-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Request to support non standard PIN references #66
Comments
That needs to be solved in OpenSC. Please try the following, there: diff --git a/src/sm/sm-eac.c b/src/sm/sm-eac.c
index 83e9b551e..0cf5f497d 100644
--- a/src/sm/sm-eac.c
+++ b/src/sm/sm-eac.c
@@ -634,6 +634,9 @@ get_psec(sc_card_t *card, const char *pin, size_t length_pin, enum s_type pin_id
pin = p;
}
+ if (pin_id != PACE_PIN && pin_id != PACE_CAN && pin_id != PACE_MRZ && pin_id != PACE_PUK)
+ pin_id = PACE_RAW;
+
r = PACE_SEC_new(pin, length_pin, pin_id);
if (p) { |
Many thanks. This approach fixed the issue. I included the patch into OpenSC/OpenSC#3171 to prevent early testers from blocking their transport PIN due to authentication errors (like I did with one of my test cards). But I think it should be submitted as an independent PR. Do you want to commit this patch directly or shall I file a pull request? |
Expected behaviour
The library should accept non standard PIN reference numbers for at least
PACE_SEC_new()
andencoded_secret()
.Actual behaviour
When a non-standard PIN reference number is used, the above mentioned functions bail out with an error.
I encountered this kind of error during the implementation of D-Trust Signatures Card 5 (see OpenSC/OpenSC#3131). There PACE authentication with Transport PINs (ID
0x0B
and0x0C
) is used to establish a secure channel.Steps to reproduce
Call
perform_pace()
from OpenSC library with a non-standard PIN reference numberlike in this code:
Try the code from frankmorgner/OpenSC@80349e2.
Logs
The text was updated successfully, but these errors were encountered: