Package: opensc Version: 0.23.0-0.2 Severity: normal X-Debbugs-Cc: davide.pr...@null.net
Dear Maintainer, with the new opensc version found in Debian testing/sid I was unable to use the new Italian CNS. I think that the wrong type card is selected (it is selected the CNS Generic one with type:23002), but I'm unable to force the use of the correct one. First I list all the differences I have found. Then I will show what I have done to let the new Italian CNS work correctly in a .deb I have created months ago. I show rows starting with OK for the working opensc and with KO for the not working opensc KO Manufacturer ID: IC: Infineon; mask: Oberthur Card Systems OK Manufacturer ID: IC: Infineon; mask: IDEMIA (Oberthur) KO Key length: 1024 OK Key length: 2048 KO token flags : token initialized OK token flags : login required, token initialized, PIN initialized, user PIN locked KO firmware version : 0.0 OK firmware version : 32.0 KO pin min/max : 4/8 OK pin min/max : 5/8 KO [pkcs15-tool] card.c:sc_connect_card: card info name:'CNS card', type:23002, flags:0x0, max_send/recv_size:255/256 OK [pkcs15-tool] card.c:sc_connect_card: card info name:'CNS card', type:23003, flags:0x0, max_send/recv_size:65535/65536 I think that the problem is the type, the 23003 work and the 23002 do not work. I have try to foce the use of type:23003 in /etc/opensc/opensc.conf but I was unable to have it. I have made some configuration, but no one work to force the type, I can only force the card name to not check all possible cards. I show here the log in witch the type is selected KO) in this one it select the wrong type [pkcs15-tool] apdu.c:sc_single_transmit: returning with: 0 (Success) [pkcs15-tool] apdu.c:sc_transmit: returning with: 0 (Success) [pkcs15-tool] card.c:sc_unlock: called [pkcs15-tool] reader-pcsc.c:pcsc_unlock: called [pkcs15-tool] iso7816.c:iso7816_check_sw: File or application not found [pkcs15-tool] card-cac.c:cac_select_file_by_type: returning with: -1201 (File not found) [pkcs15-tool] card.c:sc_connect_card: trying driver 'itacns' [pkcs15-tool] card.c:match_atr_table: ATR : 3b:ff:18:00:00:81:31:fe:45:00:6b:05:05:20:00:01:21:01:43:4e:53:10:31:80:79 [pkcs15-tool] card.c:match_atr_table: ATR try : 3b:f4:18:00:ff:81:31:80:55:00:31:80:00:c7 [pkcs15-tool] card.c:match_atr_table: ignored - wrong length [pkcs15-tool] card-itacns.c:itacns_match_card: Matching 3b against atr[0] == 3b [pkcs15-tool] card-itacns.c:itacns_match_card: Matching 31 against atr[6] == 31 [pkcs15-tool] card-itacns.c:itacns_match_card: Matching 0 against atr[9] == 0 [pkcs15-tool] card-itacns.c:itacns_match_card: Matching 6b against atr[10] == 6b [pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 1 against atr[15] == 1 [pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 43 against atr[18] == 43 [pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 4e against atr[19] == 4e [pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 53 against atr[20] == 53 [pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 31 against atr[22] == 31 [pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 80 against atr[23] == 80 [pkcs15-tool] card.c:sc_connect_card: matched: Italian CNS [pkcs15-tool] card-itacns.c:itacns_init: called [pkcs15-tool] card.c:match_atr_table: ATR : 3b:ff:18:00:00:81:31:fe:45:00:6b:05:05:20:00:01:21:01:43:4e:53:10:31:80:79 [pkcs15-tool] card.c:match_atr_table: ATR try : 3b:f4:18:00:ff:81:31:80:55:00:31:80:00:c7 [pkcs15-tool] card.c:match_atr_table: ignored - wrong length [pkcs15-tool] card-itacns.c:itacns_match_card: Matching 3b against atr[0] == 3b [pkcs15-tool] card-itacns.c:itacns_match_card: Matching 31 against atr[6] == 31 [pkcs15-tool] card-itacns.c:itacns_match_card: Matching 0 against atr[9] == 0 [pkcs15-tool] card-itacns.c:itacns_match_card: Matching 6b against atr[10] == 6b [pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 1 against atr[15] == 1 [pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 43 against atr[18] == 43 [pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 4e against atr[19] == 4e [pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 53 against atr[20] == 53 [pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 31 against atr[22] == 31 [pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 80 against atr[23] == 80 [pkcs15-tool] card.c:sc_connect_card: card info name:'CNS card', type:23002, flags:0x0, max_send/recv_size:255/256 OK) in this one it select the working type [pkcs15-tool] apdu.c:sc_single_transmit: returning with: 0 (Success) [pkcs15-tool] apdu.c:sc_transmit: returning with: 0 (Success) [pkcs15-tool] card.c:sc_unlock: called [pkcs15-tool] reader-pcsc.c:pcsc_unlock: called [pkcs15-tool] iso7816.c:iso7816_check_sw: File or application not found [pkcs15-tool] card-cac.c:cac_select_file_by_type: returning with: -1201 (File not found) [pkcs15-tool] card.c:sc_connect_card: trying driver 'itacns' [pkcs15-tool] card.c:match_atr_table: ATR : 3b:ff:18:00:00:81:31:fe:45:00:6b:05:05:20:00:01:21:01:43:4e:53:10:31:80:79 [pkcs15-tool] card.c:match_atr_table: ATR try : 3b:f4:18:00:ff:81:31:80:55:00:31:80:00:c7 [pkcs15-tool] card.c:match_atr_table: ignored - wrong length [pkcs15-tool] card.c:match_atr_table: ATR try : 3b:8b:80:01:00:31:c1:64:00:00:00:00:00:00:00:00 [pkcs15-tool] card.c:match_atr_table: ignored - wrong length [pkcs15-tool] card.c:sc_connect_card: matched: Italian CNS [pkcs15-tool] card-itacns.c:itacns_init: called [pkcs15-tool] card.c:sc_connect_card: card info name:'CNS card', type:23003, flags:0x0, max_send/recv_size:65535/65536 Now I describe what I have done to use correctly the new Italian CNS. I have done that probably the 21 March 2022 in what was the Debian testing at that date. to have the opensc_0.22.0-2_amd64 working with new Italian CNS # apt build-dep opensc $ mkdir ~/src $ cd /src $ apt source opensc $ git clone https://github.com/3v1n0/OpenSC.git $ cd OpenSC $ cp -R ../opensc-0.22.0/debian . $ fakeroot debian/rules binary If I do the same actually I obtain a .deb file don't working with new Italian CNS. So I think that you need to build the .deb package using all package that was available at 21 March 2022 to obtain the working packages. I noted also that in the working deb I will get, wrongly, that the PIN try left is zero, but this is not a problem because all work correctly. If someone need the .deb I have compiled at 21 March 2022 I can send to him (write directly to me). I have also try on more PC and have all the same results. I have noted that with some PC (I think newer one) old card lectors don't work, I need to use a new one more recent. I also have try to do some debug with gdb, but the debug symbol of the compiled driver do not work... Let me know if you need more info. Ciao Davide -- System Information: Debian Release: 12.0 APT prefers testing-security APT policy: (500, 'testing-security'), (500, 'testing-debug'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-7-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages opensc depends on: ii libc6 2.36-8 ii libreadline8 8.2-1.3 ii libssl3 3.0.8-1 ii opensc-pkcs11 0.23.0-0.2 ii zlib1g 1:1.2.13.dfsg-1 Versions of packages opensc recommends: ii pcscd 1.9.9-1 opensc suggests no packages. -- Configuration Files: /etc/opensc/opensc.conf changed: app default { # debug = 3; # debug_file = opensc-debug.txt; card_atr 3b:8b:80:01:00:31:c1:64:00:00:00:00:00:00:00:00 { driver = itacns; type = 23003; } framework pkcs15 { # use_file_caching = public; } } -- no debconf information
