Ludovic Rousseau | 1 Jan 2013 17:12
Picon
Gravatar

OpenSC github Test project

Hello,

I created a Test [1] project at github. This project is supposed to be
used to test integration of github with other services before
deploying the configuration to a real OpenSC sub-project.

Feel free to use it.
You may need to get access rigths. Just ask on this list.

Bye,

[1] https://github.com/OpenSC/Test

--

-- 
 Dr. Ludovic Rousseau
Viktor Tarasov | 31 Dec 2012 15:50
Picon

Delete 'staging' branch of github OpenSC/OpenSC project

Hello,

During considerable time already the master and staging branches have been closely synchronized.
As for me we can close the 'staging' branch.
It's initial role was to be a buffer for the new features,
now this function is fulfilled by the 'master' itself and by the pull-requests branches.

If no objections,
I will remove the 'staging' branch.

Kind regards,
Viktor.
Cyril | 29 Dec 2012 12:44
Picon

athena javacar ID Protect Client Support

Hello

I've bought a pair of Athena  Id protect client javacards with an Athena ASEIIIUSB reader.
The reader is recognized by linux box but I can't access the card.

First question as a newbie, can the reader read other smartcards?
Second, is there a way to handle those Athena Smart cards in OpenSc?
I've spent much time but didn't succeed.

Thanks!!!



The result of pkcs15-tool -L :

------------------------------------------------
Aspire-7730ZG:/usr/lib$ pkcs15-tool -L
Using reader with a card: Athena ASE IIIe [CCID Bulk Interface] 00 00
PKCS#15 binding failed: Unsupported card
------------------------------------------------
The result of pcsc_scan is here :
------------------------------------------------------------------------------------------------
Aspire-7730ZG:/usr/lib$ pcsc_scan
PC/SC device scanner
V 1.4.20 (c) 2001-2011, Ludovic Rousseau <ludovic.rousseau <at> free.fr>
Compiled with PC/SC lite version: 1.8.3
Using reader plug'n play mechanism
Scanning present readers...
0: Athena ASE IIIe [CCID Bulk Interface] 00 00

Sat Dec 29 12:40:49 2012
Reader 0: Athena ASE IIIe [CCID Bulk Interface] 00 00
  Card state: Card inserted,
  ATR: 3B D5 18 FF 80 91 FE 1F C3 80 73 C8 21 13 08

ATR: 3B D5 18 FF 80 91 FE 1F C3 80 73 C8 21 13 08
+ TS = 3B --> Direct Convention
+ T0 = D5, Y(1): 1101, K: 5 (historical bytes)
  TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU
    129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s
  TC(1) = FF --> Extra guard time: 255 (special value)
  TD(1) = 80 --> Y(i+1) = 1000, Protocol T = 0
-----
  TD(2) = 91 --> Y(i+1) = 1001, Protocol T = 1
-----
  TA(3) = FE --> IFSC: 254
  TD(3) = 1F --> Y(i+1) = 0001, Protocol T = 15 - Global interface bytes following
-----
  TA(4) = C3 --> Clock stop: no preference - Class accepted by the card: (3G) A 5V B 3V
+ Historical bytes: 80 73 C8 21 13
  Category indicator byte: 80 (compact TLV data object)
    Tag: 7, len: 3 (card capabilities)
      Selection methods: C8
        - DF selection by full DF name
        - DF selection by partial DF name
        - Implicit DF selection
      Data coding byte: 21
        - Behaviour of write functions: proprietary
        - Value 'FF' for the first byte of BER-TLV tag fields: invalid
        - Data unit in quartets: 2
      Command chaining, length fields and logical channels: 13
        - Logical channel number assignment: by the card
        - Maximum number of logical channels: 4
+ TCK = 08 (correct checksum)

Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
3B D5 18 FF 80 91 FE 1F C3 80 73 C8 21 13 08
        Athena IDProtect (JavaCard 2.2.2)
        http://www.athena-scs.com/product.asp?pid=32
------------------------------------------------------------------------------------------------

_______________________________________________
opensc-devel mailing list
opensc-devel <at> lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Ludovic Rousseau | 27 Dec 2012 16:08
Picon
Gravatar

List opensc-devel migration

Hello,

You are a subscribed member of the
opensc-devel <at> lists.opensc-project.org mailing list. The server at
opensc-project.org will be shut down soon and all the services need to
migrated to a new home [1] and [2].

An opensc-devel mailing list has been created at SourceForge. Go to
[3] and subscribe again if you want to continue to receive messages
for opensc-announce. We decided NOT to migrate your email
automatically. So you have to resubscribe by hand.

Sorry for the inconvenience.

Regards,

[1] http://sourceforge.net/projects/opensc/
[2] https://github.com/opensc
[3] https://lists.sourceforge.net/lists/listinfo/opensc-devel

--

-- 
 Dr. Ludovic Rousseau
Andreas Jellinghaus | 26 Dec 2012 15:56
Picon

Status of the server migration

Hi,

merry xmas / happy holidays everyone!

If you don't read this in the coming day: all is fine, enjoy your time
off with friends and family or skiing or ...

But for those with time on their hands for open source project work:
can someone summarize the current status of our server migration?

* source code: now all in git on github, right? Does everyone have
access who needs?
  What is the new system, people are asked to push patches to the
mailing list and someone collects them?
  Or should people have their own repo, publish patches there and
someone else pulls them? (more work, maybe not such a good idea)
  Or do we have an rietveld instance somewhere, so people can push
changes there (how?) and they get compile-build-tested?
* mailing lists: no idea what the current status is (i.e. this is a
test mail). Do we have new lists? Subscribers migrated or invited?
  Does this old list still work, or should I shut it down?
* Continuous build: is there a replacement system for the (jenkins?)
system we have/had on the old server?
* Trac/Wiki/.... -> any progress here? I remember so offerings and
questions to migrate, but no status update since - maybe I missed it?
* opensc-project.org domain - registered to martin paljak, opensc.org
reigstered to same unknown person - opensc.com for sale.
  any chance to move one of the domains to (whom?) someone? or live
without them?

Anything else I missed?

As said, I'd like to retire the server end of year, as it is a very
old and unmaintained installation.

Regards, Andreas
Matthew Zimmerman | 20 Dec 2012 14:54
Picon
Gravatar

Openssl pkcs11-engine using s_client with PIV card

I'm trying to debug an SSL connection to a webserver utilizing my PIV
Authentication Certificate and the associated private key on my card
and I believe I've found a bug in mechanism.c

I *think* I'm doing everything correctly, although documentation on
the engine in openssl are *very* sparse.  Here's how I'm setting up
the connection.

openssl
engine -t dynamic -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so -pre
ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre
MODULE_PATH:src/pkcs11/.libs/opensc-pkcs11.so -pre VERBOSE
s_client -engine pkcs11 -connect webserver:443 -CAfile ca.crt -cert
pivauth.crt -certform PEM -key 1:01 -keyform engine -prexit

According to the opensc tools, my card is in slot 1 and my key is id
01.  I'm fairly certain I'm using the -key and -keyform parameters
correctly but I'm not sure of -cert and -certform.  Should I instead
be telling openssl how to pull the cert from my card instead of the
local file (which corresponds with the key?)  How do I do that?  (I've
tried a few ways.)

