c:161:pcsc_internal_transmit: called [opensc-pkcs11] apdu.c:184:sc_apdu_log: Incoming APDU data [ 10 bytes] = 53 06 70 00 71 00 FE 00 90 00 S.p.q. == [opensc-pkcs11] card.c:312:sc_unlock: called [opensc-pkcs11] card-piv.c:341:piv_general_io: DEE r=0 apdu.resplen=8 sw1=90 sw2=00 [opensc-pkcs11] card-piv.c:378:piv_general_io: DEE got buffer 0x84cbab0 len 8 [opensc-pkcs11] card.c:312:sc_unlock: called [opensc-pkcs11] card-piv.c:397:piv_general_io: returning with: 8 [opensc-pkcs11] card-piv.c:735:piv_get_data: returning with: 8 [opensc-pkcs11] card-piv.c:888:piv_read_binary: DEE rbuf=0x84cbab0,rbuflen=8, [opensc-pkcs11] card-piv.c:764:piv_handle_certificate_data: returning with: Object not found [opensc-pkcs11] card-piv.c:936:piv_read_binary: returning with: Object not found [opensc-pkcs11] card.c:430:sc_read_binary: returning with: Object not found [opensc-pkcs11] card.c:312:sc_unlock: called [opensc-pkcs11] pkcs15-piv.c:323:sc_pkcs15emu_piv_init: No cert found,i=2 2.) Public key not found [opensc-pkcs11] pkcs15-piv.c:391:sc_pkcs15emu_piv_init: PIV-II adding pub keys... [opensc-pkcs11] pkcs15-piv.c:420:sc_pkcs15emu_piv_init: No cert for this pub key i=2 [opensc-pkcs11] pkcs15-pubkey.c:387:sc_pkcs15_read_pubkey: called [opensc-pkcs11] pkcs15.c:1672:sc_pkcs15_read_file: called, path=9d06, index=0, count=-1 [opensc-pkcs11] card.c:285:sc_lock: called [opensc-pkcs11] card.c:532:sc_select_file: called; type=2, path=9d06 [opensc-pkcs11] card-piv.c:1620:piv_select_file: called [opensc-pkcs11] card-piv.c:1591:piv_find_obj_by_containerid: called [opensc-pkcs11] card-piv.c:1592:piv_find_obj_by_containerid: str=0x9D06 [opensc-pkcs11] card-piv.c:1597:piv_find_obj_by_containerid: returning with: 14 [opensc-pkcs11] card-piv.c:1677:piv_select_file: returning with: 0 [opensc-pkcs11] card.c:554:sc_select_file: returning with: 0 [opensc-pkcs11] card.c:399:sc_read_binary: called; 2048 bytes at index 0 [opensc-pkcs11] card-piv.c:857:piv_read_binary: called [opensc-pkcs11] card-piv.c:631:piv_get_data: called [opensc-pkcs11] card-piv.c:632:piv_get_data: get_data: tag=14 [opensc-pkcs11] card-piv.c:735:piv_get_data: returning with: File not found [opensc-pkcs11] card-piv.c:936:piv_read_binary: returning with: File not found [opensc-pkcs11] card.c:430:sc_read_binary: returning with: File not found [opensc-pkcs11] card.c:312:sc_unlock: called [opensc-pkcs11] pkcs15-pubkey.c:404:sc_pkcs15_read_pubkey: Failed to read public key file. What do you think is contributing to these errors? I have attached a new debug fi
[opensc-devel] Fix: "rutoken" and "emv" detection
Hello,
FIX: sc_get_rutoken_driver above EMV because the detection gets caught
there first.
Patch for trunk revision 3698 is in attachment. Could you please add it?
Thanks
diff -u -r opensc-trunk-r3698/src/libopensc/ctx.c
new/opensc-trunk-r3698/src/libopensc/ctx.c
--- opensc-trunk-r3698/src/libopensc/ctx.c 2009-06-26 13:30:08.0
+0400
+++ new/opensc-trunk-r3698/src/libopensc/ctx.c 2009-06-26 17:42:22.0
+0400
@@ -73,6 +73,7 @@
{ "belpic", (void *(*)(void)) sc_get_belpic_driver },
{ "atrust-acos",(void *(*)(void)) sc_get_atrust_acos_driver },
{ "muscle", (void *(*)(void)) sc_get_muscle_driver }, /* Above EMV
because the detection gets caught there first */
+ { "rutoken",(void *(*)(void)) sc_get_rutoken_driver }, /* Above EMV
because the detection gets caught there first */
{ "emv",(void *(*)(void)) sc_get_emv_driver },
{ "incrypto34", (void *(*)(void)) sc_get_incrypto34_driver },
#ifdef ENABLE_OPENSSL
@@ -83,7 +84,6 @@
#ifdef ENABLE_OPENSSL
{ "entersafe",(void *(*)(void)) sc_get_entersafe_driver },
#endif
- { "rutoken",(void *(*)(void)) sc_get_rutoken_driver },
{ "rutoken_ecp",(void *(*)(void)) sc_get_rtecp_driver },
/* The default driver should be last, as it handles all the
* unrecognized cards. */
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] iso7816.c:set_security_env:OPERATION_DECIPHER
Ludovic Rousseau:
2009/6/23 Andreas Jellinghaus :
maybe we can obsolete some of those card specific implementations,
if the only difference was this value?
