SCM SPR332 PIN entry doesn't work

Maciej S. Szmigiero mail at maciej.szmigiero.name
Sun Jan 21 00:16:53 CET 2018


On 14.01.2018 01:01, Maciej S. Szmigiero wrote:
> Hi all,
> 
> I've just received a SCM SPR332 from FLOSS-Shop (marked as "SPR332 V2"
> on its bottom side) and while its basic reader functionality seems to work
> just fine I can't get the secure PIN entry mode to work at all.
> 
> I've tried two different OpenPGP cards, tried both GnuPG built-in CCID
> driver and the pcsc-lite one to no avail.
> 
> I've even tried the latest vendor Windows driver (with OpenSC and a constant
> length PIN verify operation), but the behavior in each of these setups was
> always the same:
> Upon typing and accepting a PIN the "key" LED on the reader continues to
> blink for a few seconds, then the reader responds with "64 00" result at
> the USB interface level (which is probably the code for
> "SPE [Secure PIN Entry] operation timed out" error) and then it doesn't
> want to communicate with the card anymore.
> 
> A relevant log snippet from GnuPG built-in CCID driver:
> DBG: prompting for pinpad entry '||Please unlock the card%0A%0A
Number: 0005 00005B0E%0AHolder: '
> DBG: ccid-driver: sending escape sequence to switch to a case 1 APDU
> DBG: ccid-driver: PC_to_RDR_Escape:
> DBG: ccid-driver:   dwLength ..........: 3
> DBG: ccid-driver:   bSlot .............: 0
> DBG: ccid-driver:   bSeq ..............: 56
> DBG: ccid-driver:   [0007]  00 00 00 80 02 00
> DBG: ccid-driver: RDR_to_PC_Escape:
> DBG: ccid-driver:   dwLength ..........: 0
> DBG: ccid-driver:   bSlot .............: 0
> DBG: ccid-driver:   bSeq ..............: 56
> DBG: ccid-driver:   bStatus ...........: 0
> DBG: ccid-driver:   buffer[9] .........: 00
> DBG: ccid-driver: PC_to_RDR_Secure:
> DBG: ccid-driver:   dwLength ..........: 19
> DBG: ccid-driver:   bSlot .............: 0
> DBG: ccid-driver:   bSeq ..............: 57
> DBG: ccid-driver:   bBMI ..............: 0x00
> DBG: ccid-driver:   wLevelParameter ...: 0x0000
> DBG: ccid-driver:   [0010]  00 00 82 00 00 19
> DBG: ccid-driver:   [0016]  06 02 01 09 04 00 00 00 00 00 20 00 82
> DBG: ccid-driver: RDR_to_PC_DataBlock:
> DBG: ccid-driver:   dwLength ..........: 2
> DBG: ccid-driver:   bSlot .............: 0
> DBG: ccid-driver:   bSeq ..............: 57
> DBG: ccid-driver:   bStatus ...........: 0
> DBG: ccid-driver:   [0010]  64 00
> DBG: dismiss pinpad entry prompt
> verify CHV2 failed: Operation cancelled
> app_check_pin failed: Operation cancelled
> DBG: ccid-driver: PC_to_RDR_XfrBlock:
> DBG: ccid-driver:   dwLength ..........: 9
> DBG: ccid-driver:   bSlot .............: 0
> DBG: ccid-driver:   bSeq ..............: 58
> DBG: ccid-driver:   bBWI ..............: 0x04
> DBG: ccid-driver:   wLevelParameter ...: 0x0000
> DBG: ccid-driver:   [0010]  00 00 05 00 CA 00
> DBG: ccid-driver:   [0016]  6E 00 A1
> DBG: ccid-driver: usb_bulk_read error: LIBUSB_ERROR_TIMEOUT
> ccid_transceive failed: (0x1000a)
> apdu_send_simple(0) failed: card I/O error
> DBG: ccid-driver: PC_to_RDR_XfrBlock:
> DBG: ccid-driver:   dwLength ..........: 9
> DBG: ccid-driver:   bSlot .............: 0
> DBG: ccid-driver:   bSeq ..............: 59
> DBG: ccid-driver:   bBWI ..............: 0x04
> DBG: ccid-driver:   wLevelParameter ...: 0x0000
> DBG: ccid-driver:   [0010]  00 00 05 00 CA 00
> DBG: ccid-driver:   [0016]  C5 00 0A
> DBG: ccid-driver: usb_bulk_read error: LIBUSB_ERROR_TIMEOUT
> ccid_transceive failed: (0x1000a)
> apdu_send_simple(0) failed: card I/O error
> 
> I've tried also an EMV card with this reader, the behavior
> is slightly different in this case: the typed PIN is accepted
> immediately, but "00 82 00 82" T=1 protocol error is returned
> at the USB interface level.
> And the card communication still works after this.
> 
> The same cards (two OpenPGP ones and one EMV) accept PIN input without
> problems using exactly the same software setup when driven by a
> different PIN pad reader (a HP smart card keyboard).
> 
> What's interesting is that the reader reports firmware version 7.0
> while all the references I could find talk about firmware version 6.01.
> 
> The vendor Windows driver also has a firmware version check utility
> that explicitly checks for firmware version 6.01 (unfortunately,
> it is just a checking tool without up- or down-grade capability).
> 
> Now, I wonder: did anybody earlier spotted a similar behavior with this
> or other SCM/Identiv readers?
> Or is it possible that this reader is loaded with some non-standard
> firmware?
> It reports as "SPRx32 USB Smart Card Reader", which suggests the firmware
> should be common with a well-tested SPR532 model.

Has anybody used this reader as a PIN pad successfully or had similar
issues? 

Thanks,
Maciej



More information about the Gnupg-users mailing list