I will work on it this week.
Between, how do you test your minidriver besides the command certutil -scinfo?
Card Minidriver Certification Kit?
Thanks Douglas.
On Wed, Jul 11, 2012 at 11:27 PM, Douglas E. Engert <deeng...@anl.gov> wrote:
>
>
> On 7/10/2012 8:19 PM, Galoh Haron wrote:
>>
>> Douglas,
>>
>> here is the changes list that i have made for the opensc-minidrver.inf
>> and .minidriver-westcos.reg
>>
>> .inf
>>
>> [Minidriver.NTamd64]
>> + %CardDeviceName%=Minidriver64_Install,SCFILTER\CID_7320006C009000
>> - %CardDeviceName%=Minidriver64_Install,SCFILTER\CID_00640181010c829000
>>
>> [Minidriver.NTx86]
>> + %CardDeviceName%=Minidriver32_Install,SCFILTER\CID_7320006C009000
>> - %CardDeviceName%=Minidriver32_Install,SCFILTER\CID_00640181010c829000
>>
>> [Minidriver.NTamd64.6.1]
>> + %CardDeviceName%=Minidriver64_61_Install,SCFILTER\CID_7320006C009000
>> - %CardDeviceName%=Minidriver64_61_Install,SCFILTER\CID_00640181010c829000
>>
>> [AddRegWOW64]
>> + HKLM,
>> %SmartCardNameWOW64%,"ATR",0x00000001,3b,67,00,00,73,20,00,6c,00,90,00
>> - HKLM,
>> %SmartCardNameWOW64%,"ATR",0x00000001,3f,69,00,00,00,64,01,00,00,00,80,90,00
>> - HKLM,
>> %SmartCardNameWOW64%,"ATRMask",0x00000001,ff,ff,ff,ff,ff,ff,ff,00,00,00,f0,ff,ff
>>
>> [Strings]
>> +SmartCardName="SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\MyKAD"
>> - SmartCardName="SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\Cev
>> Westcos"
>>
>> +SmartCardNameWOW64="SOFTWARE\Wow6432Node\Microsoft\Cryptography\Calais\SmartCards\MyKAD"
>> -
>> SmartCardNameWOW64="SOFTWARE\Wow6432Node\Microsoft\Cryptography\Calais\SmartCards\Cev
>> Westcos"
>>
>> .reg
>> Windows Registry Editor Version 5.00
>>
>> +
>> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\MyKAD]
>> -
>> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\CEV
>> WESTCOS]
>> + "ATR"=hex:3b,67,00,00,73,20,00,6c,00,90,00
>> - "ATR"=hex:3f,69,00,00,00,64,01,00,00,00,80,90,00
>> - "ATRMask"=hex:ff,ff,ff,ff,ff,ff,ff,00,00,00,f0,ff,ff
>>
>> I have attached the cardmod.log if you required it.
>>
>
> In line 85 of the trace:
>
> P:13632 T:14000 pCardData:0048E4D8 CardReadFile
> pszDirectoryName = mscp, pszFileName = cmapfile, dwFlags = 0, pcbData=0,
> *ppbData=0
> check_reader_status
> pCardData->hSCardCtx:0xCD010002 hScard:0xEA020000
> check_reader_status r=5 flags 0x00000005
> sc_pkcs15_read_certificate return 0
>
> There is no cmapfile returned, and shortly after, the CardDeleteContext
> is called.
>
>
> In my version that may be out of date from 5/26/2011,
> when I last looked at this code, a cmapfile is returned,
> My trace was from a smart card login, and not from certutil.exe
>
> P:816 T:820 pCardData:00F15700 CardReadFile
>
> pszDirectoryName = mscp, pszFileName = cmapfile, dwFlags = 0, pcbData=0,
> *ppbData=0
> check_reader_status
> pCardData->hSCardCtx:0xCD010002 hScard:0xEA010001
>
> check_reader_status r=5 flags 0x00000005
> sc_pkcs15_read_certificate return 0
> Guid={31323334-3536-3738-390c-075480510916}
> cmapfile entry 0 --- 00F1FB68:86
> 0000 7B003300 31003300 32003300 33003300 34002D00 33003500 33003600
> 2D003300
> 0020 37003300 38002D00 33003900 30006300 2D003000 37003500 34003800
> 30003500
>
> After this things progress to passing he certificate back.
>
> So it looks like some of the minidriver is not creating the cmapfile,
> maybe because it can not find something form your card.
>
>
> Look at line 832 in minidriver.c (opensc-0.12.2 version)
> if(pubkey->algorithm == SC_ALGORITHM_RSA)
> is true.
>
>
>
>> Thank you.
>>
>>
>>
>> On Tue, Jul 10, 2012 at 9:20 PM, Douglas E. Engert <deeng...@anl.gov>
>> wrote:
>>>
>>>
>>>
>>> On 7/10/2012 3:35 AM, Galoh Haron wrote:
>>>>
>>>> hello all,
>>>>
>>>> I found errors in running certutil -scinfo
>>>> 1) Can't open the AT_SIGNATURE key for reader
>>>> 2) Can't open the At_KEYEXCHANGE key for reader
>>>> 3) Cannot open the key for reader
>>>>
>>>> A pops dialog show .." A smart card was detected but is not the one
>>>> required for the current operation. The smart card you are using may
>>>> be missing required driver software or a required certificate".
>>>
>>>
>>> Sounds like the MS code is having problems using the minidriver.
>>> This could be because your registry is not configured correctly
>>> or you code is doing something that does not work under the minidriver.
>>> The minidriver may be called during login by more then one process,
>>> and by more then one thread. Depending on how your code is written this
>>> may
>>> cause problems. The minidriver may stay loaded by more then one process
>>> for long times. During login, there is no HKLU registry as there is no
>>> current user. This also implies that access to files is limited.
>>>
>>>>
>>>> i can view the certificate in mozilla web browser.
>>>>
>>>> to minidrive everything
>>>> 1) I configure the registry as per minidriver-westcost.reg
>>>
>>> Send your changes to the list.
>>>
>>>> 2) I configure the opensc-minidriver.inf and change the device ID
>>>> according to the historical atr bytes
>>>> 3) install the inf accordingly
>>>
>>>
>>> Send the inf changes to the list.
>>>
>>>>
>>>> what else should i do.?
>>>
>>>
>>> You could compile the mindriver with the CARDMOD_LOW_LEVEL_DEBUG
>>> See minidriver.c around line 100. Its only for debugging.
>>> You will need to create the C:\tmp\cardmod.log and make it writable
>>> by everyone.
>>>
>>>
>>>>
>>>>
>>>> On Wed, Jul 4, 2012 at 6:20 PM, Viktor Tarasov
>>>> <viktor.tara...@gmail.com> wrote:
>>>>>
>>>>> Hello,
>>>>>
>>>>> Le 04/07/2012 03:16, Galoh Haron a écrit :
>>>>>>
>>>>>> I guess i need to clarify the question on pkcs#15 emulator again.
>>>>>>
>>>>>> 1) I have created pkcs15-thecard.c and work on
>>>>>> sc_pks15emu-thecard_init_ex
>>>>>> 2) With some code's modification, the command of opensc-tool -i,
>>>>>> opensc-tool -a opensc -s work.
>>>>>> 3) Any other steps missing for the emulator to work or perhaps a tiny
>>>>>> miny write up for developers to work on the emulator ?
>>>>>
>>>>>
>>>>>
>>>>> I would start from implementing the card driver with the basic
>>>>> 'sc_card_operations' handlers
>>>>> and testing all the stuff with the opensc-explorer .
>>>>>
>>>>> Then make a list of the pre-existing objects (PINs, Pub/Priv keys,
>>>>> certs, data) that you wish to see exposed with the libopensc/pkcs15 API as
>>>>> the PKCS#15 objects.
>>>>>
>>>>> After that take as example some existing emulator to see how to prepare
>>>>> data before calling the 'sc_pkcs15emu_add_**' functions
>>>>> and host to register your 'init_ex' procedure in pkcs15-syn.c .
>>>>>
>>>>> Then your can start the testing with the pkcs15-* tools, and finally
>>>>> minidriver.
>>>>>
>>>>>
>>>>>>
>>>>>> I am trying to get the minidriver to work with the pkcs#15 emulator.
>>>>>> Thank you.
>>>>>
>>>>>
>>>>> Kind regards,
>>>>> Viktor.
>>>>>
>>>>>
>>>>>>
>>>>>> On Mon, Jul 2, 2012 at 10:11 PM, Galoh Haron <grha...@gmail.com
>>>>>> <mailto:grha...@gmail.com>> wrote:
>>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> I am trying to emulate a non pkcs#15 smart card with no support
>>>>>> for MF selection.
>>>>>> How to test the emulation works?
>>>>>> Because when i tried to run command pkcs15-tool -r 00, i
>>>>>> received
>>>>>> "Certificate read failed: Invalid ASN.1 object"
>>>>>>
>>>>>> Based on the log,
>>>>>>
>>>>>> 2012-07-02 22:06:20.293 [pkcs15-tool]
>>>>>> reader-pcsc.c:176:pcsc_internal_transmit: called
>>>>>> 2012-07-02 22:06:20.340
>>>>>> Incoming APDU data [ 17 bytes]
>>>>>> =====================================
>>>>>> 84 E4 6C BA 08 7C 97 35 05 07 F1 DA 37 4E B2 90 ..l..|.5....7N..
>>>>>> 00 .
>>>>>>
>>>>>> ======================================================================
>>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] card.c:330:sc_unlock:
>>>>>> called
>>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool]
>>>>>> card-mykad.c:506:mykad_check_sw: called
>>>>>> 2012-07-02 22:06:20.340 certificate size is 1035
>>>>>> 2012-07-02 22:06:20.340 called, left=1031, depth 0
>>>>>> 2012-07-02 22:06:20.340 Looking for 'tbsCertificate', tag
>>>>>> 0x1000010
>>>>>> 2012-07-02 22:06:20.340 decoding 'tbsCertificate'
>>>>>> 2012-07-02 22:06:20.340 called, left=880, depth 1
>>>>>> 2012-07-02 22:06:20.340 Looking for 'version', tag 0x21000000,
>>>>>> OPTIONAL
>>>>>> 2012-07-02 22:06:20.340 decoding 'version'
>>>>>> 2012-07-02 22:06:20.340 called, left=3, depth 2
>>>>>> 2012-07-02 22:06:20.340 Looking for 'version', tag 0x2
>>>>>> 2012-07-02 22:06:20.340 decoding 'version'
>>>>>> 2012-07-02 22:06:20.340 decoding 'version' returned 2
>>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] asn1.c:1394:asn1_decode:
>>>>>> returning with: 0 (Success)
>>>>>> 2012-07-02 22:06:20.340 Looking for 'serialNumber', tag 0x2
>>>>>> 2012-07-02 22:06:20.340 decoding 'serialNumber'
>>>>>> 2012-07-02 22:06:20.340 Looking for 'signature', tag 0x1000010
>>>>>> 2012-07-02 22:06:20.340 decoding 'signature'
>>>>>> 2012-07-02 22:06:20.340 Looking for 'issuer', tag 0x1000010
>>>>>> 2012-07-02 22:06:20.340 decoding 'issuer'
>>>>>> 2012-07-02 22:06:20.340 Looking for 'validity', tag 0x1000010
>>>>>> 2012-07-02 22:06:20.340 decoding 'validity'
>>>>>> 2012-07-02 22:06:20.340 Looking for 'subject', tag 0x1000010
>>>>>> 2012-07-02 22:06:20.340 decoding 'subject'
>>>>>> 2012-07-02 22:06:20.340 Looking for 'subjectPublicKeyInfo', tag
>>>>>> 0x1000010
>>>>>> 2012-07-02 22:06:20.340 decoding 'subjectPublicKeyInfo'
>>>>>> 2012-07-02 22:06:20.340 sc_pkcs15_pubkey_from_spki 013C1CEF:157
>>>>>> 2012-07-02 22:06:20.340 called, left=157, depth 0
>>>>>> 2012-07-02 22:06:20.340 Looking for 'algorithm', tag 0x1000010
>>>>>> 2012-07-02 22:06:20.340 decoding 'algorithm'
>>>>>> 2012-07-02 22:06:20.340 called, left=13, depth 1
>>>>>> 2012-07-02 22:06:20.340 Looking for 'algorithm', tag 0x6
>>>>>> 2012-07-02 22:06:20.340 decoding 'algorithm'
>>>>>> 2012-07-02 22:06:20.340 Looking for 'nullParam', tag 0x5,
>>>>>> OPTIONAL
>>>>>> 2012-07-02 22:06:20.340 decoding 'nullParam'
>>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] asn1.c:1394:asn1_decode:
>>>>>> returning with: 0 (Success)
>>>>>> 2012-07-02 22:06:20.340 Looking for 'subjectPublicKey', tag 0x3
>>>>>> 2012-07-02 22:06:20.340 decoding 'subjectPublicKey'
>>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] asn1.c:1394:asn1_decode:
>>>>>> returning with: 0 (Success)
>>>>>> 2012-07-02 22:06:20.340 DEE pk_alg.algorithm=0
>>>>>> 2012-07-02 22:06:20.340 called, left=138, depth 0
>>>>>> 2012-07-02 22:06:20.340 Looking for 'publicKeyCoefficients', tag
>>>>>> 0x1000010, OPTIONAL
>>>>>> 2012-07-02 22:06:20.340 decoding 'publicKeyCoefficients'
>>>>>> 2012-07-02 22:06:20.340 called, left=135, depth 1
>>>>>> 2012-07-02 22:06:20.340 Looking for 'modulus', tag 0x2
>>>>>> 2012-07-02 22:06:20.340 decoding 'modulus'
>>>>>> 2012-07-02 22:06:20.340 Looking for 'exponent', tag 0x2
>>>>>> 2012-07-02 22:06:20.340 decoding 'exponent'
>>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] asn1.c:1394:asn1_decode:
>>>>>> returning with: 0 (Success)
>>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] asn1.c:1394:asn1_decode:
>>>>>> returning with: 0 (Success)
>>>>>> 2012-07-02 22:06:20.340 Looking for 'extensions', tag
>>>>>> 0x21000003, OPTIONAL
>>>>>> 2012-07-02 22:06:20.340 decoding 'extensions'
>>>>>> 2012-07-02 22:06:20.340 called, left=328, depth 2
>>>>>> 2012-07-02 22:06:20.340 Looking for 'x509v3', tag 0x1000010,
>>>>>> OPTIONAL
>>>>>> 2012-07-02 22:06:20.340 decoding 'x509v3'
>>>>>> 2012-07-02 22:06:20.340 called, left=324, depth 3
>>>>>> 2012-07-02 22:06:20.340 Looking for 'certificatePolicies', tag
>>>>>> 0x1000010, OPTIONAL
>>>>>> 2012-07-02 22:06:20.340 decoding 'certificatePolicies'
>>>>>> 2012-07-02 22:06:20.340 Looking for 'subjectKeyIdentifier', tag
>>>>>> 0x1000010, OPTIONAL
>>>>>> 2012-07-02 22:06:20.340 decoding 'subjectKeyIdentifier'
>>>>>> 2012-07-02 22:06:20.340 Looking for 'crlDistributionPoints', tag
>>>>>> 0x1000010, OPTIONAL
>>>>>> 2012-07-02 22:06:20.340 decoding 'crlDistributionPoints'
>>>>>> 2012-07-02 22:06:20.340 Looking for 'authorityKeyIdentifier',
>>>>>> tag 0x1000010, OPTIONAL
>>>>>> 2012-07-02 22:06:20.340 decoding 'authorityKeyIdentifier'
>>>>>> 2012-07-02 22:06:20.340 Looking for 'keyUsage', tag 0x1000010,
>>>>>> OPTIONAL
>>>>>> 2012-07-02 22:06:20.340 decoding 'keyUsage'
>>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] asn1.c:1394:asn1_decode:
>>>>>> returning with: 0 (Success)
>>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] asn1.c:1394:asn1_decode:
>>>>>> returning with: 0 (Success)
>>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] asn1.c:1394:asn1_decode:
>>>>>> returning with: 0 (Success)
>>>>>> 2012-07-02 22:06:20.340 Looking for 'signatureAlgorithm', tag
>>>>>> 0x1000010
>>>>>> 2012-07-02 22:06:20.340 decoding 'signatureAlgorithm'
>>>>>> 2012-07-02 22:06:20.340 called, left=13, depth 1
>>>>>> 2012-07-02 22:06:20.340 Looking for 'algorithm', tag 0x6
>>>>>> 2012-07-02 22:06:20.340 decoding 'algorithm'
>>>>>> 2012-07-02 22:06:20.340 Looking for 'nullParam', tag 0x5,
>>>>>> OPTIONAL
>>>>>> 2012-07-02 22:06:20.340 decoding 'nullParam'
>>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] asn1.c:1394:asn1_decode:
>>>>>> returning with: 0 (Success)
>>>>>> 2012-07-02 22:06:20.340 Looking for 'signatureValue', tag 0x3
>>>>>> 2012-07-02 22:06:20.340 decoding 'signatureValue'
>>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] asn1.c:1394:asn1_decode:
>>>>>> returning with: 0 (Success)
>>>>>> 2012-07-02 22:06:20.340 encoding 'serialNumber'
>>>>>> 2012-07-02 22:06:20.340 type=4, tag=0x02, parm=013C0380, len=16
>>>>>> 2012-07-02 22:06:20.340 length of encoded item=18
>>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] card.c:330:sc_unlock:
>>>>>> called
>>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool]
>>>>>> pkcs15.c:959:sc_pkcs15_bind: returning with: 0 (Success)
>>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool]
>>>>>> pkcs15-cert.c:156:sc_pkcs15_read_certificate: called
>>>>>> 2012-07-02 22:06:20.340 X.509 certificate not found
>>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool]
>>>>>> pkcs15.c:969:sc_pkcs15_unbind: called
>>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool]
>>>>>> pkcs15-pin.c:596:sc_pkcs15_pincache_clear: called
>>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] card.c:330:sc_unlock:
>>>>>> called
>>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool]
>>>>>> reader-pcsc.c:548:pcsc_unlock: called
>>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool]
>>>>>> card.c:242:sc_disconnect_card: called
>>>>>> 2012-07-02 22:06:20.340 [pkcs15-tool]
>>>>>> reader-pcsc.c:498:pcsc_disconnect: called
>>>>>> 2012-07-02 22:06:20.542 [pkcs15-tool]
>>>>>> card.c:258:sc_disconnect_card: returning with: 0 (Success)
>>>>>> 2012-07-02 22:06:20.542 [pkcs15-tool]
>>>>>> ctx.c:738:sc_release_context: called
>>>>>> 2012-07-02 22:06:20.542 [pkcs15-tool]
>>>>>> reader-pcsc.c:736:pcsc_finish: called
>>>>>>
>>>>>> Obviously I can't used the sc_pkcs15_read_certificate. My card
>>>>>> does not support pkcs15.
>>>>>> Or did i misunderstand the whole pkcs#15 emulator concept?
>>>>>>
>>>>>> -galoh
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> opensc-devel mailing list
>>>>>> opensc-devel@lists.opensc-project.org
>>>>>> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>>>>>
>>>>>
>>>> _______________________________________________
>>>> opensc-devel mailing list
>>>> opensc-devel@lists.opensc-project.org
>>>> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>>>>
>>>>
>>>
>>> --
>>>
>>> Douglas E. Engert <deeng...@anl.gov>
>>> Argonne National Laboratory
>>> 9700 South Cass Avenue
>>> Argonne, Illinois 60439
>>> (630) 252-5444
>>>
>>>
>>> _______________________________________________
>>> opensc-devel mailing list
>>> opensc-devel@lists.opensc-project.org
>>> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>
> --
>
> Douglas E. Engert <deeng...@anl.gov>
> Argonne National Laboratory
> 9700 South Cass Avenue
> Argonne, Illinois 60439
> (630) 252-5444
>
>
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
