libopensc: in pkcs15 PIN commands 'pin_info' parameter replaced by 'pin_object'
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4103 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
viktor.tarasov
parent
91230bdbc9
commit
052881c38f
|
|
@ -342,8 +342,7 @@ DWORD WINAPI CardAuthenticatePin(__in PCARD_DATA pCardData,
|
|||
cbPin, (pcAttemptsRemaining==NULL?-2:*pcAttemptsRemaining));
|
||||
|
||||
pin_obj = vs->pin_objs[0];
|
||||
r = sc_pkcs15_verify_pin(vs->p15card, (struct sc_pkcs15_pin_info *) \
|
||||
(pin_obj->data), (const u8 *) pbPin, cbPin);
|
||||
r = sc_pkcs15_verify_pin(vs->p15card, pin_obj, (const u8 *) pbPin, cbPin);
|
||||
if (r)
|
||||
{
|
||||
logprintf(pCardData, 3, "PIN code verification failed: %s\n", sc_strerror(r));
|
||||
|
|
@ -1015,8 +1014,7 @@ DWORD WINAPI CardAuthenticateEx(__in PCARD_DATA pCardData,
|
|||
if (PinId != ROLE_USER) return SCARD_E_INVALID_PARAMETER;
|
||||
|
||||
pin_obj = vs->pin_objs[0];
|
||||
r = sc_pkcs15_verify_pin(vs->p15card, (struct sc_pkcs15_pin_info *) \
|
||||
(pin_obj->data), (const u8 *) pbPinData, cbPinData);
|
||||
r = sc_pkcs15_verify_pin(vs->p15card, pin_obj, (const u8 *) pbPinData, cbPinData);
|
||||
if (r)
|
||||
{
|
||||
logprintf(pCardData, 2, "PIN code verification failed: %s\n", sc_strerror(r));
|
||||
|
|
|
|||
|
|
@ -310,7 +310,7 @@ sc_oberthur_read_file(struct sc_pkcs15_card *p15card, const char *in_path,
|
|||
rv = SC_ERROR_SECURITY_STATUS_NOT_SATISFIED;
|
||||
}
|
||||
else {
|
||||
rv = sc_pkcs15_verify_pin(p15card, pinfo, pin_obj->content.value, pin_obj->content.len);
|
||||
rv = sc_pkcs15_verify_pin(p15card, pin_obj, pin_obj->content.value, pin_obj->content.len);
|
||||
if (!rv)
|
||||
rv = sc_oberthur_read_file(p15card, in_path, out, out_len, 0);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -206,17 +206,18 @@ static int _validate_pin(struct sc_pkcs15_card *p15card,
|
|||
* reader's PIN pad
|
||||
*/
|
||||
int sc_pkcs15_verify_pin(struct sc_pkcs15_card *p15card,
|
||||
struct sc_pkcs15_pin_info *pin,
|
||||
struct sc_pkcs15_object *pin_obj,
|
||||
const unsigned char *pincode, size_t pinlen)
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
struct sc_pkcs15_pin_info *pin_info = (struct sc_pkcs15_pin_info *)pin_obj->data;
|
||||
int r;
|
||||
sc_card_t *card;
|
||||
struct sc_pin_cmd_data data;
|
||||
|
||||
SC_FUNC_CALLED(ctx, 2);
|
||||
|
||||
r = _validate_pin(p15card, pin, pinlen);
|
||||
r = _validate_pin(p15card, pin_info, pinlen);
|
||||
SC_TEST_RET(ctx, r, "PIN value do not conforms the PIN policy");
|
||||
|
||||
card = p15card->card;
|
||||
|
|
@ -224,8 +225,8 @@ int sc_pkcs15_verify_pin(struct sc_pkcs15_card *p15card,
|
|||
r = sc_lock(card);
|
||||
SC_TEST_RET(ctx, r, "sc_lock() failed");
|
||||
/* the path in the pin object is optional */
|
||||
if (pin->path.len > 0) {
|
||||
r = sc_select_file(card, &pin->path, NULL);
|
||||
if (pin_info->path.len > 0) {
|
||||
r = sc_select_file(card, &pin_info->path, NULL);
|
||||
if (r)
|
||||
goto out;
|
||||
}
|
||||
|
|
@ -233,19 +234,19 @@ int sc_pkcs15_verify_pin(struct sc_pkcs15_card *p15card,
|
|||
/* Initialize arguments */
|
||||
memset(&data, 0, sizeof(data));
|
||||
data.cmd = SC_PIN_CMD_VERIFY;
|
||||
data.pin_type = pin->auth_method;
|
||||
data.pin_reference = pin->reference;
|
||||
data.pin1.min_length = pin->min_length;
|
||||
data.pin1.max_length = pin->max_length;
|
||||
