Towards the next OpenSC release

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Towards the next OpenSC release

Viktor Tarasov-3
Hello, 

I guess that it's time to prepare the next release of OpenSC.
It will be occasion to test the recent (and not so recent) contributions in a more rigorous manner.

I would like to edit the final release at the end-of-November/begin-of-December -- I should have more time at this period. 

What do you think about?

Kind regards,
Viktor.



------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Towards the next OpenSC release

Douglas E. Engert


On 10/14/2013 2:48 AM, Viktor Tarasov wrote:
> Hello,
>
> I guess that it's time to prepare the next release of OpenSC.
> It will be occasion to test the recent (and not so recent) contributions in a more rigorous manner.
>
> I would like to edit the final release at the end-of-November/begin-of-December -- I should have more time at this period.

I would also like to see a list of items that could also be included in the next release.

The one change I would like to see is supporting PKCS#15 Public key XXXPublicKeyChoice
of raw or spki SubjectPublicKeyInfo, -- See X.509. Must contain a public XXX)
where XXX is RSA, EC, ... (looks like all of them.) Not sure if Gost supports this.

(This is also a bug report/request on the mailing list)

This is being done mostly for EC, where "Parameters" are not well defined. But
the parameters. are well defined in "spki", when named curved are used.
Field_length is also needed, but is not defined as a parameter, but can be derived from
the size of the ecpoint.


The OpenSC code has EC parameters defined twice, in opensc.h as sc_ec_params and in pkcs15.h
as sc_pkcs15_sc_parameters.

The sc_ec_params was added with the original EC support in OpenSC in November 2010
revision 4902. It ties the parameters to the algorithm in the alg_id params, as that is how
the spki processes algorithm parameters.

The sc_pkcs15_sc_parameters was added in April 2011 revision 5386 appears to have been added
to support pkcs15init code and the sc_pkcs15_fix_ec_parameters routine was added to generate
a named curved OID from a character string, or a character string form an OID.
The sc_pkcs15_fix_ec_parameters also has a list of predefined named curves and OIDs, and field_lengths.

I would like to see the sc_ec_params and sc_pkcs15_sc_parameters combined,
and stored only once, preferably in in the the alg_id params. And the sc_pkcs15_fix_ec_parameters
be re written to update the alg_id params.


>
> What do you think about?
>
> Kind regards,
> Viktor.
>
>
>
>
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
>
>
>
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Towards the next OpenSC release

Markus Kötter
In reply to this post by Viktor Tarasov-3
Hi,

On 10/14/2013 09:48 AM, Viktor Tarasov wrote:
> I guess that it's time to prepare the next release of OpenSC.

I'd like to see the memory leaks in engine_pkcs11/libp11 addressed (if
thats part of the planned release of OpenSC).

And the segfaults due to opensc loading openssl's gost engine more than
once would be worth addressing as well.


MfG
Markus

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Towards the next OpenSC release

Crypto Stick
In reply to this post by Viktor Tarasov-3
Hi Viktor,
I would love to see support for the Gnuk device being merged. See the
pending pull request: https://github.com/OpenSC/OpenSC/pull/153

Anything I could do to get this merged?

Regards,
Jan

Am 14.10.2013 09:48, schrieb Viktor Tarasov:

> Hello,
>
> I guess that it's time to prepare the next release of OpenSC.
> It will be occasion to test the recent (and not so recent) contributions
> in a more rigorous manner.
>
> I would like to edit the final release at the
> end-of-November/begin-of-December -- I should have more time at this
> period.
>
> What do you think about?
>
> Kind regards,
> Viktor.
>
>
>
>
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
>
>
>
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Towards the next OpenSC release

Viktor Tarasov-3
In reply to this post by Douglas E. Engert

Le 14/10/2013 18:28, Douglas E. Engert a écrit :

> On 10/14/2013 2:48 AM, Viktor Tarasov wrote:
>> I guess that it's time to prepare the next release of OpenSC.
>> It will be occasion to test the recent (and not so recent) contributions in a more rigorous manner.
>>
>> I would like to edit the final release at the end-of-November/begin-of-December -- I should have more time at this period.
> I would also like to see a list of items that could also be included in the next release.
>
> The one change I would like to see is supporting PKCS#15 Public key XXXPublicKeyChoice
> of raw or spki SubjectPublicKeyInfo, -- See X.509. Must contain a public XXX)
> where XXX is RSA, EC, ... (looks like all of them.) Not sure if Gost supports this.
>
> (This is also a bug report/request on the mailing list)
>
> This is being done mostly for EC, where "Parameters" are not well defined. But
> the parameters. are well defined in "spki", when named curved are used.
> Field_length is also needed, but is not defined as a parameter, but can be derived from
> the size of the ecpoint.
>
>
> The OpenSC code has EC parameters defined twice, in opensc.h as sc_ec_params and in pkcs15.h
> as sc_pkcs15_sc_parameters.
>
> The sc_ec_params was added with the original EC support in OpenSC in November 2010
> revision 4902. It ties the parameters to the algorithm in the alg_id params, as that is how
> the spki processes algorithm parameters.
>
> The sc_pkcs15_sc_parameters was added in April 2011 revision 5386 appears to have been added
> to support pkcs15init code and the sc_pkcs15_fix_ec_parameters routine was added to generate
> a named curved OID from a character string, or a character string form an OID.
> The sc_pkcs15_fix_ec_parameters also has a list of predefined named curves and OIDs, and field_lengths.
>
> I would like to see the sc_ec_params and sc_pkcs15_sc_parameters combined,
> and stored only once, preferably in in the the alg_id params. And the sc_pkcs15_fix_ec_parameters
> be re written to update the alg_id params.

My intention is to take the current state of 'master' branch as the pre-release candidate
and to take into account, when possible, the suggestions pronounced during the pre-release stage.

As far as I understood, you consider that the current state of 'master', in it's EC part, is not completely coherent.
I will try to look it over this weekend.

Have you any suggestions (in form of pull requests relative to current 'master') on this subject ?


>> What do you think about?
>>
>> Kind regards,
>> Viktor.
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> October Webinars: Code for Performance
>> Free Intel webinars can help you accelerate application performance.
>> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
>> the latest Intel processors and coprocessors. See abstracts and register >
>> http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
>>
>>
>>
>> _______________________________________________
>> Opensc-devel mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>>


------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Towards the next OpenSC release

Viktor Tarasov-3
In reply to this post by Markus Kötter
Le 14/10/2013 18:38, Markus Koetter a écrit :
> On 10/14/2013 09:48 AM, Viktor Tarasov wrote:
>> I guess that it's time to prepare the next release of OpenSC.
> I'd like to see the memory leaks in engine_pkcs11/libp11 addressed (if
> thats part of the planned release of OpenSC).
>
> And the segfaults due to opensc loading openssl's gost engine more than
> once would be worth addressing as well.

Ok,
I will look this and other bug reports starting from this weekend.


> MfG
> Markus
>
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>


------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Towards the next OpenSC release

Douglas E. Engert
In reply to this post by Viktor Tarasov-3


On 10/15/2013 3:31 PM, Viktor Tarasov wrote:

>
> Le 14/10/2013 18:28, Douglas E. Engert a écrit :
>> On 10/14/2013 2:48 AM, Viktor Tarasov wrote:
>>> I guess that it's time to prepare the next release of OpenSC.
>>> It will be occasion to test the recent (and not so recent) contributions in a more rigorous manner.
>>>
>>> I would like to edit the final release at the end-of-November/begin-of-December -- I should have more time at this period.
>> I would also like to see a list of items that could also be included in the next release.
>>
>> The one change I would like to see is supporting PKCS#15 Public key XXXPublicKeyChoice
>> of raw or spki SubjectPublicKeyInfo, -- See X.509. Must contain a public XXX)
>> where XXX is RSA, EC, ... (looks like all of them.) Not sure if Gost supports this.
>>
>> (This is also a bug report/request on the mailing list)
>>
>> This is being done mostly for EC, where "Parameters" are not well defined. But
>> the parameters. are well defined in "spki", when named curved are used.
>> Field_length is also needed, but is not defined as a parameter, but can be derived from
>> the size of the ecpoint.
>>
>>
>> The OpenSC code has EC parameters defined twice, in opensc.h as sc_ec_params and in pkcs15.h
>> as sc_pkcs15_sc_parameters.
>>
>> The sc_ec_params was added with the original EC support in OpenSC in November 2010
>> revision 4902. It ties the parameters to the algorithm in the alg_id params, as that is how
>> the spki processes algorithm parameters.
>>
>> The sc_pkcs15_sc_parameters was added in April 2011 revision 5386 appears to have been added
>> to support pkcs15init code and the sc_pkcs15_fix_ec_parameters routine was added to generate
>> a named curved OID from a character string, or a character string form an OID.
>> The sc_pkcs15_fix_ec_parameters also has a list of predefined named curves and OIDs, and field_lengths.
>>
>> I would like to see the sc_ec_params and sc_pkcs15_sc_parameters combined,
>> and stored only once, preferably in in the the alg_id params. And the sc_pkcs15_fix_ec_parameters
>> be re written to update the alg_id params.
>
> My intention is to take the current state of 'master' branch as the pre-release candidate
> and to take into account, when possible, the suggestions pronounced during the pre-release stage.
>
> As far as I understood, you consider that the current state of 'master', in it's EC part, is not completely coherent.
> I will try to look it over this weekend.

The main set of issues deals with EC parameters, and the use of the term "pubkey".

A completer public key consists of the algorithm, parameters and the public key.
With asn1 encoding of a SPKI, the parameters are after the algorithm and before the
public key.

With RSA there are no parameters, and the "public key" is a bit string with the ANSI
encoding of the modulus and exponent.

With EC the parameters are usually the named curve, and the "public key" is the ec_pointQ.

The sc_pkcs15_pubkey contains algorithm, parameters and the public key. but the parameters
may be in the alg_id, or in the pubkey->u.ec.params.

>
> Have you any suggestions (in form of pull requests relative to current 'master') on this subject ?

Almost. My current implementation keeps the parameters in either the algorithm alg_id
or in the pubkey->u.ec.params. Both are using the same sc_pkcs15_ec_parameters structure,
so the pointer can be moved.

>
>
>>> What do you think about?
>>>
>>> Kind regards,
>>> Viktor.
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> October Webinars: Code for Performance
>>> Free Intel webinars can help you accelerate application performance.
>>> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
>>> the latest Intel processors and coprocessors. See abstracts and register >
>>> http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
>>>
>>>
>>>
>>> _______________________________________________
>>> Opensc-devel mailing list
>>> [hidden email]
>>> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>>>
>
>
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Towards the next OpenSC release

Douglas E. Engert
In reply to this post by Viktor Tarasov-3
On 10/15/2013 3:31 PM, Viktor Tarasov wrote:

>
> Have you any suggestions (in form of pull requests relative to current 'master') on this subject ?

I have created a pull request for OpenSC/OpenSC #191 called "Enhanced ECC handling"
Please have a look at the commit message. includeing the TODO section.

The authors of the pkcs15-myeid.c and pkcs15-sc-hsm.c should also have a look
as there are some changes there.

GOST was not touched, but it looks like it could do something similar with a spki.


>
>
>>> What do you think about?
>>>
>>> Kind regards,
>>> Viktor.
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> October Webinars: Code for Performance
>>> Free Intel webinars can help you accelerate application performance.
>>> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
>>> the latest Intel processors and coprocessors. See abstracts and register >
>>> http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
>>>
>>>
>>>
>>> _______________________________________________
>>> Opensc-devel mailing list
>>> [hidden email]
>>> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>>>
>
>
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Towards the next OpenSC release

Andreas Schwier (ML)
I will have at look at the pkcs15-sc-hsm.c code.

Am 16.10.2013 21:29, schrieb Douglas E. Engert:

> On 10/15/2013 3:31 PM, Viktor Tarasov wrote:
>
>>
>> Have you any suggestions (in form of pull requests relative to current 'master') on this subject ?
>
> I have created a pull request for OpenSC/OpenSC #191 called "Enhanced ECC handling"
> Please have a look at the commit message. includeing the TODO section.
>
> The authors of the pkcs15-myeid.c and pkcs15-sc-hsm.c should also have a look
> as there are some changes there.
>
> GOST was not touched, but it looks like it could do something similar with a spki.
>
>
>>
>>
>>>> What do you think about?
>>>>
>>>> Kind regards,
>>>> Viktor.
>>>>
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> October Webinars: Code for Performance
>>>> Free Intel webinars can help you accelerate application performance.
>>>> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
>>>> the latest Intel processors and coprocessors. See abstracts and register >
>>>> http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Opensc-devel mailing list
>>>> [hidden email]
>>>> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>>>>
>>
>>
>> ------------------------------------------------------------------------------
>> October Webinars: Code for Performance
>> Free Intel webinars can help you accelerate application performance.
>> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
>> the latest Intel processors and coprocessors. See abstracts and register >
>> http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Opensc-devel mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>>
>


--

    ---------    CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#       #|   Schülerweg 38
   |#       #|   32429 Minden, Germany
   |'##> <##'|   Phone +49 571 56149
    ---------    http://www.cardcontact.de
                 http://www.tscons.de
                 http://www.openscdp.org


------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel