Request to support non standard PIN references

[hamarituc]

Expected behaviour

The library should accept non standard PIN reference numbers for at least PACE_SEC_new() and encoded_secret().

Actual behaviour

When a non-standard PIN reference number is used, the above mentioned functions bail out with an error.

I encountered this kind of error during the implementation of D-Trust Signatures Card 5 (see OpenSC/OpenSC#3131). There PACE authentication with Transport PINs (ID 0x0B and 0x0C) is used to establish a secure channel.

Steps to reproduce

Call perform_pace() from OpenSC library with a non-standard PIN reference number

struct establish_pace_channel_input pace_input;
struct establish_pace_channel_output pace_output;

memset(&pace_input, 0, sizeof pace_input);
memset(&pace_output, 0, sizeof pace_output);

pace_input.pin_id = 0x0B;
pace_input.pin = "123456";
pace_input.pin_length = 6;

perform_pace(card, pace_input, &pace_output, EAC_TR_VERSION_2_02);

like in this code:

Try the code from frankmorgner/OpenSC@80349e2.

Logs

P:17084; T:0x140737337223168 09:40:55.777 [.../opensc/src/tools/.libs/dtrust-tool] sm-eac.c:810:perform_pace: 
Encrypted nonce from MRTD (16 bytes):
1B 79 D3 21 4E DF 79 B7 58 6F BE 99 52 B9 8E 5D .y.!N.y.Xo..R..]

[ERROR] (pace_lib.c:126 ) Invalid arguments
P:17084; T:0x140737337223168 09:43:21.292 [.../opensc/src/tools/.libs/dtrust-tool] sm-eac.c:816:perform_pace: Cannot log OpenSSL error
P:17084; T:0x140737337223168 09:43:21.292 [.../opensc/src/tools/.libs/dtrust-tool] sm-eac.c:817:perform_pace: Could not encode PACE secret.
P:17084; T:0x140737337223168 09:43:21.292 [.../opensc/src/tools/.libs/dtrust-tool] sm-eac.c:996:perform_pace: returning with: -1400 (Internal error)

[frankmorgner]

That needs to be solved in OpenSC. Please try the following, there:

diff --git a/src/sm/sm-eac.c b/src/sm/sm-eac.c
index 83e9b551e..0cf5f497d 100644
--- a/src/sm/sm-eac.c
+++ b/src/sm/sm-eac.c
@@ -634,6 +634,9 @@ get_psec(sc_card_t *card, const char *pin, size_t length_pin, enum s_type pin_id
                pin = p;
        }
 
+       if (pin_id != PACE_PIN && pin_id != PACE_CAN && pin_id != PACE_MRZ && pin_id != PACE_PUK)
+               pin_id = PACE_RAW;
+
        r = PACE_SEC_new(pin, length_pin, pin_id);
 
        if (p) {

[hamarituc]

That needs to be solved in OpenSC. Please try the following, there:

diff --git a/src/sm/sm-eac.c b/src/sm/sm-eac.c
index 83e9b551e..0cf5f497d 100644
--- a/src/sm/sm-eac.c
+++ b/src/sm/sm-eac.c
@@ -634,6 +634,9 @@ get_psec(sc_card_t *card, const char *pin, size_t length_pin, enum s_type pin_id
                pin = p;
        }
 
+       if (pin_id != PACE_PIN && pin_id != PACE_CAN && pin_id != PACE_MRZ && pin_id != PACE_PUK)
+               pin_id = PACE_RAW;
+
        r = PACE_SEC_new(pin, length_pin, pin_id);
 
        if (p) {

Many thanks. This approach fixed the issue. I included the patch into OpenSC/OpenSC#3171 to prevent early testers from blocking their transport PIN due to authentication errors (like I did with one of my test cards). But I think it should be submitted as an independent PR. Do you want to commit this patch directly or shall I file a pull request?