[Pcsclite-muscle] Fujitsu D323 reader not working

Ludovic Rousseau ludovic.rousseau at free.fr
Thu Nov 23 06:21:33 PST 2017 


----- Mail original -----
> De: "Martin Vogt" <mvogt1 at gmail.com>
> À: pcsclite-muscle at lists.infradead.org
> Envoyé: Jeudi 23 Novembre 2017 14:55:35
> Objet: [Pcsclite-muscle] Fujitsu D323 reader not working
> 
> Hello,

Hello,

> I have a new Reader "D323", which is mentioned on:
> 
> [1] https://pcsclite.alioth.debian.org/ccid/
> 
> as "shouldwork", but this is only partially true.

The reader is http://pcsclite.alioth.debian.org/ccid/shouldwork.html#0x0BF80x1024

> My reader reports in dwFeatures:
> 
> dwFeatures       000407B8
>           Auto voltage selection
>           Auto clock change
>           Auto baud rate change
>           Auto PPS made by CCID
>           CCID can set ICC in clock stop mode
>           NAD value other than 0x00 accepted
>           Auto IFSD exchange
>           Short and extended APDU level exchange   <---- da !
> dwMaxCCIDMsgLen       271
> 
> Which is different from [1].

Please use http://pcsclite.alioth.debian.org/ccid.html#CCID_compliant instead of lsusb to send a correct reader descriptor in the expected format.

It would then be much easier for me to compare the 2 readers configuration.

> What does work with the reader:
> 
> - I can read the complete card, cerificates etc..
> 
> What does not work:
> 
> As soon as I try to login, I get an "unknown error" from the token
> management tool.
> The debug log reports at this point:
> 
> 
> >00000023 commands.c:1520:CCID_Receive Command not supported or not
> >allowed
> 
> 
> The debug log, for this moment is attached.
> 
> When the behaviour occurs,I haven't entered the PIN yet.
> It looks like some preparation command, which doesn't work.
> 
> If everything would work (another reader) the next step would be,
> that the "enter PIN" dialog opens.
> 
> The log is captured with ccid version 1.4.26 and pcsc_lite version
> 1.8.20

The reader complains at the PC_to_RDR_Secure command. This command is used to ask the PIN on the keyboard.

I don't know if one parameter is rejected by the reader or if the complete Secure Pin Entry command is not supported.
You will need the help of the cryptographic (PKCS#11?) middleware author/vendor to analyse and solve this problem.

You can try to play with the sample code CCID/examples/scardcontrol.c provided with the CCID driver source code.
Change some parameters of the verify PIN structure to find a working configuration for your device.
https://github.com/LudovicRousseau/CCID/blob/master/examples/scardcontrol.c#L600

Bye

-- 
 Dr Ludovic ROUSSEAU

More information about the pcsclite-muscle mailing list