cac: Support changing PIN with CAC ALT tokens

2020-10-06 15:28:27 +02:00 · 2020-10-06 15:28:27 +02:00 · 42254ae792
parent 88f3d19479
commit 42254ae792
1 changed files with 11 additions and 1 deletions
--- a/src/libopensc/card-cac.c
+++ b/src/libopensc/card-cac.c
@ -1869,10 +1869,12 @@ static int cac_pin_cmd(sc_card_t *card, struct sc_pin_cmd_data *data, int *tries
 	 * FIPS 201 4.1.6.1 (numeric only) and * FIPS 140-2
 	 * (6 character minimum) requirements.
 	 */
+	sc_apdu_t apdu;
+	u8  sbuf[SC_MAX_APDU_BUFFER_SIZE];
 	struct sc_card_driver *iso_drv = sc_get_iso7816_driver();

 	if (data->cmd == SC_PIN_CMD_CHANGE) {
-		int i = 0;
+		int i = 0, r = 0;
 		if (data->pin2.len < 6) {
 			return SC_ERROR_INVALID_PIN_LENGTH;
 		}
@ -1881,6 +1883,14 @@ static int cac_pin_cmd(sc_card_t *card, struct sc_pin_cmd_data *data, int *tries
 				return SC_ERROR_INVALID_DATA;
 			}
 		}
+
+		r = iso7816_build_pin_apdu(card, &apdu, data, sbuf, sizeof(sbuf));
+		if (r < 0)
+			return r;
+		/* We can change the PIN of Giesecke & Devrient CAC ALT tokens
+		 * but it requires P1 = 0x01 completely against the ISO specs */
+		apdu.p1 = 0x01;
+		data->apdu = &apdu;
 	}

 	return  iso_drv->ops->pin_cmd(card, data, tries_left);