1002425 – Smartcard emulation fails with physical smartcard

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1002425 - Smartcard emulation fails with physical smartcard

Summary: Smartcard emulation fails with physical smartcard

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	qemu-kvm
Sub Component:
Version:	6.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	David Blechter
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-08-29 07:46 UTC by Chao Yang
Modified:	2017-12-06 12:32 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-12-06 12:32:55 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
screenshot of VM (108.04 KB, image/png) 2013-08-29 07:46 UTC, Chao Yang	no flags	Details
system log in windows (143.37 KB, text/plain) 2013-08-29 07:53 UTC, Chao Yang	no flags	Details
View All

Description Chao Yang 2013-08-29 07:46:46 UTC

Created attachment 791628 [details]
screenshot of VM

Description of problem:
Booted a guest with smartcard support, connected smartcard reader with a CAC card inserted, connected guest with remote-viewer. But in guest, after installing ESC, there is no working driver for smart card. System log in windows will be attached.

Version-Release number of selected component (if applicable):
qemu-kvm-0.12.1.2-2.398.el6.x86_64
2.6.32-412.el6.x86_64

Client:
libcacard-0.15.0-2.el6.x86_64
esc-1.1.0-26.el6.x86_64

How reproducible:
1/1

Steps to Reproduce:
1. boot a windows 7 64 bit guest with smartcard support:
/usr/libexec/qemu-kvm -name test -M rhel6.5.0 -enable-kvm -cpu host -m 2048 -smp 2,sockets=2,cores=1,threads=1 -nodefaults -netdev tap,id=hostnet0 -device e1000,netdev=hostnet0,id=net0,mac=00:1a:4a:42:76:36,bus=pci.0 -k en-us -vga qxl -spice port=7000,disable-ticketing -chardev spicevmc,name=smartcard,id=ccid -device usb-ccid -device ccid-card-passthru,chardev=ccid -usb -monitor stdio -boot menu=on -drive file=/home/chayang/win-7_x86_64.qcow2,if=none,id=drive-virtio-disk0,format=qcow2,cache=none,werror=stop,rerror=stop,aio=native -device ide-drive,bus=ide.0,unit=0,drive=drive-virtio-disk0,id=virtio-disk0 -cdrom en_windows_7_ultimate_with_sp1_x64_dvd_u_677332.iso

2. plug in smart card reader with a CAC card inserted

3. connect to guest with physical smartcard with remote-viewer

4. install ESC in windows

Actual results:
No working driver for Smart Card

Expected results:


Additional info:

Comment 2 Chao Yang 2013-08-29 07:53:30 UTC

Created attachment 791630 [details]
system log in windows

Comment 3 Chao Yang 2013-08-29 08:01:32 UTC

I found following in system log:

Event[383]:
  Log Name: System
  Source: Microsoft-Windows-Smartcard-Server
  Date: 2013-08-29T15:18:40.000
  Event ID: 610
  Task: N/A
  Level: Error
  Opcode: Info
  Keyword: Classic
  User: N/A
  User Name: N/A
  Computer: john-PC
  Description:
Smart Card Reader 'QEMU 0.12.1 QEMU USB CCID 0' rejected IOCTL GET_ATTRIBUTE: The request is not supported.  If this error persists, your smart card or reader may not be functioning correctly.

Command Header: 07 a0 07 00

Comment 5 Chao Yang 2013-08-29 08:22:05 UTC

And I managed to read smartcard with ESC in a bare metal windows 7 64 bit system, the driver for Smart Card works well.

Comment 6 Ademar Reis 2013-09-05 17:40:03 UTC

Reassigning to Alon, who fixed the other smartcard BZ (bug 917860) and is knowledgeable in this area.

Comment 7 Alon Levy 2013-09-09 10:15:29 UTC

Can you please try with libcacard-0.15.0-3.el6.x86_64 (i.e. release 3, not 2) on the client?

Alon

Comment 8 Alon Levy 2013-09-09 10:22:59 UTC

oops, not built yet - sorry, I thought I already did that. Brew build: http://brewweb.devel.redhat.com/brew/taskinfo?taskID=6256807

Comment 9 Chao Yang 2013-09-11 10:43:12 UTC

(In reply to Alon Levy from comment #8)
> oops, not built yet - sorry, I thought I already did that. Brew build:
> http://brewweb.devel.redhat.com/brew/taskinfo?taskID=6256807

I tried, still reproducible. 

A snip of output of remote-viewer:

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: status=36864 sw1=0x90 sw2=0x0 len=7 (total=9)

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: CLS=0x0,INS=0xa4,P1=0x4,P2=0x0,Lc=7,Le=0 select file

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: status=27266 sw1=0x6a sw2=0x82 len=0 (total=2)

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: CLS=0x0,INS=0xa4,P1=0x4,P2=0x0,Lc=7,Le=0 select file

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: status=27266 sw1=0x6a sw2=0x82 len=0 (total=2)

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: CLS=0x0,INS=0xa4,P1=0x4,P2=0x0,Lc=7,Le=0 select file

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: status=24839 sw1=0x61 sw2=0x7 len=0 (total=2)

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: CLS=0x0,INS=0xc0,P1=0x0,P2=0x0,Lc=0,Le=7 get response

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: status=36864 sw1=0x90 sw2=0x0 len=7 (total=9)

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: CLS=0x0,INS=0xa4,P1=0x4,P2=0x0,Lc=7,Le=0 select file

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: status=24839 sw1=0x61 sw2=0x7 len=0 (total=2)

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: CLS=0x0,INS=0xc0,P1=0x0,P2=0x0,Lc=0,Le=7 get response

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: status=36864 sw1=0x90 sw2=0x0 len=7 (total=9)

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: CLS=0x0,INS=0x36,P1=0x0,P2=0x0,Lc=0,Le=100 get certificate

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: status=25599 sw1=0x63 sw2=0xff len=100 (total=102)

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: CLS=0x0,INS=0xa4,P1=0x4,P2=0x0,Lc=7,Le=0 select file

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: status=24839 sw1=0x61 sw2=0x7 len=0 (total=2)

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: CLS=0x0,INS=0xc0,P1=0x0,P2=0x0,Lc=0,Le=7 get response

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: status=36864 sw1=0x90 sw2=0x0 len=7 (total=9)

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: CLS=0x0,INS=0xa4,P1=0x4,P2=0x0,Lc=7,Le=0 select file

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: status=27266 sw1=0x6a sw2=0x82 len=0 (total=2)

Comment 11 RHEL Program Management 2013-10-14 02:30:12 UTC

This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.

Comment 12 David Jaša 2014-07-30 14:26:09 UTC

Hi Chao,

I believe that this bug is actually a dupe of bug 961964, do you agree? If I read correctly, the problem you describe regards Windows VMs with ActivClient. If RHEL guest works correctly with the same client setup, it's exactly the same issue.

Comment 13 Chao Yang 2014-08-01 01:27:33 UTC

(In reply to David Jaša from comment #12)
> Hi Chao,
> 
> I believe that this bug is actually a dupe of bug 961964, do you agree? If I
> read correctly, the problem you describe regards Windows VMs with
> ActivClient. If RHEL guest works correctly with the same client setup, it's
> exactly the same issue.

Hi David,

To ensure this bug is a dupe of bug 961964, I have to retest again on a rhel guest. I'll update here once I got the results of both windows and rhel guest on latest qemu-kvm as well as kernel bit.

Comment 15 Chao Yang 2014-08-06 08:12:55 UTC

(In reply to David Jaša from comment #12)
> Hi Chao,
> 
> I believe that this bug is actually a dupe of bug 961964, do you agree? If I
> read correctly, the problem you describe regards Windows VMs with
> ActivClient. If RHEL guest works correctly with the same client setup, it's
> exactly the same issue.

Hi David,

I tested on latest rhel6.6 host, I got "pcscd: winscard.c:362:SCardConnect() Card Not Inserted" in guest dmesg. This didn't happen on host.

Packages involved:
esc-1.1.0-26.el6.x86_64
libcacard-0.15.0-2.el6.x86_6
qemu-kvm-0.12.1.2-2.435.el6.x86_64

Comment 16 Alon Levy 2014-08-18 06:38:44 UTC

Does this happen also with fedora? I no longer have access to bug 961964 but looking at the description again the error seems to be one of the card reader, not of the card emulation (i.e. GET ATTRIBUTE). Fedora would just make it easier to reproduce, debug & fix for me.

Comment 17 Chao Yang 2014-08-21 06:44:16 UTC

(In reply to alevy from comment #16)
> Does this happen also with fedora? I no longer have access to bug 961964 but
> looking at the description again the error seems to be one of the card
> reader, not of the card emulation (i.e. GET ATTRIBUTE). Fedora would just
> make it easier to reproduce, debug & fix for me.

I met same error as Bug 1086791 with F20. And tried F18 as Bug 1024053 told, esc was able to start, but didn't find any card inserted.

Comment 18 Jan Kurik 2017-12-06 12:32:55 UTC

Red Hat Enterprise Linux 6 is in the Production 3 Phase. During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available.

The official life cycle policy can be reviewed here:

http://redhat.com/rhel/lifecycle

This issue does not meet the inclusion criteria for the Production 3 Phase and will be marked as CLOSED/WONTFIX. If this remains a critical requirement, please contact Red Hat Customer Support to request a re-evaluation of the issue, citing a clear business justification. Note that a strong business justification will be required for re-evaluation. Red Hat Customer Support can be contacted via the Red Hat Customer Portal at the following URL:

https://access.redhat.com/

Note You need to log in before you can comment on or make changes to this bug.