Menu
▾
▴
[Opensc-commits] [OpenSC/OpenSC] acb882: IASECC: Add support for CPx cards
|
From: Vincent J. <no...@gi...> - 2021-03-17 09:58:48
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: acb8822444958a687888d821a7dda2a4e21b76de https://github.com/OpenSC/OpenSC/commit/acb8822444958a687888d821a7dda2a4e21b76de Author: Vincent JARDIN <vj...@fr...> Date: 2021-03-17 (Wed, 17 Mar 2021) Changed paths: M src/libopensc/card-iasecc.c M src/libopensc/cards.h Log Message: ----------- IASECC: Add support for CPx cards The French CPx Healthcare cards are designed to support the IASECC standard. Commit: 560692221bee43a63bef445d26107807db159fc5 https://github.com/OpenSC/OpenSC/commit/560692221bee43a63bef445d26107807db159fc5 Author: Vincent JARDIN <vj...@fr...> Date: 2021-03-17 (Wed, 17 Mar 2021) Changed paths: M src/libopensc/card-iasecc.c Log Message: ----------- IASECC/CPX: file selection and app enumeration Thanks to this commit, we get the full support of: - ./opensc-explore cd 0001 asn1 2F00 - ./pkcs11-tool -O - etc. Commit: fd97f49a8414dcf23297dfcd05b4c6677bd6c674 https://github.com/OpenSC/OpenSC/commit/fd97f49a8414dcf23297dfcd05b4c6677bd6c674 Author: Vincent JARDIN <vj...@fr...> Date: 2021-03-17 (Wed, 17 Mar 2021) Changed paths: M src/libopensc/dir.c Log Message: ----------- IASECC: CPX have 2 applications There are 2 applications: default one (contact mode) and the contactless mode. Commit: 7cd713d15dfe949de0db1535b8c539ef02bd57ef https://github.com/OpenSC/OpenSC/commit/7cd713d15dfe949de0db1535b8c539ef02bd57ef Author: Vincent JARDIN <vj...@fr...> Date: 2021-03-17 (Wed, 17 Mar 2021) Changed paths: M src/libopensc/card-iasecc.c Log Message: ----------- IASECC/CPX: enable RSA algorithms Without this fix, we get: ./pkcs11-tool --module ../lib/onepin-opensc-pkcs11.so -M Using slot 0 with a present token (0x0) Supported mechanisms: SHA-1, digest SHA224, digest SHA256, digest SHA384, digest SHA512, digest MD5, digest RIPEMD160, digest GOSTR3411, digest Once we include it, we get: ./pkcs11-tool --module ../lib/onepin-opensc-pkcs11.so -M Using slot 0 with a present token (0x0) Supported mechanisms: SHA-1, digest SHA224, digest SHA256, digest SHA384, digest SHA512, digest MD5, digest RIPEMD160, digest GOSTR3411, digest RSA-9796, keySize={1024,2048}, hw, decrypt, sign, verify RSA-PKCS, keySize={1024,2048}, hw, decrypt, sign, verify SHA1-RSA-PKCS, keySize={1024,2048}, sign, verify SHA256-RSA-PKCS, keySize={1024,2048}, sign, verify RSA-PKCS-KEY-PAIR-GEN, keySize={1024,2048}, generate_key_pair Commit: 41edcaa413988daef1810a0e5ab198f86cdedc2f https://github.com/OpenSC/OpenSC/commit/41edcaa413988daef1810a0e5ab198f86cdedc2f Author: Vincent JARDIN <vj...@fr...> Date: 2021-03-17 (Wed, 17 Mar 2021) Changed paths: M src/libopensc/card-iasecc.c Log Message: ----------- IASECC/CPX: proper set of RSA support The previous commit was over simplified. According to the known mechanism, we should have the following scope: ./pkcs11-tool --module ../lib/onepin-opensc-pkcs11.so -M Using slot 0 with a present token (0x0) Supported mechanisms: SHA-1, digest SHA224, digest SHA256, digest SHA384, digest SHA512, digest MD5, digest RIPEMD160, digest GOSTR3411, digest RSA-X-509, keySize={512,2048}, hw, decrypt, sign, verify RSA-PKCS, keySize={512,2048}, hw, decrypt, sign, verify SHA1-RSA-PKCS, keySize={512,2048}, sign, verify SHA256-RSA-PKCS, keySize={512,2048}, sign, verify RSA-PKCS-PSS, keySize={512,2048}, hw, sign, verify SHA1-RSA-PKCS-PSS, keySize={512,2048}, sign, verify SHA256-RSA-PKCS-PSS, keySize={512,2048}, sign, verify do not use the default flags yet: _sc_card_add_rsa_alg(card, 1024, IASECC_CARD_DEFAULT_FLAGS, 0x10001); _sc_card_add_rsa_alg(card, 2048, IASECC_CARD_DEFAULT_FLAGS, 0x10001); _sc_card_add_rsa_alg(card, 512, IASECC_CARD_DEFAULT_FLAGS, 0x10001); Contactless specific behaviour shall be added later on. Commit: 6efd7b30294cb0a971912c76837e8c629ad7ebda https://github.com/OpenSC/OpenSC/commit/6efd7b30294cb0a971912c76837e8c629ad7ebda Author: Vincent JARDIN <vj...@fr...> Date: 2021-03-17 (Wed, 17 Mar 2021) Changed paths: M src/libopensc/card-iasecc.c Log Message: ----------- IASECC: send/recv from EF.ATR Log the send/recv data extracted from the EF.ATR (2F01). Commit: fd83e885f7799d4269fa19f3525535438de8f875 https://github.com/OpenSC/OpenSC/commit/fd83e885f7799d4269fa19f3525535438de8f875 Author: Vincent JARDIN <vj...@fr...> Date: 2021-03-17 (Wed, 17 Mar 2021) Changed paths: M src/libopensc/ef-atr.c Log Message: ----------- IASECC/CPX: parse EF.ATR from ASN1 2F01 object 2F01 is: ./opensc-explorer -r 0 OpenSC [3F00]> cat 2F01 00000000: 80 43 01 B8 46 04 04 B0 EC C1 47 03 94 01 80 4F .C..F.....G....O 00000010: 08 80 25 00 00 01 FF 01 00 E0 10 02 02 01 04 02 ..%............. 00000020: 02 01 04 02 02 01 00 02 02 01 00 78 08 06 06 2B ...........x...+ 00000030: 81 22 F8 78 02 82 02 90 00 .".x..... so the ASN1 decoder gets confused because it assumes that two bytes are needed before getting the first tag 43/ISO7816_TAG_II_CARD_SERVICE. In order to avoid such confusion, whenever the content of the EF.ATR/2F01 starts with ISO7816_II_CATEGORY_TLV, we skip the first byte in order to parse the ASN1 payload. Fix: issue #2220 Commit: c581d1b26f7b832d2e57062246d852d997d49721 https://github.com/OpenSC/OpenSC/commit/c581d1b26f7b832d2e57062246d852d997d49721 Author: Vincent JARDIN <vj...@fr...> Date: 2021-03-17 (Wed, 17 Mar 2021) Changed paths: M src/tools/opensc-explorer.c Log Message: ----------- IASECC/CPX: opensc-explorer asn1 of EF.ATR objects Workaround the parsing of EF.ATR objects, for instance: ./opensc-explorer -r 0 OpenSC [3F00]> cat 2F01 00000000: 80 43 01 B8 46 04 04 B0 EC C1 47 03 94 01 80 4F .C..F.....G....O 00000010: 08 80 25 00 00 01 FF 01 00 E0 10 02 02 01 04 02 ..%............. 00000020: 02 01 04 02 02 01 00 02 02 01 00 78 08 06 06 2B ...........x...+ 00000030: 81 22 F8 78 02 82 02 90 00 .".x..... OpenSC [3F00]> info 2F01 Working Elementary File ID 2F01, SFI E8 File path: 3F00/2F01 File size: 57 bytes EF structure: Transparent ACL for READ: NONE ACL for UPDATE: SecOx45 ACL for DELETE: SecOx45 ACL for WRITE: N/A ACL for REHABILITATE: N/A ACL for INVALIDATE: N/A ACL for LIST FILES: N/A ACL for CRYPTO: N/A Type attributes: 01 Life cycle: Operational, activated In order to avoid adding an offset of 1 for such objects on some OpenSC [3F00]> asn1 2F01 1 specific cards, then, we get: OpenSC [3F00]> asn1 2F01 80 Context 0 (0 bytes) 43 Application 3 (1 byte): decode error: B8 . 46 Application 6 (4 bytes): decode error: 04 B0 EC C1 .... 47 Application 7 (3 bytes): 94 01 80 ... 4F Application 15 (8 bytes): 80 25 00 00 01 FF 01 00 .%...... E0 Private 0 (16 bytes) 02 INTEGER (2 bytes): 260 02 INTEGER (2 bytes): 260 02 INTEGER (2 bytes): 256 02 INTEGER (2 bytes): 256 78 Application 24 (8 bytes) 06 OBJECT IDENTIFIER (6 bytes): 1.3.162.15480.2 82 Context 2 (2 bytes): 36864: 90 00 .. OpenSC [3F00]> which means: ef-atr.c:49:sc_parse_ef_atr_content: EF.ATR: card service 0xB8 ef-atr.c:59:sc_parse_ef_atr_content: EF.ATR: Pre-Issuing data '04B0ECC1' ef-atr.c:67:sc_parse_ef_atr_content: EF.ATR: DF selection 94, unit_size 1, card caps 80 ef-atr.c:95:sc_parse_ef_atr_content: EF.ATR: AID '8025000001FF0100' ef-atr.c:106:sc_parse_ef_atr_content: EF.ATR: Issuer data '02020104020201040202010002020100' ef-atr.c:111:sc_parse_ef_atr_content: EF.ATR: DER encoded OID 06062B8122F87802 ef-atr.c:114:sc_parse_ef_atr_content: EF.ATR: OID 2B8122F87802 ef-atr.c:123:sc_parse_ef_atr_content: EF.ATR: status word 0x9000 Fix: issue #2220 Commit: 20f359ea0461710b59219b51aa1d0f347097a838 https://github.com/OpenSC/OpenSC/commit/20f359ea0461710b59219b51aa1d0f347097a838 Author: Vincent JARDIN <vj...@fr...> Date: 2021-03-17 (Wed, 17 Mar 2021) Changed paths: M src/libopensc/card-iasecc.c Log Message: ----------- IASECC/CPX: SC_PATH_TYPE_FILE_ID, wrong APDU For SC_PATH_TYPE_FILE_ID, P2 should be 0x04, if not, then we get the following errors: [opensc-pkcs11] reader-pcsc.c:324:pcsc_transmit: Outgoing APDU (7 bytes): 00 A4 02 00 02 A0 01 ....... [opensc-pkcs11] reader-pcsc.c:242:pcsc_internal_transmit: called [opensc-pkcs11] reader-pcsc.c:333:pcsc_transmit: Incoming APDU (2 bytes): 6A 86 j. [opensc-pkcs11] apdu.c:382:sc_single_transmit: returning with: 0 (Success) [opensc-pkcs11] apdu.c:535:sc_transmit: returning with: 0 (Success) [opensc-pkcs11] card.c:523:sc_unlock: called [opensc-pkcs11] iso7816.c:128:iso7816_check_sw: Incorrect parameters P1-P2 [opensc-pkcs11] card-iasecc.c:1107:iasecc_select_file: iasecc_select_file() check SW failed: -1205 (Incorrect parameters in APDU) [opensc-pkcs11] card.c:866:sc_select_file: 'SELECT' error: -1205 (Incorrect parameters in APDU) when running: ./pkcs11-tool --test --login --pin abcd Commit: b50834901028f2e1cb68e035171a3e050f2ca878 https://github.com/OpenSC/OpenSC/commit/b50834901028f2e1cb68e035171a3e050f2ca878 Author: Vincent JARDIN <vj...