Le 11/05/2011 16:38, HOURY William a écrit : > Thanks Victor, i'll be happy to test the new nightly build tomorrow. > > However, I have tried to perform the same test on my other PC (a Windows 2008 > Server 32 bits member of the same domain) and the compute operation seems to > be ok. I put the logs attached.
In these logs the UserPIN was verified. In this sequence the CardAuthenticateEx() has been used for authentication. In the previous sequence it was the CardAuthenticatePin() that needs to be updated. Don't ask me what is the difference in the calling contexts of these two functions for the BaseCSP. > But the smartcard logon is still not possible. In the eventviewer, I can only > see "An error occurred while decrypting a message: Bad Data". > > Thks > > William > > -----Message d'origine----- > De : opensc-devel-boun...@lists.opensc-project.org > [mailto:opensc-devel-boun...@lists.opensc-project.org] De la part de Viktor > TARASOV > Envoyé : mercredi 11 mai 2011 15:33 > À : opensc-devel@lists.opensc-project.org > Objet : Re: [opensc-devel] Windows Smart Card Logon issue with OpenSC 12.1 > RC1& Athena ASEPCOS card > > Hello, > > Le 11/05/2011 14:48, HOURY William a écrit : >> Please find attached the new logs generated after a fresh reboot. >> Apparently the sc_compute_signature function fails returning -1211 (Security >> status not satisfied) >> >> I can also provide the successful logs of a SSL connection using IE with >> the same card/PC if it may help to understand the issue. >> > According to the logs before computing signature your SoPIN (ref:2) was > successfully verified. > I suppose you have the same value for PIN (ref:4) and SoPIN. > > It's the bug of minidriver. When verifying PIN in CardAuthenticatePin() it > takes the first available PIN objects, and, in your case it's the SoPIN. > > The correction itself is rather simple. The same bug was affecting the > CardAuthenticateEx() and it was resolved for this function in r5270. > > I can made the changes to trunk, but I have no possibility to test it rapidly. > So, if this risk could be accepted, you can try the next nightly installer. > > >> Thanks >> >> William >> > > Kind wishes, > Viktor. > >> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- >> >> *De :*Jozsef Dojcsak [mailto:d...@t-online.hu] >> *Envoyé :* mercredi 11 mai 2011 13:54 >> *À :* HOURY William >> *Objet :* Re: [opensc-devel] Windows Smart Card Logon issue with OpenSC 12.1 >> RC1& Athena ASEPCOS card >> >> According to the opensc-debug.log, the login process was aborted right at >> the beginning, after retrieving the "cardid". >> >> ... >> >> 2011-05-11 10:53:35.298 return cardid >> >> 2011-05-11 10:53:35.298 --- 00E9F1E8:26 >> >> 2011-05-11 10:53:35.298 0000 30433037 35343830 35313232 31463232 00000000 >> 00000000 0000 >> >> 2011-05-11 10:53:35.298 >> >> P:816 T:3860 pCardData:00EB6520 >> >> 2011-05-11 10:53:35.298 CardDeleteContext >> >> ... >> >> although the returned cardid seems to be valid. This CardDeleteContext may >> also happen if the resource manager already maintains a card handle to this >> card. So if you repeat your test after a fresh reboot, the opesc-debug.log >> could contain more relevant error messages about the hash signing problem. >> >> >> >> Cheers, >> >> Jozsef >> >> >> >> >> >> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- >> >> Ce message et les pièces jointes sont confidentiels et réservés à l'usage >> exclusif de ses destinataires. Il peut également être protégé par le secret >> professionnel. Si vous recevez ce message par erreur, merci d'en avertir >> immédiatement l'expéditeur et >> de le détruire. L'intégrité du message ne pouvant être assurée sur Internet, >> la responsabilité du groupe Atos Origin ne pourra être recherchée quant au >> contenu de ce message. Bien que les meilleurs efforts soient faits pour >> maintenir cette transmission >> exempte de tout virus, l'expéditeur ne donne aucune garantie à cet égard et >> sa responsabilité ne saurait être recherchée pour tout dommage résultant >> d'un virus transmis. >> >> This e-mail and the documents attached are confidential and intended solely >> for the addressee; it may also be privileged. If you receive this e-mail in >> error, please notify the sender immediately and destroy it. As its integrity >> cannot be secured on the >> Internet, the Atos Origin group liability cannot be triggered for the >> message content. Although the sender endeavours to maintain a computer >> virus-free network, the sender does not warrant that this transmission is >> virus-free and will not be liable for >> any damages resulting from any virus transmitted. >> >> >> _______________________________________________ >> opensc-devel mailing list >> opensc-devel@lists.opensc-project.org >> http://www.opensc-project.org/mailman/listinfo/opensc-devel > -- Viktor Tarasov <viktor.tara...@opentrust.com> _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
