For CardOS 4.3B and 4.4, the Verify Retry Counter Package
can be loaded at ADMINISTRATION life cycle phase to change the behavior of the VERIFY command in regard to return codes. When that package is loaded, the PIN can be created with this "verifyRC" flag in cardos.profile if the return code must be ISO7816-4 compliant (63Cx with x being the value of the remaining retry counter when required verification has failed). git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5558 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
f2da113f54
commit
b422872813
|
@ -62,6 +62,7 @@ typedef struct sc_pkcs15_id sc_pkcs15_id_t;
|
|||
#define SC_PKCS15_PIN_FLAG_INTEGRITY_PROTECTED 0x0200
|
||||
#define SC_PKCS15_PIN_FLAG_CONFIDENTIALITY_PROTECTED 0x0400
|
||||
#define SC_PKCS15_PIN_FLAG_EXCHANGE_REF_DATA 0x0800
|
||||
#define SC_PKCS15_PIN_FLAG_VERIFY_RC_COUNTER 0x1000
|
||||
|
||||
#define SC_PKCS15_PIN_TYPE_BCD 0
|
||||
#define SC_PKCS15_PIN_TYPE_ASCII_NUMERIC 1
|
||||
|
|
|
@ -24,6 +24,17 @@ PIN user-puk {
|
|||
attempts = 10;
|
||||
}
|
||||
|
||||
# For CardOS 4.3B and 4.4, the Verify Retry Counter Package
|
||||
# can be loaded at ADMINISTRATION life cycle phase to change
|
||||
# the behavior of the VERIFY command in regard to return codes.
|
||||
# When that package is loaded, the PIN can be created with this
|
||||
# "verifyRC" flag if the return code must be ISO7816-4 compliant
|
||||
# (63Cx with x being the value of the remaining retry counter
|
||||
# when required verification has failed).
|
||||
#PIN user-pin {
|
||||
# flags = verifyRC;
|
||||
#}
|
||||
|
||||
# Additional filesystem info.
|
||||
# This is added to the file system info specified in the
|
||||
# main profile.
|
||||
|
|
|
@ -409,6 +409,7 @@ cardos_store_pin(sc_profile_t *profile, sc_card_t *card,
|
|||
const u8 *pin, size_t pin_len)
|
||||
{
|
||||
struct sc_cardctl_cardos_obj_info args;
|
||||
struct sc_pkcs15_auth_info profile_auth;
|
||||
unsigned char buffer[256];
|
||||
unsigned char pinpadded[256];
|
||||
struct tlv tlv;
|
||||
|
@ -445,6 +446,11 @@ cardos_store_pin(sc_profile_t *profile, sc_card_t *card,
|
|||
/* parameters */
|
||||
tlv_next(&tlv, 0x85);
|
||||
tlv_add(&tlv, 0x02); /* options byte */
|
||||
sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PIN, &profile_auth);
|
||||
if (profile_auth.attrs.pin.flags & SC_PKCS15_PIN_FLAG_VERIFY_RC_COUNTER) {
|
||||
/* Use 9 byte OCI parameters to be able to set VerifyRC bit */
|
||||
tlv_add(&tlv, 0x04); /* options_2 byte with Bit n°2 set to return CurrentErrorCounter */
|
||||
}
|
||||
tlv_add(&tlv, attempts & 0xf); /* flags byte */
|
||||
tlv_add(&tlv, CARDOS_ALGO_PIN); /* algorithm = pin-test */
|
||||
tlv_add(&tlv, attempts & 0xf); /* errcount = attempts */
|
||||
|
|
|
@ -191,6 +191,7 @@ static struct map pinFlagNames[] = {
|
|||
{ "integrity-protected", SC_PKCS15_PIN_FLAG_INTEGRITY_PROTECTED },
|
||||
{ "confidentiality-protected", SC_PKCS15_PIN_FLAG_CONFIDENTIALITY_PROTECTED },
|
||||
{ "exchangeRefData", SC_PKCS15_PIN_FLAG_EXCHANGE_REF_DATA },
|
||||
{ "verifyRC", SC_PKCS15_PIN_FLAG_VERIFY_RC_COUNTER },
|
||||
{ NULL, 0 }
|
||||
};
|
||||
static struct map idStyleNames[] = {
|
||||
|
|
Loading…
Reference in New Issue