[Opensc-devel] Pin entry doesn't work under Windows

[twisteroid a. <twi...@gm...>]

Hi,

Entering PINs interactively at the command prompt doesn't seem to work
in Windows 10.

I have OpenSC 0.15.0 win64 installed in Windows 10, using ePass2003
tokens. The same hardware works fine under Linux (Arch x64, latest
OpenSC). Under Windows, however, any operation that involves entering
PIN at the interactive prompt doesn't seem to work.

For example, pkcs15-tool --change-pin:

C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-tool.exe --change-pin -vv
2016-03-23 16:16:36.191 [pkcs15-tool]
reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success)
2016-03-23 16:16:36.197 [pkcs15-tool]
reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 1
Using reader with a card: FS USB Token 0
2016-03-23 16:16:36.208 [pkcs15-tool]
reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success)
2016-03-23 16:16:36.211 [pkcs15-tool]
reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 1
Connecting to card in reader FS USB Token 0...
2016-03-23 16:16:36.217 [pkcs15-tool] card.c:148:sc_connect_card: called
2016-03-23 16:16:36.220 [pkcs15-tool]
reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success)
2016-03-23 16:16:36.223 [pkcs15-tool]
card-entersafe.c:106:entersafe_match_card: called
Using card driver epass2003.
Trying to find a PKCS#15 compatible card...
Found OpenSC Card!
Enter old PIN [User PIN]: Enter new PIN [User PIN]: Enter new PIN
again [User PIN]: 2016-03-23 16:16:43.390 [pkcs15-tool]
reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 5
2016-03-23 16:16:43.398 [pkcs15-tool]
reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success)
2016-03-23 16:16:43.404 [pkcs15-tool]
reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 5
2016-03-23 16:16:43.411 [pkcs15-tool] sec.c:206:sc_pin_cmd: returning
with: -1107 (Transmit failed)
PIN code change failed: Transmit failed
2016-03-23 16:16:43.426 [pkcs15-tool] ctx.c:799:sc_release_context: called


(Note the line starting with "Enter old pin". All those prompts do
appear on the same line, as well as the next piece of debug info.
Maybe this hints at a Windows/Linux EOL problem?)

The same command does work if the PIN is included in the arguments:

C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-tool.exe
--change-pin -vv --pin oldpin12 --new-pin 12345678
2016-03-23 16:22:05.713 [pkcs15-tool]
reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 1
Using reader with a card: FS USB Token 0
2016-03-23 16:22:05.725 [pkcs15-tool]
reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success)
2016-03-23 16:22:05.730 [pkcs15-tool]
reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 1
Connecting to card in reader FS USB Token 0...
2016-03-23 16:22:05.740 [pkcs15-tool] card.c:148:sc_connect_card: called
2016-03-23 16:22:05.744 [pkcs15-tool]
reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success)
2016-03-23 16:22:05.752 [pkcs15-tool]
card-entersafe.c:106:entersafe_match_card: called
Using card driver epass2003.
Trying to find a PKCS#15 compatible card...
Found OpenSC Card!
2016-03-23 16:22:06.487 [pkcs15-tool] sec.c:206:sc_pin_cmd: returning
with: 0 (Success)
2016-03-23 16:22:06.493 cannot lock memory, sensitive data may be paged to disk
PIN code changed successfully.
2016-03-23 16:22:06.516 [pkcs15-tool] ctx.c:799:sc_release_context: called


Similarly, when using private key stored on token for OpenVPN
authentication, there are errors after entering the PIN interactively.
Console log excerpt:

Enter OpenSC Card (User PIN) token Password:
2016-03-23 16:02:21.334 cannot lock memory, sensitive data may be paged to disk
Wed Mar 23 16:02:21 2016 PKCS#11: Cannot perform signature
512:'CKR_FUNCTION_REJECTED'
Wed Mar 23 16:02:21 2016 TLS_ERROR: BIO read tls_read_plaintext error:
error:14099004:SSL routines:SSL3_SEND_CLIENT_VERIFY:RSA lib
Wed Mar 23 16:02:21 2016 TLS Error: TLS object -> incoming plaintext read error
Wed Mar 23 16:02:21 2016 TLS Error: TLS handshake failed



Is this a known problem?
Please inform me if any more information is needed.

Thanks,

--
twisteroid ambassado