1729880 – ccid: Fix incorrect dwProtocol advertisement of T=0 [rhel-7.7.z]

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1729880 - ccid: Fix incorrect dwProtocol advertisement of T=0 [rhel-7.7.z]

Summary: ccid: Fix incorrect dwProtocol advertisement of T=0 [rhel-7.7.z]

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	qemu-kvm-rhev
Sub Component:
Version:	7.7
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Maxim Levitsky
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:	1721522
Blocks:
TreeView+	depends on / blocked

Reported:	2019-07-15 08:23 UTC by RAD team bot copy to z-stream
Modified:	2023-09-07 20:15 UTC (History)
CC List:	13 users (show)
Fixed In Version:	qemu-kvm-rhev-2.12.0-33.el7_7.1
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	1721522
Environment:
Last Closed:	2019-10-22 15:24:05 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2019:3179	0	None	None	None	2019-10-22 15:24:29 UTC

Description RAD team bot copy to z-stream 2019-07-15 08:23:49 UTC

This bug has been copied from bug #1721522 and has been proposed to be backported to 7.7 z-stream (EUS).

Comment 12 Michael 2019-09-16 03:03:43 UTC

Hi all:

Now, we can verify this Bug. Basically check that dwProtocols field in lsusb output doesn't complain about invalid values on Linux, which can verify this Bug. Thus, we can reproduce this Bug first. 

Reproduced version:
kernel:3.10.0-1062.1.1.el7.x86_64
qemu-kvm-rhev-2.12.0-33.el7.x86_64

Test steps:

[1] To emulate a software smartcard, in the host, we need to generate 3 certificates which will be used for the "fake" smartcard.
# mkdir ~/.netscape
# certutil -N (use an empty password)
# certutil -x -t "CT,CT,CT" -S -s "CN=cert1" -n cert1
# certutil -x -t "CT,CT,CT" -S -s "CN=cert2" -n cert2
# certutil -x -t "CT,CT,CT" -S -s "CN=cert3" -n cert3

[2] list 3 certs created in setp1
# certutil -L

Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI

cert1                                                        CTu,Cu,Cu
cert2                                                        CTu,Cu,Cu
cert3                                                        CTu,Cu,Cu

[3] On the host.
# yum groupinstall "smart card support"
# systemctl restart pcscd

[4] Start the guest with follow command
-spice port=5930,disable-ticketing \
-chardev spicevmc,name=smartcard,id=ccid  \
-device usb-ccid,debug=1 \      <---enable debug for qemu
-device ccid-card-passthru,chardev=ccid \   <---passthru smart card in the host
-usb \

[5] Start the remover with ccid parameter. 
# remote-viewer spice://localhost:5930 --spice-smartcard --spice-smartcard-db ~/.netscape/ --spice-smartcard-certificates cert1,cert2,cert3

[6] check the usb device inside the guest. 
# lsusb
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 002 Device 002: ID 08e6:4433 Gemalto (was Gemplus) GemPC433-Swap   <-- emulation ccid device
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

[7] check the dwProtocols in the lsusb. 
# lsusb -vvv -d 08e6:4433

Bus 002 Device 002: ID 08e6:4433 Gemalto (was Gemplus) GemPC433-Swap
Device Descriptor:
  bLength                18
  bDescriptorType         1
  bcdUSB               1.10
  bDeviceClass            0 
  bDeviceSubClass         0 
  bDeviceProtocol         0 
  bMaxPacketSize0        64
  idVendor           0x08e6 Gemalto (was Gemplus)
  idProduct          0x4433 GemPC433-Swap
  bcdDevice            0.00
  iManufacturer           1 QEMU
  iProduct                2 QEMU USB CCID
  iSerial                 3 1-0000:00:1d.7-1
  bNumConfigurations      1
  Configuration Descriptor:
    bLength                 9
    bDescriptorType         2
    wTotalLength       0x005d
    bNumInterfaces          1
    bConfigurationValue     1
    iConfiguration          0 
    bmAttributes         0xe0
      Self Powered
      Remote Wakeup
    MaxPower              100mA
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        0
      bAlternateSetting       0
      bNumEndpoints           3
      bInterfaceClass        11 Chip/SmartCard
      bInterfaceSubClass      0 
      bInterfaceProtocol      0 
      iInterface              4 CCID Interface
      ChipCard Interface Descriptor:
        bLength                54
        bDescriptorType        33
        bcdCCID              1.10  (Warning: Only accurate for version 1.0)
        nMaxSlotIndex           0
        bVoltageSupport         7  5.0V 3.0V 1.8V 
      **dwProtocols**       65536  (Invalid values detected)        <--- Bug reproduced. 
        dwDefaultClock       4000
        dwMaxiumumClock     65536
        bNumClockSupported      0
        dwDataRate           9600 bps
        dwMaxDataRate      115200 bps
        bNumDataRatesSupp.      0
        dwMaxIFSD             254
        dwSyncProtocols  00000000 
        dwMechanical     00000000 
        dwFeatures       000104FE
          Auto configuration based on ATR
          Auto activation on insert
          Auto voltage selection
          Auto clock change
          Auto baud rate change
          Auto parameter negotiation made by CCID
          Auto IFSD exchange
          TPDU level exchange
        dwMaxCCIDMsgLen     65554
        bClassGetResponse    echo
        bClassEnvelope       echo
        wlcdLayout           none
        bPINSupport             1  verification
        bMaxCCIDBusySlots       1
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x81  EP 1 IN
        bmAttributes            3
          Transfer Type            Interrupt
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0040  1x 64 bytes
        bInterval             255
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x82  EP 2 IN
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0040  1x 64 bytes
        bInterval               0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x03  EP 3 OUT
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0040  1x 64 bytes
        bInterval               0
can't get debug descriptor: Resource temporarily unavailable
Device Status:     0x0001
  Self Powered



Now change to the fixed version to verify this Bug. 

qemu-kvm-rhev-2.12.0-33.el7_7.4.x86_64

repeat the above steps and check the dwProtocols output. 
# lsusb -vvv -d 08e6:4433
... ...
dwProtocols             1  T=0 
... ...


Thus, we can mark this Bug as verified. If any one have question, just free for contact me. 

Thanks.

Comment 15 errata-xmlrpc 2019-10-22 15:24:05 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:3179

Note You need to log in before you can comment on or make changes to this bug.