Incorrect parameters in APDU with Oberthur IAS-ECC card

[DBarthe]

Problem Description

Hello,

I've been trying to make OpenSC works with IAS-ECC card Oberthur dual ID One Cosmo profile A05, but never succeed so far. (this one I guess)

This card model seems to be supported according to the wiki except it is not explicitly mentioned "dual" (with contactless support).

Steps to reproduce

The command opensc-tool --name fails with this error message :

Incorrect parameters in APDU

I'm not familiar with APDU :'-(

Logs

I put the full log here for compactness (sorry it's more than 10 lines...).

C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool --name
P:3452; T:8240 2020-06-08 21:51:10.449 [opensc-tool] ===================================
P:3452; T:8240 2020-06-08 21:51:10.451 [opensc-tool] opensc version: 0.20.0-0.20.0
P:3452; T:8240 2020-06-08 21:51:10.453 [opensc-tool] PC/SC options: connect_exclusive=0 disconnect_action=0 transaction_end_action=0 reconnect_action=0 enable_pinpad=1 enable_pace=1
P:3452; T:8240 2020-06-08 21:51:10.455 [opensc-tool] reader-pcsc.c:1347:pcsc_detect_readers: called
P:3452; T:8240 2020-06-08 21:51:10.456 [opensc-tool] Probing PC/SC readers
P:3452; T:8240 2020-06-08 21:51:10.457 [opensc-tool] Establish PC/SC context
P:3452; T:8240 2020-06-08 21:51:10.461 [opensc-tool] Adding new PC/SC reader 'OMNIKEY AG Smart Card Reader USB 0'
P:3452; T:8240 2020-06-08 21:51:10.462 [opensc-tool] OMNIKEY AG Smart Card Reader USB 0 check
P:3452; T:8240 2020-06-08 21:51:10.463 [opensc-tool] current  state: 0x00190022
P:3452; T:8240 2020-06-08 21:51:10.464 [opensc-tool] previous state: 0x00000000
P:3452; T:8240 2020-06-08 21:51:10.465 [opensc-tool] card present, changed
P:3452; T:8240 2020-06-08 21:51:10.467 [opensc-tool] OMNIKEY AG Smart Card Reader USB 0:SCardConnect(SHARED): 0x00000000
P:3452; T:8240 2020-06-08 21:51:10.468 [opensc-tool] reader-pcsc.c:1114:detect_reader_features: called
P:3452; T:8240 2020-06-08 21:51:10.470 [opensc-tool] Requesting reader features ...
P:3452; T:8240 2020-06-08 21:51:10.472 [opensc-tool] reader-pcsc.c:1515:pcsc_detect_readers: returning with: 0 (Success)
P:3452; T:8240 2020-06-08 21:51:10.475 [opensc-tool] sc.c:315:sc_detect_card_presence: called
P:3452; T:8240 2020-06-08 21:51:10.475 [opensc-tool] reader-pcsc.c:445:pcsc_detect_card_presence: called
P:3452; T:8240 2020-06-08 21:51:10.476 [opensc-tool] OMNIKEY AG Smart Card Reader USB 0 check
P:3452; T:8240 2020-06-08 21:51:10.478 [opensc-tool] reader-pcsc.c:358:refresh_attributes: returning with: 0 (Success)
P:3452; T:8240 2020-06-08 21:51:10.480 [opensc-tool] reader-pcsc.c:450:pcsc_detect_card_presence: returning with: 1
P:3452; T:8240 2020-06-08 21:51:10.481 [opensc-tool] sc.c:320:sc_detect_card_presence: returning with: 1
Using reader with a card: OMNIKEY AG Smart Card Reader USB 0
P:3452; T:8240 2020-06-08 21:51:10.485 [opensc-tool] sc.c:315:sc_detect_card_presence: called
P:3452; T:8240 2020-06-08 21:51:10.486 [opensc-tool] reader-pcsc.c:445:pcsc_detect_card_presence: called
P:3452; T:8240 2020-06-08 21:51:10.487 [opensc-tool] OMNIKEY AG Smart Card Reader USB 0 check
P:3452; T:8240 2020-06-08 21:51:10.490 [opensc-tool] reader-pcsc.c:358:refresh_attributes: returning with: 0 (Success)
P:3452; T:8240 2020-06-08 21:51:10.491 [opensc-tool] reader-pcsc.c:450:pcsc_detect_card_presence: returning with: 1
P:3452; T:8240 2020-06-08 21:51:10.492 [opensc-tool] sc.c:320:sc_detect_card_presence: returning with: 1
P:3452; T:8240 2020-06-08 21:51:10.493 [opensc-tool] card.c:254:sc_connect_card: called
P:3452; T:8240 2020-06-08 21:51:10.494 [opensc-tool] reader-pcsc.c:578:pcsc_connect: called
P:3452; T:8240 2020-06-08 21:51:10.495 [opensc-tool] OMNIKEY AG Smart Card Reader USB 0 check
P:3452; T:8240 2020-06-08 21:51:10.496 [opensc-tool] reader-pcsc.c:358:refresh_attributes: returning with: 0 (Success)
P:3452; T:8240 2020-06-08 21:51:10.497 [opensc-tool] Initial protocol: T=0
P:3452; T:8240 2020-06-08 21:51:10.500 [opensc-tool] matching configured ATRs
P:3452; T:8240 2020-06-08 21:51:10.501 [opensc-tool] matching built-in ATRs
P:3452; T:8240 2020-06-08 21:51:10.502 [opensc-tool] trying driver 'cardos'
P:3452; T:8240 2020-06-08 21:51:10.502 [opensc-tool] trying driver 'flex'
P:3452; T:8240 2020-06-08 21:51:10.503 [opensc-tool] trying driver 'cyberflex'
P:3452; T:8240 2020-06-08 21:51:10.504 [opensc-tool] trying driver 'gpk'
P:3452; T:8240 2020-06-08 21:51:10.506 [opensc-tool] trying driver 'gemsafeV1'
P:3452; T:8240 2020-06-08 21:51:10.506 [opensc-tool] trying driver 'asepcos'
P:3452; T:8240 2020-06-08 21:51:10.508 [opensc-tool] trying driver 'starcos'
P:3452; T:8240 2020-06-08 21:51:10.510 [opensc-tool] trying driver 'tcos'
P:3452; T:8240 2020-06-08 21:51:10.510 [opensc-tool] trying driver 'oberthur'
P:3452; T:8240 2020-06-08 21:51:10.511 [opensc-tool] trying driver 'authentic'
P:3452; T:8240 2020-06-08 21:51:10.512 [opensc-tool] card-authentic.c:416:authentic_match_card:
try to match card with ATR (20 bytes):
3B 7F 96 00 00 00 31 B8 64 40 70 14 10 73 94 01 ;[email protected]..
80 82 90 00                                     ....
P:3452; T:8240 2020-06-08 21:51:10.514 [opensc-tool] card not matched
P:3452; T:8240 2020-06-08 21:51:10.514 [opensc-tool] trying driver 'iasecc'
P:3452; T:8240 2020-06-08 21:51:10.515 [opensc-tool] 'IAS/ECC Gemalto' card matched
P:3452; T:8240 2020-06-08 21:51:10.518 [opensc-tool] matched: IAS-ECC
P:3452; T:8240 2020-06-08 21:51:10.520 [opensc-tool] card-iasecc.c:584:iasecc_init: called
P:3452; T:8240 2020-06-08 21:51:10.520 [opensc-tool] card-iasecc.c:410:iasecc_init_gemalto: called
P:3452; T:8240 2020-06-08 21:51:10.521 [opensc-tool] called; type=2, path=3f00
P:3452; T:8240 2020-06-08 21:51:10.523 [opensc-tool] card-iasecc.c:820:iasecc_select_file: called
P:3452; T:8240 2020-06-08 21:51:10.523 [opensc-tool] iasecc_select_file(card:000001CA27A273F0) path.len 2; path.type 2; aid_len 0
P:3452; T:8240 2020-06-08 21:51:10.524 [opensc-tool] iasecc_select_file() path:3f00
P:3452; T:8240 2020-06-08 21:51:10.526 [opensc-tool] card cache invalid
P:3452; T:8240 2020-06-08 21:51:10.526 [opensc-tool] EF.ATR(aid:'')
P:3452; T:8240 2020-06-08 21:51:10.528 [opensc-tool] card-iasecc.c:241:iasecc_select_mf: called
