FEITIAN PKI - entersafe - creating pkcs15 now requires SO pin

[jmpoure]

Dear friends,

pkcs15-init -E
pkcs15-init --create-pkcs15 \
            --use-default-transport-key \
            --pin 0000 --puk 111111 \
            --label "Test"

used to work perfectly.

Now, pkcs15-init requests an so-pin. Even if I add --no-so-pin it returns:

Failed to create PKCS #15 meta structure: Security status not satisfied

To my knowledge, my card does not have an SO pin. Also, it used to work with some latest code in OpenSC.

Do you have any idea?

Kind regards.

[jmpoure]

Creating pkcs15 file works with OpenSC stable version, I recompiled and it works. Only the SVN version is broken.

[aj]

please show which version of opensc this should have worked.

to my knowledge entersafe driver is limited and only works with "-p pkcs15+onepin" option (SO_PIN and multiple PINs are not supported).

[martin]

Actually, for end-user orientation reasons, the onepin profile should be the default. A typical end-user does not have a split personality of a "security officer" and "token user" which is implied by the default profile. Setups that require a SO can enable the SO profile in their scripts/tutorials, knowingly.

[viktor.tarasov@…]

Should be fixed in rev.4114.

To authenticate 'update' in sc_pkcs15init_update_file() the selected file was used instead of the one instantiated from profile. Thus, for the card drivers for which the file ACLs cannot be obtained from the FCI of the selected file, there was no authentication before 'update' operation.

Verfied with command: pkcs15-init --profile pkcs15+onepin -C --label "IDX-SCM" --pin "999999" --puk "888888"

[jmpoure]

Thanks for this quick response. I am impressed. I have the following error:

pkcs15-init --profile pkcs15+onepin -C --label "IDX-SCM" --pin 0000 --puk 111111
Using reader with a card: Feitian SCR301 01 00
Failed to create PKCS #15 meta structure: Not allowed
*** glibc detected *** pkcs15-init: double free or corruption (out): 0x0000000002390e30 ***
======= Backtrace: =========
/lib/libc.so.6[0x7f2bdd289d16]
/lib/libc.so.6(cfree+0x6c)[0x7f2bdd28e9bc]
/usr/lib/libopensc.so.2(sc_pkcs15_free_object+0x84)[0x7f2bdd7ad9a4]
/usr/lib/libopensc.so.2(sc_pkcs15_card_free+0x3b)[0x7f2bdd7adbcb]
/usr/lib/libopensc.so.2[0x7f2bdd81d0ee]
pkcs15-init[0x406a57]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7f2bdd237abd]
pkcs15-init[0x4033f9]
======= Memory map: ========
00400000-0040c000 r-xp 00000000 08:01 2400116                            /usr/bin/pkcs15-init
0060c000-0060d000 rw-p 0000c000 08:01 2400116                            /usr/bin/pkcs15-init
0060d000-0060e000 rw-p 00000000 00:00 0 
02377000-02398000 rw-p 00000000 00:00 0                                  [heap]
7f2bd8000000-7f2bd8021000 rw-p 00000000 00:00 0 
7f2bd8021000-7f2bdc000000 ---p 00000000 00:00 0 
7f2bdc5cc000-7f2bdc5e2000 r-xp 00000000 08:01 2203683                    /lib/libgcc_s.so.1
7f2bdc5e2000-7f2bdc7e1000 ---p 00016000 08:01 2203683                    /lib/libgcc_s.so.1
7f2bdc7e1000-7f2bdc7e2000 rw-p 00015000 08:01 2203683                    /lib/libgcc_s.so.1
7f2bdc7e2000-7f2bdc7ed000 r-xp 00000000 08:01 2412672                    /usr/lib/libpcsclite.so.1.0.0
7f2bdc7ed000-7f2bdc9ec000 ---p 0000b000 08:01 2412672                    /usr/lib/libpcsclite.so.1.0.0
7f2bdc9ec000-7f2bdc9ed000 rw-p 0000a000 08:01 2412672                    /usr/lib/libpcsclite.so.1.0.0
7f2bdc9ed000-7f2bdc9ee000 rw-p 00000000 00:00 0 
7f2bdc9ee000-7f2bdc9f5000 r-xp 00000000 08:01 2403690                    /usr/lib/libltdl.so.3.1.6
7f2bdc9f5000-7f2bdcbf4000 ---p 00007000 08:01 2403690                    /usr/lib/libltdl.so.3.1.6
7f2bdcbf4000-7f2bdcbf5000 rw-p 00006000 08:01 2403690                    /usr/lib/libltdl.so.3.1.6
7f2bdcbf5000-7f2bdcbfd000 r-xp 00000000 08:01 2399798                    /usr/lib/libopenct.so.1.0.0
7f2bdcbfd000-7f2bdcdfd000 ---p 00008000 08:01 2399798                    /usr/lib/libopenct.so.1.0.0
7f2bdcdfd000-7f2bdcdfe000 rw-p 00008000 08:01 2399798                    /usr/lib/libopenct.so.1.0.0
7f2bdcdfe000-7f2bdce15000 r-xp 00000000 08:01 2408741                    /usr/lib/libz.so.1.2.3.4
7f2bdce15000-7f2bdd014000 ---p 00017000 08:01 2408741                    /usr/lib/libz.so.1.2.3.4
7f2bdd014000-7f2bdd015000 rw-p 00016000 08:01 2408741                    /usr/lib/libz.so.1.2.3.4
7f2bdd015000-7f2bdd017000 r-xp 00000000 08:01 2449141                    /lib/libdl-2.10.2.so
7f2bdd017000-7f2bdd217000 ---p 00002000 08:01 2449141                    /lib/libdl-2.10.2.so
7f2bdd217000-7f2bdd218000 r--p 00002000 08:01 2449141                    /lib/libdl-2.10.2.so
7f2bdd218000-7f2bdd219000 rw-p 00003000 08:01 2449141                    /lib/libdl-2.10.2.so
7f2bdd219000-7f2bdd363000 r-xp 00000000 08:01 2449135                    /lib/libc-2.10.2.so
7f2bdd363000-7f2bdd563000 ---p 0014a000 08:01 2449135                    /lib/libc-2.10.2.so
7f2bdd563000-7f2bdd567000 r--p 0014a000 08:01 2449135                    /lib/libc-2.10.2.so
7f2bdd567000-7f2bdd568000 rw-p 0014e000 08:01 2449135                    /lib/libc-2.10.2.so
7f2bdd568000-7f2bdd56d000 rw-p 00000000 00:00 0 
7f2bdd56d000-7f2bdd583000 r-xp 00000000 08:01 2449140                    /lib/libpthread-2.10.2.so
7f2bdd583000-7f2bdd783000 ---p 00016000 08:01 2449140                    /lib/libpthread-2.10.2.so
7f2bdd783000-7f2bdd784000 r--p 00016000 08:01 2449140                    /lib/libpthread-2.10.2.so
7f2bdd784000-7f2bdd785000 rw-p 00017000 08:01 2449140                    /lib/libpthread-2.10.2.so
7f2bdd785000-7f2bdd789000 rw-p 00000000 00:00 0 
7f2bdd789000-7f2bdd85f000 r-xp 00000000 08:01 2399136                    /usr/lib/libopensc.so.2.0.0
7f2bdd85f000-7f2bdda5f000 ---p 000d6000 08:01 2399136                    /usr/lib/libopensc.so.2.0.0
7f2bdda5f000-7f2bdda69000 rw-p 000d6000 08:01 2399136                    /usr/lib/libopensc.so.2.0.0
7f2bdda69000-7f2bdda6d000 rw-p 00000000 00:00 0 
7f2bdda6d000-7f2bddbe1000 r-xp 00000000 08:01 2403500                    /usr/lib/libcrypto.so.0.9.8
7f2bddbe1000-7f2bddde1000 ---p 00174000 08:01 2403500                    /usr/lib/libcrypto.so.0.9.8
7f2bddde1000-7f2bdde09000 rw-p 00174000 08:01 2403500                    /usr/lib/libcrypto.so.0.9.8
7f2bdde09000-7f2bdde0d000 rw-p 00000000 00:00 0 
7f2bdde0d000-7f2bdde2a000 r-xp 00000000 08:01 2449122                    /lib/ld-2.10.2.so
7f2bddffa000-7f2bddffe000 rw-p 00000000 00:00 0 
7f2bde016000-7f2bde017000 r--s 0000f000 08:01 1044687                    /var/run/pcscd/pcscd.pub
7f2bde017000-7f2bde018000 r--s 0000e000 08:01 1044687                    /var/run/pcscd/pcscd.pub
7f2bde018000-7f2bde019000 r--s 0000d000 08:01 1044687                    /var/run/pcscd/pcscd.pub
7f2bde019000-7f2bde01a000 r--s 0000c000 08:01 1044687                    /var/run/pcscd/pcscd.pub
7f2bde01a000-7f2bde01b000 r--s 0000b000 08:01 1044687                    /var/run/pcscd/pcscd.pub
7f2bde01b000-7f2bde01c000 r--s 0000a000 08:01 1044687                    /var/run/pcscd/pcscd.pub
7f2bde01c000-7f2bde01d000 r--s 00009000 08:01 1044687                    /var/run/pcscd/pcscd.pub
7f2bde01d000-7f2bde01e000 r--s 00008000 08:01 1044687                    /var/run/pcscd/pcscd.pub
7f2bde01e000-7f2bde01f000 r--s 00007000 08:01 1044687                    /var/run/pcscd/pcscd.pub
7f2bde01f000-7f2bde020000 r--s 00006000 08:01 1044687                    /var/run/pcscd/pcscd.pub
7f2bde020000-7f2bde021000 r--s 00005000 08:01 1044687                    /var/run/pcscd/pcscd.pub
7f2bde021000-7f2bde022000 r--s 00004000 08:01 1044687                    /var/run/pcscd/pcscd.pub
7f2bde022000-7f2bde023000 r--s 00003000 08:01 1044687                    /var/run/pcscd/pcscd.pub
7f2bde023000-7f2bde024000 r--s 00002000 08:01 1044687                    /var/run/pcscd/pcscd.pub
7f2bde024000-7f2bde025000 r--s 00001000 08:01 1044687                    /var/run/pcscd/pcscd.pub
7f2bde025000-7f2bde026000 r--s 00000000 08:01 1044687                    /var/run/pcscd/pcscd.pub
7f2bde026000-7f2bde029000 rw-p 00000000 00:00 0 
7f2bde029000-7f2bde02a000 r--p 0001c000 08:01 2449122                    /lib/ld-2.10.2.so
7f2bde02a000-7f2bde02b000 rw-p 0001d000 08:01 2449122                    /lib/ld-2.10.2.so
7fff53b0d000-7fff53b24000 rw-p 00000000 00:00 0                          [stack]
7fff53bff000-7fff53c00000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]Abandon

