Re: [opensc-devel] Misleading information about capabilities of readers
Hello Ludovic, Well I have been looking into this and have some issues with compiling the code. The CCID driver version from trunk requires pcsc-lite version 1.6.5, which I don't have, so I need to compile that too. We usually use only the versions that are distributed with ubuntu, which means that they are quite old. Have not compiled the pcsc-lite or CCID before. I'm having trouble finding the information on how to compile it. For the CCID driver I found it, but not for pcsc-lite. Kind regards, Toni > -Original Message- > From: Ludovic Rousseau [mailto:ludovic.rouss...@gmail.com] > Sent: 20. tammikuuta 2011 21:56 > To: Aventra > Cc: opensc-devel > Subject: Re: [opensc-devel] Misleading information about capabilities of > readers > > Hello "Aventra", > > I did not get any reply to my mail. > Does the patch works for you? > > Thanks > > 2011/1/13 Ludovic Rousseau : > > 2011/1/13 Aventra : > >> Hi, > >> > >> Sorry, a typo when doing logging... > >> Attached is a new log. > > > > Found the bug (I think). > > > > The CCID driver calculate a timeout accordings to the card ATR. In > > your case the timeout is 1428 ms rounded to 2 seconds. > > Log says: > > 0007 ifdhandler.c:791:IFDHSetProtocolParameters() Timeout: 2 seconds > > > > The same timeout is used by the reader and by the CCID driver. I think > > the CCID driver (libusb in fact) triggers its timeout just before the > > reader does. So the driver do not get the reader error message. > > > > Patch to try: > > in src/ifdhandler.c edit the function T1_card_timeout() (at the end of the > file) > > and replace > > return timeout; > > by > > return timeout+1; > > > > Then regenerate a log again. > > > > Thanks > > -- > Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Misleading information about capabilities of readers
2011/1/21 Aventra : > Hello Ludovic, > > Well I have been looking into this and have some issues with compiling the > code. > The CCID driver version from trunk requires pcsc-lite version 1.6.5, which I > don't have, so I need to compile that too. Why don't you patch the version of the driver you already use? > We usually use only the versions that are distributed with ubuntu, which > means that they are quite old. > Have not compiled the pcsc-lite or CCID before. Read http://ludovicrousseau.blogspot.com/2010/10/pcsc-lite-upgrade-and-ubuntu-special.html bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Proposed cardmod patch
Doug, Our implementation does not use any of the cardmod code. The modifications we require are: -The Flag needs to be added -Not detecting the readers if the flag is set Thanks, Brian Thomas -Original Message- From: Douglas E. Engert [mailto:deeng...@anl.gov] Sent: Thursday, January 20, 2011 4:11 PM To: Brian Thomas Cc: OpenSC-devel; François Leblanc; Martin Paljak Subject: Re: Proposed cardmod patch Brian, You still have not told us how you mini driver loads any of the OpenSC code. Does it use any of the cardmod code? I ask because the patch you need may be only part of what I proposed basicaly (2). I would like to ask Martin, as he had comments on the patch. On 1/20/2011 3:00 PM, Brian Thomas wrote: > Hello, > > We have confirmed this patch works for us. Good job! Question: what would it > take to get this patch committed to trunk and released officially? Perhaps > an OpenSC version 12.01? We are in dire need of this. > > Thanks, > Brian Thomas > > -Original Message- > From: Douglas E. Engert [mailto:deeng...@anl.gov] > Sent: Wednesday, January 19, 2011 5:47 PM > To: OpenSC-devel > Cc: Brian Thomas; François Leblanc > Subject: Proposed cardmod patch > > Attached is a patch to the cardmod code to do the following: > > (1) Fix an uninitialized stricture by by using calloc > in stead of malloc. With out this it was having problems > with checking the status on the reader. > > (2) Implement a change that this should work for Brian Thomas > that allows one to not detect the reader when creating > the sc_context. This uses the > SC_CONTEXT_PARAM_DONT_DETECT_READERS flag in the ctx_params > > (The more I think about this, this should be the default > to not detect the readers during the sc_create_ctx, as > a flag on opensc.conf could control this instead.) > > (3) Eliminate the storing of the SCARDCONTEXT and SCARDHANDLE > in the registry. Instead, cardmod.c will store them > in its VENDOR_SCPECIFIC structure, call sc_context_create > with the SC_CONTEXT_PARAM_DONT_DETECT_READERS flag set > in the ctx_params. It will then modify the ctx, > and then call sc_ctx_detect_readers that will call the > cardmod code in reader-pcsc.c that will use the SCARDCONTEXT > and SCARDHANDLE. > > I can get this to work in Vista with certutil -SCinfo, but there is some > issue as is says it can not open the key. I think this is an issue with using > a 39 character key container name and a constant for a serial number. > > It does not work with login or runas. This may be the same issue with after > reading the certificate, it is not registering the container so it can be > used later. > > The patch is against 0.12.0. and was built on Ubuntu. > > I would hope Brian and François could look this over to see if it should be > committed. > > -- Douglas E. Engert Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Proposed cardmod patch
On 1/21/2011 12:28 AM, Jean-Michel Pouré - GOOZE wrote: > Le jeudi 20 janvier 2011 à 15:44 -0600, Douglas E. Engert a écrit : >> I have gotten further today. > > Dear Douglas, > > You may look at MySmartLogon source code: > http://www.mysmartlogon.com/products/eidauthenticate.html > Thanks, I see they also have a card registration tool, that looks like it adds the ATR to the registry? > If the certs are valid, smartcard logon can be enabled. This tool can be > used to check certificates. I know the certificates are valid, the same card works on Windows7 using the Microsoft mini-driver. > You may read source code and contact the > authors who knows very well Windows logon issues. I would prefer at this time to not look at some other source code. > But I guess this is > mainly a container issue as you explained. It might also be an issue with the way the code is handle a request from the BaseCSP to find a specific certificate. > > Kind regards, -- Douglas E. Engert Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] New 0.12.1 release?
