This past week, a situation has arising where the combination of OpenSC,
Thunderbird and some newer cards have combined to make a signature operation
fail.
SITUATION:
(1) Card enforces pin verify to be the last command to card before
a crypto command to do signature for some keys on the card.
(NIST-800-73-3 part 1 Section 3.2.3 "PIN Always")
(2) OpenSC card driver sets user_consent bit for these keys.
(3) OpenSC supports CK_ALWAYS_AUTHENTICATE attribute on private key
objects to tell caller PIN is required before a crypto operation.
(3) OpenSC sc_pkcs15_pincache* routines will not cache a PIN that is used
for any object that has user_consent.
(4) On some systems if the user does not have privileges or the
rlimit_memlock
is to small, PIN caching will not be done.
Solaris: requires PRIV_PROC_LOCK_MEMORY privilege, normal users don't
have it.
Ubuntu: CAP_IPC_LOCK privilege or rlimit_memlock is large enough. 64k
default?
(5) Productions versions of Thunderbird with NSS do not implement
CK_ALWAYS_AUTHENTICATE and don't ask for the attribute.
https://bugzilla.mozilla.org/show_bug.cgi?id=357025
is scheduled for NSS 3.14.
(6) Thunderbird may send request to card between PIN and crypto even with the
above patch.
https://bugzilla.mozilla.org/show_bug.cgi?id=613507
is scheduled for NSS 3.1.4
SOFTWARE VERSIONS OUT OF SYNC:
OpenSC is running as expected supporting cards that enforce
"PIN Always"/user_consent/CK_ALWAYS_AUTHENTICATE, and will not cache PINs
in this case.
But the PKCS#11 caller must send the PIN just before a crypto opertation
The PIN could have been from the initial C_Login or from C_Login
with the CKU_CONTEXT_SPECIFIC flag.
If the caller does not support CK_ALWAYS_AUTHENTICATE, a signature
operation might work if the initial PIN was sent and no other operations
were sent to the card before the crypto operation. (It would only work
once.) The PIN is not being cached so sc_pkcs15_pincache_revalidate
does not work.
WHAT CAN WE DO?
(1) Wait till NSS 3.14 is implemented in Thunderbird, and distributed
by vendors. This is a timing issue, which is out of our control.
(2) Modify OpenSC to back off and allow pin caching even for user_consent
pins. (But mlock might get in the way, minor problem, as admin can allow
it.)
(3) Modify OpenSC to add pin_cache_user_consent as a parameter
that would be off by default.
(4) Create a opensc-pkcs11.tb.hack.so much like the opensc-pkcs11-onepin.so
(5) Modify OpenSC to recognize NSS and if it supports CK_ALWAYS_AUTHENTICATE
and allow user_concert pin caching.
If we do nothing that is (1) and eventually things will work as expected.
I don't think (5) can be done as it is too late in the process to cache the
first PIN. A signature operation will fail, but a user might be able to try
it again. (Makes both TB and OpenSC look bad, and is not user friendly.)
(3) would work, but is ugly.
Comment?
Are there cards other then the PIV that have this problem?
--
Douglas E. Engert <[email protected]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