[viktor.tarasov@…]

Can you, please, activate the logs?

In opensc.conf : app default { debug=8; debug_file=/tmp/opensc-debug.log; ...

[jmpoure]

Thanks Viktor.

In fact, this may not be a real bug. I forgot to initialize the card with -E. Now, first initialization succeeds. It is only the second initialization which fails. Of course, in real life, this never happens as you are supposed to only initialize "once".

Here are the commands:

pkcs15-init -E
Using reader with a card: Feitian SCR301 01 00
acer:/home/jmpoure# pkcs15-init --profile pkcs15+onepin -C --label "IDX-SCM" --pin "999999" --puk "888888" 
Using reader with a card: Feitian SCR301 01 00
acer:/home/jmpoure# pkcs15-init --profile pkcs15+onepin -C --label "IDX-SCM" --pin "999999" --puk "888888" 
Using reader with a card: Feitian SCR301 01 00
Failed to create PKCS #15 meta structure: Not allowed
*** glibc detected *** pkcs15-init: double free or corruption (out): 0x00000000025ce070 ***
======= Backtrace: =========
/lib/libc.so.6[0x7f24ddef5d16]
/lib/libc.so.6(cfree+0x6c)[0x7f24ddefa9bc]
/usr/lib/libopensc.so.2(sc_pkcs15_free_object+0x84)[0x7f24de4199a4]
/usr/lib/libopensc.so.2(sc_pkcs15_card_free+0x3b)[0x7f24de419bcb]
/usr/lib/libopensc.so.2[0x7f24de4890ee]
pkcs15-init[0x406a57]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7f24ddea3abd]
pkcs15-init[0x4033f9]
======= Memory map: ========
00400000-0040c000 r-xp 00000000 08:01 2400116                            /usr/bin/pkcs15-init
0060c000-0060d000 rw-p 0000c000 08:01 2400116                            /usr/bin/pkcs15-init
0060d000-0060e000 rw-p 00000000 00:00 0 
025b4000-025d5000 rw-p 00000000 00:00 0                                  [heap]
7f24d8000000-7f24d8021000 rw-p 00000000 00:00 0 
7f24d8021000-7f24dc000000 ---p 00000000 00:00 0 
7f24dd238000-7f24dd24e000 r-xp 00000000 08:01 2203683                    /lib/libgcc_s.so.1
7f24dd24e000-7f24dd44d000 ---p 00016000 08:01 2203683                    /lib/libgcc_s.so.1
7f24dd44d000-7f24dd44e000 rw-p 00015000 08:01 2203683                    /lib/libgcc_s.so.1
7f24dd44e000-7f24dd459000 r-xp 00000000 08:01 2412672                    /usr/lib/libpcsclite.so.1.0.0
7f24dd459000-7f24dd658000 ---p 0000b000 08:01 2412672                    /usr/lib/libpcsclite.so.1.0.0
7f24dd658000-7f24dd659000 rw-p 0000a000 08:01 2412672                    /usr/lib/libpcsclite.so.1.0.0
7f24dd659000-7f24dd65a000 rw-p 00000000 00:00 0 
7f24dd65a000-7f24dd661000 r-xp 00000000 08:01 2403690                    /usr/lib/libltdl.so.3.1.6
7f24dd661000-7f24dd860000 ---p 00007000 08:01 2403690                    /usr/lib/libltdl.so.3.1.6
7f24dd860000-7f24dd861000 rw-p 00006000 08:01 2403690                    /usr/lib/libltdl.so.3.1.6
7f24dd861000-7f24dd869000 r-xp 00000000 08:01 2399798                    /usr/lib/libopenct.so.1.0.0
7f24dd869000-7f24dda69000 ---p 00008000 08:01 2399798                    /usr/lib/libopenct.so.1.0.0
7f24dda69000-7f24dda6a000 rw-p 00008000 08:01 2399798                    /usr/lib/libopenct.so.1.0.0
7f24dda6a000-7f24dda81000 r-xp 00000000 08:01 2408741                    /usr/lib/libz.so.1.2.3.4
7f24dda81000-7f24ddc80000 ---p 00017000 08:01 2408741                    /usr/lib/libz.so.1.2.3.4
7f24ddc80000-7f24ddc81000 rw-p 00016000 08:01 2408741                    /usr/lib/libz.so.1.2.3.4
7f24ddc81000-7f24ddc83000 r-xp 00000000 08:01 2449141                    /lib/libdl-2.10.2.so
7f24ddc83000-7f24dde83000 ---p 00002000 08:01 2449141                    /lib/libdl-2.10.2.so
7f24dde83000-7f24dde84000 r--p 00002000 08:01 2449141                    /lib/libdl-2.10.2.so
7f24dde84000-7f24dde85000 rw-p 00003000 08:01 2449141                    /lib/libdl-2.10.2.so
7f24dde85000-7f24ddfcf000 r-xp 00000000 08:01 2449135                    /lib/libc-2.10.2.so
7f24ddfcf000-7f24de1cf000 ---p 0014a000 08:01 2449135                    /lib/libc-2.10.2.so
7f24de1cf000-7f24de1d3000 r--p 0014a000 08:01 2449135                    /lib/libc-2.10.2.so
7f24de1d3000-7f24de1d4000 rw-p 0014e000 08:01 2449135                    /lib/libc-2.10.2.so
7f24de1d4000-7f24de1d9000 rw-p 00000000 00:00 0 
7f24de1d9000-7f24de1ef000 r-xp 00000000 08:01 2449140                    /lib/libpthread-2.10.2.so
7f24de1ef000-7f24de3ef000 ---p 00016000 08:01 2449140                    /lib/libpthread-2.10.2.so
7f24de3ef000-7f24de3f0000 r--p 00016000 08:01 2449140                    /lib/libpthread-2.10.2.so
7f24de3f0000-7f24de3f1000 rw-p 00017000 08:01 2449140                    /lib/libpthread-2.10.2.so
7f24de3f1000-7f24de3f5000 rw-p 00000000 00:00 0 
7f24de3f5000-7f24de4cb000 r-xp 00000000 08:01 2399136                    /usr/lib/libopensc.so.2.0.0
7f24de4cb000-7f24de6cb000 ---p 000d6000 08:01 2399136                    /usr/lib/libopensc.so.2.0.0
7f24de6cb000-7f24de6d5000 rw-p 000d6000 08:01 2399136                    /usr/lib/libopensc.so.2.0.0
7f24de6d5000-7f24de6d9000 rw-p 00000000 00:00 0 
7f24de6d9000-7f24de84d000 r-xp 00000000 08:01 2403500                    /usr/lib/libcrypto.so.0.9.8
7f24de84d000-7f24dea4d000 ---p 00174000 08:01 2403500                    /usr/lib/libcrypto.so.0.9.8
7f24dea4d000-7f24dea75000 rw-p 00174000 08:01 2403500                    /usr/lib/libcrypto.so.0.9.8
7f24dea75000-7f24dea79000 rw-p 00000000 00:00 0 
7f24dea79000-7f24dea96000 r-xp 00000000 08:01 2449122                    /lib/ld-2.10.2.so
7f24dec66000-7f24dec6a000 rw-p 00000000 00:00 0 
7f24dec81000-7f24dec82000 r--s 0000f000 08:01 1044687                    /var/run/pcscd/pcscd.pub
7f24dec82000-7f24dec83000 r--s 0000e000 08:01 1044687                    /var/run/pcscd/pcscd.pub
7f24dec83000-7f24dec84000 r--s 0000d000 08:01 1044687                    /var/run/pcscd/pcscd.pub
7f24dec84000-7f24dec85000 r--s 0000c000 08:01 1044687                    /var/run/pcscd/pcscd.pub
7f24dec85000-7f24dec86000 r--s 0000b000 08:01 1044687                    /var/run/pcscd/pcscd.pub
7f24dec86000-7f24dec87000 r--s 0000a000 08:01 1044687                    /var/run/pcscd/pcscd.pub
7f24dec87000-7f24dec88000 r--s 00009000 08:01 1044687                    /var/run/pcscd/pcscd.pub
7f24dec88000-7f24dec89000 r--s 00008000 08:01 1044687                    /var/run/pcscd/pcscd.pub
7f24dec89000-7f24dec8a000 r--s 00007000 08:01 1044687                    /var/run/pcscd/pcscd.pub
7f24dec8a000-7f24dec8b000 r--s 00006000 08:01 1044687                    /var/run/pcscd/pcscd.pub
7f24dec8b000-7f24dec8c000 r--s 00005000 08:01 1044687                    /var/run/pcscd/pcscd.pub
7f24dec8c000-7f24dec8d000 r--s 00004000 08:01 1044687                    /var/run/pcscd/pcscd.pub
7f24dec8d000-7f24dec8e000 r--s 00003000 08:01 1044687                    /var/run/pcscd/pcscd.pub
7f24dec8e000-7f24dec8f000 r--s 00002000 08:01 1044687                    /var/run/pcscd/pcscd.pub
7f24dec8f000-7f24dec90000 r--s 00001000 08:01 1044687                    /var/run/pcscd/pcscd.pub
7f24dec90000-7f24dec91000 r--s 00000000 08:01 1044687                    /var/run/pcscd/pcscd.pub
7f24dec91000-7f24dec95000 rw-p 00000000 00:00 0 
7f24dec95000-7f24dec96000 r--p 0001c000 08:01 2449122                    /lib/ld-2.10.2.so
7f24dec96000-7f24dec97000 rw-p 0001d000 08:01 2449122                    /lib/ld-2.10.2.so
7ffffa076000-7ffffa08b000 rw-p 00000000 00:00 0                          [stack]
7ffffa1d7000-7ffffa1d8000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]Abandon

Attached is the log.

Kind regards,JMP

[viktor.tarasov@…]

Fixed in r4116.