Hello, Le 30/06/2012 00:25, Frank Morgner a écrit : > I have some more questions on the SM implementations of OpenSC, that I > could not find a quick answer in the source code: > > 1. In struct sm_secure_channel, what is the difference between the > keyset and the session? The GP/CWA structures of keysets and sessions > all hold cryptographic keys.
Session keys are the result of mutual authentication and are calculated by both sides (IFD and ICC) that share (or trust) some common secret. Keyset are static symmetric key(s), shared by both sides, and that are used to calculate session keys in the case of symmetric authentication scheme. In GP and CWA the keysets have a different look: three parts in GP, two parts in CWA. GP keysets can be presented to application as direct values, or as a 'master' key that needs to be 'diversified'. > 2. Which roles play host_challenge and card_challenge in struct > sm_secure_channel? AFAIK, an SM channel does not depend on a nonce. > What do you mean 'SM channel'? ICC and IFD challenges are used by both sides to calculate session keys. Both sides exchange these values during the authentication negotiation. > 3. Have you thought about unifying struct sm_module_operations and > struct sm_card_operations? The operations open/initialize, > get_sm_apdu/get_apdus, close/finalize essentially seem to do the > same. The difference is in prototypes, in data types, in 'context'. Caller and executor of the sm_card_operation handlers share a lot of common data via the 'sc_card' data, including the common SM session. The data of the only one APDU is exchanged. The module is 'session-less' -- every handle call needs all necessary data to re-calculate session key, restore SM context, etc. Module can return chained data of multiple APDUs . Kind regards, Viktor. > > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
