Re: [opensc-devel] Opensc minidriver for base csp.
Hi Jan, Yes, I've started again to work on this since the begin of year, I try to make it working with at least version 6 of 'minidrivers' this should work with windows 7. I plan to send a patch in few days to show progress and get feed back. My goal is to have a first release that we can integrate in opensc and improve (the last version of 'minidrivers' is 7)... Regards, François -Message d'origine- De : Jan Suhr [mailto:j...@suhr.info] Envoyé : mardi 12 janvier 2010 18:34 À : François Leblanc Objet : Re: [opensc-devel] Opensc minidriver for base csp. Hi Francois! I read your patch for OpenSC and Windows base CSP from October. It would be really great to get OpenSC work this way! Do you plan to work on this patch later on? Regards Jan -- Jan Suhr OpenPGP key: http://user.cs.tu-berlin.de/~jansuhr/jansuhr.asc Anonymous e-mail: https://www.awxcnx.de/jansuhr.msg ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Opensc minidriver for base csp.
Am Montag 12 Oktober 2009 08:45:42 schrieb François Leblanc: > Yes absolutely. The "cardmod.h" copyright need some attention. For opensccm > prototypes come from the cardmod.h. can you have a look at "Smart Card Minidriver Specification" v7? The documentation is public available at http://www.microsoft.com/whdc/device/input/smartcard/sc-minidriver.mspx if you look at the document, and your code implements the functions in that document, we have a legal situation - simple function definitions are small enough to have no copyrightable value, and even if they did it would be legal to "quote" such a small part of the document, so we have no issue here. about cardmod.h we have three options: a) disable opensccm by default, and require those who enable it to install CNG SDK first and tell configure about the location, so we can use the official file from that place. b) create an empty cardmod.h file. try to compile. add the definitions for the unknown definitions manualy (quoting from the documentation) until we have everything we need in cardmod.h c) ask microsoft if they can put cardmod.h under a license compatible with open source, so we can include it in our software. for b) we would need to be real carefull to stay compatible with the official cardmod.h and it would be a lot of work, so I prefer a). (well, c would be best of course, but is quite unlikely...) Regards, Andreas ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Opensc minidriver for base csp.
OK. When you finish functionality, ping me so we can work on building. The winscard.h issue is strange... As there is a solution in sources for the absent of winscard on win32. But we will work this out. 2009/10/12 François Leblanc : > >>1. You don't need to check in versioninfo.rc > > Ok. > >>2. I don't understand the empty winscard.h > > Since I don't want to modify "cardmod.h" (it's not my file) and this file > include winscard.h but I don't have winscard.h with my cross compiler tool > mingw32... > >>3. If not absolutely required, put opensccm.reg in ANSI format so we >>can edit it easily in other platforms. UCS-2 is difficult to maintain. > > See my answer to Andreas. > >>4. Why do you need to install cardmod.h winscard.h, but are needed >>only for compilation, right? > > Yes, it need to be changed. > >>5. Why do you need -I$(top_srcdir)/src/common? > > Again need to be changed. > >>6. Please put opensccm.reg in DATA. > >>7. As it is built only for Windows, you don't need to add LIBADD+=, >>SOURCES+= etc... > > For cross building I think that is needed. > >>8. I am not sure we want to actually install testcsp. And if we want >>we should use a different distinct name for executable. > > Yes this can be keep uninstalled, just build for testing. > > François. > > ___ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel > ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Opensc minidriver for base csp.
>1. You don't need to check in versioninfo.rc Ok. >2. I don't understand the empty winscard.h Since I don't want to modify "cardmod.h" (it's not my file) and this file include winscard.h but I don't have winscard.h with my cross compiler tool mingw32... >3. If not absolutely required, put opensccm.reg in ANSI format so we >can edit it easily in other platforms. UCS-2 is difficult to maintain. See my answer to Andreas. >4. Why do you need to install cardmod.h winscard.h, but are needed >only for compilation, right? Yes, it need to be changed. >5. Why do you need -I$(top_srcdir)/src/common? Again need to be changed. >6. Please put opensccm.reg in DATA. >7. As it is built only for Windows, you don't need to add LIBADD+=, >SOURCES+= etc... For cross building I think that is needed. >8. I am not sure we want to actually install testcsp. And if we want >we should use a different distinct name for executable. Yes this can be keep uninstalled, just build for testing. François. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Opensc minidriver for base csp.
> >> +// THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF >ANY >> +// KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE >> +// IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A >PARTICULAR >> +// PURPOSE. > >I don't see any reason why we are allowed to use it > >The licence text also contains: >+// Copyright (C) Microsoft Corporation. All Rights Reserved. > >Note the "All Rights Reserved.". So unless the 4 fundamental rights >(use, study, redistribute, improve) are not _explicitly_ given they >are not given at all. > >Please do not add such a file in an OpenSC project. Perhaps in doubts an "internal-cardmod.h" should be the best solution. François. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Opensc minidriver for base csp.
>we could define some new structure with reader parameters to be passed >as third argument and store the values there. still a hack, but I wonder >if that would be cleaner than using the config file code as transport. > >not sure, what does everyone else think? Ok, I see now what you mean. >I saw this >+ BYTE modulus[1024/8]; >and thought it would limit the code to 1024 byte keys maybe? Yes it is why I replace PUBKEYSTRUCT with PUBKEYSTRUCT_BASE and dynamically allocate memory for the key.. I need to remove PUBKEYSTRUCT. >> I've in mind to generate this file like it done with opensc-install.bat. I >> think it will be necessary if we want to manage all opensc card since you >> have to provide this for each atr card. > >ah. can you document in README maybe what registry keys are necessary? >or maybe better a wiki page about the new baseCSP mini driver, >so we have all the information in that central place. > >I guess people will want to customize / configure this, or for debugging >will need to check if some other driver claimed some atr opensc wants to >claim too. > Yes it will be necessary for a clean release. François. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Opensc minidriver for base csp.
Am Montag 12 Oktober 2009 08:45:42 schrieb François Leblanc: > Hi Andreas, > > Thank you for your comments, > > >things come to my mind: > >* add a few comments where the new pcsc_card and pcsc_ctx are looked at, > > so people know "ah, the basecsp with pcsc connection given to us". > > also do you need the config file code for testing? if not, we could > > drop it (or is there a useful way to do that? I guess thoe variables > > contains a pointer, so a config file entry seems pointless to me). > > For pcsc_card and pcsc_ctx contains pointer it's right. Sorry I don't see > what you mean with " do you need the config file code for testing?". I > guess for the first point that you mean comments about where come the > value of pcsc_card and pcsc_ctx it is? If so you're right. you know those new values before your initialize them. and you need those values in the code to initialize pcsc reader driver. currently you have a mixed implementation: the structure sc_context_param_t gets extended to contain those new parameters. we could extend the context structure, so we can copy the parameters in there, and pcsc_init would have them via the normal call chain. or we could add extra parameters thoughout the call chain, to pass them that way. or - like you implement - find some dynamic structure that is both available when the context is created and later when those values are used, so they are stored there and later retriev by pcsc_init from that location. you used this mechanism with the config file code. so I wonder if it that is the best option, or if we shouldn't use some other way, maybe place the values in context structure, or extend the call chain to pass extra parameters / extend the structures already passed. the call chain is: int sc_context_create(sc_context_t **ctx_out, const sc_context_param_t *parm) sc_context_param already extended for the new values static int load_reader_drivers(sc_context_t *ctx, struct _sc_ctx_options *opts) _sc_ctx_otions could be extended too, to carry these options driver->ops->init(ctx, &ctx->reader_drv_data[i]); static int pcsc_init(sc_context_t *ctx, void **reader_data) has only the context and the reader_data from config file. we could define some new structure with reader parameters to be passed as third argument and store the values there. still a hack, but I wonder if that would be cleaner than using the config file code as transport. not sure, what does everyone else think? > >* the code is hard coded to 1024bit rsa? is that a basecsp requirement? > > No, I probably let some reference to 1024bit somewhere is why you think > that but is available for more than 1024bit key length. I saw this + BYTE modulus[1024/8]; and thought it would limit the code to 1024 byte keys maybe? > I've in mind to generate this file like it done with opensc-install.bat. I > think it will be necessary if we want to manage all opensc card since you > have to provide this for each atr card. ah. can you document in README maybe what registry keys are necessary? or maybe better a wiki page about the new baseCSP mini driver, so we have all the information in that central place. I guess people will want to customize / configure this, or for debugging will need to check if some other driver claimed some atr opensc wants to claim too. thanks for your great work! Regards, Andreas ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Opensc minidriver for base csp.
