[Bug 1972753] Re: opensc-pkcs11 failing epass2003_pin_cmd after 22.04 upgrade

John Stile 1972753 at bugs.launchpad.net
Tue May 10 06:10:38 UTC 2022 

Tried again this way, and It rejected the pin

pkcs11-tool -lt --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so

Using slot 0 with a present token (0x0)
Logging in to "ePass2003 (User PIN)".
Please enter User PIN: 
C_SeedRandom() and C_GenerateRandom():
  seeding (C_SeedRandom) not supported
  seems to be OK
Digests:
  all 4 digest functions seem to work
  MD5: OK
  SHA-1: OK
error: PKCS11 function C_DigestInit failed: rv = CKR_GENERAL_ERROR (0x5)
Aborting.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubuntu-release-upgrader in
Ubuntu.
https://bugs.launchpad.net/bugs/1972753

Title:
  opensc-pkcs11 failing epass2003_pin_cmd after 22.04 upgrade

Status in ubuntu-release-upgrader package in Ubuntu:
  New

Bug description:
  After upgrading from Ubuntu 21.10 to 22.04 my fob stopped working. 
    SSH does not ask for the pin
    When I test the fob with a pin it is rejected. 

  I can list the device fine
    /usr/bin/pkcs11-tool --module=/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -L

  This asks for the pin, but rejected it (I know the pin works on
  another system with this card)

  pkcs11-tool --test --login

        Using slot 0 with a present token (0x0)
        Logging in to "ePass2003 (User PIN)".
        Please enter User PIN:
        C_SeedRandom() and C_GenerateRandom():
          seeding (C_SeedRandom) not supported
          seems to be OK
        Digests:
          all 4 digest functions seem to work
          MD5: OK
          SHA-1: OK
        error: PKCS11 function C_DigestInit failed: rv = CKR_GENERAL_ERROR (0x5)
        Aborting.

  I increased the debug level, and this is a short snip when it falls
  down

  P:109719; T:0x140094939842560 18:26:35.870 [opensc-pkcs11] slot.c:470:slot_get_token: Slot(id=0x0): get token
  P:109719; T:0x140094939842560 18:26:35.870 [opensc-pkcs11] slot.c:488:slot_get_token: Slot-get-token returns OK
  P:109719; T:0x140094939842560 18:26:35.870 [opensc-pkcs11] pkcs11-session.c:94:C_OpenSession: C_OpenSession handle: 0x5562ed88a340
  P:109719; T:0x140094939842560 18:26:35.870 [opensc-pkcs11] pkcs11-session.c:97:C_OpenSession: C_OpenSession() = CKR_OK
  P:109719; T:0x140094939842560 18:26:35.870 [opensc-pkcs11] framework-pkcs15.c:552:C_GetTokenInfo: C_GetTokenInfo(0)
  P:109719; T:0x140094939842560 18:26:35.870 [opensc-pkcs11] slot.c:470:slot_get_token: Slot(id=0x0): get token
  P:109719; T:0x140094939842560 18:26:35.870 [opensc-pkcs11] slot.c:488:slot_get_token: Slot-get-token returns OK
  P:109719; T:0x140094939842560 18:26:35.870 [opensc-pkcs11] framework-pkcs15.c:589:C_GetTokenInfo: C_GetTokenInfo() auth. object 0x5562ed887060, token-info flags 0x40D
  P:109719; T:0x140094939842560 18:26:35.871 [opensc-pkcs11] pkcs15-pin.c:707:sc_pkcs15_get_pin_info: called
  P:109719; T:0x140094939842560 18:26:35.871 [opensc-pkcs11] card.c:473:sc_lock: called
  P:109719; T:0x140094939842560 18:26:35.871 [opensc-pkcs11] reader-pcsc.c:685:pcsc_lock: called
  P:109719; T:0x140094939842560 18:26:35.871 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success)
  P:109719; T:0x140094939842560 18:26:35.871 [opensc-pkcs11] card.c:844:sc_select_file: called; type=2, path=3f005015
  P:109719; T:0x140094939842560 18:26:35.871 [opensc-pkcs11] card-epass2003.c:1552:epass2003_select_file: called
  P:109719; T:0x140094939842560 18:26:35.871 [opensc-pkcs11] card-epass2003.c:1558:epass2003_select_file: current path (path, valid): 3f005015 (len: 4)
  P:109719; T:0x140094939842560 18:26:35.871 [opensc-pkcs11] card-epass2003.c:1514:epass2003_select_path: cache hit
  P:109719; T:0x140094939842560 18:26:35.871 [opensc-pkcs11] card.c:879:sc_select_file: returning with: 0 (Success)
  P:109719; T:0x140094939842560 18:26:35.871 [opensc-pkcs11] sec.c:200:sc_pin_cmd: called
  P:109719; T:0x140094939842560 18:26:35.871 [opensc-pkcs11] card-epass2003.c:2769:epass2003_pin_cmd: called
  P:109719; T:0x140094939842560 18:26:35.871 [opensc-pkcs11] card-epass2003.c:2777:epass2003_pin_cmd: returning with: -1214 (PIN code or key incorrect)
  P:109719; T:0x140094939842560 18:26:35.871 [opensc-pkcs11] sec.c:256:sc_pin_cmd: returning with: -1214 (PIN code or key incorrect)
  P:109719; T:0x140094939842560 18:26:35.871 [opensc-pkcs11] card.c:523:sc_unlock: called
  P:109719; T:0x140094939842560 18:26:35.871 [opensc-pkcs11] reader-pcsc.c:737:pcsc_unlock: called
  P:109719; T:0x140094939842560 18:26:35.871 [opensc-pkcs11] pkcs15-pin.c:742:sc_pkcs15_get_pin_info: returning with: -1214 (PIN code or key incorrect)
  P:109719; T:0x140094939842560 18:26:35.871 [opensc-pkcs11] framework-pkcs15.c:609:C_GetTokenInfo: C_GetTokenInfo(0) returns CKR_OK
  P:109719; T:0x140094939842560 18:26:40.130 [opensc-pkcs11] pkcs11-session.c:341:C_Login: C_Login(0x5562ed88a340, 1)
  P:109719; T:0x140094939842560 18:26:40.130 [opensc-pkcs11] pkcs11-session.c:363:C_Login: C_Login() slot->login_user -1
  P:109719; T:0x140094939842560 18:26:40.130 [opensc-pkcs11] pkcs11-session.c:374:C_Login: C_Login() userType 1
  P:109719; T:0x140094939842560 18:26:40.130 [opensc-pkcs11] framework-pkcs15.c:1708:pkcs15_login: pkcs15-login: userType 0x1, PIN length 6

  This fob works on a mac with the same pin.

  When I ssh, I see the fob led blink, but it am not prompted for the
  pin.

  ~/.ssh/config

  Host foo.org
    PKCS11Provider /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
    AddressFamily inet

  pkcs11-tool --show-info

        Cryptoki version 3.0
        Manufacturer     OpenSC Project
        Library          OpenSC smartcard framework (ver 0.22)
        Using slot 0 with a present token (0x0)

  /usr/sbin/pcscd --version
  pcsc-lite version 1.9.5.
  Copyright (C) 1999-2002 by David Corcoran <corcoran at musclecard.com>.
  Copyright (C) 2001-2018 by Ludovic Rousseau <ludovic.rousseau at free.fr>.
  Copyright (C) 2003-2004 by Damien Sauveron <sauveron at labri.fr>.
  Report bugs to <pcsclite-muscle at lists.infradead.org>.
  Enabled features: Linux x86_64-pc-linux-gnu libsystemd serial usb libudev usbdropdir=/usr/lib/pcsc/drivers ipcdir=/run/pcscd filter configdir=/etc/reader.conf.d

  packages

  pcscd              1.9.5-3        1.9.5-3        Middleware to access a smart card using PC/SC (daemon side)
  opensc-pkcs11      0.22.0-1ubuntu 0.22.0-1ubuntu Smart card utilities with support for PKCS#15 compatible cards
  openssl            3.0.2-0ubuntu1 3.0.2-0ubuntu1 Secure Sockets Layer toolkit - cryptographic utility 
  libssl1.0.0        <none>         1.0.2n-1ubuntu Secure Sockets Layer toolkit - shared libraries                                             
  libssl1.1          <none>         1.1.1l-1ubuntu Secure Sockets Layer toolkit - shared libraries                                             
  libssl3            3.0.2-0ubuntu1 3.0.2-0ubuntu1 Secure Sockets Layer toolkit - shared libraries                                             
  libssl3:i386       3.0.2-0ubuntu1 3.0.2-0ubuntu1 Secure Sockets Layer toolkit - shared libraries

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: ubuntu-release-upgrader-core 1:22.04.10
  ProcVersionSignature: Ubuntu 5.15.0-27.28-generic 5.15.30
  Uname: Linux 5.15.0-27-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CrashDB: ubuntu
  CurrentDesktop: KDE
  Date: Mon May  9 19:12:17 2022
  InstallationDate: Installed on 2020-07-01 (677 days ago)
  InstallationMedia: Ubuntu 18.04.4 LTS "Bionic Beaver" - Release amd64 (20200203.1)
  PackageArchitecture: all
  ProcEnviron:
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: ubuntu-release-upgrader
  Symptom: release-upgrade
  UpgradeStatus: Upgraded to jammy on 2022-05-09 (1 days ago)
  VarLogDistupgradeTermlog:

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1972753/+subscriptions

More information about the foundations-bugs mailing list