security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-17 15:44:34 +02:00
Code Activity

scd: Better user interaction for factory-reset.

Browse Source 
* g10/card-util.c (factory_reset): Dummy PIN size is now 32-byte.
Connect the card again at the last step.

--

Before the change, a user has to quit the session to continue.  Now,
it is possible to type RET in the session and see if it's really done.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2018-03-16 11:27:33 +09:00
parent fd23a0524d
commit 2c85e202bc
1 changed files with 21 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
g10/card-util.c
View File

@ -659,7 +659,7 @@ current_card_status (ctrl_t ctrl, estream_t fp,
/* Print all available information for specific card with SERIALNO. /* Print all available information for specific card with SERIALNO.
Print all available information for current card when SERIALNO is NULL. Print all available information for current card when SERIALNO is NULL.
Or print llfor all cards when SERIALNO is "all". */ Or print for all cards when SERIALNO is "all". */
void void
card_status (ctrl_t ctrl, estream_t fp, const char *serialno) card_status (ctrl_t ctrl, estream_t fp, const char *serialno)
{ {
@ -1792,6 +1792,7 @@ factory_reset (void)
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 e6 00 00 scd apdu 00 e6 00 00
scd apdu 00 44 00 00 scd apdu 00 44 00 00
scd reset
/echo Card has been reset to factory defaults /echo Card has been reset to factory defaults
but tries to find out something about the card first. but tries to find out something about the card first.
@ -1804,7 +1805,7 @@ factory_reset (void)
else if (err) else if (err)
{ {
log_error (_("OpenPGP card not available: %s\n"), gpg_strerror (err)); log_error (_("OpenPGP card not available: %s\n"), gpg_strerror (err));
return; goto leave;
} }
if (!termstate) if (!termstate)
@ -1854,10 +1855,16 @@ factory_reset (void)
command because there is no machinery in scdaemon to catch command because there is no machinery in scdaemon to catch
the verify command and ask for the PIN when the "APDU" the verify command and ask for the PIN when the "APDU"
command is used. */ command is used. */
/* Here, the length of dummy wrong PIN is 32-byte, also
supporting authentication with KDF DO. */
for (i=0; i < 4; i++) for (i=0; i < 4; i++)
send_apdu ("00200081084040404040404040", "VERIFY", 0xffff); send_apdu ("0020008120"
"40404040404040404040404040404040"
"40404040404040404040404040404040", "VERIFY", 0xffff);
for (i=0; i < 4; i++) for (i=0; i < 4; i++)
send_apdu ("00200083084040404040404040", "VERIFY", 0xffff); send_apdu ("0020008320"
"40404040404040404040404040404040"
"40404040404040404040404040404040", "VERIFY", 0xffff);
/* Send terminate datafile command. */ /* Send terminate datafile command. */
err = send_apdu ("00e60000", "TERMINATE DF", 0x6985); err = send_apdu ("00e60000", "TERMINATE DF", 0x6985);
@ -1873,8 +1880,16 @@ factory_reset (void)
/* Finally we reset the card reader once more. */ /* Finally we reset the card reader once more. */
err = send_apdu (NULL, "RESET", 0); err = send_apdu (NULL, "RESET", 0);
if (err)
goto leave; /* Then, connect the card again. */
if (!err)
{
char *serialno0;
err = agent_scd_serialno (&serialno0, NULL);
if (!err)
xfree (serialno0);
}
leave: leave:
xfree (answer); xfree (answer);