giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

goid-tool: implented PIN/FP verification for PAccess

This commit is contained in:
Frank Morgner 2019-02-04 16:00:45 +01:00
parent 3dd0638623
commit 928fbf2f03
3 changed files with 68 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/tools/goid-tool-cmdline.c
View File

@ -37,11 +37,11 @@ const char *gengetopt_args_info_help[] = {
" -V, --version Print version and exit",
" -r, --reader=STRING Number of the reader to use. By default, the\n first reader with a present card is used. If\n the arguement is an ATR, the reader with a\n matching card will be chosen.",
" -v, --verbose Use (several times) to be more verbose",
"\nReport bugs to https://github.com/OpenSC/OpenSC/issues\n\nWritten by Frank Morgner <frankmorgner@gmail.com>",
"\n Mode: soc\n Options for SoCManager Applet",
" -p, --verify-pin Verify PIN",
" -b, --verify-bio Verify finger print",
" --verify-pin-or-bio Verify PIN or finger print (user's choice)",
"\nReport bugs to https://github.com/OpenSC/OpenSC/issues\n\nWritten by Frank Morgner <frankmorgner@gmail.com>",
"\n Mode: soc\n Options for SoCManager Applet",
" --new-pin Change PIN",
" --new-bio Use (several times) to change one or more\n biometric templates",
" --info Dump Information about the SoCManager's\n configuration",
@ -173,9 +173,9 @@ void init_args_info(struct gengetopt_args_info *args_info)
args_info->verbose_help = gengetopt_args_info_help[3] ;
args_info->verbose_min = 0;
args_info->verbose_max = 0;
args_info->verify_pin_help = gengetopt_args_info_help[6] ;
args_info->verify_bio_help = gengetopt_args_info_help[7] ;
args_info->verify_pin_or_bio_help = gengetopt_args_info_help[8] ;
args_info->verify_pin_help = gengetopt_args_info_help[4] ;
args_info->verify_bio_help = gengetopt_args_info_help[5] ;
args_info->verify_pin_or_bio_help = gengetopt_args_info_help[6] ;
args_info->new_pin_help = gengetopt_args_info_help[9] ;
args_info->new_bio_help = gengetopt_args_info_help[10] ;
args_info->new_bio_min = 0;
@ -1832,7 +1832,6 @@ cmdline_parser_internal (
break;
case 'p': /* Verify PIN. */
args_info->soc_mode_counter += 1;
if (update_arg( 0 ,
@ -1845,7 +1844,6 @@ cmdline_parser_internal (
break;
case 'b': /* Verify finger print. */
args_info->soc_mode_counter += 1;
if (update_arg( 0 ,
@ -1885,7 +1883,6 @@ cmdline_parser_internal (
/* Verify PIN or finger print (user's choice). */
if (strcmp (long_options[option_index].name, "verify-pin-or-bio") == 0)
{
args_info->soc_mode_counter += 1;
if (update_arg( 0 ,
@ -2212,8 +2209,8 @@ cmdline_parser_internal (
if (args_info->pxs_mode_counter && args_info->soc_mode_counter) {
int pxs_given[] = {args_info->certificate_given, args_info->key_given, args_info->print_cardid_given, args_info->write_cardid_given, args_info->print_paccessid_given, args_info->write_paccessid_given, args_info->read_dg_given, args_info->out_file_given, args_info->write_dg_given, args_info->in_file_given, args_info->delete_dg_given, args_info->create_dg_given, args_info->new_size_given, args_info->new_read_ac_given, args_info->new_read_ac_chatbit_given, args_info->new_write_ac_given, args_info->new_write_ac_chatbit_given, -1};
const char *pxs_desc[] = {"--certificate", "--key", "--print-cardid", "--write-cardid", "--print-paccessid", "--write-paccessid", "--read-dg", "--out-file", "--write-dg", "--in-file", "--delete-dg", "--create-dg", "--new-size", "--new-read-ac", "--new-read-ac-chatbit", "--new-write-ac", "--new-write-ac-chatbit", 0};
int soc_given[] = {args_info->verify_pin_given, args_info->verify_bio_given, args_info->verify_pin_or_bio_given, args_info->new_pin_given, args_info->new_bio_given, args_info->info_given, -1};
const char *soc_desc[] = {"--verify-pin", "--verify-bio", "--verify-pin-or-bio", "--new-pin", "--new-bio", "--info", 0};
int soc_given[] = {args_info->new_pin_given, args_info->new_bio_given, args_info->info_given, -1};
const char *soc_desc[] = {"--new-pin", "--new-bio", "--info", 0};
error_occurred += check_modes(pxs_given, pxs_desc, soc_given, soc_desc);
}

