giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

goid-tool: reset authentication status

This commit is contained in:
Frank Morgner 2019-01-30 12:59:22 +01:00
parent fc08d89247
commit 83c4ebe9d6
1 changed files with 40 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
src/tools/goid-tool.c
View File

@ -43,19 +43,23 @@ static const unsigned char paccess_aid[] = {
}; };
static const char *app_name = "goid-tool"; static const char *app_name = "goid-tool";
#define SOCM_AUTHOBJECT_PIN 0x80
#define SOCM_AUTHOBJECT_BIO 0x40
#define SOCM_AUTHOBJECT_GP 0x20
void void
print_permissions(u8 permissions) print_permissions(u8 permissions)
{ {
size_t perms_printed = 0; size_t perms_printed = 0;
if (permissions & 0x80) { if (permissions & SOCM_AUTHOBJECT_PIN) {
printf("%s PIN", perms_printed ? " or" : "verification of"); printf("%s PIN", perms_printed ? " or" : "verification of");
perms_printed++; perms_printed++;
} }
if (permissions & 0x40) { if (permissions & SOCM_AUTHOBJECT_BIO) {
printf("%s BIO", perms_printed ? " or" : "verification of"); printf("%s BIO", perms_printed ? " or" : "verification of");
perms_printed++; perms_printed++;
} }
if (permissions & 0x20) { if (permissions & SOCM_AUTHOBJECT_GP) {
printf("%s GP key", perms_printed ? " or" : "verification of"); printf("%s GP key", perms_printed ? " or" : "verification of");
perms_printed++; perms_printed++;
} }
@ -247,6 +251,25 @@ err:
return ok; return ok;
} }
int
soc_reset(sc_card_t *card, unsigned char p2)
{
int ok = 0;
sc_apdu_t apdu;
sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x20, 0xFF, p2);
SC_TEST_GOTO_ERR(card->ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
sc_transmit_apdu(card, &apdu),
"Reset failed");
if (apdu.sw1 != 0x63) {
SC_TEST_GOTO_ERR(card->ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
sc_check_sw(card, apdu.sw1, apdu.sw2),
"Reset failed");
}
ok = 1;
err:
return ok;
}
int int
soc_change(sc_card_t *card, unsigned char p1, unsigned char p2) soc_change(sc_card_t *card, unsigned char p1, unsigned char p2)
{ {
@ -258,11 +281,11 @@ soc_change(sc_card_t *card, unsigned char p1, unsigned char p2)
"Changing secret failed"); "Changing secret failed");
while (apdu.sw1 == 0x91 && apdu.sw2 == 0x00) { while (apdu.sw1 == 0x91 && apdu.sw2 == 0x00) {
switch (p2) { switch (p2) {
case 0x80: case SOCM_AUTHOBJECT_PIN:
sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE_TOOL, sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
"Verify your PIN on the card using the same position."); "Verify your PIN on the card using the same position.");
break; break;
case 0x40: case SOCM_AUTHOBJECT_BIO:
sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE_TOOL, sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
"Verify your finger print on the card using the same position."); "Verify your finger print on the card using the same position.");
break; break;
@ -286,6 +309,7 @@ int soc_main(struct sc_context *ctx, sc_card_t *card, struct gengetopt_args_info
struct sc_path path; struct sc_path path;
unsigned char soc_manager_minor = 0; unsigned char soc_manager_minor = 0;
unsigned char soc_manager_major = 0; unsigned char soc_manager_major = 0;
unsigned char soc_reset_authobject = 0;
sc_path_set(&path, SC_PATH_TYPE_DF_NAME, aid_soc_manager, sizeof aid_soc_manager, 0, 0); sc_path_set(&path, SC_PATH_TYPE_DF_NAME, aid_soc_manager, sizeof aid_soc_manager, 0, 0);
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_VERBOSE_TOOL, SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
@ -317,26 +341,29 @@ int soc_main(struct sc_context *ctx, sc_card_t *card, struct gengetopt_args_info
if (cmdline->verify_pin_given) { if (cmdline->verify_pin_given) {
sc_debug(ctx, SC_LOG_DEBUG_VERBOSE_TOOL, sc_debug(ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
"Verify finger print or PIN on the card."); "Verify finger print or PIN on the card.");
if (!soc_verify(card, 0x80)) if (!soc_verify(card, SOCM_AUTHOBJECT_PIN))
goto err; goto err;
soc_reset_authobject |= SOCM_AUTHOBJECT_PIN;
} }
if (cmdline->verify_bio_given) { if (cmdline->verify_bio_given) {
sc_debug(ctx, SC_LOG_DEBUG_VERBOSE_TOOL, sc_debug(ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
"Verify finger print on the card."); "Verify finger print on the card.");
if (!soc_verify(card, 0x40)) if (!soc_verify(card, SOCM_AUTHOBJECT_BIO))
goto err; goto err;
soc_reset_authobject |= SOCM_AUTHOBJECT_BIO;
} }
if (cmdline->verify_pin_or_bio_given) { if (cmdline->verify_pin_or_bio_given) {
sc_debug(ctx, SC_LOG_DEBUG_VERBOSE_TOOL, sc_debug(ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
"Verify finger print or PIN on the card."); "Verify finger print or PIN on the card.");
if (!soc_verify(card, 0xC0)) if (!soc_verify(card, SOCM_AUTHOBJECT_PIN|SOCM_AUTHOBJECT_BIO))
goto err; goto err;
soc_reset_authobject |= SOCM_AUTHOBJECT_PIN|SOCM_AUTHOBJECT_BIO;
} }
if (cmdline->new_pin_given) { if (cmdline->new_pin_given) {
sc_debug(ctx, SC_LOG_DEBUG_VERBOSE_TOOL, sc_debug(ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
"Initialize the PIN on the card."); "Initialize the PIN on the card.");
if (!soc_change(card, 0x00, 0x80)) if (!soc_change(card, 0x00, SOCM_AUTHOBJECT_BIO))
goto err; goto err;
} }
if (cmdline->new_bio_given) { if (cmdline->new_bio_given) {
@ -345,7 +372,7 @@ int soc_main(struct sc_context *ctx, sc_card_t *card, struct gengetopt_args_info
sc_debug(ctx, SC_LOG_DEBUG_VERBOSE_TOOL, sc_debug(ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
"Initialize finger print template %u on the card.", "Initialize finger print template %u on the card.",
(unsigned char) i); (unsigned char) i);
if (!soc_change(card, (unsigned char) i, 0x40)) if (!soc_change(card, (unsigned char) i, SOCM_AUTHOBJECT_BIO))
goto err; goto err;
i++; i++;
} }
@ -354,6 +381,9 @@ int soc_main(struct sc_context *ctx, sc_card_t *card, struct gengetopt_args_info
ok = 1; ok = 1;
err: err:
if (soc_reset_authobject)
soc_reset(card, soc_reset_authobject);
return ok; return ok;
} }