with the new opensc 0.23.0 version in Debian testing/sid I am unable to use the new Italian CNS #2763
Description
Problem Description
with the new opensc version found in Debian testing/sid I was unable to use the new Italian CNS.
I think that the wrong type card is selected (it is selected the CNS with type:23002), but I'm unable to force the use of the correct one (CNS with type:23003).
First I list all the differences I have found.
Then I will show what I have done to let the new Italian CNS work correctly in a .deb I have created months ago.
For the not working opensc I used the one distributed by Debian
$ opensc-tool --version
No Git revision info available
$ opensc-tool -i
OpenSC 0.23.0 [gcc 12.2.0]
Enabled features: locking zlib readline openssl pcsc(libpcsclite.so.1)
I show rows starting with OK for the working opensc and with KO for the not working opensc
KO Manufacturer ID: IC: Infineon; mask: Oberthur Card Systems
OK Manufacturer ID: IC: Infineon; mask: IDEMIA (Oberthur)
KO Key length: 1024
OK Key length: 2048
KO token flags : token initialized
OK token flags : login required, token initialized, PIN initialized, user PIN locked
KO firmware version : 0.0
OK firmware version : 32.0
KO pin min/max : 4/8
OK pin min/max : 5/8
KO [pkcs15-tool] card.c:sc_connect_card: card info name:'CNS card', type:23002, flags:0x0, max_send/recv_size:255/256
OK [pkcs15-tool] card.c:sc_connect_card: card info name:'CNS card', type:23003, flags:0x0, max_send/recv_size:65535/65536
I think that the problem is the type, the 23003 work and the 23002 do not work.
I have try to force the use of type:23003 in /etc/opensc/opensc.conf but I was unable to have it.
I have made some configuration, but no one work to force the type, I can
only force the card name to not check all possible cards.
I show here the log in witch the type is selected
KO) in this one it select the wrong type
[pkcs15-tool] apdu.c:sc_single_transmit: returning with: 0 (Success)
[pkcs15-tool] apdu.c:sc_transmit: returning with: 0 (Success)
[pkcs15-tool] card.c:sc_unlock: called
[pkcs15-tool] reader-pcsc.c:pcsc_unlock: called
[pkcs15-tool] iso7816.c:iso7816_check_sw: File or application not found
[pkcs15-tool] card-cac.c:cac_select_file_by_type: returning with: -1201 (File not found)
[pkcs15-tool] card.c:sc_connect_card: trying driver 'itacns'
[pkcs15-tool] card.c:match_atr_table: ATR : 3b:ff:18:00:00:81:31:fe:45:00:6b:05:05:20:00:01:21:01:43:4e:53:10:31:80:79
[pkcs15-tool] card.c:match_atr_table: ATR try : 3b:f4:18:00:ff:81:31:80:55:00:31:80:00:c7
[pkcs15-tool] card.c:match_atr_table: ignored - wrong length
[pkcs15-tool] card-itacns.c:itacns_match_card: Matching 3b against atr[0] == 3b
[pkcs15-tool] card-itacns.c:itacns_match_card: Matching 31 against atr[6] == 31
[pkcs15-tool] card-itacns.c:itacns_match_card: Matching 0 against atr[9] == 0
[pkcs15-tool] card-itacns.c:itacns_match_card: Matching 6b against atr[10] == 6b
[pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 1 against atr[15] == 1
[pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 43 against atr[18] == 43
[pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 4e against atr[19] == 4e
[pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 53 against atr[20] == 53
[pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 31 against atr[22] == 31
[pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 80 against atr[23] == 80
[pkcs15-tool] card.c:sc_connect_card: matched: Italian CNS
[pkcs15-tool] card-itacns.c:itacns_init: called
[pkcs15-tool] card.c:match_atr_table: ATR : 3b:ff:18:00:00:81:31:fe:45:00:6b:05:05:20:00:01:21:01:43:4e:53:10:31:80:79
[pkcs15-tool] card.c:match_atr_table: ATR try : 3b:f4:18:00:ff:81:31:80:55:00:31:80:00:c7
[pkcs15-tool] card.c:match_atr_table: ignored - wrong length
[pkcs15-tool] card-itacns.c:itacns_match_card: Matching 3b against atr[0] == 3b
[pkcs15-tool] card-itacns.c:itacns_match_card: Matching 31 against atr[6] == 31
[pkcs15-tool] card-itacns.c:itacns_match_card: Matching 0 against atr[9] == 0
[pkcs15-tool] card-itacns.c:itacns_match_card: Matching 6b against atr[10] == 6b
[pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 1 against atr[15] == 1
[pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 43 against atr[18] == 43
[pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 4e against atr[19] == 4e
[pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 53 against atr[20] == 53
[pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 31 against atr[22] == 31
[pkcs15-tool] card-itacns.c:itacns_match_cns_card: Matching 80 against atr[23] == 80
[pkcs15-tool] card.c:sc_connect_card: card info name:'CNS card', type:23002, flags:0x0, max_send/recv_size:255/256
OK) in this one it select the working type
[pkcs15-tool] apdu.c:sc_single_transmit: returning with: 0 (Success)
[pkcs15-tool] apdu.c:sc_transmit: returning with: 0 (Success)
[pkcs15-tool] card.c:sc_unlock: called
[pkcs15-tool] reader-pcsc.c:pcsc_unlock: called
[pkcs15-tool] iso7816.c:iso7816_check_sw: File or application not found
[pkcs15-tool] card-cac.c:cac_select_file_by_type: returning with: -1201 (File not found)
[pkcs15-tool] card.c:sc_connect_card: trying driver 'itacns'
[pkcs15-tool] card.c:match_atr_table: ATR : 3b:ff:18:00:00:81:31:fe:45:00:6b:05:05:20:00:01:21:01:43:4e:53:10:31:80:79
[pkcs15-tool] card.c:match_atr_table: ATR try : 3b:f4:18:00:ff:81:31:80:55:00:31:80:00:c7
[pkcs15-tool] card.c:match_atr_table: ignored - wrong length
[pkcs15-tool] card.c:match_atr_table: ATR try : 3b:8b:80:01:00:31:c1:64:00:00:00:00:00:00:00:00
[pkcs15-tool] card.c:match_atr_table: ignored - wrong length
[pkcs15-tool] card.c:sc_connect_card: matched: Italian CNS
[pkcs15-tool] card-itacns.c:itacns_init: called
[pkcs15-tool] card.c:sc_connect_card: card info name:'CNS card', type:23003, flags:0x0, max_send/recv_size:65535/65536
Now I describe what I have done to use correctly the new Italian CNS.
I have done that probably the 21 March 2022 in what was the Debian testing at that date.
to have the opensc_0.22.0-2_amd64 working with new Italian CNS
apt build-dep opensc
$ mkdir ~/src
$ cd /src
$ apt source opensc
$ git clone https://github.com/3v1n0/OpenSC.git
$ cd OpenSC
$ cp -R ../opensc-0.22.0/debian .
$ fakeroot debian/rules binary
If I do the same actually I obtain a .deb file don't working with new Italian CNS.
So I think that you need to build the .deb package using all package that was available at 21 March 2022 to obtain the working packages.
I noted also that in the working deb I will get, wrongly, that the PIN try left is zero, but this is not a problem because all work correctly.
If someone need the .deb I have compiled at 21 March 2022 I can send to him (write directly to me).
I have also try on more PC and have all the same results. I have
noted that with some PC (I think newer one) old card lectors don't work,
I need to use a new one more recent.
I also have try to do some debug with gdb, but the debug symbol of
the compiled driver 0.22.0 do not work...
I have try to force with the following /etc/opensc/opensc.conf but don't work
app default {
# debug = 3;
# debug_file = opensc-debug.txt;
card_atr 3b:8b:80:01:00:31:c1:64:00:00:00:00:00:00:00:00 {
driver = itacns;
type = 23003;
}
framework pkcs15 {
# use_file_caching = public;
}
}
Let me know if you need more info.
Proposed Resolution
I don't have.
Can someone suggest me how to force the type = 23003 in the opensc.conf file?
Can someone suggest what to look to identify the problem?
Ciao
Davide