Ticket #173 (new defect)

NB! Read about ReportingBugs before filing a ticket!

Opened 4 years ago

Last modified 4 years ago

Pinpad login do not work with Gemplus GPK card

Reported by: v_badev Owned by: opensc-devel@…
Priority: low Milestone: Someday
Component: opensc Version: 0.11.4
Severity: normal Keywords:
Cc: Blocked By:
Blocking:

Description

I have GPK card and OmniKey? CardMan? 3821 PIN pad reader. When PIN pad is enabled in config file with enable_pinpad = true; PIN verification always fails. With CardOS 4.3 card ai can login without problems.

Here is output of pkcs11-tool --test --login with GPK card and disabled pinpad: 

Please enter User PIN: 
C_SeedRandom() and C_GenerateRandom():
  not implemented
Digests:
  all 4 digest functions seem to work
  MD5: OK
  SHA-1: OK
  RIPEMD160: OK
Signatures (currently only RSA signatures)
  testing key 0 (AUTH key) 
  all 4 signature functions seem to work
  testing signature mechanisms:
    RSA-PKCS: OK
    SHA1-RSA-PKCS: OK
    MD5-RSA-PKCS: OK
Verify (currently only for RSA):
  testing key 0 (AUTH key)
    RSA-PKCS: OK
    SHA1-RSA-PKCS: OK
    MD5-RSA-PKCS: OK
Key unwrap (RSA)
  testing key 0 (AUTH key) 
    DES-CBC: OK
    DES-EDE3-CBC: OK
    BF-CBC: OK
    CAST5-CFB: OK
Decryption (RSA)
  testing key 0 (AUTH key) 
    RSA-PKCS: OK
Testing card detection
Please press return to continue, x to exit: 
Available slots:
Slot 0           OmniKey CardMan 3821 00 00
  token label:   GemSAFE (pin)
  token manuf:   GemSAFE on GPK16000
  token model:   PKCS #15 SCard
  token flags:   rng, login required, PIN initialized, token initialized
  serial num  :  00c00017b81e0e68
Slot 1           (empty)
Slot 2           (empty)
Slot 3           (empty)
Slot 4           (empty)
Slot 5           (empty)
Slot 6           (empty)
Slot 7           (empty)
Please press return to continue, x to exit: x
Testing card detection using C_WaitForSlotEvent
Please press return to continue, x to exit: x
No errors

With enable_pinpad set to true output is: 

[opensc-pkcs11] pkcs15-gemsafe.c:127:my_pin_cmd: returning with: PIN code or key incorrect
[opensc-pkcs11] sec.c:201:sc_pin_cmd: returning with: PIN code or key incorrect
error: PKCS11 function C_Login failed: rv = CKR_PIN_INCORRECT (0xa0)

Aborting.

On Windows with SCB 0.10 result is the same.

Attached is debug log file from pkcs11-tool --test --login with enable_pinpad = true; and debug = 9;

Attachments

opensc-debug.log Download (87.3 KB) - added by v_badev 4 years ago.
Debug log file from pkcs11-tool --test --login with enable_pinpad = true; and debug = 9;

Change History

Changed 4 years ago by v_badev

Debug log file from pkcs11-tool --test --login with enable_pinpad = true; and debug = 9;

comment:1 Changed 4 years ago by martin

Looking at the source 

 /* GemSAFE pin uses a null terminated string with 0xFF */
 /* so we need to add the 0x00 to the pin  then pad with 0xFF */

I can't remember 100% but I believe the PCSC v2 part 10 spec does not allow building such PIN blocks (0x0 terminated, padding would be OK) in the reader. Thus I belive it is not possible to add support for PCSC pinpads and GPK cards into OpenSC.

comment:2 Changed 4 years ago by martin

  • Priority changed from normal to low
  • Milestone set to Someday
Note: See TracTickets for help on using tickets.