[Pcsclite-muscle] Possible regression with Schlumberger egate token

Tomaž Šolc tomaz.solc at tablix.org
Wed Feb 21 12:58:00 PST 2018


Dear pcsc-lite developers,

I'm using old Schlumberger egate USB tokens. I use them through the (now
obsolete) openct [1]. Recently I noticed that after upgrade from Debian
Jessie to Stretch the tokens stop working. I traced the problem to
pcsc-lite commit 8eb9ea1 (SCardControl() may return
SCARD_E_INSUFFICIENT_BUFFER). Since there is no mention that this should
remove any support for obsolete hardware, I suspect the problem I'm
seeing is a bug introduced by this commit.

I'm aware that I'm using pcsc-lite with obsolete hardware and software.
But my setup still serves its purpose and upgrading the hardware is
always painful. I'm sending this report in case it is helpful for
someone else and in case you would still consider fixing this issue
upstream.

Details are below.

Thanks
Tomaž Šolc


Using a pcsc-lite versions 1.8.14, 1.8.15, 1.8.17, 1.8.20 and 1.8.23, I
get the following when the token is inserted:

$ pkcs15-tool -D
Using reader with a card: Axalto/Schlumberger/Gemalo egate token 00 00
PKCS#15 binding failed: Unsupported card

From pscsd log:

00000009 winscard.c:1595:SCardTransmit() Send Protocol: T=0
00000007 APDU: C0 C0 00 00 0F
00003168 SW: 00 00 00 80 2F 00 01 FC 00 00 00 01
00000014 winscard.c:1640:SCardTransmit() UnrefReader() count was: 2

However with 1.8.13, I get this (with this version, Firefox also
correctly recognizes the SSL keys from the token):

$ pkcs15-tool -D
Using reader with a card: Axalto/Schlumberger/Gemalo egate token 00 00
PKCS#15 Card [OpenSC Card]:
	Version        : 0
[...output omitted...]

From pcscd log (this is the first call of SCardTransmit() that differs):

00000007 winscard.c:1595:SCardTransmit() Send Protocol: T=0
00000007 APDU: C0 C0 00 00 0F
00003635 SW: 00 00 00 80 2F 00 01 FC 00 00 00 01 01 00 00 90 00
00000013 winscard.c:1640:SCardTransmit() UnrefReader() count was: 2

Using git bisect I found that pcsc-lite versions before commit 8eb9ea1
work, while with versions after that "pkcs15-tool" reports an
unsupported card.

If I revert the change introduced in this commit in 1.8.23 (patch
attached), it works as well, which seems to confirm that this change
introduced this issue.

Unfortunately I'm not familiar enough with the pcsc-lite code (and the
smart cards in general) to understand why this change has such an effect.

Possibly relevant versions of other software I used:

opensc 0.16.0
openct 0.6.20
other software as shipped with Debian Stretch

I would be happy to supply any additional information.


[1]
https://www.tablix.org/~avian/blog/archives/2015/06/openct_on_debian_jessie/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Revert-SCardTransmit-may-return-SCARD_E_INSUFFICIENT.patch
Type: text/x-patch
Size: 2319 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/pcsclite-muscle/attachments/20180221/24934aa3/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.infradead.org/pipermail/pcsclite-muscle/attachments/20180221/24934aa3/attachment.sig>


More information about the pcsclite-muscle mailing list