Add support for '3bff1300008131fe450031b9640444ecc17394018082900012' token

[sdzakic]

Reader name: Alcor Micro AU9560 ATR: 3BFF1300008131FE450031B9640444ECC17394018082900012

{
   "cards": [{
    "atr": "3BFF1300008131FE450031B9640444ECC17394018082900012",
    "name": "Token name",
    "driver": "9007F496D91C254C5C2F84453B41D8DEC7BE21CC"
   }],
   "drivers": [{
    "id": "9007F496D91C254C5C2F84453B41D8DEC7BE21CC",
    "name": "Driver name",
    "file": {
        "windows": "path/to/pkcs11.dll",
        "osx": "path/to/pkcs11.dylib"
    }
   }]
}

Smart card ATR parsing 3BFF1300008131FE450031B9640444ECC17394018082900012

[rmhrisk]

Can you tell us more about this token, for example it’s make and model. What PKCS11 library you use with it.

[sdzakic]

Hi, it is from Croatian eID, it uses the following library: libEidPkcs11.dylib.zip Here is the card: https://en.wikipedia.org/wiki/Croatian_identity_card And here is theirs official website: http://eid.hr/en

[rmhrisk]

Where is the library installed on your operating system; the fully qualified path would help.

[sdzakic]

Sorry, forgot to copy it:

/usr/local/lib/pkcs11/libEidPkcs11.dylib

[rmhrisk]

{
   "cards": [{
    "atr": "3bff1300008131fe450031b9640444ecc17394018082900012",
    "name": "Croatian eID",
    "driver": "9007F496D91C254C5C2F84453B“
   }],
   "drivers": [{
    "id": "9007F496D91C254C5C2F84453B",
    "name": "Croatian eID",
    "file": {
        "linux": "/usr/local/lib/pkcs11/libEidPkcs11.dylib"
    }
   }]
}

In theory if you add this to your local card.json it will work; if it does we will add it to the distribution as a supported device.

[sdzakic]

This is on mac, i've added the following: "cards": [{ "atr": "3BFF1300008131FE450031B9640444ECC17394018082900012", "name": "National Identity Document: Croatian eID", "driver": "9007F496D91C254C5C2F84453B" } ], "drivers": [ { "id": "9007F496D91C254C5C2F84453B", "name": "National Identity Document: Croatian eID", "file": { "osx": "/usr/local/lib/pkcs11/libEidPkcs11.dylib" } }]

but iI get the following error on card insert:

{ "message":"PCSCWatcher:Insert reader:'Alcor Micro AU9560' ATR:3bff1300008131fe450031b9640444ecc17394018082900012", "level":"info" }{ "message":"Provider:Token:Insert: reader:'Alcor Micro AU9560' name:'National Identity Document: Croatian eID' atr:3bff1300008131fe450031b9640444ecc17394018082900012", "level":"info" }{ "message":"Provider:Token:Insert: Loading PKCS#11 library from /usr/local/lib/pkcs11/libEidPkcs11.dylib", "level":"info" }{ "message":"Provider:Token:Insert: Looking for Alcor Micro AU9560 into 2 slot(s)", "level":"info" }{ "message":"Error: CKR_MECHANISM_INVALID:112\n at Error (native) C_GetMechanismInfo:279\n at Mechanism.getInfo (/Applications/Fortify.app/Contents/Resources/app/node_modules/graphene-pk11/build/mech.js:86:31)\n at new Mechanism (/Applications/Fortify.app/Contents/Resources/app/node_modules/graphene-pk11/build/mech.js:83:14)\n at MechanismCollection.items (/Applications/Fortify.app/Contents/Resources/app/node_modules/graphene-pk11/build/mech.js:101:16)\n at Object.getProviderInfo (/Applications/Fortify.app/Contents/Resources/app/node_modules/node-webcrypto-p11/build/utils.js:76:38)\n at Pkcs11Crypto.open (/Applications/Fortify.app/Contents/Resources/app/node_modules/node-webcrypto-p11/build/crypto.js:59:27)\n at new Crypto (/Applications/Fortify.app/Contents/Resources/app/node_modules/node-webcrypto-p11/build/crypto.js:42:14)\n at new Pkcs11Crypto (/Applications/Fortify.app/Contents/Resources/app/node_modules/@webcrypto-local/server/build/index.js:1892:9)\n at /Applications/Fortify.app/Contents/Resources/app/node_modules/@webcrypto-local/server/build/index.js:2221:40\n at Array.forEach (<anonymous>)\n at LocalProvider.onTokenInsert (/Applications/Fortify.app/Contents/Resources/app/node_modules/@webcrypto-local/server/build/index.js:2219:29)", "level":"error" }

[rmhrisk]

It seems like the P11 library doesnt support KR_MECHANISM_INVALID:112\n at Error (native) C_GetMechanismInfo. We need @microshine to confirm what we can do.

[microshine]

It's very interesting

The application gets a list of mechanisms from the token and gets information about each mechanism.

Looks like your token returns some unsupported mechanisms. I think it's a libEidPkcs11.dylib bug

I'll create a simple NodeJS application to test it

[microshine]

Test application https://github.com/microshine/fortify-issues-292

Returns a list of mechanisms

Slot:
 Library: /usr/local/lib/softhsm/libsofthsm2.so
 Handle: 0x80840a6900000000
 Label: My slot 0
 Manufacturer ID: SoftHSM
 Description: Implementation of PKCS11
 Version: v2.5

Mechanism #1
  Name: MD5
  Flags: 1024
  Max key size: 0
  Min key size: 0
Mechanism #2
  Name: SHA_1
  Flags: 1024
  Max key size: 0
  Min key size: 0
Mechanism #3
  Name: SHA224
  Flags: 1024
  Max key size: 0

[rmhrisk]

@sdzakic please run the test app and share output

[sdzakic]

Sorry for late response, here is my output:

Slot:
 Library: /usr/local/lib/pkcs11/libEidPkcs11.dylib
 Handle: 0x0100000000000000
 Label: AKD eID Card (Identification)
 Manufacturer ID: AKD
 Description: AKD eID Middleware PKCS11
 Version: v1.7

Mechanism #1
  Name: RSA_PKCS
  Flags: 2561
  Max key size: 2048
  Min key size: 1024
Mechanism #2
  Name: RSA_X_509
  Error: CKR_MECHANISM_INVALID:112
    at Error (native) C_GetMechanismInfo:279
Mechanism #3
  Name: SHA256_RSA_PKCS
  Error: CKR_MECHANISM_INVALID:112
    at Error (native) C_GetMechanismInfo:279
Mechanism #4
  Name: MD5_RSA_PKCS
  Error: CKR_MECHANISM_INVALID:112
    at Error (native) C_GetMechanismInfo:279
Mechanism #5
  Name: SHA1_RSA_PKCS
  Error: CKR_MECHANISM_INVALID:112
    at Error (native) C_GetMechanismInfo:279
Mechanism #6
  Name: SHA256
  Flags: 0
  Max key size: 0
  Min key size: 0
Mechanism #7
  Name: MD5
  Flags: 0
  Max key size: 0
  Min key size: 0
Mechanism #8
  Name: SHA_1
  Flags: 0
  Max key size: 0
  Min key size: 0