如何在 NIST PIV 卡上执行 VERIFY 命令?
How to implement VERIFY command on NIST PIV cards?
我一定是做错了什么,但我看不到什么。
我正在尝试让 VERIFY 命令显示剩余的尝试次数。 (我也曾尝试输入 PIN,但当我无法输入任何内容时就切回了这里。)这是我一直在尝试的代码片段:
for (unsigned int basebyte = 0x00; basebyte != 0x100; basebyte += 0x80) {
for (unsigned char add = 0x01; add != 0x20; ++add) {
smartcard::bytevector_t b;
b.push_back(0x00); // CLA
b.push_back(0x20); // INS
b.push_back(0x00); // P1
b.push_back(basebyte + add); // P2 ("the sensible ranges are 0x01..0x1F and 0x81..0x9F")
//b.push_back(0x00); // Lc field -- length of the following data field
b = card.rawTransmit(b);
if (!card.status()) {
cout << "Received error '" << card.status() << "'" << endl;
} else {
if (b[0] == 0x6a && b[1] == 0x88) {
// "Referenced data not found"
continue;
}
cout << " Attempts remaining (" << std::hex << (basebyte + add) << std::dec << "): ";
cout << std::hex;
for (smartcard::bytevector_t::const_iterator i = b.begin(), ie = b.end();
i != ie; ++i) cout << std::setfill('0') << std::setw(2) << int(*i) << ' ';
cout << std::dec << endl;
}
}
}
rawTransmit函数...
bytevector_t rawTransmit(bytevector_t sendbuffer) {
SCARD_IO_REQUEST pioSendPci, pioRecvPci;
if (mProtocol.value() == SCARD_PROTOCOL_T0) {
pioSendPci = pioRecvPci = *SCARD_PCI_T0;
} else if (mProtocol.value() == SCARD_PROTOCOL_T1) {
pioSendPci = pioRecvPci = *SCARD_PCI_T1;
} else {
std::ostringstream out;
out << "unrecognized protocol '" << mProtocol.str() << "'";
throw std::runtime_error(out.str());
}
DWORD rlen = 256;
bytevector_t recvbuffer(rlen);
mResult = SCardTransmit(mHandle, &pioSendPci, &sendbuffer[0],
DWORD(sendbuffer.size()), &pioRecvPci, &recvbuffer[0], &rlen);
recvbuffer.resize(rlen);
return recvbuffer;
}
(bytevector_t 定义为 std::vector<unsigned char>。)
所有使用协议 T0 的卡 return 0x6a 0x88 ("Referenced data not found") 用于所有 P2 值。所有使用 T1 的卡都做同样的事情,除了当 P2 是 0x81 时——然后他们说 0x69 0x84 ("Command not allowed, referenced data invalidated").
有问题的卡肯定有 PIN,我可以在中间件供应商提供的 "Security Token Configurator" 程序中验证 PIN,所以我知道卡、reader 和中间件的东西都在工作。
这可能很明显,但我是智能卡编程的新手。谁能告诉我哪里出错了?
全局 PIN 具有 ID 00,PIV 卡应用 PIN 具有 80(十六进制),因此您的测试不包括已知的 PIV 卡 PIN ID。
我一定是做错了什么,但我看不到什么。
我正在尝试让 VERIFY 命令显示剩余的尝试次数。 (我也曾尝试输入 PIN,但当我无法输入任何内容时就切回了这里。)这是我一直在尝试的代码片段:
for (unsigned int basebyte = 0x00; basebyte != 0x100; basebyte += 0x80) {
for (unsigned char add = 0x01; add != 0x20; ++add) {
smartcard::bytevector_t b;
b.push_back(0x00); // CLA
b.push_back(0x20); // INS
b.push_back(0x00); // P1
b.push_back(basebyte + add); // P2 ("the sensible ranges are 0x01..0x1F and 0x81..0x9F")
//b.push_back(0x00); // Lc field -- length of the following data field
b = card.rawTransmit(b);
if (!card.status()) {
cout << "Received error '" << card.status() << "'" << endl;
} else {
if (b[0] == 0x6a && b[1] == 0x88) {
// "Referenced data not found"
continue;
}
cout << " Attempts remaining (" << std::hex << (basebyte + add) << std::dec << "): ";
cout << std::hex;
for (smartcard::bytevector_t::const_iterator i = b.begin(), ie = b.end();
i != ie; ++i) cout << std::setfill('0') << std::setw(2) << int(*i) << ' ';
cout << std::dec << endl;
}
}
}
rawTransmit函数...
bytevector_t rawTransmit(bytevector_t sendbuffer) {
SCARD_IO_REQUEST pioSendPci, pioRecvPci;
if (mProtocol.value() == SCARD_PROTOCOL_T0) {
pioSendPci = pioRecvPci = *SCARD_PCI_T0;
} else if (mProtocol.value() == SCARD_PROTOCOL_T1) {
pioSendPci = pioRecvPci = *SCARD_PCI_T1;
} else {
std::ostringstream out;
out << "unrecognized protocol '" << mProtocol.str() << "'";
throw std::runtime_error(out.str());
}
DWORD rlen = 256;
bytevector_t recvbuffer(rlen);
mResult = SCardTransmit(mHandle, &pioSendPci, &sendbuffer[0],
DWORD(sendbuffer.size()), &pioRecvPci, &recvbuffer[0], &rlen);
recvbuffer.resize(rlen);
return recvbuffer;
}
(bytevector_t 定义为 std::vector<unsigned char>。)
所有使用协议 T0 的卡 return 0x6a 0x88 ("Referenced data not found") 用于所有 P2 值。所有使用 T1 的卡都做同样的事情,除了当 P2 是 0x81 时——然后他们说 0x69 0x84 ("Command not allowed, referenced data invalidated").
有问题的卡肯定有 PIN,我可以在中间件供应商提供的 "Security Token Configurator" 程序中验证 PIN,所以我知道卡、reader 和中间件的东西都在工作。
这可能很明显,但我是智能卡编程的新手。谁能告诉我哪里出错了?
全局 PIN 具有 ID 00,PIV 卡应用 PIN 具有 80(十六进制),因此您的测试不包括已知的 PIV 卡 PIN ID。