[Bug 1972753] [NEW] opensc-pkcs11 failing epass2003_pin_cmd after 22.04 upgrade

John Stile Mon, 09 May 2022 20:15:54 -0700

Public bug reported:

After upgrading from Ubuntu 21.10 to 22.04 my fob stopped working. 
  SSH does not ask for the pin
  When I test the fob with a pin it is rejected.


I can list the device fine
  /usr/bin/pkcs11-tool --module=/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -L

This asks for the pin, but rejected it (I know the pin works on another
system with this card)

pkcs11-tool --test --login

      Using slot 0 with a present token (0x0)
      Logging in to "ePass2003 (User PIN)".
      Please enter User PIN:
      C_SeedRandom() and C_GenerateRandom():
        seeding (C_SeedRandom) not supported
        seems to be OK
      Digests:
        all 4 digest functions seem to work
        MD5: OK
        SHA-1: OK
      error: PKCS11 function C_DigestInit failed: rv = CKR_GENERAL_ERROR (0x5)
      Aborting.

I increased the debug level, and this is a short snip when it falls down

P:109719; T:0x140094939842560 18:26:35.870 [opensc-pkcs11] 
slot.c:470:slot_get_token: Slot(id=0x0): get token
P:109719; T:0x140094939842560 18:26:35.870 [opensc-pkcs11] 
slot.c:488:slot_get_token: Slot-get-token returns OK
P:109719; T:0x140094939842560 18:26:35.870 [opensc-pkcs11] 
pkcs11-session.c:94:C_OpenSession: C_OpenSession handle: 0x5562ed88a340
P:109719; T:0x140094939842560 18:26:35.870 [opensc-pkcs11] 
pkcs11-session.c:97:C_OpenSession: C_OpenSession() = CKR_OK
P:109719; T:0x140094939842560 18:26:35.870 [opensc-pkcs11] 
framework-pkcs15.c:552:C_GetTokenInfo: C_GetTokenInfo(0)
P:109719; T:0x140094939842560 18:26:35.870 [opensc-pkcs11] 
slot.c:470:slot_get_token: Slot(id=0x0): get token
P:109719; T:0x140094939842560 18:26:35.870 [opensc-pkcs11] 
slot.c:488:slot_get_token: Slot-get-token returns OK
P:109719; T:0x140094939842560 18:26:35.870 [opensc-pkcs11] 
framework-pkcs15.c:589:C_GetTokenInfo: C_GetTokenInfo() auth. object 
0x5562ed887060, token-info flags 0x40D
P:109719; T:0x140094939842560 18:26:35.871 [opensc-pkcs11] 
pkcs15-pin.c:707:sc_pkcs15_get_pin_info: called
P:109719; T:0x140094939842560 18:26:35.871 [opensc-pkcs11] card.c:473:sc_lock: 
called
P:109719; T:0x140094939842560 18:26:35.871 [opensc-pkcs11] 
reader-pcsc.c:685:pcsc_lock: called
P:109719; T:0x140094939842560 18:26:35.871 [opensc-pkcs11] card.c:513:sc_lock: 
returning with: 0 (Success)
P:109719; T:0x140094939842560 18:26:35.871 [opensc-pkcs11] 
card.c:844:sc_select_file: called; type=2, path=3f005015
P:109719; T:0x140094939842560 18:26:35.871 [opensc-pkcs11] 
card-epass2003.c:1552:epass2003_select_file: called
P:109719; T:0x140094939842560 18:26:35.871 [opensc-pkcs11] 
card-epass2003.c:1558:epass2003_select_file: current path (path, valid): 
3f005015 (len: 4)
P:109719; T:0x140094939842560 18:26:35.871 [opensc-pkcs11] 
card-epass2003.c:1514:epass2003_select_path: cache hit
P:109719; T:0x140094939842560 18:26:35.871 [opensc-pkcs11] 
card.c:879:sc_select_file: returning with: 0 (Success)
P:109719; T:0x140094939842560 18:26:35.871 [opensc-pkcs11] 
sec.c:200:sc_pin_cmd: called
P:109719; T:0x140094939842560 18:26:35.871 [opensc-pkcs11] 
card-epass2003.c:2769:epass2003_pin_cmd: called
P:109719; T:0x140094939842560 18:26:35.871 [opensc-pkcs11] 
card-epass2003.c:2777:epass2003_pin_cmd: returning with: -1214 (PIN code or key 
incorrect)
P:109719; T:0x140094939842560 18:26:35.871 [opensc-pkcs11] 
sec.c:256:sc_pin_cmd: returning with: -1214 (PIN code or key incorrect)
P:109719; T:0x140094939842560 18:26:35.871 [opensc-pkcs11] 
card.c:523:sc_unlock: called
P:109719; T:0x140094939842560 18:26:35.871 [opensc-pkcs11] 
reader-pcsc.c:737:pcsc_unlock: called
P:109719; T:0x140094939842560 18:26:35.871 [opensc-pkcs11] 
pkcs15-pin.c:742:sc_pkcs15_get_pin_info: returning with: -1214 (PIN code or key 
incorrect)
P:109719; T:0x140094939842560 18:26:35.871 [opensc-pkcs11] 
framework-pkcs15.c:609:C_GetTokenInfo: C_GetTokenInfo(0) returns CKR_OK
P:109719; T:0x140094939842560 18:26:40.130 [opensc-pkcs11] 
pkcs11-session.c:341:C_Login: C_Login(0x5562ed88a340, 1)
P:109719; T:0x140094939842560 18:26:40.130 [opensc-pkcs11] 
pkcs11-session.c:363:C_Login: C_Login() slot->login_user -1
P:109719; T:0x140094939842560 18:26:40.130 [opensc-pkcs11] 
pkcs11-session.c:374:C_Login: C_Login() userType 1
P:109719; T:0x140094939842560 18:26:40.130 [opensc-pkcs11] 
framework-pkcs15.c:1708:pkcs15_login: pkcs15-login: userType 0x1, PIN length 6

This fob works on a mac with the same pin.

When I ssh, I see the fob led blink, but it am not prompted for the pin.

~/.ssh/config

Host foo.org
  PKCS11Provider /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
  AddressFamily inet

pkcs11-tool --show-info

      Cryptoki version 3.0
      Manufacturer     OpenSC Project
      Library          OpenSC smartcard framework (ver 0.22)
      Using slot 0 with a present token (0x0)

/usr/sbin/pcscd --version
pcsc-lite version 1.9.5.
Copyright (C) 1999-2002 by David Corcoran <corco...@musclecard.com>.
Copyright (C) 2001-2018 by Ludovic Rousseau <ludovic.rouss...@free.fr>.
Copyright (C) 2003-2004 by Damien Sauveron <sauve...@labri.fr>.
Report bugs to <pcsclite-mus...@lists.infradead.org>.
Enabled features: Linux x86_64-pc-linux-gnu libsystemd serial usb libudev 
usbdropdir=/usr/lib/pcsc/drivers ipcdir=/run/pcscd filter 
configdir=/etc/reader.conf.d

packages

pcscd              1.9.5-3        1.9.5-3        Middleware to access a smart 
card using PC/SC (daemon side)
opensc-pkcs11      0.22.0-1ubuntu 0.22.0-1ubuntu Smart card utilities with 
support for PKCS#15 compatible cards
openssl            3.0.2-0ubuntu1 3.0.2-0ubuntu1 Secure Sockets Layer toolkit - 
cryptographic utility 
libssl1.0.0        <none>         1.0.2n-1ubuntu Secure Sockets Layer toolkit - 
shared libraries                                             
libssl1.1          <none>         1.1.1l-1ubuntu Secure Sockets Layer toolkit - 
shared libraries                                             
libssl3            3.0.2-0ubuntu1 3.0.2-0ubuntu1 Secure Sockets Layer toolkit - 
shared libraries                                             
libssl3:i386       3.0.2-0ubuntu1 3.0.2-0ubuntu1 Secure Sockets Layer toolkit - 
shared libraries

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: ubuntu-release-upgrader-core 1:22.04.10
ProcVersionSignature: Ubuntu 5.15.0-27.28-generic 5.15.30
Uname: Linux 5.15.0-27-generic x86_64
ApportVersion: 2.20.11-0ubuntu82
Architecture: amd64
CasperMD5CheckResult: unknown
CrashDB: ubuntu
CurrentDesktop: KDE
Date: Mon May  9 19:12:17 2022
InstallationDate: Installed on 2020-07-01 (677 days ago)
InstallationMedia: Ubuntu 18.04.4 LTS "Bionic Beaver" - Release amd64 
(20200203.1)
PackageArchitecture: all
ProcEnviron:
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: ubuntu-release-upgrader
Symptom: release-upgrade
UpgradeStatus: Upgraded to jammy on 2022-05-09 (1 days ago)
VarLogDistupgradeTermlog:

** Affects: ubuntu-release-upgrader (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug dist-upgrade jammy

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1972753

Title:
  opensc-pkcs11 failing epass2003_pin_cmd after 22.04 upgrade

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1972753/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1972753] [NEW] opensc-pkcs11 failing epass2003_pin_cmd after 22.04 upgrade

Reply via email to