The previous solution was just guessing AIDs of the PKI objects
and trying if they answer.
This solution is inspecting card based on the Service Applet Table
(listing all the applets on the card) and using GET PROPERTIES APDU
listing all the available OIDs of the applet.
This was successfully tested with standard CAC card
(with different ACA AID) and uninitialized HID Alt tokens with empty
certificates slots.
If cardos cards are initialized by other software and there is a pinref
without the msb set, also the pin verify works without that bit set.
This patch changes pin initialisation so that the pin is created in mf
which has the effect that pin verify works without | 0x80 to the
pin ref.
Signed-off-by: Andreas Kemnade <andreas@kemnade.info>
- limit length of data to write even in raw mode to the real length
- cluster variuable definitions
- restrict scope of variables
- introduce a variable length to make the purpose more obious
- start preprocessor directives at column one
- add comments where needed
- harmonize coding style: space after "if" and casts
Put the arguments passed to option -d into an array instead of only
storing the latest value.
During output, iterate over the values passed in via the option.
* new function sc_compacttlv_find_tag()
Add function sc_compacttlv_find_tag() to search for a tag in a
compact-TLV structure.
* OpenPGP: use sc_compacttlv_find_tag()
While doing so, fix a typo affection OpenPGP v3.x cards
opensc-notify doesn't propose a GUI that can be displayed to the users,
so it doesn't make sense to display it in the application list/launcher
Fixes: #1379
Call the tools to be tested with option '--help' to avoid
triggering automatic actions when no option is given.
Exampleswhy the old behaviour is bad:
- opensc-notify: blocks the build
- opensc-explorer: tries to open the card
* get rid of hard-coded markup like e.g. { ... | ... } or [ ... ]
in favour of DocBook's proper tags
* use tags better matching the purpose,
e.g. use <filename class"directory"> instead of <command> for directories
* improve consistency in <replaceable>s
Instead ogf blindly using "%lu", use "%"SC_FORMAT_LEN_SIZE_T"u"
to cope with the various implementations.
This fixes a bug introduced in commit 20b1d829
Instead of simply searching for a trigger byte with the risk of
getting garbage, correctly parse historical bytes from ATR as well
as the "historical bytes" DO as compact TLV structures.
In addition
- prepare for additional data used in OpenPGP cards 3.x
- ignore [per the spec] chaining capability fo OpenPGP cards 1.x
This is also done in the official AusweisApp2 and avoids confusion with
other tokens that also have an EF.CardAccess and are capable of
verifying the PIN via PACE.
Fixes https://github.com/OpenSC/OpenSC/issues/1360
Let sc_get_challenge() do sc_lock() and loop through the card driver's
get_challenge() until enough bytes were collected. The card driver's
get_challenge() now returns the number of bytes collected (less or equal
than requested) or an error code.
- Allow more code re-use.
- PIV driver now uses ASN.1 parser for reading the random bytes