data.pin1.pad_length = pin->stored_length;
|
||||
data.pin1.pad_char = pin->pad_char;
|
||||
data.pin_type = pin_info->auth_method;
|
||||
data.pin_reference = pin_info->reference;
|
||||
data.pin1.min_length = pin_info->min_length;
|
||||
data.pin1.max_length = pin_info->max_length;
|
||||
data.pin1.pad_length = pin_info->stored_length;
|
||||
data.pin1.pad_char = pin_info->pad_char;
|
||||
data.pin1.data = pincode;
|
||||
data.pin1.len = pinlen;
|
||||
|
||||
if (pin->flags & SC_PKCS15_PIN_FLAG_NEEDS_PADDING)
|
||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_NEEDS_PADDING)
|
||||
data.flags |= SC_PIN_CMD_NEED_PADDING;
|
||||
|
||||
switch (pin->type) {
|
||||
switch (pin_info->type) {
|
||||
case SC_PKCS15_PIN_TYPE_BCD:
|
||||
data.pin1.encoding = SC_PIN_ENCODING_BCD;
|
||||
break;
|
||||
|
|
@ -259,15 +260,15 @@ int sc_pkcs15_verify_pin(struct sc_pkcs15_card *p15card,
|
|||
|
||||
if(p15card->card->reader->capabilities & SC_READER_CAP_PIN_PAD) {
|
||||
data.flags |= SC_PIN_CMD_USE_PINPAD;
|
||||
if (pin->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
||||
data.pin1.prompt = "Please enter SO PIN";
|
||||
else
|
||||
data.pin1.prompt = "Please enter PIN";
|
||||
}
|
||||
|
||||
r = sc_pin_cmd(card, &data, &pin->tries_left);
|
||||
r = sc_pin_cmd(card, &data, &pin_info->tries_left);
|
||||
if (r == SC_SUCCESS)
|
||||
sc_pkcs15_pincache_add(p15card, pin, pincode, pinlen);
|
||||
sc_pkcs15_pincache_add(p15card, pin_obj, pincode, pinlen);
|
||||
out:
|
||||
sc_unlock(card);
|
||||
return r;
|
||||
|
|
@ -277,26 +278,27 @@ out:
|
|||
* Change a PIN.
|
||||
*/
|
||||
int sc_pkcs15_change_pin(struct sc_pkcs15_card *p15card,
|
||||
struct sc_pkcs15_pin_info *pin,
|
||||
struct sc_pkcs15_object *pin_obj,
|
||||
const u8 *oldpin, size_t oldpinlen,
|
||||
const u8 *newpin, size_t newpinlen)
|
||||
{
|
||||
int r;
|
||||
sc_card_t *card;
|
||||
struct sc_pin_cmd_data data;
|
||||
struct sc_pkcs15_pin_info *pin_info = (struct sc_pkcs15_pin_info *)pin_obj->data;
|
||||
|
||||
/* make sure the pins are in valid range */
|
||||
if ((r = _validate_pin(p15card, pin, oldpinlen)) != SC_SUCCESS)
|
||||
if ((r = _validate_pin(p15card, pin_info, oldpinlen)) != SC_SUCCESS)
|
||||
return r;
|
||||
if ((r = _validate_pin(p15card, pin, newpinlen)) != SC_SUCCESS)
|
||||
if ((r = _validate_pin(p15card, pin_info, newpinlen)) != SC_SUCCESS)
|
||||
return r;
|
||||
|
||||
card = p15card->card;
|
||||
r = sc_lock(card);
|
||||
SC_TEST_RET(card->ctx, r, "sc_lock() failed");
|
||||
/* the path in the pin object is optional */
|
||||
if (pin->path.len > 0) {
|
||||
r = sc_select_file(card, &pin->path, NULL);
|
||||
if (pin_info->path.len > 0) {
|
||||
r = sc_select_file(card, &pin_info->path, NULL);
|
||||
if (r)
|
||||
goto out;
|
||||
}
|
||||
|
|
@ -305,24 +307,24 @@ int sc_pkcs15_change_pin(struct sc_pkcs15_card *p15card,
|
|||
memset(&data, 0, sizeof(data));
|
||||
data.cmd = SC_PIN_CMD_CHANGE;
|
||||
data.pin_type = SC_AC_CHV;
|
||||
data.pin_reference = pin->reference;
|
||||
data.pin_reference = pin_info->reference;
|
||||
data.pin1.data = oldpin;
|
||||
data.pin1.len = oldpinlen;
|
||||
data.pin1.pad_char = pin->pad_char;
|
||||
data.pin1.min_length = pin->min_length;
|
||||
data.pin1.max_length = pin->max_length;
|
||||
data.pin1.pad_length = pin->stored_length;
|
||||
data.pin1.pad_char = pin_info->pad_char;
|
||||
data.pin1.min_length = pin_info->min_length;
|
||||
data.pin1.max_length = pin_info->max_length;
|
||||
data.pin1.pad_length = pin_info->stored_length;
|
||||
data.pin2.data = newpin;
|
||||
data.pin2.len = newpinlen;
|
||||
data.pin2.pad_char = pin->pad_char;
|
||||
data.pin2.min_length = pin->min_length;
|
||||
data.pin2.max_length = pin->max_length;
|
||||
data.pin2.pad_length = pin->stored_length;
|
||||
data.pin2.pad_char = pin_info->pad_char;
|
||||
data.pin2.min_length = pin_info->min_length;
|
||||
data.pin2.max_length = pin_info->max_length;
|
||||
data.pin2.pad_length = pin_info->stored_length;
|
||||
|
||||
if (pin->flags & SC_PKCS15_PIN_FLAG_NEEDS_PADDING)
|
||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_NEEDS_PADDING)
|
||||
data.flags |= SC_PIN_CMD_NEED_PADDING;
|
||||
|
||||
switch (pin->type) {
|
||||
switch (pin_info->type) {
|
||||
case SC_PKCS15_PIN_TYPE_BCD:
|
||||
data.pin1.encoding = SC_PIN_ENCODING_BCD;
|
||||
data.pin2.encoding = SC_PIN_ENCODING_BCD;
|
||||
|
|
@ -336,7 +338,7 @@ int sc_pkcs15_change_pin(struct sc_pkcs15_card *p15card,
|
|||
if((!oldpin || !newpin)
|
||||
&& p15card->card->reader->capabilities & SC_READER_CAP_PIN_PAD) {
|
||||
data.flags |= SC_PIN_CMD_USE_PINPAD;
|
||||
if (pin->flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
||||
data.pin1.prompt = "Please enter SO PIN";
|
||||
data.pin2.prompt = "Please enter new SO PIN";
|
||||
} else {
|
||||
|
|
@ -345,9 +347,9 @@ int sc_pkcs15_change_pin(struct sc_pkcs15_card *p15card,
|
|||
}
|
||||
}
|
||||
|
||||
r = sc_pin_cmd(card, &data, &pin->tries_left);
|
||||
r = sc_pin_cmd(card, &data, &pin_info->tries_left);
|
||||
if (r == SC_SUCCESS)
|
||||
sc_pkcs15_pincache_add(p15card, pin, newpin, newpinlen);
|
||||
sc_pkcs15_pincache_add(p15card, pin_obj, newpin, newpinlen);
|
||||
|
||||
out:
|
||||
sc_unlock(card);
|
||||
|
|
@ -358,18 +360,19 @@ out:
|
|||
* Unblock a PIN.
|
||||
*/
|
||||
int sc_pkcs15_unblock_pin(struct sc_pkcs15_card *p15card,
|
||||
struct sc_pkcs15_pin_info *pin,
|
||||
struct sc_pkcs15_object *pin_obj,
|
||||
const u8 *puk, size_t puklen,
|
||||
const u8 *newpin, size_t newpinlen)
|
||||
{
|
||||
int r;
|
||||
sc_card_t *card;
|
||||
struct sc_pin_cmd_data data;
|
||||
struct sc_pkcs15_object *pin_obj, *puk_obj;
|
||||
struct sc_pkcs15_object *puk_obj;
|
||||
struct sc_pkcs15_pin_info *puk_info = NULL;
|
||||
struct sc_pkcs15_pin_info *pin_info = (struct sc_pkcs15_pin_info *)pin_obj->data;
|
||||
|
||||
/* make sure the pins are in valid range */
|
||||
if ((r = _validate_pin(p15card, pin, newpinlen)) != SC_SUCCESS)
|
||||
if ((r = _validate_pin(p15card, pin_info, newpinlen)) != SC_SUCCESS)
|
||||
return r;
|
||||
|
||||
card = p15card->card;
|
||||
|
|
@ -377,19 +380,15 @@ int sc_pkcs15_unblock_pin(struct sc_pkcs15_card *p15card,
|
|||
* as we don't have the id of the puk (at least now))
|
||||
* note: for compatibility reasons we give no error if no puk object
|
||||
* is found */
|
||||
/* first step: get the pkcs15 object of the pin */
|
||||
r = sc_pkcs15_find_pin_by_auth_id(p15card, &pin->auth_id, &pin_obj);
|
||||
if (r >= 0 && pin_obj) {
|
||||
/* second step: try to get the pkcs15 object of the puk */
|
||||
r = sc_pkcs15_find_pin_by_auth_id(p15card, &pin_obj->auth_id, &puk_obj);
|
||||
if (r >= 0 && puk_obj) {
|
||||
/* third step: get the pkcs15 info object of the puk */
|
||||
puk_info = (struct sc_pkcs15_pin_info *)puk_obj->data;
|
||||
}
|
||||
/* first step: try to get the pkcs15 object of the puk */
|
||||
r = sc_pkcs15_find_pin_by_auth_id(p15card, &pin_obj->auth_id, &puk_obj);
|
||||
if (r >= 0 && puk_obj) {
|
||||
/* second step: get the pkcs15 info object of the puk */
|
||||
puk_info = (struct sc_pkcs15_pin_info *)puk_obj->data;
|
||||
}
|
||||
if (!puk_info) {
|
||||
sc_debug(card->ctx, "Unable to get puk object, using pin object instead!\n");
|
||||
puk_info = pin;
|
||||
puk_info = pin_info;
|
||||
}
|
||||
|
||||
/* make sure the puk is in valid range */
|
||||
|
|
@ -399,8 +398,8 @@ int sc_pkcs15_unblock_pin(struct sc_pkcs15_card *p15card,
|
|||
r = sc_lock(card);
|
||||
SC_TEST_RET(card->ctx, r, "sc_lock() failed");
|
||||
/* the path in the pin object is optional */
|
||||
if (pin->path.len > 0) {
|
||||
r = sc_select_file(card, &pin->path, NULL);
|
||||
if (pin_info->path.len > 0) {
|
||||
r = sc_select_file(card, &pin_info->path, NULL);
|
||||
if (r)
|
||||
goto out;
|
||||
}
|
||||
|
|
@ -409,13 +408,13 @@ int sc_pkcs15_unblock_pin(struct sc_pkcs15_card *p15card,
|
|||
memset(&data, 0, sizeof(data));
|
||||
data.cmd = SC_PIN_CMD_UNBLOCK;
|
||||
data.pin_type = SC_AC_CHV;
|
||||
data.pin_reference = pin->reference;
|
||||
data.pin_reference = pin_info->reference;
|
||||
data.pin1.data = puk;
|
||||
data.pin1.len = puklen;
|
||||
data.pin1.pad_char = pin->pad_char;
|
||||
data.pin1.min_length = pin->min_length;
|
||||
data.pin1.max_length = pin->max_length;
|
||||
data.pin1.pad_length = pin->stored_length;
|
||||
data.pin1.pad_char = pin_info->pad_char;
|
||||
data.pin1.min_length = pin_info->min_length;
|
||||
data.pin1.max_length = pin_info->max_length;
|
||||
data.pin1.pad_length = pin_info->stored_length;
|
||||
data.pin2.data = newpin;
|
||||
data.pin2.len = newpinlen;
|
||||
data.pin2.pad_char = puk_info->pad_char;
|
||||
|
|
@ -423,10 +422,10 @@ int sc_pkcs15_unblock_pin(struct sc_pkcs15_card *p15card,
|
|||
data.pin2.max_length = puk_info->max_length;
|
||||
data.pin2.pad_length = puk_info->stored_length;
|
||||
|
||||
if (pin->flags & SC_PKCS15_PIN_FLAG_NEEDS_PADDING)
|
||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_NEEDS_PADDING)
|
||||
data.flags |= SC_PIN_CMD_NEED_PADDING;
|
||||
|
||||
switch (pin->type) {
|
||||
switch (pin_info->type) {
|
||||
case SC_PKCS15_PIN_TYPE_BCD:
|
||||
data.pin1.encoding = SC_PIN_ENCODING_BCD;
|
||||
break;
|
||||
|
|
@ -446,7 +445,7 @@ int sc_pkcs15_unblock_pin(struct sc_pkcs15_card *p15card,
|
|||
|
||||
if(p15card->card->reader->capabilities & SC_READER_CAP_PIN_PAD) {
|
||||
data.flags |= SC_PIN_CMD_USE_PINPAD;
|
||||
if (pin->flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
||||
data.pin1.prompt = "Please enter PUK";
|
||||
data.pin2.prompt = "Please enter new SO PIN";
|
||||
} else {
|
||||
|
|
@ -455,9 +454,9 @@ int sc_pkcs15_unblock_pin(struct sc_pkcs15_card *p15card,
|
|||
}
|
||||
}
|
||||
|
||||
r = sc_pin_cmd(card, &data, &pin->tries_left);
|
||||
r = sc_pin_cmd(card, &data, &pin_info->tries_left);
|
||||
if (r == SC_SUCCESS)
|
||||
sc_pkcs15_pincache_add(p15card, pin, newpin, newpinlen);
|
||||
sc_pkcs15_pincache_add(p15card, pin_obj, newpin, newpinlen);
|
||||
|
||||
out:
|
||||
sc_unlock(card);
|
||||
|
|
@ -471,12 +470,10 @@ void sc_pkcs15_free_pin_info(sc_pkcs15_pin_info_t *pin)
|
|||
|
||||
|
||||
/* Add a PIN to the PIN cache related to the card. Some operations can trigger re-authentication later. */
|
||||
void sc_pkcs15_pincache_add(struct sc_pkcs15_card *p15card,
|
||||
struct sc_pkcs15_pin_info *pininfo,
|
||||
void sc_pkcs15_pincache_add(struct sc_pkcs15_card *p15card, struct sc_pkcs15_object *pin_obj,
|
||||
const u8 *pin, size_t pinlen)
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
struct sc_pkcs15_object *obj = NULL;
|
||||
int r;
|
||||
|
||||
SC_FUNC_CALLED(ctx, 2);
|
||||
|
|
@ -486,27 +483,20 @@ void sc_pkcs15_pincache_add(struct sc_pkcs15_card *p15card,
|
|||
return;
|
||||
}
|
||||
|
||||
r = sc_pkcs15_find_pin_by_type_and_reference(p15card, NULL, pininfo->auth_method, pininfo->reference, &obj);
|
||||
if (r < 0) {
|
||||
sc_debug(ctx, "PIN with reference 0x%X not found", pininfo->reference);
|
||||
return;
|
||||
}
|
||||
|
||||
/* Is it a user consent protecting PIN ? */
|
||||
if (obj->user_consent) {
|
||||
if (pin_obj->user_consent) {
|
||||
sc_debug(ctx, "Not caching a PIN requiring user consent");
|
||||
return;
|
||||
}
|
||||
|
||||
r = sc_pkcs15_allocate_object_content(obj, pin, pinlen);
|
||||
r = sc_pkcs15_allocate_object_content(pin_obj, pin, pinlen);
|
||||
if (r != SC_SUCCESS) {
|
||||
sc_debug(ctx, "Failed to allocate object content");
|
||||
return;
|
||||
}
|
||||
|
||||
obj->usage_counter = 0;
|
||||
sc_debug(ctx, "PIN(method:%X,encoding:%X,reference:%X) cached",
|
||||
pininfo->auth_method, pininfo->type, pininfo->reference);
|
||||
pin_obj->usage_counter = 0;
|
||||
sc_debug(ctx, "PIN(%s) cached", pin_obj->label);
|
||||
}
|
||||
|
||||
/* Validate the PIN code associated with an object */
|
||||
|
|
@ -544,8 +534,7 @@ int sc_pkcs15_pincache_revalidate(struct sc_pkcs15_card *p15card, sc_pkcs15_obje
|
|||
* before or after (successeful ?) PIN verifying ? */
|
||||
pin_obj->usage_counter++;
|
||||
|
||||
r = sc_pkcs15_verify_pin(p15card, (struct sc_pkcs15_pin_info *)pin_obj->data,
|
||||
pin_obj->content.value, pin_obj->content.len);
|
||||
r = sc_pkcs15_verify_pin(p15card, pin_obj, pin_obj->content.value, pin_obj->content.len);
|
||||
if (r != SC_SUCCESS) {
|
||||
sc_debug(ctx, "Verify PIN error %i", r);
|
||||
return SC_ERROR_SECURITY_STATUS_NOT_SATISFIED;
|
||||
|
|
|
|||
|
|
@ -560,14 +560,14 @@ int sc_pkcs15_find_pubkey_by_id(struct sc_pkcs15_card *card,
|
|||
struct sc_pkcs15_object **out);
|
||||
|
||||
int sc_pkcs15_verify_pin(struct sc_pkcs15_card *card,
|
||||
struct sc_pkcs15_pin_info *pin,
|
||||
struct sc_pkcs15_object *pin_obj,
|
||||
const u8 *pincode, size_t pinlen);
|
||||
int sc_pkcs15_change_pin(struct sc_pkcs15_card *card,
|
||||
struct sc_pkcs15_pin_info *pin,
|
||||
struct sc_pkcs15_object *pin_obj,
|
||||
const u8 *oldpincode, size_t oldpinlen,
|
||||
const u8 *newpincode, size_t newpinlen);
|
||||
int sc_pkcs15_unblock_pin(struct sc_pkcs15_card *card,
|
||||
struct sc_pkcs15_pin_info *pin,
|
||||
struct sc_pkcs15_object *pin_obj,
|
||||
const u8 *puk, size_t puklen,
|
||||
const u8 *newpin, size_t newpinlen);
|
||||
int sc_pkcs15_find_pin_by_auth_id(struct sc_pkcs15_card *card,
|
||||
|
|
@ -583,9 +583,8 @@ int sc_pkcs15_find_pin_by_type_and_reference(struct sc_pkcs15_card *card,
|
|||
int sc_pkcs15_find_so_pin(struct sc_pkcs15_card *card,
|
||||
struct sc_pkcs15_object **out);
|
||||
|
||||
void sc_pkcs15_pincache_add(struct sc_pkcs15_card *p15card,
|
||||
struct sc_pkcs15_pin_info *pininfo,
|
||||
const u8 *pin, size_t pinlen);
|
||||
void sc_pkcs15_pincache_add(struct sc_pkcs15_card *, struct sc_pkcs15_object *,
|
||||
const u8 *, size_t);
|
||||
int sc_pkcs15_pincache_revalidate(struct sc_pkcs15_card *p15card,
|
||||
sc_pkcs15_object_t *obj);
|
||||
void sc_pkcs15_pincache_clear(struct sc_pkcs15_card *p15card);
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ struct pkcs15_slot_data {
|
|||
struct sc_pkcs15_object *auth_obj;
|
||||
};
|
||||
#define slot_data(p) ((struct pkcs15_slot_data *) (p))
|
||||
#define slot_data_auth(p) (slot_data(p)->auth_obj)
|
||||
#define slot_data_auth(p) (((p) && slot_data(p)) ? slot_data(p)->auth_obj : NULL)
|
||||
#define slot_data_pin_info(p) (((p) && slot_data_auth(p))? \
|
||||
(struct sc_pkcs15_pin_info *) slot_data_auth(p)->data : NULL)
|
||||
|
||||
|
|
@ -1040,7 +1040,7 @@ static CK_RV pkcs15_login(struct sc_pkcs11_slot *slot,
|
|||
if (sc_pkcs11_conf.lock_login && (rc = lock_card(fw_data)) < 0)
|
||||
return sc_to_cryptoki_error(rc);
|
||||
|
||||
rc = sc_pkcs15_verify_pin(p15card, pin_info, pPin, ulPinLen);
|
||||
rc = sc_pkcs15_verify_pin(p15card, auth_object, pPin, ulPinLen);
|
||||
sc_debug(context, "PKCS15 verify PIN returned %d\n", rc);
|
||||
if (rc < 0)
|
||||
return sc_to_cryptoki_error(rc);
|
||||
|
|
@ -1104,9 +1104,13 @@ static CK_RV pkcs15_change_pin(struct sc_pkcs11_card *p11card,
|
|||
{
|
||||
int rc;
|
||||
struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *) p11card->fw_data;
|
||||
struct sc_pkcs15_pin_info *pin;
|
||||
struct sc_pkcs15_pin_info *pin_info;
|
||||
struct sc_pkcs15_obj *pin_obj;
|
||||
|
||||
if (!(pin = slot_data_pin_info(fw_token)))
|
||||
if (!(pin_obj = slot_data_auth(fw_token)))
|
||||
return CKR_USER_PIN_NOT_INITIALIZED;
|
||||
|
||||
if (!(pin_info = slot_data_pin_info(fw_token)))
|
||||
return CKR_USER_PIN_NOT_INITIALIZED;
|
||||
|
||||
if (p11card->card->reader->capabilities & SC_READER_CAP_PIN_PAD) {
|
||||
|
|
@ -1119,7 +1123,7 @@ static CK_RV pkcs15_change_pin(struct sc_pkcs11_card *p11card,
|
|||
pOldPin = pNewPin = NULL;
|
||||
ulOldLen = ulNewLen = 0;
|
||||
}
|
||||
else if (ulNewLen < pin->min_length || ulNewLen > pin->max_length) {
|
||||
else if (ulNewLen < pin_info->min_length || ulNewLen > pin_info->max_length) {
|
||||
return CKR_PIN_LEN_RANGE;
|
||||
}
|
||||
|
||||
|
|
@ -1128,17 +1132,17 @@ static CK_RV pkcs15_change_pin(struct sc_pkcs11_card *p11card,
|
|||
sc_debug(context, "PIN unlock is not allowed in unlogged session");
|
||||
return CKR_FUNCTION_NOT_SUPPORTED;
|
||||
}
|
||||
rc = sc_pkcs15_unblock_pin(fw_data->p15_card, pin, pOldPin, ulOldLen, pNewPin, ulNewLen);
|
||||
rc = sc_pkcs15_unblock_pin(fw_data->p15_card, pin_obj, pOldPin, ulOldLen, pNewPin, ulNewLen);
|
||||
}
|
||||
else if (login_user == CKU_CONTEXT_SPECIFIC) {
|
||||
if (sc_pkcs11_conf.pin_unblock_style != SC_PKCS11_PIN_UNBLOCK_SCONTEXT_SETPIN) {
|
||||
sc_debug(context, "PIN unlock is not allowed with CKU_CONTEXT_SPECIFIC login");
|
||||
return CKR_FUNCTION_NOT_SUPPORTED;
|
||||
}
|
||||
rc = sc_pkcs15_unblock_pin(fw_data->p15_card, pin, pOldPin, ulOldLen, pNewPin, ulNewLen);
|
||||
rc = sc_pkcs15_unblock_pin(fw_data->p15_card, pin_obj, pOldPin, ulOldLen, pNewPin, ulNewLen);
|
||||
}
|
||||
else if (login_user == CKU_USER) {
|
||||
rc = sc_pkcs15_change_pin(fw_data->p15_card, pin, pOldPin, ulOldLen, pNewPin, ulNewLen);
|
||||
rc = sc_pkcs15_change_pin(fw_data->p15_card, pin_obj, pOldPin, ulOldLen, pNewPin, ulNewLen);
|
||||
}
|
||||
else {
|
||||
sc_debug(context, "cannot change PIN: non supported login type: %i", login_user);
|
||||
|
|
@ -1162,10 +1166,12 @@ static CK_RV pkcs15_init_pin(struct sc_pkcs11_card *p11card,
|
|||
int rc;
|
||||
|
||||
sc_debug(context, "pkcs15 init PIN: pin %p:%d\n", pPin, ulPinLen);
|
||||
|
||||
pin_info = slot_data_pin_info(slot->fw_data);
|
||||
if (pin_info && sc_pkcs11_conf.pin_unblock_style == SC_PKCS11_PIN_UNBLOCK_SO_LOGGED_INITPIN) {
|
||||
auth_obj = slot_data_auth(slot->fw_data);
|
||||
if (fw_data->user_puk_len) {
|
||||
rc = sc_pkcs15_unblock_pin(fw_data->p15_card, pin_info,
|
||||
rc = sc_pkcs15_unblock_pin(fw_data->p15_card, auth_obj,
|
||||
fw_data->user_puk, fw_data->user_puk_len, pPin, ulPinLen);
|
||||
}
|
||||
else {
|
||||
|
|
@ -1173,7 +1179,7 @@ static CK_RV pkcs15_init_pin(struct sc_pkcs11_card *p11card,
|
|||
/* TODO: Actually sc_pkcs15_unblock_pin() do not accepts zero length value as a PUK argument.
|
||||
* It's usefull for the cards that do not supports modes 00 and 01
|
||||
* of ISO 'RESET RETRY COUNTER' command. */
|
||||
rc = sc_pkcs15_unblock_pin(fw_data->p15_card, pin_info, NULL, 0, pPin, ulPinLen);
|
||||
rc = sc_pkcs15_unblock_pin(fw_data->p15_card, auth_obj, NULL, 0, pPin, ulPinLen);
|
||||
#else
|
||||
return sc_to_cryptoki_error(SC_ERROR_NOT_SUPPORTED);
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -581,8 +581,7 @@ cflex_create_pin_file(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
/* Cache dummy SOPIN value */
|
||||
r = sc_pkcs15_find_pin_by_type_and_reference(p15card, NULL, SC_AC_CHV, ref, &pin_obj);
|
||||
if (!r && pin_obj)
|
||||
sc_pkcs15_pincache_add(p15card, (struct sc_pkcs15_pin_info *)pin_obj->data,
|
||||
dummy_pin_value, sizeof(dummy_pin_value));
|
||||
sc_pkcs15_pincache_add(p15card, pin_obj, dummy_pin_value, sizeof(dummy_pin_value));
|
||||
}
|
||||
|
||||
r = sc_pkcs15init_create_file(profile, p15card, file);
|
||||
|
|
@ -601,7 +600,7 @@ cflex_create_pin_file(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
|
||||
if (pin_obj) {
|
||||
/* Cache new SOPIN value */
|
||||
sc_pkcs15_pincache_add(p15card, (struct sc_pkcs15_pin_info *)pin_obj->data, pin, pin_len);
|
||||
sc_pkcs15_pincache_add(p15card, pin_obj, pin, pin_len);
|
||||
}
|
||||
|
||||
SC_FUNC_RETURN(ctx, 3, r);
|
||||
|
|
|
|||
|
|
@ -2918,7 +2918,7 @@ sc_pkcs15init_get_transport_key(struct sc_profile *profile, struct sc_pkcs15_car
|
|||
rv = sc_pkcs15_add_object(p15card, pin_obj);
|
||||
SC_TEST_RET(ctx, rv, "Cannot add PKCS#15 AUTH object");
|
||||
|
||||
sc_pkcs15_pincache_add(p15card, &pin_info, pinbuf, *pinsize);
|
||||
sc_pkcs15_pincache_add(p15card, pin_obj, pinbuf, *pinsize);
|
||||
|
||||
SC_FUNC_RETURN(ctx, 3, rv);
|
||||
}
|
||||
|
|
@ -3028,8 +3028,7 @@ found: /* If it's a PIN, pad it out */
|
|||
|
||||
sc_debug(ctx, "get and verify PIN; pinbuf(%p:%i)\n", pinbuf, *pinsize);
|
||||
if (pin_obj && verify) {
|
||||
r = sc_pkcs15_verify_pin(p15card, (struct sc_pkcs15_pin_info *)pin_obj->data,
|
||||
pinbuf, *pinsize);
|
||||
r = sc_pkcs15_verify_pin(p15card, pin_obj, pinbuf, *pinsize);
|
||||
SC_TEST_RET(ctx, r, "Cannot validate pkcs15 PIN");
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -44,30 +44,29 @@ static int enum_pins(struct sc_pkcs15_object ***ret)
|
|||
return n;
|
||||
}
|
||||
|
||||
static int ask_and_verify_pin(struct sc_pkcs15_object *obj)
|
||||
static int ask_and_verify_pin(struct sc_pkcs15_object *pin_obj)
|
||||
{
|
||||
struct sc_pkcs15_pin_info *pin;
|
||||
struct sc_pkcs15_pin_info *pin_info = (struct sc_pkcs15_pin_info *) pin_obj->data;
|
||||
int i = 0;
|
||||
char prompt[80];
|
||||
u8 *pass;
|
||||
|
||||
pin = (struct sc_pkcs15_pin_info *) obj->data;
|
||||
if (pin->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN) {
|
||||
printf("Skipping unblocking pin [%s]\n", obj->label);
|
||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN) {
|
||||
printf("Skipping unblocking pin [%s]\n", pin_obj->label);
|
||||
return 0;
|
||||
}
|
||||
|
||||
sprintf(prompt, "Please enter PIN code [%s]: ", obj->label);
|
||||
sprintf(prompt, "Please enter PIN code [%s]: ", pin_obj->label);
|
||||
pass = (u8 *) getpass(prompt);
|
||||
|
||||
sc_lock(card);
|
||||
i = sc_pkcs15_verify_pin(p15card, pin, pass, strlen((char *) pass));
|
||||
i = sc_pkcs15_verify_pin(p15card, pin_obj, pass, strlen((char *) pass));
|
||||
sc_unlock(card);
|
||||
if (i) {
|
||||
if (i == SC_ERROR_PIN_CODE_INCORRECT)
|
||||
fprintf(stderr,
|
||||
"Incorrect PIN code (%d tries left)\n",
|
||||
pin->tries_left);
|
||||
pin_info->tries_left);
|
||||
else
|
||||
fprintf(stderr,
|
||||
"PIN verifying failed: %s\n",
|
||||
|
|
|
|||
|
|
@ -470,8 +470,7 @@ static int get_key(unsigned int usage, sc_pkcs15_object_t **result)
|
|||
!(p15card->card->reader->capabilities & SC_READER_CAP_PIN_PAD))
|
||||
return 5;
|
||||
|
||||
r = sc_pkcs15_verify_pin(p15card, (struct sc_pkcs15_pin_info *) pin->data,
|
||||
(const u8 *) pincode, pincode == NULL ? 0 : strlen(pincode));
|
||||
r = sc_pkcs15_verify_pin(p15card, pin, (const u8 *)pincode, pincode ? strlen(pincode) : 0);
|
||||
if (r) {
|
||||
fprintf(stderr, "PIN code verification failed: %s\n", sc_strerror(r));
|
||||
return 5;
|
||||
|
|
|
|||
|
|
@ -904,13 +904,11 @@ static int verify_pin(void)
|
|||
else
|
||||
pin = get_pin("Please enter PIN", pin_obj);
|
||||
|
||||
return sc_pkcs15_verify_pin(p15card, (sc_pkcs15_pin_info_t *) pin_obj->data,
|
||||
pin, pin? strlen((char *) pin) : 0);
|
||||
return sc_pkcs15_verify_pin(p15card, pin_obj, pin, pin ? strlen((char *) pin) : 0);
|
||||
}
|
||||
|
||||
static int authenticate(sc_pkcs15_object_t *obj)
|
||||
{
|
||||
sc_pkcs15_pin_info_t *pin_info;
|
||||
sc_pkcs15_object_t *pin_obj;
|
||||
u8 *pin;
|
||||
int r;
|
||||
|
|
@ -921,14 +919,12 @@ static int authenticate(sc_pkcs15_object_t *obj)
|
|||
if (r)
|
||||
return r;
|
||||
|
||||
pin_info = (sc_pkcs15_pin_info_t *) pin_obj->data;
|
||||
if (opt_pin != NULL)
|
||||
pin = opt_pin;
|
||||
else
|
||||
pin = get_pin("Please enter PIN", pin_obj);
|
||||
|
||||
return sc_pkcs15_verify_pin(p15card, pin_info,
|
||||
pin, pin? strlen((char *) pin) : 0);
|
||||
return sc_pkcs15_verify_pin(p15card, pin_obj, pin, pin? strlen((char *) pin) : 0);
|
||||
}
|
||||
|
||||
static void print_pin_info(const struct sc_pkcs15_object *obj)
|
||||
|
|
@ -1078,7 +1074,7 @@ static int unblock_pin(void)
|
|||
free(pin2);
|
||||
}
|
||||
|
||||
r = sc_pkcs15_unblock_pin(p15card, pinfo,
|
||||
r = sc_pkcs15_unblock_pin(p15card, pin_obj,
|
||||
puk, puk ? strlen((char *) puk) : 0,
|
||||
pin, pin ? strlen((char *) pin) : 0);
|
||||
if (r == SC_ERROR_PIN_CODE_INCORRECT) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue