Belgian ID card getCertificate response does not reach back to browser

[smartman]

During signing there can happen that certificates are read from Belgian ID card. Certificate selection popup is show and according to the log certificate is sent back to the Chrome. However window.hwcrypto.getCertificate() promise never resolves nor fails. Immediately after sending message to the browser the native component gets empty request somewhere.

What could be intercepting the message to Chrome and replying with empty message?

Windows 10. Estonian and Belgian software installed. Happens in Chrome and Edge.

2020-09-06 17:29:19 main() [chrome-token-signing.cpp:63] Parsing input... 2020-09-06 17:29:19 readMessage() [chrome-token-signing.cpp:43] Request(115): {"type":"CERT","lang":"EST","nonce":"vm6wmx92cbz5ufj8","src":"page.js","origin":"https://id.eideasy.com","tab":475} 2020-09-06 17:29:19 atrList() [pkcs11path.cpp:69] found reader: Generic USB Smart Card Reader 0 2020-09-06 17:29:19 atrList() [pkcs11path.cpp:82] Set ATR = 3B9813400AA503010101AD1311 for reader Generic USB Smart Card Reader 0 2020-09-06 17:29:21 getCert() [nativecertificateselector.cpp:80] Certificate added to the memory store. 2020-09-06 17:30:21 sendMessage() [chrome-token-signing.cpp:51] Response(3654) { "api": 1, "cert": "308...067", "nonce": "vm6wmx92cbz5ufj8", "result": "ok" }

2020-09-06 17:30:21 main() [chrome-token-signing.cpp:63] Parsing input... 2020-09-06 17:30:21 readMessage() [chrome-token-signing.cpp:43] Request(0):
2020-09-06 17:30:21 main() [chrome-token-signing.cpp:113] Handling exception: invalid_argument 2020-09-06 17:30:21 sendMessage() [chrome-token-signing.cpp:51] Response(54) { "message": null, "result": "invalid_argument" }

[metsma]

Can you debug background.js extension and see what is logged there to console output?

[smartman]

I have managed to see same issue with multiple people on different machines with Belgian cards for now. Testing on https://hwcrypto.github.io/hwcrypto.js/sign.html

Background page log

background.js:125 DONE 372
background.js:169 SEND 372: {"type":"VERSION","nonce":"zzfjwqes3ptpr2hm","src":"page.js","origin":"https://hwcrypto.github.io","tab":372}
background.js:174 OPEN 372: ee.ria.esteid
background.js:169 SEND 372: {"type":"CERT","lang":"en","filter":"SIGN","nonce":"e4qs28jqe554tlgw","src":"page.js","origin":"https://hwcrypto.github.io","tab":372}
background.js:183 RECV 372: {"api":1,"nonce":"zzfjwqes3ptpr2hm","result":"ok","version":"1.1.2.520"}
background.js:191 QUIT 372
_generated_background_page.html:1 Unchecked runtime.lastError: Error when communicating with the native messaging host.

chrome-signing.log

2020-09-08 09:43:16 main() [chrome-token-signing.cpp:63] Parsing input...
2020-09-08 09:43:16 readMessage() [chrome-token-signing.cpp:43] Request(109): {"type":"VERSION","nonce":"zzfjwqes3ptpr2hm","src":"page.js","origin":"https://hwcrypto.github.io","tab":372} 
2020-09-08 09:43:16 sendMessage() [chrome-token-signing.cpp:51] Response(88) {
    "api": 1,
    "nonce": "zzfjwqes3ptpr2hm",
    "result": "ok",
    "version": "1.1.2.520" 
} 

2020-09-08 09:43:16 main() [chrome-token-signing.cpp:63] Parsing input...
2020-09-08 09:43:16 readMessage() [chrome-token-signing.cpp:43] Request(134): {"type":"CERT","lang":"en","filter":"SIGN","nonce":"e4qs28jqe554tlgw","src":"page.js","origin":"https://hwcrypto.github.io","tab":372} 
2020-09-08 09:43:16 atrList() [pkcs11path.cpp:69] found reader: Generic USB Smart Card Reader 0
2020-09-08 09:43:16 atrList() [pkcs11path.cpp:82] Set ATR = 3B9813400AA503010101AD1311 for reader Generic USB Smart Card Reader 0
2020-09-08 09:43:17 getCert() [nativecertificateselector.cpp:80] Certificate added to the memory store.
2020-09-08 09:43:27 sendMessage() [chrome-token-signing.cpp:51] Response(3654) {
    "api": 1,
    "cert": "308...AD7",
    "nonce": "e4qs28jqe554tlgw",
    "result": "ok" 
} 

2020-09-08 09:43:27 main() [chrome-token-signing.cpp:63] Parsing input...
2020-09-08 09:43:27 readMessage() [chrome-token-signing.cpp:43] Request(0):  
2020-09-08 09:43:27 main() [chrome-token-signing.cpp:113] Handling exception: invalid_argument
2020-09-08 09:43:27 sendMessage() [chrome-token-signing.cpp:51] Response(54) {
    "message": null,
    "result": "invalid_argument" 
} 

[metsma]

Does this happen some specific combination? Belgium card version? middleware version? Can you reproduce with Firefox?

[smartman]

Fails same way in Chrome, Firefox and Edge. Windows 10 Version 1909 JavaScript 8.5.210.20 Chrome 85 Latest Belgium eID middleware installed today. Latest Estonian eID software package reinstalled today.

Will help this guy to test on Mac and Linux also.

[metsma]

Is this the new card? https://github.com/Fedict/eid-mw/wiki/Applet-1.8

[smartman]

This specific card was issued in December 2018 so its old Applet 1.7

[smartman]

After further testing the signing certificate reading works in Windows 7 and Ubuntu 18.04. It fails in macOS 10.15 Catalina and Windows 10 (at least 4 different machines).

In Windows 10 the error is "Error when communicating with the native messaging host."

In MacOS the error is

2020-09-21 18:23:17 [844] main_block_invoke() [chrome-host.mm:80] Message size: 107
2020-09-21 18:23:17 [844] main_block_invoke() [chrome-host.mm:95] Message (107): {"type":"VERSION","nonce":"1nfb2pvcmpfhbhgb","src":"page.js","origin":"https://hwcrypto.github.io","tab":3}
2020-09-21 18:23:17 [844] write() [chrome-host.mm:38] Response(72) {"result":"ok","nonce":"1nfb2pvcmpfhbhgb","ver":1,"version":"1.1.2.520"}
2020-09-21 18:23:17 [844] main_block_invoke() [chrome-host.mm:80] Message size: 116
2020-09-21 18:23:17 [844] main_block_invoke() [chrome-host.mm:95] Message (116): {"type":"CERT","lang":"en","nonce":"t9qgutspzfaeubii","src":"page.js","origin":"https://hwcrypto.github.io","tab":3}
2020-09-21 18:23:17 [844] atrList() [PKCS11Path.cpp:69] found reader: OMNIKEY CardMan 1021
2020-09-21 18:23:17 [844] atrList() [PKCS11Path.cpp:82] Set ATR = 3B9813400AA503010101AD1311 for reader OMNIKEY CardMan 1021
2020-09-21 18:23:17 [844] PKCS11CardManager() [PKCS11CardManager.h:124] Function List not loaded /usr/local/lib/beid-pkcs11.bundle/Contents/MacOS/libbeidpkcs11.dylib: dlopen(/usr/local/lib/beid-pkcs11.bundle/Contents/MacOS/libbeidpkcs11.dylib, 6): no suitable image found.  Did find:
    file system sandbox blocked open() of '/usr/local/lib/beid-pkcs11.bundle/Contents/MacOS/libbeidpkcs11.dylib'
2020-09-21 18:23:17 [844] +[CertificateSelection show:]() [CertificateSelection.mm:162] Exception: Failed to load driver
2020-09-21 18:23:17 [844] write() [chrome-host.mm:38] Response(60) {"result":"driver_error","nonce":"t9qgutspzfaeubii","ver":1}

