1911630 – AusweiseApp2 protocol error when authenticating german id card via usb reader

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1911630 - AusweiseApp2 protocol error when authenticating german id card via usb reader

Summary: AusweiseApp2 protocol error when authenticating german id card via usb reader

Keywords:
Status:	NEW
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	AusweisApp2
Sub Component:
Version:	33
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Björn 'besser82' Esser
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-12-30 13:21 UTC by Arun Babu Neelicattu
Modified:	2020-12-30 13:25 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	---
Doc Text:
Clone Of:
Environment:
Last Closed:
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Arun Babu Neelicattu 2020-12-30 13:21:26 UTC

Description of problem:

Using a german ID card along with a REINER SCT cyberJack RFID USB reader [1], fails with a protocol error after valid PIN entry.

The card and PIN was verified to work with using the Android app using NFC. Additionally, the reader, card and PIN has been verified using the Open EID app as well on the same workstation.


Version-Release number of selected component (if applicable):

> AusweisApp2-data-1.20.2-10.fc33.noarch
> AusweisApp2-1.20.2-10.fc33.x86_64


How reproducible:
This is consistently and easily reproduced.

Steps to Reproduce:
1. Install and open AusweisApp2 (rpm)
2. Select "See my personal data"
3. Select "Proceed to PIN entry"
4. Place ID card on usb card reader.
5. Enter PIN and continue.

Actual results:
App displays a protocol error.

Expected results:
App authenticates PIN and displays personal data.

Additional info:
The root cause seems to be due to the required elliptical curve being disabled on the openssl install.

> support    2020.12.30 13:47:48.710 12917 I ...ionWorker::establishPaceChannel(card/base/CardConnectionWorker.cpp:186) : Starting PACE for PACE_PIN
> card       2020.12.30 13:47:48.711 12917 C ...urveFactory::createCurve(card/base/pace/ec/EllipticCurveFactory.cpp:45) : Error on EC_GROUP_new_by_curve_name, curve is unknown: 927
> card       2020.12.30 13:47:48.711 12917 C EcdhKeyAgreement::create(card/base/pace/ec/EcdhKeyAgreement.cpp:61)        : Creation of elliptic curve failed
> card       2020.12.30 13:47:48.712 12917 C PaceHandler::initialize(card/base/pace/PaceHandler.cpp:134)                : No supported domain parameters found
> support    2020.12.30 13:47:48.712 12917 I ...ionWorker::establishPaceChannel(card/base/CardConnectionWorker.cpp:212) : Finished PACE for PACE_PIN with result PROTOCOL_ERROR
> network    2020.12.30 13:47:49.003 12906   ...ndReceive::onReplyFinished(core/states/StateGenericSendReceive.cpp:285) : Status Code: 200 "OK"
> network    2020.12.30 13:47:49.003 12906   ...ndReceive::onReplyFinished(core/states/StateGenericSendReceive.cpp:285) : Header | Connection: keep-alive
> network    2020.12.30 13:47:49.003 12906   ...ndReceive::onReplyFinished(core/states/StateGenericSendReceive.cpp:285) : Header | Content-Type: application/vnd.paos+xml
> network    2020.12.30 13:47:49.003 12906   ...ndReceive::onReplyFinished(core/states/StateGenericSendReceive.cpp:285) : Header | Content-Length: 1415
> network    2020.12.30 13:47:49.004 12906   ...ndReceive::onReplyFinished(core/states/StateGenericSendReceive.cpp:285) : Header | Content-Security-Policy: default-src 'self'
> network    2020.12.30 13:47:49.004 12906   ...ndReceive::onReplyFinished(core/states/StateGenericSendReceive.cpp:285) : Header | Date: Wed, 30 Dec 2020 12:47:48 GMT
> support    2020.12.30 13:47:49.069 12917 I Reader::updateRetryCounter(card/base/Reader.cpp:83)                        : retrieved retry counter: 3 , was: 3 , PIN deactivated: false
> card       2020.12.30 13:47:49.143 12917 W ReaderManagerWorker::getReader(card/base/ReaderManagerWorker.cpp:235)      : Requested reader does not exist: "REINER SCT cyberJack RFID basis 00 00"
> card       2020.12.30 13:47:49.143 12917 W ...rManagerWorker::updateReaderInfo(card/base/ReaderManagerWorker.cpp:212) : Requested reader does not exist: "REINER SCT cyberJack RFID basis 00 00"
> feedback   2020.12.30 13:47:49.145 12906 I ApplicationModel::showFeedback(ui/qml/ApplicationModel.cpp:457)            : You may now remove your ID card from the device.
> qml        2020.12.30 13:47:49.145 12906 W ApplicationModel::isScreenReaderRunning(ui/qml/ApplicationModel.cpp:428)   : NOT IMPLEMENTED

[1] https://www.amazon.de/REINER-cyberJack-Chip-Kartenleser-basis-Personalausweis/dp/B004FQO10U/ref=asc_df_B004FQO10U/

Note You need to log in before you can comment on or make changes to this bug.