Re: [opensc-devel] Opensc 0.12.2, CardOS, Mac OS X
2011/11/7 Johannes Becker johannes.bec...@hrz.uni-giessen.de: Hello, Am Donnerstag 03 November 2011 schrieb Ludovic Rousseau: So the problem occurs on Mac but not on Linux (or Windows). Exact? Yes. Try to generate a log from pcscd. 1. connect your reader 2. kill any running pcscd process 3. run sudo LIBCCID_ifdLogLevel=0x000F /usr/sbin/pcscd --foreground --debug --apdu and send me the complete output If so the bug may not be in OpenSC, but in the libccid provided by Apple (in 10.6.8 Snow Leopard it is version 1.3.8) or in pcsc-lite modified by Apple. That's what I guessed too. I have no idea how to change the Apple Software. Have you tried using Lion 10.7 instead of Snow Leopard 10.6.8? Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Opensc 0.12.2, CardOS, Mac OS X
Hello, Am Donnerstag 03 November 2011 schrieb Ludovic Rousseau: So the problem occurs on Mac but not on Linux (or Windows). Exact? Yes. If so the bug may not be in OpenSC, but in the libccid provided by Apple (in 10.6.8 Snow Leopard it is version 1.3.8) or in pcsc-lite modified by Apple. That's what I guessed too. I have no idea how to change the Apple Software. Regards Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Opensc 0.12.2, CardOS, Mac OS X
Hello, Am Mittwoch 02 November 2011 schrieb Ludovic Rousseau: Martin is right. OpenSC is sending an extended APDU with a data length of 00 01 01 = 257 bytes. Changing max_send_size didn't make any difference. Can you run the procedure at [2] so I can check your reader? The logs are http://www.uni-giessen.de/~g013/opensc/KobilKAANAdvanced.txt http://www.uni-giessen.de/~g013/opensc/KobilKAANTribank.txt http://www.uni-giessen.de/~g013/opensc/XiringMyLeo.txt I hope, that my Dell Keyboard Reader doesn't disturb the results. I have a very new Xiring firmware, which works with my cards on Linux and Windows. All 3 readers work with Linux and Windows. They even work with Linux in VirtualBox on Mac OS X. Just Mac OS X itself has a problem with CardOS cards and all the readers. TCOS cards are no problem. Switching off pinpad support doesn't help. Thanks Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Opensc 0.12.2, CardOS, Mac OS X
2011/11/3 Johannes Becker johannes.bec...@hrz.uni-giessen.de: Hello, Am Mittwoch 02 November 2011 schrieb Ludovic Rousseau: Martin is right. OpenSC is sending an extended APDU with a data length of 00 01 01 = 257 bytes. Changing max_send_size didn't make any difference. Can you run the procedure at [2] so I can check your reader? The logs are http://www.uni-giessen.de/~g013/opensc/KobilKAANAdvanced.txt Same as mine. http://www.uni-giessen.de/~g013/opensc/KobilKAANTribank.txt Your firmware is 0.40. The one in my list is 0.39. But no visible change at the USB descriptor level. http://www.uni-giessen.de/~g013/opensc/XiringMyLeo.txt This one is more different. --- Xiring_MyLeo.txt(revision 6095) +++ Xiring_MyLeo.txt(working copy) @@ -2,7 +2,7 @@ iManufacturer: XIRING idProduct: 0x0037 iProduct: CCID Smart Card Reader - bcdDevice: 2.11 (firmware release?) + bcdDevice: 9.14 (firmware release?) bLength: 9 bDescriptorType: 4 bInterfaceNumber: 0 @@ -62,13 +62,13 @@ 80 Automatic PPS made by the CCID ..04.. Automatic IFSD exchange as first exchange (T=1) 02 Short APDU level exchange - dwMaxCCIDMessageLength: 271 bytes + dwMaxCCIDMessageLength: 522 bytes bClassGetResponse: 0xFF echoes the APDU class bClassEnveloppe: 0xFF echoes the APDU class wLcdLayout: 0x020C - 2 lines +2 lines 12 characters per line bPINSupport: 0x03 PIN Verification supported Your firmware is newer. And also dwMaxCCIDMessageLength has been updated. I hope, that my Dell Keyboard Reader doesn't disturb the results. They are easy to filter out. I have a very new Xiring firmware, which works with my cards on Linux and Windows. I see. All 3 readers work with Linux and Windows. They even work with Linux in VirtualBox on Mac OS X. Just Mac OS X itself has a problem with CardOS cards and all the readers. TCOS cards are no problem. So the problem occurs on Mac but not on Linux (or Windows). Exact? If so the bug may not be in OpenSC, but in the libccid provided by Apple (in 10.6.8 Snow Leopard it is version 1.3.8) or in pcsc-lite modified by Apple. Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Opensc 0.12.2, CardOS, Mac OS X
Hello, while OpenSC 0.12.2 works with our card CardOS V4.3B using Linux or Windows, there is a problem with Mac OS X: The PIN asked. After entering the PIN on the pinpad Firefox asks you to select the certificate, but finally the connection to the web site is not established. A log file produced on Mac OS X 10.6.8 can be found on http://www.uni-giessen.de/~g013/opensc/opensc-OSX-CardOS-debug.log Our TCOS-card works fine with OpenSC 0.12.2. Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Opensc 0.12.2, CardOS, Mac OS X
Hello, On Wed, Nov 2, 2011 at 12:28, Johannes Becker johannes.bec...@hrz.uni-giessen.de wrote: A log file produced on Mac OS X 10.6.8 can be found on http://www.uni-giessen.de/~g013/opensc/opensc-OSX-CardOS-debug.log It seems there is a transaction failed error when sending 266 bytes, which seems to be an extended APDU issue. The problem is most probably in the driver for your reader, which can't do extended ADPU-s. One option might be (might nor work) to limit max_send_size in opensc.conf to something smaller. Martin ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Opensc 0.12.2, CardOS, Mac OS X
2011/11/2 Martin Paljak mar...@martinpaljak.net: Hello, On Wed, Nov 2, 2011 at 12:28, Johannes Becker johannes.bec...@hrz.uni-giessen.de wrote: A log file produced on Mac OS X 10.6.8 can be found on http://www.uni-giessen.de/~g013/opensc/opensc-OSX-CardOS-debug.log It seems there is a transaction failed error when sending 266 bytes, which seems to be an extended APDU issue. The problem is most probably in the driver for your reader, which can't do extended ADPU-s. One option might be (might nor work) to limit max_send_size in opensc.conf to something smaller. A previous SCardControl command failed. 0x128792000 10:24:04.4294968141 [opensc-pkcs11] sec.c:157:sc_pin_cmd: called0x128792000 10:24:04.4294968141 [opensc-pkcs11] reader-pcsc.c:1536:pcsc_pin_cmd: called0x128792000 10:24:04.140733193388877 [opensc-pkcs11] reader-pcsc.c:176:pcsc_internal_transmit: called0x128792000 10:24:04.140733193388877 [opensc-pkcs11] reader-pcsc.c:202:pcsc_internal_transmit: KOBIL EMV CAP - SecOVID Reader III 00 00:SCardTransmit/Control failed: 0x18014 Some comments: - the pinpad command is not logged. I think that would be a good idea to have it. I don't know exactly where in the code to add the dump. - the error code is 0x18014. The first 1 (MSB) is very suspect. The real error value should be 0x8014 for SCARD_E_INVALID_PARAMETER. I have no idea where this '1' comes from. Martin is right. OpenSC is sending an extended APDU with a data length of 00 01 01 = 257 bytes. Your reader KOBIL EMV CAP - SecOVID Reader III is in my list [1]. The version of the reader I have (firmware 0.39) _does_ support extended APDU. Can you run the procedure at [2] so I can check your reader? Thanks [1] http://pcsclite.alioth.debian.org/ccid/supported.html#0x0D460x3010 [2] http://pcsclite.alioth.debian.org/ccid.html#CCID_compliant -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel