Re: [opensc-devel] Pinpad, TCOS card

Sat, 16 Jul 2011 14:35:05 -0700 

Hi Johannes!

2011/7/15 Johannes Becker <johannes.bec...@hrz.uni-giessen.de>

> Hello,
>
> I'm testing a new Firmware for the Xiring MyLeo card reader. It
> will support extended APDU. It works with a CardOS chip, but
> with a TCOS chip firefox displays quickly the small window asking
> you to enter the pin on the pinpad several times. You have no chance
> to do so and there is subsequently no connection to the web site.
>
> To help the Xiring developers, does anybody know how to find the crucial
> point in the log
>

Here it is:

Control TxBuffer: 1E 1E 02 00 00 10 06 02 FF 00 00 00 00 00 00 05 00 00 00
00 20 00 00 00
-> 000000 69 14 00 00 00 00 39 00 00 00 00 1E 02 00 00 10 06 02 FF 00 00 00
00 00 00 00 20 00 00 00
<- 000000 80 02 00 00 00 00 39 00 00 00 6B 80
Control RxBuffer: 6B 80

Your CardOS card has a fixed length PIN format while your TCOS card has a
variable length PIN format. The PC/SC standard is not precise when it comes
to secure PIN entry with avariable length PIN format.

Some reader expect just 4 bytes (CLA INS P1 P2) without Le. Some other
readers insist on getting a 0-Le byte. And very few readers handle both
cases.

OpenSC uses 5 bytes in the control buffer: 05:00:00:00 is the length
followed
by 00:20:00:00:00 with is CLA:INS:P1:P2:Le.

The OpenSC developers could change this to 04:00:00:00 - 00:20:00:00
and maybe your Xiring-reader will work then. But several other readers
will stop working with this modification, so I would not suggest to do this.

But you can try yourself. In function part10_build_verify_pin_block()
in file reader-pcsc.c (line 1309-1314) you will find

/* Copy data if not Case 1 */
if (data->pin1.length_offset != 4) {
    pin_verify->abData[offset++] = apdu->lc;
    memcpy(&pin_verify->abData[offset], apdu->data, apdu->datalen);
    offset += apdu->datalen;
}

Just remove them and give it a try.

So please tell the Xiring developers to change their firmware such that
both versions are supported.

And they should use better return codes than 6B:80 (no idea what this
SW-value is supposed to mean)

Peter

_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to