security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-04 20:38:50 +01:00
Code Activity

Fix pinpad input support for passphrase modification. (backport)

Browse Source 
* apdu.c (pcsc_keypad_verify): Have dummy Lc field with value 0.
(pcsc_keypad_modify): Likewise.
(pcsc_keypad_modify): It's only for ISO7816_CHANGE_REFERENCE_DATA.
bConfirmPIN value is determined by the parameter p0.

* app-openpgp.c (do_change_pin): The flag use_keypad should be 0 when
reset_mode is on, or resetcode is on.  use_keypad only makes sense for
iso7816_change_reference_data_kp.

* iso7816.h (iso7816_put_data_kp): Remove.
(iso7816_reset_retry_counter_kp): Remove.
(iso7816_reset_retry_counter_with_rc_kp): Remove.
(iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE.

* iso7816.c (iso7816_put_data_kp): Remove.
(iso7816_reset_retry_counter_kp): Remove.
(iso7816_reset_retry_counter_with_rc_kp): Remove.
(iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE.
This commit is contained in:
NIIBE Yutaka 2011-12-02 13:57:12 +09:00
parent 056e1329b0
commit 196a60078b
4 changed files with 87 additions and 156 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
scd/apdu.c
View File

@ -2028,7 +2028,7 @@ check_pcsc_keypad (int slot, int command, int pin_mode,
} }
#define PIN_VERIFY_STRUCTURE_SIZE 23 #define PIN_VERIFY_STRUCTURE_SIZE 24
static int static int
pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1,
struct pininfo_s *pininfo) struct pininfo_s *pininfo)
@ -2081,7 +2081,7 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1,
pin_verify[12] = 0x00; /* bTeoPrologue[0] */ pin_verify[12] = 0x00; /* bTeoPrologue[0] */
pin_verify[13] = 0x00; /* bTeoPrologue[1] */ pin_verify[13] = 0x00; /* bTeoPrologue[1] */
pin_verify[14] = 0x00; /* bTeoPrologue[2] */ pin_verify[14] = 0x00; /* bTeoPrologue[2] */
pin_verify[15] = 0x04; /* ulDataLength */ pin_verify[15] = 0x05; /* ulDataLength */
pin_verify[16] = 0x00; /* ulDataLength */ pin_verify[16] = 0x00; /* ulDataLength */
pin_verify[17] = 0x00; /* ulDataLength */ pin_verify[17] = 0x00; /* ulDataLength */
pin_verify[18] = 0x00; /* ulDataLength */ pin_verify[18] = 0x00; /* ulDataLength */
@ -2089,6 +2089,7 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1,
pin_verify[20] = ins; /* abData[1] */ pin_verify[20] = ins; /* abData[1] */
pin_verify[21] = p0; /* abData[2] */ pin_verify[21] = p0; /* abData[2] */
pin_verify[22] = p1; /* abData[3] */ pin_verify[22] = p1; /* abData[3] */
pin_verify[23] = 0x00; /* abData[4] */
sw = control_pcsc (slot, reader_table[slot].pcsc.verify_ioctl, sw = control_pcsc (slot, reader_table[slot].pcsc.verify_ioctl,
pin_verify, len, result, &resultlen); pin_verify, len, result, &resultlen);
@ -2100,7 +2101,7 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1,
} }
#define PIN_MODIFY_STRUCTURE_SIZE 28 #define PIN_MODIFY_STRUCTURE_SIZE 29
static int static int
pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1,
struct pininfo_s *pininfo) struct pininfo_s *pininfo)
@ -2145,7 +2146,8 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1,
pin_modify[6] = 0x00; /* bInsertionOffsetNew */ pin_modify[6] = 0x00; /* bInsertionOffsetNew */
pin_modify[7] = pininfo->maxlen; /* wPINMaxExtraDigit */ pin_modify[7] = pininfo->maxlen; /* wPINMaxExtraDigit */
pin_modify[8] = pininfo->minlen; /* wPINMaxExtraDigit */ pin_modify[8] = pininfo->minlen; /* wPINMaxExtraDigit */
pin_modify[9] = 0x03; /* bConfirmPIN pin_modify[9] = (p0 == 0 ? 0x03 : 0x01);
/* bConfirmPIN
* 0x00: new PIN once * 0x00: new PIN once
* 0x01: new PIN twice (confirmation) * 0x01: new PIN twice (confirmation)
* 0x02: old PIN and new PIN once * 0x02: old PIN and new PIN once
@ -2163,7 +2165,7 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1,
pin_modify[17] = 0x00; /* bTeoPrologue[0] */ pin_modify[17] = 0x00; /* bTeoPrologue[0] */
pin_modify[18] = 0x00; /* bTeoPrologue[1] */ pin_modify[18] = 0x00; /* bTeoPrologue[1] */
pin_modify[19] = 0x00; /* bTeoPrologue[2] */ pin_modify[19] = 0x00; /* bTeoPrologue[2] */
pin_modify[20] = 0x04; /* ulDataLength */ pin_modify[20] = 0x05; /* ulDataLength */
pin_modify[21] = 0x00; /* ulDataLength */ pin_modify[21] = 0x00; /* ulDataLength */
pin_modify[22] = 0x00; /* ulDataLength */ pin_modify[22] = 0x00; /* ulDataLength */
pin_modify[23] = 0x00; /* ulDataLength */ pin_modify[23] = 0x00; /* ulDataLength */
@ -2171,6 +2173,7 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1,
pin_modify[25] = ins; /* abData[1] */ pin_modify[25] = ins; /* abData[1] */
pin_modify[26] = p0; /* abData[2] */ pin_modify[26] = p0; /* abData[2] */
pin_modify[27] = p1; /* abData[3] */ pin_modify[27] = p1; /* abData[3] */
pin_modify[28] = 0x00; /* abData[4] */
sw = control_pcsc (slot, reader_table[slot].pcsc.modify_ioctl, sw = control_pcsc (slot, reader_table[slot].pcsc.modify_ioctl,
pin_modify, len, result, &resultlen); pin_modify, len, result, &resultlen);

60
scd/app-openpgp.c
View File

@ -1974,6 +1974,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
if (reset_mode) if (reset_mode)
{ {
/* To reset a PIN the Admin PIN is required. */ /* To reset a PIN the Admin PIN is required. */
use_keypad = 0;
app->did_chv3 = 0; app->did_chv3 = 0;
rc = verify_chv3 (app, pincb, pincb_arg); rc = verify_chv3 (app, pincb, pincb_arg);
if (rc) if (rc)
@ -1982,7 +1983,9 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
if (chvno == 2) if (chvno == 2)
set_resetcode = 1; set_resetcode = 1;
} }
else if (!use_keypad && (chvno == 1 || chvno == 3)) else if (chvno == 1 || chvno == 3)
{
if (!use_keypad)
{ {
char *promptbuf = NULL; char *promptbuf = NULL;
const char *prompt; const char *prompt;
@ -2015,6 +2018,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
goto leave; goto leave;
} }
} }
}
else if (chvno == 2) else if (chvno == 2)
{ {
/* There is no PW2 for v2 cards. We use this condition to /* There is no PW2 for v2 cards. We use this condition to
@ -2024,6 +2028,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
size_t valuelen; size_t valuelen;
int remaining; int remaining;
use_keypad = 0;
minlen = 8; minlen = 8;
relptr = get_one_do (app, 0x00C4, &value, &valuelen, NULL); relptr = get_one_do (app, 0x00C4, &value, &valuelen, NULL);
if (!relptr || valuelen < 7) if (!relptr || valuelen < 7)
@ -2042,8 +2047,6 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
goto leave; goto leave;
} }
if (!use_keypad)
{
rc = pincb (pincb_arg, rc = pincb (pincb_arg,
_("||Please enter the Reset Code for the card"), _("||Please enter the Reset Code for the card"),
&resetcode); &resetcode);
@ -2061,7 +2064,6 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
goto leave; goto leave;
} }
} }
}
else else
{ {
rc = gpg_error (GPG_ERR_INV_ID); rc = gpg_error (GPG_ERR_INV_ID);
@ -2092,23 +2094,6 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
if (resetcode) if (resetcode)
{
if (use_keypad)
{
rc = pincb (pincb_arg,
_("||Please enter the Reset Code for the card and New PIN"),
NULL);
if (rc)
{
log_info (_("PIN callback returned error: %s\n"),
gpg_strerror (rc));
goto leave;
}
rc = iso7816_reset_retry_counter_with_rc_kp (app->slot, 0x81,
&pininfo);
pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */
}
else
{ {
char *buffer; char *buffer;
@ -2124,7 +2109,6 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
xfree (buffer); xfree (buffer);
} }
} }
}
else if (set_resetcode) else if (set_resetcode)
{ {
if (strlen (pinvalue) < 8) if (strlen (pinvalue) < 8)
@ -2132,40 +2116,11 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
log_error (_("Reset Code is too short; minimum length is %d\n"), 8); log_error (_("Reset Code is too short; minimum length is %d\n"), 8);
rc = gpg_error (GPG_ERR_BAD_PIN); rc = gpg_error (GPG_ERR_BAD_PIN);
} }
else
{
if (use_keypad)
{
rc = pincb (pincb_arg, _("|RN|New Reset Code"), NULL);
if (rc)
{
log_info (_("PIN callback returned error: %s\n"),
gpg_strerror (rc));
goto leave;
}
rc = iso7816_put_data_kp (app->slot, 0xD3, &pininfo);
pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */
}
else else
rc = iso7816_put_data (app->slot, 0, 0xD3, rc = iso7816_put_data (app->slot, 0, 0xD3,
pinvalue, strlen (pinvalue)); pinvalue, strlen (pinvalue));
} }
}
else if (reset_mode) else if (reset_mode)
{
if (use_keypad)
{
rc = pincb (pincb_arg, _("|N|New PIN"), NULL);
if (rc)
{
log_info (_("PIN callback returned error: %s\n"),
gpg_strerror (rc));
goto leave;
}
rc = iso7816_reset_retry_counter_kp (app->slot, 0x81, &pininfo);
pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */
}
else
{ {
rc = iso7816_reset_retry_counter (app->slot, 0x81, rc = iso7816_reset_retry_counter (app->slot, 0x81,
pinvalue, strlen (pinvalue)); pinvalue, strlen (pinvalue));
@ -2173,7 +2128,6 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
rc = iso7816_reset_retry_counter (app->slot, 0x82, rc = iso7816_reset_retry_counter (app->slot, 0x82,
pinvalue, strlen (pinvalue)); pinvalue, strlen (pinvalue));
} }
}
else if (!app->app_local->extcap.is_v2) else if (!app->app_local->extcap.is_v2)
{ {
/* Version 1 cards. */ /* Version 1 cards. */
@ -2208,7 +2162,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
gpg_strerror (rc)); gpg_strerror (rc));
goto leave; goto leave;
} }
rc = iso7816_change_reference_data_kp (app->slot, 0x80 + chvno, rc = iso7816_change_reference_data_kp (app->slot, 0x80 + chvno, 0,
&pininfo); &pininfo);
/* Dismiss the prompt. */ /* Dismiss the prompt. */
pincb (pincb_arg, NULL, NULL); pincb (pincb_arg, NULL, NULL);

37
scd/iso7816.c
View File

@ -307,16 +307,18 @@ iso7816_verify (int slot, int chvno, const char *chv, size_t chvlen)
/* Perform a CHANGE_REFERENCE_DATA command on SLOT for the card holder /* Perform a CHANGE_REFERENCE_DATA command on SLOT for the card holder
verification vector CHVNO. With PININFO non-NULL the keypad of the verification vector CHVNO. With PININFO non-NULL the keypad of the
reader will be used. */ reader will be used. If IS_EXCHANGE is 0, a "change reference
data" is done, otherwise an "exchange reference data". */
gpg_error_t gpg_error_t
iso7816_change_reference_data_kp (int slot, int chvno, iso7816_change_reference_data_kp (int slot, int chvno, int is_exchange,
iso7816_pininfo_t *pininfo) iso7816_pininfo_t *pininfo)
{ {
int sw; int sw;
sw = apdu_keypad_modify (slot, 0x00, CMD_CHANGE_REFERENCE_DATA, 0, chvno, sw = apdu_keypad_modify (slot, 0x00, CMD_CHANGE_REFERENCE_DATA,
pininfo->mode, pininfo->minlen, pininfo->maxlen, is_exchange ? 1 : 0,
pininfo->padlen); chvno, pininfo->mode, pininfo->minlen,
pininfo->maxlen, pininfo->padlen);
return map_sw (sw); return map_sw (sw);
} }
@ -353,31 +355,6 @@ iso7816_change_reference_data (int slot, int chvno,
} }
gpg_error_t
iso7816_reset_retry_counter_kp (int slot, int chvno,
const char *newchv, size_t newchvlen,
iso7816_pininfo_t *pininfo)
{
int sw;
if (!newchv || !newchvlen )
return gpg_error (GPG_ERR_INV_VALUE);
/* FIXME: The keypad mode has not yet been tested. */
if (pininfo && pininfo->mode)
sw = apdu_send_simple_kp (slot, 0x00, CMD_RESET_RETRY_COUNTER,
2, chvno, newchvlen, newchv,
pininfo->mode,
pininfo->minlen,
pininfo->maxlen,
pininfo->padlen);
else
sw = apdu_send_simple (slot, 0, 0x00, CMD_RESET_RETRY_COUNTER,
2, chvno, newchvlen, newchv);
return map_sw (sw);
}
gpg_error_t gpg_error_t
iso7816_reset_retry_counter_with_rc (int slot, int chvno, iso7816_reset_retry_counter_with_rc (int slot, int chvno,
const char *data, size_t datalen) const char *data, size_t datalen)

5
scd/iso7816.h
View File

@ -68,13 +68,10 @@ gpg_error_t iso7816_change_reference_data (int slot, int chvno,
const char *oldchv, size_t oldchvlen, const char *oldchv, size_t oldchvlen,
const char *newchv, size_t newchvlen); const char *newchv, size_t newchvlen);
gpg_error_t iso7816_change_reference_data_kp (int slot, int chvno, gpg_error_t iso7816_change_reference_data_kp (int slot, int chvno,
int is_exchange,
iso7816_pininfo_t *pininfo); iso7816_pininfo_t *pininfo);
gpg_error_t iso7816_reset_retry_counter (int slot, int chvno, gpg_error_t iso7816_reset_retry_counter (int slot, int chvno,
const char *newchv, size_t newchvlen); const char *newchv, size_t newchvlen);
gpg_error_t iso7816_reset_retry_counter_kp (int slot, int chvno,
const char *newchv,
size_t newchvlen,
iso7816_pininfo_t *pininfo);
gpg_error_t iso7816_reset_retry_counter_with_rc (int slot, int chvno, gpg_error_t iso7816_reset_retry_counter_with_rc (int slot, int chvno,
const char *data, const char *data,
size_t datalen); size_t datalen);