SCM SCL3711 reader seems to be incapable of handling long messages

[StarGate01]

The SCM SCL3711 USB NFC reader is generally supported well by this software (although it is not listed as compatible), its manufacturer Identiv offers a proprietary driver for integration with pcsc-lite.

When testing this device with a Yubikey 5 NFC and also a Fidesmo card 2.0 - using their respective OTP feature - in combination with the Yubikey Authentication app, I noticed a problem. Although everything works in principle (the Yubikey is recognized and able to function via NFC, and so is the card), there appears to be a limit to the OTP entries that can be read / transmitted. This limit does not exist when using the very same hardware on Android or Windows (even the same reader there).

My suspicions of the SCL3711 not playing nicely with "long messages" (or some other feature I don't know about) is further confirmed by the incapability of gpg --card-edit to access the PGP functionality of the Yubikey.

I then tested another reader, a SCL011 (again, with a proprietary driver by Identiv), which is marked as "should work" at https://ccid.apdu.fr/ccid/section.html. And it does indeed work, being able to read all the OTP entries off my Yubikey as well as enabling gpg to interface the PGP applet.

For more information and detailed logs, see my (obsolete) issue on the Yubikey Authentificator repo: Yubico/yubioath-flutter#727

Do you think this limitation stems from the hardware itself and its driver or could this be fixed in pcsc-lite? Thanks for any help.

[LudovicRousseau]

Please follow https://pcsclite.apdu.fr/#support

[StarGate01]

Oh sorry, here is the missing information.

Versions:

• Smart card reader driver: "SCL3711 Contactless USB Smart Card Reader Linux Driver" version 2.18 by Identiv Inc. (https://support.identiv.com/scl3711/)
• pcsc-lite version: 1.9.1

pcsc-lite version 1.9.1.
Copyright (C) 1999-2002 by David Corcoran <[email protected]>.
Copyright (C) 2001-2018 by Ludovic Rousseau <[email protected]>.
Copyright (C) 2003-2004 by Damien Sauveron <[email protected]>.
Report bugs to <[email protected]>.
Enabled features: Linux x86_64-pc-linux-gnu libsystemd serial usb libudev usbdropdir=/usr/lib/pcsc/drivers ipcdir=/run/pcscd filter configdir=/etc/reader.conf.d

Platform:

• Operating system: Linux 5.4.124-1-MANJARO
• Smart card middleware name and version: Yubikey 5 NFC firmware, Fidesmo OTP cardlet, Fidesmo PGP cardlet
• Smart card reader manufacturer name and reader model name: SCM / Identiv SCL3711
• Smart card name: Yubikey 5 NFC, Fidesmo card 2.0

Log:

• Log of Yubikey 5 NFC with many OTP entries not working with SCL3711:
  log_yubikey_notworking.txt

• For comparison, log of Yubikey 5 NFC with many OTP entries working with different reader (SCM SCL011)
  log_yubikey_working.txt

• Log of Fidesmo card 2.0 with one OTP entry working with SCL3711:
  log_fidesmo_working.txt

• Log of Yubikey 5 NFC PGP not working with SCL3711:
  log_yubikey_pgp_notworking.txt

For me personally this issue is now of low priority because I found a different, working reader. So proceed as you like.

[LudovicRousseau]

In the log log_yubikey_pgp_notworking.txt I do not find any error at the PCSC level. Maybe it is a problem with PGP.

In log_yubikey_notworking.txt you have:

00000005 [140154871965248] winscard.c:1595:SCardTransmit() Send Protocol: T=1
00000008 [140154871965248] APDU: 00 A4 04 00 07 A0 00 00 05 27 21 01 
00000022 [140154871965248] SW: 
00000005 [140154871965248] ifdwrapper.c:543:IFDTransmit() Card not transacted: 612
00000004 [140154871965248] winscard.c:1620:SCardTransmit() Card not transacted: 0x80100016

An exchange fails and I have no idea why.
I don't think i can do anything at the PCSC level.

You should report the problem to SCM since you are using the SCM driver.

[StarGate01]

Alright, thank you for your investigation! I'll see if I manage to contact the driver manufacturer.
As this does not appear to be a problem with pcsc-lite, I'll close this issue.