Re: [Opensc-devel] Recently submitted pull requests

[Douglas E. E. <dee...@an...>]

On 9/24/2013 2:23 PM, Tim Taylor wrote:
> Greetings.
>
> I just submitted three pull requests (#184, #185, #186) for
> consideration that I developed while trying to use the OpenSC minidriver
> on Windows 7 with a pin pad capable reader, and a PIV token.  I'll
> provide a brief description of each pull request.
>
> #184: Set output buffer len variable if padding removed.
> Note: I started my development with the 0.13.0 source code tarball.
> When I got to the point where I was ready to submit pull requests, it
> appears that the issue addressed by this pull request has a "fix" in
> place.  However I think this pull request is preferable
>
> The sc_pkcs1_strip_02_padding function in padding.c takes a pointer to
> an output buffer (out) and a pointer to the max length of the buffer
> (out_len).  On input, out_len is expected to point to the maximum length
> of the output buffer.  On output, this value should be over written with
> the length of un-padded data copied to the out buffer, but this was not
> being done.
>
> #185: Extract public key from cert if no object on card
> The PIV token that I am using is a US DoD Common Access Card (CAC).
> These tokens do not have separate containers for the public keys.

PIV cards dont either.

> When I
> first started using these tokens with the windows minidriver, and the
> certutil command line tool to read the token, I was getting a bunch of
> messages in the debug log: "No way to get public key: -1416 (Not
> implemented)".

(You know that Windows 7 and above have a PIV driver from Micrsoft,
that works with login, IE, Outlook, and any application that can use
the certificate store, like Chrome.)


I would rather see the piv_ops (*read_public_key) implemented in the card_piv.c
as this will only do it when needed.

As I said in a note in response to the pull request, the PKCS11 code
can emulate a pubkey.

>
> With this patch, when the PIV pkcs#15 emulation object is being
> initialized, it will extract the public key for each private key from
> the corresponding certificate.
>
> #186: Use reader pin pad if available and allowed
> This patch allows this use of a pin pad reader with the Windows
> minidriver (if using Version 6 or higher of the MS Base Card Services
> implementation -- it requires support for CardAuthenticateEx).  This is
> accomplished by setting the PinType to ExternalPinType instead of
> AlphaNumericPinType.  This also requires handling some additional
> properties (CP_PARENT_WINDOW, and CP_PIN_CONTEXT_STRING).

What type of pin pad reader are you using?
>
> ===============
>
> I would appreciate the consideration of the project committers for each
> of these improvements.  I've tried to make sure I conformed to the
> project coding conventions.  If I fell short of the conventions, please
> let me know and I'd be happy to rework the pull requests.  Also, if
> there is another alternative for achieving any of these that would be
> more acceptable for inclusion, just let me know.
>
> - Tim
>

-- 

  Douglas E. Engert  <DEE...@an...>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444