On 7/10/2012 8:19 PM, Galoh Haron wrote:
> Douglas,
>
> here is the changes list that i have made for the opensc-minidrver.inf
> and .minidriver-westcos.reg
>
> .inf
>
> [Minidriver.NTamd64]
> + %CardDeviceName%=Minidriver64_Install,SCFILTER\CID_7320006C009000
> - %CardDeviceName%=Minidriver64_Install,SCFILTER\CID_00640181010c829000
>
> [Minidriver.NTx86]
> + %CardDeviceName%=Minidriver32_Install,SCFILTER\CID_7320006C009000
> - %CardDeviceName%=Minidriver32_Install,SCFILTER\CID_00640181010c829000
>
> [Minidriver.NTamd64.6.1]
> + %CardDeviceName%=Minidriver64_61_Install,SCFILTER\CID_7320006C009000
> - %CardDeviceName%=Minidriver64_61_Install,SCFILTER\CID_00640181010c829000
>
> [AddRegWOW64]
> + HKLM, %SmartCardNameWOW64%,"ATR",0x00000001,3b,67,00,00,73,20,00,6c,00,90,00
> - HKLM,
> %SmartCardNameWOW64%,"ATR",0x00000001,3f,69,00,00,00,64,01,00,00,00,80,90,00
> - HKLM,
> %SmartCardNameWOW64%,"ATRMask",0x00000001,ff,ff,ff,ff,ff,ff,ff,00,00,00,f0,ff,ff
>
> [Strings]
> +SmartCardName="SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\MyKAD"
> - SmartCardName="SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\Cev
> Westcos"
> +SmartCardNameWOW64="SOFTWARE\Wow6432Node\Microsoft\Cryptography\Calais\SmartCards\MyKAD"
> -
> SmartCardNameWOW64="SOFTWARE\Wow6432Node\Microsoft\Cryptography\Calais\SmartCards\Cev
> Westcos"
>
> .reg
> Windows Registry Editor Version 5.00
>
> + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\MyKAD]
> - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\CEV
> WESTCOS]
> + "ATR"=hex:3b,67,00,00,73,20,00,6c,00,90,00
> - "ATR"=hex:3f,69,00,00,00,64,01,00,00,00,80,90,00
> - "ATRMask"=hex:ff,ff,ff,ff,ff,ff,ff,00,00,00,f0,ff,ff
>
> I have attached the cardmod.log if you required it.
>
In line 85 of the trace:
P:13632 T:14000 pCardData:0048E4D8 CardReadFile
pszDirectoryName = mscp, pszFileName = cmapfile, dwFlags = 0, pcbData=0,
*ppbData=0
check_reader_status
pCardData->hSCardCtx:0xCD010002 hScard:0xEA020000
check_reader_status r=5 flags 0x00000005
sc_pkcs15_read_certificate return 0
There is no cmapfile returned, and shortly after, the CardDeleteContext
is called.
In my version that may be out of date from 5/26/2011,
when I last looked at this code, a cmapfile is returned,
My trace was from a smart card login, and not from certutil.exe
P:816 T:820 pCardData:00F15700 CardReadFile
pszDirectoryName = mscp, pszFileName = cmapfile, dwFlags = 0, pcbData=0,
*ppbData=0
check_reader_status
pCardData->hSCardCtx:0xCD010002 hScard:0xEA010001
check_reader_status r=5 flags 0x00000005
sc_pkcs15_read_certificate return 0
Guid={31323334-3536-3738-390c-075480510916}
cmapfile entry 0 --- 00F1FB68:86
0000 7B003300 31003300 32003300 33003300 34002D00 33003500 33003600 2D003300
0020 37003300 38002D00 33003900 30006300 2D003000 37003500 34003800 30003500
After this things progress to passing he certificate back.
So it looks like some of the minidriver is not creating the cmapfile,
maybe because it can not find something form your card.
Look at line 832 in minidriver.c (opensc-0.12.2 version)
if(pubkey->algorithm == SC_ALGORITHM_RSA)
is true.
> Thank you.
>
>
>
> On Tue, Jul 10, 2012 at 9:20 PM, Douglas E. Engert <deeng...@anl.gov> wrote:
>>
>>
>> On 7/10/2012 3:35 AM, Galoh Haron wrote:
>>> hello all,
>>>
>>> I found errors in running certutil -scinfo
>>> 1) Can't open the AT_SIGNATURE key for reader
>>> 2) Can't open the At_KEYEXCHANGE key for reader
>>> 3) Cannot open the key for reader
>>>
>>> A pops dialog show .." A smart card was detected but is not the one
>>> required for the current operation. The smart card you are using may
>>> be missing required driver software or a required certificate".
>>
>> Sounds like the MS code is having problems using the minidriver.
>> This could be because your registry is not configured correctly
>> or you code is doing something that does not work under the minidriver.
>> The minidriver may be called during login by more then one process,
>> and by more then one thread. Depending on how your code is written this may
>> cause problems. The minidriver may stay loaded by more then one process
>> for long times. During login, there is no HKLU registry as there is no
>> current user. This also implies that access to files is limited.
>>
>>>
>>> i can view the certificate in mozilla web browser.
>>>
>>> to minidrive everything
>>> 1) I configure the registry as per minidriver-westcost.reg
>> Send your changes to the list.
>>
>>> 2) I configure the opensc-minidriver.inf and change the device ID
>>> according to the historical atr bytes
>>> 3) install the inf accordingly
>>
>> Send the inf changes to the list.
>>
>>>
>>> what else should i do.?
>>
>> You could compile the mindriver with the CARDMOD_LOW_LEVEL_DEBUG
>> See minidriver.c around line 100. Its only for debugging.
>> You will need to create the C:\tmp\cardmod.log and make it writable
>> by everyone.
>>
>>
>>>
>>>
>>> On Wed, Jul 4, 2012 at 6:20 PM, Viktor Tarasov <viktor.tara...@gmail.com>
>>> wrote:
>>>> Hello,
>>>>
>>>> Le 04/07/2012 03:16, Galoh Haron a écrit :
>>>>> I guess i need to clarify the question on pkcs#15 emulator again.
>>>>>
>>>>> 1) I have created pkcs15-thecard.c and work on sc_pks15emu-thecard_init_ex
>>>>> 2) With some code's modification, the command of opensc-tool -i,
>>>>> opensc-tool -a opensc -s work.
>>>>> 3) Any other steps missing for the emulator to work or perhaps a tiny
>>>>> miny write up for developers to work on the emulator ?
>>>>
>>>>
>>>> I would start from implementing the card driver with the basic
>>>> 'sc_card_operations' handlers
>>>> and testing all the stuff with the opensc-explorer .
>>>>
>>>> Then make a list of the pre-existing objects (PINs, Pub/Priv keys, certs,
>>>> data) that you wish to see exposed with the libopensc/pkcs15 API as the
>>>> PKCS#15 objects.
>>>>
>>>> After that take as example some existing emulator to see how to prepare
>>>> data before calling the 'sc_pkcs15emu_add_**' functions
>>>> and host to register your 'init_ex' procedure in pkcs15-syn.c .
>>>>
>>>> Then your can start the testing with the pkcs15-* tools, and finally
>>>> minidriver.
>>>>
>>>>
>>>>>
>>>>> I am trying to get the minidriver to work with the pkcs#15 emulator.
>>>>> Thank you.
>>>>
>>>> Kind regards,
>>>> Viktor.
>>>>
>>>>
>>>>>
>>>>> On Mon, Jul 2, 2012 at 10:11 PM, Galoh Haron <grha...@gmail.com
>>>>> <mailto:grha...@gmail.com>> wrote:
>>>>>
>>>>> Hello,
>>>>>
>>>>> I am trying to emulate a non pkcs#15 smart card with no support
>>>>> for MF selection.
>>>>> How to test the emulation works?
>>>>> Because when i tried to run command pkcs15-tool -r 00, i received
>>>>> "Certificate read failed: Invalid ASN.1 object"
>>>>>
>>>>> Based on the log,
>>>>>
>>>>> 2012-07-02 22:06:20.293 [pkcs15-tool]
>>>>> reader-pcsc.c:176:pcsc_internal_transmit: called
>>>>> 2012-07-02 22:06:20.340
>>>>> Incoming APDU data [ 17 bytes]
>>>>> =====================================
>>>>> 84 E4 6C BA 08 7C 97 35 05 07 F1 DA 37 4E B2 90 ..l..|.5....7N..
>>>>> 00 .
>>>>>
>>>>> ======================================================================
>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] card.c:330:sc_unlock: called
>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool]
>>>>> card-mykad.c:506:mykad_check_sw: called
>>>>> 2012-07-02 22:06:20.340 certificate size is 1035
>>>>> 2012-07-02 22:06:20.340 called, left=1031, depth 0
>>>>> 2012-07-02 22:06:20.340 Looking for 'tbsCertificate', tag 0x1000010
>>>>> 2012-07-02 22:06:20.340 decoding 'tbsCertificate'
>>>>> 2012-07-02 22:06:20.340 called, left=880, depth 1
>>>>> 2012-07-02 22:06:20.340 Looking for 'version', tag 0x21000000,
>>>>> OPTIONAL
>>>>> 2012-07-02 22:06:20.340 decoding 'version'
>>>>> 2012-07-02 22:06:20.340 called, left=3, depth 2
>>>>> 2012-07-02 22:06:20.340 Looking for 'version', tag 0x2
>>>>> 2012-07-02 22:06:20.340 decoding 'version'
>>>>> 2012-07-02 22:06:20.340 decoding 'version' returned 2
>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] asn1.c:1394:asn1_decode:
>>>>> returning with: 0 (Success)
>>>>> 2012-07-02 22:06:20.340 Looking for 'serialNumber', tag 0x2
>>>>> 2012-07-02 22:06:20.340 decoding 'serialNumber'
>>>>> 2012-07-02 22:06:20.340 Looking for 'signature', tag 0x1000010
>>>>> 2012-07-02 22:06:20.340 decoding 'signature'
>>>>> 2012-07-02 22:06:20.340 Looking for 'issuer', tag 0x1000010
>>>>> 2012-07-02 22:06:20.340 decoding 'issuer'
>>>>> 2012-07-02 22:06:20.340 Looking for 'validity', tag 0x1000010
>>>>> 2012-07-02 22:06:20.340 decoding 'validity'
>>>>> 2012-07-02 22:06:20.340 Looking for 'subject', tag 0x1000010
>>>>> 2012-07-02 22:06:20.340 decoding 'subject'
>>>>> 2012-07-02 22:06:20.340 Looking for 'subjectPublicKeyInfo', tag
>>>>> 0x1000010
>>>>> 2012-07-02 22:06:20.340 decoding 'subjectPublicKeyInfo'
>>>>> 2012-07-02 22:06:20.340 sc_pkcs15_pubkey_from_spki 013C1CEF:157
>>>>> 2012-07-02 22:06:20.340 called, left=157, depth 0
>>>>> 2012-07-02 22:06:20.340 Looking for 'algorithm', tag 0x1000010
>>>>> 2012-07-02 22:06:20.340 decoding 'algorithm'
>>>>> 2012-07-02 22:06:20.340 called, left=13, depth 1
>>>>> 2012-07-02 22:06:20.340 Looking for 'algorithm', tag 0x6
>>>>> 2012-07-02 22:06:20.340 decoding 'algorithm'
>>>>> 2012-07-02 22:06:20.340 Looking for 'nullParam', tag 0x5, OPTIONAL
>>>>> 2012-07-02 22:06:20.340 decoding 'nullParam'
>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] asn1.c:1394:asn1_decode:
>>>>> returning with: 0 (Success)
>>>>> 2012-07-02 22:06:20.340 Looking for 'subjectPublicKey', tag 0x3
>>>>> 2012-07-02 22:06:20.340 decoding 'subjectPublicKey'
>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] asn1.c:1394:asn1_decode:
>>>>> returning with: 0 (Success)
>>>>> 2012-07-02 22:06:20.340 DEE pk_alg.algorithm=0
>>>>> 2012-07-02 22:06:20.340 called, left=138, depth 0
>>>>> 2012-07-02 22:06:20.340 Looking for 'publicKeyCoefficients', tag
>>>>> 0x1000010, OPTIONAL
>>>>> 2012-07-02 22:06:20.340 decoding 'publicKeyCoefficients'
>>>>> 2012-07-02 22:06:20.340 called, left=135, depth 1
>>>>> 2012-07-02 22:06:20.340 Looking for 'modulus', tag 0x2
>>>>> 2012-07-02 22:06:20.340 decoding 'modulus'
>>>>> 2012-07-02 22:06:20.340 Looking for 'exponent', tag 0x2
>>>>> 2012-07-02 22:06:20.340 decoding 'exponent'
>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] asn1.c:1394:asn1_decode:
>>>>> returning with: 0 (Success)
>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] asn1.c:1394:asn1_decode:
>>>>> returning with: 0 (Success)
>>>>> 2012-07-02 22:06:20.340 Looking for 'extensions', tag 0x21000003,
>>>>> OPTIONAL
>>>>> 2012-07-02 22:06:20.340 decoding 'extensions'
>>>>> 2012-07-02 22:06:20.340 called, left=328, depth 2
>>>>> 2012-07-02 22:06:20.340 Looking for 'x509v3', tag 0x1000010,
>>>>> OPTIONAL
>>>>> 2012-07-02 22:06:20.340 decoding 'x509v3'
>>>>> 2012-07-02 22:06:20.340 called, left=324, depth 3
>>>>> 2012-07-02 22:06:20.340 Looking for 'certificatePolicies', tag
>>>>> 0x1000010, OPTIONAL
>>>>> 2012-07-02 22:06:20.340 decoding 'certificatePolicies'
>>>>> 2012-07-02 22:06:20.340 Looking for 'subjectKeyIdentifier', tag
>>>>> 0x1000010, OPTIONAL
