search

Yubico / Yubico.NET.SDK

A YubiKey SDK for .NET developers
Apache License 2.0
99 stars 47 forks source link

SCardException on Piv.Decrypt touch timeout #34

Closed forgotPassword closed 1 year ago

forgotPassword commented 1 year ago

Hello, I have a key with pin policy NEVER and touch policy ALWAYS. The following code raises SCardException after 10 seconds :

using Yubico.YubiKey;
using Yubico.YubiKey.Piv;

var device = YubiKeyDevice.FindAll().First();

using (var piv = new PivSession(device))
{
    piv.Decrypt(0x95, new byte[256]);
};

Unhandled exception. Yubico.PlatformInterop.SCardException: Encountered an error while attempting to transmit data to a smart card. Error code: 0x8010002f.
   at Yubico.Core.Devices.SmartCard.DesktopSmartCardConnection.Transmit(CommandApdu commandApdu)
   at Yubico.YubiKey.Pipelines.SmartCardTransform.Invoke(CommandApdu command, Type commandType, Type responseType)
   at Yubico.YubiKey.Pipelines.ResponseChainingTransform.Invoke(CommandApdu command, Type commandType, Type responseType)
   at Yubico.YubiKey.Pipelines.CommandChainingTransform.Invoke(CommandApdu command, Type commandType, Type responseType)
   at Yubico.YubiKey.CcidConnection.SendCommand[TResponse](IYubiKeyCommand`1 yubiKeyCommand)
   at Yubico.YubiKey.Piv.PivSession.PerformPrivateKeyOperation(Byte slotNumber, IYubiKeyCommand`1 command, PivAlgorithm algorithm, String algorithmExceptionMessage)
   at Yubico.YubiKey.Piv.PivSession.Decrypt(Byte slotNumber, ReadOnlyMemory`1 dataToDecrypt)

I believe the correct behavior should be OperationCanceledException.

GregDomzalski commented 1 year ago

Hi @forgotPassword

Thanks for the bug report! Now that the team is back from winter holidays, I'll have someone look into this.

The SDK is likely waiting on the YubiKey, which in turn is waiting on the user to touch the key. I'm not sure if there is a reliable way for the SDK to detect when the YubiKey requires touch, but if we can, I think we can try to build some sort of notification mechanism so that you can programmatically inform the user that they need to touch the key.

GregDomzalski commented 1 year ago

The bug has been root caused and a fix will be released in the next week or so.

YubiKeys require a brief pause between switching USB interfaces. The SDK talks to multiple USB interfaces while enumerating YubiKeys in order to match the devices into a single "logical" representation of a YubiKey. We cheat and don't wait during enumeration as we want enumeration to be fast. But apparently doing so causes issues with the YubiKey's touch detection routines. So now the SDK will try to track USB interface switching and will add the appropriate wait whenever it is needed.

We'll add more documentation around this behavior when we release as it may result in some calls to take longer than usual.

GregDomzalski commented 1 year ago

The fix for this issue has been released in the latest SDK version (1.6.0).

I'm closing this issue, but if you continue to encounter the issue, please feel free to reopen it.