Menu
▾
▴
Re: [Opensc-devel] Connecting to a specific USB device
|
From: Mat A. <arg...@gm...> - 2014-05-26 12:30:31
|
Hy! Sorry for bringing that old subject back up. I had to do some other work in between, but now really need a solution, which I haven't found yet. On Wednesday 17. July 2013 13:46:01 Anthony Foiani wrote: > Mat -- > > On Tue, Jul 16, 2013 at 8:30 AM, Mat Arge <arg...@gm...> wrote: > > Hello! > > > > I am tracking the connection of USB tokens via udev and want to do some > > specific stuff with them (pass them through to certain virtual machines). > > For that, I would like to get some token specifics (like the serial > > number or the PKCS#11 label). So what I need is a connection (preferably > > with PKCS#11) to the just inserted token. The problem is, that at the > > udev level where I am, I only know the USB BUS Id, the vendor ID and such > > stuff. Is there some way to get a PKCS#11 or pc/sc connection to the > > correct token? > > A quick look through the pcsc-lite stuff is discouraging; it seems > that a string describing the specific port is indeed stored in the > reader context structure, but there doesn't seem to be any existing > way to get it out. > > See line 213 of: > http://anonscm.debian.org/viewvc/pcsclite/trunk/PCSC/src/readerfactory.c?rev > ision=6668&view=markup > > For lilbusb, that "device" value is ultimately generated around line 516 of: > http://anonscm.debian.org/viewvc/pcsclite/trunk/PCSC/src/hotplug_libusb.c?r > evision=6557&view=markup > > But I don't see any place where that value can be accessed. > > (But I'm certainly not an expert on this; I've just hacked a few > things onto the source as I needed them -- see next point.) > > The cleanest way might be a vendor-specified attribute, but as the > comment at the top of p11_attr.c says: "The number of layers we stack > on top of each other here is frightening." I am considering writing a patch for pcscd, which writes information about the interface used when a connection is created into a structured file. Ludovic, would such a patch we acceptable for upstream? > > > Or the other way round: Is there some way to find out for an existing > > pcsc/pkcs11 connection which hardware address it is leading to? > > It's not exactly what you're looking for, but I did propose a patch to > pcscd that restricted it to a particular USB port: > > http://opensc.1086184.n5.nabble.com/FYI-PATCH-restrict-pcscd-to-a-single-USB > -port-path-td13800.html > > Worst case, your udev script could: > 1. if it looks like a crypto token ... > 2. spawn a pcscd that looks only at that port... > 3. then query that specific pcscd to get label etc... > 4. kill the pcscd... > 5. bind the port to the VM appropriately. > > Not pretty, and not fast (pcscd takes a few seconds to come up even on > my fast hardware, but maybe I just don't know how to strip out > unnecessary bits). > > But it should work. That's interesting, too. As far as I can see, it was never actually merged upstream, was it? cheers Mat |