53
src/tools/goid-tool.c
View File

@ -340,7 +340,7 @@ int soc_main(struct sc_context *ctx, sc_card_t *card, struct gengetopt_args_info
}
if (cmdline->verify_pin_given) {
sc_debug(ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
"Verify finger print or PIN on the card.");
"Verify PIN on the card.");
if (!soc_verify(card, SOCM_AUTHOBJECT_PIN))
goto err;
soc_reset_authobject |= SOCM_AUTHOBJECT_PIN;
@ -493,6 +493,26 @@ err:
return ok;
}
#define PXS_AUTHOBJECT_PIN 0x80
#define PXS_AUTHOBJECT_BIO 0x40
int
paccess_verify(sc_card_t *card, unsigned char p2)
{
int ok = 0;
sc_apdu_t apdu;
sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x2E, 0x24, p2);
SC_TEST_GOTO_ERR(card->ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
sc_transmit_apdu(card, &apdu),
"Verification failed");
SC_TEST_GOTO_ERR(card->ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
sc_check_sw(card, apdu.sw1, apdu.sw2),
"Verification failed");
ok = 1;
err:
return ok;
}
int paccess_main(struct sc_context *ctx, sc_card_t *card, struct gengetopt_args_info *cmdline)
{
int ok = 0, r;
@ -504,6 +524,7 @@ int paccess_main(struct sc_context *ctx, sc_card_t *card, struct gengetopt_args_
unsigned char auxiliary_data[] = {0x67, 0x00};
unsigned char paccess_minor = 0;
unsigned char paccess_major = 0;
int pxs_reset_authobjects = 0;
sc_path_set(&path, SC_PATH_TYPE_DF_NAME, paccess_aid, sizeof paccess_aid, 0, 0);
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
@ -600,6 +621,28 @@ int paccess_main(struct sc_context *ctx, sc_card_t *card, struct gengetopt_args_
"Chip authentication failed.");
}
if (cmdline->verify_pin_given) {
sc_debug(ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
"Verify PIN on the card.");
if (!paccess_verify(card, PXS_AUTHOBJECT_PIN))
goto err;
pxs_reset_authobjects++;
}
if (cmdline->verify_bio_given) {
sc_debug(ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
"Verify finger print on the card.");
if (!paccess_verify(card, PXS_AUTHOBJECT_BIO))
goto err;
pxs_reset_authobjects++;
}
if (cmdline->verify_pin_or_bio_given) {
sc_debug(ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
"Verify finger print or PIN on the card.");
if (!paccess_verify(card, PXS_AUTHOBJECT_PIN|PXS_AUTHOBJECT_BIO))
goto err;
pxs_reset_authobjects++;
}
for (i = 0; i < cmdline->delete_dg_given; i++) {
int fid = 0x0100 | cmdline->delete_dg_arg[i];
@ -791,6 +834,8 @@ int paccess_main(struct sc_context *ctx, sc_card_t *card, struct gengetopt_args_
ok = 1;
err:
if (pxs_reset_authobjects)
sc_reset(card, 0);
if (certs) {
for (i = 0; certs[i]; i++) {
free((unsigned char *) certs[i]);
@ -844,6 +889,12 @@ main(int argc, char **argv)
goto err;
if (cmdline.pxs_mode_counter && !paccess_main(ctx, card, &cmdline))
goto err;
if (cmdline.soc_mode_counter == 0 && cmdline.pxs_mode_counter == 0
&& (cmdline.verify_pin_given
|| cmdline.verify_bio_given
|| cmdline.verify_pin_or_bio_given)
&& !soc_main(ctx, card, &cmdline))
goto err;
fail = 0;

18
src/tools/goid-tool.ggo.in
View File

@ -7,17 +7,17 @@ option "reader" r
option "verbose" v
"Use (several times) to be more verbose"
multiple optional
option "verify-pin" p
"Verify PIN"
optional
option "verify-bio" b
"Verify finger print"
optional
option "verify-pin-or-bio" -
"Verify PIN or finger print (user's choice)"
optional
defmode "soc" modedesc="Options for SoCManager Applet"
modeoption "verify-pin" p
"Verify PIN"
mode="soc" optional
modeoption "verify-bio" b
"Verify finger print"
mode="soc" optional
modeoption "verify-pin-or-bio" -
"Verify PIN or finger print (user's choice)"
mode="soc" optional
modeoption "new-pin" -
"Change PIN"
mode="soc" optional