Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Concurrent access results in PCSC Error #424

Open
wrl opened this issue Nov 9, 2022 · 7 comments
Open

Concurrent access results in PCSC Error #424

wrl opened this issue Nov 9, 2022 · 7 comments

Comments

@wrl
Copy link
Contributor

wrl commented Nov 9, 2022

This is a bug occurring in https://github.com/indygreg/apple-platform-rs, a downstream which (optionally) uses the yubikey-rs crate. It's unclear to me whether this is an apple-codesign (downstream) bug, one in yubikey-rs, or even one in pcsc-rust.

I've copied and pasted the text from from indygreg/apple-platform-rs#49 below:

I am using rcodesign in a on-premises CI server, with the smartcard functionality backed by a Yubikey 5 token.

When two (or more) jobs attempt to sign executables simultaneously, at least one (sometimes all) of them will begin exiting unsuccessfully with the pcsc-rust error Error::ResetCard, which has the description "The smart card has been reset, so any shared state information is invalid".

It's unclear to me where this error is being raised (i.e. when first connecting to the token, or when the signing operation is attempted), but it seems like pcsc-rust resets the Card when dropped (https://github.com/bluetech/pcsc-rust/blob/master/pcsc/src/lib.rs#L1670-L1684) and yubikey-rs doesn't change this or attempt to reconnect to the card on reset, though it does specify that the card should reset on reconnect (https://github.com/iqlusioninc/yubikey.rs/blob/main/src/yubikey.rs#L220-L224) and it seems like the card should perhaps reconnect if there's an error when starting a transaction (https://github.com/iqlusioninc/yubikey.rs/blob/main/src/yubikey.rs#L241-L245).

I am unfamiliar with PCSC and smartcards as a whole, so I'm not sure what the best practices for all of this are.

@wrl
Copy link
Contributor Author

wrl commented Nov 9, 2022

I'm very sorry about the repeated posts. Github returned a 500 when I tried to post it, and I just continued refreshing.

This is phenomenally embarrassing.

@tarcieri
Copy link
Collaborator

tarcieri commented Nov 9, 2022

No worries… seems like an idempotence bug on GitHub’s side

@indygreg
Copy link

indygreg commented Nov 9, 2022

Maintainer of apple-codesign here.

I guess my biggest question is what are the requirements/restrictions around concurrent access? It certainly looks like concurrent processes using this crate race to perform an operation against a YubiKey.

Is locking something that this crate aims to abstract away? If so, did I hit a bug or am I using the library incorrectly?

Or is locking something that needs to happen outside this crate? If so, are there any APIs this crate could provide to make lock acquisition simpler? e.g. are there sufficient APIs to test whether a smartcard device is in use or available? (I'm thinking about wanting to present some info to users if contention issues arise.)

@tarcieri
Copy link
Collaborator

tarcieri commented Nov 9, 2022

This seems like a problem with the pcsc crate. The pcsc::Card type has unsafe impls of Send and Sync:

https://docs.rs/pcsc/2.7.0/src/pcsc/lib.rs.html#1639

We could potentially throw a mutex around it in the yubikey crate as a band aid, but that’s about the best we can offer short of an upstream fix.

@wrl
Copy link
Contributor Author

wrl commented Nov 9, 2022

As a note, my use-case isn't concurrent uses inside the same process, but concurrent uses in separate processes, triggered by separate CI jobs. While it could be feasible to limit concurrent codesign CI jobs, I'm not seeing this PCSC error behaviour with osslsigncode and a separate (non-Yubikey) token which is nonetheless also accessed through a (different) pcscd process.

@tarcieri
Copy link
Collaborator

tarcieri commented Nov 10, 2022

Perhaps it's doing some kind of locking I'm not familiar with?

Can you run some kind of tracing on it to investigate? (e.g. ktrace/dtrace)

@wrl
Copy link
Contributor Author

wrl commented Nov 10, 2022

I'm wondering whether this is some sort of shared/exclusive mode thing. Just received my spare Yubikey in the mail and I'm going to drill down and find out where this error is coming from, because right now it's unclear.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants