FSIJ USB Token version 2 and Gnuk

Werner Koch wk at gnupg.org
Wed Sep 15 21:00:18 CEST 2010


Hi,

I looked into the problem with the GnuPG'c CCID driver and found this:

  DBG: ccid-driver: PC_to_RDR_IccPowerOn:
  DBG: ccid-driver:   dwLength ..........: 0
  DBG: ccid-driver:   bSlot .............: 0
  DBG: ccid-driver:   bSeq ..............: 1
  DBG: ccid-driver:   bPowerSelect ......: 0x00 (auto)
  DBG: ccid-driver:   [0008]  00 00

We sent the power on command

  DBG: ccid-driver: RDR_to_PC_DataBlock:
  DBG: ccid-driver:   dwLength ..........: 12
  DBG: ccid-driver:   bSlot .............: 0
  DBG: ccid-driver:   bSeq ..............: 1
  DBG: ccid-driver:   bStatus ...........: 0
  DBG: ccid-driver:   [0010]  3B 94 11 81 31 FE
  DBG: ccid-driver:   [0016]  55 46 53 49 4A 88

We received the ATR as response to the power on command.

  DBG: ccid-driver: PC_to_RDR_GetParameters:
  DBG: ccid-driver:   dwLength ..........: 0
  DBG: ccid-driver:   bSlot .............: 0
  DBG: ccid-driver:   bSeq ..............: 2
  DBG: ccid-driver:   [0007]  00 00 00

We sent a GetParameters command to gnuk.  This is not implemented and on
the debug channel we get "ERR03".  gnuk puts itsself back into the init
state and did not sent and error response.

  DBG: ccid-driver: usb_bulk_read error: Resource temporarily unavailable
  DBG: ccid-driver: usb_bulk_read error: Resource temporarily unavailable
  DBG: ccid-driver: usb_bulk_read error: Resource temporarily unavailable
  DBG: ccid-driver: usb_bulk_read error: Resource temporarily unavailable
  
Thus GnuPG's try to read the response fails at the USB level....

  DBG: ccid-driver: GetParameters failed

and finally concludes that GetParameters failed.  Because it does not
know that gnuk is now in the init state again and all further commands
result in "ERR01" (invalid command for the init state).  I see a line
with "6c" before the first "ERR01", though.

I am not sure whether GetParameters must be implemented, I would ned to
study the specs again.  In any case I suggest to return a proper error
response.

What we can do in GnuPG's CCID driver is to issue a PowerOn command
after an USB read failure.  I hesitated to do this because it resets the
card and a few read errors may happen from time to time without bad
consequences.


Shalom-Salam,

   Werner



-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-devel mailing list