From f5dc252aa96ca1f3116785f97bc05ab49f394e00 Mon Sep 17 00:00:00 2001 From: Peter Marschall Date: Sat, 2 Jun 2012 08:13:55 +0200 Subject: [PATCH] OpenPGP: set pin references to 0x01 - 0x03 Set pin references to 0x01 - 0x03 instead of 0x81 - 0x83. The PINs are referenced as PIN1- PIN3 (resp. PW1 - PW3) in the OpenPGP card specification. Technically the APDUs to verify/change the PINs contain the values OR-ed with 0x80, but this is just a technical detail of the implementation which the emulated file system can hide in pgp_pin_cmd(). Pros & Cons: + consistent PIN naming + no trouble entering the correct PIN names in opensc-explorer et.al. ("verify CHV1" is way better than "verify CHV129") - manually entering the correct APDU for VERIFY is a bit more complex. (who does this anyway, when there are better functions) While at it, change if .. elsif ... cascade to switch statement. --- src/libopensc/card-openpgp.c | 47 ++++++++++++++++++---------------- src/libopensc/pkcs15-openpgp.c | 14 +++++----- 2 files changed, 32 insertions(+), 29 deletions(-) diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c index 51d44d77..0ce2b46d 100644 --- a/src/libopensc/card-openpgp.c +++ b/src/libopensc/card-openpgp.c @@ -546,27 +546,27 @@ pgp_set_blob(struct blob *blob, const u8 *data, size_t len) static int pgp_attach_acl(sc_card_t *card, sc_file_t *file, struct do_info *info) { - int waccess = info->access & WRITE_MASK; - int raccess = info->access & READ_MASK; sc_acl_entry_t *acl; unsigned int method = SC_AC_NONE; unsigned long key_ref = 0; /* Write access */ - if (waccess == WRITE_NEVER) { + switch (info->access & WRITE_MASK) { + case WRITE_NEVER: method = SC_AC_NEVER; - } - else if (waccess == WRITE_PIN1) { + break; + case WRITE_PIN1: method = SC_AC_CHV; - key_ref = 0x81; - } - else if (waccess == WRITE_PIN2) { + key_ref = 0x01; + break; + case WRITE_PIN2: method = SC_AC_CHV; - key_ref = 0x82; - } - else if (waccess == WRITE_PIN3) { + key_ref = 0x01; + break; + case WRITE_PIN3: method = SC_AC_CHV; - key_ref = 0x83; + key_ref = 0x01; + break; } if (method != SC_AC_NONE || key_ref != 0) { @@ -579,21 +579,24 @@ pgp_attach_acl(sc_card_t *card, sc_file_t *file, struct do_info *info) method = SC_AC_NONE; key_ref = 0; /* Read access */ - if (raccess == READ_NEVER) { + switch (info->access & READ_MASK) { + case READ_NEVER: method = SC_AC_NEVER; - } - else if (raccess == READ_PIN1){ + break; + case READ_PIN1: method = SC_AC_CHV; - key_ref = 0x81; - } - else if (raccess == READ_PIN2){ + key_ref = 0x01; + break; + case READ_PIN2: method = SC_AC_CHV; - key_ref = 0x82; - } - else if (raccess == READ_PIN3){ + key_ref = 0x01; + break; + case READ_PIN3: method = SC_AC_CHV; - key_ref = 0x83; + key_ref = 0x01; + break; } + if (method != SC_AC_NONE || key_ref != 0) { sc_file_add_acl_entry(file, SC_AC_OP_READ, method, key_ref); } diff --git a/src/libopensc/pkcs15-openpgp.c b/src/libopensc/pkcs15-openpgp.c index a01e2eda..5264f62c 100644 --- a/src/libopensc/pkcs15-openpgp.c +++ b/src/libopensc/pkcs15-openpgp.c @@ -57,17 +57,17 @@ typedef struct _pgp_pin_cfg { * "Signature PIN2 & "Encryption PIN" are two different PINs - not sync'ed by hardware */ static const pgp_pin_cfg_t pin_cfg_v1[3] = { - { "Signature PIN", 0x81, PGP_USER_PIN_FLAGS, 6, 0 }, // used for PSO:CDS - { "Encryption PIN", 0x82, PGP_USER_PIN_FLAGS, 6, 1 }, // used for PSO:DEC, INT-AUT, {GET,PUT} DATA - { "Admin PIN", 0x83, PGP_ADMIN_PIN_FLAGS, 8, 2 } + { "Signature PIN", 0x01, PGP_USER_PIN_FLAGS, 6, 0 }, // used for PSO:CDS + { "Encryption PIN", 0x02, PGP_USER_PIN_FLAGS, 6, 1 }, // used for PSO:DEC, INT-AUT, {GET,PUT} DATA + { "Admin PIN", 0x03, PGP_ADMIN_PIN_FLAGS, 8, 2 } }; /* OpenPGP cards v2: - * "User PIN (sig)" & "User PIN" are the same PIN, but c$use different references depending on action + * "User PIN (sig)" & "User PIN" are the same PIN, but use different references depending on action */ static const pgp_pin_cfg_t pin_cfg_v2[3] = { - { "User PIN (sig)", 0x81, PGP_USER_PIN_FLAGS, 6, 0 }, // used for PSO:CDS - { "User PIN", 0x82, PGP_USER_PIN_FLAGS, 6, 0 }, // used for PSO:DEC, INT-AUT, {GET,PUT} DATA - { "Admin PIN", 0x83, PGP_ADMIN_PIN_FLAGS, 8, 2 } + { "User PIN (sig)", 0x01, PGP_USER_PIN_FLAGS, 6, 0 }, // used for PSO:CDS + { "User PIN", 0x02, PGP_USER_PIN_FLAGS, 6, 0 }, // used for PSO:DEC, INT-AUT, {GET,PUT} DATA + { "Admin PIN", 0x03, PGP_ADMIN_PIN_FLAGS, 8, 2 } };