Re: [opensc-devel] Implicit PIN change with pinpad reader.

Thu, 24 Sep 2009 06:00:05 -0700 

Hi François,

Thank you for replying!

On Sep 24, 2009, at 13:36, François Leblanc wrote:


I don't think that the matter is in reader-pcsc.c, I think you should
have a look on Portuguese eID in command " pin_cmd " the SC_PIN_CMD_CHANGE
is probably slip in two parts SC_PIN_CMD_VERIFY + the SC_PIN_CMD_CHANGE 

just disable the SC_PIN_CMD_VERIFY when reader is pinpad capability...
If I disable it, then OpenSC will try to build an SC_PIN_CMD_CHANGE apdu with "old pin, new pin, new pin" - but the card specification does not allow it. Meanwhile, I was trying to understand the PC/SC V2 spec part 10, but it's not very detailed. I was able to find a document by Gemalto [1] that says this, on page 13: 

bConfirmPin: 0x03
bNumberMessage: 0x03
Messages seen on Pinpad display: Enter Pin, New Pin, Confirm Pin

This is the case is reader-pcsc.c as it can be seen on the code:

        pin_modify->bConfirmPIN = 0x03;      /* bConfirmPIN, all */
pin_modify->bEntryValidationCondition = 0x02; /* bEntryValidationCondition, keypress only */ 
        
        if (slot->capabilities & SC_SLOT_CAP_DISPLAY)
pin_modify->bNumberMessage = 0x03; /* 3 messages (because bConfirmPIN = 3), all default. Could be 0xFF too */ 
        else
                pin_modify->bNumberMessage = 0x00; /* No messages */

On the document, there are other options explained. One looks promising:

bConfirmPin: 0x01
bNumberMessage: 0x02
Messages seen on Pinpad display: New Pin*, Confirm Pin*
*In these two cases, old PIN is not asked by the Pinpad but do not forget to put the old 
PIN value in the APDU command.

So, I changed the code in reader-pcsc.c:

        pin_modify->bConfirmPIN = 0x01;
pin_modify->bEntryValidationCondition = 0x02; /* bEntryValidationCondition, keypress only */ 
        
        if (slot->capabilities & SC_SLOT_CAP_DISPLAY)
                pin_modify->bNumberMessage = 0x02;
        else
                pin_modify->bNumberMessage = 0x00; /* No messages */

And now it works as expected :)
Of course, by doing this I'm breaking all other cards and it's not very nice. Is there any way (through a flag in structure or something) that we can signal part10_build_modify_pin_block() to adapt its behavior depending on the type of card? 


João

[1] - 
http://support.gemalto.com/fileadmin/user_upload/user_guide/Pinpad/PCPinpad_PC-SC_UserGuide.pdf





Can anyone help?



Thank you.



João


Hope this can help you,

Regards.
François.





_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to