[Pcsclite-muscle] issues with OmniKey 3121 and InCard cards
Umberto Rustichelli
umberto.rustichelli at gt50.org
Thu May 10 23:42:33 PDT 2018
On 05/10/2018 04:49 PM, Ludovic Rousseau wrote:
> 2018-05-09 9:59 GMT+02:00 Ludovic Rousseau <ludovic.rousseau at gmail.com>:
>> 2018-05-09 9:12 GMT+02:00 Umberto Rustichelli <umberto.rustichelli at gt50.org>:
>>> On 05/08/2018 04:50 PM, Ludovic Rousseau wrote:
>>>> My best guess is that for 2048-bits keys (256 bytes) the PKCS#11
>>>> library uses extended APDU commands.
>>>> Some readers (~35%) do not support extended APDU.
>>>>
>>>> Seehttps://ludovicrousseau.blogspot.fr/2011/05/extended-apdu-status-per-reader.html
>>>> for more details.
>>>>
>>>> The solution is to use only readers that support extended APDU.
>>>> You can get a list athttps://ccid.apdu.fr/ccid_extended_apdu.html
>>>
>>> Thanks a lot, Ludovic.
>>>
>>> I'm sorry but likely I misunderstood commit
>>> 3b29cc5afbbe27bb5421d334623bbd07c574bbf8 (see later), I thought it meant
>>> that a fix was applied because the reader supports Extended APDU it in spite
>>> of not declaring it. But the phrase may also point to what preceded, not
>>> followed, the "also support Extended APDU".
>>>
>>> Umberto Rustichelli
>>>
>>> THE OLD COMMIT EXCERPT:
>>>
>>> commit 3b29cc5afbbe27bb5421d334623bbd07c574bbf8
>>> Author: Ludovic Rousseau <ludovic.rousseau at free.fr>
>>> Date: Sat Aug 19 23:20:09 2017 +0200
>>>
>>> Fix non-pinpad HID global devices
>>> [...]
>>> The USB descriptor is bogus.
>>> The readers also support Extended APDU even if they declare Short APDU.
>>> Bogus readers are:
>>> - OMNIKEY Generic
>>> - OMNIKEY 3121 or 3021 or 1021
>>> - [...]
>> You are right.
>>
>> Please generate a log as described in https://ccid.apdu.fr/#support
> >From your logs your reader is a 076b/3021
> It is this one https://ccid.apdu.fr/ccid/shouldwork.html#0x076B0x3021
>
> This reader, with a product ID of 0x3021, is NOT concerned by the
> patch https://salsa.debian.org/rousseau/CCID/commit/3b29cc5afbbe27bb5421d334623bbd07c574bbf8
> you reference.
>
> The patch is for product ID 0x3031 not 0x3021.
>
> So my first answer is correct: your reader does not support extended APDU.
>
> You can try to patch the CCID driver to add a:
> case 0x076b3021:
> at line 492 of ccid/ccid.c so your reader is considered as supporting
> extended APDU.
You're super fast, thanks for the support.
It actually now fails with "commands.c:1523:CCID_Receive Protocol not
supported", so I can confirm (I know you don't need it) that the reader
is NOT capable of extended APDU, as advertised.
I find the source code a bit misleading, though, or I'm missing
something, because I read, in ccid.c and ccid.h, respectively:
case HID_OMNIKEY_3X21: /* OMNIKEY 3121 or 3021 or 1021 */
#define HID_OMNIKEY_3X21 0x076B3031 /* OMNIKEY 3121 or 3021 or 1021 */
where actually I think the Omnikey "3021" is not in the bunch and should
not be listed in the comments (my item has PCI ID 076b3021, as you
pointed out).
Case closed, thanks again.
Umberto Rustichelli
More information about the pcsclite-muscle
mailing list