-
Notifications
You must be signed in to change notification settings - Fork 733
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unused SM_MODE_ACL #971
Comments
@frankmorgner: Your proposal actually seems to disable SM for those cards (if they rely on opensc.conf only for their sm_ctx.sm_mode) and gave rise to spot, that the mode = acl setting in opensc.conf doesn't get read/evaluated (opposed to evaluation for 'transmit'), but compensated by - in the sense of a default setting - (what You mentioned in the beginning): "... and sc_card_sm_load initializes card->sm_ctx.sm_mode to this value." |
Welcome to OpenSC! Is this the first time you're around? It's interesting, that you're caring for such an implementation detail. Are you using this flag in your SM module? Could you show what you're doing with it? |
@frankmorgner: Don't get me wrong! I don't object deleting SM_MODE_ACL, if OpenSC decides that way for good reasons, but I do object the title "Unused SM_MODE_ACL" and removal "en passant". You picked from my last comment exactly, what I don't consider an argument, leaving out any response about everything else I consider strong arguments (and leaving me surprised, that I wasn't able to convince in the first instance about what I consider an outright wrong #971, because this is true: (the probability ís high, that SM_MODE_ACL actually is NOT unused || You can not prove the contrary without extensive effort) Okay, one last trial: excerpt, all are comments: mode = transmit; Cheers, carblue |
Sorry for not being more attentively. I'm looking forward for more SM implementations since the whole SM framework still seems to be a moving target. In your response you seem to imply that the mode ACL means that SM calls should go to the SM module which then decides what or how to decrypt. This is not true. Whether and when the SM module is called (e.g. If your card driver uses this flag to configure the SM module then this should be a driver configuration, not a global configuration option (remember: currently there is no card driver or sm module known that uses this flag). I can imagine that this flag is used inside some proprietary SM module. This kind of configuration should be managed by the SM module in this case. It should not seep through to OpenSC. If I'm reading the SM module code correctly, the cards that currently use it, they are opening an SM channel directly after connecting to the card ( The configuration entries for using the ACL mode have never been used anyway, because All in all, removing the acl configuration from opensc.conf and the ACL flag should not change the behavior of any of the existing cards. It should not affect the local SM module. Both are not used anywhere in a meaningful way. None of the issues you pointed are applying, or, if I'm getting you wrong, please point me to it. |
Probably You are right, that it might be possible to remove SM_MODE_ACL without changing any semantic (or with few adaptions only required), but I doubt it's wise to do so. I did some work on the acos5_64 SM implementation (some weeks ago, but postponed finalization in favour of other tasks since I got SM basically working, a really heavy birth; I didn't yet go as far as implementing get_apdus or get_sm_apdu yet, thus I won't comment on that; I don't expect big problems at this level). When I go on finalizing the SM code, I intend to do it this way: Switch SM on/off (SM-on-demand like IIRC card-iasecc does; this card's os seems to be quite similar to how acos operates) as the file's SecurityAccessConditions/acl will require for the operation in question. I think, I'm aware what code should go into opensc (framework) and what has to be solved/decided specifically by dedicated card functions, and I'm a fan of pushing as much as possible common code into opensc (framework) as long as the growing complexity is managable. My bird's eye view of OpenSC's SM is, that SM_MODE_TRANSMIT and SM_MODE_ACL have some common tasks to do, but each has it's own "API": Maybe I catched a misconception as I analyze the sc_card_sm_check function differently: Now coming back to the original topic "removal of SM_MODE_ACL", my new understanding of what Your proposal is about/aiming at is: You don't want to remove the sm_context.sm_module.sm_module_operations-"API", but just the "name" SM_MODE_ACL? Right? |
My message is not an attempt to participate in the debates (there hardly could be the arguments against the fever of optimization and code purification). I would like to explain the context where SM was implemented in OpenSC:
There from the idea to let the card to be used 'as normal' as far as possible, and only in the moments where it's really imposed by object's ACL, switch to the SM mode. That's for the 'SM_MODE_ACL' mode. SM was implemented with the possibility to externalize the composing of SM secured APDUs.
|
Thanks for Your background info. It's coming in the right moment and is helpfull as I design card/token-(re-)-initialization (skipping .profile for the moment) and how to populate a file's 7 access control bytes (each byte has a bit to yes/no force SM for the SC_AC_OP_* refered to + other bits that direct to a DF's Security Environment file record no. containing another authentication requirement such as internal pin file record no. xyz (| 0x80) or internal sym. key file's record no. xyz (| 0x80) verified/authenticated or both. Occasionally, I would like to know Your view about: With the current external acos5_64, in principle it's dynamic/local (though the current all-in-one external module does not distinct dynamic/static). With ACOS5-64, some module has to have knowledge of common 2 SM keys, i.e. those required by both parties card<->host for the Mutual Authentication. Once the/a new secure channel/SM is established and new Session Keys generated, ACOS5-64 doesn't impose where to go on composing of SM secured APDUs, 'local' or with a 'distant' module, as long as a possible 'distant' module gets passed ssc and the 2 session keys. |
The same in IAS/ECC standard:
Something like this is also in IAS/ECC standard.
Currently the sizes of SM data type members (defined in 'sm.h') are fixed.
Yes. |
SM_MODE_ACL
is defined insm.h
andsc_card_sm_load
initializescard->sm_ctx.sm_mode
to this value. However, there is no other code that referencesSM_MODE_ACL
, let alone code that does something useful with it.What should happen?
remove
SM_MODE_ACL
and initializecard->sm_ctx.sm_mode
insc_card_sm_load
toSM_MODE_NONE
@viktorTarasov, could you comment on this, please?
The text was updated successfully, but these errors were encountered: