search

web-eid / web-eid-app

The Web eID application performs cryptographic digital signing and authentication operations with electronic ID smart cards for the Web eID browser extension
https://web-eid.eu
MIT License
24 stars 30 forks source link

bug: pinpad cancel does nothing on macos #345

Open martinpaljak opened 1 month ago

martinpaljak commented 1 month ago

macos 15.1 M1 with Gemalto Ezio Shield.

Cancelling PIN entry (long-pressing yellow C button) will result in the following screen and locked up application. Expect it to cancel gracefully and report it back to the application/website.

Screenshot 2024-10-30 at 11 09 09
metsma commented 1 month ago

Its the Apple CCID driver fault

Secure Verify PIN comand

The most problematic issue is that the Secure Verify PIN command (FEATURE_VERIFY_PIN_DIRECT) using the Apple driver returns:

Secure verify PIN
command: 00 00 82 08 00 08 04 07 01 09 04 00 00 00 00 0D 00 00 00 00 20 00 00 08 30 30 30 30 00 00 00 00
Enter your PIN:
SCardControl: OK
card response [0 bytes]::

The SCardControl() returns SCARD_S_SUCCESS (i.e. no error) but the PIN is not asked by the pinpad reader, and of course not submitted and verified by the card. This command just silently fails. A pinpad reader can't be used with the Apple CCID driver.

You can get excepted behaviour when you switch to Ludovic's driver sudo defaults write /Library/Preferences/com.apple.security.smartcard useIFDCCID -bool yes

martinpaljak commented 1 month ago

It works without issues when actually entering the PIN. When pressing the cancel button, the "operation failed" dialogue pops up, so it does detect some kind of change/failure. The main issue for me is that pressing cancel in the popping up failure dialogue will not cancel the underlying dialogue with progress bar, that keeps on spinning without a "cancel" button until it reaches zero, and then remains indefinitely until next web-eid invocation, that also starts with the same progress bar already at zero.

While the macos pcsc-like layer is probably full of annoyances, this seems like a UX mis-wiring issue in web-eid app.

martinpaljak commented 1 month ago

I do have two proprietary drivers installed, as visible from the picture and the list below

Screenshot 2024-10-30 at 11 59 12 
1: [ ] [   ] Circle CIR315(1)
2: [*] [VMD] Gemalto Ezio Shield
             3BDB960080B1FE451F830012233F536549440F9000F1
             https://smartcard-atr.apdu.fr/parse?ATR=3BDB960080B1FE451F830012233F536549440F9000F1
3: [ ] [   ] Circle CIR315(2)
4: [ ] [   ] ACS ACR38U-CCID
martinpaljak commented 1 month ago

Not to mention that it would be lovely to be able to just press ESC (or the missing CANCEL button) on the normal keyboard for the pinpad progresss bar dialogue to cancel the ongoing operation before the timeout...