On Sun, Aug 15, 2010 at 13:45, Martin Paljak <mar...@paljak.pri.ee> wrote:
> Great! IMO that's good to go, I have only one small comment: > * Do I miss something or does the itacns_compute_signature -> > do_compute_signature chain translate almost 1:1 to iso7816_compute_signature > with an additional check in itacns_compute_signature ? > * The same seems to apply for itacns_decipher -> do_decipher and > iso7816_decipher That's entirely correct. :) I have double-checked, and I have removed the "custom" functions from card-itacns.c altogether. > iso7816.c should not be taken as a final, static code, if there are checks > missing from there, it is OK to improve iso7816.c as well :) I think that the checks already in place are all right. I guess that implementation quirks may arise if and when 2048-bit keys are supported, but currently I know of no CNS card with keys longer than 1024 bit, so it's safe for the time being. > I guess #237 would solve the problem almost cleanly for you. > > I remember a similar problem with Estonian ID card but after some digging in > the specs and card manual it turned out to be somewhat sensible (Maybe > something like 0x00 Le indicating "give me as much as you have", like in > deciphering comments) but I can't locate the details nor changesets about it > now. This was the right hint – I hadn't thought of that. :) Even though certainly no data is expected from the card when issuing a MSE command, I switched to a Case 2 APDU with Le = 0. The transmitted APDU is exactly the same (P3 set to 0), and I think that leaving room for a small buffer on the stack is a less ugly workaround than disabling the check logic in apdu.c. So the driver can live without #237 :) > javax.smartcardio also does APDU mangling and it is not possible to send such > APDU-s, as it eats away the final zero... Thanks for the heads up. It might be that I'm going to play with it in the future (Roberto Resoli graciously pointed me to the Mocca project[1]). I hope that the CommandAPDU(ByteBuffer apdu) form does not try to mangle the APDU, but I've never tried. The revised patch is now at http://www.opensc-project.org/opensc/attachment/ticket/177/itacns-patch4.diff , and I feel it addresses all points that have been brought up. Thanks! [1] http://mocca.egovlabs.gv.at/ -- Emanuele > > >> Thank you in advance for any comment/feedback. I'm looking forward to >> getting this into shape for integration in trunk. > > > [1] http://www.opensc-project.org/opensc/ticket/237 > -- > Martin Paljak > @martinpaljak.net > +3725156495 > > _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