2009/10/12 Alon Bar-Lev : > I don't see any reason why we cannot use this... > > +// THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY > +// KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE > +// IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR > +// PURPOSE. I don't see any reason why we are allowed to use it The licence text also contains: +// Copyright (C) Microsoft Corporation. All Rights Reserved. Note the "All Rights Reserved.". So unless the 4 fundamental rights (use, study, redistribute, improve) are not _explicitly_ given they are not given at all. Please do not add such a file in an OpenSC project. Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Opensc minidriver for base csp.
I don't see any reason why we cannot use this... +// THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY +// KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE +// IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR +// PURPOSE. On Mon, Oct 12, 2009 at 9:58 AM, Kalev Lember wrote: > > On 10/12/2009 09:45 AM, François Leblanc wrote: > >> * we need to check copyright situation with the cardmod.h file and maybe > >> you used some template or similar for the ccm? then we need to give > >> proper reference etc. a few other files need a copyright header too. > >> > > > > Yes absolutely. The "cardmod.h" copyright need some attention. For opensccm > > prototypes come from the cardmod.h. > > "cardmod.h" is part of Microsoft CNG SDK [1]. I suppose instead of > redistributing the header, it would be better to require that the CNG > SDK msi is installed at the build machines. I haven't investigated the > header's copyright, but I doubt it has a free license. However, removing > the header also has a drawback: it makes cross compiling with mingw harder. > > [1] > http://www.microsoft.com/downloads/details.aspx?FamilyId=1EF399E9-B018-49DB-A98B-0CED7CB8FF6F&displaylang=en > > -- > Kalev Lember > ___ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Opensc minidriver for base csp.
On 10/12/2009 09:45 AM, François Leblanc wrote: >> * we need to check copyright situation with the cardmod.h file and maybe >> you used some template or similar for the ccm? then we need to give >> proper reference etc. a few other files need a copyright header too. >> > > Yes absolutely. The "cardmod.h" copyright need some attention. For opensccm > prototypes come from the cardmod.h. "cardmod.h" is part of Microsoft CNG SDK [1]. I suppose instead of redistributing the header, it would be better to require that the CNG SDK msi is installed at the build machines. I haven't investigated the header's copyright, but I doubt it has a free license. However, removing the header also has a drawback: it makes cross compiling with mingw harder. [1] http://www.microsoft.com/downloads/details.aspx?FamilyId=1EF399E9-B018-49DB-A98B-0CED7CB8FF6F&displaylang=en -- Kalev Lember ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Opensc minidriver for base csp.
Hi Andreas, Thank you for your comments, > >things come to my mind: >* add a few comments where the new pcsc_card and pcsc_ctx are looked at, > so people know "ah, the basecsp with pcsc connection given to us". > also do you need the config file code for testing? if not, we could > drop it (or is there a useful way to do that? I guess thoe variables > contains a pointer, so a config file entry seems pointless to me). For pcsc_card and pcsc_ctx contains pointer it's right. Sorry I don't see what you mean with " do you need the config file code for testing?". I guess for the first point that you mean comments about where come the value of pcsc_card and pcsc_ctx it is? If so you're right. > >* the code is hard coded to 1024bit rsa? is that a basecsp requirement? No, I probably let some reference to 1024bit somewhere is why you think that but is available for more than 1024bit key length. > >* the reg file is a binary? I thought you could have those as plain text > also, maybe only a conversion or so is needed? I've in mind to generate this file like it done with opensc-install.bat. I think it will be necessary if we want to manage all opensc card since you have to provide this for each atr card. >* we need to check copyright situation with the cardmod.h file and maybe > you used some template or similar for the ccm? then we need to give > proper reference etc. a few other files need a copyright header too. > Yes absolutely. The "cardmod.h" copyright need some attention. For opensccm prototypes come from the cardmod.h. >* we will need to up the library version because of the modified structure. > but we will need to do that for 0.12.* anyway. > >so only few minor things, in total it looks great, and having a native >CM for opensc so it can be used with normal windows apps would be great! Thank you, I like the idea using native windows apps with opensc too, but there are still some work to do and test. > >Regards, Andreas >p.s. I don't have a windows machine here myself, so I can't test/play with >it. For next two month I'm not sure to have time to work on this... It will slower the development. François. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Opensc minidriver for base csp.
Build issues: 1. You don't need to check in versioninfo.rc 2. I don't understand the empty winscard.h 3. If not absolutely required, put opensccm.reg in ANSI format so we can edit it easily in other platforms. UCS-2 is difficult to maintain. 4. Why do you need to install cardmod.h winscard.h, but are needed only for compilation, right? 5. Why do you need -I$(top_srcdir)/src/common? 6. Please put opensccm.reg in DATA. 7. As it is built only for Windows, you don't need to add LIBADD+=, SOURCES+= etc... 8. I am not sure we want to actually install testcsp. And if we want we should use a different distinct name for executable. Thanks! 2009/10/8 François Leblanc > > Hi, > > > I've joined a patch to build a windows minidriver useable with basecsp. > > > This patch produce a dll named "opensccm.dll" (only for window of course) and > a binary testcsp.exe > > You have to change "atr" value and put yours on "opensccm.reg" before to > register. > > > > I've successfully hav 1. We finally have one application out of two working > the UDI application.By the end of this day around 15:00 o'clock application > started to work. 2. We still don't know how to generate a meaningful transactions to that application, hopefully we will do that on Monday. meantime take a look on the screen shot attached, it is just few click that I did. 3. Attached is a screen shot of topology map. one branch is ISR and the other is UDI. 4. ISR application main flow is still broken.I can login to the application but while I try to create portfolio it gives me an error. it is for sure an applicative problem that hopefully will be fixed soon. 5. As a result we didn't run the stress test yet. 6. Bijan and Russel are fully dedicated to us and they are doing the best they can to make things work but the problem is that you have to find the right person that know how to fix the problem and also has time to fix it, that is not easy at all. 7. We have a status meeting with Bijan and Russ on Monday and also a mini training on Tuesday.e certificates in user store of windows and reach secure web site with "vista" > > And under "XP" I've only made signature (testcsp.exe) since certificates are > not put on windows > > store... (don't know why). On Windows XP you have to had "basecsp" support > KB909520 > > > > This code is not finished, is just for whose are interesting to play with > it... and help > > > There are some functionalities to add before to have a basic module: > > * Read file log name in register > * Read log level in register too, add log level to all fprintf > * Build "opensccm.reg" instead of fixed one > * ... > > > There are some functionalities to improve or change: > > * Extra parameters in call of sc_context_create > * links between private keys and certificates > * ... > > > There are many functions waiting to be complete, but for the basic use this > functions aren't necessary. > > > Thank for comments (please until "maybe" an official first release forget > comment about coding style... this will be correct later) > > > François. > > > ___ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Opensc minidriver for base csp.
Hi, wow, nice work! things come to my mind: * add a few comments where the new pcsc_card and pcsc_ctx are looked at, so people know "ah, the basecsp with pcsc connection given to us". also do you need the config file code for testing? if not, we could drop it (or is there a useful way to do that? I guess thoe variables contains a pointer, so a config file entry seems pointless to me). * the code is hard coded to 1024bit rsa? is that a basecsp requirement? * the reg file is a binary? I thought you could have those as plain text also, maybe only a conversion or so is needed? * we need to check copyright situation with the cardmod.h file and maybe you used some template or similar for the ccm? then we need to give proper reference etc. a few other files need a copyright header too. * we will need to up the library version because of the modified structure. but we will need to do that for 0.12.* anyway. so only few minor things, in total it looks great, and having a native CM for opensc so it can be used with normal windows apps would be great! Regards, Andreas p.s. I don't have a windows machine here myself, so I can't test/play with it. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Opensc minidriver for base csp.
Hi, I've joined a patch to build a windows minidriver useable with basecsp. This patch produce a dll named "opensccm.dll" (only for window of course) and a binary testcsp.exe You have to change "atr" value and put yours on "opensccm.reg" before to register. I've successfully have certificates in user store of windows and reach secure web site with "vista" And under "XP" I've only made signature (testcsp.exe) since certificates are not put on windows store... (don't know why). On Windows XP you have to had "basecsp" support KB909520 This code is not finished, is just for whose are interesting to play with it... and help There are some functionalities to add before to have a basic module: * Read file log name in register * Read log level in register too, add log level to all fprintf * Build "opensccm.reg" instead of fixed one * ... There are some functionalities to improve or change: * Extra parameters in call of sc_context_create * links between private keys and certificates * ... There are many functions waiting to be complete, but for the basic use this functions aren't necessary. Thank for comments (please until "maybe" an official first release forget comment about coding style... this will be correct later) François. opensccm_trunk.patch.tar.gz Description: opensccm_trunk.patch.tar.gz ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
