Le 16/05/2011 11:26, HOURY William a écrit : > I just have tested the latest nightly build and everything works now fine ! > The smartcard logon works well on XP& 2008 on a card with 2 PIN/PUK codes.
Nice to hear. Thanks for the tests. > I hope this fix will be integrated in the OpenSC 12.1 release. > Thanks, > William > > -----Message d'origine----- > De : opensc-devel-boun...@lists.opensc-project.org > [mailto:opensc-devel-boun...@lists.opensc-project.org] De la part de Viktor > TARASOV > Envoyé : mercredi 11 mai 2011 19:33 > Cc : opensc-devel@lists.opensc-project.org > Objet : Re: [opensc-devel] Windows Smart Card Logon issue with OpenSC 12.1 > RC1& Athena ASEPCOS card > > Commited in r5435. > > Le 11/05/2011 17:31, HOURY William a écrit : >> Ok, so it means we have another issue after this one. > For a while I don't see the reason. > > Looking through the minidriver specification (v7), the CardAuthenticatePin() > is simplified version of CardAuthenticateEx(). > and the second can be used instead of the first one. > > >> Do you know if it's possible to activate logs from the base csp ? >> It could be helpful here. > Don't know. > > >> Thks >> William > Kind wishes, > Viktor. > >> -----Message d'origine----- >> De : opensc-devel-boun...@lists.opensc-project.org >> [mailto:opensc-devel-boun...@lists.opensc-project.org] De la part de Viktor >> TARASOV >> Envoyé : mercredi 11 mai 2011 17:02 >> Cc : opensc-devel@lists.opensc-project.org >> Objet : Re: [opensc-devel] Windows Smart Card Logon issue with OpenSC 12.1 >> RC1& Athena ASEPCOS card >> >> Le 11/05/2011 16:38, HOURY William a écrit : >>> Thanks Victor, i'll be happy to test the new nightly build tomorrow. >>> >>> However, I have tried to perform the same test on my other PC (a Windows >>> 2008 Server 32 bits member of the same domain) and the compute operation >>> seems to be ok. I put the logs attached. >> In these logs the UserPIN was verified. In this sequence the >> CardAuthenticateEx() has been used for authentication. >> In the previous sequence it was the CardAuthenticatePin() that needs to be >> updated. >> Don't ask me what is the difference in the calling contexts of these two >> functions for the BaseCSP. >> >> >>> But the smartcard logon is still not possible. In the eventviewer, I can >>> only see "An error occurred while decrypting a message: Bad Data". >>> >>> Thks >>> >>> William >>> >>> -----Message d'origine----- >>> De : opensc-devel-boun...@lists.opensc-project.org >>> [mailto:opensc-devel-boun...@lists.opensc-project.org] De la part de Viktor >>> TARASOV >>> Envoyé : mercredi 11 mai 2011 15:33 >>> À : opensc-devel@lists.opensc-project.org >>> Objet : Re: [opensc-devel] Windows Smart Card Logon issue with OpenSC 12.1 >>> RC1& Athena ASEPCOS card >>> >>> Hello, >>> >>> Le 11/05/2011 14:48, HOURY William a écrit : >>>> Please find attached the new logs generated after a fresh reboot. >>>> Apparently the sc_compute_signature function fails returning -1211 >>>> (Security status not satisfied) >>>> >>>> I can also provide the successful logs of a SSL connection using IE >>>> with the same card/PC if it may help to understand the issue. >>>> >>> According to the logs before computing signature your SoPIN (ref:2) was >>> successfully verified. >>> I suppose you have the same value for PIN (ref:4) and SoPIN. >>> >>> It's the bug of minidriver. When verifying PIN in CardAuthenticatePin() it >>> takes the first available PIN objects, and, in your case it's the SoPIN. >>> >>> The correction itself is rather simple. The same bug was affecting the >>> CardAuthenticateEx() and it was resolved for this function in r5270. >>> >>> I can made the changes to trunk, but I have no possibility to test it >>> rapidly. >>> So, if this risk could be accepted, you can try the next nightly installer. >>> >>> >>>> Thanks >>>> >>>> William >>>> >>> Kind wishes, >>> Viktor. >>> >>>> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- >>>> >>>> *De :*Jozsef Dojcsak [mailto:d...@t-online.hu] >>>> *Envoyé :* mercredi 11 mai 2011 13:54 >>>> *À :* HOURY William >>>> *Objet :* Re: [opensc-devel] Windows Smart Card Logon issue with OpenSC >>>> 12.1 RC1& Athena ASEPCOS card >>>> >>>> According to the opensc-debug.log, the login process was aborted right at >>>> the beginning, after retrieving the "cardid". >>>> >>>> ... >>>> >>>> 2011-05-11 10:53:35.298 return cardid >>>> >>>> 2011-05-11 10:53:35.298 --- 00E9F1E8:26 >>>> >>>> 2011-05-11 10:53:35.298 0000 30433037 35343830 35313232 31463232 >>>> 00000000 00000000 0000 >>>> >>>> 2011-05-11 10:53:35.298 >>>> >>>> P:816 T:3860 pCardData:00EB6520 >>>> >>>> 2011-05-11 10:53:35.298 CardDeleteContext >>>> >>>> ... >>>> >>>> although the returned cardid seems to be valid. This CardDeleteContext may >>>> also happen if the resource manager already maintains a card handle to >>>> this card. So if you repeat your test after a fresh reboot, the >>>> opesc-debug.log could contain more relevant error messages about the hash >>>> signing problem. >>>> >>>> >>>> >>>> Cheers, >>>> >>>> Jozsef >>>> >>>> > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel > > ________________________________ > > > Ce message et les pièces jointes sont confidentiels et réservés à l'usage > exclusif de ses destinataires. Il peut également être protégé par le secret > professionnel. Si vous recevez ce message par erreur, merci d'en avertir > immédiatement l'expéditeur et de le détruire. L'intégrité du message ne > pouvant être assurée sur Internet, la responsabilité du groupe Atos Origin ne > pourra être recherchée quant au contenu de ce message. Bien que les meilleurs > efforts soient faits pour maintenir cette transmission exempte de tout virus, > l'expéditeur ne donne aucune garantie à cet égard et sa responsabilité ne > saurait être recherchée pour tout dommage résultant d'un virus transmis. > > This e-mail and the documents attached are confidential and intended solely > for the addressee; it may also be privileged. If you receive this e-mail in > error, please notify the sender immediately and destroy it. As its integrity > cannot be secured on the Internet, the Atos Origin group liability cannot be > triggered for the message content. Although the sender endeavours to maintain > a computer virus-free network, the sender does not warrant that this > transmission is virus-free and will not be liable for any damages resulting > from any virus transmitted. > > -- Viktor Tarasov <viktor.tara...@opentrust.com> _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
