[opensc-devel] patch
A little patch is attached. This one adds two lines to card-akis.c (mark supported padding and a comment), and fixes some typos in two other files. Please apply before the release. Index: src/libopensc/card-akis.c === --- src/libopensc/card-akis.c (revision 3256) +++ src/libopensc/card-akis.c (working copy) @@ -62,7 +62,7 @@ card->name = "AKIS"; card->cla = 0x00; - flags = SC_ALGORITHM_RSA_RAW; + flags = SC_ALGORITHM_RSA_RAW | SC_ALGORITHM_RSA_PAD_PKCS1; _sc_card_add_rsa_alg(card, 2048, flags, 0); return 0; @@ -495,7 +495,7 @@ // append_record: Untested // update_record: Untested akis_ops.select_file = akis_select_file; - // get_response: Untested + // get_response: ISO7816 implementation works // get_challenge: ISO7816 implementation works // restore_security_env: Untested akis_ops.set_security_env = akis_set_security_env; Index: src/libopensc/types.h === --- src/libopensc/types.h (revision 3256) +++ src/libopensc/types.h (working copy) @@ -37,7 +37,7 @@ #define SC_PATH_TYPE_DF_NAME 1 #define SC_PATH_TYPE_PATH 2 #define SC_PATH_TYPE_PATH_PROT 3 /* path of a file containing - EnveleopedData objects */ + EnvelopedData objects */ #define SC_PATH_TYPE_FROM_CURRENT 4 #define SC_PATH_TYPE_PARENT 5 Index: src/libopensc/apdu.c === --- src/libopensc/apdu.c (revision 3256) +++ src/libopensc/apdu.c (working copy) @@ -332,7 +332,7 @@ error: sc_error(card->ctx, "Invalid Case %d %s APDU:\n" "cse=%02x cla=%02x ins=%02x p1=%02x p2=%02x lc=%lu le=%lu\n" - "resp=%p resplen=%lu data=%p datelen=%lu", + "resp=%p resplen=%lu data=%p datalen=%lu", apdu->cse & SC_APDU_SHORT_MASK, (apdu->cse & SC_APDU_EXT) != 0 ? "extended" : "short", apdu->cse, apdu->cla, apdu->ins, apdu->p1, apdu->p2, ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] tcos encipherment
Hello!
I try to decrypt ciphertext with Deutsche Post card (tcos).
ATR: 3B BA 96 00 81 31 86 5D 00 64 05 7B 02 03 31 80 90 00 7D.
Data encrypted by RSA, using OpenSSL with public key of Deutsche Post
certificate.
On decryption operation I have error on ADPU:
...
transmitted: 00 22 C1 B8 03 84 01 80
received: 90 00
transmitted:
00 2A 80 86 81 81 5C C6 FA 52 75 C8 F4 21 6D 7D FA AB 17 AA 17 CE C8 30 2B 5D
AC 54 09 F5 74 66 0C 4B 19 38 74 78 DA 5A 23 5A 01 C9 A3 81 78 32 A8 B4 87 24
30 AB 28 80 97 35 EF 9E EE 50 6A 6D BF F3 90 EC 50 8A 69 8E 8E C2 AB 20 6D DC
3A DF FD 3A C6 5F 84 9C 4F C9 99 8F 5E 8B D1 1C 3F 3B 50 C8 4F C3 CD 30 97 98
3C 1C CB 55 53 1E ED 16 24 FD 3C 0C 32 39 B2 0E EC 6A 2D A9 7B 27 AC 4D BD C1
63 E0 57 6A 80
received: 69 88 ("SM data objects incorrect")
...
What does it mean?
