On 9/6/2012 9:54 PM, B. Scott Michel wrote:
On 9/6/2012 1:38 PM, Douglas E. Engert wrote:
On 9/6/2012 11:39 AM, B. Scott Michel wrote:
Tried another reader, the Cherry ST-1044U. pkcs15-tool identifies the
card using card-piv.c's code using the T0 protocol and will correctly
print the card's certificates -- the first time. Second run, though,
same problem: card is subsequently identified as a T1 card, can't find
certificates.
What version of OpenSC and pcsc-lite are you running and on what
platform?
This sounds like an old problem.
I'm tracking github and building from source - 0.13. I do an uninstall
followed by an install from the resulting disk image (dmg).
Looking a the reader-pcsc.c code, it is not clear if the
reader->active_protocol is being set correctly. The one piece of info you
sent in your initial note indicated it was changing from T0 to T1.
It looks like your card can only do T0, thus pcsc should not be saying
it is doing T1.
Attached is a patch based on the git repository from 0.13.0-pr1
that adds some additional debugging of the processing of the protocol
processing.
I suspect that the values of reader->active_protocol is not
1, 2, or 1000 as defined by SC_PROTO_* and may be 0, which should
not happen.
It may be that the version of pcsc on the MAC you have is not returning
a valid value for active_proto. That should be 1, 2 or 4. as defined by
SCARD_PROTOCOL_*
The output of a trace with this patch should
show if this is true or not.
It should not be changing from T=0 to T=1 after the card was working
with T=0 the first time.
I figured as much, hence, my motivation to debug and potentially hack
source code. Directors of Computer Systems Research Departments are
expected to keep hacking skills in excellent shape (Aerospace is the
"space" FFRDC in El Segundo, CA, if you're not familiar with us.)
pkcs15-tool -v -v -v -v -v -v -c
then send the full output, from both the first and second times.
Will do.
I have some older test cards that may be T=0, I will try them.
But I am gone till Monday.
Something else to try, is to edit the opensc.conf. you can add
debug_file = somefilename;
debug = 9;
This would cut out interference from other drivers:
force_card_driver = "piv";
also try:
force_protocol = "t0";
(I have not tried the force_* options.)
Will do.
-scooter
--
Douglas E. Engert <deeng...@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
diff --git a/src/libopensc/reader-pcsc.c b/src/libopensc/reader-pcsc.c
index 920b6f1..158c06f 100644
--- a/src/libopensc/reader-pcsc.c
+++ b/src/libopensc/reader-pcsc.c
@@ -242,6 +242,8 @@ static int pcsc_transmit(sc_reader_t *reader, sc_apdu_t *apdu)
goto out;
}
/* encode and log the APDU */
+ sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "active_protocol: %02x", reader->active_protocol);
+
r = sc_apdu_get_octets(reader->ctx, apdu, &sbuf, &ssize, reader->active_protocol);
if (r != SC_SUCCESS)
goto out;
@@ -436,6 +438,9 @@ static int pcsc_reconnect(sc_reader_t * reader, DWORD action)
}
reader->active_protocol = pcsc_proto_to_opensc(active_proto);
+
+ sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "Reconnect protocol: %02x active_proto: %02x active_protocol: %02x", protocol, active_proto, reader->active_protocol);
+
return pcsc_to_opensc_error(rv);
}
@@ -476,6 +481,8 @@ static int pcsc_connect(sc_reader_t *reader)
reader->active_protocol = pcsc_proto_to_opensc(active_proto);
priv->pcsc_card = card_handle;
+ sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "Initial active_proto: %02x active_protocol: %02x", active_proto, reader->active_protocol);
+
sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "Initial protocol: %s", reader->active_protocol == SC_PROTO_T1 ? "T=1" : "T=0");
/* Check if we need a specific protocol. refresh_attributes above already sets the ATR */
@@ -491,6 +498,8 @@ static int pcsc_connect(sc_reader_t *reader)
sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "Final protocol: %s", reader->active_protocol == SC_PROTO_T1 ? "T=1" : "T=0");
}
+ sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "Final active_proto: %02x active_protocol: %02x", active_proto, reader->active_protocol);
+
/* After connect reader is not locked yet */
priv->locked = 0;
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
