Hello,
A few years ago I submitted a patch that enabled the use of smartcard
readers with pinpad on Windows. I'm happy to see that most of the
changes were integrated into mainstream opensc. However, there is a part
concerning PIN insertions offsets that's been left out. I was wondering,
why?
Obviously, leaving the bInsertionOffsetNew at 0x00 is wrong. Please
google it. You will find that every example with PIN_MODIFY_STRUCTURE
sets this field to a non-zero value. Maybe some pinpad readers are able
to fix requests and pin modification works in your tests. Unfortunately,
mine doesn't.
I have prepared some debug logs to show the problem. I use a SPR 532
reader and SetCOS cards on a Windows OS. The pin must be in ASCII format
padded to 8 characters with 0x00. So I initialize the sc_pin_cmd_data
structure like this:
struct sc_pin_cmd_data data;
memset(&data, 0, sizeof(data));
data.cmd = SC_PIN_CMD_CHANGE;
data.pin_type = SC_AC_CHV;
data.pin_reference = pinref;
data.flags |= SC_PIN_CMD_USE_PINPAD;
data.flags |= SC_PIN_CMD_NEED_PADDING;
data.pin1.min_length = 4;
data.pin1.max_length = 8;
data.pin1.pad_length = 8;
data.pin1.pad_char = '\0';
data.pin2.pad_length = 8;
data.pin2.pad_char = '\0';
The first log is from the mainstream opensc. Both bInsertionOffsetOld
and bInsertionOffsetNew are set to 0x00:
[OSCAR] sec.c:154:sc_pin_cmd: called
[OSCAR] reader-pcsc.c:1270:part10_pin_cmd: called
[OSCAR] reader-pcsc.c:1310:part10_pin_cmd: PC/SC v2 pinpad block:
1e:1e:02:08:00:00:00:08:04:03:02:00:00:00:00:00:00:00:00:00:15:00:00:00:00:24:00:81:10:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
[OSCAR] reader-pcsc.c:161:pcsc_internal_transmit: called
[OSCAR] reader-pcsc.c:161:pcsc_internal_transmit: called
[OSCAR] iso7816.c:99:iso7816_check_sw: Incorrect parameters in the data
field
[OSCAR] sec.c:201:sc_pin_cmd: returning with: Incorrect parameters in APDU
The second log comes from opensc with my modifications. I set insertion
offsets based on pin1.offset and pin2.offset from sc_pin_cmd_data which
are calculated by iso7816_build_pin_apdu() from iso7816.c.
[OSCAR] sec.c:154:sc_pin_cmd: called
[OSCAR] reader-pcsc.c:1264:part10_pin_cmd: called
[OSCAR] reader-pcsc.c:1304:part10_pin_cmd: PC/SC v2 pinpad block:
1e:1e:02:08:00:00:08:08:04:03:02:00:00:00:00:00:00:00:00:00:15:00:00:00:00:24:00:81:10:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
[OSCAR] reader-pcsc.c:161:pcsc_internal_transmit: called
[OSCAR] reader-pcsc.c:161:pcsc_internal_transmit: called
[OSCAR] sec.c:201:sc_pin_cmd: returning with: 0
The difference is that in the second case bInsertionOffsetNew is set
correctly to 0x08. With my patch, it becomes unnecessary to check for
GLP formatting, because iso7816_build_pin_apdu will set the offsets
correctly.
There is also another issue. The file "pkcs11-tool.c" unnecessarily
includes "openssl/engine.h". It doesn't use any functions defined in
this header, so removing it won't cause any harm. However, if you have
compiled openssl without engine (no-engine), then including this header
will break the build. It's important to fix this, because omitting the
engine is the easiest way to build openssl on windows with msys/mingw.
Best regards
Robert Konklewski
diff -rup opensc-svn/src/tools/pkcs11-tool.c
opensc-svn-openssl_engine/src/tools/pkcs11-tool.c
--- opensc-svn/src/tools/pkcs11-tool.c 2009-04-07 16:55:42 +0000
+++ opensc-svn-openssl_engine/src/tools/pkcs11-tool.c 2009-04-07 16:57:04
+0000
@@ -31,7 +31,6 @@
#include "openssl/evp.h"
#include "openssl/x509.h"
#include "openssl/rsa.h"
-#include "openssl/engine.h"
#include "openssl/bn.h"
#include "openssl/err.h"
#endif
diff -rup opensc-svn/src/libopensc/reader-pcsc.c
opensc-svn-pin_modify/src/libopensc/reader-pcsc.c
--- opensc-svn/src/libopensc/reader-pcsc.c 2009-04-07 16:55:54 +0000
+++ opensc-svn-pin_modify/src/libopensc/reader-pcsc.c 2009-04-07 17:00:12
+0000
@@ -1205,15 +1205,9 @@ static int part10_build_modify_pin_block
}
pin_modify->bmPINLengthFormat = tmp; /* bmPINLengthFormat */
- pin_modify->bInsertionOffsetOld = 0x00; /* bOffsetOld */
+ pin_modify->bInsertionOffsetOld = data->pin1.offset - 5;
+ pin_modify->bInsertionOffsetNew = data->pin2.offset - 5;
- /* bInsertionOffsetNew */
- tmp = 0x00;
- if (data->pin1.encoding == SC_PIN_ENCODING_GLP) {
- tmp = 0x08;
- }
- pin_modify->bInsertionOffsetNew = tmp; /* bOffsetNew */
-
if (!data->pin1.min_length || !data->pin1.max_length)
return SC_ERROR_INVALID_ARGUMENTS;
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