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Testing OpenSC-0.11.4-rc1 with cardos-PrimeCard
Nils Larsch wrote: > Douglas E. Engert wrote: >> >> Lars Silvén wrote: >>> Douglas, >>> >>> You got to have a reader capable of "extended APDU". >>> Then no chaining is needed since the commands may exceed 256 bytes. >> >> Well what if I don't have a reader that is capable of extended APDU, > > buy another one ? Ubuntu 7.04 with the distributed libpcsclite-1.3.3-1 and ccid-1.2.1ubuntu1 and Solaris 10 with compiled pcsc-lite-1.4.4 and ccid-1.3.0 both now do the extended ADPU with the PrimeCard and opensc-0.11.4-rc1 The issue appears to have been with the older versions of the ccid driver distributed with the previous version of Ubuntu. > >> can the card do chaining in some other way? > > afaik no > >> Looking at card.c:sc_detect_apdu_cse there is no check if the reader >> is capable of extended APDU should there be? > > is there a reliable way to detect this ? I think with the CCID there is some, but I don't know if PCSC or OpenCT can pass that back to to OpenSC. > > Nils > > -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Testing OpenSC-0.11.4-rc1 with cardos-PrimeCard
2007/8/22, Douglas E. Engert <[EMAIL PROTECTED]>: > Nils Larsch wrote: > > Douglas E. Engert wrote: > >> Looking at card.c:sc_detect_apdu_cse there is no check if the reader > >> is capable of extended APDU should there be? > > > > is there a reliable way to detect this ? > > I think with the CCID there is some, but I don't know if PCSC > or OpenCT can pass that back to to OpenSC. My CCID driver does not provide this information. After reading the "list" of possible attributes [1] I do not find something that could match what we need. Maybe we could use a "proprietary" tag like SCARD_ATTR_MAX_APDU_SIZE. That would somewhat duplicate SCARD_ATTR_MAXINPUT used by my CCID driver to report the maximum length of a command (used in T=0). I don't know if anybody already used SCARD_ATTR_MAXINPUT. bye [1] http://msdn2.microsoft.com/en-us/library/aa379559.aspx -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] new opensc 0.11.4-rc1 release candidate availableHi,
On Tuesday 21 August 2007 02:47:56 Peter Stuge wrote: > On Mon, Aug 20, 2007 at 10:21:35PM +0200, Andreas Jellinghaus wrote: > > forgot to update the windows version files! > > Can I help make releases more automated so there's only one big > button to push? > > What would need to be done? I don't know if you can hook into "distcheck" but it would be nice to have an automated test that compares configure version and src/include/version.h and win32/Make.rules (IIRC the exact file names are in "ReleaseHowto" wiki page). testing is good enoug, and failing if they differ. the problem isn't that I can't change them manually, it is that I forget, so a reminder script would be great. and since I run "make distcheck", maybe we can interface there or in some other make target (does automake have a "make test" target? that would be a good choice too). thanks for your offer to help! Regards, Andreas ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] tickets
I have added two tickets: https://www.opensc-project.org/opensc/ticket/157 https://www.opensc-project.org/opensc/ticket/158 Is it a good idea for us non-developers to add tickets. Or it is a better idea to send a mail to this list with the problem and let a developer ticket the issue. Anyway I could have a look at 157 myself and try to find a solution. But it should be easier for me if someone could suggest which files that will be affected. 158 is just removal of some lines. I would appreciate if this could be fixed in the next 0.11.4 release if you agree that the test could be removed. Best Regards, Lars ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] new opensc 0.11.4-rc1 release candidate availableHi,
On Wed, Aug 22, 2007 at 08:41:36PM +0200, Andreas Jellinghaus wrote:
> > Can I help make releases more automated so there's only one big
> > button to push?
>
> I don't know if you can hook into "distcheck" but it would be nice
> to have an automated test that compares configure version and
> src/include/version.h and win32/Make.rules (IIRC the exact file
> names are in "ReleaseHowto" wiki page). testing is good enoug,
> and failing if they differ.
So, here's a hacky distcheck-hook patch for Makefile.am.
I've only tested it standalone so far, not with a full autoreconf +
configure + make distcheck run.
//Peter
--- Makefile.am.orig2007-08-22 21:52:06.0 +0200
+++ Makefile.am 2007-08-22 21:52:14.0 +0200
@@ -18,3 +18,15 @@
AUTOMAKE_OPTIONS = foreign 1.5
ACLOCAL_AMFLAGS = -I aclocal
+
+distcheck-hook:
+ @eval $$(sed -e '/^PACKAGE_VERSION=/!d' -e 's,^,configure_,'
configure); \
+ eval $$(sed -e '/^ \(FILE\|PRODUCT\)VERSION /!d' -e 's,^ ,version_rc_,'
-e 's, ,=,' -e 's/,/./g' win32/version.rc); \
+ eval $$(sed -e '/^#define VERSION /!d' -e 's,^#define ,winconfig_h_,'
-e 's, ,=,' src/include/winconfig.h); \
+ err=$$( \
+ test "$${configure_PACKAGE_VERSION}.0" =
"$${version_rc_FILEVERSION}" || echo "configure PACKAGE_VERSION
$${configure_PACKAGE_VERSION} != win32/version.rc FILEVERSION
$${version_rc_FILEVERSION}"; \
+ test "$${configure_PACKAGE_VERSION}.0" =
"$${version_rc_PRODUCTVERSION}" || echo "configure PACKAGE_VERSION
$${configure_PACKAGE_VERSION} != win32/version.rc PRODUCTVERSION
$${version_rc_PRODUCTVERSION}"; \
+ test "$${configure_PACKAGE_VERSION}" =
"$${winconfig_h_VERSION}" || echo "configure PACKAGE_VERSION
$${configure_PACKAGE_VERSION} != src/include/winconfig.h VERSION
$${winconfig_h_VERSION}"; \
+ ); \
+ echo "$${err}"; \
+ test -z "$${err}"
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] tickets
On Wed, Aug 22, 2007 at 09:30:07PM +0200, Lars Silvén wrote: > I have added two tickets: > https://www.opensc-project.org/opensc/ticket/157 > https://www.opensc-project.org/opensc/ticket/158 Thanks! > Is it a good idea for us non-developers to add tickets. Yes, by all means! > Or it is a better idea to send a mail to this list with the problem > and let a developer ticket the issue. No, please do add all bugs you find to trac. > Anyway I could have a look at 157 myself and try to find a > solution. But it should be easier for me if someone could suggest > which files that will be affected. If this is a requirement of PKCS#15 I don't think the bug cares about p11 or whatever else is using OpenSC - it's a bug in OpenSC proper. > 158 is just removal of some lines. I would appreciate if this could > be fixed in the next 0.11.4 release if you agree that the test > could be removed. I don't know the details of this one. Can you find the rev that added it? //Peter ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] new opensc 0.11.4-rc1 release candidate availableHi,
On Wed, Aug 22, 2007 at 09:57:15PM +0200, Peter Stuge wrote: > > I don't know if you can hook into "distcheck" but it would be > > nice to have an automated test that compares configure version > > and src/include/version.h and win32/Make.rules (IIRC the exact > > file names are in "ReleaseHowto" wiki page). I seem to have lost my wiki login and which email address I used to register. Could you please reset my password? (Account name stuge) I wanted to update the ReleaseHowto page, it's not winversion.h but winconfig.h > So, here's a hacky distcheck-hook patch for Makefile.am. > > I've only tested it standalone so far, not with a full autoreconf + > configure + make distcheck run. Ok, now I've tested unpack, patch, sh boostrap, ./configure, make distcheck and the patch does work properly here. > +distcheck-hook: > + @eval $$(sed -e '/^PACKAGE_VERSION=/!d' -e 's,^,configure_,' > configure); \ You may want to remove the @ here to show the command, but it's pretty ugly.. :p //Peter ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] tickets
Peter Stuge wrote: > > I don't know the details of this one. Can you find the rev that added > it? The check has probably been at the current location for a very long time. Before when the function sc_pkcs15_decipher was not used when signing it didn't harm to have this check. But now we can not have it since this function is sometimes used when signing. The check could be done before calling sc_pkcs15_decipher when a decipher is done. But I think the check is better removed. If a application wants to try to use a key for a purpose it is not intended for it should not be stopped by opensc. //Lars ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
