GIDS No Padding Indication Byte

dengert · dengert · commit c968d0dd4033 · 2019-12-04T20:05:08.000-06:00
It appears the PI byte in not needed so don't send it.
It may be needed for Secure Messaging but we don't support that.

 On branch gids-decipher
 Changes to be committed:
	modified:   src/libopensc/card-gids.c
diff --git a/src/libopensc/card-gids.c b/src/libopensc/card-gids.c
@@ -881,9 +881,9 @@ gids_decipher(struct sc_card *card,
 
 	sbuf[0] = 0; /* padding indicator byte, 0x00 = No further indication */
 	memcpy(sbuf + 1, crgram, crgram_len);
-	apdu.data = sbuf;
-	apdu.lc = crgram_len + 1;
-	apdu.datalen = crgram_len + 1;
+	apdu.data = sbuf + 1; /* Skip padding indication not needed unless SM */
+	apdu.lc = crgram_len;
+	apdu.datalen = crgram_len;
 
 	fixup_transceive_length(card, &apdu);
 	r = sc_transmit_apdu(card, &apdu);
@@ -894,35 +894,9 @@ gids_decipher(struct sc_card *card,
 	if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00)
 		LOG_FUNC_RETURN(card->ctx, apdu.resplen);
 
-	/*
-	 * The Padding Indicator may be optional and "Virtual Spart Card" using TPM 
-	 * does not accept the PI so try again sending just the cryptogram
-	 */
-	if (apdu.sw1 == 0x65 && apdu.sw2 == 0x00) {
-		sc_log(card->ctx, "Gids decipher: Failed with 6D00, retry without Padding indication byte");
-
-		/* INS: 0x2A  PERFORM SECURITY OPERATION
-		 * P1:  0x80  Resp: Plain value
-		 * P2:  0x86  Cmd: Padding indicator byte followed by cryptogram */
-		sc_format_apdu(card, &apdu, SC_APDU_CASE_4, 0x2A, 0x80, 0x86);
-		apdu.resp    = out;
-		apdu.resplen = outlen;
-		apdu.le      = outlen;
-		apdu.data = crgram;
-		apdu.lc = crgram_len;
-		apdu.datalen = crgram_len;
-		fixup_transceive_length(card, &apdu);
-		r = sc_transmit_apdu(card, &apdu);
-		LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
-		
-		if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00)
-			LOG_FUNC_RETURN(card->ctx, apdu.resplen);
-	}
-
 	LOG_FUNC_RETURN(card->ctx, sc_check_sw(card, apdu.sw1, apdu.sw2));
 }
 
-
 // deauthenticate all pins
 static int gids_logout(sc_card_t *card)
 {
