OpenPGP cleanup & extensions towards better OpenPGP card v3+ support #1407
Conversation
... and make it accessible for v2.1+ cards
For some files spec states CONSTRUCTED, but we treat them as SIMPLE, because we only need parts of their contents.
In addition, prepare for parsing DO 7F74, which I cannot do now, because I do not have a card supporting it.
Use it in pgp_erase_card() to slightly simplify the code.
To help debugging, - replace plain return's after LOG_FUNC_CALLED() has been called with LOG_FUNC_RETURN() - use LOG_FUNC_CALLED() & LOG_FUNC_RETURN() pairs more often
... for "standard" OpenPGP cards. This gives more detailed information to the user on the detailed specs the card adheres to. In addition it fixes a long-standing annoyance that every standard 2.x card matching the v2.0 ATR was announced as CryptoStick 1.2. This ATR is not only used in the CryptoStick 1.2, but also also in ZeitControl cards as well as NitroKeys, ...
Form a correct path instead ofmusising an array of 2 u8's. Perform proper error checking.
* length checks where needed * more & better comments
src/libopensc/card-openpgp.c
Outdated
| card->version.hw_major, card->version.hw_minor); | ||
| card->name = card_name; | ||
| snprintf(card_name, sizeof(card_name), | ||
| "OpenPGP card v%u.%u (%04X %08lX)", |
There was a problem hiding this comment.
Why include the serial number in the card name? All other cards keep this seperately; as it is available via opensc-tool --serial. Also, I doubt that it will have some meaning for the average user...
There was a problem hiding this comment.
It might be useful to differentiate between multiple tokens.
| { "3b:fa:13:00:ff:81:31:80:45:00:31:c1:73:c0:01:00:00:90:00:b1", NULL, "OpenPGP card v1.0/1.1", SC_CARD_TYPE_OPENPGP_V1, 0, NULL }, | ||
| { "3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c", NULL, "CryptoStick v1.2 (OpenPGP v2.0)", SC_CARD_TYPE_OPENPGP_V2, 0, NULL }, | ||
| { "3b:fa:13:00:ff:81:31:80:45:00:31:c1:73:c0:01:00:00:90:00:b1", NULL, default_cardname_v1, SC_CARD_TYPE_OPENPGP_V1, 0, NULL }, | ||
| { "3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c", NULL, default_cardname_v2, SC_CARD_TYPE_OPENPGP_V2, 0, NULL }, |
There was a problem hiding this comment.
This replaces the specific name CryptoStick with an unspecific name. Is this intended?
There was a problem hiding this comment.
Yes, this was deliberate.
As mentioned in the comment to commit 20cd0c0, this ATR is the generic ATR for OpenPGP v2 cards, which is not only used in the legacy [not available on the market anymore] CryptoStick, but also in ZeitControl's OpenPGP cards, in the NitroKey devices, and most probably others too.
The Name CryptoStick for this ATR is too narrow and misleading: whenever I put my NitroKey into the USB port, or my OpenPGP card into the reader, OpenSC wrongly announced it as CryptoStick.
The mentioned commit fixes the issue.
There was a problem hiding this comment.
thanks for the clearification
| static const char default_cardname[] = "OpenPGP card"; | ||
| static const char default_cardname_v1[] = "OpenPGP card v1.x"; | ||
| static const char default_cardname_v2[] = "OpenPGP card v2.x"; | ||
| static const char default_cardname_v3[] = "OpenPGP card v3.x"; |
There was a problem hiding this comment.
Don't use too much information: please remove the ".x" if you don't have any information about it.
There was a problem hiding this comment.
Hmmm, I tend to slightly disagree.
In my interpretation "v3" is equivalent "v3.0"
Hence the ".x", to indicate that we not know exactly whether it is "v3.0", "v3.1", ...
If you really insist, I can remove it. But please give it a 2nd thought.
| } | ||
|
|
||
| /* v3.0+: get card features from "general feature management" DO */ | ||
| if ((pgp_get_blob(card, blob6e, 0x7f74, &blob) >= 0) && |
There was a problem hiding this comment.
Why read that data if you don't need it?
The same is true for other parsed values or data structures, e.g. max_specialDO_size.
I'd better like to see that included when we're actually doing something useful with it. Currently, that's dead weight!
There was a problem hiding this comment.
OK, understandable.
Instead of amending this PR and reverting the chanes in additional commits, I lean to calceling this one, and putting in a new one with the offending passages removed.
What's your preference?
There was a problem hiding this comment.
choose as you like, thanks
|
I will address the chanes in a separate pull request. |
Hi,,
this pull request cleans up some FIXMEs/ToDos and starts the way towards v3+ support.
In particular, it
Please merge it into OpenSC master, as it paves the ground for better v3+ support.
Of course: reviews welcome.
Best
PEter