Re: [opensc-devel] Initial ECDSA modifications to OpenSC for use with PIV cards in OpenSC #295
Hello, Douglas E. Engert wrote: Great for now. But in SVN pkcs15-sec.c:188,189: 187 switch (obj-type) { 188 /* FIXME -DEE GOSTR is misusing the sc_card_find_rsa_alg */ 189 case SC_PKCS15_TYPE_PRKEY_GOSTR3410: 190 case SC_PKCS15_TYPE_PRKEY_RSA: 191 modlen = prkey-modulus_length / 8; 192 alg_info = sc_card_find_rsa_alg(p15card-card, prkey This should be fixed sometime, as the GOSTR code is depending on the RSA alg_info. But GOSTR should have sc_card_find_gostr_alg and _sc_card_add_gostr_alg routines. In card-rtecp.c there are calls to _sc_card_add_rsa_alg for 256, 512, 768, (look way to weak for RSA) It look like they were added because pkcs15-sec.c:192 is only looking at RSA. So in pkcs15-sec.c above, it is looking at the alg_info created by the call at card-rtecp.c:73 _sc_card_add_rsa_alg(card, 256, flags, 0); Agree. Fixed at 4931. Thanks! ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] GOOZE discount and sales offer
Jean-Michel Pouré - GOOZE wrote: sells single pki cards starting at € (10 cost each). jcop dual interface starting at 1***€. At GOOZE we are waiting for plenty of new products and we make very nice offers. I would like to make confirm: can we use the OpenSC mailing list to announce special offers. For example, we may offer a discount code to OpenSC members. Please make an announcement to make sure what is possible on the ML. IMHO, this was forbidden, thus we never offered such possibility. I think it is important to make room also for businesses and vendors who offer products and services related to open source projects. But maybe there is a better place than the opensc-devel@ list? In some projects there is e.g. a wiki page listing related companies and what they offer. I think it is very valuable for open source projects to encourage businesses to be visible within the project. It brings benefits to both parties. I agree that it is not really good to use the project mailing lists as a direct marketing channel, e.g. for sending a monthly newsletter or similar. But something like your signature is certainly OK, and it's a really good way to get a marketing side benefit whenever you contribute to the project, as you have done a lot already, by being active on the mailing list. This is great! If there would be some special offer e.g. in connection with a new major release of OpenSC then I think that would be very well received by everyone. But I guess the key is to not appear as spamming the list, by sending offers too frequently. I hope others can also offer input. //Peter ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] win32: path to OpenSC windows registers
Viktor TARASOV wrote: Nikolay Elenkov wrote: On 2010/12/07 16:03, Martin Paljak wrote: On Dec 7, 2010, at 4:41 AM, Nikolay Elenkov wrote: On 2010/12/07 2:36, Viktor TARASOV wrote: [1] http://www.opensc-project.org/opensc/wiki/WindowsInstaller#PossibleinstallerstepsWindowsenvironmentdescription Here the OpenSC dlls are installed into 'system32'. Can an alternative method, like changing of the 'PATH' variable, be also acceptable (for MSI)? This is bad, bad, bad. Especially since it also copies the OpenSSL dll in system32, and that breaks a lot of things. It should install in the main directory under c:\Program Files/ and add the bin directory to the PATH. Some software is very picky about the location from where it wants to load certain modules, cryptographic modules being one of those things. Any specific examples? Both Firefox and Thunderbird work just fine with PKCS#11 on the PATH, and not in System32. Copying stuff in system32 was deprecated ages ago. There is nothing special about a PKCS#11 DLL: unlike a Windows CSP, it is not signed, there aren't any special check AFAIK (at least in Mozilla software). The Gemalto and Oberthur (in the recent versions) middlewares install their DLLs into the 'Program Files'. My hidden motivation to do the same for the OpenSC MSI is that I do not managed to build the MSI that un-installs the DLLs installed in system32. The update and un-update of the PATH variable works remarkably good Hello Martin, can you validate r4936, please? I propose to install OpenSC stuff into the the '\Program Files\OpenSC Project\OpenSC' and install pkcs11-spy into the '\Program Files\OpenSC Project\PKCS11-Spy' Kind wishes, Viktor. -- Viktor Tarasov viktor.tara...@opentrust.com ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] [opensc-commits] svn opensc changed[4930] add to r4904: fix calculating of signature size for CKK_GOSTR3410
Hello, On Dec 9, 2010, at 9:23 AM, webmas...@opensc-project.org wrote: Revision: 4930 Author: s Date: 2010-12-09 07:23:10 + (Thu, 09 Dec 2010) Log Message: --- add to r4904: fix calculating of signature size for CKK_GOSTR3410 - *pLength *= 2; + *pLength = (*pLength + 7) / 8 * 2; Could you also add a comment? Why not (*pLength + 7) / 4? -- @MartinPaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] win32: path to OpenSC windows registers
On 12/07/2010 10:43 AM, Viktor TARASOV wrote: The Gemalto and Oberthur (in the recent versions) middlewares install their DLLs into the 'Program Files'. My hidden motivation to do the same for the OpenSC MSI is that I do not managed to build the MSI that un-installs the DLLs installed in system32. The update and un-update of the PATH variable works remarkably good. Victor, that's a very good idea to use standard MSI generated with WiX! Instead of adding 'Program Files\OpenSC' directory to PATH, it might be better to put all the deps (libopensc.dll, zlib.dll, iconv.dll, etc) into WinSxS [1] and only put the pkcs11 libraries in 'Program Files\OpenSC'. Polluting global DLL namespace (either by putting DLLs in Windows\System32 or adding DLL files to PATH) makes it very hard for other packages to ship DLL files with the same names. [1] http://en.wikipedia.org/wiki/Side-by-side_assembly Hope this helps, Kalev ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] [opensc-commits] svn opensc changed[4930] add to r4904: fix calculating of signature size for CKK_GOSTR3410
On 12/09/2010 11:40 AM, Martin Paljak wrote: Hello, On Dec 9, 2010, at 9:23 AM, webmas...@opensc-project.org wrote: Revision: 4930 Author: s Date: 2010-12-09 07:23:10 + (Thu, 09 Dec 2010) Log Message: --- add to r4904: fix calculating of signature size for CKK_GOSTR3410 -*pLength *= 2; +*pLength = (*pLength + 7) / 8 * 2; Could you also add a comment? Why not (*pLength + 7) / 4? Replying instead of the commit's author. (length + 7) / 8 is a common way to calculate stride width so that the result is aligned to 8. It might be a good idea to give a meaningful name to 2, but please don't simplify the calculation by replacing / 8 * 2 with 4 as it would make it harder to understand. Regards, Kalev ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] llibopensc.pc is not installed
On 12/07/2010 05:21 PM, Frank Morgner wrote: Hi! You're not supposed to link against libopensc via the sc_* API but use PKCS#11. It is possible but not encouraged, thus the .pc file is removed. Why is it not encouraged? Why do you need libopensc.pc (or what is linking agains libopensc)? I am using smart card abstraction offered by libopensc. For what it's worth, we were also considering using libopensc for smart card abstraction, but in the end chose another library because the public interface to libopensc was removed in svn. Also, Martin's opensc tokend uses libopensc directly, which makes it very painful to build. Instead of building against the public headers, the tokend needs whole opensc source tree for building. Regards, Kalev ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] [opensc-commits] svn opensc changed[4930] add to r4904: fix calculating of signature size for CKK_GOSTR3410
Hello, 2010/12/9 Martin Paljak mar...@paljak.pri.ee: Hello, On Dec 9, 2010, at 9:23 AM, webmas...@opensc-project.org wrote: Revision: 4930 Author: s Date: 2010-12-09 07:23:10 + (Thu, 09 Dec 2010) Log Message: --- add to r4904: fix calculating of signature size for CKK_GOSTR3410 - *pLength *= 2; + *pLength = (*pLength + 7) / 8 * 2; Could you also add a comment? Why not (*pLength + 7) / 4? Yes of course. We need to convert a length in bits to bytes and multiply by two. So if we divide by 4 then we have incorrect rounding result (case (*pLength + 7) % 8 = 4). ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] 0.12.0 release date and windows installer
On 12/06/2010 01:25 PM, Martin Paljak wrote: Hello, On Dec 6, 2010, at 12:37 PM, Johannes Becker wrote: Am Donnerstag 02 Dezember 2010 schrieb Martin Paljak: Have you decided on a release date yet for 0.12.0? Either today or tomorrow. I didn't find any newer versions in the wiki. The Fedora compilation (which does not have EC support in OpenSSL) git fixed on the weekend, so the release can happen. Could you please do another public release candidate before rolling out the final release tarballs? Thanks, Kalev ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] [opensc-commits] svn opensc changed[4930] add to r4904: fix calculating of signature size for CKK_GOSTR3410
On Thu, 2010-12-09 at 14:31 +0300, Aleksey Samsonov wrote: Hello, 2010/12/9 Martin Paljak mar...@paljak.pri.ee: Hello, On Dec 9, 2010, at 9:23 AM, webmas...@opensc-project.org wrote: Revision: 4930 Author: s Date: 2010-12-09 07:23:10 + (Thu, 09 Dec 2010) Log Message: --- add to r4904: fix calculating of signature size for CKK_GOSTR3410 - *pLength *= 2; + *pLength = (*pLength + 7) / 8 * 2; Could you also add a comment? Why not (*pLength + 7) / 4? Yes of course. We need to convert a length in bits to bytes and multiply by two. So if we divide by 4 then we have incorrect rounding result (case (*pLength + 7) % 8 = 4). Maybe it would be appropriate to define a macro for the conversion. The Reason is, that there are a lot of places where the conversion is computed as follows: byte_count = bit_count / 8. That is obviously wrong in 7 of 8 cases. Also it would improve readability. Regards Andre ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] [opensc-commits] svn opensc changed[4930] add to r4904: fix calculating of signature size for CKK_GOSTR3410
On Thu, 2010-12-09 at 09:38 -0600, Douglas E. Engert wrote: On 12/9/2010 8:41 AM, Andre Zepezauer wrote: On Thu, 2010-12-09 at 14:31 +0300, Aleksey Samsonov wrote: Hello, 2010/12/9 Martin Paljakmar...@paljak.pri.ee: Hello, On Dec 9, 2010, at 9:23 AM, webmas...@opensc-project.org wrote: Revision: 4930 Author: s Date: 2010-12-09 07:23:10 + (Thu, 09 Dec 2010) Log Message: --- add to r4904: fix calculating of signature size for CKK_GOSTR3410 - *pLength *= 2; + *pLength = (*pLength + 7) / 8 * 2; Could you also add a comment? Why not (*pLength + 7) / 4? Yes of course. We need to convert a length in bits to bytes and multiply by two. So if we divide by 4 then we have incorrect rounding result (case (*pLength + 7) % 8= 4). Maybe it would be appropriate to define a macro for the conversion. The Reason is, that there are a lot of places where the conversion is computed as follows: byte_count = bit_count / 8. That is obviously wrong in 7 of 8 cases. Also it would improve readability. It may comes down to does an algorthim support non-multiple of 8 bits? And if it can, is it ever used with non multiple of 8 bits? I have never sees an RSA key that was not a multiple of 8, so it may not be an issue for most of OpenSC. If one is not a multiple of 8, how is it padded? At least for RSA_PKCS1 the most significant octet is always zero. See PKCS1 01- and 02-padding schema. Therefore the padded signature input is always less than the modulus when compared numerical. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] win32: path to OpenSC windows registers
On 2010/12/09 20:22, Kalev Lember wrote: Victor, that's a very good idea to use standard MSI generated with WiX! Instead of adding 'Program Files\OpenSC' directory to PATH, it might be better to put all the deps (libopensc.dll, zlib.dll, iconv.dll, etc) into WinSxS [1] and only put the pkcs11 libraries in 'Program Files\OpenSC'. That would really be the best solution. It requires Windows XP and above though, which is probably OK. BTW, in VS2010 MS has finally come to their senses and DLLs include a version number in the filename. ([1]) [1] http://msdn.microsoft.com/en-us/library/dd293574.aspx ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel