Page MenuHome GnuPG

SCM SPR332 smartcard reader support broken
Open, NormalPublic

Description

Since Debian unstable upgraded gnupg from 2.2.20-1 to 2.2.27-1 my smartcard reader -- a SCM SPR332 (which apparently has the same product ID as the SPR532) -- is broken. Specifically:

  • I'm using the reader's keypad to enter my PIN.
  • The first time I need to enter my PIN, everything works fine.
  • Subsequent times result in a verify CHVx failed: Invalid value.

The cause seems to be commit 11d8d1e0505645f7d14bcc1c01d17a566e033705.

I've attached a patch that fixes the problem for me.

Event Timeline

Somewhat related: before the change that resulted in the PIN issue, I already occasionally had to reconnect the reader because gnupg would ask for the card when it was in fact already present.

I'm currently using this patch:

diff
--- gnupg2-2.2.27.orig/scd/ccid-driver.c
+++ gnupg2-2.2.27/scd/ccid-driver.c
@@ -2923,7 +2923,6 @@ ccid_get_atr (ccid_driver_t handle,
       DEBUGOUT_1 ("IFSD has been set to %d\n", tpdu[3]);
     }
 
-  ccid_vendor_specific_setup (handle);
   return 0;
 }
 
@@ -3583,6 +3582,8 @@ ccid_transceive_secure (ccid_driver_t ha
   if (pininfo->fixedlen < 0 || pininfo->fixedlen >= 16)
     return CCID_DRIVER_ERR_NOT_SUPPORTED;
 
+  ccid_vendor_specific_setup (handle);
+
   msg = send_buffer;
   msg[0] = cherry_mode? 0x89 : PC_to_RDR_Secure;
   msg[5] = 0; /* slot */

which also moves the call to libusb_clear_halt() to ccid_transceive_secure() (via ccid_vendor_specific_setup()).
So far -- unlike the previous patch -- this seem to help (but since the issues are infrequent I can't be entirely sure yet).
The only side-effect so far seems to be an occasional Process 1234 (pipe-connection) called USBDEVFS_CLEAR_HALT for active endpoint 0x83 in dmesg.

werner triaged this task as Normal priority.Feb 13 2021, 5:59 PM
werner added a project: scd.

So far -- unlike the previous patch -- this seem to help (but since the issues are infrequent I can't be entirely sure yet).

Unfortunately, it doesn't help. Thus the original patch seems best.

gniibe added a subscriber: gniibe.

Thank you.
Applied both to STABLE-BRANCH-2-2 and master (changing new function name).

Fixed in GnuPG 2.3.1, so, add the tag for GnuPG 2.2.