Openpgp card handling depending on manufacturer?

NIIBE Yutaka gniibe at fsij.org
Wed Nov 7 02:12:57 CET 2012 

Thank you for the log.

On 2012-11-06 at 22:10 +0100, Klaus Flittner wrote:
> 20:08:22  pcscd: commands.c:1487:CmdXfrBlockAPDU_extended() T=0 (extended): 8 bytes
> 20:08:22  pcscd: -> 000000 6F 08 00 00 00 00 3B 00 00 00 00 47 80 00 02 B6 00 00 

Soon after the host PC sent a block, ...

> 20:08:22  pcscd: <- 000000 80 00 00 00 00 00 3B 80 64 00 
> 20:08:22  pcscd: commands.c:1422:CCID_Receive() Time extension requested: 0x64

The smartcard reader responded time extension, once.

> 20:08:22  pcscd: <- 000000 80 00 00 00 00 00 3B 80 64 00 
> 20:08:22  pcscd: commands.c:1422:CCID_Receive() Time extension requested: 0x64

... and twice.

Here, bStatus is 0x80 (bmCommandStatus=2, bmICCStatus=0), and bError
is 0x64 (= 100).

The specification (USB CCID 1.1) says:

    When the bmCommandStatus field is 2, indicating a Time extension is
    requested, then the slots error register contains the multiplier
    value of BWT when the protocol is T=1 or the multiplier value of WWT
    when the protocol is T=0.

Thus, host PC should wait 100 x BWT.

However, unfortunately, I think that current implementation of libccid
doesn't care about the field bError, and just wait again for another
BWT.  I'm reading the source code of ccid 1.4.7.

> 20:08:32  pcscd: ccid_usb.c:699:ReadUSB() read failed (7/2): -7 Success

Here, we see timeout of the host PC side after BWT, not 100 x BWT.

> Which part of the stack is responsible to handle the time extension
> request? Is it handled inside the firmware of the reader, or is the
> driver (ccid) responsible.

I think that both should be responsible.

Conservative implementation of smartcard reader could send back the
time extension to the host PC, periodically (say, on each timeout of
BWT (or something)) when it is waiting the response from the card (for
100xBWT).

Same thing can be applied to the card.  Conservative implementation of
smartcard could send back time extension request (by S block) to the
terminal (multiplier = 1), periodically, when the computation is still
ongoing.
--

More information about the Gnupg-devel mailing list