[Globalplatform-developers] Branch for NSS token support

[Aaron C. <ac...@gm...>]

Hello,

Over the past few days, I've implemented (very) basic 
GPShell/GlobalPlatform support for using an NSS token to establish GPSC 
sessions.  The advantage of NSS support is that the GP secure channel 
keys can be stored in an HSM (rather than in plaintext in the script 
files).  Using an HSM to store the GP keys is a requirement for me.

Right now this support is very hackish and only works with SCP01; 
however, I'm (hopefully) going to be adding SCP02 support over the next 
few days.  Things are a bit tricky because some of the crypto needs to 
be migrated to the NSS token, but on the plus side, due to the 
prevalence of session keys in the GP spec, most of the crypto code can 
remain openssl (only the session key generation functions need to be 
duplicated and ported to NSS).

If there's any interest in me sharing this NSS implementation, can I get 
commit rights?  I'm currently thinking that a separate branch is the 
best place to put this experimental code.  I'm not sure of the 
granularity of the access controls you're allowed, but if it's possible 
to restrict my access to that a new "globalplatform-nss" branch that you 
create, that'd be fine with me.

Anyways, just let me know if you're interested.

V/r,
Aaron