[SmartcardServices-Users] Submitting patches for PIVToken.cpp bugs [Yubikey Neo]

Shawn Geddis geddis at icloud.com
Fri Oct 23 19:36:06 PDT 2015 

David,
If you haven’t already, can you submit a tick4et for this and I’ll see what I can do.  

- Shawn
_____________________________________________________________________
Shawn Geddis				  			        geddis at {Mac | Me | iCloud} dot com
Security and Certifications Engineer, Apple                geddis at { apple } dot com

Smart Card Services  Project/Dev Lead:                                                                                 
				Project Wiki:		          [http://smartcardservices.macosforge.org <http://smartcardservices.macosforge.org/>]
				Mailing Lists:		         [Lists.MacOSForge.Org/mailman/listinfo <http://lists.macosforge.org/mailman/listinfo>]
				SCS Contact:				           [scs-cotact at macosforge.org <mailto:scs-cotact at macosforge.org>]
				SCS Admin:				           [scs-admin at macosforge.org <mailto:scs-admin at macosforge.org>]
_____________________________________________________________________

> On Oct 23, 2015, at 1:09 PM, david.lloyd at fsmail.net wrote:
> 
> Hi,
> 
> I have been doing a little bit of debugging with the YubiKey Neo PIV card USB dongles on MacOSX (http://www.amazon.com/Yubico-Y-072-YubiKey-NEO/dp/B00LX8KZZ8/ref=sr_1_1?
> ie=UTF8&qid=1445630304&sr=8-1&keywords=Yubikey+neo).
> 
> It looks like they aren't 100% PIV compliant, and they are falling over in PIVToken.cpp::probe()...
> 
> 
> 			byte_string cccOid((const unsigned char *)oidCardCapabilityContainer, oidCardCapabilityContainer + sizeof(oidCardCapabilityContainer));
> 			byte_string cccdata;
> 			getDataCore(cccOid, "CCC", false, true, cccdata);
> 			PIVCCC ccc(cccdata);
> 
> 
> They do not return the CardCapabilityContainer here (although interestingly enough the other ADPU calls do return certificates at this point!).
> 
> You can reproduce this by running opensc-explorer and issuing:
>    apdu 0 cb 3f ff 5 5c 3 5f c1 7
> This returns 0x6a82 (file not found).
> 
> This call, however:
>    apdu 0 cb 3f ff 5 5c 3 5f c1 5
> 
> Returns the X509 certificate correctly.
> 
> 
> If I disable the probe call to GetDataCore for the CardCapabilityContainer, the device works correctly in Safari.
> 
> 
> I have reported the issue to Yubico, but I am interested to see if you have any recommendations as to how to patch this in TokenD.  You have a "GetDataExists" method in there which would 
> prevent the exception.  I guess that you need a unique ID for the smart card in probe though (would the CHUID be an alternative choice - that works?)
> 
> Let me know what you thing!
> 
> DDD
> _______________________________________________
> SmartcardServices-Users mailing list
> SmartcardServices-Users at lists.macosforge.org
> https://lists.macosforge.org/mailman/listinfo/smartcardservices-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20151023/1ed9ba86/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4457 bytes
Desc: not available
URL: <https://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20151023/1ed9ba86/attachment.p7s>

More information about the SmartcardServices-Users mailing list