Bug 1665253

Summary: RFE: Add support for the Dell KB813 Smart Card Keyboard to OpenSC
Product: Red Hat Enterprise Linux 7 Reporter: Jason Fonseca <jason.c.fonseca>
Component: openscAssignee: Jakub Jelen <jjelen>
Status: CLOSED NEXTRELEASE QA Contact: Asha Akkiangady <aakkiang>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 7.6CC: amitkuma, dwhitley, jvilicic
Target Milestone: rcKeywords: FutureFeature, Reopened
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-07-23 15:10:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jason Fonseca 2019-01-10 19:31:58 UTC 
The Dell KB813 smart-card keyboard is the default keyboard shipped with Dell systems that are supported by RHEL 7.  For instance, the Dell Precision 3620 [1] ships with this keyboard.  According to "Smart card support in RHEL7.4+" [2], CoolKey has been deprecated in favor of OpenSC.  Unfortunately, OpenSC does not work with the reader in this keyboard.  pkcs11-tool will show the reader as empty when pam_pkcs11 is configured to use OpenSC:

Slot 1 (0x4): Dell Dell Smart Card Reader Keyboard 01 00
  (empty)

CoolKey supports this reader and will show a card present.  Please add support for the Dell KB813 smart-card keyboard to OpenSC.

[1] https://access.redhat.com/ecosystem/hardware/2111481
[2] https://access.redhat.com/articles/3034441
Comment 3 Jakub Jelen 2019-01-11 11:12:34 UTC 
Please, open a ticked with your Red Hat support. They will help you investigate the issue and provide more useful information. From this report it is unclear what is the actual issue.
Comment 4 amitkuma 2019-01-25 11:24:14 UTC 
Customer provided information:
[root@host ~]# lsusb
Bus 002 Device 004: ID 0bc2:331a Seagate RSS LLC 
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 004: ID 413c:2101 Dell Computer Corp. SmartCard Reader Keyboard
Bus 001 Device 003: ID 0461:4e22 Primax Electronics, Ltd 
Bus 001 Device 002: ID 03f0:152a HP, Inc 
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

[root@host ~]# pcsc_scan
PC/SC device scanner
V 1.4.25 (c) 2001-2011, Ludovic Rousseau <ludovic.rousseau>
Compiled with PC/SC lite version: 1.8.8
Using reader plug'n play mechanism
Scanning present readers...
0: Dell Dell Smart Card Reader Keyboard 01 00

Thu Jan 24 15:46:10 2019
Reader 0: Dell Dell Smart Card Reader Keyboard 01 00
  Card state: Card removed, 
^C
(The above command hung at this point and had to be ctrl-c to get a prompt back.)

[root@host ~]# opensc-tool -lan
# Detected readers (pcsc)
Nr.  Card  Features  Name
0    No              Dell Dell Smart Card Reader Keyboard 01 00
Card not present.

[root@host ~]# p11tool --provider /usr/lib64/libcoolkeypk11.so --list-all-certs
warning: no token URL was provided for this operation; the available tokens are:
[root@host ~]# p11tool --provider /usr/lib64/pkcs11/opensc-pkcs11.so --list-tokens
(no output)
Comment 5 Simo Sorce 2019-02-11 15:41:44 UTC 
This issue was not selected to be included either in Red Hat Enterprise Linux 7.7 because it is seen either as low or moderate impact to a small amount of use-cases. The next release will be in Maintenance Support 1 Phase, which means that qualified Critical and Important Security errata advisories (RHSAs) and Urgent Priority Bug Fix errata advisories (RHBAs) may be released as they become available. We will now close this issue, but if you believe that it qualifies for the Maintenance Support 1 Phase, please re-open; otherwise we recommend moving the request to Red Hat Enterprise Linux 8 if applicable.
Comment 6 Jakub Jelen 2019-02-13 16:46:15 UTC 
This is still under investigation.
Comment 7 Jakub Jelen 2019-05-10 09:50:38 UTC 
Please, provide some more information about the card you are trying to use.

I finally have a Dell keyboard and it looks like it works fine with the supported cards I have around.
Comment 9 Jason Fonseca 2019-05-15 19:20:55 UTC 
I was using a CAC on RHEL 7.6 using opensc 0.16.0-10.

Using a later version of opensc, 0.19.0-3, the Dell reader appears to work, but we get the following error messages:

May 14 15:27:06 host systemd[1]: Started PC/SC Smart Card Daemon.
May 14 15:27:06 host pcscd[8209]: 00000000 utils.c:53:GetDaemonPid() Can't open /var/run/pcscd/pcscd.pid: No such file or directory
May 14 15:27:06 host pcscd[8209]: 00005094 ifdhandler.c:117:CreateChannelByNameOrChannel() failed
May 14 15:27:06 host pcscd[8209]: 00000010 readerfactory.c:1009:RFInitializeReader() Open Port 0x200000 Failed (usb:413c/2101:libudev:0:/dev/bus/usb/001/003)
May 14 15:27:06 host pcscd[8209]: 00000004 readerfactory.c:312:RFAddReader() Dell Dell Smart Card Reader Keyboard init failed.
Comment 12 Jakub Jelen 2019-05-16 08:35:33 UTC 
Thank you for the update. So lets focus on one thing at a time. The opensc 0.19.0 will be in the next update of RHEL7 so lets focus on the behavior of that.

It also ships minimal opensc.conf, which I am using for my testing. The only notable thing is the "enable_pinpad = false;" part, which should be in the packaged version, because the behavior of the pinpad is really weird to my experience. This is my opensc.conf:

app default {
	# debug = 3;
	# debug_file = opensc-debug.txt;
	framework pkcs15 {
		# use_file_caching = true;
	}
	reader_driver pcsc {
		# The pinpad is disabled by default,
		# because of many broken readers out there
		enable_pinpad = false;
	}
}

To speed up things, you might modify the configuration per the recommendation in [1], specifying the cac driver first by adding the "card_drivers = cac, internal;" to the "app default" block.

To the pcscd errors, it looks like I see them also in the log, but even though the reader seems to work fine for me:

pcscd[32090]: 99999999 ifdhandler.c:150:CreateChannelByNameOrChannel() failed
pcscd[32090]: 00001306 readerfactory.c:1106:RFInitializeReader() Open Port 0x200000 Failed (usb:413c/2101:libudev:0:/dev/bus/usb/001/109)
pcscd[32090]: 00000125 readerfactory.c:376:RFAddReader() Dell Dell Smart Card Reader Keyboard init failed.

For the second error, it does not look like I am getting that one. Can you share the opensc debug log (by modifying the opensc.conf) around that time when you see this error?

[1] https://access.redhat.com/articles/3034441
Comment 13 amitkuma 2019-05-16 09:37:41 UTC 
jakub,

1. About error logs:
Customer is seeing logs from "commands.c", "ifdwrapper.c", "winscard.c".
Yours looks different!!

2. enable_pinpad = false;
I would also be very keen to know the usage and meaning of this parameter?

3. We have asked customer to use "card_drivers = cac, PIV-II;"

4. We have also asked opensc logs.
Comment 15 Jason Fonseca 2019-05-22 18:35:13 UTC 
(In reply to Jakub Jelen from comment #12)
> It also ships minimal opensc.conf, which I am using for my testing.

Mine also has a much longer /etc/opensc-x86_64.conf file.  Which of these should be modified?  Either or both?
Comment 17 amitkuma 2019-05-23 09:09:14 UTC 
dear Jason,
The updated version looks only on opensc.conf
Comment 19 Jakub Jelen 2019-06-12 07:16:10 UTC 
It affects how the card behaves when the application disconnects, which is especially important when handling parallel access from more applications. But it should not have any effect on the way how the reader works with the card the rest of the time, but I recommend using  disconnect_action = leave;  which should be default in the new OpenSC.
Comment 20 Jakub Jelen 2019-07-23 15:10:23 UTC 
This is supposed to work fine in RHEL 7.7. If not, please, reopen.