Andreas Jellinghaus wrote:
Hi Thomas,
I guess we will sooner or later need card specific get_response
commands. but that also means an architecture change: currently the
loop is done in the generic apdu.c code, and I guess it would need
to move into the card specific get_response code.
This change breaks PIV chaining.
sorry about that. I feared something like this would happen, but
commiting the change is the best way to find out. now we can revert
it or replace it with better code.
PIV Cards keep on returning 6100 until all of the data is read.
Well the last one would have 61XX. Then a read of XX bytes should return
9000.
Note that some cards had a problem if the get response to
a 6100 was not to read the full 256 bytes. The card is keeping track
internally of where it is in sending back the object, and it
wanted to do it in 256 byte chunks. So the amount of data read
should match the ASN.1 size. The card-piv.c tries to handle
all cases on the fly if the data read does not match the ASN.1
size as read in the first 256 bytes.
so how do you know how much data is there to read in total?
All PIV objects are ASN.1 so the first few bytes have the ASN.1 size of
the object. Also the NIST 800-73-1 specifies the max size of different
objects.
with cryptoflex cards and a 256 byte signature I could read
two times 248 bytes, but that result does not make sence.
Attached is a patch to the current svn (-r3097) to fix the previous
patch to work with PIV. It reverts some of the changes, but sets a cap
on the data received.
but will break cryptoflex.c again, I think.
with cryptoflex I get this:
- send signature apdu (2048 bit rsa), return 61 00
- get 256 bytes - reduced to 248 bytes - return 90 00
- get 8 bytes - return 90 00
if I try to get 248 bytes twice that also works, but the result
is broken.
how does the piv apdu chain look like?
See the attachament that was created with pkcs11-tool reading one of the
certs off a gemSAFE beta card.
After looking through things... it looks like this code does belong in
the ISO get_response, since it should be expected that get_response gets
_ALL_ of the response that it was expecting... though I suppose this
train of thought could be placed on apdu.c as well.
I guess we will need to move the loop logic into the iso function, so
each card can have it's own loop logic. now what I don't know what the
common case should be. is the cryptoflex behaving right? the piv card?
maybe we should abandon the iso driver as "driver" at all, and instead
offer a set of generic functions each driver can use. so we provide have
two or three get_response implementations, and each driver can choose
the right one. still less code, if several cards need their own
implementation.
comments?
Regards, Andreas
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
../../../src/src/libopensc/pkcs15-cert.c:115:sc_pkcs15_read_certificate: called
../../../src/src/libopensc/pkcs15.c:1593:sc_pkcs15_read_file: called,
path=0102, index=0, count=-1
../../../src/src/libopensc/card.c:285:sc_lock: called
../../../src/src/libopensc/reader-openct.c:431:openct_reader_lock: called
../../../src/src/libopensc/card.c:532:sc_select_file: called; type=2, path=0102
../../../src/src/libopensc/card-piv.c:1366:piv_select_file: called
../../../src/src/libopensc/card-piv.c:1337:piv_find_obj_by_containerid: called
../../../src/src/libopensc/card-piv.c:1338:piv_find_obj_by_containerid:
str=0x0102
../../../src/src/libopensc/card-piv.c:1343:piv_find_obj_by_containerid:
returning with: 7
../../../src/src/libopensc/card-piv.c:1416:piv_select_file: returning with: 0
../../../src/src/libopensc/card.c:554:sc_select_file: returning with: 0
../../../src/src/libopensc/card.c:399:sc_read_binary: called; 1860 bytes at
index 0
../../../src/src/libopensc/card-piv.c:759:piv_read_binary: called
../../../src/src/libopensc/card-piv.c:563:piv_get_data: called
../../../src/src/libopensc/card-piv.c:564:piv_get_data: get_data: tag=7
../../../src/src/libopensc/card-piv.c:249:piv_general_io: called
../../../src/src/libopensc/card-piv.c:253:piv_general_io: piv_general_io cb 3f
ff 5 : 256 256
../../../src/src/libopensc/card.c:285:sc_lock: called
../../../src/src/libopensc/card-piv.c:284:piv_general_io: calling
sc_transmit_apdu flags=1 le=256, resplen=20000, resp=0xbfa12ed8
../../../src/src/libopensc/apdu.c:504:sc_transmit_apdu: called
../../../src/src/libopensc/card.c:285:sc_lock: called
../../../src/src/libopensc/apdu.c:184:sc_apdu_log:
Outgoing APDU data [ 11 bytes] =====================================
00 CB 3F FF 05 5C 03 5F C1 0B 00 ..?..\._...
======================================================================
../../../src/src/libopensc/apdu.c:184:sc_apdu_log:
Incoming APDU data [ 2 bytes] =====================================
61 00 a.
======================================================================
../../../src/src/libopensc/apdu.c:504:sc_transmit_apdu: called
../../../src/src/libopensc/card.c:285:sc_lock: called
../../../src/src/libopensc/apdu.c:184:sc_apdu_log:
Outgoing APDU data [ 5 bytes] =====================================
00 C0 00 00 00 .....
======================================================================
../../../src/src/libopensc/apdu.c:184:sc_apdu_log:
Incoming APDU data [ 258 bytes] =====================================
53 82 06 E9 70 82 06 E0 30 82 06 DC 30 82 05 C4 S...p...0...0...
A0 03 02 01 02 02 0A 13 69 0F 97 00 00 00 00 00 ........i.......
0F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 .0...*.H........
30 55 31 13 30 11 06 0A 09 92 26 89 93 F2 2C 64 0U1.0.....&...,d
01 19 16 03 67 65 6D 31 17 30 15 06 0A 09 92 26 ....gem1.0.....&
89 93 F2 2C 64 01 19 16 07 67 65 6D 73 61 66 65 ...,d....gemsafe
31 14 30 12 06 0A 09 92 26 89 93 F2 2C 64 01 19 1.0.....&...,d..
16 04 77 32 6B 33 31 0F 30 0D 06 03 55 04 03 13 ..w2k31.0...U...
06 43 41 32 30 30 33 30 1E 17 0D 30 35 31 31 32 .CA20030...05112
35 31 30 32 35 31 37 5A 17 0D 30 36 31 31 32 35 5102517Z..061125
31 30 32 35 31 37 5A 30 81 94 31 13 30 11 06 0A 102517Z0..1.0...
09 92 26 89 93 F2 2C 64 01 19 16 03 67 65 6D 31 ..&...,d....gem1
17 30 15 06 0A 09 92 26 89 93 F2 2C 64 01 19 16 .0.....&...,d...
07 67 65 6D 73 61 66 65 31 14 30 12 06 0A 09 92 .gemsafe1.0.....
26 89 93 F2 2C 64 01 19 16 04 77 32 6B 33 31 0E &...,d....w2k31.
30 0C 06 03 55 04 03 13 05 55 73 65 72 73 31 1A 0...U....Users1.
61 00 a.
======================================================================
../../../src/src/libopensc/card.c:312:sc_unlock: called
../../../src/src/libopensc/apdu.c:504:sc_transmit_apdu: called
../../../src/src/libopensc/card.c:285:sc_lock: called
../../../src/src/libopensc/apdu.c:184:sc_apdu_log:
Outgoing APDU data [ 5 bytes] =====================================
00 C0 00 00 00 .....
======================================================================
../../../src/src/libopensc/apdu.c:184:sc_apdu_log:
Incoming APDU data [ 258 bytes] =====================================
30 18 06 03 55 04 03 13 11 4A 65 61 6E 2D 43 6C 0...U....Jean-Cl
61 75 64 65 20 44 55 56 41 4C 31 22 30 20 06 09 aude DUVAL1"0 ..
2A 86 48 86 F7 0D 01 09 01 16 13 6A 63 64 75 76 *.H........jcduv
61 6C 40 67 65 6D 73 61 66 65 2E 67 65 6D 30 81 [EMAIL PROTECTED]
9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 .0...*.H........
03 81 8D 00 30 81 89 02 81 81 00 B0 01 93 87 25 ....0..........%
8B D1 59 E4 29 F4 DA E0 86 CB 42 D6 93 BF E8 8A ..Y.).....B.....
9F 01 3F 6A C7 B2 C1 0F EA DB DC 91 37 84 F5 E9 ..?j........7...
ED C5 6C 83 60 0F 33 77 BE 1B 16 76 AB 83 92 38 ..l.`.3w...v...8
D8 1E B9 21 19 52 DD F5 76 72 2C 21 8E C5 E3 CA ...!.R..vr,!....
42 6B D0 75 78 EE BB 6E FC E1 E4 B3 E3 8E 8A 9E Bk.ux..n........
65 CD 7C 50 78 64 24 71 0A 7A 95 13 59 7D 1A D2 e.|Pxd$q.z..Y}..
C5 AC 3A 0B 6A 50 2B 81 AD 2D 2E 46 34 08 04 09 ..:.jP+..-.F4...
4E E1 59 FF 61 B9 FA 14 1D 35 69 02 03 01 00 01 N.Y.a....5i.....
A3 82 03 F0 30 82 03 EC 30 0B 06 03 55 1D 0F 04 ....0...0...U...
04 03 02 05 A0 30 44 06 09 2A 86 48 86 F7 0D 01 .....0D..*.H....
61 00 a.
======================================================================
../../../src/src/libopensc/card.c:312:sc_unlock: called
../../../src/src/libopensc/apdu.c:504:sc_transmit_apdu: called
../../../src/src/libopensc/card.c:285:sc_lock: called
../../../src/src/libopensc/apdu.c:184:sc_apdu_log:
Outgoing APDU data [ 5 bytes] =====================================
00 C0 00 00 00 .....
======================================================================
../../../src/src/libopensc/apdu.c:184:sc_apdu_log:
Incoming APDU data [ 258 bytes] =====================================
09 0F 04 37 30 35 30 0E 06 08 2A 86 48 86 F7 0D ...7050...*.H...
03 02 02 02 00 80 30 0E 06 08 2A 86 48 86 F7 0D ......0...*.H...
03 04 02 02 00 80 30 07 06 05 2B 0E 03 02 07 30 ......0...+....0
0A 06 08 2A 86 48 86 F7 0D 03 07 30 1D 06 03 55 ...*.H.....0...U
1D 0E 04 16 04 14 9F 93 94 5C 6F F7 2E 14 13 A7 .........\o.....
B5 3F E7 04 44 00 10 24 DF 31 30 3C 06 09 2B 06 .?..D..$.10<..+.
01 04 01 82 37 15 07 04 2F 30 2D 06 25 2B 06 01 ....7.../0-.%+..
04 01 82 37 15 08 E8 EE 59 81 85 C9 39 84 A1 93 ...7....Y...9...
27 89 B4 14 81 E5 D7 02 81 3C 84 F7 84 23 81 D1 '........<...#..
A6 43 02 01 64 02 01 02 30 1F 06 03 55 1D 23 04 .C..d...0...U.#.
18 30 16 80 14 AB DD 68 7D 53 60 B8 1B 58 E1 AE .0.....h}S`..X..
51 30 2A 4A 7B BE A5 CD 21 30 82 01 01 06 03 55 Q0*J{...!0.....U
1D 1F 04 81 F9 30 81 F6 30 81 F3 A0 81 F0 A0 81 .....0..0.......
ED 86 81 B4 6C 64 61 70 3A 2F 2F 2F 43 4E 3D 43 ....ldap:///CN=C
41 32 30 30 33 2C 43 4E 3D 43 41 32 30 30 33 2C A2003,CN=CA2003,
43 4E 3D 43 44 50 2C 43 4E 3D 50 75 62 6C 69 63 CN=CDP,CN=Public
61 00 a.
======================================================================
../../../src/src/libopensc/card.c:312:sc_unlock: called
../../../src/src/libopensc/apdu.c:504:sc_transmit_apdu: called
../../../src/src/libopensc/card.c:285:sc_lock: called
../../../src/src/libopensc/apdu.c:184:sc_apdu_log:
Outgoing APDU data [ 5 bytes] =====================================
00 C0 00 00 00 .....
======================================================================
../../../src/src/libopensc/apdu.c:184:sc_apdu_log:
Incoming APDU data [ 258 bytes] =====================================
25 32 30 4B 65 79 25 32 30 53 65 72 76 69 63 65 %20Key%20Service
73 2C 43 4E 3D 53 65 72 76 69 63 65 73 2C 43 4E s,CN=Services,CN
3D 43 6F 6E 66 69 67 75 72 61 74 69 6F 6E 2C 44 =Configuration,D
43 3D 77 32 6B 33 2C 44 43 3D 67 65 6D 73 61 66 C=w2k3,DC=gemsaf
65 2C 44 43 3D 67 65 6D 3F 63 65 72 74 69 66 69 e,DC=gem?certifi
63 61 74 65 52 65 76 6F 63 61 74 69 6F 6E 4C 69 cateRevocationLi
73 74 3F 62 61 73 65 3F 6F 62 6A 65 63 74 43 6C st?base?objectCl
61 73 73 3D 63 52 4C 44 69 73 74 72 69 62 75 74 ass=cRLDistribut
69 6F 6E 50 6F 69 6E 74 86 34 68 74 74 70 3A 2F ionPoint.4http:/
2F 63 61 32 30 30 33 2E 77 32 6B 33 2E 67 65 6D /ca2003.w2k3.gem
73 61 66 65 2E 67 65 6D 2F 43 65 72 74 45 6E 72 safe.gem/CertEnr
6F 6C 6C 2F 43 41 32 30 30 33 2E 63 72 6C 30 82 oll/CA2003.crl0.
01 1C 06 08 2B 06 01 05 05 07 01 01 04 82 01 0E ....+...........
30 82 01 0A 30 81 AD 06 08 2B 06 01 05 05 07 30 0...0....+.....0
02 86 81 A0 6C 64 61 70 3A 2F 2F 2F 43 4E 3D 43 ....ldap:///CN=C
41 32 30 30 33 2C 43 4E 3D 41 49 41 2C 43 4E 3D A2003,CN=AIA,CN=
61 00 a.
======================================================================
../../../src/src/libopensc/card.c:312:sc_unlock: called
../../../src/src/libopensc/apdu.c:504:sc_transmit_apdu: called
../../../src/src/libopensc/card.c:285:sc_lock: called
../../../src/src/libopensc/apdu.c:184:sc_apdu_log:
Outgoing APDU data [ 5 bytes] =====================================
00 C0 00 00 00 .....
======================================================================
../../../src/src/libopensc/apdu.c:184:sc_apdu_log:
Incoming APDU data [ 258 bytes] =====================================
50 75 62 6C 69 63 25 32 30 4B 65 79 25 32 30 53 Public%20Key%20S
65 72 76 69 63 65 73 2C 43 4E 3D 53 65 72 76 69 ervices,CN=Servi
63 65 73 2C 43 4E 3D 43 6F 6E 66 69 67 75 72 61 ces,CN=Configura
74 69 6F 6E 2C 44 43 3D 77 32 6B 33 2C 44 43 3D tion,DC=w2k3,DC=
67 65 6D 73 61 66 65 2C 44 43 3D 67 65 6D 3F 63 gemsafe,DC=gem?c
41 43 65 72 74 69 66 69 63 61 74 65 3F 62 61 73 ACertificate?bas
65 3F 6F 62 6A 65 63 74 43 6C 61 73 73 3D 63 65 e?objectClass=ce
72 74 69 66 69 63 61 74 69 6F 6E 41 75 74 68 6F rtificationAutho
72 69 74 79 30 58 06 08 2B 06 01 05 05 07 30 02 rity0X..+.....0.
86 4C 68 74 74 70 3A 2F 2F 63 61 32 30 30 33 2E .Lhttp://ca2003.
77 32 6B 33 2E 67 65 6D 73 61 66 65 2E 67 65 6D w2k3.gemsafe.gem
2F 43 65 72 74 45 6E 72 6F 6C 6C 2F 43 41 32 30 /CertEnroll/CA20
30 33 2E 77 32 6B 33 2E 67 65 6D 73 61 66 65 2E 03.w2k3.gemsafe.
67 65 6D 5F 43 41 32 30 30 33 2E 63 72 74 30 4B gem_CA2003.crt0K
06 03 55 1D 25 04 44 30 42 06 0A 2B 06 01 04 01 ..U.%.D0B..+....
82 37 14 02 02 06 08 2B 06 01 05 05 07 03 04 06 .7.....+........
61 00 a.
======================================================================
../../../src/src/libopensc/card.c:312:sc_unlock: called
../../../src/src/libopensc/apdu.c:504:sc_transmit_apdu: called
../../../src/src/libopensc/card.c:285:sc_lock: called
../../../src/src/libopensc/apdu.c:184:sc_apdu_log:
Outgoing APDU data [ 5 bytes] =====================================
00 C0 00 00 00 .....
======================================================================
../../../src/src/libopensc/apdu.c:184:sc_apdu_log:
Incoming APDU data [ 258 bytes] =====================================
0A 2B 06 01 04 01 82 37 0A 03 04 06 0A 2B 06 01 .+.....7.....+..
04 01 82 37 0A 03 0C 06 08 2B 06 01 05 05 07 03 ...7.....+......
03 06 08 2B 06 01 05 05 07 03 02 30 5D 06 09 2B ...+.......0]..+
06 01 04 01 82 37 15 0A 04 50 30 4E 30 0C 06 0A .....7...P0N0...
2B 06 01 04 01 82 37 14 02 02 30 0A 06 08 2B 06 +.....7...0...+.
01 05 05 07 03 04 30 0C 06 0A 2B 06 01 04 01 82 ......0...+.....
37 0A 03 04 30 0C 06 0A 2B 06 01 04 01 82 37 0A 7...0...+.....7.
03 0C 30 0A 06 08 2B 06 01 05 05 07 03 03 30 0A ..0...+.......0.
06 08 2B 06 01 05 05 07 03 02 30 48 06 03 55 1D ..+.......0H..U.
11 04 41 30 3F A0 28 06 0A 2B 06 01 04 01 82 37 ..A0?.(..+.....7
14 02 03 A0 1A 0C 18 6A 63 64 75 76 61 6C 40 77 [EMAIL PROTECTED]
32 6B 33 2E 67 65 6D 73 61 66 65 2E 67 65 6D 81 2k3.gemsafe.gem.
13 6A 63 64 75 76 61 6C 40 67 65 6D 73 61 66 65 [EMAIL PROTECTED]
2E 67 65 6D 30 0D 06 09 2A 86 48 86 F7 0D 01 01 .gem0...*.H.....
05 05 00 03 82 01 01 00 83 F2 28 79 28 34 B8 22 ..........(y(4."
35 EC 26 60 12 BA A4 FB DD 89 75 1E B3 83 07 A2 5.&`......u.....
61 ED a.
======================================================================
../../../src/src/libopensc/card.c:312:sc_unlock: called
../../../src/src/libopensc/apdu.c:504:sc_transmit_apdu: called
../../../src/src/libopensc/card.c:285:sc_lock: called
../../../src/src/libopensc/apdu.c:184:sc_apdu_log:
Outgoing APDU data [ 5 bytes] =====================================
00 C0 00 00 00 .....
======================================================================
../../../src/src/libopensc/apdu.c:184:sc_apdu_log:
Incoming APDU data [ 2 bytes] =====================================
6C ED l.
======================================================================
../../../src/src/libopensc/apdu.c:184:sc_apdu_log:
Outgoing APDU data [ 5 bytes] =====================================
00 C0 00 00 ED .....
======================================================================
../../../src/src/libopensc/apdu.c:184:sc_apdu_log:
Incoming APDU data [ 239 bytes] =====================================
08 D6 8C 22 BF 06 BB 12 A3 5A 03 56 28 18 F1 9F ...".....Z.V(...
03 55 93 7F B4 B2 B6 70 3A C4 B6 09 06 60 65 02 .U.....p:....`e.
0F 67 45 BC A6 1C DB 9A BA BD AA CE 66 EA E5 0C .gE.........f...
59 89 4F 90 31 90 CA 11 70 BB 38 88 82 C1 C5 8A Y.O.1...p.8.....
0E 21 4E 89 8C 11 C4 21 39 97 26 3D 61 71 42 EE .!N....!9.&=aqB.
59 3E 09 69 67 F5 DD 82 44 5B AC FD D9 91 90 39 Y>.ig...D[.....9
95 62 44 4D 15 00 B9 91 B0 8D BB A3 39 F5 AC E8 .bDM........9...
CF 5E AE BE 49 89 AC 79 03 88 A2 E9 C9 A2 44 9F .^..I..y......D.
F3 6A 05 41 27 F5 FA 1E DE 9F A7 2C FF B4 DD 5D .j.A'......,...]
F3 9E 2B 06 E7 01 A2 34 BE 6D F9 37 E3 57 B3 9B ..+....4.m.7.W..
D0 BC F1 AB 2D F6 21 FA CE 98 78 3E C5 C7 02 5C ....-.!...x>...\
BE 21 E2 53 83 75 DC 24 68 A3 E5 B9 37 ED AE 8C .!.S.u.$h...7...
17 BC 80 27 8E E5 60 9C 17 89 A1 17 3B C5 44 63 ...'..`.....;.Dc
E6 8C 1F 56 D3 46 4F 6E DE 1D B0 BB BA 49 07 34 ...V.FOn.....I.4
2E B6 6B E0 85 72 B2 A8 71 01 00 FE 00 90 00 ..k..r..q......
======================================================================
../../../src/src/libopensc/card.c:312:sc_unlock: called
../../../src/src/libopensc/card.c:312:sc_unlock: called
../../../src/src/libopensc/card-piv.c:291:piv_general_io: DEE r=0
apdu.resplen=1773 sw1=90 sw2=00
../../../src/src/libopensc/card-piv.c:327:piv_general_io: DEE got buffer
0x8067f88 len 1773
../../../src/src/libopensc/card.c:312:sc_unlock: called
../../../src/src/libopensc/card-piv.c:346:piv_general_io: returning with: 1773
../../../src/src/libopensc/card-piv.c:652:piv_get_data: returning with: 1773
../../../src/src/libopensc/card-piv.c:787:piv_read_binary: DEE
rbuf=0x8067f88,rbuflen=1773,
../../../src/src/libopensc/card-piv.c:811:piv_read_binary: returning with: 1760
../../../src/src/libopensc/card.c:430:sc_read_binary: returning with: 1760
../../../src/src/libopensc/card.c:312:sc_unlock: called
../../../src/src/libopensc/reader-openct.c:458:openct_reader_unlock: called
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
