如何在NIST PIV卡上实现VERIFY命令?

时间:2015-11-02 18:18:22

标签: c++ smartcard apdu

我一定做错了什么,但我看不清楚。

我试图让VERIFY命令显示剩余的尝试次数。 (我也试图输入个人识别码,但是当我无法完成任何工作时,请回到此处。)以下是我一直在尝试的代码片段:

for (unsigned int basebyte = 0x00; basebyte != 0x100; basebyte += 0x80) {
    for (unsigned char add = 0x01; add != 0x20; ++add) {
        smartcard::bytevector_t b;
        b.push_back(0x00); // CLA
        b.push_back(0x20); // INS
        b.push_back(0x00); // P1
        b.push_back(basebyte + add); // P2 ("the sensible ranges are 0x01..0x1F and 0x81..0x9F")
        //b.push_back(0x00); // Lc field -- length of the following data field
        b = card.rawTransmit(b);
        if (!card.status()) {
            cout << "Received error '" << card.status() << "'" << endl;
        } else {
            if (b[0] == 0x6a && b[1] == 0x88) {
                // "Referenced data not found"
                continue;
            }

            cout << "    Attempts remaining (" << std::hex << (basebyte + add) << std::dec << "): ";
            cout << std::hex;
            for (smartcard::bytevector_t::const_iterator i = b.begin(), ie = b.end();
                i != ie; ++i) cout << std::setfill('0') << std::setw(2) << int(*i) << ' ';
            cout << std::dec << endl;
        }
    }
}

rawTransmit功能...... 

bytevector_t rawTransmit(bytevector_t sendbuffer) {
    SCARD_IO_REQUEST pioSendPci, pioRecvPci;
    if (mProtocol.value() == SCARD_PROTOCOL_T0) {
        pioSendPci = pioRecvPci = *SCARD_PCI_T0;
    } else if (mProtocol.value() == SCARD_PROTOCOL_T1) {
        pioSendPci = pioRecvPci = *SCARD_PCI_T1;
    } else {
        std::ostringstream out;
        out << "unrecognized protocol '" << mProtocol.str() << "'";
        throw std::runtime_error(out.str());
    }

    DWORD rlen = 256;
    bytevector_t recvbuffer(rlen);
    mResult = SCardTransmit(mHandle, &pioSendPci, &sendbuffer[0],
        DWORD(sendbuffer.size()), &pioRecvPci, &recvbuffer[0], &rlen);
    recvbuffer.resize(rlen);
    return recvbuffer;
}

bytevector_t定义为std::vector<unsigned char>。)

对于所有P2值,使用协议T0的所有卡都返回0x6a 0x88(&#34;未找到参考数据&#34;)。使用T1的所有卡都是相同的,除非P2是0x81 - 然后他们说0x69 0x84(&#34;不允许命令,参考数据无效&#34;)。

有问题的卡肯定有PIN码,我可以在&#34;安全令牌配置器&#34;中验证PIN码。由中间件供应商提供的程序,所以我知道卡,读卡器和中间件都在工作。

这可能很明显,但我是智能卡编程的新手。任何人都可以告诉我哪里出错了?

1 个答案:

答案 0 :(得分:2)

全局PIN的ID为00,PIV卡应用PIN码为80(十六进制),因此您的测试不包含已知的PIV卡PIN码。

相关问题
最新问题