Hello, Two different people have recently asked on the ML about new opensc bug fix release. I would additionally like to add a third patch I'd like to see included in the release: r5112 EstonianEid: add new 2011 card ATR (18.01.2011+) Thanks, Kalev ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Proposed cardmod patch
Attached is the patch to just do (2) below. I believe that this is the part that Brian wants to not call sc_ctx_detect_readers Martin you had said you want to do this differently so I will leave this up to you as to weither this is commited or not. On 1/19/2011 5:46 PM, Douglas E. Engert wrote: Attached is a patch to the cardmod code to do the following: (1) Fix an uninitialized stricture by by using calloc in stead of malloc. With out this it was having problems with checking the status on the reader. (2) Implement a change that this should work for Brian Thomas that allows one to not detect the reader when creating the sc_context. This uses the SC_CONTEXT_PARAM_DONT_DETECT_READERS flag in the ctx_params (The more I think about this, this should be the default to not detect the readers during the sc_create_ctx, as a flag on opensc.conf could control this instead.) (3) Eliminate the storing of the SCARDCONTEXT and SCARDHANDLE in the registry. Instead, cardmod.c will store them in its VENDOR_SCPECIFIC structure, call sc_context_create with the SC_CONTEXT_PARAM_DONT_DETECT_READERS flag set in the ctx_params. It will then modify the ctx, and then call sc_ctx_detect_readers that will call the cardmod code in reader-pcsc.c that will use the SCARDCONTEXT and SCARDHANDLE. I can get this to work in Vista with certutil -SCinfo, but there is some issue as is says it can not open the key. I think this is an issue with using a 39 character key container name and a constant for a serial number. It does not work with login or runas. This may be the same issue with after reading the certificate, it is not registering the container so it can be used later. The patch is against 0.12.0. and was built on Ubuntu. I would hope Brian and François could look this over to see if it should be committed. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel -- Douglas E. Engert Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 Index: src/libopensc/ctx.c === --- src/libopensc/ctx.c (revision 5119) +++ src/libopensc/ctx.c (working copy) @@ -660,7 +660,8 @@ free(opts.forced_card_driver); } del_drvs(&opts); - sc_ctx_detect_readers(ctx); + if (parm == NULL || (parm->flags & SC_CONTEXT_PARAM_DONT_DETECT_READERS) == 0) + sc_ctx_detect_readers(ctx); *ctx_out = ctx; return SC_SUCCESS; } Index: src/libopensc/opensc.h === --- src/libopensc/opensc.h (revision 5119) +++ src/libopensc/opensc.h (working copy) @@ -676,6 +676,8 @@ */ int sc_establish_context(sc_context_t **ctx, const char *app_name); +#define SC_CONTEXT_PARAM_DONT_DETECT_READERS 0x0001 + /** * @struct sc_context_t initialization parameters * Structure to supply additional parameters, for example @@ -688,7 +690,6 @@ * dependend configuration data). If NULL the name "default" * will be used. */ const char*app_name; - /** flags, currently unused */ unsigned long flags; /** mutex functions to use (optional) */ sc_thread_context_t *thread_ctx; ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Proposed cardmod patch
Excellent! From my standpoint it is OK to commit. Thanks for your efforts! Brian Thomas -Original Message- From: Douglas E. Engert [mailto:deeng...@anl.gov] Sent: Friday, January 21, 2011 1:45 PM To: opensc-devel@lists.opensc-project.org; Brian Thomas; Martin Paljak Subject: Re: [opensc-devel] Proposed cardmod patch Attached is the patch to just do (2) below. I believe that this is the part that Brian wants to not call sc_ctx_detect_readers Martin you had said you want to do this differently so I will leave this up to you as to weither this is commited or not. On 1/19/2011 5:46 PM, Douglas E. Engert wrote: > Attached is a patch to the cardmod code to do the following: > > (1) Fix an uninitialized stricture by by using calloc in stead of > malloc. With out this it was having problems with checking the status > on the reader. > > (2) Implement a change that this should work for Brian Thomas that > allows one to not detect the reader when creating the sc_context. This > uses the SC_CONTEXT_PARAM_DONT_DETECT_READERS flag in the ctx_params > > (The more I think about this, this should be the default to not detect > the readers during the sc_create_ctx, as a flag on opensc.conf could > control this instead.) > > (3) Eliminate the storing of the SCARDCONTEXT and SCARDHANDLE in the > registry. Instead, cardmod.c will store them in its VENDOR_SCPECIFIC > structure, call sc_context_create with the > SC_CONTEXT_PARAM_DONT_DETECT_READERS flag set in the ctx_params. It > will then modify the ctx, and then call sc_ctx_detect_readers that > will call the cardmod code in reader-pcsc.c that will use the > SCARDCONTEXT and SCARDHANDLE. > > I can get this to work in Vista with certutil -SCinfo, but there is > some issue as is says it can not open the key. I think this is an > issue with using a 39 character key container name and a constant for > a serial number. > > It does not work with login or runas. This may be the same issue with > after reading the certificate, it is not registering the container so > it can be used later. > > The patch is against 0.12.0. and was built on Ubuntu. > > I would hope Brian and François could look this over to see if it > should be committed. > > > > > ___ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel -- Douglas E. Engert Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
