Page MenuHome GnuPG

[smartcard] Decryption fails and breaks smartcard reader (Alcor Micro)
Closed, ResolvedPublic

Description

Hi,

I recently got a new laptop (ThinkPad X250) which has an integrated smartcard
reader:

Bus 001 Device 003: ID 058f:9540 Alcor Micro Corp.

so I've started using it instead of the ExpressCard Gemalto one I was using
before.

Since the only smartcard I have is the OpenPGP smartcard, I usually don't use
PC/SC daemon but rather use only gnupg/scdaemon, which access the reader
directly.

This was working fine with the Gemalto reader (USB2), but on the Alcor Micro one
(which is on USB3, in case it matters), when *not* using PC/SC, decryption fails
. After that, I can't access the smartcard at all. gpg --card-status reports:

gpg: selecting openpgp failed: Card reset required

Restarting the laptop in order to completely reset the smartcard reader is the
only way to get the correct behavior back.

When using PC/SC to access the reader, the decryption works fine.

If you need some more info, please ask. In particular I'm unsure which kind of
logs you'd need (scdaemon? gnupg? gpg-agent?).

Regards,

Details

Version
2.1.2

Event Timeline

Please give me the output of lsusb -v -d 058f:9540
and debug log of scdaemon.
Do you mean --card-status works bug --decrypt fails?

gniibe added a project: scd.
gniibe removed a project: OpenPGP.

Here's the lsusb output:

Bus 001 Device 002: ID 058f:9540 Alcor Micro Corp.
Device Descriptor:

bLength                18
bDescriptorType         1
bcdUSB               2.01
bDeviceClass            0 (Defined at Interface level)
bDeviceSubClass         0 
bDeviceProtocol         0 
bMaxPacketSize0         8
idVendor           0x058f Alcor Micro Corp.
idProduct          0x9540 
bcdDevice            1.20
iManufacturer           1 Generic
iProduct                2 EMV Smartcard Reader
iSerial                 0 
bNumConfigurations      1
Configuration Descriptor:
  bLength                 9
  bDescriptorType         2
  wTotalLength           93
  bNumInterfaces          1
  bConfigurationValue     1
  iConfiguration          0 
  bmAttributes         0xa0
    (Bus Powered)
    Remote Wakeup
  MaxPower               50mA
  Interface Descriptor:
    bLength                 9
    bDescriptorType         4
    bInterfaceNumber        0
    bAlternateSetting       0
    bNumEndpoints           3
    bInterfaceClass        11 Chip/SmartCard
    bInterfaceSubClass      0 
    bInterfaceProtocol      0 
    iInterface              0 
    ChipCard Interface Descriptor:
      bLength                54
      bDescriptorType        33
      bcdCCID              1.10  (Warning: Only accurate for version 1.0)
      nMaxSlotIndex           0
      bVoltageSupport         7  5.0V 3.0V 1.8V 
      dwProtocols             3  T=0 T=1
      dwDefaultClock       3700
      dwMaxiumumClock     12000
      bNumClockSupported      3
      dwDataRate           9946 bps
      dwMaxDataRate      688172 bps
      bNumDataRatesSupp.    138
      dwMaxIFSD             254
      dwSyncProtocols  00000007  2-wire 3-wire I2C
      dwMechanical     00000000 
      dwFeatures       000404BE
        Auto configuration based on ATR
        Auto activation on insert
        Auto voltage selection
        Auto clock change
        Auto baud rate change
        Auto PPS made by CCID
        Auto IFSD exchange
        Short and extended APDU level exchange
      dwMaxCCIDMsgLen       272
      bClassGetResponse    echo
      bClassEnvelope       echo
      wlcdLayout           none
      bPINSupport             0 
      bMaxCCIDBusySlots       1
    Endpoint Descriptor:
      bLength                 7
      bDescriptorType         5
      bEndpointAddress     0x81  EP 1 IN
      bmAttributes            3
        Transfer Type            Interrupt
        Synch Type               None
        Usage Type               Data
      wMaxPacketSize     0x0004  1x 4 bytes
      bInterval               1
    Endpoint Descriptor:
      bLength                 7
      bDescriptorType         5
      bEndpointAddress     0x02  EP 2 OUT
      bmAttributes            2
        Transfer Type            Bulk
        Synch Type               None
        Usage Type               Data
      wMaxPacketSize     0x0010  1x 16 bytes
      bInterval               0
    Endpoint Descriptor:
      bLength                 7
      bDescriptorType         5
      bEndpointAddress     0x83  EP 3 IN
      bmAttributes            2
        Transfer Type            Bulk
        Synch Type               None
        Usage Type               Data
      wMaxPacketSize     0x0010  1x 16 bytes
      bInterval               0

Binary Object Store Descriptor:

bLength                 5
bDescriptorType        15
wTotalLength           12
bNumDeviceCaps          1
USB 2.0 Extension Device Capability:
  bLength                 7
  bDescriptorType        16
  bDevCapabilityType      2
  bmAttributes   0x00000002
    Link Power Management (LPM) Supported

Device Status: 0x0000

  (Bus Powered)

For the scdaemon log, do you need it:

  • with pcscd running or with GnuPG direct ccid implementation?
  • in “working” condition (for example doing a gpg --card-status or gpg --sign)?
  • during the “breakage” (doing a gpg --decrypt)
  • in “broken” condition (after doing a gpg --decrypt).

Sorry if my report wasn't so clear. The broken behavior only appears:

  • when using GnuPG ccid implementation (instead of pcscd);
  • when doing a decrypt operation (maybe also an encrypt, I didn't check yet, but I'd be surprised since the smartcard hardly do any job here)

After trying a decrypt operation, the USB reader is in a non working condition, and I can only restore working condition by doing a reboot (I'v
tried to cut power to the USB bus but that doesn't seem enough).

gniibe removed a project: Restricted Project.