如何在 NIST PIV 卡上执行 VERIFY 命令?
How to implement VERIFY command on NIST PIV cards?
我一定是做错了什么,但我看不到什么。
我正在尝试让 VERIFY 命令显示剩余的尝试次数。 (我也曾尝试输入 PIN,但当我无法输入任何内容时就切回了这里。)这是我一直在尝试的代码片段:
for (unsigned int basebyte = 0x00; basebyte != 0x100; basebyte += 0x80) {
for (unsigned char add = 0x01; add != 0x20; ++add) {
smartcard::bytevector_t b;
b.push_back(0x00); // CLA
b.push_back(0x20); // INS
b.push_back(0x00); // P1
b.push_back(basebyte + add); // P2 ("the sensible ranges are 0x01..0x1F and 0x81..0x9F")
//b.push_back(0x00); // Lc field -- length of the following data field
b = card.rawTransmit(b);
if (!card.status()) {
cout << "Received error '" << card.status() << "'" << endl;
} else {
if (b[0] == 0x6a && b[1] == 0x88) {
// "Referenced data not found"
continue;
}
cout << " Attempts remaining (" << std::hex << (basebyte + add) << std::dec << "): ";
cout << std::hex;
for (smartcard::bytevector_t::const_iterator i = b.begin(), ie = b.end();
i != ie; ++i) cout << std::setfill('0') << std::setw(2) << int(*i) << ' ';
cout << std::dec << endl;
}
}
}
rawTransmit
函数...
bytevector_t rawTransmit(bytevector_t sendbuffer) {
SCARD_IO_REQUEST pioSendPci, pioRecvPci;
if (mProtocol.value() == SCARD_PROTOCOL_T0) {
pioSendPci = pioRecvPci = *SCARD_PCI_T0;
} else if (mProtocol.value() == SCARD_PROTOCOL_T1) {
pioSendPci = pioRecvPci = *SCARD_PCI_T1;
} else {
std::ostringstream out;
out << "unrecognized protocol '" << mProtocol.str() << "'";
throw std::runtime_error(out.str());
}
DWORD rlen = 256;
bytevector_t recvbuffer(rlen);
mResult = SCardTransmit(mHandle, &pioSendPci, &sendbuffer[0],
DWORD(sendbuffer.size()), &pioRecvPci, &recvbuffer[0], &rlen);
recvbuffer.resize(rlen);
return recvbuffer;
}
(bytevector_t
定义为 std::vector<unsigned char>
。)
所有使用协议 T0 的卡 return 0x6a 0x88 ("Referenced data not found") 用于所有 P2 值。所有使用 T1 的卡都做同样的事情,除了当 P2 是 0x81 时——然后他们说 0x69 0x84 ("Command not allowed, referenced data invalidated").
有问题的卡肯定有 PIN,我可以在中间件供应商提供的 "Security Token Configurator" 程序中验证 PIN,所以我知道卡、reader 和中间件的东西都在工作。
这可能很明显,但我是智能卡编程的新手。谁能告诉我哪里出错了?
全局 PIN 具有 ID 00
,PIV 卡应用 PIN 具有 80
(十六进制),因此您的测试不包括已知的 PIV 卡 PIN ID。
我一定是做错了什么,但我看不到什么。
我正在尝试让 VERIFY 命令显示剩余的尝试次数。 (我也曾尝试输入 PIN,但当我无法输入任何内容时就切回了这里。)这是我一直在尝试的代码片段:
for (unsigned int basebyte = 0x00; basebyte != 0x100; basebyte += 0x80) {
for (unsigned char add = 0x01; add != 0x20; ++add) {
smartcard::bytevector_t b;
b.push_back(0x00); // CLA
b.push_back(0x20); // INS
b.push_back(0x00); // P1
b.push_back(basebyte + add); // P2 ("the sensible ranges are 0x01..0x1F and 0x81..0x9F")
//b.push_back(0x00); // Lc field -- length of the following data field
b = card.rawTransmit(b);
if (!card.status()) {
cout << "Received error '" << card.status() << "'" << endl;
} else {
if (b[0] == 0x6a && b[1] == 0x88) {
// "Referenced data not found"
continue;
}
cout << " Attempts remaining (" << std::hex << (basebyte + add) << std::dec << "): ";
cout << std::hex;
for (smartcard::bytevector_t::const_iterator i = b.begin(), ie = b.end();
i != ie; ++i) cout << std::setfill('0') << std::setw(2) << int(*i) << ' ';
cout << std::dec << endl;
}
}
}
rawTransmit
函数...
bytevector_t rawTransmit(bytevector_t sendbuffer) {
SCARD_IO_REQUEST pioSendPci, pioRecvPci;
if (mProtocol.value() == SCARD_PROTOCOL_T0) {
pioSendPci = pioRecvPci = *SCARD_PCI_T0;
} else if (mProtocol.value() == SCARD_PROTOCOL_T1) {
pioSendPci = pioRecvPci = *SCARD_PCI_T1;
} else {
std::ostringstream out;
out << "unrecognized protocol '" << mProtocol.str() << "'";
throw std::runtime_error(out.str());
}
DWORD rlen = 256;
bytevector_t recvbuffer(rlen);
mResult = SCardTransmit(mHandle, &pioSendPci, &sendbuffer[0],
DWORD(sendbuffer.size()), &pioRecvPci, &recvbuffer[0], &rlen);
recvbuffer.resize(rlen);
return recvbuffer;
}
(bytevector_t
定义为 std::vector<unsigned char>
。)
所有使用协议 T0 的卡 return 0x6a 0x88 ("Referenced data not found") 用于所有 P2 值。所有使用 T1 的卡都做同样的事情,除了当 P2 是 0x81 时——然后他们说 0x69 0x84 ("Command not allowed, referenced data invalidated").
有问题的卡肯定有 PIN,我可以在中间件供应商提供的 "Security Token Configurator" 程序中验证 PIN,所以我知道卡、reader 和中间件的东西都在工作。
这可能很明显,但我是智能卡编程的新手。谁能告诉我哪里出错了?
全局 PIN 具有 ID 00
,PIV 卡应用 PIN 具有 80
(十六进制),因此您的测试不包括已知的 PIV 卡 PIN ID。