Re: [opensc-devel] Ticket #189 - Problems with opensc-pkcs11.so
Am Freitag 26 Juni 2009 19:45:35 schrieb Boarman, Christopher L: > Andreas, > > I'll understand if you don't have time to help me look at this problem. You > mentioned that you wrote a program to decode the bytes that are downloaded > by the piv code and I was wondering maybe you could send me your decoder > code so I can try to further investigate the issues I am seeing. ah, sorry, I was waiting for Douglas too, as I don't know much about the details of piv cards. I extracted the hexdumps from the dowload with cut and paste. I removed the last two bytes of each section (60 00 = more bytes to follow, 90 00 = final ok, everything worked well). then I used some vi regex replace to bring everything into 0xNN, 0xNN, 0xNN ... format, so I could use it in C code. the whole code is attached. good luck! Regards, Andreas #include #include #include #include #include #include #include #include unsigned char data[] = { 0x1F, 0x8B, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0x33, 0x68, 0xE2, 0x8A, 0x33, 0x68, 0xE2, 0x74, 0x5B, 0xC0, 0xCC, 0xC4, 0xC8, 0xC4, 0xC4, 0x55, 0xB2, 0xF0, 0x84, 0x25, 0x03, 0x10, 0x30, 0xCE, 0x37, 0xE0, 0x65, 0xE3, 0xD4, 0x6A, 0xF3, 0x68, 0xFB, 0xCE, 0xCB, 0xC8, 0xC8, 0xCA, 0xCA, 0x60, 0xD0, 0xB8, 0xDF, 0x90, 0xDB, 0x80, 0x93, 0x8D, 0x39, 0x94, 0x85, 0x4D, 0x98, 0x29, 0x34, 0xD8, 0x50, 0xD0, 0x80, 0x1F, 0xC4, 0xE1, 0x10, 0xE6, 0x70, 0xCE, 0xCF, 0xC9, 0x2F, 0x4A, 0x4C, 0xC9, 0x37, 0xE4, 0x07, 0xEA, 0x01, 0x0A, 0xB1, 0x0B, 0xB3, 0xB9, 0xA4, 0xE6, 0x95, 0xA5, 0x16, 0x19, 0xAA, 0x18, 0x28, 0x81, 0x04, 0xB8, 0x84, 0xA5, 0x7D, 0xF2, 0x93, 0xB3, 0x33, 0x52, 0x53, 0x53, 0x14, 0x7C, 0x13, 0x8B, 0x4A, 0x32, 0xF3, 0x14, 0x9C, 0xF3, 0x8B, 0x0A, 0x80, 0x9A, 0x4A, 0x32, 0xF3, 0xF3, 0x0C, 0xD5, 0x0D, 0x54, 0x41, 0xAA, 0xB8, 0x85, 0xE5, 0x42, 0x5C, 0x83, 0x43, 0x14, 0x9C, 0x53, 0x81, 0x2A, 0xD2, 0x32, 0x93, 0xC1, 0x92, 0x0A, 0x8E, 0xA5, 0x25, 0x19, 0xF9, 0x45, 0x99, 0x25, 0x99, 0xA9, 0xC5, 0x86, 0xB6, 0x06, 0xD6, 0x20, 0x85, 0xCC, 0xC2, 0x26, 0xE8, 0xC6, 0x85, 0x06, 0x2B, 0x38, 0x7A, 0x2A, 0x04, 0x87, 0x7B, 0xE2, 0xD2, 0x5E, 0xA9, 0x6B, 0x68, 0x20, 0x27, 0xCE, 0x6B, 0x60, 0x69, 0x60, 0x6A, 0x68, 0x68, 0x68, 0x61, 0x64, 0x6E, 0x6C, 0x1A, 0x25, 0xCE, 0x6B, 0x68, 0x04, 0xE4, 0x1A, 0x40, 0xB9, 0x06, 0x8D, 0xF3, 0x0D, 0x85, 0x0D, 0x04, 0xD9, 0xB8, 0x38, 0x27, 0xA9, 0x75, 0x4E, 0xFE, 0xA4, 0x93, 0xC2, 0x28, 0x29, 0xC6, 0x9C, 0x9C, 0x9F, 0x6B, 0x28, 0x62, 0x20, 0x84, 0x22, 0xC8, 0x92, 0x93, 0x9B, 0x9C, 0x6F, 0x28, 0x66, 0x20, 0x82, 0x22, 0xCA, 0x56, 0x5A, 0x5C, 0x92, 0x5A, 0x5C, 0x62, 0x28, 0x6E, 0x20, 0x8A, 0x22, 0xCE, 0x9E, 0x0C, 0x95, 0xE0, 0x31, 0xE0, 0x82, 0x78, 0x93, 0xD9, 0xD5, 0x33, 0xD8, 0x50, 0xD2, 0x40, 0x1C, 0xC2, 0x13, 0x08, 0x4E, 0x2D, 0x2A, 0xCB, 0x4C, 0x4E, 0x55, 0x70, 0x4C, 0x4E, 0xCE, 0x2F, 0xCD, 0x2B, 0x29, 0x36, 0x94, 0x30, 0x10, 0x83, 0x78, 0x93, 0x3F, 0x27, 0x33, 0xAF, 0xB4, 0xA2, 0x38, 0x59, 0x01, 0xAA, 0xC4, 0xA0, 0x89, 0x51, 0x09, 0x39, 0x5A, 0x18, 0x59, 0x19, 0x98, 0x9B, 0x18, 0xF9, 0x19, 0x80, 0xE2, 0x5C, 0x4C, 0x4D, 0x8C, 0x8C, 0x0C, 0xFB, 0xCF, 0xAE, 0x8D, 0x89, 0x7E, 0x26, 0xC4, 0x90, 0x3D, 0xDF, 0xFA, 0xEF, 0xA2, 0x27, 0x6F, 0x44, 0xAE, 0x4A, 0xD5, 0x5C, 0x3C, 0x1C, 0x6E, 0x15, 0x9C, 0xF9, 0xFE, 0xF9, 0xDD, 0xF9, 0x37, 0x3F, 0xDF, 0x71, 0xCC, 0x39, 0xD8, 0x2C, 0xAF, 0xF6, 0x47, 0xCE, 0x49, 0xE5, 0xCF, 0x9E, 0x56, 0x0E, 0xD9, 0xE5, 0x72, 0xAF, 0xFC, 0x59, 0x25, 0xB5, 0xDE, 0x76, 0xCE, 0x36, 0x3B, 0xE8, 0xA6, 0xC7, 0x67, 0xBD, 0xE7, 0x63, 0x4A, 0x46, 0xD6, 0xB3, 0x1A, 0xB9, 0xC7, 0xB6, 0xB9, 0xD7, 0x02, 0x5D, 0xDF, 0xCD, 0x9E, 0xEB, 0xE9, 0xEA, 0x11, 0xBC, 0xAA, 0xF0, 0xE9, 0x32, 0xE1, 0x69, 0x2B, 0xDC, 0x5F, 0x6F, 0x73, 0x58, 0xB9, 0x49, 0xAD, 0xFC, 0xD8, 0x6D, 0xEF, 0x53, 0xC7, 0x77, 0x5D, 0x5C, 0x34, 0xFF, 0xA5, 0xE4, 0x7B, 0xED, 0xEF, 0x36, 0xC7, 0x7C, 0xFE, 0xAA, 0x6E, 0xD9, 0xF9, 0x5E, 0x67, 0x6E, 0x87, 0x46, 0x76, 0xAE, 0x41, 0x44, 0x84, 0x9C, 0xF7, 0xD6, 0x25, 0xA1, 0xCD, 0xAD, 0x29, 0x7A, 0xED, 0xE7, 0x84, 0x2F, 0x5F, 0x5D, 0x12, 0xE8, 0x92, 0xA3, 0x95, 0x50, 0x96, 0xF8, 0xD4, 0xF3, 0xD7, 0xE5, 0xAE, 0xF6, 0xBA, 0x8F, 0xA2, 0xD3, 0x66, 0x1F, 0x7E, 0x2E, 0xB9, 0x8A, 0x8D, 0xBD, 0x72, 0xC2, 0x93, 0xCD, 0xFB, 0xF9, 0xD6, 0x4A, 0x04, 0x46, 0x9D, 0x11, 0x5F, 0xFC, 0x41, 0xC6, 0x24, 0xF5, 0x67, 0x48, 0xDF, 0xED, 0x52, 0x0E, 0xF9, 0x63, 0x5A, 0x6B, 0xF8, 0xE6, 0xEC, 0x99, 0xBD, 0xE8, 0xA7, 0xE2, 0x97, 0x5F, 0xA7, 0x03, 0x9C, 0xA6, 0x9A, 0x4D, 0x90, 0xF9, 0xB6, 0x69, 0xFA, 0xA9, 0x05, 0xCC, 0x5F, 0xBC, 0x15, 0x8F, 0x1D, 0xBF, 0xE8, 0x76, 0xFD, 0xE4, 0xA4, 0x22, 0x8F, 0x29, 0x6B, 0xCF, 0x6D, 0x2A, 0x17, 0x33, 0xE2, 0xE6, 0xDC, 0x95, 0xB7, 0xBA, 0xD1, 0xDD, 0x24, 0x7F, 0xC3, 0x35, 0xEF, 0xDA, 0xF0, 0x45, 0xB3, 0x7E, 0xBC, 0x0A, 0x64, 0x62, 0x66, 0x64, 0x60, 0x5C, 0xDC, 0xC4, 0x56, 0x61, 0xD0, 0xC4, 0x56, 0x62, 0x20, 0x0B, 0x0C, 0x45, 0x59, 0x3E, 0x16, 0x31, 0x16, 0x91, 0x09, 0x9B, 0xBB, 0xCE, 0xF9, 0x9C, 0xB8, 0x72, 0xCF, 0x39, 0xE5, 0xEA, 0xEF, 0x8A, 0x0B, 0xFE, 0x1B, 0x82, 0x78, 0xFB, 0x9F, 0x1B, 0xC8, 0x83, 0xA4, 0x95, 0x59, 0x80, 0xA1, 0xDD, 0x20, 0xB2, 0x75, 0x81, 0xC
Re: [opensc-devel] Ticket #189 - Problems with opensc-pkcs11.so
Andreas, I'll understand if you don't have time to help me look at this problem. You mentioned that you wrote a program to decode the bytes that are downloaded by the piv code and I was wondering maybe you could send me your decoder code so I can try to further investigate the issues I am seeing. -Original Message- From: Boarman, Christopher L Sent: Wednesday, June 24, 2009 8:20 PM To: Andreas Jellinghaus; Douglas E. Engert Cc: opensc-devel@lists.opensc-project.org Subject: RE: [opensc-devel] Ticket #189 - Problems with opensc-pkcs11.so Andreas, I added a 1000 byte buffer to the MAXLEN on the X.509 certs and that seemed to temporarily resolve that issue but there were other errors that I am seeing as well. There appear to be 2 categories of these errors: 1.) No cert found: [opensc-pkcs11] pkcs15.c:1672:sc_pkcs15_read_file: called, path=0102cece, index=0, count=-1 [opensc-pkcs11] card.c:285:sc_lock: called [opensc-pkcs11] card.c:532:sc_select_file: called; type=2, path=0102cece [opensc-pkcs11] card-piv.c:1620:piv_select_file: called [opensc-pkcs11] card-piv.c:1591:piv_find_obj_by_containerid: called [opensc-pkcs11] card-piv.c:1592:piv_find_obj_by_containerid: str=0x0102 [opensc-pkcs11] card-piv.c:1597:piv_find_obj_by_containerid: returning with: 8 [opensc-pkcs11] card-piv.c:1677:piv_select_file: returning with: 0 [opensc-pkcs11] card.c:554:sc_select_file: returning with: 0 [opensc-pkcs11] card.c:399:sc_read_binary: called; 3308 bytes at index 0 [opensc-pkcs11] card-piv.c:857:piv_read_binary: called [opensc-pkcs11] card-piv.c:631:piv_get_data: called [opensc-pkcs11] card-piv.c:632:piv_get_data: get_data: tag=8 [opensc-pkcs11] card-piv.c:299:piv_general_io: called [opensc-pkcs11] card-piv.c:303:piv_general_io: piv_general_io cb 3f ff 5 : 255 256 [ opensc-pkcs11] card.c:285:sc_lock: called [opensc-pkcs11] card-piv.c:334:piv_general_io: calling sc_transmit_apdu flags=1 le=256, resplen=2, resp=0xbfe30b8c [opensc-pkcs11] apdu.c:516:sc_transmit_apdu: called [opensc-pkcs11] card.c:285:sc_lock: called [opensc-pkcs11] apdu.c:184:sc_apdu_log: Outgoing APDU data [ 11 bytes] = 00 CB 3F FF 05 5C 03 5F C1 0B 00 ..?..\._... == [opensc-pkcs11] reader-pcsc.c:161:pcsc_internal_transmit: called [opensc-pkcs11] apdu.c:184:sc_apdu_log: Incoming APDU data [ 10 bytes] = 53 06 70 00 71 00 FE 00 90 00 S.p.q. == [opensc-pkcs11] card.c:312:sc_unlock: called [opensc-pkcs11] card-piv.c:341:piv_general_io: DEE r=0 apdu.resplen=8 sw1=90 sw2=00 [opensc-pkcs11] card-piv.c:378:piv_general_io: DEE got buffer 0x84cbab0 len 8 [opensc-pkcs11] card.c:312:sc_unlock: called [opensc-pkcs11] card-piv.c:397:piv_general_io: returning with: 8 [opensc-pkcs11] card-piv.c:735:piv_get_data: returning with: 8 [opensc-pkcs11] card-piv.c:888:piv_read_binary: DEE rbuf=0x84cbab0,rbuflen=8, [opensc-pkcs11] card-piv.c:764:piv_handle_certificate_data: returning with: Object not found [opensc-pkcs11] card-piv.c:936:piv_read_binary: returning with: Object not found [opensc-pkcs11] card.c:430:sc_read_binary: returning with: Object not found [opensc-pkcs11] card.c:312:sc_unlock: called [opensc-pkcs11] pkcs15-piv.c:323:sc_pkcs15emu_piv_init: No cert found,i=2 2.) Public key not found [opensc-pkcs11] pkcs15-piv.c:391:sc_pkcs15emu_piv_init: PIV-II adding pub keys... [opensc-pkcs11] pkcs15-piv.c:420:sc_pkcs15emu_piv_init: No cert for this pub key i=2 [opensc-pkcs11] pkcs15-pubkey.c:387:sc_pkcs15_read_pubkey: called [opensc-pkcs11] pkcs15.c:1672:sc_pkcs15_read_file: called, path=9d06, index=0, count=-1 [opensc-pkcs11] card.c:285:sc_lock: called [opensc-pkcs11] card.c:532:sc_select_file: called; type=2, path=9d06 [opensc-pkcs11] card-piv.c:1620:piv_select_file: called [opensc-pkcs11] card-piv.c:1591:piv_find_obj_by_containerid: called [opensc-pkcs11] card-piv.c:1592:piv_find_obj_by_containerid: str=0x9D06 [opensc-pkcs11] card-piv.c:1597:piv_find_obj_by_containerid: returning with: 14 [opensc-pkcs11] card-piv.c:1677:piv_select_file: returning with: 0 [opensc-pkcs11] card.c:554:sc_select_file: returning with: 0 [opensc-pkcs11] card.c:399:sc_read_binary: called; 2048 bytes at index 0 [opensc-pkcs11] card-piv.c:857:piv_read_binary: called [opensc-pkcs11] card-piv.c:631:piv_get_data: called [opensc-pkcs11] card-piv.c:632:piv_get_data: get_data: tag=14 [opensc-pkcs11] card-piv.c:735:piv_get_data: returning with: File not found [opensc-pkcs11] card-piv.c:936:piv_read_binary: returning with: File not found [opensc-pkcs11] card.c:430:sc_read_binary: returning with: File not found [opensc-pkcs11] card.c:312:sc_unlock: called [opensc-pkcs11] pkcs15-pubkey.c:404:sc_pkcs15_read_pubkey: Failed to read public key file. What do you think is contributing to these errors? I have attached a new debug fi
[opensc-devel] Fix: "rutoken" and "emv" detection
Hello, FIX: sc_get_rutoken_driver above EMV because the detection gets caught there first. Patch for trunk revision 3698 is in attachment. Could you please add it? Thanks diff -u -r opensc-trunk-r3698/src/libopensc/ctx.c new/opensc-trunk-r3698/src/libopensc/ctx.c --- opensc-trunk-r3698/src/libopensc/ctx.c 2009-06-26 13:30:08.0 +0400 +++ new/opensc-trunk-r3698/src/libopensc/ctx.c 2009-06-26 17:42:22.0 +0400 @@ -73,6 +73,7 @@ { "belpic", (void *(*)(void)) sc_get_belpic_driver }, { "atrust-acos",(void *(*)(void)) sc_get_atrust_acos_driver }, { "muscle", (void *(*)(void)) sc_get_muscle_driver }, /* Above EMV because the detection gets caught there first */ + { "rutoken",(void *(*)(void)) sc_get_rutoken_driver }, /* Above EMV because the detection gets caught there first */ { "emv",(void *(*)(void)) sc_get_emv_driver }, { "incrypto34", (void *(*)(void)) sc_get_incrypto34_driver }, #ifdef ENABLE_OPENSSL @@ -83,7 +84,6 @@ #ifdef ENABLE_OPENSSL { "entersafe",(void *(*)(void)) sc_get_entersafe_driver }, #endif - { "rutoken",(void *(*)(void)) sc_get_rutoken_driver }, { "rutoken_ecp",(void *(*)(void)) sc_get_rtecp_driver }, /* The default driver should be last, as it handles all the * unrecognized cards. */ ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] iso7816.c:set_security_env:OPERATION_DECIPHER
Ludovic Rousseau: 2009/6/23 Andreas Jellinghaus : maybe we can obsolete some of those card specific implementations, if the only difference was this value? Maybe. I had a look at card-setcos.c and the two iso7816_set_security_env() functions are very similar. And they are even more similar with the patch applied. Any volunteer? Patch for card-rtecp.c is attached. Could you please add it? Thanks diff -u -r opensc-trunk-r3698/src/libopensc/card-rtecp.c new/opensc-trunk-r3698/src/libopensc/card-rtecp.c --- opensc-trunk-r3698/src/libopensc/card-rtecp.c 2009-06-26 13:30:08.0 +0400 +++ new/opensc-trunk-r3698/src/libopensc/card-rtecp.c 2009-06-26 16:46:55.0 +0400 @@ -250,23 +250,18 @@ switch (in_path->type) { case SC_PATH_TYPE_FILE_ID: - apdu.p1 = 0; if (pathlen != 2) SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); break; case SC_PATH_TYPE_PATH: - apdu.p1 = 0x08; if (pathlen >= 2 && memcmp(path, "\x3F\x00", 2) == 0) { if (pathlen == 2) - { - /* only 3F00 supplied */ - apdu.p1 = 0; - break; - } + break; /* only 3F00 supplied */ path += 2; pathlen -= 2; } + apdu.p1 = 0x08; break; case SC_PATH_TYPE_DF_NAME: case SC_PATH_TYPE_FROM_CURRENT: @@ -286,11 +281,8 @@ apdu.le = sizeof(buf) - 2; } else - { - apdu.resplen = 0; - apdu.le = 0; apdu.cse = SC_APDU_CASE_3_SHORT; - } + r = sc_transmit_apdu(card, &apdu); SC_TEST_RET(card->ctx, r, "APDU transmit failed"); if (file_out == NULL) @@ -383,49 +375,6 @@ SC_FUNC_RETURN(card->ctx, 2, r); } -static int rtecp_set_security_env(sc_card_t *card, const sc_security_env_t *env, - int se_num) -{ - sc_apdu_t apdu; - u8 buf[8], tmp, *p = buf; - int r; - - (void)se_num; /* no warning */ - assert(card && card->ctx && env); - sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x22, 0x41, 0); - switch (env->operation) - { - case SC_SEC_OPERATION_DECIPHER: - apdu.p2 = 0xB8; - break; - case SC_SEC_OPERATION_SIGN: - apdu.p2 = 0xB6; - break; - default: - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS); - } - if (env->flags & SC_SEC_ENV_ALG_REF_PRESENT) - { - tmp = env->algorithm_ref & 0xFF; - sc_asn1_put_tag(0x80, &tmp, sizeof(tmp), p, sizeof(buf) - (p - buf), &p); - } - if (env->flags & SC_SEC_ENV_FILE_REF_PRESENT && card->ctx->debug >= 4) - sc_debug(card->ctx, "%s\n", "SC_SEC_ENV_FILE_REF_PRESENT not supported"); - if (env->flags & SC_SEC_ENV_KEY_REF_PRESENT) - sc_asn1_put_tag(env->flags & SC_SEC_ENV_KEY_REF_ASYMMETRIC ? 0x83 : 0x84, - env->key_ref, env->key_ref_len, - p, sizeof(buf) - (p - buf), &p); - - apdu.lc = p - buf; - apdu.data = buf; - apdu.datalen = p - buf; - - r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); - r = sc_check_sw(card, apdu.sw1, apdu.sw2); - SC_FUNC_RETURN(card->ctx, 2, r); -} - static int rtecp_rsa_cipher(sc_card_t *card, const u8 *data, size_t data_len, u8 *out, size_t out_len, int sign) { @@ -828,7 +777,7 @@ rtecp_ops.verify = rtecp_verify; rtecp_ops.logout = rtecp_logout; /* restore_security_env */ - rtecp_ops.set_security_env = rtecp_set_security_env; + /* set_security_env */ rtecp_ops.decipher = rtecp_decipher; rtecp_ops.compute_signature = rtecp_compute_signature; rtecp_ops.change_reference_data = rtecp_change_reference_data; ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] iso7816.c:set_security_env:OPERATION_DECIPHER
Hello, Ludovic Rousseau: maybe we can obsolete some of those card specific implementations, if the only difference was this value? Maybe. I had a look at card-setcos.c and the two iso7816_set_security_env() functions are very similar. And they are even more similar with the patch applied. Any volunteer? Patch for card-gemsafeV1.c is in attachment, but unfortunately I can't test it. I don't have this device. Thanks diff -u -r opensc-trunk-r3698/src/libopensc/card-gemsafeV1.c new/opensc-trunk-r3698/src/libopensc/card-gemsafeV1.c --- opensc-trunk-r3698/src/libopensc/card-gemsafeV1.c 2008-09-10 17:50:39.0 +0400 +++ new/opensc-trunk-r3698/src/libopensc/card-gemsafeV1.c 2009-06-26 16:02:48.0 +0400 @@ -380,61 +380,25 @@ const struct sc_security_env *env, int se_num) { - int r; - struct sc_apdu apdu; - u8 sbuf[SC_MAX_APDU_BUFFER_SIZE], *p = sbuf; - u8 alg_ref = 0; + u8 alg_ref; + struct sc_security_env se_env = *env; struct sc_context *ctx = card->ctx; SC_FUNC_CALLED(ctx, 1); - sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x22, 0x41, 0); - switch (env->operation) { - case SC_SEC_OPERATION_DECIPHER: - apdu.p2 = 0xB8; - break; - case SC_SEC_OPERATION_SIGN: - apdu.p2 = 0xB6; - break; - default: - return SC_ERROR_INVALID_ARGUMENTS; - } - apdu.le = 0; - - /* first step: set the algorithm reference */ - if (env->flags & SC_SEC_ENV_ALG_REF_PRESENT) - alg_ref = env->algorithm_ref & 0xFF; - else - alg_ref = gemsafe_flags2algref(env); - if (alg_ref) { - /* set the algorithm reference */ - *p++ = 0x80; - *p++ = 0x01; - *p++ = alg_ref; - } else - sc_debug(ctx, "unknown algorithm flags '%x'\n", env->algorithm_flags); - /* second step: set the key reference */ - if (env->flags & SC_SEC_ENV_KEY_REF_PRESENT) { - /* set the key reference */ - if (env->flags & SC_SEC_ENV_KEY_REF_ASYMMETRIC) - *p++ = 0x83; - else - *p++ = 0x84; - *p++ = env->key_ref_len; - memcpy(p, env->key_ref, env->key_ref_len); - p += env->key_ref_len; + if (!(se_env.flags & SC_SEC_ENV_ALG_REF_PRESENT)) { + /* set the algorithm reference */ + alg_ref = gemsafe_flags2algref(&se_env); + if (alg_ref) { + se_env.algorithm_ref = alg_ref; + se_env.flags |= SC_SEC_ENV_ALG_REF_PRESENT; + } } + if (!(se_env.flags & SC_SEC_ENV_ALG_REF_PRESENT)) + sc_debug(ctx, "unknown algorithm flags '%x'\n", se_env.algorithm_flags); - - r = p - sbuf; - apdu.lc = r; - apdu.datalen = r; - apdu.data = sbuf; - apdu.resplen = 0; - - r = sc_transmit_apdu(card, &apdu); - SC_TEST_RET(card->ctx, r, "APDU transmit failed"); - return sc_check_sw(card, apdu.sw1, apdu.sw2); + se_env.flags &= ~SC_SEC_ENV_FILE_REF_PRESENT; + return iso_ops->set_security_env(card, &se_env, se_num); } static int gemsafe_compute_signature(struct sc_card *card, const u8 * data, ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] OpenSC SCA and PKCS#11
On 11 jun 2009, at 00.18, Peter Stuge wrote: > The canonical way of using opensc-pkcs11.so is to dlopen() it, I > don't think direct linking of the .so will work so well. > > Maybe you can use pkcs11-helper or libp11 as your PKCS#11 access > method? Or just dlopen() the .so. yes, we've changed our code to use dlopen() now; http://trac.opendnssec.org/browser/trunk/libhsm . thanks! jakob ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel