OpenSC.tokend cannot PIN-unlock a PIV card

[mouse07410]

Environment

• Mac OS X 10.9.5 Mavericks, Xcode-7.0.1 installed (same results with Xcode-6.1.1).
• Smart card readers:
  • SCR3310 v2.0
  • Yubikey NEO https://www.yubico.com/products/yubikey-hardware/yubikey-neo/ (firmware 3.3.0) plugs directly into the USB port
• Smart cards:
  • US DoD CAC (with RSA keys and certificates), used in SCR3310
  • Yubikey NEO (PIV applet v0.1.3) with RSA-2048 keys and certificates (also tried with ECC P256 certificates, same results)
• OpenSC.tokend from the current OpenSC-0.15.0 Github repo.
• SmartCardServices (alternative to OpenSC.tokend - not installed or used together)

Expectations - what I need

1. Insert the card
2. Work with it using utilities (piv-tool, pkcs15-tool, etc)
3. Have applications like Keychain Access, Safari, Firefox, Chrome access credentials on the card/token

What does work

Lower-level utilities appear to work OK. I can read both CAC card and Yubikey NEO (PIV applet), load and read certificates, etc. I can make Firefox work with it by loading the appropriate PKCS11 library (in this case /Library/OpenSC/lib/opensc-pkcs11.so).

When I install SmartCardServices-2.0.1 http://smartcardservices.macosforge.org/trac/wiki/installers and remove CAC.tokend so that PIV.tokend is picked instead - CAC card is fully functional. But NEO token is not recognized/accepted by it at all, which is why I cannot just stick with SmartCardServices for all my needs.

What does not work

Card can't be unlocked by the correct PIN. Consequently, none of the Mac OS X applications that relate on tokend. In particular:

• Kechain Access
• Safari
• Apple Mail
• Google Chrome

OpenSC.tokend appears to "see" the tokens and even determine what certificates are loaded - but it is unable to unlock the token, and (I think - therefore) unable to work with it.

In Keychain Access, when I select the tab "Certificates" - I see all the certificates I loaded on the token.
But when I select the tab "My Certificates" - it is empty.

I noticed a direct correlation between the ability of the Keychain Access to work with the private keys (to unlock the token) and the ability of other applications (e.g. Apple Mail) to work with that token too: if Keychain fails - Apple Mail fails too, and so does Safari.

To compare, with PIV.tokend from SmardCardServices-2.0.1 even before I unlock the CAC token, it detects both certificates and corresponding private keys. Coincidentally, it unlocks the token fine. Unfortunately I cannot use PIV.tokend with NEO, because NEO isn't recognized by PIV.tokend.

Update Based on the OpenSC logs, OpenSC.tokend succeeds in passing the PIN to the smart card (both CAC and NEO), receives OK (Success, PIN Verified) from the smart card, but somehow does not report this success to the application that initiated the operation.

Logs

Here's what I have in the /var/log/system.log:

From opensc-debug.log:

0x7fff78114300 18:18:46.140733193388670 [tokend] /Users/uri/src/OpenSC/OpenSC.tokend
/OpenSC/OpenSCRecord.cpp:233:getAcl:   retuning 2 ACL entries
0x7fff78114300 18:18:52.4294967408 [tokend] /Users/uri/src/OpenSC/OpenSC.tokend/Open
SC/OpenSCToken.cpp:149:verifyPIN: In OpenSCToken::verifyPIN(1)
0x7fff78114300 18:18:52.4294967408 [tokend] /Users/uri/src/OpenSC/OpenSC.tokend/Open
SC/OpenSCToken.cpp:155:verifyPIN:   Activating workaround for PIN #1
0x7fff78114300 18:18:52.317106025398384 [tokend] /Users/uri/src/OpenSC/OpenSC.tokend
/OpenSC/OpenSCToken.cpp:172:_verifyPIN: In OpenSCToken::_verifyPIN(), PIN num is: 1
0x7fff78114300 18:18:52.317106025398384 [tokend] /Users/uri/src/OpenSC/OpenSC.tokend/OpenSC/OpenSCToken.cpp:186:_verifyPIN:   sc_pkcs15_get_objects(pin_id=01): 2
0x7fff78114300 18:18:52.140733193388144 [tokend] pkcs15-pin.c:295:sc_pkcs15_verify_pin: called
0x7fff78114300 18:18:52.140733193388144 [tokend] pkcs15-pin.c:296:sc_pkcs15_verify_pin: PIN(type:0;method:1;len:)
0x7fff78114300 18:18:52.112 [tokend] card.c:394:sc_lock: called
0x7fff78114300 18:18:52.317106025398384 [tokend] reader-pcsc.c:526:pcsc_lock: called
0x7fff78114300 18:18:52.113 [tokend] sec.c:159:sc_pin_cmd: called
0x7fff78114300 18:18:52.113 [tokend] apdu.c:563:sc_transmit_apdu: called
0x7fff78114300 18:18:52.113 [tokend] card.c:394:sc_lock: called
0x7fff78114300 18:18:52.140733193388145 [tokend] apdu.c:530:sc_transmit: called
0x7fff78114300 18:18:52.140733193388145 [tokend] apdu.c:384:sc_single_transmit: called
0x7fff78114300 18:18:52.140733193388145 [tokend] apdu.c:389:sc_single_transmit: CLA:0, INS:20, P1:0, P2:80, data(8) 0x7fff5ee23f70
0x7fff78114300 18:18:52.317106025398385 [tokend] reader-pcsc.c:254:pcsc_transmit: reader 'Yubico Yubikey NEO OTP+U2F+CCID'
0x7fff78114300 18:18:52.140733193388145 [tokend] apdu.c:187:sc_apdu_log:
Outgoing APDU data [   13 bytes] =====================================
00 20 00 80 08 xx xx xx xx xx xx FF FF . ...yyyyyy..
======================================================================
0x7fff78114300 18:18:52.140733193388145 [tokend] reader-pcsc.c:184:pcsc_internal_transmit: called
0x7fff78114300 18:18:52.4294967441 [tokend] apdu.c:187:sc_apdu_log:
Incoming APDU data [    2 bytes] =====================================
90 00 ..
======================================================================
0x7fff78114300 18:18:52.140733193388177 [tokend] apdu.c:399:sc_single_transmit: returning with: 0 (Success)
ning with: 0 (Success)
0x7fff78114300 18:18:52.120259084433 [tokend] apdu.c:552:sc_transmit: returning with: 0 (Success)
0x7fff78114300 18:18:52.-4294967151 [tokend] card.c:434:sc_unlock: called
0x7fff78114300 18:18:52.145 [tokend] sec.c:206:sc_pin_cmd: returning with: 0 (Success)
0x7fff78114300 18:18:52.145 [tokend] pkcs15-pin.c:368:sc_pkcs15_verify_pin: PIN cmd result 0
0x7fff78114300 18:18:52.317106025398417 [tokend] pkcs15-pin.c:594:sc_pkcs15_pincache_add: called
0x7fff78114300 18:18:52.317106025398417 [tokend] pkcs15-pin.c:634:sc_pkcs15_pincache_add: PIN(PIV Card Holder pin) cached
0x7fff78114300 18:18:52.4294967441 [tokend] card.c:434:sc_unlock: called
0x7fff78114300 18:18:52.145 [tokend] reader-pcsc.c:566:pcsc_unlock: called
0x7fff78114300 18:18:52.146 [tokend] pkcs15-pin.c:373:sc_pkcs15_verify_pin: returning with: 0 (Success)
0x7fff78114300 18:18:52.146 [tokend] /Users/uri/src/OpenSC/OpenSC.tokend/OpenSC/OpenSCToken.cpp:192:_verifyPIN:   In OpenSCToken::verify returned 0 for pin 1
0x7fff78114300 18:18:52.6011854084296933522 [tokend] /Users/uri/src/OpenSC/OpenSC.tokend/OpenSC/OpenSCToken.cpp:158:verifyPIN:   About to call BEGIN()
0x7fff78114300 18:18:52.146 [tokend] /Users/uri/src/OpenSC/OpenSC.tokend/OpenSC/OpenSCKeyHandle.cpp:189:decrypt: In OpenSCKeyHandle::decrypt(ciphertext length = 256)
0x7fff78114300 18:18:52.140733193388178 [tokend] pkcs15-sec.c:95:sc_pkcs15_decipher: called
0x7fff78114300 18:18:52.317106025398418 [tokend] padding.c:283:sc_get_encoding_flags: called
0x7fff78114300 18:18:52.317106025398418 [tokend] padding.c:287:sc_get_encoding_flags: iFlags 0x2, card capabilities 0x1
0x7fff78114300 18:18:52.317106025398418 [tokend] padding.c:316:sc_get_encoding_flags: pad flags 0x2, secure algorithm flags 0x0
0x7fff78114300 18:18:52.317106025398418 [tokend] padding.c:317:sc_get_encoding_flags: returning with: 0 (Success)
0x7fff78114300 18:18:52.146 [tokend] card.c:394:sc_lock: called
0x7fff78114300 18:18:52.317106025398418 [tokend] reader-pcsc.c:526:pcsc_lock: called
0x7fff78114300 18:18:52.4294967442 [tokend] sec.c:68:sc_set_security_env: called
0x7fff78114300 18:18:52.317106025398418 [tokend] card-piv.c:2217:piv_set_security_env: called
0x7fff78114300 18:18:52.317106025398418 [tokend] card-piv.c:2221:piv_set_security_env: flags=00000014 op=1 alg=0 algf=00000000 algr=00000000 kr0=9d, krfl=1
0x7fff78114300 18:18:52.317106025398418 [tokend] card-piv.c:2248:piv_set_security_env: returning with: 0 (Success)
0x7fff78114300 18:18:52.140432545677458 [tokend] sec.c:72:sc_set_security_env: returning with: 0 (Success)
0x7fff78114300 18:18:52.4294967442 [tokend] sec.c:40:sc_decipher: called
0x7fff78114300 18:18:52.317106025398418 [tokend] card-piv.c:2413:piv_decipher: called
0x7fff78114300 18:18:52.4294967442 [tokend] card-piv.c:2277:piv_validate_general_authentication: called
0x7fff78114300 18:18:52.146 [tokend] card-piv.c:447:piv_general_io: called
0x7fff78114300 18:18:52.146 [tokend] card-piv.c:450:piv_general_io: 87 07 9d 266 : 255 256
0x7fff78114300 18:18:52.146 [tokend] card.c:394:sc_lock: called
0x7fff78114300 18:18:52.146 [tokend] card-piv.c:490:piv_general_io: calling sc_transmit_apdu flags=1 le=256, resplen=4096, resp=0x7fff5ee23650
0x7fff78114300 18:18:52.140733193388179 [tokend] apdu.c:563:sc_transmit_apdu: called
0x7fff78114300 18:18:52.147 [tokend] card.c:394:sc_lock: called
0x7fff78114300 18:18:52.140733193388179 [tokend] apdu.c:530:sc_transmit: called
0x7fff78114300 18:18:52.140733193388179 [tokend] apdu.c:384:sc_single_transmit: called
0x7fff78114300 18:18:52.140733193388179 [tokend] apdu.c:389:sc_single_transmit: CLA:10, INS:87, P1:7, P2:9D, data(255) 0x7fff5ee24810
0x7fff78114300 18:18:52.317106025398419 [tokend] reader-pcsc.c:254:pcsc_transmit: reader 'Yubico Yubikey NEO OTP+U2F+CCID'
0x7fff78114300 18:18:52.140733193388179 [tokend] apdu.c:187:sc_apdu_log:
Outgoing APDU data [  260 bytes] =====================================
10 87 07 9D FF 7C 82 01 06 82 00 81 82 01 00 4B .....|.........K
30 9A 10 3E E1 1C 33 1C 5E A9 7E F2 DC 25 BB 65 0..>..3.^.~..%.e
52 21 6C B0 0D B3 3B EB CE 84 74 DD 8E 44 18 18 R!l...;...t..D..
35 67 7E C3 F1 ED 11 63 67 52 32 97 C7 A4 B7 97 5g~....cgR2.....
6F 35 15 0A 2C BD 78 F2 31 DB 4F 1C 57 88 24 92 o5..,.x.1.O.W.$.
07 EF 96 D0 80 C6 2E 47 64 8F F1 F7 EF 1B 41 4E .......Gd.....AN
FE 07 A1 54 0B D3 2B 3A 2C FB 7B 0A 99 D3 27 71 ...T..+:,.{...'q
68 F1 FB 75 A5 30 C1 E6 8F 96 5C 7B EA 25 B8 BC h..u.0....\{.%..
8D 04 40 A4 63 5E B6 91 D5 83 E6 EB 82 28 AB EE ..@.c^.......(..
07 B2 80 05 15 C2 8D DA 77 62 BA 82 A0 72 4B 17 ........wb...rK.
F6 16 51 83 74 80 15 38 39 E6 2A AB 98 DF 18 E5 ..Q.t..89.*.....
08 6B C0 C8 89 27 32 00 E9 64 91 86 72 77 68 BA .k...'2..d..rwh.
D0 98 D3 A0 D5 B2 DE 27 69 26 43 B5 20 7E 5C B1 .......'i&C. ~\.
21 C5 C5 AD 82 71 80 43 63 36 23 9E CE 42 7F 65 !....q.Cc6#..B.e
96 A6 00 D4 0A 83 29 A6 BE EC 6F 04 62 89 BA 83 ......)...o.b...
E9 62 45 72 D3 BD 79 C3 6F CA D6 BC 5D 44 20 42 .bEr..y.o...]D B
98 C0 97 33                                     ...3
======================================================================
0x7fff78114300 18:18:52.140733193388179 [tokend] reader-pcsc.c:184:pcsc_internal_transmit: called
0x7fff78114300 18:18:52.4294967474 [tokend] apdu.c:187:sc_apdu_log:
Incoming APDU data [    2 bytes] =====================================
90 00 ..
======================================================================
0x7fff78114300 18:18:52.140733193388210 [tokend] apdu.c:399:sc_single_transmit: returning with: 0 (Success)
0x7fff78114300 18:18:52.120259084466 [tokend] apdu.c:552:sc_transmit: returning with: 0 (Success)

Based on the above log, it appears that OpenSC.tokend succeeds in all the operations with smart card. The problem is somewhere where it communicates with the OS and/or applications.

Syslog for NEO:

     Mar 18 11:48:53 hostname com.apple.SecurityServer[38]: reader Yubico Yubikey NEO OTP+U2F+CCID 00 00 inserted token "PIV_II" (c62cfe2c4e51372d76c7a0492489dda9b7c12......671) subservice 12 using driver com.apple.tokend.opensc
     Mar 18 11:49:00 hostname secd[597]:  SecErrorGetOSStatus unknown error domain: com.apple.security.sos.error for error: The operation couldn’t be completed. (com.apple.security.sos.error error 2 - Public Key not available - failed to register before call)
     Mar 18 11:49:00 hostname secd[597]:  securityd_xpc_dictionary_handler Keychain Access[44833] DeviceInCircle The operation couldn’t be completed. (com.apple.security.sos.error error 2 - Public Key not available - failed to register before call)
     Mar 18 11:49:00 hostname secd[597]:  SecErrorGetOSStatus unknown error domain: com.apple.security.sos.error for error: The operation couldn’t be completed. (com.apple.security.sos.error error 2 - Public Key not available - failed to register before call)
     Mar 18 11:49:00 hostname secd[597]:  securityd_xpc_dictionary_handler Keychain Access[44833] DeviceInCircle The operation couldn’t be completed. (com.apple.security.sos.error error 2 - Public Key not available - failed to register before call)
     Mar 18 11:49:00 hostname secd[597]:  SecErrorGetOSStatus unknown error domain: com.apple.security.sos.error for error: The operation couldn’t be completed. (com.apple.security.sos.error error 2 - Public Key not available - failed to register before call)
     ...... 
     Mar 18 11:49:22 hostname secd[597]:  SecErrorGetOSStatus unknown error domain: com.apple.security.sos.error for error: The operation couldn’t be completed. (com.apple.security.sos.error error 2 - Public Key not available - failed to register before call)
     Mar 18 11:49:22 hostname secd[597]:  securityd_xpc_dictionary_handler Keychain Access[44833] DeviceInCircle The operation couldn’t be completed. (com.apple.security.sos.error error 2 - Public Key not available - failed to register before call)
     Mar 18 11:49:30 hostname authexec[44838]: executing /Library/Frameworks/VirusScanPreferences.framework/Versions/Current/Resources/prefsHelperTool
     Mar 18 11:49:32 hostname launchservicesd[100]: Application App:"Keychain Access" asn:0x0-a80a8 pid:44833 refs=7 @ 0x7fd62a50f650 tried to be brought forward, but isn't in fPermittedFrontApps ( ( "LSApplication:0x0-0xa90a9 pid=44837 "SecurityAgent"")), so denying. : LASSession.cp #1481 SetFrontApplication() q=LSSession 100006/0x186a6 queue
     Mar 18 11:49:32 hostname WindowServer[151]: [cps/setfront] Failed setting the front application to Keychain Access, psn 0x0-0xa80a8, securitySessionID=0x186a6, err=-13066
     Mar 18 11:49:32 hostname kernel[0]: Sandbox: mDNSResponder(45) deny file-read-data /
     Mar 18 11:49:32 --- last message repeated 4 times ---

Syslog for CAC:

     Mar 18 14:48:14 hostname com.apple.SecurityServer[38]: reader SCM SCR 3310 00 00 inserted token  "PIV_II" (d8e2......afe) subservice 7 using driver com.apple.tokend.opensc
     Mar 18 14:48:31 hostname apsd[663]: CFNetwork SSLHandshake failed (-9806) 
     Mar 18 14:48:52 hostname launchservicesd[100]: Application App:"Google Chrome" asn:0x0-10010  pid:658 refs=7 @ 0x7fca336027b0 tried to be brought forward, but isn't in fPermittedFrontApps ( (  "LSApplication:0x0-0x21021 pid=805 "SecurityAgent"")), so denying. : LASSession.cp #1481  SetFrontApplication() q=LSSession 100006/0x186a6 queue
     Mar 18 14:48:52 hostname WindowServer[151]: [cps/setfront] Failed setting the front application to  Google Chrome, psn 0x0-0x10010, securitySessionID=0x186a6, err=-13066
     Mar 18 14:48:52 hostname kernel[0]: Sandbox: mDNSResponder(45) deny file-read-data /
     Mar 18 14:48:52 --- last message repeated 4 times ---

Low-level operations

$ piv-tool -n
Using reader with a card: Yubico Yubikey NEO OTP+U2F+CCID
PIV-II card
$ pkcs15-tool -c
Using reader with a card: Yubico Yubikey NEO OTP+U2F+CCID
X.509 Certificate [Certificate for PIV Authentication]
    Object Flags   : [0x0]
    Authority      : no
    Path           :
    ID             : 01
    Encoded serial : 02 04 55E515DF
X.509 Certificate [Certificate for Digital Signature]
    Object Flags   : [0x0]
    Authority      : no
    Path           :
    ID             : 02
    Encoded serial : 02 04 56149706
X.509 Certificate [Certificate for Key Management]
    Object Flags   : [0x0]
    Authority      : no
    Path           :
    ID             : 03
    Encoded serial : 02 04 5614980B
X.509 Certificate [Certificate for Card Authentication]
    Object Flags   : [0x0]
    Authority      : no
    Path           :
    ID             : 04
    Encoded serial : 02 04 55E51974
$ yubico-piv-tool -a status
CHUID:  3019d4e739da739ced39ce739d836858210842108421384210c3f53410fa65ccb593e3eb47510f9ac1cc1e896f350832303330303130313e00fe00
Slot 9a:
    Algorithm:  RSA2048
    Subject DN: CN=uri
    Issuer DN:  C=US, ST=MA, O=The Burrow, OU=Gatherers, CN=Forest RSA CA 3
    Fingerprint:    e403cd9afb75328b16289b59e082f673736386f4a57ec4209e088bbd266d04c8
    Not Before: Sep  1 03:06:27 2015 GMT
    Not After:  Sep  1 03:06:27 2018 GMT
Slot 9c:
    Algorithm:  RSA2048
    Subject DN: emailAddress=mouse07410@outlook.com, CN=Mouse Mousevich
    Issuer DN:  C=US, ST=MA, O=The Burrow, OU=Gatherers, CN=Forest RSA CA 3
    Fingerprint:    76339363b5cceca244b2edbad8b40c01686e71fbd91e6f5f317d3e503d0ea32f
    Not Before: Oct  7 03:54:56 2015 GMT
    Not After:  Oct  7 03:54:56 2018 GMT
Slot 9d:
    Algorithm:  RSA2048
    Subject DN: emailAddress=mouse07410@outlook.com, CN=Mouse Mousevich
    Issuer DN:  C=US, ST=MA, O=The Burrow, OU=Gatherers, CN=Forest RSA CA 3
    Fingerprint:    3968d8f42f947d22936e879e688503470bd329f2434febdcc35db792c121e5d3
    Not Before: Oct  7 03:58:36 2015 GMT
    Not After:  Oct  7 03:58:36 2018 GMT
Slot 9e:
    Algorithm:  RSA2048
    Subject DN: CN=uri
    Issuer DN:  C=US, ST=MA, O=The Burrow, OU=Gatherers, CN=Forest RSA CA 3
    Fingerprint:    ac951e59be89e3fe2e73fb5b8215a902f989039d9ba12ab400802e505d9a8340
    Not Before: Sep  1 03:21:04 2015 GMT
    Not After:  Sep  1 03:21:04 2018 GMT
PIN tries left: 10

I'm also seeking help on the Yubico forum http://forum.yubico.com/viewtopic.php?f=26&t=1768&p=7064#p7064 , but I think there's a better chance here because the problem seems to be with the tokend, or rather with how tokend interacts with the Yosemite OS and applications.

[varMari]

@mouse07410 Have you solved this problem ?

[martinpaljak]

Tokend currently only does RSA, while your keys seem to be EC ?

[martinpaljak]

 Slot 9c:
     Algorithm: ECCP256

Looks like P-256 ?

[mouse07410]

Looks like P-256 ?

Yes it was. Not any more - but the problem (inability to communicate successful PIN-unlock to the OS and apps) persists. Please see above.

Thanks!

[terinjokes]

@martinpaljak I'm also seeing this with a smartcard with RSA2048 keys. I see the certificates in Keychain Access (and the private key belonging to it), but I can't actually use it for Mail.app.

[frankmorgner]

Should be solved in the most recent version of OpenSC together with #16 of OpenSC.tokend

[mouse07410]

Not sure. It works with the changes that you and @dengert suggested, but I haven't seen those changes actually merged into the mainstream??? (Or have I missed that?)

And with the latest changes @dengert suggested (inspired :), see issue OpenSC/OpenSC#570 ), Outlook 2011 successfully signs outgoing emails using SHA256withRSA (haven't tried with SHA512, pretty sure it would work).

[frankmorgner]

fixes for unlocking the token are merged now!