@fr...> Date: 2021-03-17 (Wed, 17 Mar 2021) Changed paths: M src/tools/opensc-explorer.c Log Message: ----------- IASECC/CPX: opensc-explorer asn1 EF.ATR parsing Let's the advance users be able to parse the ASN1 contant for any offset. OpenSC [3F00]> asn1 2F01 0 Error in decoding. OpenSC [3F00]> asn1 2F01 1 43 Application 3 (1 byte): decode error, : B8 . 46 Application 6 (4 bytes): decode error: 04 B0 EC C1 .... 47 Application 7 (3 bytes): 94 01 80 ... 4F Application 15 (8 bytes): 80 25 00 00 01 FF 01 00 .%...... E0 Private 0 (16 bytes) 02 INTEGER (2 bytes): 260 02 INTEGER (2 bytes): 260 02 INTEGER (2 bytes): 256 02 INTEGER (2 bytes): 256 78 Application 24 (8 bytes) 06 OBJECT IDENTIFIER (6 bytes): 1.3.162.15480.2 82 Context 2 (2 bytes): 36864: 90 00 .. Fix: issue #2220 Commit: 4119b2c3e7eadf0bccb1a3592ded897ce6619121 https://github.com/OpenSC/OpenSC/commit/4119b2c3e7eadf0bccb1a3592ded897ce6619121 Author: Vincent JARDIN <vj...@fr...> Date: 2021-03-17 (Wed, 17 Mar 2021) Changed paths: M src/libopensc/asn1.c M src/libopensc/asn1.h M src/tests/unittests/asn1.c Log Message: ----------- ASN1 lax bit string decoding Some ASN1 objects stored on some smartcards (for instance the IASECC/CPX ones) do not comply strictly with the rules 8.6.2.3 and 8.6.2.3 from the ITU. Since these rules are not some strict ones, let's have a loose decoding option that can be displayed by the command: opensc-explorer asn1 7001 # for instance Fix: issue #2224 Commit: 76507508d7b3c31935a641e87bf93709812049e1 https://github.com/OpenSC/OpenSC/commit/76507508d7b3c31935a641e87bf93709812049e1 Author: Vincent JARDIN <vj...@fr...> Date: 2021-03-17 (Wed, 17 Mar 2021) Changed paths: M src/libopensc/card-iasecc.c Log Message: ----------- IASECC/CPX: code factorization There are two flavours of CPX cards: - contact mode, - contactless mode Commit: fc0df4e5d578e5926a59dbf3a34ce737424464ba https://github.com/OpenSC/OpenSC/commit/fc0df4e5d578e5926a59dbf3a34ce737424464ba Author: Vincent JARDIN <vj...@fr...> Date: 2021-03-17 (Wed, 17 Mar 2021) Changed paths: M src/libopensc/card-iasecc.c Log Message: ----------- IASECC/CPX: revert removal of 3F00 from the path Few years ago, the commit 03628449b75a93787eb2359412a3980365dda49b did squash the 3F00nnnn path to nnnn. For instance, 3F002F00 becomes 2F00. It is an issue such as: 00000200 [139681798813440] APDU: 00 A4 09 04 02 2F 00 00029790 [139681798813440] SW: 6A 82 Fix: issue #2231 Compare: https://github.com/OpenSC/OpenSC/compare/40c50a3a4219...fc0df4e5d578 |
