pkcs15: use general 'AuthenticationObject' instead of 'PinObject'
now the attributes of the previous 'pin-info' data type are included as the sub-type attributes of the general 'auth-info' data . It will allow to include support of the 'biometricTemplate' and 'authKey' authentication types. http://www.opensc-project.org/pipermail/opensc-devel/2011-May/016655.html git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5550 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
32d035a9ad
commit
d888b3fd55
@ -180,7 +180,7 @@ sc_pkcs15_free_data_info
|
|||||||
sc_pkcs15_free_data_object
|
sc_pkcs15_free_data_object
|
||||||
sc_pkcs15_free_key_params
|
sc_pkcs15_free_key_params
|
||||||
sc_pkcs15_free_object
|
sc_pkcs15_free_object
|
||||||
sc_pkcs15_free_pin_info
|
sc_pkcs15_free_auth_info
|
||||||
sc_pkcs15_free_prkey
|
sc_pkcs15_free_prkey
|
||||||
sc_pkcs15_free_prkey_info
|
sc_pkcs15_free_prkey_info
|
||||||
sc_pkcs15_free_pubkey
|
sc_pkcs15_free_pubkey
|
||||||
|
@ -277,20 +277,23 @@ int sc_pkcs15emu_initialize_pins(sc_pkcs15_card_t *p15card, p15data_items* items
|
|||||||
const pindata* pins = items->pins;
|
const pindata* pins = items->pins;
|
||||||
if(!pins) return SC_SUCCESS;
|
if(!pins) return SC_SUCCESS;
|
||||||
for (i = 0; pins[i].label; i++) {
|
for (i = 0; pins[i].label; i++) {
|
||||||
struct sc_pkcs15_pin_info pin_info;
|
struct sc_pkcs15_auth_info pin_info;
|
||||||
struct sc_pkcs15_object pin_obj;
|
struct sc_pkcs15_object pin_obj;
|
||||||
|
|
||||||
memset(&pin_info, 0, sizeof(pin_info));
|
memset(&pin_info, 0, sizeof(pin_info));
|
||||||
memset(&pin_obj, 0, sizeof(pin_obj));
|
memset(&pin_obj, 0, sizeof(pin_obj));
|
||||||
|
|
||||||
|
pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
||||||
sc_pkcs15_format_id(pins[i].id, &pin_info.auth_id);
|
sc_pkcs15_format_id(pins[i].id, &pin_info.auth_id);
|
||||||
pin_info.reference = pins[i].ref;
|
|
||||||
pin_info.flags = pins[i].flags;
|
pin_info.attrs.pin.reference = pins[i].ref;
|
||||||
pin_info.type = pins[i].type;
|
pin_info.attrs.pin.flags = pins[i].flags;
|
||||||
pin_info.min_length = pins[i].minlen;
|
pin_info.attrs.pin.type = pins[i].type;
|
||||||
pin_info.stored_length = pins[i].storedlen;
|
pin_info.attrs.pin.min_length = pins[i].minlen;
|
||||||
pin_info.max_length = pins[i].maxlen;
|
pin_info.attrs.pin.stored_length = pins[i].storedlen;
|
||||||
pin_info.pad_char = pins[i].pad_char;
|
pin_info.attrs.pin.max_length = pins[i].maxlen;
|
||||||
|
pin_info.attrs.pin.pad_char = pins[i].pad_char;
|
||||||
|
|
||||||
sc_format_path(pins[i].path, &pin_info.path);
|
sc_format_path(pins[i].path, &pin_info.path);
|
||||||
pin_info.tries_left = -1;
|
pin_info.tries_left = -1;
|
||||||
|
|
||||||
|
@ -77,27 +77,27 @@ static int sc_pkcs15emu_add_pin(sc_pkcs15_card_t *p15card,
|
|||||||
unsigned int max_length,
|
unsigned int max_length,
|
||||||
int flags, int tries_left, const char pad_char, int obj_flags)
|
int flags, int tries_left, const char pad_char, int obj_flags)
|
||||||
{
|
{
|
||||||
sc_pkcs15_pin_info_t info;
|
sc_pkcs15_auth_info_t info;
|
||||||
sc_pkcs15_object_t obj;
|
sc_pkcs15_object_t obj;
|
||||||
|
|
||||||
memset(&info, 0, sizeof(info));
|
memset(&info, 0, sizeof(info));
|
||||||
memset(&obj, 0, sizeof(obj));
|
memset(&obj, 0, sizeof(obj));
|
||||||
|
|
||||||
info.auth_id = *id;
|
info.auth_id = *id;
|
||||||
info.min_length = min_length;
|
info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
||||||
info.max_length = max_length;
|
info.attrs.pin.min_length = min_length;
|
||||||
info.stored_length = max_length;
|
info.attrs.pin.max_length = max_length;
|
||||||
info.type = type;
|
info.attrs.pin.stored_length = max_length;
|
||||||
info.reference = ref;
|
info.attrs.pin.type = type;
|
||||||
info.flags = flags;
|
info.attrs.pin.reference = ref;
|
||||||
|
info.attrs.pin.flags = flags;
|
||||||
|
info.attrs.pin.pad_char = pad_char;
|
||||||
info.tries_left = tries_left;
|
info.tries_left = tries_left;
|
||||||
info.magic = SC_PKCS15_PIN_MAGIC;
|
|
||||||
info.pad_char = pad_char;
|
|
||||||
|
|
||||||
if (path)
|
if (path)
|
||||||
info.path = *path;
|
info.path = *path;
|
||||||
if (type == SC_PKCS15_PIN_TYPE_BCD)
|
if (type == SC_PKCS15_PIN_TYPE_BCD)
|
||||||
info.stored_length /= 2;
|
info.attrs.pin.stored_length /= 2;
|
||||||
|
|
||||||
strlcpy(obj.label, label, sizeof(obj.label));
|
strlcpy(obj.label, label, sizeof(obj.label));
|
||||||
obj.flags = obj_flags;
|
obj.flags = obj_flags;
|
||||||
|
@ -220,20 +220,21 @@ static int sc_pkcs15emu_atrust_acos_init(sc_pkcs15_card_t *p15card)
|
|||||||
}
|
}
|
||||||
/* set pins */
|
/* set pins */
|
||||||
for (i = 0; pins[i].label; i++) {
|
for (i = 0; pins[i].label; i++) {
|
||||||
struct sc_pkcs15_pin_info pin_info;
|
struct sc_pkcs15_auth_info pin_info;
|
||||||
struct sc_pkcs15_object pin_obj;
|
struct sc_pkcs15_object pin_obj;
|
||||||
|
|
||||||
memset(&pin_info, 0, sizeof(pin_info));
|
memset(&pin_info, 0, sizeof(pin_info));
|
||||||
memset(&pin_obj, 0, sizeof(pin_obj));
|
memset(&pin_obj, 0, sizeof(pin_obj));
|
||||||
|
|
||||||
sc_pkcs15_format_id(pins[i].id, &pin_info.auth_id);
|
sc_pkcs15_format_id(pins[i].id, &pin_info.auth_id);
|
||||||
pin_info.reference = pins[i].ref;
|
pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
||||||
pin_info.flags = pins[i].flags;
|
pin_info.attrs.pin.reference = pins[i].ref;
|
||||||
pin_info.type = pins[i].type;
|
pin_info.attrs.pin.flags = pins[i].flags;
|
||||||
pin_info.min_length = pins[i].minlen;
|
pin_info.attrs.pin.type = pins[i].type;
|
||||||
pin_info.stored_length = pins[i].storedlen;
|
pin_info.attrs.pin.min_length = pins[i].minlen;
|
||||||
pin_info.max_length = pins[i].maxlen;
|
pin_info.attrs.pin.stored_length = pins[i].storedlen;
|
||||||
pin_info.pad_char = pins[i].pad_char;
|
pin_info.attrs.pin.max_length = pins[i].maxlen;
|
||||||
|
pin_info.attrs.pin.pad_char = pins[i].pad_char;
|
||||||
sc_format_path(pins[i].path, &pin_info.path);
|
sc_format_path(pins[i].path, &pin_info.path);
|
||||||
pin_info.tries_left = -1;
|
pin_info.tries_left = -1;
|
||||||
|
|
||||||
|
@ -173,7 +173,7 @@ sc_pkcs15emu_esteid_init (sc_pkcs15_card_t * p15card)
|
|||||||
static const int esteid_pin_authid[3] = {1, 2, 3};
|
static const int esteid_pin_authid[3] = {1, 2, 3};
|
||||||
static const int esteid_pin_flags[3] = {0, 0, SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN};
|
static const int esteid_pin_flags[3] = {0, 0, SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN};
|
||||||
|
|
||||||
struct sc_pkcs15_pin_info pin_info;
|
struct sc_pkcs15_auth_info pin_info;
|
||||||
struct sc_pkcs15_object pin_obj;
|
struct sc_pkcs15_object pin_obj;
|
||||||
|
|
||||||
memset(&pin_info, 0, sizeof(pin_info));
|
memset(&pin_info, 0, sizeof(pin_info));
|
||||||
@ -187,13 +187,14 @@ sc_pkcs15emu_esteid_init (sc_pkcs15_card_t * p15card)
|
|||||||
|
|
||||||
pin_info.auth_id.len = 1;
|
pin_info.auth_id.len = 1;
|
||||||
pin_info.auth_id.value[0] = esteid_pin_authid[i];
|
pin_info.auth_id.value[0] = esteid_pin_authid[i];
|
||||||
pin_info.reference = esteid_pin_ref[i];
|
pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
||||||
pin_info.flags = esteid_pin_flags[i];
|
pin_info.attrs.pin.reference = esteid_pin_ref[i];
|
||||||
pin_info.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC;
|
pin_info.attrs.pin.flags = esteid_pin_flags[i];
|
||||||
pin_info.min_length = esteid_pin_min[i];
|
pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC;
|
||||||
pin_info.stored_length = 12;
|
pin_info.attrs.pin.min_length = esteid_pin_min[i];
|
||||||
pin_info.max_length = 12;
|
pin_info.attrs.pin.stored_length = 12;
|
||||||
pin_info.pad_char = '\0';
|
pin_info.attrs.pin.max_length = 12;
|
||||||
|
pin_info.attrs.pin.pad_char = '\0';
|
||||||
pin_info.tries_left = (int)tries_left;
|
pin_info.tries_left = (int)tries_left;
|
||||||
pin_info.max_tries = 3;
|
pin_info.max_tries = 3;
|
||||||
|
|
||||||
|
@ -430,20 +430,21 @@ static int sc_pkcs15emu_gemsafeGPK_init(sc_pkcs15_card_t *p15card)
|
|||||||
card->ops->pin_cmd = my_pin_cmd;
|
card->ops->pin_cmd = my_pin_cmd;
|
||||||
|
|
||||||
for (i = 0; pins[i].label; i++) {
|
for (i = 0; pins[i].label; i++) {
|
||||||
struct sc_pkcs15_pin_info pin_info;
|
struct sc_pkcs15_auth_info pin_info;
|
||||||
struct sc_pkcs15_object pin_obj;
|
struct sc_pkcs15_object pin_obj;
|
||||||
|
|
||||||
memset(&pin_info, 0, sizeof(pin_info));
|
memset(&pin_info, 0, sizeof(pin_info));
|
||||||
memset(&pin_obj, 0, sizeof(pin_obj));
|
memset(&pin_obj, 0, sizeof(pin_obj));
|
||||||
|
|
||||||
sc_pkcs15_format_id(pins[i].id, &pin_info.auth_id);
|
sc_pkcs15_format_id(pins[i].id, &pin_info.auth_id);
|
||||||
pin_info.reference = pins[i].ref;
|
pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
||||||
pin_info.flags = pins[i].flags;
|
pin_info.attrs.pin.reference = pins[i].ref;
|
||||||
pin_info.type = pins[i].type;
|
pin_info.attrs.pin.flags = pins[i].flags;
|
||||||
pin_info.min_length = pins[i].minlen;
|
pin_info.attrs.pin.type = pins[i].type;
|
||||||
pin_info.stored_length = pins[i].storedlen;
|
pin_info.attrs.pin.min_length = pins[i].minlen;
|
||||||
pin_info.max_length = pins[i].maxlen;
|
pin_info.attrs.pin.stored_length = pins[i].storedlen;
|
||||||
pin_info.pad_char = pins[i].pad_char;
|
pin_info.attrs.pin.max_length = pins[i].maxlen;
|
||||||
|
pin_info.attrs.pin.pad_char = pins[i].pad_char;
|
||||||
sc_format_path(pins[i].path, &pin_info.path);
|
sc_format_path(pins[i].path, &pin_info.path);
|
||||||
pin_info.path.value[2] = dfpath >> 8;
|
pin_info.path.value[2] = dfpath >> 8;
|
||||||
pin_info.path.value[3] = dfpath & 0xff;
|
pin_info.path.value[3] = dfpath & 0xff;
|
||||||
|
@ -432,19 +432,19 @@ sc_pkcs15emu_add_pin(sc_pkcs15_card_t *p15card,
|
|||||||
unsigned int max_length,
|
unsigned int max_length,
|
||||||
int flags, int tries_left, const char pad_char, int obj_flags)
|
int flags, int tries_left, const char pad_char, int obj_flags)
|
||||||
{
|
{
|
||||||
sc_pkcs15_pin_info_t *info;
|
sc_pkcs15_auth_info_t *info;
|
||||||
|
|
||||||
info = calloc(1, sizeof(*info));
|
info = calloc(1, sizeof(*info));
|
||||||
|
info->auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
||||||
info->auth_id = *id;
|
info->auth_id = *id;
|
||||||
info->min_length = min_length;
|
info->attrs.pin.min_length = min_length;
|
||||||
info->max_length = max_length;
|
info->attrs.pin.max_length = max_length;
|
||||||
info->stored_length = max_length;
|
info->attrs.pin.stored_length = max_length;
|
||||||
info->type = type;
|
info->attrs.pin.type = type;
|
||||||
info->reference = ref;
|
info->attrs.pin.reference = ref;
|
||||||
info->flags = flags;
|
info->attrs.pin.flags = flags;
|
||||||
|
info->attrs.pin.pad_char = pad_char;
|
||||||
info->tries_left = tries_left;
|
info->tries_left = tries_left;
|
||||||
info->magic = SC_PKCS15_PIN_MAGIC;
|
|
||||||
info->pad_char = pad_char;
|
|
||||||
|
|
||||||
if (path)
|
if (path)
|
||||||
info->path = *path;
|
info->path = *path;
|
||||||
|
@ -72,27 +72,27 @@ static int sc_pkcs15emu_add_pin(sc_pkcs15_card_t *p15card,
|
|||||||
unsigned int max_length,
|
unsigned int max_length,
|
||||||
int flags, int tries_left, const char pad_char, int obj_flags)
|
int flags, int tries_left, const char pad_char, int obj_flags)
|
||||||
{
|
{
|
||||||
sc_pkcs15_pin_info_t info;
|
sc_pkcs15_auth_info_t info;
|
||||||
sc_pkcs15_object_t obj;
|
sc_pkcs15_object_t obj;
|
||||||
|
|
||||||
memset(&info, 0, sizeof(info));
|
memset(&info, 0, sizeof(info));
|
||||||
memset(&obj, 0, sizeof(obj));
|
memset(&obj, 0, sizeof(obj));
|
||||||
|
|
||||||
|
info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
||||||
info.auth_id = *id;
|
info.auth_id = *id;
|
||||||
info.min_length = min_length;
|
info.attrs.pin.min_length = min_length;
|
||||||
info.max_length = max_length;
|
info.attrs.pin.max_length = max_length;
|
||||||
info.stored_length = max_length;
|
info.attrs.pin.stored_length = max_length;
|
||||||
info.type = type;
|
info.attrs.pin.type = type;
|
||||||
info.reference = ref;
|
info.attrs.pin.reference = ref;
|
||||||
info.flags = flags;
|
info.attrs.pin.flags = flags;
|
||||||
|
info.attrs.pin.pad_char = pad_char;
|
||||||
info.tries_left = tries_left;
|
info.tries_left = tries_left;
|
||||||
info.magic = SC_PKCS15_PIN_MAGIC;
|
|
||||||
info.pad_char = pad_char;
|
|
||||||
|
|
||||||
if (path)
|
if (path)
|
||||||
info.path = *path;
|
info.path = *path;
|
||||||
if (type == SC_PKCS15_PIN_TYPE_BCD)
|
if (type == SC_PKCS15_PIN_TYPE_BCD)
|
||||||
info.stored_length /= 2;
|
info.attrs.pin.stored_length /= 2;
|
||||||
|
|
||||||
strlcpy(obj.label, label, sizeof(obj.label));
|
strlcpy(obj.label, label, sizeof(obj.label));
|
||||||
obj.flags = obj_flags;
|
obj.flags = obj_flags;
|
||||||
|
@ -344,21 +344,22 @@ static int itacns_add_pin(sc_pkcs15_card_t *p15card,
|
|||||||
sc_path_t *path,
|
sc_path_t *path,
|
||||||
int flags)
|
int flags)
|
||||||
{
|
{
|
||||||
struct sc_pkcs15_pin_info pin_info;
|
struct sc_pkcs15_auth_info pin_info;
|
||||||
struct sc_pkcs15_object pin_obj;
|
struct sc_pkcs15_object pin_obj;
|
||||||
|
|
||||||
SC_FUNC_CALLED(p15card->card->ctx, 1);
|
SC_FUNC_CALLED(p15card->card->ctx, 1);
|
||||||
|
|
||||||
memset(&pin_info, 0, sizeof(pin_info));
|
memset(&pin_info, 0, sizeof(pin_info));
|
||||||
|
pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
||||||
pin_info.auth_id.len = 1;
|
pin_info.auth_id.len = 1;
|
||||||
pin_info.auth_id.value[0] = id;
|
pin_info.auth_id.value[0] = id;
|
||||||
pin_info.reference = reference;
|
pin_info.attrs.pin.reference = reference;
|
||||||
pin_info.flags = flags;
|
pin_info.attrs.pin.flags = flags;
|
||||||
pin_info.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC;
|
pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC;
|
||||||
pin_info.min_length = 5;
|
pin_info.attrs.pin.min_length = 5;
|
||||||
pin_info.stored_length = 8;
|
pin_info.attrs.pin.stored_length = 8;
|
||||||
pin_info.max_length = 8;
|
pin_info.attrs.pin.max_length = 8;
|
||||||
pin_info.pad_char = 0xff;
|
pin_info.attrs.pin.pad_char = 0xff;
|
||||||
if(path)
|
if(path)
|
||||||
pin_info.path = *path;
|
pin_info.path = *path;
|
||||||
|
|
||||||
|
@ -294,17 +294,16 @@ sc_oberthur_read_file(struct sc_pkcs15_card *p15card, const char *in_path,
|
|||||||
if (verify_pin && rv == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED) {
|
if (verify_pin && rv == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED) {
|
||||||
struct sc_pkcs15_object *objs[0x10], *pin_obj = NULL;
|
struct sc_pkcs15_object *objs[0x10], *pin_obj = NULL;
|
||||||
const struct sc_acl_entry *acl = sc_file_get_acl_entry(file, SC_AC_OP_READ);
|
const struct sc_acl_entry *acl = sc_file_get_acl_entry(file, SC_AC_OP_READ);
|
||||||
struct sc_pkcs15_pin_info *pinfo = NULL;
|
|
||||||
int ii;
|
int ii;
|
||||||
|
|
||||||
rv = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_AUTH_PIN, objs, 0x10);
|
rv = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_AUTH_PIN, objs, 0x10);
|
||||||
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot read oberthur file: get AUTH objects error");
|
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot read oberthur file: get AUTH objects error");
|
||||||
|
|
||||||
for (ii=0; ii<rv; ii++) {
|
for (ii=0; ii<rv; ii++) {
|
||||||
pinfo = (struct sc_pkcs15_pin_info *) objs[ii]->data;
|
struct sc_pkcs15_auth_info *auth_info = (struct sc_pkcs15_auth_info *) objs[ii]->data;
|
||||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "compare PIN/ACL refs:%i/%i, method:%i/%i",
|
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "compare PIN/ACL refs:%i/%i, method:%i/%i",
|
||||||
pinfo->reference, acl->key_ref, pinfo->auth_method, acl->method);
|
auth_info->attrs.pin.reference, acl->key_ref, auth_info->auth_method, acl->method);
|
||||||
if (pinfo->reference == (int)acl->key_ref && pinfo->auth_method == (unsigned)acl->method) {
|
if (auth_info->attrs.pin.reference == (int)acl->key_ref && auth_info->auth_method == (unsigned)acl->method) {
|
||||||
pin_obj = objs[ii];
|
pin_obj = objs[ii];
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@ -911,7 +910,7 @@ static int
|
|||||||
sc_pkcs15emu_oberthur_init(struct sc_pkcs15_card * p15card)
|
sc_pkcs15emu_oberthur_init(struct sc_pkcs15_card * p15card)
|
||||||
{
|
{
|
||||||
struct sc_context *ctx = p15card->card->ctx;
|
struct sc_context *ctx = p15card->card->ctx;
|
||||||
struct sc_pkcs15_pin_info info;
|
struct sc_pkcs15_auth_info auth_info;
|
||||||
struct sc_pkcs15_object obj;
|
struct sc_pkcs15_object obj;
|
||||||
struct sc_card *card = p15card->card;
|
struct sc_card *card = p15card->card;
|
||||||
struct sc_path path;
|
struct sc_path path;
|
||||||
@ -942,67 +941,66 @@ sc_pkcs15emu_oberthur_init(struct sc_pkcs15_card * p15card)
|
|||||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Invalid state of SO-PIN");
|
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Invalid state of SO-PIN");
|
||||||
|
|
||||||
/* add PIN */
|
/* add PIN */
|
||||||
memset(&info, 0, sizeof(info));
|
memset(&auth_info, 0, sizeof(auth_info));
|
||||||
memset(&obj, 0, sizeof(obj));
|
memset(&obj, 0, sizeof(obj));
|
||||||
|
|
||||||
info.auth_id.len = 1;
|
auth_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
||||||
info.auth_id.value[0] = 0xFF;
|
auth_info.auth_method = SC_AC_CHV;
|
||||||
info.min_length = 4;
|
auth_info.auth_id.len = 1;
|
||||||
info.max_length = 64;
|
auth_info.auth_id.value[0] = 0xFF;
|
||||||
info.stored_length = 64;
|
auth_info.attrs.pin.min_length = 4;
|
||||||
info.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC;
|
auth_info.attrs.pin.max_length = 64;
|
||||||
info.reference = sopin_reference;
|
auth_info.attrs.pin.stored_length = 64;
|
||||||
info.tries_left = tries_left;
|
auth_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC;
|
||||||
info.auth_method = SC_AC_CHV;
|
auth_info.attrs.pin.reference = sopin_reference;
|
||||||
info.magic = SC_PKCS15_PIN_MAGIC;
|
auth_info.attrs.pin.pad_char = 0xFF;
|
||||||
info.pad_char = 0xFF;
|
auth_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_CASE_SENSITIVE
|
||||||
info.flags = SC_PKCS15_PIN_FLAG_CASE_SENSITIVE
|
|
||||||
| SC_PKCS15_PIN_FLAG_INITIALIZED
|
| SC_PKCS15_PIN_FLAG_INITIALIZED
|
||||||
| SC_PKCS15_PIN_FLAG_NEEDS_PADDING
|
| SC_PKCS15_PIN_FLAG_NEEDS_PADDING
|
||||||
| SC_PKCS15_PIN_FLAG_SO_PIN;
|
| SC_PKCS15_PIN_FLAG_SO_PIN;
|
||||||
|
auth_info.tries_left = tries_left;
|
||||||
|
|
||||||
strncpy(obj.label, "SO PIN", SC_PKCS15_MAX_LABEL_SIZE-1);
|
strncpy(obj.label, "SO PIN", SC_PKCS15_MAX_LABEL_SIZE-1);
|
||||||
obj.flags = SC_PKCS15_CO_FLAG_MODIFIABLE | SC_PKCS15_CO_FLAG_PRIVATE;
|
obj.flags = SC_PKCS15_CO_FLAG_MODIFIABLE | SC_PKCS15_CO_FLAG_PRIVATE;
|
||||||
|
|
||||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Add PIN(%s,auth_id:%s,reference:%i)", obj.label,
|
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Add PIN(%s,auth_id:%s,reference:%i)", obj.label,
|
||||||
sc_pkcs15_print_id(&info.auth_id), info.reference);
|
sc_pkcs15_print_id(&auth_info.auth_id), auth_info.attrs.pin.reference);
|
||||||
rv = sc_pkcs15emu_add_pin_obj(p15card, &obj, &info);
|
rv = sc_pkcs15emu_add_pin_obj(p15card, &obj, &auth_info);
|
||||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Oberthur init failed: cannot add PIN object");
|
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Oberthur init failed: cannot add PIN object");
|
||||||
|
|
||||||
tries_left = -1;
|
tries_left = -1;
|
||||||
rv = sc_verify(card, SC_AC_CHV, 0x81, (unsigned char *)"", 0, &tries_left);
|
rv = sc_verify(card, SC_AC_CHV, 0x81, (unsigned char *)"", 0, &tries_left);
|
||||||
if (rv == SC_ERROR_PIN_CODE_INCORRECT) {
|
if (rv == SC_ERROR_PIN_CODE_INCORRECT) {
|
||||||
/* add PIN */
|
/* add PIN */
|
||||||
memset(&info, 0, sizeof(info));
|
memset(&auth_info, 0, sizeof(auth_info));
|
||||||
memset(&obj, 0, sizeof(obj));
|
memset(&obj, 0, sizeof(obj));
|
||||||
|
|
||||||
info.auth_id.len = sizeof(PinDomainID) > sizeof(info.auth_id.value)
|
auth_info.auth_id.len = sizeof(PinDomainID) > sizeof(auth_info.auth_id.value)
|
||||||
? sizeof(info.auth_id.value) : sizeof(PinDomainID);
|
? sizeof(auth_info.auth_id.value) : sizeof(PinDomainID);
|
||||||
memcpy(info.auth_id.value, PinDomainID, info.auth_id.len);
|
memcpy(auth_info.auth_id.value, PinDomainID, auth_info.auth_id.len);
|
||||||
|
auth_info.auth_method = SC_AC_CHV;
|
||||||
|
|
||||||
info.min_length = 4;
|
auth_info.attrs.pin.min_length = 4;
|
||||||
info.max_length = 64;
|
auth_info.attrs.pin.max_length = 64;
|
||||||
info.stored_length = 64;
|
auth_info.attrs.pin.stored_length = 64;
|
||||||
info.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC;
|
auth_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC;
|
||||||
info.reference = 0x81;
|
auth_info.attrs.pin.reference = 0x81;
|
||||||
info.auth_method = SC_AC_CHV;
|
auth_info.attrs.pin.pad_char = 0xFF;
|
||||||
info.tries_left = tries_left;
|
auth_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_CASE_SENSITIVE
|
||||||
info.magic = SC_PKCS15_PIN_MAGIC;
|
|
||||||
info.pad_char = 0xFF;
|
|
||||||
info.flags = SC_PKCS15_PIN_FLAG_CASE_SENSITIVE
|
|
||||||
| SC_PKCS15_PIN_FLAG_INITIALIZED
|
| SC_PKCS15_PIN_FLAG_INITIALIZED
|
||||||
| SC_PKCS15_PIN_FLAG_NEEDS_PADDING
|
| SC_PKCS15_PIN_FLAG_NEEDS_PADDING
|
||||||
| SC_PKCS15_PIN_FLAG_LOCAL;
|
| SC_PKCS15_PIN_FLAG_LOCAL;
|
||||||
|
auth_info.tries_left = tries_left;
|
||||||
|
|
||||||
strncpy(obj.label, PIN_DOMAIN_LABEL, SC_PKCS15_MAX_LABEL_SIZE-1);
|
strncpy(obj.label, PIN_DOMAIN_LABEL, SC_PKCS15_MAX_LABEL_SIZE-1);
|
||||||
obj.flags = SC_PKCS15_CO_FLAG_MODIFIABLE | SC_PKCS15_CO_FLAG_PRIVATE;
|
obj.flags = SC_PKCS15_CO_FLAG_MODIFIABLE | SC_PKCS15_CO_FLAG_PRIVATE;
|
||||||
|
|
||||||
sc_format_path(AWP_PIN_DF, &info.path);
|
sc_format_path(AWP_PIN_DF, &auth_info.path);
|
||||||
info.path.type = SC_PATH_TYPE_PATH;
|
auth_info.path.type = SC_PATH_TYPE_PATH;
|
||||||
|
|
||||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Add PIN(%s,auth_id:%s,reference:%i)", obj.label,
|
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Add PIN(%s,auth_id:%s,reference:%i)", obj.label,
|
||||||
sc_pkcs15_print_id(&info.auth_id), info.reference);
|
sc_pkcs15_print_id(&auth_info.auth_id), auth_info.attrs.pin.reference);
|
||||||
rv = sc_pkcs15emu_add_pin_obj(p15card, &obj, &info);
|
rv = sc_pkcs15emu_add_pin_obj(p15card, &obj, &auth_info);
|
||||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Oberthur init failed: cannot add PIN object");
|
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Oberthur init failed: cannot add PIN object");
|
||||||
}
|
}
|
||||||
else if (rv != SC_ERROR_DATA_OBJECT_NOT_FOUND) {
|
else if (rv != SC_ERROR_DATA_OBJECT_NOT_FOUND) {
|
||||||
|
@ -126,7 +126,7 @@ sc_pkcs15emu_openpgp_init(sc_pkcs15_card_t *p15card)
|
|||||||
for (i = 0; i < 3; i++) {
|
for (i = 0; i < 3; i++) {
|
||||||
unsigned int flags;
|
unsigned int flags;
|
||||||
|
|
||||||
struct sc_pkcs15_pin_info pin_info;
|
struct sc_pkcs15_auth_info pin_info;
|
||||||
struct sc_pkcs15_object pin_obj;
|
struct sc_pkcs15_object pin_obj;
|
||||||
|
|
||||||
memset(&pin_info, 0, sizeof(pin_info));
|
memset(&pin_info, 0, sizeof(pin_info));
|
||||||
@ -140,15 +140,16 @@ sc_pkcs15emu_openpgp_init(sc_pkcs15_card_t *p15card)
|
|||||||
SC_PKCS15_PIN_FLAG_SO_PIN;
|
SC_PKCS15_PIN_FLAG_SO_PIN;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
||||||
pin_info.auth_id.len = 1;
|
pin_info.auth_id.len = 1;
|
||||||
pin_info.auth_id.value[0] = i + 1;
|
pin_info.auth_id.value[0] = i + 1;
|
||||||
pin_info.reference = i + 1;
|
pin_info.attrs.pin.reference = i + 1;
|
||||||
pin_info.flags = flags;
|
pin_info.attrs.pin.flags = flags;
|
||||||
pin_info.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC;
|
pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC;
|
||||||
pin_info.min_length = 0;
|
pin_info.attrs.pin.min_length = 0;
|
||||||
pin_info.stored_length = buffer[1+i];
|
pin_info.attrs.pin.stored_length = buffer[1+i];
|
||||||
pin_info.max_length = buffer[1+i];
|
pin_info.attrs.pin.max_length = buffer[1+i];
|
||||||
pin_info.pad_char = '\0';
|
pin_info.attrs.pin.pad_char = '\0';
|
||||||
sc_format_path("3F00", &pin_info.path);
|
sc_format_path("3F00", &pin_info.path);
|
||||||
pin_info.tries_left = buffer[4+i];
|
pin_info.tries_left = buffer[4+i];
|
||||||
|
|
||||||
|
@ -59,9 +59,9 @@ int sc_pkcs15_decode_aodf_entry(struct sc_pkcs15_card *p15card,
|
|||||||
const u8 ** buf, size_t *buflen)
|
const u8 ** buf, size_t *buflen)
|
||||||
{
|
{
|
||||||
sc_context_t *ctx = p15card->card->ctx;
|
sc_context_t *ctx = p15card->card->ctx;
|
||||||
struct sc_pkcs15_pin_info info;
|
struct sc_pkcs15_auth_info info;
|
||||||
int r;
|
int r;
|
||||||
size_t flags_len = sizeof(info.flags);
|
size_t flags_len = sizeof(info.attrs.pin.flags);
|
||||||
size_t padchar_len = 1;
|
size_t padchar_len = 1;
|
||||||
struct sc_asn1_entry asn1_com_ao_attr[2], asn1_pin_attr[10], asn1_type_pin_attr[2];
|
struct sc_asn1_entry asn1_com_ao_attr[2], asn1_pin_attr[10], asn1_type_pin_attr[2];
|
||||||
struct sc_asn1_entry asn1_pin[2];
|
struct sc_asn1_entry asn1_pin[2];
|
||||||
@ -77,13 +77,13 @@ int sc_pkcs15_decode_aodf_entry(struct sc_pkcs15_card *p15card,
|
|||||||
|
|
||||||
sc_format_asn1_entry(asn1_type_pin_attr + 0, asn1_pin_attr, NULL, 0);
|
sc_format_asn1_entry(asn1_type_pin_attr + 0, asn1_pin_attr, NULL, 0);
|
||||||
|
|
||||||
sc_format_asn1_entry(asn1_pin_attr + 0, &info.flags, &flags_len, 0);
|
sc_format_asn1_entry(asn1_pin_attr + 0, &info.attrs.pin.flags, &flags_len, 0);
|
||||||
sc_format_asn1_entry(asn1_pin_attr + 1, &info.type, NULL, 0);
|
sc_format_asn1_entry(asn1_pin_attr + 1, &info.attrs.pin.type, NULL, 0);
|
||||||
sc_format_asn1_entry(asn1_pin_attr + 2, &info.min_length, NULL, 0);
|
sc_format_asn1_entry(asn1_pin_attr + 2, &info.attrs.pin.min_length, NULL, 0);
|
||||||
sc_format_asn1_entry(asn1_pin_attr + 3, &info.stored_length, NULL, 0);
|
sc_format_asn1_entry(asn1_pin_attr + 3, &info.attrs.pin.stored_length, NULL, 0);
|
||||||
sc_format_asn1_entry(asn1_pin_attr + 4, &info.max_length, NULL, 0);
|
sc_format_asn1_entry(asn1_pin_attr + 4, &info.attrs.pin.max_length, NULL, 0);
|
||||||
sc_format_asn1_entry(asn1_pin_attr + 5, &info.reference, NULL, 0);
|
sc_format_asn1_entry(asn1_pin_attr + 5, &info.attrs.pin.reference, NULL, 0);
|
||||||
sc_format_asn1_entry(asn1_pin_attr + 6, &info.pad_char, &padchar_len, 0);
|
sc_format_asn1_entry(asn1_pin_attr + 6, &info.attrs.pin.pad_char, &padchar_len, 0);
|
||||||
/* We don't support lastPinChange yet. */
|
/* We don't support lastPinChange yet. */
|
||||||
sc_format_asn1_entry(asn1_pin_attr + 8, &info.path, NULL, 0);
|
sc_format_asn1_entry(asn1_pin_attr + 8, &info.path, NULL, 0);
|
||||||
|
|
||||||
@ -91,26 +91,27 @@ int sc_pkcs15_decode_aodf_entry(struct sc_pkcs15_card *p15card,
|
|||||||
|
|
||||||
/* Fill in defaults */
|
/* Fill in defaults */
|
||||||
memset(&info, 0, sizeof(info));
|
memset(&info, 0, sizeof(info));
|
||||||
info.reference = 0;
|
info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
||||||
info.tries_left = -1;
|
info.tries_left = -1;
|
||||||
|
|
||||||
r = sc_asn1_decode(ctx, asn1_pin, *buf, *buflen, buf, buflen);
|
r = sc_asn1_decode(ctx, asn1_pin, *buf, *buflen, buf, buflen);
|
||||||
if (r == SC_ERROR_ASN1_END_OF_CONTENTS)
|
if (r == SC_ERROR_ASN1_END_OF_CONTENTS)
|
||||||
return r;
|
return r;
|
||||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "ASN.1 decoding failed");
|
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "ASN.1 decoding failed");
|
||||||
info.magic = SC_PKCS15_PIN_MAGIC;
|
|
||||||
obj->type = SC_PKCS15_TYPE_AUTH_PIN;
|
obj->type = SC_PKCS15_TYPE_AUTH_PIN;
|
||||||
obj->data = malloc(sizeof(info));
|
obj->data = malloc(sizeof(info));
|
||||||
if (obj->data == NULL)
|
if (obj->data == NULL)
|
||||||
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY);
|
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY);
|
||||||
if (info.max_length == 0) {
|
|
||||||
|
if (info.attrs.pin.max_length == 0) {
|
||||||
if (p15card->card->max_pin_len != 0)
|
if (p15card->card->max_pin_len != 0)
|
||||||
info.max_length = p15card->card->max_pin_len;
|
info.attrs.pin.max_length = p15card->card->max_pin_len;
|
||||||
else if (info.stored_length != 0)
|
else if (info.attrs.pin.stored_length != 0)
|
||||||
info.max_length = info.type != SC_PKCS15_PIN_TYPE_BCD ?
|
info.attrs.pin.max_length = info.attrs.pin.type != SC_PKCS15_PIN_TYPE_BCD ?
|
||||||
info.stored_length : 2 * info.stored_length;
|
info.attrs.pin.stored_length : 2 * info.attrs.pin.stored_length;
|
||||||
else
|
else
|
||||||
info.max_length = 8; /* shouldn't happen */
|
info.attrs.pin.max_length = 8; /* shouldn't happen */
|
||||||
}
|
}
|
||||||
|
|
||||||
/* OpenSC 0.11.4 and older encoded "pinReference" as a negative
|
/* OpenSC 0.11.4 and older encoded "pinReference" as a negative
|
||||||
@ -118,12 +119,12 @@ int sc_pkcs15_decode_aodf_entry(struct sc_pkcs15_card *p15card,
|
|||||||
continue to work.
|
continue to work.
|
||||||
The same invalid encoding has some models of the proprietary PKCS#15 cards.
|
The same invalid encoding has some models of the proprietary PKCS#15 cards.
|
||||||
*/
|
*/
|
||||||
if (info.reference < 0)
|
if (info.attrs.pin.reference < 0)
|
||||||
info.reference += 256;
|
info.attrs.pin.reference += 256;
|
||||||
|
|
||||||
info.auth_method = SC_AC_CHV;
|
info.auth_method = SC_AC_CHV;
|
||||||
|
|
||||||
if (info.flags & SC_PKCS15_PIN_FLAG_LOCAL) {
|
if (info.attrs.pin.flags & SC_PKCS15_PIN_FLAG_LOCAL) {
|
||||||
/* In OpenSC pkcs#15 framework 'path' is mandatory for the 'Local' PINs.
|
/* In OpenSC pkcs#15 framework 'path' is mandatory for the 'Local' PINs.
|
||||||
* If 'path' do not present in PinAttributes,
|
* If 'path' do not present in PinAttributes,
|
||||||
* derive it from the PKCS#15 context. */
|
* derive it from the PKCS#15 context. */
|
||||||
@ -135,7 +136,7 @@ int sc_pkcs15_decode_aodf_entry(struct sc_pkcs15_card *p15card,
|
|||||||
info.path = p15card->file_app->path;
|
info.path = p15card->file_app->path;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
sc_debug(ctx, SC_LOG_DEBUG_ASN1, "decoded PIN(ref:%X,path:%s)", info.reference, sc_print_path(&info.path));
|
sc_debug(ctx, SC_LOG_DEBUG_ASN1, "decoded PIN(ref:%X,path:%s)", info.attrs.pin.reference, sc_print_path(&info.path));
|
||||||
|
|
||||||
memcpy(obj->data, &info, sizeof(info));
|
memcpy(obj->data, &info, sizeof(info));
|
||||||
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_ASN1, SC_SUCCESS);
|
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_ASN1, SC_SUCCESS);
|
||||||
@ -147,14 +148,16 @@ int sc_pkcs15_encode_aodf_entry(sc_context_t *ctx,
|
|||||||
{
|
{
|
||||||
struct sc_asn1_entry asn1_com_ao_attr[2], asn1_pin_attr[10], asn1_type_pin_attr[2];
|
struct sc_asn1_entry asn1_com_ao_attr[2], asn1_pin_attr[10], asn1_type_pin_attr[2];
|
||||||
struct sc_asn1_entry asn1_pin[2];
|
struct sc_asn1_entry asn1_pin[2];
|
||||||
struct sc_pkcs15_pin_info *pin =
|
struct sc_pkcs15_auth_info *info = (struct sc_pkcs15_auth_info *) obj->data;
|
||||||
(struct sc_pkcs15_pin_info *) obj->data;
|
|
||||||
struct sc_asn1_pkcs15_object pin_obj = { (struct sc_pkcs15_object *) obj,
|
struct sc_asn1_pkcs15_object pin_obj = { (struct sc_pkcs15_object *) obj,
|
||||||
asn1_com_ao_attr, NULL, asn1_type_pin_attr };
|
asn1_com_ao_attr, NULL, asn1_type_pin_attr };
|
||||||
int r;
|
int r;
|
||||||
size_t flags_len;
|
size_t flags_len;
|
||||||
size_t padchar_len = 1;
|
size_t padchar_len = 1;
|
||||||
|
|
||||||
|
if (info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
|
|
||||||
sc_copy_asn1_entry(c_asn1_pin, asn1_pin);
|
sc_copy_asn1_entry(c_asn1_pin, asn1_pin);
|
||||||
sc_copy_asn1_entry(c_asn1_type_pin_attr, asn1_type_pin_attr);
|
sc_copy_asn1_entry(c_asn1_type_pin_attr, asn1_type_pin_attr);
|
||||||
sc_copy_asn1_entry(c_asn1_pin_attr, asn1_pin_attr);
|
sc_copy_asn1_entry(c_asn1_pin_attr, asn1_pin_attr);
|
||||||
@ -164,39 +167,39 @@ int sc_pkcs15_encode_aodf_entry(sc_context_t *ctx,
|
|||||||
|
|
||||||
sc_format_asn1_entry(asn1_type_pin_attr + 0, asn1_pin_attr, NULL, 1);
|
sc_format_asn1_entry(asn1_type_pin_attr + 0, asn1_pin_attr, NULL, 1);
|
||||||
|
|
||||||
flags_len = sizeof(pin->flags);
|
flags_len = sizeof(info->attrs.pin.flags);
|
||||||
sc_format_asn1_entry(asn1_pin_attr + 0, &pin->flags, &flags_len, 1);
|
sc_format_asn1_entry(asn1_pin_attr + 0, &info->attrs.pin.flags, &flags_len, 1);
|
||||||
sc_format_asn1_entry(asn1_pin_attr + 1, &pin->type, NULL, 1);
|
sc_format_asn1_entry(asn1_pin_attr + 1, &info->attrs.pin.type, NULL, 1);
|
||||||
sc_format_asn1_entry(asn1_pin_attr + 2, &pin->min_length, NULL, 1);
|
sc_format_asn1_entry(asn1_pin_attr + 2, &info->attrs.pin.min_length, NULL, 1);
|
||||||
sc_format_asn1_entry(asn1_pin_attr + 3, &pin->stored_length, NULL, 1);
|
sc_format_asn1_entry(asn1_pin_attr + 3, &info->attrs.pin.stored_length, NULL, 1);
|
||||||
if (pin->max_length > 0)
|
if (info->attrs.pin.max_length > 0)
|
||||||
sc_format_asn1_entry(asn1_pin_attr + 4, &pin->max_length, NULL, 1);
|
sc_format_asn1_entry(asn1_pin_attr + 4, &info->attrs.pin.max_length, NULL, 1);
|
||||||
if (pin->reference >= 0)
|
if (info->attrs.pin.reference >= 0)
|
||||||
sc_format_asn1_entry(asn1_pin_attr + 5, &pin->reference, NULL, 1);
|
sc_format_asn1_entry(asn1_pin_attr + 5, &info->attrs.pin.reference, NULL, 1);
|
||||||
/* FIXME: check if pad_char present */
|
/* FIXME: check if pad_char present */
|
||||||
sc_format_asn1_entry(asn1_pin_attr + 6, &pin->pad_char, &padchar_len, 1);
|
sc_format_asn1_entry(asn1_pin_attr + 6, &info->attrs.pin.pad_char, &padchar_len, 1);
|
||||||
sc_format_asn1_entry(asn1_pin_attr + 8, &pin->path, NULL, pin->path.len ? 1 : 0);
|
sc_format_asn1_entry(asn1_pin_attr + 8, &info->path, NULL, info->path.len ? 1 : 0);
|
||||||
|
|
||||||
sc_format_asn1_entry(asn1_com_ao_attr + 0, &pin->auth_id, NULL, 1);
|
sc_format_asn1_entry(asn1_com_ao_attr + 0, &info->auth_id, NULL, 1);
|
||||||
|
|
||||||
assert(pin->magic == SC_PKCS15_PIN_MAGIC);
|
|
||||||
r = sc_asn1_encode(ctx, asn1_pin, buf, buflen);
|
r = sc_asn1_encode(ctx, asn1_pin, buf, buflen);
|
||||||
|
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int _validate_pin(struct sc_pkcs15_card *p15card,
|
static int _validate_pin(struct sc_pkcs15_card *p15card,
|
||||||
struct sc_pkcs15_pin_info *pin,
|
struct sc_pkcs15_auth_info *auth_info,
|
||||||
size_t pinlen)
|
size_t pinlen)
|
||||||
{
|
{
|
||||||
size_t max_length;
|
size_t max_length;
|
||||||
assert(p15card != NULL);
|
assert(p15card != NULL);
|
||||||
|
|
||||||
if (pin->magic != SC_PKCS15_PIN_MAGIC)
|
/* Ignore validation of the non-PIN authentication objects */
|
||||||
return SC_ERROR_OBJECT_NOT_VALID;
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_SUCCESS;
|
||||||
|
|
||||||
/* prevent buffer overflow from hostile card */
|
/* prevent buffer overflow from hostile card */
|
||||||
if (pin->stored_length > SC_MAX_PIN_SIZE)
|
if (auth_info->attrs.pin.stored_length > SC_MAX_PIN_SIZE)
|
||||||
return SC_ERROR_BUFFER_TOO_SMALL;
|
return SC_ERROR_BUFFER_TOO_SMALL;
|
||||||
|
|
||||||
/* if we use pinpad, no more checks are needed */
|
/* if we use pinpad, no more checks are needed */
|
||||||
@ -204,8 +207,8 @@ static int _validate_pin(struct sc_pkcs15_card *p15card,
|
|||||||
return SC_SUCCESS;
|
return SC_SUCCESS;
|
||||||
|
|
||||||
/* If pin is given, make sure it is within limits */
|
/* If pin is given, make sure it is within limits */
|
||||||
max_length = pin->max_length != 0 ? pin->max_length : SC_MAX_PIN_SIZE;
|
max_length = auth_info->attrs.pin.max_length != 0 ? auth_info->attrs.pin.max_length : SC_MAX_PIN_SIZE;
|
||||||
if (pinlen > max_length || pinlen < pin->min_length)
|
if (pinlen > max_length || pinlen < auth_info->attrs.pin.min_length)
|
||||||
return SC_ERROR_INVALID_PIN_LENGTH;
|
return SC_ERROR_INVALID_PIN_LENGTH;
|
||||||
|
|
||||||
return SC_SUCCESS;
|
return SC_SUCCESS;
|
||||||
@ -223,7 +226,7 @@ int sc_pkcs15_verify_pin(struct sc_pkcs15_card *p15card,
|
|||||||
const unsigned char *pincode, size_t pinlen)
|
const unsigned char *pincode, size_t pinlen)
|
||||||
{
|
{
|
||||||
struct sc_context *ctx = p15card->card->ctx;
|
struct sc_context *ctx = p15card->card->ctx;
|
||||||
struct sc_pkcs15_pin_info *pin_info = (struct sc_pkcs15_pin_info *)pin_obj->data;
|
struct sc_pkcs15_auth_info *auth_info = (struct sc_pkcs15_auth_info *)pin_obj->data;
|
||||||
int r;
|
int r;
|
||||||
sc_card_t *card;
|
sc_card_t *card;
|
||||||
struct sc_pin_cmd_data data;
|
struct sc_pin_cmd_data data;
|
||||||
@ -231,7 +234,11 @@ int sc_pkcs15_verify_pin(struct sc_pkcs15_card *p15card,
|
|||||||
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL);
|
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL);
|
||||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "PIN(%p;len:%i)", pincode, pinlen);
|
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "PIN(%p;len:%i)", pincode, pinlen);
|
||||||
|
|
||||||
r = _validate_pin(p15card, pin_info, pinlen);
|
/* TODO: verify other authentication objects */
|
||||||
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
|
|
||||||
|
r = _validate_pin(p15card, auth_info, pinlen);
|
||||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "PIN value do not conforms the PIN policy");
|
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "PIN value do not conforms the PIN policy");
|
||||||
|
|
||||||
card = p15card->card;
|
card = p15card->card;
|
||||||
@ -239,8 +246,8 @@ int sc_pkcs15_verify_pin(struct sc_pkcs15_card *p15card,
|
|||||||
r = sc_lock(card);
|
r = sc_lock(card);
|
||||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "sc_lock() failed");
|
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "sc_lock() failed");
|
||||||
/* the path in the pin object is optional */
|
/* the path in the pin object is optional */
|
||||||
if (pin_info->path.len > 0) {
|
if (auth_info->path.len > 0) {
|
||||||
r = sc_select_file(card, &pin_info->path, NULL);
|
r = sc_select_file(card, &auth_info->path, NULL);
|
||||||
if (r)
|
if (r)
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
@ -248,19 +255,19 @@ int sc_pkcs15_verify_pin(struct sc_pkcs15_card *p15card,
|
|||||||
/* Initialize arguments */
|
/* Initialize arguments */
|
||||||
memset(&data, 0, sizeof(data));
|
memset(&data, 0, sizeof(data));
|
||||||
data.cmd = SC_PIN_CMD_VERIFY;
|
data.cmd = SC_PIN_CMD_VERIFY;
|
||||||
data.pin_type = pin_info->auth_method;
|
data.pin_type = auth_info->auth_method;
|
||||||
data.pin_reference = pin_info->reference;
|
data.pin_reference = auth_info->attrs.pin.reference;
|
||||||
data.pin1.min_length = pin_info->min_length;
|
data.pin1.min_length = auth_info->attrs.pin.min_length;
|
||||||
data.pin1.max_length = pin_info->max_length;
|
data.pin1.max_length = auth_info->attrs.pin.max_length;
|
||||||
data.pin1.pad_length = pin_info->stored_length;
|
data.pin1.pad_length = auth_info->attrs.pin.stored_length;
|
||||||
data.pin1.pad_char = pin_info->pad_char;
|
data.pin1.pad_char = auth_info->attrs.pin.pad_char;
|
||||||
data.pin1.data = pincode;
|
data.pin1.data = pincode;
|
||||||
data.pin1.len = pinlen;
|
data.pin1.len = pinlen;
|
||||||
|
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_NEEDS_PADDING)
|
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_NEEDS_PADDING)
|
||||||
data.flags |= SC_PIN_CMD_NEED_PADDING;
|
data.flags |= SC_PIN_CMD_NEED_PADDING;
|
||||||
|
|
||||||
switch (pin_info->type) {
|
switch (auth_info->attrs.pin.type) {
|
||||||
case SC_PKCS15_PIN_TYPE_BCD:
|
case SC_PKCS15_PIN_TYPE_BCD:
|
||||||
data.pin1.encoding = SC_PIN_ENCODING_BCD;
|
data.pin1.encoding = SC_PIN_ENCODING_BCD;
|
||||||
break;
|
break;
|
||||||
@ -275,13 +282,13 @@ int sc_pkcs15_verify_pin(struct sc_pkcs15_card *p15card,
|
|||||||
if(p15card->card->reader->capabilities & SC_READER_CAP_PIN_PAD) {
|
if(p15card->card->reader->capabilities & SC_READER_CAP_PIN_PAD) {
|
||||||
if (!pincode && !pinlen)
|
if (!pincode && !pinlen)
|
||||||
data.flags |= SC_PIN_CMD_USE_PINPAD;
|
data.flags |= SC_PIN_CMD_USE_PINPAD;
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
||||||
data.pin1.prompt = "Please enter SO PIN";
|
data.pin1.prompt = "Please enter SO PIN";
|
||||||
else
|
else
|
||||||
data.pin1.prompt = "Please enter PIN";
|
data.pin1.prompt = "Please enter PIN";
|
||||||
}
|
}
|
||||||
|
|
||||||
r = sc_pin_cmd(card, &data, &pin_info->tries_left);
|
r = sc_pin_cmd(card, &data, &auth_info->tries_left);
|
||||||
if (r == SC_SUCCESS)
|
if (r == SC_SUCCESS)
|
||||||
sc_pkcs15_pincache_add(p15card, pin_obj, pincode, pinlen);
|
sc_pkcs15_pincache_add(p15card, pin_obj, pincode, pinlen);
|
||||||
out:
|
out:
|
||||||
@ -300,20 +307,23 @@ int sc_pkcs15_change_pin(struct sc_pkcs15_card *p15card,
|
|||||||
int r;
|
int r;
|
||||||
sc_card_t *card;
|
sc_card_t *card;
|
||||||
struct sc_pin_cmd_data data;
|
struct sc_pin_cmd_data data;
|
||||||
struct sc_pkcs15_pin_info *pin_info = (struct sc_pkcs15_pin_info *)pin_obj->data;
|
struct sc_pkcs15_auth_info *auth_info = (struct sc_pkcs15_auth_info *)pin_obj->data;
|
||||||
|
|
||||||
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
|
|
||||||
/* make sure the pins are in valid range */
|
/* make sure the pins are in valid range */
|
||||||
if ((r = _validate_pin(p15card, pin_info, oldpinlen)) != SC_SUCCESS)
|
if ((r = _validate_pin(p15card, auth_info, oldpinlen)) != SC_SUCCESS)
|
||||||
return r;
|
return r;
|
||||||
if ((r = _validate_pin(p15card, pin_info, newpinlen)) != SC_SUCCESS)
|
if ((r = _validate_pin(p15card, auth_info, newpinlen)) != SC_SUCCESS)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
card = p15card->card;
|
card = p15card->card;
|
||||||
r = sc_lock(card);
|
r = sc_lock(card);
|
||||||
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "sc_lock() failed");
|
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "sc_lock() failed");
|
||||||
/* the path in the pin object is optional */
|
/* the path in the pin object is optional */
|
||||||
if (pin_info->path.len > 0) {
|
if (auth_info->path.len > 0) {
|
||||||
r = sc_select_file(card, &pin_info->path, NULL);
|
r = sc_select_file(card, &auth_info->path, NULL);
|
||||||
if (r)
|
if (r)
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
@ -322,24 +332,24 @@ int sc_pkcs15_change_pin(struct sc_pkcs15_card *p15card,
|
|||||||
memset(&data, 0, sizeof(data));
|
memset(&data, 0, sizeof(data));
|
||||||
data.cmd = SC_PIN_CMD_CHANGE;
|
data.cmd = SC_PIN_CMD_CHANGE;
|
||||||
data.pin_type = SC_AC_CHV;
|
data.pin_type = SC_AC_CHV;
|
||||||
data.pin_reference = pin_info->reference;
|
data.pin_reference = auth_info->attrs.pin.reference;
|
||||||
data.pin1.data = oldpin;
|
data.pin1.data = oldpin;
|
||||||
data.pin1.len = oldpinlen;
|
data.pin1.len = oldpinlen;
|
||||||
data.pin1.pad_char = pin_info->pad_char;
|
data.pin1.pad_char = auth_info->attrs.pin.pad_char;
|
||||||
data.pin1.min_length = pin_info->min_length;
|
data.pin1.min_length = auth_info->attrs.pin.min_length;
|
||||||
data.pin1.max_length = pin_info->max_length;
|
data.pin1.max_length = auth_info->attrs.pin.max_length;
|
||||||
data.pin1.pad_length = pin_info->stored_length;
|
data.pin1.pad_length = auth_info->attrs.pin.stored_length;
|
||||||
data.pin2.data = newpin;
|
data.pin2.data = newpin;
|
||||||
data.pin2.len = newpinlen;
|
data.pin2.len = newpinlen;
|
||||||
data.pin2.pad_char = pin_info->pad_char;
|
data.pin2.pad_char = auth_info->attrs.pin.pad_char;
|
||||||
data.pin2.min_length = pin_info->min_length;
|
data.pin2.min_length = auth_info->attrs.pin.min_length;
|
||||||
data.pin2.max_length = pin_info->max_length;
|
data.pin2.max_length = auth_info->attrs.pin.max_length;
|
||||||
data.pin2.pad_length = pin_info->stored_length;
|
data.pin2.pad_length = auth_info->attrs.pin.stored_length;
|
||||||
|
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_NEEDS_PADDING)
|
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_NEEDS_PADDING)
|
||||||
data.flags |= SC_PIN_CMD_NEED_PADDING;
|
data.flags |= SC_PIN_CMD_NEED_PADDING;
|
||||||
|
|
||||||
switch (pin_info->type) {
|
switch (auth_info->attrs.pin.type) {
|
||||||
case SC_PKCS15_PIN_TYPE_BCD:
|
case SC_PKCS15_PIN_TYPE_BCD:
|
||||||
data.pin1.encoding = SC_PIN_ENCODING_BCD;
|
data.pin1.encoding = SC_PIN_ENCODING_BCD;
|
||||||
data.pin2.encoding = SC_PIN_ENCODING_BCD;
|
data.pin2.encoding = SC_PIN_ENCODING_BCD;
|
||||||
@ -353,7 +363,7 @@ int sc_pkcs15_change_pin(struct sc_pkcs15_card *p15card,
|
|||||||
if((!oldpin || !newpin)
|
if((!oldpin || !newpin)
|
||||||
&& p15card->card->reader->capabilities & SC_READER_CAP_PIN_PAD) {
|
&& p15card->card->reader->capabilities & SC_READER_CAP_PIN_PAD) {
|
||||||
data.flags |= SC_PIN_CMD_USE_PINPAD;
|
data.flags |= SC_PIN_CMD_USE_PINPAD;
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
||||||
data.pin1.prompt = "Please enter SO PIN";
|
data.pin1.prompt = "Please enter SO PIN";
|
||||||
data.pin2.prompt = "Please enter new SO PIN";
|
data.pin2.prompt = "Please enter new SO PIN";
|
||||||
} else {
|
} else {
|
||||||
@ -362,7 +372,7 @@ int sc_pkcs15_change_pin(struct sc_pkcs15_card *p15card,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
r = sc_pin_cmd(card, &data, &pin_info->tries_left);
|
r = sc_pin_cmd(card, &data, &auth_info->tries_left);
|
||||||
if (r == SC_SUCCESS)
|
if (r == SC_SUCCESS)
|
||||||
sc_pkcs15_pincache_add(p15card, pin_obj, newpin, newpinlen);
|
sc_pkcs15_pincache_add(p15card, pin_obj, newpin, newpinlen);
|
||||||
|
|
||||||
@ -383,11 +393,14 @@ int sc_pkcs15_unblock_pin(struct sc_pkcs15_card *p15card,
|
|||||||
sc_card_t *card;
|
sc_card_t *card;
|
||||||
struct sc_pin_cmd_data data;
|
struct sc_pin_cmd_data data;
|
||||||
struct sc_pkcs15_object *puk_obj;
|
struct sc_pkcs15_object *puk_obj;
|
||||||
struct sc_pkcs15_pin_info *puk_info = NULL;
|
struct sc_pkcs15_auth_info *puk_info = NULL;
|
||||||
struct sc_pkcs15_pin_info *pin_info = (struct sc_pkcs15_pin_info *)pin_obj->data;
|
struct sc_pkcs15_auth_info *auth_info = (struct sc_pkcs15_auth_info *)pin_obj->data;
|
||||||
|
|
||||||
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
|
|
||||||
/* make sure the pins are in valid range */
|
/* make sure the pins are in valid range */
|
||||||
if ((r = _validate_pin(p15card, pin_info, newpinlen)) != SC_SUCCESS)
|
if ((r = _validate_pin(p15card, auth_info, newpinlen)) != SC_SUCCESS)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
card = p15card->card;
|
card = p15card->card;
|
||||||
@ -399,11 +412,11 @@ int sc_pkcs15_unblock_pin(struct sc_pkcs15_card *p15card,
|
|||||||
r = sc_pkcs15_find_pin_by_auth_id(p15card, &pin_obj->auth_id, &puk_obj);
|
r = sc_pkcs15_find_pin_by_auth_id(p15card, &pin_obj->auth_id, &puk_obj);
|
||||||
if (r >= 0 && puk_obj) {
|
if (r >= 0 && puk_obj) {
|
||||||
/* second step: get the pkcs15 info object of the puk */
|
/* second step: get the pkcs15 info object of the puk */
|
||||||
puk_info = (struct sc_pkcs15_pin_info *)puk_obj->data;
|
puk_info = (struct sc_pkcs15_auth_info *)puk_obj->data;
|
||||||
}
|
}
|
||||||
if (!puk_info) {
|
if (!puk_info) {
|
||||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unable to get puk object, using pin object instead!");
|
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Unable to get puk object, using pin object instead!");
|
||||||
puk_info = pin_info;
|
puk_info = auth_info;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* make sure the puk is in valid range */
|
/* make sure the puk is in valid range */
|
||||||
@ -413,8 +426,8 @@ int sc_pkcs15_unblock_pin(struct sc_pkcs15_card *p15card,
|
|||||||
r = sc_lock(card);
|
r = sc_lock(card);
|
||||||
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "sc_lock() failed");
|
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "sc_lock() failed");
|
||||||
/* the path in the pin object is optional */
|
/* the path in the pin object is optional */
|
||||||
if (pin_info->path.len > 0) {
|
if (auth_info->path.len > 0) {
|
||||||
r = sc_select_file(card, &pin_info->path, NULL);
|
r = sc_select_file(card, &auth_info->path, NULL);
|
||||||
if (r)
|
if (r)
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
@ -423,24 +436,24 @@ int sc_pkcs15_unblock_pin(struct sc_pkcs15_card *p15card,
|
|||||||
memset(&data, 0, sizeof(data));
|
memset(&data, 0, sizeof(data));
|
||||||
data.cmd = SC_PIN_CMD_UNBLOCK;
|
data.cmd = SC_PIN_CMD_UNBLOCK;
|
||||||
data.pin_type = SC_AC_CHV;
|
data.pin_type = SC_AC_CHV;
|
||||||
data.pin_reference = pin_info->reference;
|
data.pin_reference = auth_info->attrs.pin.reference;
|
||||||
data.pin1.data = puk;
|
data.pin1.data = puk;
|
||||||
data.pin1.len = puklen;
|
data.pin1.len = puklen;
|
||||||
data.pin1.pad_char = pin_info->pad_char;
|
data.pin1.pad_char = auth_info->attrs.pin.pad_char;
|
||||||
data.pin1.min_length = pin_info->min_length;
|
data.pin1.min_length = auth_info->attrs.pin.min_length;
|
||||||
data.pin1.max_length = pin_info->max_length;
|
data.pin1.max_length = auth_info->attrs.pin.max_length;
|
||||||
data.pin1.pad_length = pin_info->stored_length;
|
data.pin1.pad_length = auth_info->attrs.pin.stored_length;
|
||||||
data.pin2.data = newpin;
|
data.pin2.data = newpin;
|
||||||
data.pin2.len = newpinlen;
|
data.pin2.len = newpinlen;
|
||||||
data.pin2.pad_char = puk_info->pad_char;
|
data.pin2.pad_char = puk_info->attrs.pin.pad_char;
|
||||||
data.pin2.min_length = puk_info->min_length;
|
data.pin2.min_length = puk_info->attrs.pin.min_length;
|
||||||
data.pin2.max_length = puk_info->max_length;
|
data.pin2.max_length = puk_info->attrs.pin.max_length;
|
||||||
data.pin2.pad_length = puk_info->stored_length;
|
data.pin2.pad_length = puk_info->attrs.pin.stored_length;
|
||||||
|
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_NEEDS_PADDING)
|
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_NEEDS_PADDING)
|
||||||
data.flags |= SC_PIN_CMD_NEED_PADDING;
|
data.flags |= SC_PIN_CMD_NEED_PADDING;
|
||||||
|
|
||||||
switch (pin_info->type) {
|
switch (auth_info->attrs.pin.type) {
|
||||||
case SC_PKCS15_PIN_TYPE_BCD:
|
case SC_PKCS15_PIN_TYPE_BCD:
|
||||||
data.pin1.encoding = SC_PIN_ENCODING_BCD;
|
data.pin1.encoding = SC_PIN_ENCODING_BCD;
|
||||||
break;
|
break;
|
||||||
@ -449,7 +462,7 @@ int sc_pkcs15_unblock_pin(struct sc_pkcs15_card *p15card,
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
switch (puk_info->type) {
|
switch (puk_info->attrs.pin.type) {
|
||||||
case SC_PKCS15_PIN_TYPE_BCD:
|
case SC_PKCS15_PIN_TYPE_BCD:
|
||||||
data.pin2.encoding = SC_PIN_ENCODING_BCD;
|
data.pin2.encoding = SC_PIN_ENCODING_BCD;
|
||||||
break;
|
break;
|
||||||
@ -460,7 +473,7 @@ int sc_pkcs15_unblock_pin(struct sc_pkcs15_card *p15card,
|
|||||||
|
|
||||||
if(p15card->card->reader->capabilities & SC_READER_CAP_PIN_PAD) {
|
if(p15card->card->reader->capabilities & SC_READER_CAP_PIN_PAD) {
|
||||||
data.flags |= SC_PIN_CMD_USE_PINPAD;
|
data.flags |= SC_PIN_CMD_USE_PINPAD;
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
||||||
data.pin1.prompt = "Please enter PUK";
|
data.pin1.prompt = "Please enter PUK";
|
||||||
data.pin2.prompt = "Please enter new SO PIN";
|
data.pin2.prompt = "Please enter new SO PIN";
|
||||||
} else {
|
} else {
|
||||||
@ -469,7 +482,7 @@ int sc_pkcs15_unblock_pin(struct sc_pkcs15_card *p15card,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
r = sc_pin_cmd(card, &data, &pin_info->tries_left);
|
r = sc_pin_cmd(card, &data, &auth_info->tries_left);
|
||||||
if (r == SC_SUCCESS)
|
if (r == SC_SUCCESS)
|
||||||
sc_pkcs15_pincache_add(p15card, pin_obj, newpin, newpinlen);
|
sc_pkcs15_pincache_add(p15card, pin_obj, newpin, newpinlen);
|
||||||
|
|
||||||
@ -478,9 +491,9 @@ out:
|
|||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
void sc_pkcs15_free_pin_info(sc_pkcs15_pin_info_t *pin)
|
void sc_pkcs15_free_auth_info(sc_pkcs15_auth_info_t *auth_info)
|
||||||
{
|
{
|
||||||
free(pin);
|
free(auth_info);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -489,7 +502,7 @@ void sc_pkcs15_pincache_add(struct sc_pkcs15_card *p15card, struct sc_pkcs15_obj
|
|||||||
const u8 *pin, size_t pinlen)
|
const u8 *pin, size_t pinlen)
|
||||||
{
|
{
|
||||||
struct sc_context *ctx = p15card->card->ctx;
|
struct sc_context *ctx = p15card->card->ctx;
|
||||||
struct sc_pkcs15_pin_info *pin_info = (struct sc_pkcs15_pin_info *)pin_obj->data;
|
struct sc_pkcs15_auth_info *auth_info = (struct sc_pkcs15_auth_info *)pin_obj->data;
|
||||||
struct sc_pkcs15_object *obj = NULL;
|
struct sc_pkcs15_object *obj = NULL;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
@ -509,7 +522,7 @@ void sc_pkcs15_pincache_add(struct sc_pkcs15_card *p15card, struct sc_pkcs15_obj
|
|||||||
* "6.1.16 CommonAuthenticationObjectAttributes" with the exception that
|
* "6.1.16 CommonAuthenticationObjectAttributes" with the exception that
|
||||||
* "CommonObjectAttributes.accessControlRules" are not taken into account. */
|
* "CommonObjectAttributes.accessControlRules" are not taken into account. */
|
||||||
|
|
||||||
if (sc_pkcs15_compare_id(&obj->auth_id, &pin_info->auth_id)) {
|
if (sc_pkcs15_compare_id(&obj->auth_id, &auth_info->auth_id)) {
|
||||||
/* Caching is refused, if the protected object requires user consent */
|
/* Caching is refused, if the protected object requires user consent */
|
||||||
if (obj->user_consent > 0) {
|
if (obj->user_consent > 0) {
|
||||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "caching refused (user consent)");
|
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "caching refused (user consent)");
|
||||||
|
@ -763,7 +763,7 @@ static int sc_pkcs15emu_piv_init(sc_pkcs15_card_t *p15card)
|
|||||||
/* set pins */
|
/* set pins */
|
||||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "PIV-II adding pins...");
|
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "PIV-II adding pins...");
|
||||||
for (i = 0; pins[i].label; i++) {
|
for (i = 0; pins[i].label; i++) {
|
||||||
struct sc_pkcs15_pin_info pin_info;
|
struct sc_pkcs15_auth_info pin_info;
|
||||||
struct sc_pkcs15_object pin_obj;
|
struct sc_pkcs15_object pin_obj;
|
||||||
const char * label;
|
const char * label;
|
||||||
int pin_ref;
|
int pin_ref;
|
||||||
@ -771,14 +771,15 @@ static int sc_pkcs15emu_piv_init(sc_pkcs15_card_t *p15card)
|
|||||||
memset(&pin_info, 0, sizeof(pin_info));
|
memset(&pin_info, 0, sizeof(pin_info));
|
||||||
memset(&pin_obj, 0, sizeof(pin_obj));
|
memset(&pin_obj, 0, sizeof(pin_obj));
|
||||||
|
|
||||||
|
pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
||||||
sc_pkcs15_format_id(pins[i].id, &pin_info.auth_id);
|
sc_pkcs15_format_id(pins[i].id, &pin_info.auth_id);
|
||||||
pin_info.reference = pins[i].ref;
|
pin_info.attrs.pin.reference = pins[i].ref;
|
||||||
pin_info.flags = pins[i].flags;
|
pin_info.attrs.pin.flags = pins[i].flags;
|
||||||
pin_info.type = pins[i].type;
|
pin_info.attrs.pin.type = pins[i].type;
|
||||||
pin_info.min_length = pins[i].minlen;
|
pin_info.attrs.pin.min_length = pins[i].minlen;
|
||||||
pin_info.stored_length = pins[i].storedlen;
|
pin_info.attrs.pin.stored_length = pins[i].storedlen;
|
||||||
pin_info.max_length = pins[i].maxlen;
|
pin_info.attrs.pin.max_length = pins[i].maxlen;
|
||||||
pin_info.pad_char = pins[i].pad_char;
|
pin_info.attrs.pin.pad_char = pins[i].pad_char;
|
||||||
sc_format_path(pins[i].path, &pin_info.path);
|
sc_format_path(pins[i].path, &pin_info.path);
|
||||||
pin_info.tries_left = -1;
|
pin_info.tries_left = -1;
|
||||||
|
|
||||||
@ -787,7 +788,7 @@ static int sc_pkcs15emu_piv_init(sc_pkcs15_card_t *p15card)
|
|||||||
(card->ops->card_ctl)(card, SC_CARDCTL_PIV_PIN_PREFERENCE,
|
(card->ops->card_ctl)(card, SC_CARDCTL_PIV_PIN_PREFERENCE,
|
||||||
&pin_ref) == 0 &&
|
&pin_ref) == 0 &&
|
||||||
pin_ref == 0x00) { /* must be 80 for PIV pin, or 00 for Global PIN */
|
pin_ref == 0x00) { /* must be 80 for PIV pin, or 00 for Global PIN */
|
||||||
pin_info.reference = pin_ref;
|
pin_info.attrs.pin.reference = pin_ref;
|
||||||
label = "Global PIN";
|
label = "Global PIN";
|
||||||
}
|
}
|
||||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "DEE Adding pin %d label=%s",i, label);
|
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "DEE Adding pin %d label=%s",i, label);
|
||||||
|
@ -67,27 +67,27 @@ static int sc_pkcs15emu_add_pin(sc_pkcs15_card_t *p15card,
|
|||||||
unsigned int max_length,
|
unsigned int max_length,
|
||||||
int flags, int tries_left, const char pad_char, int obj_flags)
|
int flags, int tries_left, const char pad_char, int obj_flags)
|
||||||
{
|
{
|
||||||
sc_pkcs15_pin_info_t info;
|
sc_pkcs15_auth_info_t info;
|
||||||
sc_pkcs15_object_t obj;
|
sc_pkcs15_object_t obj;
|
||||||
|
|
||||||
memset(&info, 0, sizeof(info));
|
memset(&info, 0, sizeof(info));
|
||||||
memset(&obj, 0, sizeof(obj));
|
memset(&obj, 0, sizeof(obj));
|
||||||
|
|
||||||
info.auth_id = *id;
|
info.auth_id = *id;
|
||||||
info.min_length = min_length;
|
info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
||||||
info.max_length = max_length;
|
info.attrs.pin.min_length = min_length;
|
||||||
info.stored_length = max_length;
|
info.attrs.pin.max_length = max_length;
|
||||||
info.type = type;
|
info.attrs.pin.stored_length = max_length;
|
||||||
info.reference = ref;
|
info.attrs.pin.type = type;
|
||||||
info.flags = flags;
|
info.attrs.pin.reference = ref;
|
||||||
|
info.attrs.pin.flags = flags;
|
||||||
|
info.attrs.pin.pad_char = pad_char;
|
||||||
info.tries_left = tries_left;
|
info.tries_left = tries_left;
|
||||||
info.magic = SC_PKCS15_PIN_MAGIC;
|
|
||||||
info.pad_char = pad_char;
|
|
||||||
|
|
||||||
if (path)
|
if (path)
|
||||||
info.path = *path;
|
info.path = *path;
|
||||||
if (type == SC_PKCS15_PIN_TYPE_BCD)
|
if (type == SC_PKCS15_PIN_TYPE_BCD)
|
||||||
info.stored_length /= 2;
|
info.attrs.pin.stored_length /= 2;
|
||||||
|
|
||||||
strlcpy(obj.label, label, sizeof(obj.label));
|
strlcpy(obj.label, label, sizeof(obj.label));
|
||||||
obj.flags = obj_flags;
|
obj.flags = obj_flags;
|
||||||
|
@ -151,23 +151,24 @@ static int sc_pkcs15emu_pteid_init(sc_pkcs15_card_t * p15card)
|
|||||||
/* PIN Paths */
|
/* PIN Paths */
|
||||||
static const char *pteid_pin_paths[2][3] = { {NULL, "3f005f00", NULL},
|
static const char *pteid_pin_paths[2][3] = { {NULL, "3f005f00", NULL},
|
||||||
{NULL, NULL, NULL} };
|
{NULL, NULL, NULL} };
|
||||||
struct sc_pkcs15_pin_info pin_info;
|
struct sc_pkcs15_auth_info pin_info;
|
||||||
struct sc_pkcs15_object pin_obj;
|
struct sc_pkcs15_object pin_obj;
|
||||||
|
|
||||||
memset(&pin_info, 0, sizeof(pin_info));
|
memset(&pin_info, 0, sizeof(pin_info));
|
||||||
memset(&pin_obj, 0, sizeof(pin_obj));
|
memset(&pin_obj, 0, sizeof(pin_obj));
|
||||||
|
|
||||||
|
pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
||||||
pin_info.auth_id.len = 1;
|
pin_info.auth_id.len = 1;
|
||||||
pin_info.auth_id.value[0] = pteid_pin_authid[i];
|
pin_info.auth_id.value[0] = pteid_pin_authid[i];
|
||||||
pin_info.reference = pteid_pin_ref[type][i];
|
pin_info.attrs.pin.reference = pteid_pin_ref[type][i];
|
||||||
pin_info.flags = SC_PKCS15_PIN_FLAG_NEEDS_PADDING
|
pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_NEEDS_PADDING
|
||||||
| SC_PKCS15_PIN_FLAG_INITIALIZED
|
| SC_PKCS15_PIN_FLAG_INITIALIZED
|
||||||
| SC_PKCS15_PIN_FLAG_CASE_SENSITIVE;
|
| SC_PKCS15_PIN_FLAG_CASE_SENSITIVE;
|
||||||
pin_info.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC;
|
pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC;
|
||||||
pin_info.min_length = 4;
|
pin_info.attrs.pin.min_length = 4;
|
||||||
pin_info.stored_length = 8;
|
pin_info.attrs.pin.stored_length = 8;
|
||||||
pin_info.max_length = 8;
|
pin_info.attrs.pin.max_length = 8;
|
||||||
pin_info.pad_char = type == IAS_CARD ? 0x2F : 0xFF;
|
pin_info.attrs.pin.pad_char = type == IAS_CARD ? 0x2F : 0xFF;
|
||||||
pin_info.tries_left = -1;
|
pin_info.tries_left = -1;
|
||||||
if (pteid_pin_paths[type][i] != NULL)
|
if (pteid_pin_paths[type][i] != NULL)
|
||||||
sc_format_path(pteid_pin_paths[type][i], &pin_info.path);
|
sc_format_path(pteid_pin_paths[type][i], &pin_info.path);
|
||||||
|
@ -203,20 +203,22 @@ static int sc_pkcs15emu_starcert_init(sc_pkcs15_card_t *p15card)
|
|||||||
}
|
}
|
||||||
/* set pins */
|
/* set pins */
|
||||||
for (i = 0; pins[i].label; i++) {
|
for (i = 0; pins[i].label; i++) {
|
||||||
struct sc_pkcs15_pin_info pin_info;
|
struct sc_pkcs15_auth_info pin_info;
|
||||||
struct sc_pkcs15_object pin_obj;
|
struct sc_pkcs15_object pin_obj;
|
||||||
|
|
||||||
memset(&pin_info, 0, sizeof(pin_info));
|
memset(&pin_info, 0, sizeof(pin_info));
|
||||||
memset(&pin_obj, 0, sizeof(pin_obj));
|
memset(&pin_obj, 0, sizeof(pin_obj));
|
||||||
|
|
||||||
|
|
||||||
sc_pkcs15_format_id(pins[i].id, &pin_info.auth_id);
|
sc_pkcs15_format_id(pins[i].id, &pin_info.auth_id);
|
||||||
pin_info.reference = pins[i].ref;
|
pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
||||||
pin_info.flags = pins[i].flags;
|
pin_info.attrs.pin.reference = pins[i].ref;
|
||||||
pin_info.type = pins[i].type;
|
pin_info.attrs.pin.flags = pins[i].flags;
|
||||||
pin_info.min_length = pins[i].minlen;
|
pin_info.attrs.pin.type = pins[i].type;
|
||||||
pin_info.stored_length = pins[i].storedlen;
|
pin_info.attrs.pin.min_length = pins[i].minlen;
|
||||||
pin_info.max_length = pins[i].maxlen;
|
pin_info.attrs.pin.stored_length = pins[i].storedlen;
|
||||||
pin_info.pad_char = pins[i].pad_char;
|
pin_info.attrs.pin.max_length = pins[i].maxlen;
|
||||||
|
pin_info.attrs.pin.pad_char = pins[i].pad_char;
|
||||||
sc_format_path(pins[i].path, &pin_info.path);
|
sc_format_path(pins[i].path, &pin_info.path);
|
||||||
pin_info.tries_left = -1;
|
pin_info.tries_left = -1;
|
||||||
|
|
||||||
|
@ -324,11 +324,11 @@ static sc_pkcs15_df_t * sc_pkcs15emu_get_df(sc_pkcs15_card_t *p15card,
|
|||||||
}
|
}
|
||||||
|
|
||||||
int sc_pkcs15emu_add_pin_obj(sc_pkcs15_card_t *p15card,
|
int sc_pkcs15emu_add_pin_obj(sc_pkcs15_card_t *p15card,
|
||||||
const sc_pkcs15_object_t *obj, const sc_pkcs15_pin_info_t *in_pin)
|
const sc_pkcs15_object_t *obj, const sc_pkcs15_auth_info_t *in_pin)
|
||||||
{
|
{
|
||||||
sc_pkcs15_pin_info_t pin = *in_pin;
|
sc_pkcs15_auth_info_t pin = *in_pin;
|
||||||
|
|
||||||
pin.magic = SC_PKCS15_PIN_MAGIC;
|
pin.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
||||||
if(!pin.auth_method) /* or SC_AC_NONE */
|
if(!pin.auth_method) /* or SC_AC_NONE */
|
||||||
pin.auth_method = SC_AC_CHV;
|
pin.auth_method = SC_AC_CHV;
|
||||||
|
|
||||||
@ -412,7 +412,7 @@ int sc_pkcs15emu_object_add(sc_pkcs15_card_t *p15card, unsigned int type,
|
|||||||
switch (type & SC_PKCS15_TYPE_CLASS_MASK) {
|
switch (type & SC_PKCS15_TYPE_CLASS_MASK) {
|
||||||
case SC_PKCS15_TYPE_AUTH:
|
case SC_PKCS15_TYPE_AUTH:
|
||||||
df_type = SC_PKCS15_AODF;
|
df_type = SC_PKCS15_AODF;
|
||||||
data_len = sizeof(struct sc_pkcs15_pin_info);
|
data_len = sizeof(struct sc_pkcs15_auth_info);
|
||||||
break;
|
break;
|
||||||
case SC_PKCS15_TYPE_PRKEY:
|
case SC_PKCS15_TYPE_PRKEY:
|
||||||
df_type = SC_PKCS15_PRKDF;
|
df_type = SC_PKCS15_PRKDF;
|
||||||
|
@ -166,7 +166,7 @@ static int create_pin_obj(sc_pkcs15_card_t *p15card, int cert,
|
|||||||
int key_descr, unsigned int pinId)
|
int key_descr, unsigned int pinId)
|
||||||
{
|
{
|
||||||
sc_pkcs15_object_t p15obj;
|
sc_pkcs15_object_t p15obj;
|
||||||
sc_pkcs15_pin_info_t ainfo;
|
sc_pkcs15_auth_info_t ainfo;
|
||||||
|
|
||||||
/* init data objects */
|
/* init data objects */
|
||||||
memset(&p15obj, 0, sizeof(p15obj));
|
memset(&p15obj, 0, sizeof(p15obj));
|
||||||
@ -174,15 +174,16 @@ static int create_pin_obj(sc_pkcs15_card_t *p15card, int cert,
|
|||||||
/* the authentication object attributes */
|
/* the authentication object attributes */
|
||||||
ainfo.auth_id.value[0] = (u8)pinId;
|
ainfo.auth_id.value[0] = (u8)pinId;
|
||||||
ainfo.auth_id.len = 1;
|
ainfo.auth_id.len = 1;
|
||||||
ainfo.reference = (u8)pinId;
|
ainfo.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
||||||
ainfo.flags = SC_PKCS15_PIN_FLAG_EXCHANGE_REF_DATA;
|
ainfo.attrs.pin.reference = (u8)pinId;
|
||||||
|
ainfo.attrs.pin.flags = SC_PKCS15_PIN_FLAG_EXCHANGE_REF_DATA;
|
||||||
if ((key_descr & TC_CARDOS_PIN_MASK) == TC_CARDOS_LOCALPIN)
|
if ((key_descr & TC_CARDOS_PIN_MASK) == TC_CARDOS_LOCALPIN)
|
||||||
ainfo.flags |= SC_PKCS15_PIN_FLAG_LOCAL;
|
ainfo.attrs.pin.flags |= SC_PKCS15_PIN_FLAG_LOCAL;
|
||||||
ainfo.type = SC_PKCS15_PIN_TYPE_BCD; /* XXX */
|
ainfo.attrs.pin.type = SC_PKCS15_PIN_TYPE_BCD; /* XXX */
|
||||||
ainfo.min_length = 6; /* XXX */
|
ainfo.attrs.pin.min_length = 6; /* XXX */
|
||||||
ainfo.stored_length = 8; /* XXX */
|
ainfo.attrs.pin.stored_length = 8; /* XXX */
|
||||||
ainfo.max_length = 8;
|
ainfo.attrs.pin.max_length = 8;
|
||||||
ainfo.pad_char = 0;
|
ainfo.attrs.pin.pad_char = 0;
|
||||||
ainfo.tries_left = 3; /* XXX */
|
ainfo.tries_left = 3; /* XXX */
|
||||||
sc_format_path(TC_CARDOS_APP_DF, &ainfo.path);
|
sc_format_path(TC_CARDOS_APP_DF, &ainfo.path);
|
||||||
ainfo.path.index = 0;
|
ainfo.path.index = 0;
|
||||||
|
@ -189,20 +189,21 @@ static int insert_pin(
|
|||||||
sc_card_t *card=p15card->card;
|
sc_card_t *card=p15card->card;
|
||||||
sc_context_t *ctx=p15card->card->ctx;
|
sc_context_t *ctx=p15card->card->ctx;
|
||||||
sc_file_t *f;
|
sc_file_t *f;
|
||||||
struct sc_pkcs15_pin_info pin_info;
|
struct sc_pkcs15_auth_info pin_info;
|
||||||
struct sc_pkcs15_object pin_obj;
|
struct sc_pkcs15_object pin_obj;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
memset(&pin_info, 0, sizeof(pin_info));
|
memset(&pin_info, 0, sizeof(pin_info));
|
||||||
pin_info.auth_id.len = 1;
|
pin_info.auth_id.len = 1;
|
||||||
pin_info.auth_id.value[0] = id;
|
pin_info.auth_id.value[0] = id;
|
||||||
pin_info.reference = pin_reference;
|
pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
||||||
pin_info.flags = pin_flags;
|
pin_info.attrs.pin.reference = pin_reference;
|
||||||
pin_info.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC;
|
pin_info.attrs.pin.flags = pin_flags;
|
||||||
pin_info.min_length = min_length;
|
pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC;
|
||||||
pin_info.stored_length = 16;
|
pin_info.attrs.pin.min_length = min_length;
|
||||||
pin_info.max_length = 16;
|
pin_info.attrs.pin.stored_length = 16;
|
||||||
pin_info.pad_char = '\0';
|
pin_info.attrs.pin.max_length = 16;
|
||||||
|
pin_info.attrs.pin.pad_char = '\0';
|
||||||
sc_format_path(path, &pin_info.path);
|
sc_format_path(path, &pin_info.path);
|
||||||
|
|
||||||
memset(&pin_obj, 0, sizeof(pin_obj));
|
memset(&pin_obj, 0, sizeof(pin_obj));
|
||||||
|
@ -72,7 +72,7 @@ static int sc_pkcs15emu_westcos_init(sc_pkcs15_card_t * p15card)
|
|||||||
{
|
{
|
||||||
for (i = 0; i < 1; i++) {
|
for (i = 0; i < 1; i++) {
|
||||||
unsigned int flags;
|
unsigned int flags;
|
||||||
struct sc_pkcs15_pin_info pin_info;
|
struct sc_pkcs15_auth_info pin_info;
|
||||||
struct sc_pkcs15_object pin_obj;
|
struct sc_pkcs15_object pin_obj;
|
||||||
memset(&pin_info, 0, sizeof(pin_info));
|
memset(&pin_info, 0, sizeof(pin_info));
|
||||||
memset(&pin_obj, 0, sizeof(pin_obj));
|
memset(&pin_obj, 0, sizeof(pin_obj));
|
||||||
@ -82,15 +82,16 @@ static int sc_pkcs15emu_westcos_init(sc_pkcs15_card_t * p15card)
|
|||||||
SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED |
|
SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED |
|
||||||
SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN;
|
SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN;
|
||||||
}
|
}
|
||||||
|
pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
||||||
pin_info.auth_id.len = 1;
|
pin_info.auth_id.len = 1;
|
||||||
pin_info.auth_id.value[0] = i + 1;
|
pin_info.auth_id.value[0] = i + 1;
|
||||||
pin_info.reference = i;
|
pin_info.attrs.pin.reference = i;
|
||||||
pin_info.flags = flags;
|
pin_info.attrs.pin.flags = flags;
|
||||||
pin_info.type = SC_PKCS15_PIN_TYPE_BCD;
|
pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_BCD;
|
||||||
pin_info.min_length = 4;
|
pin_info.attrs.pin.min_length = 4;
|
||||||
pin_info.stored_length = 8;
|
pin_info.attrs.pin.stored_length = 8;
|
||||||
pin_info.max_length = 8;
|
pin_info.attrs.pin.max_length = 8;
|
||||||
pin_info.pad_char = 0xff;
|
pin_info.attrs.pin.pad_char = 0xff;
|
||||||
pin_info.path = path;
|
pin_info.path = path;
|
||||||
pin_info.tries_left = -1;
|
pin_info.tries_left = -1;
|
||||||
if (i == 1)
|
if (i == 1)
|
||||||
|
@ -1072,7 +1072,7 @@ static int compare_obj_id(struct sc_pkcs15_object *obj, const sc_pkcs15_id_t *id
|
|||||||
case SC_PKCS15_TYPE_PUBKEY_EC:
|
case SC_PKCS15_TYPE_PUBKEY_EC:
|
||||||
return sc_pkcs15_compare_id(&((struct sc_pkcs15_pubkey_info *) data)->id, id);
|
return sc_pkcs15_compare_id(&((struct sc_pkcs15_pubkey_info *) data)->id, id);
|
||||||
case SC_PKCS15_TYPE_AUTH_PIN:
|
case SC_PKCS15_TYPE_AUTH_PIN:
|
||||||
return sc_pkcs15_compare_id(&((struct sc_pkcs15_pin_info *) data)->auth_id, id);
|
return sc_pkcs15_compare_id(&((struct sc_pkcs15_auth_info *) data)->auth_id, id);
|
||||||
case SC_PKCS15_TYPE_DATA_OBJECT:
|
case SC_PKCS15_TYPE_DATA_OBJECT:
|
||||||
return sc_pkcs15_compare_id(&((struct sc_pkcs15_data_info *) data)->id, id);
|
return sc_pkcs15_compare_id(&((struct sc_pkcs15_data_info *) data)->id, id);
|
||||||
}
|
}
|
||||||
@ -1113,11 +1113,15 @@ static int compare_obj_usage(sc_pkcs15_object_t *obj, unsigned int mask, unsigne
|
|||||||
static int compare_obj_flags(sc_pkcs15_object_t *obj, unsigned int mask, unsigned int value)
|
static int compare_obj_flags(sc_pkcs15_object_t *obj, unsigned int mask, unsigned int value)
|
||||||
{
|
{
|
||||||
void *data = obj->data;
|
void *data = obj->data;
|
||||||
|
struct sc_pkcs15_auth_info *auth_info;
|
||||||
unsigned int flags;
|
unsigned int flags;
|
||||||
|
|
||||||
switch (obj->type) {
|
switch (obj->type) {
|
||||||
case SC_PKCS15_TYPE_AUTH_PIN:
|
case SC_PKCS15_TYPE_AUTH_PIN:
|
||||||
flags = ((struct sc_pkcs15_pin_info *) data)->flags;
|
auth_info = (struct sc_pkcs15_auth_info *) obj->data;
|
||||||
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return 0;
|
||||||
|
flags = auth_info->attrs.pin.flags;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
return 0;
|
return 0;
|
||||||
@ -1127,12 +1131,16 @@ static int compare_obj_flags(sc_pkcs15_object_t *obj, unsigned int mask, unsigne
|
|||||||
|
|
||||||
static int compare_obj_reference(sc_pkcs15_object_t *obj, int value)
|
static int compare_obj_reference(sc_pkcs15_object_t *obj, int value)
|
||||||
{
|
{
|
||||||
|
struct sc_pkcs15_auth_info *auth_info;
|
||||||
void *data = obj->data;
|
void *data = obj->data;
|
||||||
int reference;
|
int reference;
|
||||||
|
|
||||||
switch (obj->type) {
|
switch (obj->type) {
|
||||||
case SC_PKCS15_TYPE_AUTH_PIN:
|
case SC_PKCS15_TYPE_AUTH_PIN:
|
||||||
reference = ((struct sc_pkcs15_pin_info *) data)->reference;
|
auth_info = (struct sc_pkcs15_auth_info *) obj->data;
|
||||||
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return 0;
|
||||||
|
reference = auth_info->attrs.pin.reference;
|
||||||
break;
|
break;
|
||||||
case SC_PKCS15_TYPE_PRKEY_RSA:
|
case SC_PKCS15_TYPE_PRKEY_RSA:
|
||||||
case SC_PKCS15_TYPE_PRKEY_DSA:
|
case SC_PKCS15_TYPE_PRKEY_DSA:
|
||||||
@ -1164,7 +1172,7 @@ static int compare_obj_path(sc_pkcs15_object_t *obj, const sc_path_t *path)
|
|||||||
case SC_PKCS15_TYPE_PUBKEY_EC:
|
case SC_PKCS15_TYPE_PUBKEY_EC:
|
||||||
return sc_compare_path(&((struct sc_pkcs15_pubkey_info *) data)->path, path);
|
return sc_compare_path(&((struct sc_pkcs15_pubkey_info *) data)->path, path);
|
||||||
case SC_PKCS15_TYPE_AUTH_PIN:
|
case SC_PKCS15_TYPE_AUTH_PIN:
|
||||||
return sc_compare_path(&((struct sc_pkcs15_pin_info *) data)->path, path);
|
return sc_compare_path(&((struct sc_pkcs15_auth_info *) data)->path, path);
|
||||||
case SC_PKCS15_TYPE_DATA_OBJECT:
|
case SC_PKCS15_TYPE_DATA_OBJECT:
|
||||||
return sc_compare_path(&((struct sc_pkcs15_data_info *) data)->path, path);
|
return sc_compare_path(&((struct sc_pkcs15_data_info *) data)->path, path);
|
||||||
}
|
}
|
||||||
@ -1317,14 +1325,15 @@ int sc_pkcs15_find_pin_by_type_and_reference(struct sc_pkcs15_card *p15card,
|
|||||||
nn_objs = r;
|
nn_objs = r;
|
||||||
|
|
||||||
for (ii=0; ii<nn_objs; ii++) {
|
for (ii=0; ii<nn_objs; ii++) {
|
||||||
struct sc_pkcs15_pin_info *pin_info = (struct sc_pkcs15_pin_info *)auth_objs[ii]->data;
|
struct sc_pkcs15_auth_info *auth_info = (struct sc_pkcs15_auth_info *)auth_objs[ii]->data;
|
||||||
|
|
||||||
if (pin_info->auth_method != auth_method)
|
if (auth_info->auth_method != auth_method)
|
||||||
continue;
|
|
||||||
if (pin_info->reference != reference)
|
|
||||||
continue;
|
continue;
|
||||||
|
if (auth_info->auth_type == SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
if (auth_info->attrs.pin.reference != reference)
|
||||||
|
continue;
|
||||||
|
|
||||||
if (path && !sc_compare_path(&pin_info->path, path))
|
if (path && !sc_compare_path(&auth_info->path, path))
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
if (out)
|
if (out)
|
||||||
@ -1473,7 +1482,7 @@ void sc_pkcs15_free_object(struct sc_pkcs15_object *obj)
|
|||||||
sc_pkcs15_free_data_info((sc_pkcs15_data_info_t *)obj->data);
|
sc_pkcs15_free_data_info((sc_pkcs15_data_info_t *)obj->data);
|
||||||
break;
|
break;
|
||||||
case SC_PKCS15_TYPE_AUTH:
|
case SC_PKCS15_TYPE_AUTH:
|
||||||
sc_pkcs15_free_pin_info((sc_pkcs15_pin_info_t *)obj->data);
|
sc_pkcs15_free_auth_info((sc_pkcs15_auth_info_t *)obj->data);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
free(obj->data);
|
free(obj->data);
|
||||||
@ -2136,7 +2145,7 @@ sc_pkcs15_get_object_id(const struct sc_pkcs15_object *obj, struct sc_pkcs15_id
|
|||||||
*out = ((struct sc_pkcs15_pubkey_info *) obj->data)->id;
|
*out = ((struct sc_pkcs15_pubkey_info *) obj->data)->id;
|
||||||
break;
|
break;
|
||||||
case SC_PKCS15_TYPE_AUTH_PIN:
|
case SC_PKCS15_TYPE_AUTH_PIN:
|
||||||
*out = ((struct sc_pkcs15_pin_info *) obj->data)->auth_id;
|
*out = ((struct sc_pkcs15_auth_info *) obj->data)->auth_id;
|
||||||
break;
|
break;
|
||||||
case SC_PKCS15_TYPE_DATA_OBJECT:
|
case SC_PKCS15_TYPE_DATA_OBJECT:
|
||||||
*out = ((struct sc_pkcs15_data_info *) obj->data)->id;
|
*out = ((struct sc_pkcs15_data_info *) obj->data)->id;
|
||||||
|
@ -73,20 +73,31 @@ typedef struct sc_pkcs15_id sc_pkcs15_id_t;
|
|||||||
#define SC_PKCS15_PIN_AUTH_TYPE_AUTH_KEY 1
|
#define SC_PKCS15_PIN_AUTH_TYPE_AUTH_KEY 1
|
||||||
#define SC_PKCS15_PIN_AUTH_TYPE_SM_KEY 2
|
#define SC_PKCS15_PIN_AUTH_TYPE_SM_KEY 2
|
||||||
|
|
||||||
struct sc_pkcs15_pin_info {
|
struct sc_pkcs15_pin_attributes {
|
||||||
struct sc_pkcs15_id auth_id;
|
unsigned int flags, type;
|
||||||
int reference;
|
size_t min_length, stored_length, max_length;
|
||||||
unsigned int flags, type;
|
int reference;
|
||||||
unsigned int auth_method;
|
u8 pad_char;
|
||||||
size_t min_length, stored_length, max_length;
|
};
|
||||||
u8 pad_char;
|
struct sc_pkcs15_authkey_attributes {
|
||||||
struct sc_path path;
|
int derived;
|
||||||
int tries_left;
|
struct sc_pkcs15_id skey_id;
|
||||||
int max_tries;
|
};
|
||||||
|
struct sc_pkcs15_biometric_attributes {
|
||||||
unsigned int magic;
|
};
|
||||||
};
|
struct sc_pkcs15_auth_info {
|
||||||
typedef struct sc_pkcs15_pin_info sc_pkcs15_pin_info_t;
|
struct sc_pkcs15_id auth_id;
|
||||||
|
struct sc_path path;
|
||||||
|
unsigned auth_type;
|
||||||
|
union {
|
||||||
|
struct sc_pkcs15_pin_attributes pin;
|
||||||
|
struct sc_pkcs15_biometric_attributes bio;
|
||||||
|
struct sc_pkcs15_authkey_attributes authkey;
|
||||||
|
} attrs;
|
||||||
|
unsigned int auth_method;
|
||||||
|
int tries_left, max_tries;
|
||||||
|
};
|
||||||
|
typedef struct sc_pkcs15_auth_info sc_pkcs15_auth_info_t;
|
||||||
|
|
||||||
#define SC_PKCS15_ALGO_OP_COMPUTE_CHECKSUM 0x01
|
#define SC_PKCS15_ALGO_OP_COMPUTE_CHECKSUM 0x01
|
||||||
#define SC_PKCS15_ALGO_OP_COMPUTE_SIGNATURE 0x02
|
#define SC_PKCS15_ALGO_OP_COMPUTE_SIGNATURE 0x02
|
||||||
@ -752,7 +763,7 @@ void sc_pkcs15_free_prkey_info(sc_pkcs15_prkey_info_t *key);
|
|||||||
void sc_pkcs15_free_pubkey_info(sc_pkcs15_pubkey_info_t *key);
|
void sc_pkcs15_free_pubkey_info(sc_pkcs15_pubkey_info_t *key);
|
||||||
void sc_pkcs15_free_cert_info(sc_pkcs15_cert_info_t *cert);
|
void sc_pkcs15_free_cert_info(sc_pkcs15_cert_info_t *cert);
|
||||||
void sc_pkcs15_free_data_info(sc_pkcs15_data_info_t *data);
|
void sc_pkcs15_free_data_info(sc_pkcs15_data_info_t *data);
|
||||||
void sc_pkcs15_free_pin_info(sc_pkcs15_pin_info_t *pin);
|
void sc_pkcs15_free_auth_info(sc_pkcs15_auth_info_t *auth_info);
|
||||||
void sc_pkcs15_free_object(sc_pkcs15_object_t *obj);
|
void sc_pkcs15_free_object(sc_pkcs15_object_t *obj);
|
||||||
|
|
||||||
/* Generic file i/o */
|
/* Generic file i/o */
|
||||||
@ -834,7 +845,7 @@ int sc_pkcs15emu_object_add(sc_pkcs15_card_t *, unsigned int,
|
|||||||
const sc_pkcs15_object_t *, const void *);
|
const sc_pkcs15_object_t *, const void *);
|
||||||
/* some wrapper functions for sc_pkcs15emu_object_add */
|
/* some wrapper functions for sc_pkcs15emu_object_add */
|
||||||
int sc_pkcs15emu_add_pin_obj(sc_pkcs15_card_t *,
|
int sc_pkcs15emu_add_pin_obj(sc_pkcs15_card_t *,
|
||||||
const sc_pkcs15_object_t *, const sc_pkcs15_pin_info_t *);
|
const sc_pkcs15_object_t *, const sc_pkcs15_auth_info_t *);
|
||||||
int sc_pkcs15emu_add_rsa_prkey(sc_pkcs15_card_t *,
|
int sc_pkcs15emu_add_rsa_prkey(sc_pkcs15_card_t *,
|
||||||
const sc_pkcs15_object_t *, const sc_pkcs15_prkey_info_t *);
|
const sc_pkcs15_object_t *, const sc_pkcs15_prkey_info_t *);
|
||||||
int sc_pkcs15emu_add_rsa_pubkey(sc_pkcs15_card_t *,
|
int sc_pkcs15emu_add_rsa_pubkey(sc_pkcs15_card_t *,
|
||||||
|
@ -36,8 +36,8 @@ struct pkcs15_slot_data {
|
|||||||
};
|
};
|
||||||
#define slot_data(p) ((struct pkcs15_slot_data *) (p))
|
#define slot_data(p) ((struct pkcs15_slot_data *) (p))
|
||||||
#define slot_data_auth(p) (((p) && slot_data(p)) ? slot_data(p)->auth_obj : NULL)
|
#define slot_data_auth(p) (((p) && slot_data(p)) ? slot_data(p)->auth_obj : NULL)
|
||||||
#define slot_data_pin_info(p) (((p) && slot_data_auth(p))? \
|
#define slot_data_auth_info(p) (((p) && slot_data_auth(p))? \
|
||||||
(struct sc_pkcs15_pin_info *) slot_data_auth(p)->data : NULL)
|
(struct sc_pkcs15_auth_info *) slot_data_auth(p)->data : NULL)
|
||||||
|
|
||||||
#define check_attribute_buffer(attr,size) \
|
#define check_attribute_buffer(attr,size) \
|
||||||
if (attr->pValue == NULL_PTR) { \
|
if (attr->pValue == NULL_PTR) { \
|
||||||
@ -317,7 +317,7 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
|
|||||||
{
|
{
|
||||||
struct sc_pkcs11_slot *slot;
|
struct sc_pkcs11_slot *slot;
|
||||||
struct sc_pkcs15_object *auth;
|
struct sc_pkcs15_object *auth;
|
||||||
struct sc_pkcs15_pin_info *pin_info;
|
struct sc_pkcs15_auth_info *pin_info;
|
||||||
struct sc_pin_cmd_data data;
|
struct sc_pin_cmd_data data;
|
||||||
int r;
|
int r;
|
||||||
CK_RV rv;
|
CK_RV rv;
|
||||||
@ -339,13 +339,18 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
|
|||||||
slot->token_info.flags &= ~(CKF_USER_PIN_COUNT_LOW|CKF_USER_PIN_FINAL_TRY|CKF_USER_PIN_LOCKED);
|
slot->token_info.flags &= ~(CKF_USER_PIN_COUNT_LOW|CKF_USER_PIN_FINAL_TRY|CKF_USER_PIN_LOCKED);
|
||||||
auth = slot_data_auth(slot->fw_data);
|
auth = slot_data_auth(slot->fw_data);
|
||||||
if (auth) {
|
if (auth) {
|
||||||
pin_info = (struct sc_pkcs15_pin_info*) auth->data;
|
pin_info = (struct sc_pkcs15_auth_info*) auth->data;
|
||||||
|
|
||||||
|
if (pin_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN) {
|
||||||
|
rv = CKR_FUNCTION_REJECTED;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
/* Try to update PIN info from card */
|
/* Try to update PIN info from card */
|
||||||
memset(&data, 0, sizeof(data));
|
memset(&data, 0, sizeof(data));
|
||||||
data.cmd = SC_PIN_CMD_GET_INFO;
|
data.cmd = SC_PIN_CMD_GET_INFO;
|
||||||
data.pin_type = SC_AC_CHV;
|
data.pin_type = SC_AC_CHV;
|
||||||
data.pin_reference = pin_info->reference;
|
data.pin_reference = pin_info->attrs.pin.reference;
|
||||||
|
|
||||||
r = sc_pin_cmd(slot->card->card, &data, NULL);
|
r = sc_pin_cmd(slot->card->card, &data, NULL);
|
||||||
if (r == SC_SUCCESS) {
|
if (r == SC_SUCCESS) {
|
||||||
@ -791,7 +796,7 @@ static void pkcs15_init_slot(struct sc_pkcs15_card *p15card,
|
|||||||
struct sc_pkcs15_object *auth)
|
struct sc_pkcs15_object *auth)
|
||||||
{
|
{
|
||||||
struct pkcs15_slot_data *fw_data;
|
struct pkcs15_slot_data *fw_data;
|
||||||
struct sc_pkcs15_pin_info *pin_info = NULL;
|
struct sc_pkcs15_auth_info *pin_info = NULL;
|
||||||
char tmp[64];
|
char tmp[64];
|
||||||
|
|
||||||
pkcs15_init_token_info(p15card, &slot->token_info);
|
pkcs15_init_token_info(p15card, &slot->token_info);
|
||||||
@ -809,22 +814,25 @@ static void pkcs15_init_slot(struct sc_pkcs15_card *p15card,
|
|||||||
fw_data->auth_obj = auth;
|
fw_data->auth_obj = auth;
|
||||||
|
|
||||||
if (auth != NULL) {
|
if (auth != NULL) {
|
||||||
pin_info = (struct sc_pkcs15_pin_info*) auth->data;
|
pin_info = (struct sc_pkcs15_auth_info*) auth->data;
|
||||||
|
|
||||||
if (auth->label[0]) {
|
if (pin_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN) {
|
||||||
snprintf(tmp, sizeof(tmp), "%s (%s)",
|
pin_info = NULL;
|
||||||
p15card->tokeninfo->label, auth->label);
|
}
|
||||||
} else {
|
else {
|
||||||
snprintf(tmp, sizeof(tmp), "%s", p15card->tokeninfo->label);
|
if (auth->label[0])
|
||||||
|
snprintf(tmp, sizeof(tmp), "%s (%s)", p15card->tokeninfo->label, auth->label);
|
||||||
|
else
|
||||||
|
snprintf(tmp, sizeof(tmp), "%s", p15card->tokeninfo->label);
|
||||||
|
slot->token_info.flags |= CKF_LOGIN_REQUIRED;
|
||||||
}
|
}
|
||||||
slot->token_info.flags |= CKF_LOGIN_REQUIRED;
|
|
||||||
} else
|
} else
|
||||||
snprintf(tmp, sizeof(tmp), "%s", p15card->tokeninfo->label);
|
snprintf(tmp, sizeof(tmp), "%s", p15card->tokeninfo->label);
|
||||||
strcpy_bp(slot->token_info.label, tmp, 32);
|
strcpy_bp(slot->token_info.label, tmp, 32);
|
||||||
|
|
||||||
if (pin_info && pin_info->magic == SC_PKCS15_PIN_MAGIC) {
|
if (pin_info) {
|
||||||
slot->token_info.ulMaxPinLen = pin_info->max_length;
|
slot->token_info.ulMaxPinLen = pin_info->attrs.pin.max_length;
|
||||||
slot->token_info.ulMinPinLen = pin_info->min_length;
|
slot->token_info.ulMinPinLen = pin_info->attrs.pin.min_length;
|
||||||
} else {
|
} else {
|
||||||
/* choose reasonable defaults */
|
/* choose reasonable defaults */
|
||||||
slot->token_info.ulMaxPinLen = 8;
|
slot->token_info.ulMaxPinLen = 8;
|
||||||
@ -941,21 +949,25 @@ static CK_RV pkcs15_create_tokens(struct sc_pkcs11_card *p11card)
|
|||||||
auth_count = 1;
|
auth_count = 1;
|
||||||
|
|
||||||
for (i = 0; i < auth_count; i++) {
|
for (i = 0; i < auth_count; i++) {
|
||||||
struct sc_pkcs15_pin_info *pin_info = NULL;
|
struct sc_pkcs15_auth_info *pin_info = NULL;
|
||||||
|
|
||||||
pin_info = (struct sc_pkcs15_pin_info*) auths[i]->data;
|
pin_info = (struct sc_pkcs15_auth_info*) auths[i]->data;
|
||||||
|
|
||||||
|
/* Ignore all but PIN authentication objects */
|
||||||
|
if (pin_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
continue;
|
||||||
|
|
||||||
/* Ignore any non-authentication PINs */
|
/* Ignore any non-authentication PINs */
|
||||||
if ((pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) != 0)
|
if ((pin_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN) != 0)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
/* Ignore unblocking pins for hacked module */
|
/* Ignore unblocking pins for hacked module */
|
||||||
if (hack_enabled && (pin_info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN) != 0)
|
if (hack_enabled && (pin_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN) != 0)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
/* Ignore unblocking pins */
|
/* Ignore unblocking pins */
|
||||||
if (!sc_pkcs11_conf.create_puk_slot)
|
if (!sc_pkcs11_conf.create_puk_slot)
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)
|
if (pin_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
found_auth_count++;
|
found_auth_count++;
|
||||||
@ -1052,7 +1064,7 @@ static CK_RV pkcs15_login(struct sc_pkcs11_slot *slot,
|
|||||||
struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *) p11card->fw_data;
|
struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *) p11card->fw_data;
|
||||||
struct sc_pkcs15_card *p15card = fw_data->p15_card;
|
struct sc_pkcs15_card *p15card = fw_data->p15_card;
|
||||||
struct sc_pkcs15_object *auth_object;
|
struct sc_pkcs15_object *auth_object;
|
||||||
struct sc_pkcs15_pin_info *pin_info;
|
struct sc_pkcs15_auth_info *pin_info;
|
||||||
|
|
||||||
switch (userType) {
|
switch (userType) {
|
||||||
case CKU_USER:
|
case CKU_USER:
|
||||||
@ -1125,7 +1137,9 @@ static CK_RV pkcs15_login(struct sc_pkcs11_slot *slot,
|
|||||||
default:
|
default:
|
||||||
return CKR_USER_TYPE_INVALID;
|
return CKR_USER_TYPE_INVALID;
|
||||||
}
|
}
|
||||||
pin_info = (struct sc_pkcs15_pin_info *) auth_object->data;
|
pin_info = (struct sc_pkcs15_auth_info *) auth_object->data;
|
||||||
|
if (pin_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return CKR_FUNCTION_REJECTED;
|
||||||
|
|
||||||
if (p11card->card->reader->capabilities & SC_READER_CAP_PIN_PAD) {
|
if (p11card->card->reader->capabilities & SC_READER_CAP_PIN_PAD) {
|
||||||
/* pPin should be NULL in case of a pin pad reader, but
|
/* pPin should be NULL in case of a pin pad reader, but
|
||||||
@ -1146,8 +1160,8 @@ static CK_RV pkcs15_login(struct sc_pkcs11_slot *slot,
|
|||||||
* If PIN is out of range,
|
* If PIN is out of range,
|
||||||
* it cannot be correct.
|
* it cannot be correct.
|
||||||
*/
|
*/
|
||||||
if (ulPinLen < pin_info->min_length ||
|
if (ulPinLen < pin_info->attrs.pin.min_length ||
|
||||||
ulPinLen > pin_info->max_length)
|
ulPinLen > pin_info->attrs.pin.max_length)
|
||||||
return CKR_PIN_INCORRECT;
|
return CKR_PIN_INCORRECT;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1259,17 +1273,17 @@ static CK_RV pkcs15_change_pin(struct sc_pkcs11_card *p11card,
|
|||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *) p11card->fw_data;
|
struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *) p11card->fw_data;
|
||||||
struct sc_pkcs15_pin_info *pin_info;
|
struct sc_pkcs15_auth_info *auth_info;
|
||||||
struct sc_pkcs15_object *pin_obj;
|
struct sc_pkcs15_object *pin_obj;
|
||||||
|
|
||||||
if (!(pin_obj = slot_data_auth(fw_token)))
|
if (!(pin_obj = slot_data_auth(fw_token)))
|
||||||
return CKR_USER_PIN_NOT_INITIALIZED;
|
return CKR_USER_PIN_NOT_INITIALIZED;
|
||||||
|
|
||||||
if (!(pin_info = slot_data_pin_info(fw_token)))
|
if (!(auth_info = slot_data_auth_info(fw_token)))
|
||||||
return CKR_USER_PIN_NOT_INITIALIZED;
|
return CKR_USER_PIN_NOT_INITIALIZED;
|
||||||
|
|
||||||
sc_debug(context, SC_LOG_DEBUG_NORMAL, "Change '%s', reference %i; login type %i",
|
sc_debug(context, SC_LOG_DEBUG_NORMAL, "Change '%s', reference %i; login type %i",
|
||||||
pin_obj->label, pin_info->reference, login_user);
|
pin_obj->label, auth_info->attrs.pin.reference, login_user);
|
||||||
if (p11card->card->reader->capabilities & SC_READER_CAP_PIN_PAD) {
|
if (p11card->card->reader->capabilities & SC_READER_CAP_PIN_PAD) {
|
||||||
/* pPin should be NULL in case of a pin pad reader, but
|
/* pPin should be NULL in case of a pin pad reader, but
|
||||||
* some apps (e.g. older Netscapes) don't know about it.
|
* some apps (e.g. older Netscapes) don't know about it.
|
||||||
@ -1280,7 +1294,7 @@ static CK_RV pkcs15_change_pin(struct sc_pkcs11_card *p11card,
|
|||||||
pOldPin = pNewPin = NULL;
|
pOldPin = pNewPin = NULL;
|
||||||
ulOldLen = ulNewLen = 0;
|
ulOldLen = ulNewLen = 0;
|
||||||
}
|
}
|
||||||
else if (ulNewLen < pin_info->min_length || ulNewLen > pin_info->max_length) {
|
else if (ulNewLen < auth_info->attrs.pin.min_length || ulNewLen > auth_info->attrs.pin.max_length) {
|
||||||
return CKR_PIN_LEN_RANGE;
|
return CKR_PIN_LEN_RANGE;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1310,8 +1324,8 @@ static CK_RV pkcs15_change_pin(struct sc_pkcs11_card *p11card,
|
|||||||
return sc_to_cryptoki_error(rc, "C_SetPIN");
|
return sc_to_cryptoki_error(rc, "C_SetPIN");
|
||||||
auth_count = rc;
|
auth_count = rc;
|
||||||
for (i = 0; i < auth_count; i++) {
|
for (i = 0; i < auth_count; i++) {
|
||||||
pin_info = (struct sc_pkcs15_pin_info*) auths[i]->data;
|
auth_info = (struct sc_pkcs15_auth_info*) auths[i]->data;
|
||||||
if ((pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN))
|
if ((auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN))
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if (i == auth_count) {
|
if (i == auth_count) {
|
||||||
@ -1339,14 +1353,14 @@ static CK_RV pkcs15_init_pin(struct sc_pkcs11_card *p11card,
|
|||||||
struct sc_pkcs15init_pinargs args;
|
struct sc_pkcs15init_pinargs args;
|
||||||
struct sc_profile *profile;
|
struct sc_profile *profile;
|
||||||
struct sc_pkcs15_object *auth_obj;
|
struct sc_pkcs15_object *auth_obj;
|
||||||
struct sc_pkcs15_pin_info *pin_info;
|
struct sc_pkcs15_auth_info *auth_info;
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
sc_debug(context, SC_LOG_DEBUG_NORMAL, "pkcs15 init PIN: pin %p:%d; unblock style %i",
|
sc_debug(context, SC_LOG_DEBUG_NORMAL, "pkcs15 init PIN: pin %p:%d; unblock style %i",
|
||||||
pPin, ulPinLen, sc_pkcs11_conf.pin_unblock_style);
|
pPin, ulPinLen, sc_pkcs11_conf.pin_unblock_style);
|
||||||
|
|
||||||
pin_info = slot_data_pin_info(slot->fw_data);
|
auth_info = slot_data_auth_info(slot->fw_data);
|
||||||
if (pin_info && sc_pkcs11_conf.pin_unblock_style == SC_PKCS11_PIN_UNBLOCK_SO_LOGGED_INITPIN) {
|
if (auth_info && sc_pkcs11_conf.pin_unblock_style == SC_PKCS11_PIN_UNBLOCK_SO_LOGGED_INITPIN) {
|
||||||
/* C_InitPIN is used to unblock User PIN or set it in the SO session .*/
|
/* C_InitPIN is used to unblock User PIN or set it in the SO session .*/
|
||||||
auth_obj = slot_data_auth(slot->fw_data);
|
auth_obj = slot_data_auth(slot->fw_data);
|
||||||
if (fw_data->user_puk_len) {
|
if (fw_data->user_puk_len) {
|
||||||
@ -1357,7 +1371,7 @@ static CK_RV pkcs15_init_pin(struct sc_pkcs11_card *p11card,
|
|||||||
/* FIXME (VT): Actually sc_pkcs15_unblock_pin() do not accepts zero length PUK.
|
/* FIXME (VT): Actually sc_pkcs15_unblock_pin() do not accepts zero length PUK.
|
||||||
* Something like sc_pkcs15_set_pin() should be introduced.
|
* Something like sc_pkcs15_set_pin() should be introduced.
|
||||||
* For a while, use the 'libopensc' API to set PIN. */
|
* For a while, use the 'libopensc' API to set PIN. */
|
||||||
rc = sc_reset_retry_counter(fw_data->p15_card->card, SC_AC_CHV, pin_info->reference,
|
rc = sc_reset_retry_counter(fw_data->p15_card->card, SC_AC_CHV, auth_info->attrs.pin.reference,
|
||||||
NULL, 0, pPin, ulPinLen);
|
NULL, 0, pPin, ulPinLen);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1393,7 +1407,7 @@ static CK_RV pkcs15_init_pin(struct sc_pkcs11_card *p11card,
|
|||||||
free(slot->fw_data);
|
free(slot->fw_data);
|
||||||
pkcs15_init_slot(fw_data->p15_card, slot, auth_obj);
|
pkcs15_init_slot(fw_data->p15_card, slot, auth_obj);
|
||||||
|
|
||||||
pin_info = (sc_pkcs15_pin_info_t *) auth_obj->data;
|
auth_info = (sc_pkcs15_auth_info_t *) auth_obj->data;
|
||||||
return CKR_OK;
|
return CKR_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1407,7 +1421,7 @@ static CK_RV pkcs15_create_private_key(struct sc_pkcs11_card *p11card,
|
|||||||
struct sc_pkcs15init_prkeyargs args;
|
struct sc_pkcs15init_prkeyargs args;
|
||||||
struct pkcs15_any_object *key_any_obj;
|
struct pkcs15_any_object *key_any_obj;
|
||||||
struct sc_pkcs15_object *key_obj;
|
struct sc_pkcs15_object *key_obj;
|
||||||
struct sc_pkcs15_pin_info *pin;
|
struct sc_pkcs15_auth_info *pin;
|
||||||
CK_KEY_TYPE key_type;
|
CK_KEY_TYPE key_type;
|
||||||
struct sc_pkcs15_prkey_rsa *rsa;
|
struct sc_pkcs15_prkey_rsa *rsa;
|
||||||
struct sc_pkcs15_prkey_ec *ec;
|
struct sc_pkcs15_prkey_ec *ec;
|
||||||
@ -1419,7 +1433,7 @@ static CK_RV pkcs15_create_private_key(struct sc_pkcs11_card *p11card,
|
|||||||
|
|
||||||
/* See if the "slot" is pin protected. If so, get the
|
/* See if the "slot" is pin protected. If so, get the
|
||||||
* PIN id */
|
* PIN id */
|
||||||
if ((pin = slot_data_pin_info(slot->fw_data)) != NULL)
|
if ((pin = slot_data_auth_info(slot->fw_data)) != NULL)
|
||||||
args.auth_id = pin->auth_id;
|
args.auth_id = pin->auth_id;
|
||||||
|
|
||||||
/* Get the key type */
|
/* Get the key type */
|
||||||
@ -1539,7 +1553,7 @@ static CK_RV pkcs15_create_public_key(struct sc_pkcs11_card *p11card,
|
|||||||
struct sc_pkcs15init_pubkeyargs args;
|
struct sc_pkcs15init_pubkeyargs args;
|
||||||
struct pkcs15_any_object *key_any_obj;
|
struct pkcs15_any_object *key_any_obj;
|
||||||
struct sc_pkcs15_object *key_obj;
|
struct sc_pkcs15_object *key_obj;
|
||||||
struct sc_pkcs15_pin_info *pin;
|
struct sc_pkcs15_auth_info *pin;
|
||||||
CK_KEY_TYPE key_type;
|
CK_KEY_TYPE key_type;
|
||||||
struct sc_pkcs15_pubkey_rsa *rsa;
|
struct sc_pkcs15_pubkey_rsa *rsa;
|
||||||
int rc, rv;
|
int rc, rv;
|
||||||
@ -1549,7 +1563,7 @@ static CK_RV pkcs15_create_public_key(struct sc_pkcs11_card *p11card,
|
|||||||
|
|
||||||
/* See if the "slot" is pin protected. If so, get the
|
/* See if the "slot" is pin protected. If so, get the
|
||||||
* PIN id */
|
* PIN id */
|
||||||
if ((pin = slot_data_pin_info(slot->fw_data)) != NULL)
|
if ((pin = slot_data_auth_info(slot->fw_data)) != NULL)
|
||||||
args.auth_id = pin->auth_id;
|
args.auth_id = pin->auth_id;
|
||||||
|
|
||||||
/* Get the key type */
|
/* Get the key type */
|
||||||
@ -1714,7 +1728,7 @@ static CK_RV pkcs15_create_data(struct sc_pkcs11_card *p11card,
|
|||||||
struct sc_pkcs15init_dataargs args;
|
struct sc_pkcs15init_dataargs args;
|
||||||
struct pkcs15_any_object *data_any_obj;
|
struct pkcs15_any_object *data_any_obj;
|
||||||
struct sc_pkcs15_object *data_obj;
|
struct sc_pkcs15_object *data_obj;
|
||||||
struct sc_pkcs15_pin_info *pin;
|
struct sc_pkcs15_auth_info *pin;
|
||||||
CK_BBOOL bValue;
|
CK_BBOOL bValue;
|
||||||
int rc, rv;
|
int rc, rv;
|
||||||
char label[SC_PKCS15_MAX_LABEL_SIZE];
|
char label[SC_PKCS15_MAX_LABEL_SIZE];
|
||||||
@ -1733,7 +1747,7 @@ static CK_RV pkcs15_create_data(struct sc_pkcs11_card *p11card,
|
|||||||
case CKA_PRIVATE:
|
case CKA_PRIVATE:
|
||||||
rv = attr_extract(attr, &bValue, NULL);
|
rv = attr_extract(attr, &bValue, NULL);
|
||||||
if (bValue) {
|
if (bValue) {
|
||||||
pin = slot_data_pin_info(slot->fw_data);
|
pin = slot_data_auth_info(slot->fw_data);
|
||||||
if (pin == NULL) {
|
if (pin == NULL) {
|
||||||
rv = CKR_TEMPLATE_INCOMPLETE;
|
rv = CKR_TEMPLATE_INCOMPLETE;
|
||||||
goto out;
|
goto out;
|
||||||
@ -1935,7 +1949,7 @@ static CK_RV pkcs15_gen_keypair(struct sc_pkcs11_card *p11card,
|
|||||||
CK_OBJECT_HANDLE_PTR phPubKey, CK_OBJECT_HANDLE_PTR phPrivKey) /* gets priv. key handle */
|
CK_OBJECT_HANDLE_PTR phPubKey, CK_OBJECT_HANDLE_PTR phPrivKey) /* gets priv. key handle */
|
||||||
{
|
{
|
||||||
struct sc_profile *profile = NULL;
|
struct sc_profile *profile = NULL;
|
||||||
struct sc_pkcs15_pin_info *pin;
|
struct sc_pkcs15_auth_info *pin;
|
||||||
struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *) p11card->fw_data;
|
struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *) p11card->fw_data;
|
||||||
struct sc_pkcs15init_keygen_args keygen_args;
|
struct sc_pkcs15init_keygen_args keygen_args;
|
||||||
struct sc_pkcs15init_pubkeyargs pub_args;
|
struct sc_pkcs15init_pubkeyargs pub_args;
|
||||||
@ -1973,7 +1987,7 @@ static CK_RV pkcs15_gen_keypair(struct sc_pkcs11_card *p11card,
|
|||||||
|
|
||||||
/* 1. Convert the pkcs11 attributes to pkcs15init args */
|
/* 1. Convert the pkcs11 attributes to pkcs15init args */
|
||||||
|
|
||||||
if ((pin = slot_data_pin_info(slot->fw_data)) != NULL)
|
if ((pin = slot_data_auth_info(slot->fw_data)) != NULL)
|
||||||
keygen_args.prkey_args.auth_id = pub_args.auth_id = pin->auth_id;
|
keygen_args.prkey_args.auth_id = pub_args.auth_id = pin->auth_id;
|
||||||
|
|
||||||
rv = attr_find2(pPubTpl, ulPubCnt, pPrivTpl, ulPrivCnt, CKA_KEY_TYPE,
|
rv = attr_find2(pPubTpl, ulPubCnt, pPrivTpl, ulPrivCnt, CKA_KEY_TYPE,
|
||||||
|
@ -168,17 +168,17 @@ static int asepcos_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||||||
* determine the next best file id of the PIN file.
|
* determine the next best file id of the PIN file.
|
||||||
*/
|
*/
|
||||||
static int asepcos_select_pin_reference(sc_profile_t *profile,
|
static int asepcos_select_pin_reference(sc_profile_t *profile,
|
||||||
sc_pkcs15_card_t *p15card, sc_pkcs15_pin_info_t *pinfo)
|
sc_pkcs15_card_t *p15card, sc_pkcs15_auth_info_t *auth_info)
|
||||||
{
|
{
|
||||||
if (pinfo->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
||||||
return SC_SUCCESS;
|
return SC_SUCCESS;
|
||||||
if (pinfo->reference <= 0)
|
if (auth_info->attrs.pin.reference <= 0)
|
||||||
pinfo->reference = 1;
|
auth_info->attrs.pin.reference = 1;
|
||||||
/* as we want to use <fileid of PIN> + 1 for the PUK we need to
|
/* as we want to use <fileid of PIN> + 1 for the PUK we need to
|
||||||
* ensure that all references are odd => if the reference is
|
* ensure that all references are odd => if the reference is
|
||||||
* even add one */
|
* even add one */
|
||||||
if ((pinfo->reference & 1) == 0)
|
if ((auth_info->attrs.pin.reference & 1) == 0)
|
||||||
pinfo->reference++;
|
auth_info->attrs.pin.reference++;
|
||||||
return SC_SUCCESS;
|
return SC_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -216,13 +216,16 @@ static int asepcos_pinid_to_akn(sc_card_t *card, int fileid, int *akn)
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int asepcos_do_store_pin(sc_profile_t *profile, sc_card_t *card,
|
static int asepcos_do_store_pin(sc_profile_t *profile, sc_card_t *card,
|
||||||
sc_pkcs15_pin_info_t *pinfo, const u8* pin, size_t pinlen,
|
sc_pkcs15_auth_info_t *auth_info, const u8* pin, size_t pinlen,
|
||||||
int puk, int pinid)
|
int puk, int pinid)
|
||||||
{
|
{
|
||||||
sc_file_t *nfile = NULL;
|
sc_file_t *nfile = NULL;
|
||||||
u8 buf[64], sbuf[64], *p = buf, *q = sbuf;
|
u8 buf[64], sbuf[64], *p = buf, *q = sbuf;
|
||||||
int r, akn;
|
int r, akn;
|
||||||
|
|
||||||
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_OBJECT_NOT_VALID;
|
||||||
|
|
||||||
/* outter tag */
|
/* outter tag */
|
||||||
*p++ = 0x85;
|
*p++ = 0x85;
|
||||||
p++;
|
p++;
|
||||||
@ -237,7 +240,7 @@ static int asepcos_do_store_pin(sc_profile_t *profile, sc_card_t *card,
|
|||||||
*p++ = 0x00;
|
*p++ = 0x00;
|
||||||
*p++ = pinlen & 0xff;
|
*p++ = pinlen & 0xff;
|
||||||
/* max tries */
|
/* max tries */
|
||||||
*p++ = pinfo->tries_left & 0xff;
|
*p++ = auth_info->tries_left & 0xff;
|
||||||
/* algorithm id and key key usage and padding bytes */
|
/* algorithm id and key key usage and padding bytes */
|
||||||
*p++ = 0x00;
|
*p++ = 0x00;
|
||||||
*p++ = 0x00;
|
*p++ = 0x00;
|
||||||
@ -305,11 +308,11 @@ static int asepcos_do_store_pin(sc_profile_t *profile, sc_card_t *card,
|
|||||||
if (r != SC_SUCCESS)
|
if (r != SC_SUCCESS)
|
||||||
return r;
|
return r;
|
||||||
/* use the AKN as reference */
|
/* use the AKN as reference */
|
||||||
pinfo->reference = akn;
|
auth_info->attrs.pin.reference = akn;
|
||||||
/* set the correct PIN length */
|
/* set the correct PIN length */
|
||||||
pinfo->min_length = 4;
|
auth_info->attrs.pin.min_length = 4;
|
||||||
pinfo->stored_length = pinlen;
|
auth_info->attrs.pin.stored_length = pinlen;
|
||||||
pinfo->max_length = 16;
|
auth_info->attrs.pin.max_length = 16;
|
||||||
|
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
@ -319,9 +322,11 @@ static int asepcos_do_store_pin(sc_profile_t *profile, sc_card_t *card,
|
|||||||
*/
|
*/
|
||||||
static int have_onepin(sc_profile_t *profile)
|
static int have_onepin(sc_profile_t *profile)
|
||||||
{
|
{
|
||||||
sc_pkcs15_pin_info_t sopin;
|
sc_pkcs15_auth_info_t sopin;
|
||||||
|
|
||||||
sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PIN, &sopin);
|
sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PIN, &sopin);
|
||||||
if (!(sopin.flags & SC_PKCS15_PIN_FLAG_SO_PIN))
|
|
||||||
|
if (!(sopin.attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN))
|
||||||
return 1;
|
return 1;
|
||||||
else
|
else
|
||||||
return 0;
|
return 0;
|
||||||
@ -342,7 +347,7 @@ static int asepcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||||||
sc_file_t *df, sc_pkcs15_object_t *pin_obj,
|
sc_file_t *df, sc_pkcs15_object_t *pin_obj,
|
||||||
const u8 *pin, size_t pin_len, const u8 *puk, size_t puk_len)
|
const u8 *pin, size_t pin_len, const u8 *puk, size_t puk_len)
|
||||||
{
|
{
|
||||||
sc_pkcs15_pin_info_t *pinfo = (sc_pkcs15_pin_info_t *) pin_obj->data;
|
sc_pkcs15_auth_info_t *auth_info = (sc_pkcs15_auth_info_t *) pin_obj->data;
|
||||||
struct sc_card *card = p15card->card;
|
struct sc_card *card = p15card->card;
|
||||||
int r, pid, puk_id;
|
int r, pid, puk_id;
|
||||||
sc_path_t tpath = df->path;
|
sc_path_t tpath = df->path;
|
||||||
@ -353,7 +358,10 @@ static int asepcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||||||
if (!pin || !pin_len)
|
if (!pin || !pin_len)
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
|
|
||||||
pid = (pinfo->reference & 0xff) | (((tpath.len >> 1) - 1) << 16);
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_OBJECT_NOT_VALID;
|
||||||
|
|
||||||
|
pid = (auth_info->attrs.pin.reference & 0xff) | (((tpath.len >> 1) - 1) << 16);
|
||||||
|
|
||||||
/* get the ACL of the application DF */
|
/* get the ACL of the application DF */
|
||||||
r = sc_select_file(card, &df->path, &tfile);
|
r = sc_select_file(card, &df->path, &tfile);
|
||||||
@ -389,29 +397,29 @@ static int asepcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||||||
/* Create PUK (if specified). Note: we need to create the PUK
|
/* Create PUK (if specified). Note: we need to create the PUK
|
||||||
* the PIN as the PUK fileid is used in the PIN acl.
|
* the PIN as the PUK fileid is used in the PIN acl.
|
||||||
*/
|
*/
|
||||||
struct sc_pkcs15_pin_info puk_info;
|
struct sc_pkcs15_auth_info puk_ainfo;
|
||||||
|
|
||||||
if (pinfo->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
||||||
sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PUK, &puk_info);
|
sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PUK, &puk_ainfo);
|
||||||
else
|
else
|
||||||
sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PUK, &puk_info);
|
sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PUK, &puk_ainfo);
|
||||||
|
|
||||||
/* If a PUK we use "file id of the PIN" + 1 as the file id
|
/* If a PUK we use "file id of the PIN" + 1 as the file id
|
||||||
* of the PUK.
|
* of the PUK.
|
||||||
*/
|
*/
|
||||||
puk_id = pid + 1;
|
puk_id = pid + 1;
|
||||||
r = asepcos_do_store_pin(profile, card, &puk_info, puk, puk_len, 0, puk_id);
|
r = asepcos_do_store_pin(profile, card, &puk_ainfo, puk, puk_len, 0, puk_id);
|
||||||
if (r != SC_SUCCESS)
|
if (r != SC_SUCCESS)
|
||||||
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r);
|
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r);
|
||||||
} else
|
} else
|
||||||
puk_id = 0;
|
puk_id = 0;
|
||||||
|
|
||||||
r = asepcos_do_store_pin(profile, card, pinfo, pin, pin_len, puk_id, pid);
|
r = asepcos_do_store_pin(profile, card, auth_info, pin, pin_len, puk_id, pid);
|
||||||
if (r != SC_SUCCESS)
|
if (r != SC_SUCCESS)
|
||||||
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r);
|
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r);
|
||||||
|
|
||||||
#if 1
|
#if 1
|
||||||
if (pinfo->flags & SC_PKCS15_PIN_FLAG_SO_PIN ||
|
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN ||
|
||||||
(have_onepin(profile) && pid == 0x010001)) {
|
(have_onepin(profile) && pid == 0x010001)) {
|
||||||
sc_cardctl_asepcos_activate_file_t st;
|
sc_cardctl_asepcos_activate_file_t st;
|
||||||
/* Once the SO PIN or ,in case of the "onepin" profile", the
|
/* Once the SO PIN or ,in case of the "onepin" profile", the
|
||||||
@ -454,7 +462,7 @@ static int asepcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||||||
r = sc_append_file_id(&tpath, pid & 0xff);
|
r = sc_append_file_id(&tpath, pid & 0xff);
|
||||||
if (r != SC_SUCCESS)
|
if (r != SC_SUCCESS)
|
||||||
return r;
|
return r;
|
||||||
pinfo->path = tpath;
|
auth_info->path = tpath;
|
||||||
#endif
|
#endif
|
||||||
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r);
|
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r);
|
||||||
}
|
}
|
||||||
|
@ -50,7 +50,7 @@ struct tlv {
|
|||||||
* Local functions
|
* Local functions
|
||||||
*/
|
*/
|
||||||
static int cardos_store_pin(sc_profile_t *profile, sc_card_t *card,
|
static int cardos_store_pin(sc_profile_t *profile, sc_card_t *card,
|
||||||
sc_pkcs15_pin_info_t *pin_info, int puk_id,
|
sc_pkcs15_auth_info_t *auth_info, int puk_id,
|
||||||
const u8 *pin, size_t pin_len);
|
const u8 *pin, size_t pin_len);
|
||||||
static int cardos_create_sec_env(sc_profile_t *, sc_card_t *,
|
static int cardos_create_sec_env(sc_profile_t *, sc_card_t *,
|
||||||
unsigned int, unsigned int);
|
unsigned int, unsigned int);
|
||||||
@ -152,14 +152,17 @@ cardos_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *d
|
|||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
cardos_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
cardos_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
||||||
sc_pkcs15_pin_info_t *pin_info)
|
sc_pkcs15_auth_info_t *auth_info)
|
||||||
{
|
{
|
||||||
int preferred, current;
|
int preferred, current;
|
||||||
|
|
||||||
if ((current = pin_info->reference) < 0)
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_OBJECT_NOT_VALID;
|
||||||
|
|
||||||
|
if ((current = auth_info->attrs.pin.reference) < 0)
|
||||||
current = CARDOS_PIN_ID_MIN;
|
current = CARDOS_PIN_ID_MIN;
|
||||||
|
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
||||||
preferred = 1;
|
preferred = 1;
|
||||||
} else {
|
} else {
|
||||||
preferred = current;
|
preferred = current;
|
||||||
@ -172,7 +175,7 @@ cardos_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||||||
|
|
||||||
if (current > preferred || preferred > CARDOS_PIN_ID_MAX)
|
if (current > preferred || preferred > CARDOS_PIN_ID_MAX)
|
||||||
return SC_ERROR_TOO_MANY_OBJECTS;
|
return SC_ERROR_TOO_MANY_OBJECTS;
|
||||||
pin_info->reference = preferred;
|
auth_info->attrs.pin.reference = preferred;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -185,7 +188,7 @@ cardos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *d
|
|||||||
const u8 *pin, size_t pin_len,
|
const u8 *pin, size_t pin_len,
|
||||||
const u8 *puk, size_t puk_len)
|
const u8 *puk, size_t puk_len)
|
||||||
{
|
{
|
||||||
sc_pkcs15_pin_info_t *pin_info = (sc_pkcs15_pin_info_t *) pin_obj->data;
|
sc_pkcs15_auth_info_t *auth_info = (sc_pkcs15_auth_info_t *) pin_obj->data;
|
||||||
struct sc_card *card = p15card->card;
|
struct sc_card *card = p15card->card;
|
||||||
unsigned int puk_id = CARDOS_AC_NEVER;
|
unsigned int puk_id = CARDOS_AC_NEVER;
|
||||||
int r;
|
int r;
|
||||||
@ -193,24 +196,27 @@ cardos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *d
|
|||||||
if (!pin || !pin_len)
|
if (!pin || !pin_len)
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
|
|
||||||
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_OBJECT_NOT_VALID;
|
||||||
|
|
||||||
r = sc_select_file(card, &df->path, NULL);
|
r = sc_select_file(card, &df->path, NULL);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
if (puk && puk_len) {
|
if (puk && puk_len) {
|
||||||
struct sc_pkcs15_pin_info puk_info;
|
struct sc_pkcs15_auth_info puk_ainfo;
|
||||||
|
|
||||||
sc_profile_get_pin_info(profile,
|
sc_profile_get_pin_info(profile,
|
||||||
SC_PKCS15INIT_USER_PUK, &puk_info);
|
SC_PKCS15INIT_USER_PUK, &puk_ainfo);
|
||||||
puk_info.reference = puk_id = pin_info->reference + 1;
|
puk_ainfo.attrs.pin.reference = puk_id = auth_info->attrs.pin.reference + 1;
|
||||||
r = cardos_store_pin(profile, card,
|
r = cardos_store_pin(profile, card,
|
||||||
&puk_info, CARDOS_AC_NEVER,
|
&puk_ainfo, CARDOS_AC_NEVER,
|
||||||
puk, puk_len);
|
puk, puk_len);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (r >= 0) {
|
if (r >= 0) {
|
||||||
r = cardos_store_pin(profile, card,
|
r = cardos_store_pin(profile, card,
|
||||||
pin_info, puk_id, pin, pin_len);
|
auth_info, puk_id, pin, pin_len);
|
||||||
}
|
}
|
||||||
|
|
||||||
return r;
|
return r;
|
||||||
@ -399,7 +405,7 @@ out:
|
|||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
cardos_store_pin(sc_profile_t *profile, sc_card_t *card,
|
cardos_store_pin(sc_profile_t *profile, sc_card_t *card,
|
||||||
sc_pkcs15_pin_info_t *pin_info, int puk_id,
|
sc_pkcs15_auth_info_t *auth_info, int puk_id,
|
||||||
const u8 *pin, size_t pin_len)
|
const u8 *pin, size_t pin_len)
|
||||||
{
|
{
|
||||||
struct sc_cardctl_cardos_obj_info args;
|
struct sc_cardctl_cardos_obj_info args;
|
||||||
@ -409,6 +415,9 @@ cardos_store_pin(sc_profile_t *profile, sc_card_t *card,
|
|||||||
unsigned int attempts, minlen, maxlen;
|
unsigned int attempts, minlen, maxlen;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_OBJECT_NOT_VALID;
|
||||||
|
|
||||||
/* We need to do padding because pkcs15-lib.c does it.
|
/* We need to do padding because pkcs15-lib.c does it.
|
||||||
* Would be nice to have a flag in the profile that says
|
* Would be nice to have a flag in the profile that says
|
||||||
* "no padding required". */
|
* "no padding required". */
|
||||||
@ -423,15 +432,15 @@ cardos_store_pin(sc_profile_t *profile, sc_card_t *card,
|
|||||||
pinpadded[pin_len++] = profile->pin_pad_char;
|
pinpadded[pin_len++] = profile->pin_pad_char;
|
||||||
pin = pinpadded;
|
pin = pinpadded;
|
||||||
|
|
||||||
attempts = pin_info->tries_left;
|
attempts = auth_info->tries_left;
|
||||||
minlen = pin_info->min_length;
|
minlen = auth_info->attrs.pin.min_length;
|
||||||
|
|
||||||
tlv_init(&tlv, buffer, sizeof(buffer));
|
tlv_init(&tlv, buffer, sizeof(buffer));
|
||||||
|
|
||||||
/* object address: class, id */
|
/* object address: class, id */
|
||||||
tlv_next(&tlv, 0x83);
|
tlv_next(&tlv, 0x83);
|
||||||
tlv_add(&tlv, 0x00); /* class byte: usage TEST, k=0 */
|
tlv_add(&tlv, 0x00); /* class byte: usage TEST, k=0 */
|
||||||
tlv_add(&tlv, pin_info->reference);
|
tlv_add(&tlv, auth_info->attrs.pin.reference);
|
||||||
|
|
||||||
/* parameters */
|
/* parameters */
|
||||||
tlv_next(&tlv, 0x85);
|
tlv_next(&tlv, 0x85);
|
||||||
@ -461,7 +470,7 @@ cardos_store_pin(sc_profile_t *profile, sc_card_t *card,
|
|||||||
/* AC conditions */
|
/* AC conditions */
|
||||||
tlv_next(&tlv, 0x86);
|
tlv_next(&tlv, 0x86);
|
||||||
tlv_add(&tlv, 0x00); /* use: always */
|
tlv_add(&tlv, 0x00); /* use: always */
|
||||||
tlv_add(&tlv, pin_info->reference); /* change: PIN */
|
tlv_add(&tlv, auth_info->attrs.pin.reference); /* change: PIN */
|
||||||
tlv_add(&tlv, puk_id); /* unblock: PUK */
|
tlv_add(&tlv, puk_id); /* unblock: PUK */
|
||||||
|
|
||||||
/* data: PIN */
|
/* data: PIN */
|
||||||
|
@ -185,21 +185,24 @@ cflex_create_domain(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
cflex_select_pin_reference(sc_profile_t *profike, sc_pkcs15_card_t *p15card,
|
cflex_select_pin_reference(sc_profile_t *profike, sc_pkcs15_card_t *p15card,
|
||||||
sc_pkcs15_pin_info_t *pin_info)
|
sc_pkcs15_auth_info_t *auth_info)
|
||||||
{
|
{
|
||||||
int preferred;
|
int preferred;
|
||||||
|
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_OBJECT_NOT_VALID;
|
||||||
|
|
||||||
|
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
||||||
preferred = 2;
|
preferred = 2;
|
||||||
} else {
|
} else {
|
||||||
preferred = 1;
|
preferred = 1;
|
||||||
}
|
}
|
||||||
if (pin_info->reference <= preferred) {
|
if (auth_info->attrs.pin.reference <= preferred) {
|
||||||
pin_info->reference = preferred;
|
auth_info->attrs.pin.reference = preferred;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (pin_info->reference > 2)
|
if (auth_info->attrs.pin.reference > 2)
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
|
|
||||||
/* Caller, please select a different PIN reference */
|
/* Caller, please select a different PIN reference */
|
||||||
@ -217,34 +220,39 @@ cflex_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df
|
|||||||
const u8 *puk, size_t puk_len)
|
const u8 *puk, size_t puk_len)
|
||||||
{
|
{
|
||||||
struct sc_context *ctx = p15card->card->ctx;
|
struct sc_context *ctx = p15card->card->ctx;
|
||||||
sc_pkcs15_pin_info_t *pin_info = (sc_pkcs15_pin_info_t *) pin_obj->data;
|
sc_pkcs15_auth_info_t *auth_info = (sc_pkcs15_auth_info_t *) pin_obj->data;
|
||||||
|
struct sc_pkcs15_pin_attributes *pin_attrs = &auth_info->attrs.pin;
|
||||||
sc_file_t *dummies[2];
|
sc_file_t *dummies[2];
|
||||||
int ndummies, pin_type, puk_type, r;
|
int ndummies, pin_type, puk_type, r;
|
||||||
sc_file_t *file;
|
sc_file_t *file;
|
||||||
|
|
||||||
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL);
|
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL);
|
||||||
|
|
||||||
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_OBJECT_NOT_VALID;
|
||||||
|
|
||||||
/* If the profile doesn't specify a reference for this PIN, guess */
|
/* If the profile doesn't specify a reference for this PIN, guess */
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
||||||
pin_type = SC_PKCS15INIT_SO_PIN;
|
pin_type = SC_PKCS15INIT_SO_PIN;
|
||||||
puk_type = SC_PKCS15INIT_SO_PUK;
|
puk_type = SC_PKCS15INIT_SO_PUK;
|
||||||
if (pin_info->reference != 2)
|
if (pin_attrs->reference != 2)
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
} else {
|
} else {
|
||||||
pin_type = SC_PKCS15INIT_USER_PIN;
|
pin_type = SC_PKCS15INIT_USER_PIN;
|
||||||
puk_type = SC_PKCS15INIT_USER_PUK;
|
puk_type = SC_PKCS15INIT_USER_PUK;
|
||||||
if (pin_info->reference != 1)
|
if (pin_attrs->reference != 1)
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Get file definition from the profile */
|
/* Get file definition from the profile */
|
||||||
if (sc_profile_get_file(profile, (pin_info->reference == 1)? "CHV1" : "CHV2", &file) < 0
|
if (sc_profile_get_file(profile, (pin_attrs->reference == 1)? "CHV1" : "CHV2", &file) < 0
|
||||||
&& sc_profile_get_file(profile, "CHV", &file) < 0)
|
&& sc_profile_get_file(profile, "CHV", &file) < 0)
|
||||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_FILE_NOT_FOUND, "profile does not define pin file ACLs");
|
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_FILE_NOT_FOUND, "profile does not define pin file ACLs");
|
||||||
|
|
||||||
ndummies = cflex_create_dummy_chvs(profile, p15card, file, SC_AC_OP_CREATE, dummies);
|
ndummies = cflex_create_dummy_chvs(profile, p15card, file, SC_AC_OP_CREATE, dummies);
|
||||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, ndummies, "Unable to create dummy CHV file");
|
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, ndummies, "Unable to create dummy CHV file");
|
||||||
|
|
||||||
r = cflex_create_pin_file(profile, p15card, &df->path, pin_info->reference,
|
r = cflex_create_pin_file(profile, p15card, &df->path, pin_attrs->reference,
|
||||||
pin, pin_len, sc_profile_get_pin_retries(profile, pin_type),
|
pin, pin_len, sc_profile_get_pin_retries(profile, pin_type),
|
||||||
puk, puk_len, sc_profile_get_pin_retries(profile, puk_type),
|
puk, puk_len, sc_profile_get_pin_retries(profile, puk_type),
|
||||||
NULL, 0);
|
NULL, 0);
|
||||||
|
@ -246,14 +246,18 @@ static int entersafe_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int entersafe_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
static int entersafe_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
||||||
sc_pkcs15_pin_info_t *pin_info)
|
sc_pkcs15_auth_info_t *auth_info)
|
||||||
{
|
{
|
||||||
SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE);
|
SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE);
|
||||||
|
|
||||||
if (pin_info->reference < ENTERSAFE_USER_PIN_ID)
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
pin_info->reference = ENTERSAFE_USER_PIN_ID;
|
return SC_ERROR_OBJECT_NOT_VALID;
|
||||||
if(pin_info->reference>ENTERSAFE_USER_PIN_ID)
|
|
||||||
|
if (auth_info->attrs.pin.reference < ENTERSAFE_USER_PIN_ID)
|
||||||
|
auth_info->attrs.pin.reference = ENTERSAFE_USER_PIN_ID;
|
||||||
|
if (auth_info->attrs.pin.reference > ENTERSAFE_USER_PIN_ID)
|
||||||
return SC_ERROR_TOO_MANY_OBJECTS;
|
return SC_ERROR_TOO_MANY_OBJECTS;
|
||||||
|
|
||||||
SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE,SC_SUCCESS);
|
SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE,SC_SUCCESS);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -264,17 +268,20 @@ static int entersafe_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card
|
|||||||
{
|
{
|
||||||
struct sc_card *card = p15card->card;
|
struct sc_card *card = p15card->card;
|
||||||
int r;
|
int r;
|
||||||
sc_pkcs15_pin_info_t *pin_info = (sc_pkcs15_pin_info_t *) pin_obj->data;
|
sc_pkcs15_auth_info_t *auth_info = (sc_pkcs15_auth_info_t *) pin_obj->data;
|
||||||
|
|
||||||
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
|
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
|
||||||
|
|
||||||
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_OBJECT_NOT_VALID;
|
||||||
|
|
||||||
{/*pin*/
|
{/*pin*/
|
||||||
sc_entersafe_wkey_data data;
|
sc_entersafe_wkey_data data;
|
||||||
|
|
||||||
if (!pin || !pin_len || pin_len > 16)
|
if (!pin || !pin_len || pin_len > 16)
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
|
|
||||||
data.key_id=pin_info->reference;
|
data.key_id = auth_info->attrs.pin.reference;
|
||||||
data.usage=0x0B;
|
data.usage=0x0B;
|
||||||
data.key_data.symmetric.EC=0x33;
|
data.key_data.symmetric.EC=0x33;
|
||||||
data.key_data.symmetric.ver=0x00;
|
data.key_data.symmetric.ver=0x00;
|
||||||
@ -296,7 +303,7 @@ static int entersafe_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card
|
|||||||
if (!puk || !puk_len || puk_len > 16)
|
if (!puk || !puk_len || puk_len > 16)
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
|
|
||||||
data.key_id=pin_info->reference+1;
|
data.key_id = auth_info->attrs.pin.reference+1;
|
||||||
data.usage=0x0B;
|
data.usage=0x0B;
|
||||||
data.key_data.symmetric.EC=0x33;
|
data.key_data.symmetric.EC=0x33;
|
||||||
data.key_data.symmetric.ver=0x00;
|
data.key_data.symmetric.ver=0x00;
|
||||||
@ -427,7 +434,7 @@ static int entersafe_generate_key(sc_profile_t *profile, sc_pkcs15_card_t *p15ca
|
|||||||
static int entersafe_sanity_check(sc_profile_t *profile, sc_pkcs15_card_t *p15card)
|
static int entersafe_sanity_check(sc_profile_t *profile, sc_pkcs15_card_t *p15card)
|
||||||
{
|
{
|
||||||
struct sc_context *ctx = p15card->card->ctx;
|
struct sc_context *ctx = p15card->card->ctx;
|
||||||
struct sc_pkcs15_pin_info profile_pin;
|
struct sc_pkcs15_auth_info profile_auth;
|
||||||
struct sc_pkcs15_object *objs[32];
|
struct sc_pkcs15_object *objs[32];
|
||||||
int rv, nn, ii, update_df = 0;
|
int rv, nn, ii, update_df = 0;
|
||||||
|
|
||||||
@ -438,17 +445,22 @@ static int entersafe_sanity_check(sc_profile_t *profile, sc_pkcs15_card_t *p15ca
|
|||||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to get PINs");
|
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to get PINs");
|
||||||
nn = rv;
|
nn = rv;
|
||||||
|
|
||||||
sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PIN, &profile_pin);
|
sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PIN, &profile_auth);
|
||||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to get PIN info");
|
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to get PIN info");
|
||||||
|
|
||||||
for (ii=0; ii<nn; ii++) {
|
for (ii=0; ii<nn; ii++) {
|
||||||
struct sc_pkcs15_pin_info *pinfo = (struct sc_pkcs15_pin_info *) objs[ii]->data;
|
struct sc_pkcs15_auth_info *ainfo = (struct sc_pkcs15_auth_info *) objs[ii]->data;
|
||||||
|
struct sc_pkcs15_pin_attributes *pin_attrs = &ainfo->attrs.pin;
|
||||||
|
|
||||||
if (pinfo->reference == profile_pin.reference && pinfo->flags != profile_pin.flags) {
|
if (ainfo->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
continue;
|
||||||
|
|
||||||
|
if (pin_attrs->reference == profile_auth.attrs.pin.reference
|
||||||
|
&& pin_attrs->flags != profile_auth.attrs.pin.flags) {
|
||||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Set flags of '%s'(flags:%X,ref:%i,id:%s) to %X", objs[ii]->label,
|
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Set flags of '%s'(flags:%X,ref:%i,id:%s) to %X", objs[ii]->label,
|
||||||
pinfo->flags, pinfo->reference, sc_pkcs15_print_id(&pinfo->auth_id),
|
pin_attrs->flags, pin_attrs->reference, sc_pkcs15_print_id(&ainfo->auth_id),
|
||||||
profile_pin.flags);
|
profile_auth.attrs.pin.flags);
|
||||||
pinfo->flags = profile_pin.flags;
|
pin_attrs->flags = profile_auth.attrs.pin.flags;
|
||||||
update_df = 1;
|
update_df = 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -162,15 +162,19 @@ gpk_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df)
|
|||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
gpk_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
gpk_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
||||||
sc_pkcs15_pin_info_t *pin_info)
|
sc_pkcs15_auth_info_t *auth_info)
|
||||||
{
|
{
|
||||||
int preferred, current;
|
int preferred, current;
|
||||||
|
|
||||||
SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE);
|
SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE);
|
||||||
if ((current = pin_info->reference) < 0)
|
|
||||||
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_OBJECT_NOT_VALID;
|
||||||
|
|
||||||
|
if ((current = auth_info->attrs.pin.reference) < 0)
|
||||||
current = 0;
|
current = 0;
|
||||||
|
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
||||||
preferred = GPK_PIN_SCOPE | 0;
|
preferred = GPK_PIN_SCOPE | 0;
|
||||||
} else {
|
} else {
|
||||||
preferred = current | GPK_PIN_SCOPE;
|
preferred = current | GPK_PIN_SCOPE;
|
||||||
@ -185,7 +189,7 @@ gpk_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||||||
|
|
||||||
if (current > preferred)
|
if (current > preferred)
|
||||||
return SC_ERROR_TOO_MANY_OBJECTS;
|
return SC_ERROR_TOO_MANY_OBJECTS;
|
||||||
pin_info->reference = preferred;
|
auth_info->attrs.pin.reference = preferred;
|
||||||
SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, 0);
|
SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -198,14 +202,19 @@ gpk_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df,
|
|||||||
const u8 *pin, size_t pin_len,
|
const u8 *pin, size_t pin_len,
|
||||||
const u8 *puk, size_t puk_len)
|
const u8 *puk, size_t puk_len)
|
||||||
{
|
{
|
||||||
sc_pkcs15_pin_info_t *pin_info = (sc_pkcs15_pin_info_t *) pin_obj->data;
|
sc_pkcs15_auth_info_t *auth_info = (sc_pkcs15_auth_info_t *) pin_obj->data;
|
||||||
|
struct sc_pkcs15_pin_attributes *pin_attrs = &auth_info->attrs.pin;
|
||||||
u8 nulpin[8];
|
u8 nulpin[8];
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE);
|
SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE);
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
|
||||||
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_OBJECT_NOT_VALID;
|
||||||
|
|
||||||
|
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
||||||
/* SO PIN reference must be 0 */
|
/* SO PIN reference must be 0 */
|
||||||
if (pin_info->reference != (GPK_PIN_SCOPE | 0))
|
if (pin_attrs->reference != (GPK_PIN_SCOPE | 0))
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
} else {
|
} else {
|
||||||
/* PIN references must be even numbers
|
/* PIN references must be even numbers
|
||||||
@ -214,9 +223,9 @@ gpk_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df,
|
|||||||
* Returning SC_ERROR_INVALID_PIN_REFERENCE will
|
* Returning SC_ERROR_INVALID_PIN_REFERENCE will
|
||||||
* tell the caller to pick a different value.
|
* tell the caller to pick a different value.
|
||||||
*/
|
*/
|
||||||
if ((pin_info->reference & 1) || !(pin_info->reference & GPK_PIN_SCOPE))
|
if ((pin_attrs->reference & 1) || !(pin_attrs->reference & GPK_PIN_SCOPE))
|
||||||
return SC_ERROR_INVALID_PIN_REFERENCE;
|
return SC_ERROR_INVALID_PIN_REFERENCE;
|
||||||
if (pin_info->reference >= (GPK_PIN_SCOPE + GPK_MAX_PINS))
|
if (pin_attrs->reference >= (GPK_PIN_SCOPE + GPK_MAX_PINS))
|
||||||
return SC_ERROR_TOO_MANY_OBJECTS;
|
return SC_ERROR_TOO_MANY_OBJECTS;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -238,7 +247,7 @@ gpk_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df,
|
|||||||
/* Current PIN is 00:00:00:00:00:00:00:00 */
|
/* Current PIN is 00:00:00:00:00:00:00:00 */
|
||||||
memset(nulpin, 0, sizeof(nulpin));
|
memset(nulpin, 0, sizeof(nulpin));
|
||||||
r = sc_change_reference_data(p15card->card, SC_AC_CHV,
|
r = sc_change_reference_data(p15card->card, SC_AC_CHV,
|
||||||
pin_info->reference,
|
pin_attrs->reference,
|
||||||
nulpin, sizeof(nulpin),
|
nulpin, sizeof(nulpin),
|
||||||
pin, pin_len, NULL);
|
pin, pin_len, NULL);
|
||||||
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "change CHV %i", r);
|
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "change CHV %i", r);
|
||||||
@ -247,7 +256,7 @@ gpk_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df,
|
|||||||
|
|
||||||
/* Current PUK is 00:00:00:00:00:00:00:00 */
|
/* Current PUK is 00:00:00:00:00:00:00:00 */
|
||||||
r = sc_change_reference_data(p15card->card, SC_AC_CHV,
|
r = sc_change_reference_data(p15card->card, SC_AC_CHV,
|
||||||
pin_info->reference + 1,
|
pin_attrs->reference + 1,
|
||||||
nulpin, sizeof(nulpin),
|
nulpin, sizeof(nulpin),
|
||||||
puk, puk_len, NULL);
|
puk, puk_len, NULL);
|
||||||
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "change CHV+1 %i", r);
|
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "change CHV+1 %i", r);
|
||||||
|
@ -648,12 +648,14 @@ iasecc_pkcs15_get_auth_id_from_se(struct sc_pkcs15_card *p15card, unsigned char
|
|||||||
LOG_TEST_RET(ctx, rv, "Card CTL error: cannot get CHV reference from SE");
|
LOG_TEST_RET(ctx, rv, "Card CTL error: cannot get CHV reference from SE");
|
||||||
pin_ref = rv;
|
pin_ref = rv;
|
||||||
for (ii=0; ii<nn_pins; ii++) {
|
for (ii=0; ii<nn_pins; ii++) {
|
||||||
const struct sc_pkcs15_pin_info *pin_info = (const struct sc_pkcs15_pin_info *) pin_objs[ii]->data;
|
const struct sc_pkcs15_auth_info *auth_info = (const struct sc_pkcs15_auth_info *) pin_objs[ii]->data;
|
||||||
|
|
||||||
/* FIXME: make pin reference 'unsigned' */
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
sc_log(ctx, "PIN refs %i/%i", pin_ref, pin_info->reference);
|
continue;
|
||||||
if (pin_ref == ((pin_info->reference + 0x100) % 0x100)) {
|
|
||||||
*auth_id = pin_info->auth_id;
|
sc_log(ctx, "PIN refs %i/%i", pin_ref, auth_info->attrs.pin.reference);
|
||||||
|
if (pin_ref == ((auth_info->attrs.pin.reference + 0x100) % 0x100)) {
|
||||||
|
*auth_id = auth_info->auth_id;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -56,7 +56,7 @@ struct rsakey {
|
|||||||
* Local functions
|
* Local functions
|
||||||
*/
|
*/
|
||||||
static int incrypto34_store_pin(sc_profile_t *profile, sc_card_t *card,
|
static int incrypto34_store_pin(sc_profile_t *profile, sc_card_t *card,
|
||||||
sc_pkcs15_pin_info_t *pin_info, int puk_id,
|
sc_pkcs15_auth_info_t *auth_info, int puk_id,
|
||||||
const u8 *pin, size_t pin_len);
|
const u8 *pin, size_t pin_len);
|
||||||
static int incrypto34_create_sec_env(sc_profile_t *, sc_card_t *,
|
static int incrypto34_create_sec_env(sc_profile_t *, sc_card_t *,
|
||||||
unsigned int, unsigned int);
|
unsigned int, unsigned int);
|
||||||
@ -172,14 +172,17 @@ incrypto34_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_
|
|||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
incrypto34_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
incrypto34_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
||||||
sc_pkcs15_pin_info_t *pin_info)
|
sc_pkcs15_auth_info_t *auth_info)
|
||||||
{
|
{
|
||||||
int preferred, current;
|
int preferred, current;
|
||||||
|
|
||||||
if ((current = pin_info->reference) < 0)
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_OBJECT_NOT_VALID;
|
||||||
|
|
||||||
|
if ((current = auth_info->attrs.pin.reference) < 0)
|
||||||
current = INCRYPTO34_PIN_ID_MIN;
|
current = INCRYPTO34_PIN_ID_MIN;
|
||||||
|
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
||||||
preferred = 1;
|
preferred = 1;
|
||||||
} else {
|
} else {
|
||||||
preferred = current;
|
preferred = current;
|
||||||
@ -192,7 +195,7 @@ incrypto34_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card
|
|||||||
|
|
||||||
if (current > preferred || preferred > INCRYPTO34_PIN_ID_MAX)
|
if (current > preferred || preferred > INCRYPTO34_PIN_ID_MAX)
|
||||||
return SC_ERROR_TOO_MANY_OBJECTS;
|
return SC_ERROR_TOO_MANY_OBJECTS;
|
||||||
pin_info->reference = preferred;
|
auth_info->attrs.pin.reference = preferred;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -205,31 +208,34 @@ incrypto34_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||||||
const u8 *pin, size_t pin_len,
|
const u8 *pin, size_t pin_len,
|
||||||
const u8 *puk, size_t puk_len)
|
const u8 *puk, size_t puk_len)
|
||||||
{
|
{
|
||||||
sc_pkcs15_pin_info_t *pin_info = (sc_pkcs15_pin_info_t *) pin_obj->data;
|
sc_pkcs15_auth_info_t *auth_info = (sc_pkcs15_auth_info_t *) pin_obj->data;
|
||||||
unsigned int puk_id = INCRYPTO34_AC_NEVER;
|
unsigned int puk_id = INCRYPTO34_AC_NEVER;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
if (!pin || !pin_len)
|
if (!pin || !pin_len)
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
|
|
||||||
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_OBJECT_NOT_VALID;
|
||||||
|
|
||||||
r = sc_select_file(p15card->card, &df->path, NULL);
|
r = sc_select_file(p15card->card, &df->path, NULL);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
if (puk && puk_len) {
|
if (puk && puk_len) {
|
||||||
struct sc_pkcs15_pin_info puk_info;
|
struct sc_pkcs15_auth_info puk_ainfo;
|
||||||
|
|
||||||
sc_profile_get_pin_info(profile,
|
sc_profile_get_pin_info(profile,
|
||||||
SC_PKCS15INIT_USER_PUK, &puk_info);
|
SC_PKCS15INIT_USER_PUK, &puk_ainfo);
|
||||||
puk_info.reference = puk_id = pin_info->reference + 1;
|
puk_ainfo.attrs.pin.reference = puk_id = auth_info->attrs.pin.reference + 1;
|
||||||
r = incrypto34_store_pin(profile, p15card->card,
|
r = incrypto34_store_pin(profile, p15card->card,
|
||||||
&puk_info, INCRYPTO34_AC_NEVER,
|
&puk_ainfo, INCRYPTO34_AC_NEVER,
|
||||||
puk, puk_len);
|
puk, puk_len);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (r >= 0) {
|
if (r >= 0) {
|
||||||
r = incrypto34_store_pin(profile, p15card->card,
|
r = incrypto34_store_pin(profile, p15card->card,
|
||||||
pin_info, puk_id,
|
auth_info, puk_id,
|
||||||
pin, pin_len);
|
pin, pin_len);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -383,7 +389,7 @@ out: if (delete_it) {
|
|||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
incrypto34_store_pin(sc_profile_t *profile, sc_card_t *card,
|
incrypto34_store_pin(sc_profile_t *profile, sc_card_t *card,
|
||||||
sc_pkcs15_pin_info_t *pin_info, int puk_id,
|
sc_pkcs15_auth_info_t *auth_info, int puk_id,
|
||||||
const u8 *pin, size_t pin_len)
|
const u8 *pin, size_t pin_len)
|
||||||
{
|
{
|
||||||
struct sc_cardctl_incrypto34_obj_info args;
|
struct sc_cardctl_incrypto34_obj_info args;
|
||||||
@ -392,6 +398,9 @@ incrypto34_store_pin(sc_profile_t *profile, sc_card_t *card,
|
|||||||
struct tlv tlv;
|
struct tlv tlv;
|
||||||
unsigned int attempts, minlen, maxlen;
|
unsigned int attempts, minlen, maxlen;
|
||||||
|
|
||||||
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_OBJECT_NOT_VALID;
|
||||||
|
|
||||||
/* We need to do padding because pkcs15-lib.c does it.
|
/* We need to do padding because pkcs15-lib.c does it.
|
||||||
* Would be nice to have a flag in the profile that says
|
* Would be nice to have a flag in the profile that says
|
||||||
* "no padding required". */
|
* "no padding required". */
|
||||||
@ -403,15 +412,15 @@ incrypto34_store_pin(sc_profile_t *profile, sc_card_t *card,
|
|||||||
pinpadded[pin_len++] = profile->pin_pad_char;
|
pinpadded[pin_len++] = profile->pin_pad_char;
|
||||||
pin = pinpadded;
|
pin = pinpadded;
|
||||||
|
|
||||||
attempts = pin_info->tries_left;
|
attempts = auth_info->tries_left;
|
||||||
minlen = pin_info->min_length;
|
minlen = auth_info->attrs.pin.min_length;
|
||||||
|
|
||||||
tlv_init(&tlv, buffer, sizeof(buffer));
|
tlv_init(&tlv, buffer, sizeof(buffer));
|
||||||
|
|
||||||
/* object address: class, id */
|
/* object address: class, id */
|
||||||
tlv_next(&tlv, 0x83);
|
tlv_next(&tlv, 0x83);
|
||||||
tlv_add(&tlv, 0x00); /* class byte: usage TEST, k=0 */
|
tlv_add(&tlv, 0x00); /* class byte: usage TEST, k=0 */
|
||||||
tlv_add(&tlv, pin_info->reference);
|
tlv_add(&tlv, auth_info->attrs.pin.reference);
|
||||||
|
|
||||||
/* parameters */
|
/* parameters */
|
||||||
tlv_next(&tlv, 0x85);
|
tlv_next(&tlv, 0x85);
|
||||||
@ -439,7 +448,7 @@ incrypto34_store_pin(sc_profile_t *profile, sc_card_t *card,
|
|||||||
/* AC conditions */
|
/* AC conditions */
|
||||||
tlv_next(&tlv, 0x86);
|
tlv_next(&tlv, 0x86);
|
||||||
tlv_add(&tlv, 0x00); /* use: always */
|
tlv_add(&tlv, 0x00); /* use: always */
|
||||||
tlv_add(&tlv, pin_info->reference); /* change: PIN */
|
tlv_add(&tlv, auth_info->attrs.pin.reference); /* change: PIN */
|
||||||
tlv_add(&tlv, puk_id); /* unblock: PUK */
|
tlv_add(&tlv, puk_id); /* unblock: PUK */
|
||||||
tlv_add(&tlv, 0xFF); /*RFU*/
|
tlv_add(&tlv, 0xFF); /*RFU*/
|
||||||
tlv_add(&tlv, 0xFF); /*RFU*/
|
tlv_add(&tlv, 0xFF); /*RFU*/
|
||||||
|
@ -57,7 +57,7 @@ struct sc_pkcs15init_operations {
|
|||||||
* Select a PIN reference
|
* Select a PIN reference
|
||||||
*/
|
*/
|
||||||
int (*select_pin_reference)(struct sc_profile *, struct sc_pkcs15_card *,
|
int (*select_pin_reference)(struct sc_profile *, struct sc_pkcs15_card *,
|
||||||
struct sc_pkcs15_pin_info *);
|
struct sc_pkcs15_auth_info *);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Create a PIN object within the given DF.
|
* Create a PIN object within the given DF.
|
||||||
@ -160,7 +160,7 @@ struct sc_pkcs15init_callbacks {
|
|||||||
* Get a PIN from the front-end. The first argument is
|
* Get a PIN from the front-end. The first argument is
|
||||||
* one of the SC_PKCS15INIT_XXX_PIN/PUK macros.
|
* one of the SC_PKCS15INIT_XXX_PIN/PUK macros.
|
||||||
*/
|
*/
|
||||||
int (*get_pin)(struct sc_profile *, int, const struct sc_pkcs15_pin_info *,
|
int (*get_pin)(struct sc_profile *, int, const struct sc_pkcs15_auth_info *,
|
||||||
const char *, unsigned char *, size_t *);
|
const char *, unsigned char *, size_t *);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -340,7 +340,7 @@ extern int sc_pkcs15init_authenticate(struct sc_profile *, struct sc_pkcs15_card
|
|||||||
struct sc_file *, int);
|
struct sc_file *, int);
|
||||||
extern int sc_pkcs15init_fixup_file(struct sc_profile *, struct sc_pkcs15_card *,
|
extern int sc_pkcs15init_fixup_file(struct sc_profile *, struct sc_pkcs15_card *,
|
||||||
struct sc_file *);
|
struct sc_file *);
|
||||||
extern int sc_pkcs15init_get_pin_info(struct sc_profile *, int, struct sc_pkcs15_pin_info *);
|
extern int sc_pkcs15init_get_pin_info(struct sc_profile *, int, struct sc_pkcs15_auth_info *);
|
||||||
extern int sc_profile_get_pin_retries(struct sc_profile *, int);
|
extern int sc_profile_get_pin_retries(struct sc_profile *, int);
|
||||||
extern int sc_pkcs15init_get_manufacturer(struct sc_profile *,
|
extern int sc_pkcs15init_get_manufacturer(struct sc_profile *,
|
||||||
const char **);
|
const char **);
|
||||||
|
@ -73,13 +73,16 @@ jcop_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *fil
|
|||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
jcop_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
jcop_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
||||||
sc_pkcs15_pin_info_t *pin_info) {
|
sc_pkcs15_auth_info_t *auth_info) {
|
||||||
int preferred, current;
|
int preferred, current;
|
||||||
|
|
||||||
if ((current = pin_info->reference) < 0)
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_OBJECT_NOT_VALID;
|
||||||
|
|
||||||
|
if ((current = auth_info->attrs.pin.reference) < 0)
|
||||||
current = 0;
|
current = 0;
|
||||||
|
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
||||||
preferred = 3;
|
preferred = 3;
|
||||||
} else {
|
} else {
|
||||||
preferred = current;
|
preferred = current;
|
||||||
@ -90,7 +93,7 @@ jcop_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||||||
}
|
}
|
||||||
if (current > preferred)
|
if (current > preferred)
|
||||||
return SC_ERROR_TOO_MANY_OBJECTS;
|
return SC_ERROR_TOO_MANY_OBJECTS;
|
||||||
pin_info->reference = preferred;
|
auth_info->attrs.pin.reference = preferred;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -103,17 +106,21 @@ jcop_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df,
|
|||||||
const unsigned char *pin, size_t pin_len,
|
const unsigned char *pin, size_t pin_len,
|
||||||
const unsigned char *puk, size_t puk_len)
|
const unsigned char *puk, size_t puk_len)
|
||||||
{
|
{
|
||||||
sc_pkcs15_pin_info_t *pin_info = (sc_pkcs15_pin_info_t *) pin_obj->data;
|
sc_pkcs15_auth_info_t *auth_info = (sc_pkcs15_auth_info_t *) pin_obj->data;
|
||||||
|
struct sc_pkcs15_pin_attributes *pin_attrs = &auth_info->attrs.pin;
|
||||||
unsigned char nulpin[16];
|
unsigned char nulpin[16];
|
||||||
unsigned char padpin[16];
|
unsigned char padpin[16];
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_OBJECT_NOT_VALID;
|
||||||
|
|
||||||
|
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
||||||
/* SO PIN reference must be 0 */
|
/* SO PIN reference must be 0 */
|
||||||
if (pin_info->reference != 3)
|
if (pin_attrs->reference != 3)
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
} else {
|
} else {
|
||||||
if (pin_info->reference >= 3)
|
if (pin_attrs->reference >= 3)
|
||||||
return SC_ERROR_TOO_MANY_OBJECTS;
|
return SC_ERROR_TOO_MANY_OBJECTS;
|
||||||
}
|
}
|
||||||
if (puk != NULL && puk_len > 0) {
|
if (puk != NULL && puk_len > 0) {
|
||||||
@ -128,13 +135,13 @@ jcop_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df,
|
|||||||
memset(padpin, 0, sizeof(padpin));
|
memset(padpin, 0, sizeof(padpin));
|
||||||
memcpy(padpin, pin, pin_len);
|
memcpy(padpin, pin, pin_len);
|
||||||
r = sc_change_reference_data(p15card->card, SC_AC_CHV,
|
r = sc_change_reference_data(p15card->card, SC_AC_CHV,
|
||||||
pin_info->reference,
|
pin_attrs->reference,
|
||||||
nulpin, sizeof(nulpin),
|
nulpin, sizeof(nulpin),
|
||||||
padpin, sizeof(padpin), NULL);
|
padpin, sizeof(padpin), NULL);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
pin_info->flags &= ~SC_PKCS15_PIN_FLAG_LOCAL;
|
pin_attrs->flags &= ~SC_PKCS15_PIN_FLAG_LOCAL;
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -119,7 +119,7 @@ static int select_object_path(struct sc_pkcs15_card *, struct sc_profile *,
|
|||||||
static int sc_pkcs15init_get_pin_path(struct sc_pkcs15_card *,
|
static int sc_pkcs15init_get_pin_path(struct sc_pkcs15_card *,
|
||||||
struct sc_pkcs15_id *, struct sc_path *);
|
struct sc_pkcs15_id *, struct sc_path *);
|
||||||
static int sc_pkcs15init_qualify_pin(struct sc_card *, const char *,
|
static int sc_pkcs15init_qualify_pin(struct sc_card *, const char *,
|
||||||
unsigned int, struct sc_pkcs15_pin_info *);
|
unsigned int, struct sc_pkcs15_auth_info *);
|
||||||
static struct sc_pkcs15_df * find_df_by_type(struct sc_pkcs15_card *,
|
static struct sc_pkcs15_df * find_df_by_type(struct sc_pkcs15_card *,
|
||||||
unsigned int);
|
unsigned int);
|
||||||
static int sc_pkcs15init_read_info(struct sc_card *card, struct sc_profile *);
|
static int sc_pkcs15init_read_info(struct sc_card *card, struct sc_profile *);
|
||||||
@ -410,19 +410,20 @@ sc_pkcs15init_set_p15card(struct sc_profile *profile,
|
|||||||
* for every present local User PIN, add to the profile EF list the named PIN path. */
|
* for every present local User PIN, add to the profile EF list the named PIN path. */
|
||||||
nn_objs = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_AUTH_PIN, p15objects, 10);
|
nn_objs = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_AUTH_PIN, p15objects, 10);
|
||||||
for (i = 0; i < nn_objs; i++) {
|
for (i = 0; i < nn_objs; i++) {
|
||||||
struct sc_pkcs15_pin_info *pininfo = (struct sc_pkcs15_pin_info *) p15objects[i]->data;
|
struct sc_pkcs15_auth_info *auth_info = (struct sc_pkcs15_auth_info *) p15objects[i]->data;
|
||||||
|
struct sc_pkcs15_pin_attributes *pin_attrs = &auth_info->attrs.pin;
|
||||||
struct sc_file *file = NULL;
|
struct sc_file *file = NULL;
|
||||||
|
|
||||||
if (pininfo->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
||||||
continue;
|
continue;
|
||||||
if (pininfo->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)
|
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)
|
||||||
continue;
|
continue;
|
||||||
if (!pininfo->path.len)
|
if (!auth_info->path.len)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
r = sc_profile_get_file_by_path(profile, &pininfo->path, &file);
|
r = sc_profile_get_file_by_path(profile, &auth_info->path, &file);
|
||||||
if (r == SC_ERROR_FILE_NOT_FOUND) {
|
if (r == SC_ERROR_FILE_NOT_FOUND) {
|
||||||
if (!sc_select_file(p15card->card, &pininfo->path, &file)) {
|
if (!sc_select_file(p15card->card, &auth_info->path, &file)) {
|
||||||
char pin_name[16];
|
char pin_name[16];
|
||||||
|
|
||||||
sprintf(pin_name, "pin-dir-%02X%02X",
|
sprintf(pin_name, "pin-dir-%02X%02X",
|
||||||
@ -695,7 +696,8 @@ sc_pkcs15init_add_app(struct sc_card *card, struct sc_profile *profile,
|
|||||||
{
|
{
|
||||||
struct sc_context *ctx = card->ctx;
|
struct sc_context *ctx = card->ctx;
|
||||||
struct sc_pkcs15_card *p15card = profile->p15_spec;
|
struct sc_pkcs15_card *p15card = profile->p15_spec;
|
||||||
struct sc_pkcs15_pin_info pin_info, puk_info;
|
struct sc_pkcs15_auth_info pin_ainfo, puk_ainfo;
|
||||||
|
struct sc_pkcs15_pin_attributes *pin_attrs = &pin_ainfo.attrs.pin;
|
||||||
struct sc_pkcs15_object *pin_obj = NULL;
|
struct sc_pkcs15_object *pin_obj = NULL;
|
||||||
struct sc_app_info *app;
|
struct sc_app_info *app;
|
||||||
struct sc_file *df = profile->df_info->file;
|
struct sc_file *df = profile->df_info->file;
|
||||||
@ -717,36 +719,35 @@ sc_pkcs15init_add_app(struct sc_card *card, struct sc_profile *profile,
|
|||||||
if (args->so_pin_len) {
|
if (args->so_pin_len) {
|
||||||
const char *pin_label;
|
const char *pin_label;
|
||||||
|
|
||||||
sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PIN, &pin_info);
|
sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PIN, &pin_ainfo);
|
||||||
r = sc_pkcs15init_qualify_pin(card, "SO PIN", args->so_pin_len, &pin_info);
|
r = sc_pkcs15init_qualify_pin(card, "SO PIN", args->so_pin_len, &pin_ainfo);
|
||||||
LOG_TEST_RET(ctx, r, "Failed to qualify SO PIN");
|
LOG_TEST_RET(ctx, r, "Failed to qualify SO PIN");
|
||||||
|
|
||||||
/* Path encoded only for local SO PIN */
|
/* Path encoded only for local SO PIN */
|
||||||
if (pin_info.flags & SC_PKCS15_PIN_FLAG_LOCAL)
|
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_LOCAL)
|
||||||
pin_info.path = df->path;
|
pin_ainfo.path = df->path;
|
||||||
|
|
||||||
/* Select the PIN reference */
|
/* Select the PIN reference */
|
||||||
if (profile->ops->select_pin_reference) {
|
if (profile->ops->select_pin_reference) {
|
||||||
r = profile->ops->select_pin_reference(profile, p15card, &pin_info);
|
r = profile->ops->select_pin_reference(profile, p15card, &pin_ainfo);
|
||||||
LOG_TEST_RET(ctx, r, "Failed to select card specific PIN reference");
|
LOG_TEST_RET(ctx, r, "Failed to select card specific PIN reference");
|
||||||
}
|
}
|
||||||
|
|
||||||
sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PUK, &puk_info);
|
sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PUK, &puk_ainfo);
|
||||||
r = sc_pkcs15init_qualify_pin(card, "SO PUK", args->so_puk_len, &puk_info);
|
r = sc_pkcs15init_qualify_pin(card, "SO PUK", args->so_puk_len, &puk_ainfo);
|
||||||
LOG_TEST_RET(ctx, r, "Failed to qulify SO PUK");
|
LOG_TEST_RET(ctx, r, "Failed to qulify SO PUK");
|
||||||
|
|
||||||
if (!(pin_label = args->so_pin_label)) {
|
if (!(pin_label = args->so_pin_label)) {
|
||||||
if (pin_info.flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
||||||
pin_label = "Security Officer PIN";
|
pin_label = "Security Officer PIN";
|
||||||
else
|
else
|
||||||
pin_label = "User PIN";
|
pin_label = "User PIN";
|
||||||
}
|
}
|
||||||
|
|
||||||
if (args->so_puk_len == 0)
|
if (args->so_puk_len == 0)
|
||||||
pin_info.flags |= SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED;
|
pin_attrs->flags |= SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED;
|
||||||
|
|
||||||
pin_obj = sc_pkcs15init_new_object(SC_PKCS15_TYPE_AUTH_PIN,
|
pin_obj = sc_pkcs15init_new_object(SC_PKCS15_TYPE_AUTH_PIN, pin_label, NULL, &pin_ainfo);
|
||||||
pin_label, NULL, &pin_info);
|
|
||||||
|
|
||||||
if (pin_obj) {
|
if (pin_obj) {
|
||||||
/* When composing ACLs to create 'DIR' DF,
|
/* When composing ACLs to create 'DIR' DF,
|
||||||
@ -754,9 +755,8 @@ sc_pkcs15init_add_app(struct sc_card *card, struct sc_profile *profile,
|
|||||||
* For this, create a 'virtual' AUTH object 'SO PIN', accessible by the card specific part,
|
* For this, create a 'virtual' AUTH object 'SO PIN', accessible by the card specific part,
|
||||||
* but not yet written into the on-card PKCS#15.
|
* but not yet written into the on-card PKCS#15.
|
||||||
*/
|
*/
|
||||||
sc_log(ctx, "Add virtual SO_PIN('%s',flags:%X,reference:%i,path:'%s')",
|
sc_log(ctx, "Add virtual SO_PIN('%s',flags:%X,reference:%i,path:'%s')", pin_obj->label,
|
||||||
pin_obj->label, pin_info.flags, pin_info.reference,
|
pin_attrs->flags, pin_attrs->reference, sc_print_path(&pin_ainfo.path));
|
||||||
sc_print_path(&pin_info.path));
|
|
||||||
r = sc_pkcs15_add_object(p15card, pin_obj);
|
r = sc_pkcs15_add_object(p15card, pin_obj);
|
||||||
LOG_TEST_RET(ctx, r, "Failed to add 'SOPIN' AUTH object");
|
LOG_TEST_RET(ctx, r, "Failed to add 'SOPIN' AUTH object");
|
||||||
}
|
}
|
||||||
@ -860,7 +860,7 @@ sc_pkcs15init_store_puk(struct sc_pkcs15_card *p15card,
|
|||||||
{
|
{
|
||||||
struct sc_context *ctx = p15card->card->ctx;
|
struct sc_context *ctx = p15card->card->ctx;
|
||||||
struct sc_pkcs15_object *pin_obj;
|
struct sc_pkcs15_object *pin_obj;
|
||||||
struct sc_pkcs15_pin_info *pin_info;
|
struct sc_pkcs15_auth_info *auth_info;
|
||||||
int r;
|
int r;
|
||||||
char puk_label[0x30];
|
char puk_label[0x30];
|
||||||
|
|
||||||
@ -891,10 +891,10 @@ sc_pkcs15init_store_puk(struct sc_pkcs15_card *p15card,
|
|||||||
if (pin_obj == NULL)
|
if (pin_obj == NULL)
|
||||||
LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot allocate PIN object");
|
LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot allocate PIN object");
|
||||||
|
|
||||||
pin_info = (struct sc_pkcs15_pin_info *) pin_obj->data;
|
auth_info = (struct sc_pkcs15_auth_info *) pin_obj->data;
|
||||||
|
|
||||||
sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PUK, pin_info);
|
sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PUK, auth_info);
|
||||||
pin_info->auth_id = args->puk_id;
|
auth_info->auth_id = args->puk_id;
|
||||||
|
|
||||||
/* Now store the PINs */
|
/* Now store the PINs */
|
||||||
if (profile->ops->create_pin)
|
if (profile->ops->create_pin)
|
||||||
@ -914,13 +914,12 @@ sc_pkcs15init_store_puk(struct sc_pkcs15_card *p15card,
|
|||||||
|
|
||||||
|
|
||||||
int
|
int
|
||||||
sc_pkcs15init_store_pin(struct sc_pkcs15_card *p15card,
|
sc_pkcs15init_store_pin(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
|
||||||
struct sc_profile *profile,
|
|
||||||
struct sc_pkcs15init_pinargs *args)
|
struct sc_pkcs15init_pinargs *args)
|
||||||
{
|
{
|
||||||
struct sc_context *ctx = p15card->card->ctx;
|
struct sc_context *ctx = p15card->card->ctx;
|
||||||
struct sc_pkcs15_object *pin_obj;
|
struct sc_pkcs15_object *pin_obj;
|
||||||
struct sc_pkcs15_pin_info *pin_info;
|
struct sc_pkcs15_auth_info *auth_info;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
LOG_FUNC_CALLED(ctx);
|
LOG_FUNC_CALLED(ctx);
|
||||||
@ -949,13 +948,13 @@ sc_pkcs15init_store_pin(struct sc_pkcs15_card *p15card,
|
|||||||
if (pin_obj == NULL)
|
if (pin_obj == NULL)
|
||||||
LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot allocate PIN object");
|
LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot allocate PIN object");
|
||||||
|
|
||||||
pin_info = (struct sc_pkcs15_pin_info *) pin_obj->data;
|
auth_info = (struct sc_pkcs15_auth_info *) pin_obj->data;
|
||||||
|
|
||||||
sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PIN, pin_info);
|
sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PIN, auth_info);
|
||||||
pin_info->auth_id = args->auth_id;
|
auth_info->auth_id = args->auth_id;
|
||||||
|
|
||||||
/* Now store the PINs */
|
/* Now store the PINs */
|
||||||
sc_log(ctx, "Store PIN(%s,authID:%s)", pin_obj->label, sc_pkcs15_print_id(&pin_info->auth_id));
|
sc_log(ctx, "Store PIN(%s,authID:%s)", pin_obj->label, sc_pkcs15_print_id(&auth_info->auth_id));
|
||||||
r = sc_pkcs15init_create_pin(p15card, profile, pin_obj, args);
|
r = sc_pkcs15init_create_pin(p15card, profile, pin_obj, args);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
sc_pkcs15_free_object(pin_obj);
|
sc_pkcs15_free_object(pin_obj);
|
||||||
@ -982,7 +981,8 @@ sc_pkcs15init_create_pin(struct sc_pkcs15_card *p15card,
|
|||||||
struct sc_pkcs15init_pinargs *args)
|
struct sc_pkcs15init_pinargs *args)
|
||||||
{
|
{
|
||||||
struct sc_context *ctx = p15card->card->ctx;
|
struct sc_context *ctx = p15card->card->ctx;
|
||||||
struct sc_pkcs15_pin_info *pin_info = (struct sc_pkcs15_pin_info *) pin_obj->data;
|
struct sc_pkcs15_auth_info *auth_info = (struct sc_pkcs15_auth_info *) pin_obj->data;
|
||||||
|
struct sc_pkcs15_pin_attributes *pin_attrs = &auth_info->attrs.pin;
|
||||||
struct sc_file *df = profile->df_info->file;
|
struct sc_file *df = profile->df_info->file;
|
||||||
int r, retry = 0;
|
int r, retry = 0;
|
||||||
|
|
||||||
@ -995,27 +995,26 @@ sc_pkcs15init_create_pin(struct sc_pkcs15_card *p15card,
|
|||||||
if (!profile->ops->create_domain)
|
if (!profile->ops->create_domain)
|
||||||
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "PIN domains not supported.");
|
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "PIN domains not supported.");
|
||||||
|
|
||||||
r = profile->ops->create_domain(profile, p15card, &pin_info->auth_id, &df);
|
r = profile->ops->create_domain(profile, p15card, &auth_info->auth_id, &df);
|
||||||
LOG_TEST_RET(ctx, r, "Card specific create domain failed");
|
LOG_TEST_RET(ctx, r, "Card specific create domain failed");
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Path encoded only for local PINs */
|
/* Path encoded only for local PINs */
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_LOCAL)
|
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_LOCAL)
|
||||||
pin_info->path = df->path;
|
auth_info->path = df->path;
|
||||||
|
|
||||||
/* pin_info->reference = 0; */
|
/* pin_info->reference = 0; */
|
||||||
|
|
||||||
/* Loop until we come up with an acceptable pin reference */
|
/* Loop until we come up with an acceptable pin reference */
|
||||||
while (1) {
|
while (1) {
|
||||||
if (profile->ops->select_pin_reference) {
|
if (profile->ops->select_pin_reference) {
|
||||||
r = profile->ops->select_pin_reference(profile, p15card, pin_info);
|
r = profile->ops->select_pin_reference(profile, p15card, auth_info);
|
||||||
LOG_TEST_RET(ctx, r, "Card specific select PIN reference failed");
|
LOG_TEST_RET(ctx, r, "Card specific select PIN reference failed");
|
||||||
|
|
||||||
retry = 1;
|
retry = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
r = sc_pkcs15_find_pin_by_reference(p15card, &pin_info->path,
|
r = sc_pkcs15_find_pin_by_reference(p15card, &auth_info->path, pin_attrs->reference, NULL);
|
||||||
pin_info->reference, NULL);
|
|
||||||
if (r == SC_ERROR_OBJECT_NOT_FOUND)
|
if (r == SC_ERROR_OBJECT_NOT_FOUND)
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -1023,14 +1022,14 @@ sc_pkcs15init_create_pin(struct sc_pkcs15_card *p15card,
|
|||||||
/* Other error trying to retrieve pin obj */
|
/* Other error trying to retrieve pin obj */
|
||||||
LOG_TEST_RET(ctx, SC_ERROR_TOO_MANY_OBJECTS, "Failed to allocate PIN reference.");
|
LOG_TEST_RET(ctx, SC_ERROR_TOO_MANY_OBJECTS, "Failed to allocate PIN reference.");
|
||||||
|
|
||||||
pin_info->reference++;
|
pin_attrs->reference++;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (args->puk_len == 0)
|
if (args->puk_len == 0)
|
||||||
pin_info->flags |= SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED;
|
pin_attrs->flags |= SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED;
|
||||||
|
|
||||||
sc_log(ctx, "create PIN with reference:%X, flags:%X, path:%s",
|
sc_log(ctx, "create PIN with reference:%X, flags:%X, path:%s",
|
||||||
pin_info->reference, pin_info->flags, sc_print_path(&pin_info->path));
|
pin_attrs->reference, pin_attrs->flags, sc_print_path(&auth_info->path));
|
||||||
r = profile->ops->create_pin(profile, p15card,
|
r = profile->ops->create_pin(profile, p15card,
|
||||||
df, pin_obj,
|
df, pin_obj,
|
||||||
args->pin, args->pin_len,
|
args->pin, args->pin_len,
|
||||||
@ -1634,7 +1633,7 @@ sc_pkcs15init_get_pin_reference(struct sc_pkcs15_card *p15card,
|
|||||||
struct sc_profile *profile, unsigned auth_method, int reference)
|
struct sc_profile *profile, unsigned auth_method, int reference)
|
||||||
{
|
{
|
||||||
struct sc_context *ctx = p15card->card->ctx;
|
struct sc_context *ctx = p15card->card->ctx;
|
||||||
struct sc_pkcs15_pin_info pinfo;
|
struct sc_pkcs15_auth_info auth_info;
|
||||||
struct sc_pkcs15_object *auth_objs[0x10];
|
struct sc_pkcs15_object *auth_objs[0x10];
|
||||||
int r, ii, nn_objs;
|
int r, ii, nn_objs;
|
||||||
|
|
||||||
@ -1650,14 +1649,15 @@ sc_pkcs15init_get_pin_reference(struct sc_pkcs15_card *p15card,
|
|||||||
sc_log(ctx, "found %i auth objects; looking for AUTH object(auth_method:%i,reference:%i)",
|
sc_log(ctx, "found %i auth objects; looking for AUTH object(auth_method:%i,reference:%i)",
|
||||||
nn_objs, auth_method, reference);
|
nn_objs, auth_method, reference);
|
||||||
for (ii=0; ii<nn_objs; ii++) {
|
for (ii=0; ii<nn_objs; ii++) {
|
||||||
struct sc_pkcs15_pin_info *pin_info = (struct sc_pkcs15_pin_info *)auth_objs[ii]->data;
|
struct sc_pkcs15_auth_info *auth_info = (struct sc_pkcs15_auth_info *)auth_objs[ii]->data;
|
||||||
|
struct sc_pkcs15_pin_attributes *pin_attrs = &auth_info->attrs.pin;
|
||||||
|
|
||||||
sc_log(ctx, "check PIN(%s,auth_method:%i,type:%i,reference:%i,flags:%X)",
|
sc_log(ctx, "check PIN(%s,auth_method:%i,type:%i,reference:%i,flags:%X)",
|
||||||
auth_objs[ii]->label, pin_info->auth_method, pin_info->type,
|
auth_objs[ii]->label, auth_info->auth_method, pin_attrs->type,
|
||||||
pin_info->reference, pin_info->flags);
|
pin_attrs->reference, pin_attrs->flags);
|
||||||
/* Find out if there is AUTH pkcs15 object with given 'type' and 'reference' */
|
/* Find out if there is AUTH pkcs15 object with given 'type' and 'reference' */
|
||||||
if (pin_info->auth_method == auth_method && pin_info->reference == reference)
|
if (auth_info->auth_method == auth_method && pin_attrs->reference == reference)
|
||||||
LOG_FUNC_RETURN(ctx, pin_info->reference);
|
LOG_FUNC_RETURN(ctx, pin_attrs->reference);
|
||||||
|
|
||||||
if (auth_method != SC_AC_SYMBOLIC)
|
if (auth_method != SC_AC_SYMBOLIC)
|
||||||
continue;
|
continue;
|
||||||
@ -1666,44 +1666,44 @@ sc_pkcs15init_get_pin_reference(struct sc_pkcs15_card *p15card,
|
|||||||
* and check for the existing pkcs15 PIN object with these flags. */
|
* and check for the existing pkcs15 PIN object with these flags. */
|
||||||
switch (reference) {
|
switch (reference) {
|
||||||
case SC_PKCS15INIT_USER_PIN:
|
case SC_PKCS15INIT_USER_PIN:
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
||||||
continue;
|
continue;
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)
|
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)
|
||||||
continue;
|
continue;
|
||||||
break;
|
break;
|
||||||
case SC_PKCS15INIT_SO_PIN:
|
case SC_PKCS15INIT_SO_PIN:
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)
|
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)
|
||||||
continue;
|
continue;
|
||||||
if (!(pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN))
|
if (!(pin_attrs->flags & SC_PKCS15_PIN_FLAG_SO_PIN))
|
||||||
continue;
|
continue;
|
||||||
break;
|
break;
|
||||||
case SC_PKCS15INIT_USER_PUK:
|
case SC_PKCS15INIT_USER_PUK:
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
||||||
continue;
|
continue;
|
||||||
if (!(pin_info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN))
|
if (!(pin_attrs->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN))
|
||||||
continue;
|
continue;
|
||||||
break;
|
break;
|
||||||
case SC_PKCS15INIT_SO_PUK:
|
case SC_PKCS15INIT_SO_PUK:
|
||||||
if (!(pin_info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN))
|
if (!(pin_attrs->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN))
|
||||||
continue;
|
continue;
|
||||||
if (!(pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN))
|
if (!(pin_attrs->flags & SC_PKCS15_PIN_FLAG_SO_PIN))
|
||||||
continue;
|
continue;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Invalid Symbolic PIN reference");
|
LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Invalid Symbolic PIN reference");
|
||||||
}
|
}
|
||||||
|
|
||||||
LOG_FUNC_RETURN(ctx, pin_info->reference);
|
LOG_FUNC_RETURN(ctx, pin_attrs->reference);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* 2. No existing pkcs15 PIN object
|
/* 2. No existing pkcs15 PIN object
|
||||||
* -- check if profile defines some PIN with 'reference' as PIN reference. */
|
* -- check if profile defines some PIN with 'reference' as PIN reference. */
|
||||||
r = sc_profile_get_pin_id_by_reference(profile, auth_method, reference, &pinfo);
|
r = sc_profile_get_pin_id_by_reference(profile, auth_method, reference, &auth_info);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
LOG_TEST_RET(ctx, SC_ERROR_OBJECT_NOT_FOUND, "PIN template not found");
|
LOG_TEST_RET(ctx, SC_ERROR_OBJECT_NOT_FOUND, "PIN template not found");
|
||||||
|
|
||||||
LOG_FUNC_RETURN(ctx, pinfo.reference);
|
LOG_FUNC_RETURN(ctx, auth_info.attrs.pin.reference);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -2251,7 +2251,7 @@ get_object_path_from_object (struct sc_pkcs15_object *obj,
|
|||||||
*ret_path = ((struct sc_pkcs15_data_info *)obj->data)->path;
|
*ret_path = ((struct sc_pkcs15_data_info *)obj->data)->path;
|
||||||
return SC_SUCCESS;
|
return SC_SUCCESS;
|
||||||
case SC_PKCS15_TYPE_AUTH:
|
case SC_PKCS15_TYPE_AUTH:
|
||||||
*ret_path = ((struct sc_pkcs15_pin_info *)obj->data)->path;
|
*ret_path = ((struct sc_pkcs15_auth_info *)obj->data)->path;
|
||||||
return SC_SUCCESS;
|
return SC_SUCCESS;
|
||||||
}
|
}
|
||||||
return SC_ERROR_NOT_SUPPORTED;
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
@ -2608,7 +2608,7 @@ sc_pkcs15init_new_object(int type, const char *label, struct sc_pkcs15_id *auth_
|
|||||||
switch (type & SC_PKCS15_TYPE_CLASS_MASK) {
|
switch (type & SC_PKCS15_TYPE_CLASS_MASK) {
|
||||||
case SC_PKCS15_TYPE_AUTH:
|
case SC_PKCS15_TYPE_AUTH:
|
||||||
object->flags = DEFAULT_PIN_FLAGS;
|
object->flags = DEFAULT_PIN_FLAGS;
|
||||||
data_size = sizeof(struct sc_pkcs15_pin_info);
|
data_size = sizeof(struct sc_pkcs15_auth_info);
|
||||||
break;
|
break;
|
||||||
case SC_PKCS15_TYPE_PRKEY:
|
case SC_PKCS15_TYPE_PRKEY:
|
||||||
object->flags = DEFAULT_PRKEY_FLAGS;
|
object->flags = DEFAULT_PRKEY_FLAGS;
|
||||||
@ -2949,7 +2949,7 @@ sc_pkcs15init_get_transport_key(struct sc_profile *profile, struct sc_pkcs15_car
|
|||||||
{
|
{
|
||||||
struct sc_context *ctx = p15card->card->ctx;
|
struct sc_context *ctx = p15card->card->ctx;
|
||||||
struct sc_pkcs15_object *pin_obj = NULL;
|
struct sc_pkcs15_object *pin_obj = NULL;
|
||||||
struct sc_pkcs15_pin_info pin_info;
|
struct sc_pkcs15_auth_info auth_info;
|
||||||
struct sc_cardctl_default_key data;
|
struct sc_cardctl_default_key data;
|
||||||
size_t defsize = 0;
|
size_t defsize = 0;
|
||||||
unsigned char defbuf[0x100];
|
unsigned char defbuf[0x100];
|
||||||
@ -2976,15 +2976,15 @@ sc_pkcs15init_get_transport_key(struct sc_profile *profile, struct sc_pkcs15_car
|
|||||||
*pinsize = data.len;
|
*pinsize = data.len;
|
||||||
}
|
}
|
||||||
|
|
||||||
memset(&pin_info, 0, sizeof(pin_info));
|
memset(&auth_info, 0, sizeof(auth_info));
|
||||||
pin_info.auth_method = type;
|
auth_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
||||||
pin_info.reference = reference;
|
auth_info.auth_method = type;
|
||||||
pin_info.stored_length = *pinsize;
|
auth_info.attrs.pin.reference = reference;
|
||||||
pin_info.max_length = *pinsize;
|
auth_info.attrs.pin.stored_length = *pinsize;
|
||||||
pin_info.min_length = *pinsize;
|
auth_info.attrs.pin.max_length = *pinsize;
|
||||||
pin_info.magic = SC_PKCS15_PIN_MAGIC;
|
auth_info.attrs.pin.min_length = *pinsize;
|
||||||
|
|
||||||
pin_obj = sc_pkcs15init_new_object(SC_PKCS15_TYPE_AUTH_PIN, "Default transport key", NULL, &pin_info);
|
pin_obj = sc_pkcs15init_new_object(SC_PKCS15_TYPE_AUTH_PIN, "Default transport key", NULL, &auth_info);
|
||||||
if (!pin_obj)
|
if (!pin_obj)
|
||||||
LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot allocate AUTH object");
|
LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot allocate AUTH object");
|
||||||
|
|
||||||
@ -3006,7 +3006,7 @@ sc_pkcs15init_verify_secret(struct sc_profile *profile, struct sc_pkcs15_card *p
|
|||||||
{
|
{
|
||||||
struct sc_context *ctx = p15card->card->ctx;
|
struct sc_context *ctx = p15card->card->ctx;
|
||||||
struct sc_pkcs15_object *pin_obj = NULL;
|
struct sc_pkcs15_object *pin_obj = NULL;
|
||||||
struct sc_pkcs15_pin_info pin_info;
|
struct sc_pkcs15_auth_info auth_info;
|
||||||
struct sc_path *path;
|
struct sc_path *path;
|
||||||
int r, use_pinpad = 0, pin_id = -1;
|
int r, use_pinpad = 0, pin_id = -1;
|
||||||
const char *ident, *label = NULL;
|
const char *ident, *label = NULL;
|
||||||
@ -3032,9 +3032,10 @@ sc_pkcs15init_verify_secret(struct sc_profile *profile, struct sc_pkcs15_card *p
|
|||||||
LOG_TEST_RET(ctx, r, "Card CTL error: cannot get CHV reference");
|
LOG_TEST_RET(ctx, r, "Card CTL error: cannot get CHV reference");
|
||||||
}
|
}
|
||||||
|
|
||||||
memset(&pin_info, 0, sizeof(pin_info));
|
memset(&auth_info, 0, sizeof(auth_info));
|
||||||
pin_info.auth_method = type;
|
auth_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
||||||
pin_info.reference = reference;
|
auth_info.auth_method = type;
|
||||||
|
auth_info.attrs.pin.reference = reference;
|
||||||
|
|
||||||
pin_id = sc_pkcs15init_get_pin_reference(p15card, profile, type, reference);
|
pin_id = sc_pkcs15init_get_pin_reference(p15card, profile, type, reference);
|
||||||
sc_log(ctx, "found PIN reference %i", pin_id);
|
sc_log(ctx, "found PIN reference %i", pin_id);
|
||||||
@ -3062,7 +3063,7 @@ sc_pkcs15init_verify_secret(struct sc_profile *profile, struct sc_pkcs15_card *p
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (!r && pin_obj) {
|
if (!r && pin_obj) {
|
||||||
memcpy(&pin_info, pin_obj->data, sizeof(pin_info));
|
memcpy(&auth_info, pin_obj->data, sizeof(auth_info));
|
||||||
sc_log(ctx, "found PIN object '%s'", pin_obj->label);
|
sc_log(ctx, "found PIN object '%s'", pin_obj->label);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -3085,7 +3086,7 @@ sc_pkcs15init_verify_secret(struct sc_profile *profile, struct sc_pkcs15_card *p
|
|||||||
switch (type) {
|
switch (type) {
|
||||||
case SC_AC_CHV:
|
case SC_AC_CHV:
|
||||||
if (callbacks.get_pin) {
|
if (callbacks.get_pin) {
|
||||||
r = callbacks.get_pin(profile, pin_id, &pin_info, label, pinbuf, &pinsize);
|
r = callbacks.get_pin(profile, pin_id, &auth_info, label, pinbuf, &pinsize);
|
||||||
sc_log(ctx, "'get_pin' callback returned %i; pinsize:%i", r, pinsize);
|
sc_log(ctx, "'get_pin' callback returned %i; pinsize:%i", r, pinsize);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
@ -3467,14 +3468,13 @@ sc_pkcs15init_get_pin_path(struct sc_pkcs15_card *p15card,
|
|||||||
r = sc_pkcs15_find_pin_by_auth_id(p15card, auth_id, &obj);
|
r = sc_pkcs15_find_pin_by_auth_id(p15card, auth_id, &obj);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
*path = ((struct sc_pkcs15_pin_info *) obj->data)->path;
|
*path = ((struct sc_pkcs15_auth_info *) obj->data)->path;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int
|
int
|
||||||
sc_pkcs15init_get_pin_info(struct sc_profile *profile,
|
sc_pkcs15init_get_pin_info(struct sc_profile *profile, int id, struct sc_pkcs15_auth_info *pin)
|
||||||
int id, struct sc_pkcs15_pin_info *pin)
|
|
||||||
{
|
{
|
||||||
sc_profile_get_pin_info(profile, id, pin);
|
sc_profile_get_pin_info(profile, id, pin);
|
||||||
return 0;
|
return 0;
|
||||||
@ -3526,16 +3526,22 @@ sc_pkcs15init_sanity_check(struct sc_pkcs15_card *p15card, struct sc_profile *pr
|
|||||||
|
|
||||||
static int
|
static int
|
||||||
sc_pkcs15init_qualify_pin(struct sc_card *card, const char *pin_name,
|
sc_pkcs15init_qualify_pin(struct sc_card *card, const char *pin_name,
|
||||||
unsigned int pin_len, struct sc_pkcs15_pin_info *pin_info)
|
unsigned int pin_len, struct sc_pkcs15_auth_info *auth_info)
|
||||||
{
|
{
|
||||||
if (pin_len == 0)
|
struct sc_context *ctx = card->ctx;
|
||||||
|
struct sc_pkcs15_pin_attributes *pin_attrs;
|
||||||
|
|
||||||
|
if (pin_len == 0 || auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
return 0;
|
return 0;
|
||||||
if (pin_len < pin_info->min_length) {
|
|
||||||
sc_log(card->ctx, "%s too short (min length %u)", pin_name, pin_info->min_length);
|
pin_attrs = &auth_info->attrs.pin;
|
||||||
|
|
||||||
|
if (pin_len < pin_attrs->min_length) {
|
||||||
|
sc_log(ctx, "%s too short (min length %u)", pin_name, pin_attrs->min_length);
|
||||||
return SC_ERROR_WRONG_LENGTH;
|
return SC_ERROR_WRONG_LENGTH;
|
||||||
}
|
}
|
||||||
if (pin_len > pin_info->max_length) {
|
if (pin_len > pin_attrs->max_length) {
|
||||||
sc_log(card->ctx, "%s too long (max length %u)", pin_name, pin_info->max_length);
|
sc_log(ctx, "%s too long (max length %u)", pin_name, pin_attrs->max_length);
|
||||||
return SC_ERROR_WRONG_LENGTH;
|
return SC_ERROR_WRONG_LENGTH;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -3704,7 +3710,7 @@ sc_pkcs15init_write_info(struct sc_pkcs15_card *p15card,
|
|||||||
|
|
||||||
if (pin_obj != NULL) {
|
if (pin_obj != NULL) {
|
||||||
method = SC_AC_CHV;
|
method = SC_AC_CHV;
|
||||||
key_ref = ((struct sc_pkcs15_pin_info *) pin_obj->data)->reference;
|
key_ref = ((struct sc_pkcs15_auth_info *) pin_obj->data)->attrs.pin.reference;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
method = SC_AC_NONE; /* Unprotected */
|
method = SC_AC_NONE; /* Unprotected */
|
||||||
|
@ -136,11 +136,13 @@ miocos_create_dir(struct sc_profile *profile, sc_pkcs15_card_t *p15card,
|
|||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
miocos_select_pin_reference(struct sc_profile *profile, sc_pkcs15_card_t *p15card,
|
miocos_select_pin_reference(struct sc_profile *profile, sc_pkcs15_card_t *p15card,
|
||||||
struct sc_pkcs15_pin_info *pin_info)
|
struct sc_pkcs15_auth_info *auth_info)
|
||||||
{
|
{
|
||||||
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_OBJECT_NOT_VALID;
|
||||||
|
|
||||||
if (pin_info->reference < MIOCOS_PIN_ID_MIN)
|
if (auth_info->attrs.pin.reference < MIOCOS_PIN_ID_MIN)
|
||||||
pin_info->reference = MIOCOS_PIN_ID_MIN;
|
auth_info->attrs.pin.reference = MIOCOS_PIN_ID_MIN;
|
||||||
|
|
||||||
return SC_SUCCESS;
|
return SC_SUCCESS;
|
||||||
}
|
}
|
||||||
@ -155,22 +157,23 @@ miocos_create_pin(struct sc_profile *profile, sc_pkcs15_card_t *p15card, struct
|
|||||||
const u8 *puk, size_t puk_len)
|
const u8 *puk, size_t puk_len)
|
||||||
{
|
{
|
||||||
struct sc_context *ctx = p15card->card->ctx;
|
struct sc_context *ctx = p15card->card->ctx;
|
||||||
struct sc_pkcs15_pin_info *pin_info = (struct sc_pkcs15_pin_info *)pin_obj->data;
|
struct sc_pkcs15_auth_info *auth_info = (struct sc_pkcs15_auth_info *)pin_obj->data;
|
||||||
struct sc_pkcs15_pin_info tmpinfo;
|
struct sc_pkcs15_pin_attributes *pin_attrs = &auth_info->attrs.pin;
|
||||||
|
struct sc_pkcs15_auth_info tmpinfo;
|
||||||
struct sc_cardctl_miocos_ac_info ac_info;
|
struct sc_cardctl_miocos_ac_info ac_info;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
|
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
|
||||||
/* Ignore SOPIN */
|
/* Ignore SOPIN */
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
||||||
return SC_SUCCESS;
|
return SC_SUCCESS;
|
||||||
|
|
||||||
pin_info->path = profile->df_info->file->path;
|
auth_info->path = profile->df_info->file->path;
|
||||||
r = sc_select_file(p15card->card, &pin_info->path, NULL);
|
r = sc_select_file(p15card->card, &auth_info->path, NULL);
|
||||||
if (r)
|
if (r)
|
||||||
return r;
|
return r;
|
||||||
memset(&ac_info, 0, sizeof(ac_info));
|
memset(&ac_info, 0, sizeof(ac_info));
|
||||||
ac_info.ref = pin_info->reference;
|
ac_info.ref = pin_attrs->reference;
|
||||||
sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PIN, &tmpinfo);
|
sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PIN, &tmpinfo);
|
||||||
ac_info.max_tries = tmpinfo.tries_left;
|
ac_info.max_tries = tmpinfo.tries_left;
|
||||||
sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PUK, &tmpinfo);
|
sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PUK, &tmpinfo);
|
||||||
|
@ -92,33 +92,38 @@ muscle_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||||||
const unsigned char *puk, size_t puk_len)
|
const unsigned char *puk, size_t puk_len)
|
||||||
{
|
{
|
||||||
sc_file_t *file;
|
sc_file_t *file;
|
||||||
sc_pkcs15_pin_info_t *pin_info = (sc_pkcs15_pin_info_t *) pin_obj->data;
|
sc_pkcs15_auth_info_t *auth_info = (sc_pkcs15_auth_info_t *) pin_obj->data;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
if ((r = sc_select_file(p15card->card, &df->path, &file)) < 0)
|
if ((r = sc_select_file(p15card->card, &df->path, &file)) < 0)
|
||||||
return r;
|
return r;
|
||||||
if ((r = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_WRITE)) < 0)
|
if ((r = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_WRITE)) < 0)
|
||||||
return r;
|
return r;
|
||||||
pin_info->flags &= ~SC_PKCS15_PIN_FLAG_LOCAL;
|
|
||||||
|
auth_info->attrs.pin.flags &= ~SC_PKCS15_PIN_FLAG_LOCAL;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
muscle_select_pin_reference(sc_profile_t *profike, sc_pkcs15_card_t *p15card,
|
muscle_select_pin_reference(sc_profile_t *profike, sc_pkcs15_card_t *p15card,
|
||||||
sc_pkcs15_pin_info_t *pin_info)
|
sc_pkcs15_auth_info_t *auth_info)
|
||||||
{
|
{
|
||||||
int preferred;
|
int preferred;
|
||||||
|
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_OBJECT_NOT_VALID;
|
||||||
|
|
||||||
|
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
||||||
preferred = 0;
|
preferred = 0;
|
||||||
} else {
|
} else {
|
||||||
preferred = 1;
|
preferred = 1;
|
||||||
}
|
}
|
||||||
if (pin_info->reference <= preferred) {
|
if (auth_info->attrs.pin.reference <= preferred) {
|
||||||
pin_info->reference = preferred;
|
auth_info->attrs.pin.reference = preferred;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (pin_info->reference > 2)
|
if (auth_info->attrs.pin.reference > 2)
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
|
|
||||||
/* Caller, please select a different PIN reference */
|
/* Caller, please select a different PIN reference */
|
||||||
|
@ -246,25 +246,29 @@ myeid_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df
|
|||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
myeid_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
myeid_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
||||||
sc_pkcs15_pin_info_t *pin_info)
|
sc_pkcs15_auth_info_t *auth_info)
|
||||||
{
|
{
|
||||||
SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE);
|
SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE);
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
|
||||||
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_OBJECT_NOT_VALID;
|
||||||
|
|
||||||
|
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
||||||
{
|
{
|
||||||
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL,
|
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL,
|
||||||
"PIN_FLAG_SO_PIN, ref (%d), tries_left (%d)",
|
"PIN_FLAG_SO_PIN, ref (%d), tries_left (%d)",
|
||||||
pin_info->reference,pin_info->tries_left);
|
auth_info->attrs.pin.reference, auth_info->tries_left);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL,
|
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL,
|
||||||
"PIN_FLAG_PIN, ref (%d), tries_left (%d)",
|
"PIN_FLAG_PIN, ref (%d), tries_left (%d)",
|
||||||
pin_info->reference, pin_info->tries_left);
|
auth_info->attrs.pin.reference, auth_info->tries_left);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (pin_info->reference <= 0 || pin_info->reference > MYEID_MAX_PINS)
|
if (auth_info->attrs.pin.reference <= 0 || auth_info->attrs.pin.reference > MYEID_MAX_PINS)
|
||||||
pin_info->reference = 1;
|
auth_info->attrs.pin.reference = 1;
|
||||||
|
|
||||||
SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, 0);
|
SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, 0);
|
||||||
}
|
}
|
||||||
@ -281,41 +285,43 @@ myeid_create_pin(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||||||
struct sc_context *ctx = p15card->card->ctx;
|
struct sc_context *ctx = p15card->card->ctx;
|
||||||
unsigned char data[20];
|
unsigned char data[20];
|
||||||
struct sc_cardctl_myeid_data_obj data_obj;
|
struct sc_cardctl_myeid_data_obj data_obj;
|
||||||
struct sc_pkcs15_pin_info *pin_info = (struct sc_pkcs15_pin_info *)pin_obj->data;
|
struct sc_pkcs15_auth_info *auth_info = (struct sc_pkcs15_auth_info *)pin_obj->data;
|
||||||
struct sc_pkcs15_pin_info puk_info;
|
struct sc_pkcs15_auth_info puk_ainfo;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
|
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
|
||||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "PIN('%s',ref:%i,flags:0x%X,pin_len:%d,puk_len:%d)\n",
|
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "PIN('%s',ref:%i,flags:0x%X,pin_len:%d,puk_len:%d)\n",
|
||||||
pin_obj->label, pin_info->reference, pin_info->flags, pin_len, puk_len);
|
pin_obj->label, auth_info->attrs.pin.reference, auth_info->attrs.pin.flags, pin_len, puk_len);
|
||||||
|
|
||||||
if (pin_info->reference >= MYEID_MAX_PINS)
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_OBJECT_NOT_VALID;
|
||||||
|
if (auth_info->attrs.pin.reference >= MYEID_MAX_PINS)
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
if (pin == NULL || puk == NULL || pin_len < 4 || puk_len < 4)
|
if (pin == NULL || puk == NULL || pin_len < 4 || puk_len < 4)
|
||||||
return SC_ERROR_INVALID_PIN_LENGTH;
|
return SC_ERROR_INVALID_PIN_LENGTH;
|
||||||
|
|
||||||
sc_profile_get_pin_info(profile, (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
sc_profile_get_pin_info(profile, (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
||||||
? SC_PKCS15INIT_SO_PUK : SC_PKCS15INIT_USER_PUK,
|
? SC_PKCS15INIT_SO_PUK : SC_PKCS15INIT_USER_PUK,
|
||||||
&puk_info);
|
&puk_ainfo);
|
||||||
|
|
||||||
memset(data, 0, sizeof(data));
|
memset(data, 0, sizeof(data));
|
||||||
/* Make command to add a pin-record */
|
/* Make command to add a pin-record */
|
||||||
data_obj.P1 = 0x01;
|
data_obj.P1 = 0x01;
|
||||||
data_obj.P2 = pin_info->reference; /* myeid pin number */
|
data_obj.P2 = auth_info->attrs.pin.reference; /* myeid pin number */
|
||||||
|
|
||||||
memset(data, pin_info->pad_char, 8);
|
memset(data, auth_info->attrs.pin.pad_char, 8);
|
||||||
memcpy(&data[0], (u8 *)pin, pin_len); /* copy pin */
|
memcpy(&data[0], (u8 *)pin, pin_len); /* copy pin */
|
||||||
|
|
||||||
memset(&data[8], puk_info.pad_char, 8);
|
memset(&data[8], puk_ainfo.attrs.pin.pad_char, 8);
|
||||||
memcpy(&data[8], (u8 *)puk, puk_len); /* copy puk */
|
memcpy(&data[8], (u8 *)puk, puk_len); /* copy puk */
|
||||||
|
|
||||||
if(pin_info->tries_left > 0 && pin_info->tries_left < 15)
|
if(auth_info->tries_left > 0 && auth_info->tries_left < 15)
|
||||||
data[16] = pin_info->tries_left;
|
data[16] = auth_info->tries_left;
|
||||||
else
|
else
|
||||||
data[16] = 5; /* default value */
|
data[16] = 5; /* default value */
|
||||||
|
|
||||||
if(puk_info.tries_left > 0 && puk_info.tries_left < 15)
|
if(puk_ainfo.tries_left > 0 && puk_ainfo.tries_left < 15)
|
||||||
data[17] = puk_info.tries_left;
|
data[17] = puk_ainfo.tries_left;
|
||||||
else
|
else
|
||||||
data[17] = 5; /* default value */
|
data[17] = 5; /* default value */
|
||||||
|
|
||||||
|
@ -53,10 +53,10 @@
|
|||||||
#define COSM_TOKEN_FLAG_TOKEN_INITIALIZED 0x0400
|
#define COSM_TOKEN_FLAG_TOKEN_INITIALIZED 0x0400
|
||||||
|
|
||||||
static int cosm_create_reference_data(struct sc_profile *, struct sc_pkcs15_card *,
|
static int cosm_create_reference_data(struct sc_profile *, struct sc_pkcs15_card *,
|
||||||
struct sc_pkcs15_pin_info *, const unsigned char *, size_t,
|
struct sc_pkcs15_auth_info *, const unsigned char *, size_t,
|
||||||
const unsigned char *, size_t);
|
const unsigned char *, size_t);
|
||||||
static int cosm_update_pin(struct sc_profile *, struct sc_pkcs15_card *,
|
static int cosm_update_pin(struct sc_profile *, struct sc_pkcs15_card *,
|
||||||
struct sc_pkcs15_pin_info *, const unsigned char *, size_t,
|
struct sc_pkcs15_auth_info *, const unsigned char *, size_t,
|
||||||
const unsigned char *, size_t);
|
const unsigned char *, size_t);
|
||||||
|
|
||||||
static int
|
static int
|
||||||
@ -269,14 +269,13 @@ cosm_create_dir(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||||||
|
|
||||||
static int
|
static int
|
||||||
cosm_create_reference_data(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
cosm_create_reference_data(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
||||||
struct sc_pkcs15_pin_info *pinfo,
|
struct sc_pkcs15_auth_info *ainfo,
|
||||||
const unsigned char *pin, size_t pin_len,
|
const unsigned char *pin, size_t pin_len,
|
||||||
const unsigned char *puk, size_t puk_len )
|
const unsigned char *puk, size_t puk_len )
|
||||||
{
|
{
|
||||||
struct sc_context *ctx = p15card->card->ctx;
|
struct sc_context *ctx = p15card->card->ctx;
|
||||||
struct sc_card *card = p15card->card;
|
struct sc_card *card = p15card->card;
|
||||||
struct sc_pkcs15_pin_info profile_pin;
|
struct sc_pkcs15_auth_info profile_auth_pin, profile_auth_puk;
|
||||||
struct sc_pkcs15_pin_info profile_puk;
|
|
||||||
struct sc_cardctl_oberthur_createpin_info args;
|
struct sc_cardctl_oberthur_createpin_info args;
|
||||||
unsigned char *puk_buff = NULL;
|
unsigned char *puk_buff = NULL;
|
||||||
int rv;
|
int rv;
|
||||||
@ -291,35 +290,38 @@ cosm_create_reference_data(struct sc_profile *profile, struct sc_pkcs15_card *p1
|
|||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
if (puk && !puk_len)
|
if (puk && !puk_len)
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
|
if (ainfo->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_OBJECT_NOT_VALID;
|
||||||
|
|
||||||
rv = sc_select_file(card, &pinfo->path, NULL);
|
rv = sc_select_file(card, &ainfo->path, NULL);
|
||||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot select file");
|
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot select file");
|
||||||
|
|
||||||
sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PIN, &profile_pin);
|
sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PIN, &profile_auth_pin);
|
||||||
sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PUK, &profile_puk);
|
sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PUK, &profile_auth_puk);
|
||||||
|
|
||||||
memset(&args, 0, sizeof(args));
|
memset(&args, 0, sizeof(args));
|
||||||
args.type = SC_AC_CHV;
|
args.type = SC_AC_CHV;
|
||||||
args.ref = pinfo->reference;
|
args.ref = ainfo->attrs.pin.reference;
|
||||||
args.pin = pin;
|
args.pin = pin;
|
||||||
args.pin_len = pin_len;
|
args.pin_len = pin_len;
|
||||||
|
|
||||||
if (!(pinfo->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)) {
|
if (!(ainfo->attrs.pin.flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)) {
|
||||||
args.pin_tries = profile_pin.tries_left;
|
args.pin_tries = profile_auth_pin.tries_left;
|
||||||
if (profile_puk.tries_left > 0) {
|
if (profile_auth_puk.tries_left > 0) {
|
||||||
args.puk = oberthur_puk;
|
args.puk = oberthur_puk;
|
||||||
args.puk_len = sizeof(oberthur_puk);
|
args.puk_len = sizeof(oberthur_puk);
|
||||||
args.puk_tries = 5;
|
args.puk_tries = 5;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
args.pin_tries = profile_puk.tries_left;
|
args.pin_tries = profile_auth_puk.tries_left;
|
||||||
}
|
}
|
||||||
|
|
||||||
rv = sc_card_ctl(card, SC_CARDCTL_OBERTHUR_CREATE_PIN, &args);
|
rv = sc_card_ctl(card, SC_CARDCTL_OBERTHUR_CREATE_PIN, &args);
|
||||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "'CREATE_PIN' card specific command failed");
|
