Ticket #29 (reopened enhancement)
reader hotplugging
| Reported by: | martin | Owned by: | devel |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | opensc | Version: | trunk |
| Severity: | major | Keywords: | reader hotplug |
| Cc: | Blocked By: | ||
| Blocking: |
Description
Currently opensc operates with some blue-eyed assumptions - like readers are static. I describe a stiuation: 1) You open mozilla, where opensc pkcs11 module is configured on a computer that has no reader attached 2) You visit some https pages, the pkcs11 module gets loaded and discoveres that there are no readers and fails 3) you then connect a reader and try to visit some page that needs authentication via pkcs11 module - you fail.
This is not acceptable. Very often people see that everything is OK as the module is loaded when there actually IS a reader connected to the computer. In that case you can remove the reader, press ctrl-r on the page that needs authentication, fail with mozilla error, reconnect the reader and press ctrl-r and get a correct page again. But if you change the reader (the name changes in case you use pcsc) pkcs11 module fails again.
Currently even loading the module fails if you have no readers configured - this can be worked around in slot.c and ctx.c - a context can be created even with no readers found and
Any design tips to fix this ?
Change History
comment:2 Changed 5 years ago by martin
- Priority changed from high to normal
- Type changed from defect to enhancement
- Milestone set to Someday
As more and more people use laptops and hotplugging is a normal activity, we need to make sure that opensc (or our pkcs#11 module) can live in such environment. The main usecase would be a single reader being plugged and unplugged several times during the lifecycle of the loaded module. 95% of end-users have a single reader they want to plug and unplug rather than have 3 different readers via 3 different subsystems (openct, ctapi, pcsc) that should work all the time. So we should make sure that we can:
- load the module with no readers connected into firefox
- connect the reader later on
- insert a card and use it to do SSL
- remove the reader and replace it with another one
- still use the card.
comment:3 Changed 5 years ago by aj
- Status changed from new to closed
- Resolution set to invalid
openct works with virtual readers. drivers on windows too. pcsc ifdhandlers should have the same assumption. thus not an opensc bug.
comment:4 Changed 5 years ago by martin
- Status changed from closed to reopened
- Resolution invalid deleted
This is mostly a problem with pkcs11 and has more information (especially about virtual readers/slots) @ http://www.opensc-project.org/pipermail/opensc-devel/2007-April/009736.html
Preallocation of slots is a standard technique to support hotplugging. Before PKCS #11 2.20, PKCS #11 modules were not allowed to change their slot count between C_Initialize and C_Finalize. Even after PKCS #11 2.20, applications don't always query the module once it's initialized to see if more slots have been added (slots can still never all go away).
As I said - it is not a defect, it is an enhancement. OpenSC operates on top of readers and ifdhandlers and it should always work, no matter how the drivers are implemented. Currently the scenario described here does not. So the issue is perfectly valid.
comment:6 follow-up: ↓ 7 Changed 3 years ago by martin
- Version changed from devel to trunk
- Milestone changed from Someday to 0.11.7
Two separate problems:
- How libopensc handles reader hotplugging in longrunning processes
- How PKCS#11 module presents the problem and the solution to longrunning cryptoki applications
comment:7 in reply to: ↑ 6 ; follow-up: ↓ 8 Changed 2 years ago by jmpoure
At first, when using OpenSC I got really confused:
- If you boot with reader blugged-in,
opensc-tool -l answers "no reader found"
Even restarting /etc/init.d/pcscd did nothing to help detection.
- You need to unplug/replug the smart card device after boot.
This is no problem for an end-user, but in case of a dedicated server running in a machine center, this is a problem ...
Is there a way to force detection by command line.
comment:8 in reply to: ↑ 7 Changed 2 years ago by martin
Replying to jmpoure:
Even restarting /etc/init.d/pcscd did nothing to help detection.
Do you use a Debian/Ubuntu? system? I've occasionally encountered the same problem with Ubungu but there's not much OpenSC can do here - it is a bug in either linux kernel/hotplugging/distro integration/pcscd/ccid driver - layers above OpenSC code.
comment:9 follow-up: ↓ 10 Changed 2 years ago by jmpoure
Yes, I do use Debian SID distro. The same problem arized when compiling from source code or using packages. I will inquire further, thanks!
comment:10 in reply to: ↑ 9 Changed 2 years ago by ludovic
Replying to jmpoure:
Yes, I do use Debian SID distro. The same problem arized when compiling from source code or using packages. I will inquire further, thanks!
Please generate a pcscd trace as described in http://pcsclite.alioth.debian.org/ccid.html#support but change the value of LIBCCID_ifdLogLevel from 0x0007 to 0x000f to have a full log.
What reader are you using?
comment:11 Changed 2 years ago by jmpoure
- CCID driver version
libccid 1.3.11-1
- Operating system name and version
Debian SID
- pcsc-lite version
pcscd 1.5.5-1
- smart card reader name
Rockey R301, Ominikey cardman 3121, Ominikey cardman 3621
- the output of the command "/usr/sbin/pcscd --version"
/usr/sbin/pcscd --version pcsc-lite version 1.5.5. Copyright (C) 1999-2002 by David Corcoran <corcoran@linuxnet.com>. Copyright (C) 2001-2008 by Ludovic Rousseau <ludovic.rousseau@free.fr>. Copyright (C) 2003-2004 by Damien Sauveron <sauveron@labri.fr>. Report bugs to <muscle@lists.musclecard.com>. Enabled features: Linux libhal usbdropdir=/usr/lib/pcsc/drivers confdir=/etc ipcdir=/var/run/pcscd
OpenSC trace log:
1 2010-01-15 17:23:22.120 [opensc-tool] ctx.c:716:sc_context_create: =================================== 2 2010-01-15 17:23:22.120 [opensc-tool] ctx.c:717:sc_context_create: opensc version: 0.12.0-svn 3 2010-01-15 17:23:22.120 [opensc-tool] reader-pcsc.c:698:pcsc_init: PC/SC options: connect_reset=1 connect_exclusive=0 transaction_reset=0 enable_pinpad=1 4 2010-01-15 17:23:22.135 [opensc-tool] reader-pcsc.c:799:pcsc_detect_readers: called 5 2010-01-15 17:23:22.135 [opensc-tool] reader-pcsc.c:806:pcsc_detect_readers: Probing pcsc readers 6 2010-01-15 17:23:22.135 [opensc-tool] reader-pcsc.c:828:pcsc_detect_readers: Establish pcsc context 7 2010-01-15 17:23:22.135 [opensc-tool] reader-pcsc.c:823:pcsc_detect_readers: SCardListReaders failed: 0x8010002e 8 2010-01-15 17:23:22.135 [opensc-tool] reader-pcsc.c:1027:pcsc_detect_readers: returning with: -1101 9 2010-01-15 17:23:22.135 [opensc-tool] ctx.c:746:sc_release_context: called
Now pcscd log:
acer:/tmp# LIBCCID_ifdLogLevel=0x0007 acer:/tmp# export LIBCCID_ifdLogLevel acer:/tmp# pcscd --foreground --debug --apdu 00000000 debuglog.c:230:DebugLogSetLevel() debug level=debug 00000077 debuglog.c:259:DebugLogSetCategory() Debug options: APDU 00000961 pcscdaemon.c:512:main() pcsc-lite 1.5.5 daemon ready. 00333813 hotplug_libhal.c:318:get_driver() Looking a driver for VID: 0x5986, PID: 0x0102 00001526 hotplug_libhal.c:318:get_driver() Looking a driver for VID: 0x5986, PID: 0x0102 00001920 hotplug_libhal.c:318:get_driver() Looking a driver for VID: 0x1D6B, PID: 0x0002 00002397 hotplug_libhal.c:318:get_driver() Looking a driver for VID: 0x1D6B, PID: 0x0001 00002349 hotplug_libhal.c:318:get_driver() Looking a driver for VID: 0x04F3, PID: 0x0230 00002030 hotplug_libhal.c:318:get_driver() Looking a driver for VID: 0x1D6B, PID: 0x0001 00002856 hotplug_libhal.c:318:get_driver() Looking a driver for VID: 0x096E, PID: 0x0503 00000019 hotplug_libhal.c:366:HPAddDevice() Adding USB device: usb_device_96e_503_noserial_if0 01002056 readerfactory.c:1024:RFInitializeReader() Attempting startup of Feitian SCR301 00 00 using /usr/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Linux/libccid.so 00000452 readerfactory.c:877:RFBindFunctions() Loading IFD Handler 3.0 00000073 ifdhandler.c:1532:init_driver() Driver version: 1.3.11 00000651 ifdhandler.c:1545:init_driver() LogLevel: 0x0003 00000020 ifdhandler.c:1555:init_driver() LogLevel from LIBCCID_ifdLogLevel: 0x0007 00000554 ifdhandler.c:1565:init_driver() DriverOptions: 0x0000 00000017 ifdhandler.c:82:IFDHCreateChannelByName() lun: 0, device: usb:096e/0503:libhal:/org/freedesktop/Hal/devices/usb_device_96e_503_noserial_if0 00000029 ccid_usb.c:162:OpenUSBByName() Reader index: 0, Device: usb:096e/0503:libhal:/org/freedesktop/Hal/devices/usb_device_96e_503_noserial_if0 00145429 ccid_usb.c:285:OpenUSBByName() Manufacturer: Ludovic Rousseau (ludovic.rousseau@free.fr) 00000576 ccid_usb.c:295:OpenUSBByName() ProductString: Generic CCID driver 00000556 ccid_usb.c:301:OpenUSBByName() Copyright: This driver is protected by terms of the GNU Lesser General Public License version 2.1, or (at your option) any later version. 00113175 ccid_usb.c:383:OpenUSBByName() Checking device: 005/003 00000020 ccid_usb.c:437:OpenUSBByName() Trying to open USB bus/device: 005/003 00000074 ccid_usb.c:494:OpenUSBByName() Can't claim interface 005/003: Device or resource busy 00006609 ifdhandler.c:104:IFDHCreateChannelByName() failed 00000020 readerfactory.c:1050:RFInitializeReader() Open Port 200000 Failed (usb:096e/0503:libhal:/org/freedesktop/Hal/devices/usb_device_96e_503_noserial_if0) 00000009 readerfactory.c:914:RFUnloadReader() Unloading reader driver. 00000057 readerfactory.c:233:RFAddReader() Feitian SCR301 init failed. 00002237 hotplug_libhal.c:318:get_driver() Looking a driver for VID: 0x1D6B, PID: 0x0001 00009447 hotplug_libhal.c:318:get_driver() Looking a driver for VID: 0x1D6B, PID: 0x0002 00002430 hotplug_libhal.c:318:get_driver() Looking a driver for VID: 0x1D6B, PID: 0x0001 00002405 hotplug_libhal.c:318:get_driver() Looking a driver for VID: 0x1D6B, PID: 0x0001
comment:12 Changed 2 years ago by jmpoure
Now if I replug manually:
00000028 winscard.c:253:SCardReleaseContext() Releasing Context: 17016415 00000105 winscard_msg_srv.c:306:SHMProcessEventsContext() Client has disappeared: 6 00000031 winscard_svc.c:146:ContextThread() Client die: 6 03955870 hotplug_libhal.c:500:HPRemoveDevice() Removing USB device[0]: usb_device_96e_503_noserial_if0 01993430 hotplug_libhal.c:318:get_driver() Looking a driver for VID: 0x096E, PID: 0x0503 00000037 hotplug_libhal.c:366:HPAddDevice() Adding USB device: usb_device_96e_503_noserial_if0 01001990 readerfactory.c:1024:RFInitializeReader() Attempting startup of Feitian SCR301 00 00 using /usr/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Linux/libccid.so 00000416 readerfactory.c:877:RFBindFunctions() Loading IFD Handler 3.0 00000081 ifdhandler.c:1532:init_driver() Driver version: 1.3.11 00000660 ifdhandler.c:1545:init_driver() LogLevel: 0x0003 00000020 ifdhandler.c:1555:init_driver() LogLevel from LIBCCID_ifdLogLevel: 0x0007 00000556 ifdhandler.c:1565:init_driver() DriverOptions: 0x0000 00000017 ifdhandler.c:82:IFDHCreateChannelByName() lun: 0, device: usb:096e/0503:libhal:/org/freedesktop/Hal/devices/usb_device_96e_503_noserial_if0 00000029 ccid_usb.c:162:OpenUSBByName() Reader index: 0, Device: usb:096e/0503:libhal:/org/freedesktop/Hal/devices/usb_device_96e_503_noserial_if0 00001540 ccid_usb.c:285:OpenUSBByName() Manufacturer: Ludovic Rousseau (ludovic.rousseau@free.fr) 00000560 ccid_usb.c:295:OpenUSBByName() ProductString: Generic CCID driver 00000608 ccid_usb.c:301:OpenUSBByName() Copyright: This driver is protected by terms of the GNU Lesser General Public License version 2.1, or (at your option) any later version. 00110141 ccid_usb.c:383:OpenUSBByName() Checking device: 005/004 00000020 ccid_usb.c:437:OpenUSBByName() Trying to open USB bus/device: 005/004 00000068 ccid_usb.c:501:OpenUSBByName() Found Vendor/Product: 096E/0503 (Feitian SCR301) 00000009 ccid_usb.c:503:OpenUSBByName() Using USB bus/device: 005/004 00000009 ccid_usb.c:949:ControlUSB() request: 0x03 00002473 receive: 00 2A 00 00 00000023 ccid_usb.c:929:get_data_rates() declared: 10752 bps 00000962 NotifySlotChange: 50 03 00002008 ifdhandler.c:364:IFDHGetCapabilities() tag: 0xFB0, usb:096e/0503:libhal:/org/freedesktop/Hal/devices/usb_device_96e_503_noserial_if0 (lun: 0) 00000012 readerfactory.c:249:RFAddReader() Using the pcscd polling thread 00002036 ifdhandler.c:364:IFDHGetCapabilities() tag: 0xFAE, usb:096e/0503:libhal:/org/freedesktop/Hal/devices/usb_device_96e_503_noserial_if0 (lun: 0) 00000014 ifdhandler.c:418:IFDHGetCapabilities() Reader supports 1 slot(s) 00003933 ifdhandler.c:1043:IFDHPowerICC() action: PowerUp, usb:096e/0503:libhal:/org/freedesktop/Hal/devices/usb_device_96e_503_noserial_if0 (lun: 0) 00000021 -> 000000 62 00 00 00 00 00 04 01 00 00 00448001 <- 000000 80 17 00 00 00 00 04 00 00 00 3B 9F 95 81 31 FE 9F 00 65 46 53 05 30 06 71 DF 00 00 00 81 61 10 C6 00000077 Card ATR: 3B 9F 95 81 31 FE 9F 00 65 46 53 05 30 06 71 DF 00 00 00 81 61 10 C6
comment:13 Changed 2 years ago by ludovic
00000020 ccid_usb.c:437:OpenUSBByName() Trying to open USB bus/device: 005/003 00000074 ccid_usb.c:494:OpenUSBByName() Can't claim interface 005/003: Device or resource busy 00006609 ifdhandler.c:104:IFDHCreateChannelByName() failed
Your device is already in use. Maybe by OpenCT?
Remove/uninstall OpenCT and try again.
comment:14 Changed 2 years ago by jmpoure
Thanks. Removing OpenCT worked as expected. Thanks!
In fact, OpenCT was installed and disabled in /etc/opensc/opensc.conf. So it did not catch my eye. I now completely remove OpenCT package.
comment:15 follow-up: ↓ 16 Changed 2 years ago by jmpoure
When pcscd starts, it may call OpenCT libraries using /etc/opensc/opensc.conf. So I don't see any reason to have an idependant OpenCT package in Debian. Right or wrong?
comment:16 in reply to: ↑ 15 Changed 2 years ago by ludovic
Replying to jmpoure:
When pcscd starts, it may call OpenCT libraries using /etc/opensc/opensc.conf. So I don't see any reason to have an idependant OpenCT package in Debian. Right or wrong?
What would that solve? Why would pcscd call OpenCT?
comment:17 follow-up: ↓ 18 Changed 2 years ago by jmpoure
Sorry for the confusion. This is a Debian packaging issue:
- OpenCT and OpenSC packages can be installed at the same time.
- OpenSC depends on libopenCT, which means that opensc uses libopenCT libraries.
So it seems to me that OpenCT and OpenSC packages should no be installed together.
When installing OpenSC, it should trigger uninstallation of OpenCT. And conversly.
What do you think? Should I open a bug on Debian packaging?
comment:18 in reply to: ↑ 17 Changed 2 years ago by ludovic
Replying to jmpoure:
Sorry for the confusion. This is a Debian packaging issue:
- OpenCT and OpenSC packages can be installed at the same time.
- OpenSC depends on libopenCT, which means that opensc uses libopenCT libraries.
So it seems to me that OpenCT and OpenSC packages should no be installed together.
When installing OpenSC, it should trigger uninstallation of OpenCT. And conversly.
What do you think?
OpenSC should not Depends: on OpenCT Recent OpenSC does not use OpenCT by default.
Should I open a bug on Debian packaging?
The Debian OpenSC package is configured to use both OpenCT and PC/SC. You can file a bug asking for a removal of OpenCT support.
comment:19 Changed 2 years ago by aj
valid combinations are: a) use opensc with openct b) use opensc with pcsc-lite and a driver such as ccid.
in very special cases you can also use the chain opensc with pcsc-lite and openct as driver, but only if you know what you are doing (tm).
