none
Smart card minidriver CertSequences test bug RRS feed

  • Question

  • Hello, I'm trying to certify our smart card minidriver. The smart card can deauthenticate users only through unpowering (cold resetting) the card.

    The document "Windows Smart Card Minidriver Specification Version 7.07" section 4.2.5 says:

    "... The CardDeauthenticate function is an optional export that should be provided it is possible the card minidriver to efficiently reverse the effect of a user or administrator without resetting the card. If this function not implemented, the card minidriver should put NULL in the CARD_DATA pointer for this function. Base CSP/KSP tests this pointer for NULL value before calling it. If it is found, the Base CSP/KSP deauthenticates a user by resetting the card..."

    But there is a problem with resetting the card during "CertSequences" test. Here is a cmck log trace:

    Start: CertSequences, TUID=
    Enrolling for certs required by sequence tests
            Creating self-signed cert of the test root CA
            Creating key container (type=2) on the card
            Submitting CSP PIN for reader \\.\ACS CCID USB Reader 0\
                    Generating key for 47768bf7-47cf-42b3-9c2e-702d3997963d
                    Exporting pub key from the card
                    Hashing the certificate request
                    Signing the hash on the card
                    Verifying the signed certificate request
                    Preparing a cert for signing
                    Signing the cert with the priv key of the test root CA
                    Writing the cert on the card
            Verifying the certificate on card
    Error: 0x80100068.
            SCardBeginTransaction failed
            File=d:\6229t\testsrc\dstest\security\core\credentials\smartcard\cmck\cmck\
    testcase.cpp Line=712
    Error: 0x0.
            ConnectCardModule failed unexpectedly
            File=d:\6229t\testsrc\dstest\security\core\credentials\smartcard\cmck\cmck\
    seqtests.cpp Line=3374
            Submitting CSP PIN for reader \\.\ACS CCID USB Reader 0\
    Clean up: deleting 47768bf7-47cf-42b3-9c2e-702d3997963d from the card
    End: Fail, CertSequences, TUID=, Repro=exec CertSequences

    As you can see, test tool is trying to verify certificate but get an error, because CardDeauthenticate was called and any smart card shared state has became invalid.

    If I implement CardDeauthenticate that just return "SCARD_S_SUCCESS" - this test is passed, but the rest of the tests fail.

    So, there is a bug in CertSequences test, which need to be corrected.

    Friday, May 31, 2013 4:01 PM

All replies

  • Hi,

    This is not a bug in the CertSequences test but rather an issue in your implementation.

    Are you resetting the card inside the CardDeauthenticate function? If yes, then this is the origin of your problem because you should not change the state of the SCARDHANDLE passed to you by the Base CSP. In order to reset the card, you should simply not exporting the CardDeauthenticate and set its pointer in CARD_DATA structure to NULL.

    Anayway, the error 0x80100068 (SCARD_W_RESET_CARD) received by the CMCK is due to the fact that the SCARDHANDLE was reset outside the scope of the Base CSP and the CMCK, most certainly because the reset was done inside the minidriver which is forbidden.

    Cheers,
    --
    Mounir IDRASSI


    Mounir IDRASSI - IDRIX - http://www.idrix.fr

    Sunday, September 29, 2013 4:22 AM