On 21.01.2018 00:16, Maciej S. Szmigiero wrote: > On 14.01.2018 01:01, Maciej S. Szmigiero wrote: >> Hi all, >> >> I've just received a SCM SPR332 from FLOSS-Shop (marked as "SPR332 V2" >> on its bottom side) and while its basic reader functionality seems to work >> just fine I can't get the secure PIN entry mode to work at all. >> >> I've tried two different OpenPGP cards, tried both GnuPG built-in CCID >> driver and the pcsc-lite one to no avail. >> >> I've even tried the latest vendor Windows driver (with OpenSC and a constant >> length PIN verify operation), but the behavior in each of these setups was >> always the same: >> Upon typing and accepting a PIN the "key" LED on the reader continues to >> blink for a few seconds, then the reader responds with "64 00" result at >> the USB interface level (which is probably the code for >> "SPE [Secure PIN Entry] operation timed out" error) and then it doesn't >> want to communicate with the card anymore. >> >> A relevant log snippet from GnuPG built-in CCID driver: >> DBG: prompting for pinpad entry '||Please unlock the card%0A%0A Number : >> 0005 00005B0E%0AHolder : ' >> DBG: ccid-driver: sending escape sequence to switch to a case 1 APDU >> DBG: ccid-driver: PC_to_RDR_Escape: >> DBG: ccid-driver: dwLength ..........: 3 >> DBG: ccid-driver: bSlot .............: 0 >> DBG: ccid-driver: bSeq ..............: 56 >> DBG: ccid-driver: [0007] 00 00 00 80 02 00 >> DBG: ccid-driver: RDR_to_PC_Escape: >> DBG: ccid-driver: dwLength ..........: 0 >> DBG: ccid-driver: bSlot .............: 0 >> DBG: ccid-driver: bSeq ..............: 56 >> DBG: ccid-driver: bStatus ...........: 0 >> DBG: ccid-driver: buffer[9] .........: 00 >> DBG: ccid-driver: PC_to_RDR_Secure: >> DBG: ccid-driver: dwLength ..........: 19 >> DBG: ccid-driver: bSlot .............: 0 >> DBG: ccid-driver: bSeq ..............: 57 >> DBG: ccid-driver: bBMI ..............: 0x00 >> DBG: ccid-driver: wLevelParameter ...: 0x0000 >> DBG: ccid-driver: [0010] 00 00 82 00 00 19 >> DBG: ccid-driver: [0016] 06 02 01 09 04 00 00 00 00 00 20 00 82 >> DBG: ccid-driver: RDR_to_PC_DataBlock: >> DBG: ccid-driver: dwLength ..........: 2 >> DBG: ccid-driver: bSlot .............: 0 >> DBG: ccid-driver: bSeq ..............: 57 >> DBG: ccid-driver: bStatus ...........: 0 >> DBG: ccid-driver: [0010] 64 00 >> DBG: dismiss pinpad entry prompt >> verify CHV2 failed: Operation cancelled >> app_check_pin failed: Operation cancelled >> DBG: ccid-driver: PC_to_RDR_XfrBlock: >> DBG: ccid-driver: dwLength ..........: 9 >> DBG: ccid-driver: bSlot .............: 0 >> DBG: ccid-driver: bSeq ..............: 58 >> DBG: ccid-driver: bBWI ..............: 0x04 >> DBG: ccid-driver: wLevelParameter ...: 0x0000 >> DBG: ccid-driver: [0010] 00 00 05 00 CA 00 >> DBG: ccid-driver: [0016] 6E 00 A1 >> DBG: ccid-driver: usb_bulk_read error: LIBUSB_ERROR_TIMEOUT >> ccid_transceive failed: (0x1000a) >> apdu_send_simple(0) failed: card I/O error >> DBG: ccid-driver: PC_to_RDR_XfrBlock: >> DBG: ccid-driver: dwLength ..........: 9 >> DBG: ccid-driver: bSlot .............: 0 >> DBG: ccid-driver: bSeq ..............: 59 >> DBG: ccid-driver: bBWI ..............: 0x04 >> DBG: ccid-driver: wLevelParameter ...: 0x0000 >> DBG: ccid-driver: [0010] 00 00 05 00 CA 00 >> DBG: ccid-driver: [0016] C5 00 0A >> DBG: ccid-driver: usb_bulk_read error: LIBUSB_ERROR_TIMEOUT >> ccid_transceive failed: (0x1000a) >> apdu_send_simple(0) failed: card I/O error >> >> I've tried also an EMV card with this reader, the behavior >> is slightly different in this case: the typed PIN is accepted >> immediately, but "00 82 00 82" T=1 protocol error is returned >> at the USB interface level. >> And the card communication still works after this. >> >> The same cards (two OpenPGP ones and one EMV) accept PIN input without >> problems using exactly the same software setup when driven by a >> different PIN pad reader (a HP smart card keyboard). >> >> What's interesting is that the reader reports firmware version 7.0 >> while all the references I could find talk about firmware version 6.01. >> >> The vendor Windows driver also has a firmware version check utility >> that explicitly checks for firmware version 6.01 (unfortunately, >> it is just a checking tool without up- or down-grade capability). >> >> Now, I wonder: did anybody earlier spotted a similar behavior with this >> or other SCM/Identiv readers? >> Or is it possible that this reader is loaded with some non-standard >> firmware? >> It reports as "SPRx32 USB Smart Card Reader", which suggests the firmware >> should be common with a well-tested SPR532 model. > > Has anybody used this reader as a PIN pad successfully or had similar > issues? >
For posterity's sake: after contacting FLOSS-Shop the problem turned out to be caused by the reader firmware (version 7.0). If somebody encounters a similar problem in the future please contact your seller or Identive to get an updated firmware (the working one is marked version 7.01 build 1.53). Maciej _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
