goid-tool: implented PIN/FP verification for PAccess
This commit is contained in:
parent
3dd0638623
commit
928fbf2f03
|
@ -37,11 +37,11 @@ const char *gengetopt_args_info_help[] = {
|
||||||
" -V, --version Print version and exit",
|
" -V, --version Print version and exit",
|
||||||
" -r, --reader=STRING Number of the reader to use. By default, the\n first reader with a present card is used. If\n the arguement is an ATR, the reader with a\n matching card will be chosen.",
|
" -r, --reader=STRING Number of the reader to use. By default, the\n first reader with a present card is used. If\n the arguement is an ATR, the reader with a\n matching card will be chosen.",
|
||||||
" -v, --verbose Use (several times) to be more verbose",
|
" -v, --verbose Use (several times) to be more verbose",
|
||||||
"\nReport bugs to https://github.com/OpenSC/OpenSC/issues\n\nWritten by Frank Morgner <frankmorgner@gmail.com>",
|
|
||||||
"\n Mode: soc\n Options for SoCManager Applet",
|
|
||||||
" -p, --verify-pin Verify PIN",
|
" -p, --verify-pin Verify PIN",
|
||||||
" -b, --verify-bio Verify finger print",
|
" -b, --verify-bio Verify finger print",
|
||||||
" --verify-pin-or-bio Verify PIN or finger print (user's choice)",
|
" --verify-pin-or-bio Verify PIN or finger print (user's choice)",
|
||||||
|
"\nReport bugs to https://github.com/OpenSC/OpenSC/issues\n\nWritten by Frank Morgner <frankmorgner@gmail.com>",
|
||||||
|
"\n Mode: soc\n Options for SoCManager Applet",
|
||||||
" --new-pin Change PIN",
|
" --new-pin Change PIN",
|
||||||
" --new-bio Use (several times) to change one or more\n biometric templates",
|
" --new-bio Use (several times) to change one or more\n biometric templates",
|
||||||
" --info Dump Information about the SoCManager's\n configuration",
|
" --info Dump Information about the SoCManager's\n configuration",
|
||||||
|
@ -173,9 +173,9 @@ void init_args_info(struct gengetopt_args_info *args_info)
|
||||||
args_info->verbose_help = gengetopt_args_info_help[3] ;
|
args_info->verbose_help = gengetopt_args_info_help[3] ;
|
||||||
args_info->verbose_min = 0;
|
args_info->verbose_min = 0;
|
||||||
args_info->verbose_max = 0;
|
args_info->verbose_max = 0;
|
||||||
args_info->verify_pin_help = gengetopt_args_info_help[6] ;
|
args_info->verify_pin_help = gengetopt_args_info_help[4] ;
|
||||||
args_info->verify_bio_help = gengetopt_args_info_help[7] ;
|
args_info->verify_bio_help = gengetopt_args_info_help[5] ;
|
||||||
args_info->verify_pin_or_bio_help = gengetopt_args_info_help[8] ;
|
args_info->verify_pin_or_bio_help = gengetopt_args_info_help[6] ;
|
||||||
args_info->new_pin_help = gengetopt_args_info_help[9] ;
|
args_info->new_pin_help = gengetopt_args_info_help[9] ;
|
||||||
args_info->new_bio_help = gengetopt_args_info_help[10] ;
|
args_info->new_bio_help = gengetopt_args_info_help[10] ;
|
||||||
args_info->new_bio_min = 0;
|
args_info->new_bio_min = 0;
|
||||||
|
@ -1832,7 +1832,6 @@ cmdline_parser_internal (
|
||||||
|
|
||||||
break;
|
break;
|
||||||
case 'p': /* Verify PIN. */
|
case 'p': /* Verify PIN. */
|
||||||
args_info->soc_mode_counter += 1;
|
|
||||||
|
|
||||||
|
|
||||||
if (update_arg( 0 ,
|
if (update_arg( 0 ,
|
||||||
|
@ -1845,7 +1844,6 @@ cmdline_parser_internal (
|
||||||
|
|
||||||
break;
|
break;
|
||||||
case 'b': /* Verify finger print. */
|
case 'b': /* Verify finger print. */
|
||||||
args_info->soc_mode_counter += 1;
|
|
||||||
|
|
||||||
|
|
||||||
if (update_arg( 0 ,
|
if (update_arg( 0 ,
|
||||||
|
@ -1885,7 +1883,6 @@ cmdline_parser_internal (
|
||||||
/* Verify PIN or finger print (user's choice). */
|
/* Verify PIN or finger print (user's choice). */
|
||||||
if (strcmp (long_options[option_index].name, "verify-pin-or-bio") == 0)
|
if (strcmp (long_options[option_index].name, "verify-pin-or-bio") == 0)
|
||||||
{
|
{
|
||||||
args_info->soc_mode_counter += 1;
|
|
||||||
|
|
||||||
|
|
||||||
if (update_arg( 0 ,
|
if (update_arg( 0 ,
|
||||||
|
@ -2212,8 +2209,8 @@ cmdline_parser_internal (
|
||||||
if (args_info->pxs_mode_counter && args_info->soc_mode_counter) {
|
if (args_info->pxs_mode_counter && args_info->soc_mode_counter) {
|
||||||
int pxs_given[] = {args_info->certificate_given, args_info->key_given, args_info->print_cardid_given, args_info->write_cardid_given, args_info->print_paccessid_given, args_info->write_paccessid_given, args_info->read_dg_given, args_info->out_file_given, args_info->write_dg_given, args_info->in_file_given, args_info->delete_dg_given, args_info->create_dg_given, args_info->new_size_given, args_info->new_read_ac_given, args_info->new_read_ac_chatbit_given, args_info->new_write_ac_given, args_info->new_write_ac_chatbit_given, -1};
|
int pxs_given[] = {args_info->certificate_given, args_info->key_given, args_info->print_cardid_given, args_info->write_cardid_given, args_info->print_paccessid_given, args_info->write_paccessid_given, args_info->read_dg_given, args_info->out_file_given, args_info->write_dg_given, args_info->in_file_given, args_info->delete_dg_given, args_info->create_dg_given, args_info->new_size_given, args_info->new_read_ac_given, args_info->new_read_ac_chatbit_given, args_info->new_write_ac_given, args_info->new_write_ac_chatbit_given, -1};
|
||||||
const char *pxs_desc[] = {"--certificate", "--key", "--print-cardid", "--write-cardid", "--print-paccessid", "--write-paccessid", "--read-dg", "--out-file", "--write-dg", "--in-file", "--delete-dg", "--create-dg", "--new-size", "--new-read-ac", "--new-read-ac-chatbit", "--new-write-ac", "--new-write-ac-chatbit", 0};
|
const char *pxs_desc[] = {"--certificate", "--key", "--print-cardid", "--write-cardid", "--print-paccessid", "--write-paccessid", "--read-dg", "--out-file", "--write-dg", "--in-file", "--delete-dg", "--create-dg", "--new-size", "--new-read-ac", "--new-read-ac-chatbit", "--new-write-ac", "--new-write-ac-chatbit", 0};
|
||||||
int soc_given[] = {args_info->verify_pin_given, args_info->verify_bio_given, args_info->verify_pin_or_bio_given, args_info->new_pin_given, args_info->new_bio_given, args_info->info_given, -1};
|
int soc_given[] = {args_info->new_pin_given, args_info->new_bio_given, args_info->info_given, -1};
|
||||||
const char *soc_desc[] = {"--verify-pin", "--verify-bio", "--verify-pin-or-bio", "--new-pin", "--new-bio", "--info", 0};
|
const char *soc_desc[] = {"--new-pin", "--new-bio", "--info", 0};
|
||||||
error_occurred += check_modes(pxs_given, pxs_desc, soc_given, soc_desc);
|
error_occurred += check_modes(pxs_given, pxs_desc, soc_given, soc_desc);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -340,7 +340,7 @@ int soc_main(struct sc_context *ctx, sc_card_t *card, struct gengetopt_args_info
|
||||||
}
|
}
|
||||||
if (cmdline->verify_pin_given) {
|
if (cmdline->verify_pin_given) {
|
||||||
sc_debug(ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
|
sc_debug(ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
|
||||||
"Verify finger print or PIN on the card.");
|
"Verify PIN on the card.");
|
||||||
if (!soc_verify(card, SOCM_AUTHOBJECT_PIN))
|
if (!soc_verify(card, SOCM_AUTHOBJECT_PIN))
|
||||||
goto err;
|
goto err;
|
||||||
soc_reset_authobject |= SOCM_AUTHOBJECT_PIN;
|
soc_reset_authobject |= SOCM_AUTHOBJECT_PIN;
|
||||||
|
@ -493,6 +493,26 @@ err:
|
||||||
return ok;
|
return ok;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#define PXS_AUTHOBJECT_PIN 0x80
|
||||||
|
#define PXS_AUTHOBJECT_BIO 0x40
|
||||||
|
|
||||||
|
int
|
||||||
|
paccess_verify(sc_card_t *card, unsigned char p2)
|
||||||
|
{
|
||||||
|
int ok = 0;
|
||||||
|
sc_apdu_t apdu;
|
||||||
|
sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x2E, 0x24, p2);
|
||||||
|
SC_TEST_GOTO_ERR(card->ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
|
||||||
|
sc_transmit_apdu(card, &apdu),
|
||||||
|
"Verification failed");
|
||||||
|
SC_TEST_GOTO_ERR(card->ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
|
||||||
|
sc_check_sw(card, apdu.sw1, apdu.sw2),
|
||||||
|
"Verification failed");
|
||||||
|
ok = 1;
|
||||||
|
err:
|
||||||
|
return ok;
|
||||||
|
}
|
||||||
|
|
||||||
int paccess_main(struct sc_context *ctx, sc_card_t *card, struct gengetopt_args_info *cmdline)
|
int paccess_main(struct sc_context *ctx, sc_card_t *card, struct gengetopt_args_info *cmdline)
|
||||||
{
|
{
|
||||||
int ok = 0, r;
|
int ok = 0, r;
|
||||||
|
@ -504,6 +524,7 @@ int paccess_main(struct sc_context *ctx, sc_card_t *card, struct gengetopt_args_
|
||||||
unsigned char auxiliary_data[] = {0x67, 0x00};
|
unsigned char auxiliary_data[] = {0x67, 0x00};
|
||||||
unsigned char paccess_minor = 0;
|
unsigned char paccess_minor = 0;
|
||||||
unsigned char paccess_major = 0;
|
unsigned char paccess_major = 0;
|
||||||
|
int pxs_reset_authobjects = 0;
|
||||||
|
|
||||||
sc_path_set(&path, SC_PATH_TYPE_DF_NAME, paccess_aid, sizeof paccess_aid, 0, 0);
|
sc_path_set(&path, SC_PATH_TYPE_DF_NAME, paccess_aid, sizeof paccess_aid, 0, 0);
|
||||||
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
|
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
|
||||||
|
@ -600,6 +621,28 @@ int paccess_main(struct sc_context *ctx, sc_card_t *card, struct gengetopt_args_
|
||||||
"Chip authentication failed.");
|
"Chip authentication failed.");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (cmdline->verify_pin_given) {
|
||||||
|
sc_debug(ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
|
||||||
|
"Verify PIN on the card.");
|
||||||
|
