How to switch from T0 to T1 without disconnecting ?

[PaulChipault]

I have a use case where I have to forward ADPU commands from one device to a remote card to perform an authentication procedure. During the authentication process I have to switch from T0 to T1 or from T1 to T0.

Problem is that if I try to change the protocol between two ADPU commands I get a protocol mismatch exception. Any thoughts on this would be highly appreciated !

[santigimeno]

tbh I have no idea. /cc @LudovicRousseau ?

[martinpaljak]

You need to call SCardReconnect with the right protocol. This is not currently exposed by mode-pcsclite

[martinpaljak]

Or do a disconnect with a reset and connect with the new protocol. Either way you have to reset the card IIRC.

[PaulChipault]

Problem is that I can't disconnect, the authentication process start a secure read / secure update and switch to another protocol in the middle of it, so disconnecting is not an option.

Thanks for the feedback anyway, I'm working on a workaround using the CT API, so my node programm will have a to call another programm written in C that'll handle and manage ADPU commands depending on protocols. It's not really optimal so if you guys come up with any other idea, let me know :)

[martinpaljak]

Why do you need to change protocols in the first place ? Buggy card? Stupid card? Something else ?

[LudovicRousseau]

Using the old CT API is a bit strange these days.
I am not sure you can change the protocol without a card reset. SCardReconnect() has the option SCARD_LEAVE_CARD but I am not sure it will allow a protocol change. That is something to check.

What do you mean exactly by "I have to switch from T0 to T1 or from T1 to T0."?
What is your card ATR?

[PaulChipault]

Using the old CT API is a bit strange these days.

Totally agree, I'd rather not tbh !

Why do you need to change protocols in the first place ? Buggy card? Stupid card? Something else ?

Here is the usecase : I have to download official compliance data from a remote device, normally someone would have to go on this device and authenticate using a smartcard in order to download data. To download these data remotely, this device sends me a list of ADPU commands that I forward to the smartcard and I send back the reply from the card.

So far, it's all good. Problem is that the authentication protocol from this device specifies that I have to use one protocol or the other on certain conditions. (It's based on the value of some bytes within the buffer that I have to forward to the card).
I tried without protocol switching and the device sent me an exception saying that protocol switching was not implemented properly.

What is your card ATR?

3b ff 95 00 00 80 31 fe 43 80 31 80 67 b0 85 02 01 f3 a3 13 83 01 90 00 57
(It's a smart-card issued by French Government (Imprimerie Nationale) specifically for authentication on this device).

I am not sure you can change the protocol without a card reset. SCardReconnect() has the option SCARD_LEAVE_CARD but I am not sure it will allow a protocol change. That is something to check.

Thanks for the idea, I need to try that.