Commited in r5435. Le 11/05/2011 17:31, HOURY William a écrit : > Ok, so it means we have another issue after this one.
For a while I don't see the reason. Looking through the minidriver specification (v7), the CardAuthenticatePin() is simplified version of CardAuthenticateEx(). and the second can be used instead of the first one. > Do you know if it's possible to activate logs from the base csp ? > It could be helpful here. Don't know. > Thks > William Kind wishes, Viktor. > -----Message d'origine----- > De : opensc-devel-boun...@lists.opensc-project.org > [mailto:opensc-devel-boun...@lists.opensc-project.org] De la part de Viktor > TARASOV > Envoyé : mercredi 11 mai 2011 17:02 > Cc : opensc-devel@lists.opensc-project.org > Objet : Re: [opensc-devel] Windows Smart Card Logon issue with OpenSC 12.1 > RC1& Athena ASEPCOS card > > Le 11/05/2011 16:38, HOURY William a écrit : >> Thanks Victor, i'll be happy to test the new nightly build tomorrow. >> >> However, I have tried to perform the same test on my other PC (a Windows >> 2008 Server 32 bits member of the same domain) and the compute operation >> seems to be ok. I put the logs attached. > In these logs the UserPIN was verified. In this sequence the > CardAuthenticateEx() has been used for authentication. > In the previous sequence it was the CardAuthenticatePin() that needs to be > updated. > Don't ask me what is the difference in the calling contexts of these two > functions for the BaseCSP. > > >> But the smartcard logon is still not possible. In the eventviewer, I can >> only see "An error occurred while decrypting a message: Bad Data". >> >> Thks >> >> William >> >> -----Message d'origine----- >> De : opensc-devel-boun...@lists.opensc-project.org >> [mailto:opensc-devel-boun...@lists.opensc-project.org] De la part de Viktor >> TARASOV >> Envoyé : mercredi 11 mai 2011 15:33 >> À : opensc-devel@lists.opensc-project.org >> Objet : Re: [opensc-devel] Windows Smart Card Logon issue with OpenSC 12.1 >> RC1& Athena ASEPCOS card >> >> Hello, >> >> Le 11/05/2011 14:48, HOURY William a écrit : >>> Please find attached the new logs generated after a fresh reboot. >>> Apparently the sc_compute_signature function fails returning -1211 >>> (Security status not satisfied) >>> >>> I can also provide the successful logs of a SSL connection using IE with >>> the same card/PC if it may help to understand the issue. >>> >> According to the logs before computing signature your SoPIN (ref:2) was >> successfully verified. >> I suppose you have the same value for PIN (ref:4) and SoPIN. >> >> It's the bug of minidriver. When verifying PIN in CardAuthenticatePin() it >> takes the first available PIN objects, and, in your case it's the SoPIN. >> >> The correction itself is rather simple. The same bug was affecting the >> CardAuthenticateEx() and it was resolved for this function in r5270. >> >> I can made the changes to trunk, but I have no possibility to test it >> rapidly. >> So, if this risk could be accepted, you can try the next nightly installer. >> >> >>> Thanks >>> >>> William >>> >> Kind wishes, >> Viktor. >> >>> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- >>> >>> *De :*Jozsef Dojcsak [mailto:d...@t-online.hu] >>> *Envoyé :* mercredi 11 mai 2011 13:54 >>> *À :* HOURY William >>> *Objet :* Re: [opensc-devel] Windows Smart Card Logon issue with OpenSC >>> 12.1 RC1& Athena ASEPCOS card >>> >>> According to the opensc-debug.log, the login process was aborted right at >>> the beginning, after retrieving the "cardid". >>> >>> ... >>> >>> 2011-05-11 10:53:35.298 return cardid >>> >>> 2011-05-11 10:53:35.298 --- 00E9F1E8:26 >>> >>> 2011-05-11 10:53:35.298 0000 30433037 35343830 35313232 31463232 >>> 00000000 00000000 0000 >>> >>> 2011-05-11 10:53:35.298 >>> >>> P:816 T:3860 pCardData:00EB6520 >>> >>> 2011-05-11 10:53:35.298 CardDeleteContext >>> >>> ... >>> >>> although the returned cardid seems to be valid. This CardDeleteContext may >>> also happen if the resource manager already maintains a card handle to this >>> card. So if you repeat your test after a fresh reboot, the opesc-debug.log >>> could contain more relevant error messages about the hash signing problem. >>> >>> >>> >>> Cheers, >>> >>> Jozsef >>> >>> _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
