coding style: use short form of debug macros
This commit is contained in:
parent
3f023d3342
commit
46c86fcb66
|
@ -138,7 +138,7 @@ int sc_pkcs15_decode_aodf_entry(struct sc_pkcs15_card *p15card,
|
||||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "ASN.1 decoding failed");
|
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "ASN.1 decoding failed");
|
||||||
|
|
||||||
if (asn1_auth_type_choice[0].flags & SC_ASN1_PRESENT) {
|
if (asn1_auth_type_choice[0].flags & SC_ASN1_PRESENT) {
|
||||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "AuthType: PIN");
|
sc_log(ctx, "AuthType: PIN");
|
||||||
obj->type = SC_PKCS15_TYPE_AUTH_PIN;
|
obj->type = SC_PKCS15_TYPE_AUTH_PIN;
|
||||||
info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
||||||
info.auth_method = SC_AC_CHV;
|
info.auth_method = SC_AC_CHV;
|
||||||
|
@ -178,7 +178,7 @@ int sc_pkcs15_decode_aodf_entry(struct sc_pkcs15_card *p15card,
|
||||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "BIO authentication object not yet supported");
|
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "BIO authentication object not yet supported");
|
||||||
}
|
}
|
||||||
else if (asn1_auth_type_choice[2].flags & SC_ASN1_PRESENT) {
|
else if (asn1_auth_type_choice[2].flags & SC_ASN1_PRESENT) {
|
||||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "AuthType: AuthKey");
|
sc_log(ctx, "AuthType: AuthKey");
|
||||||
obj->type = SC_PKCS15_TYPE_AUTH_AUTHKEY;
|
obj->type = SC_PKCS15_TYPE_AUTH_AUTHKEY;
|
||||||
info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_AUTH_KEY;
|
info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_AUTH_KEY;
|
||||||
info.auth_method = SC_AC_AUT;
|
info.auth_method = SC_AC_AUT;
|
||||||
|
@ -334,12 +334,12 @@ int sc_pkcs15_verify_pin(struct sc_pkcs15_card *p15card,
|
||||||
|
|
||||||
r = sc_pkcs15_find_skey_by_id(p15card, skey_id, &skey_obj);
|
r = sc_pkcs15_find_skey_by_id(p15card, skey_id, &skey_obj);
|
||||||
if (r) {
|
if (r) {
|
||||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "cannot find secret key with id:%s", sc_pkcs15_print_id(skey_id));
|
sc_log(ctx, "cannot find secret key with id:%s", sc_pkcs15_print_id(skey_id));
|
||||||
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r);
|
LOG_FUNC_RETURN(ctx, r);
|
||||||
}
|
}
|
||||||
skey_info = (struct sc_pkcs15_skey_info *)skey_obj->data;
|
skey_info = (struct sc_pkcs15_skey_info *)skey_obj->data;
|
||||||
|
|
||||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "found secret key '%s'", skey_obj->label);
|
sc_log(ctx, "found secret key '%s'", skey_obj->label);
|
||||||
data.pin_reference = skey_info->key_reference;
|
data.pin_reference = skey_info->key_reference;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -353,7 +353,8 @@ int sc_pkcs15_verify_pin(struct sc_pkcs15_card *p15card,
|
||||||
}
|
}
|
||||||
|
|
||||||
r = sc_lock(card);
|
r = sc_lock(card);
|
||||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "sc_lock() failed");
|
LOG_TEST_RET(ctx, r, "sc_lock() failed");
|
||||||
|
|
||||||
/* the path in the pin object is optional */
|
/* the path in the pin object is optional */
|
||||||
if (auth_info->path.len > 0) {
|
if (auth_info->path.len > 0) {
|
||||||
r = sc_select_file(card, &auth_info->path, NULL);
|
r = sc_select_file(card, &auth_info->path, NULL);
|
||||||
|
@ -362,12 +363,12 @@ int sc_pkcs15_verify_pin(struct sc_pkcs15_card *p15card,
|
||||||
}
|
}
|
||||||
|
|
||||||
r = sc_pin_cmd(card, &data, &auth_info->tries_left);
|
r = sc_pin_cmd(card, &data, &auth_info->tries_left);
|
||||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "PIN cmd result %i", r);
|
sc_log(ctx, "PIN cmd result %i", r);
|
||||||
if (r == SC_SUCCESS)
|
if (r == SC_SUCCESS)
|
||||||
sc_pkcs15_pincache_add(p15card, pin_obj, pincode, pinlen);
|
sc_pkcs15_pincache_add(p15card, pin_obj, pincode, pinlen);
|
||||||
out:
|
out:
|
||||||
sc_unlock(card);
|
sc_unlock(card);
|
||||||
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r);
|
LOG_FUNC_RETURN(ctx, r);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -378,23 +379,26 @@ int sc_pkcs15_change_pin(struct sc_pkcs15_card *p15card,
|
||||||
const u8 *oldpin, size_t oldpinlen,
|
const u8 *oldpin, size_t oldpinlen,
|
||||||
const u8 *newpin, size_t newpinlen)
|
const u8 *newpin, size_t newpinlen)
|
||||||
{
|
{
|
||||||
int r;
|
struct sc_context *ctx = p15card->card->ctx;
|
||||||
sc_card_t *card;
|
|
||||||
struct sc_pin_cmd_data data;
|
struct sc_pin_cmd_data data;
|
||||||
struct sc_pkcs15_auth_info *auth_info = (struct sc_pkcs15_auth_info *)pin_obj->data;
|
struct sc_pkcs15_auth_info *auth_info = (struct sc_pkcs15_auth_info *)pin_obj->data;
|
||||||
|
struct sc_card *card = p15card->card;
|
||||||
|
int r;
|
||||||
|
|
||||||
|
LOG_FUNC_CALLED(ctx);
|
||||||
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
return SC_ERROR_NOT_SUPPORTED;
|
LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED);
|
||||||
|
|
||||||
/* make sure the pins are in valid range */
|
/* make sure the pins are in valid range */
|
||||||
if ((r = _validate_pin(p15card, auth_info, oldpinlen)) != SC_SUCCESS)
|
r = _validate_pin(p15card, auth_info, oldpinlen);
|
||||||
return r;
|
LOG_TEST_RET(ctx, r, "Old PIN value do not conform PIN policy");
|
||||||
if ((r = _validate_pin(p15card, auth_info, newpinlen)) != SC_SUCCESS)
|
|
||||||
return r;
|
r = _validate_pin(p15card, auth_info, newpinlen);
|
||||||
|
LOG_TEST_RET(ctx, r, "New PIN value do not conform PIN policy");
|
||||||
|
|
||||||
card = p15card->card;
|
card = p15card->card;
|
||||||
r = sc_lock(card);
|
r = sc_lock(card);
|
||||||
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "sc_lock() failed");
|
LOG_TEST_RET(ctx, r, "sc_lock() failed");
|
||||||
/* the path in the pin object is optional */
|
/* the path in the pin object is optional */
|
||||||
if (auth_info->path.len > 0) {
|
if (auth_info->path.len > 0) {
|
||||||
r = sc_select_file(card, &auth_info->path, NULL);
|
r = sc_select_file(card, &auth_info->path, NULL);
|
||||||
|
@ -440,7 +444,8 @@ int sc_pkcs15_change_pin(struct sc_pkcs15_card *p15card,
|
||||||
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
||||||
data.pin1.prompt = "Please enter SO PIN";
|
data.pin1.prompt = "Please enter SO PIN";
|
||||||
data.pin2.prompt = "Please enter new SO PIN";
|
data.pin2.prompt = "Please enter new SO PIN";
|
||||||
} else {
|
}
|
||||||
|
else {
|
||||||
data.pin1.prompt = "Please enter PIN";
|
data.pin1.prompt = "Please enter PIN";
|
||||||
data.pin2.prompt = "Please enter new PIN";
|
data.pin2.prompt = "Please enter new PIN";
|
||||||
}
|
}
|
||||||
|
@ -463,21 +468,22 @@ int sc_pkcs15_unblock_pin(struct sc_pkcs15_card *p15card,
|
||||||
const u8 *puk, size_t puklen,
|
const u8 *puk, size_t puklen,
|
||||||
const u8 *newpin, size_t newpinlen)
|
const u8 *newpin, size_t newpinlen)
|
||||||
{
|
{
|
||||||
int r;
|
struct sc_context *ctx = p15card->card->ctx;
|
||||||
sc_card_t *card;
|
|
||||||
struct sc_pin_cmd_data data;
|
struct sc_pin_cmd_data data;
|
||||||
struct sc_pkcs15_object *puk_obj;
|
struct sc_pkcs15_object *puk_obj;
|
||||||
struct sc_pkcs15_auth_info *puk_info = NULL;
|
struct sc_pkcs15_auth_info *puk_info = NULL;
|
||||||
struct sc_pkcs15_auth_info *auth_info = (struct sc_pkcs15_auth_info *)pin_obj->data;
|
struct sc_pkcs15_auth_info *auth_info = (struct sc_pkcs15_auth_info *)pin_obj->data;
|
||||||
|
struct sc_card *card = p15card->card;
|
||||||
|
int r;
|
||||||
|
|
||||||
|
LOG_FUNC_CALLED(ctx);
|
||||||
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
return SC_ERROR_NOT_SUPPORTED;
|
LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED);
|
||||||
|
|
||||||
/* make sure the pins are in valid range */
|
/* make sure the pins are in valid range */
|
||||||
if ((r = _validate_pin(p15card, auth_info, newpinlen)) != SC_SUCCESS)
|
r = _validate_pin(p15card, auth_info, newpinlen);
|
||||||
return r;
|
LOG_TEST_RET(ctx, r, "New PIN value do not conform PIN policy");
|
||||||
|
|
||||||
card = p15card->card;
|
|
||||||
/* get pin_info object of the puk (this is a little bit complicated
|
/* get pin_info object of the puk (this is a little bit complicated
|
||||||
* as we don't have the id of the puk (at least now))
|
* as we don't have the id of the puk (at least now))
|
||||||
* note: for compatibility reasons we give no error if no puk object
|
* note: for compatibility reasons we give no error if no puk object
|
||||||
|
@ -488,22 +494,23 @@ int sc_pkcs15_unblock_pin(struct sc_pkcs15_card *p15card,
|
||||||
/* second step: get the pkcs15 info object of the puk */
|
/* second step: get the pkcs15 info object of the puk */
|
||||||
puk_info = (struct sc_pkcs15_auth_info *)puk_obj->data;
|
puk_info = (struct sc_pkcs15_auth_info *)puk_obj->data;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!puk_info) {
|
if (!puk_info) {
|
||||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unable to get puk object, using pin object instead!");
|
sc_log(ctx, "Unable to get puk object, using pin object instead!");
|
||||||
puk_info = auth_info;
|
puk_info = auth_info;
|
||||||
|
|
||||||
/* make sure the puk is in valid range */
|
/* make sure the puk is in valid range */
|
||||||
r = _validate_pin(p15card, puk_info, puklen);
|
r = _validate_pin(p15card, puk_info, puklen);
|
||||||
if (r != SC_SUCCESS)
|
LOG_TEST_RET(ctx, r, "PIN do not conforms PIN policy");
|
||||||
return r;
|
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
r = sc_pkcs15_verify_pin(p15card, puk_obj, puk, puklen);
|
r = sc_pkcs15_verify_pin(p15card, puk_obj, puk, puklen);
|
||||||
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "cannot verify PUK");
|
LOG_TEST_RET(ctx, r, "cannot verify PUK");
|
||||||
}
|
}
|
||||||
|
|
||||||
r = sc_lock(card);
|
r = sc_lock(card);
|
||||||
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "sc_lock() failed");
|
LOG_TEST_RET(ctx, r, "sc_lock() failed");
|
||||||
|
|
||||||
/* the path in the pin object is optional */
|
/* the path in the pin object is optional */
|
||||||
if (auth_info->path.len > 0) {
|
if (auth_info->path.len > 0) {
|
||||||
r = sc_select_file(card, &auth_info->path, NULL);
|
r = sc_select_file(card, &auth_info->path, NULL);
|
||||||
|
@ -555,7 +562,8 @@ int sc_pkcs15_unblock_pin(struct sc_pkcs15_card *p15card,
|
||||||
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
||||||
data.pin1.prompt = "Please enter PUK";
|
data.pin1.prompt = "Please enter PUK";
|
||||||
data.pin2.prompt = "Please enter new SO PIN";
|
data.pin2.prompt = "Please enter new SO PIN";
|
||||||
} else {
|
}
|
||||||
|
else {
|
||||||
data.pin1.prompt = "Please enter PUK";
|
data.pin1.prompt = "Please enter PUK";
|
||||||
data.pin2.prompt = "Please enter new PIN";
|
data.pin2.prompt = "Please enter new PIN";
|
||||||
}
|
}
|
||||||
|
@ -567,9 +575,10 @@ int sc_pkcs15_unblock_pin(struct sc_pkcs15_card *p15card,
|
||||||
|
|
||||||
out:
|
out:
|
||||||
sc_unlock(card);
|
sc_unlock(card);
|
||||||
return r;
|
LOG_FUNC_RETURN(ctx, r);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void sc_pkcs15_free_auth_info(sc_pkcs15_auth_info_t *auth_info)
|
void sc_pkcs15_free_auth_info(sc_pkcs15_auth_info_t *auth_info)
|
||||||
{
|
{
|
||||||
free(auth_info);
|
free(auth_info);
|
||||||
|
@ -585,14 +594,14 @@ void sc_pkcs15_pincache_add(struct sc_pkcs15_card *p15card, struct sc_pkcs15_obj
|
||||||
struct sc_pkcs15_object *obj = NULL;
|
struct sc_pkcs15_object *obj = NULL;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL);
|
LOG_FUNC_CALLED(ctx);
|
||||||
|
|
||||||
if (!p15card->opts.use_pin_cache) {
|
if (!p15card->opts.use_pin_cache) {
|
||||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "PIN caching not enabled");
|
sc_log(ctx, "PIN caching not enabled");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
else if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN) {
|
else if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN) {
|
||||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "only 'PIN' auth. object can be cached");
|
sc_log(ctx, "only 'PIN' auth. object can be cached");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -609,7 +618,7 @@ void sc_pkcs15_pincache_add(struct sc_pkcs15_card *p15card, struct sc_pkcs15_obj
|
||||||
/* Caching is refused, if the protected object requires user consent */
|
/* Caching is refused, if the protected object requires user consent */
|
||||||
if (!p15card->opts.pin_cache_ignore_user_consent) {
|
if (!p15card->opts.pin_cache_ignore_user_consent) {
|
||||||
if (obj->user_consent > 0) {
|
if (obj->user_consent > 0) {
|
||||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "caching refused (user consent)");
|
sc_log(ctx, "caching refused (user consent)");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -620,12 +629,12 @@ void sc_pkcs15_pincache_add(struct sc_pkcs15_card *p15card, struct sc_pkcs15_obj
|
||||||
|
|
||||||
r = sc_pkcs15_allocate_object_content(ctx, pin_obj, pin, pinlen);
|
r = sc_pkcs15_allocate_object_content(ctx, pin_obj, pin, pinlen);
|
||||||
if (r != SC_SUCCESS) {
|
if (r != SC_SUCCESS) {
|
||||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Failed to allocate object content");
|
sc_log(ctx, "Failed to allocate object content");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
pin_obj->usage_counter = 0;
|
pin_obj->usage_counter = 0;
|
||||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "PIN(%s) cached", pin_obj->label);
|
sc_log(ctx, "PIN(%s) cached", pin_obj->label);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Validate the PIN code associated with an object */
|
/* Validate the PIN code associated with an object */
|
||||||
|
@ -635,12 +644,12 @@ int sc_pkcs15_pincache_revalidate(struct sc_pkcs15_card *p15card, const sc_pkcs1
|
||||||
sc_pkcs15_object_t *pin_obj;
|
sc_pkcs15_object_t *pin_obj;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL);
|
LOG_FUNC_CALLED(ctx);
|
||||||
|
|
||||||
if (!p15card->opts.use_pin_cache)
|
if (!p15card->opts.use_pin_cache)
|
||||||
return SC_ERROR_SECURITY_STATUS_NOT_SATISFIED;
|
return SC_ERROR_SECURITY_STATUS_NOT_SATISFIED;
|
||||||
|
|
||||||
/* Apps that do not support CK_ALWAYS_AUTHENTICATE may need pin_cache_ignore_user_consent = 1 */
|
/* Apps that do not support CK_ALWAYS_AUTHENTICATE
|
||||||
|
* may need pin_cache_ignore_user_consent = 1 */
|
||||||
if (!p15card->opts.pin_cache_ignore_user_consent) {
|
if (!p15card->opts.pin_cache_ignore_user_consent) {
|
||||||
if (obj->user_consent)
|
if (obj->user_consent)
|
||||||
return SC_ERROR_SECURITY_STATUS_NOT_SATISFIED;
|
return SC_ERROR_SECURITY_STATUS_NOT_SATISFIED;
|
||||||
|
@ -651,7 +660,7 @@ int sc_pkcs15_pincache_revalidate(struct sc_pkcs15_card *p15card, const sc_pkcs1
|
||||||
|
|
||||||
r = sc_pkcs15_find_pin_by_auth_id(p15card, &obj->auth_id, &pin_obj);
|
r = sc_pkcs15_find_pin_by_auth_id(p15card, &obj->auth_id, &pin_obj);
|
||||||
if (r != SC_SUCCESS) {
|
if (r != SC_SUCCESS) {
|
||||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Could not find pin object for auth_id %s", sc_pkcs15_print_id(&obj->auth_id));
|
sc_log(ctx, "Could not find pin object for auth_id %s", sc_pkcs15_print_id(&obj->auth_id));
|
||||||
return SC_ERROR_SECURITY_STATUS_NOT_SATISFIED;
|
return SC_ERROR_SECURITY_STATUS_NOT_SATISFIED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -669,11 +678,11 @@ int sc_pkcs15_pincache_revalidate(struct sc_pkcs15_card *p15card, const sc_pkcs1
|
||||||
/* Ensure that wrong PIN isn't used again */
|
/* Ensure that wrong PIN isn't used again */
|
||||||
sc_pkcs15_free_object_content(pin_obj);
|
sc_pkcs15_free_object_content(pin_obj);
|
||||||
|
|
||||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Verify PIN error %i", r);
|
sc_log(ctx, "Verify PIN error %i", r);
|
||||||
return SC_ERROR_SECURITY_STATUS_NOT_SATISFIED;
|
return SC_ERROR_SECURITY_STATUS_NOT_SATISFIED;
|
||||||
}
|
}
|
||||||
|
|
||||||
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_SUCCESS);
|
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
|
||||||
}
|
}
|
||||||
|
|
||||||
void sc_pkcs15_pincache_clear(struct sc_pkcs15_card *p15card)
|
void sc_pkcs15_pincache_clear(struct sc_pkcs15_card *p15card)
|
||||||
|
|
Loading…
Reference in New Issue