IASECC/CPX: fix path errors #2278
Conversation
On a CPX, this object needs to be read from 3F00. For instance: $ opensc-explorer -r 2 OpenSC [3F00]> cd 0002 OpenSC [3F00/0002]> apdu 00 CB 3F FF 0A 4D 08 70 06 BF FB 05 02 7B 80 Sending: 00 CB 3F FF 0A 4D 08 70 06 BF FB 05 02 7B 80 Received (SW1=0x6A, SW2=0x88) Failure: Data object not found OpenSC [3F00/0002]> apdu 00 A4 09 04 02 3F 00 Sending: 00 A4 09 04 02 3F 00 Received (SW1=0x90, SW2=0x00) Success! OpenSC [3F00/0002]> apdu 00 CB 3F FF 0A 4D 08 70 06 BF FB 05 02 7B 80 Sending: 00 CB 3F FF 0A 4D 08 70 06 BF FB 05 02 7B 80 Received (SW1=0x90, SW2=0x00) Success! Currently, this patch limits to the CPX cards since I cannot know the behaviour for the other cards. I could not find any reference from the standard. Fix: issue OpenSC#2275
Some objects need to be read from a specific path. IASECC_SDO_PRVKEY_TAG: from 3F00:0001 IASECC_SDO_CHV_TAG: from 3F00
vjardin
force-pushed
the
fixIaseccPathErrors
branch
from
f781a51
to
2c88f9d
Compare
|
I'm puzzled! I thought that by including #2217, the basic functionality of your card would be working (i.e. you can use all your private keys with Looking at |
|
Right, using #2217, it was good enough in order to use some legacy PKCS11 applications (such as php-pkcs11). Then, I started to deep dive into the logs and I found some strange behaviors (eg 6A 88) that are not show stopper. Digging deeper, these patches became required in order to avoid some fallback behavior of the iasecc driver. I have isolated these 2 patches in order to ease the review and comments in order to fix the issue "IASECC/CPX: get SE data error - 6A 88" #2275 and to be focus only with this issue #2275 |
|
Great. Thank you. |
From runtime, it shows that the path needs to be set specifically in order to read these objects.