Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug: pinpad cancel does nothing on macos #345

Open
martinpaljak opened this issue Oct 30, 2024 · 4 comments
Open

bug: pinpad cancel does nothing on macos #345

martinpaljak opened this issue Oct 30, 2024 · 4 comments

Comments

@martinpaljak
Copy link
Member

macos 15.1 M1 with Gemalto Ezio Shield.

Cancelling PIN entry (long-pressing yellow C button) will result in the following screen and locked up application. Expect it to cancel gracefully and report it back to the application/website.

Screenshot 2024-10-30 at 11 09 09
@metsma
Copy link
Contributor

metsma commented Oct 30, 2024
edited
Loading

Its the Apple CCID driver fault

Secure Verify PIN comand

The most problematic issue is that the Secure Verify PIN command (FEATURE_VERIFY_PIN_DIRECT) using the Apple driver returns:

Secure verify PIN
command: 00 00 82 08 00 08 04 07 01 09 04 00 00 00 00 0D 00 00 00 00 20 00 00 08 30 30 30 30 00 00 00 00
Enter your PIN:
SCardControl: OK
card response [0 bytes]::

The SCardControl() returns SCARD_S_SUCCESS (i.e. no error) but the PIN is not asked by the pinpad reader, and of course not submitted and verified by the card.
This command just silently fails. A pinpad reader can't be used with the Apple CCID driver.

You can get excepted behaviour when you switch to Ludovic's driver
sudo defaults write /Library/Preferences/com.apple.security.smartcard useIFDCCID -bool yes

@martinpaljak
Copy link
Member Author

martinpaljak commented Oct 30, 2024
edited
Loading

It works without issues when actually entering the PIN. When pressing the cancel button, the "operation failed" dialogue pops up, so it does detect some kind of change/failure. The main issue for me is that pressing cancel in the popping up failure dialogue will not cancel the underlying dialogue with progress bar, that keeps on spinning without a "cancel" button until it reaches zero, and then remains indefinitely until next web-eid invocation, that also starts with the same progress bar already at zero.

While the macos pcsc-like layer is probably full of annoyances, this seems like a UX mis-wiring issue in web-eid app.

@martinpaljak
Copy link
Member Author

martinpaljak commented Oct 30, 2024
edited
Loading

I do have two proprietary drivers installed, as visible from the picture and the list below
Screenshot 2024-10-30 at 11 59 12

1: [ ] [   ] Circle CIR315(1)
2: [*] [VMD] Gemalto Ezio Shield
             3BDB960080B1FE451F830012233F536549440F9000F1
             https://smartcard-atr.apdu.fr/parse?ATR=3BDB960080B1FE451F830012233F536549440F9000F1
3: [ ] [   ] Circle CIR315(2)
4: [ ] [   ] ACS ACR38U-CCID

@martinpaljak
Copy link
Member Author

Not to mention that it would be lovely to be able to just press ESC (or the missing CANCEL button) on the normal keyboard for the pinpad progresss bar dialogue to cancel the ongoing operation before the timeout...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@martinpaljak @metsma