-
Notifications
You must be signed in to change notification settings - Fork 709
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix C_Login() crashing when using uninitialized card #2045
Conversation
The code change looks good. At this moment, the tests for iso-applet are not very extensive, but would it make sense to try to add a regression test with a reproducer? The least work would be dumping few commands into the .travis.yml, but much better would be creating some bash script containing these tests with comments that would be invoked from the |
Did you check the other PKCS#11 entry points for this possible problem? |
I don't know. I've only noticed this as I am using a modified version of IsoApplet where among other improvements I can use PKCS#11 functions to initialise the token ( ATR used in jcardsim config (3B:80:80:01:01) clashes with SmartCard-HSM with fingerprint sensor and PIN pad from
Perhaps adding pin change and pin unblock tests?
Apart from these, I think the basics are pretty much covered... @frankmorgner: No, but now that you have mentioned it, I have tried a couple more possible problematic scenarios (very unsystematic, I know) and it didn't crash. So I hope this was the only one... |
Can you add these two cheks to the test and rebase on current master to get the CI green? |
Good to see the results green and check added. Can you rebase the change on top of current master (instead of the merge commit you did?). Just |
pkcs11-tool --init-pin ... crashes if the card hasn't been initialized beforehand with pkcs11-tool --init-token as p15card == NULL
...so it does not clash with "SmartCard-HSM with fingerprint sensor and PIN pad"
@@ -153,7 +153,7 @@ before_script: | |||
javac -classpath jcardsim/target/jcardsim-3.0.5-SNAPSHOT.jar IsoApplet/src/net/pwendland/javacard/pki/isoapplet/*.java; | |||
echo "com.licel.jcardsim.card.applet.0.AID=F276A288BCFBA69D34F31001" > isoapplet_jcardsim.cfg; | |||
echo "com.licel.jcardsim.card.applet.0.Class=net.pwendland.javacard.pki.isoapplet.IsoApplet" >> isoapplet_jcardsim.cfg; | |||
echo "com.licel.jcardsim.card.ATR=3B80800101" >> isoapplet_jcardsim.cfg; | |||
echo "com.licel.jcardsim.card.ATR=3B8B8001805949736F4170706C6574BA" >> isoapplet_jcardsim.cfg; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do you choose this ATR? I think, IsoApplet doesn't require any specific one...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I chose this specific ATR for no reason, any unique one would do.
As I explained in my answer to @Jakuje, If you leave the stock ATR, then you can not initialize the token using PKCS#11 functions (C_InitToken & C_InitPin) as pkcs11_enable_InitToken
is taken from the card_atr 3B:80:80:01:01
section which "belongs" to one of the SmartCard-HSMs, unless of course you add pkcs11_enable_InitToken=yes
to that section...
Sigh, this seems to be a generic problem. Almost nowhere there's a check for Also, I think we should to change the return code to |
I think I've found all the missing checks. Could you check if #2049 works as well? I've also changed back the ATR; having the same ATR for different cards with different applets should not be a problem. |
per specification |
|
Thanks for the pointer, I've now checked the return of |
Right. And this brings me back to #1543. |
pkcs11-tool --init-pin ...
crashes if the card hasn't been initialized beforehand withpkcs11-tool --init-token ...
(or by any other means) as p15card == NULLTested on IsoApplet javacard.
Checklist