Open sdzakic opened 4 years ago
Can you tell us more about this token, for example it’s make and model. What PKCS11 library you use with it.
Hi, it is from Croatian eID, it uses the following library: libEidPkcs11.dylib.zip Here is the card: https://en.wikipedia.org/wiki/Croatian_identity_card And here is theirs official website: http://eid.hr/en
Where is the library installed on your operating system; the fully qualified path would help.
Sorry, forgot to copy it:
/usr/local/lib/pkcs11/libEidPkcs11.dylib
{
"cards": [{
"atr": "3bff1300008131fe450031b9640444ecc17394018082900012",
"name": "Croatian eID",
"driver": "9007F496D91C254C5C2F84453B“
}],
"drivers": [{
"id": "9007F496D91C254C5C2F84453B",
"name": "Croatian eID",
"file": {
"linux": "/usr/local/lib/pkcs11/libEidPkcs11.dylib"
}
}]
}
In theory if you add this to your local card.json it will work; if it does we will add it to the distribution as a supported device.
This is on mac, i've added the following:
"cards": [{ "atr": "3BFF1300008131FE450031B9640444ECC17394018082900012", "name": "National Identity Document: Croatian eID", "driver": "9007F496D91C254C5C2F84453B" } ], "drivers": [ { "id": "9007F496D91C254C5C2F84453B", "name": "National Identity Document: Croatian eID", "file": { "osx": "/usr/local/lib/pkcs11/libEidPkcs11.dylib" } }]
but iI get the following error on card insert:
{ "message":"PCSCWatcher:Insert reader:'Alcor Micro AU9560' ATR:3bff1300008131fe450031b9640444ecc17394018082900012", "level":"info" }{ "message":"Provider:Token:Insert: reader:'Alcor Micro AU9560' name:'National Identity Document: Croatian eID' atr:3bff1300008131fe450031b9640444ecc17394018082900012", "level":"info" }{ "message":"Provider:Token:Insert: Loading PKCS#11 library from /usr/local/lib/pkcs11/libEidPkcs11.dylib", "level":"info" }{ "message":"Provider:Token:Insert: Looking for Alcor Micro AU9560 into 2 slot(s)", "level":"info" }{ "message":"Error: CKR_MECHANISM_INVALID:112\n at Error (native) C_GetMechanismInfo:279\n at Mechanism.getInfo (/Applications/Fortify.app/Contents/Resources/app/node_modules/graphene-pk11/build/mech.js:86:31)\n at new Mechanism (/Applications/Fortify.app/Contents/Resources/app/node_modules/graphene-pk11/build/mech.js:83:14)\n at MechanismCollection.items (/Applications/Fortify.app/Contents/Resources/app/node_modules/graphene-pk11/build/mech.js:101:16)\n at Object.getProviderInfo (/Applications/Fortify.app/Contents/Resources/app/node_modules/node-webcrypto-p11/build/utils.js:76:38)\n at Pkcs11Crypto.open (/Applications/Fortify.app/Contents/Resources/app/node_modules/node-webcrypto-p11/build/crypto.js:59:27)\n at new Crypto (/Applications/Fortify.app/Contents/Resources/app/node_modules/node-webcrypto-p11/build/crypto.js:42:14)\n at new Pkcs11Crypto (/Applications/Fortify.app/Contents/Resources/app/node_modules/@webcrypto-local/server/build/index.js:1892:9)\n at /Applications/Fortify.app/Contents/Resources/app/node_modules/@webcrypto-local/server/build/index.js:2221:40\n at Array.forEach (<anonymous>)\n at LocalProvider.onTokenInsert (/Applications/Fortify.app/Contents/Resources/app/node_modules/@webcrypto-local/server/build/index.js:2219:29)", "level":"error" }
It seems like the P11 library doesnt support KR_MECHANISM_INVALID:112\n at Error (native) C_GetMechanismInfo. We need @microshine to confirm what we can do.
It's very interesting
The application gets a list of mechanisms from the token and gets information about each mechanism.
Looks like your token returns some unsupported mechanisms. I think it's a libEidPkcs11.dylib
bug
I'll create a simple NodeJS application to test it
Test application https://github.com/microshine/fortify-issues-292
Returns a list of mechanisms
Slot:
Library: /usr/local/lib/softhsm/libsofthsm2.so
Handle: 0x80840a6900000000
Label: My slot 0
Manufacturer ID: SoftHSM
Description: Implementation of PKCS11
Version: v2.5
Mechanism #1
Name: MD5
Flags: 1024
Max key size: 0
Min key size: 0
Mechanism #2
Name: SHA_1
Flags: 1024
Max key size: 0
Min key size: 0
Mechanism #3
Name: SHA224
Flags: 1024
Max key size: 0
@sdzakic please run the test app and share output
Sorry for late response, here is my output:
Slot:
Library: /usr/local/lib/pkcs11/libEidPkcs11.dylib
Handle: 0x0100000000000000
Label: AKD eID Card (Identification)
Manufacturer ID: AKD
Description: AKD eID Middleware PKCS11
Version: v1.7
Mechanism #1
Name: RSA_PKCS
Flags: 2561
Max key size: 2048
Min key size: 1024
Mechanism #2
Name: RSA_X_509
Error: CKR_MECHANISM_INVALID:112
at Error (native) C_GetMechanismInfo:279
Mechanism #3
Name: SHA256_RSA_PKCS
Error: CKR_MECHANISM_INVALID:112
at Error (native) C_GetMechanismInfo:279
Mechanism #4
Name: MD5_RSA_PKCS
Error: CKR_MECHANISM_INVALID:112
at Error (native) C_GetMechanismInfo:279
Mechanism #5
Name: SHA1_RSA_PKCS
Error: CKR_MECHANISM_INVALID:112
at Error (native) C_GetMechanismInfo:279
Mechanism #6
Name: SHA256
Flags: 0
Max key size: 0
Min key size: 0
Mechanism #7
Name: MD5
Flags: 0
Max key size: 0
Min key size: 0
Mechanism #8
Name: SHA_1
Flags: 0
Max key size: 0
Min key size: 0
Reader name: Alcor Micro AU9560 ATR: 3BFF1300008131FE450031B9640444ECC17394018082900012
Smart card ATR parsing 3BFF1300008131FE450031B9640444ECC17394018082900012