List of targeted cards:
G&D SmartCafe v3.2 Gemalto IDCore 3020
--- Additional comment from Nathan Kinder on 2015-08-18 20:28:38 EDT ---
Are you sure that the SafeNet SC650 supports SCP03? According to SafeNet's website and documentation on the SC650, it supports GlobalPlatform 2.1.1 (which came out in 2003). SCP03 was added as an amendment (amendment D) to the GlobalPlatform 2.2 spec in 2009.
--- Additional comment from Nathan Kinder on 2015-09-15 19:32:39 EDT ---
It also appears that the G&D SmartCafe Expert 3.2 does not support SCP03:
http://www.gi-de.com/gd_media/media/en/documents/brochures/mobile_security_2/nb/SmartCafe-Expert.pdf
The G&D SmartCafe Expert 6.0 does support SCP03 (Global Platform 2.2 amendment D) according to the above PDF. The Gemalto IDCore 3020 that was mentioned also appears to support SCP03:
http://www.gemalto.com/Products/top_javacard/download/IDCore3020_Product_Datasheet_Jan14.pdf
Is the right set of target cards for SCP03 really the following?
G&D SmartCafe Expert 6.0 Gemalto IDCore 3020
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1254822 (Red Hat Certificate System)
Per CS/DS meeting of 11/02/2015: 10.3 stretch goal (NTH)
Closed as WONT FIX for RHCS 8.x version of product.
Metadata Update from @dsirrine: - Issue assigned to jmagne - Issue set to the milestone: 10.4
Checkin:
commit 6d6b6f954a5bf6730d4b53875c7cc122eb3ab5eb Author: Jack Magne jmagne@dhcp-16-206.sjc.redhat.com Date: Wed Jun 1 10:23:33 2016 -0700
First cut of scp03 support. Supports the g&d smartcafe out of the box. Developer keyset token operations and key change over supported. Caveats. -The diversification step going from master key to card key uses DES3 as required for the token. -After that point, everything is scp03 to the spec with minor excpetions so far. Supports 128 bit AES for now. Will resolve this. Minor config tweaks: TPS Symmetric Key Changeover Use this applet for scp03: RSA/KeyRecovery/GP211/SCP02/SCP03 applet : 1.5.558cdcff.ijc TKS: Symmetric Key Changeover tks.mk_mappings.#02#03=internal:new_master tks.defKeySet.mk_mappings.#02#03=internal:new_master Use the uncommented one because scp03 returns a different key set data string. ToDo: -Support the rest of the AES sizes other than 128. -Support optional RMAC apdu. -Test and adjust the config capability for other tokens. -Support AES master key. Right now the standard key ends up creating AES card and session keys.
This is a first cut. There are enhancements and fixes to be made, but this will work with the g&d smart cafe 6.0
Metadata Update from @jmagne: - Custom field feature adjusted to '' - Custom field proposedmilestone adjusted to '' - Custom field proposedpriority adjusted to '' - Custom field reviewer adjusted to '' - Custom field version adjusted to '' - Issue close_status updated to: None
Metadata Update from @jmagne: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @mharmsen: - Issue set to the milestone: 10.4.0 (was: 10.4)
Re-opening, to allow for minor changes for the g&d sc 7.0 token.
Metadata Update from @jmagne: - Issue status updated to: Open (was: Closed)
jmagne added SCP03 support for g&d sc 7 card: * 164087b1fc302dd8b125cd52e9e55f54ea97e09d
Metadata Update from @mharmsen: - Issue close_status updated to: fixed - Issue set to the milestone: 10.4.2 (was: 10.4.0) - Issue status updated to: Closed (was: Open)
Re-opening due to minor issue with the NON server side keygen case.
commit f26b3aaee1cf36941f387b464b937ffee1403048 Author: Jack Magne jmagne@dhcp-16-206.sjc.redhat.com Date: Fri May 5 11:44:17 2017 -0700
Non server keygen issue in SCP03. Ticket 1663 Add SCP03 support: https://pagure.io/dogtagpki/issue/1663 We discovered a minor issue when trying to log values that don't exist when performing the non server side keygen case. For instance , we don't need to generate a kek session key in this case, and we were trying to print info about it to the logs. This fix allows this case to work without issue
Metadata Update from @jmagne: - Issue status updated to: Closed (was: Open)
Metadata Update from @mharmsen: - Issue close_status updated to: fixed - Issue set to the milestone: 10.4.4 (was: 10.4.2)
Metadata Update from @mharmsen: - Custom field fixedinversion adjusted to pki-core-10.4.1-4.el7,pki-core-10.4.1-4.el7pki
Re-opening based upon associated Bugzilla Bug.
Metadata Update from @mharmsen: - Issue set to the milestone: 10.4 (was: 10.4.4) - Issue status updated to: Open (was: Closed)
Commit for latest mini issue:
commit a614eb15476adb00df571d3ea05fdd8ea282141d Author: Jack Magne jmagne@dhcp-16-206.sjc.redhat.com Date: Fri Jun 2 15:40:52 2017 -0700
Resolve #1663 Add SCP03 support . This particular fix resolves a simple issue when formatting a token in FIPS mode for SCP03.
Metadata Update from @mharmsen: - Issue close_status updated to: fixed - Issue set to the milestone: 10.4.7 (was: 10.4)
Metadata Update from @mharmsen: - Custom field fixedinversion adjusted to pki-core-10.4.7-1.fc27 (was: pki-core-10.4.1-4.el7,pki-core-10.4.1-4.el7pki)
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2222
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.