From f7b4d977a9d58bb94f575b6469a11848be34cbdb Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Fri, 15 Oct 2021 09:55:46 +0200 Subject: [PATCH] Fix eToken support (#2014312) --- ccid-1.4.36-etokent.patch | 94 +++++++++++++++++++++++++++++++++++++++ pcsc-lite-ccid.spec | 2 + 2 files changed, 96 insertions(+) create mode 100644 ccid-1.4.36-etokent.patch diff --git a/ccid-1.4.36-etokent.patch b/ccid-1.4.36-etokent.patch new file mode 100644 index 0000000..d87bb90 --- /dev/null +++ b/ccid-1.4.36-etokent.patch @@ -0,0 +1,94 @@ +From b48e1e697010431b7f03d4ecfe917ceee95e2c64 Mon Sep 17 00:00:00 2001 +From: Ludovic Rousseau +Date: Tue, 7 Sep 2021 14:06:46 +0200 +Subject: [PATCH] Fix SafeNet eToken 5110 SC issue + +Some SafeNet eToken 5100 (but not all) have issues when IFSD is negotiated. +For some APDU the communication stops and the token returns 0 bytes. + +It is the case with the SafeNet eToken 5110 SC with +ATR: 3B D5 18 00 81 31 3A 7D 80 73 C8 21 10 30 +and PC/SC name "SafeNet eToken 5100 [eToken 5110 SC]" + +Another SafeNet eToken 5100 with +ATR: 3B D5 18 00 81 31 FE 7D 80 73 C8 21 10 F4 +and PC/SC name "SafeNet eToken 5100 [Main Interface]" +does NOT have problems with the the IFSD negotiation. + + +This fixes Debian bug #993647 +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993647 +--- + src/ccid.c | 7 +++++++ + src/ccid.h | 1 + + 2 files changed, 8 insertions(+) + +diff --git a/src/ccid.c b/src/ccid.c +index efef240..0d7ba54 100644 +--- a/src/ccid.c ++++ b/src/ccid.c +@@ -576,6 +576,13 @@ int ccid_open_hack_post(unsigned int reader_index) + * have one */ + ccid_descriptor->bPINSupport = 0; + break; ++ ++ case SAFENET_ETOKEN_5100: ++ /* the old SafeNet eToken 5110 SC (firmware 0.12) does not ++ * like IFSD negotiation. So disable it. */ ++ if (0x0012 == ccid_descriptor->IFD_bcdDevice) ++ ccid_descriptor->dwFeatures |= CCID_CLASS_AUTO_IFSD; ++ break; + } + + /* Gemalto readers may report additional information */ +diff --git a/src/ccid.h b/src/ccid.h +index b28f0c1..00ce07a 100644 +--- a/src/ccid.h ++++ b/src/ccid.h +@@ -239,6 +239,7 @@ typedef struct + #define IDENTIV_uTrust3701F 0x04E65791 + #define IDENTIV_uTrust4701F 0x04E65724 + #define BIT4ID_MINILECTOR 0x25DD3111 ++#define SAFENET_ETOKEN_5100 0x05290620 + + #define VENDOR_GEMALTO 0x08E6 + #define GET_VENDOR(readerID) ((readerID >> 16) & 0xFFFF) +-- +GitLab + +From 26ad96076523472e9d0d383d014e7b1ad241fd5b Mon Sep 17 00:00:00 2001 +From: Ludovic Rousseau +Date: Wed, 8 Sep 2021 11:28:48 +0200 +Subject: [PATCH] Fix SafeNet eToken 5110 SC issue (firmware 0.13) + +The SafeNet eToken 5110 SC with firmware 0.13 has the same problem as +the token with firmware 0.12. +We use the same oslution to fix the problem. + +Thanks again to Vladimir K for the bug report. +--- + src/ccid.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/ccid.c b/src/ccid.c +index 0d7ba54..21a2fe8 100644 +--- a/src/ccid.c ++++ b/src/ccid.c +@@ -578,9 +578,10 @@ int ccid_open_hack_post(unsigned int reader_index) + break; + + case SAFENET_ETOKEN_5100: +- /* the old SafeNet eToken 5110 SC (firmware 0.12) does not +- * like IFSD negotiation. So disable it. */ +- if (0x0012 == ccid_descriptor->IFD_bcdDevice) ++ /* the old SafeNet eToken 5110 SC (firmware 0.12 & 0.13) ++ * does not like IFSD negotiation. So disable it. */ ++ if ((0x0012 == ccid_descriptor->IFD_bcdDevice) ++ || (0x0013 == ccid_descriptor->IFD_bcdDevice)) + ccid_descriptor->dwFeatures |= CCID_CLASS_AUTO_IFSD; + break; + } +-- +GitLab + + diff --git a/pcsc-lite-ccid.spec b/pcsc-lite-ccid.spec index 59e1e17..6a4f94f 100644 --- a/pcsc-lite-ccid.spec +++ b/pcsc-lite-ccid.spec @@ -13,6 +13,7 @@ Source1: https://ccid.apdu.fr/files/ccid-%{version}.tar.bz2.asc Source2: gpgkey-F5E11B9FFE911146F41D953D78A1B4DFE8F9C57E.gpg Patch0: ccid-1.4.26-omnikey-3121.patch Patch1: ccid-1.4.34-maxreaders.patch +Patch2: ccid-1.4.36-etokent.patch BuildRequires: make BuildRequires: perl-interpreter @@ -40,6 +41,7 @@ gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0} %setup -q -n ccid-%{version} %patch0 -p1 -b .omnikey %patch1 -p0 -b .maxreaders +%patch2 -p1 -b .etoken %build %configure --enable-twinserial