Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

opensc-explorer does not verify PIN on Windows 8.1 #1043

Closed
szszszsz opened this issue May 5, 2017 · 6 comments · Fixed by #1344
Closed

opensc-explorer does not verify PIN on Windows 8.1 #1043

szszszsz opened this issue May 5, 2017 · 6 comments · Fixed by #1344
Labels
enhancement good first issue help wanted

Comments

@szszszsz
Copy link

szszszsz commented May 5, 2017
edited
Loading

Expected behaviour

PIN should be verified correctly while using opensc-explorer tool.

Actual behaviour

Error message is shown:

Unable to verify PIN code: Transmit failed

Issue is not occurring on Ubuntu 16.10 with OpenSC 0.16.

Steps to reproduce

Preconditions:

Admin PIN set to 12345678
OS: Windows 8.1 (also reported on Windows 10)
OpenSC build: latest development, No 0.16.0.1243
Nitrokey Pro v0.8

PS C:\Program Files\OpenSC Project\OpenSC\tools> .\opensc-tool.exe -l
# Detected readers (pcsc)
Nr.  Card  Features  Name
0    Yes             Nitrokey Nitrokey Pro 0
PS C:\Program Files\OpenSC Project\OpenSC\tools> .\opensc-tool.exe -a
Using reader with a card: Nitrokey Nitrokey Pro 0
3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c
PS C:\Program Files\OpenSC Project\OpenSC\tools> .\opensc-tool.exe -n
Using reader with a card: Nitrokey Nitrokey Pro 0
CryptoStick v1.2 (OpenPGP v2.0)

Steps

  1. Run opensc-explorer
  2. Run verify CHV3 3132333435363738

Logs

PS C:\Program Files\OpenSC Project\OpenSC\tools> ./opensc-explorer -v
OpenSC Explorer version 0.16.0
Using reader with a card: Nitrokey Nitrokey Pro 0
OpenSC [3F00]> verify CHV3 3132333435363738
Unable to verify PIN code: Transmit failed

opensc-explorer_windows8.txt
opensc-explorer-issue-ubuntu16.10-working.txt

CC: @jans23
@martinpaljak
Copy link
Member

I can tell the reason for the bug (Windows and transactions being limited to 5 seconds, see the remark here: https://msdn.microsoft.com/en-us/library/windows/desktop/aa379469(v=vs.85).aspx), but the solution depends on several factors.
2017-05-05 13:26:47.489 [opensc-explorer] card.c:449:sc_lock: returning with: 0 (Success) ... 2017-05-05 13:27:04.749 [opensc-explorer] sec.c:169:sc_pin_cmd: called

  1. There is a bug in OpenPGP card code, that does not release the transaction after reading the file, but maybe it should release it
  2. Use exclusive access on Windows 8+, if possible, for short periods

@frankmorgner
Copy link
Member

The solution to this problem is to lock the token only when needed. It's already implemented in pkcs15-tool (c6db68f), for example, but currently not in opensc-explorer.

@szszszsz
Copy link
Author

szszszsz commented Jun 29, 2017
edited
Loading

Just tested the latest build (0.16.0.1294) available on Windows 8.1 and the same issue has occurred for pkcs15-init while I was trying to import/delete certificate using the command listed on Wiki:

pkcs15-init --store-certificate mycert.pem --id 3
pkcs15-init --delete-objects cert --id 3

If PIN was not supplied within 5 seconds from tool's execution, Transmit failed error was shown.

@szszszsz szszszsz mentioned this issue Jun 29, 2017
Closed
@frankmorgner
Copy link
Member

Sure, because nobody implemented the fix above. Go ahead if you have some spare time!

@CardContact
Copy link
Member

Related to #875

@szszszsz
Copy link
Author

@frankmorgner
Sorry If I have sounded somewhat complaining, just wanted to note the other tool is affected too.

frankmorgner added a commit to frankmorgner/OpenSC that referenced this issue Apr 25, 2018
@frankmorgner
opensc-explorer: use explicit locking
8f6fb92 
fixed OpenSC#1043
@frankmorgner frankmorgner mentioned this issue Apr 25, 2018
Merged
3 tasks
frankmorgner added a commit that referenced this issue May 18, 2018
@frankmorgner
Use explicit locking for OpenSC tools (#1344)
01f712d 
* opensc-explorer: use explicit locking

fixed #1043

* opensc-tool: use explicit locking

* pkcs15-crypt: use explicit locking
@Jakuje Jakuje mentioned this issue Aug 20, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement good first issue help wanted
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use explicit locking for OpenSC tools frankmorgner/OpenSC
4 participants
@martinpaljak @frankmorgner @CardContact @szszszsz