ISO/IEC 7816-15:2004/Amd 1:2007

INTERNATIONAL ISO/IEC
STANDARD 7816-15
First edition
2004-01-15
AMENDMENT 1
2007-11-15


Identification cards — Integrated circuit
cards —
Part 15:
Cryptographic information application
AMENDMENT 1: Examples of the use
of the cryptographic information application
Cartes d'identification — Cartes à circuit intégré —
Partie 15: Application des informations cryptographiques
AMENDEMENT 1: Exemples d'emploi de l'application des informations
cryptographiques




Reference number
ISO/IEC 7816-15:2004/Amd.1:2007(E)
©
ISO/IEC 2007

---------------------- Page: 1 ----------------------
ISO/IEC 7816-15:2004/Amd.1:2007(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.


COPYRIGHT PROTECTED DOCUMENT


©  ISO/IEC 2007
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland

ii © ISO/IEC 2007 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 7816-15:2004/Amd.1:2007(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as
an International Standard requires approval by at least 75 % of the national bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
Amendment 1 to ISO/IEC 7816-15:2004 was prepared by Joint Technical Committee ISO/IEC JTC 1,
Information technology, Subcommittee SC 17, Cards and personal identification.


© ISO/IEC 2007 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC 7816-15:2004/Amd.1:2007(E)
Identification cards — Integrated circuit cards —
Part 15:
Cryptographic information application
AMENDMENT 1: Examples of the use of the cryptographic
information application
Insert the following new annex after Annex D.
Annex E
(informative)

Examples of the use of the cryptographic information application
E.1 Introduction
The purpose of this informative annex is to provide practical examples of the use of the cryptographic
information application. By providing sample program code for each example, programmers can see the
programmatic connection between high-level ASN.1 representations and low-level BER representations and
thus create more efficient and more compact software that uses the cryptographic information application.
Each clause in the annex is a free-standing example and consists of four paragraphs:
1. Description of the example
2. A specification of the example described in paragraph (1) in commented ISO/IEC 7816-15 ASN.1
constructs, using the formal value notation defined in ISO/IEC 8824-1.
3. Annotated code in the ISO/IEC 9899 TC2 C programming language for BER encoding and decoding
according to the ASN.1 specification of paragraph (2).
4. BER encoding of the example as produced by the encoder of paragraph (3). Two examples also
include graphic representations of the BER at the end of the Annex.
5. The source code provided in paragraph (3) was compiled and run to generate the output shown in
paragraph (4).

A transcription of the ASN.1 encoding of the Cryptographic Information Application listed in Annex A above
was used for all examples. A free, publically-available ASN.1 compiler was used to generate the BER
encoders and decoders from this ASN.1.
E.2 Encoding of a Private Key
E.2.1 Cryptographic Information Application Example Description
This is an example of an ISO/IEC 7816-15 RSA private key.

© ISO/IEC 2007 – All rights reserved 1

---------------------- Page: 4 ----------------------
ISO/IEC 7816-15:2004/Amd.1:2007(E)
E.2.2 ASN.1 Encoding of an RSA Private Key
privateKeys objects { -- SEQUENCE OF --
      privateRSAKey { -- SEQUENCE --
        commonObjectAttributes { -- SEQUENCE --
         label '4b455931'H -- "KEY1" --,
         flags '80'H,
         authId '41444d'H -- "ADM" --,
         userConsent 1
        },
        classAttributes { -- SEQUENCE --
         iD '9b'H,
         usage '2040'H,
         native TRUE,
         accessFlags '98'H,
         keyReference 10
        },
        subClassAttributes { -- SEQUENCE --
         keyIdentifiers { -- SEQUENCE OF --
           { -- SEQUENCE --
            idType 5,
            idValue '3132333435363738'H -- "12345678" --
           }
         }
        },
        typeAttributes { -- SEQUENCE --
         value indirect path { -- SEQUENCE --
           efidOrPath '3f004041'H
         },
         modulusLength 1024
        }
      }
     }

E.2.3 Code Encoding and Decoding BER from the ASN.1
/*
** Encoding of a Private Key as a Data Object in EF.OD
*/
void Part15PrivateKey(const char    *label,
           unsigned char  objectFlags,
           unsigned char  *authId,
           unsigned int   authIdLength,
           unsigned int   userConsent,
           unsigned char  native,
           unsigned char  *iD, unsigned int iDLength,
           unsigned short  usageFlags,
           unsigned char  accessFlags,
           unsigned int   keyReference,
           unsigned int   identifierType,
           unsigned char  *externalIdentifier,
           unsigned char  *path, unsigned int pathLength,
           unsigned int   modulusLength
           )
{
  unsigned int l;
  CIOChoice *cio;
  PrivateKeyChoice *prk, **prkp;
  CredentialIdentifier *crid, **cridp;

  PrivateKeyObject_PrivateRSAKeyAttributes pattr = { 0 };
  CommonObjectAttributes commonObjAttr      = { 0 };
  CommonKeyAttributes commonKeyAttr        = { 0 };
  CommonPrivateKeyAttributes commonPrivateKeyAttr = { 0 };
  PrivateRSAKeyAttributes privateRSAKeyAttr    = { 0 };
2 © ISO/IEC 2007 – All rights reserved

---------------------- Page: 5 ----------------------
ISO/IEC 7816-15:2004/Amd.1:2007(E)
  Path pathOctets                 = { 0 } ;
  AsnOcts issuerHash               = { 0 };

  char commonObjectFlags[1] = { 0 };
  AsnBits commonFlagsAsnBits = { 3, commonObjectFlags };

  char keyUsage[2] = { 0 };
  AsnBits keyUsageAsnBits = { 10, keyUsage };

  char keyAccessFlags[1] = { 0 };
  AsnBits keyAccessFlagsAsnBits = { 5, keyAccessFlags };

  /*
  ** Section 8.3 The CIOChoice type
  **
  ** "EF.OD shall contain the concatenation of 0, 1, or more DER-encoded CIOChoice values."
  */
  cio = (CIOChoice *)calloc(1, sizeof(PrivateKeyChoice));

  cio->choiceId = CIOCHOICE_PRIVATEKEYS;

  /*
  ** "It is expected that an EF.OD entry will usually reference a separate file (the path
  ** choice of PathOrObjects) containing CIOs of the indicated type. An entry may, however,
  ** hold CIOs directly (the objects choice of PathOrObjects), if the objects and the EF.OD
  ** file have the same access control requirements."
  **
  ** PathOrObjects{PrivateKeyChoice}
  */
  cio->a.privateKeys = (PrivateKeys *)calloc(1, sizeof(PrivateKeys));
  cio->a.privateKeys->choiceId = PATHOROBJECTS_PRIVATEKEYCHOICE_OBJECTS;
  cio->a.privateKeys->a.objects = AsnListNew(sizeof (void*));

  /*
  ** Section 8.4.1 PrivateKeyChoice
  **
  ** "This type contains information pertaining to a private key. Each value
  ** consists of attributes common to any object, any key, any private key,
  ** and attributes particular to the key."
  */
  prkp = (PrivateKeyChoice **)AsnListAppend(cio->a.privateKeys->a.objects);

  *prkp = prk = calloc(1, sizeof(PrivateKeyChoice));

  prk->choiceId = PRIVATEKEYCHOICE_PRIVATERSAKEY;

  prk->a.privateRSAKey = &pattr;

  pattr.commonObjectAttributes = &commonObjAttr;
  pattr.classAttributes    = &commonKeyAttr;
  pattr.subClassAttributes   = &commonPrivateKeyAttr;
  pattr.typeAttributes     = &privateRSAKeyAttr;

  /*
  ** Section 8.2.8 CommonObjectAttributes
  **
  ** "This type is a container for attributes common to all CIOs."
  */
  commonObjAttr.label.octs = _strdup(label);
  commonObjAttr.label.octetLen = strlen(label);

  commonObjectFlags[0] = objectFlags;
  commonObjAttr.flags = commonFlagsAsnBits;

  commonObjAttr.authId.octetLen=authIdLength;
  commonObjAttr.authId.octs = authId;

  commonObjAttr.userConsent = &userConsent;

