-
Notifications
You must be signed in to change notification settings - Fork 713
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Solve 2 issues #1085
Solve 2 issues #1085
Conversation
@FeitianSmartcardReader Any possibility to resolve the issue "Failed to erase card: Security status not satisfied" described in the wiki, without running binary blobs from internet? I have ePass token, but I am unable to us that. |
@Jakuje The issue need using our tool can download from below and to re-format token, if you cannot using this tool, please show me your error or log, I will help check and solve it, thanks http:https://download.ftsafe.com/files/ePass/Fix_Tool.tar.gz |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This change is too complex to go into 0.17.0.
Also, see the two comments in the code, which will affect other cards.
src/libopensc/sm.c
Outdated
@@ -158,7 +158,7 @@ sc_sm_single_transmit(struct sc_card *card, struct sc_apdu *apdu) | |||
|
|||
/* send APDU flagged as NO_SM */ | |||
sm_apdu->flags |= SC_APDU_FLAGS_NO_SM; | |||
rv = sc_transmit_apdu(card, sm_apdu); | |||
rv = card->reader->ops->transmit(card->reader, sm_apdu); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This change will most likely lead to problems with other cards.
See discussion in #970
src/pkcs15init/pkcs15-lib.c
Outdated
@@ -1238,7 +1238,7 @@ sc_pkcs15init_init_prkdf(struct sc_pkcs15_card *p15card, struct sc_profile *prof | |||
key_info->params.data = &keyargs->key.u.ec.params; | |||
key_info->params.free_params = sc_pkcs15init_empty_callback; | |||
key_info->field_length = ecparams->field_length; | |||
key_info->modulus_length = 0; | |||
// key_info->modulus_length = 0; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This change will most likely break other cards
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I will talk internal and make the change, thanks
@frankmorgner Do modify, check changes 8021c47 |
To avoid a strcmp, for every card, The test should be |
src/pkcs15init/pkcs15-lib.c
Outdated
@@ -1238,7 +1238,13 @@ sc_pkcs15init_init_prkdf(struct sc_pkcs15_card *p15card, struct sc_profile *prof | |||
key_info->params.data = &keyargs->key.u.ec.params; | |||
key_info->params.free_params = sc_pkcs15init_empty_callback; | |||
key_info->field_length = ecparams->field_length; | |||
key_info->modulus_length = 0; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right, no need do modify code here, we will do it in pkcs15-epass2003.c file, will submit another pull request
src/libopensc/sm.c
Outdated
rv = sc_transmit_apdu(card, sm_apdu); | ||
/* if token is epass2003, using below code*/ | ||
switch(card->type){ | ||
case SC_CARD_TYPE_ENTERSAFE_FTCOS_EPASS2003: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd like to avoid card specific code on this layer. What's the reason for this change?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We double check the code, no need do modify in this layer, we will modify the file apdu.c.
The reason is our epass2003 series support plain APDU and cipher APDU, while in cipher APDU, after receive 6C command, then we will need get data back and re-package APDU with cipher mode, at this time, the set_le API seems only modify the LE, and nothing change of APDU, so we will modify apdu.c to solve it.
@FeitianSmartcardReader im unable to download your fix-tool from http:https://download.ftsafe.com/files/ePass/Fix_Tool.tar.gz. Can you post the link again please |
check below: |
ePass2003 EC not supported #1073 (comment), add
ECC support
These code already passed test
https://github.com/OpenSC/OpenSC/wiki/Smart-Card-Testing