OpenSC 0.13 and FireFox

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

OpenSC 0.13 and FireFox

Alex Samorukov
Hi,

After upgrading to OpenSC 0.13 i found that pkcs11 auth in FF is not
working anymore. I was able to find and fix the reason, could someone
from developers please take a look on this?

https://github.com/OpenSC/OpenSC/issues/173



------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: OpenSC 0.13 and FireFox

Douglas E. Engert


On 7/20/2013 5:03 AM, Alex Samorukov wrote:
> Hi,
>
> After upgrading to OpenSC 0.13 i found that pkcs11 auth in FF is not
> working anymore. I was able to find and fix the reason, could someone
> from developers please take a look on this?
>
> https://github.com/OpenSC/OpenSC/issues/173

This sounds more like a problem with your card, or the way your
card was initialized.

Your fix does not fix the basic problem, of why when the card
was initialized, the two Auth IDs are different.

Have you looked at how your card was initialization was done?

Can you find where the two authIDs are created?

Why are they different lengths?



>
>
>
> ------------------------------------------------------------------------------
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: OpenSC 0.13 and FireFox

Anders Rundgren
In reply to this post by Alex Samorukov
On 2013-07-20 12:03, Alex Samorukov wrote:
> Hi,
>
> After upgrading to OpenSC 0.13 i found that pkcs11 auth in FF is not
> working anymore. I was able to find and fix the reason, could someone
> from developers please take a look on this?
>
> https://github.com/OpenSC/OpenSC/issues/173

We should be happy that for example the disk industry didn't adopt the concept
that "all hard drives are unique and needs unique settings and/or middleware".

Anders

>
>
>
> ------------------------------------------------------------------------------
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>


------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: OpenSC 0.13 and FireFox

Alex Samorukov
On 07/22/2013 04:44 PM, Anders Rundgren wrote:

> On 2013-07-20 12:03, Alex Samorukov wrote:
>> Hi,
>>
>> After upgrading to OpenSC 0.13 i found that pkcs11 auth in FF is not
>> working anymore. I was able to find and fix the reason, could someone
>> from developers please take a look on this?
>>
>> https://github.com/OpenSC/OpenSC/issues/173
> We should be happy that for example the disk industry didn't adopt the concept
> that "all hard drives are unique and needs unique settings and/or middleware".
Thank you for reply:

1) Card was formatted using Windows utility and working correctly in it.
2) Card was working in 0.12.2 because we were adding _all_ keys, not
only matched.
3) Card is working good in Windows with native drivers, so it is kind of
"designed" behavior.

Now situation is very simple - there is a regression in the Fetian card
support. I am completely agree that it does not look right (different
length), but its the way it was working before. Unfortunately we cant
compare situation with hard drives, because with smart-cards situation
is very different. I cant now reformat this card (because i am storing
private key in it) but i will ask seller to provide dump from the card
formatted in the OpenSC.  May be we should add some kind of quirks to
the driver definition? It would be great to have this fixed. Without
this fix it is not possible to use card in Java apps or Firefox/Thunderbird.


------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: OpenSC 0.13 and FireFox

Alex Samorukov
In reply to this post by Douglas E. Engert
On 07/22/2013 04:26 PM, Douglas E. Engert wrote:

>> Hi,
>>
>> After upgrading to OpenSC 0.13 i found that pkcs11 auth in FF is not
>> working anymore. I was able to find and fix the reason, could someone
>> from developers please take a look on this?
>>
>> https://github.com/OpenSC/OpenSC/issues/173
> This sounds more like a problem with your card, or the way your
> card was initialized.
>
> Your fix does not fix the basic problem, of why when the card
> was initialized, the two Auth IDs are different.
>
> Have you looked at how your card was initialization was done?
>
> Can you find where the two authIDs are created?
>
> Why are they different lengths?
>
>
This card was formatted by official windows software for Fetian and it
works correctly with it. I cant reformat the card with OpenSC now but i
will ask for dumps in the official forum.

------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: OpenSC 0.13 and FireFox

Douglas E. Engert


On 7/22/2013 12:53 PM, Alex Samorukov wrote:

> On 07/22/2013 04:26 PM, Douglas E. Engert wrote:
>>> Hi,
>>>
>>> After upgrading to OpenSC 0.13 i found that pkcs11 auth in FF is not
>>> working anymore. I was able to find and fix the reason, could someone
>>> from developers please take a look on this?
>>>
>>> https://github.com/OpenSC/OpenSC/issues/173
>> This sounds more like a problem with your card, or the way your
>> card was initialized.
>>
>> Your fix does not fix the basic problem, of why when the card
>> was initialized, the two Auth IDs are different.
>>
>> Have you looked at how your card was initialization was done?
>>
>> Can you find where the two authIDs are created?
>>
>> Why are they different lengths?
>>
>>
> This card was formatted by official windows software for Fetian and it works correctly with it. I cant reformat the card with OpenSC now but i will ask for dumps in the official forum.
>

So should this fix be in the Fetian drive only?

The problem I have with your patch is it applies to all cards
but the problem appears to be in the Fetian card or maybe
in the driver.

When you run the test on 0.12, do the AuthID show up as
two different lengths?





--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: OpenSC 0.13 and FireFox

Alex Samorukov
On 07/22/2013 11:27 PM, Douglas E. Engert wrote:

>
>>> When you run the test on 0.12, do the AuthID show up as
>>> two different lengths?
>> Yes, it is. Only difference in .12 is that code logic will add all
>> keys anyway (and this code was removed in .13). But this check will
>> fail as well.
>>
>
> So the change should be to add all the keys back in, and try and
> accommodate the
> difference for the Fetian card?
Done, in https://github.com/OpenSC/OpenSC/pull/174/files. I tested this
patch and it works for me. I don`t think that we need to add all keys
like before because it does looks to be good. This workaround addressing
only this specific issue.


------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: OpenSC 0.13 and FireFox

Douglas E. Engert
OK, your mod looks better. I will let others continue the review
and update process.


On 7/23/2013 4:31 AM, Alex Samorukov wrote:

> On 07/22/2013 11:27 PM, Douglas E. Engert wrote:
>>
>>>> When you run the test on 0.12, do the AuthID show up as
>>>> two different lengths?
>>> Yes, it is. Only difference in .12 is that code logic will add all
>>> keys anyway (and this code was removed in .13). But this check will
>>> fail as well.
>>>
>>
>> So the change should be to add all the keys back in, and try and
>> accommodate the
>> difference for the Fetian card?
> Done, in https://github.com/OpenSC/OpenSC/pull/174/files. I tested this
> patch and it works for me. I don`t think that we need to add all keys
> like before because it does looks to be good. This workaround addressing
> only this specific issue.
>
>
> ------------------------------------------------------------------------------
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: OpenSC 0.13 and FireFox

Jean-Michel Pouré - GOOZE
In reply to this post by Alex Samorukov
Le mardi 23 juillet 2013 à 11:31 +0200, Alex Samorukov a écrit :
> Done, in https://github.com/OpenSC/OpenSC/pull/174/files. I tested
> this
> patch and it works for me. I don`t think that we need to add all keys
> like before because it does looks to be good. This workaround
> addressing
> only this specific issue.

Thanks for this patch.
I will try and report.

Kind regards,
--
                  Jean-Michel Pouré - Gooze - http://www.gooze.eu

------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent
caught up. So what steps can you take to put your SQL databases under
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

smime.p7s (7K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: OpenSC 0.13 and FireFox

Alex Samorukov
On 08/03/2013 10:47 AM, Jean-Michel Pouré - GOOZE wrote:

> Le mardi 23 juillet 2013 à 11:31 +0200, Alex Samorukov a écrit :
>> Done, in https://github.com/OpenSC/OpenSC/pull/174/files. I tested
>> this
>> patch and it works for me. I don`t think that we need to add all keys
>> like before because it does looks to be good. This workaround
>> addressing
>> only this specific issue.
> Thanks for this patch.
> I will try and report.
>
>
Thank you. Please also see notes in [1], it would be great to get it
resolved somehow. Now i reformatted card using OpenSC but at least
website claim r/o compatibility with Windows tool, so it would be great
to have it in recent version.

[1] https://github.com/OpenSC/OpenSC/issues/173

------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent
caught up. So what steps can you take to put your SQL databases under
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel