Bug 981462 - ePass2003 not working
ePass2003 not working
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: opensc (Show other bugs)
19
x86_64 Linux
medium Severity unspecified
: ---
: ---
Assigned To: Nikos Mavrogiannopoulos
Fedora Extras Quality Assurance
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-04 15:43 EDT by Kjetil Nygård
Modified: 2014-01-09 02:38 EST (History)
9 users (show)

See Also:
Fixed In Version: opensc-0.13.0-10.fc20
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-01-09 02:38:23 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Spec file with my changes. (14.95 KB, text/x-rpm-spec)
2013-07-04 15:43 EDT, Kjetil Nygård
no flags Details

  None (edit)
Description Kjetil Nygård 2013-07-04 15:43:54 EDT
Created attachment 768977 [details]
Spec file with my changes.

Description of problem:
I tried to use my newly purchased ePass2003 USB token. It did not work.
I tried the same chip in Ubuntu 12.04, with the opensc-version provided by gooze.eu. Then it worked.

After I adjusted the specs file (added 

Version-Release number of selected component (if applicable):
0.13.0

How reproducible:
It was reproducible on two different machines.


Steps to Reproduce:
1. Install package from f19.
2. The following commands give an error:
  a) pkcs15-init -E
  b) pkcs15-init --^Ceate-pkcs15 --profile pkcs15+onepin --use-default-transport-key --pin 0000 --puk 111111 --label "Donald Duck"
  c) pkcs15-tool --dump
3. The 'pkcs15-tool --dump' crashed also after I had initialized the card with Ubuntu.


Actual results:
Complaints that is unsupported.

Expected results:
a) Wipe the key
b) initialize the key.
c) show that it is initialized.


Additional info:
To make it work, I had to do two tings:
 i)  Patched spec file. (Removed the patch0 from the SRPM)
 ii) Updated to the latest source from git://github.com/OpenSC/OpenSC.git:
      commit: 962cba98db36cfe39f9b977cf69f4e98149aca99

I have not bisected it to find out where it is fixed.
Comment 1 Enrico Scholz 2013-08-20 07:29:58 EDT
There seems to be required an '--enable-sm' configure option to make this work.
Comment 2 Chris K. 2013-12-20 05:01:32 EST
Is there a reason why this is not fixed in F20? We have to compile our own sources since ages... :(
Thanks in advance!
Comment 3 Nikos Mavrogiannopoulos 2013-12-20 10:32:43 EST
I understand that upstream is slow on updates (it seems they make a release per year), however I am not sure that we should take their role and release an arbitrary git version in Fedora.
Comment 4 Chris K. 2013-12-24 22:29:09 EST
Happy holidays and sorry for the lack of input on my previous post.
I'm not quite sure about timing - there has been a lot on- and off I know, and I'm only "the middle- man" - but the initial support has been pushed 2 years ago: https://github.com/OpenSC/OpenSC/pull/57?source=cc
...and there's a page describing the support for it (edited 3 days ago): https://github.com/OpenSC/OpenSC/wiki/Feitian-ePass2003

I installed the latest sources from git (not an arbitrary version ;) ) and it works fine WITH the --enable-sm switch.
I am waiting for a response why this is disabled by default: https://github.com/OpenSC/OpenSC/issues/200

Thanks in advance,
Regards Chris
Comment 5 Nikos Mavrogiannopoulos 2013-12-26 06:55:20 EST
Hello, I've enabled the --enable-sm switch in rawhide, but nevertheless my epass2003 wouldn't work. That's why I closed the bug as won't fix. There may be issues with my epass though. If you could verify that the rawhide version works for your epass2003 I'll backport it to f20.
Comment 6 Chris K. 2013-12-27 05:27:56 EST
OK I see where you're coming from. I digged through the patches, and adding the the following to the spec file will 'make it right' (together with the --enable-sm option): 717a38bcaa615e57cb3546a927c6d6bf16439643 - Merge pull request #136 from zhalas/epass2003_fix_padding

As per below it only edits the card-epass2003.c file, not sure whether that's OK to implement...

Patch reading:

diff --git a/src/libopensc/card-epass2003.c b/src/libopensc/card-epass2003.c
index 80088b9..6f04573 100644
--- a/src/libopensc/card-epass2003.c
+++ b/src/libopensc/card-epass2003.c
@@ -117,8 +117,8 @@ openssl_enc(const EVP_CIPHER * cipher, const unsigned char *key, const unsigned
 
 	memcpy(iv_tmp, iv, EVP_MAX_IV_LENGTH);
 	EVP_CIPHER_CTX_init(&ctx);
-	EVP_CIPHER_CTX_set_padding(&ctx, 0);
 	EVP_EncryptInit_ex(&ctx, cipher, NULL, key, iv_tmp);
+	EVP_CIPHER_CTX_set_padding(&ctx, 0);
 
 	if (!EVP_EncryptUpdate(&ctx, output, &outl, input, length))
 		goto out;
@@ -146,8 +146,8 @@ openssl_dec(const EVP_CIPHER * cipher, const unsigned char *key, const unsigned
 
 	memcpy(iv_tmp, iv, EVP_MAX_IV_LENGTH);
 	EVP_CIPHER_CTX_init(&ctx);
-	EVP_CIPHER_CTX_set_padding(&ctx, 0);
 	EVP_DecryptInit_ex(&ctx, cipher, NULL, key, iv_tmp);
+	EVP_CIPHER_CTX_set_padding(&ctx, 0);
 
 	if (!EVP_DecryptUpdate(&ctx, output, &outl, input, length))
 		goto out;


Thanks for the effort either way,
Cheers Chris
Comment 7 Fedora Update System 2014-01-02 04:32:27 EST
opensc-0.13.0-9.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/opensc-0.13.0-9.fc20
Comment 8 Fedora Update System 2014-01-03 03:42:48 EST
Package opensc-0.13.0-9.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing opensc-0.13.0-9.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-0091/opensc-0.13.0-9.fc20
then log in and leave karma (feedback).
Comment 9 Danilo Câmara 2014-01-03 17:43:02 EST
I'm following this bug since I installed Fedora 19 and my Aventra MyEID PKI card stop working. I understand this bug is for ePass2003.

opensc-0.13.0-9.fc20.x86_64 doesn't work for me, I still get the message:

# opensc-tool --atr
Using reader with a card: OMNIKEY AG CardMan 3121 00 00
Failed to connect to card: Unresponsive card (correctly inserted?)

I have Fedora 18 updated and installed in a virtual machine (opensc-0.12.2-6.fc18.x86_64) and it works fine.
Comment 10 Danilo Câmara 2014-01-03 20:05:39 EST
(In reply to Danilo Câmara from comment #9)
> I'm following this bug since I installed Fedora 19 and my Aventra MyEID PKI
> card stop working. I understand this bug is for ePass2003.
> 
> opensc-0.13.0-9.fc20.x86_64 doesn't work for me, I still get the message:
> 
> # opensc-tool --atr
> Using reader with a card: OMNIKEY AG CardMan 3121 00 00
> Failed to connect to card: Unresponsive card (correctly inserted?)
> 
> I have Fedora 18 updated and installed in a virtual machine
> (opensc-0.12.2-6.fc18.x86_64) and it works fine.

The solution to MyEID is described here:
https://github.com/OpenSC/OpenSC/wiki/Aventra-MyEID-PKI-card#0130-myeidprofile-error
https://github.com/OpenSC/OpenSC/issues/120

Applied the patch as in:
https://github.com/OpenSC/OpenSC/commit/58679a5

and now opensc-0.13.0-9.fc20.x86_64 works for me.
Comment 11 Nikos Mavrogiannopoulos 2014-01-04 11:01:54 EST
(In reply to Danilo Câmara from comment #10)
> (In reply to Danilo Câmara from comment #9)
> > I'm following this bug since I installed Fedora 19 and my Aventra MyEID PKI
> > card stop working. I understand this bug is for ePass2003.
> > 
> > opensc-0.13.0-9.fc20.x86_64 doesn't work for me, I still get the message:
> > 
> > # opensc-tool --atr
> > Using reader with a card: OMNIKEY AG CardMan 3121 00 00
> > Failed to connect to card: Unresponsive card (correctly inserted?)
> > 
> > I have Fedora 18 updated and installed in a virtual machine
> > (opensc-0.12.2-6.fc18.x86_64) and it works fine.
> 
> The solution to MyEID is described here:
> https://github.com/OpenSC/OpenSC/wiki/Aventra-MyEID-PKI-card#0130-
> myeidprofile-error
> https://github.com/OpenSC/OpenSC/issues/120
> 
> Applied the patch as in:
> https://github.com/OpenSC/OpenSC/commit/58679a5
> 
> and now opensc-0.13.0-9.fc20.x86_64 works for me.

Could you open a new bug with the information above about this card?
Comment 12 Danilo Câmara 2014-01-05 06:28:07 EST
(In reply to Nikos Mavrogiannopoulos from comment #11)
> Could you open a new bug with the information above about this card?

https://bugzilla.redhat.com/show_bug.cgi?id=1048576
Comment 13 Fedora Update System 2014-01-06 08:25:30 EST
opensc-0.13.0-10.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/opensc-0.13.0-10.fc20
Comment 14 Chris K. 2014-01-06 22:09:39 EST
Great this is fixed, able to see the serial number correctly which was addressed by this bug (tested with opensc-0.13.0-7 and opensc-0.13.0-9)
Thanks very much!
Comment 15 Fedora Update System 2014-01-09 02:38:23 EST
opensc-0.13.0-10.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.