if (!paccess_verify(card, PXS_AUTHOBJECT_PIN))
|
||||||
|
goto err;
|
||||||
|
pxs_reset_authobjects++;
|
||||||
|
}
|
||||||
|
if (cmdline->verify_bio_given) {
|
||||||
|
sc_debug(ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
|
||||||
|
"Verify finger print on the card.");
|
||||||
|
if (!paccess_verify(card, PXS_AUTHOBJECT_BIO))
|
||||||
|
goto err;
|
||||||
|
pxs_reset_authobjects++;
|
||||||
|
}
|
||||||
|
if (cmdline->verify_pin_or_bio_given) {
|
||||||
|
sc_debug(ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
|
||||||
|
"Verify finger print or PIN on the card.");
|
||||||
|
if (!paccess_verify(card, PXS_AUTHOBJECT_PIN|PXS_AUTHOBJECT_BIO))
|
||||||
|
goto err;
|
||||||
|
pxs_reset_authobjects++;
|
||||||
|
}
|
||||||
|
|
||||||
for (i = 0; i < cmdline->delete_dg_given; i++) {
|
for (i = 0; i < cmdline->delete_dg_given; i++) {
|
||||||
int fid = 0x0100 | cmdline->delete_dg_arg[i];
|
int fid = 0x0100 | cmdline->delete_dg_arg[i];
|
||||||
|
|
||||||
|
@ -791,6 +834,8 @@ int paccess_main(struct sc_context *ctx, sc_card_t *card, struct gengetopt_args_
|
||||||
ok = 1;
|
ok = 1;
|
||||||
|
|
||||||
err:
|
err:
|
||||||
|
if (pxs_reset_authobjects)
|
||||||
|
sc_reset(card, 0);
|
||||||
if (certs) {
|
if (certs) {
|
||||||
for (i = 0; certs[i]; i++) {
|
for (i = 0; certs[i]; i++) {
|
||||||
free((unsigned char *) certs[i]);
|
free((unsigned char *) certs[i]);
|
||||||
|
@ -844,6 +889,12 @@ main(int argc, char **argv)
|
||||||
goto err;
|
goto err;
|
||||||
if (cmdline.pxs_mode_counter && !paccess_main(ctx, card, &cmdline))
|
if (cmdline.pxs_mode_counter && !paccess_main(ctx, card, &cmdline))
|
||||||
goto err;
|
goto err;
|
||||||
|
if (cmdline.soc_mode_counter == 0 && cmdline.pxs_mode_counter == 0
|
||||||
|
&& (cmdline.verify_pin_given
|
||||||
|
|| cmdline.verify_bio_given
|
||||||
|
|| cmdline.verify_pin_or_bio_given)
|
||||||
|
&& !soc_main(ctx, card, &cmdline))
|
||||||
|
goto err;
|
||||||
|
|
||||||
fail = 0;
|
fail = 0;
|
||||||
|
|
||||||
|
|
|
@ -7,17 +7,17 @@ option "reader" r
|
||||||
option "verbose" v
|
option "verbose" v
|
||||||
"Use (several times) to be more verbose"
|
"Use (several times) to be more verbose"
|
||||||
multiple optional
|
multiple optional
|
||||||
|
option "verify-pin" p
|
||||||
|
"Verify PIN"
|
||||||
|
optional
|
||||||
|
option "verify-bio" b
|
||||||
|
"Verify finger print"
|
||||||
|
optional
|
||||||
|
option "verify-pin-or-bio" -
|
||||||
|
"Verify PIN or finger print (user's choice)"
|
||||||
|
optional
|
||||||
|
|
||||||
defmode "soc" modedesc="Options for SoCManager Applet"
|
defmode "soc" modedesc="Options for SoCManager Applet"
|
||||||
modeoption "verify-pin" p
|
|
||||||
"Verify PIN"
|
|
||||||
mode="soc" optional
|
|
||||||
modeoption "verify-bio" b
|
|
||||||
"Verify finger print"
|
|
||||||
mode="soc" optional
|
|
||||||
modeoption "verify-pin-or-bio" -
|
|
||||||
"Verify PIN or finger print (user's choice)"
|
|
||||||
mode="soc" optional
|
|
||||||
modeoption "new-pin" -
|
modeoption "new-pin" -
|
||||||
"Change PIN"
|
"Change PIN"
|
||||||
mode="soc" optional
|
mode="soc" optional
|
||||||
|
|
Loading…
Reference in New Issue