Bug 1657365

Summary: opensc fails to access smartcard while coolkey works
Product: Red Hat Enterprise Linux 7 Reporter: joel <jwooten>
Component: openscAssignee: Jakub Jelen <jjelen>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Asha Akkiangady <aakkiang>
Severity: high Docs Contact:
Priority: unspecified    
Version: 7.6CC: jwooten
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-01-16 16:54:08 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description joel 2018-12-07 19:21:48 UTC 
Description of problem:
opensc is failing to read card getting error -
(repeat) [opensc-pkcs11] card-coolkey.c:932:coolkey_apdu_io: called
[opensc-pkcs11] card-coolkey.c:1866:coolkey_compute_crypt: returning with: -1300 (Invalid arguments)
[opensc-pkcs11] sec.c:58:sc_compute_signature: returning with: -1300 (Invalid arguments)

Version-Release number of selected component (if applicable):


How reproducible:
very

Steps to Reproduce:
1.pkcs11-tool --test --login
2.
3.

Actual results:
error PKCS11 function C_SignFinal failed: rv = CKR_ARGUMENTS_BAD (0x7)
Aborting.

Expected results:
succeeds

Additional info:
Comment 3 joel 2018-12-11 02:07:01 UTC 
The card reader is :
Card reader types
SCM Microsystems Inc. SCR 3310 [CCID Interface] 00

And the card is :
Giesecke & Devrient (PIV endpoint)     
The output of opensc-tool --attr shows the ATR bytes of the card to be
        3b:7a:18:00:00:73:66:74:65:20:63:64:31:34:34
  
As to the size of the keys how should I retrieve those? We tried: # pkcs11-tool --test --login

But this failed to output the any signatures.

Attaching that output as: redhat-pkcs11-tool-debug-output.txt
Comment 5 Jakub Jelen 2018-12-11 09:47:24 UTC 
OK, so you have PIV card and you are getting the errors in coolkey. That is indeed a misconfiguration.

Does it work if you run it with explicitly selected PIV or CAC driver?

  OPENSC_DRIVER=PIV-II pkcs11-tool --test --login

  OPENSC_DRIVER=cac pkcs11-tool --test --login

You can get the size of the keys on the card by listing the objects on the card:

  pkcs11-tool -O
Comment 6 joel 2019-12-04 00:18:48 UTC 
case abandoned by customer