1911630 – AusweiseApp2 protocol error when authenticating german id card via usb reader

Bug 1911630 - AusweiseApp2 protocol error when authenticating german id card via usb reader

Summary: AusweiseApp2 protocol error when authenticating german id card via usb reader

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	AusweisApp2
Sub Component:
Version:	33
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Björn 'besser82' Esser
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-12-30 13:21 UTC by Arun Babu Neelicattu
Modified:	2021-12-02 19:54 UTC (History)
CC List:	3 users (show)
Fixed In Version:	AusweisApp2-1.22.2-3.fc34 AusweisApp2-1.22.2-3.el8 AusweisApp2-1.22.2-3.fc33 AusweisApp2-1.22.2-3.fc35
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-09-01 20:31:29 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Arun Babu Neelicattu 2020-12-30 13:21:26 UTC

Description of problem:

Using a german ID card along with a REINER SCT cyberJack RFID USB reader [1], fails with a protocol error after valid PIN entry.

The card and PIN was verified to work with using the Android app using NFC. Additionally, the reader, card and PIN has been verified using the Open EID app as well on the same workstation.


Version-Release number of selected component (if applicable):

> AusweisApp2-data-1.20.2-10.fc33.noarch
> AusweisApp2-1.20.2-10.fc33.x86_64


How reproducible:
This is consistently and easily reproduced.

Steps to Reproduce:
1. Install and open AusweisApp2 (rpm)
2. Select "See my personal data"
3. Select "Proceed to PIN entry"
4. Place ID card on usb card reader.
5. Enter PIN and continue.

Actual results:
App displays a protocol error.

Expected results:
App authenticates PIN and displays personal data.

Additional info:
The root cause seems to be due to the required elliptical curve being disabled on the openssl install.

> support    2020.12.30 13:47:48.710 12917 I ...ionWorker::establishPaceChannel(card/base/CardConnectionWorker.cpp:186) : Starting PACE for PACE_PIN
> card       2020.12.30 13:47:48.711 12917 C ...urveFactory::createCurve(card/base/pace/ec/EllipticCurveFactory.cpp:45) : Error on EC_GROUP_new_by_curve_name, curve is unknown: 927
> card       2020.12.30 13:47:48.711 12917 C EcdhKeyAgreement::create(card/base/pace/ec/EcdhKeyAgreement.cpp:61)        : Creation of elliptic curve failed
> card       2020.12.30 13:47:48.712 12917 C PaceHandler::initialize(card/base/pace/PaceHandler.cpp:134)                : No supported domain parameters found
> support    2020.12.30 13:47:48.712 12917 I ...ionWorker::establishPaceChannel(card/base/CardConnectionWorker.cpp:212) : Finished PACE for PACE_PIN with result PROTOCOL_ERROR
> network    2020.12.30 13:47:49.003 12906   ...ndReceive::onReplyFinished(core/states/StateGenericSendReceive.cpp:285) : Status Code: 200 "OK"
> network    2020.12.30 13:47:49.003 12906   ...ndReceive::onReplyFinished(core/states/StateGenericSendReceive.cpp:285) : Header | Connection: keep-alive
> network    2020.12.30 13:47:49.003 12906   ...ndReceive::onReplyFinished(core/states/StateGenericSendReceive.cpp:285) : Header | Content-Type: application/vnd.paos+xml
> network    2020.12.30 13:47:49.003 12906   ...ndReceive::onReplyFinished(core/states/StateGenericSendReceive.cpp:285) : Header | Content-Length: 1415
> network    2020.12.30 13:47:49.004 12906   ...ndReceive::onReplyFinished(core/states/StateGenericSendReceive.cpp:285) : Header | Content-Security-Policy: default-src 'self'
> network    2020.12.30 13:47:49.004 12906   ...ndReceive::onReplyFinished(core/states/StateGenericSendReceive.cpp:285) : Header | Date: Wed, 30 Dec 2020 12:47:48 GMT
> support    2020.12.30 13:47:49.069 12917 I Reader::updateRetryCounter(card/base/Reader.cpp:83)                        : retrieved retry counter: 3 , was: 3 , PIN deactivated: false
> card       2020.12.30 13:47:49.143 12917 W ReaderManagerWorker::getReader(card/base/ReaderManagerWorker.cpp:235)      : Requested reader does not exist: "REINER SCT cyberJack RFID basis 00 00"
> card       2020.12.30 13:47:49.143 12917 W ...rManagerWorker::updateReaderInfo(card/base/ReaderManagerWorker.cpp:212) : Requested reader does not exist: "REINER SCT cyberJack RFID basis 00 00"
> feedback   2020.12.30 13:47:49.145 12906 I ApplicationModel::showFeedback(ui/qml/ApplicationModel.cpp:457)            : You may now remove your ID card from the device.
> qml        2020.12.30 13:47:49.145 12906 W ApplicationModel::isScreenReaderRunning(ui/qml/ApplicationModel.cpp:428)   : NOT IMPLEMENTED

[1] https://www.amazon.de/REINER-cyberJack-Chip-Kartenleser-basis-Personalausweis/dp/B004FQO10U/ref=asc_df_B004FQO10U/

Comment 1 Fedora Update System 2021-08-31 07:16:43 UTC

FEDORA-2021-b025f69683 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-b025f69683

Comment 2 Fedora Update System 2021-08-31 07:16:53 UTC

FEDORA-EPEL-2021-7e4f239518 has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-7e4f239518

Comment 3 Fedora Update System 2021-08-31 07:17:02 UTC

FEDORA-2021-ae621237b4 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2021-ae621237b4

Comment 4 Fedora Update System 2021-08-31 07:17:11 UTC

FEDORA-2021-5729f02f4c has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2021-5729f02f4c

Comment 5 Fedora Update System 2021-08-31 17:57:21 UTC

FEDORA-2021-ae621237b4 has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-ae621237b4`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-ae621237b4

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 6 Fedora Update System 2021-08-31 22:04:31 UTC

FEDORA-2021-5729f02f4c has been pushed to the Fedora 33 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-5729f02f4c`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-5729f02f4c

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 7 Fedora Update System 2021-08-31 22:25:50 UTC

FEDORA-EPEL-2021-7e4f239518 has been pushed to the Fedora EPEL 8 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-7e4f239518

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 8 Fedora Update System 2021-08-31 22:53:13 UTC

FEDORA-2021-b025f69683 has been pushed to the Fedora 34 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-b025f69683`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-b025f69683

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 9 Fedora Update System 2021-09-01 20:31:29 UTC

FEDORA-2021-b025f69683 has been pushed to the Fedora 34 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 10 Fedora Update System 2021-09-01 20:34:50 UTC

FEDORA-EPEL-2021-7e4f239518 has been pushed to the Fedora EPEL 8 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 11 Fedora Update System 2021-09-01 20:49:37 UTC

FEDORA-2021-5729f02f4c has been pushed to the Fedora 33 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 12 Fedora Update System 2021-09-24 20:12:02 UTC

FEDORA-2021-ae621237b4 has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 13 Benjamin Schwarze 2021-10-25 18:53:25 UTC

The problem still persists in AusweisApp2-1.22.2-3.fc34.x86_64:

remote_... 2021.10.25 20:34:23.203 16182 I ConnectRequest::onConnected(remote_device/ConnectRequest.cpp:73)           : Handshake of tls connection done!
support    2021.10.25 20:34:25.282 16183 I Reader::updateRetryCounter(card/base/Reader.cpp:83)                        : retrieved retry counter: 3 , was: -1 , PIN deactivated: false
support    2021.10.25 20:34:25.455 16183 I Reader::updateRetryCounter(card/base/Reader.cpp:83)                        : retrieved retry counter: 3 , was: 3 , PIN deactivated: false
support    2021.10.25 20:34:31.110 16183 I ...ionWorker::establishPaceChannel(card/base/CardConnectionWorker.cpp:179) : Starting PACE for PACE_PIN
card       2021.10.25 20:34:31.111 16183 C ...urveFactory::createCurve(card/base/pace/ec/EllipticCurveFactory.cpp:45) : Error on EC_GROUP_new_by_curve_name, curve is unknown: 927
card       2021.10.25 20:34:31.111 16183 C EcdhKeyAgreement::create(card/base/pace/ec/EcdhKeyAgreement.cpp:61)        : Creation of elliptic curve failed
card       2021.10.25 20:34:31.111 16183 C PaceHandler::initialize(card/base/pace/PaceHandler.cpp:117)                : No supported domain parameters found
support    2021.10.25 20:34:31.111 16183 I ...ionWorker::establishPaceChannel(card/base/CardConnectionWorker.cpp:229) : Finished PACE for PACE_PIN with result PROTOCOL_ERROR

Link: https://bugzilla.redhat.com/show_bug.cgi?id=2000306

Note You need to log in before you can comment on or make changes to this bug.