smart card under linux
Peter Lebbing
peter at digitalbrains.com
Sun Oct 26 12:42:36 CET 2014
On 23/10/14 12:00, Werner Koch wrote:
> BTW, is it still not possible to enable the access using the device
> class?
I've had a good look at this. On Debian stable, I couldn't get it to
work, but maybe it's possible.
The SCM SPR532 seems an unlikely candidate; it's not of the correct
device class:
---------------------------8<--------------------->8---------------------------
# lsusb -v -s 2:6
Bus 002 Device 006: ID 04e6:e003 SCM Microsystems, Inc. SPR532 PinPad
SmartCard Re
ader
Device Descriptor:
bLength 18
bDescriptorType 1
bcdUSB 2.00
bDeviceClass 0 (Defined at Interface level)
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 16
idVendor 0x04e6 SCM Microsystems, Inc.
idProduct 0xe003 SPR532 PinPad SmartCard Reader
bcdDevice 5.10
iManufacturer 1 SCM Microsystems Inc.
iProduct 2 SPRx32 USB Smart Card Reader
iSerial 5 60200D5E
bNumConfigurations 1
Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength 93
bNumInterfaces 1
bConfigurationValue 1
iConfiguration 3 Vendor Class
bmAttributes 0xa0
(Bus Powered)
Remote Wakeup
MaxPower 100mA
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 3
bInterfaceClass 255 Vendor Specific Class
bInterfaceSubClass 0
bInterfaceProtocol 0
iInterface 4 Vendor Interface
** UNRECOGNIZED: 36 21 00 01 00 01 03 00 00 00 a0 0f 00 00 40 1f
00 00 00 01 2a 00 00 29 40 05 00 00 fe 00 00 00 00 00 00 00 00 00 00 00
ba 00 01 00 0e 01 00 00 ff ff 00 00 03 01
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x01 EP 1 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x82 EP 2 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x83 EP 3 IN
bmAttributes 3
Transfer Type Interrupt
Synch Type None
Usage Type Data
wMaxPacketSize 0x0010 1x 16 bytes
bInterval 16
Device Status: 0x0000
(Bus Powered)
---------------------------8<--------------------->8---------------------------
---------------------------8<--------------------->8---------------------------
# udevadm info -a -n /dev/bus/usb/002/006
[...]
looking at device '/devices/pci0000:00/0000:00:1d.0/usb2/2-2':
KERNEL=="2-2"
SUBSYSTEM=="usb"
DRIVER=="usb"
ATTR{configuration}=="Vendor Class"
ATTR{bNumInterfaces}==" 1"
ATTR{bConfigurationValue}=="1"
ATTR{bmAttributes}=="a0"
ATTR{bMaxPower}=="100mA"
ATTR{urbnum}=="31"
ATTR{idVendor}=="04e6"
ATTR{idProduct}=="e003"
ATTR{bcdDevice}=="0510"
ATTR{bDeviceClass}=="00"
ATTR{bDeviceSubClass}=="00"
ATTR{bDeviceProtocol}=="00"
ATTR{bNumConfigurations}=="1"
ATTR{bMaxPacketSize0}=="16"
ATTR{speed}=="12"
ATTR{busnum}=="2"
ATTR{devnum}=="6"
ATTR{devpath}=="2"
ATTR{version}==" 2.00"
ATTR{maxchild}=="0"
ATTR{quirks}=="0x0"
ATTR{avoid_reset_quirk}=="0"
ATTR{authorized}=="1"
ATTR{manufacturer}=="SCM Microsystems Inc."
ATTR{product}=="SPRx32 USB Smart Card Reader"
ATTR{serial}=="60200D5E"
[...]
---------------------------8<--------------------->8---------------------------
However, I have another card reader, an SCM SCR3310. It was sold as a
ChipDrive MyKey, and had a different product number on the original
case. However, that case didn't keep the connector clean in my pocket,
so I put it in a different case. I don't know what the original product
number was anymore. Anyway:
---------------------------8<--------------------->8---------------------------
# lsusb -s 2:7 -v
Bus 002 Device 007: ID 04e6:5116 SCM Microsystems, Inc. SCR331-LC1 /
SCR3310 SmartCard Reader
Device Descriptor:
bLength 18
bDescriptorType 1
bcdUSB 2.00
bDeviceClass 0 (Defined at Interface level)
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 32
idVendor 0x04e6 SCM Microsystems, Inc.
idProduct 0x5116 SCR331-LC1 / SCR3310 SmartCard Reader
bcdDevice 2.04
iManufacturer 1 SCM Microsystems Inc.
iProduct 2 SCR3310 v2.0 USB SC Reader
iSerial 0
bNumConfigurations 1
Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength 93
bNumInterfaces 1
bConfigurationValue 1
iConfiguration 3 CCID Class
bmAttributes 0xa0
(Bus Powered)
Remote Wakeup
MaxPower 100mA
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 3
bInterfaceClass 11 Chip/SmartCard
bInterfaceSubClass 0
bInterfaceProtocol 0
iInterface 4 CCID Interface
ChipCard Interface Descriptor:
bLength 54
bDescriptorType 33
bcdCCID 1.10 (Warning: Only accurate for version 1.0)
nMaxSlotIndex 0
bVoltageSupport 7 5.0V 3.0V 1.8V
dwProtocols 3 T=0 T=1
dwDefaultClock 4800
dwMaxiumumClock 8000
bNumClockSupported 0
dwDataRate 12903 bps
dwMaxDataRate 412903 bps
bNumDataRatesSupp. 0
dwMaxIFSD 252
dwSyncProtocols 00000000
dwMechanical 00000000
dwFeatures 000101BA
Auto configuration based on ATR
Auto voltage selection
Auto clock change
Auto baud rate change
Auto PPS made by CCID
CCID can set ICC in clock stop mode
TPDU level exchange
dwMaxCCIDMsgLen 271
bClassGetResponse echo
bClassEnvelope echo
wlcdLayout none
bPINSupport 0
bMaxCCIDBusySlots 1
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x83 EP 3 IN
bmAttributes 3
Transfer Type Interrupt
Synch Type None
Usage Type Data
wMaxPacketSize 0x0008 1x 8 bytes
bInterval 16
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x84 EP 4 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x05 EP 5 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 0
Device Status: 0x0000
(Bus Powered)
---------------------------8<--------------------->8---------------------------
That looks promising. BUT:
---------------------------8<--------------------->8---------------------------
# udevadm info -a -n /dev/bus/usb/002/007
[...]
looking at device '/devices/pci0000:00/0000:00:1d.0/usb2/2-2':
KERNEL=="2-2"
SUBSYSTEM=="usb"
DRIVER=="usb"
ATTR{configuration}=="CCID Class"
ATTR{bNumInterfaces}==" 1"
ATTR{bConfigurationValue}=="1"
ATTR{bmAttributes}=="a0"
ATTR{bMaxPower}=="100mA"
ATTR{urbnum}=="27"
ATTR{idVendor}=="04e6"
ATTR{idProduct}=="5116"
ATTR{bcdDevice}=="0204"
ATTR{bDeviceClass}=="00"
ATTR{bDeviceSubClass}=="00"
ATTR{bDeviceProtocol}=="00"
ATTR{bNumConfigurations}=="1"
ATTR{bMaxPacketSize0}=="32"
ATTR{speed}=="12"
ATTR{busnum}=="2"
ATTR{devnum}=="7"
ATTR{devpath}=="2"
ATTR{version}==" 2.00"
ATTR{maxchild}=="0"
ATTR{quirks}=="0x0"
ATTR{avoid_reset_quirk}=="0"
ATTR{authorized}=="1"
ATTR{manufacturer}=="SCM Microsystems Inc."
ATTR{product}=="SCR3310 v2.0 USB SC Reader"
[...]
---------------------------8<--------------------->8---------------------------
It seems that the problem is that the device class is defined at the
interface level, which seems to have no corresponding udev property.
There is the ATTR{Configuration}, but is that reliable? I have no idea.
While playing with udevadm control --log-priority=debug, I did notice
that the Debian libccid package has a rules file that also matches on
the device class:
---------------------------8<--------------------->8---------------------------
$ cat /lib/udev/rules.d/92-libccid.rules
# udev rules to set the access rights of CCID smart card readers
# so they can be used by pcscd
# $Id: 92_pcscd_ccid.rules 6275 2012-04-17 13:42:42Z rousseau $
[...]
# If not adding the device, go away
ACTION!="add", GOTO="pcscd_ccid_rules_end"
SUBSYSTEM!="usb", GOTO="pcscd_ccid_rules_end"
ENV{DEVTYPE}!="usb_device", GOTO="pcscd_ccid_rules_end"
[...]
# generic CCID device (bInterfaceClass = 0x0b)
# change group from default "root" to "pcscd"
ENV{ID_USB_INTERFACES}=="*:0b0000:*", GROUP="pcscd"
[...]
---------------------------8<--------------------->8---------------------------
Unfortunately, that match doesn't work on the SCR3310, because I
modified the gnupg rules file as follows, and it didn't do anything:
---------------------------8<--------------------->8---------------------------
SUBSYSTEM!="usb", GOTO="gnupg_rules_end"
ACTION!="add", GOTO="gnupg_rules_end"
ENV{DEVTYPE}!="usb_device", GOTO="gnupg_rules_end"
# generic CCID device (bInterfaceClass = 0x0b)
ENV{ID_USB_INTERFACES}=="*:0b0000:*", ENV{ID_SMARTCARD_READER}="1",
ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
LABEL="gnupg_rules_end"
---------------------------8<--------------------->8---------------------------
I doubt the ID_USB_INTERFACES match works anyway, seeing how udevadm
info doesn't show it. But that might be a bug in udevadm for all I know.
This is as far as I got on Debian stable.
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list