minidriver not recognising pinless PKCS#15 applications

[llogar]

Problem Description

Slovenian eID card also contains (in a separate PKCS#15 application) a private key which is not protected by a PIN.
minidriver assigns this key a ROLE_EVERYONE, but fails later when retrieving a PIN information using the CardGetProperty('PIN Information', ...) call.

I've also noticed, that in contrast to PKCS#11 when using minidriver only the first 'generic' PKCS#15 application is used and the remaining (if the card has several) are ignored. I think this should also be mentioned somewhere in the docs...

Proposed Resolution

I guess, if PIN is not present, a dummy/empty PIN_INFO structure should be returned and a call to CardGetProperty() should succeed, something like

@@ -6382,7 +6383,18 @@ DWORD WINAPI CardGetProperty(__in PCARD_DATA pCardData,
                        MD_FUNC_RETURN(pCardData, 1, SCARD_E_INVALID_PARAMETER);
 
                if (!vs->pin_objs[dwFlags])
+               {
+                       if (dwFlags == ROLE_EVERYONE) {
+                               p->PinPurpose = PrimaryCardPin;
+                               p->PinCachePolicy.dwVersion = PIN_CACHE_POLICY_CURRENT_VERSION;
+                               p->PinCachePolicy.PinCachePolicyType = PinCacheNone;
+                               p->PinCachePolicy.dwPinCachePolicyInfo = 0;
+                               p->dwChangePermission = 0;
+                               p->dwUnblockPermission = 0;
+                               MD_FUNC_RETURN(pCardData, 1, SC_SUCCESS);
+                       }
                        MD_FUNC_RETURN(pCardData, 1, SCARD_E_INVALID_PARAMETER);
+               }
 
                p->PinType = vs->reader->capabilities & SC_READER_CAP_PIN_PAD
                        || vs->p15card->card->caps & SC_CARD_CAP_PROTECTED_AUTHENTICATION_PATH

Steps to reproduce

Try to do anything with a card that has keys not protected by PIN...

Logs

P:232 T:2224 pCardData:0000019ef5c4d580 CardGetContainerProperty
MD_Function:check_card_status:402 called
MD_Function:check_card_status:412 returning with: 0x00000000
CardGetContainerProperty bContainerIndex=0, wszProperty=PIN Identifier, cbData=4, dwFlags=0x00000000
Return Pin id 0
MD_Function:CardGetContainerProperty:6287 returning with: 0x00000000
MD_Function:CardGetProperty:6321 called
P:232 T:2224 pCardData:0000019ef5c4d580 CardGetProperty('PIN Information',cbData=36,dwFlags=0) called
check_reader_status for CardGetProperty
MD_Function:check_card_status:402 called
MD_Function:check_card_status:412 returning with: 0x00000000
sizeof(size_t):8 sizeof(ULONG_PTR):8 sizeof(__int3264):8 sizeof pCardData->hSCardCtx:8
pCardData->hSCardCtx:0xCD00000700000004 hScard:0xEA00000100000001
check_reader_status r=5 flags 0x00000005
MD_Function:check_card_reader_status:487 returning with: 0x00000000
MD_Function:CardGetProperty:6466 returning with: 0x80100004

[dengert]

The PIV card also has a key usable without a PIN. Mostly used to authenticate the card to door locks.

The code looks good. Do you want to submit a PR? If not I could this afternoon and test on Windows.

[llogar]

I'll make a PR later today...