search

alonbl / gnupg-pkcs11-scd

PKCS#11 GnuPG SCD
http://gnupg-pkcs11.sourceforge.net/
Other
68 stars 17 forks source link

Command GETATTR APPTYPE and $DISPSERIALNO is not implemented #55

Closed olegshtch closed 1 year ago

olegshtch commented 1 year ago

When I trying to add subkey I got error:

gpg> addcardkey
gpg: key operation not possible: Invalid data

In log I see:

gnupg-pkcs11-scd[17167]: chan_0 <- GETATTR SERIALNO
gnupg-pkcs11-scd[17167.4179323968]: PKCS#11: pkcs11h_token_enumTokenIds entry method=1, p_token_id_list=0x7ffc0e12dc20
...
gnupg-pkcs11-scd[17167.4179323968]: PKCS#11: pkcs11h_token_freeTokenIdList return
gnupg-pkcs11-scd[17167]: chan_0 -> S SERIALNO D2760001240111503131B71F5E411111
gnupg-pkcs11-scd[17167]: chan_0 -> OK
gnupg-pkcs11-scd[17167]: chan_0 <- GETATTR APPTYPE
gnupg-pkcs11-scd[17167]: chan_0 -> ERR 79 Invalid data <Unspecified source>

Same for 

gnupg-pkcs11-scd[17167]: chan_0 <- GETATTR $DISPSERIALNO
gnupg-pkcs11-scd[17167]: chan_0 -> ERR 79 Invalid data <Unspecified source>

GnuPG version is 2.2.40

alonbl commented 1 year ago

Please try https://github.com/alonbl/gnupg-pkcs11-scd/tree/serial

olegshtch commented 1 year ago

Yes, it fixes unsupported command.

gnupg-pkcs11-scd[17360]: chan_0 <- GETATTR APPTYPE
gnupg-pkcs11-scd[17360]: chan_0 -> S APPTYPE PKCS11
gnupg-pkcs11-scd[17360]: chan_0 -> OK

Gpg now answers with:

gpg: key operation not possible: not an OpenPGP card
alonbl commented 1 year ago

No, it seems I've done something wrong with the serial number. Can you please send me a bit more of the log with all attributes?

olegshtch commented 1 year ago

I don't remember how I got gpg to call GETATTR $DISPSERIALNO. It isn't part of addcardkey.

alonbl commented 1 year ago

please provide full logs

olegshtch commented 1 year ago

I managed to create master key and subkeys and deleted logs after tries. Or do you need addcardkey logs?

alonbl commented 1 year ago

I will be happy to resolve this issue... I will be able to do this if you start fresh and confirm it is working :)

olegshtch commented 1 year ago

GETATTR $DISPSERIALNO was called with gpg --card-status --with-keygrip and was cached later. With clean ~/.gnupg/ folder I could reproduce the call.

gnupg-pkcs11-scd[4919]: chan_0 <- GETATTR $DISPSERIALNO
gnupg-pkcs11-scd[4919.2399018048]: PKCS#11: pkcs11h_token_enumTokenIds entry method=1, p_token_id_list=0x7ffd057028b0
gnupg-pkcs11-scd[4919.2399018048]: PKCS#11: _pkcs11h_session_getSlotList entry provider=0x561e86b62e80, token_present=1, pSlotList=0x7ffd05702778, pulCount=0x7ffd05702780
gnupg-pkcs11-scd[4919.2399018048]: PKCS#11: _pkcs11h_session_getSlotList return rv=0-'CKR_OK' *pulCount=1
gnupg-pkcs11-scd[4919.2399018048]: PKCS#11: _pkcs11h_token_getTokenId entry p_token_id=0x561e86c52ca8
gnupg-pkcs11-scd[4919.2399018048]: PKCS#11: _pkcs11h_token_newTokenId entry p_token_id=0x7ffd05702710
gnupg-pkcs11-scd[4919.2399018048]: PKCS#11: _pkcs11h_token_newTokenId return rv=0-'CKR_OK', *p_token_id=0x561e86c6f680
gnupg-pkcs11-scd[4919.2399018048]: PKCS#11: _pkcs11h_token_getTokenId return rv=0-'CKR_OK', *p_token_id=0x561e86c6f680
gnupg-pkcs11-scd[4919.2399018048]: PKCS#11: pkcs11h_token_enumTokenIds return rv=0-'CKR_OK', *p_token_id_list=0x7ffd057028b0
gnupg-pkcs11-scd[4919.2399018048]: PKCS#11: pkcs11h_token_serializeTokenId entry sz=(nil), *max=0000000000000000, token_id=0x561e86c6f680
gnupg-pkcs11-scd[4919.2399018048]: PKCS#11: pkcs11h_token_serializeTokenId return rv=0-'CKR_OK', *max=000000000000004e, sz='(null)'
gnupg-pkcs11-scd[4919.2399018048]: PKCS#11: pkcs11h_token_serializeTokenId entry sz=0x561e86b9e700, *max=000000000000004e, token_id=0x561e86c6f680
gnupg-pkcs11-scd[4919.2399018048]: PKCS#11: pkcs11h_token_serializeTokenId return rv=0-'CKR_OK', *max=000000000000004e, sz='Aktiv\x20Co\x2E/Rutoken\x20ECP/411d5727/Rutoken\x20ECP\x20\x3Cno\x20label\x3E'
gnupg-pkcs11-scd[4919.2399018048]: PKCS#11: pkcs11h_token_freeTokenIdList entry token_id_list=0x561e86c52ca0
gnupg-pkcs11-scd[4919.2399018048]: PKCS#11: pkcs11h_token_freeTokenId entry certificate_id=0x561e86c6f680
gnupg-pkcs11-scd[4919.2399018048]: PKCS#11: pkcs11h_token_freeTokenId return
gnupg-pkcs11-scd[4919.2399018048]: PKCS#11: pkcs11h_token_freeTokenIdList return
gnupg-pkcs11-scd[4919]: chan_0 -> S $DISPSERIALNO D2760001240111503131B71F5E411111
gnupg-pkcs11-scd[4919]: chan_0 -> OK
alonbl commented 1 year ago

Thanks, but I do not see the failure, it is very difficult to decipher the issue when you do not provide the full log.

olegshtch commented 1 year ago

Looks like not an OpenPGP card isn't related to the issue and unimplemented commands:

https://github.com/gpg/gnupg/blob/98c52aeb31f4bf2604727aacad982fb51c04063f/g10/card-util.c#L1254-L1266

alonbl commented 1 year ago

Correct, this why I wanted to see entire log as SERIALNO should be D2760001240111503131B71F5E411111 which meets required conditions. But once again you do not provide it.

olegshtch commented 1 year ago

SERAILNO was the same D2760001240111503131B71F5E411111 as I sent at start.

alonbl commented 1 year ago

Without FULL log, I cannot trace the sequence. Please debug this yourself based on the information you do not share and provide a patch. Also, I am unsure what version is 2.2.40 there is no tag of this version. I invested enough time.