Peter Popovec | 30 Mar 09:55 2015
Picon

buffer overflow in card-myeid.c

Hi,

I found this in opensc-0.14.0:
 
0x7fdf91066700 10:53:44.400 [pkcs15-init] card.c:769:sc_card_ctl: called
0x7fdf91066700 10:53:44.400 [pkcs15-init] card-myeid.c:1189:myeid_card_ctl:
called
0x7fdf91066700 10:53:44.400 [pkcs15-init] card-myeid.c:1215:myeid_card_ctl:
returning with: -1408 (Not supported)
0x7fdf91066700 10:53:44.400 [pkcs15-init] card.c:776:sc_card_ctl:
card_ctl(4) not supported
0x7fdf91066700 10:53:44.400 [pkcs15-init] card.c:414:sc_create_file: called;
type=2, path=3f005015, size=5000
0x7fdf91066700 10:53:44.400 [pkcs15-init]
card-myeid.c:439:myeid_create_file: called
0x7fdf91066700 10:53:44.400 [pkcs15-init]
card-myeid.c:311:encode_file_structure: called
*** buffer overflow detected ***: pkcs15-init terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x731ff)[0x7fdf8ff861ff]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7fdf900094c7]
/lib/x86_64-linux-gnu/libc.so.6(+0xf46e0)[0x7fdf900076e0]
/usr/lib/x86_64-linux-gnu/libopensc.so.3(+0x98026)[0x7fdf90775026]
/usr/lib/x86_64-linux-gnu/libopensc.so.3(sc_create_file+0xaa)[0x7fdf9070061a]
/usr/lib/x86_64-linux-gnu/libopensc.so.3(sc_pkcs15init_create_file+0x113)[0x7fdf907be063]

Analysis:

Function myeid_create_file() allocates buffer of 32 bytes. Then it  calls
encode_file_structure() function. This function allocates buffer of 42 bytes.

First buffer overflow can be hit if filetype is SC_FILE_TYPE_DF. Function
encode_file_structure() needs 0x19 + file->namelen + 2 bytes in buffer =
max 45 bytes for file->namelen = 16. Buffer is three bytes smaller ..   

Second buffer overflow can be hit at the end of encode_file_structure().
Function  memcpy(out, buf, *outlen) is called at worst case with outlen=45.
Because the space in destination string is only 32 bytes (allocated by
myeid_create_file() function), buffer overflow is generated.


Please, use 45 bytes for these buffers:


diff --git a/src/libopensc/card-myeid.c b/src/libopensc/card-myeid.c
index 2e5f9c6..babae88 100644
--- a/src/libopensc/card-myeid.c
+++ b/src/libopensc/card-myeid.c
<at> <at> -305,7 +305,7 <at> <at> static int encode_file_structure(sc_card_t *card, const
sc_file_t *file,
                u8 *out, size_t *outlen)
 {
        const sc_acl_entry_t *read, *update, *delete, *generate;
-       u8 buf[40];
+       u8 buf[45];
        int i;
 
        LOG_FUNC_CALLED(card->ctx);
<at> <at> -432,7 +432,7 <at> <at> static int encode_file_structure(sc_card_t *card, const
sc_file_t *file,
 static int myeid_create_file(struct sc_card *card, struct sc_file *file)
 {
        sc_apdu_t apdu;
-       u8 sbuf[32];  
+       u8 sbuf[45];  
         size_t buflen;
        int r;
 
 There is another error encode_file_structure() function:

       case SC_FILE_TYPE_DF:
                buf[8] = 0x38;
                if(file->namelen > 0 && file->namelen <= 16)
                {
                        buf[25] = 0x84;
                        buf[26] = (u8)file->namelen;

                        for(i=0;i < file->namelen;i++)
                                buf[i + 26] = file->name[i];

                        buf[1] = 0x19 + file->namelen + 2;
                }
                break;


First, buf[26] is set to actual namelen:

buf[26] = (u8)file->namelen;

Then this byte will be overwriten by first character of DF name:

buf[i + 26] = file->name[i];

Patch fo tix this issue:

diff --git a/src/libopensc/card-myeid.c b/src/libopensc/card-myeid.c
index e8c28ec..53f904b 100644
--- a/src/libopensc/card-myeid.c
+++ b/src/libopensc/card-myeid.c
<at> <at> -453,7 +453,7 <at> <at> static int encode_file_structure(sc_card_t *card, const
sc_file_t *file,
                        buf[26] = (u8)file->namelen;
 
                        for(i=0;i < file->namelen;i++)
-                               buf[i + 26] = file->name[i];
+                               buf[i + 27] = file->name[i];
 
                        buf[1] = 0x19 + file->namelen + 2;
                }


------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Opensc-devel mailing list
Opensc-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel
William Roberts | 25 Mar 02:18 2015
Picon

Broken links on wiki page

The links on this page are broken:

I managed to find their counterparts, but can I get the wiki pages updated?


--
Respectfully,

William C Roberts

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Opensc-devel mailing list
Opensc-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Linda Yu | 24 Mar 16:19 2015

Is pcsclite 2.0.0 available?

Hi,

Does anyone know if there is PC/SC 2.0 for download? I did find the old
webpages regarding pcsclite 2.0.0 beta, but no recent posts. The latest
version I can find on Ubuntu download site is 1.8.11.

Thanks,
Linda

--
View this message in context: http://opensc.1086184.n5.nabble.com/Is-pcsclite-2-0-0-available-tp15191.html
Sent from the Developer mailing list archive at Nabble.com.

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
Viktor Tarasov | 22 Mar 11:28 2015
Picon

Towards release 0.15.0

Hi,

I propose to prepare the next 0.15.0 release. The dedicated branch is created.

Please tell if there are outstanding bugs that have to be fixed,
something essential is still to be integrated into this release.

Any proposals, suggestions, test results are heartily wellcome.

Best regards,
Viktor.

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
dirkx | 20 Mar 17:02 2015

Feitian ePass2003 / Failed to erase card: Security status not satisfied

Got quite a couple of ePass2003 tokens back from the field (some 12-15%) that fail reformatting with
pkcs15-init -E; and give an error on the windows "format_tool_2003.exe” tool. 

Any suggestions as to why this is ? They have been inited with a pkcs15+onepin without SO support and
finalised before sent out to the field.

We’d like to get an idea as to what the issue is; and specifically would like to find out if this is a SW
or a HW issue/one which can be ‘caused’ by the end user.

Would anyone still have a copy of:

	http://www.gooze.eu/nl/forums/support/epass2003-recovery-tool
		http://download.gooze.eu/pki/feitian/epass-2003/fix_tool.tar.gz

stashed away somewhere ?

Dw.

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Opensc-devel mailing list
Opensc-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel
dirkx | 20 Mar 16:53 2015

Failing builds on HEAD / Yosemite and 6.2 Xcode

in reply to the IRC chat — Just a quick FYI - it seems one (now) needs to set the target:

	https://github.com/dirkx/OpenSC/commit/1cd8d02449b2c1aeb0383b9c583aa59265ab1460
	
is what makes things work again for me.

Dw.
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Opensc-devel mailing list
Opensc-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Dirk-Willem van Gulik | 17 Mar 18:33 2015

pkcs15-init - asking for an SO pin - despite --so-pin provided on the command line

Does below ring a bell with anyone - pkcs15-init wanting me to enter a SO Pin
despite it being provided with an SO pin on the command line.

Against master/head - with an Aventra MyEID card.

Thanks,

Dw.

$ pkcs15-init -E

$ pkcs15-init --create-pkcs15 --profile pkcs15+onepin --use-default-transport-key --puk 11111
--pin 1234 --label foobar --so-pin 1234
Using reader with a card: SCM Microsystems Inc. SPR 532

$ pkcs15-init --generate-key rsa/1024 --auth-id 01 -u sign --pin 1234 --so-pin 1234
Using reader with a card: SCM Microsystems Inc. SPR 532
Security officer PIN unlock key required.
Please enter Security officer PIN unlock key: 
Security officer PIN unlock key required.
Please enter Security officer PIN unlock key: 
$

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
Frank Morgner | 11 Mar 01:18 2015
Picon

Android Smart Card Emulator

Hi!

I created a simple App which uses Android’s HCE to fetch APDUs from a
contact-less reader and delegate them to Java Card Applets. The app
includes the Java Card simulation runtime of jCardSim [1] as well as the
following Java Card applets:

- Hello World applet [2]
- OpenPGP applet [3]
- OATH applet [4]
- ISO applet [5]

With some more effort I think this could be quite interesting for a
variety of use cases. What do you think?

Greets, Frank.

[0] https://frankmorgner.github.io/vsmartcard/ACardEmulator/README.html
[1] http://www.jcardsim.org/
[2] https://github.com/licel/jcardsim/blob/master/src/main/java/com/licel/jcardsim/samples/HelloWorldApplet.java
[3] https://developers.yubico.com/ykneo-openpgp/
[4] https://developers.yubico.com/ykneo-oath/
[5] http://www.pwendland.net/IsoApplet/

-- 
Frank Morgner

Virtual Smart Card Architecture http://vsmartcard.sourceforge.net
OpenPACE                        http://openpace.sourceforge.net
IFD Handler for libnfc Devices  http://sourceforge.net/projects/ifdnfc
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Opensc-devel mailing list
Opensc-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Aleksandar Mujadin | 9 Mar 17:08 2015
Picon

Delete key from Gemalto Instant EID IP9?

Hello,

I'm trying to delete several keys that were used for testing from a
Gemalto Instant EID IP9 card using OpenSC 0.14.0.0 for Windows.

I'm new to OpenSC, these are the steps I followed:

1) pkcs15-tool --dump > d:\test.txt

2) Find the ID of the key I want to delete:

Private RSA Key []
    Object Flags   : [0x3], private, modifiable
    Usage          : [0x200], nonRepudiation
    Access Flags   : [0x18], neverExtract, local
    ModLength      : 1024
    Key ref        : -1 (0xFFFFFFFF)
    Native         : yes
    Path           : 3f0050165b06
    Auth ID        : 02
    ID             :
6c652d65643336323963352d656637652d343164342d396636302d3164393765336437646161313e32

3) Try to delete the key using pkcs15-init:

pkcs15-init -D privkey --id 6c652d6
5643336323963352d656637652d343164342d396636302d3164393765336437646161313e32
-v

Output:

Using reader with a card: Lenovo Integrated Smart Card Reader 0
Connecting to card in reader Lenovo Integrated Smart Card Reader 0...
Using card driver Setec cards.
Found Instant EID IP9
About to delete object(s).
User PIN [identification] required.
Please enter User PIN [identification]: 2015-03-09 17:25:35.430 cannot
lock memo
ry, sensitive data may be paged to disk
Failed to delete object 0: Security status not satisfied
Deleted 0 objects
Failed to delete object(s): Security status not satisfied

I have also tried to specify --auth-id 02 on the command line but that
doesn't help, it never asks for the signing PIN, only for the
identification PIN.

Output from opensc-tool -a:
c:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool -a
Using reader with a card: Lenovo Integrated Smart Card Reader 0
3b:7d:96:00:00:80:31:80:65:b0:a3:11:00:c8:83:00:90:00

>From opensc-tool -n:
c:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool -n
Using reader with a card: Lenovo Integrated Smart Card Reader 0
SetCOS

opensc-tool --info:
c:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool --info
OpenSC 0.14.0 [Microsoft 1600]
Enabled features:pcsc openssl zlib

I've seen some examples where people specify a security officer PIN but
I only have a PIN1, identification and encryption, PIN2, signing and a
PUK code.

Something obvious that I'm missing?

--Thanks

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
KangJing Huang | 3 Mar 10:19 2015
Picon

ePass2003 not working: Failed to create PKCS #15 meta structure: Not allowed

Hi there,

I bought an ePass2003 and planned to use it with OpenSC.

However, following the instructions on the web does not seem to work for me.

Firstly, I run

pkcs15-init -E

and it returned without any error.

Then, I run

pkcs15-init -C --pin 0000 --puk 111111 -p pkcs15+onepin 

and it gives:

Using reader with a card: Feitian ePass2003 00 00

Failed to create PKCS #15 meta structure: Not allowed

Then, any further operation seems to be failing:

 $ pkcs15-tool --dump                                                                                                      [16:53:22]

Using reader with a card: Feitian ePass2003 00 00

PKCS#15 binding failed: Unsupported card

 

 $ opensc-tool --list-files                                                                                                [16:55:10]

Using reader with a card: Feitian ePass2003 00 00

3f00 [entersafe-fips] type: DF, size: 0

select[N/A] lock[N/A] delete[N/A] create[N/A] rehab[N/A] inval[N/A] list[N/A] sec: 9F:9F:FF:9F:FF:FF:FF:FF

prop: 00:7F

sc_list_files() failed: Security status not satisfied

 $ pkcs15-init -E                                                                                                          [16:55:28]

Using reader with a card: Feitian ePass2003 00 00

Failed to erase card: Security status not satisfied

And it's not working with Windows drivers anymore, either.

I'm using Gentoo Linux and tried both in-tree 0.14.0 version and git version, but none works.

Stderr of

pkcs15-init -C --pin 0000 --puk 111111 -p pkcs15+onepin -vvv

is attached, in case further inspection is needed.

Any other further information could be provided if requested.

Please help on how to recover my token and how to get it work with opensc

Thanks a lot!

Happy Hacking

Attachment (error.log): text/x-log, 89 KiB
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Opensc-devel mailing list
Opensc-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel
tan | 2 Mar 13:20 2015
Picon

epass2003 ecc certificates

hello all

I'm trying to load ecdsa certs w/ 256bit ecc keys onto a epass2003 usb
token. I am under the impression that opensc 0.13 should support this from
reading the release notes.

When I list algorithms using the "$ opensc-tool --list-algorithms",  there
is no mention of ec algorithms whereas trying the same commands with a
gemalto PIV Card2.0 does.

I realise that this may be better categories within the "user" category but
this one looked more active. Please advise if this needs to be reposted.

I can provide more configuration/testing detail regarding profiles
(pkcs12+onepin specified in commandline - epass2003 profile I'm assuming is
used implicity according to documentation) and certificate type (in .p12
containers) but there seems little point if the driver doesn't support the
capabilities.

look forward to hearing a reply 
thanks in advance
Tom 

--
View this message in context: http://opensc.1086184.n5.nabble.com/epass2003-ecc-certificates-tp15164.html
Sent from the Developer mailing list archive at Nabble.com.

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/

Gmane