Le 05/05/2012 07:14, Nguyễn Hồng Quân a écrit :
> Thanks Viktor,
>
> I found the defect at the function pgp_get_blob() in card-openpgp.c.
> There are lines:
>
> if (child->id == id) {
> (void) pgp_read_blob(card, child);
> *ret = child;
> return SC_SUCCESS;
>
> The problem is either:
> 1. The child blob does not exist, but there still exists its ID.
> 2. The result of pgp_read_blob(card, child) is not checked.
>
> This function is called by file_select and because it returns SUCCESS,
> it makes file_select SUCCESS although the blob does not exist.
>
> I think fixing 1 is better. What do you think? (Or the ID is
> pre-defined?)
>
> I'm new (and this driver was not written by me), so I'm grateful to
> receive your guidance.
First of all,
I do not know openpgp card and do not have this card to make the tests.
Afaiu, the 'child' and it's 'ID' are the openpgp specific features that do not
have any relation to the 7816 standards.
They has to be hidden from the common OpenSC library part by the openpgp card's
driver.
The authors of openpgp driver could explain better,
by from my point of view,
if the blob cannot be read, pgp_select() has to return 'file-not-found' or
other error.
In any case with such openpgp internal errors there is no possibility to return
a valid FCP/FCI and valid file length.
Looking onto the code I suppose that the FCP returned by pgp_select(public-key)
belongs in fact to MF (or intermediate DF).
That's for, in my previous mail, I asked you
what are the 'type' and 'ef-structure' of the sc_file data returned by
'successful' pgp_select() ?
> On Fri 04 May 2012 08:18:58 PM ICT, Viktor Tarasov wrote:
>> Hello Nguyễn,
>>
>>
>> On Fri, May 4, 2012 at 12:04 PM, Nguyễn Hồng Quân <quanngu...@mbm.vn
>> <mailto:quanngu...@mbm.vn>> wrote:
>>
>> The case in this log is that the card is not initialised. It contains
>> no key. That is the reason why
>> the blob read failed, the file length is zero, the read binary
>> returned
>> zero and final, a key with zero length modulus.
>>
>> I think what behavior for this case is conventional. When the card
>> contains no key, should OpenSC:
>> - return error
>> - see it normal and notify: "No key"
>> - see it normal and notify: Valid key with zero attributes (modulus
>> length if pubkey).
>>
>>
>> It's not going about the key files
>> but about the openpgp specific select_file() method.
>>
>> Without longly looking into specifications, let us postulate -- valid
>> 'selectable' EF should have length more then zero.
>> With this rule, your select_file(EF) procedure should not return
>> SUCCESS if it cannot get valid FCP and file length.
>>
>> By the way,
>> what are the 'type' and 'ef_structure' of the sc_file data returned by
>> this 'select' ?
>>
>> To resume,
>> as for me it should be case 'return error'.
> --
> Regards,
> Quân
>
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
