New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Solve few bugs #1110
Solve few bugs #1110
Conversation
1. Solve generate RSA Key error 2. Solve issue->#1073 (comment), add ECC support 3. Code passed test with https://github.com/OpenSC/OpenSC/wiki/Smart-Card-Testing
In the last pull request you wrote:
I don't fully understand what you mean by this, but I still wonder if it's possible to leave the layer above |
@frankmorgner here is compare log, have a look, in 0.16 version, it works, not work in 0.17 version, thanks. |
You're sending an |
@frankmorgner we had misunderstanding, the issue is not short APDU, it is about return data, check attachment screenshot, thanks |
Please fix the problem I've pointed out above. At the very least, it clutters the log with irritating error messages. Regarding the excerpt of the log you've pointed out, the only difference I can see is that Please note that I don't have time left looking through your logs. Please fix this problem within your card driver and try not to touch the layers above. |
Is the problem related to d757db2 ? The trace shows lines 375, 387 and 390 being executed which (IMHO) means line 382 is not executed. sm.c appears to be where SC_APDU_FLAGS_NO_SM = 1. In looks like SW=6C1B causes the previous command to be reissued with the new length of 1B which then causes the SW=6988. Does epass2003_sm_get_wrapped_apdu need changes to address d757db2 ? |
@dengert yes, you are right. that the issue, so we modify the few files to solve this issue, I will talk internal if possible do modify epass2003_sm_get_wrapped_apdu only, thanks |
@FeitianSmartcardReader Also read #972 and related #970, #975. If you card is sending back a SM fragmented response, the new code will reassemble it before presenting it to you driver. |
@dengert Thanks for your reply, will check and do modify, keep update, thanks |
@FeitianSmartcardReader Do NOT modify If you absolutely need this modification, it's imperative to post a detailed explanation (i.e. don't say "problem solved"). In particular, you should rule out the three ideas I've given above which may solve the issue. For further communication, please again do a detailed analysis with your technical staff (read: don't waste my time), thanks. |
Here is something else to look at:
This is an extended APDU. Then after determining the length needs to be changed, the new APDU in 763, 764:
is a short APDU with the new length of 1B But in #1110 (comment) above, and in log_wrong.txt the APDU sent with the corrected length is an extended APDU:
with SW = 69 88 So why is it using a short APDU in 0.16.0 and extended APDU in the new code? |
This may be a generic problem with the handling of Wrong Length status codes and not just a epass2003 problem. The epass2003 may be the first SM card to run into the problem. See possible fix below. Looking closer at #1110 (comment) and log_right.txt and log_wrong.txt: The command fails with: In the failing case sc_set_le_and_transmit in apdu.c is called, and it retries the command by only changing the apdu->resplen and apdu->le then calls sc_single_transmit with: 0C B2 01 04 00 00 0E 97 02 00 D8 8E 08 00 1E 69 01 23 58 43 7C 00 1B But does not work for a SM authenticated message because the message still contains the original Le of '00 DB' and original '8E' checksum, but the actual Le is now the '00 1B' as requested by the card. This looks like a bug in apdu.c that sc_set_le_and_transmit should not be called for a SM message to just retry with the new length. With an SM message, the response should be verified, and a new APDU should be generated which contains the new length. In previous versions, the SM code is called to handle all errors and would then generate a new APDU with the the new length and checksum as shown in log_right.txt: lines 743-764
Note that the new APDU is a short rather then an extended but that does not appear an issue. It has the new Le in the '97' tag and that matches the actual Le of '1B' and used to work. POSSIBLE FIXES: or the card's card->sm_ctx.ops.get_sm_apdu could set SC_APDU_FLAGS_NO_RETRY_WL; |
Nice find. Do you know at which point we made the transition from "SM code handles the error" to Also note that though setting |
You asked: "Do you know at which point we made the transition from "SM code handles the error" to apdu.c handles he error?" I don't see how any SM encoded APDU could be retried for Wrong Length, as the Le is included in the data sent and authenticated and/or encrypted. So this might be a fix for any SM message:
I have no way to test it, but @FeitianSmartcardReader could try it, and someone with DNiE could also test it. |
@dengert Already test, and it works. |
If my change solved your problem, please submit a new pull request with the change. I am on vacation. |
@dengert Will do it tomorrow, thanks |
close the communication, to make issue clearly, will submit another pull request. |
Checklist