sc-hsm: Bind PIN object to applet aid to ensure SELECT before PIN verification
This commit is contained in:
parent
c41153aa13
commit
d8d47bb06f
@ -85,10 +85,6 @@ static int sc_hsm_select_file(sc_card_t *card,
|
||||
sc_file_t *file = NULL;
|
||||
|
||||
if (file_out == NULL) { // Versions before 0.16 of the SmartCard-HSM do not support P2='0C'
|
||||
if (!in_path->len && in_path->aid.len) {
|
||||
sc_log(card->ctx, "Preventing reselection of applet which would clear the security state");
|
||||
return SC_SUCCESS;
|
||||
}
|
||||
rv = sc_hsm_select_file(card, in_path, &file);
|
||||
if (file != NULL) {
|
||||
sc_file_free(file);
|
||||
|
@ -866,9 +866,10 @@ static int sc_pkcs15emu_sc_hsm_init (sc_pkcs15_card_t * p15card)
|
||||
|
||||
pin_info.auth_id.len = 1;
|
||||
pin_info.auth_id.value[0] = 1;
|
||||
pin_info.path.aid = sc_hsm_aid;
|
||||
pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
||||
pin_info.attrs.pin.reference = 0x81;
|
||||
pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_LOCAL|SC_PKCS15_PIN_FLAG_INITIALIZED|SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED|SC_PKCS15_PIN_FLAG_EXCHANGE_REF_DATA;
|
||||
pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_LOCAL|SC_PKCS15_PIN_FLAG_INITIALIZED|SC_PKCS15_PIN_FLAG_EXCHANGE_REF_DATA;
|
||||
pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC;
|
||||
pin_info.attrs.pin.min_length = 6;
|
||||
pin_info.attrs.pin.stored_length = 0;
|
||||
@ -890,16 +891,17 @@ static int sc_pkcs15emu_sc_hsm_init (sc_pkcs15_card_t * p15card)
|
||||
|
||||
pin_info.auth_id.len = 1;
|
||||
pin_info.auth_id.value[0] = 2;
|
||||
pin_info.path.aid = sc_hsm_aid;
|
||||
pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
||||
pin_info.attrs.pin.reference = 0x88;
|
||||
pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_LOCAL|SC_PKCS15_PIN_FLAG_CHANGE_DISABLED|SC_PKCS15_PIN_FLAG_INITIALIZED|SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED|SC_PKCS15_PIN_FLAG_SO_PIN;
|
||||
pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_LOCAL|SC_PKCS15_PIN_FLAG_INITIALIZED|SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED|SC_PKCS15_PIN_FLAG_SO_PIN;
|
||||
pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_BCD;
|
||||
pin_info.attrs.pin.min_length = 16;
|
||||
pin_info.attrs.pin.stored_length = 0;
|
||||
pin_info.attrs.pin.max_length = 16;
|
||||
pin_info.attrs.pin.pad_char = '\0';
|
||||
pin_info.tries_left = 3;
|
||||
pin_info.max_tries = 3;
|
||||
pin_info.tries_left = 15;
|
||||
pin_info.max_tries = 15;
|
||||
|
||||
strlcpy(pin_obj.label, "SOPIN", sizeof(pin_obj.label));
|
||||
pin_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE;
|
||||
|
@ -5,65 +5,16 @@ cardinfo {
|
||||
label = "SmartCard-HSM";
|
||||
manufacturer = "CardContact";
|
||||
|
||||
max-pin-length = 16;
|
||||
max-pin-length = 15;
|
||||
min-pin-length = 6;
|
||||
pin-encoding = ascii-numeric;
|
||||
}
|
||||
|
||||
# Default settings.
|
||||
# This option block will always be processed.
|
||||
option default {
|
||||
macros {
|
||||
protected = *=$SOPIN, READ=NONE;
|
||||
unprotected = *=NONE;
|
||||
so-pin-flags = local, initialized, soPin;
|
||||
so-min-pin-length = 8;
|
||||
so-pin-attempts = 3;
|
||||
so-auth-id = 3;
|
||||
odf-size = 256;
|
||||
aodf-size = 256;
|
||||
cdf-size = 512;
|
||||
prkdf-size = 256;
|
||||
pukdf-size = 256;
|
||||
dodf-size = 256;
|
||||
}
|
||||
}
|
||||
|
||||
filesystem {
|
||||
DF MF {
|
||||
path = 3F00;
|
||||
type = DF;
|
||||
|
||||
# This is the DIR file
|
||||
EF DIR {
|
||||
type = EF;
|
||||
file-id = 2F00;
|
||||
acl = *=NONE;
|
||||
}
|
||||
|
||||
# Here comes the application DF
|
||||
DF PKCS15-AppDF {
|
||||
type = DF;
|
||||
exclusive-aid = E8:2B:06:01:04:01:81:C3:1F:02:01;
|
||||
acl = *=NONE;
|
||||
|
||||
EF PKCS15-TokenInfo {
|
||||
ACL = $unprotected;
|
||||
}
|
||||
|
||||
EF PKCS15-PrKDF {
|
||||
size = $prkdf-size;
|
||||
acl = $protected;
|
||||
}
|
||||
|
||||
EF PKCS15-PuKDF {
|
||||
size = $pukdf-size;
|
||||
acl = $protected;
|
||||
}
|
||||
|
||||
EF PKCS15-CDF {
|
||||
acl = $unprotected;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user