[prev in list] [next in list] [prev in thread] [next in thread]
List: opensc-commits
Subject: [Opensc-commits] [OpenSC/OpenSC] 9933d6: Fix SM handling of command chaining for short apdus
From: Doug Engert via Opensc-commits <opensc-commits () lists ! sourceforge ! net>
Date: 2023-09-12 6:40:33
Message-ID: OpenSC/OpenSC/push/refs/heads/master/dc1d01-dfeeac () github ! com
[Download RAW message or body]
Branch: refs/heads/master
Home: https://github.com/OpenSC/OpenSC
Commit: 9933d620544f691acbcd04dba23cd8a27e3bbd90
https://github.com/OpenSC/OpenSC/commit/9933d620544f691acbcd04dba23cd8a27e3bbd90
Author: Doug Engert <deengert@gmail.com>
Date: 2023-09-12 (Tue, 12 Sep 2023)
Changed paths:
M src/libopensc/apdu.c
M src/libopensc/types.h
Log Message:
-----------
Fix SM handling of command chaining for short apdus
Allow driver to tell apdu.c to pass to sm_get_apdus to have it do
the chaining. Without this change, apdu.c will do the command chaining
and pass each chained apdu to SM. This may be OK for some,
but not PIV which uses short APDUs and encryption and MAC for data
before doing the chaining.
The driver sets SC_APDU_FLAGS_SM_CHAINING flag and SC_APDU_FLAGS_CHAINING.
which causes apdu.c to pass the plain adpu to card->sm_ctx.ops.get_sm_apdu.
Without the SC_APDU_FLAGS_SM_CHAINING the flow of SM is not changed.
On branch PIV-4-extensions
Changes to be committed:
modified: apdu.c
modified: types.h
Commit: 26b24c7c17a153e4697187f5145ac632472184f9
https://github.com/OpenSC/OpenSC/commit/26b24c7c17a153e4697187f5145ac632472184f9
Author: Doug Engert <deengert@gmail.com>
Date: 2023-09-12 (Tue, 12 Sep 2023)
Changed paths:
M src/libopensc/apdu.c
Log Message:
-----------
apdu.c log apdu->flags for debugging
On branch PIV-4-extensions
Changes to be committed:
modified: apdu.c
Commit: f6b4a2e6582d5c1a37a04be475df88bee86f0bc3
https://github.com/OpenSC/OpenSC/commit/f6b4a2e6582d5c1a37a04be475df88bee86f0bc3
Author: Doug Engert <deengert@gmail.com>
Date: 2023-09-12 (Tue, 12 Sep 2023)
Changed paths:
M etc/opensc.conf.example.in
M src/libopensc/card-piv.c
M src/libopensc/cards.h
M src/libopensc/pkcs15-piv.c
M src/libopensc/types.h
Log Message:
-----------
PIV Secure Messaging as defined in NIST 800-73-4 5/2015
Looking for other users who have cards that
support PIV SM and VCI for testing.
Changes to PIV code for SM as defined in NIST 800-73-4.
Section 4.1 The Key Establishment Protocol is done in piv_sm_open.
Step names and variable names were chosen to match
the names used used in 800-73-4.
piv_get_sm_apdu, piv_free_sm_apdu, and piv_sm_close
use the builtin SM apdu handling.
This version calls piv_sm_open once from piv_init.
and card->sm_ctx.sm_mode is set. See TODO below.
PR has been tested with pkcs11-tool -O and --test --login
using a "IDEMIA ID-One PIV 2.4 on Cosmo V8.1" with vendor
provided certificates (about 25 certificates and keys)
and other data objects.
The test card does not have a "pairing code object" need for VCI
for use over a contactless interface (NFC), But code
has been added to support pairing to allow testing.
The PIV SM code is only enabled if ENABLE_SM, ENABLE_OPENSSL and
OPENSSL_NO_EC is not defined. It was tested with --disable_sm
A card indicates it can suport SM in the response to SELECT_AID.
If card can support SM, but OpenSC was built without ENABLE_SM a
sc_log message will say so.
card-piv.c use SC_APDU_FLAGS_SM_CHAINING from previous commit.
This allows the PIV to pass a plain ADPU which needs
command chaining, to SM and piv_get_sm_apdu and will
encrypt and MAC the data before command chaining is done
in apdu.c
NIST sp800-73-4 3.3.2 extends pin policy usage flags for
optional VCI and OCC are defined.
Checked with valgrind, pkcs11 -O and pkcs11-tool --test --login
If card supports SM it is turned on in piv_init, so if
card is reset or interfered with from other process, SM will
not restart.
Signer certificates and CVC certificates are verified.
If interfered with by other processes, and
SM session is lost, it is restarted.
TODO Need a way to give user paring code from card over usb after login
if it is not printed on card or distributed in some other way.
MD_MAX_KEY_CONTAINERS 32 add piv_logout
PIV test card have more the 12 keys.
"card_driver PIV_II {" block in opensc.conf See: etc/opensc.conf.example.in
piv_max_object_size - removes the code to read first 8 bytes to get object size
and use piv_max_object_size as read buffer size. default is 16K, max is 65K
piv_use_sm - default, never, always
default - use it for PIN, crypto and reading objects that are PIN protected
Other objects are read in the clear for performance.
never - Don't use SM, even if card supports it. Can help is situations
were problems ith SM, and to debug other PIN or cryto problems.
always -Like default, but read all objects using SM.
piv_pairing_code - Card may require user to enter 8 digit pairing code to
use VCI so card can be used over contactless as if using contact reader.
VCI requires SM, and encrypts everything.
All can be set via env. PIV_USE_SM= PIV_PAIRING_CODE=
Used of a contactless reader is identified by the ATR 3B 8X 80 01 ....
Rework PIV card matching and init for less overhead.
piv_match_card_continued was committed in 4222036a6 2018-02-28
to handle limitations in card.c on not allowing *_match_card
to pass anything other the card->type to *_init routines.
These restrictions were removed in 2c0d1b9ab 2018-07-05.
piv_match_card_continued is only called once, from piv_match_card
does some checks, sets card->type, allocates piv_private_data_t,
saves it in card->drv_data, calls sc_lock.
If piv_match_card_continued fails, piv_match_card will call
sc_lock, piv_finish and return 0 (failed to match).
And just in case piv_match_card is not called, piv_init will call
piv_match_card_continued. And if it fails will call sc_unlock,
piv_finish and return SC_ERROR_INVALID_CARD.
The card lock is finally released at end of piv_init. This
allows no interference from other process during piv_match_card
and piv_init.
If CSAI 0xAC tag is found in the response to a SELECT AID and is used to
say the card supports SM. It will still do this even if built without
SM so it will show up in debug logs.
PIV specs are vague and some PIV applets and a 0xAC tag for every
algorithm and not just for SM.
PIV Secure Messaging requires at least OpenSSL-1.1.1 or OpenSSL-3.0.0
Added equivelent code from PR 2366.
Pairing code is optional, and only used when creating a VCI over
contetless reader. It can be provided via env PIV_PAIRING_CODE
or in opensc.conf.
In any case the paring code, if provided, must be 8 ASCII digits.
There is no not easy way to tell the user the code is invalid.
"piv_parse_pairing_code" is added to check the length and digits.
The caller will add a debug log entry if it is invalid so
there is a record of the failure.
With 800-73-4 Secure Messaging the SELECT AID response specifies
which cryptographic algorithms under tag 0xAC are supported for Secure Messaging.
The code was using the discovery object to test if the PIV applet is active
as some cards have a card issue of losing the login state if the SELECT AID
is used instead. (None of these cards support SM so reading the discovey object
was as good as doing SELECT_AID.)
The problme was found while running in contactless mode, card would work the first time
becaus the discovery object would not find the PIV applet so a SELECT AID was
done and it would also update the the cryptographic algorithms.
When run a second time, reading the discovery object would work but the SELECT AID
would only be done near the end of match routine for card types the may support 800-73-4.
The duplicate "sc_atr" was not listed as one the need to have SELECT AID done.
PIV change processing of CVC certificates
At the request of others va github comment, the method to used
to extract an optional intermediate CVC certificate was changed.
Unlike other certificate objects in 800-73-4, "Table 42. Secure Messaging Certificate Signer"
the "Intermediate CVC (Conditional)" does not have an enclosing tag, but
uses the 0x7F21 tag. Later the 0x7F21 tag is considered part of the certificate
and a hash of the the full certificate is sent to the card as part of SM.
OpenSC has a number of asn1 routines such as "sc_asn1_find" to find tags
but once found, they only return the address of the value(V) and its length(L)
but do not return the address of the found tag(T). The previous code
reconstructed the address of the found tag be calculating the number of bytes
it took to encode (L) and known tag(T).
800-73-4 says the "Intermediate CVC (Conditional)" immediately follows the
"CertInfo" so the address of the following byte is saved to locate where the
"Intermediate CVC (Conditional)" could start.
Rename dec_counter to resp_enc_counter as name was misleading
800-74-4 says: "(i.e., the IV used to encrypt the first response after successful
completion of the key establishment protocol shall be generated by encrypting
'80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01' with SKENC)."
Use the same (encrypted) IV the card used to encrypt the response
when decrypting the response.
Explain how SM APDU case is derived
Added comment and used defines to show how the APDU for SM is
derived from the plain APDU. and how it will allow for extended
APDUs if NIST allows them or card vendor in known to support them.
Changes to be committed:
modified: etc/opensc.conf.example.in
modified: src/libopensc/card-piv.c
modified: src/libopensc/cards.h
modified: src/libopensc/pkcs15-piv.c
modified: src/libopensc/types.h
Commit: e227f68d3c6a6e1cae1b16114ea96525a6c692ea
https://github.com/OpenSC/OpenSC/commit/e227f68d3c6a6e1cae1b16114ea96525a6c692ea
Author: Doug Engert <deengert@gmail.com>
Date: 2023-09-12 (Tue, 12 Sep 2023)
Changed paths:
M doc/files/opensc.conf.5.xml.in
M src/libopensc/card-piv.c
Log Message:
-----------
card-piv.c various improvments
Update PIV conf and env in opensc.conf.5.xml.in
Improved card match and testing for SM cards
Allow force of SC_CARD_TYPE_PIV_II_BASE, which will test for all posible
type of cards tested including 800-74-4 supported features.
Tested with ID-One with SM, Older NIST beta cards: Gemalto and Oberthur,
YubiKey: 4 and 5 NFC and PIVKey C910.
Allow testing PIV SM with or without github.com/OpenSC/OpenSC/pull/2712
Clear CVC contents if CVC fails to encode
In responses to https://github.com/OpenSC/OpenSC/pull/2053#discussion_r1102504801
For example, if the CVC can not be parsed, clear it by calling piv_clear_cvc_content
Add PIV SM functions prototypes as static
PIV Use piv_free_sm_apdu to cleanup if piv_encode_apdu fails
This is in response to:
https://github.com/OpenSC/OpenSC/pull/2053#discussion_r1102512477
and https://github.com/OpenSC/OpenSC/pull/2053#discussion_r1102516064
PIV Improve testing of AuthCryptogram
This is in response to:
https://github.com/OpenSC/OpenSC/pull/2053#discussion_r1102625542
PIV goto err if AuthCryptogram check fails
PIV Add check for plain->resp == NULL
Handle case where apdu resp == NULL and resplen > 0 which would be a programming error.
card-piv.c With SM and no data returned set plain->resplen=0
Fixes https://github.com/OpenSC/OpenSC/pull/2053#issuecomment-1501913641
PIV fix checking of padding
Fixes: https://github.com/OpenSC/OpenSC/pull/2053#discussion_r1202793082
PIV SM - Unzip SM Certificate Signer Certificate
With SM, the Cert Signer certificate may be ziped. card-piv.c
needs to extract the public key before pkcs15 emulation is
setup. Call sc_decompress_alloc.
Changes to be committed:
modified: doc/files/opensc.conf.5.xml.in
modified: src/libopensc/card-piv.c
Commit: a36db5f3b87bf9600e185b3b073e3072d2f04bf6
https://github.com/OpenSC/OpenSC/commit/a36db5f3b87bf9600e185b3b073e3072d2f04bf6
Author: Doug Engert <deengert@gmail.com>
Date: 2023-09-12 (Tue, 12 Sep 2023)
Changed paths:
M configure.ac
M doc/files/opensc.conf.5.xml.in
M etc/opensc.conf.example.in
M src/libopensc/card-piv.c
Log Message:
-----------
card-piv.c - Do not enable PIV SM by default
This is in response to:
https://github.com/OpenSC/OpenSC/pull/2053#issuecomment-1638038085
configure.ac add --enable-piv-sm option with default disabled
Changes to be committed:
modified: configure.ac
modified: doc/files/opensc.conf.5.xml.in
modified: etc/opensc.conf.example.in
modified: src/libopensc/card-piv.c
Commit: 8f52f82f20e7381845c7e310275f4093d1c4a350
https://github.com/OpenSC/OpenSC/commit/8f52f82f20e7381845c7e310275f4093d1c4a350
Author: Doug Engert <deengert@gmail.com>
Date: 2023-09-12 (Tue, 12 Sep 2023)
Changed paths:
M src/libopensc/card-piv.c
Log Message:
-----------
card-piv.c add sc_log for verify failure over contactless
See: https://github.com/OpenSC/OpenSC/pull/2053/files#r1267420364
On branch PIV-4-extensions
Changes to be committed:
modified: card-piv.c
Commit: fde759aa113bfe667fbdb1c5bea6b5cb842ce79a
https://github.com/OpenSC/OpenSC/commit/fde759aa113bfe667fbdb1c5bea6b5cb842ce79a
Author: Doug Engert <deengert@gmail.com>
Date: 2023-09-12 (Tue, 12 Sep 2023)
Changed paths:
M src/libopensc/pkcs15-piv.c
Log Message:
-----------
pkcs15-piv.c fix memory leak of one pubkey found by valgrind
The Secure Messaging Certificate Signer does not have a private key on the card.
The public key was extracted from the certificate but never freed later
while creating private key entries.
On branch PIV-4-extensions
Changes to be committed:
modified: pkcs15-piv.c
Commit: ccb6f3c71995e262487b764abb4b0b9d035d8431
https://github.com/OpenSC/OpenSC/commit/ccb6f3c71995e262487b764abb4b0b9d035d8431
Author: Frank Morgner <frankmorgner@gmail.com>
Date: 2023-09-12 (Tue, 12 Sep 2023)
Changed paths:
M doc/files/opensc.conf.5.xml.in
M etc/opensc.conf.example.in
M src/libopensc/card-piv.c
Log Message:
-----------
replace PIV_MAX_OBJECT_SIZE with MAX_FILE_SIZE
simplify code and configuration options
Commit: 6237ed7673f5b5d05f4c20eb8b001e017827d0eb
https://github.com/OpenSC/OpenSC/commit/6237ed7673f5b5d05f4c20eb8b001e017827d0eb
Author: Frank Morgner <frankmorgner@gmail.com>
Date: 2023-09-12 (Tue, 12 Sep 2023)
Changed paths:
M etc/opensc.conf.example.in
Log Message:
-----------
removed doc for PIV SM option that's likely to change
Commit: 06d58f1fe581b03aab02670b04e133d859618458
https://github.com/OpenSC/OpenSC/commit/06d58f1fe581b03aab02670b04e133d859618458
Author: Frank Morgner <frankmorgner@gmail.com>
Date: 2023-09-12 (Tue, 12 Sep 2023)
Changed paths:
M src/libopensc/card-piv.c
Log Message:
-----------
PIV: move locking outside of piv_match_card_continued
This fixes an erroneous call of sc_unlock in piv_match_card_continued in
case of an error, which causes sc_unlock to be called more often than
sc_lock.
Commit: b5ee4184376c5653871fc7af03255538f7d647e8
https://github.com/OpenSC/OpenSC/commit/b5ee4184376c5653871fc7af03255538f7d647e8
Author: Frank Morgner <frankmorgner@gmail.com>
Date: 2023-09-12 (Tue, 12 Sep 2023)
Changed paths:
M etc/opensc.conf.example.in
M src/libopensc/card-piv.c
Log Message:
-----------
Fixed compiler warnings
Changes to be committed:
modified: src/libopensc/card-piv.c
Commit: f5b55ea81162256a3b250c0bc5b184c3a6e486d7
https://github.com/OpenSC/OpenSC/commit/f5b55ea81162256a3b250c0bc5b184c3a6e486d7
Author: Doug Engert <deengert@gmail.com>
Date: 2023-09-12 (Tue, 12 Sep 2023)
Changed paths:
M src/libopensc/card-piv.c
Log Message:
-----------
card-piv.c - restrict response buffer to 65K - 256 and minor changes
The use of priv->max_object_size = MAX_FILE_SIZE; causes
SM to exceed 65K when creating SM apdu from plain apdu. The
plain apdu will have 65K, and SM apdu will add 40 bytes.
f05eb3e0a "replace PIV_MAX_OBJECT_SIZE with MAX_FILE_SIZE"
introduced the problem.
pcsc internally will allocate another buffer the size of resplen.
SCardTransmit will get a 0x80100008 error.
Remove some TODO comments
Use cipher vs cypher
https://english.stackexchange.com/questions/147965/cipher-vs-cypher
Remove a nit and combined two "#if"... #endif" sections into one.
Remove piv_is_expected_tag and replace with inline code in 3 places.
Changes to be committed:
modified: src/libopensc/card-piv.c
Commit: d43a199524728266c51c35b854d52c8f21f90bb1
https://github.com/OpenSC/OpenSC/commit/d43a199524728266c51c35b854d52c8f21f90bb1
Author: Jakub Jelen <jjelen@redhat.com>
Date: 2023-09-12 (Tue, 12 Sep 2023)
Changed paths:
M .github/build.sh
M .github/workflows/coverity.yml
M .github/workflows/linux.yml
Log Message:
-----------
Run CI for PIV SM
Commit: d0791b7fd08d914d5e7c5878c1fbda9a46c7017a
https://github.com/OpenSC/OpenSC/commit/d0791b7fd08d914d5e7c5878c1fbda9a46c7017a
Author: Jakub Jelen <jjelen@redhat.com>
Date: 2023-09-12 (Tue, 12 Sep 2023)
Changed paths:
M src/tools/pkcs11-tool.c
Log Message:
-----------
pkcs11-tool: Avoid memory leaks with OSSL3
Commit: dfeeac68f9cc3b26fe434ef7cfe046905a54b1d5
https://github.com/OpenSC/OpenSC/commit/dfeeac68f9cc3b26fe434ef7cfe046905a54b1d5
Author: Doug Engert <deengert@gmail.com>
Date: 2023-09-12 (Tue, 12 Sep 2023)
Changed paths:
M src/libopensc/card-piv.c
Log Message:
-----------
card-piv.c SM move check for no response data to after MAC is checked
On branch PIV-4-extensions
Changes to be committed:
modified: card-piv.c
Compare: https://github.com/OpenSC/OpenSC/compare/dc1d0196b41d...dfeeac68f9cc
_______________________________________________
Opensc-commits mailing list
Opensc-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-commits
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic