Page MenuHome GnuPG

scdaemon: PC/SC "No such device" without reader-port
Closed, ResolvedPublic

Description

I am using a YubiKey 5 NFC with GnuPG via PC/SC. I have added disable-ccid to scdaemon.conf (to avoid conflicting with pcscd, based on https://bugs.debian.org/854005 https://github.com/LudovicRousseau/PCSC/issues/65 and https://ludovicrousseau.blogspot.com/2019/06/gnupg-and-pcsc-conflicts.html ). With the YubiKey inserted (as shown by pcsc_scan) gpg --card-status prints:

gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device

With debug-level expert, scdaemon logs:

2020-07-16 16:53:22 scdaemon[5479] listening on socket '/run/user/1000/gnupg/S.scdaemon'
2020-07-16 16:53:22 scdaemon[5479] handler for fd -1 started
2020-07-16 16:53:22 scdaemon[5479] DBG: chan_7 -> OK GNU Privacy Guard's Smartcard server ready
2020-07-16 16:53:22 scdaemon[5479] DBG: chan_7 <- GETINFO socket_name
2020-07-16 16:53:22 scdaemon[5479] DBG: chan_7 -> D /run/user/1000/gnupg/S.scdaemon
2020-07-16 16:53:22 scdaemon[5479] DBG: chan_7 -> OK
2020-07-16 16:53:22 scdaemon[5479] DBG: chan_7 <- OPTION event-signal=12
2020-07-16 16:53:22 scdaemon[5479] DBG: chan_7 -> OK
2020-07-16 16:53:22 scdaemon[5479] DBG: chan_7 <- GETINFO version
2020-07-16 16:53:22 scdaemon[5479] DBG: chan_7 -> D 2.2.20
2020-07-16 16:53:22 scdaemon[5479] DBG: chan_7 -> OK
2020-07-16 16:53:22 scdaemon[5479] DBG: chan_7 <- SERIALNO
2020-07-16 16:53:23 scdaemon[5479] detected reader 'Lenovo Integrated Smart Card Reader 00 00'
2020-07-16 16:53:23 scdaemon[5479] detected reader 'Yubico YubiKey FIDO+CCID 01 00'
2020-07-16 16:53:23 scdaemon[5479] detected reader ''
2020-07-16 16:53:23 scdaemon[5479] reader slot 0: not connected
2020-07-16 16:53:23 scdaemon[5479] reader slot 0: not connected
2020-07-16 16:53:23 scdaemon[5479] DBG: chan_7 -> ERR 100696144 No such device <SCD>
2020-07-16 16:53:23 scdaemon[5479] DBG: chan_7 <- RESTART
2020-07-16 16:53:23 scdaemon[5479] DBG: chan_7 -> OK

After many hours of investigating, I was able to make the card work by adding reader-port Yubico YubiKey FIDO+CCID to scdaemon.conf. To save those hours for future users, I suggest that scdaemon not require reader-port for PC/SC when only one card is inserted (and for parity with the built-in CCID driver, which works for me without reader-port). If that is not possible, I would suggest the scdaemon output and log to give some indication that reader-port is required to resolve the No such device/`not connected' error, which was not apparent to me.

Thanks for considering,
Kevin

Details

Version
2.2.20

Event Timeline

gniibe triaged this task as Normal priority.
gniibe added a project: Testing.
gniibe added a subscriber: gniibe.

Thanks for your report.
Major reason was multiple card readers/tokens were not supported by PC/SC handling of scdaemon, only a single reader was assumed, so, user had to specify one if it's not the first one.
Multiple reader by PC/SC support was added in master (to be 2.3), so, I think the problem is solved in master.

It was tracked by T3300: scd: Support multiple readers by PC/SC driver.
But T3300 had not got much interest, for some reason.
Then, it was supported while handling T4301: Handling multiple subkeys on two SmartCards.

Thanks for the detailed explanation, I'm glad to hear it! Out of curiosity, I tried running echo 'serialno openpgp' | ./scd/scdaemon --log-file - -v --server built from 43000b043 and it printed:

scdaemon[72566]: NOTE: this is a development version!
scdaemon[72566]: enabled debug flags: cache ipc cardio
2020-07-16 19:12:18 scdaemon[72566] handler for fd -1 started
2020-07-16 19:12:18 scdaemon[72566] DBG: chan_5 -> OK GNU Privacy Guard's Smartcard server ready
OK GNU Privacy Guard's Smartcard server ready
2020-07-16 19:12:18 scdaemon[72566] DBG: chan_5 <- serialno openpgp
2020-07-16 19:12:18 scdaemon[72566] detected reader 'Lenovo Integrated Smart Card Reader 00 00'
2020-07-16 19:12:18 scdaemon[72566] detected reader 'Yubico YubiKey FIDO+CCID 01 00'
2020-07-16 19:12:18 scdaemon[72566] reader slot 0: not connected
2020-07-16 19:12:18 scdaemon[72566] reader slot 0: not connected
2020-07-16 19:12:18 scdaemon[72566] DBG: chan_5 -> S PINCACHE_PUT 0// 
S PINCACHE_PUT 0// 
Segmentation fault

with backtrace

#0  __strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:120
#1  0x00007ffff7e952b3 in _gcry_strdup_core (string=string@entry=0x0, 
    xhint=xhint@entry=0) at ../../src/global.c:1086
#2  0x00007ffff7e95fb7 in _gcry_strdup (string=string@entry=0x0)
    at ../../src/global.c:1106
#3  0x00007ffff7e93645 in gcry_strdup (string=string@entry=0x0)
    at ../../src/visibility.c:1524
#4  0x0000555555566b4d in open_pcsc_reader (rdrname=rdrname@entry=0x0)
    at apdu.c:1191
#5  0x00005555555688ff in apdu_open_reader (dl=0x7ffff0001fe0) at apdu.c:2178
#6  0x00005555555734ca in select_application (ctrl=ctrl@entry=0x5555555e0470, 
    name=<optimized out>, name@entry=0x7ffff0002989 "openpgp", 
    r_card=r_card@entry=0x5555555e0480, scan=scan@entry=1, 
    serialno_bin=serialno_bin@entry=0x0, serialno_bin_len=0) at app.c:686
#7  0x0000555555560ef5 in open_card_with_request (opt_all=0, 
    serialno=<optimized out>, apptypestr=<optimized out>, ctrl=0x5555555e0470)
    at command.c:266
#8  cmd_serialno (ctx=0x7ffff0002830, line=<optimized out>) at command.c:332
#9  0x00007ffff7e0fa21 in dispatch_command (ctx=0x7ffff0002830, 
    line=0x7ffff0002989 "openpgp", linelen=<optimized out>)
    at ../../src/assuan-handler.c:676
#10 0x00007ffff7e0fd89 in process_request (ctx=0x7ffff0002830)
    at ../../src/assuan-handler.c:872
#11 assuan_process (ctx=0x7ffff0002830) at ../../src/assuan-handler.c:895
#12 0x0000555555562b5b in scd_command_handler (ctrl=0x5555555e0470, 
    fd=<optimized out>) at command.c:2344
#13 0x000055555555fa45 in start_connection_thread (
    arg=arg@entry=0x5555555e0470) at scdaemon.c:1188
#14 0x00007ffff7e034be in thread_start (startup_arg=<optimized out>)
    at ../../src/npth.c:306
#15 0x00007ffff7de8f27 in start_thread (arg=<optimized out>)
    at pthread_create.c:479
#16 0x00007ffff7cf731f in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

I'm not sure if that's useful or more likely a problem with how I'm testing. Let me know if there's anything else I can do to help test. Otherwise, I'll look forward to the release of 2.3!

Thanks for your testing.

While it surely detects two readers, something seems wrong. Perhaps, error handling for the first reader with no card may be bad.

Could you please add --debug-all --debug-level guru to get more information?

Ah, I identified an issue.
While it's in a loop of trying readers (in select_application in scd/app.c), it should not deallocate resources to access readers, even if reference count == 0.
I'll fix.

Thanks again @gniibe! In case it's still useful, I bisected to 1080e91ef. The output with --debug-all --debug-level guru is:

scdaemon[416874]: reading options from '/home/kevin/.gnupg/scdaemon.conf'
scdaemon[416874]: reading options from '[cmdline]'
scdaemon[416874]: NOTE: this is a development version!
scdaemon[416874]: enabled debug flags: mpi crypto memory cache memstat hashing ipc cardio reader app
2020-07-16 20:13:00 scdaemon[416874] handler for fd -1 started
2020-07-16 20:13:00 scdaemon[416874] DBG: chan_5 -> OK GNU Privacy Guard's Smartcard server ready
OK GNU Privacy Guard's Smartcard server ready
2020-07-16 20:13:00 scdaemon[416874] DBG: chan_5 <- serialno
2020-07-16 20:13:00 scdaemon[416874] detected reader 'Lenovo Integrated Smart Card Reader 00 00'
2020-07-16 20:13:00 scdaemon[416874] detected reader 'Yubico YubiKey FIDO+CCID 01 00'
2020-07-16 20:13:00 scdaemon[416874] DBG: apdu_open_reader: Lenovo Integrated Smart Card Reader 00 00
2020-07-16 20:13:00 scdaemon[416874] DBG: apdu_open_reader: new device=Lenovo Integrated Smart Card Reader 00 00
2020-07-16 20:13:00 scdaemon[416874] reader slot 0: not connected
2020-07-16 20:13:00 scdaemon[416874] DBG: enter: apdu_connect: slot=0
2020-07-16 20:13:00 scdaemon[416874] reader slot 0: not connected
2020-07-16 20:13:00 scdaemon[416874] DBG: leave: apdu_connect => sw=0x10008
2020-07-16 20:13:00 scdaemon[416874] DBG: chan_5 -> S PINCACHE_PUT 0// 
S PINCACHE_PUT 0// 
2020-07-16 20:13:00 scdaemon[416874] DBG: enter: apdu_close_reader: slot=0
2020-07-16 20:13:00 scdaemon[416874] DBG: enter: apdu_disconnect: slot=0
2020-07-16 20:13:00 scdaemon[416874] DBG: leave: apdu_disconnect => sw=0x0
2020-07-16 20:13:00 scdaemon[416874] DBG: leave: apdu_close_reader => 0x0 (close_reader)
2020-07-16 20:13:00 scdaemon[416874] DBG: apdu_open_reader: (null)
2020-07-16 20:13:00 scdaemon[416874] DBG: apdu_open_reader: new device=(null)

46d185f60 doesn't segfault and does prints the YubiKey card information, even without reader-port configured. Perfect! That will fix the issue for me. Looking forward to seeing it released. Thanks again @gniibe!

I am happy that your use case will be supported, and the bug was fixed before the release.
It's me who say "thank you" to you!

That could also be the reason for some strange behaviour I have sometimes with my bunch or readers. I have not had the time to look into this and thus opted for a gpgconf --kill scdaemon which fixes things quickly but of course this is a bad workaround.

gniibe changed the task status from Open to Testing.Nov 10 2020, 4:00 AM