Re: [opensc-devel] anyone at cartes?
Le lundi 06 décembre 2010 à 19:13 +0100, Andreas Jellinghaus a écrit : > > Is anyone going to cartes? that is the biggest smart card exhibition > as far as I know, in paris 7.12. - 9.12., i.e. starting tomorrow. Sorry, I missed this email. GOOZE was at Cartes yesterday, on Feitian Booth, stand n°4J021. You can visit them for demo of the products. As we are now a full distributor, you will be soon able to buy any product on GOOZE.EU, at a good price. During these two days, I will be hanging around Carted. If you need to meet me, I will be glad. My phone number is +33(0)627875238. Kind regards, -- Jean-Michel Pouré - Gooze - http://www.gooze.eu ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Initial ECDSA modifications to OpenSC for use with PIV cards in OpenSC #295
Hello,
2010/11/30 Douglas E. Engert :
> On 11/29/2010 4:36 AM, Aleksey Samsonov wrote:
>> After fix it, I have fail in my tests with GOSTR (PKCS#11 C_Sign).
>> Unfortunately, I don't have logs now.
>
> One thing to look at:
>
> In pkcs15-sec.c in sc_pkcs15_compute_signature in the old code there
> is no mention of GOSTR3410, so I assumed it was RSA only. The old code
> had:
>
>
> - alg_info = sc_card_find_rsa_alg(p15card->card, prkey->modulus_length);
> - if (alg_info == NULL) {
> - sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Card does not support RSA with
> key length %d\n", prkey->modulus_length);
> - return SC_ERROR_NOT_SUPPORTED;
> - senv.algorithm = SC_ALGORITHM_RSA;
>
> If you card could support both RSA and GOSTR3410 (and card-rtecp.c
> supports both with keylength = 256) it might have passed the old test,
> and ignored the fact that senv.algorithm = SC_ALGORITHM_RSA.
>
> The new code does a switch(obj->type) and I only added RSA and EC.
> So adding something like:
>
> + case SC_PKCS15_TYPE_PRKEY_GOSTR3410:
> + modlen = prkey->modulus_length / 8;
> + alg_info = sc_card_find_gostr3410_alg(p15card->card,
> prkey->modulus_length);
> (A sc_card_find_gostr3410_alg routine is needed for this to work.)
> +
> + if (alg_info == NULL) {
> + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Card does not support
> GOSTR3410 key length %d\n", prkey->modulus_length);
> + return SC_ERROR_NOT_SUPPORTED;
> + }
> + senv.flags |= SC_SEC_ENV_ALG_PRESENT;
> + senv.algorithm = SC_ALGORITHM_RGOST3410;
> + break;
>
>>
>> I need a few days for detail review.
Sorry for the delay with answer. Thanks for the detail.
My tests are work with simple diff (I'm going to commit late in the evening):
diff --git a/src/pkcs11/mechanism.c b/src/pkcs11/mechanism.c
--- a/src/pkcs11/mechanism.c2010-12-08 15:24:09.040752899 +0300
+++ b/src/pkcs11/mechanism.c2010-12-08 15:27:17.294754645 +0300
@@ -460,7 +460,7 @@
case CKK_GOSTR3410:
rv =
key->ops->get_attribute(operation->session, key, &attr);
if (rv == CKR_OK)
- *pLength *= 2;
+ *pLength = (*pLength + 7) / 8 * 2;
break;
default:
rv = CKR_MECHANISM_INVALID;
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Initial ECDSA modifications to OpenSC for use with PIV cards in OpenSC #295
On 12/8/2010 6:36 AM, Aleksey Samsonov wrote:
> Hello,
>
> 2010/11/30 Douglas E. Engert:
>> On 11/29/2010 4:36 AM, Aleksey Samsonov wrote:
>>> After fix it, I have fail in my tests with GOSTR (PKCS#11 C_Sign).
>>> Unfortunately, I don't have logs now.
>>
>> One thing to look at:
>>
>> In pkcs15-sec.c in sc_pkcs15_compute_signature in the old code there
>> is no mention of GOSTR3410, so I assumed it was RSA only. The old code
>> had:
>>
>>
>> - alg_info = sc_card_find_rsa_alg(p15card->card, prkey->modulus_length);
>> - if (alg_info == NULL) {
>> - sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Card does not support RSA with
>> key length %d\n", prkey->modulus_length);
>> - return SC_ERROR_NOT_SUPPORTED;
>> -senv.algorithm = SC_ALGORITHM_RSA;
>>
>> If you card could support both RSA and GOSTR3410 (and card-rtecp.c
>> supports both with keylength = 256) it might have passed the old test,
>> and ignored the fact that senv.algorithm = SC_ALGORITHM_RSA.
>>
>> The new code does a switch(obj->type) and I only added RSA and EC.
>> So adding something like:
>>
>> + case SC_PKCS15_TYPE_PRKEY_GOSTR3410:
>> + modlen = prkey->modulus_length / 8;
>> + alg_info = sc_card_find_gostr3410_alg(p15card->card,
>> prkey->modulus_length);
>>(A sc_card_find_gostr3410_alg routine is needed for this to work.)
>> +
>> + if (alg_info == NULL) {
>> + sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Card does not support
>> GOSTR3410 key length %d\n", prkey->modulus_length);
>> + return SC_ERROR_NOT_SUPPORTED;
>> + }
>> + senv.flags |= SC_SEC_ENV_ALG_PRESENT;
>> + senv.algorithm = SC_ALGORITHM_RGOST3410;
>> + break;
>>
>>>
>>> I need a few days for detail review.
>
> Sorry for the delay with answer. Thanks for the detail.
> My tests are work with simple diff(I'm going to commit late in the evening):
>
> diff --git a/src/pkcs11/mechanism.c b/src/pkcs11/mechanism.c
> --- a/src/pkcs11/mechanism.c2010-12-08 15:24:09.040752899 +0300
> +++ b/src/pkcs11/mechanism.c2010-12-08 15:27:17.294754645 +0300
> @@ -460,7 +460,7 @@
> case CKK_GOSTR3410:
> rv =
> key->ops->get_attribute(operation->session, key,&attr);
> if (rv == CKR_OK)
> - *pLength *= 2;
> + *pLength = (*pLength + 7) / 8 * 2;
> break;
> default:
> rv = CKR_MECHANISM_INVALID;
>
>
Great for now. But in SVN pkcs15-sec.c:188,189:
187 switch (obj->type) {
188 /* FIXME -DEE GOSTR is misusing the sc_card_find_rsa_alg */
189 case SC_PKCS15_TYPE_PRKEY_GOSTR3410:
190 case SC_PKCS15_TYPE_PRKEY_RSA:
191 modlen = prkey->modulus_length / 8;
192 alg_info = sc_card_find_rsa_alg(p15card->card, prkey
This should be fixed sometime, as the GOSTR code is depending on
the RSA alg_info. But GOSTR should have sc_card_find_gostr_alg
and _sc_card_add_gostr_alg routines. In card-rtecp.c there are calls
to _sc_card_add_rsa_alg for 256, 512, 768, (look way to weak for RSA)
It look like they were added because pkcs15-sec.c:192 is only looking
at RSA. So in pkcs15-sec.c above, it is looking at the alg_info created
by the call at card-rtecp.c:73 _sc_card_add_rsa_alg(card, 256, flags, 0);
--
Douglas E. Engert
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] GOOZE discount and sales offer
> sells single pki cards starting at € > (10 cost > € each). jcop dual interface starting at 1***€. At GOOZE we are waiting for plenty of new products and we make very nice offers. I would like to make confirm: can we use the OpenSC mailing list to announce special offers. For example, we may offer a discount code to OpenSC members. Please make an announcement to make sure what is possible on the ML. IMHO, this was forbidden, thus we never offered such possibility. Kind regards, Jean-Michel POURE -- GOOZE - http://www.gooze.eu High quality cryptographic tools for GNU/Linux, Mac OS X and Windows including the FEITIAN PKI card POURE SASU - 17 rue Saint Jacques - 95160 Montmorency - France Tel : +33 (0)9 72 13 53 90 - Mobile : +33 (0)6 27 87 52 38 527 672 448 R.C.S. Pontoise - SIRET: 527 672 448 00018 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
