Closed iratebadger closed 4 years ago
philipWendland
commented
4 years ago Hm, the SCARD_E_NOT_TRANSACTED is an error coming from PC/SC, not the applet. The error description is "An attempt was made to end a non-existent transaction." https://pcsclite.apdu.fr/api/group__ErrorCodes.html#gab02a33c2ef61f12a851dfe85c575d7cc
Do you have a reader with a PIN-pad?
iratebadger
commented
4 years ago No its a standard SCR3310. And yes the error is coming from PC/SC and I cant figure out why it's generating it. The card is simply not responding but if I comment out the resetAndUnblock call it is able to continue. I am assuming there is something going on with that internally. The card is running version 3 javacard so I suspect it has something to do with that. The applet works just fine on my version 2 card with this reader. However nothing I can find in the documentation or sdk suggests this should be a problem. I had thought from the documentation that maybe you needed to be inside a transaction to update the PIN but attempts to wrap the pin update and reset with a transaction have failed.
If I wrap the resetAndUnblock with a try catch block that then throws a known exception from the catch block (IE ISOException.throwIt) the card simply never responds and the init hangs but without the SCARD_E_NOT_TRANSACTED error.
philipWendland
commented
4 years ago It might be a firmware bug in the card, but this is hard to tell. You could try different arguments to resetAndUnblock (e.g. a different PIN length).
iratebadger
commented
4 years ago Fantastic suggestion! That solved it. I changed the max PIN length to 8 in the applet and the profile and it worked. Sucks that it only seems to support PIN's of length 8 but the card works. Thanks for your help!
Needless to say, I can confirm basic functionality of the applet works on the Taglio C980 SLE78 if you do some work to set the max PIN lengths to 8 and make sure you set AID in your opensc.conf to something like card_atr 3B:F9:96:00:00:81:31:FE:45:53:50:49:56:4B:45:59:37:30:28 { name = "PIVKey"; driver = "isoApplet"; }
You will also need to modify the isoAppplet.profile file to reflect the max PIN length of 8 or you will get a length error when creating the meta structure.
Is there some way to query the max PIN length on the card? If so maybe a way to combine multiple OwnerPINs into one longer PIN?
philipWendland
commented
4 years ago Is there some way to query the max PIN length on the card? If so maybe a way to combine multiple OwnerPINs into one longer PIN?
I looked at the JavaCard API specification, but did not find something like that. As for your second question, I would rather not use such card-specific hacks for security features that should already be there.
The best solution would be that the card manufacturer fixes this limitation/issue. The second best option might be to set the max. length at the initialization phase of the card, depending on which value is set in the OpenSC profile. But this might break backward compatibility (with older applet versions).
As the description says I am getting the SCARD_E_NOT_TRANSACTED when using this applet with a Taglio C980. I have everything set up for OpenSC to use the isoApplet driver and have verified that it is doing so. The issue happens when setting the PUK. Specifically if I comment out line 487 puk.resetAndUnblock(); I do not get the error.
You can directly cause this bug by installing the applet and issuing the following GP command. gp.jar -dv -a 00A404000CF276A288BCFBA69D34F31001 -a 00A408000450154946F8 -a 00A40000023F00F8 -a 00E00000176F1581021388820138830250158608FF00000000000090 -a 002401021030303030303030303030303030303030
I will continue to try and debug the issue.