OpenBSD and eToken

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

OpenBSD and eToken

lists-14
Hi,

I have read the OpenSC archives and anything else I could find on google
for a couple of days now, not finding answers for some of my questions.

I would like to use an eToken PRO device with OpenBSD and OpenSC/OpenCT.

Inserting the token gives me:

ugen0 at uhub1 port 2
ugen0: AKS eToken Pro 4254, rev 1.00/1.00, addr 2

and when issueing a openct-control init command i get the following:

Debug: ifd_scan_usb: BSD: ifd_scan_usb: ifd_driver_for(AKS[0x0529].eToken
Pro 4254[0x0514])
Debug: ifd_spawn_handler: driver=etoken, device=/dev/ugen0, index=1
Error: too many readers, no reader slot available

To me it seems like all data is correctly retrieved from the USB device,
the openct.conf has an entry for exactly these hex values to recognise
etoken. Still this looks like and error to me, and when trying to attach
the device I get another error as could be expected.

The system is OpenBSD 3.7, running OpenSC 0.9.6 and OpenCT 0.6.5.

I have tried to use different versions, have compiled with and without
pcsc-lite and had various points where I thought I got closer to getting it
work, but didnt succeed. To make long things short, is this even supposed
to be working? Anyone using eToken with OpenBSD?

I would be glad for any kind of help or flame for not providing enough
details :P

cheers

daniel
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD and eToken [u]

Andreas Jellinghaus-2
Hi,

you are the first openbsd user I'm aware of,
and the only bsd user I read from in the past
months. so everything will be a bit rough and
there might be bugs hidden everywhere.

> I would like to use an eToken PRO device with OpenBSD and OpenSC/OpenCT.
>
> Inserting the token gives me:
>
> ugen0 at uhub1 port 2
> ugen0: AKS eToken Pro 4254, rev 1.00/1.00, addr 2

never heard of revision 4254. we might not even support it at
all.

if you have a windows machine, maybe you can do some tests with
it, and use sniffusb 0.13 to capture a usb log file? then I could
see if it works like the older one (one usb level), or not.

you could also try by editing openct.conf and edit the new
product/vendor id, assign it to driver "etoken". let me know
if it works.

to test if it works: try openct-tool whether the driver is initalized
with success and you can get an atr.

if you can't get an atr, something is very much broken.

> To me it seems like all data is correctly retrieved from the USB device,
> the openct.conf has an entry for exactly these hex values to recognise
> etoken. Still this looks like and error to me, and when trying to attach
> the device I get another error as could be expected.

set the debuglevel to 9 and give me the log data syslog'ed by ifdhandler.

basicaly I wrote that driver with recording the sequence of usb data
send and received by an older token on windows. worked great. if your
new hardware requires a different sequence of usb commands, we need
to figure that one out first. for example with windows, the aladdin
driver and usbsniff 0.13.

of course openbsd might also have a bug in it's usb layer.
the best way would be to start with a device that works ok
on linux, and not a new one, so we can seperate OS issues
from new hardware issues.

Regards, Andreas
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD and eToken [u]

lists-14
Hi,

>> I would like to use an eToken PRO device with OpenBSD and OpenSC/OpenCT.
>>
>> Inserting the token gives me:
>>
>> ugen0 at uhub1 port 2
>> ugen0: AKS eToken Pro 4254, rev 1.00/1.00, addr 2
>
> never heard of revision 4254. we might not even support it at
> all.

hm. thats the only revision I know. Are the ones you know older? Or newer?
This token should be quite new.

> if you have a windows machine, maybe you can do some tests with
> it, and use sniffusb 0.13 to capture a usb log file? then I could
> see if it works like the older one (one usb level), or not.

about to set one up. I will have a look at the usb data coming in.

> you could also try by editing openct.conf and edit the new
> product/vendor id, assign it to driver "etoken". let me know
> if it works.

the vendor id is already in there as I understand it.

ifd_driver_for(AKS[0x0529].eToken Pro 4254[0x0514])

from what i thought i understood this should be recognized by openct.conf:

driver  etoken {
        ids = {
                usb:0529/050c,
                usb:0529/0514,
        };
};


> set the debuglevel to 9 and give me the log data syslog'ed by ifdhandler.

root@wormhole:/# /usr/local/sbin/openct-control -ddd init
<config> {
  debug = 9;
  hotplug = yes;
  ifdhandler = /usr/local/sbin/ifdhandler;
  ifdproxy;
  driver etoken {
    ids {
      usb:0529/050c;
      usb:0529/0514;
    }
  }
  driver ccid {
    ids {
      usb:08e6/3437;
      usb:08e6/3438;
      usb:08e6/4433;
      usb:04e6/5115;
      usb:04e6/E001;
      usb:04e6/E003;
      usb:076b/3021;
      usb:076b/5121;
      usb:0783/0003;
    }
  }
}
Debug: ifd_driver_add_id: ifd_driver_add_id(usb:0529/050c, etoken)
Debug: ifd_driver_add_id: ifd_driver_add_id(usb:0529/0514, etoken)
Debug: ifd_driver_add_id: ifd_driver_add_id(usb:08e6/3437, ccid)
Debug: ifd_driver_add_id: ifd_driver_add_id(usb:08e6/3438, ccid)
Debug: ifd_driver_add_id: ifd_driver_add_id(usb:08e6/4433, ccid)
Debug: ifd_driver_add_id: ifd_driver_add_id(usb:04e6/5115, ccid)
Debug: ifd_driver_add_id: ifd_driver_add_id(usb:04e6/E001, ccid)
Debug: ifd_driver_add_id: ifd_driver_add_id(usb:04e6/E003, ccid)
Debug: ifd_driver_add_id: ifd_driver_add_id(usb:076b/3021, ccid)
Debug: ifd_driver_add_id: ifd_driver_add_id(usb:076b/5121, ccid)
Debug: ifd_driver_add_id: ifd_driver_add_id(usb:0783/0003, ccid)
Debug: ifd_scan_usb: BSD: ifd_scan_usb
Debug: ifd_scan_usb: BSD: ifd_scan_usb: ifd_driver_for(AKS[0x0529].eToken
Pro 4254[0x0514])
Debug: ifd_spawn_handler: driver=etoken, device=/dev/ugen0, index=1

syslog says:

Jul  4 23:38:30 wormhole ifdhandler[10553]: Unknown device type "/dev/ugen0"
Jul  4 23:38:30 wormhole ifdhandler[10553]: /dev/ugen0: initialization
failed (driver etoken)
Jul  4 23:38:30 wormhole ifdhandler[10553]: unable to open reader
etoken@/dev/ugen0

> basicaly I wrote that driver with recording the sequence of usb data
> send and received by an older token on windows. worked great. if your
> new hardware requires a different sequence of usb commands, we need
> to figure that one out first. for example with windows, the aladdin
> driver and usbsniff 0.13.

i will check that out as soon as the windows machine is working.

> of course openbsd might also have a bug in it's usb layer.
> the best way would be to start with a device that works ok
> on linux, and not a new one, so we can seperate OS issues
> from new hardware issues.

this device works on linux and windows. it was configured before i got it,
so i guess it should be working from that side.

thx a lot so far!

cheers

daniel

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD and eToken [u]

Daniel Berg
In reply to this post by Andreas Jellinghaus-2
Hi,

>> I would like to use an eToken PRO device with OpenBSD and OpenSC/OpenCT.
>>
>> Inserting the token gives me:
>>
>> ugen0 at uhub1 port 2
>> ugen0: AKS eToken Pro 4254, rev 1.00/1.00, addr 2
>
> never heard of revision 4254. we might not even support it at
> all.

hm. thats the only revision I know. Are the ones you know older? Or newer?
This token should be quite new.

> if you have a windows machine, maybe you can do some tests with
> it, and use sniffusb 0.13 to capture a usb log file? then I could
> see if it works like the older one (one usb level), or not.

about to set one up. I will have a look at the usb data coming in.

> you could also try by editing openct.conf and edit the new
> product/vendor id, assign it to driver "etoken". let me know
> if it works.

the vendor id is already in there as I understand it.

ifd_driver_for(AKS[0x0529].eToken Pro 4254[0x0514])

from what i thought i understood this should be recognized by openct.conf:

driver  etoken {
        ids = {
                usb:0529/050c,
                usb:0529/0514,
        };
};


> set the debuglevel to 9 and give me the log data syslog'ed by ifdhandler.

root@wormhole:/# /usr/local/sbin/openct-control -ddd init
<config> {
  debug = 9;
  hotplug = yes;
  ifdhandler = /usr/local/sbin/ifdhandler;
  ifdproxy;
  driver etoken {
    ids {
      usb:0529/050c;
      usb:0529/0514;
    }
  }
  driver ccid {
    ids {
      usb:08e6/3437;
      usb:08e6/3438;
      usb:08e6/4433;
      usb:04e6/5115;
      usb:04e6/E001;
      usb:04e6/E003;
      usb:076b/3021;
      usb:076b/5121;
      usb:0783/0003;
    }
  }
}
Debug: ifd_driver_add_id: ifd_driver_add_id(usb:0529/050c, etoken)
Debug: ifd_driver_add_id: ifd_driver_add_id(usb:0529/0514, etoken)
Debug: ifd_driver_add_id: ifd_driver_add_id(usb:08e6/3437, ccid)
Debug: ifd_driver_add_id: ifd_driver_add_id(usb:08e6/3438, ccid)
Debug: ifd_driver_add_id: ifd_driver_add_id(usb:08e6/4433, ccid)
Debug: ifd_driver_add_id: ifd_driver_add_id(usb:04e6/5115, ccid)
Debug: ifd_driver_add_id: ifd_driver_add_id(usb:04e6/E001, ccid)
Debug: ifd_driver_add_id: ifd_driver_add_id(usb:04e6/E003, ccid)
Debug: ifd_driver_add_id: ifd_driver_add_id(usb:076b/3021, ccid)
Debug: ifd_driver_add_id: ifd_driver_add_id(usb:076b/5121, ccid)
Debug: ifd_driver_add_id: ifd_driver_add_id(usb:0783/0003, ccid)
Debug: ifd_scan_usb: BSD: ifd_scan_usb
Debug: ifd_scan_usb: BSD: ifd_scan_usb: ifd_driver_for(AKS[0x0529].eToken
Pro 4254[0x0514])
Debug: ifd_spawn_handler: driver=etoken, device=/dev/ugen0, index=1

syslog says:

Jul  4 23:38:30 wormhole ifdhandler[10553]: Unknown device type "/dev/ugen0"
Jul  4 23:38:30 wormhole ifdhandler[10553]: /dev/ugen0: initialization
failed (driver etoken)
Jul  4 23:38:30 wormhole ifdhandler[10553]: unable to open reader
etoken@/dev/ugen0

> basicaly I wrote that driver with recording the sequence of usb data
> send and received by an older token on windows. worked great. if your
> new hardware requires a different sequence of usb commands, we need
> to figure that one out first. for example with windows, the aladdin
> driver and usbsniff 0.13.

i will check that out as soon as the windows machine is working.

> of course openbsd might also have a bug in it's usb layer.
> the best way would be to start with a device that works ok
> on linux, and not a new one, so we can seperate OS issues
> from new hardware issues.

this device works on linux and windows. it was configured before i got it,
so i guess it should be working from that side.

thx a lot so far!

cheers

daniel



_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD and eToken [u]

Andreas Jellinghaus-2
In reply to this post by lists-14
Sorry, I was wrong. The two tokens I have are
aj@simulacron:~$ lsusb
Bus 001 Device 002: ID 0529:0514 Aladdin Knowledge Systems eToken Pro v4.2.5.4
Bus 001 Device 001: ID 0000:0000  
aj@simulacron:~$ lsusb
Bus 001 Device 003: ID 0529:050c Aladdin Knowledge Systems eToken Pro v4.1.5.x
Bus 001 Device 001: ID 0000:0000  
aj@simulacron:~$

and both work (well I botched with the older one, but it worked before.
need for format it on windows to get it working again).

Still, my token with the same version number is at least a year and
a half old, maybe even older. So Aladdin might have done changes without
telling anyone.

> Jul  4 23:38:30 wormhole ifdhandler[10553]: Unknown device type
> "/dev/ugen0" Jul  4 23:38:30 wormhole ifdhandler[10553]: /dev/ugen0:
> initialization failed (driver etoken)
> Jul  4 23:38:30 wormhole ifdhandler[10553]: unable to open reader
> etoken@/dev/ugen0

quick look at the code: it seems the code wants "/dev/ugen"
and not "/dev/ugen0". could you change that and recompile?
if it fixes the problem, we need to fix it properly with
some #ifdef magic to handle free/net/openbsd differences.

Regards, Andreas
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD and eToken [u]

lists-14
> Still, my token with the same version number is at least a year and
> a half old, maybe even older. So Aladdin might have done changes without
> telling anyone.

I will try to check out how much information I can get off them :P.

>
>> Jul  4 23:38:30 wormhole ifdhandler[10553]: Unknown device type
>> "/dev/ugen0" Jul  4 23:38:30 wormhole ifdhandler[10553]: /dev/ugen0:
>> initialization failed (driver etoken)
>> Jul  4 23:38:30 wormhole ifdhandler[10553]: unable to open reader
>> etoken@/dev/ugen0
>
> quick look at the code: it seems the code wants "/dev/ugen"
> and not "/dev/ugen0". could you change that and recompile?
> if it fixes the problem, we need to fix it properly with
> some #ifdef magic to handle free/net/openbsd differences.

I have edited the accoring two lines in ifd/sys-bsd.c recompiled and
reinstall, but to no success.
I still get this message when trying to attach the token.


When initing, I still get


Debug: ifd_scan_usb: BSD: ifd_scan_usb
Debug: ifd_scan_usb: BSD: ifd_scan_usb: ifd_driver_for(AKS[0x0529].eToken
Pro 4254[0x0514])
Debug: ifd_spawn_handler: driver=etoken, device=/dev/ugen0, index=1

and this as well produces above entry in the message log.

the funny thing is, I have just tried to get it to work under FreeBSD and I
have exactly the same problem.

this looks like it will get quite hairy ...

cheers

daniel

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD and eToken [u]

Daniel Berg
In reply to this post by Andreas Jellinghaus-2
> Still, my token with the same version number is at least a year and
> a half old, maybe even older. So Aladdin might have done changes without
> telling anyone.

I will try to check out how much information I can get off them :P.

>
>> Jul  4 23:38:30 wormhole ifdhandler[10553]: Unknown device type
>> "/dev/ugen0" Jul  4 23:38:30 wormhole ifdhandler[10553]: /dev/ugen0:
>> initialization failed (driver etoken)
>> Jul  4 23:38:30 wormhole ifdhandler[10553]: unable to open reader
>> etoken@/dev/ugen0
>
> quick look at the code: it seems the code wants "/dev/ugen"
> and not "/dev/ugen0". could you change that and recompile?
> if it fixes the problem, we need to fix it properly with
> some #ifdef magic to handle free/net/openbsd differences.

I have edited the accoring two lines in ifd/sys-bsd.c recompiled and
reinstall, but to no success.
I still get this message when trying to attach the token.


When initing, I still get


Debug: ifd_scan_usb: BSD: ifd_scan_usb
Debug: ifd_scan_usb: BSD: ifd_scan_usb: ifd_driver_for(AKS[0x0529].eToken
Pro 4254[0x0514])
Debug: ifd_spawn_handler: driver=etoken, device=/dev/ugen0, index=1

and this as well produces above entry in the message log.

the funny thing is, I have just tried to get it to work under FreeBSD and I
have exactly the same problem.

this looks like it will get quite hairy ...

cheers

daniel


_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD and eToken [u]

Andreas Jellinghaus-2
Are you compiling with or without libusb support?
(try the other one please).

Regards, Andreas
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user