Maybe. I had a look at card-setcos.c and the two
iso7816_set_security_env() functions are very similar. And they are
even more similar with the patch applied.
Any volunteer?
Patch for card-rtecp.c is attached. Could you please add it?
Thanks
diff -u -r opensc-trunk-r3698/src/libopensc/card-rtecp.c
new/opensc-trunk-r3698/src/libopensc/card-rtecp.c
--- opensc-trunk-r3698/src/libopensc/card-rtecp.c 2009-06-26
13:30:08.0 +0400
+++ new/opensc-trunk-r3698/src/libopensc/card-rtecp.c 2009-06-26
16:46:55.0 +0400
@@ -250,23 +250,18 @@
switch (in_path->type)
{
case SC_PATH_TYPE_FILE_ID:
- apdu.p1 = 0;
if (pathlen != 2)
SC_FUNC_RETURN(card->ctx, 1,
SC_ERROR_INVALID_ARGUMENTS);
break;
case SC_PATH_TYPE_PATH:
- apdu.p1 = 0x08;
if (pathlen >= 2 && memcmp(path, "\x3F\x00", 2) == 0)
{
if (pathlen == 2)
- {
- /* only 3F00 supplied */
- apdu.p1 = 0;
- break;
- }
+ break; /* only 3F00 supplied */
path += 2;
pathlen -= 2;
}
+ apdu.p1 = 0x08;
break;
case SC_PATH_TYPE_DF_NAME:
case SC_PATH_TYPE_FROM_CURRENT:
@@ -286,11 +281,8 @@
apdu.le = sizeof(buf) - 2;
}
else
- {
- apdu.resplen = 0;
- apdu.le = 0;
apdu.cse = SC_APDU_CASE_3_SHORT;
- }
+
r = sc_transmit_apdu(card, &apdu);
SC_TEST_RET(card->ctx, r, "APDU transmit failed");
if (file_out == NULL)
@@ -383,49 +375,6 @@
SC_FUNC_RETURN(card->ctx, 2, r);
}
-static int rtecp_set_security_env(sc_card_t *card, const sc_security_env_t
*env,
- int se_num)
-{
- sc_apdu_t apdu;
- u8 buf[8], tmp, *p = buf;
- int r;
-
- (void)se_num; /* no warning */
- assert(card && card->ctx && env);
- sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x22, 0x41, 0);
- switch (env->operation)
- {
- case SC_SEC_OPERATION_DECIPHER:
- apdu.p2 = 0xB8;
- break;
- case SC_SEC_OPERATION_SIGN:
- apdu.p2 = 0xB6;
- break;
- default:
- SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS);
- }
- if (env->flags & SC_SEC_ENV_ALG_REF_PRESENT)
- {
- tmp = env->algorithm_ref & 0xFF;
- sc_asn1_put_tag(0x80, &tmp, sizeof(tmp), p, sizeof(buf) - (p -
buf), &p);
- }
- if (env->flags & SC_SEC_ENV_FILE_REF_PRESENT && card->ctx->debug >= 4)
- sc_debug(card->ctx, "%s\n", "SC_SEC_ENV_FILE_REF_PRESENT not
supported");
- if (env->flags & SC_SEC_ENV_KEY_REF_PRESENT)
- sc_asn1_put_tag(env->flags & SC_SEC_ENV_KEY_REF_ASYMMETRIC ?
0x83 : 0x84,
- env->key_ref, env->key_ref_len,
- p, sizeof(buf) - (p - buf), &p);
-
- apdu.lc = p - buf;
- apdu.data = buf;
- apdu.datalen = p - buf;
-
- r = sc_transmit_apdu(card, &apdu);
- SC_TEST_RET(card->ctx, r, "APDU transmit failed");
- r = sc_check_sw(card, apdu.sw1, apdu.sw2);
- SC_FUNC_RETURN(card->ctx, 2, r);
-}
-
static int rtecp_rsa_cipher(sc_card_t *card, const u8 *data, size_t data_len,
u8 *out, size_t out_len, int sign)
{
@@ -828,7 +777,7 @@
rtecp_ops.verify = rtecp_verify;
rtecp_ops.logout = rtecp_logout;
/* restore_security_env */
- rtecp_ops.set_security_env = rtecp_set_security_env;
+ /* set_security_env */
rtecp_ops.decipher = rtecp_decipher;
rtecp_ops.compute_signature = rtecp_compute_signature;
rtecp_ops.change_reference_data = rtecp_change_reference_data;
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] iso7816.c:set_security_env:OPERATION_DECIPHER
Hello,
Ludovic Rousseau:
maybe we can obsolete some of those card specific implementations,
if the only difference was this value?
Maybe. I had a look at card-setcos.c and the two
iso7816_set_security_env() functions are very similar. And they are
even more similar with the patch applied.
Any volunteer?
Patch for card-gemsafeV1.c is in attachment, but unfortunately I can't
test it. I don't have this device.
Thanks
diff -u -r opensc-trunk-r3698/src/libopensc/card-gemsafeV1.c
new/opensc-trunk-r3698/src/libopensc/card-gemsafeV1.c
--- opensc-trunk-r3698/src/libopensc/card-gemsafeV1.c 2008-09-10
17:50:39.0 +0400
+++ new/opensc-trunk-r3698/src/libopensc/card-gemsafeV1.c 2009-06-26
16:02:48.0 +0400
@@ -380,61 +380,25 @@
const struct sc_security_env *env,
int se_num)
{
- int r;
- struct sc_apdu apdu;
- u8 sbuf[SC_MAX_APDU_BUFFER_SIZE], *p = sbuf;
- u8 alg_ref = 0;
+ u8 alg_ref;
+ struct sc_security_env se_env = *env;
struct sc_context *ctx = card->ctx;
SC_FUNC_CALLED(ctx, 1);
- sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x22, 0x41, 0);
- switch (env->operation) {
- case SC_SEC_OPERATION_DECIPHER:
- apdu.p2 = 0xB8;
- break;
- case SC_SEC_OPERATION_SIGN:
- apdu.p2 = 0xB6;
- break;
- default:
- return SC_ERROR_INVALID_ARGUMENTS;
- }
- apdu.le = 0;
-
- /* first step: set the algorithm reference */
- if (env->flags & SC_SEC_ENV_ALG_REF_PRESENT)
- alg_ref = env->algorithm_ref & 0xFF;
- else
- alg_ref = gemsafe_flags2algref(env);
- if (alg_ref) {
- /* set the algorithm reference */
- *p++ = 0x80;
- *p++ = 0x01;
- *p++ = alg_ref;
- } else
- sc_debug(ctx, "unknown algorithm flags '%x'\n",
env->algorithm_flags);
- /* second step: set the key reference */
- if (env->flags & SC_SEC_ENV_KEY_REF_PRESENT) {
- /* set the key reference */
- if (env->flags & SC_SEC_ENV_KEY_REF_ASYMMETRIC)
- *p++ = 0x83;
- else
- *p++ = 0x84;
- *p++ = env->key_ref_len;
- memcpy(p, env->key_ref, env->key_ref_len);
- p += env->key_ref_len;
+ if (!(se_env.flags & SC_SEC_ENV_ALG_REF_PRESENT)) {
+ /* set the algorithm reference */
+ alg_ref = gemsafe_flags2algref(&se_env);
+ if (alg_ref) {
+ se_env.algorithm_ref = alg_ref;
+ se_env.flags |= SC_SEC_ENV_ALG_REF_PRESENT;
+ }
}
+ if (!(se_env.flags & SC_SEC_ENV_ALG_REF_PRESENT))
+ sc_debug(ctx, "unknown algorithm flags '%x'\n",
se_env.algorithm_flags);
-
- r = p - sbuf;
- apdu.lc = r;
- apdu.datalen = r;
- apdu.data = sbuf;
- apdu.resplen = 0;
-
- r = sc_transmit_apdu(card, &apdu);
- SC_TEST_RET(card->ctx, r, "APDU transmit failed");
- return sc_check_sw(card, apdu.sw1, apdu.sw2);
+ se_env.flags &= ~SC_SEC_ENV_FILE_REF_PRESENT;
+ return iso_ops->set_security_env(card, &se_env, se_num);
}
static int gemsafe_compute_signature(struct sc_card *card, const u8 * data,
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] OpenSC SCA and PKCS#11
On 11 jun 2009, at 00.18, Peter Stuge wrote: > The canonical way of using opensc-pkcs11.so is to dlopen() it, I > don't think direct linking of the .so will work so well. > > Maybe you can use pkcs11-helper or libp11 as your PKCS#11 access > method? Or just dlopen() the .so. yes, we've changed our code to use dlopen() now; http://trac.opendnssec.org/browser/trunk/libhsm . thanks! jakob ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