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "'CREATE_PIN' card specific command failed");
|
||||||
|
|
||||||
if (!(pinfo->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN) && (profile_puk.tries_left > 0)) {
|
if (!(ainfo->attrs.pin.flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)
|
||||||
|
&& (profile_auth_puk.tries_left > 0)) {
|
||||||
struct sc_file *file = NULL;
|
struct sc_file *file = NULL;
|
||||||
|
|
||||||
if (sc_profile_get_file(profile, COSM_TITLE"-puk-file", &file))
|
if (sc_profile_get_file(profile, COSM_TITLE"-puk-file", &file))
|
||||||
@ -344,24 +346,26 @@ cosm_create_reference_data(struct sc_profile *profile, struct sc_pkcs15_card *p1
|
|||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
cosm_update_pin(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
cosm_update_pin(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
||||||
struct sc_pkcs15_pin_info *pinfo, const unsigned char *pin, size_t pin_len,
|
struct sc_pkcs15_auth_info *ainfo, const unsigned char *pin, size_t pin_len,
|
||||||
const unsigned char *puk, size_t puk_len )
|
const unsigned char *puk, size_t puk_len )
|
||||||
{
|
{
|
||||||
struct sc_context *ctx = p15card->card->ctx;
|
struct sc_context *ctx = p15card->card->ctx;
|
||||||
int rv;
|
int rv;
|
||||||
|
|
||||||
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
|
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
|
||||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "ref %i; flags 0x%X", pinfo->reference, pinfo->flags);
|
if (ainfo->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_OBJECT_NOT_VALID;
|
||||||
|
|
||||||
if (pinfo->flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "ref %i; flags 0x%X", ainfo->attrs.pin.reference, ainfo->attrs.pin.flags);
|
||||||
if (pinfo->reference != 4)
|
|
||||||
|
if (ainfo->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
||||||
|
if (ainfo->attrs.pin.reference != 4)
|
||||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_PIN_REFERENCE, "cosm_update_pin() invalid SOPIN reference");
|
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_PIN_REFERENCE, "cosm_update_pin() invalid SOPIN reference");
|
||||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Update SOPIN ignored");
|
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Update SOPIN ignored");
|
||||||
rv = SC_SUCCESS;
|
rv = SC_SUCCESS;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
rv = cosm_create_reference_data(profile, p15card, pinfo,
|
rv = cosm_create_reference_data(profile, p15card, ainfo, pin, pin_len, puk, puk_len);
|
||||||
pin, pin_len, puk, puk_len);
|
|
||||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "cosm_update_pin() failed to change PIN");
|
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "cosm_update_pin() failed to change PIN");
|
||||||
|
|
||||||
rv = cosm_write_tokeninfo(p15card, profile, NULL,
|
rv = cosm_write_tokeninfo(p15card, profile, NULL,
|
||||||
@ -378,33 +382,39 @@ cosm_update_pin(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||||||
|
|
||||||
static int
|
static int
|
||||||
cosm_select_pin_reference(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
cosm_select_pin_reference(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
||||||
struct sc_pkcs15_pin_info *pin_info)
|
struct sc_pkcs15_auth_info *auth_info)
|
||||||
{
|
{
|
||||||
struct sc_context *ctx = p15card->card->ctx;
|
struct sc_context *ctx = p15card->card->ctx;
|
||||||
|
struct sc_pkcs15_pin_attributes *pin_attrs;
|
||||||
struct sc_file *pinfile;
|
struct sc_file *pinfile;
|
||||||
|
|
||||||
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
|
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
|
||||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "ref %i; flags %X", pin_info->reference, pin_info->flags);
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_OBJECT_NOT_VALID;
|
||||||
|
|
||||||
|
pin_attrs = &auth_info->attrs.pin;
|
||||||
|
|
||||||
|
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "ref %i; flags %X", pin_attrs->reference, pin_attrs->flags);
|
||||||
if (sc_profile_get_file(profile, COSM_TITLE "-AppDF", &pinfile) < 0) {
|
if (sc_profile_get_file(profile, COSM_TITLE "-AppDF", &pinfile) < 0) {
|
||||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Profile doesn't define \"%s\"", COSM_TITLE "-AppDF");
|
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Profile doesn't define \"%s\"", COSM_TITLE "-AppDF");
|
||||||
return SC_ERROR_INCONSISTENT_PROFILE;
|
return SC_ERROR_INCONSISTENT_PROFILE;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_LOCAL)
|
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_LOCAL)
|
||||||
pin_info->path = pinfile->path;
|
auth_info->path = pinfile->path;
|
||||||
|
|
||||||
sc_file_free(pinfile);
|
sc_file_free(pinfile);
|
||||||
|
|
||||||
if (pin_info->reference <= 0) {
|
if (pin_attrs->reference <= 0) {
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
||||||
pin_info->reference = 4;
|
pin_attrs->reference = 4;
|
||||||
else if (pin_info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)
|
else if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)
|
||||||
pin_info->reference = 4;
|
pin_attrs->reference = 4;
|
||||||
else
|
else
|
||||||
pin_info->reference = 1;
|
pin_attrs->reference = 1;
|
||||||
|
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_LOCAL)
|
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_LOCAL)
|
||||||
pin_info->reference |= 0x80;
|
pin_attrs->reference |= 0x80;
|
||||||
}
|
}
|
||||||
|
|
||||||
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS);
|
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS);
|
||||||
@ -421,42 +431,48 @@ cosm_create_pin(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||||||
const unsigned char *puk, size_t puk_len)
|
const unsigned char *puk, size_t puk_len)
|
||||||
{
|
{
|
||||||
struct sc_context *ctx = p15card->card->ctx;
|
struct sc_context *ctx = p15card->card->ctx;
|
||||||
struct sc_pkcs15_pin_info *pin_info = (struct sc_pkcs15_pin_info *) pin_obj->data;
|
struct sc_pkcs15_auth_info *auth_info = (struct sc_pkcs15_auth_info *) pin_obj->data;
|
||||||
|
struct sc_pkcs15_pin_attributes *pin_attrs;
|
||||||
struct sc_file *pin_file;
|
struct sc_file *pin_file;
|
||||||
int rv = 0;
|
int rv = 0;
|
||||||
|
|
||||||
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
|
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
|
||||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "create '%s'; ref 0x%X; flags %X", pin_obj->label, pin_info->reference, pin_info->flags);
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_OBJECT_NOT_VALID;
|
||||||
|
|
||||||
|
pin_attrs = &auth_info->attrs.pin;
|
||||||
|
|
||||||
|
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "create '%s'; ref 0x%X; flags %X", pin_obj->label, pin_attrs->reference, pin_attrs->flags);
|
||||||
if (sc_profile_get_file(profile, COSM_TITLE "-AppDF", &pin_file) < 0)
|
if (sc_profile_get_file(profile, COSM_TITLE "-AppDF", &pin_file) < 0)
|
||||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCONSISTENT_PROFILE, "\""COSM_TITLE"-AppDF\" not defined");
|
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCONSISTENT_PROFILE, "\""COSM_TITLE"-AppDF\" not defined");
|
||||||
|
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_LOCAL)
|
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_LOCAL)
|
||||||
pin_info->path = pin_file->path;
|
auth_info->path = pin_file->path;
|
||||||
|
|
||||||
sc_file_free(pin_file);
|
sc_file_free(pin_file);
|
||||||
|
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN) {
|
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN) {
|
||||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "SOPIN unblocking is not supported");
|
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED, "SOPIN unblocking is not supported");
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
if (pin_info->reference != 4)
|
if (pin_attrs->reference != 4)
|
||||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_PIN_REFERENCE, "Invalid SOPIN reference");
|
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_PIN_REFERENCE, "Invalid SOPIN reference");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN) {
|
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN) {
|
||||||
if (pin_info->reference != 0x84)
|
if (pin_attrs->reference != 0x84)
|
||||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_PIN_REFERENCE, "Invalid User PUK reference");
|
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_PIN_REFERENCE, "Invalid User PUK reference");
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
if (pin_info->reference != 0x81)
|
if (pin_attrs->reference != 0x81)
|
||||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_PIN_REFERENCE, "Invalid User PIN reference");
|
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_PIN_REFERENCE, "Invalid User PIN reference");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (pin && pin_len) {
|
if (pin && pin_len) {
|
||||||
rv = cosm_update_pin(profile, p15card, pin_info, pin, pin_len, puk, puk_len);
|
rv = cosm_update_pin(profile, p15card, auth_info, pin, pin_len, puk, puk_len);
|
||||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Update PIN failed");
|
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Update PIN failed");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -141,18 +141,21 @@ static int rtecp_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc
|
|||||||
* Select a PIN reference
|
* Select a PIN reference
|
||||||
*/
|
*/
|
||||||
static int rtecp_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
static int rtecp_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
||||||
sc_pkcs15_pin_info_t *pin_info)
|
sc_pkcs15_auth_info_t *auth_info)
|
||||||
{
|
{
|
||||||
int pin_ref;
|
int pin_ref;
|
||||||
|
|
||||||
if (!profile || !p15card || !p15card->card || !p15card->card->ctx || !pin_info)
|
if (!profile || !p15card || !p15card->card || !p15card->card->ctx || !auth_info)
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
|
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_OBJECT_NOT_VALID;
|
||||||
|
|
||||||
|
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
||||||
pin_ref = RTECP_SO_PIN_REF;
|
pin_ref = RTECP_SO_PIN_REF;
|
||||||
else
|
else
|
||||||
pin_ref = RTECP_USER_PIN_REF;
|
pin_ref = RTECP_USER_PIN_REF;
|
||||||
if (pin_info->reference != pin_ref)
|
if (auth_info->attrs.pin.reference != pin_ref)
|
||||||
SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED);
|
SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_NOT_SUPPORTED);
|
||||||
|
|
||||||
return SC_SUCCESS;
|
return SC_SUCCESS;
|
||||||
@ -167,7 +170,7 @@ static int rtecp_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||||||
const unsigned char *puk, size_t puk_len)
|
const unsigned char *puk, size_t puk_len)
|
||||||
{
|
{
|
||||||
sc_context_t *ctx;
|
sc_context_t *ctx;
|
||||||
sc_pkcs15_pin_info_t *pin_info;
|
sc_pkcs15_auth_info_t *auth_info;
|
||||||
sc_file_t *file = NULL;
|
sc_file_t *file = NULL;
|
||||||
/* GCHV min-length Flags Attempts Reserve */
|
/* GCHV min-length Flags Attempts Reserve */
|
||||||
unsigned char prop[] = { 0x01, '?', 0x01, '?', 0, 0 };
|
unsigned char prop[] = { 0x01, '?', 0x01, '?', 0, 0 };
|
||||||
@ -190,17 +193,21 @@ static int rtecp_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||||||
sc_strerror(SC_ERROR_NOT_SUPPORTED));
|
sc_strerror(SC_ERROR_NOT_SUPPORTED));
|
||||||
return SC_ERROR_NOT_SUPPORTED;
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
}
|
}
|
||||||
pin_info = (sc_pkcs15_pin_info_t *)pin_obj->data;
|
|
||||||
if (pin_info->reference != RTECP_SO_PIN_REF
|
auth_info = (sc_pkcs15_auth_info_t *)pin_obj->data;
|
||||||
&& pin_info->reference != RTECP_USER_PIN_REF)
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_OBJECT_NOT_VALID;
|
||||||
|
|
||||||
|
if (auth_info->attrs.pin.reference != RTECP_SO_PIN_REF
|
||||||
|
&& auth_info->attrs.pin.reference != RTECP_USER_PIN_REF)
|
||||||
{
|
{
|
||||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "PIN reference %i not found in standard"
|
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "PIN reference %i not found in standard"
|
||||||
" (Rutoken ECP) PINs\n", pin_info->reference);
|
" (Rutoken ECP) PINs\n", auth_info->attrs.pin.reference);
|
||||||
return SC_ERROR_NOT_SUPPORTED;
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
}
|
}
|
||||||
|
|
||||||
snprintf(pin_sname, sizeof(pin_sname), "CHV%i", pin_info->reference);
|
snprintf(pin_sname, sizeof(pin_sname), "CHV%i", auth_info->attrs.pin.reference);
|
||||||
if (pin_info->reference == RTECP_USER_PIN_REF) {
|
if (auth_info->attrs.pin.reference == RTECP_USER_PIN_REF) {
|
||||||
r = sc_profile_get_file(profile, pin_sname, &file);
|
r = sc_profile_get_file(profile, pin_sname, &file);
|
||||||
if (!r) {
|
if (!r) {
|
||||||
const struct sc_acl_entry *acl = NULL;
|
const struct sc_acl_entry *acl = NULL;
|
||||||
@ -220,17 +227,17 @@ static int rtecp_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||||||
file = sc_file_new();
|
file = sc_file_new();
|
||||||
if (!file)
|
if (!file)
|
||||||
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY);
|
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY);
|
||||||
file->id = pin_info->reference;
|
file->id = auth_info->attrs.pin.reference;
|
||||||
file->size = pin_len;
|
file->size = pin_len;
|
||||||
assert(sizeof(sec)/sizeof(sec[0]) > 2);
|
assert(sizeof(sec)/sizeof(sec[0]) > 2);
|
||||||
sec[1] = (pin_info->reference == RTECP_SO_PIN_REF) ? 0xFF : RTECP_SO_PIN_REF;
|
sec[1] = (auth_info->attrs.pin.reference == RTECP_SO_PIN_REF) ? 0xFF : RTECP_SO_PIN_REF;
|
||||||
sec[2] = (unsigned char)pin_info->reference | (reset_by_sopin ? RTECP_SO_PIN_REF : 0);
|
sec[2] = (unsigned char)auth_info->attrs.pin.reference | (reset_by_sopin ? RTECP_SO_PIN_REF : 0);
|
||||||
r = sc_file_set_sec_attr(file, sec, sizeof(sec));
|
r = sc_file_set_sec_attr(file, sec, sizeof(sec));
|
||||||
if (r == SC_SUCCESS)
|
if (r == SC_SUCCESS)
|
||||||
{
|
{
|
||||||
assert(sizeof(prop)/sizeof(prop[0]) > 3);
|
assert(sizeof(prop)/sizeof(prop[0]) > 3);
|
||||||
prop[1] = (unsigned char)pin_info->min_length;
|
prop[1] = (unsigned char)auth_info->attrs.pin.min_length;
|
||||||
prop[3] = 0x11 * (unsigned char)(pin_info->tries_left & 0x0F);
|
prop[3] = 0x11 * (unsigned char)(auth_info->tries_left & 0x0F);
|
||||||
r = sc_file_set_prop_attr(file, prop, sizeof(prop));
|
r = sc_file_set_prop_attr(file, prop, sizeof(prop));
|
||||||
}
|
}
|
||||||
if (r == SC_SUCCESS)
|
if (r == SC_SUCCESS)
|
||||||
@ -241,7 +248,7 @@ static int rtecp_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||||||
|
|
||||||
if (r == SC_SUCCESS)
|
if (r == SC_SUCCESS)
|
||||||
r = sc_change_reference_data(p15card->card, SC_AC_CHV,
|
r = sc_change_reference_data(p15card->card, SC_AC_CHV,
|
||||||
pin_info->reference, NULL, 0, pin, pin_len, NULL);
|
auth_info->attrs.pin.reference, NULL, 0, pin, pin_len, NULL);
|
||||||
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r);
|
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, r);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -94,18 +94,21 @@ rutoken_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
rutoken_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
rutoken_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
||||||
sc_pkcs15_pin_info_t *pin_info)
|
sc_pkcs15_auth_info_t *auth_info)
|
||||||
{
|
{
|
||||||
int pin_ref;
|
int pin_ref;
|
||||||
unsigned int so_pin_flag;
|
unsigned int so_pin_flag;
|
||||||
|
|
||||||
if (!profile || !p15card || !p15card->card || !p15card->card->ctx || !pin_info)
|
if (!profile || !p15card || !p15card->card || !p15card->card->ctx || !auth_info)
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
|
|
||||||
SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE);
|
SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE);
|
||||||
|
|
||||||
pin_ref = pin_info->reference;
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
so_pin_flag = pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN;
|
return SC_ERROR_OBJECT_NOT_VALID;
|
||||||
|
|
||||||
|
pin_ref = auth_info->attrs.pin.reference;
|
||||||
|
so_pin_flag = auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN;
|
||||||
|
|
||||||
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "PIN reference %i%s\n",
|
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "PIN reference %i%s\n",
|
||||||
pin_ref, so_pin_flag ? " SO PIN flag" : "");
|
pin_ref, so_pin_flag ? " SO PIN flag" : "");
|
||||||
@ -128,7 +131,7 @@ rutoken_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||||||
const unsigned char *puk, size_t puk_len)
|
const unsigned char *puk, size_t puk_len)
|
||||||
{
|
{
|
||||||
sc_context_t *ctx;
|
sc_context_t *ctx;
|
||||||
sc_pkcs15_pin_info_t *pin_info;
|
sc_pkcs15_auth_info_t *auth_info;
|
||||||
size_t i;
|
size_t i;
|
||||||
|
|
||||||
(void)puk; /* no warning */
|
(void)puk; /* no warning */
|
||||||
@ -146,9 +149,13 @@ rutoken_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||||||
sc_strerror(SC_ERROR_NOT_SUPPORTED));
|
sc_strerror(SC_ERROR_NOT_SUPPORTED));
|
||||||
return SC_ERROR_NOT_SUPPORTED;
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
}
|
}
|
||||||
pin_info = (sc_pkcs15_pin_info_t *)pin_obj->data;
|
|
||||||
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_OBJECT_NOT_VALID;
|
||||||
|
|
||||||
|
auth_info = (sc_pkcs15_auth_info_t *)pin_obj->data;
|
||||||
for (i = 0; i < sizeof(do_pins)/sizeof(do_pins[0]); ++i)
|
for (i = 0; i < sizeof(do_pins)/sizeof(do_pins[0]); ++i)
|
||||||
if (pin_info->reference == do_pins[i].id)
|
if (auth_info->attrs.pin.reference == do_pins[i].id)
|
||||||
{
|
{
|
||||||
if (pin_len == sizeof(do_pins[i].pass)
|
if (pin_len == sizeof(do_pins[i].pass)
|
||||||
&& memcmp(do_pins[i].pass, pin, pin_len) == 0
|
&& memcmp(do_pins[i].pass, pin, pin_len) == 0
|
||||||
@ -162,7 +169,7 @@ rutoken_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||||||
}
|
}
|
||||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL,
|
sc_debug(ctx, SC_LOG_DEBUG_NORMAL,
|
||||||
"PIN reference %i not found in standard (Rutoken) PINs\n",
|
"PIN reference %i not found in standard (Rutoken) PINs\n",
|
||||||
pin_info->reference);
|
auth_info->attrs.pin.reference);
|
||||||
return SC_ERROR_NOT_SUPPORTED;
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -36,25 +36,26 @@ static unsigned char SETCOS_DEFAULT_PUBKEY[] = {0x01, 0x00, 0x01};
|
|||||||
#define SETCOS_DEFAULT_PUBKEY_LEN sizeof(SETCOS_DEFAULT_PUBKEY)
|
#define SETCOS_DEFAULT_PUBKEY_LEN sizeof(SETCOS_DEFAULT_PUBKEY)
|
||||||
|
|
||||||
static int setcos_create_pin_internal(sc_profile_t *, sc_pkcs15_card_t *,
|
static int setcos_create_pin_internal(sc_profile_t *, sc_pkcs15_card_t *,
|
||||||
int, sc_pkcs15_pin_info_t *, const u8 *, size_t, const u8 *, size_t);
|
int, sc_pkcs15_auth_info_t *, const u8 *, size_t, const u8 *, size_t);
|
||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
setcos_puk_retries(sc_profile_t *profile, int pin_ref)
|
setcos_puk_retries(sc_profile_t *profile, int pin_ref)
|
||||||
{
|
{
|
||||||
sc_pkcs15_pin_info_t pin_info;
|
sc_pkcs15_auth_info_t auth_info;
|
||||||
|
|
||||||
pin_info.reference = 1; /* Default SO PIN ref. */
|
auth_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
||||||
sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PIN, &pin_info);
|
auth_info.attrs.pin.reference = 1; /* Default SO PIN ref. */
|
||||||
|
sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PIN, &auth_info);
|
||||||
|
|
||||||
/* If pin_ref is the SO PIN, get the SO PUK info, otherwise the User PUK info */
|
/* If pin_ref is the SO PIN, get the SO PUK info, otherwise the User PUK info */
|
||||||
sc_profile_get_pin_info(profile,
|
sc_profile_get_pin_info(profile,
|
||||||
pin_ref == pin_info.reference ? SC_PKCS15INIT_SO_PUK : SC_PKCS15INIT_USER_PUK,
|
pin_ref == auth_info.attrs.pin.reference ? SC_PKCS15INIT_SO_PUK : SC_PKCS15INIT_USER_PUK,
|
||||||
&pin_info);
|
&auth_info);
|
||||||
|
|
||||||
if ((pin_info.tries_left < 0) || (pin_info.tries_left > 15))
|
if ((auth_info.tries_left < 0) || (auth_info.tries_left > 15))
|
||||||
return 3; /* Little extra safety */
|
return 3; /* Little extra safety */
|
||||||
return pin_info.tries_left;
|
return auth_info.tries_left;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -162,21 +163,22 @@ setcos_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *d
|
|||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
setcos_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
setcos_select_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
||||||
sc_pkcs15_pin_info_t *pin_info)
|
sc_pkcs15_auth_info_t *auth_info)
|
||||||
{
|
{
|
||||||
sc_pkcs15_pin_info_t pin_info_prof;
|
sc_pkcs15_auth_info_t auth_info_prof;
|
||||||
|
|
||||||
pin_info_prof.reference = 1; /* Default SO PIN ref. */
|
auth_info_prof.attrs.pin.reference = 1; /* Default SO PIN ref. */
|
||||||
sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PIN, &pin_info_prof);
|
auth_info_prof.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
||||||
|
sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PIN, &auth_info_prof);
|
||||||
|
|
||||||
/* For the SO pin, we take the first available pin reference = 1 */
|
/* For the SO pin, we take the first available pin reference = 1 */
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
||||||
pin_info->reference = pin_info_prof.reference;
|
auth_info->attrs.pin.reference = auth_info_prof.attrs.pin.reference;
|
||||||
/* sc_pkcs15init_create_pin() starts checking if -1 is an acceptable
|
/* sc_pkcs15init_create_pin() starts checking if -1 is an acceptable
|
||||||
* pin reference, which isn't for the SetCOS cards. And since the
|
* pin reference, which isn't for the SetCOS cards. And since the
|
||||||
* value 1 has been assigned to the SO pin, we'll jump to 2. */
|
* value 1 has been assigned to the SO pin, we'll jump to 2. */
|
||||||
else if (pin_info->reference <= 0)
|
else if (auth_info->attrs.pin.reference <= 0)
|
||||||
pin_info->reference = pin_info_prof.reference + 1;
|
auth_info->attrs.pin.reference = auth_info_prof.attrs.pin.reference + 1;
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -192,12 +194,15 @@ setcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||||||
const u8 *puk, size_t puk_len)
|
const u8 *puk, size_t puk_len)
|
||||||
{
|
{
|
||||||
struct sc_context *ctx = p15card->card->ctx;
|
struct sc_context *ctx = p15card->card->ctx;
|
||||||
sc_pkcs15_pin_info_t *pin_info = (sc_pkcs15_pin_info_t *) pin_obj->data;
|
sc_pkcs15_auth_info_t *auth_info = (sc_pkcs15_auth_info_t *) pin_obj->data;
|
||||||
sc_file_t *pinfile = NULL;
|
sc_file_t *pinfile = NULL;
|
||||||
int r, ignore_ac = 0;
|
int r, ignore_ac = 0;
|
||||||
|
|
||||||
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
|
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
|
||||||
|
|
||||||
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_OBJECT_NOT_VALID;
|
||||||
|
|
||||||
/* Create the global pin file if it doesn't exist yet */
|
/* Create the global pin file if it doesn't exist yet */
|
||||||
r = sc_profile_get_file(profile, "pinfile", &pinfile);
|
r = sc_profile_get_file(profile, "pinfile", &pinfile);
|
||||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "No 'pinfile' template in profile");
|
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "No 'pinfile' template in profile");
|
||||||
@ -207,18 +212,18 @@ setcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||||||
|
|
||||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "pinfile->status:%X", pinfile->status);
|
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "pinfile->status:%X", pinfile->status);
|
||||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "create PIN with reference:%X, flags:%X, path:%s",
|
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "create PIN with reference:%X, flags:%X, path:%s",
|
||||||
pin_info->reference, pin_info->flags, sc_print_path(&pin_info->path));
|
auth_info->attrs.pin.reference, auth_info->attrs.pin.flags, sc_print_path(&auth_info->path));
|
||||||
|
|
||||||
if (pinfile->status == SC_FILE_STATUS_CREATION)
|
if (pinfile->status == SC_FILE_STATUS_CREATION)
|
||||||
ignore_ac = 1;
|
ignore_ac = 1;
|
||||||
|
|
||||||
r = setcos_create_pin_internal(profile, p15card, ignore_ac, pin_info,
|
r = setcos_create_pin_internal(profile, p15card, ignore_ac, auth_info,
|
||||||
pin, pin_len, puk, puk_len);
|
pin, pin_len, puk, puk_len);
|
||||||
|
|
||||||
/* If pinfile is in 'Creation' state and SOPIN has been created,
|
/* If pinfile is in 'Creation' state and SOPIN has been created,
|
||||||
* change status of MF and 'pinfile' to 'Operational:Activated'
|
* change status of MF and 'pinfile' to 'Operational:Activated'
|
||||||
*/
|
*/
|
||||||
if (ignore_ac && (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN)) {
|
if (ignore_ac && (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN)) {
|
||||||
sc_file_t *mf = profile->mf_info->file;
|
sc_file_t *mf = profile->mf_info->file;
|
||||||
|
|
||||||
r = sc_card_ctl(p15card->card, SC_CARDCTL_SETCOS_ACTIVATE_FILE, NULL);
|
r = sc_card_ctl(p15card->card, SC_CARDCTL_SETCOS_ACTIVATE_FILE, NULL);
|
||||||
@ -496,7 +501,7 @@ setcos_generate_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
setcos_create_pin_internal(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
setcos_create_pin_internal(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
||||||
int ignore_ac, sc_pkcs15_pin_info_t *pin_info,
|
int ignore_ac, sc_pkcs15_auth_info_t *auth_info,
|
||||||
const u8 *pin, size_t pin_len,
|
const u8 *pin, size_t pin_len,
|
||||||
const u8 *puk, size_t puk_len)
|
const u8 *puk, size_t puk_len)
|
||||||
{
|
{
|
||||||
@ -507,7 +512,10 @@ setcos_create_pin_internal(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||||||
sc_file_t *pinfile = NULL;
|
sc_file_t *pinfile = NULL;
|
||||||
|
|
||||||
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
|
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
|
||||||
if (pin_info->reference >= SETCOS_MAX_PINS)
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_OBJECT_NOT_VALID;
|
||||||
|
|
||||||
|
if (auth_info->attrs.pin.reference >= SETCOS_MAX_PINS)
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
if (pin == NULL || puk == NULL || pin_len < 4 || puk_len < 4)
|
if (pin == NULL || puk == NULL || pin_len < 4 || puk_len < 4)
|
||||||
return SC_ERROR_INVALID_PIN_LENGTH;
|
return SC_ERROR_INVALID_PIN_LENGTH;
|
||||||
@ -529,26 +537,26 @@ setcos_create_pin_internal(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||||||
data_obj.P2 = 01;
|
data_obj.P2 = 01;
|
||||||
|
|
||||||
/* setcos pin number */
|
/* setcos pin number */
|
||||||
data[0] = pin_info->reference;
|
data[0] = auth_info->attrs.pin.reference;
|
||||||
|
|
||||||
memset(&data[1], pin_info->pad_char, 16); /* padding */
|
memset(&data[1], auth_info->attrs.pin.pad_char, 16); /* padding */
|
||||||
memcpy(&data[1], (u8 *)pin, pin_len); /* copy pin*/
|
memcpy(&data[1], (u8 *)pin, pin_len); /* copy pin*/
|
||||||
memcpy(&data[9], (u8 *)puk, puk_len); /* copy puk */
|
memcpy(&data[9], (u8 *)puk, puk_len); /* copy puk */
|
||||||
|
|
||||||
data[17] = pin_info->tries_left & 0x0F;
|
data[17] = auth_info->tries_left & 0x0F;
|
||||||
data[18] = pin_info->tries_left & 0x0F;
|
data[18] = auth_info->tries_left & 0x0F;
|
||||||
/* 0xF0: unlimited unblock tries */
|
/* 0xF0: unlimited unblock tries */
|
||||||
data[19] = 0xF0 | setcos_puk_retries(profile, pin_info->reference);
|
data[19] = 0xF0 | setcos_puk_retries(profile, auth_info->attrs.pin.reference);
|
||||||
|
|
||||||
/* Allow an unlimited number of signatures after a pin verification.
|
/* Allow an unlimited number of signatures after a pin verification.
|
||||||
* If set to 1 or so, we would have a UserConsent PIN. */
|
* If set to 1 or so, we would have a UserConsent PIN. */
|
||||||
data[20] = 0x00;
|
data[20] = 0x00;
|
||||||
|
|
||||||
if (pin_info->type == 0)
|
if (auth_info->attrs.pin.type == 0)
|
||||||
data[21] = 0x01; /* BCD */
|
data[21] = 0x01; /* BCD */
|
||||||
else
|
else
|
||||||
data[21] = 0x00; /* ASCII */
|
data[21] = 0x00; /* ASCII */
|
||||||
if ((pin_info->flags & 0x010) == 0) /* test for initial pin */
|
if ((auth_info->attrs.pin.flags & 0x010) == 0) /* test for initial pin */
|
||||||
data[21] |= 0x80;
|
data[21] |= 0x80;
|
||||||
|
|
||||||
data[22] = 0x00; /* not used */
|
data[22] = 0x00; /* not used */
|
||||||
|
@ -49,13 +49,13 @@ static int starcos_erase_card(struct sc_profile *pro, sc_pkcs15_card_t *p15card)
|
|||||||
}
|
}
|
||||||
|
|
||||||
static u8 get_so_ac(const sc_file_t *file, unsigned int op,
|
static u8 get_so_ac(const sc_file_t *file, unsigned int op,
|
||||||
const sc_pkcs15_pin_info_t *pin, unsigned int def,
|
const sc_pkcs15_auth_info_t *auth, unsigned int def,
|
||||||
unsigned int need_global)
|
unsigned int need_global)
|
||||||
{
|
{
|
||||||
int is_global = 1;
|
int is_global = 1;
|
||||||
const sc_acl_entry_t *acl;
|
const sc_acl_entry_t *acl;
|
||||||
|
|
||||||
if (pin->flags & SC_PKCS15_PIN_FLAG_LOCAL)
|
if (auth->attrs.pin.flags & SC_PKCS15_PIN_FLAG_LOCAL)
|
||||||
is_global = 0;
|
is_global = 0;
|
||||||
if (!is_global && need_global)
|
if (!is_global && need_global)
|
||||||
return def & 0xff;
|
return def & 0xff;
|
||||||
@ -83,7 +83,7 @@ static int starcos_init_card(sc_profile_t *profile, sc_pkcs15_card_t *p15card)
|
|||||||
sc_file_t *mf_file, *isf_file, *ipf_file;
|
sc_file_t *mf_file, *isf_file, *ipf_file;
|
||||||
sc_path_t tpath;
|
sc_path_t tpath;
|
||||||
u8 *p = mf_data.data.mf.header, tmp = 0;
|
u8 *p = mf_data.data.mf.header, tmp = 0;
|
||||||
sc_pkcs15_pin_info_t sopin;
|
sc_pkcs15_auth_info_t sopin;
|
||||||
|
|
||||||
/* test if we already have a MF */
|
/* test if we already have a MF */
|
||||||
memset(&tpath, 0, sizeof(sc_path_t));
|
memset(&tpath, 0, sizeof(sc_path_t));
|
||||||
@ -180,7 +180,7 @@ static int starcos_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||||||
sc_starcos_create_data df_data, ipf_data;
|
sc_starcos_create_data df_data, ipf_data;
|
||||||
sc_file_t *isf_file, *ipf_file;
|
sc_file_t *isf_file, *ipf_file;
|
||||||
u8 *p = df_data.data.df.header, tmp = 0;
|
u8 *p = df_data.data.df.header, tmp = 0;
|
||||||
sc_pkcs15_pin_info_t sopin;
|
sc_pkcs15_auth_info_t sopin;
|
||||||
|
|
||||||
sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PIN, &sopin);
|
sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PIN, &sopin);
|
||||||
|
|
||||||
@ -255,10 +255,11 @@ static int starcos_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||||||
|
|
||||||
static int have_onepin(sc_profile_t *profile)
|
static int have_onepin(sc_profile_t *profile)
|
||||||
{
|
{
|
||||||
sc_pkcs15_pin_info_t sopin;
|
sc_pkcs15_auth_info_t sopin;
|
||||||
|
|
||||||
sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PIN, &sopin);
|
sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PIN, &sopin);
|
||||||
if (!(sopin.flags & SC_PKCS15_PIN_FLAG_SO_PIN))
|
|
||||||
|
if (!(sopin.attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN))
|
||||||
return 1;
|
return 1;
|
||||||
else
|
else
|
||||||
return 0;
|
return 0;
|
||||||
@ -272,20 +273,25 @@ static int have_onepin(sc_profile_t *profile)
|
|||||||
#define STARCOS_MIN_GPIN_ID 0x03
|
#define STARCOS_MIN_GPIN_ID 0x03
|
||||||
#define STARCOS_MAX_GPIN_ID 0x0f
|
#define STARCOS_MAX_GPIN_ID 0x0f
|
||||||
static int starcos_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
static int starcos_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
||||||
sc_pkcs15_pin_info_t *pin_info)
|
sc_pkcs15_auth_info_t *auth_info)
|
||||||
{
|
{
|
||||||
int tmp = pin_info->reference;
|
int tmp;
|
||||||
|
|
||||||
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_OBJECT_NOT_VALID;
|
||||||
|
|
||||||
|
tmp = auth_info->attrs.pin.reference;
|
||||||
|
|
||||||
if (have_onepin(profile)) {
|
if (have_onepin(profile)) {
|
||||||
/* we have the onepin profile */
|
/* we have the onepin profile */
|
||||||
pin_info->reference = STARCOS_SOPIN_GID;
|
auth_info->attrs.pin.reference = STARCOS_SOPIN_GID;
|
||||||
return SC_SUCCESS;
|
return SC_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_LOCAL) {
|
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_LOCAL) {
|
||||||
/* use local KID */
|
/* use local KID */
|
||||||
/* SO-pin */
|
/* SO-pin */
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
||||||
tmp = STARCOS_SOPIN_LID;
|
tmp = STARCOS_SOPIN_LID;
|
||||||
else {
|
else {
|
||||||
if (tmp < STARCOS_MIN_LPIN_ID)
|
if (tmp < STARCOS_MIN_LPIN_ID)
|
||||||
@ -299,7 +305,7 @@ static int starcos_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15car
|
|||||||
} else {
|
} else {
|
||||||
/* use global KID */
|
/* use global KID */
|
||||||
/* SO-pin */
|
/* SO-pin */
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
||||||
tmp = STARCOS_SOPIN_GID;
|
tmp = STARCOS_SOPIN_GID;
|
||||||
else {
|
else {
|
||||||
if (tmp < STARCOS_MIN_GPIN_ID)
|
if (tmp < STARCOS_MIN_GPIN_ID)
|
||||||
@ -311,7 +317,7 @@ static int starcos_pin_reference(sc_profile_t *profile, sc_pkcs15_card_t *p15car
|
|||||||
return SC_ERROR_TOO_MANY_OBJECTS;
|
return SC_ERROR_TOO_MANY_OBJECTS;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
pin_info->reference = tmp;
|
auth_info->attrs.pin.reference = tmp;
|
||||||
|
|
||||||
return SC_SUCCESS;
|
return SC_SUCCESS;
|
||||||
}
|
}
|
||||||
@ -349,14 +355,17 @@ static int starcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||||||
size_t akd;
|
size_t akd;
|
||||||
sc_file_t *tfile;
|
sc_file_t *tfile;
|
||||||
const sc_acl_entry_t *acl_entry;
|
const sc_acl_entry_t *acl_entry;
|
||||||
sc_pkcs15_pin_info_t *pin_info = (sc_pkcs15_pin_info_t *) pin_obj->data;
|
sc_pkcs15_auth_info_t *auth_info = (sc_pkcs15_auth_info_t *) pin_obj->data;
|
||||||
sc_starcos_wkey_data pin_d, puk_d;
|
sc_starcos_wkey_data pin_d, puk_d;
|
||||||
u8 tpin[8];
|
u8 tpin[8];
|
||||||
|
|
||||||
if (!pin || !pin_len || pin_len > 8)
|
if (!pin || !pin_len || pin_len > 8)
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
|
|
||||||
is_local = 0x80 & pin_info->reference;
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_OBJECT_NOT_VALID;
|
||||||
|
|
||||||
|
is_local = 0x80 & auth_info->attrs.pin.reference;
|
||||||
if (is_local)
|
if (is_local)
|
||||||
r = sc_select_file(card, &df->path, NULL);
|
r = sc_select_file(card, &df->path, NULL);
|
||||||
else
|
else
|
||||||
@ -369,7 +378,7 @@ static int starcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||||||
return r;
|
return r;
|
||||||
acl_entry = sc_file_get_acl_entry(tfile, SC_AC_OP_WRITE);
|
acl_entry = sc_file_get_acl_entry(tfile, SC_AC_OP_WRITE);
|
||||||
if (acl_entry->method != SC_AC_NONE) {
|
if (acl_entry->method != SC_AC_NONE) {
|
||||||
if ((pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) || have_onepin(profile))
|
if ((auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN) || have_onepin(profile))
|
||||||
need_finalize = 1;
|
need_finalize = 1;
|
||||||
else
|
else
|
||||||
r = sc_pkcs15init_authenticate(profile, p15card, tfile, SC_AC_OP_WRITE);
|
r = sc_pkcs15init_authenticate(profile, p15card, tfile, SC_AC_OP_WRITE);
|
||||||
@ -383,8 +392,8 @@ static int starcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||||||
memcpy(tpin, pin, pin_len);
|
memcpy(tpin, pin, pin_len);
|
||||||
|
|
||||||
/* write PIN */
|
/* write PIN */
|
||||||
tmp = pin_info->tries_left;
|
tmp = auth_info->tries_left;
|
||||||
pin_id = pin_info->reference;
|
pin_id = auth_info->attrs.pin.reference;
|
||||||
|
|
||||||
pin_d.mode = 0; /* install */
|
pin_d.mode = 0; /* install */
|
||||||
pin_d.kid = (u8) pin_id;
|
pin_d.kid = (u8) pin_id;
|
||||||
@ -394,7 +403,7 @@ static int starcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||||||
pin_d.key_header[1] = 0;
|
pin_d.key_header[1] = 0;
|
||||||
pin_d.key_header[2] = 8;
|
pin_d.key_header[2] = 8;
|
||||||
pin_d.key_header[3] = STARCOS_AC_ALWAYS;
|
pin_d.key_header[3] = STARCOS_AC_ALWAYS;
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
||||||
pin_d.key_header[4] = STARCOS_SOPIN_STATE;
|
pin_d.key_header[4] = STARCOS_SOPIN_STATE;
|
||||||
else
|
else
|
||||||
pin_d.key_header[4] = STARCOS_PINID2STATE(pin_id);
|
pin_d.key_header[4] = STARCOS_PINID2STATE(pin_id);
|
||||||
@ -402,7 +411,7 @@ static int starcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||||||
pin_d.key_header[6] = ((0x0f & tmp) << 4) | (0x0f & tmp);
|
pin_d.key_header[6] = ((0x0f & tmp) << 4) | (0x0f & tmp);
|
||||||
pin_d.key_header[7] = 0x00;
|
pin_d.key_header[7] = 0x00;
|
||||||
pin_d.key_header[8] = 0x00;
|
pin_d.key_header[8] = 0x00;
|
||||||
akd = pin_info->min_length;
|
akd = auth_info->attrs.pin.min_length;
|
||||||
if (akd < 4)
|
if (akd < 4)
|
||||||
akd = 4;
|
akd = 4;
|
||||||
if (akd > 8)
|
if (akd > 8)
|
||||||
@ -419,7 +428,7 @@ static int starcos_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||||||
return r;
|
return r;
|
||||||
|
|
||||||
if (puk && puk_len) {
|
if (puk && puk_len) {
|
||||||
sc_pkcs15_pin_info_t puk_info;
|
sc_pkcs15_auth_info_t puk_info;
|
||||||
|
|
||||||
if (puk_len > 8)
|
if (puk_len > 8)
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
|
@ -71,13 +71,16 @@ static int westcos_pkcs15init_create_dir(sc_profile_t *profile,
|
|||||||
*/
|
*/
|
||||||
static int westcos_pkcs15_select_pin_reference(sc_profile_t *profile,
|
static int westcos_pkcs15_select_pin_reference(sc_profile_t *profile,
|
||||||
sc_pkcs15_card_t *p15card,
|
sc_pkcs15_card_t *p15card,
|
||||||
sc_pkcs15_pin_info_t *pin_info)
|
sc_pkcs15_auth_info_t *auth_info)
|
||||||
{
|
{
|
||||||
|
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
pin_info->reference = 1;
|
return SC_ERROR_OBJECT_NOT_VALID;
|
||||||
|
|
||||||
|
if (auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
||||||
|
auth_info->attrs.pin.reference = 1;
|
||||||
} else {
|
} else {
|
||||||
pin_info->reference = 0;
|
auth_info->attrs.pin.reference = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -488,7 +488,7 @@ sc_profile_free(struct sc_profile *profile)
|
|||||||
|
|
||||||
void
|
void
|
||||||
sc_profile_get_pin_info(struct sc_profile *profile,
|
sc_profile_get_pin_info(struct sc_profile *profile,
|
||||||
int id, struct sc_pkcs15_pin_info *info)
|
int id, struct sc_pkcs15_auth_info *info)
|
||||||
{
|
{
|
||||||
struct pin_info *pi;
|
struct pin_info *pi;
|
||||||
|
|
||||||
@ -516,7 +516,9 @@ sc_profile_get_pin_id(struct sc_profile *profile,
|
|||||||
struct pin_info *pi;
|
struct pin_info *pi;
|
||||||
|
|
||||||
for (pi = profile->pin_list; pi; pi = pi->next) {
|
for (pi = profile->pin_list; pi; pi = pi->next) {
|
||||||
if (pi->pin.reference == (int)reference) {
|
if (pi->pin.auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
continue;
|
||||||
|
if (pi->pin.attrs.pin.reference == (int)reference) {
|
||||||
*id = pi->id;
|
*id = pi->id;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -778,7 +780,7 @@ sc_profile_instantiate_file(sc_profile_t *profile, struct file_info *ft,
|
|||||||
int
|
int
|
||||||
sc_profile_get_pin_id_by_reference(struct sc_profile *profile,
|
sc_profile_get_pin_id_by_reference(struct sc_profile *profile,
|
||||||
unsigned auth_method, int reference,
|
unsigned auth_method, int reference,
|
||||||
struct sc_pkcs15_pin_info *pin_info)
|
struct sc_pkcs15_auth_info *auth_info)
|
||||||
{
|
{
|
||||||
struct pin_info *pinfo;
|
struct pin_info *pinfo;
|
||||||
|
|
||||||
@ -788,14 +790,16 @@ sc_profile_get_pin_id_by_reference(struct sc_profile *profile,
|
|||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
if (pinfo->pin.auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
continue;
|
||||||
if (pinfo->pin.auth_method != auth_method)
|
if (pinfo->pin.auth_method != auth_method)
|
||||||
continue;
|
continue;
|
||||||
if (pinfo->pin.reference != reference)
|
if (pinfo->pin.attrs.pin.reference != reference)
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (pin_info)
|
if (auth_info)
|
||||||
*pin_info = pinfo->pin;
|
*auth_info = pinfo->pin;
|
||||||
return pinfo->id;
|
return pinfo->id;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1490,15 +1494,15 @@ new_pin(struct sc_profile *profile, int id)
|
|||||||
if (pi == NULL)
|
if (pi == NULL)
|
||||||
return NULL;
|
return NULL;
|
||||||
pi->id = id;
|
pi->id = id;
|
||||||
|
pi->pin.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
||||||
pi->pin.auth_method = SC_AC_CHV;
|
pi->pin.auth_method = SC_AC_CHV;
|
||||||
pi->pin.type = (unsigned int)-1;
|
pi->pin.attrs.pin.type = (unsigned int)-1;
|
||||||
pi->pin.flags = 0x32;
|
pi->pin.attrs.pin.flags = 0x32;
|
||||||
pi->pin.max_length = 0;
|
pi->pin.attrs.pin.max_length = 0;
|
||||||
pi->pin.min_length = 0;
|
pi->pin.attrs.pin.min_length = 0;
|
||||||
pi->pin.stored_length = 0;
|
pi->pin.attrs.pin.stored_length = 0;
|
||||||
pi->pin.pad_char = 0xA5;
|
pi->pin.attrs.pin.pad_char = 0xA5;
|
||||||
pi->pin.magic = SC_PKCS15_PIN_MAGIC;
|
pi->pin.attrs.pin.reference = -1;
|
||||||
pi->pin.reference = -1;
|
|
||||||
pi->pin.tries_left = 3;
|
pi->pin.tries_left = 3;
|
||||||
|
|
||||||
*tail = pi;
|
*tail = pi;
|
||||||
@ -1507,22 +1511,25 @@ new_pin(struct sc_profile *profile, int id)
|
|||||||
|
|
||||||
static void set_pin_defaults(struct sc_profile *profile, struct pin_info *pi)
|
static void set_pin_defaults(struct sc_profile *profile, struct pin_info *pi)
|
||||||
{
|
{
|
||||||
struct sc_pkcs15_pin_info *info = &pi->pin;
|
struct sc_pkcs15_auth_info *info = &pi->pin;
|
||||||
|
struct sc_pkcs15_pin_attributes *pin_attrs = &info->attrs.pin;
|
||||||
|
|
||||||
if (info->type == (unsigned int) -1)
|
info->auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
||||||
info->type = profile->pin_encoding;
|
|
||||||
if (info->max_length == 0)
|
if (pin_attrs->type == (unsigned int) -1)
|
||||||
info->max_length = profile->pin_maxlen;
|
pin_attrs->type = profile->pin_encoding;
|
||||||
if (info->min_length == 0)
|
if (pin_attrs->max_length == 0)
|
||||||
info->min_length = profile->pin_minlen;
|
pin_attrs->max_length = profile->pin_maxlen;
|
||||||
if (info->stored_length == 0) {
|
if (pin_attrs->min_length == 0)
|
||||||
info->stored_length = profile->pin_maxlen;
|
pin_attrs->min_length = profile->pin_minlen;
|
||||||
|
if (pin_attrs->stored_length == 0) {
|
||||||
|
pin_attrs->stored_length = profile->pin_maxlen;
|
||||||
/* BCD encoded PIN takes half the space */
|
/* BCD encoded PIN takes half the space */
|
||||||
if (info->type == SC_PKCS15_PIN_TYPE_BCD)
|
if (pin_attrs->type == SC_PKCS15_PIN_TYPE_BCD)
|
||||||
info->stored_length = (info->stored_length + 1) / 2;
|
pin_attrs->stored_length = (pin_attrs->stored_length + 1) / 2;
|
||||||
}
|
}
|
||||||
if (info->pad_char == 0xA5)
|
if (pin_attrs->pad_char == 0xA5)
|
||||||
info->pad_char = profile->pin_pad_char;
|
pin_attrs->pad_char = profile->pin_pad_char;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
@ -1557,7 +1564,9 @@ do_pin_type(struct state *cur, int argc, char **argv)
|
|||||||
|
|
||||||
if (map_str2int(cur, argv[0], &type, pinTypeNames))
|
if (map_str2int(cur, argv[0], &type, pinTypeNames))
|
||||||
return 1;
|
return 1;
|
||||||
cur->pin->pin.type = type;
|
if (cur->pin->pin.auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return 1;
|
||||||
|
cur->pin->pin.attrs.pin.type = type;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1568,7 +1577,9 @@ do_pin_reference(struct state *cur, int argc, char **argv)
|
|||||||
|
|
||||||
if (get_uint(cur, argv[0], &reference))
|
if (get_uint(cur, argv[0], &reference))
|
||||||
return 1;
|
return 1;
|
||||||
cur->pin->pin.reference = reference;
|
if (cur->pin->pin.auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return 1;
|
||||||
|
cur->pin->pin.attrs.pin.reference = reference;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1586,7 +1597,9 @@ do_pin_minlength(struct state *cur, int argc, char **argv)
|
|||||||
|
|
||||||
if (get_uint(cur, argv[0], &len))
|
if (get_uint(cur, argv[0], &len))
|
||||||
return 1;
|
return 1;
|
||||||
cur->pin->pin.min_length = len;
|
if (cur->pin->pin.auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return 1;
|
||||||
|
cur->pin->pin.attrs.pin.min_length = len;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1597,7 +1610,9 @@ do_pin_maxlength(struct state *cur, int argc, char **argv)
|
|||||||
|
|
||||||
if (get_uint(cur, argv[0], &len))
|
if (get_uint(cur, argv[0], &len))
|
||||||
return 1;
|
return 1;
|
||||||
cur->pin->pin.max_length = len;
|
if (cur->pin->pin.auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return 1;
|
||||||
|
cur->pin->pin.attrs.pin.max_length = len;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1608,7 +1623,9 @@ do_pin_storedlength(struct state *cur, int argc, char **argv)
|
|||||||
|
|
||||||
if (get_uint(cur, argv[0], &len))
|
if (get_uint(cur, argv[0], &len))
|
||||||
return 1;
|
return 1;
|
||||||
cur->pin->pin.stored_length = len;
|
if (cur->pin->pin.auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return 1;
|
||||||
|
cur->pin->pin.attrs.pin.stored_length = len;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1618,11 +1635,14 @@ do_pin_flags(struct state *cur, int argc, char **argv)
|
|||||||
unsigned int flags;
|
unsigned int flags;
|
||||||
int i, r;
|
int i, r;
|
||||||
|
|
||||||
cur->pin->pin.flags = 0;
|
if (cur->pin->pin.auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
cur->pin->pin.attrs.pin.flags = 0;
|
||||||
for (i = 0; i < argc; i++) {
|
for (i = 0; i < argc; i++) {
|
||||||
if ((r = map_str2int(cur, argv[i], &flags, pinFlagNames)) < 0)
|
if ((r = map_str2int(cur, argv[i], &flags, pinFlagNames)) < 0)
|
||||||
return r;
|
return r;
|
||||||
cur->pin->pin.flags |= flags;
|
cur->pin->pin.attrs.pin.flags |= flags;
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -55,7 +55,7 @@ struct pin_info {
|
|||||||
unsigned int file_offset; /* obsolete */
|
unsigned int file_offset; /* obsolete */
|
||||||
struct file_info * file; /* obsolete */
|
struct file_info * file; /* obsolete */
|
||||||
|
|
||||||
sc_pkcs15_pin_info_t pin;
|
struct sc_pkcs15_auth_info pin;
|
||||||
};
|
};
|
||||||
|
|
||||||
typedef struct sc_macro {
|
typedef struct sc_macro {
|
||||||
@ -131,7 +131,7 @@ int sc_profile_load(struct sc_profile *, const char *);
|
|||||||
int sc_profile_finish(struct sc_profile *, const struct sc_app_info *);
|
int sc_profile_finish(struct sc_profile *, const struct sc_app_info *);
|
||||||
void sc_profile_free(struct sc_profile *);
|
void sc_profile_free(struct sc_profile *);
|
||||||
int sc_profile_build_pkcs15(struct sc_profile *);
|
int sc_profile_build_pkcs15(struct sc_profile *);
|
||||||
void sc_profile_get_pin_info(struct sc_profile *, int, struct sc_pkcs15_pin_info *);
|
void sc_profile_get_pin_info(struct sc_profile *, int, struct sc_pkcs15_auth_info *);
|
||||||
int sc_profile_get_pin_id(struct sc_profile *, unsigned int, int *);
|
int sc_profile_get_pin_id(struct sc_profile *, unsigned int, int *);
|
||||||
int sc_profile_get_file(struct sc_profile *, const char *, struct sc_file **);
|
int sc_profile_get_file(struct sc_profile *, const char *, struct sc_file **);
|
||||||
int sc_profile_get_file_by_path(struct sc_profile *, const struct sc_path *, struct sc_file **);
|
int sc_profile_get_file_by_path(struct sc_profile *, const struct sc_path *, struct sc_file **);
|
||||||
@ -142,7 +142,7 @@ int sc_profile_instantiate_template(struct sc_profile *, const char *, const sc_
|
|||||||
int sc_profile_add_file(struct sc_profile *, const char *, sc_file_t *);
|
int sc_profile_add_file(struct sc_profile *, const char *, sc_file_t *);
|
||||||
int sc_profile_get_file_instance(struct sc_profile *, const char *, int, sc_file_t **);
|
int sc_profile_get_file_instance(struct sc_profile *, const char *, int, sc_file_t **);
|
||||||
int sc_profile_get_pin_id_by_reference(struct sc_profile *, unsigned, int,
|
int sc_profile_get_pin_id_by_reference(struct sc_profile *, unsigned, int,
|
||||||
struct sc_pkcs15_pin_info *);
|
struct sc_pkcs15_auth_info *);
|
||||||
int sc_profile_get_parent(struct sc_profile *profile, const char *, sc_file_t **);
|
int sc_profile_get_parent(struct sc_profile *profile, const char *, sc_file_t **);
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
|
@ -46,12 +46,12 @@ static int enum_pins(struct sc_pkcs15_object ***ret)
|
|||||||
|
|
||||||
static int ask_and_verify_pin(struct sc_pkcs15_object *pin_obj)
|
static int ask_and_verify_pin(struct sc_pkcs15_object *pin_obj)
|
||||||
{
|
{
|
||||||
struct sc_pkcs15_pin_info *pin_info = (struct sc_pkcs15_pin_info *) pin_obj->data;
|
struct sc_pkcs15_auth_info *pin_info = (struct sc_pkcs15_auth_info *) pin_obj->data;
|
||||||
int i = 0;
|
int i = 0;
|
||||||
char prompt[80];
|
char prompt[80];
|
||||||
u8 *pass;
|
u8 *pass;
|
||||||
|
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN) {
|
if (pin_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN) {
|
||||||
printf("Skipping unblocking pin [%s]\n", pin_obj->label);
|
printf("Skipping unblocking pin [%s]\n", pin_obj->label);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -53,38 +53,40 @@ static void print_pin(const struct sc_pkcs15_object *obj)
|
|||||||
"integrity-protected", "confidentiality-protected",
|
"integrity-protected", "confidentiality-protected",
|
||||||
"exchangeRefData"
|
"exchangeRefData"
|
||||||
};
|
};
|
||||||
struct sc_pkcs15_pin_info *pin;
|
struct sc_pkcs15_auth_info *pin;
|
||||||
const int pf_count = sizeof(pin_flags) / sizeof(pin_flags[0]);
|
const int pf_count = sizeof(pin_flags) / sizeof(pin_flags[0]);
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
pin = (struct sc_pkcs15_pin_info *) obj->data;
|
pin = (struct sc_pkcs15_auth_info *) obj->data;
|
||||||
printf("\tAuth ID : %s\n", sc_pkcs15_print_id(&pin->auth_id));
|
printf("\tAuth ID : %s\n", sc_pkcs15_print_id(&pin->auth_id));
|
||||||
printf("\tFlags : [0x%02X]", pin->flags);
|
if (pin->auth_type == SC_PKCS15_PIN_AUTH_TYPE_PIN) {
|
||||||
for (i = 0; i < pf_count; i++)
|
printf("\tFlags : [0x%02X]", pin->attrs.pin.flags);
|
||||||
if (pin->flags & (1 << i)) {
|
for (i = 0; i < pf_count; i++)
|
||||||
printf(", %s", pin_flags[i]);
|
if (pin->attrs.pin.flags & (1 << i)) {
|
||||||
|
printf(", %s", pin_flags[i]);
|
||||||
|
}
|
||||||
|
printf("\n");
|
||||||
|
printf("\tLength : min_len:%lu, max_len:%lu, stored_len:%lu\n",
|
||||||
|
(unsigned long) pin->attrs.pin.min_length,
|
||||||
|
(unsigned long) pin->attrs.pin.max_length,
|
||||||
|
(unsigned long) pin->attrs.pin.stored_length);
|
||||||
|
printf("\tPad char : 0x%02X\n", pin->attrs.pin.pad_char);
|
||||||
|
printf("\tReference : %d\n", pin->attrs.pin.reference);
|
||||||
|
printf("\tEncoding : ");
|
||||||
|
switch (pin->attrs.pin.type) {
|
||||||
|
case SC_PKCS15_PIN_TYPE_BCD:
|
||||||
|
printf("BCD\n"); break;
|
||||||
|
case SC_PKCS15_PIN_TYPE_ASCII_NUMERIC:
|
||||||
|
printf("ASCII-numeric\n"); break;
|
||||||
|
case SC_PKCS15_PIN_TYPE_UTF8:
|
||||||
|
printf("UTF8\n"); break;
|
||||||
|
case SC_PKCS15_PIN_TYPE_HALFNIBBLE_BCD:
|
||||||
|
printf("half-nibble BCD\n"); break;
|
||||||
|
case SC_PKCS15_PIN_TYPE_ISO9564_1:
|
||||||
|
printf("ISO 9564-1\n"); break;
|
||||||
|
default:
|
||||||
|
printf("[encoding %d]\n", pin->attrs.pin.type);
|
||||||
}
|
}
|
||||||
printf("\n");
|
|
||||||
printf("\tLength : min_len:%lu, max_len:%lu, stored_len:%lu\n",
|
|
||||||
(unsigned long) pin->min_length,
|
|
||||||
(unsigned long) pin->max_length,
|
|
||||||
(unsigned long) pin->stored_length);
|
|
||||||
printf("\tPad char : 0x%02X\n", pin->pad_char);
|
|
||||||
printf("\tReference : %d\n", pin->reference);
|
|
||||||
printf("\tEncoding : ");
|
|
||||||
switch (pin->type) {
|
|
||||||
case SC_PKCS15_PIN_TYPE_BCD:
|
|
||||||
printf("BCD\n"); break;
|
|
||||||
case SC_PKCS15_PIN_TYPE_ASCII_NUMERIC:
|
|
||||||
printf("ASCII-numeric\n"); break;
|
|
||||||
case SC_PKCS15_PIN_TYPE_UTF8:
|
|
||||||
printf("UTF8\n"); break;
|
|
||||||
case SC_PKCS15_PIN_TYPE_HALFNIBBLE_BCD:
|
|
||||||
printf("half-nibble BCD\n"); break;
|
|
||||||
case SC_PKCS15_PIN_TYPE_ISO9564_1:
|
|
||||||
printf("ISO 9564-1\n"); break;
|
|
||||||
default:
|
|
||||||
printf("[encoding %d]\n", pin->type);
|
|
||||||
}
|
}
|
||||||
if (pin->path.len)
|
if (pin->path.len)
|
||||||
printf("\tPath : %s\n", sc_print_path(&pin->path));
|
printf("\tPath : %s\n", sc_print_path(&pin->path));
|
||||||
|
@ -124,8 +124,11 @@ static char * get_pin(struct sc_pkcs15_object *obj)
|
|||||||
{
|
{
|
||||||
char buf[80];
|
char buf[80];
|
||||||
char *pincode;
|
char *pincode;
|
||||||
struct sc_pkcs15_pin_info *pinfo = (struct sc_pkcs15_pin_info *) obj->data;
|
struct sc_pkcs15_auth_info *pinfo = (struct sc_pkcs15_auth_info *) obj->data;
|
||||||
|
|
||||||
|
if (pinfo->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
if (opt_pincode != NULL) {
|
if (opt_pincode != NULL) {
|
||||||
if (strcmp(opt_pincode, "-") == 0)
|
if (strcmp(opt_pincode, "-") == 0)
|
||||||
return readpin_stdin();
|
return readpin_stdin();
|
||||||
@ -138,8 +141,8 @@ static char * get_pin(struct sc_pkcs15_object *obj)
|
|||||||
pincode = getpass(buf);
|
pincode = getpass(buf);
|
||||||
if (strlen(pincode) == 0)
|
if (strlen(pincode) == 0)
|
||||||
return NULL;
|
return NULL;
|
||||||
if (strlen(pincode) < pinfo->min_length ||
|
if (strlen(pincode) < pinfo->attrs.pin.min_length ||
|
||||||
strlen(pincode) > pinfo->max_length)
|
strlen(pincode) > pinfo->attrs.pin.max_length)
|
||||||
continue;
|
continue;
|
||||||
return strdup(pincode);
|
return strdup(pincode);
|
||||||
}
|
}
|
||||||
|
@ -100,7 +100,7 @@ static int do_sanity_check(struct sc_profile *profile);
|
|||||||
static int init_keyargs(struct sc_pkcs15init_prkeyargs *);
|
static int init_keyargs(struct sc_pkcs15init_prkeyargs *);
|
||||||
static void init_gost_params(struct sc_pkcs15init_keyarg_gost_params *, EVP_PKEY *);
|
static void init_gost_params(struct sc_pkcs15init_keyarg_gost_params *, EVP_PKEY *);
|
||||||
static int get_pin_callback(struct sc_profile *profile,
|
static int get_pin_callback(struct sc_profile *profile,
|
||||||
int id, const struct sc_pkcs15_pin_info *info,
|
int id, const struct sc_pkcs15_auth_info *info,
|
||||||
const char *label,
|
const char *label,
|
||||||
u8 *pinbuf, size_t *pinsize);
|
u8 *pinbuf, size_t *pinsize);
|
||||||
static int get_key_callback(struct sc_profile *,
|
static int get_key_callback(struct sc_profile *,
|
||||||
@ -388,7 +388,7 @@ typedef struct sc_ui_hints {
|
|||||||
* look like. */
|
* look like. */
|
||||||
const char * obj_label; /* O: object (PIN) label */
|
const char * obj_label; /* O: object (PIN) label */
|
||||||
union {
|
union {
|
||||||
struct sc_pkcs15_pin_info *pin;
|
struct sc_pkcs15_auth_info *pin;
|
||||||
} info;
|
} info;
|
||||||
} sc_ui_hints_t;
|
} sc_ui_hints_t;
|
||||||
|
|
||||||
@ -683,12 +683,13 @@ static int
|
|||||||
do_init_app(struct sc_profile *profile)
|
do_init_app(struct sc_profile *profile)
|
||||||
{
|
{
|
||||||
struct sc_pkcs15init_initargs args;
|
struct sc_pkcs15init_initargs args;
|
||||||
sc_pkcs15_pin_info_t info;
|
sc_pkcs15_auth_info_t info;
|
||||||
sc_ui_hints_t hints;
|
sc_ui_hints_t hints;
|
||||||
const char *role = "so";
|
const char *role = "so";
|
||||||
int r, so_puk_disabled = 0;
|
int r, so_puk_disabled = 0;
|
||||||
|
|
||||||
memset(&hints, 0, sizeof(hints));
|
memset(&hints, 0, sizeof(hints));
|
||||||
|
memset(&info, 0, sizeof(info));
|
||||||
hints.usage = SC_UI_USAGE_NEW_PIN;
|
hints.usage = SC_UI_USAGE_NEW_PIN;
|
||||||
hints.flags = SC_UI_PIN_RETYPE
|
hints.flags = SC_UI_PIN_RETYPE
|
||||||
| SC_UI_PIN_CHECK_LENGTH
|
| SC_UI_PIN_CHECK_LENGTH
|
||||||
@ -709,14 +710,14 @@ do_init_app(struct sc_profile *profile)
|
|||||||
|
|
||||||
sc_pkcs15init_get_pin_info(profile, SC_PKCS15INIT_SO_PIN, &info);
|
sc_pkcs15init_get_pin_info(profile, SC_PKCS15INIT_SO_PIN, &info);
|
||||||
|
|
||||||
if (!(info.flags & SC_PKCS15_PIN_FLAG_SO_PIN))
|
if (!(info.attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN))
|
||||||
role = "user";
|
role = "user";
|
||||||
else
|
else
|
||||||
hints.flags |= SC_UI_PIN_OPTIONAL; /* SO PIN is always optional */
|
hints.flags |= SC_UI_PIN_OPTIONAL; /* SO PIN is always optional */
|
||||||
|
|
||||||
|
|
||||||
if ((info.flags & SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED)
|
if ((info.attrs.pin.flags & SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED)
|
||||||
&& (info.flags & SC_PKCS15_PIN_FLAG_SO_PIN))
|
&& (info.attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN))
|
||||||
so_puk_disabled = 1;
|
so_puk_disabled = 1;
|
||||||
|
|
||||||
|
|
||||||
@ -729,7 +730,7 @@ do_init_app(struct sc_profile *profile)
|
|||||||
if (!so_puk_disabled && opt_pins[2] && !opt_pins[3] && !opt_no_prompt) {
|
if (!so_puk_disabled && opt_pins[2] && !opt_pins[3] && !opt_no_prompt) {
|
||||||
sc_pkcs15init_get_pin_info(profile, SC_PKCS15INIT_SO_PUK, &info);
|
sc_pkcs15init_get_pin_info(profile, SC_PKCS15INIT_SO_PUK, &info);
|
||||||
|
|
||||||
if (!(info.flags & SC_PKCS15_PIN_FLAG_SO_PIN))
|
if (!(info.attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN))
|
||||||
role = "user";
|
role = "user";
|
||||||
|
|
||||||
hints.flags |= SC_UI_PIN_OPTIONAL;
|
hints.flags |= SC_UI_PIN_OPTIONAL;
|
||||||
@ -764,7 +765,7 @@ static int
|
|||||||
do_store_pin(struct sc_profile *profile)
|
do_store_pin(struct sc_profile *profile)
|
||||||
{
|
{
|
||||||
struct sc_pkcs15init_pinargs args;
|
struct sc_pkcs15init_pinargs args;
|
||||||
sc_pkcs15_pin_info_t info;
|
sc_pkcs15_auth_info_t info;
|
||||||
sc_ui_hints_t hints;
|
sc_ui_hints_t hints;
|
||||||
int r;
|
int r;
|
||||||
const char *pin_id;
|
const char *pin_id;
|
||||||
@ -801,7 +802,7 @@ do_store_pin(struct sc_profile *profile)
|
|||||||
args.pin_len = strlen(opt_pins[0]);
|
args.pin_len = strlen(opt_pins[0]);
|
||||||
args.label = opt_label;
|
args.label = opt_label;
|
||||||
|
|
||||||
if (!(info.flags & SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED)
|
if (!(info.attrs.pin.flags & SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED)
|
||||||
&& opt_pins[1] == NULL) {
|
&& opt_pins[1] == NULL) {
|
||||||
sc_pkcs15init_get_pin_info(profile, SC_PKCS15INIT_USER_PUK, &info);
|
sc_pkcs15init_get_pin_info(profile, SC_PKCS15INIT_USER_PUK, &info);
|
||||||
|
|
||||||
@ -1626,7 +1627,7 @@ static int get_new_pin(sc_ui_hints_t *hints,
|
|||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
get_pin_callback(struct sc_profile *profile,
|
get_pin_callback(struct sc_profile *profile,
|
||||||
int id, const struct sc_pkcs15_pin_info *info,
|
int id, const struct sc_pkcs15_auth_info *info,
|
||||||
const char *label,
|
const char *label,
|
||||||
u8 *pinbuf, size_t *pinsize)
|
u8 *pinbuf, size_t *pinsize)
|
||||||
{
|
{
|
||||||
@ -1636,13 +1637,13 @@ get_pin_callback(struct sc_profile *profile,
|
|||||||
size_t len = 0;
|
size_t len = 0;
|
||||||
int allocated = 0;
|
int allocated = 0;
|
||||||
|
|
||||||
if (label) {
|
if (info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
|
|
||||||
|
if (label)
|
||||||
snprintf(namebuf, sizeof(namebuf), "PIN [%s]", label);
|
snprintf(namebuf, sizeof(namebuf), "PIN [%s]", label);
|
||||||
} else {
|
else
|
||||||
snprintf(namebuf, sizeof(namebuf),
|
snprintf(namebuf, sizeof(namebuf), "Unspecified PIN [reference %u]", info->attrs.pin.reference);
|
||||||
"Unspecified PIN [reference %u]",
|
|
||||||
info->reference);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!ignore_cmdline_pins) {
|
if (!ignore_cmdline_pins) {
|
||||||
if (info->auth_method == SC_AC_SYMBOLIC) {
|
if (info->auth_method == SC_AC_SYMBOLIC) {
|
||||||
@ -1666,23 +1667,23 @@ get_pin_callback(struct sc_profile *profile,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if (info->auth_method == SC_AC_CHV) {
|
else if (info->auth_method == SC_AC_CHV) {
|
||||||
if (!(info->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
if (!(info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
||||||
&& !(info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)) {
|
&& !(info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)) {
|
||||||
name = "User PIN";
|
name = "User PIN";
|
||||||
secret = opt_pins[OPT_PIN1 & 3];
|
secret = opt_pins[OPT_PIN1 & 3];
|
||||||
}
|
}
|
||||||
else if (!(info->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
else if (!(info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
||||||
&& (info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)) {
|
&& (info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)) {
|
||||||
name = "User PUK";
|
name = "User PUK";
|
||||||
secret = opt_pins[OPT_PUK1 & 3];
|
secret = opt_pins[OPT_PUK1 & 3];
|
||||||
}
|
}
|
||||||
else if ((info->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
else if ((info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
||||||
&& !(info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)) {
|
&& !(info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)) {
|
||||||
name = "Security officer PIN";
|
name = "Security officer PIN";
|
||||||
secret = opt_pins[OPT_PIN2 & 3];
|
secret = opt_pins[OPT_PIN2 & 3];
|
||||||
}
|
}
|
||||||
else if ((info->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
else if ((info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
||||||
&& (info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)) {
|
&& (info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)) {
|
||||||
name = "Security officer PIN unlock key";
|
name = "Security officer PIN unlock key";
|
||||||
secret = opt_pins[OPT_PUK2 & 3];
|
secret = opt_pins[OPT_PUK2 & 3];
|
||||||
}
|
}
|
||||||
@ -2717,15 +2718,18 @@ ossl_print_errors(void)
|
|||||||
*/
|
*/
|
||||||
int get_pin(sc_ui_hints_t *hints, char **out)
|
int get_pin(sc_ui_hints_t *hints, char **out)
|
||||||
{
|
{
|
||||||
sc_pkcs15_pin_info_t *pin_info;
|
sc_pkcs15_auth_info_t *pin_info;
|
||||||
const char *label;
|
const char *label;
|
||||||
int flags = hints->flags;
|
int flags = hints->flags;
|
||||||
|
|
||||||
pin_info = hints->info.pin;
|
pin_info = hints->info.pin;
|
||||||
|
if (pin_info && pin_info->auth_type == SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
|
|
||||||
if (!(label = hints->obj_label)) {
|
if (!(label = hints->obj_label)) {
|
||||||
if (pin_info == NULL) {
|
if (pin_info == NULL) {
|
||||||
label = "PIN";
|
label = "PIN";
|
||||||
} else if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
} else if (pin_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
|
||||||
label = "Security Officer PIN";
|
label = "Security Officer PIN";
|
||||||
} else {
|
} else {
|
||||||
label = "User PIN";
|
label = "User PIN";
|
||||||
@ -2758,17 +2762,17 @@ int get_pin(sc_ui_hints_t *hints, char **out)
|
|||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if (pin_info && (flags & SC_UI_PIN_CHECK_LENGTH)) {
|
if (pin_info && (flags & SC_UI_PIN_CHECK_LENGTH)) {
|
||||||
if (strlen(pin) < pin_info->min_length) {
|
if (strlen(pin) < pin_info->attrs.pin.min_length) {
|
||||||
fprintf(stderr,
|
fprintf(stderr,
|
||||||
"PIN too short (min %lu characters)\n",
|
"PIN too short (min %lu characters)\n",
|
||||||
(unsigned long) pin_info->min_length);
|
(unsigned long) pin_info->attrs.pin.min_length);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if (pin_info->max_length
|
if (pin_info->attrs.pin.max_length
|
||||||
&& strlen(pin) > pin_info->max_length) {
|
&& strlen(pin) > pin_info->attrs.pin.max_length) {
|
||||||
fprintf(stderr,
|
fprintf(stderr,
|
||||||
"PIN too long (max %lu characters)\n",
|
"PIN too long (max %lu characters)\n",
|
||||||
(unsigned long) pin_info->max_length);
|
(unsigned long) pin_info->attrs.pin.max_length);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -2827,11 +2831,13 @@ static int verify_pin(struct sc_pkcs15_card *p15card, char *auth_id_str)
|
|||||||
}
|
}
|
||||||
|
|
||||||
for (ii=0;ii<r;ii++) {
|
for (ii=0;ii<r;ii++) {
|
||||||
struct sc_pkcs15_pin_info *pin_info = (struct sc_pkcs15_pin_info *) objs[ii]->data;
|
struct sc_pkcs15_auth_info *pin_info = (struct sc_pkcs15_auth_info *) objs[ii]->data;
|
||||||
|
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
if (pin_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
continue;
|
continue;
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)
|
if (pin_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
||||||
|
continue;
|
||||||
|
if (pin_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
pin_obj = objs[ii];
|
pin_obj = objs[ii];
|
||||||
|
@ -962,23 +962,26 @@ get_pin_info(void)
|
|||||||
|
|
||||||
static u8 * get_pin(const char *prompt, sc_pkcs15_object_t *pin_obj)
|
static u8 * get_pin(const char *prompt, sc_pkcs15_object_t *pin_obj)
|
||||||
{
|
{
|
||||||
sc_pkcs15_pin_info_t *pinfo = (sc_pkcs15_pin_info_t *) pin_obj->data;
|
sc_pkcs15_auth_info_t *pinfo = (sc_pkcs15_auth_info_t *) pin_obj->data;
|
||||||
char *pincode = NULL;
|
char *pincode = NULL;
|
||||||
size_t len = 0;
|
size_t len = 0;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
printf("%s [%s]: ", prompt, pin_obj->label);
|
printf("%s [%s]: ", prompt, pin_obj->label);
|
||||||
|
if (pinfo->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
while (1) {
|
while (1) {
|
||||||
r = util_getpass(&pincode, &len, stdin);
|
r = util_getpass(&pincode, &len, stdin);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return NULL;
|
return NULL;
|
||||||
if (!pincode || strlen(pincode) == 0)
|
if (!pincode || strlen(pincode) == 0)
|
||||||
return NULL;
|
return NULL;
|
||||||
if (strlen(pincode) < pinfo->min_length) {
|
if (strlen(pincode) < pinfo->attrs.pin.min_length) {
|
||||||
printf("PIN code too short, try again.\n");
|
printf("PIN code too short, try again.\n");
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if (strlen(pincode) > pinfo->max_length) {
|
if (strlen(pincode) > pinfo->attrs.pin.max_length) {
|
||||||
printf("PIN code too long, try again.\n");
|
printf("PIN code too long, try again.\n");
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
@ -1003,11 +1006,13 @@ static int verify_pin(void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
for (ii=0;ii<r;ii++) {
|
for (ii=0;ii<r;ii++) {
|
||||||
struct sc_pkcs15_pin_info *pin_info = (struct sc_pkcs15_pin_info *) objs[ii]->data;
|
struct sc_pkcs15_auth_info *pin_info = (struct sc_pkcs15_auth_info *) objs[ii]->data;
|
||||||
|
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
if (pin_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
continue;
|
continue;
|
||||||
if (pin_info->flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)
|
if (pin_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_SO_PIN)
|
||||||
|
continue;
|
||||||
|
if (pin_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
pin_obj = objs[ii];
|
pin_obj = objs[ii];
|
||||||
@ -1068,7 +1073,7 @@ static void print_pin_info(const struct sc_pkcs15_object *obj)
|
|||||||
};
|
};
|
||||||
const char *pin_types[] = {"bcd", "ascii-numeric", "UTF-8",
|
const char *pin_types[] = {"bcd", "ascii-numeric", "UTF-8",
|
||||||
"halfnibble bcd", "iso 9664-1"};
|
"halfnibble bcd", "iso 9664-1"};
|
||||||
const struct sc_pkcs15_pin_info *pin = (const struct sc_pkcs15_pin_info *) obj->data;
|
const struct sc_pkcs15_auth_info *pin = (const struct sc_pkcs15_auth_info *) obj->data;
|
||||||
const size_t pf_count = NELEMENTS(pin_flags);
|
const size_t pf_count = NELEMENTS(pin_flags);
|
||||||
size_t i;
|
size_t i;
|
||||||
|
|
||||||
@ -1077,21 +1082,23 @@ static void print_pin_info(const struct sc_pkcs15_object *obj)
|
|||||||
if (obj->auth_id.len)
|
if (obj->auth_id.len)
|
||||||
printf("\tAuth ID : %s\n", sc_pkcs15_print_id(&obj->auth_id));
|
printf("\tAuth ID : %s\n", sc_pkcs15_print_id(&obj->auth_id));
|
||||||
printf("\tID : %s\n", sc_pkcs15_print_id(&pin->auth_id));
|
printf("\tID : %s\n", sc_pkcs15_print_id(&pin->auth_id));
|
||||||
printf("\tFlags : [0x%02X]", pin->flags);
|
if (pin->auth_type == SC_PKCS15_PIN_AUTH_TYPE_PIN) {
|
||||||
for (i = 0; i < pf_count; i++)
|
printf("\tFlags : [0x%02X]", pin->attrs.pin.flags);
|
||||||
if (pin->flags & (1 << i)) {
|
for (i = 0; i < pf_count; i++)
|
||||||
printf(", %s", pin_flags[i]);
|
if (pin->attrs.pin.flags & (1 << i)) {
|
||||||
}
|
printf(", %s", pin_flags[i]);
|
||||||
printf("\n");
|
}
|
||||||
printf("\tLength : min_len:%lu, max_len:%lu, stored_len:%lu\n",
|
printf("\n");
|
||||||
(unsigned long)pin->min_length, (unsigned long)pin->max_length,
|
printf("\tLength : min_len:%lu, max_len:%lu, stored_len:%lu\n",
|
||||||
(unsigned long)pin->stored_length);
|
(unsigned long)pin->attrs.pin.min_length, (unsigned long)pin->attrs.pin.max_length,
|
||||||
printf("\tPad char : 0x%02X\n", pin->pad_char);
|
(unsigned long)pin->attrs.pin.stored_length);
|
||||||
printf("\tReference : %d\n", pin->reference);
|
printf("\tPad char : 0x%02X\n", pin->attrs.pin.pad_char);
|
||||||
if (pin->type < NELEMENTS(pin_types))
|
printf("\tReference : %d\n", pin->attrs.pin.reference);
|
||||||
printf("\tType : %s\n", pin_types[pin->type]);
|
if (pin->attrs.pin.type < NELEMENTS(pin_types))
|
||||||
else
|
printf("\tType : %s\n", pin_types[pin->attrs.pin.type]);
|
||||||
printf("\tType : [encoding %d]\n", pin->type);
|
else
|
||||||
|
printf("\tType : [encoding %d]\n", pin->attrs.pin.type);
|
||||||
|
}
|
||||||
if (pin->path.len || pin->path.aid.len)
|
if (pin->path.len || pin->path.aid.len)
|
||||||
printf("\tPath : %s\n", sc_print_path(&pin->path));
|
printf("\tPath : %s\n", sc_print_path(&pin->path));
|
||||||
if (pin->tries_left >= 0)
|
if (pin->tries_left >= 0)
|
||||||
@ -1184,7 +1191,7 @@ static int dump(void)
|
|||||||
|
|
||||||
static int unblock_pin(void)
|
static int unblock_pin(void)
|
||||||
{
|
{
|
||||||
struct sc_pkcs15_pin_info *pinfo = NULL;
|
struct sc_pkcs15_auth_info *pinfo = NULL;
|
||||||
sc_pkcs15_object_t *pin_obj;
|
sc_pkcs15_object_t *pin_obj;
|
||||||
u8 *pin, *puk;
|
u8 *pin, *puk;
|
||||||
int r, pinpad_present = 0;
|
int r, pinpad_present = 0;
|
||||||
@ -1193,7 +1200,10 @@ static int unblock_pin(void)
|
|||||||
|
|
||||||
if (!(pin_obj = get_pin_info()))
|
if (!(pin_obj = get_pin_info()))
|
||||||
return 2;
|
return 2;
|
||||||
pinfo = (sc_pkcs15_pin_info_t *) pin_obj->data;
|
pinfo = (sc_pkcs15_auth_info_t *) pin_obj->data;
|
||||||
|
|
||||||
|
if (pinfo->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return 1;
|
||||||
|
|
||||||
puk = opt_puk;
|
puk = opt_puk;
|
||||||
if (puk == NULL) {
|
if (puk == NULL) {
|
||||||
@ -1248,7 +1258,7 @@ static int unblock_pin(void)
|
|||||||
static int change_pin(void)
|
static int change_pin(void)
|
||||||
{
|
{
|
||||||
sc_pkcs15_object_t *pin_obj;
|
sc_pkcs15_object_t *pin_obj;
|
||||||
sc_pkcs15_pin_info_t *pinfo = NULL;
|
sc_pkcs15_auth_info_t *pinfo = NULL;
|
||||||
u8 *pincode, *newpin;
|
u8 *pincode, *newpin;
|
||||||
int r, pinpad_present = 0;
|
int r, pinpad_present = 0;
|
||||||
|
|
||||||
@ -1256,7 +1266,10 @@ static int change_pin(void)
|
|||||||
|
|
||||||
if (!(pin_obj = get_pin_info()))
|
if (!(pin_obj = get_pin_info()))
|
||||||
return 2;
|
return 2;
|
||||||
pinfo = (sc_pkcs15_pin_info_t *) pin_obj->data;
|
|
||||||
|
pinfo = (sc_pkcs15_auth_info_t *) pin_obj->data;
|
||||||
|
if (pinfo->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||||
|
return 1;
|
||||||
|
|
||||||
if (pinfo->tries_left != -1) {
|
if (pinfo->tries_left != -1) {
|
||||||
if (pinfo->tries_left != pinfo->max_tries) {
|
if (pinfo->tries_left != pinfo->max_tries) {
|
||||||
|
Loading…
Reference in New Issue
Block a user