[metsma]

For macOS issue look here https://github.com/open-eid/chrome-token-signing/issues/173#issuecomment-679738904 Fedict/eid-mw#119

[smartman]

chrome_debug.log says that native component is sending to browser 1.6GB message when only Belgium certificate is supposed to be sent. This is the cause of "Error when communicating with the native messaging host." in the browser. [10044:6928:1001/102449.463:ERROR:native_message_process_host.cc(296)] Native Messaging host tried sending a message that is 1699875341 bytes long.

What could cause sending this invalid message from the native component to the browser?

Full log

[10044:12168:1001/102448.966:INFO:CONSOLE(70)] "getVersion()", source:  (70)
[10044:12168:1001/102448.966:INFO:CONSOLE(61)] "getCertificate()", source:  (61)
[10044:12168:1001/102448.974:INFO:CONSOLE(24)] "content script: event received", source: chrome-extension://bkbdaodnaecdijpajecpncpdomgcoakc/content-script.js (24)
[10044:12168:1001/102448.974:INFO:CONSOLE(25)] "[object MessageEvent]", source: chrome-extension://bkbdaodnaecdijpajecpncpdomgcoakc/content-script.js (25)
[10044:12168:1001/102448.975:INFO:CONSOLE(24)] "content script: event received", source: chrome-extension://bkbdaodnaecdijpajecpncpdomgcoakc/content-script.js (24)
[10044:12168:1001/102448.975:INFO:CONSOLE(25)] "[object MessageEvent]", source: chrome-extension://bkbdaodnaecdijpajecpncpdomgcoakc/content-script.js (25)
[10044:12168:1001/102448.976:INFO:CONSOLE(169)] "SEND 15: {"type":"VERSION","nonce":"cja1zezgvz65is11","src":"page.js","origin":"https://hwcrypto.github.io","tab":15}", source: chrome-extension://ckjefchnfjhjfedoccjbhjpbncimppeg/background.js (169)
[10044:12168:1001/102448.976:INFO:CONSOLE(174)] "OPEN 15: ee.ria.esteid", source: chrome-extension://ckjefchnfjhjfedoccjbhjpbncimppeg/background.js (174)
[10044:12168:1001/102448.980:INFO:CONSOLE(169)] "SEND 15: {"type":"CERT","lang":"en","filter":"SIGN","nonce":"w5qsgqn4qbgpw0pk","src":"page.js","origin":"https://hwcrypto.github.io","tab":15}", source: chrome-extension://ckjefchnfjhjfedoccjbhjpbncimppeg/background.js (169)
[10044:12168:1001/102448.982:INFO:CONSOLE(0)] "Unchecked runtime.lastError: The message port closed before a response was received.", source: https://hwcrypto.github.io/hwcrypto.js/sign.html (0)
[10044:12168:1001/102448.983:INFO:CONSOLE(0)] "Unchecked runtime.lastError: The message port closed before a response was received.", source: https://hwcrypto.github.io/hwcrypto.js/sign.html (0)
[9420:12600:1001/102449.020:VERBOSE1:thread_state.cc(1323)] [state:00004EABD1D0C500] CollectGarbage: time: 15ms stack: NoHeapPointersOnStack marking: AtomicMarking sweeping: EagerSweeping reason: ThreadTerminationGC
[9420:12600:1001/102449.021:VERBOSE1:thread_state.cc(1323)] [state:00004EABD1D0C500] CollectGarbage: time: 0.62ms stack: NoHeapPointersOnStack marking: AtomicMarking sweeping: EagerSweeping reason: ThreadTerminationGC
[10044:12168:1001/102449.097:INFO:CONSOLE(183)] "RECV 15: {"api":1,"nonce":"cja1zezgvz65is11","result":"ok","version":"1.1.2.520"}", source: chrome-extension://ckjefchnfjhjfedoccjbhjpbncimppeg/background.js (183)
[10044:12168:1001/102449.101:INFO:CONSOLE(8)] "Page received: ", source:  (8)
[10044:12168:1001/102449.101:INFO:CONSOLE(9)] "[object Object]", source:  (9)
[10044:12168:1001/102449.101:INFO:CONSOLE(24)] "content script: event received", source: chrome-extension://bkbdaodnaecdijpajecpncpdomgcoakc/content-script.js (24)
[10044:12168:1001/102449.101:INFO:CONSOLE(25)] "[object MessageEvent]", source: chrome-extension://bkbdaodnaecdijpajecpncpdomgcoakc/content-script.js (25)
[10044:6928:1001/102449.463:ERROR:native_message_process_host.cc(296)] Native Messaging host tried sending a message that is 1699875341 bytes long.
[10044:12168:1001/102449.465:INFO:CONSOLE(191)] "QUIT 15", source: chrome-extension://ckjefchnfjhjfedoccjbhjpbncimppeg/background.js (191)
[10044:12168:1001/102449.465:INFO:CONSOLE(0)] "Unchecked runtime.lastError: Error when communicating with the native messaging host.", source: chrome-extension://ckjefchnfjhjfedoccjbhjpbncimppeg/_generated_background_page.html (0)

[perevoznyk]

I made the test of the native code using Belgian EID card. When I pass the message like

{"type":"CERT","lang":"en","filter":"SIGN","nonce":"w5qsgqn4qbgpw0pk","src":"page.js","origin":"https://hwcrypto.github.io","tab":15}"

to get the certificate value the result is correct JSON with encoded certificate and absolutely normal message size:

2020-11-17 16:10:22 sendMessage() [chrome-token-signing.cpp:54] Response(3636).

But immediately after this application receives a message of the random size (actually it's look like an empty message) and fails after that:

2020-11-17 16:10:22 main() [chrome-token-signing.cpp:66] Parsing input... 2020-11-17 16:10:22 readMessage() [chrome-token-signing.cpp:46] Request(0):

Thus, the problem is in the calling part, not in the native module, I assume...

[metsma]

Maybe it crashes? can we get debug backtrace? Open page https://hwcrypto.github.io/hwcrypto.js/sign.html and click on debug button. Then get process list and find "chrome-token-signing" process PID and use this to attach debugger this process. And then try to sign something on this site

[perevoznyk]

@metsma Thank you for your tip. I made a test with Belgian ID card and I had a correct responses from native C++ code while signing hash. Here is the log:

2020-12-03 17:56:42 main() [chrome-token-signing.cpp:66] Parsing input... 2020-12-03 17:56:58 readMessage() [chrome-token-signing.cpp:46] Request(88): {"type":"VERSION","nonce":"0a8ap191kmvdwb89","src":"page.js","origin":"file://","tab":2} 2020-12-03 17:56:58 main() [chrome-token-signing.cpp:80] Message parsed 2020-12-03 17:56:58 sendMessage() [chrome-token-signing.cpp:54] Response(86) { "api": 1, "nonce": "0a8ap191kmvdwb89", "result": "ok", "version": "1.1.2.0" }

2020-12-03 17:56:58 main() [chrome-token-signing.cpp:66] Parsing input... 2020-12-03 17:56:58 readMessage() [chrome-token-signing.cpp:46] Request(113): {"type":"CERT","lang":"en","filter":"SIGN","nonce":"ppopjs7d8bsfdzmo","src":"page.js","origin":"file://","tab":2} 2020-12-03 17:56:58 main() [chrome-token-signing.cpp:80] Message parsed 2020-12-03 17:56:58 atrList() [PKCS11Path.cpp:69] found reader: Alcor Micro USB Smart Card Reader 0 2020-12-03 17:56:58 atrList() [PKCS11Path.cpp:82] Set ATR = 3B9813400AA503010101AD1311 for reader Alcor Micro USB Smart Card Reader 0 2020-12-03 17:56:58 sendMessage() [chrome-token-signing.cpp:54] Response(3636) { "api": 1, "cert": "308206F0308204D8A0030201020210100000000000047165FC4C35951243D9300D06092A864886F70D01010B05003064310B30090603550406130242453111300F060355040713084272757373656C73311C301A060355040A13134365727469706F7374204E2E562E2F532E412E311330110603550403130A436974697A656E204341310F300D06035504051306323031373238301E170D3137303833313038353935375A170D3237303832383233353935395A3071310B3009060355040613024245312630240603550403131D5365726869792050657265766F7A6E796B20285369676E617475726529311330110603550404130A50657265766F7A6E796B310F300D060355042A1306536572686979311430120603550405130B363730323033353739373330820122300D06092A864886F70D01010105000382010F003082010A0282010100CD789E092866708262F5B3F1D46C99BFA525D7138D5C2D78F10FF76D3EA96C0A430D7C6E39AF019F98B1BA619223FF2DE210A9CB648AAF3A6E286A84C5B2F417B30A158B6228AF34EA81ED4936714DD2F417C6FBCBCABFF02509DB153BAB1EF971F2EAC50293DB091CC7D931304B90645EAE68552BCC359868C8A1A93F39343F792883799753E997A1ABB992C7C77FF4F4DB5FFE7DAA2829CBA86D8408738ED8E99853FB39792D35F8BEB2AC937034CADBD6E50C7E01D1AAA1FAC5AFFD0196DA5960C448B83AFFF62E2A3C8AE629A744ADAC39A1478E457C23FE1967575F2F026F367A0DE0994A75087586184CD3DFD041868F880F6401F05282E58D8AE1A7330203010001A382028F3082028B301F0603551D23041830168014CA9F9294C31575514A7CF0061686A29D1804C1A6307306082B0601050507010104673065303906082B06010505073002862D687474703A2F2F63657274732E6569642E62656C6769756D2E62652F636974697A656E3230313732382E637274302806082B06010505073001861C687474703A2F2F6F6373702E6569642E62656C6769756D2E62652F32308201230603551D200482011A3082011630820107060760380C010102013081FB302C06082B060105050702011620687474703A2F2F7265706F7369746F72792E6569642E62656C6769756D2E62653081CA06082B060105050702023081BD1A81BA4765627275696B206F6E646572776F7270656E2061616E2061616E737072616B656C696A6B686569647362657065726B696E67656E2C207A696520435053202D20557361676520736F756D697320C3A020646573206C696D69746174696F6E7320646520726573706F6E736162696C6974C3A92C20766F697220435053202D2056657277656E64756E6720756E7465726C696567742048616674756E6773626573636872C3A46E6B756E67656E2C2067656DC3A47373204350533009060704008BEC40010230390603551D1F04323030302EA02CA02A8628687474703A2F2F63726C2E6569642E62656C6769756D2E62652F656964633230313732382E63726C300E0603551D0F0101FF04040302064030130603551D25040C300A06082B06010505070304306C06082B060105050701030460305E3008060604008E4601013008060604008E4601043033060604008E46010530293027162168747470733A2F2F7265706F7369746F72792E6569642E62656C6769756D2E62651302454E3013060604008E4601063009060704008E46010601300D06092A864886F70D01010B0500038202010023DAF98B7C5E76CF95A292CFA2CF35606F2352ABCA9C9FB19A6EDC36350230C7E999B1830D01EE24C343694FC1A35056EEB2B5CD38608BBF0818BF1D3CB1CE995AB5E2C5EB47C3897DD7BE82434A711041BC87DA7D4A9E56417D44316FA33531F53B5DB854B89EF1D348409D79810DF00E406DD135F3273DD0F6C1D0053CDECB19D94C2A873C30AC5EBDC8AD6784212B7DC40777719F9DCF5029562ECCA4C81C75A41E0AE8C779F1C29F9E1F640AD1893F4916F3D7D3A8DB85ECBE0658532DC203D944FC3EFF601FF9F4CF236A7DFE9ABBEF76083C8E8FCF223B027BFB1DD9B75AC982DFDF7ACF2AA01D5878BCA6CEA621FEB66AE5C69A12813617260C980A0275D75A9B225649EFE2BE0C2E1EB587F29779880E859C476BEB7D0AD33CF63F11D29BE359B7859C1C40B26EBBEF70E4324978195E0CB17FED3013BB3254D2A80254AACB490355B177CDE7973C35A88116CA3585526E73130513AE62DD086EFE4B650DE50A9793BBBB0EC62AA686EF066FD251A6D118CCBE684F05C592EDDB39E14E6AB12CB3437706B86FD73EAF4C0A064019C28590918AFFAA29ECC3ED2DE0242E65A2A798EA8570897FF435DF1031C9A2B9B13785AE747184158EE61355472B1036EC78B543F771F8CD30E8A457EEB75566D4363A8325CAD3CC069D7C144E08B8A4DC7334D4E32214E159DAC84B85000600D741BCF4F0625ADEFF8F6E6440B9", "nonce": "ppopjs7d8bsfdzmo", "result": "ok" }

2020-12-03 17:56:58 main() [chrome-token-signing.cpp:66] Parsing input... 2020-12-03 17:56:58 readMessage() [chrome-token-signing.cpp:46] Request(3772): {"type":"SIGN","cert":"308206F0308204D8A0030201020210100000000000047165FC4C35951243D9300D06092A864886F70D01010B05003064310B30090603550406130242453111300F060355040713084272757373656C73311C301A060355040A13134365727469706F7374204E2E562E2F532E412E311330110603550403130A436974697A656E204341310F300D06035504051306323031373238301E170D3137303833313038353935375A170D3237303832383233353935395A3071310B3009060355040613024245312630240603550403131D5365726869792050657265766F7A6E796B20285369676E617475726529311330110603550404130A50657265766F7A6E796B310F300D060355042A1306536572686979311430120603550405130B363730323033353739373330820122300D06092A864886F70D01010105000382010F003082010A0282010100CD789E092866708262F5B3F1D46C99BFA525D7138D5C2D78F10FF76D3EA96C0A430D7C6E39AF019F98B1BA619223FF2DE210A9CB648AAF3A6E286A84C5B2F417B30A158B6228AF34EA81ED4936714DD2F417C6FBCBCABFF02509DB153BAB1EF971F2EAC50293DB091CC7D931304B90645EAE68552BCC359868C8A1A93F39343F792883799753E997A1ABB992C7C77FF4F4DB5FFE7DAA2829CBA86D8408738ED8E99853FB39792D35F8BEB2AC937034CADBD6E50C7E01D1AAA1FAC5AFFD0196DA5960C448B83AFFF62E2A3C8AE629A744ADAC39A1478E457C23FE1967575F2F026F367A0DE0994A75087586184CD3DFD041868F880F6401F05282E58D8AE1A7330203010001A382028F3082028B301F0603551D23041830168014CA9F9294C31575514A7CF0061686A29D1804C1A6307306082B0601050507010104673065303906082B06010505073002862D687474703A2F2F63657274732E6569642E62656C6769756D2E62652F636974697A656E3230313732382E637274302806082B06010505073001861C687474703A2F2F6F6373702E6569642E62656C6769756D2E62652F32308201230603551D200482011A3082011630820107060760380C010102013081FB302C06082B060105050702011620687474703A2F2F7265706F7369746F72792E6569642E62656C6769756D2E62653081CA06082B060105050702023081BD1A81BA4765627275696B206F6E646572776F7270656E2061616E2061616E737072616B656C696A6B686569647362657065726B696E67656E2C207A696520435053202D20557361676520736F756D697320C3A020646573206C696D69746174696F6E7320646520726573706F6E736162696C6974C3A92C20766F697220435053202D2056657277656E64756E6720756E7465726C696567742048616674756E6773626573636872C3A46E6B756E67656E2C2067656DC3A47373204350533009060704008BEC40010230390603551D1F04323030302EA02CA02A8628687474703A2F2F63726C2E6569642E62656C6769756D2E62652F656964633230313732382E63726C300E0603551D0F0101FF04040302064030130603551D25040C300A06082B06010505070304306C06082B060105050701030460305E3008060604008E4601013008060604008E4601043033060604008E46010530293027162168747470733A2F2F7265706F7369746F72792E6569642E62656C6769756D2E62651302454E3013060604008E4601063009060704008E46010601300D06092A864886F70D01010B0500038202010023DAF98B7C5E76CF95A292CFA2CF35606F2352ABCA9C9FB19A6EDC36350230C7E999B1830D01EE24C343694FC1A35056EEB2B5CD38608BBF0818BF1D3CB1CE995AB5E2C5EB47C3897DD7BE82434A711041BC87DA7D4A9E56417D44316FA33531F53B5DB854B89EF1D348409D79810DF00E406DD135F3273DD0F6C1D0053CDECB19D94C2A873C30AC5EBDC8AD6784212B7DC40777719F9DCF5029562ECCA4C81C75A41E0AE8C779F1C29F9E1F640AD1893F4916F3D7D3A8DB85ECBE0658532DC203D944FC3EFF601FF9F4CF236A7DFE9ABBEF76083C8E8FCF223B027BFB1DD9B75AC982DFDF7ACF2AA01D5878BCA6CEA621FEB66AE5C69A12813617260C980A0275D75A9B225649EFE2BE0C2E1EB587F29779880E859C476BEB7D0AD33CF63F11D29BE359B7859C1C40B26EBBEF70E4324978195E0CB17FED3013BB3254D2A80254AACB490355B177CDE7973C35A88116CA3585526E73130513AE62DD086EFE4B650DE50A9793BBBB0EC62AA686EF066FD251A6D118CCBE684F05C592EDDB39E14E6AB12CB3437706B86FD73EAF4C0A064019C28590918AFFAA29ECC3ED2DE0242E65A2A798EA8570897FF435DF1031C9A2B9B13785AE747184158EE61355472B1036EC78B543F771F8CD30E8A457EEB75566D4363A8325CAD3CC069D7C144E08B8A4DC7334D4E32214E159DAC84B85000600D741BCF4F0625ADEFF8F6E6440B9","hash":"413140d54372f9baf481d4c54e2d5c7bcf28fd6087000280e07976121dd54af2","hashtype":"SHA-256","lang":"en","info":"","nonce":"0j9a2197pmsey57r","src":"page.js","origin":"file://","tab":2} 2020-12-03 17:56:58 main() [chrome-token-signing.cpp:80] Message parsed 2020-12-03 17:57:07 main() [chrome-token-signing.cpp:110] signing hash: 413140d54372f9baf481d4c54e2d5c7bcf28fd6087000280e07976121dd54af2, with certId: 3082...440B9 2020-12-03 17:57:13 atrList() [PKCS11Path.cpp:69] found reader: Alcor Micro USB Smart Card Reader 0 2020-12-03 17:57:13 atrList() [PKCS11Path.cpp:82] Set ATR = 3B9813400AA503010101AD1311 for reader Alcor Micro USB Smart Card Reader 0 2020-12-03 17:57:58 sign() [NativeSigner.cpp:147] sign return code: 0 2020-12-03 17:58:19 sendMessage() [chrome-token-signing.cpp:54] Response(593) { "api": 1, "nonce": "0j9a2197pmsey57r", "result": "ok", "signature": "444.....5DC" }

Still from JS code I received no result. It means that the async processing of the message while UI is blocked by certificate selection dialog has a problem like time-out, but this is not related to Belgian ID card

[perevoznyk]

Fails same way in Chrome, Firefox and Edge. Windows 10 Version 1909 JavaScript 8.5.210.20 Chrome 85 Latest Belgium eID middleware installed today. Latest Estonian eID software package reinstalled today.

It works with

• Chrome: Version 87.0.4280.88 (Official Build) (64-bit)
• Edge: Version 87.0.664.66 (Official build) (64-bit)
• hwcryptoversion with Chrome native messaging extension 0.0.30/1.1.2.0
• Belgian EID middleware: Version 4.4.27.4292
• Windows 10 version 2004

I am sure that Windows version is not important, because I had a problem with test before while the Windows version was the same. The test was done with Belgian EID card from 2018.

Which version of Belgian Middleware was used for your test?

[metsma]

I found case where nonce was not forwarded and thats why the empty JS response.

[smartman]

Issue fixed after Belgium eID middleware fix.

[smartman]

Turns out that the Belgium eID middleware fixed some other issue and this original invalid_argument problem still exists. Checked by 2 different people with different cards and machines with latest Estonian and Belgium softwares installed.

2021-05-22 08:17:17 main() [chrome-token-signing.cpp:63] Parsing input...
2021-05-22 08:17:17 readMessage() [chrome-token-signing.cpp:43] Request(108): {"type":"VERSION","nonce":"82n5m5vl5rddya94","src":"page.js","origin":"https://hwcrypto.github.io","tab":61} 
2021-05-22 08:17:17 sendMessage() [chrome-token-signing.cpp:51] Response(88) {
    "api": 1,
    "nonce": "82n5m5vl5rddya94",
    "result": "ok",
    "version": "1.1.4.543" 
} 

2021-05-22 08:17:17 main() [chrome-token-signing.cpp:63] Parsing input...
2021-05-22 08:17:17 readMessage() [chrome-token-signing.cpp:43] Request(133): {"type":"CERT","lang":"en","filter":"SIGN","nonce":"fn6a696dziy58n7q","src":"page.js","origin":"https://hwcrypto.github.io","tab":61} 
2021-05-22 08:17:17 atrList() [pkcs11path.cpp:70] found reader: Generic Smart Card Reader Interface 0
2021-05-22 08:17:17 atrList() [pkcs11path.cpp:83] Set ATR = 3B9813400AA503010101AD1311 for reader Generic Smart Card Reader Interface 0
2021-05-22 08:17:19 getCert() [nativecertificateselector.cpp:80] Certificate added to the memory store.
2021-05-22 08:17:23 sendMessage() [chrome-token-signing.cpp:51] Response(3640) {
    "api": 1,
    "cert": "308...ECC",
    "nonce": "fn6a696dziy58n7q",
    "result": "ok" 
} 

2021-05-22 08:17:23 main() [chrome-token-signing.cpp:63] Parsing input...
2021-05-22 08:17:23 readMessage() [chrome-token-signing.cpp:43] Request(0):  
2021-05-22 08:17:23 main() [chrome-token-signing.cpp:115] Handling exception: invalid_argument
2021-05-22 08:17:23 sendMessage() [chrome-token-signing.cpp:51] Response(54) {
    "message": null,
    "result": "invalid_argument" 
} 

2021-05-22 08:33:10 main() [chrome-token-signing.cpp:63] Parsing input...

[metsma]

You have not provided enough information. Please verify from device manager that correct version of middleware is installed on smart card. Is this certificate in log with non-reputation key usage?

[kristelmerilain]

Closing due inactivity, reopen if needed.