Subject: Re: More ADPU questions :) - msg#00168

Previous Message by Date: click to view message preview

Re: More ADPU questions :)

Sergio C wrote: ... 2.- I have traced a sign operation with my etoken pro, before the "Perform Security Operation" is called, we do a "Set Security Environment". At http://www.fsk.dk/cgi-bin/doc-show.cgi?theme_id=7471&doc_id=19286&doc_type=29&eftmenu=3#8.7. I have find a description of this APDU, but this doesn't match with what pkcs15-crypt send. I mean, the pkcs15-tool sends: 00 22 01 B6 03 83 01 10 that is the same as: CLA=00 INS=22 P1=01 P2=B6 Lc=03 DATA = 83 01 10 Le=NULL According with that url, P2=B6 -> Value of DST in data field. In data field I found 83 01 10, but this doesn't match with any description that I have find in that url. I'm a little frustrated with that, I can't find any resource that shows all the APDU descriptions (values for INS, P1, P2, ...). What reference do u usually use for that? Is there any full complete resource about that for cardos ? the cardos m4.* manuals of course. Mmm then I'm a little confused with the world of the APDUs :((( I thought that the APDU "Perform Security Operation" was part of the iso7816, that is... all the parameters are well defined by the iso, and they can't be changed by any specific smartcard. Translated to the example that I wrote, would not the CLA, INS, P1, P2, Lc, DATA, Le follow the iso? Are this specific APDU just only valid for the CardOS then? Sergio

Next Message by Date: click to view message preview

secure pin verify fails with pcsc reader (fix)

Hello, The latest opensc (svn) secure pin verify does not work at least with my fineid card and the Chipdrive/SPR532 reader. My setup is pcsclite 1.3.1 and libccid 1.0.1 driver in Linux (I installed just the debian packages). So I use the pcsc reader (I have not installed openct). However, there is some helpful code for testing the secure pin with the ccid and that works fine with my pindpad - so my card and reader should be sane. I made a dump of the pin verify block + VERIFY APDU in each case and the opensc seems to fail because of an invalid apdu. I checked out the opensc svn sources and made a small fix to the src/libopensc/reader-pcsc.c for myself: +++ my/src/libopensc/reader-pcsc.c 2006-04-26 19:40:26.000000000 +0300 @@ -911,6 +911,9 @@ /* Copy data if not Case 1 */ if (data->pin1.length_offset != 4) { + /* FIX:[2006-04-26/ms] Lc was not set -> invalid apdu! */ + pin_verify->abData[offset++] = apdu->datalen; + /* FIX: end */ memcpy(&pin_verify->abData[offset], apdu->data,apdu->datalen); offset += apdu->datalen; } With this change the pinpad verification works (for both pin1 and pin2). I have tested this with the src/tests/pintest and some other tools, also in the firefox browser. In firefox, however, the pkcs#11 module or something keeps asking the pin2 code several times although the authentication key needs only pin1. I try to figure that out later.

Previous Message by Thread: click to view message preview

Re: More ADPU questions :)

Sergio C wrote: ... 2.- I have traced a sign operation with my etoken pro, before the "Perform Security Operation" is called, we do a "Set Security Environment". At http://www.fsk.dk/cgi-bin/doc-show.cgi?theme_id=7471&doc_id=19286&doc_type=29&eftmenu=3#8.7. I have find a description of this APDU, but this doesn't match with what pkcs15-crypt send. I mean, the pkcs15-tool sends: 00 22 01 B6 03 83 01 10 that is the same as: CLA=00 INS=22 P1=01 P2=B6 Lc=03 DATA = 83 01 10 Le=NULL According with that url, P2=B6 -> Value of DST in data field. In data field I found 83 01 10, but this doesn't match with any description that I have find in that url. I'm a little frustrated with that, I can't find any resource that shows all the APDU descriptions (values for INS, P1, P2, ...). What reference do u usually use for that? Is there any full complete resource about that for cardos ? the cardos m4.* manuals of course. Mmm then I'm a little confused with the world of the APDUs :((( I thought that the APDU "Perform Security Operation" was part of the iso7816, that is... all the parameters are well defined by the iso, and they can't be changed by any specific smartcard. Translated to the example that I wrote, would not the CLA, INS, P1, P2, Lc, DATA, Le follow the iso? Are this specific APDU just only valid for the CardOS then? Sergio

Next Message by Thread: click to view message preview

Re: [opensc-commits] svn opensc changed [2895] no idea how to fix, at least document it.

webmaster@xxxxxxxxxxxxxxxxxx wrote: Revision: 2895 Author: aj Date: 2006-04-26 09:59:27 +0000 (Wed, 26 Apr 2006) Log Message: ----------- no idea how to fix, at least document it. Modified Paths: -------------- trunk/src/scconf/test-conf.c Modified: trunk/src/scconf/test-conf.c =================================================================== --- trunk/src/scconf/test-conf.c 2006-04-26 09:58:54 UTC (rev 2894) +++ trunk/src/scconf/test-conf.c 2006-04-26 09:59:27 UTC (rev 2895) @@ -158,6 +158,7 @@ scconf_list_add(&foo_list, "value3"); + /* FIXME: this will segfault as foo_item is NULL */ scconf_item_add(conf, foo_block, foo_item, SCCONF_ITEM_TYPE_COMMENT, NULL, "# comment1"); scconf_item_add(conf, foo_block, foo_item, SCCONF_ITEM_TYPE_VALUE, "list1", foo_list); foo_block = NULL; again ? btw: I still don't agree (see revision history). Cheers, Nils