Secure Messaging differences between European eID and PIV

[dengert]

@frankmorgner and @Jakuje @CardContact @hhonkanen @makinako

While reviewing #3098 to see what needs to done and our disagreements, I started looking at differences of BSI TR-03110 and NSIT 8000-73-4, mostly of CVC differences but also for the SM protocols. I don't believe I have a card that can do eID SM although I did not look closely at me Myeid cards. And I don't know if any of you have PIV cards that can do PIV SM, but some of you are implementing or at lest considering implementing it.

Google something like: bsi tr 03110 cvc format vs nist 800-73-4 sm (I printed off 12 pages, but it truncated the first search line.) the Google AI does a nice compare and "Dive deeper into AI mode" even more, asking would I like to see APDU and Response data too.

Part of the changes I had been working on was adding PKCS11 support for CVC certificates. What the BSI TR-03110 and NSIT 8000-73-4 point out is they are very similar and it looks like the same OpenSC ASN1 parsing could be used, if the differences were included as optional fields and some differences in lengths.

BSI TR-03110 and NSIT 800-73-4 also differ in how SM is used and how large blocks are handled. BSI TR-03110 uses envelope, NIST uses command chaining.

Unfortunately, @makinako closed issue 38:
makinako/OpenFIPS201#38 (comment)

[metsma]

Estonian, Finland, Latvia, Lithuania cards all support SM.
I did add swift SM implementation at some point to this application.
https://github.com/open-eid/MOPP-iOS/blob/master/MoppLib/MoppLib/CardReaderNFC.swift#L184-L188
I can not remember if these cards support extended length to test large blocks. Idemia cards had some hard limit to truncate response.

[dengert]

I use "Idemia ID-one PIV 2.4 on Cosmo V8.1" from 2018 and a set of "Idemia ID-One PIV 2.4 Test Cards" from 2020 to get the OpenSC PIV SM working. This was all done using short APDUs with command chaining, as NIST 800-73-4 does not require extended APDU and all examples use short APDU. I never tried with extended.

[dengert]

Looking closer at https://github.com/makinako/OpenFIPS201

It has 2 branches that says it supports PIV SM:
https://github.com/makinako/OpenFIPS201/tree/release/v2-0-0-fips
https://github.com/makinako/OpenFIPS201/tree/release/v2-0-1-jc304

@frankmorgner @Jakuje @makinako
anyway to use one of these in: https://github.com/OpenSC/OpenSC/blob/master/.github/test-piv.sh

[makinako]

Hi yes OpenFIPS201 supports PIV-SM.
V2.0.0-fips is the branch to use
I'm happy to provide support getting a test sample up and running.

[dengert]

Have a look at https://github.com/OpenSC/OpenSC/blob/master/.github/test-piv.sh
What would need to be changed.
Does the Yubico-piv-tool work with OpenFIPS201?

[Jakuje]

This would be clearly interesting to test. Though I did never dive deep enough to the Secure messaging, but If we will figure out the enrollment of the SM-PIV, this can be valuable testing resource.

[CardContact]

The SmartCard-HSM supports secure messaging based on BSI TR-03110. TR-03110 is actually a profile of the early eSign-K specification (CEN CWA 14890), which itself is based on ISO 7816-4. This secure messaging variant is widely used in passports and eID cards.

There are a lot of other implementations of secure messaging, that do not follow ISO 7816-4 for whatever political reasons, Prominent examples are the various Secure Channel Protocols (SCP) used in Global Platform. Vendors rarely seek compatibility, if they have the chance to influence a standard (like PIV or GP).

@frankmorgner added SM support for the SmartCard-HSM as part of the GoID project. But it is an option and disabled by default.

@dengert your SmartCard-HSMs should work with OpenSC, if you enable SM.