Bug#1034258: marked as done (opensc: with the new opensc version in Debian testing/sid I am unable to use the new Italian CNS)

Debian Bug Tracking System Wed, 30 Aug 2023 09:09:17 -0700

Your message dated Wed, 30 Aug 2023 18:05:51 +0200
with message-id <[email protected]>
and subject line Re: [pkg-opensc-maint] Bug#1034258: opensc: with the new 
opensc version in Debian testing/sid I am unable to use the new Italian CNS
has caused the Debian Bug report #1034258,
regarding opensc: with the new opensc version in Debian testing/sid I am unable 
to use the new Italian CNS
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1034258: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034258
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: opensc
Version: 0.23.0-0.2
Severity: normal
X-Debbugs-Cc: [email protected]

Dear Maintainer,

with the new opensc version found in Debian testing/sid I was unable to use the 
new Italian CNS.
I think that the wrong type card is selected (it is selected the CNS Generic 
one with type:23002), but I'm unable to force the use of the correct one.

First I list all the differences I have found.
Then I will show what I have done to let the new Italian CNS work correctly in 
a .deb I have created months ago.

I show rows starting with OK for the working opensc and with KO for the not 
working opensc

KO Manufacturer ID: IC: Infineon; mask: Oberthur Card Systems
OK Manufacturer ID: IC: Infineon; mask: IDEMIA (Oberthur)

KO Key length: 1024
OK Key length: 2048

KO  token flags        : token initialized
OK  token flags        : login required, token initialized, PIN initialized, 
user PIN locked

KO  firmware version   : 0.0
OK  firmware version   : 32.0

KO  pin min/max        : 4/8
OK  pin min/max        : 5/8

KO [pkcs15-tool] card.c:sc_connect_card: card info name:'CNS card', type:23002, 
flags:0x0, max_send/recv_size:255/256
OK [pkcs15-tool] card.c:sc_connect_card: card info name:'CNS card', type:23003, 
flags:0x0, max_send/recv_size:65535/65536

I think that the problem is the type, the 23003 work and the 23002 do not work.

I have try to foce the use of type:23003 in /etc/opensc/opensc.conf but I was 
unable to have it.
I have made some configuration, but no one work to force the type, I can
only force the card name to not check all possible cards.

I show here the log in witch the type is selected

KO) in this one it select the wrong type
[pkcs15-tool] apdu.c:sc_single_transmit: returning with: 0 (Success)
[pkcs15-tool] apdu.c:sc_transmit: returning with: 0 (Success)
[pkcs15-tool] card.c:sc_unlock: called
[pkcs15-tool] reader-pcsc.c:pcsc_unlock: called
[pkcs15-tool] iso7816.c:iso7816_check_sw: File or application not found
[pkcs15-tool] card-cac.c:cac_select_file_by_type: returning with: -1201 (File 
not found)
[pkcs15-tool] card.c:sc_connect_card: trying driver 'itacns'
[pkcs15-tool] card.c:match_atr_table: ATR     : 
3b:ff:18:00:00:81:31:fe:45:00:6b:05:05:20:00:01:21:01:43:4e:53:10:31:80:79
[pkcs15-tool] card.c:match_atr_table: ATR try : 
3b:f4:18:00:ff:81:31:80:55:00:31:80:00:c7
[pkcs15-tool] card.c:match_atr_table: ignored - wrong length
[pkcs15-tool] card-itacns.c:itacns_match_card: Matching 3b against atr[0] == 3b
[pkcs15-tool] card-itacns.c:itacns_match_card: Matching 31 against atr[6] == 31
[pkcs15-tool] card-itacns.c:itacns_match_card: Matching 0 against atr[9] == 0
[pkcs15-tool] card-itacns.c:itacns_match_card: Matching 6b against atr[10] == 6b
[pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 1 against atr[15] 
== 1
[pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 43 against atr[18] 
== 43
[pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 4e against atr[19] 
== 4e
[pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 53 against atr[20] 
== 53
[pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 31 against atr[22] 
== 31
[pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 80 against atr[23] 
== 80
[pkcs15-tool] card.c:sc_connect_card: matched: Italian CNS
[pkcs15-tool] card-itacns.c:itacns_init: called
[pkcs15-tool] card.c:match_atr_table: ATR     : 
3b:ff:18:00:00:81:31:fe:45:00:6b:05:05:20:00:01:21:01:43:4e:53:10:31:80:79
[pkcs15-tool] card.c:match_atr_table: ATR try : 
3b:f4:18:00:ff:81:31:80:55:00:31:80:00:c7
[pkcs15-tool] card.c:match_atr_table: ignored - wrong length
[pkcs15-tool] card-itacns.c:itacns_match_card: Matching 3b against atr[0] == 3b
[pkcs15-tool] card-itacns.c:itacns_match_card: Matching 31 against atr[6] == 31
[pkcs15-tool] card-itacns.c:itacns_match_card: Matching 0 against atr[9] == 0
[pkcs15-tool] card-itacns.c:itacns_match_card: Matching 6b against atr[10] == 6b
[pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 1 against atr[15] 
== 1
[pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 43 against atr[18] 
== 43
[pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 4e against atr[19] 
== 4e
[pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 53 against atr[20] 
== 53
[pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 31 against atr[22] 
== 31
[pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 80 against atr[23] 
== 80
[pkcs15-tool] card.c:sc_connect_card: card info name:'CNS card', type:23002, 
flags:0x0, max_send/recv_size:255/256

OK) in this one it select the working type
[pkcs15-tool] apdu.c:sc_single_transmit: returning with: 0 (Success)
[pkcs15-tool] apdu.c:sc_transmit: returning with: 0 (Success)
[pkcs15-tool] card.c:sc_unlock: called
[pkcs15-tool] reader-pcsc.c:pcsc_unlock: called
[pkcs15-tool] iso7816.c:iso7816_check_sw: File or application not found
[pkcs15-tool] card-cac.c:cac_select_file_by_type: returning with: -1201 (File 
not found)
[pkcs15-tool] card.c:sc_connect_card: trying driver 'itacns'
[pkcs15-tool] card.c:match_atr_table: ATR     : 
3b:ff:18:00:00:81:31:fe:45:00:6b:05:05:20:00:01:21:01:43:4e:53:10:31:80:79
[pkcs15-tool] card.c:match_atr_table: ATR try : 
3b:f4:18:00:ff:81:31:80:55:00:31:80:00:c7
[pkcs15-tool] card.c:match_atr_table: ignored - wrong length
[pkcs15-tool] card.c:match_atr_table: ATR try : 
3b:8b:80:01:00:31:c1:64:00:00:00:00:00:00:00:00
[pkcs15-tool] card.c:match_atr_table: ignored - wrong length
[pkcs15-tool] card.c:sc_connect_card: matched: Italian CNS
[pkcs15-tool] card-itacns.c:itacns_init: called
[pkcs15-tool] card.c:sc_connect_card: card info name:'CNS card', type:23003, 
flags:0x0, max_send/recv_size:65535/65536


Now I describe what I have done to use correctly the new Italian CNS.
I have done that probably the 21 March 2022 in what was the Debian testing at 
that date.
to have the opensc_0.22.0-2_amd64 working with new Italian CNS

# apt build-dep opensc
$ mkdir ~/src
$ cd /src
$ apt source opensc
$ git clone https://github.com/3v1n0/OpenSC.git
$ cd OpenSC
$ cp -R ../opensc-0.22.0/debian .
$ fakeroot debian/rules binary

If I do the same actually I obtain a .deb file don't working with new Italian 
CNS.
So I think that you need to build the .deb package using all package that was 
available at 21 March 2022 to obtain the working packages.

I noted also that in the working deb I will get, wrongly, that the PIN try left 
is zero, but this is not a problem because all work correctly.

If someone need the .deb I have compiled at 21 March 2022 I can send to him 
(write directly to me).

I have also try on more PC and have all the same results. I have
noted that with some PC (I think newer one) old card lectors don't work,
I need to use a new one more recent.

I also have try to do some debug with gdb, but the debug symbol of
the compiled driver do not work...

Let me know if you need more info.

Ciao
Davide

-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing-debug'), (500, 
'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-7-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages opensc depends on:
ii  libc6          2.36-8
ii  libreadline8   8.2-1.3
ii  libssl3        3.0.8-1
ii  opensc-pkcs11  0.23.0-0.2
ii  zlib1g         1:1.2.13.dfsg-1

Versions of packages opensc recommends:
ii  pcscd  1.9.9-1

opensc suggests no packages.

-- Configuration Files:
/etc/opensc/opensc.conf changed:
app default {
        # debug = 3;
        # debug_file = opensc-debug.txt;
card_atr 3b:8b:80:01:00:31:c1:64:00:00:00:00:00:00:00:00 {
                driver = itacns;
                type = 23003;
                
                }
        framework pkcs15 {
                # use_file_caching = public;
        }
}


-- no debconf information

--- End Message ---

--- Begin Message ---
Am 30.08.23 um 17:12 schrieb Davide Prina:
In short: the bug I have make is incorrect because the driver for my CNS has been inserted in OpenSCafter the stable release and so is not in the actual OpenSC Debian package.
Okay. I am closing this then. When 0.24.0 is in Debian please check if it works for you, else open anew bug.
--- End Message ---

Bug#1034258: marked as done (opensc: with the new opensc version in Debian testing/sid I am unable to use the new Italian CNS)

Reply via email to