Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Travis testing of PIV cards #2094

Closed
dengert opened this issue Aug 16, 2020 · 1 comment
Closed

Travis testing of PIV cards #2094

dengert opened this issue Aug 16, 2020 · 1 comment

Comments

@dengert
Copy link
Member

dengert commented Aug 16, 2020

Problem Description

The following code is in .travis.yml

     java -noverify -cp PivApplet/bin/:jcardsim/target/jcardsim-3.0.5-SNAPSHOT.jar com.licel.jcardsim.remote.VSmartCard PivApplet/test/jcardsim.cfg >/dev/null &
      PID=$!;
      sleep 5;
      opensc-tool --card-driver default --send-apdu 80b80000120ba000000308000010000100050000020F0F7f;
      opensc-tool -n; 
      yubico-piv-tool -v 9999 -r 'Virtual PCD 00 00' -P 123456 -s 9e -a generate -A RSA2048;
      yubico-piv-tool -v 9999 -r 'Virtual PCD 00 00' -P 123456 -s 9a -a generate -A ECCP256;
      pkcs11-tool -l -t -p 123456;
      kill -9 $PID;

This is more of a test of yubio-piv-tool, then card-piv.c in OpenSC. Only private keys are created. But they can not be used or seen by a PIV client. The public keys is needed and for PIV to find a private key,
and the public key is only stored in the matching certificates and there are no certificates to be found.

 ++pkcs11-tool -l -t -p 123456
00841511 ifdwrapper.c:477:IFDControl() Card not transacted: 606
00003366 ifdwrapper.c:477:IFDControl() Card not transacted: 606
Using slot 0 with a present token (0x0)
Signatures: no private key found in this slot
C_SeedRandom() and C_GenerateRandom():
  seeding (C_SeedRandom) not supported
  seems to be OK
Digests:
  all 4 digest functions seem to work
  MD5: OK
  SHA-1: OK
  RIPEMD160: OK
Signatures (currently only for RSA)
Verify (currently only for RSA)
  No private key found for testing
Decryption (currently only for RSA)
No errors

I am not a yml expert, but something like this should produce self signed certificates for key 9e and 9a:

yubico-piv-tool -v 9999 -r 'Virtual PCD 00 00' -P 123456 -s 9e -a generate -A RSA2048 | yubico-piv-tool -v 9999 -r 'Virtual PCD 00 00' -P 123456 -s 9e -S'/CN=bar/OU=test/O=example.com/' -averify -aselfsign | yubico-piv-tool -v 9999 -r 'Virtual PCD 00 00' -P 123456 -s 9e -aimport-certificate ;

yubico-piv-tool -v 9999 -r 'Virtual PCD 00 00' -P 123456 -s 9a -a generate -A ECCP256 | yubico-piv-tool -v 9999 -r 'Virtual PCD 00 00' -P 123456 -s 9a -s 9e -S'/CN=bar/OU=test/O=example.com/' -averify -aselfsign | yubico-piv-tool -v 9999 -r 'Virtual PCD 00 00' -P 123456 -s 9a -aimport-certificate ;

See:
https://developers.yubico.com/yubico-piv-tool/

Logs

See any travis output logs

Proposed Solution

This is unteasted:

travis.yml.txt
dengert added a commit to dengert/OpenSC that referenced this issue Aug 16, 2020
@dengert
Travis.yml - Improve PIV testing
76b6c43 
Fix Issue OpenSC#2094

Current test using PivApplet/bin/:jcardsim/target/jcardsim-3.0.5
only creates 2 private keys. These are never seen by a PIV client,
as the way private keys are found is via a certificate which contains
the public key (SPKI) which contains the type of key, RSA or ECC
and the size or curve OID.

This  change creates the public key and self signed certificate
for the two keys so  pkcs11-tool can list and test the crypto.

 Please enter the commit message for your changes. Lines starting
 On branch PIV-4-extensions
 Changes to be committed:
	modified:   .travis.yml
@dengert
Copy link
Member Author

dengert commented Aug 17, 2020

This suggestion is part of #2053 as 76b6c43 and additional fix ae91531

@dengert dengert closed this as completed Aug 17, 2020
dengert added a commit to dengert/OpenSC that referenced this issue Aug 21, 2020
@dengert
Travis.yml - Improve PIV testing
e065a91 
Fix Issue OpenSC#2094

Current test using PivApplet/bin/:jcardsim/target/jcardsim-3.0.5
only creates 2 private keys. These are never seen by a PIV client,
as the way private keys are found is via a certificate which contains
the public key (SPKI) which contains the type of key, RSA or ECC
and the size or curve OID.

This  change creates the public key and self signed certificate
for the two keys so  pkcs11-tool can list and test the crypto.

 Please enter the commit message for your changes. Lines starting
 On branch PIV-4-extensions
 Changes to be committed:
	modified:   .travis.yml
dengert added a commit to dengert/OpenSC that referenced this issue Sep 2, 2020
@dengert
Travis.yml - Improve PIV testing
ef7835a 
Fix Issue OpenSC#2094

Current test using PivApplet/bin/:jcardsim/target/jcardsim-3.0.5
only creates 2 private keys. These are never seen by a PIV client,
as the way private keys are found is via a certificate which contains
the public key (SPKI) which contains the type of key, RSA or ECC
and the size or curve OID.

This  change creates the public key and self signed certificate
for the two keys so  pkcs11-tool can list and test the crypto.

 Please enter the commit message for your changes. Lines starting
 On branch PIV-4-extensions
 Changes to be committed:
	modified:   .travis.yml
dengert added a commit to dengert/OpenSC that referenced this issue Sep 21, 2020
@dengert
Travis.yml - Improve PIV testing
d5df204 
Fix Issue OpenSC#2094

Current test using PivApplet/bin/:jcardsim/target/jcardsim-3.0.5
only creates 2 private keys. These are never seen by a PIV client,
as the way private keys are found is via a certificate which contains
the public key (SPKI) which contains the type of key, RSA or ECC
and the size or curve OID.

This  change creates the public key and self signed certificate
for the two keys so  pkcs11-tool can list and test the crypto.

 Please enter the commit message for your changes. Lines starting
 On branch PIV-4-extensions
 Changes to be committed:
	modified:   .travis.yml
dengert added a commit to dengert/OpenSC that referenced this issue Sep 25, 2020
@dengert
Travis.yml - Improve PIV testing
fb17a80 
Fix Issue OpenSC#2094

Current test using PivApplet/bin/:jcardsim/target/jcardsim-3.0.5
only creates 2 private keys. These are never seen by a PIV client,
as the way private keys are found is via a certificate which contains
the public key (SPKI) which contains the type of key, RSA or ECC
and the size or curve OID.

This  change creates the public key and self signed certificate
for the two keys so  pkcs11-tool can list and test the crypto.

 Please enter the commit message for your changes. Lines starting
 On branch PIV-4-extensions
 Changes to be committed:
	modified:   .travis.yml
dengert added a commit to dengert/OpenSC that referenced this issue Oct 14, 2020
@dengert
Travis.yml - Improve PIV testing
16b31d0 
Fix Issue OpenSC#2094

Current test using PivApplet/bin/:jcardsim/target/jcardsim-3.0.5
only creates 2 private keys. These are never seen by a PIV client,
as the way private keys are found is via a certificate which contains
the public key (SPKI) which contains the type of key, RSA or ECC
and the size or curve OID.

This  change creates the public key and self signed certificate
for the two keys so  pkcs11-tool can list and test the crypto.

 Please enter the commit message for your changes. Lines starting
 On branch PIV-4-extensions
 Changes to be committed:
	modified:   .travis.yml
dengert added a commit to dengert/OpenSC that referenced this issue Oct 24, 2020
@dengert
Travis.yml - Improve PIV testing
75d1f71 
Fix Issue OpenSC#2094

Current test using PivApplet/bin/:jcardsim/target/jcardsim-3.0.5
only creates 2 private keys. These are never seen by a PIV client,
as the way private keys are found is via a certificate which contains
the public key (SPKI) which contains the type of key, RSA or ECC
and the size or curve OID.

This  change creates the public key and self signed certificate
for the two keys so  pkcs11-tool can list and test the crypto.

 Please enter the commit message for your changes. Lines starting
 On branch PIV-4-extensions
 Changes to be committed:
	modified:   .travis.yml
dengert added a commit to dengert/OpenSC that referenced this issue Jan 17, 2021
@dengert
Travis.yml - Improve PIV testing
7878255 
Fix Issue OpenSC#2094

Current test using PivApplet/bin/:jcardsim/target/jcardsim-3.0.5
only creates 2 private keys. These are never seen by a PIV client,
as the way private keys are found is via a certificate which contains
the public key (SPKI) which contains the type of key, RSA or ECC
and the size or curve OID.

This  change creates the public key and self signed certificate
for the two keys so  pkcs11-tool can list and test the crypto.

 Please enter the commit message for your changes. Lines starting
 On branch PIV-4-extensions
 Changes to be committed:
	modified:   .travis.yml
dengert added a commit to dengert/OpenSC that referenced this issue Jan 29, 2021
@dengert
Travis.yml - Improve PIV testing
835c42c 
Fix Issue OpenSC#2094

Current test using PivApplet/bin/:jcardsim/target/jcardsim-3.0.5
only creates 2 private keys. These are never seen by a PIV client,
as the way private keys are found is via a certificate which contains
the public key (SPKI) which contains the type of key, RSA or ECC
and the size or curve OID.

This  change creates the public key and self signed certificate
for the two keys so  pkcs11-tool can list and test the crypto.

 Please enter the commit message for your changes. Lines starting
 On branch PIV-4-extensions
 Changes to be committed:
	modified:   .travis.yml
dengert added a commit to dengert/OpenSC that referenced this issue Mar 2, 2021
@dengert
Travis.yml - Improve PIV testing
4b8b092 
Fix Issue OpenSC#2094

Current test using PivApplet/bin/:jcardsim/target/jcardsim-3.0.5
only creates 2 private keys. These are never seen by a PIV client,
as the way private keys are found is via a certificate which contains
the public key (SPKI) which contains the type of key, RSA or ECC
and the size or curve OID.

This  change creates the public key and self signed certificate
for the two keys so  pkcs11-tool can list and test the crypto.

 Please enter the commit message for your changes. Lines starting
 On branch PIV-4-extensions
 Changes to be committed:
	modified:   .travis.yml
dengert added a commit to dengert/OpenSC that referenced this issue Mar 14, 2021
@dengert
Travis.yml - Improve PIV testing
82ce626 
Fix Issue OpenSC#2094

Current test using PivApplet/bin/:jcardsim/target/jcardsim-3.0.5
only creates 2 private keys. These are never seen by a PIV client,
as the way private keys are found is via a certificate which contains
the public key (SPKI) which contains the type of key, RSA or ECC
and the size or curve OID.

This  change creates the public key and self signed certificate
for the two keys so  pkcs11-tool can list and test the crypto.

 Please enter the commit message for your changes. Lines starting
 On branch PIV-4-extensions
 Changes to be committed:
	modified:   .travis.yml
dengert added a commit to dengert/OpenSC that referenced this issue Mar 25, 2021
@dengert
Travis.yml - Improve PIV testing
7017989 
Fix Issue OpenSC#2094

Current test using PivApplet/bin/:jcardsim/target/jcardsim-3.0.5
only creates 2 private keys. These are never seen by a PIV client,
as the way private keys are found is via a certificate which contains
the public key (SPKI) which contains the type of key, RSA or ECC
and the size or curve OID.

This  change creates the public key and self signed certificate
for the two keys so  pkcs11-tool can list and test the crypto.

 Please enter the commit message for your changes. Lines starting
 On branch PIV-4-extensions
 Changes to be committed:
	modified:   .travis.yml
dengert added a commit to dengert/OpenSC that referenced this issue Apr 22, 2021
@dengert
Travis.yml - Improve PIV testing
cf10272 
Fix Issue OpenSC#2094

Current test using PivApplet/bin/:jcardsim/target/jcardsim-3.0.5
only creates 2 private keys. These are never seen by a PIV client,
as the way private keys are found is via a certificate which contains
the public key (SPKI) which contains the type of key, RSA or ECC
and the size or curve OID.

This  change creates the public key and self signed certificate
for the two keys so  pkcs11-tool can list and test the crypto.

 Please enter the commit message for your changes. Lines starting
 On branch PIV-4-extensions
 Changes to be committed:
	modified:   .travis.yml
dengert added a commit to dengert/OpenSC that referenced this issue May 15, 2021
@dengert
Travis.yml - Improve PIV testing
5469c08 
Fix Issue OpenSC#2094

Current test using PivApplet/bin/:jcardsim/target/jcardsim-3.0.5
only creates 2 private keys. These are never seen by a PIV client,
as the way private keys are found is via a certificate which contains
the public key (SPKI) which contains the type of key, RSA or ECC
and the size or curve OID.

This  change creates the public key and self signed certificate
for the two keys so  pkcs11-tool can list and test the crypto.

 Please enter the commit message for your changes. Lines starting
 On branch PIV-4-extensions
 Changes to be committed:
	modified:   .travis.yml
dengert added a commit to dengert/OpenSC that referenced this issue Jun 8, 2021
@dengert
Travis.yml - Improve PIV testing
87ed792 
Fix Issue OpenSC#2094

Current test using PivApplet/bin/:jcardsim/target/jcardsim-3.0.5
only creates 2 private keys. These are never seen by a PIV client,
as the way private keys are found is via a certificate which contains
the public key (SPKI) which contains the type of key, RSA or ECC
and the size or curve OID.

This  change creates the public key and self signed certificate
for the two keys so  pkcs11-tool can list and test the crypto.

 Please enter the commit message for your changes. Lines starting
 On branch PIV-4-extensions
 Changes to be committed:
	modified:   .travis.yml
dengert added a commit to dengert/OpenSC that referenced this issue Jul 16, 2021
@dengert
Travis.yml - Improve PIV testing
2029ba1 
Fix Issue OpenSC#2094

Current test using PivApplet/bin/:jcardsim/target/jcardsim-3.0.5
only creates 2 private keys. These are never seen by a PIV client,
as the way private keys are found is via a certificate which contains
the public key (SPKI) which contains the type of key, RSA or ECC
and the size or curve OID.

This  change creates the public key and self signed certificate
for the two keys so  pkcs11-tool can list and test the crypto.

 Please enter the commit message for your changes. Lines starting
 On branch PIV-4-extensions
 Changes to be committed:
	modified:   .travis.yml
dengert added a commit to dengert/OpenSC that referenced this issue Aug 6, 2021
@dengert
Travis.yml - Improve PIV testing
fff82e1 
Fix Issue OpenSC#2094

Current test using PivApplet/bin/:jcardsim/target/jcardsim-3.0.5
only creates 2 private keys. These are never seen by a PIV client,
as the way private keys are found is via a certificate which contains
the public key (SPKI) which contains the type of key, RSA or ECC
and the size or curve OID.

This  change creates the public key and self signed certificate
for the two keys so  pkcs11-tool can list and test the crypto.

 Please enter the commit message for your changes. Lines starting
 On branch PIV-4-extensions
 Changes to be committed:
	modified:   .travis.yml
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dengert