P:3452; T:8240 2020-06-08 21:51:10.530 [opensc-tool] apdu.c:546:sc_transmit_apdu: called
P:3452; T:8240 2020-06-08 21:51:10.530 [opensc-tool] card.c:473:sc_lock: called
P:3452; T:8240 2020-06-08 21:51:10.531 [opensc-tool] reader-pcsc.c:657:pcsc_lock: called
P:3452; T:8240 2020-06-08 21:51:10.533 [opensc-tool] card.c:513:sc_lock: returning with: 0 (Success)
P:3452; T:8240 2020-06-08 21:51:10.534 [opensc-tool] apdu.c:513:sc_transmit: called
P:3452; T:8240 2020-06-08 21:51:10.536 [opensc-tool] apdu.c:363:sc_single_transmit: called
P:3452; T:8240 2020-06-08 21:51:10.537 [opensc-tool] CLA:0, INS:A4, P1:0, P2:0, data(2) 000000A964BCEA30
P:3452; T:8240 2020-06-08 21:51:10.538 [opensc-tool] reader 'OMNIKEY AG Smart Card Reader USB 0'
P:3452; T:8240 2020-06-08 21:51:10.540 [opensc-tool] reader-pcsc.c:298:pcsc_transmit:
Outgoing APDU (7 bytes):
00 A4 00 00 02 3F 00 .....?.
P:3452; T:8240 2020-06-08 21:51:10.541 [opensc-tool] reader-pcsc.c:216:pcsc_internal_transmit: called
P:3452; T:8240 2020-06-08 21:51:10.553 [opensc-tool] reader-pcsc.c:307:pcsc_transmit:
Incoming APDU (2 bytes):
6A 86 j.
P:3452; T:8240 2020-06-08 21:51:10.555 [opensc-tool] apdu.c:382:sc_single_transmit: returning with: 0 (Success)
P:3452; T:8240 2020-06-08 21:51:10.557 [opensc-tool] apdu.c:535:sc_transmit: returning with: 0 (Success)
P:3452; T:8240 2020-06-08 21:51:10.558 [opensc-tool] card.c:523:sc_unlock: called
P:3452; T:8240 2020-06-08 21:51:10.559 [opensc-tool] reader-pcsc.c:709:pcsc_unlock: called
P:3452; T:8240 2020-06-08 21:51:10.560 [opensc-tool] Incorrect parameters P1-P2
P:3452; T:8240 2020-06-08 21:51:10.561 [opensc-tool] card-iasecc.c:268:iasecc_select_mf: Cannot select MF: -1205 (Incorrect parameters in APDU)
P:3452; T:8240 2020-06-08 21:51:10.563 [opensc-tool] card-iasecc.c:837:iasecc_select_file: MF selection error: -1205 (Incorrect parameters in APDU)
P:3452; T:8240 2020-06-08 21:51:10.564 [opensc-tool] card.c:839:sc_select_file: 'SELECT' error: -1205 (Incorrect parameters in APDU)
P:3452; T:8240 2020-06-08 21:51:10.567 [opensc-tool] Warning, MF select failed
P:3452; T:8240 2020-06-08 21:51:10.567 [opensc-tool] card-iasecc.c:362:iasecc_parse_ef_atr: called
P:3452; T:8240 2020-06-08 21:51:10.569 [opensc-tool] ef-atr.c:147:sc_parse_ef_atr: called
P:3452; T:8240 2020-06-08 21:51:10.571 [opensc-tool] called; type=2, path=3f002f01
P:3452; T:8240 2020-06-08 21:51:10.572 [opensc-tool] card-iasecc.c:820:iasecc_select_file: called
P:3452; T:8240 2020-06-08 21:51:10.574 [opensc-tool] iasecc_select_file(card:000001CA27A273F0) path.len 4; path.type 2; aid_len 0
P:3452; T:8240 2020-06-08 21:51:10.574 [opensc-tool] iasecc_select_file() path:3f002f01
P:3452; T:8240 2020-06-08 21:51:10.576 [opensc-tool] card cache invalid
P:3452; T:8240 2020-06-08 21:51:10.577 [opensc-tool] EF.ATR(aid:'')
P:3452; T:8240 2020-06-08 21:51:10.579 [opensc-tool] card-iasecc.c:241:iasecc_select_mf: called
P:3452; T:8240 2020-06-08 21:51:10.580 [opensc-tool] apdu.c:546:sc_transmit_apdu: called
P:3452; T:8240 2020-06-08 21:51:10.581 [opensc-tool] card.c:473:sc_lock: called
P:3452; T:8240 2020-06-08 21:51:10.582 [opensc-tool] reader-pcsc.c:657:pcsc_lock: called
P:3452; T:8240 2020-06-08 21:51:10.583 [opensc-tool] card.c:513:sc_lock: returning with: 0 (Success)
P:3452; T:8240 2020-06-08 21:51:10.586 [opensc-tool] apdu.c:513:sc_transmit: called
P:3452; T:8240 2020-06-08 21:51:10.587 [opensc-tool] apdu.c:363:sc_single_transmit: called
P:3452; T:8240 2020-06-08 21:51:10.589 [opensc-tool] CLA:0, INS:A4, P1:0, P2:0, data(2) 000000A964BCE8E0
P:3452; T:8240 2020-06-08 21:51:10.590 [opensc-tool] reader 'OMNIKEY AG Smart Card Reader USB 0'
P:3452; T:8240 2020-06-08 21:51:10.591 [opensc-tool] reader-pcsc.c:298:pcsc_transmit:
Outgoing APDU (7 bytes):
00 A4 00 00 02 3F 00 .....?.
P:3452; T:8240 2020-06-08 21:51:10.592 [opensc-tool] reader-pcsc.c:216:pcsc_internal_transmit: called
P:3452; T:8240 2020-06-08 21:51:10.605 [opensc-tool] reader-pcsc.c:307:pcsc_transmit:
Incoming APDU (2 bytes):
6A 86 j.
P:3452; T:8240 2020-06-08 21:51:10.606 [opensc-tool] apdu.c:382:sc_single_transmit: returning with: 0 (Success)
P:3452; T:8240 2020-06-08 21:51:10.607 [opensc-tool] apdu.c:535:sc_transmit: returning with: 0 (Success)
P:3452; T:8240 2020-06-08 21:51:10.608 [opensc-tool] card.c:523:sc_unlock: called
P:3452; T:8240 2020-06-08 21:51:10.609 [opensc-tool] reader-pcsc.c:709:pcsc_unlock: called
P:3452; T:8240 2020-06-08 21:51:10.610 [opensc-tool] Incorrect parameters P1-P2
P:3452; T:8240 2020-06-08 21:51:10.611 [opensc-tool] card-iasecc.c:268:iasecc_select_mf: Cannot select MF: -1205 (Incorrect parameters in APDU)
P:3452; T:8240 2020-06-08 21:51:10.612 [opensc-tool] card-iasecc.c:837:iasecc_select_file: MF selection error: -1205 (Incorrect parameters in APDU)
P:3452; T:8240 2020-06-08 21:51:10.613 [opensc-tool] card.c:839:sc_select_file: 'SELECT' error: -1205 (Incorrect parameters in APDU)
P:3452; T:8240 2020-06-08 21:51:10.616 [opensc-tool] ef-atr.c:151:sc_parse_ef_atr: Cannot select EF(ATR) file: -1205 (Incorrect parameters in APDU)
P:3452; T:8240 2020-06-08 21:51:10.617 [opensc-tool] card-iasecc.c:364:iasecc_parse_ef_atr: MF selection error: -1205 (Incorrect parameters in APDU)
P:3452; T:8240 2020-06-08 21:51:10.619 [opensc-tool] rv -1205
P:3452; T:8240 2020-06-08 21:51:10.619 [opensc-tool] rv -1205
P:3452; T:8240 2020-06-08 21:51:10.620 [opensc-tool] card-iasecc.c:436:iasecc_init_gemalto: Cannot read/parse EF.ATR: -1205 (Incorrect parameters in APDU)
P:3452; T:8240 2020-06-08 21:51:10.622 [opensc-tool] card-iasecc.c:631:iasecc_init: returning with: -1205 (Incorrect parameters in APDU)
P:3452; T:8240 2020-06-08 21:51:10.623 [opensc-tool] driver 'IAS-ECC' init() failed: Incorrect parameters in APDU
P:3452; T:8240 2020-06-08 21:51:10.624 [opensc-tool] OMNIKEY AG Smart Card Reader USB 0:SCardDisconnect returned: 0x00000000
P:3452; T:8240 2020-06-08 21:51:10.626 [opensc-tool] card.c:403:sc_connect_card: returning with: -1205 (Incorrect parameters in APDU)
Failed to connect to card: Incorrect parameters in APDU
P:3452; T:8240 2020-06-08 21:51:10.630 [opensc-tool] ctx.c:927:sc_release_context: called
P:3452; T:8240 2020-06-08 21:51:10.631 [opensc-tool] reader-pcsc.c:946:pcsc_finish: called

Extra information

I've also got different issues with this same card using other middleware.

With ANTS v2.x, the middleware would hang while listing slots.

With ANTS v3.2 the middleware would login and read the card with success but would fail when writing any object (typically CKR_DEVICE_ERROR).

With AWP 4.4 (an unofficial version found on the net), it would fail when writing any object saying the user is not logged in, except it is.

I've been using the same piece of software with other cards and it worked like charm.

Is there anyone experimented with smart card that could help me figure out something ? :)

[Jakuje]

I find this part suspicious:

P:3452; T:8240 2020-06-08 21:51:10.515 [opensc-tool] 'IAS/ECC Gemalto' card matched

You say your card is oberthur, but Gemalto version is matched for some reason. From there on, the errors could be expected it looks like wrong card is assumed.

But I did not check the code nor I have this card so I can not debug it myself. But I hope it could let you move forward.

[DBarthe]

thanks @Jakuje, I'm gonna look this direction :)

[DBarthe]

Hello @Jakuje,

I just found where it came from based on your advice...

The ATR of the card is : 3b:7f:96:00:00:00:31:b8:64:40:70:14:10:73:94:01:80:82:90:00 which corresponds to what OpenSC maps to IAS/ECC Gemalto in card-iasecc.c :

static const struct sc_atr_table iasecc_known_atrs[] = {
	{ "3B:7F:96:00:00:00:31:B8:64:40:70:14:10:73:94:01:80:82:90:00",
	  "FF:FF:FF:FF:FF:FF:FF:FE:FF:FF:00:00:FF:FF:FF:FF:FF:FF:FF:FF",
		"IAS/ECC Gemalto", SC_CARD_TYPE_IASECC_GEMALTO,  0, NULL },
...

Moreover, I also have in my possession a true Gemalto IAS/ECC card: it has the same ATR and is recognized by OpenSC without any problem.

Two extra questions if you have any clue :

• Do you think two cards from different vendors could have the same ATR? (for instance for interoperability if the two models are supposed to work the same way ?)
• Is it possible the card vendor did a mistake during the pre-personalisation process ?

[dengert]

The way I read that ATR match rule, it will match any ATR of the same length with 70 14 in the 11 and 12 bytes. That in not specific enough and can easily falsely match other cards too.

Cards these days can be loaded with various applets, without changing the ATR. Just checking for an ATR is not good enough, the present of the applet needs to be checked too.

Oberthur cards are also used for CAC and PIV cards too. It sounds like the "IAS/ECC Gemalto" driver need to do a better job in identifying its applet. It should be checking for an AID as part of the match as many other drivers do.

You can also change the order of the drivers to avoid

[dengert]

driver 'IAS-ECC' init() failed: Incorrect parameters in APDU A driver's init() routine, if it fails should also assume that its the wrong driver for the card, and return SC_ERROR_INVALID_CARD so card.c will try other drivers.

[DBarthe]

Hi @dengert,

If my understanding is good, I have to force the use of "IAS/ECC Oberthur" driver.
I will try to update card-iasecc.c and recompile because I don't see any configuration properties.

[dengert]

My thinking, is you got a "Oberthur dual ID One Cosmo" card" and are assuming it already has an ISA/ECC applet on the card for some reason.

Where did you get the card?
Does it have any words on the card that says it is IAS/ECC?
Is it a new version of an IAS/ECC card maybe?
Maybe it is not personalized yet.
Did any documentation with the card?

If it does not say IAS/ECC then maybe is is just an Oberthur dual ID One Cosmo with no special applet on it yet.

Google for: Oberthur dual ID One Cosmo profile "A05"
see if that helps. It shows this card is used by more then IAS/ECC

[DBarthe]

Thanks @dengert, it was a mistake, the card model that was provided to me was wrong. So this card is effectively a Gemalto one but seems not to be working with OpenSC. The provider tells me it supports middleware ANTS IAS-ECC v2 only. So sad.

[DBarthe]

I'll try to figure out why this card is not working properly with the vendor and I'll post anything new here. Feel free to close the issue if you think the problem is not OpenSC side.

[DBarthe]

Hello here :)

I have some news from the vendor. This card is effectively Oberthur IAS-ECC but has the same ATR as Gemalto IAS-ECC card, and this is normal...

Below is a screenshot of the same card loaded with IDopte middleware (in french)

Digging deeper into IAS-ECC middleware/card compatibility, I'm starting to think that the interoperability of IAS-ECC is something very theoretical. For instance, Gemalto IAS-ECC cards work well with ANTS middleware v2 et v3 (Gemalto actually wrote the middleware for the french agency ANTS), while Oberthur IAS-ECC works partially and only with ANTS middleware v2.

Oberthur IAS-ECC should then work well with Oberthur middleware AWP... but I can't get a proper copy of it.

However, I know very little about the internals of smart cards.

[misterzed88]

I am prepared to investigate this, but in order to do that a test card is needed. Are there any test cards available for order? (Paying is not a problem).

[DOKoenegras]

Hi all, are there any updates on this issue? I'm having the same problem with a belgian eID card v1.8 which seems the same card.