[SmartcardServices-Users] Submitting patches for PIVToken.cpp bugs [Yubikey Neo]
david.lloyd at fsmail.net
david.lloyd at fsmail.net
Sat Oct 24 00:24:44 PDT 2015
Hi Shawn,
Thanks! I’m in contact with an engineer from Yubico, so I’ll raise a bug next week when they have had a chance to look at it. It could just be a bug in their PIV provisioning tools. At the
very least they shouldn’t be returning "Status: OK" if mandatory files are missing.
In any case, my current patch is to probe for the existence of the CCC, and if that isn’t found, use a HEX string derived from the CHUID instead (PIV cards missing both probably won’t work
anywhere!).
const size_t sz = sizeof(oidCardCapabilityContainer);
if (getDataExists(oidCardCapabilityContainer, sz, sDescripCardCapabilityContainer))
{
secdebug( "probe", "Look up Card Capability Container");
byte_string cccOid((const unsigned char *)oidCardCapabilityContainer, oidCardCapabilityContainer + sizeof(oidCardCapabilityContainer));
byte_string cccdata;
/*
Since probe is called before establish, securityd has not passed us
the cache directory yet, so we don't try to cache anything right now
*/
const bool allowCaching = false;
getDataCore(cccOid, "CCC", false, allowCaching, cccdata);
PIVCCC ccc(cccdata);
snprintf(tokenUid, TOKEND_MAX_UID, "PIV-%s", ccc.hexidentifier().c_str());
}
else
{
secdebug( "probe", "Look up CHUID");
byte_string chuidOid((const unsigned char *)oidCardHolderUniqueIdentifier,
oidCardHolderUniqueIdentifier + sizeof(oidCardHolderUniqueIdentifier));
byte_string chuidData;
const bool allowCaching = false;
getDataCore(chuidOid, "CHUID", false, allowCaching, chuidData);
CssmData data;
data.Data = &chuidData[0];
data.Length = MAX(chuidData.size(), TOKEND_MAX_UID/2 - 6);
snprintf(tokenUid, TOKEND_MAX_UID, "PIV-%s", data.toHex().c_str());
}
You also have a couple of “warnings as errors” fixes: this one at least is genuine in PIVToken::getDataExists
if(rx & 0xFF00 == SCARD_BYTES_LEFT_IN_SW2) return true; /* More bytes left */
should be:
if((rx & 0xFF00) == SCARD_BYTES_LEFT_IN_SW2) return true; /* More bytes left */
Just as a note: http://smartcardservices.macosforge.org seems to be down at the moment. Could you point me at your issue tracking web-page?
Regards,
David L
> Cc: "SmartCard Services-Users" <smartcardservices-users at lists.macosforge.org>
> Subject: Re: [SmartcardServices-Users] Submitting patches for PIVToken.cpp bugs [Yubikey Neo]
>
> David,
> If you haven’t already, can you submit a tick4et for this and I’ll see what I can do.
>
> - Shawn
More information about the SmartcardServices-Users
mailing list