goid-tool: implented PIN/FP verification for PAccess
This commit is contained in:
parent
3dd0638623
commit
928fbf2f03
|
@ -37,11 +37,11 @@ const char *gengetopt_args_info_help[] = {
|
|||
" -V, --version Print version and exit",
|
||||
" -r, --reader=STRING Number of the reader to use. By default, the\n first reader with a present card is used. If\n the arguement is an ATR, the reader with a\n matching card will be chosen.",
|
||||
" -v, --verbose Use (several times) to be more verbose",
|
||||
"\nReport bugs to https://github.com/OpenSC/OpenSC/issues\n\nWritten by Frank Morgner <frankmorgner@gmail.com>",
|
||||
"\n Mode: soc\n Options for SoCManager Applet",
|
||||
" -p, --verify-pin Verify PIN",
|
||||
" -b, --verify-bio Verify finger print",
|
||||
" --verify-pin-or-bio Verify PIN or finger print (user's choice)",
|
||||
"\nReport bugs to https://github.com/OpenSC/OpenSC/issues\n\nWritten by Frank Morgner <frankmorgner@gmail.com>",
|
||||
"\n Mode: soc\n Options for SoCManager Applet",
|
||||
" --new-pin Change PIN",
|
||||
" --new-bio Use (several times) to change one or more\n biometric templates",
|
||||
" --info Dump Information about the SoCManager's\n configuration",
|
||||
|
@ -173,9 +173,9 @@ void init_args_info(struct gengetopt_args_info *args_info)
|
|||
args_info->verbose_help = gengetopt_args_info_help[3] ;
|
||||
args_info->verbose_min = 0;
|
||||
args_info->verbose_max = 0;
|
||||
args_info->verify_pin_help = gengetopt_args_info_help[6] ;
|
||||
args_info->verify_bio_help = gengetopt_args_info_help[7] ;
|
||||
args_info->verify_pin_or_bio_help = gengetopt_args_info_help[8] ;
|
||||
args_info->verify_pin_help = gengetopt_args_info_help[4] ;
|
||||
args_info->verify_bio_help = gengetopt_args_info_help[5] ;
|
||||
args_info->verify_pin_or_bio_help = gengetopt_args_info_help[6] ;
|
||||
args_info->new_pin_help = gengetopt_args_info_help[9] ;
|
||||
args_info->new_bio_help = gengetopt_args_info_help[10] ;
|
||||
args_info->new_bio_min = 0;
|
||||
|
@ -1832,7 +1832,6 @@ cmdline_parser_internal (
|
|||
|
||||
break;
|
||||
case 'p': /* Verify PIN. */
|
||||
args_info->soc_mode_counter += 1;
|
||||
|
||||
|
||||
if (update_arg( 0 ,
|
||||
|
@ -1845,7 +1844,6 @@ cmdline_parser_internal (
|
|||
|
||||
break;
|
||||
case 'b': /* Verify finger print. */
|
||||
args_info->soc_mode_counter += 1;
|
||||
|
||||
|
||||
if (update_arg( 0 ,
|
||||
|
@ -1885,7 +1883,6 @@ cmdline_parser_internal (
|
|||
/* Verify PIN or finger print (user's choice). */
|
||||
if (strcmp (long_options[option_index].name, "verify-pin-or-bio") == 0)
|
||||
{
|
||||
args_info->soc_mode_counter += 1;
|
||||
|
||||
|
||||
if (update_arg( 0 ,
|
||||
|
@ -2212,8 +2209,8 @@ cmdline_parser_internal (
|
|||
if (args_info->pxs_mode_counter && args_info->soc_mode_counter) {
|
||||
int pxs_given[] = {args_info->certificate_given, args_info->key_given, args_info->print_cardid_given, args_info->write_cardid_given, args_info->print_paccessid_given, args_info->write_paccessid_given, args_info->read_dg_given, args_info->out_file_given, args_info->write_dg_given, args_info->in_file_given, args_info->delete_dg_given, args_info->create_dg_given, args_info->new_size_given, args_info->new_read_ac_given, args_info->new_read_ac_chatbit_given, args_info->new_write_ac_given, args_info->new_write_ac_chatbit_given, -1};
|
||||
const char *pxs_desc[] = {"--certificate", "--key", "--print-cardid", "--write-cardid", "--print-paccessid", "--write-paccessid", "--read-dg", "--out-file", "--write-dg", "--in-file", "--delete-dg", "--create-dg", "--new-size", "--new-read-ac", "--new-read-ac-chatbit", "--new-write-ac", "--new-write-ac-chatbit", 0};
|
||||
int soc_given[] = {args_info->verify_pin_given, args_info->verify_bio_given, args_info->verify_pin_or_bio_given, args_info->new_pin_given, args_info->new_bio_given, args_info->info_given, -1};
|
||||
const char *soc_desc[] = {"--verify-pin", "--verify-bio", "--verify-pin-or-bio", "--new-pin", "--new-bio", "--info", 0};
|
||||
int soc_given[] = {args_info->new_pin_given, args_info->new_bio_given, args_info->info_given, -1};
|
||||
const char *soc_desc[] = {"--new-pin", "--new-bio", "--info", 0};
|
||||
error_occurred += check_modes(pxs_given, pxs_desc, soc_given, soc_desc);
|
||||
}
|
||||
|
||||
|
|
|
@ -340,7 +340,7 @@ int soc_main(struct sc_context *ctx, sc_card_t *card, struct gengetopt_args_info
|
|||
}
|
||||
if (cmdline->verify_pin_given) {
|
||||
sc_debug(ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
|
||||
"Verify finger print or PIN on the card.");
|
||||
"Verify PIN on the card.");
|
||||
if (!soc_verify(card, SOCM_AUTHOBJECT_PIN))
|
||||
goto err;
|
||||
soc_reset_authobject |= SOCM_AUTHOBJECT_PIN;
|
||||
|
@ -493,6 +493,26 @@ err:
|
|||
return ok;
|
||||
}
|
||||
|
||||
#define PXS_AUTHOBJECT_PIN 0x80
|
||||
#define PXS_AUTHOBJECT_BIO 0x40
|
||||
|
||||
int
|
||||
paccess_verify(sc_card_t *card, unsigned char p2)
|
||||
{
|
||||
int ok = 0;
|
||||
sc_apdu_t apdu;
|
||||
sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x2E, 0x24, p2);
|
||||
SC_TEST_GOTO_ERR(card->ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
|
||||
sc_transmit_apdu(card, &apdu),
|
||||
"Verification failed");
|
||||
SC_TEST_GOTO_ERR(card->ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
|
||||
sc_check_sw(card, apdu.sw1, apdu.sw2),
|
||||
"Verification failed");
|
||||
ok = 1;
|
||||
err:
|
||||
return ok;
|
||||
}
|
||||
|
||||
int paccess_main(struct sc_context *ctx, sc_card_t *card, struct gengetopt_args_info *cmdline)
|
||||
{
|
||||
int ok = 0, r;
|
||||
|
@ -504,6 +524,7 @@ int paccess_main(struct sc_context *ctx, sc_card_t *card, struct gengetopt_args_
|
|||
unsigned char auxiliary_data[] = {0x67, 0x00};
|
||||
unsigned char paccess_minor = 0;
|
||||
unsigned char paccess_major = 0;
|
||||
int pxs_reset_authobjects = 0;
|
||||
|
||||
sc_path_set(&path, SC_PATH_TYPE_DF_NAME, paccess_aid, sizeof paccess_aid, 0, 0);
|
||||
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
|
||||
|
@ -600,6 +621,28 @@ int paccess_main(struct sc_context *ctx, sc_card_t *card, struct gengetopt_args_
|
|||
"Chip authentication failed.");
|
||||
}
|
||||
|
||||
if (cmdline->verify_pin_given) {
|
||||
sc_debug(ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
|
||||
"Verify PIN on the card.");
|
||||
if (!paccess_verify(card, PXS_AUTHOBJECT_PIN))
|
||||
goto err;
|
||||
pxs_reset_authobjects++;
|
||||
}
|
||||
if (cmdline->verify_bio_given) {
|
||||
sc_debug(ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
|
||||
"Verify finger print on the card.");
|
||||
if (!paccess_verify(card, PXS_AUTHOBJECT_BIO))
|
||||
goto err;
|
||||
pxs_reset_authobjects++;
|
||||
}
|
||||
if (cmdline->verify_pin_or_bio_given) {
|
||||
sc_debug(ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
|
||||
"Verify finger print or PIN on the card.");
|
||||
if (!paccess_verify(card, PXS_AUTHOBJECT_PIN|PXS_AUTHOBJECT_BIO))
|
||||
goto err;
|
||||
pxs_reset_authobjects++;
|
||||
}
|
||||
|
||||
for (i = 0; i < cmdline->delete_dg_given; i++) {
|
||||
int fid = 0x0100 | cmdline->delete_dg_arg[i];
|
||||
|
||||
|
@ -791,6 +834,8 @@ int paccess_main(struct sc_context *ctx, sc_card_t *card, struct gengetopt_args_
|
|||
ok = 1;
|
||||
|
||||
err:
|
||||
if (pxs_reset_authobjects)
|
||||
sc_reset(card, 0);
|
||||
if (certs) {
|
||||
for (i = 0; certs[i]; i++) {
|
||||
free((unsigned char *) certs[i]);
|
||||
|
@ -844,6 +889,12 @@ main(int argc, char **argv)
|
|||
goto err;
|
||||
if (cmdline.pxs_mode_counter && !paccess_main(ctx, card, &cmdline))
|
||||
goto err;
|
||||
if (cmdline.soc_mode_counter == 0 && cmdline.pxs_mode_counter == 0
|
||||
&& (cmdline.verify_pin_given
|
||||
|| cmdline.verify_bio_given
|
||||
|| cmdline.verify_pin_or_bio_given)
|
||||
&& !soc_main(ctx, card, &cmdline))
|
||||
goto err;
|
||||
|
||||
fail = 0;
|
||||
|
||||
|
|
|
@ -7,17 +7,17 @@ option "reader" r
|
|||
option "verbose" v
|
||||
"Use (several times) to be more verbose"
|
||||
multiple optional
|
||||
option "verify-pin" p
|
||||
"Verify PIN"
|
||||
optional
|
||||
option "verify-bio" b
|
||||
"Verify finger print"
|
||||
optional
|
||||
option "verify-pin-or-bio" -
|
||||
"Verify PIN or finger print (user's choice)"
|
||||
optional
|
||||
|
||||
defmode "soc" modedesc="Options for SoCManager Applet"
|
||||
modeoption "verify-pin" p
|
||||
"Verify PIN"
|
||||
mode="soc" optional
|
||||
modeoption "verify-bio" b
|
||||
"Verify finger print"
|
||||
mode="soc" optional
|
||||
modeoption "verify-pin-or-bio" -
|
||||
"Verify PIN or finger print (user's choice)"
|
||||
mode="soc" optional
|
||||
modeoption "new-pin" -
|
||||
"Change PIN"
|
||||
mode="soc" optional
|
||||
|
|
Loading…
Reference in New Issue