PKCS #15 support in gpgsm
Open, HighPublic

Description

With stable branch PKCS #15 with the sample card for the BMI does not work as expected.

2020-03-20 12:22:37 scdaemon[6778] DBG: chan_7 <- GETINFO version
2020-03-20 12:22:37 scdaemon[6778] DBG: chan_7 -> D 2.2.20-beta22

> scd learn --keypairinfo
S KEYPAIRINFO 1B25863CB82511080DDA9E87AA927A55AF11145B P15.02
S KEYPAIRINFO 3017D73C1E8FB901CFD1CB827034157526E4B055 P15.0D
S KEYPAIRINFO 5DD91A55CB6E784C908030C356303A62234DCA3E P15.0C
S KEYPAIRINFO EF780E90B8F10D2AB874FE4D298B455FB3D11EA5 P15.01

So far so good. But:

 gpgsm --learn-card
gpgsm: error learning card: Invalid value

The scd log says:

2020-03-20 12:22:37 scdaemon[6778] DBG: chan_7 <- LEARN --force
2020-03-20 12:22:37 scdaemon[6778] DBG: chan_7 -> S READER 04E6:5814:54301803614739:0
2020-03-20 12:22:37 scdaemon[6778] DBG: chan_7 -> S SERIALNO FF0100D27600000000000000000000
2020-03-20 12:22:37 scdaemon[6778] DBG: chan_7 -> S APPTYPE P15
2020-03-20 12:22:37 scdaemon[6778] DBG: chan_7 -> S CERTINFO 100 P15.02
2020-03-20 12:22:37 scdaemon[6778] DBG: chan_7 -> S CERTINFO 100 P15.0D
2020-03-20 12:22:37 scdaemon[6778] DBG: chan_7 -> S CERTINFO 100 P15.0C
2020-03-20 12:22:37 scdaemon[6778] DBG: chan_7 -> S CERTINFO 100 P15.01
2020-03-20 12:22:37 scdaemon[6778] DBG: chan_7 -> S CERTINFO 101 P15.2D32323739363034363838303535393032323038
2020-03-20 12:22:37 scdaemon[6778] DBG: chan_7 -> S CERTINFO 101 P15.34313336393135373333383935313432303137
2020-03-20 12:22:37 scdaemon[6778] DBG: chan_7 -> S CERTINFO 101 P15.38333532303335353035383637373439363638
2020-03-20 12:22:37 scdaemon[6778] DBG: chan_7 -> S KEYPAIRINFO 1B25863CB82511080DDA9E87AA927A55AF11145B P15.02
2020-03-20 12:22:37 scdaemon[6778] DBG: chan_7 -> S KEYPAIRINFO 3017D73C1E8FB901CFD1CB827034157526E4B055 P15.0D
2020-03-20 12:22:37 scdaemon[6778] DBG: chan_7 -> S KEYPAIRINFO 5DD91A55CB6E784C908030C356303A62234DCA3E P15.0C
2020-03-20 12:22:37 scdaemon[6778] DBG: chan_7 -> S KEYPAIRINFO EF780E90B8F10D2AB874FE4D298B455FB3D11EA5 P15.01
2020-03-20 12:22:37 scdaemon[6778] DBG: chan_7 -> OK
2020-03-20 12:22:37 scdaemon[6778] DBG: chan_7 <- READCERT P15.38333532303335353035383637373439363638
2020-03-20 12:22:37 scdaemon[6778] DBG: send apdu: c=00 i=A4 p1=00 p2=0C lc=2 le=-1 em=0
2020-03-20 12:22:37 scdaemon[6778] DBG:  raw apdu: 00 A4 00 0C 02 3F 00
2020-03-20 12:22:37 scdaemon[6778] DBG:  response: sw=9000  datalen=0
2020-03-20 12:22:37 scdaemon[6778] DBG:     dump:··
2020-03-20 12:22:37 scdaemon[6778] DBG: send apdu: c=00 i=A4 p1=01 p2=0C lc=2 le=-1 em=0
2020-03-20 12:22:37 scdaemon[6778] DBG:  raw apdu: 00 A4 01 0C 02 40 16
2020-03-20 12:22:38 scdaemon[6778] DBG:  response: sw=9000  datalen=0
2020-03-20 12:22:38 scdaemon[6778] DBG:     dump:··
2020-03-20 12:22:38 scdaemon[6778] DBG: send apdu: c=00 i=A4 p1=02 p2=0C lc=2 le=-1 em=0
2020-03-20 12:22:38 scdaemon[6778] DBG:  raw apdu: 00 A4 02 0C 02 C7 08
2020-03-20 12:22:38 scdaemon[6778] DBG:  response: sw=9000  datalen=0
2020-03-20 12:22:38 scdaemon[6778] DBG:     dump:··
2020-03-20 12:22:38 scdaemon[6778] DBG: send apdu: c=00 i=B0 p1=00 p2=00 lc=-1 le=553 em=0
2020-03-20 12:22:38 scdaemon[6778] error reading certificate with Id 38333532303335353035383637373439363638: Invalid value
2020-03-20 12:22:38 scdaemon[6778] app_readcert failed: Invalid value
2020-03-20 12:22:38 scdaemon[6778] DBG: chan_7 -> ERR 100663351 Invalid value <SCD>

I have not tested with master.

