pcscd fails to read CAC card data, errors out

Bug #1596662 reported by Zach La Celle on 2016-06-27
22
This bug affects 4 people
Affects Status Importance Assigned to Milestone
pcsc-lite (Ubuntu)
Undecided
Unassigned

Bug Description

When I use Firefox to try and access a website using my CAC card, with a Broadcom Corp 5880 [Contacted SmartCard] smart card reader on a Dell Precision 7510 and libcackey, my web browser hangs for a bit, then fails, and looking at pcscd's log shows the following (note the lines:
"00000026 ifdwrapper.c:348:IFDStatusICC() Card not transacted: 612
00000002 winscard.c:592:SCardReconnect() Error resetting card."

Ubuntu 14.04.4, kernel 4.2.0-38-generic.

See below:

winscard.c:1632:SCardTransmit() UnrefReader() count was: 2
00000003 winscard_svc.c:608:ContextThread() TRANSMIT rv=0x0 for client 15
00000039 winscard_svc.c:319:ContextThread() Received command: TRANSMIT from client 15
00000008 readerfactory.c:772:RFReaderInfoById() RefReader() count was: 1
00000003 winscard.c:1587:SCardTransmit() Send Protocol: T=0
00000003 APDU: 00 C0 00 00 BA
00000003 ifdhandler.c:1266:IFDHTransmitToICC() usb:0a5c/5800:libudev:1:/dev/bus/usb/001/005 (lun: 0)
00014006 commands.c:1456:CCID_Receive() Can't read all data (54 out of 188 expected)
00000012 SW:
00000003 ifdwrapper.c:527:IFDTransmit() Card not transacted: 612
00000003 winscard.c:1612:SCardTransmit() Card not transacted: 0x80100016
00000002 winscard.c:1632:SCardTransmit() UnrefReader() count was: 2
00000003 winscard_svc.c:608:ContextThread() TRANSMIT rv=0x80100016 for client 15
00000038 winscard_svc.c:319:ContextThread() Received command: RECONNECT from client 15
00000007 winscard.c:504:SCardReconnect() Attempting reconnect to token.
00000003 readerfactory.c:772:RFReaderInfoById() RefReader() count was: 1
00230568 ccid_usb.c:790:ReadUSB() read failed (1/5): -8 Resource temporarily unavailable
00000026 ifdwrapper.c:348:IFDStatusICC() Card not transacted: 612
00000002 winscard.c:592:SCardReconnect() Error resetting card.
00000002 winscard.c:793:SCardReconnect() UnrefReader() count was: 2
00000003 winscard_svc.c:472:ContextThread() RECONNECT rv=0x80100066 for client 15
00000049 winscard_svc.c:319:ContextThread() Received command: TRANSMIT from client 15
00000007 readerfactory.c:772:RFReaderInfoById() RefReader() count was: 1
00000002 winscard.c:1632:SCardTransmit() UnrefReader() count was: 2
00000001 winscard_svc.c:608:ContextThread() TRANSMIT rv=0x80100068 for client 15
00000014 winscard_svc.c:319:ContextThread() Received command: DISCONNECT from client 15
00000004 readerfactory.c:772:RFReaderInfoById() RefReader() count was: 1
00000002 winscard.c:850:SCardDisconnect() Active Contexts: 1
00000002 winscard.c:851:SCardDisconnect() dwDisposition: 0
00000001 winscard.c:1016:SCardDisconnect() powerState: POWER_STATE_GRACE_PERIOD
00000003 ifdhandler.c:362:IFDHGetCapabilities() tag: 0xFB2, usb:0a5c/5800:libudev:1:/dev/bus/usb/001/005 (lun: 0)
00000002 winscard.c:1030:SCardDisconnect() Stopping polling thread
00000014 ifdhandler.c:327:IFDHStopPolling() usb:0a5c/5800:libudev:1:/dev/bus/usb/001/005 (lun: 0)
00000147 winscard.c:1043:SCardDisconnect() UnrefReader() count was: 2
00000007 winscard_svc.c:490:ContextThread() DISCONNECT rv=0x0 for client 15
00000049 winscard_svc.c:319:ContextThread() Received command: CONNECT from client 15
00000024 winscard.c:235:SCardConnect() Attempting Connect to Broadcom Corp 5880 [Contacted SmartCard] (0123456789ABCD) 00 00 using protocol: 3
00000002 readerfactory.c:745:RFReaderInfo() RefReader() count was: 1
00000002 winscard.c:322:SCardConnect() Card Not Powered

Zach La Celle (zlacelle) wrote :

The versions I were using before (from the Trusty repositories) are pcscd 1.8.10 and libccid 1.4.15.

I've installed PCSC version 1.8.17 and libccid 1.4.24:

$ /usr/local/sbin/pcscd --version
pcsc-lite version 1.8.17.
Copyright (C) 1999-2002 by David Corcoran <email address hidden>.
Copyright (C) 2001-2015 by Ludovic Rousseau <email address hidden>.
Copyright (C) 2003-2004 by Damien Sauveron <email address hidden>.
Report bugs to <email address hidden>.
Enabled features: Linux x86_64-pc-linux-gnu serial usb libudev usbdropdir=/usr/local/lib/pcsc/drivers ipcdir=/var/run/pcscd configdir=/usr/local/etc/reader.conf.d

Both configurations cause the same errors, where it seems that it fails to read the card. I've attached the lsusb of the broadcom device, as well as the complete log.

Zach La Celle (zlacelle) wrote :
Zach La Celle (zlacelle) wrote :

The problem is:
00000003 APDU: 00 C0 00 00 BA
00000002 ifdhandler.c:1295:IFDHTransmitToICC() usb:0a5c/5800:libudev:1:/dev/bus/usb/001/007 (lun: 0)
00000002 commands.c:1740:CmdXfrBlockTPDU_T0() T=0: 5 bytes
00000003 -> 000000 6F 05 00 00 00 00 17 00 00 00 00 C0 00 00 BA
00014454 <- 000000 80 BC 00 00 00 00 17 00 00 00 A0 00 00 00 79 03 02 40 70 50 72 47 67 00 ED CB C7 00 ED CB C7 21 21 A0 00 00 00 79 01 02 00 01 00 00 00 00 00 00 00 A0 00 00 00 79 01 02 01 01 00 00 00 00 00 00
00000013 commands.c:1551:CCID_Receive() Can't read all data (54 out of 188 expected)
00000003 SW:
00000002 ifdwrapper.c:548:IFDTransmit() Card not transacted: 612
00000001 winscard.c:1643:SCardTransmit() Card not transacted: 0x80100016

Maybe you can find a BIOS upgrade or something similar on the Dell and/or Broadcom website.

I moved the reader in the "Unsupported or partly supported CCID readers" list
https://pcsclite.alioth.debian.org/ccid/unsupported.html#0x0A5C0x5800

I have no solution for now.

 may it be similar to the following poblema http://www.natisbad.org/E4300/?
The link propose a patch to remove a sequence of NULL

Quote:
 After some debugging at opensc level, it seems that the reader returns (via openct) some APDU with leading NULL bytes (more precisely, 252 of those NULL bytes). I wrote a small temporary fix (below) for opensc package but the problem should probably be corrected at a lower level level.

Index: opensc-0.11.4/src/libopensc/apdu.c
===================================================================
--- opensc-0.11.4.orig/src/libopensc/apdu.c 2008-12-26 09:37:55.000000000 +0100
+++ opensc-0.11.4/src/libopensc/apdu.c 2008-12-26 09:41:36.000000000 +0100
@@ -455,6 +455,25 @@
                          return SC_ERROR_NOT_SUPPORTED;
                  }

+#define BROADCOM_E4300_BUG_APDU_DROP 252
+ if (apdu->resplen >= BROADCOM_E4300_BUG_APDU_DROP) {
+ int i, allzero=1;
+ u8 *tmp = apdu->resp;
+
+ for (i=0; i < BROADCOM_E4300_BUG_APDU_DROP; i++) {
+ if (tmp[i] != 0) {
+ allzero = 0;
+ break;
+ }
+ }
+
+ if (allzero) {
+ memmove(tmp, tmp + BROADCOM_E4300_BUG_APDU_DROP,
+ apdu->resplen - BROADCOM_E4300_BUG_APDU_DROP);
+ apdu->resplen -= BROADCOM_E4300_BUG_APDU_DROP;
+ }
+ }
+
    /* if the command already returned some data
     * append the new data to the end of the buffer
     */

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in pcsc-lite (Ubuntu):
status: New → Confirmed
nunojpg (nunojpg) wrote :

My reader 0a5c:5800 was today automatically "converted" to a 0a5c:5832 via a Broadcom firmware upgrade, made available by Dell, and delivered trough Windows 10 update.

0a5c:5832 is supported by Ludovic Rousseau CCID driver.

I am not aware it the firmware upgrade can be applied without Windows.

It seems to work fine, but I do get a huge amount of this warnings when I'm reading a card:

kernel: xhci_hcd 0000:00:14.0: WARN Event TRB for slot 6 ep 4 with no TDs queued?

It looks like the problem is now fixed. A new bug may be created about the kernel warnings.

I wrote about the firmware upgrade at https://ludovicrousseau.blogspot.fr/2016/08/broadcom-ccid-readers.html

Zach La Celle (zlacelle) wrote :
Download full text (4.8 KiB)

I'm confirming that the info from @nunojpg seems to hold for my reader as well. It updated from 0a5c:5800 to 0a5c:5832, using the Dell ControlVault2 update you listed above.

This firmware seems to work correctly (although now my security devices in the browser aren't working, but that's another matter):

00000000 debuglog.c:289:DebugLogSetLevel() debug level=debug
00000012 debuglog.c:310:DebugLogSetCategory() Debug options: APDU
^[[36m00000006^[[0m ^[[34mpcscdaemon.c:357:main() Force colored logs^[[0m
^[[36m00000312^[[0m configfile.l:358:DBGetReaderList() Parsing conf file: /usr/local/etc/reader.conf.d
^[[36m00000019^[[0m ^[[34mpcscdaemon.c:672:main() pcsc-lite 1.8.17 daemon ready.^[[0m
^[[36m00002333^[[0m hotplug_libudev.c:294:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0002, path: /dev/bus/usb/001/001
^[[36m00000041^[[0m hotplug_libudev.c:294:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0002, path: /dev/bus/usb/001/001
^[[36m00000035^[[0m hotplug_libudev.c:294:get_driver() Looking for a driver for VID: 0x0A5C, PID: 0x5832, path: /dev/bus/usb/001/007
^[[36m00000033^[[0m hotplug_libudev.c:294:get_driver() Looking for a driver for VID: 0x0A5C, PID: 0x5832, path: /dev/bus/usb/001/007
^[[36m00000030^[[0m hotplug_libudev.c:294:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0002, path: /dev/bus/usb/001/001
^[[36m00000035^[[0m hotplug_libudev.c:294:get_driver() Looking for a driver for VID: 0x1BCF, PID: 0x2B91, path: /dev/bus/usb/001/008
^[[36m00000030^[[0m hotplug_libudev.c:294:get_driver() Looking for a driver for VID: 0x1BCF, PID: 0x2B91, path: /dev/bus/usb/001/008
^[[36m00000032^[[0m hotplug_libudev.c:294:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0002, path: /dev/bus/usb/001/001
^[[36m00000032^[[0m hotplug_libudev.c:294:get_driver() Looking for a driver for VID: 0x413C, PID: 0x2513, path: /dev/bus/usb/001/002
^[[36m00000033^[[0m hotplug_libudev.c:294:get_driver() Looking for a driver for VID: 0x0C45, PID: 0x0133, path: /dev/bus/usb/001/004
^[[36m00000033^[[0m hotplug_libudev.c:294:get_driver() Looking for a driver for VID: 0x0C45, PID: 0x0133, path: /dev/bus/usb/001/004
^[[36m00000030^[[0m hotplug_libudev.c:294:get_driver() Looking for a driver for VID: 0x413C, PID: 0x2513, path: /dev/bus/usb/001/002
^[[36m00000034^[[0m hotplug_libudev.c:294:get_driver() Looking for a driver for VID: 0x045E, PID: 0x0040, path: /dev/bus/usb/001/006
^[[36m00000032^[[0m hotplug_libudev.c:294:get_driver() Looking for a driver for VID: 0x413C, PID: 0x2513, path: /dev/bus/usb/001/002
^[[36m00000030^[[0m hotplug_libudev.c:294:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0002, path: /dev/bus/usb/001/001
^[[36m00000033^[[0m hotplug_libudev.c:294:get_driver() Looking for a driver for VID: 0x8087, PID: 0x0A2B, path: /dev/bus/usb/001/003
^[[36m00000031^[[0m hotplug_libudev.c:294:get_driver() Looking for a driver for VID: 0x8087, PID: 0x0A2B, path: /dev/bus/usb/001/003
^[[36m00000031^[[0m hotplug_libudev.c:294:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0002, path: /dev/bus/usb/001/001
^[[36m00000031^[[0m hotplug_libudev.c:294:get_driver() Looking for a driver for VID: 0x413C, PID: 0x2513, pa...

Read more...

carloslp (carloslp) wrote :

I was able to upgrade the firmware of the reader from a virtual machine running windows with virt-manager/qemu.

But I don't recommend this method of upgrade.

You have to attach the broadcom usb device to the machine, then execute the dell control vault2 firmware upgrade.

The thing is that once it starts the USB device will disappear, and it will appear again with a 0a5c:5831 ID. You have to be quick to reatach this new usb device (in live) on the machine so the upadate can continue. And it will disappear again and appear again. Like 8 times. If you fail to be quick in attaching the device the updater will abort and will tell you to reboot.

If the device don't completes the update it will be unusable. It will not identify itself as a smart card reader and will have the 0a5c:5831 ID.

You can however retry the update.

Once the upgrade completes the USB ID will change to 0a5c:5832 and it will identify itself as a smart card reader.

Another important thing is that you have to enable the TPM and set it to disable. And also attach the TPM as a passthrough device on the qemu/kvm machine for it to work.

I finally was able to upgrade the firmware correctly using this dirty method.

So, meanwhile I achieved to upgrade the firmware from a windows virtual machine, I don't recommend it.

I think in the end is simple and less risky to run the upgrade from windows directly.

Its a shame that dell or broadcom don't provide a way of updating this firmware without requiring windows.

carloslp (carloslp) wrote :

@zlacelle.. what you are missing is an updated libccid. You need version 1.25 which is still unreleased. What I did was rebuilt the libccid 1.24 package after applying manually this patch https://alioth.debian.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=pcsclite/CCID.git;a=commitdiff;h=7211ce71b1bb0866efc2dad6eba7058743f7eed7

Changed in pcsc-lite (Ubuntu):
status: Confirmed → Won't Fix
Mario Limonciello (superm1) wrote :

Just to add clarity to this issue:

The ID's in the old FW release are not supported by CCID and have been removed in git:
https://github.com/LudovicRousseau/CCID/commit/e6a7548623f35d428f9f410f4b885fd04e34070a
https://github.com/LudovicRousseau/CCID/commit/2f68054ce81aa10ec60adf9a92c66dca64bdd415

After performing a FW upgrade new device ID's will be created which are compliant.
If you're seeing the old ID's you'll have to upgrade the FW (which there unfortunately isn't currently a way to do this on Linux).

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers