User Profile

Our smartcard extension has been working well on the current macOS 10.15. However, when testing on macOS 10.15 beta (19A512f), it crash with the following report, as given below.Someone experianced this before? It crashes on SecKeyRunAlgorithmAndCopyResultProcess: ctkahp [1381]Path: /System/Library/Frameworks/CryptoTokenKit.framework/ctkahp.bundle/Contents/MacOS/ctkahpIdentifier: ctkahpVersion: 1.0 (1)Build Info: CryptoTokenKit-406000000000000~71Code Type: X86-64 (Native)Parent Process: ??? [1]Responsible: ctkahp [1381]User ID: 501Date/Time: 2019-07-22 09:54:29.257 +0200OS Version: Mac OS X 10.15 (19A512f)Report Version: 12Anonymous UUID: C8914F0B-FF6F-FF9D-EAF6-ECEF627B6A44Time Awake Since Boot: 9600 secondsSystem Integrity Protection: enabledCrashed Thread: 1 Dispatch queue: com.apple.root.default-qos.overcommitException Type: EXC_BAD_ACCESS (SIGSEGV)Exception Codes:KERN_INVALID_ADDRESS at 0x0000000000000010Exception Note: EXC_CORPSE_NOTIFYTermination Signal:Segmentation fault: 11Termination Reason:Namespace SIGNAL, Code 0xbTerminating Process: exc handler [1381]VM Regions Near 0x10:-->__TEXT 000000010a662000-000000010a67f000 [ 116K] r-x/r-x SM=COW /System/Library/Frameworks/CryptoTokenKit.framework/ctkahp.bundle/Contents/MacOS/ctkahpApplication Specific Information:dyld3 modeThread 0:: Dispatch queue: com.apple.main-thread0 libsystem_kernel.dylib0x00007fff6a1ca396 mach_msg_trap + 101 libsystem_kernel.dylib0x00007fff6a1ca8fc mach_msg + 602 com.apple.CoreFoundation0x00007fff32ba4d49 __CFRunLoopServiceMachPort + 3223 com.apple.CoreFoundation0x00007fff32ba42e5 __CFRunLoopRun + 16954 com.apple.CoreFoundation0x00007fff32ba39c1 CFRunLoopRunSpecific + 4995 com.apple.Foundation 0x00007fff3528d0ad -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 2126 com.apple.Foundation 0x00007fff3528cfc6 -[NSRunLoop(NSRunLoop) run] + 767 com.apple.ctkahp 0x000000010a6643d4 0x10a662000 + 91728 libdyld.dylib 0x00007fff6a081c35 start + 1Thread 1 Crashed:: Dispatch queue: com.apple.root.default-qos.overcommit0 com.apple.security 0x00007fff3f5ba0d9 SecKeyRunAlgorithmAndCopyResult + 1661 com.apple.security 0x00007fff3f5bbce8 SecKeyIsAlgorithmSupported + 1002 com.apple.ctkahp 0x000000010a66da1c 0x10a662000 + 476443 com.apple.ctkahp 0x000000010a66caa8 0x10a662000 + 436884 com.apple.ctkahp 0x000000010a66d5e7 0x10a662000 + 465675 com.apple.ctkahp 0x000000010a66c47b 0x10a662000 + 421076 com.apple.ctkahp 0x000000010a669b82 0x10a662000 + 316187 com.apple.ctkahp 0x000000010a6692e6 0x10a662000 + 294148 com.apple.ctkahp 0x000000010a66fdfb 0x10a662000 + 568279 com.apple.ctkahp 0x000000010a668238 0x10a662000 + 2514410 libxpc.dylib 0x00007fff6a2cc228 _xpc_connection_call_event_handler + 5611 libxpc.dylib 0x00007fff6a2ca41c _xpc_connection_mach_event + 92712 libdispatch.dylib 0x00007fff6a03167e _dispatch_client_callout4 + 913 libdispatch.dylib 0x00007fff6a046b4b _dispatch_mach_msg_invoke + 43514 libdispatch.dylib 0x00007fff6a036a50 _dispatch_lane_serial_drain + 26315 libdispatch.dylib 0x00007fff6a04769e _dispatch_mach_invoke + 48116 libdispatch.dylib 0x00007fff6a040b91 _dispatch_workloop_worker_thread + 58217 libsystem_pthread.dylib0x00007fff6a2906d3 _pthread_wqthread.cold.1 + 12518 libsystem_pthread.dylib0x00007fff6a28a856 _pthread_wqthread + 20319 libsystem_pthread.dylib0x00007fff6a28a717 start_wqthread + 15

I wonder whether CryptoTokenKit supports 1024 keylength. I have tested it with smartcard extension with 1024 key length but it does not work.Does somebody else have the same issue?

Looking at the CryptoTokenKit function definitions e.g. TKSmartCardTokenSession or TKSmartCard for macOS, given below/!@abstract TKSmartCardTokenSession represents token session based on SmartCard token.@discussion When implementing SmartCard token extension, subclass TKSmartCardTokenSession and implement TKTokenSessionDelegate on it. Use #token property to get access and send APDUs to the underlying SmartCard.*/__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(11.0) __WATCHOS_AVAILABLE(4.0)@interface TKSmartCardTokenSession : TKTokenSessionwe are seeing that CryptoTokenKit in some way is supported on iOS, hence the "__IOS_AVAILABLE(10.0)". These interfaces are part of the CryptoTokenKit.framework for macOS where the developer can build an app for interacting with the JavaCard applets. Unfortunately, this framework is not present on iOS for public use. This has been the case from iOS9 to iOS 10, as Eskimo pointed out in his repy on this thread, https://forums.developer.apple.com/thread/48005We also see that the new smartcard extension is supported on iOS10 by looking at the sample function defininiton above and the way the secure enclave token is implemented for iOS. The setoken.appex for iOS10 implements the smartcard extension interfaces such asTKTokenTKTokenDriverTKTokenSessionThe question we have now are:Is it still the case that iOS 11 still does not have public API for interacting with JavaCard applets on a SIM card?Can iOS 10 or 11 recognize the sim slot as a smartcard reader? Suppose we insert a sim card with JavaCard applet on it, could we send apdu commands to it or is it possible to use Keychain API to read the credentials stored there, using the smartard extension technology?Is the underlaying implementation of CryptoTokenKit on iOS limited only to handling secure enclave co-processor cryptographic functionalities? And that there would be no functionalities to interact with JavaCard based applets on a sim card inserted into the sim slot?

We have created a smartcard extension based on CryptoTokenKit on macOS 10.13.The smartcard logon does not always work well on macOS 10.13 GM Seed and macosx 10.12.6. I already filed a bugreport on this (https://bugreport.apple.com/web/?problemID=34276518)On macos 10.13 beta 9, it works.After successfully pairing and the screen saver is active, we can use the pin to login. But once the user has logged out and try to logon again using the smartcard, the system can not find the token driver. The log is given below;2017-09-19 14:33:18.772185+0200 0x54ac Activity 0x7563 907 0 ctkd: (CoreFoundation) Loading Preferences From User CFPrefsD2017-09-19 14:33:18.772746+0200 0x54ac Activity 0x7564 907 0 ctkd: (CoreFoundation) Sending Updated Preferences to User CFPrefsD2017-09-19 14:33:18.779729+0200 0x54ab Activity 0x7565 907 0 ctkd: (PlugInKit) discovery2017-09-19 14:33:18.799848+0200 0x54ac Activity 0x7566 907 0 ctkd: (Foundation) begin using plugin2017-09-19 14:33:41.678279+0200 0x56fe Activity 0x7567 907 0 ctkd: (Security) SecItemDelete_ios2017-09-19 14:33:41.696567+0200 0x56fe Activity 0x7568 907 0 ctkd: (CoreFoundation) Sending Updated Preferences to User CFPrefsD2017-09-19 14:33:41.698188+0200 0x5790 Activity 0x7569 907 0 ctkd: (CoreFoundation) Loading Preferences From System CFPrefsD For Search List2017-09-19 14:33:41.698263+0200 0x5790 Activity 0x756a 907 0 ctkd: (CoreFoundation) Loading Preferences From User CFPrefsD For Search List2017-09-19 14:33:42.137638+0200 0x5790 Activity 0x756b 907 0 ctkd: token inserted2017-09-19 14:33:42.138165+0200 0x5790 Activity 0x756c 907 0 ctkd: (PlugInKit) discovery2017-09-19 14:33:42.229946+0200 0x5791 Activity 0x756d 907 0 ctkd: (Foundation) begin using plugin2017-09-19 14:33:42.241138+0200 0x5790 Default 0x756d 907 0 ctkd: [com.apple.CryptoTokenKit.token] com.somecompany.bfesce cannot handle token in slot SCM Microsystems Inc. SCR 3311, error:(null)2017-09-19 14:33:42.241962+0200 0x5790 Error 0x756c 907 14 ctkd: [com.apple.CryptoTokenKit.token] No token driver found for card <TKSmartCardATR: 0x7fec7ec11420 3b 1800ff T=1:--- T=1:fe45-;43...> ATR bytes: <3b...Could it be that it has something to do with the way the smartcard extension has been registered?We put the smartcard extension under the folder PlugIns/ inside our main app which serves as a host.Thanks,Michael

When inserting a smartcard into a reader, all registered smartcard extensions will be started (simultaneously) in search for the right extension with the given AID.When the smartcard extension with the right AID has been found, other extensions will be killed.Unfortunately this affect the card status of the extension with the right AID and lots of communications with the card failed.Question:Is it not sensible to run the smartcard extensions one after another to prevent card status modification during the selection of smartcard extension with the righ AID?Is there another solution for this? We don't want to disable other smartcard extensions, e.g. pivtoken.This issue happens on macosx 10.12.0 onwards."ps aux| grep token" gives:... 16100 ?? Ss 8:49AM 0:01.63 /Applications/token.app/Contents/PlugIns/bfesce.appex/Contents/MacOS/bfesce... 9904 ?? Ss 10:26AM 0:00.03 /System/Library/Frameworks/CryptoTokenKit.framework/PlugIns/pivtoken.appex/Contents/MacOS/pivtoken