security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

scd:piv: Implement PIN cache.

Browse source 
* scd/command.c (pincache_put): Add arg pinlen and change all callers
to provide it.
* scd/app-piv.c (cache_pin): New.
(pin_from_cache): New.
(ask_and_prepare_chv): Add args no_cache and r_unpaddedpinlen.  Take
PIN from the cache.  Return the unpadded length.
(verify_chv): Add arg ctrl.  Cache the PIN.
(do_change_chv): Clear PIN cache.
--

The PIV pins are padded but we want to store the unpadded PIN.  Thus
the changes to the function.

Code has has been tested by commenting the no_cache parameter because
we the current test certificate was created for PIV.9C which requires
a verification for each use.  More testing is required.

GnuPG-bug-id: 4791
Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2020-01-13 17:53:49 +01:00
parent 2e86cca7f4
commit 60502c3606
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
5 changed files with 100 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

3
scd/app-openpgp.c
View file

@ -2225,7 +2225,8 @@ cache_pin (app_t app, ctrl_t ctrl, int chvno, const char *pin)
default: return;
}
pincache_put (ctrl, app_get_slot (app), "openpgp", keyref, pin);
pincache_put (ctrl, app_get_slot (app), "openpgp", keyref,
pin, pin? strlen (pin):0);
}