>>>>> 2012-07-02 22:06:20.340 decoding 'subjectKeyIdentifier'
>>>>> 2012-07-02 22:06:20.340 Looking for 'crlDistributionPoints', tag
>>>>> 0x1000010, OPTIONAL
>>>>> 2012-07-02 22:06:20.340 decoding 'crlDistributionPoints'
>>>>> 2012-07-02 22:06:20.340 Looking for 'authorityKeyIdentifier', tag
>>>>> 0x1000010, OPTIONAL
>>>>> 2012-07-02 22:06:20.340 decoding 'authorityKeyIdentifier'
>>>>> 2012-07-02 22:06:20.340 Looking for 'keyUsage', tag 0x1000010,
>>>>> OPTIONAL
>>>>> 2012-07-02 22:06:20.340 decoding 'keyUsage'
>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] asn1.c:1394:asn1_decode:
>>>>> returning with: 0 (Success)
>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] asn1.c:1394:asn1_decode:
>>>>> returning with: 0 (Success)
>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] asn1.c:1394:asn1_decode:
>>>>> returning with: 0 (Success)
>>>>> 2012-07-02 22:06:20.340 Looking for 'signatureAlgorithm', tag
>>>>> 0x1000010
>>>>> 2012-07-02 22:06:20.340 decoding 'signatureAlgorithm'
>>>>> 2012-07-02 22:06:20.340 called, left=13, depth 1
>>>>> 2012-07-02 22:06:20.340 Looking for 'algorithm', tag 0x6
>>>>> 2012-07-02 22:06:20.340 decoding 'algorithm'
>>>>> 2012-07-02 22:06:20.340 Looking for 'nullParam', tag 0x5, OPTIONAL
>>>>> 2012-07-02 22:06:20.340 decoding 'nullParam'
>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] asn1.c:1394:asn1_decode:
>>>>> returning with: 0 (Success)
>>>>> 2012-07-02 22:06:20.340 Looking for 'signatureValue', tag 0x3
>>>>> 2012-07-02 22:06:20.340 decoding 'signatureValue'
>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] asn1.c:1394:asn1_decode:
>>>>> returning with: 0 (Success)
>>>>> 2012-07-02 22:06:20.340 encoding 'serialNumber'
>>>>> 2012-07-02 22:06:20.340 type=4, tag=0x02, parm=013C0380, len=16
>>>>> 2012-07-02 22:06:20.340 length of encoded item=18
>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] card.c:330:sc_unlock: called
>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] pkcs15.c:959:sc_pkcs15_bind:
>>>>> returning with: 0 (Success)
>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool]
>>>>> pkcs15-cert.c:156:sc_pkcs15_read_certificate: called
>>>>> 2012-07-02 22:06:20.340 X.509 certificate not found
>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool]
>>>>> pkcs15.c:969:sc_pkcs15_unbind: called
>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool]
>>>>> pkcs15-pin.c:596:sc_pkcs15_pincache_clear: called
>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] card.c:330:sc_unlock: called
>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool]
>>>>> reader-pcsc.c:548:pcsc_unlock: called
>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool]
>>>>> card.c:242:sc_disconnect_card: called
>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool]
>>>>> reader-pcsc.c:498:pcsc_disconnect: called
>>>>> 2012-07-02 22:06:20.542 [pkcs15-tool]
>>>>> card.c:258:sc_disconnect_card: returning with: 0 (Success)
>>>>> 2012-07-02 22:06:20.542 [pkcs15-tool] ctx.c:738:sc_release_context:
>>>>> called
>>>>> 2012-07-02 22:06:20.542 [pkcs15-tool]
>>>>> reader-pcsc.c:736:pcsc_finish: called
>>>>>
>>>>> Obviously I can't used the sc_pkcs15_read_certificate. My card does
>>>>> not support pkcs15.
>>>>> Or did i misunderstand the whole pkcs#15 emulator concept?
>>>>>
>>>>> -galoh
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> opensc-devel mailing list
>>>>> opensc-devel@lists.opensc-project.org
>>>>> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>>>>
>>> _______________________________________________
>>> opensc-devel mailing list
>>> opensc-devel@lists.opensc-project.org
>>> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>>>
>>>
>>
>> --
>>
>> Douglas E. Engert <deeng...@anl.gov>
>> Argonne National Laboratory
>> 9700 South Cass Avenue
>> Argonne, Illinois 60439
>> (630) 252-5444
>>
>>
>> _______________________________________________
>> opensc-devel mailing list
>> opensc-devel@lists.opensc-project.org
>> http://www.opensc-project.org/mailman/listinfo/opensc-devel
--
Douglas E. Engert <deeng...@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
