Locking issue with Aladdin eToken Pro 64k

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Locking issue with Aladdin eToken Pro 64k

Antje Bendrich
Hi,

I'm at a complete loss as to why I get this error on two machines, but not on
several others, all of which are identical in software (freshly installed with
AutoYaST):

> # pkcs15-tool -D
> Using reader with a card: Aladdin eToken PRO 64k
> [pkcs15-tool] apdu.c:528:sc_transmit_apdu: unable to acquire lock
> [pkcs15-tool] card-cardos.c:86:cardos_match_card: APDU transmit failed: Generic reader error
> [pkcs15-tool] apdu.c:528:sc_transmit_apdu: unable to acquire lock
> [pkcs15-tool] card-cardos.c:86:cardos_match_card: APDU transmit failed: Generic reader error
> [pkcs15-tool] apdu.c:528:sc_transmit_apdu: unable to acquire lock
> [pkcs15-tool] apdu.c:528:sc_transmit_apdu: unable to acquire lock
> [pkcs15-tool] card-default.c:66:autodetect_class: APDU transmit failed: Generic reader error
> [pkcs15-tool] card-default.c:113:default_init: unable to determine the right class byte
> [pkcs15-tool] card.c:202:sc_connect_card: driver 'Default driver for unknown cards' init() failed: Card is invalid or cannot be handled
> [pkcs15-tool] card.c:213:sc_connect_card: unable to find driver for inserted card
> [pkcs15-tool] card.c:228:sc_connect_card: returning with: Card is invalid or cannot be handled
> Failed to connect to card: Card is invalid or cannot be handled
The card shows up fine:
> # opensc-tool -l
> Readers known about:
> Nr.    Driver     Name
> 0      openct     Aladdin eToken PRO 64k
> 1      openct     OpenCT reader (detached)

When I stop pcscd, "pkcs15-tool -D" shows what it should show.. Unfortunately, I
need pcscd for those users who use their tokens with the Aladdin middleware.

The only differences I found so far between a working and a broken system seem
to be the number of sockets openct has open: On a broken system, openct has two
sockets running, one of them connected:

> # netstat -na | grep -e openct -e eTSrv -e pcsc
> unix  2      [ ACC ]     STREAM     LISTENING     12857  /tmp/eTSrv
> unix  2      [ ACC ]     STREAM     LISTENING     18001  /var/run/openct/0
> unix  2      [ ACC ]     STREAM     LISTENING     12272  /var/run/pcscd/pcscd.comm
> unix  3      [ ]         STREAM     CONNECTED     18004  /var/run/openct/0

On broken system, inserting a token leads to a sleeping process
"/usr/sbin/ifdhandler -H -p etoken64 usb /dev/bus/usb/004/020" that does not
exist on working systems.

/var/log/messages when inserting a token to a broken system:
> kernel: usb 4-1: new full speed USB device using uhci_hcd and address 23
> kernel: usb 4-1: New USB device found, idVendor=0529, idProduct=0600
> kernel: usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
> kernel: usb 4-1: Product: Token 4.28.1.1 2.7.195
> kernel: usb 4-1: Manufacturer: Aladdin Knowledge Systems Ltd.
> kernel: usb 4-1: configuration #1 chosen from 1 choice

On working systems it's the same with two extra lines at the end:
> kernel: usb 6-1: new full speed USB device using uhci_hcd and address 24
> kernel: usb 6-1: New USB device found, idVendor=0529, idProduct=0600
> kernel: usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
> kernel: usb 6-1: Product: Token 4.28.1.1 2.7.195
> kernel: usb 6-1: Manufacturer: Aladdin Knowledge Systems Ltd.
> kernel: usb 6-1: configuration #1 chosen from 1 choice
> kernel: usb 6-1: usbfs: interface 0 claimed by usbfs while 'pcscd' sets config #1
> kernel: usb 6-1: USB disconnect, address 24


On working system, there is only one socket running while the token is plugged in:
> # netstat -na | grep -e openct -e eTSrv -e pcsc
> unix  2      [ ACC ]     STREAM     LISTENING     12364  /var/run/pcscd/pcscd.comm
> unix  2      [ ACC ]     STREAM     LISTENING     76541  /var/run/openct/0
> unix  2      [ ACC ]     STREAM     LISTENING     12693  /tmp/eTSrv

Here's the versions I'm running on openSUSE 11.2:
opensc-0.11.9
openct-0.6.17
pcsc-openct-0.6.17
pcsc-lite-1.5.5
pkiclient-5.00.28

Both clients I used for testing have been freshly installed with Autoyast, so
there is no difference in configuration whatsoever.

Does anyone have any ideas what might cause this strange difference in behaviour?

Antje

--
Antje Bendrich (Team IT-Services),                 Phone +49 40 808077-642

DFN-CERT Services GmbH, https://www.dfn-cert.de/, Phone  +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805,  Ust-IdNr.:  DE 232129737
Sachsenstra├če 5, 20097 Hamburg/Germany,   CEO: Dr. Klaus-Peter Kossakowski



_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user

smime.p7s (7K) Download Attachment