The Belgian certipost smartcard fails already at "learn --keypairinfo"

2020-03-20 12:26:30 scdaemon[6778] DBG: chan_7 <- learn --keypairinfo
2020-03-20 12:26:31 scdaemon[6778] ccid open error: skip
2020-03-20 12:26:31 scdaemon[6778] pcsc_establish_context failed: no service (0x8010001d)
2020-03-20 12:26:31 scdaemon[6778] DBG: chan_7 -> ERR 100696144 No such device <SCD>

Details

Version
stable branch

The return value that was mapped to invalid value was "SW_WRONG_LENGTH" so I tested using the codepath for the SW_EXACT_LENGTH sw return value, too and it worked for readcert.

So I was able to import the certificates from the card. But when using them I get a card error after the pin entry.

diff --git a/scd/iso7816.c b/scd/iso7816.c
index 627481fd4..56f30489f 100644
--- a/scd/iso7816.c
+++ b/scd/iso7816.c
@@ -749,7 +749,7 @@ iso7816_read_binary (int slot, size_t offset, size_t nmax,
       sw = apdu_send_le (slot, 0, 0x00, CMD_READ_BINARY,
                          ((offset>>8) & 0xff), (offset & 0xff) , -1, NULL,
                          n, &buffer, &bufferlen);
-      if ( SW_EXACT_LENGTH_P(sw) )
+      if ( SW_EXACT_LENGTH_P(sw) || sw == SW_WRONG_LENGTH )
         {
           n = (sw & 0x00ff);
           sw = apdu_send_le (slot, 0, 0x00, CMD_READ_BINARY,
2020-03-20 15:48:49 scdaemon[44188] DBG: asking for PIN 'PIN'
2020-03-20 15:48:49 scdaemon[44188] DBG: chan_7 -> INQUIRE NEEDPIN PIN
2020-03-20 15:48:52 scdaemon[44188] DBG: chan_7 <- [ 44 20 31 32 33 34 35 36 00 00 00 00 00 00 00 00 ...(76 byte(s) skipped) ]
2020-03-20 15:48:52 scdaemon[44188] DBG: chan_7 <- END
2020-03-20 15:48:52 scdaemon[44188] DBG: send apdu: c=00 i=20 p1=00 p2=01 lc=6 le=-1 em=0
2020-03-20 15:48:52 scdaemon[44188] DBG:  raw apdu: 00 20 00 01 06 31 32 33 34 35 36
2020-03-20 15:48:52 scdaemon[44188] DBG:  response: sw=9000  datalen=0
2020-03-20 15:48:52 scdaemon[44188] DBG:     dump:··
2020-03-20 15:48:52 scdaemon[44188] DBG: PIN verification succeeded
2020-03-20 15:48:52 scdaemon[44188] DBG: send apdu: c=00 i=A4 p1=02 p2=0C lc=2 le=-1 em=0
2020-03-20 15:48:52 scdaemon[44188] DBG:  raw apdu: 00 A4 02 0C 02 00 13
2020-03-20 15:48:52 scdaemon[44188] DBG:  response: sw=9000  datalen=0
2020-03-20 15:48:52 scdaemon[44188] DBG:     dump:··
2020-03-20 15:48:52 scdaemon[44188] DBG: send apdu: c=00 i=B2 p1=01 p2=04 lc=-1 le=0 em=0
2020-03-20 15:48:52 scdaemon[44188] DBG:  raw apdu: 00 B2 01 04 00
2020-03-20 15:48:52 scdaemon[44188] DBG:  response: sw=9000  datalen=35
2020-03-20 15:48:52 scdaemon[44188] DBG:       dump:  83 04 51 00 00 51 C0 02 81 80 90 01 0F 7B 14 80 01 00 A1 03 8B 01 06 A4 0A 95 01 40 89 02 21 13 80 01 02
2020-03-20 15:48:52 scdaemon[44188] DBG: keyD record: 83 04 51 00 00 51 C0 02 81 80 90 01 0F 7B 14 80 01 00 A1 03 8B 01 06 A4 0A 95 01 40 89 02 21 13 80 01 02
2020-03-20 15:48:52 scdaemon[44188] DBG: send apdu: c=00 i=22 p1=41 p2=B6 lc=5 le=-1 em=0
2020-03-20 15:48:52 scdaemon[44188] DBG:  raw apdu: 00 22 41 B6 05 83 03 80 51 00
2020-03-20 15:48:52 scdaemon[44188] DBG:  response: sw=9000  datalen=0
2020-03-20 15:48:52 scdaemon[44188] DBG:     dump:··
2020-03-20 15:48:52 scdaemon[44188] DBG: send apdu: c=00 i=2A p1=9E p2=9A lc=35 le=256 em=0
2020-03-20 15:48:52 scdaemon[44188] DBG:  raw apdu: 00 2A 9E 9A 23 30 21 30 09 06 05 2B 0E 03 02 1A 05 00 04 14 15 88 6A 3D 07 C3 F8 C4 F7 6B 62 33 D5 B3 36 03 26 96 C2 D3 00
2020-03-20 15:48:52 scdaemon[44188] DBG:  response: sw=6400  datalen=0
2020-03-20 15:48:52 scdaemon[44188] operation sign result: Card error
2020-03-20 15:48:52 scdaemon[44188] app_sign failed: Card error