New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New epass2003 token fails to initialize with error Failed to create PKCS #15 meta structure: Card command failed
#3034
Comments
I assume that the manufacturer has again changed the procedure for "token erase" .. and OpenSC is unable to really erase the token.
Probably, even if you manage to initialize the token, digital signature operations will not work. It seems that all EPASS2003 tokens that use the FIPS-certified MAC method (the message "Warning, MAC is not checked" appears in the opensc log) are not supported in OpenSC. This cannot be solved without information from the manufacturer. |
Thank you for the fast analysis of the problem, even if this is bad news :) @FeitianSmartcardReader maybe you can help here? |
The line numbers in the trace don't match what is in master. You may want to try with latest code. OpenSC will hide pin commands in the log. Try setting OPENSC_DEBUG=8 or add two more "v"s to " -vvvvvv" to log pin commands. It might be the pin code is not using SM or is trying to check the MAC.
This is misleading. It says the MAC verification code for the FIPS has not been implemented, (it should be). But for now the processing continues because the FIPS SM is working in both directions as the MAC is being treated as being correct.
In second log
It could also be they have changed the minimal size of pin.
OpenSC will hide pin commands in the log. Try setting OPENSC_DEBUG=8 or add two more "v"s to " -vvvvvv" to log pin commands. It might be the pin code is not using SM or is trying to check the MAC. |
Hmmm I was sure I recorded the traces with the latest version of master. Nevertheless I recompiled OpenSC and made sure to run the newest version and recorded new traces with more verbose logging. The behavior hasn't changed and and initializing the token fails with same error. I'm sorry I can't use the
Logs can be found here:
I tried using 16 characters long PIN and PUK with the following command. Is that correct way of doing it?
The resulting error is the same, as with a shorter PIN/PUK. See full log: https://pastebin.com/sXBrJY4W |
The failure appears to be coming from:
and the messages are from: https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/card-epass2003.c#L3433-L3437
There are twp The first looks like a verify that works. It passes in some encrypted data. The second has no date (other then the SM MAC) and comments says it it to get the tries left, but the card does not like the SM data. It could be only OpenSC code tries to get the retries. Newer cards may implement this. So if you are willing to try something, replace line 3433 |
@dengert Your guess was bang on. With your suggest modifications (patch below) the pkcs#15 initialization completes without errors. Thank you for your work :) When I'm reading the blame correct, this part of the code is there for 8y. So I'm not sure why newer tokes don't support this function... The patch I used to make initialization work:
I'm going to try the crypto functions (generate keys, signing) tomorrow. |
Generating Keys works, but signing data does not work. I think I'm now where the author of issue #2843 was before erasing the token. |
Good to hear it works. But eliminating the code is not the real solution. @xaqfan comments on this? is 5d6f7cb involved? Some additional info I have come up with: The issue appears to be how a case 1 APDU (non Lc and no Le) is handled with SM. The difference in your card and my card is at: Your card has exdata->bFipsCertification = 0x01 mine does not. Using my old epass2003 from 2011 ATR with version: 01:00:11 The newest cards known to OpenSC are from 2022 with version: 23:00:25 So your card is somewhere in between. Running with
and request to get tries left as:
|
For APDU CASE 1 (no Le, field, Lc=0), the initialization vector is not used in this mode when generating the MAC (analysed from the code), I assume this is some workaround. Perhaps the author of the code can say more. |
Yes, maybe a bug in some early tokens which is now fixed in newer ones? Just need to know which ones have the bug. |
Removing the whole |
I think I have found the problem.
Both of you said old cards worked, as mine does, which would never call it. But If can both of you can try this with new or old keys?
|
@dengert thank you for your patch suggestion. Unfortunately I don't think it has the desired effect on the new token, as the initialization fails with the same error as before (see trace: https://pastebin.com/1W7asJhE). I'm really sorry that I wont be able to test anything with an older version of the token, as the newly bought one should be a replacement for my older one, because I broke the older one mechanically :( |
The OpenSC card-epass2003.c have many comments about using SCP01:
But it appears that for FIPS-2 SCP03 is required. (But I am not sure.) https://globalplatform.org/wp-content/uploads/2019/03/GPC_2.2_D_SCP03_v1.0.pdf "6.2.6. APDU Command C-MAC and C-DECRYPTION Generation and Verification Since all the other commands have a data field (Lc is present) accept the one that fails. I want to use a debugger to see if 6.2.4 is handled as expected. Unfortunately I do not have a epass2003 newer then 2011 to test with. But have ordered 2, should have next week. https://csrc.nist.rip/Projects/Cryptographic-Algorithm-Validation-Program/Validation/Validation-List/KDF |
Don't have new epass2003 yet, but did find three PDF datasheets with picture of tokens. "With combined compatibility of Microsoft Minidriver and OpenSC, the ePass2003 is compatible with applications running on Windows, Linux and Mac and therefore is the ideal choice for all industries requiring high level protection such as government, enterprise, financial institutions and media companies." Will see about compatibility with Minidriver and OpenSC, and what other tools they provide to use these. |
Thank you for putting that much effort into this. If I can help, try something etc. don't hesitate to ask.
The embossed FIPS marking is not present on my tokens. In the meantime I got response from the reseller I bought the tokens from. Information is more or less the same as @drodgers-immt already pointed out: Feitian had to rework the tokens to be compliant with FIPS Level 3. |
The reseller I purchased the tokens from finally got a response from @FeitianSmartcardReader. They said that they are aware of the problem and are already working on a solution to make the tokens compatible with OpenSC again but there is no ETA for the changes. |
The https://github.com/FeitianSmartcardReader tell the reseller what was the problem? FIPS-2 appears to require SCP03 as defined in GlobalPlatform v2.2
OpenSC does not appear to support SCP03 (grep of the code does not have "SCP03") but If either of these cards work on Windows with the vendor's minidriver, the difference should show up in a USB trace as the formats of the APDUs is different. SCP01 follows ISO7816 SM formats with TLV formats whereas SCP03 appears to use APDUs with the 0x80 bit set which says non ISO7816 APDUs, and does not use all the TLVs like SCP01. |
If OpenSC needs SCP03, https://github.com/kaoh/globalplatform looks interesting.
|
Unfortunately they didn't provide technical details what the problem is. But they provided the manufacturers software. The software has a login button and shows the remaining tries when entering the wrong pin. I captured the communication with wireshark. The command sequence is similar to OpenSC.
There is a slight difference between OpenSC and the original software. OpenSC additionally transmits a trailing
I tried stripping the trailing byte but result was the same. Maybe the token ignores trailing bytes. |
The last 00 maybe misleading. It is the Le 00 which says host is willing to accept up to 256 bytes. Card returns up to 256 bytes, and if there is even more returns 61xx. It is really outside of the SM. The error message indicates 69 88 says there is a problem with the SM. Which may have something to do with not a Le in the encrypted or encoded data as the original APDU does not have any data to be returned. But with SM there is at least the MAC and the status bytes need to be returned. (My two ePass2003s are somewhere between San Francisco and Chicago (3,425.91 km) probably on a truck, expected delivery on late Saturday.) |
I don't have the test ePass2003 cards yet, but if you havetime, can you try this WIP: I think what be going on, is for APDUs that do not send any data (like checking log in state and possibly key generation) "GlobalPlatform Card Specification 2.2.1" says about SCP01: "If confidentiality is required, the off-card entity encrypts the “clear text” data field of the command message being transmitted to the card. (If the APDU command does not originally contain command data, encryption is not performed.)" The code now uses |
@dengert thank you for all your efforts. I'm happy to test whatever you have. With the changes from your branch, creation does not succeed but fails at an earlier step. Now Requesting a challenge seems to be a Case 2 APDU... OpenSC/src/libopensc/iso7816.c Line 792 in 818f1da
construct_mac_tlv_case1 for this APDU too.
What I found interesting: only APDUs with use the |
Problem Description
I'm trying to initialize a newly acquired Feitian ePass 2003 token (blue case) with the steps provided by the wiki article. But creating the PKCS#15 structure fails with the error
Failed to create PKCS #15 meta structure: Card command failed
. Erasing the token seems to work fine.I tried with the latest release version 0.24.0 shipped with arch linux and the current version from master branch eda86e4
Proposed Resolution
I haven't been able to get the token working in the meantime.
Steps to reproduce
Logs
You can find full logs with
-vvvvvv
of both commands here: https://pastebin.com/AwByRSFWThe text was updated successfully, but these errors were encountered: