Italian CNS - ATHENA (ACTALIS) / 01 - Support

[kbytesys]

Hi, I can't use my new Italian CNS card with opensc. I know it uses the Athena Actalis/01 chip that seems to be supported.

This is the output of the pcsc_scan:

PC/SC device scanner
V 1.4.23 (c) 2001-2011, Ludovic Rousseau <ludovic.rousseau@free.fr>
Compiled with PC/SC lite version: 1.8.11
Using reader plug'n play mechanism
Scanning present readers...
0: BLUTRONICS BLUDRIVE II CCID 00 00

Fri Mar 13 13:19:54 2015
Reader 0: BLUTRONICS BLUDRIVE II CCID 00 00
  Card state: Card inserted, 
  ATR: 3B DF 18 00 81 31 FE 7D 00 6B 02 0C 01 82 01 11 01 43 4E 53 10 31 80 FC

ATR: 3B DF 18 00 81 31 FE 7D 00 6B 02 0C 01 82 01 11 01 43 4E 53 10 31 80 FC
+ TS = 3B --> Direct Convention
+ T0 = DF, Y(1): 1101, K: 15 (historical bytes)
  TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU
    129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s
  TC(1) = 00 --> Extra guard time: 0
  TD(1) = 81 --> Y(i+1) = 1000, Protocol T = 1 
-----
  TD(2) = 31 --> Y(i+1) = 0011, Protocol T = 1 
-----
  TA(3) = FE --> IFSC: 254
  TB(3) = 7D --> Block Waiting Integer: 7 - Character Waiting Integer: 13
+ Historical bytes: 00 6B 02 0C 01 82 01 11 01 43 4E 53 10 31 80
  Category indicator byte: 00 (compact TLV data object)
    Tag: 6, len: B (pre-issuing data)
      Data: 02 0C 01 82 01 11 01 43 4E 53
    Mandatory status indicator (3 last bytes)
      LCS (life card cycle): 10 (Proprietary)
      SW: 3180 (Error not defined by ISO 7816)
+ TCK = FC (correct checksum)

Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
3B DF 18 00 81 31 FE 7D 00 6B 02 0C 01 82 01 11 01 43 4E 53 10 31 80 FC
        Italian healtcare card (TS) National Service Card (CNS) (HealthCare)

I've also compiled and tested the last sources from git with the command:

$OPENSC_DEBUG=9 ./pkcs11-tool --module /usr/local/kbyte/opensc/lib/opensc-pkcs11.so -t -l
Logging in to "ANDREA BRIGANTI (PIN CNS0)".
Please enter User PIN: 
C_SeedRandom() and C_GenerateRandom():
  seeding (C_SeedRandom) not supported
  seems to be OK
Digests:
  all 4 digest functions seem to work
  MD5: OK
  SHA-1: OK
  RIPEMD160: OK
Signatures (currently only RSA signatures)
  testing key 0 (CNS0) 

You can find the full debug log here (too long for github issue):

http://kbyte.snowpenguin.org/uploads/opensc/card_debug.log

[frankmorgner]

@puccia could you have a look into this?

[puccia]

I see that it's a transmit error exactly when trying to send a 135-byte APDU. Perhaps the card reader/driver combination is not handling that correctly?

@kbytesys , could you try setting max_send_size in opensc.conf to something like 120 and see what happens?

Thanks!

[kbytesys]

Hi. I've tried two different card reader. BTW I can try to recompile and try that config setting in few days.

[kbytesys]

No good news. I've recompiled and lowered the max_send_size (from 120 to 50), the outgoing apdu value is lower in the log, but the error is the same. Tested with a bluedrive II and a manhattan smart card reader.

[frankmorgner]

looking at the log you provided, I can see these problems:

• some record is not found where should have been a pkcs15 public key:

Outgoing APDU data [    5 bytes] =====================================
00 B2 03 04 A5 .....
======================================================================
0x7fbbc369e700 13:13:13.432 [opensc-pkcs11] reader-pcsc.c:182:pcsc_internal_transmit: called
0x7fbbc369e700 13:13:13.454 [opensc-pkcs11] apdu.c:185:sc_apdu_log: 
Incoming APDU data [    2 bytes] =====================================
6A 83 j.

is your card correctly initialized?

• as mentioned before, a transmit to the card fails:

Outgoing APDU data [  135 bytes] =====================================
00 2A 80 86 81 00 00 01 00 00 00 00 00 00 00 00 .*..............
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 57 D9 ..............W.
5C C2 BB 7F 00 00 A0 D2 8F C2 BB 7F 00 00 40 4D \.............@M
2F 12 FC 7F 00 00 F8 FA 40 00 00 00 00 00 FC FA /.......@.......
40 00 00 00 00 00 00                            @......
======================================================================
0x7fbbc369e700 13:13:21.790 [opensc-pkcs11] reader-pcsc.c:182:pcsc_internal_transmit: called
0x7fbbc369e700 13:15:17.965 [opensc-pkcs11] reader-pcsc.c:208:pcsc_internal_transmit: BLUTRONICS BLUDRIVE II CCID 00 00:SCardTransmit/Control failed: 0x80100016

0x80100016 stands for SCARD_E_NOT_TRANSACTED. Considering that all previous transmits succeeded and OpenSC did not change any internal setting, this problem is very likely located in one of the lower layers (PC/SC middleware, OS, reader driver, reader). Google for SCARD_E_NOT_TRANSACTED maybe in conjunction with your reader or OS and check if something comes up...

[frankmorgner]

You may also check the log of your pcsc middleware in which the reader driver could indicate the specific error.

Am 30. Juli 2015 21:03:07 MESZ, schrieb Andrea Briganti notifications@github.com:

No good news. I've recompiled and lowered the max_send_size, but the
error is the same. Tested with a bluedrive II and a manhattan smart
card reader.

---

Reply to this email directly or view it on GitHub:
#393 (comment)

Frank Morgner

[kbytesys]

Google doesn't give anything for SCARD_E_NOT_TRANSACTED and my two card readers. I've also a digital firm card, only the italian cns one give me that error.

This is the debug of the pcscd daemon:

http://kbyte.snowpenguin.org/uploads/opensc/pcscd_log.txt

[puccia]

It is also possible that the driver is trying to use a digital signature
operation when the card really wants us to use a RSA encipher/decipher
operation. I will try to take a look at this - it will take me a while to
get reacquainted with ISO 7816 and my own code, though!
Il 31/lug/2015 01:15 PM, "Andrea Briganti" notifications@github.com ha
scritto:

Google doesn't give anything for SCARD_E_NOT_TRANSACTED and my two card
readers. I've also a digital firm card, only the italian cns one give me
that error.

This is the debug of the pcscd daemon:

http://kbyte.snowpenguin.org/uploads/opensc/pcscd_log.txt

—
Reply to this email directly or view it on GitHub
#393 (comment).

[frankmorgner]

This looks strange:

00000061 APDU: 00 2A 80 86 81 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 67 D9 4F DF 83 7F 00 00 A0 D2 82 DF 83 7F 00 00 E0 CF 66 53 FF 7F 00 00 FC 01 41 00 00 00 00 00 00 02 41 00 00 00 00 00 00 
00000011 ifdhandler.c:1283:IFDHTransmitToICC() usb:1b0e/1078:libudev:0:/dev/bus/usb/001/004 (lun: 0)
00201486 openct/proto-t1.c:668:t1_xcv() New timeout at WTX request: 322670 sec
99999999 commands.c:1508:CCID_Receive Card absent or mute
00000025 openct/proto-t1.c:215:t1_transceive() fatal: transmit/receive failed
00000004 SW: 
00000004 ifdwrapper.c:550:IFDTransmit() Card not transacted: 612
00000002 winscard.c:1635:SCardTransmit() Card not transacted: 0x80100016

Whatever this timeout is, it seems ridiculously high. I could imagine that there is a sanity check that throws the error. Could you set a breakpoint here and see where exactly this error is?

What do you think, @LudovicRousseau ?

[martinpaljak]

You can try to force your card to use T=0 with force_protocol=t0 and your card ATR in opensc.conf.

Other than that, this problem coms from a level lower than OpenSC, where workarounds can be made but root cause can probably be not fixed.

[frankmorgner]

closing this due to inactivity. please re-open if there is new input.

[resoli]

Hello, it happens that I just received one of these cards. I'm experiencing the same issue, but only with an old acr38u reader not supported by libccid (I have to use libacr38u instead). With other two readers, (including newer acr38u) no issue.