[opensc-devel] out of memory?

2007-04-16 Thread Andreas Jellinghaus 
I as about to release 0.11.2, but regression tests found this:

pkcs15-tool --read-public-key 45 -o ./test-data/key.pem
--- Command output ---
asn1.c:1366:asn1_encode_entry: encoding of ASN.1 object 'key' failed: Out of 
memory
asn1.c:1366:asn1_encode_entry: encoding of ASN.1 object 'publicKey' failed: 
Out of memory
Error encoding PEM key: Out of memory

any idea what is wrong?

Regards, Andreas
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] GET CHALLENGE / EXTERNAL AUTHENTICATE Problem

2007-04-16 Thread Andreas Schwier 
Hi Peter,

that depends on the algorithm used for EXTERNAL AUTHENTICATE. Quite
typically CardOS uses a Retail-MAC, which is a single DES CBC with
IV='00.00.00.00.00.00.00.00' using the left key half applied to all
blocks, a decrypt with the right key half and a final encrypt with the
left key half applied on the final block (In short: single DES for n-1
blocks, triple DES for last block).

For the Smart Card Shell you could write

---8<--8<--8<--8<--8<--8<--8<--8<--8<---
//
// Authenticate against CardOS card
//

var card = new Card(_scsh3.reader);
var crypto = new Crypto();

var key = new Key();
key.setComponent(Key.DES,
new ByteString("01010101010101010101010101010101", HEX));

// Get challenge
var challenge = card.sendApdu(0x00, 0x84, 0x00, 0x00, 8, [0x9000]);

// Crypto.DES_MAC_EMV is a CBC generated Retail-MAC
var cipher = crypto.sign(key, Crypto.DES_MAC_EMV, challenge);

card.sendApdu(0x00, 0x82, 0x00, 0x81, cipher);

print("Card returns " + card.SW.toString(16) + " - " + card.SWMSG);
---8<--8<--8<--8<--8<--8<--8<--8<--8<---

However you will need to know the key value for the authentication key,
unless your system uses some way to derive the key from the PIN code
(Using SHA-1 for example). This is quite uncommon, so I would assume
that the PIN verification is done sometime before authentication takes
place (using VERIFY INS=20 APDU).

Andreas




Peter Koch schrieb:
> Hi all!
> 
> I'm trying to do an EXTERNAL AUTHENTICATE against a CardOS 4.01 card.
> 
> Requesting the challenge is easy. But how do I calculate the response?
> 
> Here's an example that I captured with an USB-sniffer:
> 
> APDU 1: 0084 08, Response 584eb56f6d9f13c5 9000
> APDU 2: 00820081 08 cdddb92642a38d3b, Response 9000
> 
> Does anybody know how response cdddb92642a38d3b was calculated
> from challenge 584eb56f6d9f13c5 using PIN 123456.
> 
> I have already tried stuff like
> 
> echo -en '\x58\x4e\xb5\x6f\x6d\x9f\x13\xc5' |\
>   openssl enc -des-ede3-ofb -K 313233343536 -iv 0 |\
>   od -tx1
> 
> with different cyphers. Unfortunately I don't know what IV-value
> must be used. Any ideas?
> 
> Peter
> ___
> SMS schreiben mit WEB.DE FreeMail - einfach, schnell und
> kostenguenstig. Jetzt gleich testen! http://f.web.de/?mc=021192
> 
> ___
> opensc-devel mailing list
> opensc-devel@lists.opensc-project.org
> http://www.opensc-project.org/mailman/listinfo/opensc-devel


-- 

-CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#   #|   Schülerweg 38
   |#   #|   32429 Minden, Germany
   |'##> <##'|   Phone +49 171 8334920
-http://www.cardcontact.de

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] GET CHALLENGE / EXTERNAL AUTHENTICATE Problem

2007-04-16 Thread Peter Koch 
Hi Nils

> sure that a normal pin is used (or is this a DES key which
> somehow needs to be enlarged to 64 bits) ?

Of course a key is needed to calculate the response. I assumed
that this key was caluclated from the PIN by just 0-padding it.

> > I have already tried stuff like
> >
> > echo -en '\x58\x4e\xb5\x6f\x6d\x9f\x13\xc5' |\
> > openssl enc -des-ede3-ofb -K 313233343536 -iv 0 |\
> > od -tx1
> >
> > with different cyphers. Unfortunately I don't know what IV-value
> > must be used. Any ideas?
>
> afaik this cannot work as the cardos m4.01a either uses public
> key cryptography or a MAC calculation for EXTERNAL AUTHENTICATE.
> As the response is 8 bytes long I would guess that a MAC
> algorithm is used in your case (hence either a [i]MAC or a
> [i]3MAC (the 'i' specifies whether ISO-padding or not is used)).
> As [3]DES key is needed in this case it would be interesting how
> the full key is derived ... Perhaps the application which created
> the above APDUs could be helpful to answer these questions ;-)

Do you know of any docs that describe the [i][3]MAC Algorithm? I
looked into the CardOS manual and there are some pictures only,
which I don't understand.

Can openssl do [i][3]MAC-calculations? Or any other software?

Peter
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel