OpenPGP: set pin references to 0x01 - 0x03
Set pin references to 0x01 - 0x03 instead of 0x81 - 0x83. The PINs are referenced as PIN1- PIN3 (resp. PW1 - PW3) in the OpenPGP card specification. Technically the APDUs to verify/change the PINs contain the values OR-ed with 0x80, but this is just a technical detail of the implementation which the emulated file system can hide in pgp_pin_cmd(). Pros & Cons: + consistent PIN naming + no trouble entering the correct PIN names in opensc-explorer et.al. ("verify CHV1" is way better than "verify CHV129") - manually entering the correct APDU for VERIFY is a bit more complex. (who does this anyway, when there are better functions) While at it, change if .. elsif ... cascade to switch statement.
This commit is contained in:
parent
89c1dd37e4
commit
f5dc252aa9
|
@ -546,27 +546,27 @@ pgp_set_blob(struct blob *blob, const u8 *data, size_t len)
|
|||
static int
|
||||
pgp_attach_acl(sc_card_t *card, sc_file_t *file, struct do_info *info)
|
||||
{
|
||||
int waccess = info->access & WRITE_MASK;
|
||||
int raccess = info->access & READ_MASK;
|
||||
sc_acl_entry_t *acl;
|
||||
unsigned int method = SC_AC_NONE;
|
||||
unsigned long key_ref = 0;
|
||||
|
||||
/* Write access */
|
||||
if (waccess == WRITE_NEVER) {
|
||||
switch (info->access & WRITE_MASK) {
|
||||
case WRITE_NEVER:
|
||||
method = SC_AC_NEVER;
|
||||
}
|
||||
else if (waccess == WRITE_PIN1) {
|
||||
break;
|
||||
case WRITE_PIN1:
|
||||
method = SC_AC_CHV;
|
||||
key_ref = 0x81;
|
||||
}
|
||||
else if (waccess == WRITE_PIN2) {
|
||||
key_ref = 0x01;
|
||||
break;
|
||||
case WRITE_PIN2:
|
||||
method = SC_AC_CHV;
|
||||
key_ref = 0x82;
|
||||
}
|
||||
else if (waccess == WRITE_PIN3) {
|
||||
key_ref = 0x01;
|
||||
break;
|
||||
case WRITE_PIN3:
|
||||
method = SC_AC_CHV;
|
||||
key_ref = 0x83;
|
||||
key_ref = 0x01;
|
||||
break;
|
||||
}
|
||||
|
||||
if (method != SC_AC_NONE || key_ref != 0) {
|
||||
|
@ -579,21 +579,24 @@ pgp_attach_acl(sc_card_t *card, sc_file_t *file, struct do_info *info)
|
|||
method = SC_AC_NONE;
|
||||
key_ref = 0;
|
||||
/* Read access */
|
||||
if (raccess == READ_NEVER) {
|
||||
switch (info->access & READ_MASK) {
|
||||
case READ_NEVER:
|
||||
method = SC_AC_NEVER;
|
||||
}
|
||||
else if (raccess == READ_PIN1){
|
||||
break;
|
||||
case READ_PIN1:
|
||||
method = SC_AC_CHV;
|
||||
key_ref = 0x81;
|
||||
}
|
||||
else if (raccess == READ_PIN2){
|
||||
key_ref = 0x01;
|
||||
break;
|
||||
case READ_PIN2:
|
||||
method = SC_AC_CHV;
|
||||
key_ref = 0x82;
|
||||
}
|
||||
else if (raccess == READ_PIN3){
|
||||
key_ref = 0x01;
|
||||
break;
|
||||
case READ_PIN3:
|
||||
method = SC_AC_CHV;
|
||||
key_ref = 0x83;
|
||||
key_ref = 0x01;
|
||||
break;
|
||||
}
|
||||
|
||||
if (method != SC_AC_NONE || key_ref != 0) {
|
||||
sc_file_add_acl_entry(file, SC_AC_OP_READ, method, key_ref);
|
||||
}
|
||||
|
|
|
@ -57,17 +57,17 @@ typedef struct _pgp_pin_cfg {
|
|||
* "Signature PIN2 & "Encryption PIN" are two different PINs - not sync'ed by hardware
|
||||
*/
|
||||
static const pgp_pin_cfg_t pin_cfg_v1[3] = {
|
||||
{ "Signature PIN", 0x81, PGP_USER_PIN_FLAGS, 6, 0 }, // used for PSO:CDS
|
||||
{ "Encryption PIN", 0x82, PGP_USER_PIN_FLAGS, 6, 1 }, // used for PSO:DEC, INT-AUT, {GET,PUT} DATA
|
||||
{ "Admin PIN", 0x83, PGP_ADMIN_PIN_FLAGS, 8, 2 }
|
||||
{ "Signature PIN", 0x01, PGP_USER_PIN_FLAGS, 6, 0 }, // used for PSO:CDS
|
||||
{ "Encryption PIN", 0x02, PGP_USER_PIN_FLAGS, 6, 1 }, // used for PSO:DEC, INT-AUT, {GET,PUT} DATA
|
||||
{ "Admin PIN", 0x03, PGP_ADMIN_PIN_FLAGS, 8, 2 }
|
||||
};
|
||||
/* OpenPGP cards v2:
|
||||
* "User PIN (sig)" & "User PIN" are the same PIN, but c$use different references depending on action
|
||||
* "User PIN (sig)" & "User PIN" are the same PIN, but use different references depending on action
|
||||
*/
|
||||
static const pgp_pin_cfg_t pin_cfg_v2[3] = {
|
||||
{ "User PIN (sig)", 0x81, PGP_USER_PIN_FLAGS, 6, 0 }, // used for PSO:CDS
|
||||
{ "User PIN", 0x82, PGP_USER_PIN_FLAGS, 6, 0 }, // used for PSO:DEC, INT-AUT, {GET,PUT} DATA
|
||||
{ "Admin PIN", 0x83, PGP_ADMIN_PIN_FLAGS, 8, 2 }
|
||||
{ "User PIN (sig)", 0x01, PGP_USER_PIN_FLAGS, 6, 0 }, // used for PSO:CDS
|
||||
{ "User PIN", 0x02, PGP_USER_PIN_FLAGS, 6, 0 }, // used for PSO:DEC, INT-AUT, {GET,PUT} DATA
|
||||
{ "Admin PIN", 0x03, PGP_ADMIN_PIN_FLAGS, 8, 2 }
|
||||
};
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue