Openpgp card handling depending on manufacturer?
Klaus Flittner
klaus at flittner.org
Tue Nov 6 22:10:46 CET 2012
NIIBE Yutaka wrote:
> On 2012-11-05 at 19:54 +0100, Klaus Flittner wrote:
> > Yes. libusb_block_transfer really returns LIBUSB_ERROR_TIMEOUT. The
> > logfiles contain the following if the error occurs: The value -7 in the
> > first line corresponds to LIBUSB_ERROR_TIMEOUT.
> > -----
> > pcscd: ccid_usb.c:699:ReadUSB() read failed (7/2): -7 Success
> > pcscd: ifdwrapper.c:527:IFDTransmit() Card not transacted: 612
> > pcscd: winscard.c:1532:SCardTransmit() Card not transacted: 0x80100016
> > -----
>
> Thank you for the information.
>
> If I were you, I'd check:
>
> * ATR string of the card
> That's because it has information for Block Waiting Time (BWT)
ATR: 3B DA 18 FF 81 B1 FE 75 1F 03 00 31 C5 73 C0 01 80 00 90 00 CC
That should correspond to a BWT of 9.5 seconds (if i got the math right)
> * The value of ccid_descriptor -> readTimeout in libccid
> Namely, the argument <timeout> of libusb_bulk_transfer
>
> * Interaction of libccid and smartcard reader by
> setting ifdLogLevel = 0x0007 in Info.plist
> (so that we can see if time extension occurs or not)
----------
20:08:22 pcscd: winscard.c:1507:SCardTransmit() Send Protocol: T=1
20:08:22 pcscd: ifdhandler.c:1257:IFDHTransmitToICC() usb:0d46/3002:libudev:0:/dev/bus/usb/007/002 (lun: 0)
20:08:22 pcscd: commands.c:1487:CmdXfrBlockAPDU_extended() T=0 (extended): 8 bytes
20:08:22 pcscd: -> 000000 6F 08 00 00 00 00 3B 00 00 00 00 47 80 00 02 B6 00 00
20:08:22 pcscd: <- 000000 80 00 00 00 00 00 3B 80 64 00
20:08:22 pcscd: commands.c:1422:CCID_Receive() Time extension requested: 0x64
20:08:22 pcscd: <- 000000 80 00 00 00 00 00 3B 80 64 00
20:08:22 pcscd: commands.c:1422:CCID_Receive() Time extension requested: 0x64
20:08:32 pcscd: ccid_usb.c:699:ReadUSB() read failed (7/2): -7 Success
20:08:32 pcscd: ifdwrapper.c:527:IFDTransmit() Card not transacted: 612
20:08:32 pcscd: winscard.c:1532:SCardTransmit() Card not transacted: 0x80100016
20:08:32 pcscd: winscard_svc.c:604:ContextThread() TRANSMIT rv=0x80100016 for client 5
----------
The timing fits quite well to the BWT. But with the time extension
requested it should allow the operation to need a time of up to 100
times the BWT.
As of today key generation no longer works with the cards regardless of
manufacturer value. Nothing really changed since the tests yesterday.
Even smaller keys are not possible anymore. Everything which takes
longer as the BWT times out.
Which part of the stack is responsible to handle the time extension
request? Is it handled inside the firmware of the reader, or is the
driver (ccid) responsible.
Regards,
Klaus Flittner
More information about the Gnupg-devel
mailing list