Re: [Qemu-discuss] Virtual ccid is empty

[Anton Gerasimov]

Thank you for the idea. Unfortunately it seems it is not the case. The
only quirk I can see with strace is that qemu constantly tries to access
'*.db-journal' and '*.db-wal' files which are not present in my case.
But they are optional according to my understanding of how sqlite works.

On 09/07/2017 12:08 PM, Jan Schermer wrote:
> Just a wild guess - I played with this shortly a year ago. There are two 
> formats of NSS database and there’s a mismatch between what qemu supports and 
> what my Ubuntu certutil defaults to.
>
> I had to set NSS_DEFAULT_DB_TYPE=“sql" (I think?) to make qemu use the new 
> format... or the other way around.
>
> There was no error emitted, but when I straced it it was looking for files 
> that aren’t there, that’s how I found out.
>
> Jan
>
>
>> On 7 Sep 2017, at 10:42, Anton Gerasimov <address@hidden> wrote:
>>
>> Greetings,
>>
>> I'm trying to emulate a USB HSM in Qemu. I was following the
>> documentation for emulated ccid [1](point 4), but instead of importing
>> certificates in the host I'm just connecting to the virtual card using
>> pcsc-lite and OpenSC. The virtual reader itself can be found, but for
>> some reason there is no card inserted:
>>
>>   address@hidden:~# lsusb
>>   Bus 001 Device 004: ID 08e6:4433 Gemalto (was Gemplus) GemPC433-Swap
>>   Bus 001 Device 003: ID 0409:55aa NEC Corp. Hub
>>   Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd
>>   Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
>>
>>   address@hidden:~# pkcs11-tool --list-slots
>>   Available slots:
>>   Slot 0 (0x0): Generic CCID Reader [CCID Interface]
>> (1-0000:00:01.2-2.1) 00 00
>>     (empty)
>>
>>   address@hidden:~# pkcs11-tool --list-token-slots
>>   Available slots:
>>   No slots.
>>
>> On the host machine there is an nss database and all the certificates
>> are there:
>>
>>   $ certutil -L -d sql:fake-smartcard/
>>
>>   Certificate Nickname                                         Trust
>> Attributes
>>                                                             
>> SSL,S/MIME,JAR/XPI
>>
>>   fake-smartcard-ca                                            CTu,Cu,Cu
>>   id-cert                                                               
>> u,u,u
>>   signing-cert                                                        u,u,u
>>   encryption-cert                                                  u,u,u
>>
>> Qemu command line is:
>>
>>   qemu-system-x86_64 -drive
>> file=/path/to/image.img,if=ide,format=raw,snapshot=on -m 1G -usb
>> -usbdevice tablet -show-cursor -vga std -usb -device usb-ccid -device
>> ccid-card-emulated,backend=certificates,db=sql:/home/anton/fake-smartcard,cert1=id-cert,cert2=signing-cert,cert3=encryption-cert
>>
>> What can I be doing wrong?
>>
>> Thanks,
>> Anton Gerasimov
>>
>> [1] https://github.com/qemu/qemu/blob/master/docs/ccid.txt
>>
>> -- 
>> Anton Gerasimov, ATS Advanced Telematic Systems GmbH
>> Kantstrasse 162, 10623 Berlin
>> Managing Directors: Dirk Pöschl, Armin G. Schmidt
>> Register Court: HRB 151501 B, Amtsgericht Charlottenburg
>>