Re: [opensc-devel] emulation dll for DNIe
On Tue, 2011-02-08 at 03:16 +0100, Juan Antonio Martinez wrote: > El lun, 07-02-2011 a las 23:58 +0100, Andre Zepezauer escribió: > > On Fri, 2011-02-04 at 23:31 +0100, Juan Antonio Martinez wrote: > > > About visibility of certificates and keys patch, notice that > > > DNIe requires the user to enter pin for just read (neither > > > signature nor authentication) user certificates. It's not > > > standard, I know, but seems to be a very common issue in > > > some cards > > > > I didn't know that, but it's addressed in the attached patch. > > Worked fine. Applied. Thanks (again :-) > Also, problems with DODF addressed files have gone away > > FYI: DNIe driver is in the final testing stage. Just hunting > the last wild pointer (well, "Buffer too small" bug ) in > dnie_compute_signature()... Please provide full logs! ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] emulation dll for DNIe
El lun, 07-02-2011 a las 23:58 +0100, Andre Zepezauer escribió: > On Fri, 2011-02-04 at 23:31 +0100, Juan Antonio Martinez wrote: > > About visibility of certificates and keys patch, notice that > > DNIe requires the user to enter pin for just read (neither > > signature nor authentication) user certificates. It's not > > standard, I know, but seems to be a very common issue in > > some cards > > I didn't know that, but it's addressed in the attached patch. Worked fine. Applied. Thanks (again :-) Also, problems with DODF addressed files have gone away FYI: DNIe driver is in the final testing stage. Just hunting the last wild pointer (well, "Buffer too small" bug ) in dnie_compute_signature()... Cheers Juan Antonio smime.p7s Description: S/MIME cryptographic signature ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] emulation dll for DNIe
On Fri, 2011-02-04 at 23:31 +0100, Juan Antonio Martinez wrote:
> About visibility of certificates and keys patch, notice that
> DNIe requires the user to enter pin for just read (neither
> signature nor authentication) user certificates. It's not
> standard, I know, but seems to be a very common issue in
> some cards
I didn't know that, but it's addressed in the attached patch.
Index: src/libopensc/pkcs15-dnie.c
===
--- src/libopensc/pkcs15-dnie.c (revision 223)
+++ src/libopensc/pkcs15-dnie.c (working copy)
@@ -195,22 +195,12 @@
/* Perform required fixes */
p15_obj = p15card->obj_list;
while (p15_obj != NULL) {
- /* Add 'auth_id' to private keys */
- if ((p15_obj->type & SC_PKCS15_TYPE_CLASS_MASK) == SC_PKCS15_TYPE_PRKEY) {
+ /* Add missing 'auth_id' to private objects */
+ if ((p15_obj->flags & SC_PKCS15_CO_FLAG_PRIVATE) && (p15_obj->auth_id.len == 0)) {
p15_obj->auth_id.value[0] = 0x01;
p15_obj->auth_id.len = 1;
}
-#if 0
- /* Unset flags 'private, modifiable' on public keys */
- if ((p15_obj->type & SC_PKCS15_TYPE_CLASS_MASK) == SC_PKCS15_TYPE_PUBKEY) {
- p15_obj->flags &= ~(SC_PKCS15_CO_FLAG_PRIVATE | SC_PKCS15_CO_FLAG_MODIFIABLE);
- }
- /* Unset flags 'private, modifiable' on certificates */
- if ((p15_obj->type & SC_PKCS15_TYPE_CLASS_MASK) == SC_PKCS15_TYPE_CERT) {
- p15_obj->flags &= ~(SC_PKCS15_CO_FLAG_PRIVATE | SC_PKCS15_CO_FLAG_MODIFIABLE);
- }
-#endif
p15_obj = p15_obj->next;
}
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] emulation dll for DNIe
El jue, 03-02-2011 a las 23:58 +0100, Andre Zepezauer escribió: > There is a problem with reading of public keys and certificates. Try to > do it manually with opensc-explorer. If it fails with some error like > 'security status not satisfied' then you can login via: > "verify CHV1 31:32:33:34" (ID of PIN 1 and code is 1234) I finally found the bug: DNIe stores the certificates and keys in compressed format, and a wild pointer in the detect-and-uncompress code returned nonsense data Anyway, I still need path rewriting patch. When everything get working I'll need some indications on how to integrate your module into DNIe and OpenSC code (with proper copyright notices, of course) About visibility of certificates and keys patch, notice that DNIe requires the user to enter pin for just read (neither signature nor authentication) user certificates. It's not standard, I know, but seems to be a very common issue in some cards > > Ok. I'll add some debugging points, write dnie_list_files()... > > and go to sleep :-) (here in Spain is 00:16 am, too late for me) > > Why you need dnie_list_files()? To dump 3f0060817004 you can use: > cd 6081 > cat 7004 Yes, I know: it was a "no-cert-related-problem" pending task to allowed me a bit of "relax" :-). Btw ¿is there any standard apdu for listing files?. Some of OpenSC card drivers uses GetData apdu on DF files, some other uses propietary apdu's, and finally some others (as mine does) just dirty and slowly iterate and check every possible file id values... Thanks again for your help. Now I can restart work Juan Antonio smime.p7s Description: S/MIME cryptographic signature ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
