2011/6/8 Martin Paljak <mar...@martinpaljak.net>: > On Jun 8, 2011, at 12:24 , Johannes Becker wrote: >> With Windows the SPR532 doesn't accept the PIN, when you use opensc. >> On the other hand, with Peter Koch's middleware it is ok. > > It thus expects the swapped length information I guess. > > The log seems to support this guess: > > 2011-06-03 09:32:04.562 PC/SC v2 pinpad block: > 1e:1e:02:00:00:10:06:02:00:00:00:00:00:00:00:05:00:00:00:00:20:00:00:00 > 2011-06-03 09:32:04.562 [opensc-pkcs11] > reader-pcsc.c:174:pcsc_internal_transmit: called > 2011-06-03 09:32:04.578 [opensc-pkcs11] > reader-pcsc.c:174:pcsc_internal_transmit: called > 2011-06-03 09:32:15.109 Wrong length > 2011-06-03 09:32:15.109 [opensc-pkcs11] sec.c:204:sc_pin_cmd: returning with: > -1206 (Wrong length) > > The pinpad command block constructed by OpenSC results in an incorrect PIN > block to be constructed by the firmware of the reader. > > Probably creating an conditional behavior for this reader is possible in > OpenSC, but as there are several incompatible firmware versions, it will > still fail for some, unless we try "every combination we know" which IMHO is > not a very smart thing to do. > But fixing, at least enhancing it, should be possible. > Maybe I can help to debug it more next week. > >> Using the GemPlus Pinpad reader, Firefox shows quickly serveral times >> the window telling you to enter the PIN on the Pinpad, but the connection >> to the web servers fails before you have a chance to to anything. > > The PIN block is rejected by the reader firmware with a generic error, OpenSC > exports it as an error but Firefox is stupid enough to not detect it. Firefox > does "PIN entry fails? Try three times" operation, it also does not detect > incorrect PIN codes and behaves the same way. > > Ludovic's CCID driver *already* adjusts the PIN block, as is visible from the > log: > > Control TxBuffer: 1E 1E 02 00 00 10 06 02 00 00 00 00 00 00 00 05 00 00 00 00 > 20 00 00 00 > commands.c:359:SecurePINVerify() Correct bNumberMessage for GemPC Pinpad (was > 0) > openct/proto-t1.c:571:t1_build() more bit: 0 > -> 000000 69 14 00 00 00 00 33 00 00 00 00 1E 02 00 00 10 06 02 01 00 00 00 > 00 40 05 00 20 00 00 00 > <- 000000 80 00 00 00 00 00 33 40 0F 00 > commands.c:1359:CCID_Receive error on byte 15 > Control RxBuffer: > ifdwrapper.c:638:IFDControl() Card not transacted: 612
The problem is on byte 15. Byte 15, 16 are wPINMaxExtraDigit In the CCID frame it is 10 06 So Maximum PIN size = 10h = 16 and Minimum PIN size = 06h = 6 The Gemalto Pinpad (v1) does not support Maximum PIN size bigger than 8. See the notes in http://pcsclite.alioth.debian.org/ccid/supported.html#0x08E60x3478 Again the PCSCv2_PART10_PROPERTY_bMaxPINSize feature should be used instead of a (hardcoded) value of 16. The OpenSC Feitian card driver has the same problem. > But apparently this is not enough. How does this reader work in Windows? Good question. -- Dr. Ludovic Rousseau _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
