Bug 1092751
| Summary: | Missing support for Reiner SCT cyberJack® RFID standard card reader | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Robert Scheck <redhat-bugzilla> | ||||
| Component: | pcsc-lite | Assignee: | Bob Relyea <rrelyea> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Asha Akkiangady <aakkiang> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 6.5 | CC: | ashishks, kengert, ludovic.rousseau, mschuppe, robert.scheck, rpattath, rrelyea | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | pcsc-lite-1.5.2-14.el6 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2014-10-14 06:36:40 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
Robert Scheck
2014-04-29 22:05:27 UTC
This is how it looks for me using pcsc-lite-1.6.4-4.fc14 started with --debug: Apr 29 23:34:54 rsc pcscd: hotplug_libhal.c:320:get_driver() Looking a driver for VID: 0x0C4B, PID: 0x0500 Apr 29 23:34:54 rsc pcscd: hotplug_libhal.c:368:HPAddDevice() Adding USB device: usb_device_c4b_500_0123456789_if0 Apr 29 23:34:55 rsc pcscd: readerfactory.c:959:RFInitializeReader() Attempting startup of REINER SCT cyberJack RFID standard (0123456789) 00 00 using /usr/lib64/pcsc/drivers/libifd-cyberjack.bundle/Contents/Linux/libifd-cyberjack.so Apr 29 23:34:55 rsc pcscd: readerfactory.c:849:RFBindFunctions() Loading IFD Handler 3.0 Apr 29 23:34:55 rsc pcscd: readerfactory.c:990:RFInitializeReader() Open Port 200000 Failed (usb:0c4b/0500:libhal:/org/freedesktop/Hal/devices/usb_device_c4b_500_0123456789_if0) Apr 29 23:34:55 rsc pcscd: readerfactory.c:886:RFUnloadReader() Unloading reader driver. Apr 29 23:34:55 rsc pcscd: readerfactory.c:257:RFAddReader() REINER SCT cyberJack RFID standard (0123456789) init failed. Apr 29 23:34:55 rsc pcscd: hotplug_libhal.c:465:HPAddDevice() trying libusb scheme with: usb:0c4b/0500:libusb:002:014 Apr 29 23:34:55 rsc pcscd: readerfactory.c:959:RFInitializeReader() Attempting startup of REINER SCT cyberJack RFID standard (0123456789) 00 00 using /usr/lib64/pcsc/drivers/libifd-cyberjack.bundle/Contents/Linux/libifd-cyberjack.so Apr 29 23:34:55 rsc pcscd: readerfactory.c:849:RFBindFunctions() Loading IFD Handler 3.0 Apr 29 23:34:56 rsc pcscd: readerfactory.c:273:RFAddReader() Using the pcscd polling thread Please note that the real serial number has been replaced by "0123456789". This is how it looks for me using pcsc-lite-1.5.2-13.el6_4 started with --debug: Apr 29 23:35:36 rsc pcscd: hotplug_libhal.c:307:get_driver() Looking a driver for VID: 0x0C4B, PID: 0x0500 Apr 29 23:35:36 rsc pcscd: hotplug_libhal.c:342:HPAddDevice() Adding USB device: usb_device_c4b_500_0123456789_if0 Apr 29 23:35:37 rsc pcscd: readerfactory.c:1024:RFInitializeReader() Attempting startup of REINER SCT cyberJack RFID standard (0123456789) 00 00 using /usr/lib64/pcsc/drivers/libifd-cyberjack.bundle/Contents/Linux/libifd-cyberjack.so Apr 29 23:35:37 rsc pcscd: readerfactory.c:877:RFBindFunctions() Loading IFD Handler 3.0 Apr 29 23:35:37 rsc pcscd: readerfactory.c:1050:RFInitializeReader() Open Port 200000 Failed (usb:0c4b/0500:libhal:/org/freedesktop/Hal/devices/usb_device_c4b_500_0123456789_if0) Apr 29 23:35:37 rsc pcscd: readerfactory.c:914:RFUnloadReader() Unloading reader driver. Apr 29 23:35:37 rsc pcscd: readerfactory.c:233:RFAddReader() REINER SCT cyberJack RFID standard (0123456789) init failed. Apr 29 23:35:37 rsc pcscd: hotplug_libhal.c:397:HPAddDevice() Failed adding USB device: usb_device_c4b_500_0123456789_if0 Created attachment 890964 [details]
pcsc-lite-1.5.2-libusb-scheme.patch
1:1 backport from pcsc-lite 1.6.x of the additional try to use the libusb
scheme before giving up.
And this is how it looks for me using pcsc-lite-1.5.2-13.el6_4 (plus having
attachment 890964 [details] applied) started with --debug:
Apr 30 00:08:44 rsc pcscd: hotplug_libhal.c:307:get_driver() Looking a driver for VID: 0x0C4B, PID: 0x0500
Apr 30 00:08:44 rsc pcscd: hotplug_libhal.c:342:HPAddDevice() Adding USB device: usb_device_c4b_500_0123456789_if0
Apr 30 00:08:45 rsc pcscd: readerfactory.c:1024:RFInitializeReader() Attempting startup of REINER SCT cyberJack RFID standard (0123456789) 00 00 using /usr/lib64/pcsc/drivers/libifd-cyberjack.bundle/Contents/Linux/libifd-cyberjack.so
Apr 30 00:08:45 rsc pcscd: readerfactory.c:877:RFBindFunctions() Loading IFD Handler 3.0
Apr 30 00:08:45 rsc pcscd: readerfactory.c:1050:RFInitializeReader() Open Port 200000 Failed (usb:0c4b/0500:libhal:/org/freedesktop/Hal/devices/usb_device_c4b_500_0123456789_if0)
Apr 30 00:08:45 rsc pcscd: readerfactory.c:914:RFUnloadReader() Unloading reader driver.
Apr 30 00:08:45 rsc pcscd: readerfactory.c:233:RFAddReader() REINER SCT cyberJack RFID standard (0123456789) init failed.
Apr 30 00:08:45 rsc pcscd: hotplug_libhal.c:427:HPAddDevice() trying libusb scheme with: usb:0c4b/0500:libusb:002:020
Apr 30 00:08:45 rsc pcscd: readerfactory.c:1024:RFInitializeReader() Attempting startup of REINER SCT cyberJack RFID standard (0123456789) 00 00 using /usr/lib64/pcsc/drivers/libifd-cyberjack.bundle/Contents/Linux/libifd-cyberjack.so
Apr 30 00:08:45 rsc pcscd: readerfactory.c:877:RFBindFunctions() Loading IFD Handler 3.0
Escalated (previously cross-filed) case #00779070 in Red Hat customer portal Asha, I just ordered this reader for both you and I, you should get it Tuesday. To avoid confusions: Patch from attachment #890964 [details] makes the reader working
Maybe it would be simpler to patch the libifd-cyberjack.bundle to also support the libhal: naming scheme (if you have the source code of the driver). This would avoid changing pcsc-lite. Ludovic, I do not get your point: If I am not mistaken this patch does not exclusively affect the libifd-cyberjack.bundle but possibly every non-ccid driver? So this might not only add cyberJack support but some more. Further more my patch is a really stupid backport from a newer pcsc-lite upstream release. And given that bug #887719 might cause a patch for the pcsc-lite package anyway...one more patch should not hurt, shouldn't it? Personally I do not see a reason why Red Hat should not apply this patch. I get that you as upstream are moving from libhal to libudev (might be the reason for this suggestion) but RHEL 6 will keep libhal until it goes EOL in 2020/2023... My point is: if for whatever reason RedHat do not want to patch pcsc-lite then patching libifd-cyberjack.bundle could also solve your problem. Robert, I'm about to check in your patch and I want to know if you want me to keep your name and fedora email address in the patch (that would be my default position), but I'll happily change it to something generic (like 'customer'). Bob, I am absolutely fine if you keep it. fixed in pcsc-lite-1.5.2-13.el6 Asha, to test this you'll have to install pcsc-cyberjack from epel. Followed the instructions under "4.3.2 Linux.rpm" in http://downloads.reiner-sct.de/basecomponents_en/RSCT_manual_cyberJack_RFID_universal_EN.pdf. Can any smartcard be used with the cyberJack RFID Komfort reader (for example, Gemalto 64K cards) ? (In reply to Roshni from comment #18) > Followed the instructions under "4.3.2 Linux.rpm" in > http://downloads.reiner-sct.de/basecomponents_en/ > RSCT_manual_cyberJack_RFID_universal_EN.pdf. Can any smartcard be used with > the cyberJack RFID Komfort reader (for example, Gemalto 64K cards) ? Is there a specific reason that you don't use pcsc-cyberjack RPM from EPEL? http://www.reiner-sct.com/ccsdata/documentDownload.dat?documentId=6514504 is mentioning technical details about the card reader you are referring to. But I was not able to locate any data sheet for Gemalto with technical details; if your smartcard follows the standards that the reader supports, it should work I guess. Hi Robert, The document provided in comment 19 is in German, is there one in English? Roshni, I'm confused about your comment 18 and 20. First, this bug is about testing the software included with RHEL. I don't understand why you attempt to download software from the Reiner web page. (That probably won't work, because the software Reiner provides is for SuSE and Ubunutu/Debian, not RHEL.) Second, I don't understand why you say the document is german. I see the opposite. I downloaded the PDF file from comment 18, it's all english. Even if you really want to download original software from Reiner (although you should rather use the software for RHEL that Bob provided in this bug), the installation instructions in the PDF file say to open http://www.reiner-sct.com/treiber which currently redirects to http://www.reiner-sct.com/support/download/treiber-und-software/cyberjack/ and which is indeed a page in german, but it's pretty self explanatory. Select the correct reader icon, then click Linux, and you get to a download page with a table of packages per Linux distribution. Since no RHEL is offered on that page, it probably won't help you? Kai, I have downloaded the rpm from EPEL but after installing the rpm, I inserted a card which is not being detected by the reader. Robert Scheck pointed me to http://www.reiner-sct.com/ccsdata/documentDownload.dat?documentId=6514504 which has the specifications of the cards supported by the reader (comment 19). This document is in German. Roshni, thank you for clarifying and I'm sorry about misunderstanding your comments! The first page of the german PDF file from http://www.reiner-sct.com/ccsdata/documentDownload.dat?documentId=6514504 primarily talks about compatibility with the new personal ID card issued in germany to citizens, physical features of the reader, the german certifications it has received (nPA = Neuer Personalausweis). Also, it talks about cards issued by banks in germany for secure online banking. I cannot find a list of supported cards. The specifications say the physical contact interface is according to ISO/IEC 14443 A/B and the wireless interface is according to ISO/IEC 7816 The vendor's product page can be found at: http://www.reiner-sct.com/produkte/chipkartenleser/cyberJack_RFID_komfort.html?pEl=5 I cannot find any information in english provided by the vendor. The device seems to target the german market specifically. I found another (german) PDF, which contains a table labeled "usable cards and applications" (left hand side). http://www.reiner-sct.com/pdf/datenblaetter/cyberJack_RFID_Gruppe_web.pdf - nPA (new german personal ID) - other RFID cards according to ISO/IEC 14443 - banking cards (unclear if limited to cards common in germany) - signature cards according to ISO/IEC 7816 - card used by the german health system for citizens (In reply to Kai Engert (:kaie) from comment #24) > I cannot find a list of supported cards. > The specifications say the physical contact interface is according to > ISO/IEC 14443 A/B > and the wireless interface is according to > ISO/IEC 7816 Other way round: ISO/IEC 7816 is physical contact and ISO/IEC 14443 A/B is wireless (RFID). At least I read it like that. The smartcard that I am personally using is either a DDV smartcard (DES DES method) or a RDH smartcard (RSA DES hybrid method) for HBCI/FinTS. Putting in my debit or credit card seems also to work in general even I do not have any application. Some report that GSM SIM cards can be handled as well. If I am not completely mistaken a green LED on the card reader device means that the card is recognized, and if it is blinking there recently was some communication. Unfortunately I am not sure if I have any not supported card around here to cross-check. Robert, I am not sure what you are trying to do. Maybe you can have a look at "Level 1 smart card support on GNU/Linux" http://ludovicrousseau.blogspot.fr/2014/03/level-1-smart-card-support-on-gnulinux.html For a SIM card you can use http://ludovicrousseau.blogspot.fr/search/label/sim (In reply to Ludovic Rousseau from comment #27) > Robert, I am not sure what you are trying to do. Roshni is (from what I get) looking for a list of supported smartcards with cyberJack RFID Komfort as his Gemalto 64K card doesn't seem to be supported (comment #18). Thus Kai and I tried to provide helpful information. Tested PIV cards with the cyberJack RFID komfort reader with pcsc-lite-1.5.2-14.el6 on RHEL 6.5. The reader still does not detect the card (green light does not blink), ESC on the machine shows "Unformatted card" inserted and the certs on the card are not listed on ESC. Do not know if I am missing any other dependency packages, RHEL 6.6 builds are not yet available for us. Roshni, The Oberthur ID cards seem to work, somewhat. It seems pretty easy to get the reader in a state where it's not recognizing any cards. I don't have any contactless cards to test. The Contactless cards blink blue, and the contact card blink green (appearantly). The PIV sample cards we have are both contact and contactless. The contact cards work (sometimes). It looks like when the reader is working, it recognizes the contactless cards, but I suspect they use different APDU's then the PIV contact interface, so coolkey doesn't recognize them. (I did get the reader to blink 'blue' than then old 'blue' on my PIV cards. Bob, I have 1 Oberthur card and 16 PIV cards. All of them were blinking blue and on ESC it is showing "Unformatted card" and the certs are not listed. when I did modutil -list -dbdir /etc/pki/nssdb, it shows the reader information under the coolkey module but no information about the token. Bob as per your email: (02:44:17 PM) relyea: rpattath: We can verify the bug by looking at /var/log/messages. (02:45:36 PM) relyea: Unplug the reader (02:45:44 PM) relyea: tail -f /var/log/messages (02:46:52 PM) relyea: Plug in the reader. (02:47:30 PM) relyea: Make sure the reader connects.. (02:47:32 PM) relyea: 24:RFInitializeReader() Attempting startup of REINER SCT cyberJack RFID komfort (9693835272) 00 00 using /usr/lib64/pcsc/drivers/libifd-cyberjack.bundle/Contents/Linux/libifd-cyberjack.so (02:47:32 PM) relyea: Jun 25 14:46:45 bobslaptop pcscd: readerfactory.c:877:RFBindFunctions() Loading IFD Handler 3.0 (02:47:32 PM) relyea: Jun 25 14:46:48 bobslaptop pcscd: readerfactory.c:249:RFAddReader() Using the pcscd polling thread (02:47:41 PM) relyea: A failure would look like: (02:48:09 PM) relyea: Apr 29 23:35:37 rsc pcscd: readerfactory.c:1050:RFInitializeReader() Open Port 200000 Failed (usb:0c4b/0500:libhal:/org/freedesktop/Hal/devices/usb_device_c4b_500_0123456789_if0) Apr 29 23:35:37 rsc pcscd: readerfactory.c:914:RFUnloadReader() Unloading reader driver. Apr 29 23:35:37 rsc pcscd: readerfactory.c:233:RFAddReader() REINER SCT cyberJack RFID standard (0123456789) init failed. Apr 29 23:35:37 rsc pcscd: hotplug_libhal.c:397:HPAddDevice() Failed adding USB device: usb_device_c4b_500_0123456789_if0 (02:50:03 PM) relyea: We should note that the reader does not like to handle card removal all that well. (03:15:11 PM) relyea: rpattath: wierd, The PIV cards look like they are contactless, but I bet they have a different API, so they would need a different PKCS #11 driver than coolkey. (03:19:28 PM) relyea: OK, I think I see what the issue is. (03:20:06 PM) relyea: If you insert the card and it starts to blink blue, then it's trying to talk to the contactless interface, which coolkey doesn't understand (03:20:42 PM) relyea: If you insert the card and it blinks green, then full green, everything is cool. (03:21:16 PM) relyea: You need to insert the piv cards fast enough that the contact picks up faster than the contactless. I had a look at the /var/log/messages and I get the following messages when the reader is plugged in, card is inserted and removed Jun 30 12:04:39 dhcp129-237 kernel: usb 2-1.2: new full speed USB device number 6 using ehci_hcd Jun 30 12:04:39 dhcp129-237 kernel: usb 2-1.2: New USB device found, idVendor=0c4b, idProduct=0501 Jun 30 12:04:39 dhcp129-237 kernel: usb 2-1.2: New USB device strings: Mfr=1, Product=2, SerialNumber=3 Jun 30 12:04:39 dhcp129-237 kernel: usb 2-1.2: Product: cyberJack RFID komfort Jun 30 12:04:39 dhcp129-237 kernel: usb 2-1.2: Manufacturer: REINER SCT Jun 30 12:04:39 dhcp129-237 kernel: usb 2-1.2: SerialNumber: 6900486104 Jun 30 12:04:39 dhcp129-237 kernel: usb 2-1.2: configuration #1 chosen from 1 choice Jun 30 12:04:39 dhcp129-237 pcscd: hotplug_libhal.c:342:HPAddDevice() Adding USB device: usb_device_c4b_501_6900486104_if0 Jun 30 12:04:40 dhcp129-237 pcscd: readerfactory.c:1024:RFInitializeReader() Attempting startup of REINER SCT cyberJack RFID komfort (6900486104) 00 00 using /usr/lib64/pcsc/drivers/libifd-cyberjack.bundle/Contents/Linux/libifd-cyberjack.so Jun 30 12:04:40 dhcp129-237 pcscd: readerfactory.c:877:RFBindFunctions() Loading IFD Handler 3.0 Jun 30 12:04:40 dhcp129-237 pcscd: readerfactory.c:1050:RFInitializeReader() Open Port 200000 Failed (usb:0c4b/0501:libhal:/org/freedesktop/Hal/devices/usb_device_c4b_501_6900486104_if0) Jun 30 12:04:40 dhcp129-237 pcscd: readerfactory.c:914:RFUnloadReader() Unloading reader driver. Jun 30 12:04:40 dhcp129-237 pcscd: readerfactory.c:233:RFAddReader() REINER SCT cyberJack RFID komfort (6900486104) init failed. Jun 30 12:04:40 dhcp129-237 pcscd: hotplug_libhal.c:432:HPAddDevice() trying libusb scheme with: usb:0c4b/0501:libusb:002:006 Jun 30 12:04:40 dhcp129-237 pcscd: readerfactory.c:1024:RFInitializeReader() Attempting startup of REINER SCT cyberJack RFID komfort (6900486104) 00 00 using /usr/lib64/pcsc/drivers/libifd-cyberjack.bundle/Contents/Linux/libifd-cyberjack.so Jun 30 12:04:40 dhcp129-237 pcscd: readerfactory.c:877:RFBindFunctions() Loading IFD Handler 3.0 Jun 30 12:04:43 dhcp129-237 pcscd: readerfactory.c:249:RFAddReader() Using the pcscd polling thread Jun 30 12:04:43 dhcp129-237 pcscd: winscard.c:362:SCardConnect() Card Not Inserted Jun 30 12:04:43 dhcp129-237 pcscd: winscard.c:362:SCardConnect() Card Not Inserted Jun 30 12:06:25 dhcp129-237 pcscd: eventhandler.c:429:EHStatusHandlerThread() Card inserted into REINER SCT cyberJack RFID komfort (6900486104) 00 00 Jun 30 12:06:25 dhcp129-237 pcscd: Card ATR: 3B 88 80 01 00 00 00 00 80 81 C1 00 C9 Jun 30 12:06:25 dhcp129-237 pcscd: prothandler.c:128:PHSetProtocol() Attempting PTS to T=1 Jun 30 12:06:59 dhcp129-237 pcscd: eventhandler.c:361:EHStatusHandlerThread() Card Removed From REINER SCT cyberJack RFID komfort (6900486104) 00 00 Jun 30 12:06:59 dhcp129-237 pcscd: winscard.c:362:SCardConnect() Card Not Inserted Jun 30 12:06:59 dhcp129-237 pcscd: winscard.c:362:SCardConnect() Card Not Inserted Shouldn't we be able to view the certs on the card to clearly say that the card has been detected? Are the above log messages sufficient to verify this bug? Roshi, So the issue is the reader is both a contactless reader and a contact reader, and the cards we have the 'work' with the reader are both contactless and contact, but we only support the contact part. It seems the reader does not like to use both at the same time, and it doesn't separate the contact card from the contactless interface well. In order to see something work, you need to get the contact part working (green light). If it flashes blue, ESC will see the card, but treat it as unformatted because coolkey doesn't support contact-less PIV. I find it's hit or miss whether or not I can get the reader to use the contact verses the contactless interface. When it uses the contact interface, everything works fine, but if it start flashing blue, it won't every switch to the contact interface. In any event, you messages are fine. We can write a bug to support contactless in the future (that would make our testing of the reader easier). bob (In reply to Roshni from comment #32) > Jun 30 12:04:40 dhcp129-237 pcscd: hotplug_libhal.c:432:HPAddDevice() trying > libusb scheme with: usb:0c4b/0501:libusb:002:006 [...] > Are the above log messages sufficient to verify this bug? From my personal point of view it would be sufficient - I am the reporter, I wrote the patch and it is working for me :) Obviously I can not make any decision for Red Hat QA but: If you try the same steps without my patch, I bet that you have really less success. Given that I am the reporter, I am willing to test this specific RPM also here locally (which is hopefully the same like 1.5.2-13.el6_4 + my patch). Upgraded to RHEL 6.6, the following cards got the green light on the reader blinking and were detected by ESC. This too was successful only after several attempts of removing and re-inserting the card. ESC also hung multiple times during the test. PIV test cards 1,2,3,4,5,6,7,8,10,11,12,13,14,15 Oberthur smart card PIV test cards 9 and 16 got the the green light on the reader blinking but ESC was not detecting the cards. Verifying this bug and opened a new bug for the inconsistent behavior (not clearly identifying contact and contactless cards) of the reader https://bugzilla.redhat.com/show_bug.cgi?id=1115626 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-1463.html |