OpenPGP: set pin references to 0x01 - 0x03
Set pin references to 0x01 - 0x03 instead of 0x81 - 0x83. The PINs are referenced as PIN1- PIN3 (resp. PW1 - PW3) in the OpenPGP card specification. Technically the APDUs to verify/change the PINs contain the values OR-ed with 0x80, but this is just a technical detail of the implementation which the emulated file system can hide in pgp_pin_cmd(). Pros & Cons: + consistent PIN naming + no trouble entering the correct PIN names in opensc-explorer et.al. ("verify CHV1" is way better than "verify CHV129") - manually entering the correct APDU for VERIFY is a bit more complex. (who does this anyway, when there are better functions) While at it, change if .. elsif ... cascade to switch statement.
This commit is contained in:
parent
89c1dd37e4
commit
f5dc252aa9
|
@ -546,27 +546,27 @@ pgp_set_blob(struct blob *blob, const u8 *data, size_t len)
|
||||||
static int
|
static int
|
||||||
pgp_attach_acl(sc_card_t *card, sc_file_t *file, struct do_info *info)
|
pgp_attach_acl(sc_card_t *card, sc_file_t *file, struct do_info *info)
|
||||||
{
|
{
|
||||||
int waccess = info->access & WRITE_MASK;
|
|
||||||
int raccess = info->access & READ_MASK;
|
|
||||||
sc_acl_entry_t *acl;
|
sc_acl_entry_t *acl;
|
||||||
unsigned int method = SC_AC_NONE;
|
unsigned int method = SC_AC_NONE;
|
||||||
unsigned long key_ref = 0;
|
unsigned long key_ref = 0;
|
||||||
|
|
||||||
/* Write access */
|
/* Write access */
|
||||||
if (waccess == WRITE_NEVER) {
|
switch (info->access & WRITE_MASK) {
|
||||||
|
case WRITE_NEVER:
|
||||||
method = SC_AC_NEVER;
|
method = SC_AC_NEVER;
|
||||||
}
|
break;
|
||||||
else if (waccess == WRITE_PIN1) {
|
case WRITE_PIN1:
|
||||||
method = SC_AC_CHV;
|
method = SC_AC_CHV;
|
||||||
key_ref = 0x81;
|
key_ref = 0x01;
|
||||||
}
|
break;
|
||||||
else if (waccess == WRITE_PIN2) {
|
case WRITE_PIN2:
|
||||||
method = SC_AC_CHV;
|
method = SC_AC_CHV;
|
||||||
key_ref = 0x82;
|
key_ref = 0x01;
|
||||||
}
|
break;
|
||||||
else if (waccess == WRITE_PIN3) {
|
case WRITE_PIN3:
|
||||||
method = SC_AC_CHV;
|
method = SC_AC_CHV;
|
||||||
key_ref = 0x83;
|
key_ref = 0x01;
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (method != SC_AC_NONE || key_ref != 0) {
|
if (method != SC_AC_NONE || key_ref != 0) {
|
||||||
|
@ -579,21 +579,24 @@ pgp_attach_acl(sc_card_t *card, sc_file_t *file, struct do_info *info)
|
||||||
method = SC_AC_NONE;
|
method = SC_AC_NONE;
|
||||||
key_ref = 0;
|
key_ref = 0;
|
||||||
/* Read access */
|
/* Read access */
|
||||||
if (raccess == READ_NEVER) {
|
switch (info->access & READ_MASK) {
|
||||||
|
case READ_NEVER:
|
||||||
method = SC_AC_NEVER;
|
method = SC_AC_NEVER;
|
||||||
}
|
break;
|
||||||
else if (raccess == READ_PIN1){
|
case READ_PIN1:
|
||||||
method = SC_AC_CHV;
|
method = SC_AC_CHV;
|
||||||
key_ref = 0x81;
|
key_ref = 0x01;
|
||||||
}
|
break;
|
||||||
else if (raccess == READ_PIN2){
|
case READ_PIN2:
|
||||||
method = SC_AC_CHV;
|
method = SC_AC_CHV;
|
||||||
key_ref = 0x82;
|
key_ref = 0x01;
|
||||||
}
|
break;
|
||||||
else if (raccess == READ_PIN3){
|
case READ_PIN3:
|
||||||
method = SC_AC_CHV;
|
method = SC_AC_CHV;
|
||||||
key_ref = 0x83;
|
key_ref = 0x01;
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (method != SC_AC_NONE || key_ref != 0) {
|
if (method != SC_AC_NONE || key_ref != 0) {
|
||||||
sc_file_add_acl_entry(file, SC_AC_OP_READ, method, key_ref);
|
sc_file_add_acl_entry(file, SC_AC_OP_READ, method, key_ref);
|
||||||
}
|
}
|
||||||
|
|
|
@ -57,17 +57,17 @@ typedef struct _pgp_pin_cfg {
|
||||||
* "Signature PIN2 & "Encryption PIN" are two different PINs - not sync'ed by hardware
|
* "Signature PIN2 & "Encryption PIN" are two different PINs - not sync'ed by hardware
|
||||||
*/
|
*/
|
||||||
static const pgp_pin_cfg_t pin_cfg_v1[3] = {
|
static const pgp_pin_cfg_t pin_cfg_v1[3] = {
|
||||||
{ "Signature PIN", 0x81, PGP_USER_PIN_FLAGS, 6, 0 }, // used for PSO:CDS
|
{ "Signature PIN", 0x01, PGP_USER_PIN_FLAGS, 6, 0 }, // used for PSO:CDS
|
||||||
{ "Encryption PIN", 0x82, PGP_USER_PIN_FLAGS, 6, 1 }, // used for PSO:DEC, INT-AUT, {GET,PUT} DATA
|
{ "Encryption PIN", 0x02, PGP_USER_PIN_FLAGS, 6, 1 }, // used for PSO:DEC, INT-AUT, {GET,PUT} DATA
|
||||||
{ "Admin PIN", 0x83, PGP_ADMIN_PIN_FLAGS, 8, 2 }
|
{ "Admin PIN", 0x03, PGP_ADMIN_PIN_FLAGS, 8, 2 }
|
||||||
};
|
};
|
||||||
/* OpenPGP cards v2:
|
/* OpenPGP cards v2:
|
||||||
* "User PIN (sig)" & "User PIN" are the same PIN, but c$use different references depending on action
|
* "User PIN (sig)" & "User PIN" are the same PIN, but use different references depending on action
|
||||||
*/
|
*/
|
||||||
static const pgp_pin_cfg_t pin_cfg_v2[3] = {
|
static const pgp_pin_cfg_t pin_cfg_v2[3] = {
|
||||||
{ "User PIN (sig)", 0x81, PGP_USER_PIN_FLAGS, 6, 0 }, // used for PSO:CDS
|
{ "User PIN (sig)", 0x01, PGP_USER_PIN_FLAGS, 6, 0 }, // used for PSO:CDS
|
||||||
{ "User PIN", 0x82, PGP_USER_PIN_FLAGS, 6, 0 }, // used for PSO:DEC, INT-AUT, {GET,PUT} DATA
|
{ "User PIN", 0x02, PGP_USER_PIN_FLAGS, 6, 0 }, // used for PSO:DEC, INT-AUT, {GET,PUT} DATA
|
||||||
{ "Admin PIN", 0x83, PGP_ADMIN_PIN_FLAGS, 8, 2 }
|
{ "Admin PIN", 0x03, PGP_ADMIN_PIN_FLAGS, 8, 2 }
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue