Re: [opensc-devel] OpenCT:ChipCard Interface Descriptor:dwFeatures and ISO/IEC 7816-12:2005
Am Donnerstag 16 Juli 2009 14:35:19 schrieb Aktiv Co. Aleksey Samsonov: Could you please add patch for support Rutoken ECP tokens? (Patch for trunk revision 1158 is in attachment) Thanks. Could you check the other files in etc/ directory and modify them too? Most files only need new entries if the generic smart card rule doesn't match the token (interface class 0xb). Regards, Andreas ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] New releases?
Hi, which projects need new releases, and what changes should go in before? I'm aware off: * libp11 needs a new release because the new function wasn't added to the export file. * opensc has a number of changes, so a new release would be good. * openct has updates for a new rutoken driver Patches not yet applied: * martins patch to remove sc_error and related code. I'm all for it, had an even larger rewrite in the past. * douglas changes to the piv code. I'm not sure if it would be better to have a new release now and another release with those changes, or wait for these changes. what do you think? are there other changes/patches/projects that I forgot and that need to be applied / need new releases too? Regards, Andreas ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] OpenCT:ChipCard Interface Descriptor:dwFeatures and ISO/IEC 7816-12:2005
This is strange... As the default is ccid for all. On Fri, Jul 17, 2009 at 11:50 AM, Aktiv Co. Aleksey Samsonovsamso...@guardant.ru wrote: Hello, Alon Bar-Lev: Why is it needed? Doesn't it report itself as CCID device? Yes, this is not needed for linux, but ifd_scan_usb's in: src/ifd/sys-bsd.c:533: src/ifd/sys-bsd.c:597: src/ifd/sys-solaris.c:572: src/ifd/sys-sunray.c:347: /* FIXME: if we don't find a driver with vendor/product * then check for the interface type (ccid) and use * driver ccid... */ On Thu, Jul 16, 2009 at 3:35 PM, Aktiv Co. Aleksey Samsonov samso...@guardant.ru wrote: Could you please add patch for support Rutoken ECP tokens? (Patch for trunk revision 1158 is in attachment) Thanks. diff -u -r openct-trunk-r1158/etc/openct.conf.in new/openct-trunk-r1158/etc/openct.conf.in --- openct-trunk-r1158/etc/openct.conf.in 2009-02-06 12:33:08.0 +0300 +++ new/openct-trunk-r1158/etc/openct.conf.in 2009-07-16 16:25:20.0 +0400 @@ -134,6 +134,7 @@ usb:0b97/7772, # O2 Micro, Inc. Oz776 SmartCard Reader usb:0bf8/1006, # fujitsu siemens 3.5 drive size reader usb:0dc3/1004, # Athena Smartcard Solutions, Inc. ASEKey + usb:0a89/0030, # Aktiv Rutoken ECP ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] OpenCT:ChipCard Interface Descriptor:dwFeaturesand ISO/IEC 7816-12:2005
This is strange... As the default is ccid for all. Isn't this rather reflecting the state of smart cards today? I also think I read that both the Spanish and Belgium ID-cards needed specific features to run, the latter even requires a modified PKCS #11! For good or for worse I intend to define a standard eID card that neither uses PKCS #15 nor ISO7816, but a pure crypto API. Unlike other smart cards this design is intended to support on-line provisioning using a web application rather than depending on awkward platform-dependent card management software. It is a big job, no doubt about it! OTOH if you look into Mobile eID, you will note that there has been close to zero progress since the WAP- days and that's not acceptable when iPhone friends are gradually becoming as important as your PC. Cheers, Anders On Fri, Jul 17, 2009 at 11:50 AM, Aktiv Co. Aleksey Samsonovsamso...@guardant.ru wrote: Hello, Alon Bar-Lev: Why is it needed? Doesn't it report itself as CCID device? Yes, this is not needed for linux, but ifd_scan_usb's in: src/ifd/sys-bsd.c:533: src/ifd/sys-bsd.c:597: src/ifd/sys-solaris.c:572: src/ifd/sys-sunray.c:347: /* FIXME: if we don't find a driver with vendor/product * then check for the interface type (ccid) and use * driver ccid... */ On Thu, Jul 16, 2009 at 3:35 PM, Aktiv Co. Aleksey Samsonov samso...@guardant.ru wrote: Could you please add patch for support Rutoken ECP tokens? (Patch for trunk revision 1158 is in attachment) Thanks. diff -u -r openct-trunk-r1158/etc/openct.conf.in new/openct-trunk-r1158/etc/openct.conf.in --- openct-trunk-r1158/etc/openct.conf.in 2009-02-06 12:33:08.0 +0300 +++ new/openct-trunk-r1158/etc/openct.conf.in 2009-07-16 16:25:20.0 +0400 @@ -134,6 +134,7 @@ usb:0b97/7772, # O2 Micro, Inc. Oz776 SmartCard Reader usb:0bf8/1006, # fujitsu siemens 3.5 drive size reader usb:0dc3/1004, # Athena Smartcard Solutions, Inc. ASEKey + usb:0a89/0030, # Aktiv Rutoken ECP ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] New releases?
2009/7/17 Andreas Jellinghaus a...@dungeon.inka.de: Patches not yet applied: * martins patch to remove sc_error and related code. I'm all for it, had an even larger rewrite in the past. * douglas changes to the piv code. I'm not sure if it would be better to have a new release now and another release with those changes, or wait for these changes. what do you think? I think we should include these patches, unless there is an urgency to release OpenSC now. Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Fix: call sc_free_apps for pkcs15init-erase
Hello, Bug (Rutoken S, Rutoken ECP): $ pkcs15-init -E -C $ pkcs15-init -E -C $ opensc-explorer OpenSC [3F00] cat 2f00 : 61 1F 4F 0C A0 00 00 00 63 50 4B 43 53 2D 31 35 a.O. ...cPKCS-15 0010: 50 09 52 75 74 6F 6B 65 6E 20 53 51 04 3F 00 50 P.Rutoken SQ.?.P 0020: 15 61 1F 4F 0C A0 00 00 00 63 50 4B 43 53 2D 31 .a.O. ...cPKCS-1 0030: 35 50 09 52 75 74 6F 6B 65 6E 20 53 51 04 3F 00 5P.Rutoken SQ.?. 0040: 50 15 00 00 00 00 00 00 00 00 00 00 00 00 00 00 P... 0050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 OpenSC [3F00] Could you please add attached patch? Thanks diff -u -r opensc-trunk-r3708/src/pkcs15init/pkcs15-rtecp.c new/opensc-trunk-r3708/src/pkcs15init/pkcs15-rtecp.c --- opensc-trunk-r3708/src/pkcs15init/pkcs15-rtecp.c2009-07-17 15:25:51.0 +0400 +++ new/opensc-trunk-r3708/src/pkcs15init/pkcs15-rtecp.c2009-07-17 15:34:12.0 +0400 @@ -39,9 +39,14 @@ */ static int rtecp_erase(sc_profile_t *profile, sc_card_t *card) { + int r; + if (!profile || !card) return SC_ERROR_INVALID_ARGUMENTS; - return sc_card_ctl(card, SC_CARDCTL_RTECP_INIT, NULL); + r = sc_card_ctl(card, SC_CARDCTL_RTECP_INIT, NULL); + if (r == SC_SUCCESS) + sc_free_apps(card); + return r; } static int create_sysdf(sc_profile_t *profile, sc_card_t *card, const char *name) diff -u -r opensc-trunk-r3708/src/pkcs15init/pkcs15-rutoken.c new/opensc-trunk-r3708/src/pkcs15init/pkcs15-rutoken.c --- opensc-trunk-r3708/src/pkcs15init/pkcs15-rutoken.c 2009-02-01 11:28:51.0 +0300 +++ new/opensc-trunk-r3708/src/pkcs15init/pkcs15-rutoken.c 2009-07-17 15:28:59.0 +0400 @@ -465,6 +465,8 @@ } if (ret != SC_SUCCESS) sc_error(card-ctx, Failed to erase: %s\n, sc_strerror(ret)); + else + sc_free_apps(card); return ret; } ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] OpenCT:ChipCard Interface Descriptor:dwFeatures and ISO/IEC 7816-12:2005
Am Freitag 17 Juli 2009 11:14:46 schrieb Aktiv Co. Aleksey Samsonov: Hello, Andreas Jellinghaus: Am Donnerstag 16 Juli 2009 14:35:19 schrieb Aktiv Co. Aleksey Samsonov: Could you please add patch for support Rutoken ECP tokens? (Patch for trunk revision 1158 is in attachment) Thanks. Could you check the other files in etc/ directory and modify them too? Most files only need new entries if the generic smart card rule doesn't match the token (interface class 0xb). I checked certainly the other files in etc/ directory. Those files don't need to change. ok, thanks! Regards, Andreas ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Patch to keep pkcs15-gemsafeV1 from issuing commands to the wrong cards during dection
The pkcs15-gemsafeV1.c does not detect of the card present is in fact a gemsafeV1 card, and thus it can end up issuing commands to the wrong cards. -- Douglas E. Engert deeng...@anl.gov Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 --- ./src/libopensc/,pkcs15-gemsafeV1.c Wed Aug 27 02:30:26 2008 +++ ./src/libopensc/pkcs15-gemsafeV1.c Wed Jul 15 12:59:48 2009 @@ -206,7 +206,9 @@ static int gemsafe_detect_card( sc_pkcs15_card_t *p15card) { -sc_debug(p15card-card-ctx, In gemsafe_detect_card\n); + if (strcmp(p15card-card-name, GemSAFE V1)) + return SC_ERROR_WRONG_CARD; + return SC_SUCCESS; } ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] New releases?
Doug, After I applied your patch, I performed my tests and everything ran beautifully. No more errors of any kind showing up in log files or stdout/stderr. Below is the test script output from my main PKCS#11 app. --- [r...@etsorh5ai SMARTCARD]# vastool-sctest-all Config: --- Checking that a PKCS#11 library is specified ... ok (Specifying PKCS#11 slot is optional) Test successful. Library: Testing PKCS#11 library '/usr/lib/opensc-pkcs11.so': Checking PKCS#11 library may be dynamically loaded ... ok Checking PKCS#11 library contains necessary symbols ... ok Checking PKCS#11 function list can be obtained ... ok Checking PKCS#11 library version is compatible ... ok Checking PKCS#11 library can be initialized ... ok Checking PKCS#11 library can be finalized ... ok Test successful. Card: - Checking card mechanisms ... CKM_SHA_1 (null) (null) (null) CKM_MD5 CKM_RIPEMD160 CKM_RSA_X_509 CKM_RSA_PKCS CKM_SHA1_RSA_PKCS CKM_MD5_RSA_PKCS CKM_RIPEMD160_RSA_PKCS CKM_RSA_PKCS_KEY_PAIR_GEN Checking that CKM_RSA_PKCS mechanism is supported ... ok Checking info for CKM_RSA_PKCS mechanism ... ok Checking CKM_RSA_PKCS mechanism supports signing ... ok Checking CKM_RSA_PKCS mechanism supports decryption ... ok Testing that card contains a user ... ok Test successful. User: - Testing user linu...@custest.ustest.lmco.com Testing certificate validity ... ok Testing if PIN is required ... ok Enter PIN for linu...@custest.ustest.lmco.com: Performing login to card ... ok Generating signature ... ok Verifying signature ... ok Test successful. -Original Message- From: Douglas E. Engert [mailto:deeng...@anl.gov] Sent: Friday, July 17, 2009 9:25 AM To: Andreas Jellinghaus Cc: OpenSC-devel; Boarman, Christopher L Subject: Re: [opensc-devel] New releases? Andreas Jellinghaus wrote: Hi, which projects need new releases, and what changes should go in before? I'm aware off: * libp11 needs a new release because the new function wasn't added to the export file. Yes, as the openssl engine will can not load because of the missing entry. * opensc has a number of changes, so a new release would be good. * openct has updates for a new rutoken driver Patches not yet applied: * martins patch to remove sc_error and related code. I'm all for it, had an even larger rewrite in the past. I must have missed somrthing, what is this patch? Does it change every line with sc_error? What is its replacement? Does it convert sc_error to sc_debug? * douglas changes to the piv code. I hope to have Christopher Boarman test this in the next few days, and if it works for him it could be in the next release. I'm not sure if it would be better to have a new release now and another release with those changes, or wait for these changes. what do you think? You could do the libp11 now. are there other changes/patches/projects that I forgot and that need to be applied / need new releases too? I have one minor one, to pkcs15-gemsafeV1.c to have it test it is on using the correct card. Keeps the driver from issuing APDU to wrong cards during detection. See my next message. Regards, Andreas ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel -- Douglas E. Engert deeng...@anl.gov Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel