Re: [Opensc-devel] C_Login returns CKR_GENERAL_ERROR / SCardBeginTransaction failed: 0x8010001d

[Ludovic R. <lud...@gm...>]

2015-05-01 0:10 GMT+02:00 David Woodhouse <dw...@in...>:
> I'm fixing pkcs11-helper to support RFC7512 URIs, but I'm having
> difficulty testing it even before I make any changes.
>
> I'm using a Yubikey NEO.
>
> I'm getting this failure when testing with OpenVPN (which uses
> pkcs11-helper):
>
> Enter PIV_II (PIV Card Holder pin) token Password:
>
> 27: C_Login
> 2015-04-30 22:23:36.592
> [in] hSession = 0x143ffb0
> [in] userType = CKU_USER
> [in] pPin[ulPinLen] 00007ffcd447d0e0 / 4
>     00000000  66 69 73 68                                      fish
> 0x7fa848020800 22:23:36.592 [opensc-pkcs11] pkcs11-session.c:259:C_Login: C_Login(0x143ffb0, 1)
> 0x7fa848020800 22:23:36.592 [opensc-pkcs11] pkcs11-session.c:279:C_Login: C_Login() slot->login_user 4294967295
> 0x7fa848020800 22:23:36.592 [opensc-pkcs11] pkcs11-session.c:288:C_Login: C_Login() userType 1
> 0x7fa848020800 22:23:36.592 [opensc-pkcs11] framework-pkcs15.c:1414:pkcs15_login: pkcs15-login: userType 0x1, PIN length 4
> 0x7fa848020800 22:23:36.592 [opensc-pkcs11] pkcs15-pin.c:293:sc_pkcs15_verify_pin: called
> 0x7fa848020800 22:23:36.592 [opensc-pkcs11] pkcs15-pin.c:294:sc_pkcs15_verify_pin: PIN(type:0;method:1;len:)
> 0x7fa848020800 22:23:36.592 [opensc-pkcs11] card.c:325:sc_lock: called
> 0x7fa848020800 22:23:36.592 [opensc-pkcs11] reader-pcsc.c:517:pcsc_lock: called
> 0x7fa848020800 22:23:36.592 [opensc-pkcs11] reader-pcsc.c:544:pcsc_lock: Yubico Yubikey NEO OTP+CCID 00 00:SCardBeginTransaction failed: 0x8010001d
> 0x7fa848020800 22:23:36.592 [opensc-pkcs11] pkcs15-pin.c:356:sc_pkcs15_verify_pin: sc_lock() failed: -1101 (No readers found)
> 0x7fa848020800 22:23:36.592 [opensc-pkcs11] framework-pkcs15.c:1528:pkcs15_login: PKCS15 verify PIN returned -1101
> 0x7fa848020800 22:23:36.592 [opensc-pkcs11] misc.c:61:sc_to_cryptoki_error_common: libopensc return value: -1101 (No readers found)
> 0x7fa848020800 22:23:36.592 [opensc-pkcs11] pkcs11-session.c:290:C_Login: fLogin() rv 5
> Returned:  5 CKR_GENERAL_ERROR
> Thu Apr 30 22:23:36 2015 PKCS#11: Cannot perform signature 5:'CKR_GENERAL_ERROR'
> Thu Apr 30 22:23:36 2015 OpenSSL: error:14099004:SSL routines:SSL3_SEND_CLIENT_VERIFY:RSA lib
>
> Full output at http://david.woodhou.se/openvpn-failing.txt and pcsc-spy
> log at http://david.woodhou.se/pcsc-spy.txt

from pcsc-spy.txt:
SCardStatus
 i hCard: 0x6FCFAD34
 i pcchReaderLen 0x00000000 (0)
 i pcbAtrLen 0x00000021 (33)
 o cchReaderLen 0x00000000 (0)
 o mszReaderName NULL
 o dwState 0x00000000 (0)
 o dwProtocol 0x00000000 (0)
 o bAtrLen 0x00000000 (0)
 o bAtr
 => RPC transport error. (SCARD_F_COMM_ERROR [0x80100013])  [0.000000097]
SCardGetStatusChange
 i hContext: 0x647ADCA1
 i dwTimeout: 0x00000000 (0)
 i cReaders: 1
 i szReader: Yubico Yubikey NEO OTP+CCID 00 00
 i  dwCurrentState: SCARD_STATE_CHANGED, SCARD_STATE_PRESENT (0x00000022)
 i  dwEventState: SCARD_STATE_CHANGED, SCARD_STATE_PRESENT (0x00000022)
 i  Atr length: 0x00000014 (20)
 i  Atr: 3B FA 13 00 00 81 31 FE 15 59 75 62 69 6B 65 79 4E 45 4F A6
 o szReader: Yubico Yubikey NEO OTP+CCID 00 00
 o  dwCurrentState: SCARD_STATE_CHANGED, SCARD_STATE_PRESENT (0x00000022)
 o  dwEventState: SCARD_STATE_CHANGED, SCARD_STATE_PRESENT (0x00000022)
 o  Atr length: 0x00000014 (20)
 o  Atr: 3B FA 13 00 00 81 31 FE 15 59 75 62 69 6B 65 79 4E 45 4F A6
 => Service not available. (SCARD_E_NO_SERVICE [0x8010001D])  [0.000000046]

It looks like pcscd has crashed and is no more responding.

Can you also generate pcscd log as described in
https://pcsclite.alioth.debian.org/ccid.html#support

Bye

-- 
 Dr. Ludovic Rousseau