Page MenuHome GnuPG
Create Task
Maniphest T5144

scd: Fails/crashes on SCD LEARN --keypairinfo for NetKey cards
Closed, ResolvedPublic
Actions

Description

scdaemon master fails (crashes?) on SCD LEARN --keypairinfo with a NetKey card.

$ /opt/gnupg/master/lib/scdaemon --version
scdaemon (GnuPG) 2.3.0-beta1481
libgcrypt 1.9.0
libksba 1.4.1-beta3

How to reproduce:
Plug in card reader (I have an IDENTIV SPR332 V2) and insert NetKey card. Then run

$ GNUPGHOME=$HOME/.cache/gnupg-master-home gpg-connect-agent "SCD SERIALNO" /bye
gpg-connect-agent: no running gpg-agent - starting '/opt/gnupg/master/bin/gpg-agent'
gpg-connect-agent: waiting for the agent to come up ... (5s)
gpg-connect-agent: connection to the agent established
S SERIALNO 89490173300026616520
OK

$ GNUPGHOME=$HOME/.cache/gnupg-master-home gpg-connect-agent "SCD LEARN --keypairinfo" /bye
S CHV-STATUS -4+0+-4+0
ERR 67125247 End of file <GPG Agent>

ps ux shows that scdaemon is not running anymore.

scdaemon.log:

2020-11-18 11:36:59 scdaemon[9710] listening on socket '/run/user/1000/gnupg/d.d3fs1jcrisxu37hd9e8gpk7n/S.scdaemon'
2020-11-18 11:36:59 scdaemon[9710] handler for fd -1 started
2020-11-18 11:36:59 scdaemon[9710] DBG: chan_7 -> OK GNU Privacy Guard's Smartcard server ready
2020-11-18 11:36:59 scdaemon[9710] DBG: chan_7 <- GETINFO socket_name
2020-11-18 11:36:59 scdaemon[9710] DBG: chan_7 -> D /run/user/1000/gnupg/d.d3fs1jcrisxu37hd9e8gpk7n/S.scdaemon
2020-11-18 11:36:59 scdaemon[9710] DBG: chan_7 -> OK
2020-11-18 11:36:59 scdaemon[9710] DBG: chan_7 <- OPTION event-signal=12
2020-11-18 11:36:59 scdaemon[9710] DBG: chan_7 -> OK
2020-11-18 11:36:59 scdaemon[9710] DBG: chan_7 <- SERIALNO
2020-11-18 11:37:00 scdaemon[9710] reader slot 0: using ccid driver
2020-11-18 11:37:00 scdaemon[9710] slot 0: ATR=3bbf96008131fe5d00640411030131c073f701d00090007d
2020-11-18 11:37:00 scdaemon[9710] DBG: send apdu: c=00 i=A4 p1=00 p2=0C lc=2 le=-1 em=0
2020-11-18 11:37:00 scdaemon[9710] DBG:  raw apdu: 00a4000c023f00
2020-11-18 11:37:00 scdaemon[9710] DBG:  response: sw=9000  datalen=0
2020-11-18 11:37:00 scdaemon[9710] DBG:      dump: [all zero]
2020-11-18 11:37:00 scdaemon[9710] DBG: send apdu: c=00 i=A4 p1=02 p2=0C lc=2 le=-1 em=0
2020-11-18 11:37:00 scdaemon[9710] DBG:  raw apdu: 00a4020c022f02
2020-11-18 11:37:00 scdaemon[9710] DBG:  response: sw=9000  datalen=0
2020-11-18 11:37:00 scdaemon[9710] DBG:      dump: [all zero]
2020-11-18 11:37:00 scdaemon[9710] DBG: send apdu: c=00 i=B0 p1=00 p2=00 lc=-1 le=0 em=0
2020-11-18 11:37:00 scdaemon[9710] DBG:  raw apdu: 00b0000000
2020-11-18 11:37:00 scdaemon[9710] DBG:  response: sw=9000  datalen=12
2020-11-18 11:37:00 scdaemon[9710] DBG:      dump: 5a0a89490173300026616520
2020-11-18 11:37:00 scdaemon[9710] DBG: send apdu: c=00 i=B0 p1=00 p2=0C lc=-1 le=0 em=0
2020-11-18 11:37:00 scdaemon[9710] DBG:  raw apdu: 00b0000c00
2020-11-18 11:37:00 scdaemon[9710] DBG:  response: sw=6B00  datalen=0
2020-11-18 11:37:00 scdaemon[9710] DBG: send apdu: c=00 i=A4 p1=04 p2=00 lc=6 le=-1 em=0
2020-11-18 11:37:00 scdaemon[9710] DBG:  raw apdu: 00a4040006d27600012401
2020-11-18 11:37:00 scdaemon[9710] DBG:  response: sw=6700  datalen=0
2020-11-18 11:37:00 scdaemon[9710] DBG: send apdu: c=00 i=A4 p1=04 p2=00 lc=9 le=256 em=0
2020-11-18 11:37:00 scdaemon[9710] DBG:  raw apdu: 00a4040009a0000003080000100000
2020-11-18 11:37:00 scdaemon[9710] DBG:  response: sw=6A82  datalen=0
2020-11-18 11:37:00 scdaemon[9710] DBG: send apdu: c=00 i=A4 p1=04 p2=0C lc=7 le=-1 em=0
2020-11-18 11:37:00 scdaemon[9710] DBG:  raw apdu: 00a4040c07d2760000030102
2020-11-18 11:37:01 scdaemon[9710] DBG:  response: sw=9000  datalen=0
2020-11-18 11:37:01 scdaemon[9710] DBG:      dump: [all zero]
2020-11-18 11:37:01 scdaemon[9710] DBG:  raw apdu: 80aa060000
2020-11-18 11:37:01 scdaemon[9710] DBG:  response: sw=9000  datalen=16
2020-11-18 11:37:01 scdaemon[9710] DBG:       dump:  04110a15fa93318003030101010000009000
2020-11-18 11:37:01 scdaemon[9710] Detected NKS version: 3
2020-11-18 11:37:01 scdaemon[9710] DBG: chan_7 -> S SERIALNO 89490173300026616520
2020-11-18 11:37:01 scdaemon[9710] DBG: chan_7 -> OK
2020-11-18 11:37:01 scdaemon[9710] sending signal 12 to client 9708
2020-11-18 11:37:01 scdaemon[9710] DBG: chan_7 <- RESTART
2020-11-18 11:37:01 scdaemon[9710] DBG: chan_7 -> OK

2020-11-18 11:38:59 scdaemon[9710] DBG: chan_7 <- LEARN --keypairinfo
2020-11-18 11:38:59 scdaemon[9710] DBG:  raw apdu: 00200000
2020-11-18 11:38:59 scdaemon[9710] DBG:  response: sw=6985  datalen=0
2020-11-18 11:38:59 scdaemon[9710] DBG:  raw apdu: 00200001
2020-11-18 11:38:59 scdaemon[9710] DBG:  response: sw=63C0  datalen=0
2020-11-18 11:38:59 scdaemon[9710] nks: switching to SigG
2020-11-18 11:38:59 scdaemon[9710] DBG: send apdu: c=00 i=A4 p1=04 p2=0C lc=6 le=-1 em=0
2020-11-18 11:38:59 scdaemon[9710] DBG:  raw apdu: 00a4040c06d27600006601
2020-11-18 11:38:59 scdaemon[9710] DBG:  response: sw=9000  datalen=0
2020-11-18 11:38:59 scdaemon[9710] DBG:      dump: [all zero]
2020-11-18 11:38:59 scdaemon[9710] DBG: send apdu: c=00 i=A4 p1=02 p2=0C lc=2 le=-1 em=0
2020-11-18 11:38:59 scdaemon[9710] DBG:  raw apdu: 00a4020c025349
2020-11-18 11:39:00 scdaemon[9710] DBG:  response: sw=9000  datalen=0
2020-11-18 11:39:00 scdaemon[9710] DBG:      dump: [all zero]
2020-11-18 11:39:00 scdaemon[9710] DBG: send apdu: c=00 i=B2 p1=01 p2=04 lc=-1 le=0 em=0
2020-11-18 11:39:00 scdaemon[9710] DBG:  raw apdu: 00b2010400
2020-11-18 11:39:00 scdaemon[9710] DBG:  response: sw=9000  datalen=105
2020-11-18 11:39:00 scdaemon[9710] DBG:      dump: a04c830184941903008180200181802002818020038180200481802005082006 \
2020-11-18 11:39:00 scdaemon[9710] DBG:  8a0105a129910101ab1a87032a9e9aaf13a409950108830181830183b4069501 \
2020-11-18 11:39:00 scdaemon[9710] DBG:  30830175910102ab058401479700b6199501407b068001008901027a0c930200 \
2020-11-18 11:39:00 scdaemon[9710] DBG:  01a406830181830183
2020-11-18 11:39:00 scdaemon[9710] DBG:  raw apdu: 00200081
2020-11-18 11:39:00 scdaemon[9710] DBG:  response: sw=6985  datalen=0
2020-11-18 11:39:00 scdaemon[9710] DBG:  raw apdu: 00200083
2020-11-18 11:39:00 scdaemon[9710] DBG:  response: sw=63C0  datalen=0
2020-11-18 11:39:00 scdaemon[9710] DBG: chan_7 -> S CHV-STATUS -4+0+-4+0
2020-11-18 11:39:00 scdaemon[9710] nks: switching to NKS
2020-11-18 11:39:00 scdaemon[9710] DBG: send apdu: c=00 i=A4 p1=04 p2=0C lc=7 le=-1 em=0
2020-11-18 11:39:00 scdaemon[9710] DBG:  raw apdu: 00a4040c07d2760000030102
2020-11-18 11:39:01 scdaemon[9710] DBG:  response: sw=9000  datalen=0
2020-11-18 11:39:01 scdaemon[9710] DBG:      dump: [all zero]
2020-11-18 11:39:01 scdaemon[9710] DBG: send apdu: c=00 i=A4 p1=02 p2=0C lc=2 le=-1 em=0
2020-11-18 11:39:01 scdaemon[9710] DBG:  raw apdu: 00a4020c024531
2020-11-18 11:39:01 scdaemon[9710] DBG:  response: sw=9000  datalen=0
2020-11-18 11:39:01 scdaemon[9710] DBG:      dump: [all zero]
2020-11-18 11:39:01 scdaemon[9710] DBG: send apdu: c=00 i=B2 p1=01 p2=04 lc=-1 le=0 em=0
2020-11-18 11:39:01 scdaemon[9710] DBG:  raw apdu: 00b2010400
2020-11-18 11:39:01 scdaemon[9710] DBG:  response: sw=9000  datalen=256
2020-11-18 11:39:01 scdaemon[9710] DBG:      dump: baab9d7dacd69afa1c0ba4b58981c0a9a2d2290dcaab55ba972bf518adaeac91 \
2020-11-18 11:39:01 scdaemon[9710] DBG:  3c470597b3186bec6db2ee6250d1b3452ddd0937befc97e98070056abbfd3c02 \
2020-11-18 11:39:01 scdaemon[9710] DBG:  81838f19947a3abf8e1643543fedf4446fdef3fd268200df90ca1c2fcebcb205 \
2020-11-18 11:39:01 scdaemon[9710] DBG:  3b799b15a481425cc260c5b8979cb2127142217a0f0696b6d589941b88a46524 \
2020-11-18 11:39:01 scdaemon[9710] DBG:  8b14e7c69200f453bf59c1b53657cac334d90a658a22843c51e5d6440410b3be \
2020-11-18 11:39:01 scdaemon[9710] DBG:  5c74ea2111f51e483777ea09eca8d096e11d4e226fc827b1c59a44c6908301da \
2020-11-18 11:39:01 scdaemon[9710] DBG:  82b09dee52cf84501ff054a3ba085a1be36a5c443cdc63dc251a878053485a2e \
2020-11-18 11:39:01 scdaemon[9710] DBG:  069d9bf15fee32d770dd3250f56be6464ebf1ec7356783a3ec7c6c156f8d5ecb
2020-11-18 11:39:01 scdaemon[9710] DBG: send apdu: c=00 i=B2 p1=02 p2=04 lc=-1 le=0 em=0
2020-11-18 11:39:01 scdaemon[9710] DBG:  raw apdu: 00b2020400
2020-11-18 11:39:01 scdaemon[9710] DBG:  response: sw=9000  datalen=8
2020-11-18 11:39:01 scdaemon[9710] DBG:      dump: 0000000040000081

With scdaemon (GnuPG) 2.2.5 (and libgcrypt 1.8.2, libksba 1.3.5) the above commands give

$ GNUPGHOME=$HOME/.cache/gnupg-stable-home gpg-connect-agent "SCD SERIALNO" /bye      
gpg-connect-agent: no running gpg-agent - starting '/usr/bin/gpg-agent'
gpg-connect-agent: waiting for the agent to come up ... (5s)
gpg-connect-agent: connection to agent established
S SERIALNO 89490173300026616520
OK

$ GNUPGHOME=$HOME/.cache/gnupg-stable-home gpg-connect-agent "SCD LEARN --keypairinfo" /bye        
S KEYPAIRINFO 39400430E38BB96F105B740A7119FE113578B59D NKS-NKS3.4531
S KEYPAIRINFO 42C3CA6F9D7A725A59DDE06B16B61E88C62777C4 NKS-NKS3.45B1
S KEYPAIRINFO 20E7CB1D5299669CABF29B103C692AB34CB03528 NKS-NKS3.45B2
S KEYPAIRINFO A69B0D3796EE33E4426E5CE4B6BEEE5F1209FBA4 NKS-SIGG.4531
OK

Revisions and Commits

rG GnuPG
rGc1c3331cf965 scd:nks: Emit the algo string with KEYPAIRINFO
rG006944b856ee scd,nks: Fix SEGV for learn for older card.

Related Objects
Search...

Event Timeline

ikloecker created this task.Nov 18 2020, 12:07 PM
ikloecker added a comment.Nov 20 2020, 11:21 AM

The following patch fixes the crash:

diff --git a/scd/app-nks.c b/scd/app-nks.c
index 47be7cd85..4d925dccd 100644
--- a/scd/app-nks.c
+++ b/scd/app-nks.c
@@ -871,7 +871,7 @@ do_learn_status_core (app_t app, ctrl_t ctrl, unsigned int flags,
                                 id_buf, strlen (id_buf),
                                 usagebuf, strlen (usagebuf),
                                 "-", (size_t)1,
-                                algostr, strlen (algostr),
+                                algostr, algostr ? strlen (algostr) : (size_t)0,
                                 NULL, (size_t)0);
             }
           xfree (algostr);

The problem occurs for NetKey cards with NKS version 3 because keygripstr_from_pk_file() only sets algostr if app->appversion == 15.

ikloecker added a comment.Nov 20 2020, 11:39 AM

The above workaround may not be necessary because another code path sets the algorithm string as seen in

$ gpg-connect-agent "SCD READKEY --info -- NKS-NKS3.4531" /bye
S KEYPAIRINFO 39400430E38BB96F105B740A7119FE113578B59D NKS-NKS3.4531 - - rsa2048
werner added a project: gnupg (gpg23).Nov 20 2020, 6:31 PM
gniibe claimed this task.Nov 25 2020, 2:37 AM
gniibe triaged this task as Normal priority.
gniibe added a subscriber: gniibe.

Fixed in rG006944b856ee: scd,nks: Fix SEGV for learn for older card..

gniibe changed the task status from Open to Testing.Nov 25 2020, 2:37 AM
gniibe added a project: Restricted Project.
gniibe added a commit: rG006944b856ee: scd,nks: Fix SEGV for learn for older card..Nov 25 2020, 2:38 AM
ikloecker closed this task as Resolved.Nov 30 2020, 10:05 AM

Works now. Thanks.

werner added a commit: rGc1c3331cf965: scd:nks: Emit the algo string with KEYPAIRINFO.Oct 20 2022, 12:23 PM