Search code examples
pkcs#11opensc

OpenSC Program Crash with c0000005 on Windows

All, I am trying to access opensc dll(latest version) on windows 7 64 bit. I am trying to access a ePass2003 token. The opensc-tool is able to detect the token and can get name and other information. So the token is found by OpenSC. Then I am loading the opensc dll from another program and call standard PKCS#11 functions. C_GetSlotList is returning slot 0 ID as -1 and slot 1 ID as 1. The C_GetFunctionList is returning me pointers to functions. The problem is when I call C_GetMechanismList I am getting a crash with c0000005 error.

I also have accessed the token through the ePass dll provided with the token, it works perfectly.

I am unable to track this problem as it is looking like through the opensc dll, opensc is unable to interface with the card but then opensc-tool also should have the same problem but it does not.

If someone can help it would be great.

TRACE : pkcs11-tool

Trace #1:

C:\Program Files\OpenSC Project\OpenSC\tools>pkcs11-tool.exe --module opensc-pkcs11.dll -I
Cryptoki version 2.20
Manufacturer     OpenSC (www.opensc-project.org)
Library          Smart card PKCS#11 API (ver 0.0)
Using slot 1 with a present token (0x1)

Trace #2:

C:\Program Files\OpenSC Project\OpenSC\tools>pkcs11-tool.exe --module opensc-pkcs11.dll -L
Available slots:
Slot 0 (0xffffffff): Virtual hotplug slot
  (empty)
Slot 1 (0x1): FS USB Token 0
  token state:   uninitialized

Trace #3:

C:\Program Files\OpenSC Project\OpenSC\tools>pkcs11-tool.exe --module opensc-pkcs11.dll -T
Available slots:
No slots.

Trace #4:

C:\Program Files\OpenSC Project\OpenSC\tools>pkcs11-tool.exe --module opensc-pkcs11.dll -M
Using slot 1 with a present token (0x1)

Same result crash with c0000005

Solution

  • OpenSC PKCS#11 library sees your token as "uninitialized". If I remember correctly ePass token initialized with Feitian middleware cannot be used with OpenSC, and vice versa. So if you want to use ePass with opensc-pkcs11.dll then you will need to use pkcs15-init.exe application shipped with OpenSC to initialize your token.

    Documentation references:

    OpenSC wiki mentions requirement for reinitialization on ePass3000 page but not on ePass2003 page. European distributor gooze.eu also states that reinitialization is required:

    The reason is that the ePass2003 is pre-initialized to be recognised under Windows7 by Feitian priprietary software. To be usable, the ePass2003 need to be initialized by OpenSC.

    Practical examples:

    I have initialized my ePass2003 token with Feitian middleware and tested with proprietary eps2003csp11.dll library - it was working fine:

    C:\Program Files (x86)\OpenSC Project\OpenSC\tools>pkcs11-tool.exe --module eps2003csp11.dll -M
Using slot 0 with a present token (0x1)
Supported mechanisms:
  RSA-PKCS-KEY-PAIR-GEN, keySize={1024,2048}, hw, encrypt, decrypt, sign, verify, generate_key_pair
  RSA-PKCS, keySize={512,2048}, hw, encrypt, decrypt, sign, sign_recover, verify, verify_recover, wrap, unwrap
  RSA-X-509, keySize={512,2048}, encrypt, decrypt, sign, sign_recover, verify, verify_recover, wrap, unwrap
  MD2-RSA-PKCS, keySize={512,2048}, sign, verify
  MD5-RSA-PKCS, keySize={512,2048}, sign, verify
  SHA1-RSA-PKCS, keySize={512,2048}, hw, sign, verify
  DH-PKCS-KEY-PAIR-GEN, keySize={128,2048}, generate_key_pair
  DH-PKCS-DERIVE, keySize={128,2048}, derive
  SHA256-RSA-PKCS, keySize={512,2048}, hw, sign, verify
  SHA384-RSA-PKCS, keySize={512,2048}, sign, verify
  SHA512-RSA-PKCS, keySize={1024,2048}, sign, verify
  mechtype-70, keySize={512,2048}, sign, verify
  RC2-KEY-GEN, keySize={8,1024}, generate
  RC2-ECB, keySize={8,1024}, encrypt, decrypt
  RC2-CBC, keySize={8,1024}, encrypt, decrypt
  RC2-CBC-PAD, keySize={8,1024}, encrypt, decrypt
  RC4-KEY-GEN, keySize={8,2048}, generate
  RC4, keySize={8,2048}, encrypt, decrypt
  DES-KEY-GEN, keySize={56,56}, generate
  DES-ECB, keySize={64,64}, hw, encrypt, decrypt
  DES-CBC, keySize={64,64}, hw, encrypt, decrypt
  DES-CBC-PAD, keySize={64,64}, encrypt, decrypt
  DES3-KEY-GEN, keySize={112,112}, generate
  DES3-ECB, keySize={128,192}, hw, encrypt, decrypt
  DES3-CBC, keySize={128,192}, hw, encrypt, decrypt
  DES3-CBC-PAD, keySize={128,192}, encrypt, decrypt
  MD2, digest
  MD5, digest
  SHA-1, keySize={512,512}, hw, digest, sign, verify
  SHA-1-HMAC, keySize={8,2048}, sign, verify
  SHA256, keySize={512,512}, hw, digest, sign, verify
  mechtype-597, digest
  SHA384, digest
  SHA512, digest
  GENERIC-SECRET-KEY-GEN, keySize={8,2048}, generate
  AES-KEY-GEN, keySize={128,256}, generate
  AES-ECB, keySize={128,256}, hw, encrypt, decrypt
  AES-CBC, keySize={128,256}, hw, encrypt, decrypt
  AES-CBC-PAD, keySize={128,256}, encrypt, decrypt

    Then I have tested with opensc-pkcs11.dll and got the same crash you are describing:

    C:\Program Files (x86)\OpenSC Project\OpenSC\tools>pkcs11-tool.exe --module opensc-pkcs11.dll -M
Using slot 1 with a present token (0x1)

    OpenSC command line tool stopped working

    So I have erased the card..

    C:\Program Files (x86)\OpenSC Project\OpenSC\tools>pkcs15-init.exe --erase-card
Using reader with a card: FS USB Token 0

    ..initialized with OpenSC pkcs15-init application..

    C:\Program Files (x86)\OpenSC Project\OpenSC\tools>pkcs15-init.exe --create-pkcs15 --profile pkcs15+onepin --use-default-transport-key --pin 0000 --puk 111111 --label "ePass2003"
Using reader with a card: FS USB Token 0
2014-07-29 22:35:08.208 cannot lock memory, sensitive data may be paged to disk
2014-07-29 22:35:08.442 cannot lock memory, sensitive data may be paged to disk
2014-07-29 22:35:08.882 cannot lock memory, sensitive data may be paged to disk
2014-07-29 22:35:10.059 cannot lock memory, sensitive data may be paged to disk
2014-07-29 22:35:10.497 cannot lock memory, sensitive data may be paged to disk

    ..and then opensc-pkcs11.dll started working:

    C:\Program Files (x86)\OpenSC Project\OpenSC\tools>pkcs11-tool.exe --module opensc-pkcs11.dll -M
Using slot 1 with a present token (0x1)
Supported mechanisms:
  SHA-1, digest
  SHA256, digest
  SHA384, digest
  SHA512, digest
  MD5, digest
  RIPEMD160, digest
  GOSTR3411, digest
  RSA-X-509, keySize={512,2048}, hw, decrypt, sign, verify
  RSA-PKCS, keySize={512,2048}, hw, decrypt, sign, verify
  SHA1-RSA-PKCS, keySize={512,2048}, sign, verify
  SHA256-RSA-PKCS, keySize={512,2048}, sign, verify
  MD5-RSA-PKCS, keySize={512,2048}, sign, verify
  RIPEMD160-RSA-PKCS, keySize={512,2048}, sign, verify
  RSA-PKCS-KEY-PAIR-GEN, keySize={512,2048}, generate_key_pair

    However eps2003csp11.dll distributed by Feitian stopped working as expected:

    C:\Program Files (x86)\OpenSC Project\OpenSC\tools>pkcs11-tool.exe --module eps2003csp11.dll -M
No slot with a token was found.