IDPrime 940: Failed to connect to card: Invalid arguments

[dannydotpoint]

On a freshly initialized IDPrime 940 I'm seeing:

$ pkcs15-tool -D
Using reader with a card: Alcor Micro AU9540 00 00
Failed to connect to card: Invalid arguments

The problem occurs on opensc 0.24.0-rc1. On previous versions (opensc 0.22 and 0.23) I used to see:

$  pkcs15-tool -D
Using reader with a card: Alcor Micro AU9540 00 00
PKCS#15 Card [My Token                       ]:
	Version        : 0
	Serial number  : a7c000cbf5a83879a7c000cbf5a83879
	Manufacturer ID: Gemalto
	Flags          : 


PIN [PIN]
	Object Flags   : [0x01], private
	ID             : 11
	Flags          : [0x30], initialized, needs-padding
	Length         : min_len:4, max_len:16, stored_len:16
	Pad char       : 0x00
	Reference      : 17 (0x11)
	Type           : ascii-numeric

In debug mode the issue appears to originate in card-idprime.c:

P:378900; T:0x139805394267008 17:48:35.178 [pkcs15-tool] card-idprime.c:581:idprime_init: Index file found
P:378900; T:0x139805394267008 17:48:35.178 [pkcs15-tool] card-idprime.c:385:idprime_process_index: called
P:378900; T:0x139805394267008 17:48:35.179 [pkcs15-tool] card-idprime.c:388:idprime_process_index: returning with: -1300 (Invalid arguments)
P:378900; T:0x139805394267008 17:48:35.179 [pkcs15-tool] card-idprime.c:586:idprime_init: returning with: -1300 (Invalid arguments)
P:378900; T:0x139805394267008 17:48:35.180 [pkcs15-tool] card.c:360:sc_connect_card: driver 'Gemalto IDPrime' init() failed: Invalid arguments
P:378900; T:0x139805394267008 17:48:35.181 [pkcs15-tool] reader-pcsc.c:675:pcsc_disconnect: Alcor Micro AU9540 00 00:SCardDisconnect returned: 0x00000000
P:378900; T:0x139805394267008 17:48:35.181 [pkcs15-tool] card.c:403:sc_connect_card: returning with: -1300 (Invalid arguments)
Failed to connect to card: Invalid arguments

Once I put objects on the card things work better. It's just when the card contains only the PIN the various opensc tools fail. Even "opensc-tool --list-algorithms" fails with the same error.

[Jakuje]

Thank you for the report!

It sounds tricky to support some reasonable reporting on empty cards and to detect them from invalid ones. The problem seems to be the following condition:

https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/card-idprime.c#L387

Can you try to remove that condition to see if it will work for you?

--- a/src/libopensc/card-idprime.c
+++ b/src/libopensc/card-idprime.c
@@ -384,10 +384,6 @@ static int idprime_process_index(sc_card_t *card, idprime_private_data_t *priv,
 
 	SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
 
-	if (card->type == SC_CARD_TYPE_IDPRIME_940 && list_empty(&priv->keyrefmap)) {
-		LOG_FUNC_RETURN(card->ctx, SC_ERROR_INVALID_ARGUMENTS);
-	}
-
 	buf = malloc(length);
 	if (buf == NULL) {
 		goto done;

[dannydotpoint]

Thanks very much for feedback.

Yes, that works for me. It even shows the second PIN and some more details now:

$ pkcs15-tool -D
Using reader with a card: Alcor Micro AU9540 00 00
PKCS#15 Card [My Token                       ]:
	Version        : 0
	Serial number  : a7c000cbf5a83879a7c000cbf5a83879
	Manufacturer ID: Gemalto
	Flags          : 


PIN [PIN]
	Object Flags   : [0x01], private
	ID             : 11
	Flags          : [0x30], initialized, needs-padding
	Length         : min_len:4, max_len:16, stored_len:16
	Pad char       : 0x00
	Reference      : 17 (0x11)
	Type           : ascii-numeric
	Tries left     : 5

PIN [PIN]
	Object Flags   : [0x01], private
	ID             : 83
	Flags          : [0x30], initialized, needs-padding
	Length         : min_len:4, max_len:16, stored_len:16
	Pad char       : 0x00
	Reference      : 131 (0x83)
	Type           : ascii-numeric
	Tries left     : 3

$ opensc-tool -n
Using reader with a card: Alcor Micro AU9540 00 00
Gemalto IDPrime 940

The second PIN I suppose refers to the "Signature PIN", which is standard on these cards.

[Jakuje]

Correct. The label should be "Signature PIN" indeed, but this was a small overlook. Both fixed in #2878