This will prompt me for my pin, but then segfaults on line 428 of
mechanism.c -- seemingly data is pointing to an address but has no
member buffer_len (this could be wrong, my c and gdb experience is
highly lacking)

Found slot:  Broadcom Corp 5880 [Contacted SmartCard] (0123456789ABCD) 00 00
Found token: PIV_II (PIV Card Holder pin)
Found 4 certificates:
   1    Certificate for PIV Authentication
   2    Certificate for Digital Signature
   3    Certificate for Key Management
   4    Certificate for Card Authentication
PKCS#11 token PIN:
Found 4 keys:
   1 P  PIV AUTH key
   2 P  SIGN key
   3 P  KEY MAN key
   4 P  CARD AUTH key

Program received signal SIGSEGV, Segmentation fault.
0x00002aaaac155660 in sc_pkcs11_signature_final (operation=0x6cb7d0,
pSignature=0x7fffffffda30 "", pulSignatureLen=0x0) at mechanism.c:428
428  sc_log(context, "data length %li", data->buffer_len);
(gdb) print data
$1 = (struct signature_data *) 0x30
(gdb) print data->buffer_len
Cannot access memory at address 0x248
(gdb) backtrace
#0  0x00002aaaac155660 in sc_pkcs11_signature_final
(operation=0x6cb7d0, pSignature=0x7fffffffda30 "",
pulSignatureLen=0x0) at mechanism.c:428
#1  0x00002aaaab036e3d in look_str_cb () from /usr/lib/libcrypto.so.1.0.0
#2  0x00002aaaab04722c in lh_doall_arg () from /usr/lib/libcrypto.so.1.0.0
#3  0x00002aaaab03565c in engine_table_doall () from /usr/lib/libcrypto.so.1.0.0
#4  0x00002aaaab037203 in ENGINE_pkey_asn1_find_str () from
/usr/lib/libcrypto.so.1.0.0
#5  0x00002aaaab071fa3 in EVP_PKEY_asn1_find_str () from
/usr/lib/libcrypto.so.1.0.0
#6  0x00002aaaaad179d7 in ssl_create_cipher_list () from
/usr/lib/libssl.so.1.0.0
#7  0x00002aaaaad10964 in SSL_CTX_new () from /usr/lib/libssl.so.1.0.0
#8  0x000000000043d07e in ?? ()
#9  0x0000000000419587 in ?? ()
#10 0x000000000041927d in ?? ()
#11 0x00002aaaab363725 in __libc_start_main () from /usr/lib/libc.so.6
#12 0x000000000041934d in ?? ()
#13 0x00007fffffffe598 in ?? ()
#14 0x0000000000000000 in ?? ()

Thanks for any advice/patches/help :)
Matt
Picon

OpenSC Windows minidriver reg file for the ePass2003

Dear all,

Can anyone help me set the correct value for the ePass2003 mini driver
registry:http://download.gooze.eu/pki/opensc/windows/minidriver/exported-ePass2003.reg

The content of the file is:

**************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards
\OpenSC ePass2003 ECP]
"ATR"=hex:3b,9f,95,81,31,fe,9f,00,66,46,53,05,01,00,11,71,df,00,00,03,6a,82,f8
"ATRMask"=hex,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff
"Crypto Provider"="Microsoft Base Smart Card Crypto Provider"
"Smart Card Key Storage Provider"="Microsoft Smart Card Key Storage
Provider"
"80000001"="opensc-minidriver.dll"
************************************

opensc-tool --atr
Using reader with a card: Feitian ePass2003 00 00
3b:9f:95:81:31:fe:9f:00:66:46:53:05:01:00:11:71:df:00:00:03:6a:82:f8

What is missing in my reg file to make the mini-driver work?

Kind regards,
Jean-Michel POURE
--

-- 

                      GOOZE - http://www.gooze.eu
                   High quality cryptographic tools 
                  for GNU/Linux, Mac OS X and Windows
     POURE SASU - 17 rue Saint Jacques - 95160 Montmorency - France
       Tel : +33 (0)9 72 13 53 90 - Mobile : +33 (0)6 51 99 37 90
         Registry: FR 527 672 448 00018 - VAT: FR54527672448
     CAcert root certificate: http://www.cacert.org/index.php?id=3
                          ID PGP/GPG: 084F2584
Attachment (smime.p7s): application/x-pkcs7-signature, 5103 bytes
_______________________________________________
opensc-devel mailing list
opensc-devel <at> lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Anna Pavlova | 17 Dec 2012 14:01
Picon

Segmentation fault in pkcs11-tool

Hello,

I am new to OpenSC but I was looking for a 3rd party tool with which I could test my self-developed pkcs11 library and I came across the OpenSC pkcs11-tool.

I installed OpenSC under Ubuntu11.10, following http://www.gooze.eu/howto/smartcard-quickstarter-guide/opensc-installation-under-gnu-linux
 everything went fine, but when I wanted to run the pkcs11-tool:

>  pkcs11-tool --module /home/anna/PKCS11_Project/libPkcs11.so -l -O

I got segmentation fault.

I was able to find the place where the code crashed. In pkcs11-tool.c the line (558):

rv = p11->C_Initialize(NULL);

seem to crash. The message is just "Segmentation fault"

The module loads apparently fine.
module = C_LoadModule(opt_module, &p11);  //no error here

The problem is, that in my pkcs11 library I put an error message at the very beginning of the C_Initialize function, but not even this is printed out. So I don't think the crash comes from my library. I turned on the creation of a log file in my pkcs11 library, but not even my pkcs11 library log file is created.


I tried to google this problem and found this old thread:
http://www.opensc-project.org/pipermail/opensc-devel/2003-April/000831.html

But it didn't really help me (rebuilding openssl didn't solve the problem..). Could anyone help?

Thanks for any help,
Anna

_______________________________________________
opensc-devel mailing list
opensc-devel <at> lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Douglas E. Engert | 12 Dec 2012 17:07
Favicon

Re: Muscle smart card Applet various versions from M.U.S.C.L.E. and OpenSC


On 12/12/2012 5:17 AM, Rns Course wrote:
>>This appears in the log that GET_STATUS is returning: 00 01 00 05 ...
>  > i.e. PROTO_VERSION_MAJOR=0, PROTO_VERSION_MINOR=1
> Where does GET_STATUS return 00 01 00 05 in log?
> I mean, how did you understand GET_STATUS return 00 01 00 05 from log file?

You had sent on 12/9 an attachment of the opensc debug log as output.txt.
(but I cant find the original note, but I still have the attachment.)

On line in output.txt, APDUs and responses from muscle_match_card in card-muscle.c:
425: APDU:     00 A4 04 00 05 A0 00 00 00 01
430: Response: 90 00
440: APDU:     B0 3C 00 00 40
445: Response: 00 01 00 05 00 00 75 30 00 00 5E F6 02 02 00 00 90 00

Looking at the Muscle source that was available which is newer then the 0.9.11
I made the assumption that the actual data returned is from an older
version that had Protocol major=0  minor=1,  Applet major=0  minor=5

>
>>    buffer[pos++] = (byte) 1; // Major Card Edge Protocol version n.
>>    buffer[pos++] = (byte) 3; // Minor Card Edge Protocol version n.
>>    buffer[pos++] = (byte) 0; // Major Applet version n.
>>    buffer[pos++] = (byte) 9; // Minor Applet version n.

> I changed version in CardEdge.java source to 0.9.11 & 0.9.13 (before that, it was  0.6.01 at the source!)
and compile it again.

Its the major protocol version that OpenSC is checking, not the Applet version.

> But when I run "pkcs15-init -C" command, the output was as before:
>
> Using reader with a card: OMNIKEY CardMan 3x21 0
> New User PIN.
> Please enter User PIN:  (I entered "00000000")
>   Please type again to verify:
> Unblock Code for New User PIN (Optional - press return for no PIN).
> Please enter User unblocking PIN (PUK):
> User PIN [User PIN] required.
> Please enter User PIN [User PIN]: (I entered "00000000")
> Failed to create PKCS #15 meta structure: File not found
>
> How should I force opensc-0.13.0 to work with Muscle 0.9.11?

If they are using different protocols, one side or the other will need changes.

Buy a Java 2.2.2 card?

> THX.
>
> --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> *From:* Douglas E. Engert <deengert <at> anl.gov>
> *To:* MUSCLE <muscle <at> lists.musclecard.com>; OpenSC-devel <opensc-devel <at> lists.opensc-project.org>
> *Sent:* Tuesday, 11 December 2012, 0:01:32
> *Subject:* [opensc-devel] Muscle smart card Applet various versions from M.U.S.C.L.E. and OpenSC
>
> I am not using the Muscle card applet, but was looking looking at the OpenSC
> debug log for this thread:
> Re: [opensc-devel] The smart card reader is known as "VMware Virtual USB CCID 00 00" in linux ??!!
>
> The OpenSC card-muscle.c (0.12.2 or 0.13.0) is looking for PROTO_VERSION_MAJOR=1
>
> The author of the original note said:
>    > I've loaded and initialized Muscle applet (0.9.11) on it.
>
>
> This appears in the log that GET_STATUS is returning: 00 01 00 05 ...
> i.e. PROTO_VERSION_MAJOR=0, PROTO_VERSION_MINOR=1
> This version from 2003-12-19, does not sound like the latest to me...
>
> Yet in the Muscle CVS archives:
> http://anonscm.debian.org/viewvc/muscleplugins/trunk/MCardApplet/
> as of 4 years ago has version.properties has:
>
>    APPLET_VERSION_MAJOR=0
>    APPLET_VERSION_MINOR=9
>
>    PROTO_VERSION_MAJOR=1
>    PROTO_VERSION_MINOR=3
>
> And there have been changes in the SVN 9 months ago, 2 years ago and
> 3 years ago, which are not reflected in the Download page:
> https://alioth.debian.org/frs/?group_id=30111
>
> Can the download versions be update, or the page change to say
> compile it yourself? Or point to the OpenSC page?
>
>
> Then on OpenSC-project:
> http://www.opensc-project.org/opensc/wiki/MuscleApplet
> it says:
>    "OpenSC supports the Muscle applet, available from Debian SVN:"
>      svn co svn://svn.debian.org/muscleplugins/trunk/MCardApplet
>
>      (This appears to be the same SVN as on the Muscle page, revision 298
>      from 9 months ago.)
>
>      "An updated version, targeting recent JavaCard 2.2.2 cards with
>      extended APDUs is available from github:"
> http://github.com/martinpaljak/MuscleApplet
>
> This github is 3 years old, yet changes where made to the Muscle SVN
> 9 months ago.
>
> https://github.com/martinpaljak/MuscleApplet/blob/master/src/com/musclecard/CardEdge/CardEdge.java
> (3 years old)
>      buffer[pos++] = (byte) 1; // Major Card Edge Protocol version n.
>        buffer[pos++] = (byte) 3; // Minor Card Edge Protocol version n.
>        buffer[pos++] = (byte) 0; // Major Applet version n.
>        buffer[pos++] = (byte) 9; // Minor Applet version n.
>
> Which is in line with the PROTO_VERSION_MAJOR the OpenSC code is looking for.
>
> Can Martin and Ludovic get together and get these versions in sync,
> and make it so others don't download the 9 year old version?
>
> Thanks.
>
>
>
> --
>
>    Douglas E. Engert  <DEEngert <at> anl.gov <mailto:DEEngert <at> anl.gov>>
>    Argonne National Laboratory
>    9700 South Cass Avenue
>    Argonne, Illinois  60439
>    (630) 252-5444
> _______________________________________________
> opensc-devel mailing list
> opensc-devel <at> lists.opensc-project.org <mailto:opensc-devel <at> lists.opensc-project.org>
> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>

--

-- 

  Douglas E. Engert  <DEEngert <at> anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
Rns Course | 12 Dec 2012 15:53
Picon
Favicon

How to compile opensc in windows?

Hello

I need to compile opensc-0.11.3. 
On this page:
http://www.opensc-project.org/opensc/wiki/WindowsInstaller

The command "x86: SetEnv.cmd /x86 /Release and nmake /f win32\Makefile.msc LOC="-DASMV -DASMINF" OBJA="inffas32.obj match686.obj" zlib.lib" 
is written, while there's not Makefile.msc file in the package. There is  a Makefile.mak in it.

Could you tell me how I should compile it on windows?

THX

_______________________________________________
opensc-devel mailing list
opensc-devel <at> lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Rns Course | 12 Dec 2012 12:41
Picon
Favicon

Re: The smart card reader is known as "VMware Virtual USB CCID 00 00" in linux ??!!

I must use muscle 0.9.11 because the javacard version of my card is 2.2.1.
Muscle 0.9.12 uses version 2.2.2.
I think that should compile opensc-0.11.3 on windows to work with muscle 0.9.11!
Ohhhhh....


From: Douglas E. Engert <deengert <at> anl.gov>
To: Rns Course <rns_course <at> yahoo.com>
Sent: Tuesday, 11 December 2012, 22:55:17
Subject: Re: [opensc-devel] The smart card reader is known as "VMware Virtual USB CCID 00 00" in linux ??!!

Just wanted to know if you got this e-mail, as it looks like your original
problem is OpenSC does not support the old Muscle 0.9.11. You would have to use
a newer version of the Muscle applet.


-------- Original Message --------
Subject: Muscle smart card  Applet various versions from  M.U.S.C.L.E. and OpenSC
Date: Mon, 10 Dec 2012 14:31:32 -0600
From: Douglas E. Engert <deengert <at> anl.gov>

I am not using the Muscle card applet, but was looking looking at the OpenSC
debug log for this thread:
Re: [opensc-devel] The smart card reader is known as "VMware Virtual USB CCID 00 00" in linux ??!!

The OpenSC card-muscle.c (0.12.2 or 0.13.0) is looking for PROTO_VERSION_MAJOR=1

The author of the original note said:
> I've loaded and initialized Muscle applet (0.9.11) on it.

This appears in the log that GET_STATUS is returning: 00 01 00 05 ...
i.e. PROTO_VERSION_MAJOR=0, PROTO_VERSION_MINOR=1

This version from 2003-12-19, does not sound like the latest to me...

Yet in the Muscle CVS archives:
as of 4 years ago has version.properties has:

  APPLET_VERSION_MAJOR=0
  APPLET_VERSION_MINOR=9

  PROTO_VERSION_MAJOR=1
  PROTO_VERSION_MINOR=3

And there have been changes in the SVN 9 months ago, 2 years ago and
3 years ago, which are not reflected in the Download page:

Can the download versions be update, or the page change to say
compile it yourself? Or point to the OpenSC page?


Then on OpenSC-project:
it says:
"OpenSC supports the Muscle applet, available from Debian SVN:"
  svn co svn://svn.debian.org/muscleplugins/trunk/MCardApplet

  (This appears to be the same SVN as on the Muscle page, revision 298
    from 9 months ago.)

  "An updated version, targeting recent JavaCard 2.2.2 cards with
  extended APDUs is available from github:"

This github is 3 years old, yet changes where made to the Muscle SVN
9 months ago.

(3 years old)
    buffer[pos++] = (byte) 1; // Major Card Edge Protocol version n.
    buffer[pos++] = (byte) 3; // Minor Card Edge Protocol version n.
    buffer[pos++] = (byte) 0; // Major Applet version n.
    buffer[pos++] = (byte) 9; // Minor Applet version n.

Which is in line with the PROTO_VERSION_MAJOR the OpenSC code is looking for.

Can Martin and Ludovic get together and get these versions in sync,
and make it so others don't download the 9 year old version?

Thanks.



--
Douglas E. Engert  <DEEngert <at> anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois  60439
(630) 252-5444




_______________________________________________
opensc-devel mailing list
opensc-devel <at> lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Gmane