Closed hamarituc closed 4 months ago
That needs to be solved in OpenSC. Please try the following, there:
diff --git a/src/sm/sm-eac.c b/src/sm/sm-eac.c
index 83e9b551e..0cf5f497d 100644
--- a/src/sm/sm-eac.c
+++ b/src/sm/sm-eac.c
@@ -634,6 +634,9 @@ get_psec(sc_card_t *card, const char *pin, size_t length_pin, enum s_type pin_id
pin = p;
}
+ if (pin_id != PACE_PIN && pin_id != PACE_CAN && pin_id != PACE_MRZ && pin_id != PACE_PUK)
+ pin_id = PACE_RAW;
+
r = PACE_SEC_new(pin, length_pin, pin_id);
if (p) {
That needs to be solved in OpenSC. Please try the following, there:
diff --git a/src/sm/sm-eac.c b/src/sm/sm-eac.c index 83e9b551e..0cf5f497d 100644 --- a/src/sm/sm-eac.c +++ b/src/sm/sm-eac.c @@ -634,6 +634,9 @@ get_psec(sc_card_t *card, const char *pin, size_t length_pin, enum s_type pin_id pin = p; } + if (pin_id != PACE_PIN && pin_id != PACE_CAN && pin_id != PACE_MRZ && pin_id != PACE_PUK) + pin_id = PACE_RAW; + r = PACE_SEC_new(pin, length_pin, pin_id); if (p) {
Many thanks. This approach fixed the issue. I included the patch into OpenSC/OpenSC#3171 to prevent early testers from blocking their transport PIN due to authentication errors (like I did with one of my test cards). But I think it should be submitted as an independent PR. Do you want to commit this patch directly or shall I file a pull request?
Expected behaviour
The library should accept non standard PIN reference numbers for at least
PACE_SEC_new()
andencoded_secret()
.Actual behaviour
When a non-standard PIN reference number is used, the above mentioned functions bail out with an error.
I encountered this kind of error during the implementation of D-Trust Signatures Card 5 (see OpenSC/OpenSC#3131). There PACE authentication with Transport PINs (ID
0x0B
and0x0C
) is used to establish a secure channel.Steps to reproduce
Call
perform_pace()
from OpenSC library with a non-standard PIN reference numberlike in this code:
Try the code from https://github.com/frankmorgner/OpenSC/commit/80349e2c8aa8ac4d2379c1ea0f473a985f721a43.
Logs