  /*
  ** Section 8.2.9 CommonKeyAttributes
  **
  ** "The iD field shall be unique for each key information object, except when a public
  ** key information object and its corresponding private key object are stored on
  ** the same card. In this case, the information objects shall share the same
  ** identifier (which may also be shared with one or several certificate information
© ISO/IEC 2007 – All rights reserved 3

---------------------- Page: 6 ----------------------
ISO/IEC 7816-15:2004/Amd.1:2007(E)
  ** objects ."
  */
  commonKeyAttr.iD.octs = iD;
  commonKeyAttr.iD.octetLen = iDLength;

  keyUsage[0] = (unsigned char)(usageFlags>>8);
  keyUsage[1] = (unsigned char)(usageFlags);
  commonKeyAttr.usage = keyUsageAsnBits;

  keyAccessFlags[0] = accessFlags;
  commonKeyAttr.accessFlags= keyAccessFlagsAsnBits;

  commonKeyAttr.native = &native;

  commonKeyAttr.keyReference = &keyReference;

  /*
  ** Section 8.2.10 CommonPrivateKeyAttributes
  **
  ** "The name field, when present, names the owner of the key, as specified in a
  ** corresponding certificate's subject field.
  **
  ** Values of the keyIdentifiers field can be matched to identifiers from external
  ** messages or protocols to select the appropriate key to a given operation."
  */
  commonPrivateKeyAttr.keyIdentifiers =
       (CommonPrivateKeyAttributesSeqOf *)AsnListNew(sizeof (void*));

  cridp = (CredentialIdentifier **)AsnListAppend(commonPrivateKeyAttr.keyIdentifiers);

  *cridp = crid = (CredentialIdentifier *)calloc(1, sizeof(CredentialIdentifier));

  issuerHash.octs = _strdup(externalIdentifier);
  issuerHash.octetLen = strlen(externalIdentifier);

  crid->idType = identifierType;
  crid->idValue.value = &issuerHash;
  SetAnyTypeByInt(&(crid->idValue), identifierType);

  /*
  ** Section 8.4.2 Private RSA Key Attributes
  **
  ** "PrivateRSAKeyAttributes.value: The value shall be a path to a file containing
  ** a private RSA key. If there is no need to specify a path to a file, the path
  ** value may be set to the empty path."
  */
  privateRSAKeyAttr.value = (ObjectValue *)calloc(1, sizeof(ObjectValue));
  privateRSAKeyAttr.value->choiceId = OBJECTVALUE_INDIRECT;
  privateRSAKeyAttr.value->a.indirect =
            (ReferencedValue *)calloc(1, sizeof(ReferencedValue));

  privateRSAKeyAttr.value->a.indirect->choiceId = REFERENCEDVALUE_PATH;

  pathOctets.efidOrPath.octs = (char *)calloc(1, pathLength);
  memcpy(pathOctets.efidOrPath.octs, path, pathLength);
  pathOctets.efidOrPath.octetLen = pathLength;
  privateRSAKeyAttr.value->a.indirect->a.path = &pathOctets;

  privateRSAKeyAttr.modulusLength = modulusLength;

  /*
  ** Print the Private Key Data Object
  */
  PrintCIOChoice(stdout, cio, 3);

  /*
  ** BER Encode the Private Key Data Object
  */
  BERLength = BEncCIOChoiceContent(gb, cio);
}

/*
** Decoding of a Private Key as a Data Object in EF.OD
*/
PrivateKeyObject_PrivateRSAKeyAttributes *PrivateRSAKey(unsigned char *BER, unsigned int BERLength)
{
4 © ISO/IEC 2007 – All rights reserved

---------------------- Page: 7 ----------------------
ISO/IEC 7816-15:2004/Amd.1:2007(E)
  SBuf b;
  GenBuf *gb;
  unsigned int bytesDecoded = 0;
  ENV_TYPE env;
  CIOChoice *cio;
  AsnTag tagId0;
  AsnLen elmtLen0;

  if(setjmp(env)!= 0) exit(0);

  cio = calloc(1, sizeof(CIOChoice));

  SBufInstallData(&b, BER, BERLength);
  SBuftoGenBuf(&b, &gb);

  tagId0  = BDecTag(gb, &bytesDecoded, env);
  elmtLen0 = BDecLen(gb, &bytesDecoded, env);

  /*
  ** Decode the RSA Private Key Data Object
  */
  BDecCIOChoiceContent(gb, tagId0, elmtLen0, cio, &bytesDecoded, env);

  return ((PrivateKeyChoice *)(cio->a.privateKeys->a.objects->first->data))->a.privateRSAKey;
}


E.2.4 BER Encoding

0xa0,0x51,0xa0,0x4f,0x30,0x4d,0x30,0x12,0x0c,0x04,0x4b,0x45,0x59,0x31,0x03,0x02,
0x05,0x80,0x04,0x03,0x41,0x44,0x4d,0x02,0x01,0x01,0x30,0x12,0x04,0x01,0x9b,0x03,
0x03,0x06,0x20,0x40,0x01,0x01,0xff,0x03,0x02,0x03,0x98,0x02,0x01,0x0a,0xa0,0x13,
0x30,0x11,0xa0,0x0f,0x30,0x0d,0x02,0x01,0x05,0x04,0x08,0x31,0x32,0x33,0x34,0x35,
0x36,0x37,0x38,0xa1,0x0e,0x30,0x0c,0x30,0x06,0x04,0x04,0x3f,0x00,0x40,0x41,0x02,
0x02,0x04,0x00

Table E.1 is a diagrammatic representation of this BER encoding.
© ISO/IEC 2007 – All rights reserved 5

---------------------- Page: 8 ----------------------
ISO/IEC 7816-15:2004/Amd.1:2007(E)
6 © ISO/IEC 2007 – All rights reserved
Table E.1 — EF.PrKD of RSA private Key
Data Type
A0 51 CIOChoice: Private key data object
 A0 4F PrivateKeyChoice: Private RSA Key
  30 4D Private RSA Key object
   30 12 Common object Attribute
    0C04 label 4B, 45, 59, 31 UTF8String
    03 02 flags 05, 80 BIT STRING
    04 03 auth Id 41, 44, 44 OCTET STRING
    02 01 userConsent 01 INTEGER
   30 12 Common Key Attrribute
    04 01 iD 9B OCTET STRING
    03 03 usage 06, 20, 40 BIT STRING
    01 01 native FF BOOLEAN
    03 02 accessFlags 03, 98 BIT STRING
    02 01 keyReference 0A INTEGER

---------------------- Page: 9 ----------------------
ISO/IEC 7816-15:2004/Amd.1:2007(E)
© ISO/IEC 2007 – All rights reserved 7
Table E.1 (continued)
   A0 13 Common Private Key Attribute
    30 11 Sequence
     A00FkeyIdentifier
      30 0DSequence
       02 01 idType 05 INTEGER
       60 08 idValue 31, 32, 33, 34, 35, 36, 37, 38 OpenType
   A1 0e Private RSA key attribute
    30 0CSequence
     30 06 Path
      04 04 efidOrPath 3F, 00, 40, 41 OCTET STRING
     02 02 modulusLength 04, 00 INTEGER

---------------------- Page: 10 ----------------------
ISO/IEC 7816-15:2004/Amd.1:2007(E)
E.3 Encoding of a Protected Data Container
E.3.1 Cryptographic Information Application Example Description
A data container object with two security conditions, one for READ and one for UPDATE. The data in the data
container is a BER-TLV. The secret key SK-1 must be verified in order to change password AO-1.
E.3.2 ASN.1 Encoding of the Protected Data Container Object
dataContainerObjects objects { -- SEQUENCE OF --
     iso7816DO { -- SEQUENCE --
       commonObjectAttributes { -- SEQUENCE --
        label '444f2d31'H -- "DO-1" --,
        flags '40'H,
        accessControlRules { -- SEQUENCE OF --
         { -- SEQUENCE --
          accessMode '80'H,
          securityCondition or { -- SEQUENCE OF --
            authId '414f2d31'H -- "AO-1" --,
            authId '414f2d32'H -- "AO-2" --
           }
         },
         { -- SEQUENCE --
          accessMode '40'H,
          securityCondition and { -- SEQUENCE OF --
            authId '414f2d31'H -- "AO-1" --,
            authId '414f2d32'H -- "AO-2" --
           }
         }
        }
       },
       classAttributes { -- SEQUENCE --

       },
       typeAttributes direct '80020102'H
      }
    }

authObjects objects { -- SEQUENCE OF --
     pwd { -- SEQUENCE --
       commonObjectAttributes { -- SEQUENCE --
        label '414f2d31'H -- "AO-1" --,
        flags '40'H
       },
       classAttributes { -- SEQUENCE --
        authId '414f2d31'H -- "AO-1" --,
        authReference 1,
        seIdentifier 2
       },
       typeAttributes { -- SEQUENCE --
        pwdFlags '0400'H,
        pwdType 1,
        minLength 4,
        storedLength 12,
        maxLength 8,
        padChar 'ff'H -- " " --,
        path { -- SEQUENCE --
         efidOrPath '3f004045'H
        }
8 © ISO/IEC 2007 – All rights reserved

---------------------- Page: 11 ----------------------
ISO/IEC 7816-15:2004/Amd.1:2007(E)
       }
      }
    }

secretKeys objects { -- SEQUENCE OF --
     genericSecretKey { -- SEQUENCE --
       commonObjectAttributes { -- SEQUENCE --
        label '534b2d31'H -- "SK-1" --,
        flags '40'H,
        authId '414f2d31'H -- "AO-1" --
       },
       classAttributes { -- SEQUENCE --
        iD '534b2d31'H -- "SK-1" --,
        usage '0200'H,
        native TRUE,
        accessFlags '10'H,
        keyReference 10
       },
       subClassAttributes { -- SEQUENCE --
        keyLen 64
       },
       typeAttributes { -- SEQUENCE --
        keyType {2 8},
        keyAttr '58'H
       }
      }
    }

E.3.3 Code from the ASN.1 for Encoding and Decoding BER
/*
** Encoding of a Protected Data Object
*/
void DataObject(unsigned char *label,
        unsigned char objectFlags,
        unsigned char *password1,
        unsigned char *password2
        )
{
  CIOChoice *cio;
  DataContainerObjectChoice *dco, **dcop;
  AccessControlRule *acr, **acrp;
  SecurityCondition *sc, **scp;

  SecurityCondition securityCondition1;
  SecurityCondition securityCondition2;
  AsnOcts authId1;
  AsnOcts authId2;

  CommonObjectAttributes commonObjectAttr                  = { 0 };
  CommonDataContainerObjectAttributes commonDataContainerObjectAttributes  = { 0 };
  ISO7816DOAttributes iso7816DOAttributes                  = { 0 };

  DataContainerObject_ISO7816DOAttributes pattr               = { 0 };

  CredentialIdentifier credentialIdentifier      = { 0 };
  Path pathOctets                   = { 0 };
  AsnOcts dataObjectValue1              = { sizeof(doValue1), doValue1 };

© ISO/IEC 2007 – All rights reserved 9

---------------------- Page: 12 ----------------------
ISO/IEC 7816-15:2004/Amd.1:2007(E)
  char commonObjectFlags[1]              = { 0 };
  AsnBits commonFlagsAsnBits             = { 2, commonObjectFlags };

  char acessControlRuleFlags1[1]           = { 0 };
  AsnBits acessControlRuleAsnBits1          = { 4, acessControlRuleFlags1 };
  char acessControlRuleFlags2[1]           = { 0 };
  AsnBits acessControlRuleAsnBits2          = { 4, acessControlRuleFlags2 };

  char usageFlagBits[2]                = { 0 };
  AsnBits usageFlagsAsnBits              = { 10, usageFlagBits };

  authId1.octetLen = strlen(password1);
  authId1.octs = strdup(password1);

  authId2.octetLen = strlen(password2);
  authId2.octs = strdup(password2);

  /*
  ** Data Object Choice
  */
  cio = (CIOChoice *)calloc(1, sizeof(DataContainerObjectChoice));
  cio->choiceId = CIOCHOICE_DATACONTAINEROBJECTS;
  cio->a.dataContainerObjects = (DataContainerObjects *)calloc(1, sizeof(DataContainerObjects));
  cio->a.dataContainerObjects->a.objects = AsnListNew(sizeof (void*));
  cio->a.dataContainerObjects->choiceId = PATHOROBJECTS_DATACONTAINEROBJECTCHOICE_OBJECTS;

  dcop = (DataContainerObjectChoice **)AsnListAppend(cio->a.dataContainerObjects->a.objects);

  *dcop = dco = calloc(1, sizeof(DataContainerObjectChoice));

  dco->choiceId = DATACONTAINEROBJECTCHOICE_ISO7816DO;

  dco->a.iso7816DO = &pattr;

  pattr.commonObjectAttributes = &commonObjectAttr;
  pattr.classAttributes    = &commonDataContainerObjectAttributes;
  pattr.subClassAttributes   = NULL;
  pattr.typeAttributes     = &iso7816DOAttributes;

  /*
  ** Common Object Attributes
  */
  commonObjectAttr.label.octetLen = strlen(label);
  commonObjectAttr.label.octs = label;

  commonObjectFlags[0] = objectFlags;
  commonObjectAttr.flags = commonFlagsAsnBits;

  commonObjectAttr.accessControlRules = AsnListNew(sizeof (void*));

  acrp = (AccessControlRule **)AsnListAppend(commonObjectAttr.accessControlRules);
  *acrp = acr = calloc(1, sizeof(AccessControlRule));
  acessControlRuleFlags1[0] = (unsigned char)(READ_FLAG);
  acr->accessMode = acessControlRuleAsnBits1;
  securityCondition1.choiceId = SECURITYCONDITION_SEACOS_OR;
  securityCondition1.a.seacos_or = AsnListNew(sizeof (void*));
  scp = (SecurityCondition **)AsnListAppend(securityCondition1.a.seacos_or);
  *scp = sc = calloc(1, sizeof(SecurityCondition));
  sc->choiceId = SECURITYCONDITION_AUTHID;
  sc->a.authId = &authId1;
10 © ISO/IEC 2007 – All rights reserved

---------------------- Page: 13 ----------------------
ISO/IEC 7816-15:2004/Amd.1:2007(E)
  scp = (SecurityCondition **)AsnListAppend(securityCondition1.a.seacos_or);
  *scp = sc = calloc(1, sizeof(SecurityCondition));
  sc->choiceId = SECURITYCONDITION_AUTHID;
  sc->a.authId = &authId2;
  acr->securityCondition = &securityCondition1;

  acrp = (AccessControlRule **)AsnListAppend(commonObjectAttr.accessControlRules);
  *acrp = acr = calloc(1, sizeof(AccessControlRule));
  acessControlRuleFlags2[0] = (unsigned char)(UPDATE_FLAG);
  acr->accessMode = acessControlRuleAsnBits2;
  securityCondition2.choiceId = SECURITYCONDITION_SEACOS_AND;
  securityCondition2.a.seacos_and = AsnListNew(sizeof (void*));
  scp = (SecurityCondition **)AsnListAppend(securityCondition2.a.seacos_and);
  *scp = sc = calloc(1, sizeof(SecurityCondition));
  sc->choiceId = SECURITYCONDITION_AUTHID;
  sc->a.authId = &authId1;
  scp = (SecurityCondition **)AsnListAppend(securityCondition2.a.seacos_and);
  *scp = sc = calloc(1, sizeof(SecurityCondition));
  sc->choiceId = SECURITYCONDITION_AUTHID;
  sc->a.authId = &authId2;
  acr->securityCondition = &securityCondition2;

  /*
  ** Common Data Container Object Attributes
  */

  /*
  ** ISO/IEC 7816 Data Object Attributes
  */
  iso7816DOAttributes.choiceId = OBJECTVALUE_DIRECT;

  iso7816DOAttributes.a.direct.value = &dataObjectValue1;
  SetAnyTypeByInt(&(iso7816DOAttributes.a.direct), issuerKeyHash);

  /*
  ** Print the Data Object
  */
  PrintCIOChoice(stdout, cio, 3);

  /*
  ** BER Encode the Data Object
  */
  BERLength += BEncCIOChoiceContent(gb,cio);
}

void Password(const char  *label,
           unsigned char  objectFlags,
           unsigned char  *authId,
           unsigned int   authReference,
           unsigned int   seReference,
           unsigned char  *iD,
           unsigned char  *path, unsigned int pathLength,
           unsigned short  pwdFlags,
           unsigned int   pwdType,
           unsigned int   minimumLength,
           unsigned int   storedLength,
           unsigned int   maximumLength,
           unsigned char  paddingCharacter
           )
{
© ISO/IEC 2007 – All rights reserved 11

---------------------- Page: 14 ----------------------
ISO/IEC 7816-15:2004/Amd.1:2007(E)
  CIOChoice *cio;
  AuthenticationObjectChoice *auth, **authp;

  AuthenticationObject_PasswordAttributes pattr            = { 0 };

  CommonObjectAttributes commonObjAttr                = { 0 };
  CommonAuthenticationObjectAttributes commonAuthenticationObjectAttr = { 0 };
  PasswordAttributes passwordAttributes                = { 0 };

  Path pathOctets                           = { 0 };
  AsnOcts padChar                           = { 0 };

  char commonObjectFlags[1]                      = { 0 };
  AsnBits commonFlagsAsnBits                     = { 2, commonObjectFlags };
  char passwordFlags[2]                        = { 0 };
  AsnBits passwordFlagsBits                      = { 12, passwordFlags };

  /*
  ** Authentication Object Choice
  */
  cio = (CIOChoice *)calloc(1, sizeof(AuthenticationObjectChoice));
  cio->choiceId = CIOCHOICE_AUTHOBJECTS;
  cio->a.authObjects = (AuthObjects *)calloc(1, sizeof(AuthObjects));
  cio->a.authObjects->choiceId = PATHOROBJECTS_AUTHENTICATIONOBJECTCHOICE_OBJECTS;
  cio->a.authObjects->a.objects = AsnListNew(sizeof (void*));

  authp = (AuthenticationObjectChoice **)AsnListAppend(cio->a.authObjects->a.objects);

  *authp = auth = calloc(1, sizeof(AuthenticationObjectChoice));

  auth->choiceId = AUTHENTICATIONOBJECTCHOICE_PWD;

  auth->a.pwd = &pattr;

  pattr.commonObjectAttributes = &commonObjAttr;
  pattr.classAttributes    = &commonAuthenticationObjectAttr;
  pattr.subClassAttributes   = (AsnNull *)NULL;
  pattr.typeAttributes     = &passwordAttributes;

  /*
  ** Common Object Attributes
  */
  commonObjAttr.label.octs = _strdup(label);
  commonObjAttr.label.octetLen = strlen(label);

  commonObjectFlags[0] = objectFlags;
  commonObjAttr.flags = commonFlagsAsnBits;

  /*
  ** Common Authentication Object Attributes
  */
  commonAuthenticationObjectAttr.authId.octs = iD;
  commonAuthenticationObjectAttr.authId.octetLen = strlen(iD);

  commonAuthenticationObjectAttr.authReference = &authReference;
  commonAuthenticationObjectAttr.seIdentifier = &seReference;

  /*
  ** Password Attributes
  */
12 © ISO/IEC 2007 – All rights reserved

---------------------- Page: 15 ----------------------
ISO/IEC 7816-15:2004/Amd.1:2007(E)
  passwordFlags[0] = (unsigned char)(pwdFlags>>8);
  passwordFlags[1] = (unsigned char)(pwdFlags);
  passwordAttributes.pwdFlags = passwordFlagsBits;

  passwordAttributes.pwdType   = pwdType;
  passwordAttributes.minLength  = minimumLength;
  passwordAttributes.storedLength = storedLength;
  passwordAttributes.maxLength  = (AsnInt *)calloc(1, sizeof(AsnInt));
  *passwordAttributes.maxLength  = maximumLength;

  padChar.octetLen = 1;
  padChar.octs = (char *)calloc(1,1);
  padChar.octs[0] = paddingCharacter;
  passwordAttributes.padChar = padChar;

  pathOctets.efidOrPath.octs = path;
  pathOctets.efidOrPath.octetLen = pathLength;
  passwordAttributes.path = &pathOctets;

  /*
  ** Print the Authentication Data Object
  */
  fprintf(stdout, "\n\n");
  PrintCIOChoice(stdout, cio, 3);

  /*
  ** BER Encode the Authentication Data Object
  */
  BERLength += BEncCIOChoiceContent(gb,cio);
}

void S
...