Menu
▾
▴
[Opensc-commits] [OpenSC/OpenSC] 17ccb3: IASECC: Add support for CPx cards
|
From: Vincent J. <no...@gi...> - 2021-03-05 16:41:40
|
Branch: refs/heads/iasecc_cpx Home: https://github.com/OpenSC/OpenSC Commit: 17ccb3a970a65c2215f21e9c1c42a624a28de3c4 https://github.com/OpenSC/OpenSC/commit/17ccb3a970a65c2215f21e9c1c42a624a28de3c4 Author: Vincent JARDIN <vj...@fr...> Date: 2021-02-01 (Mon, 01 Feb 2021) Changed paths: M src/libopensc/card-iasecc.c M src/libopensc/cards.h Log Message: ----------- IASECC: Add support for CPx cards The French CPx Healthcare cards are designed to support the IASECC standard. Commit: f772a7750d0a060539bb6ce78a90fa5a7cd3629c https://github.com/OpenSC/OpenSC/commit/f772a7750d0a060539bb6ce78a90fa5a7cd3629c Author: Vincent JARDIN <vj...@fr...> Date: 2021-02-01 (Mon, 01 Feb 2021) Changed paths: M src/libopensc/card-iasecc.c Log Message: ----------- IASECC/CPX: file selection and app enumeration Thanks to this commit, we get the full support of: - ./opensc-explore cd 0001 asn1 2F00 - ./pkcs11-tool -O - etc. Commit: 57119689f075239d64b10a0c0d217519ba60aeab https://github.com/OpenSC/OpenSC/commit/57119689f075239d64b10a0c0d217519ba60aeab Author: Vincent JARDIN <vj...@fr...> Date: 2021-02-01 (Mon, 01 Feb 2021) Changed paths: M src/libopensc/dir.c Log Message: ----------- IASECC: CPX have 2 applications There are 2 applications: default one (contact mode) and the contactless mode. Commit: f8ce28b35b3cef4a1fe15ec76f9153a3230b5025 https://github.com/OpenSC/OpenSC/commit/f8ce28b35b3cef4a1fe15ec76f9153a3230b5025 Author: Vincent JARDIN <vj...@fr...> Date: 2021-02-03 (Wed, 03 Feb 2021) Changed paths: M src/libopensc/card-iasecc.c Log Message: ----------- IASECC/CPX: enable RSA algorithms Without this fix, we get: ./pkcs11-tool --module ../lib/onepin-opensc-pkcs11.so -M Using slot 0 with a present token (0x0) Supported mechanisms: SHA-1, digest SHA224, digest SHA256, digest SHA384, digest SHA512, digest MD5, digest RIPEMD160, digest GOSTR3411, digest Once we include it, we get: ./pkcs11-tool --module ../lib/onepin-opensc-pkcs11.so -M Using slot 0 with a present token (0x0) Supported mechanisms: SHA-1, digest SHA224, digest SHA256, digest SHA384, digest SHA512, digest MD5, digest RIPEMD160, digest GOSTR3411, digest RSA-9796, keySize={1024,2048}, hw, decrypt, sign, verify RSA-PKCS, keySize={1024,2048}, hw, decrypt, sign, verify SHA1-RSA-PKCS, keySize={1024,2048}, sign, verify SHA256-RSA-PKCS, keySize={1024,2048}, sign, verify RSA-PKCS-KEY-PAIR-GEN, keySize={1024,2048}, generate_key_pair Commit: 3867bd357a9122f78aa92bfa4a49c584e4e47b7c https://github.com/OpenSC/OpenSC/commit/3867bd357a9122f78aa92bfa4a49c584e4e47b7c Author: Vincent JARDIN <vj...@fr...> Date: 2021-02-14 (Sun, 14 Feb 2021) Changed paths: M src/libopensc/card-iasecc.c Log Message: ----------- IASECC/CPX: proper set of RSA support The previous commit was over simplified. According to the known mechanism, we should have the following scope: ./pkcs11-tool --module ../lib/onepin-opensc-pkcs11.so -M Using slot 0 with a present token (0x0) Supported mechanisms: SHA-1, digest SHA224, digest SHA256, digest SHA384, digest SHA512, digest MD5, digest RIPEMD160, digest GOSTR3411, digest RSA-X-509, keySize={512,2048}, hw, decrypt, sign, verify RSA-PKCS, keySize={512,2048}, hw, decrypt, sign, verify SHA1-RSA-PKCS, keySize={512,2048}, sign, verify SHA256-RSA-PKCS, keySize={512,2048}, sign, verify RSA-PKCS-PSS, keySize={512,2048}, hw, sign, verify SHA1-RSA-PKCS-PSS, keySize={512,2048}, sign, verify SHA256-RSA-PKCS-PSS, keySize={512,2048}, sign, verify do not use the default flags yet: _sc_card_add_rsa_alg(card, 1024, IASECC_CARD_DEFAULT_FLAGS, 0x10001); _sc_card_add_rsa_alg(card, 2048, IASECC_CARD_DEFAULT_FLAGS, 0x10001); _sc_card_add_rsa_alg(card, 512, IASECC_CARD_DEFAULT_FLAGS, 0x10001); Contactless specific behaviour shall be added later on. Commit: 5b79bc252257f091b1ec39dcbb3d6c897de724f3 https://github.com/OpenSC/OpenSC/commit/5b79bc252257f091b1ec39dcbb3d6c897de724f3 Author: Vincent JARDIN <vj...@fr...> Date: 2021-02-14 (Sun, 14 Feb 2021) Changed paths: M src/libopensc/card-iasecc.c Log Message: ----------- IASECC: send/recv from EF.ATR Log the send/recv data extracted from the EF.ATR (2F01). Commit: 79acbefe05d0a9624d26cf5b8888bc02d5b6e906 https://github.com/OpenSC/OpenSC/commit/79acbefe05d0a9624d26cf5b8888bc02d5b6e906 Author: Vincent JARDIN <vj...@fr...> Date: 2021-02-14 (Sun, 14 Feb 2021) Changed paths: M src/libopensc/ef-atr.c Log Message: ----------- IASECC/CPX: parse EF.ATR from ASN1 2F01 object 2F01 is: ./opensc-explorer -r 0 OpenSC [3F00]> cat 2F01 00000000: 80 43 01 B8 46 04 04 B0 EC C1 47 03 94 01 80 4F .C..F.....G....O 00000010: 08 80 25 00 00 01 FF 01 00 E0 10 02 02 01 04 02 ..%............. 00000020: 02 01 04 02 02 01 00 02 02 01 00 78 08 06 06 2B ...........x...+ 00000030: 81 22 F8 78 02 82 02 90 00 .".x..... so the ASN1 decoder gets confused because it assumes that two bytes are needed before getting the first tag 43/ISO7816_TAG_II_CARD_SERVICE. In order to avoid such confusion, whenever the content of the EF.ATR/2F01 starts with ISO7816_II_CATEGORY_TLV, we skip the first byte in order to parse the ASN1 payload. Fix: issue #2220 Commit: 756fc2e83c2244488a877bd669990189c0e2c6d1 https://github.com/OpenSC/OpenSC/commit/756fc2e83c2244488a877bd669990189c0e2c6d1 Author: Vincent JARDIN <vj...@fr...> Date: 2021-02-14 (Sun, 14 Feb 2021) Changed paths: M src/tools/opensc-explorer.c Log Message: ----------- IASECC/CPX: opensc-explorer asn1 of EF.ATR objects Workaround the parsing of EF.ATR objects, for instance: ./opensc-explorer -r 0 OpenSC [3F00]> cat 2F01 00000000: 80 43 01 B8 46 04 04 B0 EC C1 47 03 94 01 80 4F .C..F.....G....O 00000010: 08 80 25 00 00 01 FF 01 00 E0 10 02 02 01 04 02 ..%............. 00000020: 02 01 04 02 02 01 00 02 02 01 00 78 08 06 06 2B ...........x...+ 00000030: 81 22 F8 78 02 82 02 90 00 .".x..... OpenSC [3F00]> info 2F01 Working Elementary File ID 2F01, SFI E8 File path: 3F00/2F01 File size: 57 bytes EF structure: Transparent ACL for READ: NONE ACL for UPDATE: SecOx45 ACL for DELETE: SecOx45 ACL for WRITE: N/A ACL for REHABILITATE: N/A ACL for INVALIDATE: N/A ACL for LIST FILES: N/A ACL for CRYPTO: N/A Type attributes: 01 Life cycle: Operational, activated In order to avoid adding an offset of 1 for such objects on some OpenSC [3F00]> asn1 2F01 1 specific cards, then, we get: OpenSC [3F00]> asn1 2F01 80 Context 0 (0 bytes) 43 Application 3 (1 byte): decode error: B8 . 46 Application 6 (4 bytes): decode error: 04 B0 EC C1 .... 47 Application 7 (3 bytes): 94 01 80 ... 4F Application 15 (8 bytes): 80 25 00 00 01 FF 01 00 .%...... E0 Private 0 (16 bytes) 02 INTEGER (2 bytes): 260 02 INTEGER (2 bytes): 260 02 INTEGER (2 bytes): 256 02 INTEGER (2 bytes): 256 78 Application 24 (8 bytes) 06 OBJECT IDENTIFIER (6 bytes): 1.3.162.15480.2 82 Context 2 (2 bytes): 36864: 90 00 .. OpenSC [3F00]> which means: ef-atr.c:49:sc_parse_ef_atr_content: EF.ATR: card service 0xB8 ef-atr.c:59:sc_parse_ef_atr_content: EF.ATR: Pre-Issuing data '04B0ECC1' ef-atr.c:67:sc_parse_ef_atr_content: EF.ATR: DF selection 94, unit_size 1, card caps 80 ef-atr.c:95:sc_parse_ef_atr_content: EF.ATR: AID '8025000001FF0100' ef-atr.c:106:sc_parse_ef_atr_content: EF.ATR: Issuer data '02020104020201040202010002020100' ef-atr.c:111:sc_parse_ef_atr_content: EF.ATR: DER encoded OID 06062B8122F87802 ef-atr.c:114:sc_parse_ef_atr_content: EF.ATR: OID 2B8122F87802 ef-atr.c:123:sc_parse_ef_atr_content: EF.ATR: status word 0x9000 Fix: issue #2220 Commit: 5fe1b667358f921936d219bc7a910b967635fc8c https://github.com/OpenSC/OpenSC/commit/5fe1b667358f921936d219bc7a910b967635fc8c Author: Vincent JARDIN <vj...@fr...> Date: 2021-03-04 (Thu, 04 Mar 2021) Changed paths: M src/libopensc/card-iasecc.c Log Message: ----------- IASECC/CPX: SC_PATH_TYPE_FILE_ID, wrong APDU For SC_PATH_TYPE_FILE_ID, P2 should be 0x04, if not, then we get the following errors: [opensc-pkcs11] reader-pcsc.c:324:pcsc_transmit: Outgoing APDU (7 bytes): 00 A4 02 00 02 A0 01 ....... [opensc-pkcs11] reader-pcsc.c:242:pcsc_internal_transmit: called [opensc-pkcs11] reader-pcsc.c:333:pcsc_transmit: Incoming APDU (2 bytes): 6A 86 j. [opensc-pkcs11] apdu.c:382:sc_single_transmit: returning with: 0 (Success) [opensc-pkcs11] apdu.c:535:sc_transmit: returning with: 0 (Success) [opensc-pkcs11] card.c:523:sc_unlock: called [opensc-pkcs11] iso7816.c:128:iso7816_check_sw: Incorrect parameters P1-P2 [opensc-pkcs11] card-iasecc.c:1107:iasecc_select_file: iasecc_select_file() check SW failed: -1205 (Incorrect parameters in APDU) [opensc-pkcs11] card.c:866:sc_select_file: 'SELECT' error: -1205 (Incorrect parameters in APDU) when running: ./pkcs11-tool --test --login --pin abcd Commit: 8cc328d423f24aef01b084a6b250b3a019645af0 https://github.com/OpenSC/OpenSC/commit/8cc328d423f24aef01b084a6b250b3a019645af0 Author: Vincent JARDIN <vj...@fr...> Date: 2021-03-04 (Thu, 04 Mar 2021) Changed paths: M src/tools/opensc-explorer.c Log Message: ----------- IASECC/CPX: opensc-explorer asn1 EF.ATR parsing Let's the advance users be able to parse the ASN1 contant for any offset. OpenSC [3F00]> asn1 2F01 0 Error in decoding. OpenSC [3F00]> asn1 2F01 1 43 Application 3 (1 byte): decode error, : B8 . 46 Application 6 (4 bytes): decode error: 04 B0 EC C1 .... 47 Application 7 (3 bytes): 94 01 80 ... 4F Application 15 (8 bytes): 80 25 00 00 01 FF 01 00 .%...... E0 Private 0 (16 bytes) 02 INTEGER (2 bytes): 260 02 INTEGER (2 bytes): 260 02 INTEGER (2 bytes): 256 02 INTEGER (2 bytes): 256 78 Application 24 (8 bytes) 06 OBJECT IDENTIFIER (6 bytes): 1.3.162.15480.2 82 Context 2 (2 bytes): 36864: 90 00 .. Fix: issue #2220 Commit: 87a35b170b8571db3a274cfda26aab838f097dfb https://github.com/OpenSC/OpenSC/commit/87a35b170b8571db3a274cfda26aab838f097dfb Author: Vincent JARDIN <vj...@fr...> Date: 2021-03-04 (Thu, 04 Mar 2021) Changed paths: M src/libopensc/asn1.c M src/libopensc/asn1.h M src/tests/unittests/asn1.c Log Message: ----------- ASN1 lax bit string decoding Some ASN1 objects stored on some smartcards (for instance the IASECC/CPX ones) do not comply strictly with the rules 8.6.2.3 and 8.6.2.3 from the ITU. Since these rules are not some strict ones, let's have a loose decoding option that can be displayed by the command: opensc-explorer asn1 7001 # for instance Fix: issue #2224 Commit: 2a7b55c56d45fab2dd5cf0e4a86e07a872f4e848 https://github.com/OpenSC/OpenSC/commit/2a7b55c56d45fab2dd5cf0e4a86e07a872f4e848 Author: Vincent JARDIN <vj...@fr...> Date: 2021-03-04 (Thu, 04 Mar 2021) Changed paths: M src/libopensc/card-iasecc.c Log Message: ----------- IASECC/CPX: code factorization There are two flavours of CPX cards: - contact mode, - contactless mode Commit: db1e178b5f7888917713cb9d28b99f6960f273b4 https://github.com/OpenSC/OpenSC/commit/db1e178b5f7888917713cb9d28b99f6960f273b4 Author: Vincent JARDIN <vj...@fr...> Date: 2021-03-04 (Thu, 04 Mar 2021) Changed paths: M src/libopensc/card-iasecc.c Log Message: ----------- IASECC/CPX: revert removal of 3F00 from the path Few years ago, the commit 03628449b75a93787eb2359412a3980365dda49b did squash the 3F00nnnn path to nnnn. For instance, 3F002F00 becomes 2F00. It is an issue such as: 00000200 [139681798813440] APDU: 00 A4 09 04 02 2F 00 00029790 [139681798813440] SW: 6A 82 Fix: issue #2231 Compare: https://github.com/OpenSC/OpenSC/compare/17ccb3a970a6%5E...db1e178b5f78 |
