Skip to content

WIP: Detect courier delivered cards #141

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
metsma wants to merge 1 commit into
base: main
Choose a base branch
from
Open

WIP: Detect courier delivered cards #141

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions src/electronic-ids/pcsc/EIDThales.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,10 @@
}
if (TLV info = TLV(response.data).find(0xA0); TLV count = info[0xdf21]) {
TLV pinChanged = info[0xdf2f];
// FIXME: Remove before release

Check notice

Code scanning / CodeQL

FIXME comment Note

FIXME comment: Remove before release

Copilot Autofix

AI 2 days ago

In general, to fix this, remove the temporary/debug behavior and the associated FIXME comment, ensuring that pinRetriesLeft always reflects the actual card state returned in the TLV structure. The method should no longer read PIN1_LOCKED from the environment or return early based on it.

Concretely, in src/electronic-ids/pcsc/EIDThales.cpp within EIDThales::pinRetriesLeft, delete the FIXME comment and the if (getenv("PIN1_LOCKED")) { ... } block, so the function simply computes and returns PinInfo based on the count and pinChanged TLVs. No new imports or definitions are required, and no other behavior needs changing.

Suggested changeset 1
src/electronic-ids/pcsc/EIDThales.cpp

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/electronic-ids/pcsc/EIDThales.cpp b/src/electronic-ids/pcsc/EIDThales.cpp
--- a/src/electronic-ids/pcsc/EIDThales.cpp
+++ b/src/electronic-ids/pcsc/EIDThales.cpp
@@ -78,10 +78,6 @@
     }
     if (TLV info = TLV(response.data).find(0xA0); TLV count = info[0xdf21]) {
         TLV pinChanged = info[0xdf2f];
-        // FIXME: Remove before release
-        if (getenv("PIN1_LOCKED")) {
-            return {*count.begin, maximumPinRetries(), false};
-        }
         return {*count.begin, maximumPinRetries(), pinActive || !pinChanged || *pinChanged.begin};
     }
     THROW(SmartCardError,
EOF
@@ -78,10 +78,6 @@
}
if (TLV info = TLV(response.data).find(0xA0); TLV count = info[0xdf21]) {
TLV pinChanged = info[0xdf2f];
// FIXME: Remove before release
if (getenv("PIN1_LOCKED")) {
return {*count.begin, maximumPinRetries(), false};
}
return {*count.begin, maximumPinRetries(), pinActive || !pinChanged || *pinChanged.begin};
}
THROW(SmartCardError,
Copilot is powered by AI and may make mistakes. Always verify output.
if (getenv("PIN1_LOCKED")) {
return {*count.begin, maximumPinRetries(), false};
}
return {*count.begin, maximumPinRetries(), pinActive || !pinChanged || *pinChanged.begin};
}
THROW(SmartCardError,
Expand Down
5 changes: 5 additions & 0 deletions src/electronic-ids/pcsc/EstEIDThales.hpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,11 @@ class EstEIDThales : public EIDThales
return CommandApdu::selectEF(0x08, {0xAD, 0xF1, 0x34, 0x11});
}
constexpr byte_type authPinReference() const override { return 0x81; }
PinInfo authPinInfoImpl(const SmartCard::Session& session) const override
{
// Some EstEID cards must set PIN-s first to use card
return pinRetriesLeft(session, authPinReference(), false);
}
constexpr int8_t maximumPinRetries() const override { return 3; }
PCSC_CPP_CONSTEXPR_VECTOR CommandApdu signCertFile() const override
{
Expand Down
20 changes: 11 additions & 9 deletions tests/integration/test-signing.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,6 @@

#include "gtest/gtest.h"

#include <algorithm>

using namespace electronic_id;
using namespace pcsc_cpp;

Expand All @@ -49,14 +47,18 @@ static void signing(HashAlgorithm hashAlgo)
GTEST_ASSERT_GE(cardInfo->signingPinInfo().retryCount, 0U);

byte_vector pin;
if (cardInfo->name() == "EstEID IDEMIA v1" || cardInfo->name() == "EstEIDThales")
pin = {'1', '2', '3', '4', '5'}; // EstIDEMIA test card default PIN2
else if (cardInfo->name() == "LatEID IDEMIA v1" || cardInfo->name() == "LatEID IDEMIA v2")
pin = {'1', '2', '3', '4', '5', '6'}; // LatIDEMIA test card default PIN2
else if (cardInfo->name() == "FinEID v3" || cardInfo->name() == "FinEID v4")
pin = {'1', '2', '3', '4', '5', '6'}; // FinEID custom PIN
else
switch (cardInfo->type()) {
using enum ElectronicID::Type;
case ElectronicID::EstEID:
pin = {'1', '2', '3', '4', '5'}; // EstEID test card default PIN2
break;
case ElectronicID::LatEID: // LatIDEMIA test card default PIN2
case ElectronicID::FinEID: // FinEID custom PIN
pin = {'1', '2', '3', '4', '5', '6'};
break;
default:
throw std::runtime_error("TEST signing: Unknown card");
}
pin.reserve(64);

std::cout << "WARNING! Using hard-coded PIN " << std::string(pin.cbegin(), pin.cend()) << '\n';
Expand Down
Loading